feat: add hydra to oci-factory

canonical · Oct 17, 2024 · 06cd758 · 06cd758
1 parent 13c3378
commit 06cd758
Show file tree

Hide file tree

Showing 4 changed files with 71 additions and 0 deletions.
diff --git a/oci/hydra/.trivyignore b/oci/hydra/.trivyignore
@@ -0,0 +1,8 @@
+# Upstream CVEs
+
+# github.com/jackc/pgproto3/v2 - pgproto3 SQL Injection via Protocol Message Size Overflow
+GHSA-7jwh-3vrq-q3m8
+# github.com/jackc/pgx/v4 - pgx SQL Injection via Line Comment Creation
+CVE-2024-27289
+# github.com/jackc/pgx/v4 - pgx SQL Injection via Protocol Message Size Overflow
+CVE-2024-27304
diff --git a/oci/hydra/contacts.yaml b/oci/hydra/contacts.yaml
@@ -0,0 +1,5 @@
+notify:
+  emails:
+    - identity.charmers@lists.launchpad.net
+  mattermost-channels:
+    - ofi4for9obfq8m978h318x56ar
diff --git a/oci/hydra/documentation.yaml b/oci/hydra/documentation.yaml
@@ -0,0 +1,46 @@
+version: 1
+application: hydra
+is_chiselled: False
+description: |
+  Ory Hydra is a hardened, OpenID Certified OAuth 2.0 Server and OpenID Connect Provider
+  optimized for low-latency, high throughput, and low resource consumption.
+  Ory Hydra enables you to become an OAuth 2.0 and OpenID Connect provider. 
+  If you're not writing a basic web app but something that has to work on different devices, 
+  that has machine-2-machine interaction, or enables third-party developers to use your API 
+  (and pay for it), then this is what you're looking for.
+docker:
+  parameters:
+    - -p 4444:4444
+    - -p 4445:4445
+  access: Access your Hydra Public API at `http://localhost:4444`, Admin API at `http://localhost:4445`.
+parameters:
+  - type: -e
+    value: 'TRACING_ENABLED=true'
+    description: Tracing enablement.
+  - type: -e
+    value: 'TRACING_PROVIDER=otel'
+    description: Tracing protocol to be used.
+  - type: -e
+    value: 'TRACING_PROVIDERS_OTLP_INSECURE=true'
+    description: Allow Tracing via non TLS/insecure communication.
+  - type: -e
+    value: 'TRACING_PROVIDERS_OTLP_SAMPLING_SAMPLING_RATIO=1.0'
+    description: Tracing sampling ratio.
+  - type: -e
+    value: 'TRACING_PROVIDERS_OTLP_SERVER_URL=tempo.server.io:4318'
+    description: Tracing server url and port.
+  - type: -p
+    value: '4444:4444'
+    description: Hydra Public API port.
+  - type: -p
+    value: '4445:4445'
+    description: Hydra Admin API port.
+  - type: -v
+    value: "/path/to/hydra/config.yaml:/hydra.yaml"
+    description: >
+      Hydra config contains all the information needed to successfully configure it as an OIDC
+      Provider, see https://github.com/ory/hydra/blob/master/internal/config/config.yaml as a reference
+  - type: CMD
+    value: "hydra serve all --config /hydra.yaml"
+    description: >
+      Launch Hydra web server(s) using a mix of environment variables and the config mounted via volume.
diff --git a/oci/hydra/image.yaml b/oci/hydra/image.yaml
@@ -0,0 +1,12 @@
+version: 1
+upload:
+  - source: "canonical/hydra-rock"
+    commit: 3c27fb428fad0a339c39355b2f8cd5a477d32014
+    directory: .
+    release:
+      2.2.0-22.04:
+        risks:
+          - stable
+          - candidate
+          - edge
+        end-of-life: "2025-05-01T00:00:00Z"