diff --git a/README.MD b/README.MD
index 7c167c9..aa2eb85 100644
--- a/README.MD
+++ b/README.MD
@@ -183,6 +183,7 @@ cd /export/data
sqlite3 cas.db
```
+[//]: # (todo:这部分要修改)
- **cas的service**
- authorization_code | client_credentials | device_flow模式:
```txt
diff --git a/apereo-cas/.dockerignore b/apereo-cas/.dockerignore
deleted file mode 100644
index 5e04587..0000000
--- a/apereo-cas/.dockerignore
+++ /dev/null
@@ -1,7 +0,0 @@
-target/**
-build/**
-bin/**
-.idea/**
-.history/**
-.github/**
-.git/**
diff --git a/apereo-cas/.gitattributes b/apereo-cas/.gitattributes
deleted file mode 100644
index 8fc5677..0000000
--- a/apereo-cas/.gitattributes
+++ /dev/null
@@ -1,6 +0,0 @@
-# Set line endings to LF, even on Windows. Otherwise, execution within Docker fails.
-# See https://help.github.com/articles/dealing-with-line-endings/
-*.sh text eol=lf
-gradlew text eol=lf
-*.cmd text eol=crlf
-*.bat text eol=crlf
diff --git a/apereo-cas/.gitignore b/apereo-cas/.gitignore
deleted file mode 100644
index 5c6b8cf..0000000
--- a/apereo-cas/.gitignore
+++ /dev/null
@@ -1,48 +0,0 @@
-
-### STS ###
-.apt_generated
-.classpath
-.factorypath
-.project
-.settings
-.springBeans
-.sts4-cache
-
-### IntelliJ IDEA ###
-.idea
-*.iws
-*.iml
-*.ipr
-
-### NetBeans ###
-/nbproject/private/
-/nbbuild/
-/dist/
-/nbdist/
-/.nb-gradle/
-
-### VS Code ###
-.vscode/
-.classpath
-!/.project
-.project
-.settings
-.history
-.vscode
-target/
-.idea/
-.DS_Store
-.idea
-overlays/
-.gradle/
-build/
-log/
-bin/
-*.war
-*.iml
-*.log
-tmp/
-.java-version
-./apache-tomcat
-apache-tomcat.zip
-config-metadata.properties
diff --git a/apereo-cas/Dockerfile b/apereo-cas/Dockerfile
deleted file mode 100644
index 5047d53..0000000
--- a/apereo-cas/Dockerfile
+++ /dev/null
@@ -1,45 +0,0 @@
-FROM eclipse-temurin:11-jdk AS overlay
-
-RUN mkdir -p cas-overlay
-COPY ./src cas-overlay/src/
-COPY ./gradle/ cas-overlay/gradle/
-COPY ./gradlew ./settings.gradle ./build.gradle ./gradle.properties ./lombok.config /cas-overlay/
-
-RUN mkdir -p ~/.gradle \
- && echo "org.gradle.daemon=false" >> ~/.gradle/gradle.properties \
- && echo "org.gradle.configureondemand=true" >> ~/.gradle/gradle.properties \
- && cd cas-overlay \
- && chmod 750 ./gradlew \
- && ./gradlew --version;
-
-RUN cd cas-overlay \
- && ./gradlew clean build --parallel --no-daemon;
-
-FROM eclipse-temurin:11-jdk AS cas
-
-LABEL "Organization"="Apereo"
-LABEL "Description"="Apereo CAS"
-
-# 安装 sqlite3
-RUN apt-get update \
- && apt-get install -y --no-install-recommends sqlite3 \
- && rm -rf /var/lib/apt/lists/*
-
-RUN cd / \
- && mkdir -p /etc/cas/config \
- && mkdir -p /etc/cas/services \
- && mkdir -p /etc/cas/saml \
- && mkdir -p cas-overlay;
-
-COPY --from=overlay cas-overlay/build/libs/cas.war cas-overlay/
-COPY etc/cas/ /etc/cas/
-COPY etc/cas/config/ /etc/cas/config/
-COPY etc/cas/services/ /etc/cas/services/
-COPY etc/cas/saml/ /etc/cas/saml/
-
-EXPOSE 8080 8443
-
-ENV PATH $PATH:$JAVA_HOME/bin:.
-
-WORKDIR cas-overlay
-ENTRYPOINT ["java", "-server", "-noverify", "-Xmx2048M", "-jar", "cas.war"]
diff --git a/apereo-cas/LICENSE.txt b/apereo-cas/LICENSE.txt
deleted file mode 100644
index d645695..0000000
--- a/apereo-cas/LICENSE.txt
+++ /dev/null
@@ -1,202 +0,0 @@
-
- Apache License
- Version 2.0, January 2004
- http://www.apache.org/licenses/
-
- TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
- 1. Definitions.
-
- "License" shall mean the terms and conditions for use, reproduction,
- and distribution as defined by Sections 1 through 9 of this document.
-
- "Licensor" shall mean the copyright owner or entity authorized by
- the copyright owner that is granting the License.
-
- "Legal Entity" shall mean the union of the acting entity and all
- other entities that control, are controlled by, or are under common
- control with that entity. For the purposes of this definition,
- "control" means (i) the power, direct or indirect, to cause the
- direction or management of such entity, whether by contract or
- otherwise, or (ii) ownership of fifty percent (50%) or more of the
- outstanding shares, or (iii) beneficial ownership of such entity.
-
- "You" (or "Your") shall mean an individual or Legal Entity
- exercising permissions granted by this License.
-
- "Source" form shall mean the preferred form for making modifications,
- including but not limited to software source code, documentation
- source, and configuration files.
-
- "Object" form shall mean any form resulting from mechanical
- transformation or translation of a Source form, including but
- not limited to compiled object code, generated documentation,
- and conversions to other media types.
-
- "Work" shall mean the work of authorship, whether in Source or
- Object form, made available under the License, as indicated by a
- copyright notice that is included in or attached to the work
- (an example is provided in the Appendix below).
-
- "Derivative Works" shall mean any work, whether in Source or Object
- form, that is based on (or derived from) the Work and for which the
- editorial revisions, annotations, elaborations, or other modifications
- represent, as a whole, an original work of authorship. For the purposes
- of this License, Derivative Works shall not include works that remain
- separable from, or merely link (or bind by name) to the interfaces of,
- the Work and Derivative Works thereof.
-
- "Contribution" shall mean any work of authorship, including
- the original version of the Work and any modifications or additions
- to that Work or Derivative Works thereof, that is intentionally
- submitted to Licensor for inclusion in the Work by the copyright owner
- or by an individual or Legal Entity authorized to submit on behalf of
- the copyright owner. For the purposes of this definition, "submitted"
- means any form of electronic, verbal, or written communication sent
- to the Licensor or its representatives, including but not limited to
- communication on electronic mailing lists, source code control systems,
- and issue tracking systems that are managed by, or on behalf of, the
- Licensor for the purpose of discussing and improving the Work, but
- excluding communication that is conspicuously marked or otherwise
- designated in writing by the copyright owner as "Not a Contribution."
-
- "Contributor" shall mean Licensor and any individual or Legal Entity
- on behalf of whom a Contribution has been received by Licensor and
- subsequently incorporated within the Work.
-
- 2. Grant of Copyright License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- copyright license to reproduce, prepare Derivative Works of,
- publicly display, publicly perform, sublicense, and distribute the
- Work and such Derivative Works in Source or Object form.
-
- 3. Grant of Patent License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- (except as stated in this section) patent license to make, have made,
- use, offer to sell, sell, import, and otherwise transfer the Work,
- where such license applies only to those patent claims licensable
- by such Contributor that are necessarily infringed by their
- Contribution(s) alone or by combination of their Contribution(s)
- with the Work to which such Contribution(s) was submitted. If You
- institute patent litigation against any entity (including a
- cross-claim or counterclaim in a lawsuit) alleging that the Work
- or a Contribution incorporated within the Work constitutes direct
- or contributory patent infringement, then any patent licenses
- granted to You under this License for that Work shall terminate
- as of the date such litigation is filed.
-
- 4. Redistribution. You may reproduce and distribute copies of the
- Work or Derivative Works thereof in any medium, with or without
- modifications, and in Source or Object form, provided that You
- meet the following conditions:
-
- (a) You must give any other recipients of the Work or
- Derivative Works a copy of this License; and
-
- (b) You must cause any modified files to carry prominent notices
- stating that You changed the files; and
-
- (c) You must retain, in the Source form of any Derivative Works
- that You distribute, all copyright, patent, trademark, and
- attribution notices from the Source form of the Work,
- excluding those notices that do not pertain to any part of
- the Derivative Works; and
-
- (d) If the Work includes a "NOTICE" text file as part of its
- distribution, then any Derivative Works that You distribute must
- include a readable copy of the attribution notices contained
- within such NOTICE file, excluding those notices that do not
- pertain to any part of the Derivative Works, in at least one
- of the following places: within a NOTICE text file distributed
- as part of the Derivative Works; within the Source form or
- documentation, if provided along with the Derivative Works; or,
- within a display generated by the Derivative Works, if and
- wherever such third-party notices normally appear. The contents
- of the NOTICE file are for informational purposes only and
- do not modify the License. You may add Your own attribution
- notices within Derivative Works that You distribute, alongside
- or as an addendum to the NOTICE text from the Work, provided
- that such additional attribution notices cannot be construed
- as modifying the License.
-
- You may add Your own copyright statement to Your modifications and
- may provide additional or different license terms and conditions
- for use, reproduction, or distribution of Your modifications, or
- for any such Derivative Works as a whole, provided Your use,
- reproduction, and distribution of the Work otherwise complies with
- the conditions stated in this License.
-
- 5. Submission of Contributions. Unless You explicitly state otherwise,
- any Contribution intentionally submitted for inclusion in the Work
- by You to the Licensor shall be under the terms and conditions of
- this License, without any additional terms or conditions.
- Notwithstanding the above, nothing herein shall supersede or modify
- the terms of any separate license agreement you may have executed
- with Licensor regarding such Contributions.
-
- 6. Trademarks. This License does not grant permission to use the trade
- names, trademarks, service marks, or product names of the Licensor,
- except as required for reasonable and customary use in describing the
- origin of the Work and reproducing the content of the NOTICE file.
-
- 7. Disclaimer of Warranty. Unless required by applicable law or
- agreed to in writing, Licensor provides the Work (and each
- Contributor provides its Contributions) on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- implied, including, without limitation, any warranties or conditions
- of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
- PARTICULAR PURPOSE. You are solely responsible for determining the
- appropriateness of using or redistributing the Work and assume any
- risks associated with Your exercise of permissions under this License.
-
- 8. Limitation of Liability. In no event and under no legal theory,
- whether in tort (including negligence), contract, or otherwise,
- unless required by applicable law (such as deliberate and grossly
- negligent acts) or agreed to in writing, shall any Contributor be
- liable to You for damages, including any direct, indirect, special,
- incidental, or consequential damages of any character arising as a
- result of this License or out of the use or inability to use the
- Work (including but not limited to damages for loss of goodwill,
- work stoppage, computer failure or malfunction, or any and all
- other commercial damages or losses), even if such Contributor
- has been advised of the possibility of such damages.
-
- 9. Accepting Warranty or Additional Liability. While redistributing
- the Work or Derivative Works thereof, You may choose to offer,
- and charge a fee for, acceptance of support, warranty, indemnity,
- or other liability obligations and/or rights consistent with this
- License. However, in accepting such obligations, You may act only
- on Your own behalf and on Your sole responsibility, not on behalf
- of any other Contributor, and only if You agree to indemnify,
- defend, and hold each Contributor harmless for any liability
- incurred by, or claims asserted against, such Contributor by reason
- of your accepting any such warranty or additional liability.
-
- END OF TERMS AND CONDITIONS
-
- APPENDIX: How to apply the Apache License to your work.
-
- To apply the Apache License to your work, attach the following
- boilerplate notice, with the fields enclosed by brackets "[]"
- replaced with your own identifying information. (Don't include
- the brackets!) The text should be enclosed in the appropriate
- comment syntax for the file format. We also recommend that a
- file or class name and description of purpose be included on the
- same "printed page" as the copyright notice for easier
- identification within third-party archives.
-
- Copyright [yyyy] [name of copyright owner]
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
diff --git a/apereo-cas/Procfile b/apereo-cas/Procfile
deleted file mode 100644
index 2c732c3..0000000
--- a/apereo-cas/Procfile
+++ /dev/null
@@ -1 +0,0 @@
-web: java $JAVA_OPTS -jar build/libs/cas.war --server.port=$PORT --server.ssl.enabled=false
diff --git a/apereo-cas/README.md b/apereo-cas/README.md
deleted file mode 100644
index a55ff94..0000000
--- a/apereo-cas/README.md
+++ /dev/null
@@ -1,231 +0,0 @@
-# IMPORTANT NOTE
******************************************************
This repository is always automatically generated from the CAS Initializr. Do NOT submit pull requests here as the change-set will be overwritten on the next sync.To learn more, please visit the [CAS documentation](https://apereo.github.io/cas).
******************************************************
-Apereo CAS WAR Overlay Template
-=====================================
-
-WAR Overlay Type: `cas-overlay`
-
-# Versions
-
-
-- CAS Server `6.5.9`
-- JDK `11`
-
-# Build
-
-To build the project, use:
-
-```bash
-# Use --refresh-dependencies to force-update SNAPSHOT versions
-./gradlew[.bat] clean build
-```
-
-To see what commands/tasks are available to the build script, run:
-
-```bash
-./gradlew[.bat] tasks
-```
-
-If you need to, on Linux/Unix systems, you can delete all the existing artifacts
-(artifacts and metadata) Gradle has downloaded using:
-
-```bash
-# Only do this when absolutely necessary
-rm -rf $HOME/.gradle/caches/
-```
-
-Same strategy applies to Windows too, provided you switch `$HOME` to its equivalent in the above command.
-
-# Keystore
-
-For the server to run successfully, you might need to create a keystore file.
-This can either be done using the JDK's `keytool` utility or via the following command:
-
-```bash
-./gradlew[.bat] createKeystore
-```
-
-Use the password `changeit` for both the keystore and the key/certificate entries.
-Ensure the keystore is loaded up with keys and certificates of the server.
-
-## Extension Modules
-
-Extension modules may be specified under the `dependencies` block of the [Gradle build script](build.gradle):
-
-```gradle
-dependencies {
- implementation "org.apereo.cas:cas-server-some-module"
- ...
-}
-```
-
-To collect the list of all project modules and dependencies in the overlay:
-
-```bash
-./gradlew[.bat] dependencies
-```
-
-To see a full list of all project dependencies that are available for configuration and use:
-
-```bash
-curl https://localhost:8080/dependencies
-```
-
-Or:
-
-```bash
-curl https://localhost:8080/actuator/info
-```
-
-# Deployment
-
-On a successful deployment via the following methods, the server will be available at:
-
-
-* `https://localhost:8443/cas`
-
-
-
-
-## Executable WAR
-
-Run the server web application as an executable WAR. Note that running an executable WAR requires CAS to use an embedded container such as Apache Tomcat, Jetty, etc.
-
-The current servlet container is specified as `-tomcat`.
-
-```bash
-java -jar build/libs/cas.war
-```
-
-Or via:
-
-```bash
-./gradlew[.bat] run
-```
-
-Debug the CAS web application as an executable WAR:
-
-```bash
-./gradlew[.bat] debug
-```
-
-Or via:
-
-```bash
-java -Xdebug -Xrunjdwp:transport=dt_socket,address=5000,server=y,suspend=y -jar build/libs/cas.war
-```
-
-Run the CAS web application as a *standalone* executable WAR:
-
-```bash
-./gradlew[.bat] clean executable
-```
-
-## External
-
-Deploy the binary web application file in `build/libs` after a successful build to a servlet container of choice.
-
-# Docker
-
-The following strategies outline how to build and deploy CAS Docker images.
-
-## Jib
-
-The overlay embraces the [Jib Gradle Plugin](https://github.com/GoogleContainerTools/jib) to provide easy-to-use out-of-the-box tooling for building CAS docker images. Jib is an open-source Java containerizer from Google that lets Java developers build containers using the tools they know. It is a container image builder that handles all the steps of packaging your application into a container image. It does not require you to write a Dockerfile or have Docker installed, and it is directly integrated into the overlay.
-
-```bash
-# Running this task requires that you have Docker installed and running.
-./gradlew build jibDockerBuild
-```
-
-## Dockerfile
-
-You can also use the native Docker tooling and the provided `Dockerfile` to build and run.
-
-```bash
-chmod +x *.sh
-./docker-build.sh
-./docker-run.sh
-```
-
-For convenience, an additional `docker-compose.yml` is also provided to orchestrate the build:
-
-```bash
-docker-compose build
-```
-
-
-# CAS Command-line Shell
-
-To launch into the CAS command-line shell:
-
-```bash
-./gradlew[.bat] downloadShell runShell
-```
-
-# Retrieve Overlay Resources
-
-To fetch and overlay a CAS resource or view, use:
-
-```bash
-./gradlew[.bat] getResource -PresourceName=[resource-name]
-```
-
-# Create User Interface Themes Structure
-
-You can use the overlay to construct the correct directory structure for custom user interface themes:
-
-```bash
-./gradlew[.bat] createTheme -Ptheme=redbeard
-```
-
-The generated directory structure should match the following:
-
-```
-├── redbeard.properties
-├── static
-│ └── themes
-│ └── redbeard
-│ ├── css
-│ │ └── cas.css
-│ └── js
-│ └── cas.js
-└── templates
- └── redbeard
- └── fragments
-```
-
-HTML templates and fragments can be moved into the above directory structure,
-and the theme may be assigned to applications for use.
-
-# List Overlay Resources
-
-To list all available CAS views and templates:
-
-```bash
-./gradlew[.bat] listTemplateViews
-```
-
-To unzip and explode the CAS web application file and the internal resources jar:
-
-```bash
-./gradlew[.bat] explodeWar
-```
-
-# Configuration
-
-- The `etc` directory contains the configuration files and directories that need to be copied to `/etc/cas/config`.
-
-```bash
-./gradlew[.bat] copyCasConfiguration
-```
-
-- The specifics of the build are controlled using the `gradle.properties` file.
-
-## Configuration Metadata
-
-Configuration metadata allows you to export collection of CAS properties as a report into a file
-that can later be examined. You will find a full list of CAS settings along with notes, types, default and accepted values:
-
-```bash
-./gradlew exportConfigMetadata
-```
diff --git a/apereo-cas/build.gradle b/apereo-cas/build.gradle
deleted file mode 100644
index 024e37d..0000000
--- a/apereo-cas/build.gradle
+++ /dev/null
@@ -1,146 +0,0 @@
-import org.apache.tools.ant.taskdefs.condition.*
-import org.gradle.internal.logging.text.*
-import org.apereo.cas.metadata.*
-import java.nio.file.*
-import static org.gradle.internal.logging.text.StyledTextOutput.Style
-
-buildscript {
- repositories {
- // maven {
- // url 'https//maven.aliyun.com/nexus/content/groups/public/'
- // }
- // maven {
- // url 'https://maven.aliyun.com/nexus/content/repositories/jcenter'
- // }
- // maven { name "Alibaba" ; url 'https://maven.aliyun.com/repository/public' }
- // maven { name "Bstek" ; url 'https://nexus.bsdn.org/content/groups/public/' }
- // maven { name "M2" ; url 'https://plugins.gradle.org/m2/' }
- maven { url "https://maven.aliyun.com/repository/central" }
- maven { url "https://maven.aliyun.com/repository/public" }
- maven { url "https://maven.aliyun.com/repository/google" }
- maven { url "https://maven.aliyun.com/repository/gradle-plugin" }
- maven { url 'https://jitpack.io' }
- mavenCentral()
- jcenter()
- google()
- }
- dependencies {
- classpath "org.springframework.boot:spring-boot-gradle-plugin:${project.springBootVersion}"
- classpath "io.freefair.gradle:maven-plugin:${project.gradleFreeFairPluginVersion}"
- classpath "io.freefair.gradle:lombok-plugin:${project.gradleFreeFairPluginVersion}"
- classpath "io.spring.gradle:dependency-management-plugin:${project.gradleDependencyManagementPluginVersion}"
- classpath "com.google.cloud.tools:jib-gradle-plugin:${project.jibVersion}"
-
- classpath "de.undercouch:gradle-download-task:${project.gradleDownloadTaskVersion}"
- classpath "org.apereo.cas:cas-server-core-api-configuration-model:${project.'cas.version'}"
- classpath "org.apereo.cas:cas-server-core-configuration-metadata-repository:${project.'cas.version'}"
- }
-}
-
-repositories {
- // maven {
- // url 'https://maven.aliyun.com/nexus/content/groups/public/'
- // }
- // maven {
- // url 'https://maven.aliyun.com/nexus/content/repositories/jcenter'
- // }
- // maven { name "Alibaba" ; url 'https://maven.aliyun.com/repository/public' }
- // maven { name "Bstek" ; url 'https://nexus.bsdn.org/content/groups/public/' }
- // maven { name "M2" ; url 'https://plugins.gradle.org/m2/' }
- maven { url "https://maven.aliyun.com/repository/central" }
- maven { url "https://maven.aliyun.com/repository/public" }
- maven { url "https://maven.aliyun.com/repository/google" }
- maven { url "https://maven.aliyun.com/repository/gradle-plugin" }
- maven { url 'https://jitpack.io' }
- mavenCentral()
- jcenter()
- google()
-}
-
-apply plugin: "io.freefair.war-overlay"
-apply plugin: "war"
-apply plugin: "org.springframework.boot"
-apply plugin: "io.freefair.lombok"
-
-apply from: rootProject.file("gradle/springboot.gradle")
-apply from: rootProject.file("gradle/jib.gradle")
-apply from: rootProject.file("gradle/tasks.gradle")
-
-
-configurations.all {
- resolutionStrategy {
- cacheChangingModulesFor 0, "seconds"
- cacheDynamicVersionsFor 0, "seconds"
- preferProjectModules()
- def failIfConflict = project.hasProperty("failOnVersionConflict") && Boolean.valueOf(project.getProperty("failOnVersionConflict"))
- if (failIfConflict) {
- failOnVersionConflict()
- }
- }
-}
-
-war {
- entryCompression = ZipEntryCompression.STORED
- enabled = false
-}
-
-sourceSets {
- bootRunSources {
- resources {
- srcDirs new File("//etc/cas/templates/"), new File("${project.getProjectDir()}/src/main/resources/")
- }
- }
-}
-
-java {
- toolchain {
- languageVersion = JavaLanguageVersion.of(project.targetCompatibility)
- }
-}
-
-bootBuildImage {
- imageName = "${project.'containerImageOrg'}/${project.'containerImageName'}:${project.version}"
-}
-
-dependencies {
- /**
- * Do NOT modify the lines below or else you will risk breaking dependency management.
- */
- implementation enforcedPlatform("org.apereo.cas:cas-server-support-bom:${project.'cas.version'}")
- implementation platform(org.springframework.boot.gradle.plugin.SpringBootPlugin.BOM_COORDINATES)
-
- /**
- * CAS dependencies and modules may be listed here.
- *
- * There is no need to specify the version number for each dependency
- * since versions are all resolved and controlled by the dependency management
- * plugin via the CAS bom.
- **/
-
- implementation "org.apereo.cas:cas-server-core-api-configuration-model"
- implementation "org.apereo.cas:cas-server-webapp-init"
-
- implementation "org.apereo.cas:cas-server-support-jdbc:${project.'cas.version'}"
- implementation "org.apereo.cas:cas-server-support-jdbc-drivers:${project.'cas.version'}"
- implementation 'org.xerial:sqlite-jdbc'
-
- implementation "org.apereo.cas:cas-server-support-oauth-webflow:${project.'cas.version'}"
-
-
- if (project.hasProperty("casModules")) {
- def dependencies = project.getProperty("casModules").split(",")
- dependencies.each {
- def projectsToAdd = rootProject.subprojects.findAll {project ->
- project.name == "cas-server-core-${it}" || project.name == "cas-server-support-${it}"
- }
- projectsToAdd.each {implementation it}
- }
- }
-
-
-
-
-
- developmentOnly "org.springframework.boot:spring-boot-devtools:${project.springBootVersion}"
-}
-
diff --git a/apereo-cas/build.gradle.backup b/apereo-cas/build.gradle.backup
deleted file mode 100644
index dffb043..0000000
--- a/apereo-cas/build.gradle.backup
+++ /dev/null
@@ -1,150 +0,0 @@
-import org.apache.tools.ant.taskdefs.condition.*
-import org.gradle.internal.logging.text.*
-import org.apereo.cas.metadata.*
-import java.nio.file.*
-import static org.gradle.internal.logging.text.StyledTextOutput.Style
-
-buildscript {
- repositories {
- # if (project.privateRepoUrl) {
- # maven {
- # url project.privateRepoUrl
- # credentials {
- # username = project.privateRepoUsername
- # password = System.env.PRIVATE_REPO_TOKEN
- # }
- # }
- # }
- # mavenLocal()
- # mavenCentral()
- # gradlePluginPortal()
- maven {
- url 'http://maven.aliyun.com/nexus/content/groups/public/'
- # url 'https://oss.sonatype.org/content/repositories/snapshots'
- # mavenContent { snapshotsOnly() }
- }
- maven {
- url 'http://maven.aliyun.com/nexus/content/repositories/jcenter'
- # url "https://repo.spring.io/milestone"
- # mavenContent { releasesOnly() }
- }
- }
- dependencies {
- classpath "org.springframework.boot:spring-boot-gradle-plugin:${project.springBootVersion}"
- classpath "io.freefair.gradle:maven-plugin:${project.gradleFreeFairPluginVersion}"
- classpath "io.freefair.gradle:lombok-plugin:${project.gradleFreeFairPluginVersion}"
- classpath "io.spring.gradle:dependency-management-plugin:${project.gradleDependencyManagementPluginVersion}"
- classpath "com.google.cloud.tools:jib-gradle-plugin:${project.jibVersion}"
-
- classpath "de.undercouch:gradle-download-task:${project.gradleDownloadTaskVersion}"
- classpath "org.apereo.cas:cas-server-core-api-configuration-model:${project.'cas.version'}"
- classpath "org.apereo.cas:cas-server-core-configuration-metadata-repository:${project.'cas.version'}"
- }
-}
-
-repositories {
- # if (project.privateRepoUrl) {
- # maven {
- # url project.privateRepoUrl
- # credentials {
- # username = project.privateRepoUsername
- # password = System.env.PRIVATE_REPO_TOKEN
- # }
- # }
- # }
- # mavenLocal()
- # mavenCentral()
- # maven { url 'https://oss.sonatype.org/content/repositories/releases' }
- maven {
- url 'http://maven.aliyun.com/nexus/content/groups/public/'
- # url 'https://oss.sonatype.org/content/repositories/snapshots'
- # mavenContent { snapshotsOnly() }
- }
- maven { url 'https://build.shibboleth.net/nexus/content/repositories/releases/' }
- maven {
- url 'http://maven.aliyun.com/nexus/content/repositories/jcenter'
- # url "https://repo.spring.io/milestone"
- # mavenContent { releasesOnly() }
- }
-}
-
-apply plugin: "io.freefair.war-overlay"
-apply plugin: "war"
-apply plugin: "org.springframework.boot"
-apply plugin: "io.freefair.lombok"
-
-apply from: rootProject.file("gradle/springboot.gradle")
-apply from: rootProject.file("gradle/jib.gradle")
-apply from: rootProject.file("gradle/tasks.gradle")
-
-
-configurations.all {
- resolutionStrategy {
- cacheChangingModulesFor 0, "seconds"
- cacheDynamicVersionsFor 0, "seconds"
- preferProjectModules()
- def failIfConflict = project.hasProperty("failOnVersionConflict") && Boolean.valueOf(project.getProperty("failOnVersionConflict"))
- if (failIfConflict) {
- failOnVersionConflict()
- }
- }
-}
-
-war {
- entryCompression = ZipEntryCompression.STORED
- enabled = false
-}
-
-sourceSets {
- bootRunSources {
- resources {
- srcDirs new File("//etc/cas/templates/"), new File("${project.getProjectDir()}/src/main/resources/")
- }
- }
-}
-
-java {
- toolchain {
- languageVersion = JavaLanguageVersion.of(project.targetCompatibility)
- }
-}
-
-bootBuildImage {
- imageName = "${project.'containerImageOrg'}/${project.'containerImageName'}:${project.version}"
-}
-
-dependencies {
- /**
- * Do NOT modify the lines below or else you will risk breaking dependency management.
- */
- implementation enforcedPlatform("org.apereo.cas:cas-server-support-bom:${project.'cas.version'}")
- implementation platform(org.springframework.boot.gradle.plugin.SpringBootPlugin.BOM_COORDINATES)
-
- /**
- * CAS dependencies and modules may be listed here.
- *
- * There is no need to specify the version number for each dependency
- * since versions are all resolved and controlled by the dependency management
- * plugin via the CAS bom.
- **/
-
- implementation "org.apereo.cas:cas-server-core-api-configuration-model"
- implementation "org.apereo.cas:cas-server-webapp-init"
-
- if (project.hasProperty("casModules")) {
- def dependencies = project.getProperty("casModules").split(",")
- dependencies.each {
- def projectsToAdd = rootProject.subprojects.findAll {project ->
- project.name == "cas-server-core-${it}" || project.name == "cas-server-support-${it}"
- }
- projectsToAdd.each {implementation it}
- }
- }
-
-
-
-
-
- developmentOnly "org.springframework.boot:spring-boot-devtools:${project.springBootVersion}"
-}
-
diff --git a/apereo-cas/docker-build.sh b/apereo-cas/docker-build.sh
deleted file mode 100644
index 24f8764..0000000
--- a/apereo-cas/docker-build.sh
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/bash
-
-imageTag="$1"
-
-if [ -z "$imageTag" ]; then
- version=(`cat gradle.properties | grep "cas.version" | cut -d= -f2`)
- imageTag="v$version"
-fi
-
-echo "Building CAS docker image tagged as [$imageTag]"
-# read -p "Press [Enter] to continue..." any_key;
-
-docker build --tag="apereo/cas:$imageTag" . \
- && echo "Built CAS image successfully tagged as apereo/cas:$imageTag" \
- && docker images "apereo/cas:$imageTag"
\ No newline at end of file
diff --git a/apereo-cas/docker-compose.yml b/apereo-cas/docker-compose.yml
deleted file mode 100644
index 8c452cf..0000000
--- a/apereo-cas/docker-compose.yml
+++ /dev/null
@@ -1,35 +0,0 @@
-version: '3'
-# services:
-# cas:
-# build: .
-# ports:
-# - "8443:8443"
-# - "8080:8080"
-
-services:
- open-oauth2playground:
- image: open-oauth2playground:v1.0
- container_name: open-oauth2playground # docker run时指定容器名
- restart: always
- ports:
- - "8081:88" # docker run时指定端口
- environment:
- CAS_SERVER_NAME: "http://cas-demo:8444" # 使用 'cas' 作为主机名
- volumes:
- - ./update_cfg.sh:/update_cfg.sh # 路径不对
- - ./cfg.json:/app/Open-OAuth2Playground/cfg.json
- command: ["/bin/bash", "-c", "/update_cfg.sh"]
- cas-demo:
- image: apereo/cas:v6.5.9
- container_name: cas-demo
- restart: always
- ports:
- - "8444:8444"
- - "8080:8080"
- environment:
- CAS_SERVER_NAME: "http://47.100.188.236:8444" # 设置您的 CAS_SERVER_NAME 环境变量
- SERVER_PORT: "8444" # 设置您的 SERVER_PORT 环境变量
- volumes:
- - ./cas_init_script.sh:/cas-overlay/cas_init_script.sh
- entrypoint: ["/bin/bash", "-c"]
- command: ["/cas-overlay/cas_init_script.sh && java -server -noverify -Xmx2048M -jar /cas-overlay/cas.war"]
\ No newline at end of file
diff --git a/apereo-cas/docker-push.sh b/apereo-cas/docker-push.sh
deleted file mode 100644
index 5097107..0000000
--- a/apereo-cas/docker-push.sh
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/bash
-
-docker_user="$1"
-docker_psw="$2"
-echo "$docker_psw" | docker login --username "$docker_user" --password-stdin
-
-imageTag="$3"
-if [ -z "$imageTag" ]; then
- version=(`cat gradle.properties | grep "cas.version" | cut -d= -f2`)
- imageTag="v$version"
-fi
-
-echo "Pushing CAS docker image tagged as $imageTag to apereo/cas..."
-docker push apereo/cas:"$imageTag" \
- && echo "Pushed apereo/cas:$imageTag successfully.";
diff --git a/apereo-cas/docker-run.sh b/apereo-cas/docker-run.sh
deleted file mode 100644
index e6fb967..0000000
--- a/apereo-cas/docker-run.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-
-docker stop cas > /dev/null 2>&1
-docker rm cas > /dev/null 2>&1
-image_tag=(`cat gradle.properties | grep "cas.version" | cut -d= -f2`)
-docker run -d -p 8080:8080 -p 8443:8443 --name="cas" apereo/cas:"v${image_tag}"
-docker logs -f cas
diff --git a/apereo-cas/etc/cas/.ignore b/apereo-cas/etc/cas/.ignore
deleted file mode 100644
index e69de29..0000000
diff --git a/apereo-cas/etc/cas/config/cas.properties b/apereo-cas/etc/cas/config/cas.properties
deleted file mode 100644
index 33a3de1..0000000
--- a/apereo-cas/etc/cas/config/cas.properties
+++ /dev/null
@@ -1,52 +0,0 @@
-server.port=${SERVER_PORT:8444}
-cas.server.name=http://47.100.188.236:8444
-# cas.server.name=${CAS_SERVER_NAME}
-cas.server.prefix=${cas.server.name}/cas
-
-server.ssl.enabled=false
-cas.server.tomcat.http.enabled=true
-
-logging.config=file:/etc/cas/config/log4j2.xml
-
-cas.service-registry.core.init-from-json=true
-cas.serviceRegistry.json.location=file:/etc/cas/services
-
-cas.logout.follow-service-redirects=true
-cas.logout.redirect-parameter=service
-
-# CAS Authentication Credentials
-# cas.authn.accept.users=casuser::Mellon
-cas.authn.accept.enabled=false
-
-# 添加jdbc相关
-cas.authn.jdbc.query[0].driverClass=org.sqlite.JDBC
-cas.authn.jdbc.query[0].url=jdbc:sqlite:/export/data/cas.db
-cas.authn.jdbc.query[0].user=
-cas.authn.jdbc.query[0].password=
-cas.authn.jdbc.query[0].sql=SELECT * FROM user WHERE username=?
-cas.authn.jdbc.query[0].fieldPassword=password
-cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.SQLiteDialect
-
-# cas.authn.jdbc.query[0].fieldExpired=expired
-# cas.authn.jdbc.query[0].fieldDisabled=disabled
-cas.authn.jdbc.query[0].password-encoder.encoding-algorithm=
-cas.authn.jdbc.query[0].password-encoder.type=NONE
-
-cas.authn.attribute-repository.jdbc[0].attributes.name=name
-cas.authn.attribute-repository.jdbc[0].attributes.username=username
-
-# 添加oauth2相关
-cas.authn.oauth.refreshToken.timeToKillInSeconds=2592000
-cas.authn.oauth.code.timeToKillInSeconds=30
-cas.authn.oauth.code.numberOfUses=1
-cas.authn.oauth.accessToken.timeToKillInSeconds=7200
-cas.authn.oauth.accessToken.maxTimeToLiveInSeconds=28800
-cas.authn.oauth.grants.resourceOwner.requireServiceHeader=true
-
-# 添加密钥相关
-cas.authn.oauth.access-token.crypto.encryption.key=UsvovVy2tnsy9xa0fJbIQVi2q5Kc7KEyNfJ4ygwnFZk
-cas.authn.oauth.access-token.crypto.signing.key=xNV2zMA2JF6jCopLxsAO5MIY-Ny71czLHWyg1QnwP1effT_ttubmQyYIglYQPgSGGBFCFli197dtKcuIyG0eMg
-cas.tgc.crypto.encryption.key=ZzNLzcVZshSXdRKfwd09UD3ADtP6Q7MFyoDqtDc5y1I
-cas.tgc.crypto.signing.key=UBvTb9kDxG-yMxqiXwwEjPP9yy1cxJvIt3GXXcoq7pgWNvJVLCyhU_890jvhauTolIjEEduYSVMntwNKiP4wbg
-cas.authn.oauth.crypto.encryption.key=vZb7GPl9iy8pmXFU7aQN1LG70FRkcA-0Y6RRsdgni6M
-cas.authn.oauth.crypto.signing.key=Iy9sCAeHXjNMPfHhRvLtU_tSd_j9GD34a7V-SQtXA0z9g12_waZo0TdYutLcosP0xoA-GXYFjiqSNzneaqBD-g
diff --git a/apereo-cas/etc/cas/config/log4j2.xml b/apereo-cas/etc/cas/config/log4j2.xml
deleted file mode 100644
index 2b6bd47..0000000
--- a/apereo-cas/etc/cas/config/log4j2.xml
+++ /dev/null
@@ -1,163 +0,0 @@
-
-
-
-
-
- /var/log
- info
- warn
- info
- warn
- warn
- warn
- warn
- warn
- warn
- warn
- true
- false
-
- casStackTraceFile
- false
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/apereo-cas/etc/cas/services/oauth-3001.json b/apereo-cas/etc/cas/services/oauth-3001.json
deleted file mode 100644
index 3cd0806..0000000
--- a/apereo-cas/etc/cas/services/oauth-3001.json
+++ /dev/null
@@ -1,32 +0,0 @@
-{
- "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
- "clientId": "open-oauth2playground",
- "clientSecret": "open-oauth2playground",
- "serviceId" : "^(http)://.*",
- "name" : "OAuthService",
- "id" : 3001,
- "attributeReleasePolicy": {
- "@class": "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
- "allowedAttributes": ["java.util.ArrayList", ["name","username"]]
- },
- "generateRefreshToken" : true,
- "renewRefreshToken" : true,
- "supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code","refresh_token","client_credentials","password" ] ],
- "supportedResponseTypes": [ "java.util.HashSet", [ "code","device_code" ] ],
- "properties" : {
- "@class" : "java.util.HashMap",
- "corsAllowCredentials" : {
- "@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
- "values" : [ "java.util.HashSet", [ "true" ] ]
- },
- "corsAllowedOrigins" : {
- "@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
- "values" : [ "java.util.HashSet", [ "*" ] ]
- },
- "corsAllowedMethods" : {
- "@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
- "values" : [ "java.util.HashSet", [ "POST", "GET", "PUT", "DELETE" ] ]
- }
- }
-}
-
diff --git a/apereo-cas/etc/cas/services/oauth-pkce-3002.json b/apereo-cas/etc/cas/services/oauth-pkce-3002.json
deleted file mode 100644
index bf5fe8f..0000000
--- a/apereo-cas/etc/cas/services/oauth-pkce-3002.json
+++ /dev/null
@@ -1,11 +0,0 @@
-{
- "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
- "clientId": "open-oauth2playground-pkce",
- "serviceId" : "^(http)://.*",
- "name" : "OAuthServicePKCE",
- "id" : 3002,
- "generateRefreshToken" : true,
- "renewRefreshToken" : true,
- "supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code","refresh_token" ] ],
- "supportedResponseTypes": [ "java.util.HashSet", [ "code" ] ]
- }
\ No newline at end of file
diff --git a/apereo-cas/gradle.properties b/apereo-cas/gradle.properties
deleted file mode 100644
index 19bc480..0000000
--- a/apereo-cas/gradle.properties
+++ /dev/null
@@ -1,59 +0,0 @@
-
-version=6.5.9
-# CAS server version
-cas.version=6.5.9
-
-springBootVersion=2.6.3
-
-# The version of this overlay project
-group=org.apereo.cas
-artifactId=cas-overlay
-sourceCompatibility=11
-targetCompatibility=11
-
-gradleFreeFairPluginVersion=6.5.1
-gradleDependencyManagementPluginVersion=1.1.0
-
-# Used to build docker images
-jibVersion=3.3.1
-
-# Specify the coordinates of the container image to build via jib
-containerImageOrg=apereo
-containerImageName=cas
-
-baseDockerImage=eclipse-temurin:11-jdk
-allowInsecureRegistries=false
-dockerImagePlatform=amd64:linux
-
-containerImage=apereo/cas
-
-# Include launch script for executable WAR artifact
-# Setting this to true allows the final web application
-# to be fully executable on its own
-executable=false
-
-# Use -tomcat, -jetty, -undertow for deployment to other embedded containers
-# if the overlay application supports or provides the chosen type.
-# You should set this to blank if you want to deploy to an external container.
-# and want to set up, download and manage the container (i.e. Apache Tomcat) yourself.
-appServer=-tomcat
-
-# Settings to generate keystore
-# used by the build to assist with creating
-# self-signed certificates for https endpoints
-certDir=/etc/cas
-serverKeystore=thekeystore
-exportedServerCert=cas.crt
-storeType=PKCS12
-
-# Location of the downloaded CAS Shell JAR
-shellDir=build/libs
-ivyVersion=2.5.0
-gradleDownloadTaskVersion=4.1.1
-
-tomcatVersion=9.0.69
-
-# Include private repository
-# override these in user properties or pass in values from env on command line
-privateRepoUrl=
-privateRepoUsername=
diff --git a/apereo-cas/gradle/jib.gradle b/apereo-cas/gradle/jib.gradle
deleted file mode 100644
index 60e99fb..0000000
--- a/apereo-cas/gradle/jib.gradle
+++ /dev/null
@@ -1,63 +0,0 @@
-apply plugin: "com.google.cloud.tools.jib"
-
-def imagePlatforms = project.dockerImagePlatform.split(",")
-def dockerUsername = providers.systemProperty("dockerUsername").getOrNull()
-def dockerPassword = providers.systemProperty("dockerPassword").getOrNull()
-
-jib {
- from {
- image = project.baseDockerImage
- platforms {
- imagePlatforms.each {
- def given = it.split(":")
- platform {
- architecture = given[0]
- os = given[1]
- }
- }
- }
- }
- to {
- image = "${project.containerImage}:${project.version}"
- /**
- ecr-login: Amazon Elastic Container Registry (ECR)
- gcr: Google Container Registry (GCR)
- osxkeychain: Docker Hub
- */
- credHelper = "osxkeychain"
- if (dockerUsername != null && dockerPassword != null) {
- auth {
- username = "${dockerUsername}"
- password = "${dockerPassword}"
- }
- }
- tags = [project.version]
- }
- container {
- creationTime = "USE_CURRENT_TIMESTAMP"
- entrypoint = ['/docker/entrypoint.sh']
- ports = ['80', '443', '8080', '8443', '8444', '8761', '8888', '5000']
- labels = [version:project.version, name:project.name, group:project.group, org:project.containerImageOrg]
- workingDirectory = '/docker/cas/war'
- }
- extraDirectories {
- paths {
- path {
- from = file('src/main/jib')
- }
- path {
- from = file('etc/cas')
- into = '/etc/cas'
- }
- path {
- from = file("build/libs")
- into = "/docker/cas/war"
- }
- }
- permissions = [
- '/docker/entrypoint.sh': '755'
- ]
- }
- allowInsecureRegistries = project.allowInsecureRegistries
-}
-
diff --git a/apereo-cas/gradle/springboot.gradle b/apereo-cas/gradle/springboot.gradle
deleted file mode 100644
index a60ab7f..0000000
--- a/apereo-cas/gradle/springboot.gradle
+++ /dev/null
@@ -1,136 +0,0 @@
-apply plugin: "org.springframework.boot"
-
-repositories {
- maven {
- url "https://repo.spring.io/milestone"
- }
- mavenLocal()
- mavenCentral()
- maven { url 'https://oss.sonatype.org/content/repositories/releases' }
- maven {
- url 'https://oss.sonatype.org/content/repositories/snapshots'
- mavenContent { snapshotsOnly() }
- }
- maven { url 'https://build.shibboleth.net/nexus/content/repositories/releases/' }
-}
-
-configurations {
- bootRunConfig.extendsFrom compileClasspath
-}
-
-dependencies {
- bootRunConfig "org.apereo.cas:cas-server-core:${project.'cas.version'}"
- bootRunConfig "org.apereo.cas:cas-server-core-logging:${project.'cas.version'}"
- bootRunConfig "org.apereo.cas:cas-server-core-web:${project.'cas.version'}"
- bootRunConfig "org.apereo.cas:cas-server-core-webflow:${project.'cas.version'}"
- bootRunConfig "org.apereo.cas:cas-server-core-cookie:${project.'cas.version'}"
- bootRunConfig "org.apereo.cas:cas-server-core-logout:${project.'cas.version'}"
- bootRunConfig "org.apereo.cas:cas-server-core-authentication:${project.'cas.version'}"
- bootRunConfig "org.apereo.cas:cas-server-core-validation:${project.'cas.version'}"
- bootRunConfig "org.apereo.cas:cas-server-core-audit:${project.'cas.version'}"
- bootRunConfig "org.apereo.cas:cas-server-core-tickets:${project.'cas.version'}"
- bootRunConfig "org.apereo.cas:cas-server-core-services:${project.'cas.version'}"
- bootRunConfig "org.apereo.cas:cas-server-core-util:${project.'cas.version'}"
-
- bootRunConfig "org.apereo.cas:cas-server-support-thymeleaf:${project.'cas.version'}"
- bootRunConfig "org.apereo.cas:cas-server-support-validation:${project.'cas.version'}"
- bootRunConfig "org.apereo.cas:cas-server-support-person-directory:${project.'cas.version'}"
-
- bootRunConfig "org.apereo.cas:cas-server-webapp-resources:${project.'cas.version'}"
- bootRunConfig "org.apereo.cas:cas-server-webapp-config:${project.'cas.version'}"
- bootRunConfig "org.apereo.cas:cas-server-webapp-init:${project.'cas.version'}"
- bootRunConfig "org.apereo.cas:cas-server-webapp-tomcat:${project.'cas.version'}"
- bootRunConfig "org.apereo.cas:cas-server-webapp-init-tomcat:${project.'cas.version'}"
-
- bootRunConfig "org.springframework.boot:spring-boot-devtools:${project.springBootVersion}"
-}
-
-bootRun {
- classpath = configurations.bootRunConfig + sourceSets.main.compileClasspath + sourceSets.main.runtimeClasspath
- doFirst {
- sourceResources sourceSets.bootRunSources
- systemProperties = System.properties
- }
-
- def list = []
- list.add("-XX:TieredStopAtLevel=1")
- list.add("-Xverify:none")
- list.add("--add-modules")
- list.add("java.se")
- list.add("--add-exports")
- list.add("java.base/jdk.internal.ref=ALL-UNNAMED")
- list.add("--add-opens")
- list.add("java.base/java.lang=ALL-UNNAMED")
- list.add("--add-opens")
- list.add("java.base/java.nio=ALL-UNNAMED")
- list.add("--add-opens")
- list.add("java.base/sun.nio.ch=ALL-UNNAMED")
- list.add("--add-opens")
- list.add("java.management/sun.management=ALL-UNNAMED")
- list.add("--add-opens")
- list.add("jdk.management/com.sun.management.internal=ALL-UNNAMED")
- list.add("-Xrunjdwp:transport=dt_socket,address=5000,server=y,suspend=n")
-
- jvmArgs = list
-
- def appArgList = []
- args = appArgList
-}
-
-springBoot {
- buildInfo()
- mainClass = "org.apereo.cas.web.CasWebApplication"
-
-
-
-
-}
-
-bootWar {
- def executable = project.hasProperty("executable") && Boolean.valueOf(project.getProperty("executable"))
- if (executable) {
- logger.info "Including launch script for executable WAR artifact"
- launchScript()
- } else {
- logger.info "WAR artifact is not marked as an executable"
- }
-
- archiveFileName = "cas.war"
- archiveBaseName = "cas"
-
- entryCompression = ZipEntryCompression.STORED
-
- /*
- attachClasses = true
- classesClassifier = 'classes'
- archiveClasses = true
- */
-
- overlays {
- /*
- https://docs.freefair.io/gradle-plugins/current/reference/#_io_freefair_war_overlay
- Note: The "excludes" property is only for files in the war dependency.
- If a jar is excluded from the war, it could be brought back into the final war as a dependency
- of non-war dependencies. Those should be excluded via normal gradle dependency exclusions.
- */
- cas {
- from "org.apereo.cas:cas-server-webapp${project.appServer}:${project.'cas.version'}@war"
-
-
-
-
-
- provided = false
- excludes = ["WEB-INF/lib/servlet-api-2*.jar"]
-
- /*
- excludes = ["WEB-INF/lib/somejar-1.0*"]
- enableCompilation = true
- includes = ["*.xyz"]
- targetPath = "sub-path/bar"
- skip = false
- */
- }
- }
-}
-
diff --git a/apereo-cas/gradle/tasks.gradle b/apereo-cas/gradle/tasks.gradle
deleted file mode 100644
index 7e56e61..0000000
--- a/apereo-cas/gradle/tasks.gradle
+++ /dev/null
@@ -1,420 +0,0 @@
-import org.apereo.cas.metadata.*
-import java.nio.file.*
-buildscript {
- repositories {
- mavenLocal()
- mavenCentral()
- gradlePluginPortal()
- maven {
- url 'https://oss.sonatype.org/content/repositories/snapshots'
- mavenContent { snapshotsOnly() }
- }
- maven {
- url "https://repo.spring.io/milestone"
- mavenContent { releasesOnly() }
- }
- }
- dependencies {
- classpath "org.apache.ivy:ivy:${project.ivyVersion}"
- classpath "org.apereo.cas:cas-server-core-configuration-metadata-repository:${project.'cas.version'}"
- }
-}
-apply plugin: "de.undercouch.download"
-
-task run(group: "build", description: "Run the CAS web application in embedded container mode") {
- dependsOn 'build'
- doLast {
- def casRunArgs = Arrays.asList("-server -noverify -Xmx2048M -XX:+TieredCompilation -XX:TieredStopAtLevel=1".split(" "))
- javaexec {
- main = "-jar"
- jvmArgs = casRunArgs
- args = ["build/libs/cas.war"]
- systemProperties = System.properties
- logger.info "Started ${commandLine}"
- }
- }
-}
-
-task setExecutable(group: "CAS", description: "Configure the project to run in executable mode") {
- doFirst {
- project.setProperty("executable", "true")
- logger.info "Configuring the project as executable"
- }
-}
-
-task executable(type: Exec, group: "CAS", description: "Run the CAS web application in standalone executable mode") {
- dependsOn setExecutable, 'build'
- doFirst {
- workingDir "."
- if (!Os.isFamily(Os.FAMILY_WINDOWS)) {
- commandLine "chmod", "+x", bootWar.archivePath
- }
- logger.info "Running ${bootWar.archivePath}"
- commandLine bootWar.archivePath
- }
-}
-
-
-task debug(group: "CAS", description: "Debug the CAS web application in embedded mode on port 5005") {
- dependsOn 'build'
- doLast {
- logger.info "Debugging process is started in a suspended state, listening on port 5005."
- def casArgs = Arrays.asList("-Xmx2048M".split(" "))
- javaexec {
- main = "-jar"
- jvmArgs = casArgs
- debug = true
- args = ["build/libs/cas.war"]
- systemProperties = System.properties
- logger.info "Started ${commandLine}"
- }
- }
-}
-
-task showConfiguration(group: "CAS", description: "Show configurations for each dependency, etc") {
- doLast() {
- def cfg = project.hasProperty("configuration") ? project.property("configuration") : "compile"
- configurations.getByName(cfg).each { println it }
- }
-}
-
-task allDependenciesInsight(group: "build", type: DependencyInsightReportTask, description: "Produce insight information for all dependencies") {}
-
-task allDependencies(group: "build", type: DependencyReportTask, description: "Display a graph of all project dependencies") {}
-
-task casVersion(group: "CAS", description: "Display the current CAS version") {
- doFirst {
- def verbose = project.hasProperty("verbose") && Boolean.valueOf(project.getProperty("verbose"))
- if (verbose) {
- def out = services.get(StyledTextOutputFactory).create("CAS")
- println "******************************************************************"
- out.withStyle(Style.Info).println "Apereo CAS ${project.version}"
- out.withStyle(Style.Description).println "Enterprise Single SignOn for all earthlings and beyond"
- out.withStyle(Style.SuccessHeader).println "- GitHub: "
- out.withStyle(Style.Success).println "https://github.com/apereo/cas"
- out.withStyle(Style.SuccessHeader).println "- Docs: "
- out.withStyle(Style.Success).println "https://apereo.github.io/cas"
- out.withStyle(Style.SuccessHeader).println "- Blog: "
- out.withStyle(Style.Success).println "https://apereo.github.io"
- println "******************************************************************"
- } else {
- println project.version
- }
- }
-}
-
-task springBootVersion(description: "Display current Spring Boot version") {
- doLast {
- println rootProject.springBootVersion
- }
-}
-
-task containerImage(description: "Display container image name") {
- doLast {
- println rootProject.containerImage
- }
-}
-
-task zip(type: Zip) {
- from projectDir
- exclude '**/.idea/**', '.gradle', 'tmp', '.git', '**/build/**', '**/bin/**', '**/out/**', '**/.settings/**'
- destinationDirectory = buildDir
- archiveFileName = "${project.name}.zip"
- doLast {
- def zipFile = file("${buildDir}/${it.archiveFileName.get()}")
- if (zipFile.exists()) {
- println "Zip archive is available at ${zipFile.absolutePath}"
- }
- }
-}
-
-task createKeystore(group: "CAS", description: "Create CAS keystore") {
- doFirst {
- def certDir = project.getProperty("certDir")
- def serverKeyStore = project.getProperty("serverKeystore")
- def exportedServerCert = project.getProperty("exportedServerCert")
- def storeType = project.getProperty("storeType")
- def keystorePath = "$certDir/$serverKeyStore"
- def serverCert = "$certDir/$exportedServerCert"
-
- mkdir certDir
-
- def dn = "CN=cas.example.org,OU=Example,OU=Org,C=US"
- if (project.hasProperty("certificateDn")) {
- dn = project.getProperty("certificateDn")
- }
- def subjectAltName = "dns:example.org,dns:localhost,ip:127.0.0.1"
- if (project.hasProperty("certificateSubAltName")) {
- subjectAltName = project.getProperty("certificateSubAltName")
- }
- // this will fail if thekeystore exists and has cert with cas alias already (so delete if you want to recreate)
- logger.info "Generating keystore for CAS with DN ${dn}"
- exec {
- workingDir "."
- commandLine "keytool", "-genkeypair", "-alias", "cas",
- "-keyalg", "RSA",
- "-keypass", "changeit", "-storepass", "changeit",
- "-keystore", keystorePath,
- "-dname", dn, "-ext", "SAN=${subjectAltName}",
- "-storetype", storeType
- }
- logger.info "Exporting cert from keystore..."
- exec {
- workingDir "."
- commandLine "keytool", "-exportcert", "-alias", "cas",
- "-storepass", "changeit", "-keystore", keystorePath,
- "-file", serverCert
- }
- logger.info "Import $serverCert into your Java truststore (\$JAVA_HOME/lib/security/cacerts)"
- }
-}
-
-task unzipWAR(type: Copy, group: "CAS", description: "Explodes the CAS web application archive") {
- dependsOn 'build'
- from zipTree("build/libs/cas.war")
- into "${buildDir}/app"
- doLast {
- println "Unzipped WAR into ${buildDir}/app"
- }
-}
-
-task verifyRequiredJavaVersion {
- def currentVersion = org.gradle.api.JavaVersion.current()
- logger.info "Checking current Java version ${currentVersion} for required Java version ${project.targetCompatibility}"
- if (!currentVersion.name.equalsIgnoreCase("${project.targetCompatibility}")) {
- logger.warn("Careful: Current Java version ${currentVersion} does not match required Java version ${project.targetCompatibility}")
- }
-}
-
-task copyCasConfiguration(type: Copy, group: "CAS",
- description: "Copy the CAS configuration from this project to /etc/cas/config") {
- from "etc/cas/config"
- into new File('/etc/cas/config').absolutePath
- doFirst {
- new File('/etc/cas/config').mkdirs()
- }
-}
-
-
-def tomcatDirectory = "${buildDir}/apache-tomcat-${tomcatVersion}"
-project.ext."tomcatDirectory" = tomcatDirectory
-
-def explodedDir = "${buildDir}/app"
-def explodedResourcesDir = "${buildDir}/cas-resources"
-
-def resourcesJarName = "cas-server-webapp-resources"
-def templateViewsJarName = "cas-server-support-thymeleaf"
-
-task unzip(type: Copy, group: "CAS", description: "Explodes the CAS archive and resources jar from the CAS web application archive") {
- dependsOn unzipWAR
- from zipTree("${explodedDir}/WEB-INF/lib/${templateViewsJarName}-${project.'cas.version'}.jar")
- into explodedResourcesDir
-
- from zipTree("${explodedDir}/WEB-INF/lib/${resourcesJarName}-${project.'cas.version'}.jar")
- into explodedResourcesDir
- duplicatesStrategy = DuplicatesStrategy.EXCLUDE
- doLast {
- println "Exploded WAR resources into ${explodedResourcesDir}"
- }
-}
-
-task downloadShell(group: "Shell", description: "Download CAS shell jar from snapshot or release maven repo") {
- doFirst {
- mkdir "${project.shellDir}"
- }
- doLast {
- def downloadFile
- if (isRunningCasServerSnapshot()) {
- def snapshotDir = "https://oss.sonatype.org/content/repositories/snapshots/org/apereo/cas/cas-server-support-shell/${project.'cas.version'}/"
- def files = new org.apache.ivy.util.url.ApacheURLLister().listFiles(new URL(snapshotDir))
- files = files.sort { it.path }
- files.each {
- if (it.path.endsWith(".jar")) {
- downloadFile = it
- }
- }
- } else {
- downloadFile = "https://repo1.maven.org/maven2/org/apereo/cas/cas-server-support-shell/${project.'cas.version'}/cas-server-support-shell-${project.'cas.version'}.jar"
- }
- logger.info "Downloading file: ${downloadFile}"
- download {
- src downloadFile
- dest new File("${project.shellDir}", "cas-server-support-shell-${project.'cas.version'}.jar")
- overwrite false
- }
- }
-}
-
-task runShell(group: "Shell", description: "Run the CAS shell") {
- dependsOn downloadShell
- doLast {
- println "Run the following command to launch the shell:\n\tjava -jar ${project.shellDir}/cas-server-support-shell-${project.'cas.version'}.jar"
- }
-}
-
-task debugShell(group: "Shell", description: "Run the CAS shell with debug options, wait for debugger on port 5005") {
- dependsOn downloadShell
- doLast {
- println """
- Run the following command to launch the shell:\n\t
- java -Xrunjdwp:transport=dt_socket,address=5000,server=y,suspend=y -jar ${project.shellDir}/cas-server-support-shell-${project.'cas.version'}.jar
- """
- }
-}
-
-task listTemplateViews(group: "CAS", description: "List all CAS views") {
- dependsOn unzip
-
- doFirst {
- fileTree(explodedResourcesDir).matching {
- include "**/*.html"
- }
- .collect {
- return it.path.replace(explodedResourcesDir, "")
- }
- .toSorted()
- .each { println it }
- }
-}
-
-task getResource(group: "CAS", description: "Fetch a CAS resource and move it into the overlay") {
- dependsOn unzip
-
- doFirst {
- def resourceName = project.getProperty("resourceName")
-
- def results = fileTree(explodedResourcesDir).matching {
- include "**/${resourceName}.*"
- include "**/${resourceName}"
- }
- if (results.isEmpty()) {
- println "No resources could be found matching ${resourceName}"
- return
- }
- if (results.size() > 1) {
- println "Multiple resources found matching ${resourceName}:\n"
- results.each {
- println "\t-" + it.path.replace(explodedResourcesDir, "")
- }
- println "\nNarrow down your search criteria and try again."
- return
- }
-
- def fromFile = explodedResourcesDir
- def resourcesDir = "src/main/resources"
- mkdir resourcesDir
-
- def resourceFile = results[0].canonicalPath
- def toResourceFile = resourceFile.replace(fromFile, resourcesDir)
-
- def parent = file(toResourceFile).getParent()
- mkdir parent
-
- Files.copy(Paths.get(resourceFile), Paths.get(toResourceFile), StandardCopyOption.REPLACE_EXISTING)
- println "Copied file ${resourceFile} to ${toResourceFile}"
- }
-}
-
-def isRunningCasServerSnapshot() {
- return "${project.'cas.version'}".contains("-SNAPSHOT")
-}
-
-
-task createTheme(group: "CAS", description: "Create theme directory structure in the overlay") {
- doFirst {
- def theme = project.getProperty("theme")
- def builder = new FileTreeBuilder()
- new File("src/main/resources/${theme}.properties").delete()
-
- builder.src {
- main {
- resources {
- "static" {
- themes {
- "${theme}" {
- css {
- 'cas.css'('')
- }
- js {
- 'cas.js'('')
- }
- images {
- '.ignore'('')
- }
- }
- }
- }
-
- templates {
- "${theme}" {
- fragments {
-
- }
- }
- }
-
- "${theme}.properties"("""cas.standard.css.file=/themes/${theme}/css/cas.css
-cas.standard.js.file=/themes/${theme}/js/cas.js
- """)
- }
- }
- }
- }
-}
-
-
-def skipValidation = project.hasProperty("validate") && project.property("validate").equals("false")
-if (!skipValidation) {
- task validateConfiguration(type: Copy, group: "CAS",
- description: "Validate CAS configuration") {
- def file = new File("${projectDir}/src/main/resources/application.properties")
- if (file.exists()) {
- throw new GradleException("This overlay project is overriding a CAS-supplied configuration file at ${file.path}. "
- + "Overriding this file will disable all default CAS settings that are provided to the overlay, and "
- + "generally has unintended side-effects. It's best to move your configuration inside an application.yml "
- + "file, if you intend to keep the configuration bundled with the CAS web application. \n\nTo disable this "
- + "validation step, run the build with -Pvalidate=false.");
- }
- }
- processResources.dependsOn(validateConfiguration)
-}
-
-
-task exportConfigMetadata(group: "CAS", description: "Export collection of CAS properties") {
- doLast {
- def file = new File(project.rootDir, 'config-metadata.properties')
- def queryType = ConfigurationMetadataCatalogQuery.QueryTypes.CAS
- if (project.hasProperty("queryType")) {
- queryType = ConfigurationMetadataCatalogQuery.QueryTypes.valueOf(project.findProperty("queryType"))
- }
- file.withWriter('utf-8') { writer ->
- def props = CasConfigurationMetadataCatalog.query(
- ConfigurationMetadataCatalogQuery.builder()
- .queryType(queryType)
- .build())
- .properties()
- props.each { property ->
- writer.writeLine("# Type: ${property.type}");
- writer.writeLine("# Module: ${property.module}")
- writer.writeLine("# Owner: ${property.owner}")
- if (property.deprecationLevel != null) {
- writer.writeLine("# This setting is deprecated with a severity level of ${property.deprecationLevel}.")
- if (property.deprecationReason != null) {
- writer.writeLine("# because ${property.deprecationReason}")
- }
- if (property.deprecationReason != null) {
- writer.writeLine("# Replace with: ${property.deprecationReason}")
- }
- }
- writer.writeLine("#")
- def description = property.description.replace("\n", "\n# ").replace("\r", "")
- description = org.apache.commons.text.WordUtils.wrap(description, 70, "\n# ", true)
- writer.writeLine("# ${description}")
- writer.writeLine("#")
- writer.writeLine("# ${property.name}: ${property.defaultValue}")
- writer.writeLine("")
- }
- }
- println "Configuration metadata is available at ${file.absolutePath}"
- }
-}
diff --git a/apereo-cas/gradle/wrapper/gradle-wrapper.jar b/apereo-cas/gradle/wrapper/gradle-wrapper.jar
deleted file mode 100644
index 943f0cb..0000000
Binary files a/apereo-cas/gradle/wrapper/gradle-wrapper.jar and /dev/null differ
diff --git a/apereo-cas/gradle/wrapper/gradle-wrapper.properties b/apereo-cas/gradle/wrapper/gradle-wrapper.properties
deleted file mode 100644
index d9ebbe2..0000000
--- a/apereo-cas/gradle/wrapper/gradle-wrapper.properties
+++ /dev/null
@@ -1,6 +0,0 @@
-distributionBase=GRADLE_USER_HOME
-distributionPath=wrapper/dists
-distributionUrl=gradle-7.6-bin.zip
-networkTimeout=10000
-zipStoreBase=GRADLE_USER_HOME
-zipStorePath=wrapper/dists
diff --git a/apereo-cas/gradlew b/apereo-cas/gradlew
deleted file mode 100644
index 65dcd68..0000000
--- a/apereo-cas/gradlew
+++ /dev/null
@@ -1,244 +0,0 @@
-#!/bin/sh
-
-#
-# Copyright © 2015-2021 the original authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-##############################################################################
-#
-# Gradle start up script for POSIX generated by Gradle.
-#
-# Important for running:
-#
-# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
-# noncompliant, but you have some other compliant shell such as ksh or
-# bash, then to run this script, type that shell name before the whole
-# command line, like:
-#
-# ksh Gradle
-#
-# Busybox and similar reduced shells will NOT work, because this script
-# requires all of these POSIX shell features:
-# * functions;
-# * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
-# «${var#prefix}», «${var%suffix}», and «$( cmd )»;
-# * compound commands having a testable exit status, especially «case»;
-# * various built-in commands including «command», «set», and «ulimit».
-#
-# Important for patching:
-#
-# (2) This script targets any POSIX shell, so it avoids extensions provided
-# by Bash, Ksh, etc; in particular arrays are avoided.
-#
-# The "traditional" practice of packing multiple parameters into a
-# space-separated string is a well documented source of bugs and security
-# problems, so this is (mostly) avoided, by progressively accumulating
-# options in "$@", and eventually passing that to Java.
-#
-# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
-# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
-# see the in-line comments for details.
-#
-# There are tweaks for specific operating systems such as AIX, CygWin,
-# Darwin, MinGW, and NonStop.
-#
-# (3) This script is generated from the Groovy template
-# https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
-# within the Gradle project.
-#
-# You can find Gradle at https://github.com/gradle/gradle/.
-#
-##############################################################################
-
-# Attempt to set APP_HOME
-
-# Resolve links: $0 may be a link
-app_path=$0
-
-# Need this for daisy-chained symlinks.
-while
- APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path
- [ -h "$app_path" ]
-do
- ls=$( ls -ld "$app_path" )
- link=${ls#*' -> '}
- case $link in #(
- /*) app_path=$link ;; #(
- *) app_path=$APP_HOME$link ;;
- esac
-done
-
-# This is normally unused
-# shellcheck disable=SC2034
-APP_BASE_NAME=${0##*/}
-APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
-
-# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
-
-# Use the maximum available, or set MAX_FD != -1 to use that value.
-MAX_FD=maximum
-
-warn () {
- echo "$*"
-} >&2
-
-die () {
- echo
- echo "$*"
- echo
- exit 1
-} >&2
-
-# OS specific support (must be 'true' or 'false').
-cygwin=false
-msys=false
-darwin=false
-nonstop=false
-case "$( uname )" in #(
- CYGWIN* ) cygwin=true ;; #(
- Darwin* ) darwin=true ;; #(
- MSYS* | MINGW* ) msys=true ;; #(
- NONSTOP* ) nonstop=true ;;
-esac
-
-CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
-
-
-# Determine the Java command to use to start the JVM.
-if [ -n "$JAVA_HOME" ] ; then
- if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
- # IBM's JDK on AIX uses strange locations for the executables
- JAVACMD=$JAVA_HOME/jre/sh/java
- else
- JAVACMD=$JAVA_HOME/bin/java
- fi
- if [ ! -x "$JAVACMD" ] ; then
- die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
-
-Please set the JAVA_HOME variable in your environment to match the
-location of your Java installation."
- fi
-else
- JAVACMD=java
- which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-
-Please set the JAVA_HOME variable in your environment to match the
-location of your Java installation."
-fi
-
-# Increase the maximum file descriptors if we can.
-if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
- case $MAX_FD in #(
- max*)
- # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
- # shellcheck disable=SC3045
- MAX_FD=$( ulimit -H -n ) ||
- warn "Could not query maximum file descriptor limit"
- esac
- case $MAX_FD in #(
- '' | soft) :;; #(
- *)
- # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
- # shellcheck disable=SC3045
- ulimit -n "$MAX_FD" ||
- warn "Could not set maximum file descriptor limit to $MAX_FD"
- esac
-fi
-
-# Collect all arguments for the java command, stacking in reverse order:
-# * args from the command line
-# * the main class name
-# * -classpath
-# * -D...appname settings
-# * --module-path (only if needed)
-# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
-
-# For Cygwin or MSYS, switch paths to Windows format before running java
-if "$cygwin" || "$msys" ; then
- APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
- CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
-
- JAVACMD=$( cygpath --unix "$JAVACMD" )
-
- # Now convert the arguments - kludge to limit ourselves to /bin/sh
- for arg do
- if
- case $arg in #(
- -*) false ;; # don't mess with options #(
- /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath
- [ -e "$t" ] ;; #(
- *) false ;;
- esac
- then
- arg=$( cygpath --path --ignore --mixed "$arg" )
- fi
- # Roll the args list around exactly as many times as the number of
- # args, so each arg winds up back in the position where it started, but
- # possibly modified.
- #
- # NB: a `for` loop captures its iteration list before it begins, so
- # changing the positional parameters here affects neither the number of
- # iterations, nor the values presented in `arg`.
- shift # remove old arg
- set -- "$@" "$arg" # push replacement arg
- done
-fi
-
-# Collect all arguments for the java command;
-# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
-# shell script including quotes and variable substitutions, so put them in
-# double quotes to make sure that they get re-expanded; and
-# * put everything else in single quotes, so that it's not re-expanded.
-
-set -- \
- "-Dorg.gradle.appname=$APP_BASE_NAME" \
- -classpath "$CLASSPATH" \
- org.gradle.wrapper.GradleWrapperMain \
- "$@"
-
-# Stop when "xargs" is not available.
-if ! command -v xargs >/dev/null 2>&1
-then
- die "xargs is not available"
-fi
-
-# Use "xargs" to parse quoted args.
-#
-# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
-#
-# In Bash we could simply go:
-#
-# readarray ARGS < <( xargs -n1 <<<"$var" ) &&
-# set -- "${ARGS[@]}" "$@"
-#
-# but POSIX shell has neither arrays nor command substitution, so instead we
-# post-process each arg (as a line of input to sed) to backslash-escape any
-# character that might be a shell metacharacter, then use eval to reverse
-# that process (while maintaining the separation between arguments), and wrap
-# the whole thing up as a single "set" statement.
-#
-# This will of course break if any of these variables contains a newline or
-# an unmatched quote.
-#
-
-eval "set -- $(
- printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
- xargs -n1 |
- sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
- tr '\n' ' '
- )" '"$@"'
-
-exec "$JAVACMD" "$@"
diff --git a/apereo-cas/gradlew.bat b/apereo-cas/gradlew.bat
deleted file mode 100644
index 93e3f59..0000000
--- a/apereo-cas/gradlew.bat
+++ /dev/null
@@ -1,92 +0,0 @@
-@rem
-@rem Copyright 2015 the original author or authors.
-@rem
-@rem Licensed under the Apache License, Version 2.0 (the "License");
-@rem you may not use this file except in compliance with the License.
-@rem You may obtain a copy of the License at
-@rem
-@rem https://www.apache.org/licenses/LICENSE-2.0
-@rem
-@rem Unless required by applicable law or agreed to in writing, software
-@rem distributed under the License is distributed on an "AS IS" BASIS,
-@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-@rem See the License for the specific language governing permissions and
-@rem limitations under the License.
-@rem
-
-@if "%DEBUG%"=="" @echo off
-@rem ##########################################################################
-@rem
-@rem Gradle startup script for Windows
-@rem
-@rem ##########################################################################
-
-@rem Set local scope for the variables with windows NT shell
-if "%OS%"=="Windows_NT" setlocal
-
-set DIRNAME=%~dp0
-if "%DIRNAME%"=="" set DIRNAME=.
-@rem This is normally unused
-set APP_BASE_NAME=%~n0
-set APP_HOME=%DIRNAME%
-
-@rem Resolve any "." and ".." in APP_HOME to make it shorter.
-for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
-
-@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
-
-@rem Find java.exe
-if defined JAVA_HOME goto findJavaFromJavaHome
-
-set JAVA_EXE=java.exe
-%JAVA_EXE% -version >NUL 2>&1
-if %ERRORLEVEL% equ 0 goto execute
-
-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
-
-goto fail
-
-:findJavaFromJavaHome
-set JAVA_HOME=%JAVA_HOME:"=%
-set JAVA_EXE=%JAVA_HOME%/bin/java.exe
-
-if exist "%JAVA_EXE%" goto execute
-
-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
-
-goto fail
-
-:execute
-@rem Setup the command line
-
-set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
-
-
-@rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
-
-:end
-@rem End local scope for the variables with windows NT shell
-if %ERRORLEVEL% equ 0 goto mainEnd
-
-:fail
-rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
-rem the _cmd.exe /c_ return code!
-set EXIT_CODE=%ERRORLEVEL%
-if %EXIT_CODE% equ 0 set EXIT_CODE=1
-if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
-exit /b %EXIT_CODE%
-
-:mainEnd
-if "%OS%"=="Windows_NT" endlocal
-
-:omega
diff --git a/apereo-cas/helm/README.md b/apereo-cas/helm/README.md
deleted file mode 100644
index 12b4153..0000000
--- a/apereo-cas/helm/README.md
+++ /dev/null
@@ -1,114 +0,0 @@
-## Helm Chart for CAS
-
-The current helm chart for cas-server demonstrates standing up CAS with a Spring Boot Admin Server.
-The chart functionality will grow over time, hopefully with contributions from real world deployments.
-Eventually it might be nice to support a config-server and have cas-management available.
-The chart supports mapping in arbitrary volumes and cas config can be specified in values files.
-The config could be in cloud config rather than kubernetes config maps, the service registry
-could be in a database, git, or a simple json registry in a kubernetes persistent volume. The ticket registry could use a standard helm chart for redis,
-postgresql, or mongo, etc.
-Currently the chart is attempting to use SSL between ingress controller and the CAS and Boot Admin servers.
-This is probably overkill and involves all the pain that comes with SSL (e.g. trust & hostname verification).
-This chart uses stateful set for CAS rather than a deployment and this may change in the future.
-The bootadmin CAS server discovery method should probably change to "cloud" method eventually.
-
-#### Warning: semver versioning will not be employed until published to a repository.
-
-### Install Kubernetes (Docker for Windows/Mac, Minikube, K3S, Rancher, etc)
-
- - [Docker Desktop](https://www.docker.com/products/docker-desktop)
-
- - [Minikube](https://minikube.sigs.k8s.io/docs/start/)
-
- - [k3s](https://k3s.io/) - Works on linux, very light-weight and easy to install for development
- ```shell script
- curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="server --disable traefik" sh
- # the following export is for helm
- export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
- ./gradlew clean build jibBuildTar --refresh-dependencies
- k3s ctr images import build/jib-image.tar
- k3s ctr images ls | grep cas
- ./gradlew createKeystore
- cd helm
- # create secret for tomcat
- kubectl create secret generic cas-server-keystore --from-file=thekeystore=/etc/cas/thekeystore
- # create secret for ingress controller to use with CAS ingress (nginx-ingress will use default if you don't create)
- ./create-ingress-tls.sh
- # install cas-server helm chart
- helm upgrade --install cas-server ./cas-server
- ```
-
-### Install Helm and Kubectl
-
-Helm v3 and Kubectl are just single binary programs. Kubectl may come with your kubernetes
-installation, but you can download both of programs and put them in your path.
- - Install [Helm](https://helm.sh/docs/intro/install/)
- - Install [Kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/)
-
-### Install ingress controller
-
-CAS helm chart only tested with Kubernetes ingress-nginx, feel free to add support for other ingress controllers.
-
-[Kubernetes Nginx Ingress Installation Guide](https://kubernetes.github.io/ingress-nginx/deploy/)
-
-### Create secret containing keystore
-
-Assuming you have run `./gradlew createKeystore` or put you server keystore in `/etc/cas/thekeystore`,
-run the following to create a secret containing the keystore:
-```shell script
-kubectl create secret generic cas-server-keystore --from-file=thekeystore=/etc/cas/thekeystore
-```
-
-### Install CAS Server helm chart
-
-Helm charts consist of templates which are combined with values from one or more values files
-(and command line set arguments) to produce kubernetes yaml. The templates folder contains a default
-values.yaml that is used by default but additional values files can be specified on the command line.
-The following examples use the `default` namespace but `--namespace cas` can be added to any resources
-created by the helm command to use the specified kubernetes namespace.
-```
-# delete cas-server helm chart install
-helm delete cas-server
-# install cas-server chart
-helm install cas-server ./cas-server
-# install or update cas-server
-helm upgrade --install cas-server ./cas-server
-# use local values file to override defaults
-helm upgrade --install cas-server --values values-local.yaml ./cas-server
-# see kubernetes yaml without installing
-helm upgrade --install cas-server --values values-local.yaml ./cas-server --dry-run --debug
-# sometimes dry-run fails b/c yaml can't convert to json so use template instead to see problem
-helm template cas-server --values values-local.yaml ./cas-server --debug
-```
-
-### Useful `kubectl` Commands
-
-```
-# tail the console logs
-kubectl logs cas-server-0 -f
-# exec into container
-kubectl exec -it cas-server-0 sh
-# bounce CAS pod
-kubectl delete pod cas-server-0
-```
-
-### Browse to CAS
-
-Make sure you have host entries for whatever host is listed in values file for this entry:
-```
-ingress:
- hosts:
- - host: cas.example.org
- paths:
- - "/cas"
- tls:
- - secretName: cas-server-ingress-tls
- hosts:
- - cas.example.org
-```
-
-```
-# host entry
-127.0.0.1 cas.example.org
-```
-Browse to `https://cas.example.org/cas/login`
diff --git a/apereo-cas/helm/cas-server/.helmignore b/apereo-cas/helm/cas-server/.helmignore
deleted file mode 100644
index 0e8a0eb..0000000
--- a/apereo-cas/helm/cas-server/.helmignore
+++ /dev/null
@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/
diff --git a/apereo-cas/helm/cas-server/Chart.yaml b/apereo-cas/helm/cas-server/Chart.yaml
deleted file mode 100644
index c999c35..0000000
--- a/apereo-cas/helm/cas-server/Chart.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-apiVersion: v2
-name: cas-server
-description: A Helm chart for CAS SSO Server
-icon: "https://apereo.github.io/cas/images/cas_logo.png"
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 'latest'
diff --git a/apereo-cas/helm/cas-server/templates/NOTES.txt b/apereo-cas/helm/cas-server/templates/NOTES.txt
deleted file mode 100644
index b97ad96..0000000
--- a/apereo-cas/helm/cas-server/templates/NOTES.txt
+++ /dev/null
@@ -1,31 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if .Values.cas.ingress.enabled }}
-{{- range $host := .Values.cas.ingress.hosts }}
- {{- range .paths }}
- curl -k -v http{{ if $.Values.cas.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}/login
- {{- end }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "cas-server.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "cas-server.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "cas-server.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
- echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cas-server.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
-{{- end }}
-
-{{- if .Values.bootadmin.ingress.enabled }}
-Access boot admin UI via the following URLs:
-{{- range $host := .Values.bootadmin.ingress.hosts }}
- {{- range .paths }}
- curl -k -v http{{ if $.Values.bootadmin.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
- {{- end }}
-{{- end }}
-{{- end }}
-Kubernetes Version: {{ .Capabilities.KubeVersion.Version }}
diff --git a/apereo-cas/helm/cas-server/templates/_helpers.tpl b/apereo-cas/helm/cas-server/templates/_helpers.tpl
deleted file mode 100644
index 9d84280..0000000
--- a/apereo-cas/helm/cas-server/templates/_helpers.tpl
+++ /dev/null
@@ -1,187 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "cas-server.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "cas-server.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create a name for boot admin deployment
-*/}}
-{{- define "cas-server.bootadminname" -}}
-{{- $bootadminsuffix := default "boot-admin" .Values.bootadminSuffixOverride }}
-{{- printf "%s-%s" (include "cas-server.fullname" . | trunc 43 | trimSuffix "-") $bootadminsuffix }}
-{{- end }}
-
-{{/*
-Create a name for cas mgmt deployment
-*/}}
-{{- define "cas-server.mgmtname" -}}
-{{- $mgmtsuffix := default "mgmt" .Values.mgmtSuffixOverride }}
-{{- printf "%s-%s" (include "cas-server.fullname" . | trunc 43 | trimSuffix "-") $mgmtsuffix }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "cas-server.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "cas-server.labels" -}}
-helm.sh/chart: {{ include "cas-server.chart" . }}
-{{ include "cas-server.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "cas-server.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "cas-server.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Bootadmin Selector labels
-*/}}
-{{- define "cas-bootadmin.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "cas-server.bootadminname" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Bootadmin Pod labels
-*/}}
-{{- define "cas-bootadmin.labels" -}}
-cas.server-type: bootadmin
-{{- end }}
-
-{{/*
-CAS Mgmt Selector labels
-*/}}
-{{- define "cas-mgmt.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "cas-server.mgmtname" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-CAS Mgmt Pod labels
-*/}}
-{{- define "cas-mgmt.labels" -}}
-cas.server-type: mgmt
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "cas-server.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "cas-server.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
-
-{{/*
-Return the proper cas-server image name
-*/}}
-{{- define "cas-server.imageName" -}}
-{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
-{{- end -}}
-
-{{/*
-Return the proper cas-server boot admin image name
-*/}}
-{{- define "cas-server.bootadminImageName" -}}
-{{ include "common.images.image" (dict "imageRoot" .Values.bootadminimage "global" .Values.global) }}
-{{- end -}}
-
-{{/*
-Return the proper CAS management image name
-*/}}
-{{- define "cas-server.mgmtImageName" -}}
-{{ include "common.images.image" (dict "imageRoot" .Values.mgmtimage "global" .Values.global) }}
-{{- end -}}
-
-{{/*
-Return the proper image name (for the init container volume-permissions image)
-*/}}
-{{- define "cas-server.volumePermissions.image" -}}
-{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
-{{- end -}}
-
-{{/*
-Return the proper image name
-{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }}
-*/}}
-{{- define "common.images.image" -}}
-{{- $registryName := .imageRoot.registry -}}
-{{- $repositoryName := .imageRoot.repository -}}
-{{- $tag := default "latest" .imageRoot.tag | toString -}}
-{{- if .global }}
- {{- if .global.imageRegistry }}
- {{- $registryName = .global.imageRegistry -}}
- {{- end -}}
-{{- end -}}
-{{- if ne $registryName "" }}
- {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
-{{- else -}}
- {{- printf "%s:%s" $repositoryName $tag -}}
-{{- end -}}
-{{- end -}}
-
-
-{{/*
-Return log directory volume
-*/}}
-{{- define "cas-server.logdir" -}}
-{{- if .Values.logdir.hostPath -}}
-hostPath:
- path: {{ .Values.logdir.hostPath }}
- type: Directory
-{{- else if .Values.logdir.claimName -}}
-persistentVolumeClaim:
- claimName: {{ .Values.logdir.claimName }}
-{{- else -}}
-emptyDir: {}
-{{- end }}
-{{- end -}}
-
-
-{{/*
-Renders a value that contains template.
-Usage:
-{{ include "cas-server.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }}
-*/}}
-{{- define "cas-server.tplvalues.render" -}}
- {{- if typeIs "string" .value }}
- {{- tpl .value .context }}
- {{- else }}
- {{- tpl (.value | toYaml) .context }}
- {{- end }}
-{{- end -}}
diff --git a/apereo-cas/helm/cas-server/templates/bootadmin/configmap.yaml b/apereo-cas/helm/cas-server/templates/bootadmin/configmap.yaml
deleted file mode 100644
index f575636..0000000
--- a/apereo-cas/helm/cas-server/templates/bootadmin/configmap.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-{{- if .Values.bootadmin.enabled -}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "cas-server.bootadminname" . }}-config
- labels: {{- include "cas-server.labels" . | nindent 4 }}
-data:
- {{- include "cas-server.tplvalues.render" (dict "value" .Values.bootAdminContainer.casConfig "context" $) | nindent 2 }}
-{{- end }}
diff --git a/apereo-cas/helm/cas-server/templates/bootadmin/deployment.yaml b/apereo-cas/helm/cas-server/templates/bootadmin/deployment.yaml
deleted file mode 100644
index 30e5eb4..0000000
--- a/apereo-cas/helm/cas-server/templates/bootadmin/deployment.yaml
+++ /dev/null
@@ -1,188 +0,0 @@
-{{- if .Values.bootadmin.enabled -}}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "cas-server.bootadminname" . }}
- labels: {{- include "cas-server.labels" . | nindent 4 }}
-spec:
- replicas: {{ .Values.bootadmin.replicaCount }}
- selector:
- matchLabels:
- {{- include "cas-bootadmin.selectorLabels" . | nindent 6 }}
- template:
- metadata:
- annotations:
- {{- with .Values.podAnnotations }}
- {{- toYaml . | nindent 8 }}
- {{- end }}
- {{ if .Values.bootAdminContainer.alwaysRoll }}
- rollme: {{ randAlphaNum 5 | quote }}
- {{- else }}
- rollme: "rolldisabled"
- {{- end }}
- labels:
- {{- include "cas-bootadmin.selectorLabels" . | nindent 8 }}
- {{- include "cas-bootadmin.labels" . | nindent 8 }}
- spec:
- {{- with .Values.imagePullSecrets }}
- imagePullSecrets:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- serviceAccountName: {{ include "cas-server.serviceAccountName" . }}
- {{- if .Values.podSecurityContext.enabled }}
- securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
- {{- end }}
- volumes:
- {{- range $.Values.bootAdminContainer.casConfigMounts }}
- {{- $configMount := printf "%s-%s" "bootadmin-config" . | replace "." "-" | replace "_" "-" | lower }}
- - name: {{ $configMount | quote }}
- configMap:
- name: {{ include "cas-server.bootadminname" $ }}-config
- defaultMode: 0444
- {{- end }}
- - name: scripts
- configMap:
- name: {{ include "cas-server.fullname" . }}-scripts
- defaultMode: 0555
- {{- if .Values.bootAdminContainer.serverKeystoreExistingSecret }}
- - name: cas-server-keystore
- secret:
- secretName: {{ .Values.bootAdminContainer.serverKeystoreExistingSecret }}
- defaultMode: 0444
- items:
- - key: {{ .Values.bootAdminContainer.serverKeystoreSubPath }}
- path: {{ .Values.bootAdminContainer.serverKeystoreSubPath }}
- {{- end }}
- {{- if .Values.bootAdminContainer.extraVolumes }}
- {{- include "cas-server.tplvalues.render" ( dict "value" .Values.bootAdminContainer.extraVolumes "context" $ ) | nindent 10 }}
- {{- end }}
- containers:
- - name: cas-boot-admin
- {{- if .Values.containerSecurityContext.enabled }}
- securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
- {{- end }}
- image: {{ include "cas-server.bootadminImageName" . }}
- imagePullPolicy: {{ .Values.bootadminimage.pullPolicy }}
- env:
- {{- if .Values.bootAdminContainer.warPath }}
- - name: CAS_BOOTADMIN_WAR
- value: {{ .Values.bootAdminContainer.warPath | quote }}
- {{- end }}
- {{- if .Values.bootAdminContainer.profiles }}
- - name: CAS_SPRING_PROFILES
- value: {{ .Values.bootAdminContainer.profiles | quote }}
- {{- end }}
- {{- if .Values.bootAdminContainer.jvm.maxHeapOpt }}
- - name: MAX_HEAP_OPT
- value: {{ .Values.bootAdminContainer.jvm.maxHeapOpt | quote }}
- {{- end }}
- {{- if .Values.bootAdminContainer.jvm.minHeapOpt }}
- - name: MIN_HEAP_OPT
- value: {{ .Values.bootAdminContainer.jvm.minHeapOpt | quote }}
- {{- end }}
- {{- if .Values.bootAdminContainer.jvm.extraOpts }}
- - name: JVM_EXTRA_OPTS
- value: {{ .Values.bootAdminContainer.jvm.extraOpts | quote }}
- {{- end }}
- - name: JAVA_ENABLE_DEBUG
- value: {{ .Values.bootAdminContainer.jvm.debugEnabled | quote }}
- - name: JAVA_DEBUG_SUSPEND
- value: {{ .Values.bootAdminContainer.jvm.debugSuspend | quote }}
- - name: 'POD_IP'
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- {{- if .Values.bootAdminContainer.extraEnvVars }}
- {{- include "cas-server.tplvalues.render" (dict "value" .Values.bootAdminContainer.extraEnvVars "context" $) | nindent 12 }}
- {{- end }}
- envFrom:
- {{- if .Values.bootAdminContainer.extraEnvVarsConfigMap }}
- - configMapRef:
- name: {{ .Values.bootAdminContainer.extraEnvVarsConfigMap }}
- {{- end }}
- {{- if .Values.bootAdminContainer.extraEnvVarsSecret }}
- - secretRef:
- name: {{ .Values.bootAdminContainer.extraEnvVarsSecret }}
- {{- end }}
- {{- if .Values.bootAdminContainer.command }}
- command: {{- include "cas-server.tplvalues.render" (dict "value" .Values.bootAdminContainer.command "context" $) | nindent 12 }}
- {{- else }}
- command:
- - '/entrypoint.sh'
- {{- end }}
- {{- if .Values.bootAdminContainer.args }}
- args: {{- include "cas-server.tplvalues.render" (dict "value" .Values.bootAdminContainer.args "context" $) | nindent 12 }}
- {{- end }}
- ports:
- - name: https
- containerPort: {{ .Values.bootadmin.listenPortHttps }}
- protocol: TCP
- - name: jvm-debug
- containerPort: {{ .Values.bootadmin.listenPortJvmDebug }}
- protocol: TCP
- volumeMounts:
- {{- range $.Values.bootAdminContainer.casConfigMounts }}
- {{- $configMount := printf "%s-%s" "bootadmin-config" . | replace "." "-" | replace "_" "-" | lower }}
- {{- $configMountPath := printf "%s/%s" "/etc/cas/config" . }}
- - name: {{ $configMount | quote }}
- mountPath: {{ $configMountPath }}
- subPath: {{ . | quote }}
- {{- end }}
- - name: scripts
- mountPath: /entrypoint.sh
- subPath: bootadmin-entrypoint.sh
- {{- if .Values.bootAdminContainer.serverKeystoreExistingSecret }}
- - name: cas-server-keystore
- mountPath: {{ .Values.bootAdminContainer.serverKeystoreMountPath }}
- subPath: {{ .Values.bootAdminContainer.serverKeystoreSubPath }}
- {{- end }}
- {{- if .Values.bootAdminContainer.extraVolumeMounts }}
- {{- include "cas-server.tplvalues.render" ( dict "value" .Values.bootAdminContainer.extraVolumeMounts "context" $ ) | nindent 12 }}
- {{- end }}
- startupProbe:
- httpGet:
- path: {{ .Values.bootAdminContainer.defaultStatusUrl }}
- port: https
- scheme: HTTPS
- {{- if .Values.bootAdminContainer.defaultStatusHeaders }}
- {{- include "cas-server.tplvalues.render" ( dict "value" .Values.bootAdminContainer.defaultStatusHeaders "context" $ ) | nindent 14 }}
- {{- end }}
- failureThreshold: {{ .Values.bootAdminContainer.startupFailureThreshold }}
- periodSeconds: 20
- readinessProbe:
- httpGet:
- path: {{ .Values.bootAdminContainer.defaultStatusUrl }}
- port: https
- scheme: HTTPS
- {{- if .Values.bootAdminContainer.defaultStatusHeaders }}
- {{- include "cas-server.tplvalues.render" ( dict "value" .Values.bootAdminContainer.defaultStatusHeaders "context" $ ) | nindent 14 }}
- {{- end }}
- initialDelaySeconds: {{ .Values.bootAdminContainer.readinessInitialDelaySeconds }}
- periodSeconds: 5
- failureThreshold: {{ .Values.bootAdminContainer.readinessFailureThreshold }}
- livenessProbe:
- httpGet:
- path: {{ .Values.bootAdminContainer.defaultStatusUrl }}
- port: https
- scheme: HTTPS
- {{- if .Values.bootAdminContainer.defaultStatusHeaders }}
- {{- include "cas-server.tplvalues.render" ( dict "value" .Values.bootAdminContainer.defaultStatusHeaders "context" $ ) | nindent 14 }}
- {{- end }}
- initialDelaySeconds: {{ .Values.bootAdminContainer.livenessInitialDelaySeconds }}
- periodSeconds: 15
- failureThreshold: {{ .Values.bootAdminContainer.livenessFailureThreshold }}
- resources:
- {{- toYaml .Values.bootadmin.resources | nindent 12 }}
- {{- with .Values.bootadmin.nodeSelector }}
- nodeSelector:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- {{- with .Values.bootadmin.affinity }}
- affinity:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- {{- with .Values.bootadmin.tolerations }}
- tolerations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
-{{- end }}
diff --git a/apereo-cas/helm/cas-server/templates/bootadmin/ingress.yaml b/apereo-cas/helm/cas-server/templates/bootadmin/ingress.yaml
deleted file mode 100644
index f382ac4..0000000
--- a/apereo-cas/helm/cas-server/templates/bootadmin/ingress.yaml
+++ /dev/null
@@ -1,53 +0,0 @@
-{{- if and .Values.bootadmin.enabled .Values.bootadmin.ingress.enabled -}}
-{{- $fullName := include "cas-server.bootadminname" . -}}
-{{- $svcPort := .Values.bootadmin.service.port -}}
-{{- $kubeVersion := .Capabilities.KubeVersion.Version -}}
-{{- if semverCompare ">=1.19.0" $kubeVersion }}
-apiVersion: networking.k8s.io/v1
-{{- else -}}
-apiVersion: networking.k8s.io/v1beta1
-{{- end }}
-kind: Ingress
-metadata:
- name: {{ $fullName }}
- labels:
- {{- include "cas-server.labels" . | nindent 4 }}
- {{- with .Values.bootadmin.ingress.annotations }}
- annotations:
- {{- toYaml . | nindent 4 }}
- {{- end }}
-spec:
- {{- if .Values.bootadmin.ingress.tls }}
- tls:
- {{- range .Values.bootadmin.ingress.tls }}
- - hosts:
- {{- range .hosts }}
- - {{ . | quote }}
- {{- end }}
- secretName: {{ .secretName }}
- {{- end }}
- {{- end }}
- rules:
- {{- range .Values.bootadmin.ingress.hosts }}
- - host: {{ .host | quote }}
- http:
- paths:
- {{- range .paths }}
- - path: {{ . }}
- {{- if semverCompare ">=1.18.0" $kubeVersion }}
- pathType: Prefix
- {{- end }}
- {{- if semverCompare ">=1.19.0" $kubeVersion }}
- backend:
- service:
- name: {{ $fullName }}
- port:
- number: {{ $svcPort }}
- {{- else }}
- backend:
- serviceName: {{ $fullName }}
- servicePort: {{ $svcPort }}
- {{- end }}
- {{- end }}
- {{- end }}
-{{- end }}
diff --git a/apereo-cas/helm/cas-server/templates/bootadmin/service.yaml b/apereo-cas/helm/cas-server/templates/bootadmin/service.yaml
deleted file mode 100644
index ab3f1a3..0000000
--- a/apereo-cas/helm/cas-server/templates/bootadmin/service.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-{{- if .Values.bootadmin.enabled -}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "cas-server.bootadminname" . }}
- labels:
- {{- include "cas-server.labels" . | nindent 4 }}
-spec:
- type: {{ .Values.bootadmin.service.type }}
- ports:
- - port: {{ .Values.bootadmin.service.port }}
- targetPort: https
- protocol: TCP
- name: https
- selector:
- {{- include "cas-bootadmin.selectorLabels" . | nindent 4 }}
-{{- end }}
diff --git a/apereo-cas/helm/cas-server/templates/casconfig-configmap.yaml b/apereo-cas/helm/cas-server/templates/casconfig-configmap.yaml
deleted file mode 100644
index 3f12168..0000000
--- a/apereo-cas/helm/cas-server/templates/casconfig-configmap.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "cas-server.fullname" . }}-casconfig
- labels: {{- include "cas-server.labels" . | nindent 4 }}
-data:
- {{- include "cas-server.tplvalues.render" (dict "value" .Values.casServerContainer.casConfig "context" $) | nindent 2 }}
diff --git a/apereo-cas/helm/cas-server/templates/ingress.yaml b/apereo-cas/helm/cas-server/templates/ingress.yaml
deleted file mode 100644
index b17da9e..0000000
--- a/apereo-cas/helm/cas-server/templates/ingress.yaml
+++ /dev/null
@@ -1,53 +0,0 @@
-{{- if .Values.cas.ingress.enabled -}}
-{{- $fullName := include "cas-server.fullname" . -}}
-{{- $svcPort := .Values.cas.service.port -}}
-{{- $kubeVersion := .Capabilities.KubeVersion.Version -}}
-{{- if semverCompare ">=1.19.0" $kubeVersion }}
-apiVersion: networking.k8s.io/v1
-{{- else -}}
-apiVersion: networking.k8s.io/v1beta1
-{{- end }}
-kind: Ingress
-metadata:
- name: {{ $fullName }}
- labels:
- {{- include "cas-server.labels" . | nindent 4 }}
- {{- with .Values.cas.ingress.annotations }}
- annotations:
- {{- toYaml . | nindent 4 }}
- {{- end }}
-spec:
- {{- if .Values.cas.ingress.tls }}
- tls:
- {{- range .Values.cas.ingress.tls }}
- - hosts:
- {{- range .hosts }}
- - {{ . | quote }}
- {{- end }}
- secretName: {{ .secretName }}
- {{- end }}
- {{- end }}
- rules:
- {{- range .Values.cas.ingress.hosts }}
- - host: {{ .host | quote }}
- http:
- paths:
- {{- range .paths }}
- - path: {{ . }}
- {{- if semverCompare ">=1.18.0" $kubeVersion }}
- pathType: Prefix
- {{- end }}
- {{- if semverCompare ">=1.19.0" $kubeVersion }}
- backend:
- service:
- name: {{ $fullName }}
- port:
- number: {{ $svcPort }}
- {{- else }}
- backend:
- serviceName: {{ $fullName }}
- servicePort: {{ $svcPort }}
- {{- end }}
- {{- end }}
- {{- end }}
- {{- end }}
diff --git a/apereo-cas/helm/cas-server/templates/mgmt/configmap.yaml b/apereo-cas/helm/cas-server/templates/mgmt/configmap.yaml
deleted file mode 100644
index 8dafa98..0000000
--- a/apereo-cas/helm/cas-server/templates/mgmt/configmap.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-{{- if .Values.mgmt.enabled -}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "cas-server.mgmtname" . }}-config
- labels: {{- include "cas-server.labels" . | nindent 4 }}
-data:
- {{- include "cas-server.tplvalues.render" (dict "value" .Values.mgmtContainer.casConfig "context" $) | nindent 2 }}
-{{- end }}
diff --git a/apereo-cas/helm/cas-server/templates/mgmt/deployment.yaml b/apereo-cas/helm/cas-server/templates/mgmt/deployment.yaml
deleted file mode 100644
index 0287e5f..0000000
--- a/apereo-cas/helm/cas-server/templates/mgmt/deployment.yaml
+++ /dev/null
@@ -1,188 +0,0 @@
-{{- if .Values.mgmt.enabled -}}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "cas-server.mgmtname" . }}
- labels: {{- include "cas-server.labels" . | nindent 4 }}
-spec:
- replicas: {{ .Values.mgmt.replicaCount }}
- selector:
- matchLabels:
- {{- include "cas-mgmt.selectorLabels" . | nindent 6 }}
- template:
- metadata:
- annotations:
- {{- with .Values.podAnnotations }}
- {{- toYaml . | nindent 8 }}
- {{- end }}
- {{ if .Values.mgmtContainer.alwaysRoll }}
- rollme: {{ randAlphaNum 5 | quote }}
- {{- else }}
- rollme: "rolldisabled"
- {{- end }}
- labels:
- {{- include "cas-mgmt.selectorLabels" . | nindent 8 }}
- {{- include "cas-mgmt.labels" . | nindent 8 }}
- spec:
- {{- with .Values.imagePullSecrets }}
- imagePullSecrets:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- serviceAccountName: {{ include "cas-server.serviceAccountName" . }}
- {{- if .Values.podSecurityContext.enabled }}
- securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
- {{- end }}
- volumes:
- {{- range $.Values.mgmtContainer.casConfigMounts }}
- {{- $configMount := printf "%s-%s" "mgmt-config" . | replace "." "-" | replace "_" "-" | lower }}
- - name: {{ $configMount | quote }}
- configMap:
- name: {{ include "cas-server.mgmtname" $ }}-config
- defaultMode: 0444
- {{- end }}
- - name: scripts
- configMap:
- name: {{ include "cas-server.fullname" . }}-scripts
- defaultMode: 0555
- {{- if .Values.mgmtContainer.serverKeystoreExistingSecret }}
- - name: cas-server-keystore
- secret:
- secretName: {{ .Values.mgmtContainer.serverKeystoreExistingSecret }}
- defaultMode: 0444
- items:
- - key: {{ .Values.mgmtContainer.serverKeystoreSubPath }}
- path: {{ .Values.mgmtContainer.serverKeystoreSubPath }}
- {{- end }}
- {{- if .Values.mgmtContainer.extraVolumes }}
- {{- include "cas-server.tplvalues.render" ( dict "value" .Values.mgmtContainer.extraVolumes "context" $ ) | nindent 10 }}
- {{- end }}
- containers:
- - name: cas-mgmt
- {{- if .Values.containerSecurityContext.enabled }}
- securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
- {{- end }}
- image: {{ include "cas-server.mgmtImageName" . }}
- imagePullPolicy: {{ .Values.mgmtimage.pullPolicy }}
- env:
- {{- if .Values.mgmtContainer.warPath }}
- - name: CAS_MGMT_WAR
- value: {{ .Values.mgmtContainer.warPath | quote }}
- {{- end }}
- {{- if .Values.mgmtContainer.profiles }}
- - name: CAS_SPRING_PROFILES
- value: {{ .Values.mgmtContainer.profiles | quote }}
- {{- end }}
- {{- if .Values.mgmtContainer.jvm.maxHeapOpt }}
- - name: MAX_HEAP_OPT
- value: {{ .Values.mgmtContainer.jvm.maxHeapOpt | quote }}
- {{- end }}
- {{- if .Values.mgmtContainer.jvm.minHeapOpt }}
- - name: MIN_HEAP_OPT
- value: {{ .Values.mgmtContainer.jvm.minHeapOpt | quote }}
- {{- end }}
- {{- if .Values.mgmtContainer.jvm.extraOpts }}
- - name: JVM_EXTRA_OPTS
- value: {{ .Values.mgmtContainer.jvm.extraOpts | quote }}
- {{- end }}
- - name: JAVA_ENABLE_DEBUG
- value: {{ .Values.mgmtContainer.jvm.debugEnabled | quote }}
- - name: JAVA_DEBUG_SUSPEND
- value: {{ .Values.mgmtContainer.jvm.debugSuspend | quote }}
- - name: 'POD_IP'
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- {{- if .Values.mgmtContainer.extraEnvVars }}
- {{- include "cas-server.tplvalues.render" (dict "value" .Values.mgmtContainer.extraEnvVars "context" $) | nindent 12 }}
- {{- end }}
- envFrom:
- {{- if .Values.mgmtContainer.extraEnvVarsConfigMap }}
- - configMapRef:
- name: {{ .Values.mgmtContainer.extraEnvVarsConfigMap }}
- {{- end }}
- {{- if .Values.mgmtContainer.extraEnvVarsSecret }}
- - secretRef:
- name: {{ .Values.mgmtContainer.extraEnvVarsSecret }}
- {{- end }}
- {{- if .Values.mgmtContainer.command }}
- command: {{- include "cas-server.tplvalues.render" (dict "value" .Values.mgmtContainer.command "context" $) | nindent 12 }}
- {{- else }}
- command:
- - '/entrypoint.sh'
- {{- end }}
- {{- if .Values.mgmtContainer.args }}
- args: {{- include "cas-server.tplvalues.render" (dict "value" .Values.mgmtContainer.args "context" $) | nindent 12 }}
- {{- end }}
- ports:
- - name: https
- containerPort: {{ .Values.mgmt.listenPortHttps }}
- protocol: TCP
- - name: jvm-debug
- containerPort: {{ .Values.mgmt.listenPortJvmDebug }}
- protocol: TCP
- volumeMounts:
- {{- range $.Values.mgmtContainer.casConfigMounts }}
- {{- $configMount := printf "%s-%s" "mgmt-config" . | replace "." "-" | replace "_" "-" | lower }}
- {{- $configMountPath := printf "%s/%s" "/etc/cas/config" . }}
- - name: {{ $configMount | quote }}
- mountPath: {{ $configMountPath }}
- subPath: {{ . | quote }}
- {{- end }}
- - name: scripts
- mountPath: /entrypoint.sh
- subPath: mgmt-entrypoint.sh
- {{- if .Values.mgmtContainer.serverKeystoreExistingSecret }}
- - name: cas-server-keystore
- mountPath: {{ .Values.mgmtContainer.serverKeystoreMountPath }}
- subPath: {{ .Values.mgmtContainer.serverKeystoreSubPath }}
- {{- end }}
- {{- if .Values.mgmtContainer.extraVolumeMounts }}
- {{- include "cas-server.tplvalues.render" ( dict "value" .Values.mgmtContainer.extraVolumeMounts "context" $ ) | nindent 12 }}
- {{- end }}
- startupProbe:
- httpGet:
- path: {{ .Values.mgmtContainer.defaultStatusUrl }}
- port: https
- scheme: HTTPS
- {{- if .Values.mgmtContainer.defaultStatusHeaders }}
- {{- include "cas-server.tplvalues.render" ( dict "value" .Values.mgmtContainer.defaultStatusHeaders "context" $ ) | nindent 14 }}
- {{- end }}
- failureThreshold: {{ .Values.mgmtContainer.startupFailureThreshold }}
- periodSeconds: 20
- readinessProbe:
- httpGet:
- path: {{ .Values.mgmtContainer.defaultStatusUrl }}
- port: https
- scheme: HTTPS
- {{- if .Values.mgmtContainer.defaultStatusHeaders }}
- {{- include "cas-server.tplvalues.render" ( dict "value" .Values.mgmtContainer.defaultStatusHeaders "context" $ ) | nindent 14 }}
- {{- end }}
- initialDelaySeconds: {{ .Values.mgmtContainer.readinessInitialDelaySeconds }}
- periodSeconds: 5
- failureThreshold: {{ .Values.mgmtContainer.readinessFailureThreshold }}
- livenessProbe:
- httpGet:
- path: {{ .Values.mgmtContainer.defaultStatusUrl }}
- port: https
- scheme: HTTPS
- {{- if .Values.mgmtContainer.defaultStatusHeaders }}
- {{- include "cas-server.tplvalues.render" ( dict "value" .Values.mgmtContainer.defaultStatusHeaders "context" $ ) | nindent 14 }}
- {{- end }}
- initialDelaySeconds: {{ .Values.mgmtContainer.livenessInitialDelaySeconds }}
- periodSeconds: 15
- failureThreshold: {{ .Values.mgmtContainer.livenessFailureThreshold }}
- resources:
- {{- toYaml .Values.mgmt.resources | nindent 12 }}
- {{- with .Values.mgmt.nodeSelector }}
- nodeSelector:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- {{- with .Values.mgmt.affinity }}
- affinity:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- {{- with .Values.mgmt.tolerations }}
- tolerations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
-{{- end }}
diff --git a/apereo-cas/helm/cas-server/templates/mgmt/ingress.yaml b/apereo-cas/helm/cas-server/templates/mgmt/ingress.yaml
deleted file mode 100644
index 5bb272e..0000000
--- a/apereo-cas/helm/cas-server/templates/mgmt/ingress.yaml
+++ /dev/null
@@ -1,53 +0,0 @@
-{{- if and .Values.mgmt.enabled .Values.mgmt.ingress.enabled -}}
-{{- $fullName := include "cas-server.mgmtname" . -}}
-{{- $svcPort := .Values.mgmt.service.port -}}
-{{- $kubeVersion := .Capabilities.KubeVersion.Version -}}
-{{- if semverCompare ">=1.19.0" $kubeVersion }}
-apiVersion: networking.k8s.io/v1
-{{- else -}}
-apiVersion: networking.k8s.io/v1beta1
-{{- end }}
-kind: Ingress
-metadata:
- name: {{ $fullName }}
- labels:
- {{- include "cas-server.labels" . | nindent 4 }}
- {{- with .Values.mgmt.ingress.annotations }}
- annotations:
- {{- toYaml . | nindent 4 }}
- {{- end }}
-spec:
- {{- if .Values.mgmt.ingress.tls }}
- tls:
- {{- range .Values.mgmt.ingress.tls }}
- - hosts:
- {{- range .hosts }}
- - {{ . | quote }}
- {{- end }}
- secretName: {{ .secretName }}
- {{- end }}
- {{- end }}
- rules:
- {{- range .Values.mgmt.ingress.hosts }}
- - host: {{ .host | quote }}
- http:
- paths:
- {{- range .paths }}
- - path: {{ . }}
- {{- if semverCompare ">=1.18.0" $kubeVersion }}
- pathType: Prefix
- {{- end }}
- {{- if semverCompare ">=1.19.0" $kubeVersion }}
- backend:
- service:
- name: {{ $fullName }}
- port:
- number: {{ $svcPort }}
- {{- else }}
- backend:
- serviceName: {{ $fullName }}
- servicePort: {{ $svcPort }}
- {{- end }}
- {{- end }}
- {{- end }}
-{{- end }}
diff --git a/apereo-cas/helm/cas-server/templates/mgmt/service.yaml b/apereo-cas/helm/cas-server/templates/mgmt/service.yaml
deleted file mode 100644
index 0b1b942..0000000
--- a/apereo-cas/helm/cas-server/templates/mgmt/service.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-{{- if .Values.mgmt.enabled -}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "cas-server.mgmtname" . }}
- labels:
- {{- include "cas-server.labels" . | nindent 4 }}
-spec:
- type: {{ .Values.mgmt.service.type }}
- ports:
- - port: {{ .Values.mgmt.service.port }}
- targetPort: https
- protocol: TCP
- name: https
- selector:
- {{- include "cas-mgmt.selectorLabels" . | nindent 4 }}
-{{- end }}
diff --git a/apereo-cas/helm/cas-server/templates/role.yaml b/apereo-cas/helm/cas-server/templates/role.yaml
deleted file mode 100644
index 3522656..0000000
--- a/apereo-cas/helm/cas-server/templates/role.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-{{- if .Values.rbac.create -}}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: {{ include "cas-server.fullname" . }}
- labels:
- {{- include "cas-server.labels" . | nindent 4 }}
-rules:
-- apiGroups: ["", "extensions", "apps"]
- resources: ["configmaps", "pods", "services", "endpoints", "secrets"]
- verbs: ["get", "list", "watch"]
-{{- end -}}
diff --git a/apereo-cas/helm/cas-server/templates/rolebinding.yaml b/apereo-cas/helm/cas-server/templates/rolebinding.yaml
deleted file mode 100644
index efbd546..0000000
--- a/apereo-cas/helm/cas-server/templates/rolebinding.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-{{- if .Values.rbac.create -}}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: {{ include "cas-server.fullname" . }}
- labels:
- {{- include "cas-server.labels" . | nindent 4 }}
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: {{ include "cas-server.fullname" . }}
-subjects:
-- kind: ServiceAccount
- name: {{ template "cas-server.serviceAccountName" . }}
- namespace: {{ .Release.Namespace }}
-{{ end }}
diff --git a/apereo-cas/helm/cas-server/templates/script-configmap.yaml b/apereo-cas/helm/cas-server/templates/script-configmap.yaml
deleted file mode 100644
index dc1cd98..0000000
--- a/apereo-cas/helm/cas-server/templates/script-configmap.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "cas-server.fullname" . }}-scripts
- labels: {{- include "cas-server.labels" . | nindent 4 }}
-data:
- entrypoint.sh: |-
- #!/bin/sh
- echo Working Directory: $(pwd)
- # Set debug options if required
- JAVA_DEBUG_ARGS=
- if [ "${JAVA_ENABLE_DEBUG}" == "true" ]; then
- JAVA_DEBUG_ARGS="-agentlib:jdwp=transport=dt_socket,server=y,suspend=${JAVA_DEBUG_SUSPEND:-n},address=${JAVA_DEBUG_PORT:-5005}"
- echo "Run the following to forward local port to pod:"
- echo "kubectl port-forward $HOSTNAME ${JAVA_DEBUG_PORT:-5005}:${JAVA_DEBUG_PORT:-5005}"
- fi
- PROFILE_OPT=
- if [ ! -z $CAS_SPRING_PROFILES ]; then
- PROFILE_OPT="--spring.profiles.active=$CAS_SPRING_PROFILES"
- fi
- echo java -server -noverify $JAVA_DEBUG_ARGS $MAX_HEAP_OPT $NEW_HEAP_OPT $JVM_EXTRA_OPTS -jar $CAS_WAR $PROFILE_OPT $@
- exec java -server -noverify $JAVA_DEBUG_ARGS $MAX_HEAP_OPT $NEW_HEAP_OPT $JVM_EXTRA_OPTS -jar $CAS_WAR $PROFILE_OPT $@
- bootadmin-entrypoint.sh: |-
- #!/bin/sh
- echo Working Directory: $(pwd)
- # Set debug options if required
- JAVA_DEBUG_ARGS=
- if [ "${JAVA_ENABLE_DEBUG}" == "true" ]; then
- echo "Run the following to forward local port to pod:"
- echo "kubectl port-forward $HOSTNAME ${JAVA_DEBUG_PORT:-5005}:${JAVA_DEBUG_PORT:-5005}"
- JAVA_DEBUG_ARGS="-agentlib:jdwp=transport=dt_socket,server=y,suspend=${JAVA_DEBUG_SUSPEND:-n},address=${JAVA_DEBUG_PORT:-5005}"
- fi
- PROFILE_OPT=
- if [ ! -z $CAS_SPRING_PROFILES ]; then
- PROFILE_OPT="--spring.profiles.active=$CAS_SPRING_PROFILES"
- fi
- echo java -server -noverify $JAVA_DEBUG_ARGS $MAX_HEAP_OPT $NEW_HEAP_OPT $JVM_EXTRA_OPTS -jar $CAS_BOOTADMIN_WAR $PROFILE_OPT $@
- exec java -server -noverify $JAVA_DEBUG_ARGS $MAX_HEAP_OPT $NEW_HEAP_OPT $JVM_EXTRA_OPTS -jar $CAS_BOOTADMIN_WAR $PROFILE_OPT $@
- mgmt-entrypoint.sh: |-
- #!/bin/sh
- echo Working Directory: $(pwd)
- # Set debug options if required
- JAVA_DEBUG_ARGS=
- if [ "${JAVA_ENABLE_DEBUG}" == "true" ]; then
- echo "Run the following to forward local port to pod:"
- echo "kubectl port-forward $HOSTNAME ${JAVA_DEBUG_PORT:-5005}:${JAVA_DEBUG_PORT:-5005}"
- JAVA_DEBUG_ARGS="-agentlib:jdwp=transport=dt_socket,server=y,suspend=${JAVA_DEBUG_SUSPEND:-n},address=${JAVA_DEBUG_PORT:-5005}"
- fi
- PROFILE_OPT=
- if [ ! -z $CAS_SPRING_PROFILES ]; then
- PROFILE_OPT="--spring.profiles.active=$CAS_SPRING_PROFILES"
- fi
- echo java -server -noverify $JAVA_DEBUG_ARGS $MAX_HEAP_OPT $NEW_HEAP_OPT $JVM_EXTRA_OPTS -jar $CAS_MGMT_WAR $PROFILE_OPT $@
- exec java -server -noverify $JAVA_DEBUG_ARGS $MAX_HEAP_OPT $NEW_HEAP_OPT $JVM_EXTRA_OPTS -jar $CAS_MGMT_WAR $PROFILE_OPT $@
diff --git a/apereo-cas/helm/cas-server/templates/service.yaml b/apereo-cas/helm/cas-server/templates/service.yaml
deleted file mode 100644
index 92a069a..0000000
--- a/apereo-cas/helm/cas-server/templates/service.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "cas-server.fullname" . }}
- labels:
- {{- include "cas-server.labels" . | nindent 4 }}
-spec:
- type: {{ .Values.cas.service.type }}
- ports:
- - port: {{ .Values.cas.service.port }}
- targetPort: https
- protocol: TCP
- name: https
- selector:
- {{- include "cas-server.selectorLabels" . | nindent 4 }}
diff --git a/apereo-cas/helm/cas-server/templates/serviceaccount.yaml b/apereo-cas/helm/cas-server/templates/serviceaccount.yaml
deleted file mode 100644
index 3fef810..0000000
--- a/apereo-cas/helm/cas-server/templates/serviceaccount.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: {{ include "cas-server.serviceAccountName" . }}
- labels:
- {{- include "cas-server.labels" . | nindent 4 }}
- {{- with .Values.serviceAccount.annotations }}
- annotations:
- {{- toYaml . | nindent 4 }}
- {{- end }}
-{{- end }}
diff --git a/apereo-cas/helm/cas-server/templates/statefulset.yaml b/apereo-cas/helm/cas-server/templates/statefulset.yaml
deleted file mode 100644
index 595449f..0000000
--- a/apereo-cas/helm/cas-server/templates/statefulset.yaml
+++ /dev/null
@@ -1,263 +0,0 @@
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "cas-server.fullname" . }}
- labels: {{- include "cas-server.labels" . | nindent 4 }}
-spec:
- replicas: {{ .Values.replicaCount }}
- updateStrategy:
- type: {{ .Values.updateStrategy | quote}}
- serviceName: {{ include "cas-server.fullname" . }}
- podManagementPolicy: {{ .Values.podManagementPolicy | quote}}
- selector:
- matchLabels:
- {{- include "cas-server.selectorLabels" . | nindent 6 }}
- template:
- metadata:
- annotations:
- {{- with .Values.podAnnotations }}
- {{- toYaml . | nindent 8 }}
- {{- end }}
- {{ if .Values.casServerContainer.alwaysRoll }}
- rollme: {{ randAlphaNum 5 | quote }}
- {{- else }}
- rollme: "rolldisabled"
- {{- end }}
- labels:
- {{- include "cas-server.selectorLabels" . | nindent 8 }}
- spec:
- {{- with .Values.imagePullSecrets }}
- imagePullSecrets:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- serviceAccountName: {{ include "cas-server.serviceAccountName" . }}
- {{- if .Values.podSecurityContext.enabled }}
- securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
- {{- end }}
- volumes:
- {{- range $.Values.casServerContainer.casConfigMounts }}
- {{- $configMount := printf "%s-%s" "cas-config" . | replace "." "-" | replace "_" "-" | lower }}
- - name: {{ $configMount | quote }}
- configMap:
- name: {{ include "cas-server.fullname" $ }}-casconfig
- defaultMode: 0644
- {{- end }}
- - name: scripts
- configMap:
- name: {{ include "cas-server.fullname" . }}-scripts
- defaultMode: 0755
- - name: logdir
- {{- include "cas-server.logdir" . | nindent 10 }}
- {{- if .Values.casServerContainer.serverKeystoreExistingSecret }}
- - name: cas-server-keystore
- secret:
- secretName: {{ .Values.casServerContainer.serverKeystoreExistingSecret }}
- defaultMode: 0444
- items:
- - key: {{ .Values.casServerContainer.serverKeystoreSubPath }}
- path: {{ .Values.casServerContainer.serverKeystoreSubPath }}
- {{- end }}
- {{- if .Values.casServerContainer.extraVolumes }}
- {{- include "cas-server.tplvalues.render" ( dict "value" .Values.casServerContainer.extraVolumes "context" $ ) | nindent 8 }}
- {{- end }}
- {{- if or .Values.casServerContainer.initContainers (and .Values.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.persistence.enabled) }}
- initContainers:
- {{- if and .Values.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.persistence.enabled }}
- - name: volume-permissions
- image: {{ include "cas-server.volumePermissions.image" . }}
- imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
- command:
- - /bin/sh
- - -cx
- - |
- {{- if .Values.persistence.enabled }}
- {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
- chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }}
- {{- else }}
- chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ .Values.persistence.mountPath }}
- {{- end }}
- mkdir -p {{ .Values.persistence.mountPath }}/data
- chmod 700 {{ .Values.persistence.mountPath }}/data
- find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \
- {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
- xargs chown -R `id -u`:`id -G | cut -d " " -f2`
- {{- else }}
- xargs chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}
- {{- end }}
- {{- end }}
- {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
- securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }}
- {{- else }}
- securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }}
- {{- end }}
- {{- if .Values.volumePermissions.resources }}
- resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
- {{- end }}
- volumeMounts:
- - name: data
- mountPath: {{ .Values.persistence.mountPath }}
- {{- end }}
- {{- if .Values.casServerContainer.initContainers }}
- {{- include "cas-server.tplvalues.render" (dict "value" .Values.casServerContainer.initContainers "context" $) | nindent 8 }}
- {{- end }}
- {{- end }}
- containers:
- - name: {{ .Chart.Name }}
- {{- if .Values.containerSecurityContext.enabled }}
- securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
- {{- end }}
- image: {{ include "cas-server.imageName" . }}
- imagePullPolicy: {{ .Values.image.pullPolicy }}
- env:
- {{- if .Values.casServerContainer.warPath }}
- - name: CAS_WAR
- value: {{ .Values.casServerContainer.warPath | quote }}
- {{- end }}
- {{- if .Values.casServerContainer.profiles }}
- - name: CAS_SPRING_PROFILES
- value: {{ .Values.casServerContainer.profiles | quote }}
- {{- end }}
- {{- if .Values.casServerContainer.jvm.maxHeapOpt }}
- - name: MAX_HEAP_OPT
- value: {{ .Values.casServerContainer.jvm.maxHeapOpt | quote }}
- {{- end }}
- {{- if .Values.casServerContainer.jvm.minHeapOpt }}
- - name: MIN_HEAP_OPT
- value: {{ .Values.casServerContainer.jvm.minHeapOpt | quote }}
- {{- end }}
- {{- if .Values.casServerContainer.jvm.extraOpts }}
- - name: JVM_EXTRA_OPTS
- value: {{ .Values.casServerContainer.jvm.extraOpts | quote }}
- {{- end }}
- - name: JAVA_ENABLE_DEBUG
- value: {{ .Values.casServerContainer.jvm.debugEnabled | quote }}
- - name: JAVA_DEBUG_SUSPEND
- value: {{ .Values.casServerContainer.jvm.debugSuspend | quote }}
- - name: 'KUBERNETES_NAMESPACE' # used by org.apache.catalina.tribes.membership.cloud.CloudMembershipProvider
- value: {{ .Release.Namespace }}
- - name: 'POD_IP'
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- {{- if .Values.casServerContainer.extraEnvVars }}
- {{- include "cas-server.tplvalues.render" (dict "value" .Values.casServerContainer.extraEnvVars "context" $) | nindent 12 }}
- {{- end }}
- envFrom:
- {{- if .Values.casServerContainer.extraEnvVarsConfigMap }}
- - configMapRef:
- name: {{ .Values.casServerContainer.extraEnvVarsConfigMap }}
- {{- end }}
- {{- if .Values.casServerContainer.extraEnvVarsSecret }}
- - secretRef:
- name: {{ .Values.casServerContainer.extraEnvVarsSecret }}
- {{- end }}
- {{- if .Values.casServerContainer.command }}
- command: {{- include "cas-server.tplvalues.render" (dict "value" .Values.casServerContainer.command "context" $) | nindent 12 }}
- {{- else }}
- command:
- - '/entrypoint.sh'
- {{- end }}
- {{- if .Values.casServerContainer.args }}
- args: {{- include "cas-server.tplvalues.render" (dict "value" .Values.casServerContainer.args "context" $) | nindent 12 }}
- {{- end }}
- ports:
- - name: https
- containerPort: {{ .Values.cas.listenPortHttps }}
- protocol: TCP
- - name: jvm-debug
- containerPort: {{ .Values.cas.listenPortJvmDebug }}
- protocol: TCP
- volumeMounts:
- {{- if .Values.persistence.enabled }}
- - name: data
- mountPath: {{ .Values.persistence.mountPath }}
- {{- end }}
- {{- range $.Values.casServerContainer.casConfigMounts }}
- {{- $configMount := printf "%s-%s" "cas-config" . | replace "." "-" | replace "_" "-" | lower }}
- {{- $configMountPath := printf "%s/%s" "/etc/cas/config" . }}
- - name: {{ $configMount | quote }}
- mountPath: {{ $configMountPath }}
- subPath: {{ . | quote }}
- {{- end }}
- - name: scripts
- mountPath: /entrypoint.sh
- subPath: entrypoint.sh
- - name: logdir
- mountPath: {{ .Values.logdir.mountPath }}
- {{- if .Values.casServerContainer.serverKeystoreExistingSecret }}
- - name: cas-server-keystore
- mountPath: {{ .Values.casServerContainer.serverKeystoreMountPath }}
- subPath: {{ .Values.casServerContainer.serverKeystoreSubPath }}
- {{- end }}
- {{- if .Values.casServerContainer.extraVolumeMounts }}
- {{- include "cas-server.tplvalues.render" ( dict "value" .Values.casServerContainer.extraVolumeMounts "context" $ ) | nindent 12 }}
- {{- end }}
- startupProbe:
- httpGet:
- path: {{ .Values.casServerContainer.defaultStatusUrl }}
- port: https
- scheme: HTTPS
- {{- if .Values.casServerContainer.defaultStatusHeaders }}
- {{- include "cas-server.tplvalues.render" ( dict "value" .Values.casServerContainer.defaultStatusHeaders "context" $ ) | nindent 14 }}
- {{- end }}
- failureThreshold: {{ .Values.casServerContainer.startupFailureThreshold }}
- periodSeconds: 20
- readinessProbe:
- httpGet:
- path: {{ .Values.casServerContainer.defaultStatusUrl }}
- port: https
- scheme: HTTPS
- {{- if .Values.casServerContainer.defaultStatusHeaders }}
- {{- include "cas-server.tplvalues.render" ( dict "value" .Values.casServerContainer.defaultStatusHeaders "context" $ ) | nindent 14 }}
- {{- end }}
- initialDelaySeconds: {{ .Values.casServerContainer.readinessInitialDelaySeconds }}
- periodSeconds: 5
- failureThreshold: {{ .Values.casServerContainer.readinessFailureThreshold }}
- livenessProbe:
- httpGet:
- path: {{ .Values.casServerContainer.defaultStatusUrl }}
- port: https
- scheme: HTTPS
- {{- if .Values.casServerContainer.defaultStatusHeaders }}
- {{- include "cas-server.tplvalues.render" ( dict "value" .Values.casServerContainer.defaultStatusHeaders "context" $ ) | nindent 14 }}
- {{- end }}
- initialDelaySeconds: {{ .Values.casServerContainer.livenessInitialDelaySeconds }}
- periodSeconds: 15
- failureThreshold: {{ .Values.casServerContainer.livenessFailureThreshold }}
- resources:
- {{- toYaml .Values.resources | nindent 12 }}
- {{- with .Values.nodeSelector }}
- nodeSelector:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- {{- with .Values.affinity }}
- affinity:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- {{- with .Values.tolerations }}
- tolerations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
-{{- if .Values.persistence.enabled }}
- volumeClaimTemplates:
- - metadata:
- name: data
- {{- with .Values.persistence.annotations }}
- annotations:
- {{- range $key, $value := . }}
- {{ $key }}: {{ $value }}
- {{- end }}
- {{- end }}
- spec:
- accessModes:
- {{- range .Values.persistence.accessModes }}
- - {{ . | quote }}
- {{- end }}
- resources:
- requests:
- storage: {{ .Values.persistence.size | quote }}
- storageClassName: {{ .Values.persistence.storageClassName | quote }}
- {{- if .Values.persistence.selector }}
- selector: {{- include "cas-server.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 10 }}
- {{- end -}}
-{{- end }}
\ No newline at end of file
diff --git a/apereo-cas/helm/cas-server/templates/tests/test-bootadmin.yaml b/apereo-cas/helm/cas-server/templates/tests/test-bootadmin.yaml
deleted file mode 100644
index 30271e6..0000000
--- a/apereo-cas/helm/cas-server/templates/tests/test-bootadmin.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
- name: "{{ include "cas-server.bootadminname" . }}-test"
- labels:
- {{- include "cas-server.labels" . | nindent 4 }}
- annotations:
- "helm.sh/hook": test-success
-spec:
- containers:
- - name: wget
- image: alpine
- command: ['wget']
- args: [ '--no-check-certificate', 'https://{{ include "cas-server.bootadminname" . }}:{{ .Values.bootadmin.service.port }}{{ .Values.bootAdminContainer.defaultStatusUrl }}' ]
- restartPolicy: Never
-
diff --git a/apereo-cas/helm/cas-server/templates/tests/test-cas-server.yaml b/apereo-cas/helm/cas-server/templates/tests/test-cas-server.yaml
deleted file mode 100644
index 2ca0f14..0000000
--- a/apereo-cas/helm/cas-server/templates/tests/test-cas-server.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
- name: "{{ include "cas-server.fullname" . }}-test"
- labels:
- {{- include "cas-server.labels" . | nindent 4 }}
- annotations:
- "helm.sh/hook": test-success
-spec:
- containers:
- - name: wget
- image: alpine
- command: ['wget']
- args: [ '--no-check-certificate', 'https://{{ include "cas-server.fullname" . }}:{{ .Values.cas.service.port }}{{ .Values.casServerContainer.defaultStatusUrl }}' ]
- restartPolicy: Never
-
diff --git a/apereo-cas/helm/cas-server/values.yaml b/apereo-cas/helm/cas-server/values.yaml
deleted file mode 100644
index f0c34a4..0000000
--- a/apereo-cas/helm/cas-server/values.yaml
+++ /dev/null
@@ -1,782 +0,0 @@
-# Default values for cas-server.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-casServerName: cas.example.org
-casMgmtServerName: casmgmt.example.org
-
-replicaCount: 1
-
-image:
- registry: ""
- repository: "apereo/cas"
- pullPolicy: IfNotPresent
- # Overrides the image tag whose default is the chart appVersion.
- tag: "latest"
-
-bootadminimage:
- registry: ""
- repository: "apereo/cas-bootadmin-server"
- pullPolicy: IfNotPresent
- tag: "latest"
-
-mgmtimage:
- registry: ""
- repository: "apereo/cas-management"
- pullPolicy: IfNotPresent
- tag: "latest"
-
-imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
-
-# There are two valid stateful set update strategies, RollingUpdate and the (legacy) OnDelete
-updateStrategy: RollingUpdate
-
-# OrderedReady: Pods are created in increasing order (pod-0, then pod-1, etc) and the controller will wait until each pod is ready before continuing.
-# When scaling down, the pods are removed in the opposite order.
-# Parallel: Creates pods in parallel to match the desired scale without waiting, and on scale down will delete all pods at once.
-podManagementPolicy: OrderedReady
-
-# Map folder for logs directory from host or pvc, or leave both blank to use emptyDir volume
-# In docker for windows hostPath could be '/host_mnt/c/opt/cas/logs'
-# Windows: Give full access local Users group to the to ~/.docker folder if getting permission denied)
-logdir:
-# hostPath: '/host_mnt/c/opt/cas/logs'
- hostPath: ''
- claimName: ''
- mountPath: '/var/log'
-
-# CAS Server container properties
-casServerContainer:
- ## Roll on upgrade changes deployment when helm upgrade runs, forcing pod to restart
- alwaysRoll: false
- ## JVM Settings
- ## JVM settings only used if command not set, use args to set app arguments
- jvm:
- ## Extra JVM options
- ##
- extraOpts: '-Djavax.net.ssl.trustStore=/etc/cas/truststore -Djavax.net.ssl.trustStoreType=PKCS12 -Djavax.net.ssl.trustStorePassword=changeit'
-
- ## Memory settings: If these aren't defined, java will calc values automatically, but requires setting limits on pod
- ## so it doesn't base heap size on host memory
- maxHeapOpt: '-Xmx2G'
- newHeapOpt: '-Xms600M'
- debugEnabled: true
- debugSuspend: "n" # could be n or y, must quote or yaml changes to boolean
- warPath: 'cas.war'
- ## Override cmd
- ##
- command:
- ## Override args
- ##
- args:
- ## extraVolumes and extraVolumeMounts allows you to mount other volumes
- ## Examples:
- ## extraVolumeMounts:
- ## - name: extras
- ## mountPath: /usr/share/extras
- ## readOnly: true
- ## extraVolumes:
- ## - name: extras
- ## emptyDir: {}
- ##
- profiles: 'standalone'
-
- extraVolumeMounts:
- - name: truststore
- mountPath: /etc/cas/truststore
- subPath: truststore
-
- extraVolumes:
- - name: truststore
- configMap:
- name: cas-truststore
- defaultMode: 0444
-
- ## Url to use for readiness, startupprobe, and liveliness check, change to health actuator if the module is available
- ## Naming it "default" in case in future template supports individual urls for the different checks, with this as default if they aren't specified
- defaultStatusUrl: '/cas/actuator/health'
-
- # number of startup probe failures before it will be killed, set high if trying to debug startup issues
- # liveness and readiness failure threshold might be 1 but startup failure threshold accounts for
- # failures while server is starting up
- startupFailureThreshold: 30
- livenessFailureThreshold: 1
- readinessFailureThreshold: 1
- readinessInitialDelaySeconds: 45
- livenessInitialDelaySeconds: 120
-
- ## Extra init containers to add to the statefulset
- ##
- initContainers: []
-
- ## An array to add extra env vars
- ## For example:
- ## extraEnvVars:
- ## - name: MY_ENV_VAR
- ## value: env_var_value
- ##
- extraEnvVars: []
-
- ## Name of a ConfigMap containing extra env vars
- ##
- extraEnvVarsConfigMap: ''
-
- # name of secret containing server keystore
- serverKeystoreExistingSecret: cas-server-keystore
- # folder that should container the keystore
- serverKeystoreMountPath: '/etc/cas/thekeystore'
- # name of keystore file in container and in secret
- serverKeystoreSubPath: 'thekeystore'
-
- ## Name of a Secret containing extra env vars
- ##
- extraEnvVarsSecret: ''
- ## Choose which config files from casConfig to mount
- casConfigMounts:
- - 'cas.properties'
- - 'cas.yaml'
- ## Create various config files from casConfig that may or may not be mounted
- casConfig:
- # issue with line breaks? means can't use {{}} variables after first line
- # workaround is to use {{}} variables in yaml version of properties file
- cas.properties: |-
- cas.server.name=https://{{ .Values.casServerName }}
- context.path=/cas
- cas.server.prefix=${cas.server.name}${context.path}
-
- cas.http-client.truststore.psw=changeit
- cas.http-client.truststore.file=/etc/cas/truststore
-
- # put web access logs in same directory as cas logs
- cas.server.tomcat.ext-access-log.directory=/var/log
- cas.server.tomcat.ext-access-log.enabled=true
-
- # uncomment the folowing to not allow login of built-in users
- # cas.authn.accept.users=
-
- # since we are behind ingress controller, need to use x-forwarded-for to get client ip
- # if nginx ingress controller is behind another proxy, it needs to be configured globally with the following settings in the ingress controller configmap
- # use-forwarded-headers: "true" # very important for CAS or any app that compares IP being used against IP that initiated sessions (session fixation)
- # enable-underscores-in-headers: "true" # while you are at it, allow underscores in headers, can't recall if important for cas but no need to have nginx dropping your headers with underscores
- cas.audit.engine.alternate-client-addr-header-name=X-Forwarded-For
- server.tomcat.remoteip.remote-ip-header=X-FORWARDED-FOR
-
- server.ssl.key-store=file:/etc/cas/thekeystore
- server.ssl.key-store-type=PKCS12
- server.ssl.key-store-password=changeit
- server.ssl.trust-store=file:/etc/cas/truststore
- server.ssl.trust-store-type=PKCS12
- server.ssl.trust-store-password=changeit
-
- # expose endpoints via http
- management.endpoints.web.exposure.include=health,info,prometheus,metrics,env,loggers,statistics,status,loggingConfig,events,configurationMetadata,caches
- management.endpoints.web.base-path=/actuator
- management.endpoints.web.cors.allowed-origins=https://${cas-host}
- management.endpoints.web.cors.allowed-methods=GET,POST
-
- # enable endpoints
- management.endpoint.metrics.enabled=true
- management.endpoint.health.enabled=true
- management.endpoint.info.enabled=true
- management.endpoint.env.enabled=true
- management.endpoint.loggers.enabled=true
- management.endpoint.status.enabled=true
- management.endpoint.statistics.enabled=true
- management.endpoint.prometheus.enabled=true
- management.endpoint.events.enabled=true
- management.endpoint.loggingConfig.enabled=true
- management.endpoint.configurationMetadata.enabled=true
- # configure health endpoint
- management.health.defaults.enabled=false
- management.health.ping.enabled=true
- management.health.caches.enabled=true
-
- # secure endpoints to localhost
-
- cas.monitor.endpoints.endpoint.defaults.access[0]=AUTHENTICATED
- cas.monitor.endpoints.endpoint.health.access[0]=IP_ADDRESS
- cas.monitor.endpoints.endpoint.health.requiredIpAddresses[0]=127.0.0.1
- cas.monitor.endpoints.endpoint.health.requiredIpAddresses[1]=0:0:0:0:0:0:0:1
- cas.monitor.endpoints.endpoint.health.requiredIpAddresses[2]=10\\..*
- cas.monitor.endpoints.endpoint.health.requiredIpAddresses[3]=172\\.16\\..*
- cas.monitor.endpoints.endpoint.health.requiredIpAddresses[4]=192\\.168\\..*
-
- spring.boot.admin.client.enabled=true
- #eof
-
- cas.yaml: |-
- ---
- logging:
- config: 'file:/etc/cas/config/log4j2.xml'
- cas:
- server:
- tomcat:
- clustering:
- enabled: true
- clustering-type: 'CLOUD'
- cloud-membership-provider: 'kubernetes'
- spring:
- security:
- user:
- name: "{{ .Values.casAdminUser }}"
- password: "{{ .Values.casAdminPassword }}"
- boot:
- admin:
- client:
- username: {{ .Values.bootAdminUser }}
- password: {{ .Values.bootAdminPassword }}
- url: https://{{ include "cas-server.bootadminname" . }}:8443
- instance:
- metadata:
- user:
- name: "{{ .Values.casAdminUser }}"
- password: "{{ .Values.casAdminPassword }}"
- management-base-url: https://${HOSTNAME}.{{ include "cas-server.fullname" . }}.{{ .Release.Namespace }}.svc:8443${context.path}
- #eof
-
-
-
-# CAS Boot-Admin Server container properties
-bootAdminContainer:
- ## Roll on upgrade changes deployment when helm upgrade runs, forcing pod to restart
- alwaysRoll: false
- ## JVM Settings
- ## JVM settings only used if command not set, use args to set app arguments
- jvm:
- ## Extra JVM options
- ##
- extraOpts: '-Djavax.net.ssl.trustStore=/etc/cas/truststore -Djavax.net.ssl.trustStoreType=PKCS12 -Djavax.net.ssl.trustStorePassword=changeit'
- ## Memory settings: If these aren't defined, java will calc values automatically, but requires setting limits on pod
- ## so it doesn't base heap size on host memory
- maxHeapOpt: -Xmx1G
- newHeapOpt: -Xms250M
- debugEnabled: true
- debugSuspend: "n" # could be n or y, must quote or yaml changes to boolean
- warPath: 'casbootadminserver.war'
- ## Override cmd
- ##
- command:
- ## Override args
- ##
- args:
- - '--spring.config.additional-location=file:/etc/cas/config/' # directories should end in / and have protocol
- - '--logging.config=file:/etc/cas/config/log4j2.xml'
-
- profiles: 'standalone'
-
- ## extraVolumes and extraVolumeMounts allows you to mount other volumes
- ## Examples:
- ## extraVolumeMounts:
- ## - name: extras
- ## mountPath: /usr/share/extras
- ## readOnly: true
- ## extraVolumes:
- ## - name: extras
- ## emptyDir: {}
- ##
- extraVolumeMounts:
- - name: truststore
- mountPath: /etc/cas/truststore
- subPath: truststore
-
- extraVolumes:
- - name: truststore
- configMap:
- name: cas-truststore
- defaultMode: 0444
-
- ## Url to use for readiness, startupprobe, and liveliness check, change to health actuator if the module is available
- ## Naming it "default" in case in future template supports individual urls for the different checks, with this as default if they aren't specified
- defaultStatusUrl: '/login'
-
- # number of startup probe failures before it will be killed, set high if trying to debug startup issues
- # liveness and readiness failure threshold might be 1 but startup failure threshold accounts for
- # failures while server is starting up
- startupFailureThreshold: 30
- livenessFailureThreshold: 1
- readinessFailureThreshold: 1
- readinessInitialDelaySeconds: 45
- livenessInitialDelaySeconds: 120
-
- ## An array to add extra env vars
- ## For example:
- ## extraEnvVars:
- ## - name: MY_ENV_VAR
- ## value: env_var_value
- ##
- extraEnvVars: []
-
- ## Name of a ConfigMap containing extra env vars
- ##
- extraEnvVarsConfigMap: ''
-
- # name of secret containing bootadmin server keystore
- serverKeystoreExistingSecret: cas-server-keystore
- # folder that should container the keystore
- serverKeystoreMountPath: '/etc/cas/thekeystore'
- # name of keystore file in container and in secret
- serverKeystoreSubPath: 'thekeystore'
-
- ## Name of a Secret containing extra env vars
- ##
- extraEnvVarsSecret: ''
- ## Choose which config files from casConfig to mount
- casConfigMounts:
- - 'application.properties'
- - 'application.yml'
- - 'log4j2.xml'
- ## Create various config files from casConfig that may or may not be mounted
- casConfig:
- application.properties: |-
- server.ssl.enabled=true
- server.ssl.key-store=file:/etc/cas/thekeystore
- server.ssl.key-store-type=PKCS12
- server.ssl.key-store-password=changeit
- server.ssl.trust-store=file:/etc/cas/truststore
- server.ssl.trust-store-type=PKCS12
- server.ssl.trust-store-password=changeit
-
- application.yml: |-
- ---
- spring:
- security:
- user:
- name: "{{ .Values.bootAdminUser }}"
- password: "{{ .Values.bootAdminPassword }}"
-
- log4j2.xml: |-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-# CAS Management Server container properties
-mgmtContainer:
- ## Roll on upgrade changes deployment when helm upgrade runs, forcing pod to restart
- alwaysRoll: false
- ## JVM Settings
- ## JVM settings only used if command not set, use args to set app arguments
- jvm:
- ## Extra JVM options
- ##
- extraOpts: '-Djavax.net.ssl.trustStore=/etc/cas/truststore -Djavax.net.ssl.trustStoreType=PKCS12 -Djavax.net.ssl.trustStorePassword=changeit'
- ## Memory settings: If these aren't defined, java will calc values automatically, but requires setting limits on pod
- ## so it doesn't base heap size on host memory
- maxHeapOpt: -Xmx1G
- newHeapOpt: -Xms250M
- debugEnabled: true
- debugSuspend: "n" # could be n or y, must quote or yaml changes to boolean
- warPath: 'cas-management.war'
- ## Override cmd
- ##
- command:
- ## Override args
- ##
- args:
- - '--spring.config.additional-location=file:/etc/cas/config/' # directories should end in / and have protocol
- - '--logging.config=file:/etc/cas/config/log4j2.xml'
-
- profiles: 'standalone'
-
- ## extraVolumes and extraVolumeMounts allows you to mount other volumes
- ## Examples:
- ## extraVolumeMounts:
- ## - name: extras
- ## mountPath: /usr/share/extras
- ## readOnly: true
- ## extraVolumes:
- ## - name: extras
- ## emptyDir: {}
- ##
- extraVolumeMounts:
- - name: truststore
- mountPath: /etc/cas/truststore
- subPath: truststore
-
- extraVolumes:
- - name: truststore
- configMap:
- name: cas-truststore
- defaultMode: 0444
-
- ## Url to use for readiness, startupprobe, and liveliness check, change to health actuator if the module is available
- ## Naming it "default" in case in future template supports individual urls for the different checks, with this as default if they aren't specified
- defaultStatusUrl: '/cas-management/actuator/health'
-
- # number of startup probe failures before it will be killed, set high if trying to debug startup issues
- # liveness and readiness failure threshold might be 1 but startup failure threshold accounts for
- # failures while server is starting up
- startupFailureThreshold: 30
- livenessFailureThreshold: 1
- readinessFailureThreshold: 1
- readinessInitialDelaySeconds: 45
- livenessInitialDelaySeconds: 120
-
- ## An array to add extra env vars
- ## For example:
- ## extraEnvVars:
- ## - name: MY_ENV_VAR
- ## value: env_var_value
- ##
- extraEnvVars: []
-
- ## Name of a ConfigMap containing extra env vars
- ##
- extraEnvVarsConfigMap: ''
-
- # name of secret containing mgmt server keystore
- serverKeystoreExistingSecret: cas-server-keystore
- # folder that should container the keystore
- serverKeystoreMountPath: '/etc/cas/thekeystore'
- # name of keystore file in container and in secret
- serverKeystoreSubPath: 'thekeystore'
-
- ## Name of a Secret containing extra env vars
- ##
- extraEnvVarsSecret: ''
- ## Choose which config files from casConfig to mount
- casConfigMounts:
- - 'application-standalone.properties'
- - 'application-standalone.yml'
- - 'log4j2.xml'
- ## Create various config files from casConfig that may or may not be mounted
- casConfig:
- application-standalone.properties: |-
- server.ssl.enabled=true
- server.ssl.key-store=file:/etc/cas/thekeystore
- server.ssl.key-store-type=PKCS12
- server.ssl.key-store-password=changeit
- server.ssl.trust-store=file:/etc/cas/truststore
- server.ssl.trust-store-type=PKCS12
- server.ssl.trust-store-password=changeit
-
- application-standalone.yml: |-
- ---
- cas:
- server:
- name: https://{{ .Values.casServerName }}
- mgmt:
- serverName: https://{{ .Values.casMgmtServerName }}
- enableDiscoveryEndpointCall: false # turning off b/c external call to cas requires external DNS, need internal URL
- inCommonMDQUrl: ''
-
- log4j2.xml: |-
-
-
-
- .
- info
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-podAnnotations: {}
-
-## Pod security context
-## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
-##
-podSecurityContext:
- enabled: true
- fsGroup: 1000
-
-containerSecurityContext:
- enabled: false
- # capabilities:
- # drop:
- # - ALL
- # readOnlyRootFilesystem: true
- # runAsNonRoot: true
- runAsUser: 1000
-
-## Override parts of this ingress in your own values file with appropriate host names
-## This currently is only set up to work with Nginx Ingress Controller from Kubernetes project
-cas:
- service:
- type: ClusterIP
- port: 8443
- listenPortHttps: 8443
- listenPortJvmDebug: 5005
- ingress:
- enabled: true
- annotations:
- kubernetes.io/ingress.class: nginx
- nginx.ingress.kubernetes.io/session-cookie-samesite: "None"
- nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none: "true"
- nginx.ingress.kubernetes.io/affinity: "cookie"
- nginx.ingress.kubernetes.io/session-cookie-name: "sticky-session-route"
- nginx.ingress.kubernetes.io/session-cookie-hash: "sha1"
- nginx.ingress.kubernetes.io/secure-backends: "true"
- nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
- hosts:
- - host: cas.example.org
- paths:
- - "/cas"
- - host: kubernetes.docker.internal
- paths:
- - "/cas"
- tls:
- - secretName: cas-server-ingress-tls
- hosts:
- - cas.example.org
- - kubernetes.docker.internal
-
-## Override parts of this ingress in your own values file with appropriate host names
-## This currently is only set up to work with Nginx Ingress Controller from Kubernetes project
-bootadmin:
- enabled: true
- replicaCount: 1
- service:
- type: ClusterIP
- port: 8443
- listenPortHttps: 8444
- listenPortJvmDebug: 5005
- # Request some resources so kubernetes will schedule somewhere with enough resources
- # Limits can also be set if desired
- resources:
- requests:
- cpu: 50m
- memory: 384Mi
- # limits:
- # cpu: 100m
- # memory: 128Mi
- nodeSelector: {}
- tolerations: []
- affinity: {}
- ingress:
- enabled: true
- annotations:
- kubernetes.io/ingress.class: nginx
- nginx.ingress.kubernetes.io/session-cookie-samesite: "None"
- nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none: "true"
- nginx.ingress.kubernetes.io/affinity: "cookie"
- nginx.ingress.kubernetes.io/session-cookie-name: "sticky-session-route"
- nginx.ingress.kubernetes.io/session-cookie-hash: "sha1"
- nginx.ingress.kubernetes.io/secure-backends: "true"
- nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
- hosts:
- - host: casadmin.example.org
- paths:
- - "/"
- - host: kubernetes.docker.internal
- paths:
- - "/"
- tls:
- - secretName: cas-server-ingress-tls
- hosts:
- - casadmin.example.org
- - kubernetes.docker.internal
-
-## Override parts of this ingress in your own values file with appropriate host names
-## This currently is only set up to work with Nginx Ingress Controller from Kubernetes project
-mgmt:
- enabled: true
- replicaCount: 1
- service:
- type: ClusterIP
- port: 8443
- listenPortHttps: 8443
- listenPortJvmDebug: 5005
- # Request some resources so kubernetes will schedule somewhere with enough resources
- # Limits can also be set if desired
- resources:
- requests:
- cpu: 50m
- memory: 384Mi
- # limits:
- # cpu: 100m
- # memory: 128Mi
- nodeSelector: {}
- tolerations: []
- affinity: {}
- ingress:
- enabled: true
- annotations:
- kubernetes.io/ingress.class: nginx
- nginx.ingress.kubernetes.io/session-cookie-samesite: "None"
- nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none: "true"
- nginx.ingress.kubernetes.io/affinity: "cookie"
- nginx.ingress.kubernetes.io/session-cookie-name: "sticky-session-route"
- nginx.ingress.kubernetes.io/session-cookie-hash: "sha1"
- nginx.ingress.kubernetes.io/secure-backends: "true"
- nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
- hosts:
- - host: casmgmt.example.org
- paths:
- - "/cas-management"
- - host: kubernetes.docker.internal
- paths:
- - "/cas-management"
- tls:
- - secretName: cas-server-ingress-tls
- hosts:
- - casmgmt.example.org
- - kubernetes.docker.internal
-
-# Request some resources for main cas server so kubernetes will schedule somewhere with enough resources
-# Limits can also be set if desired
-resources:
- requests:
- cpu: 100m
- memory: 512Mi
-# limits:
-# cpu: 100m
-# memory: 128Mi
-
-# node selector for CAS server
-nodeSelector: {}
-# tolerations for CAS server (i.e taints on nodes that it can tolerate)
-tolerations: []
-# affinity config for CAS server
-affinity: {}
-
-
-# credentials for boot admin server (ideally you should make boot admin accessible internally )
-bootAdminUser: 'casadmin'
-bootAdminPassword: 'ChangeThisSecretPassword'
-
-# spring boot admin uses these credentials to hit actuators in cas (and it could be used externally)
-casAdminUser: 'casuser'
-casAdminPassword: 'Mellon'
-
-# rbac may or may not be necessary, but it can allow for certain types of discovery (e.g. tomcat cloud session replication)
-rbac:
- # specified whether RBAC resources should be created
- create: true
-
-serviceAccount:
- # Specifies whether a service account should be created
- create: true
- # Annotations to add to the service account
- annotations: {}
- # The name of the service account to use.
- # If not set and create is true, a name is generated using the fullname template
- name: ""
-
-
-## CAS can use a persistent volume to store config such as services and saml IDP/SP metadata that it pulls from git
-## Enable persistence using Persistent Volume Claims
-## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
-##
-persistence:
- ## If true, use a Persistent Volume Claim for data folder mounted where you specify using mountPath
- ##
- enabled: true
- ## Persistent Volume Storage Class
- ## If defined, storageClassName:
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- # storageClass: "-"
- ## Persistent Volume Claim annotations
- ##
- annotations:
- ## Persistent Volume Access Mode
- ##
- accessModes:
- - ReadWriteOnce
- ## Persistent Volume size
- ##
- size: 2Gi
- ## The path the volume will be mounted at, will contain writable folder called "data" under mountPath,
- ## if volumePermissions init container creates it
- ##
- mountPath: /var/cas
-
-## Init containers parameters:
-## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from
-## the securityContext section.
-##
-volumePermissions:
- enabled: false
- image:
- registry: docker.io
- repository: alpine
- tag: latest
- pullPolicy: Always
- ## Optionally specify an array of imagePullSecrets.
- ## Secrets must be manually created in the namespace.
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- ##
- # pullSecrets:
- # - myRegistryKeySecretName
- ## Init container' resource requests and limits
- ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
- ##
- resources:
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- limits: {}
- # cpu: 100m
- # memory: 128Mi
- requests: {}
- # cpu: 100m
- # memory: 128Mi
- ## Init container Security Context
- ## Note: the chown of the data folder is done to securityContext.runAsUser
- ## and not the below volumePermissions.securityContext.runAsUser
- ## When runAsUser is set to special value "auto", init container will try to chown the
- ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
- ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed).
- ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with
- ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false
- ##
- securityContext:
- runAsUser: 0
diff --git a/apereo-cas/helm/create-cas-server-keystore-secret.sh b/apereo-cas/helm/create-cas-server-keystore-secret.sh
deleted file mode 100644
index 374e9e4..0000000
--- a/apereo-cas/helm/create-cas-server-keystore-secret.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/usr/bin/env bash
-# This script needs bash for pushd/popd
-set -e
-NAMESPACE=${1:-default}
-KEYSTORE=../etc/cas/thekeystore
-
-# it's important that the service names are supported in the cert used for tomcat in cas-server and boot-admin
-# keytool doesn't support wildcards which we really need to use here, e.g. *.cas-server.${NAMESPACE}.svc
-# java wasn't resolving using all available dns suffixes so had to use [namespace].svc
-SUBJECT=CN=cas.example.org,OU=Example,OU=Org,C=US
-SAN=dns:cas.example.org,dns:casadmin.example.org,dns:cas-server-boot-admin,dns:cas-server-0.cas-server.${NAMESPACE}.svc,dns:cas-server-1.cas-server.${NAMESPACE}.svc
-
-if [ ! -f "$KEYSTORE" ] ; then
- pushd ..
- ./gradlew createKeyStore -PcertDir=./etc/cas -PcertificateDn="${SUBJECT}" -PcertificateSubAltName="${SAN}"
- popd
-fi
-
-kubectl delete secret cas-server-keystore --namespace "${NAMESPACE}" || true
-kubectl create secret generic cas-server-keystore --namespace "${NAMESPACE}" --from-file=thekeystore=$KEYSTORE
\ No newline at end of file
diff --git a/apereo-cas/helm/create-ingress-tls.sh b/apereo-cas/helm/create-ingress-tls.sh
deleted file mode 100644
index f2c5c7f..0000000
--- a/apereo-cas/helm/create-ingress-tls.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/sh
-NAMESPACE=${1:-default}
-SUBJECT=/CN=cas.example.org/OU=Auth/O=example
-SAN=DNS:casadmin.example.org,DNS:cas.example.org
-SECRET_NAME=cas-server-ingress-tls
-KEY_FILE=cas-ingress.key
-CERT_FILE=cas-ingress.crt
-
-set -e
-
-# create certificate for external ingress
-openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
- -keyout "${KEY_FILE}" -out ${CERT_FILE} -subj "${SUBJECT}" \
- -addext "subjectAltName = $SAN"
-
-kubectl delete secret "${SECRET_NAME}" --namespace "${NAMESPACE}" || true
-# create tls secret with key and cert
-kubectl create secret tls "${SECRET_NAME}" --namespace "${NAMESPACE}" --key "${KEY_FILE}" --cert "${CERT_FILE}"
-
diff --git a/apereo-cas/helm/create-truststore.sh b/apereo-cas/helm/create-truststore.sh
deleted file mode 100644
index ebd01cf..0000000
--- a/apereo-cas/helm/create-truststore.sh
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/sh
-NAMESPACE=${1:-default}
-INGRESS_CERT_FILE=cas-ingress.crt
-CAS_CERT_FILE=cas.crt
-CAS_KEYSTORE=../etc/cas/thekeystore
-TRUST_STORE=../etc/cas/truststore
-JAVA_CACERTS=${2:-/etc/ssl/certs/java/cacerts}
-
-STORE_PASS=changeit
-
-set -e
-
-if [ -f ${TRUST_STORE} ]; then
- rm ${TRUST_STORE}
-fi
-
-if [ -f "${JAVA_CACERTS}" ]; then
- keytool -importkeystore -noprompt -srckeystore "${JAVA_CACERTS}" -srcstorepass "${STORE_PASS}" -destkeystore "${TRUST_STORE}" -deststoretype PKCS12 -deststorepass "${STORE_PASS}"
-else
- echo "Missing ${JAVA_CACERTS} JAVA_HOME is ${JAVA_HOME}"
- if [ -d "${JAVA_HOME}" ]; then
- find ${JAVA_HOME} -name cacerts -print
- find ${JAVA_HOME} -name cacerts -exec keytool -importkeystore -noprompt -srckeystore {} -srcstorepass "${STORE_PASS}" -destkeystore "${TRUST_STORE}" -deststoretype PKCS12 -deststorepass "${STORE_PASS}" \;
- fi
-fi
-
-# create truststore that trusts ingress cert
-if [ -f "${INGRESS_CERT_FILE}" ] ; then
- keytool -importcert -noprompt -keystore "${TRUST_STORE}" -storepass "${STORE_PASS}" -alias cas-ingress -file "${INGRESS_CERT_FILE}" -storetype PKCS12
-else
- echo "Missing ingress cert file to put in trust bundle: ${INGRESS_CERT_FILE}"
-fi
-
-# add cas server cert to trust store
-if [ -f "${CAS_KEYSTORE}" ] ; then
- keytool -exportcert -keystore "${CAS_KEYSTORE}" -storepass "${STORE_PASS}" -alias cas -file "${CAS_CERT_FILE}" -rfc
- keytool -importcert -noprompt -storepass "${STORE_PASS}" -keystore "${TRUST_STORE}" -alias cas -file "${CAS_CERT_FILE}" -storetype PKCS12
-else
- echo "Missing keystore ${CAS_KEYSTORE} to put cas cert in trust bundle"
-fi
-kubectl delete configmap cas-truststore --namespace "${NAMESPACE}" || true
-kubectl create configmap cas-truststore --namespace "${NAMESPACE}" --from-file=truststore=${TRUST_STORE}
\ No newline at end of file
diff --git a/apereo-cas/helm/delete-cas-server.sh b/apereo-cas/helm/delete-cas-server.sh
deleted file mode 100644
index 3a8269d..0000000
--- a/apereo-cas/helm/delete-cas-server.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-NAMESPACE=${1:-default}
-helm delete --namespace "${NAMESPACE}" cas-server
\ No newline at end of file
diff --git a/apereo-cas/helm/install-cas-server-example.sh b/apereo-cas/helm/install-cas-server-example.sh
deleted file mode 100644
index 65ecde0..0000000
--- a/apereo-cas/helm/install-cas-server-example.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-NAMESPACE=${1:-default}
-EXAMPLE=${2:-example1}
-
-helm upgrade --install cas-server --values values-${EXAMPLE}.yaml --namespace ${NAMESPACE} ./cas-server
diff --git a/apereo-cas/helm/install-cas-server.sh b/apereo-cas/helm/install-cas-server.sh
deleted file mode 100644
index 5e94d3a..0000000
--- a/apereo-cas/helm/install-cas-server.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-NAMESPACE=${1:-default}
-
-helm upgrade --install cas-server --namespace $NAMESPACE ./cas-server
\ No newline at end of file
diff --git a/apereo-cas/helm/values-example1.yaml b/apereo-cas/helm/values-example1.yaml
deleted file mode 100644
index 53e2f73..0000000
--- a/apereo-cas/helm/values-example1.yaml
+++ /dev/null
@@ -1,63 +0,0 @@
----
-
-# This is example of a values file that can override and add to the default values.yaml
-# Deployers might have one or more values files of their own per deployment environment.
-
-# CAS Server container properties
-casServerContainer:
-
- # override profiles to include gitsvc
- profiles: 'standalone,gitsvc'
-
- ## Override list of config files from casConfig to mount, include some from default values file
- casConfigMounts:
- - 'cas.properties'
- - 'cas.yaml'
- - 'application-gitsvc.yaml'
- casConfig:
- application-gitsvc.yaml: |-
- ---
- cas:
- service-registry:
- git:
- repository-url: "{{- .Values.gitsvcRepoUrl -}}"
- branches-to-clone: "{{- .Values.gitsvcBranchesToClone -}}"
- active-branch: "{{- .Values.gitsvcActiveBranch -}}"
- clone-directory: "{{- .Values.gitsvcCloneDirectory -}}"
- root-directory: "{{- .Values.gitsvcRootDirectory -}}"
- #eof
- application-redis.yaml: |-
- ---
- #helm repo add bitnami https://charts.bitnami.com/bitnami
- #helm install cas-server-redis bitnami/redis --set usePassword=false --set sentinel.enabled=true --set sentinel.usePassword=false
- cas:
- ticket:
- registry:
- redis:
- enabled: true
- database: 0
- host: 'cas-server-redis'
- pool:
- test-on-borrow: true
- read-from: 'UPSTREAMPREFERRED'
- crypto:
- enabled: false
- timeout: 5000
- port: 6379
- password: ' '
- cluster:
- nodes:
- - host: 'cas-server-redis-headless'
- port: 6379
- password: ' '
- sentinel:
- master: 'mymaster'
- node: 'cas-server-redis-headless:26379'
- # eof
-
-
-gitsvcRepoUrl: 'https://github.com/apereo/cas.git' # need smaller repo with services
-gitsvcBranchesToClone: 'master'
-gitsvcActiveBranch: 'master'
-gitsvcCloneDirectory: '/tmp/cas/services'
-gitsvcRootDirectory: 'etc' # only supports one level
diff --git a/apereo-cas/lombok.config b/apereo-cas/lombok.config
deleted file mode 100644
index f562841..0000000
--- a/apereo-cas/lombok.config
+++ /dev/null
@@ -1,9 +0,0 @@
-lombok.log.fieldName = LOGGER
-lombok.log.fieldIsStatic=true
-
-lombok.toString.doNotUseGetters=true
-lombok.equalsAndHashCode.doNotUseGetters=true
-
-lombok.addLombokGeneratedAnnotation = true
-
-config.stopBubbling=true
diff --git a/apereo-cas/settings.gradle b/apereo-cas/settings.gradle
deleted file mode 100644
index 74901f4..0000000
--- a/apereo-cas/settings.gradle
+++ /dev/null
@@ -1 +0,0 @@
-rootProject.name = 'cas'
diff --git a/apereo-cas/src/main/java/org/apereo/cas/config/CasOverlayOverrideConfiguration.java b/apereo-cas/src/main/java/org/apereo/cas/config/CasOverlayOverrideConfiguration.java
deleted file mode 100644
index 3f89063..0000000
--- a/apereo-cas/src/main/java/org/apereo/cas/config/CasOverlayOverrideConfiguration.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package org.apereo.cas.config;
-
-//import org.springframework.boot.context.properties.EnableConfigurationProperties;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.context.ConfigurableApplicationContext;
-import org.springframework.context.annotation.Bean;
-
-//import org.apereo.cas.configuration.CasConfigurationProperties;
-
-@Configuration(value = "CasOverlayOverrideConfiguration", proxyBeanMethods = false)
-//@EnableConfigurationProperties(CasConfigurationProperties.class)
-public class CasOverlayOverrideConfiguration {
-
- /*
- @Bean
- public MyCustomBean myCustomBean() {
- ...
- }
- */
-}
diff --git a/apereo-cas/src/main/jib/docker/entrypoint.sh b/apereo-cas/src/main/jib/docker/entrypoint.sh
deleted file mode 100644
index ccbdd1a..0000000
--- a/apereo-cas/src/main/jib/docker/entrypoint.sh
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/bin/sh
-
-ENTRYPOINT_DEBUG=${ENTRYPOINT_DEBUG:-false}
-JVM_DEBUG=${JVM_DEBUG:-false}
-JVM_DEBUG_PORT=${JVM_DEBUG_PORT:-5000}
-JVM_DEBUG_SUSPEND=${JVM_DEBUG_SUSPEND:-n}
-JVM_MEM_OPTS=${JVM_MEM_OPTS:--Xms512m -Xmx4096M}
-JVM_EXTRA_OPTS=${JVM_EXTRA_OPTS:--server -noverify -XX:+TieredCompilation -XX:TieredStopAtLevel=1}
-
-if [ $JVM_DEBUG == "true" ]; then
- JVM_EXTRA_OPTS="${JVM_EXTRA_OPTS} -Xdebug -Xrunjdwp:transport=dt_socket,address=*:${JVM_DEBUG_PORT},server=y,suspend=${JVM_DEBUG_SUSPEND}"
-fi
-
-if [ $ENTRYPOINT_DEBUG == "true" ]; then
- JVM_EXTRA_OPTS="${JVM_EXTRA_OPTS} -Ddebug=true"
-
- echo -e "\nChecking java..."
- java -version
-
- if [ -d /etc/cas ] ; then
- echo -e "\nListing CAS configuration under /etc/cas..."
- ls -R /etc/cas
- fi
- echo -e "\nRemote debugger configured on port ${JVM_DEBUG_PORT} with suspend=${JVM_DEBUG_SUSPEND}: ${JVM_DEBUG}"
- echo -e "\nJava args: ${JVM_MEM_OPTS} ${JVM_EXTRA_OPTS}"
-fi
-
-echo -e "\nRunning CAS @ cas.war"
-# shellcheck disable=SC2086
-exec java $JVM_EXTRA_OPTS $JVM_MEM_OPTS -jar cas.war "$@"
diff --git a/apereo-cas/src/main/resources/META-INF/spring.factories b/apereo-cas/src/main/resources/META-INF/spring.factories
deleted file mode 100644
index a2535d2..0000000
--- a/apereo-cas/src/main/resources/META-INF/spring.factories
+++ /dev/null
@@ -1 +0,0 @@
-org.springframework.boot.autoconfigure.EnableAutoConfiguration=org.apereo.cas.config.CasOverlayOverrideConfiguration
diff --git a/apereo-cas/src/main/resources/application.yml b/apereo-cas/src/main/resources/application.yml
deleted file mode 100644
index e532688..0000000
--- a/apereo-cas/src/main/resources/application.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-# Application properties that need to be
-# embedded within the web application can be included here
-server:
- cors:
- allowed-origins: "*" # 允许所有域名
- allowed-methods: GET,POST # 允许的方法
- allowed-headers: "*" # 允许的头部
- allow-credentials: true # 是否允许凭证
- max-age: 3600 # 预检请求的缓存时间
diff --git a/apereo-cas/src/main/webapp/WEB-INF/web.xml b/apereo-cas/src/main/webapp/WEB-INF/web.xml
deleted file mode 100644
index 072a6a0..0000000
--- a/apereo-cas/src/main/webapp/WEB-INF/web.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-
-
-
\ No newline at end of file
diff --git a/apereo-cas/system.properties b/apereo-cas/system.properties
deleted file mode 100644
index 9146af5..0000000
--- a/apereo-cas/system.properties
+++ /dev/null
@@ -1 +0,0 @@
-java.runtime.version=11
diff --git a/cfg-docker.json b/cfg-docker.json
new file mode 100644
index 0000000..70b3be1
--- /dev/null
+++ b/cfg-docker.json
@@ -0,0 +1,26 @@
+{
+ "logger": {
+ "dir": "logs/",
+ "level": "DEBUG",
+ "keepHours": 24
+ },
+ "endpoints": {
+ "authorization": "http://localhost/oauth2/authorize",
+ "token": "http://oauth-server-lite/oauth2/token",
+ "userinfo": "http://oauth-server-lite/oauth2/userinfo",
+ "device_authorization": "http://oauth-server-lite/oauth2/device/authorize"
+ },
+ "iplimit": {
+ "enable": false,
+ "trust_ip": ["127.0.0.1", "::1"]
+ },
+ "http": {
+ "route_base":"/",
+ "trust_proxy": ["127.0.0.1", "::1"],
+ "cors": ["http://127.0.0.1","http://localhost"],
+ "listen": "0.0.0.0:8080"
+ },
+ "trust_domain": ["api.ecnu.edu.cn", "localhost", "oauth-server-lite"],
+ "default_scope": "Basic",
+ "timeout": 10
+}
\ No newline at end of file
diff --git a/controller/config.go b/controller/config.go
index b76f1a7..586f8ee 100644
--- a/controller/config.go
+++ b/controller/config.go
@@ -13,6 +13,7 @@ type ConfigData struct {
TokenEndpoint string `json:"token_endpoint"`
UserinfoEndpoint string `json:"userinfo_endpoint"`
DefaultScope string `json:"default_scope"`
+ DeviceAuthorization string `json:"device_authorization_endpoint"`
}
func getConfig(c *gin.Context) {
@@ -22,6 +23,7 @@ func getConfig(c *gin.Context) {
TokenEndpoint: g.Config().Endpoints.Token,
UserinfoEndpoint: g.Config().Endpoints.Userinfo,
DefaultScope: g.Config().DefaultScope,
+ DeviceAuthorization: g.Config().Endpoints.DeviceAuthorization,
}
c.JSON(http.StatusOK, handleSuccess(res))
}
diff --git a/controller/oauth2_device_flow.go b/controller/oauth2_device_flow.go
index c3fdf99..157d2bb 100644
--- a/controller/oauth2_device_flow.go
+++ b/controller/oauth2_device_flow.go
@@ -11,14 +11,15 @@ import (
)
type ReqDeviceData struct {
- ClientId string `json:"client_id"`
- Code string `json:"code"`
- ResponseType string `json:"response_type"`
- ExpiresIn int `json:"expires_in"`
+ ClientId string `json:"client_id"`
+ DeviceCode string `json:"device_code"`
+ GrantType string `json:"grant_type"`
+ ExpiresIn int `json:"expires_in"`
}
type ReqUserCodeData struct {
- InitialAddress string `json:"initialAddress"`
+ ClientId string `json:"client_id"`
+ Scope string `json:"scope"`
}
func getUserCode(c *gin.Context) {
@@ -27,10 +28,17 @@ func getUserCode(c *gin.Context) {
c.JSON(http.StatusOK, handleError(err.Error()))
return
}
+
+ clientId := reqData.ClientId
+ scope := reqData.Scope
+
method := "POST"
- apiAddr := reqData.InitialAddress
- body := fmt.Sprintf("")
+ apiAddr := g.Config().Endpoints.DeviceAuthorization
+ body := fmt.Sprintf("client_id=%s&scope=%s", clientId, scope)
+
header := make(map[string]string)
+ header["Content-Type"] = "application/x-www-form-urlencoded"
+ header["Content-Length"] = strconv.Itoa(len(body))
res, err := models.HandleRequest(method, apiAddr, g.UserAgent, body, g.Config().Timeout, header)
if err != nil {
@@ -50,11 +58,11 @@ func deviceFlow(c *gin.Context) {
method := "POST"
apiAddr := g.Config().Endpoints.Token
- Code := reqData.Code
+ deviceCode := reqData.DeviceCode
clientId := reqData.ClientId
- ResponseType := reqData.ResponseType
+ grantType := reqData.GrantType
ExpiresIn := reqData.ExpiresIn
- body := fmt.Sprintf("code=%s&client_id=%s&response_type=%s", Code, clientId, ResponseType)
+ body := fmt.Sprintf("device_code=%s&client_id=%s&grant_type=%s", deviceCode, clientId, grantType)
header := make(map[string]string)
header["Content-Type"] = "application/x-www-form-urlencoded"
diff --git a/controller/route.go b/controller/route.go
index 3eb331a..eaae90b 100644
--- a/controller/route.go
+++ b/controller/route.go
@@ -20,8 +20,8 @@ func Routes(r *gin.Engine) {
playground.Use(IPLimitCheck)
playground.Use(NoCache())
playground.POST("/oauth2/pkce", pkce)
- playground.POST("/oauth2/device_flow", deviceFlow)
playground.POST("/oauth2/user_code", getUserCode)
+ playground.POST("/oauth2/device_flow", deviceFlow)
playground.POST("/oauth2/client_credentials", clientCredentials)
playground.POST("/oauth2/password", passwordMode)
playground.POST("/oauth2/authorization_code", exchangeTokenByCode)
diff --git a/docker-compose.yml b/docker-compose.yml
index abe3a90..17cb6db 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,24 +1,28 @@
version: '3'
services:
+ redis:
+ image: redis:latest
+ container_name: oauth-redis
+ ports:
+ - "6379:6379"
open-oauth2playground:
- image: lacey620/open-oauth2playground:v1.0
+ image: open-oauth2playground:v2.0
container_name: open-oauth2playground
restart: always
ports:
- - "8080:80"
+ - "8085:8080"
volumes:
- - ./cfg.json:/app/Open-OAuth2Playground/cfg.json
+ - ./cfg-docker.json:/app/Open-OAuth2Playground/cfg.json
command: ["/app/Open-OAuth2Playground/OAuth2Playground"]
- cas-demo:
- image: lacey620/cas-demo:v6.5.9
- container_name: cas-demo
+ oauth-server-lite:
+# image: ecnunic/oauth-server-lite:v1.0
+ image: lite-server-test:0716
+ container_name: oauth-server-lite
+ depends_on:
+ - redis
restart: always
- ports:
- - "8444:8444"
environment:
- - CAS_SERVER_NAME=
- - SERVER_PORT=
- volumes:
- - ./cas_init_script.sh:/cas-overlay/cas_init_script.sh
- entrypoint: ["/bin/bash", "-c"]
- command: ["/cas-overlay/cas_init_script.sh && java -server -noverify -Xmx2048M -jar /cas-overlay/cas.war"]
\ No newline at end of file
+ - CLIENT_HOST=127.0.0.1
+ ports:
+ - "80:80"
+ - "8444:8444"
\ No newline at end of file
diff --git a/front-standalone/src/views/playground/components/Device.vue b/front-standalone/src/views/playground/components/Device.vue
index d458a05..e1d971f 100644
--- a/front-standalone/src/views/playground/components/Device.vue
+++ b/front-standalone/src/views/playground/components/Device.vue
@@ -17,6 +17,7 @@ const props = defineProps({
token_endpoint: "",
userinfo_endpoint: "",
default_scope: "",
+ device_authorization_endpoint: "",
access_token_type: "",
client_id: "",
client_secret: ""
@@ -83,10 +84,10 @@ function updateReqAndRes() {
// Step 1
const activeName = ref('1');
const s1Data = reactive({
- token_endpoint: "",
+ device_authorization_endpoint: "",
// redirect_uri: window.location.href.split("?")[0],
scope: "",
- response_type: "device_code",
+ // response_type: "device_code",
// state: "",
});
@@ -94,8 +95,7 @@ const initialAddress = ref("");
// 修改的同时拼接成url显示在Grant Url中
function handleS1Change() {
- initialAddress.value = s1Data.token_endpoint.concat(
- "?response_type=device_code",
+ initialAddress.value = s1Data.device_authorization_endpoint.concat(
s1Data.scope?.length > 0 ? "&scope=".concat(s1Data.scope) : "",
props.cfgData.client_id?.length > 0 ? "&client_id=".concat(props.cfgData.client_id) : ""
);
@@ -118,12 +118,17 @@ function handleDeviceFlow() {
lss.addItem(cs);
}
// window.location.href = initialAddress.value;
+ // const dataObject = {
+ // initialAddress: initialAddress.value
+ // };
const dataObject = {
- initialAddress: initialAddress.value
+ client_id: props.cfgData.client_id,
+ scope: props.cfgData.default_scope
};
fetchUserCode(dataObject).then(({code, msg, data}) => {
if (code === 0) {
const {request, response, rawjson, example} = data;
+ console.log(rawjson.user_code)
if (rawjson.user_code === undefined || rawjson.user_code === '')
return
// const {interval, verification_uri, user_code, expires_in, device_code} = rawjson || {};
@@ -167,8 +172,8 @@ const qrCodeSrc = ref("");
function tokenAvailablelong(expire) {
const dataObject = {
client_id: props.cfgData.client_id,
- code: device_code.value,
- response_type: "device_code",
+ device_code: device_code.value,
+ grant_type: "urn:ietf:params:oauth:grant-type:device_code",
expires_in: expire
};
fetchACTokenByDevice(dataObject).then(({code, msg, data}) => {
@@ -215,10 +220,6 @@ function handleRefreshToken() {
if(props.cfgData.client_id.length === 0){
ElMessage.error('client_id is empty, please click the config button on the right side, and check the configuration');
return;
- }
- else if(props.cfgData.client_secret.length === 0){
- ElMessage.error('client_secret is empty, please click the config button on the right side, and check the configuration');
- return;
}else if(currentRefreshToken.value.length === 0){
ElMessage.error('refresh_token is empty, please get the access_token firstly');
return;
@@ -377,22 +378,17 @@ function deleteRow(index) {
async function generateQRCode(url) {
try {
qrCodeSrc.value = await QRCode.toDataURL(url);
- console.log()
} catch (err) {
console.error('Failed to generate QR code: ', err)
}
}
watch(props.cfgData, (newValue) => {
- s1Data.token_endpoint = newValue.token_endpoint;
+ s1Data.device_authorization_endpoint = newValue.device_authorization_endpoint;
s1Data.scope = newValue.default_scope;
- initialAddress.value = newValue.token_endpoint.concat(
- "?response_type=device_code",
+ initialAddress.value = newValue.device_authorization_endpoint.concat(
newValue.default_scope?.length > 0 ? "&scope=".concat(newValue.default_scope) : "",
newValue.client_id?.length > 0 ? "&client_id=".concat(newValue.client_id) : "",
- // "&redirect_uri=",
- // s1Data.redirect_uri,
- // s1Data.state?.length > 0 ? "&state=".concat(s1Data.state) : ""
);
requestUri.value = newValue.userinfo_endpoint;
s3TokenType.value = newValue.access_token_type;
@@ -430,14 +426,12 @@ const handleDrag = (floatButton, container) => {
Step 1: Request for Device Flow Authorization
- accessToken Endpoint
-
-
-
+ Deivce Authorization Endpoint
+
Scope
-
- Response Type
-
+
+
Grant Url
diff --git a/front-standalone/src/views/playground/components/PKCE.vue b/front-standalone/src/views/playground/components/PKCE.vue
index 4ae905b..79e6ef8 100644
--- a/front-standalone/src/views/playground/components/PKCE.vue
+++ b/front-standalone/src/views/playground/components/PKCE.vue
@@ -17,6 +17,7 @@ const props = defineProps({
token_endpoint: "",
userinfo_endpoint: "",
default_scope: "",
+ device_authorization_endpoint: "",
access_token_type: "",
client_id: "",
client_secret: ""
diff --git a/front-standalone/src/views/playground/index.vue b/front-standalone/src/views/playground/index.vue
index 4ef218b..6cb480a 100644
--- a/front-standalone/src/views/playground/index.vue
+++ b/front-standalone/src/views/playground/index.vue
@@ -22,6 +22,7 @@ const configData = reactive({
token_endpoint: "",
userinfo_endpoint: "",
default_scope: "",
+ device_authorization_endpoint: "",
access_token_type: "bearer",
client_id: "",
client_secret: ""
@@ -41,6 +42,8 @@ async function getGlobalConfig() {
Object.assign(configData, {client_id: id??"", client_secret: secret??""});
lss.removeItem("id");
lss.removeItem("secret");
+ console.log('configData')
+ console.log(configData)
}
function handleSaveTokenType(){
@@ -103,6 +106,9 @@ onMounted(() => {
{{ configData.authorization_endpoint }}
+
+ {{ configData.device_authorization_endpoint }}
+
{{ configData.token_endpoint }}
diff --git a/g/cfg.go b/g/cfg.go
index d0b7ac1..0763ba3 100644
--- a/g/cfg.go
+++ b/g/cfg.go
@@ -31,9 +31,10 @@ type IpLimitConfig struct {
EndpointConfig oauth endpoint 配置
*/
type EndpointConfig struct {
- Authorization string `json:"authorization"`
- Token string `json:"token"`
- Userinfo string `json:"userinfo"`
+ Authorization string `json:"authorization"`
+ Token string `json:"token"`
+ Userinfo string `json:"userinfo"`
+ DeviceAuthorization string `json:"device_authorization"`
}
/*
diff --git a/go.mod b/go.mod
index c5d1404..98b517d 100644
--- a/go.mod
+++ b/go.mod
@@ -3,7 +3,6 @@ module github.com/ECNU/Open-OAuth2Playground
go 1.20
require (
- github.com/c-robinson/iplib v1.0.6
github.com/gin-gonic/gin v1.9.1
github.com/stretchr/testify v1.8.4
github.com/toolkits/file v0.0.0-20160325033739-a5b3c5147e07
diff --git a/go.sum b/go.sum
index 7860af7..06e4bc9 100644
--- a/go.sum
+++ b/go.sum
@@ -1,8 +1,6 @@
github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
github.com/bytedance/sonic v1.9.1 h1:6iJ6NqdoxCDr6mbY8h18oSO+cShGSMRGCEo7F2h0x8s=
github.com/bytedance/sonic v1.9.1/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U=
-github.com/c-robinson/iplib v1.0.6 h1:FfZV9BWNrah3BgLCFl5/nDXe4RbOi/C9n+DeXFOv5CQ=
-github.com/c-robinson/iplib v1.0.6/go.mod h1:i3LuuFL1hRT5gFpBRnEydzw8R6yhGkF4szNDIbF8pgo=
github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY=
github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 h1:qSGYFH7+jGhDF8vLC+iwCD4WpbV1EBDSzWkJODFLams=
github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk=