@continuoussecuritytooling/keycloak-reporter 0.6.0 → 0.8.0

package/.eslintrc.cjs

@@ -2,13 +2,14 @@
 module.exports = {
   env: {
     node: true,
-    commonjs: true
+    commonjs: true,
   },
   extends: ['eslint:recommended', 'plugin:@typescript-eslint/recommended'],
   parser: '@typescript-eslint/parser',
   plugins: ['@typescript-eslint'],
   root: true,
   rules: {
-    quotes: [2, 'single', { avoidEscape: true }]
-  }
+    quotes: [2, 'single', { avoidEscape: true }],
+    'comma-dangle': ['error', 'only-multiline'],
+  },
 };

package/.github/FUNDING.yml

@@ -1,2 +1,3 @@
 # These are supported funding model platforms
-open_collective: m13t
+open_collective: m13t
+github: ContinuousSecurityTooling

package/.github/workflows/pipeline.yml

@@ -6,6 +6,8 @@ on:
   push:
     branches:
       - develop
+    tags:
+      - '*'
 
 jobs:
   build:
@@ -16,6 +18,7 @@ jobs:
         node_version:
           - 18
           - 20
+          - 21
         os:
           - ubuntu-latest
           - macOS-latest
@@ -23,7 +26,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: 'Use Node.js ${{ matrix.node_version }}'
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: '${{ matrix.node_version }}'
       - name: npm build and test
@@ -47,13 +50,13 @@ jobs:
         with:
           version: v3.11.2
 
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: '3.9'
           check-latest: true
 
       - name: Helm Chart Testing
-        uses: helm/chart-testing-action@v2.4.0
+        uses: helm/chart-testing-action@v2.6.1
 
       - name: Run chart-testing (list-changed)
         id: list-changed
@@ -71,11 +74,15 @@ jobs:
         if: steps.list-changed.outputs.changed == 'true'
         uses: helm/kind-action@v1.8.0
 
-      - name: Run chart-testing (install)
+      - name: Run chart-testing (install - no further args)
         if: steps.list-changed.outputs.changed == 'true'
-        run: ct install --target-branch ${{ github.event.repository.default_branch }} --helm-extra-set-args "--set 'keycloak.config.url=http://localhost:8080' --set 'keycloak.config.url=http://localhost:8080' --set 'keycloak.config.clientId=clientId' --set 'keycloak.config.clientSecret=clientSecret' --set 'keycloak.config.webhookType=test' --set 'keycloak.config.webhookUrl=http://localhost:8888'"
+        run: ct install --target-branch ${{ github.event.repository.default_branch }} --helm-extra-set-args "--set 'keycloak.config.url=http://localhost:8080' --set 'keycloak.config.url=http://localhost:8080' --set 'keycloak.config.clientId=clientId' --set 'keycloak.config.clientSecret=clientSecret'"
 
-      - uses: actions/upload-artifact@v3
+      - name: Run chart-testing (install - with args)
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct install --target-branch ${{ github.event.repository.default_branch }} --helm-extra-set-args "-f charts/keycloak-reporter/ci.values.yaml"
+
+      - uses: actions/upload-artifact@v4
         with:
           name: dist-folder
           path: dist
@@ -87,16 +94,18 @@ jobs:
       matrix:
         node_version:
           - 18
+          - 20
+          - 21
         os:
           - ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - name: 'Use Node.js ${{ matrix.node_version }}'
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: '${{ matrix.node_version }}'
       - name: Install Java
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           distribution: 'temurin' # See 'Supported distributions' for available options
           java-version: '17'
@@ -131,29 +140,65 @@ jobs:
       - end2end
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-node@v3
-        # TODO: Support Node 16+
+      - uses: actions/setup-node@v4
         with:
-          node-version: '16'
+          # renovate: datasource=docker depName=node
+          node-version: '20'
       - name: 'Build Package'
         run: |
           npm run clean
           npm run build
-      - name: Buildah Action
+
+      - name: Write version vars
+        run: |
+          BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"`
+          BRANCH=${GITHUB_REF_NAME#v}
+          APP_VERSION=$(cat package.json | grep version| head -1 | awk -F: '{ print $2 }' | sed 's/[",]//g')
+          echo Version: $APP_VERSION
+          echo "VERSION=$APP_VERSION" >> $GITHUB_ENV
+          echo "APP_VERSION=$APP_VERSION" >> $GITHUB_ENV
+          echo "BUILD_DATE=$BUILD_DATE" >> $GITHUB_ENV
+
+      - name: Build Container Image
         id: build-image
         uses: redhat-actions/buildah-build@v2
         with:
           image: continuoussecuritytooling/keycloak-reporting-cli
-          tags: 'v1 ${{ github.sha }}'
+          tags: 'latest next ${{env.APP_VERSION}} ${{env.APP_VERSION}}_rc'
           containerfiles: |
             ./Dockerfile
+          build-args: |
+            BUILD_DATE=${{env.BUILD_DATE}}
+            APP_VERSION=${{env.APP_VERSION}}
+
+      - name: Push To NPM Registry
+        id: push-to-npm-tagged
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
+        run: |
+          echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc
+          (cd core && npm i && npm publish)
+          (cd cli && npm i && npm publish)
+        if: github.ref_type == 'tag' || github.tag != ''
+
+      - name: Push To Docker Hub
+        id: push-to-dockerhub-preview
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          image: ${{ steps.build-image.outputs.image }}
+          tags: 'next ${{env.APP_VERSION}}_rc'
+          registry: registry.hub.docker.com
+          username: continuoussecuritytooling
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+        if: github.ref == 'refs/heads/develop'
+
       - name: Push To Docker Hub
-        id: push-to-dockerhub
+        id: push-to-dockerhub-tagged
         uses: redhat-actions/push-to-registry@v2
         with:
           image: ${{ steps.build-image.outputs.image }}
-          tags: ${{ steps.build-image.outputs.tags }}
+          tags: 'latest ${{env.APP_VERSION}}'
           registry: registry.hub.docker.com
           username: continuoussecuritytooling
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
-        if: github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/main'
+        if: github.ref_type == 'tag' || github.tag != ''

package/.github/workflows/release.yml

@@ -26,22 +26,21 @@ jobs:
       - name: Install Helm
         uses: azure/setup-helm@v3
       - name: Install Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: '3.9'
           check-latest: true
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.4.0
+        uses: helm/chart-testing-action@v2.6.1
 
       - name: Run chart-testing (lint)
-        run: ct lint --config .ct.yaml 
+        run: ct lint --config .ct.yaml
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.5.0
-        with:
-          charts_dir: charts/
+        uses: helm/chart-releaser-action@v1.6.0
         env:
           CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
+          CR_GENERATE_RELEASE_NOTES: true
 
       - name: Login to GitHub Container Registry
         run: |
@@ -49,6 +48,7 @@ jobs:
 
       - name: Push Charts to GHCR
         run: |
+          shopt -s nullglob
           for pkg in .cr-release-packages/*; do
             if [ -z "${pkg:-}" ]; then
               break

package/.prettierrc

@@ -1,6 +1,6 @@
 {
   "semi": true,
-  "trailingComma": "none",
+  "trailingComma": "es5",
   "singleQuote": true,
-  "printWidth": 80
+  "printWidth": 120
 }

package/CHANGELOG.md

@@ -1,22 +1,103 @@
-# 0.2.0 (2023-06-02)
+# [0.8.0](https://github.com/ContinuousSecurityTooling/keycloak-reporter/compare/v0.7.2...v0.8.0) (2023-12-14)
+
+### Features
+
+* **Config:** Adding config validation and helm test hook ([c29e945](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/c29e945567b4dfcdc9a10e710efa2b1a8c00f970))
+
+### Bug Fixes
+
+* **deps:** update dependency @continuoussecuritytooling/keycloak-auditor to v1.1.2 ([2b985d5](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/2b985d5daa4d271bf4a1219b6df71b16515b4106))
+* **deps:** update dependency @continuoussecuritytooling/keycloak-auditor to v1.1.3 ([2ed9c0f](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/2ed9c0faff14bc7d43b5e739a48e7175c1e74c4c))
+* **deps:** update dependency @json2csv/node to v7.0.4 ([2488240](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/2488240525fd1d8c20cf5205be50c069e6ac0cd1))
+* **deps:** update dependency @keycloak/keycloak-admin-client to v23 ([12e4485](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/12e4485a0e4c508cc90fe86d3ab39efb647486ce))
+* **deps:** update dependency @keycloak/keycloak-admin-client to v23.0.1 ([babdf78](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/babdf78ce6b0f2736ce6703cb83338e37066639b))
+* **deps:** update dependency npm to v10.2.4 ([8529acf](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/8529acf82bf8ea1581c7510783087ba5d8d45dde))
+* **deps:** update dependency npm to v10.2.5 ([52a3c8b](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/52a3c8b48cbf0ee0d795aa00a9af36291025ae05))
+
+
+
+## [0.7.2](https://github.com/ContinuousSecurityTooling/keycloak-reporter/compare/v0.7.1...v0.7.2) (2023-11-16)
 
 
 ### Bug Fixes
 
-* **deps:** update dependency @json2csv/node to v7 ([42934da](https://github.com/ContinuousSecurityTooling/[object Object]/commit/42934da57a546b1a0db324183b3db51c27ff1cc2))
-* **deps:** update dependency @json2csv/node to v7.0.1 ([b0aeb36](https://github.com/ContinuousSecurityTooling/[object Object]/commit/b0aeb366b07a38d8b648b4a0c763bab578db653a))
-* Stick to NodeJS 16 ([595d799](https://github.com/ContinuousSecurityTooling/[object Object]/commit/595d799510e81de885430d7cc62549dd8a272aee))
+* Try to fix release ([ed7ebdf](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/ed7ebdf6ca9677621d19d8f829f611183602135f))
+
+
+
+## [0.7.1](https://github.com/ContinuousSecurityTooling/keycloak-reporter/compare/v0.7.0...v0.7.1) (2023-11-16)
+
+
+### Bug Fixes
+
+* **deps:** update dependency @continuoussecuritytooling/keycloak-auditor to v1.1.1 ([4fb7c58](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/4fb7c5801f8d5519d6c7132eabd29976e640cff3))
+* **deps:** update dependency @slack/webhook to v7.0.1 ([1c46ccf](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/1c46ccf7f9a91c4fc85464ddfe9aea8f8e588801))
+* **deps:** update dependency npm to v10.2.3 ([a42ac5c](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/a42ac5c5df195d5e9b15595bb377261f53acca03))
 
 
 ### Features
 
-* **Config:** Provide config file functionality ([f9097f9](https://github.com/ContinuousSecurityTooling/[object Object]/commit/f9097f966c2dfc5240111e9294742ad3821c36ad))
-* **Config:** Use config file in helm chart ([21e0512](https://github.com/ContinuousSecurityTooling/[object Object]/commit/21e051243df1a3000d2b57f6ee0feab5f6314910))
-* **Helm:** Initial chart version ([401c740](https://github.com/ContinuousSecurityTooling/[object Object]/commit/401c7401b1b34b479bb5a370c9d1077a36f653b0)), closes [#1](https://github.com/ContinuousSecurityTooling/[object Object]/issues/1)
-* **Report:** Adding id to report ([8dbc3d4](https://github.com/ContinuousSecurityTooling/[object Object]/commit/8dbc3d4deacba0a5e1729da93b8d933557ebd45b))
-* **Testing:** Adding end2end testing via keycloak local ([036202f](https://github.com/ContinuousSecurityTooling/[object Object]/commit/036202f47324e8b3e40764fdc3a43a270a2687cf))
-* **Users:** Adding user and client listing functionality ([4c13fa0](https://github.com/ContinuousSecurityTooling/[object Object]/commit/4c13fa0642d75b8e229091aca052a83fa8c7eb32))
-* **Webhooks:** Adding Support for Teams and Slack ([66da168](https://github.com/ContinuousSecurityTooling/[object Object]/commit/66da168d2cd234ebc6dd961cfe62a3c8191c0ccc)), closes [#2](https://github.com/ContinuousSecurityTooling/[object Object]/issues/2)
+* Using NodeJS 20 as default ([ba468cf](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/ba468cfa7e17615a38ea5ea7e81c859e1f734f67))
+
+
+
+# [0.7.0](https://github.com/ContinuousSecurityTooling/keycloak-reporter/compare/v0.6.0...v0.7.0) (2023-11-02)
+
+
 
+# [0.6.0](https://github.com/ContinuousSecurityTooling/keycloak-reporter/compare/4c13fa0642d75b8e229091aca052a83fa8c7eb32...v0.6.0) (2023-11-01)
 
 
+### Bug Fixes
+
+* **Build:** ci health workflow network fix and setup JDK ([9878cac](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/9878cacd99b8c7a66c9c2f7e26d9087f48b809fe))
+* **Chart:** Add only non-empty strings to secret ([eef4332](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/eef433203f33a14a322ecb0a46cd2701ef454eec))
+* **Chart:** Correct default values for install ([50e9b5c](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/50e9b5ccbaeec2661b16cf2d6d959fc66231f21e))
+* **Config:** Adding proper error handling for missing webhook URL ([1515b3d](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/1515b3dde0ec387ec226f8d5fe1ffd4f3a4af00d))
+* **Config:** Correcting handling for auditor endpoint toogle ([d332e13](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/d332e13667e5ff770e2d5dcb1374730dcc896527))
+* **Config:** Let config file overwrite defaults ([2df34a0](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/2df34a047ef8c2275f8ae4ef0d06209c1619d74e))
+* Correct ref error ([2098b15](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/2098b1531e20d2037252f706713e4dd54a620128))
+* Corrected missing variable ([3223ea3](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/3223ea31d33cad3ad7fd8d4b574ed88a737ced81))
+* Corrected renovate config ([af1bd4a](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/af1bd4a6c4c8678d4a4b2ffc97c41b583986f513))
+* **deps:** update dependency @json2csv/node to v7 ([42934da](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/42934da57a546b1a0db324183b3db51c27ff1cc2))
+* **deps:** update dependency @json2csv/node to v7.0.1 ([b0aeb36](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/b0aeb366b07a38d8b648b4a0c763bab578db653a))
+* **deps:** update dependency @json2csv/node to v7.0.2 ([bcca826](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/bcca8267291c79e13dc1bd563d80d59d1d6d0f27))
+* **deps:** update dependency @json2csv/node to v7.0.3 ([e61eaf2](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/e61eaf2b12243cc10903ac6235e03de78e6c4ae7))
+* **deps:** update dependency @keycloak/keycloak-admin-client to v22 ([cf5caac](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/cf5caac67d0a35b56e7c7a16dd5ee815aaf96d6c))
+* **deps:** update dependency @keycloak/keycloak-admin-client to v22.0.4 ([608703c](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/608703ce5f7d6c05c76eb88296c19e34eee20137))
+* **deps:** update dependency @keycloak/keycloak-admin-client to v22.0.5 ([e56d8ad](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/e56d8ada3b1b7e3ce0a456190f1d4a549309480c))
+* **deps:** update dependency @slack/webhook to v7 ([87872b5](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/87872b5bf56877ace56b49e9b70ace6fd90778a2))
+* **deps:** update dependency npm to v10 ([ff38e4f](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/ff38e4faa13b34d7794b9b36f46d11d61fdc90bf))
+* **deps:** update dependency npm to v10.1.0 ([48bf21a](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/48bf21ae8c251993295901f75150580f3b2a9988))
+* **deps:** update dependency npm to v10.2.0 ([203c3f0](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/203c3f03a25838e52dea15eefd564490ba137c2f))
+* **deps:** update dependency npm to v10.2.1 ([1544ee5](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/1544ee58ce2cd0e6f1951d45ce77a4cbaf2b0fac))
+* **deps:** update dependency npm to v9.7.1 ([1eeaf8f](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/1eeaf8fc51a643da62d46e0669751f732069ee3d))
+* **deps:** update dependency openid-client to v5.4.3 ([6cc9fba](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/6cc9fba92585393bb50cc586a8a7f994b8a6431c))
+* **deps:** update dependency openid-client to v5.5.0 ([efebce8](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/efebce81d16b95e9407bff874a62c5832bdc826e))
+* **deps:** update dependency openid-client to v5.6.0 ([b9020b8](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/b9020b82786a5f5ead45262b756c09a58ff4eb3a))
+* **deps:** update dependency openid-client to v5.6.1 ([ce75f52](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/ce75f527b58f3b3e0de240a0933f3bec79ddd7e1))
+* **deps:** update dependency ramda to v0.29.1 ([015da4c](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/015da4c065810d4aeb3d19b3fbc55633f39ba6af))
+* Fix chart deploy ([0f95f78](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/0f95f78cfcb98cac3da5b8c2bdf84c7bca324d57))
+* **Kubernetes:** Adjust helm chart config error ([f074b0e](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/f074b0eca275e8ee07e0dad6096cd64962dcae80))
+* Stick to NodeJS 16 ([595d799](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/595d799510e81de885430d7cc62549dd8a272aee))
+* **Webhooks:** Corrected error handling ([afe2c60](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/afe2c601852ef5564fcaafe6b959475a4271a9ec))
+* **Webhooks:** Correcting webhook additional message handling and improve error handling ([1fe6fdf](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/1fe6fdf3d93dd746c55ea3009a8414cfe3206d2f))
+
+
+### Features
+
+* Adding report directory support for archiving ([9347ef1](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/9347ef116b8d753b21e66826792865971ce7571d))
+* Allow chart to pass env vars ([37b19b4](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/37b19b428a07c373f308aee529a1ff376b87156e))
+* **API:** Use audit endpoint ([8ed489a](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/8ed489ae0c3e6b66f8506a6d6b87147e50b9a06c))
+* **Config:** Provide config file functionality ([f9097f9](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/f9097f966c2dfc5240111e9294742ad3821c36ad))
+* **Config:** Use config file in helm chart ([21e0512](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/21e051243df1a3000d2b57f6ee0feab5f6314910))
+* **Helm:** Adding OCI helm chart support ([4b3d433](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/4b3d433e2b94550541b821172c7d270abf2363fa))
+* **Helm:** Initial chart version ([401c740](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/401c7401b1b34b479bb5a370c9d1077a36f653b0)), closes [#1](https://github.com/ContinuousSecurityTooling/keycloak-reporter/issues/1)
+* **OCI:** Use OCI standard labels for container image ([3371f13](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/3371f136f51fa0482c253602b281ed508473ed44))
+* **Report:** Adding id to report ([8dbc3d4](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/8dbc3d4deacba0a5e1729da93b8d933557ebd45b))
+* **Security:** apt-upgrade in docker image ([3ac8217](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/3ac82179fcdcec5ff72179e1f33f5e0e9c50c45f))
+* **Security:** Hardening deployment with security config ([3d9fdec](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/3d9fdec7174bc5287b7c382d4aec8207051d3a11))
+* **Testing:** Adding end2end testing via keycloak local ([036202f](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/036202f47324e8b3e40764fdc3a43a270a2687cf))
+* **Users:** Adding user and client listing functionality ([4c13fa0](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/4c13fa0642d75b8e229091aca052a83fa8c7eb32))
+* **Webhook:** Allow custom text for message ([1707e24](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/1707e249c1c9c4c22b1510c767470a2670a4b33b))
+* **Webhooks:** Adding Support for Teams and Slack ([66da168](https://github.com/ContinuousSecurityTooling/keycloak-reporter/commit/66da168d2cd234ebc6dd961cfe62a3c8191c0ccc)), closes [#2](https://github.com/ContinuousSecurityTooling/keycloak-reporter/issues/2)

package/Dockerfile

@@ -1,6 +1,15 @@
-FROM node:18
+FROM node:20
 
-LABEL org.opencontainers.image.source https://github.com/ContinuousSecurityTooling/keycloak-reporter
+ARG BUILD_DATE
+ARG APP_VERSION
+
+LABEL org.opencontainers.image.authors='Martin Reinhardt (martin@m13t.de)' \
+    org.opencontainers.image.created=$BUILD_DATE \
+    org.opencontainers.image.version=$APP_VERSION \
+    org.opencontainers.image.url='https://hub.docker.com/r/continuoussecuritytooling/keycloak-reporting-cli' \
+    org.opencontainers.image.documentation='https://github.com/ContinuousSecurityTooling/keycloak-reporter' \
+    org.opencontainers.image.source='https://github.com/ContinuousSecurityTooling/keycloak-reporter.git' \
+    org.opencontainers.image.licenses='MIT'
 
 ENV CONFIG_FILE=/app/config.json
 
@@ -11,6 +20,11 @@ WORKDIR /app
 RUN cd /app && npm install --omit=dev &&\
     chown -R 1000:2000 /app
 
+# apt update
+RUN apt-get update && apt-get -y upgrade &&\
+  # clean up to slim image
+  apt-get clean autoclean && apt-get autoremove --yes && rm -rf /var/lib/{apt,dpkg,cache,log}/
+
 USER 1000
 
 ENTRYPOINT ["/app/docker_entrypoint.sh"]

package/README.md

@@ -1,5 +1,6 @@
 # Keycloak Reporter
 
+Keycloak user and client reporting tool for automated regular access checks.
 
 [![License](https://img.shields.io/github/license/ContinuousSecurityTooling/keycloak-reporter.svg)](LICENSE)
 [![CI](https://github.com/ContinuousSecurityTooling/keycloak-reporter/actions/workflows/pipeline.yml/badge.svg)](https://github.com/ContinuousSecurityTooling/keycloak-reporter/actions/workflows/pipeline.yml)
@@ -7,8 +8,8 @@
 [![npm downloads](https://img.shields.io/npm/dm/@continuoussecuritytooling%2Fkeycloak-reporter.svg)](https://www.npmjs.com/package/@continuoussecuritytooling/keycloak-reporter)
 [![Docker Stars](https://img.shields.io/docker/stars/continuoussecuritytooling/keycloak-reporting-cli.svg)](https://hub.docker.com/r/continuoussecuritytooling/keycloak-reporting-cli/)
 [![Known Vulnerabilities](https://snyk.io/test/github/ContinuousSecurityTooling/keycloak-reporter/badge.svg)](https://snyk.io/test/github/ContinuousSecurityTooling/keycloak-reporter)
-
 [![Docker Stars](https://img.shields.io/docker/stars/continuoussecuritytooling/keycloak-reporting-cli.svg)](https://hub.docker.com/r/continuoussecuritytooling/keycloak-reporting-cli/)
+[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/keycloak-reporter)](https://artifacthub.io/packages/helm/keycloak-reporter/keycloak-reporter)
 
 ## Usage
 
@@ -58,12 +59,15 @@ Valid commands are:
 
 ### Helm
 
-To install the Helm Chart use the OCI Package:
+To install the Helm Chart use the [OCI Package Registry](https://github.com/orgs/CloudTooling/packages):
 
 ```
-helm install keycloak-reporter oci://cloudtooling/helm-charts
+helm install keycloak-reporter oci://ghcr.io/cloudtooling/helm-charts
 ```
 
+>**NOTE**
+>Keep in mind, that you need a client/service account in keycloak with the appropriate rights. You can use this [template](.docs/realm-config.json) to deploy with [keycloak-config-cli](https://github.com/adorsys/keycloak-config-cli) a service account.
+
 ### Config file
 
 You can also provider a config file via env var `CONFIG_FILE` and then just provide the commands, e.g.:
@@ -85,4 +89,4 @@ And for Teams:
 kc-reporter listUsers <Keycloak_Root_URL> <Client_ID> <Client_Secret> --format=json --output=webhook --webhookType=teams --webhookUrl=$WEBHOOK_TESTING_TEAMS
 ```
 the following entry in slack will be created:
-![Team Sample](.docs/webhook-teams-sample.png)
+![Team Sample](.docs/webhook-teams-sample.png)

package/artifacthub-repo.yml

@@ -0,0 +1,6 @@
+# Artifact Hub repository metadata file
+# Used to become verified publisher and more - https://artifacthub.io/docs/topics/repositories/#verified-publisher
+repositoryID: 7283911f-50c6-484a-961c-36546321ef56
+owners:
+  - name: hypery2k
+    email: martin@m13t.de

package/charts/keycloak-reporter/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: keycloak-reporter
-description: A Helm chart for Kubernetes
+description: Keycloak user and client reporting tool for automated regular access checks.
 
 # A chart can be either an 'application' or a 'library' chart.
 #
@@ -15,15 +15,21 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.0.0
+version: 1.2.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-# renovate: datasource=github-tags depName=ContinuousSecurityTooling/keycloak-reporter
-appVersion: "0.6.0"
+# renovate: datasource=docker depName=ContinuousSecurityTooling/keycloak-reporter
+appVersion: '0.8.0'
 maintainers:
   # Martin Reinhardt
   - name: hypery2k
     email: martin@m13t.de
+annotations:
+  artifacthub.io/links: |
+    - name: GitHub
+      url: https://github.com/ContinuousSecurityTooling/keycloak-reporter
+    - name: Keycloak Auditor
+      url: https://github.com/ContinuousSecurityTooling/keycloak-auditor

package/charts/keycloak-reporter/README.md

@@ -1,8 +1,8 @@
 # keycloak-reporter
 
-![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.0](https://img.shields.io/badge/AppVersion-0.5.0-informational?style=flat-square)
+![Version: 1.2.1](https://img.shields.io/badge/Version-1.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.8.0](https://img.shields.io/badge/AppVersion-0.8.0-informational?style=flat-square)
 
-A Helm chart for Kubernetes
+Keycloak user and client reporting tool for automated regular access checks.
 
 ## Maintainers
 
@@ -15,32 +15,23 @@ A Helm chart for Kubernetes
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | affinity | object | `{}` |  |
-| cronjobs.clients | string | `"0 0 1 */3 *"` |  |
-| cronjobs.users | string | `"0 0 1 */3 *"` |  |
-| env | object | `{}` |  |
+| cronjobs | map | `{"clients":"0 0 1 */3 *","users":"0 0 1 */3 *"}` | Cron configuration |
+| env | map | `{}` | additonal environment variables |
 | fullnameOverride | string | `""` |  |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"continuoussecuritytooling/keycloak-reporting-cli"` |  |
+| image.tag | string | `""` |  |
 | imagePullSecrets | list | `[]` |  |
-| keycloak.config.clientId | string | `""` |  |
-| keycloak.config.clientSecret | string | `""` |  |
-| keycloak.config.output | string | `"webhook"` |  |
-| keycloak.config.url | string | `""` |  |
+| keycloak | map | `{"config":{"clientId":"","clientSecret":"","output":"webhook","url":"","useAuditingEndpoint":false,"webhookMessage":"","webhookType":"","webhookUrl":""},"volumes":{"reports":""}}` | Keycloak configuration |
 | keycloak.config.webhookMessage | string | `""` | optional message for the webhook post |
-| keycloak.config.webhookType | string | `""` |  |
-| keycloak.config.webhookUrl | string | `""` |  |
-| keycloak.volumes.reports | string | `""` |  |
 | nameOverride | string | `""` |  |
 | nodeSelector | object | `{}` |  |
 | podAnnotations | object | `{}` |  |
-| podSecurityContext | object | `{}` |  |
 | replicaCount | int | `1` |  |
-| resources | object | `{}` |  |
-| securityContext | object | `{}` |  |
 | serviceAccount.annotations | object | `{}` |  |
 | serviceAccount.create | bool | `true` |  |
 | serviceAccount.name | string | `""` |  |
 | tolerations | list | `[]` |  |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2)
+Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3)

package/charts/keycloak-reporter/ci.values.yaml

@@ -0,0 +1,13 @@
+env:
+  - name: CLIENT_ID
+    value: "clientId"
+  - name: CLIENT_SECRET
+    valueFrom:
+      secretKeyRef:
+        key: clientSecret
+        name: kc-reporter
+keycloak:
+  config:
+    url: http://localhost:8080
+    webhookType: test
+    webhookUrl: http://localhost:8888

package/charts/keycloak-reporter/templates/cronjob.yaml

@@ -18,7 +18,6 @@ spec:
           imagePullSecrets:
             {{- toYaml . | nindent 12 }}
           {{- end }}
-          # automountServiceAccountToken: false # fix KubernetesClustersShouldDisableAutomountingAPICredentialsMonitoringEffect OPA policy
           serviceAccountName: {{ default "default" ($.Values.serviceAccount).name }}
           securityContext:
             {{- toYaml $.Values.podSecurityContext | nindent 12 }}
@@ -28,14 +27,14 @@ spec:
               imagePullPolicy: {{ $.Values.image.pullPolicy }}
               command:
                 - node
-                - /app/cli.js 
+                - /app/cli.js
                 - {{ $config.script }}
               env:
                 - name: CONFIG_FILE
                   value: "/app/config.json"
-              {{- with $.Values.env }}
-              {{- tpl (toYaml .) $  | nindent 12 }}
-              {{- end }}
+                {{- with $.Values.env }}
+                {{- tpl (toYaml .) $  | nindent 16 }}
+                {{- end }}
               {{- if $.Values.resources }}
               resources:
                 {{- toYaml $.Values.resources | nindent 16 }}

package/charts/keycloak-reporter/templates/tests/test-connection.yaml

@@ -0,0 +1,57 @@
+{{- $fullName := include "keycloak-reporter.fullname" . }}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ printf "%s-test-connection" $fullName }}
+  annotations:
+    helm.sh/hook: test
+    helm.sh/hook-delete-policy: "hook-succeeded,before-hook-creation"
+    helm.sh/hook-weight: "5"
+spec:
+  containers:
+    - name: config-test
+      image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag | default $.Chart.AppVersion }}"
+      imagePullPolicy: {{ $.Values.image.pullPolicy }}
+      command:
+        - node
+        - /app/cli.js
+        - configTest
+      env:
+        - name: CONFIG_FILE
+          value: "/app/config.json"
+      {{- with $.Values.env }}
+      {{- tpl (toYaml .) $  | nindent 8 }}
+      {{- end }}
+      {{- if $.Values.resources }}
+      resources:
+        {{- toYaml $.Values.resources | nindent 10 }}
+      {{- end }}
+      securityContext:
+        {{- toYaml $.Values.securityContext | nindent 10 }}
+      volumeMounts:
+        - name: config-file
+          mountPath: "/app/config.json"
+          subPath: "config.json"
+          readOnly: true
+        {{- if ($.Values.keycloak.config.volumes).reports }}
+        - name: reports-dir
+          mountPath: "/app/reports"
+        {{- end }}
+    {{- if $.Values.nodeSelector }}
+  nodeSelector:
+    {{ toYaml $.Values.nodeSelector | nindent 4 }}
+  {{- end }}
+  {{- if $.Values.tolerations }}
+  tolerations:
+    {{ toYaml $.Values.tolerations | nindent 4 }}
+  {{- end }}
+  volumes:
+  - name: config-file
+    secret:
+      secretName: {{ $fullName }}
+  {{- if ($.Values.keycloak.config.volumes).reports }}
+  - name: reports-dir
+    persistentVolumeClaim:
+      claimName: {{ $fullName }}-reports
+  {{- end }}
+  restartPolicy: Never

package/charts/keycloak-reporter/values.yaml

@@ -8,7 +8,7 @@ image:
   repository: continuoussecuritytooling/keycloak-reporting-cli
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
-  #tag: "latest"
+  tag: ""
 
 imagePullSecrets: []
 nameOverride: ''
@@ -51,6 +51,7 @@ keycloak:
     output: 'webhook'
     webhookType: ''
     webhookUrl: ''
+    useAuditingEndpoint: false
     # -- optional message for the webhook post
     webhookMessage: ''
   volumes: