2.5.36

docker · Oct 20, 2020 · 0278f6d · 0278f6d
1 parent def2528
commit 0278f6d
Show file tree

Hide file tree

Showing 23 changed files with 412 additions and 260 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -6,7 +6,7 @@ RUN yum update -y \
 RUN yum install -y wget tar unzip dos2unix patch
 
 ARG GROUPER_CONTAINER_VERSION
-ENV GROUPER_VERSION=2.5.35 \
+ENV GROUPER_VERSION=2.5.36 \
      GROUPER_CONTAINER_VERSION=$GROUPER_CONTAINER_VERSION
 
 # Install Corretto Java JDK
@@ -32,7 +32,7 @@ RUN echo 'Installing Grouper'; \
     cd /opt/grouper/$GROUPER_VERSION/ \
     && $JAVA_HOME/bin/java -cp :grouperInstaller.jar edu.internet2.middleware.grouperInstaller.GrouperInstaller
 FROM centos:centos7 as cleanup
-ENV GROUPER_VERSION=2.5.35 \
+ENV GROUPER_VERSION=2.5.36 \
     TOMEE_VERSION=7.0.0
 RUN mkdir -p /opt/grouper/grouperWebapp/
 RUN mkdir -p /opt/tomee/
@@ -88,6 +88,17 @@ COPY container_files/httpd/* /etc/httpd/conf.d/
 COPY container_files/shibboleth/* /etc/shibboleth/
 RUN cp /dev/null /etc/httpd/conf.d/ssl.conf 
 
+# keep backup of files
+RUN mkdir -p /opt/tier-support/originalFiles ; \
+  cp /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties /opt/tier-support/originalFiles 2>/dev/null ; \
+  cp /etc/httpd/conf/httpd.conf /opt/tier-support/originalFiles 2>/dev/null ; \
+  cp /etc/httpd/conf.d/ssl-enabled.conf /opt/tier-support/originalFiles 2>/dev/null ; \
+  cp /etc/httpd/conf.d/httpd-shib.conf /opt/tier-support/originalFiles 2>/dev/null ; \
+  cp /etc/httpd/conf.d/shib.conf /opt/tier-support/originalFiles 2>/dev/null ; \
+  cp /opt/tomee/conf/server.xml /opt/tier-support/originalFiles 2>/dev/null ; \
+  cp /opt/tomee/conf/Catalina/localhost/grouper.xml /opt/tier-support/originalFiles 2>/dev/null ; \
+  cp /opt/grouper/grouperWebapp/WEB-INF/web.xml /opt/tier-support/originalFiles 2>/dev/null
+
 WORKDIR /opt/grouper/grouperWebapp/WEB-INF/
 EXPOSE 80 443
 HEALTHCHECK NONE

diff --git a/container_files/tier-support/test/grouperContainerUnitTest.sh b/container_files/tier-support/test/grouperContainerUnitTest.sh
@@ -5,7 +5,7 @@ if [ "$#" -ne 4 ]; then
   exit 1
 fi
 
-expectedSuccesses=554
+expectedSuccesses=626
 
 export containerName=$1
 export imageName=$2
@@ -27,6 +27,7 @@ export failureCount=0
 . ./grouperContainerUnitTestSelfSigned.sh
 . ./grouperContainerUnitTestScim.sh
 . ./grouperContainerUnitTestWs.sh
+. ./grouperContainerUnitTestWsAuthn.sh
 . ./grouperContainerUnitTestQuickstart.sh
 . ./grouperContainerUnitTestUiSubimage.sh
 . ./grouperContainerUnitTestUiSubimageNonroot.sh
@@ -39,6 +40,7 @@ testContainerSelfSigned
 testContainerUiDifferentPorts
 testContainerScim
 testContainerWs
+testContainerWsAuthn
 testContainerQuickstart
 testContainerDaemon
 testContainerUiSubimage
@@ -47,6 +49,7 @@ testContainerUiSubimageNonroot
 dockerRemoveContainer
 dockerRemoveSubimage
 
+
 echo ""
 echo "$successCount successes, $failureCount failures"
 if [ "$successCount" = "$expectedSuccesses" ] && [ "$failureCount" = "0" ]  ; then

diff --git a/container_files/tier-support/test/grouperContainerUnitTestUi.sh b/container_files/tier-support/test/grouperContainerUnitTestUi.sh
@@ -47,6 +47,7 @@ testContainerUi() {
   assertFileNotContains /etc/httpd/conf/httpd.conf "Options Indexes"
 
   assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "/tmp/logpipe"
+  assertFileContains /opt/tomee/conf/web.xml "<session-timeout>600</session-timeout>"
   assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "grouper-ui;"
 
   assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties grouperPasswordConfigOverride_UI_GrouperSystem_pass.elConfig

diff --git a/container_files/tier-support/test/grouperContainerUnitTestUiNoSsl.sh b/container_files/tier-support/test/grouperContainerUnitTestUiNoSsl.sh
@@ -12,11 +12,11 @@ testContainerUiNoSsl() {
   echo
   echo '################'
   echo Running container as ui without SSL
-  echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_USE_SSL=false -e GROUPER_TOMCAT_LOG_ACCESS=true -e GROUPER_APACHE_DIRECTORY_INDEXES=true $imageName ui"
+  echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_USE_SSL=false -e GROUPER_TOMCAT_LOG_ACCESS=true -e GROUPER_APACHE_DIRECTORY_INDEXES=true -e GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES=30 $imageName ui"
   echo '################'
   echo
 
-  docker run --detach --name $containerName --publish 443:443 -e GROUPER_USE_SSL=false -e GROUPER_TOMCAT_LOG_ACCESS=true -e GROUPER_APACHE_DIRECTORY_INDEXES=true $imageName ui
+  docker run --detach --name $containerName --publish 443:443 -e GROUPER_USE_SSL=false -e GROUPER_TOMCAT_LOG_ACCESS=true -e GROUPER_APACHE_DIRECTORY_INDEXES=true -e GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES=30 $imageName ui
   sleep $globalSleepSecondsAfterRun
 
   assertFileExists /etc/httpd/conf.d/ssl-enabled.conf.dontuse
@@ -33,6 +33,8 @@ testContainerUiNoSsl() {
   assertFileContains /opt/tier-support/supervisord.conf "user=shibd"
   assertFileNotContains /opt/tier-support/supervisord.conf "__"
   assertFileContains /opt/tomee/conf/server.xml "AccessLogValve"
+  assertFileContains /opt/tomee/conf/web.xml "<session-timeout>30</session-timeout>"
+
 
   assertEnvVar GROUPER_TOMCAT_LOG_ACCESS "true"
   assertEnvVar GROUPERSCIM_PROXY_PASS "#"

diff --git a/container_files/tier-support/test/grouperContainerUnitTestWs.sh b/container_files/tier-support/test/grouperContainerUnitTestWs.sh
@@ -26,6 +26,10 @@ testContainerWs() {
   assertFileNotExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
   assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
 
+  assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/web.xml "<auth-method>BASIC</auth-method>"
+  assertFileNotContains /opt/tomee/conf/server.xml 'tomcatAuthentication="true"'
+  assertFileContains /opt/tomee/conf/server.xml 'tomcatAuthentication="false"'
+
   assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
   assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
   assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
@@ -38,6 +42,7 @@ testContainerWs() {
   assertFileContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt
 
   assertFileContains /opt/tomee/conf/Catalina/localhost/grouper-ws.xml 'cookies="false"'
+  assertFileContains /opt/tomee/conf/web.xml "<session-timeout>1</session-timeout>"
 
   assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "grouper-ws;"
 

diff --git a/container_files/tier-support/test/grouperContainerUnitTestWsAuthn.sh b/container_files/tier-support/test/grouperContainerUnitTestWsAuthn.sh
@@ -0,0 +1,99 @@
+#!/bin/bash
+
+testContainerWsAuthn() {
+
+  if [ "$#" -ne 0 ]; then
+    echo "You must enter exactly 0 command line arguments"
+    exit 1
+  fi
+
+  dockerRemoveContainer
+
+  echo
+  echo '################'
+  echo Running container as ws with tomcat authn
+  echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_APACHE_SERVER_NAME=https://a.b.c:443 -e GROUPER_WS_TOMCAT_AUTHN=true $imageName ws"
+  echo '################'
+  echo
+
+  docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_APACHE_SERVER_NAME=https://a.b.c:443 -e GROUPER_WS_TOMCAT_AUTHN=true $imageName ws
+  sleep $globalSleepSecondsAfterRun
+
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libScim/stax-api-1.0-2.jar
+  assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+  assertFileNotExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+  assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+  assertFileContains /opt/grouper/grouperWebapp/WEB-INF/web.xml "<auth-method>BASIC</auth-method>"
+  assertFileContains /opt/tomee/conf/server.xml 'tomcatAuthentication="true"'
+  assertFileNotContains /opt/tomee/conf/server.xml 'tomcatAuthentication="false"'
+
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
+  assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
+  assertFileNotContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
+  assertFileContains /opt/tier-support/supervisord.conf "program:tomee"
+  assertFileContains /opt/tier-support/supervisord.conf "program:httpd"
+  assertFileNotContains /opt/tier-support/supervisord.conf "user=shibd"
+  assertFileNotContains /opt/tier-support/supervisord.conf "__"
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt
+
+  assertFileContains /opt/tomee/conf/Catalina/localhost/grouper-ws.xml 'cookies="false"'
+  assertFileContains /opt/tomee/conf/web.xml "<session-timeout>1</session-timeout>"
+
+  assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "grouper-ws;"
+
+  assertFileContains /etc/httpd/conf.d/grouper-www.conf "3600"
+  assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
+
+  assertFileContains /etc/httpd/conf.d/grouper-www.conf "ServerName https://a.b.c:443"
+  assertFileContains /etc/httpd/conf.d/grouper-www.conf "UseCanonicalName On"
+
+  assertEnvVar GROUPER_APACHE_SERVER_NAME https://a.b.c:443
+  assertEnvVar GROUPERSCIM_PROXY_PASS "#"
+  assertEnvVar GROUPERSCIM_URL_CONTEXT "grouper-ws-scim"
+  assertEnvVar GROUPERWS_PROXY_PASS ""
+  assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+  assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600"
+  assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
+  assertEnvVar GROUPER_APACHE_SSL_PORT "443"
+  assertEnvVar GROUPER_CHOWN_DIRS "true"
+  assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+  assertEnvVar GROUPER_DAEMON "false"
+  assertEnvVar GROUPER_GSH_CHECK_USER "true"
+  assertEnvVar GROUPER_GSH_USER "tomcat"
+  assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+  assertEnvVar GROUPER_LOG_PREFIX "grouper-ws"
+  assertEnvVar GROUPER_MAX_MEMORY "1500m"
+  assertEnvVar GROUPER_PROXY_PASS "#"
+  assertEnvVar GROUPER_RUN_APACHE "true"
+  assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+  assertEnvVarNot GROUPER_RUN_SHIB_SP "true"
+  assertEnvVar GROUPER_RUN_TOMEE "true"
+  assertEnvVar GROUPER_SCIM "false"
+  assertEnvVar GROUPER_SCIM_GROUPER_AUTH "false"
+  assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper-ws"
+  assertEnvVar GROUPER_UI "false"
+  assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32"
+  assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+  assertEnvVarNot GROUPER_UI_ONLY "true"
+  assertEnvVar GROUPER_URL_CONTEXT "grouper"
+  assertEnvVar GROUPER_USE_SSL "true"
+  assertEnvVar GROUPER_WS "true"
+  assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+  assertEnvVar GROUPER_WS_ONLY "true"
+
+  assertNumberOfTomcatProcesses 1
+  assertNumberOfApacheProcesses 5
+  assertNumberOfShibProcesses 0
+
+  assertListeningOnPort 443
+  assertListeningOnPort 80
+  assertListeningOnPort 8009
+  assertNotListeningOnPort 9001
+
+}
+export -f testContainerWsAuthn
diff --git a/container_files/tier-support/test/rebuildTestContainer.sh b/container_files/tier-support/test/rebuildTestContainer.sh
@@ -1,14 +1,15 @@
 #/bin/bash
 
-if [ "$#" -ne 2 ]; then
-  echo "You must enter exactly 2 command line arguments: grouper base container version, grouper_container_git_base_dir"
-  echo "rebuildTestContainer.sh 2.5.33 /mnt/c/mchyzer/git/grouper_container"
+if [ "$#" -ne 3 ]; then
+  echo "You must enter exactly 3 command line arguments: grouper base image name, grouper base container version, grouper_container_git_base_dir"
+  echo "rebuildTestContainer.sh i2incommon/grouper:2.5.35 2.5.35 /mnt/c/git/grouper_container"
   exit 1
 fi
 
-export grouperBaseContainerVersion=$1
-export grouperContainerGitPath=$2
-export subimageName=my-grouper-$1
+export grouperBaseImageName=$1
+export grouperBaseContainerVersion=$2
+export grouperContainerGitPath=$3
+export subimageName=my-grouper-$2
 
 export reldir=`dirname $0`
 
@@ -18,8 +19,10 @@ rsync -avzpl $grouperContainerGitPath/container_files/usr-local-bin/* $reldir/sl
 
 rsync -avzpl $grouperContainerGitPath/container_files/tier-support/test/grouper*.sh $reldir
 
-mkdir -p $reldir/slashRoot/opt/tomee/conf
-rsync -avzpl $grouperContainerGitPath/container_files/tomee/conf/* $reldir/slashRoot/opt/tomee/conf/
+#mkdir -p $reldir/slashRoot/opt/tomee/conf
+#rsync -avzpl $grouperContainerGitPath/container_files/tomee/conf/* $reldir/slashRoot/opt/tomee/conf/
+
+sed -i "s|__BASE_CONTAINER__|$grouperBaseImageName|g" "$reldir/testContainer.Dockerfile"
 
 docker build -f $reldir/testContainer.Dockerfile -t $subimageName --build-arg GROUPER_VERSION=$grouperBaseContainerVersion $reldir
 

diff --git a/container_files/tier-support/test/testContainer.Dockerfile b/container_files/tier-support/test/testContainer.Dockerfile
@@ -1,8 +1,8 @@
 # this matches the version you decided on from release notes
 ARG GROUPER_VERSION=2.5.XX
 
-#  --build-arg GROUPER_VERSION=${VARIABLE_NAME}
-FROM i2incommon/grouper:${GROUPER_VERSION}
+#  --build-arg GROUPER_VERSION=${VARIABLE_NAME} i2incommon/grouper:${GROUPER_VERSION}
+FROM __BASE_CONTAINER__
 
 # this will overlay all the files from /opt/grouperContainer/slashRoot on to /
 COPY slashRoot /

diff --git a/container_files/tier-support/web.wsTomcatAuthn.xml b/container_files/tier-support/web.wsTomcatAuthn.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns:j2ee="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
+  version="2.4">
+
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>Web services</web-resource-name>
+      <url-pattern>/services/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+      <role-name>grouper_user</role-name>
+    </auth-constraint>
+  </security-constraint>
+
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>Web services</web-resource-name>
+      <url-pattern>/servicesRest/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+      <!-- NOTE:  This role is not present in the default users file -->
+      <role-name>grouper_user</role-name>
+    </auth-constraint>
+  </security-constraint>
+
+  <!-- Define the Login Configuration for this Application -->
+  <login-config>
+    <auth-method>BASIC</auth-method>
+    <realm-name>Grouper Application</realm-name>
+  </login-config>
+
+  <!-- Security roles referenced by this web application -->
+  <security-role>
+    <description>
+      The role that is required to log in to web service
+    </description>
+    <role-name>grouper_user</role-name>
+  </security-role>
+
+</web-app>