feat: include eduPerson in gluuPerson table on IDP installation #858

gluu_install.py

@@ -25,8 +25,14 @@
 parser.add_argument('-uninstall', help="Uninstall Gluu server and removes all files", action='store_true')
 parser.add_argument('--args', help="Arguments to be passed to setup.py")
 parser.add_argument('--keep-downloads', help="Keep downloaded files", action='store_true')
+
 if '-a' in sys.argv:
     parser.add_argument('--jetty-version', help="Jetty verison. For example 11.0.6")
+
+if '-uninstall' not in sys.argv:
+    parser.add_argument('-maven-user', help="Maven username", required=True)
+    parser.add_argument('-maven-password', help="Maven password", required=True)
+
 parser.add_argument('-n', help="No prompt", action='store_true')
 parser.add_argument('--no-setup', help="Do not launch setup", action='store_true')
 parser.add_argument('--dist-server-base', help="Download server", default='https://maven.gluu.org/maven')
@@ -238,6 +244,14 @@ def check_installation():
 
     sys.exit()
 
+
+passman = request.HTTPPasswordMgrWithDefaultRealm()
+passman.add_password(None, maven_root, argsp.maven_user, argsp.maven_password)
+authhandler = request.HTTPBasicAuthHandler(passman)
+opener = request.build_opener(authhandler)
+request.install_opener(opener)
+
+
 def download(url, target_fn):
     dst = os.path.join(app_dir, target_fn)
     pardir, fn = os.path.split(dst)
@@ -259,7 +273,7 @@ def download(url, target_fn):
 def download_gcs():
     if not os.path.exists(os.path.join(app_dir, 'gcs')):
         print("Downloading Spanner modules")
-        gcs_download_url = 'http://162.243.99.240/icrby8xcvbcv/spanner/gcs.tgz'
+        gcs_download_url = 'http://ox.gluu.org/icrby8xcvbcv/spanner/gcs.tgz'
         tmp_dir = '/tmp/' + os.urandom(5).hex()
         target_fn = os.path.join(tmp_dir, 'gcs.tgz')
         download(gcs_download_url, target_fn)

schema/gluu_schema.json

@@ -3220,6 +3220,7 @@
                 "primaryKeyValue"
             ],
             "oid": "oxAttribute",
+            "multivalued": true,
             "substr": "caseIgnoreSubstringsMatch",
             "syntax": "1.3.6.1.4.1.1466.115.121.1.15",
             "x_origin": "Gluu created attribute"
@@ -3329,6 +3330,7 @@
                 "secondaryKeyValue"
             ],
             "oid": "oxAttribute",
+            "multivalued": true,
             "substr": "caseIgnoreSubstringsMatch",
             "syntax": "1.3.6.1.4.1.1466.115.121.1.15",
             "x_origin": "Gluu created attribute"
@@ -3405,6 +3407,7 @@
                 "tertiaryKeyValue"
             ],
             "oid": "oxAttribute",
+            "multivalued": true,
             "substr": "caseIgnoreSubstringsMatch",
             "syntax": "1.3.6.1.4.1.1466.115.121.1.15",
             "x_origin": "Gluu created attribute"

setup.py

@@ -42,6 +42,8 @@
 from setup_app.messages import msg
 from setup_app.config import Config
 
+sys.path.append(os.path.join(Config.distFolder, 'app/gcs'))
+
 # set profile
 if argsp.profile == 'DISA-STIG' or os.path.exists(os.path.join(paths.INSTALL_DIR, 'disa-stig')):
     Config.profile = static.SetupProfiles.DISA_STIG
@@ -170,6 +172,7 @@
 if not Config.noPrompt and not GSA and not Config.installed_instance and not setup_loaded:
     propertiesUtils.promptForProperties()
 
+
 if not (GSA or base.argsp.dummy):
     propertiesUtils.check_properties()
 
@@ -194,7 +197,26 @@
 
 rdbmInstaller.packageUtils = packageUtils
 
+
+
 if Config.installed_instance:
+
+    exit_after_me = False
+
+    if argsp.enable_script:
+        print("Enabling scripts {}".format(', '.join(argsp.enable_script)))
+        gluuInstaller.enable_scripts(argsp.enable_script)
+        exit_after_me = True
+
+    if argsp.ox_authentication_mode or argsp.ox_trust_authentication_mode:
+        print("Setting Authentication Modes")
+        gluuInstaller.set_auth_modes()
+        exit_after_me = True
+
+    if exit_after_me:
+        sys.exit()
+
+
     for installer in (openDjInstaller, couchbaseInstaller, httpdinstaller, 
                         oxauthInstaller, passportInstaller, scimInstaller, 
                         fidoInstaller, samlInstaller, oxdInstaller, 
@@ -333,10 +355,12 @@ def install_services():
 
 def start_services():
     for service in gluuProgress.services:
-        # we don't restart opendj
-        if service['object'].service_name in ('opendj', 'couchbase-server'):
-            continue
+
         if service['app_type'] == static.AppType.SERVICE:
+            # we don't restart opendj
+            if service['object'].service_name in ('opendj', 'couchbase-server'):
+                continue
+
             gluuProgress.progress(PostSetup.service_name, "Starting {}".format(service['name'].title()))
             time.sleep(2)
             service['object'].stop()

setup_app/config.py

@@ -147,6 +147,7 @@ def progress(self, service_name, msg, incr=False):
                                         'oxauthClient_4_inum': 'FF81-2D39',
                                         'idp_attribute_resolver_ldap.search_filter': '(|(uid=$requestContext.principalName)(mail=$requestContext.principalName))',
                                         'oxd_port': '8443',
+                                        'server_time_zone': 'UTC' + time.strftime("%z"),
                                      }
 
         # java commands
@@ -277,7 +278,8 @@ def progress(self, service_name, msg, incr=False):
 
         self.gluuScriptFiles = [
                             os.path.join(self.install_dir, 'static/scripts/logmanager.sh'),
-                            os.path.join(self.install_dir, 'static/scripts/testBind.py')
+                            os.path.join(self.install_dir, 'static/scripts/testBind.py'),
+                            os.path.join(self.install_dir, 'static/scripts/jetty10CompatibleWar.py'),
                             ]
 
         self.redhat_services = ['httpd', 'rsyslog']

setup_app/installers/gluu.py

@@ -431,6 +431,12 @@ def post_install_tasks(self):
         self.chown(Config.gluuBaseFolder, Config.root_user, Config.gluu_group, recursive=True)
         self.chown(Config.oxBaseDataFolder, Config.root_user, Config.gluu_group, recursive=True)
 
+        #enable scripts
+        self.enable_scripts(base.argsp.enable_script)
+
+        #set auth modes
+        self.set_auth_modes()
+
         for sys_path in (Config.gluuOptFolder, Config.gluuBaseFolder, Config.oxBaseDataFolder):
             self.run([paths.cmd_chmod, '-R', 'u+rwX,g+rwX,o-rwX', sys_path])
 
@@ -441,6 +447,11 @@ def post_install_tasks(self):
         if Config.profile == static.SetupProfiles.DISA_STIG:
             self.disa_stig_post_install_tasks()
 
+
+        if base.argsp.gluu_scan_cert:
+            self.generate_gluu_scan_api_keystore()
+
+
     def disa_stig_post_install_tasks(self):
 
         self.chown(Config.gluuOptFolder, Config.jetty_user, Config.gluu_group)
@@ -461,3 +472,19 @@ def disa_stig_post_install_tasks(self):
 
         self.chown(jetty_absolute_dir.parent.as_posix(), Config.user_group, recursive=True)
 
+    def enable_scripts(self, inums):
+        if inums:
+            for inum in inums:
+                self.dbUtils.enable_script(inum)
+
+    def set_auth_modes(self):
+        if base.argsp.ox_authentication_mode:
+            self.dbUtils.set_configuration('oxAuthenticationMode', base.argsp.ox_authentication_mode)
+        if base.argsp.ox_trust_authentication_mode:
+            self.dbUtils.set_configuration('oxTrustAuthenticationMode', base.argsp.ox_trust_authentication_mode)
+
+    def generate_gluu_scan_api_keystore(self):
+        suffix = 'scan_api'
+        key_fn, csr_fn, crt_fn = self.gen_cert(suffix, 'changeit', user='jetty')
+        scan_api_keystore_fn = os.path.join(Config.certFolder, 'scanAKeystore.pcks12')
+        self.gen_keystore(suffix, scan_api_keystore_fn, 'changeit', key_fn, crt_fn, store_type='PKCS12')

setup_app/installers/oxd.py

@@ -32,6 +32,11 @@ def __init__(self):
         self.ks_type_bcfks = 'bcfks'
         self.ks_type_pkcs12 = 'pkcs12'
 
+    @property
+    def oxd_hostname(self):
+        oxd_hostname, oxd_port = self.parse_url(Config.oxd_server_https)
+        return oxd_hostname
+
     def install(self):
         self.logIt("Installing {}".format(self.service_name.title()), pbar=self.service_name)
         self.run(['tar', '-zxf', Config.oxd_package, '--no-same-owner', '--strip-components=1', '-C', self.oxd_root])
@@ -69,6 +74,7 @@ def install(self):
         if not base.argsp.dummy:
             self.modify_config_yml()
             self.generate_keystore()
+            self.import_oxd_certificate()
 
         self.run([paths.cmd_chown, '-R', '{0}:{0}'.format(oxd_user), self.oxd_root])
 
@@ -89,22 +95,31 @@ def install(self):
 
         self.enable()
 
-    def modify_config_yml(self):
-        self.logIt("Configuring", pbar=self.service_name)
+    def get_yaml_config(self):
         yml_str = self.readFile(self.oxd_server_yml_fn)
         oxd_yaml = ruamel.yaml.load(yml_str, ruamel.yaml.RoundTripLoader)
+        return oxd_yaml
+
+    def modify_config_yml(self):
+        self.logIt("Configuring", pbar=self.service_name)
+
+        oxd_yaml = self.get_yaml_config()
+        addr_list = [Config.ip]
+        lo = '127.0.0.1'
+        if self.oxd_hostname == 'localhost':
+            addr_list.append(lo)
 
         if 'bind_ip_addresses' in oxd_yaml:
-            oxd_yaml['bind_ip_addresses'].append(Config.ip)
+            oxd_yaml['bind_ip_addresses'] += addr_list
         else:
             for i, k in enumerate(oxd_yaml):
                 if k == 'storage':
                     break
             else:
                 i = 1
-            addr_list = [Config.ip]
-            if Config.profile == SetupProfiles.DISA_STIG:
-                addr_list.append('127.0.0.1')
+
+            if Config.profile == SetupProfiles.DISA_STIG and lo not in addr_list:
+                addr_list.append(lo)
             oxd_yaml.insert(i, 'bind_ip_addresses',  addr_list)
 
         if Config.get('oxd_use_gluu_storage'):
@@ -148,8 +163,8 @@ def modify_config_yml(self):
             admin_connectors['jceProvider'] = self.fips_provider['-providerclass']
             admin_connectors['validateCerts'] = 'false'
 
-            oxd_yaml['crypt_provider_key_store_path']=self.oxd_jwks_keystore_fn
-            oxd_yaml['crypt_provider_key_store_password']=self.oxd_keystore_passw
+            oxd_yaml['crypt_provider_key_store_path'] = self.oxd_jwks_keystore_fn
+            oxd_yaml['crypt_provider_key_store_password'] = self.oxd_keystore_passw
 
         yml_str = ruamel.yaml.dump(oxd_yaml, Dumper=ruamel.yaml.RoundTripDumper)
         self.writeFile(self.oxd_server_yml_fn, yml_str)
@@ -184,7 +199,7 @@ def generate_keystore(self):
 
             self.run(cmd_cert_gen)
 
-        else:
+        elif self.oxd_hostname != 'localhost':
             oxd_key_tmp = '{}/{}'.format(tempfile.gettempdir(),'oxd.key')
             oxd_crt_tmp = '{}/{}'.format(tempfile.gettempdir(),'oxd.crt')
             oxd_p12_tmp = '{}/{}'.format(tempfile.gettempdir(),'oxd.p12')
@@ -223,54 +238,26 @@ def generate_keystore(self):
             for f in (oxd_key_tmp, oxd_crt_tmp, oxd_p12_tmp):
                 self.run([paths.cmd_rm, '-f', f])
 
-        self.run([paths.cmd_rm, '-f', os.path.join(self.oxd_root,'conf/oxd-server.keystore')])
+        if os.path.exists(keystore_tmp):
+            self.run([paths.cmd_rm, '-f', os.path.join(self.oxd_root,'conf/oxd-server.keystore')])
+            self.run(['cp', '-f', keystore_tmp, self.oxd_server_keystore_fn])
+            self.run([paths.cmd_rm, '-f', keystore_tmp])
 
-        self.run(['cp', '-f', keystore_tmp, self.oxd_server_keystore_fn])
         self.run([paths.cmd_chown, 'jetty:jetty', self.oxd_server_keystore_fn])
 
-        self.run([paths.cmd_rm, '-f', keystore_tmp])
-
-        self.import_oxd_certificate()
-
 
     def installed(self):
         return os.path.exists(self.oxd_server_yml_fn)
 
-    def download_files(self, force=False):
-        oxd_url = Config.maven_root + '/maven/org/gluu/oxd-server/{0}/oxd-server-{0}-distribution.zip'.format(Config.oxVersion)
-
-        self.logIt("Downloading {} and preparing package".format(os.path.basename(oxd_url)))
-
-        oxd_zip_fn = os.path.join(Config.outputFolder, 'oxd-server.zip')
-        oxd_tgz_fn = os.path.join(Config.distGluuFolder, 'oxd-server.tgz')
-        tmp_dir = os.path.join('/tmp', os.urandom(5).hex())
-        oxd_tmp_dir = os.path.join(tmp_dir, 'oxd-server')
-
-        self.run([paths.cmd_mkdir, '-p', oxd_tmp_dir])
-        self.download_file(oxd_url, oxd_zip_fn)
-        self.run([paths.cmd_unzip, '-qqo', oxd_zip_fn, '-d', oxd_tmp_dir])
-        self.run([paths.cmd_mkdir, os.path.join(oxd_tmp_dir, 'data')])
-
-        service_file = 'oxd-server.init.d' if base.deb_sysd_clone else 'oxd-server.service'
-        service_url = 'https://raw.githubusercontent.com/GluuFederation/community-edition-package/master/package/systemd/oxd-server.service'.format(Config.oxVersion, service_file)
-        self.download_file(service_url, os.path.join(oxd_tmp_dir, service_file))
-
-        oxd_server_sh_url = 'https://raw.githubusercontent.com/GluuFederation/oxd/master/debian/oxd-server'
-        self.download_file(oxd_server_sh_url, os.path.join(oxd_tmp_dir, 'bin/oxd-server'))
-
-        self.run(['tar', '-zcf', oxd_tgz_fn, 'oxd-server'], cwd=tmp_dir)
-        #self.run(['rm', '-r', '-f', tmp_dir])
-        Config.oxd_package = oxd_tgz_fn
-
 
     def import_oxd_certificate(self):
-
-        oxd_hostname, oxd_port = self.parse_url(Config.oxd_server_https)
-        oxd_alias = 'oxd_' + oxd_hostname.replace('.','_')
+        oxd_yaml = self.get_yaml_config()
+        oxd_alias = 'oxd_' + self.oxd_hostname.replace('.','_')
         oxd_cert_fn = os.path.join(Config.outputFolder, '{}.pem'.format(oxd_alias))
         # let's delete if alias exists
         self.delete_key(oxd_alias)
-        self.export_cert_from_store(Config.hostname, self.oxd_server_keystore_fn, self.oxd_keystore_passw, oxd_cert_fn)
+        store_alias = 'localhost' if self.oxd_hostname == 'localhost' else Config.hostname
+        self.export_cert_from_store(store_alias, oxd_yaml['server']['applicationConnectors'][0]['keyStorePath'], self.oxd_keystore_passw, oxd_cert_fn)
         self.import_cert_to_java_truststore(oxd_alias, oxd_cert_fn)
 
 

setup_app/installers/oxtrust.py

@@ -1,6 +1,7 @@
 import os
 import glob
 import uuid
+import json
 
 from setup_app import paths
 from setup_app.utils import base
@@ -113,6 +114,12 @@ def render_import_templates(self):
         for tmp in (self.oxtrust_config_json, self.oxtrust_cache_refresh_json, self.oxtrust_import_person_json):
             self.renderTemplateInOut(tmp, self.templates_folder, self.output_folder)
 
+        if Config.rdbm_install:
+            oxtrust_config = base.readJsonFile(self.oxtrust_config_json, ordered=True)
+            oxtrust_config['personObjectClassTypes'] = []
+            oxtrust_config['personObjectClassDisplayNames'] = []
+            self.writeFile(self.oxtrust_config_json, json.dumps(oxtrust_config, indent=2))
+
         Config.templateRenderingDict['oxtrust_config_base64'] = self.generate_base64_ldap_file(self.oxtrust_config_json)
         Config.templateRenderingDict['oxtrust_cache_refresh_base64'] = self.generate_base64_ldap_file(self.oxtrust_cache_refresh_json)
         Config.templateRenderingDict['oxtrust_import_person_base64'] = self.generate_base64_ldap_file(self.oxtrust_import_person_json)