Merge branch 'release/v7.0.8-5'

CHANGELOG.md

@@ -7,6 +7,24 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [v7.0.8-5] - 2024-11-21
+### Breaking Change
+- Newly installed dogus must explicitly request the creation of a service account in the CAS via dogu.json. Further information on this can be found in the [developer documentation](https://github.com/cloudogu/dogu-development-docs/blob/main/docs/important/relevant_functionalities_en.md#authentifizierung)
+
+### Changed
+- Use JSON service registry [#221]
+  - services are read from and stored in json files instead of local config
+  - native implementation from CAS is used for this, which reduces custom overlay implementation
+- Changed logic to create and remove service accounts [#221]
+
+### Removed
+- Reading service information directly from ETCD [#221]
+  - Removed java classes for service creation
+
+### Fixed
+- Fix ServiceIdFQDN regex by changing illegal url characters [#228]
+
+
 ## [v7.0.8-4] - 2024-11-13
 ### Added
 - Replicate users from delegated authentication into LDAP [#224]

Dockerfile

@@ -41,10 +41,10 @@ RUN apk update && apk add wget && wget -O  "apache-tomcat-${TOMCAT_VERSION}.tar.
 
 
 # registry.cloudogu.com/official/cas
-FROM registry.cloudogu.com/official/java:21.0.4-1
+FROM registry.cloudogu.com/official/java:21.0.4-4
 
 LABEL NAME="official/cas" \
-      VERSION="7.0.8-4" \
+      VERSION="7.0.8-5" \
       maintainer="[email protected]"
 
 ARG TOMCAT_VERSION
@@ -67,7 +67,8 @@ ENV TOMCAT_VERSION=${TOMCAT_VERSION} \
 	SERVICE_TAGS=webapp \
 	USER=cas \
     GROUP=cas \
-    SSL_BASE_DIRECTORY="/etc/ssl"
+    SSL_BASE_DIRECTORY="/etc/ssl" \
+    STARTUP_DIR=/
 
 # setup user
 RUN set -x \

Jenkinsfile

@@ -139,13 +139,6 @@ parallel(
                                         "terms_of_service": "https://docs.cloudogu.com/",
                                         "imprint": "https://cloudogu.com/"
                                     },
-                                    "service_accounts": {
-                                        "oauth": {
-                                            "inttest": {
-                                                "secret": "fda8e031d07de22bf14e552ab12be4bc70b94a1fb61cb7605833765cb74f2dea"
-                                            }
-                                        }
-                                    },
                                     "oidc": {
                                         "enabled": "true",
                                         "discovery_uri": "http://${ecoSystem.externalIP}:9000/auth/realms/Cloudogu/.well-known/openid-configuration",
@@ -175,6 +168,8 @@ parallel(
                         }
 
                         stage('Build dogu') {
+                            // force post-upgrade from cas version 7.0.8-4 to migrate existing services from defaultSetupConfig
+                            ecoSystem.vagrant.sshOut "sed 's/7.0.8-4/7.0.8-5/g' -i /dogu/dogu.json"
                             ecoSystem.build("/dogu")
                         }
 
@@ -197,9 +192,8 @@ parallel(
 
                         stage('Integration Tests') {
                             echo "Create custom dogu to access OAuth endpoints for the integration tests"
-                            ecoSystem.vagrant.sshOut "etcdctl mkdir /dogu/inttest"
-                            ecoSystem.vagrant.sshOut '''etcdctl set /dogu/inttest/0.0.1 '{\\"Name\\":\\"official/inttest\\",\\"Dependencies\\":[\\"cas\\"]}' '''
-                            ecoSystem.vagrant.sshOut "etcdctl set /dogu/inttest/current \"0.0.1\""
+                            ecoSystem.vagrant.ssh "sudo docker cp /dogu/integrationTests/services/ cas:/etc/cas/services/production/"
+                            ecoSystem.vagrant.sshOut "sudo docker exec cas ls /etc/cas/services/production"
 
                             ecoSystem.runCypressIntegrationTests([
                                     cypressImage     : "cypress/included:13.13.2",

app/build.gradle

@@ -160,6 +160,7 @@ dependencies {
     implementation "org.apereo.cas:cas-server-support-throttle"
     implementation "org.apereo.cas:cas-server-support-throttle-core"
 
+    implementation "org.apereo.cas:cas-server-support-json-service-registry"
 
     implementation 'org.mousio:etcd4j:2.18.0'
     implementation 'com.googlecode.json-simple:json-simple:1.1.1'

app/etc/cas/config/cas.properties

@@ -18,9 +18,6 @@
 cas.server.name=https://localhost:8443
 cas.server.prefix=${cas.server.name}/cas
 
-#ces.services.stage=production
-ces.services.stage=development
-
 # Unique CAS node name
 # host.name is used to generate unique Service Ticket IDs and SAMLArtifacts. This is usually set to the specific
 # hostname of the machine running the CAS node, but it could be any label so long as it is unique in the cluster.
@@ -76,7 +73,6 @@ cas.authn.ldap[0].use-start-tls=false
 cas.authn.ldap[0].principal-attribute-id=uid
 cas.authn.ldap[0].principal-attribute-list=uid:username,cn,mail:mail,givenName:givenName,sn:surname,displayName,memberOf:groups
 cas.authn.attributeRepository.ldap[0].attributes.groups=memberOf
-ces.services.allowedAttributes=username,cn,mail,givenName,surname,displayName,groups
 
 #========================================
 # LDAP connection pool configuration