Adding more secrets to the POC.

docker · Mar 29, 2018 · Mar 13, 2018 · Mar 26, 2018 · Mar 26, 2018 · Mar 26, 2018
commit 2ef4ce9b9e610cde31dd4317c860f324dea2b780
diff --git a/test-compose/configs-and-secrets/grouper/grouper-loader.properties b/test-compose/configs-and-secrets/grouper/grouper-loader.properties
@@ -11,13 +11,13 @@
 ldap.demo.url = ldap://data:389/dc=example,dc=edu
 
 #optional, if authenticated
-#ldap.personLdap.user = uid=someapp,ou=people,dc=myschool,dc=edu
+ldap.demo.user = cn=admin,dc=internet2,dc=edu
 
 #optional, if authenticated note the password can be stored encrypted in an external file
-#ldap.personLdap.pass = secret
+ldap.demo.pass = ${java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('SUBJECT_SOURCE_LDAP_PASSWORD')}
 
 #optional, if you are using tls, set this to true.  Generally you will not be using an SSL URL to use TLS...
-#ldap.personLdap.tls = false
+ldap.demo.tls = false
 
 #optional, if using sasl
 #ldap.personLdap.saslAuthorizationId =

diff --git a/test-compose/configs-and-secrets/grouper/grouper.client.properties b/test-compose/configs-and-secrets/grouper/grouper.client.properties
@@ -55,7 +55,7 @@ grouperClient.webService.login = banderson
 
 # password for shared secret authentication to web service
 # or you can put a filename with an encrypted password
-grouperClient.webService.password = password
+grouperClient.webService.password = ${java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('GROUPER_CLIENT_WEBSERVICE_PASSWORD') }
 
 
 ################################
@@ -98,9 +98,9 @@ grouper.messaging.system.rabbitmq.name = rabbitmq
 grouper.messaging.system.rabbitmq.defaultSystemName = rabbitmqSystem
 
 grouper.messaging.system.rabbitmq.user = guest
- 
+
 #pass
-grouper.messaging.system.rabbitmq.password = guest
+grouper.messaging.system.rabbitmq.password = ${java.lang.System.getenv().get('RABBITMQ_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('RABBITMQ_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('RABBITMQ_PASSWORD') }
 # set the following three properties if you want to use TLS connection to rabbitmq. All three need to be populated.
 # TLS Version
 #grouper.messaging.system.rabbitmqSystem.tlsVersion = TLSv1.1

diff --git a/test-compose/configs-and-secrets/grouper/ldap.properties b/test-compose/configs-and-secrets/grouper/ldap.properties
diff --git a/test-compose/configs-and-secrets/grouper/rabbitmq_password.txt b/test-compose/configs-and-secrets/grouper/rabbitmq_password.txt
@@ -0,0 +1 @@
+guest
diff --git a/test-compose/docker-compose.yml b/test-compose/docker-compose.yml
@@ -14,18 +14,19 @@ services:
     depends_on: 
      - data
     environment:
+     - GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE=password
      - GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/database_password.txt
+     - RABBITMQ_PASSWORD_FILE=/run/secrets/rabbitmq_password.txt
      - SUBJECT_SOURCE_LDAP_PASSWORD=password
     networks:
      - back
     secrets:
      - database_password.txt
+     - rabbitmq_password.txt
      - source: grouper.hibernate.properties
        target: grouper_grouper.hibernate.properties
      - source: grouper-loader.properties
        target: grouper_grouper-loader.properties
-     - source: ldap.properties
-       target: grouper_ldap.properties
      - source: subject.properties
        target: grouper_subject.properties
 
@@ -71,8 +72,6 @@ services:
        target: grouper_grouper.hibernate.properties
      - source: grouper-loader.properties
        target: grouper_grouper-loader.properties
-     - source: ldap.properties
-       target: grouper_ldap.properties
      - source: subject.properties
        target: grouper_subject.properties
      - source: sp-key.pem
@@ -112,8 +111,6 @@ services:
        target: grouper_grouper.hibernate.properties
      - source: grouper-loader.properties
        target: grouper_grouper-loader.properties
-     - source: ldap.properties
-       target: grouper_ldap.properties
      - source: subject.properties
        target: grouper_subject.properties
      - source: host-key.pem
@@ -174,8 +171,6 @@ services:
        target: grouper_grouper.hibernate.properties
      - source: grouper-loader.properties
        target: grouper_grouper-loader.properties
-     - source: ldap.properties
-       target: grouper_ldap.properties
      - source: subject.properties
        target: grouper_subject.properties
 
@@ -235,12 +230,13 @@ secrets:
     file: ./configs-and-secrets/grouper/grouper-loader.properties
   subject.properties:
     file: ./configs-and-secrets/grouper/subject.properties
-  ldap.properties:
-    file: ./configs-and-secrets/grouper/ldap.properties
   sp-key.pem:
     file: ./configs-and-secrets/shibboleth/sp-key.pem
   host-key.pem:
     file: ./configs-and-secrets/httpd/host-key.pem
   database_password.txt:
     file: ./configs-and-secrets/grouper/database_password.txt
+  rabbitmq_password.txt:
+    file: ./configs-and-secrets/grouper/rabbitmq_password.txt
+