From c111f8ffd49a8a872eca3173c86aa5e7fefd7de6 Mon Sep 17 00:00:00 2001
From: Chad Redman <chad_redman@unc.edu>
Date: Fri, 29 Jan 2021 00:23:55 -0500
Subject: [PATCH] Rename 401.x containers to match slide numbering: 401.2 ->
401.3; 401.3->401.5; 401.4->401.7
---
.../container_files/seed-data/bootstrap.gsh | 6 +-
.../container_files/seed-data/bootstrap.gsh | 3 -
.../container_files/seed-data/bootstrap.gsh | 155 -----------
ex401/ex401.3.1/Dockerfile | 2 +-
.../container_files/seed-data/bootstrap.gsh | 4 +-
.../container_files/seed-data/bootstrap.gsh | 243 +++++++++++-------
ex401/{ex401.4.1 => ex401.5.1}/Dockerfile | 2 +-
.../container_files/seed-data/bootstrap.gsh | 2 +-
.../container_files/seed-data/sisData.sql | 0
.../container_files/seed-data/users.ldif | 0
ex401/{ex401.2.1 => ex401.5.end}/Dockerfile | 4 +-
.../container_files/seed-data/bootstrap.gsh | 110 ++++++++
.../container_files/seed-data/sisData.sql | 0
.../container_files/seed-data/users.ldif | 0
ex401/{ex401.2.end => ex401.7.1}/Dockerfile | 4 +-
.../container_files/seed-data/bootstrap.gsh | 3 +
.../container_files/seed-data/sisData.sql | 0
.../container_files/seed-data/users.ldif | 0
ex401/{ex401.4.end => ex401.7.end}/Dockerfile | 4 +-
.../container_files/seed-data/bootstrap.gsh | 4 +-
.../container_files/seed-data/sisData.sql | 0
.../container_files/seed-data/users.ldif | 0
ex401/manualBuild.sh | 8 +-
23 files changed, 277 insertions(+), 277 deletions(-)
delete mode 100644 ex401/ex401.2.1/container_files/seed-data/bootstrap.gsh
delete mode 100644 ex401/ex401.2.end/container_files/seed-data/bootstrap.gsh
rename ex401/{ex401.4.1 => ex401.5.1}/Dockerfile (98%)
rename ex401/{ex401.4.1 => ex401.5.1}/container_files/seed-data/bootstrap.gsh (64%)
rename ex401/{ex401.2.1 => ex401.5.1}/container_files/seed-data/sisData.sql (100%)
rename ex401/{ex401.2.1 => ex401.5.1}/container_files/seed-data/users.ldif (100%)
rename ex401/{ex401.2.1 => ex401.5.end}/Dockerfile (95%)
create mode 100644 ex401/ex401.5.end/container_files/seed-data/bootstrap.gsh
rename ex401/{ex401.2.end => ex401.5.end}/container_files/seed-data/sisData.sql (100%)
rename ex401/{ex401.2.end => ex401.5.end}/container_files/seed-data/users.ldif (100%)
rename ex401/{ex401.2.end => ex401.7.1}/Dockerfile (95%)
create mode 100644 ex401/ex401.7.1/container_files/seed-data/bootstrap.gsh
rename ex401/{ex401.4.1 => ex401.7.1}/container_files/seed-data/sisData.sql (100%)
rename ex401/{ex401.4.1 => ex401.7.1}/container_files/seed-data/users.ldif (100%)
rename ex401/{ex401.4.end => ex401.7.end}/Dockerfile (95%)
rename ex401/{ex401.4.end => ex401.7.end}/container_files/seed-data/bootstrap.gsh (99%)
rename ex401/{ex401.4.end => ex401.7.end}/container_files/seed-data/sisData.sql (100%)
rename ex401/{ex401.4.end => ex401.7.end}/container_files/seed-data/users.ldif (100%)
diff --git a/ex401/ex401.1.end/container_files/seed-data/bootstrap.gsh b/ex401/ex401.1.end/container_files/seed-data/bootstrap.gsh
index c1daa24..7d4fd00 100644
--- a/ex401/ex401.1.end/container_files/seed-data/bootstrap.gsh
+++ b/ex401/ex401.1.end/container_files/seed-data/bootstrap.gsh
@@ -2,7 +2,7 @@ gs = GrouperSession.startRootSession();
delStem("401.1.1")
addRootStem("401.1.end", "401.1.end")
-// 401.1.1
+// Step 1
addStem("test", "vpn", "vpn");
//Create a loader job to pull in the VPN users assigned in the directory.
@@ -28,7 +28,7 @@ addGroup("test:vpn", "vpn_students", "vpn_students");
addComposite("test:vpn:vpn_students", CompositeType.INTERSECTION, "test:vpn:vpn_legacy", "ref:student");
-// 401.1.2
+// Step 2
addStem("app", "vpn", "vpn");
addStem("app:vpn", "service", "service");
addStem("app:vpn", "security", "security");
@@ -47,7 +47,7 @@ addMember("app:vpn:service:policy:vpn_authorized_deny", "ref:iam:global_deny");
addComposite("app:vpn:service:policy:vpn_authorized", CompositeType.COMPLEMENT, "app:vpn:service:policy:vpn_authorized_allow", "app:vpn:service:policy:vpn_authorized_deny");
-// 401.2
+// Step 3
// Auto create the PSPNG attributes
edu.internet2.middleware.grouper.pspng.FullSyncProvisionerFactory.getFullSyncer("pspng_groupOfNames");
pspngAttribute = AttributeDefNameFinder.findByName("etc:pspng:provision_to", true);
diff --git a/ex401/ex401.2.1/container_files/seed-data/bootstrap.gsh b/ex401/ex401.2.1/container_files/seed-data/bootstrap.gsh
deleted file mode 100644
index c28120a..0000000
--- a/ex401/ex401.2.1/container_files/seed-data/bootstrap.gsh
+++ /dev/null
@@ -1,3 +0,0 @@
-gs = GrouperSession.startRootSession();
-delStem("401.1.end")
-addRootStem("401.2.1", "401.2.1")
diff --git a/ex401/ex401.2.end/container_files/seed-data/bootstrap.gsh b/ex401/ex401.2.end/container_files/seed-data/bootstrap.gsh
deleted file mode 100644
index 6884b66..0000000
--- a/ex401/ex401.2.end/container_files/seed-data/bootstrap.gsh
+++ /dev/null
@@ -1,155 +0,0 @@
-gs = GrouperSession.startRootSession();
-delStem("401.2.1")
-addRootStem("401.2.end", "401.2.end")
-
-// 401.2.1
-addStem("app", "mfa", "mfa");
-addStem("app:mfa", "security", "security");
-addStem("app:mfa", "service", "service");
-addStem("app:mfa:service", "policy", "policy");
-addStem("app:mfa:service", "ref", "ref");
-mfa_enabled = addGroup("app:mfa:service:policy", "mfa_enabled", "mfa_enabled");
-addGroup("app:mfa:service:policy", "mfa_enabled_allow", "mfa_enabled_allow");
-addGroup("app:mfa:service:policy", "mfa_enabled_deny", "mf_enabled_deny");
-addComposite("app:mfa:service:policy:mfa_enabled", CompositeType.COMPLEMENT, "app:mfa:service:policy:mfa_enabled_allow", "app:mfa:service:policy:mfa_enabled_deny");
-addGroup("app:mfa:service:ref", "mfa_pilot", "mfa_pilot");
-addMember("app:mfa:service:policy:mfa_enabled_allow", "app:mfa:service:ref:mfa_pilot");
-
-// 401.2.2
-// Assign PSPNG `provision_to` attribute to `mfa_enabled` with a value of `pspng_entitlements`.
-edu.internet2.middleware.grouper.pspng.FullSyncProvisionerFactory.getFullSyncer("pspng_entitlements");
-pspngAttribute = AttributeDefNameFinder.findByName("etc:pspng:provision_to", true);
-AttributeAssignSave attributeAssignSave = new AttributeAssignSave(gs).assignPrintChangesToSystemOut(true);
-attributeAssignSave.assignAttributeDefName(pspngAttribute);
-attributeAssignSave.assignOwnerGroup(mfa_enabled);
-attributeAssignSave.addValue("pspng_entitlements");
-attributeAssignSave.save();
-addMember("app:mfa:service:ref:mfa_pilot", "banderson");
-
-// 401.2.3
-// nothing to do. idp already configured
-
-// 401.2.4
-// stub out ref groups for load jobs
-addStem("ref", "dept", "dept");
-addGroup("ref:dept", "Information Technology", "Information Technology");
-addGroup("app:mfa:service:ref", "mfa_bypass", "mfa_bypass");
-addMember("app:mfa:service:policy:mfa_enabled_deny", "app:mfa:service:ref:mfa_bypass");
-addMember("app:mfa:service:policy:mfa_enabled_allow", "ref:dept:Information Technology");
-
-mfa_athletics = addGroup("app:mfa:service:ref", "mfa_athletics", "mfa_athletics");
-mfa_athletics.addMember(findSubject("ahenderson36"));
-mfa_athletics.addMember(findSubject("amorrison42"));
-mfa_athletics.addMember(findSubject("bsmith65"));
-mfa_athletics.addMember(findSubject("cthompson28"));
-mfa_athletics.addMember(findSubject("janderson13"));
-mfa_athletics.addMember(findSubject("jdavis4"));
-mfa_athletics.addMember(findSubject("jlangenberg100"));
-mfa_athletics.addMember(findSubject("jprice108"));
-mfa_athletics.addMember(findSubject("jvales117"));
-mfa_athletics.addMember(findSubject("ldavis5"));
-mfa_athletics.addMember(findSubject("mgrady137"));
-mfa_athletics.addMember(findSubject("mmartinez133"));
-mfa_athletics.addMember(findSubject("nscott103"));
-mfa_athletics.addMember(findSubject("pthompson61"));
-mfa_athletics.addMember(findSubject("rdavis16"));
-addMember("app:mfa:service:policy:mfa_enabled_allow", "app:mfa:service:ref:mfa_athletics");
-
-// 401.2.5
-addGroup("app:mfa:service:ref", "NonFacultyBannerINB", "NonFacultyBannerINB");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","jprice108");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","mnielson143");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","mvales154");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","wclark159");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","kthompson169");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","athompson183");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","sanderson191");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","jlangenberg194");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","jwhite222");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","rwilliams230");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","pwilliams242");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","lprice328");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","dgrady331");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","edoe348");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","svales366");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","mhenderson377");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","mlewis390");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","mroberts391");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","llopez398");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","amorrison406");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","janderson459");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","wmartinez487");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","lvales502");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","cvales514");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","jprice523");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","rvales544");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","iprice563");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","bmartinez592");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","jnielson598");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","amartinez605");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","dprice607");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","mbutler632");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","lbutler643");
-addMember("app:mfa:service:ref:NonFacultyBannerINB","dmartinez657");
-
-addMember("app:mfa:service:policy:mfa_enabled_allow","app:mfa:service:ref:NonFacultyBannerINB");
-//Set start date 2 days out
-java.util.Calendar cal = Calendar.getInstance();
-cal.setTime(new Date());
-cal.add(Calendar.DAY_OF_YEAR, 2);
-group = GroupFinder.findByName(gs, "app:mfa:service:policy:mfa_enabled_allow", true);
-subject = GroupFinder.findByName(gs, "app:mfa:service:ref:NonFacultyBannerINB", true).toSubject();
-group.addOrEditMember(subject, true, true, cal.getTime(), null, false);
-
-// 401.2.6
-addGroup("app:mfa:service:ref", "BannerUsersMinusFaculty", "BannerUsersMinusFaculty");
-addComposite("app:mfa:service:ref:BannerUsersMinusFaculty", CompositeType.COMPLEMENT, "app:mfa:service:ref:NonFacultyBannerINB", "ref:faculty");
-addMember("app:mfa:service:policy:mfa_enabled_allow", "app:mfa:service:ref:BannerUsersMinusFaculty")
-delMember("app:mfa:service:policy:mfa_enabled_allow", "app:mfa:service:ref:NonFacultyBannerINB");
-
-// 401.2.7
-addGroup("app:mfa:service:ref", "mfa_opt_in", "mfa_opt_in");
-
-addGroup("app:mfa:security", "mfa_opt_in", "mfa_opt_in");
-addGroup("app:mfa:security", "mfa_opt_in_allow", "mfa_opt_in_allow");
-addGroup("app:mfa:security", "mfa_opt_in_deny", "mfa_opt_in_deny");
-addComposite("app:mfa:security:mfa_opt_in", CompositeType.COMPLEMENT, "app:mfa:security:mfa_opt_in_allow", "app:mfa:security:mfa_opt_in_deny");
-
-grantPriv("app:mfa:service:ref:mfa_opt_in", "app:mfa:security:mfa_opt_in", AccessPrivilege.OPTIN);
-grantPriv("app:mfa:service:ref:mfa_opt_in", "app:mfa:security:mfa_opt_in", AccessPrivilege.OPTOUT);
-
-addGroup("app:mfa:service:ref", "mfa_required", "mfa_required");
-addMember("app:mfa:service:policy:mfa_enabled_allow", "app:mfa:service:ref:mfa_required");
-
-addMember("app:mfa:service:ref:mfa_required", "app:mfa:service:ref:BannerUsersMinusFaculty");
-addMember("app:mfa:service:ref:mfa_required", "ref:dept:Information Technology");
-addMember("app:mfa:service:ref:mfa_required", "app:mfa:service:ref:mfa_athletics");
-addMember("app:mfa:service:ref:mfa_required", "app:mfa:service:ref:mfa_pilot");
-
-delMember("app:mfa:service:policy:mfa_enabled_allow", "app:mfa:service:ref:BannerUsersMinusFaculty");
-delMember("app:mfa:service:policy:mfa_enabled_allow", "ref:dept:Information Technology");
-delMember("app:mfa:service:policy:mfa_enabled_allow", "app:mfa:service:ref:mfa_athletics");
-delMember("app:mfa:service:policy:mfa_enabled_allow", "app:mfa:service:ref:mfa_pilot");
-
-addMember("app:mfa:security:mfa_opt_in_deny", "app:mfa:service:ref:mfa_required");
-
-addMember("app:mfa:security:mfa_opt_in_allow", "ref:faculty");
-addMember("app:mfa:security:mfa_opt_in_allow", "ref:staff");
-addMember("app:mfa:security:mfa_opt_in_allow", "ref:student");
-
-
-// 401.2.8
-addMember("app:mfa:service:policy:mfa_enabled_allow", "ref:faculty");
-addMember("app:mfa:service:policy:mfa_enabled_allow", "ref:staff");
-addMember("app:mfa:service:policy:mfa_enabled_allow", "ref:student");
-
-delGroup("app:mfa:service:ref:mfa_pilot");
-delGroup("app:mfa:security:mfa_opt_in");
-delGroup("app:mfa:security:mfa_opt_in_allow");
-delGroup("app:mfa:security:mfa_opt_in_deny");
-delGroup("app:mfa:service:ref:mfa_opt_in");
-delGroup("app:mfa:service:ref:mfa_required");
-delGroup("app:mfa:service:ref:BannerUsersMinusFaculty");
-delGroup("app:mfa:service:ref:NonFacultyBannerINB");
-delGroup("app:mfa:service:ref:mfa_athletics");
-
diff --git a/ex401/ex401.3.1/Dockerfile b/ex401/ex401.3.1/Dockerfile
index a20f186..153e78c 100644
--- a/ex401/ex401.3.1/Dockerfile
+++ b/ex401/ex401.3.1/Dockerfile
@@ -1,5 +1,5 @@
ARG VERSION_TAG
-FROM tier/gte:401.2.end-$VERSION_TAG
+FROM tier/gte:401.1.end-$VERSION_TAG
LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
Vendor="TIER" \
diff --git a/ex401/ex401.3.1/container_files/seed-data/bootstrap.gsh b/ex401/ex401.3.1/container_files/seed-data/bootstrap.gsh
index 48bbb2c..3a76fd2 100644
--- a/ex401/ex401.3.1/container_files/seed-data/bootstrap.gsh
+++ b/ex401/ex401.3.1/container_files/seed-data/bootstrap.gsh
@@ -1,3 +1,3 @@
gs = GrouperSession.startRootSession();
-delStem("401.2.end")
-addRootStem("401.3.1", "401.3.1")
\ No newline at end of file
+delStem("401.1.end")
+addRootStem("401.3.1", "401.3.1")
diff --git a/ex401/ex401.3.end/container_files/seed-data/bootstrap.gsh b/ex401/ex401.3.end/container_files/seed-data/bootstrap.gsh
index 7ae1c1c..3478eaa 100644
--- a/ex401/ex401.3.end/container_files/seed-data/bootstrap.gsh
+++ b/ex401/ex401.3.end/container_files/seed-data/bootstrap.gsh
@@ -2,109 +2,154 @@ gs = GrouperSession.startRootSession();
delStem("401.3.1")
addRootStem("401.3.end", "401.3.end")
-// 401.3.1
-parent_stem_path = "app";
-app_extension = "board_effect";
-app_name = "board_effect";
-
-stem = addStem(parent_stem_path, app_extension, app_name);
-security = addStem(stem.name, "security", "security");
-service = addStem(stem.name, "service", "service");
-policy = addStem(service.name, "policy", "policy");
-ref = addStem(service.name, "ref", "ref");
-
-admin_group_name = "${app_extension}Admins";
-admin_group = addGroup(security.name, admin_group_name, admin_group_name);
-mgr_group_name = "${app_extension}Updaters";
-mgr_group = addGroup(security.name, mgr_group_name, mgr_group_name);
-view_group_name = "${app_extension}Readers";
-view_group = addGroup(security.name, view_group_name, view_group_name);
-
-access_policy_group = addGroup("app:board_effect:service:policy", "board_effect_access", "board_effect_access");
-addGroup("app:board_effect:service:policy", "board_effect_access_allow", "board_effect_access_allow");
-addGroup("app:board_effect:service:policy", "board_effect_access_deny", "board_effect_access_deny");
-addComposite("app:board_effect:service:policy:board_effect_access", CompositeType.COMPLEMENT, "app:board_effect:service:policy:board_effect_access_allow", "app:board_effect:service:policy:board_effect_access_deny");
-
-// 401.3.2
-addGroup("app:board_effect:service:policy", "workroom_finance", "workroom_finance");
-addGroup("app:board_effect:service:policy", "workroom_finance_allow", "workroom_finance_allow");
-addGroup("app:board_effect:service:policy", "workroom_finance_deny", "workroom_finance_deny");
-addComposite("app:board_effect:service:policy:workroom_finance", CompositeType.COMPLEMENT, "app:board_effect:service:policy:workroom_finance_allow", "app:board_effect:service:policy:workroom_finance_deny");
-addMember("app:board_effect:service:policy:board_effect_access_allow", "app:board_effect:service:policy:workroom_finance");
-addMember("app:board_effect:service:policy:workroom_finance_allow", "bthompson392");
-
-
-// Assign PSPNG `provision_to` attribute to `https://college.boardeffect.com/` with a value of `pspng_entitlements`.
+// Step 1
+addStem("app", "mfa", "mfa");
+addStem("app:mfa", "security", "security");
+addStem("app:mfa", "service", "service");
+addStem("app:mfa:service", "policy", "policy");
+addStem("app:mfa:service", "ref", "ref");
+mfa_enabled = addGroup("app:mfa:service:policy", "mfa_enabled", "mfa_enabled");
+addGroup("app:mfa:service:policy", "mfa_enabled_allow", "mfa_enabled_allow");
+addGroup("app:mfa:service:policy", "mfa_enabled_deny", "mf_enabled_deny");
+addComposite("app:mfa:service:policy:mfa_enabled", CompositeType.COMPLEMENT, "app:mfa:service:policy:mfa_enabled_allow", "app:mfa:service:policy:mfa_enabled_deny");
+addGroup("app:mfa:service:ref", "mfa_pilot", "mfa_pilot");
+addMember("app:mfa:service:policy:mfa_enabled_allow", "app:mfa:service:ref:mfa_pilot");
+
+// Step 2
+// Assign PSPNG `provision_to` attribute to `mfa_enabled` with a value of `pspng_entitlements`.
edu.internet2.middleware.grouper.pspng.FullSyncProvisionerFactory.getFullSyncer("pspng_entitlements");
pspngAttribute = AttributeDefNameFinder.findByName("etc:pspng:provision_to", true);
AttributeAssignSave attributeAssignSave = new AttributeAssignSave(gs).assignPrintChangesToSystemOut(true);
attributeAssignSave.assignAttributeDefName(pspngAttribute);
-attributeAssignSave.assignOwnerGroup(access_policy_group);
+attributeAssignSave.assignOwnerGroup(mfa_enabled);
attributeAssignSave.addValue("pspng_entitlements");
attributeAssignSave.save();
-
-
-// 401.3.3 nothing to do
-// 401.3.4 nothing to do
-
-// 401.3.5
-addGroup("app:board_effect:service:ref", "finance_committee", "finance_committee");
-grantPriv("app:board_effect:service:ref:finance_committee", "app:board_effect:security:board_effectAdmins", AccessPrivilege.ADMIN);
-addMember("app:board_effect:service:policy:workroom_finance_allow", "app:board_effect:service:ref:finance_committee");
-addMember("app:board_effect:security:board_effectAdmins", "amartinez410");
-
-GrouperSession.start(findSubject("amartinez410"))
-addMember("app:board_effect:service:ref:finance_committee", "ksmith3")
-gs = GrouperSession.startRootSession();
-
-// 401.3.6
-addGroup("app:board_effect:service:ref", "finance_committee_helpers", "finance_committee_helpers");
-addMember("app:board_effect:service:policy:workroom_finance_allow", "app:board_effect:service:ref:finance_committee_helpers");
-addGroup("app:board_effect:service:ref", "workroom_helpers", "workroom_helpers");
-addMember("app:board_effect:service:policy:workroom_finance_allow", "app:board_effect:service:ref:workroom_helpers");
-
-group_name = "app:board_effect:service:ref:workroom_helpers";
-workroom_helpers = GroupFinder.findByName(gs, group_name);
-numDays = 3;
-actAs = SubjectFinder.findRootSubject();
-attribAssign = workroom_helpers.getAttributeDelegate().addAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
-attribValueDelegate = attribAssign.getAttributeValueDelegate();
-attribValueDelegate.assignValue(RuleUtils.ruleActAsSubjectSourceIdName(), actAs.getSourceId());
-attribValueDelegate.assignValue(RuleUtils.ruleRunDaemonName(), "F");
-attribValueDelegate.assignValue(RuleUtils.ruleActAsSubjectIdName(), actAs.getId());
-attribValueDelegate.assignValue(RuleUtils.ruleCheckTypeName(), RuleCheckType.membershipAdd.name());
-attribValueDelegate.assignValue(RuleUtils.ruleIfConditionEnumName(), RuleIfConditionEnum.thisGroupHasImmediateEnabledNoEndDateMembership.name());
-attribValueDelegate.assignValue(RuleUtils.ruleThenEnumName(), RuleThenEnum.assignMembershipDisabledDaysForOwnerGroupId.name());
-attribValueDelegate.assignValue(RuleUtils.ruleThenEnumArg0Name(), numDays.toString());
-attribValueDelegate.assignValue(RuleUtils.ruleThenEnumArg1Name(), "T");
-
-// 401.3.7 (slides removed)
-/*
-addStem("ref", "role", "role");
-addGroup("ref:role", "president_assistant", "president_assistant");
-addMember("ref:role:president_assistant", "amartinez410");
-addMember("app:board_effect:security:board_effectUpdaters", "ref:role:president_assistant");
-delMember("app:board_effect:security:board_effectAdmins", "amartinez410");
-*/
-
-// 401.3.8 (slides removed)
-/*
-addStem("ref", "board", "board");
-group = GroupFinder.findByName(gs, "app:board_effect:service:ref:finance_committee", true);
-stem = StemFinder.findByName(gs, "ref:board", true);
-group.move(stem);
-
-addStem("ref:board", "security", "security");
-group2 = addGroup("ref:board:security", "boardUpdaters", "boardUpdaters");
-grantPriv("ref:board:finance_committee", group2.toSubject().id, AccessPrivilege.UPDATE);
-grantPriv("ref:board:finance_committee", group2.toSubject().id, AccessPrivilege.READ);
-addMember("ref:board:security:boardUpdaters", "ref:role:president_assistant");
-
-boardeffectAdmins = GroupFinder.findByName(gs, "app:board_effect:security:board_effectAdmins", true);
-boardeffectUpdaters = GroupFinder.findByName(gs, "app:board_effect:security:board_effectUpdaters", true);
-
-revokePriv("ref:board:finance_committee", boardeffectAdmins.toSubject().id, AccessPrivilege.ADMIN);
-revokePriv("ref:board:finance_committee", boardeffectUpdaters.toSubject().id, AccessPrivilege.UPDATE);
-revokePriv("ref:board:finance_committee", boardeffectUpdaters.toSubject().id, AccessPrivilege.READ);
-*/
+addMember("app:mfa:service:ref:mfa_pilot", "banderson");
+
+// Step 3
+// nothing to do. idp already configured
+
+// Step 4
+// stub out ref groups for load jobs
+addStem("ref", "dept", "dept");
+addGroup("ref:dept", "Information Technology", "Information Technology");
+addGroup("app:mfa:service:ref", "mfa_bypass", "mfa_bypass");
+addMember("app:mfa:service:policy:mfa_enabled_deny", "app:mfa:service:ref:mfa_bypass");
+addMember("app:mfa:service:policy:mfa_enabled_allow", "ref:dept:Information Technology");
+
+mfa_athletics = addGroup("app:mfa:service:ref", "mfa_athletics", "mfa_athletics");
+mfa_athletics.addMember(findSubject("ahenderson36"));
+mfa_athletics.addMember(findSubject("amorrison42"));
+mfa_athletics.addMember(findSubject("bsmith65"));
+mfa_athletics.addMember(findSubject("cthompson28"));
+mfa_athletics.addMember(findSubject("janderson13"));
+mfa_athletics.addMember(findSubject("jdavis4"));
+mfa_athletics.addMember(findSubject("jlangenberg100"));
+mfa_athletics.addMember(findSubject("jprice108"));
+mfa_athletics.addMember(findSubject("jvales117"));
+mfa_athletics.addMember(findSubject("ldavis5"));
+mfa_athletics.addMember(findSubject("mgrady137"));
+mfa_athletics.addMember(findSubject("mmartinez133"));
+mfa_athletics.addMember(findSubject("nscott103"));
+mfa_athletics.addMember(findSubject("pthompson61"));
+mfa_athletics.addMember(findSubject("rdavis16"));
+addMember("app:mfa:service:policy:mfa_enabled_allow", "app:mfa:service:ref:mfa_athletics");
+
+// Step 5
+addGroup("app:mfa:service:ref", "NonFacultyBannerINB", "NonFacultyBannerINB");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","jprice108");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","mnielson143");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","mvales154");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","wclark159");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","kthompson169");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","athompson183");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","sanderson191");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","jlangenberg194");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","jwhite222");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","rwilliams230");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","pwilliams242");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","lprice328");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","dgrady331");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","edoe348");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","svales366");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","mhenderson377");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","mlewis390");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","mroberts391");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","llopez398");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","amorrison406");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","janderson459");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","wmartinez487");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","lvales502");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","cvales514");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","jprice523");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","rvales544");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","iprice563");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","bmartinez592");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","jnielson598");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","amartinez605");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","dprice607");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","mbutler632");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","lbutler643");
+addMember("app:mfa:service:ref:NonFacultyBannerINB","dmartinez657");
+
+addMember("app:mfa:service:policy:mfa_enabled_allow","app:mfa:service:ref:NonFacultyBannerINB");
+//Set start date 2 days out
+java.util.Calendar cal = Calendar.getInstance();
+cal.setTime(new Date());
+cal.add(Calendar.DAY_OF_YEAR, 2);
+group = GroupFinder.findByName(gs, "app:mfa:service:policy:mfa_enabled_allow", true);
+subject = GroupFinder.findByName(gs, "app:mfa:service:ref:NonFacultyBannerINB", true).toSubject();
+group.addOrEditMember(subject, true, true, cal.getTime(), null, false);
+
+// Step 6
+addGroup("app:mfa:service:ref", "BannerUsersMinusFaculty", "BannerUsersMinusFaculty");
+addComposite("app:mfa:service:ref:BannerUsersMinusFaculty", CompositeType.COMPLEMENT, "app:mfa:service:ref:NonFacultyBannerINB", "ref:faculty");
+addMember("app:mfa:service:policy:mfa_enabled_allow", "app:mfa:service:ref:BannerUsersMinusFaculty")
+delMember("app:mfa:service:policy:mfa_enabled_allow", "app:mfa:service:ref:NonFacultyBannerINB");
+
+// Step 7
+addGroup("app:mfa:service:ref", "mfa_opt_in", "mfa_opt_in");
+
+addGroup("app:mfa:security", "mfa_opt_in", "mfa_opt_in");
+addGroup("app:mfa:security", "mfa_opt_in_allow", "mfa_opt_in_allow");
+addGroup("app:mfa:security", "mfa_opt_in_deny", "mfa_opt_in_deny");
+addComposite("app:mfa:security:mfa_opt_in", CompositeType.COMPLEMENT, "app:mfa:security:mfa_opt_in_allow", "app:mfa:security:mfa_opt_in_deny");
+
+grantPriv("app:mfa:service:ref:mfa_opt_in", "app:mfa:security:mfa_opt_in", AccessPrivilege.OPTIN);
+grantPriv("app:mfa:service:ref:mfa_opt_in", "app:mfa:security:mfa_opt_in", AccessPrivilege.OPTOUT);
+
+addGroup("app:mfa:service:ref", "mfa_required", "mfa_required");
+addMember("app:mfa:service:policy:mfa_enabled_allow", "app:mfa:service:ref:mfa_required");
+
+addMember("app:mfa:service:ref:mfa_required", "app:mfa:service:ref:BannerUsersMinusFaculty");
+addMember("app:mfa:service:ref:mfa_required", "ref:dept:Information Technology");
+addMember("app:mfa:service:ref:mfa_required", "app:mfa:service:ref:mfa_athletics");
+addMember("app:mfa:service:ref:mfa_required", "app:mfa:service:ref:mfa_pilot");
+
+delMember("app:mfa:service:policy:mfa_enabled_allow", "app:mfa:service:ref:BannerUsersMinusFaculty");
+delMember("app:mfa:service:policy:mfa_enabled_allow", "ref:dept:Information Technology");
+delMember("app:mfa:service:policy:mfa_enabled_allow", "app:mfa:service:ref:mfa_athletics");
+delMember("app:mfa:service:policy:mfa_enabled_allow", "app:mfa:service:ref:mfa_pilot");
+
+addMember("app:mfa:security:mfa_opt_in_deny", "app:mfa:service:ref:mfa_required");
+
+addMember("app:mfa:security:mfa_opt_in_allow", "ref:faculty");
+addMember("app:mfa:security:mfa_opt_in_allow", "ref:staff");
+addMember("app:mfa:security:mfa_opt_in_allow", "ref:student");
+
+
+// Step 8
+addMember("app:mfa:service:policy:mfa_enabled_allow", "ref:faculty");
+addMember("app:mfa:service:policy:mfa_enabled_allow", "ref:staff");
+addMember("app:mfa:service:policy:mfa_enabled_allow", "ref:student");
+
+delGroup("app:mfa:service:ref:mfa_pilot");
+delGroup("app:mfa:security:mfa_opt_in");
+delGroup("app:mfa:security:mfa_opt_in_allow");
+delGroup("app:mfa:security:mfa_opt_in_deny");
+delGroup("app:mfa:service:ref:mfa_opt_in");
+delGroup("app:mfa:service:ref:mfa_required");
+delGroup("app:mfa:service:ref:BannerUsersMinusFaculty");
+delGroup("app:mfa:service:ref:NonFacultyBannerINB");
+delGroup("app:mfa:service:ref:mfa_athletics");
diff --git a/ex401/ex401.4.1/Dockerfile b/ex401/ex401.5.1/Dockerfile
similarity index 98%
rename from ex401/ex401.4.1/Dockerfile
rename to ex401/ex401.5.1/Dockerfile
index 3d79565..19db113 100644
--- a/ex401/ex401.4.1/Dockerfile
+++ b/ex401/ex401.5.1/Dockerfile
@@ -7,7 +7,7 @@ LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
ImageName=$imagename \
ImageOS=centos7
-ENV USERTOKEN=gte-401.4.1
+ENV USERTOKEN=gte-401.5.1
COPY container_files/seed-data/ /seed-data/
diff --git a/ex401/ex401.4.1/container_files/seed-data/bootstrap.gsh b/ex401/ex401.5.1/container_files/seed-data/bootstrap.gsh
similarity index 64%
rename from ex401/ex401.4.1/container_files/seed-data/bootstrap.gsh
rename to ex401/ex401.5.1/container_files/seed-data/bootstrap.gsh
index 3bcbbb6..211b472 100644
--- a/ex401/ex401.4.1/container_files/seed-data/bootstrap.gsh
+++ b/ex401/ex401.5.1/container_files/seed-data/bootstrap.gsh
@@ -1,3 +1,3 @@
gs = GrouperSession.startRootSession();
delStem("401.3.end")
-addRootStem("401.4.1", "401.4.1")
+addRootStem("401.5.1", "401.5.1")
\ No newline at end of file
diff --git a/ex401/ex401.2.1/container_files/seed-data/sisData.sql b/ex401/ex401.5.1/container_files/seed-data/sisData.sql
similarity index 100%
rename from ex401/ex401.2.1/container_files/seed-data/sisData.sql
rename to ex401/ex401.5.1/container_files/seed-data/sisData.sql
diff --git a/ex401/ex401.2.1/container_files/seed-data/users.ldif b/ex401/ex401.5.1/container_files/seed-data/users.ldif
similarity index 100%
rename from ex401/ex401.2.1/container_files/seed-data/users.ldif
rename to ex401/ex401.5.1/container_files/seed-data/users.ldif
diff --git a/ex401/ex401.2.1/Dockerfile b/ex401/ex401.5.end/Dockerfile
similarity index 95%
rename from ex401/ex401.2.1/Dockerfile
rename to ex401/ex401.5.end/Dockerfile
index efa92bf..b86a0ce 100644
--- a/ex401/ex401.2.1/Dockerfile
+++ b/ex401/ex401.5.end/Dockerfile
@@ -1,5 +1,5 @@
ARG VERSION_TAG
-FROM tier/gte:401.1.end-$VERSION_TAG
+FROM tier/gte:401.5.1-$VERSION_TAG
LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
Vendor="TIER" \
@@ -7,7 +7,7 @@ LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
ImageName=$imagename \
ImageOS=centos7
-ENV USERTOKEN=gte-401.2.1
+ENV USERTOKEN=gte-401.5.end
COPY container_files/seed-data/ /seed-data/
diff --git a/ex401/ex401.5.end/container_files/seed-data/bootstrap.gsh b/ex401/ex401.5.end/container_files/seed-data/bootstrap.gsh
new file mode 100644
index 0000000..92793a2
--- /dev/null
+++ b/ex401/ex401.5.end/container_files/seed-data/bootstrap.gsh
@@ -0,0 +1,110 @@
+gs = GrouperSession.startRootSession();
+delStem("401.5.1")
+addRootStem("401.5.end", "401.5.end")
+
+// Step 1
+parent_stem_path = "app";
+app_extension = "board_effect";
+app_name = "board_effect";
+
+stem = addStem(parent_stem_path, app_extension, app_name);
+security = addStem(stem.name, "security", "security");
+service = addStem(stem.name, "service", "service");
+policy = addStem(service.name, "policy", "policy");
+ref = addStem(service.name, "ref", "ref");
+
+admin_group_name = "${app_extension}Admins";
+admin_group = addGroup(security.name, admin_group_name, admin_group_name);
+mgr_group_name = "${app_extension}Updaters";
+mgr_group = addGroup(security.name, mgr_group_name, mgr_group_name);
+view_group_name = "${app_extension}Readers";
+view_group = addGroup(security.name, view_group_name, view_group_name);
+
+access_policy_group = addGroup("app:board_effect:service:policy", "board_effect_access", "board_effect_access");
+addGroup("app:board_effect:service:policy", "board_effect_access_allow", "board_effect_access_allow");
+addGroup("app:board_effect:service:policy", "board_effect_access_deny", "board_effect_access_deny");
+addComposite("app:board_effect:service:policy:board_effect_access", CompositeType.COMPLEMENT, "app:board_effect:service:policy:board_effect_access_allow", "app:board_effect:service:policy:board_effect_access_deny");
+
+// Step 2
+addGroup("app:board_effect:service:policy", "workroom_finance", "workroom_finance");
+addGroup("app:board_effect:service:policy", "workroom_finance_allow", "workroom_finance_allow");
+addGroup("app:board_effect:service:policy", "workroom_finance_deny", "workroom_finance_deny");
+addComposite("app:board_effect:service:policy:workroom_finance", CompositeType.COMPLEMENT, "app:board_effect:service:policy:workroom_finance_allow", "app:board_effect:service:policy:workroom_finance_deny");
+addMember("app:board_effect:service:policy:board_effect_access_allow", "app:board_effect:service:policy:workroom_finance");
+addMember("app:board_effect:service:policy:workroom_finance_allow", "bthompson392");
+
+
+// Assign PSPNG `provision_to` attribute to `https://college.boardeffect.com/` with a value of `pspng_entitlements`.
+edu.internet2.middleware.grouper.pspng.FullSyncProvisionerFactory.getFullSyncer("pspng_entitlements");
+pspngAttribute = AttributeDefNameFinder.findByName("etc:pspng:provision_to", true);
+AttributeAssignSave attributeAssignSave = new AttributeAssignSave(gs).assignPrintChangesToSystemOut(true);
+attributeAssignSave.assignAttributeDefName(pspngAttribute);
+attributeAssignSave.assignOwnerGroup(access_policy_group);
+attributeAssignSave.addValue("pspng_entitlements");
+attributeAssignSave.save();
+
+
+// Step 3 nothing to do
+// Step 4 nothing to do
+
+// Step 5
+addGroup("app:board_effect:service:ref", "finance_committee", "finance_committee");
+grantPriv("app:board_effect:service:ref:finance_committee", "app:board_effect:security:board_effectAdmins", AccessPrivilege.ADMIN);
+addMember("app:board_effect:service:policy:workroom_finance_allow", "app:board_effect:service:ref:finance_committee");
+addMember("app:board_effect:security:board_effectAdmins", "amartinez410");
+
+GrouperSession.start(findSubject("amartinez410"))
+addMember("app:board_effect:service:ref:finance_committee", "ksmith3")
+gs = GrouperSession.startRootSession();
+
+// Step 6
+addGroup("app:board_effect:service:ref", "finance_committee_helpers", "finance_committee_helpers");
+addMember("app:board_effect:service:policy:workroom_finance_allow", "app:board_effect:service:ref:finance_committee_helpers");
+addGroup("app:board_effect:service:ref", "workroom_helpers", "workroom_helpers");
+addMember("app:board_effect:service:policy:workroom_finance_allow", "app:board_effect:service:ref:workroom_helpers");
+
+group_name = "app:board_effect:service:ref:workroom_helpers";
+workroom_helpers = GroupFinder.findByName(gs, group_name);
+numDays = 3;
+actAs = SubjectFinder.findRootSubject();
+attribAssign = workroom_helpers.getAttributeDelegate().addAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
+attribValueDelegate = attribAssign.getAttributeValueDelegate();
+attribValueDelegate.assignValue(RuleUtils.ruleActAsSubjectSourceIdName(), actAs.getSourceId());
+attribValueDelegate.assignValue(RuleUtils.ruleRunDaemonName(), "F");
+attribValueDelegate.assignValue(RuleUtils.ruleActAsSubjectIdName(), actAs.getId());
+attribValueDelegate.assignValue(RuleUtils.ruleCheckTypeName(), RuleCheckType.membershipAdd.name());
+attribValueDelegate.assignValue(RuleUtils.ruleIfConditionEnumName(), RuleIfConditionEnum.thisGroupHasImmediateEnabledNoEndDateMembership.name());
+attribValueDelegate.assignValue(RuleUtils.ruleThenEnumName(), RuleThenEnum.assignMembershipDisabledDaysForOwnerGroupId.name());
+attribValueDelegate.assignValue(RuleUtils.ruleThenEnumArg0Name(), numDays.toString());
+attribValueDelegate.assignValue(RuleUtils.ruleThenEnumArg1Name(), "T");
+
+// Step 7 (slides removed)
+/*
+addStem("ref", "role", "role");
+addGroup("ref:role", "president_assistant", "president_assistant");
+addMember("ref:role:president_assistant", "amartinez410");
+addMember("app:board_effect:security:board_effectUpdaters", "ref:role:president_assistant");
+delMember("app:board_effect:security:board_effectAdmins", "amartinez410");
+*/
+
+// Step 8 (slides removed)
+/*
+addStem("ref", "board", "board");
+group = GroupFinder.findByName(gs, "app:board_effect:service:ref:finance_committee", true);
+stem = StemFinder.findByName(gs, "ref:board", true);
+group.move(stem);
+
+addStem("ref:board", "security", "security");
+group2 = addGroup("ref:board:security", "boardUpdaters", "boardUpdaters");
+grantPriv("ref:board:finance_committee", group2.toSubject().id, AccessPrivilege.UPDATE);
+grantPriv("ref:board:finance_committee", group2.toSubject().id, AccessPrivilege.READ);
+addMember("ref:board:security:boardUpdaters", "ref:role:president_assistant");
+
+boardeffectAdmins = GroupFinder.findByName(gs, "app:board_effect:security:board_effectAdmins", true);
+boardeffectUpdaters = GroupFinder.findByName(gs, "app:board_effect:security:board_effectUpdaters", true);
+
+revokePriv("ref:board:finance_committee", boardeffectAdmins.toSubject().id, AccessPrivilege.ADMIN);
+revokePriv("ref:board:finance_committee", boardeffectUpdaters.toSubject().id, AccessPrivilege.UPDATE);
+revokePriv("ref:board:finance_committee", boardeffectUpdaters.toSubject().id, AccessPrivilege.READ);
+*/
+
diff --git a/ex401/ex401.2.end/container_files/seed-data/sisData.sql b/ex401/ex401.5.end/container_files/seed-data/sisData.sql
similarity index 100%
rename from ex401/ex401.2.end/container_files/seed-data/sisData.sql
rename to ex401/ex401.5.end/container_files/seed-data/sisData.sql
diff --git a/ex401/ex401.2.end/container_files/seed-data/users.ldif b/ex401/ex401.5.end/container_files/seed-data/users.ldif
similarity index 100%
rename from ex401/ex401.2.end/container_files/seed-data/users.ldif
rename to ex401/ex401.5.end/container_files/seed-data/users.ldif
diff --git a/ex401/ex401.2.end/Dockerfile b/ex401/ex401.7.1/Dockerfile
similarity index 95%
rename from ex401/ex401.2.end/Dockerfile
rename to ex401/ex401.7.1/Dockerfile
index 4bdaf60..41aa5e3 100644
--- a/ex401/ex401.2.end/Dockerfile
+++ b/ex401/ex401.7.1/Dockerfile
@@ -1,5 +1,5 @@
ARG VERSION_TAG
-FROM tier/gte:401.2.1-$VERSION_TAG
+FROM tier/gte:401.5.end-$VERSION_TAG
LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
Vendor="TIER" \
@@ -7,7 +7,7 @@ LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
ImageName=$imagename \
ImageOS=centos7
-ENV USERTOKEN=gte-401.2.end
+ENV USERTOKEN=gte-401.7.1
COPY container_files/seed-data/ /seed-data/
diff --git a/ex401/ex401.7.1/container_files/seed-data/bootstrap.gsh b/ex401/ex401.7.1/container_files/seed-data/bootstrap.gsh
new file mode 100644
index 0000000..de123ad
--- /dev/null
+++ b/ex401/ex401.7.1/container_files/seed-data/bootstrap.gsh
@@ -0,0 +1,3 @@
+gs = GrouperSession.startRootSession();
+delStem("401.5.end")
+addRootStem("401.7.1", "401.7.1")
diff --git a/ex401/ex401.4.1/container_files/seed-data/sisData.sql b/ex401/ex401.7.1/container_files/seed-data/sisData.sql
similarity index 100%
rename from ex401/ex401.4.1/container_files/seed-data/sisData.sql
rename to ex401/ex401.7.1/container_files/seed-data/sisData.sql
diff --git a/ex401/ex401.4.1/container_files/seed-data/users.ldif b/ex401/ex401.7.1/container_files/seed-data/users.ldif
similarity index 100%
rename from ex401/ex401.4.1/container_files/seed-data/users.ldif
rename to ex401/ex401.7.1/container_files/seed-data/users.ldif
diff --git a/ex401/ex401.4.end/Dockerfile b/ex401/ex401.7.end/Dockerfile
similarity index 95%
rename from ex401/ex401.4.end/Dockerfile
rename to ex401/ex401.7.end/Dockerfile
index fda25fb..a66b155 100644
--- a/ex401/ex401.4.end/Dockerfile
+++ b/ex401/ex401.7.end/Dockerfile
@@ -1,5 +1,5 @@
ARG VERSION_TAG
-FROM tier/gte:401.4.1-$VERSION_TAG
+FROM tier/gte:401.7.1-$VERSION_TAG
LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
Vendor="TIER" \
@@ -7,7 +7,7 @@ LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
ImageName=$imagename \
ImageOS=centos7
-ENV USERTOKEN=gte-401.4.end
+ENV USERTOKEN=gte-401.7.end
COPY container_files/seed-data/ /seed-data/
diff --git a/ex401/ex401.4.end/container_files/seed-data/bootstrap.gsh b/ex401/ex401.7.end/container_files/seed-data/bootstrap.gsh
similarity index 99%
rename from ex401/ex401.4.end/container_files/seed-data/bootstrap.gsh
rename to ex401/ex401.7.end/container_files/seed-data/bootstrap.gsh
index a16a438..8ca5c6b 100644
--- a/ex401/ex401.4.end/container_files/seed-data/bootstrap.gsh
+++ b/ex401/ex401.7.end/container_files/seed-data/bootstrap.gsh
@@ -1,6 +1,6 @@
gs = GrouperSession.startRootSession();
-delStem("401.4.1")
-addRootStem("401.4.end", "401.4.end")
+delStem("401.7.1")
+addRootStem("401.7.end", "401.7.end")
// import "community members" into a legacy reference group
community = new GroupSave(gs).assignName("ref:legacy:community_members").assignCreateParentStemsIfNotExist(true).save();
diff --git a/ex401/ex401.4.end/container_files/seed-data/sisData.sql b/ex401/ex401.7.end/container_files/seed-data/sisData.sql
similarity index 100%
rename from ex401/ex401.4.end/container_files/seed-data/sisData.sql
rename to ex401/ex401.7.end/container_files/seed-data/sisData.sql
diff --git a/ex401/ex401.4.end/container_files/seed-data/users.ldif b/ex401/ex401.7.end/container_files/seed-data/users.ldif
similarity index 100%
rename from ex401/ex401.4.end/container_files/seed-data/users.ldif
rename to ex401/ex401.7.end/container_files/seed-data/users.ldif
diff --git a/ex401/manualBuild.sh b/ex401/manualBuild.sh
index 6f070c9..b3d2de1 100755
--- a/ex401/manualBuild.sh
+++ b/ex401/manualBuild.sh
@@ -2,12 +2,12 @@ source ../buildVersion.sh
echo "Building gte:401 version ${VERSION_TAG}"
docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.1.1-${VERSION_TAG} ex401.1.1 \
&& docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.1.end-${VERSION_TAG} ex401.1.end \
-&& docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.2.1-${VERSION_TAG} ex401.2.1 \
-&& docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.2.end-${VERSION_TAG} ex401.2.end \
&& docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.3.1-${VERSION_TAG} ex401.3.1 \
&& docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.3.end-${VERSION_TAG} ex401.3.end \
-&& docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.4.1-${VERSION_TAG} ex401.4.1 \
-&& docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.4.end-${VERSION_TAG} ex401.4.end
+&& docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.5.1-${VERSION_TAG} ex401.5.1 \
+&& docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.5.end-${VERSION_TAG} ex401.5.end \
+&& docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.7.1-${VERSION_TAG} ex401.7.1 \
+&& docker build --build-arg VERSION_TAG=${VERSION_TAG} --tag=tier/gte:401.7.end-${VERSION_TAG} ex401.7.end
if [[ "$OSTYPE" == "darwin"* ]]; then
say exercises for 401 build complete