From 1fd09bea7935abb0cac2538905e09c0fb5cb4b53 Mon Sep 17 00:00:00 2001 From: iromli Date: Wed, 11 Oct 2023 02:06:43 +0700 Subject: [PATCH] feat(docker-jans): upgrade base image to Java 17 --- docker-jans-auth-server/Dockerfile | 14 ++++++------- docker-jans-auth-server/requirements.txt | 2 +- docker-jans-casa/Dockerfile | 6 +++--- docker-jans-casa/requirements.txt | 2 +- docker-jans-certmanager/Dockerfile | 4 ++-- docker-jans-certmanager/requirements.txt | 2 +- docker-jans-config-api/Dockerfile | 16 +++++++-------- docker-jans-config-api/requirements.txt | 2 +- docker-jans-configurator/Dockerfile | 4 ++-- docker-jans-configurator/requirements.txt | 2 +- docker-jans-fido2/Dockerfile | 6 +++--- docker-jans-fido2/requirements.txt | 2 +- docker-jans-link/Dockerfile | 6 +++--- docker-jans-link/requirements.txt | 2 +- docker-jans-persistence-loader/Dockerfile | 4 ++-- .../requirements.txt | 2 +- .../scripts/upgrade.py | 20 +++++++++++++------ docker-jans-scim/Dockerfile | 6 +++--- docker-jans-scim/requirements.txt | 2 +- 19 files changed, 56 insertions(+), 48 deletions(-) diff --git a/docker-jans-auth-server/Dockerfile b/docker-jans-auth-server/Dockerfile index 47d7b6fed0e..c94a27da7c8 100644 --- a/docker-jans-auth-server/Dockerfile +++ b/docker-jans-auth-server/Dockerfile @@ -1,4 +1,4 @@ -FROM bellsoft/liberica-openjdk-alpine:11.0.16 +FROM bellsoft/liberica-openjdk-alpine:17.0.8 # =============== # Alpine packages @@ -51,7 +51,7 @@ RUN /opt/jython/bin/pip uninstall -y pip setuptools # =========== ENV CN_VERSION=1.0.19-SNAPSHOT -ENV CN_BUILD_DATE='2023-10-05 08:23' +ENV CN_BUILD_DATE='2023-10-10 08:38' ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-auth-server/${CN_VERSION}/jans-auth-server-${CN_VERSION}.war # Install Jans Auth @@ -74,10 +74,10 @@ RUN mkdir -p /usr/share/java \ ARG TWILIO_VERSION=7.17.0 ARG JSMPP_VERSION=2.3.7 -ARG CASA_CONFIG_VERSION=1.0.19-SNAPSHOT -ARG CASA_CONFIG_BUILD_DATE="2023-02-13 11:44" -ARG FIDO2_CLIENT_VERSION=1.0.19-SNAPSHOT -ARG FIDO2_CLIENT_BUILD_DATE="2023-01-31 15:04" +ARG CASA_CONFIG_VERSION=${CN_VERSION} +ARG CASA_CONFIG_BUILD_DATE=${CN_BUILD_DATE} +ARG FIDO2_CLIENT_VERSION=${CN_VERSION} +ARG FIDO2_CLIENT_BUILD_DATE=${CN_BUILD_DATE} RUN wget -q https://repo1.maven.org/maven2/com/twilio/sdk/twilio/${TWILIO_VERSION}/twilio-${TWILIO_VERSION}.jar -P ${JETTY_BASE}/jans-auth/_libs/ \ && wget -q https://repo1.maven.org/maven2/org/jsmpp/jsmpp/${JSMPP_VERSION}/jsmpp-${JSMPP_VERSION}.jar -P ${JETTY_BASE}/jans-auth/_libs/ \ @@ -92,7 +92,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-auth/agama/fl \ ${JETTY_BASE}/jans-auth/agama/ftl \ ${JETTY_BASE}/jans-auth/agama/scripts -ENV JANS_SOURCE_VERSION=eb4e84a3b7fbf9a3ad778b3cc77b40dec3210e5d +ENV JANS_SOURCE_VERSION=6f3b84f8ffe529855a28288e1a3e37d9fb2ba770 # note that as we're pulling from a monorepo (with multiple project in it) # we are using partial-clone and sparse-checkout to get the agama code diff --git a/docker-jans-auth-server/requirements.txt b/docker-jans-auth-server/requirements.txt index f3a76380652..3fc62be82a3 100644 --- a/docker-jans-auth-server/requirements.txt +++ b/docker-jans-auth-server/requirements.txt @@ -1,4 +1,4 @@ # pinned to py3-grpcio version to avoid failure on native extension build -grpcio==1.41.0 +grpcio==1.54.2 libcst<0.4 git+https://github.com/JanssenProject/jans@36cd1798afaa3c1c05246a4a338804d20713cf9f#egg=jans-pycloudlib&subdirectory=jans-pycloudlib diff --git a/docker-jans-casa/Dockerfile b/docker-jans-casa/Dockerfile index b56ce3dfcc2..afeb3ae06b2 100644 --- a/docker-jans-casa/Dockerfile +++ b/docker-jans-casa/Dockerfile @@ -1,4 +1,4 @@ -FROM bellsoft/liberica-openjre-alpine:11.0.16 +FROM bellsoft/liberica-openjre-alpine:17.0.8 # =============== # Alpine packages @@ -30,7 +30,7 @@ RUN wget -q https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-home/${JETTY_ # ==== ENV CN_VERSION=1.0.19-SNAPSHOT -ENV CN_BUILD_DATE='2023-10-05 08:38' +ENV CN_BUILD_DATE='2023-10-10 08:38' ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/casa/${CN_VERSION}/casa-${CN_VERSION}.war # Install Casa @@ -55,7 +55,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-casa/plugins \ # jans-linux-setup sync # ===================== -ENV JANS_SOURCE_VERSION=eb4e84a3b7fbf9a3ad778b3cc77b40dec3210e5d +ENV JANS_SOURCE_VERSION=6f3b84f8ffe529855a28288e1a3e37d9fb2ba770 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup ARG JANS_CASA_EXTRAS_DIR=jans-casa/extras diff --git a/docker-jans-casa/requirements.txt b/docker-jans-casa/requirements.txt index 3053a372a2b..269d5798da5 100644 --- a/docker-jans-casa/requirements.txt +++ b/docker-jans-casa/requirements.txt @@ -1,5 +1,5 @@ webdavclient3>=3.14.5 libcst<0.4 # pinned to py3-grpcio version to avoid failure on native extension build -grpcio==1.41.0 +grpcio==1.54.2 git+https://github.com/JanssenProject/jans@36cd1798afaa3c1c05246a4a338804d20713cf9f#egg=jans-pycloudlib&subdirectory=jans-pycloudlib diff --git a/docker-jans-certmanager/Dockerfile b/docker-jans-certmanager/Dockerfile index df377ddd3c7..3e0f4dba172 100644 --- a/docker-jans-certmanager/Dockerfile +++ b/docker-jans-certmanager/Dockerfile @@ -1,4 +1,4 @@ -FROM bellsoft/liberica-openjre-alpine:11.0.16 +FROM bellsoft/liberica-openjre-alpine:17.0.8 # =============== # Alpine packages @@ -15,7 +15,7 @@ RUN apk update \ # JAR files required to generate OpenID Connect keys ENV CN_VERSION=1.0.19-SNAPSHOT -ENV CN_BUILD_DATE='2023-09-23 10:15' +ENV CN_BUILD_DATE='2023-10-10 08:38' ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-auth-client/${CN_VERSION}/jans-auth-client-${CN_VERSION}-jar-with-dependencies.jar RUN wget -q ${CN_SOURCE_URL} -P /app/javalibs/ diff --git a/docker-jans-certmanager/requirements.txt b/docker-jans-certmanager/requirements.txt index 0516ccce25d..34bfd5a0364 100644 --- a/docker-jans-certmanager/requirements.txt +++ b/docker-jans-certmanager/requirements.txt @@ -1,5 +1,5 @@ # pinned to py3-grpcio version to avoid failure on native extension build -grpcio==1.41.0 +grpcio==1.54.2 click==6.7 libcst<0.4 git+https://github.com/JanssenProject/jans@36cd1798afaa3c1c05246a4a338804d20713cf9f#egg=jans-pycloudlib&subdirectory=jans-pycloudlib diff --git a/docker-jans-config-api/Dockerfile b/docker-jans-config-api/Dockerfile index a75550245f9..e3aa39c313e 100644 --- a/docker-jans-config-api/Dockerfile +++ b/docker-jans-config-api/Dockerfile @@ -1,4 +1,4 @@ -FROM bellsoft/liberica-openjre-alpine:11.0.16 +FROM bellsoft/liberica-openjre-alpine:17.0.8 # =============== # Alpine packages @@ -41,7 +41,7 @@ RUN wget -q https://maven.jans.io/maven/io/jans/jython-installer/${JYTHON_VERSIO # ========== ENV CN_VERSION=1.0.19-SNAPSHOT -ENV CN_BUILD_DATE='2023-09-23 10:26' +ENV CN_BUILD_DATE='2023-10-10 08:38' ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-config-api-server/${CN_VERSION}/jans-config-api-server-${CN_VERSION}.war # Install Jans Config API @@ -70,15 +70,15 @@ RUN wget -q https://github.com/GluuFederation/gluu-snap/raw/${PYFACTER_VERSION}/ RUN mkdir -p /usr/share/java \ ${JETTY_BASE}/jans-config-api/_plugins -ENV SCIM_PLUGIN_BUILD_DATE='2023-09-23 10:28' +ENV SCIM_PLUGIN_BUILD_DATE=${CN_BUILD_DATE} ENV SCIM_PLUGIN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-config-api/plugins/scim-plugin/${CN_VERSION}/scim-plugin-${CN_VERSION}-distribution.jar -ENV ADMIN_UI_PLUGIN_BUILD_DATE='2023-09-23 10:27' +ENV ADMIN_UI_PLUGIN_BUILD_DATE=${CN_BUILD_DATE} ENV ADMIN_UI_PLUGIN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-config-api/plugins/admin-ui-plugin/${CN_VERSION}/admin-ui-plugin-${CN_VERSION}-distribution.jar -ENV FIDO2_PLUGIN_BUILD_DATE='2023-09-23 10:29' +ENV FIDO2_PLUGIN_BUILD_DATE=${CN_BUILD_DATE} ENV FIDO2_PLUGIN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-config-api/plugins/fido2-plugin/${CN_VERSION}/fido2-plugin-${CN_VERSION}-distribution.jar -ENV USER_MGT_PLUGIN_BUILD_DATE='2023-09-23 10:28' +ENV USER_MGT_PLUGIN_BUILD_DATE=${CN_BUILD_DATE} ENV USER_MGT_PLUGIN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-config-api/plugins/user-mgt-plugin/${CN_VERSION}/user-mgt-plugin-${CN_VERSION}-distribution.jar -ENV JANS_LINK_PLUGIN_BUILD_DATE='2023-09-11 16:58' +ENV JANS_LINK_PLUGIN_BUILD_DATE=${CN_BUILD_DATE} ENV JANS_LINK_PLUGIN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-config-api/plugins/jans-link-plugin/${CN_VERSION}/jans-link-plugin-${CN_VERSION}-distribution.jar RUN wget -q ${SCIM_PLUGIN_SOURCE_URL} -O ${JETTY_BASE}/jans-config-api/_plugins/scim-plugin.jar \ @@ -91,7 +91,7 @@ RUN wget -q ${SCIM_PLUGIN_SOURCE_URL} -O ${JETTY_BASE}/jans-config-api/_plugins/ # jans-linux-setup sync # ===================== -ENV JANS_SOURCE_VERSION=14a4ee5d21b788db7bb3e9bb94a1d1caf228f95a +ENV JANS_SOURCE_VERSION=6f3b84f8ffe529855a28288e1a3e37d9fb2ba770 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup ARG JANS_CONFIG_API_RESOURCES=jans-config-api/server/src/main/resources diff --git a/docker-jans-config-api/requirements.txt b/docker-jans-config-api/requirements.txt index f3a76380652..3fc62be82a3 100644 --- a/docker-jans-config-api/requirements.txt +++ b/docker-jans-config-api/requirements.txt @@ -1,4 +1,4 @@ # pinned to py3-grpcio version to avoid failure on native extension build -grpcio==1.41.0 +grpcio==1.54.2 libcst<0.4 git+https://github.com/JanssenProject/jans@36cd1798afaa3c1c05246a4a338804d20713cf9f#egg=jans-pycloudlib&subdirectory=jans-pycloudlib diff --git a/docker-jans-configurator/Dockerfile b/docker-jans-configurator/Dockerfile index 688929f0ba4..d6da0c363c2 100644 --- a/docker-jans-configurator/Dockerfile +++ b/docker-jans-configurator/Dockerfile @@ -1,4 +1,4 @@ -FROM bellsoft/liberica-openjre-alpine:11.0.16 +FROM bellsoft/liberica-openjre-alpine:17.0.8 # =============== # Alpine packages @@ -15,7 +15,7 @@ RUN apk update \ # JAR files required to generate OpenID Connect keys ENV CN_VERSION=1.0.19-SNAPSHOT -ENV CN_BUILD_DATE='2023-09-23 10:15' +ENV CN_BUILD_DATE='2023-10-10 08:38' ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-auth-client/${CN_VERSION}/jans-auth-client-${CN_VERSION}-jar-with-dependencies.jar RUN mkdir -p /opt/jans/configurator/javalibs \ diff --git a/docker-jans-configurator/requirements.txt b/docker-jans-configurator/requirements.txt index fd3d85256f2..5af7aaa63f6 100644 --- a/docker-jans-configurator/requirements.txt +++ b/docker-jans-configurator/requirements.txt @@ -1,5 +1,5 @@ # pinned to py3-grpcio version to avoid failure on native extension build -grpcio==1.41.0 +grpcio==1.54.2 click==6.7 marshmallow==3.10.0 fqdn==1.4.0 diff --git a/docker-jans-fido2/Dockerfile b/docker-jans-fido2/Dockerfile index 1abb9896831..611e8ed371b 100644 --- a/docker-jans-fido2/Dockerfile +++ b/docker-jans-fido2/Dockerfile @@ -1,4 +1,4 @@ -FROM bellsoft/liberica-openjre-alpine:11.0.16 +FROM bellsoft/liberica-openjre-alpine:17.0.8 # =============== # Alpine packages @@ -41,7 +41,7 @@ RUN wget -q https://maven.jans.io/maven/io/jans/jython-installer/${JYTHON_VERSIO # ===== ENV CN_VERSION=1.0.19-SNAPSHOT -ENV CN_BUILD_DATE='2023-09-23 10:21' +ENV CN_BUILD_DATE='2023-10-10 08:38' ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-fido2-server/${CN_VERSION}/jans-fido2-server-${CN_VERSION}.war # Install FIDO2 @@ -59,7 +59,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-fido2/webapps \ # jans-linux-setup sync # ===================== -ENV JANS_SOURCE_VERSION=14a4ee5d21b788db7bb3e9bb94a1d1caf228f95a +ENV JANS_SOURCE_VERSION=6f3b84f8ffe529855a28288e1a3e37d9fb2ba770 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) diff --git a/docker-jans-fido2/requirements.txt b/docker-jans-fido2/requirements.txt index f3a76380652..3fc62be82a3 100644 --- a/docker-jans-fido2/requirements.txt +++ b/docker-jans-fido2/requirements.txt @@ -1,4 +1,4 @@ # pinned to py3-grpcio version to avoid failure on native extension build -grpcio==1.41.0 +grpcio==1.54.2 libcst<0.4 git+https://github.com/JanssenProject/jans@36cd1798afaa3c1c05246a4a338804d20713cf9f#egg=jans-pycloudlib&subdirectory=jans-pycloudlib diff --git a/docker-jans-link/Dockerfile b/docker-jans-link/Dockerfile index bbe9b0cb571..5b31c486cea 100644 --- a/docker-jans-link/Dockerfile +++ b/docker-jans-link/Dockerfile @@ -1,4 +1,4 @@ -FROM bellsoft/liberica-openjre-alpine:11.0.16 +FROM bellsoft/liberica-openjre-alpine:17.0.8 # =============== # Alpine packages @@ -41,7 +41,7 @@ RUN wget -q https://maven.jans.io/maven/io/jans/jython-installer/${JYTHON_VERSIO # ==== ENV CN_VERSION=1.0.19-SNAPSHOT -ENV CN_BUILD_DATE='2023-09-23 10:19' +ENV CN_BUILD_DATE='2023-10-10 08:38' ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-link-server/${CN_VERSION}/jans-link-server-${CN_VERSION}.war # Install Link @@ -59,7 +59,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-link/webapps \ # jans-linux-setup sync # ===================== -ENV JANS_SOURCE_VERSION=14a4ee5d21b788db7bb3e9bb94a1d1caf228f95a +ENV JANS_SOURCE_VERSION=6f3b84f8ffe529855a28288e1a3e37d9fb2ba770 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup # note that as we're pulling from a monorepo (with multiple project in it) diff --git a/docker-jans-link/requirements.txt b/docker-jans-link/requirements.txt index f3a76380652..3fc62be82a3 100644 --- a/docker-jans-link/requirements.txt +++ b/docker-jans-link/requirements.txt @@ -1,4 +1,4 @@ # pinned to py3-grpcio version to avoid failure on native extension build -grpcio==1.41.0 +grpcio==1.54.2 libcst<0.4 git+https://github.com/JanssenProject/jans@36cd1798afaa3c1c05246a4a338804d20713cf9f#egg=jans-pycloudlib&subdirectory=jans-pycloudlib diff --git a/docker-jans-persistence-loader/Dockerfile b/docker-jans-persistence-loader/Dockerfile index 01ca039089c..934d27d7021 100644 --- a/docker-jans-persistence-loader/Dockerfile +++ b/docker-jans-persistence-loader/Dockerfile @@ -1,4 +1,4 @@ -FROM bellsoft/liberica-openjre-alpine:11.0.16 +FROM bellsoft/liberica-openjre-alpine:17.0.8 # =============== # Alpine packages @@ -26,7 +26,7 @@ RUN python3 -m ensurepip \ # ===================== # janssenproject/jans SHA commit -ENV JANS_SOURCE_VERSION=14a4ee5d21b788db7bb3e9bb94a1d1caf228f95a +ENV JANS_SOURCE_VERSION=6f3b84f8ffe529855a28288e1a3e37d9fb2ba770 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup ARG JANS_SCRIPT_CATALOG_DIR=docs/script-catalog ARG JANS_CONFIG_API_RESOURCES=jans-config-api/server/src/main/resources diff --git a/docker-jans-persistence-loader/requirements.txt b/docker-jans-persistence-loader/requirements.txt index f3a76380652..3fc62be82a3 100644 --- a/docker-jans-persistence-loader/requirements.txt +++ b/docker-jans-persistence-loader/requirements.txt @@ -1,4 +1,4 @@ # pinned to py3-grpcio version to avoid failure on native extension build -grpcio==1.41.0 +grpcio==1.54.2 libcst<0.4 git+https://github.com/JanssenProject/jans@36cd1798afaa3c1c05246a4a338804d20713cf9f#egg=jans-pycloudlib&subdirectory=jans-pycloudlib diff --git a/docker-jans-persistence-loader/scripts/upgrade.py b/docker-jans-persistence-loader/scripts/upgrade.py index 6d12f697ba6..f174586bc1a 100644 --- a/docker-jans-persistence-loader/scripts/upgrade.py +++ b/docker-jans-persistence-loader/scripts/upgrade.py @@ -843,17 +843,25 @@ def _transform_auth_errors_config(conf): }) should_update = True + if "invalid_ssa_metadata" not in ssa_errors: + conf["ssa"].append({ + "id": "invalid_ssa_metadata", + "description": "The value of one of the SSA Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a SSA's Metadata.", + "uri": None, + }) + should_update = True + # dpop as part of token errors dpop_errors = [ { - "id":"use_dpop_nonce", - "description":"Authorization server requires nonce in DPoP proof.", - "uri": None + "id": "use_dpop_nonce", + "description": "Authorization server requires nonce in DPoP proof.", + "uri": None }, { - "id":"use_new_dpop_nonce", - "description":"Authorization server requires new nonce in DPoP proof.", - "uri": None + "id": "use_new_dpop_nonce", + "description": "Authorization server requires new nonce in DPoP proof.", + "uri": None }, ] token_err_ids = [err["id"] for err in conf["token"]] diff --git a/docker-jans-scim/Dockerfile b/docker-jans-scim/Dockerfile index 7a7fdb30c64..a00ad1f51ee 100644 --- a/docker-jans-scim/Dockerfile +++ b/docker-jans-scim/Dockerfile @@ -1,4 +1,4 @@ -FROM bellsoft/liberica-openjre-alpine:11.0.16 +FROM bellsoft/liberica-openjre-alpine:17.0.8 # =============== # Alpine packages @@ -41,7 +41,7 @@ RUN wget -q https://maven.jans.io/maven/io/jans/jython-installer/${JYTHON_VERSIO # ==== ENV CN_VERSION=1.0.19-SNAPSHOT -ENV CN_BUILD_DATE='2023-09-23 10:24' +ENV CN_BUILD_DATE='2023-10-10 08:38' ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-scim-server/${CN_VERSION}/jans-scim-server-${CN_VERSION}.war # Install SCIM @@ -59,7 +59,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-scim/webapps \ # jans-linux-setup sync # ===================== -ENV JANS_SOURCE_VERSION=14a4ee5d21b788db7bb3e9bb94a1d1caf228f95a +ENV JANS_SOURCE_VERSION=6f3b84f8ffe529855a28288e1a3e37d9fb2ba770 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup ARG JANS_SCIM_RESOURCE_DIR=jans-scim/server/src/main/resources diff --git a/docker-jans-scim/requirements.txt b/docker-jans-scim/requirements.txt index 0f5c733ce97..ef87768c6b2 100644 --- a/docker-jans-scim/requirements.txt +++ b/docker-jans-scim/requirements.txt @@ -1,5 +1,5 @@ # pinned to py3-grpcio version to avoid failure on native extension build -grpcio==1.41.0 +grpcio==1.54.2 libcst<0.4 ruamel.yaml==0.16.10 git+https://github.com/JanssenProject/jans@36cd1798afaa3c1c05246a4a338804d20713cf9f#egg=jans-pycloudlib&subdirectory=jans-pycloudlib