refactor(cloud-native): remove self-mounted password files for lockin…

…g and persistence (#10381)

* refactor(cloud-native): remove self-mounted password files for locking and persistence

Signed-off-by: iromli <[email protected]>

* refactor(docker-jans-saml): remove temporary kc_admin_creds file

Signed-off-by: iromli <[email protected]>

* chore(cloud-native): update JANS_SOURCE_VERSION

Signed-off-by: iromli <[email protected]>

---------

Signed-off-by: iromli <[email protected]>
Co-authored-by: Mohammad Abudayyeh <[email protected]>

docker-jans-all-in-one/Dockerfile

@@ -58,7 +58,7 @@ RUN apk update \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=26713a82b14a67d5e65b9a7e72d6f1403314f679
+ENV JANS_SOURCE_VERSION=39e74a153edf01db8ab43be81f5585bc4210818d
 
 # note that as we're pulling from a monorepo (with multiple project in it)
 # we are using partial-clone and sparse-checkout to get the assets

docker-jans-auth-server/Dockerfile

@@ -103,7 +103,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-auth/agama/fl \
     /app/static/rdbm \
     /app/schema
 
-ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3
+ENV JANS_SOURCE_VERSION=39e74a153edf01db8ab43be81f5585bc4210818d
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 
 # note that as we're pulling from a monorepo (with multiple project in it)

docker-jans-auth-server/scripts/auth_conf.py

@@ -39,5 +39,5 @@ def digest_equals(val1: str, val2: str) -> bool:
     if as_boolean(os.environ.get("CN_SHARE_AUTH_CONF", "false")):
         manager = get_manager()
 
-        with manager.lock.create_lock("auth-share-conf"):
+        with manager.create_lock("auth-share-conf"):
             push_auth_conf(manager)

docker-jans-auth-server/scripts/bootstrap.py

@@ -9,7 +9,6 @@
 from jans.pycloudlib import wait_for_persistence
 from jans.pycloudlib.persistence.hybrid import render_hybrid_properties
 from jans.pycloudlib.persistence.sql import render_sql_properties
-from jans.pycloudlib.persistence.sql import sync_sql_password
 from jans.pycloudlib.persistence.sql import override_simple_json_property
 from jans.pycloudlib.persistence.utils import render_base_properties
 from jans.pycloudlib.persistence.utils import render_salt
@@ -44,7 +43,6 @@ def main():
             render_hybrid_properties(hybrid_prop)
 
     if "sql" in persistence_groups:
-        sync_sql_password(manager)
         db_dialect = os.environ.get("CN_SQL_DB_DIALECT", "mysql")
         render_sql_properties(
             manager,
@@ -89,7 +87,7 @@ def main():
     if as_boolean(os.environ.get("CN_LOCK_ENABLED", "false")):
         configure_lock_logging()
 
-        with manager.lock.create_lock("lock-setup"):
+        with manager.create_lock("lock-setup"):
             persistence_setup = LockPersistenceSetup(manager)
             persistence_setup.import_ldif_files()
 

docker-jans-auth-server/scripts/upgrade.py

@@ -239,7 +239,7 @@ def update_lock_client_scopes(self):
 def main():  # noqa: D103
     manager = get_manager()
 
-    with manager.lock.create_lock("auth-upgrade"):
+    with manager.create_lock("auth-upgrade"):
         upgrade = Upgrade(manager)
         upgrade.invoke()
 

docker-jans-casa/Dockerfile

@@ -60,7 +60,7 @@ RUN mkdir -p /usr/share/java \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3
+ENV JANS_SOURCE_VERSION=39e74a153edf01db8ab43be81f5585bc4210818d
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 
 # note that as we're pulling from a monorepo (with multiple project in it)

docker-jans-casa/scripts/bootstrap.py

@@ -13,7 +13,6 @@
 from jans.pycloudlib.persistence.sql import doc_id_from_dn
 from jans.pycloudlib.persistence.sql import render_sql_properties
 from jans.pycloudlib.persistence.sql import SqlClient
-from jans.pycloudlib.persistence.sql import sync_sql_password
 from jans.pycloudlib.persistence.sql import override_simple_json_property
 from jans.pycloudlib.persistence.utils import PersistenceMapper
 from jans.pycloudlib.persistence.utils import render_base_properties
@@ -122,7 +121,6 @@ def main():
         render_hybrid_properties("/etc/jans/conf/jans-hybrid.properties")
 
     if "sql" in persistence_groups:
-        sync_sql_password(manager)
         db_dialect = os.environ.get("CN_SQL_DB_DIALECT", "mysql")
         render_sql_properties(
             manager,
@@ -150,7 +148,7 @@ def main():
 
     configure_logging()
 
-    with manager.lock.create_lock("casa-setup"):
+    with manager.create_lock("casa-setup"):
         persistence_setup = PersistenceSetup(manager)
         persistence_setup.import_ldif_files()
 

docker-jans-casa/scripts/upgrade.py

@@ -217,7 +217,7 @@ def update_agama_deployment(self):
 def main():
     manager = get_manager()
 
-    with manager.lock.create_lock("casa-upgrade"):
+    with manager.create_lock("casa-upgrade"):
         upgrade = Upgrade(manager)
         upgrade.invoke()
 

docker-jans-certmanager/Dockerfile

@@ -25,7 +25,7 @@ RUN wget -q ${CN_SOURCE_URL} -P /app/javalibs/
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3
+ENV JANS_SOURCE_VERSION=39e74a153edf01db8ab43be81f5585bc4210818d
 
 # note that as we're pulling from a monorepo (with multiple project in it)
 # we are using partial-clone and sparse-checkout to get the assets

docker-jans-certmanager/scripts/bootstrap.py

@@ -5,8 +5,6 @@
 import click
 
 from jans.pycloudlib import get_manager
-from jans.pycloudlib.persistence.sql import sync_sql_password
-from jans.pycloudlib.persistence.utils import PersistenceMapper
 
 from settings import LOGGING_CONFIG
 from auth_handler import AuthHandler
@@ -65,18 +63,11 @@ def patch(service, dry_run, opts):
     if dry_run:
         logger.warning("Dry-run mode is enabled!")
 
-    mapper = PersistenceMapper()
-    backend_type = mapper.mapping["default"]
-
-    match backend_type:
-        case "sql":
-            sync_sql_password(manager)
-
     logger.info(f"Processing updates for service {service}")
     parsed_opts = _parse_opts(opts)
     callback_cls = PATCH_SERVICE_MAP[service]
 
-    with manager.lock.create_lock(f"certmanager-patch-{service}"):
+    with manager.create_lock(f"certmanager-patch-{service}"):
         callback_cls(manager, dry_run, **parsed_opts).patch()
 
 
@@ -97,18 +88,11 @@ def prune(service, dry_run, opts):
     if dry_run:
         logger.warning("Dry-run mode is enabled!")
 
-    mapper = PersistenceMapper()
-    backend_type = mapper.mapping["default"]
-
-    match backend_type:
-        case "sql":
-            sync_sql_password(manager)
-
     logger.info(f"Processing updates for service {service}")
     parsed_opts = _parse_opts(opts)
     callback_cls = PRUNE_SERVICE_MAP[service]
 
-    with manager.lock.create_lock(f"certmanager-prune-{service}"):
+    with manager.create_lock(f"certmanager-prune-{service}"):
         callback_cls(manager, dry_run, **parsed_opts).prune()
 
 

docker-jans-config-api/Dockerfile

@@ -70,7 +70,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-config-api/_plugins \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=26713a82b14a67d5e65b9a7e72d6f1403314f679
+ENV JANS_SOURCE_VERSION=39e74a153edf01db8ab43be81f5585bc4210818d
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 ARG JANS_CONFIG_API_RESOURCES=jans-config-api/server/src/main/resources
 

docker-jans-config-api/scripts/bootstrap.py

@@ -15,7 +15,6 @@
 from jans.pycloudlib.persistence.sql import doc_id_from_dn
 from jans.pycloudlib.persistence.sql import SqlClient
 from jans.pycloudlib.persistence.sql import render_sql_properties
-from jans.pycloudlib.persistence.sql import sync_sql_password
 from jans.pycloudlib.persistence.sql import override_simple_json_property
 from jans.pycloudlib.persistence.utils import PersistenceMapper
 from jans.pycloudlib.persistence.utils import render_base_properties
@@ -52,7 +51,6 @@ def main():
             render_hybrid_properties(hybrid_prop)
 
     if "sql" in persistence_groups:
-        sync_sql_password(manager)
         db_dialect = os.environ.get("CN_SQL_DB_DIALECT", "mysql")
         render_sql_properties(
             manager,
@@ -80,7 +78,7 @@ def main():
 
     configure_logging()
 
-    with manager.lock.create_lock("config-api-setup"):
+    with manager.create_lock("config-api-setup"):
         persistence_setup = PersistenceSetup(manager)
         persistence_setup.import_ldif_files()
 

docker-jans-config-api/scripts/upgrade.py

@@ -392,7 +392,7 @@ def update_scope_creator_attrs(self):
 def main():
     manager = get_manager()
 
-    with manager.lock.create_lock("config-api-upgrade"):
+    with manager.create_lock("config-api-upgrade"):
         upgrade = Upgrade(manager)
         upgrade.invoke()
 

docker-jans-configurator/Dockerfile

@@ -27,7 +27,7 @@ RUN mkdir -p /opt/jans/configurator/javalibs \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3
+ENV JANS_SOURCE_VERSION=39e74a153edf01db8ab43be81f5585bc4210818d
 
 RUN git clone --depth 500 --filter blob:none --no-checkout https://github.com/janssenproject/jans /tmp/jans \
     && cd /tmp/jans \

docker-jans-configurator/scripts/bootstrap.py

@@ -15,8 +15,6 @@
 
 from jans.pycloudlib import get_manager
 from jans.pycloudlib import wait_for
-from jans.pycloudlib.persistence.sql import sync_sql_password
-from jans.pycloudlib.persistence.utils import PersistenceMapper
 from jans.pycloudlib.utils import get_random_chars
 from jans.pycloudlib.utils import get_sys_random_chars
 from jans.pycloudlib.utils import encode_text
@@ -509,21 +507,14 @@ def load(configuration_file, dump_file):
     deps = ["config_conn", "secret_conn"]
     wait_for(manager, deps=deps)
 
-    mapper = PersistenceMapper()
-    backend_type = mapper.mapping["default"]
-
-    match backend_type:
-        case "sql":
-            sync_sql_password(manager)
-
     # check whether config and secret in backend have been initialized
     should_skip = as_boolean(os.environ.get("CN_CONFIGURATOR_SKIP_INITIALIZED", False))
     if should_skip and manager.config.get("hostname") and manager.secret.get("ssl_cert"):
         # config and secret may have been initialized
         logger.info("Configmaps and secrets have been initialized")
         return
 
-    with manager.lock.create_lock("configurator-load"):
+    with manager.create_lock("configurator-load"):
         logger.info(f"Loading configmaps and secrets from {configuration_file}")
 
         params, err, code = load_schema_from_file(configuration_file)
@@ -553,13 +544,6 @@ def dump(dump_file):
     deps = ["config_conn", "secret_conn"]
     wait_for(manager, deps=deps)
 
-    mapper = PersistenceMapper()
-    backend_type = mapper.mapping["default"]
-
-    match backend_type:
-        case "sql":
-            sync_sql_password(manager)
-
     # dump all configuration from remote backend to file
     dump_to_file(manager, dump_file)
 

docker-jans-fido2/Dockerfile

@@ -61,7 +61,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-fido2/webapps \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3
+ENV JANS_SOURCE_VERSION=39e74a153edf01db8ab43be81f5585bc4210818d
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 
 # note that as we're pulling from a monorepo (with multiple project in it)

docker-jans-fido2/scripts/bootstrap.py

@@ -10,7 +10,6 @@
 from jans.pycloudlib.persistence.hybrid import render_hybrid_properties
 from jans.pycloudlib.persistence.sql import SqlClient
 from jans.pycloudlib.persistence.sql import render_sql_properties
-from jans.pycloudlib.persistence.sql import sync_sql_password
 from jans.pycloudlib.persistence.sql import override_simple_json_property
 from jans.pycloudlib.persistence.utils import PersistenceMapper
 from jans.pycloudlib.persistence.utils import render_base_properties
@@ -43,7 +42,6 @@ def main():
             render_hybrid_properties(hybrid_prop)
 
     if "sql" in persistence_groups:
-        sync_sql_password(manager)
         db_dialect = os.environ.get("CN_SQL_DB_DIALECT", "mysql")
         render_sql_properties(
             manager,
@@ -71,7 +69,7 @@ def main():
 
     configure_logging()
 
-    with manager.lock.create_lock("fido2-setup"):
+    with manager.create_lock("fido2-setup"):
         persistence_setup = PersistenceSetup(manager)
         persistence_setup.import_ldif_files()
 

docker-jans-fido2/scripts/upgrade.py

@@ -176,7 +176,7 @@ def update_fido2_error_config(self):
 def main():  # noqa: D103
     manager = get_manager()
 
-    with manager.lock.create_lock("fido2-upgrade"):
+    with manager.create_lock("fido2-upgrade"):
         upgrade = Upgrade(manager)
         upgrade.invoke()
 

docker-jans-kc-scheduler/Dockerfile

@@ -38,7 +38,7 @@ RUN wget -q https://repo1.maven.org/maven2/org/codehaus/janino/janino/3.1.9/jani
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3
+ENV JANS_SOURCE_VERSION=39e74a153edf01db8ab43be81f5585bc4210818d
 
 # note that as we're pulling from a monorepo (with multiple project in it)
 # we are using partial-clone and sparse-checkout to get the assets

docker-jans-keycloak-link/Dockerfile

@@ -61,7 +61,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-keycloak-link/webapps \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3
+ENV JANS_SOURCE_VERSION=39e74a153edf01db8ab43be81f5585bc4210818d
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 
 # note that as we're pulling from a monorepo (with multiple project in it)

docker-jans-keycloak-link/scripts/bootstrap.py

@@ -12,7 +12,6 @@
 from jans.pycloudlib.persistence.hybrid import render_hybrid_properties
 from jans.pycloudlib.persistence.sql import SqlClient
 from jans.pycloudlib.persistence.sql import render_sql_properties
-from jans.pycloudlib.persistence.sql import sync_sql_password
 from jans.pycloudlib.persistence.sql import override_simple_json_property
 from jans.pycloudlib.persistence.utils import PersistenceMapper
 from jans.pycloudlib.persistence.utils import render_base_properties
@@ -51,7 +50,6 @@ def main():
             render_hybrid_properties(hybrid_prop)
 
     if "sql" in persistence_groups:
-        sync_sql_password(manager)
         db_dialect = os.environ.get("CN_SQL_DB_DIALECT", "mysql")
         render_sql_properties(
             manager,
@@ -79,7 +77,7 @@ def main():
 
     configure_logging()
 
-    with manager.lock.create_lock("keycloak-link-setup"):
+    with manager.create_lock("keycloak-link-setup"):
         persistence_setup = PersistenceSetup(manager)
         persistence_setup.import_ldif_files()
 

docker-jans-keycloak-link/scripts/upgrade.py

@@ -69,7 +69,7 @@ def enable_ext_script(self):
 def main():
     manager = get_manager()
 
-    with manager.lock.create_lock("keycloak-link-upgrade"):
+    with manager.create_lock("keycloak-link-upgrade"):
         upgrade = Upgrade(manager)
         upgrade.invoke()
 

docker-jans-link/Dockerfile

@@ -61,7 +61,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-link/webapps \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3
+ENV JANS_SOURCE_VERSION=39e74a153edf01db8ab43be81f5585bc4210818d
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 
 # note that as we're pulling from a monorepo (with multiple project in it)

docker-jans-link/scripts/bootstrap.py

@@ -12,7 +12,6 @@
 from jans.pycloudlib.persistence.hybrid import render_hybrid_properties
 from jans.pycloudlib.persistence.sql import render_sql_properties
 from jans.pycloudlib.persistence.sql import SqlClient
-from jans.pycloudlib.persistence.sql import sync_sql_password
 from jans.pycloudlib.persistence.sql import override_simple_json_property
 from jans.pycloudlib.persistence.utils import PersistenceMapper
 from jans.pycloudlib.persistence.utils import render_base_properties
@@ -52,7 +51,6 @@ def main():
             render_hybrid_properties(hybrid_prop)
 
     if "sql" in persistence_groups:
-        sync_sql_password(manager)
         db_dialect = os.environ.get("CN_SQL_DB_DIALECT", "mysql")
         render_sql_properties(
             manager,
@@ -80,7 +78,7 @@ def main():
 
     configure_logging()
 
-    with manager.lock.create_lock("link-setup"):
+    with manager.create_lock("link-setup"):
         persistence_setup = PersistenceSetup(manager)
         persistence_setup.import_ldif_files()
 

docker-jans-link/scripts/upgrade.py

@@ -69,7 +69,7 @@ def enable_ext_script(self):
 def main():
     manager = get_manager()
 
-    with manager.lock.create_lock("link-upgrade"):
+    with manager.create_lock("link-upgrade"):
         upgrade = Upgrade(manager)
         upgrade.invoke()