ex201 essentially completed

Jenkinsfile

@@ -15,7 +15,7 @@
 **/
 exceriseSets = [
 //    'ex101' : [3, 2],
-    'ex201' : [1, 1],
+    'ex201' : [1, 1, 1, 1, 1],
 //    'ex301' : [2, 2, 5, 6],
     'ex401' : [6, 9, 7, 1]
 ]

ex201/ex201.1.1/Dockerfile

@@ -12,7 +12,9 @@ COPY container_files/seed-data/ /seed-data/
 COPY container_files/grouper-loader.properties /opt/grouper/conf/
 COPY container_files/subject.properties /opt/grouper/conf/
 
-RUN (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
+RUN . /usr/local/bin/library.sh \
+    && prepConf; \
+    (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
     && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
     (mysqld_safe & ) \
     && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \

ex201/ex201.1.1/container_files/grouper-loader.properties

@@ -71,3 +71,23 @@ ldap.demo.tls = false
 
 #make the paths fully qualified and not relative to the loader group.
 loader.ldap.requireTopStemAsStemFromConfigGroup=false
+
+changeLog.consumer.pspng_affiliations.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim
+changeLog.consumer.pspng_affiliations.type = edu.internet2.middleware.grouper.pspng.LdapAttributeProvisioner
+changeLog.consumer.pspng_affiliations.quartzCron = 0 * * * * ?
+changeLog.consumer.pspng_affiliations.ldapPoolName = demo
+changeLog.consumer.pspng_affiliations.provisionedAttributeName = eduPersonAffiliation
+changeLog.consumer.pspng_affiliations.provisionedAttributeValueFormat = ${group.extension.replace('ePA_', '')}
+changeLog.consumer.pspng_affiliations.userSearchBaseDn = ou=people,dc=internet2,dc=edu
+changeLog.consumer.pspng_affiliations.userSearchFilter = uid=${subject.id}
+changeLog.consumer.pspng_affiliations.allProvisionedValuesPrefix=*
+
+changeLog.consumer.pspng_entitlements.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim
+changeLog.consumer.pspng_entitlements.type = edu.internet2.middleware.grouper.pspng.LdapAttributeProvisioner
+changeLog.consumer.pspng_entitlements.quartzCron = 0 * * * * ?
+changeLog.consumer.pspng_entitlements.ldapPoolName = demo
+changeLog.consumer.pspng_entitlements.provisionedAttributeName = eduPersonEntitlement
+changeLog.consumer.pspng_entitlements.provisionedAttributeValueFormat = ${group.name.equalsIgnoreCase('app:wiki:service:policy:wiki_authorized') ? 'http://sp.example.org/wiki' : 'urn:mace:example.edu:' + group.extension}
+changeLog.consumer.pspng_entitlements.userSearchBaseDn = ou=people,dc=internet2,dc=edu
+changeLog.consumer.pspng_entitlements.userSearchFilter = uid=${subject.id}
+changeLog.consumer.pspng_entitlements.allProvisionedValuesPrefix=*

ex201/ex201.2.1/Dockerfile

@@ -9,8 +9,6 @@ LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
 ENV USERTOKEN=ex201.2.1
 
 COPY container_files/seed-data/ /seed-data/
-COPY container_files/grouper-loader.properties /opt/grouper/conf/
-COPY container_files/subject.properties /opt/grouper/conf/
 
 RUN (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
     && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \

ex201/ex201.3.1/Dockerfile

@@ -0,0 +1,24 @@
+FROM tier/grouper-training-env:ex201.2.end
+
+LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
+      Vendor="TIER" \
+      ImageType="Grouper Training" \
+      ImageName=$imagename \
+      ImageOS=centos7
+
+ENV USERTOKEN=ex201.3.1
+
+COPY container_files/seed-data/ /seed-data/
+
+RUN (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
+    && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
+    (mysqld_safe & ) \
+    && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \
+    cd /opt/grouper/grouper.apiBinary \
+    && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \
+    && mysql grouper < /seed-data/sisData.sql \
+    && bin/gsh /seed-data/bootstrap.gsh \
+    && pkill -HUP slapd \
+    && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \
+    pkill -u mysql mysqld \
+    && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done

ex201/ex201.3.1/container_files/seed-data/bootstrap.gsh

@@ -0,0 +1 @@
+GrouperSession.startRootSession()

ex201/ex201.3.end/Dockerfile

@@ -0,0 +1,24 @@
+FROM tier/grouper-training-env:ex201.3.1
+
+LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
+      Vendor="TIER" \
+      ImageType="Grouper Training" \
+      ImageName=$imagename \
+      ImageOS=centos7
+
+ENV USERTOKEN=ex201.3.end
+
+COPY container_files/seed-data/ /seed-data/
+
+RUN (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
+    && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
+    (mysqld_safe & ) \
+    && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \
+    cd /opt/grouper/grouper.apiBinary \
+    && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \
+    && mysql grouper < /seed-data/sisData.sql \
+    && bin/gsh /seed-data/bootstrap.gsh \
+    && pkill -HUP slapd \
+    && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \
+    pkill -u mysql mysqld \
+    && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done

ex201/ex201.3.end/container_files/seed-data/bootstrap.gsh

@@ -0,0 +1,38 @@
+gs = GrouperSession.startRootSession()
+
+//ex201.3.1
+addStem("app", "eduPersonAffiliation", "eduPersonAffiliation");
+addGroup("app:eduPersonAffiliation", "ePA_student", "ePA_student");
+addGroup("app:eduPersonAffiliation", "ePA_staff", "ePA_staff");
+addGroup("app:eduPersonAffiliation", "ePA_alum", "ePA_alum");
+addGroup("app:eduPersonAffiliation", "ePA_member", "ePA_member");
+addGroup("app:eduPersonAffiliation", "ePA_affiliate", "ePA_affiliate");
+addGroup("app:eduPersonAffiliation", "ePA_employee", "ePA_employee");
+addGroup("app:eduPersonAffiliation", "ePA_library-walk-in", "ePA_library-walk-in");
+
+//ex201.3.2
+addMember("app:eduPersonAffiliation:ePA_student", "ref:student:students");
+
+//ex201.3.3
+addMember("app:eduPersonAffiliation:ePA_member", "app:eduPersonAffiliation:ePA_student");
+addMember("app:eduPersonAffiliation:ePA_member", "app:eduPersonAffiliation:ePA_staff");
+addMember("app:eduPersonAffiliation:ePA_member", "app:eduPersonAffiliation:ePA_alum");
+addMember("app:eduPersonAffiliation:ePA_member", "app:eduPersonAffiliation:ePA_affiliate");
+addMember("app:eduPersonAffiliation:ePA_member", "app:eduPersonAffiliation:ePA_employee");
+
+//ex201.3.4
+
+//Assign the PSPNG attribute for the standard groups
+group = GroupFinder.findByName(gs, "app:eduPersonAffiliation:ePA_student");
+
+# Auto create the PSPNG attributes
+edu.internet2.middleware.grouper.pspng.FullSyncProvisionerFactory.getFullSyncer("pspng_affiliations");
+
+pspngAttribute = AttributeDefNameFinder.findByName("etc:pspng:provision_to", true);
+AttributeAssignSave attributeAssignSave = new AttributeAssignSave(gs).assignPrintChangesToSystemOut(true);
+attributeAssignSave.assignAttributeDefName(pspngAttribute);
+attributeAssignSave.assignOwnerGroup(group);
+attributeAssignSave.addValue("pspng_affiliations");
+attributeAssignSave.save();
+
+//ex201.3.5

ex201/ex201.4.1/Dockerfile

@@ -0,0 +1,24 @@
+FROM tier/grouper-training-env:ex201.3.end
+
+LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
+      Vendor="TIER" \
+      ImageType="Grouper Training" \
+      ImageName=$imagename \
+      ImageOS=centos7
+
+ENV USERTOKEN=ex201.4.1
+
+COPY container_files/seed-data/ /seed-data/
+
+RUN (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
+    && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
+    (mysqld_safe & ) \
+    && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \
+    cd /opt/grouper/grouper.apiBinary \
+    && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \
+    && mysql grouper < /seed-data/sisData.sql \
+    && bin/gsh /seed-data/bootstrap.gsh \
+    && pkill -HUP slapd \
+    && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \
+    pkill -u mysql mysqld \
+    && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done

ex201/ex201.4.1/container_files/seed-data/bootstrap.gsh

@@ -0,0 +1,2 @@
+gs = GrouperSession.startRootSession()
+

ex201/ex201.4.end/Dockerfile

@@ -0,0 +1,24 @@
+FROM tier/grouper-training-env:ex201.4.1
+
+LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
+      Vendor="TIER" \
+      ImageType="Grouper Training" \
+      ImageName=$imagename \
+      ImageOS=centos7
+
+ENV USERTOKEN=ex201.4.end
+
+COPY container_files/seed-data/ /seed-data/
+
+RUN (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
+    && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
+    (mysqld_safe & ) \
+    && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \
+    cd /opt/grouper/grouper.apiBinary \
+    && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \
+    && mysql grouper < /seed-data/sisData.sql \
+    && bin/gsh /seed-data/bootstrap.gsh \
+    && pkill -HUP slapd \
+    && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \
+    pkill -u mysql mysqld \
+    && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done

ex201/ex201.4.end/container_files/seed-data/bootstrap.gsh

@@ -0,0 +1,42 @@
+gs = GrouperSession.startRootSession()
+
+//ex201.4.1
+addStem("app", "wiki", "wiki");
+addStem("app:wiki", "service", "service");
+addStem("app:wiki:service", "policy", "policy");
+
+addGroup("app:wiki:service:policy", "wiki_authorized", "wiki_authorized");
+addGroup("app:wiki:service:policy", "wiki_authorized", "wiki_authorized");
+addGroup("app:wiki:service:policy", "wiki_authorized_deny",  "wiki_authorized_deny");
+addComposite("app:wiki:service:policy:wiki_authorized", CompositeType.COMPLEMENT, "app:wiki:service:policy:wiki_authorized", "app:wiki:service:policy:wiki_authorized_deny");
+
+//ex201.4.2
+addStem("app:wiki", "security", "security");
+addGroup("app:wiki:security", "wiki_admin", "wiki_admin");
+grantPriv("app:wiki:service", "app:wiki:security:wiki_admin", NamingPrivilege.STEM)
+
+//ex201.4.3
+addMember("app:wiki:service:policy:wiki_authorized_allow", "ref:student:students");
+addMember("app:wiki:service:policy:wiki_authorized_deny", "ref:iam:global_deny");
+
+//ex201.4.4
+
+//Assign the PSPNG attribute for the standard groups
+group = GroupFinder.findByName(gs, "app:wiki:service:policy:wiki_authorized");
+
+# Auto create the PSPNG attributes
+edu.internet2.middleware.grouper.pspng.FullSyncProvisionerFactory.getFullSyncer("pspng_entitlements");
+
+pspngAttribute = AttributeDefNameFinder.findByName("etc:pspng:provision_to", true);
+AttributeAssignSave attributeAssignSave = new AttributeAssignSave(gs).assignPrintChangesToSystemOut(true);
+attributeAssignSave.assignAttributeDefName(pspngAttribute);
+attributeAssignSave.assignOwnerGroup(group);
+attributeAssignSave.addValue("pspng_entitlements");
+attributeAssignSave.save();
+
+
+//ex201.4.5
+(nothing)
+
+//ex201.4.6
+(nothing)

ex201/ex201.5.1/Dockerfile

@@ -0,0 +1,24 @@
+FROM tier/grouper-training-env:ex201.4.end
+
+LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
+      Vendor="TIER" \
+      ImageType="Grouper Training" \
+      ImageName=$imagename \
+      ImageOS=centos7
+
+ENV USERTOKEN=ex201.5.1
+
+COPY container_files/seed-data/ /seed-data/
+
+RUN (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
+    && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
+    (mysqld_safe & ) \
+    && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \
+    cd /opt/grouper/grouper.apiBinary \
+    && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \
+    && mysql grouper < /seed-data/sisData.sql \
+    && bin/gsh /seed-data/bootstrap.gsh \
+    && pkill -HUP slapd \
+    && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \
+    pkill -u mysql mysqld \
+    && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done

ex201/ex201.5.1/container_files/seed-data/bootstrap.gsh

@@ -0,0 +1 @@
+GrouperSession.startRootSession()

ex201/ex201.5.end/Dockerfile

@@ -0,0 +1,24 @@
+FROM tier/grouper-training-env:ex201.5.1
+
+LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
+      Vendor="TIER" \
+      ImageType="Grouper Training" \
+      ImageName=$imagename \
+      ImageOS=centos7
+
+ENV USERTOKEN=ex201.5.end
+
+COPY container_files/seed-data/ /seed-data/
+
+RUN (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
+    && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
+    (mysqld_safe & ) \
+    && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \
+    cd /opt/grouper/grouper.apiBinary \
+    && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \
+    && mysql grouper < /seed-data/sisData.sql \
+    && bin/gsh /seed-data/bootstrap.gsh \
+    && pkill -HUP slapd \
+    && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \
+    pkill -u mysql mysqld \
+    && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done

ex201/ex201.5.end/container_files/seed-data/bootstrap.gsh

@@ -0,0 +1,51 @@
+gs = GrouperSession.startRootSession()
+
+//ex201.5.1
+addStem("app", "cognos", "cognos");
+addStem("app:cognos", "service", "service");
+addStem("app:cognos:service" , "security", "security");
+addGroup("app:cognos:service:security", "cg_adv_manager", "cg_adv_manager");
+
+addStem("app:cognos:service", "ref", "ref");
+addStem("app:cognos:service", "policy", "policy");
+
+addGroup("app:cognos:service:policy", "cg_adv_report_reader", "cg_adv_report_reader");
+addGroup("app:cognos:service:policy", "cg_adv_report_reader_allow", "cg_adv_report_reader_allow");
+addGroup("app:cognos:service:policy", "cg_adv_report_reader_deny", "cg_adv_report_reader_deny");
+
+addGroup("app:cognos:service:policy", "cg_adv_report_writer", "cg_adv_report_writer");
+addGroup("app:cognos:service:policy", "cg_adv_report_writer_allow", "cg_adv_report_writer_allow");
+addGroup("app:cognos:service:policy", "cg_adv_report_writer_deny", "cg_adv_report_writer_deny");
+
+//ex201.5.2
+addStem("ref", "dept", "dept");
+addGroup("ref:dept", "advancement", "advancement");
+addMember("app:cognos:service:policy:cg_adv_report_writer_allow", "ref:dept:advancement");
+
+//ex201.5.3
+group = addGroup("app:cognos:service:ref", "advancement_report_writer", "advancement_report_writer");
+addMember("app:cognos:service:policy:cg_adv_report_writer_allow", "app:cognos:service:ref:advancement_report_writer");
+grantPriv("app:cognos:service:security:cg_adv_manager", "app:cognos:service:policy:cg_adv_report_writer_allow", AccessPrivilege.READ);
+grantPriv("app:cognos:service:security:cg_adv_manager", "app:cognos:service:policy:cg_adv_report_writer_allow", AccessPrivilege.UPDATE);
+
+//ex201.5.4
+attribute = AttributeDefNameFinder.findByName("etc:attribute:attestation:attestation", true);
+attributeAssignSave = new AttributeAssignSave(gs).assignPrintChangesToSystemOut(true);
+attributeAssignSave.assignAttributeDefName(attribute);
+attributeAssignSave.assignOwnerGroup(group);
+
+attributeAssignOnAssignSave = new AttributeAssignSave(gs);
+attributeAssignOnAssignSave.assignAttributeAssignType(AttributeAssignType.group_asgn);
+attestationSendEmailAttributeDefName = AttributeDefNameFinder.findByName("etc:attribute:attestation:attestationSendEmail", false);
+attributeAssignOnAssignSave.assignAttributeDefName(attestationSendEmailAttributeDefName);
+attributeAssignOnAssignSave.addValue("true");
+attributeAssignSave.addAttributeAssignOnThisAssignment(attributeAssignOnAssignSave);
+
+attributeAssignOnAssignSave = new AttributeAssignSave(gs);
+attributeAssignOnAssignSave.assignAttributeAssignType(AttributeAssignType.group_asgn);
+attributeDefName = AttributeDefNameFinder.findByName("etc:attribute:attestation:attestationDirectAssignment", false);
+attributeAssignOnAssignSave.assignAttributeDefName(attributeDefName);
+attributeAssignOnAssignSave.addValue("true");
+attributeAssignSave.addAttributeAssignOnThisAssignment(attributeAssignOnAssignSave);
+
+attributeAssign = attributeAssignSave.save();