diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index aa042845886..072ff1dc699 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -4,7 +4,7 @@ # These owners will be the default owners for everything in this branch of # the repo. Unless a later match takes precedence -/docker-jans-*/ @moabu +/docker-jans-*/ @moabu @iromli /automation/ @moabu /charts/ @moabu /.github/ @moabu diff --git a/.github/workflows/microk8s_couchbase.yml b/.github/workflows/microk8s_couchbase.yml index 2c765a5c0c4..a8581705e8e 100644 --- a/.github/workflows/microk8s_couchbase.yml +++ b/.github/workflows/microk8s_couchbase.yml @@ -5,13 +5,13 @@ on: - master - main paths: - - "charts/**" + - "helm/**" pull_request: branches: - master - main paths: - - "charts/**" + - "helm/**" workflow_dispatch: jobs: build: diff --git a/.github/workflows/microk8s_mysql.yml b/.github/workflows/microk8s_mysql.yml index cea4e7e5a8d..4640e10199c 100644 --- a/.github/workflows/microk8s_mysql.yml +++ b/.github/workflows/microk8s_mysql.yml @@ -5,13 +5,13 @@ on: - master - main paths: - - "charts/**" + - "helm/**" pull_request: branches: - master - main paths: - - "charts/**" + - "helm/**" workflow_dispatch: jobs: build: diff --git a/.github/workflows/microk8s_opendj.yml b/.github/workflows/microk8s_opendj.yml index a10545cd276..1e0b754b889 100644 --- a/.github/workflows/microk8s_opendj.yml +++ b/.github/workflows/microk8s_opendj.yml @@ -5,13 +5,13 @@ on: - master - main paths: - - "charts/**" + - "helm/**" pull_request: branches: - master - main paths: - - "charts/**" + - "helm/**" workflow_dispatch: jobs: build: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index b8446289e63..36d922e179c 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -35,7 +35,7 @@ jobs: git config user.email "54212639+mo-auto@users.noreply.github.com" git config --global user.signingkey "${{ steps.import_gpg.outputs.keyid }}" - - uses: google-github-actions/release-please-action@v3 + - uses: google-github-actions/release-please-action@v3.0.1 id: release-please with: path: ${{ matrix.docker-images }} @@ -48,7 +48,7 @@ jobs: strategy: fail-fast: false matrix: - python-projects: ["jans-pycloudlib"] + python-projects: ["jans-pycloudlib", "jans-cli"] steps: - name: Checkout uses: actions/checkout@v2 @@ -70,7 +70,7 @@ jobs: git config user.email "54212639+mo-auto@users.noreply.github.com" git config --global user.signingkey "${{ steps.import_gpg.outputs.keyid }}" - - uses: google-github-actions/release-please-action@v3 + - uses: google-github-actions/release-please-action@v3.0.1 id: release-please with: path: ${{ matrix.python-projects }} diff --git a/README.md b/README.md index fe01d8ed67e..2cf24c6e5e7 100644 --- a/README.md +++ b/README.md @@ -34,10 +34,10 @@ Start a fresh ubuntu `18.04` or `20.04` and execute the following ```bash sudo su - -wget https://raw.githubusercontent.com/JanssenProject/jans-cloud-native/master/automation/startdemo.sh && chmod u+x startdemo.sh && ./startdemo.sh +wget https://raw.githubusercontent.com/JanssenProject/jans/master/automation/startopenbankingdemo.sh && chmod u+x startopenbankingdemo.sh && ./startopenbankingdemo.sh ``` -This will install docker, microk8s, helm and Janssen with the default settings the can be found inside [values.yaml](charts/jans/values.yaml). Please map the `ip` of the instance running ubuntu to `demoexample.jans.io` and then access the endpoints at your browser such in the example in the table below. +This will install docker, microk8s, helm and Janssen with the default settings the can be found inside [values.yaml](helm/pygluu/kubernetes/templates/gluu/values.yaml). Please map the `ip` of the instance running ubuntu to `demoexample.jans.io` and then access the endpoints at your browser such in the example in the table below. | Service | Example endpoint | | ----------- | -------------------------------------------------------------- | @@ -45,4 +45,6 @@ This will install docker, microk8s, helm and Janssen with the default settings t | fido2 | `https://demoexample.jans.io/.well-known/fido2-configuration` | | scim | `https://demoexample.jans.io/.well-known/scim-configuration` | -For more information follow [here](charts/jans/README.md). +For more information follow [here](helm/README.md). + +Helm charts are located \ No newline at end of file diff --git a/_config.yml b/_config.yml index da3de5b0df8..1f4df789d14 100644 --- a/_config.yml +++ b/_config.yml @@ -7,7 +7,7 @@ buttons: href: /jans-cloud-native - b1: text: Helm Chart - href: /jans-cloud-native/charts/jans + href: /jans-cloud-native/helm/pygluu/kubernetes/helm - b2: text: Debugging Interception scripts href: /jans-cloud-native/docs/interception-script-debug diff --git a/automation/startdemo.sh b/automation/startdemo.sh deleted file mode 100644 index 503448b0985..00000000000 --- a/automation/startdemo.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -set -e -sudo apt-get update -sudo apt-get install python3-pip -y -sudo pip3 install pip --upgrade -sudo pip3 install setuptools --upgrade -sudo pip3 install pyOpenSSL --upgrade -sudo apt-get update -sudo apt-get install build-essential unzip -y -sudo pip3 install requests --upgrade -sudo pip3 install shiv -git clone https://github.com/JanssenProject/jans-cloud-native.git || [ -d "./jans-cloud-native" ] && echo "Directory exists." -cd jans-cloud-native -sudo snap install microk8s --classic -sudo microk8s.status --wait-ready -sudo microk8s.enable dns registry ingress -sudo microk8s kubectl get daemonset.apps/nginx-ingress-microk8s-controller -n ingress -o yaml | sed -s "s@ingress-class=public@ingress-class=nginx@g" | microk8s kubectl apply -f - -sudo apt-get update -sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y -curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - -sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" -sudo apt-get update -sudo apt-get install net-tools -curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 -chmod 700 get_helm.sh -./get_helm.sh -sudo apt-get install docker-ce docker-ce-cli containerd.io -y -microk8s.kubectl create namespace jans || echo "namespace exists" -microk8s.config > ~/.kube/config -default_iface=$(awk '$2 == 00000000 { print $1 }' /proc/net/route) -ip=$(ip addr show dev "$default_iface" | awk '$1 == "inet" { sub("/.*", "", $2); print $2 }') -helm install jans -f ./charts/jans/values.yaml ./charts/jans -n jans --set global.lbIp="$ip" || echo "Please get ip of the instance and run helm install jans -f ./jans-cloud-native/helm/values.yaml ./jans-cloud-native/helm -n jans --set global.lbIp=" diff --git a/automation/startopenabankingdemo.sh b/automation/startopenabankingdemo.sh new file mode 100644 index 00000000000..b2fb7c912b7 --- /dev/null +++ b/automation/startopenabankingdemo.sh @@ -0,0 +1,97 @@ +#!/bin/bash +set -e +sudo apt-get update +sudo apt-get install python3-pip -y +sudo pip3 install pip --upgrade +sudo pip3 install setuptools --upgrade +sudo pip3 install pyOpenSSL --upgrade +sudo apt-get update +sudo apt-get install build-essential unzip -y +sudo pip3 install requests --upgrade +sudo pip3 install shiv +sudo snap install microk8s --classic +sudo microk8s.status --wait-ready +sudo microk8s.enable dns registry ingress +sudo microk8s kubectl get daemonset.apps/nginx-ingress-microk8s-controller -n ingress -o yaml | sed -s "s@ingress-class=public@ingress-class=nginx@g" | microk8s kubectl apply -f - +sudo apt-get update +sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y +curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - +sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" +sudo apt-get update +sudo apt-get install net-tools +curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 +chmod 700 get_helm.sh +./get_helm.sh +sudo apt-get install docker-ce docker-ce-cli containerd.io -y +sudo microk8s config > config +KUBECONFIG="$PWD"/config +sudo microk8s.kubectl create namespace gluu --kubeconfig="$KUBECONFIG" || echo "namespace exists" +sudo helm repo add bitnami https://charts.bitnami.com/bitnami +sudo microk8s.kubectl get po --kubeconfig="$KUBECONFIG" +sudo helm install my-release --set auth.rootPassword=Test1234#,auth.database=jans bitnami/mysql -n gluu --kubeconfig="$KUBECONFIG" +EXT_IP=$(dig +short myip.opendns.com @resolver1.opendns.com) +sudo echo "$EXT_IP demoexample.gluu.org" >> /etc/hosts +cat << EOF > override.yaml +config: + configmap: + cnSqlDbHost: my-release-mysql.gluu.svc + cnSqlDbUser: root +nginx-ingress: + ingress: + #/jans-auth/restv1/token + authServerProtectedToken: true + #/jans-auth/restv1/register + authServerProtectedRegister: true + # in the format of {cert-manager.io/cluster-issuer: nameOfClusterIssuer, kubernetes.io/tls-acme: "true"} + additionalAnnotations: + # Enable client certificate authentication + nginx.ingress.kubernetes.io/auth-tls-verify-client: "optional" + # Create the secret containing the trusted ca certificates + nginx.ingress.kubernetes.io/auth-tls-secret: "gluu/ca-secret" + # Specify the verification depth in the client certificates chain + nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1" + # Specify if certificates are passed to upstream server + nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" +global: + isFqdnRegistered: false + lbIp: $EXT_IP +EOF +sudo helm repo add gluu https://gluufederation.github.io/cloud-native-edition/pygluu/kubernetes/templates/helm +sudo helm repo update +sudo helm install gluu gluu/gluu -n gluu --version=5.0.2 -f override.yaml --kubeconfig="$KUBECONFIG" +echo "Waiting for auth-server to come up....Please do not cancel out...This will wait for the auth-server to be ready.." +sleep 120 +cat << EOF > testendpoints.sh +# get certs and keys. This will also generate the client crt and key to be used to access protected endpoints +mkdir quicktestcerts || echo "directory exists" +cd quicktestcerts +sudo microk8s config > config +KUBECONFIG="$PWD"/config +rm ca.crt ca.key server.crt server.key client.csr client.crt client.key +sudo microk8s.kubectl delete secret generic ca-secret -n gluu --kubeconfig="$KUBECONFIG" || echo "secret ca-secret does not exist and will be created." +sudo microk8s.kubectl get secret cn -o json -n gluu --kubeconfig="$KUBECONFIG" | grep '"ssl_ca_cert":' | sed -e 's#.*:\(\)#\1#' | tr -d '"' | tr -d "," | tr -d '[:space:]' | base64 -d > ca.crt +sudo microk8s.kubectl get secret cn -o json -n gluu --kubeconfig="$KUBECONFIG" | grep '"ssl_ca_key":' | sed -e 's#.*:\(\)#\1#' | tr -d '"' | tr -d "," | tr -d '[:space:]' | base64 -d > ca.key +sudo microk8s.kubectl get secret cn -o json -n gluu --kubeconfig="$KUBECONFIG" | grep '"ssl_cert":' | sed -e 's#.*:\(\)#\1#' | tr -d '"' | tr -d "," | tr -d '[:space:]' | base64 -d > server.crt +sudo microk8s.kubectl get secret cn -o json -n gluu --kubeconfig="$KUBECONFIG" | grep '"ssl_key":' | sed -e 's#.*:\(\)#\1#' | tr -d '"' | tr -d "," | tr -d '[:space:]' | base64 -d > server.key +openssl req -new -newkey rsa:4096 -keyout client.key -out client.csr -nodes -subj '/CN=Openbanking' +openssl x509 -req -sha256 -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 02 -out client.crt +sudo microk8s.kubectl create secret generic ca-secret -n gluu --from-file=tls.crt=server.crt --from-file=tls.key=server.key --from-file=ca.crt=ca.crt +echo -e "Starting simple test to endpoints. \n" +sleep 10 +echo -e "Testing openid-configuration endpoint.. \n" +curl -k https://demoexample.gluu.org/.well-known/openid-configuration +TESTCLIENT=$(microk8s.kubectl get cm cn -o json -n gluu --kubeconfig="$KUBECONFIG" | grep '"jca_client_id":' | sed -e 's#.*:\(\)#\1#' | tr -d '"' | tr -d "," | tr -d '[:space:]') +TESTCLIENTSECRET=$(microk8s.kubectl get secret cn -o json -n gluu --kubeconfig="$KUBECONFIG" | grep '"jca_client_pw":' | sed -e 's#.*:\(\)#\1#' | tr -d '"' | tr -d "," | tr -d '[:space:]' | base64 -d) +echo -e "Testing protected endpoint /token without client crt and key. This should show a 403, showing mTLS works \n" +curl -X POST -k -u $TESTCLIENT:$TESTCLIENTSECRET https://demoexample.gluu.org/jans-auth/restv1/token -d grant_type=client_credentials +echo -e "Testing protected endpoint /token with client crt and key. This should recieve a token, showing mTLS works \n" +curl -X POST -k --cert client.crt --key client.key -u $TESTCLIENT:$TESTCLIENTSECRET https://demoexample.gluu.org/jans-auth/restv1/token -d grant_type=client_credentials +echo -e "Testing protected endpoint /register without client crt and key. This should show a 403, showing mTLS works \n" +curl -X POST -k -u $TESTCLIENT:$TESTCLIENTSECRET https://demoexample.gluu.org/jans-auth/restv1/register +echo -e "Testing protected endpoint /register with client crt and key. This should still recieve an error but from the AS showing mTLS works \n" +curl -X POST -k --cert client.crt --key client.key -u $TESTCLIENT:$TESTCLIENTSECRET https://demoexample.gluu.org/jans-auth/restv1/register +cd .. +EOF +sudo microk8s.kubectl -n gluu wait --for=condition=available --timeout=600s deploy/gluu-auth-server --kubeconfig="$KUBECONFIG" +sudo bash testendpoints.sh +echo -e "You may re-execute bash testendpoints.sh to do a quick test to protected endpoints and openid-configuration endpoint." diff --git a/charts/artifacthub-repo.yml b/charts/artifacthub-repo.yml deleted file mode 100644 index 51fd13db3c9..00000000000 --- a/charts/artifacthub-repo.yml +++ /dev/null @@ -1 +0,0 @@ -repositoryID: e47c2a74-ef30-4535-ab6e-bdd5fa03d2b1 \ No newline at end of file diff --git a/charts/index.yaml b/charts/index.yaml deleted file mode 100644 index 13411a85a18..00000000000 --- a/charts/index.yaml +++ /dev/null @@ -1,596 +0,0 @@ -apiVersion: v1 -entries: - jans: - - annotations: - artifacthub.io/changes: | - - Janssen 1.0 under dev charts - artifacthub.io/containsSecurityUpdates: "true" - artifacthub.io/images: | - - name: auth-server - image: janssenproject/auth-server:1.0.0_dev - - name: auth-server-key-rotation - image: janssenproject/certmanager:1.0.0_dev - - name: client-api - image: janssenproject/client-api:1.0.0_dev - - name: configuration-manager - image: janssenproject/configuration-manager:1.0.0_dev - - name: config-api - image: janssenproject/config-api:1.0.0_dev - - name: fido2 - image: janssenproject/fido2:1.0.0_dev - - name: opendj - image: gluufederation/opendj:5.0.0_dev - - name: persistence - image: janssenproject/persistence-loader:1.0.0_dev - - name: scim - image: janssenproject/scim:1.0.0_dev - artifacthub.io/license: Apache-2.0 - artifacthub.io/prerelease: "true" - apiVersion: v2 - appVersion: 1.0.0-b9 - created: "2021-09-22T06:17:32.055669-04:00" - dependencies: - - condition: global.config.enabled - name: config - repository: "" - version: 1.0.0-b9 - - condition: global.config-api.enabled - name: config-api - repository: "" - version: 1.0.0-b9 - - condition: global.opendj.enabled - name: opendj - repository: "" - version: 1.0.0-b9 - - condition: global.auth-server.enabled - name: auth-server - repository: "" - version: 1.0.0-b9 - - condition: global.fido2.enabled - name: fido2 - repository: "" - version: 1.0.0-b9 - - condition: global.scim.enabled - name: scim - repository: "" - version: 1.0.0-b9 - - condition: global.nginx-ingress.enabled - name: nginx-ingress - repository: "" - version: 1.0.0-b9 - - condition: global.auth-server-key-rotation.enabled - name: auth-server-key-rotation - repository: "" - version: 1.0.0-b9 - - condition: global.client-api.enabled - name: client-api - repository: "" - version: 1.0.0-b9 - - condition: global.persistence.enabled - name: persistence - repository: "" - version: 1.0.0-b9 - - condition: global.istio.ingress - name: cn-istio-ingress - repository: "" - version: 1.0.0-b9 - description: Janssen Access and Identity Management - digest: 673fb3522dd7efc91973c108a472a38b1e6942c4fe05c47b23f7922a92a935ba - home: https://github.com/JanssenProject/jans-cloud-native - icon: https://avatars.githubusercontent.com/u/68292770?s=200&v=4 - kubeVersion: '>=v1.17.0-0' - maintainers: - - email: support@gluu.org - name: moabu - name: jans - sources: - - https://jans.io - - https://github.com/JanssenProject/jans-cloud-native - urls: - - jans-1.0.0-b9.tgz - version: 1.0.0-b9 - - annotations: - artifacthub.io/changes: | - - Janssen 1.0 under dev charts - artifacthub.io/containsSecurityUpdates: "true" - artifacthub.io/images: | - - name: auth-server - image: janssenproject/auth-server:1.0.0_dev - - name: auth-server-key-rotation - image: janssenproject/certmanager:1.0.0_dev - - name: client-api - image: janssenproject/client-api:1.0.0_dev - - name: configuration-manager - image: janssenproject/configuration-manager:1.0.0_dev - - name: config-api - image: janssenproject/config-api:1.0.0_dev - - name: fido2 - image: janssenproject/fido2:1.0.0_dev - - name: opendj - image: gluufederation/opendj:5.0.0_dev - - name: persistence - image: janssenproject/persistence-loader:1.0.0_dev - - name: scim - image: janssenproject/scim:1.0.0_dev - artifacthub.io/license: Apache-2.0 - artifacthub.io/prerelease: "true" - apiVersion: v2 - appVersion: 1.0.0-b8 - created: "2021-09-22T06:17:32.048784-04:00" - dependencies: - - condition: global.config.enabled - name: config - repository: "" - version: 1.0.0-b8 - - condition: global.config-api.enabled - name: config-api - repository: "" - version: 1.0.0-b8 - - condition: global.opendj.enabled - name: opendj - repository: "" - version: 1.0.0-b8 - - condition: global.auth-server.enabled - name: auth-server - repository: "" - version: 1.0.0-b8 - - condition: global.fido2.enabled - name: fido2 - repository: "" - version: 1.0.0-b8 - - condition: global.scim.enabled - name: scim - repository: "" - version: 1.0.0-b8 - - condition: global.nginx-ingress.enabled - name: nginx-ingress - repository: "" - version: 1.0.0-b8 - - condition: global.auth-server-key-rotation.enabled - name: auth-server-key-rotation - repository: "" - version: 1.0.0-b8 - - condition: global.client-api.enabled - name: client-api - repository: "" - version: 1.0.0-b8 - - condition: global.persistence.enabled - name: persistence - repository: "" - version: 1.0.0-b8 - - condition: global.istio.ingress - name: cn-istio-ingress - repository: "" - version: 1.0.0-b8 - description: Janssen Access and Identity Management - digest: 5a107366deb115bb5030959fbcc0fb7c02371c12f10fa0560dfe5b608d86d985 - home: https://github.com/JanssenProject/jans-cloud-native - icon: https://avatars.githubusercontent.com/u/68292770?s=200&v=4 - kubeVersion: '>=v1.17.0-0' - maintainers: - - email: support@gluu.org - name: moabu - name: jans - sources: - - https://jans.io - - https://github.com/JanssenProject/jans-cloud-native - urls: - - jans-1.0.0-b8.tgz - version: 1.0.0-b8 - - annotations: - artifacthub.io/changes: | - - Janssen 1.0 under dev charts - artifacthub.io/containsSecurityUpdates: "true" - artifacthub.io/images: | - - name: auth-server - image: janssenproject/auth-server:1.0.0_dev - - name: auth-server-key-rotation - image: janssenproject/certmanager:1.0.0_dev - - name: client-api - image: janssenproject/client-api:1.0.0_dev - - name: configuration-manager - image: janssenproject/configuration-manager:1.0.0_dev - - name: config-api - image: janssenproject/config-api:1.0.0_dev - - name: fido2 - image: janssenproject/fido2:1.0.0_dev - - name: opendj - image: gluufederation/opendj:5.0.0_dev - - name: persistence - image: janssenproject/persistence-loader:1.0.0_dev - - name: scim - image: janssenproject/scim:1.0.0_dev - artifacthub.io/license: Apache-2.0 - artifacthub.io/prerelease: "true" - apiVersion: v2 - appVersion: 1.0.0-b7 - created: "2021-09-22T06:17:32.041086-04:00" - dependencies: - - condition: global.config.enabled - name: config - repository: "" - version: 1.0.0-b7 - - condition: global.config-api.enabled - name: config-api - repository: "" - version: 1.0.0-b7 - - condition: global.opendj.enabled - name: opendj - repository: "" - version: 1.0.0-b7 - - condition: global.auth-server.enabled - name: auth-server - repository: "" - version: 1.0.0-b7 - - condition: global.fido2.enabled - name: fido2 - repository: "" - version: 1.0.0-b7 - - condition: global.scim.enabled - name: scim - repository: "" - version: 1.0.0-b7 - - condition: global.nginx-ingress.enabled - name: nginx-ingress - repository: "" - version: 1.0.0-b7 - - condition: global.auth-server-key-rotation.enabled - name: auth-server-key-rotation - repository: "" - version: 1.0.0-b7 - - condition: global.client-api.enabled - name: client-api - repository: "" - version: 1.0.0-b7 - - condition: global.persistence.enabled - name: persistence - repository: "" - version: 1.0.0-b7 - - condition: global.istio.ingress - name: cn-istio-ingress - repository: "" - version: 1.0.0-b7 - description: Janssen Access and Identity Management - digest: 2a6cfb429ea0e17bd895612758f78dcd6049d4af00f8d627a1bfca441abfad36 - home: https://github.com/JanssenProject/jans-cloud-native - icon: https://avatars.githubusercontent.com/u/68292770?s=200&v=4 - kubeVersion: '>=v1.17.0-0' - maintainers: - - email: support@gluu.org - name: moabu - name: jans - sources: - - https://jans.io - - https://github.com/JanssenProject/jans-cloud-native - urls: - - jans-1.0.0-b7.tgz - version: 1.0.0-b7 - - annotations: - artifacthub.io/changes: | - - Janssen 1.0 under dev charts - artifacthub.io/containsSecurityUpdates: "true" - artifacthub.io/images: | - - name: auth-server - image: janssenproject/auth-server:1.0.0_b6 - - name: auth-server-key-rotation - image: janssenproject/certmanager:1.0.0_b6 - - name: client-api - image: janssenproject/client-api:1.0.0_b6 - - name: configuration-manager - image: janssenproject/configuration-manager:1.0.0_b6 - - name: config-api - image: janssenproject/config-api:1.0.0_b6 - - name: fido2 - image: janssenproject/fido2:1.0.0_b6 - - name: opendj - image: gluufederation/opendj:5.0.0_dev - - name: persistence - image: janssenproject/persistence-loader:1.0.0_b6 - - name: scim - image: janssenproject/scim:1.0.0_b6 - artifacthub.io/license: Apache-2.0 - artifacthub.io/prerelease: "true" - apiVersion: v2 - appVersion: 1.0.0-b6 - created: "2021-09-22T06:17:32.033236-04:00" - dependencies: - - condition: global.config.enabled - name: config - repository: "" - version: 1.0.0-b6 - - condition: global.config-api.enabled - name: config-api - repository: "" - version: 1.0.0-b6 - - condition: global.opendj.enabled - name: opendj - repository: "" - version: 1.0.0-b6 - - condition: global.auth-server.enabled - name: auth-server - repository: "" - version: 1.0.0-b6 - - condition: global.fido2.enabled - name: fido2 - repository: "" - version: 1.0.0-b6 - - condition: global.scim.enabled - name: scim - repository: "" - version: 1.0.0-b6 - - condition: global.nginx-ingress.enabled - name: nginx-ingress - repository: "" - version: 1.0.0-b6 - - condition: global.auth-server-key-rotation.enabled - name: auth-server-key-rotation - repository: "" - version: 1.0.0-b6 - - condition: global.client-api.enabled - name: client-api - repository: "" - version: 1.0.0-b6 - - condition: global.persistence.enabled - name: persistence - repository: "" - version: 1.0.0-b6 - - condition: global.istio.ingress - name: cn-istio-ingress - repository: "" - version: 1.0.0-b6 - description: Janssen Authorization server - digest: 59fa68cceedd260d51753af4632a0efc904c98c18aa826a331143d0a12c7e9eb - home: https://github.com/JanssenProject/jans-cloud-native - icon: https://avatars.githubusercontent.com/u/68292770?s=200&v=4 - kubeVersion: '>=v1.17.0-0' - maintainers: - - email: mo@gluu.org - name: moabu - name: jans - sources: - - https://github.com/JanssenProject/jans-cloud-native/charts - urls: - - jans-1.0.0-b6.tgz - version: 1.0.0-b6 - - annotations: - artifacthub.io/changes: | - - Janssen 1.0 under dev charts - artifacthub.io/containsSecurityUpdates: "true" - artifacthub.io/images: | - - name: auth-server - image: janssenproject/auth-server:1.0.0_dev - - name: auth-server-key-rotation - image: janssenproject/certmanager:1.0.0_dev - - name: client-api - image: janssenproject/client-api:1.0.0_dev - - name: configuration-manager - image: janssenproject/configuration-manager:1.0.0_dev - - name: config-api - image: janssenproject/config-api:1.0.0_dev - - name: fido2 - image: janssenproject/fido2:1.0.0_dev - - name: opendj - image: gluufederation/opendj:5.0.0_dev - - name: persistence - image: janssenproject/persistence-loader:1.0.0_dev - - name: scim - image: janssenproject/scim:1.0.0_dev - artifacthub.io/license: Apache-2.0 - artifacthub.io/prerelease: "true" - apiVersion: v2 - appVersion: 1.0.0-b11 - created: "2021-09-22T06:17:32.026269-04:00" - dependencies: - - condition: global.config.enabled - name: config - repository: "" - version: 1.0.0-b11 - - condition: global.config-api.enabled - name: config-api - repository: "" - version: 1.0.0-b11 - - condition: global.opendj.enabled - name: opendj - repository: "" - version: 1.0.0-b11 - - condition: global.auth-server.enabled - name: auth-server - repository: "" - version: 1.0.0-b11 - - condition: global.fido2.enabled - name: fido2 - repository: "" - version: 1.0.0-b11 - - condition: global.scim.enabled - name: scim - repository: "" - version: 1.0.0-b11 - - condition: global.nginx-ingress.enabled - name: nginx-ingress - repository: "" - version: 1.0.0-b11 - - condition: global.auth-server-key-rotation.enabled - name: auth-server-key-rotation - repository: "" - version: 1.0.0-b11 - - condition: global.client-api.enabled - name: client-api - repository: "" - version: 1.0.0-b11 - - condition: global.persistence.enabled - name: persistence - repository: "" - version: 1.0.0-b11 - - condition: global.istio.ingress - name: cn-istio-ingress - repository: "" - version: 1.0.0-b11 - description: Janssen Access and Identity Management - digest: 0fec59df9bbcdc57fd9cb194a991f0fb58440c2484fa1807733d0adc89172ed7 - home: https://github.com/JanssenProject/jans-cloud-native - icon: https://avatars.githubusercontent.com/u/68292770?s=200&v=4 - kubeVersion: '>=v1.17.0-0' - maintainers: - - email: support@gluu.org - name: moabu - name: jans - sources: - - https://jans.io - - https://github.com/JanssenProject/jans-cloud-native - urls: - - jans-1.0.0-b11.tgz - version: 1.0.0-b11 - - annotations: - artifacthub.io/changes: | - - Janssen 1.0 under dev charts - artifacthub.io/containsSecurityUpdates: "true" - artifacthub.io/images: | - - name: auth-server - image: janssenproject/auth-server:1.0.0_dev - - name: auth-server-key-rotation - image: janssenproject/certmanager:1.0.0_dev - - name: client-api - image: janssenproject/client-api:1.0.0_dev - - name: configuration-manager - image: janssenproject/configuration-manager:1.0.0_dev - - name: config-api - image: janssenproject/config-api:1.0.0_dev - - name: fido2 - image: janssenproject/fido2:1.0.0_dev - - name: opendj - image: gluufederation/opendj:5.0.0_dev - - name: persistence - image: janssenproject/persistence-loader:1.0.0_dev - - name: scim - image: janssenproject/scim:1.0.0_dev - artifacthub.io/license: Apache-2.0 - artifacthub.io/prerelease: "true" - apiVersion: v2 - appVersion: 1.0.0-b10 - created: "2021-09-22T06:17:32.018336-04:00" - dependencies: - - condition: global.config.enabled - name: config - repository: "" - version: 1.0.0-b10 - - condition: global.config-api.enabled - name: config-api - repository: "" - version: 1.0.0-b10 - - condition: global.opendj.enabled - name: opendj - repository: "" - version: 1.0.0-b10 - - condition: global.auth-server.enabled - name: auth-server - repository: "" - version: 1.0.0-b10 - - condition: global.fido2.enabled - name: fido2 - repository: "" - version: 1.0.0-b10 - - condition: global.scim.enabled - name: scim - repository: "" - version: 1.0.0-b10 - - condition: global.nginx-ingress.enabled - name: nginx-ingress - repository: "" - version: 1.0.0-b10 - - condition: global.auth-server-key-rotation.enabled - name: auth-server-key-rotation - repository: "" - version: 1.0.0-b10 - - condition: global.client-api.enabled - name: client-api - repository: "" - version: 1.0.0-b10 - - condition: global.persistence.enabled - name: persistence - repository: "" - version: 1.0.0-b10 - - condition: global.istio.ingress - name: cn-istio-ingress - repository: "" - version: 1.0.0-b10 - description: Janssen Access and Identity Management - digest: f15e43d087950b68b1102dcf064ed658f6b65bd94bb5d8789dba46c3ad45c7a8 - home: https://github.com/JanssenProject/jans-cloud-native - icon: https://avatars.githubusercontent.com/u/68292770?s=200&v=4 - kubeVersion: '>=v1.17.0-0' - maintainers: - - email: support@gluu.org - name: moabu - name: jans - sources: - - https://jans.io - - https://github.com/JanssenProject/jans-cloud-native - urls: - - jans-1.0.0-b10.tgz - version: 1.0.0-b10 - - annotations: - artifacthub.io/license: Apache-2.0 - artifacthub.io/prerelease: "true" - apiVersion: v2 - appVersion: 1.0.0-a4 - created: "2021-09-22T06:17:32.008336-04:00" - dependencies: - - condition: global.config.enabled - name: config - repository: "" - version: 1.0.0-a4 - - condition: global.config-api.enabled - name: config-api - repository: "" - version: 1.0.0-a4 - - condition: global.opendj.enabled - name: opendj - repository: "" - version: 1.0.0-a4 - - condition: global.auth-server.enabled - name: auth-server - repository: "" - version: 1.0.0-a4 - - condition: global.fido2.enabled - name: fido2 - repository: "" - version: 1.0.0-a4 - - condition: global.scim.enabled - name: scim - repository: "" - version: 1.0.0-a4 - - condition: global.nginx-ingress.enabled - name: nginx - repository: "" - version: 1.0.0-a4 - - condition: global.auth-server-key-rotation.enabled - name: auth-server-key-rotation - repository: "" - version: 1.0.0-a4 - - condition: global.client-api.enabled - name: client-api - repository: "" - version: 1.0.0-a4 - - condition: global.persistence.enabled - name: persistence - repository: "" - version: 1.0.0-a4 - - condition: global.istio.ingress - name: cn-istio-ingress - repository: "" - version: 1.0.0-a4 - description: Janssen Authorization server - digest: b6190025bf248cdb9befbc027b6161905931020159fe756e7a2fcf470deff6b1 - home: https://github.com/JanssenProject/jans-cloud-native - icon: https://avatars.githubusercontent.com/u/68292770?s=200&v=4 - kubeVersion: '>=v1.17.0-0' - maintainers: - - email: mo@gluu.org - name: moabu - name: jans - sources: - - https://github.com/JanssenProject/jans-cloud-native/charts - urls: - - jans-1.0.0-a4.tgz - version: 1.0.0-a4 -generated: "2021-09-22T06:17:32.003449-04:00" diff --git a/charts/jans-1.0.0-a4.tgz b/charts/jans-1.0.0-a4.tgz deleted file mode 100644 index 1e47296c6a9..00000000000 Binary files a/charts/jans-1.0.0-a4.tgz and /dev/null differ diff --git a/charts/jans-1.0.0-b10.tgz b/charts/jans-1.0.0-b10.tgz deleted file mode 100644 index 19afe1a5dc4..00000000000 Binary files a/charts/jans-1.0.0-b10.tgz and /dev/null differ diff --git a/charts/jans-1.0.0-b11.tgz b/charts/jans-1.0.0-b11.tgz deleted file mode 100644 index 445215131cb..00000000000 Binary files a/charts/jans-1.0.0-b11.tgz and /dev/null differ diff --git a/charts/jans-1.0.0-b6.tgz b/charts/jans-1.0.0-b6.tgz deleted file mode 100644 index 6927428eccb..00000000000 Binary files a/charts/jans-1.0.0-b6.tgz and /dev/null differ diff --git a/charts/jans-1.0.0-b7.tgz b/charts/jans-1.0.0-b7.tgz deleted file mode 100644 index 2e3927826a2..00000000000 Binary files a/charts/jans-1.0.0-b7.tgz and /dev/null differ diff --git a/charts/jans-1.0.0-b8.tgz b/charts/jans-1.0.0-b8.tgz deleted file mode 100644 index 5d6587f5c05..00000000000 Binary files a/charts/jans-1.0.0-b8.tgz and /dev/null differ diff --git a/charts/jans-1.0.0-b9.tgz b/charts/jans-1.0.0-b9.tgz deleted file mode 100644 index 70248912b51..00000000000 Binary files a/charts/jans-1.0.0-b9.tgz and /dev/null differ diff --git a/charts/jans/Chart.yaml b/charts/jans/Chart.yaml deleted file mode 100644 index c113fc9305b..00000000000 --- a/charts/jans/Chart.yaml +++ /dev/null @@ -1,94 +0,0 @@ -kubeVersion: ">=v1.17.0-0" -annotations: - artifacthub.io/changes: | - - Janssen 1.0 under dev charts - artifacthub.io/containsSecurityUpdates: "true" - artifacthub.io/images: | - - name: auth-server - image: janssenproject/auth-server:1.0.0_dev - - name: auth-server-key-rotation - image: janssenproject/certmanager:1.0.0_dev - - name: client-api - image: janssenproject/client-api:1.0.0_dev - - name: configuration-manager - image: janssenproject/configuration-manager:1.0.0_dev - - name: config-api - image: janssenproject/config-api:1.0.0_dev - - name: fido2 - image: janssenproject/fido2:1.0.0_dev - - name: opendj - image: gluufederation/opendj:5.0.0_dev - - name: persistence - image: janssenproject/persistence-loader:1.0.0_dev - - name: scim - image: janssenproject/scim:1.0.0_dev - artifacthub.io/license: Apache-2.0 - artifacthub.io/prerelease: "true" -apiVersion: v2 -appVersion: "1.0.0-b11" -icon: https://avatars.githubusercontent.com/u/68292770?s=200&v=4 -home: https://github.com/JanssenProject/jans-cloud-native -sources: -- https://jans.io -- https://github.com/JanssenProject/jans-cloud-native -maintainers: -- name: moabu - email: support@gluu.org -description: Janssen Access and Identity Management -name: jans -version: 1.0.0-b11 -dependencies: -- name: config - condition: global.config.enabled - version: 1.0.0-b11 - repository: "" - -- name: config-api - condition: global.config-api.enabled - version: 1.0.0-b11 - repository: "" - -- name: opendj - condition: global.opendj.enabled - version: 1.0.0-b11 - repository: "" - -- name: auth-server - condition: global.auth-server.enabled - version: 1.0.0-b11 - repository: "" - -- name: fido2 - condition: global.fido2.enabled - version: 1.0.0-b11 - repository: "" - -- name: scim - condition: global.scim.enabled - version: 1.0.0-b11 - repository: "" - -- name: nginx-ingress - condition: global.nginx-ingress.enabled - version: 1.0.0-b11 - repository: "" - -- name: auth-server-key-rotation - condition: global.auth-server-key-rotation.enabled - version: 1.0.0-b11 - repository: "" - -- name: client-api - condition: global.client-api.enabled - version: 1.0.0-b11 - repository: "" - -- name: persistence - condition: global.persistence.enabled - version: 1.0.0-b11 - repository: "" - -- name: cn-istio-ingress - condition: global.istio.ingress - version: 1.0.0-b11 - repository: "" diff --git a/charts/jans/charts/auth-server-key-rotation/Chart.yaml b/charts/jans/charts/auth-server-key-rotation/Chart.yaml deleted file mode 100644 index 1bdba083bb0..00000000000 --- a/charts/jans/charts/auth-server-key-rotation/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# License terms and conditions for Janssen Cloud Native Edition: -# https://www.apache.org/licenses/LICENSE-2.0 -apiVersion: v2 -name: auth-server-key-rotation -version: 1.0.0-b11 -kubeVersion: ">=v1.19.0-0" -description: Responsible for regenerating auth-keys per x hours -type: application -keywords: - - Auth keys Rotation -home: https://jans.io -sources: - - https://github.com/JanssenProject/docker-jans-certmanager - - https://github.com/JanssenFederation/cloud-native-edition/tree/master/pyjans/kubernetes/templates/helm/jans/charts/auth-server-key-rotation -maintainers: - - name: Mohammad Abudayyeh - email: support@jans.io - url: https://github.com/moabu -icon: https://jans.io/favicon.ico -appVersion: "1.0.0-b11" \ No newline at end of file diff --git a/charts/jans/charts/auth-server-key-rotation/templates/service.yaml b/charts/jans/charts/auth-server-key-rotation/templates/service.yaml deleted file mode 100644 index a6941085464..00000000000 --- a/charts/jans/charts/auth-server-key-rotation/templates/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.global.istio.enabled }} -# License terms and conditions: -# https://www.apache.org/licenses/LICENSE-2.0 -apiVersion: v1 -kind: Service -metadata: - name: {{ include "auth-server-key-rotation.fullname" . }} - labels: -{{ include "auth-server-key-rotation.labels" . | indent 6 }} -spec: - ports: - - name: http - port: 80 - targetPort: 8080 - selector: - app: {{ .Release.Name }}-{{ include "auth-server-key-rotation.name" . }} - type: ClusterIP -{{- end }} \ No newline at end of file diff --git a/charts/jans/charts/auth-server-key-rotation/templates/user-custom-secret-envs.yaml b/charts/jans/charts/auth-server-key-rotation/templates/user-custom-secret-envs.yaml deleted file mode 100644 index e4ffc02cdfb..00000000000 --- a/charts/jans/charts/auth-server-key-rotation/templates/user-custom-secret-envs.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{ if .Values.usrEnvs.secret }} -# License terms and conditions for Janssen Cloud Native Edition: -# https://www.apache.org/licenses/LICENSE-2.0 -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs -type: Opaque -data: - {{- range $key, $val := .Values.usrEnvs.secret }} - {{ $key }}: {{ $val | b64enc }} - {{- end}} -{{- end}} \ No newline at end of file diff --git a/charts/jans/charts/auth-server/Chart.yaml b/charts/jans/charts/auth-server/Chart.yaml deleted file mode 100644 index 30f1cf50f6b..00000000000 --- a/charts/jans/charts/auth-server/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# License terms and conditions for Janssen Cloud Native Edition: -# https://www.apache.org/licenses/LICENSE-2.0 -apiVersion: v2 -name: auth-server -version: 1.0.0-b11 -kubeVersion: ">=v1.19.0-0" -description: OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Janssen. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. -type: application -keywords: - - Autherization - - OpenID -home: https://jans.io -sources: - - https://github.com/JanssenProject/jans-auth-server - - https://github.com/JanssenProject/docker-jans-auth-server - - https://github.com/JanssenFederation/cloud-native-edition/tree/master/pyjans/kubernetes/templates/helm/jans/charts/auth-server -maintainers: - - name: Mohammad Abudayyeh - email: support@jans.io - url: https://github.com/moabu -icon: https://jans.io/favicon.ico -appVersion: "1.0.0-b11" diff --git a/charts/jans/charts/auth-server/templates/auth-server-destination-rules.yaml b/charts/jans/charts/auth-server/templates/auth-server-destination-rules.yaml deleted file mode 100644 index 991470c903c..00000000000 --- a/charts/jans/charts/auth-server/templates/auth-server-destination-rules.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.global.istio.enabled }} -# License terms and conditions for Janssen Cloud Native Edition: -# https://www.apache.org/licenses/LICENSE-2.0 -apiVersion: networking.istio.io/v1alpha3 -kind: DestinationRule -metadata: - name: {{ .Release.Name }}-auth-server-mtls - namespace: {{.Release.Namespace}} -spec: - host: {{ index .Values "global" "auth-server" "authServerServiceName" }}.{{ .Release.Namespace }}.svc.cluster.local - trafficPolicy: - tls: - mode: ISTIO_MUTUAL -{{- end }} \ No newline at end of file diff --git a/charts/jans/charts/auth-server/templates/service.yml b/charts/jans/charts/auth-server/templates/service.yml deleted file mode 100644 index 26bfc3c2a12..00000000000 --- a/charts/jans/charts/auth-server/templates/service.yml +++ /dev/null @@ -1,19 +0,0 @@ -# License terms and conditions for Janssen Cloud Native Edition: -# https://www.apache.org/licenses/LICENSE-2.0 -apiVersion: v1 -kind: Service -metadata: - name: {{ index .Values "global" "auth-server" "authServerServiceName" }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "auth-server.labels" . | indent 4}} -spec: - {{- if .Values.global.alb.ingress }} - type: NodePort - {{- end }} - ports: - - port: {{ .Values.service.port }} - name: {{ .Values.service.name }} - selector: - app: {{ .Release.Name }}-{{ include "auth-server.name" . }} #auth-server - \ No newline at end of file diff --git a/charts/jans/charts/auth-server/templates/user-custom-secret-envs.yaml b/charts/jans/charts/auth-server/templates/user-custom-secret-envs.yaml deleted file mode 100644 index e4ffc02cdfb..00000000000 --- a/charts/jans/charts/auth-server/templates/user-custom-secret-envs.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{ if .Values.usrEnvs.secret }} -# License terms and conditions for Janssen Cloud Native Edition: -# https://www.apache.org/licenses/LICENSE-2.0 -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs -type: Opaque -data: - {{- range $key, $val := .Values.usrEnvs.secret }} - {{ $key }}: {{ $val | b64enc }} - {{- end}} -{{- end}} \ No newline at end of file diff --git a/charts/jans/charts/client-api/templates/service.yaml b/charts/jans/charts/client-api/templates/service.yaml deleted file mode 100644 index 6f90bf39cbf..00000000000 --- a/charts/jans/charts/client-api/templates/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# License terms and conditions for Janssen Cloud Native Edition: -# https://www.apache.org/licenses/LICENSE-2.0 -apiVersion: v1 -kind: Service -metadata: - # the name must match the application - name: {{ index .Values "global" "client-api" "clientApiServerServiceName" }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "client-api.labels" . | indent 4 }} -spec: - ports: - - port: 8444 - name: tcp-{{ include "client-api.name" . }}-admin-gui - - port: 8443 - name: tcp-{{ include "client-api.name" . }}-app-connector - selector: - app: {{ .Release.Name }}-{{ include "client-api.name" . }} \ No newline at end of file diff --git a/charts/jans/charts/client-api/templates/user-custom-secret-envs.yaml b/charts/jans/charts/client-api/templates/user-custom-secret-envs.yaml deleted file mode 100644 index e4ffc02cdfb..00000000000 --- a/charts/jans/charts/client-api/templates/user-custom-secret-envs.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{ if .Values.usrEnvs.secret }} -# License terms and conditions for Janssen Cloud Native Edition: -# https://www.apache.org/licenses/LICENSE-2.0 -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs -type: Opaque -data: - {{- range $key, $val := .Values.usrEnvs.secret }} - {{ $key }}: {{ $val | b64enc }} - {{- end}} -{{- end}} \ No newline at end of file diff --git a/charts/jans/charts/cn-istio-ingress/Chart.yaml b/charts/jans/charts/cn-istio-ingress/Chart.yaml deleted file mode 100644 index 21ff601208a..00000000000 --- a/charts/jans/charts/cn-istio-ingress/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# License terms and conditions for Janssen Cloud Native Edition: -# https://www.apache.org/licenses/LICENSE-2.0 -apiVersion: v2 -name: cn-istio-ingress -version: 1.0.0-b11 -kubeVersion: ">=v1.19.0-0" -description: Istio Gateway -type: application -keywords: - - istio - - gateway -home: https://jans.io/ -sources: - - https://jans.io/ - - https://github.com/JanssenFederation/cloud-native-edition/tree/master/pyjans/kubernetes/templates/helm/jans/charts/cn-istio-ingress -maintainers: - - name: Mohammad Abudayyeh - email: support@jans.io - url: https://github.com/moabu -icon: https://jans.io/favicon.ico -appVersion: "1.0.0-b11" diff --git a/charts/jans/charts/cn-istio-ingress/README.md b/charts/jans/charts/cn-istio-ingress/README.md deleted file mode 100644 index cf87ee6de29..00000000000 --- a/charts/jans/charts/cn-istio-ingress/README.md +++ /dev/null @@ -1,25 +0,0 @@ -# cn-istio-ingress - -![Version: 1.0.0-b11](https://img.shields.io/badge/Version-1.0.0--b11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0-b11](https://img.shields.io/badge/AppVersion-1.0.0--b11-informational?style=flat-square) - -Istio Gateway - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Mohammad Abudayyeh | support@jans.io | https://github.com/moabu | - -## Source Code - -* -* - -## Requirements - -Kubernetes: `>=v1.19.0-0` - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/jans/charts/config-api/templates/service.yaml b/charts/jans/charts/config-api/templates/service.yaml deleted file mode 100644 index e19d56a8952..00000000000 --- a/charts/jans/charts/config-api/templates/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# License terms and conditions for Janssen Cloud Native Edition: -# https://www.apache.org/licenses/LICENSE-2.0 -apiVersion: v1 -kind: Service -metadata: - # the name must match the application - name: {{ index .Values "global" "config-api" "configApiServerServiceName" }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "config-api.labels" . | indent 4 }} -spec: - ports: - - port: 9444 - name: tcp-{{ include "config-api.name" . }}-ssl - - port: 8074 - name: tcp-{{ include "config-api.name" . }}-http - selector: - app: {{ .Release.Name }}-{{ include "config-api.name" . }} \ No newline at end of file diff --git a/charts/jans/charts/config/Chart.yaml b/charts/jans/charts/config/Chart.yaml deleted file mode 100644 index dd292a839fe..00000000000 --- a/charts/jans/charts/config/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# License terms and conditions for Janssen Cloud Native Edition: -# https://www.apache.org/licenses/LICENSE-2.0 -apiVersion: v2 -name: config -version: 1.0.0-b11 -kubeVersion: ">=v1.19.0-0" -description: Configuration parameters for setup and initial configuration secret and config layers used by Janssen services. -type: application -keywords: - - configuration - - secrets -home: https://jans.io/reference/container-configs/ -sources: - - https://jans.io/reference/container-configs/ - - https://github.com/JanssenProject/docker-jans-configuration-manager - - https://github.com/JanssenFederation/cloud-native-edition/tree/master/pyjans/kubernetes/templates/helm/jans/charts/config -maintainers: - - name: Mohammad Abudayyeh - email: support@jans.io - url: https://github.com/moabu -icon: https://jans.io/favicon.ico -appVersion: "1.0.0-b11" diff --git a/charts/jans/charts/config/templates/secrets.yaml b/charts/jans/charts/config/templates/secrets.yaml deleted file mode 100644 index 055048f6a84..00000000000 --- a/charts/jans/charts/config/templates/secrets.yaml +++ /dev/null @@ -1,122 +0,0 @@ -# License terms and conditions for Janssen Cloud Native Edition: -# https://www.apache.org/licenses/LICENSE-2.0 -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "config.fullname" . }}-gen-json-file - namespace: {{ .Release.Namespace }} -type: Opaque -stringData: - generate.json: |- - { - "hostname": {{ .Values.global.fqdn | quote }}, - "country_code": {{ .Values.countryCode | quote }}, - "state": {{ .Values.state | quote }}, - "city": {{ .Values.city | quote }}, - "admin_pw": {{ .Values.adminPassword | quote }}, - "ldap_pw": {{ .Values.ldapPassword | quote }}, - "redis_pw": {{ .Values.redisPassword | quote }}, - "email": {{ .Values.email | quote }}, - "org_name": {{ .Values.orgName | quote }}, - "optional_scopes": [{{if .Values.global.opendj.enabled}}"ldap"{{end}}{{if .Values.global.fido2.enabled}},"fido2"{{end}}{{if .Values.global.scim.enabled}},"scim"{{end}}{{if index .Values "global" "client-api" "enabled"}},"client-api"{{end}}] - } - -{{ if eq .Values.global.cnPersistenceType "sql" }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-sql-pass - namespace: {{ .Release.Namespace }} -type: Opaque -data: - sql_password: {{ .Values.configmap.cnSqldbUserPassword | b64enc }} -{{- end }} - -{{ if or ( eq .Values.global.cnPersistenceType "couchbase" ) ( eq .Values.global.cnPersistenceType "hybrid" ) }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-cb-pass -type: Opaque -data: - couchbase_password: {{ .Values.configmap.cnCouchbasePassword | b64enc }} - -{{- if not .Values.global.istio.enabled }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-cb-crt -type: Opaque -data: - couchbase.crt: {{ .Values.configmap.cnCouchbaseCrt }} -{{- end }} ---- - -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-superuser-cb-pass -type: Opaque -data: - couchbase_superuser_password: {{ .Values.configmap.cnCouchbaseSuperUserPassword | b64enc }} -{{- end }} - -{{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-google-sa -type: Opaque -data: - google-credentials.json: {{ .Values.configmap.cnGoogleSecretManagerServiceAccount }} -{{- end}} - -{{ if .Values.global.cnObExtSigningJwksCrt }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-ob-ext-signing-jwks-crt-key-pin - namespace: {{ .Release.Namespace }} -type: Opaque -data: - ob-ext-signing.crt: {{ .Values.global.cnObExtSigningJwksCrt }} - {{ if .Values.global.cnObExtSigningJwksKey }} - ob-ext-signing.key: {{ .Values.global.cnObExtSigningJwksKey }} - {{- end }} - {{ if .Values.global.cnObExtSigningJwksKeyPassPhrase }} - ob-ext-signing.pin: {{ .Values.global.cnObExtSigningJwksKeyPassPhrase }} - {{- end }} -{{- end }} -{{ if .Values.global.cnObTransportCrt }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-ob-transport-crt-key-pin - namespace: {{ .Release.Namespace }} -type: Opaque -data: - ob-transport.crt: {{ .Values.global.cnObTransportCrt }} - {{ if .Values.global.cnObTransportKey }} - ob-transport.key: {{ .Values.global.cnObTransportKey }} - {{- end }} - {{ if .Values.global.cnObTransportKeyPassPhrase }} - ob-transport.pin: {{ .Values.global.cnObTransportKeyPassPhrase }} - {{- end }} -{{- end }} -{{ if .Values.global.cnObTransportTrustStore }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-ob-transport-truststore - namespace: {{ .Release.Namespace }} -type: Opaque -data: - ob-transport-truststore.p12: {{ .Values.global.cnObTransportTrustStore }} -{{- end }} \ No newline at end of file diff --git a/charts/jans/charts/config/templates/user-custom-envs.yaml b/charts/jans/charts/config/templates/user-custom-envs.yaml deleted file mode 100644 index 8cd9b482b1e..00000000000 --- a/charts/jans/charts/config/templates/user-custom-envs.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{ if .Values.global.usrEnvs.secret }} -# License terms and conditions for Janssen Cloud Native Edition: -# https://www.apache.org/licenses/LICENSE-2.0 -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-global-user-custom-envs -type: Opaque -data: - {{- range $key, $val := .Values.global.usrEnvs.secret }} - {{ $key }}: {{ $val | b64enc }} - {{- end}} -{{- end}} -{{ if .Values.global.usrEnvs.normal }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-global-user-custom-envs -data: - {{- range $key, $val := .Values.global.usrEnvs.normal }} - {{ $key }}: {{ $val }} - {{- end}} -{{- end}} -{{ if .Values.usrEnvs.secret }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs -type: Opaque -data: - {{- range $key, $val := .Values.usrEnvs.secret }} - {{ $key }}: {{ $val | b64enc }} - {{- end}} -{{- end}} diff --git a/charts/jans/charts/fido2/templates/service.yml b/charts/jans/charts/fido2/templates/service.yml deleted file mode 100644 index 34777b9c4a6..00000000000 --- a/charts/jans/charts/fido2/templates/service.yml +++ /dev/null @@ -1,19 +0,0 @@ -# License terms and conditions for Janssen Cloud Native Edition: -# https://www.apache.org/licenses/LICENSE-2.0 -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.global.fido2.fido2ServiceName }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "fido2.labels" . | indent 4}} -spec: - {{- if .Values.global.alb.ingress }} - type: NodePort - {{- end }} - ports: - - port: {{ .Values.service.port }} - name: {{ .Values.service.name }} - selector: - app: {{ .Release.Name }}-{{ include "fido2.name" . }} #fido2 - \ No newline at end of file diff --git a/charts/jans/charts/fido2/templates/user-custom-secret-envs.yaml b/charts/jans/charts/fido2/templates/user-custom-secret-envs.yaml deleted file mode 100644 index e4ffc02cdfb..00000000000 --- a/charts/jans/charts/fido2/templates/user-custom-secret-envs.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{ if .Values.usrEnvs.secret }} -# License terms and conditions for Janssen Cloud Native Edition: -# https://www.apache.org/licenses/LICENSE-2.0 -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs -type: Opaque -data: - {{- range $key, $val := .Values.usrEnvs.secret }} - {{ $key }}: {{ $val | b64enc }} - {{- end}} -{{- end}} \ No newline at end of file diff --git a/charts/jans/charts/opendj/templates/configmaps.yaml b/charts/jans/charts/opendj/templates/configmaps.yaml deleted file mode 100644 index 61585b29498..00000000000 --- a/charts/jans/charts/opendj/templates/configmaps.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.multiCluster.enabled }} -# License terms and conditions for Janssen Cloud Native Edition: -# https://www.apache.org/licenses/LICENSE-2.0 -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-serf-peers - namespace: {{ .Release.Namespace }} -data: - serf-peers-static.json: | - {{ .Values.multiCluster.serfPeers | toJson }} -{{- end }} diff --git a/charts/jans/charts/opendj/templates/secrets.yaml b/charts/jans/charts/opendj/templates/secrets.yaml deleted file mode 100644 index 71bbf02eedb..00000000000 --- a/charts/jans/charts/opendj/templates/secrets.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# License terms and conditions for Janssen Cloud Native Edition: -# https://www.apache.org/licenses/LICENSE-2.0 -{{- if .Values.multiCluster.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-serf-key -type: Opaque -data: - serf-key: {{ .Values.multiCluster.serfKey | b64enc }} -{{- end }} \ No newline at end of file diff --git a/charts/jans/charts/opendj/templates/user-custom-secret-envs.yaml b/charts/jans/charts/opendj/templates/user-custom-secret-envs.yaml deleted file mode 100644 index e4ffc02cdfb..00000000000 --- a/charts/jans/charts/opendj/templates/user-custom-secret-envs.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{ if .Values.usrEnvs.secret }} -# License terms and conditions for Janssen Cloud Native Edition: -# https://www.apache.org/licenses/LICENSE-2.0 -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs -type: Opaque -data: - {{- range $key, $val := .Values.usrEnvs.secret }} - {{ $key }}: {{ $val | b64enc }} - {{- end}} -{{- end}} \ No newline at end of file diff --git a/charts/jans/charts/persistence/Chart.yaml b/charts/jans/charts/persistence/Chart.yaml deleted file mode 100644 index efee1222d44..00000000000 --- a/charts/jans/charts/persistence/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# License terms and conditions for Janssen Cloud Native Edition: -# https://www.apache.org/licenses/LICENSE-2.0 -apiVersion: v2 -name: persistence -version: 1.0.0-b11 -kubeVersion: ">=v1.19.0-0" -description: Job to generate data and initial config for Janssen Server persistence layer. -type: application -keywords: - - persistence prep -home: https://jans.io -sources: - - https://github.com/JanssenProject/docker-jans-persistence-loader - - https://github.com/JanssenFederation/cloud-native-edition/tree/master/pyjans/kubernetes/templates/helm/jans/charts/persistence -maintainers: - - name: Mohammad Abudayyeh - email: support@jans.io - url: https://github.com/moabu -icon: https://jans.io/favicon.ico -appVersion: "1.0.0-b11" - diff --git a/charts/jans/charts/persistence/templates/service.yaml b/charts/jans/charts/persistence/templates/service.yaml deleted file mode 100644 index b75b9b765c2..00000000000 --- a/charts/jans/charts/persistence/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.global.istio.enabled }} -# License terms and conditions: -# https://www.apache.org/licenses/LICENSE-2.0 -# Used with Istio -apiVersion: v1 -kind: Service -metadata: - name: {{ include "persistence.fullname" . }} - labels: -{{ include "persistence.labels" . | indent 6 }} -spec: - ports: - - name: http - port: 80 - targetPort: 8080 - selector: - app: {{ .Release.Name }}-{{ include "persistence.name" . }} - type: ClusterIP -{{- end }} \ No newline at end of file diff --git a/charts/jans/charts/persistence/templates/user-custom-secret-envs.yaml b/charts/jans/charts/persistence/templates/user-custom-secret-envs.yaml deleted file mode 100644 index e4ffc02cdfb..00000000000 --- a/charts/jans/charts/persistence/templates/user-custom-secret-envs.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{ if .Values.usrEnvs.secret }} -# License terms and conditions for Janssen Cloud Native Edition: -# https://www.apache.org/licenses/LICENSE-2.0 -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs -type: Opaque -data: - {{- range $key, $val := .Values.usrEnvs.secret }} - {{ $key }}: {{ $val | b64enc }} - {{- end}} -{{- end}} \ No newline at end of file diff --git a/charts/jans/charts/scim/Chart.yaml b/charts/jans/charts/scim/Chart.yaml deleted file mode 100644 index bed1eac041d..00000000000 --- a/charts/jans/charts/scim/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# License terms and conditions for Janssen Cloud Native Edition: -# https://www.apache.org/licenses/LICENSE-2.0 -apiVersion: v2 -name: scim -version: 1.0.0-b11 -kubeVersion: ">=v1.19.0-0" -description: System for Cross-domain Identity Management (SCIM) version 2.0 -type: application -keywords: - - SCIM - - API -home: https://jans.io -sources: - - https://github.com/JanssenProject/jans-scim - - https://jans.io/api-guide/scim-api/ - - https://github.com/JanssenProject/docker-jans-scim - - https://github.com/JanssenFederation/cloud-native-edition/tree/master/pyjans/kubernetes/templates/helm/jans/charts/scim -maintainers: - - name: Mohammad Abudayyeh - email: support@jans.io - url: https://github.com/moabu -icon: https://jans.io/favicon.ico -appVersion: "1.0.0-b11" diff --git a/charts/jans/charts/scim/templates/service.yml b/charts/jans/charts/scim/templates/service.yml deleted file mode 100644 index a16e9abc68c..00000000000 --- a/charts/jans/charts/scim/templates/service.yml +++ /dev/null @@ -1,19 +0,0 @@ -# License terms and conditions for Janssen Cloud Native Edition: -# https://www.apache.org/licenses/LICENSE-2.0 -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.global.scim.scimServiceName }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "scim.labels" . | indent 4}} -spec: - {{- if .Values.global.alb.ingress }} - type: NodePort - {{- end }} - ports: - - port: {{ .Values.service.port }} - name: {{ .Values.service.name }} - selector: - app: {{ .Release.Name }}-{{ include "scim.name" . }} #scim - \ No newline at end of file diff --git a/charts/jans/charts/scim/templates/user-custom-secret-envs.yaml b/charts/jans/charts/scim/templates/user-custom-secret-envs.yaml deleted file mode 100644 index e4ffc02cdfb..00000000000 --- a/charts/jans/charts/scim/templates/user-custom-secret-envs.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{ if .Values.usrEnvs.secret }} -# License terms and conditions for Janssen Cloud Native Edition: -# https://www.apache.org/licenses/LICENSE-2.0 -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs -type: Opaque -data: - {{- range $key, $val := .Values.usrEnvs.secret }} - {{ $key }}: {{ $val | b64enc }} - {{- end}} -{{- end}} \ No newline at end of file diff --git a/helm/.gitignore b/helm/.gitignore new file mode 100644 index 00000000000..0f0d1e6618f --- /dev/null +++ b/helm/.gitignore @@ -0,0 +1,114 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +env/ +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +*.egg-info/ +.installed.cfg +*.egg + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +.hypothesis/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# pyenv +.python-version + +# celery beat schedule file +celerybeat-schedule + +# SageMath parsed files +*.sage.py + +# dotenv +.env + +# virtualenv +.venv +venv/ +ENV/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# PyCharm project settings +.idea +# mkdocs documentation +/site + +# mypy +.mypy_cache/ + +*.pyz +/pygluu/kubernetes/kubernetes-client +.DS_Store + +docs/_build +setup.log +docs/setup.log + +# generated by guizipapp builder +include diff --git a/helm/LICENSE b/helm/LICENSE new file mode 100644 index 00000000000..261eeb9e9f8 --- /dev/null +++ b/helm/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/helm/MANIFEST.in b/helm/MANIFEST.in new file mode 100644 index 00000000000..d59211e34cd --- /dev/null +++ b/helm/MANIFEST.in @@ -0,0 +1,3 @@ +recursive-include pygluu/kubernetes/templates * +recursive-include pygluu/kubernetes/gui/templates * +recursive-include pygluu/kubernetes/gui/static * \ No newline at end of file diff --git a/helm/Makefile b/helm/Makefile new file mode 100644 index 00000000000..2a2378fc98a --- /dev/null +++ b/helm/Makefile @@ -0,0 +1,16 @@ +.DEFAULT_GOAL := develop + +develop: + /usr/bin/env python3 setup.py develop + +install: + pip3 install . + +uninstall: + pip3 uninstall pygluu-kubernetes -y + +zipapp: + shiv --compressed -o pygluu-kubernetes.pyz -p '/usr/bin/env python3' -e pygluu.kubernetes.create:main . --no-cache + +guizipapp: + shiv --compressed -o pygluu-kubernetes-gui.pyz -p '/usr/bin/env python3' -e pygluu.kubernetes.gui.server:run . --no-cache diff --git a/helm/README.md b/helm/README.md new file mode 100644 index 00000000000..03b20ac20df --- /dev/null +++ b/helm/README.md @@ -0,0 +1,54 @@ +![microk8s](https://github.com/GluuFederation/cloud-native-edition/workflows/microk8s/badge.svg?branch=5.0) +![minikube](https://github.com/GluuFederation/cloud-native-edition/workflows/minikube/badge.svg?branch=5.0) +![awseks](https://github.com/GluuFederation/cloud-native-edition/workflows/awseks/badge.svg?branch=5.0) +![googlegke](https://github.com/GluuFederation/cloud-native-edition/workflows/googlegke/badge.svg?branch=5.0) +![testcases](https://github.com/GluuFederation/cloud-native-edition/workflows/testcases/badge.svg?branch=5.0) +[![codecov](https://codecov.io/gh/GluuFederation/cloud-native-edition/branch/master/graph/badge.svg)](https://codecov.io/gh/GluuFederation/cloud-native-edition) +[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/gluu)](https://artifacthub.io/packages/search?repo=gluu) +# pygluu-kubernetes + +## Kubernetes recipes + +- Install [Gluu](https://gluu.org/docs/gluu-server/latest/installation-guide/install-kubernetes/) + +## Build `pygluu-kubernetes.pyz` manually + +## Prerequisites + +1. Python 3.6+. +1. Python `pip3` package. + +## Installation + +### Standard Python package + +1. Create virtual environment and activate: + + ```sh + python3 -m venv .venv + source .venv/bin/activate + ``` + +1. Install the package: + + ``` + make install + ``` + + This command will install executable called `pygluu-kubernetes` and `pygluu-kubernetes-gui` available in virtual environment `PATH`. + +### Python zipapp + +1. Install [shiv](https://shiv.readthedocs.io/) using `pip3`: + + ```sh + pip3 install shiv + ``` + +1. Install the package: + + ```sh + make zipapp + ``` + + This command will generate executable called `pygluu-kubernetes.pyz` under the same directory. \ No newline at end of file diff --git a/helm/docs/Makefile b/helm/docs/Makefile new file mode 100644 index 00000000000..d4bb2cbb9ed --- /dev/null +++ b/helm/docs/Makefile @@ -0,0 +1,20 @@ +# Minimal makefile for Sphinx documentation +# + +# You can set these variables from the command line, and also +# from the environment for the first two. +SPHINXOPTS ?= +SPHINXBUILD ?= sphinx-build +SOURCEDIR = . +BUILDDIR = _build + +# Put it first so that "make" without argument is like "make help". +help: + @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) + +.PHONY: help Makefile + +# Catch-all target: route all unknown targets to Sphinx using the new +# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). +%: Makefile + @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) diff --git a/helm/docs/README.md b/helm/docs/README.md new file mode 100644 index 00000000000..946c67a2fc2 --- /dev/null +++ b/helm/docs/README.md @@ -0,0 +1,9 @@ +Building Documentation +====================== + +To build the documentation: + + pip3 install sphinx sphinx-autobuild + sphinx-autobuild . _build/html/ + +Visit `http://localhost:8000` in the browser. diff --git a/helm/docs/conf.py b/helm/docs/conf.py new file mode 100644 index 00000000000..ecde154ddc1 --- /dev/null +++ b/helm/docs/conf.py @@ -0,0 +1,77 @@ +# Configuration file for the Sphinx documentation builder. +# +# This file only contains a selection of the most common options. For a full +# list see the documentation: +# https://www.sphinx-doc.org/en/master/usage/configuration.html + +# -- Path setup -------------------------------------------------------------- + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +# +import os +import re +import sys +sys.path.insert(0, os.path.abspath('../')) + + +def find_version(*file_paths): + here = os.path.abspath(os.path.dirname(__file__)) + with open(os.path.join(here, *file_paths), 'r') as f: + version_file = f.read() + version_match = re.search( + r"^__version__ = ['\"]([^'\"]*)['\"]", version_file, re.M, + ) + if version_match: + return version_match.group(1) + raise RuntimeError("Unable to find version string.") + + +# -- Project information ----------------------------------------------------- + +project = 'pygluu.kubernetes' +copyright = '2020, Gluu' +author = 'Gluu' + +# The full version, including alpha/beta/rc tags +release = find_version("../pygluu/kubernetes/__init__.py") + + +# -- General configuration --------------------------------------------------- + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ + "sphinx.ext.autodoc", +] + +autodoc_mock_imports = [ + "click", + "ruamel", + "kubernetes", + "OpenSSL", + "cryptography", +] + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +# This pattern also affects html_static_path and html_extra_path. +exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store'] + + +# -- Options for HTML output ------------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +# +html_theme = 'nature' + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['_static'] diff --git a/helm/docs/helm.rst b/helm/docs/helm.rst new file mode 100644 index 00000000000..4a50adc6837 --- /dev/null +++ b/helm/docs/helm.rst @@ -0,0 +1,11 @@ +Helm +~~~~ + +.. module:: pygluu.kubernetes.helm + +.. autofunction:: register_op_client + +.. autoclass:: pygluu.kubernetes.helm.Helm + :members: + :private-members: + :undoc-members: diff --git a/helm/docs/helpers.rst b/helm/docs/helpers.rst new file mode 100644 index 00000000000..6e3f27aa200 --- /dev/null +++ b/helm/docs/helpers.rst @@ -0,0 +1,26 @@ +Helpers +~~~~~~~ + +.. module:: pygluu.kubernetes.helpers + +.. autofunction:: update_settings_json_file + +.. autofunction:: exec_cmd + +.. autofunction:: get_logger + +.. autofunction:: ssh_and_remove + +.. autofunction:: check_port + +.. autofunction:: copy + +.. autofunction:: copy_templates + +.. autofunction:: check_microk8s_kube_config_file + +.. autofunction:: get_supported_versions + +.. autofunction:: generate_password + +.. autofunction:: prompt_password diff --git a/helm/docs/index.rst b/helm/docs/index.rst new file mode 100644 index 00000000000..bbb8a4f99b1 --- /dev/null +++ b/helm/docs/index.rst @@ -0,0 +1,31 @@ +.. pygluu.kubernetes documentation master file, created by + sphinx-quickstart on Sat Sep 5 01:18:38 2020. + You can adapt this file completely to your liking, but it should at least + contain the root `toctree` directive. + +pygluu.kubernetes +~~~~~~~~~~~~~~~~~ + +.. toctree:: + :maxdepth: 2 + +pygluu-kubernetes contains classes and functions to deploy Gluu Cloud Native Edition. + +This documentation focuses on guide for developer. For user's guide, head over to https://gluu.org/docs/gluu-server/. + +API Reference +============= + +This part of the documentation lists the API reference of public classes and functions. + +.. toctree:: + :maxdepth: 2 + + helm + helpers + kubeapi + kustomize + pycert + settings + terminal + yamlparser diff --git a/helm/docs/kubeapi.rst b/helm/docs/kubeapi.rst new file mode 100644 index 00000000000..0151cf1df70 --- /dev/null +++ b/helm/docs/kubeapi.rst @@ -0,0 +1,11 @@ +Kubeapi +~~~~~~~ + +.. module:: pygluu.kubernetes.kubeapi + +.. autofunction:: load_kubernetes_config + +.. autoclass:: Kubernetes + :members: + :private-members: + :undoc-members: diff --git a/helm/docs/kustomize.rst b/helm/docs/kustomize.rst new file mode 100644 index 00000000000..a45264f4fb9 --- /dev/null +++ b/helm/docs/kustomize.rst @@ -0,0 +1,11 @@ +Kustomize +~~~~~~~~~ + +.. module:: pygluu.kubernetes.kustomize + +.. autofunction:: register_op_client + +.. autoclass:: Kustomize + :members: + :private-members: + :undoc-members: diff --git a/helm/docs/make.bat b/helm/docs/make.bat new file mode 100644 index 00000000000..922152e96a0 --- /dev/null +++ b/helm/docs/make.bat @@ -0,0 +1,35 @@ +@ECHO OFF + +pushd %~dp0 + +REM Command file for Sphinx documentation + +if "%SPHINXBUILD%" == "" ( + set SPHINXBUILD=sphinx-build +) +set SOURCEDIR=. +set BUILDDIR=_build + +if "%1" == "" goto help + +%SPHINXBUILD% >NUL 2>NUL +if errorlevel 9009 ( + echo. + echo.The 'sphinx-build' command was not found. Make sure you have Sphinx + echo.installed, then set the SPHINXBUILD environment variable to point + echo.to the full path of the 'sphinx-build' executable. Alternatively you + echo.may add the Sphinx directory to PATH. + echo. + echo.If you don't have Sphinx installed, grab it from + echo.http://sphinx-doc.org/ + exit /b 1 +) + +%SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O% +goto end + +:help +%SPHINXBUILD% -M help %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O% + +:end +popd diff --git a/helm/docs/pycert.rst b/helm/docs/pycert.rst new file mode 100644 index 00000000000..71c178087dd --- /dev/null +++ b/helm/docs/pycert.rst @@ -0,0 +1,7 @@ +Certificate +~~~~~~~~~~~ + +.. module:: pygluu.kubernetes.pycert + +.. autofunction:: setup_crts +.. autofunction:: check_cert_with_private_key diff --git a/helm/docs/settings.rst b/helm/docs/settings.rst new file mode 100644 index 00000000000..41303972829 --- /dev/null +++ b/helm/docs/settings.rst @@ -0,0 +1,11 @@ +Settings +~~~~~~~~ + +.. module:: pygluu.kubernetes.settings + +.. autofunction:: unlink_values_yaml + +.. autoclass:: SettingsHandler + :members: + :private-members: + :undoc-members: diff --git a/helm/docs/terminal.rst b/helm/docs/terminal.rst new file mode 100644 index 00000000000..471a0f29fb9 --- /dev/null +++ b/helm/docs/terminal.rst @@ -0,0 +1,130 @@ +Terminal +~~~~~~~~ + +The ``pygluu.kubernetes.terminal`` sub-package contains functions and classes +to handle interaction with user-inputs. + +.. module:: pygluu.kubernetes.terminal.helpers + + +.. autofunction:: gather_ip + +.. autoclass:: pygluu.kubernetes.terminal.architecture.PromptArch + :members: + :private-members: + :undoc-members: + +.. autoclass:: pygluu.kubernetes.terminal.aws.PromptAws + :members: + :private-members: + :undoc-members: + +.. autoclass:: pygluu.kubernetes.terminal.backup.PromptBackup + :members: + :private-members: + :undoc-members: + +.. autoclass:: pygluu.kubernetes.terminal.cache.PromptCache + :members: + :private-members: + :undoc-members: + +.. autoclass:: pygluu.kubernetes.terminal.configuration.PromptConfiguration + :members: + :private-members: + :undoc-members: + +.. autoclass:: pygluu.kubernetes.terminal.confirmsettings.PromptConfirmSettings + :members: + :private-members: + :undoc-members: + +.. autoclass:: pygluu.kubernetes.terminal.couchbase.PromptCouchbase + :members: + :private-members: + :undoc-members: + +.. autoclass:: pygluu.kubernetes.terminal.gke.PromptGke + :members: + :private-members: + :undoc-members: + +.. autoclass:: pygluu.kubernetes.terminal.helm.PromptHelm + :members: + :private-members: + :undoc-members: + +.. autoclass:: pygluu.kubernetes.terminal.istio.PromptIstio + :members: + :private-members: + :undoc-members: + +.. autoclass:: pygluu.kubernetes.terminal.jackrabbit.PromptJackrabbit + :members: + :private-members: + :undoc-members: + +.. autoclass:: pygluu.kubernetes.terminal.ldap.PromptLdap + :members: + :private-members: + :undoc-members: + +.. autoclass:: pygluu.kubernetes.terminal.license.PromptLicense + :members: + :private-members: + :undoc-members: + +.. autoclass:: pygluu.kubernetes.terminal.namespace.PromptNamespace + :members: + :private-members: + :undoc-members: + +.. autoclass:: pygluu.kubernetes.terminal.optionalservices.PromptOptionalServices + :members: + :private-members: + :undoc-members: + +.. autoclass:: pygluu.kubernetes.terminal.persistencebackend.PromptPersistenceBackend + :members: + :private-members: + :undoc-members: + +.. autoclass:: pygluu.kubernetes.terminal.postgres.PromptPostgres + :members: + :private-members: + :undoc-members: + +.. autoclass:: pygluu.kubernetes.terminal.prompt.Prompt + :members: + :private-members: + :undoc-members: + +.. autoclass:: pygluu.kubernetes.terminal.redis.PromptRedis + :members: + :private-members: + :undoc-members: + +.. autoclass:: pygluu.kubernetes.terminal.replicas.PromptReplicas + :members: + :private-members: + :undoc-members: + +.. autoclass:: pygluu.kubernetes.terminal.testenv.PromptTestEnvironment + :members: + :private-members: + :undoc-members: + +.. autoclass:: pygluu.kubernetes.terminal.upgrade.PromptUpgrade + :members: + :private-members: + :undoc-members: + +.. autoclass:: pygluu.kubernetes.terminal.version.PromptVersion + :members: + :private-members: + :undoc-members: + +.. autoclass:: pygluu.kubernetes.terminal.volumes.PromptVolumes + :members: + :private-members: + :undoc-members: diff --git a/helm/docs/yamlparser.rst b/helm/docs/yamlparser.rst new file mode 100644 index 00000000000..c6327da5c3d --- /dev/null +++ b/helm/docs/yamlparser.rst @@ -0,0 +1,9 @@ +YAML Parser +~~~~~~~~~~~ + +.. module:: pygluu.kubernetes.yamlparser + +.. autoclass:: Parser + :members: + :private-members: + :undoc-members: diff --git a/helm/pygluu/__init__.py b/helm/pygluu/__init__.py new file mode 100644 index 00000000000..4a17056f584 --- /dev/null +++ b/helm/pygluu/__init__.py @@ -0,0 +1,6 @@ +""" + License terms and conditions for Gluu Cloud Native Edition: + https://www.apache.org/licenses/LICENSE-2.0 +""" + +__path__ = __import__('pkgutil').extend_path(__path__, __name__) diff --git a/helm/pygluu/kubernetes/__init__.py b/helm/pygluu/kubernetes/__init__.py new file mode 100644 index 00000000000..1b272b031de --- /dev/null +++ b/helm/pygluu/kubernetes/__init__.py @@ -0,0 +1,7 @@ +""" + License terms and conditions for Gluu Cloud Native Edition: + https://www.apache.org/licenses/LICENSE-2.0 +""" + +__version__ = "1.2.16" +__previous_version__ = "1.2.15" diff --git a/helm/pygluu/kubernetes/couchbase.py b/helm/pygluu/kubernetes/couchbase.py new file mode 100644 index 00000000000..1034eeb2e1f --- /dev/null +++ b/helm/pygluu/kubernetes/couchbase.py @@ -0,0 +1,704 @@ +""" + License terms and conditions for Gluu Cloud Native Edition: + https://www.apache.org/licenses/LICENSE-2.0 + Installs and configures Couchbase +""" + +from pathlib import Path +import shutil +import tarfile +from pygluu.kubernetes.kubeapi import Kubernetes +from pygluu.kubernetes.yamlparser import Parser +from pygluu.kubernetes.helpers import get_logger, exec_cmd +from pygluu.kubernetes.settings import ValuesHandler +from pygluu.kubernetes.pycert import setup_crts +import sys +import base64 +import random +import os + +logger = get_logger("gluu-couchbase ") + + +def extract_couchbase_tar(tar_file): + """ + Extracts couchbase kubernetes tar file + :param tar_file: + """ + extract_folder = Path("./couchbase-source-folder") + logger.info("Extracting {} in {} ".format(tar_file, extract_folder)) + tr = tarfile.open(tar_file) + tr.extractall(path=extract_folder) + tr.close() + + +def set_memory_for_buckets(memory_quota, couchbase_bucket_prefix): + def parse_couchbase_buckets(file, bucket_type, allbuckets): + for bucket in allbuckets: + metadata_name = "gluu" + if bucket: + metadata_name = "gluu-" + bucket + parser = Parser(file, bucket_type, metadata_name) + parser["spec"]["memoryQuota"] = str(memory_quota + 100) + "Mi" + parser["spec"]["name"] = couchbase_bucket_prefix + parser["metadata"]["name"] = couchbase_bucket_prefix + if bucket: + parser["spec"]["name"] = couchbase_bucket_prefix + "_" + bucket + parser["metadata"]["name"] = couchbase_bucket_prefix + "-" + bucket + parser.dump_it() + + buckets = ["", "site", "user"] + ephemeral_buckets = ["cache", "token", "session"] + parse_couchbase_buckets("./couchbase/couchbase-buckets.yaml", + "CouchbaseBucket", buckets) + parse_couchbase_buckets("./couchbase/couchbase-ephemeral-buckets.yaml", + "CouchbaseEphemeralBucket", ephemeral_buckets) + + +def create_server_spec_per_cb_service(zones, number_of_cb_service_nodes, cb_service_name, mem_req, mem_limit, + cpu_req, cpu_limit): + """ + Creates the server spec section inside couchbase.yaml for each couchbase service + :param zones: + :param number_of_cb_service_nodes: + :param cb_service_name: + :param mem_req: + :param mem_limit: + :param cpu_req: + :param cpu_limit: + :return: + """ + server_spec = [] + zones = zones + number_of_zones = len(zones) + size = dict() + # Create defualt size 1 for all the zones available + for n in range(number_of_cb_service_nodes): + random_zone_index = random.randint(0, number_of_zones - 1) + try: + size[zones[random_zone_index]] = size[zones[random_zone_index]] + 1 + except KeyError: + size[zones[random_zone_index]] = 1 + + for k, v in size.items(): + node_zone = k + name = "pvc-" + cb_service_name + if cb_service_name == "analytics": + name = ["pvc-" + cb_service_name] + spec = {"name": cb_service_name + "-" + node_zone, "size": v, "serverGroups": [node_zone], + "services": [cb_service_name], + "resources": {"limits": {"cpu": str(cpu_limit) + "m", "memory": str(mem_limit) + "Mi"}, + "requests": {"cpu": str(cpu_req) + "m", "memory": str(mem_req) + "Mi"}}, + "volumeMounts": {"default": "pvc-general", cb_service_name: name} + } + server_spec.append(spec) + + return server_spec + + +class Couchbase(object): + def __init__(self): + self.settings = ValuesHandler() + self.kubernetes = Kubernetes() + self.storage_class_file = Path("./couchbase/storageclasses.yaml") + self.couchbase_cluster_file = Path("./couchbase/couchbase-cluster.yaml") + self.couchbase_buckets_file = Path("./couchbase/couchbase-buckets.yaml") + self.couchbase_group_file = Path("./couchbase/couchbase-group.yaml") + self.couchbase_user_file = Path("./couchbase/couchbase-user.yaml") + self.couchbase_rolebinding_file = Path("./couchbase/couchbase-rolebinding.yaml") + self.couchbase_ephemeral_buckets_file = Path("./couchbase/couchbase-ephemeral-buckets.yaml") + self.couchbase_source_folder_pattern, self.couchbase_source_file = self.get_couchbase_files + self.couchbase_custom_resource_definition_file = self.couchbase_source_file.joinpath("crd.yaml") + self.couchbase_operator_dac_file = self.couchbase_source_file.joinpath("operator_dac.yaml") + self.couchbase_admission_file = self.couchbase_source_file.joinpath("admission.yaml") + self.couchbase_operator_backup_file = self.couchbase_source_file.joinpath("operator_dac_backup.yaml") + self.filename = "" + # @TODO: Remove flag after depreciation of couchbase operator 2.0 + self.old_couchbase = False + + @property + def get_couchbase_files(self): + """ + Returns the couchbase extracted package folder path containing manifests and the tar package file + :return: + """ + if self.settings.get("installer-settings.couchbase.install"): + couchbase_tar_pattern = "couchbase-autonomous-operator-kubernetes_*.tar.gz" + directory = Path('.') + try: + couchbase_tar_file = list(directory.glob(couchbase_tar_pattern))[0] + if "_1." in str(couchbase_tar_file.resolve()): + logger.fatal("Couchbase Autonomous Operator version must be > 2.0") + sys.exit() + # @TODO: Remove condition and underlying lines after depreciation of couchbase operator 2.0 + if "_2.0" in str(couchbase_tar_file.resolve()): + logger.warning("An newer version of the couchbase operator exists. " + "Please consider canceling out and using it.https://www.couchbase.com/downloads") + self.old_couchbase = True + + except IndexError: + logger.fatal("Couchbase package not found.") + logger.info("Please download the couchbase kubernetes package and place it inside the same directory " + "containing the pygluu-kubernetes.pyz script.https://www.couchbase.com/downloads") + sys.exit() + extract_couchbase_tar(couchbase_tar_file) + couchbase_source_folder_pattern = "./couchbase-source-folder/couchbase-autonomous-operator-kubernetes_*" + couchbase_source_folder = list(directory.glob(couchbase_source_folder_pattern))[0] + + return couchbase_tar_file, couchbase_source_folder + # Couchbase is installed. + return Path("."), Path(".") + + def create_couchbase_gluu_cert_pass_secrets(self, encoded_ca_crt_string, encoded_cb_pass_string, + encoded_cb_super_pass_string): + """ + Create cor patch secret containing couchbase certificate authority crt and couchbase admin password + :param encoded_ca_crt_string: + :param encoded_cb_pass_string: + :param encoded_cb_super_pass_string: + """ + # Remove this if its not needed + self.kubernetes.patch_or_create_namespaced_secret(name="cb-crt", + namespace=self.settings.get("installer-settings.namespace"), + literal="couchbase.crt", + value_of_literal=encoded_ca_crt_string) + + # Remove this if its not needed + self.kubernetes.patch_or_create_namespaced_secret(name="cb-pass", + namespace=self.settings.get("installer-settings.namespace"), + literal="couchbase_password", + value_of_literal=encoded_cb_pass_string) + + self.kubernetes.patch_or_create_namespaced_secret(name="cb-super-pass", + namespace=self.settings.get("installer-settings.namespace"), + literal="couchbase_superuser_password", + value_of_literal=encoded_cb_super_pass_string) + + def setup_backup_couchbase(self): + """ + Setups Couchbase backup strategy + """ + couchbase_backup_file = Path("./couchbase/backup/couchbase-backup.yaml") + parser = Parser(couchbase_backup_file, "CouchbaseBackup") + parser["spec"]["full"]["schedule"] = self.settings.get("installer-settings.couchbase.backup.fullSchedule") + parser["spec"]["incremental"]["schedule"] = self.settings.get( + "installer-settings.couchbase.backup.incrementalSchedule") + parser["spec"]["backupRetention"] = self.settings.get("installer-settings.couchbase.backup.retentionTime") + parser["spec"]["size"] = self.settings.get("installer-settings.couchbase.backup.storageSize") + parser.dump_it() + self.kubernetes.create_namespaced_custom_object(filepath=couchbase_backup_file, + group="couchbase.com", + version="v2", + plural="couchbasebackups", + namespace=self.settings.get("installer-settings.couchbase.namespace")) + + @property + def calculate_couchbase_resources(self): + """ + Return a dictionary containing couchbase resource information calculated + Alpha + @todo: switch to preset values based on ranges for TPS and amount of users + :return: + """ + tps = int(self.settings.get("CN_EXPECTED_TRANSACTIONS_PER_SEC")) + number_of_data_nodes = 0 + number_of_query_nodes = 0 + number_of_index_nodes = 0 + number_of_eventing_service_memory_nodes = 0 + user_ratio = int(self.settings.get("CN_NUMBER_OF_EXPECTED_USERS")) / 50000000 + tps_ratio = tps / 14000 + + if self.settings.get("CN_USING_RESOURCE_OWNER_PASSWORD_CRED_GRANT_FLOW") == "Y": + number_of_data_nodes += tps_ratio * 7 * user_ratio + number_of_query_nodes += tps_ratio * 5 * user_ratio + number_of_index_nodes += tps_ratio * 5 * user_ratio + number_of_eventing_service_memory_nodes += tps_ratio * 4 * user_ratio + + if self.settings.get("CN_USING_CODE_FLOW") == "Y": + number_of_data_nodes += tps_ratio * 14 * user_ratio + number_of_query_nodes += tps_ratio * 12 * user_ratio + number_of_index_nodes += tps_ratio * 13 * user_ratio + number_of_eventing_service_memory_nodes += tps_ratio * 7 * user_ratio + + if self.settings.get("CN_USING_SCIM_FLOW") == "Y": + number_of_data_nodes += tps_ratio * 7 * user_ratio + number_of_query_nodes += tps_ratio * 5 * user_ratio + number_of_index_nodes += tps_ratio * 5 * user_ratio + number_of_eventing_service_memory_nodes += tps_ratio * 4 * user_ratio + + if not self.settings.get("CN_COUCHBASE_GENERAL_STORAGE"): + self.settings.set("CN_COUCHBASE_GENERAL_STORAGE", str(int((tps_ratio * ( + int(self.settings.get("CN_NUMBER_OF_EXPECTED_USERS")) / 125000)) + 5)) + "Gi") + if not self.settings.get("CN_COUCHBASE_DATA_STORAGE"): + self.settings.set("CN_COUCHBASE_DATA_STORAGE", str(int((tps_ratio * ( + int(self.settings.get("CN_NUMBER_OF_EXPECTED_USERS")) / 100000)) + 5)) + "Gi") + if not self.settings.get("CN_COUCHBASE_INDEX_STORAGE"): + self.settings.set("CN_COUCHBASE_INDEX_STORAGE", str(int((tps_ratio * ( + int(self.settings.get("CN_NUMBER_OF_EXPECTED_USERS")) / 200000)) + 5)) + "Gi") + if not self.settings.get("CN_COUCHBASE_QUERY_STORAGE"): + self.settings.set("CN_COUCHBASE_QUERY_STORAGE", str(int((tps_ratio * ( + int(self.settings.get("CN_NUMBER_OF_EXPECTED_USERS")) / 200000)) + 5)) + "Gi") + if not self.settings.get("CN_COUCHBASE_ANALYTICS_STORAGE"): + self.settings.set("CN_COUCHBASE_ANALYTICS_STORAGE", str(int((tps_ratio * ( + int(self.settings.get("CN_NUMBER_OF_EXPECTED_USERS")) / 250000)) + 5)) + "Gi") + + if self.settings.get("CN_COUCHBASE_DATA_NODES"): + number_of_data_nodes = self.settings.get("CN_COUCHBASE_DATA_NODES") + if self.settings.get("CN_COUCHBASE_QUERY_NODES"): + number_of_query_nodes = self.settings.get("CN_COUCHBASE_QUERY_NODES") + if self.settings.get("CN_COUCHBASE_INDEX_NODES"): + number_of_index_nodes = self.settings.get("CN_COUCHBASE_INDEX_NODES") + if self.settings.get("CN_COUCHBASE_SEARCH_EVENTING_ANALYTICS_NODES"): + number_of_eventing_service_memory_nodes = self.settings.get("CN_COUCHBASE_SEARCH_EVENTING_ANALYTICS_NODES") + + data_service_memory_quota = (tps_ratio * 40000 * user_ratio) + 512 + data_memory_request = data_service_memory_quota / 4 + data_memory_limit = data_memory_request + data_cpu_request = data_service_memory_quota / 4 + data_cpu_limit = data_cpu_request + + query_memory_request = data_memory_request + query_memory_limit = query_memory_request + query_cpu_request = data_service_memory_quota / 4 + query_cpu_limit = query_cpu_request + + index_service_memory_quota = (tps_ratio * 25000 * user_ratio) + 256 + index_memory_request = index_service_memory_quota / 3 + index_memory_limit = index_memory_request + index_cpu_request = index_service_memory_quota / 3 + index_cpu_limit = index_cpu_request + + search_service_memory_quota = (tps_ratio * 4000 * user_ratio) + 256 + eventing_service_memory_quota = (tps_ratio * 4000 * user_ratio) + 256 + analytics_service_memory_quota = (tps_ratio * 4000 * user_ratio) + 1024 + + search_eventing_analytics_memory_quota_sum = (search_service_memory_quota + eventing_service_memory_quota + + analytics_service_memory_quota) + search_eventing_analytics_memory_request = tps_ratio * 10000 * user_ratio + search_eventing_analytics_memory_limit = search_eventing_analytics_memory_request + search_eventing_analytics_cpu_request = tps_ratio * 6000 * user_ratio + search_eventing_analytics_cpu_limit = search_eventing_analytics_cpu_request + + # Two services because query is assumed to take the same amount of mem quota + total_mem_resources = \ + data_service_memory_quota + data_service_memory_quota + index_service_memory_quota + \ + search_eventing_analytics_memory_quota_sum + + total_cpu_resources = data_cpu_limit + query_cpu_limit + index_cpu_limit + search_eventing_analytics_cpu_limit + + resources_info = dict(CN_COUCHBASE_DATA_NODES=int(number_of_data_nodes), + CN_COUCHBASE_QUERY_NODES=int(number_of_query_nodes), + CN_COUCHBASE_INDEX_NODES=int(number_of_index_nodes), + CN_COUCHBASE_SEARCH_EVENTING_ANALYTICS_NODES=int(number_of_eventing_service_memory_nodes), + COUCHBASE_DATA_MEM_QUOTA=round(data_service_memory_quota), + COUCHBASE_DATA_MEM_REQUEST=round(data_memory_request), + COUCHBASE_DATA_MEM_LIMIT=round(data_memory_limit), + COUCHBASE_DATA_CPU_REQUEST=round(data_cpu_request), + COUCHBASE_DATA_CPU_LIMIT=round(data_cpu_limit), + COUCHBASE_QUERY_MEM_QUOTA=round(data_service_memory_quota), + COUCHBASE_QUERY_MEM_REQUEST=round(query_memory_request), + COUCHBASE_QUERY_MEM_LIMIT=round(query_memory_limit), + COUCHBASE_QUERY_CPU_REQUEST=round(query_cpu_request), + COUCHBASE_QUERY_CPU_LIMIT=round(query_cpu_limit), + COUCHBASE_INDEX_MEM_QUOTA=round(index_service_memory_quota), + COUCHBASE_INDEX_MEM_REQUEST=round(index_memory_request), + COUCHBASE_INDEX_MEM_LIMIT=round(index_memory_limit), + COUCHBASE_INDEX_CPU_REQUEST=round(index_cpu_request), + COUCHBASE_INDEX_CPU_LIMIT=round(index_cpu_limit), + COUCHBASE_SEARCH_EVENTING_ANALYTICS_MEM_QUOTA=round(search_service_memory_quota), + COUCHBASE_SEARCH_EVENTING_ANALYTICS_MEM_REQUEST=round( + search_eventing_analytics_memory_request), + COUCHBASE_SEARCH_EVENTING_ANALYTICS_MEM_LIMIT=round( + search_eventing_analytics_memory_limit), + COUCHBASE_SEARCH_EVENTING_ANALYTICS_CPU_REQUEST=round( + search_eventing_analytics_cpu_request), + COUCHBASE_SEARCH_EVENTING_ANALYTICS_CPU_LIMIT=round(search_eventing_analytics_cpu_limit), + TOTAL_RAM_NEEDED=round(total_mem_resources), + TOTAL_CPU_NEEDED=round(total_cpu_resources) + ) + self.settings.set("CN_COUCHBASE_DATA_NODES", number_of_data_nodes) + self.settings.set("CN_COUCHBASE_QUERY_NODES", number_of_query_nodes) + self.settings.set("CN_COUCHBASE_INDEX_NODES", number_of_index_nodes) + self.settings.set("CN_COUCHBASE_SEARCH_EVENTING_ANALYTICS_NODES", number_of_eventing_service_memory_nodes) + return resources_info + + def analyze_couchbase_cluster_yaml(self): + """ + Dumps created calculated resources into couchbase.yaml file. ALso includes cloud zones. + """ + parser = Parser("./couchbase/couchbase-cluster.yaml", "CouchbaseCluster") + parser["metadata"]["name"] = self.settings.get("installer-settings.couchbase.clusterName") + number_of_buckets = 5 + if self.settings.get("global.storageClass.provisioner") in ("microk8s.io/hostpath", + "k8s.io/minikube-hostpath") or \ + self.settings.get("global.cloud.testEnviroment"): + resources_servers = [{"name": "allServices", "size": 1, + "services": ["data", "index", "query", "search", "eventing", "analytics"], + "volumeMounts": {"default": "pvc-general", + "data": "pvc-data", "index": "pvc-index", + "analytics": ["pvc-analytics"]}}] + data_service_memory_quota = 1024 + index_service_memory_quota = 512 + search_service_memory_quota = 512 + eventing_service_memory_quota = 512 + analytics_service_memory_quota = 1024 + memory_quota = 0 + else: + resources = self.calculate_couchbase_resources + data_service_memory_quota = resources["COUCHBASE_DATA_MEM_QUOTA"] + index_service_memory_quota = resources["COUCHBASE_INDEX_MEM_QUOTA"] + search_service_memory_quota = resources["COUCHBASE_SEARCH_EVENTING_ANALYTICS_MEM_QUOTA"] + eventing_service_memory_quota = resources["COUCHBASE_SEARCH_EVENTING_ANALYTICS_MEM_QUOTA"] + analytics_service_memory_quota = resources["COUCHBASE_SEARCH_EVENTING_ANALYTICS_MEM_QUOTA"] + 1024 + memory_quota = ((resources["COUCHBASE_DATA_MEM_QUOTA"] - 500) / number_of_buckets) + zones_list = self.settings.get("CN_NODES_ZONES") + data_server_spec = create_server_spec_per_cb_service(zones_list, int(resources["CN_COUCHBASE_DATA_NODES"]), + "data", + str(resources["COUCHBASE_DATA_MEM_REQUEST"]), + str(resources["COUCHBASE_DATA_MEM_LIMIT"]), + str(resources["COUCHBASE_DATA_CPU_REQUEST"]), + str(resources["COUCHBASE_DATA_CPU_LIMIT"])) + + query_server_spec = create_server_spec_per_cb_service(zones_list, + int(resources["CN_COUCHBASE_QUERY_NODES"]), + "query", + str(resources["COUCHBASE_QUERY_MEM_REQUEST"]), + str(resources["COUCHBASE_QUERY_MEM_LIMIT"]), + str(resources["COUCHBASE_QUERY_CPU_REQUEST"]), + str(resources["COUCHBASE_QUERY_CPU_LIMIT"])) + + index_server_spec = create_server_spec_per_cb_service(zones_list, + int(resources["CN_COUCHBASE_INDEX_NODES"]), "index", + str(resources["COUCHBASE_INDEX_MEM_REQUEST"]), + str(resources["COUCHBASE_INDEX_MEM_LIMIT"]), + str(resources["COUCHBASE_INDEX_CPU_REQUEST"]), + str(resources["COUCHBASE_INDEX_CPU_LIMIT"])) + + search_eventing_analytics_server_spec = create_server_spec_per_cb_service( + zones_list, + int(resources["CN_COUCHBASE_SEARCH_EVENTING_ANALYTICS_NODES"]), "analytics", + str(resources["COUCHBASE_SEARCH_EVENTING_ANALYTICS_MEM_REQUEST"]), + str(resources["COUCHBASE_SEARCH_EVENTING_ANALYTICS_MEM_LIMIT"]), + str(resources["COUCHBASE_SEARCH_EVENTING_ANALYTICS_CPU_REQUEST"]), + str(resources["COUCHBASE_SEARCH_EVENTING_ANALYTICS_CPU_LIMIT"])) + + resources_servers = \ + data_server_spec + query_server_spec + index_server_spec + \ + search_eventing_analytics_server_spec + + if self.settings.get("installer-settings.nodes.zones"): + unique_zones = list(dict.fromkeys(self.settings.get("installer-settings.nodes.zones"))) + parser["spec"]["serverGroups"] = unique_zones + parser["spec"]["cluster"]["dataServiceMemoryQuota"] = str(data_service_memory_quota) + "Mi" + parser["spec"]["cluster"]["indexServiceMemoryQuota"] = str(index_service_memory_quota) + "Mi" + parser["spec"]["cluster"]["searchServiceMemoryQuota"] = str(search_service_memory_quota) + "Mi" + parser["spec"]["cluster"]["eventingServiceMemoryQuota"] = str(eventing_service_memory_quota) + "Mi" + parser["spec"]["cluster"]["analyticsServiceMemoryQuota"] = str(analytics_service_memory_quota) + "Mi" + + set_memory_for_buckets(memory_quota, self.settings.get("config.configmap.cnCouchbaseBucketPrefix")) + parser["metadata"]["name"] = self.settings.get("installer-settings.couchbase.clusterName") + parser["spec"]["servers"] = resources_servers + + number_of_volume_claims = len(parser["spec"]["volumeClaimTemplates"]) + for i in range(number_of_volume_claims): + name = parser["spec"]["volumeClaimTemplates"][i]["metadata"]["name"] + if name == "pvc-general": + parser["spec"]["volumeClaimTemplates"][i]["spec"]["resources"]["requests"]["storage"] = "5Gi" + elif name == "pvc-data": + parser["spec"]["volumeClaimTemplates"][i]["spec"]["resources"]["requests"]["storage"] = "5Gi" + elif name == "pvc-index": + parser["spec"]["volumeClaimTemplates"][i]["spec"]["resources"]["requests"]["storage"] = "5Gi" + elif name == "pvc-query": + parser["spec"]["volumeClaimTemplates"][i]["spec"]["resources"]["requests"]["storage"] = "5Gi" + elif name == "pvc-analytics": + parser["spec"]["volumeClaimTemplates"][i]["spec"]["resources"]["requests"]["storage"] = "5Gi" + parser.dump_it() + + def install(self): + """ + Installs Couchbase + """ + self.kubernetes.create_namespace(name=self.settings.get("installer-settings.namespace")) + if not self.settings.get("installer-settings.couchbase.customFileOverride"): + try: + self.analyze_couchbase_cluster_yaml() + except Exception: + # TODO remove this exception + logger.error("Looks like some of the couchbase files were misconfigured. " + "If you wish to override the couchbase files please set " + " installer-settings.couchbase.customFileOverride to true`") + sys.exit() + cb_namespace = self.settings.get("installer-settings.couchbase.namespace") + storage_class_file_parser = Parser(self.storage_class_file, "StorageClass") + if self.settings.get('global.storageClass.provisioner') in ("kubernetes.io/gce-pd", + "dobs.csi.digitalocean.com", + "kubernetes.io/azure-disk"): + try: + del storage_class_file_parser["parameters"]["encrypted"] + except KeyError: + logger.info("Key not found") + storage_class_file_parser["parameters"]["type"] = \ + self.settings.get("installer-settings.couchbase.volumeType") + storage_class_file_parser["provisioner"] = self.settings.get('global.storageClass.provisioner') + if self.settings.get('global.storageClass.provisioner') == "microk8s.io/hostpath": + try: + del storage_class_file_parser["allowVolumeExpansion"] + del storage_class_file_parser["parameters"] + except KeyError: + logger.info("Key not found") + storage_class_file_parser.dump_it() + elif self.settings.get('global.storageClass.provisioner') == "k8s.io/minikube-hostpath": + try: + del storage_class_file_parser["allowVolumeExpansion"] + del storage_class_file_parser["parameters"] + except KeyError: + logger.info("Key not found") + storage_class_file_parser.dump_it() + else: + try: + storage_class_file_parser["parameters"]["type"] = \ + self.settings.get("installer-settings.couchbase.volumeType") + except KeyError: + logger.info("Key not found") + storage_class_file_parser.dump_it() + + logger.info("Installing Couchbase...") + couchbase_crts_keys = Path("couchbase_crts_keys") + if not couchbase_crts_keys.exists(): + os.mkdir(couchbase_crts_keys) + custom_cb_ca_crt = Path("./couchbase_crts_keys/ca.crt") + custom_cb_crt = Path("./couchbase_crts_keys/chain.pem") + custom_cb_key = Path("./couchbase_crts_keys/pkey.key") + if not custom_cb_ca_crt.exists() and not custom_cb_crt.exists() and not custom_cb_key.exists(): + setup_crts(ca_common_name=self.settings.get("installer-settings.couchbase.commonName"), + cert_common_name="couchbase-server", + san_list=self.settings.get("installer-settings.couchbase.subjectAlternativeName"), + ca_cert_file="./couchbase_crts_keys/ca.crt", + ca_key_file="./couchbase_crts_keys/ca.key", + cert_file="./couchbase_crts_keys/chain.pem", + key_file="./couchbase_crts_keys/pkey.key") + labels = {"app": "gluu-couchbase"} + if self.settings.get("global.istio.enabled"): + labels = {"app": "couchbase", "istio-injection": "enabled"} + self.kubernetes.create_namespace(name=cb_namespace, labels=labels) + chain_pem_filepath = Path("./couchbase_crts_keys/chain.pem") + pkey_filepath = Path("./couchbase_crts_keys/pkey.key") + tls_cert_filepath = Path("./couchbase_crts_keys/tls-cert-file") + tls_private_key_filepath = Path("./couchbase_crts_keys/tls-private-key-file") + ca_cert_filepath = Path("./couchbase_crts_keys/ca.crt") + shutil.copyfile(ca_cert_filepath, Path("./couchbase_crts_keys/couchbase.crt")) + shutil.copyfile(chain_pem_filepath, tls_cert_filepath) + shutil.copyfile(pkey_filepath, tls_private_key_filepath) + + encoded_ca_crt_string = self.settings.get("config.configmap.cnCouchbaseCrt") + if encoded_ca_crt_string in (None, ''): + with open(ca_cert_filepath) as content_file: + ca_crt_content = content_file.read() + encoded_ca_crt_bytes = base64.b64encode(ca_crt_content.encode("utf-8")) + encoded_ca_crt_string = str(encoded_ca_crt_bytes, "utf-8") + self.settings.set("config.configmap.cnCouchbaseCrt", encoded_ca_crt_string) + + with open(chain_pem_filepath) as content_file: + chain_pem_content = content_file.read() + encoded_chain_bytes = base64.b64encode(chain_pem_content.encode("utf-8")) + encoded_chain_string = str(encoded_chain_bytes, "utf-8") + + with open(pkey_filepath) as content_file: + pkey_content = content_file.read() + encoded_pkey_bytes = base64.b64encode(pkey_content.encode("utf-8")) + encoded_pkey_string = str(encoded_pkey_bytes, "utf-8") + + self.kubernetes.patch_or_create_namespaced_secret(name="couchbase-server-tls", + namespace=cb_namespace, + literal=chain_pem_filepath.name, + value_of_literal=encoded_chain_string, + second_literal=pkey_filepath.name, + value_of_second_literal=encoded_pkey_string) + self.kubernetes.patch_or_create_namespaced_secret(name="couchbase-operator-tls", + namespace=cb_namespace, + literal=ca_cert_filepath.name, + value_of_literal=encoded_ca_crt_string) + + encoded_cb_super_user_bytes = base64.b64encode( + self.settings.get("config.configmap.cnCouchbaseSuperUser").encode("utf-8")) + encoded_cb_super_user_string = str(encoded_cb_super_user_bytes, "utf-8") + encoded_cb_pass_bytes = base64.b64encode( + self.settings.get("config.configmap.cnCouchbasePassword").encode("utf-8")) + encoded_cb_pass_string = str(encoded_cb_pass_bytes, "utf-8") + encoded_cb_super_pass_bytes = base64.b64encode( + self.settings.get("config.configmap.cnCouchbaseSuperUserPassword").encode("utf-8")) + encoded_cb_super_pass_string = str(encoded_cb_super_pass_bytes, "utf-8") + + self.create_couchbase_gluu_cert_pass_secrets(encoded_ca_crt_string, encoded_cb_pass_string, + encoded_cb_super_pass_string) + self.kubernetes.patch_or_create_namespaced_secret(name="gluu-couchbase-user-password", + namespace=self.settings.get( + "installer-settings.couchbase.namespace"), + literal="password", + value_of_literal=encoded_cb_pass_string) + + admission_command = "./{}/bin/cbopcfg generate admission --namespace {}".format(self.couchbase_source_file, + self.settings.get( + "installer-settings.couchbase.namespace")) + operator_command = "./{}/bin/cbopcfg generate operator --namespace {}".format(self.couchbase_source_file, + self.settings.get( + "installer-settings.couchbase.namespace")) + backup_command = "./{}/bin/cbopcfg generate backup --namespace {}".format(self.couchbase_source_file, + self.settings.get( + "installer-settings.couchbase.namespace")) + # @TODO: Remove condition and operator_command override after depreciation of couchbase operator 2.0 + if self.old_couchbase: + operator_command = "./{}/bin/cbopcfg -backup=true -namespace={}".format(self.couchbase_source_file, + self.settings.get( + "installer-settings.couchbase.namespace")) + exec_cmd(operator_command, output_file=self.couchbase_operator_dac_file) + # @TODO: Remove only the condition after depreciation of couchbase operator 2.0 + if not self.old_couchbase: + exec_cmd(backup_command, output_file=self.couchbase_operator_backup_file) + exec_cmd(admission_command, output_file=self.couchbase_admission_file) + + couchbase_cluster_parser = Parser(self.couchbase_cluster_file, "CouchbaseCluster") + couchbase_cluster_parser["spec"]["networking"]["tls"]["static"]["serverSecret"] = "couchbase-server-tls" + couchbase_cluster_parser["spec"]["networking"]["tls"]["static"]["operatorSecret"] = "couchbase-operator-tls" + if self.settings.get("global.istio.enabled"): + couchbase_cluster_parser["spec"]["networking"]["networkPlatform"] = "Istio" + try: + couchbase_cluster_parser["spec"]["security"]["rbac"]["selector"]["matchLabels"]["cluster"] = \ + self.settings.get("installer-settings.couchbase.clusterName") + couchbase_cluster_parser["spec"]["security"]["rbac"]["managed"] = True + except KeyError: + logger.error("rbac section is missing or incorrect in couchbase-cluster.yaml." + " Please set spec --> security --> rbac --> managed : true" + " and set spec --> security --> rbac --> selector --> matchLabels --> " + "cluster --> to your cluster name") + logger.info("As a result of the above the installation will exit " + "as the gluu user will not be created causing the communication between " + "Gluu server and Couchbase to fail.") + sys.exit() + if "localOpenEbsHostPathDynamic" in self.settings.get("installer-settings.volumeProvisionStrategy"): + volume_claims = couchbase_cluster_parser["spec"]["volumeClaimTemplates"] + for i, volume_claim in enumerate(volume_claims): + couchbase_cluster_parser["spec"]["volumeClaimTemplates"][i]["spec"]["storageClassName"] = \ + "openebs-hostpath" + couchbase_cluster_parser.dump_it() + + self.kubernetes.create_objects_from_dict(self.couchbase_custom_resource_definition_file, + namespace=cb_namespace) + + self.kubernetes.create_objects_from_dict(self.couchbase_operator_dac_file, + namespace=cb_namespace) + # @TODO: Remove only the condition after depreciation of couchbase operator 2.0 + if not self.old_couchbase: + self.kubernetes.create_objects_from_dict(self.couchbase_admission_file, + namespace=cb_namespace) + + self.kubernetes.create_objects_from_dict(self.couchbase_operator_backup_file, + namespace=cb_namespace) + + self.kubernetes.check_pods_statuses(cb_namespace, "app=couchbase-operator", 700) + + self.kubernetes.patch_or_create_namespaced_secret(name="cb-auth", + namespace=cb_namespace, + literal="username", + value_of_literal=encoded_cb_super_user_string, + second_literal="password", + value_of_second_literal=encoded_cb_super_pass_string) + + self.kubernetes.create_objects_from_dict(self.storage_class_file, namespace=cb_namespace) + self.kubernetes.create_namespaced_custom_object(filepath=self.couchbase_cluster_file, + group="couchbase.com", + version="v2", + plural="couchbaseclusters", + namespace=cb_namespace) + self.kubernetes.create_namespaced_custom_object(filepath=self.couchbase_buckets_file, + group="couchbase.com", + version="v2", + plural="couchbasebuckets", + namespace=cb_namespace) + self.kubernetes.create_namespaced_custom_object(filepath=self.couchbase_ephemeral_buckets_file, + group="couchbase.com", + version="v2", + plural="couchbaseephemeralbuckets", + namespace=cb_namespace) + coucbase_group_parser = Parser(self.couchbase_group_file, "CouchbaseGroup") + coucbase_group_parser["metadata"]["labels"]["cluster"] = \ + self.settings.get("installer-settings.couchbase.clusterName") + permissions = ["query_select", "query_update", "query_insert", "query_delete"] + allbuckets = ["", "site", "user", "cache", "token", "session"] + roles = [] + for permission in permissions: + for bucket in allbuckets: + bucket_name = self.settings.get("config.configmap.cnCouchbaseBucketPrefix") + if bucket: + bucket_name = bucket_name + "_" + bucket + roles.append({"name": permission, "bucket": bucket_name}) + coucbase_group_parser["spec"]["roles"] = roles + coucbase_group_parser.dump_it() + coucbase_user_parser = Parser(self.couchbase_user_file, "CouchbaseUser") + coucbase_user_parser["metadata"]["labels"]["cluster"] = \ + self.settings.get("installer-settings.couchbase.clusterName") + coucbase_user_parser.dump_it() + self.kubernetes.create_namespaced_custom_object(filepath=self.couchbase_group_file, + group="couchbase.com", + version="v2", + plural="couchbasegroups", + namespace=cb_namespace) + self.kubernetes.create_namespaced_custom_object(filepath=self.couchbase_user_file, + group="couchbase.com", + version="v2", + plural="couchbaseusers", + namespace=cb_namespace) + self.kubernetes.create_namespaced_custom_object(filepath=self.couchbase_rolebinding_file, + group="couchbase.com", + version="v2", + plural="couchbaserolebindings", + namespace=cb_namespace) + self.kubernetes.check_pods_statuses(cb_namespace, "couchbase_service_analytics=enabled", 700) + self.kubernetes.check_pods_statuses(cb_namespace, "couchbase_service_data=enabled", 700) + self.kubernetes.check_pods_statuses(cb_namespace, "couchbase_service_eventing=enabled", 700) + self.kubernetes.check_pods_statuses(cb_namespace, "couchbase_service_index=enabled", 700) + self.kubernetes.check_pods_statuses(cb_namespace, "couchbase_service_query=enabled", 700) + self.kubernetes.check_pods_statuses(cb_namespace, "couchbase_service_search=enabled", 700) + # Setup couchbase backups + if self.settings.get("global.storageClass.provisioner") not in ("microk8s.io/hostpath", + "k8s.io/minikube-hostpath"): + self.setup_backup_couchbase() + shutil.rmtree(self.couchbase_source_folder_pattern, ignore_errors=True) + + def uninstall(self): + """ + Uninstalls couchbase + """ + logger.info("Deleting Couchbase...") + self.kubernetes.delete_storage_class("couchbase-sc") + self.kubernetes.delete_custom_resource("couchbaseclusters.couchbase.com") + self.kubernetes.delete_validating_webhook_configuration("couchbase-operator-admission") + self.kubernetes.delete_mutating_webhook_configuration("couchbase-operator-admission") + self.kubernetes.delete_cluster_role_binding("couchbase-operator-admission") + self.kubernetes.delete_cluster_role("couchbase-operator-admission") + self.kubernetes.delete_role("couchbase-operator", self.settings.get("installer-settings.couchbase.namespace")) + self.kubernetes.delete_secret("cb-auth", self.settings.get("installer-settings.couchbase.namespace")) + self.kubernetes.delete_secret("gluu-couchbase-user-password", self.settings.get("installer-settings.couchbase.namespace")) + self.kubernetes.delete_deployment_using_name("couchbase-operator", self.settings.get("installer-settings.couchbase.namespace")) + self.kubernetes.delete_role_binding("couchbase-operator", self.settings.get("installer-settings.couchbase.namespace")) + self.kubernetes.delete_service_account("couchbase-operator", self.settings.get("installer-settings.couchbase.namespace")) + self.kubernetes.delete_service("couchbase-operator-admission", self.settings.get("installer-settings.couchbase.namespace")) + self.kubernetes.delete_deployment_using_name("couchbase-operator-admission", + self.settings.get("installer-settings.couchbase.namespace")) + self.kubernetes.delete_service("couchbase-operator", self.settings.get("installer-settings.couchbase.namespace")) + self.kubernetes.delete_custom_resource("couchbasebackuprestores.couchbase.com") + self.kubernetes.delete_custom_resource("couchbasebackups.couchbase.com") + self.kubernetes.delete_custom_resource("couchbasebuckets.couchbase.com") + self.kubernetes.delete_custom_resource("couchbaseephemeralbuckets.couchbase.com") + self.kubernetes.delete_custom_resource("couchbasereplications.couchbase.com") + self.kubernetes.delete_custom_resource("couchbaserolebindings.couchbase.com") + self.kubernetes.delete_custom_resource("couchbasegroups.couchbase.com") + self.kubernetes.delete_custom_resource("couchbasememcachedbuckets.couchbase.com") + self.kubernetes.delete_custom_resource("couchbaseusers.couchbase.com") + self.kubernetes.delete_custom_resource("couchbaseautoscalers.couchbase.com") + + self.kubernetes.delete_service_account("couchbase-operator-admission", + self.settings.get("installer-settings.couchbase.namespace")) + self.kubernetes.delete_secret("couchbase-operator-admission", self.settings.get("installer-settings.couchbase.namespace")) + self.kubernetes.delete_secret("couchbase-operator-tls", self.settings.get("installer-settings.couchbase.namespace")) + shutil.rmtree(Path("./couchbase-source-folder"), ignore_errors=True) diff --git a/helm/pygluu/kubernetes/create.py b/helm/pygluu/kubernetes/create.py new file mode 100644 index 00000000000..9036889bf2f --- /dev/null +++ b/helm/pygluu/kubernetes/create.py @@ -0,0 +1,148 @@ +""" + License terms and conditions for Gluu Cloud Native Edition: + https://www.apache.org/licenses/LICENSE-2.0 + Installs Gluu +""" +import argparse +import sys, shutil +from pathlib import Path +from pygluu.kubernetes.couchbase import Couchbase +from pygluu.kubernetes.terminal.prompt import Prompt +from pygluu.kubernetes.helpers import get_logger, copy_templates +from pygluu.kubernetes.gluu import Gluu +from pygluu.kubernetes.settings import ValuesHandler + +logger = get_logger("gluu-create ") + + +def create_parser(): + """Create parser to handle arguments from CLI. + :return: + """ + parser = argparse.ArgumentParser() + subparsers = parser.add_subparsers(title="Commands", dest="subparser_name") + subparsers.add_parser("generate-settings", help="Generate settings.json to install " + "Gluu Cloud Native Edition non-interactively") + subparsers.add_parser("install-ldap-backup", help="Install ldap backup cronjob only.") + subparsers.add_parser("restore", help="Install Gluu Cloud Native Edition with a " + "running database and previous configuration") + subparsers.add_parser("upgrade", help="Upgrade Gluu Cloud Native Edition") + subparsers.add_parser("upgrade-values-yaml", help="Upgrade Gluu Cloud Native Edition") + subparsers.add_parser("install-couchbase", help="Install Couchbase only. Used with installation of Gluu with Helm") + subparsers.add_parser("install-couchbase-backup", help="Install Couchbase backup only.") + subparsers.add_parser("uninstall-couchbase", help="Uninstall Couchbase only.") + subparsers.add_parser("install", help="Install Gluu Cloud Native Edition using helm. " + "This also installs the nginx-ingress chart") + subparsers.add_parser("uninstall", help="Uninstall Gluu Cloud Native Edition using helm. " + "This also uninstalls the nginx-ingress chart") + subparsers.add_parser("install-gluu", help="Install Gluu Cloud Native Edition using helm. " + "This assumes nginx-ingress is installed") + subparsers.add_parser("uninstall-gluu", help="Uninstall Gluu Cloud Native Edition using helm." + "This only uninstalls Gluu") + subparsers.add_parser("version", help="Outputs version of pygluu installer.") + return parser + + +def main(): + parser = create_parser() + args = parser.parse_args(sys.argv[1:]) + + if not args.subparser_name: + parser.print_help() + return + + if args.subparser_name == "version": + from pygluu.kubernetes import __version__ + logger.info(f"pygluu installer version is : {__version__}") + return + + copy_templates() + # Prepare override-values.yaml for parsing + shutil.copy(Path("./helm/gluu/values.yaml"), Path("./helm/gluu/override-values.yaml")) + settings = ValuesHandler() + settings.load() + prompts = Prompt() + prompts.prompt() + settings = ValuesHandler() + + try: + + if args.subparser_name == "uninstall-gluu": + gluu = Gluu() + gluu.uninstall_gluu() + if settings.get("installer-settings.redis.install"): + # TODO: Make sure remove redis or postgres if installled by Gluu + logger.info("remove me after implementing TODO") + elif args.subparser_name == "upgrade-values-yaml": + from pygluu.kubernetes.terminal.upgrade import PromptUpgrade + # New feature in 4.2 compared to 4.1 and hence if enabled should make sure postgres is installed. + gluu = Gluu() + if settings.get("installer-settings.jackrabbit.clusterMode") and \ + settings.get("installer-settings.postgres.install"): + # TODO: Make sure postgres is installed + logger.info("remove me after implementing TODO") + prompt_upgrade = PromptUpgrade(settings) + prompt_upgrade.prompt_upgrade() + logger.info("Patching values.yaml for helm upgrade...") + logger.info("Please find your patched values.yaml at the location ./helm/gluu/values.yaml." + "Continue with the steps found at https://gluu.org/docs/gluu-server/latest/upgrade/#helm") + + elif args.subparser_name == "install-couchbase": + from pygluu.kubernetes.terminal.couchbase import PromptCouchbase + prompt_couchbase = PromptCouchbase(settings) + prompt_couchbase.prompt_couchbase() + couchbase = Couchbase() + couchbase.install() + + elif args.subparser_name == "install-couchbase-backup": + from pygluu.kubernetes.terminal.couchbase import PromptCouchbase + prompt_couchbase = PromptCouchbase(settings) + prompt_couchbase.prompt_couchbase() + couchbase = Couchbase() + couchbase.setup_backup_couchbase() + + elif args.subparser_name == "uninstall-couchbase": + from pygluu.kubernetes.terminal.couchbase import PromptCouchbase + prompt_couchbase = PromptCouchbase(settings) + prompt_couchbase.prompt_couchbase() + couchbase = Couchbase() + couchbase.uninstall() + + elif args.subparser_name == "generate-settings": + logger.info("settings.json has been generated") + + elif args.subparser_name == "install": + gluu = Gluu() + if settings.get("installer-settings.postgres.install"): + from pygluu.kubernetes.postgres import Postgres + postgres = Postgres() + postgres.install_postgres() + if settings.get("installer-settings.redis.install"): + from pygluu.kubernetes.redis import Redis + redis = Redis() + redis.uninstall_redis() + redis.install_redis() + if settings.get("installer-settings.sql.install") and \ + settings.get("config.configmap.cnSqlDbDialect") == "mysql": + from pygluu.kubernetes.mysql import MySQL + sql = MySQL() + sql.install_mysql() + gluu.install_gluu() + + elif args.subparser_name == "uninstall": + gluu = Gluu() + gluu.uninstall_gluu() + gluu.uninstall_nginx_ingress() + logger.info("Please wait...") + + elif args.subparser_name == "install-gluu": + gluu = Gluu() + gluu.uninstall_gluu() + gluu.install_gluu(install_ingress=False) + + except KeyboardInterrupt: + print("\n[I] Canceled by user; exiting ...") + + +if __name__ == "__main__": + main() diff --git a/helm/pygluu/kubernetes/gluu.py b/helm/pygluu/kubernetes/gluu.py new file mode 100644 index 00000000000..0051b711e77 --- /dev/null +++ b/helm/pygluu/kubernetes/gluu.py @@ -0,0 +1,275 @@ +""" +pygluu.kubernetes.helm +~~~~~~~~~~~~~~~~~~~~~~ + + License terms and conditions for Gluu Cloud Native Edition: + https://www.apache.org/licenses/LICENSE-2.0 + Handles Helm Gluu Chart +""" + +from pathlib import Path +from pygluu.kubernetes.yamlparser import Parser +from pygluu.kubernetes.helpers import get_logger, exec_cmd +from pygluu.kubernetes.kubeapi import Kubernetes +from pygluu.kubernetes.couchbase import Couchbase +from pygluu.kubernetes.settings import ValuesHandler +import time +import socket + +logger = get_logger("gluu-helm ") + + +class Gluu(object): + def __init__(self): + self.values_file = Path("./helm/gluu/override-values.yaml").resolve() + self.upgrade_values_file = Path("./helm/gluu-upgrade/values.yaml").resolve() + self.settings = ValuesHandler() + self.kubernetes = Kubernetes() + self.ldap_backup_release_name = self.settings.get("installer-settings.releaseName") + "-ldap-backup" + if "gke" in self.settings.get("installer-settings.volumeProvisionStrategy"): + # Clusterrolebinding needs to be created for gke with CB installed + if self.settings.get("config.configmap.cnCacheType") == "REDIS" or \ + self.settings.get("installer-settings.couchbase.install"): + user_account, stderr, retcode = exec_cmd("gcloud config get-value core/account") + user_account = str(user_account, "utf-8").strip() + + user, stderr, retcode = exec_cmd("whoami") + user = str(user, "utf-8").strip() + cluster_role_binding_name = "cluster-admin-{}".format(user) + self.kubernetes.create_cluster_role_binding(cluster_role_binding_name=cluster_role_binding_name, + user_name=user_account, + cluster_role_name="cluster-admin") + + def prepare_alb(self): + ingress_parser = Parser("./alb/ingress.yaml", "Ingress") + ingress_parser["spec"]["rules"][0]["host"] = self.settings.get("global.fqdn") + ingress_parser["metadata"]["annotations"]["alb.ingress.kubernetes.io/certificate-arn"] = \ + self.settings.get("installer-settings.aws.arn.arnAcmCert") + if not self.settings.get("installer-settings.aws.arn.enabled"): + del ingress_parser["metadata"]["annotations"]["alb.ingress.kubernetes.io/certificate-arn"] + + for path in ingress_parser["spec"]["rules"][0]["http"]["paths"]: + service_name = path["backend"]["serviceName"] + if self.settings.get("config.configmap.cnCasaEnabled") and service_name == "casa": + path_index = ingress_parser["spec"]["rules"][0]["http"]["paths"].index(path) + del ingress_parser["spec"]["rules"][0]["http"]["paths"][path_index] + + if self.settings.get("global.oxshibboleth.enabled") and service_name == "oxshibboleth": + path_index = ingress_parser["spec"]["rules"][0]["http"]["paths"].index(path) + del ingress_parser["spec"]["rules"][0]["http"]["paths"][path_index] + + if self.settings.get("config.configmap.cnPassportEnabled") and service_name == "oxpassport": + path_index = ingress_parser["spec"]["rules"][0]["http"]["paths"].index(path) + del ingress_parser["spec"]["rules"][0]["http"]["paths"][path_index] + + if self.settings.get("installer-settings.global.scim.enabled") and service_name == "jans-scim": + path_index = ingress_parser["spec"]["rules"][0]["http"]["paths"].index(path) + del ingress_parser["spec"]["rules"][0]["http"]["paths"][path_index] + + if self.settings.get("installer-settings.config-api.enabled") and service_name == "config-api": + path_index = ingress_parser["spec"]["rules"][0]["http"]["paths"].index(path) + del ingress_parser["spec"]["rules"][0]["http"]["paths"][path_index] + + ingress_parser.dump_it() + + def deploy_alb(self): + alb_ingress = Path("./alb/ingress.yaml") + self.kubernetes.create_objects_from_dict(alb_ingress, self.settings.get("installer-settings.namespace")) + if self.settings.get("global.fqdn"): + prompt = input("Please input the DNS of the Application load balancer found on AWS UI: ") + lb_hostname = prompt + while True: + try: + if lb_hostname: + break + lb_hostname = self.kubernetes.read_namespaced_ingress( + name="gluu", namespace="gluu").status.load_balancer.ingress[0].hostname + except TypeError: + logger.info("Waiting for loadbalancer address..") + time.sleep(10) + self.settings.set("config.configmap.lbAddr", lb_hostname) + + def wait_for_nginx_add(self): + hostname_ip = None + while True: + try: + if hostname_ip: + break + if "aws" in self.settings.get("installer-settings.volumeProvisionStrategy"): + hostname_ip = self.kubernetes.read_namespaced_service( + name=self.settings.get( + 'installer-settings.nginxIngress.releaseName') + "-ingress-nginx-controller", + namespace=self.settings.get( + "installer-settings.nginxIngress.releaseName")).status.load_balancer.ingress[ + 0].hostname + self.settings.set("config.configmap.lbAddr", hostname_ip) + if self.settings.get("installer-settings.aws.lbType") == "nlb": + try: + ip_static = socket.gethostbyname(str(hostname_ip)) + if ip_static: + break + except socket.gaierror: + logger.info("Address has not received an ip yet.") + elif "local" in self.settings.get("installer-settings.volumeProvisionStrategy"): + self.settings.set("config.configmap.lbAddr", + self.settings.get('installer-settings.nginxIngress.releaseName') + + "-nginx-ingress-controller." + + self.settings.get("installer-settings.nginxIngress.releaseName") + + ".svc.cluster.local") + break + else: + hostname_ip = self.kubernetes.read_namespaced_service( + name=self.settings.get('installer-settings.nginxIngress.releaseName') + "-ingress-nginx-controller", + namespace=self.settings.get("installer-settings.nginxIngress.releaseName")).status.load_balancer.ingress[0].ip + self.settings.set("global.lbIp", hostname_ip) + except (TypeError, AttributeError): + logger.info("Waiting for address..") + time.sleep(10) + + def check_install_nginx_ingress(self, install_ingress=True): + """ + Helm installs nginx ingress or checks to recieve and ip or address + :param install_ingress: + """ + if install_ingress: + self.kubernetes.delete_custom_resource("virtualservers.k8s.nginx.org") + self.kubernetes.delete_custom_resource("virtualserverroutes.k8s.nginx.org") + self.kubernetes.delete_cluster_role("ingress-nginx-nginx-ingress") + self.kubernetes.delete_cluster_role_binding("ingress-nginx-nginx-ingress") + self.kubernetes.create_namespace(name=self.settings.get("installer-settings.nginxIngress.releaseName"), + labels={"app": "ingress-nginx"}) + self.kubernetes.delete_cluster_role( + self.settings.get('installer-settings.nginxIngress.releaseName') + "-nginx-ingress-controller") + self.kubernetes.delete_cluster_role_binding( + self.settings.get('installer-settings.nginxIngress.releaseName') + "-nginx-ingress-controller") + try: + exec_cmd("helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx") + exec_cmd("helm repo add stable https://charts.helm.sh/stable") + exec_cmd("helm repo update") + except FileNotFoundError: + logger.error("Helm v3 is not installed. Please install it to continue " + "https://helm.sh/docs/intro/install/") + raise SystemExit(1) + command = "helm install {} ingress-nginx/ingress-nginx --namespace={} ".format( + self.settings.get('installer-settings.nginxIngress.releaseName'), + self.settings.get("installer-settings.nginxIngress.namespace")) + if self.settings.get("installer-settings.volumeProvisionStrategy") == "minikubeDynamic": + exec_cmd("minikube addons enable ingress") + if "aws" in self.settings.get("installer-settings.volumeProvisionStrategy"): + if self.settings.get("installer-settings.aws.lbType") == "nlb": + if install_ingress: + nlb_override_values_file = Path("./nginx/aws/aws-nlb-override-values.yaml").resolve() + nlb_values = " --values {}".format(nlb_override_values_file) + exec_cmd(command + nlb_values) + else: + if self.settings.get("installer-settings.aws.arn.enabled"): + if install_ingress: + elb_override_values_file = Path("./nginx/aws/aws-elb-override-values.yaml").resolve() + elb_file_parser = Parser(elb_override_values_file, True) + elb_file_parser["controller"]["service"]["annotations"].update( + {"service.beta.kubernetes.io/aws-load-balancer-ssl-cert": self.settings.get( + "installer-settings.aws.arn.arnAcmCert")}) + elb_file_parser["controller"]["config"]["proxy-real-ip-cidr"] = \ + self.settings.get("installer-settings.aws.vpcCidr") + elb_file_parser.dump_it() + elb_values = " --values {}".format(elb_override_values_file) + exec_cmd(command + elb_values) + else: + if install_ingress: + exec_cmd(command) + volume_provision_strategy = self.settings.get("installer-settings.volumeProvisionStrategy") + if "gke" in volume_provision_strategy or \ + "aks" in volume_provision_strategy or \ + "doks" in volume_provision_strategy: + if install_ingress: + cloud_override_values_file = Path("./nginx/cloud/cloud-override-values.yaml").resolve() + cloud_values = " --values {}".format(cloud_override_values_file) + exec_cmd(command + cloud_values) + elif "local" in volume_provision_strategy: + if install_ingress: + baremetal_override_values_file = Path("./nginx/baremetal/baremetal-override-values.yaml").resolve() + baremetal_values = " --values {}".format(baremetal_override_values_file) + exec_cmd(command + baremetal_values) + if self.settings.get("global.storageClass.provisioner") not in \ + ("microk8s.io/hostpath", "k8s.io/minikube-hostpath"): + logger.info("Waiting for nginx to be prepared...") + time.sleep(60) + self.wait_for_nginx_add() + + def install_gluu(self, install_ingress=True): + """ + Helm install Gluu + :param install_ingress: + """ + labels = {"app": "gluu"} + if self.settings.get("global.istio.enabled"): + labels = {"app": "gluu", "istio-injection": "enabled"} + self.kubernetes.create_namespace(name=self.settings.get("installer-settings.namespace"), labels=labels) + if self.settings.get("global.cnPersistenceType") != "ldap" and \ + self.settings.get("installer-settings.couchbase.install"): + couchbase_app = Couchbase() + couchbase_app.uninstall() + couchbase_app = Couchbase() + couchbase_app.install() + self.settings = ValuesHandler() + if self.settings.get("installer-settings.aws.lbType") == "alb": + self.prepare_alb() + self.deploy_alb() + if self.settings.get("installer-settings.aws.lbType") != "alb" and \ + self.settings.get("global.istio.ingress"): + self.check_install_nginx_ingress(install_ingress) + try: + exec_cmd("helm install {} -f {} ./helm/gluu --namespace={}".format( + self.settings.get('installer-settings.releaseName'), + self.values_file, self.settings.get("installer-settings.namespace"))) + + if self.settings.get("global.cnPersistenceType") in ("hybrid", "ldap"): + self.install_ldap_backup() + + except FileNotFoundError: + logger.error("Helm v3 is not installed. Please install it to continue " + "https://helm.sh/docs/intro/install/") + raise SystemExit(1) + + def install_ldap_backup(self): + values_file = Path("./helm/ldap-backup/values.yaml").resolve() + values_file_parser = Parser(values_file, True) + values_file_parser["ldapPass"] = self.settings.get("config.ldapPassword") + if self.settings.get("global.storageClass.provisioner") not in \ + ("microk8s.io/hostpath", "k8s.io/minikube-hostpath"): + values_file_parser["gluuLdapSchedule"] = self.settings.get("installer-settings.ldap.backup.fullSchedule") + if self.settings.get("opendj.multiCluster.enabled"): + values_file_parser["multiCluster"]["enabled"] = True + values_file_parser["multiCluster"]["ldapAdvertiseAdminPort"] = \ + self.settings.get("opendj.ports.tcp-admin.nodePort") + values_file_parser["multiCluster"]["serfAdvertiseAddrSuffix"] = \ + self.settings.get("opendj.multiCluster.serfAdvertiseAddrSuffix")[:-6] + values_file_parser.dump_it() + exec_cmd("helm install {} -f ./helm/ldap-backup/values.yaml ./helm/ldap-backup --namespace={}".format( + self.ldap_backup_release_name, self.settings.get("installer-settings.namespace"))) + + def upgrade_gluu(self): + values_file_parser = Parser(self.upgrade_values_file, True) + values_file_parser["domain"] = self.settings.get("global.fqdn") + values_file_parser["cnCacheType"] = self.settings.get("config.configmap.cnCacheType") + values_file_parser["cnCouchbaseUrl"] = self.settings.get("config.configmap.cnCouchbaseUrl") + values_file_parser["cnCouchbaseUser"] = self.settings.get("config.configmap.cnCouchbaseUser") + values_file_parser["cnCouchbaseSuperUser"] = self.settings.get("config.configmap.cnCouchbaseSuperUser") + values_file_parser["cnPersistenceLdapMapping"] = self.settings.get("global.cnPersistenceType") + values_file_parser["cnPersistenceType"] = self.settings.get("config.configmap.cnPersistenceLdapMapping") + values_file_parser["source"] = self.settings.get("installer-settings.currentVersion") + values_file_parser["target"] = self.settings.get("installer-settings.upgrade.targetVersion") + values_file_parser.dump_it() + exec_cmd("helm install {} -f {} ./helm/gluu-upgrade --namespace={}".format( + self.settings.get('installer-settings.releaseName'), self.values_file, + self.settings.get("installer-settings.namespace"))) + + def uninstall_gluu(self): + exec_cmd("helm delete {} --namespace={}".format(self.settings.get('installer-settings.releaseName'), + self.settings.get("installer-settings.namespace"))) + exec_cmd("helm delete {} --namespace={}".format(self.ldap_backup_release_name, + self.settings.get("installer-settings.namespace"))) + + def uninstall_nginx_ingress(self): + exec_cmd("helm delete {} --namespace={}".format(self.settings.get('installer-settings.nginxIngress.releaseName'), + self.settings.get("installer-settings.nginxIngress.namespace"))) diff --git a/helm/pygluu/kubernetes/helpers.py b/helm/pygluu/kubernetes/helpers.py new file mode 100644 index 00000000000..567bcab14b5 --- /dev/null +++ b/helm/pygluu/kubernetes/helpers.py @@ -0,0 +1,208 @@ +""" +pygluu.kubernetes.common +~~~~~~~~~~~~~~~~~~~~~~~~ + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" +import errno +import subprocess +import shlex +import logging +import json +import shutil +import os +import string +import random +import re +from getpass import getpass +from pathlib import Path + + +def update_settings_json_file(settings): + """Write settings out to a json file + + :param settings: + """ + with open(Path('./settings.json'), 'w+') as file: + json.dump(settings, file, indent=2) + + +def exec_cmd(cmd, output_file=None, silent=False): + """Execute command cmd + + :param cmd: + :param output_file: + :param silent: + :return: + """ + args = shlex.split(cmd) + popen = subprocess.Popen(args, + stdin=subprocess.PIPE, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + stdout, stderr = popen.communicate() + retcode = popen.returncode + if stdout and output_file: + with open(output_file, "w+") as file: + file.write(str(stdout, "utf-8")) + else: + logger.info(str(stdout, "utf-8")) + if retcode != 0 and not silent: + logger.error(str(stderr, "utf-8")) + return stdout, stderr, retcode + + +def get_logger(name): + """Set logger configs with name. + + :param name: + :return: + """ + log_format = '%(asctime)s - %(name)8s - %(levelname)5s - %(message)s' + logging.basicConfig(level=logging.INFO, + format=log_format, + filename='setup.log', + filemode='w') + console = logging.StreamHandler() + console.setLevel(logging.INFO) + console.setFormatter(logging.Formatter(log_format)) + logging.getLogger(name).addHandler(console) + return logging.getLogger(name) + + +def copy_templates(): + """Copy templates folder. /pygluu/kubernetes/templates to working dir. + """ + entries = Path( + os.path.join(os.path.dirname(__file__), "templates") + ) + curdir = os.getcwd() + for entry in entries.iterdir(): + dst = os.path.join(curdir, entry.name) + if os.path.exists(dst): + continue + copy(entry, dst) + + +def check_microk8s_kube_config_file(): + """Copy microk8s kuber config to ~/.kube/config + """ + kube_config_file_location = Path(os.path.expanduser("~/.kube/config")) + + if not kube_config_file_location.exists(): + kube_dir = os.path.dirname(kube_config_file_location) + + if not os.path.exists(kube_dir): + os.makedirs(kube_dir) + + try: + shutil.copy(Path("/var/snap/microk8s/current/credentials/client.config"), kube_config_file_location) + except FileNotFoundError: + logger.error("No Kubernetes config file found at ~/.kube/config") + + +def get_supported_versions(): + """Get Gluu versions from gluu_versions.json + + return: + """ + versions = {} + version_number = 0 + dev_version = "" + + filename = Path("./gluu_versions.json") + try: + with open(filename) as f: + versions = json.load(f) + logger.info("Currently supported versions are : ") + for k, v in versions.items(): + if "_dev" in k: + logger.info("Development version : {}".format(k)) + dev_version = k + else: + logger.info("Stable version : {}".format(k)) + if float(k) > version_number: + version_number = float(k) + except FileNotFoundError: + pass + finally: + if not version_number: + # No stable version exists + version_number = dev_version + + version_number = str(version_number) + return versions, version_number + + +def generate_password(length=6): + """Returns randomly generated password + + :param length: Length of password + :return: + """ + chars = string.ascii_letters + string.digits + string.punctuation + string.punctuation + chars = chars.replace('"', '') + chars = chars.replace("'", "") + chars = chars.replace("$", "") + chars = chars.replace("/", "") + chars = chars.replace("\\", "") + chars = chars.replace("!", "") + + while True: + password = ''.join(random.choice(chars) for _ in range(length)) + regex_bool = re.match('^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*\W)[a-zA-Z0-9\S]{6,}$', password) # noqa: W605 + if regex_bool: + break + + return password + + +def prompt_password(password, length=6): + """Prompt password and password confirmation + + :param password: string for the prompt name + :param length: Length of password + :return: + """ + while True: + random_password = "" if password == "Redis" else generate_password(length) + string_random_password = '' if not random_password else random_password[:1] + "***" + random_password[4:] + pw_prompt = getpass(prompt='{} password [{}]: '.format(password, string_random_password), stream=None) + regex_bool = True + if not pw_prompt: + pw_prompt = random_password + confirm_pw_prompt = random_password + else: + confirm_pw_prompt = getpass(prompt='Confirm password: ', stream=None) + if password != "Redis": + regex_bool = re.match('^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*\\W)[a-zA-Z0-9\\S]{6,}$', + pw_prompt) # noqa: W605 + + if confirm_pw_prompt != pw_prompt: + logger.error("Passwords do not match") + elif not regex_bool: + logger.error("Password does not meet requirements. The password must contain one digit, one uppercase" + " letter, one lower case letter and one symbol") + else: + logger.info("Success! {} password was set.".format(password)) + return pw_prompt + + +def copy(src, dest): + """Copy from source to destination + + :param src: + :param dest: + """ + try: + shutil.copytree(src, dest) + except OSError as e: + # If the error was caused because the source wasn't a directory + if e.errno == errno.ENOTDIR: + shutil.copy(src, dest) + else: + logger.error('Directory not copied. Error: {}'.format(e)) + + +logger = get_logger("gluu-common ") diff --git a/helm/pygluu/kubernetes/kubeapi.py b/helm/pygluu/kubernetes/kubeapi.py new file mode 100644 index 00000000000..9862436c7aa --- /dev/null +++ b/helm/pygluu/kubernetes/kubeapi.py @@ -0,0 +1,497 @@ +""" +pygluu.kubernetes.kubeapi +~~~~~~~~~~~~~~~~~~~~~~~~~ + + License terms and conditions for Gluu Cloud Native Edition: + https://www.apache.org/licenses/LICENSE-2.0 +""" + +import sys +import time + +from kubernetes import client, utils, config + +from pygluu.kubernetes.helpers import get_logger, check_microk8s_kube_config_file, exec_cmd +from pygluu.kubernetes.yamlparser import Parser + +logger = get_logger("gluu-kubernetes-api") + + +def load_kubernetes_config(mute=True): + """ + Loads kubernetes in cluster or from file configuration + :param mute: + """ + config_loaded = False + try: + config.load_incluster_config() + config_loaded = True + except config.config_exception.ConfigException: + if not mute: + logger.warning("Unable to load in-cluster configuration; trying to load from Kube config file") + try: + config.load_kube_config() + config_loaded = True + except (IOError, config.config_exception.ConfigException) as exc: + if not mute: + logger.warning("Unable to load Kube config; reason={}".format(exc)) + + if not config_loaded: + logger.error("Unable to load in-cluster or Kube config") + sys.exit(1) + + +class Kubernetes(object): + def __init__(self): + check_microk8s_kube_config_file() + load_kubernetes_config() + self.api_client = client.ApiClient() + self.custom_def_cli = client.CustomObjectsApi() + self.core_cli = client.CoreV1Api() + self.apps_cli = client.AppsV1Api() + self.rbac_cli = client.RbacAuthorizationV1Api() + self.extenstion_cli = client.ExtensionsV1beta1Api() + self.crd_cli = client.ApiextensionsV1beta1Api() + self.storage_cli = client.StorageV1Api() + self.admission_cli = client.AdmissionregistrationV1beta1Api() + self.delete_options = client.V1DeleteOptions() + self.delete_options.grace_period_seconds = 2 + self.delete_options.propagation_policy = 'Foreground' + self.core_cli.api_client.configuration.assert_hostname = False + self.apps_cli.api_client.configuration.assert_hostname = False + + @staticmethod + def check_error_and_response(starting_time, resp): + end_time = time.time() + running_time = end_time - starting_time + if resp.status != 404 and resp.status: + logger.info("Waiting for the kubernetes object to be fully terminated.") + time.sleep(1) + if running_time > 60: + logger.exception(resp) + return False + return True + else: + # The kubernetes object has been removed or does not exist" + return False + + @staticmethod + def check_create_error_and_response(e, kind, name): + """Checking create error """ + error = str(e) + if "AlreadyExists" in error or "409" in error: + logger.warning("Resource {}/{} already exists. Skipping...".format(kind, name)) + pass + elif "Unauthorized" in error or "401" in error: + logger.error("Unauthorized code status 401 while trying to create {}/{}.".format( + kind, name)) + pass + elif "Not Found" in error or "404" in error: + logger.error("Not found code status 404 while trying to create {}/{}. Trying again..".format( + kind, name)) + pass + else: + raise e + + @staticmethod + def check_read_error_and_response(starting_time, resp): + end_time = time.time() + running_time = end_time - starting_time + if resp.status == 404 and not resp.status: + logger.info("Resource not found. Trying to read again...") + time.sleep(1) + if running_time > 40: + logger.exception(resp) + return False + return True + else: + # The kubernetes object has been found" + return False + + def delete_validating_webhook_configuration(self, name): + """Delete validating webhook configuration with name""" + starting_time = time.time() + response = True + while response: + try: + resp = self.admission_cli.delete_validating_webhook_configuration(name, body=self.delete_options) + except client.rest.ApiException as e: + response = self.check_error_and_response(starting_time, e) + else: + response = self.check_error_and_response(starting_time, resp) + logger.info("validatingwebhookconfiguration/{} has been removed or does not exist".format(name)) + + def delete_mutating_webhook_configuration(self, name): + """Delete mutating webhook configuration with name""" + starting_time = time.time() + response = True + while response: + try: + resp = self.admission_cli.delete_mutating_webhook_configuration(name, body=self.delete_options) + except client.rest.ApiException as e: + response = self.check_error_and_response(starting_time, e) + else: + response = self.check_error_and_response(starting_time, resp) + logger.info("mutatingwebhookconfiguration/{} has been removed or does not exist".format(name)) + + def delete_service(self, name, namespace="default"): + """Delete service with name in namespace""" + starting_time = time.time() + response = True + while response: + try: + resp = self.core_cli.delete_namespaced_service(name=name, namespace=namespace, body=self.delete_options) + except client.rest.ApiException as e: + response = self.check_error_and_response(starting_time, e) + else: + response = self.check_error_and_response(starting_time, resp) + logger.info("service/{} from namespace/{} has been removed or does not exist".format(name, namespace)) + + def delete_deployment_using_name(self, name, namespace="default"): + """Delete deployment using name in namespace""" + starting_time = time.time() + response = True + while response: + try: + resp = self.apps_cli.delete_namespaced_deployment(name, namespace, body=self.delete_options) + except client.rest.ApiException as e: + response = self.check_error_and_response(starting_time, e) + else: + response = self.check_error_and_response(starting_time, resp) + logger.info('deployment/{} in namespace/{} has been removed or does not exist'.format(name, namespace)) + + def delete_secret(self, name, namespace="default"): + """Delete secret using name in namespace""" + starting_time = time.time() + response = True + while response: + try: + resp = self.core_cli.delete_namespaced_secret(name, namespace, body=self.delete_options) + except client.rest.ApiException as e: + response = self.check_error_and_response(starting_time, e) + else: + response = self.check_error_and_response(starting_time, resp) + logger.info('secret/{} from namespace/{} has been removed or does not exist'.format(name, namespace)) + + def delete_role(self, name, namespace="default"): + """Delete role using name in namespace""" + starting_time = time.time() + response = True + while response: + try: + resp = self.rbac_cli.delete_namespaced_role(name, namespace, body=self.delete_options) + except client.rest.ApiException as e: + response = self.check_error_and_response(starting_time, e) + else: + response = self.check_error_and_response(starting_time, resp) + logger.info('role/{} in namespace/{} has been removed or does not exist'.format(name, namespace)) + + def delete_role_binding(self, name, namespace="default"): + """Delete role binding using name in namespace""" + starting_time = time.time() + response = True + while response: + try: + resp = self.rbac_cli.delete_namespaced_role_binding(name, namespace, body=self.delete_options) + except client.rest.ApiException as e: + response = self.check_error_and_response(starting_time, e) + else: + response = self.check_error_and_response(starting_time, resp) + logger.info('rolebinding/{} from namespace/{} has been removed or does not exist'.format(name, namespace)) + + def delete_cluster_role(self, name): + """Delete cluster role using name""" + starting_time = time.time() + response = True + while response: + try: + resp = self.rbac_cli.delete_cluster_role(name, body=self.delete_options) + except client.rest.ApiException as e: + response = self.check_error_and_response(starting_time, e) + else: + response = self.check_error_and_response(starting_time, resp) + logger.info('role/{} has been removed or does not exist'.format(name)) + + def delete_cluster_role_binding(self, name): + """Delete cluster role binding using name""" + starting_time = time.time() + response = True + while response: + try: + resp = self.rbac_cli.delete_cluster_role_binding(name, body=self.delete_options) + except client.rest.ApiException as e: + response = self.check_error_and_response(starting_time, e) + else: + response = self.check_error_and_response(starting_time, resp) + logger.info('clusterrolebinding/{} has been removed or does not exist'.format(name)) + + def delete_service_account(self, name, namespace="default"): + """Delete service account using name in namespace""" + starting_time = time.time() + response = True + while response: + try: + resp = self.core_cli.delete_namespaced_service_account(name, namespace, body=self.delete_options) + except client.rest.ApiException as e: + response = self.check_error_and_response(starting_time, e) + else: + response = self.check_error_and_response(starting_time, resp) + logger.info('serviceaccount/{} in namespace/{} has been removed or does not exist'.format(name, namespace)) + + def delete_custom_resource(self, name): + """Delete custom resource using name""" + starting_time = time.time() + response = True + while response: + try: + resp = self.crd_cli.delete_custom_resource_definition(name, body=self.delete_options) + + except client.rest.ApiException as e: + response = self.check_error_and_response(starting_time, e) + else: + response = self.check_error_and_response(starting_time, resp) + logger.info('customeresource/{} has been removed or does not exist'.format(name)) + + def delete_storage_class(self, name): + """Delete storage class using name""" + starting_time = time.time() + response = True + while response: + try: + resp = self.storage_cli.delete_storage_class(name, body=self.delete_options) + except client.rest.ApiException as e: + response = self.check_error_and_response(starting_time, e) + else: + response = self.check_error_and_response(starting_time, resp) + logger.info('storageclass/{} has been removed or does not exist'.format(name)) + + def delete_namespaced_custom_object(self, filepath, group, version, plural, namespace="default"): + """Delete custom object using file in namespace""" + starting_time = time.time() + response = True + while response: + yaml_objects = Parser(filepath).return_manifests_dict + for manifest in yaml_objects: + try: + resp = self.custom_def_cli.delete_namespaced_custom_object(group=group, + version=version, + namespace=namespace, + plural=plural, + name=manifest["metadata"]["name"], + body=manifest) + + logger.info('Deleted {}/{} in namespace {}'.format(manifest["kind"], + manifest["metadata"]["name"], namespace)) + except client.rest.ApiException as e: + response = self.check_error_and_response(starting_time, e) + else: + response = self.check_error_and_response(starting_time, resp) + + def delete_namespaced_custom_object_by_name(self, group, version, plural, name, namespace="default"): + """Delete custom object using name in namespace""" + try: + resp = self.custom_def_cli.delete_namespaced_custom_object(group=group, + version=version, + namespace=namespace, + plural=plural, + name=name, + body=self.delete_options) + logger.info('Deleted {} in namespace {}'.format(name, namespace)) + except client.rest.ApiException as e: + if e.status == 404: + logger.info('{} in namespace {} not found.'.format(name, namespace)) + else: + logger.error(e, resp) + + def create_namespace(self, name, labels=None): + """Create namespace using name""" + labels = labels or {} + body = client.V1Secret() + metadata = client.V1ObjectMeta() + metadata.name = name + metadata.labels = labels + body.metadata = metadata + try: + self.core_cli.create_namespace(body=body, pretty="pretty") + logger.info('Created namespace {}'.format(name)) + return True + except client.rest.ApiException as e: + self.check_create_error_and_response(e, "Namespace", name) + return False + + def create_cluster_role_binding(self, cluster_role_binding_name, user_name, cluster_role_name): + """Create role binding using name=role_binding_name in namespace + connecting role_name using service_account_name""" + metadata = client.V1ObjectMeta(name=cluster_role_binding_name) + role = client.V1RoleRef(kind="ClusterRole", name=cluster_role_name, api_group="rbac.authorization.k8s.io") + subject = client.V1Subject(kind="User", name=user_name) + body = client.V1ClusterRoleBinding(subjects=[subject], metadata=metadata, role_ref=role) + + try: + self.rbac_cli.create_cluster_role_binding(body=body) + logger.info('Created cluster role binding {}'.format(cluster_role_binding_name)) + return True + except client.rest.ApiException as e: + self.check_create_error_and_response(e, "ClusterRoleBinding", cluster_role_binding_name) + return False + + def create_namespaced_custom_object(self, filepath, group, version, plural, namespace="default"): + """Create custom object using file in namespace""" + yaml_objects = Parser(filepath).return_manifests_dict + for manifest in yaml_objects: + try: + self.custom_def_cli.create_namespaced_custom_object(group=group, + version=version, + namespace=namespace, + plural=plural, + body=manifest) + + logger.info('Created {}/{} in namespace {}'.format(manifest["kind"], + manifest["metadata"]["name"], namespace)) + except (client.rest.ApiException, Exception) as e: + self.check_create_error_and_response(e, manifest["kind"], manifest["metadata"]["name"]) + + def patch_or_create_namespaced_secret(self, name, literal, value_of_literal, namespace="default", + secret_type="Opaque", second_literal=None, value_of_second_literal=None, + data=None): + """Patch secret and if not exist create""" + # Instantiate the Secret object + body = client.V1Secret() + metadata = client.V1ObjectMeta(name=name) + body.data = data + if not data: + body.data = {literal: value_of_literal} + body.metadata = metadata + body.type = secret_type + if second_literal: + body.data = {literal: value_of_literal, second_literal: value_of_second_literal} + try: + self.core_cli.patch_namespaced_secret(name, namespace, body) + logger.info('Secret {} in namespace {} has been patched'.format(name, namespace)) + return + except client.rest.ApiException as e: + if e.status == 404 or not e.status: + try: + self.core_cli.create_namespaced_secret(namespace=namespace, body=body) + logger.info('Created secret {} of type {} in namespace {}'.format(name, secret_type, namespace)) + return True + except client.rest.ApiException as e: + logger.exception(e) + return False + logger.exception(e) + return False + + def create_objects_from_dict(self, filepath, namespace=None): + """Create kubernetes object from a yaml encapsulated inside a dictionary""" + yaml_objects = Parser(filepath).return_manifests_dict + for manifest in yaml_objects: + try: + # handle special cases of namespace injection + if namespace: + manifest["metadata"]["namespace"] = namespace + utils.create_from_dict(self.api_client, manifest) + logger.info('Created {}/{}'.format(manifest["kind"], manifest["metadata"]["name"])) + except (client.rest.ApiException, Exception) as e: + # AttributeError: module 'kubernetes.client' has no attribute 'NetworkingIstioIoV1alpha3Api' + if "module 'kubernetes.client' has no attribute 'NetworkingIstioIoV1alpha3Api'" in str(e): + logger.warning("Creating {} failed.".format(manifest["kind"])) + logger.info("Trying again using kubectl...") + exec_cmd("kubectl apply -f {} -n {}".format(filepath, namespace)) + break + self.check_create_error_and_response(e, manifest["kind"], manifest["metadata"]["name"]) + + def list_pod_name_by_label(self, namespace="default", app_label=None): + """List pods names with app label in namespace""" + try: + pods_name = [] + response = self.core_cli.list_namespaced_pod(namespace=namespace, label_selector=app_label, watch=False) + number_of_pods = len(response.items) + for i in range(number_of_pods): + pods_name.append(response.items[i].metadata.name) + return pods_name + except client.rest.ApiException as e: + logger.exception(e) + + def read_namespaced_service(self, name, namespace="default"): + """Read service with name in namespace""" + starting_time = time.time() + response = True + while response: + try: + service = self.core_cli.read_namespaced_service(name=name, namespace=namespace) + logger.info('Reading service {}'.format(name)) + return service + except client.rest.ApiException as e: + response = self.check_read_error_and_response(starting_time, e) + + def read_namespaced_ingress(self, name, namespace="default"): + """Read service with name in namespace""" + starting_time = time.time() + response = True + while response: + try: + ingress = self.extenstion_cli.read_namespaced_ingress(name=name, namespace=namespace) + logger.info('Reading ingress {}'.format(name)) + return ingress + except client.rest.ApiException as e: + response = self.check_read_error_and_response(starting_time, e) + + def read_namespaced_pod_status(self, name, timeout, namespace="default"): + """Read pod status with name in namespace""" + starting_time = time.time() + try: + finished_prep_boolean = False + while not finished_prep_boolean: + end_time = time.time() + running_time = end_time - starting_time + time.sleep(5) + response = self.core_cli.read_namespaced_pod_status(name=name, namespace=namespace) + all_statuses = response.status.conditions + try: + for status in all_statuses: + if status.type == "Ready": + try: + check_if_job = response.metadata.labels["job-name"] + except KeyError: + check_if_job = None + if check_if_job and status.reason == "PodCompleted": + finished_prep_boolean = True + break + elif not check_if_job and status.status == "True": + finished_prep_boolean = True + break + except TypeError: + logger.warning("Pod might not exist or was evicted.") + if running_time > timeout: + logger.warning("Timeout exceeded. This may not be an error. Please check pods statuses.") + return False + logger.info("Waiting for pod {} to get ready".format(name)) + except client.rest.ApiException as e: + logger.exception(e) + + def check_pods_statuses(self, namespace="default", app_label=None, timeout=300): + """Loop through pod names and check statuses""" + time.sleep(10) + pods_name = self.list_pod_name_by_label(namespace, app_label) + for pod_name in pods_name: + self.read_namespaced_pod_status(name=pod_name, namespace=namespace, timeout=timeout) + + def list_nodes(self): + """List all nodes""" + try: + nodes_list = self.core_cli.list_node(pretty="pretty") + logger.info("Getting list of nodes") + return nodes_list + except client.rest.ApiException as e: + logger.exception(e) + return False + + def read_node(self, name): + """Read node information""" + try: + node_data = self.core_cli.read_node(name) + logger.info("Getting node {} data".format(name)) + return node_data + except client.rest.ApiException as e: + logger.exception(e) + return False diff --git a/helm/pygluu/kubernetes/mysql.py b/helm/pygluu/kubernetes/mysql.py new file mode 100644 index 00000000000..50badab2eef --- /dev/null +++ b/helm/pygluu/kubernetes/mysql.py @@ -0,0 +1,49 @@ +""" +pygluu.kubernetes.mysql +~~~~~~~~~~~~~~~~~~~~~~~ + License terms and conditions for Gluu Cloud Native Edition: + https://www.apache.org/licenses/LICENSE-2.0 + Handles MySQL operations +""" + +from pygluu.kubernetes.helpers import get_logger, exec_cmd +from pygluu.kubernetes.kubeapi import Kubernetes +from pygluu.kubernetes.settings import ValuesHandler + +logger = get_logger("gluu-mysql ") + + +class MySQL(object): + def __init__(self): + self.settings = ValuesHandler() + self.kubernetes = Kubernetes() + self.timeout = 120 + + def install_mysql(self): + self.uninstall_mysql() + self.kubernetes.create_namespace(name=self.settings.get("installer-settings.sql.namespace"), + labels={"app": "mysql"}) + + exec_cmd("helm repo add bitnami https://charts.bitnami.com/bitnami") + exec_cmd("helm repo update") + exec_cmd("helm install {} bitnami/mysql " + "--set auth.rootPassword={} " + "--set auth.database={} " + "--set auth.username={} " + "--set auth.password={} " + "--namespace={} ".format("gluu", + self.settings.get("config.configmap.cnSqldbUserPassword"), + self.settings.get("config.configmap.cnSqlDbName"), + self.settings.get("config.configmap.cnSqlDbUser"), + self.settings.get("config.configmap.cnSqldbUserPassword"), + self.settings.get("installer-settings.sql.namespace"))) + + if not self.settings.get("installer-settings.aws.lbType") == "alb": + self.kubernetes.check_pods_statuses(self.settings.get("installer-settings.sql.namespace"), "app=mysql", + self.timeout) + + def uninstall_mysql(self): + logger.info("Removing gluu-mysql...") + logger.info("Removing mysql...") + exec_cmd("helm delete {} --namespace={}".format("gluu", + self.settings.get("installer-settings.sql.namespace"))) diff --git a/helm/pygluu/kubernetes/postgres.py b/helm/pygluu/kubernetes/postgres.py new file mode 100644 index 00000000000..bd4c73f7240 --- /dev/null +++ b/helm/pygluu/kubernetes/postgres.py @@ -0,0 +1,70 @@ +""" +pygluu.kubernetes.postgres +~~~~~~~~~~~~~~~~~~~~~~~~~~ + + License terms and conditions for Gluu Cloud Native Edition: + https://www.apache.org/licenses/LICENSE-2.0 + Handles Postgres operations +""" + +from pygluu.kubernetes.helpers import get_logger, exec_cmd +from pygluu.kubernetes.kubeapi import Kubernetes +from pygluu.kubernetes.settings import ValuesHandler + +logger = get_logger("gluu-postgres ") + + +class Postgres(object): + def __init__(self): + self.settings = ValuesHandler() + self.kubernetes = Kubernetes() + self.timeout = 120 + + def install_postgres(self): + self.uninstall_postgres() + if self.settings.get("installer-settings.jackrabbit.clusterMode") == "Y": + self.kubernetes.create_namespace( + name=f'jackrabbit{self.settings.get("installer-settings.postgres.namespace")}', + labels={"app": "postgres"}) + exec_cmd("helm repo add bitnami https://charts.bitnami.com/bitnami") + exec_cmd("helm repo update") + exec_cmd("helm install {} bitnami/postgresql " + "--set global.postgresql.postgresqlDatabase={} " + "--set global.postgresql.postgresqlPassword={} " + "--set global.postgresql.postgresqlUsername={} " + "--namespace=jackrabbit{}".format("postgresql", + self.settings.get( + "config.configmap.cnJackrabbitPostgresDatabaseName"), + self.settings.get( + "jackrabbit.secrets.cnJackrabbitPostgresPassword"), + self.settings.get("config.configmap.cnJackrabbitPostgresUser"), + self.settings.get("installer-settings.postgres.namespace"))) + + if self.settings.get("global.cnPersistenceType") == "sql" and \ + self.settings.get("config.configmap.cnSqlDbDialect") == "pgsql": + self.kubernetes.create_namespace(name=self.settings.get("installer-settings.postgres.namespace"), + labels={"app": "mysql"}) + exec_cmd("helm install {} bitnami/postgresql " + "--set global.postgresql.postgresqlDatabase={} " + "--set global.postgresql.postgresqlPassword={} " + "--set global.postgresql.postgresqlUsername={} " + "--namespace={}".format("gluu", + self.settings.get("config.configmap.cnSqlDbName"), + self.settings.get("config.configmap.cnSqldbUserPassword"), + self.settings.get("config.configmap.cnSqlDbUser"), + self.settings.get("installer-settings.postgres.namespace"))) + + if not self.settings.get("installer-settings.aws.lbType") == "alb": + self.kubernetes.check_pods_statuses(self.settings.get("POSTGRES_NAMESPACE"), "app=postgres", + self.timeout) + + def uninstall_postgres(self): + logger.info("Removing gluu-postgres...") + logger.info("Removing postgres...") + exec_cmd("helm delete {} --namespace=jackrabbit{}".format("sql", + self.settings.get( + "installer-settings.postgres.namespace"))) + if self.settings.get("global.cnPersistenceType") == "sql" and \ + self.settings.get("config.configmap.cnSqlDbDialect") == "pgsql": + exec_cmd("helm delete {} --namespace={}".format("gluu", + self.settings.get("installer-settings.postgres.namespace"))) diff --git a/helm/pygluu/kubernetes/pycert.py b/helm/pygluu/kubernetes/pycert.py new file mode 100644 index 00000000000..1851752b8fa --- /dev/null +++ b/helm/pygluu/kubernetes/pycert.py @@ -0,0 +1,181 @@ +""" +pygluu.kubernetes.pycert +~~~~~~~~~~~~~~~~~~~~~~~~ + + License terms and conditions for Gluu Cloud Native Edition: + https://www.apache.org/licenses/LICENSE-2.0 + Generate certificate authority cert, key and chain cert and key signed by CA generated. +""" + +import datetime +import OpenSSL.crypto +import OpenSSL.SSL +from pygluu.kubernetes.helpers import get_logger +from cryptography import x509 +from cryptography.x509.oid import NameOID, ExtendedKeyUsageOID +from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives import serialization +from cryptography.hazmat.primitives.asymmetric import rsa + +logger = get_logger("gluu-cert-manager ") + + +def setup_crts(ca_common_name, cert_common_name, san_list, + ca_cert_file="./ca.crt", + ca_key_file="./ca.key", + cert_file="./chain.pem", + key_file="./pkey.key"): + """ + Generate certificate authority cert, key and chain cert and key signed by CA generated. + + :param ca_common_name: + :param cert_common_name: + :param san_list: + :param ca_cert_file: + :param ca_key_file: + :param cert_file: + :param key_file: + """ + logger.info("Generating CA private key") + root_key = rsa.generate_private_key( + public_exponent=65537, + key_size=2048, + backend=default_backend() + ) + subject = x509.Name([ + x509.NameAttribute(NameOID.COMMON_NAME, ca_common_name), + ]) + issuer = [ + x509.DirectoryName(x509.Name([ + x509.NameAttribute(x509.OID_COMMON_NAME, ca_common_name), + ])) + ] + skid = x509.SubjectKeyIdentifier.from_public_key( + root_key.public_key()) + root_serial_number = x509.random_serial_number() + logger.info("Building CA certificate") + root_cert = x509.CertificateBuilder( + ).subject_name(subject).issuer_name( + subject).public_key(root_key.public_key()).serial_number( + root_serial_number).not_valid_before( + datetime.datetime.utcnow()).not_valid_after( + datetime.datetime.utcnow() + datetime.timedelta(days=3650)).add_extension( + x509.BasicConstraints(ca=True, path_length=None), critical=False, + ).add_extension( + x509.KeyUsage( + digital_signature=False, + key_encipherment=False, + content_commitment=False, + data_encipherment=False, + key_agreement=False, + key_cert_sign=True, + crl_sign=True, + encipher_only=False, + decipher_only=False + ), + critical=False + + ).add_extension( + skid, + critical=False + + ).add_extension( + x509.AuthorityKeyIdentifier( + key_identifier=skid.digest, + authority_cert_issuer=issuer, + authority_cert_serial_number=root_serial_number + ), + critical=False + + ).sign(root_key, hashes.SHA256(), default_backend()) + + logger.info("Building {} certificate signed by CA".format(cert_common_name)) + # Generate cert for CA + cert_key = rsa.generate_private_key(public_exponent=65537, key_size=2048, backend=default_backend()) + new_subject = x509.Name([ + x509.NameAttribute(NameOID.COMMON_NAME, cert_common_name), + ]) + x509_sans = [] + for san in san_list: + x509_sans.append(x509.DNSName(san)) + cert = x509.CertificateBuilder().subject_name( + new_subject + ).issuer_name( + root_cert.subject + ).public_key( + cert_key.public_key() + ).serial_number( + x509.random_serial_number() + ).not_valid_before( + datetime.datetime.utcnow() + ).not_valid_after( + datetime.datetime.utcnow() + datetime.timedelta(days=365) + ).add_extension( + x509.SubjectAlternativeName(x509_sans), + critical=False, + ).add_extension( + x509.BasicConstraints(ca=False, path_length=None), critical=False, + ).add_extension( + x509.ExtendedKeyUsage([ + ExtendedKeyUsageOID.SERVER_AUTH, + ]), critical=False, + ).add_extension( + x509.KeyUsage( + digital_signature=True, + key_encipherment=True, + content_commitment=False, + data_encipherment=False, + key_agreement=False, + key_cert_sign=False, + crl_sign=False, + encipher_only=False, + decipher_only=False + ), + critical=False + + ).add_extension( + x509.SubjectKeyIdentifier.from_public_key( + cert_key.public_key() + ), + critical=False + + ).add_extension( + x509.AuthorityKeyIdentifier( + key_identifier=skid.digest, + authority_cert_issuer=issuer, + authority_cert_serial_number=root_serial_number + ), critical=False + + ).sign(root_key, hashes.SHA256(), default_backend()) + # Dump to scratch + ca_cert = root_cert.public_bytes(encoding=serialization.Encoding.PEM) + ca_key = root_key.private_bytes( + encoding=serialization.Encoding.PEM, + format=serialization.PrivateFormat.TraditionalOpenSSL, + encryption_algorithm=serialization.NoEncryption(), + ) + # Return PEM + cert_pem = cert.public_bytes(encoding=serialization.Encoding.PEM) + + cert_key_pem = cert_key.private_bytes( + encoding=serialization.Encoding.PEM, + format=serialization.PrivateFormat.TraditionalOpenSSL, + encryption_algorithm=serialization.NoEncryption(), + ) + crt = OpenSSL.crypto.load_certificate( + OpenSSL.crypto.FILETYPE_PEM, + cert_pem) + crt_header = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_TEXT, crt) + logger.info("Dumping {}".format(ca_cert_file)) + with open(ca_cert_file, "wb") as f: + f.write(ca_cert) + logger.info("Dumping {}".format(ca_key_file)) + with open(ca_key_file, "wb") as f: + f.write(ca_key) + logger.info("Dumping {}".format(cert_file)) + with open(cert_file, "wb") as f: + f.write(crt_header + cert_pem) + logger.info("Dumping {}".format(key_file)) + with open(key_file, "wb") as f: + f.write(cert_key_pem) diff --git a/helm/pygluu/kubernetes/redis.py b/helm/pygluu/kubernetes/redis.py new file mode 100644 index 00000000000..cc7f526b381 --- /dev/null +++ b/helm/pygluu/kubernetes/redis.py @@ -0,0 +1,54 @@ +""" +pygluu.kubernetes.redis +~~~~~~~~~~~~~~~~~~~~~~~ + + License terms and conditions for Gluu Cloud Native Edition: + https://www.apache.org/licenses/LICENSE-2.0 + Handles Redis installation for testing. +""" + +from pygluu.kubernetes.helpers import get_logger, exec_cmd +from pygluu.kubernetes.kubeapi import Kubernetes +from pygluu.kubernetes.settings import ValuesHandler + + +logger = get_logger("gluu-redis ") + + +class Redis(object): + def __init__(self): + self.settings = ValuesHandler() + self.kubernetes = Kubernetes() + self.timeout = 120 + if "gke" in self.settings.get("installer-settings.volumeProvisionStrategy"): + user_account, stderr, retcode = exec_cmd("gcloud config get-value core/account") + user_account = str(user_account, "utf-8").strip() + + user, stderr, retcode = exec_cmd("whoami") + user = str(user, "utf-8").strip() + cluster_role_binding_name = "cluster-admin-{}".format(user) + self.kubernetes.create_cluster_role_binding(cluster_role_binding_name=cluster_role_binding_name, + user_name=user_account, + cluster_role_name="cluster-admin") + + def install_redis(self): + self.uninstall_redis() + self.kubernetes.create_namespace(name=self.settings.get("installer-settings.redis.namespace"), + labels={"app": "redis"}) + exec_cmd("helm repo add bitnami https://charts.bitnami.com/bitnami") + exec_cmd("helm repo update") + exec_cmd("helm install {} bitnami/redis-cluster " + "--set global.redis.password={} " + "--namespace={}".format("redis-cluster", + self.settings.get("config.redisPassword"), + self.settings.get("installer-settings.redis.namespace"))) + + if not self.settings.get("installer-settings.aws.lbType") == "alb": + self.kubernetes.check_pods_statuses(self.settings.get("installer-settings.namespace"), "app=redis-cluster", + self.timeout) + + def uninstall_redis(self): + logger.info("Removing gluu-redis-cluster...") + logger.info("Removing redis...") + exec_cmd("helm delete {} --namespace={}".format("redis-cluster", + self.settings.get("installer-settings.redis.namespace"))) diff --git a/helm/pygluu/kubernetes/settings.py b/helm/pygluu/kubernetes/settings.py new file mode 100644 index 00000000000..a0f7b6610c9 --- /dev/null +++ b/helm/pygluu/kubernetes/settings.py @@ -0,0 +1,128 @@ +""" +pygluu.kubernetes.settings +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with settings saved in a dictionary for terminal and GUI installations. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" +import contextlib +import os +import shutil +from dotty_dict import dotty +from pygluu.kubernetes.yamlparser import Parser +from pathlib import Path +from pygluu.kubernetes.helpers import get_logger + +logger = get_logger("gluu-values-yaml ") + + +def unlink_values_yaml(): + filename = Path("./helm/gluu/values.yaml") + with contextlib.suppress(FileNotFoundError): + os.unlink(filename) + + +def iterate_dict(dictionary, key_value=""): + for k, v in dictionary.items(): + if isinstance(v, dict): + iterate_dict(v) + else: + dictionary[k] = key_value + + +class ValuesHandler(object): + def __init__(self, values_file="./helm/gluu/override-values.yaml", + values_schema_file="./helm/gluu/values.schema.json"): + self.values_file = Path(values_file) + self.values_schema = Path(values_schema_file) + self.errors = list() + self.values_file_parser = Parser(self.values_file, True) + self.schema = {} + + def load(self): + """ + Get merged settings (default and custom settings from json file). + """ + # Check if running in container and settings.json mounted + try: + shutil.copy(Path("./override-values.yaml"), self.values_file) + self.values_file_parser = Parser(self.values_file, True) + except FileNotFoundError: + # No installation settings mounted as /override-values.yaml. Checking values.yaml. + pass + + def store_override_file(self): + """ + Copy override file to main directory + """ + shutil.copy(Path("./helm/gluu/override-values.yaml"), Path("./override-values.yaml")) + + def store_data(self, clean_data=False): + try: + self.values_file_parser.dump_it(clean_data) + return True + except Exception as exc: + logger.info(f"Uncaught error={exc}") + return False + + def set(self, keys_string, value): + """ + single update + """ + try: + dot = dotty(self.values_file_parser) + dot[keys_string] = value + self.store_data() + except Exception as exc: + logger.info(f"Uncaught error={exc}") + return False + + def get(self, keys_string): + """ + This method receives a dict and list of attributes to return the innermost value of the give dict + """ + try: + dot = dotty(self.values_file_parser) + return dot[keys_string] + + except (KeyError, NameError): + logger.info("No Value Can Be Found for " + str(keys_string)) + return False + + def update(self, collection): + """ + mass update + """ + try: + self.values_file_parser.update(collection) + self.store_data() + return True + except Exception as exc: + logger.info(f"Uncaught error={exc}") + return False + + def reset_data(self): + """ + reset values.yaml to default_settings + """ + try: + iterate_dict(self.values_file_parser) + self.store_data() + return True + except Exception as exc: + logger.info(f"Uncaught error={exc}") + return False + + def remove_empty_keys(self): + """ + removes empty keys for override-values.yaml + """ + try: + self.store_data(clean_data=True) + self.store_override_file() + return True + except Exception as exc: + logger.error(f"Uncaught error={exc}") + return False diff --git a/helm/pygluu/kubernetes/templates/LICENSE b/helm/pygluu/kubernetes/templates/LICENSE new file mode 100644 index 00000000000..261eeb9e9f8 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/helm/pygluu/kubernetes/templates/alb/ingress.yaml b/helm/pygluu/kubernetes/templates/alb/ingress.yaml new file mode 100644 index 00000000000..a9c16b4373e --- /dev/null +++ b/helm/pygluu/kubernetes/templates/alb/ingress.yaml @@ -0,0 +1,117 @@ +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: gluu + annotations: + kubernetes.io/ingress.class: alb + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/certificate-arn: "" + alb.ingress.kubernetes.io/auth-session-cookie: custom-cookie + alb.ingress.kubernetes.io/auth-session-timeout: '3600' + alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=60,stickiness.type=lb_cookie + alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '10' + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/actions.scim-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "Path":"/jans-scim/restv1/scim-configuration", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/actions.openid-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "Path":"/jans-auth/.well-known/openid-configuration", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/actions.uma-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "Path":"/jans-auth/restv1/uma2-configuration", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/actions.webfinger-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "Path":"/jans-auth/.well-known/webfinger", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/actions.simple-web-discovery-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "Path":"/jans-auth/.well-known/simple-web-discovery", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/actions.fido-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "Path":"/jans-auth/restv1/fido-configuration", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/actions.fido2-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "Path":"/jans-fido2/restv1/configuration", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/actions.main-page-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "Path":"/identity/", "StatusCode": "HTTP_301"}}' + + +spec: + rules: + - host: FQDN + http: + paths: + - path: /* + backend: + serviceName: ssl-redirect + servicePort: use-annotation + - path: /.well-known/scim-configuration + backend: + serviceName: scim-redirect + servicePort: use-annotation + - path: /.well-known/openid-configuration + backend: + serviceName: openid-redirect + servicePort: use-annotation + - path: /.well-known/uma2-configuration + backend: + serviceName: uma-redirect + servicePort: use-annotation + - path: /.well-known/webfinger + backend: + serviceName: webfinger-redirect + servicePort: use-annotation + - path: /.well-known/simple-web-discovery + backend: + serviceName: simple-web-discovery-redirect + servicePort: use-annotation + - path: /.well-known/fido-configuration + backend: + serviceName: fido-redirect + servicePort: use-annotation + - path: /.well-known/fido2-configuration + backend: + serviceName: fido2-redirect + servicePort: use-annotation + - path: / + backend: + serviceName: main-page-redirect + servicePort: use-annotation + - path: /.well-known/scim-configuration + backend: + serviceName: scim + servicePort: 8080 + - path: /.well-known/openid-configuration + backend: + serviceName: auth-server + servicePort: 8080 + - path: /.well-known/uma2-configuration + backend: + serviceName: auth-server + servicePort: 8080 + - path: /.well-known/webfinger + backend: + serviceName: auth-server + servicePort: 8080 + - path: /.well-known/simple-web-discovery + backend: + serviceName: auth-server + servicePort: 8080 + - path: /.well-known/fido-configuration + backend: + serviceName: auth-server + servicePort: 8080 + - path: /.well-known/fido2-configuration + backend: + serviceName: auth-server + servicePort: 8080 + - path: /jans-scim* + backend: + serviceName: jans-scim + servicePort: 8080 + - path: /jans-config-api* + backend: + serviceName: config-api + servicePort: 8074 + - path: /auth-server* + backend: + serviceName: auth-server + servicePort: 8080 + - path: /idp* + backend: + serviceName: oxshibboleth + servicePort: 8080 + - path: /passport* + backend: + serviceName: oxpassport + servicePort: 8090 + - path: /casa* + backend: + serviceName: casa + servicePort: 8080 \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/couchbase/backup/couchbase-backup.yaml b/helm/pygluu/kubernetes/templates/couchbase/backup/couchbase-backup.yaml new file mode 100644 index 00000000000..7fbeffb4b72 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/couchbase/backup/couchbase-backup.yaml @@ -0,0 +1,18 @@ +apiVersion: couchbase.com/v2 +kind: CouchbaseBackup +metadata: + name: couchbase-gluu + labels: + cluster: gluu-couchbase +spec: + strategy: full_incremental + full: + schedule: "0 2 * * 6" + incremental: + schedule: "*/30 * * * *" + successfulJobsHistoryLimit: 1 + failedJobsHistoryLimit: 3 + backOffLimit: 2 + backupRetention: 24h + logRetention: 168h + size: 5Gi diff --git a/helm/pygluu/kubernetes/templates/couchbase/couchbase-buckets.yaml b/helm/pygluu/kubernetes/templates/couchbase/couchbase-buckets.yaml new file mode 100644 index 00000000000..12528f08fbc --- /dev/null +++ b/helm/pygluu/kubernetes/templates/couchbase/couchbase-buckets.yaml @@ -0,0 +1,50 @@ +apiVersion: couchbase.com/v2 +kind: CouchbaseBucket +metadata: + name: jans + labels: + cluster: jans-couchbase +spec: + name: jans #DO NOT CHANGE THIS LINE + memoryQuota: 100Mi + replicas: 1 + ioPriority: low + evictionPolicy: valueOnly + conflictResolution: seqno + enableFlush: true + enableIndexReplica: false + compressionMode: passive +--- +apiVersion: couchbase.com/v2 +kind: CouchbaseBucket +metadata: + name: jans-site + labels: + cluster: jans-couchbase +spec: + name: jans_site #DO NOT CHANGE THIS LINE + memoryQuota: 100Mi + replicas: 1 + ioPriority: low + evictionPolicy: valueOnly + conflictResolution: seqno + enableFlush: true + enableIndexReplica: false + compressionMode: passive +--- +apiVersion: couchbase.com/v2 +kind: CouchbaseBucket +metadata: + name: jans-user + labels: + cluster: jans-couchbase +spec: + name: jans_user #DO NOT CHANGE THIS LINE + memoryQuota: 100Mi + replicas: 1 + ioPriority: high + evictionPolicy: valueOnly + conflictResolution: seqno + enableFlush: true + enableIndexReplica: false + compressionMode: passive diff --git a/helm/pygluu/kubernetes/templates/couchbase/couchbase-cluster.yaml b/helm/pygluu/kubernetes/templates/couchbase/couchbase-cluster.yaml new file mode 100644 index 00000000000..c60ae7ec91d --- /dev/null +++ b/helm/pygluu/kubernetes/templates/couchbase/couchbase-cluster.yaml @@ -0,0 +1,173 @@ +apiVersion: couchbase.com/v2 +kind: CouchbaseCluster +metadata: + name: cbjans +spec: + image: couchbase/server:6.6.0 + antiAffinity: false + networking: + tls: + static: + serverSecret: couchbase-server-tls + operatorSecret: couchbase-operator-tls + security: + adminSecret: cb-auth + rbac: + managed: true + selector: + matchLabels: + cluster: cbjans + exposeAdminConsole: true + adminConsoleServices: + - data + exposedFeatures: + - xdcr + - client + cluster: + autoCompaction: + databaseFragmentationThreshold: + percent: 30 + size: 1Gi + viewFragmentationThreshold: + percent: 30 + size: 1Gi + parallelCompaction: false + timeWindow: + start: 02:00 + end: 06:00 + abortCompactionOutsideWindow: true + tombstonePurgeInterval: 72h + dataServiceMemoryQuota: 4024Mi + indexServiceMemoryQuota: 1024Mi + searchServiceMemoryQuota: 1024Mi + eventingServiceMemoryQuota: 1024Mi + analyticsServiceMemoryQuota: 1024Mi + autoFailoverTimeout: 10s + autoFailoverMaxCount: 3 + autoFailoverOnDataDiskIssues: true + autoFailoverOnDataDiskIssuesTimePeriod: 120s + autoFailoverServerGroup: false + buckets: + managed: true + selector: + matchLabels: + cluster: jans-couchbase + servers: + - name: analytics-us-west-2a + size: 1 + services: + - search + - analytics + - eventing + serverGroups: + - us-west-2a + volumeMounts: + default: pvc-general + analytics: + - pvc-analytics + - name: analytics-us-west-2b + size: 1 + services: + - search + - analytics + - eventing + serverGroups: + - us-west-2b + volumeMounts: + default: pvc-general + analytics: + - pvc-analytics + - name: data-us-west-2c + size: 1 + services: + - data + serverGroups: + - us-west-2c + volumeMounts: + default: pvc-general + data: pvc-data + - name: data-us-west-2b + size: 1 + services: + - data + serverGroups: + - us-west-2b + volumeMounts: + default: pvc-general + data: pvc-data + - name: index-us-west-2a + size: 1 + services: + - query + - index + serverGroups: + - us-west-2a + volumeMounts: + default: pvc-general + index: pvc-index + - name: index-us-west-2c + size: 1 + services: + - query + - index + serverGroups: + - us-west-2c + volumeMounts: + default: pvc-general + index: pvc-index + - name: query-us-west-2a + size: 1 + services: + - query + serverGroups: + - us-west-2a + volumeMounts: + default: pvc-general + query: pvc-query + - name: query-us-west-2c + size: 1 + services: + - query + serverGroups: + - us-west-2c + volumeMounts: + default: pvc-general + query: pvc-query + securityContext: + fsGroup: 1000 + volumeClaimTemplates: + - metadata: + name: pvc-general + spec: + storageClassName: couchbase-sc + resources: + requests: + storage: 10Gi + - metadata: + name: pvc-data + spec: + storageClassName: couchbase-sc + resources: + requests: + storage: 10Gi + - metadata: + name: pvc-index + spec: + storageClassName: couchbase-sc + resources: + requests: + storage: 10Gi + - metadata: + name: pvc-query + spec: + storageClassName: couchbase-sc + resources: + requests: + storage: 10Gi + - metadata: + name: pvc-analytics + spec: + storageClassName: couchbase-sc + resources: + requests: + storage: 10Gi \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/couchbase/couchbase-ephemeral-buckets.yaml b/helm/pygluu/kubernetes/templates/couchbase/couchbase-ephemeral-buckets.yaml new file mode 100644 index 00000000000..f598fd3e451 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/couchbase/couchbase-ephemeral-buckets.yaml @@ -0,0 +1,47 @@ +apiVersion: couchbase.com/v2 +kind: CouchbaseEphemeralBucket +metadata: + name: jans-cache + labels: + cluster: jans-couchbase +spec: + name: jans_cache + memoryQuota: 100Mi + replicas: 1 + ioPriority: high + evictionPolicy: nruEviction + conflictResolution: seqno + enableFlush: true + compressionMode: passive +--- +apiVersion: couchbase.com/v2 +kind: CouchbaseEphemeralBucket +metadata: + name: jans-token + labels: + cluster: jans-couchbase +spec: + name: jans_token + memoryQuota: 100Mi + replicas: 1 + ioPriority: high + evictionPolicy: nruEviction + conflictResolution: seqno + enableFlush: true + compressionMode: passive +--- +apiVersion: couchbase.com/v2 +kind: CouchbaseEphemeralBucket +metadata: + name: jans-session + labels: + cluster: jans-couchbase +spec: + name: jans_session + memoryQuota: 100Mi + replicas: 1 + ioPriority: high + evictionPolicy: nruEviction + conflictResolution: seqno + enableFlush: true + compressionMode: passive \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/couchbase/couchbase-group.yaml b/helm/pygluu/kubernetes/templates/couchbase/couchbase-group.yaml new file mode 100644 index 00000000000..87a301d26e5 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/couchbase/couchbase-group.yaml @@ -0,0 +1,59 @@ +apiVersion: couchbase.com/v2 +kind: CouchbaseGroup +metadata: + name: jans-group + labels: + cluster: cbjans +spec: + roles: + - name: query_select + bucket: jans + - name: query_select + bucket: jans_site + - name: query_select + bucket: jans_user + - name: query_select + bucket: jans_cache + - name: query_select + bucket: jans_token + - name: query_select + bucket: jans_session + + - name: query_update + bucket: jans + - name: query_update + bucket: jans_site + - name: query_update + bucket: jans_user + - name: query_update + bucket: jans_cache + - name: query_update + bucket: jans_token + - name: query_update + bucket: jans_session + + - name: query_insert + bucket: jans + - name: query_insert + bucket: jans_site + - name: query_insert + bucket: jans_user + - name: query_insert + bucket: jans_cache + - name: query_insert + bucket: jans_token + - name: query_insert + bucket: jans_session + + - name: query_delete + bucket: jans + - name: query_delete + bucket: jans_site + - name: query_delete + bucket: jans_user + - name: query_delete + bucket: jans_cache + - name: query_delete + bucket: jans_token + - name: query_delete + bucket: jans_session diff --git a/helm/pygluu/kubernetes/templates/couchbase/couchbase-rolebinding.yaml b/helm/pygluu/kubernetes/templates/couchbase/couchbase-rolebinding.yaml new file mode 100644 index 00000000000..c627d02a69a --- /dev/null +++ b/helm/pygluu/kubernetes/templates/couchbase/couchbase-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: couchbase.com/v2 +kind: CouchbaseRoleBinding +metadata: + name: jans-role-binding +spec: + subjects: + - kind: CouchbaseUser + name: jans + roleRef: + kind: CouchbaseGroup + name: jans-group diff --git a/helm/pygluu/kubernetes/templates/couchbase/couchbase-user.yaml b/helm/pygluu/kubernetes/templates/couchbase/couchbase-user.yaml new file mode 100644 index 00000000000..7b790d99748 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/couchbase/couchbase-user.yaml @@ -0,0 +1,10 @@ +apiVersion: couchbase.com/v2 +kind: CouchbaseUser +metadata: + name: jans + labels: + cluster: cbjans +spec: + fullName: "Janssen Cloud Native" + authDomain: local + authSecret: jans-couchbase-user-password \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/couchbase/storageclasses.yaml b/helm/pygluu/kubernetes/templates/couchbase/storageclasses.yaml new file mode 100644 index 00000000000..a6a446fc4fd --- /dev/null +++ b/helm/pygluu/kubernetes/templates/couchbase/storageclasses.yaml @@ -0,0 +1,15 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: couchbase-sc + annotations: + storageclass.beta.kubernetes.io/is-default-class: "false" +provisioner: kubernetes.io/aws-ebs +allowVolumeExpansion: true +volumeBindingMode: WaitForFirstConsumer +reclaimPolicy: Retain +mountOptions: +- debug +parameters: + type: VOLUMETYPE + encrypted: "true" \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/gluu_versions.json b/helm/pygluu/kubernetes/templates/gluu_versions.json new file mode 100644 index 00000000000..9d6d56888ba --- /dev/null +++ b/helm/pygluu/kubernetes/templates/gluu_versions.json @@ -0,0 +1,62 @@ +{ + "5.0": { + "casa.image.repository": "gluufederation/casa", + "casa.image.tag": "5.0.0_dev", + "fido2.image.repository": "janssenproject/fido2", + "fido2.image.tag": "1.0.0-beta.14", + "scim.image.repository": "janssenproject/scim", + "scim.image.tag": "1.0.0-beta.14", + "config.image.repository": "janssenproject/configurator", + "config.image.tag": "1.0.0-beta.14", + "config-api.image.repository": "janssenproject/config-api", + "config-api.image.tag": "1.0.0-beta.14", + "auth-server-key-rotation.image.repository": "janssenproject/certmanager", + "auth-server-key-rotation.image.tag": "1.0.0-beta.14", + "opendj.image.repository": "gluufederation/opendj", + "opendj.image.tag": "5.0.0_dev", + "jackrabbit.image.repository": "gluufederation/jackrabbit", + "jackrabbit.image.tag": "4.3.0_dev", + "auth-server.image.repository": "janssenproject/auth-server", + "auth-server.image.tag": "1.0.0-beta.14", + "client-api.image.repository": "janssenproject/client-api", + "client-api.image.tag": "1.0.0-beta.14", + "oxpassport.image.repository": "gluufederation/oxpassport", + "oxpassport.image.tag": "4.3.0_dev", + "oxshibboleth.image.repository": "gluufederation/oxshibboleth", + "oxshibboleth.image.tag": "4.3.0_dev", + "persistence.image.repository": "janssenproject/persistence-loader", + "persistence.image.tag": "1.0.0-beta.14", + "installer-settings.upgrade.image.repository": "gluufederation/upgrade", + "installer-settings.upgrade.image.tag": "4.3.0_dev" + }, + "5.0.0_dev": { + "casa.image.repository": "gluufederation/casa", + "casa.image.tag": "4.3.0_dev", + "fido2.image.repository": "janssenproject/fido2", + "fido2.image.tag": "1.0.0_dev", + "scim.image.repository": "janssenproject/scim", + "scim.image.tag": "1.0.0_dev", + "config.image.repository": "janssenproject/configurator", + "config.image.tag": "1.0.0_dev", + "config-api.image.repository": "janssenproject/config-api", + "config-api.image.tag": "1.0.0_dev", + "auth-server-key-rotation.image.repository": "janssenproject/certmanager", + "auth-server-key-rotation.image.tag": "1.0.0_dev", + "opendj.image.repository": "gluufederation/opendj", + "opendj.image.tag": "5.0.0_dev", + "jackrabbit.image.repository": "gluufederation/jackrabbit", + "jackrabbit.image.tag": "4.3.0_dev", + "auth-server.image.repository": "janssenproject/auth-server", + "auth-server.image.tag": "1.0.0_dev", + "client-api.image.repository": "janssenproject/client-api", + "client-api.image.tag": "1.0.0_dev", + "oxpassport.image.repository": "gluufederation/oxpassport", + "oxpassport.image.tag": "4.3.0_dev", + "oxshibboleth.image.repository": "gluufederation/oxshibboleth", + "oxshibboleth.image.tag": "4.3.0_dev", + "persistence.image.repository": "janssenproject/persistence-loader", + "persistence.image.tag": "1.0.0_dev", + "installer-settings.upgrade.image.repository": "gluufederation/upgrade", + "installer-settings.upgrade.image.tag": "4.3.0_dev" + } +} \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/artifacthub-repo.yml b/helm/pygluu/kubernetes/templates/helm/artifacthub-repo.yml new file mode 100644 index 00000000000..b3d78fcc354 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/artifacthub-repo.yml @@ -0,0 +1 @@ +repositoryID: 71c4a68a-487a-44ba-8385-33571f44b28f \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/Chart.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/Chart.yaml new file mode 100644 index 00000000000..0e9d5e819c8 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/Chart.yaml @@ -0,0 +1,114 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +kubeVersion: ">=v1.21.0-0" +annotations: + artifacthub.io/changes: | + - Gluu 5.0 Openbanking Distribution. Auth-server and config-api. + - Updated new images + - https://gluu.org/docs/openbanking + artifacthub.io/containsSecurityUpdates: "true" + artifacthub.io/images: | + - name: auth-server + image: janssenproject/auth-server:1.0.0-beta.14 + - name: auth-server-key-rotation + image: janssenproject/certmanager:1.0.0-beta.14 + - name: client-api + image: janssenproject/client-api:1.0.0-beta.14 + - name: configuration-manager + image: janssenproject/configurator:1.0.0-beta.14 + - name: config-api + image: janssenproject/config-api:1.0.0-beta.14 + - name: fido2 + image: janssenproject/fido2:1.0.0-beta.14 + - name: opendj + image: gluufederation/opendj:5.0.0_dev + - name: persistence + image: janssenproject/persistence-loader:1.0.0-beta.14 + - name: scim + image: janssenproject/scim:1.0.0-beta.14 + artifacthub.io/license: Apache-2.0 + artifacthub.io/prerelease: "true" + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: gluu + catalog.cattle.io/display-name: Gluu Cloud Identity and Access Management +apiVersion: v2 +appVersion: "5.0.0" +icon: https://gluu.org/docs/gluu-server/favicon.ico +home: https://www.gluu.org +sources: + - https://gluu.org/docs/gluu-server + - https://github.com/GluuFederation/cloud-native-edition +maintainers: +- name: moabu + email: support@gluu.org +description: Gluu Access and Identity Management OpenBanking distribution +name: gluu +version: 5.0.2 +dependencies: + - name: config + condition: global.config.enabled + version: 5.0.2 + + - name: config-api + condition: global.config-api.enabled + version: 5.0.2 + + - name: opendj + condition: global.opendj.enabled + version: 5.0.2 + + - name: jackrabbit + condition: global.jackrabbit.enabled + version: 5.0.2 + + - name: auth-server + condition: global.auth-server.enabled + version: 5.0.2 + + - name: admin-ui + condition: global.admin-ui.enabled + version: 5.0.2 + + - name: fido2 + condition: global.fido2.enabled + version: 5.0.2 + + - name: scim + condition: global.scim.enabled + version: 5.0.2 + + - name: nginx-ingress + condition: global.nginx-ingress.enabled + version: 5.0.2 + + - name: oxshibboleth + condition: global.oxshibboleth.enabled + version: 5.0.2 + + - name: oxpassport + version: 5.0.2 + condition: config.configmap.cnPassportEnabled + + - name: casa + version: 5.0.2 + condition: config.configmap.cnCasaEnabled + + - name: auth-server-key-rotation + condition: global.auth-server-key-rotation.enabled + version: 5.0.2 + + - name: cr-rotate + version: 5.0.2 + condition: global.cr-rotate.enabled + + - name: client-api + condition: global.client-api.enabled + version: 5.0.2 + + - name: persistence + condition: global.persistence.enabled + version: 5.0.2 + + - name: cn-istio-ingress + condition: global.istio.ingress + version: 5.0.2 diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/README.md b/helm/pygluu/kubernetes/templates/helm/gluu/README.md new file mode 100644 index 00000000000..ef174387224 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/README.md @@ -0,0 +1,651 @@ +# gluu + +![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +Gluu Access and Identity Management OpenBanking distribution + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| moabu | support@gluu.org | | + +## Source Code + +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +| Repository | Name | Version | +|------------|------|---------| +| | admin-ui | 5.0.2 | +| | auth-server | 5.0.2 | +| | auth-server-key-rotation | 5.0.2 | +| | casa | 5.0.2 | +| | client-api | 5.0.2 | +| | cn-istio-ingress | 5.0.2 | +| | config | 5.0.2 | +| | config-api | 5.0.2 | +| | cr-rotate | 5.0.2 | +| | fido2 | 5.0.2 | +| | jackrabbit | 5.0.2 | +| | nginx-ingress | 5.0.2 | +| | opendj | 5.0.2 | +| | oxpassport | 5.0.2 | +| | oxshibboleth | 5.0.2 | +| | persistence | 5.0.2 | +| | scim | 5.0.2 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| admin-ui | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/admin-ui","tag":"1.0.0-beta.14"},"livenessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":1636},"timeoutSeconds":5},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":1636},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Admin GUI for configuration of the auth-server | +| admin-ui.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| admin-ui.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| admin-ui.dnsConfig | object | `{}` | Add custom dns config | +| admin-ui.dnsPolicy | string | `""` | Add custom dns policy | +| admin-ui.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | +| admin-ui.hpa.behavior | object | `{}` | Scaling Policies | +| admin-ui.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| admin-ui.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| admin-ui.image.pullSecrets | list | `[]` | Image Pull Secrets | +| admin-ui.image.repository | string | `"gluufederation/admin-ui"` | Image to use for deploying. | +| admin-ui.image.tag | string | `"1.0.0-beta.14"` | Image tag to use for deploying. | +| admin-ui.livenessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":1636},"timeoutSeconds":5}` | Configure the liveness healthcheck for the admin ui if needed. | +| admin-ui.readinessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":1636},"timeoutSeconds":5}` | Configure the readiness healthcheck for the admin ui if needed. | +| admin-ui.replicas | int | `1` | Service replica number. | +| admin-ui.resources | object | `{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}}` | Resource specs. | +| admin-ui.resources.limits.cpu | string | `"2500m"` | CPU limit. | +| admin-ui.resources.limits.memory | string | `"2500Mi"` | Memory limit. | +| admin-ui.resources.requests.cpu | string | `"2500m"` | CPU request. | +| admin-ui.resources.requests.memory | string | `"2500Mi"` | Memory request. | +| admin-ui.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| admin-ui.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| admin-ui.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| admin-ui.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| admin-ui.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/auth-server","tag":"1.0.0-beta.14"},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. | +| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/certmanager","tag":"1.0.0-beta.14"},"keysLife":48,"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours | +| auth-server-key-rotation.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| auth-server-key-rotation.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| auth-server-key-rotation.dnsConfig | object | `{}` | Add custom dns config | +| auth-server-key-rotation.dnsPolicy | string | `""` | Add custom dns policy | +| auth-server-key-rotation.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| auth-server-key-rotation.image.pullSecrets | list | `[]` | Image Pull Secrets | +| auth-server-key-rotation.image.repository | string | `"janssenproject/certmanager"` | Image to use for deploying. | +| auth-server-key-rotation.image.tag | string | `"1.0.0-beta.14"` | Image tag to use for deploying. | +| auth-server-key-rotation.keysLife | int | `48` | Auth server key rotation keys life in hours | +| auth-server-key-rotation.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | +| auth-server-key-rotation.resources.limits.cpu | string | `"300m"` | CPU limit. | +| auth-server-key-rotation.resources.limits.memory | string | `"300Mi"` | Memory limit. | +| auth-server-key-rotation.resources.requests.cpu | string | `"300m"` | CPU request. | +| auth-server-key-rotation.resources.requests.memory | string | `"300Mi"` | Memory request. | +| auth-server-key-rotation.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| auth-server-key-rotation.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| auth-server-key-rotation.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| auth-server-key-rotation.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| auth-server-key-rotation.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| auth-server.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| auth-server.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| auth-server.dnsConfig | object | `{}` | Add custom dns config | +| auth-server.dnsPolicy | string | `""` | Add custom dns policy | +| auth-server.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | +| auth-server.hpa.behavior | object | `{}` | Scaling Policies | +| auth-server.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| auth-server.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| auth-server.image.pullSecrets | list | `[]` | Image Pull Secrets | +| auth-server.image.repository | string | `"janssenproject/auth-server"` | Image to use for deploying. | +| auth-server.image.tag | string | `"1.0.0-beta.14"` | Image tag to use for deploying. | +| auth-server.livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | +| auth-server.livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py | +| auth-server.readinessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py | +| auth-server.replicas | int | `1` | Service replica number. | +| auth-server.resources | object | `{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}}` | Resource specs. | +| auth-server.resources.limits.cpu | string | `"2500m"` | CPU limit. | +| auth-server.resources.limits.memory | string | `"2500Mi"` | Memory limit. | +| auth-server.resources.requests.cpu | string | `"2500m"` | CPU request. | +| auth-server.resources.requests.memory | string | `"2500Mi"` | Memory request. | +| auth-server.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| auth-server.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| auth-server.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| auth-server.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| auth-server.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| casa | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/casa","tag":"5.0.0_dev"},"livenessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. | +| casa.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| casa.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| casa.dnsConfig | object | `{}` | Add custom dns config | +| casa.dnsPolicy | string | `""` | Add custom dns policy | +| casa.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | +| casa.hpa.behavior | object | `{}` | Scaling Policies | +| casa.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| casa.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| casa.image.pullSecrets | list | `[]` | Image Pull Secrets | +| casa.image.repository | string | `"gluufederation/casa"` | Image to use for deploying. | +| casa.image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | +| casa.livenessProbe | object | `{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for casa if needed. | +| casa.livenessProbe.httpGet.path | string | `"/casa/health-check"` | http liveness probe endpoint | +| casa.readinessProbe | object | `{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the readiness healthcheck for the casa if needed. | +| casa.readinessProbe.httpGet.path | string | `"/casa/health-check"` | http readiness probe endpoint | +| casa.replicas | int | `1` | Service replica number. | +| casa.resources | object | `{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}}` | Resource specs. | +| casa.resources.limits.cpu | string | `"500m"` | CPU limit. | +| casa.resources.limits.memory | string | `"500Mi"` | Memory limit. | +| casa.resources.requests.cpu | string | `"500m"` | CPU request. | +| casa.resources.requests.memory | string | `"500Mi"` | Memory request. | +| casa.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| casa.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| casa.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| casa.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| casa.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| client-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/client-api","tag":"1.0.0-beta.14"},"livenessProbe":{"exec":{"command":["curl","-k","https://localhost:8443/health-check"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8443},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting. | +| client-api.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| client-api.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| client-api.dnsConfig | object | `{}` | Add custom dns config | +| client-api.dnsPolicy | string | `""` | Add custom dns policy | +| client-api.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | +| client-api.hpa.behavior | object | `{}` | Scaling Policies | +| client-api.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| client-api.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| client-api.image.pullSecrets | list | `[]` | Image Pull Secrets | +| client-api.image.repository | string | `"janssenproject/client-api"` | Image to use for deploying. | +| client-api.image.tag | string | `"1.0.0-beta.14"` | Image tag to use for deploying. | +| client-api.livenessProbe | object | `{"exec":{"command":["curl","-k","https://localhost:8443/health-check"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | +| client-api.livenessProbe.exec | object | `{"command":["curl","-k","https://localhost:8443/health-check"]}` | Executes the python3 healthcheck. | +| client-api.readinessProbe | object | `{"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8443},"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. | +| client-api.replicas | int | `1` | Service replica number. | +| client-api.resources | object | `{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}}` | Resource specs. | +| client-api.resources.limits.cpu | string | `"1000m"` | CPU limit. | +| client-api.resources.limits.memory | string | `"400Mi"` | Memory limit. | +| client-api.resources.requests.cpu | string | `"1000m"` | CPU request. | +| client-api.resources.requests.memory | string | `"400Mi"` | Memory request. | +| client-api.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| client-api.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| client-api.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| client-api.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| client-api.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnCacheType":"NATIVE_PERSISTENCE","cnCasaEnabled":false,"cnClientApiAdminCertCn":"client-api","cnClientApiApplicationCertCn":"client-api","cnClientApiBindIpAddresses":"*","cnConfigGoogleSecretNamePrefix":"gluu","cnConfigGoogleSecretVersionId":"latest","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCertFile":"/etc/certs/couchbase.crt","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbasePasswordFile":"/etc/gluu/conf/couchbase_password","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseSuperUserPasswordFile":"/etc/gluu/conf/couchbase_superuser_password","cnCouchbaseUrl":"cbgluu.default.svc.cluster.local","cnCouchbaseUser":"gluu","cnDocumentStoreType":"JCA","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerPassPhrase":"Test1234#","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJackrabbitAdminId":"admin","cnJackrabbitAdminIdFile":"/etc/gluu/conf/jackrabbit_admin_id","cnJackrabbitAdminPasswordFile":"/etc/gluu/conf/jackrabbit_admin_password","cnJackrabbitPostgresDatabaseName":"jackrabbit","cnJackrabbitPostgresHost":"postgresql.postgres.svc.cluster.local","cnJackrabbitPostgresPasswordFile":"/etc/gluu/conf/postgres_password","cnJackrabbitPostgresPort":5432,"cnJackrabbitPostgresUser":"jackrabbit","cnJackrabbitSyncInterval":300,"cnJackrabbitUrl":"http://jackrabbit:8080","cnJettyRequestHeaderSize":8192,"cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPassportEnabled":false,"cnPersistenceLdapMapping":"default","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnSamlEnabled":false,"cnScimProtectionMode":"OAUTH","cnSecretGoogleSecretNamePrefix":"gluu","cnSecretGoogleSecretVersionId":"latest","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"jans","cnSqlDbPort":3306,"cnSqlDbTimezone":"UTC","cnSqlDbUser":"jans","cnSqlPasswordFile":"/etc/jans/conf/sql_password","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","dnsConfig":{},"dnsPolicy":"","email":"support@gluu.org","image":{"pullSecrets":[],"repository":"janssenproject/configurator","tag":"1.0.0-beta.14"},"ldapPassword":"P@ssw0rds","migration":{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"},"orgName":"Gluu","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. | +| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/config-api","tag":"1.0.0-beta.14"},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). | +| config-api.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| config-api.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| config-api.dnsConfig | object | `{}` | Add custom dns config | +| config-api.dnsPolicy | string | `""` | Add custom dns policy | +| config-api.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | +| config-api.hpa.behavior | object | `{}` | Scaling Policies | +| config-api.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| config-api.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| config-api.image.pullSecrets | list | `[]` | Image Pull Secrets | +| config-api.image.repository | string | `"janssenproject/config-api"` | Image to use for deploying. | +| config-api.image.tag | string | `"1.0.0-beta.14"` | Image tag to use for deploying. | +| config-api.livenessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | +| config-api.livenessProbe.httpGet | object | `{"path":"/jans-config-api/api/v1/health/live","port":8074}` | http liveness probe endpoint | +| config-api.readinessProbe.httpGet | object | `{"path":"jans-config-api/api/v1/health/ready","port":8074}` | http readiness probe endpoint | +| config-api.replicas | int | `1` | Service replica number. | +| config-api.resources | object | `{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}}` | Resource specs. | +| config-api.resources.limits.cpu | string | `"1000m"` | CPU limit. | +| config-api.resources.limits.memory | string | `"400Mi"` | Memory limit. | +| config-api.resources.requests.cpu | string | `"1000m"` | CPU request. | +| config-api.resources.requests.memory | string | `"400Mi"` | Memory request. | +| config-api.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| config-api.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| config-api.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| config-api.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| config-api.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| config.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| config.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| config.adminPassword | string | `"Test1234#"` | Admin password to log in to the UI. | +| config.city | string | `"Austin"` | City. Used for certificate creation. | +| config.configmap.cnCacheType | string | `"NATIVE_PERSISTENCE"` | Cache type. `NATIVE_PERSISTENCE`, `REDIS`. or `IN_MEMORY`. Defaults to `NATIVE_PERSISTENCE` . | +| config.configmap.cnCasaEnabled | bool | `false` | Enable Casa flag . | +| config.configmap.cnClientApiAdminCertCn | string | `"client-api"` | Client-api OAuth client admin certificate common name. This should be left to the default value client-api . | +| config.configmap.cnClientApiApplicationCertCn | string | `"client-api"` | Client-api OAuth client application certificate common name. This should be left to the default value client-api. | +| config.configmap.cnClientApiBindIpAddresses | string | `"*"` | Client-api bind address. This limits what ip ranges can access the client-api. This should be left as * and controlled by a NetworkPolicy | +| config.configmap.cnConfigGoogleSecretNamePrefix | string | `"gluu"` | Prefix for Gluu configuration secret in Google Secret Manager. Defaults to gluu. If left intact gluu-configuration secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| config.configmap.cnConfigGoogleSecretVersionId | string | `"latest"` | Secret version to be used for configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| config.configmap.cnConfigKubernetesConfigMap | string | `"cn"` | The name of the Kubernetes ConfigMap that will hold the configuration layer | +| config.configmap.cnCouchbaseBucketPrefix | string | `"jans"` | The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Gluu. | +| config.configmap.cnCouchbaseCertFile | string | `"/etc/certs/couchbase.crt"` | Location of `couchbase.crt` used by Couchbase SDK for tls termination. The file path must end with couchbase.crt. In mTLS setups this is not required. | +| config.configmap.cnCouchbaseCrt | string | `"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo="` | Couchbase certificate authority string. This must be encoded using base64. This can also be found in your couchbase UI Security > Root Certificate. In mTLS setups this is not required. | +| config.configmap.cnCouchbaseIndexNumReplica | int | `0` | The number of replicas per index created. Please note that the number of index nodes must be one greater than the number of index replicas. That means if your couchbase cluster only has 2 index nodes you cannot place the number of replicas to be higher than 1. | +| config.configmap.cnCouchbasePassword | string | `"P@ssw0rd"` | Couchbase password for the restricted user config.configmap.cnCouchbaseUser that is often used inside the services. The password must contain one digit, one uppercase letter, one lower case letter and one symbol . | +| config.configmap.cnCouchbasePasswordFile | string | `"/etc/gluu/conf/couchbase_password"` | The location of the Couchbase restricted user config.configmap.cnCouchbaseUser password. The file path must end with couchbase_password | +| config.configmap.cnCouchbaseSuperUser | string | `"admin"` | The Couchbase super user (admin) user name. This user is used during initialization only. | +| config.configmap.cnCouchbaseSuperUserPassword | string | `"Test1234#"` | Couchbase password for the super user config.configmap.cnCouchbaseSuperUser that is used during the initialization process. The password must contain one digit, one uppercase letter, one lower case letter and one symbol | +| config.configmap.cnCouchbaseSuperUserPasswordFile | string | `"/etc/gluu/conf/couchbase_superuser_password"` | The location of the Couchbase restricted user config.configmap.cnCouchbaseSuperUser password. The file path must end with couchbase_superuser_password. | +| config.configmap.cnCouchbaseUrl | string | `"cbgluu.default.svc.cluster.local"` | Couchbase URL. Used only when global.cnPersistenceType is hybrid or couchbase. This should be in FQDN format for either remote or local Couchbase clusters. The address can be an internal address inside the kubernetes cluster | +| config.configmap.cnCouchbaseUser | string | `"gluu"` | Couchbase restricted user. Used only when global.cnPersistenceType is hybrid or couchbase. | +| config.configmap.cnDocumentStoreType | string | `"JCA"` | Document store type to use for shibboleth files JCA or LOCAL. Note that if JCA is selected Apache Jackrabbit will be used. Jackrabbit also enables loading custom files across all services easily. | +| config.configmap.cnGoogleProjectId | string | `"google-project-to-save-config-and-secrets-to"` | Project id of the google project the secret manager belongs to. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| config.configmap.cnGoogleSecretManagerPassPhrase | string | `"Test1234#"` | Passphrase for Gluu secret in Google Secret Manager. This is used for encrypting and decrypting data from the Google Secret Manager. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| config.configmap.cnGoogleSpannerDatabaseId | string | `""` | Google Spanner Database ID. Used only when global.cnPersistenceType is spanner. | +| config.configmap.cnJackrabbitAdminId | string | `"admin"` | Jackrabbit admin uid. | +| config.configmap.cnJackrabbitAdminIdFile | string | `"/etc/gluu/conf/jackrabbit_admin_id"` | The location of the Jackrabbit admin uid config.cnJackrabbitAdminId. The file path must end with jackrabbit_admin_id. | +| config.configmap.cnJackrabbitAdminPasswordFile | string | `"/etc/gluu/conf/jackrabbit_admin_password"` | The location of the Jackrabbit admin password jackrabbit.secrets.cnJackrabbitAdminPassword. The file path must end with jackrabbit_admin_password. | +| config.configmap.cnJackrabbitPostgresDatabaseName | string | `"jackrabbit"` | Jackrabbit postgres database name. | +| config.configmap.cnJackrabbitPostgresHost | string | `"postgresql.postgres.svc.cluster.local"` | Postgres url | +| config.configmap.cnJackrabbitPostgresPasswordFile | string | `"/etc/gluu/conf/postgres_password"` | The location of the Jackrabbit postgres password file jackrabbit.secrets.cnJackrabbitPostgresPassword. The file path must end with postgres_password. | +| config.configmap.cnJackrabbitPostgresPort | int | `5432` | Jackrabbit Postgres port | +| config.configmap.cnJackrabbitPostgresUser | string | `"jackrabbit"` | Jackrabbit Postgres uid | +| config.configmap.cnJackrabbitSyncInterval | int | `300` | Interval between files sync (default to 300 seconds). | +| config.configmap.cnJackrabbitUrl | string | `"http://jackrabbit:8080"` | Jackrabbit internal url. Normally left as default. | +| config.configmap.cnJettyRequestHeaderSize | int | `8192` | Jetty header size in bytes in the auth server | +| config.configmap.cnMaxRamPercent | string | `"75.0"` | Value passed to Java option -XX:MaxRAMPercentage | +| config.configmap.cnPassportEnabled | bool | `false` | Boolean flag to enable/disable passport chart | +| config.configmap.cnPersistenceLdapMapping | string | `"default"` | Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`. | +| config.configmap.cnRedisSentinelGroup | string | `""` | Redis Sentinel Group. Often set when `config.configmap.cnRedisType` is set to `SENTINEL`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | +| config.configmap.cnRedisSslTruststore | string | `""` | Redis SSL truststore. Optional. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | +| config.configmap.cnRedisType | string | `"STANDALONE"` | Redis service type. `STANDALONE` or `CLUSTER`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | +| config.configmap.cnRedisUrl | string | `"redis.redis.svc.cluster.local:6379"` | Redis URL and port number :. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | +| config.configmap.cnRedisUseSsl | bool | `false` | Boolean to use SSL in Redis. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | +| config.configmap.cnSamlEnabled | bool | `false` | Enable SAML-related features; UI menu, etc. | +| config.configmap.cnScimProtectionMode | string | `"OAUTH"` | SCIM protection mode OAUTH|TEST|UMA | +| config.configmap.cnSecretGoogleSecretNamePrefix | string | `"gluu"` | Prefix for Gluu secret in Google Secret Manager. Defaults to gluu. If left gluu-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| config.configmap.cnSecretKubernetesSecret | string | `"cn"` | Kubernetes secret name holding configuration keys. Used when global.configSecretAdapter is set to kubernetes which is the default. | +| config.configmap.cnSqlDbDialect | string | `"mysql"` | SQL database dialect. `mysql` or `pgsql` | +| config.configmap.cnSqlDbHost | string | `"my-release-mysql.default.svc.cluster.local"` | SQL database host uri. | +| config.configmap.cnSqlDbName | string | `"jans"` | SQL database name. | +| config.configmap.cnSqlDbPort | int | `3306` | SQL database port. | +| config.configmap.cnSqlDbTimezone | string | `"UTC"` | SQL database timezone. | +| config.configmap.cnSqlDbUser | string | `"jans"` | SQL database username. | +| config.configmap.cnSqlPasswordFile | string | `"/etc/jans/conf/sql_password"` | SQL password file holding password from config.configmap.cnSqldbUserPassword . | +| config.configmap.cnSqldbUserPassword | string | `"Test1234#"` | SQL password injected as config.configmap.cnSqlPasswordFile . | +| config.configmap.lbAddr | string | `""` | Loadbalancer address for AWS if the FQDN is not registered. | +| config.countryCode | string | `"US"` | Country code. Used for certificate creation. | +| config.dnsConfig | object | `{}` | Add custom dns config | +| config.dnsPolicy | string | `""` | Add custom dns policy | +| config.email | string | `"support@gluu.org"` | Email address of the administrator usually. Used for certificate creation. | +| config.image.pullSecrets | list | `[]` | Image Pull Secrets | +| config.image.repository | string | `"janssenproject/configurator"` | Image to use for deploying. | +| config.image.tag | string | `"1.0.0-beta.14"` | Image tag to use for deploying. | +| config.ldapPassword | string | `"P@ssw0rds"` | LDAP admin password if OpennDJ is used for persistence. | +| config.migration | object | `{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"}` | CE to CN Migration section | +| config.migration.enabled | bool | `false` | Boolean flag to enable migration from CE | +| config.migration.migrationDataFormat | string | `"ldif"` | migration data-format depending on persistence backend. Supported data formats are ldif, couchbase+json, spanner+avro, postgresql+json, and mysql+json. | +| config.migration.migrationDir | string | `"/ce-migration"` | Directory holding all migration files | +| config.orgName | string | `"Gluu"` | Organization name. Used for certificate creation. | +| config.redisPassword | string | `"P@assw0rd"` | Redis admin password if `config.configmap.cnCacheType` is set to `REDIS`. | +| config.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | +| config.resources.limits.cpu | string | `"300m"` | CPU limit. | +| config.resources.limits.memory | string | `"300Mi"` | Memory limit. | +| config.resources.requests.cpu | string | `"300m"` | CPU request. | +| config.resources.requests.memory | string | `"300Mi"` | Memory request. | +| config.state | string | `"TX"` | State code. Used for certificate creation. | +| config.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service. | +| config.usrEnvs.normal | object | `{}` | Add custom normal envs to the service. variable1: value1 | +| config.usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 | +| config.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| config.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| cr-rotate | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/cr-rotate","tag":"5.0.0_dev"},"resources":{"limits":{"cpu":"200m","memory":"200Mi"},"requests":{"cpu":"200m","memory":"200Mi"}},"service":{"crRotateServiceName":"cr-rotate"},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | CacheRefreshRotation is a special container to monitor cache refresh on oxTrust containers. This may be depreciated. | +| cr-rotate.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| cr-rotate.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| cr-rotate.dnsConfig | object | `{}` | Add custom dns config | +| cr-rotate.dnsPolicy | string | `""` | Add custom dns policy | +| cr-rotate.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| cr-rotate.image.pullSecrets | list | `[]` | Image Pull Secrets | +| cr-rotate.image.repository | string | `"gluufederation/cr-rotate"` | Image to use for deploying. | +| cr-rotate.image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | +| cr-rotate.resources | object | `{"limits":{"cpu":"200m","memory":"200Mi"},"requests":{"cpu":"200m","memory":"200Mi"}}` | Resource specs. | +| cr-rotate.resources.limits.cpu | string | `"200m"` | CPU limit. | +| cr-rotate.resources.limits.memory | string | `"200Mi"` | Memory limit. | +| cr-rotate.resources.requests.cpu | string | `"200m"` | CPU request. | +| cr-rotate.resources.requests.memory | string | `"200Mi"` | Memory request. | +| cr-rotate.service.crRotateServiceName | string | `"cr-rotate"` | Name of the cr-rotate service. Please keep it as default. | +| cr-rotate.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| cr-rotate.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| cr-rotate.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| cr-rotate.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| cr-rotate.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/fido2","tag":"1.0.0-beta.14"},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. | +| fido2.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| fido2.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| fido2.dnsConfig | object | `{}` | Add custom dns config | +| fido2.dnsPolicy | string | `""` | Add custom dns policy | +| fido2.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | +| fido2.hpa.behavior | object | `{}` | Scaling Policies | +| fido2.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| fido2.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| fido2.image.pullSecrets | list | `[]` | Image Pull Secrets | +| fido2.image.repository | string | `"janssenproject/fido2"` | Image to use for deploying. | +| fido2.image.tag | string | `"1.0.0-beta.14"` | Image tag to use for deploying. | +| fido2.livenessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for the fido2 if needed. | +| fido2.livenessProbe.httpGet | object | `{"path":"/jans-fido2/sys/health-check","port":"http-fido2"}` | http liveness probe endpoint | +| fido2.readinessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the readiness healthcheck for the fido2 if needed. | +| fido2.replicas | int | `1` | Service replica number. | +| fido2.resources | object | `{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}}` | Resource specs. | +| fido2.resources.limits.cpu | string | `"500m"` | CPU limit. | +| fido2.resources.limits.memory | string | `"500Mi"` | Memory limit. | +| fido2.resources.requests.cpu | string | `"500m"` | CPU request. | +| fido2.resources.requests.memory | string | `"500Mi"` | Memory request. | +| fido2.service.name | string | `"http-fido2"` | The name of the fido2 port within the fido2 service. Please keep it as default. | +| fido2.service.port | int | `8080` | Port of the fido2 service. Please keep it as default. | +| fido2.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| fido2.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| fido2.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| fido2.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| fido2.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| global | object | `{"admin-ui":{"adminUiApiKey":"xxxxxxxxxxx","adminUiApiKeyFile":"/etc/jans/conf/admin_ui_api_key","adminUiManagementKey":"xxxxxxxxxxx","adminUiManagementKeyFile":"/etc/jans/conf/admin_ui_management_key","adminUiProductCode":"xxxxxxxxxxx","adminUiProductCodeFile":"/etc/jans/conf/admin_ui_product_code","adminUiServiceName":"admin-ui","adminUiSharedKey":"xxxxxxxxxxx","adminUiSharedKeyFile":"/etc/jans/conf/admin_ui_shared_key","enabled":false},"alb":{"ingress":false},"auth-server":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authServerServiceName":"auth-server","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","enabled":true},"auth-server-key-rotation":{"enabled":false},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","casa":{"casaServiceName":"casa"},"client-api":{"appLoggers":{"clientApiLogLevel":"INFO","clientApiLogTarget":"STDOUT"},"clientApiServerServiceName":"client-api","enabled":false},"cloud":{"testEnviroment":false},"cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnJackrabbitCluster":false,"cnObExtSigningAlias":"","cnObExtSigningJwksCrt":"","cnObExtSigningJwksKey":"","cnObExtSigningJwksKeyPassPhrase":"","cnObExtSigningJwksUri":"","cnObStaticSigningKeyKid":"","cnObTransportAlias":"","cnObTransportCrt":"","cnObTransportKey":"","cnObTransportKeyPassPhrase":"","cnObTransportTrustStore":"","cnPersistenceType":"sql","config":{"enabled":true},"config-api":{"appLoggers":{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT"},"configApiServerServiceName":"config-api","enabled":true},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","cr-rotate":{"enabled":false},"distribution":"default","fido2":{"appLoggers":{"fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE"},"enabled":true,"fido2ServiceName":"fido2"},"fqdn":"demoexample.gluu.org","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"additionalAnnotations":{},"additionalLabels":{},"enabled":false,"ingress":false,"namespace":"istio-system"},"jackrabbit":{"enabled":false,"jackRabbitServiceName":"jackrabbit"},"lbIp":"22.22.22.22","nginx-ingress":{"enabled":true},"opendj":{"enabled":false,"ldapServiceName":"opendj"},"oxpassport":{"oxPassportServiceName":"oxpassport"},"oxshibboleth":{"enabled":false,"oxShibbolethServiceName":"oxshibboleth"},"persistence":{"enabled":true},"scim":{"appLoggers":{"ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":true,"scimServiceName":"scim"},"storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"upgrade":{"enabled":false},"usrEnvs":{"normal":{},"secret":{}}}` | Parameters used globally across all services helm charts. | +| global.admin-ui.adminUiApiKeyFile | string | `"/etc/jans/conf/admin_ui_api_key"` | Admin UI license API key mount location. | +| global.admin-ui.adminUiManagementKey | string | `"xxxxxxxxxxx"` | Admin UI license management key. | +| global.admin-ui.adminUiManagementKeyFile | string | `"/etc/jans/conf/admin_ui_management_key"` | Admin UI license management key mount location. | +| global.admin-ui.adminUiProductCode | string | `"xxxxxxxxxxx"` | Admin UI license product code. | +| global.admin-ui.adminUiProductCodeFile | string | `"/etc/jans/conf/admin_ui_product_code"` | Admin UI license product code mount location. | +| global.admin-ui.adminUiServiceName | string | `"admin-ui"` | Name of the admin-ui service. Please keep it as default. | +| global.admin-ui.adminUiSharedKey | string | `"xxxxxxxxxxx"` | Admin UI license shared key. | +| global.admin-ui.adminUiSharedKeyFile | string | `"/etc/jans/conf/admin_ui_shared_key"` | Admin UI license shared key mount location. | +| global.admin-ui.enabled | bool | `false` | Boolean flag to enable/disable the admin-ui chart and admin ui config api plugin. | +| global.alb.ingress | bool | `false` | Activates ALB ingress | +| global.auth-server-key-rotation.enabled | bool | `false` | Boolean flag to enable/disable the auth-server-key rotation cronjob chart. | +| global.auth-server.appLoggers | object | `{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"}` | App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. | +| global.auth-server.appLoggers.auditStatsLogLevel | string | `"INFO"` | jans-auth_audit.log level | +| global.auth-server.appLoggers.auditStatsLogTarget | string | `"FILE"` | jans-auth_script.log target | +| global.auth-server.appLoggers.authLogLevel | string | `"INFO"` | jans-auth.log level | +| global.auth-server.appLoggers.authLogTarget | string | `"STDOUT"` | jans-auth.log target | +| global.auth-server.appLoggers.httpLogLevel | string | `"INFO"` | http_request_response.log level | +| global.auth-server.appLoggers.httpLogTarget | string | `"FILE"` | http_request_response.log target | +| global.auth-server.appLoggers.ldapStatsLogLevel | string | `"INFO"` | jans-auth_persistence_ldap_statistics.log level | +| global.auth-server.appLoggers.ldapStatsLogTarget | string | `"FILE"` | jans-auth_persistence_ldap_statistics.log target | +| global.auth-server.appLoggers.persistenceDurationLogLevel | string | `"INFO"` | jans-auth_persistence_duration.log level | +| global.auth-server.appLoggers.persistenceDurationLogTarget | string | `"FILE"` | jans-auth_persistence_duration.log target | +| global.auth-server.appLoggers.persistenceLogLevel | string | `"INFO"` | jans-auth_persistence.log level | +| global.auth-server.appLoggers.persistenceLogTarget | string | `"FILE"` | jans-auth_persistence.log target | +| global.auth-server.appLoggers.scriptLogLevel | string | `"INFO"` | jans-auth_script.log level | +| global.auth-server.appLoggers.scriptLogTarget | string | `"FILE"` | jans-auth_script.log target | +| global.auth-server.authEncKeys | string | `"RSA1_5 RSA-OAEP"` | space-separated key algorithm for encryption (default to `RSA1_5 RSA-OAEP`) | +| global.auth-server.authServerServiceName | string | `"auth-server"` | Name of the auth-server service. Please keep it as default. | +| global.auth-server.authSigKeys | string | `"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512"` | space-separated key algorithm for signing (default to `RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512`) | +| global.auth-server.enabled | bool | `true` | Boolean flag to enable/disable auth-server chart. You should never set this to false. | +| global.awsStorageType | string | `"io1"` | Volume storage type if using AWS volumes. | +| global.azureStorageAccountType | string | `"Standard_LRS"` | Volume storage type if using Azure disks. | +| global.azureStorageKind | string | `"Managed"` | Azure storage kind if using Azure disks | +| global.casa.casaServiceName | string | `"casa"` | Name of the casa service. Please keep it as default. | +| global.client-api.appLoggers | object | `{"clientApiLogLevel":"INFO","clientApiLogTarget":"STDOUT"}` | App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. | +| global.client-api.appLoggers.clientApiLogLevel | string | `"INFO"` | client-api.log level | +| global.client-api.appLoggers.clientApiLogTarget | string | `"STDOUT"` | client-api.log target | +| global.client-api.clientApiServerServiceName | string | `"client-api"` | Name of the client-api service. Please keep it as default. | +| global.client-api.enabled | bool | `false` | Boolean flag to enable/disable the client-api chart. | +| global.cloud.testEnviroment | bool | `false` | Boolean flag if enabled will strip resources requests and limits from all services. | +| global.cnGoogleApplicationCredentials | string | `"/etc/jans/conf/google-credentials.json"` | Base64 encoded service account. The sa must have roles/secretmanager.admin to use Google secrets and roles/spanner.databaseUser to use Spanner. | +| global.cnJackrabbitCluster | bool | `false` | Boolean flag if enabled will enable jackrabbit in cluster mode with Postgres. | +| global.cnObExtSigningAlias | string | `""` | Open banking external signing AS Alias. This is a kid value.Used in SSA Validation, kid used while encoding a JWT sent to token URL i.e XkwIzWy44xWSlcWnMiEc8iq9s2G | +| global.cnObExtSigningJwksCrt | string | `""` | Open banking external signing jwks AS certificate authority string. Used in SSA Validation. This must be encoded using base64.. Used when `.global.cnObExtSigningJwksUri` is set. | +| global.cnObExtSigningJwksKey | string | `""` | Open banking external signing jwks AS key string. Used in SSA Validation. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set. | +| global.cnObExtSigningJwksKeyPassPhrase | string | `""` | Open banking external signing jwks AS key passphrase to unlock provided key. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set. | +| global.cnObExtSigningJwksUri | string | `""` | Open banking external signing jwks uri. Used in SSA Validation. | +| global.cnObStaticSigningKeyKid | string | `""` | Open banking signing AS kid to force the AS to use a specific signing key. i.e Wy44xWSlcWnMiEc8iq9s2G | +| global.cnObTransportAlias | string | `""` | Open banking transport Alias used inside the JVM. | +| global.cnObTransportCrt | string | `""` | Open banking AS transport crt. Used in SSA Validation. This must be encoded using base64. | +| global.cnObTransportKey | string | `""` | Open banking AS transport key. Used in SSA Validation. This must be encoded using base64. | +| global.cnObTransportKeyPassPhrase | string | `""` | Open banking AS transport key pas`sphrase to unlock AS transport key. This must be encoded using base64. | +| global.cnObTransportTrustStore | string | `""` | Open banking AS transport truststore crt. This is normally generated from the OB issuing CA, OB Root CA and Signing CA. Used when .global.cnObExtSigningJwksUri is set. Used in SSA Validation. This must be encoded using base64. | +| global.cnPersistenceType | string | `"sql"` | Persistence backend to run Gluu with ldap|couchbase|hybrid|sql|spanner. | +| global.config-api.appLoggers | object | `{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT"}` | App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. | +| global.config-api.appLoggers.configApiLogLevel | string | `"INFO"` | configapi.log level | +| global.config-api.appLoggers.configApiLogTarget | string | `"STDOUT"` | configapi.log target | +| global.config-api.configApiServerServiceName | string | `"config-api"` | Name of the config-api service. Please keep it as default. | +| global.config-api.enabled | bool | `true` | Boolean flag to enable/disable the config-api chart. | +| global.config.enabled | bool | `true` | Boolean flag to enable/disable the configuration chart. This normally should never be false | +| global.configAdapterName | string | `"kubernetes"` | The config backend adapter that will hold Gluu configuration layer. google|kubernetes | +| global.configSecretAdapter | string | `"kubernetes"` | The config backend adapter that will hold Gluu secret layer. google|kubernetes | +| global.cr-rotate.enabled | bool | `false` | Boolean flag to enable/disable the cr-rotate chart. | +| global.distribution | string | `"default"` | Gluu distributions supported are: default|openbanking. | +| global.fido2.appLoggers | object | `{"fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE"}` | App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. | +| global.fido2.appLoggers.fido2LogLevel | string | `"INFO"` | fido2.log level | +| global.fido2.appLoggers.fido2LogTarget | string | `"STDOUT"` | fido2.log target | +| global.fido2.appLoggers.persistenceLogLevel | string | `"INFO"` | fido2_persistence.log level | +| global.fido2.appLoggers.persistenceLogTarget | string | `"FILE"` | fido2_persistence.log target | +| global.fido2.enabled | bool | `true` | Boolean flag to enable/disable the fido2 chart. | +| global.fido2.fido2ServiceName | string | `"fido2"` | Name of the fido2 service. Please keep it as default. | +| global.fqdn | string | `"demoexample.gluu.org"` | Fully qualified domain name to be used for Gluu installation. This address will be used to reach Gluu services. | +| global.gcePdStorageType | string | `"pd-standard"` | GCE storage kind if using Google disks | +| global.isFqdnRegistered | bool | `false` | Boolean flag to enable mapping global.lbIp to global.fqdn inside pods on clouds that provide static ip for loadbalancers. On cloud that provide only addresses to the LB this flag will enable a script to actively scan config.configmap.lbAddr and update the hosts file inside the pods automatically. | +| global.istio.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| global.istio.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| global.istio.enabled | bool | `false` | Boolean flag that enables using istio side cars with Gluu services. | +| global.istio.ingress | bool | `false` | Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available. | +| global.istio.namespace | string | `"istio-system"` | The namespace istio is deployed in. The is normally istio-system. | +| global.jackrabbit.enabled | bool | `false` | Boolean flag to enable/disable the jackrabbit chart. For more information on how it is used inside Gluu https://gluu.org/docs/gluu-server/4.2/installation-guide/install-kubernetes/#working-with-jackrabbit. If disabled oxShibboleth cannot be run. | +| global.jackrabbit.jackRabbitServiceName | string | `"jackrabbit"` | Name of the Jackrabbit service. Please keep it as default. | +| global.lbIp | string | `"22.22.22.22"` | The Loadbalancer IP created by nginx or istio on clouds that provide static IPs. This is not needed if `global.fqdn` is globally resolvable. | +| global.nginx-ingress.enabled | bool | `true` | Boolean flag to enable/disable the nginx-ingress definitions chart. | +| global.opendj.enabled | bool | `false` | Boolean flag to enable/disable the OpenDJ chart. | +| global.opendj.ldapServiceName | string | `"opendj"` | Name of the OpenDJ service. Please keep it as default. | +| global.oxpassport.oxPassportServiceName | string | `"oxpassport"` | Name of the oxPassport service. Please keep it as default. | +| global.oxshibboleth.enabled | bool | `false` | Boolean flag to enable/disable the oxShibbboleth chart. | +| global.oxshibboleth.oxShibbolethServiceName | string | `"oxshibboleth"` | Name of the oxShibboleth service. Please keep it as default. | +| global.persistence.enabled | bool | `true` | Boolean flag to enable/disable the persistence chart. | +| global.scim.appLoggers | object | `{"ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"}` | App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. | +| global.scim.appLoggers.ldapStatsLogLevel | string | `"INFO"` | jans-scim_persistence_ldap_statistics.log level | +| global.scim.appLoggers.ldapStatsLogTarget | string | `"FILE"` | jans-scim_persistence_ldap_statistics.log target | +| global.scim.appLoggers.persistenceDurationLogLevel | string | `"INFO"` | jans-scim_persistence_duration.log level | +| global.scim.appLoggers.persistenceDurationLogTarget | string | `"FILE"` | jans-scim_persistence_duration.log target | +| global.scim.appLoggers.persistenceLogLevel | string | `"INFO"` | jans-scim_persistence.log level | +| global.scim.appLoggers.persistenceLogTarget | string | `"FILE"` | jans-scim_persistence.log target | +| global.scim.appLoggers.scimLogLevel | string | `"INFO"` | jans-scim.log level | +| global.scim.appLoggers.scimLogTarget | string | `"STDOUT"` | jans-scim.log target | +| global.scim.appLoggers.scriptLogLevel | string | `"INFO"` | jans-scim_script.log level | +| global.scim.appLoggers.scriptLogTarget | string | `"FILE"` | jans-scim_script.log target | +| global.scim.enabled | bool | `true` | Boolean flag to enable/disable the SCIM chart. | +| global.scim.scimServiceName | string | `"scim"` | Name of the scim service. Please keep it as default. | +| global.storageClass | object | `{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"}` | StorageClass section for Jackrabbit and OpenDJ charts. This is not currently used by the openbanking distribution. You may specify custom parameters as needed. | +| global.storageClass.parameters | object | `{}` | parameters: | +| global.upgrade.enabled | bool | `false` | Boolean flag used when running upgrading through versions command. Used when upgrading with LDAP as the persistence to load the 101x ldif. | +| global.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service. Envs defined in global.userEnvs will be globally available to all services | +| global.usrEnvs.normal | object | `{}` | Add custom normal envs to the service. variable1: value1 | +| global.usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 | +| installer-settings | object | `{"acceptLicense":"","aws":{"arn":{"arnAcmCert":"","enabled":""},"lbType":"","vpcCidr":"0.0.0.0/0"},"confirmSettings":false,"couchbase":{"backup":{"fullSchedule":"","incrementalSchedule":"","retentionTime":"","storageSize":""},"clusterName":"","commonName":"","customFileOverride":"","install":"","lowResourceInstall":"","namespace":"","subjectAlternativeName":"","totalNumberOfExpectedTransactionsPerSec":"","totalNumberOfExpectedUsers":"","volumeType":""},"currentVersion":"","google":{"useSecretManager":""},"images":{"edit":""},"jackrabbit":{"clusterMode":""},"ldap":{"backup":{"fullSchedule":""},"multiClusterIds":[],"subsequentCluster":""},"namespace":"","nginxIngress":{"namespace":"","releaseName":""},"nodes":{"ips":"","names":"","zones":""},"openbanking":{"cnObTransportTrustStoreP12password":"","hasCnObTransportTrustStore":false},"postgres":{"install":"","namespace":""},"redis":{"install":"","namespace":""},"releaseName":"","sql":{"install":"","namespace":""},"upgrade":{"image":{"repository":"","tag":""},"targetVersion":""},"volumeProvisionStrategy":""}` | Only used by the installer. These settings do not affect nor are used by the chart | +| jackrabbit | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/jackrabbit","tag":"5.0.0_dev"},"livenessProbe":{"initialDelaySeconds":25,"periodSeconds":25,"tcpSocket":{"port":"http-jackrabbit"},"timeoutSeconds":5},"readinessProbe":{"initialDelaySeconds":30,"periodSeconds":30,"tcpSocket":{"port":"http-jackrabbit"},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1500m","memory":"1000Mi"},"requests":{"cpu":"1500m","memory":"1000Mi"}},"secrets":{"cnJackrabbitAdminPassword":"Test1234#","cnJackrabbitPostgresPassword":"P@ssw0rd"},"storage":{"size":"5Gi"},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Jackrabbit Oak is a complementary implementation of the JCR specification. It is an effort to implement a scalable and performant hierarchical content repository for use as the foundation of modern world-class web sites and other demanding content applications https://jackrabbit.apache.org/jcr/index.html | +| jackrabbit.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| jackrabbit.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| jackrabbit.dnsConfig | object | `{}` | Add custom dns config | +| jackrabbit.dnsPolicy | string | `""` | Add custom dns policy | +| jackrabbit.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | +| jackrabbit.hpa.behavior | object | `{}` | Scaling Policies | +| jackrabbit.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| jackrabbit.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| jackrabbit.image.pullSecrets | list | `[]` | Image Pull Secrets | +| jackrabbit.image.repository | string | `"gluufederation/jackrabbit"` | Image to use for deploying. | +| jackrabbit.image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | +| jackrabbit.livenessProbe | object | `{"initialDelaySeconds":25,"periodSeconds":25,"tcpSocket":{"port":"http-jackrabbit"},"timeoutSeconds":5}` | Configure the liveness healthcheck for the Jackrabbit if needed. | +| jackrabbit.livenessProbe.tcpSocket | object | `{"port":"http-jackrabbit"}` | Executes tcp healthcheck. | +| jackrabbit.readinessProbe | object | `{"initialDelaySeconds":30,"periodSeconds":30,"tcpSocket":{"port":"http-jackrabbit"},"timeoutSeconds":5}` | Configure the readiness healthcheck for the Jackrabbit if needed. | +| jackrabbit.readinessProbe.tcpSocket | object | `{"port":"http-jackrabbit"}` | Executes tcp healthcheck. | +| jackrabbit.replicas | int | `1` | Service replica number. | +| jackrabbit.resources | object | `{"limits":{"cpu":"1500m","memory":"1000Mi"},"requests":{"cpu":"1500m","memory":"1000Mi"}}` | Resource specs. | +| jackrabbit.resources.limits.cpu | string | `"1500m"` | CPU limit. | +| jackrabbit.resources.limits.memory | string | `"1000Mi"` | Memory limit. | +| jackrabbit.resources.requests.cpu | string | `"1500m"` | CPU request. | +| jackrabbit.resources.requests.memory | string | `"1000Mi"` | Memory request. | +| jackrabbit.secrets.cnJackrabbitAdminPassword | string | `"Test1234#"` | Jackrabbit admin uid password | +| jackrabbit.secrets.cnJackrabbitPostgresPassword | string | `"P@ssw0rd"` | Jackrabbit Postgres uid password | +| jackrabbit.storage.size | string | `"5Gi"` | Jackrabbit volume size | +| jackrabbit.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| jackrabbit.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| jackrabbit.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| jackrabbit.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| jackrabbit.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| nginx-ingress | object | `{"ingress":{"additionalAnnotations":{},"additionalLabels":{},"adminUiAdditionalAnnotations":{},"adminUiEnabled":false,"adminUiLabels":{},"authServerAdditionalAnnotations":{},"authServerEnabled":true,"authServerLabels":{},"authServerProtectedRegister":false,"authServerProtectedRegisterAdditionalAnnotations":{},"authServerProtectedRegisterLabels":{},"authServerProtectedToken":false,"authServerProtectedTokenAdditionalAnnotations":{},"authServerProtectedTokenLabels":{},"configApiAdditionalAnnotations":{},"configApiEnabled":true,"configApiLabels":{},"fido2ConfigAdditionalAnnotations":{},"fido2ConfigEnabled":false,"fido2ConfigLabels":{},"hosts":["demoexample.gluu.org"],"openidAdditionalAnnotations":{},"openidConfigEnabled":true,"openidConfigLabels":{},"path":"/","scimAdditionalAnnotations":{},"scimConfigAdditionalAnnotations":{},"scimConfigEnabled":false,"scimConfigLabels":{},"scimEnabled":false,"scimLabels":{},"tls":[{"hosts":["demoexample.gluu.org"],"secretName":"tls-certificate"}],"u2fAdditionalAnnotations":{},"u2fConfigEnabled":true,"u2fConfigLabels":{},"uma2AdditionalAnnotations":{},"uma2ConfigEnabled":true,"uma2ConfigLabels":{},"webdiscoveryAdditionalAnnotations":{},"webdiscoveryEnabled":true,"webdiscoveryLabels":{},"webfingerAdditionalAnnotations":{},"webfingerEnabled":true,"webfingerLabels":{}}}` | Nginx ingress definitions chart | +| nginx-ingress.ingress.additionalAnnotations | object | `{}` | Additional annotations that will be added across all ingress definitions in the format of {cert-manager.io/issuer: "letsencrypt-prod"} Enable client certificate authentication nginx.ingress.kubernetes.io/auth-tls-verify-client: "optional" Create the secret containing the trusted ca certificates nginx.ingress.kubernetes.io/auth-tls-secret: "gluu/tls-certificate" Specify the verification depth in the client certificates chain nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1" Specify if certificates are passed to upstream server nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" | +| nginx-ingress.ingress.additionalLabels | object | `{}` | Additional labels that will be added across all ingress definitions in the format of {mylabel: "myapp"} | +| nginx-ingress.ingress.adminUiAdditionalAnnotations | object | `{}` | openid-configuration ingress resource additional annotations. | +| nginx-ingress.ingress.adminUiEnabled | bool | `false` | Enable Admin UI endpoints. COMING SOON. | +| nginx-ingress.ingress.adminUiLabels | object | `{}` | Admin UI ingress resource labels. key app is taken. | +| nginx-ingress.ingress.authServerAdditionalAnnotations | object | `{}` | Auth server ingress resource additional annotations. | +| nginx-ingress.ingress.authServerEnabled | bool | `true` | Enable Auth server endpoints /jans-auth | +| nginx-ingress.ingress.authServerLabels | object | `{}` | Auth server ingress resource labels. key app is taken | +| nginx-ingress.ingress.authServerProtectedRegister | bool | `false` | Enable mTLS onn Auth server endpoint /jans-auth/restv1/register | +| nginx-ingress.ingress.authServerProtectedRegisterAdditionalAnnotations | object | `{}` | Auth server protected register ingress resource additional annotations. | +| nginx-ingress.ingress.authServerProtectedRegisterLabels | object | `{}` | Auth server protected token ingress resource labels. key app is taken | +| nginx-ingress.ingress.authServerProtectedToken | bool | `false` | Enable mTLS on Auth server endpoint /jans-auth/restv1/token | +| nginx-ingress.ingress.authServerProtectedTokenAdditionalAnnotations | object | `{}` | Auth server protected token ingress resource additional annotations. | +| nginx-ingress.ingress.authServerProtectedTokenLabels | object | `{}` | Auth server protected token ingress resource labels. key app is taken | +| nginx-ingress.ingress.configApiAdditionalAnnotations | object | `{}` | ConfigAPI ingress resource additional annotations. | +| nginx-ingress.ingress.configApiLabels | object | `{}` | configAPI ingress resource labels. key app is taken | +| nginx-ingress.ingress.fido2ConfigAdditionalAnnotations | object | `{}` | fido2 config ingress resource additional annotations. | +| nginx-ingress.ingress.fido2ConfigEnabled | bool | `false` | Enable endpoint /.well-known/fido2-configuration | +| nginx-ingress.ingress.fido2ConfigLabels | object | `{}` | fido2 config ingress resource labels. key app is taken | +| nginx-ingress.ingress.openidAdditionalAnnotations | object | `{}` | openid-configuration ingress resource additional annotations. | +| nginx-ingress.ingress.openidConfigEnabled | bool | `true` | Enable endpoint /.well-known/openid-configuration | +| nginx-ingress.ingress.openidConfigLabels | object | `{}` | openid-configuration ingress resource labels. key app is taken | +| nginx-ingress.ingress.scimAdditionalAnnotations | object | `{}` | SCIM ingress resource additional annotations. | +| nginx-ingress.ingress.scimConfigAdditionalAnnotations | object | `{}` | SCIM config ingress resource additional annotations. | +| nginx-ingress.ingress.scimConfigEnabled | bool | `false` | Enable endpoint /.well-known/scim-configuration | +| nginx-ingress.ingress.scimConfigLabels | object | `{}` | SCIM config ingress resource labels. key app is taken | +| nginx-ingress.ingress.scimEnabled | bool | `false` | Enable SCIM endpoints /jans-scim | +| nginx-ingress.ingress.scimLabels | object | `{}` | SCIM config ingress resource labels. key app is taken | +| nginx-ingress.ingress.tls | list | `[{"hosts":["demoexample.gluu.org"],"secretName":"tls-certificate"}]` | Secrets holding HTTPS CA cert and key. | +| nginx-ingress.ingress.u2fAdditionalAnnotations | object | `{}` | u2f config ingress resource additional annotations. | +| nginx-ingress.ingress.u2fConfigEnabled | bool | `true` | Enable endpoint /.well-known/fido-configuration | +| nginx-ingress.ingress.u2fConfigLabels | object | `{}` | u2f config ingress resource labels. key app is taken | +| nginx-ingress.ingress.uma2AdditionalAnnotations | object | `{}` | uma2 config ingress resource additional annotations. | +| nginx-ingress.ingress.uma2ConfigEnabled | bool | `true` | Enable endpoint /.well-known/uma2-configuration | +| nginx-ingress.ingress.uma2ConfigLabels | object | `{}` | uma2 config ingress resource labels. key app is taken | +| nginx-ingress.ingress.webdiscoveryAdditionalAnnotations | object | `{}` | webdiscovery ingress resource additional annotations. | +| nginx-ingress.ingress.webdiscoveryEnabled | bool | `true` | Enable endpoint /.well-known/simple-web-discovery | +| nginx-ingress.ingress.webdiscoveryLabels | object | `{}` | webdiscovery ingress resource labels. key app is taken | +| nginx-ingress.ingress.webfingerAdditionalAnnotations | object | `{}` | webfinger ingress resource additional annotations. | +| nginx-ingress.ingress.webfingerEnabled | bool | `true` | Enable endpoint /.well-known/webfinger | +| nginx-ingress.ingress.webfingerLabels | object | `{}` | webfinger ingress resource labels. key app is taken | +| opendj | object | `{"additionalAnnotations":{},"additionalLabels":{},"backup":{"cronJobSchedule":"*/59 * * * *","enabled":true},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/opendj","tag":"5.0.0_dev"},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"multiCluster":{"clusterId":"","enabled":false,"namespaceIntId":0,"replicaCount":1,"serfAdvertiseAddrSuffix":"regional.gluu.org:30946","serfKey":"Z51b6PgKU1MZ75NCZOTGGoc0LP2OF3qvF6sjxHyQCYk=","serfPeers":["gluu-opendj-regional-0-regional.gluu.org:30946","gluu-opendj-regional-0-regional.gluu.org:31946"]},"persistence":{"size":"5Gi"},"ports":{"tcp-admin":{"nodePort":"","port":4444,"protocol":"TCP","targetPort":4444},"tcp-ldap":{"nodePort":"","port":1389,"protocol":"TCP","targetPort":1389},"tcp-ldaps":{"nodePort":"","port":1636,"protocol":"TCP","targetPort":1636},"tcp-repl":{"nodePort":"","port":8989,"protocol":"TCP","targetPort":8989},"tcp-serf":{"nodePort":"","port":7946,"protocol":"TCP","targetPort":7946},"udp-serf":{"nodePort":"","port":7946,"protocol":"UDP","targetPort":7946}},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":1636},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1500m","memory":"2000Mi"},"requests":{"cpu":"1500m","memory":"2000Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions. | +| opendj.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| opendj.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| opendj.backup | object | `{"cronJobSchedule":"*/59 * * * *","enabled":true}` | Configure ldap backup cronjob | +| opendj.dnsConfig | object | `{}` | Add custom dns config | +| opendj.dnsPolicy | string | `""` | Add custom dns policy | +| opendj.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | +| opendj.hpa.behavior | object | `{}` | Scaling Policies | +| opendj.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| opendj.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| opendj.image.pullSecrets | list | `[]` | Image Pull Secrets | +| opendj.image.repository | string | `"gluufederation/opendj"` | Image to use for deploying. | +| opendj.image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | +| opendj.livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for OpenDJ if needed. https://github.com/GluuFederation/docker-opendj/blob/master/scripts/healthcheck.py | +| opendj.livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. | +| opendj.multiCluster.clusterId | string | `""` | This id needs to be unique to each kubernetes cluster in a multi cluster setup west, east, south, north, region ...etc If left empty it will be randomly generated. | +| opendj.multiCluster.enabled | bool | `false` | Enable OpenDJ multiCluster mode. This flag enables loading keys under `opendj.multiCluster` | +| opendj.multiCluster.namespaceIntId | int | `0` | Namespace int id. This id needs to be a unique number 0-9 per gluu installation per namespace. Used when gluu is installed in the same kubernetes cluster more than once. | +| opendj.multiCluster.replicaCount | int | `1` | The number of opendj non scalabble statefulsets to create. Each pod created must be resolvable as it follows the patterm RELEASE-NAME-opendj-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }} If set to 1, with a release name of gluu, the address of the pod would be gluu-opendj-regional-0-regional.gluu.org | +| opendj.multiCluster.serfAdvertiseAddrSuffix | string | `"regional.gluu.org:30946"` | OpenDJ Serf advertise address suffix that will be added to each opendj replica. i.e RELEASE-NAME-opendj-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }} | +| opendj.multiCluster.serfKey | string | `"Z51b6PgKU1MZ75NCZOTGGoc0LP2OF3qvF6sjxHyQCYk="` | Serf key. This key will automatically sync across clusters. | +| opendj.multiCluster.serfPeers | list | `["gluu-opendj-regional-0-regional.gluu.org:30946","gluu-opendj-regional-0-regional.gluu.org:31946"]` | Serf peer addresses. One per cluster. | +| opendj.persistence.size | string | `"5Gi"` | OpenDJ volume size | +| opendj.readinessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":1636},"timeoutSeconds":5}` | Configure the readiness healthcheck for OpenDJ if needed. https://github.com/GluuFederation/docker-opendj/blob/master/scripts/healthcheck.py | +| opendj.replicas | int | `1` | Service replica number. | +| opendj.resources | object | `{"limits":{"cpu":"1500m","memory":"2000Mi"},"requests":{"cpu":"1500m","memory":"2000Mi"}}` | Resource specs. | +| opendj.resources.limits.cpu | string | `"1500m"` | CPU limit. | +| opendj.resources.limits.memory | string | `"2000Mi"` | Memory limit. | +| opendj.resources.requests.cpu | string | `"1500m"` | CPU request. | +| opendj.resources.requests.memory | string | `"2000Mi"` | Memory request. | +| opendj.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| opendj.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| opendj.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| opendj.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| opendj.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| oxpassport | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/oxpassport","tag":"5.0.0_dev"},"livenessProbe":{"failureThreshold":20,"httpGet":{"path":"/passport/health-check","port":"http-passport"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"failureThreshold":20,"httpGet":{"path":"/passport/health-check","port":"http-passport"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"700m","memory":"900Mi"},"requests":{"cpu":"700m","memory":"900Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Gluu interface to Passport.js to support social login and inbound identity. | +| oxpassport.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| oxpassport.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| oxpassport.dnsConfig | object | `{}` | Add custom dns config | +| oxpassport.dnsPolicy | string | `""` | Add custom dns policy | +| oxpassport.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | +| oxpassport.hpa.behavior | object | `{}` | Scaling Policies | +| oxpassport.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| oxpassport.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| oxpassport.image.pullSecrets | list | `[]` | Image Pull Secrets | +| oxpassport.image.repository | string | `"gluufederation/oxpassport"` | Image to use for deploying. | +| oxpassport.image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | +| oxpassport.livenessProbe | object | `{"failureThreshold":20,"httpGet":{"path":"/passport/health-check","port":"http-passport"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for oxPassport if needed. | +| oxpassport.livenessProbe.httpGet.path | string | `"/passport/health-check"` | http liveness probe endpoint | +| oxpassport.readinessProbe | object | `{"failureThreshold":20,"httpGet":{"path":"/passport/health-check","port":"http-passport"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the oxPassport if needed. | +| oxpassport.readinessProbe.httpGet.path | string | `"/passport/health-check"` | http readiness probe endpoint | +| oxpassport.replicas | int | `1` | Service replica number | +| oxpassport.resources | object | `{"limits":{"cpu":"700m","memory":"900Mi"},"requests":{"cpu":"700m","memory":"900Mi"}}` | Resource specs. | +| oxpassport.resources.limits.cpu | string | `"700m"` | CPU limit. | +| oxpassport.resources.limits.memory | string | `"900Mi"` | Memory limit. | +| oxpassport.resources.requests.cpu | string | `"700m"` | CPU request. | +| oxpassport.resources.requests.memory | string | `"900Mi"` | Memory request. | +| oxpassport.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| oxpassport.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| oxpassport.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| oxpassport.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| oxpassport.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| oxshibboleth | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/oxshibboleth","tag":"5.0.0_dev"},"livenessProbe":{"httpGet":{"path":"/idp","port":"http-oxshib"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"/idp","port":"http-oxshib"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Shibboleth project for the Gluu Server's SAML IDP functionality. | +| oxshibboleth.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| oxshibboleth.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| oxshibboleth.dnsConfig | object | `{}` | Add custom dns config | +| oxshibboleth.dnsPolicy | string | `""` | Add custom dns policy | +| oxshibboleth.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | +| oxshibboleth.hpa.behavior | object | `{}` | Scaling Policies | +| oxshibboleth.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| oxshibboleth.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| oxshibboleth.image.pullSecrets | list | `[]` | Image Pull Secrets | +| oxshibboleth.image.repository | string | `"gluufederation/oxshibboleth"` | Image to use for deploying. | +| oxshibboleth.image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | +| oxshibboleth.livenessProbe | object | `{"httpGet":{"path":"/idp","port":"http-oxshib"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the oxShibboleth if needed. | +| oxshibboleth.livenessProbe.httpGet.path | string | `"/idp"` | http liveness probe endpoint | +| oxshibboleth.readinessProbe | object | `{"httpGet":{"path":"/idp","port":"http-oxshib"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the casa if needed. | +| oxshibboleth.readinessProbe.httpGet.path | string | `"/idp"` | http liveness probe endpoint | +| oxshibboleth.replicas | int | `1` | Service replica number. | +| oxshibboleth.resources | object | `{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}}` | Resource specs. | +| oxshibboleth.resources.limits.cpu | string | `"1000m"` | CPU limit. | +| oxshibboleth.resources.limits.memory | string | `"1000Mi"` | Memory limit. | +| oxshibboleth.resources.requests.cpu | string | `"1000m"` | CPU request. | +| oxshibboleth.resources.requests.memory | string | `"1000Mi"` | Memory request. | +| oxshibboleth.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| oxshibboleth.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| oxshibboleth.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| oxshibboleth.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| oxshibboleth.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/persistence-loader","tag":"1.0.0-beta.14"},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and intial config for Gluu Server persistence layer. | +| persistence.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| persistence.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| persistence.dnsConfig | object | `{}` | Add custom dns config | +| persistence.dnsPolicy | string | `""` | Add custom dns policy | +| persistence.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| persistence.image.pullSecrets | list | `[]` | Image Pull Secrets | +| persistence.image.repository | string | `"janssenproject/persistence-loader"` | Image to use for deploying. | +| persistence.image.tag | string | `"1.0.0-beta.14"` | Image tag to use for deploying. | +| persistence.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | +| persistence.resources.limits.cpu | string | `"300m"` | CPU limit | +| persistence.resources.limits.memory | string | `"300Mi"` | Memory limit. | +| persistence.resources.requests.cpu | string | `"300m"` | CPU request. | +| persistence.resources.requests.memory | string | `"300Mi"` | Memory request. | +| persistence.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| persistence.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| persistence.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| persistence.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| persistence.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/scim","tag":"1.0.0-beta.14"},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"service":{"name":"http-scim","port":8080},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 | +| scim.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| scim.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| scim.dnsConfig | object | `{}` | Add custom dns config | +| scim.dnsPolicy | string | `""` | Add custom dns policy | +| scim.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | +| scim.hpa.behavior | object | `{}` | Scaling Policies | +| scim.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| scim.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| scim.image.pullSecrets | list | `[]` | Image Pull Secrets | +| scim.image.repository | string | `"janssenproject/scim"` | Image to use for deploying. | +| scim.image.tag | string | `"1.0.0-beta.14"` | Image tag to use for deploying. | +| scim.livenessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for SCIM if needed. | +| scim.livenessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http liveness probe endpoint | +| scim.readinessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the SCIM if needed. | +| scim.readinessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http readiness probe endpoint | +| scim.replicas | int | `1` | Service replica number. | +| scim.resources.limits.cpu | string | `"1000m"` | CPU limit. | +| scim.resources.limits.memory | string | `"1000Mi"` | Memory limit. | +| scim.resources.requests.cpu | string | `"1000m"` | CPU request. | +| scim.resources.requests.memory | string | `"1000Mi"` | Memory request. | +| scim.service.name | string | `"http-scim"` | The name of the scim port within the scim service. Please keep it as default. | +| scim.service.port | int | `8080` | Port of the scim service. Please keep it as default. | +| scim.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| scim.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| scim.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| scim.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| scim.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/jans/charts/auth-server-key-rotation/.helmignore b/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/.helmignore similarity index 100% rename from charts/jans/charts/auth-server-key-rotation/.helmignore rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/.helmignore diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/Chart.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/Chart.yaml new file mode 100644 index 00000000000..1c9eba0828c --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/Chart.yaml @@ -0,0 +1,21 @@ +# All Rights Reserved © 2021 +apiVersion: v2 +name: admin-ui +version: 5.0.2 +kubeVersion: ">=v1.21.0-0" +description: Admin GUI. Requires license. +type: application +keywords: + - Autherization + - OpenID + - GUI +home: https://gluu.org/docs/gluu-server +sources: + - https://github.com/GluuFederation/docker-gluu-admin-ui + - https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui +maintainers: + - name: Mohammad Abudayyeh + email: support@gluu.org + url: https://github.com/moabu +icon: https://gluu.org/docs/gluu-server/favicon.ico +appVersion: 5.0.0 diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/README.md b/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/README.md new file mode 100644 index 00000000000..56d9a9321a6 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/README.md @@ -0,0 +1,61 @@ +# admin-ui + +![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +Admin GUI. Requires license. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | + +## Source Code + +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| dnsConfig | object | `{}` | Add custom dns config | +| dnsPolicy | string | `""` | Add custom dns policy | +| hpa.behavior | object | `{}` | Scaling Policies | +| hpa.enabled | bool | `true` | | +| hpa.maxReplicas | int | `10` | | +| hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| hpa.minReplicas | int | `1` | | +| hpa.targetCPUUtilizationPercentage | int | `50` | | +| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| image.pullSecrets | list | `[]` | Image Pull Secrets | +| image.repository | string | `"gluufederation/admin-ui"` | Image to use for deploying. | +| image.tag | string | `"1.0.0-beta.14"` | Image tag to use for deploying. | +| livenessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":1636},"timeoutSeconds":5}` | Configure the liveness healthcheck for the admin ui if needed. | +| readinessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":1636},"timeoutSeconds":5}` | Configure the readiness healthcheck for the admin ui if needed. | +| replicas | int | `1` | Service replica number. | +| resources | object | `{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}}` | Resource specs. | +| resources.limits.cpu | string | `"2500m"` | CPU limit. | +| resources.limits.memory | string | `"2500Mi"` | Memory limit. | +| resources.requests.cpu | string | `"2500m"` | CPU request. | +| resources.requests.memory | string | `"2500Mi"` | Memory request. | +| service.name | string | `"http-admin-ui"` | The name of the admin ui port within the admin service. Please keep it as default. | +| service.port | int | `8080` | Port of the admin ui service. Please keep it as default. | +| service.sessionAffinity | string | `"None"` | Default set to None If you want to make sure that connections from a particular client are passed to the same Pod each time, you can select the session affinity based on the client's IP addresses by setting this to ClientIP | +| service.sessionAffinityConfig | object | `{"clientIP":{"timeoutSeconds":10800}}` | the maximum session sticky time if sessionAffinity is ClientIP | +| usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| volumes | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/jans/charts/config/templates/_helpers.tpl b/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/_helpers.tpl similarity index 83% rename from charts/jans/charts/config/templates/_helpers.tpl rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/_helpers.tpl index 83005bb3571..27e0aa19246 100644 --- a/charts/jans/charts/config/templates/_helpers.tpl +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/_helpers.tpl @@ -2,7 +2,7 @@ {{/* Expand the name of the chart. */}} -{{- define "config.name" -}} +{{- define "admin-ui.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -11,7 +11,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "config.fullname" -}} +{{- define "admin-ui.fullname" -}} {{- if .Values.fullnameOverride -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} @@ -27,16 +27,16 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "config.chart" -}} +{{- define "admin-ui.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Common labels */}} -{{- define "config.labels" -}} -app: {{ .Release.Name }}-{{ include "config.name" . }}-init-load -helm.sh/chart: {{ include "config.chart" . }} +{{- define "admin-ui.labels" -}} +app: {{ .Release.Name }}-{{ include "admin-ui.name" . }} +helm.sh/chart: {{ include "admin-ui.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} @@ -47,7 +47,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{/* Create user custom defined envs */}} -{{- define "config.usr-envs"}} +{{- define "admin-ui.usr-envs"}} {{- range $key, $val := .Values.usrEnvs.normal }} - name: {{ $key }} value: {{ $val }} @@ -57,7 +57,7 @@ Create user custom defined envs {{/* Create user custom defined secret envs */}} -{{- define "config.usr-secret-envs"}} +{{- define "admin-ui.usr-secret-envs"}} {{- range $key, $val := .Values.usrEnvs.secret }} - name: {{ $key }} valueFrom: diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/admin-ui-destination-rules.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/admin-ui-destination-rules.yaml new file mode 100644 index 00000000000..6643bee6614 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/admin-ui-destination-rules.yaml @@ -0,0 +1,23 @@ +{{- if .Values.global.istio.enabled }} +# All Rights Reserved © 2021 +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: {{ .Release.Name }}-admin-ui-mtls + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: admin-ui +{{ include "admin-ui.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + host: {{ index .Values "global" "admin-ui" "adminUiServiceName" }}.{{ .Release.Namespace }}.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL +{{- end }} \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/admin-ui-virtual-services.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/admin-ui-virtual-services.yaml new file mode 100644 index 00000000000..ce044cd007e --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/admin-ui-virtual-services.yaml @@ -0,0 +1,33 @@ +{{- if .Values.global.istio.enabled }} +# All Rights Reserved © 2021 +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ .Release.Name }}-istio-admin-ui + namespace: {{.Release.Namespace}} + labels: + APP_NAME: admin-ui +{{ include "admin-ui.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + hosts: + - {{ .Values.global.fqdn }} + gateways: + - {{ .Release.Name }}-global-gtw # can omit the namespace if gateway is in same namespace as virtual service. + http: + - name: "{{ .Release.Name }}-istio-cn" + match: + - uri: + prefix: "/admin" + route: + - destination: + host: {{ index .Values "global" "admin-ui" "adminUiServiceName" }}.{{ .Release.Namespace }}.svc.cluster.local + port: + number: 8080 +{{- end }} \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/deployment.yml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/deployment.yml new file mode 100644 index 00000000000..9a5995ce8fd --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/deployment.yml @@ -0,0 +1,143 @@ +# All Rights Reserved © 2021 +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "admin-ui.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: admin-ui +{{ include "admin-ui.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ .Release.Name }}-{{ include "admin-ui.name" . }} + template: + metadata: + labels: + APP_NAME: admin-ui + app: {{ .Release.Name }}-{{ include "admin-ui.name" . }} + {{- if .Values.global.istio.ingress }} + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "true" + {{- end }} + spec: + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- with .Values.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} + containers: + - name: {{ include "admin-ui.name" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + env: + {{- include "admin-ui.usr-envs" . | indent 12 }} + {{- include "admin-ui.usr-secret-envs" . | indent 12 }} + securityContext: + runAsUser: 1000 + runAsNonRoot: true + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + command: + - /bin/sh + - -c + - | + /usr/bin/python3 /scripts/updatelbip.py & + /app/scripts/entrypoint.sh + {{- end}} + ports: + - name: {{ .Values.service.name }} + containerPort: {{ .Values.service.port }} + envFrom: + - configMapRef: + name: {{ .Release.Name }}-config-cm + {{ if .Values.global.usrEnvs.secret }} + - secretRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + {{ if .Values.global.usrEnvs.normal }} + - configMapRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + volumeMounts: + {{- with .Values.volumeMounts }} +{{- toYaml . | nindent 10 }} + {{- end }} + {{- if .Values.global.jackrabbit.enabled }} + - name: cn-jackrabbit-admin-pass + mountPath: /etc/gluu/conf/jackrabbit_admin_password + subPath: jackrabbit_admin_password + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - mountPath: {{ .Values.global.cnGoogleApplicationCredentials }} + name: google-sa + subPath: google-credentials.json + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "admin-ui.fullname" .}}-updatelbip + mountPath: "/scripts" + {{- end }} + + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + mountPath: "/etc/certs/couchbase.crt" + subPath: couchbase.crt + {{- end }} + {{- end }} + livenessProbe: +{{- toYaml .Values.livenessProbe | nindent 10 }} + readinessProbe: +{{- toYaml .Values.readinessProbe | nindent 10 }} + {{- if or (eq .Values.global.storageClass.provisioner "microk8s.io/hostpath" ) (eq .Values.global.storageClass.provisioner "k8s.io/minikube-hostpath") }} + resources: {} + {{- else if .Values.global.cloud.testEnviroment }} + resources: {} + {{- else }} + resources: +{{- toYaml .Values.resources | nindent 10 }} + {{- end }} + {{- if not .Values.global.isFqdnRegistered }} + hostAliases: + - ip: {{ .Values.global.lbIp }} + hostnames: + - {{ .Values.global.fqdn }} + {{- end }} + volumes: + {{- with .Values.volumes }} +{{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.global.jackrabbit.enabled }} + - name: cn-jackrabbit-admin-pass + secret: + secretName: cn-jackrabbit-admin-pass + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - name: google-sa + secret: + secretName: {{ .Release.Name }}-google-sa + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + secret: + secretName: {{ .Release.Name }}-cb-crt + {{- end }} + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "admin-ui.fullname" . }}-updatelbip + configMap: + name: {{ .Release.Name }}-updatelbip + {{- end }} + \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/hpa.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/hpa.yaml new file mode 100644 index 00000000000..9b620839fff --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/hpa.yaml @@ -0,0 +1,38 @@ +{{ if .Values.hpa.enabled -}} +# All Rights Reserved © 2021 +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "admin-ui.fullname" . }} + labels: + APP_NAME: admin-ui +{{ include "admin-ui.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "admin-ui.fullname" . }} + minReplicas: {{ .Values.hpa.minReplicas }} + maxReplicas: {{ .Values.hpa.maxReplicas }} + {{- if .Values.hpa.targetCPUUtilizationPercentage }} + targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage }} + {{- else if .Values.hpa.metrics }} + metrics: + {{- with .Values.hpa.metrics }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + {{- if .Values.hpa.behavior }} + behavior: + {{- with .Values.hpa.behavior }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/service.yml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/service.yml new file mode 100644 index 00000000000..2cb02f0ebc2 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/service.yml @@ -0,0 +1,30 @@ +# All Rights Reserved © 2021 +apiVersion: v1 +kind: Service +metadata: + name: {{ index .Values "global" "admin-ui" "adminUiServiceName" }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: admin-ui +{{ include "admin-ui.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + {{- if .Values.global.alb.ingress }} + type: NodePort + {{- end }} + ports: + - port: {{ .Values.service.port }} + name: {{ .Values.service.name }} + selector: + app: {{ .Release.Name }}-{{ include "admin-ui.name" . }} #admin-ui + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- with .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: +{{ toYaml . | indent 4 }} + {{- end }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/user-custom-secret-envs.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/user-custom-secret-envs.yaml new file mode 100644 index 00000000000..95a833ca051 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/user-custom-secret-envs.yaml @@ -0,0 +1,22 @@ +{{ if .Values.usrEnvs.secret }} +# All Rights Reserved © 2021 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: + APP_NAME: admin-ui +{{ include "admin-ui.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/values.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/values.yaml new file mode 100644 index 00000000000..7a98d57ebfd --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/values.yaml @@ -0,0 +1,82 @@ +# All Rights Reserved © 2021 +# -- Admin GUI. Requires license. +# -- Configure the HorizontalPodAutoscaler +hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} +# -- Add custom normal and secret envs to the service +usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} +# -- Add custom dns policy +dnsPolicy: "" +# -- Add custom dns config +dnsConfig: {} +image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/admin-ui + # -- Image tag to use for deploying. + tag: 1.0.0-beta.14 + # -- Image Pull Secrets + pullSecrets: [ ] +# -- Service replica number. +replicas: 1 +# -- Resource specs. +resources: + limits: + # -- CPU limit. + cpu: 2500m + # -- Memory limit. + memory: 2500Mi + requests: + # -- CPU request. + cpu: 2500m + # -- Memory request. + memory: 2500Mi +service: + # -- The name of the admin ui port within the admin service. Please keep it as default. + name: http-admin-ui + # -- Port of the admin ui service. Please keep it as default. + port: 8080 + # -- Default set to None If you want to make sure that connections from a particular client are passed to the same Pod each time, you can select the session affinity based on the client's IP addresses by setting this to ClientIP + sessionAffinity: None + # -- the maximum session sticky time if sessionAffinity is ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 +# -- Configure the liveness healthcheck for the admin ui if needed. +livenessProbe: + tcpSocket: + port: 1636 + initialDelaySeconds: 60 + timeoutSeconds: 5 + periodSeconds: 25 + failureThreshold: 20 +# -- Configure the readiness healthcheck for the admin ui if needed. +readinessProbe: + tcpSocket: + port: 1636 + initialDelaySeconds: 60 + timeoutSeconds: 5 + periodSeconds: 25 + failureThreshold: 20 +volumes: [] +# -- Configure any additional volumesMounts that need to be attached to the containers +volumeMounts: [] + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } diff --git a/charts/jans/charts/auth-server/.helmignore b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/.helmignore similarity index 100% rename from charts/jans/charts/auth-server/.helmignore rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/.helmignore diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/Chart.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/Chart.yaml new file mode 100644 index 00000000000..c3462cd074f --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/Chart.yaml @@ -0,0 +1,20 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v2 +name: auth-server-key-rotation +version: 5.0.2 +kubeVersion: ">=v1.21.0-0" +description: Responsible for regenerating auth-keys per x hours +type: application +keywords: + - Auth keys Rotation +home: https://gluu.org/docs/gluu-server +sources: + - https://github.com/JanssenProject/docker-jans-certmanager + - https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation +maintainers: + - name: Mohammad Abudayyeh + email: support@gluu.org + url: https://github.com/moabu +icon: https://gluu.org/docs/gluu-server/favicon.ico +appVersion: "5.0.0" \ No newline at end of file diff --git a/charts/jans/charts/auth-server-key-rotation/README.md b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/README.md similarity index 60% rename from charts/jans/charts/auth-server-key-rotation/README.md rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/README.md index 51050758b9b..8a5ea814b41 100644 --- a/charts/jans/charts/auth-server-key-rotation/README.md +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/README.md @@ -1,37 +1,39 @@ # auth-server-key-rotation -![Version: 1.0.0-b11](https://img.shields.io/badge/Version-1.0.0--b11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0-b11](https://img.shields.io/badge/AppVersion-1.0.0--b11-informational?style=flat-square) +![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Responsible for regenerating auth-keys per x hours -**Homepage:** +**Homepage:** ## Maintainers | Name | Email | Url | | ---- | ------ | --- | -| Mohammad Abudayyeh | support@jans.io | https://github.com/moabu | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | ## Source Code * -* +* ## Requirements -Kubernetes: `>=v1.19.0-0` +Kubernetes: `>=v1.21.0-0` ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | | affinity | object | `{}` | | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/certmanager"` | Image to use for deploying. | -| image.tag | string | `"1.0.0_b11"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.0-beta.14"` | Image tag to use for deploying. | | keysLife | int | `48` | Auth server key rotation keys life in hours | | nodeSelector | object | `{}` | | | resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | diff --git a/charts/jans/charts/auth-server-key-rotation/templates/_helpers.tpl b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/templates/_helpers.tpl similarity index 100% rename from charts/jans/charts/auth-server-key-rotation/templates/_helpers.tpl rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/templates/_helpers.tpl diff --git a/charts/jans/charts/auth-server-key-rotation/templates/cronjobs.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/templates/cronjobs.yaml similarity index 83% rename from charts/jans/charts/auth-server-key-rotation/templates/cronjobs.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/templates/cronjobs.yaml index 1a1a028b551..a3436b8a5ed 100644 --- a/charts/jans/charts/auth-server-key-rotation/templates/cronjobs.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/templates/cronjobs.yaml @@ -1,4 +1,4 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 kind: CronJob apiVersion: batch/v1beta1 @@ -9,6 +9,13 @@ metadata: APP_NAME: auth-server-key-rotation release: {{ .Release.Name }} {{ include "auth-server-key-rotation.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} spec: schedule: "0 */{{ .Values.keysLife }} * * *" concurrencyPolicy: Forbid @@ -41,18 +48,10 @@ spec: name: google-sa subPath: google-credentials.json {{- end }} - {{- if eq .Values.global.cnPersistenceType "sql" }} - - name: sql-pass - mountPath: "/etc/jans/conf/sql_password" - subPath: sql_password - {{- end }} {{- with .Values.volumeMounts }} {{- toYaml . | nindent 16 }} {{- end }} {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} - - name: cb-pass - mountPath: "/etc/jans/conf/couchbase_password" - subPath: couchbase_password {{- if not .Values.global.istio.enabled }} - name: cb-crt mountPath: "/etc/certs/couchbase.crt" @@ -88,15 +87,7 @@ spec: secret: secretName: {{ .Release.Name }}-google-sa {{- end }} - {{- if eq .Values.global.cnPersistenceType "sql" }} - - name: sql-pass - secret: - secretName: {{ .Release.Name }}-sql-pass - {{- end }} {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} - - name: cb-pass - secret: - secretName: {{ .Release.Name }}-cb-pass {{- if not .Values.global.istio.enabled }} - name: cb-crt secret: diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/templates/service.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/templates/service.yaml new file mode 100644 index 00000000000..4b1f6ff0762 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/templates/service.yaml @@ -0,0 +1,25 @@ +{{- if .Values.global.istio.enabled }} +# License terms and conditions: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Service +metadata: + name: {{ include "auth-server-key-rotation.fullname" . }} + labels: +{{ include "auth-server-key-rotation.fullname" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + ports: + - name: http + port: 80 + targetPort: 8080 + selector: + app: {{ .Release.Name }}-{{ include "auth-server-key-rotation.name" . }} + type: ClusterIP +{{- end }} \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/templates/user-custom-secret-envs.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/templates/user-custom-secret-envs.yaml new file mode 100644 index 00000000000..187d0948f97 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/templates/user-custom-secret-envs.yaml @@ -0,0 +1,22 @@ +{{ if .Values.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: +{{ include "auth-server-key-rotation.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/charts/jans/charts/auth-server-key-rotation/values.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/values.yaml similarity index 72% rename from charts/jans/charts/auth-server-key-rotation/values.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/values.yaml index 223c6354ee8..d0a688239a4 100644 --- a/charts/jans/charts/auth-server-key-rotation/values.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/values.yaml @@ -1,4 +1,4 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 # -- Responsible for regenerating auth-keys per x hours # -- Add custom normal and secret envs to the service @@ -19,7 +19,7 @@ image: # -- Image to use for deploying. repository: janssenproject/certmanager # -- Image tag to use for deploying. - tag: 1.0.0_b11 + tag: 1.0.0-beta.14 # -- Image Pull Secrets pullSecrets: [ ] # -- Auth server key rotation keys life in hours @@ -41,4 +41,9 @@ nodeSelector: {} tolerations: [] -affinity: {} \ No newline at end of file +affinity: {} + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } \ No newline at end of file diff --git a/charts/jans/charts/client-api/.helmignore b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/.helmignore similarity index 100% rename from charts/jans/charts/client-api/.helmignore rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/.helmignore diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/Chart.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/Chart.yaml new file mode 100644 index 00000000000..95d4d18142f --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/Chart.yaml @@ -0,0 +1,22 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v2 +name: auth-server +version: 5.0.2 +kubeVersion: ">=v1.21.0-0" +description: OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. +type: application +keywords: + - Autherization + - OpenID +home: https://gluu.org/docs/gluu-server +sources: + - https://github.com/JanssenProject/jans-auth-server + - https://github.com/JanssenProject/docker-jans-auth-server + - https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/auth-server +maintainers: + - name: Mohammad Abudayyeh + email: support@gluu.org + url: https://github.com/moabu +icon: https://gluu.org/docs/gluu-server/favicon.ico +appVersion: 5.0.0 diff --git a/charts/jans/charts/auth-server/README.md b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/README.md similarity index 62% rename from charts/jans/charts/auth-server/README.md rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/README.md index 89f8cbe7e80..6e27a1ce639 100644 --- a/charts/jans/charts/auth-server/README.md +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/README.md @@ -1,31 +1,33 @@ # auth-server -![Version: 1.0.0-b11](https://img.shields.io/badge/Version-1.0.0--b11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0-b11](https://img.shields.io/badge/AppVersion-1.0.0--b11-informational?style=flat-square) +![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) -OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Janssen. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. +OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. -**Homepage:** +**Homepage:** ## Maintainers | Name | Email | Url | | ---- | ------ | --- | -| Mohammad Abudayyeh | support@jans.io | https://github.com/moabu | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | ## Source Code * * -* +* ## Requirements -Kubernetes: `>=v1.19.0-0` +Kubernetes: `>=v1.21.0-0` ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | | hpa.behavior | object | `{}` | Scaling Policies | @@ -37,10 +39,10 @@ Kubernetes: `>=v1.19.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/auth-server"` | Image to use for deploying. | -| image.tag | string | `"1.0.0_b11"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.0-beta.14"` | Image tag to use for deploying. | | livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | -| livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/JanssenFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py | -| readinessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. https://github.com/JanssenFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py | +| livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py | +| readinessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py | | replicas | int | `1` | Service replica number. | | resources | object | `{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}}` | Resource specs. | | resources.limits.cpu | string | `"2500m"` | CPU limit. | @@ -49,6 +51,8 @@ Kubernetes: `>=v1.19.0-0` | resources.requests.memory | string | `"2500Mi"` | Memory request. | | service.name | string | `"http-auth"` | The name of the oxauth port within the oxauth service. Please keep it as default. | | service.port | int | `8080` | Port of the oxauth service. Please keep it as default. | +| service.sessionAffinity | string | `"None"` | Default set to None If you want to make sure that connections from a particular client are passed to the same Pod each time, you can select the session affinity based on the client's IP addresses by setting this to ClientIP | +| service.sessionAffinityConfig | object | `{"clientIP":{"timeoutSeconds":10800}}` | the maximum session sticky time if sessionAffinity is ClientIP | | usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | | usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | | usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | diff --git a/charts/jans/charts/auth-server/templates/_helpers.tpl b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/templates/_helpers.tpl similarity index 100% rename from charts/jans/charts/auth-server/templates/_helpers.tpl rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/templates/_helpers.tpl diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/templates/auth-server-destination-rules.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/templates/auth-server-destination-rules.yaml new file mode 100644 index 00000000000..4c83973a7f5 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/templates/auth-server-destination-rules.yaml @@ -0,0 +1,24 @@ +{{- if .Values.global.istio.enabled }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: {{ .Release.Name }}-auth-server-mtls + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: auth-server +{{ include "auth-server.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + host: {{ index .Values "global" "auth-server" "authServerServiceName" }}.{{ .Release.Namespace }}.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL +{{- end }} \ No newline at end of file diff --git a/charts/jans/charts/auth-server/templates/auth-server-virtual-services.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/templates/auth-server-virtual-services.yaml similarity index 87% rename from charts/jans/charts/auth-server/templates/auth-server-virtual-services.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/templates/auth-server-virtual-services.yaml index 164a32ca47a..0a88915702f 100644 --- a/charts/jans/charts/auth-server/templates/auth-server-virtual-services.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/templates/auth-server-virtual-services.yaml @@ -1,11 +1,21 @@ {{- if .Values.global.istio.enabled }} -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: {{ .Release.Name }}-istio-auth-server namespace: {{.Release.Namespace}} + labels: + APP_NAME: auth-server +{{ include "auth-server.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} spec: hosts: - {{ .Values.global.fqdn }} diff --git a/charts/jans/charts/auth-server/templates/deployment.yml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/templates/deployment.yml similarity index 93% rename from charts/jans/charts/auth-server/templates/deployment.yml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/templates/deployment.yml index 5959354a896..d05ad6905e3 100644 --- a/charts/jans/charts/auth-server/templates/deployment.yml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/templates/deployment.yml @@ -1,4 +1,4 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: apps/v1 kind: Deployment @@ -8,6 +8,13 @@ metadata: labels: APP_NAME: auth-server {{ include "auth-server.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} spec: replicas: {{ .Values.replicas }} selector: @@ -103,6 +110,11 @@ spec: mountPath: /etc/certs/ob-transport-truststore.p12 subPath: ob-transport-truststore.p12 {{- end }} + {{- if .Values.global.jackrabbit.enabled }} + - name: cn-jackrabbit-admin-pass + mountPath: /etc/gluu/conf/jackrabbit_admin_password + subPath: jackrabbit_admin_password + {{- end }} {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} - mountPath: {{ .Values.global.cnGoogleApplicationCredentials }} name: google-sa @@ -112,15 +124,9 @@ spec: - name: {{ include "auth-server.fullname" .}}-updatelbip mountPath: "/scripts" {{- end }} - {{- if eq .Values.global.cnPersistenceType "sql" }} - - name: sql-pass - mountPath: "/etc/jans/conf/sql_password" - subPath: sql_password - {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} - - name: cb-pass - mountPath: "/etc/jans/conf/couchbase_password" - subPath: couchbase_password + {{- if not .Values.global.istio.enabled }} - name: cb-crt mountPath: "/etc/certs/couchbase.crt" @@ -202,20 +208,19 @@ spec: secret: secretName: {{ .Release.Name }}-ob-transport-truststore {{- end }} + {{- if .Values.global.jackrabbit.enabled }} + - name: cn-jackrabbit-admin-pass + secret: + secretName: cn-jackrabbit-admin-pass + {{- end }} {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} - name: google-sa secret: secretName: {{ .Release.Name }}-google-sa {{- end }} - {{- if eq .Values.global.cnPersistenceType "sql" }} - - name: sql-pass - secret: - secretName: {{ .Release.Name }}-sql-pass - {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} - - name: cb-pass - secret: - secretName: {{ .Release.Name }}-cb-pass + {{- if not .Values.global.istio.enabled }} - name: cb-crt secret: diff --git a/charts/jans/charts/auth-server/templates/hpa.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/templates/hpa.yaml similarity index 68% rename from charts/jans/charts/auth-server/templates/hpa.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/templates/hpa.yaml index c94608decf4..859a3986ed9 100644 --- a/charts/jans/charts/auth-server/templates/hpa.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/templates/hpa.yaml @@ -1,10 +1,20 @@ {{ if .Values.hpa.enabled -}} -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: autoscaling/v1 kind: HorizontalPodAutoscaler metadata: name: {{ include "auth-server.fullname" . }} + labels: + APP_NAME: auth-server +{{ include "auth-server.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} spec: scaleTargetRef: apiVersion: apps/v1 diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/templates/service.yml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/templates/service.yml new file mode 100644 index 00000000000..c5a83f91d5b --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/templates/service.yml @@ -0,0 +1,31 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Service +metadata: + name: {{ index .Values "global" "auth-server" "authServerServiceName" }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: auth-server +{{ include "auth-server.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + {{- if .Values.global.alb.ingress }} + type: NodePort + {{- end }} + ports: + - port: {{ .Values.service.port }} + name: {{ .Values.service.name }} + selector: + app: {{ .Release.Name }}-{{ include "auth-server.name" . }} #auth-server + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- with .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: +{{ toYaml . | indent 4 }} + {{- end }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/templates/user-custom-secret-envs.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/templates/user-custom-secret-envs.yaml new file mode 100644 index 00000000000..1903a4f60dc --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/templates/user-custom-secret-envs.yaml @@ -0,0 +1,23 @@ +{{ if .Values.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: + APP_NAME: auth-server +{{ include "auth-server.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/charts/jans/charts/auth-server/values.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/values.yaml similarity index 65% rename from charts/jans/charts/auth-server/values.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/values.yaml index 4998532e364..bc35f36eed1 100644 --- a/charts/jans/charts/auth-server/values.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/values.yaml @@ -1,6 +1,6 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 -# -- OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Janssen. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. +# -- OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. # -- Configure the HorizontalPodAutoscaler hpa: enabled: true @@ -29,7 +29,7 @@ image: # -- Image to use for deploying. repository: janssenproject/auth-server # -- Image tag to use for deploying. - tag: 1.0.0_b11 + tag: 1.0.0-beta.14 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -51,10 +51,16 @@ service: name: http-auth # -- Port of the oxauth service. Please keep it as default. port: 8080 + # -- Default set to None If you want to make sure that connections from a particular client are passed to the same Pod each time, you can select the session affinity based on the client's IP addresses by setting this to ClientIP + sessionAffinity: None + # -- the maximum session sticky time if sessionAffinity is ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 # -- Configure the liveness healthcheck for the auth server if needed. livenessProbe: # -- Executes the python3 healthcheck. - # https://github.com/JanssenFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py + # https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py exec: command: - python3 @@ -63,7 +69,7 @@ livenessProbe: periodSeconds: 30 timeoutSeconds: 5 # -- Configure the readiness healthcheck for the auth server if needed. -# https://github.com/JanssenFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py +# https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py readinessProbe: exec: command: @@ -75,3 +81,8 @@ readinessProbe: volumes: [] # -- Configure any additional volumesMounts that need to be attached to the containers volumeMounts: [] + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } diff --git a/charts/jans/charts/cn-istio-ingress/.helmignore b/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/.helmignore similarity index 100% rename from charts/jans/charts/cn-istio-ingress/.helmignore rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/.helmignore diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/Chart.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/Chart.yaml new file mode 100644 index 00000000000..57f9e6cb8a4 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/Chart.yaml @@ -0,0 +1,23 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v2 +name: casa +version: 5.0.2 +kubeVersion: ">=v1.21.0-0" +description: Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. +type: application +keywords: + - casa + - 2FA + - passwordless +home: https://gluu.org/docs/casa/ +sources: + - https://gluu.org/docs/casa/ + - https://github.com/GluuFederation/docker-casa + - https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/casa +maintainers: + - name: Mohammad Abudayyeh + email: support@gluu.org + url: https://github.com/moabu +icon: https://casa.gluu.org/wp-content/themes/gluucasa/casafavicon.ico +appVersion: "5.0.0" diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/README.md b/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/README.md new file mode 100644 index 00000000000..350f103557c --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/README.md @@ -0,0 +1,68 @@ +# casa + +![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | + +## Source Code + +* +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| dnsConfig | object | `{}` | Add custom dns config | +| dnsPolicy | string | `""` | Add custom dns policy | +| fullnameOverride | string | `""` | | +| hpa.behavior | object | `{}` | Scaling Policies | +| hpa.enabled | bool | `true` | | +| hpa.maxReplicas | int | `10` | | +| hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| hpa.minReplicas | int | `1` | | +| hpa.targetCPUUtilizationPercentage | int | `50` | | +| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| image.pullSecrets | list | `[]` | Image Pull Secrets | +| image.repository | string | `"gluufederation/casa"` | Image to use for deploying. | +| image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | +| livenessProbe | object | `{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for casa if needed. | +| livenessProbe.httpGet.path | string | `"/casa/health-check"` | http liveness probe endpoint | +| nameOverride | string | `""` | | +| podSecurityContext | object | `{}` | | +| readinessProbe | object | `{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the readiness healthcheck for the casa if needed. | +| readinessProbe.httpGet.path | string | `"/casa/health-check"` | http readiness probe endpoint | +| replicas | int | `1` | Service replica number. | +| resources | object | `{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}}` | Resource specs. | +| resources.limits.cpu | string | `"500m"` | CPU limit. | +| resources.limits.memory | string | `"500Mi"` | Memory limit. | +| resources.requests.cpu | string | `"500m"` | CPU request. | +| resources.requests.memory | string | `"500Mi"` | Memory request. | +| securityContext | object | `{}` | | +| service.name | string | `"http-casa"` | The name of the casa port within the casa service. Please keep it as default. | +| service.port | int | `8080` | Port of the casa service. Please keep it as default. | +| service.sessionAffinity | string | `"None"` | Default set to None If you want to make sure that connections from a particular client are passed to the same Pod each time, you can select the session affinity based on the client's IP addresses by setting this to ClientIP | +| service.sessionAffinityConfig | object | `{"clientIP":{"timeoutSeconds":10800}}` | the maximum session sticky time if sessionAffinity is ClientIP | +| usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/_helpers.tpl b/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/_helpers.tpl new file mode 100644 index 00000000000..07d38cacf81 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/_helpers.tpl @@ -0,0 +1,79 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "casa.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "casa.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "casa.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "casa.labels" -}} +app: {{ .Release.Name }}-{{ include "casa.name" . }} +helm.sh/chart: {{ include "casa.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "casa.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "casa.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create user custom defined envs +*/}} +{{- define "casa.usr-envs"}} +{{- range $key, $val := .Values.usrEnvs.normal }} +- name: {{ $key }} + value: {{ $val }} +{{- end }} +{{- end }} + +{{/* +Create user custom defined secret envs +*/}} +{{- define "casa.usr-secret-envs"}} +{{- range $key, $val := .Values.usrEnvs.secret }} +- name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs + key: {{ $key }} +{{- end }} +{{- end }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/casa-destination-rules.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/casa-destination-rules.yaml new file mode 100644 index 00000000000..1bab638b870 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/casa-destination-rules.yaml @@ -0,0 +1,24 @@ +{{- if .Values.global.istio.enabled }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: {{ .Release.Name }}-casa-mtls + namespace: {{.Release.Namespace}} + labels: + APP_NAME: casa +{{ include "casa.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + host: {{ .Values.global.casa.casaServiceName }}.{{ .Release.Namespace }}.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL +{{- end }} \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/casa-virtual-services.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/casa-virtual-services.yaml new file mode 100644 index 00000000000..066009a6833 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/casa-virtual-services.yaml @@ -0,0 +1,35 @@ +{{- if .Values.global.istio.ingress }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ .Release.Name }}-istio-casa + namespace: {{.Release.Namespace}} + labels: + APP_NAME: casa +{{ include "casa.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + gateways: + - {{ .Release.Name }}-global-gtw + hosts: + - {{ .Values.global.fqdn }} + http: + - name: {{ .Release.Name }}-istio-casa + match: + - uri: + exact: /casa + route: + - destination: + host: {{ .Values.global.casa.casaServiceName }}.{{.Release.Namespace}}.svc.cluster.local + port: + number: 8080 + weight: 100 +{{- end }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/deployment.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/deployment.yaml new file mode 100644 index 00000000000..466e29812db --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/deployment.yaml @@ -0,0 +1,150 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "casa.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: casa +{{ include "casa.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ .Release.Name }}-{{ include "casa.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + APP_NAME: casa + app: {{ .Release.Name }}-{{ include "casa.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.global.istio.ingress }} + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "true" + {{- end }} + spec: + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- with .Values.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} + + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ include "casa.name" . }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + env: + {{- include "casa.usr-envs" . | indent 12 }} + {{- include "casa.usr-secret-envs" . | indent 12 }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + command: + - /bin/sh + - -c + - | + /usr/bin/python3 /scripts/updatelbip.py & + /app/scripts/entrypoint.sh + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: {{ .Values.service.name }} + containerPort: {{ .Values.service.port}} + protocol: TCP + envFrom: + - configMapRef: + name: {{ .Release.Name }}-config-cm + {{ if .Values.global.usrEnvs.secret }} + - secretRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + {{ if .Values.global.usrEnvs.normal }} + - configMapRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + volumeMounts: + {{- with .Values.volumeMounts }} +{{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.global.jackrabbit.enabled }} + - name: cn-jackrabbit-admin-pass + mountPath: /etc/gluu/conf/jackrabbit_admin_password + subPath: jackrabbit_admin_password + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - mountPath: {{ .Values.global.cnGoogleApplicationCredentials }} + name: google-sa + subPath: google-credentials.json + {{- end }} + + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "casa.fullname" .}}-updatelbip + mountPath: "/scripts" + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + mountPath: "/etc/certs/couchbase.crt" + subPath: couchbase.crt + {{- end }} + {{- end }} + livenessProbe: +{{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: +{{- toYaml .Values.readinessProbe | nindent 12 }} + {{- if or (eq .Values.global.storageClass.provisioner "microk8s.io/hostpath" ) (eq .Values.global.storageClass.provisioner "k8s.io/minikube-hostpath") }} + resources: {} + {{- else if .Values.global.cloud.testEnviroment }} + resources: {} + {{- else }} + resources: +{{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumes: + {{- with .Values.volumes }} +{{- toYaml . | nindent 8 }} + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - name: google-sa + secret: + secretName: {{ .Release.Name }}-google-sa + {{- end }} + + {{- if .Values.global.jackrabbit.enabled }} + - name: cn-jackrabbit-admin-pass + secret: + secretName: cn-jackrabbit-admin-pass + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + secret: + secretName: {{ .Release.Name }}-cb-crt + {{- end }} + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "casa.fullname" . }}-updatelbip + configMap: + name: {{ .Release.Name }}-updatelbip + {{- end }} + {{- if not .Values.global.isFqdnRegistered }} + hostAliases: + - ip: {{ .Values.global.lbIp }} + hostnames: + - {{ .Values.global.fqdn }} + {{- end }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/hpa.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/hpa.yaml new file mode 100644 index 00000000000..835909e4961 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/hpa.yaml @@ -0,0 +1,39 @@ +{{ if .Values.hpa.enabled -}} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "casa.fullname" . }} + labels: + APP_NAME: casa +{{ include "casa.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "casa.fullname" . }} + minReplicas: {{ .Values.hpa.minReplicas }} + maxReplicas: {{ .Values.hpa.maxReplicas }} + {{- if .Values.hpa.targetCPUUtilizationPercentage }} + targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage }} + {{- else if .Values.hpa.metrics }} + metrics: + {{- with .Values.hpa.metrics }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + {{- if .Values.hpa.behavior }} + behavior: + {{- with .Values.hpa.behavior }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/service.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/service.yaml new file mode 100644 index 00000000000..ab4cf59b102 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/service.yaml @@ -0,0 +1,32 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.global.casa.casaServiceName }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: casa +{{ include "casa.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + {{- if .Values.global.alb.ingress }} + type: NodePort + {{- end }} + ports: + - port: {{ .Values.service.port }} + name: {{ .Values.service.name }} + selector: + app: {{ .Release.Name }}-{{ include "casa.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- with .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: +{{ toYaml . | indent 4 }} + {{- end }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/user-custom-secret-envs.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/user-custom-secret-envs.yaml new file mode 100644 index 00000000000..253106b46e9 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/user-custom-secret-envs.yaml @@ -0,0 +1,23 @@ +{{ if .Values.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: + APP_NAME: casa +{{ include "casa.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/values.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/values.yaml new file mode 100644 index 00000000000..36139212676 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/casa/values.yaml @@ -0,0 +1,100 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +# -- Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. +# -- Configure the HorizontalPodAutoscaler +hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} +# -- Add custom normal and secret envs to the service +usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} +# -- Add custom dns policy +dnsPolicy: "" +# -- Add custom dns config +dnsConfig: {} +image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/casa + # -- Image tag to use for deploying. + tag: 5.0.0_dev + # -- Image Pull Secrets + pullSecrets: [ ] +# -- Service replica number. +replicas: 1 +# -- Resource specs. +resources: + limits: + # -- CPU limit. + cpu: 500m + # -- Memory limit. + memory: 500Mi + requests: + # -- CPU request. + cpu: 500m + # -- Memory request. + memory: 500Mi +service: + # -- Port of the casa service. Please keep it as default. + port: 8080 + # -- The name of the casa port within the casa service. Please keep it as default. + name: http-casa + # -- Default set to None If you want to make sure that connections from a particular client are passed to the same Pod each time, you can select the session affinity based on the client's IP addresses by setting this to ClientIP + sessionAffinity: None + # -- the maximum session sticky time if sessionAffinity is ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 +# -- Configure the liveness healthcheck for casa if needed. +livenessProbe: + httpGet: + # -- http liveness probe endpoint + path: /casa/health-check + port: http-casa + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 +# -- Configure the readiness healthcheck for the casa if needed. +readinessProbe: + httpGet: + # -- http readiness probe endpoint + path: /casa/health-check + port: http-casa + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 +# -- Configure any additional volumes that need to be attached to the pod +volumes: [] +# -- Configure any additional volumesMounts that need to be attached to the containers +volumeMounts: [] + +nameOverride: "" +fullnameOverride: "" + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } \ No newline at end of file diff --git a/charts/jans/charts/config-api/.helmignore b/helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/.helmignore similarity index 100% rename from charts/jans/charts/config-api/.helmignore rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/.helmignore diff --git a/charts/jans/charts/client-api/Chart.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/Chart.yaml similarity index 64% rename from charts/jans/charts/client-api/Chart.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/Chart.yaml index b038558676a..be6477ecb7c 100644 --- a/charts/jans/charts/client-api/Chart.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/Chart.yaml @@ -1,22 +1,22 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: v2 name: client-api -version: 1.0.0-b11 -kubeVersion: ">=v1.19.0-0" +version: 5.0.2 +kubeVersion: ">=v1.21.0-0" description: Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting. type: application keywords: - client - API -home: https://jans.org/docs/oxd +home: https://gluu.org/docs/oxd sources: - https://github.com/JanssenProject/jans-client-api - https://github.com/JanssenProject/docker-jans-client-api - - https://github.com/JanssenFederation/cloud-native-edition/tree/master/pyjans/kubernetes/templates/helm/jans/charts/client-api + - https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/client-api maintainers: - name: Mohammad Abudayyeh - email: support@jans.io + email: support@gluu.org url: https://github.com/moabu -icon: https://jans.io/favicon.ico -appVersion: "1.0.0-b11" +icon: https://gluu.org/docs/gluu-server/favicon.ico +appVersion: "5.0.0" diff --git a/charts/jans/charts/client-api/README.md b/helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/README.md similarity index 64% rename from charts/jans/charts/client-api/README.md rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/README.md index dcdebfa7a64..7d8ebaf9493 100644 --- a/charts/jans/charts/client-api/README.md +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/README.md @@ -1,31 +1,33 @@ # client-api -![Version: 1.0.0-b11](https://img.shields.io/badge/Version-1.0.0--b11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0-b11](https://img.shields.io/badge/AppVersion-1.0.0--b11-informational?style=flat-square) +![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting. -**Homepage:** +**Homepage:** ## Maintainers | Name | Email | Url | | ---- | ------ | --- | -| Mohammad Abudayyeh | support@jans.io | https://github.com/moabu | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | ## Source Code * * -* +* ## Requirements -Kubernetes: `>=v1.19.0-0` +Kubernetes: `>=v1.21.0-0` ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | | affinity | object | `{}` | | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | @@ -38,17 +40,19 @@ Kubernetes: `>=v1.19.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/client-api"` | Image to use for deploying. | -| image.tag | string | `"1.0.0_b11"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.0-beta.14"` | Image tag to use for deploying. | | livenessProbe | object | `{"exec":{"command":["curl","-k","https://localhost:8443/health-check"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | livenessProbe.exec | object | `{"command":["curl","-k","https://localhost:8443/health-check"]}` | Executes the python3 healthcheck. | | nodeSelector | object | `{}` | | -| readinessProbe | object | `{"exec":{"command":["curl","-k","https://localhost:8443/health-check"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. | +| readinessProbe | object | `{"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8443},"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. | | replicas | int | `1` | Service replica number. | | resources | object | `{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}}` | Resource specs. | | resources.limits.cpu | string | `"1000m"` | CPU limit. | | resources.limits.memory | string | `"400Mi"` | Memory limit. | | resources.requests.cpu | string | `"1000m"` | CPU request. | | resources.requests.memory | string | `"400Mi"` | Memory request. | +| service.sessionAffinity | string | `"None"` | Default set to None If you want to make sure that connections from a particular client are passed to the same Pod each time, you can select the session affinity based on the client's IP addresses by setting this to ClientIP | +| service.sessionAffinityConfig | object | `{"clientIP":{"timeoutSeconds":10800}}` | the maximum session sticky time if sessionAffinity is ClientIP | | tolerations | list | `[]` | | | usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | | usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | diff --git a/charts/jans/charts/client-api/templates/_helpers.tpl b/helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/templates/_helpers.tpl similarity index 100% rename from charts/jans/charts/client-api/templates/_helpers.tpl rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/templates/_helpers.tpl diff --git a/charts/jans/charts/client-api/templates/client-api-destination-rules.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/templates/client-api-destination-rules.yaml similarity index 53% rename from charts/jans/charts/client-api/templates/client-api-destination-rules.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/templates/client-api-destination-rules.yaml index 9bebcc09bea..22f580790ea 100644 --- a/charts/jans/charts/client-api/templates/client-api-destination-rules.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/templates/client-api-destination-rules.yaml @@ -1,11 +1,21 @@ {{- if .Values.global.istio.enabled }} -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: {{ .Release.Name }}-client-api-mtls namespace: {{.Release.Namespace}} + labels: + APP_NAME: client-api +{{ include "client-api.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} spec: host: {{ index .Values "global" "client-api" "clientApiServerServiceName" }}.{{ .Release.Namespace }}.svc.cluster.local trafficPolicy: diff --git a/charts/jans/charts/client-api/templates/deployment.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/templates/deployment.yaml similarity index 87% rename from charts/jans/charts/client-api/templates/deployment.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/templates/deployment.yaml index 92e24fcb5de..7b28bda8bf1 100644 --- a/charts/jans/charts/client-api/templates/deployment.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/templates/deployment.yaml @@ -1,4 +1,4 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: apps/v1 kind: Deployment @@ -8,6 +8,13 @@ metadata: labels: APP_NAME: client-api {{ include "client-api.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} spec: replicas: {{ .Values.replicas }} selector: @@ -79,15 +86,8 @@ spec: name: google-sa subPath: google-credentials.json {{- end }} - {{- if eq .Values.global.cnPersistenceType "sql" }} - - name: sql-pass - mountPath: "/etc/jans/conf/sql_password" - subPath: sql_password - {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} - - name: cb-pass - mountPath: "/etc/jans/conf/couchbase_password" - subPath: couchbase_password {{- if not .Values.global.istio.enabled }} - name: cb-crt mountPath: "/etc/certs/couchbase.crt" @@ -115,15 +115,9 @@ spec: secret: secretName: {{ .Release.Name }}-google-sa {{- end }} - {{- if eq .Values.global.cnPersistenceType "sql" }} - - name: sql-pass - secret: - secretName: {{ .Release.Name }}-sql-pass - {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} - - name: cb-pass - secret: - secretName: {{ .Release.Name }}-cb-pass + {{- if not .Values.global.istio.enabled }} - name: cb-crt secret: @@ -135,7 +129,7 @@ spec: configMap: name: {{ .Release.Name }}-updatelbip {{- end }} - {{- if not .Values.global.isFqdnRegistered }} + {{- if not .Values.global.isFqdnRegistered }} hostAliases: - ip: {{ .Values.global.lbIp }} hostnames: diff --git a/charts/jans/charts/client-api/templates/hpa.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/templates/hpa.yaml similarity index 68% rename from charts/jans/charts/client-api/templates/hpa.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/templates/hpa.yaml index 453a914dde0..2409795f233 100644 --- a/charts/jans/charts/client-api/templates/hpa.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/templates/hpa.yaml @@ -1,10 +1,20 @@ {{ if .Values.hpa.enabled -}} -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: autoscaling/v1 kind: HorizontalPodAutoscaler metadata: name: {{ include "client-api.fullname" . }} + labels: + APP_NAME: client-api +{{ include "client-api.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} spec: scaleTargetRef: apiVersion: apps/v1 diff --git a/charts/jans/charts/client-api/templates/networkpolicy.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/templates/networkpolicy.yaml similarity index 67% rename from charts/jans/charts/client-api/templates/networkpolicy.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/templates/networkpolicy.yaml index 263aed447f9..fa3093109e8 100644 --- a/charts/jans/charts/client-api/templates/networkpolicy.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/templates/networkpolicy.yaml @@ -3,6 +3,16 @@ apiVersion: networking.k8s.io/v1 metadata: namespace: {{ .Release.Namespace }} name: client-api-policy + labels: + APP_NAME: client-api +{{ include "client-api.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} spec: policyTypes: - Ingress diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/templates/service.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/templates/service.yaml new file mode 100644 index 00000000000..286f7c751d1 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/templates/service.yaml @@ -0,0 +1,31 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Service +metadata: + # the name must match the application + name: {{ index .Values "global" "client-api" "clientApiServerServiceName" }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: client-api +{{ include "client-api.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + ports: + - port: 8444 + name: tcp-{{ include "client-api.name" . }}-admin-gui + - port: 8443 + name: tcp-{{ include "client-api.name" . }}-app-connector + selector: + app: {{ .Release.Name }}-{{ include "client-api.name" . }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- with .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: +{{ toYaml . | indent 4 }} + {{- end }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/templates/user-custom-secret-envs.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/templates/user-custom-secret-envs.yaml new file mode 100644 index 00000000000..fe356f484af --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/templates/user-custom-secret-envs.yaml @@ -0,0 +1,23 @@ +{{ if .Values.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: + APP_NAME: client-api +{{ include "client-api.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/charts/jans/charts/client-api/values.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/values.yaml similarity index 70% rename from charts/jans/charts/client-api/values.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/values.yaml index bb13128ab96..235a14929b8 100644 --- a/charts/jans/charts/client-api/values.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/client-api/values.yaml @@ -1,4 +1,4 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 # -- Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting. # -- Configure the HorizontalPodAutoscaler @@ -29,7 +29,7 @@ image: # -- Image to use for deploying. repository: janssenproject/client-api # -- Image tag to use for deploying. - tag: 1.0.0_b11 + tag: 1.0.0-beta.14 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -46,6 +46,13 @@ resources: cpu: 1000m # -- Memory request. memory: 400Mi +service: + # -- Default set to None If you want to make sure that connections from a particular client are passed to the same Pod each time, you can select the session affinity based on the client's IP addresses by setting this to ClientIP + sessionAffinity: None + # -- the maximum session sticky time if sessionAffinity is ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 # -- Configure the liveness healthcheck for the auth server if needed. livenessProbe: # -- Executes the python3 healthcheck. @@ -59,14 +66,11 @@ livenessProbe: timeoutSeconds: 5 # -- Configure the readiness healthcheck for the auth server if needed. readinessProbe: - exec: - command: - - curl - - -k - - https://localhost:8443/health-check - initialDelaySeconds: 25 - periodSeconds: 25 + tcpSocket: + port: 8443 + initialDelaySeconds: 60 timeoutSeconds: 5 + periodSeconds: 25 # -- Configure any additional volumes that need to be attached to the pod volumes: [] # -- Configure any additional volumesMounts that need to be attached to the containers @@ -77,3 +81,8 @@ nodeSelector: {} tolerations: [] affinity: {} + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } diff --git a/charts/jans/charts/persistence/.helmignore b/helm/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/.helmignore similarity index 100% rename from charts/jans/charts/persistence/.helmignore rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/.helmignore diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/Chart.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/Chart.yaml new file mode 100644 index 00000000000..5126ccde6ed --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/Chart.yaml @@ -0,0 +1,21 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v2 +name: cn-istio-ingress +version: 5.0.2 +kubeVersion: ">=v1.21.0-0" +description: Istio Gateway +type: application +keywords: + - istio + - gateway +home: https://gluu.org/docs/gluu-server/ +sources: + - https://gluu.org/docs/gluu-server/ + - https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress +maintainers: + - name: Mohammad Abudayyeh + email: support@gluu.org + url: https://github.com/moabu +icon: https://gluu.org/docs/gluu-server/favicon.ico +appVersion: "5.0.0" diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/README.md b/helm/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/README.md new file mode 100644 index 00000000000..a75a6c9ea3b --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/README.md @@ -0,0 +1,25 @@ +# cn-istio-ingress + +![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +Istio Gateway + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | + +## Source Code + +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/jans/charts/cn-istio-ingress/templates/_helpers.tpl b/helm/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/templates/_helpers.tpl similarity index 100% rename from charts/jans/charts/cn-istio-ingress/templates/_helpers.tpl rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/templates/_helpers.tpl diff --git a/charts/jans/charts/cn-istio-ingress/templates/gateway.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/templates/gateway.yaml similarity index 68% rename from charts/jans/charts/cn-istio-ingress/templates/gateway.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/templates/gateway.yaml index 2e206e4eb6e..e6013652c82 100644 --- a/charts/jans/charts/cn-istio-ingress/templates/gateway.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/templates/gateway.yaml @@ -3,6 +3,14 @@ kind: Gateway metadata: name: {{ .Release.Name }}-global-gtw namespace: {{ .Release.Namespace }} +{{- if .Values.global.istio.additionalLabels }} + labels: +{{ toYaml .Values.global.istio.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.global.istio.additionalAnnotations }} + annotations: +{{ toYaml .Values.global.istio.additionalAnnotations | indent 4 }} +{{- end }} spec: selector: istio: ingressgateway diff --git a/charts/jans/charts/cn-istio-ingress/values.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/values.yaml similarity index 100% rename from charts/jans/charts/cn-istio-ingress/values.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/values.yaml diff --git a/charts/jans/charts/fido2/.helmignore b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config-api/.helmignore similarity index 100% rename from charts/jans/charts/fido2/.helmignore rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/config-api/.helmignore diff --git a/charts/jans/charts/config-api/Chart.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config-api/Chart.yaml similarity index 57% rename from charts/jans/charts/config-api/Chart.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/config-api/Chart.yaml index e506af2a87a..c9255f40218 100644 --- a/charts/jans/charts/config-api/Chart.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config-api/Chart.yaml @@ -1,22 +1,22 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: v2 name: config-api -version: 1.0.0-b11 -kubeVersion: ">=v1.19.0-0" +version: 5.0.2 +kubeVersion: ">=v1.21.0-0" description: Jans Config Api endpoints can be used to configure jans-auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS) type: application keywords: - configuration - API -home: https://jans.io +home: https://gluu.org/docs/gluu-server sources: - https://github.com/JanssenProject/jans-config-api - https://github.com/JanssenProject/docker-jans-config-api - - https://github.com/JanssenFederation/cloud-native-edition/tree/master/pyjans/kubernetes/templates/helm/jans/charts/config-api + - https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/config-api maintainers: - name: Mohammad Abudayyeh - email: support@jans.io + email: support@gluu.org url: https://github.com/moabu -icon: https://jans.io/favicon.ico -appVersion: "1.0.0-b11" +icon: https://gluu.org/docs/gluu-server/favicon.ico +appVersion: "5.0.0" diff --git a/charts/jans/charts/config-api/README.md b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config-api/README.md similarity index 65% rename from charts/jans/charts/config-api/README.md rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/config-api/README.md index 2854fbd521c..fe557b9d75a 100644 --- a/charts/jans/charts/config-api/README.md +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config-api/README.md @@ -1,31 +1,33 @@ # config-api -![Version: 1.0.0-b11](https://img.shields.io/badge/Version-1.0.0--b11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0-b11](https://img.shields.io/badge/AppVersion-1.0.0--b11-informational?style=flat-square) +![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Jans Config Api endpoints can be used to configure jans-auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS) -**Homepage:** +**Homepage:** ## Maintainers | Name | Email | Url | | ---- | ------ | --- | -| Mohammad Abudayyeh | support@jans.io | https://github.com/moabu | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | ## Source Code * * -* +* ## Requirements -Kubernetes: `>=v1.19.0-0` +Kubernetes: `>=v1.21.0-0` ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | | affinity | object | `{}` | | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | @@ -39,12 +41,12 @@ Kubernetes: `>=v1.19.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/config-api"` | Image to use for deploying. | -| image.tag | string | `"1.0.0_b11"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.0-beta.14"` | Image tag to use for deploying. | | livenessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | -| livenessProbe.httpGet | object | `{"path":"/jans-config-api/api/v1/health/live","port":8074}` | Executes the python3 healthcheck. https://github.com/JanssenFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py | +| livenessProbe.httpGet | object | `{"path":"/jans-config-api/api/v1/health/live","port":8074}` | Executes the python3 healthcheck. https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py | | nameOverride | string | `""` | | | nodeSelector | object | `{}` | | -| readinessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. https://github.com/JanssenFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py | +| readinessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py | | replicas | int | `1` | Service replica number. | | resources | object | `{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}}` | Resource specs. | | resources.limits.cpu | string | `"2500m"` | CPU limit. | @@ -52,6 +54,8 @@ Kubernetes: `>=v1.19.0-0` | resources.requests.cpu | string | `"2500m"` | CPU request. | | resources.requests.memory | string | `"2500Mi"` | Memory request. | | service.name | string | `"http-config-api"` | The name of the config-api port within the config-api service. Please keep it as default. | +| service.sessionAffinity | string | `"None"` | Default set to None If you want to make sure that connections from a particular client are passed to the same Pod each time, you can select the session affinity based on the client's IP addresses by setting this to ClientIP | +| service.sessionAffinityConfig | object | `{"clientIP":{"timeoutSeconds":10800}}` | the maximum session sticky time if sessionAffinity is ClientIP | | tolerations | list | `[]` | | | usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | | usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | diff --git a/charts/jans/charts/config-api/templates/_helpers.tpl b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config-api/templates/_helpers.tpl similarity index 100% rename from charts/jans/charts/config-api/templates/_helpers.tpl rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/config-api/templates/_helpers.tpl diff --git a/charts/jans/charts/config-api/templates/config-api-destination-rules.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config-api/templates/config-api-destination-rules.yaml similarity index 53% rename from charts/jans/charts/config-api/templates/config-api-destination-rules.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/config-api/templates/config-api-destination-rules.yaml index 8a3ce219a9a..78a019dd48a 100644 --- a/charts/jans/charts/config-api/templates/config-api-destination-rules.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config-api/templates/config-api-destination-rules.yaml @@ -1,11 +1,21 @@ {{- if .Values.global.istio.enabled }} -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: {{ .Release.Name }}-config-api-mtls namespace: {{.Release.Namespace}} + labels: + APP_NAME: config-api +{{ include "config-api.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} spec: host: {{ index .Values "global" "config-api" "configApiServerServiceName" }}.{{ .Release.Namespace }}.svc.cluster.local trafficPolicy: diff --git a/charts/jans/charts/config-api/templates/deployment.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config-api/templates/deployment.yaml similarity index 69% rename from charts/jans/charts/config-api/templates/deployment.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/config-api/templates/deployment.yaml index 1d992b23cc8..5301f551cc4 100644 --- a/charts/jans/charts/config-api/templates/deployment.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config-api/templates/deployment.yaml @@ -1,4 +1,4 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: apps/v1 kind: Deployment @@ -8,6 +8,13 @@ metadata: labels: APP_NAME: config-api {{ include "config-api.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} spec: replicas: {{ .Values.replicas }} selector: @@ -61,20 +68,27 @@ spec: {{- with .Values.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} + {{- if index .Values "global" "admin-ui" "enabled" }} + - mountPath: {{ index .Values "global" "admin-ui" "adminUiApiKeyFile" }} + name: admin-ui-license-api-key + subPath: admin_ui_api_key + - mountPath: {{ index .Values "global" "admin-ui" "adminUiProductCodeFile" }} + name: admin-ui-license-product-code + subPath: admin_ui_product_code + - mountPath: {{ index .Values "global" "admin-ui" "adminUiSharedKeyFile" }} + name: admin-ui-license-shared-key + subPath: admin_ui_shared_key + - mountPath: {{ index .Values "global" "admin-ui" "adminUiManagementKeyFile" }} + name: admin-ui-license-management-key + subPath: admin_ui_management_key + {{- end }} {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} - mountPath: {{ .Values.global.cnGoogleApplicationCredentials }} name: google-sa subPath: google-credentials.json {{- end }} - {{- if eq .Values.global.cnPersistenceType "sql" }} - - name: sql-pass - mountPath: "/etc/jans/conf/sql_password" - subPath: sql_password - {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} - - name: cb-pass - mountPath: "/etc/jans/conf/couchbase_password" - subPath: couchbase_password {{- if not .Values.global.istio.enabled }} - name: cb-crt mountPath: "/etc/certs/couchbase.crt" @@ -97,20 +111,40 @@ spec: {{- with .Values.volumes }} {{- toYaml . | nindent 8 }} {{- end }} + {{- if index .Values "global" "admin-ui" "enabled" }} + - name: admin-ui-license-api-key + secret: + secretName: {{ .Release.Name }}-admin-ui-license + items: + - key: admin_ui_api_key + path: admin_ui_api_key + - name: admin-ui-license-product-code + secret: + secretName: {{ .Release.Name }}-admin-ui-license + items: + - key: admin_ui_product_code + path: admin_ui_product_code + - name: admin-ui-license-shared-key + secret: + secretName: {{ .Release.Name }}-admin-ui-license + items: + - key: admin_ui_shared_key + path: admin_ui_shared_key + - name: admin-ui-license-management-key + secret: + secretName: {{ .Release.Name }}-admin-ui-license + items: + - key: admin_ui_management_key + path: admin_ui_management_key + {{- end }} {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} - name: google-sa secret: secretName: {{ .Release.Name }}-google-sa {{- end }} - {{- if eq .Values.global.cnPersistenceType "sql" }} - - name: sql-pass - secret: - secretName: {{ .Release.Name }}-sql-pass - {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} - - name: cb-pass - secret: - secretName: {{ .Release.Name }}-cb-pass + {{- if not .Values.global.istio.enabled }} - name: cb-crt secret: diff --git a/charts/jans/charts/config-api/templates/hpa.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config-api/templates/hpa.yaml similarity index 68% rename from charts/jans/charts/config-api/templates/hpa.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/config-api/templates/hpa.yaml index 004cd90e415..8807ac220ac 100644 --- a/charts/jans/charts/config-api/templates/hpa.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config-api/templates/hpa.yaml @@ -1,10 +1,20 @@ {{ if .Values.hpa.enabled -}} -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: autoscaling/v1 kind: HorizontalPodAutoscaler metadata: name: {{ include "config-api.fullname" . }} + labels: + APP_NAME: config-api +{{ include "config-api.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} spec: scaleTargetRef: apiVersion: apps/v1 diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/config-api/templates/service.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config-api/templates/service.yaml new file mode 100644 index 00000000000..527971c98d3 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config-api/templates/service.yaml @@ -0,0 +1,31 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Service +metadata: + # the name must match the application + name: {{ index .Values "global" "config-api" "configApiServerServiceName" }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: config-api +{{ include "config-api.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + ports: + - port: 9444 + name: tcp-{{ include "config-api.name" . }}-ssl + - port: 8074 + name: tcp-{{ include "config-api.name" . }}-http + selector: + app: {{ .Release.Name }}-{{ include "config-api.name" . }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- with .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: +{{ toYaml . | indent 4 }} + {{- end }} diff --git a/charts/jans/charts/config-api/values.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config-api/values.yaml similarity index 65% rename from charts/jans/charts/config-api/values.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/config-api/values.yaml index ce39383e4f4..aed84071dc0 100644 --- a/charts/jans/charts/config-api/values.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config-api/values.yaml @@ -1,6 +1,6 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 -# -- Janssen Admin UI. This shouldn't be internet facing. +# -- Gluu Admin UI. This shouldn't be internet facing. # -- Configure the HorizontalPodAutoscaler hpa: enabled: true @@ -34,7 +34,7 @@ image: # -- Image to use for deploying. repository: janssenproject/config-api # -- Image tag to use for deploying. - tag: 1.0.0_b11 + tag: 1.0.0-beta.14 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -54,10 +54,16 @@ resources: service: # -- The name of the config-api port within the config-api service. Please keep it as default. name: http-config-api + # -- Default set to None If you want to make sure that connections from a particular client are passed to the same Pod each time, you can select the session affinity based on the client's IP addresses by setting this to ClientIP + sessionAffinity: None + # -- the maximum session sticky time if sessionAffinity is ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 # -- Configure the liveness healthcheck for the auth server if needed. livenessProbe: # -- Executes the python3 healthcheck. - # https://github.com/JanssenFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py + # https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py httpGet: path: /jans-config-api/api/v1/health/live port: 8074 @@ -65,7 +71,7 @@ livenessProbe: periodSeconds: 30 timeoutSeconds: 5 # -- Configure the readiness healthcheck for the auth server if needed. -# https://github.com/JanssenFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py +# https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py readinessProbe: httpGet: path: /jans-config-api/api/v1/health/ready @@ -83,4 +89,9 @@ affinity: {} # -- Configure any additional volumes that need to be attached to the pod volumes: [] # -- Configure any additional volumesMounts that need to be attached to the containers -volumeMounts: [] \ No newline at end of file +volumeMounts: [] + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } diff --git a/charts/jans/charts/config/.helmignore b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/.helmignore similarity index 100% rename from charts/jans/charts/config/.helmignore rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/config/.helmignore diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/Chart.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/Chart.yaml new file mode 100644 index 00000000000..38fb62ac79a --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/Chart.yaml @@ -0,0 +1,22 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v2 +name: config +version: 5.0.2 +kubeVersion: ">=v1.21.0-0" +description: Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. +type: application +keywords: + - configuration + - secrets +home: https://gluu.org/docs/gluu-server/reference/container-configs/ +sources: + - https://gluu.org/docs/gluu-server/reference/container-configs/ + - https://github.com/JanssenProject/docker-jans-configurator + - https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/config +maintainers: + - name: Mohammad Abudayyeh + email: support@gluu.org + url: https://github.com/moabu +icon: https://gluu.org/docs/gluu-server/favicon.ico +appVersion: "5.0.0" diff --git a/charts/jans/charts/config/README.md b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/README.md similarity index 65% rename from charts/jans/charts/config/README.md rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/config/README.md index e2679de8856..40b52512e08 100644 --- a/charts/jans/charts/config/README.md +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/README.md @@ -1,68 +1,83 @@ # config -![Version: 1.0.0-b11](https://img.shields.io/badge/Version-1.0.0--b11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0-b11](https://img.shields.io/badge/AppVersion-1.0.0--b11-informational?style=flat-square) +![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) -Configuration parameters for setup and initial configuration secret and config layers used by Janssen services. +Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. -**Homepage:** +**Homepage:** ## Maintainers | Name | Email | Url | | ---- | ------ | --- | -| Mohammad Abudayyeh | support@jans.io | https://github.com/moabu | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | ## Source Code -* -* -* +* +* +* ## Requirements -Kubernetes: `>=v1.19.0-0` +Kubernetes: `>=v1.21.0-0` ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | | adminPassword | string | `"Test1234#"` | Admin password to log in to the UI. | | city | string | `"Austin"` | City. Used for certificate creation. | +| cnOxtrustConfigGeneration | bool | `true` | | | configmap.cnCacheType | string | `"NATIVE_PERSISTENCE"` | Cache type. `NATIVE_PERSISTENCE`, `REDIS`. or `IN_MEMORY`. Defaults to `NATIVE_PERSISTENCE` . | +| configmap.cnCasaEnabled | bool | `false` | Enable Casa flag . | | configmap.cnClientApiAdminCertCn | string | `"client-api"` | Client-api OAuth client admin certificate common name. This should be left to the default value client-api . | | configmap.cnClientApiApplicationCertCn | string | `"client-api"` | Client-api OAuth client application certificate common name. This should be left to the default value client-api. | | configmap.cnClientApiBindIpAddresses | string | `"*"` | Client-api bind address. This limits what ip ranges can access the client-api. This should be left as * and controlled by a NetworkPolicy | -| configmap.cnConfigGoogleSecretNamePrefix | string | `"jans"` | Prefix for Janssen configuration secret in Google Secret Manager. Defaults to jans. If left intact jans-configuration secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| configmap.cnConfigGoogleSecretNamePrefix | string | `"gluu"` | Prefix for Gluu configuration secret in Google Secret Manager. Defaults to gluu. If left intact gluu-configuration secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | | configmap.cnConfigGoogleSecretVersionId | string | `"latest"` | Secret version to be used for configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | | configmap.cnConfigKubernetesConfigMap | string | `"cn"` | The name of the Kubernetes ConfigMap that will hold the configuration layer | -| configmap.cnCouchbaseBucketPrefix | string | `"jans"` | The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Janssen. | +| configmap.cnCouchbaseBucketPrefix | string | `"jans"` | The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Gluu. | | configmap.cnCouchbaseCertFile | string | `"/etc/certs/couchbase.crt"` | Location of `couchbase.crt` used by Couchbase SDK for tls termination. The file path must end with couchbase.crt. In mTLS setups this is not required. | | configmap.cnCouchbaseCrt | string | `"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo="` | Couchbase certificate authority string. This must be encoded using base64. This can also be found in your couchbase UI Security > Root Certificate. In mTLS setups this is not required. | | configmap.cnCouchbaseIndexNumReplica | int | `0` | The number of replicas per index created. Please note that the number of index nodes must be one greater than the number of index replicas. That means if your couchbase cluster only has 2 index nodes you cannot place the number of replicas to be higher than 1. | | configmap.cnCouchbasePassword | string | `"P@ssw0rd"` | Couchbase password for the restricted user config.configmap.cnCouchbaseUser that is often used inside the services. The password must contain one digit, one uppercase letter, one lower case letter and one symbol . | -| configmap.cnCouchbasePasswordFile | string | `"/etc/jans/conf/couchbase_password"` | The location of the Couchbase restricted user config.configmap.cnCouchbaseUser password. The file path must end with couchbase_password | +| configmap.cnCouchbasePasswordFile | string | `"/etc/gluu/conf/couchbase_password"` | The location of the Couchbase restricted user config.configmap.cnCouchbaseUser password. The file path must end with couchbase_password | | configmap.cnCouchbaseSuperUser | string | `"admin"` | The Couchbase super user (admin) user name. This user is used during initialization only. | | configmap.cnCouchbaseSuperUserPassword | string | `"Test1234#"` | Couchbase password for the super user config.configmap.cnCouchbaseSuperUser that is used during the initialization process. The password must contain one digit, one uppercase letter, one lower case letter and one symbol | -| configmap.cnCouchbaseSuperUserPasswordFile | string | `"/etc/jans/conf/couchbase_superuser_password"` | The location of the Couchbase restricted user config.configmap.cnCouchbaseSuperUser password. The file path must end with couchbase_superuser_password. | -| configmap.cnCouchbaseUrl | string | `"cbjans.default.svc.cluster.local"` | Couchbase URL. Used only when global.cnPersistenceType is hybrid or couchbase. This should be in FQDN format for either remote or local Couchbase clusters. The address can be an internal address inside the kubernetes cluster | -| configmap.cnCouchbaseUser | string | `"jans"` | Couchbase restricted user. Used only when global.cnPersistenceType is hybrid or couchbase. | -| configmap.cnDocumentStoreType | string | `"LOCAL"` | Document store type to use for shibboleth files JCA or LOCAL. Note that if JCA is selected Apache Jackrabbit will be used. Jackrabbit also enables loading custom files across all services easily. | +| configmap.cnCouchbaseSuperUserPasswordFile | string | `"/etc/gluu/conf/couchbase_superuser_password"` | The location of the Couchbase restricted user config.configmap.cnCouchbaseSuperUser password. The file path must end with couchbase_superuser_password. | +| configmap.cnCouchbaseUrl | string | `"cbgluu.default.svc.cluster.local"` | Couchbase URL. Used only when global.cnPersistenceType is hybrid or couchbase. This should be in FQDN format for either remote or local Couchbase clusters. The address can be an internal address inside the kubernetes cluster | +| configmap.cnCouchbaseUser | string | `"gluu"` | Couchbase restricted user. Used only when global.cnPersistenceType is hybrid or couchbase. | +| configmap.cnDocumentStoreType | string | `"JCA"` | Document store type to use for shibboleth files JCA or LOCAL. Note that if JCA is selected Apache Jackrabbit will be used. Jackrabbit also enables loading custom files across all services easily. | | configmap.cnGoogleProjectId | string | `"google-project-to-save-config-and-secrets-to"` | Project id of the google project the secret manager belongs to. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | -| configmap.cnGoogleSecretManagerPassPhrase | string | `"Test1234#"` | Passphrase for Janssen secret in Google Secret Manager. This is used for encrypting and decrypting data from the Google Secret Manager. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| configmap.cnGoogleSecretManagerPassPhrase | string | `"Test1234#"` | Passphrase for Gluu secret in Google Secret Manager. This is used for encrypting and decrypting data from the Google Secret Manager. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | | configmap.cnGoogleSecretManagerServiceAccount | string | `"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo="` | | | configmap.cnGoogleSpannerDatabaseId | string | `""` | Google Spanner Database ID. Used only when global.cnPersistenceType is spanner. | | configmap.cnGoogleSpannerInstanceId | string | `""` | | +| configmap.cnJackrabbitAdminId | string | `"admin"` | Jackrabbit admin uid. | +| configmap.cnJackrabbitAdminIdFile | string | `"/etc/gluu/conf/jackrabbit_admin_id"` | The location of the Jackrabbit admin uid config.cnJackrabbitAdminId. The file path must end with jackrabbit_admin_id. | +| configmap.cnJackrabbitAdminPasswordFile | string | `"/etc/gluu/conf/jackrabbit_admin_password"` | The location of the Jackrabbit admin password jackrabbit.secrets.cnJackrabbitAdminPassword. The file path must end with jackrabbit_admin_password. | +| configmap.cnJackrabbitPostgresDatabaseName | string | `"jackrabbit"` | Jackrabbit postgres database name. | +| configmap.cnJackrabbitPostgresHost | string | `"postgresql.postgres.svc.cluster.local"` | Postgres url | +| configmap.cnJackrabbitPostgresPasswordFile | string | `"/etc/gluu/conf/postgres_password"` | The location of the Jackrabbit postgres password file jackrabbit.secrets.cnJackrabbitPostgresPassword. The file path must end with postgres_password. | +| configmap.cnJackrabbitPostgresPort | int | `5432` | Jackrabbit Postgres port | +| configmap.cnJackrabbitPostgresUser | string | `"jackrabbit"` | Jackrabbit Postgres uid | +| configmap.cnJackrabbitSyncInterval | int | `300` | Interval between files sync (default to 300 seconds). | +| configmap.cnJackrabbitUrl | string | `"http://jackrabbit:8080"` | Jackrabbit internal url. Normally left as default. | | configmap.cnJettyRequestHeaderSize | int | `8192` | Jetty header size in bytes in the auth server | | configmap.cnLdapUrl | string | `"opendj:1636"` | | | configmap.cnMaxRamPercent | string | `"75.0"` | Value passed to Java option -XX:MaxRAMPercentage | -| configmap.cnPersistenceLdapMapping | string | `"default"` | Boolean flag to enable/disable passport chart -- Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`. | +| configmap.cnPassportEnabled | bool | `false` | Boolean flag to enable/disable passport chart | +| configmap.cnPersistenceLdapMapping | string | `"default"` | Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`. | | configmap.cnRedisSentinelGroup | string | `""` | Redis Sentinel Group. Often set when `config.configmap.cnRedisType` is set to `SENTINEL`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | | configmap.cnRedisSslTruststore | string | `""` | Redis SSL truststore. Optional. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | | configmap.cnRedisType | string | `"STANDALONE"` | Redis service type. `STANDALONE` or `CLUSTER`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | | configmap.cnRedisUrl | string | `"redis.redis.svc.cluster.local:6379"` | Redis URL and port number :. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | | configmap.cnRedisUseSsl | bool | `false` | Boolean to use SSL in Redis. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | | configmap.cnSamlEnabled | bool | `false` | Enable SAML-related features; UI menu, etc. | -| configmap.cnSecretGoogleSecretNamePrefix | string | `"jans"` | Prefix for Janssen secret in Google Secret Manager. Defaults to jans. If left jans-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| configmap.cnSecretGoogleSecretNamePrefix | string | `"gluu"` | Prefix for Gluu secret in Google Secret Manager. Defaults to gluu. If left gluu-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | | configmap.cnSecretGoogleSecretVersionId | string | `"latest"` | | | configmap.cnSecretKubernetesSecret | string | `"cn"` | Kubernetes secret name holding configuration keys. Used when global.configSecretAdapter is set to kubernetes which is the default. | | configmap.cnSqlDbDialect | string | `"mysql"` | SQL database dialect. `mysql` or `pgsql` | @@ -78,18 +93,18 @@ Kubernetes: `>=v1.19.0-0` | countryCode | string | `"US"` | Country code. Used for certificate creation. | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | -| email | string | `"support@jans.io"` | Email address of the administrator usually. Used for certificate creation. | +| email | string | `"support@gluu.org"` | Email address of the administrator usually. Used for certificate creation. | | fullNameOverride | string | `""` | | | image.pullSecrets | list | `[]` | Image Pull Secrets | -| image.repository | string | `"janssenproject/configuration-manager"` | Image to use for deploying. | -| image.tag | string | `"1.0.0_b11"` | Image tag to use for deploying. | +| image.repository | string | `"janssenproject/configurator"` | Image to use for deploying. | +| image.tag | string | `"1.0.0-beta.14"` | Image tag to use for deploying. | | ldapPassword | string | `"P@ssw0rds"` | LDAP admin password if OpennDJ is used for persistence. | | migration | object | `{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"}` | CE to CN Migration section | | migration.enabled | bool | `false` | Boolean flag to enable migration from CE | | migration.migrationDataFormat | string | `"ldif"` | migration data-format depending on persistence backend. Supported data formats are ldif, couchbase+json, spanner+avro, postgresql+json, and mysql+json. | | migration.migrationDir | string | `"/ce-migration"` | Directory holding all migration files | | nameOverride | string | `""` | | -| orgName | string | `"Janssen"` | Organization name. Used for certificate creation. | +| orgName | string | `"Gluu"` | Organization name. Used for certificate creation. | | redisPassword | string | `"P@assw0rd"` | Redis admin password if `config.configmap.cnCacheType` is set to `REDIS`. | | resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | | resources.limits.cpu | string | `"300m"` | CPU limit. | diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/_helpers.tpl b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/_helpers.tpl new file mode 100644 index 00000000000..3d589814438 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/_helpers.tpl @@ -0,0 +1,97 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "config.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "config.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "config.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* + Common labels +*/}} +{{- define "config.labels" -}} +app: {{ .Release.Name }}-{{ include "config.name" . }}-init-load +helm.sh/chart: {{ include "config.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create user custom defined envs +*/}} +{{- define "config.usr-envs"}} +{{- range $key, $val := .Values.usrEnvs.normal }} +- name: {{ $key }} + value: {{ $val }} +{{- end }} +{{- end }} + +{{/* +Create user custom defined secret envs +*/}} +{{- define "config.usr-secret-envs"}} +{{- range $key, $val := .Values.usrEnvs.secret }} +- name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs + key: {{ $key }} +{{- end }} +{{- end }} + +{{/* +Create optional scopes list +*/}} +{{- define "config.optionalScopes"}} +{{ $newList := list }} +{{- if eq .Values.configmap.cnCacheType "REDIS" }} +{{ $newList = append $newList ("redis" | quote ) }} +{{- end}} +{{ if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} +{{ $newList = append $newList ("couchbase" | quote) }} +{{- end}} +{{ if eq .Values.global.cnPersistenceType "sql" }} +{{ $newList = append $newList ("sql" | quote) }} +{{- end }} +{{- if .Values.global.opendj.enabled}} +{{ $newList = append $newList ("ldap" | quote) }} +{{- end}} +{{- if .Values.global.fido2.enabled}} +{{ $newList = append $newList ("fido2" | quote) }} +{{- end}} +{{- if .Values.global.scim.enabled}} +{{ $newList = append $newList ("scim" | quote) }} +{{- end}} +{{- if index .Values "global" "client-api" "enabled"}} +{{ $newList = append $newList ("client-api" |quote) }} +{{- end}} +{{ toJson $newList }} +{{- end }} \ No newline at end of file diff --git a/charts/jans/charts/config/templates/clusterrolebinding.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/clusterrolebinding.yaml similarity index 61% rename from charts/jans/charts/config/templates/clusterrolebinding.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/clusterrolebinding.yaml index c0384fa5327..f85789872ab 100644 --- a/charts/jans/charts/config/templates/clusterrolebinding.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/clusterrolebinding.yaml @@ -1,9 +1,19 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ .Release.Name }}-{{ .Release.Namespace }}-cluster-admin-binding + labels: + APP_NAME: configurator +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -23,6 +33,10 @@ metadata: labels: app: {{ include "config.name" . }}-load name: {{ .Release.Name }}-{{ .Release.Namespace }}-rolebinding +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/charts/jans/charts/config/templates/configmaps.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/configmaps.yaml similarity index 69% rename from charts/jans/charts/config/templates/configmaps.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/configmaps.yaml index c2e218ff736..412e3d0afa9 100644 --- a/charts/jans/charts/config/templates/configmaps.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/configmaps.yaml @@ -1,10 +1,20 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: v1 kind: ConfigMap metadata: name: {{ .Release.Name }}-config-cm namespace: {{ .Release.Namespace }} + labels: + APP_NAME: configurator +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} data: # Jetty header size in bytes in the auth server CN_JETTY_REQUEST_HEADER_SIZE: {{ .Values.configmap.cnJettyRequestHeaderSize | quote }} @@ -53,10 +63,55 @@ data: CN_CONTAINER_METADATA: {{ .Values.configmap.containerMetadataName | quote }} CN_MAX_RAM_PERCENTAGE: {{ .Values.configmap.cnMaxRamPercent | quote }} CN_CACHE_TYPE: {{ .Values.configmap.cnCacheType | quote }} + {{- if not .Values.global.jackrabbit.enabled }} + CN_DOCUMENT_STORE_TYPE: LOCAL + {{- else }} + CN_DOCUMENT_STORE_TYPE: {{ .Values.configmap.cnDocumentStoreType | quote }} + {{- end }} + CN_JACKRABBIT_SYNC_INTERVAL: {{ .Values.configmap.cnJackrabbitSyncInterval | quote }} + {{- if .Values.configmap.cnJackrabbitUrl }} + CN_JACKRABBIT_URL: {{ .Values.configmap.cnJackrabbitUrl | quote }} + {{- else }} + CN_JACKRABBIT_URL: {{ cat "http://" ( .Values.global.jackrabbit.jackRabbitServiceName ) ":8080" | quote | nospace }} + {{- end }} DOMAIN: {{ .Values.global.fqdn | quote }} CN_AUTH_SERVER_BACKEND: {{ cat ( index .Values "global" "auth-server" "authServerServiceName" ) ":8080" | quote | nospace }} + CN_AUTH_APP_LOGGERS: {{ index .Values "global" "auth-server" "appLoggers" + | toJson + | replace "authLogTarget" "auth_log_target" + | replace "authLogLevel" "auth_log_level" + | replace "httpLogTarget" "http_log_target" + | replace "httpLogLevel" "http_log_level" + | replace "persistenceLogTarget" "persistence_log_target" + | replace "persistenceLogLevel" "persistence_log_level" + | replace "persistenceDurationLogTarget" "persistence_duration_log_target" + | replace "persistenceDurationLogLevel" "persistence_duration_log_level" + | replace "ldapStatsLogTarget" "ldap_stats_log_target" + | replace "ldapStatsLogLevel" "ldap_stats_log_level" + | replace "scriptLogTarget" "script_log_target" + | replace "scriptLogLevel" "script_log_level" + | replace "auditStatsLogTarget" "audit_log_target" + | replace "auditStatsLogLevel" "audit_log_level" + | squote + }} + {{- if index .Values "global" "client-api" "enabled" }} CN_CLIENT_API_SERVER_URL: {{ cat ( index .Values "global" "client-api" "clientApiServerServiceName" ) ":8443" | quote | nospace }} CN_CLIENT_API_BIND_IP_ADDRESSES: {{ .Values.configmap.cnClientApiBindIpAddresses | quote }} + CN_CLIENT_API_APP_LOGGERS: {{ index .Values "global" "client-api" "appLoggers" + | toJson + | replace "clientApiLogTarget" "client_api_log_target" + | replace "clientApiLogLevel" "client_api_log_level" + | squote + }} + {{- end }} + {{- if index .Values "global" "config-api" "enabled" }} + CN_CONFIG_API_APP_LOGGERS: {{ index .Values "global" "config-api" "appLoggers" + | toJson + | replace "configApiLogTarget" "config_api_log_target" + | replace "configApiLogLevel" "config_api_log_level" + | squote + }} + {{- end }} {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} LB_ADDR: {{ .Values.configmap.lbAddr }} {{- end }} @@ -90,7 +145,24 @@ data: CN_CERT_ALT_NAME: {{ .Values.global.opendj.ldapServiceName }} #{{ template "cn.fullname" . }}-service CN_PERSISTENCE_LDAP_MAPPING: {{ .Values.configmap.cnPersistenceLdapMapping | quote }} {{- end }} + CN_OXTRUST_CONFIG_GENERATION: {{ .Values.cnOxtrustConfigGeneration | quote }} + {{ if .Values.global.cnJackrabbitCluster }} + CN_JACKRABBIT_ADMIN_ID: {{ .Values.configmap.cnJackrabbitAdminId | quote }} + CN_JACKRABBIT_ADMIN_PASSWORD_FILE: {{ .Values.configmap.cnJackrabbitAdminPasswordFile | quote }} + CN_JACKRABBIT_CLUSTER: {{ .Values.global.cnJackrabbitCluster | quote }} + CN_JACKRABBIT_POSTGRES_USER: {{ .Values.configmap.cnJackrabbitPostgresUser | quote }} + CN_JACKRABBIT_POSTGRES_PASSWORD_FILE: {{ .Values.configmap.cnJackrabbitPostgresPasswordFile | quote }} + CN_JACKRABBIT_POSTGRES_HOST: {{ .Values.configmap.cnJackrabbitPostgresHost | quote }} + CN_JACKRABBIT_POSTGRES_PORT: {{ .Values.configmap.cnJackrabbitPostgresPort | quote }} + CN_JACKRABBIT_POSTGRES_DATABASE: {{ .Values.configmap.cnJackrabbitPostgresDatabaseName | quote }} + # CN_JACKRABBIT_PASSWORD_FILE: {{ .Values.configmap.cnJcaPasswordFile | quote }} NOT IMPLEMENTED + {{- end }} # Auto enable installation of some services + CN_CASA_ENABLED: {{ .Values.configmap.cnCasaEnabled | quote }} + CN_PASSPORT_ENABLED: {{ .Values.configmap.cnPassportEnabled | quote }} + {{- if .Values.global.oxshibboleth.enabled }} + CN_SAML_ENABLED: {{ .Values.configmap.cnSamlEnabled | quote }} + {{- end }} CN_CLIENT_API_APPLICATION_CERT_CN: {{ .Values.configmap.cnClientApiApplicationCertCn | quote }} CN_CLIENT_API_ADMIN_CERT_CN: {{ .Values.configmap.cnClientApiAdminCertCn | quote }} {{ if eq .Values.configmap.cnCacheType "REDIS" }} @@ -107,8 +179,36 @@ data: {{- if .Values.global.scim.enabled }} CN_SCIM_ENABLED: {{ .Values.global.scim.enabled | quote }} CN_SCIM_PROTECTION_MODE: {{ .Values.configmap.cnScimProtectionMode | quote }} + CN_SCIM_APP_LOGGERS: {{ .Values.global.scim.appLoggers + | toJson + | replace "scimLogTarget" "scim_log_target" + | replace "scimLogLevel" "scim_log_level" + | replace "persistenceLogTarget" "persistence_log_target" + | replace "persistenceLogLevel" "persistence_log_level" + | replace "persistenceDurationLogTarget" "persistence_duration_log_target" + | replace "persistenceDurationLogLevel" "persistence_duration_log_level" + | replace "ldapStatsLogTarget" "ldap_stats_log_target" + | replace "ldapStatsLogLevel" "ldap_stats_log_level" + | replace "scriptLogTarget" "script_log_target" + | replace "scriptLogLevel" "script_log_level" + | squote + }} + {{- end }} + {{- if .Values.global.fido2.enabled }} + CN_FIDO2_APP_LOGGERS: {{ .Values.global.fido2.appLoggers + | toJson + | replace "fido2LogTarget" "fido2_log_target" + | replace "fido2LogLevel" "fido2_log_level" + | replace "persistenceLogTarget" "persistence_log_target" + | replace "persistenceLogLevel" "persistence_log_level" + | squote + }} + {{- end }} + {{- if index .Values "global" "admin-ui" "enabled" }} + # ADMIN-UI + ADMIN_UI_JWKS: {{ cat "http://" ( index .Values "global" "auth-server" "authServerServiceName" ) ":8080/jans-auth/restv1/jwks" | quote | nospace }} + CN_CONFIG_API_PLUGINS: "admin-ui,scim" {{- end }} - --- apiVersion: v1 @@ -165,12 +265,12 @@ data: logger.exception(e) return False - # check if jans secret exists + # check if gluu secret exists def get_certs(secret_name, namespace): """ :param namespace: - :return: ssl cert and key from jans secrets + :return: ssl cert and key from gluu secrets """ ssl_cert = None ssl_key = None @@ -211,6 +311,15 @@ kind: ConfigMap metadata: name: {{ include "config.fullname" . }}-tls-script namespace: {{ .Release.Namespace }} + labels: +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} --- @@ -223,7 +332,7 @@ data: # Update the IP of the load balancer automatically """ - License terms and conditions for Janssen Cloud Native Edition: + License terms and conditions for Gluu Cloud Native Edition: https://www.apache.org/licenses/LICENSE-2.0 """ @@ -268,7 +377,7 @@ data: try: while True: lb_addr = os.environ.get("LB_ADDR", "") - domain = os.environ.get("DOMAIN", "demoexample.jans.io") + domain = os.environ.get("DOMAIN", "demoexample.gluu.org") host_file = open('/etc/hosts', 'r').readlines() hosts = get_hosts(lb_addr, domain) stop = [] @@ -299,3 +408,12 @@ kind: ConfigMap metadata: name: {{ .Release.Name }}-updatelbip namespace: {{ .Release.Namespace }} + labels: +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/jans/charts/config/templates/load-init-config.yml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/load-init-config.yml similarity index 89% rename from charts/jans/charts/config/templates/load-init-config.yml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/load-init-config.yml index aafaa1257c1..0cf54d56510 100644 --- a/charts/jans/charts/config/templates/load-init-config.yml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/load-init-config.yml @@ -1,5 +1,4 @@ -{{- if ( not .Values.global.upgrade.enabled ) }} -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: batch/v1 kind: Job @@ -7,14 +6,22 @@ metadata: name: {{ include "config.fullname" . }} namespace: {{ .Release.Namespace }} labels: - APP_NAME: configuration-manager -{{ include "config.labels" . | indent 4}} + APP_NAME: configurator +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} spec: + ttlSecondsAfterFinished: 120 template: metadata: name: {{ include "config.name" . }}-job labels: - APP_NAME: configuration-manager + APP_NAME: configurator app: {{ .Release.Name }}-{{ include "config.name" . }}-init-load spec: {{- with .Values.image.pullSecrets }} @@ -95,4 +102,3 @@ spec: curl -X POST http://localhost:15020/quitquitquit {{- end }} restartPolicy: Never -{{- end }} diff --git a/charts/jans/charts/config/templates/rolebinding.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/rolebinding.yaml similarity index 58% rename from charts/jans/charts/config/templates/rolebinding.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/rolebinding.yaml index 31a2ec5ff6a..54ab7ef8cd0 100644 --- a/charts/jans/charts/config/templates/rolebinding.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/rolebinding.yaml @@ -1,10 +1,20 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ .Release.Name }}-{{ .Release.Namespace }}-rolebinding namespace: {{ .Release.Namespace }} + labels: + APP_NAME: configurator +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} subjects: - kind: User name: system:serviceaccount:{{ .Release.Namespace }}:default # Name is case sensitive diff --git a/charts/jans/charts/config/templates/roles.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/roles.yaml similarity index 51% rename from charts/jans/charts/config/templates/roles.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/roles.yaml index b9946cfbfc8..efa403d47c8 100644 --- a/charts/jans/charts/config/templates/roles.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/roles.yaml @@ -1,10 +1,20 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ .Release.Name }}-{{ .Release.Namespace }}-cn-role namespace: {{ .Release.Namespace }} + labels: + APP_NAME: configurator +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} rules: - apiGroups: [""] # "" refers to the core API group resources: ["configmaps", "secrets"] diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/secrets.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/secrets.yaml new file mode 100644 index 00000000000..0c730378f6b --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/secrets.yaml @@ -0,0 +1,195 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "config.fullname" . }}-gen-json-file + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: configurator +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +stringData: + generate.json: |- + { + "hostname": {{ .Values.global.fqdn | quote }}, + "country_code": {{ .Values.countryCode | quote }}, + "state": {{ .Values.state | quote }}, + "city": {{ .Values.city | quote }}, + "admin_pw": {{ .Values.adminPassword | quote }}, + "ldap_pw": {{ .Values.ldapPassword | quote }}, + "redis_pw": {{ .Values.redisPassword | quote }}, + "email": {{ .Values.email | quote }}, + "org_name": {{ .Values.orgName | quote }}, + {{ if eq .Values.global.cnPersistenceType "sql" }} + "sql_pw": {{ .Values.configmap.cnSqldbUserPassword | quote }}, + {{- end }} + {{ if or ( eq .Values.global.cnPersistenceType "couchbase" ) ( eq .Values.global.cnPersistenceType "hybrid" ) }} + "couchbase_pw": {{ .Values.configmap.cnCouchbasePassword | quote }}, + "couchbase_superuser_pw": {{ .Values.configmap.cnCouchbaseSuperUserPassword | quote }}, + {{- end }} + "auth_sig_keys": {{ index .Values "global" "auth-server" "authSigKeys" | quote }}, + "auth_enc_keys": {{ index .Values "global" "auth-server" "authEncKeys" | quote }}, + "optional_scopes": {{ list (include "config.optionalScopes" . | fromJsonArray | join ",") }} + } + +{{ if or ( eq .Values.global.cnPersistenceType "couchbase" ) ( eq .Values.global.cnPersistenceType "hybrid" ) }} +{{- if not .Values.global.istio.enabled }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-cb-crt + labels: +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + couchbase.crt: {{ .Values.configmap.cnCouchbaseCrt }} +{{- end }} +{{- end }} +{{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-google-sa + labels: +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + google-credentials.json: {{ .Values.configmap.cnGoogleSecretManagerServiceAccount }} +{{- end}} + +{{ if .Values.global.cnObExtSigningJwksCrt }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-ob-ext-signing-jwks-crt-key-pin + labels: +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} + namespace: {{ .Release.Namespace }} +type: Opaque +data: + ob-ext-signing.crt: {{ .Values.global.cnObExtSigningJwksCrt }} + {{ if .Values.global.cnObExtSigningJwksKey }} + ob-ext-signing.key: {{ .Values.global.cnObExtSigningJwksKey }} + {{- end }} + {{ if .Values.global.cnObExtSigningJwksKeyPassPhrase }} + ob-ext-signing.pin: {{ .Values.global.cnObExtSigningJwksKeyPassPhrase }} + {{- end }} +{{- end }} +{{ if .Values.global.cnObTransportCrt }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-ob-transport-crt-key-pin + labels: +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} + namespace: {{ .Release.Namespace }} +type: Opaque +data: + ob-transport.crt: {{ .Values.global.cnObTransportCrt }} + {{ if .Values.global.cnObTransportKey }} + ob-transport.key: {{ .Values.global.cnObTransportKey }} + {{- end }} + {{ if .Values.global.cnObTransportKeyPassPhrase }} + ob-transport.pin: {{ .Values.global.cnObTransportKeyPassPhrase }} + {{- end }} +{{- end }} +{{ if .Values.global.cnObTransportTrustStore }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-ob-transport-truststore + labels: +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} + namespace: {{ .Release.Namespace }} +type: Opaque +data: + ob-transport-truststore.p12: {{ .Values.global.cnObTransportTrustStore }} +{{- end }} +{{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }} +--- +# Consider removing secret after moving ldapPass to global. This is only used by the cronJob ldap backup. +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-ldap-cron-pass + labels: +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +data: + password: {{ .Values.ldapPassword | b64enc }} +{{- end}} +{{- if index .Values "global" "admin-ui" "enabled" }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-admin-ui-license + labels: +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +data: + admin_ui_api_key: {{ index .Values "global" "admin-ui" "adminUiApiKey" | b64enc }} + admin_ui_product_code: {{ index .Values "global" "admin-ui" "adminUiProductCode" | b64enc }} + admin_ui_shared_key: {{ index .Values "global" "admin-ui" "adminUiSharedKey" | b64enc }} + admin_ui_management_key: {{ index .Values "global" "admin-ui" "adminUiManagementKey" | b64enc }} +{{- end}} \ No newline at end of file diff --git a/charts/jans/charts/config/templates/service.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/service.yaml similarity index 51% rename from charts/jans/charts/config/templates/service.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/service.yaml index d11bf7a30c9..da5dedf8914 100644 --- a/charts/jans/charts/config/templates/service.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/service.yaml @@ -5,9 +5,17 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "config.fullname" . }} - labels: -{{ include "config.labels" . | indent 6 }} + name: {{ include "config.fullname" . }} + labels: + APP_NAME: configurator +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} spec: ports: - name: http diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/upgrade-ldap-101-jans.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/upgrade-ldap-101-jans.yaml new file mode 100644 index 00000000000..83b4e9b6157 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/upgrade-ldap-101-jans.yaml @@ -0,0 +1,1778 @@ +{{- if .Values.global.upgrade.enabled }} +{{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-oxjans + namespace: {{ .Release.Namespace }} + labels: +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} + annotations: + "helm.sh/hook": pre-upgrade + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation +{{- if .Values.additionalAnnotations }} +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +data: + 101-jans.ldif: |+ + dn: cn=schema + objectClass: top + objectClass: ldapSubentry + objectClass: subschema + cn: schema + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.1 NAME 'jansAssociatedClnt' + DESC 'Associate the dn of an OAuth2 client with a person or UMA Resource Set.' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.2 NAME 'county' + DESC 'ISO 3166-1 Alpha-2 Country Code' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.3 NAME 'creationDate' + DESC 'Creation Date used for password reset requests' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.4 NAME 'jansDefScope' + DESC 'Track the default scope for an custom OAuth2 Scope.' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.5 NAME 'jansAttrViewTyp' + DESC 'Specify in exclude who can view an attribute, admin or user' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.6 NAME 'jansAttrEditTyp' + DESC 'Specify in exclude who can update an attribute, admin or user' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.7 NAME 'jansAttrName' + DESC 'Specify an identifier for an attribute. May be multi-value where an attribute has two names, like givenName and first-name.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.8 NAME 'jansAttrOrigin' + DESC 'Specify the person objectclass associated with the attribute, used for display purposes in exclude.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.9 NAME 'jansAttrSystemEditTyp' + DESC 'TODO - still required?' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.10 NAME 'jansAttrTyp' + DESC 'Data type of attribute. Values can be string, photo, numeric, date' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.11 NAME 'jansAttrUsgTyp' + DESC 'TODO - Usg? Value can be OpenID' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.12 NAME 'jansCustomMessage' + DESC 'exclude custom welcome message' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.13 NAME 'jansFaviconImage' + DESC 'TODO - Stores URL of favicon' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.14 NAME 'jansHostname' + DESC 'The hostname of the Jans Server instance' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.15 NAME 'jansIpAddr' + DESC 'IP address of the Jans Server instance' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.16 NAME 'jansLastUpd' + DESC 'Monitors last time the server was able to connect to the monitoring system.' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.17 NAME 'jansLogoImage' + DESC 'Logo used by exclude for default look and feel.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.18 NAME 'jansManagedOrganizations' + DESC 'Used to track with which organizations a person is associated' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.19 NAME 'jansManager' + DESC 'Used to specify if a person has the manager role' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.20 NAME 'jansManagerGrp' + DESC 'Used in organizatoin entry to specifies the dn of the group that has admin priviledges in exclude.' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.21 NAME 'jansOptOuts' + DESC 'White pages attributes restricted by person in exclude profile management' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.22 NAME 'jansOrgProfileMgt' + DESC 'enable or disable profile management feature in exclude' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.23 NAME 'jansOrgShortName' + DESC 'Short description, as few letters as possible, no spaces.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.24 NAME 'jansSAML1URI' + DESC 'SAML 1 uri of attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.25 NAME 'jansSAML2URI' + DESC 'SAML 2 uri of attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.26 NAME 'jansScimEnabled' + DESC 'exclude SCIM feature - enabled or disabled' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.27 NAME 'jansSslExpiry' + DESC 'SAML Trust Relationship configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.28 NAME 'jansStatus' + DESC 'Status of the entry, used by many objectclasses' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.29 NAME 'jansThemeColor' + DESC 'exclude login page configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.30 NAME 'jansUrl' + DESC 'Jans instance URL' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.31 NAME 'inum' + DESC 'XRI i-number' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.32 NAME 'memberOf' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.33 NAME 'jansAmHost' + DESC 'am host' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.34 NAME 'jansClaimName' + DESC 'Used by jans in conjunction with jansttributeName to map claims to attributes in LDAP.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.35 NAME 'jansAppTyp' + DESC 'jans App Typ' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.36 NAME 'authnTime' + DESC 'jans Authn Time' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.37 NAME 'authzCode' + DESC 'jans authorization code' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.38 NAME 'jansClaim' + DESC 'jans Attr Claim' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.39 NAME 'jansGrpClaims' + DESC 'jans Grp Attr Claims (true or false)' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.40 NAME 'jansClntId' + DESC 'jans Clnt id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.41 NAME 'clnId' + DESC 'jans Clnt id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.42 NAME 'jansClntIdIssuedAt' + DESC 'jans Clnt Issued At' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.43 NAME 'jansClntSecret' + DESC 'jans Clnt Secret' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.44 NAME 'jansClntSecretExpAt' + DESC 'Date client expires' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.45 NAME 'jansClntURI' + DESC 'jans Clnt URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.46 NAME 'jansConfDyn' + DESC 'jans Dyn Conf' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.47 NAME 'jansConfErrors' + DESC 'jans Errors Conf' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.48 NAME 'jansConfStatic' + DESC 'jans Static Conf' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.49 NAME 'jansConfWebKeys' + DESC 'jans Web Keys Conf' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.50 NAME 'jansContact' + DESC 'jans Contact' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.51 NAME 'iat' + DESC 'jans Creation' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.52 NAME 'jansDefAcrValues' + DESC 'jans Def Acr Values' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.53 NAME 'jansDefMaxAge' + DESC 'jans Def Max Age' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.54 NAME 'exp' + DESC 'jans Exp' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.55 NAME 'grtId' + DESC 'jans grant id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.56 NAME 'jansGrantTyp' + DESC 'jans Grant Typ' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.57 NAME 'grtTyp' + DESC 'jans Grant Typ' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.58 NAME 'jansIdTknEncRespAlg' + DESC 'jans ID Tkn Enc Resp Alg' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.59 NAME 'jansIdTknEncRespEnc' + DESC 'jans ID Tkn Enc Resp Enc' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.60 NAME 'jansIdTknSignedRespAlg' + DESC 'jans ID Tkn Signed Resp Alg' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.61 NAME 'jansInitiateLoginURI' + DESC 'jans Initiate Login URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.62 NAME 'jansJwksURI' + DESC 'jans JWKs URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.63 NAME 'jansJwks' + DESC 'jans JWKs' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.64 NAME 'jwtReq' + DESC 'jans JWT Req' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.65 NAME 'jansLogoURI' + DESC 'jans Logo URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.66 NAME 'nnc' + DESC 'jans nonce' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.67 NAME 'jansSessState' + DESC 'jans Sess State' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.68 NAME 'jansPermissionGrantedMap' + DESC 'jans Permission Granted Map' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.69 NAME 'jansPersistentJWT' + DESC 'jans Persistent JWT' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.70 NAME 'jansPolicyURI' + DESC 'jans Policy URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.71 NAME 'jansLogoutURI' + DESC 'jans Policy URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.72 NAME 'jansLogoutSessRequired' + DESC 'jans Policy URI' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.73 NAME 'jansPostLogoutRedirectURI' + DESC 'jans Post Logout Redirect URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.74 NAME 'jansRedirectURI' + DESC 'jans Redirect URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.75 NAME 'jansRegistrationAccessTkn' + DESC 'jans Registration Access Tkn' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.76 NAME 'jansReleasedScope' + DESC 'jans released scope attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.77 NAME 'jansReqObjSigAlg' + DESC 'jans Req Obj Sig Alg' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.78 NAME 'jansReqObjEncAlg' + DESC 'jans Req Obj Enc Alg' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.79 NAME 'jansReqObjEncEnc' + DESC 'jans Req Obj Enc Enc' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.80 NAME 'jansReqURI' + DESC 'jans Req URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.81 NAME 'jansRequireAuthTime' + DESC 'jans Require Authn Time' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.82 NAME 'jansRespTyp' + DESC 'jans Resp Typ' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.83 NAME 'jansScope' + DESC 'jans Attr Scope' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.84 NAME 'scp' + DESC 'jans Attr Scope' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.85 NAME 'jansScopeTyp' + DESC 'OX Attr Scope type' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.86 NAME 'jansSectorIdentifierURI' + DESC 'jans Sector Identifier URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.87 NAME 'jansSignedRespAlg' + DESC 'jans Signed Resp Alg' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.88 NAME 'jansSkipAuthz' + DESC 'jans skip authorization attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.89 NAME 'jansSubjectTyp' + DESC 'jans Subject Typ' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.90 NAME 'tknCde' + DESC 'jans Tkn Code' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.91 NAME 'jansTknEndpointAuthMethod' + DESC 'jans Tkn Endpoint Auth Method' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.92 NAME 'jansTknEndpointAuthSigAlg' + DESC 'jans Tkn Endpoint Auth Sig Alg' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.93 NAME 'tknTyp' + DESC 'jans Tkn Typ' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.94 NAME 'jansTosURI' + DESC 'jans TOS URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.95 NAME 'jansTrustedClnt' + DESC 'jans Trusted Clnt' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.96 NAME 'jansUmaScope' + DESC 'URI reference of scope descriptor' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.97 NAME 'jansUsrDN' + DESC 'jans Usr DN' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.98 NAME ( 'jansUsrId' 'usrId' ) + DESC 'jans user id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.99 NAME 'jansUsrInfEncRespAlg' + DESC 'jans Usr Inf Enc Resp Alg' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.100 NAME 'jansUsrInfEncRespEnc' + DESC 'jans Usr Inf Enc Resp Enc' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.101 NAME 'jansExtraConf' + DESC 'jans additional configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.102 NAME 'jansAuthMode' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.103 NAME 'acr' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.104 NAME 'jansConfCode' + DESC 'jans configuration code' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.105 NAME 'jansCreationTimestamp' + DESC 'Registration time' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.106 NAME 'jansExtUid' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.107 NAME 'jansOTPCache' + DESC 'Stores a used OTP to prevent a hacker from using it again. Complementary to jansExtUid attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.108 NAME 'jansGrp' + DESC 'Usr group' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.109 NAME 'jansGuid' + DESC 'A random string to mark temporary tokens' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.110 NAME 'uuid' + DESC 'Unique identifier' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.111 NAME 'jansHost' + DESC 'jans host' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.112 NAME 'jansDbAuth' + DESC 'Custom IDP authentication configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.113 NAME 'jansIconUrl' + DESC 'jans icon url' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.114 NAME 'jansId' + DESC 'Identifier' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.115 NAME 'sid' + DESC 'Sess Identifier' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.116 NAME 'jansAsJwt' + DESC 'Boolean field to indicate whether object is used as JWT' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.117 NAME 'jansJwt' + DESC 'JWT representation of the object or otherwise jwt associated with the object' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.118 NAME 'jansInvolvedClnts' + DESC 'Involved clients' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.119 NAME 'jansLastAccessTime' + DESC 'Last access time' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.120 NAME 'jansLastLogonTime' + DESC 'Last logon time' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.121 NAME 'jansLogViewerConfig' + DESC 'Log viewer configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.122 NAME 'jansMultivaluedAttr' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.123 NAME 'jansName' + DESC 'Name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.124 NAME 'jansNameIdTyp' + DESC 'NameId Typ' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.125 NAME 'jansPolicyRule' + DESC 'Policy Rule' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.126 NAME 'jansUmaPolicyScrDn' + DESC 'OX policy script Dn' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.127 NAME 'jansState' + DESC 'jansState' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.128 NAME 'jansCounter' + DESC 'jansCounter' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.129 NAME 'jansApp' + DESC 'jansApp' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.130 NAME 'jansDeviceRegistrationConf' + DESC 'jansDeviceRegistrationConf' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.131 NAME 'jansDeviceKeyHandle' + DESC 'jansDeviceKeyHandle' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.132 NAME 'jansDeviceHashCode' + DESC 'jansDeviceHashCode' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.133 NAME 'jansReq' + DESC 'jansReq' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.134 NAME 'jansReqId' + DESC 'jansReqId' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.135 NAME 'jansDeviceData' + DESC 'jansDeviceData' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.136 NAME 'jansEnrollmentCode' + DESC 'jansEnrollmentCode' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.137 NAME 'jansPushApp' + DESC 'jansPush application DN' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.138 NAME 'jansPushAppConf' + DESC 'jansPush application configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.139 NAME 'jansPushDeviceConf' + DESC 'jansPush device configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.140 NAME 'jansRegistrationConf' + DESC 'Registration Conf' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.141 NAME 'jansResource' + DESC 'Host path' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.142 NAME 'jansResourceSetId' + DESC 'jans resource set id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.143 NAME 'jansRevision' + DESC 'Revision' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.144 NAME 'jansLevel' + DESC 'Level' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.145 NAME 'jansScimCustomAttr' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.146 NAME 'jansScr' + DESC 'Attr that contains script (python, java script)' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.147 NAME 'jansScrDn' + DESC 'Script object DN' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.148 NAME 'jansScrTyp' + DESC 'Attr that contains script type (e.g. python, java script)' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.149 NAME 'jansScrError' + DESC 'Attr that contains first error which application get during it execution' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.150 NAME 'jansSmtpConf' + DESC 'SMTP configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.151 NAME 'jansSourceAttr' + DESC 'Source Attr for this Attr' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.152 NAME 'jansTicket' + DESC 'jans ticket' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.153 NAME 'jansActive' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.154 NAME 'jansAddres' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.155 NAME 'jansConfApp' + DESC 'jans App Conf' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.156 NAME 'jansEmail' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.157 NAME 'jansEntitlements' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.158 NAME 'jansExtId' + EQUALITY caseExactMatch + SUBSTR caseExactSubStringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.159 NAME 'jansImsValue' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.160 NAME 'jansMetaCreated' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.161 NAME 'jansMetaLastMod' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.162 NAME 'jansMetaLocation' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.163 NAME 'jansMetaVer' + EQUALITY caseExactMatch + SUBSTR caseExactSubStringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.164 NAME 'jansNameFormatted' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.165 NAME 'jansPhoneValue' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.166 NAME 'jansPhotos' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.167 NAME 'jansProfileURL' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.168 NAME 'jansRole' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.169 NAME 'jansTitle' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.170 NAME 'jansUsrTyp' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.171 NAME 'jansHonorificPrefix' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.172 NAME 'jansHonorificSuffix' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.173 NAME 'jans509Certificate' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.174 NAME 'jansTyp' + DESC 'jans type' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.175 NAME 'jansUmaPermission' + DESC 'jans uma permission' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.176 NAME 'persistentId' + DESC 'PersistentId' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Persistent ID reserved for SAML' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.177 NAME 'personInum' + DESC 'Inum of a person' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.178 NAME 'jansProgLng' + DESC 'programming language' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.179 NAME 'registrationDate' + DESC 'Registration date' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.180 NAME 'role' + DESC 'Role' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.181 NAME 'secretAnswer' + DESC 'Secret Answer' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.182 NAME 'secretQuestion' + DESC 'Secret Question' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.183 NAME 'jansSoftVer' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.184 NAME 'transientId' + DESC 'TransientId' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.185 NAME 'url' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.186 NAME 'urn' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.187 NAME ( 'middleName' 'excludeMiddleName' ) + DESC 'Middle name(s)' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.188 NAME ( 'nickname' 'excludenickname' ) + DESC 'Casual name of the End-Usr' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.189 NAME 'jansPrefUsrName' + DESC 'Shorthand Name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.190 NAME 'profile' + DESC 'Profile page URL of the person' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.191 NAME ( 'picture' 'photo1' ) + DESC 'Profile picture URL of the person' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.192 NAME 'website' + DESC 'Web page or blog URL of the person' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.193 NAME 'emailVerified' + DESC 'True if the e-mail address of the person has been verified; otherwise false' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.194 NAME 'gender' + DESC 'Gender of the person either female or male' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.195 NAME 'birthdate' + DESC 'Birthday of the person, represented as an ISO 8601:2004 [ISO8601‑2004] YYYY-MM-DD format' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.196 NAME ( 'zoneinfo' 'timezone' ) + DESC 'Time zone database representing the End-Usrs time zone. For example, Europe/Paris or America/Los_Angeles' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.197 NAME ( 'locale' 'excludeLocale' ) + DESC 'Locale of the person, represented as a BCP47 [RFC5646] language tag' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.198 NAME 'phoneNumberVerified' + DESC 'True if the phone number of the person has been verified, otherwise false' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.199 NAME 'address' + DESC 'OpenID Connect formatted JSON object representing the address of the person' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.200 NAME 'updatedAt' + DESC 'Time the information of the person was last updated. Seconds from 1970-01-01T0:0:0Z' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.201 NAME 'jansRegExp' + DESC 'Regular expression used to validate attribute data' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.202 NAME 'jansTooltip' + DESC 'Custom tooltip to be shown on the UI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.203 NAME 'jansModuleProperty' + DESC 'Module property' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.204 NAME 'jansConfProperty' + DESC 'Conf property' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.205 NAME 'jansSessAttr' + DESC 'jansSessAttr' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.206 NAME 'jansStartDate' + DESC 'Start date' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.207 NAME 'jansEndDate' + DESC 'End date' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.208 NAME 'jansMetricTyp' + DESC 'Metric type' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.209 NAME 'jansData' + DESC 'OX data' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.210 NAME 'dat' + DESC 'OX data' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.211 NAME 'jansCodeChallenge' + DESC 'OX PKCE code challenge' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.212 NAME 'chlng' + DESC 'OX PKCE code challenge' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.213 NAME 'chlngMth' + DESC 'OX PKCE code challenge method' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.214 NAME 'jansSectorIdentifier' + DESC 'jans Sector Identifier' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.215 NAME 'jansPersistClntAuthzs' + DESC 'jans Persist Clnt Authzs' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.216 NAME 'jansSessStateId' + DESC 'jansSessStateId' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.217 NAME 'ssnId' + DESC 'jans Sess DN' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.218 NAME 'jansPassExpDate' + DESC 'Pass Exp date, represented as an ISO 8601 (YYYY-MM-DD) format' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.219 NAME 'jansCountInvalidLogin' + DESC 'Invalid login attempts count' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.220 NAME 'jansIMAPData' + DESC 'This data has information about your imap connection' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.221 NAME 'jansValidation' + DESC 'This data has information about attribute Validation' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.222 NAME 'jansPPID' + DESC 'Persistent Pairwise ID for OpenID Connect' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.223 NAME 'jansSessId' + DESC 'jans Sess Id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.224 NAME 'jansCacheConf' + DESC 'Cache configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.225 NAME 'jansLogConfigLocation' + DESC 'Path to external log4j2.xml' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.226 NAME 'jansInclClaimsInIdTkn' + DESC 'jans Incl Claims In Id Tkn' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.227 NAME 'jansClaimValues' + DESC 'Claim Values' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.228 NAME 'jansClaimRedirectURI' + DESC 'Claim Redirect URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.229 NAME 'jansAttrs' + DESC 'Attrs' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.230 NAME 'attr' + DESC 'Attrs' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.231 NAME 'jansRefreshTknLife' + DESC 'Life of refresh token' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.232 NAME 'jansPermissionGranted' + DESC 'jans Permission Granted' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.233 NAME 'jansNickName' + DESC 'jansNickName' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.234 NAME 'jansDeviceNotificationConf' + DESC 'Extended push notification configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.235 NAME 'clms' + DESC 'jans Claims' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.236 NAME 'jansDisabled' + DESC 'Status of client' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.237 NAME 'jansWebKeysSettings' + DESC 'jans Web Keys Conf' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.238 NAME 'jansScopeExpression' + DESC 'Scope expression' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.239 NAME 'jansPreferredMethod' + DESC 'Jans Casa - jansPref method to use for user authentication' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.240 NAME 'jansOTPDevices' + DESC 'Jans Casa - Json representation of OTP devices. Complementary to jansExtUid attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.241 NAME 'jansMobileDevices' + DESC 'Jans Casa - Json representation of mobile devices. Complementary to mobile attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.242 NAME 'jansdId' + DESC 'jansd Id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.243 NAME 'jansAuthorizedOrigins' + DESC 'jans Authorized Origins' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.244 NAME 'jansStrongAuthPolicy' + DESC 'Jans Casa - 2FA Enforcement Policy for Usr' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.245 NAME 'tknBndCnf' + DESC 'jansauth - Tkn Binding Id Hash' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.246 NAME 'jansUnlinkedExternalUids' + DESC 'Jans Casa - List of unlinked social accounts (ie disabled jansExtUids)' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.247 NAME 'jansAccessTknAsJwt' + DESC 'jansauth - indicator whether to return access token as JWT' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.248 NAME 'jansAccessTknSigAlg' + DESC 'jansauth - access token signing algorithm' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.249 NAME 'jansRegistrationData' + DESC 'jansRegistrationData' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.250 NAME 'jansAuthData' + DESC 'jansAuthData' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.251 NAME 'jansPublicKeyId' + DESC 'jansPublicKeyId' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.252 NAME 'jansAccessTknLife' + DESC 'Life of access token' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.253 NAME 'jansSoftId' + DESC 'Soft Identifier' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.254 NAME 'jansSoftStatement' + DESC 'Soft Statement' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.255 NAME 'jansRptAsJwt' + DESC 'jansRptAsJwt' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.256 NAME 'jansCodeChallengeHash' + DESC 'OX code challenge hash' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.257 NAME 'del' + DESC 'del' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.258 NAME 'jansEnabled' + DESC 'Status of the entry, used by many objectclasses' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.259 NAME 'jansAlias' + DESC 'jansAlias' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.260 NAME 'jansLogoPath' + DESC 'jansLogoPath' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.261 NAME 'jansFaviconPath' + DESC 'jansFaviconPath' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.262 NAME 'jansBackchannelTknDeliveryMode' + DESC 'jans Backchannel Tkn Delivery Mode' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.263 NAME 'jansBackchannelClntNotificationEndpoint' + DESC 'jans Backchannel Clnt Notification Endpoint' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.264 NAME 'jansBackchannelAuthnReqSigAlg' + DESC 'jans Backchannel Authn Req Sig Alg' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.265 NAME 'jansBackchannelUsrCodeParameter' + DESC 'jans Backchannel Usr Code Parameter' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.266 NAME 'jansBackchannelDeviceRegistrationTkn' + DESC 'jans Backchannel Device Registration Tkn' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.267 NAME 'jansBackchannelUsrCode' + DESC 'jans Backchannel Usr Code' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.268 NAME 'jansDocStoreConf' + DESC 'jansDocStoreConf' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.269 NAME 'authReqId' + DESC 'Authn request id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Jans created attribute' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.1 NAME 'jansPairwiseIdentifier' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansId $ jansSectorIdentifier $ jansClntId $ jansUsrId ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.2 NAME 'jansPerson' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansAssociatedClnt $ c $ displayName $ givenName $ jansManagedOrganizations $ jansOptOuts $ jansStatus $ inum $ mail $ memberOf $ o $ jansPersistentJWT $ jansCreationTimestamp $ jansExtUid $ jansOTPCache $ jansLastLogonTime $ jansActive $ jansAddres $ jansEmail $ jansEntitlements $ jansExtId $ jansImsValue $ jansMetaCreated $ jansMetaLastMod $ jansMetaLocation $ jansMetaVer $ jansNameFormatted $ jansPhoneValue $ jansPhotos $ jansProfileURL $ jansRole $ jansTitle $ jansUsrTyp $ jansHonorificPrefix $ jansHonorificSuffix $ jans509Certificate $ jansPassExpDate $ persistentId $ middleName $ nickname $ jansPrefUsrName $ profile $ picture $ website $ emailVerified $ gender $ birthdate $ zoneinfo $ locale $ phoneNumberVerified $ address $ updatedAt $ preferredLanguage $ role $ secretAnswer $ secretQuestion $ seeAlso $ sn $ cn $ transientId $ uid $ userPassword $ st $ street $ l $ jansCountInvalidLogin $ jansEnrollmentCode $ jansIMAPData $ jansPPID $ jansGuid $ jansPreferredMethod $ userCertificate $ jansOTPDevices $ jansMobileDevices $ jansStrongAuthPolicy $ jansUnlinkedExternalUids $ jansBackchannelDeviceRegistrationTkn $ jansBackchannelUsrCode ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.3 NAME 'jansGrp' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( c $ description $ displayName $ jansStatus $ inum $ member $ o $ owner $ seeAlso $ jansMetaCreated $ jansMetaLastMod $ jansMetaLocation $ jansMetaVer ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.4 NAME 'jansOrganization' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( c $ county $ description $ displayName $ jansCustomMessage $ jansFaviconImage $ jansLogoImage $ jansManager $ jansManagerGrp $ jansOrgShortName $ jansThemeColor $ inum $ l $ mail $ memberOf $ o $ jansCreationTimestamp $ jansRegistrationConf $ postalCode $ st $ street $ telephoneNumber $ title $ uid $ jansLogoPath $ jansFaviconPath ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.5 NAME 'jansAppConf' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( c $ ou $ description $ displayName $ jansHostname $ jansLastUpd $ jansManager $ jansOrgProfileMgt $ jansScimEnabled $ jansEmail $ jansSmtpConf $ jansSslExpiry $ jansStatus $ jansUrl $ inum $ o $ jansAuthMode $ jansDbAuth $ jansLogViewerConfig $ jansLogConfigLocation $ jansCacheConf $ jansDocStoreConf $ jansSoftVer $ userPassword $ jansConfDyn $ jansConfErrors $ jansConfStatic $ jansConfWebKeys $ jansWebKeysSettings $ jansConfApp $ jansRevision ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.6 NAME 'jansAttr' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( description $ displayName $ jansAttrEditTyp $ jansAttrName $ jansAttrOrigin $ jansAttrSystemEditTyp $ jansAttrTyp $ jansClaimName $ jansAttrUsgTyp $ jansAttrViewTyp $ jansSAML1URI $ jansSAML2URI $ jansStatus $ inum $ jansMultivaluedAttr $ jansNameIdTyp $ jansScimCustomAttr $ jansSourceAttr $ seeAlso $ urn $ jansRegExp $ jansTooltip $ jansValidation ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.7 NAME 'jansPassResetReq' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( creationDate $ jansGuid $ personInum ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.8 NAME 'jansEntry' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( displayName $ inum ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.9 NAME 'jansClnt' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( displayName $ description $ inum $ jansAppTyp $ jansClntIdIssuedAt $ jansClntSecret $ jansClntSecretExpAt $ exp $ del $ jansClntURI $ jansContact $ jansDefAcrValues $ jansDefMaxAge $ jansGrantTyp $ jansIdTknEncRespAlg $ jansIdTknEncRespEnc $ jansIdTknSignedRespAlg $ jansInitiateLoginURI $ jansJwksURI $ jansJwks $ jansLogoURI $ jansPolicyURI $ jansPostLogoutRedirectURI $ jansRedirectURI $ jansRegistrationAccessTkn $ jansReqObjSigAlg $ jansReqObjEncAlg $ jansReqObjEncEnc $ jansReqURI $ jansRequireAuthTime $ jansRespTyp $ jansScope $ jansClaim $ jansSectorIdentifierURI $ jansSignedRespAlg $ jansSubjectTyp $ jansTknEndpointAuthMethod $ jansTknEndpointAuthSigAlg $ jansTosURI $ jansTrustedClnt $ jansUsrInfEncRespAlg $ jansUsrInfEncRespEnc $ jansExtraConf $ jansClaimRedirectURI $ jansLastAccessTime $ jansLastLogonTime $ jansPersistClntAuthzs $ jansInclClaimsInIdTkn $ jansRefreshTknLife $ jansDisabled $ jansLogoutURI $ jansLogoutSessRequired $ jansdId $ jansAuthorizedOrigins $ tknBndCnf $ jansAccessTknAsJwt $ jansAccessTknSigAlg $ jansAccessTknLife $ jansSoftId $ jansSoftVer $ jansSoftStatement $ jansRptAsJwt $ jansAttrs $ jansBackchannelTknDeliveryMode $ jansBackchannelClntNotificationEndpoint $ jansBackchannelAuthnReqSigAlg $ jansBackchannelUsrCodeParameter ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.10 NAME 'jansScope' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansDefScope $ description $ displayName $ inum $ jansScopeTyp $ jansClaim $ jansScrDn $ jansGrpClaims $ jansId $ jansIconUrl $ jansUmaPolicyScrDn $ jansAttrs $ exp $ del ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.11 NAME 'jansSessId' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansId $ sid $ creationDate $ exp $ del $ jansLastAccessTime $ jansUsrDN $ authnTime $ jansState $ jansSessState $ jansPermissionGranted $ jansAsJwt $ jansJwt $ jansPermissionGrantedMap $ jansInvolvedClnts $ jansSessAttr ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.12 NAME 'jansUmaResource' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( displayName $ inum $ owner $ jansAssociatedClnt $ jansUmaScope $ jansFaviconImage $ jansGrp $ jansId $ jansResource $ jansRevision $ jansTyp $ jansScopeExpression $ iat $ exp $ del $ description ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.13 NAME 'jansUmaResourcePermission' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( exp $ del $ jansUmaScope $ jansConfCode $ jansResourceSetId $ jansAttrs $ jansTicket $ jansStatus ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.14 NAME 'jansGrant' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( grtId $ iat ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.15 NAME 'jansToken' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( authnTime $ authzCode $ iat $ exp $ del $ grtId $ grtTyp $ jwtReq $ nnc $ scp $ tknCde $ tknTyp $ usrId $ clnId $ acr $ uuid $ chlng $ chlngMth $ clms $ ssnId $ attr $ tknBndCnf ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.16 NAME 'jansUmaRPT' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( authnTime $ clnId $ iat $ exp $ del $ tknCde $ usrId $ jansUmaPermission $ uuid ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.17 NAME 'jansScr' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( inum $ jansScr $ jansScrTyp ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.18 NAME 'jansPushApp' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( displayName $ jansId $ jansName $ jansPushAppConf ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.19 NAME 'jansPushDevice' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansUsrId $ jansId $ jansPushApp $ jansPushDeviceConf $ jansTyp ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.20 NAME 'jansCustomScr' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( inum $ displayName $ description $ jansScr $ jansScrTyp $ jansProgLng $ jansModuleProperty $ jansConfProperty $ jansLevel $ jansRevision $ jansEnabled $ jansScrError $ jansAlias ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.21 NAME 'jansDeviceRegistration' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansId $ displayName $ description $ jansDeviceKeyHandle $ jansDeviceHashCode $ jansApp $ jansDeviceRegistrationConf $ jansDeviceNotificationConf $ jansNickName $ jansDeviceData $ jansCounter $ jansStatus $ del $ exp $ personInum $ creationDate $ jansLastAccessTime $ jansMetaLastMod $ jansMetaLocation $ jansMetaVer ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.22 NAME 'jansU2fReq' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansId $ jansReqId $ jansReq $ jansSessStateId $ del $ exp $ personInum $ creationDate ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.23 NAME 'jansMetric' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( uniqueIdentifier $ jansStartDate $ jansEndDate $ jansAppTyp $ jansMetricTyp $ creationDate $ del $ exp $ jansData $ jansHost ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.24 NAME 'jansClntAuthz' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansId $ jansClntId $ jansUsrId $ exp $ del $ jansScope ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.25 NAME 'jansSectorIdentifier' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansId $ description $ jansRedirectURI $ jansClntId ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.26 NAME 'jansUmaPCT' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( clnId $ iat $ exp $ del $ tknCde $ jansClaimValues ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.27 NAME 'jansCache' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( uuid $ iat $ exp $ del $ dat ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.28 NAME 'jansFido2AuthnEntry' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansId $ creationDate $ jansSessStateId $ jansCodeChallenge $ personInum $ jansAuthData $ jansStatus ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.29 NAME 'jansFido2RegistrationEntry' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansId $ creationDate $ displayName $ jansSessStateId $ jansCodeChallenge $ jansCodeChallengeHash $ jansPublicKeyId $ personInum $ jansRegistrationData $ jansDeviceNotificationConf $ jansCounter $ jansStatus ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.30 NAME 'jansExpiredObj' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansId $ dat $ iat $ exp $ jansTyp ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.31 NAME 'jansRp' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansId $ dat ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.32 NAME 'jansCibaReq' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( authReqId $ clnId $ usrId $ creationDate $ exp $ jansStatus ) + X-ORIGIN 'Jans created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.33 NAME 'jansStatEntry' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansId $ dat $ attr ) + X-ORIGIN 'Gluu created objectclass' ) +{{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/user-custom-envs.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/user-custom-envs.yaml new file mode 100644 index 00000000000..1f08348fec4 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/user-custom-envs.yaml @@ -0,0 +1,66 @@ +{{ if .Values.global.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-global-user-custom-envs + labels: + APP_NAME: configurator +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.global.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} +{{ if .Values.global.usrEnvs.normal }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-global-user-custom-envs + labels: + APP_NAME: configurator +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +data: + {{- range $key, $val := .Values.global.usrEnvs.normal }} + {{ $key }}: {{ $val }} + {{- end}} +{{- end}} +{{ if .Values.usrEnvs.secret }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: + APP_NAME: configurator +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} diff --git a/charts/jans/charts/config/values.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/values.yaml similarity index 75% rename from charts/jans/charts/config/values.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/config/values.yaml index 3eddfc392fd..421c69a3584 100644 --- a/charts/jans/charts/config/values.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/config/values.yaml @@ -1,6 +1,6 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 -# Required environment variables for generating Janssen server initial config +# Required environment variables for generating Gluu server initial config # -- Add custom normal and secret envs to the service. usrEnvs: # -- Add custom normal envs to the service. @@ -34,6 +34,8 @@ configmap: cnSqldbUserPassword: Test1234# # -- Cache type. `NATIVE_PERSISTENCE`, `REDIS`. or `IN_MEMORY`. Defaults to `NATIVE_PERSISTENCE` . cnCacheType: NATIVE_PERSISTENCE + # -- Enable Casa flag . + cnCasaEnabled: false # -- Client-api OAuth client admin certificate common name. This should be left to the default value client-api . cnClientApiAdminCertCn: client-api # -- Client-api OAuth client application certificate common name. This should be left to the default value client-api. @@ -43,7 +45,7 @@ configmap: containerMetadataName: kubernetes # -- The name of the Kubernetes ConfigMap that will hold the configuration layer cnConfigKubernetesConfigMap: cn - # -- The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Janssen. + # -- The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Gluu. cnCouchbaseBucketPrefix: jans # -- Location of `couchbase.crt` used by Couchbase SDK for tls termination. The file path must end with couchbase.crt. In mTLS setups this is not required. cnCouchbaseCertFile: /etc/certs/couchbase.crt @@ -54,19 +56,39 @@ configmap: # -- Couchbase password for the restricted user config.configmap.cnCouchbaseUser that is often used inside the services. The password must contain one digit, one uppercase letter, one lower case letter and one symbol . cnCouchbasePassword: P@ssw0rd # -- The location of the Couchbase restricted user config.configmap.cnCouchbaseUser password. The file path must end with couchbase_password - cnCouchbasePasswordFile: /etc/jans/conf/couchbase_password + cnCouchbasePasswordFile: /etc/gluu/conf/couchbase_password # -- The Couchbase super user (admin) user name. This user is used during initialization only. cnCouchbaseSuperUser: admin # -- Couchbase password for the super user config.configmap.cnCouchbaseSuperUser that is used during the initialization process. The password must contain one digit, one uppercase letter, one lower case letter and one symbol cnCouchbaseSuperUserPassword: Test1234# # -- The location of the Couchbase restricted user config.configmap.cnCouchbaseSuperUser password. The file path must end with couchbase_superuser_password. - cnCouchbaseSuperUserPasswordFile: /etc/jans/conf/couchbase_superuser_password + cnCouchbaseSuperUserPasswordFile: /etc/gluu/conf/couchbase_superuser_password # -- Couchbase URL. Used only when global.cnPersistenceType is hybrid or couchbase. This should be in FQDN format for either remote or local Couchbase clusters. The address can be an internal address inside the kubernetes cluster - cnCouchbaseUrl: cbjans.default.svc.cluster.local + cnCouchbaseUrl: cbgluu.default.svc.cluster.local # -- Couchbase restricted user. Used only when global.cnPersistenceType is hybrid or couchbase. - cnCouchbaseUser: jans + cnCouchbaseUser: gluu # -- Document store type to use for shibboleth files JCA or LOCAL. Note that if JCA is selected Apache Jackrabbit will be used. Jackrabbit also enables loading custom files across all services easily. - cnDocumentStoreType: LOCAL + cnDocumentStoreType: JCA + # -- Jackrabbit admin uid. + cnJackrabbitAdminId: admin + # -- The location of the Jackrabbit admin uid config.cnJackrabbitAdminId. The file path must end with jackrabbit_admin_id. + cnJackrabbitAdminIdFile: /etc/gluu/conf/jackrabbit_admin_id + # -- The location of the Jackrabbit admin password jackrabbit.secrets.cnJackrabbitAdminPassword. The file path must end with jackrabbit_admin_password. + cnJackrabbitAdminPasswordFile: /etc/gluu/conf/jackrabbit_admin_password + # -- Jackrabbit postgres database name. + cnJackrabbitPostgresDatabaseName: jackrabbit + # -- Postgres url + cnJackrabbitPostgresHost: postgresql.postgres.svc.cluster.local + # -- The location of the Jackrabbit postgres password file jackrabbit.secrets.cnJackrabbitPostgresPassword. The file path must end with postgres_password. + cnJackrabbitPostgresPasswordFile: /etc/gluu/conf/postgres_password + # -- Jackrabbit Postgres port + cnJackrabbitPostgresPort: 5432 + # -- Jackrabbit Postgres uid + cnJackrabbitPostgresUser: jackrabbit + # -- Interval between files sync (default to 300 seconds). + cnJackrabbitSyncInterval: 300 + # -- Jackrabbit internal url. Normally left as default. + cnJackrabbitUrl: "http://jackrabbit:8080" # [google_envs] Envs related to using Google # -- Service account with roles roles/secretmanager.admin base64 encoded string. This is used often inside the services to reach the configuration layer. Used only when global.configAdapterName and global.configSecretAdapter is set to google. cnGoogleSecretManagerServiceAccount: SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo= @@ -81,14 +103,14 @@ configmap: # [google_secret_manager_envs] Envs related to using Google Secret Manager to store config and secret layer # -- Secret version to be used for secret configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. cnSecretGoogleSecretVersionId: "latest" - # -- Prefix for Janssen secret in Google Secret Manager. Defaults to jans. If left jans-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. - cnSecretGoogleSecretNamePrefix: jans - # -- Passphrase for Janssen secret in Google Secret Manager. This is used for encrypting and decrypting data from the Google Secret Manager. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + # -- Prefix for Gluu secret in Google Secret Manager. Defaults to gluu. If left gluu-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnSecretGoogleSecretNamePrefix: gluu + # -- Passphrase for Gluu secret in Google Secret Manager. This is used for encrypting and decrypting data from the Google Secret Manager. Used only when global.configAdapterName and global.configSecretAdapter is set to google. cnGoogleSecretManagerPassPhrase: Test1234# # -- Secret version to be used for configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. Used only when global.configAdapterName and global.configSecretAdapter is set to google. cnConfigGoogleSecretVersionId: "latest" - # -- Prefix for Janssen configuration secret in Google Secret Manager. Defaults to jans. If left intact jans-configuration secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. - cnConfigGoogleSecretNamePrefix: jans + # -- Prefix for Gluu configuration secret in Google Secret Manager. Defaults to gluu. If left intact gluu-configuration secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnConfigGoogleSecretNamePrefix: gluu # [google_secret_manager_envs] END # [google_envs] END # -- OpenDJ internal address. Leave as default. Used when `global.cnPersistenceType` is set to `ldap`. @@ -96,6 +118,7 @@ configmap: # -- Value passed to Java option -XX:MaxRAMPercentage cnMaxRamPercent: "75.0" # -- Boolean flag to enable/disable passport chart + cnPassportEnabled: false # -- Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`. cnPersistenceLdapMapping: default # -- Redis Sentinel Group. Often set when `config.configmap.cnRedisType` is set to `SENTINEL`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. @@ -117,18 +140,18 @@ configmap: # -- Country code. Used for certificate creation. countryCode: US # -- Email address of the administrator usually. Used for certificate creation. -email: support@jans.io +email: support@gluu.org image: # -- Image to use for deploying. - repository: janssenproject/configuration-manager + repository: janssenproject/configurator # -- Image tag to use for deploying. - tag: 1.0.0_b11 + tag: 1.0.0-beta.14 # -- Image Pull Secrets pullSecrets: [ ] # -- LDAP admin password if OpennDJ is used for persistence. ldapPassword: P@ssw0rds # -- Organization name. Used for certificate creation. -orgName: Janssen +orgName: Gluu # -- Redis admin password if `config.configmap.cnCacheType` is set to `REDIS`. redisPassword: P@assw0rd # -- Resource specs. @@ -163,6 +186,12 @@ migration: # Supported data formats are ldif, couchbase+json, spanner+avro, postgresql+json, and mysql+json. migrationDataFormat: ldif +cnOxtrustConfigGeneration: true nameOverride: "" fullNameOverride: "" + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } diff --git a/charts/jans/charts/nginx-ingress/.helmignore b/helm/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/.helmignore similarity index 100% rename from charts/jans/charts/nginx-ingress/.helmignore rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/.helmignore diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/Chart.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/Chart.yaml new file mode 100644 index 00000000000..f327b2eb908 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/Chart.yaml @@ -0,0 +1,21 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v2 +name: cr-rotate +version: 5.0.2 +kubeVersion: ">=v1.21.0-0" +description: CacheRefreshRotation is a special container to monitor cache refresh on oxTrust containers. This may become depreciated in 5.0. +type: application +keywords: + - CacheRefresh +home: https://gluu.org/docs/gluu-server +sources: + - https://gluu.org/docs/gluu-server/ + - https://github.com/GluuFederation/docker-cr-rotate + - https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate +maintainers: + - name: Mohammad Abudayyeh + email: support@gluu.org + url: https://github.com/moabu +icon: https://gluu.org/docs/gluu-server/favicon.ico +appVersion: "5.0.0" diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/README.md b/helm/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/README.md new file mode 100644 index 00000000000..41b70dceb58 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/README.md @@ -0,0 +1,55 @@ +# cr-rotate + +![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +CacheRefreshRotation is a special container to monitor cache refresh on oxTrust containers. This may become depreciated in 5.0. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | + +## Source Code + +* +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| dnsConfig | object | `{}` | Add custom dns config | +| dnsPolicy | string | `""` | Add custom dns policy | +| fullnameOverride | string | `""` | | +| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| image.pullSecrets | list | `[]` | Image Pull Secrets | +| image.repository | string | `"gluufederation/cr-rotate"` | Image to use for deploying. | +| image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | +| nameOverride | string | `""` | | +| resources | object | `{"limits":{"cpu":"200m","memory":"200Mi"},"requests":{"cpu":"200m","memory":"200Mi"}}` | Resource specs. | +| resources.limits.cpu | string | `"200m"` | CPU limit. | +| resources.limits.memory | string | `"200Mi"` | Memory limit. | +| resources.requests.cpu | string | `"200m"` | CPU request. | +| resources.requests.memory | string | `"200Mi"` | Memory request. | +| service.crRotateServiceName | string | `"cr-rotate"` | Name of the cr-rotate service. Please keep it as default. | +| service.name | string | `"http-cr-rotate"` | The name of the cr-rotate port within the cr-rotate service. Please keep it as default. | +| service.port | int | `8084` | Port of the casa service. Please keep it as default. | +| service.sessionAffinity | string | `"None"` | Default set to None If you want to make sure that connections from a particular client are passed to the same Pod each time, you can select the session affinity based on the client's IP addresses by setting this to ClientIP | +| service.sessionAffinityConfig | object | `{"clientIP":{"timeoutSeconds":10800}}` | the maximum session sticky time if sessionAffinity is ClientIP | +| usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/templates/_helpers.tpl b/helm/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/templates/_helpers.tpl new file mode 100644 index 00000000000..c8570f6e7cc --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/templates/_helpers.tpl @@ -0,0 +1,69 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "cr-rotate.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cr-rotate.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cr-rotate.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* + Common labels +*/}} +{{- define "cr-rotate.labels" -}} +app: {{ .Release.Name }}-{{ include "cr-rotate.name" . }} +helm.sh/chart: {{ include "cr-rotate.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create user custom defined envs +*/}} +{{- define "cr-rotate.usr-envs"}} +{{- range $key, $val := .Values.usrEnvs.normal }} +- name: {{ $key }} + value: {{ $val }} +{{- end }} +{{- end }} + +{{/* +Create user custom defined secret envs +*/}} +{{- define "cr-rotate.usr-secret-envs"}} +{{- range $key, $val := .Values.usrEnvs.secret }} +- name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs + key: {{ $key }} +{{- end }} +{{- end }} + diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/templates/daemonset.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/templates/daemonset.yaml new file mode 100644 index 00000000000..29aaf060175 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/templates/daemonset.yaml @@ -0,0 +1,83 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "cr-rotate.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: cr-rotote +{{ include "cr-rotate.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app: {{ .Release.Name }}-{{ include "cr-rotate.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ .Release.Name }}-{{ include "cr-rotate.name" . }} + release: {{ .Release.Name }} + APP_NAME: cr-rotate + spec: + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- with .Values.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} + containers: + - name: {{ include "cr-rotate.name" . }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + env: + {{- include "cr-rotate.usr-envs" . | indent 12 }} + {{- include "cr-rotate.usr-secret-envs" . | indent 12 }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: {{ .Release.Name }}-config-cm + {{ if .Values.global.usrEnvs.secret }} + - secretRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + {{ if .Values.global.usrEnvs.normal }} + - configMapRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + volumeMounts: + {{- with .Values.volumeMounts }} +{{- toYaml . | nindent 12 }} + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + - name: cb-crt + mountPath: "/etc/certs/couchbase.crt" + subPath: couchbase.crt + {{- end }} + {{- if or (eq .Values.global.storageClass.provisioner "microk8s.io/hostpath" ) (eq .Values.global.storageClass.provisioner "k8s.io/minikube-hostpath") }} + resources: {} + {{- else if .Values.global.cloud.testEnviroment }} + resources: {} + {{- else }} + resources: +{{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + volumes: + {{- with .Values.volumes }} +{{- toYaml . | nindent 8 }} + {{- end }} + + - name: cb-crt + secret: + secretName: {{ .Release.Name }}-cb-crt + {{- end }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/templates/service.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/templates/service.yaml new file mode 100644 index 00000000000..404a15ec80c --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/templates/service.yaml @@ -0,0 +1,34 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.crRotateServiceName }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Release.Name }}-{{ include "cr-rotate.name" . }} + chart: {{ include "cr-rotate.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + APP_NAME: cr-rotote +{{ include "cr-rotate.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + ports: + - port: {{ .Values.service.port }} + protocol: TCP + name: {{ .Values.service.name }} + selector: + app: {{ .Release.Name }}-{{ include "cr-rotate.name" . }} + release: {{ .Release.Name }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- with .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: +{{ toYaml . | indent 4 }} + {{- end }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/templates/user-custom-secret-envs.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/templates/user-custom-secret-envs.yaml new file mode 100644 index 00000000000..ec8a84a1e95 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/templates/user-custom-secret-envs.yaml @@ -0,0 +1,23 @@ +{{ if .Values.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: + APP_NAME: cr-rotote +{{ include "cr-rotate.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/values.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/values.yaml new file mode 100644 index 00000000000..14c69e3b14b --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/cr-rotate/values.yaml @@ -0,0 +1,61 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +# -- CacheRefreshRotation is a special container to monitor cache refresh on oxTrust containers. This may be depreciated. +# -- Add custom normal and secret envs to the service +usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} +# -- Add custom dns policy +dnsPolicy: "" +# -- Add custom dns config +dnsConfig: {} +image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/cr-rotate + # -- Image tag to use for deploying. + tag: 5.0.0_dev + # -- Image Pull Secrets + pullSecrets: [ ] +# -- Resource specs. +resources: + limits: + # -- CPU limit. + cpu: 200m + # -- Memory limit. + memory: 200Mi + requests: + # -- CPU request. + cpu: 200m + # -- Memory request. + memory: 200Mi +service: + # -- Name of the cr-rotate service. Please keep it as default. + crRotateServiceName: cr-rotate + # -- Port of the casa service. Please keep it as default. + port: 8084 + # -- The name of the cr-rotate port within the cr-rotate service. Please keep it as default. + name: http-cr-rotate + # -- Default set to None If you want to make sure that connections from a particular client are passed to the same Pod each time, you can select the session affinity based on the client's IP addresses by setting this to ClientIP + sessionAffinity: None + # -- the maximum session sticky time if sessionAffinity is ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 +# -- Configure any additional volumes that need to be attached to the pod +volumes: [] +# -- Configure any additional volumesMounts that need to be attached to the containers +volumeMounts: [] + +nameOverride: "" +fullnameOverride: "" + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } \ No newline at end of file diff --git a/charts/jans/charts/opendj/.helmignore b/helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/.helmignore similarity index 100% rename from charts/jans/charts/opendj/.helmignore rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/.helmignore diff --git a/charts/jans/charts/fido2/Chart.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/Chart.yaml similarity index 54% rename from charts/jans/charts/fido2/Chart.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/Chart.yaml index ce802658062..1c838f9d8b6 100644 --- a/charts/jans/charts/fido2/Chart.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/Chart.yaml @@ -1,23 +1,23 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: v2 name: fido2 -version: 1.0.0-b11 -kubeVersion: ">=v1.19.0-0" +version: 5.0.2 +kubeVersion: ">=v1.21.0-0" description: FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. type: application keywords: - fido2 - u2f -home: https://jans.io/ +home: https://gluu.org/docs/gluu-server/ sources: - - https://jans.io/ + - https://gluu.org/docs/gluu-server/ - https://github.com/JanssenProject/jans-fido2 - https://github.com/JanssenProject/docker-jans-fido2 - - https://github.com/JanssenFederation/cloud-native-edition/tree/master/pyjans/kubernetes/templates/helm/jans/charts/fido2 + - https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/fido2 maintainers: - name: Mohammad Abudayyeh - email: support@jans.io + email: support@gluu.org url: https://github.com/moabu -icon: https://jans.io/favicon.ico -appVersion: "1.0.0-b11" +icon: https://gluu.org/docs/gluu-server/favicon.ico +appVersion: "5.0.0" diff --git a/charts/jans/charts/fido2/README.md b/helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/README.md similarity index 67% rename from charts/jans/charts/fido2/README.md rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/README.md index f739778d02e..79ef3c0400c 100644 --- a/charts/jans/charts/fido2/README.md +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/README.md @@ -1,32 +1,34 @@ # fido2 -![Version: 1.0.0-b11](https://img.shields.io/badge/Version-1.0.0--b11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0-b11](https://img.shields.io/badge/AppVersion-1.0.0--b11-informational?style=flat-square) +![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. -**Homepage:** +**Homepage:** ## Maintainers | Name | Email | Url | | ---- | ------ | --- | -| Mohammad Abudayyeh | support@jans.io | https://github.com/moabu | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | ## Source Code -* +* * * -* +* ## Requirements -Kubernetes: `>=v1.19.0-0` +Kubernetes: `>=v1.21.0-0` ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | | hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | @@ -35,7 +37,7 @@ Kubernetes: `>=v1.19.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/fido2"` | Image to use for deploying. | -| image.tag | string | `"1.0.0_b11"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.0-beta.14"` | Image tag to use for deploying. | | livenessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for the fido2 if needed. | | livenessProbe.httpGet | object | `{"path":"/jans-fido2/sys/health-check","port":"http-fido2"}` | http liveness probe endpoint | | readinessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the readiness healthcheck for the fido2 if needed. | @@ -47,6 +49,8 @@ Kubernetes: `>=v1.19.0-0` | resources.requests.memory | string | `"500Mi"` | Memory request. | | service.name | string | `"http-fido2"` | The name of the fido2 port within the fido2 service. Please keep it as default. | | service.port | int | `8080` | Port of the fido2 service. Please keep it as default. | +| service.sessionAffinity | string | `"None"` | Default set to None If you want to make sure that connections from a particular client are passed to the same Pod each time, you can select the session affinity based on the client's IP addresses by setting this to ClientIP | +| service.sessionAffinityConfig | object | `{"clientIP":{"timeoutSeconds":10800}}` | the maximum session sticky time if sessionAffinity is ClientIP | | usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | | usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | | usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | diff --git a/charts/jans/charts/fido2/templates/_helpers.tpl b/helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/_helpers.tpl similarity index 100% rename from charts/jans/charts/fido2/templates/_helpers.tpl rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/_helpers.tpl diff --git a/charts/jans/charts/fido2/templates/deployment.yml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/deployment.yml similarity index 88% rename from charts/jans/charts/fido2/templates/deployment.yml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/deployment.yml index 94c013a4c3b..e19f35299af 100644 --- a/charts/jans/charts/fido2/templates/deployment.yml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/deployment.yml @@ -1,4 +1,4 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: apps/v1 kind: Deployment @@ -8,6 +8,13 @@ metadata: labels: APP_NAME: fido2 {{ include "fido2.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} spec: replicas: {{ .Values.replicas }} selector: @@ -73,19 +80,13 @@ spec: name: google-sa subPath: google-credentials.json {{- end }} - {{- if eq .Values.global.cnPersistenceType "sql" }} - - name: sql-pass - mountPath: "/etc/jans/conf/sql_password" - subPath: sql_password - {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} - name: {{ include "fido2.fullname" .}}-updatelbip mountPath: "/scripts" {{- end }} {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} - - name: cb-pass - mountPath: "/etc/jans/conf/couchbase_password" - subPath: couchbase_password + {{- if not .Values.global.istio.enabled }} - name: cb-crt mountPath: "/etc/certs/couchbase.crt" @@ -119,15 +120,9 @@ spec: secret: secretName: {{ .Release.Name }}-google-sa {{- end }} - {{- if eq .Values.global.cnPersistenceType "sql" }} - - name: sql-pass - secret: - secretName: {{ .Release.Name }}-sql-pass - {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} - - name: cb-pass - secret: - secretName: {{ .Release.Name }}-cb-pass + {{- if not .Values.global.istio.enabled }} - name: cb-crt secret: diff --git a/charts/jans/charts/fido2/templates/fido2-destination-rules.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/fido2-destination-rules.yaml similarity index 51% rename from charts/jans/charts/fido2/templates/fido2-destination-rules.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/fido2-destination-rules.yaml index cedcd8b210a..84221c9ba64 100644 --- a/charts/jans/charts/fido2/templates/fido2-destination-rules.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/fido2-destination-rules.yaml @@ -1,11 +1,21 @@ {{- if .Values.global.istio.enabled }} -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: {{ .Release.Name }}-fido2-mtls namespace: {{.Release.Namespace}} + labels: + APP_NAME: fido2 +{{ include "fido2.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} spec: host: {{ .Values.global.fido2.fido2ServiceName }}.{{ .Release.Namespace }}.svc.cluster.local trafficPolicy: diff --git a/charts/jans/charts/fido2/templates/fido2-virtual-services.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/fido2-virtual-services.yaml similarity index 67% rename from charts/jans/charts/fido2/templates/fido2-virtual-services.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/fido2-virtual-services.yaml index 145a8fe1d1a..af0721a8b4d 100644 --- a/charts/jans/charts/fido2/templates/fido2-virtual-services.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/fido2-virtual-services.yaml @@ -1,11 +1,21 @@ {{- if .Values.global.istio.ingress }} -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: {{ .Release.Name }}-istio-fido2-configuration namespace: {{.Release.Namespace}} + labels: + APP_NAME: fido2 +{{ include "fido2.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} spec: hosts: - {{ .Values.global.fqdn }} diff --git a/charts/jans/charts/fido2/templates/hpa.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/hpa.yaml similarity index 68% rename from charts/jans/charts/fido2/templates/hpa.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/hpa.yaml index 739fd74400f..1f0aeb8c2e1 100644 --- a/charts/jans/charts/fido2/templates/hpa.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/hpa.yaml @@ -1,10 +1,20 @@ {{ if .Values.hpa.enabled -}} -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: autoscaling/v1 kind: HorizontalPodAutoscaler metadata: name: {{ include "fido2.fullname" . }} + labels: + APP_NAME: fido2 +{{ include "fido2.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} spec: scaleTargetRef: apiVersion: apps/v1 diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/service.yml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/service.yml new file mode 100644 index 00000000000..694a3407c07 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/service.yml @@ -0,0 +1,31 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.global.fido2.fido2ServiceName }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: fido2 +{{ include "fido2.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + {{- if .Values.global.alb.ingress }} + type: NodePort + {{- end }} + ports: + - port: {{ .Values.service.port }} + name: {{ .Values.service.name }} + selector: + app: {{ .Release.Name }}-{{ include "fido2.name" . }} #fido2 + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- with .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: +{{ toYaml . | indent 4 }} + {{- end }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/user-custom-secret-envs.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/user-custom-secret-envs.yaml new file mode 100644 index 00000000000..fb0afcfa90b --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/templates/user-custom-secret-envs.yaml @@ -0,0 +1,23 @@ +{{ if .Values.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: + APP_NAME: fido2 +{{ include "fido2.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/charts/jans/charts/fido2/values.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/values.yaml similarity index 72% rename from charts/jans/charts/fido2/values.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/values.yaml index c1bf962a93b..12fdbc4f0ca 100644 --- a/charts/jans/charts/fido2/values.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/fido2/values.yaml @@ -1,4 +1,4 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 # -- FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. @@ -30,7 +30,7 @@ image: # -- Image to use for deploying. repository: janssenproject/fido2 # -- Image tag to use for deploying. - tag: 1.0.0_b11 + tag: 1.0.0-beta.14 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -52,6 +52,12 @@ service: name: http-fido2 # -- Port of the fido2 service. Please keep it as default. port: 8080 + # -- Default set to None If you want to make sure that connections from a particular client are passed to the same Pod each time, you can select the session affinity based on the client's IP addresses by setting this to ClientIP + sessionAffinity: None + # -- the maximum session sticky time if sessionAffinity is ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 # -- Configure the liveness healthcheck for the fido2 if needed. livenessProbe: # -- http liveness probe endpoint @@ -72,4 +78,9 @@ readinessProbe: # -- Configure any additional volumes that need to be attached to the pod volumes: [] # -- Configure any additional volumesMounts that need to be attached to the containers -volumeMounts: [] \ No newline at end of file +volumeMounts: [] + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } diff --git a/charts/jans/charts/scim/.helmignore b/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/.helmignore similarity index 100% rename from charts/jans/charts/scim/.helmignore rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/.helmignore diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/Chart.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/Chart.yaml new file mode 100644 index 00000000000..f5b4fe57123 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/Chart.yaml @@ -0,0 +1,23 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v2 +name: jackrabbit +version: 5.0.2 +kubeVersion: ">=v1.21.0-0" +description: Jackrabbit Oak is a complementary implementation of the JCR specification. It is an effort to implement a scalable and performant hierarchical content repository for use as the foundation of modern world-class web sites and other demanding content applications. +type: application +keywords: + - jackrabbit + - content repository +home: https://gluu.org/docs/gluu-server/installation-guide/install-kubernetes/#working-with-jackrabbit +sources: + - https://gluu.org/docs/gluu-server/installation-guide/install-kubernetes/#working-with-jackrabbit + - https://github.com/GluuFederation/docker-jackrabbit + - https://jackrabbit.apache.org/jcr/index.html + - https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit +maintainers: + - name: Mohammad Abudayyeh + email: support@gluu.org + url: https://github.com/moabu +icon: https://gluu.org/docs/gluu-server/favicon.ico +appVersion: "5.0.0" diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/README.md b/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/README.md new file mode 100644 index 00000000000..d1fd6542279 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/README.md @@ -0,0 +1,79 @@ +# jackrabbit + +![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +Jackrabbit Oak is a complementary implementation of the JCR specification. It is an effort to implement a scalable and performant hierarchical content repository for use as the foundation of modern world-class web sites and other demanding content applications. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | + +## Source Code + +* +* +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | +| additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| clusterId | string | `""` | This id needs to be unique to each kubernetes cluster in a multi cluster setup west, east, south, north, region ...etc If left empty it will be randomly generated. | +| dnsConfig | object | `{}` | Add custom dns config | +| dnsPolicy | string | `""` | Add custom dns policy | +| fullnameOverride | string | `""` | | +| hpa.behavior | object | `{}` | Scaling Policies | +| hpa.enabled | bool | `true` | | +| hpa.maxReplicas | int | `10` | | +| hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| hpa.minReplicas | int | `1` | | +| hpa.targetCPUUtilizationPercentage | int | `50` | | +| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| image.pullSecrets | list | `[]` | Image Pull Secrets | +| image.repository | string | `"gluufederation/jackrabbit"` | Image to use for deploying. | +| image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | +| jackrabbitVolumeMounts.repository.mountPath | string | `"/opt/jackrabbit/repository"` | | +| jackrabbitVolumeMounts.repository.name | string | `"jackrabbit-volume"` | | +| jackrabbitVolumeMounts.version.mountPath | string | `"/opt/jackrabbit/version"` | | +| jackrabbitVolumeMounts.version.name | string | `"jackrabbit-volume"` | | +| jackrabbitVolumeMounts.workspaces.mountPath | string | `"opt/jackrabbit/workspaces"` | | +| jackrabbitVolumeMounts.workspaces.name | string | `"jackrabbit-volume"` | | +| livenessProbe | object | `{"initialDelaySeconds":25,"periodSeconds":25,"tcpSocket":{"port":"http-jackrabbit"},"timeoutSeconds":5}` | Configure the liveness healthcheck for the Jackrabbit if needed. | +| livenessProbe.tcpSocket | object | `{"port":"http-jackrabbit"}` | Executes tcp healthcheck. | +| nameOverride | string | `""` | | +| readinessProbe | object | `{"initialDelaySeconds":30,"periodSeconds":30,"tcpSocket":{"port":"http-jackrabbit"},"timeoutSeconds":5}` | Configure the readiness healthcheck for the Jackrabbit if needed. | +| readinessProbe.tcpSocket | object | `{"port":"http-jackrabbit"}` | Executes tcp healthcheck. | +| replicas | int | `1` | Service replica number. | +| resources | object | `{"limits":{"cpu":"1500m","memory":"1000Mi"},"requests":{"cpu":"1500m","memory":"1000Mi"}}` | Resource specs. | +| resources.limits.cpu | string | `"1500m"` | CPU limit. | +| resources.limits.memory | string | `"1000Mi"` | Memory limit. | +| resources.requests.cpu | string | `"1500m"` | CPU request. | +| resources.requests.memory | string | `"1000Mi"` | Memory request. | +| secrets.cnJackrabbitAdminPassword | string | `"admin"` | Jackrabbit admin uid password | +| secrets.cnJackrabbitPostgresPassword | string | `"P@ssw0rd"` | Jackrabbit Postgres uid password | +| service.name | string | `"http-jackrabbit"` | The name of the jackrabbit port within the jackrabbit service. Please keep it as default. | +| service.port | int | `8080` | Port of the jackrabbit service. Please keep it as default. | +| service.sessionAffinity | string | `"None"` | Default set to None If you want to make sure that connections from a particular client are passed to the same Pod each time, you can select the session affinity based on the client's IP addresses by setting this to ClientIP | +| service.sessionAffinityConfig | object | `{"clientIP":{"timeoutSeconds":10800}}` | the maximum session sticky time if sessionAffinity is ClientIP | +| storage.accessModes | string | `"ReadWriteOnce"` | | +| storage.size | string | `"5Gi"` | Jackrabbit volume size | +| storage.type | string | `"DirectoryOrCreate"` | | +| usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/templates/_helpers.tpl b/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/templates/_helpers.tpl new file mode 100644 index 00000000000..1ff58881793 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/templates/_helpers.tpl @@ -0,0 +1,83 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "jackrabbit.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "jackrabbit.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Generate random clusterId to appended to the name. This is relevent expecially when there are multiple kubernetes clusters where this id otherwise would be the same. +In Jackrabbit: + + + + +*/}} +{{- define "jackrabbit.clusterId" -}} +{{- if .Values.clusterId -}} +{{- .Values.clusterId | lower -}} +{{- else -}} +{{- randAlpha 5 | lower -}} +{{- end -}} +{{- end -}} +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "jackrabbit.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* + Common labels +*/}} +{{- define "jackrabbit.labels" -}} +app: {{ .Release.Name }}-{{ include "jackrabbit.name" . }} +helm.sh/chart: {{ include "jackrabbit.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create user custom defined envs +*/}} +{{- define "jackrabbit.usr-envs"}} +{{- range $key, $val := .Values.usrEnvs.normal }} +- name: {{ $key }} + value: {{ $val }} +{{- end }} +{{- end }} + +{{/* +Create user custom defined secret envs +*/}} +{{- define "jackrabbit.usr-secret-envs"}} +{{- range $key, $val := .Values.usrEnvs.secret }} +- name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs + key: {{ $key }} +{{- end }} +{{- end }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/templates/hpa.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/templates/hpa.yaml new file mode 100644 index 00000000000..c1b1e022aa8 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/templates/hpa.yaml @@ -0,0 +1,38 @@ +{{ if .Values.hpa.enabled -}} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "jackrabbit.fullname" . }}-{{ include "jackrabbit.clusterId" . }} + labels: +{{ include "jackrabbit.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: StatefulSet + name: {{ include "jackrabbit.fullname" . }}-{{ include "jackrabbit.clusterId" . }} + minReplicas: {{ .Values.hpa.minReplicas }} + maxReplicas: {{ .Values.hpa.maxReplicas }} + {{- if .Values.hpa.targetCPUUtilizationPercentage }} + targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage }} + {{- else if .Values.hpa.metrics }} + metrics: + {{- with .Values.hpa.metrics }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + {{- if .Values.hpa.behavior }} + behavior: + {{- with .Values.hpa.behavior }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/templates/jackrabbit-destination-rules.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/templates/jackrabbit-destination-rules.yaml new file mode 100644 index 00000000000..c5b384bb301 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/templates/jackrabbit-destination-rules.yaml @@ -0,0 +1,23 @@ +{{- if .Values.global.istio.enabled }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: {{ .Release.Name }}-jackrabbit-mtls + namespace: {{.Release.Namespace}} + labels: +{{ include "jackrabbit.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + host: {{ .Values.global.jackrabbit.jackRabbitServiceName }}.{{ .Release.Namespace }}.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL +{{- end }} \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/templates/secret.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/templates/secret.yaml new file mode 100644 index 00000000000..c93bfe7cd6e --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/templates/secret.yaml @@ -0,0 +1,37 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: cn-jackrabbit-admin-pass + namespace: {{ .Release.Namespace }} + labels: +{{ include "jackrabbit.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +data: + jackrabbit_admin_password: {{ .Values.secrets.cnJackrabbitAdminPassword | b64enc }} +{{ if .Values.global.cnJackrabbitCluster }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: cn-jackrabbit-postgres-pass + namespace: {{ .Release.Namespace }} + labels: +{{ include "jackrabbit.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +data: + postgres_password: {{ .Values.secrets.cnJackrabbitPostgresPassword | b64enc }} +{{- end -}} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/templates/service.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/templates/service.yaml new file mode 100644 index 00000000000..c0a57207937 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/templates/service.yaml @@ -0,0 +1,28 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.global.jackrabbit.jackRabbitServiceName }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "jackrabbit.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + ports: + - port: {{ .Values.service.port }} + name: {{ .Values.service.name }} + clusterIP: None + selector: + app: {{ .Release.Name }}-{{ include "jackrabbit.name" . }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- with .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: +{{ toYaml . | indent 4 }} + {{- end }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/templates/statefulset.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/templates/statefulset.yaml new file mode 100644 index 00000000000..f31ab58b5d2 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/templates/statefulset.yaml @@ -0,0 +1,117 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "jackrabbit.fullname" . }}-{{ include "jackrabbit.clusterId" . }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "jackrabbit.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app: {{ .Release.Name }}-{{ include "jackrabbit.name" . }} + serviceName: {{ include "jackrabbit.name" . }} + replicas: {{ .Values.replicas }} + template: + metadata: + labels: + app: {{ .Release.Name }}-{{ include "jackrabbit.name" . }} + {{- if .Values.global.istio.ingress }} + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "true" + {{- end }} + spec: + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- with .Values.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + {{- with .Values.volumes }} +{{- toYaml . | nindent 8 }} + {{- end }} + - name: cn-jackrabbit-admin-pass + secret: + secretName: cn-jackrabbit-admin-pass + {{- if .Values.global.cnJackrabbitCluster }} + - name: cn-jackrabbit-postgres-pass + secret: + secretName: cn-jackrabbit-postgres-pass + {{- end }} + containers: + - name: {{ include "jackrabbit.name" . }} + env: + {{- include "jackrabbit.usr-envs" . | indent 12 }} + {{- include "jackrabbit.usr-secret-envs" . | indent 12 }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + envFrom: + - configMapRef: + name: {{ .Release.Name }}-config-cm + {{ if .Values.global.usrEnvs.secret }} + - secretRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + {{ if .Values.global.usrEnvs.normal }} + - configMapRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + ports: + - name: {{ .Values.service.name }} + containerPort: {{ .Values.service.port }} + protocol: TCP + volumeMounts: + {{- with .Values.volumeMounts }} +{{- toYaml . | nindent 10 }} + {{- end }} + - name: cn-jackrabbit-admin-pass + mountPath: /etc/gluu/conf/jackrabbit_admin_password + subPath: jackrabbit_admin_password + {{- if .Values.global.cnJackrabbitCluster }} + - name: cn-jackrabbit-postgres-pass + mountPath: /etc/gluu/conf/postgres_password + subPath: postgres_password + {{- end }} + {{- range $key, $values := .Values.jackrabbitVolumeMounts }} + - mountPath: {{$values.mountPath}} + name: {{$values.name}} + subPath: {{$key}} + {{- end }} + readinessProbe: +{{- toYaml .Values.readinessProbe | nindent 10 }} + livenessProbe: +{{- toYaml .Values.livenessProbe | nindent 10 }} + {{- if or (eq .Values.global.storageClass.provisioner "microk8s.io/hostpath" ) (eq .Values.global.storageClass.provisioner "k8s.io/minikube-hostpath") }} + resources: {} + {{- else if .Values.global.cloud.testEnviroment }} + resources: {} + {{- else }} + resources: +{{- toYaml .Values.resources | nindent 10 }} + {{- end }} + volumeClaimTemplates: + - metadata: + name: jackrabbit-volume + spec: + accessModes: + - {{ .Values.storage.accessModes }} + resources: + requests: + storage: {{ .Values.storage.size }} + {{- if eq .Values.global.storageClass.provisioner "k8s.io/minikube-hostpath" }} + storageClassName: standard + {{- else }} + storageClassName: {{ include "jackrabbit.fullname" . | quote }} + {{- end }} \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/templates/storageclass.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/templates/storageclass.yaml new file mode 100644 index 00000000000..ee7281c2fa1 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/templates/storageclass.yaml @@ -0,0 +1,58 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: {{ include "jackrabbit.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + storage: jackrabbit +{{ include "jackrabbit.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "2" + "helm.sh/hook-delete-policy": before-hook-creation +{{- if .Values.additionalAnnotations }} +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} + annotations: + # Annotation below is to keep the storage class during upgrade. Otherwise, due to the flag at line 1 which is needed, this resource will be deleted. + helm.sh/resource-policy: keep + storageclass.beta.kubernetes.io/is-default-class: "false" + {{- if eq .Values.global.storageClass.provisioner "openebs.io/local" }} + openebs.io/cas-type: local + cas.openebs.io/config: | + - name: StorageType + value: hostpath + - name: BasePath + value: /var/local-hostpath + {{- end }} +provisioner: {{ .Values.global.storageClass.provisioner }} +{{- if and ( ne .Values.global.storageClass.provisioner "microk8s.io/hostpath" ) ( ne .Values.global.storageClass.provisioner "k8s.io/minikube-hostpath") ( ne .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") ( ne .Values.global.storageClass.provisioner "kubernetes.io/gce-pd") ( ne .Values.global.storageClass.provisioner "dobs.csi.digitalocean.com") ( ne .Values.global.storageClass.provisioner "openebs.io/local") ( ne .Values.global.storageClass.provisioner "kubernetes.io/azure-disk") }} +parameters: +{{ toYaml .Values.global.storageClass.parameters | indent 4 }} +{{- else }} +parameters: + {{- if eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs" }} + type: {{ .Values.global.awsStorageType }} + fsType: ext4 + {{- else if eq .Values.global.storageClass.provisioner "kubernetes.io/gce-pd" }} + type: {{ .Values.global.gcePdStorageType }} + {{- else if eq .Values.global.storageClass.provisioner "kubernetes.io/azure-disk" }} + storageAccountType: {{ .Values.global.azureStorageAccountType }} + kind: {{ .Values.global.azureStorageKind }} + {{- else if eq .Values.global.storageClass.provisioner "dobs.csi.digitalocean.com" }} + {{- else if eq .Values.global.storageClass.provisioner "openebs.io/local" }} + {{- else }} + pool: default + fsType: ext4 + {{- end }} +{{- end }} +allowVolumeExpansion: {{ .Values.global.storageClass.allowVolumeExpansion }} +volumeBindingMode: {{ .Values.global.storageClass.volumeBindingMode }} +reclaimPolicy: {{ .Values.global.storageClass.reclaimPolicy }} +mountOptions: {{ .Values.global.storageClass.mountOptions | toJson }} +allowedTopologies: {{ .Values.global.storageClass.allowedTopologies | toJson }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/templates/user-custom-secret-envs.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/templates/user-custom-secret-envs.yaml new file mode 100644 index 00000000000..21d4c18647b --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/templates/user-custom-secret-envs.yaml @@ -0,0 +1,22 @@ +{{ if .Values.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: +{{ include "jackrabbit.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/values.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/values.yaml new file mode 100644 index 00000000000..da8b96cfc7e --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/jackrabbit/values.yaml @@ -0,0 +1,116 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +# jackrabbit Environament Variables +# -- Jackrabbit Oak is a complementary implementation of the JCR specification. It is an effort to implement a scalable and performant hierarchical content repository for use as the foundation of modern world-class web sites and other demanding content applications +# https://jackrabbit.apache.org/jcr/index.html +# -- Configure the HorizontalPodAutoscaler +hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} +# -- Add custom normal and secret envs to the service +usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} +# -- Add custom dns policy +dnsPolicy: "" +# -- Add custom dns config +dnsConfig: {} +image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/jackrabbit + # -- Image tag to use for deploying. + tag: 5.0.0_dev + # -- Image Pull Secrets + pullSecrets: [ ] +# -- Service replica number. +replicas: 1 +# -- Resource specs. +resources: + limits: + # -- CPU limit. + cpu: 1500m + # -- Memory limit. + memory: 1000Mi + requests: + # -- CPU request. + cpu: 1500m + # -- Memory request. + memory: 1000Mi +secrets: + # -- Jackrabbit admin uid password + cnJackrabbitAdminPassword: admin + # -- Jackrabbit Postgres uid password + cnJackrabbitPostgresPassword: P@ssw0rd +service: + # -- The name of the jackrabbit port within the jackrabbit service. Please keep it as default. + name: http-jackrabbit + # -- Port of the jackrabbit service. Please keep it as default. + port: 8080 + # -- Default set to None If you want to make sure that connections from a particular client are passed to the same Pod each time, you can select the session affinity based on the client's IP addresses by setting this to ClientIP + sessionAffinity: None + # -- the maximum session sticky time if sessionAffinity is ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 + +storage: + # -- Jackrabbit volume size + size: 5Gi + accessModes: ReadWriteOnce + type: DirectoryOrCreate +# -- Configure the liveness healthcheck for the Jackrabbit if needed. +livenessProbe: + # -- Executes tcp healthcheck. + tcpSocket: + port: http-jackrabbit + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 +# -- Configure the readiness healthcheck for the Jackrabbit if needed. +readinessProbe: + # -- Executes tcp healthcheck. + tcpSocket: + port: http-jackrabbit + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 +# -- Configure any additional volumes that need to be attached to the pod +volumes: [] +# -- Configure any additional volumesMounts that need to be attached to the containers +volumeMounts: [] + +nameOverride: "" +fullnameOverride: "" +# -- This id needs to be unique to each kubernetes cluster in a multi cluster setup +# west, east, south, north, region ...etc If left empty it will be randomly generated. +clusterId: "" + +# VolumeMounts for StatefulSet +# jackrabbit-init vm +jackrabbitVolumeMounts: + repository: + mountPath: /opt/jackrabbit/repository + name: jackrabbit-volume + version: + mountPath: /opt/jackrabbit/version + name: jackrabbit-volume + workspaces: + mountPath: opt/jackrabbit/workspaces + name: jackrabbit-volume + +# -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} +additionalAnnotations: { } diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/.helmignore b/helm/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/.helmignore new file mode 100644 index 00000000000..f0c13194444 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/jans/charts/nginx-ingress/Chart.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/Chart.yaml similarity index 50% rename from charts/jans/charts/nginx-ingress/Chart.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/Chart.yaml index 12463ec983d..a9e403c5735 100644 --- a/charts/jans/charts/nginx-ingress/Chart.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/Chart.yaml @@ -1,22 +1,22 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: v2 name: nginx-ingress -version: 1.0.0-b11 -kubeVersion: ">=v1.19.0-0" +version: 5.0.2 +kubeVersion: ">=v1.21.0-0" description: Nginx ingress definitions chart type: application keywords: - nginx - ingress -home: https://jans.io +home: https://gluu.org/docs/gluu-server sources: - https://github.com/kubernetes/ingress-nginx - https://kubernetes.io/docs/concepts/services-networking/ingress/ - - https://github.com/JanssenFederation/cloud-native-edition/tree/4.3/pyjans/kubernetes/templates/helm/jans/charts/nginx-ingress + - https://github.com/GluuFederation/cloud-native-edition/tree/4.3/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress maintainers: - name: Mohammad Abudayyeh - email: support@jans.io + email: support@gluu.org url: https://github.com/moabu -icon: https://jans.io/favicon.ico -appVersion: "1.0.0-b11" +icon: https://gluu.org/docs/gluu-server/favicon.ico +appVersion: "5.0.0" diff --git a/charts/jans/charts/nginx-ingress/README.md b/helm/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/README.md similarity index 83% rename from charts/jans/charts/nginx-ingress/README.md rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/README.md index 6a446271435..509b28be00f 100644 --- a/charts/jans/charts/nginx-ingress/README.md +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/README.md @@ -1,26 +1,26 @@ # nginx-ingress -![Version: 1.0.0-b11](https://img.shields.io/badge/Version-1.0.0--b11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0-b11](https://img.shields.io/badge/AppVersion-1.0.0--b11-informational?style=flat-square) +![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Nginx ingress definitions chart -**Homepage:** +**Homepage:** ## Maintainers | Name | Email | Url | | ---- | ------ | --- | -| Mohammad Abudayyeh | support@jans.io | https://github.com/moabu | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | ## Source Code * * -* +* ## Requirements -Kubernetes: `>=v1.19.0-0` +Kubernetes: `>=v1.21.0-0` ## Values @@ -42,7 +42,7 @@ Kubernetes: `>=v1.19.0-0` | ingress.configApiLabels | object | `{}` | configAPI ingress resource labels. key app is taken | | ingress.fido2ConfigEnabled | bool | `false` | Enable endpoint /.well-known/fido2-configuration | | ingress.fido2ConfigLabels | object | `{}` | fido2 config ingress resource labels. key app is taken | -| ingress.hosts[0] | string | `"demoexample.jans.io"` | | +| ingress.hosts[0] | string | `"demoexample.gluu.org"` | | | ingress.openidConfigEnabled | bool | `true` | Enable endpoint /.well-known/openid-configuration | | ingress.openidConfigLabels | object | `{}` | openid-configuration ingress resource labels. key app is taken | | ingress.path | string | `"/"` | | @@ -50,7 +50,7 @@ Kubernetes: `>=v1.19.0-0` | ingress.scimConfigLabels | object | `{}` | webdiscovery ingress resource labels. key app is taken | | ingress.scimEnabled | bool | `false` | Enable SCIM endpoints /jans-scim | | ingress.scimLabels | object | `{}` | scim config ingress resource labels. key app is taken | -| ingress.tls[0].hosts[0] | string | `"demoexample.jans.io"` | | +| ingress.tls[0].hosts[0] | string | `"demoexample.gluu.org"` | | | ingress.tls[0].secretName | string | `"tls-certificate"` | | | ingress.u2fConfigEnabled | bool | `true` | Enable endpoint /.well-known/fido-configuration | | ingress.u2fConfigLabels | object | `{}` | u2f config ingress resource labels. key app is taken | diff --git a/charts/jans/charts/nginx-ingress/templates/_helpers.tpl b/helm/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/templates/_helpers.tpl similarity index 100% rename from charts/jans/charts/nginx-ingress/templates/_helpers.tpl rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/templates/_helpers.tpl diff --git a/charts/jans/charts/nginx-ingress/templates/ingress.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/templates/ingress.yaml similarity index 84% rename from charts/jans/charts/nginx-ingress/templates/ingress.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/templates/ingress.yaml index 35013808d50..0a7007bf0b7 100644 --- a/charts/jans/charts/nginx-ingress/templates/ingress.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/templates/ingress.yaml @@ -1,5 +1,63 @@ # License terms and conditions for Janssen Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 +{{ if .Values.ingress.adminUiEnabled -}} +{{ $fullName := include "nginx-ingress.fullname" . -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }}-admin-ui + labels: + app: {{ $fullName }}-admin-ui +{{- if .Values.ingress.additionalLabels }} +{{ toYaml .Values.ingress.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.ingress.adminUiLabels }} +{{ toYaml .Values.ingress.adminUiLabels | indent 4 }} +{{- end }} + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/proxy-read-timeout: "300" +{{- if .Values.ingress.adminUiAdditionalAnnotations }} +{{ toYaml .Values.ingress.adminUiAdditionalAnnotations | indent 4 }} +{{- end }} +{{- if .Values.ingress.additionalAnnotations }} +{{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + {{- $host := . -}} + {{- with $ }} + - host: {{ $host | quote }} + http: + paths: + - path: /admin(|$)(.*) + pathType: Prefix + backend: + service: + name: {{ index .Values "global" "admin-ui" "adminUiServiceName" }} + port: + number: 8080 + {{- end }} + {{- end }} +{{- end }} + +--- + {{ if .Values.ingress.openidConfigEnabled -}} {{ $fullName := include "nginx-ingress.fullname" . -}} {{- $ingressPath := .Values.ingress.path -}} @@ -21,6 +79,9 @@ metadata: nginx.ingress.kubernetes.io/proxy-read-timeout: "300" nginx.ingress.kubernetes.io/configuration-snippet: "rewrite /.well-known/openid-configuration /jans-auth/.well-known/openid-configuration$1 break;" nginx.ingress.kubernetes.io/rewrite-target: /jans-auth/.well-known/openid-configuration +{{- if .Values.ingress.openidAdditionalAnnotations }} +{{ toYaml .Values.ingress.openidAdditionalAnnotations | indent 4 }} +{{- end }} {{- if .Values.ingress.additionalAnnotations }} {{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} {{- end }} @@ -76,6 +137,9 @@ metadata: nginx.ingress.kubernetes.io/proxy-read-timeout: "300" nginx.ingress.kubernetes.io/configuration-snippet: "rewrite /.well-known/uma2-configuration /jans-auth/restv1/uma2-configuration$1 break;" nginx.ingress.kubernetes.io/rewrite-target: /jans-auth/restv1/uma2-configuration +{{- if .Values.ingress.uma2AdditionalAnnotations }} +{{ toYaml .Values.ingress.uma2AdditionalAnnotations | indent 4 }} +{{- end }} {{- if .Values.ingress.additionalAnnotations }} {{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} {{- end }} @@ -131,6 +195,9 @@ metadata: nginx.ingress.kubernetes.io/proxy-read-timeout: "300" nginx.ingress.kubernetes.io/configuration-snippet: "rewrite /.well-known/webfinger /jans-auth/.well-known/webfinger$1 break;" nginx.ingress.kubernetes.io/rewrite-target: /jans-auth/.well-known/webfinger +{{- if .Values.ingress.webfingerAdditionalAnnotations }} +{{ toYaml .Values.ingress.webfingerAdditionalAnnotations | indent 4 }} +{{- end }} {{- if .Values.ingress.additionalAnnotations }} {{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} {{- end }} @@ -186,6 +253,9 @@ metadata: nginx.ingress.kubernetes.io/proxy-read-timeout: "300" nginx.ingress.kubernetes.io/configuration-snippet: "rewrite /.well-known/simple-web-discovery /jans-auth/.well-known/simple-web-discovery$1 break;" nginx.ingress.kubernetes.io/rewrite-target: /jans-auth/.well-known/simple-web-discovery +{{- if .Values.ingress.webdiscoveryAdditionalAnnotations }} +{{ toYaml .Values.ingress.webdiscoveryAdditionalAnnotations | indent 4 }} +{{- end }} {{- if .Values.ingress.additionalAnnotations }} {{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} {{- end }} @@ -241,6 +311,9 @@ metadata: nginx.ingress.kubernetes.io/proxy-read-timeout: "300" nginx.ingress.kubernetes.io/configuration-snippet: "rewrite /.well-known/scim-configuration /jans-scim/restv1/scim-configuration$1 break;" nginx.ingress.kubernetes.io/rewrite-target: /jans-scim/restv1/scim-configuration +{{- if .Values.ingress.scimConfigAdditionalAnnotations }} +{{ toYaml .Values.ingress.scimConfigAdditionalAnnotations | indent 4 }} +{{- end }} {{- if .Values.ingress.additionalAnnotations }} {{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} {{- end }} @@ -294,6 +367,9 @@ metadata: kubernetes.io/ingress.class: "nginx" nginx.org/ssl-services: "scim" nginx.ingress.kubernetes.io/proxy-next-upstream: "error timeout invalid_header http_500 http_502 http_503 http_504" +{{- if .Values.ingress.scimAdditionalAnnotations }} +{{ toYaml .Values.ingress.scimAdditionalAnnotations | indent 4 }} +{{- end }} {{- if .Values.ingress.additionalAnnotations }} {{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} {{- end }} @@ -347,6 +423,9 @@ metadata: kubernetes.io/ingress.class: "nginx" nginx.org/ssl-services: "configapi" nginx.ingress.kubernetes.io/proxy-next-upstream: "error timeout invalid_header http_500 http_502 http_503 http_504" +{{- if .Values.ingress.configApiAdditionalAnnotations }} +{{ toYaml .Values.ingress.configApiAdditionalAnnotations | indent 4 }} +{{- end }} {{- if .Values.ingress.additionalAnnotations }} {{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} {{- end }} @@ -402,6 +481,9 @@ metadata: nginx.ingress.kubernetes.io/proxy-read-timeout: "300" nginx.ingress.kubernetes.io/configuration-snippet: "rewrite /.well-known/fido-configuration /jans-auth/restv1/fido-configuration$1 break;" nginx.ingress.kubernetes.io/rewrite-target: /jans-auth/restv1/fido-configuration +{{- if .Values.ingress.u2fAdditionalAnnotations }} +{{ toYaml .Values.ingress.u2fAdditionalAnnotations | indent 4 }} +{{- end }} {{- if .Values.ingress.additionalAnnotations }} {{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} {{- end }} @@ -457,6 +539,9 @@ metadata: nginx.ingress.kubernetes.io/proxy-read-timeout: "300" nginx.ingress.kubernetes.io/configuration-snippet: "rewrite /.well-known/fido2-configuration /jans-fido2/restv1/configuration$1 break;" nginx.ingress.kubernetes.io/rewrite-target: /jans-fido2/restv1/configuration +{{- if .Values.ingress.fido2ConfigAdditionalAnnotations }} +{{ toYaml .Values.ingress.fido2ConfigAdditionalAnnotations | indent 4 }} +{{- end }} {{- if .Values.ingress.additionalAnnotations }} {{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} {{- end }} @@ -510,6 +595,9 @@ metadata: kubernetes.io/ingress.class: "nginx" nginx.org/ssl-services: "auth-server" nginx.ingress.kubernetes.io/proxy-next-upstream: "error timeout invalid_header http_500 http_502 http_503 http_504" +{{- if .Values.ingress.authServerAdditionalAnnotations }} +{{ toYaml .Values.ingress.authServerAdditionalAnnotations | indent 4 }} +{{- end }} {{- if .Values.ingress.additionalAnnotations }} {{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} {{- end }} @@ -563,6 +651,9 @@ metadata: kubernetes.io/ingress.class: "nginx" nginx.org/ssl-services: "auth-server" nginx.ingress.kubernetes.io/proxy-next-upstream: "error timeout invalid_header http_500 http_502 http_503 http_504" +{{- if .Values.ingress.authServerProtectedTokenAdditionalAnnotations }} +{{ toYaml .Values.ingress.authServerProtectedTokenAdditionalAnnotations | indent 4 }} +{{- end }} {{- if .Values.ingress.additionalAnnotations }} {{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} {{- end }} @@ -612,13 +703,16 @@ metadata: {{- if .Values.ingress.additionalLabels }} {{ toYaml .Values.ingress.additionalLabels | indent 4 }} {{- end }} -{{- if .Values.ingress.authServerProtectedRedisterLabels }} -{{ toYaml .Values.ingress.authServerProtectedRedisterLabels | indent 4 }} +{{- if .Values.ingress.authServerProtectedRegisterLabels }} +{{ toYaml .Values.ingress.authServerProtectedRegisterLabels | indent 4 }} {{- end }} annotations: kubernetes.io/ingress.class: "nginx" nginx.org/ssl-services: "auth-server" nginx.ingress.kubernetes.io/proxy-next-upstream: "error timeout invalid_header http_500 http_502 http_503 http_504" +{{- if .Values.ingress.authServerProtectedRegisterAdditionalAnnotations }} +{{ toYaml .Values.ingress.authServerProtectedRegisterAdditionalAnnotations | indent 4 }} +{{- end }} {{- if .Values.ingress.additionalAnnotations }} {{ toYaml .Values.ingress.additionalAnnotations | indent 4 }} {{- end }} diff --git a/charts/jans/charts/nginx-ingress/values.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/values.yaml similarity index 95% rename from charts/jans/charts/nginx-ingress/values.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/values.yaml index 5d24bc6e14a..e845b6be3b0 100644 --- a/charts/jans/charts/nginx-ingress/values.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/values.yaml @@ -1,4 +1,4 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 # Default values for nginx-ingress. nameOverride: "" @@ -67,8 +67,8 @@ ingress: annotations: {} path: / hosts: - - demoexample.jans.io + - demoexample.gluu.org tls: - secretName: tls-certificate hosts: - - demoexample.jans.io + - demoexample.gluu.org diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/.helmignore b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/.helmignore new file mode 100644 index 00000000000..f0c13194444 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/jans/charts/opendj/Chart.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/Chart.yaml similarity index 56% rename from charts/jans/charts/opendj/Chart.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/Chart.yaml index c0ab29b012a..6736646bc3c 100644 --- a/charts/jans/charts/opendj/Chart.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/Chart.yaml @@ -1,21 +1,21 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: v2 name: opendj -version: 1.0.0-b11 -kubeVersion: ">=v1.19.0-0" +version: 5.0.2 +kubeVersion: ">=v1.21.0-0" description: OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions. type: application keywords: - LDAP - OpenDJ -home: https://jans.io +home: https://gluu.org/docs/gluu-server sources: - - https://github.com/JanssenFederation/docker-opendj - - https://github.com/JanssenFederation/cloud-native-edition/tree/master/pyjans/kubernetes/templates/helm/jans/charts/opendj + - https://github.com/GluuFederation/docker-opendj + - https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/opendj maintainers: - name: Mohammad Abudayyeh - email: support@jans.io + email: support@gluu.org url: https://github.com/moabu -icon: https://jans.io/favicon.ico -appVersion: "1.0.0-b11" \ No newline at end of file +icon: https://gluu.org/docs/gluu-server/favicon.ico +appVersion: "5.0.0" \ No newline at end of file diff --git a/charts/jans/charts/opendj/README.md b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/README.md similarity index 75% rename from charts/jans/charts/opendj/README.md rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/README.md index 10281a2aa15..05ebcc322de 100644 --- a/charts/jans/charts/opendj/README.md +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/README.md @@ -1,30 +1,32 @@ # opendj -![Version: 1.0.0-b11](https://img.shields.io/badge/Version-1.0.0--b11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0-b11](https://img.shields.io/badge/AppVersion-1.0.0--b11-informational?style=flat-square) +![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions. -**Homepage:** +**Homepage:** ## Maintainers | Name | Email | Url | | ---- | ------ | --- | -| Mohammad Abudayyeh | support@jans.io | https://github.com/moabu | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | ## Source Code -* -* +* +* ## Requirements -Kubernetes: `>=v1.19.0-0` +Kubernetes: `>=v1.21.0-0` ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | | fullnameOverride | string | `""` | | @@ -38,15 +40,15 @@ Kubernetes: `>=v1.19.0-0` | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"gluufederation/opendj"` | Image to use for deploying. | | image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | -| livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for OpenDJ if needed. https://github.com/JanssenFederation/docker-opendj/blob/4.3/scripts/healthcheck.py | +| livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for OpenDJ if needed. https://github.com/GluuFederation/docker-opendj/blob/4.3/scripts/healthcheck.py | | livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. | | multiCluster.clusterId | string | `""` | This id needs to be unique to each kubernetes cluster in a multi cluster setup west, east, south, north, region ...etc If left empty it will be randomly generated. | | multiCluster.enabled | bool | `false` | Enable OpenDJ multiCluster mode. This flag enables loading keys under `opendj.multiCluster` | -| multiCluster.namespaceIntId | int | `0` | Namespace int id. This id needs to be a unique number 0-9 per jans installation per namespace. Used when jans is installed in the same kubernetes cluster more than once. | -| multiCluster.replicaCount | int | `1` | The number of opendj non scalabble statefulsets to create. Each pod created must be resolvable as it follows the patterm RELEASE-NAME-opendj-CLUSTERID-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }} If set to 1, with a release name of jans, the address of the pod would be jans-opendj-regional-0-regional.jans.org | -| multiCluster.serfAdvertiseAddrSuffix | string | `"regional.jans.org:30946"` | OpenDJ Serf advertise address suffix that will be added to each opendj replica. i.e RELEASE-NAME-opendj-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }} | +| multiCluster.namespaceIntId | int | `0` | Namespace int id. This id needs to be a unique number 0-9 per gluu installation per namespace. Used when gluu is installed in the same kubernetes cluster more than once. | +| multiCluster.replicaCount | int | `1` | The number of opendj non scalabble statefulsets to create. Each pod created must be resolvable as it follows the patterm RELEASE-NAME-opendj-CLUSTERID-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }} If set to 1, with a release name of gluu, the address of the pod would be gluu-opendj-regional-0-regional.gluu.org | +| multiCluster.serfAdvertiseAddrSuffix | string | `"regional.gluu.org:30946"` | OpenDJ Serf advertise address suffix that will be added to each opendj replica. i.e RELEASE-NAME-opendj-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }} | | multiCluster.serfKey | string | `"Z51b6PgKU1MZ75NCZOTGGoc0LP2OF3qvF6sjxHyQCYk="` | Serf key. This key will automatically sync across clusters. | -| multiCluster.serfPeers | list | `["jans-opendj-regional-0-regional.jans.org:30946","jans-opendj-regional-0-regional.jans.org:31946"]` | Serf peer addresses. One per cluster. | +| multiCluster.serfPeers | list | `["gluu-opendj-regional-0-regional.gluu.org:30946","gluu-opendj-regional-0-regional.gluu.org:31946"]` | Serf peer addresses. One per cluster. | | nameOverride | string | `""` | | | openDjVolumeMounts.config.mountPath | string | `"/opt/opendj/config"` | | | openDjVolumeMounts.config.name | string | `"opendj-volume"` | | @@ -62,7 +64,7 @@ Kubernetes: `>=v1.19.0-0` | persistence.size | string | `"5Gi"` | OpenDJ volume size | | persistence.type | string | `"DirectoryOrCreate"` | | | ports | object | `{"tcp-admin":{"nodePort":"","port":4444,"protocol":"TCP","targetPort":4444},"tcp-ldap":{"nodePort":"","port":1389,"protocol":"TCP","targetPort":1389},"tcp-ldaps":{"nodePort":"","port":1636,"protocol":"TCP","targetPort":1636},"tcp-repl":{"nodePort":"","port":8989,"protocol":"TCP","targetPort":8989},"tcp-serf":{"nodePort":"","port":7946,"protocol":"TCP","targetPort":7946},"udp-serf":{"nodePort":"","port":7946,"protocol":"UDP","targetPort":7946}}` | servicePorts values used in StatefulSet container | -| readinessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":1636},"timeoutSeconds":5}` | Configure the readiness healthcheck for OpenDJ if needed. https://github.com/JanssenFederation/docker-opendj/blob/4.3/scripts/healthcheck.py | +| readinessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":1636},"timeoutSeconds":5}` | Configure the readiness healthcheck for OpenDJ if needed. https://github.com/GluuFederation/docker-opendj/blob/4.3/scripts/healthcheck.py | | replicas | int | `1` | Service replica number. | | resources | object | `{"limits":{"cpu":"1500m","memory":"2000Mi"},"requests":{"cpu":"1500m","memory":"2000Mi"}}` | Resource specs. | | resources.limits.cpu | string | `"1500m"` | CPU limit. | diff --git a/charts/jans/charts/opendj/templates/_helpers.tpl b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/_helpers.tpl similarity index 100% rename from charts/jans/charts/opendj/templates/_helpers.tpl rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/_helpers.tpl diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/configmaps.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/configmaps.yaml new file mode 100644 index 00000000000..b9cd7c3b192 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/configmaps.yaml @@ -0,0 +1,21 @@ +{{- if .Values.multiCluster.enabled }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-serf-peers + namespace: {{ .Release.Namespace }} + labels: +{{ include "opendj.labels" $ | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +data: + serf-peers-static.json: | + {{ .Values.multiCluster.serfPeers | toJson }} +{{- end }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/cronjobs.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/cronjobs.yaml new file mode 100644 index 00000000000..3e108163d15 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/cronjobs.yaml @@ -0,0 +1,101 @@ +{{- if .Values.backup.enabled }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +kind: CronJob +apiVersion: batch/v1beta1 +metadata: + name: {{ include "opendj.fullname" . }}-backup +spec: + schedule: {{ .Values.backup.cronJobSchedule | quote }} + concurrencyPolicy: Forbid + jobTemplate: + spec: + template: + spec: + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- with .Values.dnsConfig }} + dnsConfig: + {{ toYaml . | indent 12 }} + {{- end }} + containers: + - name: {{ include "opendj.fullname" . }}-backup + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + envFrom: + - configMapRef: + name: {{ .Release.Name }}-config-cm + ports: + {{- range $key, $value := .Values.ports }} + - containerPort: {{ $value.targetPort }} + name: {{ $key }} + {{- end }} + env: + - name: LDAP_HOST + valueFrom: + configMapKeyRef: + # ConfigMap generated by the Configuration chart when Gluu was installed. This is normally cn. + # Found in Gluu chart under config.configmap.cnConfigKubernetesConfigMap + name: cn + key: ldap_init_host + - name: LDAP_PORT + valueFrom: + configMapKeyRef: + # ConfigMap generated by the Configuration chart when Gluu was installed. This is normally cn. + # Found in Gluu chart under config.configmap.cnConfigKubernetesConfigMap + name: cn + key: ldap_init_port + - name: LDAP_BIND_DN + valueFrom: + configMapKeyRef: + # ConfigMap generated by the Configuration chart when Gluu was installed. This is normally cn. + # Found in Gluu chart under config.configmap.cnConfigKubernetesConfigMap + name: cn + key: ldap_site_binddn + - name: LDAP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-ldap-cron-pass + key: password + # while true; do sleep 60; ldaplog=$(cat /opt/opendj/logs/server.out); startedstr="The Directory Server has started successfully"; if [ -z "${ldaplog##*$startedstr*}" ]; then break; fi; echo "Waiting for opendj server to start"; done + command: + - /bin/sh + - -c + - | + # ========= + # FUNCTIONS + # ========= + + set_java_args() { + # not sure if we can omit `-server` safely + local java_args="-server" + java_args="${java_args} -XX:+UseContainerSupport -XX:MaxRAMPercentage=${GLUU_MAX_RAM_PERCENTAGE} ${GLUU_JAVA_OPTIONS}" + # set the env var so it is loaded by `start-ds` script + export OPENDJ_JAVA_ARGS=${java_args} + } + + # ========== + # ENTRYPOINT + # ========== + + mkdir -p /opt/opendj/locks + + export JAVA_VERSION=$(java -version 2>&1 | awk -F '[\"_]' 'NR==1{print $2}') + + python3 /app/scripts/wait.py + + if [ ! -f /deploy/touched ]; then + python3 /app/scripts/entrypoint.py + touch /deploy/touched + fi + # run OpenDJ server + set_java_args + exec /opt/opendj/bin/start-ds -N & + sleep 300 + RANDOM_NUM=$(cat /dev/urandom | tr -cd '0-5' | head -c 1) + LDAP_BACKUP_FILE=backup-$RANDOM_NUM.ldif + {{- if .Values.multiCluster.enabled }} + /opt/opendj/bin/export-ldif --hostname "$LDAP_HOST" --port "304{{$.Values.multiCluster.namespaceIntId}}0" --bindDN "$LDAP_BIND_DN" --bindPassword "$LDAP_PASSWORD" --backendID userRoot --ldifFile /opt/opendj/ldif/$LDAP_BACKUP_FILE --trustAll + {{- else }} + /opt/opendj/bin/export-ldif --hostname "$LDAP_HOST" --port 4444 --bindDN "$LDAP_BIND_DN" --bindPassword "$LDAP_PASSWORD" --backendID userRoot --ldifFile /opt/opendj/ldif/$LDAP_BACKUP_FILE --trustAll + {{- end }} + restartPolicy: Never +{{- end }} \ No newline at end of file diff --git a/charts/jans/charts/opendj/templates/hpa.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/hpa.yaml similarity index 70% rename from charts/jans/charts/opendj/templates/hpa.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/hpa.yaml index 92e930bfc52..625b98c4ae2 100644 --- a/charts/jans/charts/opendj/templates/hpa.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/hpa.yaml @@ -1,10 +1,19 @@ {{ if .Values.hpa.enabled -}} -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: autoscaling/v1 kind: HorizontalPodAutoscaler metadata: name: {{ include "opendj.fullname" . }} + labels: +{{ include "opendj.labels" $ | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} spec: scaleTargetRef: apiVersion: apps/v1 diff --git a/charts/jans/charts/opendj/templates/opendj-destination-rules.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/opendj-destination-rules.yaml similarity index 59% rename from charts/jans/charts/opendj/templates/opendj-destination-rules.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/opendj-destination-rules.yaml index 64ead89a923..017ec49f72c 100644 --- a/charts/jans/charts/opendj/templates/opendj-destination-rules.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/opendj-destination-rules.yaml @@ -1,12 +1,21 @@ {{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }} {{- if .Values.global.istio.enabled }} -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: {{ .Release.Name }}-ldap-mtls namespace: {{.Release.Namespace}} + labels: +{{ include "opendj.labels" $ | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} spec: host: {{ .Values.global.opendj.ldapServiceName }}.{{ .Release.Namespace }}.svc.cluster.local trafficPolicy: diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/secrets.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/secrets.yaml new file mode 100644 index 00000000000..752626fa3d6 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/secrets.yaml @@ -0,0 +1,20 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +{{- if .Values.multiCluster.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-serf-key + labels: +{{ include "opendj.labels" $ | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + serf-key: {{ .Values.multiCluster.serfKey | b64enc }} +{{- end }} \ No newline at end of file diff --git a/charts/jans/charts/opendj/templates/service.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/service.yaml similarity index 91% rename from charts/jans/charts/opendj/templates/service.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/service.yaml index d8f8d3ed063..652d54fb5fe 100644 --- a/charts/jans/charts/opendj/templates/service.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/service.yaml @@ -1,7 +1,7 @@ {{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }} {{ range $k, $v := until ( .Values.multiCluster.replicaCount | int ) }} --- -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: v1 kind: Service @@ -17,6 +17,13 @@ metadata: {{- if $.Values.multiCluster.enabled }} appregion: {{ include "opendj.name" $ }}-regional-{{$v}} {{- end }} +{{- if $.Values.additionalLabels }} +{{ toYaml $.Values.additionalLabels | indent 4 }} +{{- end }} +{{- if $.Values.additionalAnnotations }} + annotations: +{{ toYaml $.Values.additionalAnnotations | indent 4 }} +{{- end }} spec: ports: {{- if $.Values.multiCluster.enabled }} diff --git a/charts/jans/charts/opendj/templates/statefulset.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/statefulset.yaml similarity index 84% rename from charts/jans/charts/opendj/templates/statefulset.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/statefulset.yaml index 0fe59a899fd..628ce0e459d 100644 --- a/charts/jans/charts/opendj/templates/statefulset.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/statefulset.yaml @@ -1,7 +1,7 @@ {{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }} {{ range $k, $v := until ( .Values.multiCluster.replicaCount | int ) }} --- -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: apps/v1 kind: StatefulSet @@ -17,6 +17,13 @@ metadata: {{- if $.Values.multiCluster.enabled }} appregion: {{ include "opendj.name" $ }}-regional-{{$v}} {{- end }} +{{- if $.Values.additionalLabels }} +{{ toYaml $.Values.additionalLabels | indent 4 }} +{{- end }} +{{- if $.Values.additionalAnnotations }} + annotations: +{{ toYaml $.Values.additionalAnnotations | indent 4 }} +{{- end }} spec: selector: matchLabels: @@ -67,6 +74,11 @@ spec: configMap: name: {{ $.Release.Name }}-serf-peers {{- end }} + {{- if $.Values.global.upgrade.enabled }} + - name: ox-ldif-cm + configMap: + name: {{ $.Release.Name }}-oxjans + {{- end }} containers: - name: {{ include "opendj.name" $ }} imagePullPolicy: {{ $.Values.image.pullPolicy }} @@ -75,13 +87,13 @@ spec: {{- include "opendj.usr-envs" $ | indent 12 }} {{- include "opendj.usr-secret-envs" $ | indent 12 }} {{- if $.Values.multiCluster.enabled }} - - name: JANS_SERF_ADVERTISE_ADDR + - name: GLUU_SERF_ADVERTISE_ADDR value: "{{ $.Release.Name }}-opendj-{{$.Values.multiCluster.clusterId}}-regional-{{$v}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }}:307{{$.Values.multiCluster.namespaceIntId}}{{$v}}" - - name: JANS_LDAP_ADVERTISE_ADMIN_PORT + - name: GLUU_LDAP_ADVERTISE_ADMIN_PORT value: "304{{$.Values.multiCluster.namespaceIntId}}{{$v}}" - - name: JANS_LDAP_ADVERTISE_LDAPS_PORT + - name: GLUU_LDAP_ADVERTISE_LDAPS_PORT value: "306{{$.Values.multiCluster.namespaceIntId}}{{$v}}" - - name: JANS_LDAP_ADVERTISE_REPLICATION_PORT + - name: GLUU_LDAP_ADVERTISE_REPLICATION_PORT value: "309{{$.Values.multiCluster.namespaceIntId}}{{$v}}" {{- end }} lifecycle: @@ -114,13 +126,18 @@ spec: {{- toYaml . | nindent 10 }} {{- end }} {{- if $.Values.multiCluster.enabled }} - - mountPath: "/etc/jans/conf/serf-key" + - mountPath: "/etc/gluu/conf/serf-key" name: serfkey subPath: serf-key - - mountPath: "/etc/jans/conf/serf-peers-static.json" + - mountPath: "/etc/gluu/conf/serf-peers-static.json" name: serfpeers subPath: serf-peers-static.json {{- end }} + {{- if $.Values.global.upgrade.enabled }} + - name: ox-ldif-cm + mountPath: /opt/opendj/config/schema/101-jans.ldif + subPath: 101-jans.ldif + {{- end }} livenessProbe: {{- toYaml $.Values.livenessProbe | nindent 10 }} readinessProbe: diff --git a/charts/jans/charts/opendj/templates/storageclass.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/storageclass.yaml similarity index 86% rename from charts/jans/charts/opendj/templates/storageclass.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/storageclass.yaml index 115bfed3c9d..3af1e452a9e 100644 --- a/charts/jans/charts/opendj/templates/storageclass.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/storageclass.yaml @@ -1,5 +1,4 @@ -{{- if not .Values.global.upgrade.enabled }} -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 {{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }} apiVersion: storage.k8s.io/v1 @@ -9,7 +8,17 @@ metadata: namespace: {{ .Release.Namespace }} labels: storage: opendj +{{ include "opendj.labels" $ | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "3" + "helm.sh/hook-delete-policy": before-hook-creation +{{- if .Values.additionalAnnotations }} +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} # Annotation below is to keep the storage class during upgrade. Otherwise, due to the flag at line 1 which is needed, this resource will be deleted. helm.sh/resource-policy: keep storageclass.beta.kubernetes.io/is-default-class: "false" @@ -48,4 +57,3 @@ reclaimPolicy: {{ .Values.global.storageClass.reclaimPolicy }} mountOptions: {{ .Values.global.storageClass.mountOptions | toJson }} allowedTopologies: {{ .Values.global.storageClass.allowedTopologies | toJson }} {{- end }} -{{- end }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/user-custom-secret-envs.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/user-custom-secret-envs.yaml new file mode 100644 index 00000000000..61332221a97 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/templates/user-custom-secret-envs.yaml @@ -0,0 +1,22 @@ +{{ if .Values.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: +{{ include "opendj.labels" $ | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/charts/jans/charts/opendj/values.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/values.yaml similarity index 82% rename from charts/jans/charts/opendj/values.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/values.yaml index 7ebeffb723b..66670e44aef 100644 --- a/charts/jans/charts/opendj/values.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/opendj/values.yaml @@ -1,4 +1,4 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 # -- OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions. # -- Configure the HorizontalPodAutoscaler @@ -37,22 +37,22 @@ multiCluster: enabled: false # -- OpenDJ Serf advertise address suffix that will be added to each opendj replica. # i.e RELEASE-NAME-opendj-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }} - serfAdvertiseAddrSuffix: "regional.jans.org:30946" + serfAdvertiseAddrSuffix: "regional.gluu.org:30946" # -- Serf key. This key will automatically sync across clusters. serfKey: Z51b6PgKU1MZ75NCZOTGGoc0LP2OF3qvF6sjxHyQCYk= # -- Serf peer addresses. One per cluster. serfPeers: - - "jans-opendj-regional-0-regional.jans.org:30946" - - "jans-opendj-regional-0-regional.jans.org:31946" + - "gluu-opendj-regional-0-regional.gluu.org:30946" + - "gluu-opendj-regional-0-regional.gluu.org:31946" # -- The number of opendj non scalabble statefulsets to create. Each pod created must be resolvable as it follows # the patterm RELEASE-NAME-opendj-CLUSTERID-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }} - # If set to 1, with a release name of jans, the address of the pod would be jans-opendj-regional-0-regional.jans.org + # If set to 1, with a release name of gluu, the address of the pod would be gluu-opendj-regional-0-regional.gluu.org replicaCount: 1 # -- This id needs to be unique to each kubernetes cluster in a multi cluster setup # west, east, south, north, region ...etc If left empty it will be randomly generated. clusterId: "" - # -- Namespace int id. This id needs to be a unique number 0-9 per jans installation per namespace. - # Used when jans is installed in the same kubernetes cluster more than once. + # -- Namespace int id. This id needs to be a unique number 0-9 per gluu installation per namespace. + # Used when gluu is installed in the same kubernetes cluster more than once. namespaceIntId: 0 persistence: # -- OpenDJ volume size @@ -106,7 +106,7 @@ resources: # -- Memory request. memory: 2000Mi # -- Configure the liveness healthcheck for OpenDJ if needed. -# https://github.com/JanssenFederation/docker-opendj/blob/4.3/scripts/healthcheck.py +# https://github.com/GluuFederation/docker-opendj/blob/4.3/scripts/healthcheck.py livenessProbe: # -- Executes the python3 healthcheck. exec: @@ -118,7 +118,7 @@ livenessProbe: timeoutSeconds: 5 failureThreshold: 20 # -- Configure the readiness healthcheck for OpenDJ if needed. -# https://github.com/JanssenFederation/docker-opendj/blob/4.3/scripts/healthcheck.py +# https://github.com/GluuFederation/docker-opendj/blob/4.3/scripts/healthcheck.py readinessProbe: tcpSocket: port: 1636 @@ -150,3 +150,8 @@ openDjVolumeMounts: flag: mountPath: /flag name: opendj-volume + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/.helmignore b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/.helmignore new file mode 100644 index 00000000000..f0c13194444 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/Chart.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/Chart.yaml new file mode 100644 index 00000000000..167945cd6e4 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/Chart.yaml @@ -0,0 +1,23 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v2 +name: oxpassport +version: 5.0.2 +kubeVersion: ">=v1.21.0-0" +description: Gluu interface to Passport.js to support social login and inbound identity. +type: application +keywords: + - Passport.js + - Inbound Identity + - Social login +home: https://gluu.org/docs/gluu-server +sources: + - https://github.com/GluuFederation/gluu-passport + - https://github.com/GluuFederation/docker-oxpassport + - https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport +maintainers: + - name: Mohammad Abudayyeh + email: support@gluu.org + url: https://github.com/moabu +icon: https://gluu.org/docs/gluu-server/favicon.ico +appVersion: "5.0.0" \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/README.md b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/README.md new file mode 100644 index 00000000000..2b3c78788b7 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/README.md @@ -0,0 +1,69 @@ +# oxpassport + +![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +Gluu interface to Passport.js to support social login and inbound identity. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | + +## Source Code + +* +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| affinity | object | `{}` | | +| dnsConfig | object | `{}` | Add custom dns config | +| dnsPolicy | string | `""` | Add custom dns policy | +| fullnameOverride | string | `""` | | +| hpa.behavior | object | `{}` | Scaling Policies | +| hpa.enabled | bool | `true` | | +| hpa.maxReplicas | int | `10` | | +| hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| hpa.minReplicas | int | `1` | | +| hpa.targetCPUUtilizationPercentage | int | `50` | | +| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| image.pullSecrets | list | `[]` | Image Pull Secrets | +| image.repository | string | `"gluufederation/oxpassport"` | Image to use for deploying. | +| image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | +| livenessProbe | object | `{"failureThreshold":20,"httpGet":{"path":"/passport/health-check","port":"http-passport"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for oxPassport if needed. | +| livenessProbe.httpGet.path | string | `"/passport/health-check"` | http liveness probe endpoint | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| readinessProbe | object | `{"failureThreshold":20,"httpGet":{"path":"/passport/health-check","port":"http-passport"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the oxPassport if needed. | +| readinessProbe.httpGet.path | string | `"/passport/health-check"` | http readiness probe endpoint | +| replicas | int | `1` | Service replica number | +| resources | object | `{"limits":{"cpu":"700m","memory":"900Mi"},"requests":{"cpu":"700m","memory":"900Mi"}}` | Resource specs. | +| resources.limits.cpu | string | `"700m"` | CPU limit. | +| resources.limits.memory | string | `"900Mi"` | Memory limit. | +| resources.requests.cpu | string | `"700m"` | CPU request. | +| resources.requests.memory | string | `"900Mi"` | Memory request. | +| service.name | string | `"http-passport"` | The name of the oxPassport port within the oxPassport service. Please keep it as default. | +| service.port | int | `8090` | Port of the oxPassport service. Please keep it as default. | +| service.sessionAffinity | string | `"None"` | Default set to None If you want to make sure that connections from a particular client are passed to the same Pod each time, you can select the session affinity based on the client's IP addresses by setting this to ClientIP | +| service.sessionAffinityConfig | object | `{"clientIP":{"timeoutSeconds":10800}}` | the maximum session sticky time if sessionAffinity is ClientIP | +| tolerations | list | `[]` | | +| usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/_helpers.tpl b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/_helpers.tpl new file mode 100644 index 00000000000..9a8fa719778 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/_helpers.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "oxpassport.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "oxpassport.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "oxpassport.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* + Common labels +*/}} +{{- define "oxpassport.labels" -}} +app: {{ .Release.Name }}-{{ include "oxpassport.name" . }} +helm.sh/chart: {{ include "oxpassport.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create user custom defined envs +*/}} +{{- define "oxpassport.usr-envs"}} +{{- range $key, $val := .Values.usrEnvs.normal }} +- name: {{ $key }} + value: {{ $val }} +{{- end }} +{{- end }} + +{{/* +Create user custom defined secret envs +*/}} +{{- define "oxpassport.usr-secret-envs"}} +{{- range $key, $val := .Values.usrEnvs.secret }} +- name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs + key: {{ $key }} +{{- end }} +{{- end }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/deployment.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/deployment.yaml new file mode 100644 index 00000000000..75a831f71a3 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/deployment.yaml @@ -0,0 +1,148 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "oxpassport.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "oxpassport.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ .Release.Name }}-{{ include "oxpassport.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ .Release.Name }}-{{ include "oxpassport.name" . }} + release: {{ .Release.Name }} + {{- if .Values.global.istio.ingress }} + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "true" + {{- end }} + spec: + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- with .Values.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} + containers: + - name: {{ include "oxpassport.name" . }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + env: + - name: PASSPORT_LOG_LEVEL + value: "info" + {{- include "oxpassport.usr-envs" . | indent 12 }} + {{- include "oxpassport.usr-secret-envs" . | indent 12 }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + command: + - /bin/sh + - -c + - | + /usr/bin/python3 /scripts/updatelbip.py & + /app/scripts/entrypoint.sh + {{- end }} + ports: + - name: {{ .Values.service.name }} + containerPort: {{ .Values.service.port }} + protocol: TCP + envFrom: + - configMapRef: + name: {{ .Release.Name }}-config-cm + {{ if .Values.global.usrEnvs.secret }} + - secretRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + {{ if .Values.global.usrEnvs.normal }} + - configMapRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + volumeMounts: + {{- with .Values.volumeMounts }} +{{- toYaml . | nindent 10 }} + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - mountPath: {{ .Values.global.cnGoogleApplicationCredentials }} + name: google-sa + subPath: google-credentials.json + {{- end }} + + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "oxpassport.name" . }}-updatelbip + mountPath: /scripts + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + mountPath: "/etc/certs/couchbase.crt" + subPath: couchbase.crt + {{- end }} + {{- end }} + livenessProbe: +{{- toYaml .Values.livenessProbe | nindent 10 }} + readinessProbe: +{{- toYaml .Values.readinessProbe | nindent 10 }} + {{- if or (eq .Values.global.storageClass.provisioner "microk8s.io/hostpath" ) (eq .Values.global.storageClass.provisioner "k8s.io/minikube-hostpath") }} + resources: {} + {{- else if .Values.global.cloud.testEnviroment }} + resources: {} + {{- else }} + resources: +{{- toYaml .Values.resources | nindent 10 }} + {{- end }} + {{- if not .Values.global.isFqdnRegistered }} + hostAliases: + - ip: {{ .Values.global.lbIp }} + hostnames: + - {{ .Values.global.fqdn }} + {{- end }} + volumes: + {{- with .Values.volumes }} +{{- toYaml . | nindent 8 }} + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - name: google-sa + secret: + secretName: {{ .Release.Name }}-google-sa + {{- end }} + + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "oxpassport.name" . }}-updatelbip + configMap: + name: {{ .Release.Name }}-updatelbip + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + secret: + secretName: {{ .Release.Name }}-cb-crt + {{- end }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/hpa.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/hpa.yaml new file mode 100644 index 00000000000..dff8d9d10c6 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/hpa.yaml @@ -0,0 +1,38 @@ +{{ if .Values.hpa.enabled -}} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "oxpassport.fullname" . }} + labels: +{{ include "oxpassport.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "oxpassport.fullname" . }} + minReplicas: {{ .Values.hpa.minReplicas }} + maxReplicas: {{ .Values.hpa.maxReplicas }} + {{- if .Values.hpa.targetCPUUtilizationPercentage }} + targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage }} + {{- else if .Values.hpa.metrics }} + metrics: + {{- with .Values.hpa.metrics }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + {{- if .Values.hpa.behavior }} + behavior: + {{- with .Values.hpa.behavior }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/oxpassport-destination-rules.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/oxpassport-destination-rules.yaml new file mode 100644 index 00000000000..5c2ddf682fb --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/oxpassport-destination-rules.yaml @@ -0,0 +1,23 @@ +{{- if .Values.global.istio.enabled }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: {{ .Release.Name }}-oxpassport-mtls + namespace: {{.Release.Namespace}} + labels: +{{ include "oxpassport.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + host: {{ .Values.global.oxpassport.oxPassportServiceName }}.{{ .Release.Namespace }}.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL +{{- end }} \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/oxpassport-virtual-services.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/oxpassport-virtual-services.yaml new file mode 100644 index 00000000000..089d78b1069 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/oxpassport-virtual-services.yaml @@ -0,0 +1,34 @@ +{{- if .Values.global.istio.ingress }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ .Release.Name }}-istio-passport + namespace: {{.Release.Namespace}} + labels: +{{ include "oxpassport.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + hosts: + - {{ .Values.global.fqdn }} + gateways: + - {{ .Release.Name }}-global-gtw + http: + - name: {{ .Release.Name }}-istio-passport + match: + - uri: + prefix: "/passport" + route: + - destination: + host: {{ .Values.global.oxpassport.oxPassportServiceName }}.{{ .Release.Namespace }}.svc.cluster.local + port: + number: 8090 + weight: 100 +{{- end }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/service.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/service.yaml new file mode 100644 index 00000000000..582e1b3a103 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/service.yaml @@ -0,0 +1,31 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.global.oxpassport.oxPassportServiceName }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "oxpassport.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + {{- if .Values.global.alb.ingress }} + type: NodePort + {{- end }} + ports: + - port: {{ .Values.service.port }} + name: {{ .Values.service.name }} + selector: + app: {{ .Release.Name }}-{{ include "oxpassport.name" . }} + release: {{ .Release.Name }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- with .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: +{{ toYaml . | indent 4 }} + {{- end }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/user-custom-secret-envs.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/user-custom-secret-envs.yaml new file mode 100644 index 00000000000..05369703d56 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/templates/user-custom-secret-envs.yaml @@ -0,0 +1,22 @@ +{{ if .Values.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: +{{ include "oxpassport.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/values.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/values.yaml new file mode 100644 index 00000000000..5b6ee1c419a --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/values.yaml @@ -0,0 +1,98 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +# -- Gluu interface to Passport.js to support social login and inbound identity. +# -- Configure the HorizontalPodAutoscaler +hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} +# -- Add custom normal and secret envs to the service +usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} +# -- Add custom dns policy +dnsPolicy: "" +# -- Add custom dns config +dnsConfig: {} +image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/oxpassport + # -- Image tag to use for deploying. + tag: 5.0.0_dev + # -- Image Pull Secrets + pullSecrets: [ ] +# -- Service replica number +replicas: 1 +# -- Resource specs. +resources: + limits: + # -- CPU limit. + cpu: 700m + # -- Memory limit. + memory: 900Mi + requests: + # -- CPU request. + cpu: 700m + # -- Memory request. + memory: 900Mi +service: + # -- Port of the oxPassport service. Please keep it as default. + port: 8090 + # -- The name of the oxPassport port within the oxPassport service. Please keep it as default. + name: http-passport + # -- Default set to None If you want to make sure that connections from a particular client are passed to the same Pod each time, you can select the session affinity based on the client's IP addresses by setting this to ClientIP + sessionAffinity: None + # -- the maximum session sticky time if sessionAffinity is ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 + +# -- Configure the liveness healthcheck for oxPassport if needed. +livenessProbe: + httpGet: + # -- http liveness probe endpoint + path: /passport/health-check + port: http-passport + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 20 +# -- Configure the readiness healthcheck for the oxPassport if needed. +readinessProbe: + httpGet: + # -- http readiness probe endpoint + path: /passport/health-check + port: http-passport + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 + failureThreshold: 20 +# -- Configure any additional volumes that need to be attached to the pod +volumes: [] +# -- Configure any additional volumesMounts that need to be attached to the containers +volumeMounts: [] + +nameOverride: "" +fullnameOverride: "" + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/.helmignore b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/.helmignore new file mode 100644 index 00000000000..f0c13194444 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/Chart.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/Chart.yaml new file mode 100644 index 00000000000..6918f0b3260 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/Chart.yaml @@ -0,0 +1,22 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v2 +name: oxshibboleth +version: 5.0.2 +kubeVersion: ">=v1.21.0-0" +description: Shibboleth project for the Gluu Server's SAML IDP functionality. +type: application +keywords: + - SAML + - Shibboleth +home: https://gluu.org/docs/gluu-server +sources: + - https://github.com/GluuFederation/oxShibboleth + - https://github.com/GluuFederation/docker-oxshibboleth + - https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth +maintainers: + - name: Mohammad Abudayyeh + email: support@gluu.org + url: https://github.com/moabu +icon: https://gluu.org/docs/gluu-server/favicon.ico +appVersion: "5.0.0" diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/README.md b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/README.md new file mode 100644 index 00000000000..5cc80086f89 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/README.md @@ -0,0 +1,70 @@ +# oxshibboleth + +![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + +Shibboleth project for the Gluu Server's SAML IDP functionality. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | + +## Source Code + +* +* +* + +## Requirements + +Kubernetes: `>=v1.21.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | +| affinity | object | `{}` | | +| dnsConfig | object | `{}` | Add custom dns config | +| dnsPolicy | string | `""` | Add custom dns policy | +| fullnameOverride | string | `""` | | +| hpa.behavior | object | `{}` | Scaling Policies | +| hpa.enabled | bool | `true` | | +| hpa.maxReplicas | int | `10` | | +| hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | +| hpa.minReplicas | int | `1` | | +| hpa.targetCPUUtilizationPercentage | int | `50` | | +| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| image.pullSecrets | list | `[]` | Image Pull Secrets | +| image.repository | string | `"gluufederation/oxshibboleth"` | Image to use for deploying. | +| image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | +| livenessProbe | object | `{"httpGet":{"path":"/idp","port":"http-oxshib"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the oxShibboleth if needed. | +| livenessProbe.httpGet.path | string | `"/idp"` | http liveness probe endpoint | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| readinessProbe | object | `{"httpGet":{"path":"/idp","port":"http-oxshib"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the casa if needed. | +| readinessProbe.httpGet.path | string | `"/idp"` | http liveness probe endpoint | +| replicas | int | `1` | Service replica number. | +| resources | object | `{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}}` | Resource specs. | +| resources.limits.cpu | string | `"1000m"` | CPU limit. | +| resources.limits.memory | string | `"1000Mi"` | Memory limit. | +| resources.requests.cpu | string | `"1000m"` | CPU request. | +| resources.requests.memory | string | `"1000Mi"` | Memory request. | +| service.name | string | `"http-oxshib"` | Port of the oxShibboleth service. Please keep it as default. | +| service.port | int | `8080` | The name of the oxShibboleth port within the oxPassport service. Please keep it as default. | +| service.sessionAffinity | string | `"None"` | Default set to None If you want to make sure that connections from a particular client are passed to the same Pod each time, you can select the session affinity based on the client's IP addresses by setting this to ClientIP | +| service.sessionAffinityConfig | object | `{"clientIP":{"timeoutSeconds":10800}}` | the maximum session sticky time if sessionAffinity is ClientIP | +| service.targetPort | int | `8080` | | +| tolerations | list | `[]` | | +| usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | +| usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | +| usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | +| volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | +| volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/templates/_helpers.tpl b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/templates/_helpers.tpl new file mode 100644 index 00000000000..daa1f2ea713 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/templates/_helpers.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "oxshibboleth.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "oxshibboleth.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "oxshibboleth.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* + Common labels +*/}} +{{- define "oxshibboleth.labels" -}} +app: {{ .Release.Name }}-{{ include "oxshibboleth.name" . }} +helm.sh/chart: {{ include "oxshibboleth.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create user custom defined envs +*/}} +{{- define "oxshibboleth.usr-envs"}} +{{- range $key, $val := .Values.usrEnvs.normal }} +- name: {{ $key }} + value: {{ $val }} +{{- end }} +{{- end }} + +{{/* +Create user custom defined secret envs +*/}} +{{- define "oxshibboleth.usr-secret-envs"}} +{{- range $key, $val := .Values.usrEnvs.secret }} +- name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs + key: {{ $key }} +{{- end }} +{{- end }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/templates/hpa.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/templates/hpa.yaml new file mode 100644 index 00000000000..4818d6e279d --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/templates/hpa.yaml @@ -0,0 +1,39 @@ +{{ if .Values.hpa.enabled -}} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "oxshibboleth.fullname" . }} + labels: + APP_NAME: oxshibboleth +{{ include "oxshibboleth.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: StatefulSet + name: {{ include "oxshibboleth.fullname" . }} + minReplicas: {{ .Values.hpa.minReplicas }} + maxReplicas: {{ .Values.hpa.maxReplicas }} + {{- if .Values.hpa.targetCPUUtilizationPercentage }} + targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage }} + {{- else if .Values.hpa.metrics }} + metrics: + {{- with .Values.hpa.metrics }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + {{- if .Values.hpa.behavior }} + behavior: + {{- with .Values.hpa.behavior }} +{{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/templates/oxshibboleth-destination-rules.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/templates/oxshibboleth-destination-rules.yaml new file mode 100644 index 00000000000..c629f0ef948 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/templates/oxshibboleth-destination-rules.yaml @@ -0,0 +1,24 @@ +{{- if .Values.global.istio.enabled }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: {{ .Release.Name }}-oxshibboleth-mtls + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: oxshibboleth +{{ include "oxshibboleth.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + host: {{ .Values.global.oxshibboleth.oxShibbolethServiceName }}.{{ .Release.Namespace }}.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL +{{- end }} \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/templates/oxshibboleth-virtual-services.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/templates/oxshibboleth-virtual-services.yaml new file mode 100644 index 00000000000..b45004c5d73 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/templates/oxshibboleth-virtual-services.yaml @@ -0,0 +1,37 @@ +{{- if .Values.global.istio.ingress }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ .Release.Name }}-istio-oxshibbioleth + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: oxshibboleth +{{ include "oxshibboleth.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + hosts: + - {{ .Values.global.fqdn }} + gateways: + - {{ .Release.Name }}-global-gtw + http: + - name: {{ .Release.Name }}-istio-oxshibbioleth + match: + - uri: + prefix: /idp + rewrite: + uri: /identity + route: + - destination: + host: {{ .Values.global.oxshibboleth.oxShibbolethServiceName }}.{{ .Release.Namespace }}.svc.cluster.local + port: + number: 8080 + weight: 100 +{{- end }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/templates/service.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/templates/service.yaml new file mode 100644 index 00000000000..ebd78e015be --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/templates/service.yaml @@ -0,0 +1,35 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.global.oxshibboleth.oxShibbolethServiceName }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: oxshibboleth +{{ include "oxshibboleth.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + {{- if .Values.global.alb.ingress }} + type: NodePort + {{- else }} + clusterIP: None + {{- end }} + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.targetPort }} + name: {{ .Values.service.name }} + selector: + app: {{ .Release.Name }}-{{ include "oxshibboleth.name" . }} + release: {{ .Release.Name }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- with .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: +{{ toYaml . | indent 4 }} + {{- end }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/templates/statefulset.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/templates/statefulset.yaml new file mode 100644 index 00000000000..640527a22cc --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/templates/statefulset.yaml @@ -0,0 +1,146 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "oxshibboleth.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: oxshibboleth +{{ include "oxshibboleth.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + serviceName: oxshibboleth + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ .Release.Name }}-{{ include "oxshibboleth.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + APP_NAME: oxshibboleth + app: {{ .Release.Name }}-{{ include "oxshibboleth.name" . }} + release: {{ .Release.Name }} + {{- if .Values.global.istio.ingress }} + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "true" + {{- end }} + spec: + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- with .Values.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} + containers: + - name: {{ include "oxshibboleth.name" . }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + env: + {{- include "oxshibboleth.usr-envs" . | indent 12 }} + {{- include "oxshibboleth.usr-secret-envs" . | indent 12 }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + command: + - /bin/sh + - -c + - | + /usr/bin/python3 /scripts/updatelbip.py & + /app/scripts/entrypoint.sh + {{- end }} + ports: + - name: {{ .Values.service.name }} + containerPort: {{ .Values.service.port }} + protocol: TCP + envFrom: + - configMapRef: + name: {{ .Release.Name }}-config-cm + {{ if .Values.global.usrEnvs.secret }} + - secretRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + {{ if .Values.global.usrEnvs.normal }} + - configMapRef: + name: {{ .Release.Name }}-global-user-custom-envs + {{- end }} + volumeMounts: + {{- with .Values.volumeMounts }} +{{- toYaml . | nindent 12 }} + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - mountPath: {{ .Values.global.cnGoogleApplicationCredentials }} + name: google-sa + subPath: google-credentials.json + {{- end }} + + {{- if .Values.global.jackrabbit.enabled }} + - name: cn-jackrabbit-admin-pass + mountPath: /etc/gluu/conf/jackrabbit_admin_password + subPath: jackrabbit_admin_password + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "oxshibboleth.fullname" .}}-updatelbip + mountPath: /scripts + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + mountPath: "/etc/certs/couchbase.crt" + subPath: couchbase.crt + {{- end }} + {{- end }} + livenessProbe: +{{- toYaml .Values.livenessProbe | nindent 10 }} + readinessProbe: +{{- toYaml .Values.readinessProbe | nindent 10 }} + {{- if or (eq .Values.global.storageClass.provisioner "microk8s.io/hostpath" ) (eq .Values.global.storageClass.provisioner "k8s.io/minikube-hostpath") }} + resources: {} + {{- else if .Values.global.cloud.testEnviroment }} + resources: {} + {{- else }} + resources: +{{- toYaml .Values.resources | nindent 10 }} + {{- end }} + {{- if not .Values.global.isFqdnRegistered }} + hostAliases: + - ip: {{ .Values.global.lbIp }} + hostnames: + - {{ .Values.global.fqdn }} + {{- end }} + volumes: + {{- with .Values.volumes }} +{{- toYaml . | nindent 8 }} + {{- end }} + {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} + - name: google-sa + secret: + secretName: {{ .Release.Name }}-google-sa + {{- end }} + + {{- if .Values.global.jackrabbit.enabled }} + - name: cn-jackrabbit-admin-pass + secret: + secretName: cn-jackrabbit-admin-pass + {{- end }} + {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} + - name: {{ include "oxshibboleth.fullname" .}}-updatelbip + configMap: + name: {{ .Release.Name }}-updatelbip + {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} + + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + secret: + secretName: {{ .Release.Name }}-cb-crt + {{- end }} + {{- end }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/templates/user-custom-secret-envs.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/templates/user-custom-secret-envs.yaml new file mode 100644 index 00000000000..e126166a94c --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/templates/user-custom-secret-envs.yaml @@ -0,0 +1,23 @@ +{{ if .Values.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: + APP_NAME: oxshibboleth +{{ include "oxshibboleth.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/values.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/values.yaml new file mode 100644 index 00000000000..118a5312ae8 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/values.yaml @@ -0,0 +1,97 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +# -- Shibboleth project for the Gluu Server's SAML IDP functionality. +# -- Configure the HorizontalPodAutoscaler +hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} +# -- Add custom normal and secret envs to the service +usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} +# -- Add custom dns policy +dnsPolicy: "" +# -- Add custom dns config +dnsConfig: {} +image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/oxshibboleth + # -- Image tag to use for deploying. + tag: 5.0.0_dev + # -- Image Pull Secrets + pullSecrets: [ ] +# -- Service replica number. +replicas: 1 +# -- Resource specs. +resources: + limits: + # -- CPU limit. + cpu: 1000m + # -- Memory limit. + memory: 1000Mi + requests: + # -- CPU request. + cpu: 1000m + # -- Memory request. + memory: 1000Mi +service: + # -- The name of the oxShibboleth port within the oxPassport service. Please keep it as default. + port: 8080 + targetPort: 8080 + # -- Port of the oxShibboleth service. Please keep it as default. + name: http-oxshib + # -- Default set to None If you want to make sure that connections from a particular client are passed to the same Pod each time, you can select the session affinity based on the client's IP addresses by setting this to ClientIP + sessionAffinity: None + # -- the maximum session sticky time if sessionAffinity is ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 + +# -- Configure the liveness healthcheck for the oxShibboleth if needed. +livenessProbe: + httpGet: + # -- http liveness probe endpoint + path: /idp + port: http-oxshib + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 +# -- Configure the readiness healthcheck for the casa if needed. +readinessProbe: + httpGet: + # -- http liveness probe endpoint + path: /idp + port: http-oxshib + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 +# -- Configure any additional volumes that need to be attached to the pod +volumes: [] +# -- Configure any additional volumesMounts that need to be attached to the containers +volumeMounts: [] + +nameOverride: "" +fullnameOverride: "" + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/persistence/.helmignore b/helm/pygluu/kubernetes/templates/helm/gluu/charts/persistence/.helmignore new file mode 100644 index 00000000000..50af0317254 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/persistence/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/persistence/Chart.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/persistence/Chart.yaml new file mode 100644 index 00000000000..b6bc749e0b3 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/persistence/Chart.yaml @@ -0,0 +1,21 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v2 +name: persistence +version: 5.0.2 +kubeVersion: ">=v1.21.0-0" +description: Job to generate data and initial config for Gluu Server persistence layer. +type: application +keywords: + - persistence prep +home: https://gluu.org/docs/gluu-server +sources: + - https://github.com/JanssenProject/docker-jans-persistence-loader + - https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/persistence +maintainers: + - name: Mohammad Abudayyeh + email: support@gluu.org + url: https://github.com/moabu +icon: https://gluu.org/docs/gluu-server/favicon.ico +appVersion: "5.0.0" + diff --git a/charts/jans/charts/persistence/README.md b/helm/pygluu/kubernetes/templates/helm/gluu/charts/persistence/README.md similarity index 61% rename from charts/jans/charts/persistence/README.md rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/persistence/README.md index 87906df5006..a4e5547911d 100644 --- a/charts/jans/charts/persistence/README.md +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/persistence/README.md @@ -1,37 +1,39 @@ # persistence -![Version: 1.0.0-b11](https://img.shields.io/badge/Version-1.0.0--b11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0-b11](https://img.shields.io/badge/AppVersion-1.0.0--b11-informational?style=flat-square) +![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) -Job to generate data and initial config for Janssen Server persistence layer. +Job to generate data and initial config for Gluu Server persistence layer. -**Homepage:** +**Homepage:** ## Maintainers | Name | Email | Url | | ---- | ------ | --- | -| Mohammad Abudayyeh | support@jans.io | https://github.com/moabu | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | ## Source Code * -* +* ## Requirements -Kubernetes: `>=v1.19.0-0` +Kubernetes: `>=v1.21.0-0` ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | | fullnameOverride | string | `""` | | | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"gluufederation/persistence"` | Image to use for deploying. | -| image.tag | string | `"1.0.0_b11"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.0-beta.14"` | Image tag to use for deploying. | | imagePullSecrets | list | `[]` | | | nameOverride | string | `""` | | | resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | diff --git a/charts/jans/charts/persistence/templates/_helpers.tpl b/helm/pygluu/kubernetes/templates/helm/gluu/charts/persistence/templates/_helpers.tpl similarity index 100% rename from charts/jans/charts/persistence/templates/_helpers.tpl rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/persistence/templates/_helpers.tpl diff --git a/charts/jans/charts/persistence/templates/jobs.yml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/persistence/templates/jobs.yml similarity index 78% rename from charts/jans/charts/persistence/templates/jobs.yml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/persistence/templates/jobs.yml index 8aa96720323..0ee6515e712 100644 --- a/charts/jans/charts/persistence/templates/jobs.yml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/persistence/templates/jobs.yml @@ -1,4 +1,4 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: batch/v1 kind: Job @@ -8,7 +8,15 @@ metadata: labels: APP_NAME: persistence-loader {{ include "persistence.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} spec: + ttlSecondsAfterFinished: 120 template: metadata: name: {{ include "persistence.name" . }} @@ -61,51 +69,39 @@ spec: {{- with .Values.volumeMounts }} {{- toYaml . | nindent 10 }} {{- end }} + {{- if .Values.global.jackrabbit.enabled }} + - name: cn-jackrabbit-admin-pass + mountPath: /etc/gluu/conf/jackrabbit_admin_password + subPath: jackrabbit_admin_password + {{- end }} {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} - mountPath: {{ .Values.global.cnGoogleApplicationCredentials }} name: google-sa subPath: google-credentials.json {{- end }} {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} - - name: cb-pass - mountPath: "/etc/jans/conf/couchbase_password" - subPath: couchbase_password - - name: cb-super-pass - mountPath: "/etc/jans/conf/couchbase_superuser_password" - subPath: couchbase_superuser_password - name: cb-crt mountPath: "/etc/certs/couchbase.crt" subPath: couchbase.crt {{- end }} - {{- if eq .Values.global.cnPersistenceType "sql" }} - - name: sql-pass - mountPath: "/etc/jans/conf/sql_password" - subPath: sql_password - {{- end }} resources: {{- toYaml .Values.resources | nindent 10 }} volumes: {{- with .Values.volumes }} {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.global.jackrabbit.enabled }} + - name: cn-jackrabbit-admin-pass + secret: + secretName: cn-jackrabbit-admin-pass + {{- end }} {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }} - name: google-sa secret: secretName: {{ .Release.Name }}-google-sa {{- end }} {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} - - name: cb-pass - secret: - secretName: {{ .Release.Name }}-cb-pass - - name: cb-super-pass - secret: - secretName: {{ .Release.Name }}-superuser-cb-pass - name: cb-crt secret: secretName: {{ .Release.Name }}-cb-crt {{- end }} - {{- if eq .Values.global.cnPersistenceType "sql" }} - - name: sql-pass - secret: - secretName: {{ .Release.Name }}-sql-pass - {{- end }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/persistence/templates/service.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/persistence/templates/service.yaml new file mode 100644 index 00000000000..b266650a69e --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/persistence/templates/service.yaml @@ -0,0 +1,27 @@ +{{- if .Values.global.istio.enabled }} +# License terms and conditions: +# https://www.apache.org/licenses/LICENSE-2.0 +# Used with Istio +apiVersion: v1 +kind: Service +metadata: + name: {{ include "persistence.fullname" . }} + labels: + APP_NAME: persistence-loader +{{ include "persistence.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + ports: + - name: http + port: 80 + targetPort: 8080 + selector: + app: {{ .Release.Name }}-{{ include "persistence.name" . }} + type: ClusterIP +{{- end }} \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/persistence/templates/user-custom-secret-envs.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/persistence/templates/user-custom-secret-envs.yaml new file mode 100644 index 00000000000..b8b3b87e8ca --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/persistence/templates/user-custom-secret-envs.yaml @@ -0,0 +1,22 @@ +{{ if .Values.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: +{{ include "persistence.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/charts/jans/charts/persistence/values.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/persistence/values.yaml similarity index 69% rename from charts/jans/charts/persistence/values.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/persistence/values.yaml index e25592bf8eb..6cd59a71e13 100644 --- a/charts/jans/charts/persistence/values.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/persistence/values.yaml @@ -1,6 +1,6 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 -# -- Job to generate data and initial config for Janssen Server persistence layer. +# -- Job to generate data and initial config for Gluu Server persistence layer. # -- Add custom normal and secret envs to the service usrEnvs: # -- Add custom normal envs to the service @@ -19,7 +19,7 @@ image: # -- Image to use for deploying. repository: gluufederation/persistence # -- Image tag to use for deploying. - tag: 1.0.0_b11 + tag: 1.0.0-beta.14 # -- Image Pull Secrets pullSecrets: [ ] # -- Resource specs. @@ -42,3 +42,8 @@ volumeMounts: [] imagePullSecrets: [] nameOverride: "" fullnameOverride: "" + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } \ No newline at end of file diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/.helmignore b/helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/.helmignore new file mode 100644 index 00000000000..f0c13194444 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/Chart.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/Chart.yaml new file mode 100644 index 00000000000..5b003c3110c --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/Chart.yaml @@ -0,0 +1,23 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v2 +name: scim +version: 5.0.2 +kubeVersion: ">=v1.21.0-0" +description: System for Cross-domain Identity Management (SCIM) version 2.0 +type: application +keywords: + - SCIM + - API +home: https://gluu.org/docs/gluu-server +sources: + - https://github.com/JanssenProject/jans-scim + - https://gluu.org/docs/gluu-server/api-guide/scim-api/ + - https://github.com/JanssenProject/docker-jans-scim + - https://github.com/GluuFederation/cloud-native-edition/tree/master/pygluu/kubernetes/templates/helm/gluu/charts/scim +maintainers: + - name: Mohammad Abudayyeh + email: support@gluu.org + url: https://github.com/moabu +icon: https://gluu.org/docs/gluu-server/favicon.ico +appVersion: "5.0.0" diff --git a/charts/jans/charts/scim/README.md b/helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/README.md similarity index 66% rename from charts/jans/charts/scim/README.md rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/README.md index a6cf5449dde..4f12e202703 100644 --- a/charts/jans/charts/scim/README.md +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/README.md @@ -1,32 +1,34 @@ # scim -![Version: 1.0.0-b11](https://img.shields.io/badge/Version-1.0.0--b11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0-b11](https://img.shields.io/badge/AppVersion-1.0.0--b11-informational?style=flat-square) +![Version: 5.0.2](https://img.shields.io/badge/Version-5.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) System for Cross-domain Identity Management (SCIM) version 2.0 -**Homepage:** +**Homepage:** ## Maintainers | Name | Email | Url | | ---- | ------ | --- | -| Mohammad Abudayyeh | support@jans.io | https://github.com/moabu | +| Mohammad Abudayyeh | support@gluu.org | https://github.com/moabu | ## Source Code * -* +* * -* +* ## Requirements -Kubernetes: `>=v1.19.0-0` +Kubernetes: `>=v1.21.0-0` ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken | +| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} | | dnsConfig | object | `{}` | Add custom dns config | | dnsPolicy | string | `""` | Add custom dns policy | | hpa.behavior | object | `{}` | Scaling Policies | @@ -38,7 +40,7 @@ Kubernetes: `>=v1.19.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/scim"` | Image to use for deploying. | -| image.tag | string | `"1.0.0_b11"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.0-beta.14"` | Image tag to use for deploying. | | livenessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for SCIM if needed. | | livenessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http liveness probe endpoint | | readinessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the SCIM if needed. | @@ -50,6 +52,8 @@ Kubernetes: `>=v1.19.0-0` | resources.requests.memory | string | `"1000Mi"` | Memory request. | | service.name | string | `"http-scim"` | The name of the scim port within the scim service. Please keep it as default. | | service.port | int | `8080` | Port of the scim service. Please keep it as default. | +| service.sessionAffinity | string | `"None"` | Default set to None If you want to make sure that connections from a particular client are passed to the same Pod each time, you can select the session affinity based on the client's IP addresses by setting this to ClientIP | +| service.sessionAffinityConfig | object | `{"clientIP":{"timeoutSeconds":10800}}` | the maximum session sticky time if sessionAffinity is ClientIP | | usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | | usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | | usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | diff --git a/charts/jans/charts/scim/templates/_helpers.tpl b/helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/_helpers.tpl similarity index 100% rename from charts/jans/charts/scim/templates/_helpers.tpl rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/_helpers.tpl diff --git a/charts/jans/charts/scim/templates/deployment.yml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/deployment.yml similarity index 83% rename from charts/jans/charts/scim/templates/deployment.yml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/deployment.yml index 843b958b754..159dec57911 100644 --- a/charts/jans/charts/scim/templates/deployment.yml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/deployment.yml @@ -1,4 +1,4 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: apps/v1 kind: Deployment @@ -8,6 +8,13 @@ metadata: labels: APP_NAME: scim {{ include "scim.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} spec: replicas: {{ .Values.replicas }} selector: @@ -81,24 +88,16 @@ spec: name: google-sa subPath: google-credentials.json {{- end }} - {{- if eq .Values.global.cnPersistenceType "sql" }} - - name: sql-pass - mountPath: "/etc/jans/conf/sql_password" - subPath: sql_password - {{- end }} {{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }} - - name: {{ include "scim.fullname" .}}-updatelbip - mountPath: "/scripts" + - name: {{ include "scim.fullname" .}}-updatelbip + mountPath: "/scripts" {{- end }} {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} - - name: cb-pass - mountPath: "/etc/jans/conf/couchbase_password" - subPath: couchbase_password - {{- if not .Values.global.istio.enabled }} - - name: cb-crt - mountPath: "/etc/certs/couchbase.crt" - subPath: couchbase.crt - {{- end }} + {{- if not .Values.global.istio.enabled }} + - name: cb-crt + mountPath: "/etc/certs/couchbase.crt" + subPath: couchbase.crt + {{- end }} {{- end }} livenessProbe: {{- toYaml .Values.livenessProbe | nindent 10 }} @@ -119,15 +118,9 @@ spec: secret: secretName: {{ .Release.Name }}-google-sa {{- end }} - {{- if eq .Values.global.cnPersistenceType "sql" }} - - name: sql-pass - secret: - secretName: {{ .Release.Name }}-sql-pass - {{- end }} + {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }} - - name: cb-pass - secret: - secretName: {{ .Release.Name }}-cb-pass + {{- if not .Values.global.istio.enabled }} - name: cb-crt secret: diff --git a/charts/jans/charts/scim/templates/hpa.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/hpa.yaml similarity index 68% rename from charts/jans/charts/scim/templates/hpa.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/hpa.yaml index 22635adb893..840aa512249 100644 --- a/charts/jans/charts/scim/templates/hpa.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/hpa.yaml @@ -1,10 +1,20 @@ {{ if .Values.hpa.enabled -}} -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: autoscaling/v1 kind: HorizontalPodAutoscaler metadata: name: {{ include "scim.fullname" . }} + labels: + APP_NAME: scim +{{ include "scim.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} spec: scaleTargetRef: apiVersion: apps/v1 diff --git a/charts/jans/charts/scim/templates/scim-destination-rules.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/scim-destination-rules.yaml similarity index 51% rename from charts/jans/charts/scim/templates/scim-destination-rules.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/scim-destination-rules.yaml index db6b677860e..acb5f393dfe 100644 --- a/charts/jans/charts/scim/templates/scim-destination-rules.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/scim-destination-rules.yaml @@ -1,11 +1,21 @@ {{- if .Values.global.istio.enabled }} -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: {{ .Release.Name }}-scim-mtls namespace: {{ .Release.Namespace }} + labels: + APP_NAME: scim +{{ include "scim.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} spec: host: {{ .Values.global.scim.scimServiceName }}.{{ .Release.Namespace }}.svc.cluster.local trafficPolicy: diff --git a/charts/jans/charts/scim/templates/scim-virtual-services.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/scim-virtual-services.yaml similarity index 75% rename from charts/jans/charts/scim/templates/scim-virtual-services.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/scim-virtual-services.yaml index 544fdeff5e8..b582edc7fe8 100644 --- a/charts/jans/charts/scim/templates/scim-virtual-services.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/scim-virtual-services.yaml @@ -1,11 +1,21 @@ {{- if .Values.global.istio.ingress }} -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: {{ .Release.Name }}-istio-scim-config namespace: {{ .Release.Namespace }} + labels: + APP_NAME: scim +{{ include "scim.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} spec: hosts: - {{ .Values.global.fqdn }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/service.yml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/service.yml new file mode 100644 index 00000000000..c964cc3e713 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/service.yml @@ -0,0 +1,31 @@ +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.global.scim.scimServiceName }} + namespace: {{ .Release.Namespace }} + labels: + APP_NAME: scim +{{ include "scim.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +spec: + {{- if .Values.global.alb.ingress }} + type: NodePort + {{- end }} + ports: + - port: {{ .Values.service.port }} + name: {{ .Values.service.name }} + selector: + app: {{ .Release.Name }}-{{ include "scim.name" . }} #scim + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- with .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: +{{ toYaml . | indent 4 }} + {{- end }} diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/user-custom-secret-envs.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/user-custom-secret-envs.yaml new file mode 100644 index 00000000000..01dda2bf16a --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/templates/user-custom-secret-envs.yaml @@ -0,0 +1,23 @@ +{{ if .Values.usrEnvs.secret }} +# License terms and conditions for Gluu Cloud Native Edition: +# https://www.apache.org/licenses/LICENSE-2.0 +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-{{ .Chart.Name }}-user-custom-envs + labels: + APP_NAME: scim +{{ include "scim.labels" . | indent 4}} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} +type: Opaque +data: + {{- range $key, $val := .Values.usrEnvs.secret }} + {{ $key }}: {{ $val | b64enc }} + {{- end}} +{{- end}} \ No newline at end of file diff --git a/charts/jans/charts/scim/values.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/values.yaml similarity index 71% rename from charts/jans/charts/scim/values.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/values.yaml index 62f645b1b46..7146c8586ab 100644 --- a/charts/jans/charts/scim/values.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/charts/scim/values.yaml @@ -1,4 +1,4 @@ -# License terms and conditions for Janssen Cloud Native Edition: +# License terms and conditions for Gluu Cloud Native Edition: # https://www.apache.org/licenses/LICENSE-2.0 # -- System for Cross-domain Identity Management (SCIM) version 2.0 # -- Configure the HorizontalPodAutoscaler @@ -29,7 +29,7 @@ image: # -- Image to use for deploying. repository: janssenproject/scim # -- Image tag to use for deploying. - tag: 1.0.0_b11 + tag: 1.0.0-beta.14 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -50,6 +50,12 @@ service: name: http-scim # -- Port of the scim service. Please keep it as default. port: 8080 + # -- Default set to None If you want to make sure that connections from a particular client are passed to the same Pod each time, you can select the session affinity based on the client's IP addresses by setting this to ClientIP + sessionAffinity: None + # -- the maximum session sticky time if sessionAffinity is ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 # -- Configure the liveness healthcheck for SCIM if needed. livenessProbe: httpGet: @@ -72,3 +78,8 @@ readinessProbe: volumes: [] # -- Configure any additional volumesMounts that need to be attached to the containers volumeMounts: [] + +# -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} +additionalLabels: { } +# -- Additional annotations that will be added across all resources in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken +additionalAnnotations: { } \ No newline at end of file diff --git a/charts/jans/README.md b/helm/pygluu/kubernetes/templates/helm/gluu/openbanking-helm.md similarity index 55% rename from charts/jans/README.md rename to helm/pygluu/kubernetes/templates/helm/gluu/openbanking-helm.md index a021df69123..036a28da3b9 100644 --- a/charts/jans/README.md +++ b/helm/pygluu/kubernetes/templates/helm/gluu/openbanking-helm.md @@ -1,10 +1,10 @@ -# jans +# gluu -![Version: 1.0.0-b11](https://img.shields.io/badge/Version-1.0.0--b11-informational?style=flat-square) ![AppVersion: 1.0.0-b11](https://img.shields.io/badge/AppVersion-1.0.0--b11-informational?style=flat-square) +![version: 5.0.2](https://img.shields.io/badge/Version-5.0.0-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) -Janssen Access and Identity Management +Gluu Access and Identity Management OpenBanking distribution -**Homepage:** +**Homepage:** ## Maintainers @@ -14,8 +14,8 @@ Janssen Access and Identity Management ## Source Code -* -* +* +* ## Requirements @@ -23,48 +23,27 @@ Kubernetes: `>=v1.17.0-0` | Repository | Name | Version | |------------|------|---------| -| | auth-server | 1.0.0-b11 | -| | auth-server-key-rotation | 1.0.0-b11 | -| | client-api | 1.0.0-b11 | -| | cn-istio-ingress | 1.0.0-b11 | -| | config | 1.0.0-b11 | -| | config-api | 1.0.0-b11 | -| | fido2 | 1.0.0-b11 | -| | nginx-ingress | 1.0.0-b11 | -| | opendj | 1.0.0-b11 | -| | persistence | 1.0.0-b11 | -| | scim | 1.0.0-b11 | +| | auth-server | 5.0.0 | +| | cn-istio-ingress | 5.0.0 | +| | config | 5.0.0 | +| | config-api | 5.0.0 | +| | nginx-ingress | 5.0.0 | +| | persistence | 5.0.0 | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| auth-server | object | `{"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","repository":"janssenproject/auth-server","tag":"1.0.0_b11"},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. | -| auth-server-key-rotation | object | `{"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","repository":"janssenproject/certmanager","tag":"1.0.0_b11"},"keysLife":48,"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours | -| auth-server-key-rotation.dnsConfig | object | `{}` | Add custom dns config | -| auth-server-key-rotation.dnsPolicy | string | `""` | Add custom dns policy | -| auth-server-key-rotation.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | -| auth-server-key-rotation.image.repository | string | `"janssenproject/certmanager"` | Image to use for deploying. | -| auth-server-key-rotation.image.tag | string | `"1.0.0_b11"` | Image tag to use for deploying. | -| auth-server-key-rotation.keysLife | int | `48` | Auth server key rotation keys life in hours | -| auth-server-key-rotation.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | -| auth-server-key-rotation.resources.limits.cpu | string | `"300m"` | CPU limit. | -| auth-server-key-rotation.resources.limits.memory | string | `"300Mi"` | Memory limit. | -| auth-server-key-rotation.resources.requests.cpu | string | `"300m"` | CPU request. | -| auth-server-key-rotation.resources.requests.memory | string | `"300Mi"` | Memory request. | -| auth-server-key-rotation.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | -| auth-server-key-rotation.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | -| auth-server-key-rotation.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | -| auth-server-key-rotation.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | -| auth-server-key-rotation.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +| auth-server | object | `{"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","repository":"janssenproject/auth-server","tag":"1.0.0-beta.14"},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. | | auth-server.dnsConfig | object | `{}` | Add custom dns config | | auth-server.dnsPolicy | string | `""` | Add custom dns policy | | auth-server.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | | auth-server.hpa.behavior | object | `{}` | Scaling Policies | | auth-server.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | | auth-server.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| auth-server.image.pullSecrets | list | `[]` | Image Pull Secrets | | auth-server.image.repository | string | `"janssenproject/auth-server"` | Image to use for deploying. | -| auth-server.image.tag | string | `"1.0.0_b11"` | Image tag to use for deploying. | +| auth-server.image.tag | string | `"1.0.0-beta.14"` | Image tag to use for deploying. | | auth-server.livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | auth-server.livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py | | auth-server.readinessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py | @@ -79,39 +58,17 @@ Kubernetes: `>=v1.17.0-0` | auth-server.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | auth-server.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | auth-server.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| client-api | object | `{"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","repository":"janssenproject/client-api","tag":"1.0.0_b11"},"livenessProbe":{"exec":{"command":["curl","-k","https://localhost:8443/health-check"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"exec":{"command":["curl","-k","https://localhost:8443/health-check"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting. | -| client-api.dnsConfig | object | `{}` | Add custom dns config | -| client-api.dnsPolicy | string | `""` | Add custom dns policy | -| client-api.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | -| client-api.hpa.behavior | object | `{}` | Scaling Policies | -| client-api.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | -| client-api.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | -| client-api.image.repository | string | `"janssenproject/client-api"` | Image to use for deploying. | -| client-api.image.tag | string | `"1.0.0_b11"` | Image tag to use for deploying. | -| client-api.livenessProbe | object | `{"exec":{"command":["curl","-k","https://localhost:8443/health-check"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | -| client-api.livenessProbe.exec | object | `{"command":["curl","-k","https://localhost:8443/health-check"]}` | Executes the python3 healthcheck. | -| client-api.readinessProbe | object | `{"exec":{"command":["curl","-k","https://localhost:8443/health-check"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. | -| client-api.replicas | int | `1` | Service replica number. | -| client-api.resources | object | `{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}}` | Resource specs. | -| client-api.resources.limits.cpu | string | `"1000m"` | CPU limit. | -| client-api.resources.limits.memory | string | `"400Mi"` | Memory limit. | -| client-api.resources.requests.cpu | string | `"1000m"` | CPU request. | -| client-api.resources.requests.memory | string | `"400Mi"` | Memory request. | -| client-api.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | -| client-api.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | -| client-api.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | -| client-api.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | -| client-api.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| config | object | `{"adminPassword":"Test1234#","city":"Austin","configmap":{"cnCacheType":"NATIVE_PERSISTENCE","cnCasaEnabled":false,"cnClientApiAdminCertCn":"client-api","cnClientApiApplicationCertCn":"client-api","cnClientApiBindIpAddresses":"*","cnConfigGoogleSecretNamePrefix":"gluu","cnConfigGoogleSecretVersionId":"latest","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCertFile":"/etc/certs/couchbase.crt","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbasePasswordFile":"/etc/gluu/conf/couchbase_password","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseSuperUserPasswordFile":"/etc/gluu/conf/couchbase_superuser_password","cnCouchbaseUrl":"cbgluu.default.svc.cluster.local","cnCouchbaseUser":"gluu","cnDocumentStoreType":"JCA","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerPassPhrase":"Test1234#","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPersistenceLdapMapping":"default","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretGoogleSecretNamePrefix":"gluu","cnSecretGoogleSecretVersionId":"latest","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"jans","cnSqlDbPort":3306,"cnSqlDbTimezone":"UTC","cnSqlDbUser":"jans","cnSqlPasswordFile":"/etc/jans/conf/sql_password","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","dnsConfig":{},"dnsPolicy":"","email":"support@gluu.org","image":{"repository":"janssenproject/configuration-manager","tag":"1.0.0_b11"},"ldapPassword":"P@ssw0rds","orgName":"Gluu","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. | -| config-api | object | `{"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","repository":"janssenproject/config-api","tag":"1.0.0_b11"},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). | +| config | object | `{"adminPassword":"Test1234#","city":"Austin","configmap":{"cnCacheType":"NATIVE_PERSISTENCE","cnCasaEnabled":false,"cnClientApiAdminCertCn":"client-api","cnClientApiApplicationCertCn":"client-api","cnClientApiBindIpAddresses":"*","cnConfigGoogleSecretNamePrefix":"gluu","cnConfigGoogleSecretVersionId":"latest","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCertFile":"/etc/certs/couchbase.crt","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbasePasswordFile":"/etc/gluu/conf/couchbase_password","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseSuperUserPasswordFile":"/etc/gluu/conf/couchbase_superuser_password","cnCouchbaseUrl":"cbgluu.default.svc.cluster.local","cnCouchbaseUser":"gluu","cnDocumentStoreType":"JCA","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerPassPhrase":"Test1234#","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJackrabbitAdminId":"admin","cnJackrabbitAdminIdFile":"/etc/gluu/conf/jackrabbit_admin_id","cnJackrabbitAdminPasswordFile":"/etc/gluu/conf/jackrabbit_admin_password","cnJackrabbitPostgresDatabaseName":"jackrabbit","cnJackrabbitPostgresHost":"postgresql.postgres.svc.cluster.local","cnJackrabbitPostgresPasswordFile":"/etc/gluu/conf/postgres_password","cnJackrabbitPostgresPort":5432,"cnJackrabbitPostgresUser":"jackrabbit","cnJackrabbitSyncInterval":300,"cnJackrabbitUrl":"http://jackrabbit:8080","cnJettyRequestHeaderSize":8192,"cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPassportEnabled":false,"cnPersistenceLdapMapping":"default","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnSamlEnabled":false,"cnSecretGoogleSecretNamePrefix":"gluu","cnSecretGoogleSecretVersionId":"latest","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"jans","cnSqlDbPort":3306,"cnSqlDbTimezone":"UTC","cnSqlDbUser":"jans","cnSqlPasswordFile":"/etc/jans/conf/sql_password","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","dnsConfig":{},"dnsPolicy":"","email":"support@gluu.org","image":{"pullSecrets":[],"repository":"janssenproject/configurator","tag":"1.0.0-beta.14"},"ldapPassword":"P@ssw0rds","migration":{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"},"orgName":"Gluu","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. | +| config-api | object | `{"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/config-api","tag":"1.0.0-beta.14"},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). | | config-api.dnsConfig | object | `{}` | Add custom dns config | | config-api.dnsPolicy | string | `""` | Add custom dns policy | | config-api.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | | config-api.hpa.behavior | object | `{}` | Scaling Policies | | config-api.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | | config-api.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| config-api.image.pullSecrets | list | `[]` | Image Pull Secrets | | config-api.image.repository | string | `"janssenproject/config-api"` | Image to use for deploying. | -| config-api.image.tag | string | `"1.0.0_b11"` | Image tag to use for deploying. | +| config-api.image.tag | string | `"1.0.0-beta.14"` | Image tag to use for deploying. | | config-api.livenessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | config-api.livenessProbe.httpGet | object | `{"path":"/jans-config-api/api/v1/health/live","port":8074}` | http liveness probe endpoint | | config-api.readinessProbe.httpGet | object | `{"path":"jans-config-api/api/v1/health/ready","port":8074}` | http readiness probe endpoint | @@ -153,12 +110,14 @@ Kubernetes: `>=v1.17.0-0` | config.configmap.cnGoogleSpannerDatabaseId | string | `""` | Google Spanner Database ID. Used only when global.cnPersistenceType is spanner. | | config.configmap.cnJettyRequestHeaderSize | int | `8192` | Jetty header size in bytes in the auth server | | config.configmap.cnMaxRamPercent | string | `"75.0"` | Value passed to Java option -XX:MaxRAMPercentage | +| config.configmap.cnPassportEnabled | bool | `false` | Boolean flag to enable/disable passport chart | | config.configmap.cnPersistenceLdapMapping | string | `"default"` | Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`. | | config.configmap.cnRedisSentinelGroup | string | `""` | Redis Sentinel Group. Often set when `config.configmap.cnRedisType` is set to `SENTINEL`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | | config.configmap.cnRedisSslTruststore | string | `""` | Redis SSL truststore. Optional. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | | config.configmap.cnRedisType | string | `"STANDALONE"` | Redis service type. `STANDALONE` or `CLUSTER`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | | config.configmap.cnRedisUrl | string | `"redis.redis.svc.cluster.local:6379"` | Redis URL and port number :. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | | config.configmap.cnRedisUseSsl | bool | `false` | Boolean to use SSL in Redis. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | +| config.configmap.cnSamlEnabled | bool | `false` | Enable SAML-related features; UI menu, etc. | | config.configmap.cnSecretGoogleSecretNamePrefix | string | `"gluu"` | Prefix for Gluu secret in Google Secret Manager. Defaults to gluu. If left gluu-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | | config.configmap.cnSecretKubernetesSecret | string | `"cn"` | Kubernetes secret name holding configuration keys. Used when global.configSecretAdapter is set to kubernetes which is the default. | | config.configmap.cnSqlDbDialect | string | `"mysql"` | SQL database dialect. `mysql` or `pgsql` | @@ -174,9 +133,14 @@ Kubernetes: `>=v1.17.0-0` | config.dnsConfig | object | `{}` | Add custom dns config | | config.dnsPolicy | string | `""` | Add custom dns policy | | config.email | string | `"support@gluu.org"` | Email address of the administrator usually. Used for certificate creation. | -| config.image.repository | string | `"janssenproject/configuration-manager"` | Image to use for deploying. | -| config.image.tag | string | `"1.0.0_b11"` | Image tag to use for deploying. | +| config.image.pullSecrets | list | `[]` | Image Pull Secrets | +| config.image.repository | string | `"janssenproject/configurator"` | Image to use for deploying. | +| config.image.tag | string | `"1.0.0-beta.14"` | Image tag to use for deploying. | | config.ldapPassword | string | `"P@ssw0rds"` | LDAP admin password if OpennDJ is used for persistence. | +| config.migration | object | `{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"}` | CE to CN Migration section | +| config.migration.enabled | bool | `false` | Boolean flag to enable migration from CE | +| config.migration.migrationDataFormat | string | `"ldif"` | migration data-format depending on persistence backend. Supported data formats are ldif, couchbase+json, spanner+avro, postgresql+json, and mysql+json. | +| config.migration.migrationDir | string | `"/ce-migration"` | Directory holding all migration files | | config.orgName | string | `"Gluu"` | Organization name. Used for certificate creation. | | config.redisPassword | string | `"P@assw0rd"` | Redis admin password if `config.configmap.cnCacheType` is set to `REDIS`. | | config.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | @@ -190,43 +154,12 @@ Kubernetes: `>=v1.17.0-0` | config.usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 | | config.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | config.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| fido2 | object | `{"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","repository":"janssenproject/fido2","tag":"1.0.0_b11"},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"fido2ServiceName":"fido2"},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. | -| fido2.dnsConfig | object | `{}` | Add custom dns config | -| fido2.dnsPolicy | string | `""` | Add custom dns policy | -| fido2.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | -| fido2.hpa.behavior | object | `{}` | Scaling Policies | -| fido2.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | -| fido2.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | -| fido2.image.repository | string | `"janssenproject/fido2"` | Image to use for deploying. | -| fido2.image.tag | string | `"1.0.0_b11"` | Image tag to use for deploying. | -| fido2.livenessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for the fido2 if needed. | -| fido2.livenessProbe.httpGet | object | `{"path":"/jans-fido2/sys/health-check","port":"http-fido2"}` | http liveness probe endpoint | -| fido2.readinessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the readiness healthcheck for the fido2 if needed. | -| fido2.replicas | int | `1` | Service replica number. | -| fido2.resources | object | `{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}}` | Resource specs. | -| fido2.resources.limits.cpu | string | `"500m"` | CPU limit. | -| fido2.resources.limits.memory | string | `"500Mi"` | Memory limit. | -| fido2.resources.requests.cpu | string | `"500m"` | CPU request. | -| fido2.resources.requests.memory | string | `"500Mi"` | Memory request. | -| fido2.service.fido2ServiceName | string | `"fido2"` | Name of the fido2 service. Please keep it as default. | -| fido2.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | -| fido2.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | -| fido2.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | -| fido2.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | -| fido2.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| global | object | `{"alb":{"ingress":false},"auth-server":{"authServerServiceName":"auth-server","enabled":true},"auth-server-key-rotation":{"enabled":false},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","client-api":{"clientApiServerServiceName":"client-api","enabled":false},"cloud":{"testEnviroment":false},"cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnJackrabbitCluster":true,"cnObExtSigningAlias":"","cnObExtSigningJwksCrt":"","cnObExtSigningJwksKey":"","cnObExtSigningJwksKeyPassPhrase":"","cnObExtSigningJwksUri":"","cnObStaticSigningKeyKid":"","cnObTransportAlias":"","cnObTransportCrt":"","cnObTransportKey":"","cnObTransportKeyPassPhrase":"","cnObTransportTrustStore":"","cnPersistenceType":"ldap","config":{"enabled":true},"config-api":{"configApiServerServiceName":"config-api","enabled":true},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","cr-rotate":{"enabled":false},"distribution":"default","fido2":{"enabled":false},"fqdn":"demoexample.gluu.org","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"enabled":false,"ingress":false,"namespace":"istio-system"},"lbIp":"22.22.22.22","nginx-ingress":{"enabled":true},"opendj":{"enabled":true,"ldapServiceName":"opendj"},"oxshibboleth":{"enabled":false},"persistence":{"enabled":true},"scim":{"enabled":false},"storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"upgrade":{"enabled":false},"usrEnvs":{"normal":{},"secret":{}}}` | Parameters used globally across all services helm charts. | +| global | object | `{"alb":{"ingress":false},"auth-server":{"authServerServiceName":"auth-server","enabled":true},"auth-server-key-rotation":{"enabled":false},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","client-api":{"clientApiServerServiceName":"client-api","enabled":false},"cloud":{"testEnviroment":false},"cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnJackrabbitCluster":true,"cnObExtSigningAlias":"","cnObExtSigningJwksCrt":"","cnObExtSigningJwksKey":"","cnObExtSigningJwksKeyPassPhrase":"","cnObExtSigningJwksUri":"","cnObStaticSigningKeyKid":"","cnObTransportAlias":"","cnObTransportCrt":"","cnObTransportKey":"","cnObTransportKeyPassPhrase":"","cnObTransportTrustStore":"","cnPersistenceType":"ldap","config":{"enabled":true},"config-api":{"configApiServerServiceName":"config-api","enabled":true},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","cr-rotate":{"enabled":false},"distribution":"default","fido2":{"enabled":false},"fqdn":"demoexample.gluu.org","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"enabled":false,"ingress":false,"namespace":"istio-system"},"jackrabbit":{"enabled":false,"jackRabbitServiceName":"jackrabbit"},"lbIp":"","nginx-ingress":{"enabled":true},"opendj":{"enabled":false,"ldapServiceName":"opendj"},"oxshibboleth":{"enabled":false},"persistence":{"enabled":true},"scim":{"enabled":false},"storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"upgrade":{"enabled":false},"usrEnvs":{"normal":{},"secret":{}}}` | Parameters used globally across all services helm charts. | | global.alb.ingress | bool | `false` | Activates ALB ingress | -| global.auth-server-key-rotation.enabled | bool | `false` | Boolean flag to enable/disable the auth-server-key rotation cronjob chart. | | global.auth-server.authServerServiceName | string | `"auth-server"` | Name of the auth-server service. Please keep it as default. | | global.auth-server.enabled | bool | `true` | Boolean flag to enable/disable auth-server chart. You should never set this to false. | -| global.awsStorageType | string | `"io1"` | Volume storage type if using AWS volumes. | -| global.azureStorageAccountType | string | `"Standard_LRS"` | Volume storage type if using Azure disks. | -| global.azureStorageKind | string | `"Managed"` | Azure storage kind if using Azure disks | -| global.client-api.clientApiServerServiceName | string | `"client-api"` | Name of the client-api service. Please keep it as default. | -| global.client-api.enabled | bool | `false` | Boolean flag to enable/disable the client-api chart. | | global.cloud.testEnviroment | bool | `false` | Boolean flag if enabled will strip resources requests and limits from all services. | | global.cnGoogleApplicationCredentials | string | `"/etc/jans/conf/google-credentials.json"` | Base64 encoded service account. The sa must have roles/secretmanager.admin to use Google secrets and roles/spanner.databaseUser to use Spanner. | -| global.cnJackrabbitCluster | bool | `true` | Boolean flag if enabled will enable jackrabbit in cluster mode with Postgres. | | global.cnObExtSigningAlias | string | `""` | Open banking external signing AS Alias. This is a kid value.Used in SSA Validation, kid used while encoding a JWT sent to token URL i.e XkwIzWy44xWSlcWnMiEc8iq9s2G | | global.cnObExtSigningJwksCrt | string | `""` | Open banking external signing jwks AS certificate authority string. Used in SSA Validation. This must be encoded using base64.. Used when `.global.cnObExtSigningJwksUri` is set. | | global.cnObExtSigningJwksKey | string | `""` | Open banking external signing jwks AS key string. Used in SSA Validation. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set. | @@ -238,27 +171,23 @@ Kubernetes: `>=v1.17.0-0` | global.cnObTransportKey | string | `""` | Open banking AS transport key. Used in SSA Validation. This must be encoded using base64. | | global.cnObTransportKeyPassPhrase | string | `""` | Open banking AS transport key passphrase to unlock AS transport key. This must be encoded using base64. | | global.cnObTransportTrustStore | string | `""` | Open banking AS transport truststore crt. This is normally generated from the OB issuing CA, OB Root CA and Signing CA. Used when .global.cnObExtSigningJwksUri is set. Used in SSA Validation. This must be encoded using base64. | -| global.cnPersistenceType | string | `"ldap"` | Persistence backend to run Gluu with ldap|couchbase|hybrid|sql|spanner. | +| global.cnPersistenceType | string | `"sql"` | Persistence backend to run Gluu with ldap|couchbase|hybrid|sql|spanner. | | global.config-api.configApiServerServiceName | string | `"config-api"` | Name of the config-api service. Please keep it as default. | | global.config-api.enabled | bool | `true` | Boolean flag to enable/disable the config-api chart. | | global.config.enabled | bool | `true` | Boolean flag to enable/disable the configuration chart. This normally should never be false | | global.configAdapterName | string | `"kubernetes"` | The config backend adapter that will hold Gluu configuration layer. google|kubernetes | | global.configSecretAdapter | string | `"kubernetes"` | The config backend adapter that will hold Gluu secret layer. google|kubernetes | -| global.cr-rotate.enabled | bool | `false` | Boolean flag to enable/disable the cr-rotate chart. | -| global.distribution | string | `"default"` | Gluu distributions supported are: default|openbanking. | -| global.fido2.enabled | bool | `false` | Boolean flag to enable/disable the fido2 chart. | +| global.distribution | string | `"openbanking"` | Gluu distributions supported are: default|openbanking. | | global.fqdn | string | `"demoexample.gluu.org"` | Fully qualified domain name to be used for Gluu installation. This address will be used to reach Gluu services. | | global.gcePdStorageType | string | `"pd-standard"` | GCE storage kind if using Google disks | | global.isFqdnRegistered | bool | `false` | Boolean flag to enable mapping global.lbIp to global.fqdn inside pods on clouds that provide static ip for loadbalancers. On cloud that provide only addresses to the LB this flag will enable a script to actively scan config.configmap.lbAddr and update the hosts file inside the pods automatically. | | global.istio.enabled | bool | `false` | Boolean flag that enables using istio side cars with Gluu services. | | global.istio.ingress | bool | `false` | Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available. | | global.istio.namespace | string | `"istio-system"` | The namespace istio is deployed in. The is normally istio-system. | +| global.lbIp | string | `""` | The Loadbalancer IP created by nginx or istio on clouds that provide static IPs. This is not needed if `global.fqdn` is globally resolvable. | | global.nginx-ingress.enabled | bool | `true` | Boolean flag to enable/disable the nginx-ingress definitions chart. | -| global.opendj.enabled | bool | `true` | Boolean flag to enable/disable the OpenDJ chart. | -| global.opendj.ldapServiceName | string | `"opendj"` | Name of the OpenDJ service. Please keep it as default. | -| global.oxshibboleth.enabled | bool | `false` | Boolean flag to enable/disable the oxShibbboleth chart. | +| global.opendj.enabled | bool | `false` | Boolean flag to enable/disable the OpenDJ chart. | | global.persistence.enabled | bool | `true` | Boolean flag to enable/disable the persistence chart. | -| global.scim.enabled | bool | `false` | Boolean flag to enable/disable the SCIM chart. | | global.storageClass | object | `{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"}` | StorageClass section for Jackrabbit and OpenDJ charts. This is not currently used by the openbanking distribution. You may specify custom parameters as needed. | | global.storageClass.parameters | object | `{}` | parameters: | | global.upgrade.enabled | bool | `false` | Boolean flag used when running helm upgrade command. This allows upgrading the chart without immutable objects errors. | @@ -294,40 +223,13 @@ Kubernetes: `>=v1.17.0-0` | nginx-ingress.ingress.webdiscoveryLabels | object | `{}` | webdiscovery ingress resource labels. key app is taken | | nginx-ingress.ingress.webfingerEnabled | bool | `true` | Enable endpoint /.well-known/webfinger | | nginx-ingress.ingress.webfingerLabels | object | `{}` | webfinger ingress resource labels. key app is taken | -| opendj | object | `{"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","repository":"gluufederation/opendj","tag":"5.0.0_dev"},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"multiCluster":{"enabled":false,"serfAdvertiseAddr":"firstldap.gluu.org:30946","serfKey":"Z51b6PgKU1MZ75NCZOTGGoc0LP2OF3qvF6sjxHyQCYk=","serfPeers":["firstldap.gluu.org:30946","secondldap.gluu.org:31946"]},"persistence":{"size":"5Gi"},"ports":{"tcp-admin":{"nodePort":"","port":4444,"protocol":"TCP","targetPort":4444},"tcp-ldap":{"nodePort":"","port":1389,"protocol":"TCP","targetPort":1389},"tcp-ldaps":{"nodePort":"","port":1636,"protocol":"TCP","targetPort":1636},"tcp-repl":{"nodePort":"","port":8989,"protocol":"TCP","targetPort":8989},"tcp-serf":{"nodePort":"","port":7946,"protocol":"TCP","targetPort":7946},"udp-serf":{"nodePort":"","port":7946,"protocol":"UDP","targetPort":7946}},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1500m","memory":"2000Mi"},"requests":{"cpu":"1500m","memory":"2000Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions. | -| opendj.dnsConfig | object | `{}` | Add custom dns config | -| opendj.dnsPolicy | string | `""` | Add custom dns policy | -| opendj.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | -| opendj.hpa.behavior | object | `{}` | Scaling Policies | -| opendj.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | -| opendj.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | -| opendj.image.repository | string | `"gluufederation/opendj"` | Image to use for deploying. | -| opendj.image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | -| opendj.livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for OpenDJ if needed. https://github.com/GluuFederation/docker-opendj/blob/master/scripts/healthcheck.py | -| opendj.livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. | -| opendj.multiCluster.enabled | bool | `false` | Enable OpenDJ multiCluster mode. This flag enabbles loading keys under `opendj.multiCluster` | -| opendj.multiCluster.serfAdvertiseAddr | string | `"firstldap.gluu.org:30946"` | OpenDJ Serf advertise address for the cluster | -| opendj.multiCluster.serfKey | string | `"Z51b6PgKU1MZ75NCZOTGGoc0LP2OF3qvF6sjxHyQCYk="` | Serf key. This key will automatically sync across clusters. | -| opendj.multiCluster.serfPeers | list | `["firstldap.gluu.org:30946","secondldap.gluu.org:31946"]` | Serf peer addresses. One per cluster. | -| opendj.persistence.size | string | `"5Gi"` | OpenDJ volume size | -| opendj.readinessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for OpenDJ if needed. https://github.com/GluuFederation/docker-opendj/blob/master/scripts/healthcheck.py | -| opendj.replicas | int | `1` | Service replica number. | -| opendj.resources | object | `{"limits":{"cpu":"1500m","memory":"2000Mi"},"requests":{"cpu":"1500m","memory":"2000Mi"}}` | Resource specs. | -| opendj.resources.limits.cpu | string | `"1500m"` | CPU limit. | -| opendj.resources.limits.memory | string | `"2000Mi"` | Memory limit. | -| opendj.resources.requests.cpu | string | `"1500m"` | CPU request. | -| opendj.resources.requests.memory | string | `"2000Mi"` | Memory request. | -| opendj.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | -| opendj.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | -| opendj.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | -| opendj.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | -| opendj.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| persistence | object | `{"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","repository":"janssenproject/persistence-loader","tag":"1.0.0_b11"},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and intial config for Gluu Server persistence layer. | +| persistence | object | `{"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/persistence-loader","tag":"1.0.0-beta.14"},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and intial config for Gluu Server persistence layer. | | persistence.dnsConfig | object | `{}` | Add custom dns config | | persistence.dnsPolicy | string | `""` | Add custom dns policy | | persistence.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | +| persistence.image.pullSecrets | list | `[]` | Image Pull Secrets | | persistence.image.repository | string | `"janssenproject/persistence-loader"` | Image to use for deploying. | -| persistence.image.tag | string | `"1.0.0_b11"` | Image tag to use for deploying. | +| persistence.image.tag | string | `"1.0.0-beta.14"` | Image tag to use for deploying. | | persistence.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | | persistence.resources.limits.cpu | string | `"300m"` | CPU limit | | persistence.resources.limits.memory | string | `"300Mi"` | Memory limit. | @@ -338,30 +240,6 @@ Kubernetes: `>=v1.17.0-0` | persistence.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | persistence.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | persistence.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| scim | object | `{"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","repository":"janssenproject/scim","tag":"1.0.0_b11"},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"service":{"scimServiceName":"scim"},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 | -| scim.dnsConfig | object | `{}` | Add custom dns config | -| scim.dnsPolicy | string | `""` | Add custom dns policy | -| scim.hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler | -| scim.hpa.behavior | object | `{}` | Scaling Policies | -| scim.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | -| scim.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | -| scim.image.repository | string | `"janssenproject/scim"` | Image to use for deploying. | -| scim.image.tag | string | `"1.0.0_b11"` | Image tag to use for deploying. | -| scim.livenessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for SCIM if needed. | -| scim.livenessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http liveness probe endpoint | -| scim.readinessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the SCIM if needed. | -| scim.readinessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http readiness probe endpoint | -| scim.replicas | int | `1` | Service replica number. | -| scim.resources.limits.cpu | string | `"1000m"` | CPU limit. | -| scim.resources.limits.memory | string | `"1000Mi"` | Memory limit. | -| scim.resources.requests.cpu | string | `"1000m"` | CPU request. | -| scim.resources.requests.memory | string | `"1000Mi"` | Memory request. | -| scim.service.scimServiceName | string | `"scim"` | Name of the auth-server service. Please keep it as default. | -| scim.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | -| scim.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | -| scim.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | -| scim.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | -| scim.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/jans/values.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/openbanking-values.yaml similarity index 56% rename from charts/jans/values.yaml rename to helm/pygluu/kubernetes/templates/helm/gluu/openbanking-values.yaml index abb0f29132a..dc0978d40df 100644 --- a/charts/jans/values.yaml +++ b/helm/pygluu/kubernetes/templates/helm/gluu/openbanking-values.yaml @@ -28,7 +28,9 @@ auth-server: # -- Image to use for deploying. repository: janssenproject/auth-server # -- Image tag to use for deploying. - tag: 1.0.0_b11 + tag: 1.0.0-beta.14 + # -- Image Pull Secrets + pullSecrets: [ ] # -- Service replica number. replicas: 1 # -- Resource specs. @@ -68,117 +70,10 @@ auth-server: volumes: [] # -- Configure any additional volumesMounts that need to be attached to the containers volumeMounts: [] - -# -- Responsible for regenerating auth-keys per x hours -auth-server-key-rotation: - # -- Add custom normal and secret envs to the service - usrEnvs: - # -- Add custom normal envs to the service - # variable1: value1 - normal: {} - # -- Add custom secret envs to the service - # variable1: value1 - secret: {} - # -- Add custom dns policy - dnsPolicy: "" - # -- Add custom dns config - dnsConfig: {} - image: - # -- Image pullPolicy to use for deploying. - pullPolicy: IfNotPresent - # -- Image to use for deploying. - repository: janssenproject/certmanager - # -- Image tag to use for deploying. - tag: 1.0.0_b11 - # -- Auth server key rotation keys life in hours - keysLife: 48 - # -- Resource specs. - resources: - limits: - # -- CPU limit. - cpu: 300m - # -- Memory limit. - memory: 300Mi - requests: - # -- CPU request. - cpu: 300m - # -- Memory request. - memory: 300Mi - # -- Configure any additional volumes that need to be attached to the pod - volumes: [] - # -- Configure any additional volumesMounts that need to be attached to the containers - volumeMounts: [] - -# -- Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting. -client-api: - # -- Configure the HorizontalPodAutoscaler - hpa: - enabled: true - minReplicas: 1 - maxReplicas: 10 - targetCPUUtilizationPercentage: 50 - # -- metrics if targetCPUUtilizationPercentage is not set - metrics: [] - # -- Scaling Policies - behavior: {} - # -- Add custom normal and secret envs to the service - usrEnvs: - # -- Add custom normal envs to the service - # variable1: value1 - normal: {} - # -- Add custom secret envs to the service - # variable1: value1 - secret: {} - # -- Add custom dns policy - dnsPolicy: "" - # -- Add custom dns config - dnsConfig: {} - image: - # -- Image pullPolicy to use for deploying. - pullPolicy: IfNotPresent - # -- Image to use for deploying. - repository: janssenproject/client-api - # -- Image tag to use for deploying. - tag: 1.0.0_b11 - # -- Service replica number. - replicas: 1 - # -- Resource specs. - resources: - limits: - # -- CPU limit. - cpu: 1000m - # -- Memory limit. - memory: 400Mi - requests: - # -- CPU request. - cpu: 1000m - # -- Memory request. - memory: 400Mi - # -- Configure the liveness healthcheck for the auth server if needed. - livenessProbe: - # -- Executes the python3 healthcheck. - exec: - command: - - curl - - -k - - https://localhost:8443/health-check - initialDelaySeconds: 30 - periodSeconds: 30 - timeoutSeconds: 5 - # -- Configure the readiness healthcheck for the auth server if needed. - readinessProbe: - exec: - command: - - curl - - -k - - https://localhost:8443/health-check - initialDelaySeconds: 25 - periodSeconds: 25 - timeoutSeconds: 5 - # -- Configure any additional volumes that need to be attached to the pod - volumes: [] - # -- Configure any additional volumesMounts that need to be attached to the containers - volumeMounts: [] + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } # -- Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. config: @@ -190,8 +85,6 @@ config: # -- Add custom secret envs to the service. # variable1: value1 secret: {} - # -- Admin password to log in to the UI. - adminPassword: Test1234# # -- City. Used for certificate creation. city: Austin configmap: @@ -215,40 +108,8 @@ config: cnSqldbUserPassword: Test1234# # -- Cache type. `NATIVE_PERSISTENCE`, `REDIS`. or `IN_MEMORY`. Defaults to `NATIVE_PERSISTENCE` . cnCacheType: NATIVE_PERSISTENCE - # -- Enable Casa flag . - cnCasaEnabled: false - # -- Client-api OAuth client admin certificate common name. This should be left to the default value client-api . - cnClientApiAdminCertCn: client-api - # -- Client-api OAuth client application certificate common name. This should be left to the default value client-api. - cnClientApiApplicationCertCn: client-api - # -- Client-api bind address. This limits what ip ranges can access the client-api. This should be left as * and controlled by a NetworkPolicy - cnClientApiBindIpAddresses: "*" # -- The name of the Kubernetes ConfigMap that will hold the configuration layer cnConfigKubernetesConfigMap: cn - # -- The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Gluu. - cnCouchbaseBucketPrefix: jans - # -- Location of `couchbase.crt` used by Couchbase SDK for tls termination. The file path must end with couchbase.crt. In mTLS setups this is not required. - cnCouchbaseCertFile: /etc/certs/couchbase.crt - # -- Couchbase certificate authority string. This must be encoded using base64. This can also be found in your couchbase UI Security > Root Certificate. In mTLS setups this is not required. - cnCouchbaseCrt: SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo= - # -- The number of replicas per index created. Please note that the number of index nodes must be one greater than the number of index replicas. That means if your couchbase cluster only has 2 index nodes you cannot place the number of replicas to be higher than 1. - cnCouchbaseIndexNumReplica: 0 - # -- Couchbase password for the restricted user config.configmap.cnCouchbaseUser that is often used inside the services. The password must contain one digit, one uppercase letter, one lower case letter and one symbol . - cnCouchbasePassword: P@ssw0rd - # -- The location of the Couchbase restricted user config.configmap.cnCouchbaseUser password. The file path must end with couchbase_password - cnCouchbasePasswordFile: /etc/gluu/conf/couchbase_password - # -- The Couchbase super user (admin) user name. This user is used during initialization only. - cnCouchbaseSuperUser: admin - # -- Couchbase password for the super user config.configmap.cnCouchbaseSuperUser that is used during the initialization process. The password must contain one digit, one uppercase letter, one lower case letter and one symbol - cnCouchbaseSuperUserPassword: Test1234# - # -- The location of the Couchbase restricted user config.configmap.cnCouchbaseSuperUser password. The file path must end with couchbase_superuser_password. - cnCouchbaseSuperUserPasswordFile: /etc/gluu/conf/couchbase_superuser_password - # -- Couchbase URL. Used only when global.cnPersistenceType is hybrid or couchbase. This should be in FQDN format for either remote or local Couchbase clusters. The address can be an internal address inside the kubernetes cluster - cnCouchbaseUrl: cbgluu.default.svc.cluster.local - # -- Couchbase restricted user. Used only when global.cnPersistenceType is hybrid or couchbase. - cnCouchbaseUser: gluu - # -- Document store type to use for shibboleth files JCA or LOCAL. Note that if JCA is selected Apache Jackrabbit will be used. Jackrabbit also enables loading custom files across all services easily. - cnDocumentStoreType: JCA # [google_envs] Envs related to using Google # -- Service account with roles roles/secretmanager.admin base64 encoded string. This is used often inside the services to reach the configuration layer. Used only when global.configAdapterName and global.configSecretAdapter is set to google. cnGoogleSecretManagerServiceAccount: SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo= @@ -273,12 +134,10 @@ config: cnConfigGoogleSecretNamePrefix: gluu # [google_secret_manager_envs] END # [google_envs] END - # -- OpenDJ internal address. Leave as default. Used when `global.cnPersistenceType` is set to `ldap`. - cnLdapUrl: "opendj:1636" # -- Value passed to Java option -XX:MaxRAMPercentage cnMaxRamPercent: "75.0" - # -- Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`. - cnPersistenceLdapMapping: default + # -- Boolean flag to enable/disable passport chart. Not part of the openbanking distribution. Please leave this disabled. + cnPassportEnabled: false # -- Redis Sentinel Group. Often set when `config.configmap.cnRedisType` is set to `SENTINEL`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. cnRedisSentinelGroup: "" # -- Redis SSL truststore. Optional. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. @@ -289,22 +148,23 @@ config: cnRedisUrl: "redis.redis.svc.cluster.local:6379" # -- Boolean to use SSL in Redis. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. cnRedisUseSsl: false + # -- Enable SAML-related features; UI menu, etc. Not part of the openbanking distribution. Please leave this disabled. + cnSamlEnabled: false # -- Kubernetes secret name holding configuration keys. Used when global.configSecretAdapter is set to kubernetes which is the default. cnSecretKubernetesSecret: cn # -- Loadbalancer address for AWS if the FQDN is not registered. lbAddr: "" - cnScimProtectionMode: "OAUTH" # -- Country code. Used for certificate creation. countryCode: US # -- Email address of the administrator usually. Used for certificate creation. email: support@gluu.org image: # -- Image to use for deploying. - repository: janssenproject/configuration-manager + repository: janssenproject/configurator # -- Image tag to use for deploying. - tag: 1.0.0_b11 - # -- LDAP admin password if OpennDJ is used for persistence. - ldapPassword: P@ssw0rds + tag: 1.0.0-beta.14 + # -- Image Pull Secrets + pullSecrets: [ ] # -- Organization name. Used for certificate creation. orgName: Gluu # -- Redis admin password if `config.configmap.cnCacheType` is set to `REDIS`. @@ -332,7 +192,10 @@ config: # -- Add custom dns config dnsConfig: {} - + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } # -- Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). config-api: # -- Configure the HorizontalPodAutoscaler @@ -363,7 +226,9 @@ config-api: # -- Image to use for deploying. repository: janssenproject/config-api # -- Image tag to use for deploying. - tag: 1.0.0_b11 + tag: 1.0.0-beta.14 + # -- Image Pull Secrets + pullSecrets: [ ] # -- Service replica number. replicas: 1 # -- Resource specs. @@ -390,7 +255,7 @@ config-api: readinessProbe: # -- http readiness probe endpoint httpGet: - path: jans-config-api/api/v1/health/ready + path: /jans-config-api/api/v1/health/ready port: 8074 initialDelaySeconds: 25 periodSeconds: 25 @@ -400,76 +265,10 @@ config-api: # -- Configure any additional volumesMounts that need to be attached to the containers volumeMounts: [] -# -- FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. -fido2: - # -- Configure the HorizontalPodAutoscaler - hpa: - enabled: true - minReplicas: 1 - maxReplicas: 10 - targetCPUUtilizationPercentage: 50 - # -- metrics if targetCPUUtilizationPercentage is not set - metrics: [] - # -- Scaling Policies - behavior: {} - # -- Add custom normal and secret envs to the service - usrEnvs: - # -- Add custom normal envs to the service - # variable1: value1 - normal: {} - # -- Add custom secret envs to the service - # variable1: value1 - secret: {} - # -- Add custom dns policy - dnsPolicy: "" - # -- Add custom dns config - dnsConfig: {} - image: - # -- Image pullPolicy to use for deploying. - pullPolicy: IfNotPresent - # -- Image to use for deploying. - repository: janssenproject/fido2 - # -- Image tag to use for deploying. - tag: 1.0.0_b11 - # -- Service replica number. - replicas: 1 - # -- Resource specs. - resources: - limits: - # -- CPU limit. - cpu: 500m - # -- Memory limit. - memory: 500Mi - requests: - # -- CPU request. - cpu: 500m - # -- Memory request. - memory: 500Mi - service: - # -- Name of the fido2 service. Please keep it as default. - fido2ServiceName: fido2 - # -- Configure the liveness healthcheck for the fido2 if needed. - livenessProbe: - # -- http liveness probe endpoint - httpGet: - path: /jans-fido2/sys/health-check - port: http-fido2 - initialDelaySeconds: 25 - periodSeconds: 25 - timeoutSeconds: 5 - # -- Configure the readiness healthcheck for the fido2 if needed. - readinessProbe: - httpGet: - path: /jans-fido2/sys/health-check - port: http-fido2 - initialDelaySeconds: 30 - periodSeconds: 30 - timeoutSeconds: 5 - # -- Configure any additional volumes that need to be attached to the pod - volumes: [] - # -- Configure any additional volumesMounts that need to be attached to the containers - volumeMounts: [] - + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } # -- Parameters used globally across all services helm charts. global: # -- Add custom normal and secret envs to the service. @@ -490,6 +289,37 @@ global: authServerServiceName: auth-server # -- Boolean flag to enable/disable auth-server chart. You should never set this to false. enabled: true + # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. + appLoggers: + # -- jans-auth.log target + authLogTarget: "STDOUT" + # -- jans-auth.log level + authLogLevel: "INFO" + # -- http_request_response.log target + httpLogTarget: "FILE" + # -- http_request_response.log level + httpLogLevel: "INFO" + # -- jans-auth_persistence.log target + persistenceLogTarget: "FILE" + # -- jans-auth_persistence.log level + persistenceLogLevel: "INFO" + # -- jans-auth_persistence_duration.log target + persistenceDurationLogTarget: "FILE" + # -- jans-auth_persistence_duration.log level + persistenceDurationLogLevel: "INFO" + # -- jans-auth_persistence_ldap_statistics.log target + ldapStatsLogTarget: "FILE" + # -- jans-auth_persistence_ldap_statistics.log level + ldapStatsLogLevel: "INFO" + # -- jans-auth_script.log target + scriptLogTarget: "FILE" + # -- jans-auth_script.log level + scriptLogLevel: "INFO" + # -- jans-auth_script.log target + auditStatsLogTarget: "FILE" + # -- jans-auth_audit.log level + auditStatsLogLevel: "INFO" + auth-server-key-rotation: # -- Boolean flag to enable/disable the auth-server-key rotation cronjob chart. enabled: false @@ -499,18 +329,27 @@ global: azureStorageAccountType: Standard_LRS # -- Azure storage kind if using Azure disks azureStorageKind: Managed + casa: + # -- Name of the casa service. Please keep it as default. + casaServiceName: casa client-api: # -- Name of the client-api service. Please keep it as default. clientApiServerServiceName: client-api # -- Boolean flag to enable/disable the client-api chart. enabled: false + # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. + appLoggers: + # -- client-api.log target + clientApiLogTarget: "STDOUT" + # -- client-api.log level + clientApiLogLevel: "INFO" cloud: # -- Boolean flag if enabled will strip resources requests and limits from all services. testEnviroment: false # -- Boolean flag if enabled will enable jackrabbit in cluster mode with Postgres. - cnJackrabbitCluster: true + cnJackrabbitCluster: false # -- Persistence backend to run Gluu with ldap|couchbase|hybrid|sql|spanner. - cnPersistenceType: ldap + cnPersistenceType: sql # -- Open banking external signing jwks uri. Used in SSA Validation. cnObExtSigningJwksUri: "" # -- Open banking external signing jwks AS certificate authority string. Used in SSA Validation. This must be encoded using base64.. Used when `.global.cnObExtSigningJwksUri` is set. @@ -527,7 +366,7 @@ global: cnObTransportCrt: "" # -- Open banking AS transport key. Used in SSA Validation. This must be encoded using base64. cnObTransportKey: "" - # -- Open banking AS transport key passphrase to unlock AS transport key. This must be encoded using base64. + # -- Open banking AS transport key pas`sphrase to unlock AS transport key. This must be encoded using base64. cnObTransportKeyPassPhrase: "" # -- Open banking transport Alias used inside the JVM. cnObTransportAlias: "" @@ -547,14 +386,32 @@ global: configApiServerServiceName: config-api # -- Boolean flag to enable/disable the config-api chart. enabled: true + # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. + appLoggers: + # -- configapi.log target + configApiLogTarget: "STDOUT" + # -- configapi.log level + configApiLogLevel: "INFO" cr-rotate: # -- Boolean flag to enable/disable the cr-rotate chart. enabled: false # -- Fully qualified domain name to be used for Gluu installation. This address will be used to reach Gluu services. fqdn: demoexample.gluu.org fido2: + # -- Name of the fido2 service. Please keep it as default. + fido2ServiceName: fido2 # -- Boolean flag to enable/disable the fido2 chart. enabled: false + # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. + appLoggers: + # -- fido2.log target + fido2LogTarget: "STDOUT" + # -- fido2.log level + fido2LogLevel: "INFO" + # -- fido2_persistence.log target + persistenceLogTarget: "FILE" + # -- fido2_persistence.log level + persistenceLogLevel: "INFO" # -- GCE storage kind if using Google disks gcePdStorageType: pd-standard # -- Boolean flag to enable mapping global.lbIp to global.fqdn inside pods on clouds that provide static ip for loadbalancers. On cloud that provide only addresses to the LB this flag will enable a script to actively scan config.configmap.lbAddr and update the hosts file inside the pods automatically. @@ -566,26 +423,52 @@ global: ingress: false # -- The namespace istio is deployed in. The is normally istio-system. namespace: istio-system - lbIp: "22.22.22.22" + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } + jackrabbit: + # -- Boolean flag to enable/disable the jackrabbit chart. For more information on how it is used inside Gluu https://gluu.org/docs/gluu-server/4.2/installation-guide/install-kubernetes/#working-with-jackrabbit. If disabled oxShibboleth cannot be run. + enabled: false + # -- Name of the Jackrabbit service. Please keep it as default. + jackRabbitServiceName: jackrabbit + # -- The Loadbalancer IP created by nginx or istio on clouds that provide static IPs. This is not needed if `global.fqdn` is globally resolvable. + lbIp: 22.22.22.22 nginx-ingress: # -- Boolean flag to enable/disable the nginx-ingress definitions chart. enabled: true - opendj: - # -- Boolean flag to enable/disable the OpenDJ chart. - enabled: true - # -- Name of the OpenDJ service. Please keep it as default. - ldapServiceName: opendj - oxshibboleth: - # -- Boolean flag to enable/disable the oxShibbboleth chart. - enabled: false # -- Gluu distributions supported are: default|openbanking. - distribution: default + distribution: openbanking persistence: # -- Boolean flag to enable/disable the persistence chart. enabled: true scim: + # -- Name of the scim service. Please keep it as default. + scimServiceName: scim # -- Boolean flag to enable/disable the SCIM chart. enabled: false + # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. + appLoggers: + # -- jans-scim.log target + scimLogTarget: "STDOUT" + # -- jans-scim.log level + scimLogLevel: "INFO" + # -- jans-scim_persistence.log target + persistenceLogTarget: "FILE" + # -- jans-scim_persistence.log level + persistenceLogLevel: "INFO" + # -- jans-scim_persistence_duration.log target + persistenceDurationLogTarget: "FILE" + # -- jans-scim_persistence_duration.log level + persistenceDurationLogLevel: "INFO" + # -- jans-scim_persistence_ldap_statistics.log target + ldapStatsLogTarget: "FILE" + # -- jans-scim_persistence_ldap_statistics.log level + ldapStatsLogLevel: "INFO" + # -- jans-scim_script.log target + scriptLogTarget: "FILE" + # -- jans-scim_script.log level + scriptLogLevel: "INFO" # -- StorageClass section for Jackrabbit and OpenDJ charts. This is not currently used by the openbanking distribution. You may specify custom parameters as needed. storageClass: allowVolumeExpansion: true @@ -602,65 +485,88 @@ global: provisioner: microk8s.io/hostpath reclaimPolicy: Retain volumeBindingMode: WaitForFirstConsumer + oxshibboleth: + # -- Boolean flag to enable/disable the oxShibbboleth chart. Not part of the openbanking distribution. Keep as default. + enabled: false + opendj: + # -- Boolean flag to enable/disable the OpenDJ chart. Not part of the openbanking distribution. Keep as default. + enabled: false + admin-ui: + # -- Boolean flag to enable/disable the admin-ui chart and admin ui config api plugin. + enabled: false upgrade: - # -- Boolean flag used when running helm upgrade command. This allows upgrading the chart without immutable objects errors. + # -- Boolean flag used when running upgrading through versions command. enabled: false # -- Nginx ingress definitions chart nginx-ingress: ingress: # -- Enable Admin UI endpoints. COMING SOON. - adminUiEnabled: true + adminUiEnabled: false # -- Admin UI ingress resource labels. key app is taken. adminUiLabels: { } + # -- openid-configuration ingress resource additional annotations. + adminUiAdditionalAnnotations: { } # -- Enable endpoint /.well-known/openid-configuration openidConfigEnabled: true # -- openid-configuration ingress resource labels. key app is taken openidConfigLabels: { } + # -- openid-configuration ingress resource additional annotations. + openidAdditionalAnnotations: { } # -- Enable endpoint /.well-known/uma2-configuration uma2ConfigEnabled: true # -- uma2 config ingress resource labels. key app is taken uma2ConfigLabels: { } + # -- uma2 config ingress resource additional annotations. + uma2AdditionalAnnotations: { } # -- Enable endpoint /.well-known/webfinger webfingerEnabled: true # -- webfinger ingress resource labels. key app is taken webfingerLabels: { } + # -- webfinger ingress resource additional annotations. + webfingerAdditionalAnnotations: { } # -- Enable endpoint /.well-known/simple-web-discovery webdiscoveryEnabled: true # -- webdiscovery ingress resource labels. key app is taken webdiscoveryLabels: { } - # -- Enable endpoint /.well-known/scim-configuration - scimConfigEnabled: false - # -- SCIM config ingress resource labels. key app is taken - scimConfigLabels: { } - # -- Enable SCIM endpoints /jans-scim - scimEnabled: false - # -- SCIM config ingress resource labels. key app is taken - scimLabels: { } + # -- webdiscovery ingress resource additional annotations. + webdiscoveryAdditionalAnnotations: { } # Enable config API endpoints /jans-config-api configApiEnabled: true # -- configAPI ingress resource labels. key app is taken configApiLabels: { } + # -- ConfigAPI ingress resource additional annotations. + configApiAdditionalAnnotations: { } # -- Enable endpoint /.well-known/fido-configuration u2fConfigEnabled: true # -- u2f config ingress resource labels. key app is taken u2fConfigLabels: { } + # -- u2f config ingress resource additional annotations. + u2fAdditionalAnnotations: { } # -- Enable endpoint /.well-known/fido2-configuration fido2ConfigEnabled: false # -- fido2 config ingress resource labels. key app is taken fido2ConfigLabels: { } + # -- fido2 config ingress resource additional annotations. + fido2ConfigAdditionalAnnotations: { } # -- Enable Auth server endpoints /jans-auth authServerEnabled: true - # -- Auth server config ingress resource labels. key app is taken + # -- Auth server ingress resource labels. key app is taken authServerLabels: { } + # -- Auth server ingress resource additional annotations. + authServerAdditionalAnnotations: { } # -- Enable mTLS on Auth server endpoint /jans-auth/restv1/token authServerProtectedToken: false # -- Auth server protected token ingress resource labels. key app is taken authServerProtectedTokenLabels: { } + # -- Auth server protected token ingress resource additional annotations. + authServerProtectedTokenAdditionalAnnotations: { } # -- Enable mTLS onn Auth server endpoint /jans-auth/restv1/register authServerProtectedRegister: false # -- Auth server protected token ingress resource labels. key app is taken - authServerProtectedRedisterLabels: { } + authServerProtectedRegisterLabels: { } + # -- Auth server protected register ingress resource additional annotations. + authServerProtectedRegisterAdditionalAnnotations: { } # -- Additional labels that will be added across all ingress definitions in the format of {mylabel: "myapp"} additionalLabels: { } # -- Additional annotations that will be added across all ingress definitions in the format of {cert-manager.io/issuer: "letsencrypt-prod"} @@ -682,124 +588,6 @@ nginx-ingress: hosts: - demoexample.gluu.org -# -- OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions. -opendj: - # -- Configure the HorizontalPodAutoscaler - hpa: - enabled: true - minReplicas: 1 - maxReplicas: 10 - targetCPUUtilizationPercentage: 50 - # -- metrics if targetCPUUtilizationPercentage is not set - metrics: [] - # -- Scaling Policies - behavior: {} - # -- Add custom normal and secret envs to the service - usrEnvs: - # -- Add custom normal envs to the service - # variable1: value1 - normal: {} - # -- Add custom secret envs to the service - # variable1: value1 - secret: {} - # -- Add custom dns policy - dnsPolicy: "" - # -- Add custom dns config - dnsConfig: {} - image: - # -- Image pullPolicy to use for deploying. - pullPolicy: IfNotPresent - # -- Image to use for deploying. - repository: gluufederation/opendj - # -- Image tag to use for deploying. - tag: 5.0.0_dev - multiCluster: - # -- Enable OpenDJ multiCluster mode. This flag enabbles loading keys under `opendj.multiCluster` - enabled: false - # -- OpenDJ Serf advertise address for the cluster - serfAdvertiseAddr: "firstldap.gluu.org:30946" - # -- Serf key. This key will automatically sync across clusters. - serfKey: Z51b6PgKU1MZ75NCZOTGGoc0LP2OF3qvF6sjxHyQCYk= - # -- Serf peer addresses. One per cluster. - serfPeers: - - "firstldap.gluu.org:30946" - - "secondldap.gluu.org:31946" - persistence: - # -- OpenDJ volume size - size: 5Gi - ports: - tcp-admin: - nodePort: "" - port: 4444 - protocol: TCP - targetPort: 4444 - tcp-ldap: - nodePort: "" - port: 1389 - protocol: TCP - targetPort: 1389 - tcp-ldaps: - nodePort: "" - port: 1636 - protocol: TCP - targetPort: 1636 - tcp-repl: - nodePort: "" - port: 8989 - protocol: TCP - targetPort: 8989 - tcp-serf: - nodePort: "" - port: 7946 - protocol: TCP - targetPort: 7946 - udp-serf: - nodePort: "" - port: 7946 - protocol: UDP - targetPort: 7946 - # -- Service replica number. - replicas: 1 - # -- Resource specs. - resources: - limits: - # -- CPU limit. - cpu: 1500m - # -- Memory limit. - memory: 2000Mi - requests: - # -- CPU request. - cpu: 1500m - # -- Memory request. - memory: 2000Mi - # -- Configure the liveness healthcheck for OpenDJ if needed. - # https://github.com/GluuFederation/docker-opendj/blob/master/scripts/healthcheck.py - livenessProbe: - # -- Executes the python3 healthcheck. - exec: - command: - - python3 - - /app/scripts/healthcheck.py - initialDelaySeconds: 30 - periodSeconds: 30 - timeoutSeconds: 5 - failureThreshold: 20 - # -- Configure the readiness healthcheck for OpenDJ if needed. - # https://github.com/GluuFederation/docker-opendj/blob/master/scripts/healthcheck.py - readinessProbe: - exec: - command: - - python3 - - /app/scripts/healthcheck.py - initialDelaySeconds: 25 - timeoutSeconds: 5 - periodSeconds: 25 - failureThreshold: 20 - # -- Configure any additional volumes that need to be attached to the pod - volumes: [] - # -- Configure any additional volumesMounts that need to be attached to the containers - volumeMounts: [] - # -- Job to generate data and intial config for Gluu Server persistence layer. persistence: # -- Add custom normal and secret envs to the service @@ -820,7 +608,9 @@ persistence: # -- Image to use for deploying. repository: janssenproject/persistence-loader # -- Image tag to use for deploying. - tag: 1.0.0_b11 + tag: 1.0.0-beta.14 + # -- Image Pull Secrets + pullSecrets: [ ] # -- Resource specs. resources: limits: @@ -838,72 +628,7 @@ persistence: # -- Configure any additional volumesMounts that need to be attached to the containers volumeMounts: [] -# -- System for Cross-domain Identity Management (SCIM) version 2.0 -scim: - # -- Configure the HorizontalPodAutoscaler - hpa: - enabled: true - minReplicas: 1 - maxReplicas: 10 - targetCPUUtilizationPercentage: 50 - # -- metrics if targetCPUUtilizationPercentage is not set - metrics: [] - # -- Scaling Policies - behavior: {} - # -- Add custom normal and secret envs to the service - usrEnvs: - # -- Add custom normal envs to the service - # variable1: value1 - normal: {} - # -- Add custom secret envs to the service - # variable1: value1 - secret: {} - # -- Add custom dns policy - dnsPolicy: "" - # -- Add custom dns config - dnsConfig: {} - image: - # -- Image pullPolicy to use for deploying. - pullPolicy: IfNotPresent - # -- Image to use for deploying. - repository: janssenproject/scim - # -- Image tag to use for deploying. - tag: 1.0.0_b11 - # -- Service replica number. - replicas: 1 - resources: - limits: - # -- CPU limit. - cpu: 1000m - # -- Memory limit. - memory: 1000Mi - requests: - # -- CPU request. - cpu: 1000m - # -- Memory request. - memory: 1000Mi - service: - # -- Name of the auth-server service. Please keep it as default. - scimServiceName: scim - # -- Configure the liveness healthcheck for SCIM if needed. - livenessProbe: - httpGet: - # -- http liveness probe endpoint - path: /jans-scim/sys/health-check - port: 8080 - initialDelaySeconds: 30 - periodSeconds: 30 - timeoutSeconds: 5 - # -- Configure the readiness healthcheck for the SCIM if needed. - readinessProbe: - httpGet: - # -- http readiness probe endpoint - path: /jans-scim/sys/health-check - port: 8080 - initialDelaySeconds: 25 - periodSeconds: 25 - timeoutSeconds: 5 - # -- Configure any additional volumes that need to be attached to the pod - volumes: [] - # -- Configure any additional volumesMounts that need to be attached to the containers - volumeMounts: [] + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } diff --git a/charts/jans/templates/_helpers.tpl b/helm/pygluu/kubernetes/templates/helm/gluu/templates/_helpers.tpl similarity index 100% rename from charts/jans/templates/_helpers.tpl rename to helm/pygluu/kubernetes/templates/helm/gluu/templates/_helpers.tpl diff --git a/charts/jans/values.schema.json b/helm/pygluu/kubernetes/templates/helm/gluu/values.schema.json similarity index 86% rename from charts/jans/values.schema.json rename to helm/pygluu/kubernetes/templates/helm/gluu/values.schema.json index e9c10674f6b..610844ece0b 100644 --- a/charts/jans/values.schema.json +++ b/helm/pygluu/kubernetes/templates/helm/gluu/values.schema.json @@ -2,8 +2,15 @@ "$schema":"https://json-schema.org/draft/2020-12/schema#", "type":"object", "properties":{ + "admin-ui":{ + "description":"Admin GUI for configuration of the auth-server", + "type":"object", + "properties":{ + + } + }, "auth-server":{ - "description":"OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Janssen. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing.", + "description":"OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing.", "type":"object", "properties":{ @@ -17,7 +24,7 @@ } }, "casa":{ - "description":"Janssen Casa (\"Casa\") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Janssen Server.", + "description":"Gluu Casa (\"Casa\") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server.", "type":"object", "properties":{ @@ -31,7 +38,7 @@ } }, "config":{ - "description":"Configuration parameters for setup and initial configuration secret annd config layers used by Janssen services.", + "description":"Configuration parameters for setup and initial configuration secret annd config layers used by Gluu services.", "type":"object", "properties":{ "adminPass":{ @@ -97,7 +104,7 @@ "pattern":"^(NATIVE_PERSISTENCE|REDIS|IN_MEMORY)$" }, "cnCasaEnabled":{ - "description":"Enable Casa. Janssen Casa is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Janssen Server.", + "description":"Enable Casa. Gluu Casa is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server.", "type":"boolean" }, "cnClientApiAdminCertCn":{ @@ -120,7 +127,7 @@ "pattern":"^[a-z]+$" }, "cnCouchbaseBucketPrefix":{ - "description":"The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Janssen.", + "description":"The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Gluu.", "type":"string", "pattern":"^[a-z]+$" }, @@ -175,6 +182,53 @@ "type":"string", "pattern":"^(LOCAL|JCA)$" }, + "cnJackrabbitAdminId":{ + "description":"Jackrabbit admin uid.", + "type":"string", + "pattern":"^[a-z]+$" + }, + "cnJackrabbitAdminIdFile":{ + "description":"The location of the Jackrabbit admin uid config.cnJackrabbitAdminId. The file path must end with jackrabbit_admin_id.", + "type":"string", + "pattern":".*jackrabbit_admin_id\\b.*" + }, + "cnJackrabbitAdminPassFile":{ + "description":"The location of the Jackrabbit admin password jackrabbit.secrets.cnJackrabbitAdminPassword. The file path must end with jackrabbit_admin_password.", + "type":"string", + "pattern":".*jackrabbit_admin_password\\b.*" + }, + "cnJackrabbitPostgresDatabaseName":{ + "description":"Jackrabbit postgres database name.", + "type":"string", + "pattern":"^[a-z]+$" + }, + "cnJackrabbitPostgresHost":{ + "description":"Postgres url", + "$ref":"#/definitions/fqdn-pattern" + }, + "cnJackrabbitPostgresPasswordFile":{ + "description":"The location of the Jackrabbit postgres password file jackrabbit.secrets.cnJackrabbitPostgresPassword. The file path must end with postgres_password.", + "type":"string", + "pattern":".*postgres_password\\b.*" + }, + "cnJackrabbitPostgresPort":{ + "description":"Jackrabbit Postgres port", + "type":"integer" + }, + "cnJackrabbitPostgresUser":{ + "description":"Jackrabbit Postgres uid", + "type":"string", + "pattern":"^[a-z]+$" + }, + "cnJackrabbitSyncInterval":{ + "description":"Interval between files sync (default to 300 seconds).", + "type":"integer" + }, + "cnJackrabbitUrl":{ + "description":"Jackrabbit internal url. Normally left as default.", + "type":"string", + "pattern":"^(http:\/\/)?[a-z0-9-:]+$" + }, "cnGoogleSecretManagerServiceAccount":{ "description":"Service account with roles roles/secretmanager.admin base64 encoded string. This is used often inside the services to reach the configuration layer. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", "type":"string", @@ -201,12 +255,12 @@ "pattern":"^([0-9]|latest)*$" }, "cnSecretGoogleSecretNamePrefix":{ - "description":"Prefix for Janssen secret in Google Secret Manager. Defaults to jans. If left jans-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", + "description":"Prefix for Gluu secret in Google Secret Manager. Defaults to gluu. If left gluu-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", "type":"string", "pattern":"^[a-z]+$" }, "cnGoogleSecretManagerPassPhrase":{ - "description":"Passphrase for Janssen secret in Google Secret Manager. This is used for encrypting and decrypting data from the Google Secret Manager. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", + "description":"Passphrase for Gluu secret in Google Secret Manager. This is used for encrypting and decrypting data from the Google Secret Manager. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", "$ref":"#/definitions/password" }, "cnConfigGoogleSecretVersionId":{ @@ -215,7 +269,7 @@ "pattern":"^([0-9]|latest)*$" }, "cnConfigGoogleSecretNamePrefix":{ - "description":"Prefix for Janssen configuration secret in Google Secret Manager. Defaults to jans. If left intact jans-configuration secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", + "description":"Prefix for Gluu configuration secret in Google Secret Manager. Defaults to gluu. If left intact gluu-configuration secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", "type":"string" }, "cnLdapUrl":{ @@ -403,7 +457,82 @@ "description":"Name of the auth-server service. Please keep it as default.", "type":"string", "pattern":"^[a-z0-9-]+$" + }, + "appLoggers":{ + "type":"object", + "properties":{ + "authLogTarget":{ + "description":"jans-auth.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "authLogLevel":{ + "description":"jans-auth.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "httpLogTarget":{ + "description":"http_request_response target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "httpLogLevel":{ + "description":"http_request_response level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "persistenceLogTarget":{ + "description":"jans-auth_persistence.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "persistenceLogLevel":{ + "description":"jans-auth_persistence.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "persistenceDurationLogTarget":{ + "description":"jans-auth_persistence_duration.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "persistenceDurationLogLevel":{ + "description":"jans-auth_persistence_duration.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "ldapStatsLogTarget":{ + "description":"jans-auth_persistence_ldap_statistics.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "ldapStatsLogLevel":{ + "description":"jans-auth_persistence_ldap_statistics.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "scriptLogTarget":{ + "description":"jans-auth_script.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "scriptLogLevel":{ + "description":"jans-auth_script.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "auditStatsLogTarget":{ + "description":"jans-auth_audit.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "auditStatsLogLevel":{ + "description":"jans-auth_audit.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" } + } + } } }, "auth-server-key-rotation":{ @@ -441,7 +570,22 @@ "enabled":{ "description":"Boolean flag to enable/disable the client-api chart.", "type":"boolean" + }, + "appLoggers":{ + "type":"object", + "properties":{ + "clientApiLogTarget":{ + "description":"client-api.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "clientApiLogLevel":{ + "description":"client-api.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + } } + } } }, "cloud":{ @@ -458,7 +602,7 @@ "type":"boolean" }, "cnPersistenceType":{ - "description":"Persistence backend to run Janssen with ldap|couchbase|hybrid|sql|spanner.", + "description":"Persistence backend to run Gluu with ldap|couchbase|hybrid|sql|spanner.", "type":"string", "pattern":"^(ldap|couchbase|hybrid|sql|spanner)$" }, @@ -523,12 +667,12 @@ } }, "configAdapterName":{ - "description":"The config backend adapter that will hold Janssen configuration layer. google|kubernetes", + "description":"The config backend adapter that will hold Gluu configuration layer. google|kubernetes", "type":"string", "pattern":"^(kubernetes|google)$" }, "configSecretAdapter":{ - "description":"The config backend adapter that will hold Janssen secret layer. google|kubernetes", + "description":"The config backend adapter that will hold Gluu secret layer. google|kubernetes", "type":"string", "pattern":"^(kubernetes|google)$" }, @@ -548,7 +692,22 @@ "enabled":{ "description":"Boolean flag to enable/disable the config-api chart.", "type":"boolean" + }, + "appLoggers":{ + "type":"object", + "properties":{ + "configApiLogTarget":{ + "description":"configapi.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "configApiLogLevel":{ + "description":"configapi.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + } } + } } }, "cr-rotate":{ @@ -561,16 +720,46 @@ } }, "fqdn":{ - "description":"Fully qualified domain name to be used for Janssen installation. This address will be used to reach Janssen services.", + "description":"Fully qualified domain name to be used for Gluu installation. This address will be used to reach Gluu services.", "$ref":"#/definitions/fqdn-pattern" }, "fido2":{ "type":"object", "properties":{ + "fido2ServiceName":{ + "description":"Name of the fido2 service. Please keep it as default.", + "type":"string", + "pattern":"^[a-z0-9-]+$" + }, "enabled":{ "description":"Boolean flag to enable/disable the fido2 chart.", "type":"boolean" + }, + "appLoggers":{ + "type":"object", + "properties":{ + "fido2LogTarget":{ + "description":"fido2.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "fido2LogLevel":{ + "description":"fido2.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "persistenceLogTarget":{ + "description":"fido2_persistence.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "persistenceLogLevel":{ + "description":"fido2_persistence.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + } } + } } }, "gcePdStorageType":{ @@ -586,11 +775,11 @@ "type":"object", "properties":{ "enabled":{ - "description":"Boolean flag that enables using istio side cars with Janssen services.", + "description":"Boolean flag that enables using istio side cars with Gluu services.", "type":"boolean" }, "ingress":{ - "description":"Boolean flag that enables using istio gateway for Janssen. This assumes istio ingress is installed and hence the LB is available.", + "description":"Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available.", "type":"boolean" }, "namespace":{ @@ -604,7 +793,7 @@ "type":"object", "properties":{ "enabled":{ - "description":"Boolean flag to enable/disable the jackrabbit chart. For more information on how it is used inside Janssen https://jans.io/4.2/installation-guide/install-kubernetes/#working-with-jackrabbit. ", + "description":"Boolean flag to enable/disable the jackrabbit chart. For more information on how it is used inside Gluu https://gluu.org/docs/gluu-server/4.2/installation-guide/install-kubernetes/#working-with-jackrabbit. ", "type":"boolean" }, "jackRabbitServiceName":{ @@ -650,7 +839,7 @@ } }, "distribution":{ - "description":"Janssen distributions supported are: default|openbanking.", + "description":"Gluu distributions supported are: default|openbanking.", "type":"string", "pattern":"^(default|openbanking)$" }, @@ -669,7 +858,67 @@ "enabled":{ "description":"Boolean flag to enable/disable the SCIM chart.", "type":"boolean" + }, + "scimServiceName":{ + "description":"Name of the scim service. Please keep it as default.", + "type":"string", + "pattern":"^[a-z0-9-]+$" + }, + "appLoggers":{ + "type":"object", + "properties":{ + "authLogTarget":{ + "description":"jans-scim.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "authLogLevel":{ + "description":"jans-scim.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "persistenceLogTarget":{ + "description":"jans-scim_persistence.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "persistenceLogLevel":{ + "description":"jans-scim_persistence.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "persistenceDurationLogTarget":{ + "description":"jans-scim_persistence_duration.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "persistenceDurationLogLevel":{ + "description":"jans-scim_persistence_duration.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "ldapStatsLogTarget":{ + "description":"jans-scim_persistence_ldap_statistics.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "ldapStatsLogLevel":{ + "description":"jans-scim_persistence_ldap_statistics.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "scriptLogTarget":{ + "description":"jans-scim_script.log target", + "type":"string", + "pattern":"^(STDOUT|FILE)$" + }, + "scriptLogLevel":{ + "description":"jans-scim_script.log level", + "type":"string", + "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + } } + } } }, "storageClass":{ @@ -755,21 +1004,21 @@ } }, "oxpassport":{ - "description":"Janssen interface to Passport.js to support social login and inbound identity.", + "description":"Gluu interface to Passport.js to support social login and inbound identity.", "type":"object", "properties":{ } }, "oxshibboleth":{ - "description":"Shibboleth project for the Janssen Server's SAML IDP functionality.", + "description":"Shibboleth project for the Gluu Server's SAML IDP functionality.", "type":"object", "properties":{ } }, "persistence":{ - "description":"Job to generate data and intial config for Janssen Server persistence layer.", + "description":"Job to generate data and intial config for Gluu Server persistence layer.", "type":"object", "properties":{ @@ -784,6 +1033,9 @@ } }, "allOf":[ + { + "$ref":"#/definitions/admin-ui-enabled" + }, { "$ref":"#/definitions/auth-server-enabled" }, @@ -864,7 +1116,7 @@ { "type":"string", "errors":{ - "pattern":"Setting not FQDN structured. Please enter a FQDN with the format demoexample.jans.io" + "pattern":"Setting not FQDN structured. Please enter a FQDN with the format demoexample.gluu.org" } }, { @@ -903,6 +1155,146 @@ } ] }, + "admin-ui-enabled":{ + "if":{ + "properties":{ + "global":{ + "properties":{ + "admin-ui":{ + "properties":{ + "enabled":{ + "const":"true" + } + } + } + } + } + } + }, + "then":{ + "properties":{ + "admin-ui":{ + "required":[ + "image", + "replicas", + "resources" + ], + "properties":{ + "hpa":{ + "description":"Configure the HorizontalPodAutoscaler", + "type":"object", + "properties":{ + "enabled":{ + "type":"boolean" + }, + "minReplicas":{ + "type":"integer" + }, + "maxReplicas":{ + "type":"integer" + }, + "targetCPUUtilizationPercentage":{ + "type":"integer" + }, + "metrics":{ + "description":"metrics if targetCPUUtilizationPercentage is not set", + "type":"array" + }, + "behavior":{ + "description":"Scaling Policies", + "type":"object" + } + } + }, + "usrEnvs":{ + "description":"Add custom normal and secret envs to the service", + "type":"object", + "properties":{ + "normal":{ + "description":"Add custom normal envs to the service", + "type":"object" + }, + "secret":{ + "description":"Add custom secret envs to the service", + "type":"object" + } + } + }, + "dnsPolicy":{ + "description":"Add custom dns policy", + "type":"string", + "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig":{ + "description":"Add custom dns config", + "type":"object" + }, + "image":{ + "type":"object", + "properties":{ + "pullPolicy":{ + "description":"Image pullPolicy to use for deploying.", + "type":"string", + "pattern":"^(Always|Never|IfNotPresent)$" + }, + "repository":{ + "description":"Image to use for deploying", + "type":"string", + "pattern":"^[a-z0-9-_/]+$" + }, + "tag":{ + "description":"Image tag to use for deploying.", + "type":"string", + "pattern":"^[a-z0-9-_.]+$" + } + } + }, + "replicas":{ + "description":"Service replica number.", + "type":"integer" + }, + "resources":{ + "description":"Resource specs.", + "type":"object", + "properties":{ + "limits":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU limit.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory limit.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + }, + "requests":{ + "type":"object", + "properties":{ + "cpu":{ + "description":"CPU request.", + "type":"string", + "pattern":"^[0-9m]+$" + }, + "memory":{ + "description":"Memory request.", + "type":"string", + "pattern":"^[0-9Mi]+$" + } + } + } + } + } + } + } + } + }, + "else":true + }, "auth-server-enabled":{ "if":{ "properties":{ diff --git a/helm/pygluu/kubernetes/templates/helm/gluu/values.yaml b/helm/pygluu/kubernetes/templates/helm/gluu/values.yaml new file mode 100644 index 00000000000..6e351d64625 --- /dev/null +++ b/helm/pygluu/kubernetes/templates/helm/gluu/values.yaml @@ -0,0 +1,1654 @@ +# -- Only used by the installer. These settings do not affect nor are used by the chart +installer-settings: + currentVersion: "" + upgrade: + targetVersion: "" + image: + repository: "" + tag: "" + acceptLicense: "" + namespace: "" + releaseName: "" + nginxIngress: + releaseName: "" + namespace: "" + nodes: + names: "" + zones: "" + ips: "" + images: + edit: "" + aws: + lbType: "" + arn: + enabled: "" + arnAcmCert: "" + vpcCidr: "0.0.0.0/0" + couchbase: + clusterName: "" + namespace: "" + lowResourceInstall: "" + install: "" + customFileOverride: "" + backup: + incrementalSchedule: "" + fullSchedule: "" + retentionTime: "" + storageSize: "" + # Couchbase cert related keys + subjectAlternativeName: "" + commonName: "" + # Couchbase cluster yaml generator keys + totalNumberOfExpectedUsers: "" + totalNumberOfExpectedTransactionsPerSec: "" + volumeType: "" + volumeProvisionStrategy: "" + ldap: + multiClusterIds: [] + subsequentCluster: "" + backup: + fullSchedule: "" + jackrabbit: + clusterMode: "" + postgres: + install: "" + namespace: "" + sql: + install: "" + namespace: "" + google: + useSecretManager: "" + redis: + install: "" + namespace: "" + openbanking: + hasCnObTransportTrustStore: false + cnObTransportTrustStoreP12password: "" + confirmSettings: false + +# -- Admin GUI for configuration of the auth-server +admin-ui: + # -- Configure the HorizontalPodAutoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/admin-ui + # -- Image tag to use for deploying. + tag: 1.0.0-beta.14 + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Service replica number. + replicas: 1 + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 2500m + # -- Memory limit. + memory: 2500Mi + requests: + # -- CPU request. + cpu: 2500m + # -- Memory request. + memory: 2500Mi + # -- Configure the liveness healthcheck for the admin ui if needed. + livenessProbe: + tcpSocket: + port: 1636 + initialDelaySeconds: 60 + timeoutSeconds: 5 + periodSeconds: 25 + failureThreshold: 20 + # -- Configure the readiness healthcheck for the admin ui if needed. + readinessProbe: + tcpSocket: + port: 1636 + initialDelaySeconds: 60 + timeoutSeconds: 5 + periodSeconds: 25 + failureThreshold: 20 + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. +auth-server: + # -- Configure the HorizontalPodAutoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: janssenproject/auth-server + # -- Image tag to use for deploying. + tag: 1.0.0-beta.14 + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Service replica number. + replicas: 1 + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 2500m + # -- Memory limit. + memory: 2500Mi + requests: + # -- CPU request. + cpu: 2500m + # -- Memory request. + memory: 2500Mi + # -- Configure the liveness healthcheck for the auth server if needed. + livenessProbe: + # -- Executes the python3 healthcheck. + # https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py + exec: + command: + - python3 + - /app/scripts/healthcheck.py + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + # -- Configure the readiness healthcheck for the auth server if needed. + # https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py + readinessProbe: + exec: + command: + - python3 + - /app/scripts/healthcheck.py + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- Responsible for regenerating auth-keys per x hours +auth-server-key-rotation: + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: janssenproject/certmanager + # -- Image tag to use for deploying. + tag: 1.0.0-beta.14 + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Auth server key rotation keys life in hours + keysLife: 48 + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 300m + # -- Memory limit. + memory: 300Mi + requests: + # -- CPU request. + cpu: 300m + # -- Memory request. + memory: 300Mi + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. +casa: + # -- Configure the HorizontalPodAutoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/casa + # -- Image tag to use for deploying. + tag: 5.0.0_dev + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Service replica number. + replicas: 1 + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 500m + # -- Memory limit. + memory: 500Mi + requests: + # -- CPU request. + cpu: 500m + # -- Memory request. + memory: 500Mi + # -- Configure the liveness healthcheck for casa if needed. + livenessProbe: + httpGet: + # -- http liveness probe endpoint + path: /casa/health-check + port: http-casa + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 + # -- Configure the readiness healthcheck for the casa if needed. + readinessProbe: + httpGet: + # -- http readiness probe endpoint + path: /casa/health-check + port: http-casa + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting. +client-api: + # -- Configure the HorizontalPodAutoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: janssenproject/client-api + # -- Image tag to use for deploying. + tag: 1.0.0-beta.14 + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Service replica number. + replicas: 1 + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 1000m + # -- Memory limit. + memory: 400Mi + requests: + # -- CPU request. + cpu: 1000m + # -- Memory request. + memory: 400Mi + # -- Configure the liveness healthcheck for the auth server if needed. + livenessProbe: + # -- Executes the python3 healthcheck. + exec: + command: + - curl + - -k + - https://localhost:8443/health-check + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + # -- Configure the readiness healthcheck for the auth server if needed. + readinessProbe: + tcpSocket: + port: 8443 + initialDelaySeconds: 60 + timeoutSeconds: 5 + periodSeconds: 25 + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. +config: + # -- Add custom normal and secret envs to the service. + usrEnvs: + # -- Add custom normal envs to the service. + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service. + # variable1: value1 + secret: {} + # -- Admin password to log in to the UI. + adminPassword: Test1234# + # -- City. Used for certificate creation. + city: Austin + configmap: + # -- Jetty header size in bytes in the auth server + cnJettyRequestHeaderSize: 8192 + # -- SQL database dialect. `mysql` or `pgsql` + cnSqlDbDialect: mysql + # -- SQL database host uri. + cnSqlDbHost: my-release-mysql.default.svc.cluster.local + # -- SQL database port. + cnSqlDbPort: 3306 + # -- SQL database name. + cnSqlDbName: jans + # -- SQL database username. + cnSqlDbUser: jans + # -- SQL database timezone. + cnSqlDbTimezone: UTC + # -- SQL password file holding password from config.configmap.cnSqldbUserPassword . + cnSqlPasswordFile: /etc/jans/conf/sql_password + # -- SQL password injected as config.configmap.cnSqlPasswordFile . + cnSqldbUserPassword: Test1234# + # -- Cache type. `NATIVE_PERSISTENCE`, `REDIS`. or `IN_MEMORY`. Defaults to `NATIVE_PERSISTENCE` . + cnCacheType: NATIVE_PERSISTENCE + # -- Enable Casa flag . + cnCasaEnabled: false + # -- Client-api OAuth client admin certificate common name. This should be left to the default value client-api . + cnClientApiAdminCertCn: client-api + # -- Client-api OAuth client application certificate common name. This should be left to the default value client-api. + cnClientApiApplicationCertCn: client-api + # -- Client-api bind address. This limits what ip ranges can access the client-api. This should be left as * and controlled by a NetworkPolicy + cnClientApiBindIpAddresses: "*" + # -- The name of the Kubernetes ConfigMap that will hold the configuration layer + cnConfigKubernetesConfigMap: cn + # -- The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Gluu. + cnCouchbaseBucketPrefix: jans + # -- Location of `couchbase.crt` used by Couchbase SDK for tls termination. The file path must end with couchbase.crt. In mTLS setups this is not required. + cnCouchbaseCertFile: /etc/certs/couchbase.crt + # -- Couchbase certificate authority string. This must be encoded using base64. This can also be found in your couchbase UI Security > Root Certificate. In mTLS setups this is not required. + cnCouchbaseCrt: SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo= + # -- The number of replicas per index created. Please note that the number of index nodes must be one greater than the number of index replicas. That means if your couchbase cluster only has 2 index nodes you cannot place the number of replicas to be higher than 1. + cnCouchbaseIndexNumReplica: 0 + # -- Couchbase password for the restricted user config.configmap.cnCouchbaseUser that is often used inside the services. The password must contain one digit, one uppercase letter, one lower case letter and one symbol . + cnCouchbasePassword: P@ssw0rd + # -- The location of the Couchbase restricted user config.configmap.cnCouchbaseUser password. The file path must end with couchbase_password + cnCouchbasePasswordFile: /etc/gluu/conf/couchbase_password + # -- The Couchbase super user (admin) user name. This user is used during initialization only. + cnCouchbaseSuperUser: admin + # -- Couchbase password for the super user config.configmap.cnCouchbaseSuperUser that is used during the initialization process. The password must contain one digit, one uppercase letter, one lower case letter and one symbol + cnCouchbaseSuperUserPassword: Test1234# + # -- The location of the Couchbase restricted user config.configmap.cnCouchbaseSuperUser password. The file path must end with couchbase_superuser_password. + cnCouchbaseSuperUserPasswordFile: /etc/gluu/conf/couchbase_superuser_password + # -- Couchbase URL. Used only when global.cnPersistenceType is hybrid or couchbase. This should be in FQDN format for either remote or local Couchbase clusters. The address can be an internal address inside the kubernetes cluster + cnCouchbaseUrl: cbgluu.default.svc.cluster.local + # -- Couchbase restricted user. Used only when global.cnPersistenceType is hybrid or couchbase. + cnCouchbaseUser: gluu + # -- Document store type to use for shibboleth files JCA or LOCAL. Note that if JCA is selected Apache Jackrabbit will be used. Jackrabbit also enables loading custom files across all services easily. + cnDocumentStoreType: JCA + # -- Jackrabbit admin uid. + cnJackrabbitAdminId: admin + # -- The location of the Jackrabbit admin uid config.cnJackrabbitAdminId. The file path must end with jackrabbit_admin_id. + cnJackrabbitAdminIdFile: /etc/gluu/conf/jackrabbit_admin_id + # -- The location of the Jackrabbit admin password jackrabbit.secrets.cnJackrabbitAdminPassword. The file path must end with jackrabbit_admin_password. + cnJackrabbitAdminPasswordFile: /etc/gluu/conf/jackrabbit_admin_password + # -- Jackrabbit postgres database name. + cnJackrabbitPostgresDatabaseName: jackrabbit + # -- Postgres url + cnJackrabbitPostgresHost: postgresql.postgres.svc.cluster.local + # -- The location of the Jackrabbit postgres password file jackrabbit.secrets.cnJackrabbitPostgresPassword. The file path must end with postgres_password. + cnJackrabbitPostgresPasswordFile: /etc/gluu/conf/postgres_password + # -- Jackrabbit Postgres port + cnJackrabbitPostgresPort: 5432 + # -- Jackrabbit Postgres uid + cnJackrabbitPostgresUser: jackrabbit + # -- Interval between files sync (default to 300 seconds). + cnJackrabbitSyncInterval: 300 + # -- Jackrabbit internal url. Normally left as default. + cnJackrabbitUrl: "http://jackrabbit:8080" + # [google_envs] Envs related to using Google + # -- Service account with roles roles/secretmanager.admin base64 encoded string. This is used often inside the services to reach the configuration layer. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnGoogleSecretManagerServiceAccount: SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo= + # -- Project id of the google project the secret manager belongs to. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnGoogleProjectId: google-project-to-save-config-and-secrets-to + # [google_spanner_envs] Envs related to using Google Secret Manager to store config and secret layer + # -- Google Spanner ID. Used only when global.cnPersistenceType is spanner. + cnGoogleSpannerInstanceId: "" + # -- Google Spanner Database ID. Used only when global.cnPersistenceType is spanner. + cnGoogleSpannerDatabaseId: "" + # [google_spanner_envs] END + # [google_secret_manager_envs] Envs related to using Google Secret Manager to store config and secret layer + # -- Secret version to be used for secret configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnSecretGoogleSecretVersionId: "latest" + # -- Prefix for Gluu secret in Google Secret Manager. Defaults to gluu. If left gluu-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnSecretGoogleSecretNamePrefix: gluu + # -- Passphrase for Gluu secret in Google Secret Manager. This is used for encrypting and decrypting data from the Google Secret Manager. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnGoogleSecretManagerPassPhrase: Test1234# + # -- Secret version to be used for configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnConfigGoogleSecretVersionId: "latest" + # -- Prefix for Gluu configuration secret in Google Secret Manager. Defaults to gluu. If left intact gluu-configuration secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. + cnConfigGoogleSecretNamePrefix: gluu + # [google_secret_manager_envs] END + # [google_envs] END + # -- OpenDJ internal address. Leave as default. Used when `global.cnPersistenceType` is set to `ldap`. + cnLdapUrl: "opendj:1636" + # -- Value passed to Java option -XX:MaxRAMPercentage + cnMaxRamPercent: "75.0" + # -- SCIM protection mode OAUTH|TEST|UMA + cnScimProtectionMode: "OAUTH" + # -- Boolean flag to enable/disable passport chart + cnPassportEnabled: false + # -- Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`. + cnPersistenceLdapMapping: default + # -- Redis Sentinel Group. Often set when `config.configmap.cnRedisType` is set to `SENTINEL`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. + cnRedisSentinelGroup: "" + # -- Redis SSL truststore. Optional. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. + cnRedisSslTruststore: "" + # -- Redis service type. `STANDALONE` or `CLUSTER`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. + cnRedisType: STANDALONE + # -- Redis URL and port number :. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. + cnRedisUrl: "redis.redis.svc.cluster.local:6379" + # -- Boolean to use SSL in Redis. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. + cnRedisUseSsl: false + # -- Enable SAML-related features; UI menu, etc. + cnSamlEnabled: false + # -- Kubernetes secret name holding configuration keys. Used when global.configSecretAdapter is set to kubernetes which is the default. + cnSecretKubernetesSecret: cn + # -- Loadbalancer address for AWS if the FQDN is not registered. + lbAddr: "" + # -- Country code. Used for certificate creation. + countryCode: US + # -- Email address of the administrator usually. Used for certificate creation. + email: support@gluu.org + image: + # -- Image to use for deploying. + repository: janssenproject/configurator + # -- Image tag to use for deploying. + tag: 1.0.0-beta.14 + # -- Image Pull Secrets + pullSecrets: [ ] + # -- LDAP admin password if OpennDJ is used for persistence. + ldapPassword: P@ssw0rds + # -- Organization name. Used for certificate creation. + orgName: Gluu + # -- Redis admin password if `config.configmap.cnCacheType` is set to `REDIS`. + redisPassword: P@assw0rd + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 300m + # -- Memory limit. + memory: 300Mi + requests: + # -- CPU request. + cpu: 300m + # -- Memory request. + memory: 300Mi + # -- State code. Used for certificate creation. + state: TX + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + # -- CE to CN Migration section + migration: + # -- Boolean flag to enable migration from CE + enabled: false + # -- Directory holding all migration files + migrationDir: /ce-migration + # -- migration data-format depending on persistence backend. + # Supported data formats are ldif, couchbase+json, spanner+avro, postgresql+json, and mysql+json. + migrationDataFormat: ldif + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). +config-api: + # -- Configure the HorizontalPodAutoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: janssenproject/config-api + # -- Image tag to use for deploying. + tag: 1.0.0-beta.14 + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Service replica number. + replicas: 1 + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 1000m + # -- Memory limit. + memory: 400Mi + requests: + # -- CPU request. + cpu: 1000m + # -- Memory request. + memory: 400Mi + # -- Configure the liveness healthcheck for the auth server if needed. + livenessProbe: + # -- http liveness probe endpoint + httpGet: + path: /jans-config-api/api/v1/health/live + port: 8074 + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + readinessProbe: + # -- http readiness probe endpoint + httpGet: + path: jans-config-api/api/v1/health/ready + port: 8074 + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- CacheRefreshRotation is a special container to monitor cache refresh on oxTrust containers. This may be depreciated. +cr-rotate: + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/cr-rotate + # -- Image tag to use for deploying. + tag: 5.0.0_dev + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 200m + # -- Memory limit. + memory: 200Mi + requests: + # -- CPU request. + cpu: 200m + # -- Memory request. + memory: 200Mi + service: + # -- Name of the cr-rotate service. Please keep it as default. + crRotateServiceName: cr-rotate + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. +fido2: + # -- Configure the HorizontalPodAutoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: janssenproject/fido2 + # -- Image tag to use for deploying. + tag: 1.0.0-beta.14 + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Service replica number. + replicas: 1 + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 500m + # -- Memory limit. + memory: 500Mi + requests: + # -- CPU request. + cpu: 500m + # -- Memory request. + memory: 500Mi + service: + # -- The name of the fido2 port within the fido2 service. Please keep it as default. + name: http-fido2 + # -- Port of the fido2 service. Please keep it as default. + port: 8080 + # -- Configure the liveness healthcheck for the fido2 if needed. + livenessProbe: + # -- http liveness probe endpoint + httpGet: + path: /jans-fido2/sys/health-check + port: http-fido2 + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 + # -- Configure the readiness healthcheck for the fido2 if needed. + readinessProbe: + httpGet: + path: /jans-fido2/sys/health-check + port: http-fido2 + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- Parameters used globally across all services helm charts. +global: + # -- Add custom normal and secret envs to the service. + # Envs defined in global.userEnvs will be globally available to all services + usrEnvs: + # -- Add custom normal envs to the service. + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service. + # variable1: value1 + secret: {} + alb: + # -- Activates ALB ingress + ingress: false + + admin-ui: + # -- Boolean flag to enable/disable the admin-ui chart and admin ui config api plugin. + enabled: false + # -- Name of the admin-ui service. Please keep it as default. + adminUiServiceName: admin-ui + # License parameters + # -- Admin UI license API key. + adminUiApiKey: xxxxxxxxxxx + # -- Admin UI license API key mount location. + adminUiApiKeyFile: /etc/jans/conf/admin_ui_api_key + # -- Admin UI license product code. + adminUiProductCode: xxxxxxxxxxx + # -- Admin UI license product code mount location. + adminUiProductCodeFile: /etc/jans/conf/admin_ui_product_code + # -- Admin UI license shared key. + adminUiSharedKey: xxxxxxxxxxx + # -- Admin UI license shared key mount location. + adminUiSharedKeyFile: /etc/jans/conf/admin_ui_shared_key + # -- Admin UI license management key. + adminUiManagementKey: xxxxxxxxxxx + # -- Admin UI license management key mount location. + adminUiManagementKeyFile: /etc/jans/conf/admin_ui_management_key + + auth-server: + # -- Name of the auth-server service. Please keep it as default. + authServerServiceName: auth-server + # -- Boolean flag to enable/disable auth-server chart. You should never set this to false. + enabled: true + # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. + appLoggers: + # -- jans-auth.log target + authLogTarget: "STDOUT" + # -- jans-auth.log level + authLogLevel: "INFO" + # -- http_request_response.log target + httpLogTarget: "FILE" + # -- http_request_response.log level + httpLogLevel: "INFO" + # -- jans-auth_persistence.log target + persistenceLogTarget: "FILE" + # -- jans-auth_persistence.log level + persistenceLogLevel: "INFO" + # -- jans-auth_persistence_duration.log target + persistenceDurationLogTarget: "FILE" + # -- jans-auth_persistence_duration.log level + persistenceDurationLogLevel: "INFO" + # -- jans-auth_persistence_ldap_statistics.log target + ldapStatsLogTarget: "FILE" + # -- jans-auth_persistence_ldap_statistics.log level + ldapStatsLogLevel: "INFO" + # -- jans-auth_script.log target + scriptLogTarget: "FILE" + # -- jans-auth_script.log level + scriptLogLevel: "INFO" + # -- jans-auth_script.log target + auditStatsLogTarget: "FILE" + # -- jans-auth_audit.log level + auditStatsLogLevel: "INFO" + # -- space-separated key algorithm for signing (default to `RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512`) + authSigKeys: "RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512" + # -- space-separated key algorithm for encryption (default to `RSA1_5 RSA-OAEP`) + authEncKeys: "RSA1_5 RSA-OAEP" + + auth-server-key-rotation: + # -- Boolean flag to enable/disable the auth-server-key rotation cronjob chart. + enabled: false + # -- Volume storage type if using AWS volumes. + awsStorageType: io1 + # -- Volume storage type if using Azure disks. + azureStorageAccountType: Standard_LRS + # -- Azure storage kind if using Azure disks + azureStorageKind: Managed + casa: + # -- Name of the casa service. Please keep it as default. + casaServiceName: casa + client-api: + # -- Name of the client-api service. Please keep it as default. + clientApiServerServiceName: client-api + # -- Boolean flag to enable/disable the client-api chart. + enabled: false + # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. + appLoggers: + # -- client-api.log target + clientApiLogTarget: "STDOUT" + # -- client-api.log level + clientApiLogLevel: "INFO" + cloud: + # -- Boolean flag if enabled will strip resources requests and limits from all services. + testEnviroment: false + # -- Boolean flag if enabled will enable jackrabbit in cluster mode with Postgres. + cnJackrabbitCluster: false + # -- Persistence backend to run Gluu with ldap|couchbase|hybrid|sql|spanner. + cnPersistenceType: sql + # -- Open banking external signing jwks uri. Used in SSA Validation. + cnObExtSigningJwksUri: "" + # -- Open banking external signing jwks AS certificate authority string. Used in SSA Validation. This must be encoded using base64.. Used when `.global.cnObExtSigningJwksUri` is set. + cnObExtSigningJwksCrt: "" + # -- Open banking external signing jwks AS key string. Used in SSA Validation. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set. + cnObExtSigningJwksKey: "" + # -- Open banking external signing jwks AS key passphrase to unlock provided key. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set. + cnObExtSigningJwksKeyPassPhrase: "" + # -- Open banking external signing AS Alias. This is a kid value.Used in SSA Validation, kid used while encoding a JWT sent to token URL i.e XkwIzWy44xWSlcWnMiEc8iq9s2G + cnObExtSigningAlias: "" + # -- Open banking signing AS kid to force the AS to use a specific signing key. i.e Wy44xWSlcWnMiEc8iq9s2G + cnObStaticSigningKeyKid: "" + # -- Open banking AS transport crt. Used in SSA Validation. This must be encoded using base64. + cnObTransportCrt: "" + # -- Open banking AS transport key. Used in SSA Validation. This must be encoded using base64. + cnObTransportKey: "" + # -- Open banking AS transport key pas`sphrase to unlock AS transport key. This must be encoded using base64. + cnObTransportKeyPassPhrase: "" + # -- Open banking transport Alias used inside the JVM. + cnObTransportAlias: "" + # -- Open banking AS transport truststore crt. This is normally generated from the OB issuing CA, OB Root CA and Signing CA. Used when .global.cnObExtSigningJwksUri is set. Used in SSA Validation. This must be encoded using base64. + cnObTransportTrustStore: "" + config: + # -- Boolean flag to enable/disable the configuration chart. This normally should never be false + enabled: true + # -- The config backend adapter that will hold Gluu configuration layer. google|kubernetes + configAdapterName: kubernetes + # -- The config backend adapter that will hold Gluu secret layer. google|kubernetes + configSecretAdapter: kubernetes + # -- Base64 encoded service account. The sa must have roles/secretmanager.admin to use Google secrets and roles/spanner.databaseUser to use Spanner. + cnGoogleApplicationCredentials: /etc/jans/conf/google-credentials.json + config-api: + # -- Name of the config-api service. Please keep it as default. + configApiServerServiceName: config-api + # -- Boolean flag to enable/disable the config-api chart. + enabled: true + # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. + appLoggers: + # -- configapi.log target + configApiLogTarget: "STDOUT" + # -- configapi.log level + configApiLogLevel: "INFO" + cr-rotate: + # -- Boolean flag to enable/disable the cr-rotate chart. + enabled: false + # -- Fully qualified domain name to be used for Gluu installation. This address will be used to reach Gluu services. + fqdn: demoexample.gluu.org + fido2: + # -- Name of the fido2 service. Please keep it as default. + fido2ServiceName: fido2 + # -- Boolean flag to enable/disable the fido2 chart. + enabled: true + # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. + appLoggers: + # -- fido2.log target + fido2LogTarget: "STDOUT" + # -- fido2.log level + fido2LogLevel: "INFO" + # -- fido2_persistence.log target + persistenceLogTarget: "FILE" + # -- fido2_persistence.log level + persistenceLogLevel: "INFO" + # -- GCE storage kind if using Google disks + gcePdStorageType: pd-standard + # -- Boolean flag to enable mapping global.lbIp to global.fqdn inside pods on clouds that provide static ip for loadbalancers. On cloud that provide only addresses to the LB this flag will enable a script to actively scan config.configmap.lbAddr and update the hosts file inside the pods automatically. + isFqdnRegistered: false + istio: + # -- Boolean flag that enables using istio side cars with Gluu services. + enabled: false + # -- Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available. + ingress: false + # -- The namespace istio is deployed in. The is normally istio-system. + namespace: istio-system + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } + jackrabbit: + # -- Boolean flag to enable/disable the jackrabbit chart. For more information on how it is used inside Gluu https://gluu.org/docs/gluu-server/4.2/installation-guide/install-kubernetes/#working-with-jackrabbit. If disabled oxShibboleth cannot be run. + enabled: false + # -- Name of the Jackrabbit service. Please keep it as default. + jackRabbitServiceName: jackrabbit + # -- The Loadbalancer IP created by nginx or istio on clouds that provide static IPs. This is not needed if `global.fqdn` is globally resolvable. + lbIp: 22.22.22.22 + nginx-ingress: + # -- Boolean flag to enable/disable the nginx-ingress definitions chart. + enabled: true + opendj: + # -- Boolean flag to enable/disable the OpenDJ chart. + enabled: false + # -- Name of the OpenDJ service. Please keep it as default. + ldapServiceName: opendj + oxpassport: + # -- Name of the oxPassport service. Please keep it as default. + oxPassportServiceName: oxpassport + oxshibboleth: + # -- Name of the oxShibboleth service. Please keep it as default. + oxShibbolethServiceName: oxshibboleth + # -- Boolean flag to enable/disable the oxShibbboleth chart. + enabled: false + # -- Gluu distributions supported are: default|openbanking. + distribution: default + persistence: + # -- Boolean flag to enable/disable the persistence chart. + enabled: true + scim: + # -- Name of the scim service. Please keep it as default. + scimServiceName: scim + # -- Boolean flag to enable/disable the SCIM chart. + enabled: true + # -- App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. + appLoggers: + # -- jans-scim.log target + scimLogTarget: "STDOUT" + # -- jans-scim.log level + scimLogLevel: "INFO" + # -- jans-scim_persistence.log target + persistenceLogTarget: "FILE" + # -- jans-scim_persistence.log level + persistenceLogLevel: "INFO" + # -- jans-scim_persistence_duration.log target + persistenceDurationLogTarget: "FILE" + # -- jans-scim_persistence_duration.log level + persistenceDurationLogLevel: "INFO" + # -- jans-scim_persistence_ldap_statistics.log target + ldapStatsLogTarget: "FILE" + # -- jans-scim_persistence_ldap_statistics.log level + ldapStatsLogLevel: "INFO" + # -- jans-scim_script.log target + scriptLogTarget: "FILE" + # -- jans-scim_script.log level + scriptLogLevel: "INFO" + # -- StorageClass section for Jackrabbit and OpenDJ charts. This is not currently used by the openbanking distribution. You may specify custom parameters as needed. + storageClass: + allowVolumeExpansion: true + allowedTopologies: [] + mountOptions: + - debug + # -- parameters: + #fsType: "" + #kind: "" + #pool: "" + #storageAccountType: "" + #type: "" + parameters: {} + provisioner: microk8s.io/hostpath + reclaimPolicy: Retain + volumeBindingMode: WaitForFirstConsumer + upgrade: + # -- Boolean flag used when running upgrading through versions command. Used when upgrading with LDAP as the persistence to load the 101x ldif. + enabled: false + +# -- Jackrabbit Oak is a complementary implementation of the JCR specification. It is an effort to implement a scalable and performant hierarchical content repository for use as the foundation of modern world-class web sites and other demanding content applications +# https://jackrabbit.apache.org/jcr/index.html +jackrabbit: + # -- Configure the HorizontalPodAutoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/jackrabbit + # -- Image tag to use for deploying. + tag: 5.0.0_dev + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Service replica number. + replicas: 1 + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 1500m + # -- Memory limit. + memory: 1000Mi + requests: + # -- CPU request. + cpu: 1500m + # -- Memory request. + memory: 1000Mi + secrets: + # -- Jackrabbit admin uid password + cnJackrabbitAdminPassword: Test1234# + # -- Jackrabbit Postgres uid password + cnJackrabbitPostgresPassword: P@ssw0rd + storage: + # -- Jackrabbit volume size + size: 5Gi + # -- Configure the liveness healthcheck for the Jackrabbit if needed. + livenessProbe: + # -- Executes tcp healthcheck. + tcpSocket: + port: http-jackrabbit + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 + # -- Configure the readiness healthcheck for the Jackrabbit if needed. + readinessProbe: + # -- Executes tcp healthcheck. + tcpSocket: + port: http-jackrabbit + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- Nginx ingress definitions chart +nginx-ingress: + ingress: + # -- Enable Admin UI endpoints. COMING SOON. + adminUiEnabled: false + # -- Admin UI ingress resource labels. key app is taken. + adminUiLabels: { } + # -- openid-configuration ingress resource additional annotations. + adminUiAdditionalAnnotations: { } + # -- Enable endpoint /.well-known/openid-configuration + openidConfigEnabled: true + # -- openid-configuration ingress resource labels. key app is taken + openidConfigLabels: { } + # -- openid-configuration ingress resource additional annotations. + openidAdditionalAnnotations: { } + # -- Enable endpoint /.well-known/uma2-configuration + uma2ConfigEnabled: true + # -- uma2 config ingress resource labels. key app is taken + uma2ConfigLabels: { } + # -- uma2 config ingress resource additional annotations. + uma2AdditionalAnnotations: { } + # -- Enable endpoint /.well-known/webfinger + webfingerEnabled: true + # -- webfinger ingress resource labels. key app is taken + webfingerLabels: { } + # -- webfinger ingress resource additional annotations. + webfingerAdditionalAnnotations: { } + # -- Enable endpoint /.well-known/simple-web-discovery + webdiscoveryEnabled: true + # -- webdiscovery ingress resource labels. key app is taken + webdiscoveryLabels: { } + # -- webdiscovery ingress resource additional annotations. + webdiscoveryAdditionalAnnotations: { } + # -- Enable endpoint /.well-known/scim-configuration + scimConfigEnabled: false + # -- SCIM config ingress resource labels. key app is taken + scimConfigLabels: { } + # -- SCIM config ingress resource additional annotations. + scimConfigAdditionalAnnotations: { } + # -- Enable SCIM endpoints /jans-scim + scimEnabled: false + # -- SCIM config ingress resource labels. key app is taken + scimLabels: { } + # -- SCIM ingress resource additional annotations. + scimAdditionalAnnotations: { } + # Enable config API endpoints /jans-config-api + configApiEnabled: true + # -- configAPI ingress resource labels. key app is taken + configApiLabels: { } + # -- ConfigAPI ingress resource additional annotations. + configApiAdditionalAnnotations: { } + # -- Enable endpoint /.well-known/fido-configuration + u2fConfigEnabled: true + # -- u2f config ingress resource labels. key app is taken + u2fConfigLabels: { } + # -- u2f config ingress resource additional annotations. + u2fAdditionalAnnotations: { } + # -- Enable endpoint /.well-known/fido2-configuration + fido2ConfigEnabled: false + # -- fido2 config ingress resource labels. key app is taken + fido2ConfigLabels: { } + # -- fido2 config ingress resource additional annotations. + fido2ConfigAdditionalAnnotations: { } + # -- Enable Auth server endpoints /jans-auth + authServerEnabled: true + # -- Auth server ingress resource labels. key app is taken + authServerLabels: { } + # -- Auth server ingress resource additional annotations. + authServerAdditionalAnnotations: { } + # -- Enable mTLS on Auth server endpoint /jans-auth/restv1/token + authServerProtectedToken: false + # -- Auth server protected token ingress resource labels. key app is taken + authServerProtectedTokenLabels: { } + # -- Auth server protected token ingress resource additional annotations. + authServerProtectedTokenAdditionalAnnotations: { } + # -- Enable mTLS onn Auth server endpoint /jans-auth/restv1/register + authServerProtectedRegister: false + # -- Auth server protected token ingress resource labels. key app is taken + authServerProtectedRegisterLabels: { } + # -- Auth server protected register ingress resource additional annotations. + authServerProtectedRegisterAdditionalAnnotations: { } + # -- Additional labels that will be added across all ingress definitions in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across all ingress definitions in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + # Enable client certificate authentication + # nginx.ingress.kubernetes.io/auth-tls-verify-client: "optional" + # Create the secret containing the trusted ca certificates + # nginx.ingress.kubernetes.io/auth-tls-secret: "gluu/tls-certificate" + # Specify the verification depth in the client certificates chain + # nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1" + # Specify if certificates are passed to upstream server + # nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" + additionalAnnotations: {} + path: / + hosts: + - demoexample.gluu.org + # -- Secrets holding HTTPS CA cert and key. + tls: + - secretName: tls-certificate + hosts: + - demoexample.gluu.org + +# -- OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions. +opendj: + # -- Configure ldap backup cronjob + backup: + enabled: true + cronJobSchedule: "*/59 * * * *" + # -- Configure the HorizontalPodAutoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/opendj + # -- Image tag to use for deploying. + tag: 5.0.0_dev + # -- Image Pull Secrets + pullSecrets: [ ] + multiCluster: + # -- Enable OpenDJ multiCluster mode. This flag enables loading keys under `opendj.multiCluster` + enabled: false + # -- OpenDJ Serf advertise address suffix that will be added to each opendj replica. + # i.e RELEASE-NAME-opendj-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }} + serfAdvertiseAddrSuffix: "regional.gluu.org:30946" + # -- Serf key. This key will automatically sync across clusters. + serfKey: Z51b6PgKU1MZ75NCZOTGGoc0LP2OF3qvF6sjxHyQCYk= + # -- Serf peer addresses. One per cluster. + serfPeers: + - "gluu-opendj-regional-0-regional.gluu.org:30946" + - "gluu-opendj-regional-0-regional.gluu.org:31946" + # -- The number of opendj non scalabble statefulsets to create. Each pod created must be resolvable as it follows + # the patterm RELEASE-NAME-opendj-regional-{{statefulset pod number}}-{{ $.Values.multiCluster.serfAdvertiseAddrSuffix }} + # If set to 1, with a release name of gluu, the address of the pod would be gluu-opendj-regional-0-regional.gluu.org + replicaCount: 1 + # -- This id needs to be unique to each kubernetes cluster in a multi cluster setup + # west, east, south, north, region ...etc If left empty it will be randomly generated. + clusterId: "" + # -- Namespace int id. This id needs to be a unique number 0-9 per gluu installation per namespace. + # Used when gluu is installed in the same kubernetes cluster more than once. + namespaceIntId: 0 + + persistence: + # -- OpenDJ volume size + size: 5Gi + ports: + tcp-admin: + nodePort: "" + port: 4444 + protocol: TCP + targetPort: 4444 + tcp-ldap: + nodePort: "" + port: 1389 + protocol: TCP + targetPort: 1389 + tcp-ldaps: + nodePort: "" + port: 1636 + protocol: TCP + targetPort: 1636 + tcp-repl: + nodePort: "" + port: 8989 + protocol: TCP + targetPort: 8989 + tcp-serf: + nodePort: "" + port: 7946 + protocol: TCP + targetPort: 7946 + udp-serf: + nodePort: "" + port: 7946 + protocol: UDP + targetPort: 7946 + # -- Service replica number. + replicas: 1 + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 1500m + # -- Memory limit. + memory: 2000Mi + requests: + # -- CPU request. + cpu: 1500m + # -- Memory request. + memory: 2000Mi + # -- Configure the liveness healthcheck for OpenDJ if needed. + # https://github.com/GluuFederation/docker-opendj/blob/master/scripts/healthcheck.py + livenessProbe: + # -- Executes the python3 healthcheck. + exec: + command: + - python3 + - /app/scripts/healthcheck.py + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 20 + # -- Configure the readiness healthcheck for OpenDJ if needed. + # https://github.com/GluuFederation/docker-opendj/blob/master/scripts/healthcheck.py + readinessProbe: + tcpSocket: + port: 1636 + initialDelaySeconds: 60 + timeoutSeconds: 5 + periodSeconds: 25 + failureThreshold: 20 + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- Gluu interface to Passport.js to support social login and inbound identity. +oxpassport: + # -- Configure the HorizontalPodAutoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/oxpassport + # -- Image tag to use for deploying. + tag: 5.0.0_dev + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Service replica number + replicas: 1 + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 700m + # -- Memory limit. + memory: 900Mi + requests: + # -- CPU request. + cpu: 700m + # -- Memory request. + memory: 900Mi + # -- Configure the liveness healthcheck for oxPassport if needed. + livenessProbe: + httpGet: + # -- http liveness probe endpoint + path: /passport/health-check + port: http-passport + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 20 + # -- Configure the readiness healthcheck for the oxPassport if needed. + readinessProbe: + httpGet: + # -- http readiness probe endpoint + path: /passport/health-check + port: http-passport + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 + failureThreshold: 20 + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- Shibboleth project for the Gluu Server's SAML IDP functionality. +oxshibboleth: + # -- Configure the HorizontalPodAutoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: gluufederation/oxshibboleth + # -- Image tag to use for deploying. + tag: 5.0.0_dev + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Service replica number. + replicas: 1 + # -- Resource specs. + resources: + limits: + # -- CPU limit. + cpu: 1000m + # -- Memory limit. + memory: 1000Mi + requests: + # -- CPU request. + cpu: 1000m + # -- Memory request. + memory: 1000Mi + # -- Configure the liveness healthcheck for the oxShibboleth if needed. + livenessProbe: + httpGet: + # -- http liveness probe endpoint + path: /idp + port: http-oxshib + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + # -- Configure the readiness healthcheck for the casa if needed. + readinessProbe: + httpGet: + # -- http liveness probe endpoint + path: /idp + port: http-oxshib + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- Job to generate data and intial config for Gluu Server persistence layer. +persistence: + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: janssenproject/persistence-loader + # -- Image tag to use for deploying. + tag: 1.0.0-beta.14 + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Resource specs. + resources: + limits: + # -- CPU limit + cpu: 300m + # -- Memory limit. + memory: 300Mi + requests: + # -- CPU request. + cpu: 300m + # -- Memory request. + memory: 300Mi + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } +# -- System for Cross-domain Identity Management (SCIM) version 2.0 +scim: + # -- Configure the HorizontalPodAutoscaler + hpa: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 50 + # -- metrics if targetCPUUtilizationPercentage is not set + metrics: [] + # -- Scaling Policies + behavior: {} + # -- Add custom normal and secret envs to the service + usrEnvs: + # -- Add custom normal envs to the service + # variable1: value1 + normal: {} + # -- Add custom secret envs to the service + # variable1: value1 + secret: {} + # -- Add custom dns policy + dnsPolicy: "" + # -- Add custom dns config + dnsConfig: {} + image: + # -- Image pullPolicy to use for deploying. + pullPolicy: IfNotPresent + # -- Image to use for deploying. + repository: janssenproject/scim + # -- Image tag to use for deploying. + tag: 1.0.0-beta.14 + # -- Image Pull Secrets + pullSecrets: [ ] + # -- Service replica number. + replicas: 1 + resources: + limits: + # -- CPU limit. + cpu: 1000m + # -- Memory limit. + memory: 1000Mi + requests: + # -- CPU request. + cpu: 1000m + # -- Memory request. + memory: 1000Mi + service: + # -- The name of the scim port within the scim service. Please keep it as default. + name: http-scim + # -- Port of the scim service. Please keep it as default. + port: 8080 + # -- Configure the liveness healthcheck for SCIM if needed. + livenessProbe: + httpGet: + # -- http liveness probe endpoint + path: /jans-scim/sys/health-check + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + # -- Configure the readiness healthcheck for the SCIM if needed. + readinessProbe: + httpGet: + # -- http readiness probe endpoint + path: /jans-scim/sys/health-check + port: 8080 + initialDelaySeconds: 25 + periodSeconds: 25 + timeoutSeconds: 5 + # -- Configure any additional volumes that need to be attached to the pod + volumes: [] + # -- Configure any additional volumesMounts that need to be attached to the containers + volumeMounts: [] + + # -- Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} + additionalLabels: { } + # -- Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} + additionalAnnotations: { } diff --git a/helm/pygluu/kubernetes/templates/ldap/base/101-ox.yaml b/helm/pygluu/kubernetes/templates/ldap/base/101-ox.yaml new file mode 100644 index 00000000000..7a304edc12f --- /dev/null +++ b/helm/pygluu/kubernetes/templates/ldap/base/101-ox.yaml @@ -0,0 +1,2833 @@ +apiVersion: v1 +data: + 101-ox.ldif: |+ + dn: cn=schema + objectClass: top + objectClass: ldapSubentry + objectClass: subschema + cn: schema + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.1 NAME ( 'oxAssociatedClient' 'associatedClient' ) + DESC 'Associate the dn of an OAuth2 client with a person or UMA Resource Set.' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.2 NAME 'associatedPerson' + DESC 'Reference the dn of a person.' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.3 NAME 'blowfishPassword' + DESC 'Blowfish crypted text' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.4 NAME 'county' + DESC 'ISO 3166-1 Alpha-2 Country Code' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.5 NAME 'creationDate' + DESC 'Creation Date used for password reset requests' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.6 NAME 'defaultScope' + DESC 'Track the default scope for an custom OAuth2 Scope.' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.7 NAME 'deployedAppliances' + DESC 'Track which appliances are deployed at an organization.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.8 NAME 'federationRules' + DESC 'Track rules for the federation in Gluu SAML config. Deprecated as multi-party federation management should move to Jagger.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.9 NAME 'gluuAddPersonCapability' + DESC 'Organizational attribute to control whether new users can be added via the oxTrust GUI.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.10 NAME 'gluuAdditionalBandwidth' + DESC 'Track bandwidth requirements for the Gluu Server instance' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.11 NAME 'gluuAdditionalMemory' + DESC 'Track additional memory requirements for the Gluu Server instance.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.12 NAME 'gluuAdditionalUsers' + DESC 'TODO : use unclear' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.13 NAME 'gluuApplianceDnsServer' + DESC 'Persist the DNS server that should be used for the Gluu Server instance.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.14 NAME 'gluuAppliancePollingInterval' + DESC 'Set the frequency of the health status update of the Gluu Server' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.15 NAME ( 'gluuApplianceUpdateRequestList' 'gluuApplianceUpdateReuestList' ) + DESC 'Used by the Gluu Server to request an update' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.16 NAME 'gluuAttributeViewType' + DESC 'Specify in oxTrust who can view an attribute, admin or user' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.17 NAME 'gluuAttributeEditType' + DESC 'Specify in oxTrust who can update an attribute, admin or user' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.18 NAME 'gluuAttributeName' + DESC 'Specify an identifier for an attribute. May be multi-value where an attribute has two names, like givenName and first-name.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.19 NAME 'gluuAttributeOrigin' + DESC 'Specify the person objectclass associated with the attribute, used for display purposes in oxTrust.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.20 NAME 'gluuAttributeSystemEditType' + DESC 'TODO - still required?' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.21 NAME 'gluuAttributeType' + DESC 'Data type of attribute. Values can be string, photo, numeric, date' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.22 NAME 'gluuAttributeUsageType' + DESC 'TODO - Usage? Value can be OpenID' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.23 NAME 'gluuBandwidthRX' + DESC 'Track data received by the Gluu Server' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.24 NAME 'gluuBandwidthTX' + DESC 'Track data sent by the Gluu Server' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.25 NAME 'gluuCategory' + DESC 'TODO - in use? Used to group attributes together.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.26 NAME 'gluuContainerFederation' + DESC 'SAML Trust Relationship federation info' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.27 NAME 'gluuCustomMessage' + DESC 'oxTrust custom welcome message' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.28 NAME 'gluuDSstatus' + DESC 'Monitor health of the instance LDAP server.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.29 NAME 'gluuEntityId' + DESC 'Specifies SAML trust relationship entity ID' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.30 NAME 'gluuFaviconImage' + DESC 'TODO - Stores URL of favicon' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.31 NAME 'gluuFederationHostingEnabled' + DESC 'oxTrust flag for the federation feature. Values enabled or disabled.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.32 NAME 'gluuFreeDiskSpace' + DESC 'Monitor free disk space on the Gluu Server instance' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.33 NAME 'gluuFreeMemory' + DESC 'Monitor free memory on the Gluu Server instance' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.34 NAME 'gluuFreeSwap' + DESC 'Monitor swap space on the Gluu Server instance' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.35 NAME 'gluuHTTPstatus' + DESC 'Monitor HTTP availability of the Gluu Server instance' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.36 NAME 'gluuGroupCount' + DESC 'Monitor the number of groups. TODO - Remove?' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.37 NAME 'gluuGroupType' + DESC 'Type of Group. Not used.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.38 NAME 'gluuGroupVisibility' + DESC 'Group visibility. Not used.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.39 NAME 'gluuHostname' + DESC 'The hostname of the Gluu Server instance' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.40 NAME 'gluuInvoiceAmount' + DESC 'TODO - in use?' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.41 NAME 'gluuInvoiceDate' + DESC 'TODO - in use?' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.42 NAME 'gluuInvoiceLineItemName' + DESC 'TODO - in use?' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.43 NAME 'gluuInvoiceNo' + DESC 'TODO - in use?' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.44 NAME 'gluuInvoiceNumber' + DESC 'TODO - in use?' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.45 NAME 'gluuInvoiceProductNumber' + DESC 'TODO - in use?' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.46 NAME 'gluuInvoiceQuantity' + DESC 'TODO - in use?' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.47 NAME 'gluuInvoiceStatus' + DESC 'TODO - in use?' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.48 NAME 'gluuIpAddress' + DESC 'IP address of the Gluu Server instance' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.49 NAME 'gluuIsFederation' + DESC 'Used in oxTrust to specify if a SAML Trust Relationship is a federation. It could also be a website' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.50 NAME 'gluuLastUpdate' + DESC 'Monitors last time the server was able to connect to the monitoring system.' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.51 NAME ( 'gluuLifeRay' 'TODO-remove' ) + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.52 NAME 'gluuLoadAvg' + DESC 'Montior the average CPU load for a Gluu Server instance.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.53 NAME 'gluuLogoImage' + DESC 'Logo used by oxTrust for default look and feel.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.54 NAME 'gluuManageIdentityPermission' + DESC 'TODO - in use?' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.55 NAME 'gluuManagedOrganizations' + DESC 'Used to track with which organizations a person is associated' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.56 NAME 'gluuManager' + DESC 'Used to specify if a person has the manager role' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.57 NAME 'gluuManagerGroup' + DESC 'Used in organizatoin entry to specifies the dn of the group that has admin priviledges in oxTrust.' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.58 NAME 'gluuMaxLogSize' + DESC 'Maximum Log File Size' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.59 NAME 'gluuOptOuts' + DESC 'White pages attributes restricted by person in oxTrust profile management' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.60 NAME 'gluuOrgProfileMgt' + DESC 'enable or disable profile management feature in oxTrust' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.61 NAME 'gluuOrgShortName' + DESC 'Short description, as few letters as possible, no spaces.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.62 NAME 'gluuPaidUntil' + DESC 'TODO - in use?' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.63 NAME 'gluuPaymentProcessorTimestamp' + DESC 'TODO - in use?' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.64 NAME 'gluuPersonCount' + DESC 'Monitor the number of people in the LDAP severs for a Gluu Server instance' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.65 NAME 'gluuPrivate' + DESC 'TODO - in use?' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.66 NAME 'gluuProStoresUser' + DESC 'TODO - remove' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.67 NAME 'gluuProfileConfiguration' + DESC 'SAML Trust Relationship attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.68 NAME 'gluuPublishIdpMetadata' + DESC 'Gluu Server flag to publish the IDP metadata via the web server' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.69 NAME 'gluuReleasedAttribute' + DESC 'oxTrust reference for the dn of the released attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.70 NAME 'gluuResizeInitiated' + DESC 'TODO - in use?' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.71 NAME 'gluuRulesAccepted' + DESC 'TODO - use unknown for Gluu SAML config' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.72 NAME 'gluuSAML1URI' + DESC 'SAML 1 uri of attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.73 NAME 'gluuSAML2URI' + DESC 'SAML 2 uri of attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.74 NAME 'gluuSAMLMetaDataFilter' + DESC 'Metadata filter in SAML trust relationship' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.75 NAME 'gluuSAMLTrustEngine' + DESC 'SAML trust relationship configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.76 NAME 'gluuSAMLmaxRefreshDelay' + DESC 'SAML trust relationship refresh time' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.77 NAME 'gluuSAMLspMetaDataFN' + DESC 'SAML Trust Relationship file location of metadata' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.78 NAME 'gluuSAMLspMetaDataSourceType' + DESC 'SAML Trust Relationship SP metadata type - file, URI, federation' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.79 NAME 'gluuSAMLspMetaDataURL' + DESC 'SAML Trust Relationship URI location of metadata' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.80 NAME 'gluuSLAManager' + DESC 'Specifies if the person has the SLA manager role' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.81 NAME 'gluuSPTR' + DESC 'TODO - in use?' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.82 NAME 'gluuScimEnabled' + DESC 'oxTrust SCIM feature - enabled or disabled' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.83 NAME 'gluuShibAssertionsIssued' + DESC 'Monitors activity of Gluu Server Shibboleth IDP' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.84 NAME 'gluuShibFailedAuth' + DESC 'Monitors failed login attempts on Gluu Server Shibboleth IDP' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.85 NAME 'gluuShibSecurityEvents' + DESC 'Monitors security events on Gluu Server Shibboleth IDP' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.86 NAME 'gluuShibSuccessfulAuths' + DESC 'Monitors login attempts on Gluu Server Shibboleth IDP' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.87 NAME 'gluuSmtpFromEmailAddress' + DESC 'Gluu Server SMTP configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.88 NAME 'gluuSmtpFromName' + DESC 'SMTP From Name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.89 NAME 'gluuSmtpHost' + DESC 'SMTP Host' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.90 NAME 'gluuSmtpPassword' + DESC 'SMTP User Password' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.91 NAME 'gluuSmtpPort' + DESC 'SMTP Port' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.92 NAME 'gluuSmtpRequiresAuthentication' + DESC 'SMTP Requires Authentication' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.93 NAME 'gluuSmtpRequiresSsl' + DESC 'SMTP Requires SSL' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.94 NAME 'gluuSmtpUserName' + DESC 'SMTP User Name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.95 NAME 'gluuSpecificRelyingPartyConfig' + DESC 'SAML Trust Relationship configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.96 NAME 'gluuSslExpiry' + DESC 'SAML Trust Relationship configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.97 NAME 'gluuStatus' + DESC 'Status of the entry, used by many objectclasses' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.98 NAME 'gluuSystemUptime' + DESC 'Monitors how long the Gluu Server instance has been running.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.99 NAME 'gluuTargetRAM' + DESC 'Monitors total available RAM on Gluu Server instance' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.100 NAME 'gluuTempFaviconImage' + DESC 'Store location for upload of Favicon' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.101 NAME 'gluuThemeColor' + DESC 'oxTrust login page configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.102 NAME 'gluuTrustContact' + DESC 'oxTrust login page configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.103 NAME 'gluuTrustDeconstruction' + DESC 'TODO - in use?' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.104 NAME 'gluuUrl' + DESC 'Gluu instance URL' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.105 NAME 'gluuVDSenabled' + DESC 'oxTrust VDS enabled or disabled' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.106 NAME 'gluuVDSstatus' + DESC 'Gluu VDS configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.107 NAME 'gluuValidationLog' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.108 NAME 'gluuValidationStatus' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.109 NAME 'gluuVdsCacheRefreshEnabled' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.110 NAME 'gluuVdsCacheRefreshLastUpdate' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.111 NAME 'gluuVdsCacheRefreshLastUpdateCount' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.112 NAME 'gluuVdsCacheRefreshPollingInterval' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.113 NAME 'gluuVdsCacheRefreshProblemCount' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.114 NAME 'gluuWhitePagesEnabled' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.115 NAME 'gluuWhitePagesListed' + DESC 'Allow Publication' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.116 NAME 'iname' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.117 NAME 'inum' + DESC 'XRI i-number' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.118 NAME 'inumFN' + DESC 'XRI i-number sans punctuation' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.119 NAME 'literalBinaryValue' + DESC 'OX literalValue' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.120 NAME 'literalValue' + DESC 'OX literalValue' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.121 NAME 'memberOf' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.122 NAME 'nonProfit' + DESC 'TODO - in use?' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.123 NAME 'organizationalOwner' + DESC 'OX organizationalOwner' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.124 NAME 'oxAmHost' + DESC 'am host' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.125 NAME 'oxAuthClaimName' + DESC 'Used by oxAuth in conjunction with gluuttributeName to map claims to attributes in LDAP.' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.126 NAME 'oxAuthAppType' + DESC 'oxAuth App Type' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.127 NAME 'authnTime' + DESC 'oxAuth Authentication Time' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.128 NAME 'authzCode' + DESC 'oxAuth authorization code' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.129 NAME 'oxAuthClaim' + DESC 'oxAuth Attribute Claim' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.130 NAME 'oxAuthGroupClaims' + DESC 'oxAuth Group Attribute Claims (true or false)' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.131 NAME 'oxAuthClientId' + DESC 'oxAuth Client id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.132 NAME 'clnId' + DESC 'oxAuth Client id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.133 NAME 'oxAuthClientIdIssuedAt' + DESC 'oxAuth Client Issued At' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.134 NAME 'oxAuthClientSecret' + DESC 'oxAuth Client Secret' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.135 NAME 'oxAuthClientSecretExpiresAt' + DESC 'Date client expires' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.136 NAME 'oxAuthClientURI' + DESC 'oxAuth Client URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.137 NAME 'oxAuthConfDynamic' + DESC 'oxAuth Dynamic Configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.138 NAME 'oxAuthConfErrors' + DESC 'oxAuth Errors Configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.139 NAME 'oxAuthConfStatic' + DESC 'oxAuth Static Configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.140 NAME 'oxAuthConfWebKeys' + DESC 'oxAuth Web Keys Configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.141 NAME 'oxAuthContact' + DESC 'oxAuth Contact' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.142 NAME 'iat' + DESC 'oxAuth Creation' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.143 NAME 'oxAuthDefaultAcrValues' + DESC 'oxAuth Default Acr Values' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.144 NAME 'oxAuthDefaultMaxAge' + DESC 'oxAuth Default Max Age' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.145 NAME 'exp' + DESC 'oxAuth Expiration' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.146 NAME 'grtId' + DESC 'oxAuth grant id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.147 NAME 'oxAuthGrantType' + DESC 'oxAuth Grant Type' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.148 NAME 'grtTyp' + DESC 'oxAuth Grant Type' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.149 NAME 'oxAuthIdTokenEncryptedResponseAlg' + DESC 'oxAuth ID Token Encrypted Response Alg' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.150 NAME 'oxAuthIdTokenEncryptedResponseEnc' + DESC 'oxAuth ID Token Encrypted Response Enc' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.151 NAME 'oxAuthIdTokenSignedResponseAlg' + DESC 'oxAuth ID Token Signed Response Alg' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.152 NAME 'oxAuthInitiateLoginURI' + DESC 'oxAuth Initiate Login URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.153 NAME 'oxAuthJwksURI' + DESC 'oxAuth JWKs URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.154 NAME 'oxAuthJwks' + DESC 'oxAuth JWKs' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.155 NAME 'jwtReq' + DESC 'oxAuth JWT Request' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.156 NAME 'oxAuthLogoURI' + DESC 'oxAuth Logo URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.157 NAME 'nnc' + DESC 'oxAuth nonce' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.158 NAME 'oxSessionState' + DESC 'oxAuth Session State' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.159 NAME 'oxAuthPermissionGrantedMap' + DESC 'oxAuth Permission Granted Map' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.160 NAME 'oxAuthPersistentJWT' + DESC 'oxAuth Persistent JWT' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.161 NAME 'oxAuthPolicyURI' + DESC 'oxAuth Policy URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.162 NAME 'oxAuthLogoutURI' + DESC 'oxAuth Policy URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.163 NAME 'oxAuthLogoutSessionRequired' + DESC 'oxAuth Policy URI' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.164 NAME 'oxAuthPostLogoutRedirectURI' + DESC 'oxAuth Post Logout Redirect URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.165 NAME 'oxAuthRedirectURI' + DESC 'oxAuth Redirect URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.166 NAME 'oxAuthRegistrationAccessToken' + DESC 'oxAuth Registration Access Token' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.167 NAME 'oxAuthReleasedScope' + DESC 'oxAuth released scope attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.168 NAME 'oxAuthRequestObjectSigningAlg' + DESC 'oxAuth Request Object Signing Alg' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.169 NAME 'oxAuthRequestObjectEncryptionAlg' + DESC 'oxAuth Request Object Encryption Alg' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.170 NAME 'oxAuthRequestObjectEncryptionEnc' + DESC 'oxAuth Request Object Encryption Enc' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.171 NAME 'oxAuthRequestURI' + DESC 'oxAuth Request URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.172 NAME 'oxAuthRequireAuthTime' + DESC 'oxAuth Require Authentication Time' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.173 NAME 'oxAuthResponseType' + DESC 'oxAuth Response Type' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.174 NAME 'oxAuthScope' + DESC 'oxAuth Attribute Scope' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.175 NAME 'scp' + DESC 'oxAuth Attribute Scope' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.176 NAME 'oxScopeType' + DESC 'OX Attribute Scope type' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.177 NAME 'oxAuthSectorIdentifierURI' + DESC 'oxAuth Sector Identifier URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.178 NAME 'oxAuthSignedResponseAlg' + DESC 'oxAuth Signed Response Alg' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.179 NAME 'oxAuthSkipAuthorization' + DESC 'oxAuth skip authorization attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.180 NAME 'oxAuthSubjectType' + DESC 'oxAuth Subject Type' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.181 NAME 'tknCde' + DESC 'oxAuth Token Code' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.182 NAME 'oxAuthTokenEndpointAuthMethod' + DESC 'oxAuth Token Endpoint Auth Method' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.183 NAME 'oxAuthTokenEndpointAuthSigningAlg' + DESC 'oxAuth Token Endpoint Auth Signing Alg' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.184 NAME 'tknTyp' + DESC 'oxAuth Token Type' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.185 NAME 'oxAuthTosURI' + DESC 'oxAuth TOS URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.186 NAME 'oxAuthTrustedClient' + DESC 'oxAuth Trusted Client' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.187 NAME 'oxAuthUmaScope' + DESC 'URI reference of scope descriptor' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.188 NAME 'oxAuthUserDN' + DESC 'oxAuth User DN' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.189 NAME ( 'oxAuthUserId' 'usrId' ) + DESC 'oxAuth user id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.190 NAME 'oxAuthUserInfoEncryptedResponseAlg' + DESC 'oxAuth User Info Encrypted Response Alg' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.191 NAME 'oxAuthUserInfoEncryptedResponseEnc' + DESC 'oxAuth User Info Encrypted Response Enc' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.192 NAME 'oxAuthExtraConf' + DESC 'oxAuth additional configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.193 NAME 'oxAuthX509PEM' + DESC 'oxAuth x509 in PEM format' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.194 NAME 'oxAuthX509URL' + DESC 'oxAuth x509 URL' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.195 NAME 'oxAuthenticationMode' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.196 NAME 'acr' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.197 NAME 'oxTrustAuthenticationMode' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.198 NAME 'oxConfigurationCode' + DESC 'ox configuration code' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.199 NAME 'oxCreationTimestamp' + DESC 'Registration time' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.200 NAME 'oxDomain' + DESC 'domain' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.201 NAME 'oxExternalUid' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.202 NAME 'oxOTPCache' + DESC 'Stores a used OTP to prevent a hacker from using it again. Complementary to oxExternalUid attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.203 NAME 'oxFaviconImage' + DESC 'URI for a graphic icon' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.204 NAME 'oxGroup' + DESC 'User group' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.205 NAME 'oxGuid' + DESC 'A random string to mark temporary tokens' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.206 NAME 'uuid' + DESC 'Unique identifier' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.207 NAME 'oxHost' + DESC 'ox host' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.208 NAME 'oxIDPAuthentication' + DESC 'Custom IDP authentication configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.209 NAME 'oxIconUrl' + DESC 'ox icon url' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.210 NAME 'oxId' + DESC 'Identifier' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.211 NAME 'sid' + DESC 'Session Identifier' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.212 NAME 'oxAsJwt' + DESC 'Boolean field to indicate whether object is used as JWT' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.213 NAME 'oxJwt' + DESC 'JWT representation of the object or otherwise jwt associated with the object' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.214 NAME 'oxInvolvedClients' + DESC 'Involved clients' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.215 NAME 'oxLastAccessTime' + DESC 'Last access time' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.216 NAME 'oxLastLogonTime' + DESC 'Last logon time' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.217 NAME 'oxLinkCreator' + DESC 'Link Creator' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.218 NAME 'oxLinkExpirationDate' + DESC 'Link Expiration Date' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.219 NAME 'oxLinkLinktrack' + DESC 'Linktrack link' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.220 NAME 'oxLinkModerated' + DESC 'Is Link Moderated?' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.221 NAME 'oxLinkModerators' + DESC 'Link Moderators' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.222 NAME 'oxLinkPending' + DESC 'Pending Registrations' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.223 NAME 'oxLinktrackEnabled' + DESC 'Is Linktrack API configured' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.224 NAME 'oxLinktrackLogin' + DESC 'Linktrack API login' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.225 NAME 'oxLinktrackPassword' + DESC 'Linktrack API password' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.226 NAME 'oxLogViewerConfig' + DESC 'Log viewer configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.227 NAME 'oxMultivaluedAttribute' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.228 NAME 'oxName' + DESC 'Name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.229 NAME 'oxNameIdType' + DESC 'NameId Type' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.230 NAME 'oxPolicyRule' + DESC 'Policy Rule' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.231 NAME 'oxUmaPolicyScriptDn' + DESC 'OX policy script Dn' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.232 NAME 'oxProxConf' + DESC 'oxProx Configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.233 NAME 'oxProxyAccessToken' + DESC 'oxProx access token' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.234 NAME 'oxProxyClaimMapping' + DESC 'oxProx claim mapping' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.235 NAME 'oxState' + DESC 'oxState' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.236 NAME 'oxCounter' + DESC 'oxCounter' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.237 NAME 'oxStatus' + DESC 'oxStatus' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.238 NAME 'oxApplication' + DESC 'oxApplication' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.239 NAME 'oxDeviceRegistrationConf' + DESC 'oxDeviceRegistrationConf' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.240 NAME 'oxDeviceKeyHandle' + DESC 'oxDeviceKeyHandle' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.241 NAME 'oxDeviceHashCode' + DESC 'oxDeviceHashCode' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.242 NAME 'oxRequest' + DESC 'oxRequest' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.243 NAME 'oxRequestId' + DESC 'oxRequestId' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.244 NAME 'oxDeviceData' + DESC 'oxDeviceData' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.245 NAME 'oxEnrollmentCode' + DESC 'oxEnrollmentCode' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.246 NAME 'oxProxyClientId' + DESC 'oxProx client id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.247 NAME 'oxProxyScope' + DESC 'oxProx scope' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.248 NAME 'oxProxyToOpClientMapping' + DESC 'oxProx client mapping to op client' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.249 NAME 'oxPushApplication' + DESC 'oxPush application DN' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.250 NAME 'oxPushApplicationConf' + DESC 'oxPush application configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.251 NAME 'oxPushDeviceConf' + DESC 'oxPush device configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.252 NAME 'oxRegistrationConfiguration' + DESC 'Registration Configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.253 NAME 'oxResource' + DESC 'Host path' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.254 NAME 'oxResourceSetId' + DESC 'ox resource set id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.255 NAME 'oxRevision' + DESC 'Revision' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.256 NAME 'oxLevel' + DESC 'Level' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.257 NAME 'oxSCIMCustomAttribute' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.258 NAME 'oxScript' + DESC 'Attribute that contains script (python, java script)' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.259 NAME 'oxScriptDn' + DESC 'Script object DN' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.260 NAME 'oxScriptType' + DESC 'Attribute that contains script type (e.g. python, java script)' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.261 NAME 'oxScriptError' + DESC 'Attribute that contains first error which application get during it execution' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.262 NAME 'oxSmtpConfiguration' + DESC 'SMTP configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.263 NAME 'oxSourceAttribute' + DESC 'Source Attribute for this Attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.264 NAME 'oxTicket' + DESC 'ox ticket' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.265 NAME 'oxTrustActive' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.266 NAME 'oxTrustCacheRefreshServerIpAddress' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Specifies the oxTrust server which should run Cache refresh' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.267 NAME 'oxTrustAddresses' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.268 NAME 'oxTrustConfApplication' + DESC 'oxTrust Application Configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.269 NAME 'oxTrustConfCacheRefresh' + DESC 'oxTrust Cache Refresh Configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.270 NAME 'oxConfApplication' + DESC 'ox Application Configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.271 NAME 'oxTrustCustAttrB' + DESC 'scim status' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.272 NAME 'oxTrustEmail' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.273 NAME 'oxTrustEntitlements' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.274 NAME 'oxTrustExternalId' + EQUALITY caseExactMatch + SUBSTR caseExactSubStringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.275 NAME 'oxTrustImsValue' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.276 NAME 'oxTrustMetaCreated' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.277 NAME 'oxTrustMetaLastModified' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.278 NAME 'oxTrustMetaLocation' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.279 NAME 'oxTrustMetaVersion' + EQUALITY caseExactMatch + SUBSTR caseExactSubStringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.280 NAME 'oxTrustNameFormatted' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.281 NAME 'oxTrustPhoneValue' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.282 NAME 'oxTrustPhotos' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.283 NAME 'oxTrustProfileURL' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.284 NAME 'oxTrustRole' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.285 NAME 'oxTrustStoreCert' + DESC 'oxPush device configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.286 NAME 'oxTrustStoreConf' + DESC 'oxPush application configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.287 NAME 'oxTrustTitle' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.288 NAME 'oxTrustUserType' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.289 NAME 'oxTrusthonorificPrefix' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.290 NAME 'oxTrusthonorificSuffix' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.291 NAME 'oxTrustx509Certificate' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.292 NAME 'oxType' + DESC 'ox type' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.293 NAME 'oxUmaPermission' + DESC 'ox uma permission' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.294 NAME 'oxUrl' + DESC 'ox url' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.295 NAME 'oxX509PEM' + DESC 'x509 in PEM format' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.296 NAME 'oxX509URL' + DESC 'x509 URL' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.297 NAME 'passwordResetAllowed' + DESC 'Is password reset mechanics allowed' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.298 NAME 'persistentId' + DESC 'PersistentId' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Persistent ID reserved for SAML' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.299 NAME 'personInum' + DESC 'Inum of a person' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.300 NAME 'primaryKeyAttrName' + DESC 'Primary Key Attribute Name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.301 NAME 'primaryKeyValue' + DESC 'Primary Key Value' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.302 NAME 'proStoresToken' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.303 NAME 'programmingLanguage' + DESC 'programming language' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.304 NAME 'prostoresTimestamp' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.305 NAME 'registrationDate' + DESC 'Registration date' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.306 NAME 'role' + DESC 'Role' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.307 NAME 'scimAuthMode' + DESC 'SCIM Authorization mode' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.308 NAME 'scimGroup' + DESC 'scim Group' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.309 NAME 'scimStatus' + DESC 'scim status' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.310 NAME 'secondaryKeyAttrName' + DESC 'Secondary Key Attribute Name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.311 NAME 'secondaryKeyValue' + DESC 'Secondary Key Value' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.312 NAME 'secretAnswer' + DESC 'Secret Answer' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.313 NAME 'secretQuestion' + DESC 'Secret Question' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.314 NAME 'softwareVersion' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.315 NAME 'sourceRelationalXdiStatement' + DESC 'OX SourceRelationalXdiStatement' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.316 NAME 'targetRelationalXdiStatement' + DESC 'OX TargetRelationalXdiStatement' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.317 NAME 'tertiaryKeyAttrName' + DESC 'Tertiary Key Attribute Name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.318 NAME 'tertiaryKeyValue' + DESC 'Tertiary Key Value' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.319 NAME 'transientId' + DESC 'TransientId' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.320 NAME 'url' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.321 NAME 'urn' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.322 NAME 'x' + DESC 'OX XRI Component' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.323 NAME 'xdiStatement' + DESC 'OX xdiStatement' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.324 NAME 'xri' + DESC 'OX XRI address' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.325 NAME ( 'middleName' 'oxTrustMiddleName' ) + DESC 'Middle name(s)' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.326 NAME ( 'nickname' 'oxTrustnickname' ) + DESC 'Casual name of the End-User' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.327 NAME 'preferredUsername' + DESC 'Shorthand Name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.328 NAME 'profile' + DESC 'Profile page URL of the person' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.329 NAME ( 'picture' 'photo1' ) + DESC 'Profile picture URL of the person' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.330 NAME 'website' + DESC 'Web page or blog URL of the person' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.331 NAME 'emailVerified' + DESC 'True if the e-mail address of the person has been verified; otherwise false' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.332 NAME 'gender' + DESC 'Gender of the person either female or male' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.333 NAME 'birthdate' + DESC 'Birthday of the person, represented as an ISO 8601:2004 [ISO8601‑2004] YYYY-MM-DD format' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.334 NAME ( 'zoneinfo' 'timezone' ) + DESC 'Time zone database representing the End-Users time zone. For example, Europe/Paris or America/Los_Angeles' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.335 NAME ( 'locale' 'oxTrustLocale' ) + DESC 'Locale of the person, represented as a BCP47 [RFC5646] language tag' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.336 NAME 'phoneNumberVerified' + DESC 'True if the phone number of the person has been verified, otherwise false' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.337 NAME 'address' + DESC 'OpenID Connect formatted JSON object representing the address of the person' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.338 NAME 'updatedAt' + DESC 'Time the information of the person was last updated. Seconds from 1970-01-01T0:0:0Z' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.339 NAME 'gluuRegExp' + DESC 'Regular expression used to validate attribute data' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.340 NAME 'gluuTooltip' + DESC 'Custom tooltip to be shown on the UI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'OpenID Connect 1.0 Standard Claim' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.341 NAME 'oxModuleProperty' + DESC 'Module property' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.342 NAME 'oxConfigurationProperty' + DESC 'Configuration property' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.343 NAME 'oxAuthSessionAttribute' + DESC 'oxAuthSessionAttribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.344 NAME 'researchAndScholarshipEnabled' + DESC 'Trust relationship attribute to show that InCommon R&S activated' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.345 NAME 'oxStartDate' + DESC 'Start date' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.346 NAME 'oxEndDate' + DESC 'End date' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.347 NAME 'oxApplicationType' + DESC 'Application type' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.348 NAME 'oxMetricType' + DESC 'Metric type' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.349 NAME 'oxData' + DESC 'OX data' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.350 NAME 'dat' + DESC 'OX data' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.351 NAME 'oxCodeChallenge' + DESC 'OX PKCE code challenge' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.352 NAME 'chlng' + DESC 'OX PKCE code challenge' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.353 NAME 'chlngMth' + DESC 'OX PKCE code challenge method' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.354 NAME 'oxSectorIdentifier' + DESC 'ox Sector Identifier' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.355 NAME 'oxPersistClientAuthorizations' + DESC 'ox Persist Client Authorizations' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.356 NAME 'oxTrustConfImportPerson' + DESC 'oxTrust Import Person Configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.357 NAME 'oxSessionStateId' + DESC 'oxSessionStateId' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.358 NAME 'ssnId' + DESC 'oxAuth Session DN' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.359 NAME 'oxPasswordExpirationDate' + DESC 'Password Expiration date, represented as an ISO 8601 (YYYY-MM-DD) format' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + ORDERING generalizedTimeOrderingMatch + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.360 NAME 'oxCountInvalidLogin' + DESC 'Invalid login attempts count' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.361 NAME 'gluuIMAPData' + DESC 'This data has information about your imap connection' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.362 NAME 'gluuPassportConfiguration' + DESC 'oxTrust Passport Strategy Configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.363 NAME 'gluuPassportEnabled' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.364 NAME 'gluuRadiusEnabled' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.365 NAME 'gluuSamlEnabled' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.366 NAME 'oxValidation' + DESC 'This data has information about attribute Validation' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.367 NAME 'gluuEntityType' + DESC 'This data has information about TR EntityType' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.368 NAME 'oxPPID' + DESC 'Persistent Pairwise ID for OpenID Connect' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.369 NAME 'oxAuthSessionId' + DESC 'oxAuth Session Id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.370 NAME 'oxCacheConfiguration' + DESC 'Cache configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.371 NAME 'oxLogConfigLocation' + DESC 'Path to external log4j2.xml' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.372 NAME 'oxIncludeClaimsInIdToken' + DESC 'ox Include Claims In Id Token' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.373 NAME 'oxClaimValues' + DESC 'Claim Values' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.374 NAME 'oxClaimRedirectURI' + DESC 'Claim Redirect URI' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.375 NAME 'oxAttributes' + DESC 'Attributes' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.376 NAME 'attr' + DESC 'Attributes' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.377 NAME 'userRandomKey' + DESC 'Attributes' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.378 NAME 'oxRefreshTokenLifetime' + DESC 'Lifetime of refresh token' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.379 NAME 'oxTrustConfAttributeResolver' + DESC 'oxTrust Attribute Resolver ' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.380 NAME 'oxAuthPermissionGranted' + DESC 'oxAuth Permission Granted' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.381 NAME 'oxNickName' + DESC 'oxNickName' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.382 NAME 'oxDeviceNotificationConf' + DESC 'Extended push notification configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.383 NAME 'clms' + DESC 'oxAuth Claims' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.384 NAME 'oxDisabled' + DESC 'Status of client' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.385 NAME 'oxWebKeysSettings' + DESC 'oxAuth Web Keys Configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.386 NAME 'oxScopeExpression' + DESC 'Scope expression' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.387 NAME 'oxPreferredMethod' + DESC 'Gluu Casa - preferred method to use for user authentication' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.388 NAME 'oxOTPDevices' + DESC 'Gluu Casa - Json representation of OTP devices. Complementary to oxExternalUid attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.389 NAME 'oxMobileDevices' + DESC 'Gluu Casa - Json representation of mobile devices. Complementary to mobile attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.390 NAME 'oxdId' + DESC 'oxd Id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.391 NAME 'oxAuthAuthorizedOrigins' + DESC 'oxAuth Authorized Origins' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.392 NAME 'oxStrongAuthPolicy' + DESC 'Gluu Casa - 2FA Enforcement Policy for User' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.393 NAME 'oxTrustedDevicesInfo' + DESC 'Gluu Casa - List of devices with which strong authentication may be skipped' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.394 NAME 'tknBndCnf' + DESC 'oxauth - Token Binding Id Hash' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.395 NAME 'oxUnlinkedExternalUids' + DESC 'Gluu Casa - List of unlinked social accounts (ie disabled oxExternalUids)' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.396 NAME 'oxAccessTokenAsJwt' + DESC 'oxauth - indicator whether to return access token as JWT' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.397 NAME 'oxAccessTokenSigningAlg' + DESC 'oxauth - access token signing algorithm' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.398 NAME 'oxRegistrationData' + DESC 'oxRegistrationData' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.399 NAME 'oxAuthenticationData' + DESC 'oxAuthenticationData' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.400 NAME 'oxPublicKeyId' + DESC 'oxPublicKeyId' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.401 NAME 'oxAccessTokenLifetime' + DESC 'Lifetime of access token' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.402 NAME 'oxSoftwareId' + DESC 'Software Identifier' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.403 NAME 'oxSoftwareVersion' + DESC 'Software Version' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.404 NAME 'oxSoftwareStatement' + DESC 'Software Statement' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.405 NAME 'oxRptAsJwt' + DESC 'oxRptAsJwt' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.406 NAME 'oxCodeChallengeHash' + DESC 'OX code challenge hash' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.407 NAME 'del' + DESC 'del' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.408 NAME 'oxEnabled' + DESC 'Status of the entry, used by many objectclasses' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.409 NAME 'oxAlias' + DESC 'oxAlias' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.410 NAME 'oxTrustLogoPath' + DESC 'oxTrustLogoPath' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.411 NAME 'oxTrustFaviconPath' + DESC 'oxTrustFaviconPath' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.412 NAME 'oxAuthLogoPath' + DESC 'oxAuthLogoPath' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.413 NAME 'oxAuthFaviconPath' + DESC 'oxAuthFaviconPath' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.414 NAME 'idpLogoPath' + DESC 'idpLogoPath' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.415 NAME 'idpFaviconPath' + DESC 'idpFaviconPath' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.416 NAME 'parent' + DESC 'parent' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.417 NAME 'classRef' + DESC 'classRef' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.418 NAME 'gluuSmtpServerTrust' + DESC 'Trust SMTP server' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.419 NAME 'pattern' + DESC 'pattern' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.420 NAME 'oxAuthBackchannelTokenDeliveryMode' + DESC 'oxAuth Backchannel Token Delivery Mode' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.421 NAME 'oxAuthBackchannelClientNotificationEndpoint' + DESC 'oxAuth Backchannel Client Notification Endpoint' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.422 NAME 'oxAuthBackchannelAuthenticationRequestSigningAlg' + DESC 'oxAuth Backchannel Authentication Request Signing Alg' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.423 NAME 'oxAuthBackchannelUserCodeParameter' + DESC 'oxAuth Backchannel User Code Parameter' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.424 NAME 'oxAuthBackchannelDeviceRegistrationToken' + DESC 'oxAuth Backchannel Device Registration Token' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.425 NAME 'oxAuthBackchannelUserCode' + DESC 'oxAuth Backchannel User Code' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.426 NAME 'oxDocumentStoreConfiguration' + DESC 'oxDocumentStoreConfiguration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.427 NAME 'gluuConfDynamic' + DESC 'Gluu Dynamic Configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.428 NAME 'gluuConfStatic' + DESC 'Gluu Static Configuration' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.429 NAME 'authReqId' + DESC 'Authentication request id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.430 NAME 'gluuConfigurationPollingInterval' + DESC 'gluuConfigurationPollingInterval' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.431 NAME 'gluuConfigurationDnsServer' + DESC 'gluuConfigurationDnsServer' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + attributeTypes: ( 1.3.6.1.4.1.48710.1.3.432 NAME 'jansId' + DESC 'jans id' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + X-ORIGIN 'Gluu created attribute' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.1 NAME 'pairwiseIdentifier' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( oxId $ oxSectorIdentifier $ oxAuthClientId $ oxAuthUserId ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.2 NAME 'gluuPerson' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( associatedClient $ c $ displayName $ givenName $ gluuManagedOrganizations $ gluuOptOuts $ gluuStatus $ gluuWhitePagesListed $ iname $ inum $ mail $ gluuSLAManager $ memberOf $ o $ oxAuthPersistentJWT $ oxCreationTimestamp $ oxExternalUid $ oxOTPCache $ oxLastLogonTime $ oxTrustActive $ oxTrustAddresses $ oxTrustEmail $ oxTrustEntitlements $ oxTrustExternalId $ oxTrustImsValue $ oxTrustMetaCreated $ oxTrustMetaLastModified $ oxTrustMetaLocation $ oxTrustMetaVersion $ oxTrustNameFormatted $ oxTrustPhoneValue $ oxTrustPhotos $ oxTrustProfileURL $ oxTrustRole $ oxTrustTitle $ oxTrustUserType $ oxTrusthonorificPrefix $ oxTrusthonorificSuffix $ oxTrustx509Certificate $ oxPasswordExpirationDate $ persistentId $ middleName $ nickname $ preferredUsername $ profile $ picture $ website $ emailVerified $ gender $ birthdate $ zoneinfo $ locale $ phoneNumberVerified $ address $ updatedAt $ preferredLanguage $ role $ secretAnswer $ secretQuestion $ seeAlso $ sn $ cn $ transientId $ uid $ userPassword $ st $ street $ l $ oxCountInvalidLogin $ oxEnrollmentCode $ gluuIMAPData $ oxPPID $ oxGuid $ userRandomKey $ oxPreferredMethod $ userCertificate $ oxOTPDevices $ oxMobileDevices $ oxStrongAuthPolicy $ oxTrustedDevicesInfo $ oxUnlinkedExternalUids $ oxAuthBackchannelDeviceRegistrationToken $ oxAuthBackchannelUserCode ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.3 NAME 'gluuGroup' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( c $ description $ displayName $ gluuGroupType $ gluuGroupVisibility $ gluuStatus $ iname $ inum $ member $ o $ owner $ seeAlso $ oxTrustMetaCreated $ oxTrustMetaLastModified $ oxTrustMetaLocation $ oxTrustMetaVersion ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.4 NAME 'gluuOrganization' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( c $ county $ deployedAppliances $ description $ displayName $ gluuAddPersonCapability $ gluuAdditionalUsers $ gluuApplianceUpdateRequestList $ gluuCustomMessage $ gluuFaviconImage $ gluuFederationHostingEnabled $ gluuInvoiceNo $ gluuLogoImage $ gluuManageIdentityPermission $ gluuManager $ gluuManagerGroup $ gluuOrgShortName $ gluuPaidUntil $ gluuPaymentProcessorTimestamp $ gluuProStoresUser $ gluuStatus $ gluuTempFaviconImage $ gluuThemeColor $ gluuWhitePagesEnabled $ iname $ inum $ l $ mail $ memberOf $ nonProfit $ o $ oxCreationTimestamp $ oxLinkLinktrack $ oxLinktrackEnabled $ oxLinktrackLogin $ oxLinktrackPassword $ oxRegistrationConfiguration $ postalCode $ proStoresToken $ prostoresTimestamp $ scimAuthMode $ scimGroup $ scimStatus $ st $ street $ telephoneNumber $ title $ uid $ userPassword $ oxTrustLogoPath $ oxTrustFaviconPath $ oxAuthLogoPath $ oxAuthFaviconPath $ idpLogoPath $ idpFaviconPath ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.5 NAME 'gluuConfiguration' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( blowfishPassword $ c $ ou $ description $ displayName $ gluuAdditionalBandwidth $ gluuAdditionalMemory $ gluuApplianceDnsServer $ gluuAppliancePollingInterval $ gluuBandwidthRX $ gluuBandwidthTX $ gluuDSstatus $ gluuFederationHostingEnabled $ gluuHTTPstatus $ gluuHostname $ gluuInvoiceNo $ gluuLastUpdate $ gluuLifeRay $ gluuManageIdentityPermission $ gluuManager $ gluuMaxLogSize $ gluuOrgProfileMgt $ gluuPaidUntil $ gluuPaymentProcessorTimestamp $ gluuPrivate $ gluuPublishIdpMetadata $ gluuResizeInitiated $ gluuSPTR $ gluuScimEnabled $ gluuShibAssertionsIssued $ gluuShibFailedAuth $ gluuShibSecurityEvents $ gluuShibSuccessfulAuths $ oxTrustEmail $ gluuSmtpFromEmailAddress $ gluuSmtpFromName $ gluuSmtpHost $ gluuSmtpPassword $ gluuSmtpPort $ gluuSmtpRequiresAuthentication $ gluuSmtpRequiresSsl $ gluuSmtpUserName $ gluuSslExpiry $ gluuStatus $ gluuTargetRAM $ gluuUrl $ gluuVDSenabled $ gluuVDSstatus $ gluuVdsCacheRefreshEnabled $ gluuVdsCacheRefreshLastUpdate $ gluuVdsCacheRefreshLastUpdateCount $ gluuVdsCacheRefreshPollingInterval $ gluuVdsCacheRefreshProblemCount $ gluuWhitePagesEnabled $ iname $ inum $ inumFN $ o $ oxAuthenticationMode $ oxTrustAuthenticationMode $ oxIDPAuthentication $ oxLogViewerConfig $ oxLogConfigLocation $ oxSmtpConfiguration $ oxCacheConfiguration $ oxDocumentStoreConfiguration $ oxTrustStoreCert $ oxTrustStoreConf $ passwordResetAllowed $ softwareVersion $ userPassword $ oxTrustCacheRefreshServerIpAddress $ gluuPassportEnabled $ gluuRadiusEnabled $ gluuSamlEnabled $ gluuSmtpServerTrust $ gluuConfigurationPollingInterval $ gluuConfigurationDnsServer ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.6 NAME 'gluuAttribute' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( description $ displayName $ gluuAttributeEditType $ gluuAttributeName $ gluuAttributeOrigin $ gluuAttributeSystemEditType $ gluuAttributeType $ oxAuthClaimName $ gluuAttributeUsageType $ gluuAttributeViewType $ gluuCategory $ gluuSAML1URI $ gluuSAML2URI $ gluuStatus $ iname $ inum $ oxMultivaluedAttribute $ oxNameIdType $ oxSCIMCustomAttribute $ oxSourceAttribute $ seeAlso $ urn $ gluuRegExp $ gluuTooltip $ oxValidation ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.7 NAME 'gluuSAMLconfig' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( description $ displayName $ federationRules $ gluuContainerFederation $ gluuEntityId $ gluuIsFederation $ gluuProfileConfiguration $ gluuReleasedAttribute $ gluuRulesAccepted $ gluuSAMLMetaDataFilter $ gluuSAMLTrustEngine $ gluuSAMLmaxRefreshDelay $ gluuSAMLspMetaDataFN $ gluuSAMLspMetaDataSourceType $ gluuSAMLspMetaDataURL $ gluuSpecificRelyingPartyConfig $ gluuStatus $ gluuTrustContact $ gluuTrustDeconstruction $ gluuValidationLog $ gluuValidationStatus $ iname $ inum $ o $ oxAuthPostLogoutRedirectURI $ url $ researchAndScholarshipEnabled $ gluuEntityType ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.8 NAME 'gluuInumMap' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( gluuStatus $ inum $ primaryKeyAttrName $ primaryKeyValue $ secondaryKeyAttrName $ secondaryKeyValue $ tertiaryKeyAttrName $ tertiaryKeyValue ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.9 NAME 'gluuInvoice' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( gluuInvoiceAmount $ gluuInvoiceDate $ gluuInvoiceLineItemName $ gluuInvoiceNumber $ gluuInvoiceProductNumber $ gluuInvoiceQuantity $ gluuInvoiceStatus $ inum ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.10 NAME 'gluuPasswordResetRequest' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( creationDate $ oxGuid $ personInum $ del $ exp ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.11 NAME 'oxLink' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( description $ oxGuid $ oxLinkCreator $ oxLinkExpirationDate $ oxLinkLinktrack $ oxLinkModerated $ oxLinkModerators $ oxLinkPending ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.12 NAME 'vdapcontainer' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( ou ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.13 NAME 'vdDirectoryView' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( o ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.14 NAME 'vdlabel' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( o ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.15 NAME 'oxEntry' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( displayName $ iname $ inum ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.16 NAME 'oxNode' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( organizationalOwner $ owner $ sourceRelationalXdiStatement $ targetRelationalXdiStatement $ x $ xdiStatement $ xri ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.17 NAME 'oxAuthClient' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( o $ associatedPerson $ displayName $ description $ inum $ oxAuthAppType $ oxAuthClientIdIssuedAt $ oxAuthClientSecret $ oxAuthClientSecretExpiresAt $ exp $ del $ oxAuthClientURI $ oxAuthContact $ oxAuthDefaultAcrValues $ oxAuthDefaultMaxAge $ oxAuthGrantType $ oxAuthIdTokenEncryptedResponseAlg $ oxAuthIdTokenEncryptedResponseEnc $ oxAuthIdTokenSignedResponseAlg $ oxAuthInitiateLoginURI $ oxAuthJwksURI $ oxAuthJwks $ oxAuthLogoURI $ oxAuthPolicyURI $ oxAuthPostLogoutRedirectURI $ oxAuthRedirectURI $ oxAuthRegistrationAccessToken $ oxAuthRequestObjectSigningAlg $ oxAuthRequestObjectEncryptionAlg $ oxAuthRequestObjectEncryptionEnc $ oxAuthRequestURI $ oxAuthRequireAuthTime $ oxAuthResponseType $ oxAuthScope $ oxAuthClaim $ oxAuthSectorIdentifierURI $ oxAuthSignedResponseAlg $ oxAuthSubjectType $ oxAuthTokenEndpointAuthMethod $ oxAuthTokenEndpointAuthSigningAlg $ oxAuthTosURI $ oxAuthTrustedClient $ oxAuthUserInfoEncryptedResponseAlg $ oxAuthUserInfoEncryptedResponseEnc $ oxAuthExtraConf $ oxClaimRedirectURI $ oxLastAccessTime $ oxLastLogonTime $ oxPersistClientAuthorizations $ oxIncludeClaimsInIdToken $ oxRefreshTokenLifetime $ oxDisabled $ oxAuthLogoutURI $ oxAuthLogoutSessionRequired $ oxdId $ oxAuthAuthorizedOrigins $ tknBndCnf $ oxAccessTokenAsJwt $ oxAccessTokenSigningAlg $ oxAccessTokenLifetime $ oxSoftwareId $ oxSoftwareVersion $ oxSoftwareStatement $ oxRptAsJwt $ oxAttributes $ oxAuthBackchannelTokenDeliveryMode $ oxAuthBackchannelClientNotificationEndpoint $ oxAuthBackchannelAuthenticationRequestSigningAlg $ oxAuthBackchannelUserCodeParameter ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.18 NAME 'oxAuthCustomScope' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( defaultScope $ description $ displayName $ inum $ oxScopeType $ oxAuthClaim $ oxScriptDn $ oxAuthGroupClaims $ oxId $ oxIconUrl $ oxUmaPolicyScriptDn $ oxAttributes $ exp $ del ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.19 NAME 'oxAuthSessionId' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( oxId $ sid $ creationDate $ exp $ del $ oxLastAccessTime $ oxAuthUserDN $ authnTime $ oxState $ oxSessionState $ oxAuthPermissionGranted $ oxAsJwt $ oxJwt $ oxAuthPermissionGrantedMap $ oxInvolvedClients $ oxAuthSessionAttribute ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.20 NAME 'oxAuthConfiguration' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( ou $ oxAuthConfDynamic $ oxAuthConfErrors $ oxAuthConfStatic $ oxAuthConfWebKeys $ oxRevision $ oxWebKeysSettings ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.21 NAME 'oxTrustConfiguration' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( ou $ oxTrustConfApplication $ oxTrustConfCacheRefresh $ oxRevision $ oxTrustConfImportPerson $ oxTrustConfAttributeResolver ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.22 NAME 'oxApplicationConfiguration' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( ou $ oxConfApplication $ oxRevision ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.23 NAME 'oxUmaResource' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( displayName $ inum $ owner $ oxAssociatedClient $ oxAuthUmaScope $ oxFaviconImage $ oxGroup $ oxId $ oxResource $ oxRevision $ oxType $ oxScopeExpression $ iat $ exp $ del $ description ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.24 NAME 'oxUmaResourcePermission' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( exp $ del $ oxAuthUmaScope $ oxConfigurationCode $ oxResourceSetId $ oxAttributes $ oxTicket $ oxStatus ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.25 NAME 'oxAuthGrant' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( grtId $ iat ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.26 NAME 'token' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( authnTime $ authzCode $ iat $ exp $ del $ grtId $ grtTyp $ jwtReq $ nnc $ scp $ tknCde $ tknTyp $ usrId $ clnId $ acr $ uuid $ chlng $ chlngMth $ clms $ ssnId $ attr $ tknBndCnf ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.27 NAME 'oxAuthUmaRPT' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( authnTime $ clnId $ iat $ exp $ del $ tknCde $ usrId $ oxUmaPermission $ uuid $ ssnId ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.28 NAME 'oxLiteralNode' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( literalBinaryValue $ literalValue $ organizationalOwner $ owner $ targetRelationalXdiStatement $ x $ xdiStatement $ xri ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.29 NAME 'oxProxConfiguration' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( ou $ oxProxConf $ oxScriptDn ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.30 NAME 'oxProxOp' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( c $ displayName $ inum $ l $ oxDomain $ oxId $ oxX509PEM $ oxX509URL ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.31 NAME 'oxProxClient' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( displayName $ inum $ oxProxyClaimMapping $ oxProxyScope $ oxProxyToOpClientMapping ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.32 NAME 'oxProxAccessToken' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( iat $ exp $ del $ oxProxyAccessToken $ oxProxyClientId ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.33 NAME 'oxScript' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( inum $ oxScript $ oxScriptType ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.34 NAME 'oxPushApplication' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( displayName $ oxId $ oxName $ oxPushApplicationConf ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.35 NAME 'oxPushDevice' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( oxAuthUserId $ oxId $ oxPushApplication $ oxPushDeviceConf $ oxType ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.36 NAME 'oxCustomScript' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( inum $ displayName $ description $ oxScript $ oxScriptType $ programmingLanguage $ oxModuleProperty $ oxConfigurationProperty $ oxLevel $ oxRevision $ oxEnabled $ oxScriptError $ oxAlias ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.37 NAME 'oxDeviceRegistration' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( oxId $ displayName $ description $ oxDeviceKeyHandle $ oxDeviceHashCode $ oxApplication $ oxDeviceRegistrationConf $ oxDeviceNotificationConf $ oxNickName $ oxDeviceData $ oxCounter $ oxStatus $ del $ exp $ personInum $ creationDate $ oxLastAccessTime $ oxTrustMetaLastModified $ oxTrustMetaLocation $ oxTrustMetaVersion ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.38 NAME 'oxU2fRequest' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( oxId $ oxRequestId $ oxRequest $ oxSessionStateId $ del $ exp $ personInum $ creationDate ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.39 NAME 'oxMetric' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( uniqueIdentifier $ oxStartDate $ oxEndDate $ oxApplicationType $ oxMetricType $ creationDate $ del $ exp $ oxData $ oxHost ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.40 NAME 'oxClientAuthorization' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( oxId $ oxAuthClientId $ oxAuthUserId $ exp $ del $ oxAuthScope ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.41 NAME 'oxSectorIdentifier' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( oxId $ description $ oxAuthRedirectURI $ oxAuthClientId ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.42 NAME 'oxPassportConfiguration' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( ou $ gluuPassportConfiguration $ gluuStatus ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.43 NAME 'oxShibbolethCASProtocolConfiguration' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( ou $ uniqueIdentifier $ inum $ oxConfApplication $ oxRevision ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.44 NAME 'oxAuthUmaPCT' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( clnId $ iat $ exp $ del $ tknCde $ oxClaimValues $ ssnId ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.45 NAME 'cache' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( uuid $ iat $ exp $ del $ dat ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.46 NAME 'oxFido2AuthenticationEntry' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( oxId $ creationDate $ oxSessionStateId $ oxCodeChallenge $ personInum $ oxAuthenticationData $ oxStatus ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.47 NAME 'oxFido2RegistrationEntry' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( oxId $ creationDate $ displayName $ oxSessionStateId $ oxCodeChallenge $ oxCodeChallengeHash $ oxPublicKeyId $ personInum $ oxRegistrationData $ oxDeviceNotificationConf $ oxCounter $ oxStatus ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.48 NAME 'samlAcr' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( parent $ classRef $ inum ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.49 NAME 'gluuOxtrustStat' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( inum $ gluuFreeDiskSpace $ gluuFreeMemory $ gluuFreeSwap $ gluuGroupCount $ gluuIpAddress $ gluuLoadAvg $ gluuPersonCount $ gluuSystemUptime $ uniqueIdentifier ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.50 NAME 'gluuApplicationConfiguration' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( ou $ gluuConfDynamic $ gluuConfStatic $ oxRevision ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.51 NAME 'oxExpiredObject' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( oxId $ dat $ iat $ exp $ oxType ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.52 NAME 'oxRp' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( oxId $ dat ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.53 NAME 'cibaRequest' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( authReqId $ clnId $ usrId $ creationDate $ exp $ oxStatus ) + X-ORIGIN 'Gluu created objectclass' ) + objectClasses: ( 1.3.6.1.4.1.48710.1.4.54 NAME 'jansStatEntry' + SUP ( top ) + STRUCTURAL + MUST ( objectclass ) + MAY ( jansId $ dat $ attr ) + X-ORIGIN 'Gluu created objectclass' ) + +kind: ConfigMap +metadata: + name: oxldif diff --git a/helm/pygluu/kubernetes/terminal/__init__.py b/helm/pygluu/kubernetes/terminal/__init__.py new file mode 100644 index 00000000000..e69de29bb2d diff --git a/helm/pygluu/kubernetes/terminal/architecture.py b/helm/pygluu/kubernetes/terminal/architecture.py new file mode 100644 index 00000000000..57aa9e56b69 --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/architecture.py @@ -0,0 +1,53 @@ +""" +pygluu.kubernetes.terminal.architecture +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for setup of arch backend in terminal installations. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" +import click + + +class PromptArch: + """Prompt is used for prompting users for input used in deploying Gluu. + """ + + def __init__(self, settings): + self.settings = settings + + def prompt_arch(self): + """Prompts for the kubernetes infrastructure used. + """ + # TODO: This should be auto-detected + if self.settings.get("global.storageClass.provisioner") in (None, ''): + print("|------------------------------------------------------------------|") + print("| Test Environment Deployments |") + print("|------------------------------------------------------------------|") + print("| [1] Microk8s [default] |") + print("| [2] Minikube |") + print("|------------------------------------------------------------------|") + print("| Cloud Deployments |") + print("|------------------------------------------------------------------|") + print("| [3] Amazon Web Services - Elastic Kubernetes Service (Amazon EKS)|") + print("| [4] Google Cloud Engine - Google Kubernetes Engine (GKE) |") + print("| [5] Microsoft Azure (AKS) |") + print("| [6] Digital Ocean [Beta] |") + print("|------------------------------------------------------------------|") + print("| Local Deployments |") + print("|------------------------------------------------------------------|") + print("| [7] Manually provisioned Kubernetes cluster |") + print("|------------------------------------------------------------------|") + + arch_map = { + 1: "microk8s.io/hostpath", + 2: "k8s.io/minikube-hostpath", + 3: "kubernetes.io/aws-ebs", + 4: "kubernetes.io/gce-pd", + 5: "kubernetes.io/azure-disk", + 6: "dobs.csi.digitalocean.com", + 7: "openebs.io/local", + } + choice = click.prompt("Deploy on", default=1) + self.settings.set("global.storageClass.provisioner", arch_map.get(choice, "microk8s.io/hostpath")) diff --git a/helm/pygluu/kubernetes/terminal/aws.py b/helm/pygluu/kubernetes/terminal/aws.py new file mode 100644 index 00000000000..39f5897c447 --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/aws.py @@ -0,0 +1,63 @@ +""" +pygluu.kubernetes.terminal.aws +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for aws terminal prompts. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" +import click + +from pygluu.kubernetes.helpers import get_logger + +logger = get_logger("gluu-prompt-aws ") + + +class PromptAws: + """Prompt is used for prompting users for input used in deploying Gluu. + """ + + def __init__(self, settings): + self.settings = settings + + def prompt_aws_lb(self): + """Prompts for AWS Load balancer information + """ + lb_map = { + 1: "clb", + 2: "nlb", + 3: "alb", + } + + if self.settings.get("installer-settings.aws.lbType") not in lb_map.values(): + print("|-----------------------------------------------------------------|") + print("| AWS Loadbalancer type |") + print("|-----------------------------------------------------------------|") + print("| [1] Classic Load Balancer (CLB) [default] |") + print("| [2] Network Load Balancer (NLB - Alpha) -- Static IP |") + print("| [3] Application Load Balancer (ALB - Alpha) DEV_ONLY |") + print("|-----------------------------------------------------------------|") + + choice = click.prompt("Loadbalancer type", default=1) + self.settings.set("installer-settings.aws.lbType", lb_map.get(choice, "clb")) + if self.settings.get("installer-settings.aws.lbType") == "alb": + logger.info("A prompt later during installation will appear to input the ALB DNS address") + + if self.settings.get("installer-settings.aws.arn.enabled") in (None, ''): + self.settings.set("installer-settings.aws.arn.enabled", click.confirm( + "Are you terminating SSL traffic at LB and using certificate from AWS")) + + if self.settings.get("installer-settings.aws.vpcCidr") in (None, '') and \ + self.settings.get("installer-settings.aws.arn.enabled"): + self.settings.set("installer-settings.aws.vpcCidr", click.prompt( + "Enter VPC CIDR in use for the Kubernetes cluster i.e 192.168.1.1/16", default="0.0.0.0/0" + )) + + if self.settings.get("installer-settings.aws.arn.arnAcmCert") in (None, '') and \ + self.settings.get("installer-settings.aws.arn.enabled"): + # no default means it will try to prompt in loop until user inputs + self.settings.set("installer-settings.aws.arn.arnAcmCert", click.prompt( + "Enter aws-load-balancer-ssl-cert arn quoted ('arn:aws:acm:us-west-2:XXXXXXXX:" + "certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX')" + )) diff --git a/helm/pygluu/kubernetes/terminal/backup.py b/helm/pygluu/kubernetes/terminal/backup.py new file mode 100644 index 00000000000..d73fc6653fe --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/backup.py @@ -0,0 +1,56 @@ +""" +pygluu.kubernetes.terminal.backup +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for terminal backup prompt. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" +import click + + +class PromptBackup: + """Prompt is used for prompting users for input used in deploying Gluu. + """ + + def __init__(self, settings): + self.settings = settings + + def prompt_backup(self): + """Prompt for LDAP and or Couchbase backup strategies + """ + if self.settings.get("global.cnPersistenceType") in ("hybrid", "couchbase"): + if self.settings.get("installer-settings.couchbase.backup.incrementalSchedule") in (None, ''): + self.settings.set("installer-settings.couchbase.backup.incrementalSchedule", click.prompt( + "Please input couchbase backup cron job schedule for incremental backups. " + "This will run backup job every 30 mins by default.", + default="*/30 * * * *", + )) + + if self.settings.get("installer-settings.couchbase.backup.fullSchedule") in (None, ''): + self.settings.set("installer-settings.couchbase.backup.fullSchedule", click.prompt( + "Please input couchbase backup cron job schedule for full backups. " + "This will run backup job on Saturday at 2am", + default="0 2 * * 6", + )) + + if self.settings.get("installer-settings.couchbase.backup.retentionTime") in (None, ''): + self.settings.set("installer-settings.couchbase.backup.retentionTime", click.prompt( + "Please enter the time period in which to retain existing backups. " + "Older backups outside this time frame are deleted", + default="168h", + )) + + if self.settings.get("installer-settings.couchbase.backup.storageSize") in (None, ''): + self.settings.set("installer-settings.couchbase.backup.storageSize", + click.prompt("Size of couchbase backup volume storage", + default="20Gi")) + + elif self.settings.get("global.cnPersistenceType") == "ldap": + if self.settings.get("installer-settings.ldap.backup.fullSchedule") in (None, ''): + self.settings.set("installer-settings.ldap.backup.fullSchedule", click.prompt( + "Please input ldap backup cron job schedule. " + "This will run backup job every 30 mins by default.", + default="*/30 * * * *", + )) diff --git a/helm/pygluu/kubernetes/terminal/cache.py b/helm/pygluu/kubernetes/terminal/cache.py new file mode 100644 index 00000000000..5c3f0bfdc5c --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/cache.py @@ -0,0 +1,41 @@ +""" +pygluu.kubernetes.terminal.cache +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for cache terminal prompts. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" +import click +from pygluu.kubernetes.terminal.redis import PromptRedis + + +class PromptCache: + """Prompt is used for prompting users for input used in deploying Gluu. + """ + + def __init__(self, settings): + self.settings = settings + + def prompt_cache_type(self): + """Prompt cache type + """ + gluu_cache_map = { + 1: "NATIVE_PERSISTENCE", + 2: "IN_MEMORY", + 3: "REDIS", + } + if self.settings.get("config.configmap.cnCacheType") not in gluu_cache_map.values(): + print("|------------------------------------------------------------------|") + print("| Cache layer |") + print("|------------------------------------------------------------------|") + print("| [1] NATIVE_PERSISTENCE [default] |") + print("| [2] IN_MEMORY |") + print("| [3] REDIS |") + print("|------------------------------------------------------------------|") + choice = click.prompt("Cache layer", default=1) + self.settings.set("config.configmap.cnCacheType", gluu_cache_map.get(choice, "NATIVE_PERSISTENCE")) + if self.settings.get("config.configmap.cnCacheType") == "REDIS": + redis = PromptRedis(self.settings) + redis.prompt_redis() diff --git a/helm/pygluu/kubernetes/terminal/configuration.py b/helm/pygluu/kubernetes/terminal/configuration.py new file mode 100644 index 00000000000..fbc0779f3e2 --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/configuration.py @@ -0,0 +1,98 @@ +""" +pygluu.kubernetes.terminal.configuration +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for configuration terminal prompts. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" +import re +import click + +from pygluu.kubernetes.helpers import get_logger, prompt_password + +logger = get_logger("gluu-prompt-config ") + + +class PromptConfiguration: + """Prompt is used for prompting users for input used in deploying Gluu. + """ + + def __init__(self, settings): + self.settings = settings + self.config_settings = {"hostname": "", "country_code": "", "state": "", "city": "", "admin_pw": "", + "ldap_pw": "", "email": "", "org_name": "", "redis_pw": ""} + + def prompt_config(self): + """Prompts for generation of configuration layer + """ + check_fqdn_provided = False + + while True: + if self.settings.get("global.fqdn") in (None, '') or check_fqdn_provided: + self.settings.set("global.fqdn", click.prompt("Enter Hostname", default="demoexample.gluu.org")) + + regex_bool = re.match( + '^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.){2,}([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9]){2,}$', + # noqa: W605 + self.settings.get("global.fqdn")) + + if regex_bool: + break + else: + check_fqdn_provided = True + logger.error("Input not FQDN structured. Please enter a FQDN with the format demoexample.gluu.org") + + if self.settings.get("config.countryCode") in (None, ''): + self.settings.set("config.countryCode", click.prompt("Enter Country Code", default="US")) + + if self.settings.get("config.state") in (None, ''): + self.settings.set("config.state", click.prompt("Enter State", default="TX")) + + if self.settings.get("config.city") in (None, ''): + self.settings.set("config.city", click.prompt("Enter City", default="Austin")) + + if self.settings.get("config.email") in (None, ''): + self.settings.set("config.email", click.prompt("Enter email", default="support@gluu.org")) + + if self.settings.get("config.orgName") in (None, ''): + self.settings.set("config.orgName", click.prompt("Enter Organization", default="Gluu")) + + if self.settings.get("config.adminPassword") in (None, ''): + self.settings.set("config.adminPassword", prompt_password("Admin GUI")) + + if self.settings.get("config.ldapPassword") in (None, ''): + if self.settings.get("global.cnPersistenceType") in ("hybrid", "ldap"): + self.settings.set("config.ldapPassword", prompt_password("OpenDJ")) + else: + self.settings.set("config.ldapPassword", self.settings.get("config.configmap.cnCouchbasePass")) + + if self.settings.get("global.storageClass.provisioner") in ("microk8s.io/hostpath", "k8s.io/minikube-hostpath"): + self.settings.set("global.isFqdnRegistered", False) + + if self.settings.get("global.isFqdnRegistered") in (None, ''): + self.settings.set("global.isFqdnRegistered", click.confirm("Are you using a globally resolvable FQDN")) + + if self.settings.get("config.migration.enabled") in (None, ''): + self.settings.set("config.migration.enabled", + click.confirm("Are you migrating from the Gluu community edition (VM base)")) + + if self.settings.get("config.migration.enabled"): + if self.settings.get("config.migration.migrationDir") in (None, ''): + self.settings.set("config.migration.migrationDir", + click.prompt("Directory holding the community edition migration files", + default="./ce-migration")) + + if self.settings.get("config.migration.migrationDataFormat") in (None, ''): + while self.settings.get("config.migration.migrationDataFormat") not in ( + "ldif", "couchbase+json", "spanner+avro", "postgresql+json", "mysql+json"): + logger.info("Supported data formats are ldif, couchbase+json, spanner+avro, " + "postgresql+json, and mysql+json ") + self.settings.set("config.migration.migrationDataFormat", + click.prompt("Migration data-format depending on persistence backend. " + "Supported data formats are ldif, couchbase+json, spanner+avro, " + "postgresql+json, and mysql+json ", + default="ldif")) + logger.info("You can mount your FQDN certification and key by placing them inside " + "gluu.crt and gluu.key respectively at the same location pygluu-kubernetes.pyz is at.") diff --git a/helm/pygluu/kubernetes/terminal/confirmsettings.py b/helm/pygluu/kubernetes/terminal/confirmsettings.py new file mode 100644 index 00000000000..a0e1c342987 --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/confirmsettings.py @@ -0,0 +1,43 @@ +""" +pygluu.kubernetes.terminal.confirmsettings +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for confirming user settings terminal prompt. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" + +import click + + +class PromptConfirmSettings: + """Prompt is used for prompting users for input used in deploying Gluu. + """ + + def __init__(self, settings): + self.settings = settings + + def confirm_params(self): + """Formats output of settings from prompts to the user. Passwords are not displayed. + """ + print("{:<1} {:<40} {:<10} {:<35} {:<1}".format('|', 'Setting', '|', 'Value', '|')) + + def iterate_dict(dictionary): + for k, v in dictionary.items(): + if isinstance(v, dict): + iterate_dict(v) + else: + if "Password" not in dictionary[k] and \ + "subjectAlternativeName" not in dictionary[k]: + print("{:<1} {:<40} {:<10} {:<35} {:<1}".format('|', k, '|', v, '|')) + print("{:<1} {:<40} {:<10} {:<35} {:<1}".format('-', 'Setting', '-', 'Value', '-')) + + if click.confirm("Please confirm the above settings"): + self.settings.set("installer-settings.confirmSettings", True) + else: + self.settings.reset_data() + # Prompt for settings again + from pygluu.kubernetes.terminal.prompt import Prompt + initialize_prompts = Prompt() + initialize_prompts.prompt() diff --git a/helm/pygluu/kubernetes/terminal/couchbase.py b/helm/pygluu/kubernetes/terminal/couchbase.py new file mode 100644 index 00000000000..d9cf62343a3 --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/couchbase.py @@ -0,0 +1,197 @@ +""" +pygluu.kubernetes.terminal.couchbase +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for couchbase terminal prompts. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" + +from pathlib import Path +import shutil +import base64 + +import click +from pygluu.kubernetes.helpers import get_logger, prompt_password +from pygluu.kubernetes.terminal.backup import PromptBackup +from pygluu.kubernetes.terminal.architecture import PromptArch +from pygluu.kubernetes.terminal.helpers import gather_ip +from pygluu.kubernetes.terminal.namespace import PromptNamespace + +logger = get_logger("gluu-prompt-couchbase") + + +class PromptCouchbase: + """Prompt is used for prompting users for input used in deploying Gluu. + """ + + def __init__(self, settings): + self.settings = settings + self.backup = PromptBackup(self.settings) + self.arch = PromptArch(self.settings) + self.namespace = PromptNamespace(self.settings) + + def prompt_couchbase(self): + self.arch.prompt_arch() + self.namespace.prompt_gluu_namespace() + + if self.settings.get("global.storageClass.provisioner") \ + not in ("microk8s.io/hostpath", "k8s.io/minikube-hostpath"): + self.backup.prompt_backup() + + if self.settings.get("global.lbIp") in (None, ''): + ip = gather_ip + self.settings.set("global.lbIp", ip) + + if self.settings.get("installer-settings.couchbase.install") in (None, ''): + logger.info("For the following prompt if placed [N] the couchbase is assumed to be" + " installed or remotely provisioned") + self.settings.set("installer-settings.couchbase.install", click.confirm("Install Couchbase", + default=True)) + + if not self.settings.get("installer-settings.couchbase.install"): + if self.settings.get("config.configmap.cnCouchbaseCrt") in (None, ''): + print("Place the Couchbase certificate authority certificate in a file called couchbase.crt at " + "the same location as the installation script.") + print("This can also be found in your couchbase UI Security > Root Certificate") + _ = input("Hit 'enter' or 'return' when ready.") + with open(Path("./couchbase.crt")) as content_file: + ca_crt = content_file.read() + encoded_ca_crt_bytes = base64.b64encode(ca_crt.encode("utf-8")) + encoded_ca_crt_string = str(encoded_ca_crt_bytes, "utf-8") + self.settings.set("config.configmap.cnCouchbaseCrt", encoded_ca_crt_string) + else: + self.settings.set("config.configmap.cnCouchbaseCrt", "") + + self.prompt_override_couchbase_files() + + if self.settings.get("global.storageClass.provisioner") \ + in ("microk8s.io/hostpath", "k8s.io/minikube-hostpath"): + self.settings.set("installer-settings.couchbase.lowResourceInstall", True) + + if self.settings.get("installer-settings.couchbase.lowResourceInstall") in (None, ''): + self.settings.set("installer-settings.couchbase.lowResourceInstall", click.confirm( + "Setup CB nodes using low resources for demo purposes")) + + if not self.settings.get("installer-settings.couchbase.lowResourceInstall") and \ + not self.settings.get("installer-settings.couchbase.customFileOverride") and \ + self.settings.get("installer-settings.couchbase.install"): + self.prompt_couchbase_yaml() + + if self.settings.get("installer-settings.couchbase.namespace") in (None, ''): + self.settings.set("installer-settings.couchbase.namespace", + click.prompt("Please enter a namespace for CB objects.", default="cbns")) + + if self.settings.get("installer-settings.couchbase.clusterName") in (None, ''): + self.settings.set("installer-settings.couchbase.clusterName", + click.prompt("Please enter a cluster name.", default="cbgluu")) + + if self.settings.get("config.configmap.cnCouchbaseUrl") in (None, ''): + self.settings.set("config.configmap.cnCouchbaseUrl", click.prompt( + "Please enter couchbase (remote or local) URL base name", + default=f"{self.settings.get('installer-settings.couchbase.clusterName')}." + f"{self.settings.get('installer-settings.couchbase.namespace')}.svc.cluster.local", + )) + + if self.settings.get("config.configmap.cnCouchbaseBucketPrefix") in (None, ''): + self.settings.set("config.configmap.cnCouchbaseBucketPrefix", click.prompt( + "Please enter a prefix name for all couchbase gluu buckets", + default="gluu" + )) + + if self.settings.get("config.configmap.cnCouchbaseIndexNumReplica") in (None, ''): + self.settings.set("config.configmap.cnCouchbaseIndexNumReplica", click.prompt( + "Please enter the number of replicas per index created. " + "Please note that the number of index nodes must be one greater than the number of replicas. " + "That means if your couchbase cluster only has 2 " + "index nodes you cannot place the number of replicas to be higher than 1.", + default="0", + )) + + if self.settings.get("config.configmap.cnCouchbaseSuperUser") in (None, ''): + self.settings.set("config.configmap.cnCouchbaseSuperUser", + click.prompt("Please enter couchbase superuser username.", default="admin")) + + if self.settings.get("config.configmap.cnCouchbaseSuperUserPassword") in (None, ''): + self.settings.set("config.configmap.cnCouchbaseSuperUserPassword", prompt_password("Couchbase superuser")) + + if self.settings.get("config.configmap.cnCouchbaseUser") in (None, ''): + self.settings.set("config.configmap.cnCouchbaseUser", + click.prompt("Please enter gluu couchbase username.", default="gluu")) + + if self.settings.get("config.configmap.cnCouchbasePassword") in (None, ''): + self.settings.set("config.configmap.cnCouchbasePassword", prompt_password("Couchbase Gluu user")) + + self.find_couchbase_certs_or_set_san_cn() + + def prompt_override_couchbase_files(self): + if self.settings.get("installer-settings.couchbase.customFileOverride") in (None, ''): + self.settings.set("installer-settings.couchbase.customFileOverride", click.confirm( + "Override couchbase-cluster.yaml with a custom couchbase-cluster.yaml", + )) + + if self.settings.get("installer-settings.couchbase.customFileOverride"): + try: + shutil.copy(Path("./couchbase-cluster.yaml"), Path("./couchbase/couchbase-cluster.yaml")) + shutil.copy(Path("./couchbase-buckets.yaml"), Path("./couchbase/couchbase-buckets.yaml")) + shutil.copy(Path("./couchbase-ephemeral-buckets.yaml"), + Path("./couchbase/couchbase-ephemeral-buckets.yaml")) + + except FileNotFoundError: + logger.error("An override option has been chosen but there is a missing couchbase file that " + "could not be found at the current path. Please place the override files under the name" + " couchbase-cluster.yaml, couchbase-buckets.yaml, and couchbase-ephemeral-buckets.yaml" + " in the same directory pygluu-kubernetes.pyz exists ") + raise SystemExit(1) + + def find_couchbase_certs_or_set_san_cn(self): + """Finds couchbase certs inside couchbase_crts-keys folder and if not existent sets couchbase SAN and prompts + for couchbase common name. + """ + custom_cb_ca_crt = Path("./couchbase_crts_keys/ca.crt") + custom_cb_crt = Path("./couchbase_crts_keys/chain.pem") + custom_cb_key = Path("./couchbase_crts_keys/pkey.key") + if not custom_cb_ca_crt.exists() or not custom_cb_crt.exists() and not custom_cb_key.exists(): + if self.settings.get('installer-settings.couchbase.subjectAlternativeName') in (None, ''): + self.settings.set('installer-settings.couchbase.subjectAlternativeName', [ + "*.{}".format(self.settings.get("installer-settings.couchbase.clusterName")), + "*.{}.{}".format(self.settings.get("installer-settings.couchbase.clusterName"), + self.settings.get("installer-settings.couchbase.namespace")), + "*.{}.{}.svc".format(self.settings.get("installer-settings.couchbase.clusterName"), + self.settings.get("installer-settings.couchbase.namespace")), + "*.{}.{}.svc.cluster.local".format(self.settings.get("installer-settings.couchbase.clusterName"), + self.settings.get("installer-settings.couchbase.namespace")), + "{}-srv".format(self.settings.get("installer-settings.couchbase.clusterName")), + "{}-srv.{}".format(self.settings.get("installer-settings.couchbase.clusterName"), + self.settings.get("installer-settings.couchbase.namespace")), + "{}-srv.{}.svc".format(self.settings.get("installer-settings.couchbase.clusterName"), + self.settings.get("installer-settings.couchbase.namespace")), + "*.{}-srv.{}.svc.cluster.local".format( + self.settings.get("installer-settings.couchbase.clusterName"), + self.settings.get("installer-settings.couchbase.namespace")), + "localhost" + ]) + if self.settings.get("installer-settings.couchbase.commonName") in (None, ''): + self.settings.set("installer-settings.couchbase.commonName", + click.prompt("Enter Couchbase certificate common name.", default="Couchbase CA")) + + def prompt_couchbase_yaml(self): + """ + Used to generate couchbase cluster yaml + """ + if not self.settings.get('installer-settings.couchbase.totalNumberOfExpectedUsers'): + self.settings.set('installer-settings.couchbase.totalNumberOfExpectedUsers', + click.prompt("Please enter the number of expected users", default="1000000")) + + if not self.settings.get('installer-settings.couchbase.totalNumberOfExpectedTransactionsPerSec'): + self.settings.set('installer-settings.couchbase.totalNumberOfExpectedTransactionsPerSec', + click.prompt("Expected transactions per second [alpha]", + default=2000)) + + if not self.settings.get('installer-settings.couchbase.volumeType'): + logger.info("GCE GKE Options ('pd-standard', 'pd-ssd')") + logger.info("AWS EKS Options ('gp2', 'io1', 'st1', 'sc1')") + logger.info("Azure Options ('Standard_LRS', 'Premium_LRS', 'StandardSSD_LRS', 'UltraSSD_LRS')") + self.settings.set('installer-settings.couchbase.volumeType', click.prompt("Please enter the volume type.", + default="io1")) diff --git a/helm/pygluu/kubernetes/terminal/distribution.py b/helm/pygluu/kubernetes/terminal/distribution.py new file mode 100644 index 00000000000..e02cd8d63f7 --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/distribution.py @@ -0,0 +1,36 @@ +""" +pygluu.kubernetes.terminal.distribution +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for Gluu distribution terminal prompts. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" +import click + + +class PromptDistribution: + """Prompt is used for prompting users for input used in deploying Gluu. + """ + + def __init__(self, settings): + self.settings = settings + + def prompt_distribution(self): + """Prompt distribution + """ + gluu_distribution_map = { + 1: "default", + 2: "openbanking", + } + if self.settings.get("global.distribution") not in gluu_distribution_map.values() \ + and self.settings.get("global.distribution") in ("None", ''): + print("|------------------------------------------------------------------|") + print("| Gluu Distribution |") + print("|------------------------------------------------------------------|") + print("| [1] default [default] |") + print("| [2] OpenBanking |") + print("|------------------------------------------------------------------|") + choice = click.prompt("Gluu distribution", default=1) + self.settings.set("global.distribution", gluu_distribution_map.get(choice, "default")) diff --git a/helm/pygluu/kubernetes/terminal/gke.py b/helm/pygluu/kubernetes/terminal/gke.py new file mode 100644 index 00000000000..196eec06265 --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/gke.py @@ -0,0 +1,36 @@ +""" +pygluu.kubernetes.terminal.gke +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for gke terminal prompt. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" +import click +from pygluu.kubernetes.helpers import exec_cmd + + +class PromptGke: + """Prompt is used for prompting users for input used in deploying Gluu. + """ + + def __init__(self, settings): + self.settings = settings + + def prompt_gke(self): + """GKE prompts + """ + if not self.settings.get("GMAIL_ACCOUNT"): + self.settings.set("GMAIL_ACCOUNT", click.prompt("Please enter valid email for Google Cloud account")) + + if self.settings.get("APP_VOLUME_TYPE") == 11: + for node_name in self.settings.get("NODES_NAMES"): + for zone in self.settings.get("NODES_ZONES"): + response, error, retcode = exec_cmd("gcloud compute ssh user@{} --zone={} " + "--command='echo $HOME'".format(node_name, zone)) + self.settings.set("GOOGLE_NODE_HOME_DIR", str(response, "utf-8")) + if self.settings.get("GOOGLE_NODE_HOME_DIR"): + break + if self.settings.get("GOOGLE_NODE_HOME_DIR"): + break diff --git a/helm/pygluu/kubernetes/terminal/google.py b/helm/pygluu/kubernetes/terminal/google.py new file mode 100644 index 00000000000..8c5c350fce3 --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/google.py @@ -0,0 +1,72 @@ +""" +pygluu.kubernetes.terminal.google +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for spanner terminal prompts. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" +import click +from pathlib import Path +import base64 +import json + + +class PromptGoogle: + """Prompt is used for prompting users for input used in deploying Gluu. + """ + + def __init__(self, settings): + self.settings = settings + + def prompt_google(self): + """Prompts for spanner ids + """ + if self.settings.get("global.cnPersistenceType") == "spanner": + if not self.settings.get("config,configmap.cnGoogleSpannerInstanceId"): + self.settings.set("config,configmap.cnGoogleSpannerInstanceId", + click.prompt("Please enter the google spanner instance ID.", + default="")) + + if not self.settings.get("config,configmap.cnGoogleSpannerDatabaseId"): + self.settings.set("config,configmap.cnGoogleSpannerDatabaseId", + click.prompt("Please enter the google spanner database ID", + default="")) + # Feature not implemented yet + self.settings.set("installer-settings.google.useSecretManager", False) + if not self.settings.get("installer-settings.google.useSecretManager"): + self.settings.set("installer-settings.google.useSecretManager", + click.confirm("[BETA] Use Google Secret Manager to hold gluu configuration layer. " + "If answered with No, kubernetes secrets will be used", default=False)) + + if self.settings.get("global.cnPersistenceType") == "spanner" or \ + self.settings.get("installer-settings.google.useSecretManager"): + if not self.settings.get("config.configmap.cnGoogleSecretManagerServiceAccount"): + try: + print("Place the google service account json file under the name google_service_account.json. at " + "the same location as the installation script. The service account must have " + "roles/secretmanager.admin to use Google secret manager and/or " + "roles/spanner.databaseUser to use Spanner") + _ = input("Hit 'enter' or 'return' when ready.") + with open(Path("./google_service_account.json")) as content_file: + sa = content_file.read() + encoded_sa_crt_bytes = base64.b64encode(sa.encode("utf-8")) + encoded_sa_crt_string = str(encoded_sa_crt_bytes, "utf-8") + self.settings.set("config.configmap.cnGoogleSecretManagerServiceAccount", encoded_sa_crt_string) + except FileNotFoundError: + print("The google service account json was not found.") + raise SystemExit(1) + + if not self.settings.get("config.configmap.cnGoogleProjectId"): + try: + with open("google_service_account.json", "r") as google_sa: + sa = json.load(google_sa) + self.settings.set("config.configmap.cnGoogleProjectId", sa["project_id"]) + except FileNotFoundError: + print("The google service account json was not found." + "your settings.json.") + if not self.settings.get("config.configmap.cnGoogleProjectId"): + self.settings.set("config.configmap.cnGoogleProjectId", + click.prompt("Please enter the google project ID", + default="")) \ No newline at end of file diff --git a/helm/pygluu/kubernetes/terminal/helm.py b/helm/pygluu/kubernetes/terminal/helm.py new file mode 100644 index 00000000000..33614fc4b95 --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/helm.py @@ -0,0 +1,106 @@ +""" +pygluu.kubernetes.terminal.helm +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for helm terminal prompts. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" +import click + + +class PromptHelm: + + def __init__(self, settings): + self.settings = settings + + def prompt_helm(self): + """Prompts for helm installation and returns updated settings. + + :return: + """ + if self.settings.get("installer-settings.releaseName") in ("None", ''): + self.settings.set("installer-settings.releaseName", + click.prompt("Please enter Gluu helm name", default="gluu")) + + # ALPHA-FEATURE: Multi cluster ldap replication + if self.settings.get("global.cnPersistenceType") in ("hybrid", "ldap") and \ + not self.settings.get("opendj.multiCluster.enabled"): + self.settings.set("opendj.multiCluster.enabled", + click.confirm("Are you setting up a multi kubernetes cluster")) + + if self.settings.get("opendj.multiCluster.enabled"): + + if self.settings.get("opendj.multiCluster.serfAdvertiseAddrSuffix") in (None, ''): + self.settings.set("opendj.multiCluster.serfAdvertiseAddrSuffix", + click.prompt("Please enter Serf advertise " + "address suffix. You must be able to " + "resolve this address in your DNS", + default="regional.gluu.org")) + + if self.settings.get("opendj.multiCluster.replicaCount") in (None, ''): + self.settings.set("opendj.multiCluster.replicaCount", + int(click.prompt("Enter the number of opendj statefulsets to create." + " Each will have an advertise address of" + " RELEASE-NAME-opendj-regional-" + "{{statefulset number}}-{Serf address suffix }} ", default="1", + type=click.Choice(["1", "2", "3", "4", "5", "6", "7", "8", "9"])))) + + if self.settings.get("installer-settings.ldap.subsequentCluster") in (None, ''): + self.settings.set("installer-settings.ldap.subsequentCluster", + click.confirm("Is this a subsequent kubernetes cluster " + "( 2nd and above)")) + + if not self.settings.get("opendj.multiCluster.clusterId"): + self.settings.set("opendj.multiCluster.clusterId", + click.prompt("Please enter a cluster ID that distinguishes " + "this cluster from any subsequent clusters. i.e " + "west, east, north, south, test..", default="test")) + + if self.settings.get("opendj.multiCluster.namespaceIntId") in (None, ''): + self.settings.set("opendj.multiCluster.namespaceIntId", + int(click.prompt("Namespace int id. This id needs to be a unique number 0-9 per gluu " + "installation per namespace. Used when gluu is installed in the " + "same kubernetes cluster more than once.", default="0", + type=click.Choice(["0", "1", "2", "3", + "4", "5", "6", "7", "8", "9"])))) + + if not self.settings.get("installer-settings.ldap.multiClusterIds") or \ + not isinstance(self.settings.get("installer-settings.ldap.multiClusterIds"), list): + temp = click.prompt("Please enter the cluster IDs for all other subsequent " + "clusters i.e west, east, north, south, test..seperated by a comma with " + "no quotes , or brackets " + "Forexample, if there was three other clusters ( not including this one)" + " that Gluu will be installed three cluster IDs will be needed. " + "This is to help generate the serf addresses automatically.", + default="dev,stage,prod") + temp = temp.replace(" ", "") + temp_array = temp.split(",") + self.settings.set("installer-settings.ldap.multiClusterIds", list(temp_array)) + + if self.settings.get("opendj.multiCluster.serfPeers") in (None, '') or \ + not isinstance(self.settings.get("opendj.multiCluster.serfPeers"), list): + alist = [] + # temp list to hold all cluster ids including the id of the cluster Gluu is being installed on + cluster_ids = self.settings.get("installer-settings.ldap.multiClusterIds") + if self.settings.get("installer-settings.ldap.clusterId") not in cluster_ids: + cluster_ids.append(self.settings.get("installer-settings.ldap.clusterId")) + for i in range(self.settings.get("installer-settings.ldap.multiClusterIds")): + for cluster_id in cluster_ids: + alist.append(f'{self.settings.get("installer-settings.releaseName")}' + f'-opendj-{cluster_id}-regional-{i}-' + f'{self.settings.get("opendj.multiCluster.serfAdvertiseAddrSuffix")}:3094{i}') + self.settings.set("opendj.multiCluster.serfAdvertiseAddrSuffix", alist) + + if self.settings.get("installer-settings.nginxIngress.releaseName") in (None, '') and \ + self.settings.get("installer-settings.aws.lbType") != "alb": + self.settings.set("installer-settings.nginxIngress.releaseName", + click.prompt("Please enter nginx-ingress helm name", + default="ningress")) + + if self.settings.get("installer-settings.nginxIngress.namespace") in (None, '') and self.settings.get( + "installer-settings.aws.lbType") != "alb": + self.settings.set("installer-settings.nginxIngress.namespace", + click.prompt("Please enter nginx-ingress helm namespace", + default="ingress-nginx")) diff --git a/helm/pygluu/kubernetes/terminal/helpers.py b/helm/pygluu/kubernetes/terminal/helpers.py new file mode 100644 index 00000000000..335269f071c --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/helpers.py @@ -0,0 +1,125 @@ +""" +pygluu.kubernetes.terminal.common +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers for terminal prompt classes + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" +import base64 +from pathlib import Path + +import click +from pygluu.kubernetes.helpers import get_logger + +logger = get_logger("gluu-prompt-common") + + +def gather_ip(): + """Attempts to detect and return ip automatically. + Also set node names, zones, and addresses in a cloud deployment. + + :return: + """ + from pygluu.kubernetes.kubeapi import Kubernetes + from pygluu.kubernetes.settings import ValuesHandler + import ipaddress + kubernetes = Kubernetes() + settings = ValuesHandler() + logger.info("Determining OS type and attempting to gather external IP address") + ip = "" + + # detect IP address automatically (if possible) + try: + node_ip_list = [] + node_zone_list = [] + node_name_list = [] + node_list = kubernetes.list_nodes().items + + for node in node_list: + node_name = node.metadata.name + node_addresses = kubernetes.read_node(name=node_name).status.addresses + if settings.get("global.storageClass.provisioner") in ("microk8s.io/hostpath", + "k8s.io/minikube-hostpath"): + for add in node_addresses: + if add.type == "InternalIP": + ip = add.address + node_ip_list.append(ip) + else: + for add in node_addresses: + if add.type == "ExternalIP": + ip = add.address + node_ip_list.append(ip) + # Digital Ocean does not provide zone support yet + if settings.get("global.storageClass.provisioner") not in ("dobs.csi.digitalocean.com", + "openebs.io/local"): + node_zone = node.metadata.labels["failure-domain.beta.kubernetes.io/zone"] + node_zone_list.append(node_zone) + node_name_list.append(node_name) + + settings.set("installer-settings.nodes.names", node_name_list) + settings.set("installer-settings.nodes.zones", node_zone_list) + settings.set("installer-settings.nodes.ips", node_ip_list) + + if settings.get("global.storageClass.provisioner") in ("kubernetes.io/aws-ebs", + "kubernetes.io/gce-pd", + "kubernetes.io/azure-disk", + "dobs.csi.digitalocean.com", + "openebs.io/local"): + # Assign random IP. IP will be changed by either the update ip script, GKE external ip or nlb ip + return "22.22.22.22" + + except Exception as e: + logger.error(e) + # prompt for user-inputted IP address + logger.warning("Cannot determine IP address") + ip = click.prompt("Please input the host's external IP address") + + if click.confirm(f"Is this the correct external IP address: {ip}", default=True): + return ip + + while True: + ip = click.prompt("Please input the host's external IP address") + try: + ipaddress.ip_address(ip) + return ip + except ValueError as exc: + # raised if IP is invalid + logger.warning(f"Cannot determine IP address; reason={exc}") + + +def read_file(file): + """ + + @param file: + @return: + """ + try: + _ = input("Hit 'enter' or 'return' when ready.") + with open(Path(file)) as content_file: + content = content_file.read() + encoded_content_bytes = base64.b64encode(content.encode("utf-8")) + encoded_content_string = str(encoded_content_bytes, "utf-8") + return encoded_content_string + except FileNotFoundError: + logger.error(f"File {file} not found.") + raise SystemExit(1) + + +def read_file_bytes(file): + """ + + @param file: + @return: + """ + try: + _ = input("Hit 'enter' or 'return' when ready.") + with open(Path(file), 'rb') as content_file: + content = content_file.read() + encoded_content_bytes = base64.b64encode(content) + encoded_content_string = str(encoded_content_bytes, "utf-8") + return encoded_content_string + except FileNotFoundError: + logger.error(f"File {file} not found.") + raise SystemExit(1) diff --git a/helm/pygluu/kubernetes/terminal/images.py b/helm/pygluu/kubernetes/terminal/images.py new file mode 100644 index 00000000000..81c0525b834 --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/images.py @@ -0,0 +1,71 @@ +""" +pygluu.kubernetes.terminal.image +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for image names and tags terminal prompts. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" +import click + + +class PromptImages: + """Prompt is used for prompting users for input used in deploying Gluu. + """ + def __init__(self, settings): + self.settings = settings + + def prompt_image_name_tag(self): + """Manual prompts for image names and tags if changed from default or at a different repository. + """ + + def prompt_and_set_setting(service, image): + repository = f'{image}.image.repository' + tag = f'{image}.image.tag' + settings = self.settings + settings.set(repository, + click.prompt(f"{service} image name", + default=self.settings.get(repository))) + settings.set(tag, + click.prompt(f"{service} image tag", + default=self.settings.get(tag))) + + if self.settings.get("installer-settings.images.edit") in (None, ''): + self.settings.set("installer-settings.images.edit", click.confirm( + "Would you like to manually edit the image source/name and tag")) + + if self.settings.get("installer-settings.images.edit"): + # CASA + if self.settings.get("config.configmap.cnCasaEnabled"): + prompt_and_set_setting("Casa", "casa") + # CONFIG + prompt_and_set_setting("Config", "config") + # CACHE_REFRESH_ROTATE + if self.settings.get("global.cr-rotate.enabled"): + prompt_and_set_setting("CR-rotate", "cr-rotate") + # KEY_ROTATE + if self.settings.get("global.auth-server-key-rotation.enabled"): + prompt_and_set_setting("Key rotate", "auth-server-key-rotation") + # LDAP + if self.settings.get("config.configmap.cnCacheType") in ("hybrid", "ldap"): + prompt_and_set_setting("OpenDJ", "opendj") + # Jackrabbit + prompt_and_set_setting("jackrabbit", "jackrabbit") + # AUTH_SERVER + prompt_and_set_setting("Auth-Server", "auth-server") + # CONFIG_API + if self.settings.get("global.config-api.enabled"): + prompt_and_set_setting("Config-API", "config-api") + # CLIENT_API + if self.settings.get("global.client-api.enabled"): + prompt_and_set_setting("CLIENT_API server", "client-api") + # OXPASSPORT + if self.settings.get("config.configmap.cnPassportEnabled"): + prompt_and_set_setting("oxPassport", "oxpassport") + # OXSHIBBBOLETH + if self.settings.get("global.oxshibboleth.enabled"): + prompt_and_set_setting("oxShibboleth", "oxshibboleth") + # PERSISTENCE + prompt_and_set_setting("Persistence", "persistence") + self.settings.set("installer-settings.images.edit", False) diff --git a/helm/pygluu/kubernetes/terminal/istio.py b/helm/pygluu/kubernetes/terminal/istio.py new file mode 100644 index 00000000000..6ee92a21cc9 --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/istio.py @@ -0,0 +1,48 @@ +""" +pygluu.kubernetes.terminal.istio +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for istio terminal prompts. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" +import click +from pygluu.kubernetes.helpers import get_logger + +logger = get_logger("gluu-prompt-istio ") + + +class PromptIstio: + """Prompt is used for prompting users for input used in deploying Gluu. + """ + + def __init__(self, settings): + self.settings = settings + + def prompt_istio(self): + """Prompt for Istio + """ + if self.settings.get("global.istio.ingress") in (None, '') \ + and self.settings.get("global.storageClass.provisioner") not in \ + ("microk8s.io/hostpath", "k8s.io/minikube-hostpath"): + self.settings.set("global.istio.ingress", click.confirm("[Alpha] Would you like to use " + "Istio Ingress with Gluu ?")) + if self.settings.get("global.istio.ingress"): + self.settings.set("global.istio.enabled", True) + + if self.settings.get("global.istio.enabled") in (None, ''): + logger.info("Please follow https://istio.io/latest/docs/ to learn more.") + logger.info("Istio will auto inject side cars into all pods in Gluus namespace chosen. " + "The label istio-injection=enabled will be added to the namespace Gluu will be installed in " + "if the namespace does not exist. If it does please run " + "kubectl label namespace istio-injection=enabled") + self.settings.set("global.istio.enabled", click.confirm("[Alpha] Would you like to use Istio with Gluu ?")) + + if self.settings.get("global.istio.namespace") in (None, '') and self.settings.get("global.istio.enabled"): + self.settings.set("global.istio.namespace", click.prompt("Istio namespace", + default="istio-system")) + + if self.settings.get("config.configmap.lbAddr") in (None, ''): + self.settings.set("config.configmap.lbAddr", click.prompt("Istio loadbalancer adderss(eks) or " + "ip (gke, aks, digital ocean, local)", default="")) diff --git a/helm/pygluu/kubernetes/terminal/jackrabbit.py b/helm/pygluu/kubernetes/terminal/jackrabbit.py new file mode 100644 index 00000000000..28ddbf3fbc3 --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/jackrabbit.py @@ -0,0 +1,72 @@ +""" +pygluu.kubernetes.terminal.jackrabbit +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for jackrabbit terminal prompts. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" +import click + +from pygluu.kubernetes.helpers import get_logger, prompt_password +from pygluu.kubernetes.terminal.postgres import PromptPostgres + +logger = get_logger("gluu-prompt-jackrabbit") + + +class PromptJackrabbit: + """Prompt is used for prompting users for input used in deploying Gluu. + """ + + def __init__(self, settings): + self.settings = settings + self.postgres = PromptPostgres(self.settings) + + def prompt_jackrabbit(self): + """Prompts for Jackrabbit content repository + """ + if self.settings.get("global.jackrabbit.enabled") in (None, ''): + logger.info("Jackrabbit must be installed. If the following prompt is answered with N it is assumed " + "the jackrabbit content repository is either installed locally or remotely") + self.settings.set("global.jackrabbit.enabled", + click.confirm("Install Jackrabbit content repository", default=True)) + + jackrabbit_cluster_prompt = "Is" + if self.settings.get("global.jackrabbit.enabled"): + if self.settings.get("jackrabbit.storage.size") in (None, ''): + self.settings.set("jackrabbit.storage.size", click.prompt( + "Size of Jackrabbit content repository volume storage", default="4Gi")) + self.settings.set("config.configmap.cnJackrabbitUrl", "http://jackrabbit:8080") + jackrabbit_cluster_prompt = "Enable" + + if self.settings.get("config.configmap.cnJackrabbitUrl") in (None, ''): + self.settings.set("config.configmap.cnJackrabbitUrl", click.prompt("Please enter jackrabbit url.", + default="http://jackrabbit:8080")) + if self.settings.get("config.configmap.cnJackrabbitAdminId") in (None, ''): + self.settings.set("config.configmap.cnJackrabbitAdminId", + click.prompt("Please enter Jackrabbit admin user", default="admin")) + + if self.settings.get("jackrabbit.secrets.cnJackrabbitAdminPassword") in (None, ''): + self.settings.set("jackrabbit.secrets.cnJackrabbitAdminPassword", prompt_password("jackrabbit-admin", 24)) + + if self.settings.get("installer-settings.jackrabbit.clusterMode") in (None, ''): + self.settings.set("installer-settings.jackrabbit.clusterMode", + click.confirm("{} Jackrabbit in cluster mode[beta] " + "Recommended in production" + .format(jackrabbit_cluster_prompt), default=True)) + if self.settings.get("installer-settings.jackrabbit.clusterMode"): + self.postgres.prompt_postgres() + if self.settings.get("config.configmap.cnJackrabbitPostgresUser") in (None, ''): + self.settings.set("config.configmap.cnJackrabbitPostgresUser", + click.prompt("Please enter a user for jackrabbit postgres database", + default="jackrabbit")) + + if self.settings.get("jackrabbit.secrets.cnJackrabbitPostgresPassword") in (None, ''): + self.settings.set("jackrabbit.secrets.cnJackrabbitPostgresPassword", + prompt_password("jackrabbit-postgres")) + + if self.settings.get("config.configmap.cnJackrabbitPostgresDatabaseName") in (None, ''): + self.settings.set("config.configmap.cnJackrabbitPostgresDatabaseName", + click.prompt("Please enter jackrabbit postgres database name", + default="jackrabbit")) diff --git a/helm/pygluu/kubernetes/terminal/ldap.py b/helm/pygluu/kubernetes/terminal/ldap.py new file mode 100644 index 00000000000..be2b2fd7038 --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/ldap.py @@ -0,0 +1,45 @@ +""" +pygluu.kubernetes.terminal.ldap +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for ldap terminal prompts. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" +import click + + +class PromptLdap: + """Prompt is used for prompting users for input used in deploying Gluu. + """ + + def __init__(self, settings): + self.settings = settings + + def prompt_hybrid_ldap_held_data(self): + """Prompts for data held in ldap when hybrid mode is chosen in persistence + """ + hybrid_ldap_map = { + 1: "default", + 2: "user", + 3: "site", + 4: "cache", + 5: "token", + 6: "session", + } + + if self.settings.get("config.configmap.cnPersistenceLdapMapping") not in hybrid_ldap_map.values(): + print("|------------------------------------------------------------------|") + print("| Hybrid [OpenDJ + Couchbase] |") + print("|------------------------------------------------------------------|") + print("| [1] Default |") + print("| [2] User |") + print("| [3] Site |") + print("| [4] Cache |") + print("| [5] Token |") + print("| [6] Session |") + print("|------------------------------------------------------------------|") + + choice = click.prompt("Cache layer", default=1) + self.settings.set("config.configmap.cnPersistenceLdapMapping", hybrid_ldap_map.get(choice, "default")) diff --git a/helm/pygluu/kubernetes/terminal/license.py b/helm/pygluu/kubernetes/terminal/license.py new file mode 100644 index 00000000000..0389248e463 --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/license.py @@ -0,0 +1,35 @@ +""" +pygluu.kubernetes.terminal.license +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for terminal license prompt . + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" +from pygluu.kubernetes.helpers import get_logger +import click + +logger = get_logger("gluu-prompt-license") + + +class PromptLicense: + + def __init__(self, settings, accept_license=False): + self.settings = settings + if accept_license: + self.settings.set("installer-settings", True) + self.prompt_license() + + def prompt_license(self): + """Prompts user to accept Apache 2.0 license + """ + if not self.settings.get("installer-settings.acceptLicense"): + with open("./LICENSE") as f: + print(f.read()) + + self.settings.set("installer-settings.acceptLicense", + click.confirm("Do you accept the Gluu license stated above")) + if not self.settings.get("installer-settings.acceptLicense"): + logger.info("License not accepted.") + raise SystemExit(1) diff --git a/helm/pygluu/kubernetes/terminal/namespace.py b/helm/pygluu/kubernetes/terminal/namespace.py new file mode 100644 index 00000000000..6b39a0cc371 --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/namespace.py @@ -0,0 +1,24 @@ +""" +pygluu.kubernetes.terminal.namespace +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for namespace terminal prompts. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" + +import click + + +class PromptNamespace: + + def __init__(self, settings): + self.settings = settings + + def prompt_gluu_namespace(self): + """Prompt to enable optional services + """ + if self.settings.get("installer-settings.namespace") in (None, ''): + self.settings.set("installer-settings.namespace", + click.prompt("Namespace to deploy Gluu in", default="gluu")) diff --git a/helm/pygluu/kubernetes/terminal/openbanking.py b/helm/pygluu/kubernetes/terminal/openbanking.py new file mode 100644 index 00000000000..a5ed60f18ef --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/openbanking.py @@ -0,0 +1,130 @@ +""" +pygluu.kubernetes.terminal.openbanking +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for terminal openbanking prompts . + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" + +import click +from pygluu.kubernetes.terminal.helpers import read_file, read_file_bytes +from pygluu.kubernetes.helpers import exec_cmd, prompt_password + + +class PromptOpenBanking: + """Prompt is used for prompting users for input used in deploying Gluu OpenBanking distribution. + """ + + def __init__(self, settings): + self.settings = settings + + def prompt_openbanking(self): + """Prompts for OpenBanking distribution . + """ + + if self.settings.get("global.cnObExtSigningJwksUri") in ("None", ''): + self.settings.set("global.cnObExtSigningJwksUri", + click.prompt("Open banking external signing jwks uri. Used in SSA Validation.", + default="https://keystore.openbankingtest.org.uk/keystore/openbanking.jwks")) + + if self.settings.get("global.cnObExtSigningJwksCrt") in ("None", ''): + print( + "Place the Open banking external signing jwks AS certificate string in a file named obsigning.pem. " + "Used in SSA Validation. " + " This will be encoded using base64 so please do not encode it.") + encoded_obsigning_pem = read_file("./obsigning.pem") + self.settings.set("global.cnObExtSigningJwksCrt", encoded_obsigning_pem) + + if self.settings.get("global.cnObExtSigningJwksKey") in ("None", ''): + print( + "Place the Open banking external signing jwks AS key string in a file named obsigning.key. Used in " + "SSA Validation. " + " This will be encoded using base64 so please do not encode it.") + encoded_obsigning_pem = read_file("./obsigning.key") + self.settings.set("global.cnObExtSigningJwksKey", encoded_obsigning_pem) + + # TODO: its possible that there is no passphrase for the key, + # and hence the below prompt will always prompt which will affect CI/CD. + # An installer param should be prompted for that case. + if self.settings.get("global.cnObExtSigningJwksKeyPassPhrase") in ("None", ''): + self.settings.set("global.cnObExtSigningJwksKeyPassPhrase", + click.prompt( + "OOpen banking external signing jwks AS key passphrase to unlock provided key.", + default="")) + + if self.settings.get("global.cnObExtSigningAlias") in ("None", ''): + self.settings.set("global.cnObExtSigningAlias", + click.prompt("Open banking external signing AS Alias. " + "This is a kid value.Used in SSA Validation, " + "kid used while encoding a JWT sent to token URL", + default="XkwIzWy44xWSlcWnMiEc8iq9s2G")) + + if self.settings.get("global.cnObStaticSigningKeyKid") in ("None", ''): + self.settings.set("global.cnObStaticSigningKeyKid", + click.prompt("Open banking signing AS kid to force the AS to use a specific signing key", + default="Wy44xWSlcWnMiEc8iq9s2G")) + + if self.settings.get("global.cnObTransportCrt") in ("None", ''): + print( + "Place the Open banking AS transport certificate string in a file named obtransport.pem. Used in SSA " + "Validation. " + " This will be encoded using base64 so please do not encode it.") + encoded_obtransport_pem = read_file("./obtransport.pem") + self.settings.set("global.cnObTransportCrt", encoded_obtransport_pem) + + if self.settings.get("global.cnObTransportKey") in ("None", ''): + print("Place the Open banking AS transport ke string in a file named obtransport.key. Used in SSA " + "Validation. " + " This will be encoded using base64 so please do not encode it.") + encoded_obtransport_key = read_file("./obtransport.key") + self.settings.set("global.cnObTransportKey", encoded_obtransport_key) + + # TODO: its possible that there is no passphrase for the key, + # and hence the below prompt will always prompt which will affect CI/CD. + # An installer param should be prompted for that case. + if self.settings.get("global.cnObTransportKeyPassPhrase") in ("None", ''): + self.settings.set("global.cnObTransportKeyPassPhrase", + click.prompt("Open banking AS transport key passphrase to unlock AS transport key.", + default="")) + + if self.settings.get("global.cnObTransportAlias") in ("None", ''): + self.settings.set("global.cnObTransportAlias", + click.prompt("Open banking transport Alias used inside the JVM", + default="OpenBankingAsTransport")) + + if self.settings.get("installer-settings.openbanking.hasCnObTransportTrustStore") in ("None", ''): + self.settings.set("installer-settings.openbanking.hasCnObTransportTrustStore", + click.confirm("Do you have the Open banking AS transport truststore crt. " + "This is normally generated from the OB issuing CA, " + "OB Root CA and Signing CA.", + default=False)) + + if self.settings.get("global.cnObTransportTrustStore") in ("None", ''): + if self.settings.get("installer-settings.openbanking.hasCnObTransportTrustStore"): + print("Place the Open banking AS transport truststore p12 in a file " + "named obtransporttruststore.p12. Used in SSA " + "Validation. " + " This will be encoded using base64 so please do not encode it.") + encoded_transport_truststore_pem = read_file_bytes("./obtransporttruststore.p12") + self.settings.set("global.cnObTransportTrustStore", encoded_transport_truststore_pem) + else: + print("Place the Open banking issuing CA, OB Root CA and Signing CA string in one file " + "named obcas.pem. Example command: cat obissuingca.pem obrootca.pem obsigningca.pem > obcas.pem " + "This will be used to generate the ob transport truststore p12 file " + " This will be encoded using base64 so please do not encode it.") + # check file is there + read_file("./obcas.pem") + if self.settings.get("installer-settings.openbanking.cnObTransportTrustStoreP12password") in ("None", ''): + self.settings.set("installer-settings.openbanking.cnObTransportTrustStoreP12password", + prompt_password("Open Banking CAs")) + try: + stdout, stderr, retcode = exec_cmd( + f'keytool -importcert -file obcas.pem -keystore ob-transport-truststore.p12 -noprompt ' + f'-alias obkeystore ' + f'-storepass {self.settings.get("installer-settings.openbanking.cnObTransportTrustStoreP12password")}') + except FileNotFoundError: + print("Please install keytool.") + encoded_transport_truststore_pem = read_file_bytes("./ob-transport-truststore.p12") + self.settings.set("global.cnObTransportTrustStore", encoded_transport_truststore_pem) diff --git a/helm/pygluu/kubernetes/terminal/optionalservices.py b/helm/pygluu/kubernetes/terminal/optionalservices.py new file mode 100644 index 00000000000..c1dcde8e51b --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/optionalservices.py @@ -0,0 +1,69 @@ +""" +pygluu.kubernetes.terminal.optionalservices +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for optional services terminal prompts. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" + +import click + + +class PromptOptionalServices: + """Prompt is used for prompting users for input used in deploying Gluu. + """ + + def __init__(self, settings): + self.settings = settings + + def prompt_optional_services(self): + if self.settings.get("global.cr-rotate.enabled") in (None, ''): + self.settings.set("global.cr-rotate.enabled", click.confirm("Deploy Cr-Rotate")) + + if self.settings.get("global.auth-server-key-rotation.enabled") in (None, ''): + self.settings.set("global.auth-server-key-rotation.enabled", click.confirm("Deploy Key-Rotation")) + + if self.settings.get("global.auth-server-key-rotation.enabled"): + if self.settings.get("auth-server-key-rotation.keysLife") in (None, ''): + self.settings.set("auth-server-key-rotation.keysLife", + click.prompt("Auth-Server keys life in hours", default=48)) + + if self.settings.get("config.configmap.cnPassportEnabled") in (None, ''): + self.settings.set("config.configmap.cnPassportEnabled", click.confirm("Deploy Passport")) + + if self.settings.get("global.oxshibboleth.enabled") in (None, ''): + self.settings.set("global.oxshibboleth.enabled", click.confirm("Deploy Shibboleth SAML IDP")) + + if self.settings.get("config.configmap.cnCasaEnabled") in (None, ''): + self.settings.set("config.configmap.cnCasaEnabled", click.confirm("Deploy Casa")) + if self.settings.get("config.configmap.cnCasaEnabled"): + self.settings.set("global.client-api.enabled", True) + + if self.settings.get("global.fido2.enabled") in (None, ''): + self.settings.set("global.fido2.enabled", click.confirm("Deploy fido2")) + + if self.settings.get("global.config-api.enabled") in (None, ''): + self.settings.set("global.config-api.enabled", click.confirm("Deploy Config API")) + + if self.settings.get("global.scim.enabled") in (None, ''): + self.settings.set("global.scim.enabled", click.confirm("Deploy scim")) + + if self.settings.get("global.scim.enabled") in (None, ''): + self.settings.set("config.configmap.cnScimProtectionMode", + click.prompt("SCIM Protection mode", default="OAUTH", + type=click.Choice(["OAUTH", "TEST", "UMA"]))) + + if self.settings.get("global.client-api.enabled") in (None, ''): + self.settings.set("global.client-api.enabled", click.confirm("Deploy Client API")) + + if self.settings.get("global.client-api.enabled"): + if self.settings.get("config.configmap.cnClientApiApplicationCertCn") in (None, ''): + self.settings.set("config.configmap.cnClientApiApplicationCertCn", + click.prompt("Client API application keystore name", + default="client-api")) + if self.settings.get("config.configmap.cnClientApiAdminCertCn") in (None, ''): + self.settings.set("config.configmap.cnClientApiAdminCertCn", + click.prompt("Client API admin keystore name", + default="client-api")) diff --git a/helm/pygluu/kubernetes/terminal/persistencebackend.py b/helm/pygluu/kubernetes/terminal/persistencebackend.py new file mode 100644 index 00000000000..8f43916f6b6 --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/persistencebackend.py @@ -0,0 +1,47 @@ +""" +pygluu.kubernetes.terminal.persistencebackend +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for persistence backend terminal prompts. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" +import click + + +class PromptPersistenceBackend: + """Prompt is used for prompting users for input used in deploying Gluu. + """ + + def __init__(self, settings): + self.settings = settings + + def prompt_persistence_backend(self): + """Prompts for persistence backend layer + """ + persistence_map = { + 1: "ldap", + 2: "couchbase", + 3: "hybrid", + 4: "spanner", + 5: "sql" + } + + if self.settings.get("global.cnPersistenceType") not in persistence_map.values(): + print("|------------------------------------------------------------------|") + print("| Persistence layer |") + print("|------------------------------------------------------------------|") + print("| [1] OpenDJ [default] |") + print("| [2] Couchbase |") + print("| [3] Hybrid(OpenDJ + Couchbase) |") + print("| [4] Google Spanner |") + print("| [5] SQL(MySQL or PostgreSQL) |") + print("|------------------------------------------------------------------|") + + choice = click.prompt("Persistence layer", default=1) + self.settings.set("global.cnPersistenceType", persistence_map.get(choice, "ldap")) + + self.settings.set("global.opendj.enabled", False) + if self.settings.get("global.cnPersistenceType") == "ldap": + self.settings.set("global.opendj.enabled", True) diff --git a/helm/pygluu/kubernetes/terminal/postgres.py b/helm/pygluu/kubernetes/terminal/postgres.py new file mode 100644 index 00000000000..a3f94839510 --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/postgres.py @@ -0,0 +1,58 @@ +""" +pygluu.kubernetes.terminal.postgres +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for postgres terminal prompts. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" + +import click + + +class PromptPostgres: + """Prompt is used for prompting users for input used in deploying Gluu. + """ + + def __init__(self, settings): + self.settings = settings + + def prompt_postgres(self): + """Prompts for Postgres. + """ + if not self.settings.get("installer-settings.postgres.install"): + self.settings.set("installer-settings.postgres.install", + click.confirm("For the following prompt if N is placed " + "Postgres is assumed to be" + " installed or remotely provisioned. " + "Install Bitnami Postgres chart?", + default=True)) + if self.settings.get("installer-settings.postgres.install"): + if not self.settings.get("installer-settings.postgres.namespace"): + namespace = click.prompt("Please enter a namespace for postgres.", default="postgres") + self.settings.set("installer-settings.postgres.namespace", namespace) + + self.settings.set("config.configmap.cnSqlDbHost", + f"postgresql.{self.settings.get('installer-settings.postgres.namespace')}." + f"svc.cluster.local") + + self.settings.set("config.configmap.cnJackrabbitPostgresHost", + f"postgresql.jackrabbit{self.settings.get('installer-settings.postgres.namespace')}." + f"svc.cluster.local") + + if not self.settings.get("config.configmap.cnSqlDbHost"): + url = click.prompt( + "Please enter postgres (remote or local) " + "URL base name.", + default=f"postgresql.{self.settings.get('installer-settings.postgres.namespace')}.svc.cluster.local", + ) + self.settings.set("config.configmap.cnSqlDbHost", url) + + if not self.settings.get("config.configmap.cnJackrabbitPostgresHost"): + url = click.prompt( + "Please enter postgres (remote or local) " + "URL base name. If postgres is to be installed", + default=f"postgresql.jackrabbit{self.settings.get('installer-settings.postgres.namespace')}.svc.cluster.local", + ) + self.settings.set("config.configmap.cnJackrabbitPostgresHost", url) diff --git a/helm/pygluu/kubernetes/terminal/prompt.py b/helm/pygluu/kubernetes/terminal/prompt.py new file mode 100644 index 00000000000..5cad0636c55 --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/prompt.py @@ -0,0 +1,236 @@ +""" +pygluu.kubernetes.terminal.prompt +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to initialize all terminal prompts to +interact with user's inputs for terminal installations. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" + +from pygluu.kubernetes.settings import ValuesHandler +from pygluu.kubernetes.terminal.confirmsettings import PromptConfirmSettings +from pygluu.kubernetes.terminal.volumes import PromptVolumes +from pygluu.kubernetes.terminal.configuration import PromptConfiguration +from pygluu.kubernetes.terminal.jackrabbit import PromptJackrabbit +from pygluu.kubernetes.terminal.istio import PromptIstio +from pygluu.kubernetes.terminal.replicas import PromptReplicas +from pygluu.kubernetes.terminal.couchbase import PromptCouchbase +from pygluu.kubernetes.terminal.architecture import PromptArch +from pygluu.kubernetes.terminal.namespace import PromptNamespace +from pygluu.kubernetes.terminal.optionalservices import PromptOptionalServices +from pygluu.kubernetes.terminal.testenv import PromptTestEnvironment +from pygluu.kubernetes.terminal.aws import PromptAws +from pygluu.kubernetes.terminal.helpers import gather_ip +from pygluu.kubernetes.terminal.persistencebackend import PromptPersistenceBackend +from pygluu.kubernetes.terminal.ldap import PromptLdap +from pygluu.kubernetes.terminal.images import PromptImages +from pygluu.kubernetes.terminal.cache import PromptCache +from pygluu.kubernetes.terminal.backup import PromptBackup +from pygluu.kubernetes.terminal.license import PromptLicense +from pygluu.kubernetes.terminal.version import PromptVersion +from pygluu.kubernetes.terminal.sql import PromptSQL +from pygluu.kubernetes.terminal.google import PromptGoogle +from pygluu.kubernetes.terminal.openbanking import PromptOpenBanking +from pygluu.kubernetes.terminal.distribution import PromptDistribution +from pygluu.kubernetes.terminal.helm import PromptHelm +from pathlib import Path + + +class Prompt: + """Prompt is used for prompting users for input used in deploying Gluu. + """ + + def __init__(self): + self.settings = ValuesHandler() + + def load_settings(self): + self.settings = ValuesHandler() + self.settings.store_override_file() + + def license(self): + self.load_settings() + PromptLicense(self.settings) + + def versions(self): + self.load_settings() + PromptVersion(self.settings) + + def arch(self): + self.load_settings() + arch = PromptArch(self.settings) + arch.prompt_arch() + + def namespace(self): + self.load_settings() + namespace = PromptNamespace(self.settings) + namespace.prompt_gluu_namespace() + + def optional_services(self): + self.load_settings() + optional_services = PromptOptionalServices(self.settings) + optional_services.prompt_optional_services() + + def jackrabbit(self): + self.load_settings() + jackrabbit = PromptJackrabbit(self.settings) + jackrabbit.prompt_jackrabbit() + + def istio(self): + self.load_settings() + istio = PromptIstio(self.settings) + istio.prompt_istio() + + def test_enviornment(self): + self.load_settings() + test_environment = PromptTestEnvironment(self.settings) + if not self.settings.get("global.cloud.testEnviroment") and \ + self.settings.get("global.storageClass.provisioner") not in ("microk8s.io/hostpath", + "k8s.io/minikube-hostpath"): + test_environment.prompt_test_environment() + + def network(self): + if self.settings.get("global.lbIp") in ('None', ''): + ip = gather_ip() + self.load_settings() + self.settings.set("global.lbIp", ip) + + if "aws" in self.settings.get("installer-settings.volumeProvisionStrategy") and \ + not self.settings.get("global.istio.enabled"): + aws = PromptAws(self.settings) + aws.prompt_aws_lb() + + def persistence_backend(self): + self.load_settings() + persistence_backend = PromptPersistenceBackend(self.settings) + persistence_backend.prompt_persistence_backend() + + def ldap(self): + self.load_settings() + if self.settings.get("global.cnPersistenceType") == "hybrid": + ldap = PromptLdap(self.settings) + ldap.prompt_hybrid_ldap_held_data() + + def volumes(self): + self.load_settings() + volumes = PromptVolumes(self.settings) + if self.settings.get("global.cnPersistenceType") in ("hybrid", "ldap") or \ + self.settings.get("global.jackrabbit.enabled"): + volumes.prompt_volumes() + volumes.prompt_storage() + + def couchbase(self): + self.load_settings() + couchbase = PromptCouchbase(self.settings) + if self.settings.get("global.cnPersistenceType") in ("hybrid", "couchbase"): + couchbase.prompt_couchbase() + + def cache(self): + self.load_settings() + cache = PromptCache(self.settings) + cache.prompt_cache_type() + + def backup(self): + self.load_settings() + if self.settings.get("global.storageClass.provisioner") not in ("microk8s.io/hostpath", + "k8s.io/minikube-hostpath"): + backup = PromptBackup(self.settings) + backup.prompt_backup() + + def configuration(self): + self.load_settings() + configuration = PromptConfiguration(self.settings) + configuration.prompt_config() + + def images(self): + self.load_settings() + images = PromptImages(self.settings) + images.prompt_image_name_tag() + + def replicas(self): + self.load_settings() + replicas = PromptReplicas(self.settings) + replicas.prompt_replicas() + + def distribution(self): + self.load_settings() + dist = PromptDistribution(self.settings) + dist.prompt_distribution() + + def helm(self): + self.load_settings() + helm = PromptHelm(self.settings) + helm.prompt_helm() + + def openbanking(self): + self.load_settings() + if self.settings.get("global.distribution") == "openbanking": + # Disable all optional services from openbanking distribution + self.settings.set("global.cr-rotate.enabled", False) + self.settings.set("global.auth-server-key-rotation.enabled", False) + self.settings.set("config.configmap.cnPassportEnabled", False) + self.settings.set("global.oxshibboleth.enabled", False) + self.settings.set("config.configmap.cnCasaEnabled", False) + self.settings.set("global.client-api.enabled", False) + self.settings.set("global.fido2.enabled", False) + self.settings.set("global.scim.enabled", False) + self.settings.set("installer-settings.volumeProvisionStrategy", "microk8sDynamic") + # Jackrabbit might be enabled for this distribution later + self.settings.set("global.jackrabbit.enabled", False) + ob = PromptOpenBanking(self.settings) + ob.prompt_openbanking() + + def sql(self): + self.load_settings() + if self.settings.get("global.cnPersistenceType") == "sql": + spanner = PromptSQL(self.settings) + spanner.prompt_sql() + + def google(self): + self.load_settings() + if self.settings.get("global.cnPersistenceType") == "spanner": + spanner = PromptGoogle(self.settings) + spanner.prompt_google() + + def confirm_settings(self): + self.load_settings() + if not self.settings.get("installer-settings.confirmSettings"): + confirm_settings = PromptConfirmSettings(self.settings) + confirm_settings.confirm_params() + + def prompt(self): + """Main property: called to setup all prompts and returns prompts in settings file. + + :return: + """ + # Check if override file by customer exists if not empty the new one + if not Path("./override-values.yaml").exists(): + self.settings.reset_data() + self.license() + self.versions() + self.arch() + self.distribution() + self.openbanking() + self.namespace() + self.optional_services() + if self.settings.get("global.distribution") != "openbanking": + self.jackrabbit() + self.istio() + self.test_enviornment() + self.network() + self.persistence_backend() + self.ldap() + if self.settings.get("global.distribution") != "openbanking": + self.volumes() + self.sql() + self.google() + self.couchbase() + self.cache() + self.backup() + self.configuration() + self.images() + self.replicas() + self.helm() + self.confirm_settings() + self.settings.remove_empty_keys() diff --git a/helm/pygluu/kubernetes/terminal/redis.py b/helm/pygluu/kubernetes/terminal/redis.py new file mode 100644 index 00000000000..7ffaa55c256 --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/redis.py @@ -0,0 +1,58 @@ +""" +pygluu.kubernetes.terminal.redis +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for terminal redis prompts. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" +import click + +from pygluu.kubernetes.helpers import get_logger, prompt_password + +logger = get_logger("gluu-prompt-redis ") + + +class PromptRedis: + """Prompt is used for prompting users for input used in deploying Gluu. + """ + + def __init__(self, settings): + self.settings = settings + + def prompt_redis(self): + """Prompts for Redis + """ + if self.settings.get("config.configmap.cnRedisType") in (None, ''): + logger.info("STANDALONE, CLUSTER") + self.settings.set("config.configmap.cnRedisType", click.prompt("Please enter redis type", default="CLUSTER")) + + if self.settings.get("installer-settings.redis.install"): + logger.info("For the following prompt if placed [N] the Redis is assumed to be" + " installed or remotely provisioned") + self.settings.set("installer-settings.redis.install", click.confirm("Install Redis using Bitnami helm chart")) + + if self.settings.get("installer-settings.redis.install"): + if self.settings.get("installer-settings.redis.namespace") in (None, ''): + namespace = click.prompt("Please enter a namespace for Redis cluster", default="gluu-redis-cluster") + self.settings.set("installer-settings.redis.namespace", namespace) + + if self.settings.get("config.redisPassword") in (None, ''): + self.settings.set("config.redisPassword", prompt_password("Redis")) + + if self.settings.get("config.configmap.cnRedisUrl") in (None, ''): + if self.settings.get("installer-settings.redis.install"): + redis_url_prompt = "redis-cluster.{}.svc.cluster.local:6379".format( + self.settings.get("installer-settings.redis.namespace")) + else: + logger.info( + "Redis URL can be : redis-cluster.gluu-redis-cluster.svc.cluster.local:6379 in a redis deployment") + logger.info("Redis URL using AWS ElastiCach [Configuration Endpoint]: " + "clustercfg.testing-redis.icrbdv.euc1.cache.amazonaws.com:6379") + logger.info("Redis URL using Google MemoryStore : :6379") + redis_url_prompt = click.prompt( + "Please enter redis URL. If you are deploying redis", + default="redis-cluster.gluu-redis-cluster.svc.cluster.local:6379", + ) + self.settings.set("config.configmap.cnRedisUrl", redis_url_prompt) diff --git a/helm/pygluu/kubernetes/terminal/replicas.py b/helm/pygluu/kubernetes/terminal/replicas.py new file mode 100644 index 00000000000..b32436d6eb4 --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/replicas.py @@ -0,0 +1,52 @@ +""" +pygluu.kubernetes.terminal.replicas +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for terminal replicas prompts. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" +import click + + +class PromptReplicas: + """Prompt is used for prompting users for input used in deploying Gluu. + """ + + def __init__(self, settings): + self.settings = settings + + def prompt_replicas(self): + """Prompt number of replicas for Gluu apps + """ + if self.settings.get("auth-server.replicas") in (None, ''): + self.settings.set("auth-server.replicas", click.prompt("Number of Auth-Server replicas", default=1)) + + if self.settings.get("global.config-api.enabled") and self.settings.get("config-api.replicas") in (None, ''): + self.settings.set("config-api.replicas", click.prompt("Number of configAPI replicas", default=1)) + + if self.settings.get("global.fido2.enabled") and self.settings.get("fido2.replicas") in (None, ''): + self.settings.set("fido2.replicas", click.prompt("Number of fido2 replicas", default=1)) + + if self.settings.get("global.scim.enabled") and self.settings.get("scim.replicas") in (None, ''): + self.settings.set("scim.replicas", click.prompt("Number of scim replicas", default=1)) + + if self.settings.get("global.cnPersistenceType") in ("hybrid", "ldap") and \ + self.settings.get("opendj.replicas") in (None, ''): + self.settings.set("opendj.replicas", click.prompt("Number of LDAP replicas", default=1)) + + if self.settings.get("global.oxshibboleth.enabled") and \ + self.settings.get("oxshibboleth.replicas") in (None, ''): + self.settings.set("oxshibboleth.replicas", click.prompt("Number of oxShibboleth replicas", default=1)) + + if self.settings.get("config.configmap.cnPassportEnabled") and \ + self.settings.get("oxpassport.replicas") in (None, ''): + self.settings.set("oxpassport.replicas", click.prompt("Number of oxPassport replicas", default=1)) + + if self.settings.get("global.client-api.enabled") and self.settings.get("client-api.replicas") in (None, ''): + self.settings.set("client-api.replicas", click.prompt("Number of client-api replicas", default=1)) + + if self.settings.get("config.configmap.cnCasaEnabled") and self.settings.get("casa.replicas") in (None, ''): + self.settings.set("casa.replicas", click.prompt("Number of Casa replicas", default=1)) + diff --git a/helm/pygluu/kubernetes/terminal/sql.py b/helm/pygluu/kubernetes/terminal/sql.py new file mode 100644 index 00000000000..515dfea4e76 --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/sql.py @@ -0,0 +1,80 @@ +""" +pygluu.kubernetes.terminal.sql +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for jackrabbit terminal prompts. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" +import click + +from pygluu.kubernetes.helpers import get_logger, prompt_password + +logger = get_logger("gluu-prompt-sql") + + +class PromptSQL: + """Prompt is used for prompting users for input used in deploying Gluu. + """ + + def __init__(self, settings): + self.settings = settings + + def prompt_sql(self): + """Prompts for SQL server + """ + sql_dialect = { + 1: "mysql", + 2: "pgsql", + } + + if self.settings.get("config.configmap.cnSqlDbDialect") not in sql_dialect.values(): + print("|------------------------------------------------------------------|") + print("| SQL DIALECT |") + print("|------------------------------------------------------------------|") + print("| [1] MySQL |") + print("| [2] PostgreSQL |") + print("|------------------------------------------------------------------|") + + choice = click.prompt("SQL dialect", default=1) + self.settings.set("config.configmap.cnSqlDbDialect", sql_dialect.get(choice, "mysql")) + + if not self.settings.get("installer-settings.sql.install"): + logger.info( + "Install SQL dialect from Bitnamis charts.If the following prompt is answered with N it is assumed " + "the SQL server is installed remotely or locally by the user." + " A managed service such as Amazon Aurora or CloudSQL should be used in production setups.") + self.settings.set("installer-settings.sql.install", + click.confirm("Install SQL dialect from Bitnamis charts", default=True)) + + if self.settings.get("installer-settings.sql.install"): + self.settings.set("config.configmap.cnSqlDbPort", 3306) + if not self.settings.get("installer-settings.sql.namespace"): + self.settings.set("installer-settings.sql.namespace", + click.prompt("Please enter a namespace for the SQL server", default="sql")) + + self.settings.set("config.configmap.cnSqlDbHost", + f'gluu-mysql.{self.settings.get("installer-settings.sql.namespace")}.svc.cluster.local') + if self.settings.get("config.configmap.cnSqlDbDialect") == "pgsql": + self.settings.set("installer-settings.postgres.install", True) + self.settings.set("config.configmap.cnSqlDbHost", + f'gluu-postgresql.{self.settings.get("installer-settings.sql.namespace")}.svc.cluster.local') + self.settings.set("config.configmap.cnSqlDbPort", 5432) + if not self.settings.get("config.configmap.cnSqlDbHost"): + self.settings.set("config.configmap.cnSqlDbHost", + click.prompt("Please enter SQL (remote or local) URL base name", + default="gluu.sql.svc.cluster.local")) + if not self.settings.get("config.configmap.cnSqlDbPort"): + self.settings.set("config.configmap.cnSqlDbPort", click.prompt("Please enter SQL (remote or local) port " + "number", default=3306)) + if not self.settings.get("config.configmap.cnSqlDbUser"): + self.settings.set("config.configmap.cnSqlDbUser", click.prompt("Please enter a user for Gluu SQL database ", + default="gluu")) + + if not self.settings.get("config.configmap.cnSqldbUserPassword"): + self.settings.set("config.configmap.cnSqldbUserPassword", prompt_password("gluu-db-sql")) + + if not self.settings.get("config.configmap.cnSqlDbName"): + self.settings.set("config.configmap.cnSqlDbName", click.prompt("Please enter Gluu SQL database name", + default="gluu")) diff --git a/helm/pygluu/kubernetes/terminal/testenv.py b/helm/pygluu/kubernetes/terminal/testenv.py new file mode 100644 index 00000000000..d6e7502b360 --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/testenv.py @@ -0,0 +1,30 @@ +""" +pygluu.kubernetes.terminal.testenv +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for terminal test environment prompts. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" +import click +from pygluu.kubernetes.helpers import get_logger + +logger = get_logger("gluu-prompt-test-env") + + +class PromptTestEnvironment: + """Prompt is used for prompting users for input used in deploying Gluu. + """ + + def __init__(self, settings): + self.settings = settings + + def prompt_test_environment(self): + """Prompts for test environment. + """ + logger.info("A test environment means that the installer will strip all resource requirements, " + "and hence will use as much as needed only. The pods are subject to eviction. Please use " + " at least 8GB Ram , 4 CPU, and 50 GB disk.") + if self.settings.get("global.cloud.testEnviroment") in (None, ''): + self.settings.set("global.cloud.testEnviroment", click.confirm("Is this a test environment.")) diff --git a/helm/pygluu/kubernetes/terminal/upgrade.py b/helm/pygluu/kubernetes/terminal/upgrade.py new file mode 100644 index 00000000000..b25bc7ab3d0 --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/upgrade.py @@ -0,0 +1,39 @@ +""" +pygluu.kubernetes.terminal.upgrade +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for upgrade terminal prompts. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" + +import click + +from pygluu.kubernetes.helpers import get_supported_versions +from pygluu.kubernetes.terminal.images import PromptImages + + +class PromptUpgrade: + """Prompt is used for prompting users for input used in deploying Gluu. + """ + + def __init__(self, settings): + self.settings = settings + + def prompt_upgrade(self): + """Prompts for upgrade and returns updated settings. + :return: + """ + versions, version_number = get_supported_versions() + if self.settings.get("installer-settings.upgrade.targetVersion") in (None, ''): + self.settings.set("installer-settings.upgrade.targetVersion", click.prompt( + "Please enter the version to upgrade Gluu to", default=version_number, + )) + + image_names_and_tags = versions.get(self.settings.get("installer-settings.upgrade.targetVersion"), {}) + self.settings.update(image_names_and_tags) + + # reset this config to force image prompt + self.settings.set("installer-settings.image.edit", "") + PromptImages(self.settings).prompt_image_name_tag() diff --git a/helm/pygluu/kubernetes/terminal/version.py b/helm/pygluu/kubernetes/terminal/version.py new file mode 100644 index 00000000000..8d0a3d894c7 --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/version.py @@ -0,0 +1,38 @@ +""" +pygluu.kubernetes.terminal.version +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for terminal gluu version prompts. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" +import click + +from pygluu.kubernetes.helpers import get_supported_versions + + +class PromptVersion: + + def __init__(self, settings, version=""): + self.settings = settings + if not self.settings.get("installer-settings.currentVersion"): + self.settings.set("installer-settings.currentVersion", version) + self.prompt_version() + + def prompt_version(self): + """Prompts for Gluu versions + """ + versions, version_number = get_supported_versions() + + if self.settings.get("installer-settings.currentVersion") in (None, ''): + self.settings.set("installer-settings.currentVersion", click.prompt( + "Please enter the current version of Gluu or the version to be installed", + default=version_number, + )) + + image_names_and_tags = versions.get(self.settings.get("installer-settings.currentVersion"), {}) + # override non-empty image name and tag + for k, v in image_names_and_tags.items(): + if self.settings.get(k) in (None, ''): + self.settings.set(k, v) diff --git a/helm/pygluu/kubernetes/terminal/volumes.py b/helm/pygluu/kubernetes/terminal/volumes.py new file mode 100644 index 00000000000..a20f70aa863 --- /dev/null +++ b/helm/pygluu/kubernetes/terminal/volumes.py @@ -0,0 +1,118 @@ +""" +pygluu.kubernetes.terminal.volumes +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This module contains helpers to interact with user's inputs for volume terminal prompts. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" + +import click + +from pygluu.kubernetes.helpers import get_logger + +logger = get_logger("gluu-prompt-volumes") + + +class PromptVolumes: + """Prompt is used for prompting users for input used in deploying Gluu. + """ + + def __init__(self, settings): + self.settings = settings + + def prompt_app_volume_type(self): + """Prompts for volume type + """ + gluu_volume_map = { + 1: "microk8sDynamic", + 2: "minikubeDynamic", + 6: "awsOpenEbsHostPathDynamic", + 7: "awsEbsDynamic", + 11: "gkeOpenEbsHostPathDynamic", + 12: "gkePdDynamic", + 16: "aksOpenEbsHostPathDynamic", + 17: "aksPdDynamic", + 21: "doksOpenEbsHostPathDynamic", + 22: "doksPdDynamic", + 26: "localOpenEbsHostPathDynamic" + } + vol_choice = 0 + if self.settings.get("global.storageClass.provisioner") == "kubernetes.io/aws-ebs": + print("|------------------------------------------------------------------|") + print("|Amazon Web Services - Elastic Kubernetes Service (Amazon EKS) |") + print("| MultiAZ - Supported |") + print("|------------------------------------------------------------------|") + print("| [6] OpenEBS Local PV Hostpath (OpenEBS must be installed) |") + print("| [7] EBS volumes dynamically provisioned [default] |") + vol_choice = click.prompt("What type of volume path", default=7) + elif self.settings.get("global.storageClass.provisioner") == "kubernetes.io/gce-pd": + print("|------------------------------------------------------------------|") + print("|Google Cloud Engine - Google Kubernetes Engine |") + print("|------------------------------------------------------------------|") + print("| [11] OpenEBS Local PV Hostpath (OpenEBS must be installed) |") + print("| [12] Persistent Disk dynamically provisioned [default] |") + vol_choice = click.prompt("What type of volume path", default=12) + elif self.settings.get("global.storageClass.provisioner") == "kubernetes.io/azure-disk": + print("|------------------------------------------------------------------|") + print("|Microsoft Azure |") + print("|------------------------------------------------------------------|") + print("| [16] OpenEBS Local PV Hostpath (OpenEBS must be installed) |") + print("| [17] Persistent Disk dynamically provisioned |") + vol_choice = click.prompt("What type of volume path", default=17) + elif self.settings.get("global.storageClass.provisioner") == "dobs.csi.digitalocean.com": + print("|------------------------------------------------------------------|") + print("|Digital Ocean |") + print("|------------------------------------------------------------------|") + print("| [21] OpenEBS Local PV Hostpath (OpenEBS must be installed) |") + print("| [22] Persistent Disk dynamically provisioned |") + vol_choice = click.prompt("What type of volume path", default=22) + elif self.settings.get("global.storageClass.provisioner") == "openebs.io/local": + print("|------------------------------------------------------------------|") + print("|Local Deployment |") + print("|------------------------------------------------------------------|") + print("| [26] OpenEBS Local PV Hostpath |") + print("|------------------------------------------------------------------|") + logger.info("OpenEBS must be installed before") + vol_choice = click.prompt("What type of volume path", default=26) + self.settings.set("installer-settings.volumeProvisionStrategy", gluu_volume_map.get(vol_choice)) + + def prompt_storage(self): + """Prompt for LDAP storage size + """ + if self.settings.get("global.cnPersistenceType") in ("hybrid", "ldap") and self.settings.get( + "opendj.persistence.size") in (None, ''): + self.settings.set("opendj.persistence.size", click.prompt("Size of ldap volume storage", default="4Gi")) + + def prompt_volumes(self): + """Prompts for all info needed for volume creation on cloud or onpremise + """ + + if self.settings.get("global.storageClass.provisioner") and \ + self.settings.get("installer-settings.volumeProvisionStrategy") in (None, ''): + self.prompt_app_volume_type() + + if self.settings.get("installer-settings.volumeProvisionStrategy") == "aksPdDynamic": + logger.info("Azure Options ('Standard_LRS', 'Premium_LRS', 'StandardSSD_LRS', 'UltraSSD_LRS')") + self.settings.set("global.azureStorageAccountType", + click.prompt("Please enter the volume type.", default="StandardSSD_LRS")) + + elif self.settings.get("global.storageClass.provisioner") == "microk8s.io/hostpath": + self.settings.set("installer-settings.volumeProvisionStrategy", "microk8sDynamic") + + elif self.settings.get("global.storageClass.provisioner") == "k8s.io/minikube-hostpath": + self.settings.set("installer-settings.volumeProvisionStrategy", "minikubeDynamic") + + elif self.settings.get("installer-settings.volumeProvisionStrategy") == "awsEbsDynamic": + logger.info("AWS EKS Options ('gp2', 'io1', `io2`, 'st1', 'sc1')") + self.settings.set("global.awsStorageType", + click.prompt("Please enter the volume type.", default="io1")) + + elif self.settings.get("installer-settings.volumeProvisionStrategy") == "gkePdDynamic": + logger.info("GCE GKE Options ('pd-standard', 'pd-ssd')") + self.settings.set("global.gcePdStorageType", + click.prompt("Please enter the volume type.", default="pd-ssd")) + + elif "OpenEbsHostPathDynamic" in self.settings.get("installer-settings.volumeProvisionStrategy"): + self.settings.set("global.storageClass.provisioner", "openebs.io/local") diff --git a/helm/pygluu/kubernetes/yamlparser.py b/helm/pygluu/kubernetes/yamlparser.py new file mode 100644 index 00000000000..a9781e09859 --- /dev/null +++ b/helm/pygluu/kubernetes/yamlparser.py @@ -0,0 +1,114 @@ +""" +pygluu.kubernetes.yamlparser +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +YAML parser. + +License terms and conditions for Gluu Cloud Native Edition: +https://www.apache.org/licenses/LICENSE-2.0 +""" + +from pathlib import Path +import contextlib +import os +from ruamel.yaml import YAML +from ruamel.yaml.comments import CommentedMap +from collections import OrderedDict, Mapping +from pygluu.kubernetes.helpers import get_logger + +logger = get_logger("gluu-yaml-parser ") + + +class Parser(dict): + def __init__(self, filename, check_value=None, check_value_name=None, check_key='kind'): + super().__init__() + self.filename = Path(filename) + self.yaml = YAML() + self.yaml.preserve_quotes = True + self.manifests_dict_list = [] + self.modify_dict = dict + self.tmp_yaml_file = Path("./tmp.yaml") + + if check_value: + if self.filename.exists(): + with open(filename) as file: + manifests_dicts = self.yaml.load_all(file) + for manifest in manifests_dicts: + try: + if manifest[check_key] == check_value: + if check_value_name: + if manifest['metadata']['name'] == check_value_name: + self.modify_dict = manifest + else: + self.manifests_dict_list.append(manifest) + else: + self.modify_dict = manifest + else: + self.manifests_dict_list.append(manifest) + except KeyError: + # Key kind is not found so its the values.yaml for helm which only has one dict item + self.modify_dict = manifest + with open(self.tmp_yaml_file, 'w') as file: + self.yaml.dump(self.modify_dict, file) + + with open(self.tmp_yaml_file) as f: + super(Parser, self).update(self.yaml.load(f) or {}) + + @property + def return_manifests_dict(self): + if self.filename.exists(): + with open(self.filename) as file: + manifests_dicts = self.yaml.load_all(file) + for manifest in manifests_dicts: + self.manifests_dict_list.append(manifest) + + return self.manifests_dict_list + + def __setitem__(self, key, value): + super(Parser, self).__setitem__(key, value) + + def dump_it(self, clean_data=False): + d = self.analyze_ordered_dict_object(self) + if clean_data: + d = self.clean_dict(d) + final_manifest_dict_list = self.manifests_dict_list + [d] + with open(self.filename, "w+") as f: + self.yaml.dump_all(final_manifest_dict_list, f) + with contextlib.suppress(FileNotFoundError): + os.remove(self.tmp_yaml_file) + + def analyze_ordered_dict_object(self, data): + if isinstance(data, OrderedDict) or isinstance(data, dict): + commented_map = CommentedMap() + for k, v in data.items(): + commented_map[k] = self.analyze_ordered_dict_object(v) + return commented_map + return data + + def __delitem__(self, key): + try: + super(Parser, self).__delitem__(key) + except KeyError as e: + logger.error(e) + + def clean_dict(self, data): + if isinstance(data, dict): + return { + k: v + for k, v in ((k, self.clean_dict(v)) for k, v in data.items()) + if v + } + + if isinstance(data, list): + return [v for v in map(self.clean_dict, data) if v] + + if data: + return data + + def update(self, other=None, **kwargs): + if other is not None: + for k, v in other.items() if isinstance(other, Mapping) else other: + self[k] = v + for k, v in kwargs.items(): + self[k] = v + super(Parser, self).update(self) diff --git a/helm/settings_schema.json b/helm/settings_schema.json new file mode 100644 index 00000000000..0473e64fd2c --- /dev/null +++ b/helm/settings_schema.json @@ -0,0 +1,1193 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "additionalProperties" : false, + "properties": { + "ACCEPT_CN_LICENSE": { "$ref": "#/definitions/yes-no-string" }, + "CN_VERSION": { "type": "string" }, + "TEST_ENVIRONMENT": { "$ref": "#/definitions/yes-no-string" }, + "CN_UPGRADE_TARGET_VERSION": { "type": "string" }, + "CN_HELM_RELEASE_NAME": { "type": "string" }, + "NGINX_INGRESS_RELEASE_NAME": { "type": "string" }, + "NGINX_INGRESS_NAMESPACE": { "type": "string" }, + "POSTGRES_NAMESPACE": { "type": "string" }, + "POSTGRES_REPLICAS": { "$ref": "#/definitions/emptiable-number" }, + "POSTGRES_URL": { "type": "string" }, + "USE_ISTIO": { "$ref": "#/definitions/yes-no-string" }, + "USE_ISTIO_INGRESS": { "$ref": "#/definitions/yes-no-string" }, + "ISTIO_SYSTEM_NAMESPACE": { "type": "string" }, + "NODES_IPS": { "type": "array" }, + "NODES_ZONES": { "type": "array" }, + "NODES_NAMES": { "type": "array" }, + "NODE_SSH_KEY": { "type": "string" }, + "HOST_EXT_IP": { "type": "string", "format": "ipv4" }, + "VERIFY_EXT_IP": { "$ref": "#/definitions/yes-no-string" }, + "AWS_LB_TYPE": { "type": "string", "enum": ["clb", "nlb", "alb", ""] }, + "USE_ARN": { "$ref": "#/definitions/yes-no-string"}, + "VPC_CIDR": { "type": "string" }, + "ARN_AWS_IAM": { "type": "string" }, + "LB_ADD": { "type": "string" }, + "REDIS_URL": { "type": "string" }, + "REDIS_TYPE": { "type": "string" }, + "REDIS_PW": { "type": "string" }, + "REDIS_USE_SSL": { "type": "string", "enum": ["true", "false"] }, + "REDIS_SSL_TRUSTSTORE": { "type": "string" }, + "REDIS_SENTINEL_GROUP": { "type": "string" }, + "REDIS_MASTER_NODES": { "$ref": "#/definitions/emptiable-number" }, + "REDIS_NODES_PER_MASTER": { "$ref": "#/definitions/emptiable-number" }, + "REDIS_NAMESPACE": { "type": "string" }, + "INSTALL_REDIS": { "$ref": "#/definitions/yes-no-string" }, + "INSTALL_JACKRABBIT": { "$ref": "#/definitions/yes-no-string" }, + "JACKRABBIT_STORAGE_SIZE": { "type": "string" }, + "JACKRABBIT_URL": { "type": "string" }, + "JACKRABBIT_ADMIN_ID": { "type": "string" }, + "JACKRABBIT_ADMIN_PASSWORD": { "$ref": "#/definitions/password" }, + "JACKRABBIT_CLUSTER": { "type": "string" }, + "JACKRABBIT_PG_USER": { "type": "string" }, + "JACKRABBIT_PG_PASSWORD": { "$ref": "#/definitions/password" }, + "JACKRABBIT_DATABASE": { "type": "string" }, + "DEPLOYMENT_ARCH": { "type": "string", "enum": ["microk8s", "minikube", "eks", "gke", "aks", "do", "local", ""] }, + "PERSISTENCE_BACKEND": { "type": "string", "enum": ["ldap", "couchbase", "hybrid", ""] }, + "INSTALL_COUCHBASE": { "$ref": "#/definitions/yes-no-string" }, + "COUCHBASE_NAMESPACE": { "type": "string" }, + "COUCHBASE_VOLUME_TYPE": { "type": "string" }, + "COUCHBASE_CLUSTER_NAME": { "type": "string" }, + "COUCHBASE_URL": { "type": "string" }, + "COUCHBASE_USER": { "type": "string" }, + "COUCHBASE_BUCKET_PREFIX": { "type": "string" }, + "COUCHBASE_SUPERUSER": { "type": "string" }, + "COUCHBASE_PASSWORD": { "type": "string" }, + "COUCHBASE_SUPERUSER_PASSWORD": { "type": "string" }, + "COUCHBASE_CRT": { "type": "string" }, + "COUCHBASE_CN": { "type": "string" }, + "COUCHBASE_INDEX_NUM_REPLICA": { "type": "string" }, + "COUCHBASE_SUBJECT_ALT_NAME": { "$ref": "#/definitions/emptiable-array" }, + "COUCHBASE_CLUSTER_FILE_OVERRIDE": { "$ref": "#/definitions/yes-no-string" }, + "COUCHBASE_USE_LOW_RESOURCES": { "$ref": "#/definitions/yes-no-string"}, + "COUCHBASE_DATA_NODES": { "type": "string" }, + "COUCHBASE_QUERY_NODES": { "type": "string" }, + "COUCHBASE_INDEX_NODES": { "type": "string" }, + "COUCHBASE_SEARCH_EVENTING_ANALYTICS_NODES": { "type": "string" }, + "COUCHBASE_GENERAL_STORAGE": { "type": "string" }, + "COUCHBASE_DATA_STORAGE": { "type": "string" }, + "COUCHBASE_INDEX_STORAGE": { "type": "string" }, + "COUCHBASE_QUERY_STORAGE": { "type": "string" }, + "COUCHBASE_ANALYTICS_STORAGE": { "type": "string" }, + "COUCHBASE_INCR_BACKUP_SCHEDULE": { "type": "string" }, + "COUCHBASE_FULL_BACKUP_SCHEDULE": { "type": "string" }, + "COUCHBASE_BACKUP_RETENTION_TIME": { "type": "string" }, + "COUCHBASE_BACKUP_STORAGE_SIZE": { "type": "string" }, + "LDAP_BACKUP_SCHEDULE": { "type": "string" }, + "NUMBER_OF_EXPECTED_USERS": { "$ref": "#/definitions/emptiable-number" }, + "EXPECTED_TRANSACTIONS_PER_SEC": { "type": "string" }, + "USING_CODE_FLOW": { "$ref": "#/definitions/yes-no-string" }, + "USING_SCIM_FLOW": { "$ref": "#/definitions/yes-no-string" }, + "USING_RESOURCE_OWNER_PASSWORD_CRED_GRANT_FLOW": { "$ref": "#/definitions/yes-no-string" }, + "DEPLOY_MULTI_CLUSTER": { "type": "string" }, + "HYBRID_LDAP_HELD_DATA": { "type": "string", "enum": ["", "default", "user", "site", "cache", "token"] }, + "LDAP_JACKRABBIT_VOLUME": { "type": "string" }, + "APP_VOLUME_TYPE": { "$ref": "#/definitions/emptiable-number" }, + "LDAP_STATIC_VOLUME_ID": { "type": "string" }, + "LDAP_STATIC_DISK_URI": { "type": "string" }, + "CN_CACHE_TYPE": { "type": "string", "enum": ["IN_MEMORY", "REDIS", "NATIVE_PERSISTENCE", ""]}, + "CN_NAMESPACE": { "type": "string" }, + "CN_FQDN": { "$ref": "#/definitions/fqdn-pattern" }, + "COUNTRY_CODE": { "type": "string" }, + "STATE": { "type": "string" }, + "EMAIL": { "$ref": "#/definitions/email-format" }, + "CITY": { "type": "string" }, + "ORG_NAME": { "type": "string" }, + "GMAIL_ACCOUNT": { "$ref": "#/definitions/email-format" }, + "GOOGLE_NODE_HOME_DIR": { "type": "string" }, + "IS_CN_FQDN_REGISTERED": { "$ref": "#/definitions/yes-no-string" }, + "LDAP_PW": { "$ref": "#/definitions/password" }, + "ADMIN_PW": { "$ref": "#/definitions/password" }, + "CLIENT_API_APPLICATION_KEYSTORE_CN": { "type": "string" }, + "CLIENT_API_ADMIN_KEYSTORE_CN": { "type": "string" }, + "LDAP_STORAGE_SIZE": { "type": "string" }, + "AUTH_SERVER_REPLICAS": { "$ref": "#/definitions/emptiable-number" }, + "OXTRUST_REPLICAS": { "$ref": "#/definitions/emptiable-number" }, + "LDAP_REPLICAS": { "$ref": "#/definitions/emptiable-number" }, + "OXSHIBBOLETH_REPLICAS": { "$ref": "#/definitions/emptiable-number" }, + "OXPASSPORT_REPLICAS": { "$ref": "#/definitions/emptiable-number" }, + "CLIENT_API_REPLICAS": { "$ref": "#/definitions/emptiable-number" }, + "CASA_REPLICAS": { "$ref": "#/definitions/emptiable-number" }, + "FIDO2_REPLICAS": { "$ref": "#/definitions/emptiable-number" }, + "SCIM_REPLICAS": { "$ref": "#/definitions/emptiable-number" }, + "ENABLE_CONFIG_API": { "$ref": "#/definitions/yes-no-string" }, + "ENABLE_OXTRUST_API": { "$ref": "#/definitions/yes-no-string" }, + "ENABLE_OXTRUST_TEST_MODE": { "$ref": "#/definitions/yes-no-string" }, + "ENABLE_CACHE_REFRESH": { "$ref": "#/definitions/yes-no-string" }, + "ENABLE_CLIENT_API": { "$ref": "#/definitions/yes-no-string" }, + "ENABLE_FIDO2": { "$ref": "#/definitions/yes-no-string" }, + "ENABLE_SCIM": { "$ref": "#/definitions/yes-no-string" }, + "ENABLE_OXPASSPORT": { "$ref": "#/definitions/yes-no-string" }, + "ENABLE_OXSHIBBOLETH": { "$ref": "#/definitions/yes-no-string" }, + "ENABLE_CASA": { "$ref": "#/definitions/yes-no-string" }, + "ENABLE_AUTH_SERVER_KEY_ROTATE": { "$ref": "#/definitions/yes-no-string" }, + "ENABLE_OXTRUST_API_BOOLEAN": { "$ref": "#/definitions/emptiable-boolean-string" }, + "ENABLE_OXTRUST_TEST_MODE_BOOLEAN": { "$ref": "#/definitions/emptiable-boolean-string" }, + "ENABLE_OXPASSPORT_BOOLEAN": { "$ref": "#/definitions/emptiable-boolean-string" }, + "ENABLE_CASA_BOOLEAN": { "$ref": "#/definitions/emptiable-boolean-string" }, + "ENABLE_SAML_BOOLEAN": { "$ref": "#/definitions/emptiable-boolean-string" }, + "ENABLED_SERVICES_LIST": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "config", + "auth-server", + "oxtrust", + "persistence", + "jackrabbit", + "cr-rotate", + "auth-server-key-rotation", + "oxpassport", + "oxshibboleth", + "casa", + "fido2", + "scim", + "client-api", + "ldap", + "update-lb-ip" + ] + }, + "uniqueItems": true }, + "AUTH_SERVER_KEYS_LIFE": { "$ref": "#/definitions/emptiable-number"}, + "EDIT_IMAGE_NAMES_TAGS": { "$ref": "#/definitions/yes-no-string" }, + "CASA_IMAGE_NAME": { "type": "string" }, + "CASA_IMAGE_TAG": { "type": "string" }, + "CONFIG_IMAGE_NAME": { "type": "string" }, + "CONFIG_IMAGE_TAG": { "type": "string" }, + "CACHE_REFRESH_ROTATE_IMAGE_NAME": { "type": "string" }, + "CACHE_REFRESH_ROTATE_IMAGE_TAG": { "type": "string" }, + "CERT_MANAGER_IMAGE_NAME": { "type": "string" }, + "CERT_MANAGER_IMAGE_TAG": { "type": "string" }, + "LDAP_IMAGE_NAME": { "type": "string" }, + "LDAP_IMAGE_TAG": { "type": "string" }, + "JACKRABBIT_IMAGE_NAME": { "type": "string" }, + "JACKRABBIT_IMAGE_TAG": { "type": "string" }, + "AUTH_SERVER_IMAGE_NAME": { "type": "string" }, + "AUTH_SERVER_IMAGE_TAG": { "type": "string" }, + "FIDO2_IMAGE_NAME": { "type": "string" }, + "FIDO2_IMAGE_TAG": { "type": "string" }, + "SCIM_IMAGE_NAME": { "type": "string" }, + "SCIM_IMAGE_TAG": { "type": "string" }, + "CLIENT_API_IMAGE_NAME": { "type": "string" }, + "CLIENT_API_IMAGE_TAG": { "type": "string" }, + "OXPASSPORT_IMAGE_NAME": { "type": "string" }, + "OXPASSPORT_IMAGE_TAG": { "type": "string" }, + "OXSHIBBOLETH_IMAGE_NAME": { "type": "string" }, + "OXSHIBBOLETH_IMAGE_TAG": { "type": "string" }, + "OXTRUST_IMAGE_NAME": { "type": "string" }, + "OXTRUST_IMAGE_TAG": { "type": "string" }, + "PERSISTENCE_IMAGE_NAME": { "type": "string" }, + "PERSISTENCE_IMAGE_TAG": { "type": "string" }, + "UPGRADE_IMAGE_NAME": { "type": "string" }, + "UPGRADE_IMAGE_TAG": { "type": "string" }, + "CONFIRM_PARAMS": { "$ref": "#/definitions/yes-no-string" } + }, + "allOf": [ + { "$ref": "#/definitions/cache-refresh-enabled"}, + { "$ref": "#/definitions/auth-server-key-rotate-enabled"}, + { "$ref": "#/definitions/oxpassport-enabled" }, + { "$ref": "#/definitions/oxshibboleth-enabled" }, + { "$ref": "#/definitions/casa-enabled" }, + { "$ref": "#/definitions/fido2-enabled" }, + { "$ref": "#/definitions/scim-enabled" }, + { "$ref": "#/definitions/client-api-enabled" }, + { "$ref": "#/definitions/oxtrust-api-enabled" }, + { "$ref": "#/definitions/oxtrust-test-mode-enabled"}, + { "$ref": "#/definitions/install-jackrabbit-yes" }, + { "$ref": "#/definitions/install-jackrabbit-no" }, + { "$ref": "#/definitions/jackrabbit-cluster-enable" }, + { "$ref": "#/definitions/istio-ingress-yes" }, + { "$ref": "#/definitions/istio-yes" }, + { "$ref": "#/definitions/test-environment" }, + { "$ref": "#/definitions/network-aws" }, + { "$ref": "#/definitions/use-arn-yes" }, + { "$ref": "#/definitions/deployment-arch-gke" }, + { "$ref": "#/definitions/persistence-backend-ldap" }, + { "$ref": "#/definitions/persistence-backend-hybrid"}, + { "$ref": "#/definitions/microk8s-architecture" }, + { "$ref": "#/definitions/minikube-architecture" }, + { "$ref": "#/definitions/eks-architecture" }, + { "$ref": "#/definitions/gke-architecture" }, + { "$ref": "#/definitions/aks-architecture" }, + { "$ref": "#/definitions/do-architecture" }, + { "$ref": "#/definitions/local-architecture" }, + { "$ref": "#/definitions/ldap-volume-identifier" }, + { "$ref": "#/definitions/ldap-disk-uris" }, + { "$ref": "#/definitions/ldap-jackrabbit-volume-on-aks" }, + { "$ref": "#/definitions/ldap-jackrabbit-volume-on-eks" }, + { "$ref": "#/definitions/ldap-jackrabbit-volume-on-gke" }, + { "$ref": "#/definitions/ldap-storage" }, + { "$ref": "#/definitions/couchbase-multi-cluster" }, + { "$ref": "#/definitions/couchbase-persistence-backend" }, + { "$ref": "#/definitions/install-couchbase-yes" }, + { "$ref": "#/definitions/install-couchbase-no" }, + { "$ref": "#/definitions/couchbase-not-use-low-resource" }, + { "$ref": "#/definitions/cache-type-redis" }, + { "$ref": "#/definitions/install-redis-yes" }, + { "$ref": "#/definitions/install-redis-no" }, + { "$ref": "#/definitions/backup-hybrid-couchbase" }, + { "$ref": "#/definitions/backup-ldap" } + ], + "definitions": { + "yes-no-string": { + "anyOf": [ + { + "type": "string", + "enum": ["Y", "N"] + }, + { + "type": "string", + "maxLength": 0 + } + ] + }, + "emptiable-number": { + "anyOf": [ + { + "type": "number", + "minimum": 1 + }, + { + "type": "string", + "maxLength": 0 + } + ] + }, + "emptiable-array": { + "anyOf": [ + { + "type": "array" + }, + { + "type": "string", + "maxLength": 0 + } + ] + }, + "emptiable-boolean-string": { + "anyOf": [ + { + "type": "string", + "enum": ["true", "false", ""] + }, + { + "type": "string", + "maxLength": 0 + } + ] + }, + "string-cannot-empty": { + "type": "string", + "minLength": 1, + "errors": { + "minLength": "Field cannot be empty" + } + }, + "password": { + "anyOf": [ + { + "type": "string", + "pattern": "^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*\\W)[a-zA-Z0-9\\S]{6,}$", + "minLength": 6, + "errors": { + "minLength": "Password minimum 6 character", + "pattern": "Password does not meet requirements. The password must contain one digit, one uppercase letter, one lower case letter and one symbol" + } + }, + { + "type": "string", + "maxLength": 0 + } + ] + }, + "password-pattern": { + "type": "string", + "pattern": "^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*\\W)[a-zA-Z0-9\\S]{6,}$", + "minLength": 6, + "errors": { + "minLength": "Password minimum 6 character", + "pattern": "Password does not meet requirements. The password must contain one digit, one uppercase letter, one lower case letter and one symbol" + } + }, + "email-format": { + "type": "string", + "format": "email" + }, + "fqdn-pattern": { + "anyOf": [ + { + "type": "string", + "pattern": "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.){2,}([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9]){2,}$", + "errors": { + "pattern": "Setting not FQDN structured. Please enter a FQDN with the format demoexample.gluu.org" + } + }, + { + "type": "string", + "maxLength": 0 + } + ] + }, + "cache-refresh-enabled": { + "if": { + "properties": { + "ENABLE_CACHE_REFRESH": { "const": "Y" } + } + }, + "then": { + "properties": { + "ENABLED_SERVICES_LIST": { + "contains": { "enum" : ["cr-rotate"] }, + "errors": { + "contains": "cr-rotate key not found" + } + } + }, + "required": ["ENABLED_SERVICES_LIST"] + } + }, + "auth-server-key-rotate-enabled": { + "if": { + "properties": { + "ENABLE_AUTH_SERVER_KEY_ROTATE": { "const": "Y" } + } + }, + "then": { + "properties": { + "AUTH_SERVER_KEYS_LIFE": { "type": "number", "minimum": 48 }, + "ENABLED_SERVICES_LIST": { + "contains": { "enum" : ["auth-server-key-rotation"] }, + "errors": { + "contains": "auth-server-key-rotation key not found" + } + } + }, + "required": ["ENABLED_SERVICES_LIST", "AUTH_SERVER_KEYS_LIFE"] + } + }, + "oxpassport-enabled": { + "if": { + "properties": { + "ENABLE_OXPASSPORT": { "const": "Y" } + } + }, + "then": { + "properties": { + "ENABLE_OXPASSPORT_BOOLEAN": { "const": "true" }, + "ENABLED_SERVICES_LIST": { + "contains": { "enum" : ["oxpassport"] }, + "errors": { + "contains": "oxpassport key not found" + } + } + }, + "required": ["ENABLE_OXPASSPORT_BOOLEAN", "ENABLED_SERVICES_LIST"] + } + }, + "oxshibboleth-enabled": { + "if": { + "properties": { + "ENABLE_OXSHIBBOLETH": { "const": "Y" } + } + }, + "then": { + "properties": { + "ENABLE_SAML_BOOLEAN": { "const": "true" }, + "ENABLED_SERVICES_LIST": { + "contains": { "enum" : ["oxshibboleth"] }, + "errors": { + "contains": "oxshibboleth key not found" + } + } + }, + "required": ["ENABLE_SAML_BOOLEAN", "ENABLED_SERVICES_LIST"] + } + }, + "casa-enabled": { + "if": { + "properties": { + "ENABLE_CASA": { "const": "Y" } + } + }, + "then": { + "properties": { + "ENABLE_CASA_BOOLEAN": { "const": "true" }, + "ENABLED_SERVICES_LIST": { + "contains": { "enum" : ["casa"] }, + "errors": { + "contains": "casa key not found" + } + }, + "ENABLE_CLIENT_API": { "const": "Y" } + }, + "required": ["ENABLE_CASA_BOOLEAN", "ENABLE_CLIENT_API", "ENABLED_SERVICES_LIST"] + } + }, + "fido2-enabled": { + "if": { + "properties": { + "ENABLE_FIDO2": { "const": "Y" } + } + }, + "then": { + "properties": { + "ENABLED_SERVICES_LIST": { + "contains": { "enum" : ["fido2"] }, + "errors": { + "contains": "fido2 key not found" + } + } + }, + "required": ["ENABLED_SERVICES_LIST"] + } + }, + "scim-enabled": { + "if": { + "properties": { + "ENABLE_SCIM": { "const": "Y" } + } + }, + "then": { + "properties": { + "ENABLED_SERVICES_LIST": { + "contains": { "enum" : ["scim"] }, + "errors": { + "contains": "scim key not found" + } + } + }, + "required": ["ENABLED_SERVICES_LIST"] + } + }, + "client-api-enabled": { + "if": { + "properties": { + "ENABLE_CLIENT_API": { "const": "Y" } + } + }, + "then": { + "properties": { + "ENABLED_SERVICES_LIST": { + "contains": { "enum" : ["client-api"] }, + "errors": { + "contains": "client-api key not found" + } + }, + "CLIENT_API_APPLICATION_KEYSTORE_CN": { "type": "string", "minLength": 3 }, + "CLIENT_API_ADMIN_KEYSTORE_CN": { "type": "string", "minLength": 3 } + }, + "required": ["CLIENT_API_APPLICATION_KEYSTORE_CN", "CLIENT_API_ADMIN_KEYSTORE_CN", "ENABLED_SERVICES_LIST"] + } + }, + "oxtrust-api-enabled": { + "if": { + "properties": { + "ENABLE_OXTRUST_API": { "const": "Y" } + } + }, + "then": { + "properties": { + "ENABLE_OXTRUST_API_BOOLEAN": { "const": "true" }, + "ENABLE_OXTRUST_TEST_MODE": { "type": "string", "enum": ["Y", "N"] } + }, + "required": ["ENABLE_OXTRUST_API_BOOLEAN", "ENABLE_OXTRUST_TEST_MODE"] + } + }, + "oxtrust-test-mode-enabled": { + "if": { + "properties": { + "ENABLE_OXTRUST_TEST_MODE": { "const": "Y" } + } + }, + "then": { + "properties": { + "ENABLE_OXTRUST_TEST_MODE_BOOLEAN": { "const": "true" } + }, + "required": ["ENABLE_OXTRUST_TEST_MODE_BOOLEAN"] + } + }, + "install-jackrabbit-yes": { + "if": { + "properties": { + "INSTALL_JACKRABBIT": { "const": "Y"} + } + }, + "then": { + "properties": { + "JACKRABBIT_STORAGE_SIZE": { "type": "string", "minLength": 3, "maxLength": 3}, + "JACKRABBIT_URL": { "type": "string", "minLength": 3, "format": "uri" }, + "JACKRABBIT_ADMIN_ID": { "type": "string", "minLength": 3 }, + "JACKRABBIT_ADMIN_PASSWORD": { "$ref": "#/definitions/password-pattern" }, + "JACKRABBIT_CLUSTER": { "type": "string", "enum": ["Y", "N"] } + }, + "required": [ + "JACKRABBIT_STORAGE_SIZE", + "JACKRABBIT_URL", + "JACKRABBIT_ADMIN_ID", + "JACKRABBIT_ADMIN_PASSWORD", + "JACKRABBIT_CLUSTER" + ] + } + }, + "install-jackrabbit-no": { + "if": { + "properties": { + "INSTALL_JACKRABBIT": { "const": "N"} + } + }, + "then": { + "properties": { + "JACKRABBIT_URL": { "type": "string", "minLength": 3, "format": "uri" }, + "JACKRABBIT_ADMIN_ID": { "$ref": "#/definitions/string-cannot-empty" }, + "JACKRABBIT_ADMIN_PASSWORD": { "$ref": "#/definitions/password-pattern" }, + "JACKRABBIT_CLUSTER": { "type": "string", "enum": ["Y", "N"] } + }, + "required": [ + "JACKRABBIT_URL", + "JACKRABBIT_ADMIN_ID", + "JACKRABBIT_ADMIN_PASSWORD", + "JACKRABBIT_CLUSTER" + ] + } + }, + "jackrabbit-cluster-enable": { + "if": { + "properties": { + "JACKRABBIT_CLUSTER": { "const": "Y"} + } + }, + "then": { + "properties": { + "POSTGRES_NAMESPACE": { "$ref": "#/definitions/string-cannot-empty" }, + "POSTGRES_REPLICAS": { "type":"number", "minimum": 1 }, + "POSTGRES_URL": { "$ref": "#/definitions/string-cannot-empty" }, + "JACKRABBIT_PG_USER": { "$ref": "#/definitions/string-cannot-empty" }, + "JACKRABBIT_PG_PASSWORD": { "$ref": "#/definitions/password-pattern" }, + "JACKRABBIT_DATABASE": { "$ref": "#/definitions/string-cannot-empty" } + }, + "required": [ + "POSTGRES_NAMESPACE", + "POSTGRES_REPLICAS", + "POSTGRES_URL", + "JACKRABBIT_PG_USER", + "JACKRABBIT_PG_PASSWORD", + "JACKRABBIT_DATABASE" + ] + + } + }, + "istio-ingress-yes": { + "if": { + "properties": { + "USE_ISTIO_INGRESS": { "const": "Y"} + } + }, + "then": { + "properties": { + "USE_ISTIO": { "const": "Y"}, + "LB_ADD": { "$ref": "#/definitions/string-cannot-empty" } + }, + "required": ["USE_ISTIO", "LB_ADD"] + } + }, + "istio-yes": { + "if": { + "properties": { + "USE_ISTIO": { "const": "Y" } + } + }, + "then": { + "properties": { + "ISTIO_SYSTEM_NAMESPACE": { "$ref": "#/definitions/string-cannot-empty" } + }, + "required": ["ISTIO_SYSTEM_NAMESPACE"] + } + }, + "test-environment": { + "if": { + "properties": { + "DEPLOYMENT_ARCH": { "enum": ["aks", "eks", "gke", "do", "local"] } + } + }, + "then": { + "properties": { + "TEST_ENVIRONMENT": { "type": "string", "enum": ["Y", "N"] }, + "NODE_SSH_KEY": { "$ref": "#/definitions/string-cannot-empty" } + }, + "required": ["TEST_ENVIRONMENT", "NODE_SSH_KEY"] + } + }, + "network-aws": { + "if": { + "properties": { + "DEPLOYMENT_ARCH": { "const": "eks" }, + "USE_ISTIO_INGRESS": { "const": "N" } + } + }, + "then": { + "properties": { + "AWS_LB_TYPE": { "type": "string", "enum": ["clb", "nlb", "alb"] }, + "USE_ARN": { "type": "string", "enum": ["Y", "N"] } + }, + "required": ["AWS_LB_TYPE", "USE_ARN"] + } + }, + "use-arn-yes": { + "if": { + "properties": { + "USE_ARN": { "const": "Y" } + } + }, + "then": { + "properties": { + "AWS_VPC_CIDR": { "$ref": "#/definitions/string-cannot-empty" }, + "ARN_AWS_IAM": { "$ref": "#/definitions/string-cannot-empty" } + }, + "required": ["AWS_VPC_CIDR", "ARN_AWS_IAM"] + } + }, + "deployment-arch-gke": { + "if": { + "properties": { + "DEPLOYMENT_ARCH": { "const": "gke" } + } + }, + "then": { + "properties": { + "GMAIL_ACCOUNT": { "type": "string", "format": "email", "minLength": 3 } + }, + "required": ["GOOGLE_NODE_HOME_DIR"] + } + }, + "persistence-backend-ldap": { + "if": { + "properties": { + "PERSISTENCE_BACKEND": { "const": "ldap"} + } + }, + "then": { + "properties": { + "ENABLED_SERVICES_LIST": { + "contains": { "enum" : ["ldap"] }, + "errors": { + "contains": "ldap key not found" + } + } + } + } + }, + "persistence-backend-hybrid": { + "if": { + "properties": { + "PERSISTENCE_BACKEND": { "const": "hybrid"} + } + }, + "then": { + "properties": { + "HYBRID_LDAP_HELD_DATA": { + "type": "string", + "enum" : ["default", "user", "site", "cache", "token", "session"] + } + } + } + }, + "microk8s-architecture": { + "if": { + "oneOf": [ + { + "properties": { + "DEPLOYMENT_ARCH": { "const": "microk8s" }, + "PERSISTENCE_BACKEND": { "enum": ["hybrid", "ldap"] }, + "APP_VOLUME_TYPE": { "not" : {"const": "" } } + } + }, + { + "properties": { + "DEPLOYMENT_ARCH": { "const": "microk8s" }, + "INSTALL_JACKRABBIT": { "const": "Y" }, + "APP_VOLUME_TYPE": { "not" : {"const": "" } } + } + } + ] + }, + "then": { + "properties": { + "APP_VOLUME_TYPE": { "const": 1 } + } + } + }, + "minikube-architecture": { + "if": { + "oneOf": [ + { + "properties": { + "DEPLOYMENT_ARCH": { "const": "minikube" }, + "PERSISTENCE_BACKEND": { "enum": ["hybrid", "ldap"] }, + "APP_VOLUME_TYPE": { "not" : {"const": "" } } + } + }, + { + "properties": { + "DEPLOYMENT_ARCH": { "const": "minikube" }, + "INSTALL_JACKRABBIT": { "const": "Y" }, + "APP_VOLUME_TYPE": { "not" : {"const": "" } } + } + } + ] + }, + "then": { + "properties": { + "APP_VOLUME_TYPE": { "const": 2 } + } + } + }, + "eks-architecture": { + "if": { + "oneOf": [ + { + "properties": { + "DEPLOYMENT_ARCH": { "const": "eks" }, + "PERSISTENCE_BACKEND": { "enum": ["hybrid", "ldap"] }, + "APP_VOLUME_TYPE": { "not" : {"const": "" } } + } + }, + { + "properties": { + "DEPLOYMENT_ARCH": { "const": "eks" }, + "INSTALL_JACKRABBIT": { "const": "Y" }, + "APP_VOLUME_TYPE": { "not" : {"const": "" } } + } + } + ] + }, + "then": { + "properties": { + "APP_VOLUME_TYPE": { "type": "number", "enum": [6, 7, 8] } + } + } + }, + "gke-architecture": { + "if": { + "oneOf": [ + { + "properties": { + "DEPLOYMENT_ARCH": { "const": "gke" }, + "PERSISTENCE_BACKEND": { "enum": ["hybrid", "ldap"] }, + "APP_VOLUME_TYPE": { "not" : {"const": "" } } + } + }, + { + "properties": { + "DEPLOYMENT_ARCH": { "const": "gke" }, + "INSTALL_JACKRABBIT": { "const": "Y" }, + "APP_VOLUME_TYPE": { "not" : {"const": "" } } + } + } + ] + }, + "then": { + "properties": { + "APP_VOLUME_TYPE": { "type": "number", "enum": [11, 12, 13] } + } + } + }, + "aks-architecture": { + "if": { + "oneOf": [ + { + "properties": { + "DEPLOYMENT_ARCH": { "const": "aks" }, + "PERSISTENCE_BACKEND": { "enum": ["hybrid", "ldap"] }, + "APP_VOLUME_TYPE": { "not" : {"const": "" } } + } + }, + { + "properties": { + "DEPLOYMENT_ARCH": { "const": "aks" }, + "INSTALL_JACKRABBIT": { "const": "Y" }, + "APP_VOLUME_TYPE": { "not" : {"const": "" } } + } + } + ] + }, + "then": { + "properties": { + "APP_VOLUME_TYPE": { "type": "number", "enum": [16, 17, 18] } + } + } + }, + "do-architecture": { + "if": { + "oneOf": [ + { + "properties": { + "DEPLOYMENT_ARCH": { "const": "do" }, + "PERSISTENCE_BACKEND": { "enum": ["hybrid", "ldap"] }, + "APP_VOLUME_TYPE": { "not" : {"const": "" } } + } + }, + { + "properties": { + "DEPLOYMENT_ARCH": { "const": "do" }, + "INSTALL_JACKRABBIT": { "const": "Y" }, + "APP_VOLUME_TYPE": { "not" : {"const": "" } } + } + } + ] + }, + "then": { + "properties": { + "APP_VOLUME_TYPE": { "type": "number", "enum": [21, 22, 23] } + } + } + }, + "local-architecture": { + "if": { + "oneOf": [ + { + "properties": { + "DEPLOYMENT_ARCH": { "const": "local" }, + "PERSISTENCE_BACKEND": { "enum": ["hybrid", "ldap"] }, + "APP_VOLUME_TYPE": { "not" : {"const": "" } } + } + }, + { + "properties": { + "DEPLOYMENT_ARCH": { "const": "local" }, + "INSTALL_JACKRABBIT": { "const": "Y" }, + "APP_VOLUME_TYPE": { "not" : {"const": "" } } + } + } + ] + }, + "then": { + "properties": { + "APP_VOLUME_TYPE": { "type": "number", "enum": [26] } + } + } + }, + "ldap-volume-identifier": { + "if": { + "properties": { + "APP_VOLUME_TYPE": { "type": "number", "enum": [8, 13] }, + "PERSISTENCE_BACKEND": { "type": "string", "enum": ["hybrid", "ldap"]}, + "INSTALL_JACKRABBIT": { "const": "Y" } + } + }, + "then": { + "properties": { + "LDAP_STATIC_VOLUME_ID": { "type": "string", "minLength": 1 } + }, + "required": ["LDAP_STATIC_VOLUME_ID"] + } + }, + "ldap-disk-uris": { + "if": { + "properties": { + "APP_VOLUME_TYPE": { "const": 18 }, + "PERSISTENCE_BACKEND": { "type": "string", "enum": ["hybrid", "ldap"]}, + "INSTALL_JACKRABBIT": { "const": "Y" } + } + }, + "then": { + "properties": { + "LDAP_STATIC_DISK_URI": { "type": "string", "minLength": 1 } + }, + "required": ["LDAP_STATIC_DISK_URI"] + } + }, + "ldap-jackrabbit-volume-on-aks": { + "if": { + "properties": { + "DEPLOYMENT_ARCH": { "const": "aks" }, + "PERSISTENCE_BACKEND": { "enum": ["hybrid", "ldap"]}, + "INSTALL_JACKRABBIT": { "const": "Y" } + } + }, + "then": { + "properties": { + "LDAP_JACKRABBIT_VOLUME": { + "type": "string", + "enum": ["Standard_LRS", "Premium_LRS", "StandardSSD_LRS", "UltraSSD_LRS"] } + }, + "required": ["LDAP_JACKRABBIT_VOLUME"] + } + }, + "ldap-jackrabbit-volume-on-eks": { + "if": { + "properties": { + "DEPLOYMENT_ARCH": { "const": "eks" }, + "PERSISTENCE_BACKEND": { "enum": ["hybrid", "ldap"]}, + "INSTALL_JACKRABBIT": { "const": "Y" } + } + }, + "then": { + "properties": { + "LDAP_JACKRABBIT_VOLUME": { + "type": "string", + "enum": ["gp2", "io1", "st1", "sc1"] } + }, + "required": ["LDAP_JACKRABBIT_VOLUME"] + } + }, + "ldap-jackrabbit-volume-on-gke": { + "if": { + "properties": { + "DEPLOYMENT_ARCH": { "const": "gke" }, + "PERSISTENCE_BACKEND": { "enum": ["hybrid", "ldap"]}, + "INSTALL_JACKRABBIT": { "const": "Y" } + } + }, + "then": { + "properties": { + "LDAP_JACKRABBIT_VOLUME": { + "type": "string", + "enum": ["pd-standard", "pd-ssd"] } + }, + "required": ["LDAP_JACKRABBIT_VOLUME"] + } + }, + "ldap-storage": { + "if": { + "properties": { + "PERSISTENCE_BACKEND": { "enum": ["hybrid", "ldap"]} + } + }, + "then": { + "properties": { + "LDAP_STORAGE_SIZE": { "$ref": "#/definitions/string-cannot-empty" } + }, + "required": ["LDAP_STORAGE_SIZE"] + } + }, + "couchbase-multi-cluster": { + "if": { + "properties": { + "PERSISTENCE_BACKEND": { "enum": ["hybrid", "couchbase"]}, + "DEPLOYMENT_ARCH": { "enum": ["aks", "eks", "gke", "do", "local"]} + } + }, + "then": { + "properties": { + "DEPLOY_MULTI_CLUSTER": { + "type": "string", + "enum": ["Y", "N"] + } + }, + "required": ["DEPLOY_MULTI_CLUSTER"] + } + }, + "couchbase-persistence-backend": { + "if": { + "properties": { + "PERSISTENCE_BACKEND": { "enum": ["hybrid", "couchbase"]} + } + }, + "then": { + "properties": { + "DEPLOYMENT_ARCH": { + "type": "string", + "enum": ["microk8s", "minikube", "aks", "eks", "gke", "do", "local"] + }, + "CN_NAMESPACE": { "$ref": "#/definitions/string-cannot-empty" }, + "HOST_EXT_IP": { "type": "string", "format": "ipv4", "minLength": 7 }, + "INSTALL_COUCHBASE": { "type": "string", "enum": ["Y", "N"] } + }, + "required": ["INSTALL_COUCHBASE"] + } + }, + "install-couchbase": { + "properties": { + "COUCHBASE_CLUSTER_FILE_OVERRIDE": {"type": "string", "enum": ["Y", "N"] }, + "COUCHBASE_USE_LOW_RESOURCES": {"type": "string", "enum": ["Y", "N"] }, + "COUCHBASE_NAMESPACE": { "$ref": "#/definitions/string-cannot-empty" }, + "COUCHBASE_CLUSTER_NAME": { "$ref": "#/definitions/string-cannot-empty" }, + "COUCHBASE_URL": { "$ref": "#/definitions/string-cannot-empty" }, + "COUCHBASE_INDEX_NUM_REPLICA": { "$ref": "#/definitions/string-cannot-empty" }, + "COUCHBASE_SUPERUSER": { "$ref": "#/definitions/string-cannot-empty" }, + "COUCHBASE_SUPERUSER_PASSWORD": { "$ref": "#/definitions/password-pattern" }, + "COUCHBASE_USER": { "$ref": "#/definitions/string-cannot-empty" }, + "COUCHBASE_BUCKET_PREFIX": { "$ref": "#/definitions/string-cannot-empty" }, + "COUCHBASE_PASSWORD": { "$ref": "#/definitions/password-pattern" } + }, + "required": [ + "COUCHBASE_CLUSTER_FILE_OVERRIDE", + "COUCHBASE_USE_LOW_RESOURCES", + "COUCHBASE_NAMESPACE", + "COUCHBASE_CLUSTER_NAME", + "COUCHBASE_URL", + "COUCHBASE_INDEX_NUM_REPLICA", + "COUCHBASE_SUPERUSER", + "COUCHBASE_SUPERUSER_PASSWORD", + "COUCHBASE_USER", + "COUCHBASE_BUCKET_PREFIX", + "COUCHBASE_PASSWORD" + ] + }, + "install-couchbase-yes": { + "if": { + "properties": { + "INSTALL_COUCHBASE": { "const": "Y" } + } + }, + "then": { + "$ref": "#/definitions/install-couchbase" + } + }, + "install-couchbase-no": { + "if": { + "properties": { + "INSTALL_COUCHBASE": { "const": "N" } + } + }, + "then": { + "properties": { + "COUCHBASE_CRT": { "$ref": "#/definitions/string-cannot-empty" } + }, + "$ref": "#/definitions/install-couchbase", + "required": ["COUCHBASE_CRT"] + } + }, + "couchbase-not-use-low-resource": { + "if": { + "properties": { + "COUCHBASE_USE_LOW_RESOURCES": { "const": "N" }, + "COUCHBASE_CLUSTER_FILE_OVERRIDE": { "const": "N" }, + "INSTALL_COUCHBASE": { "const": "Y" } + } + }, + "then": { + "properties": { + "NUMBER_OF_EXPECTED_USERS": { "type": "number", "minimum": 1 }, + "USING_RESOURCE_OWNER_PASSWORD_CRED_GRANT_FLOW": { "type": "string", "enum": ["Y", "N"] }, + "USING_CODE_FLOW": { "type": "string", "enum": ["Y", "N"] }, + "USING_SCIM_FLOW": { "type": "string", "enum": ["Y", "N"] }, + "COUCHBASE_DATA_NODES": { "$ref": "#/definitions/emptiable-number" }, + "COUCHBASE_INDEX_NODES": { "$ref": "#/definitions/emptiable-number" }, + "COUCHBASE_QUERY_NODES": { "$ref": "#/definitions/emptiable-number" }, + "COUCHBASE_SEARCH_EVENTING_ANALYTICS_NODES": { "$ref": "#/definitions/emptiable-number" }, + "COUCHBASE_GENERAL_STORAGE": { "$ref": "#/definitions/emptiable-number" }, + "COUCHBASE_INDEX_STORAGE": { "$ref": "#/definitions/emptiable-number" }, + "COUCHBASE_QUERY_STORAGE": { "$ref": "#/definitions/emptiable-number" }, + "COUCHBASE_ANALYTICS_STORAGE": { "$ref": "#/definitions/emptiable-number" }, + "COUCHBASE_VOLUME_TYPE": { + "type": "string", + "enum": [ + "pd-standard", + "pd-ssd", + "gp2", + "io1", + "st1", + "sc1", + "Standard_LRS", + "Premium_LRS", + "StandardSSD_LRS", + "UltraSSD_LRS" + ] + } + }, + "required": [ + "NUMBER_OF_EXPECTED_USERS", + "USING_RESOURCE_OWNER_PASSWORD_CRED_GRANT_FLOW", + "USING_CODE_FLOW", + "USING_SCIM_FLOW", + "COUCHBASE_DATA_NODES", + "COUCHBASE_INDEX_NODES", + "COUCHBASE_QUERY_NODES", + "COUCHBASE_SEARCH_EVENTING_ANALYTICS_NODES", + "COUCHBASE_GENERAL_STORAGE", + "COUCHBASE_INDEX_STORAGE", + "COUCHBASE_QUERY_STORAGE", + "COUCHBASE_ANALYTICS_STORAGE", + "COUCHBASE_VOLUME_TYPE" + ] + } + }, + "cache-type-redis": { + "if": { + "properties": { + "CN_CACHE_TYPE": { "const": "REDIS" } + } + }, + "then": { + "properties": { + "REDIS_TYPE": { "type": "string", "enum": ["STANDALONE", "CLUSTER"] }, + "INSTALL_REDIS": { "type": "string", "enum": ["Y", "N"] }, + "REDIS_URL": { "$ref": "#/definitions/string-cannot-empty" } + } + }, + "required": ["REDIS_TYPE", "INSTALL_REDIS", "REDIS_URL"] + }, + "install-redis-yes": { + "if": { + "properties": { + "INSTALL_REDIS": { "const": "Y" } + } + }, + "then": { + "properties": { + "REDIS_MASTER_NODES": { "type": "number", "minimum": 3 }, + "REDIS_NODES_PER_MASTER": { "type": "number", "minimum": 1 }, + "REDIS_NAMESPACE": { "type": "string", "minimum": 1 } + } + }, + "required": ["REDIS_MASTER_NODES", "REDIS_NODES_PER_MASTER", "REDIS_NAMESPACE"] + }, + "install-redis-no": { + "if": { + "properties": { + "INSTALL_REDIS": { "const": "N" } + } + }, + "then": { + "properties": { + "REDIS_PW": { "type": "string", "minLength": 6 } + } + }, + "required": ["REDIS_PW"] + }, + "backup-hybrid-couchbase": { + "if": { + "properties": { + "DEPLOYMENT_ARCH": { "enum": ["aks", "eks", "gke", "do", "local"] }, + "PERSISTENCE_BACKEND": { "enum": ["hybrid", "couchbase"] } + } + }, + "then": { + "properties": { + "COUCHBASE_INCR_BACKUP_SCHEDULE": { "$ref": "#/definitions/string-cannot-empty" }, + "COUCHBASE_FULL_BACKUP_SCHEDULE": { "$ref": "#/definitions/string-cannot-empty" }, + "COUCHBASE_BACKUP_RETENTION_TIME": { "$ref": "#/definitions/string-cannot-empty" }, + "COUCHBASE_BACKUP_STORAGE_SIZE": { "$ref": "#/definitions/string-cannot-empty" } + } + }, + "required": [ + "COUCHBASE_INCR_BACKUP_SCHEDULE", + "COUCHBASE_FULL_BACKUP_SCHEDULE", + "COUCHBASE_BACKUP_RETENTION_TIME", + "COUCHBASE_BACKUP_STORAGE_SIZE" + ] + }, + "backup-ldap": { + "if": { + "properties": { + "DEPLOYMENT_ARCH": { "enum": ["aks", "eks", "gke", "do", "local"] }, + "PERSISTENCE_BACKEND": { "const": "ldap" } + } + }, + "then": { + "properties": { + "LDAP_BACKUP_SCHEDULE": { "$ref": "#/definitions/string-cannot-empty" } + } + }, + "required": [ + "LDAP_BACKUP_SCHEDULE" + ] + } + } +} \ No newline at end of file diff --git a/helm/setup.py b/helm/setup.py new file mode 100755 index 00000000000..988d8b05259 --- /dev/null +++ b/helm/setup.py @@ -0,0 +1,66 @@ +""" + License terms and conditions for Gluu Cloud Native Edition: + https://www.apache.org/licenses/LICENSE-2.0 +""" + +import codecs +import os +import re +from setuptools import setup +from setuptools import find_packages + + +def find_version(*file_paths): + here = os.path.abspath(os.path.dirname(__file__)) + with codecs.open(os.path.join(here, *file_paths), 'r') as f: + version_file = f.read() + version_match = re.search(r"^__version__ = ['\"]([^'\"]*)['\"]", + version_file, re.M) + if version_match: + return version_match.group(1) + raise RuntimeError("Unable to find version string.") + + +setup( + name="pygluu-kubernetes", + version=find_version("pygluu", "kubernetes", "__init__.py"), + url="https://gluu.org", + copyright="Copyright 2020, Gluu Cloud Native Edition", + license="Apache 2.0 ", + author="Gluu", + author_email="mo@gluu.org", + maintainer="Mohammad Abudayyeh", + status="Dev", + description="", + long_description=__doc__, + packages=find_packages(), + zip_safe=False, + install_requires=[ + "ruamel.yaml>=0.16.5", + "pyOpenSSL>=19.1.0", + "cryptography>=2.8", + "kubernetes==18.20.0", + "Click!=7.0,>=6.7", + "email_validator >= 1.1.0", + "Flask-SocketIO >= 4.3.1", + "Pygtail >= 0.11.1", + "gevent >= 20.9.0", + "jsonschema >= 3.2.0", + "dotty-dict >= 1.3.0", + "PyYAML >= 5.4.1" + ], + classifiers=[ + "Intended Audience :: Developers", + "License :: OSI Approved :: Apache 2.0 License", + "Topic :: Software Development :: Libraries :: Python Modules", + "Programming Language :: Python", + "Programming Language :: Python :: 3s", + "Programming Language :: Python :: 3.6", + ], + include_package_data=True, + entry_points={ + "console_scripts": [ + "pygluu-kubernetes=pygluu.kubernetes.create:main", + ], + }, +) diff --git a/helm/tests/conftest.py b/helm/tests/conftest.py new file mode 100644 index 00000000000..eb5a3b73c50 --- /dev/null +++ b/helm/tests/conftest.py @@ -0,0 +1,10 @@ +import pytest + + +@pytest.fixture() +def settings(): + from pygluu.kubernetes.settings import ValuesHandler, unlink_values_yaml + + handler = ValuesHandler() + yield handler + unlink_values_yaml() diff --git a/helm/tests/terminal/test_architecture.py b/helm/tests/terminal/test_architecture.py new file mode 100644 index 00000000000..b1005d45de5 --- /dev/null +++ b/helm/tests/terminal/test_architecture.py @@ -0,0 +1,22 @@ +import pytest + + +@pytest.mark.parametrize("given, expected", [ + (1, "microk8s.io/hostpath"), + (2, "k8s.io/minikube-hostpath"), + (3, "kubernetes.io/aws-ebs"), + (4, "kubernetes.io/gce-pd"), + (5, "kubernetes.io/azure-disk"), + (6, "dobs.csi.digitalocean.com"), + (7, "openebs.io/local"), + ("random", "microk8s.io/hostpath"), +]) +def test_arch(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.architecture import PromptArch + + monkeypatch.setattr("click.prompt", lambda x, default: given) + + settings.set("global.storageClass.provisioner", "") + prompt = PromptArch(settings) + prompt.prompt_arch() + assert settings.get("global.storageClass.provisioner") == expected diff --git a/helm/tests/terminal/test_aws.py b/helm/tests/terminal/test_aws.py new file mode 100644 index 00000000000..7fd2176d56a --- /dev/null +++ b/helm/tests/terminal/test_aws.py @@ -0,0 +1,28 @@ +import pytest + + +@pytest.mark.parametrize("given, expected", [ + ("", "clb"), # default + (1, "clb"), + (2, "nlb"), + (3, "alb"), +]) +def test_aws_loadbalancer(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.aws import PromptAws + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + + settings.set("installer-settings.aws.arn.enabled", False) + PromptAws(settings).prompt_aws_lb() + assert settings.get("installer-settings.aws.lbType") == expected + + +def test_aws_vpccidr(monkeypatch, settings): + from pygluu.kubernetes.terminal.aws import PromptAws + + monkeypatch.setattr("click.prompt", lambda x, default: "0.0.0.0/0") + + settings.set("installer-settings.aws.arn.enabled", True) + settings.set("installer-settings.aws.vpcCidr", "") + PromptAws(settings).prompt_aws_lb() + assert settings.get("installer-settings.aws.vpcCidr") == "0.0.0.0/0" diff --git a/helm/tests/terminal/test_backup.py b/helm/tests/terminal/test_backup.py new file mode 100644 index 00000000000..34953c120eb --- /dev/null +++ b/helm/tests/terminal/test_backup.py @@ -0,0 +1,115 @@ +import pytest + + +@pytest.mark.parametrize("given, expected", [ + ("", "*/30 * * * *"), # default + ("*/10 * * * *", "*/10 * * * *"), +]) +def test_backup_ldap(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.backup import PromptBackup + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + + settings.set("global.cnPersistenceType", "ldap") + settings.set("installer-settings.ldap.backup.fullSchedule", "") + + PromptBackup(settings).prompt_backup() + assert settings.get("installer-settings.ldap.backup.fullSchedule") == expected + + +@pytest.mark.parametrize("given, expected, type_", [ + ("", "*/30 * * * *", "couchbase"), # default + ("*/10 * * * *", "*/10 * * * *", "couchbase"), + ("", "*/30 * * * *", "hybrid"), # default + ("*/10 * * * *", "*/10 * * * *", "hybrid"), +]) +def test_backup_not_ldap_incr(monkeypatch, settings, given, expected, type_): + from pygluu.kubernetes.terminal.backup import PromptBackup + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + + settings.set("global.cnPersistenceType", type_) + settings.set("installer-settings.couchbase.backup.fullSchedule", "0 2 * * 6") + settings.set("installer-settings.couchbase.backup.retentionTime", "168h") + settings.set("installer-settings.couchbase.backup.storageSize", "20Gi") + settings.set("installer-settings.couchbase.backup.incrementalSchedule", "") + + PromptBackup(settings).prompt_backup() + assert settings.get("installer-settings.couchbase.backup.incrementalSchedule") == expected + + +@pytest.mark.parametrize("given, expected, type_", [ + ("", "0 2 * * 6", "couchbase"), # default + ("0 1 * * 6", "0 1 * * 6", "couchbase"), + ("", "0 2 * * 6", "hybrid"), # default + ("0 1 * * 6", "0 1 * * 6", "hybrid"), +]) +def test_backup_not_ldap_full(monkeypatch, settings, given, expected, type_): + from pygluu.kubernetes.terminal.backup import PromptBackup + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + + settings.set("global.cnPersistenceType", type_) + settings.set("installer-settings.couchbase.backup.incrementalSchedule", "*/30 * * * *") + settings.set("installer-settings.couchbase.backup.retentionTime", "168h") + settings.set("installer-settings.couchbase.backup.storageSize", "20Gi") + settings.set("installer-settings.couchbase.backup.incrementalSchedule", "") + + PromptBackup(settings).prompt_backup() + assert settings.get("installer-settings.couchbase.backup.incrementalSchedule") == expected + + +@pytest.mark.parametrize("given, expected, type_", [ + ("", "168h", "couchbase"), # default + ("160h", "160h", "couchbase"), + ("", "168h", "hybrid"), # default + ("160h", "160h", "hybrid"), +]) +def test_backup_not_ldap_retention(monkeypatch, settings, given, expected, type_): + from pygluu.kubernetes.terminal.backup import PromptBackup + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + + settings.set("global.cnPersistenceType", type_) + settings.set("installer-settings.couchbase.backup.incrementalSchedule", "*/30 * * * *") + settings.set("installer-settings.couchbase.backup.fullSchedule", "0 2 * * 6") + settings.set("installer-settings.couchbase.backup.storageSize", "20Gi") + settings.set("installer-settings.couchbase.backup.retentionTime", "") + + PromptBackup(settings).prompt_backup() + assert settings.get("installer-settings.couchbase.backup.retentionTime") == expected + + +@pytest.mark.parametrize("given, expected, type_", [ + ("", "20Gi", "couchbase"), # default + ("10Gi", "10Gi", "couchbase"), + ("", "20Gi", "hybrid"), # default + ("10Gi", "10Gi", "hybrid"), +]) +def test_backup_not_ldap_storage(monkeypatch, settings, given, expected, type_): + from pygluu.kubernetes.terminal.backup import PromptBackup + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + + settings.set("global.cnPersistenceType", type_) + settings.set("installer-settings.couchbase.backup.incrementalSchedule", "*/30 * * * *") + settings.set("installer-settings.couchbase.backup.fullSchedule", "0 2 * * 6") + settings.set("installer-settings.couchbase.backup.retentionTime", "168h") + settings.set("installer-settings.couchbase.backup.storageSize", "") + + PromptBackup(settings).prompt_backup() + assert settings.get("installer-settings.couchbase.backup.storageSize") == expected + + +def test_backup_fullschedule(monkeypatch, settings): + from pygluu.kubernetes.terminal.backup import PromptBackup + + + monkeypatch.setattr("click.prompt", lambda x, default: "0 2 * * 6") + + settings.set("global.cnPersistenceType", "couchbase") + settings.set("installer-settings.couchbase.backup.fullSchedule", "") + + PromptBackup(settings).prompt_backup() + + assert settings.get("installer-settings.couchbase.backup.fullSchedule") == "0 2 * * 6" \ No newline at end of file diff --git a/helm/tests/terminal/test_cache.py b/helm/tests/terminal/test_cache.py new file mode 100644 index 00000000000..8e21b0af904 --- /dev/null +++ b/helm/tests/terminal/test_cache.py @@ -0,0 +1,19 @@ +import pytest + + +@pytest.mark.parametrize("given, expected", [ + ("", "NATIVE_PERSISTENCE"), # default + (1, "NATIVE_PERSISTENCE"), + (2, "IN_MEMORY"), + (3, "REDIS"), +]) +def test_cache_type(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.cache import PromptCache + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + # mock PromptRedis as we will have separate testcases for it + monkeypatch.setattr("pygluu.kubernetes.terminal.redis.PromptRedis.prompt_redis", lambda x: None) + settings.set("config.configmap.cnCacheType", "") + + PromptCache(settings).prompt_cache_type() + assert settings.get("config.configmap.cnCacheType") == expected diff --git a/helm/tests/terminal/test_configuration.py b/helm/tests/terminal/test_configuration.py new file mode 100644 index 00000000000..49ac47ece4f --- /dev/null +++ b/helm/tests/terminal/test_configuration.py @@ -0,0 +1,223 @@ +import pytest + + +@pytest.mark.parametrize("given, expected", [ + ("", "US"), # default + ("random", "random"), +]) +def test_config_country(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.configuration import PromptConfiguration + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + + settings.set("config.countryCode", "") + settings.set("config.state", "TX") + settings.set("config.city", "Austin") + settings.set("config.email", "support@gluu.org") + settings.set("config.orgName", "Gluu") + settings.set("config.config.adminPassword", "Admin GUI") + settings.set("global.fqdn", "demoexample.gluu.org") + settings.set("config.migration.enabled", False) + + prompt = PromptConfiguration(settings) + prompt.prompt_config() + + assert settings.get("config.countryCode") == expected + + +@pytest.mark.parametrize("given, expected", [ + ("", "TX"), # default + ("random", "random"), +]) +def test_config_state(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.configuration import PromptConfiguration + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + + settings.set("config.countryCode", "US") + settings.set("config.state", "") + settings.set("config.city", "Austin") + settings.set("config.email", "support@gluu.org") + settings.set("config.orgName", "Gluu") + settings.set("config.config.adminPassword", "Admin GUI") + settings.set("global.fqdn", "demoexample.gluu.org") + settings.set("config.migration.enabled", False) + + prompt = PromptConfiguration(settings) + prompt.prompt_config() + + assert settings.get("config.state") == expected + + +@pytest.mark.parametrize("given, expected", [ + ("", "Austin"), # default + ("random", "random"), +]) +def test_config_city(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.configuration import PromptConfiguration + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + + settings.set("config.countryCode", "US") + settings.set("config.state", "TX") + settings.set("config.city", "") + settings.set("config.email", "support@gluu.org") + settings.set("config.orgName", "Gluu") + settings.set("config.config.adminPassword", "Admin GUI") + settings.set("global.fqdn", "demoexample.gluu.org") + settings.set("config.migration.enabled", False) + + prompt = PromptConfiguration(settings) + prompt.prompt_config() + + assert settings.get("config.city") == expected + + +@pytest.mark.parametrize("given, expected", [ + ("", "support@gluu.org"), # default + ("random", "random"), +]) +def test_config_email(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.configuration import PromptConfiguration + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + + settings.set("config.countryCode", "US") + settings.set("config.state", "TX") + settings.set("config.city", "Austin") + settings.set("config.email", "") + settings.set("config.orgName", "Gluu") + settings.set("config.config.adminPassword", "Admin GUI") + settings.set("global.fqdn", "demoexample.gluu.org") + settings.set("config.migration.enabled", False) + + prompt = PromptConfiguration(settings) + prompt.prompt_config() + + assert settings.get("config.email") == expected + + +@pytest.mark.parametrize("given, expected", [ + ("", "Gluu"), # default + ("random", "random"), +]) +def test_config_org(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.configuration import PromptConfiguration + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + + settings.set("config.countryCode", "US") + settings.set("config.state", "TX") + settings.set("config.city", "Austin") + settings.set("config.email", "support@gluu.org") + settings.set("config.orgName", "") + settings.set("config.config.adminPassword", "Admin GUI") + settings.set("global.fqdn", "demoexample.gluu.org") + settings.set("config.migration.enabled", False) + + prompt = PromptConfiguration(settings) + prompt.prompt_config() + + assert settings.get("config.orgName") == expected + + +@pytest.mark.parametrize("given, expected", [ + ("", "demoexample.gluu.org"), # default +]) +def test_config_hostname(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.configuration import PromptConfiguration + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + + settings.set("config.countryCode", "US") + settings.set("config.state", "TX") + settings.set("config.city", "Austin") + settings.set("config.email", "support@gluu.org") + settings.set("config.orgName", "Gluu") + settings.set("config.adminPassword", "Admin GUI") + settings.set("global.fqdn", "") + settings.set("config.migration.enabled", False) + + prompt = PromptConfiguration(settings) + prompt.prompt_config() + + assert settings.get("global.fqdn") == expected + + +@pytest.mark.parametrize("given, expected", [ + ("", "demoexample.gluu.org"), # default +]) +def test_config_hostname_2(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.configuration import PromptConfiguration + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + + settings.set("config.countryCode", "US") + settings.set("config.state", "TX") + settings.set("config.city", "Austin") + settings.set("config.email", "support@gluu.org") + settings.set("config.orgName", "Gluu") + settings.set("config.adminPassword", "Admin GUI") + settings.set("global.fqdn", "") + settings.set("config.migration.enabled", False) + + prompt = PromptConfiguration(settings) + prompt.prompt_config() + + assert settings.get("global.fqdn") == expected + + +@pytest.mark.parametrize("given, expected", [ + ("", "./ce-migration"), + ("migration", "migration") + +]) +def test_config_migration_dir(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.configuration import PromptConfiguration + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + + settings.set("config.countryCode", "US") + settings.set("config.state", "TX") + settings.set("config.city", "Austin") + settings.set("config.email", "support@gluu.org") + settings.set("config.orgName", "Gluu") + settings.set("config.adminPassword", "Admin GUI") + settings.set("global.fqdn", "demoexample.gluu.org") + settings.set("config.migration.enabled", True) + settings.set("config.migration.migrationDir", "") + + prompt = PromptConfiguration(settings) + prompt.prompt_config() + + assert settings.get("config.migration.migrationDir") == expected + + +@pytest.mark.parametrize("given, expected", [ + ("", "ldif"), + ("ldif", "ldif"), + ("couchbase+json", "couchbase+json"), + ("spanner+avro", "spanner+avro"), + ("postgresql+json", "postgresql+json"), + ("mysql+json", "mysql+json") +]) +def test_config_migration_dir(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.configuration import PromptConfiguration + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + + settings.set("config.countryCode", "US") + settings.set("config.state", "TX") + settings.set("config.city", "Austin") + settings.set("config.email", "support@gluu.org") + settings.set("config.orgName", "Gluu") + settings.set("config.adminPassword", "Admin GUI") + settings.set("global.fqdn", "demoexample.gluu.org") + settings.set("config.migration.enabled", True) + settings.set("config.migration.migrationDir", "./ce-migration") + settings.set("config.migration.migrationDataFormat", "") + + prompt = PromptConfiguration(settings) + prompt.prompt_config() + + assert settings.get("config.migration.migrationDataFormat") == expected \ No newline at end of file diff --git a/helm/tests/terminal/test_confirmsettings.py b/helm/tests/terminal/test_confirmsettings.py new file mode 100644 index 00000000000..b10d0089674 --- /dev/null +++ b/helm/tests/terminal/test_confirmsettings.py @@ -0,0 +1,21 @@ +def test_confirmsettings_confirm_params_accepted(monkeypatch, settings): + from pygluu.kubernetes.terminal.confirmsettings import PromptConfirmSettings + + monkeypatch.setattr("click.confirm", lambda x: True) + + settings.set("installer-settings.confirmSettings", "") + prompt = PromptConfirmSettings(settings) + prompt.confirm_params() + assert settings.get("installer-settings.confirmSettings") + + +def test_confirmsettings_confirm_params_rejected(monkeypatch, settings): + from pygluu.kubernetes.terminal.confirmsettings import PromptConfirmSettings + + monkeypatch.setattr("click.confirm", lambda x: False) + # mock Prompt.prompt + monkeypatch.setattr("pygluu.kubernetes.terminal.prompt.Prompt.prompt", lambda x: None) + + prompt = PromptConfirmSettings(settings) + prompt.confirm_params() + assert settings.get("installer-settings.confirmSettings") == False diff --git a/helm/tests/terminal/test_couchbase.py b/helm/tests/terminal/test_couchbase.py new file mode 100644 index 00000000000..297f120a57f --- /dev/null +++ b/helm/tests/terminal/test_couchbase.py @@ -0,0 +1,122 @@ +import pytest + +def test_prompt_couchbase_ip(monkeypatch, settings): + from pygluu.kubernetes.terminal.couchbase import PromptCouchbase + from pygluu.kubernetes.terminal.helpers import gather_ip + + monkeypatch.setattr("click.prompt", lambda x, default: gather_ip) + + settings.set("global.lbIp", "") + prompt = PromptCouchbase(settings) + prompt.prompt_couchbase() + assert settings.get("global.lbIp") == gather_ip + + +def test_prompt_couchbase_namespace(monkeypatch, settings): + from pygluu.kubernetes.terminal.couchbase import PromptCouchbase + + monkeypatch.setattr("click.prompt", lambda x, default: "cbns") + + settings.set("installer-settings.couchbase.namespace", "") + prompt = PromptCouchbase(settings) + prompt.prompt_couchbase() + assert settings.get("installer-settings.couchbase.namespace") == "cbns" + + +def test_prompt_couchbase_cluster(monkeypatch, settings): + from pygluu.kubernetes.terminal.couchbase import PromptCouchbase + + monkeypatch.setattr("click.prompt", lambda x, default: "cbgluu") + + settings.set("installer-settings.couchbase.clusterName", "") + prompt = PromptCouchbase(settings) + prompt.prompt_couchbase() + assert settings.get("installer-settings.couchbase.clusterName") == "cbgluu" + + +def test_prompt_couchbase_bucket(monkeypatch, settings): + from pygluu.kubernetes.terminal.couchbase import PromptCouchbase + + monkeypatch.setattr("click.prompt", lambda x, default: "gluu") + + settings.set("config.configmap.cnCouchbaseBucketPrefix", "") + prompt = PromptCouchbase(settings) + prompt.prompt_couchbase() + assert settings.get("config.configmap.cnCouchbaseBucketPrefix") == "gluu" + + +def test_prompt_couchbase_replicanum(monkeypatch, settings): + from pygluu.kubernetes.terminal.couchbase import PromptCouchbase + + monkeypatch.setattr("click.prompt", lambda x, default: "0") + + settings.set("config.configmap.cnCouchbaseIndexNumReplica", "") + prompt = PromptCouchbase(settings) + prompt.prompt_couchbase() + assert settings.get("config.configmap.cnCouchbaseIndexNumReplica") == "0" + + +def test_prompt_couchbase_superuser(monkeypatch, settings): + from pygluu.kubernetes.terminal.couchbase import PromptCouchbase + + monkeypatch.setattr("click.prompt", lambda x, default: "admin") + + settings.set("config.configmap.cnCouchbaseSuperUser", "") + prompt = PromptCouchbase(settings) + prompt.prompt_couchbase() + assert settings.get("config.configmap.cnCouchbaseSuperUser") == "admin" + + +def test_prompt_couchbase_user(monkeypatch, settings): + from pygluu.kubernetes.terminal.couchbase import PromptCouchbase + + monkeypatch.setattr("click.prompt", lambda x, default: "gluu") + + settings.set("config.configmap.cnCouchbaseUser", "") + prompt = PromptCouchbase(settings) + prompt.prompt_couchbase() + assert settings.get("config.configmap.cnCouchbaseUser") == "gluu" + + +def test_prompt_couchbase_users(monkeypatch, settings): + from pygluu.kubernetes.terminal.couchbase import PromptCouchbase + + monkeypatch.setattr("click.prompt", lambda x, default: "1000000") + + settings.set("installer-settings.couchbase.totalNumberOfExpectedUsers", "") + prompt = PromptCouchbase(settings) + prompt.prompt_couchbase_yaml() + assert settings.get("installer-settings.couchbase.totalNumberOfExpectedUsers") == "1000000" + + +def test_prompt_couchbase_transactions(monkeypatch, settings): + from pygluu.kubernetes.terminal.couchbase import PromptCouchbase + + monkeypatch.setattr("click.prompt", lambda x, default: 2000) + + settings.set("installer-settings.couchbase.totalNumberOfExpectedTransactionsPerSec", "") + prompt = PromptCouchbase(settings) + prompt.prompt_couchbase_yaml() + assert settings.get("installer-settings.couchbase.totalNumberOfExpectedTransactionsPerSec") == 2000 + + +def test_prompt_couchbase_volumetype(monkeypatch, settings): + from pygluu.kubernetes.terminal.couchbase import PromptCouchbase + + monkeypatch.setattr("click.prompt", lambda x, default: "io1") + + settings.set("installer-settings.couchbase.volumeType", "") + prompt = PromptCouchbase(settings) + prompt.prompt_couchbase_yaml() + assert settings.get("installer-settings.couchbase.volumeType") == "io1" + + +def test_prompt_couchbase_commonname(monkeypatch, settings): + from pygluu.kubernetes.terminal.couchbase import PromptCouchbase + + monkeypatch.setattr("click.prompt", lambda x, default: "Couchbase CA") + cm = "Couchbase CA" + settings.set("installer-settings.couchbase.commonName", cm) + prompt = PromptCouchbase(settings) + prompt.prompt_couchbase_yaml() + assert settings.get("installer-settings.couchbase.commonName") == cm \ No newline at end of file diff --git a/helm/tests/terminal/test_distribution.py b/helm/tests/terminal/test_distribution.py new file mode 100644 index 00000000000..04b8b5ad97e --- /dev/null +++ b/helm/tests/terminal/test_distribution.py @@ -0,0 +1,16 @@ +import pytest + + +@pytest.mark.parametrize("given, expected", [ + ("", "default"), # default + (1, "default"), + (2, "openbanking"), +]) +def test_distribution(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.distribution import PromptDistribution + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + + settings.set("global.distribution", "") + PromptDistribution(settings).prompt_distribution() + assert settings.get("global.distribution") == expected diff --git a/helm/tests/terminal/test_gke.py b/helm/tests/terminal/test_gke.py new file mode 100644 index 00000000000..97cf2cff47c --- /dev/null +++ b/helm/tests/terminal/test_gke.py @@ -0,0 +1,30 @@ +def test_prompt_gke_account(monkeypatch, settings): + from pygluu.kubernetes.terminal.gke import PromptGke + + monkeypatch.setattr("click.prompt", lambda x: "random@gmail.local") + + PromptGke(settings).prompt_gke() + assert settings.get("GMAIL_ACCOUNT") == "random@gmail.local" + + +def test_prompt_gke_vol_type(monkeypatch, settings): + from pygluu.kubernetes.terminal.gke import PromptGke + + class FakePopen: + returncode = 0 + + def __init__(self, *args, **kwargs): + pass + + def communicate(self): + return b"/home/random", b"" + + monkeypatch.setattr("subprocess.Popen", FakePopen) + + settings.set("GMAIL_ACCOUNT", "random@gmail.local") + settings.set("APP_VOLUME_TYPE", 11) + settings.set("NODES_NAMES", ["node-1"]) + settings.set("NODES_ZONES", ["zone-1"]) + + PromptGke(settings).prompt_gke() + assert settings.get("GOOGLE_NODE_HOME_DIR") == "/home/random" diff --git a/helm/tests/terminal/test_helm.py b/helm/tests/terminal/test_helm.py new file mode 100644 index 00000000000..852f69da0c2 --- /dev/null +++ b/helm/tests/terminal/test_helm.py @@ -0,0 +1,72 @@ +import pytest + + +@pytest.mark.parametrize("given, expected", [ + ("", "gluu"), # default + ("random", "random"), +]) +def test_helm_release_name(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.helm import PromptHelm + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + + settings.set("installer-settings.nginxIngress.releaseName", "ningress") + settings.set("installer-settings.nginxIngress.namespace", "ingress-nginx") + settings.set("opendj.multiCluster.enabled", False) + settings.set("installer-settings.releaseName", "") + + prompt = PromptHelm(settings) + prompt.prompt_helm() + assert settings.get("installer-settings.releaseName") == expected + + +@pytest.mark.parametrize("given, expected", [ + ("", "ningress"), # default + ("random", "random"), +]) +def test_helm_ingress_release_name(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.helm import PromptHelm + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + + settings.set("installer-settings.releaseName", "gluu") + settings.set("installer-settings.nginxIngress.namespace", "ingress-nginx") + settings.set("opendj.multiCluster.enabled", False) + settings.set("installer-settings.nginxIngress.releaseName", "") + + prompt = PromptHelm(settings) + prompt.prompt_helm() + assert settings.get("installer-settings.nginxIngress.releaseName") == expected + + +@pytest.mark.parametrize("given, expected", [ + ("", "ingress-nginx"), # default + ("random", "random"), +]) +def test_helm_ingress_namespace(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.helm import PromptHelm + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + + settings.set("installer-settings.nginxIngress.releaseName", "ningress") + settings.set("installer-settings.releaseName", "gluu") + settings.set("opendj.multiCluster.enabled", False) + settings.set("installer-settings.nginxIngress.namespace", "") + + prompt = PromptHelm(settings) + prompt.prompt_helm() + assert settings.get("installer-settings.nginxIngress.namespace") == expected + + +@pytest.mark.parametrize("given, expected", [ + (False, False), +]) +def test_aws_arn(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.helm import PromptHelm + + monkeypatch.setattr("click.confirm", lambda x: given) + settings.set("global.cnPersistenceType", "ldap") + settings.set("opendj.multiCluster.enabled", False) + prompt = PromptHelm(settings) + prompt.prompt_helm() + assert settings.get("opendj.multiCluster.enabled") == expected diff --git a/helm/tests/terminal/test_helpers.py b/helm/tests/terminal/test_helpers.py new file mode 100644 index 00000000000..5ac5f3fa9b1 --- /dev/null +++ b/helm/tests/terminal/test_helpers.py @@ -0,0 +1,55 @@ +import pytest +import click +from pygluu.kubernetes.terminal.helpers import gather_ip +import pygluu.kubernetes.terminal.helpers as module0 +import logging + + +@pytest.mark.parametrize("given, expected", [ + (True, True), + (False, False), +]) +def test_confirm_ip(monkeypatch, given, expected): + + monkeypatch.setattr("click.confirm", lambda x: given) + assert click.confirm("Random question") == expected + + +def test_list_nodes_ip(monkeypatch, settings): + gather_ip = "22.22.22.22" + monkeypatch.setattr("click.prompt", lambda x, default: gather_ip) + + settings.set("global.storageClass.provisioner", "kubernetes.io/aws-ebs") + assert gather_ip == gather_ip + + +def test_k8s_node_address(monkeypatch, settings): + gather_ip = "22.22.22.22" + monkeypatch.setattr("click.prompt", lambda x, default: gather_ip) + settings.set("global.storageClass.provisioner", "kubernetes.io/aws-ebs") + assert gather_ip == gather_ip + + +def test_list_nodes_ip(caplog, settings): + # set collection to something that is not a collection + gather_ip = "22.22.22.22" + settings.set("global.storageClass.provisioner", "kubernetes.io/aws-ebs") + + with caplog.at_level(logging.INFO): + assert gather_ip == gather_ip + + +def test_unode_ip_list(caplog, settings): + # set collection to something that is not a collection + gather_ip = "22.22.22.22" + settings.set("global.storageClass.provisioner", "kubernetes.io/aws-ebs") + + with caplog.at_level(logging.INFO): + assert gather_ip == gather_ip + + +def test_base_exception(): + try: + var0 = module0.gather_ip() + except BaseException: + pass diff --git a/helm/tests/terminal/test_images.py b/helm/tests/terminal/test_images.py new file mode 100644 index 00000000000..0d3339c2871 --- /dev/null +++ b/helm/tests/terminal/test_images.py @@ -0,0 +1,114 @@ +import pytest + + +@pytest.mark.parametrize("given, expected", [ + (True, True), +]) +def test_testenv_prompt_test_edit_casa(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.images import PromptImages + + monkeypatch.setattr("click.prompt", lambda x, default: given) + settings.set("installer-settings.images.edit", True) + settings.set("config.configmap.cnCasaEnabled", True) + prompt = PromptImages(settings) + prompt.prompt_image_name_tag() + assert settings.get("casa.image.tag") == expected + + +@pytest.mark.parametrize("given, expected", [ + (True, True), +]) +def test_testenv_prompt_test_edit_crrotate(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.images import PromptImages + + monkeypatch.setattr("click.prompt", lambda x, default: given) + settings.set("installer-settings.images.edit", True) + settings.set("global.cr-rotate.enabled", True) + prompt = PromptImages(settings) + prompt.prompt_image_name_tag() + assert settings.get("cr-rotate.image.tag") == expected + + +@pytest.mark.parametrize("given, expected", [ + (True, True), +]) +def test_testenv_prompt_test_edit_keyauth(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.images import PromptImages + + monkeypatch.setattr("click.prompt", lambda x, default: given) + settings.set("installer-settings.images.edit", True) + settings.set("global.auth-server-key-rotation.enabled", True) + prompt = PromptImages(settings) + prompt.prompt_image_name_tag() + assert settings.get("auth-server-key-rotation.image.tag") == expected + + +@pytest.mark.parametrize("given, expected", [ + (True, True), +]) +def test_testenv_prompt_test_edit_hybrid(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.images import PromptImages + + monkeypatch.setattr("click.prompt", lambda x, default: given) + settings.set("installer-settings.images.edit", True) + settings.set("config.configmap.cnCacheType", "hybrid") + prompt = PromptImages(settings) + prompt.prompt_image_name_tag() + assert settings.get("opendj.image.tag") == expected + + +@pytest.mark.parametrize("given, expected", [ + (True, True), +]) +def test_testenv_prompt_test_edit_ldap(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.images import PromptImages + + monkeypatch.setattr("click.prompt", lambda x, default: given) + settings.set("installer-settings.images.edit", True) + settings.set("config.configmap.cnCacheType", "ldap") + prompt = PromptImages(settings) + prompt.prompt_image_name_tag() + assert settings.get("opendj.image.tag") == expected + + +@pytest.mark.parametrize("given, expected", [ + (True, True), +]) +def test_testenv_prompt_test_edit_clientapi(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.images import PromptImages + + monkeypatch.setattr("click.prompt", lambda x, default: given) + settings.set("installer-settings.images.edit", True) + settings.set("global.client-api.enabled", True) + prompt = PromptImages(settings) + prompt.prompt_image_name_tag() + assert settings.get("client-api.image.tag") == expected + + +@pytest.mark.parametrize("given, expected", [ + (True, True), +]) +def test_testenv_prompt_test_edit_oxpassport(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.images import PromptImages + + monkeypatch.setattr("click.prompt", lambda x, default: given) + settings.set("installer-settings.images.edit", True) + settings.set("config.configmap.cnPassportEnabled", True) + prompt = PromptImages(settings) + prompt.prompt_image_name_tag() + assert settings.get("oxpassport.image.tag") == expected + + +@pytest.mark.parametrize("given, expected", [ + (True, True), +]) +def test_testenv_prompt_test_edit_oxshiboleth(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.images import PromptImages + + monkeypatch.setattr("click.prompt", lambda x, default: given) + settings.set("installer-settings.images.edit", True) + settings.set("global.oxshibboleth.enabled", True) + prompt = PromptImages(settings) + prompt.prompt_image_name_tag() + assert settings.get("oxshibboleth.image.tag") == expected + diff --git a/helm/tests/terminal/test_istio.py b/helm/tests/terminal/test_istio.py new file mode 100644 index 00000000000..721dbf16077 --- /dev/null +++ b/helm/tests/terminal/test_istio.py @@ -0,0 +1,67 @@ +import pytest + + +@pytest.mark.parametrize("given, expected", [ + (False, False), + (True, True), +]) +def test_istio_ingress(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.istio import PromptIstio + + monkeypatch.setattr("click.confirm", lambda x: given) + settings.set("global.istio.ingress", "") + settings.set("global.storageClass.provisioner", "kubernetes.io/azure-disk") + prompt = PromptIstio(settings) + prompt.prompt_istio() + assert settings.get("global.istio.ingress") == expected + + +def test_istio_enabled_prompt(monkeypatch, settings): + from pygluu.kubernetes.terminal.istio import PromptIstio + + monkeypatch.setattr("click.prompt", lambda x, default: True) + + settings.set("global.istio.ingress", True) + settings.set("global.istio.enabled", "False") + prompt = PromptIstio(settings) + prompt.prompt_istio() + assert settings.get("global.istio.enabled") + + +@pytest.mark.parametrize("given, expected", [ + (False, False), + (True, True), +]) +def test_global_istio_enabled(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.istio import PromptIstio + + monkeypatch.setattr("click.confirm", lambda x: given) + settings.set("global.istio.enabled", "") + prompt = PromptIstio(settings) + prompt.prompt_istio() + assert settings.get("global.istio.enabled") == expected + + +def test_istio_namespace(monkeypatch, settings): + from pygluu.kubernetes.terminal.istio import PromptIstio + + monkeypatch.setattr("click.prompt", lambda x, default: "istio-system") + + settings.set("global.istio.namespace", "") + settings.set("global.istio.enabled", True) + prompt = PromptIstio(settings) + prompt.prompt_istio() + assert settings.get("global.istio.namespace") == "istio-system" + + +def test_istio_lbaddr(monkeypatch, settings): + from pygluu.kubernetes.terminal.istio import PromptIstio + + monkeypatch.setattr("click.prompt", lambda x, default: "") + + settings.set("global.istio.namespace", "") + settings.set("global.istio.enabled", True) + settings.set("config.configmap.lbAddr", "") + prompt = PromptIstio(settings) + prompt.prompt_istio() + assert settings.get("config.configmap.lbAddr") == "" diff --git a/helm/tests/terminal/test_jackrabbit.py b/helm/tests/terminal/test_jackrabbit.py new file mode 100644 index 00000000000..23c6c640b6e --- /dev/null +++ b/helm/tests/terminal/test_jackrabbit.py @@ -0,0 +1,100 @@ +import pytest + + +def test_jackrabbit_enable(monkeypatch, settings): + from pygluu.kubernetes.terminal.jackrabbit import PromptJackrabbit + + monkeypatch.setattr("click.confirm", lambda x, default: True) + + settings.set("jackrabbit.secrets.cnJackrabbitAdminPassword", "Test1234#") + settings.set("config.configmap.cnJackrabbitAdminId", "admin") + settings.set("jackrabbit.storage.size", "4Gi") + settings.set("global.jackrabbit.enabled", "") + + prompt = PromptJackrabbit(settings) + prompt.prompt_jackrabbit() + + assert settings.get("global.jackrabbit.enabled") + assert settings.get("jackrabbit.storage.size") == "4Gi" + assert settings.get("config.configmap.cnJackrabbitUrl") == "http://jackrabbit:8080" + assert settings.get("config.configmap.cnJackrabbitAdminId") == "admin" + assert settings.get("jackrabbit.secrets.cnJackrabbitAdminPassword") == "Test1234#" + + +def test_jackrabbit_disable_no_url(monkeypatch, settings): + from pygluu.kubernetes.terminal.jackrabbit import PromptJackrabbit + + monkeypatch.setattr("click.confirm", lambda x, default: False) + monkeypatch.setattr("click.prompt", lambda x, default: "http://jackrabbit:8080") + + settings.set("config.configmap.cnJackrabbitAdminId", "admin") + settings.set("jackrabbit.secrets.cnJackrabbitAdminPassword", "Test1234#") + settings.set("installer-settings.jackrabbit.clusterMode", "N") + settings.set("config.configmap.cnJackrabbitUrl", "") + + prompt = PromptJackrabbit(settings) + prompt.prompt_jackrabbit() + + assert settings.get("config.configmap.cnJackrabbitUrl") == "http://jackrabbit:8080" + + +def test_jackrabit_adminid(monkeypatch, settings): + from pygluu.kubernetes.terminal.jackrabbit import PromptJackrabbit + + monkeypatch.setattr("click.prompt", lambda x, default: "admin") + + settings.set("config.configmap.cnJackrabbitAdminId", "") + prompt = PromptJackrabbit(settings) + prompt.prompt_jackrabbit() + assert settings.get("config.configmap.cnJackrabbitAdminId") == "admin" + + +@pytest.mark.parametrize("given, expected", [ + (False, False), + (True, True), +]) +def test_testenv_prompt_test_environment(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.jackrabbit import PromptJackrabbit + + monkeypatch.setattr("click.confirm", lambda x, default: given) + settings.set("installer-settings.postgres.namespace", "test") + settings.set("installer-settings.jackrabbit.clusterMode", "") + prompt = PromptJackrabbit(settings) + prompt.prompt_jackrabbit() + assert settings.get("installer-settings.jackrabbit.clusterMode") == expected + + +def test_jackrabit_postgresdb(monkeypatch, settings): + from pygluu.kubernetes.terminal.jackrabbit import PromptJackrabbit + + monkeypatch.setattr("click.prompt", lambda x, default: "jackrabbit") + settings.set("installer-settings.postgres.install", True) + settings.set("installer-settings.jackrabbit.clusterMode", True) + settings.set("config.configmap.cnJackrabbitPostgresDatabaseName", "") + prompt = PromptJackrabbit(settings) + prompt.prompt_jackrabbit() + assert settings.get("config.configmap.cnJackrabbitPostgresDatabaseName") == "jackrabbit" + + +def test_jackrabit_postgresuser(monkeypatch, settings): + from pygluu.kubernetes.terminal.jackrabbit import PromptJackrabbit + + monkeypatch.setattr("click.prompt", lambda x, default: "jackrabbit") + settings.set("installer-settings.postgres.install", True) + settings.set("installer-settings.jackrabbit.clusterMode", True) + settings.set("config.configmap.cnJackrabbitPostgresUser", "") + prompt = PromptJackrabbit(settings) + prompt.prompt_jackrabbit() + assert settings.get("config.configmap.cnJackrabbitPostgresUser") == "jackrabbit" + + +def test_jackrabit_postgressize(monkeypatch, settings): + from pygluu.kubernetes.terminal.jackrabbit import PromptJackrabbit + + monkeypatch.setattr("click.prompt", lambda x, default: "4Gi") + + settings.set("global.jackrabbit.enabled", True) + settings.set("jackrabbit.storage.size", "") + prompt = PromptJackrabbit(settings) + prompt.prompt_jackrabbit() + assert settings.get("jackrabbit.storage.size") == "4Gi" diff --git a/helm/tests/terminal/test_ldap.py b/helm/tests/terminal/test_ldap.py new file mode 100644 index 00000000000..697731fd442 --- /dev/null +++ b/helm/tests/terminal/test_ldap.py @@ -0,0 +1,20 @@ +import pytest + + +@pytest.mark.parametrize("given, expected", [ + (1, "default"), + (2, "user"), + (3, "site"), + (4, "cache"), + (5, "token"), + (6, "session"), + (0, "default"), +]) +def test_prompt_hybrid_ldap_held_data(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.ldap import PromptLdap + + monkeypatch.setattr("click.prompt", lambda x, default: given) + + settings.set("config.configmap.cnPersistenceLdapMapping", "") + PromptLdap(settings).prompt_hybrid_ldap_held_data() + assert settings.get("config.configmap.cnPersistenceLdapMapping") == expected diff --git a/helm/tests/terminal/test_license.py b/helm/tests/terminal/test_license.py new file mode 100644 index 00000000000..28ce24378df --- /dev/null +++ b/helm/tests/terminal/test_license.py @@ -0,0 +1,19 @@ +import pytest + + +def test_license_accepted(monkeypatch, settings): + from pygluu.kubernetes.terminal.license import PromptLicense + + monkeypatch.setattr("click.confirm", lambda x: True) + + PromptLicense(settings) + assert settings.get("installer-settings.acceptLicense") + + +def test_license_rejected(monkeypatch, settings): + from pygluu.kubernetes.terminal.license import PromptLicense + + monkeypatch.setattr("click.confirm", lambda x: False) + + with pytest.raises(SystemExit): + PromptLicense(settings) diff --git a/helm/tests/terminal/test_namespace.py b/helm/tests/terminal/test_namespace.py new file mode 100644 index 00000000000..280d7536a33 --- /dev/null +++ b/helm/tests/terminal/test_namespace.py @@ -0,0 +1,15 @@ +import pytest + + +@pytest.mark.parametrize("given, expected", [ + ("", "gluu"), + ("my-ns", "my-ns"), +]) +def test_gluu_namespace(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.namespace import PromptNamespace + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + settings.set("installer-settings.namespace", "") + prompt = PromptNamespace(settings) + prompt.prompt_gluu_namespace() + assert settings.get("installer-settings.namespace") == expected diff --git a/helm/tests/terminal/test_openbanking.py b/helm/tests/terminal/test_openbanking.py new file mode 100644 index 00000000000..35f926e84f3 --- /dev/null +++ b/helm/tests/terminal/test_openbanking.py @@ -0,0 +1,30 @@ +import pytest +from unittest.mock import patch, mock_open + + +@pytest.mark.parametrize("given, expected", [ + ("", "https://keystore.openbankingtest.org.uk/keystore/openbanking.jwks"), # default + ("random", "random"), +]) +def test_ob_external_jwks(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.openbanking import PromptOpenBanking + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + + settings.set("global.cnObExtSigningJwksUri", "") + settings.set("global.cnObExtSigningJwksCrt", "random") + settings.set("global.cnObExtSigningJwksKey", "random") + settings.set("global.cnObExtSigningJwksKeyPassPhrase", "random") + settings.set("global.cnObExtSigningAlias", "random") + settings.set("global.cnObStaticSigningKeyKid", "random") + settings.set("global.cnObTransportCrt", "random") + settings.set("global.cnObTransportKey", "random") + settings.set("global.cnObTransportKeyPassPhrase", "random") + settings.set("global.cnObTransportAlias", "random") + settings.set("installer-settings.openbanking.hasCnObTransportTrustStore", True) + settings.set("global.cnObTransportTrustStore", "random") + + prompt = PromptOpenBanking(settings) + prompt.prompt_openbanking() + + assert settings.get("global.cnObExtSigningJwksUri") == expected diff --git a/helm/tests/terminal/test_optionalservices.py b/helm/tests/terminal/test_optionalservices.py new file mode 100644 index 00000000000..9fa27ae3859 --- /dev/null +++ b/helm/tests/terminal/test_optionalservices.py @@ -0,0 +1,141 @@ +import pytest + + +@pytest.mark.parametrize("given, expected", [ + (True, True), +]) +def test_prompt_casa(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.optionalservices import PromptOptionalServices + + monkeypatch.setattr("click.confirm", lambda x: given) + + settings.set("config.configmap.cnCasaEnabled", True) + settings.set("global.client-api.enabled", "") + prompt = PromptOptionalServices(settings) + prompt.prompt_optional_services() + assert settings.get("global.client-api.enabled") == expected + + +@pytest.mark.parametrize("given, expected", [ + (False, False), + (True, True), +]) +def test_testenv_prompt_crrotate(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.optionalservices import PromptOptionalServices + + monkeypatch.setattr("click.confirm", lambda x: given) + settings.set("global.cr-rotate.enabled", "") + prompt = PromptOptionalServices(settings) + prompt.prompt_optional_services() + assert settings.get("global.cr-rotate.enabled") == expected + + +@pytest.mark.parametrize("given, expected", [ + (False, False), +]) +def test_testenv_kyerotation(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.optionalservices import PromptOptionalServices + + monkeypatch.setattr("click.confirm", lambda x: given) + settings.set("global.auth-server-key-rotation.enabled", "") + prompt = PromptOptionalServices(settings) + prompt.prompt_optional_services() + assert settings.get("global.auth-server-key-rotation.enabled") == expected + + +@pytest.mark.parametrize("given, expected", [ + (False, False), + (True, True), +]) +def test_testenv_prompt_passport(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.optionalservices import PromptOptionalServices + + monkeypatch.setattr("click.confirm", lambda x: given) + settings.set("config.configmap.cnPassportEnabled", "") + prompt = PromptOptionalServices(settings) + prompt.prompt_optional_services() + assert settings.get("config.configmap.cnPassportEnabled") == expected + + +@pytest.mark.parametrize("given, expected", [ + (False, False), + (True, True), +]) +def test_testenv_prompt_cncasat(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.optionalservices import PromptOptionalServices + + monkeypatch.setattr("click.confirm", lambda x: given) + settings.set("config.configmap.cnCasaEnabled", "") + prompt = PromptOptionalServices(settings) + prompt.prompt_optional_services() + assert settings.get("config.configmap.cnCasaEnabled") == expected + + +@pytest.mark.parametrize("given, expected", [ + (False, False), + (True, True), +]) +def test_testenv_prompt_oxshibboleth(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.optionalservices import PromptOptionalServices + + monkeypatch.setattr("click.confirm", lambda x: given) + settings.set("global.oxshibboleth.enabled", "") + prompt = PromptOptionalServices(settings) + prompt.prompt_optional_services() + assert settings.get("global.oxshibboleth.enabled") == expected + + +@pytest.mark.parametrize("given, expected", [ + (False, False), + (True, True), +]) +def test_testenv_prompt_fido2(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.optionalservices import PromptOptionalServices + + monkeypatch.setattr("click.confirm", lambda x: given) + settings.set("global.fido2.enabled", "") + prompt = PromptOptionalServices(settings) + prompt.prompt_optional_services() + assert settings.get("global.fido2.enabled") == expected + + +@pytest.mark.parametrize("given, expected", [ + (False, False), + (True, True), +]) +def test_testenv_prompt_configapit(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.optionalservices import PromptOptionalServices + + monkeypatch.setattr("click.confirm", lambda x: given) + settings.set("global.config-api.enabled", "") + prompt = PromptOptionalServices(settings) + prompt.prompt_optional_services() + assert settings.get("global.config-api.enabled") == expected + + +@pytest.mark.parametrize("given, expected", [ + (False, False), + (True, True), +]) +def test_testenv_prompt_scim(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.optionalservices import PromptOptionalServices + + monkeypatch.setattr("click.confirm", lambda x: given) + settings.set("global.scim.enabled", "") + prompt = PromptOptionalServices(settings) + prompt.prompt_optional_services() + assert settings.get("global.scim.enabled") == expected + + +@pytest.mark.parametrize("given, expected", [ + (False, False), + (True, True), +]) +def test_testenv_prompt_clientapi(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.optionalservices import PromptOptionalServices + + monkeypatch.setattr("click.confirm", lambda x: given) + settings.set("global.client-api.enabled", "") + prompt = PromptOptionalServices(settings) + prompt.prompt_optional_services() + assert settings.get("global.client-api.enabled") == expected diff --git a/helm/tests/terminal/test_persistencebackend.py b/helm/tests/terminal/test_persistencebackend.py new file mode 100644 index 00000000000..da73578adfb --- /dev/null +++ b/helm/tests/terminal/test_persistencebackend.py @@ -0,0 +1,29 @@ +def test_prompt_persistence_backend_ldap(monkeypatch, settings): + from pygluu.kubernetes.terminal.persistencebackend import PromptPersistenceBackend + + monkeypatch.setattr("click.prompt", lambda x, default: 1) + + settings.set("global.cnPersistenceType", "") + PromptPersistenceBackend(settings).prompt_persistence_backend() + + assert settings.get("global.cnPersistenceType") == "ldap" + + +def test_prompt_persistence_backend_couchbase(monkeypatch, settings): + from pygluu.kubernetes.terminal.persistencebackend import PromptPersistenceBackend + + monkeypatch.setattr("click.prompt", lambda x, default: 2) + + settings.set("global.cnPersistenceType", "") + PromptPersistenceBackend(settings).prompt_persistence_backend() + assert settings.get("global.cnPersistenceType") == "couchbase" + + +def test_prompt_persistence_backend_hybrid(monkeypatch, settings): + from pygluu.kubernetes.terminal.persistencebackend import PromptPersistenceBackend + + monkeypatch.setattr("click.prompt", lambda x, default: 3) + + settings.set("global.cnPersistenceType", "") + PromptPersistenceBackend(settings).prompt_persistence_backend() + assert settings.get("global.cnPersistenceType") == "hybrid" diff --git a/helm/tests/terminal/test_postgres.py b/helm/tests/terminal/test_postgres.py new file mode 100644 index 00000000000..f6102d1a982 --- /dev/null +++ b/helm/tests/terminal/test_postgres.py @@ -0,0 +1,45 @@ +import pytest + + +@pytest.mark.parametrize("given, expected", [ + ("", "postgres"), # default + ("random", "random"), +]) +def test_postgres_namespace(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.postgres import PromptPostgres + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + settings.set("installer-settings.postgres.install", True) + settings.set("config.configmap.cnJackrabbitPostgresHost", "postgres.postgres.svc.cluster.local") + settings.set("installer-settings.postgres.namespace", "") + + prompt = PromptPostgres(settings) + prompt.prompt_postgres() + assert settings.get("installer-settings.postgres.namespace") == expected + + +@pytest.mark.parametrize("given, expected", [ + ("", "postgresql.jackrabbitpostgres.svc.cluster.local")]) +def test_postgres_url(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.postgres import PromptPostgres + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + settings.set("installer-settings.postgres.install", True) + settings.set("installer-settings.postgres.namespace", "postgres") + settings.set("config.configmap.cnJackrabbitPostgresHost", "") + + prompt = PromptPostgres(settings) + prompt.prompt_postgres() + assert settings.get("config.configmap.cnJackrabbitPostgresHost") == expected + + +def test_prompt_postgres_install(monkeypatch, settings): + from pygluu.kubernetes.terminal.postgres import PromptPostgres + + monkeypatch.setattr("click.confirm", lambda x, default: True) + settings.set("installer-settings.postgres.namespace", "postgres") + settings.set("installer-settings.postgres.install", "") + prompt = PromptPostgres(settings) + prompt.prompt_postgres() + + assert settings.get("installer-settings.postgres.install") == True diff --git a/helm/tests/terminal/test_prompt.py b/helm/tests/terminal/test_prompt.py new file mode 100644 index 00000000000..5e06723ece2 --- /dev/null +++ b/helm/tests/terminal/test_prompt.py @@ -0,0 +1,208 @@ +import pytest +from pygluu.kubernetes.terminal.prompt import Prompt +check = Prompt() + + +def test_license(monkeypatch, settings): + + monkeypatch.setattr("click.confirm", lambda x: True) + + settings.set("installer-settings.acceptLicense", "Y") + check.license() + assert settings.get("installer-settings.acceptLicense") + + +@pytest.mark.skip(reason="this test needs fixing") +def test_versions(settings): + + settings.set("installer-settings.currentVersion", "5.2") + check.versions() + assert settings.get("installer-settings.currentVersion") == "5.2" + + +@pytest.mark.parametrize("given, expected", [ + (1, "microk8s.io/hostpath"), +]) +def test_arch(monkeypatch, settings, given, expected): + + monkeypatch.setattr("click.prompt", lambda x, default: given) + + settings.set("global.storageClass.provisioner", "microk8s.io/hostpath") + check.arch() + assert settings.get("global.storageClass.provisioner") == expected + + +@pytest.mark.parametrize("given, expected", [ + ("", "gluu"), +]) +def test_namespace(monkeypatch, settings, given, expected): + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + settings.set("installer-settings.namespace", "gluu") + check.namespace() + assert settings.get("installer-settings.namespace") == expected + + +@pytest.mark.parametrize("given, expected", [ + (True, True), +]) +def test_optional_services(monkeypatch, settings, given, expected): + + monkeypatch.setattr("click.confirm", lambda x: given) + settings.set("config.configmap.cnPassportEnabled", True) + check.optional_services() + assert settings.get("config.configmap.cnPassportEnabled") + + +def test_istio(monkeypatch, settings): + + monkeypatch.setattr("click.prompt", lambda x, default: "istio-system") + + settings.set("global.istio.namespace", "istio-system") + settings.set("global.istio.enabled", True) + check.istio() + assert settings.get("global.istio.namespace") == "istio-system" + + +def test_jackrabbit(monkeypatch, settings): + + monkeypatch.setattr("click.prompt", lambda x, default: "admin") + + settings.set("config.configmap.cnJackrabbitAdminId", "admin") + check.jackrabbit() + assert settings.get("config.configmap.cnJackrabbitAdminId") == "admin" + + +def test_persistence_backend(monkeypatch, settings): + + monkeypatch.setattr("click.prompt", lambda x, default: "hybrid") + + settings.set("global.cnPersistenceType", "hybrid") + check.persistence_backend() + assert settings.get("global.cnPersistenceType") == "hybrid" + + +@pytest.mark.parametrize("given, expected", [ + ("", "NATIVE_PERSISTENCE"), # default +]) +def test_cache(monkeypatch, settings, given, expected): + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + monkeypatch.setattr("pygluu.kubernetes.terminal.redis.PromptRedis.prompt_redis", lambda x: None) + settings.set("config.configmap.cnCacheType", "NATIVE_PERSISTENCE") + + check.cache() + assert settings.get("config.configmap.cnCacheType") == "NATIVE_PERSISTENCE" + + +def test_confirm_settings(monkeypatch, settings): + + monkeypatch.setattr("click.confirm", lambda x: True) + + settings.set("installer-settings.confirmSettings", True) + check.confirm_settings() + assert settings.get("installer-settings.confirmSettings") + + +def test_replicas(monkeypatch, settings): + + monkeypatch.setattr("click.prompt", lambda x, default: 1) + + settings.set("auth-server.replicas", 1) + check.replicas() + assert settings.get("auth-server.replicas") == 1 + + +@pytest.mark.skip(reason="this test needs fixing") +@pytest.mark.parametrize("given, expected", [ + ("", "demoexample.gluu.org"), # default +]) +def test_configuration(monkeypatch, settings, given, expected): + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + + settings.set("config.countryCode", "US") + settings.set("config.state", "TX") + settings.set("config.city", "Austin") + settings.set("config.email", "support@gluu.org") + settings.set("config.orgName", "Gluu") + settings.set("config.adminPassword", "Admin GUI") + settings.set("global.fqdn", "demoexample.gluu.org") + check.configuration() + assert settings.get("global.fqdn") == expected + + +@pytest.mark.parametrize("given, expected", [ + (False, False), +]) +def test_images(monkeypatch, settings, given, expected): + + monkeypatch.setattr("click.prompt", lambda x, default: given) + settings.set("installer-settings.images.edit", True) + settings.set("config.configmap.cnCacheType", "ldap") + check.images() + assert settings.get("opendj.image.tag") == expected + + +@pytest.mark.parametrize("given, expected", [ + (False, False), +]) +def test_test_environment(monkeypatch, settings, given, expected): + + monkeypatch.setattr("click.confirm", lambda x: given) + settings.set("global.cloud.testEnviroment", False) + settings.set("global.storageClass.provisioner", "awsEbsDynamic") + check.test_enviornment() + assert settings.get("global.cloud.testEnviroment") == expected + + +def test_ldap(monkeypatch, settings): + + monkeypatch.setattr("click.prompt", lambda x, default: "default") + + settings.set("config.configmap.cnPersistenceLdapMapping", "default") + settings.set("global.cnPersistenceType", "hybrid") + check.ldap() + assert settings.get("config.configmap.cnPersistenceLdapMapping") == "default" + + +def test_volume(settings, monkeypatch): + monkeypatch.setattr("click.prompt", lambda x, default: "microk8s.io/hostpath") + + settings.set("installer-settings.volumeProvisionStrategy", "microk8sDynamic") + settings.set("global.storageClass.provisioner", "microk8s.io/hostpath") + check.volumes() + assert settings.get("global.storageClass.provisioner") == "microk8s.io/hostpath" + + +def test_couchbase(monkeypatch, settings): + + monkeypatch.setattr("click.prompt", lambda x, default: "cbns") + + settings.set("installer-settings.couchbase.namespace", "cbns") + settings.set("global.cnPersistenceType", "couchbase") + check.couchbase() + assert settings.get("installer-settings.couchbase.namespace") == "cbns" + + +def test_backup(monkeypatch, settings): + + + monkeypatch.setattr("click.prompt", lambda x, default: "0 2 * * 6") + + settings.set("global.storageClass.provisioner", "awsEbsDynamic") + settings.set("global.cnPersistenceType", "couchbase") + settings.set("installer-settings.couchbase.backup.fullSchedule", "0 2 * * 6") + + check.backup() + + assert settings.get("installer-settings.couchbase.backup.fullSchedule") == "0 2 * * 6" + + +def test_confirms_settings(settings, monkeypatch): + + monkeypatch.setattr("click.confirm", lambda x: False) + monkeypatch.setattr("pygluu.kubernetes.terminal.prompt.Prompt.prompt", lambda x: None) + settings.set("installer-settings.confirmSettings", False) + check.confirm_settings() + assert settings.get("installer-settings.confirmSettings") == False \ No newline at end of file diff --git a/helm/tests/terminal/test_redis.py b/helm/tests/terminal/test_redis.py new file mode 100644 index 00000000000..231c8af7ad7 --- /dev/null +++ b/helm/tests/terminal/test_redis.py @@ -0,0 +1,43 @@ +import pygluu.kubernetes.terminal.redis as module0 +import click +import pytest + + +def test_prompt_redis_type(monkeypatch, settings): + from pygluu.kubernetes.terminal.redis import PromptRedis + + monkeypatch.setattr("click.prompt", lambda x, default: "CLUSTER") + + settings.set("config.configmap.cnRedisType", "") + prompt = PromptRedis(settings) + prompt.prompt_redis() + assert settings.get("config.configmap.cnRedisType") == "CLUSTER" + + +@pytest.mark.parametrize("given, expected", [ + ("", "redis.redis.svc.cluster.local"), # default + ("random", "random"), +]) +def test_redis_url(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.redis import PromptRedis + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + + settings.set("installer-settings.redis.namespace", "redis") + settings.set("config.configmap.cnRedisUrl", "") + + prompt = PromptRedis(settings) + prompt.prompt_redis() + assert settings.get("config.configmap.cnRedisUrl") == expected + + +def test_prompt_redis_install(monkeypatch, settings): + from pygluu.kubernetes.terminal.redis import PromptRedis + + monkeypatch.setattr("click.confirm", lambda x: True) + + settings.set("installer-settings.redis.install", True) + prompt = PromptRedis(settings) + prompt.prompt_redis() + + assert settings.get("installer-settings.redis.install") \ No newline at end of file diff --git a/helm/tests/terminal/test_replicas.py b/helm/tests/terminal/test_replicas.py new file mode 100644 index 00000000000..1229960a26a --- /dev/null +++ b/helm/tests/terminal/test_replicas.py @@ -0,0 +1,103 @@ +import pytest + + +def test_prompt_replicas_auth_server(monkeypatch, settings): + from pygluu.kubernetes.terminal.replicas import PromptReplicas + + monkeypatch.setattr("click.prompt", lambda x, default: 1) + + settings.set("auth-server.replicas", "") + PromptReplicas(settings).prompt_replicas() + assert settings.get("auth-server.replicas") == 1 + + +def test_prompt_replicas_fido2(monkeypatch, settings): + from pygluu.kubernetes.terminal.replicas import PromptReplicas + + monkeypatch.setattr("click.prompt", lambda x, default: 1) + + # bypass + settings.set("fido2.replicas", "") + + settings.set("global.fido2.enabled", "Y") + PromptReplicas(settings).prompt_replicas() + assert settings.get("fido2.replicas") == 1 + + +def test_prompt_replicas_scim(monkeypatch, settings): + from pygluu.kubernetes.terminal.replicas import PromptReplicas + + monkeypatch.setattr("click.prompt", lambda x, default: 1) + + # bypass + settings.set("scim.replicas", "") + + settings.set("global.scim.enabled", "Y") + PromptReplicas(settings).prompt_replicas() + assert settings.get("scim.replicas") == 1 + + +@pytest.mark.parametrize("type_", ["ldap", "hybrid"]) +def test_prompt_replicas_persistence(monkeypatch, settings, type_): + from pygluu.kubernetes.terminal.replicas import PromptReplicas + + monkeypatch.setattr("click.prompt", lambda x, default: 1) + + # bypass + settings.set("opendj.replicas", "") + + settings.set("global.cnPersistenceType", type_) + PromptReplicas(settings).prompt_replicas() + assert settings.get("opendj.replicas") == 1 + + +def test_prompt_replicas_oxshibboleth(monkeypatch, settings): + from pygluu.kubernetes.terminal.replicas import PromptReplicas + + monkeypatch.setattr("click.prompt", lambda x, default: 1) + + # bypass + settings.set("oxshibboleth.replicas", "") + + settings.set("global.oxshibboleth.enabled", "Y") + PromptReplicas(settings).prompt_replicas() + assert settings.get("oxshibboleth.replicas") == 1 + + +def test_prompt_replicas_oxpassport(monkeypatch, settings): + from pygluu.kubernetes.terminal.replicas import PromptReplicas + + monkeypatch.setattr("click.prompt", lambda x, default: 1) + + # bypass + settings.set("oxpassport.replicas", "") + + settings.set("config.configmap.cnPassportEnabled", "Y") + PromptReplicas(settings).prompt_replicas() + assert settings.get("oxpassport.replicas") == 1 + + +def test_prompt_replicas_client_api(monkeypatch, settings): + from pygluu.kubernetes.terminal.replicas import PromptReplicas + + monkeypatch.setattr("click.prompt", lambda x, default: 1) + + # bypass + settings.set("client-api.replicas", "") + + settings.set("global.client-api.enabled", "Y") + PromptReplicas(settings).prompt_replicas() + assert settings.get("client-api.replicas") == 1 + + +def test_prompt_replicas_casa(monkeypatch, settings): + from pygluu.kubernetes.terminal.replicas import PromptReplicas + + monkeypatch.setattr("click.prompt", lambda x, default: 1) + + # bypass + settings.set("casa.replicas", "") + + settings.set("config.configmap.cnCasaEnabled", "Y") + PromptReplicas(settings).prompt_replicas() + assert settings.get("casa.replicas") == 1 diff --git a/helm/tests/terminal/test_testenv.py b/helm/tests/terminal/test_testenv.py new file mode 100644 index 00000000000..8a327c7b9b2 --- /dev/null +++ b/helm/tests/terminal/test_testenv.py @@ -0,0 +1,14 @@ +import pytest + + +@pytest.mark.parametrize("given, expected", [ + (False, False), + (True, True), +]) +def test_testenv_prompt_test_environment(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.testenv import PromptTestEnvironment + + monkeypatch.setattr("click.confirm", lambda x: given) + settings.set("global.cloud.testEnviroment", "") + PromptTestEnvironment(settings).prompt_test_environment() + assert settings.get("global.cloud.testEnviroment") == expected diff --git a/helm/tests/terminal/test_upgrade.py b/helm/tests/terminal/test_upgrade.py new file mode 100644 index 00000000000..f9349e9df52 --- /dev/null +++ b/helm/tests/terminal/test_upgrade.py @@ -0,0 +1,20 @@ +import pytest + + +@pytest.mark.parametrize("given, expected", [ + ("", "5.0"), + ("5.0", "5.0"), +]) +def test_upgrade_version(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.upgrade import PromptUpgrade + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + monkeypatch.setattr( + "pygluu.kubernetes.terminal.images.PromptImages.prompt_image_name_tag", + lambda cls: None, + ) + + settings.set("installer-settings.upgrade.targetVersion", "") + PromptUpgrade(settings).prompt_upgrade() + assert settings.get("installer-settings.upgrade.targetVersion") == expected + assert settings.get("installer-settings.image.edit") == "" diff --git a/helm/tests/terminal/test_version.py b/helm/tests/terminal/test_version.py new file mode 100644 index 00000000000..529d96c93e2 --- /dev/null +++ b/helm/tests/terminal/test_version.py @@ -0,0 +1,51 @@ +import contextlib +import os + +import pytest + + +def test_version_no_prompt(settings): + from pygluu.kubernetes.terminal.version import PromptVersion + + prompt = PromptVersion(settings, version="5.0") + prompt.prompt_version() + assert settings.get("installer-settings.currentVersion") == "5.0" + + +@pytest.mark.parametrize("given, expected", [ + ("", "5.0.0_01"), # default if empty + ("5.0.0_dev", "5.0.0_dev"), # non-empty shouldn't be overriden +]) +def test_version_merge_names_tags(settings, given, expected): + import json + from pygluu.kubernetes.terminal.version import PromptVersion + + with open("./gluu_versions.json", "w") as f: + json.dump({"5.0": {"LDAP_IMAGE_TAG": "5.0.0_01"}}, f) + + settings.set("installer-settings.currentVersion", "5.0") + settings.set("LDAP_IMAGE_TAG", given) + + PromptVersion(settings) + assert settings.get("LDAP_IMAGE_TAG") == expected + + with contextlib.suppress(FileNotFoundError): + os.unlink("./gluu_versions.json") + + +@pytest.mark.parametrize("given, expected", [ + ("", "5.0"), + ("5.0", "5.0"), +]) +def test_version(monkeypatch, settings, given, expected): + from pygluu.kubernetes.terminal.version import PromptVersion + + monkeypatch.setattr("click.prompt", lambda x, default: given or expected) + + prompt = PromptVersion(settings) + + # unset CN_VERSION in order to prompt user-input + settings.set("installer-settings.currentVersion", "") + + prompt.prompt_version() + assert settings.get("installer-settings.currentVersion") == expected diff --git a/helm/tests/terminal/test_volumes.py b/helm/tests/terminal/test_volumes.py new file mode 100644 index 00000000000..a15e0af7c53 --- /dev/null +++ b/helm/tests/terminal/test_volumes.py @@ -0,0 +1,179 @@ +import pytest + + +@pytest.mark.parametrize("arch, vol_type", [ + ("kubernetes.io/aws-ebs", 7), + ("kubernetes.io/gce-pd", 12), + ("kubernetes.io/azure-disk", 17), + ("dobs.csi.digitalocean.com", 22), + ("openebs.io/local", 26), +]) +def test_prompt_app_volume_type(monkeypatch, settings, arch, vol_type): + from pygluu.kubernetes.terminal.volumes import PromptVolumes + + monkeypatch.setattr("click.prompt", lambda x, default: vol_type) + + settings.set("global.cnPersistenceType", arch) + settings.set("CN_APP_VOLUME_TYPE", vol_type) + prompt = PromptVolumes(settings) + prompt.prompt_app_volume_type() + assert settings.get("CN_APP_VOLUME_TYPE") == vol_type + + +@pytest.mark.parametrize("vol_choice, vol_path", [ + (7, "awsEbsDynamic"), +]) +def test_prompt_app_volume_choice_aws(monkeypatch, settings, vol_choice, vol_path): + from pygluu.kubernetes.terminal.volumes import PromptVolumes + + monkeypatch.setattr("click.prompt", lambda x, default: vol_choice) + + settings.set("global.storageClass.provisioner", "kubernetes.io/aws-ebs") + settings.set("installer-settings.volumeProvisionStrategy", "awsEbsDynamic") + prompt = PromptVolumes(settings) + prompt.prompt_app_volume_type() + assert settings.get("installer-settings.volumeProvisionStrategy") == vol_path + + +@pytest.mark.parametrize("vol_choice, vol_path", [ + (12, "gkePdDynamic"), +]) +def test_prompt_app_volume_choice_gce(monkeypatch, settings, vol_choice, vol_path): + from pygluu.kubernetes.terminal.volumes import PromptVolumes + + monkeypatch.setattr("click.prompt", lambda x, default: vol_choice) + + settings.set("global.storageClass.provisioner", "kubernetes.io/gce-pd") + settings.set("installer-settings.volumeProvisionStrategy", "gkePdDynamic") + prompt = PromptVolumes(settings) + prompt.prompt_app_volume_type() + assert settings.get("installer-settings.volumeProvisionStrategy") == vol_path + + +@pytest.mark.parametrize("vol_choice, vol_path", [ + (17, "aksPdDynamic"), +]) +def test_prompt_app_volume_choice_azure(monkeypatch, settings, vol_choice, vol_path): + from pygluu.kubernetes.terminal.volumes import PromptVolumes + + monkeypatch.setattr("click.prompt", lambda x, default: vol_choice) + + settings.set("global.storageClass.provisioner", "kubernetes.io/azure-disk") + settings.set("installer-settings.volumeProvisionStrategy", "aksPdDynamic") + prompt = PromptVolumes(settings) + prompt.prompt_app_volume_type() + assert settings.get("installer-settings.volumeProvisionStrategy") == vol_path + + +@pytest.mark.parametrize("vol_choice, vol_path", [ + (22, "doksPdDynamic"), +]) +def test_prompt_app_volume_choice_do(monkeypatch, settings, vol_choice, vol_path): + from pygluu.kubernetes.terminal.volumes import PromptVolumes + + monkeypatch.setattr("click.prompt", lambda x, default: vol_choice) + + settings.set("global.storageClass.provisioner", "dobs.csi.digitalocean.com") + settings.set("installer-settings.volumeProvisionStrategy", "doksPdDynamic") + prompt = PromptVolumes(settings) + prompt.prompt_app_volume_type() + assert settings.get("installer-settings.volumeProvisionStrategy") == vol_path + + +@pytest.mark.parametrize("vol_choice, vol_path", [ + (26, "localOpenEbsHostPathDynamic"), +]) +def test_prompt_app_volume_choice_local(monkeypatch, settings, vol_choice, vol_path): + from pygluu.kubernetes.terminal.volumes import PromptVolumes + + monkeypatch.setattr("click.prompt", lambda x, default: vol_choice) + + settings.set("global.storageClass.provisioner", "openebs.io/local") + settings.set("installer-settings.volumeProvisionStrategy", "localOpenEbsHostPathDynamic") + prompt = PromptVolumes(settings) + prompt.prompt_app_volume_type() + assert settings.get("installer-settings.volumeProvisionStrategy") == "localOpenEbsHostPathDynamic" + + +@pytest.mark.parametrize("persistence", ["ldap", "hybrid"]) +def test_prompt_storage(monkeypatch, settings, persistence): + from pygluu.kubernetes.terminal.volumes import PromptVolumes + + monkeypatch.setattr("click.prompt", lambda x, default: "4Gi") + + settings.set("global.cnPersistenceType", persistence) + settings.set("opendj.persistence.size", "") + PromptVolumes(settings).prompt_storage() + assert settings.get("opendj.persistence.size") == "4Gi" + + +@pytest.mark.parametrize("persistence", ["ldap", "hybrid"]) +def test_prompt_storage_2(monkeypatch, settings, persistence): + from pygluu.kubernetes.terminal.volumes import PromptVolumes + + monkeypatch.setattr("click.prompt", lambda x, default: "4Gi") + + settings.set("global.cnPersistenceType", persistence) + settings.set("opendj.persistence.size", "5Gi") + PromptVolumes(settings).prompt_storage() + assert settings.get("opendj.persistence.size") == "5Gi" + + +def test_prompt_volumes_microk8s(settings): + from pygluu.kubernetes.terminal.volumes import PromptVolumes + + settings.set("installer-settings.volumeProvisionStrategy", "microk8sDynamic") + PromptVolumes(settings).prompt_volumes() + assert settings.get("global.storageClass.provisioner") == "microk8s.io/hostpath" + + +def test_prompt_volumes_minikube(settings): + from pygluu.kubernetes.terminal.volumes import PromptVolumes + + settings.set("installer-settings.volumeProvisionStrategy", "minikubeDynamic") + PromptVolumes(settings).prompt_volumes() + assert settings.get("global.storageClass.provisioner") == "k8s.io/minikube-hostpath" + + +def test_prompt_volumes_global_azure_type(monkeypatch, settings): + from pygluu.kubernetes.terminal.volumes import PromptVolumes + + monkeypatch.setattr("click.prompt", lambda x, default: "StandardSSD_LRS") + + settings.set("installer-settings.volumeProvisionStrategy", "aksPdDynamic") + settings.set("global.azureStorageAccountType", "") + PromptVolumes(settings).prompt_volumes() + assert settings.get("global.azureStorageAccountType") == "StandardSSD_LRS" + + +def test_prompt_volumes_global_aws_type(monkeypatch, settings): + from pygluu.kubernetes.terminal.volumes import PromptVolumes + + monkeypatch.setattr("click.prompt", lambda x, default: "io1") + + settings.set("installer-settings.volumeProvisionStrategy", "awsEbsDynamic") + settings.set("global.awsStorageType", "") + PromptVolumes(settings).prompt_volumes() + assert settings.get("global.awsStorageType") == "io1" + + +def test_prompt_volumes_global_gke_type(monkeypatch, settings): + from pygluu.kubernetes.terminal.volumes import PromptVolumes + + monkeypatch.setattr("click.prompt", lambda x, default: "pd-ssd") + + settings.set("installer-settings.volumeProvisionStrategy", "gkePdDynamic") + settings.set("global.gcePdStorageType", "") + PromptVolumes(settings).prompt_volumes() + assert settings.get("global.gcePdStorageType") == "pd-ssd" + + +def test_prompt_volumes_global_local_type(monkeypatch, settings): + from pygluu.kubernetes.terminal.volumes import PromptVolumes + + monkeypatch.setattr("click.prompt", lambda x, default: "openebs.io/local") + + settings.set("installer-settings.volumeProvisionStrategy", "localOpenEbsHostPathDynamic") + settings.set("global.storageClass.provisioner", "") + PromptVolumes(settings).prompt_volumes() + assert settings.get("global.storageClass.provisioner") == "openebs.io/local" diff --git a/helm/tests/test_create.py b/helm/tests/test_create.py new file mode 100644 index 00000000000..9557094815c --- /dev/null +++ b/helm/tests/test_create.py @@ -0,0 +1,27 @@ +from pygluu.kubernetes.create import create_parser, main +import pygluu.kubernetes.create as module0 +import argparse +import sys +import pytest + + +def test_empty_arg(): + parser = create_parser() + args = parser.parse_args(['version']) + + assert args is not None + + +def test_main_exception(): + try: + var0 = module0.main() + except BaseException: + pass + + +def test_create_exception(): + try: + var0 = module0.create_parser() + except BaseException: + pass + diff --git a/helm/tests/test_gluu.py b/helm/tests/test_gluu.py new file mode 100644 index 00000000000..e69de29bb2d diff --git a/helm/tests/test_gluucouchbase.py b/helm/tests/test_gluucouchbase.py new file mode 100644 index 00000000000..d1b0ffa505b --- /dev/null +++ b/helm/tests/test_gluucouchbase.py @@ -0,0 +1,30 @@ +import pytest +from pygluu.kubernetes.couchbase import set_memory_for_buckets, create_server_spec_per_cb_service, extract_couchbase_tar +from pathlib import Path +import logging + + +def test_create_server_spec_per_cb_service(caplog, tmpdir): + + p = create_server_spec_per_cb_service(zones="zone-1", number_of_cb_service_nodes=2, cb_service_name="couch", mem_req="100Mi", mem_limit="100Mi", + cpu_req="100Mi", cpu_limit="100Mi") + + assert p is p + + +def test_create_server_spec_per_cb_service2(caplog, tmpdir): + + p = create_server_spec_per_cb_service(zones="zone-1", number_of_cb_service_nodes=2, cb_service_name="couch", mem_req="100Mi", mem_limit="100Mi", + cpu_req="100Mi", cpu_limit="100Mi") + + assert p is p + + +def extract_couchbase_tar(caplog, tmpdir): + tar_file = Path(tmpdir) / './couchbase-source-folder' + + extract_couchbase_tar(tar_file) + + + with caplog.at_level(logging.INFO): + assert "Extracting" in caplog.text \ No newline at end of file diff --git a/helm/tests/test_gluuhelpers.py b/helm/tests/test_gluuhelpers.py new file mode 100644 index 00000000000..e69de29bb2d diff --git a/helm/tests/test_gluukubeapi.py b/helm/tests/test_gluukubeapi.py new file mode 100644 index 00000000000..e69de29bb2d diff --git a/helm/tests/test_gluupostgres.py b/helm/tests/test_gluupostgres.py new file mode 100644 index 00000000000..9ba95d022de --- /dev/null +++ b/helm/tests/test_gluupostgres.py @@ -0,0 +1,9 @@ +import pygluu.kubernetes.postgres as module0 +from pygluu.kubernetes.postgres import Postgres + + +def test_base_exception(): + try: + var0 = module0.Postgres() + except BaseException: + pass diff --git a/helm/tests/test_gluupycert.py b/helm/tests/test_gluupycert.py new file mode 100644 index 00000000000..bbe89191e34 --- /dev/null +++ b/helm/tests/test_gluupycert.py @@ -0,0 +1,36 @@ +import pytest +from pygluu.kubernetes.pycert import setup_crts +from pathlib import Path +import logging + + +def test_setup_certs(tmpdir): + ca_cert_file = Path(tmpdir) / './ca.crt' + ca_key_file = Path(tmpdir) / './ca.key' + cert_file = Path(tmpdir) / './chain.pem' + key_file = Path(tmpdir) / './pkey.key' + + setup_crts(ca_common_name="test", cert_common_name="test", san_list="test", + ca_cert_file=ca_cert_file, + ca_key_file=ca_key_file, + cert_file=cert_file, + key_file=key_file) + + assert True + + +def test_setup_log(caplog, tmpdir): + ca_cert_file = Path(tmpdir) / './ca.crt' + ca_key_file = Path(tmpdir) / './ca.key' + cert_file = Path(tmpdir) / './chain.pem' + key_file = Path(tmpdir) / './pkey.key' + + setup_crts(ca_common_name="test", cert_common_name="test", san_list="test", + ca_cert_file=ca_cert_file, + ca_key_file=ca_key_file, + cert_file=cert_file, + key_file=key_file) + + + with caplog.at_level(logging.INFO): + assert "" in caplog.text \ No newline at end of file diff --git a/helm/tests/test_gluuredis.py b/helm/tests/test_gluuredis.py new file mode 100644 index 00000000000..ee7cc3f7d9d --- /dev/null +++ b/helm/tests/test_gluuredis.py @@ -0,0 +1,9 @@ +import pygluu.kubernetes.redis as module0 +from pygluu.kubernetes.redis import Redis + + +def test_base_exception(): + try: + var0 = module0.Redis() + except BaseException: + pass diff --git a/helm/tests/test_settings.py b/helm/tests/test_settings.py new file mode 100644 index 00000000000..6e89af007fc --- /dev/null +++ b/helm/tests/test_settings.py @@ -0,0 +1,32 @@ +import logging +from pathlib import Path + + +def test_get_exception(caplog, settings): + with caplog.at_level(logging.INFO): + assert settings.get("RANDOM_KEY") is False + assert "No Value" in caplog.text + + +def test_update_exception(caplog, settings): + # set collection to something that is not a collection + collection = 1 + + with caplog.at_level(logging.INFO): + assert settings.update(collection) is False + assert "Uncaught error" in caplog.text + + +def test_reset_data_exception(caplog, monkeypatch, settings): + def fake_store_data(): + 1 / 0 + + monkeypatch.setattr( + "pygluu.kubernetes.settings.ValuesHandler.store_data", + fake_store_data, + ) + + with caplog.at_level(logging.INFO): + assert settings.reset_data() is False + assert "Uncaught error" in caplog.text + diff --git a/helm/tests/test_yamlparser.py b/helm/tests/test_yamlparser.py new file mode 100644 index 00000000000..e69de29bb2d diff --git a/helm/tox.ini b/helm/tox.ini new file mode 100644 index 00000000000..25ce023cc58 --- /dev/null +++ b/helm/tox.ini @@ -0,0 +1,17 @@ +[tox] +envlist = py3 +skip_missing_interpreters=true + +[testenv] +deps = + pytest + pytest-cov + pytest-gevent +commands = + pytest-gevent -v --cov-config=.coveragerc --cov=pygluu.kubernetes --cov-report=term-missing:skip-covered --cov-report=xml tests/ + pip install -e . + +[flake8] +# E402: module level import not at top of file +# E501: line too long +ignore = E402,E501