CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-26 22:47:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

break kratos state out from soc state

Browse Source
This commit is contained in:
m0duspwnens
2021-11-18 09:10:00 -05:00
parent d4b412bcbe
commit cd1f0c0440
8 changed files with 97 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/soc/files/kratos/kratos.yaml
-58
View File
@@ -1,58 +0,0 @@
{%- set WEBACCESS = salt['pillar.get']('global:url_base', '') -%}
{%- set KRATOSKEY = salt['pillar.get']('kratos:kratoskey', '') -%}
{%- set SESSIONTIMEOUT = salt['pillar.get']('kratos:sessiontimeout', '24h') -%}
session:
lifespan: {{ SESSIONTIMEOUT }}
selfservice:
methods:
password:
enabled: true
config:
haveibeenpwned_enabled: false
flows:
settings:
ui_url: https://{{ WEBACCESS }}/?r=/settings
verification:
ui_url: https://{{ WEBACCESS }}/
login:
ui_url: https://{{ WEBACCESS }}/login/
error:
ui_url: https://{{ WEBACCESS }}/login/
registration:
ui_url: https://{{ WEBACCESS }}/login/
default_browser_return_url: https://{{ WEBACCESS }}/
whitelisted_return_urls:
- http://127.0.0.1
log:
level: debug
format: json
secrets:
default:
- {{ KRATOSKEY }}
serve:
public:
base_url: https://{{ WEBACCESS }}/auth/
admin:
base_url: https://{{ WEBACCESS }}/kratos/
hashers:
bcrypt:
cost: 12
identity:
default_schema_url: file:///kratos-conf/schema.json
courier:
smtp:
connection_uri: smtps://{{ WEBACCESS }}:25
salt/soc/files/kratos/schema.json
-49
View File
@@ -1,49 +0,0 @@
{
"$id": "securityonion.schema.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Person",
"type": "object",
"properties": {
"traits": {
"type": "object",
"properties": {
"email": {
"type": "string",
"format": "email",
"title": "E-Mail",
"minLength": 6,
"maxLength": 100,
"ory.sh/kratos": {
"credentials": {
"password": {
"identifier": true
}
},
"verification": {
"via": "email"
}
}
},
"firstName": {
"type": "string",
"title": "First Name",
"maxLength": 100
},
"lastName": {
"type": "string",
"title": "Last Name",
"maxLength": 100
},
"note": {
"type": "string",
"title": "Note",
"maxLength": 100
}
},
"required": [
"email"
],
"additionalProperties": false
}
}
}
salt/soc/init.sls
-70
View File
@@ -132,76 +132,6 @@ append_so-soc_so-status.conf:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-soc
# Add Kratos Group
kratosgroup:
group.present:
- name: kratos
- gid: 928
# Add Kratos user
kratos:
user.present:
- uid: 928
- gid: 928
- home: /opt/so/conf/kratos
kratosdir:
file.directory:
- name: /opt/so/conf/kratos/db
- user: 928
- group: 928
- makedirs: True
kratoslogdir:
file.directory:
- name: /opt/so/log/kratos
- user: 928
- group: 928
- makedirs: True
kratossync:
file.recurse:
- name: /opt/so/conf/kratos
- source: salt://soc/files/kratos
- user: 928
- group: 928
- file_mode: 600
- template: jinja
kratos_schema:
file.exists:
- name: /opt/so/conf/kratos/schema.json
kratos_yaml:
file.exists:
- name: /opt/so/conf/kratos/kratos.yaml
so-kratos:
docker_container.running:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-kratos:{{ VERSION }}
- hostname: kratos
- name: so-kratos
- binds:
- /opt/so/conf/kratos/schema.json:/kratos-conf/schema.json:ro
- /opt/so/conf/kratos/kratos.yaml:/kratos-conf/kratos.yaml:ro
- /opt/so/log/kratos/:/kratos-log:rw
- /opt/so/conf/kratos/db:/kratos-data:rw
- port_bindings:
- 0.0.0.0:4433:4433
- 0.0.0.0:4434:4434
- watch:
- file: /opt/so/conf/kratos
- require:
- file: kratos_schema
- file: kratos_yaml
- file: kratoslogdir
- file: kratosdir
append_so-kratos_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-kratos
{% else %}
{{sls}}_state_not_allowed: