From 3e9e7fc56c8d7890920d5e99f8c28f291afcf207 Mon Sep 17 00:00:00 2001 From: Isman Firmansyah Date: Thu, 17 Nov 2022 15:39:44 +0700 Subject: [PATCH] feat(image): preserve attribute's values in jans-auth config (#3013) --- docker-jans-persistence-loader/README.md | 1 + docker-jans-persistence-loader/scripts/upgrade.py | 12 +++++++----- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/docker-jans-persistence-loader/README.md b/docker-jans-persistence-loader/README.md index e0a1fd3ebfc..88a32bddfbb 100644 --- a/docker-jans-persistence-loader/README.md +++ b/docker-jans-persistence-loader/README.md @@ -54,6 +54,7 @@ The following environment variables are supported by the container: - `CN_PERSISTENCE_TYPE`: Persistence backend being used (one of `ldap`, `couchbase`, or `hybrid`; default to `ldap`). - `CN_HYBRID_MAPPING`: Specify data mapping for each persistence (default to `"{}"`). Note this environment only takes effect when `CN_PERSISTENCE_TYPE` is set to `hybrid`. See [hybrid mapping](#hybrid-mapping) section for details. - `CN_PERSISTENCE_SKIP_INITIALIZED`: skip initialization if backend already initialized (default to `false`). +- `CN_PERSISTENCE_UPDATE_AUTH_DYNAMIC_CONFIG`: Whether to allow automatic updates of `jans-auth` configuration (default to `true`). - `CN_LDAP_URL`: Address and port of LDAP server (default to `localhost:1636`). - `CN_LDAP_USE_SSL`: Whether to use SSL connection to LDAP server (default to `true`). - `CN_COUCHBASE_URL`: Address of Couchbase server (default to `localhost`). diff --git a/docker-jans-persistence-loader/scripts/upgrade.py b/docker-jans-persistence-loader/scripts/upgrade.py index f4f8e2a0277..bfce4ad37c2 100644 --- a/docker-jans-persistence-loader/scripts/upgrade.py +++ b/docker-jans-persistence-loader/scripts/upgrade.py @@ -177,16 +177,16 @@ def _transform_auth_dynamic_config(conf): lambda x: isinstance(x, dict), conf["authorizationRequestCustomAllowedParameters"] )) if not params_with_dict: - conf["authorizationRequestCustomAllowedParameters"] = list(map( - lambda p: {"paramName": p[0], "returnInResponse": p[1]}, - [ + conf["authorizationRequestCustomAllowedParameters"] = [ + {"paramName": p[0], "returnInResponse": p[1]} + for p in [ ("customParam1", False), ("customParam2", False), ("customParam3", False), ("customParam4", True), ("customParam5", True), ] - )) + ] should_update = True if "useHighestLevelScriptIfAcrScriptNotFound" not in conf: @@ -457,7 +457,9 @@ def invoke(self): if hasattr(self.backend, "update_misc"): self.backend.update_misc() - self.update_auth_dynamic_config() + if as_boolean(os.environ.get("CN_PERSISTENCE_UPDATE_AUTH_DYNAMIC_CONFIG", "true")): + self.update_auth_dynamic_config() + self.update_auth_errors_config() self.update_auth_static_config() self.update_attributes_entries()