Merged in feature/shibui-2330 (pull request #606)

Feature/shibui 2330

Approved-by: Dmitriy Kopylenko
Approved-by: Bill Smith

testbed/smoke-test/cheat.html

@@ -0,0 +1,110 @@
+<html>
+<body>
+<h2>Reload Service</h2>
+<form action="https://idp.unicon.local/idp/profile/admin/reload-service" target="_blank" method="get">
+    <label for="id">id</label>
+    <select name="id" id="id">
+        <option value="shibboleth.LoggingService">LoggingService</option>
+        <option value="shibboleth.AttributeFilterService">AttributeFilterService</option>
+        <option value="shibboleth.AttributeResolverService">AttributeResolverService</option>
+        <option value="shibboleth.AttributeRegistryService">AttributeRegistryService</option>
+        <option value="shibboleth.NameIdentifierGenerationService">NameIdentifierGenerationService</option>
+        <option value="shibboleth.RelyingPartyResolverService">RelyingPartyResolverService</option>
+        <option value="shibboleth.MetadataResolverService">MetadataResolverService</option>
+        <option value="shibboleth.ReloadableAccessControlService">ReloadableAccessControlService</option>
+        <option value="shibboleth.ReloadableCASServiceRegistry">ReloadableCASServiceRegistry</option>
+    </select>
+    <input type="submit" />
+</form>
+<h2>Attribute Resolution</h2>
+<form action="https://idp.unicon.local/idp/profile/admin/resolvertest" target="_blank" method="get">
+    <table>
+        <tr>
+            <td>
+                <label for="requester">Requester</label>
+            </td>
+            <td>
+    <input name="requester" id="requester" type="text" />
+            </td>
+        </tr>
+        <tr>
+            <td>
+    <label for="principal">Principal</label>
+            </td>
+            <td>
+    <input name="principal" id="principal" type="text" />
+            </td>
+        </tr>
+        <tr>
+            <td>
+                <label for="acsIndex">acs index</label>
+            </td>
+            <td>
+                <input name="acsIndex" id="acsIndex" type="number" />
+            </td>
+        </tr>
+        <tr>
+            <td>
+                <label for="saml1">SAML1</label>
+            </td>
+            <td>
+                <input name="saml1" id="saml1" type="checkbox" />
+            </td>
+        </tr>
+        <tr>
+            <td>
+                <label for="saml2">SAML2</label>
+            </td>
+            <td>
+                <input name="saml2" id="saml2" type="checkbox" />
+            </td>
+        </tr>
+    </table>
+    <input type="submit" />
+
+</form>
+<form action="https://idp.unicon.local/idp/profile/admin/mdquery" target="_blank" method="get">
+    <h2>Metadata Query</h2>
+    <table>
+        <tr>
+            <td>
+                <label for="entityID">Entity ID</label>
+            </td>
+            <td>
+                <input name="entityID" id="entityID" type="text" />
+            </td>
+        </tr>
+    </table>
+    <input type="submit" />
+</form>
+<form action="https://idp.unicon.local/idp/profile/admin/reload-metadata" target="_blank" method="get">
+    <h2>Reload Metadata</h2>
+    <table>
+        <tr>
+            <td>
+                <label for="id">provider id</label>
+            </td>
+            <td>
+                <input name="id" id="provider" type="text" />
+            </td>
+        </tr>
+    </table>
+    <input type="submit" />
+</form>
+<form action="https://idp.unicon.local/idp/profile/SAML2/Unsolicited/SSO" target="_blank" method="get">
+    <h2>Unsolicited SSO</h2>
+    <table>
+        <tr>
+            <td>
+                <label for="providerId">provider id</label>
+            </td>
+            <td>
+                <input name="providerId" type="text" />
+            </td>
+        </tr>
+    </table>
+    <input type="submit" />
+</form>
+<a href="https://idp.unicon.local/idp/profile/admin/metrics" target="_blank">metrics</a>
+</body>
+</html>

testbed/smoke-test/db_configs/mariadb.application.yml

@@ -0,0 +1,13 @@
+spring:
+  profiles:
+    include:
+  datasource:
+    platform: mysql
+    driver-class-name: org.mariadb.jdbc.Driver
+    url: jdbc:mariadb://database:3306/shibui
+    username: shibui
+    password: shibui
+  jpa:
+    properties:
+      hibernate:
+        dialect: org.hibernate.dialect.MariaDB103Dialect

testbed/smoke-test/db_configs/mariadb.docker-compose.override.yml

@@ -0,0 +1,19 @@
+services:
+  database:
+    image: mariadb
+    environment:
+      MYSQL_DATABASE: shibui
+      MYSQL_USER: shibui
+      MYSQL_PASSWORD: shibui
+      MYSQL_ROOT_PASSWORD: root
+    healthcheck:
+      test: mysql -u shibui --password=shibui shibui -e "select 1"
+      interval: 5s
+      retries: 5
+      start_period: 5s
+      timeout: 10s
+  shib-idp-ui:
+    depends_on:
+      database:
+        condition: service_healthy
+

testbed/smoke-test/db_configs/mysql.application.yml

@@ -0,0 +1,13 @@
+spring:
+  profiles:
+    include:
+  datasource:
+    platform: mysql
+    driver-class-name: com.mysql.cj.jdbc.Driver
+    url: jdbc:mysql://database:3306/shibui
+    username: shibui
+    password: shibui
+  jpa:
+    properties:
+      hibernate:
+        dialect: org.hibernate.dialect.MySQL8Dialect

testbed/smoke-test/db_configs/mysql.docker-compose.override.yml

@@ -0,0 +1,19 @@
+services:
+  database:
+    image: mysql
+    environment:
+      MYSQL_DATABASE: shibui
+      MYSQL_USER: shibui
+      MYSQL_PASSWORD: shibui
+      MYSQL_ROOT_PASSWORD: root
+    healthcheck:
+      test: mysql -u shibui --password=shibui shibui -e "select 1"
+      interval: 5s
+      retries: 5
+      start_period: 5s
+      timeout: 10s
+  shib-idp-ui:
+    depends_on:
+      database:
+        condition: service_healthy
+

testbed/smoke-test/db_configs/postgres.application.yml

@@ -0,0 +1,13 @@
+spring:
+  profiles:
+    include:
+  datasource:
+    platform: postgres
+    driver-class-name: org.postgresql.Driver
+    url: jdbc:postgresql://database:5432/shibui
+    username: shibui
+    password: shibui
+  jpa:
+    properties:
+      hibernate:
+        dialect: org.hibernate.dialect.PostgreSQLDialect

testbed/smoke-test/db_configs/sqlServer.application.yml

@@ -0,0 +1,13 @@
+spring:
+  profiles:
+    include:
+  datasource:
+    platform: sqlserver
+    driver-class-name: com.microsoft.sqlserver.jdbc.SQLServerDriver
+    url: jdbc:sqlserver://database:1433
+    username: sa
+    password: Password1
+  jpa:
+    properties:
+      hibernate:
+        dialect: org.hibernate.dialect.SQLServerDialect

testbed/smoke-test/db_configs/sqlServer.docker-compose.override.yml

@@ -0,0 +1,17 @@
+services:
+  database:
+    build:
+      context: ../sqlServer
+      dockerfile: ../sqlServer/docker/Dockerfile
+    image: smoke-test_database
+#    healthcheck:
+#      test: mysql -u shibui --password=shibui shibui -e "select 1"
+#      interval: 5s
+#      retries: 5
+#      start_period: 5s
+#      timeout: 10s
+#  shib-idp-ui:
+#    depends_on:
+#      database:
+#        condition: service_healthy
+

testbed/smoke-test/docker-compose.yml

@@ -0,0 +1,110 @@
+version: "3.8"
+
+services:
+  reverse-proxy:
+    image: library/traefik:v2.5.2
+    command:
+      - "--api.insecure=true"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.web-secure.address=:443"
+      - "--providers.file.directory=/configuration/"
+      - "--providers.file.watch=true"
+      #- "--log.level=DEBUG"
+    networks:
+      reverse-proxy:
+        aliases:
+          - idp.unicon.local
+    ports:
+      - "80:80"
+      - "8080:8080"
+      - "443:443"
+      - "8443:8443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ../reverse-proxy/:/configuration/
+      - ../reverse-proxy/certs/:/certs/
+  directory:
+    build: ../directory
+    networks:
+      - idp
+    volumes:
+      - directory_data:/var/lib/ldap
+      - directory_config:/etc/ldap/slapd.d
+      - ../directory/certs:/container/service/slapd/assets/certs
+    environment:
+      LDAP_BASE_DN: "dc=unicon,dc=local"
+      LDAP_DOMAIN: "unicon.local"
+      HOSTNAME: "directory"
+      LDAP_TLS_VERIFY_CLIENT: "try"
+  database:
+    image: postgres:14-alpine
+    networks:
+      - backend
+    environment:
+      POSTGRES_PASSWORD: shibui
+      POSTGRES_USER: shibui
+      POSTGRES_DB: shibui
+  idp:
+    build: ../integration/shibboleth-idp
+    labels:
+      - "traefik.http.routers.idp.rule=Host(`idp.unicon.local`)"
+      - "traefik.http.services.idp.loadbalancer.server.port=8080"
+      - "traefik.http.routers.idp.tls=true"
+      - "traefik.docker.network=smoke-test_reverse-proxy"
+      - "traefik.enable=true"
+    depends_on:
+      - directory
+      - reverse-proxy
+    networks:
+      - reverse-proxy
+      - idp
+    volumes:
+      - dynamic_metadata:/opt/shibboleth-idp/metadata/dynamic
+      - dynamic_config:/opt/shibboleth-idp/conf/dynamic
+      - ../directory/certs/ca.crt:/opt/shibboleth-idp/credentials/ldap-server.crt
+      - ../authentication/shibboleth-idp/config/shib-idp/conf/attribute-filter.xml:/opt/shibboleth-idp/conf/attribute-filter.xml
+      - ./shibboleth-idp/conf/metadata-providers.xml:/opt/shibboleth-idp/conf/metadata-providers.xml
+      - ./shibboleth-idp/conf/access-control.xml:/opt/shibboleth-idp/conf/access-control.xml
+      - ./shibboleth-idp/metadata/test-provider-config.xml:/opt/shibboleth-idp/metadata/test-provider-config.xml
+      - ../integration/shibboleth-idp/metadata/dynamic/700bfe6fa4495100f5c193fa5b7ca4192c150923.xml:/opt/shibboleth-idp/metadata/700bfe6fa4495100f5c193fa5b7ca4192c150923.xml
+    healthcheck:
+      disable: true
+  shib-idp-ui:
+    image: unicon/shibui:latest
+    labels:
+      - "traefik.http.routers.shibui.rule=Host(`shibui.unicon.local`)"
+      - "traefik.http.services.shibui.loadbalancer.server.port=8080"
+      - "traefik.http.routers.shibui.tls=true"
+      - "traefik.docker.network=smoke-test_reverse-proxy"
+      - "traefik.enable=true"
+    depends_on:
+      database:
+        condition: service_started
+    networks:
+      - reverse-proxy
+      - backend
+    volumes:
+      - dynamic_metadata:/var/shibboleth/dynamic_metadata
+      - dynamic_config:/var/shibboleth/dynamic_config
+      - ../authentication/shibui:/conf
+      - ./shibui/application.yml:/application.yml
+      - ../integration/shibboleth-idp/credentials/shib-idp/inc-md-cert-mdq.pem:/opt/shibboleth-idp/credentials/inc-md-cert-mdq.pem
+    environment:
+      - "IDP_HOME=/opt/shibboleth-idp"
+
+networks:
+  reverse-proxy:
+  idp:
+  backend:
+volumes:
+  directory_data:
+    driver: local
+  directory_config:
+    driver: local
+  dynamic_metadata:
+    driver: local
+  dynamic_config:
+    driver: local
+  database_data:
+    driver: local

testbed/smoke-test/setdb.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+DB=$1
+
+if [[ ! "$DB" =~ ^(postgres|mariadb|mysql|sqlServer)$ ]];
+then
+    echo "argument must be one of: postgres mariadb mysql sqlServer"
+    exit 0;
+fi
+
+if [[ $DB == "postgres" ]];
+then
+rm -f docker-compose.override.yml
+else
+rm -f docker-compose.override.yml
+ln -s db_configs/$DB.docker-compose.override.yml docker-compose.override.yml
+fi
+
+rm -f shibui/application.yml
+cat shibui/application.yml.nodb db_configs/$DB.application.yml >> shibui/application.yml
+
+echo "shibui will now use the $DB container"