Skip to content

Commit

Permalink
feat: add newly redesigned jans-client-api (#1540)
Browse files Browse the repository at this point in the history
  • Loading branch information
iromli authored Jun 13, 2022
1 parent 0bcdbbc commit 4582ae5
Show file tree
Hide file tree
Showing 18 changed files with 481 additions and 283 deletions.
13 changes: 3 additions & 10 deletions automation/rancher-partner-charts/questions.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,16 +46,11 @@ questions:
description: "Middleware API to help application developers call an OAuth, OpenID or UMA server. You may wonder why this is necessary. It makes it easier for client developers to use OpenID signing and encryption features, without becoming crypto experts. This API provides some high level endpoints to do some of the heavy lifting."
show_subquestion_if: true
subquestions:
- variable: config.configmap.cnClientApiApplicationCertCn
- variable: config.configmap.cnClientApiCertCn
default: "client-api"
description: "Client API application keystore name"
description: "Client API CommonName value for certificate subject"
type: string
label: Client API application keystore name
- variable: config.configmap.cnClientApiAdminCertCn
default: "client-api"
description: "Client API admin keystore name"
type: string
label: Client API admin keystore name
label: Client API certificate CommonName (CN)

# ======================
# Test environment group
Expand Down Expand Up @@ -849,5 +844,3 @@ questions:
label: SCIM Replicas
description: "Service replica number."
show_if: "global.scim.enabled=true"


7 changes: 4 additions & 3 deletions charts/janssen/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ Kubernetes: `>=v1.21.0-0`
| client-api.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 |
| client-api.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers |
| client-api.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnCacheType":"NATIVE_PERSISTENCE","cnClientApiAdminCertCn":"client-api","cnClientApiApplicationCertCn":"client-api","cnClientApiBindIpAddresses":"*","cnConfigGoogleSecretNamePrefix":"janssen","cnConfigGoogleSecretVersionId":"latest","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbjanssen.default.svc.cluster.local","cnCouchbaseUser":"janssen","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerPassPhrase":"Test1234#","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPersistenceLdapMapping":"default","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretGoogleSecretNamePrefix":"janssen","cnSecretGoogleSecretVersionId":"latest","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"jans","cnSqlDbPort":3306,"cnSqlDbTimezone":"UTC","cnSqlDbUser":"jans","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","dnsConfig":{},"dnsPolicy":"","email":"support@jans.io","image":{"pullSecrets":[],"repository":"janssenproject/configurator","tag":"1.0.1_dev"},"ldapPassword":"P@ssw0rds","orgName":"Janssen","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Janssen services. |
| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnCacheType":"NATIVE_PERSISTENCE","cnClientApiAdminCertCn":"client-api","cnClientApiApplicationCertCn":"client-api","cnClientApiCertCn":"client-api","cnClientApiBindIpAddresses":"*","cnConfigGoogleSecretNamePrefix":"janssen","cnConfigGoogleSecretVersionId":"latest","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbjanssen.default.svc.cluster.local","cnCouchbaseUser":"janssen","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerPassPhrase":"Test1234#","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPersistenceLdapMapping":"default","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretGoogleSecretNamePrefix":"janssen","cnSecretGoogleSecretVersionId":"latest","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"jans","cnSqlDbPort":3306,"cnSqlDbTimezone":"UTC","cnSqlDbUser":"jans","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","dnsConfig":{},"dnsPolicy":"","email":"support@jans.io","image":{"pullSecrets":[],"repository":"janssenproject/configurator","tag":"1.0.1_dev"},"ldapPassword":"P@ssw0rds","orgName":"Janssen","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Janssen services. |
| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/config-api","tag":"1.0.1_dev"},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). |
| config-api.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
| config-api.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
Expand Down Expand Up @@ -141,8 +141,9 @@ Kubernetes: `>=v1.21.0-0`
| config.adminPassword | string | `"Test1234#"` | Admin password to log in to the UI. |
| config.city | string | `"Austin"` | City. Used for certificate creation. |
| config.configmap.cnCacheType | string | `"NATIVE_PERSISTENCE"` | Cache type. `NATIVE_PERSISTENCE`, `REDIS`. or `IN_MEMORY`. Defaults to `NATIVE_PERSISTENCE` . |
| config.configmap.cnClientApiAdminCertCn | string | `"client-api"` | Client-api OAuth client admin certificate common name. This should be left to the default value client-api . |
| config.configmap.cnClientApiApplicationCertCn | string | `"client-api"` | Client-api OAuth client application certificate common name. This should be left to the default value client-api. |
| config.configmap.cnClientApiAdminCertCn | string | `"client-api"` | Client-api OAuth client admin certificate common name. This should be left to the default value client-api (deprecated) . |
| config.configmap.cnClientApiApplicationCertCn | string | `"client-api"` | Client-api OAuth client application certificate common name. This should be left to the default value client-api (deprecated in favor of `configmap.config.cnClientApiCertCn`) . |
| config.configmap.cnClientApiCertCn | string | `"client-api"` | Client-api OAuth client certificate common name. This should be left to the default value client-api. |
| config.configmap.cnClientApiBindIpAddresses | string | `"*"` | Client-api bind address. This limits what ip ranges can access the client-api. This should be left as * and controlled by a NetworkPolicy |
| config.configmap.cnConfigGoogleSecretNamePrefix | string | `"janssen"` | Prefix for Janssen configuration secret in Google Secret Manager. Defaults to janssen. If left intact janssen-configuration secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. |
| config.configmap.cnConfigGoogleSecretVersionId | string | `"latest"` | Secret version to be used for configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. Used only when global.configAdapterName and global.configSecretAdapter is set to google. |
Expand Down
5 changes: 3 additions & 2 deletions charts/janssen/charts/config/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,9 @@ Kubernetes: `>=v1.21.0-0`
| adminPassword | string | `"Test1234#"` | Admin password to log in to the UI. |
| city | string | `"Austin"` | City. Used for certificate creation. |
| configmap.cnCacheType | string | `"NATIVE_PERSISTENCE"` | Cache type. `NATIVE_PERSISTENCE`, `REDIS`. or `IN_MEMORY`. Defaults to `NATIVE_PERSISTENCE` . |
| configmap.cnClientApiAdminCertCn | string | `"client-api"` | Client-api OAuth client admin certificate common name. This should be left to the default value client-api . |
| configmap.cnClientApiApplicationCertCn | string | `"client-api"` | Client-api OAuth client application certificate common name. This should be left to the default value client-api. |
| configmap.cnClientApiAdminCertCn | string | `"client-api"` | Client-api OAuth client admin certificate common name. This should be left to the default value client-api (deprecated). |
| configmap.cnClientApiApplicationCertCn | string | `"client-api"` | Client-api OAuth client application certificate common name. This should be left to the default value client-api (deprecated in favor of `configmap.cnClientApiCertCn`). |
| configmap.cnClientApiCertCn | string | `"client-api"` | Client-api OAuth certificate common name. This should be left to the default value client-api. |
| configmap.cnClientApiBindIpAddresses | string | `"*"` | Client-api bind address. This limits what ip ranges can access the client-api. This should be left as * and controlled by a NetworkPolicy |
| configmap.cnConfigGoogleSecretNamePrefix | string | `"janssen"` | Prefix for Janssen configuration secret in Google Secret Manager. Defaults to janssen. If left intact janssen-configuration secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. |
| configmap.cnConfigGoogleSecretVersionId | string | `"latest"` | Secret version to be used for configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. Used only when global.configAdapterName and global.configSecretAdapter is set to google. |
Expand Down
15 changes: 11 additions & 4 deletions charts/janssen/charts/config/templates/configmaps.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@

apiVersion: v1
kind: ConfigMap
metadata:
metadata:
name: {{ .Release.Name }}-config-cm
namespace: {{ .Release.Namespace }}
labels:
Expand Down Expand Up @@ -80,6 +80,14 @@ data:
| toJson
| replace "clientApiLogTarget" "client_api_log_target"
| replace "clientApiLogLevel" "client_api_log_level"
| replace "persistenceLogTarget" "persistence_log_target"
| replace "persistenceLogLevel" "persistence_log_level"
| replace "persistenceDurationLogTarget" "persistence_duration_log_target"
| replace "persistenceDurationLogLevel" "persistence_duration_log_level"
| replace "ldapStatsLogTarget" "ldap_stats_log_target"
| replace "ldapStatsLogLevel" "ldap_stats_log_level"
| replace "scriptLogTarget" "script_log_target"
| replace "scriptLogLevel" "script_log_level"
| squote
}}
{{- end }}
Expand Down Expand Up @@ -134,8 +142,7 @@ data:
CN_PERSISTENCE_LDAP_MAPPING: {{ .Values.configmap.cnPersistenceLdapMapping | quote }}
{{- end }}
# Auto enable installation of some services
CN_CLIENT_API_APPLICATION_CERT_CN: {{ .Values.configmap.cnClientApiApplicationCertCn | quote }}
CN_CLIENT_API_ADMIN_CERT_CN: {{ .Values.configmap.cnClientApiAdminCertCn | quote }}
CN_CLIENT_API_CERT_CN: {{ .Values.configmap.cnClientApiCertCn | quote }}
{{ if eq .Values.configmap.cnCacheType "REDIS" }}
CN_REDIS_URL: {{ .Values.configmap.cnRedisUrl | quote }}
CN_REDIS_TYPE: {{ .Values.configmap.cnRedisType | quote }}
Expand Down Expand Up @@ -382,4 +389,4 @@ metadata:
{{- if .Values.additionalAnnotations }}
annotations:
{{ toYaml .Values.additionalAnnotations | indent 4 }}
{{- end }}
{{- end }}
6 changes: 2 additions & 4 deletions charts/janssen/charts/config/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,10 +31,8 @@ configmap:
cnSqldbUserPassword: Test1234#
# -- Cache type. `NATIVE_PERSISTENCE`, `REDIS`. or `IN_MEMORY`. Defaults to `NATIVE_PERSISTENCE` .
cnCacheType: NATIVE_PERSISTENCE
# -- Client-api OAuth client admin certificate common name. This should be left to the default value client-api .
cnClientApiAdminCertCn: client-api
# -- Client-api OAuth client application certificate common name. This should be left to the default value client-api.
cnClientApiApplicationCertCn: client-api
# -- Client-api OAuth certificate common name. This should be left to the default value client-api.
cnClientApiCertCn: client-api
# -- Client-api bind address. This limits what ip ranges can access the client-api. This should be left as * and controlled by a NetworkPolicy
cnClientApiBindIpAddresses: "*"
containerMetadataName: kubernetes
Expand Down
11 changes: 3 additions & 8 deletions charts/janssen/values.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -78,13 +78,8 @@
"type": "string",
"pattern": "^(NATIVE_PERSISTENCE|REDIS|IN_MEMORY)$"
},
"cnClientApiAdminCertCn": {
"description": "Client-api OAuth client admin certificate common name. This should be left to the default value client-api",
"type": "string",
"pattern": "^[a-z-]+$"
},
"cnClientApiApplicationCertCn": {
"description": "Client-api OAuth client application certificate common name. This should be left to the default value client-api",
"cnClientApiCertCn": {
"description": "Client-api OAuth certificate common name. This should be left to the default value client-api",
"type": "string",
"pattern": "^[a-z-]+$"
},
Expand Down Expand Up @@ -2241,4 +2236,4 @@
"else": true
}
}
}
}
22 changes: 18 additions & 4 deletions charts/janssen/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -229,10 +229,8 @@ config:
cnSqldbUserPassword: Test1234#
# -- Cache type. `NATIVE_PERSISTENCE`, `REDIS`. or `IN_MEMORY`. Defaults to `NATIVE_PERSISTENCE` .
cnCacheType: NATIVE_PERSISTENCE
# -- Client-api OAuth client admin certificate common name. This should be left to the default value client-api .
cnClientApiAdminCertCn: client-api
# -- Client-api OAuth client application certificate common name. This should be left to the default value client-api.
cnClientApiApplicationCertCn: client-api
# -- Client-api OAuth certificate common name. This should be left to the default value client-api.
cnClientApiCertCn: client-api
# -- Client-api bind address. This limits what ip ranges can access the client-api. This should be left as * and controlled by a NetworkPolicy
cnClientApiBindIpAddresses: "*"
# -- The name of the Kubernetes ConfigMap that will hold the configuration layer
Expand Down Expand Up @@ -567,6 +565,22 @@ global:
clientApiLogTarget: "STDOUT"
# -- client-api.log level
clientApiLogLevel: "INFO"
# -- client-api_persistence.log target
persistenceLogTarget: "FILE"
# -- client-api_persistence.log level
persistenceLogLevel: "INFO"
# -- client-api_persistence_duration.log target
persistenceDurationLogTarget: "FILE"
# -- client-api_persistence_duration.log level
persistenceDurationLogLevel: "INFO"
# -- client-api_persistence_ldap_statistics.log target
ldapStatsLogTarget: "FILE"
# -- client-api_persistence_ldap_statistics.log level
ldapStatsLogLevel: "INFO"
# -- client-api_script.log target
scriptLogTarget: "FILE"
# -- client-api_script.log level
scriptLogLevel: "INFO"
cloud:
# -- Boolean flag if enabled will strip resources requests and limits from all services.
testEnviroment: false
Expand Down
1 change: 1 addition & 0 deletions docker-jans-client-api/.dockerignore
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@
!templates
!LICENSE
!requirements.txt
!jetty
Loading

0 comments on commit 4582ae5

Please sign in to comment.