fix(docker): implemented Cloud SQL JDBC Socket Factory support for Java services

Signed-off-by: moabu <[email protected]>

Author: moabu

docker-jans-auth-server/Dockerfile

@@ -65,19 +65,26 @@ RUN mkdir -p ${JETTY_BASE}/jans-auth/webapps \
 # ===========
 
 RUN mkdir -p /usr/share/java \
-    ${JETTY_BASE}/jans-auth/_libs
+    ${JETTY_BASE}/jans-auth/_libs \
+    ${JETTY_BASE}/jans-auth/custom/libs
 
 ARG TWILIO_VERSION=7.17.0
 ARG JSMPP_VERSION=2.3.7
 ARG CLOUDSQL_SOCKET_FACTORY_VERSION=1.27.0
 
-RUN wget -q https://repo1.maven.org/maven2/com/twilio/sdk/twilio/${TWILIO_VERSION}/twilio-${TWILIO_VERSION}.jar -P ${JETTY_BASE}/jans-auth/_libs/ \
-    && wget -q https://repo1.maven.org/maven2/org/jsmpp/jsmpp/${JSMPP_VERSION}/jsmpp-${JSMPP_VERSION}.jar -P ${JETTY_BASE}/jans-auth/_libs/ \
-    && wget -q https://repo1.maven.org/maven2/com/google/cloud/sql/mysql-socket-factory-connector-j-8/${CLOUDSQL_SOCKET_FACTORY_VERSION}/mysql-socket-factory-connector-j-8-${CLOUDSQL_SOCKET_FACTORY_VERSION}.jar -P ${JETTY_BASE}/jans-auth/_libs/ \
-    && wget -q https://repo1.maven.org/maven2/com/google/cloud/sql/postgres-socket-factory/${CLOUDSQL_SOCKET_FACTORY_VERSION}/postgres-socket-factory-${CLOUDSQL_SOCKET_FACTORY_VERSION}.jar -P ${JETTY_BASE}/jans-auth/_libs/ \
-    && for custom_lib in casa-config jans-fido2-client jans-fido2-model agama-inbound jans-lock-service jans-lock-model jans-lock-cedarling cedarling-java; \
+# Download custom libs directly to custom/libs (always available)
+RUN wget -q https://repo1.maven.org/maven2/com/twilio/sdk/twilio/${TWILIO_VERSION}/twilio-${TWILIO_VERSION}.jar -P ${JETTY_BASE}/jans-auth/custom/libs/ \
+    && wget -q https://repo1.maven.org/maven2/org/jsmpp/jsmpp/${JSMPP_VERSION}/jsmpp-${JSMPP_VERSION}.jar -P ${JETTY_BASE}/jans-auth/custom/libs/ \
+    && wget -q https://repo1.maven.org/maven2/com/google/cloud/sql/mysql-socket-factory-connector-j-8/${CLOUDSQL_SOCKET_FACTORY_VERSION}/mysql-socket-factory-connector-j-8-${CLOUDSQL_SOCKET_FACTORY_VERSION}.jar -P ${JETTY_BASE}/jans-auth/custom/libs/ \
+    && wget -q https://repo1.maven.org/maven2/com/google/cloud/sql/postgres-socket-factory/${CLOUDSQL_SOCKET_FACTORY_VERSION}/postgres-socket-factory-${CLOUDSQL_SOCKET_FACTORY_VERSION}.jar -P ${JETTY_BASE}/jans-auth/custom/libs/ \
+    && for custom_lib in casa-config jans-fido2-client jans-fido2-model agama-inbound cedarling-java; \
     do \
-        wget -nv "https://jenkins.jans.io/maven/io/jans/${custom_lib}/${CN_VERSION}/${custom_lib}-${CN_VERSION}.jar" -P "${JETTY_BASE}/jans-auth/_libs"; \
+        wget -nv "https://jenkins.jans.io/maven/io/jans/${custom_lib}/${CN_VERSION}/${custom_lib}-${CN_VERSION}.jar" -P "${JETTY_BASE}/jans-auth/custom/libs"; \
+    done
+
+RUN for lock_lib in jans-lock-service jans-lock-model jans-lock-cedarling; \
+    do \
+        wget -nv "https://jenkins.jans.io/maven/io/jans/${lock_lib}/${CN_VERSION}/${lock_lib}-${CN_VERSION}.jar" -P "${JETTY_BASE}/jans-auth/_libs"; \
     done
 
 # ===========

docker-jans-auth-server/scripts/bootstrap.py

@@ -175,20 +175,11 @@ def configure_logging():
 
 def copy_builtin_libs():
     lock_enabled = as_boolean(os.environ.get("CN_LOCK_ENABLED", "false"))
-    cloudsql_connector_enabled = as_boolean(os.environ.get("CN_SQL_CLOUDSQL_CONNECTOR_ENABLED", "false"))
 
-    for src in Path("/opt/jans/jetty/jans-auth/_libs").glob("*.jar"):
-        # skip jans-lock-service and jans-lock-model unless lock is enabled
-        if lock_enabled is False and src.name.startswith("jans-lock"):
-            continue
-
-        # skip Cloud SQL JDBC Socket Factory JARs unless connector is enabled
-        if cloudsql_connector_enabled is False and (
-            src.name.startswith("mysql-socket-factory") or
-            src.name.startswith("postgres-socket-factory")
-        ):
-            continue
+    if not lock_enabled:
+        return
 
+    for src in Path("/opt/jans/jetty/jans-auth/_libs").glob("jans-lock*.jar"):
         dst = f"/opt/jans/jetty/jans-auth/custom/libs/{src.name}"
         shutil.copyfile(src, dst)
 

docker-jans-casa/Dockerfile

@@ -206,6 +206,17 @@ LABEL org.opencontainers.image.url="ghcr.io/janssenproject/jans/casa" \
     org.opencontainers.image.title="Janssen Casa" \
     org.opencontainers.image.description="Self-service portal for people to manage their account security preferences in the Janssen, like 2FA"
 
+# ===========
+# Custom libs
+# ===========
+
+ARG CLOUDSQL_SOCKET_FACTORY_VERSION=1.27.0
+
+# Download Cloud SQL JDBC Socket Factory JARs directly to custom/libs (always available)
+RUN mkdir -p ${JETTY_BASE}/jans-casa/custom/libs \
+    && wget -q https://repo1.maven.org/maven2/com/google/cloud/sql/mysql-socket-factory-connector-j-8/${CLOUDSQL_SOCKET_FACTORY_VERSION}/mysql-socket-factory-connector-j-8-${CLOUDSQL_SOCKET_FACTORY_VERSION}.jar -P ${JETTY_BASE}/jans-casa/custom/libs/ \
+    && wget -q https://repo1.maven.org/maven2/com/google/cloud/sql/postgres-socket-factory/${CLOUDSQL_SOCKET_FACTORY_VERSION}/postgres-socket-factory-${CLOUDSQL_SOCKET_FACTORY_VERSION}.jar -P ${JETTY_BASE}/jans-casa/custom/libs/
+
 RUN mkdir -p /opt/jans/python/libs \
     ${JETTY_BASE}/jans-casa/static \
     ${JETTY_BASE}/jans-casa/plugins \

docker-jans-casa/templates/jans-mysql.properties

@@ -1,6 +1,6 @@
 db.schema.name=%(rdbm_schema)s
 
-connection.uri=jdbc:mysql://%(rdbm_host)s:%(rdbm_port)s/%(rdbm_db)s?enabledTLSProtocols=TLSv1.2
+connection.uri=%(rdbm_connection_uri)s
 
 connection.driver-property.serverTimezone=%(server_time_zone)s
 # Prefix connection.driver-property.key=value will be coverterd to key=value JDBC driver properties

docker-jans-casa/templates/jans-pgsql.properties

@@ -1,6 +1,6 @@
 db.schema.name=%(rdbm_schema)s
 
-connection.uri=jdbc:postgresql://%(rdbm_host)s:%(rdbm_port)s/%(rdbm_db)s
+connection.uri=%(rdbm_connection_uri)s
 
 # Prefix connection.driver-property.key=value will be coverterd to key=value JDBC driver properties
 #connection.driver-property.driverProperty=driverPropertyValu

docker-jans-config-api/Dockerfile

@@ -232,8 +232,18 @@ LABEL org.opencontainers.image.url="ghcr.io/janssenproject/jans/config-api" \
     org.opencontainers.image.title="Janssen Config API" \
     org.opencontainers.image.description=""
 
+# ===========
+# Custom libs
+# ===========
+
+ARG CLOUDSQL_SOCKET_FACTORY_VERSION=1.27.0
+
+# Download Cloud SQL JDBC Socket Factory JARs directly to custom/libs (always available)
+RUN mkdir -p ${JETTY_BASE}/jans-config-api/custom/libs \
+    && wget -q https://repo1.maven.org/maven2/com/google/cloud/sql/mysql-socket-factory-connector-j-8/${CLOUDSQL_SOCKET_FACTORY_VERSION}/mysql-socket-factory-connector-j-8-${CLOUDSQL_SOCKET_FACTORY_VERSION}.jar -P ${JETTY_BASE}/jans-config-api/custom/libs/ \
+    && wget -q https://repo1.maven.org/maven2/com/google/cloud/sql/postgres-socket-factory/${CLOUDSQL_SOCKET_FACTORY_VERSION}/postgres-socket-factory-${CLOUDSQL_SOCKET_FACTORY_VERSION}.jar -P ${JETTY_BASE}/jans-config-api/custom/libs/
+
 RUN mkdir -p /etc/certs \
-    ${JETTY_BASE}/jans-config-api/custom/libs \
     ${JETTY_BASE}/jans-config-api/custom/config/adminUI \
     ${JETTY_BASE}/jans-config-api/logs \
     ${JETTY_BASE}/common/libs \

docker-jans-config-api/templates/jans-mysql.properties

@@ -1,6 +1,6 @@
 db.schema.name=%(rdbm_schema)s
 
-connection.uri=jdbc:mysql://%(rdbm_host)s:%(rdbm_port)s/%(rdbm_db)s?enabledTLSProtocols=TLSv1.2
+connection.uri=%(rdbm_connection_uri)s
 
 connection.driver-property.serverTimezone=%(server_time_zone)s
 # Prefix connection.driver-property.key=value will be coverterd to key=value JDBC driver properties

docker-jans-config-api/templates/jans-pgsql.properties

@@ -1,6 +1,6 @@
 db.schema.name=%(rdbm_schema)s
 
-connection.uri=jdbc:postgresql://%(rdbm_host)s:%(rdbm_port)s/%(rdbm_db)s
+connection.uri=%(rdbm_connection_uri)s
 
 # Prefix connection.driver-property.key=value will be coverterd to key=value JDBC driver properties
 #connection.driver-property.driverProperty=driverPropertyValu

docker-jans-fido2/Dockerfile

@@ -209,9 +209,19 @@ LABEL org.opencontainers.image.url="ghcr.io/janssenproject/jans/fido2" \
     org.opencontainers.image.title="Janssen FIDO2" \
     org.opencontainers.image.description="FIDO2 server"
 
+# ===========
+# Custom libs
+# ===========
+
+ARG CLOUDSQL_SOCKET_FACTORY_VERSION=1.27.0
+
+# Download Cloud SQL JDBC Socket Factory JARs directly to custom/libs (always available)
+RUN mkdir -p ${JETTY_BASE}/jans-fido2/custom/libs \
+    && wget -q https://repo1.maven.org/maven2/com/google/cloud/sql/mysql-socket-factory-connector-j-8/${CLOUDSQL_SOCKET_FACTORY_VERSION}/mysql-socket-factory-connector-j-8-${CLOUDSQL_SOCKET_FACTORY_VERSION}.jar -P ${JETTY_BASE}/jans-fido2/custom/libs/ \
+    && wget -q https://repo1.maven.org/maven2/com/google/cloud/sql/postgres-socket-factory/${CLOUDSQL_SOCKET_FACTORY_VERSION}/postgres-socket-factory-${CLOUDSQL_SOCKET_FACTORY_VERSION}.jar -P ${JETTY_BASE}/jans-fido2/custom/libs/
+
 RUN mkdir -p /etc/certs \
     ${JETTY_BASE}/jans-fido2/logs \
-    ${JETTY_BASE}/jans-fido2/custom/libs \
     ${JETTY_BASE}/common/libs \
     ${JETTY_HOME}/temp \
     /usr/share/java

docker-jans-fido2/templates/jans-mysql.properties

@@ -1,6 +1,6 @@
 db.schema.name=%(rdbm_schema)s
 
-connection.uri=jdbc:mysql://%(rdbm_host)s:%(rdbm_port)s/%(rdbm_db)s?enabledTLSProtocols=TLSv1.2
+connection.uri=%(rdbm_connection_uri)s
 
 connection.driver-property.serverTimezone=%(server_time_zone)s
 # Prefix connection.driver-property.key=value will be coverterd to key=value JDBC driver properties