feat(jans-pycloudlib): remove support for ldap persistence (#9729)

Signed-off-by: iromli <[email protected]>
JanssenProject · Oct 11, 2024 · 595fff6 · 595fff6
1 parent 5be7c7a
commit 595fff6
Show file tree

Hide file tree

Showing 18 changed files with 92 additions and 403 deletions.
diff --git a/jans-pycloudlib/docs/api/wait.md b/jans-pycloudlib/docs/api/wait.md
@@ -16,10 +16,6 @@
 
 ::: jans.pycloudlib.wait.wait_for_secret
 
-::: jans.pycloudlib.wait.wait_for_ldap
-
-::: jans.pycloudlib.wait.wait_for_ldap_conn
-
 ::: jans.pycloudlib.wait.wait_for_couchbase
 
 ::: jans.pycloudlib.wait.wait_for_couchbase_conn

diff --git a/jans-pycloudlib/docs/guides/container_app.md b/jans-pycloudlib/docs/guides/container_app.md
@@ -55,7 +55,7 @@ def create_manager():
 def wait(manager):
     # ensure startup orders is guarded by waiting for readiness of
     # the following dependencies
-    deps = ["config", "secret", "ldap"]
+    deps = ["config", "secret", "sql"]
     wait_for(manager, deps)
 
 
@@ -85,37 +85,47 @@ confDir=
 pythonModulesDir=/opt/jans/python/libs:/opt/jython/Lib/site-packages
 ```
 
-Create ``/app/templates/jans-ldap.properties.tmpl``:
+Create ``/app/templates/jans-mysql.properties``:
 
 ```
-bindDN: %(ldap_binddn)s
-bindPassword: %(encoded_ox_ldap_pw)s
-servers: %(ldap_hostname)s:%(ldaps_port)s
+db.schema.name=%(rdbm_schema)s
 
-useSSL: true
-ssl.trustStoreFile: %(ldapTrustStoreFn)s
-ssl.trustStorePin: %(encoded_ldapTrustStorePass)s
-ssl.trustStoreFormat: pkcs12
+connection.uri=jdbc:mysql://%(rdbm_host)s:%(rdbm_port)s/%(rdbm_db)s?enabledTLSProtocols=TLSv1.2
 
-maxconnections: 10
+connection.driver-property.serverTimezone=%(server_time_zone)s
+# Prefix connection.driver-property.key=value will be coverterd to key=value JDBC driver properties
+#connection.driver-property.driverProperty=driverPropertyValue
 
-# Max wait 20 seconds
-connection.max-wait-time-millis=20000
+#connection.driver-property.useServerPrepStmts=false
+connection.driver-property.cachePrepStmts=false
+connection.driver-property.cacheResultSetMetadata=true
+connection.driver-property.metadataCacheSize=500
+#connection.driver-property.prepStmtCacheSize=500
+#connection.driver-property.prepStmtCacheSqlLimit=1024
+
+auth.userName=%(rdbm_user)s
+auth.userPassword=%(rdbm_password_enc)s
 
-# Force to recreate polled connections after 30 minutes
-connection.max-age-time-millis=1800000
+# Password hash method
+password.encryption.method=SSHA-256
 
-# Invoke connection health check after checkout it from pool
-connection-pool.health-check.on-checkout.enabled=false
+# Connection pool size
+connection.pool.max-total=40
+connection.pool.max-idle=15
+connection.pool.min-idle=5
 
-# Interval to check connections in pool. Value is 3 minutes. Not used when onnection-pool.health-check.on-checkout.enabled=true
-connection-pool.health-check.interval-millis=180000
+# Max time needed to create connection pool in milliseconds
+connection.pool.create-max-wait-time-millis=20000
 
-# How long to wait during connection health check. Max wait 20 seconds
-connection-pool.health-check.max-response-time-millis=20000
+# Max wait 20 seconds
+connection.pool.max-wait-time-millis=20000
+
+# Allow to evict connection in pool after 30 minutes
+connection.pool.min-evictable-idle-time-millis=1800000
 
 binaryAttributes=objectGUID
 certificateAttributes=userCertificate
+
 ```
 
 Create a Python script to configure persistence:
@@ -124,10 +134,10 @@ Create a Python script to configure persistence:
 import os
 
 from jans.pycloudlib import get_manager
-from jans.pycloudlib.persistence import render_salt
-from jans.pycloudlib.persistence import render_base_properties
-from jans.pycloudlib.persistence import render_ldap_properties
-from jans.pycloudlib.persistence import sync_ldap_truststore
+from jans.pycloudlib.persistence.utils import render_salt
+from jans.pycloudlib.persistence.utils import render_base_properties
+from jans.pycloudlib.persistence.sql import render_sql_properties
+from jans.pycloudlib.persistence.sql import sync_sql_password
 
 
 def create_manager():
@@ -142,17 +152,17 @@ def create_manager():
 
 
 def configure_persistence(manager):
-    persistence_type = os.environ.get("CN_PERSISTENCE_TYPE", "ldap")
+    persistence_type = os.environ.get("CN_PERSISTENCE_TYPE", "sql")
 
-    render_salt(manager, "/app/templates/salt.tmpl", "/etc/jans/conf/salt")
-    render_base_properties("/app/templates/jans.properties.tmpl", "/etc/jans/conf/jans.properties")
+    render_salt(manager, "/app/templates/salt", "/etc/jans/conf/salt")
+    render_base_properties("/app/templates/jans.properties", "/etc/jans/conf/jans.properties")
 
-    render_ldap_properties(
+    render_sql_properties(
         manager,
-        "/app/templates/jans-ldap.properties.tmpl",
-        "/etc/jans/conf/jans-ldap.properties",
+        "/app/templates/jans-mysql.properties",
+        "/etc/jans/conf/jans-mysql.properties",
     )
-    sync_ldap_truststore(manager)
+    sync_sql_password(manager)
 
 
 if __name__ == "__main__":

diff --git a/jans-pycloudlib/jans/pycloudlib/lock/__init__.py b/jans-pycloudlib/jans/pycloudlib/lock/__init__.py
@@ -21,7 +21,6 @@
 from jans.pycloudlib.lock.couchbase_lock import CouchbaseLock
 from jans.pycloudlib.lock.spanner_lock import SpannerLock
 from jans.pycloudlib.lock.sql_lock import SqlLock
-from jans.pycloudlib.lock.ldap_lock import LdapLock
 from jans.pycloudlib.utils import as_boolean
 from jans.pycloudlib.persistence.utils import PersistenceMapper
 
@@ -34,15 +33,14 @@
 
 _DATETIME_FMT = "%Y-%m-%dT%H:%M:%S.%fZ"
 
-LockAdapter = _t.Union[SqlLock, SpannerLock, CouchbaseLock, LdapLock]
+LockAdapter = _t.Union[SqlLock, SpannerLock, CouchbaseLock]
 """Lock adapter type.
 
 Currently supports the following classes:
 
 * [SqlLock][jans.pycloudlib.lock.sql_lock.SqlLock]
 * [SpannerLock][jans.pycloudlib.lock.spanner_lock.SpannerLock]
 * [CouchbaseLock][jans.pycloudlib.lock.couchbase_lock.CouchbaseLock]
-* [LdapLock][jans.pycloudlib.lock.ldap_lock.LdapLock]
 """
 
 
@@ -255,7 +253,6 @@ def adapter(self) -> LockAdapter:  # noqa: D412
         - `sql`: returns an instance of [SqlLock][jans.pycloudlib.lock.sql_lock.SqlLock]
         - `spanner`: returns and instance of [SpannerLock][jans.pycloudlib.lock.spanner_lock.SpannerLock]
         - `couchbase`: returns and instance of [CouchbaseLock][jans.pycloudlib.lock.couchbase_lock.CouchbaseLock]
-        - `ldap`: returns and instance of [LdapLock][jans.pycloudlib.lock.ldap_lock.LdapLock]
         """
         _adapter = os.environ.get("CN_OCI_LOCK_ADAPTER") or PersistenceMapper().mapping["default"]
 
@@ -268,8 +265,7 @@ def adapter(self) -> LockAdapter:  # noqa: D412
         if _adapter == "couchbase":
             return CouchbaseLock()
 
-        if _adapter == "ldap":
-            return LdapLock()
+        # unsupported adapter
         raise ValueError(f"Unsupported lock adapter {_adapter!r}")
 
     def _record_expired(self, record: dict[str, _t.Any]) -> bool:
@@ -451,5 +447,4 @@ def release(self) -> None:
     "SpannerLock",
     "SqlLock",
     "CouchbaseLock",
-    "LdapLock",
 ]
diff --git a/jans-pycloudlib/jans/pycloudlib/persistence/__init__.py b/jans-pycloudlib/jans/pycloudlib/persistence/__init__.py
@@ -4,10 +4,6 @@
 from jans.pycloudlib.persistence.couchbase import id_from_dn  # noqa: F401
 from jans.pycloudlib.persistence.couchbase import CouchbaseClient  # noqa: F401
 from jans.pycloudlib.persistence.hybrid import render_hybrid_properties  # noqa: F401
-from jans.pycloudlib.persistence.ldap import render_ldap_properties  # noqa: F401
-from jans.pycloudlib.persistence.ldap import sync_ldap_truststore  # noqa: F401
-from jans.pycloudlib.persistence.ldap import sync_ldap_password  # noqa: F401
-from jans.pycloudlib.persistence.ldap import LdapClient  # noqa: F401
 from jans.pycloudlib.persistence.sql import render_sql_properties  # noqa: F401
 from jans.pycloudlib.persistence.sql import doc_id_from_dn  # noqa: F401
 from jans.pycloudlib.persistence.sql import SqlClient  # noqa: F401
@@ -27,10 +23,6 @@
     "id_from_dn",
     "CouchbaseClient",
     "render_hybrid_properties",
-    "render_ldap_properties",
-    "sync_ldap_truststore",
-    "sync_ldap_password",
-    "LdapClient",
     "render_sql_properties",
     "doc_id_from_dn",
     "SqlClient",

diff --git a/jans-pycloudlib/jans/pycloudlib/persistence/sql.py b/jans-pycloudlib/jans/pycloudlib/persistence/sql.py
@@ -9,6 +9,7 @@
 import typing as _t
 import warnings
 from collections import defaultdict
+from collections.abc import Callable
 from functools import cached_property
 from tempfile import NamedTemporaryFile
 
@@ -528,7 +529,12 @@ def _data_from_ldif(self, filename: str) -> _t.Iterator[tuple[str, dict[str, _t.
                     attr_mapping[attr] = self._transform_value(attr, entry[attr])
                 yield table_name, attr_mapping
 
-    def create_from_ldif(self, filepath: str, ctx: dict[str, _t.Any]) -> None:
+    def create_from_ldif(
+        self,
+        filepath: str,
+        ctx: dict[str, _t.Any],
+        transform_column_mapping: None | Callable[[str, dict], dict] = None,
+    ) -> None:
         """Create entry with data loaded from an LDIF template file.
 
         Args:
@@ -541,6 +547,8 @@ def create_from_ldif(self, filepath: str, ctx: dict[str, _t.Any]) -> None:
             dst.flush()
 
             for table_name, column_mapping in self._data_from_ldif(dst.name):
+                if callable(transform_column_mapping):
+                    column_mapping = transform_column_mapping(table_name, column_mapping)
                 self.insert_into(table_name, column_mapping)
 
     def get_server_version(self) -> tuple[int, ...]:

diff --git a/jans-pycloudlib/jans/pycloudlib/persistence/utils.py b/jans-pycloudlib/jans/pycloudlib/persistence/utils.py
@@ -49,14 +49,13 @@ def render_base_properties(src: str, dest: str) -> None:
 
     with open(dest, "w") as f:
         rendered_txt = txt % {
-            "persistence_type": os.environ.get("CN_PERSISTENCE_TYPE", "ldap"),
+            "persistence_type": os.environ.get("CN_PERSISTENCE_TYPE", "sql"),
         }
         f.write(rendered_txt)
 
 
 #: Supported persistence types.
 PERSISTENCE_TYPES = (
-    "ldap",
     "couchbase",
     "sql",
     "spanner",
@@ -157,7 +156,7 @@ class PersistenceMapper:
     """
 
     def __init__(self) -> None:
-        self.type = os.environ.get("CN_PERSISTENCE_TYPE", "ldap")
+        self.type = os.environ.get("CN_PERSISTENCE_TYPE", "sql")
         self._mapping: dict[str, str] = {}
 
     @property
@@ -191,10 +190,9 @@ def groups(self) -> dict[str, list[str]]:
 
         ```py
         {
-            "sql": ["cache", "default", "session"],
+            "sql": ["cache", "default", "session", "site"],
             "couchbase": ["user"],
             "spanner": ["token"],
-            "ldap": ["site"],
         }
         ```
         """
@@ -211,10 +209,9 @@ def groups_with_rdn(self) -> dict[str, list[str]]:
 
         ```py
         {
-            "sql": ["cache", "", "sessions"],
+            "sql": ["cache", "", "sessions", "link"],
             "couchbase": ["people, groups, authorizations"],
             "spanner": ["tokens"],
-            "ldap": ["link"],
         }
         ```
         """