Skip to content

Commit

Permalink
feat: jans-linux-setup config-api scope creation with static inum (ref:
Browse files Browse the repository at this point in the history
  • Loading branch information
devrimyatar committed Nov 29, 2022
1 parent f7c1498 commit 35b3dc9
Showing 1 changed file with 35 additions and 33 deletions.
68 changes: 35 additions & 33 deletions jans-linux-setup/jans_setup/setup_app/installers/config_api.py
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ def install(self):
def extract_files(self):
base.extract_file(base.current_app.jans_zip, 'jans-config-api/server/src/main/resources/log4j2.xml', self.custom_config_dir)
base.extract_file(base.current_app.jans_zip, 'jans-config-api/docs/jans-config-api-swagger.yaml', Config.data_dir)

base.extract_file(base.current_app.jans_zip, 'jans-config-api/server/src/main/resources/config-api-rs-protect.json', Config.data_dir)

def create_folders(self):
for d in (self.output_folder, self.custom_config_dir):
Expand All @@ -96,11 +96,9 @@ def read_config_api_swagger(self):


def generate_configuration(self):
try:
cfg_yml = self.read_config_api_swagger()
scopes_def = cfg_yml['components']['securitySchemes']['oauth2']['flows']['clientCredentials']['scopes']
except:
scopes_def = {}

config_api_rs_protect_fn = os.path.join(Config.data_dir, 'config-api-rs-protect.json')
scopes_def = base.readJsonFile(config_api_rs_protect_fn)

scope_type = 'oauth'
self.check_clients([('jca_client_id', '1800.')])
Expand All @@ -109,7 +107,6 @@ def generate_configuration(self):
Config.jca_client_pw = self.getPW()
Config.jca_client_encoded_pw = self.obscure(Config.jca_client_pw)

scopes = ''
scope_ldif_fd = open(self.scope_ldif_fn, 'wb')
ldif_scopes_writer = LDIFWriter(scope_ldif_fd, cols=1000)
scopes = {}
Expand All @@ -119,32 +116,37 @@ def generate_configuration(self):
scim_scopes = base.current_app.ScimInstaller.create_user_scopes()
jansUmaScopes_all += scim_scopes

for scope in scopes_def:

jansUmaScopes = []

if Config.installed_instance and self.dbUtils.search('ou=scopes,o=jans', search_filter='(&(jansId={})(objectClass=jansScope))'.format(scope)):
continue

if not scope in scopes:
inum = '1800.' + os.urandom(3).hex().upper()
scope_dn = 'inum={},ou=scopes,o=jans'.format(inum)
scopes[scope] = {'dn': scope_dn}
display_name = 'Config API scope {}'.format(scope)
ldif_scopes_writer.unparse(
scope_dn, {
'objectclass': ['top', 'jansScope'],
'description': [scopes_def[scope]],
'displayName': [display_name],
'inum': [inum],
'jansDefScope': ['false'],
'jansId': [scope],
'jansScopeTyp': [scope_type],
'jansAttrs': [json.dumps({"spontaneousClientId":None, "spontaneousClientScopes":[], "showInConfigurationEndpoint": False})],
})

jansUmaScopes.append(scopes[scope]['dn'])
jansUmaScopes_all.append(scopes[scope]['dn'])
scope_levels = {'scopes':'1', 'groupScopes':'2', 'superScopes':'3'}

for resource in scopes_def['resources']:

for condition in resource.get('conditions', []):
for scope_level in scope_levels:
for scope in (condition.get(scope_level, [])):

if Config.installed_instance and self.dbUtils.search('ou=scopes,o=jans', search_filter='(&(jansId={})(objectClass=jansScope))'.format(scope['name'])):
continue

if not scope['name'] in scopes:
inum = scope['inum']
if not inum:
inum = '1800.' + scope_levels[scope_level] + '.' + os.urandom(4).hex().upper()
scope_dn = 'inum={},ou=scopes,o=jans'.format(inum)
scopes[scope['name']] = {'dn': scope_dn}
display_name = 'Config API scope {}'.format(scope['name'])
description = 'Config API {} scope {}'.format(scope_level, scope['name'])
ldif_dict = {
'objectclass': ['top', 'jansScope'],
'description': [description],
'displayName': [display_name],
'inum': [inum],
'jansDefScope': ['false'],
'jansId': [scope['name']],
'jansScopeTyp': [scope_type],
'jansAttrs': [json.dumps({"spontaneousClientId":None, "spontaneousClientScopes":[], "showInConfigurationEndpoint": False})],
}
ldif_scopes_writer.unparse(scope_dn, ldif_dict)
jansUmaScopes_all.append(scope_dn)

scope_ldif_fd.close()

Expand Down

0 comments on commit 35b3dc9

Please sign in to comment.