chore(cloud-native): upgrade to SQLAlchemy v2.x

docker-jans-all-in-one/Dockerfile

@@ -59,7 +59,7 @@ RUN apk update \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=6bcc41a0e7f2708e52fe2c950d357dc872b87498
+ENV JANS_SOURCE_VERSION=436bf147b379c2bf005f554db4b8cce3971c58ad
 
 # note that as we're pulling from a monorepo (with multiple project in it)
 # we are using partial-clone and sparse-checkout to get the assets

docker-jans-auth-server/Dockerfile

@@ -103,7 +103,7 @@ RUN mkdir -p ${JETTY_BASE}/jans-auth/agama/fl \
     /app/static/rdbm \
     /app/schema
 
-ENV JANS_SOURCE_VERSION=6bcc41a0e7f2708e52fe2c950d357dc872b87498
+ENV JANS_SOURCE_VERSION=436bf147b379c2bf005f554db4b8cce3971c58ad
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 
 # note that as we're pulling from a monorepo (with multiple project in it)

docker-jans-casa/Dockerfile

@@ -61,7 +61,7 @@ RUN mkdir -p /app/static/rdbm \
     /app/schema \
     /app/templates/jans-casa
 
-ENV JANS_SOURCE_VERSION=6bcc41a0e7f2708e52fe2c950d357dc872b87498
+ENV JANS_SOURCE_VERSION=436bf147b379c2bf005f554db4b8cce3971c58ad
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 
 # note that as we're pulling from a monorepo (with multiple project in it)

docker-jans-cloudtools/Dockerfile

@@ -44,7 +44,7 @@ RUN wget -q https://repo1.maven.org/maven2/org/codehaus/janino/janino/3.1.9/jani
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=6bcc41a0e7f2708e52fe2c950d357dc872b87498
+ENV JANS_SOURCE_VERSION=436bf147b379c2bf005f554db4b8cce3971c58ad
 
 # note that as we're pulling from a monorepo (with multiple project in it)
 # we are using partial-clone and sparse-checkout to get the assets

docker-jans-cloudtools/scripts/cleaner.py

@@ -35,10 +35,10 @@ def cleanup(limit):
 
             try:
                 if client.dialect == "mysql":
-                    query = text(f"DELETE FROM {client.quoted_id(table)} WHERE del = :deleted AND exp < NOW() LIMIT {limit}")  # nosec: B608
+                    query = f"DELETE FROM {client.quoted_id(table)} WHERE del = :deleted AND exp < NOW() LIMIT {limit}"  # nosec: B608
                 else:  # likely postgres
-                    query = text(f"DELETE FROM {client.quoted_id(table)} WHERE doc_id IN (SELECT doc_id FROM {client.quoted_id(table)} WHERE del = :deleted AND exp < NOW() LIMIT {limit})")  # nosec: B608
-                conn.execute(query, {"deleted": True})
+                    query = f"DELETE FROM {client.quoted_id(table)} WHERE doc_id IN (SELECT doc_id FROM {client.quoted_id(table)} WHERE del = :deleted AND exp < NOW() LIMIT {limit})"  # nosec: B608
+                conn.execute(text(query), {"deleted": True})
                 logger.info(f"Cleanup expired entries in {table}")
             except Exception as exc:
                 logger.warning(f"Unable to cleanup expired entries in {table}; reason={exc}")

docker-jans-config-api/Dockerfile

@@ -74,7 +74,7 @@ RUN mkdir -p /etc/jans/conf \
     /usr/share/java \
     /opt/jans/bin
 
-ENV JANS_SOURCE_VERSION=6bcc41a0e7f2708e52fe2c950d357dc872b87498
+ENV JANS_SOURCE_VERSION=436bf147b379c2bf005f554db4b8cce3971c58ad
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 ARG JANS_CONFIG_API_RESOURCES=jans-config-api/server/src/main/resources
 

docker-jans-configurator/Dockerfile

@@ -27,7 +27,7 @@ RUN mkdir -p /opt/jans/configurator/javalibs \
 # Assets sync
 # ===========
 
-ENV JANS_SOURCE_VERSION=6bcc41a0e7f2708e52fe2c950d357dc872b87498
+ENV JANS_SOURCE_VERSION=436bf147b379c2bf005f554db4b8cce3971c58ad
 
 ARG GIT_CLONE_DEPTH=100
 WORKDIR /tmp/jans

docker-jans-fido2/Dockerfile

@@ -67,7 +67,7 @@ RUN mkdir -p /etc/jans/conf \
     /app/templates/jans-fido2 \
     /app/static/fido2
 
-ENV JANS_SOURCE_VERSION=6bcc41a0e7f2708e52fe2c950d357dc872b87498
+ENV JANS_SOURCE_VERSION=436bf147b379c2bf005f554db4b8cce3971c58ad
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 
 # note that as we're pulling from a monorepo (with multiple project in it)

docker-jans-link/Dockerfile

@@ -63,7 +63,7 @@ RUN mkdir -p /etc/jans/conf \
     /app/schema \
     /app/templates/jans-link
 
-ENV JANS_SOURCE_VERSION=6bcc41a0e7f2708e52fe2c950d357dc872b87498
+ENV JANS_SOURCE_VERSION=436bf147b379c2bf005f554db4b8cce3971c58ad
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 
 # note that as we're pulling from a monorepo (with multiple project in it)

docker-jans-persistence-loader/Dockerfile

@@ -18,7 +18,7 @@ RUN apk update \
 RUN mkdir -p /app/static /app/schema /app/static/opendj /app/templates
 
 # janssenproject/jans SHA commit
-ENV JANS_SOURCE_VERSION=6bcc41a0e7f2708e52fe2c950d357dc872b87498
+ENV JANS_SOURCE_VERSION=436bf147b379c2bf005f554db4b8cce3971c58ad
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 ARG JANS_SCRIPT_CATALOG_DIR=docs/script-catalog
 ARG JANS_CONFIG_API_RESOURCES=jans-config-api/server/src/main/resources

docker-jans-persistence-loader/scripts/sql_setup.py

@@ -264,8 +264,9 @@ def column_to_multivalued(table_name, col_name):
             # to change the storage format of a JSON column, drop the column and
             # add the column back specifying the new storage format
             with self.client.engine.connect() as conn:
-                conn.execute(f"ALTER TABLE {self.client.quoted_id(table_name)} DROP COLUMN {self.client.quoted_id(col_name)}")
-                conn.execute(f"ALTER TABLE {self.client.quoted_id(table_name)} ADD COLUMN {self.client.quoted_id(col_name)} {data_type}")
+                with conn.begin():
+                    conn.execute(text(f"ALTER TABLE {self.client.quoted_id(table_name)} DROP COLUMN {self.client.quoted_id(col_name)}"))
+                    conn.execute(text(f"ALTER TABLE {self.client.quoted_id(table_name)} ADD COLUMN {self.client.quoted_id(col_name)} {data_type}"))
 
             # force-reload metadata as we may have changed the schema before migrating old data
             self.client._metadata = None
@@ -287,7 +288,8 @@ def add_column(table_name, col_name):
 
             data_type = self.get_data_type(col_name, table_name)
             with self.client.engine.connect() as conn:
-                conn.execute(f"ALTER TABLE {self.client.quoted_id(table_name)} ADD COLUMN {self.client.quoted_id(col_name)} {data_type}")
+                with conn.begin():
+                    conn.execute(text(f"ALTER TABLE {self.client.quoted_id(table_name)} ADD COLUMN {self.client.quoted_id(col_name)} {data_type}"))
 
         def change_column_type(table_name, col_name, old_data_type, data_type):
             if self.client.dialect == "mysql":
@@ -298,27 +300,28 @@ def change_column_type(table_name, col_name, old_data_type, data_type):
                         f"ALTER COLUMN {self.client.quoted_id(col_name)} TYPE {data_type}"
 
             with self.client.engine.connect() as conn:
-                # mysql will raise error if changing type to text but the column already indexed without explicit key length
-                # hence the associated index must be dropped first
-                if self.client.dialect == "mysql" and old_data_type.startswith("VARCHAR") and data_type == "TEXT":
-                    for idx in conn.execute(
-                        text(
-                            "SELECT index_name "
-                            "FROM information_schema.statistics "
-                            "WHERE table_name = :table_name "
-                            "AND index_name LIKE :index_name "
-                            "AND column_name = :col_name;"
-                        ),
-                        {
-                            "table_name": table_name,
-                            "index_name": f"{table_name}_{col_name}",
-                            "col_name": col_name
-                        },
-                    ):
-                        conn.execute(f"ALTER TABLE {table_name} DROP INDEX {idx[0]}")
-
-                # change the type
-                conn.execute(query)
+                with conn.begin():
+                    # mysql will raise error if changing type to text but the column already indexed without explicit key length
+                    # hence the associated index must be dropped first
+                    if self.client.dialect == "mysql" and old_data_type.startswith("VARCHAR") and data_type == "TEXT":
+                        for idx in conn.execute(
+                            text(
+                                "SELECT index_name "
+                                "FROM information_schema.statistics "
+                                "WHERE table_name = :table_name "
+                                "AND index_name LIKE :index_name "
+                                "AND column_name = :col_name;"
+                            ),
+                            {
+                                "table_name": table_name,
+                                "index_name": f"{table_name}_{col_name}",
+                                "col_name": col_name
+                            },
+                        ):
+                            conn.execute(text(f"ALTER TABLE {self.client.quoted_id(table_name)} DROP INDEX {self.client.quoted_id(idx[0])}"))
+
+                    # change the type
+                    conn.execute(text(query))
 
         def column_from_multivalued(table_name, col_name):
             old_data_type = table_mapping[table_name][col_name]
@@ -334,29 +337,30 @@ def column_from_multivalued(table_name, col_name):
             }
 
             with self.client.engine.connect() as conn:
-                # mysql will raise error if dropping column which has functional index,
-                # hence the associated index must be dropped first
-                if self.client.dialect == "mysql":
-                    for idx in conn.execute(
-                        text(
-                            "SELECT index_name "
-                            "FROM information_schema.statistics "
-                            "WHERE table_name = :table_name "
-                            "AND index_name LIKE :index_name '%' "
-                            "AND expression LIKE '%' :col_name '%';"
-                        ),
-                        {
-                            "table_name": table_name,
-                            "index_name": f"{table_name}_json_",
-                            "col_name": col_name
-                        },
-                    ):
-                        conn.execute(f"ALTER TABLE {table_name} DROP INDEX {idx[0]}")
-
-                # to change the storage format of a JSON column, drop the column and
-                # add the column back specifying the new storage format
-                conn.execute(f"ALTER TABLE {self.client.quoted_id(table_name)} DROP COLUMN {self.client.quoted_id(col_name)}")
-                conn.execute(f"ALTER TABLE {self.client.quoted_id(table_name)} ADD COLUMN {self.client.quoted_id(col_name)} {data_type}")
+                with conn.begin():
+                    # mysql will raise error if dropping column which has functional index,
+                    # hence the associated index must be dropped first
+                    if self.client.dialect == "mysql":
+                        for idx in conn.execute(
+                            text(
+                                "SELECT index_name "
+                                "FROM information_schema.statistics "
+                                "WHERE table_name = :table_name "
+                                "AND index_name LIKE :index_name "
+                                "AND expression LIKE :col_name;"
+                            ),
+                            {
+                                "table_name": table_name,
+                                "index_name": f"{table_name}_json_%",
+                                "col_name": f"%{col_name}%"
+                            },
+                        ):
+                            conn.execute(text(f"ALTER TABLE {self.client.quoted_id(table_name)} DROP INDEX {self.client.quoted_id(idx[0])}"))
+
+                    # to change the storage format of a JSON column, drop the column and
+                    # add the column back specifying the new storage format
+                    conn.execute(text(f"ALTER TABLE {self.client.quoted_id(table_name)} DROP COLUMN {self.client.quoted_id(col_name)}"))
+                    conn.execute(text(f"ALTER TABLE {self.client.quoted_id(table_name)} ADD COLUMN {self.client.quoted_id(col_name)} {data_type}"))
 
             # force-reload metadata as we may have changed the schema before migrating old data
             self.client._metadata = None

docker-jans-saml/Dockerfile

@@ -39,7 +39,7 @@ RUN mkdir -p /app/static/rdbm \
     /app/schema \
     /app/templates/jans-saml
 
-ENV JANS_SOURCE_VERSION=6bcc41a0e7f2708e52fe2c950d357dc872b87498
+ENV JANS_SOURCE_VERSION=436bf147b379c2bf005f554db4b8cce3971c58ad
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 
 # note that as we're pulling from a monorepo (with multiple project in it)

docker-jans-saml/scripts/configure_kc.py

@@ -1,4 +1,3 @@
-import base64
 import os
 import json
 import logging.config
@@ -358,8 +357,8 @@ def __init__(self, manager):
             hide_parameters=True,
         )
 
-        metadata = MetaData(bind=self.engine)
-        metadata.reflect()
+        metadata = MetaData()
+        metadata.reflect(self.engine)
 
     @property
     def xa_grant_name(self):
@@ -370,7 +369,7 @@ def check_xa_recover_admin(self):
 
         with self.engine.connect() as conn:
             query = text("SHOW GRANTS FOR :username")
-            for grant in conn.execute(query, username=self.user):
+            for grant in conn.execute(query, {"username": self.user}):
                 if self.xa_grant_name in grant[0]:
                     granted = True
                     break
@@ -385,10 +384,12 @@ def grant_xa_recover_admin(self):
                 f"and KC_DB is set to 'mysql'; trying to grant required privilege {self.xa_grant_name} to {self.user!r} user ..."
             )
 
-            query = text("GRANT :grant_name ON *.* TO :username@'%';")
+            # Note: SQL identifiers (privilege names, table names) cannot be bound parameters
+            # Use quoted_identifier or direct interpolation for privilege name, bind for user
+            query = text(f"GRANT {self.xa_grant_name} ON *.* TO :username@'%';")
 
             try:
-                conn.execute(query, grant_name=self.xa_grant_name, username=self.user)
+                conn.execute(query, {"username": self.user})
             except OperationalError as exc:
                 logger.warning(f"Unable to grant {self.xa_grant_name} privilege to {self.user!r} user; reason={exc.orig.args[1]}")
 

docker-jans-scim/Dockerfile

@@ -62,7 +62,7 @@ RUN mkdir -p /etc/jans/conf \
     /app/schema \
     /app/templates/jans-scim
 
-ENV JANS_SOURCE_VERSION=6bcc41a0e7f2708e52fe2c950d357dc872b87498
+ENV JANS_SOURCE_VERSION=436bf147b379c2bf005f554db4b8cce3971c58ad
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 ARG JANS_SCIM_RESOURCE_DIR=jans-scim/server/src/main/resources
 

jans-pycloudlib/jans/pycloudlib/lock/sql_lock.py

@@ -39,9 +39,9 @@ def _prepare_table(self, table_name) -> None:
             raise_on_error = False
 
             # if error is not about duplicated table, force raising exception
-            if self._dialect in ("pgsql", "postgresql") and exc.orig.pgcode != "42P07":
+            if self.client.dialect in ("pgsql", "postgresql") and exc.orig.pgcode != "42P07":
                 raise_on_error = True
-            elif self._dialect == "mysql" and exc.orig.args[0] != 1050:
+            elif self.client.dialect == "mysql" and exc.orig.args[0] != 1050:
                 raise_on_error = True
 
             if raise_on_error:
@@ -69,14 +69,14 @@ def get(self, key: str) -> dict[str, _t.Any]:
         Returns:
             Mapping of lock data.
         """
-        stmt = select([self.table]).where(self.table.c.doc_id == key).limit(1)
+        stmt = select(self.table).where(self.table.c.doc_id == key).limit(1)
 
         with self.client.engine.connect() as conn:
             result = conn.execute(stmt)
             entry = result.fetchone()
 
             if entry:
-                rowset = dict(entry)
+                rowset = dict(entry._mapping)
                 return json.loads(rowset["jansData"]) | {"name": rowset["doc_id"]}
         return {}
 
@@ -98,12 +98,13 @@ def post(self, key: str, owner: str, ttl: float, updated_at: str) -> bool:
         )
 
         with self.client.engine.connect() as conn:
-            try:
-                result = conn.execute(stmt)
-                created = bool(result.inserted_primary_key)
-            except IntegrityError:
-                created = False
-            return created
+            with conn.begin():
+                try:
+                    result = conn.execute(stmt)
+                    created = bool(result.inserted_primary_key)
+                except IntegrityError:
+                    created = False
+                return created
 
     def put(self, key: str, owner: str, ttl: float, updated_at: str) -> bool:
         """Update specific lock.
@@ -122,8 +123,9 @@ def put(self, key: str, owner: str, ttl: float, updated_at: str) -> bool:
         )
 
         with self.client.engine.connect() as conn:
-            result = conn.execute(stmt)
-            return bool(result.rowcount)
+            with conn.begin():
+                result = conn.execute(stmt)
+                return bool(result.rowcount)
 
     def delete(self, key: str) -> bool:
         """Delete specific lock.
@@ -137,8 +139,9 @@ def delete(self, key: str) -> bool:
         stmt = self.table.delete().where(self.table.c.doc_id == key)
 
         with self.client.engine.connect() as conn:
-            result = conn.execute(stmt)
-            return bool(result.rowcount)
+            with conn.begin():
+                result = conn.execute(stmt)
+                return bool(result.rowcount)
 
     def connected(self) -> bool:
         """Check if connection is established.