From 3e6638df9a6405b143277a9ab6574daa4b9d50dc Mon Sep 17 00:00:00 2001 From: mchyzer Date: Sun, 24 May 2020 15:00:56 -0400 Subject: [PATCH] bunch of edits for june 2020 training --- .../conf/grouper-ui.properties | 6 +- base/container_files/conf/grouper.properties | 6 +- ex401/ex401.1.1/Dockerfile | 2 + .../container_files/grouper.properties | 81 +++++++++++++++++++ .../grouperText/grouper.text.en.us.properties | 2 + .../container_files/seed-data/bootstrap.gsh | 13 +++ .../container_files/seed-data/bootstrap.gsh | 6 +- .../container_files/seed-data/bootstrap.gsh | 6 +- ex401/manualBuild.sh~ | 17 ++++ gte | 4 + 10 files changed, 135 insertions(+), 8 deletions(-) create mode 100644 ex401/ex401.1.1/container_files/grouper.properties create mode 100644 ex401/ex401.1.1/container_files/grouperText/grouper.text.en.us.properties create mode 100755 ex401/manualBuild.sh~ diff --git a/base/container_files/conf/grouper-ui.properties b/base/container_files/conf/grouper-ui.properties index a0e4686..eb01adb 100644 --- a/base/container_files/conf/grouper-ui.properties +++ b/base/container_files/conf/grouper-ui.properties @@ -2,4 +2,8 @@ # it will add another layer of security. Otherwise allow 0.0.0.0/0 and all will be allowed # If this configuration item is not filled in, then none are allowed # you can configure multiple CIDR addresses or networks comma separated, e.g. 1.2.3.4/32, 2.3.4.5/24 -grouperUi.configurationEditor.sourceIpAddresses = 0.0.0.0/0 \ No newline at end of file +grouperUi.configurationEditor.sourceIpAddresses = 0.0.0.0/0 + +# If logout should redirect to an external URL, put that URL here +# ${valueType: "string"} +grouperUi.logout.redirectToUrl = /Shibboleth.sso/Logout diff --git a/base/container_files/conf/grouper.properties b/base/container_files/conf/grouper.properties index bbe01c7..42d5121 100644 --- a/base/container_files/conf/grouper.properties +++ b/base/container_files/conf/grouper.properties @@ -52,4 +52,8 @@ grouper.requireGroup.name.0 = ref:employee:fac_staff # allowed to use this require group. If not configured, anyone could use # {valueType: "group", regex: "^grouper\\.lockoutGroup\\.requireGroup\\.\\d+$"} -# grouper.requireGroup.allowedToUse.0 = ref:activeCanUse \ No newline at end of file +# grouper.requireGroup.allowedToUse.0 = ref:activeCanUse + +# grouper reporting file system path where reports will be stored, e.g. /opt/grouper/reports +# {valueType: "string", required: false} +reporting.file.system.path = /tmp \ No newline at end of file diff --git a/ex401/ex401.1.1/Dockerfile b/ex401/ex401.1.1/Dockerfile index 5e31702..6532666 100644 --- a/ex401/ex401.1.1/Dockerfile +++ b/ex401/ex401.1.1/Dockerfile @@ -14,6 +14,8 @@ COPY container_files/grouper-loader.properties /opt/grouper/grouperWebapp/WEB-IN COPY container_files/grouper.client.properties /opt/grouper/grouperWebapp/WEB-INF/classes COPY container_files/subject.properties /opt/grouper/grouperWebapp/WEB-INF/classes COPY container_files/morphString.properties /opt/grouper/grouperWebapp/WEB-INF/classes +COPY container_files/grouper.properties /opt/grouper/grouperWebapp/WEB-INF/classes +COPY container_files/grouperText/grouper.text.en.us.properties /opt/grouper/grouperWebapp/WEB-INF/classes/grouperText/grouper.text.en.us.properties RUN . /usr/local/bin/library.sh \ && prep_conf && prep_finish && setupFiles; \ diff --git a/ex401/ex401.1.1/container_files/grouper.properties b/ex401/ex401.1.1/container_files/grouper.properties new file mode 100644 index 0000000..74768c5 --- /dev/null +++ b/ex401/ex401.1.1/container_files/grouper.properties @@ -0,0 +1,81 @@ +# +# Grouper Configuration +# $Id: grouper.example.properties,v 1.48 2009-12-16 06:02:30 mchyzer Exp $ +# + +# Grouper uses Grouper Configuration Overlays (documented on wiki) +# By default the configuration is read from grouper.base.properties +# (which should not be edited), and the grouper.properties overlays +# the base settings. See the grouper.base.properties for the possible +# settings that can be applied to the grouper.properties + +#if groups like the wheel group should be auto-created for convenience (note: check config needs to be on) +configuration.autocreate.system.groups = true + +# A wheel group allows you to enable non-GrouperSystem subjects to act +# like a root user when interacting with the registry. +groups.wheel.use = true + +# Set to the name of the group you want to treat as the wheel group. +# The members of this group will be treated as root-like users. +groups.wheel.group = etc:sysadmingroup + +# Used to allow Include Exclude groups +grouperIncludeExclude.use = true +grouperIncludeExclude.requireGroups.use = true + +################################## +## Lockout groups. Could be used for other things, but used for policy group templates at least +## if there is no allowed group, then anyone could use it +################################## + +# group name of a lockout group +# {valueType: "group", regex: "^grouper\\.lockoutGroup\\.name\\.\\d+$"} +grouper.lockoutGroup.name.0 = ref:iam:global_deny + +# allowed to use this lockout group. If not configured, anyone could use +# {valueType: "group", regex: "^grouper\\.lockoutGroup\\.allowedToUse\\.\\d+$"} +# grouper.lockoutGroup.allowedToUse.0 = ref:lockoutCanUse + +################################## +## Require groups. Could be used for other things, but used for policy group templates at least +## if there is no allowed group, then anyone could use it +################################## + +# group name of a require group +# {valueType: "group", regex: "^grouper\\.requireGroup\\.name\\.\\d+$"} +grouper.requireGroup.name.0 = ref:iam:active + +# group name of a require group +# {valueType: "group", regex: "^grouper\\.requireGroup\\.name\\.\\d+$"} +grouper.requireGroup.name.0 = ref:employee:fac_staff + +# allowed to use this require group. If not configured, anyone could use +# {valueType: "group", regex: "^grouper\\.lockoutGroup\\.requireGroup\\.\\d+$"} +# grouper.requireGroup.allowedToUse.0 = ref:activeCanUse + +# grouper reporting file system path where reports will be stored, e.g. /opt/grouper/reports +# {valueType: "string", required: false} +reporting.file.system.path = /tmp + + + +# {valueType: "string", regex: "^grouper\\.membership\\.customComposite\\.uiKey\\.\\d+$"} +grouper.membership.customComposite.uiKey.0 = customCompositeMinusFacStaff + +# {valueType: "string", regex: "^grouper\\.membership\\.customComposite\\.compositeType\\.\\d+$"} +grouper.membership.customComposite.compositeType.0 = complement + +# {valueType: "group", regex: "^grouper\\.membership\\.customComposite\\.groupName\\.\\d+$"} +grouper.membership.customComposite.groupName.0 = ref:employee:fac_staff + + + +# {valueType: "string", regex: "^grouper\\.membership\\.customComposite\\.uiKey\\.\\d+$"} +grouper.membership.customComposite.uiKey.1 = customCompositeMinusFacStaffStudent + +# {valueType: "string", regex: "^grouper\\.membership\\.customComposite\\.compositeType\\.\\d+$"} +grouper.membership.customComposite.compositeType.1 = complement + +# {valueType: "group", regex: "^grouper\\.membership\\.customComposite\\.groupName\\.\\d+$"} +grouper.membership.customComposite.groupName.1 = ref:fac_staff_student diff --git a/ex401/ex401.1.1/container_files/grouperText/grouper.text.en.us.properties b/ex401/ex401.1.1/container_files/grouperText/grouper.text.en.us.properties new file mode 100644 index 0000000..ab8167a --- /dev/null +++ b/ex401/ex401.1.1/container_files/grouperText/grouper.text.en.us.properties @@ -0,0 +1,2 @@ +customCompositeMinusFacStaff = Entities who are not faculty or staff +customCompositeMinusFacStaffStudent = Entities who are not faculty, staff, or students diff --git a/ex401/ex401.1.1/container_files/seed-data/bootstrap.gsh b/ex401/ex401.1.1/container_files/seed-data/bootstrap.gsh index 81fa2b9..ff074dd 100644 --- a/ex401/ex401.1.1/container_files/seed-data/bootstrap.gsh +++ b/ex401/ex401.1.1/container_files/seed-data/bootstrap.gsh @@ -15,6 +15,19 @@ addGroup("ref:iam", "active", "active"); addStem("ref", "employee", "employee"); addGroup("ref:employee", "fac_staff", "fac_staff"); +addGroup("ref", "fac_staff_student", "fac_staff_student"); + +addGroup("ref", "faculty", "faculty"); +addGroup("ref", "staff", "staff"); +addGroup("ref", "student", "student"); + +addMember("ref:employee:fac_staff", "ref:faculty"); +addMember("ref:employee:fac_staff", "ref:staff"); + +addMember("ref:fac_staff_student", "ref:faculty"); +addMember("ref:fac_staff_student", "ref:staff"); +addMember("ref:fac_staff_student", "ref:student"); + group = addGroup("etc","rolesLoader", "Roles Loader"); groupAddType("etc:rolesLoader", "grouperLoader"); setGroupAttr("etc:rolesLoader", "grouperLoaderDbName", "grouper"); diff --git a/ex401/ex401.1.2/container_files/seed-data/bootstrap.gsh b/ex401/ex401.1.2/container_files/seed-data/bootstrap.gsh index 295faab..7c8a137 100644 --- a/ex401/ex401.1.2/container_files/seed-data/bootstrap.gsh +++ b/ex401/ex401.1.2/container_files/seed-data/bootstrap.gsh @@ -16,9 +16,9 @@ attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperL attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectExpressionName(), "\${loaderLdapElUtils.convertDnToSpecificValue(subjectId)}"); //Create placeholder groups for the load job so we can use them below -addGroup("ref", "faculty", "faculty"); -addGroup("ref", "staff", "staff"); -addGroup("ref", "student", "student"); +//addGroup("ref", "faculty", "faculty"); +//addGroup("ref", "staff", "staff"); +//addGroup("ref", "student", "student"); //Create the groups that do the grouper math to analyze the tables. addGroup("test:vpn", "vpn_faculty", "vpn_faculty"); diff --git a/ex401/ex401.1.end/container_files/seed-data/bootstrap.gsh b/ex401/ex401.1.end/container_files/seed-data/bootstrap.gsh index 2dc7dc4..f9e3b49 100644 --- a/ex401/ex401.1.end/container_files/seed-data/bootstrap.gsh +++ b/ex401/ex401.1.end/container_files/seed-data/bootstrap.gsh @@ -20,9 +20,9 @@ attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperL loaderRunOneJob(group); // stub out loader jobs -addGroup("ref", "faculty", "faculty"); -addGroup("ref", "staff", "staff"); -addGroup("ref", "student", "student"); +//addGroup("ref", "faculty", "faculty"); +//addGroup("ref", "staff", "staff"); +//addGroup("ref", "student", "student"); // Create the groups that do the grouper math to analyze the tables. addGroup("test:vpn", "vpn_faculty", "vpn_faculty"); diff --git a/ex401/manualBuild.sh~ b/ex401/manualBuild.sh~ new file mode 100755 index 0000000..323c27f --- /dev/null +++ b/ex401/manualBuild.sh~ @@ -0,0 +1,17 @@ +source ../buildVersion.sh +echo "Building gte:401 version ${VERSION_TAG}" +#docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.1.1-${VERSION_TAG} ex401.1.1 \ + +#&& docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.1.end-${VERSION_TAG} ex401.1.end \ +#&& +docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.2.1-${VERSION_TAG} ex401.2.1 +#\ +#&& docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.2.end-${VERSION_TAG} ex401.2.end \ +#&& docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.3.1-${VERSION_TAG} ex401.3.1 \ +#&& docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.3.end-${VERSION_TAG} ex401.3.end \ +#&& docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.4.1-${VERSION_TAG} ex401.4.1 \ +#&& docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.4.end-${VERSION_TAG} ex401.4.end + +if [[ "$OSTYPE" == "darwin"* ]]; then + say exercises for 401 build complete +fi diff --git a/gte b/gte index 509947a..cbe05b6 100755 --- a/gte +++ b/gte @@ -6,6 +6,10 @@ if [ -z "$1" ] exit 0 fi +docker stop rabbitmq 2> /dev/null +docker rm rabbitmq 2> /dev/null +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +$DIR/start-rabbitmq.sh docker stop "$1" 2> /dev/null docker rm "$1" 2> /dev/null docker run -d -p 80:80 -p 389:389 -p 8443:443 -p 3306:3306 \