From bdd8d3cabcba12be8994940fb618f0a81620dc68 Mon Sep 17 00:00:00 2001 From: Chris Hyzer Date: Wed, 3 Mar 2021 16:19:57 -0500 Subject: [PATCH] GRP-3204: if GROUPER_WEBCLIENT_IS_SSL is false, then the server.xml secure="true" should be removed and scheme="http" adjusted --- .../test/grouperContainerUnitTest.sh | 5 +- .../test/grouperContainerUnitTestUiNoSsl.sh | 6 ++- ...grouperContainerUnitTestUiNoSslOrClient.sh | 46 +++++++++++++++++++ .../tier-support/test/rebuildTestContainer.sh | 21 +++++---- .../test/testContainer.Dockerfile | 4 +- container_files/usr-local-bin/libraryPrep.sh | 6 ++- .../usr-local-bin/librarySetupFilesTomcat.sh | 25 ++++++++++ 7 files changed, 97 insertions(+), 16 deletions(-) create mode 100644 container_files/tier-support/test/grouperContainerUnitTestUiNoSslOrClient.sh diff --git a/container_files/tier-support/test/grouperContainerUnitTest.sh b/container_files/tier-support/test/grouperContainerUnitTest.sh index a962b85b..a0f87f08 100644 --- a/container_files/tier-support/test/grouperContainerUnitTest.sh +++ b/container_files/tier-support/test/grouperContainerUnitTest.sh @@ -5,7 +5,7 @@ if [ "$#" -ne 4 ]; then exit 1 fi -expectedSuccesses=692 +expectedSuccesses=710 export containerName=$1 export imageName=$2 @@ -23,6 +23,7 @@ export failureCount=0 . ./grouperContainerUnitTestUi.sh . ./grouperContainerUnitTestUi2.sh . ./grouperContainerUnitTestUiNoSsl.sh +. ./grouperContainerUnitTestUiNoSslOrClient.sh . ./grouperContainerUnitTestUiDifferentPorts.sh . ./grouperContainerUnitTestSlashRoot.sh . ./grouperContainerUnitTestSelfSigned.sh @@ -36,6 +37,7 @@ export failureCount=0 testContainerUi testContainerUi2 testContainerUiNoSsl +testContainerUiNoSslOrClient testContainerSlashRoot testContainerSelfSigned testContainerUiDifferentPorts @@ -52,7 +54,6 @@ dockerRemoveSubimage - echo "" echo "$successCount successes, $failureCount failures" if [ "$successCount" = "$expectedSuccesses" ] && [ "$failureCount" = "0" ] ; then diff --git a/container_files/tier-support/test/grouperContainerUnitTestUiNoSsl.sh b/container_files/tier-support/test/grouperContainerUnitTestUiNoSsl.sh index 6da3e950..29c09fa7 100644 --- a/container_files/tier-support/test/grouperContainerUnitTestUiNoSsl.sh +++ b/container_files/tier-support/test/grouperContainerUnitTestUiNoSsl.sh @@ -11,7 +11,7 @@ testContainerUiNoSsl() { echo echo '################' - echo Running container as ui without SSL + echo Running container as ui without SSL with SSL client echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_USE_SSL=false -e GROUPER_TOMCAT_LOG_ACCESS=true -e GROUPER_APACHE_DIRECTORY_INDEXES=true -e GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES=30 $imageName ui" echo '################' echo @@ -33,6 +33,9 @@ testContainerUiNoSsl() { assertFileContains /opt/tier-support/supervisord.conf "user=shibd" assertFileNotContains /opt/tier-support/supervisord.conf "__" assertFileContains /opt/tomee/conf/server.xml "AccessLogValve" + assertFileContains /opt/tomee/conf/server.xml 'secure="true"' + assertFileContains /opt/tomee/conf/server.xml 'scheme="https"' + assertFileNotContains /opt/tomee/conf/server.xml 'scheme="http"' assertFileContains /opt/tomee/conf/web.xml "30" @@ -67,6 +70,7 @@ testContainerUiNoSsl() { assertEnvVar GROUPER_USE_SSL "false" assertEnvVar GROUPER_WS "false" assertEnvVar GROUPER_WS_GROUPER_AUTH "false" + assertEnvVar GROUPER_WEBCLIENT_IS_SSL "true" assertNumberOfTomcatProcesses 1 assertNumberOfApacheProcesses 5 diff --git a/container_files/tier-support/test/grouperContainerUnitTestUiNoSslOrClient.sh b/container_files/tier-support/test/grouperContainerUnitTestUiNoSslOrClient.sh new file mode 100644 index 00000000..5718c9d0 --- /dev/null +++ b/container_files/tier-support/test/grouperContainerUnitTestUiNoSslOrClient.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +testContainerUiNoSslOrClient() { + + if [ "$#" -ne 0 ]; then + echo "You must enter exactly 0 command line arguments" + exit 1 + fi + + dockerRemoveContainer + + echo + echo '################' + echo Running container as ui without SSL with non-SSL client + echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_USE_SSL=false -e GROUPER_WEBCLIENT_IS_SSL=false $imageName ui" + echo '################' + echo + + docker run --detach --name $containerName --publish 443:443 -e GROUPER_USE_SSL=false -e GROUPER_WEBCLIENT_IS_SSL=false $imageName ui + sleep $globalSleepSecondsAfterRun + + assertFileExists /etc/httpd/conf.d/ssl-enabled.conf.dontuse + assertFileExists /etc/httpd/conf.d/ssl.conf.dontuse + assertFileNotExists /etc/httpd/conf.d/ssl-enabled.conf + assertFileNotExists /etc/httpd/conf.d/ssl.conf + + assertFileNotContains /opt/tomee/conf/server.xml 'secure="true"' + assertFileNotContains /opt/tomee/conf/server.xml 'scheme="https"' + assertFileContains /opt/tomee/conf/server.xml 'scheme="http"' + + assertEnvVar GROUPER_USE_SSL "false" + assertEnvVar GROUPER_WEBCLIENT_IS_SSL "false" + + + assertNumberOfTomcatProcesses 1 + assertNumberOfApacheProcesses 5 + assertNumberOfShibProcesses 1 + + assertNotListeningOnPort 443 + assertListeningOnPort 80 + assertListeningOnPort 8009 + assertNotListeningOnPort 9001 + + +} +export -f testContainerUiNoSsl diff --git a/container_files/tier-support/test/rebuildTestContainer.sh b/container_files/tier-support/test/rebuildTestContainer.sh index 7b31f21b..ea67b278 100644 --- a/container_files/tier-support/test/rebuildTestContainer.sh +++ b/container_files/tier-support/test/rebuildTestContainer.sh @@ -12,24 +12,25 @@ export grouperContainerGitPath=$3 export subimageName=my-grouper-$2 export reldir=`dirname $0` +cd $reldir # /mnt/c/mchyzer/git/grouper_container -mkdir -p $reldir/slashRoot/usr/local/bin -rsync -avzpl $grouperContainerGitPath/container_files/usr-local-bin/* $reldir/slashRoot/usr/local/bin +mkdir -p slashRoot/usr/local/bin +rsync -avzpl $grouperContainerGitPath/container_files/usr-local-bin/* slashRoot/usr/local/bin -mkdir -p $reldir/slashRoot/etc/httpd/conf.d -rsync -avzpl $grouperContainerGitPath/container_files/httpd/* $reldir/slashRoot/etc/httpd/conf.d +mkdir -p slashRoot/etc/httpd/conf.d +rsync -avzpl $grouperContainerGitPath/container_files/httpd/* slashRoot/etc/httpd/conf.d -mkdir -p $reldir/slashRoot/opt/tier-support/originalFiles -rsync -avzpl $reldir/etc/httpd/conf.d/ssl-enabled.conf $reldir/slashRoot/opt/tier-support/originalFiles +mkdir -p slashRoot/opt/tier-support/originalFiles +rsync -avzpl etc/httpd/conf.d/ssl-enabled.conf slashRoot/opt/tier-support/originalFiles rsync -avzpl $grouperContainerGitPath/container_files/tier-support/test/grouper*.sh $reldir -#mkdir -p $reldir/slashRoot/opt/tomee/conf -#rsync -avzpl $grouperContainerGitPath/container_files/tomee/conf/* $reldir/slashRoot/opt/tomee/conf/ +#mkdir -p slashRoot/opt/tomee/conf +#rsync -avzpl $grouperContainerGitPath/container_files/tomee/conf/* slashRoot/opt/tomee/conf/ -sed -i "s|__BASE_CONTAINER__|$grouperBaseImageName|g" "$reldir/testContainer.Dockerfile" +sed -i "s|__BASE_CONTAINER__|$grouperBaseImageName|g" "testContainer.Dockerfile" -docker build -f $reldir/testContainer.Dockerfile -t $subimageName --build-arg GROUPER_VERSION=$grouperBaseContainerVersion $reldir +docker build -f testContainer.Dockerfile -t $subimageName --build-arg GROUPER_VERSION=$grouperBaseContainerVersion $reldir echo "Run tests with: ./grouperContainerUnitTest.sh grouper-test $subimageName:latest $grouperBaseContainerVersion $grouperBaseContainerVersion" \ No newline at end of file diff --git a/container_files/tier-support/test/testContainer.Dockerfile b/container_files/tier-support/test/testContainer.Dockerfile index 7f3ccd83..27001cff 100644 --- a/container_files/tier-support/test/testContainer.Dockerfile +++ b/container_files/tier-support/test/testContainer.Dockerfile @@ -1,8 +1,8 @@ # this matches the version you decided on from release notes -ARG GROUPER_VERSION=2.5.40 +ARG GROUPER_VERSION=2.5.XX # --build-arg GROUPER_VERSION=${VARIABLE_NAME} i2incommon/grouper:${GROUPER_VERSION} -FROM i2incommon/grouper:2.5.40 +FROM i2incommon/grouper:2.5.XX # this will overlay all the files from /opt/grouperContainer/slashRoot on to / COPY slashRoot / diff --git a/container_files/usr-local-bin/libraryPrep.sh b/container_files/usr-local-bin/libraryPrep.sh index b58baa3a..816b94bd 100644 --- a/container_files/usr-local-bin/libraryPrep.sh +++ b/container_files/usr-local-bin/libraryPrep.sh @@ -367,8 +367,12 @@ prep_finishBegin() { fi fi + if [ -z "$GROUPER_WEBCLIENT_IS_SSL" ] ; then + + echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_WEBCLIENT_IS_SSL=true (browser or WS client is SSL)" + export GROUPER_WEBCLIENT_IS_SSL=true - + fi if [ -z "$GROUPER_RUN_PROCESSES_AS_USERS" ]; then echo "grouperContainer; INFO: (libraryPrep.sh-prep_finishBegin) export GROUPER_RUN_PROCESSES_AS_USERS=true" diff --git a/container_files/usr-local-bin/librarySetupFilesTomcat.sh b/container_files/usr-local-bin/librarySetupFilesTomcat.sh index 6590c2e5..7a8d9f35 100644 --- a/container_files/usr-local-bin/librarySetupFilesTomcat.sh +++ b/container_files/usr-local-bin/librarySetupFilesTomcat.sh @@ -9,6 +9,7 @@ setupFilesTomcat() { setupFilesTomcat_ports setupFilesTomcat_accessLogs setupFilesTomcat_sessionTimeout + setupFilesTomcat_ssl } @@ -232,12 +233,35 @@ setupFilesTomcat_sessionTimeout() { fi } +setupFilesTomcat_ssl() { + + if [ "$GROUPER_WEBCLIENT_IS_SSL" = "false" ] + then + sed -i 's|secure="true"||g' /opt/tomee/conf/server.xml + returnCode=$? + echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_ssl) based on GROUPER_WEBCLIENT_IS_SSL, sed -i 's|secure=\"true\"||g' /opt/tomee/conf/server.xml , result=$returnCode" + if [ $returnCode != 0 ] && [ "$GROUPER_ORIGFILE_SERVER_XML" = "true" ] + then + exit $returnCode + fi + sed -i 's|scheme="https"|scheme="http"|g' /opt/tomee/conf/server.xml + returnCode=$? + echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_ssl) based on GROUPER_WEBCLIENT_IS_SSL, sed -i 's|scheme=\"https\"|scheme=\"http\"|g' /opt/tomee/conf/server.xml , result=$returnCode" + if [ $returnCode != 0 ] && [ "$GROUPER_ORIGFILE_SERVER_XML" = "true" ] + then + exit $returnCode + fi + fi +} + + setupFilesTomcat_unsetAll() { unset -f setupFilesTomcat unset -f setupFilesTomcat_authn unset -f setupFilesTomcat_context unset -f setupFilesTomcat_ports + unset -f setupFilesTomcat_ssl unset -f setupFilesTomcat_supervisor unset -f setupFilesTomcat_unsetAll unset -f setupFilesTomcat_accessLogs @@ -253,6 +277,7 @@ setupFilesTomcat_exportAll() { export -f setupFilesTomcat_authn export -f setupFilesTomcat_context export -f setupFilesTomcat_ports + export -f setupFilesTomcat_ssl export -f setupFilesTomcat_supervisor export -f setupFilesTomcat_unsetAll export -f setupFilesTomcat_accessLogs