diff --git a/demos/benchmarking/docker-jans-loadtesting-jmeter/Dockerfile b/demos/benchmarking/docker-jans-loadtesting-jmeter/Dockerfile index 98920584c1b..71dc4d1e793 100644 --- a/demos/benchmarking/docker-jans-loadtesting-jmeter/Dockerfile +++ b/demos/benchmarking/docker-jans-loadtesting-jmeter/Dockerfile @@ -29,11 +29,8 @@ ENV FQDN="https://demoexample.jans.io" \ RUN_DCR_TEST=false \ TEST_USERS_PREFIX_STRING="test_user" \ THREAD_COUNT=200 \ - COUCHBASE_URL="" \ - COUCHBASE_PW="" \ USER_NUMBER_STARTING_POINT=0 \ USER_NUMBER_ENDING_POINT=50000000 \ - LOAD_USERS_TO_COUCHBASE=false \ LOAD_USERS_TO_RDBMS=false \ USER_SPLIT_PARALLEL_THREADS=20 \ # pgsql or mysql diff --git a/demos/benchmarking/docker-jans-loadtesting-jmeter/README.md b/demos/benchmarking/docker-jans-loadtesting-jmeter/README.md index d2ba70fdd7d..44c0eecbdbf 100644 --- a/demos/benchmarking/docker-jans-loadtesting-jmeter/README.md +++ b/demos/benchmarking/docker-jans-loadtesting-jmeter/README.md @@ -17,11 +17,8 @@ Installation depends on the set of environment variables shown below. These envi | ENV | Description | Default | |----------------------------------|---------------------------------------------------------------------------------------------------------------|------------------------| | `TEST_USERS_PREFIX_STRING` | The user prefix string attached to the test users loaded | `test_user` | -| `COUCHBASE_URL` | Couchbase URL if Couchbase is the persistence to load users in. | `` | -| `COUCHBASE_PW` | Couchbase PW if Couchbase is the persistence to load users in. | `` | | `USER_NUMBER_STARTING_POINT` | The user number to start from . This is appended to the username i.e test_user0 | `0` | | `USER_NUMBER_ENDING_POINT` | The user number to end at. | `50000000` | -| `LOAD_USERS_TO_COUCHBASE` | Enable loading users to Couchbase persistence. `true` or `false` == `` | `false` | | `LOAD_USERS_TO_RDBMS` | Enable loading users to RDBMS persistence. `true` or `false` == `` | `false` | | `USER_SPLIT_PARALLEL_THREADS` | The number of parallel threads to break the total number users across. This number heavily effects CPU usage. | `20` | | `RDBMS_TYPE` | RDBMS type if `mysql` or `pgsql` is the persistence to load users in. | `mysql` | diff --git a/demos/benchmarking/docker-jans-loadtesting-jmeter/requirements.txt b/demos/benchmarking/docker-jans-loadtesting-jmeter/requirements.txt index 1389bb12fd4..e8095fea4c1 100644 --- a/demos/benchmarking/docker-jans-loadtesting-jmeter/requirements.txt +++ b/demos/benchmarking/docker-jans-loadtesting-jmeter/requirements.txt @@ -3,7 +3,3 @@ joblib pygtail psycopg2-binary PyMySQL -# =============== -# Install Couchbase Client -# =============== -couchbase diff --git a/demos/benchmarking/docker-jans-loadtesting-jmeter/scripts/add_users_couchbase.py b/demos/benchmarking/docker-jans-loadtesting-jmeter/scripts/add_users_couchbase.py deleted file mode 100644 index 621abddfc4e..00000000000 --- a/demos/benchmarking/docker-jans-loadtesting-jmeter/scripts/add_users_couchbase.py +++ /dev/null @@ -1,108 +0,0 @@ -import base64 -import os -import hashlib -import uuid -import time -import logging -from couchbase.cluster import Cluster, ClusterOptions -from couchbase.cluster import PasswordAuthenticator -from joblib import Parallel, delayed - -def get_logger(name): - log_format = '%(asctime)s - %(name)8s - %(levelname)5s - %(message)s' - logging.basicConfig(level=logging.INFO, - format=log_format, - filename='setup.log', - filemode='w') - console = logging.StreamHandler() - console.setLevel(logging.INFO) - console.setFormatter(logging.Formatter(log_format)) - logging.getLogger(name).addHandler(console) - return logging.getLogger(name) - - -logger = get_logger("cb-user-loader") - -user_number_starting_point = int(os.environ.get("USER_NUMBER_STARTING_POINT", 0)) -user_number_ending_point = int(os.environ.get("USER_NUMBER_ENDING_POINT", 50000000)) -user_split_parallel_threads = int(os.environ.get("USER_SPLIT_PARALLEL_THREADS", 20)) -user_id_prefix = os.environ.get("TEST_USERS_PREFIX_STRING", "test_user") -logger.info("Starting to add users to Couchbase. This will add user{} to user{} ".format( - str(user_number_starting_point), str(user_number_ending_point))) -couchbase_url = os.environ.get("COUCHBASE_URL", "cb.cbns.svc.cluster.local") -couchbase_pw = os.environ.get("COUCHBASE_PW", "Test1234#") - -cluster = Cluster('couchbase://' + couchbase_url, ClusterOptions(PasswordAuthenticator('admin', couchbase_pw))) -cb = cluster.bucket('jans_user') - - -def split_interval(start, end, num_of_parts): - part_interval = (end - start) / num_of_parts - parts = [] - marker = start - - for _ in range(num_of_parts): - part = [marker, marker + part_interval] - marker += part_interval - parts.append(part) - return parts - - -def make_secret(password): - salt = os.urandom(4) - sha = hashlib.sha1(password.encode('utf-8')) - sha.update(salt) - digest_ = sha.digest() - b64encoded = base64.b64encode(digest_ + salt).decode('utf-8') - encrypted_password = '{{SSHA}}{0}'.format(b64encoded) - return encrypted_password - - -def load_users(interval): - logger.info("-------------------") - logger.info("Thread {} started!".format(str(interval))) - logger.info(time.ctime(time.time())) - logger.info("-------------------") - start = interval[0] + 1 - end = interval[1] - while start <= end: - inum = str(uuid.uuid4()) - name = '{}{}'.format(user_id_prefix, int(start)) - sn = 'lastname{}'.format(int(start)) - dn = "inum={0},ou=people,o=jans".format(inum) - key = 'people_' + inum - cn = name + ' ' + sn - - user_data = { - "userPassword": make_secret('topsecret' + str(int(start))), - "mail": name + '@jans.io', - "displayName": name + ' ' + sn, - "givenName": name, - "objectClass": "jansPerson", - "dn": dn, - "cn": cn, - "inum": inum, - "uid": name, - "jansStatus": "active", - "sn": sn - } - try: - cb.insert(key, user_data) - except Exception as e: - logger.error(e) - start += 1 - logger.info("-------------------") - logger.info(time.ctime(time.time())) - logger.info("Thread {} Ended!".format(str(interval))) - logger.info("-------------------") - - -def main(): - user_numbers_intervals = split_interval(user_number_starting_point, user_number_ending_point, - user_split_parallel_threads) - results = Parallel(n_jobs=-1, backend="multiprocessing")( - map(delayed(load_users), user_numbers_intervals)) - - -if __name__ == "__main__": - main() diff --git a/demos/benchmarking/docker-jans-loadtesting-jmeter/scripts/entrypoint.sh b/demos/benchmarking/docker-jans-loadtesting-jmeter/scripts/entrypoint.sh index b5f2d5e8d30..c1312c4a8d5 100644 --- a/demos/benchmarking/docker-jans-loadtesting-jmeter/scripts/entrypoint.sh +++ b/demos/benchmarking/docker-jans-loadtesting-jmeter/scripts/entrypoint.sh @@ -1,16 +1,10 @@ #!/bin/bash set -e -# ================================================================================================ # -# Check if this is a user loading job to the backend couchbase # -# ================================================================================================ # -if [[ "$LOAD_USERS_TO_COUCHBASE" = "true" ]]; then - /usr/bin/python3 /scripts/add_users_couchbase.py - exit 0 # ================================================================================================ # # Check if this is a user loading job to the backend RDBMS # # ================================================================================================ # -elif [[ "$LOAD_USERS_TO_RDBMS" = "true" ]]; then +if [[ "$LOAD_USERS_TO_RDBMS" = "true" ]]; then /usr/bin/python3 /scripts/add_users_rdbm.py exit 0 fi diff --git a/demos/benchmarking/docker-jans-loadtesting-jmeter/yaml/load-users/load_users_couchbase_job.yaml b/demos/benchmarking/docker-jans-loadtesting-jmeter/yaml/load-users/load_users_couchbase_job.yaml deleted file mode 100644 index bd14bb9e213..00000000000 --- a/demos/benchmarking/docker-jans-loadtesting-jmeter/yaml/load-users/load_users_couchbase_job.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app: load-users - name: load-users-cb-cm -data: - COUCHBASE_PW: Test1234# - COUCHBASE_URL: cb.cbns.svc.cluster.local - LOAD_USERS_TO_COUCHBASE: "true" - USER_NUMBER_STARTING_POINT: "0" - USER_NUMBER_ENDING_POINT: "10000000" ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app: load-users - name: load-users-cb -spec: - template: - metadata: - labels: - app: load-users - spec: - #hostAliases: - # - ip: NGINX_IP - # hostnames: - # - FQDN - containers: - - envFrom: - - configMapRef: - name: load-users-cb-cm - image: ghcr.io/janssenproject/jans/loadtesting-jmeter:1.1.6_dev - name: load-users - resources: - limits: - cpu: 10000m - memory: 5000Mi - requests: - cpu: 10000m - memory: 5000Mi - restartPolicy: Never diff --git a/docker-jans-all-in-one/Dockerfile b/docker-jans-all-in-one/Dockerfile index 9926ee5c14f..c38855c631f 100644 --- a/docker-jans-all-in-one/Dockerfile +++ b/docker-jans-all-in-one/Dockerfile @@ -58,7 +58,7 @@ RUN apk update \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 +ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 # note that as we're pulling from a monorepo (with multiple project in it) # we are using partial-clone and sparse-checkout to get the assets @@ -211,8 +211,6 @@ ENV JETTY_BASE=/opt/jans/jetty \ CN_LINK_JAVA_OPTIONS="" \ CN_SHARE_AUTH_CONF=false \ CN_SQL_PASSWORD_FILE=/etc/jans/conf/sql_password \ - CN_COUCHBASE_PASSWORD_FILE=/etc/jans/conf/couchbase_password \ - CN_COUCHBASE_SUPERUSER_PASSWORD_FILE=/etc/jans/conf/couchbase_superuser_password \ CN_KEYCLOAK_LINK_JETTY_HOST=127.0.0.1 \ CN_KEYCLOAK_LINK_JETTY_PORT=9092 \ CN_KEYCLOAK_LINK_JAVA_OPTIONS="" \ diff --git a/docker-jans-auth-server/Dockerfile b/docker-jans-auth-server/Dockerfile index 264d63fe6f9..9224a2cb259 100644 --- a/docker-jans-auth-server/Dockerfile +++ b/docker-jans-auth-server/Dockerfile @@ -103,7 +103,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-auth/agama/fl \ /app/static/rdbm \ /app/schema -ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 +ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) @@ -205,18 +205,7 @@ ENV CN_SECRET_ADAPTER=vault \ # =============== ENV CN_PERSISTENCE_TYPE=sql \ - CN_HYBRID_MAPPING="{}" \ - CN_COUCHBASE_URL=localhost \ - CN_COUCHBASE_USER=admin \ - CN_COUCHBASE_CERT_FILE=/etc/certs/couchbase.crt \ - CN_COUCHBASE_PASSWORD_FILE=/etc/jans/conf/couchbase_password \ - CN_COUCHBASE_CONN_TIMEOUT=10000 \ - CN_COUCHBASE_CONN_MAX_WAIT=20000 \ - CN_COUCHBASE_SCAN_CONSISTENCY=not_bounded \ - CN_COUCHBASE_BUCKET_PREFIX=jans \ - CN_COUCHBASE_TRUSTSTORE_ENABLE=true \ - CN_COUCHBASE_KEEPALIVE_INTERVAL=30000 \ - CN_COUCHBASE_KEEPALIVE_TIMEOUT=2500 + CN_HYBRID_MAPPING="{}" # =========== # Generic ENV @@ -271,7 +260,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-auth/custom/pages \ ${JETTY_BASE}/jans-auth/custom/libs \ ${JETTY_BASE}/jans-auth/custom/i18n \ ${JETTY_BASE}/jans-auth/logs \ - ${JETTY_BASE}/common/libs/couchbase \ + ${JETTY_BASE}/common/libs \ ${JETTY_HOME}/temp \ /etc/jans/conf \ /app/templates \ diff --git a/docker-jans-auth-server/README.md b/docker-jans-auth-server/README.md index 5d4e3820cdc..5233eda6313 100644 --- a/docker-jans-auth-server/README.md +++ b/docker-jans-auth-server/README.md @@ -50,19 +50,8 @@ The following environment variables are supported by the container: - `CN_WAIT_SLEEP_DURATION`: Delay between startup "health checks" (default to `10` seconds). - `CN_MAX_RAM_PERCENTAGE`: Value passed to Java option `-XX:MaxRAMPercentage`. - `CN_DEBUG_PORT`: port of remote debugging (if omitted, remote debugging will be disabled). -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `couchbase`, `sql`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql` or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. -- `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`). -- `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`). -- `CN_COUCHBASE_CERT_FILE`: Couchbase root certificate location (default to `/etc/certs/couchbase.crt`). -- `CN_COUCHBASE_PASSWORD_FILE`: Path to file contains Couchbase password (default to `/etc/jans/conf/couchbase_password`). -- `CN_COUCHBASE_CONN_TIMEOUT`: Connect timeout used when a bucket is opened (default to `10000` milliseconds). -- `CN_COUCHBASE_CONN_MAX_WAIT`: Maximum time to wait before retrying connection (default to `20000` milliseconds). -- `CN_COUCHBASE_SCAN_CONSISTENCY`: Default scan consistency; one of `not_bounded`, `request_plus`, or `statement_plus` (default to `not_bounded`). -- `CN_COUCHBASE_BUCKET_PREFIX`: Prefix for Couchbase buckets (default to `jans`). -- `CN_COUCHBASE_TRUSTSTORE_ENABLE`: Enable truststore for encrypted Couchbase connection (default to `true`). -- `CN_COUCHBASE_KEEPALIVE_INTERVAL`: Keep-alive interval for Couchbase connection (default to `30000` milliseconds). -- `CN_COUCHBASE_KEEPALIVE_TIMEOUT`: Keep-alive timeout for Couchbase connection (default to `2500` milliseconds). - `CN_AUTH_JAVA_OPTIONS`: Java options passed to entrypoint, i.e. `-Xmx1024m` (default to empty-string). - `CN_DOCUMENT_STORE_TYPE`: Document store type (one of `LOCAL` or `DB`; default to `DB`). - `CN_JACKRABBIT_URL`: URL to remote repository (default to `http://localhost:8080`). @@ -183,12 +172,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -200,7 +189,7 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c "user": "sql", "site": "sql", "cache": "sql", - "token": "couchbase", + "token": "sql", "session": "sql", } ``` diff --git a/docker-jans-auth-server/scripts/bootstrap.py b/docker-jans-auth-server/scripts/bootstrap.py index 2d2d1d80f2a..dcf3f51edfa 100644 --- a/docker-jans-auth-server/scripts/bootstrap.py +++ b/docker-jans-auth-server/scripts/bootstrap.py @@ -7,10 +7,6 @@ from jans.pycloudlib import get_manager from jans.pycloudlib import wait_for_persistence -from jans.pycloudlib.persistence.couchbase import render_couchbase_properties -from jans.pycloudlib.persistence.couchbase import sync_couchbase_cert -from jans.pycloudlib.persistence.couchbase import sync_couchbase_truststore -from jans.pycloudlib.persistence.couchbase import sync_couchbase_password from jans.pycloudlib.persistence.hybrid import render_hybrid_properties from jans.pycloudlib.persistence.sql import render_sql_properties from jans.pycloudlib.persistence.sql import sync_sql_password @@ -47,18 +43,6 @@ def main(): if not os.path.exists(hybrid_prop): render_hybrid_properties(hybrid_prop) - if "couchbase" in persistence_groups: - sync_couchbase_password(manager) - render_couchbase_properties( - manager, - "/app/templates/jans-couchbase.properties", - "/etc/jans/conf/jans-couchbase.properties", - ) - - if as_boolean(os.environ.get("CN_COUCHBASE_TRUSTSTORE_ENABLE", "true")): - sync_couchbase_cert(manager) - sync_couchbase_truststore(manager) - if "sql" in persistence_groups: sync_sql_password(manager) db_dialect = os.environ.get("CN_SQL_DB_DIALECT", "mysql") diff --git a/docker-jans-auth-server/scripts/lock.py b/docker-jans-auth-server/scripts/lock.py index 4f54742732d..637b17cb696 100644 --- a/docker-jans-auth-server/scripts/lock.py +++ b/docker-jans-auth-server/scripts/lock.py @@ -7,7 +7,6 @@ from uuid import uuid4 from jans.pycloudlib import get_manager -from jans.pycloudlib.persistence.couchbase import CouchbaseClient from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.utils import PersistenceMapper from jans.pycloudlib.utils import generate_base64_contents @@ -98,7 +97,6 @@ def __init__(self, manager) -> None: self.manager = manager client_classes = { - "couchbase": CouchbaseClient, "sql": SqlClient, } diff --git a/docker-jans-auth-server/scripts/mod_context.py b/docker-jans-auth-server/scripts/mod_context.py index 29ea49f34ea..3d9ca3df823 100644 --- a/docker-jans-auth-server/scripts/mod_context.py +++ b/docker-jans-auth-server/scripts/mod_context.py @@ -85,13 +85,6 @@ def modify_app_xml(app_name): mapper = PersistenceMapper() persistence_groups = mapper.groups().keys() - for persistence_type in ["couchbase"]: - if persistence_type not in persistence_groups: - continue - - extract_common_libs(persistence_type) - custom_libs += get_registered_common_libs(app_name, persistence_type) - # render custom xml fn = f"/opt/jans/jetty/{app_name}/webapps/{app_name}.xml" diff --git a/docker-jans-auth-server/scripts/upgrade.py b/docker-jans-auth-server/scripts/upgrade.py index 5eb665fb097..48e25671636 100644 --- a/docker-jans-auth-server/scripts/upgrade.py +++ b/docker-jans-auth-server/scripts/upgrade.py @@ -6,8 +6,6 @@ from collections import namedtuple from jans.pycloudlib import get_manager -from jans.pycloudlib.persistence.couchbase import CouchbaseClient -from jans.pycloudlib.persistence.couchbase import id_from_dn from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.sql import doc_id_from_dn from jans.pycloudlib.persistence.utils import PersistenceMapper @@ -147,73 +145,8 @@ def search_entries(self, key, filter_="", attrs=None, **kwargs): ] -class CouchbaseBackend: - def __init__(self, manager): - self.manager = manager - self.client = CouchbaseClient(manager) - self.type = "couchbase" - - def get_entry(self, key, filter_="", attrs=None, **kwargs): - bucket = kwargs.get("bucket") - req = self.client.exec_query( - f"SELECT META().id, {bucket}.* FROM {bucket} USE KEYS '{key}'" # nosec: B608 - ) - if not req.ok: - return None - - try: - _attrs = req.json()["results"][0] - id_ = _attrs.pop("id") - entry = Entry(id_, _attrs) - except IndexError: - entry = None - return entry - - def modify_entry(self, key, attrs=None, **kwargs): - bucket = kwargs.get("bucket") - del_flag = kwargs.get("delete_attr", False) - attrs = attrs or {} - - if del_flag: - kv = ",".join(attrs.keys()) - mod_kv = f"UNSET {kv}" - else: - kv = ",".join([ - "{}={}".format(k, json.dumps(v)) - for k, v in attrs.items() - ]) - mod_kv = f"SET {kv}" - - query = f"UPDATE {bucket} USE KEYS '{key}' {mod_kv}" - req = self.client.exec_query(query) - - if req.ok: - resp = req.json() - status = bool(resp["status"] == "success") - message = resp["status"] - else: - status = False - message = req.text or req.reason - return status, message - - def search_entries(self, key, filter_="", attrs=None, **kwargs): - bucket = kwargs.get("bucket") - req = self.client.exec_query( - f"SELECT META().id, {bucket}.* FROM {bucket} {filter_}" # nosec: B608 - ) - if not req.ok: - return [] - - entries = [] - for item in req.json()["results"]: - id_ = item.pop("id") - entries.append(Entry(id_, item)) - return entries - - BACKEND_CLASSES = { "sql": SQLBackend, - "couchbase": CouchbaseBackend, } @@ -234,43 +167,27 @@ def invoke(self): self.update_lock_client_scopes() def update_lock_dynamic_config(self): - kwargs = {} - id_ = "ou=jans-lock,ou=configuration,o=jans" - - if self.backend.type == "sql": - kwargs = {"table_name": "jansAppConf"} - id_ = doc_id_from_dn(id_) - elif self.backend.type == "couchbase": - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - id_ = id_from_dn(id_) + kwargs = {"table_name": "jansAppConf"} + id_ = doc_id_from_dn("ou=jans-lock,ou=configuration,o=jans") entry = self.backend.get_entry(id_, **kwargs) if not entry: return - if self.backend.type != "couchbase": - with contextlib.suppress(json.decoder.JSONDecodeError): - entry.attrs["jansConfDyn"] = json.loads(entry.attrs["jansConfDyn"]) + with contextlib.suppress(json.decoder.JSONDecodeError): + entry.attrs["jansConfDyn"] = json.loads(entry.attrs["jansConfDyn"]) conf, should_update = _transform_lock_dynamic_config(entry.attrs["jansConfDyn"], self.manager) if should_update: - if self.backend.type != "couchbase": - entry.attrs["jansConfDyn"] = json.dumps(conf) - + entry.attrs["jansConfDyn"] = json.dumps(conf) entry.attrs["jansRevision"] += 1 self.backend.modify_entry(entry.id, entry.attrs, **kwargs) def get_all_scopes(self): - if self.backend.type == "sql": - kwargs = {"table_name": "jansScope"} - entries = self.backend.search_entries(None, **kwargs) - else: # likely couchbase - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - entries = self.backend.search_entries( - None, filter_="WHERE objectClass = 'jansScope'", **kwargs - ) + kwargs = {"table_name": "jansScope"} + entries = self.backend.search_entries(None, **kwargs) return { entry.attrs["jansId"]: entry.attrs.get("dn") or entry.id @@ -278,16 +195,9 @@ def get_all_scopes(self): } def update_lock_client_scopes(self): - kwargs = {} + kwargs = {"table_name": "jansClnt"} client_id = self.manager.config.get("lock_client_id") - id_ = f"inum={client_id},ou=clients,o=jans" - - if self.backend.type == "sql": - kwargs = {"table_name": "jansClnt"} - id_ = doc_id_from_dn(id_) - else: # likely couchbase - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - id_ = id_from_dn(id_) + id_ = doc_id_from_dn(f"inum={client_id},ou=clients,o=jans") entry = self.backend.get_entry(id_, **kwargs) diff --git a/docker-jans-auth-server/templates/jans-auth/log4j2.xml b/docker-jans-auth-server/templates/jans-auth/log4j2.xml index 9c9c6ce0822..6f5882f6b47 100644 --- a/docker-jans-auth-server/templates/jans-auth/log4j2.xml +++ b/docker-jans-auth-server/templates/jans-auth/log4j2.xml @@ -100,16 +100,6 @@ - - -persistence - - - - - -persistence-duration - - - -persistence-duration diff --git a/docker-jans-auth-server/templates/jans-couchbase.properties b/docker-jans-auth-server/templates/jans-couchbase.properties deleted file mode 100644 index 5688c21b824..00000000000 --- a/docker-jans-auth-server/templates/jans-couchbase.properties +++ /dev/null @@ -1,68 +0,0 @@ -servers: %(hostname)s - -# Waits specified number of seconds until SDK bootstrap is complete and the desired ClusterState is observed -# Default waitUntilReady is -1 which means that it's turned off -connection.wait-until-ready-time: -1 - -# The connect timeout is used when a Bucket is opened. -# If you feel the urge to change this value to something higher, there is a good chance that your network is not properly set up. -# Connecting to the server should in practice not take longer than a second on a reasonably fast network. -# Default SDK connectTimeout is 10s -connection.connect-timeout: %(couchbase_conn_timeout)s - -# Enable/disable DNS SRV lookup for the bootstrap nodes -# Default dnsSrvEnabled is true -connection.dns.use-lookup: false - -# Key/value timeout -# Default SDK kvTimeout is 2500ms -connection.kv-timeout: 5000 - -# Query timeout -# Default SDK queryTimeout is 75s -connection.query-timeout: 75000 - -# Configures whether mutation tokens will be returned from the server for all mutation operations -# Default mutationTokensEnabled is true -# connection.mutation-tokens-enabled: false - -# At startup when connection error is occurred persistence layer can make another attempt to open buckets. -# Before make next try it pause process for 5 second. If after that total connection time is less than specified -# in property above new attempt will be executed -connection.connection-max-wait-time: %(couchbase_conn_max_wait)s - -# Default scan consistency. Possible values are: not_bounded, request_plus, statement_plus -connection.scan-consistency: %(couchbase_scan_consistency)s - -# Disable scan consistency in queries. Default value: false -# connection.ignore-attribute-scan-consistency: true - -# Try to execute query with scan consitency specified in connection.scan-consistency first. -# On failure execute query again with scan consistency specified in attributes defintions. Default value: true -# connection.attempt-without-attribute-scan-consistency: false - -# Enable scopes support. Default value: false -# connection.enable-scope-support: true - -# Disable mapping to short attribute names. Default value: false -# connection.disable-attribute-mapping: true - -auth.userName: %(couchbase_server_user)s -auth.userPassword: %(encoded_couchbase_server_pw)s - -buckets: %(couchbase_buckets)s - -bucket.default: %(default_bucket)s -%(couchbase_mappings)s - -password.encryption.method: %(encryption_method)s - -ssl.trustStore.enable: %(ssl_enabled)s -ssl.trustStore.file: %(couchbaseTrustStoreFn)s -ssl.trustStore.pin: %(encoded_couchbaseTrustStorePass)s -ssl.trustStore.type: pkcs12 - -tls.enable: false - -binaryAttributes=objectGUID -certificateAttributes=userCertificate diff --git a/docker-jans-casa/Dockerfile b/docker-jans-casa/Dockerfile index aa95ddf377e..2f0624bcbba 100644 --- a/docker-jans-casa/Dockerfile +++ b/docker-jans-casa/Dockerfile @@ -60,7 +60,7 @@ RUN mkdir -p /usr/share/java \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 +ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) @@ -163,18 +163,7 @@ ENV CN_SECRET_ADAPTER=vault \ # =============== ENV CN_PERSISTENCE_TYPE=sql \ - CN_HYBRID_MAPPING="{}" \ - CN_COUCHBASE_URL=localhost \ - CN_COUCHBASE_USER=admin \ - CN_COUCHBASE_CERT_FILE=/etc/certs/couchbase.crt \ - CN_COUCHBASE_PASSWORD_FILE=/etc/jans/conf/couchbase_password \ - CN_COUCHBASE_CONN_TIMEOUT=10000 \ - CN_COUCHBASE_CONN_MAX_WAIT=20000 \ - CN_COUCHBASE_SCAN_CONSISTENCY=not_bounded \ - CN_COUCHBASE_BUCKET_PREFIX=jans \ - CN_COUCHBASE_TRUSTSTORE_ENABLE=true \ - CN_COUCHBASE_KEEPALIVE_INTERVAL=30000 \ - CN_COUCHBASE_KEEPALIVE_TIMEOUT=2500 + CN_HYBRID_MAPPING="{}" # =========== # Generic ENV @@ -222,7 +211,7 @@ RUN mkdir -p /opt/jans/python/libs \ ${JETTY_BASE}/jans-casa/static \ ${JETTY_BASE}/jans-casa/plugins \ ${JETTY_BASE}/jans-casa/logs \ - ${JETTY_BASE}/common/libs/couchbase \ + ${JETTY_BASE}/common/libs \ ${JETTY_HOME}/temp \ /etc/jans/conf/casa \ /etc/certs diff --git a/docker-jans-casa/README.md b/docker-jans-casa/README.md index 365c5b32c42..e3aed5e1b82 100644 --- a/docker-jans-casa/README.md +++ b/docker-jans-casa/README.md @@ -41,18 +41,8 @@ The following environment variables are supported by the container: - `CN_WAIT_MAX_TIME`: How long the startup "health checks" should run (default to `300` seconds). - `CN_WAIT_SLEEP_DURATION`: Delay between startup "health checks" (default to `10` seconds). - `CN_MAX_RAM_PERCENTAGE`: Value passed to Java option `-XX:MaxRAMPercentage`. -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql` or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. -- `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`); required if `CN_PERSISTENCE_TYPE` is set to `couchbase` or `hybrid`. -- `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`); required if `CN_PERSISTENCE_TYPE` is set to `couchbase` or `hybrid`. -- `CN_COUCHBASE_CERT_FILE`: Couchbase root certificate location (default to `/etc/certs/couchbase.crt`); required if `CN_PERSISTENCE_TYPE` is set to `couchbase` or `hybrid`. -- `CN_COUCHBASE_CONN_TIMEOUT`: Connect timeout used when a bucket is opened (default to `10000` milliseconds). -- `CN_COUCHBASE_CONN_MAX_WAIT`: Maximum time to wait before retrying connection (default to `20000` milliseconds). -- `CN_COUCHBASE_SCAN_CONSISTENCY`: Default scan consistency; one of `not_bounded`, `request_plus`, or `statement_plus` (default to `not_bounded`). -- `CN_COUCHBASE_BUCKET_PREFIX`: Prefix for Couchbase buckets (default to `jans`). -- `CN_COUCHBASE_TRUSTSTORE_ENABLE`: Enable truststore for encrypted Couchbase connection (default to `true`). -- `CN_COUCHBASE_KEEPALIVE_INTERVAL`: Keep-alive interval for Couchbase connection (default to `30000` milliseconds). -- `CN_COUCHBASE_KEEPALIVE_TIMEOUT`: Keep-alive timeout for Couchbase connection (default to `2500` milliseconds). - `CN_JAVA_OPTIONS`: Java options passed to entrypoint, i.e. `-Xmx1024m` (default to empty-string). - `CN_DOCUMENT_STORE_TYPE`: Document store type (one of `LOCAL` or `DB`; default to `DB`). - `CN_JACKRABBIT_URL`: URL to remote repository (default to `http://localhost:8080`). @@ -131,12 +121,12 @@ Hybrid persistence supports all available persistence types. To configure hybrid ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -148,7 +138,7 @@ Hybrid persistence supports all available persistence types. To configure hybrid "user": "sql", "site": "sql", "cache": "sql", - "token": "couchbase", + "token": "sql", "session": "sql", } ``` diff --git a/docker-jans-casa/scripts/bootstrap.py b/docker-jans-casa/scripts/bootstrap.py index e579bc22026..281fedc8d1f 100644 --- a/docker-jans-casa/scripts/bootstrap.py +++ b/docker-jans-casa/scripts/bootstrap.py @@ -9,12 +9,6 @@ from jans.pycloudlib import get_manager from jans.pycloudlib import wait_for_persistence -from jans.pycloudlib.persistence.couchbase import CouchbaseClient -from jans.pycloudlib.persistence.couchbase import id_from_dn -from jans.pycloudlib.persistence.couchbase import render_couchbase_properties -from jans.pycloudlib.persistence.couchbase import sync_couchbase_cert -from jans.pycloudlib.persistence.couchbase import sync_couchbase_password -from jans.pycloudlib.persistence.couchbase import sync_couchbase_truststore from jans.pycloudlib.persistence.hybrid import render_hybrid_properties from jans.pycloudlib.persistence.sql import doc_id_from_dn from jans.pycloudlib.persistence.sql import render_sql_properties @@ -127,18 +121,6 @@ def main(): if persistence_type == "hybrid": render_hybrid_properties("/etc/jans/conf/jans-hybrid.properties") - if "couchbase" in persistence_groups: - sync_couchbase_password(manager) - render_couchbase_properties( - manager, - "/app/templates/jans-couchbase.properties", - "/etc/jans/conf/jans-couchbase.properties", - ) - - if as_boolean(os.environ.get("CN_COUCHBASE_TRUSTSTORE_ENABLE", "true")): - sync_couchbase_cert(manager) - sync_couchbase_truststore(manager) - if "sql" in persistence_groups: sync_sql_password(manager) db_dialect = os.environ.get("CN_SQL_DB_DIALECT", "mysql") @@ -189,7 +171,6 @@ def __init__(self, manager): self.manager = manager client_classes = { - "couchbase": CouchbaseClient, "sql": SqlClient, } @@ -253,22 +234,7 @@ def ldif_files(self): def _deprecated_script_exists(self): # deprecated Casa script DN id_ = "inum=BABA-CACA,ou=scripts,o=jans" - - # sql - if self.persistence_type == "sql": - return bool(self.client.get("jansCustomScr", doc_id_from_dn(id_))) - - # likely couchbase - bucket = os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans") - key = id_from_dn(id_) - req = self.client.exec_query( - f"SELECT META().id, {bucket}.* FROM {bucket} USE KEYS '{key}'" - ) - try: - entry = req.json()["results"][0] - return bool(entry["id"]) - except IndexError: - return False + return bool(self.client.get("jansCustomScr", doc_id_from_dn(id_))) def import_ldif_files(self): for file_ in self.ldif_files: diff --git a/docker-jans-casa/scripts/mod_context.py b/docker-jans-casa/scripts/mod_context.py index f5f43000080..36bfa00ab5a 100644 --- a/docker-jans-casa/scripts/mod_context.py +++ b/docker-jans-casa/scripts/mod_context.py @@ -87,13 +87,6 @@ def modify_app_xml(app_name): mapper = PersistenceMapper() persistence_groups = mapper.groups().keys() - for persistence_type in ["couchbase"]: - if persistence_type not in persistence_groups: - continue - - extract_common_libs(persistence_type) - custom_libs += get_registered_common_libs(app_name, persistence_type) - # render custom xml fn = f"/opt/jans/jetty/{app_name}/webapps/{app_name}.xml" diff --git a/docker-jans-casa/scripts/upgrade.py b/docker-jans-casa/scripts/upgrade.py index 65fb6dcd672..c2dbd1650d7 100644 --- a/docker-jans-casa/scripts/upgrade.py +++ b/docker-jans-casa/scripts/upgrade.py @@ -7,8 +7,6 @@ from urllib.parse import urlunparse from jans.pycloudlib import get_manager -from jans.pycloudlib.persistence.couchbase import CouchbaseClient -from jans.pycloudlib.persistence.couchbase import id_from_dn from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.sql import doc_id_from_dn from jans.pycloudlib.persistence.utils import PersistenceMapper @@ -52,63 +50,9 @@ def delete_entry(self, key, **kwargs): return self.client.delete(table_name, key) -class CouchbaseBackend: - def __init__(self, manager): - self.manager = manager - self.client = CouchbaseClient(manager) - self.type = "couchbase" - - def get_entry(self, key, filter_="", attrs=None, **kwargs): - bucket = kwargs.get("bucket") - req = self.client.exec_query( - f"SELECT META().id, {bucket}.* FROM {bucket} USE KEYS '{key}'" - ) - if not req.ok: - return None - - try: - _attrs = req.json()["results"][0] - id_ = _attrs.pop("id") - entry = Entry(id_, _attrs) - except IndexError: - entry = None - return entry - - def modify_entry(self, key, attrs=None, **kwargs): - bucket = kwargs.get("bucket") - del_flag = kwargs.get("delete_attr", False) - attrs = attrs or {} - - if del_flag: - kv = ",".join(attrs.keys()) - mod_kv = f"UNSET {kv}" - else: - kv = ",".join([ - "{}={}".format(k, json.dumps(v)) - for k, v in attrs.items() - ]) - mod_kv = f"SET {kv}" - - query = f"UPDATE {bucket} USE KEYS '{key}' {mod_kv}" - req = self.client.exec_query(query) - - if req.ok: - resp = req.json() - status = bool(resp["status"] == "success") - message = resp["status"] - else: - status = False - message = req.text or req.reason - return status, message - - def delete_entry(self, key, **kwargs): - bucket = kwargs.get("bucket") - return self.client.delete(bucket, key) - BACKEND_CLASSES = { "sql": SQLBackend, - "couchbase": CouchbaseBackend, } @@ -130,16 +74,9 @@ def invoke(self): self.update_agama_deployment() def update_client_scopes(self): - kwargs = {} + kwargs = {"table_name": "jansClnt"} client_id = self.manager.config.get("casa_client_id") - id_ = f"inum={client_id},ou=clients,o=jans" - - if self.backend.type == "sql": - kwargs = {"table_name": "jansClnt"} - id_ = doc_id_from_dn(id_) - elif self.backend.type == "couchbase": - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - id_ = id_from_dn(id_) + id_ = doc_id_from_dn(f"inum={client_id},ou=clients,o=jans") entry = self.backend.get_entry(id_, **kwargs) @@ -170,15 +107,8 @@ def update_client_scopes(self): self.backend.modify_entry(entry.id, entry.attrs, **kwargs) def update_conf_app(self): - kwargs = {} - id_ = "ou=casa,ou=configuration,o=jans" - - if self.backend.type == "sql": - kwargs = {"table_name": "jansAppConf"} - id_ = doc_id_from_dn(id_) - elif self.backend.type == "couchbase": - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - id_ = id_from_dn(id_) + kwargs = {"table_name": "jansAppConf"} + id_ = doc_id_from_dn("ou=casa,ou=configuration,o=jans") entry = self.backend.get_entry(id_, **kwargs) @@ -187,9 +117,8 @@ def update_conf_app(self): should_update = False - if self.backend.type != "couchbase": - with suppress(json.decoder.JSONDecodeError): - entry.attrs["jansConfApp"] = json.loads(entry.attrs["jansConfApp"]) + with suppress(json.decoder.JSONDecodeError): + entry.attrs["jansConfApp"] = json.loads(entry.attrs["jansConfApp"]) for key in ["authz_redirect_uri", "post_logout_uri", "frontchannel_logout_uri"]: parsed_url = urlparse(entry.attrs["jansConfApp"]["oidc_config"][key]) @@ -206,21 +135,13 @@ def update_conf_app(self): should_update = True if should_update: - if self.backend.type != "couchbase": - entry.attrs["jansConfApp"] = json.dumps(entry.attrs["jansConfApp"]) + entry.attrs["jansConfApp"] = json.dumps(entry.attrs["jansConfApp"]) self.backend.modify_entry(entry.id, entry.attrs, **kwargs) def update_client_uris(self): - kwargs = {} + kwargs = {"table_name": "jansClnt"} client_id = self.manager.config.get("casa_client_id") - id_ = f"inum={client_id},ou=clients,o=jans" - - if self.backend.type == "sql": - kwargs = {"table_name": "jansClnt"} - id_ = doc_id_from_dn(id_) - elif self.backend.type == "couchbase": - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - id_ = id_from_dn(id_) + id_ = doc_id_from_dn(f"inum={client_id},ou=clients,o=jans") entry = self.backend.get_entry(id_, **kwargs) @@ -257,15 +178,8 @@ def update_client_uris(self): self.backend.modify_entry(entry.id, entry.attrs, **kwargs) def update_agama_script(self): - kwargs = {} - agama_id = "inum=BADA-BADA,ou=scripts,o=jans" - - if self.backend.type == "sql": - kwargs = {"table_name": "jansCustomScr"} - agama_id = doc_id_from_dn(agama_id) - elif self.backend.type == "couchbase": - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - agama_id = id_from_dn(agama_id) + kwargs = {"table_name": "jansCustomScr"} + agama_id = doc_id_from_dn("inum=BADA-BADA,ou=scripts,o=jans") # enable agama script entry = self.backend.get_entry(agama_id, **kwargs) @@ -277,14 +191,8 @@ def update_agama_script(self): def update_agama_deployment(self): casa_agama_deployment_id = CASA_AGAMA_DEPLOYMENT_ID - deploy_id = f"jansId={casa_agama_deployment_id},ou=deployments,ou=agama,o=jans" - - if self.backend.type == "sql": - kwargs = {"table_name": "adsPrjDeployment"} - deploy_id = doc_id_from_dn(deploy_id) - else: # likely couchbase - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - deploy_id = id_from_dn(deploy_id) + deploy_id = doc_id_from_dn(f"jansId={casa_agama_deployment_id},ou=deployments,ou=agama,o=jans") + kwargs = {"table_name": "adsPrjDeployment"} entry = self.backend.get_entry(deploy_id, **kwargs) proj_archive = CASA_AGAMA_ARCHIVE @@ -299,13 +207,8 @@ def update_agama_deployment(self): entry.attrs["jansActive"] = False start_date = utcnow() - if self.backend.type == "sql": - entry.attrs["jansStartDate"] = start_date - entry.attrs["jansEndDate"] = None - else: # likely couchbase - entry.attrs["jansStartDate"] = start_date.strftime("%Y-%m-%dT%H:%M:%SZ") - entry.attrs["jansEndDate"] = "" - entry.attrs["adsPrjDeplDetails"] = {"projectMetadata": {"projectName": "casa"}} + entry.attrs["jansStartDate"] = start_date + entry.attrs["jansEndDate"] = None if self.backend.modify_entry(entry.id, entry.attrs, **kwargs): self.manager.config.set("casa_agama_md5sum", assets_md5) diff --git a/docker-jans-casa/templates/jans-couchbase.properties b/docker-jans-casa/templates/jans-couchbase.properties deleted file mode 100644 index 5688c21b824..00000000000 --- a/docker-jans-casa/templates/jans-couchbase.properties +++ /dev/null @@ -1,68 +0,0 @@ -servers: %(hostname)s - -# Waits specified number of seconds until SDK bootstrap is complete and the desired ClusterState is observed -# Default waitUntilReady is -1 which means that it's turned off -connection.wait-until-ready-time: -1 - -# The connect timeout is used when a Bucket is opened. -# If you feel the urge to change this value to something higher, there is a good chance that your network is not properly set up. -# Connecting to the server should in practice not take longer than a second on a reasonably fast network. -# Default SDK connectTimeout is 10s -connection.connect-timeout: %(couchbase_conn_timeout)s - -# Enable/disable DNS SRV lookup for the bootstrap nodes -# Default dnsSrvEnabled is true -connection.dns.use-lookup: false - -# Key/value timeout -# Default SDK kvTimeout is 2500ms -connection.kv-timeout: 5000 - -# Query timeout -# Default SDK queryTimeout is 75s -connection.query-timeout: 75000 - -# Configures whether mutation tokens will be returned from the server for all mutation operations -# Default mutationTokensEnabled is true -# connection.mutation-tokens-enabled: false - -# At startup when connection error is occurred persistence layer can make another attempt to open buckets. -# Before make next try it pause process for 5 second. If after that total connection time is less than specified -# in property above new attempt will be executed -connection.connection-max-wait-time: %(couchbase_conn_max_wait)s - -# Default scan consistency. Possible values are: not_bounded, request_plus, statement_plus -connection.scan-consistency: %(couchbase_scan_consistency)s - -# Disable scan consistency in queries. Default value: false -# connection.ignore-attribute-scan-consistency: true - -# Try to execute query with scan consitency specified in connection.scan-consistency first. -# On failure execute query again with scan consistency specified in attributes defintions. Default value: true -# connection.attempt-without-attribute-scan-consistency: false - -# Enable scopes support. Default value: false -# connection.enable-scope-support: true - -# Disable mapping to short attribute names. Default value: false -# connection.disable-attribute-mapping: true - -auth.userName: %(couchbase_server_user)s -auth.userPassword: %(encoded_couchbase_server_pw)s - -buckets: %(couchbase_buckets)s - -bucket.default: %(default_bucket)s -%(couchbase_mappings)s - -password.encryption.method: %(encryption_method)s - -ssl.trustStore.enable: %(ssl_enabled)s -ssl.trustStore.file: %(couchbaseTrustStoreFn)s -ssl.trustStore.pin: %(encoded_couchbaseTrustStorePass)s -ssl.trustStore.type: pkcs12 - -tls.enable: false - -binaryAttributes=objectGUID -certificateAttributes=userCertificate diff --git a/docker-jans-certmanager/Dockerfile b/docker-jans-certmanager/Dockerfile index a7c8b69e1dc..aea1f274909 100644 --- a/docker-jans-certmanager/Dockerfile +++ b/docker-jans-certmanager/Dockerfile @@ -25,7 +25,7 @@ RUN wget -q ${CN_SOURCE_URL} -P /app/javalibs/ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 +ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 # note that as we're pulling from a monorepo (with multiple project in it) # we are using partial-clone and sparse-checkout to get the assets @@ -103,18 +103,7 @@ ENV CN_SECRET_ADAPTER=vault \ # =============== ENV CN_PERSISTENCE_TYPE=sql \ - CN_HYBRID_MAPPING="{}" \ - CN_COUCHBASE_URL=localhost \ - CN_COUCHBASE_USER=admin \ - CN_COUCHBASE_CERT_FILE=/etc/certs/couchbase.crt \ - CN_COUCHBASE_PASSWORD_FILE=/etc/jans/conf/couchbase_password \ - CN_COUCHBASE_CONN_TIMEOUT=10000 \ - CN_COUCHBASE_CONN_MAX_WAIT=20000 \ - CN_COUCHBASE_SCAN_CONSISTENCY=not_bounded \ - CN_COUCHBASE_BUCKET_PREFIX=jans \ - CN_COUCHBASE_TRUSTSTORE_ENABLE=true \ - CN_COUCHBASE_KEEPALIVE_INTERVAL=30000 \ - CN_COUCHBASE_KEEPALIVE_TIMEOUT=2500 + CN_HYBRID_MAPPING="{}" # =========== # Generic ENV diff --git a/docker-jans-certmanager/README.md b/docker-jans-certmanager/README.md index f146ee0ead7..0ecfb4eadca 100644 --- a/docker-jans-certmanager/README.md +++ b/docker-jans-certmanager/README.md @@ -50,19 +50,8 @@ The following environment variables are supported by the container: - `CN_SECRET_GOOGLE_SECRET_VERSION_ID`: Google Secret Manager version ID (default to `latest`). - `CN_SECRET_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Google Secret Manager name (default to `jans`). - `CN_SECRET_GOOGLE_SECRET_MANAGER_PASSPHRASE`: Passphrase for Google Secret Manager (default to `secret`). -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql` or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. -- `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`). -- `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`). -- `CN_COUCHBASE_CERT_FILE`: Couchbase root certificate location (default to `/etc/certs/couchbase.crt`). -- `CN_COUCHBASE_PASSWORD_FILE`: Path to file contains Couchbase password (default to `/etc/jans/conf/couchbase_password`). -- `CN_COUCHBASE_CONN_TIMEOUT`: Connect timeout used when a bucket is opened (default to `10000` milliseconds). -- `CN_COUCHBASE_CONN_MAX_WAIT`: Maximum time to wait before retrying connection (default to `20000` milliseconds). -- `CN_COUCHBASE_SCAN_CONSISTENCY`: Default scan consistency; one of `not_bounded`, `request_plus`, or `statement_plus` (default to `not_bounded`). -- `CN_COUCHBASE_BUCKET_PREFIX`: Prefix for Couchbase buckets (default to `jans`). -- `CN_COUCHBASE_TRUSTSTORE_ENABLE`: Enable truststore for encrypted Couchbase connection (default to `true`). -- `CN_COUCHBASE_KEEPALIVE_INTERVAL`: Keep-alive interval for Couchbase connection (default to `30000` milliseconds). -- `CN_COUCHBASE_KEEPALIVE_TIMEOUT`: Keep-alive timeout for Couchbase connection (default to `2500` milliseconds). - `CN_CONTAINER_METADATA`: The name of scheduler to pull container metadata (one of `docker` or `kubernetes`; default to `docker`). - `GOOGLE_APPLICATION_CREDENTIALS`: Optional JSON file (contains Google credentials) that can be injected into container for authentication. Refer to https://cloud.google.com/docs/authentication/provide-credentials-adc#how-to for supported credentials. - `GOOGLE_PROJECT_ID`: ID of Google project. @@ -222,12 +211,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -239,7 +228,7 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c "user": "sql", "site": "sql", "cache": "sql", - "token": "couchbase", + "token": "sql", "session": "sql", } ``` diff --git a/docker-jans-certmanager/scripts/auth_handler.py b/docker-jans-certmanager/scripts/auth_handler.py index f528a29a659..d674205cfb1 100644 --- a/docker-jans-certmanager/scripts/auth_handler.py +++ b/docker-jans-certmanager/scripts/auth_handler.py @@ -6,7 +6,6 @@ from collections import Counter from collections import deque -from jans.pycloudlib.persistence.couchbase import CouchbaseClient from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.utils import PersistenceMapper from jans.pycloudlib.utils import encode_text @@ -73,45 +72,6 @@ def modify_auth_config(self, id_, rev, conf_dynamic, conf_webkeys): raise NotImplementedError -class CouchbasePersistence(BasePersistence): - def __init__(self, manager): - self.client = CouchbaseClient(manager) - - def get_auth_config(self): - bucket = os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans") - req = self.client.exec_query( - "SELECT jansRevision, jansConfDyn, jansConfWebKeys " # nosec: B608 - f"FROM `{bucket}` " - "USE KEYS 'configuration_jans-auth'", - ) - if not req.ok: - return {} - - config = req.json()["results"][0] - - if not config: - return {} - - config.update({"id": "configuration_jans-auth"}) - return config - - def modify_auth_config(self, id_, rev, conf_dynamic, conf_webkeys): - conf_dynamic = json.dumps(conf_dynamic) - conf_webkeys = json.dumps(conf_webkeys) - bucket = os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans") - - req = self.client.exec_query( - f"UPDATE `{bucket}` USE KEYS '{id_}' " - f"SET jansRevision={rev}, jansConfDyn={conf_dynamic}, " - f"jansConfWebKeys={conf_webkeys} " - "RETURNING jansRevision" - ) - - if not req.ok: - return False - return True - - class SqlPersistence(BasePersistence): def __init__(self, manager): self.client = SqlClient(manager) @@ -138,7 +98,6 @@ def modify_auth_config(self, id_, rev, conf_dynamic, conf_webkeys): _backend_classes = { - "couchbase": CouchbasePersistence, "sql": SqlPersistence, } diff --git a/docker-jans-certmanager/scripts/bootstrap.py b/docker-jans-certmanager/scripts/bootstrap.py index 79da39f5ae4..b52627406ad 100644 --- a/docker-jans-certmanager/scripts/bootstrap.py +++ b/docker-jans-certmanager/scripts/bootstrap.py @@ -5,7 +5,6 @@ import click from jans.pycloudlib import get_manager -from jans.pycloudlib.persistence.couchbase import sync_couchbase_password from jans.pycloudlib.persistence.sql import sync_sql_password from jans.pycloudlib.persistence.utils import PersistenceMapper @@ -72,8 +71,6 @@ def patch(service, dry_run, opts): match backend_type: case "sql": sync_sql_password(manager) - case "couchbase": - sync_couchbase_password(manager) logger.info(f"Processing updates for service {service}") parsed_opts = _parse_opts(opts) @@ -106,8 +103,6 @@ def prune(service, dry_run, opts): match backend_type: case "sql": sync_sql_password(manager) - case "couchbase": - sync_couchbase_password(manager) logger.info(f"Processing updates for service {service}") parsed_opts = _parse_opts(opts) diff --git a/docker-jans-config-api/Dockerfile b/docker-jans-config-api/Dockerfile index e5d5b199723..32e77ef85de 100644 --- a/docker-jans-config-api/Dockerfile +++ b/docker-jans-config-api/Dockerfile @@ -70,7 +70,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-config-api/_plugins \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 +ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup ARG JANS_CONFIG_API_RESOURCES=jans-config-api/server/src/main/resources @@ -184,18 +184,7 @@ ENV CN_SECRET_ADAPTER=vault \ # =============== ENV CN_PERSISTENCE_TYPE=sql \ - CN_HYBRID_MAPPING="{}" \ - CN_COUCHBASE_URL=localhost \ - CN_COUCHBASE_USER=admin \ - CN_COUCHBASE_CERT_FILE=/etc/certs/couchbase.crt \ - CN_COUCHBASE_PASSWORD_FILE=/etc/jans/conf/couchbase_password \ - CN_COUCHBASE_CONN_TIMEOUT=10000 \ - CN_COUCHBASE_CONN_MAX_WAIT=20000 \ - CN_COUCHBASE_SCAN_CONSISTENCY=not_bounded \ - CN_COUCHBASE_BUCKET_PREFIX=jans \ - CN_COUCHBASE_TRUSTSTORE_ENABLE=true \ - CN_COUCHBASE_KEEPALIVE_INTERVAL=30000 \ - CN_COUCHBASE_KEEPALIVE_TIMEOUT=2500 + CN_HYBRID_MAPPING="{}" # =========== # Generic ENV @@ -236,7 +225,7 @@ RUN mkdir -p /etc/certs \ ${JETTY_BASE}/jans-config-api/custom/libs \ ${JETTY_BASE}/jans-config-api/custom/config \ ${JETTY_BASE}/jans-config-api/logs \ - ${JETTY_BASE}/common/libs/couchbase \ + ${JETTY_BASE}/common/libs \ ${JETTY_HOME}/temp \ /usr/share/java \ /var/log/adminui diff --git a/docker-jans-config-api/README.md b/docker-jans-config-api/README.md index 478e66f123b..66e4f1a25f2 100644 --- a/docker-jans-config-api/README.md +++ b/docker-jans-config-api/README.md @@ -49,19 +49,8 @@ The following environment variables are supported by the container: - `CN_WAIT_MAX_TIME`: How long the startup "health checks" should run (default to `300` seconds). - `CN_WAIT_SLEEP_DURATION`: Delay between startup "health checks" (default to `10` seconds). - `CN_MAX_RAM_PERCENTAGE`: Value passed to Java option `-XX:MaxRAMPercentage`. -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `couchbase`, `sql`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql` or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. -- `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`). -- `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`). -- `CN_COUCHBASE_CERT_FILE`: Couchbase root certificate location (default to `/etc/certs/couchbase.crt`). -- `CN_COUCHBASE_PASSWORD_FILE`: Path to file contains Couchbase password (default to `/etc/jans/conf/couchbase_password`). -- `CN_COUCHBASE_CONN_TIMEOUT`: Connect timeout used when a bucket is opened (default to `10000` milliseconds). -- `CN_COUCHBASE_CONN_MAX_WAIT`: Maximum time to wait before retrying connection (default to `20000` milliseconds). -- `CN_COUCHBASE_SCAN_CONSISTENCY`: Default scan consistency; one of `not_bounded`, `request_plus`, or `statement_plus` (default to `not_bounded`). -- `CN_COUCHBASE_BUCKET_PREFIX`: Prefix for Couchbase buckets (default to `jans`). -- `CN_COUCHBASE_TRUSTSTORE_ENABLE`: Enable truststore for encrypted Couchbase connection (default to `true`). -- `CN_COUCHBASE_KEEPALIVE_INTERVAL`: Keep-alive interval for Couchbase connection (default to `30000` milliseconds). -- `CN_COUCHBASE_KEEPALIVE_TIMEOUT`: Keep-alive timeout for Couchbase connection (default to `2500` milliseconds). - `CN_CONFIG_API_JAVA_OPTIONS`: Java options passed to entrypoint, i.e. `-Xmx1024m` (default to empty-string). - `CN_CONFIG_API_LOG_LEVEL`: Log level for config api. Options include `OFF`, `FATAL`, `ERROR`, `WARN`, `INFO`, `DEBUG`, `TRACE`. and `ALL`. This defaults to `INFO` - `CN_AUTH_SERVER_URL`: Base URL of Janssen Auth server, i.e. `auth-server:8080` (default to empty string). @@ -178,12 +167,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -195,7 +184,7 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c "user": "sql", "site": "sql", "cache": "sql", - "token": "couchbase", + "token": "sql", "session": "sql", } ``` diff --git a/docker-jans-config-api/scripts/bootstrap.py b/docker-jans-config-api/scripts/bootstrap.py index c65269db530..6cb8cf82e88 100644 --- a/docker-jans-config-api/scripts/bootstrap.py +++ b/docker-jans-config-api/scripts/bootstrap.py @@ -11,12 +11,6 @@ from jans.pycloudlib import get_manager from jans.pycloudlib import wait_for_persistence -from jans.pycloudlib.persistence.couchbase import CouchbaseClient -from jans.pycloudlib.persistence.couchbase import id_from_dn -from jans.pycloudlib.persistence.couchbase import render_couchbase_properties -from jans.pycloudlib.persistence.couchbase import sync_couchbase_cert -from jans.pycloudlib.persistence.couchbase import sync_couchbase_password -from jans.pycloudlib.persistence.couchbase import sync_couchbase_truststore from jans.pycloudlib.persistence.hybrid import render_hybrid_properties from jans.pycloudlib.persistence.sql import doc_id_from_dn from jans.pycloudlib.persistence.sql import SqlClient @@ -57,18 +51,6 @@ def main(): if not os.path.exists(hybrid_prop): render_hybrid_properties(hybrid_prop) - if "couchbase" in persistence_groups: - sync_couchbase_password(manager) - render_couchbase_properties( - manager, - "/app/templates/jans-couchbase.properties", - "/etc/jans/conf/jans-couchbase.properties", - ) - - if as_boolean(os.environ.get("CN_COUCHBASE_TRUSTSTORE_ENABLE", "true")): - sync_couchbase_cert(manager) - sync_couchbase_truststore(manager) - if "sql" in persistence_groups: sync_sql_password(manager) db_dialect = os.environ.get("CN_SQL_DB_DIALECT", "mysql") @@ -281,7 +263,6 @@ def __init__(self, manager) -> None: self.manager = manager client_classes = { - "couchbase": CouchbaseClient, "sql": SqlClient, } @@ -295,20 +276,8 @@ def __init__(self, manager) -> None: def get_auth_config(self): dn = "ou=jans-auth,ou=configuration,o=jans" - - # sql - if self.persistence_type == "sql": - entry = self.client.get("jansAppConf", doc_id_from_dn(dn)) - return json.loads(entry["jansConfDyn"]) - - # likely couchbase - key = id_from_dn(dn) - bucket = os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans") - req = self.client.exec_query( - f"SELECT META().id, {bucket}.* FROM {bucket} USE KEYS '{key}'" # nosec: 608 - ) - attrs = req.json()["results"][0] - return attrs["jansConfDyn"] + entry = self.client.get("jansAppConf", doc_id_from_dn(dn)) + return json.loads(entry["jansConfDyn"]) def transform_url(self, url): auth_server_url = os.environ.get("CN_AUTH_SERVER_URL", "") diff --git a/docker-jans-config-api/scripts/mod_context.py b/docker-jans-config-api/scripts/mod_context.py index 5903ea5fa12..0e1a2c50230 100644 --- a/docker-jans-config-api/scripts/mod_context.py +++ b/docker-jans-config-api/scripts/mod_context.py @@ -87,13 +87,6 @@ def modify_app_xml(app_name): mapper = PersistenceMapper() persistence_groups = mapper.groups().keys() - for persistence_type in ["couchbase"]: - if persistence_type not in persistence_groups: - continue - - extract_common_libs(persistence_type) - custom_libs += get_registered_common_libs(app_name, persistence_type) - # render custom xml fn = f"/opt/jans/jetty/{app_name}/webapps/{app_name}.xml" diff --git a/docker-jans-config-api/scripts/upgrade.py b/docker-jans-config-api/scripts/upgrade.py index 9071f7cdb86..57f45552d12 100644 --- a/docker-jans-config-api/scripts/upgrade.py +++ b/docker-jans-config-api/scripts/upgrade.py @@ -5,11 +5,9 @@ from collections import namedtuple from jans.pycloudlib import get_manager -from jans.pycloudlib.persistence.couchbase import CouchbaseClient from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.utils import PersistenceMapper from jans.pycloudlib.persistence.sql import doc_id_from_dn -from jans.pycloudlib.persistence.couchbase import id_from_dn from settings import LOGGING_CONFIG from utils import get_config_api_scope_mapping @@ -215,73 +213,8 @@ def search_entries(self, key, filter_="", attrs=None, **kwargs): ] -class CouchbaseBackend: - def __init__(self, manager): - self.manager = manager - self.client = CouchbaseClient(manager) - self.type = "couchbase" - - def get_entry(self, key, filter_="", attrs=None, **kwargs): - bucket = kwargs.get("bucket") - req = self.client.exec_query( - f"SELECT META().id, {bucket}.* FROM {bucket} USE KEYS '{key}'" # nosec: B608 - ) - if not req.ok: - return None - - try: - _attrs = req.json()["results"][0] - id_ = _attrs.pop("id") - entry = Entry(id_, _attrs) - except IndexError: - entry = None - return entry - - def modify_entry(self, key, attrs=None, **kwargs): - bucket = kwargs.get("bucket") - del_flag = kwargs.get("delete_attr", False) - attrs = attrs or {} - - if del_flag: - kv = ",".join(attrs.keys()) - mod_kv = f"UNSET {kv}" - else: - kv = ",".join([ - "{}={}".format(k, json.dumps(v)) - for k, v in attrs.items() - ]) - mod_kv = f"SET {kv}" - - query = f"UPDATE {bucket} USE KEYS '{key}' {mod_kv}" - req = self.client.exec_query(query) - - if req.ok: - resp = req.json() - status = bool(resp["status"] == "success") - message = resp["status"] - else: - status = False - message = req.text or req.reason - return status, message - - def search_entries(self, key, filter_="", attrs=None, **kwargs): - bucket = kwargs.get("bucket") - req = self.client.exec_query( - f"SELECT META().id, {bucket}.* FROM {bucket} {filter_}" # nosec: B608 - ) - if not req.ok: - return [] - - entries = [] - for item in req.json()["results"]: - id_ = item.pop("id") - entries.append(Entry(id_, item)) - return entries - - BACKEND_CLASSES = { "sql": SQLBackend, - "couchbase": CouchbaseBackend, } @@ -307,16 +240,9 @@ def invoke(self): self.update_scope_creator_attrs() def update_client_redirect_uri(self): - kwargs = {} + kwargs = {"table_name": "jansClnt"} jca_client_id = self.manager.config.get("jca_client_id") - id_ = f"inum={jca_client_id},ou=clients,o=jans" - - if self.backend.type == "sql": - kwargs = {"table_name": "jansClnt"} - id_ = doc_id_from_dn(id_) - elif self.backend.type == "couchbase": - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - id_ = id_from_dn(id_) + id_ = doc_id_from_dn(f"inum={jca_client_id},ou=clients,o=jans") entry = self.backend.get_entry(id_, **kwargs) @@ -331,7 +257,6 @@ def update_client_redirect_uri(self): entry.attrs["jansRedirectURI"]["v"].append(f"https://{hostname}/admin") should_update = True else: - # likely couchbase if f"https://{hostname}/admin" not in entry.attrs["jansRedirectURI"]: entry.attrs["jansRedirectURI"].append(f"https://{hostname}/admin") should_update = True @@ -340,45 +265,28 @@ def update_client_redirect_uri(self): self.backend.modify_entry(entry.id, entry.attrs, **kwargs) def update_api_dynamic_config(self): - kwargs = {} - id_ = "ou=jans-config-api,ou=configuration,o=jans" - - if self.backend.type == "sql": - kwargs = {"table_name": "jansAppConf"} - id_ = doc_id_from_dn(id_) - elif self.backend.type == "couchbase": - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - id_ = id_from_dn(id_) + kwargs = {"table_name": "jansAppConf"} + id_ = doc_id_from_dn("ou=jans-config-api,ou=configuration,o=jans") entry = self.backend.get_entry(id_, **kwargs) if not entry: return - if self.backend.type != "couchbase": - with contextlib.suppress(json.decoder.JSONDecodeError): - entry.attrs["jansConfDyn"] = json.loads(entry.attrs["jansConfDyn"]) + with contextlib.suppress(json.decoder.JSONDecodeError): + entry.attrs["jansConfDyn"] = json.loads(entry.attrs["jansConfDyn"]) conf, should_update = _transform_api_dynamic_config(entry.attrs["jansConfDyn"]) if should_update: - if self.backend.type != "couchbase": - entry.attrs["jansConfDyn"] = json.dumps(conf) - + entry.attrs["jansConfDyn"] = json.dumps(conf) entry.attrs["jansRevision"] += 1 self.backend.modify_entry(entry.id, entry.attrs, **kwargs) def update_client_scopes(self): - kwargs = {} + kwargs = {"table_name": "jansClnt"} client_id = self.manager.config.get("jca_client_id") - id_ = f"inum={client_id},ou=clients,o=jans" - - if self.backend.type == "sql": - kwargs = {"table_name": "jansClnt"} - id_ = doc_id_from_dn(id_) - elif self.backend.type == "couchbase": - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - id_ = id_from_dn(id_) + id_ = doc_id_from_dn(f"inum={client_id},ou=clients,o=jans") entry = self.backend.get_entry(id_, **kwargs) @@ -407,15 +315,8 @@ def update_client_scopes(self): def update_test_client_scopes(self): test_client_id = self.manager.config.get("test_client_id") - id_ = f"inum={test_client_id},ou=clients,o=jans" - kwargs = {} - - if self.backend.type == "sql": - id_ = doc_id_from_dn(id_) - kwargs = {"table_name": "jansClnt"} - elif self.backend.type == "couchbase": - id_ = id_from_dn(id_) - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} + id_ = doc_id_from_dn(f"inum={test_client_id},ou=clients,o=jans") + kwargs = {"table_name": "jansClnt"} entry = self.backend.get_entry(id_, **kwargs) @@ -435,12 +336,6 @@ def update_test_client_scopes(self): scope_entry.attrs["dn"] for scope_entry in self.backend.search_entries("", **{"table_name": "jansScope"}) ] - elif self.backend.type == "couchbase": - bucket = os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans") - scopes = [ - scope_entry.attrs["dn"] - for scope_entry in self.backend.search_entries("", filter_="WHERE objectClass='jansScope'", **{"bucket": bucket}) - ] else: scopes = [ scope_entry.id diff --git a/docker-jans-config-api/templates/jans-config-api/log4j2.xml b/docker-jans-config-api/templates/jans-config-api/log4j2.xml index 144c904a6bc..86005c649e9 100644 --- a/docker-jans-config-api/templates/jans-config-api/log4j2.xml +++ b/docker-jans-config-api/templates/jans-config-api/log4j2.xml @@ -72,16 +72,6 @@ - - -persistence - - - - - -persistence-duration - - - -persistence-duration diff --git a/docker-jans-config-api/templates/jans-couchbase.properties b/docker-jans-config-api/templates/jans-couchbase.properties deleted file mode 100644 index 5688c21b824..00000000000 --- a/docker-jans-config-api/templates/jans-couchbase.properties +++ /dev/null @@ -1,68 +0,0 @@ -servers: %(hostname)s - -# Waits specified number of seconds until SDK bootstrap is complete and the desired ClusterState is observed -# Default waitUntilReady is -1 which means that it's turned off -connection.wait-until-ready-time: -1 - -# The connect timeout is used when a Bucket is opened. -# If you feel the urge to change this value to something higher, there is a good chance that your network is not properly set up. -# Connecting to the server should in practice not take longer than a second on a reasonably fast network. -# Default SDK connectTimeout is 10s -connection.connect-timeout: %(couchbase_conn_timeout)s - -# Enable/disable DNS SRV lookup for the bootstrap nodes -# Default dnsSrvEnabled is true -connection.dns.use-lookup: false - -# Key/value timeout -# Default SDK kvTimeout is 2500ms -connection.kv-timeout: 5000 - -# Query timeout -# Default SDK queryTimeout is 75s -connection.query-timeout: 75000 - -# Configures whether mutation tokens will be returned from the server for all mutation operations -# Default mutationTokensEnabled is true -# connection.mutation-tokens-enabled: false - -# At startup when connection error is occurred persistence layer can make another attempt to open buckets. -# Before make next try it pause process for 5 second. If after that total connection time is less than specified -# in property above new attempt will be executed -connection.connection-max-wait-time: %(couchbase_conn_max_wait)s - -# Default scan consistency. Possible values are: not_bounded, request_plus, statement_plus -connection.scan-consistency: %(couchbase_scan_consistency)s - -# Disable scan consistency in queries. Default value: false -# connection.ignore-attribute-scan-consistency: true - -# Try to execute query with scan consitency specified in connection.scan-consistency first. -# On failure execute query again with scan consistency specified in attributes defintions. Default value: true -# connection.attempt-without-attribute-scan-consistency: false - -# Enable scopes support. Default value: false -# connection.enable-scope-support: true - -# Disable mapping to short attribute names. Default value: false -# connection.disable-attribute-mapping: true - -auth.userName: %(couchbase_server_user)s -auth.userPassword: %(encoded_couchbase_server_pw)s - -buckets: %(couchbase_buckets)s - -bucket.default: %(default_bucket)s -%(couchbase_mappings)s - -password.encryption.method: %(encryption_method)s - -ssl.trustStore.enable: %(ssl_enabled)s -ssl.trustStore.file: %(couchbaseTrustStoreFn)s -ssl.trustStore.pin: %(encoded_couchbaseTrustStorePass)s -ssl.trustStore.type: pkcs12 - -tls.enable: false - -binaryAttributes=objectGUID -certificateAttributes=userCertificate diff --git a/docker-jans-configurator/Dockerfile b/docker-jans-configurator/Dockerfile index 4eadbd1deed..4d689b5922e 100644 --- a/docker-jans-configurator/Dockerfile +++ b/docker-jans-configurator/Dockerfile @@ -27,7 +27,7 @@ RUN mkdir -p /opt/jans/configurator/javalibs \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 +ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 RUN git clone --depth 500 --filter blob:none --no-checkout https://github.com/janssenproject/jans /tmp/jans \ && cd /tmp/jans \ diff --git a/docker-jans-configurator/README.md b/docker-jans-configurator/README.md index e9e9a2d7aab..0333acfc978 100644 --- a/docker-jans-configurator/README.md +++ b/docker-jans-configurator/README.md @@ -98,14 +98,12 @@ For fresh installation, generate the initial configuration by creating `/path/to - `auth_sig_keys`: space-separated key algorithm for signing (default to `RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512`) - `auth_enc_keys`: space-separated key algorithm for encryption (default to `RSA1_5 RSA-OAEP`) - - `optional_scopes`: list of optional scopes (as JSON string) that will be used (supported scopes are `couchbase`, `redis`, `sql`; default to empty list) + - `optional_scopes`: list of optional scopes (as JSON string) that will be used (supported scopes are `redis`, `sql`; default to empty list) - `init_keys_exp`: the initial keys expiration time in hours (default to `48`; extra 1 hour will be added for hard limit) 2. `_secret`: - `sql_password`: user's password to access SQL database (only used if `optional_scopes` list contains `sql` scope) - - `couchbase_password`: user's password to access Couchbase database (only used if `optional_scopes` list contains `couchbase` scope) - - `couchbase_superuser_password`: superusers password to access Couchbase database (only used if `optional_scopes` list contains `couchbase` scope) - `encoded_salt`: user-defined salt (24 characters length); if omitted, salt will be generated automatically Example of generating `encoded_salt` value: diff --git a/docker-jans-configurator/scripts/bootstrap.py b/docker-jans-configurator/scripts/bootstrap.py index 0b1245509f3..62e9ba28fb3 100644 --- a/docker-jans-configurator/scripts/bootstrap.py +++ b/docker-jans-configurator/scripts/bootstrap.py @@ -15,8 +15,6 @@ from jans.pycloudlib import get_manager from jans.pycloudlib import wait_for -from jans.pycloudlib.persistence.couchbase import sync_couchbase_password -from jans.pycloudlib.persistence.couchbase import sync_couchbase_superuser_password from jans.pycloudlib.persistence.sql import sync_sql_password from jans.pycloudlib.persistence.utils import PersistenceMapper from jans.pycloudlib.utils import get_random_chars @@ -331,13 +329,6 @@ def transform_web_ctx(self): with open(ssl_key) as f: self.set_secret("ssl_key", f.read) - def transform_couchbase_ctx(self): - # TODO: move this to persistence-loader? - self.set_config("couchbaseTrustStoreFn", "/etc/certs/couchbase.pkcs12") - self.set_secret("couchbase_shib_user_password", get_random_chars) - self.set_secret("couchbase_password", self.secret_params.get("couchbase_password", "")) - self.set_secret("couchbase_superuser_password", self.secret_params.get("couchbase_superuser_password", "")) - def transform_sql_ctx(self): self.set_secret("sql_password", self.secret_params.get("sql_password", "")) @@ -363,9 +354,6 @@ def transform(self): if "redis" in opt_scopes: self.transform_redis_ctx() - if "couchbase" in opt_scopes: - self.transform_couchbase_ctx() - if "sql" in opt_scopes: self.transform_sql_ctx() @@ -527,9 +515,6 @@ def load(configuration_file, dump_file): match backend_type: case "sql": sync_sql_password(manager) - case "couchbase": - sync_couchbase_superuser_password(manager) - sync_couchbase_password(manager) # check whether config and secret in backend have been initialized should_skip = as_boolean(os.environ.get("CN_CONFIGURATOR_SKIP_INITIALIZED", False)) @@ -574,9 +559,6 @@ def dump(dump_file): match backend_type: case "sql": sync_sql_password(manager) - case "couchbase": - sync_couchbase_superuser_password(manager) - sync_couchbase_password(manager) # dump all configuration from remote backend to file dump_to_file(manager, dump_file) diff --git a/docker-jans-fido2/Dockerfile b/docker-jans-fido2/Dockerfile index 65c6b60685a..8a9ec238394 100644 --- a/docker-jans-fido2/Dockerfile +++ b/docker-jans-fido2/Dockerfile @@ -61,7 +61,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-fido2/webapps \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 +ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) @@ -178,18 +178,7 @@ ENV CN_SECRET_ADAPTER=vault \ # =============== ENV CN_PERSISTENCE_TYPE=sql \ - CN_HYBRID_MAPPING="{}" \ - CN_COUCHBASE_URL=localhost \ - CN_COUCHBASE_USER=admin \ - CN_COUCHBASE_CERT_FILE=/etc/certs/couchbase.crt \ - CN_COUCHBASE_PASSWORD_FILE=/etc/jans/conf/couchbase_password \ - CN_COUCHBASE_CONN_TIMEOUT=10000 \ - CN_COUCHBASE_CONN_MAX_WAIT=20000 \ - CN_COUCHBASE_SCAN_CONSISTENCY=not_bounded \ - CN_COUCHBASE_BUCKET_PREFIX=jans \ - CN_COUCHBASE_TRUSTSTORE_ENABLE=true \ - CN_COUCHBASE_KEEPALIVE_INTERVAL=30000 \ - CN_COUCHBASE_KEEPALIVE_TIMEOUT=2500 + CN_HYBRID_MAPPING="{}" # =========== # Generic ENV @@ -227,7 +216,7 @@ LABEL org.opencontainers.image.url="ghcr.io/janssenproject/jans/fido2" \ RUN mkdir -p /etc/certs \ ${JETTY_BASE}/jans-fido2/logs \ ${JETTY_BASE}/jans-fido2/custom/libs \ - ${JETTY_BASE}/common/libs/couchbase \ + ${JETTY_BASE}/common/libs \ ${JETTY_HOME}/temp \ /usr/share/java diff --git a/docker-jans-fido2/README.md b/docker-jans-fido2/README.md index 08115d1e2e5..30eea93bc15 100644 --- a/docker-jans-fido2/README.md +++ b/docker-jans-fido2/README.md @@ -49,19 +49,8 @@ The following environment variables are supported by the container: - `CN_WAIT_MAX_TIME`: How long the startup "health checks" should run (default to `300` seconds). - `CN_WAIT_SLEEP_DURATION`: Delay between startup "health checks" (default to `10` seconds). - `CN_MAX_RAM_PERCENTAGE`: Value passed to Java option `-XX:MaxRAMPercentage`. -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql` or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. -- `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`). -- `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`). -- `CN_COUCHBASE_CERT_FILE`: Couchbase root certificate location (default to `/etc/certs/couchbase.crt`). -- `CN_COUCHBASE_PASSWORD_FILE`: Path to file contains Couchbase password (default to `/etc/jans/conf/couchbase_password`). -- `CN_COUCHBASE_CONN_TIMEOUT`: Connect timeout used when a bucket is opened (default to `10000` milliseconds). -- `CN_COUCHBASE_CONN_MAX_WAIT`: Maximum time to wait before retrying connection (default to `20000` milliseconds). -- `CN_COUCHBASE_SCAN_CONSISTENCY`: Default scan consistency; one of `not_bounded`, `request_plus`, or `statement_plus` (default to `not_bounded`). -- `CN_COUCHBASE_BUCKET_PREFIX`: Prefix for Couchbase buckets (default to `jans`). -- `CN_COUCHBASE_TRUSTSTORE_ENABLE`: Enable truststore for encrypted Couchbase connection (default to `true`). -- `CN_COUCHBASE_KEEPALIVE_INTERVAL`: Keep-alive interval for Couchbase connection (default to `30000` milliseconds). -- `CN_COUCHBASE_KEEPALIVE_TIMEOUT`: Keep-alive timeout for Couchbase connection (default to `2500` milliseconds). - `CN_FIDO2_JAVA_OPTIONS`: Java options passed to entrypoint, i.e. `-Xmx1024m` (default to empty-string). - `GOOGLE_APPLICATION_CREDENTIALS`: Optional JSON file (contains Google credentials) that can be injected into container for authentication. Refer to https://cloud.google.com/docs/authentication/provide-credentials-adc#how-to for supported credentials. - `GOOGLE_PROJECT_ID`: ID of Google project. @@ -135,12 +124,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -152,7 +141,7 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c "user": "sql", "site": "sql", "cache": "sql", - "token": "couchbase", + "token": "sql", "session": "sql", } ``` diff --git a/docker-jans-fido2/scripts/bootstrap.py b/docker-jans-fido2/scripts/bootstrap.py index 1677f965de3..81908a814b0 100644 --- a/docker-jans-fido2/scripts/bootstrap.py +++ b/docker-jans-fido2/scripts/bootstrap.py @@ -7,11 +7,6 @@ from jans.pycloudlib import get_manager from jans.pycloudlib import wait_for_persistence -from jans.pycloudlib.persistence.couchbase import CouchbaseClient -from jans.pycloudlib.persistence.couchbase import render_couchbase_properties -from jans.pycloudlib.persistence.couchbase import sync_couchbase_cert -from jans.pycloudlib.persistence.couchbase import sync_couchbase_password -from jans.pycloudlib.persistence.couchbase import sync_couchbase_truststore from jans.pycloudlib.persistence.hybrid import render_hybrid_properties from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.sql import render_sql_properties @@ -47,18 +42,6 @@ def main(): if not os.path.exists(hybrid_prop): render_hybrid_properties(hybrid_prop) - if "couchbase" in persistence_groups: - sync_couchbase_password(manager) - render_couchbase_properties( - manager, - "/app/templates/jans-couchbase.properties", - "/etc/jans/conf/jans-couchbase.properties", - ) - - if as_boolean(os.environ.get("CN_COUCHBASE_TRUSTSTORE_ENABLE", "true")): - sync_couchbase_cert(manager) - sync_couchbase_truststore(manager) - if "sql" in persistence_groups: sync_sql_password(manager) db_dialect = os.environ.get("CN_SQL_DB_DIALECT", "mysql") @@ -171,7 +154,6 @@ def __init__(self, manager) -> None: self.manager = manager client_classes = { - "couchbase": CouchbaseClient, "sql": SqlClient, } diff --git a/docker-jans-fido2/scripts/mod_context.py b/docker-jans-fido2/scripts/mod_context.py index 2cf05595335..a25ebf8a288 100644 --- a/docker-jans-fido2/scripts/mod_context.py +++ b/docker-jans-fido2/scripts/mod_context.py @@ -87,13 +87,6 @@ def modify_app_xml(app_name): mapper = PersistenceMapper() persistence_groups = mapper.groups().keys() - for persistence_type in ["couchbase"]: - if persistence_type not in persistence_groups: - continue - - extract_common_libs(persistence_type) - custom_libs += get_registered_common_libs(app_name, persistence_type) - # render custom xml fn = f"/opt/jans/jetty/{app_name}/webapps/{app_name}.xml" diff --git a/docker-jans-fido2/scripts/upgrade.py b/docker-jans-fido2/scripts/upgrade.py index 06a73216ee8..5d88873e6cc 100644 --- a/docker-jans-fido2/scripts/upgrade.py +++ b/docker-jans-fido2/scripts/upgrade.py @@ -6,8 +6,6 @@ from collections import namedtuple from jans.pycloudlib import get_manager -from jans.pycloudlib.persistence.couchbase import CouchbaseClient -from jans.pycloudlib.persistence.couchbase import id_from_dn from jans.pycloudlib.persistence.sql import doc_id_from_dn from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.utils import PersistenceMapper @@ -97,59 +95,8 @@ def modify_entry(self, key, attrs=None, **kwargs): return self.client.update(table_name, key, attrs), "" -class CouchbaseBackend: - def __init__(self, manager): - self.manager = manager - self.client = CouchbaseClient(manager) - self.type = "couchbase" - - def get_entry(self, key, filter_="", attrs=None, **kwargs): - bucket = kwargs.get("bucket") - req = self.client.exec_query( - f"SELECT META().id, {bucket}.* FROM {bucket} USE KEYS '{key}'" # nosec: B608 - ) - if not req.ok: - return None - - try: - _attrs = req.json()["results"][0] - id_ = _attrs.pop("id") - entry = Entry(id_, _attrs) - except IndexError: - entry = None - return entry - - def modify_entry(self, key, attrs=None, **kwargs): - bucket = kwargs.get("bucket") - del_flag = kwargs.get("delete_attr", False) - attrs = attrs or {} - - if del_flag: - kv = ",".join(attrs.keys()) - mod_kv = f"UNSET {kv}" - else: - kv = ",".join([ - "{}={}".format(k, json.dumps(v)) - for k, v in attrs.items() - ]) - mod_kv = f"SET {kv}" - - query = f"UPDATE {bucket} USE KEYS '{key}' {mod_kv}" - req = self.client.exec_query(query) - - if req.ok: - resp = req.json() - status = bool(resp["status"] == "success") - message = resp["status"] - else: - status = False - message = req.text or req.reason - return status, message - - BACKEND_CLASSES = { "sql": SQLBackend, - "couchbase": CouchbaseBackend, } @@ -169,73 +116,46 @@ def invoke(self): self.update_fido2_error_config() def update_fido2_dynamic_config(self): - kwargs = {} - id_ = "ou=jans-fido2,ou=configuration,o=jans" - - if self.backend.type == "sql": - kwargs = {"table_name": "jansAppConf"} - id_ = doc_id_from_dn(id_) - elif self.backend.type == "couchbase": - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - id_ = id_from_dn(id_) + kwargs = {"table_name": "jansAppConf"} + id_ = doc_id_from_dn("ou=jans-fido2,ou=configuration,o=jans") entry = self.backend.get_entry(id_, **kwargs) if not entry: return - if self.backend.type != "couchbase": - with contextlib.suppress(json.decoder.JSONDecodeError): - entry.attrs["jansConfDyn"] = json.loads(entry.attrs["jansConfDyn"]) + with contextlib.suppress(json.decoder.JSONDecodeError): + entry.attrs["jansConfDyn"] = json.loads(entry.attrs["jansConfDyn"]) conf, should_update = _transform_fido2_dynamic_config(entry.attrs["jansConfDyn"]) if should_update: - if self.backend.type != "couchbase": - entry.attrs["jansConfDyn"] = json.dumps(conf) - + entry.attrs["jansConfDyn"] = json.dumps(conf) entry.attrs["jansRevision"] += 1 self.backend.modify_entry(entry.id, entry.attrs, **kwargs) def update_fido2_static_config(self): - kwargs = {} - id_ = "ou=jans-fido2,ou=configuration,o=jans" - - if self.backend.type == "sql": - kwargs = {"table_name": "jansAppConf"} - id_ = doc_id_from_dn(id_) - elif self.backend.type == "couchbase": - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - id_ = id_from_dn(id_) + kwargs = {"table_name": "jansAppConf"} + id_ = doc_id_from_dn("ou=jans-fido2,ou=configuration,o=jans") entry = self.backend.get_entry(id_, **kwargs) if not entry: return - if self.backend.type != "couchbase": - with contextlib.suppress(json.decoder.JSONDecodeError): - entry.attrs["jansConfStatic"] = json.loads(entry.attrs["jansConfStatic"]) + with contextlib.suppress(json.decoder.JSONDecodeError): + entry.attrs["jansConfStatic"] = json.loads(entry.attrs["jansConfStatic"]) conf, should_update = _transform_fido2_static_config(entry.attrs["jansConfStatic"]) if should_update: - if self.backend.type != "couchbase": - entry.attrs["jansConfStatic"] = json.dumps(conf) - + entry.attrs["jansConfStatic"] = json.dumps(conf) entry.attrs["jansRevision"] += 1 self.backend.modify_entry(entry.id, entry.attrs, **kwargs) def update_fido2_error_config(self): - kwargs = {} - id_ = "ou=jans-fido2,ou=configuration,o=jans" - - if self.backend.type == "sql": - kwargs = {"table_name": "jansAppConf"} - id_ = doc_id_from_dn(id_) - elif self.backend.type == "couchbase": - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - id_ = id_from_dn(id_) + kwargs = {"table_name": "jansAppConf"} + id_ = doc_id_from_dn("ou=jans-fido2,ou=configuration,o=jans") entry = self.backend.get_entry(id_, **kwargs) @@ -243,18 +163,13 @@ def update_fido2_error_config(self): return # config maybe null - if self.backend.type != "couchbase": - with contextlib.suppress(json.decoder.JSONDecodeError): - entry.attrs["jansConfErrors"] = json.loads(entry.attrs.get("jansConfErrors") or "{}") - else: - entry.attrs["jansConfErrors"] = entry.attrs.get("jansConfErrors") or {} + with contextlib.suppress(json.decoder.JSONDecodeError): + entry.attrs["jansConfErrors"] = json.loads(entry.attrs.get("jansConfErrors") or "{}") conf, should_update = _transform_fido2_error_config(entry.attrs["jansConfErrors"]) if should_update: - if self.backend.type != "couchbase": - entry.attrs["jansConfErrors"] = json.dumps(conf) - + entry.attrs["jansConfErrors"] = json.dumps(conf) entry.attrs["jansRevision"] += 1 self.backend.modify_entry(entry.id, entry.attrs, **kwargs) diff --git a/docker-jans-fido2/templates/jans-couchbase.properties b/docker-jans-fido2/templates/jans-couchbase.properties deleted file mode 100644 index 5688c21b824..00000000000 --- a/docker-jans-fido2/templates/jans-couchbase.properties +++ /dev/null @@ -1,68 +0,0 @@ -servers: %(hostname)s - -# Waits specified number of seconds until SDK bootstrap is complete and the desired ClusterState is observed -# Default waitUntilReady is -1 which means that it's turned off -connection.wait-until-ready-time: -1 - -# The connect timeout is used when a Bucket is opened. -# If you feel the urge to change this value to something higher, there is a good chance that your network is not properly set up. -# Connecting to the server should in practice not take longer than a second on a reasonably fast network. -# Default SDK connectTimeout is 10s -connection.connect-timeout: %(couchbase_conn_timeout)s - -# Enable/disable DNS SRV lookup for the bootstrap nodes -# Default dnsSrvEnabled is true -connection.dns.use-lookup: false - -# Key/value timeout -# Default SDK kvTimeout is 2500ms -connection.kv-timeout: 5000 - -# Query timeout -# Default SDK queryTimeout is 75s -connection.query-timeout: 75000 - -# Configures whether mutation tokens will be returned from the server for all mutation operations -# Default mutationTokensEnabled is true -# connection.mutation-tokens-enabled: false - -# At startup when connection error is occurred persistence layer can make another attempt to open buckets. -# Before make next try it pause process for 5 second. If after that total connection time is less than specified -# in property above new attempt will be executed -connection.connection-max-wait-time: %(couchbase_conn_max_wait)s - -# Default scan consistency. Possible values are: not_bounded, request_plus, statement_plus -connection.scan-consistency: %(couchbase_scan_consistency)s - -# Disable scan consistency in queries. Default value: false -# connection.ignore-attribute-scan-consistency: true - -# Try to execute query with scan consitency specified in connection.scan-consistency first. -# On failure execute query again with scan consistency specified in attributes defintions. Default value: true -# connection.attempt-without-attribute-scan-consistency: false - -# Enable scopes support. Default value: false -# connection.enable-scope-support: true - -# Disable mapping to short attribute names. Default value: false -# connection.disable-attribute-mapping: true - -auth.userName: %(couchbase_server_user)s -auth.userPassword: %(encoded_couchbase_server_pw)s - -buckets: %(couchbase_buckets)s - -bucket.default: %(default_bucket)s -%(couchbase_mappings)s - -password.encryption.method: %(encryption_method)s - -ssl.trustStore.enable: %(ssl_enabled)s -ssl.trustStore.file: %(couchbaseTrustStoreFn)s -ssl.trustStore.pin: %(encoded_couchbaseTrustStorePass)s -ssl.trustStore.type: pkcs12 - -tls.enable: false - -binaryAttributes=objectGUID -certificateAttributes=userCertificate diff --git a/docker-jans-fido2/templates/jans-fido2/log4j2.xml b/docker-jans-fido2/templates/jans-fido2/log4j2.xml index 8f6a08abac1..dd3a9b1b9d8 100644 --- a/docker-jans-fido2/templates/jans-fido2/log4j2.xml +++ b/docker-jans-fido2/templates/jans-fido2/log4j2.xml @@ -64,16 +64,6 @@ - - -persistence - - - - - -persistence-duration - - - -persistence-duration diff --git a/docker-jans-kc-scheduler/Dockerfile b/docker-jans-kc-scheduler/Dockerfile index 90ed3df0486..40a07b51226 100644 --- a/docker-jans-kc-scheduler/Dockerfile +++ b/docker-jans-kc-scheduler/Dockerfile @@ -38,7 +38,7 @@ RUN wget -q https://repo1.maven.org/maven2/org/codehaus/janino/janino/3.1.9/jani # Assets sync # =========== -ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 +ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 # note that as we're pulling from a monorepo (with multiple project in it) # we are using partial-clone and sparse-checkout to get the assets diff --git a/docker-jans-keycloak-link/Dockerfile b/docker-jans-keycloak-link/Dockerfile index 93b3098af3a..40d1b1fa783 100644 --- a/docker-jans-keycloak-link/Dockerfile +++ b/docker-jans-keycloak-link/Dockerfile @@ -61,7 +61,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-keycloak-link/webapps \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 +ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) @@ -167,18 +167,7 @@ ENV CN_SECRET_ADAPTER=vault \ # =============== ENV CN_PERSISTENCE_TYPE=sql \ - CN_HYBRID_MAPPING="{}" \ - CN_COUCHBASE_URL=localhost \ - CN_COUCHBASE_USER=admin \ - CN_COUCHBASE_CERT_FILE=/etc/certs/couchbase.crt \ - CN_COUCHBASE_PASSWORD_FILE=/etc/jans/conf/couchbase_password \ - CN_COUCHBASE_CONN_TIMEOUT=10000 \ - CN_COUCHBASE_CONN_MAX_WAIT=20000 \ - CN_COUCHBASE_SCAN_CONSISTENCY=not_bounded \ - CN_COUCHBASE_BUCKET_PREFIX=jans \ - CN_COUCHBASE_TRUSTSTORE_ENABLE=true \ - CN_COUCHBASE_KEEPALIVE_INTERVAL=30000 \ - CN_COUCHBASE_KEEPALIVE_TIMEOUT=2500 + CN_HYBRID_MAPPING="{}" # =========== # Generic ENV @@ -217,7 +206,7 @@ LABEL org.opencontainers.image.url="ghcr.io/janssenproject/jans/keycloak-link" \ RUN mkdir -p /etc/certs \ ${JETTY_BASE}/jans-keycloak-link/logs \ ${JETTY_BASE}/jans-keycloak-link/custom/libs \ - ${JETTY_BASE}/common/libs/couchbase \ + ${JETTY_BASE}/common/libs \ ${JETTY_HOME}/temp \ /usr/share/java \ /var/jans/cr-snapshots diff --git a/docker-jans-keycloak-link/README.md b/docker-jans-keycloak-link/README.md index ddba8047e08..7ae533c1e71 100644 --- a/docker-jans-keycloak-link/README.md +++ b/docker-jans-keycloak-link/README.md @@ -49,19 +49,8 @@ The following environment variables are supported by the container: - `CN_WAIT_MAX_TIME`: How long the startup "health checks" should run (default to `300` seconds). - `CN_WAIT_SLEEP_DURATION`: Delay between startup "health checks" (default to `10` seconds). - `CN_MAX_RAM_PERCENTAGE`: Value passed to Java option `-XX:MaxRAMPercentage`. -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql` or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. -- `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`). -- `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`). -- `CN_COUCHBASE_CERT_FILE`: Couchbase root certificate location (default to `/etc/certs/couchbase.crt`). -- `CN_COUCHBASE_PASSWORD_FILE`: Path to file contains Couchbase password (default to `/etc/jans/conf/couchbase_password`). -- `CN_COUCHBASE_CONN_TIMEOUT`: Connect timeout used when a bucket is opened (default to `10000` milliseconds). -- `CN_COUCHBASE_CONN_MAX_WAIT`: Maximum time to wait before retrying connection (default to `20000` milliseconds). -- `CN_COUCHBASE_SCAN_CONSISTENCY`: Default scan consistency; one of `not_bounded`, `request_plus`, or `statement_plus` (default to `not_bounded`). -- `CN_COUCHBASE_BUCKET_PREFIX`: Prefix for Couchbase buckets (default to `jans`). -- `CN_COUCHBASE_TRUSTSTORE_ENABLE`: Enable truststore for encrypted Couchbase connection (default to `true`). -- `CN_COUCHBASE_KEEPALIVE_INTERVAL`: Keep-alive interval for Couchbase connection (default to `30000` milliseconds). -- `CN_COUCHBASE_KEEPALIVE_TIMEOUT`: Keep-alive timeout for Couchbase connection (default to `2500` milliseconds). - `CN_KEYCLOAK_LINK_JAVA_OPTIONS`: Java options passed to entrypoint, i.e. `-Xmx1024m` (default to empty-string). - `GOOGLE_APPLICATION_CREDENTIALS`: Optional JSON file (contains Google credentials) that can be injected into container for authentication. Refer to https://cloud.google.com/docs/authentication/provide-credentials-adc#how-to for supported credentials. - `GOOGLE_PROJECT_ID`: ID of Google project. @@ -135,12 +124,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -152,7 +141,7 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c "user": "sql", "site": "sql", "cache": "sql", - "token": "couchbase", + "token": "sql", "session": "sql", } ``` diff --git a/docker-jans-keycloak-link/scripts/bootstrap.py b/docker-jans-keycloak-link/scripts/bootstrap.py index 519fdd8685a..b444988176a 100644 --- a/docker-jans-keycloak-link/scripts/bootstrap.py +++ b/docker-jans-keycloak-link/scripts/bootstrap.py @@ -9,11 +9,6 @@ from jans.pycloudlib import get_manager from jans.pycloudlib import wait_for_persistence -from jans.pycloudlib.persistence.couchbase import CouchbaseClient -from jans.pycloudlib.persistence.couchbase import render_couchbase_properties -from jans.pycloudlib.persistence.couchbase import sync_couchbase_cert -from jans.pycloudlib.persistence.couchbase import sync_couchbase_truststore -from jans.pycloudlib.persistence.couchbase import sync_couchbase_password from jans.pycloudlib.persistence.hybrid import render_hybrid_properties from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.sql import render_sql_properties @@ -55,18 +50,6 @@ def main(): if not os.path.exists(hybrid_prop): render_hybrid_properties(hybrid_prop) - if "couchbase" in persistence_groups: - sync_couchbase_password(manager) - render_couchbase_properties( - manager, - "/app/templates/jans-couchbase.properties", - "/etc/jans/conf/jans-couchbase.properties", - ) - - if as_boolean(os.environ.get("CN_COUCHBASE_TRUSTSTORE_ENABLE", "true")): - sync_couchbase_cert(manager) - sync_couchbase_truststore(manager) - if "sql" in persistence_groups: sync_sql_password(manager) db_dialect = os.environ.get("CN_SQL_DB_DIALECT", "mysql") @@ -179,7 +162,6 @@ def __init__(self, manager: Manager) -> None: self.manager = manager client_classes = { - "couchbase": CouchbaseClient, "sql": SqlClient, } diff --git a/docker-jans-keycloak-link/scripts/mod_context.py b/docker-jans-keycloak-link/scripts/mod_context.py index 63d25aac738..9fe365d3385 100644 --- a/docker-jans-keycloak-link/scripts/mod_context.py +++ b/docker-jans-keycloak-link/scripts/mod_context.py @@ -87,13 +87,6 @@ def modify_app_xml(app_name): mapper = PersistenceMapper() persistence_groups = mapper.groups().keys() - for persistence_type in ["couchbase"]: - if persistence_type not in persistence_groups: - continue - - extract_common_libs(persistence_type) - custom_libs += get_registered_common_libs(app_name, persistence_type) - # render custom xml fn = f"/opt/jans/jetty/{app_name}/webapps/{app_name}.xml" diff --git a/docker-jans-keycloak-link/scripts/upgrade.py b/docker-jans-keycloak-link/scripts/upgrade.py index 46a8783f947..3f4d42714a1 100644 --- a/docker-jans-keycloak-link/scripts/upgrade.py +++ b/docker-jans-keycloak-link/scripts/upgrade.py @@ -4,8 +4,6 @@ from collections import namedtuple from jans.pycloudlib import get_manager -from jans.pycloudlib.persistence.couchbase import CouchbaseClient -from jans.pycloudlib.persistence.couchbase import id_from_dn from jans.pycloudlib.persistence.sql import doc_id_from_dn from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.utils import PersistenceMapper @@ -38,59 +36,8 @@ def modify_entry(self, key, attrs=None, **kwargs): return self.client.update(table_name, key, attrs), "" -class CouchbaseBackend: - def __init__(self, manager): - self.manager = manager - self.client = CouchbaseClient(manager) - self.type = "couchbase" - - def get_entry(self, key, filter_="", attrs=None, **kwargs): - bucket = kwargs.get("bucket") - req = self.client.exec_query( - f"SELECT META().id, {bucket}.* FROM {bucket} USE KEYS '{key}'" # nosec: B608 - ) - if not req.ok: - return None - - try: - _attrs = req.json()["results"][0] - id_ = _attrs.pop("id") - entry = Entry(id_, _attrs) - except IndexError: - entry = None - return entry - - def modify_entry(self, key, attrs=None, **kwargs): - bucket = kwargs.get("bucket") - del_flag = kwargs.get("delete_attr", False) - attrs = attrs or {} - - if del_flag: - kv = ",".join(attrs.keys()) - mod_kv = f"UNSET {kv}" - else: - kv = ",".join([ - "{}={}".format(k, json.dumps(v)) - for k, v in attrs.items() - ]) - mod_kv = f"SET {kv}" - - query = f"UPDATE {bucket} USE KEYS '{key}' {mod_kv}" - req = self.client.exec_query(query) - - if req.ok: - resp = req.json() - status = bool(resp["status"] == "success") - message = resp["status"] - else: - status = False - message = req.text or req.reason - return status, message - - BACKEND_CLASSES = { "sql": SQLBackend, - "couchbase": CouchbaseBackend, } @@ -108,16 +55,8 @@ def invoke(self): self.enable_ext_script() def enable_ext_script(self): - kwargs = {} - script_id = "inum=13D3-E7AD,ou=scripts,o=jans" - - if self.backend.type == "sql": - kwargs = {"table_name": "jansCustomScr"} - script_id = doc_id_from_dn(script_id) - - else: # likely couchbase - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - script_id = id_from_dn(script_id) + kwargs = {"table_name": "jansCustomScr"} + script_id = doc_id_from_dn("inum=13D3-E7AD,ou=scripts,o=jans") # toggle cache-refresh script entry = self.backend.get_entry(script_id, **kwargs) diff --git a/docker-jans-keycloak-link/templates/jans-couchbase.properties b/docker-jans-keycloak-link/templates/jans-couchbase.properties deleted file mode 100644 index 5688c21b824..00000000000 --- a/docker-jans-keycloak-link/templates/jans-couchbase.properties +++ /dev/null @@ -1,68 +0,0 @@ -servers: %(hostname)s - -# Waits specified number of seconds until SDK bootstrap is complete and the desired ClusterState is observed -# Default waitUntilReady is -1 which means that it's turned off -connection.wait-until-ready-time: -1 - -# The connect timeout is used when a Bucket is opened. -# If you feel the urge to change this value to something higher, there is a good chance that your network is not properly set up. -# Connecting to the server should in practice not take longer than a second on a reasonably fast network. -# Default SDK connectTimeout is 10s -connection.connect-timeout: %(couchbase_conn_timeout)s - -# Enable/disable DNS SRV lookup for the bootstrap nodes -# Default dnsSrvEnabled is true -connection.dns.use-lookup: false - -# Key/value timeout -# Default SDK kvTimeout is 2500ms -connection.kv-timeout: 5000 - -# Query timeout -# Default SDK queryTimeout is 75s -connection.query-timeout: 75000 - -# Configures whether mutation tokens will be returned from the server for all mutation operations -# Default mutationTokensEnabled is true -# connection.mutation-tokens-enabled: false - -# At startup when connection error is occurred persistence layer can make another attempt to open buckets. -# Before make next try it pause process for 5 second. If after that total connection time is less than specified -# in property above new attempt will be executed -connection.connection-max-wait-time: %(couchbase_conn_max_wait)s - -# Default scan consistency. Possible values are: not_bounded, request_plus, statement_plus -connection.scan-consistency: %(couchbase_scan_consistency)s - -# Disable scan consistency in queries. Default value: false -# connection.ignore-attribute-scan-consistency: true - -# Try to execute query with scan consitency specified in connection.scan-consistency first. -# On failure execute query again with scan consistency specified in attributes defintions. Default value: true -# connection.attempt-without-attribute-scan-consistency: false - -# Enable scopes support. Default value: false -# connection.enable-scope-support: true - -# Disable mapping to short attribute names. Default value: false -# connection.disable-attribute-mapping: true - -auth.userName: %(couchbase_server_user)s -auth.userPassword: %(encoded_couchbase_server_pw)s - -buckets: %(couchbase_buckets)s - -bucket.default: %(default_bucket)s -%(couchbase_mappings)s - -password.encryption.method: %(encryption_method)s - -ssl.trustStore.enable: %(ssl_enabled)s -ssl.trustStore.file: %(couchbaseTrustStoreFn)s -ssl.trustStore.pin: %(encoded_couchbaseTrustStorePass)s -ssl.trustStore.type: pkcs12 - -tls.enable: false - -binaryAttributes=objectGUID -certificateAttributes=userCertificate diff --git a/docker-jans-keycloak-link/templates/jans-keycloak-link/log4j2.xml b/docker-jans-keycloak-link/templates/jans-keycloak-link/log4j2.xml index f8290d3f13f..9490444abfc 100644 --- a/docker-jans-keycloak-link/templates/jans-keycloak-link/log4j2.xml +++ b/docker-jans-keycloak-link/templates/jans-keycloak-link/log4j2.xml @@ -59,16 +59,6 @@ - - -persistence - - - - - -persistence-duration - - - -persistence-duration diff --git a/docker-jans-link/Dockerfile b/docker-jans-link/Dockerfile index 7cd1fa4262e..7cb3ee7fcb0 100644 --- a/docker-jans-link/Dockerfile +++ b/docker-jans-link/Dockerfile @@ -61,7 +61,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-link/webapps \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 +ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) @@ -167,18 +167,7 @@ ENV CN_SECRET_ADAPTER=vault \ # =============== ENV CN_PERSISTENCE_TYPE=sql \ - CN_HYBRID_MAPPING="{}" \ - CN_COUCHBASE_URL=localhost \ - CN_COUCHBASE_USER=admin \ - CN_COUCHBASE_CERT_FILE=/etc/certs/couchbase.crt \ - CN_COUCHBASE_PASSWORD_FILE=/etc/jans/conf/couchbase_password \ - CN_COUCHBASE_CONN_TIMEOUT=10000 \ - CN_COUCHBASE_CONN_MAX_WAIT=20000 \ - CN_COUCHBASE_SCAN_CONSISTENCY=not_bounded \ - CN_COUCHBASE_BUCKET_PREFIX=jans \ - CN_COUCHBASE_TRUSTSTORE_ENABLE=true \ - CN_COUCHBASE_KEEPALIVE_INTERVAL=30000 \ - CN_COUCHBASE_KEEPALIVE_TIMEOUT=2500 + CN_HYBRID_MAPPING="{}" # =========== # Generic ENV @@ -217,7 +206,7 @@ LABEL org.opencontainers.image.url="ghcr.io/janssenproject/jans/link" \ RUN mkdir -p /etc/certs \ ${JETTY_BASE}/jans-link/logs \ ${JETTY_BASE}/jans-link/custom/libs \ - ${JETTY_BASE}/common/libs/couchbase \ + ${JETTY_BASE}/common/libs \ ${JETTY_HOME}/temp \ /usr/share/java \ /var/jans/link-snapshots diff --git a/docker-jans-link/README.md b/docker-jans-link/README.md index 057d2a24be9..bc1a64ca5e1 100644 --- a/docker-jans-link/README.md +++ b/docker-jans-link/README.md @@ -49,19 +49,8 @@ The following environment variables are supported by the container: - `CN_WAIT_MAX_TIME`: How long the startup "health checks" should run (default to `300` seconds). - `CN_WAIT_SLEEP_DURATION`: Delay between startup "health checks" (default to `10` seconds). - `CN_MAX_RAM_PERCENTAGE`: Value passed to Java option `-XX:MaxRAMPercentage`. -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql` or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. -- `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`). -- `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`). -- `CN_COUCHBASE_CERT_FILE`: Couchbase root certificate location (default to `/etc/certs/couchbase.crt`). -- `CN_COUCHBASE_PASSWORD_FILE`: Path to file contains Couchbase password (default to `/etc/jans/conf/couchbase_password`). -- `CN_COUCHBASE_CONN_TIMEOUT`: Connect timeout used when a bucket is opened (default to `10000` milliseconds). -- `CN_COUCHBASE_CONN_MAX_WAIT`: Maximum time to wait before retrying connection (default to `20000` milliseconds). -- `CN_COUCHBASE_SCAN_CONSISTENCY`: Default scan consistency; one of `not_bounded`, `request_plus`, or `statement_plus` (default to `not_bounded`). -- `CN_COUCHBASE_BUCKET_PREFIX`: Prefix for Couchbase buckets (default to `jans`). -- `CN_COUCHBASE_TRUSTSTORE_ENABLE`: Enable truststore for encrypted Couchbase connection (default to `true`). -- `CN_COUCHBASE_KEEPALIVE_INTERVAL`: Keep-alive interval for Couchbase connection (default to `30000` milliseconds). -- `CN_COUCHBASE_KEEPALIVE_TIMEOUT`: Keep-alive timeout for Couchbase connection (default to `2500` milliseconds). - `CN_LINK_JAVA_OPTIONS`: Java options passed to entrypoint, i.e. `-Xmx1024m` (default to empty-string). - `GOOGLE_APPLICATION_CREDENTIALS`: Optional JSON file (contains Google credentials) that can be injected into container for authentication. Refer to https://cloud.google.com/docs/authentication/provide-credentials-adc#how-to for supported credentials. - `GOOGLE_PROJECT_ID`: ID of Google project. @@ -135,12 +124,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -152,7 +141,7 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c "user": "sql", "site": "sql", "cache": "sql", - "token": "couchbase", + "token": "sql", "session": "sql", } ``` diff --git a/docker-jans-link/scripts/bootstrap.py b/docker-jans-link/scripts/bootstrap.py index 7c6298bd485..445b708996b 100644 --- a/docker-jans-link/scripts/bootstrap.py +++ b/docker-jans-link/scripts/bootstrap.py @@ -9,11 +9,6 @@ from jans.pycloudlib import get_manager from jans.pycloudlib import wait_for_persistence -from jans.pycloudlib.persistence.couchbase import CouchbaseClient -from jans.pycloudlib.persistence.couchbase import render_couchbase_properties -from jans.pycloudlib.persistence.couchbase import sync_couchbase_cert -from jans.pycloudlib.persistence.couchbase import sync_couchbase_password -from jans.pycloudlib.persistence.couchbase import sync_couchbase_truststore from jans.pycloudlib.persistence.hybrid import render_hybrid_properties from jans.pycloudlib.persistence.sql import render_sql_properties from jans.pycloudlib.persistence.sql import SqlClient @@ -56,18 +51,6 @@ def main(): if not os.path.exists(hybrid_prop): render_hybrid_properties(hybrid_prop) - if "couchbase" in persistence_groups: - sync_couchbase_password(manager) - render_couchbase_properties( - manager, - "/app/templates/jans-couchbase.properties", - "/etc/jans/conf/jans-couchbase.properties", - ) - - if as_boolean(os.environ.get("CN_COUCHBASE_TRUSTSTORE_ENABLE", "true")): - sync_couchbase_cert(manager) - sync_couchbase_truststore(manager) - if "sql" in persistence_groups: sync_sql_password(manager) db_dialect = os.environ.get("CN_SQL_DB_DIALECT", "mysql") @@ -180,7 +163,6 @@ def __init__(self, manager: Manager) -> None: self.manager = manager client_classes = { - "couchbase": CouchbaseClient, "sql": SqlClient, } diff --git a/docker-jans-link/scripts/mod_context.py b/docker-jans-link/scripts/mod_context.py index aa3b324a125..12164727dbe 100644 --- a/docker-jans-link/scripts/mod_context.py +++ b/docker-jans-link/scripts/mod_context.py @@ -87,13 +87,6 @@ def modify_app_xml(app_name): mapper = PersistenceMapper() persistence_groups = mapper.groups().keys() - for persistence_type in ["couchbase"]: - if persistence_type not in persistence_groups: - continue - - extract_common_libs(persistence_type) - custom_libs += get_registered_common_libs(app_name, persistence_type) - # render custom xml fn = f"/opt/jans/jetty/{app_name}/webapps/{app_name}.xml" diff --git a/docker-jans-link/scripts/upgrade.py b/docker-jans-link/scripts/upgrade.py index 098d4d44df5..1588bc47996 100644 --- a/docker-jans-link/scripts/upgrade.py +++ b/docker-jans-link/scripts/upgrade.py @@ -4,8 +4,6 @@ from collections import namedtuple from jans.pycloudlib import get_manager -from jans.pycloudlib.persistence.couchbase import CouchbaseClient -from jans.pycloudlib.persistence.couchbase import id_from_dn from jans.pycloudlib.persistence.sql import doc_id_from_dn from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.utils import PersistenceMapper @@ -38,59 +36,8 @@ def modify_entry(self, key, attrs=None, **kwargs): return self.client.update(table_name, key, attrs), "" -class CouchbaseBackend: - def __init__(self, manager): - self.manager = manager - self.client = CouchbaseClient(manager) - self.type = "couchbase" - - def get_entry(self, key, filter_="", attrs=None, **kwargs): - bucket = kwargs.get("bucket") - req = self.client.exec_query( - f"SELECT META().id, {bucket}.* FROM {bucket} USE KEYS '{key}'" # nosec: B608 - ) - if not req.ok: - return None - - try: - _attrs = req.json()["results"][0] - id_ = _attrs.pop("id") - entry = Entry(id_, _attrs) - except IndexError: - entry = None - return entry - - def modify_entry(self, key, attrs=None, **kwargs): - bucket = kwargs.get("bucket") - del_flag = kwargs.get("delete_attr", False) - attrs = attrs or {} - - if del_flag: - kv = ",".join(attrs.keys()) - mod_kv = f"UNSET {kv}" - else: - kv = ",".join([ - "{}={}".format(k, json.dumps(v)) - for k, v in attrs.items() - ]) - mod_kv = f"SET {kv}" - - query = f"UPDATE {bucket} USE KEYS '{key}' {mod_kv}" - req = self.client.exec_query(query) - - if req.ok: - resp = req.json() - status = bool(resp["status"] == "success") - message = resp["status"] - else: - status = False - message = req.text or req.reason - return status, message - - BACKEND_CLASSES = { "sql": SQLBackend, - "couchbase": CouchbaseBackend, } @@ -108,16 +55,8 @@ def invoke(self): self.enable_ext_script() def enable_ext_script(self): - kwargs = {} - script_id = "inum=13D3-E7AD,ou=scripts,o=jans" - - if self.backend.type == "sql": - kwargs = {"table_name": "jansCustomScr"} - script_id = doc_id_from_dn(script_id) - - else: # likely couchbase - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - script_id = id_from_dn(script_id) + kwargs = {"table_name": "jansCustomScr"} + script_id = doc_id_from_dn("inum=13D3-E7AD,ou=scripts,o=jans") # toggle cache-refresh script entry = self.backend.get_entry(script_id, **kwargs) diff --git a/docker-jans-link/templates/jans-couchbase.properties b/docker-jans-link/templates/jans-couchbase.properties deleted file mode 100644 index 5688c21b824..00000000000 --- a/docker-jans-link/templates/jans-couchbase.properties +++ /dev/null @@ -1,68 +0,0 @@ -servers: %(hostname)s - -# Waits specified number of seconds until SDK bootstrap is complete and the desired ClusterState is observed -# Default waitUntilReady is -1 which means that it's turned off -connection.wait-until-ready-time: -1 - -# The connect timeout is used when a Bucket is opened. -# If you feel the urge to change this value to something higher, there is a good chance that your network is not properly set up. -# Connecting to the server should in practice not take longer than a second on a reasonably fast network. -# Default SDK connectTimeout is 10s -connection.connect-timeout: %(couchbase_conn_timeout)s - -# Enable/disable DNS SRV lookup for the bootstrap nodes -# Default dnsSrvEnabled is true -connection.dns.use-lookup: false - -# Key/value timeout -# Default SDK kvTimeout is 2500ms -connection.kv-timeout: 5000 - -# Query timeout -# Default SDK queryTimeout is 75s -connection.query-timeout: 75000 - -# Configures whether mutation tokens will be returned from the server for all mutation operations -# Default mutationTokensEnabled is true -# connection.mutation-tokens-enabled: false - -# At startup when connection error is occurred persistence layer can make another attempt to open buckets. -# Before make next try it pause process for 5 second. If after that total connection time is less than specified -# in property above new attempt will be executed -connection.connection-max-wait-time: %(couchbase_conn_max_wait)s - -# Default scan consistency. Possible values are: not_bounded, request_plus, statement_plus -connection.scan-consistency: %(couchbase_scan_consistency)s - -# Disable scan consistency in queries. Default value: false -# connection.ignore-attribute-scan-consistency: true - -# Try to execute query with scan consitency specified in connection.scan-consistency first. -# On failure execute query again with scan consistency specified in attributes defintions. Default value: true -# connection.attempt-without-attribute-scan-consistency: false - -# Enable scopes support. Default value: false -# connection.enable-scope-support: true - -# Disable mapping to short attribute names. Default value: false -# connection.disable-attribute-mapping: true - -auth.userName: %(couchbase_server_user)s -auth.userPassword: %(encoded_couchbase_server_pw)s - -buckets: %(couchbase_buckets)s - -bucket.default: %(default_bucket)s -%(couchbase_mappings)s - -password.encryption.method: %(encryption_method)s - -ssl.trustStore.enable: %(ssl_enabled)s -ssl.trustStore.file: %(couchbaseTrustStoreFn)s -ssl.trustStore.pin: %(encoded_couchbaseTrustStorePass)s -ssl.trustStore.type: pkcs12 - -tls.enable: false - -binaryAttributes=objectGUID -certificateAttributes=userCertificate diff --git a/docker-jans-link/templates/jans-link/log4j2.xml b/docker-jans-link/templates/jans-link/log4j2.xml index 739d4d525f9..c973d0fa92b 100644 --- a/docker-jans-link/templates/jans-link/log4j2.xml +++ b/docker-jans-link/templates/jans-link/log4j2.xml @@ -58,16 +58,6 @@ - - -persistence - - - - - -persistence-duration - - - -persistence-duration diff --git a/docker-jans-monolith/Dockerfile b/docker-jans-monolith/Dockerfile index f04b5f1b29e..839059e24b0 100644 --- a/docker-jans-monolith/Dockerfile +++ b/docker-jans-monolith/Dockerfile @@ -42,7 +42,7 @@ EXPOSE 443 8080 1636 # jans-linux-setup # ===================== -ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 +ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 # cleanup RUN rm -rf /tmp/jans @@ -67,7 +67,6 @@ ENV CN_HOSTNAME="demoexample.jans.io" \ TEST_CLIENT_ID="9876baac-de39-4c23-8a78-674b59df8c09" \ TEST_CLIENT_SECRET="" \ TEST_CLIENT_TRUSTED="true" \ - CN_INSTALL_COUCHBASE="false" \ CN_INSTALL_MYSQL="false" \ CN_INSTALL_PGSQL="false" \ CN_INSTALL_CONFIG_API="true" \ diff --git a/docker-jans-monolith/clean.sh b/docker-jans-monolith/clean.sh index a2ce496b576..6816964fdc1 100644 --- a/docker-jans-monolith/clean.sh +++ b/docker-jans-monolith/clean.sh @@ -5,7 +5,7 @@ if [ -z "$1" ]; then yaml="jans-mysql-compose.yml" else case "$1" in - mysql|postgres|couchbase) + mysql|postgres) yaml="jans-${1}-compose.yml" ;; *) diff --git a/docker-jans-monolith/down.sh b/docker-jans-monolith/down.sh index b1f038784e9..7a5c37bd142 100644 --- a/docker-jans-monolith/down.sh +++ b/docker-jans-monolith/down.sh @@ -5,7 +5,7 @@ if [ -z "$1" ]; then yaml="jans-mysql-compose.yml" else case "$1" in - mysql|postgres|couchbase) + mysql|postgres) yaml="jans-${1}-compose.yml" ;; *) diff --git a/docker-jans-monolith/jans-couchbase-compose.yml b/docker-jans-monolith/jans-couchbase-compose.yml deleted file mode 100644 index 99fc3869c5d..00000000000 --- a/docker-jans-monolith/jans-couchbase-compose.yml +++ /dev/null @@ -1,59 +0,0 @@ -version: "3.7" -services: - couchbase: - image: couchbase/server-sandbox:7.6.1 - restart: always - ports: - - "8091-8096:8091-8096" - - "11210-11211:11210-11211" - volumes: - - ./couchbase_demo:/opt/couchbase/var - networks: - - cloud_bridge - jans: - image: ${JANSSEN_IMAGE:-ghcr.io/janssenproject/jans/monolith:1.1.6_dev} - restart: always - ports: - - "443:443" - - "80:80" - depends_on: - - couchbase - networks: - - cloud_bridge - environment: - #- CN_HOSTNAME=demoexample.jans.io - - CN_ADMIN_PASS=1t5Fin3#security - - CN_ORG_NAME=Janssen - - CN_EMAIL=support@jans.io - - CN_CITY=Austin - - CN_STATE=TX - - CN_COUNTRY=US - - CN_INSTALL_COUCHBASE=true - - CN_INSTALL_CONFIG_API=true - - CN_INSTALL_SCIM=true - - CN_INSTALL_FIDO2=true - - CN_INSTALL_CASA=true - - CN_INSTALL_KC_LINK=true - - CN_INSTALL_LOCK=true - - CN_INSTALL_SAML=false - - CN_INSTALL_OPA=true - - TEST_CLIENT_ID=9876baac-de39-4c23-8a78-674b59df8c09 - - TEST_CLIENT_TRUSTED=true - - TEST_CLIENT_SECRET=1t5Fin3#security - - COUCHBASE_PASSWORD=password - - COUCHBASE_ADMIN=Administrator - - COUCHBASE_HOSTNAME=couchbase - volumes: - - ./jans-auth-custom:/opt/jans/jetty/jans-auth/custom - - ./jans-config-api-custom:/opt/jans/jetty/jans-config-api/custom - - ./jans-fido2-custom:/opt/jans/jetty/jans-fido2/custom - - ./jans-scim-custom:/opt/jans/jetty/jans-scim/custom - - ./jans-auth-log:/opt/jans/jetty/jans-auth/logs - - ./jans-config-api-log:/opt/jans/jetty/jans-config-api/logs - - ./jans-scim-log:/opt/jans/jetty/jans-scim/logs - - ./jans-fido2-log:/opt/jans/jetty/jans-fido2/log -volumes: - db-data: -networks: - cloud_bridge: - driver: bridge diff --git a/docker-jans-monolith/scripts/entrypoint.sh b/docker-jans-monolith/scripts/entrypoint.sh index 2969fb7f4fe..553bbc0c2aa 100644 --- a/docker-jans-monolith/scripts/entrypoint.sh +++ b/docker-jans-monolith/scripts/entrypoint.sh @@ -62,12 +62,6 @@ install_jans() { echo "Installing with Postgres" echo "rdbm_type=pgsql" | tee -a setup.properties > /dev/null echo "rdbm_port=5432" | tee -a setup.properties > /dev/null - elif [[ "${CN_INSTALL_COUCHBASE}" == "true" ]]; then - echo "Installing with Couchbase" - echo "cb_install=2" | tee -a setup.properties > /dev/null - echo "cb_password=${COUCHBASE_PASSWORD}" | tee -a setup.properties > /dev/null - echo "couchbase_hostname=${COUCHBASE_HOSTNAME}" | tee -a setup.properties > /dev/null - echo "couchebaseClusterAdmin=${COUCHBASE_ADMIN}" | tee -a setup.properties > /dev/null fi echo "***** Running the setup script for ${CN_ORG_NAME}!! *****" diff --git a/docker-jans-monolith/up.sh b/docker-jans-monolith/up.sh index a98a435361e..4a39ce7ce57 100644 --- a/docker-jans-monolith/up.sh +++ b/docker-jans-monolith/up.sh @@ -5,7 +5,7 @@ if [ -z "$1" ]; then yaml="jans-mysql-compose.yml" else case "$1" in - mysql|postgres|couchbase) + mysql|postgres) yaml="jans-${1}-compose.yml" ;; *) diff --git a/docker-jans-persistence-loader/Dockerfile b/docker-jans-persistence-loader/Dockerfile index 07b6627f67b..aadd8540b83 100644 --- a/docker-jans-persistence-loader/Dockerfile +++ b/docker-jans-persistence-loader/Dockerfile @@ -16,7 +16,7 @@ RUN apk update \ # =========== # janssenproject/jans SHA commit -ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 +ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup ARG JANS_SCRIPT_CATALOG_DIR=docs/script-catalog ARG JANS_CONFIG_API_RESOURCES=jans-config-api/server/src/main/resources @@ -32,12 +32,11 @@ RUN git clone --depth 500 --filter blob:none --no-checkout https://github.com/ja && git sparse-checkout add ${JANS_CONFIG_API_RESOURCES} \ && git sparse-checkout add jans-pycloudlib -RUN mkdir -p /app/static /app/static/couchbase /app/schema /app/static/opendj /app/templates +RUN mkdir -p /app/static /app/schema /app/static/opendj /app/templates # sync static files from linux-setup RUN cd /tmp/jans \ && cp -R ${JANS_SETUP_DIR}/static/extension /app/static/extension \ - && cp ${JANS_SETUP_DIR}/static/couchbase/index.json /app/static/couchbase/index.json \ && cp ${JANS_SETUP_DIR}/schema/opendj_types.json /app/schema/opendj_types.json \ && cp -R ${JANS_SETUP_DIR}/static/rdbm /app/static/rdbm \ && cp ${JANS_SETUP_DIR}/schema/jans_schema.json /app/schema/ \ @@ -117,17 +116,8 @@ ENV CN_SECRET_ADAPTER=vault \ # Persistence ENV # =============== -ENV CN_PERSISTENCE_TYPE=couchbase \ - CN_HYBRID_MAPPING="{}" \ - CN_COUCHBASE_URL=localhost \ - CN_COUCHBASE_USER=admin \ - CN_COUCHBASE_CERT_FILE=/etc/certs/couchbase.crt \ - CN_COUCHBASE_PASSWORD_FILE=/etc/jans/conf/couchbase_password \ - CN_COUCHBASE_SUPERUSER="" \ - CN_COUCHBASE_SUPERUSER_PASSWORD_FILE=/etc/jans/conf/couchbase_superuser_password \ - CN_COUCHBASE_INDEX_NUM_REPLICA=0 \ - CN_LDAP_URL=localhost:1636 \ - CN_LDAP_USE_SSL=true +ENV CN_PERSISTENCE_TYPE=sql \ + CN_HYBRID_MAPPING="{}" # =========== # Generic ENV diff --git a/docker-jans-persistence-loader/README.md b/docker-jans-persistence-loader/README.md index 9e40da3e013..a7178b01627 100644 --- a/docker-jans-persistence-loader/README.md +++ b/docker-jans-persistence-loader/README.md @@ -54,16 +54,10 @@ The following environment variables are supported by the container: - `CN_REDIS_URL`: URL of Redis server, format is host:port (optional; default to `localhost:6379`). - `CN_REDIS_TYPE`: Redis service type, either `STANDALONE` or `CLUSTER` (optional; default to `STANDALONE`). - `CN_MEMCACHED_URL`: URL of Memcache server, format is host:port (optional; default to `localhost:11211`). -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (`couchbase`, `sql`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (`sql` or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. - `CN_PERSISTENCE_SKIP_INITIALIZED`: skip initialization if backend already initialized (default to `false`). - `CN_PERSISTENCE_UPDATE_AUTH_DYNAMIC_CONFIG`: Whether to allow automatic updates of `jans-auth` configuration (default to `true`). -- `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`). -- `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`). -- `CN_COUCHBASE_SUPERUSER`: Superuser of Couchbase server (default to empty-string). -- `CN_COUCHBASE_CERT_FILE`: Couchbase root certificate location (default to `/etc/certs/couchbase.crt`). -- `CN_COUCHBASE_PASSWORD_FILE`: Path to file contains Couchbase password (default to `/etc/jans/conf/couchbase_password`). -- `CN_COUCHBASE_SUPERUSER_PASSWORD_FILE`: Path to file contains Couchbase superuser password (default to `/etc/jans/conf/couchbase_superuser_password`). - `CN_DOCUMENT_STORE_TYPE`: Document store type (one of `LOCAL` or `DB`; default to `DB`). - `CN_JACKRABBIT_URL`: URL to remote repository (default to `http://localhost:8080`). - `CN_JACKRABBIT_ADMIN_ID_FILE`: Absolute path to file contains ID for admin user (default to `/etc/jans/conf/jackrabbit_admin_id`). @@ -99,12 +93,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -116,7 +110,7 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c "user": "sql", "site": "sql", "cache": "sql", - "token": "couchbase", + "token": "sql", "session": "sql", } ``` diff --git a/docker-jans-persistence-loader/scripts/bootstrap.py b/docker-jans-persistence-loader/scripts/bootstrap.py index fda78903abb..9d090f31f99 100644 --- a/docker-jans-persistence-loader/scripts/bootstrap.py +++ b/docker-jans-persistence-loader/scripts/bootstrap.py @@ -2,13 +2,10 @@ from jans.pycloudlib import get_manager from jans.pycloudlib import wait_for_persistence_conn -from jans.pycloudlib.persistence.couchbase import sync_couchbase_password -from jans.pycloudlib.persistence.couchbase import sync_couchbase_superuser_password from jans.pycloudlib.persistence.sql import sync_sql_password from jans.pycloudlib.persistence.utils import PersistenceMapper from hybrid_setup import HybridBackend -from couchbase_setup import CouchbaseBackend from sql_setup import SQLBackend from upgrade import Upgrade @@ -17,7 +14,6 @@ def main(): manager = get_manager() backend_classes = { - "couchbase": CouchbaseBackend, "hybrid": HybridBackend, "sql": SQLBackend, } @@ -33,11 +29,6 @@ def main(): if "sql" in persistence_groups: sync_sql_password(manager) - if "couchbase" in persistence_groups: - # superuser is required to create buckets, etc. - sync_couchbase_superuser_password(manager) - sync_couchbase_password(manager) - wait_for_persistence_conn(manager) with manager.lock.create_lock("persistence-loader-init"): diff --git a/docker-jans-persistence-loader/scripts/couchbase_setup.py b/docker-jans-persistence-loader/scripts/couchbase_setup.py deleted file mode 100644 index a3a05ccfe08..00000000000 --- a/docker-jans-persistence-loader/scripts/couchbase_setup.py +++ /dev/null @@ -1,224 +0,0 @@ -import json -import logging.config -import os -import time -from pathlib import Path - -from jans.pycloudlib.persistence.couchbase import CouchbaseClient - -from settings import LOGGING_CONFIG -from utils import prepare_template_ctx -from hooks import get_ldif_mappings_hook - -logging.config.dictConfig(LOGGING_CONFIG) -logger = logging.getLogger("persistence-loader") - - -def get_bucket_mappings(manager): - prefix = os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans") - _mappings = { - "default": { - "bucket": prefix, - "mem_alloc": 100, - }, - "user": { - "bucket": f"{prefix}_user", - "mem_alloc": 300, - }, - "site": { - "bucket": f"{prefix}_site", - "mem_alloc": 100, - }, - "token": { - "bucket": f"{prefix}_token", - "mem_alloc": 300, - }, - "cache": { - "bucket": f"{prefix}_cache", - "mem_alloc": 100, - }, - "session": { - "bucket": f"{prefix}_session", - "mem_alloc": 200, - }, - } - - optional_scopes = json.loads(manager.config.get("optional_scopes", "[]")) - return { - mapping: {"files": files} | _mappings[mapping] - for mapping, files in get_ldif_mappings_hook("couchbase", optional_scopes).items() - } - - -class CouchbaseBackend: - def __init__(self, manager): - self.client = CouchbaseClient(manager) - self.manager = manager - self.index_num_replica = 0 - - def create_buckets(self, bucket_mappings, bucket_type="couchbase"): - sys_info = self.client.get_system_info() - - if not sys_info: - raise RuntimeError("Unable to get system info from Couchbase; aborting ...") - - ram_info = sys_info["storageTotals"]["ram"] - - total_mem = (ram_info['quotaTotalPerNode'] - ram_info['quotaUsedPerNode']) / (1024 * 1024) - # the minimum memory is a sum of required buckets + minimum mem for `gluu` bucket - min_mem = sum(value["mem_alloc"] for value in bucket_mappings.values()) + 100 - - logger.info("Memory size per node for Couchbase buckets was determined as {} MB".format(total_mem)) - logger.info("Minimum memory size per node for Couchbase buckets was determined as {} MB".format(min_mem)) - - if total_mem < min_mem: - logger.warning("Available quota on couchbase node is less than {} MB".format(min_mem)) - - # always create `jans` bucket even when `default` mapping stored in another persistence - if "default" not in bucket_mappings: - memsize = 100 - bucket = os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans") - - logger.info(f"Creating bucket {bucket} with type {bucket_type} and RAM size {memsize}") - - req = self.client.add_bucket(bucket, memsize, bucket_type) - if not req.ok: - logger.warning(f"Failed to create bucket {bucket}; reason={req.text}") - - req = self.client.get_buckets() - if req.ok: - remote_buckets = tuple(bckt["name"] for bckt in req.json()) - else: - remote_buckets = () - - for _, mapping in bucket_mappings.items(): - if mapping["bucket"] in remote_buckets: - continue - - memsize = int((mapping["mem_alloc"] / float(min_mem)) * total_mem) - - logger.info(f"Creating bucket {mapping['bucket']} with type {bucket_type} and RAM size {memsize}") - - req = self.client.add_bucket(mapping["bucket"], memsize, bucket_type) - if not req.ok: - logger.warning(f"Failed to create bucket {mapping['bucket']}; reason={req.text}") - - def create_indexes(self, bucket_mappings): - buckets = [mapping["bucket"] for _, mapping in bucket_mappings.items()] - prefix = os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans") - - with open("/app/static/couchbase/index.json") as f: - txt = f.read().replace("!bucket_prefix!", prefix) - indexes = json.loads(txt) - - for bucket in buckets: - if bucket not in indexes: - continue - - logger.info("Running Couchbase index creation for {} bucket (if not exist)".format(bucket)) - - queries = [] - index_list = indexes.get(bucket, {}) - index_names = [] - - for index in index_list.get("attributes", []): - if '(' in ''.join(index): - attr_ = index[0] - index_name_ = index[0].replace('(', '_').replace(')', '_').replace('`', '').lower() - if index_name_.endswith('_'): - index_name_ = index_name_[:-1] - index_name = 'def_{0}_{1}'.format(bucket, index_name_) - else: - attr_ = ','.join(['`{}`'.format(a) for a in index]) - index_name = "def_{0}_{1}".format(bucket, '_'.join(index)) - - queries.append( - 'CREATE INDEX %s ON `%s`(%s) USING GSI WITH {"defer_build":true,"num_replica": %s};\n' % (index_name, bucket, attr_, self.index_num_replica) - ) - - index_names.append(index_name) - - if index_names: - queries.append('BUILD INDEX ON `%s` (%s) USING GSI;\n' % (bucket, ', '.join(index_names))) - - sic = 1 - for attribs, wherec in index_list.get("static", []): - attrquoted = [] - - for a in attribs: - if '(' not in a: - attrquoted.append('`{}`'.format(a)) - else: - attrquoted.append(a) - attrquoteds = ', '.join(attrquoted) - - queries.append( - 'CREATE INDEX `{0}_static_{1:02d}` ON `{0}`({2}) WHERE ({3}) WITH {{ "num_replica": {4} }}\n'.format(bucket, sic, attrquoteds, wherec, self.index_num_replica) - ) - sic += 1 - - for query in queries: - query = query.strip() - if not query: - continue - - req = self.client.exec_query(query) - if not req.ok: - # the following code should be ignored - # - 4300: index already exists - error = req.json()["errors"][0] - if error["code"] in (4300,): - continue - logger.warning(f"Failed to execute query, reason={error['msg'].strip()}") # .format(error["msg"])) - - def import_builtin_ldif(self, bucket_mappings, ctx): - for _, mapping in bucket_mappings.items(): - for file_ in mapping["files"]: - self._import_ldif(f"/app/templates/{file_}", ctx) - - def initialize(self): - num_replica = int(os.environ.get("CN_COUCHBASE_INDEX_NUM_REPLICA", 0)) - num_indexer_nodes = len(self.client.get_index_nodes()) - - if num_replica >= num_indexer_nodes: - raise ValueError(f"Number of index replica ({num_replica}) must be less than available indexer nodes ({num_indexer_nodes})") - - self.index_num_replica = num_replica - - bucket_mappings = get_bucket_mappings(self.manager) - - time.sleep(5) - self.create_buckets(bucket_mappings) - - time.sleep(5) - self.create_indexes(bucket_mappings) - - time.sleep(5) - ctx = prepare_template_ctx(self.manager) - - logger.info("Importing builtin LDIF files") - self.import_builtin_ldif(bucket_mappings, ctx) - - logger.info("Importing custom LDIF files (if any)") - self.import_custom_ldif(ctx) - - time.sleep(5) - self.create_couchbase_shib_user() - - def create_couchbase_shib_user(self): - self.client.create_user( - 'couchbaseShibUser', - self.manager.secret.get("couchbase_shib_user_password"), - 'Shibboleth IDP', - 'query_select[*]', - ) - - def import_custom_ldif(self, ctx): - custom_dir = Path("/app/custom_ldif") - - for file_ in custom_dir.rglob("*.ldif"): - self._import_ldif(file_, ctx) - - def _import_ldif(self, path, ctx): - logger.info(f"Importing {path} file") - self.client.create_from_ldif(path, ctx) diff --git a/docker-jans-persistence-loader/scripts/hybrid_setup.py b/docker-jans-persistence-loader/scripts/hybrid_setup.py index 16ef7157c1b..2a1488150fa 100644 --- a/docker-jans-persistence-loader/scripts/hybrid_setup.py +++ b/docker-jans-persistence-loader/scripts/hybrid_setup.py @@ -1,11 +1,9 @@ from jans.pycloudlib.persistence.utils import PersistenceMapper -from couchbase_setup import CouchbaseBackend from sql_setup import SQLBackend _backend_classes = { - "couchbase": CouchbaseBackend, "sql": SQLBackend, } diff --git a/docker-jans-persistence-loader/scripts/upgrade.py b/docker-jans-persistence-loader/scripts/upgrade.py index 15d7bf5ed6d..9e92f4a7650 100644 --- a/docker-jans-persistence-loader/scripts/upgrade.py +++ b/docker-jans-persistence-loader/scripts/upgrade.py @@ -7,10 +7,8 @@ from ldif import LDIFParser from jans.pycloudlib import get_manager -from jans.pycloudlib.persistence.couchbase import CouchbaseClient from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.sql import doc_id_from_dn -from jans.pycloudlib.persistence.couchbase import id_from_dn from jans.pycloudlib.persistence.utils import PersistenceMapper from jans.pycloudlib.persistence.sql import get_sql_password from jans.pycloudlib.utils import as_boolean @@ -128,84 +126,8 @@ def delete_entry(self, key, **kwargs): return self.client.delete(table_name, key) -class CouchbaseBackend: - def __init__(self, manager): - self.manager = manager - self.client = CouchbaseClient(manager) - self.type = "couchbase" - - def get_entry(self, key, filter_="", attrs=None, **kwargs): - bucket = kwargs.get("bucket") - req = self.client.exec_query( - f"SELECT META().id, {bucket}.* FROM {bucket} USE KEYS '{key}'" # nosec: B608 - ) - if not req.ok: - return None - - try: - _attrs = req.json()["results"][0] - id_ = _attrs.pop("id") - entry = Entry(id_, _attrs) - except IndexError: - entry = None - return entry - - def modify_entry(self, key, attrs=None, **kwargs): - bucket = kwargs.get("bucket") - del_flag = kwargs.get("delete_attr", False) - attrs = attrs or {} - - if del_flag: - kv = ",".join(attrs.keys()) - mod_kv = f"UNSET {kv}" - else: - kv = ",".join([ - "{}={}".format(k, json.dumps(v)) - for k, v in attrs.items() - ]) - mod_kv = f"SET {kv}" - - query = f"UPDATE {bucket} USE KEYS '{key}' {mod_kv}" - req = self.client.exec_query(query) - - if req.ok: - resp = req.json() - status = bool(resp["status"] == "success") - message = resp["status"] - else: - status = False - message = req.text or req.reason - return status, message - - def update_misc(self): - # 1 - fix objectclass for scim and config-api where it has lowecased objectclass instead of objectClass - bucket = os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans") - - # create the index for query - self.client.exec_query(f'CREATE INDEX `def_jans_fix_oc` ON `{bucket}`(`objectclass`)') - - # get all scopes that has objectclass instead of objectClass - req = self.client.exec_query(f"SELECT META().id, {bucket}.* FROM {bucket} WHERE `objectclass` IS NOT MISSING") - if req.ok: - resp = req.json() - for doc in resp["results"]: - id_ = doc.pop("id") - doc["objectClass"] = doc["objectclass"][-1] - self.modify_entry(id_, doc, **{"bucket": bucket}) - # remove the objectclass attribute so the query above wont return results - self.modify_entry(id_, {"objectclass": []}, **{"bucket": bucket, "delete_attr": True}) - - # drop the index - self.client.exec_query(f'DROP INDEX `{bucket}`.`def_jans_fix_oc`') - - def delete_entry(self, key, **kwargs): - bucket = kwargs.get("bucket") - return self.client.delete(bucket, key) - - BACKEND_CLASSES = { "sql": SQLBackend, - "couchbase": CouchbaseBackend, } @@ -245,23 +167,11 @@ def invoke(self): def update_scripts_entries(self): kwargs = {} - scim_id = JANS_SCIM_SCRIPT_DN - basic_id = JANS_BASIC_SCRIPT_DN - duo_id = "inum=5018-F9CF,ou=scripts,o=jans" - agama_id = "inum=BADA-BADA,ou=scripts,o=jans" - - if self.backend.type == "sql": - kwargs = {"table_name": "jansCustomScr"} - scim_id = doc_id_from_dn(scim_id) - basic_id = doc_id_from_dn(basic_id) - duo_id = doc_id_from_dn(duo_id) - agama_id = doc_id_from_dn(agama_id) - elif self.backend.type == "couchbase": - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - scim_id = id_from_dn(scim_id) - basic_id = id_from_dn(basic_id) - duo_id = id_from_dn(duo_id) - agama_id = id_from_dn(agama_id) + scim_id = doc_id_from_dn(JANS_SCIM_SCRIPT_DN) + basic_id = doc_id_from_dn(JANS_BASIC_SCRIPT_DN) + duo_id = doc_id_from_dn("inum=5018-F9CF,ou=scripts,o=jans") + agama_id = doc_id_from_dn("inum=BADA-BADA,ou=scripts,o=jans") + kwargs = {"table_name": "jansCustomScr"} # toggle scim script scim_entry = self.backend.get_entry(scim_id, **kwargs) @@ -315,45 +225,29 @@ def update_scripts_entries(self): self.backend.modify_entry(agama_entry.id, agama_entry.attrs, **kwargs) def update_auth_dynamic_config(self): - kwargs = {} - id_ = JANS_AUTH_CONFIG_DN - - if self.backend.type == "sql": - kwargs = {"table_name": "jansAppConf"} - id_ = doc_id_from_dn(id_) - elif self.backend.type == "couchbase": - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - id_ = id_from_dn(id_) + kwargs = {"table_name": "jansAppConf"} + id_ = doc_id_from_dn(JANS_AUTH_CONFIG_DN) entry = self.backend.get_entry(id_, **kwargs) if not entry: return - if self.backend.type != "couchbase": - entry.attrs["jansConfDyn"] = json.loads(entry.attrs["jansConfDyn"]) - + entry.attrs["jansConfDyn"] = json.loads(entry.attrs["jansConfDyn"]) conf, should_update = transform_auth_dynamic_config_hook(entry.attrs["jansConfDyn"], self.manager) if should_update: - if self.backend.type != "couchbase": - entry.attrs["jansConfDyn"] = json.dumps(conf) - + entry.attrs["jansConfDyn"] = json.dumps(conf) entry.attrs["jansRevision"] += 1 self.backend.modify_entry(entry.id, entry.attrs, **kwargs) def update_attributes_entries(self): def _update_claim_names(): - kwargs = {} rows = collect_claim_names() for id_, claim_name in rows.items(): - if self.backend.type == "sql": - id_ = doc_id_from_dn(id_) - kwargs = {"table_name": "jansAttr"} - elif self.backend.type == "couchbase": - id_ = id_from_dn(id_) - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} + id_ = doc_id_from_dn(id_) + kwargs = {"table_name": "jansAttr"} entry = self.backend.get_entry(id_, **kwargs) @@ -368,15 +262,8 @@ def _update_claim_names(): self.backend.modify_entry(entry.id, entry.attrs, **kwargs) def _update_mobile_attr(): - kwargs = {} - id_ = "inum=6DA6,ou=attributes,o=jans" - - if self.backend.type == "sql": - id_ = doc_id_from_dn(id_) - kwargs = {"table_name": "jansAttr"} - elif self.backend.type == "couchbase": - id_ = id_from_dn(id_) - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} + kwargs = {"table_name": "jansAttr"} + id_ = doc_id_from_dn("inum=6DA6,ou=attributes,o=jans") entry = self.backend.get_entry(id_, **kwargs) @@ -391,16 +278,10 @@ def _update_mobile_attr(): _update_mobile_attr() def update_scim_scopes_entries(self): - kwargs = {} - # add jansAttrs to SCIM users.read and users.write scopes for id_ in [JANS_SCIM_USERS_READ_SCOPE_DN, JANS_SCIM_USERS_WRITE_SCOPE_DN]: - if self.backend.type == "sql": - kwargs = {"table_name": "jansScope"} - id_ = doc_id_from_dn(id_) - elif self.backend.type == "couchbase": - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - id_ = id_from_dn(id_) + kwargs = {"table_name": "jansScope"} + id_ = doc_id_from_dn(id_) entry = self.backend.get_entry(id_, **kwargs) @@ -412,15 +293,8 @@ def update_scim_scopes_entries(self): self.backend.modify_entry(entry.id, entry.attrs, **kwargs) def update_scopes_entries(self): - kwargs = {} - id_ = JANS_PROFILE_SCOPE_DN - - if self.backend.type == "sql": - kwargs = {"table_name": "jansScope"} - id_ = doc_id_from_dn(id_) - elif self.backend.type == "couchbase": - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - id_ = id_from_dn(id_) + kwargs = {"table_name": "jansScope"} + id_ = doc_id_from_dn(JANS_PROFILE_SCOPE_DN) entry = self.backend.get_entry(id_, **kwargs) @@ -434,16 +308,8 @@ def update_scopes_entries(self): def update_people_entries(self): admin_inum = self.manager.config.get("admin_inum") - id_ = f"inum={admin_inum},ou=people,o=jans" - kwargs = {} - - if self.user_backend.type == "sql": - id_ = doc_id_from_dn(id_) - kwargs = {"table_name": "jansPerson"} - elif self.user_backend.type == "couchbase": - id_ = id_from_dn(id_) - bucket = os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans") - kwargs = {"bucket": f"{bucket}_user"} + id_ = doc_id_from_dn(f"inum={admin_inum},ou=people,o=jans") + kwargs = {"table_name": "jansPerson"} entry = self.user_backend.get_entry(id_, **kwargs) @@ -479,21 +345,14 @@ def update_people_entries(self): def update_clients_entries(self): # modify introspection script for token server client def _update_token_server_client(): - kwargs = {} + kwargs = {"table_name": "jansClnt"} token_server_admin_ui_client_id = self.manager.config.get("token_server_admin_ui_client_id") # admin-ui is not available if not token_server_admin_ui_client_id: return - id_ = f"inum={token_server_admin_ui_client_id},ou=clients,o=jans" - - if self.backend.type == "sql": - kwargs = {"table_name": "jansClnt"} - id_ = doc_id_from_dn(id_) - elif self.backend.type == "couchbase": - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - id_ = id_from_dn(id_) + id_ = doc_id_from_dn(f"inum={token_server_admin_ui_client_id},ou=clients,o=jans") entry = self.backend.get_entry(id_, **kwargs) @@ -508,15 +367,8 @@ def _update_token_server_client(): _update_token_server_client() def update_admin_ui_config(self): - kwargs = {} - id_ = "ou=admin-ui,ou=configuration,o=jans" - - if self.backend.type == "sql": - kwargs = {"table_name": "jansAppConf"} - id_ = doc_id_from_dn(id_) - elif self.backend.type == "couchbase": - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - id_ = id_from_dn(id_) + kwargs = {"table_name": "jansAppConf"} + id_ = doc_id_from_dn("ou=admin-ui,ou=configuration,o=jans") entry = self.backend.get_entry(id_, **kwargs) @@ -547,23 +399,15 @@ def update_admin_ui_config(self): self.backend.modify_entry(entry.id, entry.attrs, **kwargs) def update_auth_errors_config(self): - kwargs = {} - id_ = JANS_AUTH_CONFIG_DN - - if self.backend.type == "sql": - kwargs = {"table_name": "jansAppConf"} - id_ = doc_id_from_dn(id_) - elif self.backend.type == "couchbase": - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - id_ = id_from_dn(id_) + kwargs = {"table_name": "jansAppConf"} + id_ = doc_id_from_dn(JANS_AUTH_CONFIG_DN) entry = self.backend.get_entry(id_, **kwargs) if not entry: return - if self.backend.type != "couchbase": - entry.attrs["jansConfErrors"] = json.loads(entry.attrs["jansConfErrors"]) + entry.attrs["jansConfErrors"] = json.loads(entry.attrs["jansConfErrors"]) should_update = False @@ -576,30 +420,20 @@ def update_auth_errors_config(self): should_update = True if should_update: - if self.backend.type != "couchbase": - entry.attrs["jansConfErrors"] = json.dumps(entry.attrs["jansConfErrors"]) - + entry.attrs["jansConfErrors"] = json.dumps(entry.attrs["jansConfErrors"]) entry.attrs["jansRevision"] += 1 self.backend.modify_entry(entry.id, entry.attrs, **kwargs) def update_auth_static_config(self): - kwargs = {} - id_ = JANS_AUTH_CONFIG_DN - - if self.backend.type == "sql": - kwargs = {"table_name": "jansAppConf"} - id_ = doc_id_from_dn(id_) - elif self.backend.type == "couchbase": - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - id_ = id_from_dn(id_) + kwargs = {"table_name": "jansAppConf"} + id_ = doc_id_from_dn(JANS_AUTH_CONFIG_DN) entry = self.backend.get_entry(id_, **kwargs) if not entry: return - if self.backend.type != "couchbase": - entry.attrs["jansConfStatic"] = json.loads(entry.attrs["jansConfStatic"]) + entry.attrs["jansConfStatic"] = json.loads(entry.attrs["jansConfStatic"]) should_update = False @@ -612,23 +446,14 @@ def update_auth_static_config(self): should_update = True if should_update: - if self.backend.type != "couchbase": - entry.attrs["jansConfStatic"] = json.dumps(entry.attrs["jansConfStatic"]) - + entry.attrs["jansConfStatic"] = json.dumps(entry.attrs["jansConfStatic"]) entry.attrs["jansRevision"] += 1 self.backend.modify_entry(entry.id, entry.attrs, **kwargs) def update_tui_client(self): - kwargs = {} + kwargs = {"table_name": "jansClnt"} tui_client_id = self.manager.config.get("tui_client_id") - id_ = f"inum={tui_client_id},ou=clients,o=jans" - - if self.backend.type == "sql": - kwargs = {"table_name": "jansClnt"} - id_ = doc_id_from_dn(id_) - elif self.backend.type == "couchbase": - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - id_ = id_from_dn(id_) + id_ = doc_id_from_dn(f"inum={tui_client_id},ou=clients,o=jans") entry = self.backend.get_entry(id_, **kwargs) @@ -670,15 +495,8 @@ def update_tui_client(self): self.backend.modify_entry(entry.id, entry.attrs, **kwargs) def update_config(self): - kwargs = {} - id_ = "ou=configuration,o=jans" - - if self.backend.type == "sql": - kwargs = {"table_name": "jansAppConf"} - id_ = doc_id_from_dn(id_) - elif self.backend.type == "couchbase": - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - id_ = id_from_dn(id_) + kwargs = {"table_name": "jansAppConf"} + id_ = doc_id_from_dn("ou=configuration,o=jans") entry = self.backend.get_entry(id_, **kwargs) @@ -751,10 +569,8 @@ def update_config(self): should_update = True if should_update: - if self.backend.type != "couchbase": - entry.attrs["jansMessageConf"] = json.dumps(entry.attrs["jansMessageConf"]) - entry.attrs["jansDocStoreConf"] = json.dumps(entry.attrs["jansDocStoreConf"]) - + entry.attrs["jansMessageConf"] = json.dumps(entry.attrs["jansMessageConf"]) + entry.attrs["jansDocStoreConf"] = json.dumps(entry.attrs["jansDocStoreConf"]) revision = entry.attrs.get("jansRevision") or 1 entry.attrs["jansRevision"] = revision + 1 self.backend.modify_entry(entry.id, entry.attrs, **kwargs) diff --git a/docker-jans-saml/Dockerfile b/docker-jans-saml/Dockerfile index 84d6b27dc2c..3e73449dca6 100644 --- a/docker-jans-saml/Dockerfile +++ b/docker-jans-saml/Dockerfile @@ -35,7 +35,7 @@ RUN wget -q https://jenkins.jans.io/maven/io/jans/kc-jans-spi/${CN_VERSION}/kc-j # Assets sync # =========== -ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 +ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) @@ -129,18 +129,7 @@ ENV CN_SECRET_ADAPTER=vault \ # =============== ENV CN_PERSISTENCE_TYPE=sql \ - CN_HYBRID_MAPPING="{}" \ - CN_COUCHBASE_URL=localhost \ - CN_COUCHBASE_USER=admin \ - CN_COUCHBASE_CERT_FILE=/etc/certs/couchbase.crt \ - CN_COUCHBASE_PASSWORD_FILE=/etc/jans/conf/couchbase_password \ - CN_COUCHBASE_CONN_TIMEOUT=10000 \ - CN_COUCHBASE_CONN_MAX_WAIT=20000 \ - CN_COUCHBASE_SCAN_CONSISTENCY=not_bounded \ - CN_COUCHBASE_BUCKET_PREFIX=jans \ - CN_COUCHBASE_TRUSTSTORE_ENABLE=true \ - CN_COUCHBASE_KEEPALIVE_INTERVAL=30000 \ - CN_COUCHBASE_KEEPALIVE_TIMEOUT=2500 + CN_HYBRID_MAPPING="{}" # =========== # Generic ENV diff --git a/docker-jans-saml/README.md b/docker-jans-saml/README.md index 5d17c69ccda..a1431b5b2f8 100644 --- a/docker-jans-saml/README.md +++ b/docker-jans-saml/README.md @@ -49,19 +49,8 @@ The following environment variables are supported by the container: - `CN_WAIT_MAX_TIME`: How long the startup "health checks" should run (default to `300` seconds). - `CN_WAIT_SLEEP_DURATION`: Delay between startup "health checks" (default to `10` seconds). - `CN_MAX_RAM_PERCENTAGE`: Value passed to Java option `-XX:MaxRAMPercentage`. -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql` or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. -- `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`). -- `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`). -- `CN_COUCHBASE_CERT_FILE`: Couchbase root certificate location (default to `/etc/certs/couchbase.crt`). -- `CN_COUCHBASE_PASSWORD_FILE`: Path to file contains Couchbase password (default to `/etc/jans/conf/couchbase_password`). -- `CN_COUCHBASE_CONN_TIMEOUT`: Connect timeout used when a bucket is opened (default to `10000` milliseconds). -- `CN_COUCHBASE_CONN_MAX_WAIT`: Maximum time to wait before retrying connection (default to `20000` milliseconds). -- `CN_COUCHBASE_SCAN_CONSISTENCY`: Default scan consistency; one of `not_bounded`, `request_plus`, or `statement_plus` (default to `not_bounded`). -- `CN_COUCHBASE_BUCKET_PREFIX`: Prefix for Couchbase buckets (default to `jans`). -- `CN_COUCHBASE_TRUSTSTORE_ENABLE`: Enable truststore for encrypted Couchbase connection (default to `true`). -- `CN_COUCHBASE_KEEPALIVE_INTERVAL`: Keep-alive interval for Couchbase connection (default to `30000` milliseconds). -- `CN_COUCHBASE_KEEPALIVE_TIMEOUT`: Keep-alive timeout for Couchbase connection (default to `2500` milliseconds). - `CN_SAML_JAVA_OPTIONS`: Java options passed to entrypoint, i.e. `-Xmx1024m` (default to empty-string). - `CN_SAML_KC_ADMIN_CREDENTIALS_FILE`: File contains credentials for Keycloak admin user. - `CN_SAML_KC_DB_PASSWORD_FILE`: File contains password for database access. @@ -98,12 +87,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -115,7 +104,7 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c "user": "sql", "site": "sql", "cache": "sql", - "token": "couchbase", + "token": "sql", "session": "sql", } ``` diff --git a/docker-jans-saml/scripts/bootstrap.py b/docker-jans-saml/scripts/bootstrap.py index f4c1618ffa0..e900bf2c921 100644 --- a/docker-jans-saml/scripts/bootstrap.py +++ b/docker-jans-saml/scripts/bootstrap.py @@ -15,11 +15,6 @@ from jans.pycloudlib import get_manager from jans.pycloudlib import wait_for_persistence -from jans.pycloudlib.persistence.couchbase import CouchbaseClient -from jans.pycloudlib.persistence.couchbase import render_couchbase_properties -from jans.pycloudlib.persistence.couchbase import sync_couchbase_cert -from jans.pycloudlib.persistence.couchbase import sync_couchbase_password -from jans.pycloudlib.persistence.couchbase import sync_couchbase_truststore from jans.pycloudlib.persistence.hybrid import render_hybrid_properties from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.sql import render_sql_properties @@ -83,19 +78,6 @@ def main(): if not os.path.exists(hybrid_prop): render_hybrid_properties(hybrid_prop) - if "couchbase" in persistence_groups: - sync_couchbase_password(manager) - render_couchbase_properties( - manager, - "/app/templates/jans-couchbase.properties", - "/etc/jans/conf/jans-couchbase.properties", - ) - - if as_boolean(os.environ.get("CN_COUCHBASE_TRUSTSTORE_ENABLE", "true")): - sync_couchbase_cert(manager) - sync_couchbase_truststore(manager) - extract_common_libs("couchbase") - if "sql" in persistence_groups: sync_sql_password(manager) db_dialect = os.environ.get("CN_SQL_DB_DIALECT", "mysql") @@ -125,7 +107,6 @@ def __init__(self, manager: Manager) -> None: self.manager = manager client_classes = { - "couchbase": CouchbaseClient, "sql": SqlClient, } diff --git a/docker-jans-saml/scripts/upgrade.py b/docker-jans-saml/scripts/upgrade.py index 9d1dcc8552a..2a7bf5c3ff0 100644 --- a/docker-jans-saml/scripts/upgrade.py +++ b/docker-jans-saml/scripts/upgrade.py @@ -6,8 +6,6 @@ from collections import namedtuple from jans.pycloudlib import get_manager -from jans.pycloudlib.persistence.couchbase import CouchbaseClient -from jans.pycloudlib.persistence.couchbase import id_from_dn from jans.pycloudlib.persistence.sql import doc_id_from_dn from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.utils import PersistenceMapper @@ -93,59 +91,8 @@ def modify_entry(self, key, attrs=None, **kwargs): return self.client.update(table_name, key, attrs), "" -class CouchbaseBackend: - def __init__(self, manager): - self.manager = manager - self.client = CouchbaseClient(manager) - self.type = "couchbase" - - def get_entry(self, key, filter_="", attrs=None, **kwargs): - bucket = kwargs.get("bucket") - req = self.client.exec_query( - f"SELECT META().id, {bucket}.* FROM {bucket} USE KEYS '{key}'" # nosec: B608 - ) - if not req.ok: - return None - - try: - _attrs = req.json()["results"][0] - id_ = _attrs.pop("id") - entry = Entry(id_, _attrs) - except IndexError: - entry = None - return entry - - def modify_entry(self, key, attrs=None, **kwargs): - bucket = kwargs.get("bucket") - del_flag = kwargs.get("delete_attr", False) - attrs = attrs or {} - - if del_flag: - kv = ",".join(attrs.keys()) - mod_kv = f"UNSET {kv}" - else: - kv = ",".join([ - "{}={}".format(k, json.dumps(v)) - for k, v in attrs.items() - ]) - mod_kv = f"SET {kv}" - - query = f"UPDATE {bucket} USE KEYS '{key}' {mod_kv}" - req = self.client.exec_query(query) - - if req.ok: - resp = req.json() - status = bool(resp["status"] == "success") - message = resp["status"] - else: - status = False - message = req.text or req.reason - return status, message - - BACKEND_CLASSES = { "sql": SQLBackend, - "couchbase": CouchbaseBackend, } @@ -163,31 +110,21 @@ def invoke(self): self.update_saml_dynamic_config() def update_saml_dynamic_config(self): - kwargs = {} - id_ = "ou=jans-saml,ou=configuration,o=jans" - - if self.backend.type == "sql": - kwargs = {"table_name": "jansAppConf"} - id_ = doc_id_from_dn(id_) - else: # likely - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - id_ = id_from_dn(id_) + kwargs = {"table_name": "jansAppConf"} + id_ = doc_id_from_dn("ou=jans-saml,ou=configuration,o=jans") entry = self.backend.get_entry(id_, **kwargs) if not entry: return - if self.backend.type != "couchbase": - with contextlib.suppress(json.decoder.JSONDecodeError): - entry.attrs["jansConfDyn"] = json.loads(entry.attrs["jansConfDyn"]) + with contextlib.suppress(json.decoder.JSONDecodeError): + entry.attrs["jansConfDyn"] = json.loads(entry.attrs["jansConfDyn"]) conf, should_update = _transform_saml_dynamic_config(entry.attrs["jansConfDyn"]) if should_update: - if self.backend.type != "couchbase": - entry.attrs["jansConfDyn"] = json.dumps(conf) - + entry.attrs["jansConfDyn"] = json.dumps(conf) entry.attrs["jansRevision"] += 1 self.backend.modify_entry(entry.id, entry.attrs, **kwargs) diff --git a/docker-jans-saml/templates/jans-couchbase.properties b/docker-jans-saml/templates/jans-couchbase.properties deleted file mode 100644 index 5688c21b824..00000000000 --- a/docker-jans-saml/templates/jans-couchbase.properties +++ /dev/null @@ -1,68 +0,0 @@ -servers: %(hostname)s - -# Waits specified number of seconds until SDK bootstrap is complete and the desired ClusterState is observed -# Default waitUntilReady is -1 which means that it's turned off -connection.wait-until-ready-time: -1 - -# The connect timeout is used when a Bucket is opened. -# If you feel the urge to change this value to something higher, there is a good chance that your network is not properly set up. -# Connecting to the server should in practice not take longer than a second on a reasonably fast network. -# Default SDK connectTimeout is 10s -connection.connect-timeout: %(couchbase_conn_timeout)s - -# Enable/disable DNS SRV lookup for the bootstrap nodes -# Default dnsSrvEnabled is true -connection.dns.use-lookup: false - -# Key/value timeout -# Default SDK kvTimeout is 2500ms -connection.kv-timeout: 5000 - -# Query timeout -# Default SDK queryTimeout is 75s -connection.query-timeout: 75000 - -# Configures whether mutation tokens will be returned from the server for all mutation operations -# Default mutationTokensEnabled is true -# connection.mutation-tokens-enabled: false - -# At startup when connection error is occurred persistence layer can make another attempt to open buckets. -# Before make next try it pause process for 5 second. If after that total connection time is less than specified -# in property above new attempt will be executed -connection.connection-max-wait-time: %(couchbase_conn_max_wait)s - -# Default scan consistency. Possible values are: not_bounded, request_plus, statement_plus -connection.scan-consistency: %(couchbase_scan_consistency)s - -# Disable scan consistency in queries. Default value: false -# connection.ignore-attribute-scan-consistency: true - -# Try to execute query with scan consitency specified in connection.scan-consistency first. -# On failure execute query again with scan consistency specified in attributes defintions. Default value: true -# connection.attempt-without-attribute-scan-consistency: false - -# Enable scopes support. Default value: false -# connection.enable-scope-support: true - -# Disable mapping to short attribute names. Default value: false -# connection.disable-attribute-mapping: true - -auth.userName: %(couchbase_server_user)s -auth.userPassword: %(encoded_couchbase_server_pw)s - -buckets: %(couchbase_buckets)s - -bucket.default: %(default_bucket)s -%(couchbase_mappings)s - -password.encryption.method: %(encryption_method)s - -ssl.trustStore.enable: %(ssl_enabled)s -ssl.trustStore.file: %(couchbaseTrustStoreFn)s -ssl.trustStore.pin: %(encoded_couchbaseTrustStorePass)s -ssl.trustStore.type: pkcs12 - -tls.enable: false - -binaryAttributes=objectGUID -certificateAttributes=userCertificate diff --git a/docker-jans-scim/Dockerfile b/docker-jans-scim/Dockerfile index 1c86ef9a738..6be9610c947 100644 --- a/docker-jans-scim/Dockerfile +++ b/docker-jans-scim/Dockerfile @@ -60,7 +60,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-scim/webapps \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=6e00e723a99d700a4f82713b0c25b2d6e3ef5775 +ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup ARG JANS_SCIM_RESOURCE_DIR=jans-scim/server/src/main/resources @@ -169,18 +169,7 @@ ENV CN_SECRET_ADAPTER=vault \ # =============== ENV CN_PERSISTENCE_TYPE=sql \ - CN_HYBRID_MAPPING="{}" \ - CN_COUCHBASE_URL=localhost \ - CN_COUCHBASE_USER=admin \ - CN_COUCHBASE_CERT_FILE=/etc/certs/couchbase.crt \ - CN_COUCHBASE_PASSWORD_FILE=/etc/jans/conf/couchbase_password \ - CN_COUCHBASE_CONN_TIMEOUT=10000 \ - CN_COUCHBASE_CONN_MAX_WAIT=20000 \ - CN_COUCHBASE_SCAN_CONSISTENCY=not_bounded \ - CN_COUCHBASE_BUCKET_PREFIX=jans \ - CN_COUCHBASE_TRUSTSTORE_ENABLE=true \ - CN_COUCHBASE_KEEPALIVE_INTERVAL=30000 \ - CN_COUCHBASE_KEEPALIVE_TIMEOUT=2500 + CN_HYBRID_MAPPING="{}" # =========== # Generic ENV @@ -219,7 +208,7 @@ LABEL org.opencontainers.image.url="ghcr.io/janssenproject/jans/scim" \ RUN mkdir -p /etc/certs \ ${JETTY_BASE}/jans-scim/logs \ ${JETTY_BASE}/jans-scim/custom/libs \ - ${JETTY_BASE}/common/libs/couchbase \ + ${JETTY_BASE}/common/libs \ ${JETTY_HOME}/temp \ /usr/share/java diff --git a/docker-jans-scim/README.md b/docker-jans-scim/README.md index a57076e14c5..b7b171e69b3 100644 --- a/docker-jans-scim/README.md +++ b/docker-jans-scim/README.md @@ -49,19 +49,8 @@ The following environment variables are supported by the container: - `CN_WAIT_MAX_TIME`: How long the startup "health checks" should run (default to `300` seconds). - `CN_WAIT_SLEEP_DURATION`: Delay between startup "health checks" (default to `10` seconds). - `CN_MAX_RAM_PERCENTAGE`: Value passed to Java option `-XX:MaxRAMPercentage`. -- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql`, `couchbase`, or `hybrid`; default to `sql`). +- `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `sql` or `hybrid`; default to `sql`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. -- `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`). -- `CN_COUCHBASE_USER`: Username of Couchbase server (default to `admin`). -- `CN_COUCHBASE_CERT_FILE`: Couchbase root certificate location (default to `/etc/certs/couchbase.crt`). -- `CN_COUCHBASE_PASSWORD_FILE`: Path to file contains Couchbase password (default to `/etc/jans/conf/couchbase_password`). -- `CN_COUCHBASE_CONN_TIMEOUT`: Connect timeout used when a bucket is opened (default to `10000` milliseconds). -- `CN_COUCHBASE_CONN_MAX_WAIT`: Maximum time to wait before retrying connection (default to `20000` milliseconds). -- `CN_COUCHBASE_SCAN_CONSISTENCY`: Default scan consistency; one of `not_bounded`, `request_plus`, or `statement_plus` (default to `not_bounded`). -- `CN_COUCHBASE_BUCKET_PREFIX`: Prefix for Couchbase buckets (default to `jans`). -- `CN_COUCHBASE_TRUSTSTORE_ENABLE`: Enable truststore for encrypted Couchbase connection (default to `true`). -- `CN_COUCHBASE_KEEPALIVE_INTERVAL`: Keep-alive interval for Couchbase connection (default to `30000` milliseconds). -- `CN_COUCHBASE_KEEPALIVE_TIMEOUT`: Keep-alive timeout for Couchbase connection (default to `2500` milliseconds). - `CN_SCIM_JAVA_OPTIONS`: Java options passed to entrypoint, i.e. `-Xmx1024m` (default to empty-string). - `GOOGLE_APPLICATION_CREDENTIALS`: Optional JSON file (contains Google credentials) that can be injected into container for authentication. Refer to https://cloud.google.com/docs/authentication/provide-credentials-adc#how-to for supported credentials. - `GOOGLE_PROJECT_ID`: ID of Google project. @@ -135,12 +124,12 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c ``` { - "default": "", - "user": "", - "site": "", - "cache": "", - "token": "", - "session": "", + "default": "", + "user": "", + "site": "", + "cache": "", + "token": "", + "session": "", } ``` @@ -152,7 +141,7 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c "user": "sql", "site": "sql", "cache": "sql", - "token": "couchbase", + "token": "sql", "session": "sql", } ``` diff --git a/docker-jans-scim/scripts/bootstrap.py b/docker-jans-scim/scripts/bootstrap.py index 6b1bd6fdb28..029d71ca2e0 100644 --- a/docker-jans-scim/scripts/bootstrap.py +++ b/docker-jans-scim/scripts/bootstrap.py @@ -12,11 +12,6 @@ from jans.pycloudlib import get_manager from jans.pycloudlib import wait_for_persistence -from jans.pycloudlib.persistence.couchbase import CouchbaseClient -from jans.pycloudlib.persistence.couchbase import render_couchbase_properties -from jans.pycloudlib.persistence.couchbase import sync_couchbase_cert -from jans.pycloudlib.persistence.couchbase import sync_couchbase_password -from jans.pycloudlib.persistence.couchbase import sync_couchbase_truststore from jans.pycloudlib.persistence.hybrid import render_hybrid_properties from jans.pycloudlib.persistence.sql import render_sql_properties from jans.pycloudlib.persistence.sql import SqlClient @@ -61,18 +56,6 @@ def main(): if not os.path.exists(hybrid_prop): render_hybrid_properties(hybrid_prop) - if "couchbase" in persistence_groups: - sync_couchbase_password(manager) - render_couchbase_properties( - manager, - "/app/templates/jans-couchbase.properties", - "/etc/jans/conf/jans-couchbase.properties", - ) - - if as_boolean(os.environ.get("CN_COUCHBASE_TRUSTSTORE_ENABLE", "true")): - sync_couchbase_cert(manager) - sync_couchbase_truststore(manager) - if "sql" in persistence_groups: sync_sql_password(manager) db_dialect = os.environ.get("CN_SQL_DB_DIALECT", "mysql") @@ -185,7 +168,6 @@ def __init__(self, manager: Manager) -> None: self.manager = manager client_classes = { - "couchbase": CouchbaseClient, "sql": SqlClient, } @@ -255,14 +237,6 @@ def get_scope_jans_ids(self): entries = self.client.search("jansScope", ["jansId"]) return [entry["jansId"] for entry in entries] - # likely couchbase - bucket = os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans") - req = self.client.exec_query( - f"SELECT {bucket}.jansId FROM {bucket} WHERE objectClass = 'jansScope'", - ) - results = req.json()["results"] - return [item["jansId"] for item in results] - def generate_scopes_ldif(self): # jansId to compare to existing_jans_ids = self.get_scope_jans_ids() diff --git a/docker-jans-scim/scripts/mod_context.py b/docker-jans-scim/scripts/mod_context.py index 2fc8c7e11ca..432b5b2bb8d 100644 --- a/docker-jans-scim/scripts/mod_context.py +++ b/docker-jans-scim/scripts/mod_context.py @@ -87,13 +87,6 @@ def modify_app_xml(app_name): mapper = PersistenceMapper() persistence_groups = mapper.groups().keys() - for persistence_type in ["couchbase"]: - if persistence_type not in persistence_groups: - continue - - extract_common_libs(persistence_type) - custom_libs += get_registered_common_libs(app_name, persistence_type) - # render custom xml fn = f"/opt/jans/jetty/{app_name}/webapps/{app_name}.xml" diff --git a/docker-jans-scim/scripts/upgrade.py b/docker-jans-scim/scripts/upgrade.py index e1a968fba5a..d608eb543b0 100644 --- a/docker-jans-scim/scripts/upgrade.py +++ b/docker-jans-scim/scripts/upgrade.py @@ -5,8 +5,6 @@ from collections import namedtuple from jans.pycloudlib import get_manager -from jans.pycloudlib.persistence.couchbase import CouchbaseClient -from jans.pycloudlib.persistence.couchbase import id_from_dn from jans.pycloudlib.persistence.sql import doc_id_from_dn from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.utils import PersistenceMapper @@ -48,73 +46,8 @@ def search_entries(self, key, filter_="", attrs=None, **kwargs): ] -class CouchbaseBackend: - def __init__(self, manager): - self.manager = manager - self.client = CouchbaseClient(manager) - self.type = "couchbase" - - def get_entry(self, key, filter_="", attrs=None, **kwargs): - bucket = kwargs.get("bucket") - req = self.client.exec_query( - f"SELECT META().id, {bucket}.* FROM {bucket} USE KEYS '{key}'" # nosec: B608 - ) - if not req.ok: - return None - - try: - _attrs = req.json()["results"][0] - id_ = _attrs.pop("id") - entry = Entry(id_, _attrs) - except IndexError: - entry = None - return entry - - def modify_entry(self, key, attrs=None, **kwargs): - bucket = kwargs.get("bucket") - del_flag = kwargs.get("delete_attr", False) - attrs = attrs or {} - - if del_flag: - kv = ",".join(attrs.keys()) - mod_kv = f"UNSET {kv}" - else: - kv = ",".join([ - "{}={}".format(k, json.dumps(v)) - for k, v in attrs.items() - ]) - mod_kv = f"SET {kv}" - - query = f"UPDATE {bucket} USE KEYS '{key}' {mod_kv}" - req = self.client.exec_query(query) - - if req.ok: - resp = req.json() - status = bool(resp["status"] == "success") - message = resp["status"] - else: - status = False - message = req.text or req.reason - return status, message - - def search_entries(self, key, filter_="", attrs=None, **kwargs): - bucket = kwargs.get("bucket") - req = self.client.exec_query( - f"SELECT META().id, {bucket}.* FROM {bucket} {filter_}" # nosec: B608 - ) - if not req.ok: - return [] - - entries = [] - for item in req.json()["results"]: - id_ = item.pop("id") - entries.append(Entry(id_, item)) - return entries - - BACKEND_CLASSES = { "sql": SQLBackend, - "couchbase": CouchbaseBackend, } @@ -133,14 +66,8 @@ def invoke(self): self.update_scim_dynamic_config() def get_all_scopes(self): - if self.backend.type == "sql": - kwargs = {"table_name": "jansScope"} - entries = self.backend.search_entries(None, **kwargs) - else: # likely couchbase - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - entries = self.backend.search_entries( - None, filter_="WHERE objectClass = 'jansScope'", **kwargs - ) + kwargs = {"table_name": "jansScope"} + entries = self.backend.search_entries(None, **kwargs) return { entry.attrs["jansId"]: entry.attrs.get("dn") or entry.id @@ -148,16 +75,9 @@ def get_all_scopes(self): } def update_client_scopes(self): - kwargs = {} + kwargs = {"table_name": "jansClnt"} client_id = self.manager.config.get("scim_client_id") - id_ = f"inum={client_id},ou=clients,o=jans" - - if self.backend.type == "sql": - kwargs = {"table_name": "jansClnt"} - id_ = doc_id_from_dn(id_) - else: # likely couchbase - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - id_ = id_from_dn(id_) + id_ = doc_id_from_dn(f"inum={client_id},ou=clients,o=jans") entry = self.backend.get_entry(id_, **kwargs) @@ -196,31 +116,21 @@ def update_client_scopes(self): self.backend.modify_entry(entry.id, entry.attrs, **kwargs) def update_scim_dynamic_config(self): - kwargs = {} - id_ = "ou=jans-scim,ou=configuration,o=jans" - - if self.backend.type == "sql": - kwargs = {"table_name": "jansAppConf"} - id_ = doc_id_from_dn(id_) - elif self.backend.type == "couchbase": - kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")} - id_ = id_from_dn(id_) + kwargs = {"table_name": "jansAppConf"} + id_ = doc_id_from_dn("ou=jans-scim,ou=configuration,o=jans") entry = self.backend.get_entry(id_, **kwargs) if not entry: return - if self.backend.type != "couchbase": - with contextlib.suppress(json.decoder.JSONDecodeError): - entry.attrs["jansConfDyn"] = json.loads(entry.attrs["jansConfDyn"]) + with contextlib.suppress(json.decoder.JSONDecodeError): + entry.attrs["jansConfDyn"] = json.loads(entry.attrs["jansConfDyn"]) conf, should_update = _transform_scim_dynamic_config(entry.attrs["jansConfDyn"]) if should_update: - if self.backend.type != "couchbase": - entry.attrs["jansConfDyn"] = json.dumps(conf) - + entry.attrs["jansConfDyn"] = json.dumps(conf) entry.attrs["jansRevision"] += 1 self.backend.modify_entry(entry.id, entry.attrs, **kwargs) diff --git a/docker-jans-scim/templates/jans-couchbase.properties b/docker-jans-scim/templates/jans-couchbase.properties deleted file mode 100644 index 5688c21b824..00000000000 --- a/docker-jans-scim/templates/jans-couchbase.properties +++ /dev/null @@ -1,68 +0,0 @@ -servers: %(hostname)s - -# Waits specified number of seconds until SDK bootstrap is complete and the desired ClusterState is observed -# Default waitUntilReady is -1 which means that it's turned off -connection.wait-until-ready-time: -1 - -# The connect timeout is used when a Bucket is opened. -# If you feel the urge to change this value to something higher, there is a good chance that your network is not properly set up. -# Connecting to the server should in practice not take longer than a second on a reasonably fast network. -# Default SDK connectTimeout is 10s -connection.connect-timeout: %(couchbase_conn_timeout)s - -# Enable/disable DNS SRV lookup for the bootstrap nodes -# Default dnsSrvEnabled is true -connection.dns.use-lookup: false - -# Key/value timeout -# Default SDK kvTimeout is 2500ms -connection.kv-timeout: 5000 - -# Query timeout -# Default SDK queryTimeout is 75s -connection.query-timeout: 75000 - -# Configures whether mutation tokens will be returned from the server for all mutation operations -# Default mutationTokensEnabled is true -# connection.mutation-tokens-enabled: false - -# At startup when connection error is occurred persistence layer can make another attempt to open buckets. -# Before make next try it pause process for 5 second. If after that total connection time is less than specified -# in property above new attempt will be executed -connection.connection-max-wait-time: %(couchbase_conn_max_wait)s - -# Default scan consistency. Possible values are: not_bounded, request_plus, statement_plus -connection.scan-consistency: %(couchbase_scan_consistency)s - -# Disable scan consistency in queries. Default value: false -# connection.ignore-attribute-scan-consistency: true - -# Try to execute query with scan consitency specified in connection.scan-consistency first. -# On failure execute query again with scan consistency specified in attributes defintions. Default value: true -# connection.attempt-without-attribute-scan-consistency: false - -# Enable scopes support. Default value: false -# connection.enable-scope-support: true - -# Disable mapping to short attribute names. Default value: false -# connection.disable-attribute-mapping: true - -auth.userName: %(couchbase_server_user)s -auth.userPassword: %(encoded_couchbase_server_pw)s - -buckets: %(couchbase_buckets)s - -bucket.default: %(default_bucket)s -%(couchbase_mappings)s - -password.encryption.method: %(encryption_method)s - -ssl.trustStore.enable: %(ssl_enabled)s -ssl.trustStore.file: %(couchbaseTrustStoreFn)s -ssl.trustStore.pin: %(encoded_couchbaseTrustStorePass)s -ssl.trustStore.type: pkcs12 - -tls.enable: false - -binaryAttributes=objectGUID -certificateAttributes=userCertificate diff --git a/docker-jans-scim/templates/jans-scim/log4j2.xml b/docker-jans-scim/templates/jans-scim/log4j2.xml index 7e2b1cc2b08..79800f7180b 100644 --- a/docker-jans-scim/templates/jans-scim/log4j2.xml +++ b/docker-jans-scim/templates/jans-scim/log4j2.xml @@ -59,16 +59,6 @@ - - -persistence - - - - - -persistence-duration - - - -persistence-duration