chore: migration from Flex casa (#6172)

* chore: migration from Flex casa #6165

* feat(jans-linux-setup): casa to jans-casa migration

* docs(casa): add casa to the navigation

Co-authored-by: jgomer2001 <bonustrack310@gmail.com>
Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

* docs(casa): add Casa document files to Janssen docs

Co-authored-by: jgomer2001 <bonustrack310@gmail.com>
Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

* docs(casa): nav fixes

Co-authored-by: jgomer2001 <bonustrack310@gmail.com>
Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

* ci: add casa operations

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

* docs(casa): align admin guide with Jans

 - replace `Gluu Flex` with `Janssen Server`
 - Replace `Casa` with `Jans Casa`

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

* docs(casa): migrate Jans Casa assets from Flex

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

* fix(jans-linux-setup): casa auth script

* fix(jans-linux-setup): casa download urls

* fix: add casa chart to janssen parent chart

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

---------

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>
Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>
Co-authored-by: Mustafa Baser <mbaser@mail.com>
Co-authored-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>
Co-authored-by: moabu <47318409+moabu@users.noreply.github.com>

.github/CODEOWNERS

@@ -28,4 +28,5 @@
 /jans-cache-refresh/ @yurem @shekhar16
 /jans-link/ @shekhar16
 /agama/ @jgomer2001
+/jans-casa/ @jgomer2001 @maduvena
 /demos/jans-tarp/ @duttarnab

.github/workflows/central_code_quality_check.yml

@@ -22,6 +22,7 @@ on:
       - 'jans-linux-setup/**'
       - 'jans-cli-tui/**'
       - 'jans-pycloudlib/**'
+      - 'jans-casa/**'
       - '!**/CHANGELOG.md'
       - '!**.txt'
 
@@ -47,6 +48,7 @@ on:
       - 'jans-linux-setup/**'
       - 'jans-cli-tui/**'
       - 'jans-pycloudlib/**'
+      - 'jans-casa/**'
       - '!**/CHANGELOG.md'
       - '!**.txt'
 
@@ -59,7 +61,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        module: [keycloak-integration, jans-auth-server, agama, jans-config-api, jans-core, jans-linux-setup, jans-cli-tui, jans-fido2, jans-orm, jans-scim, jans-eleven, jans-pycloudlib, jans-link]
+        module: [keycloak-integration, jans-auth-server, agama, jans-config-api, jans-core, jans-linux-setup, jans-cli-tui, jans-fido2, jans-orm, jans-scim, jans-eleven, jans-pycloudlib, jans-link, jans-casa]
     env:
       JVM_PROJECTS: |
         keycloak-integration
@@ -71,6 +73,7 @@ jobs:
         jans-core
         jans-fido2
         jans-eleven
+        jans-casa
         agama
       NON_JVM_PROJECTS: |
         jans-linux-setup

.github/workflows/docker_build_image.yml

@@ -23,9 +23,9 @@ on:
   workflow_dispatch:
     inputs:
       services:
-        description: 'One or set of the docker images. Format as following: "docker-jans-auth-server docker-jans-certmanager docker-jans-config-api docker-jans-configurator docker-jans-fido2 docker-jans-persistence-loader docker-jans-scim docker-jans-monolith docker-jans-loadtesting-jmeter docker-jans-link"'
+        description: 'One or set of the docker images. Format as following: "docker-jans-auth-server docker-jans-certmanager docker-jans-config-api docker-jans-configurator docker-jans-fido2 docker-jans-persistence-loader docker-jans-scim docker-jans-monolith docker-jans-loadtesting-jmeter docker-jans-link docker-jans-casa"'
         required: true
-        default: 'docker-jans-auth-server docker-jans-certmanager docker-jans-config-api docker-jans-configurator docker-jans-fido2 docker-jans-persistence-loader docker-jans-scim docker-jans-monolith docker-jans-loadtesting-jmeter docker-jans-link'
+        default: 'docker-jans-auth-server docker-jans-certmanager docker-jans-config-api docker-jans-configurator docker-jans-fido2 docker-jans-persistence-loader docker-jans-scim docker-jans-monolith docker-jans-loadtesting-jmeter docker-jans-link docker-jans-casa'
       cn_version:
         description: 'The war version to build the image off'
         required: false
@@ -44,7 +44,7 @@ jobs:
     strategy:
       max-parallel: 8
       matrix:
-        docker-images: ["auth-server", "certmanager", "config-api", "configurator", "fido2", "persistence-loader", "scim", "monolith", "loadtesting-jmeter", "link"]
+        docker-images: ["auth-server", "certmanager", "config-api", "configurator", "fido2", "persistence-loader", "scim", "monolith", "loadtesting-jmeter", "link", "casa"]
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -58,7 +58,7 @@ jobs:
           DEFAULT_ALL=${{ github.event.inputs.services }}
           if [ -z "$DEFAULT_ALL" ]
           then
-            DEFAULT_ALL="docker-jans-auth-server docker-jans-certmanager docker-jans-config-api docker-jans-configurator docker-jans-fido2 docker-jans-persistence-loader docker-jans-scim docker-jans-monolith docker-jans-loadtesting-jmeter docker-jans-link"
+            DEFAULT_ALL="docker-jans-auth-server docker-jans-certmanager docker-jans-config-api docker-jans-configurator docker-jans-fido2 docker-jans-persistence-loader docker-jans-scim docker-jans-monolith docker-jans-loadtesting-jmeter docker-jans-link docker-jans-casa"
           else
             echo "$DEFAULT_ALL"
           fi

.github/workflows/docker_imagescan.yml

@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        docker-images: ["auth-server", "certmanager", "config-api", "configurator", "fido2", "persistence-loader", "scim", "monolith", "link"]
+        docker-images: ["auth-server", "certmanager", "config-api", "configurator", "fido2", "persistence-loader", "scim", "monolith", "link", "casa"]
     steps:
     - uses: actions/checkout@v3
     - name: Build the Container image

.github/workflows/release.yaml

@@ -5,23 +5,23 @@ on:
       simple_release_as:
         description: 'Release version for docs'
         required: true
-        default: '1.0.11'
+        default: '1.0.19'
       java_release_as:
         description: 'Release version for the java projects jans-*'
         required: true
-        default: '1.0.11'
+        default: '1.0.19'
       docker_release_as:
         description: 'Release version for the docker images docker-*'
         required: true
-        default: '1.0.11-1'
+        default: '1.0.19-1'
       python_release_as:
         description: 'Release version for the python projects'
         required: true
-        default: '1.0.11'
+        default: '1.0.19'
       mega_release_as:
         description: 'Mega release version'
         required: true
-        default: '1.0.11'
+        default: '1.0.19'
 jobs:
   release-simple-pr:
     runs-on: ubuntu-latest
@@ -67,7 +67,7 @@ jobs:
       #max-parallel: 1
       fail-fast: false
       matrix:
-        maven: [ "jans-scim", "jans-orm", "jans-fido2", "jans-eleven", "jans-core", "jans-config-api", "jans-bom", "jans-auth-server", "agama", "jans-link", "keycloak-integration" ]
+        maven: [ "jans-scim", "jans-orm", "jans-fido2", "jans-eleven", "jans-core", "jans-config-api", "jans-bom", "jans-auth-server", "agama", "jans-link", "keycloak-integration", 'jans-casa' ]
     steps:
     - name: Checkout
       uses: actions/checkout@v3
@@ -105,7 +105,7 @@ jobs:
       #max-parallel: 1
       fail-fast: false
       matrix:
-        simple: [ "docker-jans-auth-server", "docker-jans-certmanager", "docker-jans-config-api", "docker-jans-configurator", "docker-jans-fido2", "docker-jans-persistence-loader", "docker-jans-scim", "docker-jans-monolith", "docker-jans-link" ]
+        simple: [ "docker-jans-auth-server", "docker-jans-certmanager", "docker-jans-config-api", "docker-jans-configurator", "docker-jans-fido2", "docker-jans-persistence-loader", "docker-jans-scim", "docker-jans-monolith", "docker-jans-link", "docker-jans-casa" ]
     steps:
     - name: Checkout
       uses: actions/checkout@v3

charts/janssen/Chart.yaml

@@ -18,6 +18,8 @@ annotations:
       image: gluufederation/opendj:5.0.0_dev
     - name: persistence
       image: ghcr.io/janssenproject/jans/persistence-loader:1.0.19_dev
+    - name: casa
+      image: ghcr.io/janssenproject/jans/casa:1.0.19_dev
     - name: scim
       image: ghcr.io/janssenproject/jans/scim:1.0.19_dev
   artifacthub.io/license: Apache-2.0
@@ -40,6 +42,10 @@ description: Janssen Access and Identity Management
 name: janssen
 version: 1.0.19-dev
 dependencies:
+    - name: casa
+      version: 1.0.19-dev
+      condition: global.casa.enabled
+
     - name: config
       condition: global.config.enabled
       version: 1.0.19-dev

charts/janssen/charts/casa/.helmignore

@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/janssen/charts/casa/Chart.yaml

@@ -0,0 +1,20 @@
+apiVersion: v2
+name: casa
+version: 1.0.19-dev
+kubeVersion: ">=v1.21.0-0"
+description: Jans Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Jans Server.
+type: application
+keywords:
+  - casa
+  - 2FA
+  - passwordless
+home: https://gluu.org/docs/casa/
+sources:
+  - https://gluu.org/casa/
+  - https://github.com/JanssenProject/jans/docker-jans-casa
+maintainers:
+  - name: Mohammad Abudayyeh
+    email: support@jans.io
+    url: https://github.com/moabu
+icon: https://github.com/JanssenProject/jans/raw/main/docs/assets/logo/janssen_project_favicon_transparent_50px_50px.png
+appVersion: "1.0.19-dev"

charts/janssen/charts/casa/README.md

@@ -0,0 +1,65 @@
+# casa
+
+![Version: 1.0.19-dev](https://img.shields.io/badge/Version-1.0.19--dev-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.19-dev](https://img.shields.io/badge/AppVersion-1.0.19--dev-informational?style=flat-square)
+
+Jans Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Jans Server.
+
+**Homepage:** <https://gluu.org/docs/casa/>
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| Mohammad Abudayyeh | <support@jans.io> | <https://github.com/moabu> |
+
+## Source Code
+
+* <https://gluu.org/casa/>
+* <https://github.com/JanssenProject/jans/docker-jans-casa>
+
+## Requirements
+
+Kubernetes: `>=v1.21.0-0`
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| additionalAnnotations | object | `{}` | Additional annotations that will be added across all resources  in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken |
+| additionalLabels | object | `{}` | Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"} |
+| dnsConfig | object | `{}` | Add custom dns config |
+| dnsPolicy | string | `""` | Add custom dns policy |
+| fullnameOverride | string | `""` |  |
+| hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler |
+| hpa.behavior | object | `{}` | Scaling Policies |
+| hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set |
+| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
+| image.pullSecrets | list | `[]` | Image Pull Secrets |
+| image.repository | string | `"janssenproject/casa"` | Image  to use for deploying. |
+| image.tag | string | `"1.0.19_dev"` | Image  tag to use for deploying. |
+| lifecycle | object | `{}` |  |
+| livenessProbe | object | `{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for casa if needed. |
+| livenessProbe.httpGet.path | string | `"/casa/health-check"` | http liveness probe endpoint |
+| nameOverride | string | `""` |  |
+| podSecurityContext | object | `{}` |  |
+| readinessProbe | object | `{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the readiness healthcheck for the casa if needed. |
+| readinessProbe.httpGet.path | string | `"/casa/health-check"` | http readiness probe endpoint |
+| replicas | int | `1` | Service replica number. |
+| resources | object | `{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}}` | Resource specs. |
+| resources.limits.cpu | string | `"500m"` | CPU limit. |
+| resources.limits.memory | string | `"500Mi"` | Memory limit. |
+| resources.requests.cpu | string | `"500m"` | CPU request. |
+| resources.requests.memory | string | `"500Mi"` | Memory request. |
+| securityContext | object | `{}` |  |
+| service.name | string | `"http-casa"` | The name of the casa port within the casa service. Please keep it as default. |
+| service.port | int | `8080` | Port of the casa service. Please keep it as default. |
+| service.sessionAffinity | string | `"None"` | Default set to None If you want to make sure that connections from a particular client are passed to the same Pod each time, you can select the session affinity based on the client's IP addresses by setting this to ClientIP |
+| service.sessionAffinityConfig | object | `{"clientIP":{"timeoutSeconds":10800}}` | the maximum session sticky time if sessionAffinity is ClientIP |
+| usrEnvs | object | `{"normal":{},"secret":{}}` | Add custom normal and secret envs to the service |
+| usrEnvs.normal | object | `{}` | Add custom normal envs to the service variable1: value1 |
+| usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 |
+| volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers |
+| volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

charts/janssen/charts/casa/templates/_helpers.tpl

@@ -0,0 +1,109 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "casa.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "casa.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "casa.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "casa.labels" -}}
+app: {{ .Release.Name }}-{{ include "casa.name" . }}
+helm.sh/chart: {{ include "casa.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "casa.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "casa.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create user custom defined  envs
+*/}}
+{{- define "casa.usr-envs"}}
+{{- range $key, $val := .Values.usrEnvs.normal }}
+- name: {{ $key }}
+  value: {{ $val | quote }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create user custom defined secret envs
+*/}}
+{{- define "casa.usr-secret-envs"}}
+{{- range $key, $val := .Values.usrEnvs.secret }}
+- name: {{ $key }}
+  valueFrom:
+    secretKeyRef:
+      name: {{ $.Release.Name }}-{{ $.Chart.Name }}-user-custom-envs
+      key: {{ $key | quote }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create topologySpreadConstraints lists
+*/}}
+{{- define "casa.topology-spread-constraints"}}
+{{- range $key, $val := .Values.topologySpreadConstraints }}
+- maxSkew: {{ $val.maxSkew }}
+  {{- if $val.minDomains }}
+  minDomains: {{ $val.minDomains }} # optional; beta since v1.25
+  {{- end}}
+  {{- if $val.topologyKey }}
+  topologyKey: {{ $val.topologyKey }}
+  {{- end}}
+  {{- if $val.whenUnsatisfiable }}
+  whenUnsatisfiable: {{ $val.whenUnsatisfiable }}
+  {{- end}}
+  labelSelector:
+    matchLabels:
+      app: {{ $.Release.Name }}-{{ include "casa.name" $ }}
+  {{- if $val.matchLabelKeys }}
+  matchLabelKeys: {{ $val.matchLabelKeys }} # optional; alpha since v1.25
+  {{- end}}
+  {{- if $val.nodeAffinityPolicy }}
+  nodeAffinityPolicy: {{ $val.nodeAffinityPolicy }} # optional; alpha since v1.25
+  {{- end}}
+  {{- if $val.nodeTaintsPolicy }}
+  nodeTaintsPolicy: {{ $val.nodeTaintsPolicy }} # optional; alpha since v1.25
+  {{- end}}
+{{- end }}
+{{- end }}

charts/janssen/charts/casa/templates/casa-destination-rules.yaml

@@ -0,0 +1,22 @@
+{{- if .Values.global.istio.enabled }}
+apiVersion: networking.istio.io/v1alpha3
+kind: DestinationRule
+metadata:
+  name: {{ .Release.Name }}-casa-mtls
+  namespace: {{.Release.Namespace}}
+  labels:
+    APP_NAME: casa
+{{ include "casa.labels" . | indent 4 }}
+{{- if .Values.additionalLabels }}
+{{ toYaml .Values.additionalLabels | indent 4 }}
+{{- end }}
+{{- if .Values.additionalAnnotations }}
+  annotations:
+{{ toYaml .Values.additionalAnnotations | indent 4 }}
+{{- end }}
+spec:
+  host: {{ .Values.global.casa.casaServiceName }}.{{ .Release.Namespace }}.svc.cluster.local
+  trafficPolicy:
+    tls:
+      mode: ISTIO_MUTUAL
+{{- end }}