From 6dd1537837a1e06b6ac899aea65dfea4ef982cb8 Mon Sep 17 00:00:00 2001 From: Isman Firmansyah Date: Mon, 7 Nov 2022 14:16:13 +0700 Subject: [PATCH] fix(image): multiple dynamic scopes created when using 2 replicas (#2871) --- docker-jans-config-api/Dockerfile | 4 +- docker-jans-config-api/scripts/bootstrap.py | 4 +- docker-jans-config-api/scripts/upgrade.py | 4 +- .../templates/jans-config-api/clients.ldif | 42 ++ .../templates/jans-config-api/scopes.ldif | 461 ++++++++++++++++++ docker-jans-persistence-loader/Dockerfile | 19 +- .../scripts/spanner_setup.py | 1 + .../scripts/sql_setup.py | 1 + docker-jans-scim/Dockerfile | 4 +- docker-jans-scim/scripts/bootstrap.py | 4 +- docker-jans-scim/scripts/upgrade.py | 4 +- .../templates/jans-scim/clients.ldif | 11 +- .../templates/jans-scim/scopes.ldif | 101 ++++ 13 files changed, 639 insertions(+), 21 deletions(-) create mode 100644 docker-jans-config-api/templates/jans-config-api/scopes.ldif create mode 100644 docker-jans-scim/templates/jans-scim/scopes.ldif diff --git a/docker-jans-config-api/Dockerfile b/docker-jans-config-api/Dockerfile index 5951b749420..fb23aa1f831 100644 --- a/docker-jans-config-api/Dockerfile +++ b/docker-jans-config-api/Dockerfile @@ -43,7 +43,7 @@ RUN wget -q https://maven.jans.io/maven/io/jans/jython-installer/${JYTHON_VERSIO # ========== ENV CN_VERSION=1.0.4-SNAPSHOT -ENV CN_BUILD_DATE='2022-11-01 11:06' +ENV CN_BUILD_DATE='2022-11-03 13:42' ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-config-api-server/${CN_VERSION}/jans-config-api-server-${CN_VERSION}.war # Install Jans Config API @@ -114,7 +114,7 @@ RUN mkdir -p /opt/prometheus \ # jans-linux-setup sync # ===================== -ENV JANS_SOURCE_VERSION=c3e3f537e4e85c1ee718f7a7b79a203e7ed57e42 +ENV JANS_SOURCE_VERSION=be03a3841541b852d7409e4a8bf190ea46256368 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup ARG JANS_CONFIG_API_DOCS=jans-config-api/docs diff --git a/docker-jans-config-api/scripts/bootstrap.py b/docker-jans-config-api/scripts/bootstrap.py index 80e669cb771..2b18eee0c41 100644 --- a/docker-jans-config-api/scripts/bootstrap.py +++ b/docker-jans-config-api/scripts/bootstrap.py @@ -467,7 +467,9 @@ def generate_config_api_scopes(): writer.unparse(f"inum={scope['inum'][0]},ou=scopes,o=jans", scope) def import_ldif_files(self) -> None: - self.generate_scopes_ldif() + # temporarily disable dynamic scopes creation + # see https://github.com/JanssenProject/jans/issues/2869 + # self.generate_scopes_ldif() files = ["config.ldif", "scopes.ldif", "clients.ldif"] ldif_files = [f"/app/templates/jans-config-api/{file_}" for file_ in files] diff --git a/docker-jans-config-api/scripts/upgrade.py b/docker-jans-config-api/scripts/upgrade.py index f2f851b0701..12bfe0517b5 100644 --- a/docker-jans-config-api/scripts/upgrade.py +++ b/docker-jans-config-api/scripts/upgrade.py @@ -245,7 +245,9 @@ def invoke(self): logger.info("Running upgrade process (if required)") self.update_client_redirect_uri() self.update_api_dynamic_config() - self.update_client_scopes() + # temporarily disable client updates + # see https://github.com/JanssenProject/jans/issues/2869 + # self.update_client_scopes() def update_client_redirect_uri(self): kwargs = {} diff --git a/docker-jans-config-api/templates/jans-config-api/clients.ldif b/docker-jans-config-api/templates/jans-config-api/clients.ldif index 3f2297dec4c..ce18d167f95 100644 --- a/docker-jans-config-api/templates/jans-config-api/clients.ldif +++ b/docker-jans-config-api/templates/jans-config-api/clients.ldif @@ -17,7 +17,49 @@ jansLogoutSessRequired: false jansPersistClntAuthzs: true jansRespTyp: code jansRptAsJwt: false +jansScope: inum=1800.4F4C08,ou=scopes,o=jans +jansScope: inum=1800.61D3E9,ou=scopes,o=jans +jansScope: inum=1800.78D299,ou=scopes,o=jans +jansScope: inum=1800.C38990,ou=scopes,o=jans +jansScope: inum=1800.13AA0E,ou=scopes,o=jans +jansScope: inum=1800.A01874,ou=scopes,o=jans +jansScope: inum=1800.36FC16,ou=scopes,o=jans +jansScope: inum=1800.0D9CCC,ou=scopes,o=jans +jansScope: inum=1800.B8DE82,ou=scopes,o=jans +jansScope: inum=1800.42C38F,ou=scopes,o=jans +jansScope: inum=1800.10F720,ou=scopes,o=jans +jansScope: inum=1800.F4E351,ou=scopes,o=jans +jansScope: inum=1800.3263EF,ou=scopes,o=jans +jansScope: inum=1800.B0C433,ou=scopes,o=jans +jansScope: inum=1800.419DD5,ou=scopes,o=jans +jansScope: inum=1800.158007,ou=scopes,o=jans +jansScope: inum=1800.671341,ou=scopes,o=jans +jansScope: inum=1800.79932F,ou=scopes,o=jans +jansScope: inum=1800.45C56E,ou=scopes,o=jans +jansScope: inum=1800.F815D0,ou=scopes,o=jans +jansScope: inum=1800.72FC9F,ou=scopes,o=jans +jansScope: inum=1800.D2E431,ou=scopes,o=jans +jansScope: inum=1800.05CA71,ou=scopes,o=jans +jansScope: inum=1800.CAA614,ou=scopes,o=jans +jansScope: inum=1800.4B522D,ou=scopes,o=jans +jansScope: inum=1800.28FF8B,ou=scopes,o=jans +jansScope: inum=1800.07C227,ou=scopes,o=jans +jansScope: inum=1800.9D4EBE,ou=scopes,o=jans +jansScope: inum=1800.3E6BA7,ou=scopes,o=jans +jansScope: inum=1800.FE975D,ou=scopes,o=jans +jansScope: inum=1800.C0B661,ou=scopes,o=jans +jansScope: inum=1800.7FD3C9,ou=scopes,o=jans +jansScope: inum=1800.DCE0C3,ou=scopes,o=jans +jansScope: inum=1800.BDCE9B,ou=scopes,o=jans +jansScope: inum=1800.33641E,ou=scopes,o=jans +jansScope: inum=1800.B15085,ou=scopes,o=jans +jansScope: inum=1800.FB7583,ou=scopes,o=jans +jansScope: inum=1800.A524C2,ou=scopes,o=jans +jansScope: inum=1800.23C17E,ou=scopes,o=jans +jansScope: inum=1800.BC5317,ou=scopes,o=jans jansScope: inum=C4F7,ou=scopes,o=jans +jansScope: inum=1200.2B7428,ou=scopes,o=jans +jansScope: inum=1200.0A0198,ou=scopes,o=jans jansSubjectTyp: pairwise jansTknEndpointAuthMethod: client_secret_basic jansTrustedClnt: false diff --git a/docker-jans-config-api/templates/jans-config-api/scopes.ldif b/docker-jans-config-api/templates/jans-config-api/scopes.ldif new file mode 100644 index 00000000000..213725a1b76 --- /dev/null +++ b/docker-jans-config-api/templates/jans-config-api/scopes.ldif @@ -0,0 +1,461 @@ +dn: inum=1800.4F4C08,ou=scopes,o=jans +description: View Auth Server properties related information +displayName: Config API scope https://jans.io/oauth/jans-auth-server/config/properties.readonly +inum: 1800.4F4C08 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/jans-auth-server/config/properties.readonly +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.61D3E9,ou=scopes,o=jans +description: Manage Auth Server properties related information +displayName: Config API scope https://jans.io/oauth/jans-auth-server/config/properties.write +inum: 1800.61D3E9 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/jans-auth-server/config/properties.write +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.78D299,ou=scopes,o=jans +description: View FIDO2 related information +displayName: Config API scope https://jans.io/oauth/config/fido2.readonly +inum: 1800.78D299 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/fido2.readonly +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.C38990,ou=scopes,o=jans +description: Manage FIDO2 related information +displayName: Config API scope https://jans.io/oauth/config/fido2.write +inum: 1800.C38990 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/fido2.write +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.13AA0E,ou=scopes,o=jans +description: View attribute related information +displayName: Config API scope https://jans.io/oauth/config/attributes.readonly +inum: 1800.13AA0E +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/attributes.readonly +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.A01874,ou=scopes,o=jans +description: Manage attribute related information +displayName: Config API scope https://jans.io/oauth/config/attributes.write +inum: 1800.A01874 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/attributes.write +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.36FC16,ou=scopes,o=jans +description: Delete attribute related information +displayName: Config API scope https://jans.io/oauth/config/attributes.delete +inum: 1800.36FC16 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/attributes.delete +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.0D9CCC,ou=scopes,o=jans +description: View ACRS related information +displayName: Config API scope https://jans.io/oauth/config/acrs.readonly +inum: 1800.0D9CCC +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/acrs.readonly +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.B8DE82,ou=scopes,o=jans +description: Manage ACRS related information +displayName: Config API scope https://jans.io/oauth/config/acrs.write +inum: 1800.B8DE82 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/acrs.write +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.42C38F,ou=scopes,o=jans +description: View LDAP database related information +displayName: Config API scope https://jans.io/oauth/config/database/ldap.readonly +inum: 1800.42C38F +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/database/ldap.readonly +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.10F720,ou=scopes,o=jans +description: Manage LDAP database related information +displayName: Config API scope https://jans.io/oauth/config/database/ldap.write +inum: 1800.10F720 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/database/ldap.write +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.F4E351,ou=scopes,o=jans +description: Delete LDAP database related information +displayName: Config API scope https://jans.io/oauth/config/database/ldap.delete +inum: 1800.F4E351 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/database/ldap.delete +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.3263EF,ou=scopes,o=jans +description: View Couchbase database information +displayName: Config API scope https://jans.io/oauth/config/database/couchbase.readonly +inum: 1800.3263EF +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/database/couchbase.readonly +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.B0C433,ou=scopes,o=jans +description: Manage Couchbase database related information +displayName: Config API scope https://jans.io/oauth/config/database/couchbase.write +inum: 1800.B0C433 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/database/couchbase.write +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.419DD5,ou=scopes,o=jans +description: Delete Couchbase database related information +displayName: Config API scope https://jans.io/oauth/config/database/couchbase.delete +inum: 1800.419DD5 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/database/couchbase.delete +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.158007,ou=scopes,o=jans +description: View cache scripts information +displayName: Config API scope https://jans.io/oauth/config/scripts.readonly +inum: 1800.158007 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/scripts.readonly +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.671341,ou=scopes,o=jans +description: Manage scripts related information +displayName: Config API scope https://jans.io/oauth/config/scripts.write +inum: 1800.671341 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/scripts.write +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.79932F,ou=scopes,o=jans +description: Delete scripts related information +displayName: Config API scope https://jans.io/oauth/config/scripts.delete +inum: 1800.79932F +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/scripts.delete +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.45C56E,ou=scopes,o=jans +description: View cache related information +displayName: Config API scope https://jans.io/oauth/config/cache.readonly +inum: 1800.45C56E +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/cache.readonly +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.F815D0,ou=scopes,o=jans +description: Manage cache related information +displayName: Config API scope https://jans.io/oauth/config/cache.write +inum: 1800.F815D0 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/cache.write +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.72FC9F,ou=scopes,o=jans +description: View SMTP related information +displayName: Config API scope https://jans.io/oauth/config/smtp.readonly +inum: 1800.72FC9F +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/smtp.readonly +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.D2E431,ou=scopes,o=jans +description: Manage SMTP related information +displayName: Config API scope https://jans.io/oauth/config/smtp.write +inum: 1800.D2E431 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/smtp.write +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.05CA71,ou=scopes,o=jans +description: Delete SMTP related information +displayName: Config API scope https://jans.io/oauth/config/smtp.delete +inum: 1800.05CA71 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/smtp.delete +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.CAA614,ou=scopes,o=jans +description: View logging related information +displayName: Config API scope https://jans.io/oauth/config/logging.readonly +inum: 1800.CAA614 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/logging.readonly +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.4B522D,ou=scopes,o=jans +description: Manage logging related information +displayName: Config API scope https://jans.io/oauth/config/logging.write +inum: 1800.4B522D +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/logging.write +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.28FF8B,ou=scopes,o=jans +description: View JWKS related information +displayName: Config API scope https://jans.io/oauth/config/jwks.readonly +inum: 1800.28FF8B +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/jwks.readonly +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.07C227,ou=scopes,o=jans +description: Manage JWKS related information +displayName: Config API scope https://jans.io/oauth/config/jwks.write +inum: 1800.07C227 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/jwks.write +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.9D4EBE,ou=scopes,o=jans +description: View clients related information +displayName: Config API scope https://jans.io/oauth/config/openid/clients.readonly +inum: 1800.9D4EBE +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/openid/clients.readonly +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.3E6BA7,ou=scopes,o=jans +description: Manage clients related information +displayName: Config API scope https://jans.io/oauth/config/openid/clients.write +inum: 1800.3E6BA7 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/openid/clients.write +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.FE975D,ou=scopes,o=jans +description: Delete clients related information +displayName: Config API scope https://jans.io/oauth/config/openid/clients.delete +inum: 1800.FE975D +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/openid/clients.delete +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.C0B661,ou=scopes,o=jans +description: View scope related information +displayName: Config API scope https://jans.io/oauth/config/scopes.readonly +inum: 1800.C0B661 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/scopes.readonly +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.7FD3C9,ou=scopes,o=jans +description: Manage scope related information +displayName: Config API scope https://jans.io/oauth/config/scopes.write +inum: 1800.7FD3C9 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/scopes.write +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.DCE0C3,ou=scopes,o=jans +description: Delete scope related information +displayName: Config API scope https://jans.io/oauth/config/scopes.delete +inum: 1800.DCE0C3 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/scopes.delete +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.BDCE9B,ou=scopes,o=jans +description: View UMA Resource related information +displayName: Config API scope https://jans.io/oauth/config/uma/resources.readonly +inum: 1800.BDCE9B +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/uma/resources.readonly +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.33641E,ou=scopes,o=jans +description: Manage UMA Resource related information +displayName: Config API scope https://jans.io/oauth/config/uma/resources.write +inum: 1800.33641E +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/uma/resources.write +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.B15085,ou=scopes,o=jans +description: Delete UMA Resource related information +displayName: Config API scope https://jans.io/oauth/config/uma/resources.delete +inum: 1800.B15085 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/uma/resources.delete +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.FB7583,ou=scopes,o=jans +description: View SQL database related information +displayName: Config API scope https://jans.io/oauth/config/database/sql.readonly +inum: 1800.FB7583 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/database/sql.readonly +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.A524C2,ou=scopes,o=jans +description: Manage SQL database related information +displayName: Config API scope https://jans.io/oauth/config/database/sql.write +inum: 1800.A524C2 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/database/sql.write +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.23C17E,ou=scopes,o=jans +description: Delete SQL database related information +displayName: Config API scope https://jans.io/oauth/config/database/sql.delete +inum: 1800.23C17E +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/database/sql.delete +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1800.BC5317,ou=scopes,o=jans +description: Vew server with basic statistic +displayName: Config API scope https://jans.io/oauth/config/stats.readonly +inum: 1800.BC5317 +jansAttrs: {"spontaneousClientId": null, "spontaneousClientScopes": null, "showInConfigurationEndpoint": false} +jansDefScope: false +jansId: https://jans.io/oauth/config/stats.readonly +jansScopeTyp: oauth2 +objectClass: top +objectClass: jansScope + +dn: inum=1200.2B7428,ou=scopes,o=jans +description: Query user resources +displayName: SCIM https://jans.io/scim/users.read +inum: 1200.2B7428 +jansDefScope: false +jansId: https://jans.io/scim/users.read +jansScopeTyp: oauth +objectClass: top +objectClass: jansScope +jansAttrs: {"spontaneousClientId":null,"spontaneousClientScopes":null,"showInConfigurationEndpoint":true} + +dn: inum=1200.0A0198,ou=scopes,o=jans +description: Modify user resources +displayName: SCIM https://jans.io/scim/users.write +inum: 1200.0A0198 +jansDefScope: false +jansId: https://jans.io/scim/users.write +jansScopeTyp: oauth +objectClass: top +objectClass: jansScope +jansAttrs: {"spontaneousClientId":null,"spontaneousClientScopes":null,"showInConfigurationEndpoint":true} diff --git a/docker-jans-persistence-loader/Dockerfile b/docker-jans-persistence-loader/Dockerfile index 01e05c64761..0679b39123f 100644 --- a/docker-jans-persistence-loader/Dockerfile +++ b/docker-jans-persistence-loader/Dockerfile @@ -24,9 +24,10 @@ RUN python3 -m ensurepip \ # ===================== # janssenproject/jans SHA commit -ENV JANS_SOURCE_VERSION=c3e3f537e4e85c1ee718f7a7b79a203e7ed57e42 +ENV JANS_SOURCE_VERSION=be03a3841541b852d7409e4a8bf190ea46256368 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup ARG JANS_SCRIPT_CATALOG_DIR=docs/script-catalog +ARG JANS_CONFIG_API_DOCS=jans-config-api/docs # note that as we're pulling from a monorepo (with multiple project in it) # we are using partial-clone and sparse-checkout to get the jans-linux-setup code @@ -35,9 +36,10 @@ RUN git clone --filter blob:none --no-checkout https://github.com/janssenproject && git sparse-checkout init --cone \ && git checkout ${JANS_SOURCE_VERSION} \ && git sparse-checkout add ${JANS_SETUP_DIR} \ - && git sparse-checkout add ${JANS_SCRIPT_CATALOG_DIR} + && git sparse-checkout add ${JANS_SCRIPT_CATALOG_DIR} \ + && git sparse-checkout add ${JANS_CONFIG_API_DOCS} -RUN mkdir -p /app/static /app/static/couchbase /app/schema /app/openbanking/static /app/static/opendj +RUN mkdir -p /app/static /app/static/couchbase /app/schema /app/openbanking/static /app/static/opendj /app/templates # sync static files from linux-setup RUN cd /tmp/jans \ @@ -50,12 +52,8 @@ RUN cd /tmp/jans \ && cp ${JANS_SETUP_DIR}/schema/custom_schema.json /app/schema/custom_schema.json \ && cp ${JANS_SETUP_DIR}/static/opendj/index.json /app/static/opendj/index.json \ && cp -R ${JANS_SCRIPT_CATALOG_DIR} /app/script-catalog \ - && cp ${JANS_SETUP_DIR}/static/extension/introspection/introspection_role_based_scope.py /app/openbanking/static/extension/introspection/ - -RUN mkdir -p /app/templates - -# partially sync templates from linux-setup -RUN cd /tmp/jans \ + && cp ${JANS_SETUP_DIR}/static/extension/introspection/introspection_role_based_scope.py /app/openbanking/static/extension/introspection/ \ + && cp ${JANS_CONFIG_API_DOCS}/jans-config-api-swagger.yaml -P /app/static/ \ && cp ${JANS_SETUP_DIR}/templates/*.ldif /app/templates \ && cp -R ${JANS_SETUP_DIR}/templates/jans-auth /app/templates/jans-auth \ && cp ${JANS_SETUP_DIR}/openbanking/templates/scopes.ldif /app/templates/scopes.ob.ldif \ @@ -66,9 +64,6 @@ RUN cd /tmp/jans \ && cp -R ${JANS_SETUP_DIR}/templates/jans-scim /app/templates/jans-scim \ && cp -R ${JANS_SETUP_DIR}/templates/jans-cli /app/templates/jans-cli -# Download jans-config-api-swagger for role_scope_mapping -RUN wget -q https://github.com/JanssenProject/jans/raw/${JANS_SOURCE_VERSION}/jans-config-api/docs/jans-config-api-swagger.yaml -P /app/static - # cleanup RUN rm -rf /tmp/jans diff --git a/docker-jans-persistence-loader/scripts/spanner_setup.py b/docker-jans-persistence-loader/scripts/spanner_setup.py index 238f612e50f..91a13bef29c 100644 --- a/docker-jans-persistence-loader/scripts/spanner_setup.py +++ b/docker-jans-persistence-loader/scripts/spanner_setup.py @@ -363,6 +363,7 @@ def column_int_to_string(table_name, col_name): ("jansScope", "creationDate"), ("jansStatEntry", "jansData"), ("jansSessId", "deviceSecret"), + ("jansSsa", "jansState"), ]: add_column(mod[0], mod[1]) diff --git a/docker-jans-persistence-loader/scripts/sql_setup.py b/docker-jans-persistence-loader/scripts/sql_setup.py index a27553c50cf..a83e46bb2a5 100644 --- a/docker-jans-persistence-loader/scripts/sql_setup.py +++ b/docker-jans-persistence-loader/scripts/sql_setup.py @@ -368,6 +368,7 @@ def column_from_json(table_name, col_name): ("jansScope", "creationDate"), ("jansStatEntry", "jansData"), ("jansSessId", "deviceSecret"), + ("jansSsa", "jansState"), ]: add_column(mod[0], mod[1]) diff --git a/docker-jans-scim/Dockerfile b/docker-jans-scim/Dockerfile index f787e985c51..4b5851ac880 100644 --- a/docker-jans-scim/Dockerfile +++ b/docker-jans-scim/Dockerfile @@ -46,7 +46,7 @@ RUN wget -q https://maven.jans.io/maven/io/jans/jython-installer/${JYTHON_VERSIO # ==== ENV CN_VERSION=1.0.4-SNAPSHOT -ENV CN_BUILD_DATE='2022-11-01 11:06' +ENV CN_BUILD_DATE='2022-11-03 13:40' ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-scim-server/${CN_VERSION}/jans-scim-server-${CN_VERSION}.war # Install SCIM @@ -84,7 +84,7 @@ RUN mkdir -p /opt/prometheus \ # jans-linux-setup sync # ===================== -ENV JANS_SOURCE_VERSION=c3e3f537e4e85c1ee718f7a7b79a203e7ed57e42 +ENV JANS_SOURCE_VERSION=be03a3841541b852d7409e4a8bf190ea46256368 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup ARG JANS_SCIM_RESOURCE_DIR=jans-scim/server/src/main/resources diff --git a/docker-jans-scim/scripts/bootstrap.py b/docker-jans-scim/scripts/bootstrap.py index 5f33c104983..6ec93a83f3c 100644 --- a/docker-jans-scim/scripts/bootstrap.py +++ b/docker-jans-scim/scripts/bootstrap.py @@ -276,7 +276,9 @@ def ldif_files(self) -> list[str]: return files def import_ldif_files(self) -> None: - self.generate_scopes_ldif() + # temporarily disable dynamic scopes creation + # see https://github.com/JanssenProject/jans/issues/2869 + # self.generate_scopes_ldif() for file_ in self.ldif_files: logger.info(f"Importing {file_}") diff --git a/docker-jans-scim/scripts/upgrade.py b/docker-jans-scim/scripts/upgrade.py index 887c463db4d..daf27dbf0a2 100644 --- a/docker-jans-scim/scripts/upgrade.py +++ b/docker-jans-scim/scripts/upgrade.py @@ -207,7 +207,9 @@ def __init__(self, manager): def invoke(self): logger.info("Running upgrade process (if required)") - self.update_client_scopes() + # temporarily disable dynamic scopes creation + # see https://github.com/JanssenProject/jans/issues/2869 + # self.update_client_scopes() def get_all_scopes(self): if self.backend.type in ("sql", "spanner"): diff --git a/docker-jans-scim/templates/jans-scim/clients.ldif b/docker-jans-scim/templates/jans-scim/clients.ldif index f74bd9763e1..58ceb45abbd 100644 --- a/docker-jans-scim/templates/jans-scim/clients.ldif +++ b/docker-jans-scim/templates/jans-scim/clients.ldif @@ -6,7 +6,16 @@ jansAppTyp: native jansAttrs: {} jansClntSecret: %(scim_client_encoded_pw)s jansGrantTyp: client_credentials -# scopes will be added dynamically using script +jansScope: inum=1200.2B7428,ou=scopes,o=jans +jansScope: inum=1200.0A0198,ou=scopes,o=jans +jansScope: inum=1200.E14714,ou=scopes,o=jans +jansScope: inum=1200.178DAF,ou=scopes,o=jans +jansScope: inum=1200.57E5E9,ou=scopes,o=jans +jansScope: inum=1200.D0F7EB,ou=scopes,o=jans +jansScope: inum=1200.99AD30,ou=scopes,o=jans +jansScope: inum=1200.D5527D,ou=scopes,o=jans +jansScope: inum=1200.83383D,ou=scopes,o=jans +jansScope: inum=1200.0D9EB4,ou=scopes,o=jans jansSubjectTyp: pairwise jansTknEndpointAuthMethod: client_secret_basic objectClass: top diff --git a/docker-jans-scim/templates/jans-scim/scopes.ldif b/docker-jans-scim/templates/jans-scim/scopes.ldif new file mode 100644 index 00000000000..845a12c6fb9 --- /dev/null +++ b/docker-jans-scim/templates/jans-scim/scopes.ldif @@ -0,0 +1,101 @@ +dn: inum=1200.2B7428,ou=scopes,o=jans +description: Query user resources +displayName: SCIM https://jans.io/scim/users.read +inum: 1200.2B7428 +jansDefScope: false +jansId: https://jans.io/scim/users.read +jansScopeTyp: oauth +objectClass: top +objectClass: jansScope +jansAttrs: {"spontaneousClientId":null,"spontaneousClientScopes":null,"showInConfigurationEndpoint":true} + +dn: inum=1200.0A0198,ou=scopes,o=jans +description: Modify user resources +displayName: SCIM https://jans.io/scim/users.write +inum: 1200.0A0198 +jansDefScope: false +jansId: https://jans.io/scim/users.write +jansScopeTyp: oauth +objectClass: top +objectClass: jansScope +jansAttrs: {"spontaneousClientId":null,"spontaneousClientScopes":null,"showInConfigurationEndpoint":true} + +dn: inum=1200.E14714,ou=scopes,o=jans +description: Query group resources +displayName: SCIM https://jans.io/scim/groups.read +inum: 1200.E14714 +jansDefScope: false +jansId: https://jans.io/scim/groups.read +jansScopeTyp: oauth +objectClass: top +objectClass: jansScope + +dn: inum=1200.178DAF,ou=scopes,o=jans +description: Modify group resources +displayName: SCIM https://jans.io/scim/groups.write +inum: 1200.178DAF +jansDefScope: false +jansId: https://jans.io/scim/groups.write +jansScopeTyp: oauth +objectClass: top +objectClass: jansScope + +dn: inum=1200.57E5E9,ou=scopes,o=jans +description: Query fido resources +displayName: SCIM https://jans.io/scim/fido.read +inum: 1200.57E5E9 +jansDefScope: false +jansId: https://jans.io/scim/fido.read +jansScopeTyp: oauth +objectClass: top +objectClass: jansScope + +dn: inum=1200.D0F7EB,ou=scopes,o=jans +description: Modify fido resources +displayName: SCIM https://jans.io/scim/fido.write +inum: 1200.D0F7EB +jansDefScope: false +jansId: https://jans.io/scim/fido.write +jansScopeTyp: oauth +objectClass: top +objectClass: jansScope + +dn: inum=1200.99AD30,ou=scopes,o=jans +description: Query fido 2 resources +displayName: SCIM https://jans.io/scim/fido2.read +inum: 1200.99AD30 +jansDefScope: false +jansId: https://jans.io/scim/fido2.read +jansScopeTyp: oauth +objectClass: top +objectClass: jansScope + +dn: inum=1200.D5527D,ou=scopes,o=jans +description: Modify fido 2 resources +displayName: SCIM https://jans.io/scim/fido2.write +inum: 1200.D5527D +jansDefScope: false +jansId: https://jans.io/scim/fido2.write +jansScopeTyp: oauth +objectClass: top +objectClass: jansScope + +dn: inum=1200.83383D,ou=scopes,o=jans +description: Access the root .search endpoint +displayName: SCIM https://jans.io/scim/all-resources.search +inum: 1200.83383D +jansDefScope: false +jansId: https://jans.io/scim/all-resources.search +jansScopeTyp: oauth +objectClass: top +objectClass: jansScope + +dn: inum=1200.0D9EB4,ou=scopes,o=jans +description: Send requests to the bulk endpoint +displayName: SCIM https://jans.io/scim/bulk +inum: 1200.0D9EB4 +jansDefScope: false +jansId: https://jans.io/scim/bulk +jansScopeTyp: oauth +objectClass: top +objectClass: jansScope