From ab1cc3da4407a6f530dccbe2fbd5d1ae2269ef6f Mon Sep 17 00:00:00 2001 From: Mustafa Baser Date: Fri, 8 Apr 2022 18:29:52 +0300 Subject: [PATCH 1/3] fix: update api-admin permissions from config api yaml --- .../jans_setup/setup_app/config.py | 1 + .../setup_app/installers/config_api.py | 14 +- .../setup_app/installers/jans_auth.py | 29 ++ .../setup_app/utils/properties_utils.py | 4 +- .../jans-auth/role-scope-mappings.json | 380 ++++++++++++++++++ .../jans-auth/role-scope-mappings.ldif | 2 +- 6 files changed, 422 insertions(+), 8 deletions(-) create mode 100644 jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.json diff --git a/jans-linux-setup/jans_setup/setup_app/config.py b/jans-linux-setup/jans_setup/setup_app/config.py index cb8ed03b8ea..33d5436500b 100644 --- a/jans-linux-setup/jans_setup/setup_app/config.py +++ b/jans-linux-setup/jans_setup/setup_app/config.py @@ -79,6 +79,7 @@ def calculate_mem(self): def init(self, install_dir=INSTALL_DIR): self.install_dir = install_dir + self.data_dir = os.path.join(Config.install_dir, 'setup_app/data') self.thread_queue = None self.jetty_user = 'jetty' self.dump_config_on_error = False diff --git a/jans-linux-setup/jans_setup/setup_app/installers/config_api.py b/jans-linux-setup/jans_setup/setup_app/installers/config_api.py index f521291b233..ee784adf7c3 100644 --- a/jans-linux-setup/jans_setup/setup_app/installers/config_api.py +++ b/jans-linux-setup/jans_setup/setup_app/installers/config_api.py @@ -77,13 +77,17 @@ def create_folders(self): self.run([paths.cmd_chown, '-R', 'jetty:jetty', os.path.join(Config.jetty_base, self.service_name)]) - def generate_configuration(self): + def read_config_api_swagger(self): + config_api_swagger_yaml_fn = os.path.join(Config.data_dir, 'jans-config-api-swagger.yaml') + yml_str = self.readFile(config_api_swagger_yaml_fn) + yml_str = yml_str.replace('\t', ' ') + cfg_yml = ruamel.yaml.load(yml_str, ruamel.yaml.RoundTripLoader) + return cfg_yml + + def generate_configuration(self): try: - config_api_swagger_yaml_fn = os.path.join(Config.install_dir, 'setup_app/data/jans-config-api-swagger.yaml') - yml_str = self.readFile(config_api_swagger_yaml_fn) - yml_str = yml_str.replace('\t', ' ') - cfg_yml = ruamel.yaml.load(yml_str, ruamel.yaml.RoundTripLoader) + cfg_yml = self.read_config_api_swagger() scopes_def = cfg_yml['components']['securitySchemes']['oauth2']['flows']['clientCredentials']['scopes'] scope_type = cfg_yml['components']['securitySchemes']['oauth2']['type'] except: diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jans_auth.py b/jans-linux-setup/jans_setup/setup_app/installers/jans_auth.py index 7f60e835091..f775ff11603 100644 --- a/jans-linux-setup/jans_setup/setup_app/installers/jans_auth.py +++ b/jans-linux-setup/jans_setup/setup_app/installers/jans_auth.py @@ -4,6 +4,8 @@ import string import uuid import shutil +import json + from urllib.parse import urlparse from setup_app import paths @@ -73,8 +75,35 @@ def generate_configuration(self): if Config.get('use_external_key'): self.import_openbanking_key() + + + def role_scope_mappings(self): + + role_scope_mappings_fn = os.path.join(self.templates_folder, 'role-scope-mappings.json') + role_mapping = base.readJsonFile(role_scope_mappings_fn) + data = base.current_app.ConfigApiInstaller.read_config_api_swagger() + + scope_list = [] + for epath in data['paths']: + for m in data['paths'][epath]: + if 'security' in data['paths'][epath][m]: + for item in data['paths'][epath][m]['security']: + scope_list += item['oauth2'] + + for api_role in role_mapping['rolePermissionMapping']: + if api_role['role'] == 'api-admin': + for scope in scope_list: + if scope not in api_role['permissions']: + api_role['permissions'].append(scope) + break + + Config.templateRenderingDict['role_scope_mappings'] = json.dumps(role_mapping) + + def render_import_templates(self): + self.role_scope_mappings() + templates = [self.oxauth_config_json] if Config.profile == 'jans': templates += [self.ldif_people, self.ldif_groups] diff --git a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py index 8dfd9827870..dd9d9b0019a 100644 --- a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py +++ b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py @@ -105,7 +105,7 @@ def check_properties(self): if not Config.admin_password and Config.ldapPass: Config.admin_password = Config.ldapPass - + if not Config.admin_password: Config.admin_password = self.getPW() @@ -122,7 +122,7 @@ def check_properties(self): if Config.rdbm_install: Config.mappingLocations = { group: 'rdbm' for group in Config.couchbaseBucketDict } - if Config.opendj_install == InstallTypes.LOCAL: + if Config.opendj_install == InstallTypes.LOCAL and not Config.installed_instance: used_ports = self.opendj_used_ports() if used_ports: print(msg.used_ports.format(','.join(used_ports))) diff --git a/jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.json b/jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.json new file mode 100644 index 00000000000..b3a1b707d13 --- /dev/null +++ b/jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.json @@ -0,0 +1,380 @@ +{ + "roles": [ + { + "role": "api-viewer", + "description": "desc" + }, + { + "role": "api-editor", + "description": "" + }, + { + "role": "api-manager", + "description": "" + }, + { + "role": "api-admin", + "description": "" + } + ], + "permissions": [ + { + "permission": "https://jans.io/oauth/config/attributes.readonly", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/attributes.write", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/attributes.delete", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/acrs.readonly", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/acrs.write", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/acrs.delete", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/scopes.readonly", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/scopes.write", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/scopes.delete", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/scripts.readonly", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/scripts.write", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/scripts.delete", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/openid/clients.readonly", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/openid/clients.write", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/openid/clients.delete", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/smtp.readonly", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/smtp.write", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/smtp.delete", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/logging.readonly", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/logging.write", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/uma/resources.readonly", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/uma/resources.write", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/uma/resources.delete", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/database/ldap.readonly", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/database/ldap.write", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/database/ldap.delete", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/jwks.readonly", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/jwks.write", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/fido2.readonly", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/fido2.write", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/cache.readonly", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/cache.write", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/database/couchbase.readonly", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/database/couchbase.write", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/database/sql.readonly", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/database/sql.write", + "description": null + }, + { + "permission": "https://jans.io/oauth/jans-auth-server/config/properties.readonly", + "description": null + }, + { + "permission": "https://jans.io/oauth/jans-auth-server/config/properties.write", + "description": null + }, + { + "permission": "https://jans.io/oauth/config/stats.readonly", + "description": null + }, + { + "permission": "jans_stat", + "description": null + }, + { + "permission": "https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly", + "description": null + }, + { + "permission": "https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write", + "description": null + }, + { + "permission": "https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly", + "description": null + }, + { + "permission": "https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write", + "description": null + }, + { + "permission": "https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly", + "description": null + }, + { + "permission": "https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write", + "description": null + }, + { + "permission": "https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly", + "description": null + }, + { + "permission": "https://jans.io/oauth/jans-auth-server/config/adminui/license.write", + "description": null + } + ], + "rolePermissionMapping": [ + { + "role": "api-viewer", + "permissions": [ + "https://jans.io/oauth/config/attributes.readonly", + "https://jans.io/oauth/config/acrs.readonly", + "https://jans.io/oauth/config/scopes.readonly", + "https://jans.io/oauth/config/scripts.readonly", + "https://jans.io/oauth/config/openid/clients.readonly", + "https://jans.io/oauth/config/smtp.readonly", + "https://jans.io/oauth/config/logging.readonly", + "https://jans.io/oauth/config/uma/resources.readonly", + "https://jans.io/oauth/config/database/ldap.readonly", + "https://jans.io/oauth/config/jwks.readonly", + "https://jans.io/oauth/config/fido2.readonly", + "https://jans.io/oauth/config/cache.readonly", + "https://jans.io/oauth/jans-auth-server/config/properties.readonly", + "https://jans.io/oauth/config/database/couchbase.readonly", + "https://jans.io/oauth/config/database/sql.readonly", + "https://jans.io/oauth/config/stats.readonly" + ] + }, + { + "role": "api-editor", + "permissions": [ + "https://jans.io/oauth/config/attributes.readonly", + "https://jans.io/oauth/config/attributes.write", + "https://jans.io/oauth/config/acrs.readonly", + "https://jans.io/oauth/config/acrs.write", + "https://jans.io/oauth/config/scopes.readonly", + "https://jans.io/oauth/config/scopes.write", + "https://jans.io/oauth/config/scripts.readonly", + "https://jans.io/oauth/config/scripts.write", + "https://jans.io/oauth/config/openid/clients.readonly", + "https://jans.io/oauth/config/openid/clients.write", + "https://jans.io/oauth/config/smtp.readonly", + "https://jans.io/oauth/config/smtp.write", + "https://jans.io/oauth/config/logging.readonly", + "https://jans.io/oauth/config/logging.write", + "https://jans.io/oauth/config/uma/resources.readonly", + "https://jans.io/oauth/config/uma/resources.write", + "https://jans.io/oauth/config/database/ldap.readonly", + "https://jans.io/oauth/config/database/ldap.write", + "https://jans.io/oauth/config/jwks.readonly", + "https://jans.io/oauth/config/jwks.write", + "https://jans.io/oauth/config/fido2.readonly", + "https://jans.io/oauth/config/fido2.write", + "https://jans.io/oauth/config/cache.readonly", + "https://jans.io/oauth/config/cache.write", + "https://jans.io/oauth/config/database/couchbase.readonly", + "https://jans.io/oauth/config/database/couchbase.write", + "https://jans.io/oauth/config/database/sql.readonly", + "https://jans.io/oauth/config/database/sql.write", + "readonly", + "https://jans.io/oauth/config/stats.readonly", + "jans_stat" + ] + }, + { + "role": "api-manager", + "permissions": [ + "https://jans.io/oauth/config/attributes.readonly", + "https://jans.io/oauth/config/attributes.write", + "https://jans.io/oauth/config/attributes.delete", + "https://jans.io/oauth/config/acrs.readonly", + "https://jans.io/oauth/config/acrs.write", + "https://jans.io/oauth/config/acrs.delete", + "https://jans.io/oauth/config/scopes.readonly", + "https://jans.io/oauth/config/scopes.write", + "https://jans.io/oauth/config/scopes.delete", + "https://jans.io/oauth/config/scripts.readonly", + "https://jans.io/oauth/config/scripts.write", + "https://jans.io/oauth/config/scripts.delete", + "https://jans.io/oauth/config/openid/clients.readonly", + "https://jans.io/oauth/config/openid/clients.write", + "https://jans.io/oauth/config/openid/clients.delete", + "https://jans.io/oauth/config/smtp.readonly", + "https://jans.io/oauth/config/smtp.write", + "https://jans.io/oauth/config/smtp.delete", + "https://jans.io/oauth/config/logging.readonly", + "https://jans.io/oauth/config/logging.write", + "https://jans.io/oauth/config/uma/resources.readonly", + "https://jans.io/oauth/config/uma/resources.write", + "https://jans.io/oauth/config/uma/resources.delete", + "https://jans.io/oauth/config/database/ldap.readonly", + "https://jans.io/oauth/config/database/ldap.write", + "https://jans.io/oauth/config/database/ldap.delete", + "https://jans.io/oauth/config/jwks.readonly", + "https://jans.io/oauth/config/jwks.write", + "https://jans.io/oauth/config/fido2.readonly", + "https://jans.io/oauth/config/fido2.write", + "https://jans.io/oauth/config/cache.readonly", + "https://jans.io/oauth/config/cache.write", + "https://jans.io/oauth/config/database/couchbase.readonly", + "https://jans.io/oauth/config/database/couchbase.write", + "https://jans.io/oauth/config/database/sql.readonly", + "https://jans.io/oauth/config/database/sql.write", + "readonly", + "https://jans.io/oauth/config/stats.readonly", + "jans_stat" + ] + }, + { + "role": "api-admin", + "permissions": [ + "https://jans.io/oauth/config/attributes.readonly", + "https://jans.io/oauth/config/attributes.write", + "https://jans.io/oauth/config/attributes.delete", + "https://jans.io/oauth/config/acrs.readonly", + "https://jans.io/oauth/config/acrs.write", + "https://jans.io/oauth/config/acrs.delete", + "https://jans.io/oauth/config/scopes.readonly", + "https://jans.io/oauth/config/scopes.write", + "https://jans.io/oauth/config/scopes.delete", + "https://jans.io/oauth/config/scripts.readonly", + "https://jans.io/oauth/config/scripts.write", + "https://jans.io/oauth/config/scripts.delete", + "https://jans.io/oauth/config/openid/clients.readonly", + "https://jans.io/oauth/config/openid/clients.write", + "https://jans.io/oauth/config/openid/clients.delete", + "https://jans.io/oauth/config/smtp.readonly", + "https://jans.io/oauth/config/smtp.write", + "https://jans.io/oauth/config/smtp.delete", + "https://jans.io/oauth/config/logging.readonly", + "https://jans.io/oauth/config/logging.write", + "https://jans.io/oauth/config/uma/resources.readonly", + "https://jans.io/oauth/config/uma/resources.write", + "https://jans.io/oauth/config/uma/resources.delete", + "https://jans.io/oauth/config/database/ldap.readonly", + "https://jans.io/oauth/config/database/ldap.write", + "https://jans.io/oauth/config/database/ldap.delete", + "https://jans.io/oauth/config/jwks.readonly", + "https://jans.io/oauth/config/jwks.write", + "https://jans.io/oauth/config/fido2.readonly", + "https://jans.io/oauth/config/fido2.write", + "https://jans.io/oauth/config/cache.readonly", + "https://jans.io/oauth/config/cache.write", + "https://jans.io/oauth/config/database/couchbase.readonly", + "https://jans.io/oauth/config/database/couchbase.write", + "https://jans.io/oauth/config/database/sql.readonly", + "https://jans.io/oauth/config/database/sql.write", + "readonly", + "https://jans.io/oauth/config/stats.readonly", + "jans_stat", + "https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly", + "https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write", + "https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly", + "https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write", + "https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly", + "https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write", + "https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly", + "https://jans.io/oauth/jans-auth-server/config/adminui/license.write", + "https://jans.io/scim/bulk", + "https://jans.io/scim/users.write", + "https://jans.io/scim/fido.read", + "https://jans.io/scim/all-resources.search", + "https://jans.io/scim/fido2.read", + "https://jans.io/scim/groups.write", + "https://jans.io/scim/users.read", + "https://jans.io/scim/groups.read", + "https://jans.io/scim/fido2.write", + "https://jans.io/scim/fido.write", + "https://jans.io/oauth/jans-auth-server/config/properties.write" + ] + } + ] +} \ No newline at end of file diff --git a/jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.ldif b/jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.ldif index 328b0d4fb70..ccf430d02d1 100644 --- a/jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.ldif +++ b/jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.ldif @@ -2,7 +2,7 @@ version: 1 dn: ou=admin-ui,ou=configuration,o=jans objectClass: jansAdminConfDyn objectClass: top -jansConfDyn: {"roles": [{"role": "api-viewer", "description": "desc"}, {"role": "api-editor", "description": ""}, {"role": "api-manager", "description": ""}, {"role": "api-admin", "description": ""}], "permissions": [{"permission": "https://jans.io/oauth/config/attributes.readonly", "description": null}, {"permission": "https://jans.io/oauth/config/attributes.write", "description": null}, {"permission": "https://jans.io/oauth/config/attributes.delete", "description": null}, {"permission": "https://jans.io/oauth/config/acrs.readonly", "description": null}, {"permission": "https://jans.io/oauth/config/acrs.write", "description": null}, {"permission": "https://jans.io/oauth/config/acrs.delete", "description": null}, {"permission": "https://jans.io/oauth/config/scopes.readonly", "description": null}, {"permission": "https://jans.io/oauth/config/scopes.write", "description": null}, {"permission": "https://jans.io/oauth/config/scopes.delete", "description": null}, {"permission": "https://jans.io/oauth/config/scripts.readonly", "description": null}, {"permission": "https://jans.io/oauth/config/scripts.write", "description": null}, {"permission": "https://jans.io/oauth/config/scripts.delete", "description": null}, {"permission": "https://jans.io/oauth/config/openid/clients.readonly", "description": null}, {"permission": "https://jans.io/oauth/config/openid/clients.write", "description": null}, {"permission": "https://jans.io/oauth/config/openid/clients.delete", "description": null}, {"permission": "https://jans.io/oauth/config/smtp.readonly", "description": null}, {"permission": "https://jans.io/oauth/config/smtp.write", "description": null}, {"permission": "https://jans.io/oauth/config/smtp.delete", "description": null}, {"permission": "https://jans.io/oauth/config/logging.readonly", "description": null}, {"permission": "https://jans.io/oauth/config/logging.write", "description": null}, {"permission": "https://jans.io/oauth/config/uma/resources.readonly", "description": null}, {"permission": "https://jans.io/oauth/config/uma/resources.write", "description": null}, {"permission": "https://jans.io/oauth/config/uma/resources.delete", "description": null}, {"permission": "https://jans.io/oauth/config/database/ldap.readonly", "description": null}, {"permission": "https://jans.io/oauth/config/database/ldap.write", "description": null}, {"permission": "https://jans.io/oauth/config/database/ldap.delete", "description": null}, {"permission": "https://jans.io/oauth/config/jwks.readonly", "description": null}, {"permission": "https://jans.io/oauth/config/jwks.write", "description": null}, {"permission": "https://jans.io/oauth/config/fido2.readonly", "description": null}, {"permission": "https://jans.io/oauth/config/fido2.write", "description": null}, {"permission": "https://jans.io/oauth/config/cache.readonly", "description": null}, {"permission": "https://jans.io/oauth/config/cache.write", "description": null}, {"permission": "https://jans.io/oauth/config/database/couchbase.readonly", "description": null}, {"permission": "https://jans.io/oauth/config/database/couchbase.write", "description": null}, {"permission": "https://jans.io/oauth/config/database/sql.readonly", "description": null}, {"permission": "https://jans.io/oauth/config/database/sql.write", "description": null}, {"permission": "https://jans.io/oauth/jans-auth-server/config/properties.readonly", "description": null}, {"permission": "https://jans.io/oauth/jans-auth-server/config/properties.write", "description": null}, {"permission": "https://jans.io/oauth/config/stats.readonly", "description": null}, {"permission": "jans_stat", "description": null}, {"permission": "https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly", "description": null}, {"permission": "https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write", "description": null}, {"permission": "https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly", "description": null}, {"permission": "https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write", "description": null}, {"permission": "https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly", "description": null}, {"permission": "https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write", "description": null}, {"permission": "https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly", "description": null}, {"permission": "https://jans.io/oauth/jans-auth-server/config/adminui/license.write", "description": null}], "rolePermissionMapping": [{"role": "api-viewer", "permissions": ["https://jans.io/oauth/config/attributes.readonly", "https://jans.io/oauth/config/acrs.readonly", "https://jans.io/oauth/config/scopes.readonly", "https://jans.io/oauth/config/scripts.readonly", "https://jans.io/oauth/config/openid/clients.readonly", "https://jans.io/oauth/config/smtp.readonly", "https://jans.io/oauth/config/logging.readonly", "https://jans.io/oauth/config/uma/resources.readonly", "https://jans.io/oauth/config/database/ldap.readonly", "https://jans.io/oauth/config/jwks.readonly", "https://jans.io/oauth/config/fido2.readonly", "https://jans.io/oauth/config/cache.readonly", "https://jans.io/oauth/jans-auth-server/config/properties.readonly", "https://jans.io/oauth/config/database/couchbase.readonly", "https://jans.io/oauth/config/database/sql.readonly", "https://jans.io/oauth/config/stats.readonly"]}, {"role": "api-editor", "permissions": ["https://jans.io/oauth/config/attributes.readonly", "https://jans.io/oauth/config/attributes.write", "https://jans.io/oauth/config/acrs.readonly", "https://jans.io/oauth/config/acrs.write", "https://jans.io/oauth/config/scopes.readonly", "https://jans.io/oauth/config/scopes.write", "https://jans.io/oauth/config/scripts.readonly", "https://jans.io/oauth/config/scripts.write", "https://jans.io/oauth/config/openid/clients.readonly", "https://jans.io/oauth/config/openid/clients.write", "https://jans.io/oauth/config/smtp.readonly", "https://jans.io/oauth/config/smtp.write", "https://jans.io/oauth/config/logging.readonly", "https://jans.io/oauth/config/logging.write", "https://jans.io/oauth/config/uma/resources.readonly", "https://jans.io/oauth/config/uma/resources.write", "https://jans.io/oauth/config/database/ldap.readonly", "https://jans.io/oauth/config/database/ldap.write", "https://jans.io/oauth/config/jwks.readonly", "https://jans.io/oauth/config/jwks.write", "https://jans.io/oauth/config/fido2.readonly", "https://jans.io/oauth/config/fido2.write", "https://jans.io/oauth/config/cache.readonly", "https://jans.io/oauth/config/cache.write", "https://jans.io/oauth/config/database/couchbase.readonly", "https://jans.io/oauth/config/database/couchbase.write", "https://jans.io/oauth/config/database/sql.readonly", "https://jans.io/oauth/config/database/sql.write", "readonly", "https://jans.io/oauth/config/stats.readonly", "jans_stat"]}, {"role": "api-manager", "permissions": ["https://jans.io/oauth/config/attributes.readonly", "https://jans.io/oauth/config/attributes.write", "https://jans.io/oauth/config/attributes.delete", "https://jans.io/oauth/config/acrs.readonly", "https://jans.io/oauth/config/acrs.write", "https://jans.io/oauth/config/acrs.delete", "https://jans.io/oauth/config/scopes.readonly", "https://jans.io/oauth/config/scopes.write", "https://jans.io/oauth/config/scopes.delete", "https://jans.io/oauth/config/scripts.readonly", "https://jans.io/oauth/config/scripts.write", "https://jans.io/oauth/config/scripts.delete", "https://jans.io/oauth/config/openid/clients.readonly", "https://jans.io/oauth/config/openid/clients.write", "https://jans.io/oauth/config/openid/clients.delete", "https://jans.io/oauth/config/smtp.readonly", "https://jans.io/oauth/config/smtp.write", "https://jans.io/oauth/config/smtp.delete", "https://jans.io/oauth/config/logging.readonly", "https://jans.io/oauth/config/logging.write", "https://jans.io/oauth/config/uma/resources.readonly", "https://jans.io/oauth/config/uma/resources.write", "https://jans.io/oauth/config/uma/resources.delete", "https://jans.io/oauth/config/database/ldap.readonly", "https://jans.io/oauth/config/database/ldap.write", "https://jans.io/oauth/config/database/ldap.delete", "https://jans.io/oauth/config/jwks.readonly", "https://jans.io/oauth/config/jwks.write", "https://jans.io/oauth/config/fido2.readonly", "https://jans.io/oauth/config/fido2.write", "https://jans.io/oauth/config/cache.readonly", "https://jans.io/oauth/config/cache.write", "https://jans.io/oauth/config/database/couchbase.readonly", "https://jans.io/oauth/config/database/couchbase.write", "https://jans.io/oauth/config/database/sql.readonly", "https://jans.io/oauth/config/database/sql.write", "readonly", "https://jans.io/oauth/config/stats.readonly", "jans_stat"]}, {"role": "api-admin", "permissions": ["https://jans.io/oauth/config/attributes.readonly", "https://jans.io/oauth/config/attributes.write", "https://jans.io/oauth/config/attributes.delete", "https://jans.io/oauth/config/acrs.readonly", "https://jans.io/oauth/config/acrs.write", "https://jans.io/oauth/config/acrs.delete", "https://jans.io/oauth/config/scopes.readonly", "https://jans.io/oauth/config/scopes.write", "https://jans.io/oauth/config/scopes.delete", "https://jans.io/oauth/config/scripts.readonly", "https://jans.io/oauth/config/scripts.write", "https://jans.io/oauth/config/scripts.delete", "https://jans.io/oauth/config/openid/clients.readonly", "https://jans.io/oauth/config/openid/clients.write", "https://jans.io/oauth/config/openid/clients.delete", "https://jans.io/oauth/config/smtp.readonly", "https://jans.io/oauth/config/smtp.write", "https://jans.io/oauth/config/smtp.delete", "https://jans.io/oauth/config/logging.readonly", "https://jans.io/oauth/config/logging.write", "https://jans.io/oauth/config/uma/resources.readonly", "https://jans.io/oauth/config/uma/resources.write", "https://jans.io/oauth/config/uma/resources.delete", "https://jans.io/oauth/config/database/ldap.readonly", "https://jans.io/oauth/config/database/ldap.write", "https://jans.io/oauth/config/database/ldap.delete", "https://jans.io/oauth/config/jwks.readonly", "https://jans.io/oauth/config/jwks.write", "https://jans.io/oauth/config/fido2.readonly", "https://jans.io/oauth/config/fido2.write", "https://jans.io/oauth/config/cache.readonly", "https://jans.io/oauth/config/cache.write", "https://jans.io/oauth/config/database/couchbase.readonly", "https://jans.io/oauth/config/database/couchbase.write", "https://jans.io/oauth/config/database/sql.readonly", "https://jans.io/oauth/config/database/sql.write", "readonly", "https://jans.io/oauth/config/stats.readonly", "jans_stat", "https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly", "https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write", "https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly", "https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write", "https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly", "https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write", "https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly", "https://jans.io/oauth/jans-auth-server/config/adminui/license.write", "https://jans.io/scim/bulk", "https://jans.io/scim/users.write", "https://jans.io/scim/fido.read", "https://jans.io/scim/all-resources.search", "https://jans.io/scim/fido2.read", "https://jans.io/scim/groups.write", "https://jans.io/scim/users.read", "https://jans.io/scim/groups.read", "https://jans.io/scim/fido2.write", "https://jans.io/scim/fido.write", "https://jans.io/oauth/jans-auth-server/config/properties.write"]}]} +jansConfDyn: %(role_scope_mappings)s jansRevision: 1 ou: admin-ui From d7b3d69c8fa611ec6263c8a559272dbfb9933627 Mon Sep 17 00:00:00 2001 From: Mustafa Baser Date: Fri, 8 Apr 2022 19:46:17 +0300 Subject: [PATCH 2/3] fix: jans-linux-setup code smell --- .../setup_app/installers/jans_auth.py | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jans_auth.py b/jans-linux-setup/jans_setup/setup_app/installers/jans_auth.py index f775ff11603..1ffe35de3d0 100644 --- a/jans-linux-setup/jans_setup/setup_app/installers/jans_auth.py +++ b/jans-linux-setup/jans_setup/setup_app/installers/jans_auth.py @@ -84,19 +84,27 @@ def role_scope_mappings(self): data = base.current_app.ConfigApiInstaller.read_config_api_swagger() scope_list = [] + + def add_to_list(scope_items): + for item in scope_items: + for scope in item['oauth2']: + scope_list.append(scope) + + for epath in data['paths']: for m in data['paths'][epath]: if 'security' in data['paths'][epath][m]: - for item in data['paths'][epath][m]['security']: - scope_list += item['oauth2'] + add_to_list(data['paths'][epath][m]['security']) for api_role in role_mapping['rolePermissionMapping']: if api_role['role'] == 'api-admin': - for scope in scope_list: - if scope not in api_role['permissions']: - api_role['permissions'].append(scope) + api_admin = api_role break + for scope in scope_list: + if scope not in api_role['permissions']: + api_role['permissions'].append(scope) + Config.templateRenderingDict['role_scope_mappings'] = json.dumps(role_mapping) From 1dc469ade09f95027ccbfcc3b7c373084de6f0fc Mon Sep 17 00:00:00 2001 From: Mustafa Baser Date: Fri, 8 Apr 2022 20:04:30 +0300 Subject: [PATCH 3/3] fix: jans-linux-setup code smell --- .../setup_app/installers/jans_auth.py | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jans_auth.py b/jans-linux-setup/jans_setup/setup_app/installers/jans_auth.py index 1ffe35de3d0..c05b4b21a2b 100644 --- a/jans-linux-setup/jans_setup/setup_app/installers/jans_auth.py +++ b/jans-linux-setup/jans_setup/setup_app/installers/jans_auth.py @@ -76,29 +76,29 @@ def generate_configuration(self): self.import_openbanking_key() - - def role_scope_mappings(self): - - role_scope_mappings_fn = os.path.join(self.templates_folder, 'role-scope-mappings.json') - role_mapping = base.readJsonFile(role_scope_mappings_fn) + def get_config_api_scopes(self): data = base.current_app.ConfigApiInstaller.read_config_api_swagger() - scope_list = [] - def add_to_list(scope_items): - for item in scope_items: - for scope in item['oauth2']: - scope_list.append(scope) - - for epath in data['paths']: for m in data['paths'][epath]: if 'security' in data['paths'][epath][m]: - add_to_list(data['paths'][epath][m]['security']) + scope_items = [item['oauth2'] for item in data['paths'][epath][m]['security']] + for scopes in scope_items: + scope_list += scopes + + return scope_list + + + def role_scope_mappings(self): + + role_scope_mappings_fn = os.path.join(self.templates_folder, 'role-scope-mappings.json') + role_mapping = base.readJsonFile(role_scope_mappings_fn) + + scope_list = self.get_config_api_scopes() for api_role in role_mapping['rolePermissionMapping']: if api_role['role'] == 'api-admin': - api_admin = api_role break for scope in scope_list: