Merge branch 'master' of https://github.internet2.edu/docker/grouper_…

…training

ex401/ex401.1.1/Dockerfile

@@ -10,6 +10,7 @@ ENV USERTOKEN=ex401.1.1
 
 COPY container_files/seed-data/ /seed-data/
 COPY container_files/grouper-loader.properties /opt/grouper/conf/
+COPY container_files/grouper.client.properties /opt/grouper/conf/
 COPY container_files/subject.properties /opt/grouper/conf/
 
 RUN (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \

ex401/ex401.1.1/container_files/grouper-loader.properties

@@ -71,3 +71,22 @@ ldap.demo.tls = false
 
 #make the paths fully qualified and not relative to the loader group.
 loader.ldap.requireTopStemAsStemFromConfigGroup=false
+
+
+#####################################
+## Messaging integration with change log
+#####################################
+changeLog.consumer.rabbitMqMessagingSample.quartzCron = 0 * * * * ?                                                          
+
+# note, change "messagingSample" in key to be the name of the consumer.  e.g. changeLog.consumer.someNameAnyName.class
+changeLog.consumer.rabbitMqMessagingSample.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer
+
+changeLog.consumer.rabbitMqMessagingSample.publisher.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbMessagingPublisher
+changeLog.consumer.rabbitMqMessagingSample.publisher.messagingSystemName = rabbitmq
+# note, routingKey property is valid only for rabbitmq. For other messaging systems, it is ignored.
+changeLog.consumer.rabbitMqMessagingSample.publisher.routingKey = 
+## queue or topic
+changeLog.consumer.rabbitMqMessagingSample.publisher.messageQueueType = queue
+changeLog.consumer.rabbitMqMessagingSample.publisher.queueOrTopicName = grouper
+## this is optional if not using "id" for subjectId, need to be a subject attribute in the sources.xml
+#changeLog.consumer.rabbitMqMessagingSample.publisher.addSubjectAttributes = email

ex401/ex401.1.3/container_files/seed-data/bootstrap.gsh

@@ -5,7 +5,11 @@ addStem("app:vpn", "ref", "ref");
 
 addGroup("app:vpn:ref", "vpn_adhoc", "vpn_adhoc");
 addGroup("app:vpn", "vpn_authorized", "vpn_authorized");
+addGroup("app:vpn", "vpn_allow", "vpn_allow");
+addGroup("app:vpn", "vpn_deny", "vpn_deny");
 
-addMember("app:vpn:vpn_authorized", "ref:faculty");
-addMember("app:vpn:vpn_authorized", "ref:staff");
-addMember("app:vpn:vpn_authorized", "app:vpn:ref:vpn_adhoc");
+addMember("app:vpn:vpn_allow", "ref:faculty");
+addMember("app:vpn:vpn_allow", "ref:staff");
+addMember("app:vpn:vpn_allow", "app:vpn:ref:vpn_adhoc");
+
+addComposite("app:vpn:vpn_authorized", CompositeType.COMPLEMENT, "app:vpn:vpn_allow", "app:vpn:vpn_deny");

ex401/ex401.1.4/container_files/grouper-loader.properties

@@ -87,3 +87,21 @@ changeLog.consumer.pspng_groupOfNames.groupCreationLdifTemplate = dn: cn=${group
 changeLog.consumer.pspng_groupOfNames.userSearchBaseDn = ou=people,dc=internet2,dc=edu
 changeLog.consumer.pspng_groupOfNames.userSearchFilter = uid=${subject.id}
 changeLog.consumer.pspng_groupOfNames.grouperIsAuthoritative = false
+
+#####################################
+## Messaging integration with change log
+#####################################
+changeLog.consumer.rabbitMqMessagingSample.quartzCron = 0 * * * * ?                                                          
+
+# note, change "messagingSample" in key to be the name of the consumer.  e.g. changeLog.consumer.someNameAnyName.class
+changeLog.consumer.rabbitMqMessagingSample.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer
+
+changeLog.consumer.rabbitMqMessagingSample.publisher.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbMessagingPublisher
+changeLog.consumer.rabbitMqMessagingSample.publisher.messagingSystemName = rabbitmq
+# note, routingKey property is valid only for rabbitmq. For other messaging systems, it is ignored.
+changeLog.consumer.rabbitMqMessagingSample.publisher.routingKey = 
+## queue or topic
+changeLog.consumer.rabbitMqMessagingSample.publisher.messageQueueType = queue
+changeLog.consumer.rabbitMqMessagingSample.publisher.queueOrTopicName = grouper
+## this is optional if not using "id" for subjectId, need to be a subject attribute in the sources.xml
+#changeLog.consumer.rabbitMqMessagingSample.publisher.addSubjectAttributes = email

ex401/ex401.1.5/container_files/seed-data/bootstrap.gsh

@@ -3,9 +3,7 @@ gs = GrouperSession.startRootSession();
 addStem("ref", "iam", "iam");
 addGroup("ref:iam", "global_deny", "global_deny");
 
-addGroup("app:vpn", "vpn_allow", "vpn_allow");
-addGroup("app:vpn", "vpn_deny", "vpn_deny");
-addMember("app:vpn:vpn_deny", "ref:iam:gobal_deny");
+addMember("app:vpn:vpn_deny", "ref:iam:global_deny");
 
 group=addGroup("app:vpn:ref", "vpn_ajohnson409", "vpn_ajohnson409");
 group.setDescription("special project managed by ajohnson409");
@@ -20,14 +18,6 @@ group=addGroup("app:vpn:ref", "vpn_consultants", "vpn_consultants");
 group.setDescription("Consultants, must be approved by VP and have expiration date set");
 group.store();
 
-//Refactoring group membership
-delGroup("app:vpn:vpn_authorized");
-addGroup("app:vpn", "vpn_authorized", "vpn_authorized");
-addComposite("app:vpn:vpn_authorized", CompositeType.COMPLEMENT, "app:vpn:vpn_allow", "app:vpn:vpn_deny");
-
-//Assign the PSPNG attribute for the standard groups (needs to match 401.1.4's initial settings)
-group = GroupFinder.findByName(gs, "app:vpn:vpn_authorized");
-
 # Auto create the PSPNG attributes
 # edu.internet2.middleware.grouper.pspng.FullSyncProvisionerFactory.getFullSyncer("pspng_groupOfNames");
 
@@ -39,10 +29,6 @@ attributeAssignSave.addValue("pspng_groupOfNames");
 attributeAssignSave.save();
 
 
-addMember("app:vpn:vpn_allow", "ref:faculty");
-addMember("app:vpn:vpn_allow", "ref:staff");
-addMember("app:vpn:vpn_allow", "ref:student");
-addMember("app:vpn:vpn_allow", "app:vpn:ref:vpn_adhoc");
 addMember("app:vpn:ref:vpn_adhoc", "app:vpn:ref:vpn_ajohnson409");
 addMember("app:vpn:ref:vpn_adhoc", "app:vpn:ref:vpn_consultants");
 
@@ -72,7 +58,7 @@ attributeAssignSave.addAttributeAssignOnThisAssignment(attributeAssignOnAssignSa
 attributeAssign = attributeAssignSave.save();
 
 
-# Groovy Script - Auto set expiration date on membership:
+// Groovy Script - Auto set expiration date on membership:
 numDays = 32;
 actAs = SubjectFinder.findRootSubject();
 vpn_adhoc = getGroups("app:vpn:ref:vpn_adhoc")[0];

ex401/ex401.2.3/container_files/grouper-loader.properties

@@ -98,3 +98,21 @@ changeLog.consumer.pspng_entitlements.provisionedAttributeValueFormat = ${group.
 changeLog.consumer.pspng_entitlements.userSearchBaseDn = ou=people,dc=internet2,dc=edu
 changeLog.consumer.pspng_entitlements.userSearchFilter = uid=${subject.id}
 changeLog.consumer.pspng_entitlements.allProvisionedValuesPrefix=*
+
+#####################################
+## Messaging integration with change log
+#####################################
+changeLog.consumer.rabbitMqMessagingSample.quartzCron = 0 * * * * ?                                                          
+
+# note, change "messagingSample" in key to be the name of the consumer.  e.g. changeLog.consumer.someNameAnyName.class
+changeLog.consumer.rabbitMqMessagingSample.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer
+
+changeLog.consumer.rabbitMqMessagingSample.publisher.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbMessagingPublisher
+changeLog.consumer.rabbitMqMessagingSample.publisher.messagingSystemName = rabbitmq
+# note, routingKey property is valid only for rabbitmq. For other messaging systems, it is ignored.
+changeLog.consumer.rabbitMqMessagingSample.publisher.routingKey = 
+## queue or topic
+changeLog.consumer.rabbitMqMessagingSample.publisher.messageQueueType = queue
+changeLog.consumer.rabbitMqMessagingSample.publisher.queueOrTopicName = grouper
+## this is optional if not using "id" for subjectId, need to be a subject attribute in the sources.xml
+#changeLog.consumer.rabbitMqMessagingSample.publisher.addSubjectAttributes = email

ex401/ex401.2.8/container_files/seed-data/bootstrap.gsh

@@ -4,17 +4,18 @@ addGroup("app:mfa", "mfa_required", "mfa_required");
 addGroup("app:mfa:ref", "mfa_opt_in", "mfa_opt_in");
 addMember("app:mfa:mfa_enabled_allow", "app:mfa:ref:mfa_opt_in");
 
-addGroup("app:mfa:ref", "mfa_opt_in_access", "mfa_opt_in_access");
-addGroup("app:mfa:ref", "mfa_opt_in_access_allow", "mfa_opt_in_access_allow");
-addGroup("app:mfa:ref", "mfa_opt_in_access_deny", "mfa_opt_in_access_deny");
+addStem("app:mfa", "etc", "etc")
+addGroup("app:mfa:etc", "mfa_opt_in_access", "mfa_opt_in_access");
+addGroup("app:mfa:etc", "mfa_opt_in_access_allow", "mfa_opt_in_access_allow");
+addGroup("app:mfa:etc", "mfa_opt_in_access_deny", "mfa_opt_in_access_deny");
 
-addComposite("app:mfa:ref:mfa_opt_in_access", CompositeType.COMPLEMENT, "app:mfa:ref:mfa_opt_in_access_allow", "app:mfa:ref:mfa_opt_in_access_deny");
+addComposite("app:mfa:etc:mfa_opt_in_access", CompositeType.COMPLEMENT, "app:mfa:etc:mfa_opt_in_access_allow", "app:mfa:etc:mfa_opt_in_access_deny");
 
-addMember("app:mfa:ref:mfa_opt_in_access_allow", "ref:faculty");
-addMember("app:mfa:ref:mfa_opt_in_access_allow", "ref:staff");
-addMember("app:mfa:ref:mfa_opt_in_access_allow", "ref:student");
+addMember("app:mfa:etc:mfa_opt_in_access_allow", "ref:faculty");
+addMember("app:mfa:etc:mfa_opt_in_access_allow", "ref:staff");
+addMember("app:mfa:etc:mfa_opt_in_access_allow", "ref:student");
 
-addMember("app:mfa:ref:mfa_opt_in_access_deny", "app:mfa:mfa_required");
+addMember("app:mfa:etc:mfa_opt_in_access_deny", "app:mfa:mfa_required");
 
-grantPriv("app:mfa:ref:mfa_opt_in", "app:mfa:ref:mfa_opt_in_access", AccessPrivilege.OPTIN);
-grantPriv("app:mfa:ref:mfa_opt_in", "app:mfa:ref:mfa_opt_in_access", AccessPrivilege.OPTOUT);
+grantPriv("app:mfa:ref:mfa_opt_in", "app:mfa:etc:mfa_opt_in_access", AccessPrivilege.OPTIN);
+grantPriv("app:mfa:ref:mfa_opt_in", "app:mfa:etc:mfa_opt_in_access", AccessPrivilege.OPTOUT);

ex401/ex401.2.9/container_files/seed-data/bootstrap.gsh

@@ -6,7 +6,7 @@ group = GroupFinder.findByName(gs, "app:mfa:ref:mfa_bypass", true);
 stem = StemFinder.findByName(gs, "app:mfa:basis", true);
 group.move(stem);
 
-addGroup("app:mfa:ref", "bypass-not-opt-in", "bypass-not-opt-in");
-addComposite("app:mfa:ref:bypass-not-opt-in", CompositeType.COMPLEMENT, "app:mfa:basis:mfa_bypass", "app:mfa:ref:mfa_opt_in");
+addGroup("app:mfa:ref", "mfa_bypass_not_opt_in", "mfa_bypass_not_opt_in");
+addComposite("app:mfa:ref:mfa_bypass_not_opt_in", CompositeType.COMPLEMENT, "app:mfa:basis:mfa_bypass", "app:mfa:ref:mfa_opt_in");
 
-addMember("app:mfa:mfa_enabled_deny", "app:mfa:ref:bypass-not-opt-in");
+addMember("app:mfa:mfa_enabled_deny", "app:mfa:ref:mfa_bypass_not_opt_in");

ex401/ex401.2.end/container_files/seed-data/bootstrap.gsh

@@ -3,13 +3,15 @@ gs = GrouperSession.startRootSession();
 addMember("app:mfa:mfa_enabled_allow", "ref:faculty");
 addMember("app:mfa:mfa_enabled_allow", "ref:staff");
 addMember("app:mfa:mfa_enabled_allow", "ref:student");
+delMember("app:mfa:mfa_enabled_allow", "ref:dept:Information Technology");
 
 delGroup("app:mfa:ref:pilot");
-delGroup("app:mfa:ref:mfa_opt_in_access");
-delGroup("app:mfa:ref:mfa_opt_in_access_allow");
-delGroup("app:mfa:ref:mfa_opt_in_access_deny");
+delGroup("app:mfa:etc:mfa_opt_in_access");
+delGroup("app:mfa:etc:mfa_opt_in_access_allow");
+delGroup("app:mfa:etc:mfa_opt_in_access_deny");
 delGroup("app:mfa:ref:mfa_opt_in");
-delGroup("app:mfa:ref:bypass-not-opt-in");
+delGroup("app:mfa:ref:mfa_bypass_not_opt_in");
+delGroup("app:mfa:mfa_required");
 delGroup("app:mfa:ref:BannerUsersMinusFaculty");
 delGroup("app:mfa:ref:NonFacultyBannerINB");
-delGroup("app:mfa:ref:athletics_dept");
+delGroup("app:mfa:ref:athletics_dept");

ex401/ex401.3.4/Dockerfile

@@ -9,8 +9,6 @@ LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
 ENV USERTOKEN=ex401.3.4
 
 COPY container_files/seed-data/ /seed-data/
-COPY container_files/grouper-loader.properties /opt/grouper/conf/
-COPY container_files/grouper.client.properties /opt/grouper/conf/
 COPY container_files/attribute-filter.xml /opt/shibboleth-idp/conf/
 
 RUN . /usr/local/bin/library.sh \