feat(docker-jans-casa): migrate Casa image from Flex (#6194)

* feat(docker-jans-casa): migrate Casa image from Flex * feat(docker-jans-casa): add casa plugins * feat(docker-jans-casa): handle updating URIs from previous version * fix(chart): change casa base URL
JanssenProject · Oct 6, 2023 · c83fe1e · c83fe1e
1 parent 1f68a18
commit c83fe1e
Show file tree

Hide file tree

Showing 34 changed files with 2,090 additions and 39 deletions.
diff --git a/charts/janssen/charts/casa/README.md b/charts/janssen/charts/casa/README.md
@@ -38,12 +38,12 @@ Kubernetes: `>=v1.21.0-0`
 | image.repository | string | `"janssenproject/casa"` | Image  to use for deploying. |
 | image.tag | string | `"1.0.19_dev"` | Image  tag to use for deploying. |
 | lifecycle | object | `{}` |  |
-| livenessProbe | object | `{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for casa if needed. |
-| livenessProbe.httpGet.path | string | `"/casa/health-check"` | http liveness probe endpoint |
+| livenessProbe | object | `{"httpGet":{"path":"/jans-casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for casa if needed. |
+| livenessProbe.httpGet.path | string | `"/jans-casa/health-check"` | http liveness probe endpoint |
 | nameOverride | string | `""` |  |
 | podSecurityContext | object | `{}` |  |
-| readinessProbe | object | `{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the readiness healthcheck for the casa if needed. |
-| readinessProbe.httpGet.path | string | `"/casa/health-check"` | http readiness probe endpoint |
+| readinessProbe | object | `{"httpGet":{"path":"/jans-casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the readiness healthcheck for the casa if needed. |
+| readinessProbe.httpGet.path | string | `"/jans-casa/health-check"` | http readiness probe endpoint |
 | replicas | int | `1` | Service replica number. |
 | resources | object | `{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}}` | Resource specs. |
 | resources.limits.cpu | string | `"500m"` | CPU limit. |

diff --git a/charts/janssen/charts/casa/templates/casa-virtual-services.yaml b/charts/janssen/charts/casa/templates/casa-virtual-services.yaml
@@ -28,7 +28,7 @@ spec:
   - name: {{ .Release.Name }}-istio-casa
     match:
     - uri:
-        prefix: /casa
+        prefix: /jans-casa
     route:
     - destination:
         host: {{ .Values.global.casa.casaServiceName }}.{{.Release.Namespace}}.svc.cluster.local

diff --git a/charts/janssen/charts/casa/values.yaml b/charts/janssen/charts/casa/values.yaml
@@ -59,7 +59,7 @@ service:
 livenessProbe:
   httpGet:
     # -- http liveness probe endpoint
-    path: /casa/health-check
+    path: /jans-casa/health-check
     port: http-casa
   initialDelaySeconds: 25
   periodSeconds: 25
@@ -68,7 +68,7 @@ livenessProbe:
 readinessProbe:
   httpGet:
     # -- http readiness probe endpoint
-    path: /casa/health-check
+    path: /jans-casa/health-check
     port: http-casa
   initialDelaySeconds: 30
   periodSeconds: 30
@@ -102,4 +102,4 @@ securityContext: {}
 # -- Additional labels that will be added across all resources definitions in the format of {mylabel: "myapp"}
 additionalLabels: { }
 # -- Additional annotations that will be added across all resources  in the format of {cert-manager.io/issuer: "letsencrypt-prod"}. key app is taken
-additionalAnnotations: { }
+additionalAnnotations: { }
diff --git a/charts/janssen/charts/nginx-ingress/templates/ingress.yaml b/charts/janssen/charts/nginx-ingress/templates/ingress.yaml
@@ -716,7 +716,7 @@ spec:
     - host: {{ $host | quote }}
       http:
         paths:
-          - path: /casa
+          - path: /jans-casa
             pathType: Prefix
             backend:
               service:

diff --git a/docker-jans-auth-server/Dockerfile b/docker-jans-auth-server/Dockerfile
@@ -51,7 +51,7 @@ RUN /opt/jython/bin/pip uninstall -y pip setuptools
 # ===========
 
 ENV CN_VERSION=1.0.19-SNAPSHOT
-ENV CN_BUILD_DATE='2023-09-23 10:17'
+ENV CN_BUILD_DATE='2023-10-05 08:23'
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-auth-server/${CN_VERSION}/jans-auth-server-${CN_VERSION}.war
 
 # Install Jans Auth
@@ -74,46 +74,25 @@ RUN mkdir -p /usr/share/java \
 
 ARG TWILIO_VERSION=7.17.0
 ARG JSMPP_VERSION=2.3.7
-ARG CASA_CONFIG_VERSION=5.0.0-SNAPSHOT
+ARG CASA_CONFIG_VERSION=1.0.19-SNAPSHOT
 ARG CASA_CONFIG_BUILD_DATE="2023-02-13 11:44"
 ARG FIDO2_CLIENT_VERSION=1.0.19-SNAPSHOT
 ARG FIDO2_CLIENT_BUILD_DATE="2023-01-31 15:04"
 
 RUN wget -q https://repo1.maven.org/maven2/com/twilio/sdk/twilio/${TWILIO_VERSION}/twilio-${TWILIO_VERSION}.jar -P ${JETTY_BASE}/jans-auth/_libs/ \
     && wget -q https://repo1.maven.org/maven2/org/jsmpp/jsmpp/${JSMPP_VERSION}/jsmpp-${JSMPP_VERSION}.jar -P ${JETTY_BASE}/jans-auth/_libs/ \
-    && wget -q https://jenkins.gluu.org/maven/org/gluu/casa-config/${CASA_CONFIG_VERSION}/casa-config-${CASA_CONFIG_VERSION}.jar -P ${JETTY_BASE}/jans-auth/_libs \
+    && wget -q https://jenkins.jans.io/maven/io/jans/casa-config/${CASA_CONFIG_VERSION}/casa-config-${CASA_CONFIG_VERSION}.jar -P ${JETTY_BASE}/jans-auth/_libs \
     && wget -q https://jenkins.jans.io/maven/io/jans/jans-fido2-client/${FIDO2_CLIENT_VERSION}/jans-fido2-client-${FIDO2_CLIENT_VERSION}.jar -P ${JETTY_BASE}/jans-auth/_libs
 
 # =====================
-# Casa external scripts
+# jans-linux-setup sync
 # =====================
 
-ARG FLEX_SOURCE_VERSION=3f0281bbf381a63b28229388d6b0ae536902b455
-ARG CASA_EXTRAS_DIR=casa/extras
-
-RUN mkdir -p /opt/jans/python/libs
-RUN git clone --filter blob:none --no-checkout https://github.com/GluuFederation/flex.git /tmp/flex \
-    && cd /tmp/flex \
-    && git sparse-checkout init --cone \
-    && git checkout ${FLEX_SOURCE_VERSION} \
-    && git sparse-checkout add ${CASA_EXTRAS_DIR} \
-    && cd /opt/jans/python/libs \
-    && cp /tmp/flex/${CASA_EXTRAS_DIR}/casa-external_* . \
-    && rm -rf /tmp/flex
-
-# ===========
-# Agama files
-# ===========
-
 RUN mkdir -p ${JETTY_BASE}/jans-auth/agama/fl \
     ${JETTY_BASE}/jans-auth/agama/ftl \
     ${JETTY_BASE}/jans-auth/agama/scripts
 
-# =====================
-# jans-linux-setup sync
-# =====================
-
-ENV JANS_SOURCE_VERSION=14a4ee5d21b788db7bb3e9bb94a1d1caf228f95a
+ENV JANS_SOURCE_VERSION=eb4e84a3b7fbf9a3ad778b3cc77b40dec3210e5d
 
 # note that as we're pulling from a monorepo (with multiple project in it)
 # we are using partial-clone and sparse-checkout to get the agama code
@@ -122,10 +101,12 @@ RUN git clone --filter blob:none --no-checkout https://github.com/janssenproject
     && git sparse-checkout init --cone \
     && git checkout ${JANS_SOURCE_VERSION} \
     && git sparse-checkout add agama/misc \
-    && git sparse-checkout add jans-linux-setup/jans_setup/static/auth/conf
-
-RUN cp -R /tmp/jans/agama/misc/* ${JETTY_BASE}/jans-auth/agama/ \
-    && cp -R /tmp/jans/jans-linux-setup/jans_setup/static/auth/conf /etc/certs
+    && git sparse-checkout add jans-linux-setup/jans_setup/static/auth/conf \
+    && git sparse-checkout add jans-casa/extras \
+    && cp -R agama/misc/* ${JETTY_BASE}/jans-auth/agama/ \
+    && cp -R jans-linux-setup/jans_setup/static/auth/conf /etc/certs \
+    && mkdir -p /opt/jans/python/libs \
+    && cp jans-casa/extras/casa-external_* /opt/jans/python/libs
 
 # ======
 # Python

diff --git a/docker-jans-casa/.dockerignore b/docker-jans-casa/.dockerignore
@@ -0,0 +1,9 @@
+# exclude everything
+*
+
+# include required files/directories
+!scripts
+!LICENSE
+!requirements.txt
+!templates
+!static
diff --git a/docker-jans-casa/.gitignore b/docker-jans-casa/.gitignore
@@ -0,0 +1,103 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+env/
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+.hypothesis/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# pyenv
+.python-version
+
+# celery beat schedule file
+celerybeat-schedule
+
+# SageMath parsed files
+*.sage.py
+
+# dotenv
+.env
+
+# virtualenv
+.venv
+venv/
+ENV/
+
+# Spyder project settings
+.spyderproject
+.spyprojects
+
+# Rope project settings
+.ropeproject
+
+# PyCharm project settings
+.idea
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
diff --git a/docker-jans-casa/.hadolint.yaml b/docker-jans-casa/.hadolint.yaml
@@ -0,0 +1,4 @@
+ignored:
+  - DL3018    # Pin versions in apk add
+  - DL3013    # Pin versions in pip
+  - DL3003    # Use WORKDIR to switch to a directory