starlingx/oidc-auth-armada-app
Code Issues Proposed changes
oidc-auth-armada-app/stx-oidc-client/debian/docker
History
Joaci Morais 30c54951ce Update old stx-oidc-client dependencies. 
The stx-oidc-client image hadn't any updates for a long time, as an
effort to keep the oidc-auth-apps updated and get the latest CVE
fixes, I've updated the golang dependencies for the stx-oidc-client.
The lastest tag used by our latest oidc-auth-apps application is
stx.9.0-v1.0.7 and was reported 49 CVE's in it. With the dependencies
updated, the new image locally built reported only 2 CVE's, these two
CVEs already was in the old stx.9.0-v1.0.7 image, no new CVEs added.

Image Tag        | Total CVEs
-----------------|-----------
stx.9.0-v1.0.7	 | 49
new-stx.TBD-vTBD | 2

Even if we have this change merged, it has no effect in our latest
oidc-auth-apps application, the lastest OIDC version will still using
the old stx.9.0-v1.0.7 until we finish the validation of this new
image with the next oidc-auth-apps up versioned. This is a low risk
change and is part of the next up version task for OIDC, once we have
a fully oidc-auth-apps up versioned and tested, a new public tag for
the stx-oidc-client image will be requested.

Test Plan:

PASS: Build a local docker stx-oidc-client image.
PASS: Load this new image into a sx
PASS: Modify the oidc-auth-apps helm-charts to use this image instead
and rebuild the oidc-auth-apps.
PASS: Upload and apply oidc-auth-apps. oidc should be applied
successfully.
PASS: Check if the stx-oidc-client deployment is using the new
created image with the command: kubectl -n kube-system get deployment
stx-oidc-client -o yaml
PASS: Once oidc-auth-apps in applied status, perform oidc-auth-apps
      test by creating a user, apply rolebiding and authenticate it
      using oidc-auth command, check if the new user can send k8s
      commands based on its roles.
PASS: Try to authenticate using the Remote CLI method, should work
PASS: Try to authenticate using the WEB Method by accessing the url
https://<OAM_IP>:30555, you should be served with a webpage and be
able to authenticate through oidc as well.

Story: 2011328
Task: 51644

Change-Id: I2a19d15121e7bddc19ce7a1657c75fc4870523a6
Signed-off-by: Joaci Morais <joaci.demorais@windriver.com>
2025-02-05 11:02:01 -03:00
..
Dockerfile
Update old stx-oidc-client dependencies.
2025-02-05 11:02:01 -03:00
go.mod
Update old stx-oidc-client dependencies.
2025-02-05 11:02:01 -03:00
go.sum
Update old stx-oidc-client dependencies.
2025-02-05 11:02:01 -03:00
main.go
Update old stx-oidc-client dependencies.
2025-02-05 11:02:01 -03:00
template.go
move oidc-client docker image to Debian
2022-09-29 13:31:18 +00:00