SHIBUI-2262

Testbed files for sqlserver

testbed/sqlServer/conf/application.yml

@@ -0,0 +1,138 @@
+spring:
+  profiles:
+    include:
+  datasource:
+    platform: sqlserver
+    driver-class-name: com.microsoft.sqlserver.jdbc.SQLServerDriver
+    url: jdbc:sqlserver://db:1433
+    username: sa
+    password: Password1
+  jpa:
+    properties:
+      hibernate:
+        dialect: org.hibernate.dialect.SQLServerDialect
+#server:
+#  port: 8443
+#  ssl:
+#    key-store: "/conf/keystore.p12"
+#    key-store-password: "changeit"
+#    keyStoreType: "PKCS12"
+#    keyAlias: "tomcat"
+shibui:
+  user-bootstrap-resource: file:/conf/users.csv
+  roles: ROLE_ADMIN,ROLE_NONE,ROLE_USER,ROLE_PONY
+custom:
+  attributes:
+    # Default attributes
+    - name: eduPersonPrincipalName
+      displayName: label.attribute-eduPersonPrincipalName
+    - name: uid
+      displayName: label.attribute-uid
+    - name: mail
+      displayName: label.attribute-mail
+    - name: surname
+      displayName: label.attribute-surname
+    - name: givenName
+      displayName: label.attribute-givenName
+    - name: eduPersonAffiliation
+      displayName: label.attribute-eduPersonAffiliation
+    - name: eduPersonScopedAffiliation
+      displayName: label.attribute-eduPersonScopedAffiliation
+    - name: eduPersonPrimaryAffiliation
+      displayName: label.attribute-eduPersonPrimaryAffiliation
+    - name: eduPersonEntitlement
+      displayName: label.attribute-eduPersonEntitlement
+    - name: eduPersonAssurance
+      displayName: label.attribute-eduPersonAssurance
+    - name: eduPersonUniqueId
+      displayName: label.attribute-eduPersonUniqueId
+    - name: employeeNumber
+      displayName: label.attribute-employeeNumber
+  # Custom attributes
+  overrides:
+    # Default overrides
+    - name: signAssertion
+      displayName: label.sign-the-assertion
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.sign-assertion
+      attributeName: http://shibboleth.net/ns/profiles/saml2/sso/browser/signAssertions
+      attributeFriendlyName: signAssertions
+    - name: dontSignResponse
+      displayName: label.dont-sign-the-response
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.dont-sign-response
+      attributeName: http://shibboleth.net/ns/profiles/saml2/sso/browser/signResponses
+      attributeFriendlyName: signResponses
+    - name: turnOffEncryption
+      displayName: label.turn-off-encryption-of-response
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.turn-off-encryption
+      attributeName: http://shibboleth.net/ns/profiles/encryptAssertions
+      attributeFriendlyName: encryptAssertions
+    - name: useSha
+      displayName: label.use-sha1-signing-algorithm
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.usa-sha-algorithm
+      persistType: string
+      persistValue: shibboleth.SecurityConfiguration.SHA1
+      attributeName: http://shibboleth.net/ns/profiles/securityConfiguration
+      attributeFriendlyName: securityConfiguration
+    - name: ignoreAuthenticationMethod
+      displayName: label.ignore-any-sp-requested-authentication-method
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.ignore-auth-method
+      persistType: string
+      persistValue: 0x1
+      attributeName: http://shibboleth.net/ns/profiles/disallowedFeatures
+      attributeFriendlyName: disallowedFeatures
+    - name: omitNotBefore
+      displayName: label.omit-not-before-condition
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.omit-not-before-condition
+      attributeName: http://shibboleth.net/ns/profiles/includeConditionsNotBefore
+      attributeFriendlyName: includeConditionsNotBefore
+    - name: responderId
+      displayName: label.responder-id
+      displayType: string
+      defaultValue: null
+      helpText: tooltip.responder-id
+      attributeName: http://shibboleth.net/ns/profiles/responderId
+      attributeFriendlyName: responderId
+    - name: nameIdFormats
+      displayName: label.nameid-format-to-send
+      displayType: set
+      helpText: tooltip.nameid-format
+      defaultValues:
+        - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
+        - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
+        - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
+        - urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+      attributeName: http://shibboleth.net/ns/profiles/nameIDFormatPrecedence
+      attributeFriendlyName: nameIDFormatPrecedence
+    - name: authenticationMethods
+      displayName: label.authentication-methods-to-use
+      displayType: set
+      helpText: tooltip.authentication-methods-to-use
+      defaultValues:
+        - https://refeds.org/profile/mfa
+        - urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken
+        - urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
+      attributeName: http://shibboleth.net/ns/profiles/defaultAuthenticationMethods
+      attributeFriendlyName: defaultAuthenticationMethods
+    - name: forceAuthn
+      displayName: label.force-authn
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.force-authn
+      attributeName: http://shibboleth.net/ns/profiles/forceAuthn
+      attributeFriendlyName: forceAuthn
+logging:
+  level:
+    org.pac4j: "TRACE"
+    org.opensaml: "INFO"

testbed/sqlServer/conf/users.csv

@@ -0,0 +1,2 @@
+root,{bcrypt}$2a$10$V1jeTIc0b2u7Y3yU.LqkXOPRVTBFc7SW07QaJR4KrBAmWGgTcO9H.,first,last,ROLE_ADMIN,user1@example.org
+admin,{bcrypt}$2a$10$V1jeTIc0b2u7Y3yU.LqkXOPRVTBFc7SW07QaJR4KrBAmWGgTcO9H.,first,last,ROLE_ADMIN,jj@example.org

testbed/sqlServer/docker-compose.yml

@@ -0,0 +1,29 @@
+version: "3.7"
+
+services:
+  db:
+    container_name: db
+    ports:
+      - 1433:1433
+    build:
+      context: .
+      dockerfile: docker/Dockerfile
+    networks:
+      - front
+  shibui:
+    image: unicon/shibui
+    ports:
+      - 8080:8080
+      - 5005:5005
+      - 8443:8443
+    volumes:
+      - ./conf:/conf
+      - ./conf/application.yml:/application.yml
+    depends_on:
+      - db
+    networks:
+      - front
+
+networks:
+  front:
+    driver: bridge

testbed/sqlServer/docker/Dockerfile

@@ -0,0 +1,9 @@
+FROM mcr.microsoft.com/mssql/server:2019-latest
+
+ENV ACCEPT_EULA=Y
+ENV SA_PASSWORD=Password1
+
+COPY ./docker/scripts /
+
+ENTRYPOINT [ "/bin/bash", "entrypoint.sh" ]
+CMD [ "/opt/mssql/bin/sqlservr" ]

testbed/sqlServer/docker/scripts/entrypoint.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+set -e
+
+if [ "$1" = '/opt/mssql/bin/sqlservr' ]; then
+  # If this is the container's first run, initialize the application database
+  if [ ! -f /tmp/app-initialized ]; then
+    # Initialize the application database asynchronously in a background process. This allows a) the SQL Server process to be the main process in the container, which allows graceful shutdown and other goodies, and b) us to only start the SQL Server process once, as opposed to starting, stopping, then starting it again.
+    function initialize_app_database() {
+      # Wait a bit for SQL Server to start. SQL Server's process doesn't provide a clever way to check if it's up or not, and it needs to be up before we can import the application database
+      sleep 15s
+
+      #run the setup script to create the DB and the schema in the DB
+      /opt/mssql-tools/bin/sqlcmd -S db -U sa -P Password1 -d master -i setup.sql
+
+      # Note that the container has been initialized so future starts won't wipe changes to the data
+      touch /tmp/app-initialized
+    }
+    initialize_app_database &
+  fi
+fi
+
+exec "$@"

testbed/sqlServer/docker/scripts/setup.sql

@@ -0,0 +1,10 @@
+CREATE DATABASE shibui;
+GO
+USE shibui;
+GO
+CREATE LOGIN shibui WITH PASSWORD = 'shibuiPass1';
+GO
+CREATE USER shibui FOR LOGIN shibui;
+GO
+EXEC sp_addrolemember 'db_owner', 'shibui';
+GO