Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Loading status checks…
Merge branch 'master' of https://github.internet2.edu/docker/grouper_… 
…training
@dima767
dima767 committed Oct 2, 2018
2 parents d4294f4 + f8d0920 commit 360089f
Showing 5 changed files with 80 additions and 5 deletions.
4 changes: 2 additions & 2 deletions Jenkinsfile
View file
@@ -15,9 +15,9 @@
**/
exceriseSets = [
// 'ex101' : [3, 2],
// 'ex201' : [2, 2, 5, 6],
'ex201' : [1],
// 'ex301' : [2, 2, 5, 6],
'ex401' : [6, 9]
'ex401' : [6, 9, 7, 1]
]

pipeline {
4 changes: 2 additions & 2 deletions README.md
View file
@@ -6,7 +6,7 @@ A set of Grouper images that are used during I2/TIER training.
## Full Demo

```
docker run -d -p 80:80 -p 389:389 -p 8443:443 -p 3306:3306 \
docker run -d -p 389:389 -p 8443:443 -p 3306:3306 \
--name grouper-demo tier/grouper-training-env:full_demo
```

@@ -79,7 +79,7 @@ Now browse to http://localhost:15672/ and login with `guest`/`guest`, and create
Now start the ex401 Grouper with this slightly modified command:

```bash
docker run -d -p 80:80 -p 389:389 -p 8443:443 -p 3306:3306 \
docker run -d -p 389:389 -p 8443:443 -p 3306:3306 \
--link rabbitmq:rabbitmq --name gte tier/grouper-training-env:exXXX

```
2 changes: 1 addition & 1 deletion base/Dockerfile
View file
@@ -12,7 +12,7 @@ ENV ENV=training \
USERTOKEN=3.2.0_base

RUN yum install -y epel-release \
&& yum install -y mariadb mariadb-server openldap openldap-clients openldap-servers phpMyAdmin phpldapadmin \
&& yum install -y emacs mariadb mariadb-server nano openldap openldap-clients openldap-servers phpMyAdmin phpldapadmin \
&& yum clean all

COPY container_files/seed-data/ /seed-data/
17 changes: 17 additions & 0 deletions ex401/ex401.1.1/container_files/seed-data/ephemeral.gsh
View file
@@ -0,0 +1,17 @@
// Script parameters
group_name = "app:boardeffect:ref:workroom_helpers";
numDays = 3;


actAs = SubjectFinder.findRootSubject();
vpn_adhoc = getGroups(group_name)[0];
attribAssign = vpn_adhoc.getAttributeDelegate().addAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
attribValueDelegate = attribAssign.getAttributeValueDelegate();
attribValueDelegate.assignValue(RuleUtils.ruleActAsSubjectSourceIdName(), actAs.getSourceId());
attribValueDelegate.assignValue(RuleUtils.ruleRunDaemonName(), "F");
attribValueDelegate.assignValue(RuleUtils.ruleActAsSubjectIdName(), actAs.getId());
attribValueDelegate.assignValue(RuleUtils.ruleCheckTypeName(), RuleCheckType.membershipAdd.name());
attribValueDelegate.assignValue(RuleUtils.ruleIfConditionEnumName(), RuleIfConditionEnum.thisGroupHasImmediateEnabledNoEndDateMembership.name());
attribValueDelegate.assignValue(RuleUtils.ruleThenEnumName(), RuleThenEnum.assignMembershipDisabledDaysForOwnerGroupId.name());
attribValueDelegate.assignValue(RuleUtils.ruleThenEnumArg0Name(), numDays.toString());
attribValueDelegate.assignValue(RuleUtils.ruleThenEnumArg1Name(), "T");
58 changes: 58 additions & 0 deletions ex401/ex401.1.1/container_files/seed-data/skeleton.gsh
View file
@@ -0,0 +1,58 @@
// SET THESE
parent_stem_path = "app";
app_extension = "board_effect";
app_name = "Board Effect";


if (!app_name?.trim())
{
app_name = app_extension;
}

def makeStemInheritable(obj, stemName, groupName, priv="admin") {
baseStem = obj.getStems(stemName)[0];
aGroup = obj.getGroups(groupName)[0];
RuleApi.inheritGroupPrivileges(
SubjectFinder.findRootSubject(),
baseStem,
Stem.Scope.SUB,
aGroup.toSubject(),
Privilege.getInstances(priv)
);
RuleApi.runRulesForOwner(baseStem);
if(priv == 'admin')
{
RuleApi.inheritFolderPrivileges(
SubjectFinder.findRootSubject(),
baseStem,
Stem.Scope.SUB,
aGroup.toSubject(),
Privilege.getInstances("stem, create"));
}
RuleApi.runRulesForOwner(baseStem);
}

stem = addStem(parent_stem_path, app_extension, app_name);
etc_stem = addStem(stem.name, "etc", "etc");
admin_group_name = "${app_extension}_admins";
admin_group = addGroup(etc_stem.name, admin_group_name, admin_group_name);
admin_group.grantPriv(admin_group.toMember().getSubject(), AccessPrivilege.ADMIN);
mgr_group_name = "${app_extension}_mgr";
mgr_group = addGroup(etc_stem.name, mgr_group_name, mgr_group_name);
mgr_group.grantPriv(admin_group.toMember().getSubject(), AccessPrivilege.ADMIN);
mgr_group.grantPriv(mgr_group.toMember().getSubject(), AccessPrivilege.UPDATE);
mgr_group.grantPriv(mgr_group.toMember().getSubject(), AccessPrivilege.READ);
view_group_name = "${app_extension}_viewers";
view_group = addGroup(etc_stem.name, view_group_name, view_group_name);
view_group.grantPriv(view_group.toMember().getSubject(), AccessPrivilege.READ);
view_group.grantPriv(admin_group.toMember().getSubject(), AccessPrivilege.ADMIN);
view_group.grantPriv(mgr_group.toMember().getSubject(), AccessPrivilege.UPDATE);
view_group.grantPriv(mgr_group.toMember().getSubject(), AccessPrivilege.READ);
admin_group.grantPriv(view_group.toMember().getSubject(), AccessPrivilege.READ);
mgr_group.grantPriv(view_group.toMember().getSubject(), AccessPrivilege.READ);
// Child objects should also grant perms to these groups.
makeStemInheritable(this, stem.name, admin_group.name, 'admin');
makeStemInheritable(this, stem.name, mgr_group.name, 'update');
makeStemInheritable(this, stem.name, mgr_group.name, 'read');
makeStemInheritable(this, stem.name, view_group.name, 'read');
admin_group.revokePriv(mgr_group.toMember().getSubject(), AccessPrivilege.UPDATE);

0 comments on commit 360089f

Please sign in to comment.