From 4885fb405d5b4320f3c97bfdca8c8d7d6f6df6bf Mon Sep 17 00:00:00 2001 From: John Gasper Date: Wed, 12 Sep 2018 23:38:59 -0700 Subject: [PATCH] minor tweaks 4.1 and 4.2, 4.3 and 4.4 started/scaffolded --- Jenkinsfile | 3 +- .../container_files/seed-data/bootstrap.gsh | 18 ++++- .../container_files/seed-data/bootstrap.gsh | 1 + .../container_files/seed-data/bootstrap.gsh | 2 + .../container_files/seed-data/bootstrap.gsh | 2 + .../container_files/seed-data/bootstrap.gsh | 5 ++ ex401/ex401.3.1/Dockerfile | 26 ++++++++ .../container_files/seed-data/bootstrap.gsh | 1 + .../container_files/seed-data/sisData.sql | 0 .../container_files/seed-data/users.ldif | 0 ex401/ex401.3.2/Dockerfile | 26 ++++++++ .../container_files/seed-data/bootstrap.gsh | 65 +++++++++++++++++++ .../container_files/seed-data/sisData.sql | 0 .../container_files/seed-data/users.ldif | 0 ex401/ex401.3.3/Dockerfile | 26 ++++++++ .../container_files/seed-data/bootstrap.gsh | 8 +++ .../container_files/seed-data/sisData.sql | 0 .../container_files/seed-data/users.ldif | 0 ex401/ex401.3.4/Dockerfile | 26 ++++++++ .../container_files/seed-data/bootstrap.gsh | 7 ++ .../container_files/seed-data/sisData.sql | 0 .../container_files/seed-data/users.ldif | 0 ex401/ex401.3.5/Dockerfile | 26 ++++++++ .../container_files/seed-data/bootstrap.gsh | 1 + .../container_files/seed-data/sisData.sql | 0 .../container_files/seed-data/users.ldif | 0 ex401/ex401.3.6/Dockerfile | 26 ++++++++ .../container_files/seed-data/bootstrap.gsh | 1 + .../container_files/seed-data/sisData.sql | 0 .../container_files/seed-data/users.ldif | 0 ex401/ex401.3.7/Dockerfile | 26 ++++++++ .../container_files/seed-data/bootstrap.gsh | 2 + .../container_files/seed-data/sisData.sql | 0 .../container_files/seed-data/users.ldif | 0 ex401/ex401.3.end/Dockerfile | 26 ++++++++ .../container_files/seed-data/bootstrap.gsh | 1 + .../container_files/seed-data/sisData.sql | 0 .../container_files/seed-data/users.ldif | 0 ex401/ex401.4.1/Dockerfile | 26 ++++++++ .../container_files/seed-data/bootstrap.gsh | 2 + .../container_files/seed-data/sisData.sql | 0 .../container_files/seed-data/users.ldif | 0 ex401/ex401.4.end/Dockerfile | 26 ++++++++ .../container_files/seed-data/bootstrap.gsh | 1 + .../container_files/seed-data/sisData.sql | 0 .../container_files/seed-data/users.ldif | 0 manualBuild.sh | 11 +++- 47 files changed, 388 insertions(+), 3 deletions(-) create mode 100644 ex401/ex401.3.1/Dockerfile create mode 100644 ex401/ex401.3.1/container_files/seed-data/bootstrap.gsh create mode 100644 ex401/ex401.3.1/container_files/seed-data/sisData.sql create mode 100644 ex401/ex401.3.1/container_files/seed-data/users.ldif create mode 100644 ex401/ex401.3.2/Dockerfile create mode 100644 ex401/ex401.3.2/container_files/seed-data/bootstrap.gsh create mode 100644 ex401/ex401.3.2/container_files/seed-data/sisData.sql create mode 100644 ex401/ex401.3.2/container_files/seed-data/users.ldif create mode 100644 ex401/ex401.3.3/Dockerfile create mode 100644 ex401/ex401.3.3/container_files/seed-data/bootstrap.gsh create mode 100644 ex401/ex401.3.3/container_files/seed-data/sisData.sql create mode 100644 ex401/ex401.3.3/container_files/seed-data/users.ldif create mode 100644 ex401/ex401.3.4/Dockerfile create mode 100644 ex401/ex401.3.4/container_files/seed-data/bootstrap.gsh create mode 100644 ex401/ex401.3.4/container_files/seed-data/sisData.sql create mode 100644 ex401/ex401.3.4/container_files/seed-data/users.ldif create mode 100644 ex401/ex401.3.5/Dockerfile create mode 100644 ex401/ex401.3.5/container_files/seed-data/bootstrap.gsh create mode 100644 ex401/ex401.3.5/container_files/seed-data/sisData.sql create mode 100644 ex401/ex401.3.5/container_files/seed-data/users.ldif create mode 100644 ex401/ex401.3.6/Dockerfile create mode 100644 ex401/ex401.3.6/container_files/seed-data/bootstrap.gsh create mode 100644 ex401/ex401.3.6/container_files/seed-data/sisData.sql create mode 100644 ex401/ex401.3.6/container_files/seed-data/users.ldif create mode 100644 ex401/ex401.3.7/Dockerfile create mode 100644 ex401/ex401.3.7/container_files/seed-data/bootstrap.gsh create mode 100644 ex401/ex401.3.7/container_files/seed-data/sisData.sql create mode 100644 ex401/ex401.3.7/container_files/seed-data/users.ldif create mode 100644 ex401/ex401.3.end/Dockerfile create mode 100644 ex401/ex401.3.end/container_files/seed-data/bootstrap.gsh create mode 100644 ex401/ex401.3.end/container_files/seed-data/sisData.sql create mode 100644 ex401/ex401.3.end/container_files/seed-data/users.ldif create mode 100644 ex401/ex401.4.1/Dockerfile create mode 100644 ex401/ex401.4.1/container_files/seed-data/bootstrap.gsh create mode 100644 ex401/ex401.4.1/container_files/seed-data/sisData.sql create mode 100644 ex401/ex401.4.1/container_files/seed-data/users.ldif create mode 100644 ex401/ex401.4.end/Dockerfile create mode 100644 ex401/ex401.4.end/container_files/seed-data/bootstrap.gsh create mode 100644 ex401/ex401.4.end/container_files/seed-data/sisData.sql create mode 100644 ex401/ex401.4.end/container_files/seed-data/users.ldif diff --git a/Jenkinsfile b/Jenkinsfile index 0546f52..29ce180 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -16,7 +16,8 @@ exceriseSets = [ // 'ex101' : [3, 2], // 'ex201' : [2, 2, 5, 6], - 'ex401' : [6, 9] +// 'ex301' : [2, 2, 5, 6], + 'ex401' : [6, 9, 7, 1] ] pipeline { diff --git a/ex401/ex401.1.5/container_files/seed-data/bootstrap.gsh b/ex401/ex401.1.5/container_files/seed-data/bootstrap.gsh index 0e423f6..d02ed0d 100644 --- a/ex401/ex401.1.5/container_files/seed-data/bootstrap.gsh +++ b/ex401/ex401.1.5/container_files/seed-data/bootstrap.gsh @@ -50,4 +50,20 @@ attributeAssignOnAssignSave.assignAttributeDefName(attributeDefName); attributeAssignOnAssignSave.addValue("true"); attributeAssignSave.addAttributeAssignOnThisAssignment(attributeAssignOnAssignSave); -attributeAssign = attributeAssignSave.save(); \ No newline at end of file +attributeAssign = attributeAssignSave.save(); + + +# Groovy Script - Auto set expiration date on membership: +numDays = 32; +actAs = SubjectFinder.findRootSubject(); +vpn_adhoc = getGroups("app:vpn:ref:vpn_adhoc")[0]; +attribAssign = vpn_adhoc.getAttributeDelegate().addAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign(); +attribValueDelegate = attribAssign.getAttributeValueDelegate(); +attribValueDelegate.assignValue(RuleUtils.ruleActAsSubjectSourceIdName(), actAs.getSourceId()); +attribValueDelegate.assignValue(RuleUtils.ruleRunDaemonName(), "F"); +attribValueDelegate.assignValue(RuleUtils.ruleActAsSubjectIdName(), actAs.getId()); +attribValueDelegate.assignValue(RuleUtils.ruleCheckTypeName(), RuleCheckType.membershipAdd.name()); +attribValueDelegate.assignValue(RuleUtils.ruleIfConditionEnumName(), RuleIfConditionEnum.thisGroupHasImmediateEnabledNoEndDateMembership.name()); +attribValueDelegate.assignValue(RuleUtils.ruleThenEnumName(), RuleThenEnum.assignMembershipDisabledDaysForOwnerGroupId.name()); +attribValueDelegate.assignValue(RuleUtils.ruleThenEnumArg0Name(), numDays.toString()); +attribValueDelegate.assignValue(RuleUtils.ruleThenEnumArg1Name(), "T"); diff --git a/ex401/ex401.2.5/container_files/seed-data/bootstrap.gsh b/ex401/ex401.2.5/container_files/seed-data/bootstrap.gsh index 47403cd..1699e8e 100644 --- a/ex401/ex401.2.5/container_files/seed-data/bootstrap.gsh +++ b/ex401/ex401.2.5/container_files/seed-data/bootstrap.gsh @@ -2,6 +2,7 @@ gs = GrouperSession.startRootSession(); addStem("ref", "dept", "dept"); addGroup("ref:dept", "its", "its"); +addMember("app:mfa:mfa_enabled_allow", "ref:dept:its"); addGroup("app:mfa:ref", "mfa_bypass", "mfa_bypass"); addGroup("app:mfa:ref", "athletics", "athletics"); diff --git a/ex401/ex401.2.6/container_files/seed-data/bootstrap.gsh b/ex401/ex401.2.6/container_files/seed-data/bootstrap.gsh index 5d8860c..279613c 100644 --- a/ex401/ex401.2.6/container_files/seed-data/bootstrap.gsh +++ b/ex401/ex401.2.6/container_files/seed-data/bootstrap.gsh @@ -1,2 +1,4 @@ gs = GrouperSession.startRootSession(); +addGroup("app:mfa:ref", "NonFacultyBannerINB", "NonFacultyBannerINB"); +addMember("app:mfa:mfa_enabled_allow", "app:mfa:ref:NonFacultyBannerINB"); \ No newline at end of file diff --git a/ex401/ex401.2.7/container_files/seed-data/bootstrap.gsh b/ex401/ex401.2.7/container_files/seed-data/bootstrap.gsh index 22cf9ce..caf6b16 100644 --- a/ex401/ex401.2.7/container_files/seed-data/bootstrap.gsh +++ b/ex401/ex401.2.7/container_files/seed-data/bootstrap.gsh @@ -1,3 +1,5 @@ gs = GrouperSession.startRootSession(); addGroup("app:mfa:ref", "BannerUsersMinusFaculty", "BannerUsersMinusFaculty"); +addComposite("app:mfa:ref:BannerUsersMinusFaculty", CompositeType.COMPLEMENT, "app:mfa:ref:NonFacultyBannerINB", "ref:faculty"); +addMember("app:mfa:mfa_enabled_allow", "app:mfa:ref:BannerUsersMinusFaculty") \ No newline at end of file diff --git a/ex401/ex401.2.9/container_files/seed-data/bootstrap.gsh b/ex401/ex401.2.9/container_files/seed-data/bootstrap.gsh index 0c07f9d..c247e87 100644 --- a/ex401/ex401.2.9/container_files/seed-data/bootstrap.gsh +++ b/ex401/ex401.2.9/container_files/seed-data/bootstrap.gsh @@ -1 +1,6 @@ gs = GrouperSession.startRootSession(); + +addGroup("basis", "bypass", "bypass"); +addComposite("app:mfa:ref:mfa_opt_in_access", CompositeType.COMPLEMENT, "basis:bypass", "ref:opt-in"); +addGroup("ref", "bypass-not-opt-in", "bypass-not-opt-in"); +addMember("app:mfa:mfa_enabled_deny", "ref:bypass-not-opt-in"); \ No newline at end of file diff --git a/ex401/ex401.3.1/Dockerfile b/ex401/ex401.3.1/Dockerfile new file mode 100644 index 0000000..a6f0d04 --- /dev/null +++ b/ex401/ex401.3.1/Dockerfile @@ -0,0 +1,26 @@ +FROM tier/grouper-training-env:ex401.2.end + +LABEL author="tier-packaging@internet2.edu " \ + Vendor="TIER" \ + ImageType="Grouper Training" \ + ImageName=$imagename \ + ImageOS=centos7 + +ENV USERTOKEN=ex401.3.1 + +COPY container_files/seed-data/ /seed-data/ + +RUN . /usr/local/bin/library.sh \ + && prepConf; \ + (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \ + && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \ + (mysqld_safe & ) \ + && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \ + cd /opt/grouper/grouper.apiBinary \ + && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \ + && mysql grouper < /seed-data/sisData.sql \ + && bin/gsh /seed-data/bootstrap.gsh \ + && pkill -HUP slapd \ + && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \ + pkill -u mysql mysqld \ + && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done diff --git a/ex401/ex401.3.1/container_files/seed-data/bootstrap.gsh b/ex401/ex401.3.1/container_files/seed-data/bootstrap.gsh new file mode 100644 index 0000000..0c07f9d --- /dev/null +++ b/ex401/ex401.3.1/container_files/seed-data/bootstrap.gsh @@ -0,0 +1 @@ +gs = GrouperSession.startRootSession(); diff --git a/ex401/ex401.3.1/container_files/seed-data/sisData.sql b/ex401/ex401.3.1/container_files/seed-data/sisData.sql new file mode 100644 index 0000000..e69de29 diff --git a/ex401/ex401.3.1/container_files/seed-data/users.ldif b/ex401/ex401.3.1/container_files/seed-data/users.ldif new file mode 100644 index 0000000..e69de29 diff --git a/ex401/ex401.3.2/Dockerfile b/ex401/ex401.3.2/Dockerfile new file mode 100644 index 0000000..2de5ca4 --- /dev/null +++ b/ex401/ex401.3.2/Dockerfile @@ -0,0 +1,26 @@ +FROM tier/grouper-training-env:ex401.3.1 + +LABEL author="tier-packaging@internet2.edu " \ + Vendor="TIER" \ + ImageType="Grouper Training" \ + ImageName=$imagename \ + ImageOS=centos7 + +ENV USERTOKEN=ex401.3.2 + +COPY container_files/seed-data/ /seed-data/ + +RUN . /usr/local/bin/library.sh \ + && prepConf; \ + (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \ + && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \ + (mysqld_safe & ) \ + && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \ + cd /opt/grouper/grouper.apiBinary \ + && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \ + && mysql grouper < /seed-data/sisData.sql \ + && bin/gsh /seed-data/bootstrap.gsh \ + && pkill -HUP slapd \ + && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \ + pkill -u mysql mysqld \ + && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done diff --git a/ex401/ex401.3.2/container_files/seed-data/bootstrap.gsh b/ex401/ex401.3.2/container_files/seed-data/bootstrap.gsh new file mode 100644 index 0000000..a71a16f --- /dev/null +++ b/ex401/ex401.3.2/container_files/seed-data/bootstrap.gsh @@ -0,0 +1,65 @@ +gs = GrouperSession.startRootSession(); + +# SET THESE +parent_stem_path = "app"; +app_extension = "baz"; +app_name = ""; + + +if (!app_name?.trim()) +{ + app_name = app_extension; +} + +def makeStemInheritable(obj, stemName, groupName, priv="admin") { + baseStem = obj.getStems(stemName)[0]; + aGroup = obj.getGroups(groupName)[0]; + RuleApi.inheritGroupPrivileges( + SubjectFinder.findRootSubject(), + baseStem, + Stem.Scope.SUB, + aGroup.toSubject(), + Privilege.getInstances(priv) + ); + RuleApi.runRulesForOwner(baseStem); + if(priv == 'admin') + { + RuleApi.inheritFolderPrivileges( + SubjectFinder.findRootSubject(), + baseStem, + Stem.Scope.SUB, + aGroup.toSubject(), + Privilege.getInstances("stem, create")); + } + RuleApi.runRulesForOwner(baseStem); +} + +stem = addStem(parent_stem_path, app_extension, app_name); +etc_stem = addStem(stem.name, "etc", "etc"); +admin_group_name = "${app_extension}_app_admins"; +admin_group = addGroup(etc_stem.name, admin_group_name, admin_group_name); +admin_group.grantPriv(admin_group.toMember().getSubject(), AccessPrivilege.ADMIN); + +mgr_group_name = "${app_extension}_app_mgr"; +mgr_group = addGroup(etc_stem.name, mgr_group_name, mgr_group_name); +mgr_group.grantPriv(admin_group.toMember().getSubject(), AccessPrivilege.ADMIN); +mgr_group.grantPriv(mgr_group.toMember().getSubject(), AccessPrivilege.UPDATE); +mgr_group.grantPriv(mgr_group.toMember().getSubject(), AccessPrivilege.READ); + +view_group_name = "${app_extension}_app_viewers"; +view_group = addGroup(etc_stem.name, view_group_name, view_group_name); +view_group.grantPriv(view_group.toMember().getSubject(), AccessPrivilege.READ); +view_group.grantPriv(admin_group.toMember().getSubject(), AccessPrivilege.ADMIN); +view_group.grantPriv(mgr_group.toMember().getSubject(), AccessPrivilege.UPDATE); +view_group.grantPriv(mgr_group.toMember().getSubject(), AccessPrivilege.READ); + +admin_group.grantPriv(view_group.toMember().getSubject(), AccessPrivilege.READ); +mgr_group.grantPriv(view_group.toMember().getSubject(), AccessPrivilege.READ); + +# Child objects should also grant perms to these groups. +makeStemInheritable(this, stem.name, admin_group.name, 'admin'); +makeStemInheritable(this, stem.name, mgr_group.name, 'update'); +makeStemInheritable(this, stem.name, mgr_group.name, 'read'); +makeStemInheritable(this, stem.name, view_group.name, 'read'); + +admin_group.revokePriv(mgr_group.toMember().getSubject(), AccessPrivilege.UPDATE); diff --git a/ex401/ex401.3.2/container_files/seed-data/sisData.sql b/ex401/ex401.3.2/container_files/seed-data/sisData.sql new file mode 100644 index 0000000..e69de29 diff --git a/ex401/ex401.3.2/container_files/seed-data/users.ldif b/ex401/ex401.3.2/container_files/seed-data/users.ldif new file mode 100644 index 0000000..e69de29 diff --git a/ex401/ex401.3.3/Dockerfile b/ex401/ex401.3.3/Dockerfile new file mode 100644 index 0000000..29dcbca --- /dev/null +++ b/ex401/ex401.3.3/Dockerfile @@ -0,0 +1,26 @@ +FROM tier/grouper-training-env:ex401.3.2 + +LABEL author="tier-packaging@internet2.edu " \ + Vendor="TIER" \ + ImageType="Grouper Training" \ + ImageName=$imagename \ + ImageOS=centos7 + +ENV USERTOKEN=ex401.3.3 + +COPY container_files/seed-data/ /seed-data/ + +RUN . /usr/local/bin/library.sh \ + && prepConf; \ + (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \ + && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \ + (mysqld_safe & ) \ + && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \ + cd /opt/grouper/grouper.apiBinary \ + && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \ + && mysql grouper < /seed-data/sisData.sql \ + && bin/gsh /seed-data/bootstrap.gsh \ + && pkill -HUP slapd \ + && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \ + pkill -u mysql mysqld \ + && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done diff --git a/ex401/ex401.3.3/container_files/seed-data/bootstrap.gsh b/ex401/ex401.3.3/container_files/seed-data/bootstrap.gsh new file mode 100644 index 0000000..464a9eb --- /dev/null +++ b/ex401/ex401.3.3/container_files/seed-data/bootstrap.gsh @@ -0,0 +1,8 @@ +gs = GrouperSession.startRootSession(); + +addStem("app", "boardeffect", "boardeffect"); +addGroup("app:boardeffect", "cmt_fin_authorized", "cmt_fin_authorized"); +addGroup("app:boardeffect", "cmt_fin_allow", "cmt_fin_allow"); +addGroup("app:boardeffect", "cmt_fin_deny", "cmt_fin_deny"); + +addComposite("app:boardeffect:cmt_fin_authorized", CompositeType.COMPLEMENT, "app:boardeffect:cmt_fin_allow", "app:boardeffect:cmt_fin_deny"); diff --git a/ex401/ex401.3.3/container_files/seed-data/sisData.sql b/ex401/ex401.3.3/container_files/seed-data/sisData.sql new file mode 100644 index 0000000..e69de29 diff --git a/ex401/ex401.3.3/container_files/seed-data/users.ldif b/ex401/ex401.3.3/container_files/seed-data/users.ldif new file mode 100644 index 0000000..e69de29 diff --git a/ex401/ex401.3.4/Dockerfile b/ex401/ex401.3.4/Dockerfile new file mode 100644 index 0000000..fff67c0 --- /dev/null +++ b/ex401/ex401.3.4/Dockerfile @@ -0,0 +1,26 @@ +FROM tier/grouper-training-env:ex401.3.3 + +LABEL author="tier-packaging@internet2.edu " \ + Vendor="TIER" \ + ImageType="Grouper Training" \ + ImageName=$imagename \ + ImageOS=centos7 + +ENV USERTOKEN=ex401.3.4 + +COPY container_files/seed-data/ /seed-data/ + +RUN . /usr/local/bin/library.sh \ + && prepConf; \ + (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \ + && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \ + (mysqld_safe & ) \ + && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \ + cd /opt/grouper/grouper.apiBinary \ + && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \ + && mysql grouper < /seed-data/sisData.sql \ + && bin/gsh /seed-data/bootstrap.gsh \ + && pkill -HUP slapd \ + && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \ + pkill -u mysql mysqld \ + && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done diff --git a/ex401/ex401.3.4/container_files/seed-data/bootstrap.gsh b/ex401/ex401.3.4/container_files/seed-data/bootstrap.gsh new file mode 100644 index 0000000..ec55a21 --- /dev/null +++ b/ex401/ex401.3.4/container_files/seed-data/bootstrap.gsh @@ -0,0 +1,7 @@ +gs = GrouperSession.startRootSession(); + +addGroup("app:boardeffect", "boardeffect_authorized", "boardeffect_authorized"); +addGroup("app:boardeffect", "boardeffect_authorized_allow", "boardeffect_authorized_allow"); +addGroup("app:boardeffect", "boardeffect_authorized_deny", "boardeffect_authorized_deny"); + +addComposite("app:boardeffect:boardeffect_authorized", CompositeType.COMPLEMENT, "app:boardeffect:boardeffect_authorized_allow", "app:boardeffect:boardeffect_authorized_deny"); diff --git a/ex401/ex401.3.4/container_files/seed-data/sisData.sql b/ex401/ex401.3.4/container_files/seed-data/sisData.sql new file mode 100644 index 0000000..e69de29 diff --git a/ex401/ex401.3.4/container_files/seed-data/users.ldif b/ex401/ex401.3.4/container_files/seed-data/users.ldif new file mode 100644 index 0000000..e69de29 diff --git a/ex401/ex401.3.5/Dockerfile b/ex401/ex401.3.5/Dockerfile new file mode 100644 index 0000000..ad354cc --- /dev/null +++ b/ex401/ex401.3.5/Dockerfile @@ -0,0 +1,26 @@ +FROM tier/grouper-training-env:ex401.3.4 + +LABEL author="tier-packaging@internet2.edu " \ + Vendor="TIER" \ + ImageType="Grouper Training" \ + ImageName=$imagename \ + ImageOS=centos7 + +ENV USERTOKEN=ex401.3.5 + +COPY container_files/seed-data/ /seed-data/ + +RUN . /usr/local/bin/library.sh \ + && prepConf; \ + (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \ + && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \ + (mysqld_safe & ) \ + && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \ + cd /opt/grouper/grouper.apiBinary \ + && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \ + && mysql grouper < /seed-data/sisData.sql \ + && bin/gsh /seed-data/bootstrap.gsh \ + && pkill -HUP slapd \ + && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \ + pkill -u mysql mysqld \ + && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done diff --git a/ex401/ex401.3.5/container_files/seed-data/bootstrap.gsh b/ex401/ex401.3.5/container_files/seed-data/bootstrap.gsh new file mode 100644 index 0000000..0c07f9d --- /dev/null +++ b/ex401/ex401.3.5/container_files/seed-data/bootstrap.gsh @@ -0,0 +1 @@ +gs = GrouperSession.startRootSession(); diff --git a/ex401/ex401.3.5/container_files/seed-data/sisData.sql b/ex401/ex401.3.5/container_files/seed-data/sisData.sql new file mode 100644 index 0000000..e69de29 diff --git a/ex401/ex401.3.5/container_files/seed-data/users.ldif b/ex401/ex401.3.5/container_files/seed-data/users.ldif new file mode 100644 index 0000000..e69de29 diff --git a/ex401/ex401.3.6/Dockerfile b/ex401/ex401.3.6/Dockerfile new file mode 100644 index 0000000..9b038a8 --- /dev/null +++ b/ex401/ex401.3.6/Dockerfile @@ -0,0 +1,26 @@ +FROM tier/grouper-training-env:ex401.3.5 + +LABEL author="tier-packaging@internet2.edu " \ + Vendor="TIER" \ + ImageType="Grouper Training" \ + ImageName=$imagename \ + ImageOS=centos7 + +ENV USERTOKEN=ex401.3.6 + +COPY container_files/seed-data/ /seed-data/ + +RUN . /usr/local/bin/library.sh \ + && prepConf; \ + (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \ + && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \ + (mysqld_safe & ) \ + && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \ + cd /opt/grouper/grouper.apiBinary \ + && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \ + && mysql grouper < /seed-data/sisData.sql \ + && bin/gsh /seed-data/bootstrap.gsh \ + && pkill -HUP slapd \ + && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \ + pkill -u mysql mysqld \ + && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done diff --git a/ex401/ex401.3.6/container_files/seed-data/bootstrap.gsh b/ex401/ex401.3.6/container_files/seed-data/bootstrap.gsh new file mode 100644 index 0000000..0c07f9d --- /dev/null +++ b/ex401/ex401.3.6/container_files/seed-data/bootstrap.gsh @@ -0,0 +1 @@ +gs = GrouperSession.startRootSession(); diff --git a/ex401/ex401.3.6/container_files/seed-data/sisData.sql b/ex401/ex401.3.6/container_files/seed-data/sisData.sql new file mode 100644 index 0000000..e69de29 diff --git a/ex401/ex401.3.6/container_files/seed-data/users.ldif b/ex401/ex401.3.6/container_files/seed-data/users.ldif new file mode 100644 index 0000000..e69de29 diff --git a/ex401/ex401.3.7/Dockerfile b/ex401/ex401.3.7/Dockerfile new file mode 100644 index 0000000..e21a025 --- /dev/null +++ b/ex401/ex401.3.7/Dockerfile @@ -0,0 +1,26 @@ +FROM tier/grouper-training-env:ex401.3.6 + +LABEL author="tier-packaging@internet2.edu " \ + Vendor="TIER" \ + ImageType="Grouper Training" \ + ImageName=$imagename \ + ImageOS=centos7 + +ENV USERTOKEN=ex401.3.7 + +COPY container_files/seed-data/ /seed-data/ + +RUN . /usr/local/bin/library.sh \ + && prepConf; \ + (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \ + && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \ + (mysqld_safe & ) \ + && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \ + cd /opt/grouper/grouper.apiBinary \ + && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \ + && mysql grouper < /seed-data/sisData.sql \ + && bin/gsh /seed-data/bootstrap.gsh \ + && pkill -HUP slapd \ + && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \ + pkill -u mysql mysqld \ + && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done diff --git a/ex401/ex401.3.7/container_files/seed-data/bootstrap.gsh b/ex401/ex401.3.7/container_files/seed-data/bootstrap.gsh new file mode 100644 index 0000000..5d8860c --- /dev/null +++ b/ex401/ex401.3.7/container_files/seed-data/bootstrap.gsh @@ -0,0 +1,2 @@ +gs = GrouperSession.startRootSession(); + diff --git a/ex401/ex401.3.7/container_files/seed-data/sisData.sql b/ex401/ex401.3.7/container_files/seed-data/sisData.sql new file mode 100644 index 0000000..e69de29 diff --git a/ex401/ex401.3.7/container_files/seed-data/users.ldif b/ex401/ex401.3.7/container_files/seed-data/users.ldif new file mode 100644 index 0000000..e69de29 diff --git a/ex401/ex401.3.end/Dockerfile b/ex401/ex401.3.end/Dockerfile new file mode 100644 index 0000000..1035246 --- /dev/null +++ b/ex401/ex401.3.end/Dockerfile @@ -0,0 +1,26 @@ +FROM tier/grouper-training-env:ex401.3.7 + +LABEL author="tier-packaging@internet2.edu " \ + Vendor="TIER" \ + ImageType="Grouper Training" \ + ImageName=$imagename \ + ImageOS=centos7 + +ENV USERTOKEN=ex401.3.end + +COPY container_files/seed-data/ /seed-data/ + +RUN . /usr/local/bin/library.sh \ + && prepConf; \ + (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \ + && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \ + (mysqld_safe & ) \ + && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \ + cd /opt/grouper/grouper.apiBinary \ + && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \ + && mysql grouper < /seed-data/sisData.sql \ + && bin/gsh /seed-data/bootstrap.gsh \ + && pkill -HUP slapd \ + && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \ + pkill -u mysql mysqld \ + && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done diff --git a/ex401/ex401.3.end/container_files/seed-data/bootstrap.gsh b/ex401/ex401.3.end/container_files/seed-data/bootstrap.gsh new file mode 100644 index 0000000..0c07f9d --- /dev/null +++ b/ex401/ex401.3.end/container_files/seed-data/bootstrap.gsh @@ -0,0 +1 @@ +gs = GrouperSession.startRootSession(); diff --git a/ex401/ex401.3.end/container_files/seed-data/sisData.sql b/ex401/ex401.3.end/container_files/seed-data/sisData.sql new file mode 100644 index 0000000..e69de29 diff --git a/ex401/ex401.3.end/container_files/seed-data/users.ldif b/ex401/ex401.3.end/container_files/seed-data/users.ldif new file mode 100644 index 0000000..e69de29 diff --git a/ex401/ex401.4.1/Dockerfile b/ex401/ex401.4.1/Dockerfile new file mode 100644 index 0000000..7d4074a --- /dev/null +++ b/ex401/ex401.4.1/Dockerfile @@ -0,0 +1,26 @@ +FROM tier/grouper-training-env:ex401.3.end + +LABEL author="tier-packaging@internet2.edu " \ + Vendor="TIER" \ + ImageType="Grouper Training" \ + ImageName=$imagename \ + ImageOS=centos7 + +ENV USERTOKEN=ex401.4.1 + +COPY container_files/seed-data/ /seed-data/ + +RUN . /usr/local/bin/library.sh \ + && prepConf; \ + (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \ + && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \ + (mysqld_safe & ) \ + && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \ + cd /opt/grouper/grouper.apiBinary \ + && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \ + && mysql grouper < /seed-data/sisData.sql \ + && bin/gsh /seed-data/bootstrap.gsh \ + && pkill -HUP slapd \ + && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \ + pkill -u mysql mysqld \ + && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done diff --git a/ex401/ex401.4.1/container_files/seed-data/bootstrap.gsh b/ex401/ex401.4.1/container_files/seed-data/bootstrap.gsh new file mode 100644 index 0000000..5d8860c --- /dev/null +++ b/ex401/ex401.4.1/container_files/seed-data/bootstrap.gsh @@ -0,0 +1,2 @@ +gs = GrouperSession.startRootSession(); + diff --git a/ex401/ex401.4.1/container_files/seed-data/sisData.sql b/ex401/ex401.4.1/container_files/seed-data/sisData.sql new file mode 100644 index 0000000..e69de29 diff --git a/ex401/ex401.4.1/container_files/seed-data/users.ldif b/ex401/ex401.4.1/container_files/seed-data/users.ldif new file mode 100644 index 0000000..e69de29 diff --git a/ex401/ex401.4.end/Dockerfile b/ex401/ex401.4.end/Dockerfile new file mode 100644 index 0000000..5198ad8 --- /dev/null +++ b/ex401/ex401.4.end/Dockerfile @@ -0,0 +1,26 @@ +FROM tier/grouper-training-env:ex401.4.1 + +LABEL author="tier-packaging@internet2.edu " \ + Vendor="TIER" \ + ImageType="Grouper Training" \ + ImageName=$imagename \ + ImageOS=centos7 + +ENV USERTOKEN=ex401.4.end + +COPY container_files/seed-data/ /seed-data/ + +RUN . /usr/local/bin/library.sh \ + && prepConf; \ + (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \ + && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \ + (mysqld_safe & ) \ + && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \ + cd /opt/grouper/grouper.apiBinary \ + && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \ + && mysql grouper < /seed-data/sisData.sql \ + && bin/gsh /seed-data/bootstrap.gsh \ + && pkill -HUP slapd \ + && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \ + pkill -u mysql mysqld \ + && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done diff --git a/ex401/ex401.4.end/container_files/seed-data/bootstrap.gsh b/ex401/ex401.4.end/container_files/seed-data/bootstrap.gsh new file mode 100644 index 0000000..0c07f9d --- /dev/null +++ b/ex401/ex401.4.end/container_files/seed-data/bootstrap.gsh @@ -0,0 +1 @@ +gs = GrouperSession.startRootSession(); diff --git a/ex401/ex401.4.end/container_files/seed-data/sisData.sql b/ex401/ex401.4.end/container_files/seed-data/sisData.sql new file mode 100644 index 0000000..e69de29 diff --git a/ex401/ex401.4.end/container_files/seed-data/users.ldif b/ex401/ex401.4.end/container_files/seed-data/users.ldif new file mode 100644 index 0000000..e69de29 diff --git a/manualBuild.sh b/manualBuild.sh index 0a1b3e8..5398f46 100755 --- a/manualBuild.sh +++ b/manualBuild.sh @@ -16,7 +16,16 @@ docker build --pull --tag=tier/grouper-training-env:base base/ \ && docker build --tag=tier/grouper-training-env:ex401.2.7 ex401/ex401.2.7 \ && docker build --tag=tier/grouper-training-env:ex401.2.8 ex401/ex401.2.8 \ && docker build --tag=tier/grouper-training-env:ex401.2.9 ex401/ex401.2.9 \ -&& docker build --tag=tier/grouper-training-env:ex401.2.end ex401/ex401.2.end +&& docker build --tag=tier/grouper-training-env:ex401.3.1 ex401/ex401.3.1 \ +&& docker build --tag=tier/grouper-training-env:ex401.3.2 ex401/ex401.3.2 \ +&& docker build --tag=tier/grouper-training-env:ex401.3.3 ex401/ex401.3.3 \ +&& docker build --tag=tier/grouper-training-env:ex401.3.4 ex401/ex401.3.4 \ +&& docker build --tag=tier/grouper-training-env:ex401.3.5 ex401/ex401.3.5 \ +&& docker build --tag=tier/grouper-training-env:ex401.3.6 ex401/ex401.3.6 \ +&& docker build --tag=tier/grouper-training-env:ex401.3.7 ex401/ex401.3.7 \ +&& docker build --tag=tier/grouper-training-env:ex401.3.end ex401/ex401.3.end \ +&& docker build --tag=tier/grouper-training-env:ex401.4.1 ex401/ex401.4.1 \ +&& docker build --tag=tier/grouper-training-env:ex401.4.end ex401/ex401.4.end if [[ "$OSTYPE" == "darwin"* ]]; then say build complete