diff --git a/docker-jans-all-in-one/Dockerfile b/docker-jans-all-in-one/Dockerfile index 043078113dc..e2b5fe07547 100644 --- a/docker-jans-all-in-one/Dockerfile +++ b/docker-jans-all-in-one/Dockerfile @@ -58,7 +58,7 @@ RUN apk update \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=26713a82b14a67d5e65b9a7e72d6f1403314f679 +ENV JANS_SOURCE_VERSION=39e74a153edf01db8ab43be81f5585bc4210818d # note that as we're pulling from a monorepo (with multiple project in it) # we are using partial-clone and sparse-checkout to get the assets diff --git a/docker-jans-auth-server/Dockerfile b/docker-jans-auth-server/Dockerfile index fb785a2c7b8..078bfd0e84f 100644 --- a/docker-jans-auth-server/Dockerfile +++ b/docker-jans-auth-server/Dockerfile @@ -103,7 +103,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-auth/agama/fl \ /app/static/rdbm \ /app/schema -ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 +ENV JANS_SOURCE_VERSION=39e74a153edf01db8ab43be81f5585bc4210818d ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) diff --git a/docker-jans-auth-server/scripts/auth_conf.py b/docker-jans-auth-server/scripts/auth_conf.py index 5ddb13fcd1f..42f1986c2db 100644 --- a/docker-jans-auth-server/scripts/auth_conf.py +++ b/docker-jans-auth-server/scripts/auth_conf.py @@ -39,5 +39,5 @@ def digest_equals(val1: str, val2: str) -> bool: if as_boolean(os.environ.get("CN_SHARE_AUTH_CONF", "false")): manager = get_manager() - with manager.lock.create_lock("auth-share-conf"): + with manager.create_lock("auth-share-conf"): push_auth_conf(manager) diff --git a/docker-jans-auth-server/scripts/bootstrap.py b/docker-jans-auth-server/scripts/bootstrap.py index dcf3f51edfa..e8ce26f7bcf 100644 --- a/docker-jans-auth-server/scripts/bootstrap.py +++ b/docker-jans-auth-server/scripts/bootstrap.py @@ -9,7 +9,6 @@ from jans.pycloudlib import wait_for_persistence from jans.pycloudlib.persistence.hybrid import render_hybrid_properties from jans.pycloudlib.persistence.sql import render_sql_properties -from jans.pycloudlib.persistence.sql import sync_sql_password from jans.pycloudlib.persistence.sql import override_simple_json_property from jans.pycloudlib.persistence.utils import render_base_properties from jans.pycloudlib.persistence.utils import render_salt @@ -44,7 +43,6 @@ def main(): render_hybrid_properties(hybrid_prop) if "sql" in persistence_groups: - sync_sql_password(manager) db_dialect = os.environ.get("CN_SQL_DB_DIALECT", "mysql") render_sql_properties( manager, @@ -89,7 +87,7 @@ def main(): if as_boolean(os.environ.get("CN_LOCK_ENABLED", "false")): configure_lock_logging() - with manager.lock.create_lock("lock-setup"): + with manager.create_lock("lock-setup"): persistence_setup = LockPersistenceSetup(manager) persistence_setup.import_ldif_files() diff --git a/docker-jans-auth-server/scripts/upgrade.py b/docker-jans-auth-server/scripts/upgrade.py index 48e25671636..70f9b9d889d 100644 --- a/docker-jans-auth-server/scripts/upgrade.py +++ b/docker-jans-auth-server/scripts/upgrade.py @@ -239,7 +239,7 @@ def update_lock_client_scopes(self): def main(): # noqa: D103 manager = get_manager() - with manager.lock.create_lock("auth-upgrade"): + with manager.create_lock("auth-upgrade"): upgrade = Upgrade(manager) upgrade.invoke() diff --git a/docker-jans-casa/Dockerfile b/docker-jans-casa/Dockerfile index 7408114978a..118f02f14a4 100644 --- a/docker-jans-casa/Dockerfile +++ b/docker-jans-casa/Dockerfile @@ -60,7 +60,7 @@ RUN mkdir -p /usr/share/java \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 +ENV JANS_SOURCE_VERSION=39e74a153edf01db8ab43be81f5585bc4210818d ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) diff --git a/docker-jans-casa/scripts/bootstrap.py b/docker-jans-casa/scripts/bootstrap.py index 281fedc8d1f..ce7897b2638 100644 --- a/docker-jans-casa/scripts/bootstrap.py +++ b/docker-jans-casa/scripts/bootstrap.py @@ -13,7 +13,6 @@ from jans.pycloudlib.persistence.sql import doc_id_from_dn from jans.pycloudlib.persistence.sql import render_sql_properties from jans.pycloudlib.persistence.sql import SqlClient -from jans.pycloudlib.persistence.sql import sync_sql_password from jans.pycloudlib.persistence.sql import override_simple_json_property from jans.pycloudlib.persistence.utils import PersistenceMapper from jans.pycloudlib.persistence.utils import render_base_properties @@ -122,7 +121,6 @@ def main(): render_hybrid_properties("/etc/jans/conf/jans-hybrid.properties") if "sql" in persistence_groups: - sync_sql_password(manager) db_dialect = os.environ.get("CN_SQL_DB_DIALECT", "mysql") render_sql_properties( manager, @@ -150,7 +148,7 @@ def main(): configure_logging() - with manager.lock.create_lock("casa-setup"): + with manager.create_lock("casa-setup"): persistence_setup = PersistenceSetup(manager) persistence_setup.import_ldif_files() diff --git a/docker-jans-casa/scripts/upgrade.py b/docker-jans-casa/scripts/upgrade.py index c2dbd1650d7..ff928ac20a0 100644 --- a/docker-jans-casa/scripts/upgrade.py +++ b/docker-jans-casa/scripts/upgrade.py @@ -217,7 +217,7 @@ def update_agama_deployment(self): def main(): manager = get_manager() - with manager.lock.create_lock("casa-upgrade"): + with manager.create_lock("casa-upgrade"): upgrade = Upgrade(manager) upgrade.invoke() diff --git a/docker-jans-certmanager/Dockerfile b/docker-jans-certmanager/Dockerfile index 1ac9c59c4fe..f8576ab7e7c 100644 --- a/docker-jans-certmanager/Dockerfile +++ b/docker-jans-certmanager/Dockerfile @@ -25,7 +25,7 @@ RUN wget -q ${CN_SOURCE_URL} -P /app/javalibs/ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 +ENV JANS_SOURCE_VERSION=39e74a153edf01db8ab43be81f5585bc4210818d # note that as we're pulling from a monorepo (with multiple project in it) # we are using partial-clone and sparse-checkout to get the assets diff --git a/docker-jans-certmanager/scripts/bootstrap.py b/docker-jans-certmanager/scripts/bootstrap.py index b52627406ad..7b32cd0afb1 100644 --- a/docker-jans-certmanager/scripts/bootstrap.py +++ b/docker-jans-certmanager/scripts/bootstrap.py @@ -5,8 +5,6 @@ import click from jans.pycloudlib import get_manager -from jans.pycloudlib.persistence.sql import sync_sql_password -from jans.pycloudlib.persistence.utils import PersistenceMapper from settings import LOGGING_CONFIG from auth_handler import AuthHandler @@ -65,18 +63,11 @@ def patch(service, dry_run, opts): if dry_run: logger.warning("Dry-run mode is enabled!") - mapper = PersistenceMapper() - backend_type = mapper.mapping["default"] - - match backend_type: - case "sql": - sync_sql_password(manager) - logger.info(f"Processing updates for service {service}") parsed_opts = _parse_opts(opts) callback_cls = PATCH_SERVICE_MAP[service] - with manager.lock.create_lock(f"certmanager-patch-{service}"): + with manager.create_lock(f"certmanager-patch-{service}"): callback_cls(manager, dry_run, **parsed_opts).patch() @@ -97,18 +88,11 @@ def prune(service, dry_run, opts): if dry_run: logger.warning("Dry-run mode is enabled!") - mapper = PersistenceMapper() - backend_type = mapper.mapping["default"] - - match backend_type: - case "sql": - sync_sql_password(manager) - logger.info(f"Processing updates for service {service}") parsed_opts = _parse_opts(opts) callback_cls = PRUNE_SERVICE_MAP[service] - with manager.lock.create_lock(f"certmanager-prune-{service}"): + with manager.create_lock(f"certmanager-prune-{service}"): callback_cls(manager, dry_run, **parsed_opts).prune() diff --git a/docker-jans-config-api/Dockerfile b/docker-jans-config-api/Dockerfile index c83b7867c72..79dcda5bbe1 100644 --- a/docker-jans-config-api/Dockerfile +++ b/docker-jans-config-api/Dockerfile @@ -70,7 +70,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-config-api/_plugins \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=26713a82b14a67d5e65b9a7e72d6f1403314f679 +ENV JANS_SOURCE_VERSION=39e74a153edf01db8ab43be81f5585bc4210818d ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup ARG JANS_CONFIG_API_RESOURCES=jans-config-api/server/src/main/resources diff --git a/docker-jans-config-api/scripts/bootstrap.py b/docker-jans-config-api/scripts/bootstrap.py index 6cb8cf82e88..f4013f3a2f2 100644 --- a/docker-jans-config-api/scripts/bootstrap.py +++ b/docker-jans-config-api/scripts/bootstrap.py @@ -15,7 +15,6 @@ from jans.pycloudlib.persistence.sql import doc_id_from_dn from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.sql import render_sql_properties -from jans.pycloudlib.persistence.sql import sync_sql_password from jans.pycloudlib.persistence.sql import override_simple_json_property from jans.pycloudlib.persistence.utils import PersistenceMapper from jans.pycloudlib.persistence.utils import render_base_properties @@ -52,7 +51,6 @@ def main(): render_hybrid_properties(hybrid_prop) if "sql" in persistence_groups: - sync_sql_password(manager) db_dialect = os.environ.get("CN_SQL_DB_DIALECT", "mysql") render_sql_properties( manager, @@ -80,7 +78,7 @@ def main(): configure_logging() - with manager.lock.create_lock("config-api-setup"): + with manager.create_lock("config-api-setup"): persistence_setup = PersistenceSetup(manager) persistence_setup.import_ldif_files() diff --git a/docker-jans-config-api/scripts/upgrade.py b/docker-jans-config-api/scripts/upgrade.py index 57f45552d12..1f9173d96b1 100644 --- a/docker-jans-config-api/scripts/upgrade.py +++ b/docker-jans-config-api/scripts/upgrade.py @@ -392,7 +392,7 @@ def update_scope_creator_attrs(self): def main(): manager = get_manager() - with manager.lock.create_lock("config-api-upgrade"): + with manager.create_lock("config-api-upgrade"): upgrade = Upgrade(manager) upgrade.invoke() diff --git a/docker-jans-configurator/Dockerfile b/docker-jans-configurator/Dockerfile index 8b95563371f..00608f25587 100644 --- a/docker-jans-configurator/Dockerfile +++ b/docker-jans-configurator/Dockerfile @@ -27,7 +27,7 @@ RUN mkdir -p /opt/jans/configurator/javalibs \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 +ENV JANS_SOURCE_VERSION=39e74a153edf01db8ab43be81f5585bc4210818d RUN git clone --depth 500 --filter blob:none --no-checkout https://github.com/janssenproject/jans /tmp/jans \ && cd /tmp/jans \ diff --git a/docker-jans-configurator/scripts/bootstrap.py b/docker-jans-configurator/scripts/bootstrap.py index 62e9ba28fb3..95b8637276b 100644 --- a/docker-jans-configurator/scripts/bootstrap.py +++ b/docker-jans-configurator/scripts/bootstrap.py @@ -15,8 +15,6 @@ from jans.pycloudlib import get_manager from jans.pycloudlib import wait_for -from jans.pycloudlib.persistence.sql import sync_sql_password -from jans.pycloudlib.persistence.utils import PersistenceMapper from jans.pycloudlib.utils import get_random_chars from jans.pycloudlib.utils import get_sys_random_chars from jans.pycloudlib.utils import encode_text @@ -509,13 +507,6 @@ def load(configuration_file, dump_file): deps = ["config_conn", "secret_conn"] wait_for(manager, deps=deps) - mapper = PersistenceMapper() - backend_type = mapper.mapping["default"] - - match backend_type: - case "sql": - sync_sql_password(manager) - # check whether config and secret in backend have been initialized should_skip = as_boolean(os.environ.get("CN_CONFIGURATOR_SKIP_INITIALIZED", False)) if should_skip and manager.config.get("hostname") and manager.secret.get("ssl_cert"): @@ -523,7 +514,7 @@ def load(configuration_file, dump_file): logger.info("Configmaps and secrets have been initialized") return - with manager.lock.create_lock("configurator-load"): + with manager.create_lock("configurator-load"): logger.info(f"Loading configmaps and secrets from {configuration_file}") params, err, code = load_schema_from_file(configuration_file) @@ -553,13 +544,6 @@ def dump(dump_file): deps = ["config_conn", "secret_conn"] wait_for(manager, deps=deps) - mapper = PersistenceMapper() - backend_type = mapper.mapping["default"] - - match backend_type: - case "sql": - sync_sql_password(manager) - # dump all configuration from remote backend to file dump_to_file(manager, dump_file) diff --git a/docker-jans-fido2/Dockerfile b/docker-jans-fido2/Dockerfile index b8d3107434a..0bc602ab5cf 100644 --- a/docker-jans-fido2/Dockerfile +++ b/docker-jans-fido2/Dockerfile @@ -61,7 +61,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-fido2/webapps \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 +ENV JANS_SOURCE_VERSION=39e74a153edf01db8ab43be81f5585bc4210818d ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) diff --git a/docker-jans-fido2/scripts/bootstrap.py b/docker-jans-fido2/scripts/bootstrap.py index 81908a814b0..fbfa6950e86 100644 --- a/docker-jans-fido2/scripts/bootstrap.py +++ b/docker-jans-fido2/scripts/bootstrap.py @@ -10,7 +10,6 @@ from jans.pycloudlib.persistence.hybrid import render_hybrid_properties from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.sql import render_sql_properties -from jans.pycloudlib.persistence.sql import sync_sql_password from jans.pycloudlib.persistence.sql import override_simple_json_property from jans.pycloudlib.persistence.utils import PersistenceMapper from jans.pycloudlib.persistence.utils import render_base_properties @@ -43,7 +42,6 @@ def main(): render_hybrid_properties(hybrid_prop) if "sql" in persistence_groups: - sync_sql_password(manager) db_dialect = os.environ.get("CN_SQL_DB_DIALECT", "mysql") render_sql_properties( manager, @@ -71,7 +69,7 @@ def main(): configure_logging() - with manager.lock.create_lock("fido2-setup"): + with manager.create_lock("fido2-setup"): persistence_setup = PersistenceSetup(manager) persistence_setup.import_ldif_files() diff --git a/docker-jans-fido2/scripts/upgrade.py b/docker-jans-fido2/scripts/upgrade.py index fa20c110be4..e7c6d113c74 100644 --- a/docker-jans-fido2/scripts/upgrade.py +++ b/docker-jans-fido2/scripts/upgrade.py @@ -176,7 +176,7 @@ def update_fido2_error_config(self): def main(): # noqa: D103 manager = get_manager() - with manager.lock.create_lock("fido2-upgrade"): + with manager.create_lock("fido2-upgrade"): upgrade = Upgrade(manager) upgrade.invoke() diff --git a/docker-jans-kc-scheduler/Dockerfile b/docker-jans-kc-scheduler/Dockerfile index 466c9707810..872b5041101 100644 --- a/docker-jans-kc-scheduler/Dockerfile +++ b/docker-jans-kc-scheduler/Dockerfile @@ -38,7 +38,7 @@ RUN wget -q https://repo1.maven.org/maven2/org/codehaus/janino/janino/3.1.9/jani # Assets sync # =========== -ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 +ENV JANS_SOURCE_VERSION=39e74a153edf01db8ab43be81f5585bc4210818d # note that as we're pulling from a monorepo (with multiple project in it) # we are using partial-clone and sparse-checkout to get the assets diff --git a/docker-jans-keycloak-link/Dockerfile b/docker-jans-keycloak-link/Dockerfile index 3c4d468100b..b8a1a5924c3 100644 --- a/docker-jans-keycloak-link/Dockerfile +++ b/docker-jans-keycloak-link/Dockerfile @@ -61,7 +61,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-keycloak-link/webapps \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 +ENV JANS_SOURCE_VERSION=39e74a153edf01db8ab43be81f5585bc4210818d ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) diff --git a/docker-jans-keycloak-link/scripts/bootstrap.py b/docker-jans-keycloak-link/scripts/bootstrap.py index b444988176a..718737f1d64 100644 --- a/docker-jans-keycloak-link/scripts/bootstrap.py +++ b/docker-jans-keycloak-link/scripts/bootstrap.py @@ -12,7 +12,6 @@ from jans.pycloudlib.persistence.hybrid import render_hybrid_properties from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.sql import render_sql_properties -from jans.pycloudlib.persistence.sql import sync_sql_password from jans.pycloudlib.persistence.sql import override_simple_json_property from jans.pycloudlib.persistence.utils import PersistenceMapper from jans.pycloudlib.persistence.utils import render_base_properties @@ -51,7 +50,6 @@ def main(): render_hybrid_properties(hybrid_prop) if "sql" in persistence_groups: - sync_sql_password(manager) db_dialect = os.environ.get("CN_SQL_DB_DIALECT", "mysql") render_sql_properties( manager, @@ -79,7 +77,7 @@ def main(): configure_logging() - with manager.lock.create_lock("keycloak-link-setup"): + with manager.create_lock("keycloak-link-setup"): persistence_setup = PersistenceSetup(manager) persistence_setup.import_ldif_files() diff --git a/docker-jans-keycloak-link/scripts/upgrade.py b/docker-jans-keycloak-link/scripts/upgrade.py index 3f4d42714a1..dd6121cf8d9 100644 --- a/docker-jans-keycloak-link/scripts/upgrade.py +++ b/docker-jans-keycloak-link/scripts/upgrade.py @@ -69,7 +69,7 @@ def enable_ext_script(self): def main(): manager = get_manager() - with manager.lock.create_lock("keycloak-link-upgrade"): + with manager.create_lock("keycloak-link-upgrade"): upgrade = Upgrade(manager) upgrade.invoke() diff --git a/docker-jans-link/Dockerfile b/docker-jans-link/Dockerfile index 6bf9dd40671..e637a127d73 100644 --- a/docker-jans-link/Dockerfile +++ b/docker-jans-link/Dockerfile @@ -61,7 +61,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-link/webapps \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 +ENV JANS_SOURCE_VERSION=39e74a153edf01db8ab43be81f5585bc4210818d ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) diff --git a/docker-jans-link/scripts/bootstrap.py b/docker-jans-link/scripts/bootstrap.py index 445b708996b..d4a94a9d20c 100644 --- a/docker-jans-link/scripts/bootstrap.py +++ b/docker-jans-link/scripts/bootstrap.py @@ -12,7 +12,6 @@ from jans.pycloudlib.persistence.hybrid import render_hybrid_properties from jans.pycloudlib.persistence.sql import render_sql_properties from jans.pycloudlib.persistence.sql import SqlClient -from jans.pycloudlib.persistence.sql import sync_sql_password from jans.pycloudlib.persistence.sql import override_simple_json_property from jans.pycloudlib.persistence.utils import PersistenceMapper from jans.pycloudlib.persistence.utils import render_base_properties @@ -52,7 +51,6 @@ def main(): render_hybrid_properties(hybrid_prop) if "sql" in persistence_groups: - sync_sql_password(manager) db_dialect = os.environ.get("CN_SQL_DB_DIALECT", "mysql") render_sql_properties( manager, @@ -80,7 +78,7 @@ def main(): configure_logging() - with manager.lock.create_lock("link-setup"): + with manager.create_lock("link-setup"): persistence_setup = PersistenceSetup(manager) persistence_setup.import_ldif_files() diff --git a/docker-jans-link/scripts/upgrade.py b/docker-jans-link/scripts/upgrade.py index 1588bc47996..0f06fb5e018 100644 --- a/docker-jans-link/scripts/upgrade.py +++ b/docker-jans-link/scripts/upgrade.py @@ -69,7 +69,7 @@ def enable_ext_script(self): def main(): manager = get_manager() - with manager.lock.create_lock("link-upgrade"): + with manager.create_lock("link-upgrade"): upgrade = Upgrade(manager) upgrade.invoke() diff --git a/docker-jans-monolith/Dockerfile b/docker-jans-monolith/Dockerfile index d229e100c21..e768136cfde 100644 --- a/docker-jans-monolith/Dockerfile +++ b/docker-jans-monolith/Dockerfile @@ -42,7 +42,7 @@ EXPOSE 443 8080 1636 # jans-linux-setup # ===================== -ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 +ENV JANS_SOURCE_VERSION=39e74a153edf01db8ab43be81f5585bc4210818d # cleanup RUN rm -rf /tmp/jans diff --git a/docker-jans-persistence-loader/Dockerfile b/docker-jans-persistence-loader/Dockerfile index bd7a7151c53..dd2692e61c2 100644 --- a/docker-jans-persistence-loader/Dockerfile +++ b/docker-jans-persistence-loader/Dockerfile @@ -16,7 +16,7 @@ RUN apk update \ # =========== # janssenproject/jans SHA commit -ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 +ENV JANS_SOURCE_VERSION=39e74a153edf01db8ab43be81f5585bc4210818d ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup ARG JANS_SCRIPT_CATALOG_DIR=docs/script-catalog ARG JANS_CONFIG_API_RESOURCES=jans-config-api/server/src/main/resources diff --git a/docker-jans-persistence-loader/scripts/bootstrap.py b/docker-jans-persistence-loader/scripts/bootstrap.py index 9d090f31f99..5f0d5b98742 100644 --- a/docker-jans-persistence-loader/scripts/bootstrap.py +++ b/docker-jans-persistence-loader/scripts/bootstrap.py @@ -2,8 +2,6 @@ from jans.pycloudlib import get_manager from jans.pycloudlib import wait_for_persistence_conn -from jans.pycloudlib.persistence.sql import sync_sql_password -from jans.pycloudlib.persistence.utils import PersistenceMapper from hybrid_setup import HybridBackend from sql_setup import SQLBackend @@ -24,19 +22,14 @@ def main(): if not backend_cls: raise ValueError("Unsupported persistence backend") - persistence_groups = PersistenceMapper().groups().keys() - - if "sql" in persistence_groups: - sync_sql_password(manager) - wait_for_persistence_conn(manager) - with manager.lock.create_lock("persistence-loader-init"): + with manager.create_lock("persistence-loader-init"): backend = backend_cls(manager) backend.initialize() # run upgrade if needed - with manager.lock.create_lock("persistence-loader-upgrade"): + with manager.create_lock("persistence-loader-upgrade"): upgrade = Upgrade(manager) upgrade.invoke() diff --git a/docker-jans-saml/Dockerfile b/docker-jans-saml/Dockerfile index b52d9ea20d7..bf427e8f51d 100644 --- a/docker-jans-saml/Dockerfile +++ b/docker-jans-saml/Dockerfile @@ -35,7 +35,7 @@ RUN wget -q https://jenkins.jans.io/maven/io/jans/kc-jans-spi/${CN_VERSION}/kc-j # Assets sync # =========== -ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 +ENV JANS_SOURCE_VERSION=39e74a153edf01db8ab43be81f5585bc4210818d ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) diff --git a/docker-jans-saml/scripts/bootstrap.py b/docker-jans-saml/scripts/bootstrap.py index e900bf2c921..3a803576ce2 100644 --- a/docker-jans-saml/scripts/bootstrap.py +++ b/docker-jans-saml/scripts/bootstrap.py @@ -18,7 +18,6 @@ from jans.pycloudlib.persistence.hybrid import render_hybrid_properties from jans.pycloudlib.persistence.sql import SqlClient from jans.pycloudlib.persistence.sql import render_sql_properties -from jans.pycloudlib.persistence.sql import sync_sql_password from jans.pycloudlib.persistence.sql import override_simple_json_property from jans.pycloudlib.persistence.utils import PersistenceMapper from jans.pycloudlib.persistence.utils import render_base_properties @@ -79,7 +78,6 @@ def main(): render_hybrid_properties(hybrid_prop) if "sql" in persistence_groups: - sync_sql_password(manager) db_dialect = os.environ.get("CN_SQL_DB_DIALECT", "mysql") render_sql_properties( manager, @@ -95,7 +93,7 @@ def main(): "/opt/keycloak/conf/quarkus.properties", ) - with manager.lock.create_lock("saml-setup"): + with manager.create_lock("saml-setup"): persistence_setup = PersistenceSetup(manager) persistence_setup.import_ldif_files() render_keycloak_conf() @@ -216,6 +214,12 @@ def _get_clients_ctx(self): def render_keycloak_creds(): + # Keycloak UI requires initial admin credentials (username + password) that configured using + # KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD env vars; note that exporting env vars via Python + # os.environ wont work because the process wont alter the parent's environment, hence we create + # credentials file in order to make shell script parse and pass the credentials via export command; + # for security purpose, it's recommended to remove the credentials file after shell script finished + # exporting the env vars creds_file = os.environ.get("CN_SAML_KC_ADMIN_CREDENTIALS_FILE", "/etc/jans/conf/kc_admin_creds") if not os.path.isfile(creds_file): diff --git a/docker-jans-saml/scripts/configure_kc.py b/docker-jans-saml/scripts/configure_kc.py index 143e5872ca5..45c2664dfe0 100644 --- a/docker-jans-saml/scripts/configure_kc.py +++ b/docker-jans-saml/scripts/configure_kc.py @@ -404,12 +404,6 @@ def grant_xa_recover_admin(self): def main(): manager = get_manager() - creds_file = os.environ.get("CN_SAML_KC_ADMIN_CREDENTIALS_FILE", "/etc/jans/conf/kc_admin_creds") - - with open(creds_file) as f: - creds = f.read().strip() - admin_username, admin_password = base64.b64decode(creds).decode().strip().split(":") - ctx = { "jans_idp_realm": "jans", "jans_idp_client_id": manager.config.get("jans_idp_client_id"), @@ -425,9 +419,9 @@ def main(): base_dir = os.path.join(tempfile.gettempdir(), "kc_jans_api") os.makedirs(base_dir, exist_ok=True) - with manager.lock.create_lock("saml-configure-kc"): + with manager.create_lock("saml-configure-kc"): logger.info("Configuring Keycloak (if required)") - kc = KC(admin_username, admin_password, base_dir, ctx) + kc = KC(manager.config.get("kc_admin_username"), manager.secret.get("kc_admin_password"), base_dir, ctx) kc.login() kc.render_templates(templates=[ diff --git a/docker-jans-saml/scripts/entrypoint.sh b/docker-jans-saml/scripts/entrypoint.sh index 4c902d446b0..f5d9c72be3d 100644 --- a/docker-jans-saml/scripts/entrypoint.sh +++ b/docker-jans-saml/scripts/entrypoint.sh @@ -27,6 +27,8 @@ export_keycloak_admin_creds() { admin_password=$(echo "$creds" | awk -F ":" '{print $2}') export KEYCLOAK_ADMIN="$admin_username" export KEYCLOAK_ADMIN_PASSWORD="$admin_password" + # remove file for security purpose + rm -f "$creds_file" } python3 "$basedir/wait.py" diff --git a/docker-jans-saml/scripts/upgrade.py b/docker-jans-saml/scripts/upgrade.py index 2a7bf5c3ff0..e0cfc02e3de 100644 --- a/docker-jans-saml/scripts/upgrade.py +++ b/docker-jans-saml/scripts/upgrade.py @@ -132,7 +132,7 @@ def update_saml_dynamic_config(self): def main(): # noqa: D103 manager = get_manager() - with manager.lock.create_lock("saml-upgrade"): + with manager.create_lock("saml-upgrade"): upgrade = Upgrade(manager) upgrade.invoke() diff --git a/docker-jans-scim/Dockerfile b/docker-jans-scim/Dockerfile index 58184d0104b..bd9666e1767 100644 --- a/docker-jans-scim/Dockerfile +++ b/docker-jans-scim/Dockerfile @@ -60,7 +60,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-scim/webapps \ # Assets sync # =========== -ENV JANS_SOURCE_VERSION=871c36da8a2550ee2febd7c0d72c521898b226c3 +ENV JANS_SOURCE_VERSION=39e74a153edf01db8ab43be81f5585bc4210818d ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup ARG JANS_SCIM_RESOURCE_DIR=jans-scim/server/src/main/resources diff --git a/docker-jans-scim/scripts/bootstrap.py b/docker-jans-scim/scripts/bootstrap.py index 029d71ca2e0..4bfea29a03f 100644 --- a/docker-jans-scim/scripts/bootstrap.py +++ b/docker-jans-scim/scripts/bootstrap.py @@ -15,7 +15,6 @@ from jans.pycloudlib.persistence.hybrid import render_hybrid_properties from jans.pycloudlib.persistence.sql import render_sql_properties from jans.pycloudlib.persistence.sql import SqlClient -from jans.pycloudlib.persistence.sql import sync_sql_password from jans.pycloudlib.persistence.sql import override_simple_json_property from jans.pycloudlib.persistence.utils import PersistenceMapper from jans.pycloudlib.persistence.utils import render_base_properties @@ -57,7 +56,6 @@ def main(): render_hybrid_properties(hybrid_prop) if "sql" in persistence_groups: - sync_sql_password(manager) db_dialect = os.environ.get("CN_SQL_DB_DIALECT", "mysql") render_sql_properties( manager, @@ -85,7 +83,7 @@ def main(): configure_logging() - with manager.lock.create_lock("scim-setup"): + with manager.create_lock("scim-setup"): persistence_setup = PersistenceSetup(manager) persistence_setup.import_ldif_files() diff --git a/docker-jans-scim/scripts/upgrade.py b/docker-jans-scim/scripts/upgrade.py index d608eb543b0..f8124ac93ef 100644 --- a/docker-jans-scim/scripts/upgrade.py +++ b/docker-jans-scim/scripts/upgrade.py @@ -138,7 +138,7 @@ def update_scim_dynamic_config(self): def main(): manager = get_manager() - with manager.lock.create_lock("scim-upgrade"): + with manager.create_lock("scim-upgrade"): upgrade = Upgrade(manager) upgrade.invoke()