.gitignore

@@ -7,3 +7,4 @@ bin/run.sh
 bin/start.sh
 bin/stop.sh
 bin/test.sh
+/.project

Dockerfile

@@ -1,99 +1,57 @@
-FROM centos:centos7 as installing
-
+FROM rockylinux/rockylinux:8 as installing
 RUN yum update -y \
-    && yum install -y wget tar unzip dos2unix \
+    && yum install -y wget tar unzip dos2unix patch \
     && yum clean all
+
+RUN yum install -y wget tar unzip dos2unix patch
 
 ARG GROUPER_CONTAINER_VERSION
-
-ENV GROUPER_VERSION=2.4.0 \
-     JAVA_HOME=/usr/lib/jvm/zulu-8/ \
+ENV GROUPER_VERSION=2.5.52 \
      GROUPER_CONTAINER_VERSION=$GROUPER_CONTAINER_VERSION
 
-# use Zulu package
-RUN rpm --import http://repos.azulsystems.com/RPM-GPG-KEY-azulsystems \
-       && curl -o /etc/yum.repos.d/zulu.repo http://repos.azulsystems.com/rhel/zulu.repo \
-       && yum -y install zulu-8 
-
-#RUN java_version=8.0.172; \
-#    zulu_version=8.30.0.1; \
-#    echo 'Downloading the OpenJDK Zulu...' \
-#    && wget -q http://cdn.azul.com/zulu/bin/zulu$zulu_version-jdk$java_version-linux_x64.tar.gz \
-#    && echo "0a101a592a177c1c7bc63738d7bc2930  zulu$zulu_version-jdk$java_version-linux_x64.tar.gz" | md5sum -c - \
-#    && tar -zxvf zulu$zulu_version-jdk$java_version-linux_x64.tar.gz -C /opt \
-#    && ln -s /opt/zulu$zulu_version-jdk$java_version-linux_x64 $JAVA_HOME
-
-#RUN java_version=8u151; \
-#    java_bnumber=12; \
-#    java_semver=1.8.0_151; \
-#    java_hash=123b1d755416aa7579abc03f01ab946e612e141b6f7564130f2ada00ed913f1d; \
-#    echo 'Downloading the Oracle Java...' \ 
-#    && wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" \
-#    http://download.oracle.com/otn-pub/java/jdk/$java_version-b$java_bnumber/e758a0de34e24606bca991d704f6dcbf/server-jre-$java_version-linux-x64.tar.gz \
-#    && echo "$java_hash  server-jre-$java_version-linux-x64.tar.gz" | sha256sum -c - \
-#    && tar -zxvf server-jre-$java_version-linux-x64.tar.gz -C /opt \
-#    && ln -s /opt/jdk$java_semver/ $JAVA_HOME
+# Install Corretto Java JDK
+#Corretto download page: https://docs.aws.amazon.com/corretto/latest/corretto-8-ug/downloads-list.html
+ARG CORRETTO_URL_PERM=https://corretto.aws/downloads/latest/amazon-corretto-8-x64-linux-jdk.rpm
+ARG CORRETTO_RPM=amazon-corretto-8-x64-linux-jdk.rpm
+COPY container_files/java-corretto/corretto-signing-key.pub .
+RUN curl -O -L $CORRETTO_URL_PERM \
+    && rpm --import corretto-signing-key.pub \
+    && rpm -K $CORRETTO_RPM \
+    && rpm -i $CORRETTO_RPM \
+    && rm -r corretto-signing-key.pub $CORRETTO_RPM
+ENV JAVA_HOME=/usr/lib/jvm/java-1.8.0-amazon-corretto
 
 RUN echo 'Downloading Grouper Installer...' \
     && mkdir -p /opt/grouper/$GROUPER_VERSION \
-    && wget -q -O /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar http://software.internet2.edu/grouper/release/$GROUPER_VERSION/grouperInstaller.jar
-
+    && wget -q -O /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar https://oss.sonatype.org/service/local/repositories/releases/content/edu/internet2/middleware/grouper/grouper-installer/$GROUPER_VERSION/grouper-installer-$GROUPER_VERSION.jar
 COPY container_files/grouper.installer.properties /opt/grouper/$GROUPER_VERSION
 # Temporary morphString file used for building, not used in production
 COPY container_files/morphString.properties /opt/grouper/$GROUPER_VERSION
-
-
 RUN echo 'Installing Grouper'; \
     PATH=$PATH:$JAVA_HOME/bin; \
     cd /opt/grouper/$GROUPER_VERSION/ \
     && $JAVA_HOME/bin/java -cp :grouperInstaller.jar edu.internet2.middleware.grouperInstaller.GrouperInstaller
-
-
-
-FROM centos:centos7 as cleanup
-
-ENV GROUPER_VERSION=2.4.0 \
-    TOMCAT_VERSION=8.5.42 \    
+FROM rockylinux/rockylinux:8 as cleanup
+ENV GROUPER_VERSION=2.5.52 \
     TOMEE_VERSION=7.0.0
-
+RUN mkdir -p /opt/grouper/grouperWebapp/
+RUN mkdir -p /opt/tomee/
 COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouperInstaller.jar /opt/grouper/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.apiBinary-$GROUPER_VERSION/ /opt/grouper/grouper.apiBinary/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.ui-$GROUPER_VERSION/dist/grouper/ /opt/grouper/grouper.ui/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.ws-$GROUPER_VERSION/grouper-ws/build/dist/grouper-ws/ /opt/grouper/grouper.ws/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.ws-$GROUPER_VERSION/grouper-ws-scim/targetBuiltin/grouper-ws-scim/ /opt/grouper/grouper.scim/
-#COPY --from=installing /opt/grouper/$GROUPER_VERSION/grouper.clientBinary-$GROUPER_VERSION/ /opt/grouper/grouper.clientBinary/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/apache-tomcat-$TOMCAT_VERSION/ /opt/tomcat/
-COPY --from=installing /opt/grouper/$GROUPER_VERSION/apache-tomee-webprofile-$TOMEE_VERSION/ /opt/tomee/
+COPY --from=installing /opt/grouper/$GROUPER_VERSION/container/tomee/ /opt/tomee/
+COPY --from=installing /opt/grouper/$GROUPER_VERSION/container/webapp/ /opt/grouper/grouperWebapp/
+RUN ls /opt/grouper/grouperWebapp/
 COPY --from=installing /etc/alternatives/java /etc/alternatives/java
-
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.11.0/log4j-core-2.11.0.jar /opt/tomcat/bin
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.11.0/log4j-api-2.11.0.jar /opt/tomcat/bin
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-jul/2.11.0/log4j-jul-2.11.0.jar /opt/tomcat/bin
-
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.11.0/log4j-core-2.11.0.jar /opt/tomee/bin
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.11.0/log4j-api-2.11.0.jar /opt/tomee/bin
-ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-jul/2.11.0/log4j-jul-2.11.0.jar /opt/tomee/bin
-
-RUN cd /opt/grouper/grouper.apiBinary/; \
-    rm -fr ddlScripts/ grouper.properties grouper.lck grouper.log grouper.script grouper.tmp/ gshAddGrouperSystemWsGroup.gsh logs/
-
-RUN cd /opt/tomcat/; \
-    chmod +r bin/log4j-*.jar; \
-    rm -fr webapps/docs/ webapps/examples/ webapps/host-manager/ webapps/manager/ webapps/ROOT/ logs/* temp/* work/* conf/logging.properties
-
+RUN ls /opt/grouper/
+RUN ls /opt/grouper/grouperWebapp/WEB-INF
+#ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.11.0/log4j-core-2.11.0.jar /opt/tomee/bin
+#ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.11.0/log4j-api-2.11.0.jar /opt/tomee/bin
+#ADD https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-jul/2.11.0/log4j-jul-2.11.0.jar /opt/tomee/bin
 RUN cd /opt/tomee/; \
-    chmod +r bin/log4j-*.jar; \
     rm -fr webapps/docs/ webapps/host-manager/ webapps/manager/ logs/* temp/* work/* conf/logging.properties
-
-COPY container_files/api/* /opt/grouper/grouper.apiBinary/conf/
-COPY container_files/ui/ /opt/grouper/grouper.ui/WEB-INF/
-COPY container_files/ws/ /opt/grouper/grouper.ws/WEB-INF/
-COPY container_files/tomcat/ /opt/tomcat/
+COPY container_files/api/* /opt/grouper/grouperWebapp/WEB-INF/classes/
 COPY container_files/tomee/ /opt/tomee/
 
-
-FROM tier/shibboleth_sp:3.0.4_03122019
-
+FROM tier/shibboleth_sp:3.1.0_04172020
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
       Vendor="TIER" \
       ImageType="Grouper" \
@@ -102,53 +60,65 @@ LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
 
 ARG GROUPER_CONTAINER_VERSION
 
-ENV JAVA_HOME=/usr/lib/jvm/zulu-8/ \
-    PATH=$PATH:$JAVA_HOME/bin \
-    GROUPER_HOME=/opt/grouper/grouper.apiBinary \
+ENV PATH=$PATH:$JAVA_HOME/bin \
+    GROUPER_HOME=/opt/grouper/grouperWebapp/WEB-INF \
     GROUPER_CONTAINER_VERSION=$GROUPER_CONTAINER_VERSION
-
 RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime
-
 RUN yum update -y \
-    && yum install -y cron logrotate python-pip \
+    && yum install -y cron logrotate python-pip rsync sudo patch supervisor \
     && pip install --upgrade pip \
-    && pip install supervisor \
     && yum clean -y all
+#COPY --from=installing $JAVA_HOME $JAVA_HOME
+# do this again so its in rpm history
+ARG CORRETTO_URL_PERM=https://corretto.aws/downloads/latest/amazon-corretto-8-x64-linux-jdk.rpm
+ARG CORRETTO_RPM=amazon-corretto-8-x64-linux-jdk.rpm
+COPY container_files/java-corretto/corretto-signing-key.pub .
+RUN curl -O -L $CORRETTO_URL_PERM \
+    && rpm --import corretto-signing-key.pub \
+    && rpm -K $CORRETTO_RPM \
+    && rpm -i $CORRETTO_RPM \
+    && rm -r corretto-signing-key.pub $CORRETTO_RPM
+ENV JAVA_HOME=/usr/lib/jvm/java-1.8.0-amazon-corretto
 
-COPY --from=installing $JAVA_HOME $JAVA_HOME
-COPY --from=cleanup /opt/tomcat/ /opt/tomcat/
 COPY --from=cleanup /opt/tomee/ /opt/tomee/
 COPY --from=cleanup /opt/grouper/ /opt/grouper/
-
 RUN groupadd -r tomcat \
     && useradd -r -m -s /sbin/nologin -g tomcat tomcat \
-    && mkdir -p /opt/tomcat/logs/ /opt/tomcat/temp/ /opt/tomcat/work/ \
-    && chown -R tomcat:tomcat /opt/tomcat/logs/ /opt/tomcat/temp/ /opt/tomcat/work/ \
-    && chown -R tomcat:tomcat /opt/tomee/logs/ /opt/tomee/temp/ /opt/tomee/work/ \
-    && ln -s $JAVA_HOME/bin/java /etc/alternatives/java
-
-# does shib sp3 not generate these files?
-# RUN rm /etc/shibboleth/sp-key.pem /etc/shibboleth/sp-cert.pem
-
+    && rm -f /etc/alternatives/java \
+    && ln -s $JAVA_HOME/bin/java /etc/alternatives/java \
+    && mkdir -p /opt/tomee/conf/Catalina/localhost/ \
+    && mkdir /opt/hsqldb
+
 COPY container_files/tier-support/ /opt/tier-support/
 COPY container_files/usr-local-bin/ /usr/local/bin/
+RUN chmod +x /usr/local/bin/*.sh
 COPY container_files/httpd/* /etc/httpd/conf.d/
 COPY container_files/shibboleth/* /etc/shibboleth/
-
-RUN cp /dev/null /etc/httpd/conf.d/ssl.conf \
-    && sed -i 's/LogFormat "/LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;/g' /etc/httpd/conf/httpd.conf \
-    && echo -e "\nErrorLogFormat \"httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i\"" >> /etc/httpd/conf/httpd.conf \
-    && sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \
-    && sed -i 's/ErrorLog "logs\/error_log"/ErrorLog "\/tmp\/logpipe"/g' /etc/httpd/conf/httpd.conf \
-    && echo -e "\nPassEnv ENV" >> /etc/httpd/conf/httpd.conf \
-    && echo -e "\nPassEnv USERTOKEN" >> /etc/httpd/conf/httpd.conf
-
-WORKDIR /opt/grouper/grouper.apiBinary/
-
+RUN cp /dev/null /etc/httpd/conf.d/ssl.conf 
+
+# this is to improve openshift
+RUN touch /opt/grouper/grouperEnv.sh \
+    && mkdir -p /opt/tomee/work/Catalina/localhost/ \
+    && chown -R tomcat:root  /opt/grouper/ /etc/httpd/conf/ /home/tomcat/ /opt/tomee/ /usr/local/bin /etc/httpd/conf.d/ /opt/hsqldb/ /opt/tier-support/ \
+    && chmod -R g+rwx /opt/grouper/ /etc/httpd/conf/ /home/tomcat/ /opt/tomee/ /usr/local/bin /etc/httpd/conf.d/ /opt/hsqldb/ /opt/tier-support/
+
+# keep backup of files
+RUN mkdir -p /opt/tier-support/originalFiles ; \
+  cp /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties /opt/tier-support/originalFiles 2>/dev/null ; \
+  cp /etc/httpd/conf/httpd.conf /opt/tier-support/originalFiles 2>/dev/null ; \
+  cp /etc/httpd/conf.d/ssl-enabled.conf /opt/tier-support/originalFiles 2>/dev/null ; \
+  cp /etc/httpd/conf.d/httpd-shib.conf /opt/tier-support/originalFiles 2>/dev/null ; \
+  cp /etc/httpd/conf.d/shib.conf /opt/tier-support/originalFiles 2>/dev/null ; \
+  cp /opt/tomee/conf/server.xml /opt/tier-support/originalFiles 2>/dev/null ; \
+  cp /opt/tomee/conf/Catalina/localhost/grouper.xml /opt/tier-support/originalFiles 2>/dev/null ; \
+  cp /opt/grouper/grouperWebapp/WEB-INF/web.xml /opt/tier-support/originalFiles 2>/dev/null
+
+# Export this variable so that shibd can find its CURL library
+RUN LD_LIBRARY_PATH="/opt/shibboleth/lib64"
+RUN export LD_LIBRARY_PATH
+
+WORKDIR /opt/grouper/grouperWebapp/WEB-INF/
 EXPOSE 80 443
-
 HEALTHCHECK NONE
-
 ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
-
-CMD ["bin/gsh", "-loader"]
+# CMD ["bin/gsh.sh", "-loader"]

Jenkinsfile

@@ -12,7 +12,7 @@ pipeline {
                 script {
                     maintainer = maintain()
                     imagename = imagename()
-                    if(env.BRANCH_NAME == "master") {
+                    if(env.BRANCH_NAME == "main") {
                        tag = "latest"
                     } else {
                        tag = env.BRANCH_NAME
@@ -51,12 +51,17 @@ pipeline {
             steps {
                 script {
                   try{
-                      docker.withRegistry('https://registry.hub.docker.com/',   "dockerhub-$maintainer") {
+                      // statically defining jenkins credential value dockerhub-tier
+                      docker.withRegistry('https://registry.hub.docker.com/',   "dockerhub-tier") {
                         baseImg = docker.build("$maintainer/$imagename", "--build-arg GROUPER_CONTAINER_VERSION=$tag --no-cache .")
                       }
+                      // test the environment 
+                      // sh 'cd test-compose && ./compose.sh'
+                      // bring down after testing
+                      // sh 'cd test-compose && docker-compose down'
                   } catch(error) {
                      def error_details = readFile('./debug');
-                     def message = "BUILD ERROR: There was a problem building ${imagename}:${tag}. \n\n ${error_details}"
+                      def message = "BUILD ERROR: There was a problem building ${maintainer}/${imagename}:${tag}. \n\n ${error_details}"
                      sh "rm -f ./debug"
                      handleError(message)
                   }
@@ -70,7 +75,7 @@ pipeline {
                      sh 'bin/test.sh 2>&1 | tee debug ; test ${PIPESTATUS[0]} -eq 0'
                    } catch (error) {
                      def error_details = readFile('./debug')
-                     def message = "BUILD ERROR: There was a problem testing ${imagename}:${tag}. \n\n ${error_details}"
+                     def message = "BUILD ERROR: There was a problem testing ${maintainer}/${imagename}:${tag}. \n\n ${error_details}"
                      sh "rm -f ./debug"
                      handleError(message)
                    } 
@@ -81,21 +86,8 @@ pipeline {
         stage('Push') {
             steps {
                 script {
-                      //// scan the image with clair
-                      // sh 'docker run -p 5432:5432 -d --name clairdb arminc/clair-db:latest'
-                      // sh 'docker run -p 6060:6060 --link clairdb:postgres -d --name clair arminc/clair-local-scan:v2.0.5'
-                      // sh 'curl -L -o clair-scanner https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64'
-                      // sh 'chmod 755 clair-scanner'
-                      // sh "./clair-scanner --ip 172.17.0.1 -r test.out $maintainer/$imagename:latest"
-                      //// test the environment
-                      // sh 'docker kill clairdb'
-                      // sh 'docker rm clairdb'
-                      // sh 'docker kill clair'
-                      // sh 'docker rm clair'
-                      // sh 'cd test-compose && ./compose.sh'
-                      //// bring down after testing
-                      //sh 'cd test-compose && docker-compose down'
-                      docker.withRegistry('https://registry.hub.docker.com/',   "dockerhub-$maintainer") {
+                        // statically defining jenkins credential value dockerhub-tier
+                        docker.withRegistry('https://registry.hub.docker.com/',   "dockerhub-tier") {
                         baseImg.push("$tag")
                       }
                   }

LICENSE

@@ -7,7 +7,7 @@
    1. Definitions.
 
       "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
+      and distribution as defined by Sections 1 through 9 of this document
 
       "Licensor" shall mean the copyright owner or entity authorized by
       the copyright owner that is granting the License.

common.bash

@@ -1,2 +1,2 @@
-maintainer="tier"
+maintainer="i2incommon"
 imagename="grouper"

container_files/api/log4j.properties

@@ -26,36 +26,32 @@
 
 # Appenders
 
-## Grouper API event logging
-log4j.appender.grouper_event                            = org.apache.log4j.FileAppender
-log4j.appender.grouper_event.file                       = /tmp/logpipe
-log4j.appender.grouper_event.append                     = true
-log4j.appender.grouper_event.layout                     = org.apache.log4j.PatternLayout
-log4j.appender.grouper_event.layout.ConversionPattern   = grouper-api;grouper_event.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-
 ## Grouper API error logging
 log4j.appender.grouper_error                            = org.apache.log4j.FileAppender
 log4j.appender.grouper_error.file                       = /tmp/logpipe
-log4j.appender.grouper_errot.append                     = true
+log4j.appender.grouper_error.append                     = true
 log4j.appender.grouper_error.layout                     = org.apache.log4j.PatternLayout
-log4j.appender.grouper_error.layout.ConversionPattern   = grouper-api;grouper_error.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
+log4j.appender.grouper_error.layout.ConversionPattern   = __GROUPER_LOG_PREFIX__;grouper_error.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
 #log4j.appender.grouper_error.layout.ConversionPattern   = %d{ISO8601}: %m%n
 
-# Debug logging (Or: logging that I haven't cleaned up yet to send elsewhere)
-log4j.appender.grouper_debug                            = org.apache.log4j.FileAppender
-log4j.appender.grouper_debug.file                       = /tmp/logpipe
-log4j.appender.grouper_debug.append                     = true
-log4j.appender.grouper_debug.layout                     = org.apache.log4j.PatternLayout
-#log4j.appender.grouper_debug.layout.ConversionPattern   = %d{ISO8601} %5p %c{2}: %m%n
-log4j.appender.grouper_debug.layout.ConversionPattern   = grouper-api;grouper_debug.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
-
-## Benchmark logging
-log4j.appender.grouper_gb                               = org.apache.log4j.FileAppender
-log4j.appender.grouper_gb.file                          = /tmp/logpipe
-log4j.appender.grouper_gb.append                        = true
-log4j.appender.grouper_gb.layout                        = org.apache.log4j.PatternLayout
-#log4j.appender.grouper_gb.layout.ConversionPattern      = %d{ISO8601} %5p %c{2}: %m%n
-log4j.appender.grouper_gb.layout.ConversionPattern      = grouper-api;grouper_bench.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
+log4j.appender.grouper_daemon = org.apache.log4j.DailyRollingFileAppender
+log4j.appender.grouper_daemon.File = /tmp/logpipe
+log4j.appender.grouper_daemon.append = true
+log4j.appender.grouper_daemon.layout = org.apache.log4j.PatternLayout
+log4j.appender.grouper_daemon.layout.ConversionPattern = __GROUPER_LOG_PREFIX__;grouperDaemon.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
+
+log4j.appender.grouper_pspng = org.apache.log4j.FileAppender
+log4j.appender.grouper_pspng.File = /tmp/logpipe
+log4j.appender.grouper_pspng.append = true
+log4j.appender.grouper_pspng.layout = org.apache.log4j.PatternLayout
+log4j.appender.grouper_pspng.layout.ConversionPattern = __GROUPER_LOG_PREFIX__;pspng.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
+
+log4j.appender.grouper_provisioning                               = org.apache.log4j.FileAppender
+log4j.appender.grouper_provisioning.file                          = /tmp/logpipe
+log4j.appender.grouper_provisioning.append                        = true
+log4j.appender.grouper_provisioning.layout                        = org.apache.log4j.PatternLayout
+log4j.appender.grouper_provisioning.layout.ConversionPattern      = __GROUPER_LOG_PREFIX__;provisioning.log;${ENV};${USERTOKEN};%d{ISO8601}: [%t] %-5p %C{1}.%M(%L) - %x - %m%n
+
 
 # Loggers
 
@@ -65,69 +61,16 @@ log4j.rootLogger  = ERROR, grouper_error
 ## All Internet2 (warn to grouper_error per default logger)
 log4j.logger.edu.internet2.middleware = WARN
 
+log4j.logger.edu.internet2.middleware.grouper.app.loader.GrouperLoaderLog = DEBUG, grouper_daemon
+log4j.additivity.edu.internet2.middleware.grouper.app.loader.GrouperLoaderLog = false
+
+log4j.logger.edu.internet2.middleware.grouper.pspng = INFO, grouper_pspng
+log4j.additivity.edu.internet2.middleware.grouper.pspng = false
 
-# Provisioning : PSP (version 2.1+)
-log4j.logger.edu.internet2.middleware.psp = INFO
-
-# Provisioning : vt-ldap
-# log4j.logger.edu.vt.middleware.ldap = INFO
-
-# Provisioning : Grouper plugin to Shibboleth attribute resolver
-# log4j.logger.edu.internet2.middleware.grouper.shibboleth = INFO
-
-
-# For more precise (or verbose) logging, enable one or more of the
-# following logging directives.  To remove duplicate entries, just change the 
-# level, and not where to send the logs
-# http://robertmarkbramprogrammer.blogspot.com/2007/06/log4j-duplicate-lines-in-output.html
-
-## Grouper Event Logging
-## * Logs at _info_ only
-log4j.logger.edu.internet2.middleware.grouper.log.EventLog        = INFO, grouper_event
-log4j.logger.edu.internet2.middleware.grouper.RegistryInstall = INFO, grouper_event
-
-## Grouper Error Logging
-## * Logs at _warn_, _fatal_ and _error_ only (by default this is WARN due to internet2 below)
-#log4j.logger.edu.internet2.middleware.grouper              = WARN, grouper_error
-
-## Grouper Debug Logging
-## * NOTE: There is currently VERY LITTLE (useful) information sent to this.
-## * Logs at _info_ only currently
-#log4j.logger.edu.internet2.middleware.grouper              = INFO, grouper_debug
-
-## Grouper XML Export + Import Logging
-## TODO Integrate with normal logging
-log4j.logger.edu.internet2.middleware.grouper.xml.XmlExporter           = INFO, grouper_event
-log4j.logger.edu.internet2.middleware.grouper.xml.XmlImporter           = INFO, grouper_event
-
-## Grouper Benchmark Logging
-log4j.logger.edu.internet2.middleware.grouper.bench                 = INFO, grouper_gb
-
-## Grouper script to add missing group sets
-log4j.logger.edu.internet2.middleware.grouper.misc.AddMissingGroupSets   = INFO, grouper_event
-
-## Grouper Sync Point in Time Tables
-log4j.logger.edu.internet2.middleware.grouper.misc.SyncPITTables   = INFO, grouper_event
-
-## Grouper Sync Stem Set Table
-log4j.logger.edu.internet2.middleware.grouper.misc.SyncStemSets      = INFO, grouper_event
-
-## Grouper Migrate Legacy Attributes
-log4j.logger.edu.internet2.middleware.grouper.misc.MigrateLegacyAttributes = INFO, grouper_event
-
-### Subject API
-#log4j.logger.edu.internet2.middleware.subject                       = ERROR, grouper_error
-#log4j.logger.edu.internet2.middleware.subject.provider              = ERROR, grouper_error
-### Hibernate 
-#log4j.logger.org.hibernate                                          = ERROR, grouper_error
-### ehcache
-#log4j.logger.net.sf.ehcache                                         = ERROR, grouper_error
-### Spring
-#log4j.logger.org.springframework                                    = ERROR, grouper_error
-
-## Grouper Stress Testing
-log4j.logger.edu.internet2.middleware.grouper.stress                = INFO, grouper_debug
+log4j.logger.edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningObjectLog = DEBUG, grouper_provisioning
+log4j.additivity.edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningObjectLog = false
 
+log4j.logger.edu.internet2.middleware.grouper.app.syncToGrouper.SyncToGrouperFromSqlDaemon = DEBUG
 
 #######################################################
 ##Optional settings for debug logs

container_files/grouper.installer.properties

@@ -1,46 +1,5 @@
-# this should be before the version number
 download.server.url = https://software.internet2.edu/grouper
-# default version to install
-grouper.version = 2.4.0
-# print out autorun keys in prompts so you can easily see how to configure the autorun
-grouperInstaller.print.autorunKeys = true
-# default to install or upgrade (default is install)
-grouperInstaller.default.installOrUpgrade = install
-
-##############################
-## Autorun properties
-##
-## If you uncomment one of these properties it will be used as empty, only uncomment to use
-##
-##############################
-
-grouperInstaller.autorun.forceInstallPatch = t
-grouperInstaller.autorun.installAllPatches = false
-grouperInstaller.autorun.installPatchesUpToACertainPatchLevel = true
-# 2.4.0-a91-u56-w11-p12-20200210-rc1
-grouperInstaller.autorun.installPatchesUpToThesePatchLevels = grouper_v2_4_0_api_patch_91,grouper_v2_4_0_ui_patch_56,grouper_v2_4_0_ws_patch_11,grouper_v2_4_0_pspng_patch_12
-
-
-#### set this to true to try to use defaults for everything.  Only things without default values will need to be set
+grouperInstaller.default.installOrUpgrade = buildContainer
 grouperInstaller.autorun.useDefaultsAsMuchAsAvailable = true
-########## AUTORUN PROPERTIES WITH NO DEFAULT OR ARE COMMONLY CHANGED
-## Note: not all of them need to be filled out for all operations
-# autorun grouper system password (its not secure to have a plain text pass in a config file)
-grouperInstaller.autorun.grouperSystemPassword = XXXXXXXXXX
-
-grouperInstaller.autorun.deleteAndInitDatabase = t
-grouperInstaller.autorun.addQuickstartData = f
-grouperInstaller.autorun.installClient = f
-
-grouperInstaller.autorun.installGrouperActiveMqMessaging = f
-grouperInstaller.autorun.activeMqWhereInstalled = /opt/grouper/2.4.0/grouper.apiBinary-2.4.0/
-
-grouperInstaller.autorun.installGrouperAwsSqsMessaging = t
-grouperInstaller.autorun.AwsSqsWhereInstalled = /opt/grouper/2.4.0/grouper.apiBinary-2.4.0/
-
-grouperInstaller.autorun.installGrouperRabbitMqMessaging = t
-grouperInstaller.autorun.rabbitMqWhereInstalled = /opt/grouper/2.4.0/grouper.apiBinary-2.4.0/
-
-# disable installing pspng, for now
-grouperInstaller.autorun.installPspng = t
-grouperInstaller.autorun.installPsp = f
+grouperInstaller.webAppWillBeInContainer = /opt/grouper/grouperWebapp
+grouperInstaller.autorun.buildContainerUseExistingJarIfExists = false

container_files/httpd/grouper-www.conf

@@ -1,20 +1,21 @@
 
-Timeout 2400
-ProxyTimeout 2400
+Timeout __GROUPER_APACHE_AJP_TIMEOUT_SECONDS__
+ProxyTimeout __GROUPER_APACHE_AJP_TIMEOUT_SECONDS__
 ProxyBadHeader Ignore
 
-ProxyPass /grouper ajp://localhost:8009/grouper  timeout=2400
-ProxyPass /grouper-ws ajp://localhost:8009/grouper-ws  timeout=2400
-ProxyPass /grouper-ws-scim ajp://localhost:8009/grouper-ws-scim  timeout=2400
+# the variable for _ _GROUPER_APACHE_AJP_TIMEOUT_SECONDS_ _ will be replaced to default for one hour on startup env var $GROUPER_APACHE_AJP_TIMEOUT_SECONDS
+# the variable for _ _THE_AJP_URL_ _ (no spaces) will be replaced with something like: ajp://localhost:port/grouper   on startup
+# the variable for _ _GROUPER_PROXY_PASS_ _ (no spaces) will be replaced with comment or blank on startup if running grouper url
+# the variable for _ _GROUPERWS_PROXY_PASS_ _ (no spaces) will be replaced with comment or blank on startup if running grouper-ws url
+# the variable for _ _GROUPERSCIM_PROXY_PASS_ _ (no spaces) will be replaced with comment of blank on startup if running grouper-ws-scim url
+# the variable for _ _GROUPER_TOMCAT_CONTEXT_ _ (no spaces) will be replaced with the env var $GROUPER_TOMCAT_CONTEXT
+# the variable for _ _GROUPER_URL_CONTEXT_ _ (no spaces) will be replaced with the env var $GROUPER_URL_CONTEXT
+# the variable for _ _GROUPERWS_URL_CONTEXT_ _ (no spaces) will be replaced with the env var $GROUPERWS_URL_CONTEXT
+# the variable for _ _GROUPERSCIM_URL_CONTEXT_ _ (no spaces) will be replaced with the env var $GROUPERSCIM_URL_CONTEXT
+__GROUPER_PROXY_PASS__ProxyPass /__GROUPER_URL_CONTEXT__ ajp://localhost:8009/__GROUPER_TOMCAT_CONTEXT__ timeout=__GROUPER_APACHE_AJP_TIMEOUT_SECONDS__ retry=5
+__GROUPERWS_PROXY_PASS__ProxyPass /__GROUPERWS_URL_CONTEXT__ ajp://localhost:8009/__GROUPER_TOMCAT_CONTEXT__ timeout=__GROUPER_APACHE_AJP_TIMEOUT_SECONDS__ retry=5
+__GROUPERSCIM_PROXY_PASS__ProxyPass /__GROUPERSCIM_URL_CONTEXT__ ajp://localhost:8009/__GROUPER_TOMCAT_CONTEXT__ timeout=__GROUPER_APACHE_AJP_TIMEOUT_SECONDS__ retry=5
 
-RewriteEngine on
-RewriteCond %{REQUEST_URI} "^/$"
-RewriteRule . %{REQUEST_SCHEME}://%{HTTP_HOST}/grouper/ [R=301,L]
+__GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER__RewriteEngine on
+__GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER__RewriteRule "^/$" "/__GROUPER_URL_CONTEXT__/" [R]
 
-<Location /grouper>
-  AuthType shibboleth
-  ShibRequestSetting requireSession 1
-  ShibRequireSession on
-  ShibUseHeaders On
-  require shibboleth
-</Location>

container_files/httpd/httpd.conf.noindexes.patch

@@ -0,0 +1,11 @@
+--- httpd.conf.20200720	2020-07-19 14:50:57.470136000 +0000
++++ httpd.conf	2020-07-19 14:51:35.994475000 +0000
+@@ -141,7 +141,7 @@
+     # http://httpd.apache.org/docs/2.4/mod/core.html#options
+     # for more information.
+     #
+-    Options Indexes FollowSymLinks
++    Options FollowSymLinks
+
+     #
+     # AllowOverride controls what directives may be placed in .htaccess files.

container_files/httpd/ssl-enabled.conf

@@ -5,22 +5,23 @@ SSLHonorCipherOrder     on
 SSLCompression          off
 
 # OCSP Stapling, only in httpd 2.3.3 and later
-SSLUseStapling          on
+SSLUseStapling __GROUPER_SSL_USE_STAPLING__
 SSLStaplingResponderTimeout 5
 SSLStaplingReturnResponderErrors off
 SSLStaplingCache        shmcb:/var/run/ocsp(128000)
 
-Listen 443 https
-<VirtualHost *:443>
-  RewriteEngine on
-  RewriteRule   "^/$"  "/grouper/"  [R]
+Listen __GROUPER_APACHE_SSL_PORT__ https
+<VirtualHost *:__GROUPER_APACHE_SSL_PORT__>
+
+__GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER__RewriteEngine on
+__GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER__RewriteRule "^/$" "/grouper/"  [R]
 
   SSLEngine on
-  SSLCertificateChainFile /etc/pki/tls/certs/cachain.pem
+  SSLCertificateChainFile __GROUPER_SSL_CHAIN_FILE__
 
-  SSLCertificateFile /etc/pki/tls/certs/host-cert.pem
+  SSLCertificateFile __GROUPER_SSL_CERT_FILE__
 
-  SSLCertificateKeyFile /etc/pki/tls/private/host-key.pem
+  SSLCertificateKeyFile __GROUPER_SSL_KEY_FILE__
 
   # HSTS (mod_headers is required) (15768000 seconds = 6 months)
   Header always set Strict-Transport-Security "max-age=15768000"

container_files/java-corretto/corretto-signing-key.pub

@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.22 (GNU/Linux)
+
+mQINBF3pShkBEADJzglehQDFlc1+9VFubVPzpq8ZYtzmJkNjf09scOUzaKZOm3Ar
+mPh9Rufk4mB7t1LP4JeHAKAS17ggCHGVxRGXAAQ9Laf8ibX4SiFO3Ehyyl3smuFf
+ZhexBnvc7vRc4EUlKqarCQRUlaraDOrmq7WbhXdvCgc4u2uBLwUjAd3PHQUByAZw
+lsEQzpQnehNomjrE0pO6ms9AhmpbXlf/yr14EXvlo4lTd8QUdvS+AOCYfrHb9WGO
+IEsyyDuzuf2grV/QFpoi0VBhTCyiNYXla2AfCreMGlOCYsjw1nU93OyAqF3SaTOC
+o52yrzcb2NpbBDwRXOHNwe1md+DbRwEfkaWr5I91FqRpgEeawqyxY1miJRHduhsz
+WTgTMBF/EQfmTspD2YBX/BjNJTrdDXYvACX8slVV/vBnpi+dEpVEK3hh21ij991S
+lv8YoFnoC7XP44C7WNpVQpGW9ZWpnjLCvm3DMKW0r3Vfb3XDYhnHI1Q14Pxn0cwf
+x1L2RA4doyWd1TRZBFBe2f0vSkZT0YFaibKaKi6AkDIMU/+u+/e3wWbYXqzsSITj
+ffMkpMMNSwxbm8JqnsudjuzdEsYAiBUcFMwWysQDcyu63un2OmLKLfKxy19vCpS1
+8mkNy95JuO4jZtu+IiinvSSjlbJmslu3uK3/cTRsWaB7BRtHewE7SugMOwARAQAB
+tEhBbWF6b24gU2VydmljZXMgTExDIChBbWF6b24gQ29ycmV0dG8gcmVsZWFzZSkg
+PGNvcnJldHRvLXRlYW1AYW1hem9uLmNvbT6JAjEEEwECABsFAl3pShkCGy8FCQlm
+AYAFFQgKCQsCHgECF4AACgkQoSJUKrBPJOOJDg/6AqmntaxDWX6qfR++0qwtD9Lp
+vgONFvA+9AYQeGt7OX79O/SSPy97Kvn6DYRBdelShTAH60DbXCUs42sIRFqRjmHY
+HfIgOkUJjWoJz9oQnY+mzAKbOohCrR+YIvyCegFb0dboDaqSQ4w68+d1is7L84pz
+ZB2j0nrQDbFihPmR+epfHkLUGGywuZHCdEFfD8nXMOJeVbgSzf7Vhl8ZrydIkZTI
+7aASG5MkDO/GuVpEGQYAnH9h/jzJlfUKndswC6UFcM5Ol07pDPdHVBAi9q1SyxDe
+uSS1NgDW7OW7zgpB+4/PrZKKiEP/fBAWa9nFSLwTaMdsoaAuQAmmgbqYfy3XXKK7
+IBaKSnJpQDvNb0vmXJEY3qX2Bfh0p1KCeaQhYwIJi8rPQWC24fiLY9bdCIlkbbPQ
+CSNOEq9nUWRg9KbUGmd/PWSkT6Jheyq3BZBF1YPYEt8o/l437HHd08lREqH0sana
+Hb72GZTi2RUrNBBp5C1e8MqllXE6RKmri2m0TSBHR5C4ZLII9duyA839dYIA4KGU
+nmetZckuRuwHFmd3/YWtMEfn47UedzhVT16z3OvBipHU1BKzLGcvUFXrUKvpJQlh
+dNPUQh+wb91EzItjkJ96m+N+81iQdN3yd8cE38NTA8b+Qc7tmTYxwNZxcv16FxLA
+y2VhKc09A8RwSI69vDs=
+=ZNRH
+-----END PGP PUBLIC KEY BLOCK-----

container_files/tier-support/httpd-shib.conf

@@ -0,0 +1,7 @@
+<Location /grouper>
+  AuthType shibboleth
+  ShibRequestSetting requireSession 1
+  ShibRequireSession on
+  ShibUseHeaders On
+  require shibboleth
+</Location>

container_files/tier-support/supervisord-base.conf

@@ -0,0 +1,16 @@
+[supervisord]
+logfile=/tmp/logsuperd                               ; supervisord log file
+logfile_maxbytes=0                           ; maximum size of logfile before rotation
+loglevel=error                                  ; info, debug, warn, trace
+nodaemon=true                                  ; run supervisord as a daemon
+__GROUPER_RUN_PROCESSES_AS_USERS__user=root                                       ; default user
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock         ; use a unix:// URL  for a unix socket
+
+; Our processes
+; writing output to stdout (1) and err (2) (for Docker logging) and disabling log rotation
+

container_files/tier-support/supervisord-hsqldb.conf

@@ -0,0 +1,10 @@
+[program:hsqldb]
+__GROUPER_RUN_PROCESSES_AS_USERS__user=tomcat
+directory=/opt/hsqldb
+command=/usr/lib/jvm/java-1.8.0-amazon-corretto/bin/java -cp /opt/grouper/grouperWebapp/WEB-INF/lib/hsqldb-2.3.5.jar org.hsqldb.Server -port 9001 -database.0 file:/opt/hsqldb/grouperHSQL -dbname.0 grouper
+stderr_logfile = /tmp/loghsqldb
+stderr_logfile_maxbytes=0
+stdout_logfile = /tmp/loghsqldb
+stdout_logfile_maxbytes=0
+
+

container_files/tier-support/supervisord-httpd.conf

@@ -0,0 +1,7 @@
+[program:httpd]
+command=httpd -DFOREGROUND
+stderr_logfile = /tmp/loghttpd
+stderr_logfile_maxbytes=0
+stdout_logfile = /tmp/loghttpd
+stdout_logfile_maxbytes=0
+

container_files/tier-support/supervisord-shibsp.conf

@@ -0,0 +1,9 @@
+[program:shibbolethsp]
+__GROUPER_RUN_PROCESSES_AS_USERS__user=shibd
+command=/usr/sbin/shibd -f -F
+stderr_logfile = /tmp/logshibd
+stderr_logfile_maxbytes=0
+stdout_logfile = /tmp/logshibd
+stdout_logfile_maxbytes=0
+
+

container_files/tier-support/supervisord-tomee.conf

@@ -1,31 +1,9 @@
-[supervisord]
-logfile=/tmp/logsuperd                               ; supervisord log file
-logfile_maxbytes=0                           ; maximum size of logfile before rotation
-loglevel=error                                  ; info, debug, warn, trace
-nodaemon=true                                  ; run supervisord as a daemon
-user=root                                       ; default user
-
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
-
-[supervisorctl]
-serverurl=unix:///tmp/supervisor.sock         ; use a unix:// URL  for a unix socket
-
-; Our processes
-; writing output to stdout (1) and err (2) (for Docker logging) and disabling log rotation
-
-[program:httpd]
-command=httpd -DFOREGROUND
-stderr_logfile = /tmp/loghttpd
-stderr_logfile_maxbytes=0
-stdout_logfile = /tmp/loghttpd
-stdout_logfile_maxbytes=0
-
 [program:tomee]
-user=tomcat
+__GROUPER_RUN_PROCESSES_AS_USERS__user=tomcat
 command=/opt/tomee/bin/catalina.sh run 
 stderr_logfile = /tmp/logtomcat
 stderr_logfile_maxbytes=0
 stdout_logfile = /tmp/logtomcat
 stdout_logfile_maxbytes=0
 
+

container_files/tier-support/supervisord.conf

@@ -0,0 +1,15 @@
+[supervisord]
+logfile=/tmp/logsuperd                               ; supervisord log file
+logfile_maxbytes=0                           ; maximum size of logfile before rotation
+loglevel=error                                  ; info, debug, warn, trace
+nodaemon=true                                  ; run supervisord as a daemon
+__GROUPER_RUN_PROCESSES_AS_USERS__user=root                                       ; default user
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock         ; use a unix:// URL  for a unix socket
+
+; Our processes
+; writing output to stdout (1) and err (2) (for Docker logging) and disabling log rotation

container_files/tier-support/test/grouperContainerUnitTest.sh

@@ -0,0 +1,90 @@
+#!/bin/bash
+
+if [ "$#" -ne 4 ]; then
+  echo "You must enter exactly 4 command line arguments: container-name, image-name, container version, and grouper version, e.g. grouper-test my-grouper-2.5.27:latest 2.5.27 2.5.27"
+  exit 1
+fi
+
+expectedSuccesses=715
+
+export containerName=$1
+export imageName=$2
+export containerVersion=$3
+export grouperVersion=$4
+export globalSleepSecondsAfterRun=10
+export globalExitOnError=false
+
+export successCount=0
+export failureCount=0
+
+. ./grouperContainerUnitTestLibrary.sh
+
+. ./grouperContainerUnitTestDaemon.sh
+. ./grouperContainerUnitTestUi.sh
+. ./grouperContainerUnitTestUi2.sh
+. ./grouperContainerUnitTestUiNoSsl.sh
+. ./grouperContainerUnitTestUiNoSslOrClient.sh
+. ./grouperContainerUnitTestUiDifferentPorts.sh
+. ./grouperContainerUnitTestSlashRoot.sh
+. ./grouperContainerUnitTestSelfSigned.sh
+. ./grouperContainerUnitTestScim.sh
+. ./grouperContainerUnitTestWs.sh
+. ./grouperContainerUnitTestWsAuthn.sh
+. ./grouperContainerUnitTestQuickstart.sh
+. ./grouperContainerUnitTestUiSubimage.sh
+. ./grouperContainerUnitTestUiSubimageNonroot.sh
+
+testContainerUi
+testContainerUi2
+testContainerUiNoSsl
+testContainerUiNoSslOrClient
+testContainerSlashRoot
+testContainerSelfSigned
+testContainerUiDifferentPorts
+testContainerScim
+testContainerWs
+testContainerWsAuthn
+testContainerQuickstart
+testContainerDaemon
+testContainerUiSubimage
+testContainerUiSubimageNonroot
+
+dockerRemoveContainer
+dockerRemoveSubimage
+
+
+
+echo ""
+echo "$successCount successes, $failureCount failures"
+if [ "$successCount" = "$expectedSuccesses" ] && [ "$failureCount" = "0" ]  ; then
+  success=true
+  echo "SUCCESS!"
+else
+  success=false
+  echo "ERROR, expected $expectedSuccesses successes and 0 failures"
+fi
+echo ""
+unset -f containerName
+unset -f imageName
+unset -f containerVersion
+unset -f globalSleepSecondsAfterRun
+unset -f testContainerQuickstart
+unset -f testContainerDaemon
+unset -f testContainerUi
+unset -f testContainerUiSubimage
+unset -f testContainerUiSubimageNonroot
+unset -f testContainerUiNoSsl
+unset -f testContainerUiDifferentPorts
+unset -f testContainerSlashRoot
+unset -f testContainerSelfSigned
+unset -f testContainerScim
+unset -f testContainerWs
+unset -f successCount
+unset -f failureCount
+grouperContainerUnitTestLibrary_unsetAll
+
+if [ "$success" = "true" ]; then
+  exit 0
+else
+  exit 1
+fi

container_files/tier-support/test/grouperContainerUnitTestDaemon.sh

@@ -0,0 +1,83 @@
+#!/bin/bash
+
+testContainerDaemon() {
+
+  if [ "$#" -ne 0 ]; then
+    echo "You must enter exactly 0 command line arguments"
+    exit 1
+  fi
+
+  dockerRemoveContainer
+
+  echo
+  echo '################'
+  echo Running container as daemon
+  echo "docker run --detach --name $containerName --publish 443:443 $imageName daemon"
+  echo '################'
+  echo
+
+  docker run --detach --name $containerName --publish 443:443 $imageName daemon
+  sleep $globalSleepSecondsAfterRun
+
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+  assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libScim/stax-api-1.0-2.jar
+  assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+  assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+  assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+  assertFileNotContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
+  assertFileContains /opt/tier-support/supervisord.conf "program:tomee"
+  assertFileNotContains /opt/tier-support/supervisord.conf "program:httpd"
+  assertFileNotContains /opt/tier-support/supervisord.conf "program:hsqldb"
+  assertFileNotContains /opt/tier-support/supervisord.conf "user=shibd"
+  assertFileNotContains /opt/tier-support/supervisord.conf "__"
+
+  assertFileContains /etc/httpd/conf.d/grouper-www.conf "3600"
+  assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
+
+  assertEnvVar GROUPERSCIM_PROXY_PASS "#"
+  assertEnvVar GROUPERSCIM_URL_CONTEXT "grouper-ws-scim"
+  assertEnvVar GROUPERWS_PROXY_PASS "#"
+  assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+  assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600"
+  assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
+  assertEnvVar GROUPER_APACHE_SSL_PORT "443"
+  assertEnvVar GROUPER_CHOWN_DIRS "true"
+  assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+  assertEnvVar GROUPER_DAEMON "true"
+  assertEnvVar GROUPER_GSH_CHECK_USER "true"
+  assertEnvVar GROUPER_GSH_USER "tomcat"
+  assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+  assertEnvVar GROUPER_LOG_PREFIX "grouper-daemon"
+  assertEnvVar GROUPER_MAX_MEMORY "1500m"
+  assertEnvVar GROUPER_PROXY_PASS "#"
+  assertEnvVarNot GROUPER_RUN_APACHE "true"
+  assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+  assertEnvVarNot GROUPER_RUN_SHIB_SP "true"
+  assertEnvVar GROUPER_RUN_TOMEE "true"
+  assertEnvVar GROUPER_SCIM "false"
+  assertEnvVar GROUPER_SCIM_GROUPER_AUTH "false"
+  assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
+  assertEnvVar GROUPER_UI "false"
+  assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32"
+  assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+  assertEnvVarNot GROUPER_UI_ONLY "true"
+  assertEnvVar GROUPER_URL_CONTEXT "grouper"
+  assertEnvVar GROUPER_USE_SSL "true"
+  assertEnvVar GROUPER_WS "false"
+  assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+
+  # one for hsqldb
+  assertNumberOfTomcatProcesses 1
+  # bad cert apache wont start
+  assertNumberOfApacheProcesses 0
+  assertNumberOfShibProcesses 0
+
+  assertNotListeningOnPort 443
+  assertNotListeningOnPort 80
+  assertListeningOnPort 8009
+  assertNotListeningOnPort 9001
+
+}
+export -f testContainerDaemon

container_files/tier-support/test/grouperContainerUnitTestLibrary.sh

@@ -0,0 +1,285 @@
+#!/bin/bash
+
+dockerRemoveContainer() {
+  if [ "$#" -ne 0 ]; then
+    echo "You must enter exactly 0 arguments"
+    exit 1
+  fi
+  if [ "$(docker ps -a | grep $containerName)" ]
+    then
+      docker rm -f $containerName
+  fi
+}
+
+dockerRemoveSubimage() {
+  if [ "$#" -ne 0 ]; then
+    echo "You must enter exactly 0 arguments"
+    exit 1
+  fi
+  subimageId="my_$containerName"
+  subimageName="$subimageId:latest"
+  if [ "$(docker images | grep $subimageId)" ]
+    then
+      docker rmi -f $subimageName
+  fi
+}
+
+# pass in string description, expected value, actual value
+assertEquals() {
+  if [ "$#" -ne 3 ]; then
+    echo "You must enter exactly 3 arguments: statement, expected value, actual value"
+    exit 1
+  fi
+
+  if [ "$2" != "$3" ]
+    then
+      echo "ERROR: $1: expected '$2' but received '$3'"
+      if [ "$globalExitOnError" = "true" ]; then
+        exit 1
+      fi
+      export failureCount=$((failureCount+1))
+    else
+      echo "SUCCESS: $1: $2"
+      export successCount=$((successCount+1))
+  fi
+}
+
+# pass in string description, expected value, actual value it should not be
+assertNotEquals() {
+  if [ "$#" -ne 3 ]; then
+    echo "You must enter exactly 3 arguments: statement, expected value, actual value it should not be"
+    exit 1
+  fi
+
+  if [ "$2" = "$3" ]
+    then
+      echo "ERROR: $1: expected '$2' to not equals '$3' but was equal"
+      if [ "$globalExitOnError" = "true" ]; then
+        exit 1
+      fi
+      export failureCount=$((failureCount+1))
+    else
+      echo "SUCCESS: $1: not equal to: '$2', is: '$3'"
+      export successCount=$((successCount+1))
+  fi
+}
+
+# pass in string description, first value, less than second valuee
+assertLessThan() {
+  if [ "$#" -ne 3 ]; then
+    echo "You must enter exactly 3 arguments: statement, first value, second value"
+    exit 1
+  fi
+
+  if [ "$2" -ge "$3" ]
+    then
+      echo "ERROR: $1: expecting '$2' < '$3'"
+      if [ "$globalExitOnError" = "true" ]; then
+        exit 1
+      fi
+      export failureCount=$((failureCount+1))
+    else
+      echo "SUCCESS: $1: '$2' < '$3'"
+      export successCount=$((successCount+1))
+  fi
+}
+
+# pass in file name, value
+assertFileContains() {
+  if [ "$#" -ne 2 ]; then
+    echo "You must enter exactly 2 arguments: file name, and value"
+    exit 1
+  fi
+
+  local command="docker exec -it $containerName grep '$2' $1 | wc -l | xargs"
+  local var="$(runCommand "$command")"
+  assertLessThan "file $1 should contain at least one '$2'" "0" "$var"
+}
+
+# pass in file name, value
+assertLocalFileContains() {
+  if [ "$#" -ne 2 ]; then
+    echo "You must enter exactly 2 arguments: file name, and value"
+    exit 1
+  fi
+
+  local command="grep '$2' $1 | wc -l | xargs"
+  local var="$(runCommand "$command")"
+  assertLessThan "file $1 should contain at least one '$2'" "0" "$var"
+}
+
+assertFileNotContains() {
+  if [ "$#" -ne 2 ]; then
+    echo "You must enter exactly 2 arguments: file name, and value"
+    exit 1
+  fi
+
+  local command="docker exec -it $containerName grep '$2' $1 | wc -l | xargs"
+  local var="$(runCommand "$command")"
+  assertEquals "file $1 should not contain '$2'" "0" "$var"
+}
+
+assertFileExists() {
+  if [ "$#" -ne 1 ]; then
+    # generally 0 or 5 processes
+    echo "You must enter exactly 1 arguments: file to check"
+    exit 1
+  fi
+  local command="docker exec -it $containerName grouperTestFileExist.sh $1 | wc -l | xargs"
+  local var="$(runCommand "$command")"
+  assertEquals "file $1 should exist" "1" "$var"
+}
+
+assertFileNotExists() {
+  if [ "$#" -ne 1 ]; then
+    # generally 0 or 5 processes
+    echo "You must enter exactly 1 arguments: file to check"
+    exit 1
+  fi
+  local command="docker exec -it $containerName grouperTestFileExist.sh $1 | wc -l | xargs"
+  local var="$(runCommand "$command")"
+  assertEquals "file $1 should not exist" "0" "$var"
+}
+
+assertListeningOnPort() {
+  if [ "$#" -ne 1 ]; then
+    echo "You must enter exactly 1 argument: port"
+    exit 1
+  fi
+
+  local command="docker exec -it $containerName netstat -pan | grep LISTEN | grep ':$1 ' | wc -l | xargs"
+  local var="$(runCommand "$command")"
+  assertEquals "listening on port $1" "1" "$var"
+}
+
+assertNotListeningOnPort() {
+  if [ "$#" -ne 1 ]; then
+    echo "You must enter exactly 1 argument: port"
+    exit 1
+  fi
+
+  local command="docker exec -it $containerName netstat -pan | grep LISTEN | grep ':$1 ' | wc -l | xargs"
+  local var="$(runCommand "$command")"
+  assertEquals "not listening on port $1" "0" "$var"
+}
+
+containerCommandResultEquals() {
+
+  if [ "$#" -ne 2 ]; then
+    echo "You must enter exactly 2 arguments: the command to run and the expected result"
+    exit 1
+  fi
+  local command="docker exec $containerName $1"
+  local var="$(runCommand "$command")"
+  assertEquals "$1" "$2" "$var"
+
+}
+
+runCommand() {
+  if [ "$#" -ne 1 ]; then
+    echo "Pass the command to run"
+    exit 1
+  fi
+  local command=$1
+  local var=$(eval "$command")
+  # for some reason sometimes whitespace is there
+  local var=$(echo -e "${var}" | tr -d '\r' | tr -d '\n')
+  echo $var
+}
+
+assertNumberOfTomcatProcesses() {
+  if [ "$#" -ne 1 ]; then
+    echo "You must enter exactly 1 arguments: the number of tomcat processes"
+    exit 1
+  fi
+  local command="docker exec -it $containerName ps -ef | grep "^tomcat" | wc -l | xargs"
+  local var="$(runCommand "$command")"
+  assertEquals "tomcat process count" "$1" "$var"
+}
+
+assertNumberOfApacheProcesses() {
+  if [ "$#" -ne 1 ]; then
+    # generally 0 or 5 processes
+    echo "You must enter exactly 1 arguments: the number of apache processes"
+    exit 1
+  fi
+  local command="docker exec -it $containerName ps -ef | grep "^apache" | wc -l | xargs"
+  local var="$(runCommand "$command")"
+  assertEquals "apache process count" "$1" "$var"
+}
+
+assertNumberOfShibProcesses() {
+  if [ "$#" -ne 1 ]; then
+    # generally 0 or 5 processes
+    echo "You must enter exactly 1 arguments: the number of shib processes"
+    exit 1
+  fi
+  local command="docker exec -it $containerName ps -ef | grep "^shibd" | wc -l | xargs"
+  local var="$(runCommand "$command")"
+  assertEquals "shib process count" "$1" "$var"
+}
+
+assertEnvVar() {
+  if [ "$#" -ne 2 ]; then
+    echo "You must enter exactly 2 arguments: the env var name and value"
+    exit 1
+  fi
+  local command="docker exec -it --user tomcat $containerName grouperTestPrintEnv.sh $1 | xargs"
+  local var="$(runCommand "$command")"
+  assertEquals "env var $1" "$2" "$var"
+}
+
+assertEnvVarNot() {
+  if [ "$#" -ne 2 ]; then
+    echo "You must enter exactly 2 arguments: the env var name and value"
+    exit 1
+  fi
+  local command="docker exec -it --user tomcat $containerName grouperTestPrintEnv.sh $1 | xargs"
+  local var="$(runCommand "$command")"
+  assertNotEquals "env var $1" "$2" "$var"
+}
+
+grouperContainerUnitTestLibrary_unsetAll() {
+  unset -f assertEnvVar
+  unset -f assertEnvVarNot
+  unset -f assertEquals
+  unset -f assertFileContains
+  unset -f assertFileExists
+  unset -f assertFileNotContains
+  unset -f assertFileNotExists
+  unset -f assertLessThan
+  unset -f assertListeningOnPort
+  unset -f assertNotEquals
+  unset -f assertNotListeningOnPort
+  unset -f assertNumberOfApacheProcesses
+  unset -f assertNumberOfShibProcesses
+  unset -f assertNumberOfTomcatProcesses
+  unset -f dockerRemoveContainer
+  unset -f dockerRemoveSubimage
+  unset -f grouperContainerUnitTestLibrary_unsetAll
+  unset -f runCommand
+}
+
+grouperContainerUnitTestLibrary_exportAll() {
+  export -f assertEnvVar
+  export -f assertEnvVarNot
+  export -f assertEquals
+  export -f assertFileContains
+  export -f assertFileExists
+  export -f assertFileNotContains
+  export -f assertFileNotExists
+  export -f assertLessThan
+  export -f assertListeningOnPort
+  export -f assertNotEquals
+  export -f assertNotListeningOnPort
+  export -f assertNumberOfApacheProcesses
+  export -f assertNumberOfShibProcesses
+  export -f assertNumberOfTomcatProcesses
+  export -f dockerRemoveContainer
+  export -f dockerRemoveSubimage
+  export -f grouperContainerUnitTestLibrary_unsetAll
+  export -f runCommand
+}
+
+# export everything
+grouperContainerUnitTestLibrary_exportAll

container_files/tier-support/test/grouperContainerUnitTestQuickstart.sh

@@ -0,0 +1,152 @@
+#!/bin/bash
+
+testContainerQuickstart() {
+
+  if [ "$#" -ne 0 ]; then
+    echo "You must enter exactly 0 command line arguments"
+    exit 1
+  fi
+
+  dockerRemoveContainer
+
+  echo
+  echo '################'
+  echo Running container as quickstart
+  echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_MORPHSTRING_ENCRYPT_KEY=abcdefg12345dontUseThis \ "
+  echo "-e GROUPERSYSTEM_QUICKSTART_PASS=thisPassIsCopyrightedDontUse $imageName quickstart"
+  echo '################'
+  echo
+
+  docker run --detach --name $containerName --publish 443:443 -e GROUPER_MORPHSTRING_ENCRYPT_KEY=abcdefg12345dontUseThis -e GROUPERSYSTEM_QUICKSTART_PASS=thisPassIsCopyrightedDontUse $imageName quickstart
+  sleep $globalSleepSecondsAfterRun
+
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libScim/stax-api-1.0-2.jar
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+  assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+  assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
+  assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
+  assertFileNotContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
+  assertFileContains /opt/tier-support/supervisord.conf "program:tomee"
+  assertFileContains /opt/tier-support/supervisord.conf "program:httpd"
+  assertFileContains /opt/tier-support/supervisord.conf "program:hsqldb"
+  assertFileNotContains /opt/tier-support/supervisord.conf "user=shibd"
+  assertFileNotContains /opt/tier-support/supervisord.conf "__"
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt
+
+  assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties grouperPasswordConfigOverride_UI_GrouperSystem_pass.elConfig
+
+  assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties GROUPERSYSTEM_QUICKSTART_PASS
+
+  assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "grouper;"
+
+  assertFileContains /etc/httpd/conf.d/grouper-www.conf "3600"
+  assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
+
+  assertEnvVar GROUPERSCIM_PROXY_PASS ""
+  assertEnvVar GROUPERSCIM_URL_CONTEXT "grouper-ws-scim"
+  assertEnvVar GROUPERWS_PROXY_PASS ""
+  assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+  assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600"
+  assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
+  assertEnvVar GROUPER_APACHE_SSL_PORT "443"
+  assertEnvVar GROUPER_CHOWN_DIRS "true"
+  assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+  assertEnvVar GROUPER_DAEMON "true"
+  assertEnvVar GROUPER_GSH_CHECK_USER "true"
+  assertEnvVar GROUPER_GSH_USER "tomcat"
+  assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+  assertEnvVar GROUPER_LOG_PREFIX "grouper"
+  assertEnvVar GROUPER_MAX_MEMORY "1500m"
+  assertEnvVar GROUPER_PROXY_PASS ""
+  assertEnvVar GROUPER_RUN_APACHE "true"
+  assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+  assertEnvVar GROUPER_RUN_SHIB_SP "false"
+  assertEnvVar GROUPER_RUN_TOMEE "true"
+  assertEnvVar GROUPER_SCIM "true"
+  assertEnvVar GROUPER_SCIM_GROUPER_AUTH "true"
+  assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
+  assertEnvVar GROUPER_UI "true"
+  assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "0.0.0.0/0"
+  assertEnvVar GROUPER_UI_GROUPER_AUTH "true"
+  assertEnvVarNot GROUPER_UI_ONLY "true"
+  assertEnvVar GROUPER_URL_CONTEXT "grouper"
+  assertEnvVar GROUPER_USE_SSL "true"
+  assertEnvVar GROUPER_WS "true"
+  assertEnvVar GROUPER_WS_GROUPER_AUTH "true"
+
+  # one for hsqldb
+  assertNumberOfTomcatProcesses 2
+  # bad cert apache wont start
+  assertNumberOfApacheProcesses 5
+  assertNumberOfShibProcesses 0
+
+  assertListeningOnPort 443
+  assertListeningOnPort 80
+  assertListeningOnPort 8009
+  assertListeningOnPort 9001
+
+  curl -L -k -u GrouperSystem:thisPassIsCopyrightedDontUse https://localhost -o index.html
+  assertLocalFileContains index.html document.location.href
+
+  curl -L -k https://localhost/grouper/grouperUi/app/UiV2Main.index?operation=UiV2Main.indexMain -o index.html
+  assertLocalFileContains index.html 'HTTP Status 401'
+
+  curl -L -k -u GrouperSystem:XthisPassIsCopyrightedDontUse https://localhost/grouper/grouperUi/app/UiV2Main.index?operation=UiV2Main.indexMain -o index.html
+  assertLocalFileContains index.html 'HTTP Status 401'
+
+  curl -L -k -u GrouperSystem:thisPassIsCopyrightedDontUse https://localhost/grouper/grouperUi/app/UiV2Main.index?operation=UiV2Main.indexMain -o index.html
+  assertLocalFileContains index.html 'end index.jsp'
+
+  curl -L -k https://localhost/grouper-ws/servicesRest/v2_4_000/subjects/GrouperSystem -o index.html
+  assertLocalFileContains index.html 'HTTP Status 401'
+
+  curl -L -k -u GrouperSystem:XthisPassIsCopyrightedDontUse https://localhost/grouper-ws/servicesRest/v2_4_000/subjects/GrouperSystem -o index.html
+  assertLocalFileContains index.html 'HTTP Status 401'
+
+  curl -L -k -u GrouperSystem:thisPassIsCopyrightedDontUse https://localhost/grouper-ws/servicesRest/v2_4_000/subjects/GrouperSystem -o index.html
+  assertLocalFileContains index.html '"resultCode":"SUCCESS"'
+
+  curl -L -k https://localhost/grouper-ws-scim/v2/Groups/ -o index.html
+  assertLocalFileContains index.html 'HTTP Status 401'
+
+  curl -L -k -u GrouperSystem:XthisPassIsCopyrightedDontUse https://localhost/grouper-ws-scim/v2/Groups/ -o index.html
+  assertLocalFileContains index.html 'HTTP Status 401'
+
+  curl -L -k -u GrouperSystem:thisPassIsCopyrightedDontUse https://localhost/grouper-ws-scim/v2/Groups/ -o index.html
+  assertLocalFileContains index.html 'etc:workflowEditors'
+
+  docker stop $containerName
+  docker start $containerName
+
+  sleep $globalSleepSecondsAfterRun
+
+  # one for hsqldb
+  assertNumberOfTomcatProcesses 2
+  assertNumberOfApacheProcesses 5
+  assertNumberOfShibProcesses 0
+
+  assertListeningOnPort 443
+  assertListeningOnPort 80
+  assertListeningOnPort 8009
+  assertListeningOnPort 9001
+
+  curl -L -k -u GrouperSystem:thisPassIsCopyrightedDontUse https://localhost -o index.html
+  assertLocalFileContains index.html document.location.href
+
+  curl -L -k -u GrouperSystem:thisPassIsCopyrightedDontUse https://localhost/grouper/grouperUi/app/UiV2Main.index?operation=UiV2Main.indexMain -o index.html
+  assertLocalFileContains index.html 'end index.jsp'
+
+  containerCommandResultEquals "ps -ef | grep root | grep cat | grep -v grep | wc -l" 6
+  containerCommandResultEquals "ps -ef | grep root | grep awk | grep supervisord | wc -l" 1
+  containerCommandResultEquals "ps -ef | grep root | grep awk | grep grouper | wc -l" 1
+  containerCommandResultEquals "ps -ef | grep root | grep awk | grep httpd | wc -l" 1
+  containerCommandResultEquals "ps -ef | grep root | grep awk | grep tomee | wc -l" 1
+
+}
+export -f testContainerQuickstart

container_files/tier-support/test/grouperContainerUnitTestScim.sh

@@ -0,0 +1,88 @@
+#!/bin/bash
+
+testContainerScim() {
+
+  if [ "$#" -ne 0 ]; then
+    echo "You must enter exactly 0 command line arguments"
+    exit 1
+  fi
+
+  dockerRemoveContainer
+
+  echo
+  echo '################'
+  echo Running container as scim
+  echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true $imageName scim"
+  echo '################'
+  echo
+
+  docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true $imageName scim
+  sleep $globalSleepSecondsAfterRun
+
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+  assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libScim/stax-api-1.0-2.jar
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+  assertFileNotExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+  assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
+  assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
+  assertFileNotContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
+  assertFileContains /opt/tier-support/supervisord.conf "program:tomee"
+  assertFileContains /opt/tier-support/supervisord.conf "program:httpd"
+  assertFileNotContains /opt/tier-support/supervisord.conf "user=shibd"
+  assertFileNotContains /opt/tier-support/supervisord.conf "__"
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt
+
+  assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "grouper-scim;"
+
+  assertFileContains /etc/httpd/conf.d/grouper-www.conf "3600"
+  assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
+
+  assertEnvVar GROUPERSCIM_PROXY_PASS ""
+  assertEnvVar GROUPERSCIM_URL_CONTEXT "grouper-ws-scim"
+  assertEnvVar GROUPERWS_PROXY_PASS "#"
+  assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+  assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600"
+  assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
+  assertEnvVar GROUPER_APACHE_SSL_PORT "443"
+  assertEnvVar GROUPER_CHOWN_DIRS "true"
+  assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+  assertEnvVar GROUPER_DAEMON "false"
+  assertEnvVar GROUPER_GSH_CHECK_USER "true"
+  assertEnvVar GROUPER_GSH_USER "tomcat"
+  assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+  assertEnvVar GROUPER_LOG_PREFIX "grouper-scim"
+  assertEnvVar GROUPER_MAX_MEMORY "1500m"
+  assertEnvVar GROUPER_PROXY_PASS "#"
+  assertEnvVar GROUPER_RUN_APACHE "true"
+  assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+  assertEnvVarNot GROUPER_RUN_SHIB_SP "true"
+  assertEnvVar GROUPER_RUN_TOMEE "true"
+  assertEnvVar GROUPER_SCIM "true"
+  assertEnvVar GROUPER_SCIM_GROUPER_AUTH "false"
+  assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper-ws-scim"
+  assertEnvVar GROUPER_UI "false"
+  assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32"
+  assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+  assertEnvVar GROUPER_URL_CONTEXT "grouper"
+  assertEnvVar GROUPER_USE_SSL "true"
+  assertEnvVar GROUPER_WS "false"
+  assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+  assertEnvVarNot GROUPER_WS_ONLY "true"
+
+  assertNumberOfTomcatProcesses 1
+  assertNumberOfApacheProcesses 5
+  assertNumberOfShibProcesses 0
+
+  assertListeningOnPort 443
+  assertListeningOnPort 80
+  assertListeningOnPort 8009
+  assertNotListeningOnPort 9001
+
+
+}
+export -f testContainerScim

container_files/tier-support/test/grouperContainerUnitTestSelfSigned.sh

@@ -0,0 +1,84 @@
+#!/bin/bash
+
+testContainerSelfSigned() {
+
+  if [ "$#" -ne 0 ]; then
+    echo "You must enter exactly 0 command line arguments"
+    exit 1
+  fi
+
+  dockerRemoveContainer
+
+  echo
+  echo '################'
+  echo Running container as ui with self signed cert
+  echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_LOG_TO_HOST=true -e GROUPER_APACHE_REMOTE_IP_HEADER=myRemoteIpHeader -e GROUPER_APACHE_REMOTE_IP_TRUSTED_PROXY=10.0.2.16/28 $imageName ui"
+  echo '################'
+  echo
+
+  docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_LOG_TO_HOST=true -e GROUPER_APACHE_REMOTE_IP_HEADER=myRemoteIpHeader -e GROUPER_APACHE_REMOTE_IP_TRUSTED_PROXY=10.0.2.16/28 $imageName ui
+  sleep $globalSleepSecondsAfterRun
+
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLUseStapling on"
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateFile /etc/pki/tls/certs/localhost.crt"
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateKeyFile /etc/pki/tls/private/localhost.key"
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateChainFile"
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt
+  assertEnvVar GROUPER_SSL_USE_CHAIN_FILE "false"
+  assertEnvVar GROUPER_SSL_CERT_FILE "/etc/pki/tls/certs/localhost.crt"
+  assertEnvVar GROUPER_SSL_KEY_FILE "/etc/pki/tls/private/localhost.key"
+  assertEnvVar GROUPER_SSL_USE_STAPLING "true"
+
+
+  assertFileContains /etc/httpd/conf.d/grouper-www.conf "ProxyPass /grouper ajp://localhost:8009/grouper timeout=3600"
+  assertFileContains /etc/httpd/conf.d/grouper-www.conf "#ProxyPass /grouper-ws ajp://localhost:8009/grouper timeout=3600"
+  assertFileContains /etc/httpd/conf.d/grouper-www.conf "#ProxyPass /grouper-ws-scim ajp://localhost:8009/grouper timeout=3600"
+  assertFileContains /etc/httpd/conf.d/grouper-www.conf "\"/grouper/\""
+  assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
+  assertFileContains /etc/httpd/conf.d/grouper-www.conf "RemoteIPHeader myRemoteIpHeader"
+  assertFileContains /etc/httpd/conf.d/grouper-www.conf "RemoteIPTrustedProxy 10.0.2.16/28"
+
+
+  assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "/tmp/logpipe"
+
+  assertEnvVar GROUPERSCIM_PROXY_PASS "#"
+  assertEnvVar GROUPERSCIM_URL_CONTEXT "grouper-ws-scim"
+  assertEnvVar GROUPERWS_PROXY_PASS "#"
+  assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+  assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
+  assertEnvVar GROUPER_APACHE_SSL_PORT "443"
+  assertEnvVar GROUPER_CHOWN_DIRS "true"
+  assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+  assertEnvVar GROUPER_DAEMON "false"
+  assertEnvVar GROUPER_GSH_CHECK_USER "true"
+  assertEnvVar GROUPER_GSH_USER "tomcat"
+  assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+  assertEnvVar GROUPER_LOG_PREFIX "grouper-ui"
+  assertEnvVar GROUPER_MAX_MEMORY "1500m"
+  assertEnvVar GROUPER_PROXY_PASS ""
+  assertEnvVar GROUPER_RUN_APACHE "true"
+  assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+  assertEnvVar GROUPER_RUN_SHIB_SP "true"
+  assertEnvVar GROUPER_RUN_TOMEE "true"
+  assertEnvVar GROUPER_SCIM "false"
+  assertEnvVar GROUPER_SCIM_GROUPER_AUTH "false"
+  assertEnvVar GROUPER_SELF_SIGNED_CERT "true"
+  assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
+  assertEnvVar GROUPER_UI "true"
+  assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32"
+  assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+  assertEnvVar GROUPER_UI_ONLY "true"
+  assertEnvVar GROUPER_URL_CONTEXT "grouper"
+  assertEnvVar GROUPER_USE_SSL "true"
+  assertEnvVar GROUPER_WS "false"
+  assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+
+  assertNumberOfTomcatProcesses 1
+  assertNumberOfApacheProcesses 5
+  assertNumberOfShibProcesses 1
+
+
+}

container_files/tier-support/test/grouperContainerUnitTestSlashRoot.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+testContainerSlashRoot() {
+
+  if [ "$#" -ne 0 ]; then
+    echo "You must enter exactly 0 command line arguments"
+    exit 1
+  fi
+
+  dockerRemoveContainer
+
+  echo
+  echo '################'
+  echo Running container as ui with slashRoot mounted
+  echo "docker run --detach --name $containerName --mount type=bind,src=$someDir,dst=/opt/grouper/slashRoot --publish 443:443 $imageName ui"
+  echo '################'
+  echo
+
+  local someDir=$(pwd)/someDir
+  rm -rf someDir
+  mkdir -p someDir/tmp
+  echo 'whatever' > someDir/tmp/temp.txt
+  mkdir -p someDir/opt/grouper/grouperWebapp/WEB-INF/classes
+  echo 'someSettings' > someDir/opt/grouper/grouperWebapp/WEB-INF/classes/log4j_additional.properties
+
+  docker run --detach --name $containerName --mount type=bind,src=$someDir,dst=/opt/grouper/slashRoot --publish 443:443 $imageName ui
+  sleep $globalSleepSecondsAfterRun
+
+  assertFileExists /tmp/temp.txt
+
+  assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "someSettings"
+
+
+  #rm -rf someDir
+
+}
+export -f testContainerSlashRoot

container_files/tier-support/test/grouperContainerUnitTestUi.sh

@@ -0,0 +1,131 @@
+#!/bin/bash
+
+testContainerUi() {
+
+  if [ "$#" -ne 0 ]; then
+    echo "You must enter exactly 0 command line arguments"
+    exit 1
+  fi
+
+  dockerRemoveContainer
+
+  echo
+  echo '################'
+  echo Running container as ui
+  echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/host-cert.pem $imageName ui"
+  echo '################'
+  echo
+
+  docker run --detach --name $containerName --publish 443:443 -e GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/host-cert.pem $imageName ui
+  sleep $globalSleepSecondsAfterRun
+
+
+  assertFileContains /opt/tomee/conf/server.xml 'address="0.0.0.0"'
+  assertFileContains /opt/tomee/conf/server.xml 'allowedRequestAttributesPattern=".*"'
+
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+  assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libScim/stax-api-1.0-2.jar
+  assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+  assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+  assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+  assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
+  assertFileContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
+  assertFileContains /opt/tier-support/supervisord.conf "program:tomee"
+  assertFileContains /opt/tier-support/supervisord.conf "program:httpd"
+  assertFileContains /opt/tier-support/supervisord.conf "user=shibd"
+  assertFileNotContains /opt/tier-support/supervisord.conf "program:hsqldb"
+  assertFileNotContains /opt/tier-support/supervisord.conf "__"
+
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLUseStapling on"
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateChainFile /etc/pki/tls/certs/cachain.pem"
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateFile /etc/pki/tls/certs/host-cert.pem"
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateKeyFile /etc/pki/tls/private/host-key.pem"
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "RewriteRule"
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "#RewriteRule"
+  assertFileContains /etc/httpd/conf.d/grouper-www.conf "RewriteRule"
+  assertFileContains /etc/httpd/conf.d/grouper-www.conf "ProxyPass /status_grouper/status ajp://localhost:8009/grouper/status timeout=2401"
+  assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "#RewriteRule"
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt
+  assertEnvVar GROUPER_SSL_USE_CHAIN_FILE "false"
+  assertEnvVar GROUPER_SSL_CERT_FILE "/etc/pki/tls/certs/host-cert.pem"
+  assertEnvVar GROUPER_SSL_KEY_FILE "/etc/pki/tls/private/host-key.pem"
+  assertEnvVarNot GROUPER_SSL_CHAIN_FILE "/etc/pki/tls/certs/cachain.pem"
+  assertEnvVar GROUPER_SSL_USE_STAPLING "true"
+
+  assertFileContains /opt/tomee/conf/Catalina/localhost/grouper.xml 'cookies="true"'
+
+  assertFileNotContains /etc/httpd/conf/httpd.conf "Options Indexes"
+
+  assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "/tmp/logpipe"
+  assertFileContains /opt/tomee/conf/web.xml "<session-timeout>600</session-timeout>"
+  assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "grouper-ui;"
+
+  assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties grouperPasswordConfigOverride_UI_GrouperSystem_pass.elConfig
+  assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties thisPassIsCopyrightedDontUse
+
+  assertFileContains /etc/httpd/conf.d/grouper-www.conf "3600"
+  assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
+
+  assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "ServerName"
+  assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "UseCanonicalName On"
+  assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "RemoteIPHeader"
+  assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "RemoteIPTrustedProxy"
+
+  assertFileNotContains /opt/tomee/conf/server.xml "AccessLogValve"
+
+  assertFileContains /opt/tomee/conf/server.xml "tomcatAuthentication"
+
+  assertEnvVarNot GROUPER_APACHE_SERVER_NAME https://a.b.c:443
+  assertEnvVar GROUPER_TOMCAT_LOG_ACCESS "false"
+  assertEnvVar GROUPERSCIM_PROXY_PASS "#"
+  assertEnvVar GROUPERSCIM_URL_CONTEXT "grouper-ws-scim"
+  assertEnvVar GROUPERWS_PROXY_PASS "#"
+  assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+  assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600"
+  assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
+  assertEnvVar GROUPER_APACHE_SSL_PORT "443"
+  assertEnvVar GROUPER_CHOWN_DIRS "true"
+  assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+  assertEnvVar GROUPER_DAEMON "false"
+  assertEnvVar GROUPER_GSH_CHECK_USER "true"
+  assertEnvVar GROUPER_GSH_USER "tomcat"
+  assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+  assertEnvVar GROUPER_LOG_PREFIX "grouper-ui"
+  assertEnvVar GROUPER_MAX_MEMORY "1500m"
+  assertEnvVar GROUPER_PROXY_PASS ""
+  assertEnvVar GROUPER_RUN_APACHE "true"
+  assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+  assertEnvVar GROUPER_RUN_SHIB_SP "true"
+  assertEnvVar GROUPER_RUN_TOMEE "true"
+  assertEnvVar GROUPER_SCIM "false"
+  assertEnvVar GROUPER_SCIM_GROUPER_AUTH "false"
+  assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
+  assertEnvVar GROUPER_UI "true"
+  assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32"
+  assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+  assertEnvVar GROUPER_UI_ONLY "true"
+  assertEnvVar GROUPER_URL_CONTEXT "grouper"
+  assertEnvVar GROUPER_USE_SSL "true"
+  assertEnvVar GROUPER_WS "false"
+  assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+
+  assertNumberOfTomcatProcesses 1
+  # bad cert apache wont start
+  assertNumberOfApacheProcesses 0
+  assertNumberOfShibProcesses 1
+
+  assertNotListeningOnPort 443
+  assertNotListeningOnPort 80
+  assertListeningOnPort 8009
+  assertNotListeningOnPort 9001
+  assertListeningOnPort 8080
+  #assertListeningOnPort 8005
+
+
+}
+export -f testContainerUi

container_files/tier-support/test/grouperContainerUnitTestUi2.sh

@@ -0,0 +1,73 @@
+#!/bin/bash
+
+testContainerUi2() {
+
+  if [ "$#" -ne 0 ]; then
+    echo "You must enter exactly 0 command line arguments"
+    exit 1
+  fi
+
+  dockerRemoveContainer
+
+  echo
+  echo '################'
+  echo Running container as ui
+  echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SSL_USE_STAPLING=false -e GROUPER_SSL_CERT_FILE=/a/b/cert -e GROUPER_SSL_KEY_FILE=/a/b/key -e GROUPER_SSL_CHAIN_FILE=/a/b/chain -e GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER=false -e GROUPER_APACHE_STATUS_PATH=none $imageName ui"
+  echo '################'
+  echo
+
+  docker run --detach --name $containerName --publish 443:443 -e GROUPER_SSL_USE_STAPLING=false -e GROUPER_SSL_CERT_FILE=/a/b/cert -e GROUPER_SSL_KEY_FILE=/a/b/key -e GROUPER_SSL_CHAIN_FILE=/a/b/chain -e GROUPER_REDIRECT_FROM_SLASH_TO_GROUPER=false -e GROUPER_APACHE_STATUS_PATH=none $imageName ui
+  sleep $globalSleepSecondsAfterRun
+
+
+  assertFileContains /opt/tomee/conf/server.xml 'address="0.0.0.0"'
+  assertFileContains /opt/tomee/conf/server.xml 'allowedRequestAttributesPattern=".*"'
+
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+  assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libScim/stax-api-1.0-2.jar
+  assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+  assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+  assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+  assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
+  assertFileContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
+  assertFileContains /opt/tier-support/supervisord.conf "program:tomee"
+  assertFileContains /opt/tier-support/supervisord.conf "program:httpd"
+  assertFileContains /opt/tier-support/supervisord.conf "user=shibd"
+  assertFileNotContains /opt/tier-support/supervisord.conf "program:hsqldb"
+  assertFileNotContains /opt/tier-support/supervisord.conf "__"
+
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLUseStapling off"
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateFile /a/b/cert"
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateKeyFile /a/b/key"
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "SSLCertificateChainFile /a/b/chain"
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "#RewriteRule"
+  assertFileContains /etc/httpd/conf.d/grouper-www.conf "#RewriteRule"
+  assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "grouper/status"
+
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt
+  assertEnvVar GROUPER_SSL_USE_CHAIN_FILE "true"
+  assertEnvVar GROUPER_SSL_CERT_FILE "/a/b/cert"
+  assertEnvVar GROUPER_SSL_KEY_FILE "/a/b/key"
+  assertEnvVar GROUPER_SSL_CHAIN_FILE "/a/b/chain"
+  assertEnvVar GROUPER_SSL_USE_STAPLING "false"
+
+  assertNumberOfTomcatProcesses 1
+  # bad cert apache wont start
+  assertNumberOfApacheProcesses 0
+  assertNumberOfShibProcesses 1
+
+  assertNotListeningOnPort 443
+  assertNotListeningOnPort 80
+  assertListeningOnPort 8009
+  assertNotListeningOnPort 9001
+  assertListeningOnPort 8080
+  #assertListeningOnPort 8005
+
+
+}
+export -f testContainerUi2

container_files/tier-support/test/grouperContainerUnitTestUiDifferentPorts.sh

@@ -0,0 +1,57 @@
+#!/bin/bash
+
+testContainerUiDifferentPorts() {
+
+  if [ "$#" -ne 0 ]; then
+    echo "You must enter exactly 0 command line arguments"
+    exit 1
+  fi
+
+  dockerRemoveContainer
+
+  echo
+  echo '################'
+  echo Running container as ui with self signed cert with different ports
+  echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_APACHE_AJP_TIMEOUT_SECONDS=2999 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_APACHE_SSL_PORT=444 -e GROUPER_APACHE_NONSSL_PORT=81 -e GROUPER_TOMCAT_HTTP_PORT=8600 -e GROUPER_TOMCAT_AJP_PORT=8601 -e GROUPER_TOMCAT_SHUTDOWN_PORT=8602 -e GROUPER_APACHE_STATUS_PATH=/status2_grouper/status $imageName ui"
+  echo '################'
+  echo
+
+  docker run --detach --name $containerName --publish 443:443 -e GROUPER_APACHE_AJP_TIMEOUT_SECONDS=2999 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_APACHE_SSL_PORT=444 -e GROUPER_APACHE_NONSSL_PORT=81 -e GROUPER_TOMCAT_HTTP_PORT=8600 -e GROUPER_TOMCAT_AJP_PORT=8601 -e GROUPER_TOMCAT_SHUTDOWN_PORT=8602 -e GROUPER_APACHE_STATUS_PATH=/status2_grouper/status $imageName ui
+  sleep $globalSleepSecondsAfterRun
+
+  assertEnvVar GROUPER_APACHE_NONSSL_PORT "81"
+  assertEnvVar GROUPER_APACHE_SSL_PORT "444"
+  assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "2999"
+
+  assertEnvVar GROUPER_TOMCAT_HTTP_PORT "8600"
+  assertEnvVar GROUPER_TOMCAT_AJP_PORT "8601"
+  assertEnvVar GROUPER_TOMCAT_SHUTDOWN_PORT "8602"
+
+  assertFileContains /etc/httpd/conf.d/grouper-www.conf "2999"
+  assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "3600"
+  assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "2400"
+  assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
+  assertFileContains /etc/httpd/conf.d/grouper-www.conf "ProxyPass /status2_grouper/status ajp://localhost:8601/grouper/status timeout=2401"
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 444 https"
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
+  assertFileNotContains /etc/httpd/conf/httpd.conf "Listen 80"
+  assertFileContains /etc/httpd/conf/httpd.conf "Listen 81"
+
+  assertNumberOfTomcatProcesses 1
+  # bad cert apache wont start
+  assertNumberOfApacheProcesses 5
+  assertNumberOfShibProcesses 1
+
+  assertListeningOnPort 444
+  assertListeningOnPort 81
+  assertNotListeningOnPort 443
+  assertNotListeningOnPort 80
+  assertListeningOnPort 8600
+  assertListeningOnPort 8601
+  #assertListeningOnPort 8602
+  assertNotListeningOnPort 9001
+
+
+}
+export -f testContainerUiDifferentPorts

container_files/tier-support/test/grouperContainerUnitTestUiNoSsl.sh

@@ -0,0 +1,86 @@
+#!/bin/bash
+
+testContainerUiNoSsl() {
+
+  if [ "$#" -ne 0 ]; then
+    echo "You must enter exactly 0 command line arguments"
+    exit 1
+  fi
+
+  dockerRemoveContainer
+
+  echo
+  echo '################'
+  echo Running container as ui without SSL with SSL client
+  echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_USE_SSL=false -e GROUPER_TOMCAT_LOG_ACCESS=true -e GROUPER_APACHE_DIRECTORY_INDEXES=true -e GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES=30 $imageName ui"
+  echo '################'
+  echo
+
+  docker run --detach --name $containerName --publish 443:443 -e GROUPER_USE_SSL=false -e GROUPER_TOMCAT_LOG_ACCESS=true -e GROUPER_APACHE_DIRECTORY_INDEXES=true -e GROUPER_TOMCAT_SESSION_TIMEOUT_MINUTES=30 $imageName ui
+  sleep $globalSleepSecondsAfterRun
+
+  assertFileExists /etc/httpd/conf.d/ssl-enabled.conf.dontuse
+  assertFileExists /etc/httpd/conf.d/ssl.conf.dontuse
+  assertFileNotExists /etc/httpd/conf.d/ssl-enabled.conf
+  assertFileNotExists /etc/httpd/conf.d/ssl.conf
+
+  assertFileContains /etc/httpd/conf/httpd.conf "Options Indexes"
+
+  assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
+  assertFileContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
+  assertFileContains /opt/tier-support/supervisord.conf "program:tomee"
+  assertFileContains /opt/tier-support/supervisord.conf "program:httpd"
+  assertFileContains /opt/tier-support/supervisord.conf "user=shibd"
+  assertFileNotContains /opt/tier-support/supervisord.conf "__"
+  assertFileContains /opt/tomee/conf/server.xml "AccessLogValve"
+  assertFileContains /opt/tomee/conf/server.xml 'secure="true"'
+  assertFileContains /opt/tomee/conf/server.xml 'scheme="https"'
+  assertFileNotContains /opt/tomee/conf/server.xml 'scheme="http"'
+  assertFileContains /opt/tomee/conf/web.xml "<session-timeout>30</session-timeout>"
+
+
+  assertEnvVar GROUPER_TOMCAT_LOG_ACCESS "true"
+  assertEnvVar GROUPERSCIM_PROXY_PASS "#"
+  assertEnvVar GROUPERSCIM_URL_CONTEXT "grouper-ws-scim"
+  assertEnvVar GROUPERWS_PROXY_PASS "#"
+  assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+  assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
+  assertEnvVar GROUPER_APACHE_SSL_PORT "443"
+  assertEnvVar GROUPER_CHOWN_DIRS "true"
+  assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+  assertEnvVar GROUPER_DAEMON "false"
+  assertEnvVar GROUPER_GSH_CHECK_USER "true"
+  assertEnvVar GROUPER_GSH_USER "tomcat"
+  assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+  assertEnvVar GROUPER_LOG_PREFIX "grouper-ui"
+  assertEnvVar GROUPER_MAX_MEMORY "1500m"
+  assertEnvVar GROUPER_PROXY_PASS ""
+  assertEnvVar GROUPER_RUN_APACHE "true"
+  assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+  assertEnvVar GROUPER_RUN_SHIB_SP "true"
+  assertEnvVar GROUPER_RUN_TOMEE "true"
+  assertEnvVar GROUPER_SCIM "false"
+  assertEnvVar GROUPER_SCIM_GROUPER_AUTH "false"
+  assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
+  assertEnvVar GROUPER_UI "true"
+  assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32"
+  assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+  assertEnvVar GROUPER_UI_ONLY "true"
+  assertEnvVar GROUPER_URL_CONTEXT "grouper"
+  assertEnvVar GROUPER_USE_SSL "false"
+  assertEnvVar GROUPER_WS "false"
+  assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+  assertEnvVar GROUPER_WEBCLIENT_IS_SSL "true"
+
+  assertNumberOfTomcatProcesses 1
+  assertNumberOfApacheProcesses 5
+  assertNumberOfShibProcesses 1
+
+  assertNotListeningOnPort 443
+  assertListeningOnPort 80
+  assertListeningOnPort 8009
+  assertNotListeningOnPort 9001
+
+
+}
+export -f testContainerUiNoSsl

container_files/tier-support/test/grouperContainerUnitTestUiNoSslOrClient.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+
+testContainerUiNoSslOrClient() {
+
+  if [ "$#" -ne 0 ]; then
+    echo "You must enter exactly 0 command line arguments"
+    exit 1
+  fi
+
+  dockerRemoveContainer
+
+  echo
+  echo '################'
+  echo Running container as ui without SSL with non-SSL client
+  echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_USE_SSL=false -e GROUPER_WEBCLIENT_IS_SSL=false $imageName ui"
+  echo '################'
+  echo
+
+  docker run --detach --name $containerName --publish 443:443 -e GROUPER_USE_SSL=false -e GROUPER_WEBCLIENT_IS_SSL=false $imageName ui
+  sleep $globalSleepSecondsAfterRun
+
+  assertFileExists /etc/httpd/conf.d/ssl-enabled.conf.dontuse
+  assertFileExists /etc/httpd/conf.d/ssl.conf.dontuse
+  assertFileNotExists /etc/httpd/conf.d/ssl-enabled.conf
+  assertFileNotExists /etc/httpd/conf.d/ssl.conf
+
+  assertFileNotContains /opt/tomee/conf/server.xml 'secure="true"'
+  assertFileNotContains /opt/tomee/conf/server.xml 'scheme="https"'
+  assertFileContains /opt/tomee/conf/server.xml 'scheme="http"'
+
+  assertEnvVar GROUPER_USE_SSL "false"
+  assertEnvVar GROUPER_WEBCLIENT_IS_SSL "false"
+
+
+  assertNumberOfTomcatProcesses 1
+  assertNumberOfApacheProcesses 5
+  assertNumberOfShibProcesses 1
+
+  assertNotListeningOnPort 443
+  assertListeningOnPort 80
+  assertListeningOnPort 8009
+  assertNotListeningOnPort 9001
+
+
+}
+export -f testContainerUiNoSsl

container_files/tier-support/test/grouperContainerUnitTestUiSubimage.sh

@@ -0,0 +1,108 @@
+#!/bin/bash
+
+testContainerUiSubimage() {
+
+  if [ "$#" -ne 0 ]; then
+    echo "You must enter exactly 0 command line arguments"
+    exit 1
+  fi
+
+  dockerRemoveContainer
+  dockerRemoveSubimage
+
+  subimageId="my_$containerName"
+  subimageName="$subimageId:latest"
+
+  echo "" > Dockerfile
+  echo "FROM $imageName" >> Dockerfile
+  echo "ENV GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES 1.1.1.1/32" >> Dockerfile
+  echo "" >> Dockerfile
+
+  echo
+  echo '################'
+  echo Running container with subimage as ui
+  echo cat DockerFile
+  cat Dockerfile
+  echo "docker build -t $subimageId ."
+  echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/host-cert.pem $subimageId ui"
+  echo '################'
+  echo
+
+  docker build -t "$subimageId" .
+
+  docker run --detach --name $containerName --publish 443:443 -e GROUPER_SSL_CERT_FILE=/etc/pki/tls/certs/host-cert.pem $subimageId ui
+  sleep $globalSleepSecondsAfterRun
+
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+  assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libScim/stax-api-1.0-2.jar
+  assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+  assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+  assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
+  assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
+  assertFileContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
+  assertFileContains /opt/tier-support/supervisord.conf "program:tomee"
+  assertFileContains /opt/tier-support/supervisord.conf "program:httpd"
+  assertFileContains /opt/tier-support/supervisord.conf "user=shibd"
+  assertFileNotContains /opt/tier-support/supervisord.conf "program:hsqldb"
+  assertFileNotContains /opt/tier-support/supervisord.conf "__"
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt
+
+  assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "/tmp/logpipe"
+  assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "grouper-ui;"
+
+  assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties grouperPasswordConfigOverride_UI_GrouperSystem_pass.elConfig
+  assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties thisPassIsCopyrightedDontUse
+
+  assertFileContains /etc/httpd/conf.d/grouper-www.conf "3600"
+  assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
+
+  assertEnvVar GROUPERSCIM_PROXY_PASS "#"
+  assertEnvVar GROUPERSCIM_URL_CONTEXT "grouper-ws-scim"
+  assertEnvVar GROUPERWS_PROXY_PASS "#"
+  assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+  assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600"
+  assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
+  assertEnvVar GROUPER_APACHE_SSL_PORT "443"
+  assertEnvVar GROUPER_CHOWN_DIRS "true"
+  assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+  assertEnvVar GROUPER_DAEMON "false"
+  assertEnvVar GROUPER_GSH_CHECK_USER "true"
+  assertEnvVar GROUPER_GSH_USER "tomcat"
+  assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+  assertEnvVar GROUPER_LOG_PREFIX "grouper-ui"
+  assertEnvVar GROUPER_MAX_MEMORY "1500m"
+  assertEnvVar GROUPER_PROXY_PASS ""
+  assertEnvVar GROUPER_RUN_APACHE "true"
+  assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+  assertEnvVar GROUPER_RUN_SHIB_SP "true"
+  assertEnvVar GROUPER_RUN_TOMEE "true"
+  assertEnvVar GROUPER_SCIM "false"
+  assertEnvVar GROUPER_SCIM_GROUPER_AUTH "false"
+  assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
+  assertEnvVar GROUPER_UI "true"
+  assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "1.1.1.1/32"
+  assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+  assertEnvVar GROUPER_UI_ONLY "true"
+  assertEnvVar GROUPER_URL_CONTEXT "grouper"
+  assertEnvVar GROUPER_USE_SSL "true"
+  assertEnvVar GROUPER_WS "false"
+  assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+
+  assertNumberOfTomcatProcesses 1
+  # bad cert apache wont start
+  assertNumberOfApacheProcesses 0
+  assertNumberOfShibProcesses 1
+
+  assertNotListeningOnPort 443
+  assertNotListeningOnPort 80
+  assertListeningOnPort 8009
+  assertNotListeningOnPort 9001
+
+
+}
+export -f testContainerUiSubimage

container_files/tier-support/test/grouperContainerUnitTestUiSubimageNonroot.sh

@@ -0,0 +1,93 @@
+#!/bin/bash
+
+testContainerUiSubimageNonroot() {
+
+  if [ "$#" -ne 0 ]; then
+    echo "You must enter exactly 0 command line arguments"
+    exit 1
+  fi
+
+  dockerRemoveContainer
+  dockerRemoveSubimage
+
+  subimageId="my_$containerName"
+  subimageName="$subimageId:latest"
+  myId="$(id -u)"
+
+  echo "" > Dockerfile
+  echo "FROM $imageName" >> Dockerfile
+  echo "RUN /usr/local/bin/changeUid.sh tomcat $myId" >> Dockerfile
+  echo "" >> Dockerfile
+
+  echo
+  echo '################'
+  echo Running container with subimage as ui without root
+  echo cat DockerFile
+  cat Dockerfile
+  echo "docker build -t $subimageId ."
+  echo "docker run --detach --name $containerName -u $myId -e GROUPER_RUN_TOMCAT_NOT_SUPERVISOR=true --publish 8080:8080 $subimageId ui"
+  echo '################'
+  echo
+
+  docker build -t "$subimageId" .
+
+  docker run --detach --name $containerName -u $myId -e GROUPER_RUN_TOMCAT_NOT_SUPERVISOR=true --publish 8080:8080 $subimageId ui
+  sleep $globalSleepSecondsAfterRun
+
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+  assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libScim/stax-api-1.0-2.jar
+  assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+  assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+  assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+  assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "/tmp/logpipe"
+  assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "grouper-ui;"
+
+  assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties grouperPasswordConfigOverride_UI_GrouperSystem_pass.elConfig
+  assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties thisPassIsCopyrightedDontUse
+
+  assertEnvVar GROUPERSCIM_PROXY_PASS "#"
+  assertEnvVar GROUPERSCIM_URL_CONTEXT "grouper-ws-scim"
+  assertEnvVar GROUPERWS_PROXY_PASS "#"
+  assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+  assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600"
+  assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
+  assertEnvVar GROUPER_APACHE_SSL_PORT "443"
+  assertEnvVarNot GROUPER_CHOWN_DIRS "true"
+  assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+  assertEnvVar GROUPER_DAEMON "false"
+  assertEnvVar GROUPER_GSH_CHECK_USER "true"
+  assertEnvVar GROUPER_GSH_USER "tomcat"
+  assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+  assertEnvVar GROUPER_LOG_PREFIX "grouper-ui"
+  assertEnvVar GROUPER_MAX_MEMORY "1500m"
+  assertEnvVar GROUPER_PROXY_PASS ""
+  assertEnvVarNot GROUPER_RUN_APACHE "true"
+  assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+  assertEnvVarNot GROUPER_RUN_SHIB_SP "true"
+  assertEnvVar GROUPER_RUN_TOMEE "true"
+  assertEnvVar GROUPER_SCIM "false"
+  assertEnvVar GROUPER_SCIM_GROUPER_AUTH "false"
+  assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper"
+  assertEnvVar GROUPER_UI "true"
+  assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32"
+  assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+  assertEnvVar GROUPER_UI_ONLY "true"
+  assertEnvVar GROUPER_URL_CONTEXT "grouper"
+  assertEnvVar GROUPER_USE_SSL "true"
+  assertEnvVar GROUPER_WS "false"
+  assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+
+  assertNumberOfTomcatProcesses 13
+  # bad cert apache wont start
+  assertNumberOfApacheProcesses 0
+  assertNumberOfShibProcesses 0
+
+  assertNotListeningOnPort 443
+  assertNotListeningOnPort 80
+  assertListeningOnPort 8009
+  assertNotListeningOnPort 9001
+
+}
+export -f testContainerUiSubimageNonroot

container_files/tier-support/test/grouperContainerUnitTestWs.sh

@@ -0,0 +1,99 @@
+#!/bin/bash
+
+testContainerWs() {
+
+  if [ "$#" -ne 0 ]; then
+    echo "You must enter exactly 0 command line arguments"
+    exit 1
+  fi
+
+  dockerRemoveContainer
+
+  echo
+  echo '################'
+  echo Running container as ws
+  echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_APACHE_SERVER_NAME=https://a.b.c:443 $imageName ws"
+  echo '################'
+  echo
+
+  docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_APACHE_SERVER_NAME=https://a.b.c:443 $imageName ws
+  sleep $globalSleepSecondsAfterRun
+
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libScim/stax-api-1.0-2.jar
+  assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+  assertFileNotExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+  assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+  assertFileNotContains /opt/grouper/grouperWebapp/WEB-INF/web.xml "<auth-method>BASIC</auth-method>"
+  assertFileNotContains /opt/tomee/conf/server.xml 'tomcatAuthentication="true"'
+  assertFileContains /opt/tomee/conf/server.xml 'tomcatAuthentication="false"'
+
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
+  assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
+  assertFileNotContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
+  assertFileContains /opt/tier-support/supervisord.conf "program:tomee"
+  assertFileContains /opt/tier-support/supervisord.conf "program:httpd"
+  assertFileNotContains /opt/tier-support/supervisord.conf "user=shibd"
+  assertFileNotContains /opt/tier-support/supervisord.conf "__"
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt
+
+  assertFileContains /opt/tomee/conf/Catalina/localhost/grouper-ws.xml 'cookies="false"'
+  assertFileContains /opt/tomee/conf/web.xml "<session-timeout>1</session-timeout>"
+
+  assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "grouper-ws;"
+
+  assertFileContains /etc/httpd/conf.d/grouper-www.conf "3600"
+  assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
+
+  assertFileContains /etc/httpd/conf.d/grouper-www.conf "ServerName https://a.b.c:443"
+  assertFileContains /etc/httpd/conf.d/grouper-www.conf "UseCanonicalName On"
+
+  assertEnvVar GROUPER_APACHE_SERVER_NAME https://a.b.c:443
+  assertEnvVar GROUPERSCIM_PROXY_PASS "#"
+  assertEnvVar GROUPERSCIM_URL_CONTEXT "grouper-ws-scim"
+  assertEnvVar GROUPERWS_PROXY_PASS ""
+  assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+  assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600"
+  assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
+  assertEnvVar GROUPER_APACHE_SSL_PORT "443"
+  assertEnvVar GROUPER_CHOWN_DIRS "true"
+  assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+  assertEnvVar GROUPER_DAEMON "false"
+  assertEnvVar GROUPER_GSH_CHECK_USER "true"
+  assertEnvVar GROUPER_GSH_USER "tomcat"
+  assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+  assertEnvVar GROUPER_LOG_PREFIX "grouper-ws"
+  assertEnvVar GROUPER_MAX_MEMORY "1500m"
+  assertEnvVar GROUPER_PROXY_PASS "#"
+  assertEnvVar GROUPER_RUN_APACHE "true"
+  assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+  assertEnvVarNot GROUPER_RUN_SHIB_SP "true"
+  assertEnvVar GROUPER_RUN_TOMEE "true"
+  assertEnvVar GROUPER_SCIM "false"
+  assertEnvVar GROUPER_SCIM_GROUPER_AUTH "false"
+  assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper-ws"
+  assertEnvVar GROUPER_UI "false"
+  assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32"
+  assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+  assertEnvVarNot GROUPER_UI_ONLY "true"
+  assertEnvVar GROUPER_URL_CONTEXT "grouper"
+  assertEnvVar GROUPER_USE_SSL "true"
+  assertEnvVar GROUPER_WS "true"
+  assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+  assertEnvVar GROUPER_WS_ONLY "true"
+
+  assertNumberOfTomcatProcesses 1
+  assertNumberOfApacheProcesses 5
+  assertNumberOfShibProcesses 0
+
+  assertListeningOnPort 443
+  assertListeningOnPort 80
+  assertListeningOnPort 8009
+  assertNotListeningOnPort 9001
+
+}
+export -f testContainerWs

container_files/tier-support/test/grouperContainerUnitTestWsAuthn.sh

@@ -0,0 +1,99 @@
+#!/bin/bash
+
+testContainerWsAuthn() {
+
+  if [ "$#" -ne 0 ]; then
+    echo "You must enter exactly 0 command line arguments"
+    exit 1
+  fi
+
+  dockerRemoveContainer
+
+  echo
+  echo '################'
+  echo Running container as ws with tomcat authn
+  echo "docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_APACHE_SERVER_NAME=https://a.b.c:443 -e GROUPER_WS_TOMCAT_AUTHN=true $imageName ws"
+  echo '################'
+  echo
+
+  docker run --detach --name $containerName --publish 443:443 -e GROUPER_SELF_SIGNED_CERT=true -e GROUPER_APACHE_SERVER_NAME=https://a.b.c:443 -e GROUPER_WS_TOMCAT_AUTHN=true $imageName ws
+  sleep $globalSleepSecondsAfterRun
+
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libWs/axis2-kernel-1.6.4.jar
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/lib/axis2-kernel-1.6.4.jar
+  assertFileExists /opt/grouper/grouperWebapp/WEB-INF/libScim/stax-api-1.0-2.jar
+  assertFileNotExists /opt/grouper/grouperWebapp/WEB-INF/lib/stax-api-1.0-2.jar
+  assertFileNotExists "/opt/grouper/grouperWebapp/WEB-INF/lib/grouper-messaging-activemq-$grouperVersion.jar"
+  assertFileExists "/opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon/grouper-messaging-activemq-$grouperVersion.jar"
+
+  assertFileContains /opt/grouper/grouperWebapp/WEB-INF/web.xml "<auth-method>BASIC</auth-method>"
+  assertFileContains /opt/tomee/conf/server.xml 'tomcatAuthentication="true"'
+  assertFileNotContains /opt/tomee/conf/server.xml 'tomcatAuthentication="false"'
+
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf "Listen 443 https"
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf "__"
+  assertFileContains /etc/httpd/conf/httpd.conf "Listen 80"
+  assertFileNotContains /opt/tier-support/supervisord.conf "program:shibbolethsp"
+  assertFileContains /opt/tier-support/supervisord.conf "program:tomee"
+  assertFileContains /opt/tier-support/supervisord.conf "program:httpd"
+  assertFileNotContains /opt/tier-support/supervisord.conf "user=shibd"
+  assertFileNotContains /opt/tier-support/supervisord.conf "__"
+  assertFileNotContains /etc/httpd/conf.d/ssl-enabled.conf cachain.pem
+  assertFileContains /etc/httpd/conf.d/ssl-enabled.conf /etc/pki/tls/certs/localhost.crt
+
+  assertFileContains /opt/tomee/conf/Catalina/localhost/grouper-ws.xml 'cookies="false"'
+  assertFileContains /opt/tomee/conf/web.xml "<session-timeout>1</session-timeout>"
+
+  assertFileContains /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties "grouper-ws;"
+
+  assertFileContains /etc/httpd/conf.d/grouper-www.conf "3600"
+  assertFileNotContains /etc/httpd/conf.d/grouper-www.conf "__"
+
+  assertFileContains /etc/httpd/conf.d/grouper-www.conf "ServerName https://a.b.c:443"
+  assertFileContains /etc/httpd/conf.d/grouper-www.conf "UseCanonicalName On"
+
+  assertEnvVar GROUPER_APACHE_SERVER_NAME https://a.b.c:443
+  assertEnvVar GROUPERSCIM_PROXY_PASS "#"
+  assertEnvVar GROUPERSCIM_URL_CONTEXT "grouper-ws-scim"
+  assertEnvVar GROUPERWS_PROXY_PASS ""
+  assertEnvVar GROUPERWS_URL_CONTEXT "grouper-ws"
+  assertEnvVar GROUPER_APACHE_AJP_TIMEOUT_SECONDS "3600"
+  assertEnvVar GROUPER_APACHE_NONSSL_PORT "80"
+  assertEnvVar GROUPER_APACHE_SSL_PORT "443"
+  assertEnvVar GROUPER_CHOWN_DIRS "true"
+  assertEnvVar GROUPER_CONTAINER_VERSION "$containerVersion"
+  assertEnvVar GROUPER_DAEMON "false"
+  assertEnvVar GROUPER_GSH_CHECK_USER "true"
+  assertEnvVar GROUPER_GSH_USER "tomcat"
+  assertEnvVar GROUPER_HOME "/opt/grouper/grouperWebapp/WEB-INF"
+  assertEnvVar GROUPER_LOG_PREFIX "grouper-ws"
+  assertEnvVar GROUPER_MAX_MEMORY "1500m"
+  assertEnvVar GROUPER_PROXY_PASS "#"
+  assertEnvVar GROUPER_RUN_APACHE "true"
+  assertEnvVar GROUPER_RUN_PROCESSES_AS_USERS "true"
+  assertEnvVarNot GROUPER_RUN_SHIB_SP "true"
+  assertEnvVar GROUPER_RUN_TOMEE "true"
+  assertEnvVar GROUPER_SCIM "false"
+  assertEnvVar GROUPER_SCIM_GROUPER_AUTH "false"
+  assertEnvVar GROUPER_TOMCAT_CONTEXT "grouper-ws"
+  assertEnvVar GROUPER_UI "false"
+  assertEnvVar GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES "127.0.0.1/32"
+  assertEnvVar GROUPER_UI_GROUPER_AUTH "false"
+  assertEnvVarNot GROUPER_UI_ONLY "true"
+  assertEnvVar GROUPER_URL_CONTEXT "grouper"
+  assertEnvVar GROUPER_USE_SSL "true"
+  assertEnvVar GROUPER_WS "true"
+  assertEnvVar GROUPER_WS_GROUPER_AUTH "false"
+  assertEnvVar GROUPER_WS_ONLY "true"
+
+  assertNumberOfTomcatProcesses 1
+  assertNumberOfApacheProcesses 5
+  assertNumberOfShibProcesses 0
+
+  assertListeningOnPort 443
+  assertListeningOnPort 80
+  assertListeningOnPort 8009
+  assertNotListeningOnPort 9001
+
+}
+export -f testContainerWsAuthn

container_files/tier-support/test/rebuildTestContainer.sh

@@ -0,0 +1,36 @@
+#/bin/bash
+
+if [ "$#" -ne 3 ]; then
+  echo "You must enter exactly 3 command line arguments: grouper base image name, grouper base container version, grouper_container_git_base_dir"
+  echo "rebuildTestContainer.sh i2incommon/grouper:2.5.35 2.5.35 /mnt/c/git/grouper_container"
+  exit 1
+fi
+
+export grouperBaseImageName=$1
+export grouperBaseContainerVersion=$2
+export grouperContainerGitPath=$3
+export subimageName=my-grouper-$2
+
+export reldir=`dirname $0`
+cd $reldir
+
+# /mnt/c/mchyzer/git/grouper_container
+mkdir -p slashRoot/usr/local/bin
+rsync -avzpl $grouperContainerGitPath/container_files/usr-local-bin/* slashRoot/usr/local/bin
+
+mkdir -p slashRoot/etc/httpd/conf.d
+rsync -avzpl $grouperContainerGitPath/container_files/httpd/* slashRoot/etc/httpd/conf.d
+
+mkdir -p slashRoot/opt/tier-support/originalFiles
+rsync -avzpl $grouperContainerGitPath/container_files/httpd/ssl-enabled.conf slashRoot/opt/tier-support/originalFiles
+
+rsync -avzpl $grouperContainerGitPath/container_files/tier-support/test/grouper*.sh $reldir
+
+#mkdir -p slashRoot/opt/tomee/conf
+#rsync -avzpl $grouperContainerGitPath/container_files/tomee/conf/* slashRoot/opt/tomee/conf/
+
+sed -i "s|__BASE_CONTAINER__|$grouperBaseImageName|g" "testContainer.Dockerfile"
+
+docker build -f testContainer.Dockerfile -t $subimageName --build-arg GROUPER_VERSION=$grouperBaseContainerVersion $reldir
+
+echo "Run tests with: ./grouperContainerUnitTest.sh grouper-test $subimageName:latest $grouperBaseContainerVersion $grouperBaseContainerVersion"

container_files/tier-support/test/testContainer.Dockerfile

@@ -0,0 +1,11 @@
+# this matches the version you decided on from release notes
+ARG GROUPER_VERSION=2.5.XX
+
+#  --build-arg GROUPER_VERSION=${VARIABLE_NAME} i2incommon/grouper:${GROUPER_VERSION}
+FROM i2incommon/grouper:2.5.XX
+
+# this will overlay all the files from /opt/grouperContainer/slashRoot on to /
+COPY slashRoot /
+
+RUN chown -R tomcat:root /opt/grouper \
+ && chown -R tomcat:root /opt/tomee

container_files/tier-support/web.wsTomcatAuthn.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns:j2ee="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
+  version="2.4">
+
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>Web services</web-resource-name>
+      <url-pattern>/services/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+      <role-name>grouper_user</role-name>
+    </auth-constraint>
+  </security-constraint>
+
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>Web services</web-resource-name>
+      <url-pattern>/servicesRest/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+      <!-- NOTE:  This role is not present in the default users file -->
+      <role-name>grouper_user</role-name>
+    </auth-constraint>
+  </security-constraint>
+
+  <!-- Define the Login Configuration for this Application -->
+  <login-config>
+    <auth-method>BASIC</auth-method>
+    <realm-name>Grouper Application</realm-name>
+  </login-config>
+
+  <!-- Security roles referenced by this web application -->
+  <security-role>
+    <description>
+      The role that is required to log in to web service
+    </description>
+    <role-name>grouper_user</role-name>
+  </security-role>
+
+</web-app>

container_files/tomee/bin/setenv.sh

@@ -1,3 +1,4 @@
 CLASSPATH=/opt/tomee/bin/*
-JAVA_OPTS="-Dlog4j.configurationFile=/opt/tomee/conf/log4j2.xml -DENV=$ENV -DUSERTOKEN=$USERTOKEN"
-LOGGING_MANAGER=-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager
+#JAVA_OPTS="-Dlog4j.configurationFile=/opt/tomee/conf/log4j2.xml -DENV=$ENV -DUSERTOKEN=$USERTOKEN"
+CATALINA_OPTS="-Xmx$GROUPER_MAX_MEMORY -XX:+UseG1GC -XX:+UseStringDeduplication -Dlog4j.configurationFile=/opt/tomee/conf/log4j2.xml -DENV=$ENV -DUSERTOKEN=$USERTOKEN -Dfile.encoding=UTF-8 $GROUPER_EXTRA_CATALINA_OPTS"
+LOGGING_MANAGER=-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager

container_files/tomee/conf/Catalina/localhost/grouper.xml

@@ -0,0 +1,3 @@
+<Context docBase="/opt/grouper/grouperWebapp/" path="/__GROUPER_TOMCAT_CONTEXT__" reloadable="false" cookies="__GROUPER_CONTEXT_COOKIES__"  > 
+  <Resources allowLinking="true" />
+</Context>