merge: branch 'main' into jans-cedarling-9966

Signed-off-by: rmarinn <[email protected]>

docker-jans-all-in-one/Dockerfile

@@ -58,7 +58,7 @@ RUN apk update \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=5f3b30e4b565601ccb31cd985920c09071cd1b54
+ENV JANS_SOURCE_VERSION=4f155cfe9e197b15d65be6aa938276862fe36a06
 
 # note that as we're pulling from a monorepo (with multiple project in it)
 # we are using partial-clone and sparse-checkout to get the assets

docker-jans-auth-server/Dockerfile

@@ -51,7 +51,7 @@ RUN /opt/jython/bin/pip uninstall -y pip setuptools
 # ===========
 
 ENV CN_VERSION=1.1.6-SNAPSHOT
-ENV CN_BUILD_DATE='2024-10-02 13:40'
+ENV CN_BUILD_DATE='2024-10-29 17:28'
 
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-auth-server/${CN_VERSION}/jans-auth-server-${CN_VERSION}.war
 
@@ -103,7 +103,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-auth/agama/fl \
     /app/static/rdbm \
     /app/schema
 
-ENV JANS_SOURCE_VERSION=5f3b30e4b565601ccb31cd985920c09071cd1b54
+ENV JANS_SOURCE_VERSION=4f155cfe9e197b15d65be6aa938276862fe36a06
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 
 # note that as we're pulling from a monorepo (with multiple project in it)

docker-jans-auth-server/scripts/bootstrap.py

@@ -16,6 +16,7 @@
 from jans.pycloudlib.persistence.spanner import sync_google_credentials
 from jans.pycloudlib.persistence.sql import render_sql_properties
 from jans.pycloudlib.persistence.sql import sync_sql_password
+from jans.pycloudlib.persistence.sql import override_simple_json_property
 from jans.pycloudlib.persistence.utils import render_base_properties
 from jans.pycloudlib.persistence.utils import render_salt
 from jans.pycloudlib.persistence.utils import PersistenceMapper
@@ -78,6 +79,7 @@ def main():
         sync_google_credentials(manager)
 
     wait_for_persistence(manager)
+    override_simple_json_property("/etc/jans/conf/jans-sql.properties")
 
     if not os.path.isfile("/etc/certs/web_https.crt"):
         if as_boolean(os.environ.get("CN_SSL_CERT_FROM_SECRETS", "true")):

docker-jans-auth-server/scripts/upgrade.py

@@ -324,7 +324,7 @@ def update_lock_client_scopes(self):
         if not entry:
             return
 
-        if self.backend.type == "sql" and self.backend.client.dialect == "mysql":
+        if not self.backend.client.use_simple_json:
             client_scopes = entry.attrs["jansScope"]["v"]
         else:
             client_scopes = entry.attrs.get("jansScope") or []
@@ -348,10 +348,8 @@ def update_lock_client_scopes(self):
         new_client_scopes += lock_scopes
 
         # find missing scopes from the client
-        diff = list(set(new_client_scopes).difference(client_scopes))
-
-        if diff:
-            if self.backend.type == "sql" and self.backend.client.dialect == "mysql":
+        if diff := list(set(new_client_scopes).difference(client_scopes)):
+            if not self.backend.client.use_simple_json:
                 entry.attrs["jansScope"]["v"] = client_scopes + diff
             else:
                 entry.attrs["jansScope"] = client_scopes + diff

docker-jans-auth-server/templates/jans-mysql.properties

@@ -33,5 +33,13 @@ connection.pool.max-wait-time-millis=20000
 # Allow to evict connection in pool after 30 minutes
 connection.pool.min-evictable-idle-time-millis=1800000
 
+# Sets whether objects created for the pool will be validated before being returned from it
+#connection.pool.test-on-create=true
+
+# Sets whether objects borrowed from the pool will be validated when they are returned to the pool
+#connection.pool.test-on-return=true
+
 binaryAttributes=objectGUID
 certificateAttributes=userCertificate
+
+mysql.simple-json=true

docker-jans-casa/Dockerfile

@@ -30,7 +30,7 @@ RUN wget -q https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-home/${JETTY_
 # ====
 
 ENV CN_VERSION=1.1.6-SNAPSHOT
-ENV CN_BUILD_DATE='2024-10-02 09:31'
+ENV CN_BUILD_DATE='2024-10-27 08:51'
 
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/casa/${CN_VERSION}/casa-${CN_VERSION}.war
 
@@ -60,7 +60,7 @@ RUN mkdir -p /usr/share/java \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=5f3b30e4b565601ccb31cd985920c09071cd1b54
+ENV JANS_SOURCE_VERSION=4f155cfe9e197b15d65be6aa938276862fe36a06
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 
 # note that as we're pulling from a monorepo (with multiple project in it)

docker-jans-casa/scripts/bootstrap.py

@@ -23,6 +23,7 @@
 from jans.pycloudlib.persistence.sql import render_sql_properties
 from jans.pycloudlib.persistence.sql import SqlClient
 from jans.pycloudlib.persistence.sql import sync_sql_password
+from jans.pycloudlib.persistence.sql import override_simple_json_property
 from jans.pycloudlib.persistence.utils import PersistenceMapper
 from jans.pycloudlib.persistence.utils import render_base_properties
 from jans.pycloudlib.persistence.utils import render_salt
@@ -159,6 +160,7 @@ def main():
         sync_google_credentials(manager)
 
     wait_for_persistence(manager)
+    override_simple_json_property("/etc/jans/conf/jans-sql.properties")
 
     if not os.path.isfile("/etc/certs/web_https.crt"):
         if as_boolean(os.environ.get("CN_SSL_CERT_FROM_SECRETS", "true")):

docker-jans-casa/scripts/upgrade.py

@@ -172,7 +172,7 @@ def update_client_scopes(self):
         if not entry:
             return
 
-        if self.backend.type == "sql" and self.backend.client.dialect == "mysql":
+        if not self.backend.client.use_simple_json:
             client_scopes = entry.attrs["jansScope"]["v"]
         else:
             client_scopes = entry.attrs["jansScope"]
@@ -188,10 +188,8 @@ def update_client_scopes(self):
             ]
 
         # find missing scopes from the client
-        diff = list(set(new_client_scopes).difference(client_scopes))
-
-        if diff:
-            if self.backend.type == "sql" and self.backend.client.dialect == "mysql":
+        if diff := list(set(new_client_scopes).difference(client_scopes)):
+            if not self.backend.client.use_simple_json:
                 entry.attrs["jansScope"]["v"] = client_scopes + diff
             else:
                 entry.attrs["jansScope"] = client_scopes + diff
@@ -264,7 +262,7 @@ def update_client_uris(self):
         }
 
         for key, uri in uri_mapping.items():
-            if self.backend.type == "sql" and self.backend.client.dialect == "mysql":
+            if not self.backend.client.use_simple_json:
                 client_uris = entry.attrs[key]["v"]
             else:
                 client_uris = entry.attrs[key]
@@ -275,7 +273,7 @@ def update_client_uris(self):
             if uri not in client_uris:
                 client_uris.append(uri)
 
-                if self.backend.type == "sql" and self.backend.client.dialect == "mysql":
+                if not self.backend.client.use_simple_json:
                     entry.attrs[key]["v"] = client_uris
                 else:
                     entry.attrs[key] = client_uris

docker-jans-casa/templates/jans-mysql.properties

@@ -33,5 +33,13 @@ connection.pool.max-wait-time-millis=20000
 # Allow to evict connection in pool after 30 minutes
 connection.pool.min-evictable-idle-time-millis=1800000
 
+# Sets whether objects created for the pool will be validated before being returned from it
+#connection.pool.test-on-create=true
+
+# Sets whether objects borrowed from the pool will be validated when they are returned to the pool
+#connection.pool.test-on-return=true
+
 binaryAttributes=objectGUID
 certificateAttributes=userCertificate
+
+mysql.simple-json=true

docker-jans-certmanager/Dockerfile

@@ -15,7 +15,7 @@ RUN apk update \
 
 # JAR files required to generate OpenID Connect keys
 ENV CN_VERSION=1.1.6-SNAPSHOT
-ENV CN_BUILD_DATE='2024-10-02 13:34'
+ENV CN_BUILD_DATE='2024-10-26 11:35'
 
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-auth-client/${CN_VERSION}/jans-auth-client-${CN_VERSION}-jar-with-dependencies.jar
 
@@ -25,7 +25,7 @@ RUN wget -q ${CN_SOURCE_URL} -P /app/javalibs/
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=5f3b30e4b565601ccb31cd985920c09071cd1b54
+ENV JANS_SOURCE_VERSION=4f155cfe9e197b15d65be6aa938276862fe36a06
 
 # note that as we're pulling from a monorepo (with multiple project in it)
 # we are using partial-clone and sparse-checkout to get the assets

docker-jans-config-api/Dockerfile

@@ -41,7 +41,7 @@ RUN wget -q https://maven.jans.io/maven/io/jans/jython-installer/${JYTHON_VERSIO
 # ==========
 
 ENV CN_VERSION=1.1.6-SNAPSHOT
-ENV CN_BUILD_DATE='2024-10-02 09:23'
+ENV CN_BUILD_DATE='2024-10-26 09:14'
 
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-config-api-server/${CN_VERSION}/jans-config-api-server-${CN_VERSION}.war
 
@@ -56,14 +56,6 @@ RUN mkdir -p ${JETTY_BASE}/jans-config-api/webapps \
     && java -jar ${JETTY_HOME}/start.jar jetty.home=${JETTY_HOME} jetty.base=${JETTY_BASE}/jans-config-api --add-module=server,deploy,annotations,resources,http,http-forwarded,threadpool,jsp,websocket,cdi-decorate,jmx,stats,logging-log4j2 --approve-all-licenses \
     && rm -rf /tmp/jans-config-api.war /tmp/WEB-INF
 
-# ======
-# Facter
-# ======
-
-ARG PYFACTER_VERSION=9d8478ee47dc5498a766e010e8d3a3451b46e541
-RUN wget -q https://github.com/GluuFederation/gluu-snap/raw/${PYFACTER_VERSION}/facter/facter -O /usr/bin/facter \
-    && chmod +x /usr/bin/facter
-
 # =======
 # Plugins
 # =======
@@ -78,7 +70,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-config-api/_plugins \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=5f3b30e4b565601ccb31cd985920c09071cd1b54
+ENV JANS_SOURCE_VERSION=4f155cfe9e197b15d65be6aa938276862fe36a06
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 ARG JANS_CONFIG_API_RESOURCES=jans-config-api/server/src/main/resources
 
@@ -115,7 +107,9 @@ RUN cd /tmp/jans \
     && cp ${JANS_CONFIG_API_RESOURCES}/config-api-rs-protect.json /app/templates/jans-config-api/ \
     && mkdir -p org/eclipse/jetty \
     && cp ${JANS_SETUP_DIR}/static/favicon.ico org/eclipse/jetty/favicon.ico \
-    && zip -r ${JETTY_HOME}/lib/jetty-server-${JETTY_VERSION}.jar org/eclipse/jetty/favicon.ico
+    && zip -r ${JETTY_HOME}/lib/jetty-server-${JETTY_VERSION}.jar org/eclipse/jetty/favicon.ico \
+    && cp ${JANS_SETUP_DIR}/static/scripts/facter /usr/bin/facter \
+    && chmod +x /usr/bin/facter
 
 # ======
 # Python

docker-jans-config-api/scripts/bootstrap.py

@@ -25,6 +25,7 @@
 from jans.pycloudlib.persistence.sql import SqlClient
 from jans.pycloudlib.persistence.sql import render_sql_properties
 from jans.pycloudlib.persistence.sql import sync_sql_password
+from jans.pycloudlib.persistence.sql import override_simple_json_property
 from jans.pycloudlib.persistence.utils import PersistenceMapper
 from jans.pycloudlib.persistence.utils import render_base_properties
 from jans.pycloudlib.persistence.utils import render_salt
@@ -89,6 +90,7 @@ def main():
         sync_google_credentials(manager)
 
     wait_for_persistence(manager)
+    override_simple_json_property("/etc/jans/conf/jans-sql.properties")
 
     if not os.path.isfile("/etc/certs/web_https.crt"):
         if as_boolean(os.environ.get("CN_SSL_CERT_FROM_SECRETS", "true")):

docker-jans-config-api/scripts/upgrade.py

@@ -356,7 +356,7 @@ def update_client_redirect_uri(self):
         should_update = False
         hostname = self.manager.config.get("hostname")
 
-        if self.backend.type == "sql" and self.backend.client.dialect == "mysql":
+        if not self.backend.client.use_simple_json:
             if f"https://{hostname}/admin" not in entry.attrs["jansRedirectURI"]["v"]:
                 entry.attrs["jansRedirectURI"]["v"].append(f"https://{hostname}/admin")
                 should_update = True
@@ -414,7 +414,7 @@ def update_client_scopes(self):
         if not entry:
             return
 
-        if self.backend.type == "sql" and self.backend.client.dialect == "mysql":
+        if not self.backend.client.use_simple_json:
             client_scopes = entry.attrs["jansScope"]["v"]
         else:
             client_scopes = entry.attrs["jansScope"]
@@ -427,10 +427,8 @@ def update_client_scopes(self):
         new_client_scopes = [f"inum={inum},ou=scopes,o=jans" for inum in scope_mapping.keys()]
 
         # find missing scopes from the client
-        diff = list(set(new_client_scopes).difference(client_scopes))
-
-        if diff:
-            if self.backend.type == "sql" and self.backend.client.dialect == "mysql":
+        if diff := list(set(new_client_scopes).difference(client_scopes)):
+            if not self.backend.client.use_simple_json:
                 entry.attrs["jansScope"]["v"] = client_scopes + diff
             else:
                 entry.attrs["jansScope"] = client_scopes + diff
@@ -454,7 +452,7 @@ def update_test_client_scopes(self):
         if not entry:
             return
 
-        if self.backend.type == "sql" and self.backend.client.dialect == "mysql":
+        if not self.backend.client.use_simple_json:
             client_scopes = entry.attrs["jansScope"]["v"]
         else:
             client_scopes = entry.attrs["jansScope"]
@@ -480,9 +478,8 @@ def update_test_client_scopes(self):
             ]
 
         # find missing scopes from the client
-        diff = list(set(scopes).difference(client_scopes))
-        if diff:
-            if self.backend.type == "sql" and self.backend.client.dialect == "mysql":
+        if diff := list(set(scopes).difference(client_scopes)):
+            if not self.backend.client.use_simple_json:
                 entry.attrs["jansScope"]["v"] = client_scopes + diff
             else:
                 entry.attrs["jansScope"] = client_scopes + diff
@@ -498,7 +495,7 @@ def update_scope_creator_attrs(self):
         entries = self.backend.search_entries("", **kwargs)
 
         for entry in entries:
-            if self.backend.type == "sql" and self.backend.client.dialect == "mysql":
+            if not self.backend.client.use_simple_json:
                 creator_attrs = (entry.attrs.get("creatorAttrs") or {}).get("v") or []
             else:
                 creator_attrs = entry.attrs.get("creatorAttrs") or []
@@ -520,7 +517,7 @@ def update_scope_creator_attrs(self):
                 new_creator_attrs.append(attr)
 
             if new_creator_attrs != creator_attrs:
-                if self.backend.type == "sql" and self.backend.client.dialect == "mysql":
+                if not self.backend.client.use_simple_json:
                     entry.attrs["creatorAttrs"]["v"] = new_creator_attrs
                 else:
                     entry.attrs["creatorAttrs"] = new_creator_attrs

docker-jans-config-api/templates/jans-mysql.properties

@@ -33,5 +33,13 @@ connection.pool.max-wait-time-millis=20000
 # Allow to evict connection in pool after 30 minutes
 connection.pool.min-evictable-idle-time-millis=1800000
 
+# Sets whether objects created for the pool will be validated before being returned from it
+#connection.pool.test-on-create=true
+
+# Sets whether objects borrowed from the pool will be validated when they are returned to the pool
+#connection.pool.test-on-return=true
+
 binaryAttributes=objectGUID
 certificateAttributes=userCertificate
+
+mysql.simple-json=true

docker-jans-configurator/Dockerfile

@@ -16,7 +16,7 @@ RUN apk update \
 # JAR files required to generate OpenID Connect keys
 
 ENV CN_VERSION=1.1.6-SNAPSHOT
-ENV CN_BUILD_DATE='2024-10-02 13:34'
+ENV CN_BUILD_DATE='2024-10-26 11:35'
 
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-auth-client/${CN_VERSION}/jans-auth-client-${CN_VERSION}-jar-with-dependencies.jar
 
@@ -27,7 +27,7 @@ RUN mkdir -p /opt/jans/configurator/javalibs \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=5f3b30e4b565601ccb31cd985920c09071cd1b54
+ENV JANS_SOURCE_VERSION=4f155cfe9e197b15d65be6aa938276862fe36a06
 
 RUN git clone --depth 500 --filter blob:none --no-checkout https://github.com/janssenproject/jans /tmp/jans \
     && cd /tmp/jans \

docker-jans-fido2/Dockerfile

@@ -42,7 +42,7 @@ RUN wget -q https://maven.jans.io/maven/io/jans/jython-installer/${JYTHON_VERSIO
 
 
 ENV CN_VERSION=1.1.6-SNAPSHOT
-ENV CN_BUILD_DATE='2024-10-02 14:39'
+ENV CN_BUILD_DATE='2024-10-27 08:58'
 
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-fido2-server/${CN_VERSION}/jans-fido2-server-${CN_VERSION}.war
 
@@ -61,7 +61,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-fido2/webapps \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=5f3b30e4b565601ccb31cd985920c09071cd1b54
+ENV JANS_SOURCE_VERSION=4f155cfe9e197b15d65be6aa938276862fe36a06
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 
 # note that as we're pulling from a monorepo (with multiple project in it)

docker-jans-fido2/scripts/bootstrap.py

@@ -19,6 +19,7 @@
 from jans.pycloudlib.persistence.sql import SqlClient
 from jans.pycloudlib.persistence.sql import render_sql_properties
 from jans.pycloudlib.persistence.sql import sync_sql_password
+from jans.pycloudlib.persistence.sql import override_simple_json_property
 from jans.pycloudlib.persistence.utils import PersistenceMapper
 from jans.pycloudlib.persistence.utils import render_base_properties
 from jans.pycloudlib.persistence.utils import render_salt
@@ -79,6 +80,7 @@ def main():
         sync_google_credentials(manager)
 
     wait_for_persistence(manager)
+    override_simple_json_property("/etc/jans/conf/jans-sql.properties")
 
     if not os.path.isfile("/etc/certs/web_https.crt"):
         if as_boolean(os.environ.get("CN_SSL_CERT_FROM_SECRETS", "true")):

docker-jans-fido2/templates/jans-mysql.properties

@@ -33,5 +33,13 @@ connection.pool.max-wait-time-millis=20000
 # Allow to evict connection in pool after 30 minutes
 connection.pool.min-evictable-idle-time-millis=1800000
 
+# Sets whether objects created for the pool will be validated before being returned from it
+#connection.pool.test-on-create=true
+
+# Sets whether objects borrowed from the pool will be validated when they are returned to the pool
+#connection.pool.test-on-return=true
+
 binaryAttributes=objectGUID
 certificateAttributes=userCertificate
+
+mysql.simple-json=true