Merge branch 'hardening_manifest' into 'development'

#1 Initial version of hardening_manifest.yaml See merge request !12

Merge branch 'hardening_manifest' into 'development'
#1 Initial version of hardening_manifest.yaml See merge request !12
74fbf009 · kwami.delali · 37db64f6 · 69f0d3a0 · 74fbf009 · 74fbf009
Commit 74fbf009 authored Apr 28, 2021 by kwami.delali
Hide whitespace changes
Inline Side-by-side

Showing with 289 additions and 2 deletions

Dockerfile Dockerfile +17 -0

LICENSE LICENSE +202 -0

README.md README.md +35 -2

hardening_manifest.yaml hardening_manifest.yaml +35 -0

No files found.
--- a/Dockerfile
+++ b/Dockerfile
+ARG BASE_REGISTRY=registry1.dso.mil
+ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8
+ARG BASE_TAG=8.3
+FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
+RUN yum update -y \
+    && yum clean all \
+    && rm -rfv /var/cache/yum
+ARG PACKAGE=cloudentity-acp-1.8.0.tar.gz
+COPY ${PACKAGE} .
+RUN tar xvf ${PACKAGE} && rm -f ${PACKAGE}
+RUN groupadd -r cloudentity \
+    && useradd -r -g cloudentity cloudentity
+USER cloudentity
+EXPOSE 8443
+ENTRYPOINT ["/acp"]
+HEALTHCHECK NONE
--- a/LICENSE
+++ b/LICENSE
+Cloudentity
+Evaluation End User License Agreement
+CAREFULLY READ THE FOLLOWING EVALUATION END USER LICENSE AGREEMENT
+BEFORE USING THE SOFTWARE. BY CLICKING “I ACCEPT”,  DOWNLOADING OR
+USING THE SOFTWARE YOU AGREE TO THIS EVALUATION END USER LICENSE
+AGREEMENT AND ARE THE “LICENSEE” OF  THE SOFTWARE. IF YOU ARE
+DOWNLOADING OR USING THE SOFTWARE ON BEHALF OF AN ENTITY, YOU REPRESENT
+THAT YOU HAVE THE  AUTHORITY TO ACT ON BEHALF OF AND BIND SUCH ENTITY TO
+THIS EVALUATION END USER LICENSE AGREEMENT.  IF YOU DO NOT AGREE TO THIS
+EVALUATION END USER LICENSE AGREEMENT, DO NOT DOWNLOAD OR USE
+THE SOFTWARE.
+Section 1 Grant of License
+     Subject to LICENSEE’S compliance with the terms and conditions of this Agreement, during
+the evaluation period  CLOUDENTITY grants LICENSEE a cost free, nonsublicensable,
+nontransferable, nonassignable, nonexclusive, revocable  license to use the CLOUDENTITY
+software (“Software”) and related documentation (“Documentation”, and with the Software,
+“Licensed Material”)solely for LICENSEE’S internal evaluation purposes. Upon expiration or
+termination of the evaluation period, all licenses  granted under this Section 1 shall terminate,
+and LICENSEE shall immediately return or destroy all copies of the Licensed Material then in
+LICENSEE’s possession or control. If LICENSEE wishes to use the Licensed Material
+after the evaluation period or for purposes other than evaluation, LICENSEE must pay a fee and
+enter into a separate order form and end user license agreement with CLOUDENTITY.
+Section 2 Restrictions
+         2.1 The Licensed Material is made available solely in accordance with this Agreement.
+Without limiting the foregoing, any copying or redistribution of the Licensed Material is prohibited,
+including any copying or reproduction for further reproduction, or redistribution.
+Any unauthorized use, copying, or distribution of the Licensed Material is expressly prohibited by
+law, and may result in civil and criminal penalties. LICENSEE will have no right to receive or
+review the source code version of any portion of the Software. LICENSEE shall not distribute
+or resell the Licensed Material in any form, nor use the Licensed Material to construct any product
+to compete with the Software. The Software may include functionality that will render it
+non-operational upon expiration of the license. Licensee is responsible and liable for all uses
+of the Software and Documentation resulting from access provided by LICENSEE, directly
+or indirectly, whether such access or use is permitted by or in violation of this Agreement.
+         2.2 LICENSEE shall not, directly or indirectly: (i) sublicense, resell, rent, lease, distribute,
+market, commercialize or otherwise transfer rights or usage to the Software or any modified
+version or derivative work of the Software; (ii) remove or alter any copyright, trademark or
+proprietary notice in the Software; (iii) use the Software for third-party training, commercial
+time-sharing, service bureau or application services without the express written permission of
+CLOUDENTITY; (iv) attempt, or permit anyone else to, reverse engineer, decompile or modify
+any portion of the Software; (v) modify or create any derivative works based on the Software;
+and (vi) publish or make available to any third party any analysis of the results of operation
+of the Software, including performance benchmarking results.
+Section 3 Support
+        3.1 CLOUDENTITY has no obligation under this Agreement to provide support,
+maintenance, upgrades, modifications, or new releases of the Licensed Material to LICENSEE.
+Section 4 Intellectual Property
+        4. 1 The Licensed Material is licensed, not sold. CLOUDENTITY owns and retains title
+to the Licensed Material, including all intellectual property rights therein.
+LICENSEE acknowledges that all intellectual property rights in the Licensed Material and
+the goodwill associated therewith are vested in and belong to CLOUDENTITY.
+CLOUDENTITY reserves any and all rights that are not expressly granted to LICENSEE
+hereunder.
+        4.2 CLOUDENTITY shall own all rights, title and interest, including all intellectual
+property or other proprietary rights, to any suggestions, ideas, feedback, improvements,
+recommendations, or other information created, conceived, or reduced to practice, by
+or on behalf of LICENSEE relating to the Licensed Material.
+Section 5 Warranty and Limited Liability
+        5.1 THE LICENSED MATERIAL IS PROVIDED "AS IS" AND CLOUDENTITY
+HEREBY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED,
+STATUTORY, OR OTHERWISE. CLOUDENTITY SPECIFICALLY DISCLAIMS
+ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR
+A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES
+ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
+CLOUDENTITY MAKES NO WARRANTY OF ANY KIND THAT THE LICENSED MATERIAL,
+OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, WILL MEET LICENSEE'S
+OR ANY OTHER PERSON'S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION,
+ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE,
+SYSTEM OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE,
+FREEOF HARMFUL CODE, OR ERROR FREE.
+        5.2 IN NO EVENT WILL CLOUDENTITY BE LIABLE UNDER OR IN CONNECTION
+WITH THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING
+BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY,
+AND OTHERWISE, FOR ANY: (A) CONSEQUENTIAL, INCIDENTAL, INDIRECT,
+EXEMPLARY, SPECIAL, ENHANCED, OR PUNITIVE DAMAGES; (B) INCREASED COSTS,
+DIMINUTION IN VALUE OR LOST BUSINESS,  PRODUCTION, REVENUES, OR PROFITS;
+(C) LOSS OF GOODWILL OR REPUTATION; (D) USE, INABILITY TO USE, LOSS,
+INTERRUPTION, DELAY OR RECOVERY  OF ANY DATA, OR BREACH OF DATA OR
+SYSTEM SECURITY; OR (E) COST OF REPLACEMENT GOODS OR SERVICES, IN
+EACH CASE REGARDLESS OF WHETHER CLOUDENTITY WAS ADVISED OF THE
+POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES
+WERE OTHERWISE FORESEEABLE. IN NO EVENT WILL CLOUDENTITY'S AGGREGATE
+LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT UNDER ANY LEGAL
+OR EQUITABLE THEORY, INCLUDING  BREACH OF CONTRACT, TORT (INCLUDING
+NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE EXCEED $1,000.
+        5.3. The Software is not designed or intended for high-risk applications or use in
+hazardous environments requiring fail-safe performance, such as in the operation of nuclear
+facilities, aircraft navigation, or communications systems, air traffic control, life support,
+weapons systems or in any other device or system in which function or malfunction of the
+Software could result in death, personal injury, or physical or environmental damage.
+Any such use or application by LICENSEE is outside the scope of this license and
+LICENSEE is not authorized to use the Software in any suchapplication.
+Section 6 Term and Termination
+        6.1 This Agreement and the licensed granted hereunder shall remain in effect
+until the expiration of the evaluation period unless earlier terminated as set forth in this
+Section 6. Unless CLOUDENTITY agrees otherwise, the evaluation period is 60 days from
+LICENSEE’S download of the Software.
+        6.2 Either party may terminate this Agreement, with or without cause, upon
+10 days prior written notice.
+        6.3 CLOUDENTITY may terminate this Agreement immediately upon written
+notice to LICENSEE if LICENSEE materially breaches any term or condition
+of this Agreement.
+        6.4 All rights and licenses granted herein will simultaneously and automatically
+terminate upon termination of this Agreement for any reason. Upon termination of this
+Agreement, LICENSEE shall either return to CLOUDENTITY or destroy all copies of
+the Licensed Material then in LICENSEE’s possession or control and certify in writing to
+CLOUDENTITY that the Licensed Material have been deleted or destroyed.
+        6.5 Section 2, Section 4, Section 5, and Section 6 through Section 11 of this
+Agreement shall survive the termination of this Agreement, and/or the licenses granted
+hereunder.
+Section 7 Software Export Controls
+        The Software may be subject to U.S. export control laws, including the Export
+Control Reform Act and its associated regulations. LICENSEE shall not, directly or
+indirectly, export, re-export, or release the Software to, or make the Software accessible
+from, any jurisdiction or country to which export, re-export, or release is prohibited by
+law, rule, or regulation.LICENSEE shall comply with all applicable federal laws,
+regulations, and rules, and complete all required undertakings (including obtaining any
+necessary export license or other governmental approval), prior to exporting, re-exporting,
+releasing, or otherwise making the Software available outside the U.S.
+Section 8 Entire Agreement and Severability
+        THIS AGREEMENT CONSTITUTES A BINDING LEGAL AGREEMENT
+BETWEEN LICENSEE AND CLOUDENTITY AND REPRESENTS THE ENTIRE
+UNDERSTANDING BETWEEN LICENSEE AND CLOUDENTITY WITH REGARD
+TO THE LICENSED MATERIAL. Any conflict or ambiguity between this Agreement
+and any other agreement between LICENSEE and CLOUDENTITY will be resolved
+by giving precedence to this Agreement. No terms, provisions or conditions of any
+purchase order, acknowledgment or other business form that  LICENSEE may use
+in connection with the acquisition or licensing of the Licensed Material will have
+any effect on the rights,  duties or obligations of the parties under, or otherwise
+modify, this Agreement, regardless of any failure of CLOUDENTITY to object
+to such terms, provisions, or conditions. No amendment or modification of this
+Agreement or any provision or attachment of this Agreement shall be effective
+unless it is in writing and signed by both parties. If any provision of this
+Agreement is held to be  invalid, illegal or unenforceable, the validity, legality
+and enforceability of the remaining provisions will in no way be affected
+or impaired thereby.
+Section 9 Governing Law and Forum
+        The validity, construction and performance of this Agreement shall be governed by
+the substantive laws of the Commonwealth of Virginia, U.S.A. (excluding conflicts of
+law principles). LICENSEE and CLOUDENTITY agree that any dispute arising out
+of this Agreement shall be instituted in the United States District Court for the
+Eastern District of Virginia, Alexandria Division, or the courts of the Commonwealth
+of Virginia located in Fairfax County, Virginia, and each party irrevocably submits
+to the exclusive jurisdiction of such courts in any such suit, action or proceeding.
+If any legal action is undertaken to enforce the terms of this Agreement,
+the prevailing party shall be entitled to reasonable attorney’s fees and costs in addition
+to any other relief to which that party may be entitled. This Agreement specifically
+excludes the United Nations Convention on Contracts for the International
+Sale of Goods and any legislation implementing such Convention, if    otherwise applicable.
+The parties agree that the provisions of the Uniform Computer Information
+Transactions Act (“UCITA”), as it may have been or hereafter may be in effect in any
+jurisdiction, shall not apply to this Agreement, and the parties waive
+any and all rights they may have under any laws(s) adopting UCITA in any form.
+Section 10 Government End Users
+        The Software licensed under this Agreement is “commercial computer software”
+as that term is described in DFAR 252.227-7014(a)(1). If acquired by or on behalf of a
+civilian agency, the U.S. Government acquires the Licensed Material subject to the
+terms of this Agreement as specified in 48 C.F.R. 12.212 of the Federal Acquisition
+Regulations (“FAR”) and its successors. If acquired by or on behalf of any agency
+within the Department of Defense (“DOD”), the U.S. Government acquires the
+Licensed Material subject to the terms of this Agreement as specified in
+48 C.F.R. 227.7202 of the DOD FAR Supplement and its successors.
+Contractor is Syntegrity Networks, Inc., d/b/a Cloudentity, 2815 2nd Ave,
+Suite 390, Seattle, WA 98121.
+Section 11 Assignment and Benefit
+        Without the consent of the other party in writing, neither party may assign this
+Agreement; provided, however, CLOUDENTITY may assign this Agreement to another
+entity that acquires or has acquired substantially all of the stock or assets of CLOUDENTITY.
+This Agreement shall be binding upon and shall inure to the benefit of LICENSEE and
+CLOUDENTITY and each party’s successors, subject to the other provisions of this Section.
--- a/README.md
+++ b/README.md
-# <application name>
+# Authorization Control Plane
-Project template for all Iron Bank container repositories.
+Cloudentity Authorization Control Plane (ACP) is a cutting edge platform for the API access control. ACP consolidates capabilities of a
\ No newline at end of file
+modern OAuth/OIDC server with an advanced authorization, consent management, and developer enablement.
+## Build and run image
+**1.** Build image
+	docker build -t <image_name> .
+**2.** Run image
+    docker run -t <image_name>
+## Recommended resource requirements
+**1.** Min/max cpu
+	1/-
+**2.** Min/max memory
+	1gb/-
+**3.** Storage min/max/limits
+	10gb/-/-
+**4.** How many storage volumes the application needs
+	1
+**5.** Max number of containers
+	n/a
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
+---
+apiVersion: v1
+name: "cloudentity/acp"
+tags:
+  - "1.8.0"
+  - "1.8"
+  - "1"
+  - "latest"
+args:
+  BASE_IMAGE: "redhat/ubi/ubi8"
+  BASE_TAG: "8.3"
+labels:
+  org.opencontainers.image.title: "acp"
+  org.opencontainers.image.description: "Cloudentity Authorization Control Plane"
+  org.opencontainers.image.licenses: "Proprietary"
+  org.opencontainers.image.url: "https://cloudentity.com/"
+  org.opencontainers.image.vendor: "Cloudentity"
+  org.opencontainers.image.version: "1.8.0"
+  mil.dso.ironbank.image.keywords: "cloudentity,acp,authorization"
+  mil.dso.ironbank.image.type: "commercial"
+  mil.dso.ironbank.product.name: "cloudentity"
+resources:
+  - filename: cloudentity-acp-1.8.0.tar.gz
+    url: https://cloudentity-acp-ironbank-releases.s3.amazonaws.com/cloudentity-acp-1.8.0.tar.gz
+    validation:
+      type: sha256
+      value: 4ee923113296ae9619197871fc78ba240c0128baacaf08c143de476335fc48f5
+maintainers:
+  - name: "Artur Smolarek"
+    email: "asmolarek@cloudentity.com"
+    username: "asmolarek"
+  - name: "Dominik Zeromski"
+    email: "dzeromski@cloudentity.com"
+    username: "dzeromski"