From 0cec568356ad9b8326ec6096db19d4014e292f16 Mon Sep 17 00:00:00 2001 From: iromli Date: Thu, 7 Nov 2024 00:37:08 +0700 Subject: [PATCH 1/8] chore(cloud-native)!: remove spanner support from OCI images Signed-off-by: iromli --- .../docker-jans-loadtesting-jmeter/Dockerfile | 9 -- .../docker-jans-loadtesting-jmeter/README.md | 5 - .../requirements.txt | 4 - .../scripts/entrypoint.sh | 6 - docker-jans-all-in-one/Dockerfile | 2 +- docker-jans-auth-server/Dockerfile | 7 +- docker-jans-auth-server/README.md | 20 ++- docker-jans-auth-server/scripts/bootstrap.py | 10 -- docker-jans-auth-server/scripts/lock.py | 2 - .../scripts/mod_context.py | 2 +- docker-jans-auth-server/scripts/upgrade.py | 36 +----- docker-jans-casa/Dockerfile | 7 +- docker-jans-casa/README.md | 20 ++- docker-jans-casa/scripts/bootstrap.py | 16 +-- docker-jans-casa/scripts/mod_context.py | 2 +- docker-jans-casa/scripts/upgrade.py | 38 +----- docker-jans-certmanager/Dockerfile | 6 +- docker-jans-certmanager/README.md | 20 ++- .../scripts/auth_handler.py | 7 - docker-jans-certmanager/scripts/bootstrap.py | 5 - docker-jans-config-api/Dockerfile | 7 +- docker-jans-config-api/README.md | 20 ++- docker-jans-config-api/scripts/bootstrap.py | 16 +-- docker-jans-config-api/scripts/mod_context.py | 2 +- docker-jans-config-api/scripts/upgrade.py | 44 +------ docker-jans-configurator/Dockerfile | 2 +- docker-jans-configurator/scripts/bootstrap.py | 5 - docker-jans-fido2/Dockerfile | 3 +- docker-jans-fido2/README.md | 18 +-- docker-jans-fido2/scripts/bootstrap.py | 12 -- docker-jans-fido2/scripts/mod_context.py | 2 +- docker-jans-fido2/scripts/upgrade.py | 28 +--- docker-jans-kc-scheduler/Dockerfile | 2 +- docker-jans-keycloak-link/Dockerfile | 3 +- docker-jans-keycloak-link/README.md | 18 +-- .../scripts/bootstrap.py | 12 -- .../scripts/mod_context.py | 2 +- docker-jans-keycloak-link/scripts/upgrade.py | 24 +--- docker-jans-link/Dockerfile | 3 +- docker-jans-link/README.md | 18 +-- docker-jans-link/scripts/bootstrap.py | 12 -- docker-jans-link/scripts/mod_context.py | 2 +- docker-jans-link/scripts/upgrade.py | 24 +--- docker-jans-monolith/Dockerfile | 6 +- docker-jans-monolith/clean.sh | 2 +- docker-jans-monolith/down.sh | 2 +- docker-jans-monolith/scripts/entrypoint.sh | 13 -- docker-jans-monolith/up.sh | 2 +- docker-jans-persistence-loader/Dockerfile | 6 +- docker-jans-persistence-loader/README.md | 20 ++- .../scripts/bootstrap.py | 6 - .../scripts/hooks.py | 2 +- .../scripts/hybrid_setup.py | 2 - .../scripts/upgrade.py | 52 ++------ .../scripts/utils.py | 2 +- docker-jans-saml/Dockerfile | 2 +- docker-jans-saml/README.md | 18 +-- docker-jans-saml/scripts/bootstrap.py | 13 -- docker-jans-saml/scripts/upgrade.py | 24 +--- docker-jans-scim/Dockerfile | 3 +- docker-jans-scim/README.md | 18 +-- docker-jans-scim/scripts/bootstrap.py | 14 +- docker-jans-scim/scripts/mod_context.py | 2 +- docker-jans-scim/scripts/upgrade.py | 36 +----- jans-pycloudlib/docs/api/wait.md | 4 + .../jans/pycloudlib/lock/__init__.py | 9 +- .../jans/pycloudlib/persistence/__init__.py | 4 + .../jans/pycloudlib/persistence/sql.py | 1 + .../jans/pycloudlib/persistence/utils.py | 12 +- jans-pycloudlib/jans/pycloudlib/validators.py | 1 + jans-pycloudlib/jans/pycloudlib/wait.py | 45 +++++++ jans-pycloudlib/mkdocs.yml | 1 + jans-pycloudlib/setup.py | 1 + jans-pycloudlib/tests/conftest.py | 10 ++ jans-pycloudlib/tests/test_persistence.py | 120 ++++++++++++++++-- jans-pycloudlib/tests/test_validators.py | 1 + jans-pycloudlib/tests/test_wait.py | 60 ++++++++- 77 files changed, 411 insertions(+), 606 deletions(-) diff --git a/demos/benchmarking/docker-jans-loadtesting-jmeter/Dockerfile b/demos/benchmarking/docker-jans-loadtesting-jmeter/Dockerfile index 6a2a4f243a9..98920584c1b 100644 --- a/demos/benchmarking/docker-jans-loadtesting-jmeter/Dockerfile +++ b/demos/benchmarking/docker-jans-loadtesting-jmeter/Dockerfile @@ -34,17 +34,8 @@ ENV FQDN="https://demoexample.jans.io" \ USER_NUMBER_STARTING_POINT=0 \ USER_NUMBER_ENDING_POINT=50000000 \ LOAD_USERS_TO_COUCHBASE=false \ - LOAD_USERS_TO_LDAP=false \ - LOAD_USERS_TO_SPANNER=false \ LOAD_USERS_TO_RDBMS=false \ USER_SPLIT_PARALLEL_THREADS=20 \ - GOOGLE_APPLICATION_CREDENTIALS=""\ - GOOGLE_PROJECT_ID=""\ - GOOGLE_SPANNER_INSTANCE_ID=""\ - GOOGLE_SPANNER_DATABASE_ID=""\ - LDAP_URL="opendj:1636" \ - LDAP_PW="" \ - LDAP_DN="cn=directory manager" \ # pgsql or mysql RDBMS_TYPE="mysql" \ RDBMS_DB="jans" \ diff --git a/demos/benchmarking/docker-jans-loadtesting-jmeter/README.md b/demos/benchmarking/docker-jans-loadtesting-jmeter/README.md index da184867e26..d2ba70fdd7d 100644 --- a/demos/benchmarking/docker-jans-loadtesting-jmeter/README.md +++ b/demos/benchmarking/docker-jans-loadtesting-jmeter/README.md @@ -22,13 +22,8 @@ Installation depends on the set of environment variables shown below. These envi | `USER_NUMBER_STARTING_POINT` | The user number to start from . This is appended to the username i.e test_user0 | `0` | | `USER_NUMBER_ENDING_POINT` | The user number to end at. | `50000000` | | `LOAD_USERS_TO_COUCHBASE` | Enable loading users to Couchbase persistence. `true` or `false` == `` | `false` | -| `LOAD_USERS_TO_SPANNER` | Enable loading users to Spanner persistence. `true` or `false` == `` | `false` | | `LOAD_USERS_TO_RDBMS` | Enable loading users to RDBMS persistence. `true` or `false` == `` | `false` | | `USER_SPLIT_PARALLEL_THREADS` | The number of parallel threads to break the total number users across. This number heavily effects CPU usage. | `20` | -| `GOOGLE_APPLICATION_CREDENTIALS` | Google Credentials JSON SA file. **Used with Spanner** | `` | -| `GOOGLE_PROJECT_ID` | Google Project ID. **Used with Spanner** | `` | -| `GOOGLE_SPANNER_INSTANCE_ID` | Google Spanner Instance ID. **Used with Spanner** | `` | -| `GOOGLE_SPANNER_DATABASE_ID` | Google Spanner Database ID. **Used with Spanner** | `` | | `RDBMS_TYPE` | RDBMS type if `mysql` or `pgsql` is the persistence to load users in. | `mysql` | | `RDBMS_DB` | RDBMS Database name if `mysql` or `pgsql` is the persistence to load users in. | `jans` | | `RDBMS_USER` | RDBMS user if `mysql` or `pgsql` is the persistence to load users in. | `jans` | diff --git a/demos/benchmarking/docker-jans-loadtesting-jmeter/requirements.txt b/demos/benchmarking/docker-jans-loadtesting-jmeter/requirements.txt index bee0baf3637..1389bb12fd4 100644 --- a/demos/benchmarking/docker-jans-loadtesting-jmeter/requirements.txt +++ b/demos/benchmarking/docker-jans-loadtesting-jmeter/requirements.txt @@ -3,10 +3,6 @@ joblib pygtail psycopg2-binary PyMySQL -# ======================= -# Install Spanner package -# ======================= -google-cloud-spanner # =============== # Install Couchbase Client # =============== diff --git a/demos/benchmarking/docker-jans-loadtesting-jmeter/scripts/entrypoint.sh b/demos/benchmarking/docker-jans-loadtesting-jmeter/scripts/entrypoint.sh index bdd6412daa6..b5f2d5e8d30 100644 --- a/demos/benchmarking/docker-jans-loadtesting-jmeter/scripts/entrypoint.sh +++ b/demos/benchmarking/docker-jans-loadtesting-jmeter/scripts/entrypoint.sh @@ -8,12 +8,6 @@ if [[ "$LOAD_USERS_TO_COUCHBASE" = "true" ]]; then /usr/bin/python3 /scripts/add_users_couchbase.py exit 0 # ================================================================================================ # -# Check if this is a user loading job to the backend spanner # -# ================================================================================================ # -elif [[ "$LOAD_USERS_TO_SPANNER" = "true" ]]; then - /usr/bin/python3 /scripts/add_users_spanner.py - exit 0 -# ================================================================================================ # # Check if this is a user loading job to the backend RDBMS # # ================================================================================================ # elif [[ "$LOAD_USERS_TO_RDBMS" = "true" ]]; then diff --git a/docker-jans-all-in-one/Dockerfile b/docker-jans-all-in-one/Dockerfile index 389181380d6..05589eeb4e4 100644 --- a/docker-jans-all-in-one/Dockerfile +++ b/docker-jans-all-in-one/Dockerfile @@ -58,7 +58,7 @@ RUN apk update \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=4f155cfe9e197b15d65be6aa938276862fe36a06 +ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 # note that as we're pulling from a monorepo (with multiple project in it) # we are using partial-clone and sparse-checkout to get the assets diff --git a/docker-jans-auth-server/Dockerfile b/docker-jans-auth-server/Dockerfile index 3acb6ac4c01..ea64ee5ba63 100644 --- a/docker-jans-auth-server/Dockerfile +++ b/docker-jans-auth-server/Dockerfile @@ -103,7 +103,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-auth/agama/fl \ /app/static/rdbm \ /app/schema -ENV JANS_SOURCE_VERSION=4f155cfe9e197b15d65be6aa938276862fe36a06 +ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) @@ -217,9 +217,7 @@ ENV CN_PERSISTENCE_TYPE=sql \ CN_COUCHBASE_BUCKET_PREFIX=jans \ CN_COUCHBASE_TRUSTSTORE_ENABLE=true \ CN_COUCHBASE_KEEPALIVE_INTERVAL=30000 \ - CN_COUCHBASE_KEEPALIVE_TIMEOUT=2500 \ - CN_GOOGLE_SPANNER_INSTANCE_ID="" \ - CN_GOOGLE_SPANNER_DATABASE_ID="" + CN_COUCHBASE_KEEPALIVE_TIMEOUT=2500 # =========== # Generic ENV @@ -274,7 +272,6 @@ RUN mkdir -p ${JETTY_BASE}/jans-auth/custom/pages \ ${JETTY_BASE}/jans-auth/custom/libs \ ${JETTY_BASE}/jans-auth/custom/i18n \ ${JETTY_BASE}/jans-auth/logs \ - ${JETTY_BASE}/common/libs/spanner \ ${JETTY_BASE}/common/libs/couchbase \ ${JETTY_HOME}/temp \ /etc/jans/conf \ diff --git a/docker-jans-auth-server/README.md b/docker-jans-auth-server/README.md index 6eddc8cbc54..5d4e3820cdc 100644 --- a/docker-jans-auth-server/README.md +++ b/docker-jans-auth-server/README.md @@ -50,7 +50,7 @@ The following environment variables are supported by the container: - `CN_WAIT_SLEEP_DURATION`: Delay between startup "health checks" (default to `10` seconds). - `CN_MAX_RAM_PERCENTAGE`: Value passed to Java option `-XX:MaxRAMPercentage`. - `CN_DEBUG_PORT`: port of remote debugging (if omitted, remote debugging will be disabled). -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `couchbase`, `spanner`, `sql`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `couchbase`, `sql`, or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. - `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`). - `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`). @@ -76,8 +76,6 @@ The following environment variables are supported by the container: - `CN_GOOGLE_SECRET_VERSION_ID`: Janssen secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended. - `CN_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen secret in Google Secret Manager. Defaults to `jans`. If left `jans-secret` secret will be created. - `CN_GOOGLE_SECRET_MANAGER_PASSPHRASE`: Passphrase for Janssen secret in Google Secret Manager. This is recommended to be changed and defaults to `secret`. -- `CN_GOOGLE_SPANNER_INSTANCE_ID`: Google Spanner instance ID. -- `CN_GOOGLE_SPANNER_DATABASE_ID`: Google Spanner database ID. - `CN_JETTY_REQUEST_HEADER_SIZE`: Maximum size of request header accepted by Jetty (default to `8192`). - `CN_AUTH_APP_LOGGERS`: Custom logging configuration in JSON-string format with hash type (see [Configure app loggers](#configure-app-loggers) section for details). - `CN_PROMETHEUS_PORT`: Port used by Prometheus JMX agent (default to empty string). To enable Prometheus JMX agent, set the value to a number. See [Exposing metrics](#exposing-metrics) for details. @@ -185,12 +183,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -199,11 +197,11 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "couchbase", - "session": "spanner", + "session": "sql", } ``` diff --git a/docker-jans-auth-server/scripts/bootstrap.py b/docker-jans-auth-server/scripts/bootstrap.py index 64be3586b4d..2d2d1d80f2a 100644 --- a/docker-jans-auth-server/scripts/bootstrap.py +++ b/docker-jans-auth-server/scripts/bootstrap.py @@ -12,8 +12,6 @@ from jans.pycloudlib.persistence.couchbase import sync_couchbase_truststore from jans.pycloudlib.persistence.couchbase import sync_couchbase_password from jans.pycloudlib.persistence.hybrid import render_hybrid_properties -from jans.pycloudlib.persistence.spanner import render_spanner_properties -from jans.pycloudlib.persistence.spanner import sync_google_credentials from jans.pycloudlib.persistence.sql import render_sql_properties from jans.pycloudlib.persistence.sql import sync_sql_password from jans.pycloudlib.persistence.sql import override_simple_json_property @@ -70,14 +68,6 @@ def main(): "/etc/jans/conf/jans-sql.properties", ) - if "spanner" in persistence_groups: - render_spanner_properties( - manager, - "/app/templates/jans-spanner.properties", - "/etc/jans/conf/jans-spanner.properties", - ) - sync_google_credentials(manager) - wait_for_persistence(manager) override_simple_json_property("/etc/jans/conf/jans-sql.properties") diff --git a/docker-jans-auth-server/scripts/lock.py b/docker-jans-auth-server/scripts/lock.py index 7dcfbbee390..4f54742732d 100644 --- a/docker-jans-auth-server/scripts/lock.py +++ b/docker-jans-auth-server/scripts/lock.py @@ -8,7 +8,6 @@ from jans.pycloudlib import get_manager from jans.pycloudlib.persistence.couchbase import CouchbaseClient -from jans.pycloudlib.persistence.spanner import SpannerClient from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.utils import PersistenceMapper from jans.pycloudlib.utils import generate_base64_contents @@ -100,7 +99,6 @@ def __init__(self, manager) -> None: client_classes = { "couchbase": CouchbaseClient, - "spanner": SpannerClient, "sql": SqlClient, } diff --git a/docker-jans-auth-server/scripts/mod_context.py b/docker-jans-auth-server/scripts/mod_context.py index bcf6b51ddbf..29ea49f34ea 100644 --- a/docker-jans-auth-server/scripts/mod_context.py +++ b/docker-jans-auth-server/scripts/mod_context.py @@ -85,7 +85,7 @@ def modify_app_xml(app_name): mapper = PersistenceMapper() persistence_groups = mapper.groups().keys() - for persistence_type in ["spanner", "couchbase"]: + for persistence_type in ["couchbase"]: if persistence_type not in persistence_groups: continue diff --git a/docker-jans-auth-server/scripts/upgrade.py b/docker-jans-auth-server/scripts/upgrade.py index ca55f337aed..5eb665fb097 100644 --- a/docker-jans-auth-server/scripts/upgrade.py +++ b/docker-jans-auth-server/scripts/upgrade.py @@ -8,7 +8,6 @@ from jans.pycloudlib import get_manager from jans.pycloudlib.persistence.couchbase import CouchbaseClient from jans.pycloudlib.persistence.couchbase import id_from_dn -from jans.pycloudlib.persistence.spanner import SpannerClient from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.sql import doc_id_from_dn from jans.pycloudlib.persistence.utils import PersistenceMapper @@ -212,38 +211,9 @@ def search_entries(self, key, filter_="", attrs=None, **kwargs): return entries -class SpannerBackend: - def __init__(self, manager): - self.manager = manager - self.client = SpannerClient(manager) - self.type = "spanner" - - def get_entry(self, key, filter_="", attrs=None, **kwargs): - table_name = kwargs.get("table_name") - entry = self.client.get(table_name, key, attrs) - - if not entry: - return None - return Entry(key, entry) - - def modify_entry(self, key, attrs=None, **kwargs): - attrs = attrs or {} - table_name = kwargs.get("table_name") - return self.client.update(table_name, key, attrs), "" - - def search_entries(self, key, filter_="", attrs=None, **kwargs): - attrs = attrs or {} - table_name = kwargs.get("table_name") - return [ - Entry(entry["doc_id"], entry) - for entry in self.client.search(table_name, attrs) - ] - - BACKEND_CLASSES = { "sql": SQLBackend, "couchbase": CouchbaseBackend, - "spanner": SpannerBackend, } @@ -267,7 +237,7 @@ def update_lock_dynamic_config(self): kwargs = {} id_ = "ou=jans-lock,ou=configuration,o=jans" - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansAppConf"} id_ = doc_id_from_dn(id_) elif self.backend.type == "couchbase": @@ -293,7 +263,7 @@ def update_lock_dynamic_config(self): self.backend.modify_entry(entry.id, entry.attrs, **kwargs) def get_all_scopes(self): - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansScope"} entries = self.backend.search_entries(None, **kwargs) else: # likely couchbase @@ -312,7 +282,7 @@ def update_lock_client_scopes(self): client_id = self.manager.config.get("lock_client_id") id_ = f"inum={client_id},ou=clients,o=jans" - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansClnt"} id_ = doc_id_from_dn(id_) else: # likely couchbase diff --git a/docker-jans-casa/Dockerfile b/docker-jans-casa/Dockerfile index a4c07802c00..778f54be487 100644 --- a/docker-jans-casa/Dockerfile +++ b/docker-jans-casa/Dockerfile @@ -60,7 +60,7 @@ RUN mkdir -p /usr/share/java \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=4f155cfe9e197b15d65be6aa938276862fe36a06 +ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) @@ -175,9 +175,7 @@ ENV CN_PERSISTENCE_TYPE=sql \ CN_COUCHBASE_BUCKET_PREFIX=jans \ CN_COUCHBASE_TRUSTSTORE_ENABLE=true \ CN_COUCHBASE_KEEPALIVE_INTERVAL=30000 \ - CN_COUCHBASE_KEEPALIVE_TIMEOUT=2500 \ - CN_GOOGLE_SPANNER_INSTANCE_ID="" \ - CN_GOOGLE_SPANNER_DATABASE_ID="" + CN_COUCHBASE_KEEPALIVE_TIMEOUT=2500 # =========== # Generic ENV @@ -225,7 +223,6 @@ RUN mkdir -p /opt/jans/python/libs \ ${JETTY_BASE}/jans-casa/static \ ${JETTY_BASE}/jans-casa/plugins \ ${JETTY_BASE}/jans-casa/logs \ - ${JETTY_BASE}/common/libs/spanner \ ${JETTY_BASE}/common/libs/couchbase \ ${JETTY_HOME}/temp \ /etc/jans/conf/casa \ diff --git a/docker-jans-casa/README.md b/docker-jans-casa/README.md index 89b28d16f43..365c5b32c42 100644 --- a/docker-jans-casa/README.md +++ b/docker-jans-casa/README.md @@ -41,7 +41,7 @@ The following environment variables are supported by the container: - `CN_WAIT_MAX_TIME`: How long the startup "health checks" should run (default to `300` seconds). - `CN_WAIT_SLEEP_DURATION`: Delay between startup "health checks" (default to `10` seconds). - `CN_MAX_RAM_PERCENTAGE`: Value passed to Java option `-XX:MaxRAMPercentage`. -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, `spanner`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. - `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`); required if `CN_PERSISTENCE_TYPE` is set to `couchbase` or `hybrid`. - `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`); required if `CN_PERSISTENCE_TYPE` is set to `couchbase` or `hybrid`. @@ -64,8 +64,6 @@ The following environment variables are supported by the container: - `CN_SQL_DB_PORT`: Port of SQL backend (default to `3306`). - `CN_SQL_DB_NAME`: Database name (default to `jans`) - `CN_SQL_DB_USER`: Username to interact with SQL backend (default to `jans`). -- `CN_GOOGLE_SPANNER_INSTANCE_ID`: Instance ID of Google Spanner (default to empty string). -- `CN_GOOGLE_SPANNER_DATABASE_ID`: Database ID of Google Spanner (default to empty string). - `GOOGLE_APPLICATION_CREDENTIALS`: Optional JSON file (contains Google credentials) that can be injected into container for authentication. Refer to https://cloud.google.com/docs/authentication/provide-credentials-adc#how-to for supported credentials. - `GOOGLE_PROJECT_ID`: ID of Google project. - `CN_GOOGLE_SECRET_VERSION_ID`: Janssen secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended. @@ -133,12 +131,12 @@ Hybrid persistence supports all available persistence types. To configure hybrid ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -147,10 +145,10 @@ Hybrid persistence supports all available persistence types. To configure hybrid ``` { "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "couchbase", - "session": "spanner", + "session": "sql", } ``` diff --git a/docker-jans-casa/scripts/bootstrap.py b/docker-jans-casa/scripts/bootstrap.py index b80a74c013d..e579bc22026 100644 --- a/docker-jans-casa/scripts/bootstrap.py +++ b/docker-jans-casa/scripts/bootstrap.py @@ -16,9 +16,6 @@ from jans.pycloudlib.persistence.couchbase import sync_couchbase_password from jans.pycloudlib.persistence.couchbase import sync_couchbase_truststore from jans.pycloudlib.persistence.hybrid import render_hybrid_properties -from jans.pycloudlib.persistence.spanner import render_spanner_properties -from jans.pycloudlib.persistence.spanner import SpannerClient -from jans.pycloudlib.persistence.spanner import sync_google_credentials from jans.pycloudlib.persistence.sql import doc_id_from_dn from jans.pycloudlib.persistence.sql import render_sql_properties from jans.pycloudlib.persistence.sql import SqlClient @@ -151,14 +148,6 @@ def main(): "/etc/jans/conf/jans-sql.properties", ) - if "spanner" in persistence_groups: - render_spanner_properties( - manager, - "/app/templates/jans-spanner.properties", - "/etc/jans/conf/jans-spanner.properties", - ) - sync_google_credentials(manager) - wait_for_persistence(manager) override_simple_json_property("/etc/jans/conf/jans-sql.properties") @@ -201,7 +190,6 @@ def __init__(self, manager): client_classes = { "couchbase": CouchbaseClient, - "spanner": SpannerClient, "sql": SqlClient, } @@ -266,8 +254,8 @@ def _deprecated_script_exists(self): # deprecated Casa script DN id_ = "inum=BABA-CACA,ou=scripts,o=jans" - # sql and spanner - if self.persistence_type in ("sql", "spanner"): + # sql + if self.persistence_type == "sql": return bool(self.client.get("jansCustomScr", doc_id_from_dn(id_))) # likely couchbase diff --git a/docker-jans-casa/scripts/mod_context.py b/docker-jans-casa/scripts/mod_context.py index 8c0b92b84d5..f5f43000080 100644 --- a/docker-jans-casa/scripts/mod_context.py +++ b/docker-jans-casa/scripts/mod_context.py @@ -87,7 +87,7 @@ def modify_app_xml(app_name): mapper = PersistenceMapper() persistence_groups = mapper.groups().keys() - for persistence_type in ["spanner", "couchbase"]: + for persistence_type in ["couchbase"]: if persistence_type not in persistence_groups: continue diff --git a/docker-jans-casa/scripts/upgrade.py b/docker-jans-casa/scripts/upgrade.py index 4ba83dc84b1..65fb6dcd672 100644 --- a/docker-jans-casa/scripts/upgrade.py +++ b/docker-jans-casa/scripts/upgrade.py @@ -9,7 +9,6 @@ from jans.pycloudlib import get_manager from jans.pycloudlib.persistence.couchbase import CouchbaseClient from jans.pycloudlib.persistence.couchbase import id_from_dn -from jans.pycloudlib.persistence.spanner import SpannerClient from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.sql import doc_id_from_dn from jans.pycloudlib.persistence.utils import PersistenceMapper @@ -107,34 +106,9 @@ def delete_entry(self, key, **kwargs): return self.client.delete(bucket, key) -class SpannerBackend: - def __init__(self, manager): - self.manager = manager - self.client = SpannerClient(manager) - self.type = "spanner" - - def get_entry(self, key, filter_="", attrs=None, **kwargs): - table_name = kwargs.get("table_name") - entry = self.client.get(table_name, key, attrs) - - if not entry: - return None - return Entry(key, entry) - - def modify_entry(self, key, attrs=None, **kwargs): - attrs = attrs or {} - table_name = kwargs.get("table_name") - return self.client.update(table_name, key, attrs), "" - - def delete_entry(self, key, **kwargs): - table_name = kwargs.get("table_name") - return self.client.delete(table_name, key) - - BACKEND_CLASSES = { "sql": SQLBackend, "couchbase": CouchbaseBackend, - "spanner": SpannerBackend, } @@ -160,7 +134,7 @@ def update_client_scopes(self): client_id = self.manager.config.get("casa_client_id") id_ = f"inum={client_id},ou=clients,o=jans" - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansClnt"} id_ = doc_id_from_dn(id_) elif self.backend.type == "couchbase": @@ -199,7 +173,7 @@ def update_conf_app(self): kwargs = {} id_ = "ou=casa,ou=configuration,o=jans" - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansAppConf"} id_ = doc_id_from_dn(id_) elif self.backend.type == "couchbase": @@ -241,7 +215,7 @@ def update_client_uris(self): client_id = self.manager.config.get("casa_client_id") id_ = f"inum={client_id},ou=clients,o=jans" - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansClnt"} id_ = doc_id_from_dn(id_) elif self.backend.type == "couchbase": @@ -286,7 +260,7 @@ def update_agama_script(self): kwargs = {} agama_id = "inum=BADA-BADA,ou=scripts,o=jans" - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansCustomScr"} agama_id = doc_id_from_dn(agama_id) elif self.backend.type == "couchbase": @@ -305,7 +279,7 @@ def update_agama_deployment(self): casa_agama_deployment_id = CASA_AGAMA_DEPLOYMENT_ID deploy_id = f"jansId={casa_agama_deployment_id},ou=deployments,ou=agama,o=jans" - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "adsPrjDeployment"} deploy_id = doc_id_from_dn(deploy_id) else: # likely couchbase @@ -325,7 +299,7 @@ def update_agama_deployment(self): entry.attrs["jansActive"] = False start_date = utcnow() - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": entry.attrs["jansStartDate"] = start_date entry.attrs["jansEndDate"] = None else: # likely couchbase diff --git a/docker-jans-certmanager/Dockerfile b/docker-jans-certmanager/Dockerfile index 29a450d0e06..1eab709d153 100644 --- a/docker-jans-certmanager/Dockerfile +++ b/docker-jans-certmanager/Dockerfile @@ -25,7 +25,7 @@ RUN wget -q ${CN_SOURCE_URL} -P /app/javalibs/ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=4f155cfe9e197b15d65be6aa938276862fe36a06 +ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 # note that as we're pulling from a monorepo (with multiple project in it) # we are using partial-clone and sparse-checkout to get the assets @@ -114,9 +114,7 @@ ENV CN_PERSISTENCE_TYPE=sql \ CN_COUCHBASE_BUCKET_PREFIX=jans \ CN_COUCHBASE_TRUSTSTORE_ENABLE=true \ CN_COUCHBASE_KEEPALIVE_INTERVAL=30000 \ - CN_COUCHBASE_KEEPALIVE_TIMEOUT=2500 \ - CN_GOOGLE_SPANNER_INSTANCE_ID="" \ - CN_GOOGLE_SPANNER_DATABASE_ID="" + CN_COUCHBASE_KEEPALIVE_TIMEOUT=2500 # =========== # Generic ENV diff --git a/docker-jans-certmanager/README.md b/docker-jans-certmanager/README.md index 8ccdcb9176b..f146ee0ead7 100644 --- a/docker-jans-certmanager/README.md +++ b/docker-jans-certmanager/README.md @@ -50,7 +50,7 @@ The following environment variables are supported by the container: - `CN_SECRET_GOOGLE_SECRET_VERSION_ID`: Google Secret Manager version ID (default to `latest`). - `CN_SECRET_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Google Secret Manager name (default to `jans`). - `CN_SECRET_GOOGLE_SECRET_MANAGER_PASSPHRASE`: Passphrase for Google Secret Manager (default to `secret`). -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, `spanner`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. - `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`). - `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`). @@ -69,8 +69,6 @@ The following environment variables are supported by the container: - `CN_GOOGLE_SECRET_VERSION_ID`: Janssen secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended. - `CN_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen secret in Google Secret Manager. Defaults to `jans`. If left `jans-secret` secret will be created. - `CN_GOOGLE_SECRET_MANAGER_PASSPHRASE`: Passphrase for Janssen secret in Google Secret Manager. This is recommended to be changed and defaults to `secret`. -- `CN_GOOGLE_SPANNER_INSTANCE_ID`: Google Spanner instance ID. -- `CN_GOOGLE_SPANNER_DATABASE_ID`: Google Spanner database ID. - `CN_SQL_DB_HOST`: Hostname of the SQL database (default to `localhost`). - `CN_SQL_DB_PORT`: Port of the SQL database (default to `3306` for MySQL). - `CN_SQL_DB_NAME`: SQL database name (default to `jans`). @@ -224,12 +222,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -238,10 +236,10 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "couchbase", - "session": "spanner", + "session": "sql", } ``` diff --git a/docker-jans-certmanager/scripts/auth_handler.py b/docker-jans-certmanager/scripts/auth_handler.py index 5bdd9d1e6f2..f528a29a659 100644 --- a/docker-jans-certmanager/scripts/auth_handler.py +++ b/docker-jans-certmanager/scripts/auth_handler.py @@ -8,7 +8,6 @@ from jans.pycloudlib.persistence.couchbase import CouchbaseClient from jans.pycloudlib.persistence.sql import SqlClient -from jans.pycloudlib.persistence.spanner import SpannerClient from jans.pycloudlib.persistence.utils import PersistenceMapper from jans.pycloudlib.utils import encode_text from jans.pycloudlib.utils import exec_cmd @@ -138,15 +137,9 @@ def modify_auth_config(self, id_, rev, conf_dynamic, conf_webkeys): return modified -class SpannerPersistence(SqlPersistence): - def __init__(self, manager): - self.client = SpannerClient(manager) - - _backend_classes = { "couchbase": CouchbasePersistence, "sql": SqlPersistence, - "spanner": SpannerPersistence, } diff --git a/docker-jans-certmanager/scripts/bootstrap.py b/docker-jans-certmanager/scripts/bootstrap.py index eacef55d80c..79da39f5ae4 100644 --- a/docker-jans-certmanager/scripts/bootstrap.py +++ b/docker-jans-certmanager/scripts/bootstrap.py @@ -6,7 +6,6 @@ from jans.pycloudlib import get_manager from jans.pycloudlib.persistence.couchbase import sync_couchbase_password -from jans.pycloudlib.persistence.spanner import sync_google_credentials from jans.pycloudlib.persistence.sql import sync_sql_password from jans.pycloudlib.persistence.utils import PersistenceMapper @@ -75,8 +74,6 @@ def patch(service, dry_run, opts): sync_sql_password(manager) case "couchbase": sync_couchbase_password(manager) - case "spanner": - sync_google_credentials(manager) logger.info(f"Processing updates for service {service}") parsed_opts = _parse_opts(opts) @@ -111,8 +108,6 @@ def prune(service, dry_run, opts): sync_sql_password(manager) case "couchbase": sync_couchbase_password(manager) - case "spanner": - sync_google_credentials(manager) logger.info(f"Processing updates for service {service}") parsed_opts = _parse_opts(opts) diff --git a/docker-jans-config-api/Dockerfile b/docker-jans-config-api/Dockerfile index 62e06e2535e..51e60ae9f60 100644 --- a/docker-jans-config-api/Dockerfile +++ b/docker-jans-config-api/Dockerfile @@ -70,7 +70,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-config-api/_plugins \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=4f155cfe9e197b15d65be6aa938276862fe36a06 +ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup ARG JANS_CONFIG_API_RESOURCES=jans-config-api/server/src/main/resources @@ -196,9 +196,7 @@ ENV CN_PERSISTENCE_TYPE=sql \ CN_COUCHBASE_BUCKET_PREFIX=jans \ CN_COUCHBASE_TRUSTSTORE_ENABLE=true \ CN_COUCHBASE_KEEPALIVE_INTERVAL=30000 \ - CN_COUCHBASE_KEEPALIVE_TIMEOUT=2500 \ - CN_GOOGLE_SPANNER_INSTANCE_ID="" \ - CN_GOOGLE_SPANNER_DATABASE_ID="" + CN_COUCHBASE_KEEPALIVE_TIMEOUT=2500 # =========== # Generic ENV @@ -239,7 +237,6 @@ RUN mkdir -p /etc/certs \ ${JETTY_BASE}/jans-config-api/custom/libs \ ${JETTY_BASE}/jans-config-api/custom/config \ ${JETTY_BASE}/jans-config-api/logs \ - ${JETTY_BASE}/common/libs/spanner \ ${JETTY_BASE}/common/libs/couchbase \ ${JETTY_HOME}/temp \ /usr/share/java \ diff --git a/docker-jans-config-api/README.md b/docker-jans-config-api/README.md index 898521dd692..478e66f123b 100644 --- a/docker-jans-config-api/README.md +++ b/docker-jans-config-api/README.md @@ -49,7 +49,7 @@ The following environment variables are supported by the container: - `CN_WAIT_MAX_TIME`: How long the startup "health checks" should run (default to `300` seconds). - `CN_WAIT_SLEEP_DURATION`: Delay between startup "health checks" (default to `10` seconds). - `CN_MAX_RAM_PERCENTAGE`: Value passed to Java option `-XX:MaxRAMPercentage`. -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `couchbase`, `sql`, `spanner`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `couchbase`, `sql`, or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. - `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`). - `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`). @@ -70,8 +70,6 @@ The following environment variables are supported by the container: - `CN_GOOGLE_SECRET_VERSION_ID`: Janssen secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended. - `CN_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen secret in Google Secret Manager. Defaults to `jans`. If left `jans-secret` secret will be created. - `CN_GOOGLE_SECRET_MANAGER_PASSPHRASE`: Passphrase for Janssen secret in Google Secret Manager. This is recommended to be changed and defaults to `secret`. -- `CN_GOOGLE_SPANNER_INSTANCE_ID`: Google Spanner instance ID. -- `CN_GOOGLE_SPANNER_DATABASE_ID`: Google Spanner database ID. - `CN_CONFIG_API_APP_LOGGERS`: Custom logging configuration in JSON-string format with hash type (see [Configure app loggers](#configure-app-loggers) section for details). - `CN_CONFIG_API_PLUGINS`: Comma-separated plugin names that should be enabled (available plugins are `admin-ui`, `scim`, `fido2`, `user-mgt`, `jans-link`, `kc-saml`, `kc-link`, `lock`). Note that unknown plugin name will be ignored. - `CN_TOKEN_SERVER_BASE_URL`: Base URL of token server (default to empty). @@ -180,12 +178,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -194,11 +192,11 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "couchbase", - "session": "spanner", + "session": "sql", } ``` diff --git a/docker-jans-config-api/scripts/bootstrap.py b/docker-jans-config-api/scripts/bootstrap.py index af98c51bada..c65269db530 100644 --- a/docker-jans-config-api/scripts/bootstrap.py +++ b/docker-jans-config-api/scripts/bootstrap.py @@ -18,9 +18,6 @@ from jans.pycloudlib.persistence.couchbase import sync_couchbase_password from jans.pycloudlib.persistence.couchbase import sync_couchbase_truststore from jans.pycloudlib.persistence.hybrid import render_hybrid_properties -from jans.pycloudlib.persistence.spanner import render_spanner_properties -from jans.pycloudlib.persistence.spanner import SpannerClient -from jans.pycloudlib.persistence.spanner import sync_google_credentials from jans.pycloudlib.persistence.sql import doc_id_from_dn from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.sql import render_sql_properties @@ -81,14 +78,6 @@ def main(): "/etc/jans/conf/jans-sql.properties", ) - if "spanner" in persistence_groups: - render_spanner_properties( - manager, - "/app/templates/jans-spanner.properties", - "/etc/jans/conf/jans-spanner.properties", - ) - sync_google_credentials(manager) - wait_for_persistence(manager) override_simple_json_property("/etc/jans/conf/jans-sql.properties") @@ -293,7 +282,6 @@ def __init__(self, manager) -> None: client_classes = { "couchbase": CouchbaseClient, - "spanner": SpannerClient, "sql": SqlClient, } @@ -308,8 +296,8 @@ def __init__(self, manager) -> None: def get_auth_config(self): dn = "ou=jans-auth,ou=configuration,o=jans" - # sql and spanner - if self.persistence_type in ("sql", "spanner"): + # sql + if self.persistence_type == "sql": entry = self.client.get("jansAppConf", doc_id_from_dn(dn)) return json.loads(entry["jansConfDyn"]) diff --git a/docker-jans-config-api/scripts/mod_context.py b/docker-jans-config-api/scripts/mod_context.py index 010c448b744..5903ea5fa12 100644 --- a/docker-jans-config-api/scripts/mod_context.py +++ b/docker-jans-config-api/scripts/mod_context.py @@ -87,7 +87,7 @@ def modify_app_xml(app_name): mapper = PersistenceMapper() persistence_groups = mapper.groups().keys() - for persistence_type in ["spanner", "couchbase"]: + for persistence_type in ["couchbase"]: if persistence_type not in persistence_groups: continue diff --git a/docker-jans-config-api/scripts/upgrade.py b/docker-jans-config-api/scripts/upgrade.py index 6093c7f3021..9071f7cdb86 100644 --- a/docker-jans-config-api/scripts/upgrade.py +++ b/docker-jans-config-api/scripts/upgrade.py @@ -6,7 +6,6 @@ from jans.pycloudlib import get_manager from jans.pycloudlib.persistence.couchbase import CouchbaseClient -from jans.pycloudlib.persistence.spanner import SpannerClient from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.utils import PersistenceMapper from jans.pycloudlib.persistence.sql import doc_id_from_dn @@ -280,38 +279,9 @@ def search_entries(self, key, filter_="", attrs=None, **kwargs): return entries -class SpannerBackend: - def __init__(self, manager): - self.manager = manager - self.client = SpannerClient(manager) - self.type = "spanner" - - def get_entry(self, key, filter_="", attrs=None, **kwargs): - table_name = kwargs.get("table_name") - entry = self.client.get(table_name, key, attrs) - - if not entry: - return None - return Entry(key, entry) - - def modify_entry(self, key, attrs=None, **kwargs): - attrs = attrs or {} - table_name = kwargs.get("table_name") - return self.client.update(table_name, key, attrs), "" - - def search_entries(self, key, filter_="", attrs=None, **kwargs): - attrs = attrs or {} - table_name = kwargs.get("table_name") - return [ - Entry(entry["doc_id"], entry) - for entry in self.client.search(table_name, attrs) - ] - - BACKEND_CLASSES = { "sql": SQLBackend, "couchbase": CouchbaseBackend, - "spanner": SpannerBackend, } @@ -341,7 +311,7 @@ def update_client_redirect_uri(self): jca_client_id = self.manager.config.get("jca_client_id") id_ = f"inum={jca_client_id},ou=clients,o=jans" - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansClnt"} id_ = doc_id_from_dn(id_) elif self.backend.type == "couchbase": @@ -360,7 +330,8 @@ def update_client_redirect_uri(self): if f"https://{hostname}/admin" not in entry.attrs["jansRedirectURI"]["v"]: entry.attrs["jansRedirectURI"]["v"].append(f"https://{hostname}/admin") should_update = True - else: # likely couchbase or spanner + else: + # likely couchbase if f"https://{hostname}/admin" not in entry.attrs["jansRedirectURI"]: entry.attrs["jansRedirectURI"].append(f"https://{hostname}/admin") should_update = True @@ -372,7 +343,7 @@ def update_api_dynamic_config(self): kwargs = {} id_ = "ou=jans-config-api,ou=configuration,o=jans" - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansAppConf"} id_ = doc_id_from_dn(id_) elif self.backend.type == "couchbase": @@ -402,7 +373,7 @@ def update_client_scopes(self): client_id = self.manager.config.get("jca_client_id") id_ = f"inum={client_id},ou=clients,o=jans" - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansClnt"} id_ = doc_id_from_dn(id_) elif self.backend.type == "couchbase": @@ -439,8 +410,7 @@ def update_test_client_scopes(self): id_ = f"inum={test_client_id},ou=clients,o=jans" kwargs = {} - # search_entries(self, key, filter_="", attrs=None, **kwargs) - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": id_ = doc_id_from_dn(id_) kwargs = {"table_name": "jansClnt"} elif self.backend.type == "couchbase": @@ -460,7 +430,7 @@ def update_test_client_scopes(self): if not isinstance(client_scopes, list): client_scopes = [client_scopes] - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": scopes = [ scope_entry.attrs["dn"] for scope_entry in self.backend.search_entries("", **{"table_name": "jansScope"}) diff --git a/docker-jans-configurator/Dockerfile b/docker-jans-configurator/Dockerfile index 2eb5e1601b3..3863ec841b5 100644 --- a/docker-jans-configurator/Dockerfile +++ b/docker-jans-configurator/Dockerfile @@ -27,7 +27,7 @@ RUN mkdir -p /opt/jans/configurator/javalibs \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=4f155cfe9e197b15d65be6aa938276862fe36a06 +ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 RUN git clone --depth 500 --filter blob:none --no-checkout https://github.com/janssenproject/jans /tmp/jans \ && cd /tmp/jans \ diff --git a/docker-jans-configurator/scripts/bootstrap.py b/docker-jans-configurator/scripts/bootstrap.py index 462502dc26e..0b1245509f3 100644 --- a/docker-jans-configurator/scripts/bootstrap.py +++ b/docker-jans-configurator/scripts/bootstrap.py @@ -17,7 +17,6 @@ from jans.pycloudlib import wait_for from jans.pycloudlib.persistence.couchbase import sync_couchbase_password from jans.pycloudlib.persistence.couchbase import sync_couchbase_superuser_password -from jans.pycloudlib.persistence.spanner import sync_google_credentials from jans.pycloudlib.persistence.sql import sync_sql_password from jans.pycloudlib.persistence.utils import PersistenceMapper from jans.pycloudlib.utils import get_random_chars @@ -531,8 +530,6 @@ def load(configuration_file, dump_file): case "couchbase": sync_couchbase_superuser_password(manager) sync_couchbase_password(manager) - case "spanner": - sync_google_credentials(manager) # check whether config and secret in backend have been initialized should_skip = as_boolean(os.environ.get("CN_CONFIGURATOR_SKIP_INITIALIZED", False)) @@ -580,8 +577,6 @@ def dump(dump_file): case "couchbase": sync_couchbase_superuser_password(manager) sync_couchbase_password(manager) - case "spanner": - sync_google_credentials(manager) # dump all configuration from remote backend to file dump_to_file(manager, dump_file) diff --git a/docker-jans-fido2/Dockerfile b/docker-jans-fido2/Dockerfile index dfaa52c8b02..6b3cd86854c 100644 --- a/docker-jans-fido2/Dockerfile +++ b/docker-jans-fido2/Dockerfile @@ -61,7 +61,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-fido2/webapps \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=4f155cfe9e197b15d65be6aa938276862fe36a06 +ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) @@ -228,7 +228,6 @@ LABEL org.opencontainers.image.url="ghcr.io/janssenproject/jans/fido2" \ RUN mkdir -p /etc/certs \ ${JETTY_BASE}/jans-fido2/logs \ ${JETTY_BASE}/jans-fido2/custom/libs \ - ${JETTY_BASE}/common/libs/spanner \ ${JETTY_BASE}/common/libs/couchbase \ ${JETTY_HOME}/temp \ /usr/share/java diff --git a/docker-jans-fido2/README.md b/docker-jans-fido2/README.md index d8339fc980d..08115d1e2e5 100644 --- a/docker-jans-fido2/README.md +++ b/docker-jans-fido2/README.md @@ -49,7 +49,7 @@ The following environment variables are supported by the container: - `CN_WAIT_MAX_TIME`: How long the startup "health checks" should run (default to `300` seconds). - `CN_WAIT_SLEEP_DURATION`: Delay between startup "health checks" (default to `10` seconds). - `CN_MAX_RAM_PERCENTAGE`: Value passed to Java option `-XX:MaxRAMPercentage`. -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, `spanner`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. - `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`). - `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`). @@ -135,12 +135,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -149,11 +149,11 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "couchbase", - "session": "spanner", + "session": "sql", } ``` diff --git a/docker-jans-fido2/scripts/bootstrap.py b/docker-jans-fido2/scripts/bootstrap.py index 3cfbe02a500..1677f965de3 100644 --- a/docker-jans-fido2/scripts/bootstrap.py +++ b/docker-jans-fido2/scripts/bootstrap.py @@ -13,9 +13,6 @@ from jans.pycloudlib.persistence.couchbase import sync_couchbase_password from jans.pycloudlib.persistence.couchbase import sync_couchbase_truststore from jans.pycloudlib.persistence.hybrid import render_hybrid_properties -from jans.pycloudlib.persistence.spanner import render_spanner_properties -from jans.pycloudlib.persistence.spanner import SpannerClient -from jans.pycloudlib.persistence.spanner import sync_google_credentials from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.sql import render_sql_properties from jans.pycloudlib.persistence.sql import sync_sql_password @@ -71,14 +68,6 @@ def main(): "/etc/jans/conf/jans-sql.properties", ) - if "spanner" in persistence_groups: - render_spanner_properties( - manager, - "/app/templates/jans-spanner.properties", - "/etc/jans/conf/jans-spanner.properties", - ) - sync_google_credentials(manager) - wait_for_persistence(manager) override_simple_json_property("/etc/jans/conf/jans-sql.properties") @@ -183,7 +172,6 @@ def __init__(self, manager) -> None: client_classes = { "couchbase": CouchbaseClient, - "spanner": SpannerClient, "sql": SqlClient, } diff --git a/docker-jans-fido2/scripts/mod_context.py b/docker-jans-fido2/scripts/mod_context.py index 7a668a94d19..2cf05595335 100644 --- a/docker-jans-fido2/scripts/mod_context.py +++ b/docker-jans-fido2/scripts/mod_context.py @@ -87,7 +87,7 @@ def modify_app_xml(app_name): mapper = PersistenceMapper() persistence_groups = mapper.groups().keys() - for persistence_type in ["spanner", "couchbase"]: + for persistence_type in ["couchbase"]: if persistence_type not in persistence_groups: continue diff --git a/docker-jans-fido2/scripts/upgrade.py b/docker-jans-fido2/scripts/upgrade.py index f336cb1a779..06a73216ee8 100644 --- a/docker-jans-fido2/scripts/upgrade.py +++ b/docker-jans-fido2/scripts/upgrade.py @@ -8,7 +8,6 @@ from jans.pycloudlib import get_manager from jans.pycloudlib.persistence.couchbase import CouchbaseClient from jans.pycloudlib.persistence.couchbase import id_from_dn -from jans.pycloudlib.persistence.spanner import SpannerClient from jans.pycloudlib.persistence.sql import doc_id_from_dn from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.utils import PersistenceMapper @@ -148,30 +147,9 @@ def modify_entry(self, key, attrs=None, **kwargs): return status, message -class SpannerBackend: - def __init__(self, manager): - self.manager = manager - self.client = SpannerClient(manager) - self.type = "spanner" - - def get_entry(self, key, filter_="", attrs=None, **kwargs): - table_name = kwargs.get("table_name") - entry = self.client.get(table_name, key, attrs) - - if not entry: - return None - return Entry(key, entry) - - def modify_entry(self, key, attrs=None, **kwargs): - attrs = attrs or {} - table_name = kwargs.get("table_name") - return self.client.update(table_name, key, attrs), "" - - BACKEND_CLASSES = { "sql": SQLBackend, "couchbase": CouchbaseBackend, - "spanner": SpannerBackend, } @@ -194,7 +172,7 @@ def update_fido2_dynamic_config(self): kwargs = {} id_ = "ou=jans-fido2,ou=configuration,o=jans" - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansAppConf"} id_ = doc_id_from_dn(id_) elif self.backend.type == "couchbase": @@ -223,7 +201,7 @@ def update_fido2_static_config(self): kwargs = {} id_ = "ou=jans-fido2,ou=configuration,o=jans" - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansAppConf"} id_ = doc_id_from_dn(id_) elif self.backend.type == "couchbase": @@ -252,7 +230,7 @@ def update_fido2_error_config(self): kwargs = {} id_ = "ou=jans-fido2,ou=configuration,o=jans" - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansAppConf"} id_ = doc_id_from_dn(id_) elif self.backend.type == "couchbase": diff --git a/docker-jans-kc-scheduler/Dockerfile b/docker-jans-kc-scheduler/Dockerfile index 1e57603e62f..f1f7ef9fda7 100644 --- a/docker-jans-kc-scheduler/Dockerfile +++ b/docker-jans-kc-scheduler/Dockerfile @@ -38,7 +38,7 @@ RUN wget -q https://repo1.maven.org/maven2/org/codehaus/janino/janino/3.1.9/jani # Assets sync # =========== -ENV JANS_SOURCE_VERSION=4f155cfe9e197b15d65be6aa938276862fe36a06 +ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 # note that as we're pulling from a monorepo (with multiple project in it) # we are using partial-clone and sparse-checkout to get the assets diff --git a/docker-jans-keycloak-link/Dockerfile b/docker-jans-keycloak-link/Dockerfile index 2c6ff9d702b..0bf36561c91 100644 --- a/docker-jans-keycloak-link/Dockerfile +++ b/docker-jans-keycloak-link/Dockerfile @@ -61,7 +61,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-keycloak-link/webapps \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=4f155cfe9e197b15d65be6aa938276862fe36a06 +ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) @@ -218,7 +218,6 @@ LABEL org.opencontainers.image.url="ghcr.io/janssenproject/jans/keycloak-link" \ RUN mkdir -p /etc/certs \ ${JETTY_BASE}/jans-keycloak-link/logs \ ${JETTY_BASE}/jans-keycloak-link/custom/libs \ - ${JETTY_BASE}/common/libs/spanner \ ${JETTY_BASE}/common/libs/couchbase \ ${JETTY_HOME}/temp \ /usr/share/java \ diff --git a/docker-jans-keycloak-link/README.md b/docker-jans-keycloak-link/README.md index 28135d5f1d1..ddba8047e08 100644 --- a/docker-jans-keycloak-link/README.md +++ b/docker-jans-keycloak-link/README.md @@ -49,7 +49,7 @@ The following environment variables are supported by the container: - `CN_WAIT_MAX_TIME`: How long the startup "health checks" should run (default to `300` seconds). - `CN_WAIT_SLEEP_DURATION`: Delay between startup "health checks" (default to `10` seconds). - `CN_MAX_RAM_PERCENTAGE`: Value passed to Java option `-XX:MaxRAMPercentage`. -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, `spanner`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. - `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`). - `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`). @@ -135,12 +135,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -149,11 +149,11 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "couchbase", - "session": "spanner", + "session": "sql", } ``` diff --git a/docker-jans-keycloak-link/scripts/bootstrap.py b/docker-jans-keycloak-link/scripts/bootstrap.py index 22f627b250d..519fdd8685a 100644 --- a/docker-jans-keycloak-link/scripts/bootstrap.py +++ b/docker-jans-keycloak-link/scripts/bootstrap.py @@ -15,9 +15,6 @@ from jans.pycloudlib.persistence.couchbase import sync_couchbase_truststore from jans.pycloudlib.persistence.couchbase import sync_couchbase_password from jans.pycloudlib.persistence.hybrid import render_hybrid_properties -from jans.pycloudlib.persistence.spanner import render_spanner_properties -from jans.pycloudlib.persistence.spanner import SpannerClient -from jans.pycloudlib.persistence.spanner import sync_google_credentials from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.sql import render_sql_properties from jans.pycloudlib.persistence.sql import sync_sql_password @@ -79,14 +76,6 @@ def main(): "/etc/jans/conf/jans-sql.properties", ) - if "spanner" in persistence_groups: - render_spanner_properties( - manager, - "/app/templates/jans-spanner.properties", - "/etc/jans/conf/jans-spanner.properties", - ) - sync_google_credentials(manager) - if not os.path.isfile("/etc/certs/web_https.crt"): if as_boolean(os.environ.get("CN_SSL_CERT_FROM_SECRETS", "true")): manager.secret.to_file("ssl_cert", "/etc/certs/web_https.crt") @@ -191,7 +180,6 @@ def __init__(self, manager: Manager) -> None: client_classes = { "couchbase": CouchbaseClient, - "spanner": SpannerClient, "sql": SqlClient, } diff --git a/docker-jans-keycloak-link/scripts/mod_context.py b/docker-jans-keycloak-link/scripts/mod_context.py index 3c20c7f052a..63d25aac738 100644 --- a/docker-jans-keycloak-link/scripts/mod_context.py +++ b/docker-jans-keycloak-link/scripts/mod_context.py @@ -87,7 +87,7 @@ def modify_app_xml(app_name): mapper = PersistenceMapper() persistence_groups = mapper.groups().keys() - for persistence_type in ["spanner", "couchbase"]: + for persistence_type in ["couchbase"]: if persistence_type not in persistence_groups: continue diff --git a/docker-jans-keycloak-link/scripts/upgrade.py b/docker-jans-keycloak-link/scripts/upgrade.py index 8dc9f44b92f..46a8783f947 100644 --- a/docker-jans-keycloak-link/scripts/upgrade.py +++ b/docker-jans-keycloak-link/scripts/upgrade.py @@ -6,7 +6,6 @@ from jans.pycloudlib import get_manager from jans.pycloudlib.persistence.couchbase import CouchbaseClient from jans.pycloudlib.persistence.couchbase import id_from_dn -from jans.pycloudlib.persistence.spanner import SpannerClient from jans.pycloudlib.persistence.sql import doc_id_from_dn from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.utils import PersistenceMapper @@ -89,30 +88,9 @@ def modify_entry(self, key, attrs=None, **kwargs): return status, message -class SpannerBackend: - def __init__(self, manager): - self.manager = manager - self.client = SpannerClient(manager) - self.type = "spanner" - - def get_entry(self, key, filter_="", attrs=None, **kwargs): - table_name = kwargs.get("table_name") - entry = self.client.get(table_name, key, attrs) - - if not entry: - return None - return Entry(key, entry) - - def modify_entry(self, key, attrs=None, **kwargs): - attrs = attrs or {} - table_name = kwargs.get("table_name") - return self.client.update(table_name, key, attrs), "" - - BACKEND_CLASSES = { "sql": SQLBackend, "couchbase": CouchbaseBackend, - "spanner": SpannerBackend, } @@ -133,7 +111,7 @@ def enable_ext_script(self): kwargs = {} script_id = "inum=13D3-E7AD,ou=scripts,o=jans" - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansCustomScr"} script_id = doc_id_from_dn(script_id) diff --git a/docker-jans-link/Dockerfile b/docker-jans-link/Dockerfile index ac030f30e4e..7be8e469874 100644 --- a/docker-jans-link/Dockerfile +++ b/docker-jans-link/Dockerfile @@ -61,7 +61,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-link/webapps \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=4f155cfe9e197b15d65be6aa938276862fe36a06 +ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) @@ -218,7 +218,6 @@ LABEL org.opencontainers.image.url="ghcr.io/janssenproject/jans/link" \ RUN mkdir -p /etc/certs \ ${JETTY_BASE}/jans-link/logs \ ${JETTY_BASE}/jans-link/custom/libs \ - ${JETTY_BASE}/common/libs/spanner \ ${JETTY_BASE}/common/libs/couchbase \ ${JETTY_HOME}/temp \ /usr/share/java \ diff --git a/docker-jans-link/README.md b/docker-jans-link/README.md index 607737f0f7d..057d2a24be9 100644 --- a/docker-jans-link/README.md +++ b/docker-jans-link/README.md @@ -49,7 +49,7 @@ The following environment variables are supported by the container: - `CN_WAIT_MAX_TIME`: How long the startup "health checks" should run (default to `300` seconds). - `CN_WAIT_SLEEP_DURATION`: Delay between startup "health checks" (default to `10` seconds). - `CN_MAX_RAM_PERCENTAGE`: Value passed to Java option `-XX:MaxRAMPercentage`. -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, `spanner`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. - `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`). - `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`). @@ -135,12 +135,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -149,11 +149,11 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "couchbase", - "session": "spanner", + "session": "sql", } ``` diff --git a/docker-jans-link/scripts/bootstrap.py b/docker-jans-link/scripts/bootstrap.py index 252adf795ce..7c6298bd485 100644 --- a/docker-jans-link/scripts/bootstrap.py +++ b/docker-jans-link/scripts/bootstrap.py @@ -15,9 +15,6 @@ from jans.pycloudlib.persistence.couchbase import sync_couchbase_password from jans.pycloudlib.persistence.couchbase import sync_couchbase_truststore from jans.pycloudlib.persistence.hybrid import render_hybrid_properties -from jans.pycloudlib.persistence.spanner import render_spanner_properties -from jans.pycloudlib.persistence.spanner import SpannerClient -from jans.pycloudlib.persistence.spanner import sync_google_credentials from jans.pycloudlib.persistence.sql import render_sql_properties from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.sql import sync_sql_password @@ -80,14 +77,6 @@ def main(): "/etc/jans/conf/jans-sql.properties", ) - if "spanner" in persistence_groups: - render_spanner_properties( - manager, - "/app/templates/jans-spanner.properties", - "/etc/jans/conf/jans-spanner.properties", - ) - sync_google_credentials(manager) - wait_for_persistence(manager) override_simple_json_property("/etc/jans/conf/jans-sql.properties") @@ -192,7 +181,6 @@ def __init__(self, manager: Manager) -> None: client_classes = { "couchbase": CouchbaseClient, - "spanner": SpannerClient, "sql": SqlClient, } diff --git a/docker-jans-link/scripts/mod_context.py b/docker-jans-link/scripts/mod_context.py index 2b830080c59..aa3b324a125 100644 --- a/docker-jans-link/scripts/mod_context.py +++ b/docker-jans-link/scripts/mod_context.py @@ -87,7 +87,7 @@ def modify_app_xml(app_name): mapper = PersistenceMapper() persistence_groups = mapper.groups().keys() - for persistence_type in ["spanner", "couchbase"]: + for persistence_type in ["couchbase"]: if persistence_type not in persistence_groups: continue diff --git a/docker-jans-link/scripts/upgrade.py b/docker-jans-link/scripts/upgrade.py index 4078d711873..098d4d44df5 100644 --- a/docker-jans-link/scripts/upgrade.py +++ b/docker-jans-link/scripts/upgrade.py @@ -6,7 +6,6 @@ from jans.pycloudlib import get_manager from jans.pycloudlib.persistence.couchbase import CouchbaseClient from jans.pycloudlib.persistence.couchbase import id_from_dn -from jans.pycloudlib.persistence.spanner import SpannerClient from jans.pycloudlib.persistence.sql import doc_id_from_dn from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.utils import PersistenceMapper @@ -89,30 +88,9 @@ def modify_entry(self, key, attrs=None, **kwargs): return status, message -class SpannerBackend: - def __init__(self, manager): - self.manager = manager - self.client = SpannerClient(manager) - self.type = "spanner" - - def get_entry(self, key, filter_="", attrs=None, **kwargs): - table_name = kwargs.get("table_name") - entry = self.client.get(table_name, key, attrs) - - if not entry: - return None - return Entry(key, entry) - - def modify_entry(self, key, attrs=None, **kwargs): - attrs = attrs or {} - table_name = kwargs.get("table_name") - return self.client.update(table_name, key, attrs), "" - - BACKEND_CLASSES = { "sql": SQLBackend, "couchbase": CouchbaseBackend, - "spanner": SpannerBackend, } @@ -133,7 +111,7 @@ def enable_ext_script(self): kwargs = {} script_id = "inum=13D3-E7AD,ou=scripts,o=jans" - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansCustomScr"} script_id = doc_id_from_dn(script_id) diff --git a/docker-jans-monolith/Dockerfile b/docker-jans-monolith/Dockerfile index ea6f73b3137..4d335711136 100644 --- a/docker-jans-monolith/Dockerfile +++ b/docker-jans-monolith/Dockerfile @@ -33,9 +33,6 @@ RUN systemctl set-default multi-user.target \ RUN rm -f /lib/systemd/system/systemd*udev* \ && rm -f /lib/systemd/system/getty.target -# Install google cloud client -RUN curl https://sdk.cloud.google.com > install.sh && bash install.sh --disable-prompts - HEALTHCHECK --interval=35s --timeout=4s CMD /opt/dist/scripts/jans-auth check | grep "Jetty running pid" || exit 1 # Ports required by jetty @@ -45,7 +42,7 @@ EXPOSE 443 8080 1636 # jans-linux-setup # ===================== -ENV JANS_SOURCE_VERSION=4f155cfe9e197b15d65be6aa938276862fe36a06 +ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 # cleanup RUN rm -rf /tmp/jans @@ -71,7 +68,6 @@ ENV CN_HOSTNAME="demoexample.jans.io" \ TEST_CLIENT_SECRET="" \ TEST_CLIENT_TRUSTED="true" \ CN_INSTALL_COUCHBASE="false" \ - CN_INSTALL_SPANNER="false" \ CN_INSTALL_MYSQL="false" \ CN_INSTALL_PGSQL="false" \ CN_INSTALL_CONFIG_API="true" \ diff --git a/docker-jans-monolith/clean.sh b/docker-jans-monolith/clean.sh index 9e63349714c..a2ce496b576 100644 --- a/docker-jans-monolith/clean.sh +++ b/docker-jans-monolith/clean.sh @@ -5,7 +5,7 @@ if [ -z "$1" ]; then yaml="jans-mysql-compose.yml" else case "$1" in - mysql|postgres|couchbase|spanner) + mysql|postgres|couchbase) yaml="jans-${1}-compose.yml" ;; *) diff --git a/docker-jans-monolith/down.sh b/docker-jans-monolith/down.sh index 2e44d4c0b4f..b1f038784e9 100644 --- a/docker-jans-monolith/down.sh +++ b/docker-jans-monolith/down.sh @@ -5,7 +5,7 @@ if [ -z "$1" ]; then yaml="jans-mysql-compose.yml" else case "$1" in - mysql|postgres|couchbase|spanner) + mysql|postgres|couchbase) yaml="jans-${1}-compose.yml" ;; *) diff --git a/docker-jans-monolith/scripts/entrypoint.sh b/docker-jans-monolith/scripts/entrypoint.sh index 86ead7f6213..a7a7fdab03f 100644 --- a/docker-jans-monolith/scripts/entrypoint.sh +++ b/docker-jans-monolith/scripts/entrypoint.sh @@ -68,19 +68,6 @@ install_jans() { echo "cb_password=${COUCHBASE_PASSWORD}" | tee -a setup.properties > /dev/null echo "couchbase_hostname=${COUCHBASE_HOSTNAME}" | tee -a setup.properties > /dev/null echo "couchebaseClusterAdmin=${COUCHBASE_ADMIN}" | tee -a setup.properties > /dev/null - elif [[ "${CN_INSTALL_SPANNER}" == "true" ]]; then - echo "Installing with SPANNER" - echo "rdbm_type=spanner" | tee -a setup.properties > /dev/null - echo "rdbm_install_type=2" | tee -a setup.properties > /dev/null - echo "spanner_emulator_host=localhost" | tee -a setup.properties > /dev/null - echo "spanner_project=jans-project" | tee -a setup.properties > /dev/null - echo "spanner_instance=jans-instance" | tee -a setup.properties > /dev/null - echo "spanner_database=jansdb" | tee -a setup.properties > /dev/null - "$HOME"/google-cloud-sdk/bin/gcloud emulators spanner start --quiet & - gcloud config configurations create emulator - gcloud config set auth/disable_credentials true - gcloud config set project jans-project - gcloud config set api_endpoint_overrides/spanner http://localhost:9020/ fi echo "***** Running the setup script for ${CN_ORG_NAME}!! *****" diff --git a/docker-jans-monolith/up.sh b/docker-jans-monolith/up.sh index 5b3ab248919..a98a435361e 100644 --- a/docker-jans-monolith/up.sh +++ b/docker-jans-monolith/up.sh @@ -5,7 +5,7 @@ if [ -z "$1" ]; then yaml="jans-mysql-compose.yml" else case "$1" in - mysql|postgres|couchbase|spanner) + mysql|postgres|couchbase) yaml="jans-${1}-compose.yml" ;; *) diff --git a/docker-jans-persistence-loader/Dockerfile b/docker-jans-persistence-loader/Dockerfile index 9f0239b588f..5dc88543f0a 100644 --- a/docker-jans-persistence-loader/Dockerfile +++ b/docker-jans-persistence-loader/Dockerfile @@ -16,7 +16,7 @@ RUN apk update \ # =========== # janssenproject/jans SHA commit -ENV JANS_SOURCE_VERSION=4f155cfe9e197b15d65be6aa938276862fe36a06 +ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup ARG JANS_SCRIPT_CATALOG_DIR=docs/script-catalog ARG JANS_CONFIG_API_RESOURCES=jans-config-api/server/src/main/resources @@ -127,9 +127,7 @@ ENV CN_PERSISTENCE_TYPE=couchbase \ CN_COUCHBASE_SUPERUSER_PASSWORD_FILE=/etc/jans/conf/couchbase_superuser_password \ CN_COUCHBASE_INDEX_NUM_REPLICA=0 \ CN_LDAP_URL=localhost:1636 \ - CN_LDAP_USE_SSL=true \ - CN_GOOGLE_SPANNER_INSTANCE_ID="" \ - CN_GOOGLE_SPANNER_DATABASE_ID="" + CN_LDAP_USE_SSL=true # =========== # Generic ENV diff --git a/docker-jans-persistence-loader/README.md b/docker-jans-persistence-loader/README.md index e04d9e89ab2..9e40da3e013 100644 --- a/docker-jans-persistence-loader/README.md +++ b/docker-jans-persistence-loader/README.md @@ -54,7 +54,7 @@ The following environment variables are supported by the container: - `CN_REDIS_URL`: URL of Redis server, format is host:port (optional; default to `localhost:6379`). - `CN_REDIS_TYPE`: Redis service type, either `STANDALONE` or `CLUSTER` (optional; default to `STANDALONE`). - `CN_MEMCACHED_URL`: URL of Memcache server, format is host:port (optional; default to `localhost:11211`). -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (`couchbase`, `sql`, `spanner`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (`couchbase`, `sql`, or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. - `CN_PERSISTENCE_SKIP_INITIALIZED`: skip initialization if backend already initialized (default to `false`). - `CN_PERSISTENCE_UPDATE_AUTH_DYNAMIC_CONFIG`: Whether to allow automatic updates of `jans-auth` configuration (default to `true`). @@ -73,8 +73,6 @@ The following environment variables are supported by the container: - `CN_GOOGLE_SECRET_VERSION_ID`: Janssen secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended. - `CN_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen secret in Google Secret Manager. Defaults to `jans`. If left `jans-secret` secret will be created. - `CN_GOOGLE_SECRET_MANAGER_PASSPHRASE`: Passphrase for Janssen secret in Google Secret Manager. This is recommended to be changed and defaults to `secret`. -- `CN_GOOGLE_SPANNER_INSTANCE_ID`: Google Spanner instance ID. -- `CN_GOOGLE_SPANNER_DATABASE_ID`: Google Spanner database ID. - `CN_SQL_DB_HOST`: Hostname of the SQL database (default to `localhost`). - `CN_SQL_DB_PORT`: Port of the SQL database (default to `3306` for MySQL). - `CN_SQL_DB_NAME`: SQL database name (default to `jans`). @@ -101,12 +99,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -115,11 +113,11 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "couchbase", - "session": "spanner", + "session": "sql", } ``` diff --git a/docker-jans-persistence-loader/scripts/bootstrap.py b/docker-jans-persistence-loader/scripts/bootstrap.py index 6b922e94f38..fda78903abb 100644 --- a/docker-jans-persistence-loader/scripts/bootstrap.py +++ b/docker-jans-persistence-loader/scripts/bootstrap.py @@ -4,14 +4,12 @@ from jans.pycloudlib import wait_for_persistence_conn from jans.pycloudlib.persistence.couchbase import sync_couchbase_password from jans.pycloudlib.persistence.couchbase import sync_couchbase_superuser_password -from jans.pycloudlib.persistence.spanner import sync_google_credentials from jans.pycloudlib.persistence.sql import sync_sql_password from jans.pycloudlib.persistence.utils import PersistenceMapper from hybrid_setup import HybridBackend from couchbase_setup import CouchbaseBackend from sql_setup import SQLBackend -from spanner_setup import SpannerBackend from upgrade import Upgrade @@ -22,7 +20,6 @@ def main(): "couchbase": CouchbaseBackend, "hybrid": HybridBackend, "sql": SQLBackend, - "spanner": SpannerBackend, } # initialize the backend @@ -41,9 +38,6 @@ def main(): sync_couchbase_superuser_password(manager) sync_couchbase_password(manager) - if "spanner" in persistence_groups: - sync_google_credentials(manager) - wait_for_persistence_conn(manager) with manager.lock.create_lock("persistence-loader-init"): diff --git a/docker-jans-persistence-loader/scripts/hooks.py b/docker-jans-persistence-loader/scripts/hooks.py index 8f2a0a60d77..ab9ee09c195 100644 --- a/docker-jans-persistence-loader/scripts/hooks.py +++ b/docker-jans-persistence-loader/scripts/hooks.py @@ -200,7 +200,7 @@ def transform_auth_dynamic_config_hook(conf, manager): should_update = True if all([ - os.environ.get("CN_PERSISTENCE_TYPE") in ("sql", "spanner"), + os.environ.get("CN_PERSISTENCE_TYPE") == "sql", conf["personCustomObjectClassList"] ]): conf["personCustomObjectClassList"] = [] diff --git a/docker-jans-persistence-loader/scripts/hybrid_setup.py b/docker-jans-persistence-loader/scripts/hybrid_setup.py index 3ddd284bfc9..16ef7157c1b 100644 --- a/docker-jans-persistence-loader/scripts/hybrid_setup.py +++ b/docker-jans-persistence-loader/scripts/hybrid_setup.py @@ -2,13 +2,11 @@ from couchbase_setup import CouchbaseBackend from sql_setup import SQLBackend -from spanner_setup import SpannerBackend _backend_classes = { "couchbase": CouchbaseBackend, "sql": SQLBackend, - "spanner": SpannerBackend, } diff --git a/docker-jans-persistence-loader/scripts/upgrade.py b/docker-jans-persistence-loader/scripts/upgrade.py index eaae19c7466..15d7bf5ed6d 100644 --- a/docker-jans-persistence-loader/scripts/upgrade.py +++ b/docker-jans-persistence-loader/scripts/upgrade.py @@ -8,7 +8,6 @@ from jans.pycloudlib import get_manager from jans.pycloudlib.persistence.couchbase import CouchbaseClient -from jans.pycloudlib.persistence.spanner import SpannerClient from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.sql import doc_id_from_dn from jans.pycloudlib.persistence.couchbase import id_from_dn @@ -204,34 +203,9 @@ def delete_entry(self, key, **kwargs): return self.client.delete(bucket, key) -class SpannerBackend: - def __init__(self, manager): - self.manager = manager - self.client = SpannerClient(manager) - self.type = "spanner" - - def get_entry(self, key, filter_="", attrs=None, **kwargs): - table_name = kwargs.get("table_name") - entry = self.client.get(table_name, key, attrs) - - if not entry: - return None - return Entry(key, entry) - - def modify_entry(self, key, attrs=None, **kwargs): - attrs = attrs or {} - table_name = kwargs.get("table_name") - return self.client.update(table_name, key, attrs), "" - - def delete_entry(self, key, **kwargs): - table_name = kwargs.get("table_name") - return self.client.delete(table_name, key) - - BACKEND_CLASSES = { "sql": SQLBackend, "couchbase": CouchbaseBackend, - "spanner": SpannerBackend, } @@ -276,7 +250,7 @@ def update_scripts_entries(self): duo_id = "inum=5018-F9CF,ou=scripts,o=jans" agama_id = "inum=BADA-BADA,ou=scripts,o=jans" - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansCustomScr"} scim_id = doc_id_from_dn(scim_id) basic_id = doc_id_from_dn(basic_id) @@ -344,7 +318,7 @@ def update_auth_dynamic_config(self): kwargs = {} id_ = JANS_AUTH_CONFIG_DN - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansAppConf"} id_ = doc_id_from_dn(id_) elif self.backend.type == "couchbase": @@ -374,7 +348,7 @@ def _update_claim_names(): rows = collect_claim_names() for id_, claim_name in rows.items(): - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": id_ = doc_id_from_dn(id_) kwargs = {"table_name": "jansAttr"} elif self.backend.type == "couchbase": @@ -397,7 +371,7 @@ def _update_mobile_attr(): kwargs = {} id_ = "inum=6DA6,ou=attributes,o=jans" - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": id_ = doc_id_from_dn(id_) kwargs = {"table_name": "jansAttr"} elif self.backend.type == "couchbase": @@ -421,7 +395,7 @@ def update_scim_scopes_entries(self): # add jansAttrs to SCIM users.read and users.write scopes for id_ in [JANS_SCIM_USERS_READ_SCOPE_DN, JANS_SCIM_USERS_WRITE_SCOPE_DN]: - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansScope"} id_ = doc_id_from_dn(id_) elif self.backend.type == "couchbase": @@ -441,7 +415,7 @@ def update_scopes_entries(self): kwargs = {} id_ = JANS_PROFILE_SCOPE_DN - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansScope"} id_ = doc_id_from_dn(id_) elif self.backend.type == "couchbase": @@ -463,7 +437,7 @@ def update_people_entries(self): id_ = f"inum={admin_inum},ou=people,o=jans" kwargs = {} - if self.user_backend.type in ("sql", "spanner"): + if self.user_backend.type == "sql": id_ = doc_id_from_dn(id_) kwargs = {"table_name": "jansPerson"} elif self.user_backend.type == "couchbase": @@ -514,7 +488,7 @@ def _update_token_server_client(): id_ = f"inum={token_server_admin_ui_client_id},ou=clients,o=jans" - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansClnt"} id_ = doc_id_from_dn(id_) elif self.backend.type == "couchbase": @@ -537,7 +511,7 @@ def update_admin_ui_config(self): kwargs = {} id_ = "ou=admin-ui,ou=configuration,o=jans" - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansAppConf"} id_ = doc_id_from_dn(id_) elif self.backend.type == "couchbase": @@ -576,7 +550,7 @@ def update_auth_errors_config(self): kwargs = {} id_ = JANS_AUTH_CONFIG_DN - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansAppConf"} id_ = doc_id_from_dn(id_) elif self.backend.type == "couchbase": @@ -612,7 +586,7 @@ def update_auth_static_config(self): kwargs = {} id_ = JANS_AUTH_CONFIG_DN - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansAppConf"} id_ = doc_id_from_dn(id_) elif self.backend.type == "couchbase": @@ -649,7 +623,7 @@ def update_tui_client(self): tui_client_id = self.manager.config.get("tui_client_id") id_ = f"inum={tui_client_id},ou=clients,o=jans" - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansClnt"} id_ = doc_id_from_dn(id_) elif self.backend.type == "couchbase": @@ -699,7 +673,7 @@ def update_config(self): kwargs = {} id_ = "ou=configuration,o=jans" - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansAppConf"} id_ = doc_id_from_dn(id_) elif self.backend.type == "couchbase": diff --git a/docker-jans-persistence-loader/scripts/utils.py b/docker-jans-persistence-loader/scripts/utils.py index 53c00bc1cbf..4fb8c3cbe27 100644 --- a/docker-jans-persistence-loader/scripts/utils.py +++ b/docker-jans-persistence-loader/scripts/utils.py @@ -147,7 +147,7 @@ def merge_extension_ctx(ctx: dict[str, _t.Any]) -> dict[str, _t.Any]: def merge_auth_ctx(ctx): - if os.environ.get("CN_PERSISTENCE_TYPE") in ("sql", "spanner"): + if os.environ.get("CN_PERSISTENCE_TYPE") == "sql": ctx["person_custom_object_class_list"] = "[]" else: ctx["person_custom_object_class_list"] = '["jansCustomPerson", "jansPerson"]' diff --git a/docker-jans-saml/Dockerfile b/docker-jans-saml/Dockerfile index e3a97447d47..ff3f3e28739 100644 --- a/docker-jans-saml/Dockerfile +++ b/docker-jans-saml/Dockerfile @@ -35,7 +35,7 @@ RUN wget -q https://jenkins.jans.io/maven/io/jans/kc-jans-spi/${CN_VERSION}/kc-j # Assets sync # =========== -ENV JANS_SOURCE_VERSION=4f155cfe9e197b15d65be6aa938276862fe36a06 +ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) diff --git a/docker-jans-saml/README.md b/docker-jans-saml/README.md index ea347bc5954..5d17c69ccda 100644 --- a/docker-jans-saml/README.md +++ b/docker-jans-saml/README.md @@ -49,7 +49,7 @@ The following environment variables are supported by the container: - `CN_WAIT_MAX_TIME`: How long the startup "health checks" should run (default to `300` seconds). - `CN_WAIT_SLEEP_DURATION`: Delay between startup "health checks" (default to `10` seconds). - `CN_MAX_RAM_PERCENTAGE`: Value passed to Java option `-XX:MaxRAMPercentage`. -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, `spanner`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. - `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`). - `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`). @@ -98,12 +98,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -112,11 +112,11 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "couchbase", - "session": "spanner", + "session": "sql", } ``` diff --git a/docker-jans-saml/scripts/bootstrap.py b/docker-jans-saml/scripts/bootstrap.py index 3d196539388..cb3fad2bfb0 100644 --- a/docker-jans-saml/scripts/bootstrap.py +++ b/docker-jans-saml/scripts/bootstrap.py @@ -21,9 +21,6 @@ from jans.pycloudlib.persistence.couchbase import sync_couchbase_password from jans.pycloudlib.persistence.couchbase import sync_couchbase_truststore from jans.pycloudlib.persistence.hybrid import render_hybrid_properties -from jans.pycloudlib.persistence.spanner import render_spanner_properties -from jans.pycloudlib.persistence.spanner import SpannerClient -from jans.pycloudlib.persistence.spanner import sync_google_credentials from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.sql import render_sql_properties from jans.pycloudlib.persistence.sql import sync_sql_password @@ -109,15 +106,6 @@ def main(): "/etc/jans/conf/jans-sql.properties", ) - if "spanner" in persistence_groups: - render_spanner_properties( - manager, - "/app/templates/jans-spanner.properties", - "/etc/jans/conf/jans-spanner.properties", - ) - extract_common_libs("spanner") - sync_google_credentials(manager) - wait_for_persistence(manager) override_simple_json_property("/etc/jans/conf/jans-sql.properties") @@ -139,7 +127,6 @@ def __init__(self, manager: Manager) -> None: client_classes = { "couchbase": CouchbaseClient, - "spanner": SpannerClient, "sql": SqlClient, } diff --git a/docker-jans-saml/scripts/upgrade.py b/docker-jans-saml/scripts/upgrade.py index 2b8e59e8e2a..9d1dcc8552a 100644 --- a/docker-jans-saml/scripts/upgrade.py +++ b/docker-jans-saml/scripts/upgrade.py @@ -8,7 +8,6 @@ from jans.pycloudlib import get_manager from jans.pycloudlib.persistence.couchbase import CouchbaseClient from jans.pycloudlib.persistence.couchbase import id_from_dn -from jans.pycloudlib.persistence.spanner import SpannerClient from jans.pycloudlib.persistence.sql import doc_id_from_dn from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.utils import PersistenceMapper @@ -144,30 +143,9 @@ def modify_entry(self, key, attrs=None, **kwargs): return status, message -class SpannerBackend: - def __init__(self, manager): - self.manager = manager - self.client = SpannerClient(manager) - self.type = "spanner" - - def get_entry(self, key, filter_="", attrs=None, **kwargs): - table_name = kwargs.get("table_name") - entry = self.client.get(table_name, key, attrs) - - if not entry: - return None - return Entry(key, entry) - - def modify_entry(self, key, attrs=None, **kwargs): - attrs = attrs or {} - table_name = kwargs.get("table_name") - return self.client.update(table_name, key, attrs), "" - - BACKEND_CLASSES = { "sql": SQLBackend, "couchbase": CouchbaseBackend, - "spanner": SpannerBackend, } @@ -188,7 +166,7 @@ def update_saml_dynamic_config(self): kwargs = {} id_ = "ou=jans-saml,ou=configuration,o=jans" - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansAppConf"} id_ = doc_id_from_dn(id_) else: # likely diff --git a/docker-jans-scim/Dockerfile b/docker-jans-scim/Dockerfile index bbd2161a358..8c54f59cf03 100644 --- a/docker-jans-scim/Dockerfile +++ b/docker-jans-scim/Dockerfile @@ -60,7 +60,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-scim/webapps \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=4f155cfe9e197b15d65be6aa938276862fe36a06 +ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup ARG JANS_SCIM_RESOURCE_DIR=jans-scim/server/src/main/resources @@ -220,7 +220,6 @@ LABEL org.opencontainers.image.url="ghcr.io/janssenproject/jans/scim" \ RUN mkdir -p /etc/certs \ ${JETTY_BASE}/jans-scim/logs \ ${JETTY_BASE}/jans-scim/custom/libs \ - ${JETTY_BASE}/common/libs/spanner \ ${JETTY_BASE}/common/libs/couchbase \ ${JETTY_HOME}/temp \ /usr/share/java diff --git a/docker-jans-scim/README.md b/docker-jans-scim/README.md index b4a9a98ca2d..a57076e14c5 100644 --- a/docker-jans-scim/README.md +++ b/docker-jans-scim/README.md @@ -49,7 +49,7 @@ The following environment variables are supported by the container: - `CN_WAIT_MAX_TIME`: How long the startup "health checks" should run (default to `300` seconds). - `CN_WAIT_SLEEP_DURATION`: Delay between startup "health checks" (default to `10` seconds). - `CN_MAX_RAM_PERCENTAGE`: Value passed to Java option `-XX:MaxRAMPercentage`. -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, `spanner`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. - `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`). - `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`). @@ -135,12 +135,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -149,11 +149,11 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "couchbase", - "session": "spanner", + "session": "sql", } ``` diff --git a/docker-jans-scim/scripts/bootstrap.py b/docker-jans-scim/scripts/bootstrap.py index 1b6538006ca..6b1bd6fdb28 100644 --- a/docker-jans-scim/scripts/bootstrap.py +++ b/docker-jans-scim/scripts/bootstrap.py @@ -18,9 +18,6 @@ from jans.pycloudlib.persistence.couchbase import sync_couchbase_password from jans.pycloudlib.persistence.couchbase import sync_couchbase_truststore from jans.pycloudlib.persistence.hybrid import render_hybrid_properties -from jans.pycloudlib.persistence.spanner import render_spanner_properties -from jans.pycloudlib.persistence.spanner import SpannerClient -from jans.pycloudlib.persistence.spanner import sync_google_credentials from jans.pycloudlib.persistence.sql import render_sql_properties from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.sql import sync_sql_password @@ -85,14 +82,6 @@ def main(): "/etc/jans/conf/jans-sql.properties", ) - if "spanner" in persistence_groups: - render_spanner_properties( - manager, - "/app/templates/jans-spanner.properties", - "/etc/jans/conf/jans-spanner.properties", - ) - sync_google_credentials(manager) - wait_for_persistence(manager) override_simple_json_property("/etc/jans/conf/jans-sql.properties") @@ -197,7 +186,6 @@ def __init__(self, manager: Manager) -> None: client_classes = { "couchbase": CouchbaseClient, - "spanner": SpannerClient, "sql": SqlClient, } @@ -263,7 +251,7 @@ def import_ldif_files(self) -> None: self.client.create_from_ldif(file_, self.ctx) def get_scope_jans_ids(self): - if self.persistence_type in ("sql", "spanner"): + if self.persistence_type == "sql": entries = self.client.search("jansScope", ["jansId"]) return [entry["jansId"] for entry in entries] diff --git a/docker-jans-scim/scripts/mod_context.py b/docker-jans-scim/scripts/mod_context.py index 9f3dbf3a493..2fc8c7e11ca 100644 --- a/docker-jans-scim/scripts/mod_context.py +++ b/docker-jans-scim/scripts/mod_context.py @@ -87,7 +87,7 @@ def modify_app_xml(app_name): mapper = PersistenceMapper() persistence_groups = mapper.groups().keys() - for persistence_type in ["spanner", "couchbase"]: + for persistence_type in ["couchbase"]: if persistence_type not in persistence_groups: continue diff --git a/docker-jans-scim/scripts/upgrade.py b/docker-jans-scim/scripts/upgrade.py index 3a429168efa..e1a968fba5a 100644 --- a/docker-jans-scim/scripts/upgrade.py +++ b/docker-jans-scim/scripts/upgrade.py @@ -7,7 +7,6 @@ from jans.pycloudlib import get_manager from jans.pycloudlib.persistence.couchbase import CouchbaseClient from jans.pycloudlib.persistence.couchbase import id_from_dn -from jans.pycloudlib.persistence.spanner import SpannerClient from jans.pycloudlib.persistence.sql import doc_id_from_dn from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.utils import PersistenceMapper @@ -113,38 +112,9 @@ def search_entries(self, key, filter_="", attrs=None, **kwargs): return entries -class SpannerBackend: - def __init__(self, manager): - self.manager = manager - self.client = SpannerClient(manager) - self.type = "spanner" - - def get_entry(self, key, filter_="", attrs=None, **kwargs): - table_name = kwargs.get("table_name") - entry = self.client.get(table_name, key, attrs) - - if not entry: - return None - return Entry(key, entry) - - def modify_entry(self, key, attrs=None, **kwargs): - attrs = attrs or {} - table_name = kwargs.get("table_name") - return self.client.update(table_name, key, attrs), "" - - def search_entries(self, key, filter_="", attrs=None, **kwargs): - attrs = attrs or {} - table_name = kwargs.get("table_name") - return [ - Entry(entry["doc_id"], entry) - for entry in self.client.search(table_name, attrs) - ] - - BACKEND_CLASSES = { "sql": SQLBackend, "couchbase": CouchbaseBackend, - "spanner": SpannerBackend, } @@ -163,7 +133,7 @@ def invoke(self): self.update_scim_dynamic_config() def get_all_scopes(self): - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansScope"} entries = self.backend.search_entries(None, **kwargs) else: # likely couchbase @@ -182,7 +152,7 @@ def update_client_scopes(self): client_id = self.manager.config.get("scim_client_id") id_ = f"inum={client_id},ou=clients,o=jans" - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansClnt"} id_ = doc_id_from_dn(id_) else: # likely couchbase @@ -229,7 +199,7 @@ def update_scim_dynamic_config(self): kwargs = {} id_ = "ou=jans-scim,ou=configuration,o=jans" - if self.backend.type in ("sql", "spanner"): + if self.backend.type == "sql": kwargs = {"table_name": "jansAppConf"} id_ = doc_id_from_dn(id_) elif self.backend.type == "couchbase": diff --git a/jans-pycloudlib/docs/api/wait.md b/jans-pycloudlib/docs/api/wait.md index 0096ee357c3..c039bda71ad 100644 --- a/jans-pycloudlib/docs/api/wait.md +++ b/jans-pycloudlib/docs/api/wait.md @@ -20,6 +20,10 @@ ::: jans.pycloudlib.wait.wait_for_couchbase_conn +::: jans.pycloudlib.wait.wait_for_spanner + +::: jans.pycloudlib.wait.wait_for_spanner_conn + ::: jans.pycloudlib.wait.wait_for_sql ::: jans.pycloudlib.wait.wait_for_sql_conn diff --git a/jans-pycloudlib/jans/pycloudlib/lock/__init__.py b/jans-pycloudlib/jans/pycloudlib/lock/__init__.py index 4884995bfe3..56e18d83acb 100644 --- a/jans-pycloudlib/jans/pycloudlib/lock/__init__.py +++ b/jans-pycloudlib/jans/pycloudlib/lock/__init__.py @@ -19,6 +19,7 @@ import backoff from jans.pycloudlib.lock.couchbase_lock import CouchbaseLock +from jans.pycloudlib.lock.spanner_lock import SpannerLock from jans.pycloudlib.lock.sql_lock import SqlLock from jans.pycloudlib.utils import as_boolean from jans.pycloudlib.persistence.utils import PersistenceMapper @@ -32,12 +33,13 @@ _DATETIME_FMT = "%Y-%m-%dT%H:%M:%S.%fZ" -LockAdapter = _t.Union[SqlLock, CouchbaseLock] +LockAdapter = _t.Union[SqlLock, SpannerLock, CouchbaseLock] """Lock adapter type. Currently supports the following classes: * [SqlLock][jans.pycloudlib.lock.sql_lock.SqlLock] +* [SpannerLock][jans.pycloudlib.lock.spanner_lock.SpannerLock] * [CouchbaseLock][jans.pycloudlib.lock.couchbase_lock.CouchbaseLock] """ @@ -249,6 +251,7 @@ def adapter(self) -> LockAdapter: # noqa: D412 Supported lock adapter name: - `sql`: returns an instance of [SqlLock][jans.pycloudlib.lock.sql_lock.SqlLock] + - `spanner`: returns and instance of [SpannerLock][jans.pycloudlib.lock.spanner_lock.SpannerLock] - `couchbase`: returns and instance of [CouchbaseLock][jans.pycloudlib.lock.couchbase_lock.CouchbaseLock] """ _adapter = os.environ.get("CN_OCI_LOCK_ADAPTER") or PersistenceMapper().mapping["default"] @@ -256,6 +259,9 @@ def adapter(self) -> LockAdapter: # noqa: D412 if _adapter == "sql": return SqlLock() + if _adapter == "spanner": + return SpannerLock() + if _adapter == "couchbase": return CouchbaseLock() @@ -438,6 +444,7 @@ def release(self) -> None: # avoid implicit reexport disabled error __all__ = [ "LockManager", + "SpannerLock", "SqlLock", "CouchbaseLock", ] diff --git a/jans-pycloudlib/jans/pycloudlib/persistence/__init__.py b/jans-pycloudlib/jans/pycloudlib/persistence/__init__.py index a68302fd673..0230bea0c8f 100644 --- a/jans-pycloudlib/jans/pycloudlib/persistence/__init__.py +++ b/jans-pycloudlib/jans/pycloudlib/persistence/__init__.py @@ -7,6 +7,8 @@ from jans.pycloudlib.persistence.sql import render_sql_properties # noqa: F401 from jans.pycloudlib.persistence.sql import doc_id_from_dn # noqa: F401 from jans.pycloudlib.persistence.sql import SqlClient # noqa: F401 +from jans.pycloudlib.persistence.spanner import render_spanner_properties # noqa: F401 +from jans.pycloudlib.persistence.spanner import SpannerClient # noqa: F401 from jans.pycloudlib.persistence.utils import PersistenceMapper # noqa: F401 from jans.pycloudlib.persistence.utils import PERSISTENCE_TYPES # noqa: F401 from jans.pycloudlib.persistence.utils import PERSISTENCE_SQL_DIALECTS # noqa: F401 @@ -24,6 +26,8 @@ "render_sql_properties", "doc_id_from_dn", "SqlClient", + "render_spanner_properties", + "SpannerClient", "PersistenceMapper", "PERSISTENCE_TYPES", "PERSISTENCE_SQL_DIALECTS", diff --git a/jans-pycloudlib/jans/pycloudlib/persistence/sql.py b/jans-pycloudlib/jans/pycloudlib/persistence/sql.py index c05c03aceae..0adaa5b5430 100644 --- a/jans-pycloudlib/jans/pycloudlib/persistence/sql.py +++ b/jans-pycloudlib/jans/pycloudlib/persistence/sql.py @@ -211,6 +211,7 @@ def sql_json_types(self): json_types[attr] = { "mysql": {"type": "JSON"}, "pgsql": {"type": "JSONB"}, + "spanner": {"type": "ARRAY"}, } return json_types diff --git a/jans-pycloudlib/jans/pycloudlib/persistence/utils.py b/jans-pycloudlib/jans/pycloudlib/persistence/utils.py index dec38a87630..01b20d44a02 100644 --- a/jans-pycloudlib/jans/pycloudlib/persistence/utils.py +++ b/jans-pycloudlib/jans/pycloudlib/persistence/utils.py @@ -58,6 +58,7 @@ def render_base_properties(src: str, dest: str) -> None: PERSISTENCE_TYPES = ( "couchbase", "sql", + "spanner", "hybrid", ) """Supported persistence types.""" @@ -126,6 +127,7 @@ class PersistenceMapper: os.environ["CN_PERSISTENCE_TYPE"] = "hybrid" os.environ["CN_HYBRID_MAPPING"] = json.loads({ "default": "sql", + "user": "spanner", "site": "sql", "cache": "sql", "token": "sql", @@ -142,7 +144,7 @@ class PersistenceMapper: ```py { "default": "sql", - "user": "sql", + "user": "spanner", "site": "sql", "cache": "sql", "token": "sql", @@ -166,7 +168,7 @@ def mapping(self) -> dict[str, str]: ```py { "default": "sql", - "user": "sql", + "user": "spanner", "site": "sql", "cache": "sql", "token": "sql", @@ -188,8 +190,9 @@ def groups(self) -> dict[str, list[str]]: ```py { - "sql": ["cache", "default", "session", "site", "token"], + "sql": ["cache", "default", "session", "site"], "couchbase": ["user"], + "spanner": ["token"], } ``` """ @@ -206,8 +209,9 @@ def groups_with_rdn(self) -> dict[str, list[str]]: ```py { - "sql": ["cache", "", "sessions", "link", "tokens"], + "sql": ["cache", "", "sessions", "link"], "couchbase": ["people, groups, authorizations"], + "spanner": ["tokens"], } ``` """ diff --git a/jans-pycloudlib/jans/pycloudlib/validators.py b/jans-pycloudlib/jans/pycloudlib/validators.py index dd714af9f2c..cbcc8c53bbe 100644 --- a/jans-pycloudlib/jans/pycloudlib/validators.py +++ b/jans-pycloudlib/jans/pycloudlib/validators.py @@ -12,6 +12,7 @@ def validate_persistence_type(type_: str) -> None: - `couchbase` - `hybrid` + - `spanner` - `sql` Args: diff --git a/jans-pycloudlib/jans/pycloudlib/wait.py b/jans-pycloudlib/jans/pycloudlib/wait.py index c3f3cff4317..3bdc00d52b2 100644 --- a/jans-pycloudlib/jans/pycloudlib/wait.py +++ b/jans-pycloudlib/jans/pycloudlib/wait.py @@ -13,6 +13,7 @@ from jans.pycloudlib.persistence.couchbase import id_from_dn from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.sql import doc_id_from_dn +from jans.pycloudlib.persistence.spanner import SpannerClient from jans.pycloudlib.utils import as_boolean from jans.pycloudlib.persistence.utils import PersistenceMapper @@ -255,6 +256,46 @@ def wait_for_sql(manager: Manager, **kwargs: _t.Any) -> None: raise WaitError("SQL backend is not fully initialized") +@retry_on_exception +def wait_for_spanner_conn(manager: Manager, **kwargs: _t.Any) -> None: + """Wait for readiness/liveness of an Spanner database connection. + + Args: + manager: An instance of manager class. + **kwargs: Arbitrary keyword arguments (see Other Parameters section, if any). + """ + # checking connection + init = SpannerClient(manager).connected() + if not init: + raise WaitError("Spanner backend is unreachable") + + +@retry_on_exception +def wait_for_spanner(manager: Manager, **kwargs: _t.Any) -> None: + """Wait for readiness/liveness of an Spanner database. + + Args: + manager: An instance of manager class. + **kwargs: Arbitrary keyword arguments (see Other Parameters section, if any). + """ + search_mapping = { + "default": (doc_id_from_dn("ou=jans-auth,ou=configuration,o=jans"), "jansAppConf"), + "user": (doc_id_from_dn(_ADMIN_GROUP_DN), "jansGrp"), + } + + client = SpannerClient(manager) + try: + # get the first data key + key = PersistenceMapper().groups().get("spanner", [])[0] + doc_id, table_name = search_mapping[key] + init = client.row_exists(table_name, doc_id) + except (IndexError, KeyError): + init = client.connected() + + if not init: + raise WaitError("Spanner backend is not fully initialized") + + WaitCallback = _t.TypedDict("WaitCallback", { "func": _t.Callable[..., None], "kwargs": dict[str, _t.Any], @@ -274,6 +315,8 @@ def wait_for(manager: Manager, deps: _t.Union[list[str], None] = None) -> None: - `secret_conn` - `sql` - `sql_conn` + - `spanner` + - `spanner_conn` Args: manager: An instance of manager class. @@ -307,6 +350,8 @@ def wait_for(manager: Manager, deps: _t.Union[list[str], None] = None) -> None: }, "sql_conn": {"func": wait_for_sql_conn, "kwargs": {"label": "SQL"}}, "sql": {"func": wait_for_sql, "kwargs": {"label": "SQL"}}, + "spanner_conn": {"func": wait_for_spanner_conn, "kwargs": {"label": "Spanner"}}, + "spanner": {"func": wait_for_spanner, "kwargs": {"label": "Spanner"}}, } dependencies = deps or [] diff --git a/jans-pycloudlib/mkdocs.yml b/jans-pycloudlib/mkdocs.yml index f20a959b80d..5195ff562ed 100644 --- a/jans-pycloudlib/mkdocs.yml +++ b/jans-pycloudlib/mkdocs.yml @@ -48,6 +48,7 @@ nav: - "Secret": api/secret.md - "Persistence": - "Couchbase": api/persistence/couchbase.md + - "Spanner": api/persistence/spanner.md - "SQL": api/persistence/sql.md - "Hybrid": api/persistence/hybrid.md - "Utilities": api/persistence/utils.md diff --git a/jans-pycloudlib/setup.py b/jans-pycloudlib/setup.py index f9bf0fb718e..53c7e54ade8 100644 --- a/jans-pycloudlib/setup.py +++ b/jans-pycloudlib/setup.py @@ -47,6 +47,7 @@ def find_version(*file_paths): "pymysql>=1.0.2", "sqlalchemy>=1.3,<1.4", "psycopg2>=2.8.6", + "google-cloud-spanner>=3.3.0", "Click>=6.7", "ldif>=4.1.1", # handle CVE-2022-36087 diff --git a/jans-pycloudlib/tests/conftest.py b/jans-pycloudlib/tests/conftest.py index 2fc968e5de5..ff6e12b02c2 100644 --- a/jans-pycloudlib/tests/conftest.py +++ b/jans-pycloudlib/tests/conftest.py @@ -111,6 +111,16 @@ def google_creds(tmpdir): yield creds +@pytest.fixture +def spanner_client(gmanager, monkeypatch, google_creds): + from jans.pycloudlib.persistence.spanner import SpannerClient + + monkeypatch.setenv("GOOGLE_APPLICATION_CREDENTIALS", str(google_creds)) + + client = SpannerClient(gmanager) + yield client + + @pytest.fixture def sql_client(gmanager): from jans.pycloudlib.persistence.sql import SqlClient diff --git a/jans-pycloudlib/tests/test_persistence.py b/jans-pycloudlib/tests/test_persistence.py index 9269106c2d3..3d25ae41b72 100644 --- a/jans-pycloudlib/tests/test_persistence.py +++ b/jans-pycloudlib/tests/test_persistence.py @@ -414,17 +414,18 @@ def test_resolve_hybrid_storages(monkeypatch): monkeypatch.setenv("CN_PERSISTENCE_TYPE", "hybrid") monkeypatch.setenv("CN_HYBRID_MAPPING", json.dumps({ "default": "sql", - "user": "sql", + "user": "spanner", "site": "couchbase", "cache": "sql", "token": "sql", "session": "sql", })) expected = { - "storages": "couchbase, sql", + "storages": "couchbase, spanner, sql", "storage.default": "sql", "storage.couchbase.mapping": "link", - "storage.sql.mapping": "people, groups, authorizations, cache, tokens, sessions", + "storage.spanner.mapping": "people, groups, authorizations", + "storage.sql.mapping": "cache, tokens, sessions", } mapper = PersistenceMapper() assert resolve_hybrid_storages(mapper) == expected @@ -441,16 +442,17 @@ def test_render_hybrid_properties(monkeypatch, tmpdir): "user": "couchbase", "site": "sql", "cache": "sql", - "token": "sql", + "token": "spanner", "session": "sql", }) ) expected = """ -storages: couchbase, sql +storages: couchbase, spanner, sql storage.default: sql storage.couchbase.mapping: people, groups, authorizations -storage.sql.mapping: link, cache, tokens, sessions +storage.spanner.mapping: tokens +storage.sql.mapping: link, cache, sessions """.strip() dest = tmpdir.join("jans-hybrid.properties") @@ -645,6 +647,95 @@ def test_sql_opendj_attr_types(monkeypatch): assert SqlSchemaMixin().opendj_attr_types == json.loads(types_str) +# ======= +# SPANNER +# ======= + + +def test_render_spanner_properties(monkeypatch, tmpdir, gmanager, google_creds): + from jans.pycloudlib.persistence.spanner import render_spanner_properties + + monkeypatch.setenv("GOOGLE_APPLICATION_CREDENTIALS", str(google_creds)) + monkeypatch.setenv("GOOGLE_PROJECT_ID", "testing-project") + monkeypatch.setenv("CN_GOOGLE_SPANNER_INSTANCE_ID", "testing-instance") + monkeypatch.setenv("CN_GOOGLE_SPANNER_DATABASE_ID", "testing-db") + + tmpl = """ +connection.project=%(spanner_project)s +connection.instance=%(spanner_instance)s +connection.database=%(spanner_database)s +%(spanner_creds)s +""".strip() + + expected = """ +connection.project=testing-project +connection.instance=testing-instance +connection.database=testing-db +connection.credentials-file={} +""".format(str(google_creds)).strip() + + src = tmpdir.join("jans-spanner.properties.tmpl") + src.write(tmpl) + dest = tmpdir.join("jans-spanner.properties") + + render_spanner_properties(gmanager, str(src), str(dest)) + assert dest.read() == expected + + +def test_render_spanner_properties_emulator(monkeypatch, tmpdir, gmanager): + from jans.pycloudlib.persistence.spanner import render_spanner_properties + + monkeypatch.setenv("SPANNER_EMULATOR_HOST", "localhost:9010") + monkeypatch.setenv("GOOGLE_PROJECT_ID", "testing-project") + monkeypatch.setenv("CN_GOOGLE_SPANNER_INSTANCE_ID", "testing-instance") + monkeypatch.setenv("CN_GOOGLE_SPANNER_DATABASE_ID", "testing-db") + + tmpl = """ +connection.project=%(spanner_project)s +connection.instance=%(spanner_instance)s +connection.database=%(spanner_database)s +%(spanner_creds)s +""".strip() + + expected = """ +connection.project=testing-project +connection.instance=testing-instance +connection.database=testing-db +connection.emulator-host=localhost:9010 +""".strip() + + src = tmpdir.join("jans-spanner.properties.tmpl") + src.write(tmpl) + dest = tmpdir.join("jans-spanner.properties") + + render_spanner_properties(gmanager, str(src), str(dest)) + assert dest.read() == expected + + +def test_spanner_quoted_id(spanner_client): + assert spanner_client.quoted_id("random") == "`random`" + + +def test_spanner_sub_tables(monkeypatch, spanner_client): + monkeypatch.setattr(BUILTINS_OPEN, lambda p: StringIO("{}")) + assert isinstance(spanner_client.sub_tables, dict) + + +def test_spanner_client_prop(spanner_client): + from google.cloud.spanner_v1.client import Client + assert isinstance(spanner_client.client, Client) + + +def test_spanner_instance_prop(spanner_client): + from google.cloud.spanner_v1.instance import Instance + assert isinstance(spanner_client.instance, Instance) + + +def test_spanner_database_prop(spanner_client): + from google.cloud.spanner_v1.database import Database + assert isinstance(spanner_client.database, Database) + + # ===== # utils # ===== @@ -653,6 +744,7 @@ def test_sql_opendj_attr_types(monkeypatch): @pytest.mark.parametrize("type_", [ "couchbase", "sql", + "spanner", ]) def test_persistence_mapper_mapping(monkeypatch, type_): from jans.pycloudlib.persistence import PersistenceMapper @@ -674,7 +766,7 @@ def test_persistence_mapper_hybrid_mapping(monkeypatch): mapping = { "default": "sql", - "user": "sql", + "user": "spanner", "site": "sql", "cache": "sql", "token": "couchbase", @@ -691,8 +783,8 @@ def test_persistence_mapper_hybrid_mapping(monkeypatch): "[]", "{}", # empty dict {"user": "sql"}, # missing remaining keys - {"default": "sql", "user": "sql", "cache": "sql", "site": "couchbase", "token": "sql", "session": "random"}, # invalid type - {"default": "sql", "user": "sql", "cache": "sql", "site": "couchbase", "token": "sql", "foo": "sql"}, # invalid key + {"default": "sql", "user": "spanner", "cache": "sql", "site": "couchbase", "token": "sql", "session": "random"}, # invalid type + {"default": "sql", "user": "spanner", "cache": "sql", "site": "couchbase", "token": "sql", "foo": "sql"}, # invalid key ]) def test_persistence_mapper_validate_hybrid_mapping(monkeypatch, mapping): from jans.pycloudlib.persistence.utils import PersistenceMapper @@ -710,7 +802,7 @@ def test_persistence_mapper_groups(monkeypatch): monkeypatch.setenv("CN_PERSISTENCE_TYPE", "hybrid") monkeypatch.setenv("CN_HYBRID_MAPPING", json.dumps({ "default": "sql", - "user": "sql", + "user": "spanner", "site": "sql", "cache": "sql", "token": "couchbase", @@ -719,7 +811,8 @@ def test_persistence_mapper_groups(monkeypatch): groups = { "couchbase": ["token"], - "sql": ["default", "user", "site", "cache", "session"], + "spanner": ["user"], + "sql": ["default", "site", "cache", "session"], } assert PersistenceMapper().groups() == groups @@ -730,7 +823,7 @@ def test_persistence_mapper_groups_rdn(monkeypatch): monkeypatch.setenv("CN_PERSISTENCE_TYPE", "hybrid") monkeypatch.setenv("CN_HYBRID_MAPPING", json.dumps({ "default": "sql", - "user": "sql", + "user": "spanner", "site": "sql", "cache": "sql", "token": "couchbase", @@ -739,7 +832,8 @@ def test_persistence_mapper_groups_rdn(monkeypatch): groups = { "couchbase": ["tokens"], - "sql": ["", "people, groups, authorizations", "link", "cache", "sessions"], + "spanner": ["people, groups, authorizations"], + "sql": ["", "link", "cache", "sessions"], } assert PersistenceMapper().groups_with_rdn() == groups diff --git a/jans-pycloudlib/tests/test_validators.py b/jans-pycloudlib/tests/test_validators.py index be5040ac38b..cefa59a276b 100644 --- a/jans-pycloudlib/tests/test_validators.py +++ b/jans-pycloudlib/tests/test_validators.py @@ -5,6 +5,7 @@ "couchbase", "hybrid", "sql", + "spanner", ]) def test_validate_persistence_type(type_): from jans.pycloudlib.validators import validate_persistence_type diff --git a/jans-pycloudlib/tests/test_wait.py b/jans-pycloudlib/tests/test_wait.py index 3c4e9ca2197..ec9d932062a 100644 --- a/jans-pycloudlib/tests/test_wait.py +++ b/jans-pycloudlib/tests/test_wait.py @@ -204,12 +204,63 @@ def test_wait_for_sql_conn(monkeypatch, gmanager): wait_for_sql_conn(gmanager) +def test_wait_for_spanner(monkeypatch, gmanager): + from jans.pycloudlib.wait import wait_for_spanner + + monkeypatch.setenv("CN_WAIT_MAX_TIME", "0") + monkeypatch.setenv("CN_PERSISTENCE_TYPE", "spanner") + + monkeypatch.setattr( + "jans.pycloudlib.persistence.spanner.SpannerClient.row_exists", + lambda cls, t, i: False + ) + + with pytest.raises(Exception): + wait_for_spanner(gmanager) + + +def test_wait_for_spanner_no_search_mapping(monkeypatch, gmanager): + from jans.pycloudlib.wait import wait_for_spanner + + monkeypatch.setenv("CN_WAIT_MAX_TIME", "0") + monkeypatch.setenv("CN_PERSISTENCE_TYPE", "spanner") + + monkeypatch.setattr( + _PERSISTENCE_MAPPER_GROUP_FUNC, + lambda cls: {"spanner": ["random"]} + ) + + monkeypatch.setattr( + "jans.pycloudlib.persistence.spanner.SpannerClient.connected", + lambda cls: False + ) + + with pytest.raises(Exception): + wait_for_spanner(gmanager) + + +def test_wait_for_spanner_conn(monkeypatch, gmanager): + from jans.pycloudlib.wait import wait_for_spanner_conn + + monkeypatch.setenv("CN_WAIT_MAX_TIME", "0") + monkeypatch.setenv("CN_PERSISTENCE_TYPE", "spanner") + + monkeypatch.setattr( + "jans.pycloudlib.persistence.spanner.SpannerClient.connected", + lambda cls: False + ) + + with pytest.raises(Exception): + wait_for_spanner_conn(gmanager) + + _WAIT_FOR_FUNC = "jans.pycloudlib.wait.wait_for" @pytest.mark.parametrize("persistence_type, deps", [ ("couchbase", ["couchbase"]), ("sql", ["sql"]), + ("spanner", ["spanner"]), ]) def test_wait_for_persistence(monkeypatch, gmanager, persistence_type, deps): from jans.pycloudlib.wait import wait_for_persistence @@ -229,7 +280,7 @@ def test_wait_for_persistence_hybrid(monkeypatch, gmanager): "CN_HYBRID_MAPPING", json.dumps({ "default": "sql", - "user": "sql", + "user": "spanner", "site": "sql", "cache": "sql", "token": "couchbase", @@ -239,12 +290,13 @@ def test_wait_for_persistence_hybrid(monkeypatch, gmanager): with patch(_WAIT_FOR_FUNC, autospec=True) as patched: wait_for_persistence(gmanager) - patched.assert_called_with(gmanager, ["couchbase", "sql"]) + patched.assert_called_with(gmanager, ["couchbase", "spanner", "sql"]) @pytest.mark.parametrize("persistence_type, deps", [ ("couchbase", ["couchbase_conn"]), ("sql", ["sql_conn"]), + ("spanner", ["spanner_conn"]), ]) def test_wait_for_persistence_conn(monkeypatch, gmanager, persistence_type, deps): from jans.pycloudlib.wait import wait_for_persistence_conn @@ -264,7 +316,7 @@ def test_wait_for_persistence_conn_hybrid(monkeypatch, gmanager): "CN_HYBRID_MAPPING", json.dumps({ "default": "sql", - "user": "sql", + "user": "spanner", "site": "sql", "cache": "sql", "token": "couchbase", @@ -274,7 +326,7 @@ def test_wait_for_persistence_conn_hybrid(monkeypatch, gmanager): with patch(_WAIT_FOR_FUNC, autospec=True) as patched: wait_for_persistence_conn(gmanager) - patched.assert_called_with(gmanager, ["couchbase_conn", "sql_conn"]) + patched.assert_called_with(gmanager, ["couchbase_conn", "spanner_conn", "sql_conn"]) def test_wait_for(gmanager): From cc61609b4e64dea8ba73442776278babc39e6d22 Mon Sep 17 00:00:00 2001 From: iromli Date: Thu, 7 Nov 2024 00:47:01 +0700 Subject: [PATCH 2/8] chore: remove unused templates and scripts Signed-off-by: iromli --- .../templates/jans-spanner.properties | 30 -- .../templates/jans-spanner.properties | 30 -- .../templates/jans-spanner.properties | 30 -- .../templates/jans-spanner.properties | 30 -- .../templates/jans-spanner.properties | 30 -- .../templates/jans-spanner.properties | 30 -- docker-jans-monolith/jans-spanner-compose.yml | 44 -- .../scripts/spanner_setup.py | 399 ------------------ .../templates/jans-spanner.properties | 30 -- .../templates/jans-spanner.properties | 30 -- 10 files changed, 683 deletions(-) delete mode 100644 docker-jans-auth-server/templates/jans-spanner.properties delete mode 100644 docker-jans-casa/templates/jans-spanner.properties delete mode 100644 docker-jans-config-api/templates/jans-spanner.properties delete mode 100644 docker-jans-fido2/templates/jans-spanner.properties delete mode 100644 docker-jans-keycloak-link/templates/jans-spanner.properties delete mode 100644 docker-jans-link/templates/jans-spanner.properties delete mode 100644 docker-jans-monolith/jans-spanner-compose.yml delete mode 100644 docker-jans-persistence-loader/scripts/spanner_setup.py delete mode 100644 docker-jans-saml/templates/jans-spanner.properties delete mode 100644 docker-jans-scim/templates/jans-spanner.properties diff --git a/docker-jans-auth-server/templates/jans-spanner.properties b/docker-jans-auth-server/templates/jans-spanner.properties deleted file mode 100644 index 73db25b7d54..00000000000 --- a/docker-jans-auth-server/templates/jans-spanner.properties +++ /dev/null @@ -1,30 +0,0 @@ -connection.project=%(spanner_project)s -connection.instance=%(spanner_instance)s -connection.database=%(spanner_database)s - -# Prefix connection.client-property.key=value will be coverterd to key=value -# This is reserved for future usage -#connection.client-property=clientPropertyValue - -# spanner creds or emulator -%(spanner_creds)s - -# Password hash method -password.encryption.method=SSHA-256 - -# Connection pool size -#connection.pool.max-sessions=400 -#connection.pool.min-sessions=100 -#connection.pool.inc-step=25 - -# Max time needed to create connection pool in milliseconds -connection.pool.create-max-wait-time-millis=20000 - -# Maximum allowed statement result set size -statement.limit.default-maximum-result-size=1000 - -# Maximum allowed delete statement result set size -statement.limit.maximum-result-delete-size=10000 - -binaryAttributes=objectGUID -certificateAttributes=userCertificate diff --git a/docker-jans-casa/templates/jans-spanner.properties b/docker-jans-casa/templates/jans-spanner.properties deleted file mode 100644 index 73db25b7d54..00000000000 --- a/docker-jans-casa/templates/jans-spanner.properties +++ /dev/null @@ -1,30 +0,0 @@ -connection.project=%(spanner_project)s -connection.instance=%(spanner_instance)s -connection.database=%(spanner_database)s - -# Prefix connection.client-property.key=value will be coverterd to key=value -# This is reserved for future usage -#connection.client-property=clientPropertyValue - -# spanner creds or emulator -%(spanner_creds)s - -# Password hash method -password.encryption.method=SSHA-256 - -# Connection pool size -#connection.pool.max-sessions=400 -#connection.pool.min-sessions=100 -#connection.pool.inc-step=25 - -# Max time needed to create connection pool in milliseconds -connection.pool.create-max-wait-time-millis=20000 - -# Maximum allowed statement result set size -statement.limit.default-maximum-result-size=1000 - -# Maximum allowed delete statement result set size -statement.limit.maximum-result-delete-size=10000 - -binaryAttributes=objectGUID -certificateAttributes=userCertificate diff --git a/docker-jans-config-api/templates/jans-spanner.properties b/docker-jans-config-api/templates/jans-spanner.properties deleted file mode 100644 index 73db25b7d54..00000000000 --- a/docker-jans-config-api/templates/jans-spanner.properties +++ /dev/null @@ -1,30 +0,0 @@ -connection.project=%(spanner_project)s -connection.instance=%(spanner_instance)s -connection.database=%(spanner_database)s - -# Prefix connection.client-property.key=value will be coverterd to key=value -# This is reserved for future usage -#connection.client-property=clientPropertyValue - -# spanner creds or emulator -%(spanner_creds)s - -# Password hash method -password.encryption.method=SSHA-256 - -# Connection pool size -#connection.pool.max-sessions=400 -#connection.pool.min-sessions=100 -#connection.pool.inc-step=25 - -# Max time needed to create connection pool in milliseconds -connection.pool.create-max-wait-time-millis=20000 - -# Maximum allowed statement result set size -statement.limit.default-maximum-result-size=1000 - -# Maximum allowed delete statement result set size -statement.limit.maximum-result-delete-size=10000 - -binaryAttributes=objectGUID -certificateAttributes=userCertificate diff --git a/docker-jans-fido2/templates/jans-spanner.properties b/docker-jans-fido2/templates/jans-spanner.properties deleted file mode 100644 index 73db25b7d54..00000000000 --- a/docker-jans-fido2/templates/jans-spanner.properties +++ /dev/null @@ -1,30 +0,0 @@ -connection.project=%(spanner_project)s -connection.instance=%(spanner_instance)s -connection.database=%(spanner_database)s - -# Prefix connection.client-property.key=value will be coverterd to key=value -# This is reserved for future usage -#connection.client-property=clientPropertyValue - -# spanner creds or emulator -%(spanner_creds)s - -# Password hash method -password.encryption.method=SSHA-256 - -# Connection pool size -#connection.pool.max-sessions=400 -#connection.pool.min-sessions=100 -#connection.pool.inc-step=25 - -# Max time needed to create connection pool in milliseconds -connection.pool.create-max-wait-time-millis=20000 - -# Maximum allowed statement result set size -statement.limit.default-maximum-result-size=1000 - -# Maximum allowed delete statement result set size -statement.limit.maximum-result-delete-size=10000 - -binaryAttributes=objectGUID -certificateAttributes=userCertificate diff --git a/docker-jans-keycloak-link/templates/jans-spanner.properties b/docker-jans-keycloak-link/templates/jans-spanner.properties deleted file mode 100644 index 73db25b7d54..00000000000 --- a/docker-jans-keycloak-link/templates/jans-spanner.properties +++ /dev/null @@ -1,30 +0,0 @@ -connection.project=%(spanner_project)s -connection.instance=%(spanner_instance)s -connection.database=%(spanner_database)s - -# Prefix connection.client-property.key=value will be coverterd to key=value -# This is reserved for future usage -#connection.client-property=clientPropertyValue - -# spanner creds or emulator -%(spanner_creds)s - -# Password hash method -password.encryption.method=SSHA-256 - -# Connection pool size -#connection.pool.max-sessions=400 -#connection.pool.min-sessions=100 -#connection.pool.inc-step=25 - -# Max time needed to create connection pool in milliseconds -connection.pool.create-max-wait-time-millis=20000 - -# Maximum allowed statement result set size -statement.limit.default-maximum-result-size=1000 - -# Maximum allowed delete statement result set size -statement.limit.maximum-result-delete-size=10000 - -binaryAttributes=objectGUID -certificateAttributes=userCertificate diff --git a/docker-jans-link/templates/jans-spanner.properties b/docker-jans-link/templates/jans-spanner.properties deleted file mode 100644 index 73db25b7d54..00000000000 --- a/docker-jans-link/templates/jans-spanner.properties +++ /dev/null @@ -1,30 +0,0 @@ -connection.project=%(spanner_project)s -connection.instance=%(spanner_instance)s -connection.database=%(spanner_database)s - -# Prefix connection.client-property.key=value will be coverterd to key=value -# This is reserved for future usage -#connection.client-property=clientPropertyValue - -# spanner creds or emulator -%(spanner_creds)s - -# Password hash method -password.encryption.method=SSHA-256 - -# Connection pool size -#connection.pool.max-sessions=400 -#connection.pool.min-sessions=100 -#connection.pool.inc-step=25 - -# Max time needed to create connection pool in milliseconds -connection.pool.create-max-wait-time-millis=20000 - -# Maximum allowed statement result set size -statement.limit.default-maximum-result-size=1000 - -# Maximum allowed delete statement result set size -statement.limit.maximum-result-delete-size=10000 - -binaryAttributes=objectGUID -certificateAttributes=userCertificate diff --git a/docker-jans-monolith/jans-spanner-compose.yml b/docker-jans-monolith/jans-spanner-compose.yml deleted file mode 100644 index c87847ab638..00000000000 --- a/docker-jans-monolith/jans-spanner-compose.yml +++ /dev/null @@ -1,44 +0,0 @@ -version: "3.7" -services: - jans: - image: ${JANSSEN_IMAGE:-ghcr.io/janssenproject/jans/monolith:1.1.6_dev} - restart: always - ports: - - "443:443" - - "80:80" - networks: - - cloud_bridge - environment: - #- CN_HOSTNAME=demoexample.jans.io - - CN_ADMIN_PASS=1t5Fin3#security - - CN_ORG_NAME=Janssen - - CN_EMAIL=support@jans.io - - CN_CITY=Austin - - CN_STATE=TX - - CN_COUNTRY=US - - CN_INSTALL_SPANNER=true - - CN_INSTALL_CONFIG_API=true - - CN_INSTALL_SCIM=true - - CN_INSTALL_FIDO2=true - - CN_INSTALL_CASA=true - - CN_INSTALL_KC_LINK=true - - CN_INSTALL_LOCK=true - - CN_INSTALL_SAML=false - - CN_INSTALL_OPA=true - - TEST_CLIENT_ID=9876baac-de39-4c23-8a78-674b59df8c09 - - TEST_CLIENT_TRUSTED=true - - TEST_CLIENT_SECRET=1t5Fin3#security - volumes: - - ./jans-auth-custom:/opt/jans/jetty/jans-auth/custom - - ./jans-config-api-custom:/opt/jans/jetty/jans-config-api/custom - - ./jans-fido2-custom:/opt/jans/jetty/jans-fido2/custom - - ./jans-scim-custom:/opt/jans/jetty/jans-scim/custom - - ./jans-auth-log:/opt/jans/jetty/jans-auth/logs - - ./jans-config-api-log:/opt/jans/jetty/jans-config-api/logs - - ./jans-scim-log:/opt/jans/jetty/jans-scim/logs - - ./jans-fido2-log:/opt/jans/jetty/jans-fido2/log -volumes: - db-data: -networks: - cloud_bridge: - driver: bridge diff --git a/docker-jans-persistence-loader/scripts/spanner_setup.py b/docker-jans-persistence-loader/scripts/spanner_setup.py deleted file mode 100644 index d3fea99abf7..00000000000 --- a/docker-jans-persistence-loader/scripts/spanner_setup.py +++ /dev/null @@ -1,399 +0,0 @@ -import json -import logging.config -import re -from collections import defaultdict -from pathlib import Path - -from jans.pycloudlib.persistence.spanner import SpannerClient - -from settings import LOGGING_CONFIG -from utils import prepare_template_ctx -from hooks import get_ldif_mappings_hook - -FIELD_RE = re.compile(r"[^0-9a-zA-Z\s]+") - -logging.config.dictConfig(LOGGING_CONFIG) -logger = logging.getLogger("persistence-loader") - - -class SpannerBackend: - def __init__(self, manager): - self.manager = manager - self.client = SpannerClient(manager) - - index_fn = "spanner_index.json" - with open(f"/app/static/rdbm/{index_fn}") as f: - self.sql_indexes = json.loads(f.read()) - - # add missing index determined from opendj indexes - with open("/app/static/rdbm/opendj_index.json") as f: - opendj_indexes = [attr["attribute"] for attr in json.loads(f.read())] - - for attr in self.client.attr_types: - if not attr.get("multivalued"): - continue - for attr_name in attr["names"]: - if attr_name in opendj_indexes and attr_name not in self.sql_indexes["__common__"]["fields"]: - self.sql_indexes["__common__"]["fields"].append(attr_name) - - def get_data_type(self, attr, table=None): - def _resolve_actual_type(raw_type): - match raw_type["type"]: - case char_type if char_type in ["VARCHAR", "STRING"]: - size = raw_type.get("size") or "MAX" - data_type = f"STRING({size})" - case "TEXT": - data_type = "STRING(MAX)" - case _: - data_type = raw_type["type"] - return data_type # noqa: R504 - - # check from SQL data types first - if type_def := self.client.sql_data_types.get(f"{table}:{attr}") or self.client.sql_data_types.get(attr): - # fallback to mysql - raw_type = type_def.get(self.client.dialect) or type_def.get("mysql", {}) - - if table in raw_type.get("tables", {}): - raw_type = raw_type["tables"][table] - return _resolve_actual_type(raw_type) - - # probably JSON-like data type - if attr in self.client.sql_json_types: - return self.client.sql_json_types[attr][self.client.dialect]["type"] - - # data type is undefined, hence check from syntax - syntax = self.client.get_attr_syntax(attr) - syntax_def = self.client.sql_data_types_mapping[syntax] - raw_type = syntax_def.get(self.client.dialect) - return _resolve_actual_type(raw_type) - - def create_tables(self): - table_columns = self.table_mapping_from_schema() - - for table, attr_mapping in table_columns.items(): - self.client.create_table(table, attr_mapping, "doc_id") - - # for name, attr in attrs.items(): - # table = attr.get("sql", {}).get("add_table") - # logger.info(name) - # logger.info(table) - # if not table: - # continue - - # data_type = self.get_data_type(name, table) - # col_def = f"{attr} {data_type}" - - # sql_cmd = f"ALTER TABLE {table} ADD {col_def};" - # logger.info(sql_cmd) - - def get_index_fields(self, table_name): - fields = self.sql_indexes.get(table_name, {}).get("fields", []) - fields += self.sql_indexes["__common__"]["fields"] - - # make unique fields - return list(set(fields)) - - def create_spanner_indexes(self, table_name: str, column_mapping: dict): - fields = self.get_index_fields(table_name) - - for column_name, column_type in column_mapping.items(): - if column_name == "doc_id" or column_name not in fields: - continue - - index_name = f"{table_name}_{FIELD_RE.sub('_', column_name)}" - - if not column_type.lower().startswith("array"): - query = f"CREATE INDEX {self.client.quoted_id(index_name)} ON {self.client.quoted_id(table_name)} ({self.client.quoted_id(column_name)})" - self.client.create_index(query) - else: - # TODO: how to create index for ARRAY? - pass - - custom_indexes = self.sql_indexes.get(table_name, {}).get("custom", []) - for i, custom in enumerate(custom_indexes, start=1): - name = f"{table_name}_CustomIdx_{i}" - query = f"CREATE INDEX {self.client.quoted_id(name)} ON {self.client.quoted_id(table_name)} ({custom})" - self.client.create_index(query) - - def create_indexes(self): - for table_name, column_mapping in self.client.get_table_mapping().items(): - # run the callback - self.create_spanner_indexes(table_name, column_mapping) - - def create_unique_indexes(self): - for table_name, column in [ - ("jansPerson", "mail"), - ("jansPerson", "uid"), - ]: - index_name = f"{table_name.lower()}_{column.lower()}_unique_idx" - query = f"CREATE UNIQUE INDEX {self.client.quoted_id(index_name)} ON {self.client.quoted_id(table_name)} ({self.client.quoted_id(column)})" - self.client.create_index(query) - - def import_builtin_ldif(self, ctx): - optional_scopes = json.loads(self.manager.config.get("optional_scopes", "[]")) - ldif_mappings = get_ldif_mappings_hook("spanner", optional_scopes) - - for _, files in ldif_mappings.items(): - for file_ in files: - self._import_ldif(f"/app/templates/{file_}", ctx) - - def initialize(self): - logger.info("Creating tables (if not exist)") - self.create_tables() - self.create_subtables() - - logger.info("Updating schema (if required)") - self.update_schema() - - logger.info("Creating indexes (if not exist)") - self.create_indexes() - self.create_unique_indexes() - - ctx = prepare_template_ctx(self.manager) - - logger.info("Importing builtin LDIF files") - self.import_builtin_ldif(ctx) - - logger.info("Importing custom LDIF files (if any)") - self.import_custom_ldif(ctx) - - def create_subtables(self): - for table_name, columns in self.client.sub_tables.items(): - for column_name, column_type in columns: - subtable_name = f"{table_name}_{column_name}" - self.client.create_subtable( - table_name, - subtable_name, - { - "doc_id": "STRING(64)", - "dict_doc_id": "STRING(64)", - column_name: column_type, - }, - "doc_id", - "dict_doc_id", - ) - - index_name = f"{subtable_name}Idx" - query = f"CREATE INDEX {self.client.quoted_id(index_name)} ON {self.client.quoted_id(subtable_name)} ({self.client.quoted_id(column_name)})" - self.client.create_index(query) - - def update_schema(self): - """Updates schema (may include data migration)""" - - table_mapping = self.client.get_table_mapping() - - def column_to_array(table_name, col_name): - old_data_type = table_mapping[table_name][col_name] - data_type = self.get_data_type(col_name, table_name) - - if data_type == old_data_type: - return - - # get the value first before updating column type - values = { - row["doc_id"]: row[col_name] - for row in self.client.search(table_name, ["doc_id", col_name]) - } - - # to change the storage format of a JSON column, drop the column and - # add the column back specifying the new storage format - self.client.database.update_ddl([ - f"ALTER TABLE {self.client.quoted_id(table_name)} DROP COLUMN {self.client.quoted_id(col_name)}" - ]) - self.client.database.update_ddl([ - f"ALTER TABLE {self.client.quoted_id(table_name)} ADD COLUMN {self.client.quoted_id(col_name)} {data_type}" - ]) - - # pre-populate the modified column - for doc_id, value in values.items(): - if not value: - value_list = [] - else: - value_list = [value] - - self.client.update( - table_name, - doc_id, - {col_name: self.client._transform_value(col_name, value_list)} - ) - - def add_column(table_name, col_name): - if col_name in table_mapping[table_name]: - return - - data_type = self.get_data_type(col_name, table_name) - self.client.database.update_ddl([ - f"ALTER TABLE {self.client.quoted_id(table_name)} ADD COLUMN {self.client.quoted_id(col_name)} {data_type}" - ]) - - def change_column_type(table_name, col_name): - old_data_type = table_mapping[table_name][col_name] - data_type = self.get_data_type(col_name, table_name) - - if data_type == old_data_type: - return - - query = f"ALTER TABLE {self.client.quoted_id(table_name)} " \ - f"ALTER COLUMN {self.client.quoted_id(col_name)} {data_type}" - self.client.database.update_ddl([query]) - - def column_from_array(table_name, col_name): - old_data_type = table_mapping[table_name][col_name] - data_type = self.get_data_type(col_name, table_name) - - if data_type == old_data_type: - return - - # get the value first before updating column type - values = { - row["doc_id"]: row[col_name] - for row in self.client.search(table_name, ["doc_id", col_name]) - } - - # to change the storage format of a JSON column, drop the column and - # add the column back specifying the new storage format - self.client.database.update_ddl([ - f"ALTER TABLE {self.client.quoted_id(table_name)} DROP COLUMN {self.client.quoted_id(col_name)}" - ]) - self.client.database.update_ddl([ - f"ALTER TABLE {self.client.quoted_id(table_name)} ADD COLUMN {self.client.quoted_id(col_name)} {data_type}" - ]) - - # pre-populate the modified column - for doc_id, value in values.items(): - # pass the list as its value and let transform_value - # determines the actual value - if value: - new_value = value - else: - new_value = [""] - self.client.update( - table_name, - doc_id, - {col_name: self.client._transform_value(col_name, new_value)} - ) - - def column_int_to_string(table_name, col_name): - old_data_type = table_mapping[table_name][col_name] - data_type = self.get_data_type(col_name, table_name) - - if data_type == old_data_type: - return - - # get the value first before updating column type - values = { - row["doc_id"]: row[col_name] - for row in self.client.search(table_name, ["doc_id", col_name]) - } - - # to change the storage format of a JSON column, drop the column and - # add the column back specifying the new storage format - self.client.database.update_ddl([ - f"ALTER TABLE {self.client.quoted_id(table_name)} DROP COLUMN {self.client.quoted_id(col_name)}" - ]) - self.client.database.update_ddl([ - f"ALTER TABLE {self.client.quoted_id(table_name)} ADD COLUMN {self.client.quoted_id(col_name)} {data_type}" - ]) - - # pre-populate the modified column - for doc_id, value in values.items(): - # pass the list as its value and let transform_value - # determines the actual value - if value: - new_value = [value] - else: - new_value = [""] - - self.client.update( - table_name, - doc_id, - {col_name: self.client._transform_value(col_name, new_value)} - ) - - table_columns = self.table_mapping_from_schema() - multivalued_type = "ARRAY" - - for table_name, columns in table_columns.items(): - for column, data_type in columns.items(): - if column not in table_mapping[table_name]: - logger.info(f"Adding new column {table_name}.{column}") - add_column(table_name, column) - - else: - old_data_type = table_mapping[table_name][column] - - if any([ - # same type - data_type == old_data_type, - # builtin columns - column in ("doc_id", "objectClass", "dn"), - ]): - # no-ops - continue - - if data_type.startswith("STRING") and old_data_type == "INT64": - # change int64 to string - logger.info(f"Converting {table_name}.{column} column type {old_data_type} to {data_type}") - column_int_to_string(table_name, column) - elif data_type != multivalued_type and old_data_type != multivalued_type: - # change non-multivalued type - logger.info(f"Converting {table_name}.{column} column type from {old_data_type} to {data_type}") - change_column_type(table_name, column) - elif data_type == multivalued_type and old_data_type != multivalued_type: - # change type to multivalued - logger.info(f"Converting {table_name}.{column} column type from {old_data_type} to multivalued {data_type}") - column_to_array(table_name, column) - elif data_type != multivalued_type and old_data_type == multivalued_type: - # change type from multivalued - logger.info(f"Converting {table_name}.{column} column type from multivalued {old_data_type} to {data_type}") - column_from_array(table_name, column) - - def import_custom_ldif(self, ctx): - custom_dir = Path("/app/custom_ldif") - - for file_ in custom_dir.rglob("*.ldif"): - self._import_ldif(file_, ctx) - - def _import_ldif(self, path, ctx): - logger.info(f"Importing {path} file") - self.client.create_from_ldif(path, ctx) - - def table_mapping_from_schema(self): - schemas = {} - attrs = {} - # cached schemas that holds table's column and its type - table_mapping = defaultdict(dict) - - for fn in self.client.schema_files: - with open(fn) as f: - schema = json.loads(f.read()) - - for oc in schema["objectClasses"]: - schemas[oc["names"][0]] = oc - - for attr in schema["attributeTypes"]: - attrs[attr["names"][0]] = attr - - for table, oc in schemas.items(): - if oc.get("sql", {}).get("ignore"): - continue - - # ``oc["may"]`` contains list of attributes - if "sql" in oc: - oc["may"] += oc["sql"].get("include", []) - - for inc_oc in oc["sql"].get("includeObjectClass", []): - oc["may"] += schemas[inc_oc]["may"] - - doc_id_type = self.get_data_type("doc_id", table) - table_mapping[table].update({ - "doc_id": doc_id_type, - "objectClass": "STRING(48)", - "dn": "STRING(128)", - }) - - # make sure ``oc["may"]`` doesn't have duplicate attribute - for attr in set(oc["may"]): - data_type = self.get_data_type(attr, table) - table_mapping[table].update({attr: data_type}) - return table_mapping diff --git a/docker-jans-saml/templates/jans-spanner.properties b/docker-jans-saml/templates/jans-spanner.properties deleted file mode 100644 index 73db25b7d54..00000000000 --- a/docker-jans-saml/templates/jans-spanner.properties +++ /dev/null @@ -1,30 +0,0 @@ -connection.project=%(spanner_project)s -connection.instance=%(spanner_instance)s -connection.database=%(spanner_database)s - -# Prefix connection.client-property.key=value will be coverterd to key=value -# This is reserved for future usage -#connection.client-property=clientPropertyValue - -# spanner creds or emulator -%(spanner_creds)s - -# Password hash method -password.encryption.method=SSHA-256 - -# Connection pool size -#connection.pool.max-sessions=400 -#connection.pool.min-sessions=100 -#connection.pool.inc-step=25 - -# Max time needed to create connection pool in milliseconds -connection.pool.create-max-wait-time-millis=20000 - -# Maximum allowed statement result set size -statement.limit.default-maximum-result-size=1000 - -# Maximum allowed delete statement result set size -statement.limit.maximum-result-delete-size=10000 - -binaryAttributes=objectGUID -certificateAttributes=userCertificate diff --git a/docker-jans-scim/templates/jans-spanner.properties b/docker-jans-scim/templates/jans-spanner.properties deleted file mode 100644 index 73db25b7d54..00000000000 --- a/docker-jans-scim/templates/jans-spanner.properties +++ /dev/null @@ -1,30 +0,0 @@ -connection.project=%(spanner_project)s -connection.instance=%(spanner_instance)s -connection.database=%(spanner_database)s - -# Prefix connection.client-property.key=value will be coverterd to key=value -# This is reserved for future usage -#connection.client-property=clientPropertyValue - -# spanner creds or emulator -%(spanner_creds)s - -# Password hash method -password.encryption.method=SSHA-256 - -# Connection pool size -#connection.pool.max-sessions=400 -#connection.pool.min-sessions=100 -#connection.pool.inc-step=25 - -# Max time needed to create connection pool in milliseconds -connection.pool.create-max-wait-time-millis=20000 - -# Maximum allowed statement result set size -statement.limit.default-maximum-result-size=1000 - -# Maximum allowed delete statement result set size -statement.limit.maximum-result-delete-size=10000 - -binaryAttributes=objectGUID -certificateAttributes=userCertificate From ad25c90ef448a2893f4858191458ed43e32eb543 Mon Sep 17 00:00:00 2001 From: iromli Date: Thu, 7 Nov 2024 00:58:09 +0700 Subject: [PATCH 3/8] chore: sync jans-pycloudlib Signed-off-by: iromli --- jans-pycloudlib/docs/api/wait.md | 4 - .../jans/pycloudlib/lock/__init__.py | 9 +- .../jans/pycloudlib/persistence/__init__.py | 4 - .../jans/pycloudlib/persistence/sql.py | 1 - .../jans/pycloudlib/persistence/utils.py | 12 +- jans-pycloudlib/jans/pycloudlib/validators.py | 1 - jans-pycloudlib/jans/pycloudlib/wait.py | 45 ------- jans-pycloudlib/mkdocs.yml | 1 - jans-pycloudlib/setup.py | 1 - jans-pycloudlib/tests/conftest.py | 10 -- jans-pycloudlib/tests/test_persistence.py | 120 ++---------------- jans-pycloudlib/tests/test_validators.py | 1 - jans-pycloudlib/tests/test_wait.py | 60 +-------- 13 files changed, 22 insertions(+), 247 deletions(-) diff --git a/jans-pycloudlib/docs/api/wait.md b/jans-pycloudlib/docs/api/wait.md index c039bda71ad..0096ee357c3 100644 --- a/jans-pycloudlib/docs/api/wait.md +++ b/jans-pycloudlib/docs/api/wait.md @@ -20,10 +20,6 @@ ::: jans.pycloudlib.wait.wait_for_couchbase_conn -::: jans.pycloudlib.wait.wait_for_spanner - -::: jans.pycloudlib.wait.wait_for_spanner_conn - ::: jans.pycloudlib.wait.wait_for_sql ::: jans.pycloudlib.wait.wait_for_sql_conn diff --git a/jans-pycloudlib/jans/pycloudlib/lock/__init__.py b/jans-pycloudlib/jans/pycloudlib/lock/__init__.py index 56e18d83acb..4884995bfe3 100644 --- a/jans-pycloudlib/jans/pycloudlib/lock/__init__.py +++ b/jans-pycloudlib/jans/pycloudlib/lock/__init__.py @@ -19,7 +19,6 @@ import backoff from jans.pycloudlib.lock.couchbase_lock import CouchbaseLock -from jans.pycloudlib.lock.spanner_lock import SpannerLock from jans.pycloudlib.lock.sql_lock import SqlLock from jans.pycloudlib.utils import as_boolean from jans.pycloudlib.persistence.utils import PersistenceMapper @@ -33,13 +32,12 @@ _DATETIME_FMT = "%Y-%m-%dT%H:%M:%S.%fZ" -LockAdapter = _t.Union[SqlLock, SpannerLock, CouchbaseLock] +LockAdapter = _t.Union[SqlLock, CouchbaseLock] """Lock adapter type. Currently supports the following classes: * [SqlLock][jans.pycloudlib.lock.sql_lock.SqlLock] -* [SpannerLock][jans.pycloudlib.lock.spanner_lock.SpannerLock] * [CouchbaseLock][jans.pycloudlib.lock.couchbase_lock.CouchbaseLock] """ @@ -251,7 +249,6 @@ def adapter(self) -> LockAdapter: # noqa: D412 Supported lock adapter name: - `sql`: returns an instance of [SqlLock][jans.pycloudlib.lock.sql_lock.SqlLock] - - `spanner`: returns and instance of [SpannerLock][jans.pycloudlib.lock.spanner_lock.SpannerLock] - `couchbase`: returns and instance of [CouchbaseLock][jans.pycloudlib.lock.couchbase_lock.CouchbaseLock] """ _adapter = os.environ.get("CN_OCI_LOCK_ADAPTER") or PersistenceMapper().mapping["default"] @@ -259,9 +256,6 @@ def adapter(self) -> LockAdapter: # noqa: D412 if _adapter == "sql": return SqlLock() - if _adapter == "spanner": - return SpannerLock() - if _adapter == "couchbase": return CouchbaseLock() @@ -444,7 +438,6 @@ def release(self) -> None: # avoid implicit reexport disabled error __all__ = [ "LockManager", - "SpannerLock", "SqlLock", "CouchbaseLock", ] diff --git a/jans-pycloudlib/jans/pycloudlib/persistence/__init__.py b/jans-pycloudlib/jans/pycloudlib/persistence/__init__.py index 0230bea0c8f..a68302fd673 100644 --- a/jans-pycloudlib/jans/pycloudlib/persistence/__init__.py +++ b/jans-pycloudlib/jans/pycloudlib/persistence/__init__.py @@ -7,8 +7,6 @@ from jans.pycloudlib.persistence.sql import render_sql_properties # noqa: F401 from jans.pycloudlib.persistence.sql import doc_id_from_dn # noqa: F401 from jans.pycloudlib.persistence.sql import SqlClient # noqa: F401 -from jans.pycloudlib.persistence.spanner import render_spanner_properties # noqa: F401 -from jans.pycloudlib.persistence.spanner import SpannerClient # noqa: F401 from jans.pycloudlib.persistence.utils import PersistenceMapper # noqa: F401 from jans.pycloudlib.persistence.utils import PERSISTENCE_TYPES # noqa: F401 from jans.pycloudlib.persistence.utils import PERSISTENCE_SQL_DIALECTS # noqa: F401 @@ -26,8 +24,6 @@ "render_sql_properties", "doc_id_from_dn", "SqlClient", - "render_spanner_properties", - "SpannerClient", "PersistenceMapper", "PERSISTENCE_TYPES", "PERSISTENCE_SQL_DIALECTS", diff --git a/jans-pycloudlib/jans/pycloudlib/persistence/sql.py b/jans-pycloudlib/jans/pycloudlib/persistence/sql.py index 0adaa5b5430..c05c03aceae 100644 --- a/jans-pycloudlib/jans/pycloudlib/persistence/sql.py +++ b/jans-pycloudlib/jans/pycloudlib/persistence/sql.py @@ -211,7 +211,6 @@ def sql_json_types(self): json_types[attr] = { "mysql": {"type": "JSON"}, "pgsql": {"type": "JSONB"}, - "spanner": {"type": "ARRAY"}, } return json_types diff --git a/jans-pycloudlib/jans/pycloudlib/persistence/utils.py b/jans-pycloudlib/jans/pycloudlib/persistence/utils.py index 01b20d44a02..dec38a87630 100644 --- a/jans-pycloudlib/jans/pycloudlib/persistence/utils.py +++ b/jans-pycloudlib/jans/pycloudlib/persistence/utils.py @@ -58,7 +58,6 @@ def render_base_properties(src: str, dest: str) -> None: PERSISTENCE_TYPES = ( "couchbase", "sql", - "spanner", "hybrid", ) """Supported persistence types.""" @@ -127,7 +126,6 @@ class PersistenceMapper: os.environ["CN_PERSISTENCE_TYPE"] = "hybrid" os.environ["CN_HYBRID_MAPPING"] = json.loads({ "default": "sql", - "user": "spanner", "site": "sql", "cache": "sql", "token": "sql", @@ -144,7 +142,7 @@ class PersistenceMapper: ```py { "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "sql", @@ -168,7 +166,7 @@ def mapping(self) -> dict[str, str]: ```py { "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "sql", @@ -190,9 +188,8 @@ def groups(self) -> dict[str, list[str]]: ```py { - "sql": ["cache", "default", "session", "site"], + "sql": ["cache", "default", "session", "site", "token"], "couchbase": ["user"], - "spanner": ["token"], } ``` """ @@ -209,9 +206,8 @@ def groups_with_rdn(self) -> dict[str, list[str]]: ```py { - "sql": ["cache", "", "sessions", "link"], + "sql": ["cache", "", "sessions", "link", "tokens"], "couchbase": ["people, groups, authorizations"], - "spanner": ["tokens"], } ``` """ diff --git a/jans-pycloudlib/jans/pycloudlib/validators.py b/jans-pycloudlib/jans/pycloudlib/validators.py index cbcc8c53bbe..dd714af9f2c 100644 --- a/jans-pycloudlib/jans/pycloudlib/validators.py +++ b/jans-pycloudlib/jans/pycloudlib/validators.py @@ -12,7 +12,6 @@ def validate_persistence_type(type_: str) -> None: - `couchbase` - `hybrid` - - `spanner` - `sql` Args: diff --git a/jans-pycloudlib/jans/pycloudlib/wait.py b/jans-pycloudlib/jans/pycloudlib/wait.py index 3bdc00d52b2..c3f3cff4317 100644 --- a/jans-pycloudlib/jans/pycloudlib/wait.py +++ b/jans-pycloudlib/jans/pycloudlib/wait.py @@ -13,7 +13,6 @@ from jans.pycloudlib.persistence.couchbase import id_from_dn from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.sql import doc_id_from_dn -from jans.pycloudlib.persistence.spanner import SpannerClient from jans.pycloudlib.utils import as_boolean from jans.pycloudlib.persistence.utils import PersistenceMapper @@ -256,46 +255,6 @@ def wait_for_sql(manager: Manager, **kwargs: _t.Any) -> None: raise WaitError("SQL backend is not fully initialized") -@retry_on_exception -def wait_for_spanner_conn(manager: Manager, **kwargs: _t.Any) -> None: - """Wait for readiness/liveness of an Spanner database connection. - - Args: - manager: An instance of manager class. - **kwargs: Arbitrary keyword arguments (see Other Parameters section, if any). - """ - # checking connection - init = SpannerClient(manager).connected() - if not init: - raise WaitError("Spanner backend is unreachable") - - -@retry_on_exception -def wait_for_spanner(manager: Manager, **kwargs: _t.Any) -> None: - """Wait for readiness/liveness of an Spanner database. - - Args: - manager: An instance of manager class. - **kwargs: Arbitrary keyword arguments (see Other Parameters section, if any). - """ - search_mapping = { - "default": (doc_id_from_dn("ou=jans-auth,ou=configuration,o=jans"), "jansAppConf"), - "user": (doc_id_from_dn(_ADMIN_GROUP_DN), "jansGrp"), - } - - client = SpannerClient(manager) - try: - # get the first data key - key = PersistenceMapper().groups().get("spanner", [])[0] - doc_id, table_name = search_mapping[key] - init = client.row_exists(table_name, doc_id) - except (IndexError, KeyError): - init = client.connected() - - if not init: - raise WaitError("Spanner backend is not fully initialized") - - WaitCallback = _t.TypedDict("WaitCallback", { "func": _t.Callable[..., None], "kwargs": dict[str, _t.Any], @@ -315,8 +274,6 @@ def wait_for(manager: Manager, deps: _t.Union[list[str], None] = None) -> None: - `secret_conn` - `sql` - `sql_conn` - - `spanner` - - `spanner_conn` Args: manager: An instance of manager class. @@ -350,8 +307,6 @@ def wait_for(manager: Manager, deps: _t.Union[list[str], None] = None) -> None: }, "sql_conn": {"func": wait_for_sql_conn, "kwargs": {"label": "SQL"}}, "sql": {"func": wait_for_sql, "kwargs": {"label": "SQL"}}, - "spanner_conn": {"func": wait_for_spanner_conn, "kwargs": {"label": "Spanner"}}, - "spanner": {"func": wait_for_spanner, "kwargs": {"label": "Spanner"}}, } dependencies = deps or [] diff --git a/jans-pycloudlib/mkdocs.yml b/jans-pycloudlib/mkdocs.yml index 5195ff562ed..f20a959b80d 100644 --- a/jans-pycloudlib/mkdocs.yml +++ b/jans-pycloudlib/mkdocs.yml @@ -48,7 +48,6 @@ nav: - "Secret": api/secret.md - "Persistence": - "Couchbase": api/persistence/couchbase.md - - "Spanner": api/persistence/spanner.md - "SQL": api/persistence/sql.md - "Hybrid": api/persistence/hybrid.md - "Utilities": api/persistence/utils.md diff --git a/jans-pycloudlib/setup.py b/jans-pycloudlib/setup.py index 53c7e54ade8..f9bf0fb718e 100644 --- a/jans-pycloudlib/setup.py +++ b/jans-pycloudlib/setup.py @@ -47,7 +47,6 @@ def find_version(*file_paths): "pymysql>=1.0.2", "sqlalchemy>=1.3,<1.4", "psycopg2>=2.8.6", - "google-cloud-spanner>=3.3.0", "Click>=6.7", "ldif>=4.1.1", # handle CVE-2022-36087 diff --git a/jans-pycloudlib/tests/conftest.py b/jans-pycloudlib/tests/conftest.py index ff6e12b02c2..2fc968e5de5 100644 --- a/jans-pycloudlib/tests/conftest.py +++ b/jans-pycloudlib/tests/conftest.py @@ -111,16 +111,6 @@ def google_creds(tmpdir): yield creds -@pytest.fixture -def spanner_client(gmanager, monkeypatch, google_creds): - from jans.pycloudlib.persistence.spanner import SpannerClient - - monkeypatch.setenv("GOOGLE_APPLICATION_CREDENTIALS", str(google_creds)) - - client = SpannerClient(gmanager) - yield client - - @pytest.fixture def sql_client(gmanager): from jans.pycloudlib.persistence.sql import SqlClient diff --git a/jans-pycloudlib/tests/test_persistence.py b/jans-pycloudlib/tests/test_persistence.py index 3d25ae41b72..9269106c2d3 100644 --- a/jans-pycloudlib/tests/test_persistence.py +++ b/jans-pycloudlib/tests/test_persistence.py @@ -414,18 +414,17 @@ def test_resolve_hybrid_storages(monkeypatch): monkeypatch.setenv("CN_PERSISTENCE_TYPE", "hybrid") monkeypatch.setenv("CN_HYBRID_MAPPING", json.dumps({ "default": "sql", - "user": "spanner", + "user": "sql", "site": "couchbase", "cache": "sql", "token": "sql", "session": "sql", })) expected = { - "storages": "couchbase, spanner, sql", + "storages": "couchbase, sql", "storage.default": "sql", "storage.couchbase.mapping": "link", - "storage.spanner.mapping": "people, groups, authorizations", - "storage.sql.mapping": "cache, tokens, sessions", + "storage.sql.mapping": "people, groups, authorizations, cache, tokens, sessions", } mapper = PersistenceMapper() assert resolve_hybrid_storages(mapper) == expected @@ -442,17 +441,16 @@ def test_render_hybrid_properties(monkeypatch, tmpdir): "user": "couchbase", "site": "sql", "cache": "sql", - "token": "spanner", + "token": "sql", "session": "sql", }) ) expected = """ -storages: couchbase, spanner, sql +storages: couchbase, sql storage.default: sql storage.couchbase.mapping: people, groups, authorizations -storage.spanner.mapping: tokens -storage.sql.mapping: link, cache, sessions +storage.sql.mapping: link, cache, tokens, sessions """.strip() dest = tmpdir.join("jans-hybrid.properties") @@ -647,95 +645,6 @@ def test_sql_opendj_attr_types(monkeypatch): assert SqlSchemaMixin().opendj_attr_types == json.loads(types_str) -# ======= -# SPANNER -# ======= - - -def test_render_spanner_properties(monkeypatch, tmpdir, gmanager, google_creds): - from jans.pycloudlib.persistence.spanner import render_spanner_properties - - monkeypatch.setenv("GOOGLE_APPLICATION_CREDENTIALS", str(google_creds)) - monkeypatch.setenv("GOOGLE_PROJECT_ID", "testing-project") - monkeypatch.setenv("CN_GOOGLE_SPANNER_INSTANCE_ID", "testing-instance") - monkeypatch.setenv("CN_GOOGLE_SPANNER_DATABASE_ID", "testing-db") - - tmpl = """ -connection.project=%(spanner_project)s -connection.instance=%(spanner_instance)s -connection.database=%(spanner_database)s -%(spanner_creds)s -""".strip() - - expected = """ -connection.project=testing-project -connection.instance=testing-instance -connection.database=testing-db -connection.credentials-file={} -""".format(str(google_creds)).strip() - - src = tmpdir.join("jans-spanner.properties.tmpl") - src.write(tmpl) - dest = tmpdir.join("jans-spanner.properties") - - render_spanner_properties(gmanager, str(src), str(dest)) - assert dest.read() == expected - - -def test_render_spanner_properties_emulator(monkeypatch, tmpdir, gmanager): - from jans.pycloudlib.persistence.spanner import render_spanner_properties - - monkeypatch.setenv("SPANNER_EMULATOR_HOST", "localhost:9010") - monkeypatch.setenv("GOOGLE_PROJECT_ID", "testing-project") - monkeypatch.setenv("CN_GOOGLE_SPANNER_INSTANCE_ID", "testing-instance") - monkeypatch.setenv("CN_GOOGLE_SPANNER_DATABASE_ID", "testing-db") - - tmpl = """ -connection.project=%(spanner_project)s -connection.instance=%(spanner_instance)s -connection.database=%(spanner_database)s -%(spanner_creds)s -""".strip() - - expected = """ -connection.project=testing-project -connection.instance=testing-instance -connection.database=testing-db -connection.emulator-host=localhost:9010 -""".strip() - - src = tmpdir.join("jans-spanner.properties.tmpl") - src.write(tmpl) - dest = tmpdir.join("jans-spanner.properties") - - render_spanner_properties(gmanager, str(src), str(dest)) - assert dest.read() == expected - - -def test_spanner_quoted_id(spanner_client): - assert spanner_client.quoted_id("random") == "`random`" - - -def test_spanner_sub_tables(monkeypatch, spanner_client): - monkeypatch.setattr(BUILTINS_OPEN, lambda p: StringIO("{}")) - assert isinstance(spanner_client.sub_tables, dict) - - -def test_spanner_client_prop(spanner_client): - from google.cloud.spanner_v1.client import Client - assert isinstance(spanner_client.client, Client) - - -def test_spanner_instance_prop(spanner_client): - from google.cloud.spanner_v1.instance import Instance - assert isinstance(spanner_client.instance, Instance) - - -def test_spanner_database_prop(spanner_client): - from google.cloud.spanner_v1.database import Database - assert isinstance(spanner_client.database, Database) - - # ===== # utils # ===== @@ -744,7 +653,6 @@ def test_spanner_database_prop(spanner_client): @pytest.mark.parametrize("type_", [ "couchbase", "sql", - "spanner", ]) def test_persistence_mapper_mapping(monkeypatch, type_): from jans.pycloudlib.persistence import PersistenceMapper @@ -766,7 +674,7 @@ def test_persistence_mapper_hybrid_mapping(monkeypatch): mapping = { "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "couchbase", @@ -783,8 +691,8 @@ def test_persistence_mapper_hybrid_mapping(monkeypatch): "[]", "{}", # empty dict {"user": "sql"}, # missing remaining keys - {"default": "sql", "user": "spanner", "cache": "sql", "site": "couchbase", "token": "sql", "session": "random"}, # invalid type - {"default": "sql", "user": "spanner", "cache": "sql", "site": "couchbase", "token": "sql", "foo": "sql"}, # invalid key + {"default": "sql", "user": "sql", "cache": "sql", "site": "couchbase", "token": "sql", "session": "random"}, # invalid type + {"default": "sql", "user": "sql", "cache": "sql", "site": "couchbase", "token": "sql", "foo": "sql"}, # invalid key ]) def test_persistence_mapper_validate_hybrid_mapping(monkeypatch, mapping): from jans.pycloudlib.persistence.utils import PersistenceMapper @@ -802,7 +710,7 @@ def test_persistence_mapper_groups(monkeypatch): monkeypatch.setenv("CN_PERSISTENCE_TYPE", "hybrid") monkeypatch.setenv("CN_HYBRID_MAPPING", json.dumps({ "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "couchbase", @@ -811,8 +719,7 @@ def test_persistence_mapper_groups(monkeypatch): groups = { "couchbase": ["token"], - "spanner": ["user"], - "sql": ["default", "site", "cache", "session"], + "sql": ["default", "user", "site", "cache", "session"], } assert PersistenceMapper().groups() == groups @@ -823,7 +730,7 @@ def test_persistence_mapper_groups_rdn(monkeypatch): monkeypatch.setenv("CN_PERSISTENCE_TYPE", "hybrid") monkeypatch.setenv("CN_HYBRID_MAPPING", json.dumps({ "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "couchbase", @@ -832,8 +739,7 @@ def test_persistence_mapper_groups_rdn(monkeypatch): groups = { "couchbase": ["tokens"], - "spanner": ["people, groups, authorizations"], - "sql": ["", "link", "cache", "sessions"], + "sql": ["", "people, groups, authorizations", "link", "cache", "sessions"], } assert PersistenceMapper().groups_with_rdn() == groups diff --git a/jans-pycloudlib/tests/test_validators.py b/jans-pycloudlib/tests/test_validators.py index cefa59a276b..be5040ac38b 100644 --- a/jans-pycloudlib/tests/test_validators.py +++ b/jans-pycloudlib/tests/test_validators.py @@ -5,7 +5,6 @@ "couchbase", "hybrid", "sql", - "spanner", ]) def test_validate_persistence_type(type_): from jans.pycloudlib.validators import validate_persistence_type diff --git a/jans-pycloudlib/tests/test_wait.py b/jans-pycloudlib/tests/test_wait.py index ec9d932062a..3c4e9ca2197 100644 --- a/jans-pycloudlib/tests/test_wait.py +++ b/jans-pycloudlib/tests/test_wait.py @@ -204,63 +204,12 @@ def test_wait_for_sql_conn(monkeypatch, gmanager): wait_for_sql_conn(gmanager) -def test_wait_for_spanner(monkeypatch, gmanager): - from jans.pycloudlib.wait import wait_for_spanner - - monkeypatch.setenv("CN_WAIT_MAX_TIME", "0") - monkeypatch.setenv("CN_PERSISTENCE_TYPE", "spanner") - - monkeypatch.setattr( - "jans.pycloudlib.persistence.spanner.SpannerClient.row_exists", - lambda cls, t, i: False - ) - - with pytest.raises(Exception): - wait_for_spanner(gmanager) - - -def test_wait_for_spanner_no_search_mapping(monkeypatch, gmanager): - from jans.pycloudlib.wait import wait_for_spanner - - monkeypatch.setenv("CN_WAIT_MAX_TIME", "0") - monkeypatch.setenv("CN_PERSISTENCE_TYPE", "spanner") - - monkeypatch.setattr( - _PERSISTENCE_MAPPER_GROUP_FUNC, - lambda cls: {"spanner": ["random"]} - ) - - monkeypatch.setattr( - "jans.pycloudlib.persistence.spanner.SpannerClient.connected", - lambda cls: False - ) - - with pytest.raises(Exception): - wait_for_spanner(gmanager) - - -def test_wait_for_spanner_conn(monkeypatch, gmanager): - from jans.pycloudlib.wait import wait_for_spanner_conn - - monkeypatch.setenv("CN_WAIT_MAX_TIME", "0") - monkeypatch.setenv("CN_PERSISTENCE_TYPE", "spanner") - - monkeypatch.setattr( - "jans.pycloudlib.persistence.spanner.SpannerClient.connected", - lambda cls: False - ) - - with pytest.raises(Exception): - wait_for_spanner_conn(gmanager) - - _WAIT_FOR_FUNC = "jans.pycloudlib.wait.wait_for" @pytest.mark.parametrize("persistence_type, deps", [ ("couchbase", ["couchbase"]), ("sql", ["sql"]), - ("spanner", ["spanner"]), ]) def test_wait_for_persistence(monkeypatch, gmanager, persistence_type, deps): from jans.pycloudlib.wait import wait_for_persistence @@ -280,7 +229,7 @@ def test_wait_for_persistence_hybrid(monkeypatch, gmanager): "CN_HYBRID_MAPPING", json.dumps({ "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "couchbase", @@ -290,13 +239,12 @@ def test_wait_for_persistence_hybrid(monkeypatch, gmanager): with patch(_WAIT_FOR_FUNC, autospec=True) as patched: wait_for_persistence(gmanager) - patched.assert_called_with(gmanager, ["couchbase", "spanner", "sql"]) + patched.assert_called_with(gmanager, ["couchbase", "sql"]) @pytest.mark.parametrize("persistence_type, deps", [ ("couchbase", ["couchbase_conn"]), ("sql", ["sql_conn"]), - ("spanner", ["spanner_conn"]), ]) def test_wait_for_persistence_conn(monkeypatch, gmanager, persistence_type, deps): from jans.pycloudlib.wait import wait_for_persistence_conn @@ -316,7 +264,7 @@ def test_wait_for_persistence_conn_hybrid(monkeypatch, gmanager): "CN_HYBRID_MAPPING", json.dumps({ "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "couchbase", @@ -326,7 +274,7 @@ def test_wait_for_persistence_conn_hybrid(monkeypatch, gmanager): with patch(_WAIT_FOR_FUNC, autospec=True) as patched: wait_for_persistence_conn(gmanager) - patched.assert_called_with(gmanager, ["couchbase_conn", "spanner_conn", "sql_conn"]) + patched.assert_called_with(gmanager, ["couchbase_conn", "sql_conn"]) def test_wait_for(gmanager): From 8aae0998a06c1e2f0821a16e847d9434e327be48 Mon Sep 17 00:00:00 2001 From: moabu <47318409+moabu@users.noreply.github.com> Date: Thu, 7 Nov 2024 06:45:53 +0300 Subject: [PATCH 4/8] docs: fix refs --- .github/workflows/test_docker_linux_installer.yml | 2 +- automation/rancher-partner-charts/questions.yaml | 3 +-- automation/startjanssenmonolithdemo.sh | 2 +- docs/janssen-server/planning/components.md | 2 +- docs/janssen-server/planning/persistence.md | 1 - docs/janssen-server/recipes/benchmark.md | 3 --- 6 files changed, 4 insertions(+), 9 deletions(-) diff --git a/.github/workflows/test_docker_linux_installer.yml b/.github/workflows/test_docker_linux_installer.yml index 11602a99b02..c9d863426a5 100644 --- a/.github/workflows/test_docker_linux_installer.yml +++ b/.github/workflows/test_docker_linux_installer.yml @@ -21,7 +21,7 @@ jobs: max-parallel: 6 matrix: # add '"pgsql" when supported - persistence-backends: ["MYSQL", "PGSQL", "LDAP", "COUCHBASE", "SPANNER"] + persistence-backends: ["MYSQL", "PGSQL", "COUCHBASE"] python-version: ["3.7"] fail-fast: false steps: diff --git a/automation/rancher-partner-charts/questions.yaml b/automation/rancher-partner-charts/questions.yaml index 62db44b864d..2f0743e6dc8 100644 --- a/automation/rancher-partner-charts/questions.yaml +++ b/automation/rancher-partner-charts/questions.yaml @@ -58,11 +58,10 @@ questions: type: enum group: "Persistence" label: Gluu Persistence backend - description: "Persistence backend to run Gluu with couchbase|hybrid|sql|spanner" + description: "Persistence backend to run Gluu with couchbase|sql|" options: - "couchbase" - "hybrid" - - "spanner" - "sql" # Hybrid diff --git a/automation/startjanssenmonolithdemo.sh b/automation/startjanssenmonolithdemo.sh index 3dc0dfd1cae..429137a5871 100644 --- a/automation/startjanssenmonolithdemo.sh +++ b/automation/startjanssenmonolithdemo.sh @@ -12,7 +12,7 @@ if [[ ! "$JANS_FQDN" ]]; then read -rp "Enter Hostname [demoexample.jans.io]: " JANS_FQDN fi if [[ ! "$JANS_PERSISTENCE" ]]; then - read -rp "Enter persistence type [MYSQL|PGSQL|COUCHBASE[TEST]|SPANNER[TEST]]: " JANS_PERSISTENCE + read -rp "Enter persistence type [MYSQL|PGSQL]: " JANS_PERSISTENCE fi if [[ -z $EXT_IP ]]; then diff --git a/docs/janssen-server/planning/components.md b/docs/janssen-server/planning/components.md index 83b004c51bd..8e35978a51d 100644 --- a/docs/janssen-server/planning/components.md +++ b/docs/janssen-server/planning/components.md @@ -19,7 +19,7 @@ assertions. This service must be Internet-facing. persistence service to store configuration and other entity data (client, person, scope, attribute, FIDO device, etc.) As different databases are good for different deployments, Janssen supports a number of options: -MySQL, Postgres, Couchbase, Google Spanner, and Amazon Aurora. Other +MySQL, Postgres, Couchbase, and Amazon Aurora. Other databases may be added in the future. 1. **Cache**: Getting data from a disk is still the slowest part of any diff --git a/docs/janssen-server/planning/persistence.md b/docs/janssen-server/planning/persistence.md index 3791d7b4bc4..21f7f9bd885 100644 --- a/docs/janssen-server/planning/persistence.md +++ b/docs/janssen-server/planning/persistence.md @@ -6,7 +6,6 @@ tags: - MySQL - Couchbase - Aurora - - Spanner - Postgres - database --- diff --git a/docs/janssen-server/recipes/benchmark.md b/docs/janssen-server/recipes/benchmark.md index 5439150c04b..4d71f51b376 100644 --- a/docs/janssen-server/recipes/benchmark.md +++ b/docs/janssen-server/recipes/benchmark.md @@ -191,13 +191,10 @@ Loading users requires a hefty but temporary amount of resources. By default, th | `USER_NUMBER_STARTING_POINT` | The user number to start from . This is appended to the username i.e test_user0 | `0` | | `USER_NUMBER_ENDING_POINT` | The user number to end at. | `50000000` | | `LOAD_USERS_TO_COUCHBASE` | Enable loading users to Couchbase persistence. `true` or `false` == `` | `false` | - | `LOAD_USERS_TO_SPANNER` | Enable loading users to Spanner persistence. `true` or `false` == `` | `false` | | `LOAD_USERS_TO_RDBMS` | Enable loading users to RDBMS persistence. `true` or `false` == `` | `false` | | `USER_SPLIT_PARALLEL_THREADS` | The number of parallel threads to break the total number users across. This number heavily effects vCPU usage. | `20` | | `GOOGLE_APPLICATION_CREDENTIALS` | Google Credentials JSON SA file. **Used with Spanner** | `` | | `GOOGLE_PROJECT_ID` | Google Project ID. **Used with Spanner** | `` | - | `GOOGLE_SPANNER_INSTANCE_ID` | Google Spanner Instance ID. **Used with Spanner** | `` | - | `GOOGLE_SPANNER_DATABASE_ID` | Google Spanner Database ID. **Used with Spanner** | `` | | `RDBMS_TYPE` | RDBMS type if `mysql` or `pgsql` is the persistence to load users in. | `mysql` | | `RDBMS_DB` | RDBMS Database name if `mysql` or `pgsql` is the persistence to load users in. | `jans` | | `RDBMS_USER` | RDBMS user if `mysql` or `pgsql` is the persistence to load users in. | `jans` | From bf4a2d93def7b0f5cde3777d361fe05c6a41616e Mon Sep 17 00:00:00 2001 From: moabu <47318409+moabu@users.noreply.github.com> Date: Thu, 7 Nov 2024 06:53:56 +0300 Subject: [PATCH 5/8] fix: remove from demo and monolith setup --- .../rancher-partner-charts/questions.yaml | 29 ---- automation/startjanssenmonolithdemo.sh | 3 - .../scripts/add_users_spanner.py | 147 ------------------ .../load-users/load_users_spanner_job.yaml | 54 ------- docs/janssen-server/recipes/benchmark.md | 2 - 5 files changed, 235 deletions(-) delete mode 100644 demos/benchmarking/docker-jans-loadtesting-jmeter/scripts/add_users_spanner.py delete mode 100644 demos/benchmarking/docker-jans-loadtesting-jmeter/yaml/load-users/load_users_spanner_job.yaml diff --git a/automation/rancher-partner-charts/questions.yaml b/automation/rancher-partner-charts/questions.yaml index 2f0743e6dc8..eb2192d00eb 100644 --- a/automation/rancher-partner-charts/questions.yaml +++ b/automation/rancher-partner-charts/questions.yaml @@ -131,35 +131,6 @@ questions: type: string label: SQL database name show_if: "global.cnPersistenceType=sql" -# Spanner -- variable: config.configmap.cnGoogleSpannerInstanceId - default: "" - group: "Persistence" - description: "The google spanner instance ID" - type: string - label: Google Spanner Instance ID - show_if: "global.cnPersistenceType=spanner" -- variable: config.configmap.cnGoogleSpannerDatabaseId - default: "" - group: "Persistence" - description: "The google spanner database ID" - type: string - label: Google Spanner Database ID - show_if: "global.cnPersistenceType=spanner" -- variable: config.configmap.cnGoogleSecretManagerServiceAccount - default: "" - group: "Persistence" - description: "The service account with access roles/secretmanager.admin to use Google secret manager and/or roles/spanner.databaseUser to use Spanner." - type: multiline - label: Google Spanner Service Account json - show_if: "global.cnPersistenceType=spanner" -- variable: config.configmap.cnGoogleProjectId - default: "" - group: "Persistence" - description: "The Google Project ID" - type: string - label: Google Project ID - show_if: "global.cnPersistenceType=spanner" #Couchbase - variable: config.configmap.cnCouchbaseCrt default: "" diff --git a/automation/startjanssenmonolithdemo.sh b/automation/startjanssenmonolithdemo.sh index 429137a5871..446feee979a 100644 --- a/automation/startjanssenmonolithdemo.sh +++ b/automation/startjanssenmonolithdemo.sh @@ -72,7 +72,6 @@ if [[ "$JANS_BUILD_COMMIT" ]]; then python3 -c "from pathlib import Path ; import ruamel.yaml ; compose = Path('/tmp/jans/docker-jans-monolith/jans-mysql-compose.yml') ; yaml = ruamel.yaml.YAML() ; data = yaml.load(compose) ; data['services']['jans']['build'] = '.' ; del data['services']['jans']['image'] ; yaml.dump(data, compose)" python3 -c "from pathlib import Path ; import ruamel.yaml ; compose = Path('/tmp/jans/docker-jans-monolith/jans-postgres-compose.yml') ; yaml = ruamel.yaml.YAML() ; data = yaml.load(compose) ; data['services']['jans']['build'] = '.' ; del data['services']['jans']['image'] ; yaml.dump(data, compose)" python3 -c "from pathlib import Path ; import ruamel.yaml ; compose = Path('/tmp/jans/docker-jans-monolith/jans-couchbase-compose.yml') ; yaml = ruamel.yaml.YAML() ; data = yaml.load(compose) ; data['services']['jans']['build'] = '.' ; del data['services']['jans']['image'] ; yaml.dump(data, compose)" - python3 -c "from pathlib import Path ; import ruamel.yaml ; compose = Path('/tmp/jans/docker-jans-monolith/jans-spanner-compose.yml') ; yaml = ruamel.yaml.YAML() ; data = yaml.load(compose) ; data['services']['jans']['build'] = '.' ; del data['services']['jans']['image'] ; yaml.dump(data, compose)" fi # -- if [[ "$IS_FQDN_REGISTERED" ]]; then @@ -88,8 +87,6 @@ elif [[ $JANS_PERSISTENCE == "PGSQL" ]]; then bash /tmp/jans/docker-jans-monolith/up.sh postgres elif [[ $JANS_PERSISTENCE == "COUCHBASE" ]]; then bash /tmp/jans/docker-jans-monolith/up.sh couchbase -elif [[ $JANS_PERSISTENCE == "SPANNER" ]]; then - bash /tmp/jans/docker-jans-monolith/up.sh spanner fi echo "$EXT_IP $JANS_FQDN" | sudo tee -a /etc/hosts > /dev/null jans_status="unhealthy" diff --git a/demos/benchmarking/docker-jans-loadtesting-jmeter/scripts/add_users_spanner.py b/demos/benchmarking/docker-jans-loadtesting-jmeter/scripts/add_users_spanner.py deleted file mode 100644 index 001012b2380..00000000000 --- a/demos/benchmarking/docker-jans-loadtesting-jmeter/scripts/add_users_spanner.py +++ /dev/null @@ -1,147 +0,0 @@ -""" - -The following envvars are required: - -- ``GOOGLE_APPLICATION_CREDENTIALS``: Path to JSON file contains - Google credentials -- ``GOOGLE_PROJECT_ID``: (a.k.a Google project ID) -- ``GOOGLE_SPANNER_INSTANCE_ID``: Spanner instance ID -- ``GOOGLE_SPANNER_DATABASE_ID``: Spanner database ID -""" - -import base64 -import os -import hashlib -import uuid -import time -import logging -from google.cloud import spanner -from joblib import Parallel, delayed -from contextlib import suppress - - -def get_logger(name): - log_format = '%(asctime)s - %(name)8s - %(levelname)5s - %(message)s' - logging.basicConfig(level=logging.INFO, - format=log_format, - filename='setup.log', - filemode='w') - console = logging.StreamHandler() - console.setLevel(logging.INFO) - console.setFormatter(logging.Formatter(log_format)) - logging.getLogger(name).addHandler(console) - return logging.getLogger(name) - - -logger = get_logger("spanner-user-loader") -cred_file = os.environ.get("GOOGLE_APPLICATION_CREDENTIALS", "/etc/certs/google-service-account.json") -user_number_starting_point = int(os.environ.get("USER_NUMBER_STARTING_POINT", 0)) -user_number_ending_point = int(os.environ.get("USER_NUMBER_ENDING_POINT", 50000000)) -user_split_parallel_threads = int(os.environ.get("USER_SPLIT_PARALLEL_THREADS", 20)) -user_id_prefix = os.environ.get("TEST_USERS_PREFIX_STRING", "test_user") -logger.info("Starting to add users to Spanner. This will add user{} to user{} ".format( - str(user_number_starting_point), str(user_number_ending_point))) -project_id = os.environ.get("GOOGLE_PROJECT_ID", "") -client = spanner.Client(project=project_id) -instance_id = os.environ.get("GOOGLE_SPANNER_INSTANCE_ID", "") -instance = client.instance(instance_id) - -database_id = os.environ.get("GOOGLE_SPANNER_DATABASE_ID", "") -database = instance.database(database_id) - - -def connected(): - """Check whether connection is alive by executing simple query. - """ - - cntr = 0 - with database.snapshot() as snapshot: - result = snapshot.execute_sql("SELECT 1") - with suppress(IndexError): - row = list(result)[0] - cntr = row[0] - return cntr > 0 - - -def split_interval(start, end, num_of_parts): - part_interval = (end - start) / num_of_parts - parts = [] - marker = start - - for _ in range(num_of_parts): - part = [marker, marker + part_interval] - marker += part_interval - parts.append(part) - return parts - - -def make_secret(password): - salt = os.urandom(4) - sha = hashlib.sha1(password.encode('utf-8')) - sha.update(salt) - digest_ = sha.digest() - b64encoded = base64.b64encode(digest_ + salt).decode('utf-8') - encrypted_password = '{{SSHA}}{0}'.format(b64encoded) - return encrypted_password - - -def load_users(interval): - columns = ['userPassword', 'mail', 'displayName', 'givenName', 'objectClass', 'dn', - 'cn', 'inum', 'doc_id', 'uid', 'jansStatus', 'sn'] - logger.info("-------------------") - logger.info("Thread {} started!".format(str(interval))) - logger.info("Preparing query {} started!".format(str(interval))) - logger.info(time.ctime(time.time())) - logger.info("-------------------") - start = interval[0] + 1 - end = interval[1] - while start <= end: - values = [] - inum = str(uuid.uuid4()) - name = '{}{}'.format(user_id_prefix, int(start)) - sn = 'lastname{}'.format(int(start)) - dn = "inum={0},ou=people,o=jans".format(inum) - cn = name + ' ' + sn - people = [ - make_secret('topsecret' + str(int(start))), - name + '@jans.io', - name + ' ' + sn, - name, - "jansPerson", - dn, - cn, - inum, - inum, - name, - "active", - sn - ] - values.append(people) - try: - with database.batch() as batch: - batch.insert(table='jansPerson', columns=columns, values=values) - except Exception as e: - logger.error(e) - start += 1 - logger.info("-------------------") - logger.info(time.ctime(time.time())) - logger.info("Thread {} Ended!".format(str(interval))) - logger.info("-------------------") - -def main(): - test_spanner_connection = connected() - if not test_spanner_connection: - raise Exception("Spanner backend is unreachable") - # The transaction contains too many mutations. Insert and update operations count with the multiplicity of the - # number of columns they affect. For example, inserting values into one key column and four non-key columns count - # as five mutations total for the insert. Delete and delete range operations count as one mutation regardless of - # the number of columns affected. The total mutation count includes any changes to indexes that the transaction - # generates. Please reduce the number of writes, or use fewer indexes. (Maximum number: 20000) - user_numbers_intervals = split_interval(user_number_starting_point, user_number_ending_point, - user_split_parallel_threads) - results = Parallel(n_jobs=-1, backend="multiprocessing")( - map(delayed(load_users), user_numbers_intervals)) - - -if __name__ == "__main__": - main() diff --git a/demos/benchmarking/docker-jans-loadtesting-jmeter/yaml/load-users/load_users_spanner_job.yaml b/demos/benchmarking/docker-jans-loadtesting-jmeter/yaml/load-users/load_users_spanner_job.yaml deleted file mode 100644 index 55b6fb34d96..00000000000 --- a/demos/benchmarking/docker-jans-loadtesting-jmeter/yaml/load-users/load_users_spanner_job.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app: load-users - name: load-users-spanner-cm -data: - GOOGLE_APPLICATION_CREDENTIALS: '/etc/certs/google_service_account.json' - GOOGLE_PROJECT_ID: cb.cbns.svc.cluster.local - GOOGLE_SPANNER_INSTANCE_ID: "cn-test" - GOOGLE_SPANNER_DATABASE_ID: "test" - LOAD_USERS_TO_SPANNER: "true" - USER_NUMBER_STARTING_POINT: "0" - USER_NUMBER_ENDING_POINT: "10000000" ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app: load-users - name: load-users-spanner -spec: - backoffLimit: 1 - template: - metadata: - labels: - app: load-users - spec: - #hostAliases: - # - ip: NGINX_IP - # hostnames: - # - FQDN - volumes: - - name: google-sa - secret: - secretName: google-sa - containers: - - envFrom: - - configMapRef: - name: load-users-spanner-cm - image: ghcr.io/janssenproject/jans/loadtesting-jmeter:1.1.6_dev - volumeMounts: - - mountPath: /etc/certs/google_service_account.json - name: google-sa - subPath: google_service_account.json - name: load-users-spanner - resources: - limits: - cpu: 30000m - memory: 5000Mi - requests: - cpu: 30000m - memory: 5000Mi - restartPolicy: Never diff --git a/docs/janssen-server/recipes/benchmark.md b/docs/janssen-server/recipes/benchmark.md index 4d71f51b376..91a09d2386d 100644 --- a/docs/janssen-server/recipes/benchmark.md +++ b/docs/janssen-server/recipes/benchmark.md @@ -193,8 +193,6 @@ Loading users requires a hefty but temporary amount of resources. By default, th | `LOAD_USERS_TO_COUCHBASE` | Enable loading users to Couchbase persistence. `true` or `false` == `` | `false` | | `LOAD_USERS_TO_RDBMS` | Enable loading users to RDBMS persistence. `true` or `false` == `` | `false` | | `USER_SPLIT_PARALLEL_THREADS` | The number of parallel threads to break the total number users across. This number heavily effects vCPU usage. | `20` | - | `GOOGLE_APPLICATION_CREDENTIALS` | Google Credentials JSON SA file. **Used with Spanner** | `` | - | `GOOGLE_PROJECT_ID` | Google Project ID. **Used with Spanner** | `` | | `RDBMS_TYPE` | RDBMS type if `mysql` or `pgsql` is the persistence to load users in. | `mysql` | | `RDBMS_DB` | RDBMS Database name if `mysql` or `pgsql` is the persistence to load users in. | `jans` | | `RDBMS_USER` | RDBMS user if `mysql` or `pgsql` is the persistence to load users in. | `jans` | From 0b0704e166c5a0c27fd45796ca1931009cdb1b3d Mon Sep 17 00:00:00 2001 From: iromli Date: Thu, 7 Nov 2024 22:35:09 +0700 Subject: [PATCH 6/8] chore: sync templates into images Signed-off-by: iromli --- docker-jans-all-in-one/Dockerfile | 2 +- docker-jans-auth-server/Dockerfile | 3 +-- docker-jans-casa/Dockerfile | 3 +-- docker-jans-certmanager/Dockerfile | 2 +- docker-jans-config-api/Dockerfile | 3 +-- docker-jans-configurator/Dockerfile | 2 +- docker-jans-fido2/Dockerfile | 3 +-- docker-jans-kc-scheduler/Dockerfile | 2 +- docker-jans-keycloak-link/Dockerfile | 3 +-- docker-jans-link/Dockerfile | 3 +-- docker-jans-monolith/Dockerfile | 2 +- docker-jans-persistence-loader/Dockerfile | 2 +- docker-jans-saml/Dockerfile | 3 +-- docker-jans-scim/Dockerfile | 3 +-- 14 files changed, 14 insertions(+), 22 deletions(-) diff --git a/docker-jans-all-in-one/Dockerfile b/docker-jans-all-in-one/Dockerfile index 05589eeb4e4..9926ee5c14f 100644 --- a/docker-jans-all-in-one/Dockerfile +++ b/docker-jans-all-in-one/Dockerfile @@ -58,7 +58,7 @@ RUN apk update \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 +ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 # note that as we're pulling from a monorepo (with multiple project in it) # we are using partial-clone and sparse-checkout to get the assets diff --git a/docker-jans-auth-server/Dockerfile b/docker-jans-auth-server/Dockerfile index ea64ee5ba63..264d63fe6f9 100644 --- a/docker-jans-auth-server/Dockerfile +++ b/docker-jans-auth-server/Dockerfile @@ -103,7 +103,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-auth/agama/fl \ /app/static/rdbm \ /app/schema -ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 +ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) @@ -119,7 +119,6 @@ RUN git clone --depth 500 --filter blob:none --no-checkout https://github.com/ja && cp ${JANS_SETUP_DIR}/static/rdbm/sql_data_types.json /app/static/rdbm/ \ && cp ${JANS_SETUP_DIR}/static/rdbm/ldap_sql_data_type_mapping.json /app/static/rdbm/ \ && cp ${JANS_SETUP_DIR}/static/rdbm/opendj_attributes_syntax.json /app/static/rdbm/ \ - && cp ${JANS_SETUP_DIR}/static/rdbm/sub_tables.json /app/static/rdbm/ \ && cp ${JANS_SETUP_DIR}/schema/jans_schema.json /app/schema/ \ && cp ${JANS_SETUP_DIR}/schema/custom_schema.json /app/schema/ \ && cp ${JANS_SETUP_DIR}/schema/opendj_types.json /app/schema/ \ diff --git a/docker-jans-casa/Dockerfile b/docker-jans-casa/Dockerfile index 778f54be487..aa95ddf377e 100644 --- a/docker-jans-casa/Dockerfile +++ b/docker-jans-casa/Dockerfile @@ -60,7 +60,7 @@ RUN mkdir -p /usr/share/java \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 +ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) @@ -81,7 +81,6 @@ RUN cd /tmp/jans \ && cp ${JANS_SETUP_DIR}/static/rdbm/sql_data_types.json /app/static/rdbm/ \ && cp ${JANS_SETUP_DIR}/static/rdbm/ldap_sql_data_type_mapping.json /app/static/rdbm/ \ && cp ${JANS_SETUP_DIR}/static/rdbm/opendj_attributes_syntax.json /app/static/rdbm/ \ - && cp ${JANS_SETUP_DIR}/static/rdbm/sub_tables.json /app/static/rdbm/ \ && cp ${JANS_SETUP_DIR}/schema/jans_schema.json /app/schema/ \ && cp ${JANS_SETUP_DIR}/schema/custom_schema.json /app/schema/ \ && cp ${JANS_SETUP_DIR}/schema/opendj_types.json /app/schema/ \ diff --git a/docker-jans-certmanager/Dockerfile b/docker-jans-certmanager/Dockerfile index 1eab709d153..a7c8b69e1dc 100644 --- a/docker-jans-certmanager/Dockerfile +++ b/docker-jans-certmanager/Dockerfile @@ -25,7 +25,7 @@ RUN wget -q ${CN_SOURCE_URL} -P /app/javalibs/ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 +ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 # note that as we're pulling from a monorepo (with multiple project in it) # we are using partial-clone and sparse-checkout to get the assets diff --git a/docker-jans-config-api/Dockerfile b/docker-jans-config-api/Dockerfile index 51e60ae9f60..e5d5b199723 100644 --- a/docker-jans-config-api/Dockerfile +++ b/docker-jans-config-api/Dockerfile @@ -70,7 +70,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-config-api/_plugins \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 +ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup ARG JANS_CONFIG_API_RESOURCES=jans-config-api/server/src/main/resources @@ -96,7 +96,6 @@ RUN cd /tmp/jans \ && cp ${JANS_SETUP_DIR}/static/rdbm/sql_data_types.json /app/static/rdbm/ \ && cp ${JANS_SETUP_DIR}/static/rdbm/ldap_sql_data_type_mapping.json /app/static/rdbm/ \ && cp ${JANS_SETUP_DIR}/static/rdbm/opendj_attributes_syntax.json /app/static/rdbm/ \ - && cp ${JANS_SETUP_DIR}/static/rdbm/sub_tables.json /app/static/rdbm/ \ && cp ${JANS_SETUP_DIR}/schema/jans_schema.json /app/schema/ \ && cp ${JANS_SETUP_DIR}/schema/custom_schema.json /app/schema/ \ && cp ${JANS_SETUP_DIR}/schema/opendj_types.json /app/schema/ \ diff --git a/docker-jans-configurator/Dockerfile b/docker-jans-configurator/Dockerfile index 3863ec841b5..4eadbd1deed 100644 --- a/docker-jans-configurator/Dockerfile +++ b/docker-jans-configurator/Dockerfile @@ -27,7 +27,7 @@ RUN mkdir -p /opt/jans/configurator/javalibs \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 +ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 RUN git clone --depth 500 --filter blob:none --no-checkout https://github.com/janssenproject/jans /tmp/jans \ && cd /tmp/jans \ diff --git a/docker-jans-fido2/Dockerfile b/docker-jans-fido2/Dockerfile index 6b3cd86854c..65c6b60685a 100644 --- a/docker-jans-fido2/Dockerfile +++ b/docker-jans-fido2/Dockerfile @@ -61,7 +61,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-fido2/webapps \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 +ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) @@ -87,7 +87,6 @@ RUN cd /tmp/jans \ && cp ${JANS_SETUP_DIR}/static/rdbm/sql_data_types.json /app/static/rdbm/ \ && cp ${JANS_SETUP_DIR}/static/rdbm/ldap_sql_data_type_mapping.json /app/static/rdbm/ \ && cp ${JANS_SETUP_DIR}/static/rdbm/opendj_attributes_syntax.json /app/static/rdbm/ \ - && cp ${JANS_SETUP_DIR}/static/rdbm/sub_tables.json /app/static/rdbm/ \ && cp ${JANS_SETUP_DIR}/schema/jans_schema.json /app/schema/ \ && cp ${JANS_SETUP_DIR}/schema/custom_schema.json /app/schema/ \ && cp ${JANS_SETUP_DIR}/schema/opendj_types.json /app/schema/ \ diff --git a/docker-jans-kc-scheduler/Dockerfile b/docker-jans-kc-scheduler/Dockerfile index f1f7ef9fda7..90ed3df0486 100644 --- a/docker-jans-kc-scheduler/Dockerfile +++ b/docker-jans-kc-scheduler/Dockerfile @@ -38,7 +38,7 @@ RUN wget -q https://repo1.maven.org/maven2/org/codehaus/janino/janino/3.1.9/jani # Assets sync # =========== -ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 +ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 # note that as we're pulling from a monorepo (with multiple project in it) # we are using partial-clone and sparse-checkout to get the assets diff --git a/docker-jans-keycloak-link/Dockerfile b/docker-jans-keycloak-link/Dockerfile index 0bf36561c91..93b3098af3a 100644 --- a/docker-jans-keycloak-link/Dockerfile +++ b/docker-jans-keycloak-link/Dockerfile @@ -61,7 +61,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-keycloak-link/webapps \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 +ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) @@ -83,7 +83,6 @@ RUN cd /tmp/jans \ && cp ${JANS_SETUP_DIR}/static/rdbm/sql_data_types.json /app/static/rdbm/ \ && cp ${JANS_SETUP_DIR}/static/rdbm/ldap_sql_data_type_mapping.json /app/static/rdbm/ \ && cp ${JANS_SETUP_DIR}/static/rdbm/opendj_attributes_syntax.json /app/static/rdbm/ \ - && cp ${JANS_SETUP_DIR}/static/rdbm/sub_tables.json /app/static/rdbm/ \ && cp ${JANS_SETUP_DIR}/schema/jans_schema.json /app/schema/ \ && cp ${JANS_SETUP_DIR}/schema/custom_schema.json /app/schema/ \ && cp ${JANS_SETUP_DIR}/schema/opendj_types.json /app/schema/ \ diff --git a/docker-jans-link/Dockerfile b/docker-jans-link/Dockerfile index 7be8e469874..7cd1fa4262e 100644 --- a/docker-jans-link/Dockerfile +++ b/docker-jans-link/Dockerfile @@ -61,7 +61,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-link/webapps \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 +ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) @@ -83,7 +83,6 @@ RUN cd /tmp/jans \ && cp ${JANS_SETUP_DIR}/static/rdbm/sql_data_types.json /app/static/rdbm/ \ && cp ${JANS_SETUP_DIR}/static/rdbm/ldap_sql_data_type_mapping.json /app/static/rdbm/ \ && cp ${JANS_SETUP_DIR}/static/rdbm/opendj_attributes_syntax.json /app/static/rdbm/ \ - && cp ${JANS_SETUP_DIR}/static/rdbm/sub_tables.json /app/static/rdbm/ \ && cp ${JANS_SETUP_DIR}/schema/jans_schema.json /app/schema/ \ && cp ${JANS_SETUP_DIR}/schema/custom_schema.json /app/schema/ \ && cp ${JANS_SETUP_DIR}/schema/opendj_types.json /app/schema/ \ diff --git a/docker-jans-monolith/Dockerfile b/docker-jans-monolith/Dockerfile index 4d335711136..f04b5f1b29e 100644 --- a/docker-jans-monolith/Dockerfile +++ b/docker-jans-monolith/Dockerfile @@ -42,7 +42,7 @@ EXPOSE 443 8080 1636 # jans-linux-setup # ===================== -ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 +ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 # cleanup RUN rm -rf /tmp/jans diff --git a/docker-jans-persistence-loader/Dockerfile b/docker-jans-persistence-loader/Dockerfile index 5dc88543f0a..07b6627f67b 100644 --- a/docker-jans-persistence-loader/Dockerfile +++ b/docker-jans-persistence-loader/Dockerfile @@ -16,7 +16,7 @@ RUN apk update \ # =========== # janssenproject/jans SHA commit -ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 +ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup ARG JANS_SCRIPT_CATALOG_DIR=docs/script-catalog ARG JANS_CONFIG_API_RESOURCES=jans-config-api/server/src/main/resources diff --git a/docker-jans-saml/Dockerfile b/docker-jans-saml/Dockerfile index ff3f3e28739..84d6b27dc2c 100644 --- a/docker-jans-saml/Dockerfile +++ b/docker-jans-saml/Dockerfile @@ -35,7 +35,7 @@ RUN wget -q https://jenkins.jans.io/maven/io/jans/kc-jans-spi/${CN_VERSION}/kc-j # Assets sync # =========== -ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 +ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) @@ -56,7 +56,6 @@ RUN cd /tmp/jans \ && cp ${JANS_SETUP_DIR}/static/rdbm/sql_data_types.json /app/static/rdbm/ \ && cp ${JANS_SETUP_DIR}/static/rdbm/ldap_sql_data_type_mapping.json /app/static/rdbm/ \ && cp ${JANS_SETUP_DIR}/static/rdbm/opendj_attributes_syntax.json /app/static/rdbm/ \ - && cp ${JANS_SETUP_DIR}/static/rdbm/sub_tables.json /app/static/rdbm/ \ && cp ${JANS_SETUP_DIR}/schema/jans_schema.json /app/schema/ \ && cp ${JANS_SETUP_DIR}/schema/custom_schema.json /app/schema/ \ && cp ${JANS_SETUP_DIR}/schema/opendj_types.json /app/schema/ \ diff --git a/docker-jans-scim/Dockerfile b/docker-jans-scim/Dockerfile index 8c54f59cf03..1c86ef9a738 100644 --- a/docker-jans-scim/Dockerfile +++ b/docker-jans-scim/Dockerfile @@ -60,7 +60,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-scim/webapps \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=030ea2548f8dc365d98157f82c4edd169db5aec7 +ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup ARG JANS_SCIM_RESOURCE_DIR=jans-scim/server/src/main/resources @@ -84,7 +84,6 @@ RUN cd /tmp/jans \ && cp ${JANS_SETUP_DIR}/static/rdbm/sql_data_types.json /app/static/rdbm/ \ && cp ${JANS_SETUP_DIR}/static/rdbm/ldap_sql_data_type_mapping.json /app/static/rdbm/ \ && cp ${JANS_SETUP_DIR}/static/rdbm/opendj_attributes_syntax.json /app/static/rdbm/ \ - && cp ${JANS_SETUP_DIR}/static/rdbm/sub_tables.json /app/static/rdbm/ \ && cp ${JANS_SETUP_DIR}/schema/jans_schema.json /app/schema/ \ && cp ${JANS_SETUP_DIR}/schema/custom_schema.json /app/schema/ \ && cp ${JANS_SETUP_DIR}/schema/opendj_types.json /app/schema/ \ From 44e14873e095c12817be7dc6721d2a3401cb9130 Mon Sep 17 00:00:00 2001 From: iromli Date: Thu, 7 Nov 2024 23:27:40 +0700 Subject: [PATCH 7/8] docs: remove spanner references Signed-off-by: iromli --- docs/janssen-server/install/README.md | 2 +- docs/janssen-server/planning/caching.md | 6 +++--- docs/janssen-server/planning/persistence.md | 4 ---- .../reference/kubernetes/config-secret-keys.md | 2 +- 4 files changed, 5 insertions(+), 9 deletions(-) diff --git a/docs/janssen-server/install/README.md b/docs/janssen-server/install/README.md index 0956db0cf79..fe22ec8619c 100644 --- a/docs/janssen-server/install/README.md +++ b/docs/janssen-server/install/README.md @@ -32,7 +32,7 @@ configuration tool to perform any other last mile configuration. ## Databases The Janssen Project gives you a few options to store data: MySQL, Postgres, -Couchbase, Amazon Aurora, and Spanner. You can also configure an in-memory cache +Couchbase, and Amazon Aurora. You can also configure an in-memory cache server like Redis. Sometimes installation and configuration of this database is included in the setup process. Sometimes, you need to setup the database ahead of time. Please refer to the database instructions specific for your diff --git a/docs/janssen-server/planning/caching.md b/docs/janssen-server/planning/caching.md index bd03ed6f3e1..b4faa5425a0 100644 --- a/docs/janssen-server/planning/caching.md +++ b/docs/janssen-server/planning/caching.md @@ -27,9 +27,9 @@ cluster, it may be convenient to persist the "cache" data in the database. Janssen Auth Server can use "ephemeral buckets", which exist only in memory, for caching. -1. **Redis** The best choice if you need a cache service for RDBMS, -or Spanner. Great performance and low cache miss rate. Commercial Redis -supports TLS, which is a good option if you need secure communication. +1. **Redis** The best choice if you need a cache service for RDBMS. Great performance +and low cache miss rate. Commercial Redis supports TLS, which is a good option if you +need secure communication. 1. **Memcached** Still a good choice, especially if that's what you already run for other applications. We have observed a slightly higher cache miss diff --git a/docs/janssen-server/planning/persistence.md b/docs/janssen-server/planning/persistence.md index 21f7f9bd885..3b206526750 100644 --- a/docs/janssen-server/planning/persistence.md +++ b/docs/janssen-server/planning/persistence.md @@ -48,7 +48,3 @@ The main catch is that write operations are limited to one region, with the ability to failover to another region. But to accomplish this, you need a cloud engineer to implement it. -1. **Spanner** Google's multi-region cloud database as a service, Spanner -was purpose-built for auto-scaling, and multi-region persistence. It has its own -API, although recently Google added support for MySQL and Postgres drivers. - diff --git a/docs/janssen-server/reference/kubernetes/config-secret-keys.md b/docs/janssen-server/reference/kubernetes/config-secret-keys.md index 48395c38ea8..50554b33843 100644 --- a/docs/janssen-server/reference/kubernetes/config-secret-keys.md +++ b/docs/janssen-server/reference/kubernetes/config-secret-keys.md @@ -591,7 +591,7 @@ Note that `_secret` may contain other keys depending on persistence, secrets/con } ``` -1. Persistence is set to `spanner` or secrets/configmaps backend is set to `google`: +1. Secrets/configmaps backend is set to `google`: ```json "_secret": { From 9e31277a02054fd9596daad0cba0cdada94a08de Mon Sep 17 00:00:00 2001 From: moabu <47318409+moabu@users.noreply.github.com> Date: Mon, 11 Nov 2024 13:21:14 +0300 Subject: [PATCH 8/8] docs: update refs --- .../kubernetes/docker-jans-auth-server.md | 20 ++++---- .../reference/kubernetes/docker-jans-casa.md | 20 ++++---- .../kubernetes/docker-jans-certmanager.md | 20 ++++---- .../kubernetes/docker-jans-config-api.md | 20 ++++---- .../reference/kubernetes/docker-jans-fido2.md | 18 ++++---- .../reference/kubernetes/docker-jans-link.md | 23 +++++----- .../kubernetes/docker-jans-monolith.md | 3 +- .../docker-jans-persistence-loader.md | 20 ++++---- .../reference/kubernetes/docker-jans-saml.md | 18 ++++---- .../reference/kubernetes/docker-jans-scim.md | 18 ++++---- .../reference/kubernetes/helm-chart.md | 46 +++++++++++-------- 11 files changed, 111 insertions(+), 115 deletions(-) diff --git a/docs/janssen-server/reference/kubernetes/docker-jans-auth-server.md b/docs/janssen-server/reference/kubernetes/docker-jans-auth-server.md index 6eddc8cbc54..5d4e3820cdc 100644 --- a/docs/janssen-server/reference/kubernetes/docker-jans-auth-server.md +++ b/docs/janssen-server/reference/kubernetes/docker-jans-auth-server.md @@ -50,7 +50,7 @@ The following environment variables are supported by the container: - `CN_WAIT_SLEEP_DURATION`: Delay between startup "health checks" (default to `10` seconds). - `CN_MAX_RAM_PERCENTAGE`: Value passed to Java option `-XX:MaxRAMPercentage`. - `CN_DEBUG_PORT`: port of remote debugging (if omitted, remote debugging will be disabled). -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `couchbase`, `spanner`, `sql`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `couchbase`, `sql`, or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. - `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`). - `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`). @@ -76,8 +76,6 @@ The following environment variables are supported by the container: - `CN_GOOGLE_SECRET_VERSION_ID`: Janssen secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended. - `CN_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen secret in Google Secret Manager. Defaults to `jans`. If left `jans-secret` secret will be created. - `CN_GOOGLE_SECRET_MANAGER_PASSPHRASE`: Passphrase for Janssen secret in Google Secret Manager. This is recommended to be changed and defaults to `secret`. -- `CN_GOOGLE_SPANNER_INSTANCE_ID`: Google Spanner instance ID. -- `CN_GOOGLE_SPANNER_DATABASE_ID`: Google Spanner database ID. - `CN_JETTY_REQUEST_HEADER_SIZE`: Maximum size of request header accepted by Jetty (default to `8192`). - `CN_AUTH_APP_LOGGERS`: Custom logging configuration in JSON-string format with hash type (see [Configure app loggers](#configure-app-loggers) section for details). - `CN_PROMETHEUS_PORT`: Port used by Prometheus JMX agent (default to empty string). To enable Prometheus JMX agent, set the value to a number. See [Exposing metrics](#exposing-metrics) for details. @@ -185,12 +183,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -199,11 +197,11 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "couchbase", - "session": "spanner", + "session": "sql", } ``` diff --git a/docs/janssen-server/reference/kubernetes/docker-jans-casa.md b/docs/janssen-server/reference/kubernetes/docker-jans-casa.md index 89b28d16f43..365c5b32c42 100644 --- a/docs/janssen-server/reference/kubernetes/docker-jans-casa.md +++ b/docs/janssen-server/reference/kubernetes/docker-jans-casa.md @@ -41,7 +41,7 @@ The following environment variables are supported by the container: - `CN_WAIT_MAX_TIME`: How long the startup "health checks" should run (default to `300` seconds). - `CN_WAIT_SLEEP_DURATION`: Delay between startup "health checks" (default to `10` seconds). - `CN_MAX_RAM_PERCENTAGE`: Value passed to Java option `-XX:MaxRAMPercentage`. -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, `spanner`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. - `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`); required if `CN_PERSISTENCE_TYPE` is set to `couchbase` or `hybrid`. - `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`); required if `CN_PERSISTENCE_TYPE` is set to `couchbase` or `hybrid`. @@ -64,8 +64,6 @@ The following environment variables are supported by the container: - `CN_SQL_DB_PORT`: Port of SQL backend (default to `3306`). - `CN_SQL_DB_NAME`: Database name (default to `jans`) - `CN_SQL_DB_USER`: Username to interact with SQL backend (default to `jans`). -- `CN_GOOGLE_SPANNER_INSTANCE_ID`: Instance ID of Google Spanner (default to empty string). -- `CN_GOOGLE_SPANNER_DATABASE_ID`: Database ID of Google Spanner (default to empty string). - `GOOGLE_APPLICATION_CREDENTIALS`: Optional JSON file (contains Google credentials) that can be injected into container for authentication. Refer to https://cloud.google.com/docs/authentication/provide-credentials-adc#how-to for supported credentials. - `GOOGLE_PROJECT_ID`: ID of Google project. - `CN_GOOGLE_SECRET_VERSION_ID`: Janssen secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended. @@ -133,12 +131,12 @@ Hybrid persistence supports all available persistence types. To configure hybrid ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -147,10 +145,10 @@ Hybrid persistence supports all available persistence types. To configure hybrid ``` { "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "couchbase", - "session": "spanner", + "session": "sql", } ``` diff --git a/docs/janssen-server/reference/kubernetes/docker-jans-certmanager.md b/docs/janssen-server/reference/kubernetes/docker-jans-certmanager.md index 8ccdcb9176b..f146ee0ead7 100644 --- a/docs/janssen-server/reference/kubernetes/docker-jans-certmanager.md +++ b/docs/janssen-server/reference/kubernetes/docker-jans-certmanager.md @@ -50,7 +50,7 @@ The following environment variables are supported by the container: - `CN_SECRET_GOOGLE_SECRET_VERSION_ID`: Google Secret Manager version ID (default to `latest`). - `CN_SECRET_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Google Secret Manager name (default to `jans`). - `CN_SECRET_GOOGLE_SECRET_MANAGER_PASSPHRASE`: Passphrase for Google Secret Manager (default to `secret`). -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, `spanner`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. - `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`). - `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`). @@ -69,8 +69,6 @@ The following environment variables are supported by the container: - `CN_GOOGLE_SECRET_VERSION_ID`: Janssen secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended. - `CN_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen secret in Google Secret Manager. Defaults to `jans`. If left `jans-secret` secret will be created. - `CN_GOOGLE_SECRET_MANAGER_PASSPHRASE`: Passphrase for Janssen secret in Google Secret Manager. This is recommended to be changed and defaults to `secret`. -- `CN_GOOGLE_SPANNER_INSTANCE_ID`: Google Spanner instance ID. -- `CN_GOOGLE_SPANNER_DATABASE_ID`: Google Spanner database ID. - `CN_SQL_DB_HOST`: Hostname of the SQL database (default to `localhost`). - `CN_SQL_DB_PORT`: Port of the SQL database (default to `3306` for MySQL). - `CN_SQL_DB_NAME`: SQL database name (default to `jans`). @@ -224,12 +222,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -238,10 +236,10 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "couchbase", - "session": "spanner", + "session": "sql", } ``` diff --git a/docs/janssen-server/reference/kubernetes/docker-jans-config-api.md b/docs/janssen-server/reference/kubernetes/docker-jans-config-api.md index 898521dd692..478e66f123b 100644 --- a/docs/janssen-server/reference/kubernetes/docker-jans-config-api.md +++ b/docs/janssen-server/reference/kubernetes/docker-jans-config-api.md @@ -49,7 +49,7 @@ The following environment variables are supported by the container: - `CN_WAIT_MAX_TIME`: How long the startup "health checks" should run (default to `300` seconds). - `CN_WAIT_SLEEP_DURATION`: Delay between startup "health checks" (default to `10` seconds). - `CN_MAX_RAM_PERCENTAGE`: Value passed to Java option `-XX:MaxRAMPercentage`. -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `couchbase`, `sql`, `spanner`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `couchbase`, `sql`, or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. - `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`). - `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`). @@ -70,8 +70,6 @@ The following environment variables are supported by the container: - `CN_GOOGLE_SECRET_VERSION_ID`: Janssen secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended. - `CN_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen secret in Google Secret Manager. Defaults to `jans`. If left `jans-secret` secret will be created. - `CN_GOOGLE_SECRET_MANAGER_PASSPHRASE`: Passphrase for Janssen secret in Google Secret Manager. This is recommended to be changed and defaults to `secret`. -- `CN_GOOGLE_SPANNER_INSTANCE_ID`: Google Spanner instance ID. -- `CN_GOOGLE_SPANNER_DATABASE_ID`: Google Spanner database ID. - `CN_CONFIG_API_APP_LOGGERS`: Custom logging configuration in JSON-string format with hash type (see [Configure app loggers](#configure-app-loggers) section for details). - `CN_CONFIG_API_PLUGINS`: Comma-separated plugin names that should be enabled (available plugins are `admin-ui`, `scim`, `fido2`, `user-mgt`, `jans-link`, `kc-saml`, `kc-link`, `lock`). Note that unknown plugin name will be ignored. - `CN_TOKEN_SERVER_BASE_URL`: Base URL of token server (default to empty). @@ -180,12 +178,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -194,11 +192,11 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "couchbase", - "session": "spanner", + "session": "sql", } ``` diff --git a/docs/janssen-server/reference/kubernetes/docker-jans-fido2.md b/docs/janssen-server/reference/kubernetes/docker-jans-fido2.md index d8339fc980d..08115d1e2e5 100644 --- a/docs/janssen-server/reference/kubernetes/docker-jans-fido2.md +++ b/docs/janssen-server/reference/kubernetes/docker-jans-fido2.md @@ -49,7 +49,7 @@ The following environment variables are supported by the container: - `CN_WAIT_MAX_TIME`: How long the startup "health checks" should run (default to `300` seconds). - `CN_WAIT_SLEEP_DURATION`: Delay between startup "health checks" (default to `10` seconds). - `CN_MAX_RAM_PERCENTAGE`: Value passed to Java option `-XX:MaxRAMPercentage`. -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, `spanner`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. - `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`). - `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`). @@ -135,12 +135,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -149,11 +149,11 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "couchbase", - "session": "spanner", + "session": "sql", } ``` diff --git a/docs/janssen-server/reference/kubernetes/docker-jans-link.md b/docs/janssen-server/reference/kubernetes/docker-jans-link.md index 607737f0f7d..ddba8047e08 100644 --- a/docs/janssen-server/reference/kubernetes/docker-jans-link.md +++ b/docs/janssen-server/reference/kubernetes/docker-jans-link.md @@ -49,7 +49,7 @@ The following environment variables are supported by the container: - `CN_WAIT_MAX_TIME`: How long the startup "health checks" should run (default to `300` seconds). - `CN_WAIT_SLEEP_DURATION`: Delay between startup "health checks" (default to `10` seconds). - `CN_MAX_RAM_PERCENTAGE`: Value passed to Java option `-XX:MaxRAMPercentage`. -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, `spanner`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. - `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`). - `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`). @@ -62,13 +62,13 @@ The following environment variables are supported by the container: - `CN_COUCHBASE_TRUSTSTORE_ENABLE`: Enable truststore for encrypted Couchbase connection (default to `true`). - `CN_COUCHBASE_KEEPALIVE_INTERVAL`: Keep-alive interval for Couchbase connection (default to `30000` milliseconds). - `CN_COUCHBASE_KEEPALIVE_TIMEOUT`: Keep-alive timeout for Couchbase connection (default to `2500` milliseconds). -- `CN_LINK_JAVA_OPTIONS`: Java options passed to entrypoint, i.e. `-Xmx1024m` (default to empty-string). +- `CN_KEYCLOAK_LINK_JAVA_OPTIONS`: Java options passed to entrypoint, i.e. `-Xmx1024m` (default to empty-string). - `GOOGLE_APPLICATION_CREDENTIALS`: Optional JSON file (contains Google credentials) that can be injected into container for authentication. Refer to https://cloud.google.com/docs/authentication/provide-credentials-adc#how-to for supported credentials. - `GOOGLE_PROJECT_ID`: ID of Google project. - `CN_GOOGLE_SECRET_VERSION_ID`: Janssen secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended. - `CN_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen secret in Google Secret Manager. Defaults to `jans`. If left `jans-secret` secret will be created. - `CN_GOOGLE_SECRET_MANAGER_PASSPHRASE`: Passphrase for Janssen secret in Google Secret Manager. This is recommended to be changed and defaults to `secret`. -- `CN_LINK_APP_LOGGERS`: Custom logging configuration in JSON-string format with hash type (see [Configure app loggers](#configure-app-loggers) section for details). +- `CN_CACHE_REFRESH_APP_LOGGERS`: Custom logging configuration in JSON-string format with hash type (see [Configure app loggers](#configure-app-loggers) section for details). - `CN_PROMETHEUS_PORT`: Port used by Prometheus JMX agent (default to empty string). To enable Prometheus JMX agent, set the value to a number. See [Exposing metrics](#exposing-metrics) for details. - `CN_SQL_DB_HOST`: Hostname of the SQL database (default to `localhost`). - `CN_SQL_DB_PORT`: Port of the SQL database (default to `3306` for MySQL). @@ -135,12 +135,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -149,11 +149,11 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "couchbase", - "session": "spanner", + "session": "sql", } ``` @@ -166,4 +166,3 @@ i.e. `http://container:9093/metrics`. Note that Prometheus JMX exporter uses pre-defined config file (see `conf/prometheus-config.yaml`). To customize the config, mount custom config file to `/opt/prometheus/prometheus-config.yaml` inside the container. - diff --git a/docs/janssen-server/reference/kubernetes/docker-jans-monolith.md b/docs/janssen-server/reference/kubernetes/docker-jans-monolith.md index 3c00a1f8f09..88b87cf419c 100644 --- a/docs/janssen-server/reference/kubernetes/docker-jans-monolith.md +++ b/docs/janssen-server/reference/kubernetes/docker-jans-monolith.md @@ -53,6 +53,7 @@ Installation depends on the set of environment variables shown below. These envi Download the compose file of your chosen persistence from mysql or postgres ```bash + wget https://raw.githubusercontent.com/JanssenProject/jans/main/docker-jans-monolith/jans-mysql-compose.yml wget https://raw.githubusercontent.com/JanssenProject/jans/main/docker-jans-monolith/jans-postgres-compose.yml ``` @@ -100,7 +101,7 @@ To stop the containers. 3. Use the CLI tools located under `/opt/jans/jans-cli/` to configure Gluu flex as needed. For example you can run the [TUI](https://docs.jans.io/head/admin/config-guide/config-tools/jans-tui/): ```bash - jans tui + python3 /opt/jans/jans-cli/config-cli-tui.py ``` ## Access endpoints externally diff --git a/docs/janssen-server/reference/kubernetes/docker-jans-persistence-loader.md b/docs/janssen-server/reference/kubernetes/docker-jans-persistence-loader.md index e04d9e89ab2..9e40da3e013 100644 --- a/docs/janssen-server/reference/kubernetes/docker-jans-persistence-loader.md +++ b/docs/janssen-server/reference/kubernetes/docker-jans-persistence-loader.md @@ -54,7 +54,7 @@ The following environment variables are supported by the container: - `CN_REDIS_URL`: URL of Redis server, format is host:port (optional; default to `localhost:6379`). - `CN_REDIS_TYPE`: Redis service type, either `STANDALONE` or `CLUSTER` (optional; default to `STANDALONE`). - `CN_MEMCACHED_URL`: URL of Memcache server, format is host:port (optional; default to `localhost:11211`). -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (`couchbase`, `sql`, `spanner`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (`couchbase`, `sql`, or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. - `CN_PERSISTENCE_SKIP_INITIALIZED`: skip initialization if backend already initialized (default to `false`). - `CN_PERSISTENCE_UPDATE_AUTH_DYNAMIC_CONFIG`: Whether to allow automatic updates of `jans-auth` configuration (default to `true`). @@ -73,8 +73,6 @@ The following environment variables are supported by the container: - `CN_GOOGLE_SECRET_VERSION_ID`: Janssen secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended. - `CN_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen secret in Google Secret Manager. Defaults to `jans`. If left `jans-secret` secret will be created. - `CN_GOOGLE_SECRET_MANAGER_PASSPHRASE`: Passphrase for Janssen secret in Google Secret Manager. This is recommended to be changed and defaults to `secret`. -- `CN_GOOGLE_SPANNER_INSTANCE_ID`: Google Spanner instance ID. -- `CN_GOOGLE_SPANNER_DATABASE_ID`: Google Spanner database ID. - `CN_SQL_DB_HOST`: Hostname of the SQL database (default to `localhost`). - `CN_SQL_DB_PORT`: Port of the SQL database (default to `3306` for MySQL). - `CN_SQL_DB_NAME`: SQL database name (default to `jans`). @@ -101,12 +99,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -115,11 +113,11 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "couchbase", - "session": "spanner", + "session": "sql", } ``` diff --git a/docs/janssen-server/reference/kubernetes/docker-jans-saml.md b/docs/janssen-server/reference/kubernetes/docker-jans-saml.md index ea347bc5954..5d17c69ccda 100644 --- a/docs/janssen-server/reference/kubernetes/docker-jans-saml.md +++ b/docs/janssen-server/reference/kubernetes/docker-jans-saml.md @@ -49,7 +49,7 @@ The following environment variables are supported by the container: - `CN_WAIT_MAX_TIME`: How long the startup "health checks" should run (default to `300` seconds). - `CN_WAIT_SLEEP_DURATION`: Delay between startup "health checks" (default to `10` seconds). - `CN_MAX_RAM_PERCENTAGE`: Value passed to Java option `-XX:MaxRAMPercentage`. -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, `spanner`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. - `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`). - `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`). @@ -98,12 +98,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -112,11 +112,11 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "couchbase", - "session": "spanner", + "session": "sql", } ``` diff --git a/docs/janssen-server/reference/kubernetes/docker-jans-scim.md b/docs/janssen-server/reference/kubernetes/docker-jans-scim.md index b4a9a98ca2d..a57076e14c5 100644 --- a/docs/janssen-server/reference/kubernetes/docker-jans-scim.md +++ b/docs/janssen-server/reference/kubernetes/docker-jans-scim.md @@ -49,7 +49,7 @@ The following environment variables are supported by the container: - `CN_WAIT_MAX_TIME`: How long the startup "health checks" should run (default to `300` seconds). - `CN_WAIT_SLEEP_DURATION`: Delay between startup "health checks" (default to `10` seconds). - `CN_MAX_RAM_PERCENTAGE`: Value passed to Java option `-XX:MaxRAMPercentage`. -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, `spanner`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. - `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`). - `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`). @@ -135,12 +135,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -149,11 +149,11 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { "default": "sql", - "user": "spanner", + "user": "sql", "site": "sql", "cache": "sql", "token": "couchbase", - "session": "spanner", + "session": "sql", } ``` diff --git a/docs/janssen-server/reference/kubernetes/helm-chart.md b/docs/janssen-server/reference/kubernetes/helm-chart.md index 85257b1ebad..e2c7402f3db 100644 --- a/docs/janssen-server/reference/kubernetes/helm-chart.md +++ b/docs/janssen-server/reference/kubernetes/helm-chart.md @@ -41,10 +41,11 @@ Kubernetes: `>=v1.22.0-0` | Key | Type | Default | Description | |-----|------|---------|-------------| -| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/auth-server","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Janssen. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. | -| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/certmanager","tag":"1.1.6_dev"},"keysLife":48,"keysPushDelay":0,"keysPushStrategy":"NEWER","keysStrategy":"NEWER","lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours | +| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/auth-server","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Janssen. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. | +| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/certmanager","tag":"1.1.6_dev"},"keysLife":48,"keysPushDelay":0,"keysPushStrategy":"NEWER","keysStrategy":"NEWER","lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours | | auth-server-key-rotation.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | auth-server-key-rotation.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| auth-server-key-rotation.customCommand | list | `[]` | Add custom job's command. If passed, it will override the default conditional command. | | auth-server-key-rotation.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | auth-server-key-rotation.dnsConfig | object | `{}` | Add custom dns config | | auth-server-key-rotation.dnsPolicy | string | `""` | Add custom dns policy | @@ -68,6 +69,7 @@ Kubernetes: `>=v1.22.0-0` | auth-server-key-rotation.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | | auth-server.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | auth-server.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| auth-server.customCommand | list | `[]` | Add custom pod's command. If passed, it will override the default conditional command. | | auth-server.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | auth-server.dnsConfig | object | `{}` | Add custom dns config | | auth-server.dnsPolicy | string | `""` | Add custom dns policy | @@ -94,9 +96,10 @@ Kubernetes: `>=v1.22.0-0` | auth-server.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | auth-server.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | auth-server.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| casa | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/casa","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Janssen Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Janssen Auth Server. | +| casa | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/casa","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Janssen Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Janssen Auth Server. | | casa.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | casa.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| casa.customCommand | list | `[]` | Add custom pod's command. If passed, it will override the default conditional command. | | casa.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | casa.dnsConfig | object | `{}` | Add custom dns config | | casa.dnsPolicy | string | `""` | Add custom dns policy | @@ -124,10 +127,11 @@ Kubernetes: `>=v1.22.0-0` | casa.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | casa.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | casa.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnAwsAccessKeyId":"","cnAwsDefaultRegion":"us-west-1","cnAwsProfile":"janssen","cnAwsSecretAccessKey":"","cnAwsSecretsEndpointUrl":"","cnAwsSecretsNamePrefix":"janssen","cnAwsSecretsReplicaRegions":[],"cnCacheType":"NATIVE_PERSISTENCE","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbjanssen.default.svc.cluster.local","cnCouchbaseUser":"janssen","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSecretNamePrefix":"janssen","cnGoogleSecretVersionId":"latest","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnMaxRamPercent":"75.0","cnMessageType":"DISABLED","cnOpaUrl":"http://opa.opa.svc.cluster.cluster.local:8181/v1","cnPersistenceHybridMapping":"{}","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"jans","cnSqlDbPort":3306,"cnSqlDbSchema":"","cnSqlDbTimezone":"UTC","cnSqlDbUser":"jans","cnSqldbUserPassword":"Test1234#","cnVaultAddr":"http://localhost:8200","cnVaultAppRolePath":"approle","cnVaultKvPath":"secret","cnVaultNamespace":"","cnVaultPrefix":"jans","cnVaultRoleId":"","cnVaultRoleIdFile":"/etc/certs/vault_role_id","cnVaultSecretId":"","cnVaultSecretIdFile":"/etc/certs/vault_secret_id","cnVaultVerify":false,"kcDbPassword":"Test1234#","kcDbSchema":"keycloak","kcDbUrlDatabase":"keycloak","kcDbUrlHost":"mysql.kc.svc.cluster.local","kcDbUrlPort":3306,"kcDbUrlProperties":"?useUnicode=true&characterEncoding=UTF-8&character_set_server=utf8mb4","kcDbUsername":"keycloak","kcDbVendor":"mysql","kcLogLevel":"INFO","lbAddr":"","quarkusTransactionEnableRecovery":true},"countryCode":"US","customScripts":[],"dnsConfig":{},"dnsPolicy":"","email":"support@jans.io","image":{"pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/configurator","tag":"1.1.6_dev"},"lifecycle":{},"orgName":"Janssen","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"salt":"","state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Janssen services. | -| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/config-api","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1200Mi"},"requests":{"cpu":"1000m","memory":"1200Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). | +| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnAwsAccessKeyId":"","cnAwsDefaultRegion":"us-west-1","cnAwsProfile":"janssen","cnAwsSecretAccessKey":"","cnAwsSecretsEndpointUrl":"","cnAwsSecretsNamePrefix":"janssen","cnAwsSecretsReplicaRegions":[],"cnCacheType":"NATIVE_PERSISTENCE","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbjanssen.default.svc.cluster.local","cnCouchbaseUser":"janssen","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSecretNamePrefix":"janssen","cnGoogleSecretVersionId":"latest","cnJettyRequestHeaderSize":8192,"cnMaxRamPercent":"75.0","cnMessageType":"DISABLED","cnOpaUrl":"http://opa.opa.svc.cluster.cluster.local:8181/v1","cnPersistenceHybridMapping":"{}","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"jans","cnSqlDbPort":3306,"cnSqlDbSchema":"","cnSqlDbTimezone":"UTC","cnSqlDbUser":"jans","cnSqldbUserPassword":"Test1234#","cnVaultAddr":"http://localhost:8200","cnVaultAppRolePath":"approle","cnVaultKvPath":"secret","cnVaultNamespace":"","cnVaultPrefix":"jans","cnVaultRoleId":"","cnVaultRoleIdFile":"/etc/certs/vault_role_id","cnVaultSecretId":"","cnVaultSecretIdFile":"/etc/certs/vault_secret_id","cnVaultVerify":false,"kcDbPassword":"Test1234#","kcDbSchema":"keycloak","kcDbUrlDatabase":"keycloak","kcDbUrlHost":"mysql.kc.svc.cluster.local","kcDbUrlPort":3306,"kcDbUrlProperties":"?useUnicode=true&characterEncoding=UTF-8&character_set_server=utf8mb4","kcDbUsername":"keycloak","kcDbVendor":"mysql","kcLogLevel":"INFO","lbAddr":"","quarkusTransactionEnableRecovery":true},"countryCode":"US","customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","email":"support@jans.io","image":{"pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/configurator","tag":"1.1.6_dev"},"lifecycle":{},"orgName":"Janssen","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"salt":"","state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Janssen services. | +| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/config-api","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1200Mi"},"requests":{"cpu":"1000m","memory":"1200Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). | | config-api.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | config-api.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| config-api.customCommand | list | `[]` | Add custom pod's command. If passed, it will override the default conditional command. | | config-api.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | config-api.dnsConfig | object | `{}` | Add custom dns config | | config-api.dnsPolicy | string | `""` | Add custom dns policy | @@ -171,13 +175,11 @@ Kubernetes: `>=v1.22.0-0` | config.configmap.cnGoogleSecretManagerServiceAccount | string | `"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo="` | Service account with roles roles/secretmanager.admin base64 encoded string. This is used often inside the services to reach the configuration layer. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | | config.configmap.cnGoogleSecretNamePrefix | string | `"janssen"` | Prefix for Janssen secret in Google Secret Manager. Defaults to janssen. If left janssen-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | | config.configmap.cnGoogleSecretVersionId | string | `"latest"` | Secret version to be used for secret configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | -| config.configmap.cnGoogleSpannerDatabaseId | string | `""` | Google Spanner Database ID. Used only when global.cnPersistenceType is spanner. | -| config.configmap.cnGoogleSpannerInstanceId | string | `""` | Google Spanner ID. Used only when global.cnPersistenceType is spanner. | | config.configmap.cnJettyRequestHeaderSize | int | `8192` | Jetty header size in bytes in the auth server | | config.configmap.cnMaxRamPercent | string | `"75.0"` | Value passed to Java option -XX:MaxRAMPercentage | | config.configmap.cnMessageType | string | `"DISABLED"` | Message type (one of POSTGRES, REDIS, or DISABLED) | | config.configmap.cnOpaUrl | string | `"http://opa.opa.svc.cluster.cluster.local:8181/v1"` | URL of OPA API | -| config.configmap.cnPersistenceHybridMapping | string | `"{}"` | Specify data that should be saved in persistence (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`. { "default": "", "user": "", "site": "", "cache": "", "token": "", "session": "", } | +| config.configmap.cnPersistenceHybridMapping | string | `"{}"` | Specify data that should be saved in persistence (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`. { "default": "", "user": "", "site": "", "cache": "", "token": "", "session": "", } | | config.configmap.cnRedisSentinelGroup | string | `""` | Redis Sentinel Group. Often set when `config.configmap.cnRedisType` is set to `SENTINEL`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | | config.configmap.cnRedisSslTruststore | string | `""` | Redis SSL truststore. Optional. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | | config.configmap.cnRedisType | string | `"STANDALONE"` | Redis service type. `STANDALONE` or `CLUSTER`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | @@ -215,6 +217,7 @@ Kubernetes: `>=v1.22.0-0` | config.configmap.lbAddr | string | `""` | Load balancer address for AWS if the FQDN is not registered. | | config.configmap.quarkusTransactionEnableRecovery | bool | `true` | Quarkus transaction recovery. When using MySQL, there could be issue regarding XA_RECOVER_ADMIN; refer to https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_xa-recover-admin for details. | | config.countryCode | string | `"US"` | Country code. Used for certificate creation. | +| config.customCommand | list | `[]` | Add custom job's command. If passed, it will override the default conditional command. | | config.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | config.dnsConfig | object | `{}` | Add custom dns config | | config.dnsPolicy | string | `""` | Add custom dns policy | @@ -236,9 +239,10 @@ Kubernetes: `>=v1.22.0-0` | config.usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 | | config.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | config.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/fido2","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. | +| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/fido2","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. | | fido2.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | fido2.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| fido2.customCommand | list | `[]` | Add custom pod's command. If passed, it will override the default conditional command. | | fido2.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | fido2.dnsConfig | object | `{}` | Add custom dns config | | fido2.dnsPolicy | string | `""` | Add custom dns policy | @@ -267,7 +271,7 @@ Kubernetes: `>=v1.22.0-0` | fido2.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | fido2.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | fido2.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| global | object | `{"alb":{"ingress":false},"auth-server":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authServerServiceName":"auth-server","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":true,"ingress":{"authServerAdditionalAnnotations":{},"authServerEnabled":true,"authServerLabels":{},"deviceCodeAdditionalAnnotations":{},"deviceCodeEnabled":true,"deviceCodeLabels":{},"firebaseMessagingAdditionalAnnotations":{},"firebaseMessagingEnabled":true,"firebaseMessagingLabels":{},"lockAdditionalAnnotations":{},"lockConfigAdditionalAnnotations":{},"lockConfigEnabled":false,"lockConfigLabels":{},"lockEnabled":false,"lockLabels":{},"openidAdditionalAnnotations":{},"openidConfigEnabled":true,"openidConfigLabels":{},"u2fAdditionalAnnotations":{},"u2fConfigEnabled":true,"u2fConfigLabels":{},"uma2AdditionalAnnotations":{},"uma2ConfigEnabled":true,"uma2ConfigLabels":{},"webdiscoveryAdditionalAnnotations":{},"webdiscoveryEnabled":true,"webdiscoveryLabels":{},"webfingerAdditionalAnnotations":{},"webfingerEnabled":true,"webfingerLabels":{}},"lockEnabled":false},"auth-server-key-rotation":{"customAnnotations":{"cronjob":{},"secret":{},"service":{}},"enabled":true,"initKeysLife":48},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","casa":{"appLoggers":{"casaLogLevel":"INFO","casaLogTarget":"STDOUT","enableStdoutLogPrefix":"true","timerLogLevel":"INFO","timerLogTarget":"FILE"},"casaServiceName":"casa","cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":true,"ingress":{"casaAdditionalAnnotations":{},"casaEnabled":false,"casaLabels":{}}},"cloud":{"testEnviroment":false},"cnAwsConfigFile":"/etc/jans/conf/aws_config_file","cnAwsSecretsReplicaRegionsFile":"/etc/jans/conf/aws_secrets_replica_regions","cnAwsSharedCredentialsFile":"/etc/jans/conf/aws_shared_credential_file","cnConfiguratorConfigurationFile":"/etc/jans/conf/configuration.json","cnConfiguratorCustomSchema":{"secretName":""},"cnConfiguratorDumpFile":"/etc/jans/conf/configuration.out.json","cnCouchbasePasswordFile":"/etc/jans/conf/couchbase_password","cnCouchbaseSuperuserPasswordFile":"/etc/jans/conf/couchbase_superuser_password","cnDocumentStoreType":"DB","cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnPersistenceType":"sql","cnPrometheusPort":"","cnSqlPasswordFile":"/etc/jans/conf/sql_password","config":{"customAnnotations":{"clusterRoleBinding":{},"configMap":{},"job":{},"role":{},"roleBinding":{},"secret":{},"service":{},"serviceAccount":{}},"enabled":true},"config-api":{"appLoggers":{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT","enableStdoutLogPrefix":"true","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","configApiServerServiceName":"config-api","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"podDisruptionBudget":{},"service":{},"virtualService":{}},"enabled":true,"ingress":{"configApiAdditionalAnnotations":{},"configApiEnabled":true,"configApiLabels":{}},"plugins":"fido2,scim,user-mgt"},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","fido2":{"appLoggers":{"enableStdoutLogPrefix":"true","fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":true,"fido2ServiceName":"fido2","ingress":{"fido2AdditionalAnnotations":{},"fido2ConfigAdditionalAnnotations":{},"fido2ConfigEnabled":false,"fido2ConfigLabels":{},"fido2Enabled":false,"fido2Labels":{}}},"fqdn":"demoexample.jans.io","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"additionalAnnotations":{},"additionalLabels":{},"enabled":false,"gateways":[],"ingress":false,"namespace":"istio-system"},"jobTtlSecondsAfterFinished":300,"kc-scheduler":{"enabled":false},"kcAdminCredentialsFile":"/etc/jans/conf/kc_admin_creds","kcDbPasswordFile":"/etc/jans/conf/kc_db_password","lbIp":"22.22.22.22","link":{"appLoggers":{"enableStdoutLogPrefix":"true","linkLogLevel":"INFO","linkLogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"podDisruptionBudget":{},"service":{},"virtualService":{}},"enabled":false,"ingress":{"linkEnabled":true},"linkServiceName":"link"},"nginx-ingress":{"enabled":true},"persistence":{"customAnnotations":{"job":{},"secret":{},"service":{}},"enabled":true},"saml":{"cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":false,"ingress":{"samlAdditionalAnnotations":{},"samlEnabled":false,"samlLabels":{}},"samlServiceName":"saml"},"scim":{"appLoggers":{"enableStdoutLogPrefix":"true","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":true,"ingress":{"scimAdditionalAnnotations":{},"scimConfigAdditionalAnnotations":{},"scimConfigEnabled":false,"scimConfigLabels":{},"scimEnabled":false,"scimLabels":{}},"scimServiceName":"scim"},"serviceAccountName":"default","storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"usrEnvs":{"normal":{},"secret":{}}}` | Parameters used globally across all services helm charts. | +| global | object | `{"alb":{"ingress":false},"auth-server":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authServerServiceName":"auth-server","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":true,"ingress":{"authServerAdditionalAnnotations":{},"authServerEnabled":true,"authServerLabels":{},"deviceCodeAdditionalAnnotations":{},"deviceCodeEnabled":true,"deviceCodeLabels":{},"firebaseMessagingAdditionalAnnotations":{},"firebaseMessagingEnabled":true,"firebaseMessagingLabels":{},"lockAdditionalAnnotations":{},"lockConfigAdditionalAnnotations":{},"lockConfigEnabled":false,"lockConfigLabels":{},"lockEnabled":false,"lockLabels":{},"openidAdditionalAnnotations":{},"openidConfigEnabled":true,"openidConfigLabels":{},"u2fAdditionalAnnotations":{},"u2fConfigEnabled":true,"u2fConfigLabels":{},"uma2AdditionalAnnotations":{},"uma2ConfigEnabled":true,"uma2ConfigLabels":{},"webdiscoveryAdditionalAnnotations":{},"webdiscoveryEnabled":true,"webdiscoveryLabels":{},"webfingerAdditionalAnnotations":{},"webfingerEnabled":true,"webfingerLabels":{}},"lockEnabled":false},"auth-server-key-rotation":{"customAnnotations":{"cronjob":{},"secret":{},"service":{}},"enabled":true,"initKeysLife":48},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","casa":{"appLoggers":{"casaLogLevel":"INFO","casaLogTarget":"STDOUT","enableStdoutLogPrefix":"true","timerLogLevel":"INFO","timerLogTarget":"FILE"},"casaServiceName":"casa","cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":true,"ingress":{"casaAdditionalAnnotations":{},"casaEnabled":false,"casaLabels":{}}},"cloud":{"testEnviroment":false},"cnAwsConfigFile":"/etc/jans/conf/aws_config_file","cnAwsSecretsReplicaRegionsFile":"/etc/jans/conf/aws_secrets_replica_regions","cnAwsSharedCredentialsFile":"/etc/jans/conf/aws_shared_credential_file","cnConfiguratorConfigurationFile":"/etc/jans/conf/configuration.json","cnConfiguratorCustomSchema":{"secretName":""},"cnConfiguratorDumpFile":"/etc/jans/conf/configuration.out.json","cnCouchbasePasswordFile":"/etc/jans/conf/couchbase_password","cnCouchbaseSuperuserPasswordFile":"/etc/jans/conf/couchbase_superuser_password","cnDocumentStoreType":"DB","cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnPersistenceType":"sql","cnPrometheusPort":"","cnSqlPasswordFile":"/etc/jans/conf/sql_password","config":{"customAnnotations":{"clusterRoleBinding":{},"configMap":{},"job":{},"role":{},"roleBinding":{},"secret":{},"service":{},"serviceAccount":{}},"enabled":true},"config-api":{"appLoggers":{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT","enableStdoutLogPrefix":"true","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","configApiServerServiceName":"config-api","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"service":{},"virtualService":{}},"enabled":true,"ingress":{"configApiAdditionalAnnotations":{},"configApiEnabled":true,"configApiLabels":{}},"plugins":"fido2,scim,user-mgt"},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","fido2":{"appLoggers":{"enableStdoutLogPrefix":"true","fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":true,"fido2ServiceName":"fido2","ingress":{"fido2AdditionalAnnotations":{},"fido2ConfigAdditionalAnnotations":{},"fido2ConfigEnabled":false,"fido2ConfigLabels":{},"fido2Enabled":false,"fido2Labels":{}}},"fqdn":"demoexample.jans.io","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"additionalAnnotations":{},"additionalLabels":{},"enabled":false,"gateways":[],"ingress":false,"namespace":"istio-system"},"jobTtlSecondsAfterFinished":300,"kc-scheduler":{"enabled":false},"kcAdminCredentialsFile":"/etc/jans/conf/kc_admin_creds","kcDbPasswordFile":"/etc/jans/conf/kc_db_password","lbIp":"22.22.22.22","link":{"appLoggers":{"enableStdoutLogPrefix":"true","linkLogLevel":"INFO","linkLogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"service":{},"virtualService":{}},"enabled":false,"ingress":{"linkEnabled":true},"linkServiceName":"link"},"nginx-ingress":{"enabled":true},"persistence":{"customAnnotations":{"job":{},"secret":{},"service":{}},"enabled":true},"saml":{"cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":false,"ingress":{"samlAdditionalAnnotations":{},"samlEnabled":false,"samlLabels":{}},"samlServiceName":"saml"},"scim":{"appLoggers":{"enableStdoutLogPrefix":"true","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"cnCustomJavaOptions":"","customAnnotations":{"deployment":{},"destinationRule":{},"horizontalPodAutoscaler":{},"pod":{},"podDisruptionBudget":{},"secret":{},"service":{},"virtualService":{}},"enabled":true,"ingress":{"scimAdditionalAnnotations":{},"scimConfigAdditionalAnnotations":{},"scimConfigEnabled":false,"scimConfigLabels":{},"scimEnabled":false,"scimLabels":{}},"scimServiceName":"scim"},"serviceAccountName":"default","storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"usrEnvs":{"normal":{},"secret":{}}}` | Parameters used globally across all services helm charts. | | global.alb.ingress | bool | `false` | Activates ALB ingress | | global.auth-server-key-rotation.enabled | bool | `true` | Boolean flag to enable/disable the auth-server-key rotation cronjob chart. | | global.auth-server-key-rotation.initKeysLife | int | `48` | The initial auth server key rotation keys life in hours | @@ -346,8 +350,8 @@ Kubernetes: `>=v1.22.0-0` | global.cnCouchbasePasswordFile | string | `"/etc/jans/conf/couchbase_password"` | Path to Couchbase password file | | global.cnCouchbaseSuperuserPasswordFile | string | `"/etc/jans/conf/couchbase_superuser_password"` | Path to Couchbase superuser password file | | global.cnDocumentStoreType | string | `"DB"` | Document store type to use for shibboleth files DB. | -| global.cnGoogleApplicationCredentials | string | `"/etc/jans/conf/google-credentials.json"` | Base64 encoded service account. The sa must have roles/secretmanager.admin to use Google secrets and roles/spanner.databaseUser to use Spanner. Leave as this is a sensible default. | -| global.cnPersistenceType | string | `"sql"` | Persistence backend to run Janssen with couchbase|hybrid|sql|spanner. | +| global.cnGoogleApplicationCredentials | string | `"/etc/jans/conf/google-credentials.json"` | Base64 encoded service account. The sa must have roles/secretmanager.admin to use Google secrets. Leave as this is a sensible default. | +| global.cnPersistenceType | string | `"sql"` | Persistence backend to run Janssen with couchbase|hybrid|sql | | global.cnPrometheusPort | string | `""` | Port used by Prometheus JMX agent (default to empty string). To enable Prometheus JMX agent, set the value to a number. | | global.cnSqlPasswordFile | string | `"/etc/jans/conf/sql_password"` | Path to SQL password file | | global.config-api.appLoggers | object | `{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT","enableStdoutLogPrefix":"true","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"}` | App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. | @@ -452,9 +456,10 @@ Kubernetes: `>=v1.22.0-0` | global.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service. Envs defined in global.userEnvs will be globally available to all services | | global.usrEnvs.normal | object | `{}` | Add custom normal envs to the service. variable1: value1 | | global.usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 | -| kc-scheduler | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/kc-scheduler","tag":"1.1.6_dev"},"interval":10,"lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for synchronizing Keycloak SAML clients | +| kc-scheduler | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/kc-scheduler","tag":"1.1.6_dev"},"interval":10,"lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for synchronizing Keycloak SAML clients | | kc-scheduler.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | kc-scheduler.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| kc-scheduler.customCommand | list | `[]` | Add custom job's command. If passed, it will override the default conditional command. | | kc-scheduler.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | kc-scheduler.dnsConfig | object | `{}` | Add custom dns config | | kc-scheduler.dnsPolicy | string | `""` | Add custom dns policy | @@ -473,9 +478,10 @@ Kubernetes: `>=v1.22.0-0` | kc-scheduler.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | kc-scheduler.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | kc-scheduler.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| link | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/link","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"1200Mi"},"requests":{"cpu":"500m","memory":"1200Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Link. | +| link | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/link","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"1200Mi"},"requests":{"cpu":"500m","memory":"1200Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Link. | | link.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | link.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| link.customCommand | list | `[]` | Add custom pod's command. If passed, it will override the default conditional command. | | link.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | link.dnsConfig | object | `{}` | Add custom dns config | | link.dnsPolicy | string | `""` | Add custom dns policy | @@ -506,9 +512,10 @@ Kubernetes: `>=v1.22.0-0` | nginx-ingress.ingress.additionalAnnotations | object | `{}` | Additional annotations that will be added across all ingress definitions in the format of {cert-manager.io/issuer: "letsencrypt-prod"} Enable client certificate authentication nginx.ingress.kubernetes.io/auth-tls-verify-client: "optional" Create the secret containing the trusted ca certificates nginx.ingress.kubernetes.io/auth-tls-secret: "janssen/tls-certificate" Specify the verification depth in the client certificates chain nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1" Specify if certificates are passed to upstream server nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" | | nginx-ingress.ingress.additionalLabels | object | `{}` | Additional labels that will be added across all ingress definitions in the format of {mylabel: "myapp"} | | nginx-ingress.ingress.tls | list | `[{"hosts":["demoexample.jans.io"],"secretName":"tls-certificate"}]` | Secrets holding HTTPS CA cert and key. | -| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/persistence-loader","tag":"1.1.6_dev"},"lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and initial config for Janssen Server persistence layer. | +| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/persistence-loader","tag":"1.1.6_dev"},"lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and initial config for Janssen Server persistence layer. | | persistence.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | persistence.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| persistence.customCommand | list | `[]` | Add custom job's command. If passed, it will override the default conditional command. | | persistence.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | persistence.dnsConfig | object | `{}` | Add custom dns config | | persistence.dnsPolicy | string | `""` | Add custom dns policy | @@ -526,9 +533,10 @@ Kubernetes: `>=v1.22.0-0` | persistence.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | persistence.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | persistence.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| saml | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/saml","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":10,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":10,"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"1200Mi"},"requests":{"cpu":"500m","memory":"1200Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | SAML. | +| saml | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/saml","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":10,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":10,"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"1200Mi"},"requests":{"cpu":"500m","memory":"1200Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | SAML. | | saml.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | saml.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| saml.customCommand | list | `[]` | Add custom pod's command. If passed, it will override the default conditional command. | | saml.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | saml.dnsConfig | object | `{}` | Add custom dns config | | saml.dnsPolicy | string | `""` | Add custom dns policy | @@ -555,9 +563,10 @@ Kubernetes: `>=v1.22.0-0` | saml.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | saml.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | saml.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/scim","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1200Mi"},"requests":{"cpu":"1000m","memory":"1200Mi"}},"service":{"name":"http-scim","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 | +| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"customCommand":[],"customScripts":[],"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/scim","tag":"1.1.6_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1200Mi"},"requests":{"cpu":"1000m","memory":"1200Mi"}},"service":{"name":"http-scim","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 | | scim.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | scim.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | +| scim.customCommand | list | `[]` | Add custom pod's command. If passed, it will override the default conditional command. | | scim.customScripts | list | `[]` | Add custom scripts that have been mounted to run before the entrypoint. - /tmp/custom.sh - /tmp/custom2.sh | | scim.dnsConfig | object | `{}` | Add custom dns config | | scim.dnsPolicy | string | `""` | Add custom dns policy | @@ -586,6 +595,3 @@ Kubernetes: `>=v1.22.0-0` | scim.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | scim.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | scim.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)