pgAdmin and test app working; app secure folder admin/ -> wiki/

base/Dockerfile

@@ -37,10 +37,6 @@ RUN dnf install -y nano nc openldap-clients httpd mod_ssl https://archive.fedora
     && dnf install -y postgresql-server postgresql-contrib
 
 
-# Install pgAdmin (ref: https://www.pgadmin.org/download/pgadmin-4-rpm/)
-RUN rpm -i https://ftp.postgresql.org/pub/pgadmin/pgadmin4/yum/pgadmin4-redhat-repo-2-1.noarch.rpm \
-    && dnf -y install pgadmin4-web
-
 
 # Init ldap and add basic schemas and OU's
 COPY container_files/ldap/ /tmp/base/ldap/
@@ -60,16 +56,15 @@ RUN cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG \
     && while nc -z localhost 389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done
 
 
-# install Go app for MailHog
-RUN dnf install -y golang \
-    && go install github.com/mailhog/MailHog@v1.0.1
-
-
 # Init grouper databases and grouper, needs ldap and db to be up
+COPY container_files/usr-local-bin/* /usr/local/bin/
 COPY container_files/grouper/conf /opt/grouper/grouperWebapp/WEB-INF/classes/
 COPY container_files/postgres/00-init_dbs_and_users.sql /tmp/base/postgres/00-init_dbs_and_users.sql
 
-RUN (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
+RUN . /usr/local/bin/library.sh \
+    && . /usr/local/bin/librarySetupPipe.sh \
+    && setupPipe_logging \
+    && (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
     && while ! nc -z localhost 389 > /dev/null; do echo waiting for ldap to start; sleep 1; done \
     && su -l postgres -c /usr/bin/initdb \
     && su -l postgres -c "pg_ctl -D /var/lib/pgsql/data -l /tmp/pg_logfile start" \
@@ -82,6 +77,8 @@ RUN (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
     && su -l postgres -c "pg_ctl -D /var/lib/pgsql/data stop" \
     && while nc -z localhost 5432 > /dev/null; do echo waiting for postgres to stop; sleep 1; done
 
+#    && (cp ./classes/log4j2.xml.debug ./classes/log4j2.xml; ./bin/gsh.sh -registry -check -runscript -noprompt; cat -n /tmp/logpipe) \
+
 # overwrite max_connections and other properties
 COPY container_files/postgres/postgresql.conf /var/lib/pgsql/data/postgresql.conf
 COPY container_files/postgres/pg_hba.conf /var/lib/pgsql/data/pg_hba.conf
@@ -109,6 +106,31 @@ RUN openssl req -new -nodes -newkey rsa:2048 -subj "/commonName=localhost.locald
  RUN mkdir -p /run/php-fpm/
 
 
+# Install pgAdmin (ref: https://www.pgadmin.org/download/pgadmin-4-rpm/)
+
+RUN rpm -i https://ftp.postgresql.org/pub/pgadmin/pgadmin4/yum/pgadmin4-redhat-repo-2-1.noarch.rpm \
+    && dnf -y install pgadmin4-web
+
+# We will overwrite the generated database with almost the same, but with the server entry added
+COPY container_files/pgadmin/ /tmp/base/pgadmin/
+
+RUN PGADMIN_SETUP_EMAIL=postgres@localhost.localdomain PGADMIN_SETUP_PASSWORD='Example123' /usr/pgadmin4/bin/setup-web.sh --yes \
+    && /usr/bin/cp -p /tmp/base/pgadmin/pgadmin4.db /var/lib/pgadmin/pgadmin4.db \
+    && chown apache:apache /var/lib/pgadmin/pgadmin4.db \
+    && httpd \
+    && curl http://127.0.0.1/pgadmin4/ \
+    && pkill httpd \
+    && rm -f /run/httpd/httpd.pid
+
+
+
+# install Go app for MailHog
+RUN dnf install -y golang \
+    && go install github.com/mailhog/MailHog@v1.0.1
+
+
+
+
 # Copy general support files
 COPY container_files/etc/ /etc/
 COPY container_files/shibboleth-sp/ /etc/shibboleth/
@@ -118,7 +140,6 @@ COPY container_files/tier-support/* /opt/tier-support/
 COPY container_files/tls/host-key.pem  /etc/pki/tls/private/
 COPY container_files/tls/* /etc/pki/tls/certs/
 COPY container_files/var-www-html/ /var/www/html/
-COPY container_files/usr-local-bin/* /usr/local/bin/
 
 #COPY container_files/usr/share/ /usr/share/
 
@@ -149,114 +170,3 @@ RUN touch /opt/tomcat/conf/Catalina/localhost/rewrite.config
 EXPOSE 389 636 5432 443 8080 8443 5005 1025 8025
 
 CMD ["grouper"]
-
-## ===========================================================
-#
-#RUN false
-#
-#RUN dnf install -y procps-ng nano nc mariadb mariadb-server openldap-clients php php-json php-mysqlnd golang https://archive.fedoraproject.org/pub/archive/epel/8.7/Everything/x86_64/Packages/p/phpldapadmin-1.2.6.3-1.el8.noarch.rpm \
-#    && dnf install -y 'dnf-command(config-manager)' \
-#    && dnf config-manager --set-enabled powertools \
-#    && dnf install -y openldap-servers \
-#    && dnf clean all
-#
-#RUN mkdir -p /tmp/phpmyadmin \
-#    && cd /tmp/phpmyadmin \
-#    && wget https://files.phpmyadmin.net/phpMyAdmin/5.2.1/phpMyAdmin-5.2.1-all-languages.zip \
-#    && unzip phpMyAdmin-*.zip \
-#    && mv phpMyAdmin-*-all-languages /usr/share/phpmyadmin \
-#    && mkdir -p /run/php-fpm/ /usr/share/phpmyadmin/tmp/
-#
-#COPY container_files/seed-data/ /seed-data/
-#
-## TODO get the my.cnf from the old server. These files are in cnf.d and don't have a lot of variables
-#RUN mysql_install_db --force \
-#    && chown -R mysql:mysql /var/lib/mysql/ /var/log/mariadb \
-#    && sed -i 's/^\(bind-address\s.*\)/# \1/' /etc/my.cnf.d/mariadb-server.cnf \
-#    && sed -i 's/^\(log_error\s.*\)/# \1/' /etc/my.cnf \
-#    && sed -i 's/\[mysqld\]/\[mysqld\]\ncharacter_set_server = utf8/' /etc/my.cnf \
-#    && sed -i 's/\[mysqld\]/\[mysqld\]\ncollation_server = utf8_general_ci/' /etc/my.cnf \
-#    && sed -i 's/\[mysqld\]/\[mysqld\]\nport = 3306/' /etc/my.cnf \
-#    && cat  /etc/my.cnf \
-#    && echo "/usr/bin/mysqld_safe &" > /tmp/config \
-#    && echo "mysqladmin --silent --wait=30 ping || exit 1" >> /tmp/config \
-#    && echo "mysql -e 'CREATE USER \"root\"@\"%\"; GRANT ALL PRIVILEGES ON *.* TO \"root\"@\"%\" WITH GRANT OPTION; FLUSH PRIVILEGES'" >> /tmp/config \
-#    && echo "mysql -e 'CREATE DATABASE grouper CHARACTER SET utf8 COLLATE utf8_bin;'" >> /tmp/config \
-#    && bash /tmp/config \
-#    && rm -f /tmp/config
-##    && mysql grouper < /seed-data/sisData.sql
-#
-## TODO error ERROR 1133 (28000) at line 1: Can't find any matching row in the user table
-#
-## On Rocky Linux, slapd defaults to mdg not hdb
-## use `ldapsearch -H ldapi:/// -Y EXTERNAL -b "cn=config" -LLL -Q "olcDatabase=*" dn` to config
-#
-## On Rocky, don't need to import module memberOf (`cat /etc/openldap/slapd.d/cn=config/cn=module{0}.ldif`)
-#
-#RUN cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG \
-#    && mkdir -p /var/ldap/example \
-#    && chown -R ldap:ldap /var/lib/ldap /etc/openldap/slapd.d /var/ldap \
-#    && (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
-#    && while ! nc -z localhost 389 > /dev/null; do echo waiting for ldap to start; sleep 1; done \
-#    && ldapmodify -Y EXTERNAL -H ldapi:/// -f /seed-data/domain.ldif \
-#    && ldapadd -H ldapi:/// -f /etc/openldap/schema/cosine.ldif \
-#    && ldapadd -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif \
-#    && ldapadd -H ldapi:/// -f /seed-data/memberOf.ldif \
-#    && ldapadd -H ldapi:/// -f /seed-data/eduPerson.ldif \
-#    && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \
-#    && pkill -HUP slapd \
-#    && while nc -z localhost 389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done
-#
-## install Go app for MailHog
-#RUN dnf install -y golang \
-#    && go install github.com/mailhog/MailHog@v1.0.1
-#
-#COPY container_files/grouper/conf /opt/grouper/grouperWebapp/WEB-INF/classes/
-##COPY container_files/conf/grouperText/* /opt/grouper/grouperWebapp/WEB-INF/classes/grouperText/
-#
-#RUN (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
-#    && while ! nc -z localhost 389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
-#    (mysqld_safe & ) \
-#    && while ! nc -z localhost 3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \
-#    cd /opt/grouper/grouperWebapp/WEB-INF/bin \
-#    && ./gsh.sh -registry -check -runscript -noprompt \
-#    && pkill -HUP slapd \
-#    && while nc -z localhost 389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \
-#    pkill -u mysql mysqld \
-#    && while nc -z localhost 3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done
-#
-#COPY --from=idp /opt/shibboleth-idp/ /opt/shibboleth-idp/
-#
-#COPY container_files/etc/ /etc/
-#COPY container_files/httpd/* /etc/httpd/conf.d/
-#COPY container_files/shibboleth-idp/ /opt/shibboleth-idp/
-#COPY container_files/shibboleth-sp/* /etc/shibboleth/
-#COPY container_files/tomcat/ /opt/tomcat/
-#COPY container_files/tier-support/* /opt/tier-support/
-#COPY container_files/tls/host-key.pem  /etc/pki/tls/private/
-#COPY container_files/tls/* /etc/pki/tls/certs/
-#COPY container_files/usr-local-bin/* /usr/local/bin/
-#COPY container_files/var-www-html/ /var/www/html/
-#COPY container_files/usr/share/ /usr/share/
-#
-##RUN cp /opt/tier-support/grouper.xml /opt/tier-support/grouper-ws.xml /opt/tomcat/conf/Catalina/localhost/ \
-#RUN chown -R tomcat /opt/shibboleth-idp/ \
-#    && chmod -R 700 /opt/shibboleth-idp/ \
-#    && chmod +rx /var/www/html/app/index.py \
-#    && ANT_OPTS="-Didp.noprompt=true -Didp.target.dir=/opt/shibboleth-idp" /opt/shibboleth-idp/bin/build.sh \
-#    && chmod go-w /usr/share/phpmyadmin/config.inc.php
-#
-#
-#RUN chown -R tomcat:tomcat /opt/grouper/grouperWebapp
-#RUN chown -R tomcat:tomcat /opt/tomcat
-#RUN chown -R apache:apache /usr/share/phpmyadmin/tmp/
-#
-#ENV GROUPER_START_DELAY_SECONDS=10 \
-#    GROUPER_WS_GROUPER_AUTH=true
-#
-## note 5005 is for remote Java debugging
-## 1025 is MailHog SMTP server
-## 8025 is MailHog HTTP server
-#EXPOSE 389 3306 8080 5005 1025 8025
-#
-#CMD ["grouper"]

base/container_files/httpd/grouper-testapp.conf

@@ -5,17 +5,17 @@
   Require shibboleth
 
   Options +ExecCGI
-  AddHandler cgi-script .py
+  AddHandler cgi-script .php
 
-  DirectoryIndex index.py
+  DirectoryIndex index.php
 </Location>
 
-<Location /app/admin>
+<Location /app/wiki>
   AuthType shibboleth
   ShibRequestSetting requireSession 1
   ShibRequireSession on
-  Require shib-attr eduPersonEntitlement urn:mace:example.edu:admin urn:mace:example.edu:superUser
+  Require shib-attr eduPersonEntitlement http://sp.example.org/wiki
   ErrorDocument 401 /app/accessError.html
 
   DirectoryIndex index.html
-</Location>
+</Location>

base/container_files/var-www-html/app/accessError.html

@@ -16,7 +16,7 @@ <h1>Authorization Failed</h1>
 
 <p>
 Based on the information provided to this application about you, you are
-not authorized to access the resource because you are not an admin or superuser.
+not authorized to access the resource because you are missing the proper entitlement.
 </p>
 
 

base/container_files/var-www-html/app/index.php

@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>User Attributes</title>
+</head>
+<body>
+
+<p><a href="/Shibboleth.sso/Logout">SP Logout</a></p>
+
+
+<?php
+
+$headers = [];
+foreach ($_SERVER as $key => $value) {
+    if (preg_match('/^([a-z])|(Shib)|REMOTE_USER/', $key)) {
+        $headers[$key] = $value;
+    }
+}
+
+ksort($headers);
+
+foreach ($headers as $header => $value) {
+    echo "$header: $value<br/>";
+}
+?>
+
+<p>* This list is a filtered list of environment variables containing the <a href="/Shibboleth.sso/Session">Shibboleth SP attributes</a>.</p>
+
+<p>Test access to the <a href="/app/admin/">student wiki</a> (requires eduPersonEntitlement value http://sp.example.org/wiki)
+</body>
+</html>

base/container_files/var-www-html/index.html

@@ -52,10 +52,10 @@ <h1>GTE jump page</h1>
         Civilian: jsmith / password</td>
     </tr>
     <tr>
-      <td><a href="/phpmyadmin/">Database manager</a></td>
-      <td>https://localhost:8443/phpmyadmin/</td>
-      <td>Phpmyadmin Mysql database manager</td>
-      <td>root / &lt;no password&gt;</td>
+      <td><a href="/pgadmin4/browser/">Database manager</a></td>
+      <td>https://localhost:8443/pgadmin4/browser/</td>
+      <td>pgAdmin PostgreSQL database manager</td>
+      <td>postgres@localhost.localdomain / Example123</td>
     </tr>
     <tr>
       <td><a href="/phpldapadmin/">LDAP manager</a></td>

gte

@@ -9,7 +9,7 @@ EXTRA_ARGS=
 
 show_help() {
   echo "$0 [--sql] [--ldap] [--fg|-it] [docker args ...] <gte lesson id> [container cmd ...]"
-  echo "    --sql:         Expose port 3306"
+  echo "    --sql:         Expose port 5432"
   echo "    --ldap:        Expose port 389"
   echo "    --fg:          Don't detach (i.e., don't run container with -d flag"
   echo "    -h|--help:     This help message"
@@ -19,7 +19,7 @@ show_help() {
 
 for arg in $*; do
   case $arg in
-        --sql) EXTRA_ARGS="$EXTRA_ARGS -p 3306:3306"; shift;;
+        --sql) EXTRA_ARGS="$EXTRA_ARGS -p 5432:5432"; shift;;
         --ldap) EXTRA_ARGS="$EXTRA_ARGS -p 389:389"; shift;;
         --fg) is_foreground=1; shift;;
         -it) is_foreground=1; EXTRA_ARGS="$EXTRA_ARGS $1"; shift;;