feat(image): push otp and super_gluu configuration to secrets (#784)

docker-jans-auth-server/Dockerfile

@@ -193,13 +193,12 @@ LABEL name="Janssen Authorization Server" \
     maintainer="Janssen Project <support@jans.io>" \
     vendor="Janssen Project" \
     version="1.0.0" \
-    release="b12" \
+    release="beta.15" \
     summary="Janssen Authorization Server" \
     description="OAuth 2.0 server and client; OpenID Connect Provider (OP) & UMA Authorization Server (AS)"
 
-RUN mkdir -p /etc/certs /deploy \
-    /opt/jans/python/libs \
-    ${JETTY_BASE}/jans-auth/custom/pages ${JETTY_BASE}/jans-auth/custom/static \
+RUN mkdir -p ${JETTY_BASE}/jans-auth/custom/pages \
+    ${JETTY_BASE}/jans-auth/custom/static \
     ${JETTY_BASE}/jans-auth/custom/libs \
     ${JETTY_BASE}/jans-auth/custom/i18n \
     /etc/jans/conf \
@@ -221,12 +220,10 @@ RUN adduser -s /bin/sh -D -G root -u 1000 jetty
  # adjust ownership
 RUN chown -R 1000:1000 /opt/jans/jetty \
     && chown -R 1000:1000 /opt/jetty \
-    && chown -R 1000:1000 /deploy \
     && chown -R 1000:1000 /tmp \
     && chgrp -R 0 /opt/jans/jetty && chmod -R g=u /opt/jans/jetty \
     && chgrp -R 0 /opt/jetty && chmod -R g=u /opt/jetty \
     && chgrp -R 0 /tmp && chmod -R g=u /tmp \
-    && chgrp -R 0 /deploy && chmod -R g=u /deploy \
     && chgrp -R 0 /etc/certs && chmod -R g=u /etc/certs \
     && chgrp -R 0 /etc/jans && chmod -R g=u /etc/jans \
     && chmod -R +w /usr/java/latest/jre/lib/security/cacerts && chgrp -R 0 /usr/java/latest/jre/lib/security/cacerts && chmod -R g=u /usr/java/latest/jre/lib/security/cacerts \

docker-jans-auth-server/scripts/auth_conf.py

@@ -0,0 +1,28 @@
+import os
+
+from jans.pycloudlib import get_manager
+
+import logging.config
+from settings import LOGGING_CONFIG
+
+logging.config.dictConfig(LOGGING_CONFIG)
+logger = logging.getLogger("entrypoint")
+
+
+manager = get_manager()
+
+
+def push_auth_conf():
+    conf_files = (
+        "otp_configuration.json",
+        "super_gluu_creds.json",
+    )
+    for conf_file in conf_files:
+        file_ = f"/etc/certs/{conf_file}"
+        secret_name = os.path.splitext(conf_file)[0]
+        logger.info(f"Pushing {file_} to secrets")
+        manager.secret.from_file(secret_name, file_)
+
+
+if __name__ == "__main__":
+    push_auth_conf()

docker-jans-auth-server/scripts/bootstrap.py

@@ -18,7 +18,6 @@
 from jans.pycloudlib.persistence import render_spanner_properties
 from jans.pycloudlib.utils import cert_to_truststore
 from jans.pycloudlib.utils import get_server_certificate
-# from jans.pycloudlib.utils import as_boolean
 from jans.pycloudlib.utils import generate_keystore
 
 from keystore_mod import modify_keystore_path
@@ -214,8 +213,6 @@ def main():
         keystore_path = "/etc/certs/ob-ext-signing.jks"
         jwks_uri = ext_jwks_uri
     else:
-        # sync_enabled = as_boolean(os.environ.get("CN_SYNC_JKS_ENABLED", False))
-        # if not sync_enabled:
         manager.secret.to_file(
             "auth_jks_base64",
             "/etc/certs/auth-keys.jks",

docker-jans-auth-server/scripts/entrypoint.sh

@@ -38,14 +38,10 @@ move_builtin_jars() {
 
 move_builtin_jars
 python3 /app/scripts/wait.py
-
-if [ ! -f /deploy/touched ]; then
-    python3 /app/scripts/bootstrap.py
-    touch /deploy/touched
-fi
-
+python3 /app/scripts/bootstrap.py
 python3 /app/scripts/jks_sync.py &
 python3 /app/scripts/mod_context.py
+python3 /app/scripts/auth_conf.py
 
 # run auth-server
 cd /opt/jans/jetty/jans-auth