From 707c99c85e637aaf532f1a39d228467d0f9b60f7 Mon Sep 17 00:00:00 2001 From: Chris Hyzer Date: Thu, 20 May 2021 14:19:30 -0400 Subject: [PATCH] GRP-3467: alternative status url that is outside of the authenticated path --- Dockerfile | 4 +- .../test/grouperContainerUnitTest.sh | 2 +- .../test/grouperContainerUnitTestUi.sh | 1 + .../test/grouperContainerUnitTestUi2.sh | 6 +- ...rouperContainerUnitTestUiDifferentPorts.sh | 5 +- .../tier-support/test/rebuildTestContainer.sh | 70 +++++++++---------- container_files/usr-local-bin/libraryPrep.sh | 5 ++ .../usr-local-bin/librarySetupFilesApache.sh | 16 +++++ 8 files changed, 67 insertions(+), 42 deletions(-) diff --git a/Dockerfile b/Dockerfile index b040681d..2982e229 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ RUN yum update -y \ RUN yum install -y wget tar unzip dos2unix patch ARG GROUPER_CONTAINER_VERSION -ENV GROUPER_VERSION=2.5.50 \ +ENV GROUPER_VERSION=2.5.51 \ GROUPER_CONTAINER_VERSION=$GROUPER_CONTAINER_VERSION # Install Corretto Java JDK @@ -32,7 +32,7 @@ RUN echo 'Installing Grouper'; \ cd /opt/grouper/$GROUPER_VERSION/ \ && $JAVA_HOME/bin/java -cp :grouperInstaller.jar edu.internet2.middleware.grouperInstaller.GrouperInstaller FROM centos:centos7 as cleanup -ENV GROUPER_VERSION=2.5.50 \ +ENV GROUPER_VERSION=2.5.51 \ TOMEE_VERSION=7.0.0 RUN mkdir -p /opt/grouper/grouperWebapp/ RUN mkdir -p /opt/tomee/ diff --git a/container_files/tier-support/test/grouperContainerUnitTest.sh b/container_files/tier-support/test/grouperContainerUnitTest.sh index 013c8983..343a479c 100644 --- a/container_files/tier-support/test/grouperContainerUnitTest.sh +++ b/container_files/tier-support/test/grouperContainerUnitTest.sh @@ -5,7 +5,7 @@ if [ "$#" -ne 4 ]; then exit 1 fi -expectedSuccesses=712 +expectedSuccesses=715 export containerName=$1 export imageName=$2 diff --git a/container_files/tier-support/test/grouperContainerUnitTestUi.sh b/container_files/tier-support/test/grouperContainerUnitTestUi.sh index 2b0fdaa8..6637acf9 100644 --- a/container_files/tier-support/test/grouperContainerUnitTestUi.sh +++ b/container_files/tier-support/test/grouperContainerUnitTestUi.sh @@ -46,6 +46,7 @@ testContainerUi() { assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "RewriteRule" assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "#RewriteRule" assertFileContains /etc/httpd/conf.d/grouper-www.conf "RewriteRule" + assertFileContains /etc/httpd/conf.d/grouper-www.conf "ProxyPass /status_grouper/status ajp://localhost:8009/grouper/status timeout=2401" assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "#RewriteRule" assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__" assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem diff --git a/container_files/tier-support/test/grouperContainerUnitTestUi2.sh b/container_files/tier-support/test/grouperContainerUnitTestUi2.sh index baf03a76..68661ef7 100644 --- a/container_files/tier-support/test/grouperContainerUnitTestUi2.sh +++ b/container_files/tier-support/test/grouperContainerUnitTestUi2.sh @@ -12,11 +12,11 @@ testContainerUi2() { echo echo '################' echo Running container as ui - echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SSL_USE_STAPLING=false -e GROUPER_SSL_CERT_FILE=/a/b/cert -e GROUPER_SSL_KEY_FILE=/a/b/key -e GROUPER_SSL_CHAIN_FILE=/a/b/chain -e GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER=false $imageName ui" + echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SSL_USE_STAPLING=false -e GROUPER_SSL_CERT_FILE=/a/b/cert -e GROUPER_SSL_KEY_FILE=/a/b/key -e GROUPER_SSL_CHAIN_FILE=/a/b/chain -e GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER=false -e GROUPER_APACHE_STATUS_PATH=none $imageName ui" echo '################' echo - docker run --detach --name $containerName --publish 443:443 -e GROUPER_SSL_USE_STAPLING=false -e GROUPER_SSL_CERT_FILE=/a/b/cert -e GROUPER_SSL_KEY_FILE=/a/b/key -e GROUPER_SSL_CHAIN_FILE=/a/b/chain -e GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER=false $imageName ui + docker run --detach --name $containerName --publish 443:443 -e GROUPER_SSL_USE_STAPLING=false -e GROUPER_SSL_CERT_FILE=/a/b/cert -e GROUPER_SSL_KEY_FILE=/a/b/key -e GROUPER_SSL_CHAIN_FILE=/a/b/chain -e GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER=false -e GROUPER_APACHE_STATUS_PATH=none $imageName ui sleep $globalSleepSecondsAfterRun @@ -45,6 +45,8 @@ testContainerUi2() { assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https" assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "#RewriteRule" assertFileContains /etc/httpd/conf.d/grouper-www.conf "#RewriteRule" + assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "grouper/status" + assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__" assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt diff --git a/container_files/tier-support/test/grouperContainerUnitTestUiDifferentPorts.sh b/container_files/tier-support/test/grouperContainerUnitTestUiDifferentPorts.sh index 7f67341e..9857d002 100644 --- a/container_files/tier-support/test/grouperContainerUnitTestUiDifferentPorts.sh +++ b/container_files/tier-support/test/grouperContainerUnitTestUiDifferentPorts.sh @@ -12,11 +12,11 @@ testContainerUiDifferentPorts() { echo echo '################' echo Running container as ui with self signed cert with different ports - echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_APACHE_AJP_TIMEOUT_SECONDS=2999 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_APACHE_SSL_PORT=444 -e GROUPER_APACHE_NONSSL_PORT=81 -e GROUPER_TOMCAT_HTTP_PORT=8600 -e GROUPER_TOMCAT_AJP_PORT=8601 -e GROUPER_TOMCAT_SHUTDOWN_PORT=8602 $imageName ui" + echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_APACHE_AJP_TIMEOUT_SECONDS=2999 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_APACHE_SSL_PORT=444 -e GROUPER_APACHE_NONSSL_PORT=81 -e GROUPER_TOMCAT_HTTP_PORT=8600 -e GROUPER_TOMCAT_AJP_PORT=8601 -e GROUPER_TOMCAT_SHUTDOWN_PORT=8602 -e GROUPER_APACHE_STATUS_PATH=/status2_grouper/status $imageName ui" echo '################' echo - docker run --detach --name $containerName --publish 443:443 -e GROUPER_APACHE_AJP_TIMEOUT_SECONDS=2999 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_APACHE_SSL_PORT=444 -e GROUPER_APACHE_NONSSL_PORT=81 -e GROUPER_TOMCAT_HTTP_PORT=8600 -e GROUPER_TOMCAT_AJP_PORT=8601 -e GROUPER_TOMCAT_SHUTDOWN_PORT=8602 $imageName ui + docker run --detach --name $containerName --publish 443:443 -e GROUPER_APACHE_AJP_TIMEOUT_SECONDS=2999 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_APACHE_SSL_PORT=444 -e GROUPER_APACHE_NONSSL_PORT=81 -e GROUPER_TOMCAT_HTTP_PORT=8600 -e GROUPER_TOMCAT_AJP_PORT=8601 -e GROUPER_TOMCAT_SHUTDOWN_PORT=8602 -e GROUPER_APACHE_STATUS_PATH=/status2_grouper/status $imageName ui sleep $globalSleepSecondsAfterRun assertEnvVar GROUPER_APACHE_NONSSL_PORT "81" @@ -31,6 +31,7 @@ testContainerUiDifferentPorts() { assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "3600" assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "2400" assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__" + assertFileContains /etc/httpd/conf.d/grouper-www.conf "ProxyPass /status2_grouper/status ajp://localhost:8601/grouper/status timeout=2401" assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https" assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 444 https" assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__" diff --git a/container_files/tier-support/test/rebuildTestContainer.sh b/container_files/tier-support/test/rebuildTestContainer.sh index ea67b278..01c548b1 100644 --- a/container_files/tier-support/test/rebuildTestContainer.sh +++ b/container_files/tier-support/test/rebuildTestContainer.sh @@ -1,36 +1,36 @@ -#/bin/bash - -if [ "$#" -ne 3 ]; then - echo "You must enter exactly 3 command line arguments: grouper base image name, grouper base container version, grouper_container_git_base_dir" - echo "rebuildTestContainer.sh i2incommon/grouper:2.5.35 2.5.35 /mnt/c/git/grouper_container" - exit 1 -fi - -export grouperBaseImageName=$1 -export grouperBaseContainerVersion=$2 -export grouperContainerGitPath=$3 -export subimageName=my-grouper-$2 - -export reldir=`dirname $0` -cd $reldir - -# /mnt/c/mchyzer/git/grouper_container -mkdir -p slashRoot/usr/local/bin -rsync -avzpl $grouperContainerGitPath/container_files/usr-local-bin/* slashRoot/usr/local/bin - -mkdir -p slashRoot/etc/httpd/conf.d -rsync -avzpl $grouperContainerGitPath/container_files/httpd/* slashRoot/etc/httpd/conf.d - -mkdir -p slashRoot/opt/tier-support/originalFiles -rsync -avzpl etc/httpd/conf.d/ssl-enabled.conf slashRoot/opt/tier-support/originalFiles - -rsync -avzpl $grouperContainerGitPath/container_files/tier-support/test/grouper*.sh $reldir - -#mkdir -p slashRoot/opt/tomee/conf -#rsync -avzpl $grouperContainerGitPath/container_files/tomee/conf/* slashRoot/opt/tomee/conf/ - -sed -i "s|__BASE_CONTAINER__|$grouperBaseImageName|g" "testContainer.Dockerfile" - -docker build -f testContainer.Dockerfile -t $subimageName --build-arg GROUPER_VERSION=$grouperBaseContainerVersion $reldir - +#/bin/bash + +if [ "$#" -ne 3 ]; then + echo "You must enter exactly 3 command line arguments: grouper base image name, grouper base container version, grouper_container_git_base_dir" + echo "rebuildTestContainer.sh i2incommon/grouper:2.5.35 2.5.35 /mnt/c/git/grouper_container" + exit 1 +fi + +export grouperBaseImageName=$1 +export grouperBaseContainerVersion=$2 +export grouperContainerGitPath=$3 +export subimageName=my-grouper-$2 + +export reldir=`dirname $0` +cd $reldir + +# /mnt/c/mchyzer/git/grouper_container +mkdir -p slashRoot/usr/local/bin +rsync -avzpl $grouperContainerGitPath/container_files/usr-local-bin/* slashRoot/usr/local/bin + +mkdir -p slashRoot/etc/httpd/conf.d +rsync -avzpl $grouperContainerGitPath/container_files/httpd/* slashRoot/etc/httpd/conf.d + +mkdir -p slashRoot/opt/tier-support/originalFiles +rsync -avzpl $grouperContainerGitPath/container_files/httpd/ssl-enabled.conf slashRoot/opt/tier-support/originalFiles + +rsync -avzpl $grouperContainerGitPath/container_files/tier-support/test/grouper*.sh $reldir + +#mkdir -p slashRoot/opt/tomee/conf +#rsync -avzpl $grouperContainerGitPath/container_files/tomee/conf/* slashRoot/opt/tomee/conf/ + +sed -i "s|__BASE_CONTAINER__|$grouperBaseImageName|g" "testContainer.Dockerfile" + +docker build -f testContainer.Dockerfile -t $subimageName --build-arg GROUPER_VERSION=$grouperBaseContainerVersion $reldir + echo "Run tests with: ./grouperContainerUnitTest.sh grouper-test $subimageName:latest $grouperBaseContainerVersion $grouperBaseContainerVersion" \ No newline at end of file diff --git a/container_files/usr-local-bin/libraryPrep.sh b/container_files/usr-local-bin/libraryPrep.sh index 816b94bd..02d0502a 100644 --- a/container_files/usr-local-bin/libraryPrep.sh +++ b/container_files/usr-local-bin/libraryPrep.sh @@ -451,6 +451,11 @@ prep_finishBegin() { export GROUPER_SHIB_LOG_USE_PIPE=true fi + if [ -z "$GROUPER_APACHE_STATUS_PATH" ] ; then + echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_APACHE_STATUS_PATH=/status_grouper/status" + export GROUPER_APACHE_STATUS_PATH=/status_grouper/status + fi + #Replace web.xml session timeout with env variable if [[ -z "$GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES" ]]; then if [[ "$GROUPER_UI" != 'true' ]] && [[ "$GROUPER_WS" = 'true' ]]; then diff --git a/container_files/usr-local-bin/librarySetupFilesApache.sh b/container_files/usr-local-bin/librarySetupFilesApache.sh index 9c3c0c9a..dec78a9c 100644 --- a/container_files/usr-local-bin/librarySetupFilesApache.sh +++ b/container_files/usr-local-bin/librarySetupFilesApache.sh @@ -124,6 +124,19 @@ setupFilesApache_remoteip() { } +setupFilesApache_status() { + if [ "$GROUPER_RUN_APACHE" = "true" ] && [ ! -z "$GROUPER_APACHE_STATUS_PATH" ] && [ "$GROUPER_APACHE_STATUS_PATH" != "" ] && [ "$GROUPER_APACHE_STATUS_PATH" != "none" ] && [ -f /etc/httpd/conf.d/grouper-www.conf ] + then + echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_status) Appending status to grouper-www.conf" + echo >> /etc/httpd/conf.d/grouper-www.conf + # ProxyPass /status_grouper/status ajp://localhost:8009/grouper/status timeout=2401 + echo "ProxyPass $GROUPER_APACHE_STATUS_PATH ajp://localhost:$GROUPER_TOMCAT_AJP_PORT/$GROUPER_TOMCAT_CONTEXT/status timeout=2401" >> /etc/httpd/conf.d/grouper-www.conf + returnCode=$? + echo >> /etc/httpd/conf.d/grouper-www.conf + echo "grouperContainer; INFO: (librarySetupFilesApache.sh-setupFilesApache_status) echo \"ProxyPass $GROUPER_APACHE_STATUS_PATH ajp://localhost:$GROUPER_TOMCAT_AJP_PORT/$GROUPER_TOMCAT_CONTEXT/status timeout=2401\" >> /etc/httpd/conf.d/grouper-www.conf , result: $?" + if [ $returnCode != 0 ]; then exit $returnCode; fi + fi +} setupFilesApache_supervisor() { if [ "$GROUPER_RUN_APACHE" = "true" ] @@ -164,6 +177,7 @@ setupFilesApache() { setupFilesApache_ports setupFilesApache_remoteip setupFilesApache_ssl + setupFilesApache_status setupFilesApache_serverName setupFilesApache_indexes } @@ -174,6 +188,7 @@ setupFilesApache_unsetAll() { unset -f setupFilesApache_ports unset -f setupFilesApache_remoteip unset -f setupFilesApache_ssl + unset -f setupFilesApache_status unset -f setupFilesApache_supervisor unset -f setupFilesApache_unsetAll unset -f setupFilesApache_serverName @@ -185,6 +200,7 @@ setupFilesApache_exportAll() { export -f setupFilesApache_ports export -f setupFilesApache_remoteip export -f setupFilesApache_ssl + export -f setupFilesApache_status export -f setupFilesApache_supervisor export -f setupFilesApache_unsetAll export -f setupFilesApache_serverName