merge: branch 'main' into jans-cedarling-per-lang-examples

Signed-off-by: rmarinn <[email protected]>

Author: rmarinn

.github/workflows/build-docker-image.yml

@@ -57,7 +57,7 @@ jobs:
           egress-policy: audit
 
       - name: Install Cosign
-        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
+        uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
 
       - name: Checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -167,7 +167,7 @@ jobs:
       # UPDATE BUILD DATES INSIDE THE DOCKERFILE BEFORE BUILDING THE DEV IMAGES TRIGGERED BY JENKINS
       - name: Setup Python 3.10
         if: github.event_name == 'workflow_dispatch' && ${{ matrix.docker-images }} != 'loadtesting-jmeter'
-        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
         with:
           python-version: "3.10"
 
@@ -190,7 +190,7 @@ jobs:
 
       - name: Set up QEMU
         if: steps.build_docker_image.outputs.build && steps.prep.outputs.build
-        uses: docker/setup-qemu-action@5306bad0baa6b616b9934712d4eba8da2112606d # master
+        uses: docker/setup-qemu-action@737ba1e397ec2caff0d098f75e1136f9a926dc0a # master
         with:
           image: tonistiigi/binfmt:master
           platforms: all

.github/workflows/build-docs.yml

@@ -51,7 +51,7 @@ jobs:
           token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }}
 
       - name: Set up Python 3.10
-        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
         with:
           python-version: "3.10"
           cache: pip

.github/workflows/build-packages.yml

@@ -126,7 +126,7 @@ jobs:
          sudo ./run-build.sh
 
     - name: Install Cosign
-      uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
+      uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
 
     - name: Sign package
       id: sign_package
@@ -208,7 +208,7 @@ jobs:
           mv jans-cli-tui.pyz jans-cli-tui-linux-suse-X86-64.pyz
           sha256sum jans-cli-tui-linux-suse-X86-64.pyz > jans-cli-tui-linux-suse-X86-64.pyz.sha256sum
     - name: Set up Python 3.8
-      uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+      uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
       with:
         python-version: 3.8
     - name: Build with Ubuntu
@@ -398,7 +398,7 @@ jobs:
         git_user_signingkey: true
         git_commit_gpgsign: true
 
-    - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+    - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
     - uses: PyO3/maturin-action@ea5bac0f1ccd0ab11c805e2b804bfcb65dac2eab # v1.45.0
       with:
         working-directory: ${{ github.workspace }}/jans-cedarling/bindings/cedarling_python
@@ -546,3 +546,120 @@ jobs:
         gpg --armor --detach-sign cedarling-krakend-arm64-"${{ env.KRAKEND_BUILDER_IMAGE }}"-"${{ env.TAG }}".so || echo "Failed to sign"
         echo "${{ secrets.MOAUTO_WORKFLOW_TOKEN }}" | gh auth login --with-token
         gh release upload "${{ env.VERSION }}" *.so *.sha256sum *.asc
+  build_cedarling_go:
+    if: github.repository == 'JanssenProject/jans'
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        name: [ubuntu22, mac, windows]
+        include:
+          - name: ubuntu22
+            os: ubuntu-22.04
+          - name: mac
+            os: macos-15
+          - name: windows
+            os: windows-2025
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        with:
+          egress-policy: audit
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Import GPG key
+        id: import_gpg
+        continue-on-error: true
+        uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
+        with:
+          gpg_private_key: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY_PASSPHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+      - name: Install Golang dependencies
+        uses: actions/setup-go@v5
+        with:
+            go-version: '1.24'
+      - name: Build rust artifacts linux
+        working-directory: ${{ github.workspace }}/jans-cedarling/bindings/cedarling_go
+        if: matrix.name == 'ubuntu22'
+        run: |
+          rustup update stable && rustup default stable
+          TAG=$(echo ${{ github.event.ref }} | cut -d '/' -f 3 | sed 's/^v//')
+          VERSION="$(echo ${{ github.event.ref }} | cut -d '/' -f 3)"
+          if [ "${TAG}" == "nightly" ]; then
+            VERSION=nightly
+            TAG="0.0.0"
+          fi
+          cargo build -r -p cedarling_go
+          cp ../../target/release/libcedarling_go.so libcedarling_go-${TAG}.so
+      - name: Build rust artifacts mac
+        working-directory: ${{ github.workspace }}/jans-cedarling/bindings/cedarling_go
+        if: matrix.name == 'mac'
+        run: |
+          brew install rustup
+          rustup update stable && rustup default stable
+          TAG=$(echo ${{ github.event.ref }} | cut -d '/' -f 3 | sed 's/^v//')
+          VERSION="$(echo ${{ github.event.ref }} | cut -d '/' -f 3)"
+          if [ "${TAG}" == "nightly" ]; then
+            VERSION=nightly
+            TAG="0.0.0"
+          fi
+          cargo build -r -p cedarling_go
+          cp ../../target/release/libcedarling_go.dylib libcedarling_go-${TAG}.dylib
+      - name: Build rust artifacts windows
+        working-directory: ${{ github.workspace }}/jans-cedarling/bindings/cedarling_go
+        if: matrix.name == 'windows'
+        shell: bash
+        run: |
+          choco install rustup.install
+          rustup update stable && rustup default stable
+          TAG=$(echo ${{ github.event.ref }} | cut -d '/' -f 3 | sed 's/^v//')
+          VERSION="$(echo ${{ github.event.ref }} | cut -d '/' -f 3)"
+          if [ "${TAG}" = "nightly" ]; then
+            VERSION=nightly
+            TAG="0.0.0"
+          fi
+          cargo build -r -p cedarling_go
+          cp ../../target/release/cedarling_go.dll cedarling_go-${TAG}.dll
+          cp ../../target/release/cedarling_go.dll.lib cedarling_go-${TAG}.lib
+
+      - name: Generate sha256sum and sign
+        working-directory: ${{ github.workspace }}/jans-cedarling/bindings/cedarling_go
+        shell: bash
+        run: |
+          TAG=$(echo ${{ github.event.ref }} | cut -d '/' -f 3 | sed 's/^v//')
+          VERSION="$(echo ${{ github.event.ref }} | cut -d '/' -f 3)"
+          if [ "${TAG}" = "nightly" ]; then
+            VERSION=nightly
+            TAG="0.0.0"
+          fi
+          
+          case "${{ matrix.name }}" in
+            ubuntu22)
+              FILE="libcedarling_go-${TAG}.so"
+              ;;
+            mac)
+              FILE="libcedarling_go-${TAG}.dylib"
+              ;;
+            windows)
+              FILE="cedarling_go-${TAG}.dll"
+              FILE_LIB="cedarling_go-${TAG}.lib"
+              ;;
+          esac
+          
+          sha256sum $FILE >> $FILE.sha256sum
+          gpg --armor --detach-sign $FILE || echo "Failed to sign"
+          gpg --armor --detach-sign $FILE.sha256sum || echo "Failed to sign"
+          
+          if [ -n "$FILE_LIB" ]; then
+            sha256sum $FILE_LIB >> $FILE_LIB.sha256sum
+            gpg --armor --detach-sign $FILE_LIB || echo "Failed to sign"
+            gpg --armor --detach-sign $FILE_LIB.sha256sum || echo "Failed to sign"
+          fi
+          
+          echo "${{ secrets.MOAUTO_WORKFLOW_TOKEN }}" | gh auth login --with-token
+          gh release upload "${VERSION}" $FILE $FILE.sha256sum $FILE.asc
+          
+          if [ -n "$FILE_LIB" ]; then
+            gh release upload "${VERSION}" $FILE_LIB $FILE_LIB.sha256sum $FILE_LIB.asc
+          fi

.github/workflows/lint-flak8.yml

@@ -38,7 +38,7 @@ jobs:
 
     - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
     - name: Set up Python 3.8
-      uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+      uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
       with:
         python-version: 3.8
     - name: Install dependencies

.github/workflows/ops-docs.yml

@@ -72,7 +72,7 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Python 3.10
-        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
         with:
           python-version: "3.10"
 

.github/workflows/ops-label-pr-issues.yml

@@ -32,7 +32,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up Python 3.10
-        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
         with:
           python-version: "3.10"
 

.github/workflows/ops-sync-tf.yml

@@ -29,7 +29,7 @@ jobs:
       uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
     - name: Set up Python 3.8
-      uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+      uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
       with:
         python-version: 3.8
 

.github/workflows/test-cedarling.yml

@@ -64,7 +64,7 @@ jobs:
         egress-policy: audit
     - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
     - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+      uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
       with:
         python-version: ${{ matrix.python-version }}
     - name: Install dependencies
@@ -75,3 +75,31 @@ jobs:
       working-directory: jans-cedarling/bindings/cedarling_python
       run: |
         tox
+  golang_tests:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+      with:
+        egress-policy: audit
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+    - name: Install Rust
+      uses: dtolnay/rust-toolchain@1ff72ee08e3cb84d84adba594e0a297990fc1ed3 # stable
+    - name: Install Golang dependencies
+      uses: actions/setup-go@v5
+      with:
+          go-version: '1.24'
+    - name: Run build rust artifacts
+      working-directory: jans-cedarling/bindings/cedarling_go
+      run: |
+        cargo build -r -p cedarling_go
+        cp "../../target/release/libcedarling_go.so" "."
+    - name: Install Go dependencies
+      working-directory: jans-cedarling/bindings/cedarling_go
+      run: |
+        go mod download && go mod tidy
+    - name: Run golang tests
+      working-directory: jans-cedarling/bindings/cedarling_go
+      run: |
+        export LD_LIBRARY_PATH="$(pwd):${LD_LIBRARY_PATH}"
+        go test .

.github/workflows/test-jans-pycloudlib.yml

@@ -36,7 +36,7 @@ jobs:
 
     - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
     - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+      uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
       with:
         python-version: ${{ matrix.python-version }}
     - name: Install dependencies

automation/startjanssendemo.sh

@@ -36,9 +36,6 @@ if [[ -z $EXT_IP ]]; then
 fi
 
 sudo apt-get update
-sudo apt-get install python3-pip -y
-sudo pip3 install requests --upgrade
-sudo pip3 install shiv
 sudo snap install microk8s --classic
 sudo microk8s.status --wait-ready
 sudo microk8s.enable dns registry ingress hostpath-storage helm3
@@ -193,4 +190,4 @@ EOF
 echo "Waiting for Janssen to come up. Please do not cancel out. This can take up to 5 minutes."
 sudo microk8s.kubectl -n jans wait --for=condition=available --timeout=300s deploy/janssen-auth-server --kubeconfig="$KUBECONFIG" || echo "auth-server deployment is not ready. Running tests anyways..."
 sudo bash testendpoints.sh
-echo -e "You may re-execute the command 'bash testendpoints.sh' to do a quick test to check the openid-configuration endpoint."
+echo -e "You may re-execute the command 'bash testendpoints.sh' to do a quick test to check the openid-configuration endpoint."

automation/startjanssenmonolithdemo.sh

@@ -19,6 +19,10 @@ if [[ -z $EXT_IP ]]; then
   EXT_IP=$(curl ipinfo.io/ip)
 fi
 
+if [[ -z $JANS_BUILD_COMMIT ]]; then
+  JANS_BUILD_COMMIT="main"
+fi
+
 wait_for_services() {
   code=404
   while [[ "$code" != "200" ]]; do
@@ -58,9 +62,7 @@ git clone --filter blob:none --no-checkout https://github.com/JanssenProject/jan
 
 # -- Parse compose and docker file
 sudo apt-get update
-sudo python3 -m pip install --upgrade pip
-pip3 install setuptools --upgrade
-pip3 install dockerfile-parse ruamel.yaml
+PIP_BREAK_SYSTEM_PACKAGES=1 pip3 install dockerfile-parse ruamel.yaml
 
 python3 -c "from dockerfile_parse import DockerfileParser ; dfparser = DockerfileParser('/tmp/jans/docker-jans-monolith') ; dfparser.envs['CN_HOSTNAME'] = '$JANS_FQDN'"
 # switching to version defined by JANS_BUILD_COMMIT

demos/benchmarking/docker-jans-loadtesting-jmeter/Dockerfile

@@ -1,5 +1,5 @@
 # FROM blazemeter/taurus:master-f96971fa-2022-12-12
-FROM blazemeter/taurus:1.16.40@sha256:aa22ab6b42d24ec87ea9f68e4d6db9118619eecf69db76c1c0711f3515897780
+FROM blazemeter/taurus:1.16.41@sha256:e346b19420ca1d4e303a426172fef6611675e1a7e2a5a0327eb4c99ed08e5d97
 
 # ===============
 # Ubuntu packages

demos/janssen-tarp/README.md

@@ -56,7 +56,7 @@ When you are testing Janssen IdP with self-signed cert then follow below steps b
 
 ## Testing using Janssen Tarp
 
-* Setup Jans-Tarp. [Instructions](https://github.com/JanssenProject/jans/tree/main/demos/janssen-tarp)
+* Setup Janssen-Tarp. [Instructions](https://github.com/JanssenProject/jans/tree/main/demos/janssen-tarp)
 * Configuration to run Agama flow
 * Add Your Jans Auth server host , Client expiry date, Scopes and click on `Register` client. It will register new OP Client on your Auth server.
 

demos/janssen-tarp/src/options/addCedarlingConfig.tsx

@@ -182,7 +182,7 @@ export default function AddCedarlingConfig({ isOpen, handleDialog, newData }) {
             {(!!errorMessage || errorMessage !== '') ?
               <Alert severity="error">{errorMessage}</Alert> : ''
             }
-            <div style={{ display: 'flex', justifyContent: 'space-between', minWidth: '250px', maxWidth: 'min(600px, 90vw)' }}>
+            <div style={{ display: 'flex', justifyContent: 'space-between', maxWidth: 'min(600px, 90vw)' }}>
               <RadioGroup
                 row
                 aria-labelledby="demo-row-radio-buttons-group-label"

demos/janssen-tarp/src/options/cedarling.tsx

@@ -99,6 +99,11 @@ export default function CedarlingMgmt({ data, notifyOnDataChange, isLoggedIn })
     const [modelOpen, setModelOpen] = React.useState(false);
     const [drawerOpen, setDrawerOpen] = React.useState(false);
     const [screenType, setScreenType] = React.useState("config");
+    const [cedarlingConfig, setCedarlingConfig] = React.useState([]);
+
+    React.useEffect(() => { 
+        setCedarlingConfig(data?.cedarlingConfig)
+    }, [data])
 
     const handleDialog = (isOpen) => {
         setModelOpen(isOpen);
@@ -122,12 +127,12 @@ export default function CedarlingMgmt({ data, notifyOnDataChange, isLoggedIn })
                 <HelpDrawer isOpen={drawerOpen} handleDrawer={handleDrawer} />
                 <Stack direction="column" spacing={2} sx={{ mb: 1 }}>
                     <Stack direction="row" spacing={2} sx={{ mb: 1 }} style={{ display: 'flex', justifyContent: 'flex-end' }}>
-                        {(data === undefined || data?.length == 0) ?
+                        {(cedarlingConfig === undefined || cedarlingConfig?.length == 0) ?
                             <Button color="success" variant="outlined" startIcon={<AddIcon />} onClick={() => setModelOpen(true)} style={{ maxWidth: '200px' }}>
                                 Add Configurations
                             </Button> : ''}
                     </Stack>
-                    {(data === undefined || data?.length == 0) ? '' :
+                    {(cedarlingConfig === undefined || cedarlingConfig?.length == 0) ? '' :
                         <Box maxWidth="md">
                             <ToggleButtonGroup
                                 color="primary"
@@ -155,14 +160,14 @@ export default function CedarlingMgmt({ data, notifyOnDataChange, isLoggedIn })
                                     </TableRow>
                                 </TableHead>
                                 <TableBody>
-                                    {(data === undefined || data?.length == 0) ?
+                                    {(cedarlingConfig === undefined || cedarlingConfig?.length == 0) ?
                                         <TableCell colSpan={6}><Alert severity="warning">No Records to show.</Alert></TableCell> :
-                                        data.map((row, index) => (<Row key={index} row={row} notifyOnDataChange={notifyOnDataChange} />))
+                                        cedarlingConfig.map((row, index) => (<Row key={index} row={row} notifyOnDataChange={notifyOnDataChange} />))
                                     }
                                 </TableBody>
                             </Table>
                         </TableContainer>)}
-                        {(data === undefined || data?.length == 0) ? '' :
+                        {(cedarlingConfig === undefined || cedarlingConfig?.length == 0) ? '' :
                             (
                                 <>
                                     {screenType === 'unsignedAuthz' &&