feat(docker): remove SSA mount in favor of uploading via admin-ui (#1649)

* feat(docker): remove SSA mount in favor of uploading via admin-ui

Signed-off-by: iromli <[email protected]>

* chore(deps): remove jwcrypto library

Signed-off-by: iromli <[email protected]>

* refactor: remove license ssa from charts and deployment

Signed-off-by: moabu <[email protected]>

* docs: remove licenseSsa from docs

Signed-off-by: iromli <[email protected]>

* chore: update FLEX_SOURCE_VERSION

Signed-off-by: iromli <[email protected]>

* refactor: remove SSA mount

Signed-off-by: iromli <[email protected]>

---------

Signed-off-by: iromli <[email protected]>
Signed-off-by: moabu <[email protected]>
Co-authored-by: moabu <[email protected]>

Author: iromli

automation/rancher-partner-charts/questions.yaml

@@ -1,15 +1,4 @@
 questions:
-# ==================
-# License SSA group
-# ==================
-- variable: global.licenseSsa
-  default: ""
-  required: true
-  type: string
-  label: License SSA
-  description: "Before initiating the setup, please contact Gluu to obtain a valid license or trial license. Your organization needs to register with Gluu to trial Flex, after which you are issued a JWT placed here in which you can use to install. This must be base64 encoded."
-  group: "License SSA"
-
 # ==================
 # Distribution group
 # ==================

automation/startflexdemo.sh

@@ -2,7 +2,6 @@
 set -eo pipefail
 GLUU_FQDN=$1
 GLUU_PERSISTENCE=$2
-GLUU_LICENSE_SSA=$3
 GLUU_CI_CD_RUN=$4
 EXT_IP=$5
 INSTALL_ISTIO=$6
@@ -21,9 +20,7 @@ if [[ $GLUU_PERSISTENCE != "LDAP" ]] && [[ $GLUU_PERSISTENCE != "MYSQL" ]] && [[
   echo "[E] Incorrect entry. Please enter either LDAP, MYSQL or PGSQL"
   exit 1
 fi
-if [[ ! "$GLUU_LICENSE_SSA" ]]; then
-  read -rp "Enter the License SSA provided by Gluu:                           " GLUU_LICENSE_SSA
-fi
+
 LOG_TARGET="FILE"
 LOG_LEVEL="TRACE"
 if [[ -z $GLUU_CI_CD_RUN ]]; then
@@ -145,10 +142,8 @@ EOF
 fi
 
 echo "$EXT_IP $GLUU_FQDN" | sudo tee -a /etc/hosts > /dev/null
-ENCODED_GLUU_LICENSE_SSA=$(echo -n "$GLUU_LICENSE_SSA" | base64 -w0)
 cat << EOF >> override.yaml
 global:
-  licenseSsa: $ENCODED_GLUU_LICENSE_SSA
   cloud:
     testEnviroment: true
   istio:

automation/startflexmonolithdemo.sh

@@ -5,7 +5,6 @@ GLUU_FQDN=$1
 GLUU_PERSISTENCE=$2
 EXT_IP=$3
 FLEX_BUILD_COMMIT=$4
-GLUU_LICENSE_SSA=$5
 
 if [[ ! "$GLUU_FQDN" ]]; then
   read -rp "Enter Hostname [demoexample.gluu.org]:                           " GLUU_FQDN
@@ -18,9 +17,6 @@ if [[ -z $EXT_IP ]]; then
   EXT_IP=$(curl ipinfo.io/ip)
 fi
 
-if [[ ! "$GLUU_LICENSE_SSA" ]]; then
-  read -rp "Enter the License SSA provided by Gluu:          " GLUU_LICENSE_SSA
-fi
 sudo apt-get update
 # Install Docker and Docker compose plugin
 sudo apt-get remove docker docker-engine docker.io containerd runc -y || echo "Docker doesn't exist..installing.."
@@ -69,8 +65,6 @@ if [[ "$FLEX_BUILD_COMMIT" ]]; then
 
   python3 -c "from pathlib import Path ; import ruamel.yaml ; compose = Path('/tmp/flex/docker-flex-monolith/flex-ldap-compose.yml') ; yaml = ruamel.yaml.YAML() ; data = yaml.load(compose) ; data['services']['flex']['build'] = '.' ; del data['services']['flex']['image'] ; yaml.dump(data, compose)"
 fi
-ENCODED_GLUU_LICENSE_SSA=$(echo -n "$GLUU_LICENSE_SSA" | base64 -w0)
-python3 -c "from dockerfile_parse import DockerfileParser ; dfparser = DockerfileParser('/tmp/flex/docker-flex-monolith') ; dfparser.envs['CN_GLUU_LICENSE_SSA'] = '$ENCODED_GLUU_LICENSE_SSA'"
 # --
 if [[ $GLUU_PERSISTENCE == "MYSQL" ]]; then
   docker compose -f /tmp/flex/docker-flex-monolith/flex-mysql-compose.yml up -d

charts/gluu-all-in-one/README.md

@@ -27,10 +27,9 @@ Kubernetes: `>=v1.22.0-0`
 |-----|------|---------|-------------|
 | additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
 | additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
-| admin-ui | object | `{"enabled":true,"ingress":{"adminUiEnabled":false},"licenseSsa":""}` | Admin GUI for configuration of the auth-server |
+| admin-ui | object | `{"enabled":true,"ingress":{"adminUiEnabled":false}}` | Admin GUI for configuration of the auth-server |
 | admin-ui.enabled | bool | `true` | Boolean flag to enable/disable the admin-ui chart and admin ui config api plugin. |
 | admin-ui.ingress.adminUiEnabled | bool | `false` | Enable Admin UI endpoints in either istio or nginx ingress depending on users choice |
-| admin-ui.licenseSsa | string | `""` | Your organization needs to register with Gluu to trial Flex, after which you are issued a JWT placed here in which you can use to install. This must be base64 encoded. |
 | adminPassword | string | `"Test1234#"` | Admin password to log in to the UI. |
 | alb.ingress | bool | `false` | switches the service to Nodeport for ALB ingress |
 | auth-server | object | `{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","enabled":true,"ingress":{"authServerEnabled":true,"authServerProtectedRegister":false,"authServerProtectedToken":false,"deviceCodeEnabled":true,"firebaseMessagingEnabled":true,"openidConfigEnabled":true,"u2fConfigEnabled":true,"uma2ConfigEnabled":true,"webdiscoveryEnabled":true,"webfingerEnabled":true},"lockEnabled":false}` | Parameters used globally across all services helm charts. |

charts/gluu-all-in-one/templates/deployment.yml

@@ -90,9 +90,6 @@ spec:
         {{- with .Values.volumeMounts }}
 {{- toYaml . | nindent 10 }}
         {{- end }}
-          - mountPath: /etc/jans/conf/ssa
-            name: license-ssa
-            subPath: ssa
         {{ if or (eq .Values.configSecretAdapter "aws") (eq .Values.configAdapterName "aws") }}
           - mountPath: {{ .Values.cnAwsSharedCredentialsFile }}
             name: aws-shared-credential-file
@@ -168,9 +165,6 @@ spec:
       {{- with .Values.volumes }}
 {{- toYaml . | nindent 8 }}
       {{- end }}
-        - name: license-ssa
-          secret:
-            secretName: {{ .Release.Name  }}-license-ssa
       {{ if or (eq .Values.configSecretAdapter "aws") (eq .Values.configAdapterName "aws") }}
         - name: aws-shared-credential-file
           secret:

charts/gluu-all-in-one/templates/license-secrets.yaml

@@ -314,8 +314,6 @@ auth-server-key-rotation:
   customScripts: [ ]
 # --  Admin GUI for configuration of the auth-server
 admin-ui:
-  # -- Your organization needs to register with Gluu to trial Flex, after which you are issued a JWT placed here in which you can use to install. This must be base64 encoded.
-  licenseSsa: ""
   # -- Boolean flag to enable/disable the admin-ui chart and admin ui config api plugin.
   enabled: true
   ingress: