chore(cloud-native)!: remove spanner support from OCI images #10070

iromli · 2024-11-06T17:38:02Z

Prepare

Read PR guidelines
Read license information

Description

Target issue

closes #10046

Implementation Details

Test and Document the changes

Static code analysis has been run locally and issues have been fixed
Relevant unit and integration tests have been added/updated
Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

I confirm that there is no impact on the docs due to the code changes in this PR.

Signed-off-by: iromli <isman.firmansyah@gmail.com>

dryrunsecurity · 2024-11-06T17:38:59Z

DryRun Security Summary

The pull request focuses on improving the security, maintainability, and reliability of the Janssen platform by removing unused persistence options, strengthening credential and secrets management, enhancing logging and monitoring, managing dependencies, and streamlining the configuration and deployment process.

Expand for full summary

Summary:

The code changes in this pull request focus on several key areas related to the security and maintenance of the Janssen platform:

Persistence Backend Changes: The changes remove support for the Google Cloud Spanner persistence backend across multiple Janssen components, including the Authorization Server, Casa, Config API, and Cert Manager. This simplifies the application's architecture and reduces the attack surface by eliminating an unused persistence option.
Credential and Secrets Management: The code updates handle the secure generation, storage, and synchronization of various credentials and secrets, such as client IDs, passwords, and encryption keys. This is an important security practice to ensure the protection of sensitive data.
Logging and Monitoring: The changes include updates to the logging configuration and the integration of monitoring tools like Prometheus. Proper logging and monitoring are essential for detecting and responding to security-related events and issues.
Dependency Management: The Dockerfiles and requirements files are updated to manage the dependencies used by the Janssen components. Keeping dependencies up-to-date and secure is crucial for maintaining the overall security posture of the application.
Configuration and Deployment: The changes streamline the configuration and deployment process, ensuring that the application is properly set up and that the necessary security features, such as SSL/TLS and access control, are in place.

Files Changed:

automation/rancher-partner-charts/questions.yaml: Removes the spanner option from the persistence backend configuration, simplifying the deployment options.
automation/startjanssenmonolithdemo.sh: Updates the persistence backend configuration and improves the handling of environment variables and test execution.
.github/workflows/test_docker_linux_installer.yml: Removes the LDAP and Spanner backends from the test matrix and improves the handling of sensitive information.
demos/benchmarking/docker-jans-loadtesting-jmeter/*: Removes support for LDAP and Google Spanner, and updates the Couchbase and RDBMS configuration.
docker-jans-*/*: Updates the persistence backend configuration, removes Spanner-related functionality, and improves credential and secrets management across various Janssen components.

Overall, the changes in this pull request appear to be focused on improving the security, maintainability, and reliability of the Janssen platform by streamlining the persistence options, strengthening credential and secrets management, and enhancing the overall deployment and configuration processes.