GRP-2862: turn off directory indexes in apache in container

container_files/httpd/httpd.conf.noindexes.patch

@@ -0,0 +1,11 @@
+--- httpd.conf.20200720	2020-07-19 14:50:57.470136000 +0000
++++ httpd.conf	2020-07-19 14:51:35.994475000 +0000
+@@ -141,7 +141,7 @@
+     # http://httpd.apache.org/docs/2.4/mod/core.html#options
+     # for more information.
+     #
+-    Options Indexes FollowSymLinks
++    Options FollowSymLinks
+
+     #
+     # AllowOverride controls what directives may be placed in .htaccess files.

container_files/tier-support/test/grouperContainerUnitTestUi.sh

@@ -40,6 +40,8 @@ testContainerUi() {
 
   assertFileContains /opt/tomee/conf/Catalina/localhost/grouper.xml 'cookies="true"'
 
+  assertFileNotContains /etc/httpd/conf/httpd.conf "Options Indexes"
+
   assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "/tmp/logpipe"
   assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "grouper-ui;"
 

container_files/tier-support/test/grouperContainerUnitTestUiNoSsl.sh

@@ -12,7 +12,7 @@ testContainerUiNoSsl() {
   echo
   echo '################'
   echo Running container as ui without SSL
-  echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_USE_SSL=false -e GROUPER_TOMCAT_LOG_ACCESS=true $imageName ui"
+  echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_USE_SSL=false -e GROUPER_TOMCAT_LOG_ACCESS=true -e GROUPER_APACHE_DIRECTORY_INDEXES=true $imageName ui"
   echo '################'
   echo
 
@@ -24,6 +24,8 @@ testContainerUiNoSsl() {
   assertFileNotExists /etc/httpd/conf.d/ssl-enabled.conf
   assertFileNotExists /etc/httpd/conf.d/ssl.conf
 
+  assertFileContains /etc/httpd/conf/httpd.conf "Options Indexes"
+
   assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
   assertFileContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
   assertFileContains /opt/tier-support/supervisord.conf "program:tomee"

container_files/usr-local-bin/libraryPrep.sh

@@ -152,6 +152,7 @@ prep_finishBegin() {
 
     if [ -z "$GROUPER_APACHE_SSL_PORT" ] ; then export GROUPER_APACHE_SSL_PORT=443; fi
     if [ -z "$GROUPER_APACHE_NONSSL_PORT" ] ; then export GROUPER_APACHE_NONSSL_PORT=80; fi
+    if [ -z "$GROUPER_APACHE_DIRECTORY_INDEXES" ] ; then export GROUPER_APACHE_DIRECTORY_INDEXES=false; fi
 
     if [ -z "$GROUPER_GSH_CHECK_USER" ] ; then export GROUPER_GSH_CHECK_USER=true; fi
     if [ -z "$GROUPER_GSH_USER" ] ; then export GROUPER_GSH_USER=tomcat; fi

container_files/usr-local-bin/librarySetupFilesApache.sh

@@ -1,5 +1,14 @@
 #!/bin/bash
 
+setupFilesApache_indexes() {
+    if [ "$GROUPER_APACHE_DIRECTORY_INDEXES" = "false" ]
+      then
+        # take out the directory indexes from the docroot
+        cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.pre_noindexes
+        patch /etc/httpd/conf/httpd.conf /etc/httpd/conf.d/httpd.conf.noindexes.patch
+    fi
+}
+
 setupFilesApache_selfSignedCert() {
     if [ "$GROUPER_RUN_APACHE" = "true" ] && [ "$GROUPER_SELF_SIGNED_CERT" = "true" ] && [ "$GROUPER_USE_SSL" = "true" ]
        then
@@ -74,10 +83,12 @@ setupFilesApache() {
   setupFilesApache_ports
   setupFilesApache_ssl
   setupFilesApache_serverName
+  setupFilesApache_indexes
 }
 
 setupFilesApache_unsetAll() {
   unset -f setupFilesApache
+  unset -f setupFilesApache_indexes
   unset -f setupFilesApache_logging
   unset -f setupFilesApache_ports
   unset -f setupFilesApache_selfSignedCert
@@ -89,6 +100,7 @@ setupFilesApache_unsetAll() {
 
 setupFilesApache_exportAll() {
   export -f setupFilesApache
+  export -f setupFilesApache_indexes
   export -f setupFilesApache_logging
   export -f setupFilesApache_ports
   export -f setupFilesApache_selfSignedCert