diff --git a/.github/workflows/build-docs.yml b/.github/workflows/build-docs.yml index 3790170c3..25a48f112 100644 --- a/.github/workflows/build-docs.yml +++ b/.github/workflows/build-docs.yml @@ -83,8 +83,8 @@ jobs: - name: Configure Git run: | - git config user.name "mo-auto" - git config user.email "54212639+mo-auto@users.noreply.github.com" + git config --global user.name "mo-auto" + git config --global user.email "54212639+mo-auto@users.noreply.github.com" git config --global user.signingkey "${{ steps.import_gpg.outputs.keyid }}" echo "${{ secrets.MOWORKFLOWTOKEN }}" | gh auth login --with-token @@ -97,6 +97,7 @@ jobs: git clone https://mo-auto:${{ secrets.MOWORKFLOWTOKEN }}@github.com/GluuFederation/flex.git cd flex git checkout -b cn-flex-update-auto-generated-docs + git pull origin cn-flex-update-auto-generated-docs || echo "Nothing to pull" echo "Custom work on generating docs can go here." # Run cn docs sudo bash ./automation/docs/generated-cn-docs.sh . || echo "something went wrong with generating the cn docs" @@ -119,17 +120,7 @@ jobs: MESSAGE="fix(docs): autogenerate docs" PR=$(gh pr create --body "Auto generated docs" --title "${MESSAGE}") cd ../../ - rm -rf temp - - # The below should not be pushed to main - echo "Replacing release number markers with actual release number" - if [ ! -z "$VERSION" ]; then - cd docs - egrep -lRZ --exclude=CONTRIBUTING.md . | xargs -0 -l sed -i -e "s/replace-flex-version/${VERSION:1}/g" - git add . || echo "Nothing to add" - git commit -a -S -m "docs: replace release marker with release number" || echo "Nothing to commit" - cd .. - fi + sudo rm -rf temp - name: mike deploy ${{ github.event.inputs.version }} if: >- @@ -164,7 +155,8 @@ jobs: run: | TAGS=$(gh release list -L 1000 -R ${{ github.repository }} | grep -o '^\v.*'| grep -v Draft | cut -f 1 | sed '/-/!{s/$/_/}' | sort -V | sed 's/_$//') LATEST=$(echo "${TAGS}" | tail -1) - STABLE=$(echo "${TAGS}" | grep -v -- "-" | tail -1) + #STABLE=$(echo "${TAGS}" | grep -v -- "-" | tail -1) + STABLE=$LATEST echo "Latest is $LATEST and Stable is $STABLE" # remove below two lines after first release #LATEST="head" @@ -195,6 +187,14 @@ jobs: git add index.yaml && git update-index --refresh cd .. # END move generated chart from a previous step + + echo "Replacing release number markers with actual release number" + cd ${LATEST} + egrep -lRZ --exclude=CONTRIBUTING.md . | xargs -0 -l sed -i -e "s/replace-flex-version/${LATEST:1}/g" + egrep -lRZ --exclude=CONTRIBUTING.md . | xargs -0 -l sed -i -e "s/replace-jans-version/${LATEST:1}/g" + git add . && git update-index --refresh + cd .. + echo "${STABLE}" > stable.txt git add stable.txt && git update-index --refresh git diff-index --quiet HEAD -- || git commit -S -m "Set stable to ${STABLE}" diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 1fb853457..4d44796cf 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -136,7 +136,7 @@ jobs: with: repo_token: ${{ secrets.MOWORKFLOWTOKEN }} file: ${{github.workspace}}/${{ matrix.asset_path }}/flex${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ env.ASSET_PRESUFFIX }}${{ matrix.asset_suffix }} - asset_name: ${{ env.PACKAGE_PREFIX }}${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ env.ASSET_PRESUFFIX }}${{ matrix.asset_suffix }} + asset_name: ${{ env.PACKAGE_PREFIX }}${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}-${{ matrix.asset_suffix }} tag: ${{ steps.previoustag.outputs.tag }} overwrite: true - name: Upload checksum to release @@ -145,7 +145,7 @@ jobs: with: repo_token: ${{ secrets.MOWORKFLOWTOKEN }} file: ${{github.workspace}}/${{ matrix.asset_path }}/flex${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ env.ASSET_PRESUFFIX }}${{ matrix.asset_suffix }}.sha256sum - asset_name: ${{ env.PACKAGE_PREFIX }}${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ env.ASSET_PRESUFFIX }}${{ matrix.asset_suffix }}.sha256sum + asset_name: ${{ env.PACKAGE_PREFIX }}${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}-${{ matrix.asset_suffix }}.sha256sum tag: ${{ steps.previoustag.outputs.tag }} overwrite: true diff --git a/.github/workflows/docker_build_image.yml b/.github/workflows/docker_build_image.yml index 69fc2a239..74c320211 100644 --- a/.github/workflows/docker_build_image.yml +++ b/.github/workflows/docker_build_image.yml @@ -88,8 +88,9 @@ jobs: if: steps.build_docker_image.outputs.build || github.event_name == 'tags' id: prep run: | - MAIN_VERSION=$(python3 -c "from dockerfile_parse import DockerfileParser ; dfparser = DockerfileParser('./docker-${{ matrix.docker-images }}') ; print(dfparser.labels['version'])") - DOCKER_IMAGE=gluufederation/${{ matrix.docker-images }} + REPOSITORY=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') + MAIN_VERSION=$(python3 -c "from dockerfile_parse import DockerfileParser ; dfparser = DockerfileParser('./docker-${{ matrix.docker-images }}') ; print(dfparser.labels['org.opencontainers.image.version'])") + DOCKER_IMAGE=ghcr.io/$REPOSITORY/${{ matrix.docker-images }} if [[ ${{ matrix.docker-images }} == "flex-monolith" ]]; then DOCKER_IMAGE=gluufederation/monolith fi @@ -162,21 +163,13 @@ jobs: id: buildx uses: docker/setup-buildx-action@v2 - - name: Cache Docker layers - if: steps.build_docker_image.outputs.build && steps.prep.outputs.build - uses: actions/cache@v3 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - name: Login to Docker Hub if: github.event_name != 'pull_request' uses: docker/login-action@v2 with: - username: ${{ secrets.MOAUTO_DOCKERHUB_USERNAME }} - password: ${{ secrets.MOAUTO_DOCKERHUB_TOKEN }} + registry: ghcr.io + username: mo-auto + password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push if: steps.build_docker_image.outputs.build && steps.prep.outputs.build @@ -197,8 +190,6 @@ jobs: platforms: linux/amd64 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.prep.outputs.tags }} - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache - name: Image digest if: steps.build_docker_image.outputs.build && steps.prep.outputs.build diff --git a/.github/workflows/releaseplease.yml b/.github/workflows/releaseplease.yml index 847c89e85..73611589e 100644 --- a/.github/workflows/releaseplease.yml +++ b/.github/workflows/releaseplease.yml @@ -5,23 +5,23 @@ on: node_release_as: description: 'Release version for the admin ui' required: true - default: '1.0.9' + default: '1.0.11' java_release_as: description: 'Release version for the java projects casa' required: true - default: '5.0.0-9' + default: '5.0.0-11' docker_release_as: description: 'Release version for the docker images docker-*' required: true - default: '1.0.9-1' + default: '1.0.11-1' python_release_as: description: 'Release version for the python projects' required: true - default: '1.0.9' + default: '1.0.11' mega_release_as: description: 'Mega release version' required: true - default: '5.0.0-9' + default: '5.0.0-11' jobs: release-java-pr: runs-on: ubuntu-latest diff --git a/.github/workflows/test_docker_linux_installer.yml b/.github/workflows/test_docker_linux_installer.yml index 7cf9d6132..d924a4c26 100644 --- a/.github/workflows/test_docker_linux_installer.yml +++ b/.github/workflows/test_docker_linux_installer.yml @@ -13,7 +13,7 @@ on: - "flex-linux-setup/**" jobs: build: - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 strategy: max-parallel: 6 matrix: @@ -37,7 +37,7 @@ jobs: run: | ip=$(ifconfig eth0 | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1') sudo chmod u+x automation/startflexmonolithdemo.sh - sudo bash ./automation/startflexmonolithdemo.sh demoexample.gluu.org ${{ matrix.persistence-backends }} $ip ${{ github.sha }} + sudo bash ./automation/startflexmonolithdemo.sh demoexample.gluu.org ${{ matrix.persistence-backends }} $ip ${{ github.sha }} ${{ secrets.LICENSE_SSA }} echo "echo setup.properties" docker exec docker-flex-monolith-flex-1 cat setup.properties diff --git a/CHANGELOG.md b/CHANGELOG.md index 491735c02..20259aa19 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,43 @@ # Changelog +## [5.0.0-10](https://github.com/GluuFederation/flex/compare/v5.0.0-9...v5.0.0-10) (2023-03-16) + + +### Features + +* **admin-ui:** change design for backend error ([afb1221](https://github.com/GluuFederation/flex/commit/afb12214d1cd0e8ee88f5e60fa781b0e254d7b2e)) +* **docker-admin-ui:** admin-ui license registration ([#844](https://github.com/GluuFederation/flex/issues/844)) ([1b64602](https://github.com/GluuFederation/flex/commit/1b64602861501d831e1516534576f8162463d3c2)) + + +### Bug Fixes + +* add cn license enforcment to chart ([55fb0c9](https://github.com/GluuFederation/flex/commit/55fb0c97428a3ec704e80558679a7e9d7f88c42c)) +* **admin-ui:** fix default arc in properties [#851](https://github.com/GluuFederation/flex/issues/851) ([9ef87ad](https://github.com/GluuFederation/flex/commit/9ef87ad0c44d2e22686e49d4d01ea72ef878d57f)) +* **admin-ui:** fix properties page [#848](https://github.com/GluuFederation/flex/issues/848) ([1aa30da](https://github.com/GluuFederation/flex/commit/1aa30dac3496fd8b9bf4df8600cd0bab53c55a34)) +* **admin-ui:** tab skip tooltip ([c35f8d5](https://github.com/GluuFederation/flex/commit/c35f8d5a8258a4ba0475fa4ca5e01a2968f0f0dd)) +* **flex-linux-setup:** enforce SSA ([f46b80e](https://github.com/GluuFederation/flex/commit/f46b80edd500a7721358cedfcb43ca342a77401e)) +* prepare for 5.0.10 release ([1ffcbc7](https://github.com/GluuFederation/flex/commit/1ffcbc74d837e7a037d6cff71d990573d04bba7b)) + +## [5.0.0-9](https://github.com/GluuFederation/flex/compare/v5.0.0-8...v5.0.0-9) (2023-03-09) + + +### Features + +* admin ui license registration [#497](https://github.com/GluuFederation/flex/issues/497) ([f10ec67](https://github.com/GluuFederation/flex/commit/f10ec678bbea7c1eacde9574c771fad10540fce1)) +* change error message[#497](https://github.com/GluuFederation/flex/issues/497) ([d2e94a4](https://github.com/GluuFederation/flex/commit/d2e94a4067c84674860894623f282b904eecb099)) + + +### Bug Fixes + +* **admin-ui:** fix edit and view pages issue ([90f396a](https://github.com/GluuFederation/flex/commit/90f396a7687384b55067f467b1d003acdaf7ea36)) +* **docs:** ubuntu install download location ([bb3a5cd](https://github.com/GluuFederation/flex/commit/bb3a5cdc282c6089edb326675061e72d20bd8431)) +* **flex-linux-setup:** adminui template ([85249a3](https://github.com/GluuFederation/flex/commit/85249a3447242957e45e887634430740ff520059)) +* **flex-linux-setup:** decoding ssa jwt ([a953d31](https://github.com/GluuFederation/flex/commit/a953d31a459fac4ca55ff5b0d61cf454635e0673)) +* **flex-linux-setup:** no download for deb/rpm packages ([02b9ac4](https://github.com/GluuFederation/flex/commit/02b9ac4f24e20413a9b138df430f28168605f3eb)) +* **flex-linux-setup:** set flex version 1.0.9 ([#827](https://github.com/GluuFederation/flex/issues/827)) ([d94b40d](https://github.com/GluuFederation/flex/commit/d94b40d7b79d7baabc547294cce3156ec442ff26)) +* prepare for 5.0.0-9 release ([716d309](https://github.com/GluuFederation/flex/commit/716d309350f5713b96f482dde9e0a543e5e62286)) +* redirect_uris is mandatory if grant_types is not selected [#807](https://github.com/GluuFederation/flex/issues/807) ([a986eb0](https://github.com/GluuFederation/flex/commit/a986eb0a81971e3e5355121f4ca1ca1b68b324ca)) + ## [5.0.0-8](https://github.com/GluuFederation/flex/compare/v5.0.0-7...v5.0.0-8) (2023-03-02) diff --git a/README.md b/README.md index 500d576e7..f72143250 100644 --- a/README.md +++ b/README.md @@ -16,3 +16,4 @@ Try first, ask questions later? Go to the [Gluu](https://gluu.org) website right ## Why the name Gluu? ## Support + diff --git a/admin-ui/CHANGELOG.md b/admin-ui/CHANGELOG.md index 1724b033f..4ffa6aaa6 100644 --- a/admin-ui/CHANGELOG.md +++ b/admin-ui/CHANGELOG.md @@ -1,5 +1,35 @@ # Changelog +## [1.0.10](https://github.com/GluuFederation/flex/compare/admin-ui-v1.0.9...admin-ui-v1.0.10) (2023-03-16) + + +### Features + +* **admin-ui:** change design for backend error ([afb1221](https://github.com/GluuFederation/flex/commit/afb12214d1cd0e8ee88f5e60fa781b0e254d7b2e)) + + +### Bug Fixes + +* **admin-ui:** fix default arc in properties [#851](https://github.com/GluuFederation/flex/issues/851) ([9ef87ad](https://github.com/GluuFederation/flex/commit/9ef87ad0c44d2e22686e49d4d01ea72ef878d57f)) +* **admin-ui:** fix properties page [#848](https://github.com/GluuFederation/flex/issues/848) ([1aa30da](https://github.com/GluuFederation/flex/commit/1aa30dac3496fd8b9bf4df8600cd0bab53c55a34)) +* **admin-ui:** tab skip tooltip ([c35f8d5](https://github.com/GluuFederation/flex/commit/c35f8d5a8258a4ba0475fa4ca5e01a2968f0f0dd)) +* prepare for 5.0.10 release ([1ffcbc7](https://github.com/GluuFederation/flex/commit/1ffcbc74d837e7a037d6cff71d990573d04bba7b)) + +## [1.0.9](https://github.com/GluuFederation/flex/compare/admin-ui-v1.0.8...admin-ui-v1.0.9) (2023-03-09) + + +### Features + +* admin ui license registration [#497](https://github.com/GluuFederation/flex/issues/497) ([f10ec67](https://github.com/GluuFederation/flex/commit/f10ec678bbea7c1eacde9574c771fad10540fce1)) +* change error message[#497](https://github.com/GluuFederation/flex/issues/497) ([d2e94a4](https://github.com/GluuFederation/flex/commit/d2e94a4067c84674860894623f282b904eecb099)) + + +### Bug Fixes + +* **admin-ui:** fix edit and view pages issue ([90f396a](https://github.com/GluuFederation/flex/commit/90f396a7687384b55067f467b1d003acdaf7ea36)) +* prepare for 5.0.0-9 release ([716d309](https://github.com/GluuFederation/flex/commit/716d309350f5713b96f482dde9e0a543e5e62286)) +* redirect_uris is mandatory if grant_types is not selected [#807](https://github.com/GluuFederation/flex/issues/807) ([a986eb0](https://github.com/GluuFederation/flex/commit/a986eb0a81971e3e5355121f4ca1ca1b68b324ca)) + ## [1.0.8](https://github.com/GluuFederation/flex/compare/admin-ui-v1.0.7...admin-ui-v1.0.8) (2023-03-02) diff --git a/admin-ui/app/components/OuterClick/OuterClick.js b/admin-ui/app/components/OuterClick/OuterClick.js index bb644b554..35112d4c1 100755 --- a/admin-ui/app/components/OuterClick/OuterClick.js +++ b/admin-ui/app/components/OuterClick/OuterClick.js @@ -66,7 +66,7 @@ class OuterClick extends React.Component { } openSidebar(path){ - const exists= path.some(item => item.id === "navToggleBtn") + const exists= path?.some(item => item.id === "navToggleBtn") if(exists) return false diff --git a/admin-ui/app/redux/actions/LicenseActions.js b/admin-ui/app/redux/actions/LicenseActions.js index 26a70724f..905c00853 100644 --- a/admin-ui/app/redux/actions/LicenseActions.js +++ b/admin-ui/app/redux/actions/LicenseActions.js @@ -2,7 +2,6 @@ import { CHECK_FOR_VALID_LICENSE, CHECK_FOR_VALID_LICENSE_RESPONSE, ACTIVATE_CHECK_USER_API, - ACTIVATE_CHECK_LICENCE_API_VALID, ACTIVATE_CHECK_USER_LICENSE_KEY_RESPONSE, ACTIVATE_CHECK_USER_LICENSE_KEY, } from './types' @@ -21,10 +20,6 @@ export const checkUserLicenceKey = (payload) => ({ type: ACTIVATE_CHECK_USER_LICENSE_KEY, payload: { payload }, }) -export const checkUserApiKeyResponse = (payload) => ({ - type: ACTIVATE_CHECK_LICENCE_API_VALID, - payload: payload, -}) export const checkUserLicenseKeyResponse = (payload) => ({ type: ACTIVATE_CHECK_USER_LICENSE_KEY_RESPONSE, payload: payload, diff --git a/admin-ui/app/redux/actions/types.js b/admin-ui/app/redux/actions/types.js index bf4f705d1..c32b6fbb4 100644 --- a/admin-ui/app/redux/actions/types.js +++ b/admin-ui/app/redux/actions/types.js @@ -70,8 +70,6 @@ export const ACTIVATE_CHECK_USER_API = 'ACTIVATE_CHECK_USER_API' export const ACTIVATE_CHECK_USER_LICENSE_KEY = 'ACTIVATE_CHECK_USER_LICENSE_KEY' export const ACTIVATE_CHECK_USER_LICENSE_KEY_RESPONSE = 'ACTIVATE_CHECK_USER_LICENSE_KEY_RESPONSE' -export const ACTIVATE_CHECK_LICENCE_API_VALID = - 'ACTIVATE_CHECK_LICENCE_API_VALID' //OIDC DISCOVERY export const GET_OIDC_DISCOVERY = 'GET_OIDC_DISCOVERY' diff --git a/admin-ui/app/redux/api/LicenseApi.js b/admin-ui/app/redux/api/LicenseApi.js index ae4fb6d6e..ea8e0bc1d 100644 --- a/admin-ui/app/redux/api/LicenseApi.js +++ b/admin-ui/app/redux/api/LicenseApi.js @@ -12,15 +12,6 @@ export default class LicenseApi { }) } - submitApiKey = (data) => { - const options = {} - options['licenseSpringCredentials'] = data.payload - return new Promise((resolve, reject) => { - this.api.saveLicenseApiCredentials(options, (error, data) => { - handleResponse(error, reject, resolve, data) - }) - }) - } submitLicenseKey = (data) => { const options = {} options['licenseRequest'] = data.payload diff --git a/admin-ui/app/redux/reducers/LicenseReducer.js b/admin-ui/app/redux/reducers/LicenseReducer.js index e741db563..1a269d4af 100644 --- a/admin-ui/app/redux/reducers/LicenseReducer.js +++ b/admin-ui/app/redux/reducers/LicenseReducer.js @@ -38,21 +38,7 @@ export default function licenseReducer(state = INIT_STATE, action) { isLoading: true, error: '', } - case ACTIVATE_CHECK_LICENCE_API_VALID: - if (action.payload.apiResult) { - return { - ...state, - isLicenceAPIkeyValid: action.payload, - error: '', - isLoading: false, - } - } else { - return { - ...state, - error: action.payload.responseMessage, - isLoading: false, - } - } + case ACTIVATE_CHECK_USER_LICENSE_KEY_RESPONSE: if (action.payload.apiResult) { return { diff --git a/admin-ui/app/redux/sagas/LicenseSaga.js b/admin-ui/app/redux/sagas/LicenseSaga.js index 8ac390aae..b8d94f58a 100644 --- a/admin-ui/app/redux/sagas/LicenseSaga.js +++ b/admin-ui/app/redux/sagas/LicenseSaga.js @@ -12,7 +12,6 @@ import { checkLicensePresentResponse } from '../actions' import LicenseApi from '../api/LicenseApi' import { getClient, getClientWithToken } from '../api/base' import { - checkUserApiKeyResponse, checkUserLicenseKeyResponse, } from '../actions' import { @@ -46,15 +45,7 @@ function* checkLicensePresentWorker() { yield put(checkLicensePresentResponse()) } -function* activateCheckUserApi({ payload }) { - try { - const licenseApi = yield* getApiTokenWithDefaultScopes() - const response = yield call(licenseApi.submitApiKey, payload) - yield put(checkUserApiKeyResponse(response)) - } catch (error) { - console.log(error) - } -} + function* activateCheckUserLicenseKey({ payload }) { try { const licenseApi = yield* getApiTokenWithDefaultScopes() @@ -71,15 +62,12 @@ export function* checkLicensePresentWatcher() { yield takeEvery(ACTIVATE_CHECK_USER_LICENSE_KEY, activateCheckUserLicenseKey) } -export function* activateCheckApiKeyWatcher() { - yield takeEvery(ACTIVATE_CHECK_USER_API, activateCheckUserApi) -} + /** * License Root Saga */ export default function* rootSaga() { yield all([ fork(checkLicensePresentWatcher), - fork(activateCheckApiKeyWatcher), ]) } diff --git a/admin-ui/app/routes/Apps/Gluu/GluuErrorModal.js b/admin-ui/app/routes/Apps/Gluu/GluuErrorModal.js new file mode 100644 index 000000000..82fc9d4a0 --- /dev/null +++ b/admin-ui/app/routes/Apps/Gluu/GluuErrorModal.js @@ -0,0 +1,33 @@ +import React from 'react' +import { useTranslation } from 'react-i18next' + +function GluuErrorModal({message = '', description = ''}) { + const { t } = useTranslation() + return ( +
+ +

{message}

+

+ +
+ ) +} + +export default GluuErrorModal diff --git a/admin-ui/app/routes/Apps/Gluu/GluuLabel.js b/admin-ui/app/routes/Apps/Gluu/GluuLabel.js index 34c497b4e..1ab749de6 100644 --- a/admin-ui/app/routes/Apps/Gluu/GluuLabel.js +++ b/admin-ui/app/routes/Apps/Gluu/GluuLabel.js @@ -23,6 +23,7 @@ function GluuLabel({ label, required, size, doc_category, doc_entry, style }) { {doc_category && <> {t('documentation.' + doc_category + '.' + doc_entry)} - + } : diff --git a/admin-ui/app/utils/ApiKeyRedirect.js b/admin-ui/app/utils/ApiKeyRedirect.js index 3e0379a0d..6fefe2b5b 100644 --- a/admin-ui/app/utils/ApiKeyRedirect.js +++ b/admin-ui/app/utils/ApiKeyRedirect.js @@ -3,6 +3,7 @@ import { Container } from 'Components' import GluuNotification from 'Routes/Apps/Gluu/GluuNotification' import { useTranslation } from 'react-i18next' import ApiKey from './LicenseScreens/ApiKey' +import GluuErrorModal from '../routes/Apps/Gluu/GluuErrorModal' function ApiKeyRedirect({ backendIsUp, isLicenseValid, @@ -43,34 +44,27 @@ function ApiKeyRedirect({ )} - + + {!backendIsUp && + 1. Admin UI Backend is down.
2. Unable to get license credentials from Gluu server.
Please contact the site administrator or check server logs.'} + /> + } + + {roleNotFound && + + } - )} - show={roleNotFound} - /> - - {isLicenseActivationResultLoaded && !isLicenseValid && ( - - )} ) diff --git a/admin-ui/app/utils/LicenseScreens/ApiKey.js b/admin-ui/app/utils/LicenseScreens/ApiKey.js index 03238b1b0..d439162cf 100644 --- a/admin-ui/app/utils/LicenseScreens/ApiKey.js +++ b/admin-ui/app/utils/LicenseScreens/ApiKey.js @@ -8,18 +8,7 @@ function ApiKey() { const dispatch = useDispatch() const serverError = useSelector((state) => state.licenseReducer.error) const isLoading = useSelector((state) => state.licenseReducer.isLoading) - const isLicenceAPIkeyValid = useSelector( - (state) => state.licenseReducer.isLicenceAPIkeyValid, - ) - const params = { - apiKey: '', - productCode: '', - sharedKey: '', - managementKey: '', - } - const [values, setValues] = useState(params) - const [error, setError] = useState(params) const [submitted, setIsSubmitted] = useState(false) const [licenseKey, setLicenseKey] = useState('') @@ -31,39 +20,6 @@ function ApiKey() { })) } - useEffect(() => { - checkForError() - }, [JSON.stringify(values)]) - const checkForError = () => { - let err = false - for (const i in values) { - if (values[i] == '') { - err = true - setError((prevState) => ({ - ...prevState, - [i]: 'This field is required', - })) - } else { - setError((prevState) => ({ - ...prevState, - [i]: '', - })) - } - } - return err - } - - const submitValues = () => { - setIsSubmitted(true) - if (!checkForError()) { - dispatch(checkUserApi(values)) - } - console.log(values) - } - useEffect(() => { - setIsSubmitted(false) - }, [isLicenceAPIkeyValid]) - const submitLicenseKey = () => { setIsSubmitted(true) if (licenseKey != '') { @@ -104,77 +60,6 @@ function ApiKey() { - {!isLicenceAPIkeyValid ? ( -
-
- - -
{submitted && error.apiKey}
- - -
- {submitted && error.productCode} -
- - -
{submitted && error.sharedKey}
- - -
- {submitted && error.managementKey} -
- -
-
- ) : (
@@ -203,7 +88,6 @@ function ApiKey() {
- )} ) diff --git a/admin-ui/app/utils/ViewRedirect.js b/admin-ui/app/utils/ViewRedirect.js index 95e918ed9..18734d59d 100644 --- a/admin-ui/app/utils/ViewRedirect.js +++ b/admin-ui/app/utils/ViewRedirect.js @@ -5,6 +5,7 @@ import { Container } from 'Components' import GluuNotification from 'Routes/Apps/Gluu/GluuNotification' import GluuCommitDialog from 'Routes/Apps/Gluu/GluuCommitDialog' import { useTranslation } from 'react-i18next' +import GluuErrorModal from '../routes/Apps/Gluu/GluuErrorModal' function ViewRedirect({ backendIsUp, @@ -49,23 +50,15 @@ function ViewRedirect({ Redirecting... {!backendIsUp && ( - 1. Admin UI Backend is down.
2. Unable to get license credentials from Gluu server.
Please contact the site administrator or check server logs.'} /> )} {isLicenseActivationResultLoaded && !isLicenseValid && ( - )} { setCorrectValue([]) diff --git a/admin-ui/plugins/auth-server/components/Configuration/JsonPropertyBuilder.js b/admin-ui/plugins/auth-server/components/Configuration/JsonPropertyBuilder.js index a08516c8b..1d7e4e14b 100644 --- a/admin-ui/plugins/auth-server/components/Configuration/JsonPropertyBuilder.js +++ b/admin-ui/plugins/auth-server/components/Configuration/JsonPropertyBuilder.js @@ -50,7 +50,11 @@ function JsonPropertyBuilder({ ) } function isObject(item) { - return typeof item === 'object' + if(item != null){ + return typeof item === 'object' + }else{ + return false; + } } function generateLabel(name) { @@ -130,7 +134,7 @@ function JsonPropertyBuilder({ {propKey.toUpperCase()}{' '} - {Object.keys(propValue).map((item, idx) => ( + {Object.keys(propValue)?.map((item, idx) => ( )} - {Object.keys(propValue).map((objKey, idx) => ( + {Object.keys(propValue)?.map((objKey, idx) => ( org.gluu casa-base - 5.0.0-SNAPSHOT + 5.0.0-10 diff --git a/casa/config/pom.xml b/casa/config/pom.xml index 50d6c5243..78465b178 100644 --- a/casa/config/pom.xml +++ b/casa/config/pom.xml @@ -9,7 +9,7 @@ org.gluu casa-base - 5.0.0-SNAPSHOT + 5.0.0-10 diff --git a/casa/plugins/bioid/pom.xml b/casa/plugins/bioid/pom.xml index 61d1873f0..96fdc42e7 100644 --- a/casa/plugins/bioid/pom.xml +++ b/casa/plugins/bioid/pom.xml @@ -5,7 +5,7 @@ org.gluu.casa.plugins ${plugin.id} - 5.0.0-SNAPSHOT + 5.0.0-10 jar diff --git a/casa/plugins/cert-authn/pom.xml b/casa/plugins/cert-authn/pom.xml index 0bf0416ca..7f5e78899 100644 --- a/casa/plugins/cert-authn/pom.xml +++ b/casa/plugins/cert-authn/pom.xml @@ -5,7 +5,7 @@ org.gluu.casa.plugins ${plugin.id} - 5.0.0-SNAPSHOT + 5.0.0-10 jar @@ -13,7 +13,7 @@ 11 cert-authn 5.0.0-8 - 1.0.9-SNAPSHOT + 1.0.11-SNAPSHOT diff --git a/casa/plugins/client-authorizations/pom.xml b/casa/plugins/client-authorizations/pom.xml index d9a9b9c8a..847278367 100644 --- a/casa/plugins/client-authorizations/pom.xml +++ b/casa/plugins/client-authorizations/pom.xml @@ -5,7 +5,7 @@ org.gluu.casa.plugins ${plugin.id} - 5.0.0-SNAPSHOT + 5.0.0-10 jar diff --git a/casa/plugins/custom-branding/pom.xml b/casa/plugins/custom-branding/pom.xml index 8987a4459..c9e6c2d2c 100644 --- a/casa/plugins/custom-branding/pom.xml +++ b/casa/plugins/custom-branding/pom.xml @@ -5,7 +5,7 @@ org.gluu.casa.plugins ${plugin.id} - 5.0.0-SNAPSHOT + 5.0.0-10 jar @@ -13,7 +13,7 @@ 11 custom-branding 5.0.0-8 - 1.0.9-SNAPSHOT + 1.0.11-SNAPSHOT diff --git a/casa/plugins/inwebo/pom.xml b/casa/plugins/inwebo/pom.xml index 0b73d3bf3..fc5d6112f 100644 --- a/casa/plugins/inwebo/pom.xml +++ b/casa/plugins/inwebo/pom.xml @@ -5,7 +5,7 @@ org.gluu.casa.plugins ${plugin.id} - 5.0.0-SNAPSHOT + 5.0.0-10 jar diff --git a/casa/plugins/samples/authentication-script-properties/pom.xml b/casa/plugins/samples/authentication-script-properties/pom.xml index 6ad19c876..c40a115f3 100644 --- a/casa/plugins/samples/authentication-script-properties/pom.xml +++ b/casa/plugins/samples/authentication-script-properties/pom.xml @@ -5,7 +5,7 @@ co.acme ${plugin.id} - 5.0.0-SNAPSHOT + 5.0.0-10 jar diff --git a/casa/plugins/samples/clients-management/pom.xml b/casa/plugins/samples/clients-management/pom.xml index a286da817..cc35aecd4 100644 --- a/casa/plugins/samples/clients-management/pom.xml +++ b/casa/plugins/samples/clients-management/pom.xml @@ -5,7 +5,7 @@ co.acme ${plugin.id} - 5.0.0-SNAPSHOT + 5.0.0-10 jar diff --git a/casa/plugins/samples/helloworld/pom.xml b/casa/plugins/samples/helloworld/pom.xml index db5639118..99b3b91fb 100644 --- a/casa/plugins/samples/helloworld/pom.xml +++ b/casa/plugins/samples/helloworld/pom.xml @@ -5,7 +5,7 @@ co.acme ${plugin.id} - 5.0.0-SNAPSHOT + 5.0.0-10 jar diff --git a/casa/plugins/samples/sample-cred-plugin/pom.xml b/casa/plugins/samples/sample-cred-plugin/pom.xml index c82106949..a4a2b125a 100644 --- a/casa/plugins/samples/sample-cred-plugin/pom.xml +++ b/casa/plugins/samples/sample-cred-plugin/pom.xml @@ -5,7 +5,7 @@ org.gluu.casa.plugins ${plugin.id} - 5.0.0-SNAPSHOT + 5.0.0-10 jar diff --git a/casa/plugins/strong-authn-settings/pom.xml b/casa/plugins/strong-authn-settings/pom.xml index 99753f07f..b568e38d4 100644 --- a/casa/plugins/strong-authn-settings/pom.xml +++ b/casa/plugins/strong-authn-settings/pom.xml @@ -5,7 +5,7 @@ org.gluu.casa.plugins ${plugin.id} - 5.0.0-SNAPSHOT + 5.0.0-10 jar @@ -13,7 +13,7 @@ 11 strong-authn-settings 5.0.0-8 - 1.0.9-SNAPSHOT + 1.0.11-SNAPSHOT diff --git a/casa/plugins/stytch/pom.xml b/casa/plugins/stytch/pom.xml index 46fce524d..8751c4ce9 100644 --- a/casa/plugins/stytch/pom.xml +++ b/casa/plugins/stytch/pom.xml @@ -5,7 +5,7 @@ org.gluu.casa.plugins ${plugin.id} - 5.0.0-SNAPSHOT + 5.0.0-10 jar diff --git a/casa/pom.xml b/casa/pom.xml index 00e67ad05..d4009b33d 100644 --- a/casa/pom.xml +++ b/casa/pom.xml @@ -5,7 +5,7 @@ org.gluu casa-base - 5.0.0-SNAPSHOT + 5.0.0-10 pom http://www.gluu.org @@ -22,7 +22,7 @@ 4.0.3.Final 3.8.0 5.0.0-SNAPSHOT - 1.0.9-SNAPSHOT + 1.0.11-SNAPSHOT 2.19.0 2.14.1 9.6.0.2-jakarta diff --git a/casa/shared/pom.xml b/casa/shared/pom.xml index 652f1b67c..3b3f4ccb0 100644 --- a/casa/shared/pom.xml +++ b/casa/shared/pom.xml @@ -9,7 +9,7 @@ org.gluu casa-base - 5.0.0-SNAPSHOT + 5.0.0-10 diff --git a/docker-admin-ui/CHANGELOG.md b/docker-admin-ui/CHANGELOG.md index c67837bae..578efac28 100644 --- a/docker-admin-ui/CHANGELOG.md +++ b/docker-admin-ui/CHANGELOG.md @@ -1,5 +1,24 @@ # Changelog +## [1.0.10-1](https://github.com/GluuFederation/flex/compare/docker-admin-ui-v1.0.9-1...docker-admin-ui-v1.0.10-1) (2023-03-16) + + +### Features + +* **docker-admin-ui:** admin-ui license registration ([#844](https://github.com/GluuFederation/flex/issues/844)) ([1b64602](https://github.com/GluuFederation/flex/commit/1b64602861501d831e1516534576f8162463d3c2)) + + +### Bug Fixes + +* prepare for 5.0.10 release ([1ffcbc7](https://github.com/GluuFederation/flex/commit/1ffcbc74d837e7a037d6cff71d990573d04bba7b)) + +## [1.0.9-1](https://github.com/GluuFederation/flex/compare/docker-admin-ui-v1.0.8-1...docker-admin-ui-v1.0.9-1) (2023-03-09) + + +### Bug Fixes + +* prepare for 5.0.0-9 release ([716d309](https://github.com/GluuFederation/flex/commit/716d309350f5713b96f482dde9e0a543e5e62286)) + ## [1.0.8-1](https://github.com/GluuFederation/flex/compare/docker-admin-ui-v1.0.7-1...docker-admin-ui-v1.0.8-1) (2023-03-02) diff --git a/docker-admin-ui/Dockerfile b/docker-admin-ui/Dockerfile index 931f7a618..be6393661 100644 --- a/docker-admin-ui/Dockerfile +++ b/docker-admin-ui/Dockerfile @@ -7,7 +7,7 @@ RUN apk update \ # TODO: # - use NODE_ENV=production # - download build package (not git clone) -ENV ADMIN_UI_VERSION=29e0cbb5166d83268ab9c3ee3c5f3e2bc4dd1489 +ENV ADMIN_UI_VERSION=66beede904dfec29997cfc05e829f6f47cc43ba3 RUN mkdir -p /opt/flex @@ -68,7 +68,7 @@ RUN python3 -m ensurepip \ # jans-linux-setup sync # ===================== -ENV JANS_SOURCE_VERSION=f622703c0dbff0f460aa092d33e7047a8f504e52 +ENV JANS_SOURCE_VERSION=8beb2b2d0f07e6ca536c2699d229250e498d1c07 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) @@ -187,13 +187,12 @@ ENV CN_WAIT_MAX_TIME=300 \ # misc stuff # ========== -LABEL name="gluufederation/admin-ui" \ - maintainer="Gluu Inc. " \ - vendor="Gluu Federation" \ - version="1.0.9" \ - release="dev" \ - summary="Gluu Admin UI" \ - description="" +LABEL org.opencontainers.image.url="ghcr.io/gluufederation/flex/admin-ui" \ + org.opencontainers.image.authors="Gluu Inc. " \ + org.opencontainers.image.vendor="Gluu Federation" \ + org.opencontainers.image.version="1.0.11" \ + org.opencontainers.image.title="Gluu Flex Admin UI" \ + org.opencontainers.image.description="" RUN mkdir -p /etc/jans/conf /etc/certs COPY templates /app/templates/ diff --git a/docker-admin-ui/Makefile b/docker-admin-ui/Makefile index fb84788b8..88b990c08 100644 --- a/docker-admin-ui/Makefile +++ b/docker-admin-ui/Makefile @@ -1,5 +1,5 @@ -GLUU_VERSION?=1.0.9 -IMAGE_NAME=gluufederation/admin-ui +GLUU_VERSION?=1.0.11 +IMAGE_NAME=ghcr.io/gluufederation/flex/admin-ui UNSTABLE_VERSION?=dev .PHONY: test clean all build-dev trivy-scan grype-scan diff --git a/docker-admin-ui/README.md b/docker-admin-ui/README.md index ca8e165f7..32b9d759a 100644 --- a/docker-admin-ui/README.md +++ b/docker-admin-ui/README.md @@ -81,6 +81,8 @@ The following environment variables are supported by the container: - `CN_GOOGLE_SPANNER_DATABASE_ID`: Google Spanner database ID. - `GLUU_ADMIN_UI_PLUGINS`: Comma-separated additional plugins to be enabled (default to empty string). See [Adding plugins](#adding-plugins) for details. - `GLUU_ADMIN_UI_AUTH_METHOD`: Authentication method for admin-ui (one of `basic` or `casa`; default to `basic`). Note, changing the value require restart to jans-config-api. +- `GLUU_SCAN_AUTH_URL`: Base URL to auth server to register license client (i.e. `https://account-dev.gluu.cloud`; default to empty string). If omitted or use default value, the URL will be pre-populated from `iss` claim included in SSA file. +- `GLUU_SCAN_API_URL`: Base URL to SCAN API host (i.e. `https://cloud-dev.gluu.cloud`; default to empty string). If omitted or use default value, the URL will be pre-populated and modified based on `iss` claim included in SSA file. ### Hybrid mapping @@ -120,3 +122,4 @@ To add plugins to AdminUI, for example `myplugin.zip` 1. Set the name of the plugin (without the extension name) in environment variable `GLUU_ADMIN_UI_PLUGINS`, for example: `GLUU_ADMIN_UI_PLUGINS=myplugin`. 2. Mount `myplugin.zip` to `/app/plugins/myplugin.zip` inside the pod/container. Note that if `/app/plugins/myplugin.zip` is not exist, plugin will be ignored. + diff --git a/docker-admin-ui/requirements.txt b/docker-admin-ui/requirements.txt index 055537d70..fdfe6e7fb 100644 --- a/docker-admin-ui/requirements.txt +++ b/docker-admin-ui/requirements.txt @@ -1,4 +1,5 @@ libcst<0.4 # pinned to py3-grpcio version to avoid failure on native extension build grpcio==1.41.0 +jwcrypto==1.4.2 git+https://github.com/JanssenProject/jans@bd3d59b28259982fc803b0dccdbeda07f328bf92#egg=jans-pycloudlib&subdirectory=jans-pycloudlib diff --git a/docker-admin-ui/scripts/bootstrap.py b/docker-admin-ui/scripts/bootstrap.py index a243149db..efbfe7844 100644 --- a/docker-admin-ui/scripts/bootstrap.py +++ b/docker-admin-ui/scripts/bootstrap.py @@ -16,6 +16,7 @@ from jans.pycloudlib.persistence.utils import PersistenceMapper from settings import LOGGING_CONFIG +from ssa import get_license_config logging.config.dictConfig(LOGGING_CONFIG) logger = logging.getLogger("entrypoint") @@ -48,12 +49,6 @@ def render_nginx_conf(manager): def main(): manager = get_manager() - # if not os.path.isfile("/etc/certs/web_https.crt"): - # manager.secret.to_file("ssl_cert", "/etc/certs/web_https.crt") - - # if not os.path.isfile("/etc/certs/web_https.key"): - # manager.secret.to_file("ssl_key", "/etc/certs/web_https.key") - render_env(manager) render_nginx_conf(manager) @@ -102,7 +97,7 @@ def get_token_server_ctx(self): if not os.path.isfile(pw_file): self.manager.secret.to_file("token_server_admin_ui_client_pw", pw_file) - ctx = { + return { "token_server_admin_ui_client_id": os.environ.get("CN_TOKEN_SERVER_CLIENT_ID") or self.manager.config.get("token_server_admin_ui_client_id"), "token_server_admin_ui_client_pw": read_from_file(pw_file), "token_server_authz_url": f"https://{hostname}{authz_endpoint}", @@ -110,7 +105,6 @@ def get_token_server_ctx(self): "token_server_introspection_url": f"https://{hostname}{introspection_endpoint}", "token_server_userinfo_url": f"https://{hostname}{userinfo_endpoint}", } - return ctx @cached_property def ctx(self): @@ -155,6 +149,8 @@ def ctx(self): ctx.update(self.get_token_server_ctx()) + ctx.update(get_license_config(self.manager)) + # finalized contexts return ctx @@ -181,9 +177,16 @@ def save_config(self): table_name = "jansAppConf" entry = self.client.get(table_name, dn) + conf = entry.get("jansConfApp") or "{}" + + should_update, merged_conf = resolve_conf_app( + json.loads(conf), + json.loads(conf_from_file), + ) - if not entry["jansConfApp"]: - entry["jansConfApp"] = conf_from_file + if should_update: + logger.info("Updating admin-ui config app") + entry["jansConfApp"] = json.dumps(merged_conf) entry["jansRevision"] += 1 self.client.update(table_name, dn, entry) @@ -195,9 +198,16 @@ def save_config(self): entry = req.json()["results"][0] conf = entry.get("jansConfApp") or {} - if not conf: + + should_update, merged_conf = resolve_conf_app( + conf, + json.loads(conf_from_file), + ) + + if should_update: + logger.info("Updating admin-ui config app") rev = entry["jansRevision"] + 1 - self.client.exec_query(f"UPDATE {bucket} USE KEYS '{dn}' SET jansConfApp={conf_from_file}, jansRevision={rev}") + self.client.exec_query(f"UPDATE {bucket} USE KEYS '{dn}' SET jansConfApp={json.dumps(merged_conf)}, jansRevision={rev}") else: entry = self.client.get(dn) @@ -206,17 +216,39 @@ def save_config(self): try: conf = attrs.get("jansConfApp", [])[0] except IndexError: - conf = "" + conf = "{}" + + should_update, merged_conf = resolve_conf_app( + json.loads(conf), + json.loads(conf_from_file), + ) - if not conf: + if should_update: + logger.info("Updating admin-ui config app") self.client.modify( dn, { "jansRevision": [(self.client.MODIFY_REPLACE, attrs["jansRevision"][0] + 1)], - "jansConfApp": [(self.client.MODIFY_REPLACE, conf_from_file)], + "jansConfApp": [(self.client.MODIFY_REPLACE, json.dumps(merged_conf))], } ) +def resolve_conf_app(old_conf, new_conf): + should_update = False + + # old_conf may still empty; replace with new_conf + if not old_conf: + return True, new_conf + + # licenseConfig is new property added after v1.0.9 release + if "licenseConfig" not in old_conf: + old_conf["licenseConfig"] = new_conf["licenseConfig"] + should_update = True + + # finalized status and conf + return should_update, old_conf + + if __name__ == "__main__": main() diff --git a/docker-admin-ui/scripts/ssa.py b/docker-admin-ui/scripts/ssa.py new file mode 100644 index 000000000..cd196c965 --- /dev/null +++ b/docker-admin-ui/scripts/ssa.py @@ -0,0 +1,137 @@ +import json +import logging.config +import os +import tempfile +import uuid + +import requests +from jwcrypto.jwt import JWT + +from jans.pycloudlib.utils import exec_cmd +from jans.pycloudlib.utils import generate_base64_contents + +from settings import LOGGING_CONFIG + +logging.config.dictConfig(LOGGING_CONFIG) +logger = logging.getLogger("entrypoint") + + +def register_license_client(ssa, reg_url): + data = { + "software_statement": ssa, + "client_name": "Gluu Flex License Client", + "response_types": ["token"], + "redirect_uris": ["http://localhost"], + } + + logger.info(f"Registering license client at {reg_url}") + + req = requests.post( + reg_url, + json=data, + # TODO: configurable verification + verify=False, # nosec: B501 + ) + + if not req.ok: + # FIXME: remote URL is throwing 422 Unprocessable entity + raise RuntimeError(f"Failed to register client at {req.request.url}; reason={req.reason} status_code={req.status_code}") + return req.json() + + +def get_enc_keys(): + logger.info("Generating public and private keys for license") + + with tempfile.TemporaryDirectory() as tmpdir: + priv_fn = os.path.join(tmpdir, "private.pem") + privkey_fn = os.path.join(tmpdir, "private_key.pem") + pubkey_fn = os.path.join(tmpdir, "public_key.pem") + + cmds = [ + f"openssl genrsa -out {priv_fn} 2048", + f"openssl rsa -in {priv_fn} -pubout -outform PEM -out {pubkey_fn}", + f"openssl pkcs8 -topk8 -inform PEM -in {priv_fn} -out {privkey_fn} -nocrypt", + ] + + for cmd in cmds: + out, err, code = exec_cmd(cmd) + + if code != 0: + err = err or out + raise RuntimeError("Unable to generate encode/decode keys for license; reason={err.decode()}") + + with open(pubkey_fn) as f: + enc_pub_key = generate_base64_contents(f.read(), 0) + + with open(privkey_fn) as f: + enc_priv_key = generate_base64_contents(f.read(), 0) + return enc_pub_key, enc_priv_key + + +def get_license_client_creds(manager): + # used mostly for testing on fresh deployment to re-use license client ID thus client registration will be skipped + # in production mode, omit or set empty string to force registering license client (if required) + client_id = os.environ.get("GLUU_LICENSE_CLIENT_ID", "") + if client_id: + logger.warning("Got license client ID from GLUU_LICENSE_CLIENT_ID env which is not suitable for production") + else: + client_id = manager.config.get("license_client_id") + + # used mostly for testing on fresh deployment to re-use license client secret + client_secret = os.environ.get("GLUU_LICENSE_CLIENT_SECRET", "") + if client_secret: + logger.warning("Got license client secret from GLUU_LICENSE_CLIENT_SECRET env which is not suitable for production") + else: + client_secret = manager.secret.get("license_client_pw") + return client_id, client_secret + + +def get_license_config(manager): + # decode SSA from file + ssa_file = os.environ.get("GLUU_SSA_FILE", "/etc/jans/conf/ssa") + + with open(ssa_file) as f: + ssa = f.read().strip() + + jwt = JWT(jwt=ssa) + payload = json.loads(jwt.token.objects["payload"].decode()) + + auth_url = os.environ.get("GLUU_SCAN_AUTH_URL") or payload["iss"] + reg_url = f"{auth_url}/jans-auth/restv1/register" + scan_url = os.environ.get("GLUU_SCAN_API_URL") or auth_url.replace("account", "cloud") + + # get license client credentials + client_id, client_secret = get_license_client_creds(manager) + + if not client_id: + resp = register_license_client(ssa, reg_url) + client_id = resp["client_id"] + client_secret = resp["client_secret"] + + # save client creds + manager.config.set("license_client_id", client_id) + manager.secret.set("license_client_pw", client_secret) + + # hardware key (unique per-installation) + hw_key = manager.config.get("license_hardware_key") + if not hw_key: + hw_key = str(uuid.uuid4()) + manager.config.set("license_hardware_key", hw_key) + + enc_pub_key = manager.secret.get("license_enc_pub_key") + enc_priv_key = manager.secret.get("license_enc_priv_key") + + if not (enc_pub_key or enc_priv_key): + enc_pub_key, enc_priv_key = get_enc_keys() + manager.secret.set("license_enc_pub_key", enc_pub_key) + manager.secret.set("license_enc_priv_key", enc_priv_key) + + return { + "cred_enc_public_key": enc_pub_key, + "cred_enc_private_key": enc_priv_key, + "license_hardware_key": hw_key, + "oidc_client_id": client_id, + "oidc_client_secret": client_secret, + "scan_license_api_hostname": scan_url, + "scan_license_auth_server_hostname": auth_url, + } diff --git a/docker-admin-ui/scripts/wait.py b/docker-admin-ui/scripts/wait.py index 5f68d383e..6999fd119 100644 --- a/docker-admin-ui/scripts/wait.py +++ b/docker-admin-ui/scripts/wait.py @@ -28,6 +28,14 @@ def main(): if auth_method not in ("basic", "casa"): raise ValueError(f"Unsupported authentication method {auth_method}") + ssa_file = os.environ.get("GLUU_SSA_FILE", "/etc/jans/conf/ssa") + if not os.path.exists(ssa_file): + raise ValueError( + f"The required SSA file is not found (default to {ssa_file}); " + "please set the location via GLUU_SSA_FILE environment variable " + "if not using the default" + ) + manager = get_manager() deps = ["config", "secret"] wait_for(manager, deps) diff --git a/docker-admin-ui/templates/auiConfiguration.json b/docker-admin-ui/templates/auiConfiguration.json index 97d51c0c2..5d905745c 100644 --- a/docker-admin-ui/templates/auiConfiguration.json +++ b/docker-admin-ui/templates/auiConfiguration.json @@ -1,33 +1,53 @@ { - "oidcConfig": { - "authServerClient": { - "opHost": "https://%(hostname)s/admin", - "clientId": "%(admin_ui_client_id)s", - "clientSecret": "%(admin_ui_client_encoded_pw)s", - "scopes": [ - "openid", - "profile", - "user_name", - "email" - ], - "acrValues": [ - "%(admin_ui_auth_method)s" - ], - "redirectUri": "https://%(hostname)s/admin", - "postLogoutUri": "https://%(hostname)s/admin", - "frontchannelLogoutUri": "https://%(hostname)s/admin/logout" + "oidcConfig": { + "authServerClient": { + "opHost": "https://%(hostname)s/admin", + "clientId": "%(admin_ui_client_id)s", + "clientSecret": "%(admin_ui_client_encoded_pw)s", + "scopes": [ + "openid", + "profile", + "user_name", + "email" + ], + "acrValues": [ + "%(admin_ui_auth_method)s" + ], + "redirectUri": "https://%(hostname)s/admin", + "postLogoutUri": "https://%(hostname)s/admin", + "frontchannelLogoutUri": "https://%(hostname)s/admin/logout" + }, + "tokenServerClient": { + "opHost": "https://%(hostname)s/admin", + "clientId": "%(token_server_admin_ui_client_id)s", + "clientSecret": "%(token_server_admin_ui_client_encoded_pw)s", + "tokenEndpoint": "%(token_server_token_url)s", + "scopes": [ + "openid", + "profile", + "user_name", + "email" + ] + } }, - "tokenServerClient": { - "opHost": "https://%(hostname)s/admin", - "clientId": "%(token_server_admin_ui_client_id)s", - "clientSecret": "%(token_server_admin_ui_client_encoded_pw)s", - "tokenEndpoint": "%(token_server_token_url)s", - "scopes": [ - "openid", - "profile", - "user_name", - "email" - ] + "licenseConfig": { + "scanLicenseApiHostname": "%(scan_license_api_hostname)s", + "scanLicenseAuthServerHostname": "%(scan_license_auth_server_hostname)s", + "licenseHardwareKey": "%(license_hardware_key)s", + "credentialsEncryptionKey": { + "alg": "RS256", + "publicKey": "%(cred_enc_public_key)s", + "privateKey": "%(cred_enc_private_key)s" + }, + "oidcClient": { + "clientId": "%(oidc_client_id)s", + "clientSecret": "%(oidc_client_secret)s", + "tokenEndpoint": null, + "redirectUri": null, + "postLogoutUri": null, + "frontchannelLogoutUri": null, + "scopes": null, + "acrValues": null + } } - } } diff --git a/docker-admin-ui/version.txt b/docker-admin-ui/version.txt index 2d5cebcb1..4a490a17a 100644 --- a/docker-admin-ui/version.txt +++ b/docker-admin-ui/version.txt @@ -1 +1 @@ -1.0.8-1 +1.0.10-1 diff --git a/docker-casa/CHANGELOG.md b/docker-casa/CHANGELOG.md index a39282765..0cd7de084 100644 --- a/docker-casa/CHANGELOG.md +++ b/docker-casa/CHANGELOG.md @@ -1,5 +1,19 @@ # Changelog +## [5.0.0-10](https://github.com/GluuFederation/flex/compare/docker-casa-v5.0.0-9...docker-casa-v5.0.0-10) (2023-03-16) + + +### Bug Fixes + +* prepare for 5.0.10 release ([1ffcbc7](https://github.com/GluuFederation/flex/commit/1ffcbc74d837e7a037d6cff71d990573d04bba7b)) + +## [5.0.0-9](https://github.com/GluuFederation/flex/compare/docker-casa-v5.0.0-8...docker-casa-v5.0.0-9) (2023-03-09) + + +### Bug Fixes + +* prepare for 5.0.0-9 release ([716d309](https://github.com/GluuFederation/flex/commit/716d309350f5713b96f482dde9e0a543e5e62286)) + ## [5.0.0-8](https://github.com/GluuFederation/flex/compare/docker-casa-v5.0.0-7...docker-casa-v5.0.0-8) (2023-03-02) diff --git a/docker-casa/Dockerfile b/docker-casa/Dockerfile index b01847169..b8ed7d18a 100644 --- a/docker-casa/Dockerfile +++ b/docker-casa/Dockerfile @@ -1,4 +1,4 @@ -FROM bellsoft/liberica-openjre-alpine:11.0.18 +FROM bellsoft/liberica-openjre-alpine:11.0.16 # =============== # Alpine packages @@ -35,7 +35,7 @@ EXPOSE 8080 # ==== ENV GLUU_VERSION=5.0.0-SNAPSHOT -ENV GLUU_BUILD_DATE='2023-03-02 09:33' +ENV GLUU_BUILD_DATE='2023-03-16 13:28' ENV GLUU_SOURCE_URL=https://jenkins.gluu.org/maven/org/gluu/casa/${GLUU_VERSION}/casa-${GLUU_VERSION}.war # Install Casa @@ -69,7 +69,7 @@ COPY conf/prometheus-config.yaml /opt/prometheus/ # jans-linux-setup sync # ===================== -ENV JANS_SOURCE_VERSION=f622703c0dbff0f460aa092d33e7047a8f504e52 +ENV JANS_SOURCE_VERSION=8beb2b2d0f07e6ca536c2699d229250e498d1c07 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) @@ -206,19 +206,18 @@ ENV CN_MAX_RAM_PERCENTAGE=75.0 \ CN_GOOGLE_SECRET_NAME_PREFIX=jans \ GLUU_CASA_ADMIN_LOCK_FILE=/opt/jans/jetty/casa/resources/.administrable \ CN_PROMETHEUS_PORT="" \ - CN_VERSION=1.0.9-SNAPSHOT + CN_VERSION=1.0.11-SNAPSHOT # ========== # misc stuff # ========== -LABEL name="gluufederation/casa" \ - maintainer="Gluu Inc. " \ - vendor="Gluu Federation" \ - version="5.0.0" \ - release="dev" \ - summary="Gluu Casa" \ - description="Self-service portal for people to manage their account security preferences in the Gluu Server, like 2FA" +LABEL org.opencontainers.image.url="ghcr.io/gluufederation/flex/casa" \ + org.opencontainers.image.authors="Gluu Inc. " \ + org.opencontainers.image.vendor="Gluu Federation" \ + org.opencontainers.image.version="5.0.0" \ + org.opencontainers.image.title="Gluu Flex Casa" \ + org.opencontainers.image.description="Self-service portal for people to manage their account security preferences in the Gluu Server, like 2FA" RUN mkdir -p /etc/certs \ /etc/jans/conf/casa \ diff --git a/docker-casa/Makefile b/docker-casa/Makefile index 68022ea2a..3bb4d67e0 100644 --- a/docker-casa/Makefile +++ b/docker-casa/Makefile @@ -1,5 +1,5 @@ GLUU_VERSION?=5.0.0 -IMAGE_NAME=gluufederation/casa +IMAGE_NAME=ghcr.io/gluufederation/flex/casa UNSTABLE_VERSION?=dev .PHONY: test clean all build-dev trivy-scan grype-scan diff --git a/docker-casa/README.md b/docker-casa/README.md index 95d5b6032..52b7a9f56 100644 --- a/docker-casa/README.md +++ b/docker-casa/README.md @@ -154,4 +154,3 @@ Hybrid persistence supports all available persistence types. To configure hybrid "session": "spanner", } ``` - diff --git a/docker-casa/version.txt b/docker-casa/version.txt index beca82bf1..4dbdb832c 100644 --- a/docker-casa/version.txt +++ b/docker-casa/version.txt @@ -1 +1 @@ -5.0.0-8 +5.0.0-10 diff --git a/docker-flex-monolith/Dockerfile b/docker-flex-monolith/Dockerfile index f7d8d7625..9e3f0fad3 100644 --- a/docker-flex-monolith/Dockerfile +++ b/docker-flex-monolith/Dockerfile @@ -41,7 +41,7 @@ EXPOSE 443 8080 1636 # flex-linux-setup # ===================== -ENV FLEX_SOURCE_VERSION=29e0cbb5166d83268ab9c3ee3c5f3e2bc4dd1489 +ENV FLEX_SOURCE_VERSION=66beede904dfec29997cfc05e829f6f47cc43ba3 # cleanup RUN rm -rf /tmp/jans @@ -55,7 +55,8 @@ COPY LICENSE /licenses/LICENSE # SETUP ENVS # ========== -ENV CN_HOSTNAME="demoexample.gluu.org" \ +ENV CN_GLUU_LICENSE_SSA="" \ + CN_HOSTNAME="demoexample.gluu.org" \ CN_ADMIN_PASS="" \ CN_ORG_NAME="Gluu" \ CN_EMAIL="support.gluu.org" \ @@ -84,13 +85,12 @@ ENV CN_HOSTNAME="demoexample.gluu.org" \ # misc stuff # ========== -LABEL name="gluufederation/monolith" \ - maintainer="GluuFederation " \ - vendor="GluuFederation" \ - version="5.0.0" \ - release="dev" \ - summary="GluuFederation Flex Monolith Image" \ - description="Janssen Authorization server + Casa + AdminUI" +LABEL org.opencontainers.image.url="ghcr.io/gluufederation/flex/monolith" \ + org.opencontainers.image.authors="GluuFederation " \ + org.opencontainers.image.vendor="GluuFederation" \ + org.opencontainers.image.version="5.0.0" \ + org.opencontainers.image.title="GluuFederation Flex Monolith Image" \ + org.opencontainers.image.description="Janssen Authorization server + Casa + AdminUI" COPY scripts /app/scripts RUN chmod +x /app/scripts/entrypoint.sh diff --git a/docker-flex-monolith/Makefile b/docker-flex-monolith/Makefile index 36d0fa084..42bed2608 100644 --- a/docker-flex-monolith/Makefile +++ b/docker-flex-monolith/Makefile @@ -1,5 +1,5 @@ CN_VERSION?=5.0.0 -IMAGE_NAME=gluufederation/monolith +IMAGE_NAME=ghcr.io/gluufederation/flex/monolith UNSTABLE_VERSION?=dev .PHONY: test clean all build-dev trivy-scan grype-scan diff --git a/docker-flex-monolith/README.md b/docker-flex-monolith/README.md index c81dc3dc4..4a6a0be59 100644 --- a/docker-flex-monolith/README.md +++ b/docker-flex-monolith/README.md @@ -13,26 +13,27 @@ For bleeding-edge/unstable version, use `gluufederation/monolith:5.0.0_dev`. The following environment variables are supported by the container: -| ENV | Description | Default | -|-------------------------|---------------------------------------------------|--------------------------------------------------| -| `CN_HOSTNAME` | Hostname to install gluu with. | `demoexample.gluu.org` | -| `CN_ADMIN_PASS` | Password of the admin user. | `1t5Fin3#security` | -| `CN_ORG_NAME` | Organization name. Used for ssl cert generation. | `Gluu` | -| `CN_EMAIL` | Email. Used for ssl cert generation. | `support@gluu.org` | -| `CN_CITY` | City. Used for ssl cert generation. | `Austin` | -| `CN_STATE` | State. Used for ssl cert generation | `TX` | -| `CN_COUNTRY` | Country. Used for ssl cert generation. | `US` | -| `IS_FQDN_REGISTERED` | If a DNS record has been added for the docker vm. | `false` | -| `CN_INSTALL_LDAP` | **NOT SUPPORTED YET** | `false` | -| `CN_INSTALL_CONFIG_API` | Installs the Config API service. | `true` | -| `CN_INSTALL_SCIM` | Installs the SCIM API service. | `true` | -| `CN_INSTALL_FIDO2` | Installs the FIDO2 API service. | `true` | -| `CN_INSTALL_CASA` | Installs the Casa service. | `true` | -| `CN_INSTALL_ADMIN_UI` | Installs the Admin UI service. | `true` | -| `RDBMS_DATABASE` | MySQL gluu flex database. | `gluu` | -| `RDBMS_USER` | MySQL database user. | `gluu` | -| `RDBMS_PASSWORD` | MySQL database user password. | `1t5Fin3#security` | -| `RDBMS_HOST` | MySQL host. | `mysql` which is the docker compose service name | +| ENV | Description | Default | +|-------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------| +| `CN_GLUU_LICENSE_SSA` | **REQUIRED** The organization/user that intends to use this needs to register with Gluu to trial Flex, after which you are issued a JWT you can use to install. | `` | +| `CN_HOSTNAME` | Hostname to install gluu with. | `demoexample.gluu.org` | +| `CN_ADMIN_PASS` | Password of the admin user. | `1t5Fin3#security` | +| `CN_ORG_NAME` | Organization name. Used for ssl cert generation. | `Gluu` | +| `CN_EMAIL` | Email. Used for ssl cert generation. | `support@gluu.org` | +| `CN_CITY` | City. Used for ssl cert generation. | `Austin` | +| `CN_STATE` | State. Used for ssl cert generation | `TX` | +| `CN_COUNTRY` | Country. Used for ssl cert generation. | `US` | +| `IS_FQDN_REGISTERED` | If a DNS record has been added for the docker vm. | `false` | +| `CN_INSTALL_LDAP` | **NOT SUPPORTED YET** | `false` | +| `CN_INSTALL_CONFIG_API` | Installs the Config API service. | `true` | +| `CN_INSTALL_SCIM` | Installs the SCIM API service. | `true` | +| `CN_INSTALL_FIDO2` | Installs the FIDO2 API service. | `true` | +| `CN_INSTALL_CASA` | Installs the Casa service. | `true` | +| `CN_INSTALL_ADMIN_UI` | Installs the Admin UI service. | `true` | +| `RDBMS_DATABASE` | MySQL gluu flex database. | `gluu` | +| `RDBMS_USER` | MySQL database user. | `gluu` | +| `RDBMS_PASSWORD` | MySQL database user password. | `1t5Fin3#security` | +| `RDBMS_HOST` | MySQL host. | `mysql` which is the docker compose service name | ## Pre-requisites diff --git a/docker-flex-monolith/scripts/entrypoint.sh b/docker-flex-monolith/scripts/entrypoint.sh index bba71675e..f4631efcd 100644 --- a/docker-flex-monolith/scripts/entrypoint.sh +++ b/docker-flex-monolith/scripts/entrypoint.sh @@ -46,6 +46,7 @@ install_flex() { echo "test_client_id=${TEST_CLIENT_ID}"| tee -a setup.properties > /dev/null echo "test_client_pw=${TEST_CLIENT_SECRET}" | tee -a setup.properties > /dev/null echo "test_client_trusted=""$([[ ${TEST_CLIENT_TRUSTED} == true ]] && echo True || echo True)" | tee -a setup.properties > /dev/null + echo "admin-ui-ssa=/opt/ssa.txt" | tee -a setup.properties > /dev/null if [[ "${CN_INSTALL_MYSQL}" == "true" ]] || [[ "${CN_INSTALL_PGSQL}" == "true" ]]; then echo "Installing with RDBMS" echo "rdbm_install=2" | tee -a setup.properties > /dev/null @@ -69,6 +70,7 @@ install_flex() { echo "***** Running the setup script for ${CN_ORG_NAME}!! *****" echo "***** PLEASE NOTE THAT THIS MAY TAKE A WHILE TO FINISH. PLEASE BE PATIENT!! *****" echo "***** Installing Gluu Flex..." + echo "$CN_GLUU_LICENSE_SSA" | tee -a /opt/ssa.txt > /dev/null curl https://raw.githubusercontent.com/GluuFederation/flex/"${FLEX_SOURCE_VERSION}"/flex-linux-setup/flex_linux_setup/flex_setup.py > flex_setup.py python3 flex_setup.py -f setup.properties --flex-non-interactive echo "***** Setup script completed!! *****" diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 0db35ac37..8b4d47e00 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -1,5 +1,21 @@ # Changelog +## [5.0.0-10](https://github.com/GluuFederation/flex/compare/docs-v5.0.0-9...docs-v5.0.0-10) (2023-03-16) + + +### Bug Fixes + +* add cn license enforcment to chart ([55fb0c9](https://github.com/GluuFederation/flex/commit/55fb0c97428a3ec704e80558679a7e9d7f88c42c)) +* prepare for 5.0.10 release ([1ffcbc7](https://github.com/GluuFederation/flex/commit/1ffcbc74d837e7a037d6cff71d990573d04bba7b)) + +## [5.0.0-9](https://github.com/GluuFederation/flex/compare/docs-v5.0.0-8...docs-v5.0.0-9) (2023-03-09) + + +### Bug Fixes + +* **docs:** ubuntu install download location ([bb3a5cd](https://github.com/GluuFederation/flex/commit/bb3a5cdc282c6089edb326675061e72d20bd8431)) +* prepare for 5.0.0-9 release ([716d309](https://github.com/GluuFederation/flex/commit/716d309350f5713b96f482dde9e0a543e5e62286)) + ## [5.0.0-8](https://github.com/GluuFederation/flex/compare/docs-v5.0.0-7...docs-v5.0.0-8) (2023-03-02) diff --git a/docs/README.md b/docs/README.md index bbeb80d5d..4187a297d 100644 --- a/docs/README.md +++ b/docs/README.md @@ -26,3 +26,4 @@ Gluu Flex uses Agama to offer an alternative way to build web-based authenticati ## Support The Gluu Flex contract includes guaranteed response times and consultative support via our [support portal](https://support.gluu.org). + diff --git a/docs/admin/config.md b/docs/admin/config.md new file mode 100644 index 000000000..077035373 --- /dev/null +++ b/docs/admin/config.md @@ -0,0 +1,21 @@ +# Configuring Gluu Flex + +## Overview + +After installing, there are four primary strategies to configure Gluu Flex. + +## Text-based User Interface (TUI) + +The current recommendation is to use the Janssen TUI to configure Flex components. The TUI calls the Config API to perform ad hoc configuration, and instructions can be found in the Janssen [documentation here.](https://docs.jans.io/v1.0.9/admin/config-guide/jans-tui/) + +## CURL Commands + +As an alternative, the Config API can be called directly using [CURL commands.](https://docs.jans.io/v1.0.9/admin/config-guide/curl/) + +## Command Line Interface (CLI) + +If needed, a command-line alternative to the TUI is available. Instructions can be found in the Janssen [documentation here.](https://docs.jans.io/v1.0.9/admin/config-guide/jans-cli/) + +## Admin UI + +The Gluu Flex Admin UI is a reactive web interface to simplify the management and configuration of your Auth Server. The Admin UI enables you to easily view and edit configuration properties, interception scripts, clients, and metrics in one place. The Admin UI can be accessed by accessing the hostname set during installation in the browser. diff --git a/docs/install/helm-install/amazon-eks.md b/docs/install/helm-install/amazon-eks.md index 720a1b5db..fcc9dbc82 100644 --- a/docs/install/helm-install/amazon-eks.md +++ b/docs/install/helm-install/amazon-eks.md @@ -38,25 +38,27 @@ Releases of images are in style 1.0.0-beta.0, 1.0.0-0 ## Initial Setup -1. Install [aws cli](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) +1. Before initiating the setup please contact Gluu to obtain a valid license or trial license. Your organization needs to register with Gluu to trial Flex, after which you are issued a JWT in base64 format that you can use to install, specified by the `.global.licenseSsa` key in the `values.yaml` of Gluus Chart. -2. Configure your AWS user account using [aws configure](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html) command. This makes you able to authenticate before creating the cluster. +2. Install [aws cli](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) + +3. Configure your AWS user account using [aws configure](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html) command. This makes you able to authenticate before creating the cluster. Note that this user account must have permissions to work with Amazon EKS IAM roles and service linked roles, AWS CloudFormation, and a VPC and related resources -3. Install [kubectl](https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html) +4. Install [kubectl](https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html) -4. Install [eksctl](https://docs.aws.amazon.com/eks/latest/userguide/getting-started-eksctl.html) +5. Install [eksctl](https://docs.aws.amazon.com/eks/latest/userguide/getting-started-eksctl.html) -5. Create cluster using eksctl such as the following example: +6. Create cluster using eksctl such as the following example: ``` eksctl create cluster --name gluu-cluster --nodegroup-name gluu-nodes --node-type NODE_TYPE --nodes 2 --managed --region REGION_CODE ``` You can adjust `node-type` and `nodes` number as per your desired cluster size -6. Install [Helm3](https://helm.sh/docs/intro/install/) +7. Install [Helm3](https://helm.sh/docs/intro/install/) -7. Create `gluu` namespace where our resources will reside +8. Create `gluu` namespace where our resources will reside ``` kubectl create namespace gluu ``` diff --git a/docs/install/helm-install/google-gke.md b/docs/install/helm-install/google-gke.md index cdc47dcc9..399c73277 100644 --- a/docs/install/helm-install/google-gke.md +++ b/docs/install/helm-install/google-gke.md @@ -38,22 +38,24 @@ Releases of images are in style 1.0.0-beta.0, 1.0.0-0 ## Initial Setup -1. If you are using Cloud Shell, you can skip to step 4. +1. Before initiating the setup please contact Gluu to obtain a valid license or trial license. Your organization needs to register with Gluu to trial Flex, after which you are issued a JWT in base64 format that you can use to install, specified by the `.global.licenseSsa` key in the `values.yaml` of Gluus Chart. -2. Install [gcloud](https://cloud.google.com/sdk/docs/quickstarts) +2. If you are using Cloud Shell, you can skip to step 4. + +3. Install [gcloud](https://cloud.google.com/sdk/docs/quickstarts) -3. Install kubectl using `gcloud components install kubectl` command +4. Install kubectl using `gcloud components install kubectl` command -4. Create cluster using a command such as the following example: +5. Create cluster using a command such as the following example: ``` gcloud container clusters create gluu-cluster --num-nodes 2 --machine-type e2-highcpu-8 --zone us-west1-a ``` You can adjust `num-nodes` and `machine-type` as per your desired cluster size -5. Install [Helm3](https://helm.sh/docs/intro/install/) +6. Install [Helm3](https://helm.sh/docs/intro/install/) -6. Create `gluu` namespace where our resources will reside +7. Create `gluu` namespace where our resources will reside ``` kubectl create namespace gluu ``` diff --git a/docs/install/helm-install/local.md b/docs/install/helm-install/local.md index a0745ec85..df236314f 100644 --- a/docs/install/helm-install/local.md +++ b/docs/install/helm-install/local.md @@ -35,6 +35,8 @@ Releases of images are in style 1.0.0-beta.0, 1.0.0-0 ## Installation Steps +Before initiating the setup please contact Gluu to obtain a valid license or trial license. Your organization needs to register with Gluu to trial Flex, after which you are issued a JWT in base64 format that you can use to install in which you will be prompted for. + Start a fresh ubuntu `18.04` or `20.04` 4 CPU, 16 GB RAM, and 50GB SSD VM with ports `443` and `80` open. Then execute the following ```bash diff --git a/docs/install/helm-install/microsoft-azure.md b/docs/install/helm-install/microsoft-azure.md index c6a82c8e6..21a18c13d 100644 --- a/docs/install/helm-install/microsoft-azure.md +++ b/docs/install/helm-install/microsoft-azure.md @@ -38,14 +38,16 @@ Releases of images are in style 1.0.0-beta.0, 1.0.0-0 ## Initial Setup -1. Install [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) +1. Before initiating the setup please contact Gluu to obtain a valid license or trial license. Your organization needs to register with Gluu to trial Flex, after which you are issued a JWT in base64 format that you can use to install, specified by the `.global.licenseSsa` key in the `values.yaml` of Gluus Chart. -2. Create a [Resource Group](https://learn.microsoft.com/en-us/azure/aks/learn/quick-kubernetes-deploy-cli#create-a-resource-group) +2. Install [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) + +3. Create a [Resource Group](https://learn.microsoft.com/en-us/azure/aks/learn/quick-kubernetes-deploy-cli#create-a-resource-group) ``` az group create --name gluu-resource-group --location eastus ``` -3. Create an [AKS cluster](https://learn.microsoft.com/en-us/azure/aks/learn/quick-kubernetes-deploy-cli#create-aks-cluster) such as the following example: +4. Create an [AKS cluster](https://learn.microsoft.com/en-us/azure/aks/learn/quick-kubernetes-deploy-cli#create-aks-cluster) such as the following example: ``` az aks create -g gluu-resource-group -n gluu-cluster --enable-managed-identity --node-vm-size NODE_TYPE --node-count 2 --enable-addons monitoring --enable-msi-auth-for-monitoring --generate-ssh-keys ``` diff --git a/docs/install/helm-install/rancher.md b/docs/install/helm-install/rancher.md index 37255a514..01bb24f7a 100644 --- a/docs/install/helm-install/rancher.md +++ b/docs/install/helm-install/rancher.md @@ -15,22 +15,23 @@ For this quick start we will use a [single node Kubernetes install in docker wit ## Installation Steps -1. Provision a Linux 4 CPU, 16 GB RAM, and 50GB SSD VM with ports `443` and `80` open. Save the VM IP address. For development environments, the VM can be set up using VMWare Workstation Player or VirtualBox with Ubuntu 20.0.4 operating system running on VM. -2. Install [Docker](https://docs.docker.com/engine/install/). -3. Execute +1. Before initiating the setup please contact Gluu to obtain a valid license or trial license. Your organization needs to register with Gluu to trial Flex, after which you are issued a JWT in base64 format that you can use to install, specified by the `.global.licenseSsa` key in the `values.yaml` of Gluus Chart. +2. Provision a Linux 4 CPU, 16 GB RAM, and 50GB SSD VM with ports `443` and `80` open. Save the VM IP address. For development environments, the VM can be set up using VMWare Workstation Player or VirtualBox with Ubuntu 20.0.4 operating system running on VM. +3. Install [Docker](https://docs.docker.com/engine/install/). +4. Execute ```bash docker run -d --restart=unless-stopped -p 80:80 -p 443:443 --privileged rancher/rancher:latest ``` The final line of the returned text is the `container-id`, which you'll need for the next step. -4. Execute the following command to get the [boostrap password](https://rancher.com/docs/rancher/v2.6/en/installation/resources/bootstrap-password/#specifying-the-bootstrap-password-in-docker-installs) for login. +5. Execute the following command to get the [boostrap password](https://rancher.com/docs/rancher/v2.6/en/installation/resources/bootstrap-password/#specifying-the-bootstrap-password-in-docker-installs) for login. ```bash docker logs 2>&1 | grep "Bootstrap Password:" ``` -5. Head to `https://` and log in with the username `admin` and the password from the previous step. If you are logging into Rancher for the first time, you'll need to enter just the password, and on the next step, Rancher will ask you to reset your current password. -6. Next you'll see the Rancher home page with a list of existing clusters. By default, the name of the newly created cluster would be `local`. Click on the cluster name to go to the dashboard. -7. From the top-left menu expand `Apps & Marketplace` and click `charts`. -8. Search for `Gluu` and begin your installation. -9. During Step 1 of installation, be sure to select the `Customize Helm options before install` options. -10. In Step 2, customize the settings for the Gluu installation. Specifically `Optional Services` from where you can enable Gluu modules. -11. In Step 3, unselect the `Wait` option and start the installation. +6. Head to `https://` and log in with the username `admin` and the password from the previous step. If you are logging into Rancher for the first time, you'll need to enter just the password, and on the next step, Rancher will ask you to reset your current password. +7. Next you'll see the Rancher home page with a list of existing clusters. By default, the name of the newly created cluster would be `local`. Click on the cluster name to go to the dashboard. +8. From the top-left menu expand `Apps & Marketplace` and click `charts`. +9. Search for `Gluu` and begin your installation. +10. During Step 1 of installation, be sure to select the `Customize Helm options before install` options. +11. In Step 2, customize the settings for the Gluu installation. Specifically `Optional Services` from where you can enable Gluu modules. +12. In Step 3, unselect the `Wait` option and start the installation. diff --git a/docs/install/vm-install/rhel.md b/docs/install/vm-install/rhel.md index 8dbdeaff6..8d9fbfb2c 100644 --- a/docs/install/vm-install/rhel.md +++ b/docs/install/vm-install/rhel.md @@ -24,24 +24,36 @@ You can disbale SELinux temporarily by executing `setenforce 0`. To disable perm [Releases](https://github.com/gluufederation/flex/releases) ``` -wget https://github.com/GluuFederation/flex/releases/download/vreplace-flex-version/flex-replace-flex-version.el8.x86_64.rpm -P ~/ +wget https://github.com/GluuFederation/flex/releases/download/vreplace-flex-version/flex-replace-flex-version.el8.x86_64.rpm -P /tmp ``` - Install the package ``` -yum install ~/flex-replace-flex-version.el8.x86_64.rpm +yum install /tmp/flex-replace-flex-version.el8.x86_64.rpm ``` ## Run the setup script -- Run the setup script in interactive mode: +- Your organization needs to register with Gluu to trial Flex, after which you are issued a JWT you can use to install, specified by the `-admin-ui-ssa` argument. + +- Run the setup script: ``` -python3 /opt/jans/jans-setup/flex/flex-linux-setup/flex_setup.py +python3 /opt/jans/jans-setup/flex/flex-linux-setup/flex_setup.py -admin-ui-ssa [filename] ``` -## RHEL Flex Uninstallation +## Log in to Text User Interface (TUI) + +Begin configuration by accessing the TUI with the following command: + +``` +/opt/jans/jans-cli/jans_cli_tui.py +``` + +Full TUI documentation can be found [here](https://docs.jans.io/v1.0.9/admin/config-guide/jans-tui/) + +## Uninstallation Removing Flex is a two step process: diff --git a/docs/install/vm-install/suse.md b/docs/install/vm-install/suse.md index 7f55c43a6..68a078565 100644 --- a/docs/install/vm-install/suse.md +++ b/docs/install/vm-install/suse.md @@ -22,24 +22,36 @@ Before you install, check the [VM system requirements](vm-requirements.md). - Download the release package from the GitHub FLEX [Releases](https://github.com/gluufederation/flex/releases) ``` -wget https://github.com/GluuFederation/flex/releases/download/vreplace-flex-version/flex-replace-flex-version.suse15.x86_64.rpm -P ~/ +wget https://github.com/GluuFederation/flex/releases/download/vreplace-flex-version/flex-replace-flex-version.suse15.x86_64.rpm -P /tmp ``` - Install the package ``` -zypper install ~/flex-replace-flex-version.suse15.x86_64.rpm +zypper install /tmp/flex-replace-flex-version.suse15.x86_64.rpm ``` ## Run the setup script -- Run the setup script in interactive mode: +- Your organization needs to register with Gluu to trial Flex, after which you are issued a JWT you can use to install, specified by the `-admin-ui-ssa` argument. + +- Run the setup script: ``` -python3 /opt/jans/jans-setup/flex/flex-linux-setup/flex_setup.py +python3 /opt/jans/jans-setup/flex/flex-linux-setup/flex_setup.py -admin-ui-ssa [filename] ``` -## SUSE Flex Uninstallation +## Log in to Text User Interface (TUI) + +Begin configuration by accessing the TUI with the following command: + +``` +/opt/jans/jans-cli/jans_cli_tui.py +``` + +Full TUI documentation can be found [here](https://docs.jans.io/v1.0.9/admin/config-guide/jans-tui/) + +## Uninstallation Removing Flex is a two step process: diff --git a/docs/install/vm-install/ubuntu.md b/docs/install/vm-install/ubuntu.md index 565ddb340..2019e457a 100644 --- a/docs/install/vm-install/ubuntu.md +++ b/docs/install/vm-install/ubuntu.md @@ -14,13 +14,13 @@ Before you install, check the [VM system requirements](vm-requirements.md). - Download the release package from the Github Gluu Flex [Releases](https://github.com/GluuFederation/flex/releases) ``` -wget https://github.com/GluuFederation/flex/releases/download/vreplace-flex-version/flex_replace-flex-version.ubuntu22.04_amd64.deb -P ~/ +wget https://github.com/GluuFederation/flex/releases/download/vreplace-flex-version/flex_replace-flex-version-ubuntu22.04_amd64.deb -P /tmp ``` - Install the package ``` -apt install -y ~/flex_replace-flex-version.ubuntu22.04_amd64.deb +apt install -y /tmp/flex_replace-flex-version-ubuntu22.04_amd64.deb ``` ### Ubuntu 20.04 @@ -28,24 +28,36 @@ apt install -y ~/flex_replace-flex-version.ubuntu22.04_amd64.deb - Download the release package from the Github Gluu Flex [Releases](https://github.com/GluuFederation/flex/releases) ``` -wget https://github.com/GluuFederation/flex/releases/download/vreplace-flex-version/flex_replace-flex-version.ubuntu20.04_amd64.deb -P ~/ +wget https://github.com/GluuFederation/flex/releases/download/vreplace-flex-version/flex_replace-flex-version-ubuntu20.04_amd64.deb -P /tmp ``` - Install the package ``` -apt install -y ~/flex_replace-flex-version.ubuntu20.04_amd64.deb +apt install -y /tmp/flex_replace-flex-version-ubuntu20.04_amd64.deb ``` ## Run the setup script -- Run the setup script in interactive mode: +- Your organization needs to register with Gluu to trial Flex, after which you are issued a JWT you can use to install, specified by the `-admin-ui-ssa` argument. + +- Run the setup script: ``` -python3 /opt/jans/jans-setup/flex/flex-linux-setup/flex_setup.py +python3 /opt/jans/jans-setup/flex/flex-linux-setup/flex_setup.py -admin-ui-ssa [filename] ``` -## Ubuntu Flex Uninstallation +## Log in to Text User Interface (TUI) + +Begin configuration by accessing the TUI with the following command: + +``` +/opt/jans/jans-cli/jans_cli_tui.py +``` + +Full TUI documentation can be found [here](https://docs.jans.io/v1.0.9/admin/config-guide/jans-tui/) + +## Uninstallation Removing Flex is a two step process: diff --git a/docs/reference/kubernetes/helm-chart.md b/docs/reference/kubernetes/helm-chart.md index a2ed39026..1009ee7eb 100644 --- a/docs/reference/kubernetes/helm-chart.md +++ b/docs/reference/kubernetes/helm-chart.md @@ -4,9 +4,10 @@ tags: - reference - kubernetes --- - # gluu +![Version: 5.0.13](https://img.shields.io/badge/Version-5.0.13-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) + Gluu Access and Identity Management **Homepage:** @@ -28,26 +29,26 @@ Kubernetes: `>=v1.21.0-0` | Repository | Name | Version | |------------|------|---------| -| | admin-ui | 5.0.10 | -| | auth-server | 5.0.10 | -| | auth-server-key-rotation | 5.0.10 | -| | casa | 5.0.10 | -| | cn-istio-ingress | 5.0.10 | -| | config | 5.0.10 | -| | config-api | 5.0.10 | -| | fido2 | 5.0.10 | -| | nginx-ingress | 5.0.10 | -| | opendj | 5.0.10 | -| | oxpassport | 5.0.10 | -| | oxshibboleth | 5.0.10 | -| | persistence | 5.0.10 | -| | scim | 5.0.10 | +| | admin-ui | 5.0.13 | +| | auth-server | 5.0.13 | +| | auth-server-key-rotation | 5.0.13 | +| | casa | 5.0.13 | +| | cn-istio-ingress | 5.0.13 | +| | config | 5.0.13 | +| | config-api | 5.0.13 | +| | fido2 | 5.0.13 | +| | nginx-ingress | 5.0.13 | +| | opendj | 5.0.13 | +| | oxpassport | 5.0.13 | +| | oxshibboleth | 5.0.13 | +| | persistence | 5.0.13 | +| | scim | 5.0.13 | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| admin-ui | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/admin-ui","tag":"1.0.5-1"},"livenessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Admin GUI for configuration of the auth-server | +| admin-ui | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/admin-ui","tag":"1.0.9-1"},"livenessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2000m","memory":"2000Mi"},"requests":{"cpu":"2000m","memory":"2000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Admin GUI for configuration of the auth-server | | admin-ui.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | admin-ui.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | admin-ui.dnsConfig | object | `{}` | Add custom dns config | @@ -58,24 +59,24 @@ Kubernetes: `>=v1.21.0-0` | admin-ui.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | admin-ui.image.pullSecrets | list | `[]` | Image Pull Secrets | | admin-ui.image.repository | string | `"gluufederation/admin-ui"` | Image to use for deploying. | -| admin-ui.image.tag | string | `"1.0.5-1"` | Image tag to use for deploying. | +| admin-ui.image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. | | admin-ui.livenessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the liveness healthcheck for the admin ui if needed. | | admin-ui.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | | admin-ui.readinessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the readiness healthcheck for the admin ui if needed. | | admin-ui.replicas | int | `1` | Service replica number. | -| admin-ui.resources | object | `{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}}` | Resource specs. | -| admin-ui.resources.limits.cpu | string | `"2500m"` | CPU limit. | -| admin-ui.resources.limits.memory | string | `"2500Mi"` | Memory limit. | -| admin-ui.resources.requests.cpu | string | `"2500m"` | CPU request. | -| admin-ui.resources.requests.memory | string | `"2500Mi"` | Memory request. | +| admin-ui.resources | object | `{"limits":{"cpu":"2000m","memory":"2000Mi"},"requests":{"cpu":"2000m","memory":"2000Mi"}}` | Resource specs. | +| admin-ui.resources.limits.cpu | string | `"2000m"` | CPU limit. | +| admin-ui.resources.limits.memory | string | `"2000Mi"` | Memory limit. | +| admin-ui.resources.requests.cpu | string | `"2000m"` | CPU request. | +| admin-ui.resources.requests.memory | string | `"2000Mi"` | Memory request. | | admin-ui.topologySpreadConstraints | object | `{}` | Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ | | admin-ui.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | | admin-ui.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | | admin-ui.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | admin-ui.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | admin-ui.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/auth-server","tag":"1.0.5-1"},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. | -| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/certmanager","tag":"1.0.5-1"},"keysLife":48,"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours | +| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/auth-server","tag":"1.0.9-1"},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. | +| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/certmanager","tag":"1.0.9-1"},"keysLife":48,"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours | | auth-server-key-rotation.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | auth-server-key-rotation.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | auth-server-key-rotation.dnsConfig | object | `{}` | Add custom dns config | @@ -83,7 +84,7 @@ Kubernetes: `>=v1.21.0-0` | auth-server-key-rotation.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | auth-server-key-rotation.image.pullSecrets | list | `[]` | Image Pull Secrets | | auth-server-key-rotation.image.repository | string | `"janssenproject/certmanager"` | Image to use for deploying. | -| auth-server-key-rotation.image.tag | string | `"1.0.5-1"` | Image tag to use for deploying. | +| auth-server-key-rotation.image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. | | auth-server-key-rotation.keysLife | int | `48` | Auth server key rotation keys life in hours | | auth-server-key-rotation.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | | auth-server-key-rotation.resources.limits.cpu | string | `"300m"` | CPU limit. | @@ -105,7 +106,7 @@ Kubernetes: `>=v1.21.0-0` | auth-server.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | auth-server.image.pullSecrets | list | `[]` | Image Pull Secrets | | auth-server.image.repository | string | `"janssenproject/auth-server"` | Image to use for deploying. | -| auth-server.image.tag | string | `"1.0.5-1"` | Image tag to use for deploying. | +| auth-server.image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. | | auth-server.livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | auth-server.livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py | | auth-server.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | @@ -122,7 +123,7 @@ Kubernetes: `>=v1.21.0-0` | auth-server.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | auth-server.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | auth-server.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| casa | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/casa","tag":"5.0.0-3"},"livenessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. | +| casa | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/casa","tag":"5.0.0-9"},"livenessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. | | casa.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | casa.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | casa.dnsConfig | object | `{}` | Add custom dns config | @@ -133,7 +134,7 @@ Kubernetes: `>=v1.21.0-0` | casa.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | casa.image.pullSecrets | list | `[]` | Image Pull Secrets | | casa.image.repository | string | `"gluufederation/casa"` | Image to use for deploying. | -| casa.image.tag | string | `"5.0.0-3"` | Image tag to use for deploying. | +| casa.image.tag | string | `"5.0.0-9"` | Image tag to use for deploying. | | casa.livenessProbe | object | `{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for casa if needed. | | casa.livenessProbe.httpGet.path | string | `"/casa/health-check"` | http liveness probe endpoint | | casa.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | @@ -151,8 +152,8 @@ Kubernetes: `>=v1.21.0-0` | casa.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | casa.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | casa.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnAwsAccessKeyId":"","cnAwsDefaultRegion":"us-west-1","cnAwsProfile":"janssen","cnAwsSecretAccessKey":"","cnAwsSecretsEndpointUrl":"","cnAwsSecretsNamePrefix":"janssen","cnAwsSecretsReplicaRegions":[],"cnCacheType":"NATIVE_PERSISTENCE","cnConfigGoogleSecretNamePrefix":"gluu","cnConfigGoogleSecretVersionId":"latest","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbgluu.default.svc.cluster.local","cnCouchbaseUser":"gluu","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerPassPhrase":"Test1234#","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPersistenceHybridMapping":"{}","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretGoogleSecretNamePrefix":"gluu","cnSecretGoogleSecretVersionId":"latest","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"jans","cnSqlDbPort":3306,"cnSqlDbSchema":"","cnSqlDbTimezone":"UTC","cnSqlDbUser":"jans","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","dnsConfig":{},"dnsPolicy":"","email":"support@gluu.org","image":{"pullSecrets":[],"repository":"janssenproject/configurator","tag":"1.0.5-1"},"ldapPassword":"P@ssw0rds","migration":{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"},"orgName":"Gluu","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. | -| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/config-api","tag":"1.0.5-1"},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). | +| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnAwsAccessKeyId":"","cnAwsDefaultRegion":"us-west-1","cnAwsProfile":"gluu","cnAwsSecretAccessKey":"","cnAwsSecretsEndpointUrl":"","cnAwsSecretsNamePrefix":"gluu","cnAwsSecretsReplicaRegions":[],"cnCacheType":"NATIVE_PERSISTENCE","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbgluu.default.svc.cluster.local","cnCouchbaseUser":"gluu","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerPassPhrase":"Test1234#","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSecretNamePrefix":"gluu","cnGoogleSecretVersionId":"latest","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPersistenceHybridMapping":"{}","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"gluu","cnSqlDbPort":3306,"cnSqlDbSchema":"","cnSqlDbTimezone":"UTC","cnSqlDbUser":"gluu","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","dnsConfig":{},"dnsPolicy":"","email":"support@gluu.org","image":{"pullSecrets":[],"repository":"janssenproject/configurator","tag":"1.0.9-1"},"ldapPassword":"P@ssw0rds","migration":{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"},"orgName":"Gluu","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. | +| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/config-api","tag":"1.0.9-1"},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). | | config-api.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | config-api.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | config-api.dnsConfig | object | `{}` | Add custom dns config | @@ -163,17 +164,17 @@ Kubernetes: `>=v1.21.0-0` | config-api.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | config-api.image.pullSecrets | list | `[]` | Image Pull Secrets | | config-api.image.repository | string | `"janssenproject/config-api"` | Image to use for deploying. | -| config-api.image.tag | string | `"1.0.5-1"` | Image tag to use for deploying. | +| config-api.image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. | | config-api.livenessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | config-api.livenessProbe.httpGet | object | `{"path":"/jans-config-api/api/v1/health/live","port":8074}` | http liveness probe endpoint | | config-api.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | | config-api.readinessProbe.httpGet | object | `{"path":"jans-config-api/api/v1/health/ready","port":8074}` | http readiness probe endpoint | | config-api.replicas | int | `1` | Service replica number. | -| config-api.resources | object | `{"limits":{"cpu":"1000m","memory":"400Mi"},"requests":{"cpu":"1000m","memory":"400Mi"}}` | Resource specs. | +| config-api.resources | object | `{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}}` | Resource specs. | | config-api.resources.limits.cpu | string | `"1000m"` | CPU limit. | -| config-api.resources.limits.memory | string | `"400Mi"` | Memory limit. | +| config-api.resources.limits.memory | string | `"1000Mi"` | Memory limit. | | config-api.resources.requests.cpu | string | `"1000m"` | CPU request. | -| config-api.resources.requests.memory | string | `"400Mi"` | Memory request. | +| config-api.resources.requests.memory | string | `"1000Mi"` | Memory request. | | config-api.topologySpreadConstraints | object | `{}` | Configure the topology spread constraints. Notice this is a map NOT a list as in the upstream API https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ | | config-api.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service | | config-api.usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 | @@ -185,8 +186,6 @@ Kubernetes: `>=v1.21.0-0` | config.adminPassword | string | `"Test1234#"` | Admin password to log in to the UI. | | config.city | string | `"Austin"` | City. Used for certificate creation. | | config.configmap.cnCacheType | string | `"NATIVE_PERSISTENCE"` | Cache type. `NATIVE_PERSISTENCE`, `REDIS`. or `IN_MEMORY`. Defaults to `NATIVE_PERSISTENCE` . | -| config.configmap.cnConfigGoogleSecretNamePrefix | string | `"gluu"` | Prefix for Gluu configuration secret in Google Secret Manager. Defaults to gluu. If left intact gluu-configuration secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | -| config.configmap.cnConfigGoogleSecretVersionId | string | `"latest"` | Secret version to be used for configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | | config.configmap.cnConfigKubernetesConfigMap | string | `"cn"` | The name of the Kubernetes ConfigMap that will hold the configuration layer | | config.configmap.cnCouchbaseBucketPrefix | string | `"jans"` | The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Gluu. | | config.configmap.cnCouchbaseCrt | string | `"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo="` | Couchbase certificate authority string. This must be encoded using base64. This can also be found in your couchbase UI Security > Root Certificate. In mTLS setups this is not required. | @@ -199,6 +198,8 @@ Kubernetes: `>=v1.21.0-0` | config.configmap.cnGoogleProjectId | string | `"google-project-to-save-config-and-secrets-to"` | Project id of the Google project the secret manager belongs to. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | | config.configmap.cnGoogleSecretManagerPassPhrase | string | `"Test1234#"` | Passphrase for Gluu secret in Google Secret Manager. This is used for encrypting and decrypting data from the Google Secret Manager. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | | config.configmap.cnGoogleSecretManagerServiceAccount | string | `"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo="` | Service account with roles roles/secretmanager.admin base64 encoded string. This is used often inside the services to reach the configuration layer. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| config.configmap.cnGoogleSecretNamePrefix | string | `"gluu"` | Prefix for Gluu secret in Google Secret Manager. Defaults to gluu. If left gluu-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | +| config.configmap.cnGoogleSecretVersionId | string | `"latest"` | Secret version to be used for secret configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | | config.configmap.cnGoogleSpannerDatabaseId | string | `""` | Google Spanner Database ID. Used only when global.cnPersistenceType is spanner. | | config.configmap.cnGoogleSpannerInstanceId | string | `""` | Google Spanner ID. Used only when global.cnPersistenceType is spanner. | | config.configmap.cnJettyRequestHeaderSize | int | `8192` | Jetty header size in bytes in the auth server | @@ -211,16 +212,14 @@ Kubernetes: `>=v1.21.0-0` | config.configmap.cnRedisUrl | string | `"redis.redis.svc.cluster.local:6379"` | Redis URL and port number :. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | | config.configmap.cnRedisUseSsl | bool | `false` | Boolean to use SSL in Redis. Can be used when `config.configmap.cnCacheType` is set to `REDIS`. | | config.configmap.cnScimProtectionMode | string | `"OAUTH"` | SCIM protection mode OAUTH|TEST|UMA | -| config.configmap.cnSecretGoogleSecretNamePrefix | string | `"gluu"` | Prefix for Gluu secret in Google Secret Manager. Defaults to gluu. If left gluu-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | -| config.configmap.cnSecretGoogleSecretVersionId | string | `"latest"` | Secret version to be used for secret configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google. | | config.configmap.cnSecretKubernetesSecret | string | `"cn"` | Kubernetes secret name holding configuration keys. Used when global.configSecretAdapter is set to kubernetes which is the default. | | config.configmap.cnSqlDbDialect | string | `"mysql"` | SQL database dialect. `mysql` or `pgsql` | | config.configmap.cnSqlDbHost | string | `"my-release-mysql.default.svc.cluster.local"` | SQL database host uri. | -| config.configmap.cnSqlDbName | string | `"jans"` | SQL database name. | +| config.configmap.cnSqlDbName | string | `"gluu"` | SQL database name. | | config.configmap.cnSqlDbPort | int | `3306` | SQL database port. | | config.configmap.cnSqlDbSchema | string | `""` | Schema name used by SQL database (default to empty-string; if using MySQL, the schema name will be resolved as the database name, whereas in PostgreSQL the schema name will be resolved as `"public"`). | | config.configmap.cnSqlDbTimezone | string | `"UTC"` | SQL database timezone. | -| config.configmap.cnSqlDbUser | string | `"jans"` | SQL database username. | +| config.configmap.cnSqlDbUser | string | `"gluu"` | SQL database username. | | config.configmap.cnSqldbUserPassword | string | `"Test1234#"` | SQL password injected the secrets . | | config.configmap.lbAddr | string | `""` | Load balancer address for AWS if the FQDN is not registered. | | config.countryCode | string | `"US"` | Country code. Used for certificate creation. | @@ -229,7 +228,7 @@ Kubernetes: `>=v1.21.0-0` | config.email | string | `"support@gluu.org"` | Email address of the administrator usually. Used for certificate creation. | | config.image.pullSecrets | list | `[]` | Image Pull Secrets | | config.image.repository | string | `"janssenproject/configurator"` | Image to use for deploying. | -| config.image.tag | string | `"1.0.5-1"` | Image tag to use for deploying. | +| config.image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. | | config.ldapPassword | string | `"P@ssw0rds"` | LDAP admin password if OpenDJ is used for persistence. | | config.migration | object | `{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"}` | CE to CN Migration section | | config.migration.enabled | bool | `false` | Boolean flag to enable migration from CE | @@ -248,7 +247,7 @@ Kubernetes: `>=v1.21.0-0` | config.usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 | | config.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | config.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/fido2","tag":"1.0.5-1"},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. | +| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/fido2","tag":"1.0.9-1"},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. | | fido2.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | fido2.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | fido2.dnsConfig | object | `{}` | Add custom dns config | @@ -259,7 +258,7 @@ Kubernetes: `>=v1.21.0-0` | fido2.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | fido2.image.pullSecrets | list | `[]` | Image Pull Secrets | | fido2.image.repository | string | `"janssenproject/fido2"` | Image to use for deploying. | -| fido2.image.tag | string | `"1.0.5-1"` | Image tag to use for deploying. | +| fido2.image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. | | fido2.livenessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for the fido2 if needed. | | fido2.livenessProbe.httpGet | object | `{"path":"/jans-fido2/sys/health-check","port":"http-fido2"}` | http liveness probe endpoint | | fido2.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | @@ -278,17 +277,18 @@ Kubernetes: `>=v1.21.0-0` | fido2.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | fido2.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | fido2.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| global | object | `{"admin-ui":{"adminUiServiceName":"admin-ui","enabled":true,"ingress":{"adminUiEnabled":false}},"alb":{"ingress":false},"auth-server":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authServerServiceName":"auth-server","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","enabled":true,"ingress":{"authServerEnabled":true,"authServerProtectedRegister":false,"authServerProtectedToken":false,"deviceCodeEnabled":true,"firebaseMessagingEnabled":true,"openidConfigEnabled":true,"u2fConfigEnabled":true,"uma2ConfigEnabled":true,"webdiscoveryEnabled":true,"webfingerEnabled":true}},"auth-server-key-rotation":{"enabled":false},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","casa":{"casaServiceName":"casa","enabled":true,"ingress":{"casaEnabled":false}},"cloud":{"testEnviroment":false},"cnAwsConfigFile":"/etc/jans/conf/aws_config_file","cnAwsSecretsReplicaRegionsFile":"/etc/jans/conf/aws_secrets_replica_regions","cnAwsSharedCredentialsFile":"/etc/jans/conf/aws_shared_credential_file","cnDocumentStoreType":"LOCAL","cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnObExtSigningAlias":"","cnObExtSigningJwksCrt":"","cnObExtSigningJwksKey":"","cnObExtSigningJwksKeyPassPhrase":"","cnObExtSigningJwksUri":"","cnObStaticSigningKeyKid":"","cnObTransportAlias":"","cnObTransportCrt":"","cnObTransportKey":"","cnObTransportKeyPassPhrase":"","cnObTransportTrustStore":"","cnPersistenceType":"sql","cnPrometheusPort":"","config":{"enabled":true},"config-api":{"adminUiAppLoggers":{"adminUiAuditLogLevel":"INFO","adminUiAuditLogTarget":"FILE","adminUiLogLevel":"INFO","adminUiLogTarget":"FILE"},"appLoggers":{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"configApiServerServiceName":"config-api","enabled":true,"ingress":{"configApiEnabled":true}},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","distribution":"default","fido2":{"appLoggers":{"fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE"},"enabled":true,"fido2ServiceName":"fido2","ingress":{"fido2ConfigEnabled":false}},"fqdn":"demoexample.gluu.org","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"additionalAnnotations":{},"additionalLabels":{},"enabled":false,"gateways":[],"ingress":false,"namespace":"istio-system"},"jobTtlSecondsAfterFinished":300,"lbIp":"22.22.22.22","nginx-ingress":{"enabled":true},"opendj":{"enabled":false,"ldapServiceName":"opendj"},"oxpassport":{"enabled":false,"oxPassportServiceName":"oxpassport"},"oxshibboleth":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","consentAuditLogLevel":"INFO","consentAuditLogTarget":"FILE","containerLogLevel":"","encryptionLogLevel":"","httpclientLogLevel":"","idpLogLevel":"INFO","idpLogTarget":"STDOUT","ldapLogLevel":"","messagesLogLevel":"","opensamlLogLevel":"","propsLogLevel":"","scriptLogLevel":"INFO","scriptLogTarget":"FILE","springLogLevel":"","xmlsecLogLevel":""},"enabled":false,"oxShibbolethServiceName":"oxshibboleth"},"persistence":{"enabled":true},"scim":{"appLoggers":{"ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":true,"ingress":{"scimConfigEnabled":false,"scimEnabled":false},"scimServiceName":"scim"},"storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"upgrade":{"enabled":false},"usrEnvs":{"normal":{},"secret":{}}}` | Parameters used globally across all services helm charts. | +| global | object | `{"admin-ui":{"adminUiServiceName":"admin-ui","enabled":true,"ingress":{"adminUiEnabled":false}},"alb":{"ingress":false},"auth-server":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authServerServiceName":"auth-server","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","enabled":true,"ingress":{"authServerEnabled":true,"authServerProtectedRegister":false,"authServerProtectedToken":false,"deviceCodeEnabled":true,"firebaseMessagingEnabled":true,"openidConfigEnabled":true,"u2fConfigEnabled":true,"uma2ConfigEnabled":true,"webdiscoveryEnabled":true,"webfingerEnabled":true}},"auth-server-key-rotation":{"enabled":false},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","casa":{"appLoggers":{"casaLogLevel":"INFO","casaLogTarget":"STDOUT","enableStdoutLogPrefix":"true","timerLogLevel":"INFO","timerLogTarget":"FILE"},"casaServiceName":"casa","enabled":true,"ingress":{"casaEnabled":false}},"cloud":{"testEnviroment":false},"cnAwsConfigFile":"/etc/jans/conf/aws_config_file","cnAwsSecretsReplicaRegionsFile":"/etc/jans/conf/aws_secrets_replica_regions","cnAwsSharedCredentialsFile":"/etc/jans/conf/aws_shared_credential_file","cnDocumentStoreType":"LOCAL","cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnObExtSigningAlias":"","cnObExtSigningJwksCrt":"","cnObExtSigningJwksKey":"","cnObExtSigningJwksKeyPassPhrase":"","cnObExtSigningJwksUri":"","cnObStaticSigningKeyKid":"","cnObTransportAlias":"","cnObTransportCrt":"","cnObTransportKey":"","cnObTransportKeyPassPhrase":"","cnObTransportTrustStore":"","cnPersistenceType":"sql","cnPrometheusPort":"","config":{"enabled":true},"config-api":{"adminUiAppLoggers":{"adminUiAuditLogLevel":"INFO","adminUiAuditLogTarget":"FILE","adminUiLogLevel":"INFO","adminUiLogTarget":"FILE","enableStdoutLogPrefix":"true"},"appLoggers":{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT","enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"configApiServerServiceName":"config-api","enabled":true,"ingress":{"configApiEnabled":true}},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","distribution":"default","fido2":{"appLoggers":{"enableStdoutLogPrefix":"true","fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":true,"fido2ServiceName":"fido2","ingress":{"fido2ConfigEnabled":false}},"fqdn":"demoexample.gluu.org","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"additionalAnnotations":{},"additionalLabels":{},"enabled":false,"gateways":[],"ingress":false,"namespace":"istio-system"},"jobTtlSecondsAfterFinished":300,"lbIp":"22.22.22.22","nginx-ingress":{"enabled":true},"opendj":{"enabled":false,"ldapServiceName":"opendj"},"oxpassport":{"enabled":false,"oxPassportServiceName":"oxpassport"},"oxshibboleth":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","consentAuditLogLevel":"INFO","consentAuditLogTarget":"FILE","containerLogLevel":"","encryptionLogLevel":"","httpclientLogLevel":"","idpLogLevel":"INFO","idpLogTarget":"STDOUT","ldapLogLevel":"","messagesLogLevel":"","opensamlLogLevel":"","propsLogLevel":"","scriptLogLevel":"INFO","scriptLogTarget":"FILE","springLogLevel":"","xmlsecLogLevel":""},"enabled":false,"oxShibbolethServiceName":"oxshibboleth"},"persistence":{"enabled":true},"scim":{"appLoggers":{"enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":true,"ingress":{"scimConfigEnabled":false,"scimEnabled":false},"scimServiceName":"scim"},"storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"usrEnvs":{"normal":{},"secret":{}}}` | Parameters used globally across all services helm charts. | | global.admin-ui.adminUiServiceName | string | `"admin-ui"` | Name of the admin-ui service. Please keep it as default. | | global.admin-ui.enabled | bool | `true` | Boolean flag to enable/disable the admin-ui chart and admin ui config api plugin. | | global.admin-ui.ingress.adminUiEnabled | bool | `false` | Enable Admin UI endpoints in either istio or nginx ingress depending on users choice | | global.alb.ingress | bool | `false` | Activates ALB ingress | | global.auth-server-key-rotation.enabled | bool | `false` | Boolean flag to enable/disable the auth-server-key rotation cronjob chart. | -| global.auth-server.appLoggers | object | `{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"}` | App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. | +| global.auth-server.appLoggers | object | `{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"}` | App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. | | global.auth-server.appLoggers.auditStatsLogLevel | string | `"INFO"` | jans-auth_audit.log level | | global.auth-server.appLoggers.auditStatsLogTarget | string | `"FILE"` | jans-auth_script.log target | | global.auth-server.appLoggers.authLogLevel | string | `"INFO"` | jans-auth.log level | | global.auth-server.appLoggers.authLogTarget | string | `"STDOUT"` | jans-auth.log target | +| global.auth-server.appLoggers.enableStdoutLogPrefix | string | `"true"` | Enable log prefixing which enables prepending the STDOUT logs with the file name. i.e auth-server-script ===> 2022-12-20 17:49:55,744 INFO | | global.auth-server.appLoggers.httpLogLevel | string | `"INFO"` | http_request_response.log level | | global.auth-server.appLoggers.httpLogTarget | string | `"FILE"` | http_request_response.log target | | global.auth-server.appLoggers.ldapStatsLogLevel | string | `"INFO"` | jans-auth_persistence_ldap_statistics.log level | @@ -317,6 +317,12 @@ Kubernetes: `>=v1.21.0-0` | global.awsStorageType | string | `"io1"` | Volume storage type if using AWS volumes. | | global.azureStorageAccountType | string | `"Standard_LRS"` | Volume storage type if using Azure disks. | | global.azureStorageKind | string | `"Managed"` | Azure storage kind if using Azure disks | +| global.casa.appLoggers | object | `{"casaLogLevel":"INFO","casaLogTarget":"STDOUT","enableStdoutLogPrefix":"true","timerLogLevel":"INFO","timerLogTarget":"FILE"}` | App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. | +| global.casa.appLoggers.casaLogLevel | string | `"INFO"` | casa.log level | +| global.casa.appLoggers.casaLogTarget | string | `"STDOUT"` | casa.log target | +| global.casa.appLoggers.enableStdoutLogPrefix | string | `"true"` | Enable log prefixing which enables prepending the STDOUT logs with the file name. i.e casa ===> 2022-12-20 17:49:55,744 INFO | +| global.casa.appLoggers.timerLogLevel | string | `"INFO"` | casa timer log level | +| global.casa.appLoggers.timerLogTarget | string | `"FILE"` | casa timer log target | | global.casa.casaServiceName | string | `"casa"` | Name of the casa service. Please keep it as default. | | global.casa.enabled | bool | `true` | Boolean flag to enable/disable the casa chart. | | global.casa.ingress | object | `{"casaEnabled":false}` | Enable endpoints in either istio or nginx ingress depending on users choice | @@ -341,14 +347,16 @@ Kubernetes: `>=v1.21.0-0` | global.config-api.adminUiAppLoggers.adminUiAuditLogTarget | string | `"FILE"` | config-api admin-ui plugin audit log target | | global.config-api.adminUiAppLoggers.adminUiLogLevel | string | `"INFO"` | config-api admin-ui plugin log target | | global.config-api.adminUiAppLoggers.adminUiLogTarget | string | `"FILE"` | config-api admin-ui plugin log level | -| global.config-api.appLoggers | object | `{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"}` | App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. | +| global.config-api.adminUiAppLoggers.enableStdoutLogPrefix | string | `"true"` | Enable log prefixing which enables prepending the STDOUT logs with the file name. i.e config-api_persistence ===> 2022-12-20 17:49:55,744 INFO | +| global.config-api.appLoggers | object | `{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT","enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"}` | App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. | | global.config-api.appLoggers.configApiLogLevel | string | `"INFO"` | configapi.log level | | global.config-api.appLoggers.configApiLogTarget | string | `"STDOUT"` | configapi.log target | +| global.config-api.appLoggers.enableStdoutLogPrefix | string | `"true"` | Enable log prefixing which enables prepending the STDOUT logs with the file name. i.e config-api_persistence ===> 2022-12-20 17:49:55,744 INFO | | global.config-api.appLoggers.ldapStatsLogLevel | string | `"INFO"` | config-api_persistence_ldap_statistics.log level | | global.config-api.appLoggers.ldapStatsLogTarget | string | `"FILE"` | config-api_persistence_ldap_statistics.log target | | global.config-api.appLoggers.persistenceDurationLogLevel | string | `"INFO"` | config-api_persistence_duration.log level | | global.config-api.appLoggers.persistenceDurationLogTarget | string | `"FILE"` | config-api_persistence_duration.log target | -| global.config-api.appLoggers.persistenceLogLevel | string | `"INFO"` | jans-auth_persistence.log level | +| global.config-api.appLoggers.persistenceLogLevel | string | `"INFO"` | config-api_persistence.log level | | global.config-api.appLoggers.persistenceLogTarget | string | `"FILE"` | config-api_persistence.log target | | global.config-api.appLoggers.scriptLogLevel | string | `"INFO"` | config-api_script.log level | | global.config-api.appLoggers.scriptLogTarget | string | `"FILE"` | config-api_script.log target | @@ -359,11 +367,16 @@ Kubernetes: `>=v1.21.0-0` | global.configAdapterName | string | `"kubernetes"` | The config backend adapter that will hold Gluu configuration layer. aws|google|kubernetes | | global.configSecretAdapter | string | `"kubernetes"` | The config backend adapter that will hold Gluu secret layer. aws|google|kubernetes | | global.distribution | string | `"default"` | Gluu distributions supported are: default|openbanking. | -| global.fido2.appLoggers | object | `{"fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE"}` | App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. | +| global.fido2.appLoggers | object | `{"enableStdoutLogPrefix":"true","fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"}` | App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. | +| global.fido2.appLoggers.enableStdoutLogPrefix | string | `"true"` | Enable log prefixing which enables prepending the STDOUT logs with the file name. i.e fido2 ===> 2022-12-20 17:49:55,744 INFO | | global.fido2.appLoggers.fido2LogLevel | string | `"INFO"` | fido2.log level | | global.fido2.appLoggers.fido2LogTarget | string | `"STDOUT"` | fido2.log target | +| global.fido2.appLoggers.persistenceDurationLogLevel | string | `"INFO"` | fido2_persistence_duration.log level | +| global.fido2.appLoggers.persistenceDurationLogTarget | string | `"FILE"` | fido2_persistence_duration.log target | | global.fido2.appLoggers.persistenceLogLevel | string | `"INFO"` | fido2_persistence.log level | | global.fido2.appLoggers.persistenceLogTarget | string | `"FILE"` | fido2_persistence.log target | +| global.fido2.appLoggers.scriptLogLevel | string | `"INFO"` | fido2_script.log level | +| global.fido2.appLoggers.scriptLogTarget | string | `"FILE"` | fido2_script.log target | | global.fido2.enabled | bool | `true` | Boolean flag to enable/disable the fido2 chart. | | global.fido2.fido2ServiceName | string | `"fido2"` | Name of the fido2 service. Please keep it as default. | | global.fido2.ingress | object | `{"fido2ConfigEnabled":false}` | Enable endpoints in either istio or nginx ingress depending on users choice | @@ -397,7 +410,8 @@ Kubernetes: `>=v1.21.0-0` | global.oxshibboleth.enabled | bool | `false` | Boolean flag to enable/disable the oxShibbboleth chart. | | global.oxshibboleth.oxShibbolethServiceName | string | `"oxshibboleth"` | Name of the oxShibboleth service. Please keep it as default. | | global.persistence.enabled | bool | `true` | Boolean flag to enable/disable the persistence chart. | -| global.scim.appLoggers | object | `{"ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"}` | App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. | +| global.scim.appLoggers | object | `{"enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"}` | App loggers can be configured to define where the logs will be redirected to and the level of each in which it should be displayed. | +| global.scim.appLoggers.enableStdoutLogPrefix | string | `"true"` | Enable log prefixing which enables prepending the STDOUT logs with the file name. i.e jans-scim ===> 2022-12-20 17:49:55,744 INFO | | global.scim.appLoggers.ldapStatsLogLevel | string | `"INFO"` | jans-scim_persistence_ldap_statistics.log level | | global.scim.appLoggers.ldapStatsLogTarget | string | `"FILE"` | jans-scim_persistence_ldap_statistics.log target | | global.scim.appLoggers.persistenceDurationLogLevel | string | `"INFO"` | jans-scim_persistence_duration.log level | @@ -415,11 +429,10 @@ Kubernetes: `>=v1.21.0-0` | global.scim.scimServiceName | string | `"scim"` | Name of the scim service. Please keep it as default. | | global.storageClass | object | `{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"}` | StorageClass section for OpenDJ charts. This is not currently used by the openbanking distribution. You may specify custom parameters as needed. | | global.storageClass.parameters | object | `{}` | parameters: fsType: "" kind: "" pool: "" storageAccountType: "" type: "" | -| global.upgrade.enabled | bool | `false` | Boolean flag used when running upgrading through versions command. Used when upgrading with LDAP as the persistence to load the 101x ldif. | | global.usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service. Envs defined in global.userEnvs will be globally available to all services | | global.usrEnvs.normal | object | `{}` | Add custom normal envs to the service. variable1: value1 | | global.usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 | -| installer-settings | object | `{"acceptLicense":"","aws":{"arn":{"arnAcmCert":"","enabled":""},"lbType":"","vpcCidr":"0.0.0.0/0"},"confirmSettings":false,"couchbase":{"backup":{"fullSchedule":"","incrementalSchedule":"","retentionTime":"","storageSize":""},"clusterName":"","commonName":"","customFileOverride":"","install":"","lowResourceInstall":"","namespace":"","subjectAlternativeName":"","totalNumberOfExpectedTransactionsPerSec":"","totalNumberOfExpectedUsers":"","volumeType":""},"currentVersion":"","google":{"useSecretManager":""},"images":{"edit":""},"ldap":{"backup":{"fullSchedule":""}},"namespace":"","nginxIngress":{"namespace":"","releaseName":""},"nodes":{"ips":"","names":"","zones":""},"openbanking":{"cnObTransportTrustStoreP12password":"","hasCnObTransportTrustStore":false},"postgres":{"install":"","namespace":""},"redis":{"install":"","namespace":""},"releaseName":"","sql":{"install":"","namespace":""},"upgrade":{"image":{"repository":"","tag":""},"targetVersion":""},"volumeProvisionStrategy":""}` | Only used by the installer. These settings do not affect nor are used by the chart | +| installer-settings | object | `{"acceptLicense":"","aws":{"arn":{"arnAcmCert":"","enabled":""},"lbType":"","vpcCidr":"0.0.0.0/0"},"confirmSettings":false,"couchbase":{"backup":{"fullSchedule":"","incrementalSchedule":"","retentionTime":"","storageSize":""},"clusterName":"","commonName":"","customFileOverride":"","install":"","lowResourceInstall":"","namespace":"","subjectAlternativeName":"","totalNumberOfExpectedTransactionsPerSec":"","totalNumberOfExpectedUsers":"","volumeType":""},"currentVersion":"","google":{"useSecretManager":""},"images":{"edit":""},"ldap":{"backup":{"fullSchedule":""}},"namespace":"","nginxIngress":{"namespace":"","releaseName":""},"nodes":{"ips":"","names":"","zones":""},"openbanking":{"cnObTransportTrustStoreP12password":"","hasCnObTransportTrustStore":false},"postgres":{"install":"","namespace":""},"redis":{"install":"","namespace":""},"releaseName":"","sql":{"install":"","namespace":""},"volumeProvisionStrategy":""}` | Only used by the installer. These settings do not affect nor are used by the chart | | nginx-ingress | object | `{"certManager":{"certificate":{"enabled":false,"issuerGroup":"cert-manager.io","issuerKind":"ClusterIssuer","issuerName":""}},"ingress":{"additionalAnnotations":{},"additionalLabels":{},"adminUiAdditionalAnnotations":{},"adminUiLabels":{},"authServerAdditionalAnnotations":{},"authServerLabels":{},"authServerProtectedRegisterAdditionalAnnotations":{},"authServerProtectedRegisterLabels":{},"authServerProtectedTokenAdditionalAnnotations":{},"authServerProtectedTokenLabels":{},"casaAdditionalAnnotations":{},"casaLabels":{},"configApiAdditionalAnnotations":{},"configApiLabels":{},"deviceCodeAdditionalAnnotations":{},"deviceCodeLabels":{},"fido2ConfigAdditionalAnnotations":{},"fido2ConfigLabels":{},"firebaseMessagingAdditionalAnnotations":{},"firebaseMessagingLabels":{},"hosts":["demoexample.gluu.org"],"openidAdditionalAnnotations":{},"openidConfigLabels":{},"path":"/","scimAdditionalAnnotations":{},"scimConfigAdditionalAnnotations":{},"scimConfigLabels":{},"scimLabels":{},"tls":[{"hosts":["demoexample.gluu.org"],"secretName":"tls-certificate"}],"u2fAdditionalAnnotations":{},"u2fConfigLabels":{},"uma2AdditionalAnnotations":{},"uma2ConfigLabels":{},"webdiscoveryAdditionalAnnotations":{},"webdiscoveryLabels":{},"webfingerAdditionalAnnotations":{},"webfingerLabels":{}}}` | Nginx ingress definitions chart | | nginx-ingress.ingress.additionalAnnotations | object | `{}` | Additional annotations that will be added across all ingress definitions in the format of {cert-manager.io/issuer: "letsencrypt-prod"} Enable client certificate authentication nginx.ingress.kubernetes.io/auth-tls-verify-client: "optional" Create the secret containing the trusted ca certificates nginx.ingress.kubernetes.io/auth-tls-secret: "gluu/tls-certificate" Specify the verification depth in the client certificates chain nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1" Specify if certificates are passed to upstream server nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" | | nginx-ingress.ingress.additionalLabels | object | `{}` | Additional labels that will be added across all ingress definitions in the format of {mylabel: "myapp"} | @@ -515,7 +528,7 @@ Kubernetes: `>=v1.21.0-0` | oxpassport.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | oxpassport.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | oxpassport.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| oxshibboleth | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/oxshibboleth","tag":"5.0.0_dev"},"livenessProbe":{"httpGet":{"path":"/idp","port":"http-oxshib"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":1},"readinessProbe":{"httpGet":{"path":"/idp","port":"http-oxshib"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Shibboleth project for the Gluu Server's SAML IDP functionality. | +| oxshibboleth | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/oxshibboleth","tag":"5.0.0_dev"},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":1},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Shibboleth project for the Gluu Server's SAML IDP functionality. | | oxshibboleth.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | oxshibboleth.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | oxshibboleth.dnsConfig | object | `{}` | Add custom dns config | @@ -527,11 +540,11 @@ Kubernetes: `>=v1.21.0-0` | oxshibboleth.image.pullSecrets | list | `[]` | Image Pull Secrets | | oxshibboleth.image.repository | string | `"gluufederation/oxshibboleth"` | Image to use for deploying. | | oxshibboleth.image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | -| oxshibboleth.livenessProbe | object | `{"httpGet":{"path":"/idp","port":"http-oxshib"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the oxShibboleth if needed. | -| oxshibboleth.livenessProbe.httpGet.path | string | `"/idp"` | http liveness probe endpoint | +| oxshibboleth.livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for oxshibboleth if needed. https://github.com/GluuFederation/docker-oxshibboleth/blob/master/scripts/healthcheck.py | +| oxshibboleth.livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. | | oxshibboleth.pdb | object | `{"enabled":true,"maxUnavailable":1}` | Configure the PodDisruptionBudget | -| oxshibboleth.readinessProbe | object | `{"httpGet":{"path":"/idp","port":"http-oxshib"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the casa if needed. | -| oxshibboleth.readinessProbe.httpGet.path | string | `"/idp"` | http liveness probe endpoint | +| oxshibboleth.readinessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the readiness healthcheck for the casa if needed. | +| oxshibboleth.readinessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. | | oxshibboleth.replicas | int | `1` | Service replica number. | | oxshibboleth.resources | object | `{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}}` | Resource specs. | | oxshibboleth.resources.limits.cpu | string | `"1000m"` | CPU limit. | @@ -544,7 +557,7 @@ Kubernetes: `>=v1.21.0-0` | oxshibboleth.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | oxshibboleth.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | oxshibboleth.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/persistence-loader","tag":"1.0.5-1"},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and initial config for Gluu Server persistence layer. | +| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/persistence-loader","tag":"1.0.9-1"},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and initial config for Gluu Server persistence layer. | | persistence.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | persistence.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | persistence.dnsConfig | object | `{}` | Add custom dns config | @@ -552,7 +565,7 @@ Kubernetes: `>=v1.21.0-0` | persistence.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | persistence.image.pullSecrets | list | `[]` | Image Pull Secrets | | persistence.image.repository | string | `"janssenproject/persistence-loader"` | Image to use for deploying. | -| persistence.image.tag | string | `"1.0.5-1"` | Image tag to use for deploying. | +| persistence.image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. | | persistence.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | | persistence.resources.limits.cpu | string | `"300m"` | CPU limit | | persistence.resources.limits.memory | string | `"300Mi"` | Memory limit. | @@ -563,7 +576,7 @@ Kubernetes: `>=v1.21.0-0` | persistence.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | persistence.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | persistence.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/scim","tag":"1.0.5-1"},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"service":{"name":"http-scim","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 | +| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/scim","tag":"1.0.9-1"},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"service":{"name":"http-scim","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 | | scim.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | scim.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | scim.dnsConfig | object | `{}` | Add custom dns config | @@ -574,7 +587,7 @@ Kubernetes: `>=v1.21.0-0` | scim.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | scim.image.pullSecrets | list | `[]` | Image Pull Secrets | | scim.image.repository | string | `"janssenproject/scim"` | Image to use for deploying. | -| scim.image.tag | string | `"1.0.5-1"` | Image tag to use for deploying. | +| scim.image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. | | scim.livenessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for SCIM if needed. | | scim.livenessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http liveness probe endpoint | | scim.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | @@ -594,3 +607,5 @@ Kubernetes: `>=v1.21.0-0` | scim.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | scim.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/flex-cn-setup/CHANGELOG.md b/flex-cn-setup/CHANGELOG.md index f9e50bf05..477b29bc0 100644 --- a/flex-cn-setup/CHANGELOG.md +++ b/flex-cn-setup/CHANGELOG.md @@ -1,5 +1,20 @@ # Changelog +## [1.0.10](https://github.com/GluuFederation/flex/compare/flex-cn-setup-v1.0.9...flex-cn-setup-v1.0.10) (2023-03-16) + + +### Bug Fixes + +* add cn license enforcment to chart ([55fb0c9](https://github.com/GluuFederation/flex/commit/55fb0c97428a3ec704e80558679a7e9d7f88c42c)) +* prepare for 5.0.10 release ([1ffcbc7](https://github.com/GluuFederation/flex/commit/1ffcbc74d837e7a037d6cff71d990573d04bba7b)) + +## [1.0.9](https://github.com/GluuFederation/flex/compare/flex-cn-setup-v1.0.8...flex-cn-setup-v1.0.9) (2023-03-09) + + +### Bug Fixes + +* prepare for 5.0.0-9 release ([716d309](https://github.com/GluuFederation/flex/commit/716d309350f5713b96f482dde9e0a543e5e62286)) + ## [1.0.8](https://github.com/GluuFederation/flex/compare/flex-cn-setup-v1.0.7...flex-cn-setup-v1.0.8) (2023-03-02) diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/Chart.yaml index 51c6c243a..d46edf36e 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/Chart.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/Chart.yaml @@ -1,29 +1,29 @@ kubeVersion: ">=v1.21.0-0" annotations: artifacthub.io/changes: | - - Chart 5.0.12 official release + - Chart 5.0.14 official release artifacthub.io/containsSecurityUpdates: "true" artifacthub.io/images: | - name: auth-server - image: janssenproject/auth-server:1.0.8-1 + image: janssenproject/auth-server:1.0.11_dev - name: auth-server-key-rotation - image: janssenproject/certmanager:1.0.8-1 + image: janssenproject/certmanager:1.0.11_dev - name: configuration-manager - image: janssenproject/configurator:1.0.8-1 + image: janssenproject/configurator:1.0.11_dev - name: config-api - image: janssenproject/config-api:1.0.8-1 + image: janssenproject/config-api:1.0.11_dev - name: fido2 - image: janssenproject/fido2:1.0.8-1 + image: janssenproject/fido2:1.0.11_dev - name: opendj image: gluufederation/opendj:5.0.0_dev - name: persistence - image: janssenproject/persistence-loader:1.0.8-1 + image: janssenproject/persistence-loader:1.0.11_dev - name: scim - image: janssenproject/scim:1.0.8-1 + image: janssenproject/scim:1.0.11_dev - name: casa image: gluufederation/casa:5.0.0_dev - name: admin-ui - image: gluufederation/admin-ui:1.0.8-1 + image: gluufederation/admin-ui:1.0.11_dev artifacthub.io/license: Apache-2.0 artifacthub.io/prerelease: "true" catalog.cattle.io/certified: partner @@ -41,60 +41,60 @@ maintainers: email: support@gluu.org description: Gluu Access and Identity Management name: gluu -version: 5.0.12 +version: 5.0.15-dev dependencies: - name: config condition: global.config.enabled - version: 5.0.12 + version: 5.0.15-dev - name: config-api condition: global.config-api.enabled - version: 5.0.12 + version: 5.0.15-dev - name: opendj condition: global.opendj.enabled - version: 5.0.12 + version: 5.0.15-dev - name: auth-server condition: global.auth-server.enabled - version: 5.0.12 + version: 5.0.15-dev - name: admin-ui condition: global.admin-ui.enabled - version: 5.0.12 + version: 5.0.15-dev - name: fido2 condition: global.fido2.enabled - version: 5.0.12 + version: 5.0.15-dev - name: scim condition: global.scim.enabled - version: 5.0.12 + version: 5.0.15-dev - name: nginx-ingress condition: global.nginx-ingress.enabled - version: 5.0.12 + version: 5.0.15-dev - name: oxshibboleth condition: global.oxshibboleth.enabled - version: 5.0.12 + version: 5.0.15-dev - name: oxpassport - version: 5.0.12 + version: 5.0.15-dev condition: global.oxpassport.enabled - name: casa - version: 5.0.12 + version: 5.0.15-dev condition: global.casa.enabled - name: auth-server-key-rotation condition: global.auth-server-key-rotation.enabled - version: 5.0.12 + version: 5.0.15-dev - name: persistence condition: global.persistence.enabled - version: 5.0.12 + version: 5.0.15-dev - name: cn-istio-ingress condition: global.istio.ingress - version: 5.0.12 + version: 5.0.15-dev diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/README.md index f2d4d8f02..9083fac24 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/README.md +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/README.md @@ -1,6 +1,6 @@ # gluu -![Version: 5.0.12](https://img.shields.io/badge/Version-5.0.12-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.15-dev](https://img.shields.io/badge/Version-5.0.15--dev-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Gluu Access and Identity Management @@ -23,26 +23,26 @@ Kubernetes: `>=v1.21.0-0` | Repository | Name | Version | |------------|------|---------| -| | admin-ui | 5.0.12 | -| | auth-server | 5.0.12 | -| | auth-server-key-rotation | 5.0.12 | -| | casa | 5.0.12 | -| | cn-istio-ingress | 5.0.12 | -| | config | 5.0.12 | -| | config-api | 5.0.12 | -| | fido2 | 5.0.12 | -| | nginx-ingress | 5.0.12 | -| | opendj | 5.0.12 | -| | oxpassport | 5.0.12 | -| | oxshibboleth | 5.0.12 | -| | persistence | 5.0.12 | -| | scim | 5.0.12 | +| | admin-ui | 5.0.15-dev | +| | auth-server | 5.0.15-dev | +| | auth-server-key-rotation | 5.0.15-dev | +| | casa | 5.0.15-dev | +| | cn-istio-ingress | 5.0.15-dev | +| | config | 5.0.15-dev | +| | config-api | 5.0.15-dev | +| | fido2 | 5.0.15-dev | +| | nginx-ingress | 5.0.15-dev | +| | opendj | 5.0.15-dev | +| | oxpassport | 5.0.15-dev | +| | oxshibboleth | 5.0.15-dev | +| | persistence | 5.0.15-dev | +| | scim | 5.0.15-dev | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| admin-ui | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/admin-ui","tag":"1.0.8-1"},"livenessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2000m","memory":"2000Mi"},"requests":{"cpu":"2000m","memory":"2000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Admin GUI for configuration of the auth-server | +| admin-ui | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/gluufederation/flex/admin-ui","tag":"1.0.11_dev"},"livenessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2000m","memory":"2000Mi"},"requests":{"cpu":"2000m","memory":"2000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Admin GUI for configuration of the auth-server | | admin-ui.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | admin-ui.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | admin-ui.dnsConfig | object | `{}` | Add custom dns config | @@ -52,8 +52,8 @@ Kubernetes: `>=v1.21.0-0` | admin-ui.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | | admin-ui.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | admin-ui.image.pullSecrets | list | `[]` | Image Pull Secrets | -| admin-ui.image.repository | string | `"gluufederation/admin-ui"` | Image to use for deploying. | -| admin-ui.image.tag | string | `"1.0.8-1"` | Image tag to use for deploying. | +| admin-ui.image.repository | string | `"ghcr.io/gluufederation/flex/admin-ui"` | Image to use for deploying. | +| admin-ui.image.tag | string | `"1.0.11_dev"` | Image tag to use for deploying. | | admin-ui.livenessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the liveness healthcheck for the admin ui if needed. | | admin-ui.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | | admin-ui.readinessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the readiness healthcheck for the admin ui if needed. | @@ -69,16 +69,16 @@ Kubernetes: `>=v1.21.0-0` | admin-ui.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | admin-ui.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | admin-ui.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/auth-server","tag":"1.0.8-1"},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. | -| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/certmanager","tag":"1.0.8-1"},"keysLife":48,"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours | +| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/auth-server","tag":"1.0.11_dev"},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. | +| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/certmanager","tag":"1.0.11_dev"},"keysLife":48,"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours | | auth-server-key-rotation.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | auth-server-key-rotation.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | auth-server-key-rotation.dnsConfig | object | `{}` | Add custom dns config | | auth-server-key-rotation.dnsPolicy | string | `""` | Add custom dns policy | | auth-server-key-rotation.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | auth-server-key-rotation.image.pullSecrets | list | `[]` | Image Pull Secrets | -| auth-server-key-rotation.image.repository | string | `"janssenproject/certmanager"` | Image to use for deploying. | -| auth-server-key-rotation.image.tag | string | `"1.0.8-1"` | Image tag to use for deploying. | +| auth-server-key-rotation.image.repository | string | `"ghcr.io/janssenproject/jans/certmanager"` | Image to use for deploying. | +| auth-server-key-rotation.image.tag | string | `"1.0.11_dev"` | Image tag to use for deploying. | | auth-server-key-rotation.keysLife | int | `48` | Auth server key rotation keys life in hours | | auth-server-key-rotation.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | | auth-server-key-rotation.resources.limits.cpu | string | `"300m"` | CPU limit. | @@ -99,8 +99,8 @@ Kubernetes: `>=v1.21.0-0` | auth-server.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | | auth-server.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | auth-server.image.pullSecrets | list | `[]` | Image Pull Secrets | -| auth-server.image.repository | string | `"janssenproject/auth-server"` | Image to use for deploying. | -| auth-server.image.tag | string | `"1.0.8-1"` | Image tag to use for deploying. | +| auth-server.image.repository | string | `"ghcr.io/janssenproject/jans/auth-server"` | Image to use for deploying. | +| auth-server.image.tag | string | `"1.0.11_dev"` | Image tag to use for deploying. | | auth-server.livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | auth-server.livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py | | auth-server.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | @@ -117,7 +117,7 @@ Kubernetes: `>=v1.21.0-0` | auth-server.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | auth-server.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | auth-server.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| casa | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/casa","tag":"5.0.0-8"},"livenessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. | +| casa | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/gluufederation/flex/casa","tag":"5.0.0_dev"},"livenessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. | | casa.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | casa.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | casa.dnsConfig | object | `{}` | Add custom dns config | @@ -127,8 +127,8 @@ Kubernetes: `>=v1.21.0-0` | casa.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | | casa.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | casa.image.pullSecrets | list | `[]` | Image Pull Secrets | -| casa.image.repository | string | `"gluufederation/casa"` | Image to use for deploying. | -| casa.image.tag | string | `"5.0.0-8"` | Image tag to use for deploying. | +| casa.image.repository | string | `"ghcr.io/gluufederation/flex/casa"` | Image to use for deploying. | +| casa.image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | | casa.livenessProbe | object | `{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for casa if needed. | | casa.livenessProbe.httpGet.path | string | `"/casa/health-check"` | http liveness probe endpoint | | casa.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | @@ -146,8 +146,8 @@ Kubernetes: `>=v1.21.0-0` | casa.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | casa.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | casa.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnAwsAccessKeyId":"","cnAwsDefaultRegion":"us-west-1","cnAwsProfile":"gluu","cnAwsSecretAccessKey":"","cnAwsSecretsEndpointUrl":"","cnAwsSecretsNamePrefix":"gluu","cnAwsSecretsReplicaRegions":[],"cnCacheType":"NATIVE_PERSISTENCE","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbgluu.default.svc.cluster.local","cnCouchbaseUser":"gluu","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerPassPhrase":"Test1234#","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSecretNamePrefix":"gluu","cnGoogleSecretVersionId":"latest","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPersistenceHybridMapping":"{}","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"gluu","cnSqlDbPort":3306,"cnSqlDbSchema":"","cnSqlDbTimezone":"UTC","cnSqlDbUser":"gluu","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","dnsConfig":{},"dnsPolicy":"","email":"support@gluu.org","image":{"pullSecrets":[],"repository":"janssenproject/configurator","tag":"1.0.8-1"},"ldapPassword":"P@ssw0rds","migration":{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"},"orgName":"Gluu","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. | -| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/config-api","tag":"1.0.8-1"},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). | +| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnAwsAccessKeyId":"","cnAwsDefaultRegion":"us-west-1","cnAwsProfile":"gluu","cnAwsSecretAccessKey":"","cnAwsSecretsEndpointUrl":"","cnAwsSecretsNamePrefix":"gluu","cnAwsSecretsReplicaRegions":[],"cnCacheType":"NATIVE_PERSISTENCE","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbgluu.default.svc.cluster.local","cnCouchbaseUser":"gluu","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerPassPhrase":"Test1234#","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSecretNamePrefix":"gluu","cnGoogleSecretVersionId":"latest","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPersistenceHybridMapping":"{}","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"gluu","cnSqlDbPort":3306,"cnSqlDbSchema":"","cnSqlDbTimezone":"UTC","cnSqlDbUser":"gluu","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","dnsConfig":{},"dnsPolicy":"","email":"support@gluu.org","image":{"pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/configurator","tag":"1.0.11_dev"},"ldapPassword":"P@ssw0rds","migration":{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"},"orgName":"Gluu","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. | +| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/config-api","tag":"1.0.11_dev"},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). | | config-api.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | config-api.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | config-api.dnsConfig | object | `{}` | Add custom dns config | @@ -157,8 +157,8 @@ Kubernetes: `>=v1.21.0-0` | config-api.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | | config-api.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | config-api.image.pullSecrets | list | `[]` | Image Pull Secrets | -| config-api.image.repository | string | `"janssenproject/config-api"` | Image to use for deploying. | -| config-api.image.tag | string | `"1.0.8-1"` | Image tag to use for deploying. | +| config-api.image.repository | string | `"ghcr.io/janssenproject/jans/config-api"` | Image to use for deploying. | +| config-api.image.tag | string | `"1.0.11_dev"` | Image tag to use for deploying. | | config-api.livenessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | config-api.livenessProbe.httpGet | object | `{"path":"/jans-config-api/api/v1/health/live","port":8074}` | http liveness probe endpoint | | config-api.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | @@ -221,8 +221,8 @@ Kubernetes: `>=v1.21.0-0` | config.dnsPolicy | string | `""` | Add custom dns policy | | config.email | string | `"support@gluu.org"` | Email address of the administrator usually. Used for certificate creation. | | config.image.pullSecrets | list | `[]` | Image Pull Secrets | -| config.image.repository | string | `"janssenproject/configurator"` | Image to use for deploying. | -| config.image.tag | string | `"1.0.8-1"` | Image tag to use for deploying. | +| config.image.repository | string | `"ghcr.io/janssenproject/jans/configurator"` | Image to use for deploying. | +| config.image.tag | string | `"1.0.11_dev"` | Image tag to use for deploying. | | config.ldapPassword | string | `"P@ssw0rds"` | LDAP admin password if OpenDJ is used for persistence. | | config.migration | object | `{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"}` | CE to CN Migration section | | config.migration.enabled | bool | `false` | Boolean flag to enable migration from CE | @@ -241,7 +241,7 @@ Kubernetes: `>=v1.21.0-0` | config.usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 | | config.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | config.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/fido2","tag":"1.0.8-1"},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. | +| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/fido2","tag":"1.0.11_dev"},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. | | fido2.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | fido2.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | fido2.dnsConfig | object | `{}` | Add custom dns config | @@ -251,8 +251,8 @@ Kubernetes: `>=v1.21.0-0` | fido2.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | | fido2.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | fido2.image.pullSecrets | list | `[]` | Image Pull Secrets | -| fido2.image.repository | string | `"janssenproject/fido2"` | Image to use for deploying. | -| fido2.image.tag | string | `"1.0.8-1"` | Image tag to use for deploying. | +| fido2.image.repository | string | `"ghcr.io/janssenproject/jans/fido2"` | Image to use for deploying. | +| fido2.image.tag | string | `"1.0.11_dev"` | Image tag to use for deploying. | | fido2.livenessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for the fido2 if needed. | | fido2.livenessProbe.httpGet | object | `{"path":"/jans-fido2/sys/health-check","port":"http-fido2"}` | http liveness probe endpoint | | fido2.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | @@ -271,7 +271,7 @@ Kubernetes: `>=v1.21.0-0` | fido2.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | fido2.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | fido2.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| global | object | `{"admin-ui":{"adminUiServiceName":"admin-ui","enabled":true,"ingress":{"adminUiEnabled":false}},"alb":{"ingress":false},"auth-server":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authServerServiceName":"auth-server","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","enabled":true,"ingress":{"authServerEnabled":true,"authServerProtectedRegister":false,"authServerProtectedToken":false,"deviceCodeEnabled":true,"firebaseMessagingEnabled":true,"openidConfigEnabled":true,"u2fConfigEnabled":true,"uma2ConfigEnabled":true,"webdiscoveryEnabled":true,"webfingerEnabled":true}},"auth-server-key-rotation":{"enabled":false},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","casa":{"appLoggers":{"casaLogLevel":"INFO","casaLogTarget":"STDOUT","enableStdoutLogPrefix":"true","timerLogLevel":"INFO","timerLogTarget":"FILE"},"casaServiceName":"casa","enabled":true,"ingress":{"casaEnabled":false}},"cloud":{"testEnviroment":false},"cnAwsConfigFile":"/etc/jans/conf/aws_config_file","cnAwsSecretsReplicaRegionsFile":"/etc/jans/conf/aws_secrets_replica_regions","cnAwsSharedCredentialsFile":"/etc/jans/conf/aws_shared_credential_file","cnDocumentStoreType":"LOCAL","cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnObExtSigningAlias":"","cnObExtSigningJwksCrt":"","cnObExtSigningJwksKey":"","cnObExtSigningJwksKeyPassPhrase":"","cnObExtSigningJwksUri":"","cnObStaticSigningKeyKid":"","cnObTransportAlias":"","cnObTransportCrt":"","cnObTransportKey":"","cnObTransportKeyPassPhrase":"","cnObTransportTrustStore":"","cnPersistenceType":"sql","cnPrometheusPort":"","config":{"enabled":true},"config-api":{"adminUiAppLoggers":{"adminUiAuditLogLevel":"INFO","adminUiAuditLogTarget":"FILE","adminUiLogLevel":"INFO","adminUiLogTarget":"FILE","enableStdoutLogPrefix":"true"},"appLoggers":{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT","enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"configApiServerServiceName":"config-api","enabled":true,"ingress":{"configApiEnabled":true}},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","distribution":"default","fido2":{"appLoggers":{"enableStdoutLogPrefix":"true","fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":true,"fido2ServiceName":"fido2","ingress":{"fido2ConfigEnabled":false}},"fqdn":"demoexample.gluu.org","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"additionalAnnotations":{},"additionalLabels":{},"enabled":false,"gateways":[],"ingress":false,"namespace":"istio-system"},"jobTtlSecondsAfterFinished":300,"lbIp":"22.22.22.22","nginx-ingress":{"enabled":true},"opendj":{"enabled":false,"ldapServiceName":"opendj"},"oxpassport":{"enabled":false,"oxPassportServiceName":"oxpassport"},"oxshibboleth":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","consentAuditLogLevel":"INFO","consentAuditLogTarget":"FILE","containerLogLevel":"","encryptionLogLevel":"","httpclientLogLevel":"","idpLogLevel":"INFO","idpLogTarget":"STDOUT","ldapLogLevel":"","messagesLogLevel":"","opensamlLogLevel":"","propsLogLevel":"","scriptLogLevel":"INFO","scriptLogTarget":"FILE","springLogLevel":"","xmlsecLogLevel":""},"enabled":false,"oxShibbolethServiceName":"oxshibboleth"},"persistence":{"enabled":true},"scim":{"appLoggers":{"enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":true,"ingress":{"scimConfigEnabled":false,"scimEnabled":false},"scimServiceName":"scim"},"storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"usrEnvs":{"normal":{},"secret":{}}}` | Parameters used globally across all services helm charts. | +| global | object | `{"admin-ui":{"adminUiServiceName":"admin-ui","enabled":true,"ingress":{"adminUiEnabled":false}},"alb":{"ingress":false},"auth-server":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authServerServiceName":"auth-server","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","enabled":true,"ingress":{"authServerEnabled":true,"authServerProtectedRegister":false,"authServerProtectedToken":false,"deviceCodeEnabled":true,"firebaseMessagingEnabled":true,"openidConfigEnabled":true,"u2fConfigEnabled":true,"uma2ConfigEnabled":true,"webdiscoveryEnabled":true,"webfingerEnabled":true}},"auth-server-key-rotation":{"enabled":false},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","casa":{"appLoggers":{"casaLogLevel":"INFO","casaLogTarget":"STDOUT","enableStdoutLogPrefix":"true","timerLogLevel":"INFO","timerLogTarget":"FILE"},"casaServiceName":"casa","enabled":true,"ingress":{"casaEnabled":false}},"cloud":{"testEnviroment":false},"cnAwsConfigFile":"/etc/jans/conf/aws_config_file","cnAwsSecretsReplicaRegionsFile":"/etc/jans/conf/aws_secrets_replica_regions","cnAwsSharedCredentialsFile":"/etc/jans/conf/aws_shared_credential_file","cnDocumentStoreType":"LOCAL","cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnObExtSigningAlias":"","cnObExtSigningJwksCrt":"","cnObExtSigningJwksKey":"","cnObExtSigningJwksKeyPassPhrase":"","cnObExtSigningJwksUri":"","cnObStaticSigningKeyKid":"","cnObTransportAlias":"","cnObTransportCrt":"","cnObTransportKey":"","cnObTransportKeyPassPhrase":"","cnObTransportTrustStore":"","cnPersistenceType":"sql","cnPrometheusPort":"","config":{"enabled":true},"config-api":{"adminUiAppLoggers":{"adminUiAuditLogLevel":"INFO","adminUiAuditLogTarget":"FILE","adminUiLogLevel":"INFO","adminUiLogTarget":"FILE","enableStdoutLogPrefix":"true"},"appLoggers":{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT","enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"configApiServerServiceName":"config-api","enabled":true,"ingress":{"configApiEnabled":true}},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","distribution":"default","fido2":{"appLoggers":{"enableStdoutLogPrefix":"true","fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":true,"fido2ServiceName":"fido2","ingress":{"fido2ConfigEnabled":false}},"fqdn":"demoexample.gluu.org","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"additionalAnnotations":{},"additionalLabels":{},"enabled":false,"gateways":[],"ingress":false,"namespace":"istio-system"},"jobTtlSecondsAfterFinished":300,"lbIp":"22.22.22.22","licenseSsa":"","nginx-ingress":{"enabled":true},"opendj":{"enabled":false,"ldapServiceName":"opendj"},"oxpassport":{"enabled":false,"oxPassportServiceName":"oxpassport"},"oxshibboleth":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","consentAuditLogLevel":"INFO","consentAuditLogTarget":"FILE","containerLogLevel":"","encryptionLogLevel":"","httpclientLogLevel":"","idpLogLevel":"INFO","idpLogTarget":"STDOUT","ldapLogLevel":"","messagesLogLevel":"","opensamlLogLevel":"","propsLogLevel":"","scriptLogLevel":"INFO","scriptLogTarget":"FILE","springLogLevel":"","xmlsecLogLevel":""},"enabled":false,"oxShibbolethServiceName":"oxshibboleth"},"persistence":{"enabled":true},"scim":{"appLoggers":{"enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":true,"ingress":{"scimConfigEnabled":false,"scimEnabled":false},"scimServiceName":"scim"},"storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"usrEnvs":{"normal":{},"secret":{}}}` | Parameters used globally across all services helm charts. | | global.admin-ui.adminUiServiceName | string | `"admin-ui"` | Name of the admin-ui service. Please keep it as default. | | global.admin-ui.enabled | bool | `true` | Boolean flag to enable/disable the admin-ui chart and admin ui config api plugin. | | global.admin-ui.ingress.adminUiEnabled | bool | `false` | Enable Admin UI endpoints in either istio or nginx ingress depending on users choice | @@ -386,6 +386,7 @@ Kubernetes: `>=v1.21.0-0` | global.istio.namespace | string | `"istio-system"` | The namespace istio is deployed in. The is normally istio-system. | | global.jobTtlSecondsAfterFinished | int | `300` | https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | | global.lbIp | string | `"22.22.22.22"` | The Loadbalancer IP created by nginx or istio on clouds that provide static IPs. This is not needed if `global.fqdn` is globally resolvable. | +| global.licenseSsa | string | `""` | Your organization needs to register with Gluu to trial Flex, after which you are issued a JWT placed here in which you can use to install. This must be base64 encoded. | | global.nginx-ingress.enabled | bool | `true` | Boolean flag to enable/disable the nginx-ingress definitions chart. | | global.opendj.enabled | bool | `false` | Boolean flag to enable/disable the OpenDJ chart. | | global.opendj.ldapServiceName | string | `"opendj"` | Name of the OpenDJ service. Please keep it as default. | @@ -551,15 +552,15 @@ Kubernetes: `>=v1.21.0-0` | oxshibboleth.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | oxshibboleth.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | oxshibboleth.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/persistence-loader","tag":"1.0.8-1"},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and initial config for Gluu Server persistence layer. | +| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/persistence-loader","tag":"1.0.11_dev"},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and initial config for Gluu Server persistence layer. | | persistence.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | persistence.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | persistence.dnsConfig | object | `{}` | Add custom dns config | | persistence.dnsPolicy | string | `""` | Add custom dns policy | | persistence.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | persistence.image.pullSecrets | list | `[]` | Image Pull Secrets | -| persistence.image.repository | string | `"janssenproject/persistence-loader"` | Image to use for deploying. | -| persistence.image.tag | string | `"1.0.8-1"` | Image tag to use for deploying. | +| persistence.image.repository | string | `"ghcr.io/janssenproject/jans/persistence-loader"` | Image to use for deploying. | +| persistence.image.tag | string | `"1.0.11_dev"` | Image tag to use for deploying. | | persistence.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | | persistence.resources.limits.cpu | string | `"300m"` | CPU limit | | persistence.resources.limits.memory | string | `"300Mi"` | Memory limit. | @@ -570,7 +571,7 @@ Kubernetes: `>=v1.21.0-0` | persistence.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | persistence.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | persistence.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/scim","tag":"1.0.8-1"},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"service":{"name":"http-scim","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 | +| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/scim","tag":"1.0.11_dev"},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"service":{"name":"http-scim","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 | | scim.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | scim.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | scim.dnsConfig | object | `{}` | Add custom dns config | @@ -580,8 +581,8 @@ Kubernetes: `>=v1.21.0-0` | scim.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | | scim.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | scim.image.pullSecrets | list | `[]` | Image Pull Secrets | -| scim.image.repository | string | `"janssenproject/scim"` | Image to use for deploying. | -| scim.image.tag | string | `"1.0.8-1"` | Image tag to use for deploying. | +| scim.image.repository | string | `"ghcr.io/janssenproject/jans/scim"` | Image to use for deploying. | +| scim.image.tag | string | `"1.0.11_dev"` | Image tag to use for deploying. | | scim.livenessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for SCIM if needed. | | scim.livenessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http liveness probe endpoint | | scim.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/Chart.yaml index be7c5619e..2254c6e7e 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/Chart.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: admin-ui -version: 5.0.12 +version: 5.0.15-dev kubeVersion: ">=v1.21.0-0" description: Admin GUI. Requires license. type: application @@ -17,4 +17,4 @@ maintainers: email: support@gluu.org url: https://github.com/moabu icon: https://gluu.org/docs/gluu-server/favicon.ico -appVersion: 5.0.0 +appVersion: "5.0.0" diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/README.md index 8e33a7583..08ab35519 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/README.md +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/README.md @@ -1,6 +1,6 @@ # admin-ui -![Version: 5.0.12](https://img.shields.io/badge/Version-5.0.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.15-dev](https://img.shields.io/badge/Version-5.0.15--dev-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Admin GUI. Requires license. @@ -35,7 +35,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"gluufederation/admin-ui"` | Image to use for deploying. | -| image.tag | string | `"1.0.8-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.11_dev"` | Image tag to use for deploying. | | livenessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the liveness healthcheck for the admin ui if needed. | | readinessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the readiness healthcheck for the admin ui if needed. | | replicas | int | `1` | Service replica number. | diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/deployment.yml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/deployment.yml index 2503bee46..7cac0c3ab 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/deployment.yml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/deployment.yml @@ -77,6 +77,9 @@ spec: {{- with .Values.volumeMounts }} {{- toYaml . | nindent 10 }} {{- end }} + - mountPath: /etc/jans/conf/ssa + name: license-ssa + subPath: ssa {{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }} - mountPath: {{ .Values.global.cnAwsSharedCredentialsFile }} name: aws-shared-credential-file @@ -127,6 +130,9 @@ spec: {{- with .Values.volumes }} {{- toYaml . | nindent 8 }} {{- end }} + - name: license-ssa + secret: + secretName: {{ .Release.Name }}-license-ssa {{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }} - name: aws-shared-credential-file secret: diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/values.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/values.yaml index fcf73d091..73e498558 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/values.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/values.yaml @@ -27,7 +27,7 @@ image: # -- Image to use for deploying. repository: gluufederation/admin-ui # -- Image tag to use for deploying. - tag: 1.0.8-1 + tag: 1.0.11_dev # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/Chart.yaml index c8eaf3a47..cfd90375f 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/Chart.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: auth-server-key-rotation -version: 5.0.12 +version: 5.0.15-dev kubeVersion: ">=v1.21.0-0" description: Responsible for regenerating auth-keys per x hours type: application diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/README.md index 35fa62caf..6a8015dc3 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/README.md +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/README.md @@ -1,6 +1,6 @@ # auth-server-key-rotation -![Version: 5.0.12](https://img.shields.io/badge/Version-5.0.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.15-dev](https://img.shields.io/badge/Version-5.0.15--dev-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Responsible for regenerating auth-keys per x hours @@ -33,7 +33,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/certmanager"` | Image to use for deploying. | -| image.tag | string | `"1.0.8-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.11_dev"` | Image tag to use for deploying. | | keysLife | int | `48` | Auth server key rotation keys life in hours | | nodeSelector | object | `{}` | | | resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/values.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/values.yaml index 852a40015..bfdfa19d7 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/values.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/values.yaml @@ -18,7 +18,7 @@ image: # -- Image to use for deploying. repository: janssenproject/certmanager # -- Image tag to use for deploying. - tag: 1.0.8-1 + tag: 1.0.11_dev # -- Image Pull Secrets pullSecrets: [ ] # -- Auth server key rotation keys life in hours diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/Chart.yaml index e0b6b30d5..bb401f347 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/Chart.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: auth-server -version: 5.0.12 +version: 5.0.15-dev kubeVersion: ">=v1.21.0-0" description: OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. type: application @@ -18,4 +18,4 @@ maintainers: email: support@gluu.org url: https://github.com/moabu icon: https://gluu.org/docs/gluu-server/favicon.ico -appVersion: 5.0.0 +appVersion: "5.0.0" diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/README.md index 8dc22d603..b1b1e960c 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/README.md +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/README.md @@ -1,6 +1,6 @@ # auth-server -![Version: 5.0.12](https://img.shields.io/badge/Version-5.0.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.15-dev](https://img.shields.io/badge/Version-5.0.15--dev-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. @@ -36,7 +36,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/auth-server"` | Image to use for deploying. | -| image.tag | string | `"1.0.8-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.11_dev"` | Image tag to use for deploying. | | livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py | | readinessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py | diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/values.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/values.yaml index 30bc6b02d..2b9ecbfff 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/values.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/values.yaml @@ -28,7 +28,7 @@ image: # -- Image to use for deploying. repository: janssenproject/auth-server # -- Image tag to use for deploying. - tag: 1.0.8-1 + tag: 1.0.11_dev # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa/Chart.yaml index b41ff54a1..bdc6ff914 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa/Chart.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: casa -version: 5.0.12 +version: 5.0.15-dev kubeVersion: ">=v1.21.0-0" description: Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. type: application diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa/README.md index 04be875e9..75d8935e6 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa/README.md +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa/README.md @@ -1,6 +1,6 @@ # casa -![Version: 5.0.12](https://img.shields.io/badge/Version-5.0.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.15-dev](https://img.shields.io/badge/Version-5.0.15--dev-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. @@ -37,7 +37,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"gluufederation/casa"` | Image to use for deploying. | -| image.tag | string | `"5.0.0-8"` | Image tag to use for deploying. | +| image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | | livenessProbe | object | `{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for casa if needed. | | livenessProbe.httpGet.path | string | `"/casa/health-check"` | http liveness probe endpoint | | nameOverride | string | `""` | | diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa/values.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa/values.yaml index 9fc8c32b1..617263064 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa/values.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa/values.yaml @@ -27,7 +27,7 @@ image: # -- Image to use for deploying. repository: gluufederation/casa # -- Image tag to use for deploying. - tag: 5.0.0-8 + tag: 5.0.0_dev # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/Chart.yaml index 429eef3f9..6c4766ffc 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/Chart.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: cn-istio-ingress -version: 5.0.12 +version: 5.0.15-dev kubeVersion: ">=v1.21.0-0" description: Istio Gateway type: application diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/README.md index 3fc481cd4..ccd2d3074 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/README.md +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress/README.md @@ -1,6 +1,6 @@ # cn-istio-ingress -![Version: 5.0.12](https://img.shields.io/badge/Version-5.0.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.15-dev](https://img.shields.io/badge/Version-5.0.15--dev-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Istio Gateway diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api/Chart.yaml index fec86f877..c18787f4d 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api/Chart.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: config-api -version: 5.0.12 +version: 5.0.15-dev kubeVersion: ">=v1.21.0-0" description: Jans Config Api endpoints can be used to configure jans-auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS) type: application diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api/README.md index 07440a0de..be75cb3a3 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api/README.md +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api/README.md @@ -1,6 +1,6 @@ # config-api -![Version: 5.0.12](https://img.shields.io/badge/Version-5.0.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.15-dev](https://img.shields.io/badge/Version-5.0.15--dev-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Jans Config Api endpoints can be used to configure jans-auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS) @@ -38,7 +38,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/config-api"` | Image to use for deploying. | -| image.tag | string | `"1.0.8-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.11_dev"` | Image tag to use for deploying. | | livenessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | livenessProbe.httpGet | object | `{"path":"/jans-config-api/api/v1/health/live","port":8074}` | Executes the python3 healthcheck. https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py | | nameOverride | string | `""` | | diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api/values.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api/values.yaml index 3d01add45..8a7560517 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api/values.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api/values.yaml @@ -33,7 +33,7 @@ image: # -- Image to use for deploying. repository: janssenproject/config-api # -- Image tag to use for deploying. - tag: 1.0.8-1 + tag: 1.0.11_dev # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/Chart.yaml index 81393e214..3df4c96e8 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/Chart.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: config -version: 5.0.12 +version: 5.0.15-dev kubeVersion: ">=v1.21.0-0" description: Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. type: application diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/README.md index 755755ac4..af36f6101 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/README.md +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/README.md @@ -1,6 +1,6 @@ # config -![Version: 5.0.12](https://img.shields.io/badge/Version-5.0.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.15-dev](https://img.shields.io/badge/Version-5.0.15--dev-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. @@ -73,7 +73,7 @@ Kubernetes: `>=v1.21.0-0` | fullNameOverride | string | `""` | | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/configurator"` | Image to use for deploying. | -| image.tag | string | `"1.0.8-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.11_dev"` | Image tag to use for deploying. | | ldapPassword | string | `"P@ssw0rds"` | LDAP admin password if OpennDJ is used for persistence. | | migration | object | `{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"}` | CE to CN Migration section | | migration.enabled | bool | `false` | Boolean flag to enable migration from CE | diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/license-secrets.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/license-secrets.yaml new file mode 100644 index 000000000..0cf764a03 --- /dev/null +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/templates/license-secrets.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-license-ssa + labels: +{{ include "config.labels" . | indent 4 }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | indent 4 }} +{{- end }} + namespace: {{ .Release.Namespace }} +type: Opaque +data: + ssa: {{ required "global.licenseSsa is required in chart values. This is a base64 string provided by Gluu to activate your license." .Values.global.licenseSsa }} \ No newline at end of file diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/values.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/values.yaml index b9e161c38..2a6c58572 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/values.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config/values.yaml @@ -106,7 +106,7 @@ image: # -- Image to use for deploying. repository: janssenproject/configurator # -- Image tag to use for deploying. - tag: 1.0.8-1 + tag: 1.0.11_dev # -- Image Pull Secrets pullSecrets: [ ] # -- LDAP admin password if OpennDJ is used for persistence. diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/Chart.yaml index dc8a114bc..263fa40cd 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/Chart.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: fido2 -version: 5.0.12 +version: 5.0.15-dev kubeVersion: ">=v1.21.0-0" description: FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. type: application diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/README.md index 4085c52d6..fd27ea71d 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/README.md +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/README.md @@ -1,6 +1,6 @@ # fido2 -![Version: 5.0.12](https://img.shields.io/badge/Version-5.0.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.15-dev](https://img.shields.io/badge/Version-5.0.15--dev-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. @@ -37,7 +37,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/fido2"` | Image to use for deploying. | -| image.tag | string | `"1.0.8-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.11_dev"` | Image tag to use for deploying. | | livenessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for the fido2 if needed. | | livenessProbe.httpGet | object | `{"path":"/jans-fido2/sys/health-check","port":"http-fido2"}` | http liveness probe endpoint | | readinessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the readiness healthcheck for the fido2 if needed. | diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/values.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/values.yaml index 5ca3c4425..8207915aa 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/values.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2/values.yaml @@ -29,7 +29,7 @@ image: # -- Image to use for deploying. repository: janssenproject/fido2 # -- Image tag to use for deploying. - tag: 1.0.8-1 + tag: 1.0.11_dev # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/Chart.yaml index ec3acc3aa..0a9db5d1d 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/Chart.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: nginx-ingress -version: 5.0.12 +version: 5.0.15-dev kubeVersion: ">=v1.21.0-0" description: Nginx ingress definitions chart type: application diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/README.md index e66ec95e4..3478a85ec 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/README.md +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress/README.md @@ -1,6 +1,6 @@ # nginx-ingress -![Version: 5.0.12](https://img.shields.io/badge/Version-5.0.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.15-dev](https://img.shields.io/badge/Version-5.0.15--dev-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Nginx ingress definitions chart diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/opendj/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/opendj/Chart.yaml index 0e109bced..ed1764ab6 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/opendj/Chart.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/opendj/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: opendj -version: 5.0.12 +version: 5.0.15-dev kubeVersion: ">=v1.21.0-0" description: OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions. type: application diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/opendj/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/opendj/README.md index dbd0dcebb..a75eb7ce6 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/opendj/README.md +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/opendj/README.md @@ -1,6 +1,6 @@ # opendj -![Version: 5.0.12](https://img.shields.io/badge/Version-5.0.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.15-dev](https://img.shields.io/badge/Version-5.0.15--dev-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions. diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/Chart.yaml index c2bcd69f9..78c319e2a 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/Chart.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: oxpassport -version: 5.0.12 +version: 5.0.15-dev kubeVersion: ">=v1.21.0-0" description: Gluu interface to Passport.js to support social login and inbound identity. type: application diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/README.md index 2ea8b660c..d7ad631ff 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/README.md +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport/README.md @@ -1,6 +1,6 @@ # oxpassport -![Version: 5.0.12](https://img.shields.io/badge/Version-5.0.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.15-dev](https://img.shields.io/badge/Version-5.0.15--dev-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Gluu interface to Passport.js to support social login and inbound identity. diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/Chart.yaml index 3352c1f5b..a56dad285 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/Chart.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: oxshibboleth -version: 5.0.12 +version: 5.0.15-dev kubeVersion: ">=v1.21.0-0" description: Shibboleth project for the Gluu Server's SAML IDP functionality. type: application diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/README.md index 526a012fe..83264994b 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/README.md +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth/README.md @@ -1,6 +1,6 @@ # oxshibboleth -![Version: 5.0.12](https://img.shields.io/badge/Version-5.0.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.15-dev](https://img.shields.io/badge/Version-5.0.15--dev-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Shibboleth project for the Gluu Server's SAML IDP functionality. diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence/Chart.yaml index dbf539821..d545229f8 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence/Chart.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: persistence -version: 5.0.12 +version: 5.0.15-dev kubeVersion: ">=v1.21.0-0" description: Job to generate data and initial config for Gluu Server persistence layer. type: application diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence/README.md index 7a6c41a8f..efdf79b52 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence/README.md +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence/README.md @@ -1,6 +1,6 @@ # persistence -![Version: 5.0.12](https://img.shields.io/badge/Version-5.0.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.15-dev](https://img.shields.io/badge/Version-5.0.15--dev-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Job to generate data and initial config for Gluu Server persistence layer. @@ -33,7 +33,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"gluufederation/persistence"` | Image to use for deploying. | -| image.tag | string | `"1.0.8-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.11_dev"` | Image tag to use for deploying. | | imagePullSecrets | list | `[]` | | | nameOverride | string | `""` | | | resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence/values.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence/values.yaml index 038332e37..02e0d760c 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence/values.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence/values.yaml @@ -18,7 +18,7 @@ image: # -- Image to use for deploying. repository: gluufederation/persistence # -- Image tag to use for deploying. - tag: 1.0.8-1 + tag: 1.0.11_dev # -- Image Pull Secrets pullSecrets: [ ] # -- Resource specs. diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/Chart.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/Chart.yaml index 7b2a260a5..fec3a8abe 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/Chart.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: scim -version: 5.0.12 +version: 5.0.15-dev kubeVersion: ">=v1.21.0-0" description: System for Cross-domain Identity Management (SCIM) version 2.0 type: application diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/README.md b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/README.md index 4b87e77a8..67bacfef1 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/README.md +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/README.md @@ -1,6 +1,6 @@ # scim -![Version: 5.0.12](https://img.shields.io/badge/Version-5.0.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.15-dev](https://img.shields.io/badge/Version-5.0.15--dev-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) System for Cross-domain Identity Management (SCIM) version 2.0 @@ -36,7 +36,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/scim"` | Image to use for deploying. | -| image.tag | string | `"1.0.8-1"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.11_dev"` | Image tag to use for deploying. | | livenessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for SCIM if needed. | | livenessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http liveness probe endpoint | | readinessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the SCIM if needed. | diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/values.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/values.yaml index 6fef9ee9e..458dfac80 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/values.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim/values.yaml @@ -28,7 +28,7 @@ image: # -- Image to use for deploying. repository: janssenproject/scim # -- Image tag to use for deploying. - tag: 1.0.8-1 + tag: 1.0.11_dev # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/openbanking-values.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/openbanking-values.yaml index f62471a69..0e61d252f 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/openbanking-values.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/openbanking-values.yaml @@ -28,7 +28,7 @@ auth-server: # -- Image to use for deploying. repository: janssenproject/auth-server # -- Image tag to use for deploying. - tag: 1.0.8-1 + tag: 1.0.11_dev # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -167,7 +167,7 @@ config: # -- Image to use for deploying. repository: janssenproject/configurator # -- Image tag to use for deploying. - tag: 1.0.8-1 + tag: 1.0.11_dev # -- Image Pull Secrets pullSecrets: [ ] # -- Organization name. Used for certificate creation. @@ -231,7 +231,7 @@ config-api: # -- Image to use for deploying. repository: janssenproject/config-api # -- Image tag to use for deploying. - tag: 1.0.8-1 + tag: 1.0.11_dev # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -674,7 +674,7 @@ persistence: # -- Image to use for deploying. repository: janssenproject/persistence-loader # -- Image tag to use for deploying. - tag: 1.0.8-1 + tag: 1.0.11_dev # -- Image Pull Secrets pullSecrets: [ ] # -- Resource specs. diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/values.schema.json b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/values.schema.json index 8529ffcaa..11b96aa7c 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/values.schema.json +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/values.schema.json @@ -237,8 +237,7 @@ "properties":{ "repository":{ "description":"Image to use for deploying", - "type":"string", - "pattern":"^[a-z0-9-_/]+$" + "type":"string" }, "tag":{ "description":"Image tag to use for deploying.", @@ -321,6 +320,11 @@ "description":"Parameters used globally across all services helm charts.", "type":"object", "properties":{ + "licenseSsa":{ + "description":"Your organization needs to register with Gluu to trial Flex, after which you are issued a JWT placed here in which you can use to install. This must be base64 encoded.", + "type":"string", + "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, "alb":{ "type":"object", "properties":{ @@ -1221,8 +1225,7 @@ }, "repository":{ "description":"Image to use for deploying", - "type":"string", - "pattern":"^[a-z0-9-_/]+$" + "type":"string" }, "tag":{ "description":"Image tag to use for deploying.", @@ -1361,8 +1364,7 @@ }, "repository":{ "description":"Image to use for deploying", - "type":"string", - "pattern":"^[a-z0-9-_/]+$" + "type":"string" }, "tag":{ "description":"Image tag to use for deploying.", @@ -1470,8 +1472,7 @@ }, "repository":{ "description":"Image to use for deploying", - "type":"string", - "pattern":"^[a-z0-9-_/]+$" + "type":"string" }, "tag":{ "description":"Image tag to use for deploying.", @@ -1615,8 +1616,7 @@ }, "repository":{ "description":"Image to use for deploying", - "type":"string", - "pattern":"^[a-z0-9-_/]+$" + "type":"string" }, "tag":{ "description":"Image tag to use for deploying.", @@ -1756,8 +1756,7 @@ }, "repository":{ "description":"Image to use for deploying", - "type":"string", - "pattern":"^[a-z0-9-_/]+$" + "type":"string" }, "tag":{ "description":"Image tag to use for deploying.", @@ -1858,8 +1857,7 @@ }, "repository":{ "description":"Image to use for deploying", - "type":"string", - "pattern":"^[a-z0-9-_/]+$" + "type":"string" }, "tag":{ "description":"Image tag to use for deploying.", @@ -2136,8 +2134,7 @@ }, "repository":{ "description":"Image to use for deploying", - "type":"string", - "pattern":"^[a-z0-9-_/]+$" + "type":"string" }, "tag":{ "description":"Image tag to use for deploying.", @@ -2395,8 +2392,7 @@ }, "repository":{ "description":"Image to use for deploying", - "type":"string", - "pattern":"^[a-z0-9-_/]+$" + "type":"string" }, "tag":{ "description":"Image tag to use for deploying.", @@ -2547,8 +2543,7 @@ }, "repository":{ "description":"Image to use for deploying", - "type":"string", - "pattern":"^[a-z0-9-_/]+$" + "type":"string" }, "tag":{ "description":"Image tag to use for deploying.", @@ -2671,8 +2666,7 @@ }, "repository":{ "description":"Image to use for deploying", - "type":"string", - "pattern":"^[a-z0-9-_/]+$" + "type":"string" }, "tag":{ "description":"Image tag to use for deploying.", @@ -2809,8 +2803,7 @@ }, "repository":{ "description":"Image to use for deploying", - "type":"string", - "pattern":"^[a-z0-9-_/]+$" + "type":"string" }, "tag":{ "description":"Image tag to use for deploying.", diff --git a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/values.yaml b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/values.yaml index bb0662d07..c56f3eeef 100644 --- a/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/values.yaml +++ b/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/values.yaml @@ -104,9 +104,9 @@ admin-ui: # -- Image pullPolicy to use for deploying. pullPolicy: IfNotPresent # -- Image to use for deploying. - repository: gluufederation/admin-ui + repository: ghcr.io/gluufederation/flex/admin-ui # -- Image tag to use for deploying. - tag: 1.0.8-1 + tag: 1.0.11_dev # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -195,9 +195,9 @@ auth-server: # -- Image pullPolicy to use for deploying. pullPolicy: IfNotPresent # -- Image to use for deploying. - repository: janssenproject/auth-server + repository: ghcr.io/janssenproject/jans/auth-server # -- Image tag to use for deploying. - tag: 1.0.8-1 + tag: 1.0.11_dev # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -262,9 +262,9 @@ auth-server-key-rotation: # -- Image pullPolicy to use for deploying. pullPolicy: IfNotPresent # -- Image to use for deploying. - repository: janssenproject/certmanager + repository: ghcr.io/janssenproject/jans/certmanager # -- Image tag to use for deploying. - tag: 1.0.8-1 + tag: 1.0.11_dev # -- Image Pull Secrets pullSecrets: [ ] # -- Auth server key rotation keys life in hours @@ -337,9 +337,9 @@ casa: # -- Image pullPolicy to use for deploying. pullPolicy: IfNotPresent # -- Image to use for deploying. - repository: gluufederation/casa + repository: ghcr.io/gluufederation/flex/casa # -- Image tag to use for deploying. - tag: 5.0.0-8 + tag: 5.0.0_dev # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -510,9 +510,9 @@ config: email: support@gluu.org image: # -- Image to use for deploying. - repository: janssenproject/configurator + repository: ghcr.io/janssenproject/jans/configurator # -- Image tag to use for deploying. - tag: 1.0.8-1 + tag: 1.0.11_dev # -- Image Pull Secrets pullSecrets: [ ] # -- LDAP admin password if OpenDJ is used for persistence. @@ -604,9 +604,9 @@ config-api: # -- Image pullPolicy to use for deploying. pullPolicy: IfNotPresent # -- Image to use for deploying. - repository: janssenproject/config-api + repository: ghcr.io/janssenproject/jans/config-api # -- Image tag to use for deploying. - tag: 1.0.8-1 + tag: 1.0.11_dev # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -696,9 +696,9 @@ fido2: # -- Image pullPolicy to use for deploying. pullPolicy: IfNotPresent # -- Image to use for deploying. - repository: janssenproject/fido2 + repository: ghcr.io/janssenproject/jans/fido2 # -- Image tag to use for deploying. - tag: 1.0.8-1 + tag: 1.0.11_dev # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -760,7 +760,8 @@ global: alb: # -- Activates ALB ingress ingress: false - + # -- Your organization needs to register with Gluu to trial Flex, after which you are issued a JWT placed here in which you can use to install. This must be base64 encoded. + licenseSsa: "" admin-ui: # -- Boolean flag to enable/disable the admin-ui chart and admin ui config api plugin. enabled: true @@ -1554,9 +1555,9 @@ persistence: # -- Image pullPolicy to use for deploying. pullPolicy: IfNotPresent # -- Image to use for deploying. - repository: janssenproject/persistence-loader + repository: ghcr.io/janssenproject/jans/persistence-loader # -- Image tag to use for deploying. - tag: 1.0.8-1 + tag: 1.0.11_dev # -- Image Pull Secrets pullSecrets: [ ] # -- Resource specs. @@ -1627,9 +1628,9 @@ scim: # -- Image pullPolicy to use for deploying. pullPolicy: IfNotPresent # -- Image to use for deploying. - repository: janssenproject/scim + repository: ghcr.io/janssenproject/jans/scim # -- Image tag to use for deploying. - tag: 1.0.8-1 + tag: 1.0.11_dev # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/flex-cn-setup/pygluu/kubernetes/version.py b/flex-cn-setup/pygluu/kubernetes/version.py index 0b20aecc9..dbecd7a12 100644 --- a/flex-cn-setup/pygluu/kubernetes/version.py +++ b/flex-cn-setup/pygluu/kubernetes/version.py @@ -4,4 +4,4 @@ """ -__version__ = "1.0.9-dev" +__version__ = "1.0.11-dev" diff --git a/flex-linux-setup/CHANGELOG.md b/flex-linux-setup/CHANGELOG.md index 669e87747..bab75828a 100644 --- a/flex-linux-setup/CHANGELOG.md +++ b/flex-linux-setup/CHANGELOG.md @@ -1,5 +1,30 @@ # Changelog +## [1.0.10](https://github.com/GluuFederation/flex/compare/flex-linux-setup-v1.0.9...flex-linux-setup-v1.0.10) (2023-03-16) + + +### Bug Fixes + +* **flex-linux-setup:** enforce SSA ([f46b80e](https://github.com/GluuFederation/flex/commit/f46b80edd500a7721358cedfcb43ca342a77401e)) +* prepare for 5.0.10 release ([1ffcbc7](https://github.com/GluuFederation/flex/commit/1ffcbc74d837e7a037d6cff71d990573d04bba7b)) + + +### Documentation + +* fix jans uninstall linux setup command ([82dcf8c](https://github.com/GluuFederation/flex/commit/82dcf8c87e5e5ace4af0ecb7af18304100c2cb8e)) +* update setup uninstallation ([#842](https://github.com/GluuFederation/flex/issues/842)) ([6ba3aaf](https://github.com/GluuFederation/flex/commit/6ba3aafff9f371c895ec566861f40d8112ef17b1)) + +## [1.0.9](https://github.com/GluuFederation/flex/compare/flex-linux-setup-v1.0.8...flex-linux-setup-v1.0.9) (2023-03-09) + + +### Bug Fixes + +* **flex-linux-setup:** adminui template ([85249a3](https://github.com/GluuFederation/flex/commit/85249a3447242957e45e887634430740ff520059)) +* **flex-linux-setup:** decoding ssa jwt ([a953d31](https://github.com/GluuFederation/flex/commit/a953d31a459fac4ca55ff5b0d61cf454635e0673)) +* **flex-linux-setup:** no download for deb/rpm packages ([02b9ac4](https://github.com/GluuFederation/flex/commit/02b9ac4f24e20413a9b138df430f28168605f3eb)) +* **flex-linux-setup:** set flex version 1.0.9 ([#827](https://github.com/GluuFederation/flex/issues/827)) ([d94b40d](https://github.com/GluuFederation/flex/commit/d94b40d7b79d7baabc547294cce3156ec442ff26)) +* prepare for 5.0.0-9 release ([716d309](https://github.com/GluuFederation/flex/commit/716d309350f5713b96f482dde9e0a543e5e62286)) + ## [1.0.8](https://github.com/GluuFederation/flex/compare/flex-linux-setup-v1.0.7...flex-linux-setup-v1.0.8) (2023-03-02) diff --git a/flex-linux-setup/README.md b/flex-linux-setup/README.md index f4eca733d..54580c63c 100644 --- a/flex-linux-setup/README.md +++ b/flex-linux-setup/README.md @@ -57,3 +57,11 @@ To add/remove Admin UI, on vm execute - The available plugins can be downloaded from https://jenkins.gluu.org/npm/admin_ui/ + +Uninstallation of Gluu Flex along with Jans +----------------------------------------------- + + - Uninstall Flex: `python3 /opt/jans/jans-setup/flex/flex-linux-setup/flex_setup.py --remove-flex` + - Uninstall Jans: `python3 /opt/jans/jans-setup/install.py -uninstall` + - Remove old files from `/var/www/html/` directory + diff --git a/flex-linux-setup/flex_linux_setup/flex_setup.py b/flex-linux-setup/flex_linux_setup/flex_setup.py index fe6d7380b..6009d9743 100644 --- a/flex-linux-setup/flex_linux_setup/flex_setup.py +++ b/flex-linux-setup/flex_linux_setup/flex_setup.py @@ -11,12 +11,22 @@ import subprocess import shutil import tempfile +import json +import uuid from pathlib import Path from urllib import request from urllib.parse import urljoin + +argsp = None cur_dir = os.path.dirname(__file__) +jans_installer_downloaded = False +flex_installer_downloaded = False +install_py_path = os.path.join(cur_dir, 'jans_install.py') +installed_components = {'admin_ui': False, 'casa': False, 'ssa_decoded': {}} +ssa_json = {} +jans_config_properties = '/etc/jans/conf/jans.properties' if '--remove-flex' in sys.argv: @@ -44,8 +54,9 @@ def get_flex_setup_parser(): parser.add_argument('--flex-branch', help="Jannsen flex setup github branch", default='main') parser.add_argument('--jans-branch', help="Jannsen github branch", default='main') parser.add_argument('--node-modules-branch', help="Node modules branch. Default to flex setup github branch") - parser.add_argument('--flex-non-interactive', help="Non interactive mode", action='store_true') + parser.add_argument('--flex-non-interactive', help="Non interactive setup mode", action='store_true') parser.add_argument('--install-admin-ui', help="Installs admin-ui", action='store_true') + parser.add_argument('-admin-ui-ssa', help="Admin-ui SSA file") parser.add_argument('--adminui_authentication_mode', help="Set authserver.acrValues", default='basic', choices=['basic', 'casa']) parser.add_argument('--install-casa', help="Installs casa", action='store_true') parser.add_argument('--remove-flex', help="Removes flex components", action='store_true') @@ -56,45 +67,43 @@ def get_flex_setup_parser(): __STATIC_SETUP_DIR__ = '/opt/jans/jans-setup/' -if os.path.exists(__STATIC_SETUP_DIR__): - os.system('mv {} {}-{}'.format(__STATIC_SETUP_DIR__, __STATIC_SETUP_DIR__.rstrip('/'), time.ctime().replace(' ', '_'))) +if os.path.join(__STATIC_SETUP_DIR__, 'flex/flex-linux-setup') == cur_dir: + jans_installer_downloaded = True + flex_installer_downloaded = True -installed_components = {'admin_ui': False, 'casa': False} -argsp = None -jans_installer_downloaded = False -install_py_path = os.path.join(cur_dir, 'jans_install.py') +if not jans_installer_downloaded and os.path.exists(__STATIC_SETUP_DIR__): + print("Backing up old Janssen setup directory") + os.system('mv {} {}-{}'.format(__STATIC_SETUP_DIR__, __STATIC_SETUP_DIR__.rstrip('/'), time.ctime().replace(' ', '_'))) +else: + sys.path.append(__STATIC_SETUP_DIR__) def download_jans_install_py(setup_branch): print("Downloading", os.path.basename(install_py_path)) install_url = 'https://raw.githubusercontent.com/JanssenProject/jans/{}/jans-linux-setup/jans_setup/install.py'.format(setup_branch) request.urlretrieve(install_url, install_py_path) -try: - import jans_setup - path_ = list(jans_setup.__path__) - sys.path.append(path_[0]) -except ModuleNotFoundError: - if not os.path.exists('/etc/jans/conf/jans.properties'): - argsp, nargs = get_flex_setup_parser().parse_known_args() - print("Unable to locate jans-setup, installing ...") - setup_branch = argsp.jans_setup_branch or 'main' - download_jans_install_py(setup_branch) - install_cmd = '{} {} --setup-branch={}'.format(sys.executable, install_py_path, setup_branch) - if argsp.download_exit: - nargs.append('--download-exit') - argsp.flex_non_interactive = True +if not (jans_installer_downloaded or os.path.exists(jans_config_properties)): + argsp, nargs = get_flex_setup_parser().parse_known_args() + print("Unable to locate jans-setup, installing ...") + setup_branch = argsp.jans_setup_branch or 'main' + download_jans_install_py(setup_branch) + install_cmd = '{} {} --setup-branch={}'.format(sys.executable, install_py_path, setup_branch) + + if argsp.download_exit: + nargs.append('--download-exit') + argsp.flex_non_interactive = True - if argsp.flex_non_interactive: - nargs.append('-n') - install_cmd += ' -yes' + if argsp.flex_non_interactive: + nargs.append('-n') + install_cmd += ' -yes' - if nargs: - install_cmd += ' --args="{}"'.format(subprocess.list2cmdline(nargs)) + if nargs: + install_cmd += ' --args="{}"'.format(subprocess.list2cmdline(nargs)) - print("Executing", install_cmd) - os.system(install_cmd) - jans_installer_downloaded = True + print("Executing", install_cmd) + os.system(install_cmd) + jans_installer_downloaded = True if not argsp: argsp, nargs = get_flex_setup_parser().parse_known_args() @@ -158,7 +167,8 @@ def download_jans_install_py(setup_branch): arg_parser.add_to_me(parser) installed = False -if not (os.path.exists('/etc/jans/conf/jans.properties') or argsp.download_exit): + +if not (os.path.exists(jans_config_properties) or argsp.download_exit): installed = True try: from jans_setup import jans_setup @@ -192,6 +202,7 @@ def download_jans_install_py(setup_branch): sys.path.insert(0, os.path.join(base.pylib_dir, 'gcs')) from setup_app.pylib.jproperties import Properties +from setup_app.pylib import jwt from setup_app.pylib.ldif4.ldif import LDIFWriter from setup_app.utils.package_utils import packageUtils from setup_app.config import Config @@ -231,7 +242,7 @@ def download_jans_install_py(setup_branch): "SETUP_BRANCH": argsp.jans_setup_branch, "FLEX_BRANCH": argsp.flex_branch, "JANS_BRANCH": argsp.jans_branch, - "JANS_APP_VERSION": "1.0.9", + "JANS_APP_VERSION": "1.0.11", "JANS_BUILD": "-SNAPSHOT", "NODE_VERSION": "v14.18.2", "CASA_VERSION": "5.0.0-SNAPSHOT", @@ -248,7 +259,6 @@ def download_jans_install_py(setup_branch): class flex_installer(JettyInstaller): - def __init__(self): self.jans_auth_dir = os.path.join(Config.jetty_base, jansAuthInstaller.service_name) @@ -292,8 +302,8 @@ def __init__(self): self.admin_ui_plugin_path = os.path.join(config_api_installer.libDir, os.path.basename(self.admin_ui_plugin_source_path)) - if os.path.exists(self.source_dir): - os.rename(self.source_dir, self.source_dir+'-'+time.ctime().replace(' ', '_')) + if not flex_installer_downloaded and os.path.exists(self.source_dir): + os.rename(self.source_dir, self.source_dir + '-' + time.ctime().replace(' ', '_')) def download_files(self, force=False): @@ -457,6 +467,28 @@ def install_gluu_admin_ui(self): print("Copying files to", Config.templateRenderingDict['admin_ui_apache_root']) config_api_installer.copy_tree(os.path.join(self.source_dir, 'dist'), Config.templateRenderingDict['admin_ui_apache_root']) + oidc_client = installed_components.get('oidc_client', {}) + Config.templateRenderingDict['oidc_client_id'] = oidc_client.get('client_id', '') + Config.templateRenderingDict['oidc_client_secret'] = oidc_client.get('client_secret', '') + Config.templateRenderingDict['license_hardware_key'] = str(uuid.uuid4()) + Config.templateRenderingDict['scan_license_auth_server_hostname'] = ssa_json.get('iss', '') + Config.templateRenderingDict['scan_license_api_hostname'] = Config.templateRenderingDict['scan_license_auth_server_hostname'].replace('account', 'cloud') + + print("Creating credentials encryption private and public key") + + with tempfile.TemporaryDirectory() as tmp_dir: + + private_fn = os.path.join(tmp_dir, 'private.pem') + private_key_fn = os.path.join(tmp_dir, 'private_key.pem') + public_key_fn = os.path.join(tmp_dir, 'public_key.pem') + + config_api_installer.run([paths.cmd_openssl, 'genrsa', '-out', private_fn, '2048']) + config_api_installer.run([paths.cmd_openssl, 'rsa', '-in', private_fn, '-outform', 'PEM', '-pubout', '-out', public_key_fn]) + config_api_installer.run([paths.cmd_openssl, 'pkcs8', '-topk8', '-inform', 'PEM', '-in', private_fn, '-out', private_key_fn, '-nocrypt']) + + Config.templateRenderingDict['cred_enc_private_key'] = config_api_installer.generate_base64_file(private_key_fn, 0) + Config.templateRenderingDict['cred_enc_public_key'] = config_api_installer.generate_base64_file(public_key_fn, 0) + Config.templateRenderingDict['adminui_authentication_mode'] = argsp.adminui_authentication_mode config_api_installer.renderTemplateInOut(self.admin_ui_config_properties_path, self.templates_dir, self.source_dir) @@ -740,12 +772,49 @@ def generate_gluu_passwurd_api_keystore(self): store_type='PKCS12' ) +def decode_ssa_jwt(): + ssa_fn = argsp.admin_ui_ssa + + print("Decoding {}".format(ssa_fn)) + + with open(ssa_fn) as f: + ssa_jwt = f.read().strip() + + ssa_decoded = jwt.decode( + ssa_jwt, + options={ + 'verify_signature': False, + 'verify_exp': True, + 'verify_aud': False + } + ) + + ssa_json.update(ssa_decoded) + + def prompt_for_installation(): if not os.path.exists(os.path.join(httpd_installer.server_root, 'admin')): prompt_admin_ui_install = input("Install Admin UI [Y/n]: ") if not prompt_admin_ui_install.lower().startswith('n'): install_components['admin_ui'] = True + while True: + argsp.admin_ui_ssa = None + ssa_fn = input("Please enter path of file containing SSA (q to exit): ") + if ssa_fn.strip().lower() == 'q': + print("Can't continue without SSA. Exiting...") + sys.exit() + if os.path.isfile(ssa_fn): + try: + argsp.admin_ui_ssa = ssa_fn + decode_ssa_jwt() + break + except Exception as e: + print("Error decoding {}".format(ssa_fn)) + print(e) + else: + print("{} is not a file".format(ssa_fn)) + else: print("Admin UI is allready installed on this system") install_components['admin_ui'] = False @@ -793,6 +862,10 @@ def get_components_from_setup_properties(): if not (argsp.install_admin_ui or install_components['admin_ui']): install_components['admin_ui'] = base.as_bool(setup_properties.get('install-admin-ui')) + if not argsp.admin_ui_ssa and install_components['admin_ui']: + argsp.admin_ui_ssa = setup_properties.get('admin-ui-ssa') + decode_ssa_jwt() + if not (argsp.install_casa or install_components['casa']): install_components['casa'] = base.as_bool(setup_properties.get('install-casa')) @@ -800,6 +873,40 @@ def get_components_from_setup_properties(): argsp.adminui_authentication_mode = setup_properties['adminui-authentication-mode'] +def obtain_oidc_client_credidentials(): + with open(argsp.admin_ui_ssa) as f: + ssa = f.read().strip() + + installed_components['ssa'] = ssa + + data = { + "software_statement": ssa, + "response_types": ["token"], + "redirect_uris": ["http://localhost"], + "client_name": "test-ui-client" + } + + registration_url = urljoin(ssa_json['iss'], 'jans-auth/restv1/register') + + req = request.Request(registration_url) + req.add_header('Content-Type', 'application/json') + jsondata = json.dumps(data) + jsondataasbytes = jsondata.encode('utf-8') + req.add_header('Content-Length', len(jsondataasbytes)) + + print("Requesting OIDC Client from", registration_url) + + try: + response = request.urlopen(req, jsondataasbytes) + result = response.read() + installed_components['oidc_client'] = json.loads(result.decode()) + print("OIDC Client ID is", installed_components['oidc_client']['client_id']) + except Exception as e: + print("Error sending request to {}".format(registration_url)) + print(e) + sys.exit() + + def main(uninstall): get_components_from_setup_properties() @@ -816,7 +923,13 @@ def main(uninstall): installer_obj.dbUtils.enable_script(installer_obj.simple_auth_scr_inum, enable=False) else: - installer_obj.download_files() + + if install_components['admin_ui'] and argsp.admin_ui_ssa: + obtain_oidc_client_credidentials() + + if not flex_installer_downloaded or argsp.download_exit: + installer_obj.download_files(argsp.download_exit) + print("Enabling script", installer_obj.simple_auth_scr_inum) installer_obj.dbUtils.enable_script(installer_obj.simple_auth_scr_inum) diff --git a/flex-linux-setup/flex_linux_setup/templates/auiConfiguration.json b/flex-linux-setup/flex_linux_setup/templates/auiConfiguration.json index b72fa814b..8935e5845 100644 --- a/flex-linux-setup/flex_linux_setup/templates/auiConfiguration.json +++ b/flex-linux-setup/flex_linux_setup/templates/auiConfiguration.json @@ -29,5 +29,25 @@ "email" ] } + }, + "licenseConfig": { + "scanLicenseApiHostname": "%(scan_license_api_hostname)s", + "scanLicenseAuthServerHostname": "%(scan_license_auth_server_hostname)s", + "licenseHardwareKey": "%(license_hardware_key)s", + "credentialsEncryptionKey": { + "alg": "RS256", + "publicKey": "%(cred_enc_public_key)s", + "privateKey": "%(cred_enc_private_key)s" + }, + "oidcClient": { + "clientId": "%(oidc_client_id)s", + "clientSecret": "%(oidc_client_secret)s", + "tokenEndpoint": null, + "redirectUri": null, + "postLogoutUri": null, + "frontchannelLogoutUri": null, + "scopes": null, + "acrValues": null + } } } diff --git a/flex-linux-setup/flex_linux_setup/version.py b/flex-linux-setup/flex_linux_setup/version.py index 1f52a41e2..02765dec2 100644 --- a/flex-linux-setup/flex_linux_setup/version.py +++ b/flex-linux-setup/flex_linux_setup/version.py @@ -1 +1 @@ -__version__ = "1.0.9-dev" +__version__ = "1.0.11-dev" diff --git a/mkdocs.yml b/mkdocs.yml index 55f995a8f..7aff60323 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -123,9 +123,10 @@ nav: - 'Suse': 'install/vm-install/suse.md' - 'Administration': - 'admin/README.md' - - 'Admin UI': - - 'admin/admin-ui/README.md' - - 'Admin UI Properties': 'admin/admin-ui/properties.md' + - 'Configuration': 'admin/config.md' +# - 'Admin UI': +# - 'admin/admin-ui/README.md' +# - 'Admin UI Properties': 'admin/admin-ui/properties.md' # - 'SAML': # - 'admin/saml/README.md' # - 'SAML IDP': 'admin/saml/idp.md'