Merge branch 'JanssenProject:master' into master

Author: moabu

.github/workflows/central_code_quality_check.yml

@@ -0,0 +1,148 @@
+# Please do not attempt to edit this flow without the direct consent from the DevOps team. This file is managed centrally.
+# Contact @moabu
+# Sonar cloud https://sonarcloud.io/organizations/janssenproject/projects
+name: Code quality check
+
+on:
+  push:
+    branches:
+      - '**'
+  pull_request:
+    branches:
+      - master
+  workflow_dispatch:
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      JVM_PROJECTS: |
+        JanssenProject/jans-auth-server
+        JanssenProject/jans-orm
+        JanssenProject/jans-config-api
+        JanssenProject/jans-client-api
+        JanssenProject/jans-scim
+        JanssenProject/jans-core
+        JanssenProject/jans-notify
+        JanssenProject/jans-fido2
+        JanssenProject/jans-eleven
+      NON_JVM_PROJECTS: |
+        JanssenProject/jans-setup
+        JanssenProject/jans-cli
+        JanssenProject/docker-jans-persistence-loader
+        JanssenProject/docker-jans-client-api
+        JanssenProject/jans-pycloudlib
+        JanssenProject/docker-jans-auth-server
+        JanssenProject/docker-jans-fido2
+        JanssenProject/docker-jans-scim
+        JanssenProject/docker-jans-config-api
+        JanssenProject/docker-jans-certmanager
+        JanssenProject/docker-jans-configuration-manager
+        JanssenProject/jans-cloud-native
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of sonarqube analysis
+      
+      - name: Set up JDK 11
+        if: contains(env.JVM_PROJECTS, github.repository)
+        uses: actions/setup-java@v2
+        with:
+          java-version: '11'
+          distribution: 'adopt'
+          
+      - name: Build with Maven
+        if: contains(env.JVM_PROJECTS, github.repository)
+        run: |
+          case "$GITHUB_REPOSITORY" in
+            "JanssenProject/jans-auth-server") 
+              echo "Run maven build for jans-auth-server "
+              mvn clean -fae -X -pl \!client,\!static,\!server,\!rp-spring-boot jacoco:prepare-agent test install jacoco:report
+            ;;
+            "JanssenProject/jans-client-api") 
+              echo "Run maven build for jans-client-api"
+              mvn clean -fae -pl \!server jacoco:prepare-agent test install jacoco:report
+            ;;
+            "JanssenProject/jans-scim") 
+              echo "Run maven build for jans-scim"
+              mvn clean -fae -pl \!client jacoco:prepare-agent test install jacoco:report
+            ;;
+            "JanssenProject/jans-eleven")
+              echo "Run maven build for jans-eleven"
+              mvn clean -fae -pl \!client,\!server jacoco:prepare-agent test jacoco:report
+            ;;
+            "JanssenProject/jans-config-api")
+              echo "Run maven build for jans-config-api"
+              mvn clean -fae -DskipTests=true jacoco:prepare-agent install jacoco:report
+            ;;
+            *) 
+            echo "Run maven build for Java repository"
+            mvn clean -fae jacoco:prepare-agent test install jacoco:report
+            ;;
+          esac
+
+      - name: Cache SonarCloud packages for JVM based project
+        if: contains(env.JVM_PROJECTS, github.repository)
+        uses: actions/cache@v1
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+          
+      - name: Cache Maven packages
+        if: contains(env.JVM_PROJECTS, github.repository)
+        uses: actions/cache@v1
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+          
+      - name: Build and analyze JVM based project
+        if: contains(env.JVM_PROJECTS, github.repository)
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: |
+          case "$GITHUB_REPOSITORY" in
+            "JanssenProject/jans-auth-server") 
+              echo "Run Sonar analysis for jans-auth-server "
+              mvn -B -pl \!client,\!static,\!server,\!rp-spring-boot verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
+            ;;
+            "JanssenProject/jans-client-api") 
+              echo "Run Sonar analysis for jans-client-api"
+              mvn -B -pl \!server verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
+            ;;
+            "JanssenProject/jans-scim") 
+              echo "Run Sonar analysis for jans-scim"
+              mvn -B -pl \!client verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
+            ;;
+            "JanssenProject/jans-eleven")
+              echo "Run Sonar analysis for jans-scim"
+              mvn -B -pl \!client,\!server verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
+            ;;
+            "JanssenProject/jans-config-api")
+              echo "Run Sonar analysis for jans-config-api"
+              mvn -B -DskipTests=true verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
+            ;;
+            *) 
+            echo "Run maven build for Java repository"
+            mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
+            ;;
+          esac
+
+      - name: Convert repo org name to lowercase for non JVM projects
+        if: contains(env.NON_JVM_PROJECTS, github.repository)
+        env:
+          REPO_OWNER: ${{ github.repository_owner }}
+        run: |
+          echo "REPO_ORG=${REPO_OWNER,,}" >>${GITHUB_ENV}
+
+      - name: SonarCloud Scan for non-JVM project
+        if: contains(env.NON_JVM_PROJECTS, github.repository)
+        uses: SonarSource/sonarcloud-github-action@master
+        with:
+          args: >
+            -Dsonar.organization=${{ env.REPO_ORG }}
+            -Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

Dockerfile

@@ -51,7 +51,7 @@ RUN wget -q https://github.com/fabioz/PyDev.Debugger/archive/refs/tags/pydev_deb
 # ===========
 
 ENV CN_VERSION=1.0.0-SNAPSHOT
-ENV CN_BUILD_DATE='2021-06-01 16:06'
+ENV CN_BUILD_DATE='2021-06-22 16:57'
 ENV CN_SOURCE_URL=https://maven.jans.io/maven/io/jans/jans-auth-server/${CN_VERSION}/jans-auth-server-${CN_VERSION}.war
 
 # Install Jans Auth
@@ -156,7 +156,9 @@ ENV CN_PERSISTENCE_TYPE=ldap \
     CN_COUCHBASE_BUCKET_PREFIX=jans \
     CN_COUCHBASE_TRUSTSTORE_ENABLE=true \
     CN_COUCHBASE_KEEPALIVE_INTERVAL=30000 \
-    CN_COUCHBASE_KEEPALIVE_TIMEOUT=2500
+    CN_COUCHBASE_KEEPALIVE_TIMEOUT=2500 \
+    CN_GOOGLE_SPANNER_INSTANCE_ID="" \
+    CN_GOOGLE_SPANNER_DATABASE_ID=""
 
 # ===========
 # Generic ENV
@@ -184,7 +186,7 @@ LABEL name="Janssen Authorization Server" \
     maintainer="Janssen Project <support@jans.io>" \
     vendor="Janssen Project" \
     version="1.0.0" \
-    release="b5" \
+    release="b6" \
     summary="Janssen Authorization Server" \
     description="OAuth 2.0 server and client; OpenID Connect Provider (OP) & UMA Authorization Server (AS)"
 

README.md

@@ -73,3 +73,6 @@ The following environment variables are supported by the container:
 - `CN_SYNC_JKS_INTERVAL`: Interval of JKS sync in seconds (if needed); obsolete.
 - `GOOGLE_PROJECT_ID`: Google Project ID (default to empty string). Used when `CN_CONFIG_ADAPTER` or `CN_SECRET_ADAPTER` set to `google`.
 - `GOOGLE_APPLICATION_CREDENTIALS`: Path to Google credentials JSON file (default to `/etc/jans/conf/google-credentials.json`). Used when `CN_CONFIG_ADAPTER` or `CN_SECRET_ADAPTER` set to `google`.
+- `CN_GOOGLE_SPANNER_INSTANCE_ID`: Google Spanner instance ID.
+- `CN_GOOGLE_SPANNER_DATABASE_ID`: Google Spanner database ID.
+- `CN_JETTY_REQUEST_HEADER_SIZE`: Maximum size of request header accepted by Jetty (default to `8192`).

__version__.py

@@ -3,5 +3,5 @@
  https://www.apache.org/licenses/LICENSE-2.0
  This is only used by Github actions: release.yaml workflow.
 """
-__version__ = "1.0.0_b5"
-__previous_version__ = "1.0.0_b4"
+__version__ = "1.0.0_b6"
+__previous_version__ = "1.0.0_b5"

conf/jans-spanner.properties.tmpl

@@ -23,5 +23,8 @@ connection.pool.create-max-wait-time-millis=20000
 # Maximum allowed statement result set size
 statement.limit.default-maximum-result-size=1000
 
+# Maximum allowed delete statement result set size
+statement.limit.maximum-result-delete-size=10000
+
 binaryAttributes=objectGUID
 certificateAttributes=userCertificate

requirements.txt

@@ -1 +1 @@
--e git+https://github.com/JanssenProject/jans-pycloudlib@a49f267f16a75965756d475d0e8102ad7cde2010#egg=jans-pycloudlib
+-e git+https://github.com/JanssenProject/jans-pycloudlib@a6ce9a098be01b4edcb69fbeee7f0bf745130c44#egg=jans-pycloudlib

scripts/bootstrap.py

@@ -45,6 +45,15 @@ def modify_jetty_xml():
         flags=re.DOTALL | re.M,
     )
 
+    # set custom request header size
+    req_header_size = os.environ.get("CN_JETTY_REQUEST_HEADER_SIZE", "8192")
+    updates = re.sub(
+        r'(<Set name="requestHeaderSize"><Property name="jetty.httpConfig.requestHeaderSize" deprecated="jetty.request.header.size" default=)"\d+"( /></Set>)',
+        r'\1"{}"\2'.format(req_header_size),
+        updates,
+        flags=re.DOTALL | re.M,
+    )
+
     with open(fn, "w") as f:
         f.write(updates)
 

scripts/keystore_mod.py

@@ -6,6 +6,7 @@
 from jans.pycloudlib.persistence.couchbase import get_couchbase_password
 from jans.pycloudlib.persistence.ldap import LdapClient
 from jans.pycloudlib.persistence.sql import SQLClient
+from jans.pycloudlib.persistence.spanner import SpannerClient
 
 
 class BasePersistence:
@@ -112,11 +113,24 @@ def modify_auth_config(self, id_, rev, conf_dynamic):
         return modified
 
 
+class SpannerPersistence(SqlPersistence):
+    def __init__(self, manager):
+        self.client = SpannerClient()
+
+
+_backend_classes = {
+    "ldap": LdapPersistence,
+    "couchbase": CouchbasePersistence,
+    "sql": SqlPersistence,
+    "spanner": SpannerPersistence,
+}
+
+
 def modify_keystore_path(manager, path, jwks_uri):
     persistence_type = os.environ.get("CN_PERSISTENCE_TYPE", "ldap")
     ldap_mapping = os.environ.get("CN_PERSISTENCE_LDAP_MAPPING", "default")
 
-    if persistence_type in ("ldap", "couchbase", "sql"):
+    if persistence_type in ("ldap", "couchbase", "sql", "spanner"):
         backend_type = persistence_type
     else:
         # persistence_type is hybrid
@@ -126,12 +140,7 @@ def modify_keystore_path(manager, path, jwks_uri):
             backend_type = "couchbase"
 
     # resolve backend
-    if backend_type == "ldap":
-        backend = LdapPersistence(manager)
-    elif backend_type == "couchbase":
-        backend = CouchbasePersistence(manager)
-    else:
-        backend = SqlPersistence(manager)
+    backend = _backend_classes[backend_type](manager)
 
     config = backend.get_auth_config()
     if not config: