merge and resolve

.github/actions/setup/action.yaml

@@ -30,4 +30,4 @@ runs:
     - name: Install UDS CLI
       shell: bash
       # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
-      run: brew install defenseunicorns/tap/uds@0.9.2
+      run: brew install defenseunicorns/tap/uds@0.10.4

.github/bundles/infra-bundle/uds-bundle.yaml

@@ -10,7 +10,7 @@ packages:
   - name: init
     repository: ghcr.io/defenseunicorns/packages/init
     # renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver
-    ref: v0.33.1
+    ref: v0.33.2
 
   - name: core
     path: ../../../build/

.github/workflows/publish.yaml

@@ -27,10 +27,10 @@ jobs:
         uses: ./.github/actions/setup
 
       - name: Login to GHCR
-        run: uds run registry-login --set REGISTRY=ghcr.io --set REGISTRY_USERNAME=dummy --set REGISTRY_PASSWORD=${{ secrets.GITHUB_TOKEN }} --set REGISTRY_RETRY_INTERVAL=90
+        run: uds run registry-login --set REGISTRY=ghcr.io --set REGISTRY_USERNAME=dummy --set REGISTRY_PASSWORD=${{ secrets.GITHUB_TOKEN }} --set REGISTRY_RETRY_INTERVAL=90 --no-progress
 
       - name: Login to registry1
-        run: uds run registry-login --set REGISTRY=registry1.dso.mil --set REGISTRY_USERNAME=${{ secrets.IRON_BANK_ROBOT_USERNAME }} --set REGISTRY_PASSWORD=${{ secrets.IRON_BANK_ROBOT_PASSWORD }} --set REGISTRY_RETRY_INTERVAL=90
+        run: uds run registry-login --set REGISTRY=registry1.dso.mil --set REGISTRY_USERNAME=${{ secrets.IRON_BANK_ROBOT_USERNAME }} --set REGISTRY_PASSWORD=${{ secrets.IRON_BANK_ROBOT_PASSWORD }} --set REGISTRY_RETRY_INTERVAL=90 --no-progress
 
       - name: (Snapshot) Get snapshot version using git commit short sha and date
         if: ${{ inputs.snapshot }}
@@ -50,15 +50,23 @@ jobs:
       - name: Create Packages and Bundles
         run: |
           ZARF_ARCHITECTURE=amd64 uds run -f tasks/create.yaml standard-package --no-progress --set FLAVOR=${{ matrix.flavor }}
+          uds zarf tools clear-cache
           ZARF_ARCHITECTURE=amd64 uds run -f tasks/create.yaml k3d-standard-bundle --no-progress
+          uds zarf tools clear-cache
           ZARF_ARCHITECTURE=amd64 uds run -f tasks/create.yaml slim-dev-package --no-progress --set FLAVOR=${{ matrix.flavor }}
+          uds zarf tools clear-cache
           ZARF_ARCHITECTURE=amd64 uds run -f tasks/create.yaml k3d-slim-dev-bundle --no-progress
+          uds zarf tools clear-cache
 
           if [ "${{ matrix.flavor }}" != "registry1" ]; then
             ZARF_ARCHITECTURE=arm64 uds run -f tasks/create.yaml standard-package --no-progress --set FLAVOR=${{ matrix.flavor }}
+            uds zarf tools clear-cache
             ZARF_ARCHITECTURE=arm64 uds run -f tasks/create.yaml k3d-standard-bundle --no-progress
+            uds zarf tools clear-cache
             ZARF_ARCHITECTURE=arm64 uds run -f tasks/create.yaml slim-dev-package --no-progress --set FLAVOR=${{ matrix.flavor }}
+            uds zarf tools clear-cache
             ZARF_ARCHITECTURE=arm64 uds run -f tasks/create.yaml k3d-slim-dev-bundle --no-progress
+            uds zarf tools clear-cache
           fi
 
       # Standard Package by default tests what's in the Istio Package
@@ -79,23 +87,23 @@ jobs:
 
       - name: Publish Standard Package
         if: ${{ !inputs.snapshot }}
-        run: uds run -f tasks/publish.yaml standard-package --set FLAVOR=${{ matrix.flavor }}
+        run: uds run -f tasks/publish.yaml standard-package --set FLAVOR=${{ matrix.flavor }} --no-progress
 
       - name: Publish Upstream Flavored Bundles
         if: ${{ !inputs.snapshot && matrix.flavor != 'registry1' }}
-        run: uds run -f tasks/publish.yaml bundles
+        run: uds run -f tasks/publish.yaml bundles --no-progress
 
       - name: Publish Exemption CRD Package
         if: ${{ matrix.flavor == 'upstream' }}
         run: uds run -f tasks/publish.yaml exemption-crd-package
 
       - name: (Snapshot) Publish Standard Package
         if: ${{ inputs.snapshot }}
-        run: uds run -f tasks/publish.yaml standard-package --set FLAVOR=${{ matrix.flavor }} --set TARGET_REPO="ghcr.io/defenseunicorns/packages/uds/snapshots" --set VERSION="${SNAPSHOT_VERSION}"
+        run: uds run -f tasks/publish.yaml standard-package --set FLAVOR=${{ matrix.flavor }} --set TARGET_REPO="ghcr.io/defenseunicorns/packages/uds/snapshots" --set VERSION="${SNAPSHOT_VERSION}" --no-progress
 
       - name: (Snapshot) Publish Upstream Flavored Bundles
         if: ${{ inputs.snapshot && matrix.flavor != 'registry1' }}
-        run: uds run -f tasks/publish.yaml bundles --set TARGET_REPO="ghcr.io/defenseunicorns/packages/uds/snapshots" --set VERSION="${SNAPSHOT_VERSION}"
+        run: uds run -f tasks/publish.yaml bundles --set TARGET_REPO="ghcr.io/defenseunicorns/packages/uds/snapshots" --set VERSION="${SNAPSHOT_VERSION}" --no-progress
 
       - name: Save logs
         if: always()

.github/workflows/pull-request-conditionals.yaml

@@ -36,9 +36,9 @@ jobs:
       - name: Install UDS CLI
         shell: bash
         # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
-        run: brew install defenseunicorns/tap/uds@0.9.2
+        run: brew install defenseunicorns/tap/uds@0.10.4
       - name: Run Formatting Checks
-        run: uds run lint-check
+        run: uds run lint-check --no-progress
 
   # This job checks if there are changes in specific paths source packages.
   check-paths:

.github/workflows/slim-dev-test.yaml

@@ -41,7 +41,7 @@ jobs:
       - name: Environment setup
         uses: ./.github/actions/setup
       - name: Deploy Slim Dev Bundle
-        run: uds run slim-dev
+        run: uds run slim-dev --no-progress
       - name: Debug Output
         if: ${{ always() }}
         uses: ./.github/actions/debug-output

.github/workflows/test-eks.yaml

@@ -41,25 +41,25 @@ jobs:
         uses: ./.github/actions/setup
 
       - name: Install eksctl
-        run: uds run -f tasks/iac.yaml install-eksctl
+        run: uds run -f tasks/iac.yaml install-eksctl --no-progress
 
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: "1.5.7"
 
       - name: Create UDS Core Package
-        run: ZARF_ARCHITECTURE=amd64 uds run -f tasks/create.yaml standard-package
+        run: ZARF_ARCHITECTURE=amd64 uds run -f tasks/create.yaml standard-package --no-progress
 
       - name: Create Core Bundle
         run: uds create .github/bundles/infra-bundle --confirm
 
       - name: Create Cluster
-        run: uds run -f tasks/iac.yaml create-cluster
+        run: uds run -f tasks/iac.yaml create-cluster --no-progress
         timeout-minutes: 60
 
       - name: Create IAC
-        run: uds run -f tasks/iac.yaml create-iac
+        run: uds run -f tasks/iac.yaml create-iac --no-progress
         timeout-minutes: 20
 
       - name: Deploy Core Bundle
@@ -76,12 +76,12 @@ jobs:
 
       - name: Remove IAC
         if: always()
-        run: uds run -f tasks/iac.yaml destroy-iac
+        run: uds run -f tasks/iac.yaml destroy-iac --no-progress
         timeout-minutes: 10
         continue-on-error: true
 
       - name: Teardown EKS cluster
         if: always()
-        run: uds run -f tasks/iac.yaml destroy-cluster
+        run: uds run -f tasks/iac.yaml destroy-cluster --no-progress
         timeout-minutes: 30
         continue-on-error: true

.github/workflows/test.yaml

@@ -51,22 +51,22 @@ jobs:
         uses: ./.github/actions/setup
 
       - name: Login to GHCR
-        run: uds run registry-login --set REGISTRY=ghcr.io --set REGISTRY_USERNAME=dummy --set REGISTRY_PASSWORD=${{ secrets.GITHUB_TOKEN }} --set REGISTRY_RETRY_INTERVAL=90
+        run: uds run registry-login --set REGISTRY=ghcr.io --set REGISTRY_USERNAME=dummy --set REGISTRY_PASSWORD=${{ secrets.GITHUB_TOKEN }} --set REGISTRY_RETRY_INTERVAL=90 --no-progress
 
       - name: Login to registry1
-        run: uds run registry-login --set REGISTRY=registry1.dso.mil --set REGISTRY_USERNAME=${{ secrets.IRON_BANK_ROBOT_USERNAME }} --set REGISTRY_PASSWORD=${{ secrets.IRON_BANK_ROBOT_PASSWORD }} --set REGISTRY_RETRY_INTERVAL=90
+        run: uds run registry-login --set REGISTRY=registry1.dso.mil --set REGISTRY_USERNAME=${{ secrets.IRON_BANK_ROBOT_USERNAME }} --set REGISTRY_PASSWORD=${{ secrets.IRON_BANK_ROBOT_PASSWORD }} --set REGISTRY_RETRY_INTERVAL=90 --no-progress
 
       - name: Test a single source package
         if: ${{ inputs.package != 'all' && inputs.test_type == 'install' }}
-        run: uds run test-single-package --set FLAVOR=${{ inputs.flavor }}
+        run: uds run test-single-package --set FLAVOR=${{ inputs.flavor }} --no-progress
 
       - name: Test UDS Core Install
         if: ${{ inputs.package == 'all' && inputs.test_type == 'install' }}
-        run: uds run test-uds-core --set FLAVOR=${{ inputs.flavor }}
+        run: uds run test-uds-core --set FLAVOR=${{ inputs.flavor }} --no-progress
 
       - name: Test UDS Core Upgrade
         if: ${{ inputs.package == 'all' && inputs.test_type == 'upgrade' }}
-        run: uds run test-uds-core-upgrade --set FLAVOR=${{ inputs.flavor }}
+        run: uds run test-uds-core-upgrade --set FLAVOR=${{ inputs.flavor }} --no-progress
 
       - name: Debug Output
         if: ${{ always() }}

.vscode/settings.json

@@ -9,18 +9,18 @@
   },
   "yaml.schemas": {
     // renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
-    "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.9.2/uds.schema.json": [
+    "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.4/uds.schema.json": [
       "uds-bundle.yaml"
     ],
 
     // renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
-    "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.9.2/tasks.schema.json": [
+    "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.4/tasks.schema.json": [
       "tasks.yaml",
       "tasks/**/*.yaml",
       "src/**/validate.yaml"
     ],
     // renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
-    "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.9.2/zarf.schema.json": [
+    "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.4/zarf.schema.json": [
       "zarf.yaml"
     ]
   },

bundles/k3d-slim-dev/uds-bundle.yaml

@@ -31,7 +31,7 @@ packages:
   - name: init
     repository: ghcr.io/defenseunicorns/packages/init
     # renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver
-    ref: v0.33.1
+    ref: v0.33.2
 
   - name: core-slim-dev
     path: ../../build/

bundles/k3d-standard/uds-bundle.yaml

@@ -31,7 +31,7 @@ packages:
   - name: init
     repository: ghcr.io/defenseunicorns/packages/init
     # renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver
-    ref: v0.33.1
+    ref: v0.33.2
 
   - name: core
     path: ../../build/

docs/UDS_CORE_GROUPS.md

@@ -0,0 +1,37 @@
+# UDS-CORE Groups
+
+UDS Core deploys Keycloak which has some preconfigured groups that applications inherit from SSO and IDP configurations.
+
+## Applications
+### Grafana
+Grafana [maps the groups](https://github.com/defenseunicorns/uds-core/blob/49cb11a058a9209cee7019fa552b8c0b2ef73368/src/grafana/values/values.yaml#L37) from Keycloak to it's internal `Admin` and `Viewer` groups.
+
+| Keycloak Group | Mapped Grafana Group |
+|----------------|----------------------|
+| `Admin`        | `Admin`              |
+| `Auditor`      | `Viewer`             |
+
+If a user doesn't belong to either of these Keycloak groups the user will be unauthorized when accessing Grafana.
+
+### Neuvector
+Neuvector [maps the groups](https://github.com/defenseunicorns/uds-core/blob/main/src/neuvector/chart/templates/uds-package.yaml#L31-L35) from Keycloak to it's internal `admin` and `reader` groups.
+
+| Keycloak Group | Mapped Neuvector Group |
+|----------------|------------------------|
+| `Admin`        | `admin`                |
+| `Auditor`      | `reader`               |
+
+## Keycloak 
+> [!IMPORTANT]
+> All groups are under the Uds Core parent group. Frequently a group will be referred to as Uds Core/Admin or Uds Core/Auditor. In the Keycloak UI this requires an additional click to get down to the sub groups.
+
+### Identity Providers ( IDP )
+
+UDS Core ships with a [templated](https://github.com/defenseunicorns/uds-identity-config/blob/main/src/realm.json#L1712-L1813) Google SAML IDP, more documentation to configure the `realmInitEnv` values in [uds-identity-config](https://github.com/defenseunicorns/uds-identity-config/blob/main/docs/CUSTOMIZE.md#customizing-realm).
+
+Configuring your own IDP can be achieved via:
+* Custom uds-identity-config with a templated realm.json
+
+* Keycloak Admin UI and click ops
+
+* Custom [realm.json](https://github.com/defenseunicorns/uds-identity-config/blob/main/src/realm.json#L1712-L1813) for direct import in Keycloak 

packages/slim-dev/zarf.yaml

@@ -23,23 +23,24 @@ components:
   - name: istio-admin-gateway
     required: true
     import:
-      path: ../standard
+      path: ../../src/istio
 
   - name: istio-tenant-gateway
     required: true
     import:
-      path: ../standard
+      path: ../../src/istio
 
   - name: istio-passthrough-gateway
     required: true
     import:
-      path: ../standard
+      path: ../../src/istio
 
   # Pepr the world
   - name: pepr-uds-core
     required: true
     import:
-      path: ../standard
+      path: ../../dist
+      name: module
 
   - name: pre-core-exemptions
     required: true
@@ -50,4 +51,4 @@ components:
   - name: keycloak
     required: true
     import:
-      path: ../standard
+      path: ../../src/keycloak