feat: enhance Google Spanner support (#19)

* feat: enhance spanner support * fix: conform to latest jans-pycloudlib * fix: do not update persistence if keystore path is unchanged * chore: update jans-pycloudlib * chore: update jans-pycloudlib * chore: update jans-pycloudlib * feat: add feature to customize Jetty request header size * chore: update jans-auth-server * chore: update jans-auth-server Co-authored-by: Mohammad Abudayyeh <[email protected]>
moabu · Jun 23, 2021 · e30193d · e30193d
1 parent 4d9b16b
commit e30193d
Show file tree

Hide file tree

Showing 6 changed files with 36 additions and 10 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -51,7 +51,7 @@ RUN wget -q https://github.com/fabioz/PyDev.Debugger/archive/refs/tags/pydev_deb
 # ===========
 
 ENV CN_VERSION=1.0.0-SNAPSHOT
-ENV CN_BUILD_DATE='2021-06-01 16:06'
+ENV CN_BUILD_DATE='2021-06-22 16:57'
 ENV CN_SOURCE_URL=https://maven.jans.io/maven/io/jans/jans-auth-server/${CN_VERSION}/jans-auth-server-${CN_VERSION}.war
 
 # Install Jans Auth
@@ -156,7 +156,9 @@ ENV CN_PERSISTENCE_TYPE=ldap \
     CN_COUCHBASE_BUCKET_PREFIX=jans \
     CN_COUCHBASE_TRUSTSTORE_ENABLE=true \
     CN_COUCHBASE_KEEPALIVE_INTERVAL=30000 \
-    CN_COUCHBASE_KEEPALIVE_TIMEOUT=2500
+    CN_COUCHBASE_KEEPALIVE_TIMEOUT=2500 \
+    CN_GOOGLE_SPANNER_INSTANCE_ID="" \
+    CN_GOOGLE_SPANNER_DATABASE_ID=""
 
 # ===========
 # Generic ENV

diff --git a/README.md b/README.md
@@ -73,3 +73,6 @@ The following environment variables are supported by the container:
 - `CN_SYNC_JKS_INTERVAL`: Interval of JKS sync in seconds (if needed); obsolete.
 - `GOOGLE_PROJECT_ID`: Google Project ID (default to empty string). Used when `CN_CONFIG_ADAPTER` or `CN_SECRET_ADAPTER` set to `google`.
 - `GOOGLE_APPLICATION_CREDENTIALS`: Path to Google credentials JSON file (default to `/etc/jans/conf/google-credentials.json`). Used when `CN_CONFIG_ADAPTER` or `CN_SECRET_ADAPTER` set to `google`.
+- `CN_GOOGLE_SPANNER_INSTANCE_ID`: Google Spanner instance ID.
+- `CN_GOOGLE_SPANNER_DATABASE_ID`: Google Spanner database ID.
+- `CN_JETTY_REQUEST_HEADER_SIZE`: Maximum size of request header accepted by Jetty (default to `8192`).
diff --git a/conf/jans-spanner.properties.tmpl b/conf/jans-spanner.properties.tmpl
@@ -23,5 +23,8 @@ connection.pool.create-max-wait-time-millis=20000
 # Maximum allowed statement result set size
 statement.limit.default-maximum-result-size=1000
 
+# Maximum allowed delete statement result set size
+statement.limit.maximum-result-delete-size=10000
+
 binaryAttributes=objectGUID
 certificateAttributes=userCertificate
diff --git a/requirements.txt b/requirements.txt
@@ -1 +1 @@
--e git+https://github.com/JanssenProject/jans-pycloudlib@a49f267f16a75965756d475d0e8102ad7cde2010#egg=jans-pycloudlib
+-e git+https://github.com/JanssenProject/jans-pycloudlib@a6ce9a098be01b4edcb69fbeee7f0bf745130c44#egg=jans-pycloudlib
diff --git a/scripts/bootstrap.py b/scripts/bootstrap.py
@@ -45,6 +45,15 @@ def modify_jetty_xml():
         flags=re.DOTALL | re.M,
     )
 
+    # set custom request header size
+    req_header_size = os.environ.get("CN_JETTY_REQUEST_HEADER_SIZE", "8192")
+    updates = re.sub(
+        r'(<Set name="requestHeaderSize"><Property name="jetty.httpConfig.requestHeaderSize" deprecated="jetty.request.header.size" default=)"\d+"( /></Set>)',
+        r'\1"{}"\2'.format(req_header_size),
+        updates,
+        flags=re.DOTALL | re.M,
+    )
+
     with open(fn, "w") as f:
         f.write(updates)
 

diff --git a/scripts/keystore_mod.py b/scripts/keystore_mod.py
@@ -6,6 +6,7 @@
 from jans.pycloudlib.persistence.couchbase import get_couchbase_password
 from jans.pycloudlib.persistence.ldap import LdapClient
 from jans.pycloudlib.persistence.sql import SQLClient
+from jans.pycloudlib.persistence.spanner import SpannerClient
 
 
 class BasePersistence:
@@ -112,11 +113,24 @@ def modify_auth_config(self, id_, rev, conf_dynamic):
         return modified
 
 
+class SpannerPersistence(SqlPersistence):
+    def __init__(self, manager):
+        self.client = SpannerClient()
+
+
+_backend_classes = {
+    "ldap": LdapPersistence,
+    "couchbase": CouchbasePersistence,
+    "sql": SqlPersistence,
+    "spanner": SpannerPersistence,
+}
+
+
 def modify_keystore_path(manager, path, jwks_uri):
     persistence_type = os.environ.get("CN_PERSISTENCE_TYPE", "ldap")
     ldap_mapping = os.environ.get("CN_PERSISTENCE_LDAP_MAPPING", "default")
 
-    if persistence_type in ("ldap", "couchbase", "sql"):
+    if persistence_type in ("ldap", "couchbase", "sql", "spanner"):
         backend_type = persistence_type
     else:
         # persistence_type is hybrid
@@ -126,12 +140,7 @@ def modify_keystore_path(manager, path, jwks_uri):
             backend_type = "couchbase"
 
     # resolve backend
-    if backend_type == "ldap":
-        backend = LdapPersistence(manager)
-    elif backend_type == "couchbase":
-        backend = CouchbasePersistence(manager)
-    else:
-        backend = SqlPersistence(manager)
+    backend = _backend_classes[backend_type](manager)
 
     config = backend.get_auth_config()
     if not config:
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		-e git+https://github.com/JanssenProject/jans-pycloudlib@a49f267f16a75965756d475d0e8102ad7cde2010#egg=jans-pycloudlib
		-e git+https://github.com/JanssenProject/jans-pycloudlib@a6ce9a098be01b4edcb69fbeee7f0bf745130c44#egg=jans-pycloudlib