fix: update api-admin permissions from config api yaml (#1183)

* fix: update api-admin permissions from config api yaml * fix: jans-linux-setup code smell * fix: jans-linux-setup code smell
JanssenProject · Apr 8, 2022 · 438c896 · 438c896
1 parent 571c5cd
commit 438c896
Show file tree

Hide file tree

Showing 6 changed files with 430 additions and 8 deletions.
diff --git a/jans-linux-setup/jans_setup/setup_app/config.py b/jans-linux-setup/jans_setup/setup_app/config.py
@@ -79,6 +79,7 @@ def calculate_mem(self):
     def init(self, install_dir=INSTALL_DIR):
 
         self.install_dir = install_dir
+        self.data_dir = os.path.join(Config.install_dir, 'setup_app/data')
         self.thread_queue = None
         self.jetty_user = 'jetty'
         self.dump_config_on_error = False

diff --git a/jans-linux-setup/jans_setup/setup_app/installers/config_api.py b/jans-linux-setup/jans_setup/setup_app/installers/config_api.py
@@ -77,13 +77,17 @@ def create_folders(self):
         self.run([paths.cmd_chown, '-R', 'jetty:jetty', os.path.join(Config.jetty_base, self.service_name)])
 
 
-    def generate_configuration(self):
+    def read_config_api_swagger(self):
+        config_api_swagger_yaml_fn = os.path.join(Config.data_dir, 'jans-config-api-swagger.yaml')
+        yml_str = self.readFile(config_api_swagger_yaml_fn)
+        yml_str = yml_str.replace('\t', ' ')
+        cfg_yml = ruamel.yaml.load(yml_str, ruamel.yaml.RoundTripLoader)
+        return cfg_yml
+
 
+    def generate_configuration(self):
         try:
-            config_api_swagger_yaml_fn = os.path.join(Config.install_dir, 'setup_app/data/jans-config-api-swagger.yaml')
-            yml_str = self.readFile(config_api_swagger_yaml_fn)
-            yml_str = yml_str.replace('\t', ' ')
-            cfg_yml = ruamel.yaml.load(yml_str, ruamel.yaml.RoundTripLoader)
+            cfg_yml = self.read_config_api_swagger()
             scopes_def = cfg_yml['components']['securitySchemes']['oauth2']['flows']['clientCredentials']['scopes']
             scope_type = cfg_yml['components']['securitySchemes']['oauth2']['type']
         except:

diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jans_auth.py b/jans-linux-setup/jans_setup/setup_app/installers/jans_auth.py
@@ -4,6 +4,8 @@
 import string
 import uuid
 import shutil
+import json
+
 from urllib.parse import urlparse
 
 from setup_app import paths
@@ -73,8 +75,43 @@ def generate_configuration(self):
         if Config.get('use_external_key'):
             self.import_openbanking_key()
 
+
+    def get_config_api_scopes(self):
+        data = base.current_app.ConfigApiInstaller.read_config_api_swagger()
+        scope_list = []
+
+        for epath in data['paths']:
+            for m in data['paths'][epath]:
+                if 'security' in data['paths'][epath][m]:
+                    scope_items = [item['oauth2'] for item in data['paths'][epath][m]['security']]
+                    for scopes in scope_items:
+                        scope_list += scopes
+
+        return scope_list
+
+
+    def role_scope_mappings(self):
+
+        role_scope_mappings_fn = os.path.join(self.templates_folder, 'role-scope-mappings.json')
+        role_mapping = base.readJsonFile(role_scope_mappings_fn)
+
+        scope_list = self.get_config_api_scopes()
+
+        for api_role in role_mapping['rolePermissionMapping']:
+            if api_role['role'] == 'api-admin':
+                break
+
+        for scope in scope_list:
+            if scope not in api_role['permissions']:
+                api_role['permissions'].append(scope)
+
+        Config.templateRenderingDict['role_scope_mappings'] = json.dumps(role_mapping)
+
+
     def render_import_templates(self):
 
+        self.role_scope_mappings()
+
         templates = [self.oxauth_config_json]
         if Config.profile == 'jans':
             templates += [self.ldif_people, self.ldif_groups]

diff --git a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py
@@ -105,7 +105,7 @@ def check_properties(self):
 
             if not Config.admin_password and Config.ldapPass:
                 Config.admin_password = Config.ldapPass
-            
+
             if not Config.admin_password:
                 Config.admin_password = self.getPW()
 
@@ -122,7 +122,7 @@ def check_properties(self):
                 if Config.rdbm_install:
                     Config.mappingLocations = { group: 'rdbm' for group in Config.couchbaseBucketDict }
 
-            if Config.opendj_install == InstallTypes.LOCAL:
+            if Config.opendj_install == InstallTypes.LOCAL and not Config.installed_instance:
                 used_ports = self.opendj_used_ports()
                 if used_ports:
                     print(msg.used_ports.format(','.join(used_ports)))