bunch of edits for june 2020 training

base/container_files/conf/grouper-ui.properties

@@ -2,4 +2,8 @@
 # it will add another layer of security.  Otherwise allow 0.0.0.0/0 and all will be allowed
 # If this configuration item is not filled in, then none are allowed
 # you can configure multiple CIDR addresses or networks comma separated, e.g. 1.2.3.4/32, 2.3.4.5/24
-grouperUi.configurationEditor.sourceIpAddresses = 0.0.0.0/0
+grouperUi.configurationEditor.sourceIpAddresses = 0.0.0.0/0
+
+# If logout should redirect to an external URL, put that URL here
+# ${valueType: "string"}
+grouperUi.logout.redirectToUrl = /Shibboleth.sso/Logout

base/container_files/conf/grouper.properties

@@ -52,4 +52,8 @@ grouper.requireGroup.name.0 = ref:employee:fac_staff
 
 # allowed to use this require group.  If not configured, anyone could use
 # {valueType: "group", regex: "^grouper\\.lockoutGroup\\.requireGroup\\.\\d+$"}
-# grouper.requireGroup.allowedToUse.0 = ref:activeCanUse
+# grouper.requireGroup.allowedToUse.0 = ref:activeCanUse
+
+# grouper reporting file system path where reports will be stored, e.g. /opt/grouper/reports
+# {valueType: "string", required: false}
+reporting.file.system.path = /tmp

ex401/ex401.1.1/Dockerfile

@@ -14,6 +14,8 @@ COPY container_files/grouper-loader.properties /opt/grouper/grouperWebapp/WEB-IN
 COPY container_files/grouper.client.properties /opt/grouper/grouperWebapp/WEB-INF/classes
 COPY container_files/subject.properties /opt/grouper/grouperWebapp/WEB-INF/classes
 COPY container_files/morphString.properties /opt/grouper/grouperWebapp/WEB-INF/classes
+COPY container_files/grouper.properties /opt/grouper/grouperWebapp/WEB-INF/classes
+COPY container_files/grouperText/grouper.text.en.us.properties /opt/grouper/grouperWebapp/WEB-INF/classes/grouperText/grouper.text.en.us.properties
 
 RUN . /usr/local/bin/library.sh \
     && prep_conf && prep_finish && setupFiles; \

ex401/ex401.1.1/container_files/grouper.properties

@@ -0,0 +1,81 @@
+#
+# Grouper Configuration
+# $Id: grouper.example.properties,v 1.48 2009-12-16 06:02:30 mchyzer Exp $
+#
+
+# Grouper uses Grouper Configuration Overlays (documented on wiki)
+# By default the configuration is read from grouper.base.properties
+# (which should not be edited), and the grouper.properties overlays
+# the base settings.  See the grouper.base.properties for the possible
+# settings that can be applied to the grouper.properties
+
+#if groups like the wheel group should be auto-created for convenience (note: check config needs to be on)
+configuration.autocreate.system.groups = true
+
+# A wheel group allows you to enable non-GrouperSystem subjects to act
+# like a root user when interacting with the registry.
+groups.wheel.use                      = true
+
+# Set to the name of the group you want to treat as the wheel group.
+# The members of this group will be treated as root-like users.
+groups.wheel.group                    = etc:sysadmingroup
+
+# Used to allow Include Exclude groups
+grouperIncludeExclude.use = true
+grouperIncludeExclude.requireGroups.use = true
+
+##################################
+## Lockout groups.  Could be used for other things, but used for policy group templates at least
+## if there is no allowed group, then anyone could use it
+##################################
+
+# group name of a lockout group
+# {valueType: "group", regex: "^grouper\\.lockoutGroup\\.name\\.\\d+$"}
+grouper.lockoutGroup.name.0 = ref:iam:global_deny
+
+# allowed to use this lockout group.  If not configured, anyone could use
+# {valueType: "group", regex: "^grouper\\.lockoutGroup\\.allowedToUse\\.\\d+$"}
+# grouper.lockoutGroup.allowedToUse.0 = ref:lockoutCanUse
+
+##################################
+## Require groups.  Could be used for other things, but used for policy group templates at least
+## if there is no allowed group, then anyone could use it
+##################################
+
+# group name of a require group
+# {valueType: "group", regex: "^grouper\\.requireGroup\\.name\\.\\d+$"}
+grouper.requireGroup.name.0 = ref:iam:active
+
+# group name of a require group
+# {valueType: "group", regex: "^grouper\\.requireGroup\\.name\\.\\d+$"}
+grouper.requireGroup.name.0 = ref:employee:fac_staff
+
+# allowed to use this require group.  If not configured, anyone could use
+# {valueType: "group", regex: "^grouper\\.lockoutGroup\\.requireGroup\\.\\d+$"}
+# grouper.requireGroup.allowedToUse.0 = ref:activeCanUse
+
+# grouper reporting file system path where reports will be stored, e.g. /opt/grouper/reports
+# {valueType: "string", required: false}
+reporting.file.system.path = /tmp
+
+
+
+# {valueType: "string", regex: "^grouper\\.membership\\.customComposite\\.uiKey\\.\\d+$"}
+grouper.membership.customComposite.uiKey.0 = customCompositeMinusFacStaff
+
+# {valueType: "string", regex: "^grouper\\.membership\\.customComposite\\.compositeType\\.\\d+$"}
+grouper.membership.customComposite.compositeType.0 = complement
+
+# {valueType: "group", regex: "^grouper\\.membership\\.customComposite\\.groupName\\.\\d+$"}
+grouper.membership.customComposite.groupName.0 = ref:employee:fac_staff
+
+
+
+# {valueType: "string", regex: "^grouper\\.membership\\.customComposite\\.uiKey\\.\\d+$"}
+grouper.membership.customComposite.uiKey.1 = customCompositeMinusFacStaffStudent
+
+# {valueType: "string", regex: "^grouper\\.membership\\.customComposite\\.compositeType\\.\\d+$"}
+grouper.membership.customComposite.compositeType.1 = complement
+
+# {valueType: "group", regex: "^grouper\\.membership\\.customComposite\\.groupName\\.\\d+$"}
+grouper.membership.customComposite.groupName.1 = ref:fac_staff_student

ex401/ex401.1.1/container_files/grouperText/grouper.text.en.us.properties

@@ -0,0 +1,2 @@
+customCompositeMinusFacStaff = Entities who are not faculty or staff
+customCompositeMinusFacStaffStudent = Entities who are not faculty, staff, or students

ex401/ex401.1.1/container_files/seed-data/bootstrap.gsh

@@ -15,6 +15,19 @@ addGroup("ref:iam", "active", "active");
 addStem("ref", "employee", "employee");
 addGroup("ref:employee", "fac_staff", "fac_staff");
 
+addGroup("ref", "fac_staff_student", "fac_staff_student");
+
+addGroup("ref", "faculty", "faculty");
+addGroup("ref", "staff", "staff");
+addGroup("ref", "student", "student");
+
+addMember("ref:employee:fac_staff", "ref:faculty");
+addMember("ref:employee:fac_staff", "ref:staff");
+
+addMember("ref:fac_staff_student", "ref:faculty");
+addMember("ref:fac_staff_student", "ref:staff");
+addMember("ref:fac_staff_student", "ref:student");
+
 group = addGroup("etc","rolesLoader", "Roles Loader");
 groupAddType("etc:rolesLoader", "grouperLoader");
 setGroupAttr("etc:rolesLoader", "grouperLoaderDbName", "grouper");

ex401/ex401.1.2/container_files/seed-data/bootstrap.gsh

@@ -16,9 +16,9 @@ attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperL
 attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectExpressionName(), "\${loaderLdapElUtils.convertDnToSpecificValue(subjectId)}");
 
 //Create placeholder groups for the load job so we can use them below
-addGroup("ref", "faculty", "faculty");
-addGroup("ref", "staff", "staff");
-addGroup("ref", "student", "student");
+//addGroup("ref", "faculty", "faculty");
+//addGroup("ref", "staff", "staff");
+//addGroup("ref", "student", "student");
 
 //Create the groups that do the grouper math to analyze the tables.
 addGroup("test:vpn", "vpn_faculty", "vpn_faculty");

ex401/ex401.1.end/container_files/seed-data/bootstrap.gsh

@@ -20,9 +20,9 @@ attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperL
 loaderRunOneJob(group);
 
 // stub out loader jobs
-addGroup("ref", "faculty", "faculty");
-addGroup("ref", "staff", "staff");
-addGroup("ref", "student", "student");
+//addGroup("ref", "faculty", "faculty");
+//addGroup("ref", "staff", "staff");
+//addGroup("ref", "student", "student");
 
 // Create the groups that do the grouper math to analyze the tables.
 addGroup("test:vpn", "vpn_faculty", "vpn_faculty");

ex401/manualBuild.sh~

@@ -0,0 +1,17 @@
+source ../buildVersion.sh
+echo "Building gte:401 version ${VERSION_TAG}"
+#docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.1.1-${VERSION_TAG} ex401.1.1 \
+
+#&& docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.1.end-${VERSION_TAG} ex401.1.end \
+#&& 
+docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.2.1-${VERSION_TAG} ex401.2.1 
+#\
+#&& docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.2.end-${VERSION_TAG} ex401.2.end \
+#&& docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.3.1-${VERSION_TAG} ex401.3.1 \
+#&& docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.3.end-${VERSION_TAG} ex401.3.end \
+#&& docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.4.1-${VERSION_TAG} ex401.4.1 \
+#&& docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.4.end-${VERSION_TAG} ex401.4.end
+
+if [[ "$OSTYPE" == "darwin"* ]]; then
+  say exercises for 401 build complete
+fi

gte

@@ -6,6 +6,10 @@ if [ -z "$1" ]
         exit 0
 fi
 
+docker stop rabbitmq 2> /dev/null
+docker rm rabbitmq 2> /dev/null
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+$DIR/start-rabbitmq.sh
 docker stop "$1" 2> /dev/null
 docker rm "$1" 2> /dev/null
 docker run -d -p 80:80 -p 389:389 -p 8443:443 -p 3306:3306 \