Merge pull request #162 from blang9238/expose-ui-auth-lock-and-force-…

…websocket Expose UI auth lock and force websocket
anchore · Aug 26, 2021 · af7a56f · af7a56f
2 parents 304df7e + 99583ca
commit af7a56f
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 1 deletion.
diff --git a/stable/anchore-engine/Chart.yaml b/stable/anchore-engine/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: anchore-engine
-version: 1.14.1
+version: 1.14.2
 appVersion: 0.10.1
 description: Anchore container analysis and policy evaluation engine service
 keywords:

diff --git a/stable/anchore-engine/templates/enterprise_ui_configmap.yaml b/stable/anchore-engine/templates/enterprise_ui_configmap.yaml
@@ -51,6 +51,10 @@ data:
     enable_proxy: {{ .Values.anchoreEnterpriseUi.enableProxy }}
     allow_shared_login: {{ .Values.anchoreEnterpriseUi.enableSharedLogin }}
     redis_flushdb: {{ .Values.anchoreEnterpriseUi.redisFlushdb }}
+    force_websocket: {{ .Values.anchoreEnterpriseUi.forceWebsocket }}
+    authentication_lock: 
+      count: {{ .Values.anchoreEnterpriseUi.authenticationLock.count }}
+      expires: {{ .Values.anchoreEnterpriseUi.authenticationLock.expires }}
     {{- with .Values.anchoreEnterpriseUi.customLinks }}
     custom_links:
       title: {{ .title }}

diff --git a/stable/anchore-engine/values.yaml b/stable/anchore-engine/values.yaml
@@ -964,6 +964,37 @@ anchoreEnterpriseUi:
   # is flushed, any users with active sessions will be required to re-authenticate.
   redisFlushdb: true
 
+  # The (optional) `force_websocket` key specifies if the WebSocket protocol must
+  # be used for socket message communications. By default, long-polling is
+  # initially used to establish the handshake between client and web service,
+  # followed by a switch to WS if the WebSocket protocol is supported.
+  #
+  # If this value is unset, or is set to anything other than a Boolean, the web
+  # service will default to `False`.
+  #
+  # This value can be overridden by using the `ANCHORE_FORCE_WEBSOCKET`
+  # environment variable.
+  #
+  forceWebsocket: false
+
+  # The (optional) `authentication_lock` keys specify if a user should be
+  # temporarily prevented from logging in to an account after one or more failed
+  # authentication attempts. For this feature to be enabled, both values must be
+  # whole numbers greater than `0`. They can be overridden by using the
+  # `ANCHORE_AUTHENTICATION_LOCK_COUNT` and `ANCHORE_AUTHENTICATION_LOCK_EXPIRES`
+  # environment variables.
+  #
+  # The `count` value represents the number of failed authentication attempts
+  # allowed to take place before a temporary lock is applied to the username. The
+  # `expires` value represents, in seconds, how long the lock will be applied for.
+  #
+  # Note that, for security reasons, when this feature is enabled it will be
+  # applied to *any* submitted username, regardless of whether the user exists.
+  #
+  authenticationLock:
+    count: 5
+    expires: 300
+
   # The (optional) `custom_links` key allows a list of up to 10 external links to
   # be provided (additional items will be excluded). The top-level `title` key
   # provided the label for the menu (if present, otherwise the string "Custom