fix(cloud-native): update jans-pycloudlib version used by OCI images

[iromli]

Prepare

• Read PR guidelines
• Read license information

---

Description

Target issue

closes #9283

Implementation Details

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

• I confirm that there is no impact on the docs due to the code changes in this PR.

[dryrunsecurity]

DryRun Security Summary

The provided code changes focus on updating the Janssen project's Docker images to newer versions of the source code, with a strong emphasis on security-related practices such as dependency management, secure configuration, permissions and ownership, secrets management, and logging and monitoring.

Expand for full summary

Summary:

The provided code changes appear to be focused on updating the Janssen project's Docker images to newer versions of the source code. The updates span multiple components, including the All-in-One, Auth Server, Casa, Cert Manager, Config API, FIDO2, Configurator, KC Scheduler, Persistence Loader, Link, Keycloak Link, and SCIM Server.

The key security-related observations across these changes are:

1. Dependency Management: The updates generally involve updating the JANS_SOURCE_VERSION environment variable, which likely includes security fixes and improvements to the underlying dependencies.

2. Secure Configuration: The Dockerfiles set various environment variables to configure the applications, including settings for Consul, Vault, LDAP, Couchbase, and other services. Proper configuration of these components is crucial for maintaining the overall security of the system.

3. Permissions and Ownership: The Dockerfiles create non-root users to run the applications and adjust file/directory permissions, which is a good security practice to minimize the potential impact of vulnerabilities.

4. Secrets Management: The Dockerfiles handle various secrets, such as Vault role/secret IDs and Couchbase passwords, through environment variables. Ensuring the secure storage and handling of these secrets is essential.

5. Logging and Monitoring: The Dockerfiles include configuration for logging and monitoring, such as setting up Prometheus, which can help with security-related incident detection and response.

Overall, the changes appear to be focused on maintaining and updating the Janssen project's Docker images, with a strong emphasis on security-related practices, such as dependency management, secure configuration, and least-privilege access. However, it is recommended to thoroughly review the updated source code and configurations to ensure that no new security vulnerabilities or risks are introduced.

Files Changed:

The following files were changed in this pull request:

• docker-jans-all-in-one/Dockerfile
• docker-jans-auth-server/Dockerfile
• docker-jans-casa/Dockerfile
• docker-jans-certmanager/Dockerfile
• docker-jans-config-api/Dockerfile
• docker-jans-fido2/Dockerfile
• docker-jans-configurator/Dockerfile
• docker-jans-kc-scheduler/Dockerfile
• docker-jans-persistence-loader/Dockerfile
• docker-jans-link/Dockerfile
• docker-jans-keycloak-link/Dockerfile
• docker-jans-saml/Dockerfile
• docker-jans-scim/Dockerfile

Code Analysis

We ran 9 analyzers against 13 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	13 findings

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.