feat(cloud-native): change lock-master-configuration to lock-server-c…

…onfiguration (#9177) * feat(cloud-native): change lock-master-confguration to lock-server-configuration Signed-off-by: iromli <isman.firmansyah@gmail.com> * chore: update JANS_SOURCE_VERSION Signed-off-by: iromli <isman.firmansyah@gmail.com> * feat(cloud-native): update lock endpoint Signed-off-by: Amro Misbah <amromisba7@gmail.com> * feat(jans-lock): update lock endpoint Signed-off-by: Amro Misbah <amromisba7@gmail.com> --------- Signed-off-by: iromli <isman.firmansyah@gmail.com> Signed-off-by: Amro Misbah <amromisba7@gmail.com> Co-authored-by: Amro Misbah <amromisba7@gmail.com> Former-commit-id: 23dc2e2
JanssenProject · Aug 12, 2024 · 2eead68 · 2eead68
1 parent 4749dc2
commit 2eead68
Show file tree

Hide file tree

Showing 15 changed files with 22 additions and 15 deletions.
diff --git a/charts/janssen-all-in-one/README.md b/charts/janssen-all-in-one/README.md
@@ -87,7 +87,7 @@ Kubernetes: `>=v1.22.0-0`
 | auth-server.ingress.firebaseMessagingLabels | object | `{}` | Firebase Messaging ingress resource labels. key app is taken |
 | auth-server.ingress.lockAdditionalAnnotations | object | `{}` | Lock ingress resource additional annotations. |
 | auth-server.ingress.lockConfigAdditionalAnnotations | object | `{}` | Lock config ingress resource additional annotations. |
-| auth-server.ingress.lockConfigEnabled | bool | `false` | Enable endpoint /.well-known/lock-master-configuration |
+| auth-server.ingress.lockConfigEnabled | bool | `false` | Enable endpoint /.well-known/lock-server-configuration |
 | auth-server.ingress.lockConfigLabels | object | `{}` | Lock config ingress resource labels. key app is taken |
 | auth-server.ingress.lockEnabled | bool | `false` | Enable endpoint /jans-lock |
 | auth-server.ingress.lockLabels | object | `{}` | Lock ingress resource labels. key app is taken |

diff --git a/charts/janssen-all-in-one/templates/nginx-ingress.yaml b/charts/janssen-all-in-one/templates/nginx-ingress.yaml
@@ -748,7 +748,7 @@ spec:
     - host: {{ .Values.fqdn | quote }}
       http:
         paths:
-          - path: /.well-known/lock-master-configuration
+          - path: /.well-known/lock-server-configuration
             pathType: Exact
             backend:
               service:

diff --git a/charts/janssen-all-in-one/values.yaml b/charts/janssen-all-in-one/values.yaml
@@ -252,7 +252,7 @@ auth-server:
     webdiscoveryEnabled: true
     # -- Enable endpoint /.well-known/fido-configuration
     u2fConfigEnabled: true
-    # -- Enable endpoint /.well-known/lock-master-configuration
+    # -- Enable endpoint /.well-known/lock-server-configuration
     lockConfigEnabled: false
     # -- Enable endpoint /jans-lock
     lockEnabled: false

diff --git a/charts/janssen/README.md b/charts/janssen/README.md
@@ -310,7 +310,7 @@ Kubernetes: `>=v1.22.0-0`
 | global.auth-server.ingress.firebaseMessagingLabels | object | `{}` | Firebase Messaging ingress resource labels. key app is taken |
 | global.auth-server.ingress.lockAdditionalAnnotations | object | `{}` | Lock ingress resource additional annotations. |
 | global.auth-server.ingress.lockConfigAdditionalAnnotations | object | `{}` | Lock config ingress resource additional annotations. |
-| global.auth-server.ingress.lockConfigEnabled | bool | `false` | Enable endpoint /.well-known/lock-master-configuration |
+| global.auth-server.ingress.lockConfigEnabled | bool | `false` | Enable endpoint /.well-known/lock-server-configuration |
 | global.auth-server.ingress.lockConfigLabels | object | `{}` | Lock config ingress resource labels. key app is taken |
 | global.auth-server.ingress.lockEnabled | bool | `false` | Enable endpoint /jans-lock |
 | global.auth-server.ingress.lockLabels | object | `{}` | Lock ingress resource labels. key app is taken |

diff --git a/charts/janssen/charts/auth-server/templates/auth-server-virtual-services.yaml b/charts/janssen/charts/auth-server/templates/auth-server-virtual-services.yaml
@@ -143,7 +143,7 @@ spec:
   - name: "{{ .Release.Name }}-istio-lock-config"
     match:
     - uri:
-        prefix: "/.well-known/lock-master-configuration"
+        prefix: "/.well-known/lock-server-configuration"
     rewrite:
       uri: "/jans-auth/v1/configuration"
     route:

diff --git a/charts/janssen/charts/nginx-ingress/templates/ingress.yaml b/charts/janssen/charts/nginx-ingress/templates/ingress.yaml
@@ -888,7 +888,7 @@ spec:
     - host: {{ $host | quote }}
       http:
         paths:
-          - path: /.well-known/lock-master-configuration
+          - path: /.well-known/lock-server-configuration
             pathType: Exact
             backend:
               service:

diff --git a/charts/janssen/values.yaml b/charts/janssen/values.yaml
@@ -793,7 +793,7 @@ global:
       webdiscoveryEnabled: true
       # -- Enable endpoint /.well-known/fido-configuration
       u2fConfigEnabled: true
-      # -- Enable endpoint /.well-known/lock-master-configuration
+      # -- Enable endpoint /.well-known/lock-server-configuration
       lockConfigEnabled: false
       # -- Enable endpoint /jans-lock
       lockEnabled: false

diff --git a/docker-jans-all-in-one/Dockerfile b/docker-jans-all-in-one/Dockerfile
@@ -58,7 +58,7 @@ RUN apk update \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=e157cd4c8ff92c04e400fea29c51ae54f842a678
+ENV JANS_SOURCE_VERSION=1a86124407fdd8adb9f6360c8210b7e86291212f
 
 # note that as we're pulling from a monorepo (with multiple project in it)
 # we are using partial-clone and sparse-checkout to get the assets

diff --git a/docker-jans-all-in-one/app/templates/nginx/jans-auth-location.conf b/docker-jans-all-in-one/app/templates/nginx/jans-auth-location.conf
@@ -148,7 +148,7 @@ location /jans-auth {
     proxy_http_version 1.1;
 }
 
-location /.well-known/lock-master-configuration {
+location /.well-known/lock-server-configuration {
     proxy_pass http://jans_auth_backend/jans-auth/v1/configuration;
     proxy_set_header Host $http_host;
     proxy_set_header X-Real-IP $remote_addr;

diff --git a/docker-jans-auth-server/Dockerfile b/docker-jans-auth-server/Dockerfile
@@ -51,7 +51,7 @@ RUN /opt/jython/bin/pip uninstall -y pip setuptools
 # ===========
 
 ENV CN_VERSION=1.1.4-SNAPSHOT
-ENV CN_BUILD_DATE='2024-08-08 08:36'
+ENV CN_BUILD_DATE='2024-08-12 08:43'
 
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-auth-server/${CN_VERSION}/jans-auth-server-${CN_VERSION}.war
 
@@ -103,7 +103,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-auth/agama/fl \
     /app/static/rdbm \
     /app/schema
 
-ENV JANS_SOURCE_VERSION=e157cd4c8ff92c04e400fea29c51ae54f842a678
+ENV JANS_SOURCE_VERSION=1a86124407fdd8adb9f6360c8210b7e86291212f
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 
 # note that as we're pulling from a monorepo (with multiple project in it)

diff --git a/docker-jans-auth-server/scripts/upgrade.py b/docker-jans-auth-server/scripts/upgrade.py
@@ -58,6 +58,13 @@ def _transform_lock_dynamic_config(conf, manager):
                 "https://jans.io/oauth/lock/health.write"
             ],
         }),
+        ("endpointGroups", {
+            "audit": [
+                "telemetry",
+                "health",
+                "log"
+            ],
+        }),
     ]:
         if missing_key not in conf:
             conf[missing_key] = value

diff --git a/docker-jans-persistence-loader/Dockerfile b/docker-jans-persistence-loader/Dockerfile
@@ -16,7 +16,7 @@ RUN apk update \
 # ===========
 
 # janssenproject/jans SHA commit
-ENV JANS_SOURCE_VERSION=e157cd4c8ff92c04e400fea29c51ae54f842a678
+ENV JANS_SOURCE_VERSION=1a86124407fdd8adb9f6360c8210b7e86291212f
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 ARG JANS_SCRIPT_CATALOG_DIR=docs/script-catalog
 ARG JANS_CONFIG_API_RESOURCES=jans-config-api/server/src/main/resources

diff --git a/docs/admin/lock/cedarling.md b/docs/admin/lock/cedarling.md
@@ -231,7 +231,7 @@ The following bootstrap properties are only needed for enterprise deployments.
 
 * **`CEDARLING_LOCK`** : Enabled | Disabled. If Enabled, the Cedarling will connect to the Lock Master for policies, and subscribe for SSE events. 
 
-* **`CEDARLING_LOCK_MASTER_CONFIGURATION_URI`** : Required if `LOCK` == `Enabled`. URI where Cedarling can get JSON file with all required metadata about Lock Master, i.e. `.well-known/lock-master-configuration`.
+* **`CEDARLING_LOCK_MASTER_CONFIGURATION_URI`** : Required if `LOCK` == `Enabled`. URI where Cedarling can get JSON file with all required metadata about Lock Master, i.e. `.well-known/lock-server-configuration`.
 
 * **`CEDARLING_LOCK_SSA_JWT`** : SSA for DCR in a Lock Master deployment. The Cedarling will validate this SSA JWT prior to DCR.
 

diff --git a/docs/admin/reference/kubernetes/helm-chart.md b/docs/admin/reference/kubernetes/helm-chart.md
@@ -308,7 +308,7 @@ Kubernetes: `>=v1.22.0-0`
 | global.auth-server.ingress.authServerEnabled | bool | `true` | Enable Auth server endpoints /jans-auth |
 | global.auth-server.ingress.deviceCodeEnabled | bool | `true` | Enable endpoint /device-code |
 | global.auth-server.ingress.firebaseMessagingEnabled | bool | `true` | Enable endpoint /firebase-messaging-sw.js |
-| global.auth-server.ingress.lockConfigEnabled | bool | `false` | Enable endpoint /.well-known/lock-master-configuration |
+| global.auth-server.ingress.lockConfigEnabled | bool | `false` | Enable endpoint /.well-known/lock-server-configuration |
 | global.auth-server.ingress.openidConfigEnabled | bool | `true` | Enable endpoint /.well-known/openid-configuration |
 | global.auth-server.ingress.u2fConfigEnabled | bool | `true` | Enable endpoint /.well-known/fido-configuration |
 | global.auth-server.ingress.uma2ConfigEnabled | bool | `true` | Enable endpoint /.well-known/uma2-configuration |

diff --git a/jans-lock/lock-server.yaml b/jans-lock/lock-server.yaml
@@ -96,7 +96,7 @@ info:
   version: 0.1
 openapi: 3.0.2
 paths:
-  /.well-known/lock-master-configuration:
+  /.well-known/lock-server-configuration:
     get:
       responses:
         '200':