def main(): persistence_type = os.environ.get("GLUU_PERSISTENCE_TYPE", "ldap") render_salt(manager, "/app/templates/salt.tmpl", "/etc/gluu/conf/salt") render_gluu_properties("/app/templates/gluu.properties.tmpl", "/etc/gluu/conf/gluu.properties") if persistence_type in ("ldap", "hybrid"): render_ldap_properties( manager, "/app/templates/gluu-ldap.properties.tmpl", "/etc/gluu/conf/gluu-ldap.properties", ) sync_ldap_truststore(manager) if persistence_type in ("couchbase", "hybrid"): render_couchbase_properties( manager, "/app/templates/gluu-couchbase.properties.tmpl", "/etc/gluu/conf/gluu-couchbase.properties", ) sync_couchbase_truststore(manager) if persistence_type == "hybrid": render_hybrid_properties("/etc/gluu/conf/gluu-hybrid.properties") if not os.path.isfile("/etc/certs/gluu_https.crt"): if as_boolean(os.environ.get("GLUU_SSL_CERT_FROM_SECRETS", False)): manager.secret.to_file("ssl_cert", "/etc/certs/gluu_https.crt") else: get_server_certificate(manager.config.get("hostname"), 443, "/etc/certs/gluu_https.crt") cert_to_truststore( "gluu_https", "/etc/certs/gluu_https.crt", "/usr/lib/jvm/default-jvm/jre/lib/security/cacerts", "changeit", ) get_oxd_cert() cert_to_truststore( "gluu_oxd", "/etc/certs/oxd.crt", "/usr/lib/jvm/default-jvm/jre/lib/security/cacerts", "changeit", ) modify_jetty_xml() modify_webdefault_xml() manager.secret.to_file("passport_rp_jks_base64", "/etc/certs/passport-rp.jks", decode=True, binary_mode=True) config = CasaConfig(manager) config.setup()
def test_render_gluu_properties(tmpdir): from pygluu.containerlib.persistence import render_gluu_properties persistence_type = "ldap" os.environ["GLUU_PERSISTENCE_TYPE"] = persistence_type src = tmpdir.join("gluu.properties.tmpl") src.write(""" persistence.type=%(persistence_type)s certsDir=%(certFolder)s pythonModulesDir=%(gluuOptPythonFolder)s/libs """.strip()) dest = tmpdir.join("gluu.properties") expected = f""" persistence.type={persistence_type} certsDir=/etc/certs pythonModulesDir=/opt/gluu/python/libs """.strip() render_gluu_properties(str(src), str(dest)) assert dest.read() == expected os.environ["GLUU_PERSISTENCE_TYPE"] = ""
updates = re.sub( r'(<param-name>dirAllowed</param-name>)(\s*)(<param-value>)true(</param-value>)', r'\1\2\3false\4', txt, flags=re.DOTALL | re.M, ) with open(fn, "w") as f: f.write(updates) if __name__ == "__main__": persistence_type = os.environ.get("GLUU_PERSISTENCE_TYPE", "ldap") render_salt(manager, "/app/templates/salt.tmpl", "/etc/gluu/conf/salt") render_gluu_properties("/app/templates/gluu.properties.tmpl", "/etc/gluu/conf/gluu.properties") if persistence_type in ("ldap", "hybrid"): render_ldap_properties( manager, "/app/templates/gluu-ldap.properties.tmpl", "/etc/gluu/conf/gluu-ldap.properties", ) manager.secret.to_file( "ldap_ssl_cert", "/etc/certs/opendj.crt", decode=True, ) sync_ldap_truststore(manager) if persistence_type in ("couchbase", "hybrid"):
def main(): persistence_type = os.environ.get("GLUU_PERSISTENCE_TYPE", "ldap") render_salt(manager, "/app/templates/salt.tmpl", "/etc/gluu/conf/salt") render_gluu_properties("/app/templates/gluu.properties.tmpl", "/etc/gluu/conf/gluu.properties") if persistence_type in ("ldap", "hybrid"): render_ldap_properties( manager, "/app/templates/gluu-ldap.properties.tmpl", "/etc/gluu/conf/gluu-ldap.properties", ) sync_ldap_truststore(manager) if persistence_type in ("couchbase", "hybrid"): render_couchbase_properties( manager, "/app/templates/gluu-couchbase.properties.tmpl", "/etc/gluu/conf/gluu-couchbase.properties", ) # need to resolve whether we're using default or user-defined couchbase cert sync_couchbase_cert(manager) sync_couchbase_truststore(manager) if persistence_type == "hybrid": render_hybrid_properties("/etc/gluu/conf/gluu-hybrid.properties") if not os.path.isfile("/etc/certs/gluu_https.crt"): get_server_certificate(manager.config.get("hostname"), 443, "/etc/certs/gluu_https.crt") cert_to_truststore( "gluu_https", "/etc/certs/gluu_https.crt", "/usr/lib/jvm/default-jvm/jre/lib/security/cacerts", "changeit", ) if not os.path.isfile("/etc/certs/idp-signing.crt"): manager.secret.to_file("idp3SigningCertificateText", "/etc/certs/idp-signing.crt") manager.secret.to_file("passport_rp_jks_base64", "/etc/certs/passport-rp.jks", decode=True, binary_mode=True) manager.secret.to_file("api_rp_jks_base64", "/etc/certs/api-rp.jks", decode=True, binary_mode=True) with open(manager.config.get("api_rp_client_jwks_fn"), "w") as f: f.write( base64.b64decode(manager.secret.get("api_rp_client_base64_jwks"))) manager.secret.to_file("api_rs_jks_base64", "/etc/certs/api-rs.jks", decode=True, binary_mode=True) with open(manager.config.get("api_rs_client_jwks_fn"), "w") as f: f.write( base64.b64decode(manager.secret.get("api_rs_client_base64_jwks"))) manager.secret.to_file("scim_rs_jks_base64", "/etc/certs/scim-rs.jks", decode=True, binary_mode=True) with open(manager.config.get("scim_rs_client_jwks_fn"), "w") as f: f.write( base64.b64decode(manager.secret.get("scim_rs_client_base64_jwks"))) manager.secret.to_file("scim_rp_jks_base64", "/etc/certs/scim-rp.jks", decode=True, binary_mode=True) with open(manager.config.get("scim_rp_client_jwks_fn"), "w") as f: f.write( base64.b64decode(manager.secret.get("scim_rp_client_base64_jwks"))) modify_jetty_xml() modify_webdefault_xml()
def main(): persistence_type = os.environ.get("GLUU_PERSISTENCE_TYPE", "ldap") render_salt(manager, "/app/templates/salt.tmpl", "/etc/gluu/conf/salt") render_gluu_properties("/app/templates/gluu.properties.tmpl", "/etc/gluu/conf/gluu.properties") if persistence_type in ("ldap", "hybrid"): render_ldap_properties( manager, "/app/templates/gluu-ldap.properties.tmpl", "/etc/gluu/conf/gluu-ldap.properties", ) sync_ldap_truststore(manager) if persistence_type in ("couchbase", "hybrid"): render_couchbase_properties( manager, "/app/templates/gluu-couchbase.properties.tmpl", "/etc/gluu/conf/gluu-couchbase.properties", ) # need to resolve whether we're using default or user-defined couchbase cert # sync_couchbase_cert(manager) sync_couchbase_truststore(manager) if persistence_type == "hybrid": render_hybrid_properties("/etc/gluu/conf/gluu-hybrid.properties") if not os.path.isfile("/etc/certs/gluu_https.crt"): if as_boolean(os.environ.get("GLUU_SSL_CERT_FROM_SECRETS", False)): manager.secret.to_file("ssl_cert", "/etc/certs/gluu_https.crt") else: get_server_certificate(manager.config.get("hostname"), 443, "/etc/certs/gluu_https.crt") cert_to_truststore( "gluu_https", "/etc/certs/gluu_https.crt", "/usr/lib/jvm/default-jvm/jre/lib/security/cacerts", "changeit", ) if not os.path.isfile("/etc/certs/idp-signing.crt"): manager.secret.to_file("idp3SigningCertificateText", "/etc/certs/idp-signing.crt") manager.secret.to_file("passport_rp_jks_base64", "/etc/certs/passport-rp.jks", decode=True, binary_mode=True) manager.secret.to_file("api_rp_jks_base64", "/etc/certs/api-rp.jks", decode=True, binary_mode=True) with open(manager.config.get("api_rp_client_jwks_fn"), "w") as f: f.write( base64.b64decode( manager.secret.get("api_rp_client_base64_jwks")).decode()) manager.secret.to_file("api_rs_jks_base64", "/etc/certs/api-rs.jks", decode=True, binary_mode=True) with open(manager.config.get("api_rs_client_jwks_fn"), "w") as f: f.write( base64.b64decode( manager.secret.get("api_rs_client_base64_jwks")).decode()) # manager.secret.to_file("scim_rs_jks_base64", "/etc/certs/scim-rs.jks", # decode=True, binary_mode=True) # with open(manager.config.get("scim_rs_client_jwks_fn"), "w") as f: # f.write( # base64.b64decode(manager.secret.get("scim_rs_client_base64_jwks")).decode() # ) # manager.secret.to_file("scim_rp_jks_base64", "/etc/certs/scim-rp.jks", # decode=True, binary_mode=True) # with open(manager.config.get("scim_rp_client_jwks_fn"), "w") as f: # f.write( # base64.b64decode(manager.secret.get("scim_rp_client_base64_jwks")).decode() # ) modify_jetty_xml() modify_webdefault_xml() sync_enabled = as_boolean(os.environ.get("GLUU_SYNC_JKS_ENABLED", False)) if not sync_enabled: manager.secret.to_file( "oxauth_jks_base64", "/etc/certs/oxauth-keys.jks", decode=True, binary_mode=True, ) with open("/etc/certs/oxauth-keys.json", "w") as f: f.write( base64.b64decode( manager.secret.get("oxauth_openid_key_base64")).decode()) certs_from_webdav()