Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(jans-lock): lock should collect MAU and MAC based on log entries… #10328

Merged
merged 18 commits into from
Jan 6, 2025
Merged
Show file tree
Hide file tree
Changes from 17 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions jans-auth-server/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,7 @@
<version>1.6.0</version>
</dependency>


<!-- Weld -->
<dependency>
<groupId>org.jboss.weld</groupId>
Expand Down
20 changes: 15 additions & 5 deletions jans-bom/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -509,6 +509,16 @@
<artifactId>commons-collections</artifactId>
<version>3.2.2</version>
</dependency>
<dependency>
<groupId>io.prometheus</groupId>
<artifactId>simpleclient_common</artifactId>
<version>0.9.0</version>
</dependency>
<dependency>
<groupId>net.agkn</groupId>
<artifactId>hll</artifactId>
<version>1.6.0</version>
</dependency>

<!-- Logging -->
<dependency>
Expand Down Expand Up @@ -605,7 +615,7 @@
<artifactId>jackson-dataformat-cbor</artifactId>
<version>${jackson.version}</version>
</dependency>
<!-- <dependency>
<!-- <dependency>
<groupId>jakarta.xml.bind</groupId>
<artifactId>jakarta.xml.bind-api</artifactId>
<version>2.3.3</version>
Expand Down Expand Up @@ -788,7 +798,7 @@
<artifactId>metrics-core</artifactId>
<version>4.2.12</version>
</dependency>

<!-- Timer -->
<dependency>
<groupId>org.quartz-scheduler</groupId>
Expand Down Expand Up @@ -832,7 +842,7 @@
<artifactId>velocity-engine-core</artifactId>
<version>2.3</version>
</dependency>

<!-- Date/time utils -->
<dependency>
<groupId>joda-time</groupId>
Expand Down Expand Up @@ -897,8 +907,8 @@
<version>${mockito.version}</version>
<scope>test</scope>
</dependency>
<!-- java compiler lib -->

<!-- java compiler lib -->
<dependency>
<groupId>net.openhft</groupId>
<artifactId>compiler</artifactId>
Expand Down
33 changes: 33 additions & 0 deletions jans-linux-setup/jans_setup/schema/jans_schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -2454,6 +2454,17 @@
"syntax": "1.3.6.1.4.1.1466.115.121.1.15",
"x_origin": "Jans created attribute"
},
{
"desc": "Jans client data",
"equality": "caseIgnoreMatch",
"names": [
"clntDat"
],
"oid": "jansAttr",
"substr": "caseIgnoreSubstringsMatch",
"syntax": "1.3.6.1.4.1.1466.115.121.1.15",
"x_origin": "Jans created attribute"
},
{
"desc": "OX PKCE code challenge",
"equality": "caseIgnoreMatch",
Expand Down Expand Up @@ -4083,6 +4094,7 @@
"requestedResource"
],
"oid": "jansAttr",
"rdbm_json_column": true,
"substr": "caseIgnoreSubstringsMatch",
"syntax": "1.3.6.1.4.1.1466.115.121.1.15",
"x_origin": "Jans created attribute"
Expand Down Expand Up @@ -5209,6 +5221,27 @@
],
"x_origin": "Jans created objectclass"
},
{
"kind": "STRUCTURAL",
"may": [
"jansId",
"dat",
"clntDat",
"jansData",
"attr"
],
"must": [
"objectclass"
],
"names": [
"jansLockStatEntry"
],
"oid": "jansObjClass",
"sup": [
"top"
],
"x_origin": "Jans Lock created objectclass"
},
{
"kind": "STRUCTURAL",
"may": [
Expand Down
52 changes: 52 additions & 0 deletions jans-linux-setup/jans_setup/setup_app/installers/base.py
Original file line number Diff line number Diff line change
@@ -1,22 +1,33 @@
import os
import uuid
import inspect
import json

from setup_app import paths
from setup_app.utils import base
from setup_app.config import Config
from setup_app.pylib.ldif4.ldif import LDIFWriter

from setup_app.utils.db_utils import dbUtils
from setup_app.utils.progress import jansProgress
from setup_app.utils.printVersion import get_war_info

class BaseInstaller:
needdb = True
dbUtils = dbUtils
service_scopes_created = False

def register_progess(self):
if not hasattr(self, 'output_folder'):
self.output_folder = os.path.join(Config.output_dir, self.service_name)

if not hasattr(self, 'templates_dir'):
self.templates_dir = os.path.join(Config.templateFolder, self.service_name)

jansProgress.register(self)

def start_installation(self):

if not hasattr(self, 'pbar_text'):
pbar_text = "Installing " + self.service_name.title()
else:
Expand Down Expand Up @@ -44,6 +55,9 @@ def start_installation(self):
self.render_unit_file()

self.render_import_templates()
if not self.service_scopes_created:
self.create_scopes()

self.update_backend()
self.service_post_setup()

Expand Down Expand Up @@ -244,3 +258,41 @@ def service_post_setup(self):

def service_post_install_tasks(self):
pass

def create_scopes(self):
scopes_json_fn = os.path.join(self.templates_dir, 'scopes.json')

if not os.path.exists(scopes_json_fn):
return

self.logIt(f"Creating {self.service_name} scopes from {scopes_json_fn}")
scopes = base.readJsonFile(scopes_json_fn)
scopes_ldif_fn = os.path.join(self.output_folder, 'scopes.ldif')
self.createDirs(self.output_folder)

scopes_list = []

with open(scopes_ldif_fn, 'wb') as scope_ldif_fd:
ldif_scopes_writer = LDIFWriter(scope_ldif_fd, cols=1000)
for scope in scopes:
scope_dn = 'inum={},ou=scopes,o=jans'.format(scope['inum'])
scopes_list.append(scope_dn)
ldif_dict = {
'objectClass': ['top', 'jansScope'],
'description': [scope['description']],
'displayName': [scope['displayName']],
'inum': [scope['inum']],
'jansDefScope': [str(scope['jansDefScope'])],
'jansId': [scope['jansId']],
'jansScopeTyp': [scope['jansScopeTyp']],
'jansAttrs': [json.dumps({
"spontaneousClientId":None,
"spontaneousClientScopes":[],
"showInConfigurationEndpoint": False
})],
}
ldif_scopes_writer.unparse(scope_dn, ldif_dict)

self.dbUtils.import_ldif([scopes_ldif_fn])
self.service_scopes_created = True
return scopes_list
35 changes: 2 additions & 33 deletions jans-linux-setup/jans_setup/setup_app/installers/jans_casa.py
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,8 @@ def add_plugins(self):


def generate_configuration(self):
self.casa_scopes = self.create_scopes()
if not hasattr(self, 'casa_scopes'):
self.casa_scopes = self.create_scopes()

self.check_clients([('casa_client_id', self.client_id_prefix)])

Expand Down Expand Up @@ -117,38 +118,6 @@ def create_folders(self):
self.createDirs(os.path.join(self.jetty_service_dir, cdir))


def create_scopes(self):
self.logIt("Creating Casa client scopes")
scopes = base.readJsonFile(self.scopes_fn)
casa_scopes_ldif_fn = os.path.join(self.output_folder, 'scopes.ldif')
self.createDirs(self.output_folder)
scope_ldif_fd = open(casa_scopes_ldif_fn, 'wb')
scopes_list = []

ldif_scopes_writer = LDIFWriter(scope_ldif_fd, cols=1000)

for scope in scopes:
scope_dn = 'inum={},ou=scopes,o=jans'.format(scope['inum'])
scopes_list.append(scope_dn)
ldif_dict = {
'objectClass': ['top', 'jansScope'],
'description': [scope['description']],
'displayName': [scope['displayName']],
'inum': [scope['inum']],
'jansDefScope': [str(scope['jansDefScope'])],
'jansId': [scope['jansId']],
'jansScopeTyp': [scope['jansScopeTyp']],
'jansAttrs': [json.dumps({"spontaneousClientId":None, "spontaneousClientScopes":[], "showInConfigurationEndpoint": False})],
}
ldif_scopes_writer.unparse(scope_dn, ldif_dict)

scope_ldif_fd.close()

self.dbUtils.import_ldif([casa_scopes_ldif_fn])

return scopes_list


def service_post_setup(self):
self.writeFile(os.path.join(self.jetty_service_dir, '.administrable'), '', backup=False)
self.chown(self.jetty_service_dir, Config.jetty_user, Config.jetty_group, recursive=True)
5 changes: 5 additions & 0 deletions jans-linux-setup/jans_setup/static/rdbm/sql_data_types.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,11 @@
"type": "TEXT"
}
},
"clntDat": {
"mysql": {
"type": "TEXT"
}
},
"description": {
"mysql": {
"size": 768,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
"metricReporterInterval": 300,
"metricReporterKeepDataDays": 15,
"metricReporterEnabled": true,
"statEnabled": true,
"errorReasonEnabled": false,
"opaConfiguration": {
"baseUrl": "http://%(jans_opa_host)s:%(jans_opa_port)s/v1/",
Expand Down
33 changes: 25 additions & 8 deletions jans-linux-setup/jans_setup/templates/jans-lock/errors.json
Original file line number Diff line number Diff line change
@@ -1,9 +1,26 @@
{
"common": [
{
"id": "unknown_error",
"description": "Unknown or not found error",
"uri": null
}
]
}
"common": [
{
"id": "invalid_request",
"description": "The request is missing a required parameter, includes an unsupported parameter or parameter value, or is otherwise malformed",
"uri": null
},
{
"id": "unknown_error",
"description": "Unknown or not found error",
"uri": null
}
],
"stat":[
{
"id":"invalid_request",
"description":"The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed.",
"uri":null
},
{
"id":"access_denied",
"description":"The resource owner or authorization server denied the request.",
"uri":null
}
]
}
10 changes: 10 additions & 0 deletions jans-linux-setup/jans_setup/templates/jans-lock/scopes.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
[
{
"inum": "4000.01.1",
"jansId": "https://jans.io/oauth/lock/sse.read",
"displayName": "Lock API scope",
"description": "Permission to access SSE endpoint",
"jansDefScope": false,
"jansScopeTyp": "oauth"
}
]
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
"attributes":"ou=attributes,o=jans",
"tokens":"ou=tokens,o=jans",
"sessions":"ou=sessions,o=jans",
"metric":"ou=statistic,o=metric"
"metric":"ou=statistic,o=metric",
"stat": "ou=lock,ou=stat,o=jans"
}
}
Loading
Loading