Merge branch 'main' into feature/manage+stepup

Author: oharsta

environments/template/group_vars/template.yml

@@ -156,15 +156,15 @@ voot:
     - { name: "voot", level: "DEBUG" }
   externalGroupProviders:
     - {
-        type: "teams",
-        url: "https://teams.{{ base_domain }}/api/voot",
-        credentials: {
-         username: "{{ teams.voot_api_user }}",
-         secret: "{{ external_group_provider_secrets.teams }}"
-        },
-        schacHomeOrganization: "{{ base_domain}}",
-        name: "SURFteams",
-        timeoutMillis: 15000
+          type: "invite",
+          url: "https://invite.{{ base_domain }}/api/external/v1/voot",
+          credentials: {
+              username: "{{ invite.vootuser }}",
+              secret: "{{ invite.vootsecret }}"
+          },
+          schacHomeOrganization: "N/A",
+          name: "Invite",
+          timeoutMillis: 3000
       }
 
 oidc_playground:

roles/docker/defaults/main.yml

@@ -8,5 +8,6 @@ docker_apt_gpg_key_checksum: "sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807c
 docker_apt_filename: "docker"
 docker_install_traefik: true
 docker_traefik_ldaps: false
+docker_traefik_version: 3.6.10
 docker_traefik_ports:
   - 0.0.0.0:443:443

roles/docker/tasks/main.yml

@@ -82,7 +82,7 @@
 - name: Create the Traefik loadbalancer
   community.docker.docker_container:
     name: loadbalancer
-    image: traefik:latest
+    image: traefik:{{ docker_traefik_version }}
     published_ports: "{{ docker_traefik_ports }}"
     pull: true
     restart_policy: "always"

roles/invite/templates/serverapplication.yml.j2

@@ -7,6 +7,7 @@ logging:
     org.springframework.security: WARN
     com.zaxxer.hikari: ERROR
     invite: DEBUG
+    net.javacrumbs.shedlock: DEBUG
 
 server:
   port: 8080
@@ -74,11 +75,13 @@ crypto:
   private-key-location: file:///private_key_pkcs8.pem
 
 cron:
-  user-cleaner-expression: "0 0/30 * * * *"
+  user-cleaner-cron: "PT30M"
+  user-cleaner-cron-initial-delay: "PT10M"
   user-cleaner-lock-at-least-for: "PT5M"
   user-cleaner-lock-at-most-for: "PT28M"
   last-activity-duration-days: 1000
-  role-expiration-notifier-expression: "0 0/30 * * * *"
+  role-expiration-notifier-cron: "PT30M"
+  role-expiration-notifier-cron-initial-delay: "PT15M"
   # Set to -1 to suppress role expiry notifications
   role-expiration-notifier-duration-days: 5
   role-expiration-notifier-lock-at-least-for: "PT5M"
@@ -87,7 +90,7 @@ cron:
   metadata-resolver-fixed-rate-milliseconds: 86_400_000
   metadata-resolver-url: "https://metadata.{{ base_domain }}/idps-metadata.xml"
   # A value of 0 means no logs will be deleted
-  purge-audit-log-days: 365
+  purge-audit-log-days: 0
   # A value of 0 means no invitations will be deleted
   purge-expired-invitations-days: 365