feat(image): add custom libs for couchbase and spanner persistence (#…

…2784)
JanssenProject · Oct 31, 2022 · db559dd · db559dd
1 parent 3f67763
commit db559dd
Show file tree

Hide file tree

Showing 15 changed files with 478 additions and 37 deletions.
diff --git a/docker-jans-auth-server/Dockerfile b/docker-jans-auth-server/Dockerfile
@@ -56,7 +56,7 @@ RUN /opt/jython/bin/pip uninstall -y pip
 # ===========
 
 ENV CN_VERSION=1.0.3-SNAPSHOT
-ENV CN_BUILD_DATE='2022-10-14 16:32'
+ENV CN_BUILD_DATE='2022-10-31 05:47'
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-auth-server/${CN_VERSION}/jans-auth-server-${CN_VERSION}.war
 
 # Install Jans Auth
@@ -267,6 +267,8 @@ RUN mkdir -p ${JETTY_BASE}/jans-auth/custom/pages \
     ${JETTY_BASE}/jans-auth/custom/libs \
     ${JETTY_BASE}/jans-auth/custom/i18n \
     ${JETTY_BASE}/jans-auth/logs \
+    ${JETTY_BASE}/common/libs/spanner \
+    ${JETTY_BASE}/common/libs/couchbase \
     /etc/jans/conf \
     /app/templates
 
@@ -293,7 +295,9 @@ RUN chmod -R g=u ${JETTY_BASE}/jans-auth/custom \
     && chmod 664 /opt/jetty/etc/jetty.xml \
     && chmod 664 /opt/jetty/etc/webdefault.xml \
     && chown -R 1000:0 ${JETTY_BASE}/jans-auth/agama \
-    && chown -R 1000:0 /opt/jans/python/libs
+    && chown -R 1000:0 /opt/jans/python/libs \
+    && chown -R 1000:0 ${JETTY_BASE}/common/libs \
+    && chown -R 1000:0 /usr/share/java
 
 USER 1000
 

diff --git a/docker-jans-auth-server/scripts/entrypoint.sh b/docker-jans-auth-server/scripts/entrypoint.sh
@@ -42,7 +42,7 @@ move_builtin_jars
 python3 /app/scripts/wait.py
 python3 /app/scripts/bootstrap.py
 python3 /app/scripts/jks_sync.py &
-python3 /app/scripts/mod_context.py
+python3 /app/scripts/mod_context.py jans-auth
 python3 /app/scripts/auth_conf.py
 
 # run auth-server

diff --git a/docker-jans-auth-server/scripts/mod_context.py b/docker-jans-auth-server/scripts/mod_context.py
@@ -1,21 +1,113 @@
+import argparse
 import glob
+import logging.config
+import os
+import pathlib
+import re
+import sys
+import zipfile
+from collections import namedtuple
 
+from jans.pycloudlib.persistence import PersistenceMapper
+from jans.pycloudlib.utils import exec_cmd
 
-def modify_auth_server_xml():
-    fn = "/opt/jans/jetty/jans-auth/webapps/jans-auth.xml"
+from settings import LOGGING_CONFIG
+
+logging.config.dictConfig(LOGGING_CONFIG)
+logger = logging.getLogger("entrypoint")
+
+
+Library = namedtuple("Library", ["path", "basename", "meta"])
+
+LIB_METADATA_RE = re.compile(r"(?P<name>.*)-(?P<version>\d+(?:.\d+).*)(?P<ext>\..*)")
+
+
+def extract_common_libs(persistence_type):
+    dist_file = f"/usr/share/java/{persistence_type}-libs.zip"
+
+    # download if file is missing
+    if not os.path.exists(dist_file):
+        version = os.environ.get("CN_VERSION")
+        download_url = f"https://jenkins.jans.io/maven/io/jans/jans-orm-{persistence_type}-libs/{version}/jans-orm-{persistence_type}-libs-{version}-distribution.zip"
+        basename = os.path.basename(download_url)
+
+        logger.info(f"Downloading {basename} as {dist_file}")
+
+        out, err, code = exec_cmd(f"wget -q {download_url} -O {dist_file}")
+
+        if code != 0:
+            err = out or err
+            logger.error(f"Unable to download {basename}; reason={err.decode()}")
+            sys.exit(1)
+
+    # extract
+    logger.info(f"Extracting {dist_file}")
+    out, err, code = exec_cmd(f"unzip -q {dist_file} -o -d /opt/jans/jetty/common/libs/{persistence_type}/")
+    if code != 0:
+        out = out or err
+        logger.error(f"Unable to extract {dist_file}; reason={err.decode()}")
+        sys.exit(1)
+
+
+def get_lib_metadata(path_obj):
+    return Library(str(path_obj), path_obj.name, LIB_METADATA_RE.search(path_obj.name).groupdict())
+
+
+def get_archived_libs(app_name):
+    archive_path = f"/opt/jans/jetty/{app_name}/webapps/{app_name}.war"
+    with zipfile.ZipFile(archive_path) as zf:
+        zp = zipfile.Path(zf).joinpath("WEB-INF/lib")
+        return [get_lib_metadata(po) for po in zp.iterdir()]
+
+
+def get_persistence_common_libs(dirpath):
+    root_dir = pathlib.Path(dirpath)
+    return [get_lib_metadata(po) for po in root_dir.rglob("*.jar")]
+
+
+def get_default_custom_libs(app_name):
+    root = f"/opt/jans/jetty/{app_name}"
+    return [jar.replace(root, ".") for jar in glob.iglob(f"{root}/custom/libs/*.jar")]
+
+
+def get_registered_common_libs(app_name, persistence_type):
+    libs = get_persistence_common_libs(f"/opt/jans/jetty/common/libs/{persistence_type}")
+    archived_libs = get_archived_libs(app_name)
+    archived_lib_names = [al.meta["name"] for al in archived_libs]
+
+    reg_libs = [
+        lib.path for lib in libs
+        if lib.meta["name"] not in archived_lib_names
+    ]
+    return reg_libs
+
+
+def modify_app_xml(app_name):
+    custom_libs = get_default_custom_libs(app_name)
+
+    mapper = PersistenceMapper()
+    persistence_groups = mapper.groups().keys()
+
+    for persistence_type in ["spanner", "couchbase"]:
+        if persistence_type not in persistence_groups:
+            continue
+
+        extract_common_libs(persistence_type)
+        custom_libs += get_registered_common_libs(app_name, persistence_type)
+
+    # render custom xml
+    fn = f"/opt/jans/jetty/{app_name}/webapps/{app_name}.xml"
 
     with open(fn) as f:
         txt = f.read()
 
     with open(fn, "w") as f:
-        ctx = {
-            "extra_classpath": ",".join([
-                j.replace("/opt/jans/jetty/jans-auth", ".")
-                for j in glob.iglob("/opt/jans/jetty/jans-auth/custom/libs/*.jar")
-            ])
-        }
+        ctx = {"extra_classpath": ",".join(custom_libs)}
         f.write(txt % ctx)
 
 
 if __name__ == "__main__":
-    modify_auth_server_xml()
+    parser = argparse.ArgumentParser()
+    parser.add_argument("app_name")
+    args = parser.parse_args()
+    modify_app_xml(args.app_name)
diff --git a/docker-jans-config-api/Dockerfile b/docker-jans-config-api/Dockerfile
@@ -43,7 +43,7 @@ RUN wget -q https://maven.jans.io/maven/io/jans/jython-installer/${JYTHON_VERSIO
 # ==========
 
 ENV CN_VERSION=1.0.3-SNAPSHOT
-ENV CN_BUILD_DATE='2022-10-24 13:36'
+ENV CN_BUILD_DATE='2022-10-31 11:06'
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-config-api-server/${CN_VERSION}/jans-config-api-server-${CN_VERSION}.war
 
 # Install Jans Config API
@@ -252,7 +252,9 @@ RUN mkdir -p /etc/certs \
     /etc/jans/conf \
     ${JETTY_BASE}/jans-config-api/custom/libs \
     ${JETTY_BASE}/jans-config-api/custom/config \
-    ${JETTY_BASE}/jans-config-api/logs
+    ${JETTY_BASE}/jans-config-api/logs \
+    ${JETTY_BASE}/common/libs/spanner \
+    ${JETTY_BASE}/common/libs/couchbase
 
 RUN touch /etc/hosts.back
 COPY jetty/log4j2.xml ${JETTY_BASE}/jans-config-api/resources/
@@ -280,7 +282,9 @@ RUN chmod -R g=u ${JETTY_BASE}/jans-config-api/custom \
     && chmod 664 /usr/java/latest/jre/lib/security/cacerts \
     && chmod 664 /opt/jetty/etc/jetty.xml \
     && chmod 664 /opt/jetty/etc/webdefault.xml \
-    && chmod -R g=u /app/templates/jans-config-api
+    && chmod -R g=u /app/templates/jans-config-api \
+    && chown -R 1000:0 ${JETTY_BASE}/common/libs \
+    && chown -R 1000:0 /usr/share/java
 
 USER 1000
 

diff --git a/docker-jans-config-api/scripts/bootstrap.py b/docker-jans-config-api/scripts/bootstrap.py
@@ -110,8 +110,7 @@ def main():
     persistence_setup.import_ldif_files()
 
     plugins = discover_plugins()
-    logger.info(f"Loaded config-api plugins: {', '.join(plugins)}")
-    modify_config_api_xml(plugins)
+    logger.info(f"Loaded config-api plugins: {plugins}")
 
     if "admin-ui" in plugins:
         admin_ui_plugin = AdminUiPlugin(manager)
@@ -228,18 +227,6 @@ def configure_logging():
         f.write(tmpl.safe_substitute(config))
 
 
-def modify_config_api_xml(plugins=None):
-    plugins = plugins or []
-    fn = "/opt/jans/jetty/jans-config-api/webapps/jans-config-api.xml"
-
-    with open(fn) as f:
-        txt = f.read()
-
-    with open(fn, "w") as f:
-        ctx = {
-            "extra_classpath": ",".join([f"./custom/libs/{plugin}-plugin.jar" for plugin in plugins])
-        }
-        f.write(txt % ctx)
 
 
 def configure_admin_ui_logging():

diff --git a/docker-jans-config-api/scripts/entrypoint.sh b/docker-jans-config-api/scripts/entrypoint.sh
@@ -25,6 +25,7 @@ get_prometheus_opt() {
 python3 /app/scripts/wait.py
 python3 /app/scripts/bootstrap.py
 python3 /app/scripts/upgrade.py
+python3 /app/scripts/mod_context.py jans-config-api
 
 # run config-api
 cd /opt/jans/jetty/jans-config-api

diff --git a/docker-jans-config-api/scripts/mod_context.py b/docker-jans-config-api/scripts/mod_context.py
@@ -0,0 +1,113 @@
+import argparse
+import glob
+import logging.config
+import os
+import pathlib
+import re
+import sys
+import zipfile
+from collections import namedtuple
+
+from jans.pycloudlib.persistence import PersistenceMapper
+from jans.pycloudlib.utils import exec_cmd
+
+from settings import LOGGING_CONFIG
+
+logging.config.dictConfig(LOGGING_CONFIG)
+logger = logging.getLogger("entrypoint")
+
+
+Library = namedtuple("Library", ["path", "basename", "meta"])
+
+LIB_METADATA_RE = re.compile(r"(?P<name>.*)-(?P<version>\d+(?:.\d+).*)(?P<ext>\..*)")
+
+
+def extract_common_libs(persistence_type):
+    dist_file = f"/usr/share/java/{persistence_type}-libs.zip"
+
+    # download if file is missing
+    if not os.path.exists(dist_file):
+        version = os.environ.get("CN_VERSION")
+        download_url = f"https://jenkins.jans.io/maven/io/jans/jans-orm-{persistence_type}-libs/{version}/jans-orm-{persistence_type}-libs-{version}-distribution.zip"
+        basename = os.path.basename(download_url)
+
+        logger.info(f"Downloading {basename} as {dist_file}")
+
+        out, err, code = exec_cmd(f"wget -q {download_url} -O {dist_file}")
+
+        if code != 0:
+            err = out or err
+            logger.error(f"Unable to download {basename}; reason={err.decode()}")
+            sys.exit(1)
+
+    # extract
+    logger.info(f"Extracting {dist_file}")
+    out, err, code = exec_cmd(f"unzip -q {dist_file} -o -d /opt/jans/jetty/common/libs/{persistence_type}/")
+    if code != 0:
+        out = out or err
+        logger.error(f"Unable to extract {dist_file}; reason={err.decode()}")
+        sys.exit(1)
+
+
+def get_lib_metadata(path_obj):
+    return Library(str(path_obj), path_obj.name, LIB_METADATA_RE.search(path_obj.name).groupdict())
+
+
+def get_archived_libs(app_name):
+    archive_path = f"/opt/jans/jetty/{app_name}/webapps/{app_name}.war"
+    with zipfile.ZipFile(archive_path) as zf:
+        zp = zipfile.Path(zf).joinpath("WEB-INF/lib")
+        return [get_lib_metadata(po) for po in zp.iterdir()]
+
+
+def get_persistence_common_libs(dirpath):
+    root_dir = pathlib.Path(dirpath)
+    return [get_lib_metadata(po) for po in root_dir.rglob("*.jar")]
+
+
+def get_default_custom_libs(app_name):
+    root = f"/opt/jans/jetty/{app_name}"
+    return [jar.replace(root, ".") for jar in glob.iglob(f"{root}/custom/libs/*.jar")]
+
+
+def get_registered_common_libs(app_name, persistence_type):
+    libs = get_persistence_common_libs(f"/opt/jans/jetty/common/libs/{persistence_type}")
+    archived_libs = get_archived_libs(app_name)
+    archived_lib_names = [al.meta["name"] for al in archived_libs]
+
+    reg_libs = [
+        lib.path for lib in libs
+        if lib.meta["name"] not in archived_lib_names
+    ]
+    return reg_libs
+
+
+def modify_app_xml(app_name):
+    custom_libs = get_default_custom_libs(app_name)
+
+    mapper = PersistenceMapper()
+    persistence_groups = mapper.groups().keys()
+
+    for persistence_type in ["spanner", "couchbase"]:
+        if persistence_type not in persistence_groups:
+            continue
+
+        extract_common_libs(persistence_type)
+        custom_libs += get_registered_common_libs(app_name, persistence_type)
+
+    # render custom xml
+    fn = f"/opt/jans/jetty/{app_name}/webapps/{app_name}.xml"
+
+    with open(fn) as f:
+        txt = f.read()
+
+    with open(fn, "w") as f:
+        ctx = {"extra_classpath": ",".join(custom_libs)}
+        f.write(txt % ctx)
+
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser()
+    parser.add_argument("app_name")
+    args = parser.parse_args()
+    modify_app_xml(args.app_name)
diff --git a/docker-jans-fido2/Dockerfile b/docker-jans-fido2/Dockerfile
@@ -35,7 +35,7 @@ EXPOSE 8080
 # =====
 
 ENV CN_VERSION=1.0.3-SNAPSHOT
-ENV CN_BUILD_DATE='2022-10-14 16:32'
+ENV CN_BUILD_DATE='2022-10-31 08:50'
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-fido2-server/${CN_VERSION}/jans-fido2-server-${CN_VERSION}.war
 
 # Install FIDO2
@@ -217,7 +217,11 @@ LABEL name="janssenproject/fido2" \
     description="FIDO2 server"
 
 RUN mkdir -p /etc/certs \
-    ${JETTY_BASE}/jans-fido2/logs
+    ${JETTY_BASE}/jans-fido2/logs \
+    ${JETTY_BASE}/jans-fido2/custom/libs \
+    ${JETTY_BASE}/common/libs/spanner \
+    ${JETTY_BASE}/common/libs/couchbase \
+    /usr/share/java
 
 COPY jetty/jans-fido2.xml ${JETTY_BASE}/jans-fido2/webapps/
 COPY jetty/log4j2.xml ${JETTY_BASE}/jans-fido2/resources/
@@ -237,7 +241,9 @@ RUN chmod -R g=u ${JETTY_BASE}/jans-fido2/resources \
     && chmod 664 /usr/java/latest/jre/lib/security/cacerts \
     && chmod 664 /opt/jetty/etc/jetty.xml \
     && chmod 664 /opt/jetty/etc/webdefault.xml \
-    && chown -R 1000:0 /etc/jans/conf/fido2/mds/toc
+    && chown -R 1000:0 /etc/jans/conf/fido2/mds/toc \
+    && chown -R 1000:0 ${JETTY_BASE}/common/libs \
+    && chown -R 1000:0 /usr/share/java
 
 USER 1000
 

diff --git a/docker-jans-fido2/jetty/jans-fido2.xml b/docker-jans-fido2/jetty/jans-fido2.xml
@@ -7,5 +7,5 @@
         <Property name="jetty.webapps" default="." />/jans-fido2.war
     </Set>
     <Set name="extractWAR">true</Set>
-    <!-- <Set name="extraClasspath">%(extra_classpath)s</Set> -->
+    <Set name="extraClasspath">%(extra_classpath)s</Set>
 </Configure>
diff --git a/docker-jans-fido2/scripts/entrypoint.sh b/docker-jans-fido2/scripts/entrypoint.sh
@@ -15,6 +15,7 @@ get_prometheus_opt() {
 
 python3 /app/scripts/wait.py
 python3 /app/scripts/bootstrap.py
+python3 /app/scripts/mod_context.py jans-fido2
 
 cd /opt/jans/jetty/jans-fido2
 exec java \