feat(docker-admin-ui): add support for plugins installation (#319)

docker-admin-ui/.hadolint.yaml

@@ -0,0 +1,6 @@
+ignored:
+  - DL3018    # Pin versions in apk add
+  - DL3013    # Pin versions in pip
+  - DL3003    # Use WORKDIR to switch to a directory
+  - DL3016    # Pin versions in npm
+  - SC2086

docker-admin-ui/Dockerfile

@@ -205,7 +205,7 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log \
 RUN addgroup node root
 
 # make empty folders
-RUN mkdir -p /opt/flex/admin-ui/dist \
+RUN mkdir -p /opt/flex/admin-ui/dist /app/plugins \
     && touch /run/nginx/nginx.pid
 
 # && chown -R 1000:1000 /etc/certs \
@@ -228,7 +228,9 @@ RUN chown -R 1000:1000 /var/lib/nginx \
     && chgrp -R 0 /var/log/nginx && chmod -R g=u /var/log/nginx \
     && chgrp -R 0 /run/nginx/nginx.pid && chmod -R g=u /run/nginx/nginx.pid \
     && chgrp -R 0 /etc/jans && chmod -R g=u /etc/jans \
-    && chown 1000:0 /opt/flex/admin-ui/plugins.config.json
+    && chown 1000:0 /opt/flex/admin-ui/plugins.config.json \
+    && chown -R 1000:0 /opt/flex/admin-ui/plugins \
+    && chown -R 1000:0 /app/plugins
 
 USER 1000
 

docker-admin-ui/Makefile

@@ -1,7 +1,18 @@
-GLUU_VERSION=1.0.0
+GLUU_VERSION?=1.0.0
 IMAGE_NAME=gluufederation/admin-ui
-UNSTABLE_VERSION=dev
+UNSTABLE_VERSION?=dev
 
-build-ui:
+.PHONY: test clean all build-dev trivy-scan grype-scan
+.DEFAULT_GOAL := build-dev
+
+build-dev:
 	@echo "[I] Building Docker image ${IMAGE_NAME}:${GLUU_VERSION}_${UNSTABLE_VERSION}"
 	@docker build --rm --force-rm -t ${IMAGE_NAME}:${GLUU_VERSION}_${UNSTABLE_VERSION} .
+
+trivy-scan:
+	@echo "[I] Scanning Docker image ${IMAGE_NAME}:${GLUU_VERSION}_${UNSTABLE_VERSION} using trivy"
+	@trivy -d image ${IMAGE_NAME}:${GLUU_VERSION}_${UNSTABLE_VERSION}
+
+grype-scan:
+	@echo "[I] Scanning Docker image ${IMAGE_NAME}:${GLUU_VERSION}_${UNSTABLE_VERSION} using grype"
+	@grype -v ${IMAGE_NAME}:${GLUU_VERSION}_${UNSTABLE_VERSION}

docker-admin-ui/README.md

@@ -81,6 +81,7 @@ The following environment variables are supported by the container:
 - `GOOGLE_APPLICATION_CREDENTIALS`: Path to Google credentials JSON file (default to `/etc/jans/conf/google-credentials.json`). Used when `CN_CONFIG_ADAPTER` or `CN_SECRET_ADAPTER` set to `google`.
 - `CN_GOOGLE_SPANNER_INSTANCE_ID`: Google Spanner instance ID.
 - `CN_GOOGLE_SPANNER_DATABASE_ID`: Google Spanner database ID.
+- `GLUU_ADMIN_UI_PLUGINS`: Comma-separated additional plugins to be enabled (default to empty string). See [Adding plugins](#adding-plugins) for details.
 
 ### Hybrid mapping
 
@@ -113,3 +114,10 @@ Hybrid persistence supports all available persistence types. To configure hybrid
         "session": "spanner",
     }
     ```
+
+### Adding plugins
+
+To add plugins to AdminUI, for example `myplugin.zip`
+
+1. Set the name of the plugin (without the extension name) in environment variable `GLUU_ADMIN_UI_PLUGINS`, for example: `GLUU_ADMIN_UI_PLUGINS=myplugin`.
+1. Mount `myplugin.zip` to `/app/plugins/myplugin.zip` inside the pod/container. Note that if `/app/plugins/myplugin.zip` is not exist, plugin will be ignored.

docker-admin-ui/scripts/builder.py

@@ -0,0 +1,73 @@
+import logging.config
+import json
+import os
+import shutil
+import sys
+
+from jans.pycloudlib.utils import exec_cmd
+
+from settings import LOGGING_CONFIG
+
+logging.config.dictConfig(LOGGING_CONFIG)
+logger = logging.getLogger("entrypoint")
+
+ADMIN_UI_DIR = "/opt/flex/admin-ui"
+
+
+def _discover_plugins():
+    os.chdir(ADMIN_UI_DIR)
+
+    user_plugins = [
+        plugin.strip()
+        for plugin in os.environ.get("GLUU_ADMIN_UI_PLUGINS", "").strip().split(",")
+        if plugin.strip()
+    ]
+
+    for plugin in set(user_plugins):
+        src = f"/app/plugins/{plugin}.zip"
+
+        if not os.path.isfile(src):
+            continue
+
+        logger.info(f"Adding plugin {plugin} from {src}")
+        cmd = f"npm run plugin:add {src}"
+        out, err, code = exec_cmd(cmd)
+
+        if code != 0:
+            sys.exit(err.decode())
+        logger.info(out.decode())
+
+    with open(os.path.join(ADMIN_UI_DIR, "plugins.config.json")) as f:
+        loaded_plugins = [plug["key"] for plug in json.loads(f.read())]
+    return loaded_plugins
+
+
+def _build_src() -> None:
+    logger.info("Building admin-ui app ...")
+    public_dir = "/var/lib/nginx/html"
+
+    os.chdir(ADMIN_UI_DIR)
+
+    cmd = "npm run build:prod"
+    out, err, code = exec_cmd(cmd)
+
+    if code != 0:
+        sys.exit(err.decode())
+
+    logger.info(out.decode())
+    shutil.copytree(
+        os.path.join(ADMIN_UI_DIR, "dist"),
+        public_dir,
+        dirs_exist_ok=True,
+    )
+    logger.info("Finished building admin-ui app")
+
+
+def main() -> None:
+    loaded_plugins = _discover_plugins()
+    _build_src()
+    logger.info(f"Loaded plugins: {', '.join(loaded_plugins)}")
+
+
+if __name__ == "__main__":
+    main()

docker-admin-ui/scripts/entrypoint.sh

@@ -4,8 +4,6 @@ set -e
 
 python3 /app/scripts/wait.py
 python3 /app/scripts/bootstrap.py
+python3 /app/scripts/builder.py
 
-cd /opt/flex/admin-ui
-npm run build:prod
-cp -R /opt/flex/admin-ui/dist/* /var/lib/nginx/html/
 exec nginx