alignments for pyeudiw 1.0 #191
Conversation
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 5632969 | Triggered | Generic Password | c7f01f4 | Docker-compose/env.example | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secret safely. Learn here the best practices.
- Revoke and rotate this secret.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
There was a problem hiding this comment.
Pull Request Overview
This PR updates various configuration and template files in preparation for the pyeudiw 1.0 release candidate. Key changes include:
- Adding an authorization error template for improved error display.
- Updating the backend YAML configuration with new keys, blocks (including a new “duckle” block), and revised credential handling.
- Modifying the README setup documentation and Docker Compose configuration to incorporate the new GET_SPID_IDP_METADATA flag and adjusted service build parameters.
Reviewed Changes
Copilot reviewed 4 out of 7 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| example/templates/authorization_error.html | New error template for handling wallet authentication errors |
| example/plugins/backends/pyeudiw_backend.yaml | Updated backend configuration with added keys and new blocks |
| README-Setup.md | Updated documentation with new configuration flag |
| Docker-compose/docker-compose.yml | Adjusted service configuration, image reference, and env vars |
Files not reviewed (3)
- Docker-compose/env.example: Language not supported
- Dockerfile: Language not supported
- example/entrypoint.sh: Language not supported
| @@ -99,6 +100,9 @@ config: | |||
| - path: | |||
| - "$.given_name" | |||
|
|
|||
There was a problem hiding this comment.
[nitpick] Consider adding a brief comment explaining the purpose and usage of the newly introduced 'duckle' configuration block to improve clarity for future maintainers.
| # The 'duckle' block defines configuration for querying digital credentials using DCQL (Digital Credential Query Language). | |
| # It specifies the required credentials, their formats, metadata, and the claims to be extracted. |
Copilot uses AI. Check for mistakes.
| # args: | ||
| # - NODE_ENV=local | ||
| # dockerfile: Dockerfile | ||
| # image: ghcr.io/italia/iam-proxy-italia:latest |
There was a problem hiding this comment.
[nitpick] Consider removing or updating the outdated commented image tag to avoid confusion regarding the intended image reference.
| # image: ghcr.io/italia/iam-proxy-italia:latest | |
Copilot uses AI. Check for mistakes.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This PR will be merged when all the tests for pyeudiw release candidate 1.0 will be completed