From 767e10039de18ea75ce40d7afab3e3780916ae96 Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Tue, 23 Apr 2024 15:13:19 -0400 Subject: [PATCH 01/19] url change Signed-off-by: Ryan Cook --- .github/workflows/main.yaml | 8 ++++---- roles/sigstore_scaffolding/defaults/main.yml | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index b5edd66..129b789 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -16,8 +16,8 @@ env: FULCIO_URL: https://fulcio.${{ secrets.BASE_DOMAIN }} TUF_URL: https://tuf.${{ secrets.BASE_DOMAIN }} KEYCLOAK_URL: ${{ secrets.KEYCLOAK_URL }} - KEYCLOAK_REALM: sigstore - KEYCLOAK_OIDC_ISSUER: ${{ secrets.KEYCLOAK_URL}}/realms/sigstore + KEYCLOAK_REALM: trusted-artifact-signer + KEYCLOAK_OIDC_ISSUER: ${{ secrets.KEYCLOAK_URL}}/realms/trusted-artifact-signer REKOR_URL: https://rekor.${{ secrets.BASE_DOMAIN }} TF_VAR_base_domain: ${{ secrets.BASE_DOMAIN }} TF_VAR_vpc_id: ${{ secrets.VPC_ID }} @@ -65,8 +65,8 @@ jobs: - name: sign and verify run: | - TOKEN=$(curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "username=jdoe" -d "password=secure" -d "grant_type=password" -d "scope=openid" -d "client_id=sigstore" https://keycloak-keycloak-system.apps.platform-sts.pcbk.p1.openshiftapps.com/auth/realms/sigstore/protocol/openid-connect/token | sed -E 's/.*"access_token":"([^"]*).*/\1/') - cosign sign -y --fulcio-url=${{ env.FULCIO_URL}} --rekor-url=${{ env.REKOR_URL}} --oidc-issuer=${{ env.KEYCLOAK_OIDC_ISSUER}} --identity-token=$TOKEN ${{ env.IMAGE }} + TOKEN=$(curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "username=jdoe" -d "password=secure" -d "grant_type=password" -d "scope=openid" -d "client_id=sigstore" ${{ env.KEYCLOAK_OIDC_ISSUER }}/protocol/openid-connect/token | sed -E 's/.*"access_token":"([^"]*).*/\1/') + cosign sign -y --fulcio-url=${{ env.FULCIO_URL}} --rekor-url=${{ env.REKOR_URL}} --oidc-issuer=${{ env.KEYCLOAK_OIDC_ISSUER}} --identity-token=$TOKEN --oidc-client-id=${{ secrets.KEYCLOAK_REALM }} ${{ env.IMAGE }} cosign verify --rekor-url=${{ env.REKOR_URL}} --certificate-identity-regexp ".*@redhat" --certificate-oidc-issuer-regexp ".*keycloak.*" ${{ env.IMAGE }} - name: Terraform Destroy diff --git a/roles/sigstore_scaffolding/defaults/main.yml b/roles/sigstore_scaffolding/defaults/main.yml index e4de627..5214df8 100644 --- a/roles/sigstore_scaffolding/defaults/main.yml +++ b/roles/sigstore_scaffolding/defaults/main.yml @@ -98,9 +98,9 @@ ct_logprefix: sigstoreansible scaffolding_utils_image: quay.io/ablock/sigstore-scaffolding-helper:latest -oidc_issuers: https://keycloak-keycloak-system.apps.platform-sts.pcbk.p1.openshiftapps.com/auth/realms/sigstore -sigstore_client_id: sigstore -issuer_url: https://keycloak-keycloak-system.apps.platform-sts.pcbk.p1.openshiftapps.com/auth/realms/sigstore +oidc_issuers: https://keycloak-keycloak-system.apps.platform-sts.pcbk.p1.openshiftapps.com/auth/realms/trusted-artifact-signer +sigstore_client_id: trusted-artifact-signer +issuer_url: https://keycloak-keycloak-system.apps.platform-sts.pcbk.p1.openshiftapps.com/auth/realms/trusted-artifact-signer oidc_issuers_type: email # Sigstore Images From e7e3cacb7d69b34094f389269ffc3b67a010e055 Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Tue, 23 Apr 2024 15:28:56 -0400 Subject: [PATCH 02/19] podman login Signed-off-by: Ryan Cook --- .github/workflows/main.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 129b789..6f71be7 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -38,9 +38,12 @@ jobs: - name: sshkeygen for ansible run: ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -N "" - - - name: docker login registry.redhat.io - run: echo ${{ secrets.RH_PASSWORD }} | docker login -u ${{ secrets.RH_USERNAME }} --password-stdin registry.redhat.io + - name: Log in to registry.redhat.io + uses: redhat-actions/podman-login@v1 + with: + username: ${{ secrets.RH_USERNAME }} + password: ${{ secrets.RH_PASSWORD }} + registry: registry.redhat.io - name: build push sign and tag run: | From 2bc6c5b8416d7eafe5cc238b39fd533cb039791d Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Tue, 23 Apr 2024 15:34:45 -0400 Subject: [PATCH 03/19] rollbacl Signed-off-by: Ryan Cook --- .github/workflows/main.yaml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 6f71be7..cc7b0d2 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -38,12 +38,8 @@ jobs: - name: sshkeygen for ansible run: ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -N "" - - name: Log in to registry.redhat.io - uses: redhat-actions/podman-login@v1 - with: - username: ${{ secrets.RH_USERNAME }} - password: ${{ secrets.RH_PASSWORD }} - registry: registry.redhat.io + - name: docker login registry.redhat.io + run: echo ${{ secrets.RH_PASSWORD }} | docker login -u ${{ secrets.RH_USERNAME }} --password-stdin registry.redhat.io - name: build push sign and tag run: | From 0d6f0be6cf4be7f492e9b8a06af4abe38f8e58d5 Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Tue, 23 Apr 2024 15:36:48 -0400 Subject: [PATCH 04/19] remove the login piece Signed-off-by: Ryan Cook --- .github/workflows/main.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index cc7b0d2..ff84c93 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -38,9 +38,6 @@ jobs: - name: sshkeygen for ansible run: ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -N "" - - name: docker login registry.redhat.io - run: echo ${{ secrets.RH_PASSWORD }} | docker login -u ${{ secrets.RH_USERNAME }} --password-stdin registry.redhat.io - - name: build push sign and tag run: | buildah pull alpine:latest From 6fddfd9d43baf9575a8cf632a6880fcd6e71501f Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Tue, 23 Apr 2024 15:39:18 -0400 Subject: [PATCH 05/19] provider requirement Signed-off-by: Ryan Cook --- main.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/main.tf b/main.tf index 9d1f5b5..4d362c7 100644 --- a/main.tf +++ b/main.tf @@ -36,6 +36,10 @@ variable "rh_password" { type = string } +provider "aws" { + region = "us-east-2" + +} // generate a new security group to allow ssh and https traffic resource "aws_security_group" "sigstore-access" { From 8313bd2365e1b342fc590aa86df5672ae79dc028 Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Tue, 23 Apr 2024 15:44:37 -0400 Subject: [PATCH 06/19] aws login Signed-off-by: Ryan Cook --- .github/workflows/main.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index ff84c93..1432664 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -44,6 +44,13 @@ jobs: buildah tag alpine:latest ${{ env.IMAGE }} buildah push ${{ env.IMAGE }} + - name: configure AWS credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ env.AWS_REGION }} + - name: Terraform Init run: terraform init From cd920886a4bc301a5e2bd2df5cef881948c8d8c7 Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Tue, 23 Apr 2024 15:50:50 -0400 Subject: [PATCH 07/19] aws login Signed-off-by: Ryan Cook --- .github/workflows/main.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 1432664..b2071d7 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -44,12 +44,12 @@ jobs: buildah tag alpine:latest ${{ env.IMAGE }} buildah push ${{ env.IMAGE }} - - name: configure AWS credentials - uses: aws-actions/configure-aws-credentials@v2 + - name: Login to AWS + uses: aws-actions/configure-aws-credentials@v1 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ env.AWS_REGION }} + aws-region: us-east-2 - name: Terraform Init run: terraform init @@ -57,7 +57,6 @@ jobs: - name: Terraform Apply run: terraform apply -auto-approve - - name: install cosign uses: sigstore/cosign-installer@v3.3.0 with: From 0761071167b206c1658b9a33c3f74ae348cac471 Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Tue, 23 Apr 2024 16:09:44 -0400 Subject: [PATCH 08/19] creds Signed-off-by: Ryan Cook --- .github/workflows/main.yaml | 9 ++------- main.tf | 1 - 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index b2071d7..330e0b0 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -23,6 +23,8 @@ env: TF_VAR_vpc_id: ${{ secrets.VPC_ID }} TF_VAR_rh_username: ${{ secrets.RH_USERNAME }} TF_VAR_rh_password: ${{ secrets.RH_PASSWORD }} + TF_VAR_aws_access_key: ${{ secrets.AWS_ACCESS_KEY_ID }} + TF_VAR_aws_secret_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} IMAGE: ttl.sh/sigstore-test:15m jobs: @@ -44,13 +46,6 @@ jobs: buildah tag alpine:latest ${{ env.IMAGE }} buildah push ${{ env.IMAGE }} - - name: Login to AWS - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-2 - - name: Terraform Init run: terraform init diff --git a/main.tf b/main.tf index 4d362c7..40f014e 100644 --- a/main.tf +++ b/main.tf @@ -38,7 +38,6 @@ variable "rh_password" { provider "aws" { region = "us-east-2" - } // generate a new security group to allow ssh and https traffic From a298d96f5585fc26753c9af9274fdfe3bf36ebf7 Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Tue, 23 Apr 2024 16:21:08 -0400 Subject: [PATCH 09/19] set vers Signed-off-by: Ryan Cook --- terraform.tf | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 terraform.tf diff --git a/terraform.tf b/terraform.tf new file mode 100644 index 0000000..664d0e7 --- /dev/null +++ b/terraform.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.6.2" + } + null = { + source = "hashicorp/null" + version = "~> 3.2.1" + } + } +} \ No newline at end of file From d2ba72b0b57e0493f0ee2e31a9c5ca54a8ccb25b Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Tue, 23 Apr 2024 16:24:28 -0400 Subject: [PATCH 10/19] var Signed-off-by: Ryan Cook --- .github/workflows/main.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 330e0b0..c0673d9 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -11,6 +11,7 @@ env: GO_VERSION: 1.21 AWS_REGION: us-east-2 AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} BASE_HOSTNAME: ${{ secrets.BASE_DOMAIN }} FULCIO_URL: https://fulcio.${{ secrets.BASE_DOMAIN }} From 9bf174c13008e3c2c79f6dc1d1b560f7442d8b17 Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Tue, 23 Apr 2024 16:29:59 -0400 Subject: [PATCH 11/19] var Signed-off-by: Ryan Cook --- .github/workflows/main.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index c0673d9..b96648d 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -47,6 +47,12 @@ jobs: buildah tag alpine:latest ${{ env.IMAGE }} buildah push ${{ env.IMAGE }} + - name: generate an AWS credentials file + run: | + echo "[default]" > ~/.aws/credentials + echo "aws_access_key_id = ${{ secrets.AWS_ACCESS_KEY_ID }}" >> ~/.aws/credentials + echo "aws_secret_access_key = ${{ secrets.AWS_SECRET_ACCESS_KEY }}" >> ~/.aws/credentials + - name: Terraform Init run: terraform init From 5f7f049aa4c4f51388ef4058bc1211f5e0ff9afe Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Tue, 23 Apr 2024 16:30:52 -0400 Subject: [PATCH 12/19] var Signed-off-by: Ryan Cook --- .github/workflows/main.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index b96648d..183c72b 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -49,6 +49,7 @@ jobs: - name: generate an AWS credentials file run: | + mkdir -p ~/.aws echo "[default]" > ~/.aws/credentials echo "aws_access_key_id = ${{ secrets.AWS_ACCESS_KEY_ID }}" >> ~/.aws/credentials echo "aws_secret_access_key = ${{ secrets.AWS_SECRET_ACCESS_KEY }}" >> ~/.aws/credentials From add8fdef0e7cb7253b2e9234431d19c93bfa36e6 Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Tue, 23 Apr 2024 16:32:06 -0400 Subject: [PATCH 13/19] var Signed-off-by: Ryan Cook --- main.tf | 4 ---- 1 file changed, 4 deletions(-) diff --git a/main.tf b/main.tf index 40f014e..6cc7bb0 100644 --- a/main.tf +++ b/main.tf @@ -36,10 +36,6 @@ variable "rh_password" { type = string } -provider "aws" { - region = "us-east-2" -} - // generate a new security group to allow ssh and https traffic resource "aws_security_group" "sigstore-access" { name = "sigstore-access" From d991865f758fa433525ebd05b54599d617c49769 Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Tue, 23 Apr 2024 16:36:45 -0400 Subject: [PATCH 14/19] var Signed-off-by: Ryan Cook --- .github/workflows/main.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 183c72b..87492bb 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -34,6 +34,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.8.1 - name: Checkout code uses: actions/checkout@v2 From 5bd697cb81b0e0fa1f55a4708366fa46e4e40c8b Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Tue, 23 Apr 2024 16:38:12 -0400 Subject: [PATCH 15/19] var Signed-off-by: Ryan Cook --- .github/workflows/main.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 87492bb..61015d7 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -37,6 +37,9 @@ jobs: with: terraform_version: 1.8.1 + - name: update packages and the system + run: sudo apt-get update && sudo apt-get upgrade -y + - name: Checkout code uses: actions/checkout@v2 From 84ba49ce7eb8cdf6e44c0ad5830a026b1effbc34 Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Tue, 23 Apr 2024 18:52:51 -0400 Subject: [PATCH 16/19] provider Signed-off-by: Ryan Cook --- provider.tf | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 provider.tf diff --git a/provider.tf b/provider.tf new file mode 100644 index 0000000..6776815 --- /dev/null +++ b/provider.tf @@ -0,0 +1,3 @@ +provider "aws" { + region = "us-east-2" +} \ No newline at end of file From eceaf1adf195e21c142318f4a580ce36238e014e Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Tue, 23 Apr 2024 18:55:06 -0400 Subject: [PATCH 17/19] remove update Signed-off-by: Ryan Cook --- .github/workflows/main.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 61015d7..4d9c24b 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -37,9 +37,6 @@ jobs: with: terraform_version: 1.8.1 - - name: update packages and the system - run: sudo apt-get update && sudo apt-get upgrade -y - - name: Checkout code uses: actions/checkout@v2 @@ -58,6 +55,7 @@ jobs: echo "[default]" > ~/.aws/credentials echo "aws_access_key_id = ${{ secrets.AWS_ACCESS_KEY_ID }}" >> ~/.aws/credentials echo "aws_secret_access_key = ${{ secrets.AWS_SECRET_ACCESS_KEY }}" >> ~/.aws/credentials + echo "region = ${{ env.AWS_REGION }}" >> ~/.aws/config - name: Terraform Init run: terraform init From e6dd9a8fcb77b9abe707a98a5cdd5f73f8bea4be Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Tue, 23 Apr 2024 18:57:00 -0400 Subject: [PATCH 18/19] inject Signed-off-by: Ryan Cook --- .github/workflows/main.yaml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 4d9c24b..5bd1c44 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -49,13 +49,8 @@ jobs: buildah tag alpine:latest ${{ env.IMAGE }} buildah push ${{ env.IMAGE }} - - name: generate an AWS credentials file - run: | - mkdir -p ~/.aws - echo "[default]" > ~/.aws/credentials - echo "aws_access_key_id = ${{ secrets.AWS_ACCESS_KEY_ID }}" >> ~/.aws/credentials - echo "aws_secret_access_key = ${{ secrets.AWS_SECRET_ACCESS_KEY }}" >> ~/.aws/credentials - echo "region = ${{ env.AWS_REGION }}" >> ~/.aws/config + - name: inject the AWS credentials into the provider tf file after region + run: sed -i "s/region = \"us-east-2\"/region = \"us-east-2\"\n access_key = \"${AWS_ACCESS_KEY_ID}\"\n secret_key = \"${AWS_SECRET_ACCESS_KEY}\"/g" provider.tf - name: Terraform Init run: terraform init From 775493520df6ddb8e152254add2a90bf860ef684 Mon Sep 17 00:00:00 2001 From: Ryan Cook Date: Tue, 23 Apr 2024 19:08:31 -0400 Subject: [PATCH 19/19] cred issue Signed-off-by: Ryan Cook --- .github/workflows/main.yaml | 10 ++++++++-- provider.tf | 1 + terraform.tf | 3 ++- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 5bd1c44..dcbcf60 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -49,8 +49,14 @@ jobs: buildah tag alpine:latest ${{ env.IMAGE }} buildah push ${{ env.IMAGE }} - - name: inject the AWS credentials into the provider tf file after region - run: sed -i "s/region = \"us-east-2\"/region = \"us-east-2\"\n access_key = \"${AWS_ACCESS_KEY_ID}\"\n secret_key = \"${AWS_SECRET_ACCESS_KEY}\"/g" provider.tf + - name: configure AWS credential files + run: | + mkdir -p ~/.aws + echo "[default]" > ~/.aws/credentials + echo "aws_access_key_id = ${{ secrets.AWS_ACCESS_KEY_ID }}" >> ~/.aws/credentials + echo "aws_secret_access_key = ${{ secrets.AWS_SECRET_ACCESS_KEY }}" >> ~/.aws/credentials + echo "[default]" > ~/.aws/config + echo "region = ${{ env.AWS_REGION }}" >> ~/.aws/config - name: Terraform Init run: terraform init diff --git a/provider.tf b/provider.tf index 6776815..d564e99 100644 --- a/provider.tf +++ b/provider.tf @@ -1,3 +1,4 @@ provider "aws" { region = "us-east-2" + profile = "default" } \ No newline at end of file diff --git a/terraform.tf b/terraform.tf index 664d0e7..07b0879 100644 --- a/terraform.tf +++ b/terraform.tf @@ -2,11 +2,12 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 5.6.2" + version = "~> 4.0" } null = { source = "hashicorp/null" version = "~> 3.2.1" } } + required_version = ">= 0.14.9" } \ No newline at end of file