feat: proper plugin activation of config-api container (#1627)

* feat: proper plugin activation of config-api container

* fix: handle fido2-plugin startup error

Overview:

- updated config-api WAR file
- updated JAR files for admin-ui, scim, fido2, and user-mgt plugins
- fixed fido2-plugin dependencies
- user-mgt-plugin is no longer enabled by default

* docs: user-mgt plugin is no longer enabled by default

automation/auto_update_build_date.py

@@ -48,7 +48,9 @@ def main():
             update_image(image, "CN_SOURCE_URL", "CN_BUILD_DATE")
             if image == "docker-jans-config-api":
                 update_image(image, "SCIM_PLUGIN_SOURCE_URL", "SCIM_PLUGIN_BUILD_DATE")
-                update_image(image, "ADMIN_UI_SOURCE_URL", "ADMIN_UI_PLUGIN_BUILD_DATE")
+                update_image(image, "ADMIN_UI_PLUGIN_SOURCE_URL", "ADMIN_UI_PLUGIN_BUILD_DATE")
+                update_image(image, "FIDO2_PLUGIN_SOURCE_URL", "FIDO2_PLUGIN_BUILD_DATE")
+                update_image(image, "USER_MGT_PLUGIN_SOURCE_URL", "USER_MGT_PLUGIN_BUILD_DATE")
         except KeyError:
             print(f'Docker image {image} does not contain any packages to update')
             continue

docker-jans-config-api/Dockerfile

@@ -32,7 +32,7 @@ RUN wget -q https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-home/${JETTY_
 # ==========
 
 ENV CN_VERSION=1.0.1-SNAPSHOT
-ENV CN_BUILD_DATE='2022-06-06 08:16'
+ENV CN_BUILD_DATE='2022-06-29 11:17'
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-config-api-server/${CN_VERSION}/jans-config-api-server-${CN_VERSION}.war
 
 # Install Jans Config API
@@ -63,13 +63,21 @@ RUN wget -q https://github.com/GluuFederation/gluu-snap/raw/${PYFACTER_VERSION}/
 
 RUN mkdir -p /usr/share/java
 
-ENV SCIM_PLUGIN_BUILD_DATE='2022-05-19 16:27'
+ENV SCIM_PLUGIN_BUILD_DATE='2022-06-29 11:18'
 ENV SCIM_PLUGIN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-config-api/plugins/scim-plugin/${CN_VERSION}/scim-plugin-${CN_VERSION}-distribution.jar
 RUN wget -q ${SCIM_PLUGIN_SOURCE_URL} -O /usr/share/java/scim-plugin.jar
 
-ENV ADMIN_UI_PLUGIN_BUILD_DATE='2022-05-19 16:27'
-ENV ADMIN_UI_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-config-api/plugins/admin-ui-plugin/${CN_VERSION}/admin-ui-plugin-${CN_VERSION}-distribution.jar
-RUN wget -q ${ADMIN_UI_SOURCE_URL} -O /usr/share/java/admin-ui-plugin.jar
+ENV ADMIN_UI_PLUGIN_BUILD_DATE='2022-06-29 11:18'
+ENV ADMIN_UI_PLUGIN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-config-api/plugins/admin-ui-plugin/${CN_VERSION}/admin-ui-plugin-${CN_VERSION}-distribution.jar
+RUN wget -q ${ADMIN_UI_PLUGIN_SOURCE_URL} -O /usr/share/java/admin-ui-plugin.jar
+
+ENV FIDO2_PLUGIN_BUILD_DATE='2022-06-29 11:18'
+ENV FIDO2_PLUGIN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-config-api/plugins/fido2-plugin/${CN_VERSION}/fido2-plugin-${CN_VERSION}-distribution.jar
+RUN wget -q ${FIDO2_PLUGIN_SOURCE_URL} -O /usr/share/java/fido2-plugin.jar
+
+ENV USER_MGT_PLUGIN_BUILD_DATE='2022-06-29 11:18'
+ENV USER_MGT_PLUGIN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-config-api/plugins/user-mgt-plugin/${CN_VERSION}/user-mgt-plugin-${CN_VERSION}-distribution.jar
+RUN wget -q ${USER_MGT_PLUGIN_SOURCE_URL} -O /usr/share/java/user-mgt-plugin.jar
 
 # ======
 # Python

docker-jans-config-api/README.md

@@ -68,7 +68,7 @@ The following environment variables are supported by the container:
 - `CN_GOOGLE_SPANNER_INSTANCE_ID`: Google Spanner instance ID.
 - `CN_GOOGLE_SPANNER_DATABASE_ID`: Google Spanner database ID.
 - `CN_CONFIG_API_APP_LOGGERS`: Custom logging configuration in JSON-string format with hash type (see [Configure app loggers](#configure-app-loggers) section for details).
-- `CN_CONFIG_API_PLUGINS`: Comma-separated plugin names that should be enabled (available plugins are `admin-ui` and `scim`).
+- `CN_CONFIG_API_PLUGINS`: Comma-separated plugin names that should be enabled (available plugins are `admin-ui`, `scim`, `fido2`, and `user-mgt`). Note that unknown plugin name will be ignored.
 - `CN_TOKEN_SERVER_CERT_FILE`: Path to token server certificate (default to `/etc/certs/token_server.crt`).
 - `CN_ADMIN_UI_PLUGIN_LOGGERS`: Custom logging configuration for AdminUI plugin in JSON-string format with hash type (see [Configure plugin loggers](#configure-plugin-loggers) section for details).
 - `CN_PROMETHEUS_PORT`: Port used by Prometheus JMX agent (default to empty string). To enable Prometheus JMX agent, set the value to a number. See [Exposing metrics](#exposing-metrics) for details.

docker-jans-config-api/scripts/bootstrap.py

@@ -88,6 +88,7 @@ def main():
     configure_logging()
 
     plugins = discover_plugins()
+    logger.info(f"Loaded config-api plugins: {', '.join(plugins)}")
     modify_config_api_xml(plugins)
 
     if "admin-ui" in plugins:

docker-jans-config-api/scripts/entrypoint.sh

@@ -2,16 +2,6 @@
 
 set -e
 
-copy_builtin_plugins() {
-    if [ ! -f /opt/jans/jetty/jans-config-api/custom/libs/scim-plugin.jar ]; then
-        cp /usr/share/java/scim-plugin.jar /opt/jans/jetty/jans-config-api/custom/libs/
-    fi
-
-    if [ ! -f /opt/jans/jetty/jans-config-api/custom/libs/admin-ui-plugin.jar ]; then
-        cp /usr/share/java/admin-ui-plugin.jar /opt/jans/jetty/jans-config-api/custom/libs/
-    fi
-}
-
 get_logging_files() {
     logs="resources/log4j2.xml"
 
@@ -33,9 +23,6 @@ get_prometheus_opt() {
 }
 
 python3 /app/scripts/wait.py
-
-copy_builtin_plugins
-
 python3 /app/scripts/bootstrap.py
 
 # run config-api

docker-jans-config-api/scripts/plugins.py

@@ -1,5 +1,6 @@
 import logging.config
 import os
+import shutil
 import sys
 
 from jans.pycloudlib.utils import cert_to_truststore
@@ -9,22 +10,41 @@
 logging.config.dictConfig(LOGGING_CONFIG)
 logger = logging.getLogger("plugins")
 
+SUPPORTED_PLUGINS = (
+    "admin-ui",
+    "scim",
+    "fido2",
+    "user-mgt",
+)
 
-def discover_plugins():
+
+def discover_plugins() -> list[str]:
+    """Discover enabled plugins.
+
+    The plugin JAR file will be copied to ``/opt/jans/jetty/jans-config-api/custom/libs`` directory.
+    """
     loaded_plugins = []
 
-    plugins = [
+    user_plugins = [
         plugin.strip()
         for plugin in os.environ.get("CN_CONFIG_API_PLUGINS", "").strip().split(",")
         if plugin.strip()
     ]
 
-    for plugin in plugins:
-        plugin_jar = f"/opt/jans/jetty/jans-config-api/custom/libs/{plugin}-plugin.jar"
+    for plugin in set(user_plugins):
+        if plugin not in SUPPORTED_PLUGINS:
+            continue
+
+        src = f"/usr/share/java/{plugin}-plugin.jar"
+        dst = f"/opt/jans/jetty/jans-config-api/custom/libs/{plugin}-plugin.jar"
 
-        if not os.path.isfile(plugin_jar):
+        if not os.path.isfile(src):
             continue
+
+        shutil.copyfile(src, dst)
         loaded_plugins.append(plugin)
+
+    # a list of loaded plugins
     return loaded_plugins