diff --git a/docker-jans-auth-server/Dockerfile b/docker-jans-auth-server/Dockerfile index 655dbe1a207..f49de291344 100644 --- a/docker-jans-auth-server/Dockerfile +++ b/docker-jans-auth-server/Dockerfile @@ -193,13 +193,12 @@ LABEL name="Janssen Authorization Server" \ maintainer="Janssen Project " \ vendor="Janssen Project" \ version="1.0.0" \ - release="b12" \ + release="beta.15" \ summary="Janssen Authorization Server" \ description="OAuth 2.0 server and client; OpenID Connect Provider (OP) & UMA Authorization Server (AS)" -RUN mkdir -p /etc/certs /deploy \ - /opt/jans/python/libs \ - ${JETTY_BASE}/jans-auth/custom/pages ${JETTY_BASE}/jans-auth/custom/static \ +RUN mkdir -p ${JETTY_BASE}/jans-auth/custom/pages \ + ${JETTY_BASE}/jans-auth/custom/static \ ${JETTY_BASE}/jans-auth/custom/libs \ ${JETTY_BASE}/jans-auth/custom/i18n \ /etc/jans/conf \ @@ -221,12 +220,10 @@ RUN adduser -s /bin/sh -D -G root -u 1000 jetty # adjust ownership RUN chown -R 1000:1000 /opt/jans/jetty \ && chown -R 1000:1000 /opt/jetty \ - && chown -R 1000:1000 /deploy \ && chown -R 1000:1000 /tmp \ && chgrp -R 0 /opt/jans/jetty && chmod -R g=u /opt/jans/jetty \ && chgrp -R 0 /opt/jetty && chmod -R g=u /opt/jetty \ && chgrp -R 0 /tmp && chmod -R g=u /tmp \ - && chgrp -R 0 /deploy && chmod -R g=u /deploy \ && chgrp -R 0 /etc/certs && chmod -R g=u /etc/certs \ && chgrp -R 0 /etc/jans && chmod -R g=u /etc/jans \ && chmod -R +w /usr/java/latest/jre/lib/security/cacerts && chgrp -R 0 /usr/java/latest/jre/lib/security/cacerts && chmod -R g=u /usr/java/latest/jre/lib/security/cacerts \ diff --git a/docker-jans-auth-server/scripts/auth_conf.py b/docker-jans-auth-server/scripts/auth_conf.py new file mode 100644 index 00000000000..483003f1e7b --- /dev/null +++ b/docker-jans-auth-server/scripts/auth_conf.py @@ -0,0 +1,28 @@ +import os + +from jans.pycloudlib import get_manager + +import logging.config +from settings import LOGGING_CONFIG + +logging.config.dictConfig(LOGGING_CONFIG) +logger = logging.getLogger("entrypoint") + + +manager = get_manager() + + +def push_auth_conf(): + conf_files = ( + "otp_configuration.json", + "super_gluu_creds.json", + ) + for conf_file in conf_files: + file_ = f"/etc/certs/{conf_file}" + secret_name = os.path.splitext(conf_file)[0] + logger.info(f"Pushing {file_} to secrets") + manager.secret.from_file(secret_name, file_) + + +if __name__ == "__main__": + push_auth_conf() diff --git a/docker-jans-auth-server/scripts/bootstrap.py b/docker-jans-auth-server/scripts/bootstrap.py index 54c65843cf2..d0f6fbe01b9 100644 --- a/docker-jans-auth-server/scripts/bootstrap.py +++ b/docker-jans-auth-server/scripts/bootstrap.py @@ -18,7 +18,6 @@ from jans.pycloudlib.persistence import render_spanner_properties from jans.pycloudlib.utils import cert_to_truststore from jans.pycloudlib.utils import get_server_certificate -# from jans.pycloudlib.utils import as_boolean from jans.pycloudlib.utils import generate_keystore from keystore_mod import modify_keystore_path @@ -214,8 +213,6 @@ def main(): keystore_path = "/etc/certs/ob-ext-signing.jks" jwks_uri = ext_jwks_uri else: - # sync_enabled = as_boolean(os.environ.get("CN_SYNC_JKS_ENABLED", False)) - # if not sync_enabled: manager.secret.to_file( "auth_jks_base64", "/etc/certs/auth-keys.jks", diff --git a/docker-jans-auth-server/scripts/entrypoint.sh b/docker-jans-auth-server/scripts/entrypoint.sh index aa62ccaebc5..55da6cdbc60 100644 --- a/docker-jans-auth-server/scripts/entrypoint.sh +++ b/docker-jans-auth-server/scripts/entrypoint.sh @@ -38,14 +38,10 @@ move_builtin_jars() { move_builtin_jars python3 /app/scripts/wait.py - -if [ ! -f /deploy/touched ]; then - python3 /app/scripts/bootstrap.py - touch /deploy/touched -fi - +python3 /app/scripts/bootstrap.py python3 /app/scripts/jks_sync.py & python3 /app/scripts/mod_context.py +python3 /app/scripts/auth_conf.py # run auth-server cd /opt/jans/jetty/jans-auth