feat(cloud-native)!: remove support for ldap persistence

.github/workflows/microk8s.yml

@@ -25,7 +25,7 @@ jobs:
       matrix:
         istio: ["true", "false"]
         # add '"pgsql" when supported
-        persistence-backends: ["LDAP","MYSQL"]
+        persistence-backends: ["MYSQL"]
       fail-fast: false
     runs-on: ubuntu-latest
     steps:

automation/docs/generated-cn-docs.sh

@@ -17,18 +17,15 @@ cd ..
 helm-docs "$MAIN_DIRECTORY_LOCATION"/charts/
 rm -rf helmtemp
 echo "Copying Helm chart Readme to helm-chart.md"
-cp "$MAIN_DIRECTORY_LOCATION"/charts/janssen/README.md "$MAIN_DIRECTORY_LOCATION"/docs/admin/reference/kubernetes/helm-chart.md
+cp "$MAIN_DIRECTORY_LOCATION"/charts/janssen/README.md "$MAIN_DIRECTORY_LOCATION"/docs/janssen-server/reference/kubernetes/helm-chart.md
 echo "Adding keywords to helm-chart"
-sed -i '1 s/^/---\ntags:\n  - administration\n  - reference\n  - kubernetes\n---\n/' "$MAIN_DIRECTORY_LOCATION"/docs/admin/reference/kubernetes/helm-chart.md
+sed -i '1 s/^/---\ntags:\n  - administration\n  - reference\n  - kubernetes\n---\n/' "$MAIN_DIRECTORY_LOCATION"/docs/janssen-server/reference/kubernetes/helm-chart.md
 echo "Copying docker-monolith main README.md to compose.md"
-cp "$MAIN_DIRECTORY_LOCATION"/docker-jans-monolith/README.md "$MAIN_DIRECTORY_LOCATION"/docs/admin/install/docker-install/compose.md
+cp "$MAIN_DIRECTORY_LOCATION"/docker-jans-monolith/README.md "$MAIN_DIRECTORY_LOCATION"/docs/janssen-server/install/docker-install/compose.md
 echo "Copying docker images Readme to respective image md"
 # cp docker files main README.md
 docker_images="docker-jans-auth-server docker-jans-certmanager docker-jans-config-api docker-jans-configurator docker-jans-fido2 docker-jans-persistence-loader docker-jans-scim docker-jans-monolith docker-jans-casa docker-jans-link docker-jans-all-in-one"
 for image in $docker_images;do
-  cp "$MAIN_DIRECTORY_LOCATION"/"$image"/README.md "$MAIN_DIRECTORY_LOCATION"/docs/admin/reference/kubernetes/"$image".md
+  cp "$MAIN_DIRECTORY_LOCATION"/"$image"/README.md "$MAIN_DIRECTORY_LOCATION"/docs/janssen-server/reference/kubernetes/"$image".md
 done
-echo "cp docker-opendj main README.md"
-wget https://raw.githubusercontent.com/GluuFederation/docker-opendj/5.0/README.md -O "$MAIN_DIRECTORY_LOCATION"/docs/admin/reference/kubernetes/docker-opendj.md
-sed -i '1 s/^/---\ntags:\n  - administration\n  - reference\n  - kubernetes\n - docker image\n---\n/' "$MAIN_DIRECTORY_LOCATION"/docs/admin/reference/kubernetes/docker-opendj.md
-echo "generated-cn-docs.sh executed successfully!"
+echo "generated-cn-docs.sh executed successfully!"

automation/rancher-partner-charts/app-readme.md

@@ -23,7 +23,6 @@ The Janssen Server can be deployed to support the following open standards for a
 - System for Cross-domain Identity Management (SCIM)    
 - FIDO Universal 2nd Factor (U2F)
 - FIDO 2.0 / WebAuthn
-- Lightweight Directory Access Protocol (LDAP)   
 - Remote Authentication Dial-In User Service (RADIUS)
 
 ### Important notes for installation:
@@ -32,4 +31,4 @@ The Janssen Server can be deployed to support the following open standards for a
 ### Quick install on Rancher UI with Docker single node
 - Install the nginx-ingress-controller chart.
 - Install the OpenEBS chart.
-- Install Janssen chart and specify your persistence as ldap.
+- Install Janssen chart and specify your persistence.

automation/rancher-partner-charts/questions.yaml

@@ -58,37 +58,21 @@ questions:
   type: enum
   group: "Persistence"
   label: Gluu Persistence backend
-  description: "Persistence backend to run Gluu with ldap|couchbase|hybrid|sql|spanner"
+  description: "Persistence backend to run Gluu with couchbase|hybrid|sql|spanner"
   options:
-    - "ldap"
     - "couchbase"
     - "hybrid"
     - "spanner"
     - "sql"
-# LDAP
-- variable: global.opendj.enabled
-  default: false
-  type: boolean
-  group: "Persistence"
-  required: true
-  label: Enable installation of OpenDJ
-  description: "Boolean flag to enable/disable the OpenDJ  chart."
-  show_if: "global.cnPersistenceType=ldap||global.cnPersistenceType=hybrid"
-- variable: config.configmap.cnLdapUrl
-  default: "opendj:1636"
-  type: hostname
-  group: "Persistence"
-  required: true
-  label: OpenDJ remote URL
-  description: "OpenDJ remote URL. This must be resolvable by the pods"
-  show_if: "global.opendj.enabled=false&&global.cnPersistenceType=ldap||global.cnPersistenceType=hybrid"
-- variable: config.configmap.cnPersistenceLdapMapping
+
+# Hybrid
+- variable: config.configmap.cnPersistenceHybridMapping
   default: "default"
   required: false
   type: enum
   group: "Persistence"
-  label: Gluu Persistence LDAP mapping
-  description: "Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType`  is set to `hybrid`."
+  label: Gluu Persistence hybrid mapping
+  description: "Specify data that should be saved in persistence (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType`  is set to `hybrid`."
   options:
     - "default"
     - "user"
@@ -241,42 +225,6 @@ questions:
   label: Couchbase password for the restricted user
   show_if: "global.cnPersistenceType=couchbase||global.cnPersistenceType=hybrid"
 
-# ==============================
-#  StorageClass and volume group
-# ==============================
-- variable: global.storageClass.provisioner
-  default: "microk8s.io/hostpath"
-  type: string
-  group: "Volumes"
-  required: true
-  label: StorageClass provisioner
-  show_if: "global.cnPersistenceType=ldap"
-  subquestions:
-  - variable: global.storageClass.allowVolumeExpansion
-    default: true
-    type: boolean
-    group: "Volumes"
-    required: true
-    label: StorageClass Volume expansion
-  - variable: global.storageClass.reclaimPolicy
-    default: "Retain"
-    type: enum
-    group: "Volumes"
-    required: true
-    label: StorageClass reclaimPolicy
-    options:
-      - "Delete"
-      - "Retain"
-  - variable: global.storageClass.volumeBindingMode
-    default: "WaitForFirstConsumer"
-    type: enum
-    group: "Volumes"
-    required: true
-    options:
-      - "WaitForFirstConsumer"
-      - "Immediate"
-    label: StorageClass volumeBindingMode
-
 # ===========
 # Cache group
 # ===========
@@ -365,16 +313,6 @@ questions:
   label: Organization
   description: "Organization name. Used for certificate creation."
 
-
-- variable: config.ldapPassword
-  default: "Test1234#"
-  type: password
-  group: "Configuration"
-  required: true
-  label: LDAP password
-  description: "LDAP admin password if OpenDJ is used for persistence"
-  show_if: "global.cnPersistenceType=ldap||global.cnPersistenceType=hybrid"
-
 - variable: global.isFqdnRegistered
   default: true
   required: true
@@ -647,35 +585,6 @@ questions:
   label: Fido2 image tag
   group: "Images"
   show_if: "global.fido2.enabled=true"
-# OpenDJ
-- variable: opendj.image.repository
-  required: true
-  type: string
-  default: "gluufederation/opendj"
-  description: "The OpenDJ Image repository"
-  label: OpenDJ image repo
-  group: "Images"
-  show_if: "global.opendj.enabled=true"
-- variable: opendj.image.pullPolicy
-  required: true
-  type: enum
-  group: "Images"
-  default: IfNotPresent
-  description: "The OpenDJ Image pull policy"
-  label: OpenDJ imagePullPolicy
-  options:
-  - "Always"
-  - "IfNotPresent"
-  - "Never"
-  show_if: "global.opendj.enabled=true"
-- variable: opendj.image.tag
-  required: true
-  type: string
-  default: "5.0.0_dev"
-  description: "The OpenDJ Image tag"
-  label: OpenDJ image tag
-  group: "Images"
-  show_if: "global.opendj.enabled=true"
 # Persistence
 - variable: persistence.image.repository
   required: true
@@ -774,15 +683,6 @@ questions:
   label: Fido2 Replicas
   description: "Service replica number."
   show_if: "global.fido2.enabled=true"
-# OpenDJ
-- variable: opendj.replicas
-  default: 1
-  required: false
-  type: int
-  group: "Replicas"
-  label: OpenDJ Replicas
-  description: "Service replica number."
-  show_if: "global.opendj.enabled=true"
 # SCIM
 - variable: scim.replicas
   default: 1

automation/startjanssendemo.sh

@@ -15,10 +15,10 @@ if ! [[ $JANS_FQDN == *"."*"."* ]]; then
   exit 1
 fi
 if [[ ! "$JANS_PERSISTENCE" ]]; then
-  read -rp "Enter persistence type [LDAP|MYSQL|PGSQL]:                            " JANS_PERSISTENCE
+  read -rp "Enter persistence type [MYSQL|PGSQL]:                            " JANS_PERSISTENCE
 fi
-if [[ $JANS_PERSISTENCE != "LDAP" ]] && [[ $JANS_PERSISTENCE != "MYSQL" ]] && [[ $JANS_PERSISTENCE != "PGSQL" ]]; then
-  echo "[E] Incorrect entry. Please enter either LDAP, MYSQL or PGSQL"
+if [[ $JANS_PERSISTENCE != "MYSQL" ]] && [[ $JANS_PERSISTENCE != "PGSQL" ]]; then
+  echo "[E] Incorrect entry. Please enter either MYSQL or PGSQL"
   exit 1
 fi
 
@@ -121,38 +121,6 @@ config:
 EOF
 fi
 
-ENABLE_LDAP="false"
-if [[ $JANS_PERSISTENCE == "LDAP" ]]; then
-  openssl req \
-    -x509 \
-    -newkey rsa:2048 \
-    -sha256 \
-    -days 365 \
-    -nodes \
-    -keyout opendj.key \
-    -out opendj.crt \
-    -subj "/CN=$JANS_FQDN" \
-    -addext 'subjectAltName=DNS:ldap,DNS:opendj'
-
-  LDAP_CERT_B64=$(base64 opendj.crt -w0)
-  LDAP_KEY_B64=$(base64 opendj.key -w0)
-
-  rm -f opendj.crt opendj.key
-
-  cat << EOF > override.yaml
-config:
-  countryCode: US
-  email: [email protected]
-  orgName: Gluu
-  city: Austin
-  configmap:
-    cnLdapCrt: $LDAP_CERT_B64
-    cnLdapKey: $LDAP_KEY_B64
-EOF
-  PERSISTENCE_TYPE="ldap"
-  ENABLE_LDAP="true"
-fi
-
 echo "$EXT_IP $JANS_FQDN" | sudo tee -a /etc/hosts > /dev/null
 cat << EOF >> override.yaml
 global:
@@ -173,8 +141,6 @@ global:
       persistenceLogLevel: "$LOG_LEVEL"
       persistenceDurationLogTarget: "$LOG_TARGET"
       persistenceDurationLogLevel: "$LOG_LEVEL"
-      ldapStatsLogTarget: "$LOG_TARGET"
-      ldapStatsLogLevel: "$LOG_LEVEL"
       scriptLogTarget: "$LOG_TARGET"
       scriptLogLevel: "$LOG_LEVEL"
       auditStatsLogTarget: "$LOG_TARGET"
@@ -187,7 +153,7 @@ global:
       timerLogTarget: "$LOG_TARGET"
       timerLogLevel: "$LOG_LEVEL"
     ingress:
-      casaEnabled: true     
+      casaEnabled: true
   config-api:
     appLoggers:
       configApiLogTarget: "$LOG_TARGET"
@@ -211,15 +177,10 @@ global:
       persistenceLogLevel: "$LOG_LEVEL"
       persistenceDurationLogTarget: "$LOG_TARGET"
       persistenceDurationLogLevel: "$LOG_LEVEL"
-      ldapStatsLogTarget: "$LOG_TARGET"
-      ldapStatsLogLevel: "$LOG_LEVEL"
       scriptLogTarget: "$LOG_TARGET"
       scriptLogLevel: "$LOG_LEVEL"
   fqdn: $JANS_FQDN
   lbIp: $EXT_IP
-  opendj:
-    # -- Boolean flag to enable/disable the OpenDJ  chart.
-    enabled: $ENABLE_LDAP
 # -- Nginx ingress definitions chart
 nginx-ingress:
   ingress:

automation/startjanssenmonolithdemo.sh

@@ -12,7 +12,7 @@ if [[ ! "$JANS_FQDN" ]]; then
   read -rp "Enter Hostname [demoexample.jans.io]:                           " JANS_FQDN
 fi
 if [[ ! "$JANS_PERSISTENCE" ]]; then
-  read -rp "Enter persistence type [LDAP|MYSQL|PGSQL|COUCHBASE[TEST]|SPANNER[TEST]]:                            " JANS_PERSISTENCE
+  read -rp "Enter persistence type [MYSQL|PGSQL|COUCHBASE[TEST]|SPANNER[TEST]]:                            " JANS_PERSISTENCE
 fi
 
 if [[ -z $EXT_IP ]]; then
@@ -71,7 +71,6 @@ if [[ "$JANS_BUILD_COMMIT" ]]; then
   # and use the respective image instead of the default image
   python3 -c "from pathlib import Path ; import ruamel.yaml ; compose = Path('/tmp/jans/docker-jans-monolith/jans-mysql-compose.yml') ; yaml = ruamel.yaml.YAML() ; data = yaml.load(compose) ; data['services']['jans']['build'] = '.' ; del data['services']['jans']['image'] ; yaml.dump(data, compose)"
   python3 -c "from pathlib import Path ; import ruamel.yaml ; compose = Path('/tmp/jans/docker-jans-monolith/jans-postgres-compose.yml') ; yaml = ruamel.yaml.YAML() ; data = yaml.load(compose) ; data['services']['jans']['build'] = '.' ; del data['services']['jans']['image'] ; yaml.dump(data, compose)"
-  python3 -c "from pathlib import Path ; import ruamel.yaml ; compose = Path('/tmp/jans/docker-jans-monolith/jans-ldap-compose.yml') ; yaml = ruamel.yaml.YAML() ; data = yaml.load(compose) ; data['services']['jans']['build'] = '.' ; del data['services']['jans']['image'] ; yaml.dump(data, compose)"
   python3 -c "from pathlib import Path ; import ruamel.yaml ; compose = Path('/tmp/jans/docker-jans-monolith/jans-couchbase-compose.yml') ; yaml = ruamel.yaml.YAML() ; data = yaml.load(compose) ; data['services']['jans']['build'] = '.' ; del data['services']['jans']['image'] ; yaml.dump(data, compose)"
   python3 -c "from pathlib import Path ; import ruamel.yaml ; compose = Path('/tmp/jans/docker-jans-monolith/jans-spanner-compose.yml') ; yaml = ruamel.yaml.YAML() ; data = yaml.load(compose) ; data['services']['jans']['build'] = '.' ; del data['services']['jans']['image'] ; yaml.dump(data, compose)"
 fi
@@ -87,13 +86,11 @@ if [[ $JANS_PERSISTENCE == "MYSQL" ]]; then
   bash /tmp/jans/docker-jans-monolith/up.sh mysql
 elif [[ $JANS_PERSISTENCE == "PGSQL" ]]; then
   bash /tmp/jans/docker-jans-monolith/up.sh postgres
-elif [[ $JANS_PERSISTENCE == "LDAP" ]]; then
-  bash /tmp/jans/docker-jans-monolith/up.sh ldap
 elif [[ $JANS_PERSISTENCE == "COUCHBASE" ]]; then
   bash /tmp/jans/docker-jans-monolith/up.sh couchbase
 elif [[ $JANS_PERSISTENCE == "SPANNER" ]]; then
   bash /tmp/jans/docker-jans-monolith/up.sh spanner
-fi  
+fi
 echo "$EXT_IP $JANS_FQDN" | sudo tee -a /etc/hosts > /dev/null
 jans_status="unhealthy"
 # run loop for 5 mins