Completed: ex401.2.1, 401.2.2, 401.2.3, and 401.2.4

ex401/ex401.2.1/Dockerfile

@@ -0,0 +1,24 @@
+FROM tier/grouper-training-env:ex401.1.end
+
+LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
+      Vendor="TIER" \
+      ImageType="Grouper Training" \
+      ImageName=$imagename \
+      ImageOS=centos7
+
+ENV USERTOKEN=ex401.2.1
+
+COPY container_files/seed-data/ /seed-data/
+
+RUN (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
+    && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
+    (mysqld_safe & ) \
+    && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \
+    cd /opt/grouper/grouper.apiBinary \
+    && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \
+    && mysql grouper < /seed-data/sisData.sql \
+    && bin/gsh /seed-data/bootstrap.gsh \
+    && pkill -HUP slapd \
+    && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \
+    pkill -u mysql mysqld \
+    && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done

ex401/ex401.2.2/Dockerfile

@@ -0,0 +1,24 @@
+FROM tier/grouper-training-env:ex401.2.1
+
+LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
+      Vendor="TIER" \
+      ImageType="Grouper Training" \
+      ImageName=$imagename \
+      ImageOS=centos7
+
+ENV USERTOKEN=ex401.2.2
+
+COPY container_files/seed-data/ /seed-data/
+
+RUN (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
+    && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
+    (mysqld_safe & ) \
+    && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \
+    cd /opt/grouper/grouper.apiBinary \
+    && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \
+    && mysql grouper < /seed-data/sisData.sql \
+    && bin/gsh /seed-data/bootstrap.gsh \
+    && pkill -HUP slapd \
+    && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \
+    pkill -u mysql mysqld \
+    && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done

ex401/ex401.2.2/container_files/seed-data/bootstrap.gsh

@@ -0,0 +1,12 @@
+gs = GrouperSession.startRootSession();
+
+addStem("app", "mfa", "mfa");
+addGroup("app:mfa", "mfa_enabled", "mfa_enabled");
+addGroup("app:mfa", "mfa_allow", "mfa_allow");
+addGroup("app:mfa", "mfa_deny", "mfa_deny");
+addComposite("app:mfa:mfa_enabled", CompositeType.COMPLEMENT, "app:mfa:mfa_allow", "app:mfa:mfa_deny");
+
+addStem("app:mfa", "ref", "ref");
+addGroup("app:mfa:ref", "pilot", "pilot");
+
+addMember("app:mfa:mfa_allow", "app:mfa:ref:pilot");

ex401/ex401.2.3/Dockerfile

@@ -0,0 +1,27 @@
+FROM tier/grouper-training-env:ex401.2.2
+
+LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
+      Vendor="TIER" \
+      ImageType="Grouper Training" \
+      ImageName=$imagename \
+      ImageOS=centos7
+
+ENV USERTOKEN=ex401.2.3
+
+COPY container_files/seed-data/ /seed-data/
+COPY container_files/grouper-loader.properties /opt/grouper/conf/
+
+RUN . /usr/local/bin/library.sh \
+    && prepConf; \
+    (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
+    && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
+    (mysqld_safe & ) \
+    && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \
+    cd /opt/grouper/grouper.apiBinary \
+    && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \
+    && mysql grouper < /seed-data/sisData.sql \
+    && bin/gsh /seed-data/bootstrap.gsh \
+    && pkill -HUP slapd \
+    && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \
+    pkill -u mysql mysqld \
+    && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done

ex401/ex401.2.3/container_files/grouper-loader.properties

@@ -0,0 +1,100 @@
+#specify the consumers here.  specify the consumer name after the changeLog.consumer. part.  This example is "psp"
+#but it could be changeLog.consumer.myConsumerName.class
+#the class must extend edu.internet2.middleware.grouper.changeLog.ChangeLogConsumerBase
+#changeLog.consumer.psp.class = edu.internet2.middleware.psp.grouper.PspChangeLogConsumer
+
+#the quartz cron is a cron-like string.  it defaults to every minute on the minute (since the temp to change log job runs
+#at 10 seconds to each minute).  it defaults to this: 0 * * * * ?                                          
+#though it will stagger each one by 2 seconds                                                              
+# http://www.quartz-scheduler.org/documentation/quartz-1.x/tutorials/crontrigger                           
+#changeLog.consumer.psp.quartzCron = 0 * * * * ?                                                          
+
+# To retry processing a change log entry if an error occurs, set retryOnError to true. Defaults to false.  
+#changeLog.consumer.psp.retryOnError = false                                                              
+
+# To run full provisioning synchronizations periodically, provide the class name which provides a 'public void fullSync()' method.
+#changeLog.psp.fullSync.class = edu.internet2.middleware.psp.grouper.PspChangeLogConsumer                 
+
+# Schedule full synchronizations. Defaults to 5 am : 0 0 5 * * ?.                                          
+#changeLog.psp.fullSync.quartzCron = 0 0 5 * * ?
+
+# Run a full synchronization job at startup. Defaults to false.                                            
+#changeLog.psp.fullSync.runAtStartup = false                                                              
+
+# Omit diff responses from bulk response to conserve memory.                                               
+#changeLog.psp.fullSync.omitDiffResponses = true                                                          
+
+# Omit sync responses from bulk response to conserve memory.                                               
+#changeLog.psp.fullSync.omitSyncResponses = true 
+
+#################################
+## LDAP connections
+#################################
+# specify the ldap connection with user, pass, url
+# the string after "ldap." is the ID of the connection, and it should not have
+# spaces or other special chars in it.  In this case is it "personLdap"
+
+#note the URL should start with ldap: or ldaps: if it is SSL.  
+#It should contain the server and port (optional if not default), and baseDn,
+#e.g. ldaps://ldapserver.school.edu:636/dc=school,dc=edu
+ldap.demo.url = ldap://localhost:389/
+
+#optional, if authenticated
+ldap.demo.user = cn=root,dc=internet2,dc=edu
+
+#optional, if authenticated note the password can be stored encrypted in an external file
+ldap.demo.pass = password
+
+#optional, if you are using tls, set this to true.  Generally you will not be using an SSL URL to use TLS...
+ldap.demo.tls = false
+
+#optional, if using sasl
+#ldap.personLdap.saslAuthorizationId =
+#ldap.personLdap.saslRealm =
+
+#optional (note, time limit is for search operations, timeout is for connection timeouts),
+#most of these default to vt-ldap defaults.  times are in millis
+#validateOnCheckout defaults to true if all other validate methods are false
+#ldap.personLdap.batchSize =
+#ldap.personLdap.countLimit =
+#ldap.personLdap.timeLimit =
+#ldap.personLdap.timeout =
+#ldap.personLdap.minPoolSize =
+#ldap.personLdap.maxPoolSize =
+#ldap.personLdap.validateOnCheckIn =
+#ldap.personLdap.validateOnCheckOut =
+#ldap.personLdap.validatePeriodically =
+#ldap.personLdap.validateTimerPeriod =
+#ldap.personLdap.pruneTimerPeriod =
+#if connections expire after a certain amount of time, this is it, in millis, defaults to 300000 (5 minutes)
+#ldap.personLdap.expirationTime =
+
+#make the paths fully qualified and not relative to the loader group.
+loader.ldap.requireTopStemAsStemFromConfigGroup=false
+
+changeLog.consumer.pspng_groupOfNames.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim
+changeLog.consumer.pspng_groupOfNames.type = edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner
+changeLog.consumer.pspng_groupOfNames.quartzCron = 0 * * * * ?
+changeLog.consumer.pspng_groupOfNames.ldapPoolName = demo
+changeLog.consumer.pspng_groupOfNames.supportsEmptyGroups = false
+changeLog.consumer.pspng_groupOfNames.memberAttributeName = member
+changeLog.consumer.pspng_groupOfNames.memberAttributeValueFormat = ${ldapUser.getDn()}
+changeLog.consumer.pspng_groupOfNames.groupSearchBaseDn = ou=groups,dc=internet2,dc=edu
+changeLog.consumer.pspng_groupOfNames.allGroupsSearchFilter = objectclass=groupOfNames
+changeLog.consumer.pspng_groupOfNames.singleGroupSearchFilter = (&(objectclass=groupOfNames)(cn=${group.name}))
+changeLog.consumer.pspng_groupOfNames.groupSearchAttributes = cn,objectclass
+changeLog.consumer.pspng_groupOfNames.groupCreationLdifTemplate = dn: cn=${group.name}||cn: ${group.name}||objectclass: groupOfNames
+changeLog.consumer.pspng_groupOfNames.userSearchBaseDn = ou=people,dc=internet2,dc=edu
+changeLog.consumer.pspng_groupOfNames.userSearchFilter = uid=${subject.id}
+changeLog.consumer.pspng_groupOfNames.grouperIsAuthoritative = true
+
+
+changeLog.consumer.pspng_entitlements.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim
+changeLog.consumer.pspng_entitlements.type = edu.internet2.middleware.grouper.pspng.LdapAttributeProvisioner
+changeLog.consumer.pspng_entitlements.quartzCron = 0 * * * * ?
+changeLog.consumer.pspng_entitlements.ldapPoolName = demo
+changeLog.consumer.pspng_entitlements.provisionedAttributeName = eduPersonEntitlement
+changeLog.consumer.pspng_entitlements.provisionedAttributeValueFormat = urn:mace:example.edu:${group.extension}
+changeLog.consumer.pspng_entitlements.userSearchBaseDn = ou=people,dc=internet2,dc=edu
+changeLog.consumer.pspng_entitlements.userSearchFilter = uid=${subject.id}
+changeLog.consumer.pspng_entitlements.allProvisionedValuesPrefix=urn:mace:example.edu:

ex401/ex401.2.3/container_files/seed-data/bootstrap.gsh

@@ -0,0 +1,15 @@
+gs = GrouperSession.startRootSession();
+
+//Assign the PSPNG attribute for the standard groups
+group = GroupFinder.findByName(gs, "app:mfa:mfa_enabled");
+
+# Auto create the PSPNG attributes
+edu.internet2.middleware.grouper.pspng.FullSyncProvisionerFactory.getFullSyncer("pspng_groupOfNames");
+
+pspngAttribute = AttributeDefNameFinder.findByName("etc:pspng:provision_to", true);
+//pspngAttributeDef = AttributeDefFinder.findByName("etc:pspng:provision_to_def", true);
+AttributeAssignSave attributeAssignSave = new AttributeAssignSave(gs).assignPrintChangesToSystemOut(true);
+attributeAssignSave.assignAttributeDefName(pspngAttribute);
+attributeAssignSave.assignOwnerGroup(group);
+attributeAssignSave.addValue("pspng_entitlements");
+attributeAssignSave.save();

ex401/ex401.2.4/Dockerfile

@@ -0,0 +1,27 @@
+FROM tier/grouper-training-env:ex401.2.3
+
+LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
+      Vendor="TIER" \
+      ImageType="Grouper Training" \
+      ImageName=$imagename \
+      ImageOS=centos7
+
+ENV USERTOKEN=ex401.2.4
+
+COPY container_files/seed-data/ /seed-data/
+COPY container_files/idp/ /opt/shibboleth-idp/
+
+RUN . /usr/local/bin/library.sh \
+    && prepConf; \
+    (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
+    && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
+    (mysqld_safe & ) \
+    && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \
+    cd /opt/grouper/grouper.apiBinary \
+    && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \
+    && mysql grouper < /seed-data/sisData.sql \
+    && bin/gsh /seed-data/bootstrap.gsh \
+    && pkill -HUP slapd \
+    && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \
+    pkill -u mysql mysqld \
+    && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done