diff --git a/.github/workflows/docker_build_image.yml b/.github/workflows/docker_build_image.yml index f2ec5852c0a..c5be5d53b49 100644 --- a/.github/workflows/docker_build_image.yml +++ b/.github/workflows/docker_build_image.yml @@ -134,17 +134,18 @@ jobs: echo "tags=${TAGS}" >> $GITHUB_OUTPUT echo "build=${BUILD}" >> $GITHUB_OUTPUT echo "dockerfilelocation=${DOCKER_FILE_LOCATION}" >> $GITHUB_OUTPUT - - # wait for all images in DEFAULT_ALL to be built before building the all-in-one image as it depends on all other images - if [[ "docker-jans-all-in-one" =~ "${{ matrix.docker-images }}" ]]; then - TEMP_IMG="auth-server certmanager config-api configurator fido2 persistence-loader scim monolith loadtesting-jmeter link casa saml keycloak-link" - for i in $TEMP_IMG; do - TEMP_TOKEN=$(curl https://ghcr.io/token\?scope\="repository:janssenproject/jans/$i:pull" | jq -r '.token') - while [[ $(curl -s -H "Authorization: Bearer ${TEMP_TOKEN}" https://ghcr.io/v2/janssenproject/jans/$i/tags/list | jq -r '.tags' | grep "$VERSION" | tr -d '[:space:]"') != "$VERSION" ]]; do - echo "Waiting for $i to be built" - sleep 30 + if [[ ! $VERSION =~ "_dev" ]]; then + # wait for all images in DEFAULT_ALL to be built before building the all-in-one image as it depends on all other images + if [[ "docker-jans-all-in-one" =~ "${{ matrix.docker-images }}" ]]; then + TEMP_IMG="auth-server certmanager config-api configurator fido2 persistence-loader scim monolith loadtesting-jmeter link casa saml keycloak-link" + for i in $TEMP_IMG; do + TEMP_TOKEN=$(curl https://ghcr.io/token\?scope\="repository:janssenproject/jans/$i:pull" | jq -r '.token') + while [[ $(curl -s -H "Authorization: Bearer ${TEMP_TOKEN}" https://ghcr.io/v2/janssenproject/jans/$i/tags/list | jq -r '.tags' | grep "$VERSION" | tr -d '[:space:]"') != "$VERSION" ]]; do + echo "Waiting for $i to be built" + sleep 30 + done done - done + fi fi # UPDATE BUILD DATES INSIDE THE DOCKERFILE BEFORE BUILDING THE DEV IMAGES TRIGGERED BY JENKINS diff --git a/charts/janssen-all-in-one/templates/deployment.yml b/charts/janssen-all-in-one/templates/deployment.yml index fb1933655b6..8499b34ce9f 100644 --- a/charts/janssen-all-in-one/templates/deployment.yml +++ b/charts/janssen-all-in-one/templates/deployment.yml @@ -58,9 +58,6 @@ spec: {{- with .Values.customScripts }} {{- toYaml . | replace "- " "" | nindent 14}} {{- end }} - {{- if not .Values.isFqdnRegistered }} - /usr/bin/python3 /scripts/updatelbip.py & - {{- end}} /app/bin/entrypoint.sh {{- end}} ports: diff --git a/charts/janssen-all-in-one/templates/nginx-ingress.yaml b/charts/janssen-all-in-one/templates/nginx-ingress.yaml index b84bdd7dfba..4052b71572e 100644 --- a/charts/janssen-all-in-one/templates/nginx-ingress.yaml +++ b/charts/janssen-all-in-one/templates/nginx-ingress.yaml @@ -612,7 +612,6 @@ spec: port: number: 8080 {{- end }} -{{- end }} --- diff --git a/charts/janssen-all-in-one/templates/secret.yaml b/charts/janssen-all-in-one/templates/secret.yaml index c08145be57c..cf83c919720 100644 --- a/charts/janssen-all-in-one/templates/secret.yaml +++ b/charts/janssen-all-in-one/templates/secret.yaml @@ -155,7 +155,7 @@ kind: Secret metadata: name: {{ .Release.Name }}-kc-db-pass labels: -{{ include "config.labels" . | indent 4 }} +{{ include "janssen-all-in-one.labels" . | indent 4 }} {{- if .Values.additionalLabels }} {{ toYaml .Values.additionalLabels | indent 4 }} {{- end }} diff --git a/docker-jans-all-in-one/Dockerfile b/docker-jans-all-in-one/Dockerfile index 24aedf37489..d040a0818a4 100644 --- a/docker-jans-all-in-one/Dockerfile +++ b/docker-jans-all-in-one/Dockerfile @@ -2,21 +2,21 @@ # Assets sources # ============== -# original Janssen version -ARG CN_VERSION=1.0.22 +# original Janssen base version (without suffix) +ARG BASE_VERSION=1.0.22 # the following ARGs set default base images # they can be overriden in build process via --build-arg option -ARG JANS_CONFIGURATOR_IMAGE=ghcr.io/janssenproject/jans/configurator:${CN_VERSION}_dev -ARG JANS_PERSISTENCE_LOADER_IMAGE=ghcr.io/janssenproject/jans/persistence-loader:${CN_VERSION}_dev -ARG JANS_AUTH_IMAGE=ghcr.io/janssenproject/jans/auth-server:${CN_VERSION}_dev -ARG JANS_CONFIG_API_IMAGE=ghcr.io/janssenproject/jans/config-api:${CN_VERSION}_dev -ARG JANS_FIDO2_IMAGE=ghcr.io/janssenproject/jans/fido2:${CN_VERSION}_dev -ARG JANS_SCIM_IMAGE=ghcr.io/janssenproject/jans/scim:${CN_VERSION}_dev -ARG JANS_CASA_IMAGE=ghcr.io/janssenproject/jans/casa:${CN_VERSION}_dev -ARG JANS_LINK_IMAGE=ghcr.io/janssenproject/jans/link:${CN_VERSION}_dev -ARG JANS_KEYCLOAK_LINK_IMAGE=ghcr.io/janssenproject/jans/keycloak-link:${CN_VERSION}_dev -ARG JANS_SAML_IMAGE=ghcr.io/janssenproject/jans/saml:${CN_VERSION}_dev +ARG JANS_CONFIGURATOR_IMAGE=ghcr.io/janssenproject/jans/configurator:${BASE_VERSION}_dev +ARG JANS_PERSISTENCE_LOADER_IMAGE=ghcr.io/janssenproject/jans/persistence-loader:${BASE_VERSION}_dev +ARG JANS_AUTH_IMAGE=ghcr.io/janssenproject/jans/auth-server:${BASE_VERSION}_dev +ARG JANS_CONFIG_API_IMAGE=ghcr.io/janssenproject/jans/config-api:${BASE_VERSION}_dev +ARG JANS_FIDO2_IMAGE=ghcr.io/janssenproject/jans/fido2:${BASE_VERSION}_dev +ARG JANS_SCIM_IMAGE=ghcr.io/janssenproject/jans/scim:${BASE_VERSION}_dev +ARG JANS_CASA_IMAGE=ghcr.io/janssenproject/jans/casa:${BASE_VERSION}_dev +ARG JANS_LINK_IMAGE=ghcr.io/janssenproject/jans/link:${BASE_VERSION}_dev +ARG JANS_KEYCLOAK_LINK_IMAGE=ghcr.io/janssenproject/jans/keycloak-link:${BASE_VERSION}_dev +ARG JANS_SAML_IMAGE=ghcr.io/janssenproject/jans/saml:${BASE_VERSION}_dev # ----------- # base images @@ -109,6 +109,7 @@ COPY --from=jans-config-api-src /app/templates/jans-config-api /app/templates/ja COPY --from=jans-config-api-src /usr/bin/facter /usr/local/bin/facter COPY --from=jans-config-api-src /app/scripts /app/jans_aio/jans_config_api COPY --from=jans-config-api-src /var/log/adminui /var/log/adminui +COPY --from=jans-config-api-src /opt/jans/bin /opt/jans/bin RUN ln -sf /app/jans_aio/jans_config_api/entrypoint.sh /app/bin/jans-config-api-entrypoint.sh COPY --from=jans-fido2-src /opt/jans/jetty/jans-fido2 /opt/jans/jetty/jans-fido2 @@ -159,6 +160,9 @@ RUN mkdir -p /opt/jans/configurator/db \ COPY app /app +# CN version as env var (with suffix if any, i.e. SNAPSHOT) +ENV CN_VERSION=1.0.22-SNAPSHOT + # set directory contains installer code that will be added to Python sys.path ENV PYTHONPATH=/app diff --git a/docker-jans-all-in-one/app/templates/nginx/jans-auth-location.conf b/docker-jans-all-in-one/app/templates/nginx/jans-auth-location.conf index da5504f163c..10b12184cce 100644 --- a/docker-jans-all-in-one/app/templates/nginx/jans-auth-location.conf +++ b/docker-jans-all-in-one/app/templates/nginx/jans-auth-location.conf @@ -13,7 +13,11 @@ location /.well-known/openid-configuration { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; - proxy_connect_timeout 5s; + proxy_connect_timeout 300s; + proxy_send_timeout 300; + proxy_read_timeout 300; + send_timeout 300; + proxy_redirect off; port_in_redirect off; proxy_http_version 1.1; @@ -34,7 +38,11 @@ location /.well-known/webfinger { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; - proxy_connect_timeout 5s; + proxy_connect_timeout 300s; + proxy_send_timeout 300; + proxy_read_timeout 300; + send_timeout 300; + proxy_redirect off; port_in_redirect off; proxy_http_version 1.1; @@ -55,7 +63,11 @@ location /.well-known/uma2-configuration { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; - proxy_connect_timeout 5s; + proxy_connect_timeout 300s; + proxy_send_timeout 300; + proxy_read_timeout 300; + send_timeout 300; + proxy_redirect off; port_in_redirect off; proxy_http_version 1.1; @@ -76,7 +88,11 @@ location /firebase-messaging-sw.js { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; - proxy_connect_timeout 5s; + proxy_connect_timeout 300s; + proxy_send_timeout 300; + proxy_read_timeout 300; + send_timeout 300; + proxy_redirect off; port_in_redirect off; proxy_http_version 1.1; @@ -97,7 +113,11 @@ location /device-code { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; - proxy_connect_timeout 5s; + proxy_connect_timeout 300s; + proxy_send_timeout 300; + proxy_read_timeout 300; + send_timeout 300; + proxy_redirect off; port_in_redirect off; proxy_http_version 1.1; @@ -118,7 +138,11 @@ location /jans-auth { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; - proxy_connect_timeout 5s; + proxy_connect_timeout 300s; + proxy_send_timeout 300; + proxy_read_timeout 300; + send_timeout 300; + proxy_redirect off; port_in_redirect off; proxy_http_version 1.1; diff --git a/docker-jans-all-in-one/app/templates/nginx/jans-auth-upstream.conf b/docker-jans-all-in-one/app/templates/nginx/jans-auth-upstream.conf index 229dcda9e54..9c9a80ce14a 100644 --- a/docker-jans-all-in-one/app/templates/nginx/jans-auth-upstream.conf +++ b/docker-jans-all-in-one/app/templates/nginx/jans-auth-upstream.conf @@ -1,4 +1,3 @@ upstream jans_auth_backend { server 127.0.0.1:8081; - keepalive 2; } diff --git a/docker-jans-all-in-one/app/templates/nginx/jans-casa-location.conf b/docker-jans-all-in-one/app/templates/nginx/jans-casa-location.conf index 06204a7528d..bc19f80066c 100644 --- a/docker-jans-all-in-one/app/templates/nginx/jans-casa-location.conf +++ b/docker-jans-all-in-one/app/templates/nginx/jans-casa-location.conf @@ -13,7 +13,11 @@ location /jans-casa { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; - proxy_connect_timeout 5s; + proxy_connect_timeout 300s; + proxy_send_timeout 300; + proxy_read_timeout 300; + send_timeout 300; + proxy_redirect off; port_in_redirect off; proxy_http_version 1.1; diff --git a/docker-jans-all-in-one/app/templates/nginx/jans-casa-upstream.conf b/docker-jans-all-in-one/app/templates/nginx/jans-casa-upstream.conf index 6e147d80439..b038d8777c5 100644 --- a/docker-jans-all-in-one/app/templates/nginx/jans-casa-upstream.conf +++ b/docker-jans-all-in-one/app/templates/nginx/jans-casa-upstream.conf @@ -1,4 +1,3 @@ upstream jans_casa_backend { server 127.0.0.1:8082; - keepalive 2; } diff --git a/docker-jans-all-in-one/app/templates/nginx/jans-config-api-location.conf b/docker-jans-all-in-one/app/templates/nginx/jans-config-api-location.conf index f2191bb8e64..903a2b9afb5 100644 --- a/docker-jans-all-in-one/app/templates/nginx/jans-config-api-location.conf +++ b/docker-jans-all-in-one/app/templates/nginx/jans-config-api-location.conf @@ -13,7 +13,11 @@ location /jans-config-api { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; - proxy_connect_timeout 5s; + proxy_connect_timeout 300s; + proxy_send_timeout 300; + proxy_read_timeout 300; + send_timeout 300; + proxy_redirect off; port_in_redirect off; proxy_http_version 1.1; diff --git a/docker-jans-all-in-one/app/templates/nginx/jans-config-api-upstream.conf b/docker-jans-all-in-one/app/templates/nginx/jans-config-api-upstream.conf index d43d30d32f5..b96e483580a 100644 --- a/docker-jans-all-in-one/app/templates/nginx/jans-config-api-upstream.conf +++ b/docker-jans-all-in-one/app/templates/nginx/jans-config-api-upstream.conf @@ -1,4 +1,3 @@ upstream jans_config_api_backend { server 127.0.0.1:8074; - keepalive 2; } diff --git a/docker-jans-all-in-one/app/templates/nginx/jans-fido2-location.conf b/docker-jans-all-in-one/app/templates/nginx/jans-fido2-location.conf index 80def809e5b..2abf9b8295f 100644 --- a/docker-jans-all-in-one/app/templates/nginx/jans-fido2-location.conf +++ b/docker-jans-all-in-one/app/templates/nginx/jans-fido2-location.conf @@ -13,7 +13,11 @@ location /.well-known/fido2-configuration { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; - proxy_connect_timeout 5s; + proxy_connect_timeout 300s; + proxy_send_timeout 300; + proxy_read_timeout 300; + send_timeout 300; + proxy_redirect off; port_in_redirect off; proxy_http_version 1.1; @@ -34,7 +38,11 @@ location /jans-fido2 { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; - proxy_connect_timeout 5s; + proxy_connect_timeout 300s; + proxy_send_timeout 300; + proxy_read_timeout 300; + send_timeout 300; + proxy_redirect off; port_in_redirect off; proxy_http_version 1.1; diff --git a/docker-jans-all-in-one/app/templates/nginx/jans-fido2-upstream.conf b/docker-jans-all-in-one/app/templates/nginx/jans-fido2-upstream.conf index a6085418159..cff7a893374 100644 --- a/docker-jans-all-in-one/app/templates/nginx/jans-fido2-upstream.conf +++ b/docker-jans-all-in-one/app/templates/nginx/jans-fido2-upstream.conf @@ -1,4 +1,3 @@ upstream jans_fido2_backend { server 127.0.0.1:8073; - keepalive 2; } diff --git a/docker-jans-all-in-one/app/templates/nginx/jans-keycloak-link-upstream.conf b/docker-jans-all-in-one/app/templates/nginx/jans-keycloak-link-upstream.conf index d029e0b3823..647e5dbcff6 100644 --- a/docker-jans-all-in-one/app/templates/nginx/jans-keycloak-link-upstream.conf +++ b/docker-jans-all-in-one/app/templates/nginx/jans-keycloak-link-upstream.conf @@ -1,4 +1,3 @@ upstream jans_keycloak_link_backend { server 127.0.0.1:9092; - keepalive 2; } diff --git a/docker-jans-all-in-one/app/templates/nginx/jans-link-location.conf b/docker-jans-all-in-one/app/templates/nginx/jans-link-location.conf index af2170684c0..a86e55bc31a 100644 --- a/docker-jans-all-in-one/app/templates/nginx/jans-link-location.conf +++ b/docker-jans-all-in-one/app/templates/nginx/jans-link-location.conf @@ -13,7 +13,10 @@ location /jans-link { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; - proxy_connect_timeout 5s; + proxy_connect_timeout 300s; + proxy_send_timeout 300; + proxy_read_timeout 300; + send_timeout 300; proxy_redirect off; port_in_redirect off; proxy_http_version 1.1; diff --git a/docker-jans-all-in-one/app/templates/nginx/jans-link-upstream.conf b/docker-jans-all-in-one/app/templates/nginx/jans-link-upstream.conf index 749fe5e7a21..e3c342b8453 100644 --- a/docker-jans-all-in-one/app/templates/nginx/jans-link-upstream.conf +++ b/docker-jans-all-in-one/app/templates/nginx/jans-link-upstream.conf @@ -1,4 +1,3 @@ upstream jans_link_backend { server 127.0.0.1:9091; - keepalive 2; } diff --git a/docker-jans-all-in-one/app/templates/nginx/jans-saml-location.conf b/docker-jans-all-in-one/app/templates/nginx/jans-saml-location.conf index 37d9b32a3f9..dbc03b2e7cb 100644 --- a/docker-jans-all-in-one/app/templates/nginx/jans-saml-location.conf +++ b/docker-jans-all-in-one/app/templates/nginx/jans-saml-location.conf @@ -13,7 +13,10 @@ location /kc { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; - proxy_connect_timeout 5s; + proxy_connect_timeout 300s; + proxy_send_timeout 300; + proxy_read_timeout 300; + send_timeout 300; proxy_redirect off; port_in_redirect off; proxy_http_version 1.1; diff --git a/docker-jans-all-in-one/app/templates/nginx/jans-saml-upstream.conf b/docker-jans-all-in-one/app/templates/nginx/jans-saml-upstream.conf index eb1f7af38ce..381ca23e60f 100644 --- a/docker-jans-all-in-one/app/templates/nginx/jans-saml-upstream.conf +++ b/docker-jans-all-in-one/app/templates/nginx/jans-saml-upstream.conf @@ -1,4 +1,3 @@ upstream jans_saml_backend { server 127.0.0.1:8083; - keepalive 2; } diff --git a/docker-jans-all-in-one/app/templates/nginx/jans-scim-location.conf b/docker-jans-all-in-one/app/templates/nginx/jans-scim-location.conf index 2692c8a0da0..4337384b64e 100644 --- a/docker-jans-all-in-one/app/templates/nginx/jans-scim-location.conf +++ b/docker-jans-all-in-one/app/templates/nginx/jans-scim-location.conf @@ -13,7 +13,11 @@ location /.well-known/scim-configuration { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; - proxy_connect_timeout 5s; + proxy_connect_timeout 300s; + proxy_send_timeout 300; + proxy_read_timeout 300; + send_timeout 300; + proxy_redirect off; port_in_redirect off; proxy_http_version 1.1; @@ -34,7 +38,11 @@ location /jans-scim { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; - proxy_connect_timeout 5s; + proxy_connect_timeout 300s; + proxy_send_timeout 300; + proxy_read_timeout 300; + send_timeout 300; + proxy_redirect off; port_in_redirect off; proxy_http_version 1.1; diff --git a/docker-jans-all-in-one/app/templates/nginx/jans-scim-upstream.conf b/docker-jans-all-in-one/app/templates/nginx/jans-scim-upstream.conf index d005a4751e1..e47e5072e73 100644 --- a/docker-jans-all-in-one/app/templates/nginx/jans-scim-upstream.conf +++ b/docker-jans-all-in-one/app/templates/nginx/jans-scim-upstream.conf @@ -1,4 +1,3 @@ upstream jans_scim_backend { server 127.0.0.1:8087; - keepalive 2; } diff --git a/docker-jans-all-in-one/app/templates/nginx/nginx-default.conf b/docker-jans-all-in-one/app/templates/nginx/nginx-default.conf index 24a4bdb7afd..c2587f175fb 100644 --- a/docker-jans-all-in-one/app/templates/nginx/nginx-default.conf +++ b/docker-jans-all-in-one/app/templates/nginx/nginx-default.conf @@ -5,9 +5,13 @@ geo $literal_dollar { %(upstream_includes)s +client_header_timeout 300; +client_body_timeout 300; + server { listen 8080 default_server; server_name _; + gzip on; root /var/lib/nginx/html; index index.html; diff --git a/docker-jans-auth-server/Dockerfile b/docker-jans-auth-server/Dockerfile index 9b6cb69fc1f..e0b9634fedd 100644 --- a/docker-jans-auth-server/Dockerfile +++ b/docker-jans-auth-server/Dockerfile @@ -101,7 +101,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-auth/agama/fl \ /app/static/rdbm \ /app/schema -ENV JANS_SOURCE_VERSION=0479535f2f33890ffcb0bd6589eb8ebbd950ce96 +ENV JANS_SOURCE_VERSION=647aa0b0a118ab629e185b7f67ab3ded87ea1b9c ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) diff --git a/docker-jans-auth-server/scripts/upgrade.py b/docker-jans-auth-server/scripts/upgrade.py index 2713144146b..ac2ce68883e 100644 --- a/docker-jans-auth-server/scripts/upgrade.py +++ b/docker-jans-auth-server/scripts/upgrade.py @@ -25,12 +25,31 @@ def _transform_lock_dynamic_config(conf): should_update = False + opa_url = os.environ.get("CN_OPA_URL", "http://localhost:8181/v1") if opa_url != conf["opaConfiguration"]["baseUrl"]: conf["opaConfiguration"]["baseUrl"] = opa_url should_update = True + # add missing top-level keys + for missing_key, value in [ + ("policiesJsonUrisAccessToken", ""), + ("policiesZipUris", []), + ("policiesZipUrisAccessToken", ""), + ]: + if missing_key not in conf: + conf[missing_key] = value + should_update = True + + # add missing opaConfiguration-level keys + for missing_key, value in [ + ("accessToken", ""), + ]: + if missing_key not in conf["opaConfiguration"]: + conf["opaConfiguration"][missing_key] = value + should_update = True + # return modified config (if any) and update flag return conf, should_update diff --git a/docker-jans-casa/Dockerfile b/docker-jans-casa/Dockerfile index 21a27a546e0..b43d3f7dbb9 100644 --- a/docker-jans-casa/Dockerfile +++ b/docker-jans-casa/Dockerfile @@ -30,7 +30,7 @@ RUN wget -q https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-home/${JETTY_ # ==== ENV CN_VERSION=1.0.22-SNAPSHOT -ENV CN_BUILD_DATE='2024-01-05 13:55' +ENV CN_BUILD_DATE='2024-01-21 08:51' ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/casa/${CN_VERSION}/casa-${CN_VERSION}.war # Install Casa @@ -55,7 +55,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-casa/plugins \ # jans-linux-setup sync # ===================== -ENV JANS_SOURCE_VERSION=a2c5d4bd3d09c9f34e79b0d24bc63ece4ca7da43 +ENV JANS_SOURCE_VERSION=fd4207fa65eba86111295dd70db57f83d2e09413 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup ARG JANS_CASA_EXTRAS_DIR=jans-casa/extras diff --git a/docker-jans-fido2/Dockerfile b/docker-jans-fido2/Dockerfile index bd1ab1e4789..75787c782bc 100644 --- a/docker-jans-fido2/Dockerfile +++ b/docker-jans-fido2/Dockerfile @@ -59,7 +59,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-fido2/webapps \ # jans-linux-setup sync # ===================== -ENV JANS_SOURCE_VERSION=a2c5d4bd3d09c9f34e79b0d24bc63ece4ca7da43 +ENV JANS_SOURCE_VERSION=647aa0b0a118ab629e185b7f67ab3ded87ea1b9c ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) diff --git a/docker-jans-keycloak-link/Dockerfile b/docker-jans-keycloak-link/Dockerfile index 511e741f20e..fcb00cd8bcc 100644 --- a/docker-jans-keycloak-link/Dockerfile +++ b/docker-jans-keycloak-link/Dockerfile @@ -59,7 +59,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-keycloak-link/webapps \ # jans-linux-setup sync # ===================== -ENV JANS_SOURCE_VERSION=a2c5d4bd3d09c9f34e79b0d24bc63ece4ca7da43 +ENV JANS_SOURCE_VERSION=647aa0b0a118ab629e185b7f67ab3ded87ea1b9c ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) diff --git a/docker-jans-link/Dockerfile b/docker-jans-link/Dockerfile index 80883449770..fd1c0f86fdc 100644 --- a/docker-jans-link/Dockerfile +++ b/docker-jans-link/Dockerfile @@ -59,7 +59,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-link/webapps \ # jans-linux-setup sync # ===================== -ENV JANS_SOURCE_VERSION=a2c5d4bd3d09c9f34e79b0d24bc63ece4ca7da43 +ENV JANS_SOURCE_VERSION=647aa0b0a118ab629e185b7f67ab3ded87ea1b9c ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) diff --git a/docker-jans-persistence-loader/Dockerfile b/docker-jans-persistence-loader/Dockerfile index 19e72bd0088..825a22144d3 100644 --- a/docker-jans-persistence-loader/Dockerfile +++ b/docker-jans-persistence-loader/Dockerfile @@ -26,7 +26,7 @@ RUN python3 -m ensurepip \ # ===================== # janssenproject/jans SHA commit -ENV JANS_SOURCE_VERSION=7ed7b9daae7b7b272bcacba0f9c8ad495a938c3e +ENV JANS_SOURCE_VERSION=fd4207fa65eba86111295dd70db57f83d2e09413 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup ARG JANS_SCRIPT_CATALOG_DIR=docs/script-catalog ARG JANS_CONFIG_API_RESOURCES=jans-config-api/server/src/main/resources diff --git a/docker-jans-persistence-loader/scripts/upgrade.py b/docker-jans-persistence-loader/scripts/upgrade.py index 445c6c80896..0c98e8535d2 100644 --- a/docker-jans-persistence-loader/scripts/upgrade.py +++ b/docker-jans-persistence-loader/scripts/upgrade.py @@ -522,20 +522,24 @@ def update_people_entries(self): should_update = False - # add jansAdminUIRole to default admin user - if self.user_backend.type == "sql" and self.user_backend.client.dialect == "mysql" and not entry.attrs["jansAdminUIRole"]["v"]: - entry.attrs["jansAdminUIRole"] = {"v": ["api-admin"]} - should_update = True - if self.user_backend.type == "sql" and self.user_backend.client.dialect == "pgsql" and not entry.attrs["jansAdminUIRole"]: - entry.attrs["jansAdminUIRole"] = ["api-admin"] - should_update = True - elif self.user_backend.type == "spanner" and not entry.attrs["jansAdminUIRole"]: - entry.attrs["jansAdminUIRole"] = ["api-admin"] - should_update = True - else: # ldap and couchbase - if "jansAdminUIRole" not in entry.attrs: - entry.attrs["jansAdminUIRole"] = ["api-admin"] + # add jansAdminUIRole and role to default admin user + for attr_name, role_name in [ + ("jansAdminUIRole", "api-admin"), + ("role", "CasaAdmin"), + ]: + if self.user_backend.type == "sql" and self.user_backend.client.dialect == "mysql" and not entry.attrs[attr_name]["v"]: + entry.attrs[attr_name] = {"v": [role_name]} should_update = True + if self.user_backend.type == "sql" and self.user_backend.client.dialect == "pgsql" and not entry.attrs[attr_name]: + entry.attrs[attr_name] = [role_name] + should_update = True + elif self.user_backend.type == "spanner" and not entry.attrs[attr_name]: + entry.attrs[attr_name] = [role_name] + should_update = True + else: # ldap and couchbase + if attr_name not in entry.attrs: + entry.attrs[attr_name] = [role_name] + should_update = True # set lowercased jansStatus if entry.attrs["jansStatus"] == "ACTIVE": @@ -857,6 +861,9 @@ def _transform_message_config(conf): else: pg_pw_encoded = "" + # backward-compat values + msg_wait_millis = conf["postgresConfiguration"].get("messageWaitMillis") or conf["postgresConfiguration"].get("message-wait-millis") or 100 + msg_sleep_thread = conf["postgresConfiguration"].get("messageSleepThreadTime") or conf["postgresConfiguration"].get("message-sleep-thread-millis") or 200 new_conf = { "messageProviderType": provider_type, "postgresConfiguration": { @@ -864,8 +871,8 @@ def _transform_message_config(conf): "dbSchemaName": os.environ.get("CN_SQL_DB_SCHEMA", "public"), "authUserName": os.environ.get("CN_SQL_DB_USER", "jans"), "authUserPassword": pg_pw_encoded, - "messageWaitMillis": conf["postgresConfiguration"]["messageWaitMillis"], - "messageSleepThreadTime": conf["postgresConfiguration"]["messageSleepThreadTime"], + "messageWaitMillis": msg_wait_millis, + "messageSleepThreadTime": msg_sleep_thread, }, "redisConfiguration": { "servers": os.environ.get("CN_REDIS_URL", "localhost:6379"), diff --git a/docker-jans-saml/Dockerfile b/docker-jans-saml/Dockerfile index 94b22ae62ea..de1ea37184d 100644 --- a/docker-jans-saml/Dockerfile +++ b/docker-jans-saml/Dockerfile @@ -40,7 +40,7 @@ RUN wget -q https://jenkins.jans.io/maven/io/jans/kc-jans-authn-plugin/${CN_VERS # jans-linux-setup sync # ===================== -ENV JANS_SOURCE_VERSION=7ed7b9daae7b7b272bcacba0f9c8ad495a938c3e +ENV JANS_SOURCE_VERSION=647aa0b0a118ab629e185b7f67ab3ded87ea1b9c ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) diff --git a/docker-jans-saml/scripts/bootstrap.py b/docker-jans-saml/scripts/bootstrap.py index 51718c436b4..7d4b174d33e 100644 --- a/docker-jans-saml/scripts/bootstrap.py +++ b/docker-jans-saml/scripts/bootstrap.py @@ -38,8 +38,11 @@ def render_keycloak_conf(): if not db_password: passwd_file = os.environ.get("CN_SAML_KC_DB_PASSWORD_FILE", "/etc/jans/conf/kc_db_password") - with open(passwd_file) as f: - db_password = f.read().strip() + try: + with open(passwd_file) as f: + db_password = f.read().strip() + except FileNotFoundError as exc: + raise ValueError(f"Unable to get password from {passwd_file}; reason={exc}") ctx = { "hostname": manager.config.get("hostname"), diff --git a/docker-jans-saml/scripts/configure_kc.py b/docker-jans-saml/scripts/configure_kc.py index 567be2497d6..8198a8b1dea 100644 --- a/docker-jans-saml/scripts/configure_kc.py +++ b/docker-jans-saml/scripts/configure_kc.py @@ -192,11 +192,13 @@ def main(): base_dir = os.path.join(tempfile.gettempdir(), "kc_jans_api") os.makedirs(base_dir, exist_ok=True) - kc = KC(admin_username, admin_password, base_dir, ctx) - kc.login() - kc.create_realm() - kc.create_client() - kc.create_user() + with manager.lock.create_lock("saml-configure-kc"): + logger.info("Configuring Keycloak (if required)") + kc = KC(admin_username, admin_password, base_dir, ctx) + kc.login() + kc.create_realm() + kc.create_client() + kc.create_user() if __name__ == "__main__": diff --git a/docker-jans-scim/Dockerfile b/docker-jans-scim/Dockerfile index 2cc95ad5079..53a79a6e92f 100644 --- a/docker-jans-scim/Dockerfile +++ b/docker-jans-scim/Dockerfile @@ -59,7 +59,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-scim/webapps \ # jans-linux-setup sync # ===================== -ENV JANS_SOURCE_VERSION=a2c5d4bd3d09c9f34e79b0d24bc63ece4ca7da43 +ENV JANS_SOURCE_VERSION=647aa0b0a118ab629e185b7f67ab3ded87ea1b9c ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup ARG JANS_SCIM_RESOURCE_DIR=jans-scim/server/src/main/resources