chore(jans-cedarling): switch sidecar to debian (#10383)

* chore(jans-cedarling): switch sidecar to debian Signed-off-by: SafinWasi <[email protected]> * chore(jans-cedarling): new bootstrap structure Signed-off-by: SafinWasi <[email protected]> * fix: copying post setting workdir --------- Signed-off-by: SafinWasi <[email protected]> Co-authored-by: moabu <[email protected]>
JanssenProject · Dec 11, 2024 · 92cc167 · 92cc167
1 parent 1a7fff5
commit 92cc167
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 27 deletions.
diff --git a/jans-cedarling/flask-sidecar/Dockerfile b/jans-cedarling/flask-sidecar/Dockerfile
@@ -1,11 +1,11 @@
-FROM python:3.10.14-alpine3.19
+FROM python:3.10.16-slim-bookworm
 
 # ===============
-# Alpine packages
+# Debian packages
 # ===============
 
-RUN apk update \
-    && apk add --no-cache bash unzip wget git curl
+RUN apt-get update \
+    && apt-get install -y bash unzip wget git curl
 
 
 # ========================
@@ -35,13 +35,15 @@ ENV JANS_SOURCE_VERSION=46f9a51ee4b71d94f7e8c4d7e99d959c35510a89
 
 COPY docker-entrypoint.sh /
 RUN chmod +x /docker-entrypoint.sh
-COPY ./secrets/bootstrap.json /api/
 
 # create non-root user
-RUN adduser -s /bin/sh -D -G root -u 1000 web
+RUN adduser --shell /bin/sh --uid 1000 web \
+    && usermod -aG sudo web
 
 WORKDIR /api
 
+COPY --chown=1000:1000 ./secrets/bootstrap.json /api/
+
 RUN git clone --filter blob:none --no-checkout https://github.com/JanssenProject/jans /tmp/jans \
         && cd /tmp/jans \
         && git sparse-checkout init --cone \
@@ -53,15 +55,15 @@ RUN git clone --filter blob:none --no-checkout https://github.com/JanssenProject
         && echo "${version}" > /api/cedarling_version \
         && release_version="${version}" \
         && if [ "$version" = "0.0.0" ]; then release_version="nightly"; fi \
-        && wget -q https://github.com/JanssenProject/jans/releases/download/"${release_version}"/cedarling_python-"${version}"-cp311-cp311-manylinux_2_34_x86_64.whl -O /api/cedarling_python-"${version}"-cp311-cp311-manylinux_2_34_x86_64.whl \
+        && wget -q https://github.com/JanssenProject/jans/releases/download/"${release_version}"/cedarling_python-"${version}"-cp310-cp310-manylinux_2_34_x86_64.whl -O /api/cedarling_python-"${version}"-cp310-cp310-manylinux_2_34_x86_64.whl \
         && rm -rf /tmp/jans
 
 # Setting up proper permissions:
 RUN chmod -R g=u /api \
     && chown -R 1000:1000 /api
 
 # Project initialization:
-RUN poetry add /api/cedarling_python-$(cat /api/cedarling_version)-cp311-cp311-manylinux_2_34_x86_64.whl \
+RUN poetry add /api/cedarling_python-$(cat /api/cedarling_version)-cp310-cp310-manylinux_2_34_x86_64.whl \
     && poetry install --no-dev --no-root --no-interaction --no-ansi \
     # Cleaning poetry installation's cache for production:
     && rm -rf "$POETRY_CACHE_DIR"

diff --git a/jans-cedarling/flask-sidecar/secrets/bootstrap.json b/jans-cedarling/flask-sidecar/secrets/bootstrap.json
@@ -1,21 +1,40 @@
 {
-    "application_name": "TestApp",
-    "policy_store_id": "asdasd123123",
-    "policy_store_uri": "",
-    "jwt_sig_validation": "disabled",
-    "jwt_status_validation": "disabled",
-    "at_iss_validation": "disabled",
-    "at_jti_validation": "disabled",
-    "at_nbf_validation": "disabled",
-    "idt_iss_validation": "disabled",
-    "idt_sub_validation": "disabled",
-    "idt_exp_validation": "disabled",
-    "idt_iat_validation": "disabled",
-    "idt_aud_validation": "disabled",
-    "id_token_trust_mode": "none",
-    "userinfo_iss_validation": "disabled",
-    "userinfo_aud_validation": "disabled",
-    "userinfo_sub_validation": "disabled",
-    "userinfo_exp_validation": "disabled",
-    "log_type": "memory"
+    "CEDARLING_APPLICATION_NAME": "My App",
+    "CEDARLING_POLICY_STORE_URI": "https://gluu.org",
+    "CEDARLING_POLICY_STORE_ID": "gICAgcHJpbmNpcGFsIGlz",
+    "CEDARLING_LOG_TYPE": "std_out",
+    "CEDARLING_LOG_TTL": null,
+    "CEDARLING_USER_AUTHZ": "enabled",
+    "CEDARLING_WORKLOAD_AUTHZ": "enabled",
+    "CEDARLING_USER_WORKLOAD_BOOLEAN_OPERATION": "AND",
+    "CEDARLING_LOCAL_JWKS": null,
+    "CEDARLING_LOCAL_POLICY_STORE": null,
+    "CEDARLING_POLICY_STORE_LOCAL_FN": null,
+    "CEDARLING_JWT_SIG_VALIDATION": "disabled",
+    "CEDARLING_JWT_STATUS_VALIDATION": "disabled",
+    "CEDARLING_JWT_SIGNATURE_ALGORITHMS_SUPPORTED": [
+        "HS256",
+        "RS256"
+    ],
+    "CEDARLING_AT_ISS_VALIDATION": "disabled",
+    "CEDARLING_AT_JTI_VALIDATION": "disabled",
+    "CEDARLING_AT_NBF_VALIDATION": "disabled",
+    "CEDARLING_AT_EXP_VALIDATION": "disabled",
+    "CEDARLING_IDT_ISS_VALIDATION": "disabled",
+    "CEDARLING_IDT_SUB_VALIDATION": "disabled",
+    "CEDARLING_IDT_EXP_VALIDATION": "disabled",
+    "CEDARLING_IDT_IAT_VALIDATION": "disabled",
+    "CEDARLING_IDT_AUD_VALIDATION": "disabled",
+    "CEDARLING_USERINFO_ISS_VALIDATION": "disabled",
+    "CEDARLING_USERINFO_SUB_VALIDATION": "disabled",
+    "CEDARLING_USERINFO_AUD_VALIDATION": "disabled",
+    "CEDARLING_USERINFO_EXP_VALIDATION": "disabled",
+    "CEDARLING_ID_TOKEN_TRUST_MODE": "strict",
+    "CEDARLING_LOCK": "disabled",
+    "CEDARLING_LOCK_MASTER_CONFIGURATION_URI": null,
+    "CEDARLING_DYNAMIC_CONFIGURATION": "disabled",
+    "CEDARLING_LOCK_SSA_JWT": 0,
+    "CEDARLING_AUDIT_HEALTH_INTERVAL": 0,
+    "CEDARLING_AUDIT_TELEMETRY_INTERVAL": 0,
+    "CEDARLING_LISTEN_SSE": "disabled"
 }