def main():
persistence_type = os.environ.get("GLUU_PERSISTENCE_TYPE", "ldap")
render_salt(manager, "/app/templates/salt.tmpl", "/etc/gluu/conf/salt")
render_gluu_properties("/app/templates/gluu.properties.tmpl", "/etc/gluu/conf/gluu.properties")
if persistence_type in ("ldap", "hybrid"):
render_ldap_properties(
manager,
"/app/templates/gluu-ldap.properties.tmpl",
"/etc/gluu/conf/gluu-ldap.properties",
)
sync_ldap_truststore(manager)
if persistence_type in ("couchbase", "hybrid"):
render_couchbase_properties(
manager,
"/app/templates/gluu-couchbase.properties.tmpl",
"/etc/gluu/conf/gluu-couchbase.properties",
)
sync_couchbase_truststore(manager)
if persistence_type == "hybrid":
render_hybrid_properties("/etc/gluu/conf/gluu-hybrid.properties")
if not os.path.isfile("/etc/certs/gluu_https.crt"):
if as_boolean(os.environ.get("GLUU_SSL_CERT_FROM_SECRETS", False)):
manager.secret.to_file("ssl_cert", "/etc/certs/gluu_https.crt")
else:
get_server_certificate(manager.config.get("hostname"), 443, "/etc/certs/gluu_https.crt")
cert_to_truststore(
"gluu_https",
"/etc/certs/gluu_https.crt",
"/usr/lib/jvm/default-jvm/jre/lib/security/cacerts",
"changeit",
)
get_oxd_cert()
cert_to_truststore(
"gluu_oxd",
"/etc/certs/oxd.crt",
"/usr/lib/jvm/default-jvm/jre/lib/security/cacerts",
"changeit",
)
modify_jetty_xml()
modify_webdefault_xml()
manager.secret.to_file("passport_rp_jks_base64", "/etc/certs/passport-rp.jks",
decode=True, binary_mode=True)
config = CasaConfig(manager)
config.setup()
def test_render_gluu_properties(tmpdir):
from pygluu.containerlib.persistence import render_gluu_properties
persistence_type = "ldap"
os.environ["GLUU_PERSISTENCE_TYPE"] = persistence_type
src = tmpdir.join("gluu.properties.tmpl")
src.write("""
persistence.type=%(persistence_type)s
certsDir=%(certFolder)s
pythonModulesDir=%(gluuOptPythonFolder)s/libs
""".strip())
dest = tmpdir.join("gluu.properties")
expected = f"""
persistence.type={persistence_type}
certsDir=/etc/certs
pythonModulesDir=/opt/gluu/python/libs
""".strip()
render_gluu_properties(str(src), str(dest))
assert dest.read() == expected
os.environ["GLUU_PERSISTENCE_TYPE"] = ""
updates = re.sub(
r'(<param-name>dirAllowed</param-name>)(\s*)(<param-value>)true(</param-value>)',
r'\1\2\3false\4',
txt,
flags=re.DOTALL | re.M,
)
with open(fn, "w") as f:
f.write(updates)
if __name__ == "__main__":
persistence_type = os.environ.get("GLUU_PERSISTENCE_TYPE", "ldap")
render_salt(manager, "/app/templates/salt.tmpl", "/etc/gluu/conf/salt")
render_gluu_properties("/app/templates/gluu.properties.tmpl",
"/etc/gluu/conf/gluu.properties")
if persistence_type in ("ldap", "hybrid"):
render_ldap_properties(
manager,
"/app/templates/gluu-ldap.properties.tmpl",
"/etc/gluu/conf/gluu-ldap.properties",
)
manager.secret.to_file(
"ldap_ssl_cert",
"/etc/certs/opendj.crt",
decode=True,
)
sync_ldap_truststore(manager)
if persistence_type in ("couchbase", "hybrid"):
def main():
persistence_type = os.environ.get("GLUU_PERSISTENCE_TYPE", "ldap")
render_salt(manager, "/app/templates/salt.tmpl", "/etc/gluu/conf/salt")
render_gluu_properties("/app/templates/gluu.properties.tmpl",
"/etc/gluu/conf/gluu.properties")
if persistence_type in ("ldap", "hybrid"):
render_ldap_properties(
manager,
"/app/templates/gluu-ldap.properties.tmpl",
"/etc/gluu/conf/gluu-ldap.properties",
)
sync_ldap_truststore(manager)
if persistence_type in ("couchbase", "hybrid"):
render_couchbase_properties(
manager,
"/app/templates/gluu-couchbase.properties.tmpl",
"/etc/gluu/conf/gluu-couchbase.properties",
)
# need to resolve whether we're using default or user-defined couchbase cert
sync_couchbase_cert(manager)
sync_couchbase_truststore(manager)
if persistence_type == "hybrid":
render_hybrid_properties("/etc/gluu/conf/gluu-hybrid.properties")
if not os.path.isfile("/etc/certs/gluu_https.crt"):
get_server_certificate(manager.config.get("hostname"), 443,
"/etc/certs/gluu_https.crt")
cert_to_truststore(
"gluu_https",
"/etc/certs/gluu_https.crt",
"/usr/lib/jvm/default-jvm/jre/lib/security/cacerts",
"changeit",
)
if not os.path.isfile("/etc/certs/idp-signing.crt"):
manager.secret.to_file("idp3SigningCertificateText",
"/etc/certs/idp-signing.crt")
manager.secret.to_file("passport_rp_jks_base64",
"/etc/certs/passport-rp.jks",
decode=True,
binary_mode=True)
manager.secret.to_file("api_rp_jks_base64",
"/etc/certs/api-rp.jks",
decode=True,
binary_mode=True)
with open(manager.config.get("api_rp_client_jwks_fn"), "w") as f:
f.write(
base64.b64decode(manager.secret.get("api_rp_client_base64_jwks")))
manager.secret.to_file("api_rs_jks_base64",
"/etc/certs/api-rs.jks",
decode=True,
binary_mode=True)
with open(manager.config.get("api_rs_client_jwks_fn"), "w") as f:
f.write(
base64.b64decode(manager.secret.get("api_rs_client_base64_jwks")))
manager.secret.to_file("scim_rs_jks_base64",
"/etc/certs/scim-rs.jks",
decode=True,
binary_mode=True)
with open(manager.config.get("scim_rs_client_jwks_fn"), "w") as f:
f.write(
base64.b64decode(manager.secret.get("scim_rs_client_base64_jwks")))
manager.secret.to_file("scim_rp_jks_base64",
"/etc/certs/scim-rp.jks",
decode=True,
binary_mode=True)
with open(manager.config.get("scim_rp_client_jwks_fn"), "w") as f:
f.write(
base64.b64decode(manager.secret.get("scim_rp_client_base64_jwks")))
modify_jetty_xml()
modify_webdefault_xml()
def main():
persistence_type = os.environ.get("GLUU_PERSISTENCE_TYPE", "ldap")
render_salt(manager, "/app/templates/salt.tmpl", "/etc/gluu/conf/salt")
render_gluu_properties("/app/templates/gluu.properties.tmpl",
"/etc/gluu/conf/gluu.properties")
if persistence_type in ("ldap", "hybrid"):
render_ldap_properties(
manager,
"/app/templates/gluu-ldap.properties.tmpl",
"/etc/gluu/conf/gluu-ldap.properties",
)
sync_ldap_truststore(manager)
if persistence_type in ("couchbase", "hybrid"):
render_couchbase_properties(
manager,
"/app/templates/gluu-couchbase.properties.tmpl",
"/etc/gluu/conf/gluu-couchbase.properties",
)
# need to resolve whether we're using default or user-defined couchbase cert
# sync_couchbase_cert(manager)
sync_couchbase_truststore(manager)
if persistence_type == "hybrid":
render_hybrid_properties("/etc/gluu/conf/gluu-hybrid.properties")
if not os.path.isfile("/etc/certs/gluu_https.crt"):
if as_boolean(os.environ.get("GLUU_SSL_CERT_FROM_SECRETS", False)):
manager.secret.to_file("ssl_cert", "/etc/certs/gluu_https.crt")
else:
get_server_certificate(manager.config.get("hostname"), 443,
"/etc/certs/gluu_https.crt")
cert_to_truststore(
"gluu_https",
"/etc/certs/gluu_https.crt",
"/usr/lib/jvm/default-jvm/jre/lib/security/cacerts",
"changeit",
)
if not os.path.isfile("/etc/certs/idp-signing.crt"):
manager.secret.to_file("idp3SigningCertificateText",
"/etc/certs/idp-signing.crt")
manager.secret.to_file("passport_rp_jks_base64",
"/etc/certs/passport-rp.jks",
decode=True,
binary_mode=True)
manager.secret.to_file("api_rp_jks_base64",
"/etc/certs/api-rp.jks",
decode=True,
binary_mode=True)
with open(manager.config.get("api_rp_client_jwks_fn"), "w") as f:
f.write(
base64.b64decode(
manager.secret.get("api_rp_client_base64_jwks")).decode())
manager.secret.to_file("api_rs_jks_base64",
"/etc/certs/api-rs.jks",
decode=True,
binary_mode=True)
with open(manager.config.get("api_rs_client_jwks_fn"), "w") as f:
f.write(
base64.b64decode(
manager.secret.get("api_rs_client_base64_jwks")).decode())
# manager.secret.to_file("scim_rs_jks_base64", "/etc/certs/scim-rs.jks",
# decode=True, binary_mode=True)
# with open(manager.config.get("scim_rs_client_jwks_fn"), "w") as f:
# f.write(
# base64.b64decode(manager.secret.get("scim_rs_client_base64_jwks")).decode()
# )
# manager.secret.to_file("scim_rp_jks_base64", "/etc/certs/scim-rp.jks",
# decode=True, binary_mode=True)
# with open(manager.config.get("scim_rp_client_jwks_fn"), "w") as f:
# f.write(
# base64.b64decode(manager.secret.get("scim_rp_client_base64_jwks")).decode()
# )
modify_jetty_xml()
modify_webdefault_xml()
sync_enabled = as_boolean(os.environ.get("GLUU_SYNC_JKS_ENABLED", False))
if not sync_enabled:
manager.secret.to_file(
"oxauth_jks_base64",
"/etc/certs/oxauth-keys.jks",
decode=True,
binary_mode=True,
)
with open("/etc/certs/oxauth-keys.json", "w") as f:
f.write(
base64.b64decode(
manager.secret.get("oxauth_openid_key_base64")).decode())
certs_from_webdav()