feat(flex-linux-setup): move flex schema to flex setup

[devrimyatar]

closes #2593

Summary by CodeRabbit

• Chores
  • Extended system schema to support Admin UI feature and webhook resource identifiers.
  • Refined database setup process with optimized initialization steps.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR adds new LDAP schema entries for Admin UI features and webhooks (uiFeatureId, webhookId attributes and auiFeatures, auiWebhooks, adminUIResourceScopesMapping object classes) to flex_schema.json, and modifies the schema setup process to call an automapper function after table creation in flex_setup.py.

Changes

Cohort / File(s)	Summary
LDAP Schema Definitions flex-linux-setup/flex_linux_setup/flex_schema.json	Adds two new attributeTypes (uiFeatureId, webhookId) and three objectClasses (auiFeatures, auiWebhooks, adminUIResourceScopesMapping) with complete structural definitions, may/must constraints, and origin metadata
Schema Setup Process flex-linux-setup/flex_linux_setup/flex_setup.py	Removes debug print statement from create_tables and adds call to self.dbUtils.rdm_automapper(True) after table creation

Possibly Related PRs

• fix(flex-linux-setup): setup imports aui_webhook.ldif #2440: Ensures aui_webhook.ldif is imported, complementing the webhook schema additions in this PR
• feat(flex-linux-setup): Admin UI and Cedarling integration #2407: Imports adminUIResourceScopesMapping LDIF that matches the objectClass and attributes defined in this schema update
• feat(flex-linux-setup):update the renamed scopes in adminUIResourceScopeMapping table #2540: Updates LDIF scope values for adminUIResourceScopesMapping, which relies on the schema definitions added here

Suggested Reviewers

• duttarnab
• iromli

Estimated Code Review Effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 A schema grows with features bright,
Webhooks dance in JSON light,
Automapper joins the dance,
Admin UI takes its chance! 🎉

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: moving flex schema to flex setup, which directly corresponds to the PR's primary objective.
Linked Issues check	✅ Passed	The PR objective aligns with issue #2593 to relocate flex schema from flex-linux-setup to flex-setup, which is demonstrated by schema additions and setup modifications.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to the objective: schema file updates and setup.py modifications to integrate schema handling within the setup component.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed for 'flex_linux_setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@flex-linux-setup/flex_linux_setup/flex_schema.json`:
- Around line 66-129: The schema adds new objectClasses (auiFeatures,
auiWebhooks, adminUIResourceScopesMapping, adminUISession) but several
attributes they reference are not defined here; add missing attributeType
definitions for url, httpMethod, httpRequestBody, httpHeaders, description,
jansResource, jansAccessType, sid, jansUsrDN, creationDate, exp (or explicitly
document they come from the Jans base schema). Locate the objectClasses named
auiWebhooks, adminUIResourceScopesMapping, and adminUISession in
flex_schema.json and either insert corresponding attributeTypes for each
referenced attribute (with appropriate OIDs, syntax, and single/multi-valued
settings) or add a clear comment/metadata indicating the external schema
provides them; ensure each attribute name matches exactly the names used in the
may/must lists.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify that attributes referenced in new objectClasses exist in base Jans schema

echo "Repository structure and schema files:"
find . -name "*schema*.json" -type f | head -20

echo -e "\n=== Searching for attribute definitions in schema files ==="

# List of attributes used in new objectClasses that should exist in base schema
ATTRS="url httpMethod httpRequestBody httpHeaders jansResource jansAccessType jansEnabled jansScope displayName description inum"

for attr in $ATTRS; do
  echo "=== Checking attribute: $attr ==="
  rg -n "\"$attr\"" --type json -g '*schema*.json' 2>/dev/null | head -3
done

Repository: GluuFederation/flex

Length of output: 2275

---

🏁 Script executed:

#!/bin/bash
# Check if flex_schema.json contains attribute definitions (not just objectClass references)
# Look for attribute definitions - typically with "kind": "ATTRIBUTE" or similar pattern

echo "=== Structure of flex_schema.json ==="
wc -l flex-linux-setup/flex_linux_setup/flex_schema.json

echo -e "\n=== Checking for attribute definitions in flex_schema.json ==="
# Look for entries that define attributes (may contain "kind": "ATTRIBUTE" or attribute-specific structure)
rg -n '"kind"' flex-linux-setup/flex_linux_setup/flex_schema.json | head -20

echo -e "\n=== Full file structure (first 50 lines) ==="
head -50 flex-linux-setup/flex_linux_setup/flex_schema.json

Repository: GluuFederation/flex

Length of output: 1565

---

🏁 Script executed:

#!/bin/bash
# Get the full content of flex_schema.json to see all attribute definitions and objectClass references
cat -n flex-linux-setup/flex_linux_setup/flex_schema.json

Repository: GluuFederation/flex

Length of output: 3748

---

Missing attribute definitions for newly added objectClasses.

The file adds three new objectClasses but references multiple attributes that are not defined in the attributeTypes section:

• auiWebhooks references: url, httpMethod, httpRequestBody, httpHeaders, description
• adminUIResourceScopesMapping references: jansResource, jansAccessType
• adminUISession references: sid, jansUsrDN, creationDate, exp

Only auiFeatureId and webhookId are defined in this schema file. The remaining attributes must exist in the base Jans schema for these objectClasses to function correctly. Add attribute definitions for all undeclared attributes to this file, or document the external dependency explicitly.

🤖 Prompt for AI Agents

In `@flex-linux-setup/flex_linux_setup/flex_schema.json` around lines 66 - 129,
The schema adds new objectClasses (auiFeatures, auiWebhooks,
adminUIResourceScopesMapping, adminUISession) but several attributes they
reference are not defined here; add missing attributeType definitions for url,
httpMethod, httpRequestBody, httpHeaders, description, jansResource,
jansAccessType, sid, jansUsrDN, creationDate, exp (or explicitly document they
come from the Jans base schema). Locate the objectClasses named auiWebhooks,
adminUIResourceScopesMapping, and adminUISession in flex_schema.json and either
insert corresponding attributeTypes for each referenced attribute (with
appropriate OIDs, syntax, and single/multi-valued settings) or add a clear
comment/metadata indicating the external schema provides them; ensure each
attribute name matches exactly the names used in the may/must lists.

[devrimyatar]

@coderabbitai we use jans setup with flex setup, so this file https://raw.githubusercontent.com/JanssenProject/jans/refs/heads/main/jans-linux-setup/jans_setup/schema/jans_schema.json is also included. No need to re-define attributes defined in file jans_schema.json

[coderabbitai]

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Fetch the jans_schema.json file to verify the attributes exist
curl -s "https://raw.githubusercontent.com/JanssenProject/jans/refs/heads/main/jans-linux-setup/jans_setup/schema/jans_schema.json" > /tmp/jans_schema.json

echo "=== Verifying attributes in jans_schema.json ==="
# Check for the attributes I flagged as missing
ATTRS="url httpMethod httpRequestBody httpHeaders description jansResource jansAccessType sid jansUsrDN creationDate exp displayName inum jansEnabled jansScope"

for attr in $ATTRS; do
  echo -n "Checking $attr: "
  if grep -q "\"$attr\"" /tmp/jans_schema.json; then
    echo "✓ Found"
  else
    echo "✗ Not found"
  fi
done

echo -e "\n=== Sample attribute definitions from jans_schema.json ==="
# Show a few examples of how attributes are defined
cat /tmp/jans_schema.json | jq '.attributeTypes[] | select(.names[] | contains("url") or contains("httpMethod") or contains("description"))' 2>/dev/null | head -40

Length of output: 993

---

@devrimyatar, thank you for the clarification! I've verified that all the attributes I flagged are indeed defined in the jans_schema.json file:

✓ All 15 attributes confirmed: url, httpMethod, httpRequestBody, httpHeaders, description, jansResource, jansAccessType, sid, jansUsrDN, creationDate, exp, displayName, inum, jansEnabled, jansScope

The schema inclusion architecture makes sense now - flex_schema.json only needs to define Flex-specific attributes and objectClasses, while relying on the base Jans schema for common attributes. This approach avoids duplication and maintains consistency across the platform.

    (\(\
    (-.-)
    o_(")(")  *thinking rabbit*

---

✏️ Learnings added

Learnt from: devrimyatar
Repo: GluuFederation/flex PR: 2614
File: flex-linux-setup/flex_linux_setup/flex_schema.json:66-129
Timestamp: 2026-01-27T14:41:16.193Z
Learning: In the GluuFederation/flex repository, flex setup uses jans setup together, and the jans_schema.json file from the Jans project (https://raw.githubusercontent.com/JanssenProject/jans/refs/heads/main/jans-linux-setup/jans_setup/schema/jans_schema.json) is included during setup. Therefore, attributes defined in jans_schema.json don't need to be redefined in flex_schema.json - only Flex-specific attributes should be added to flex_schema.json.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

---

🧠 Learnings used

Learnt from: devrimyatar
Repo: GluuFederation/flex PR: 2569
File: flex-linux-setup/flex_linux_setup/flex_schema.json:37-37
Timestamp: 2026-01-11T12:22:57.318Z
Learning: In the GluuFederation/flex repository, the flex_schema.json file in flex-linux-setup is used to generate SQL tables, not for creating LDAP attributes/objectclasses. OID values in this schema file don't need to follow strict LDAP OID validation rules since they're only used for SQL table generation.

---

Learnt from: devrimyatar
Repo: GluuFederation/flex PR: 2569
File: flex-linux-setup/flex_linux_setup/flex_schema.json:23-30
Timestamp: 2026-01-11T16:23:57.231Z
Learning: In GluuFederation/flex repository, when SQL data types are not explicitly defined in schema files like flex_schema.json, the RDBM installer determines column types using two fallback files: ldap_sql_data_type_mapping.json (which maps LDAP syntax OIDs to SQL types) and sql_data_types.json (which maps specific attribute names to SQL types). This fallback mechanism is located in the JanssenProject/jans repository under jans-linux-setup/jans_setup/static/rdbm/.
<!--

---

Learnt from: devrimyatar
Repo: GluuFederation/flex PR: 2440
File: flex-linux-setup/flex_linux_setup/flex_setup.py:519-519
Timestamp: 2025-11-11T15:17:34.651Z
Learning: In flex-linux-setup/flex_linux_setup/flex_setup.py, the webhook LDIF (aui_webhook.ldif) should only be imported during fresh Admin UI installations, not during updates. The import is correctly guarded by the check `client_check_result['2001.'] == -1` which ensures it only runs when the Admin UI Web Client doesn't already exist. Docker update workflows differ from Linux update workflows in this regard.