Skip to content
Permalink
Browse files

Merge branch 'master' into 3.9-SNAPSHOT-stable

  • Loading branch information
mederly committed Oct 5, 2018
2 parents 8ec4868 + e7679b6 commit 0d774617f881d950e1c7c9e05e9936939baee368
@@ -29,6 +29,7 @@ COPY container_files/opt-tier/* /opt/tier/
RUN chmod 755 /opt/tier/setenv.sh \
&& chmod 755 /usr/local/bin/sendtierbeacon.sh \
&& chmod 755 /usr/local/bin/setup-cron.sh \
&& chmod 755 /usr/local/bin/setup-timezone.sh \
&& chmod 755 /usr/local/bin/start-midpoint.sh \
&& chmod 755 /usr/local/bin/start-httpd.sh \
&& chmod 755 /usr/local/bin/startup.sh \
@@ -93,6 +94,7 @@ ENV LOGOUT_URL https://localhost:8443/Shibboleth.sso/Logout
ENV MP_KEYSTORE_PASSWORD_FILE /run/secrets/mp_keystore_password.txt
ENV MP_MEM_MAX 2048m
ENV MP_MEM_INIT 1024m
ENV TIMEZONE UTC
ENV TIER_RELEASE not-released-yet
ENV TIER_MAINTAINER tier

@@ -58,10 +58,7 @@ pipeline {
sh '(cd demo/simple ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
sh '(cd demo/shibboleth ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
sh '(cd demo/postgresql ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'

// temporarily disabled
//sh '(cd demo/complex ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
// sh 'echo Test output ; cat debug'
sh '(cd demo/complex ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
} catch (error) {
def error_details = readFile('./debug')
def message = "BUILD ERROR: There was a problem testing ${imagename}:${tag}. \n\n ${error_details}"
@@ -0,0 +1,13 @@
#!/bin/bash

if [[ -n $TIMEZONE ]]; then
echo "*** Setting timezone to '$TIMEZONE'"
if [[ -e /usr/share/zoneinfo/$TIMEZONE ]]; then
unlink /etc/localtime
ln -s /usr/share/zoneinfo/$TIMEZONE /etc/localtime
echo "date (UTC) is: $(date -u)"
echo "date (current timezone) is $(date)"
else
echo "Error: time zone '$TIMEZONE' is unknown; not setting it."
fi
fi
@@ -39,7 +39,6 @@ java -Xmx$MP_MEM_MAX -Xms$MP_MEM_INIT -Dfile.encoding=UTF8 \
-Dmidpoint.keystore.keyStorePassword_FILE=$MP_KEYSTORE_PASSWORD_FILE \
-Dmidpoint.logging.alt.enabled=true \
-Dmidpoint.logging.alt.filename=/tmp/logmidpoint \
-Dmidpoint.logging.alt.timezone=UTC \
-Dspring.profiles.active="`$MP_DIR/active-spring-profiles`" \
$(if [ "$AUTHENTICATION" = "shibboleth" ]; then echo "-Dauth.logout.url=$LOGOUT_URL -Dauth.sso.header=$SSO_HEADER"; fi) \
-Dserver.tomcat.ajp.enabled=$AJP_ENABLED \
@@ -4,6 +4,8 @@
export ENV=${ENV//[; ]/_}
export USERTOKEN=${USERTOKEN//[; ]/_}

/usr/local/bin/setup-timezone.sh

# this is to be executed at run time, not at build time -- to ensure sufficient variability of execution times
/usr/local/bin/setup-cron.sh

@@ -11,3 +11,4 @@ REPO_UPGRADEABLE_SCHEMA_ACTION=stop
MP_MEM_MAX=2048m
MP_MEM_INIT=1024m
SSO_HEADER=uid
TIMEZONE=UTC
@@ -157,6 +157,7 @@ services:
- MP_JAVA_OPTS
- SSO_HEADER
- TIER_BEACON_OPT_OUT
- TIMEZONE
networks:
- net
secrets:
@@ -128,21 +128,76 @@ load ../../../library
# TODO check assignments etc
}

@test "230 Check 'TestUser230' in Midpoint and LDAP" {
@test "230 Import SIS_COURSES" {
if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi

add_object tasks midpoint-objects-manual/tasks/task-import-sis-courses.xml
search_and_check_object tasks "Import from SIS courses"
wait_for_task_completion b73a2e66-8233-4c20-928f-acb30027b33e 8 10
assert_task_success b73a2e66-8233-4c20-928f-acb30027b33e

search_and_check_object orgs course_ACCT101
search_and_check_object orgs course_ACCT201
search_and_check_object orgs course_CS251
search_and_check_object orgs course_CS252
search_and_check_object orgs course_MATH100
search_and_check_object orgs course_MATH101
search_and_check_object orgs course_SCI123
search_and_check_object orgs course_SCI404

check_ldap_courses_by_name course_ACCT101 complex_directory_1
check_ldap_courses_by_name course_ACCT201 complex_directory_1
check_ldap_courses_by_name course_CS251 complex_directory_1
check_ldap_courses_by_name course_CS252 complex_directory_1
check_ldap_courses_by_name course_MATH100 complex_directory_1
check_ldap_courses_by_name course_MATH101 complex_directory_1
check_ldap_courses_by_name course_SCI123 complex_directory_1
check_ldap_courses_by_name course_SCI404 complex_directory_1

check_of_ldap_membership amorrison "ou=courses,ou=groups,dc=internet2,dc=edu" "ACCT101" complex_directory_1
check_of_ldap_membership cmorrison "ou=courses,ou=groups,dc=internet2,dc=edu" "ACCT101" complex_directory_1
check_of_ldap_membership mroberts "ou=courses,ou=groups,dc=internet2,dc=edu" "ACCT101" complex_directory_1
check_of_ldap_membership whenderson "ou=courses,ou=groups,dc=internet2,dc=edu" "ACCT101" complex_directory_1

check_of_ldap_membership amorrison "ou=courses,ou=groups,dc=internet2,dc=edu" "CS251" complex_directory_1
check_of_ldap_membership cmorrison "ou=courses,ou=groups,dc=internet2,dc=edu" "CS251" complex_directory_1
check_of_ldap_membership ddavis "ou=courses,ou=groups,dc=internet2,dc=edu" "CS251" complex_directory_1
check_of_ldap_membership mroberts "ou=courses,ou=groups,dc=internet2,dc=edu" "CS251" complex_directory_1

check_of_ldap_membership kwhite "ou=courses,ou=groups,dc=internet2,dc=edu" "CS252" complex_directory_1

check_of_ldap_membership danderson "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH100" complex_directory_1
check_of_ldap_membership ddavis "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH100" complex_directory_1
check_of_ldap_membership kwhite "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH100" complex_directory_1
check_of_ldap_membership wprice "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH100" complex_directory_1

check_of_ldap_membership amorrison "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH101" complex_directory_1
check_of_ldap_membership cmorrison "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH101" complex_directory_1
check_of_ldap_membership mroberts "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH101" complex_directory_1

check_of_ldap_membership danderson "ou=courses,ou=groups,dc=internet2,dc=edu" "SCI123" complex_directory_1
check_of_ldap_membership mroberts "ou=courses,ou=groups,dc=internet2,dc=edu" "SCI123" complex_directory_1

check_of_ldap_membership kwhite "ou=courses,ou=groups,dc=internet2,dc=edu" "SCI404" complex_directory_1
check_of_ldap_membership wprice "ou=courses,ou=groups,dc=internet2,dc=edu" "SCI404" complex_directory_1
}


@test "240 Check 'TestUser240' in Midpoint and LDAP" {
if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
check_health
echo "<user><name>TestUser230</name><fullName>Test User230</fullName><givenName>Test</givenName><familyName>User230</familyName><credentials><password><value><clearValue>password</clearValue></value></password></credentials></user>" >/tmp/testuser230.xml
add_object users /tmp/testuser230.xml
rm /tmp/testuser230.xml
search_and_check_object users TestUser230
echo "<user><name>TestUser240</name><fullName>Test User240</fullName><givenName>Test</givenName><familyName>User240</familyName><credentials><password><value><clearValue>password</clearValue></value></password></credentials></user>" >/tmp/testuser240.xml
add_object users /tmp/testuser240.xml
rm /tmp/testuser240.xml
search_and_check_object users TestUser240

execute_bulk_action tests/resources/bulk-action/recompute-role-grouper-sysadmin.xml complex_midpoint_server_1
execute_bulk_action tests/resources/bulk-action/assign-role-grouper-sysadmin-to-test-user.xml complex_midpoint_server_1

check_ldap_account_by_user_name TestUser230 complex_directory_1
check_of_ldap_membership TestUser230 sysadmingroup complex_directory_1
check_ldap_account_by_user_name TestUser240 complex_directory_1
check_of_ldap_membership TestUser240 "ou=groups,dc=internet2,dc=edu" "sysadmingroup" complex_directory_1

delete_object_by_name users TestUser230
delete_object_by_name users TestUser240
}


@@ -8,7 +8,7 @@
<s:searchFilter>
<q:equal>
<q:path>c:name</q:path>
<q:value>TestUser230</q:value>
<q:value>TestUser240</q:value>
</q:equal>
</s:searchFilter>
<s:action>
@@ -7,3 +7,4 @@ REPO_MISSING_SCHEMA_ACTION=create
REPO_UPGRADEABLE_SCHEMA_ACTION=stop
MP_MEM_MAX=2048m
MP_MEM_INIT=1024m
TIMEZONE=UTC
@@ -22,6 +22,7 @@ services:
- MP_MEM_INIT
- MP_JAVA_OPTS
- TIER_BEACON_OPT_OUT
- TIMEZONE
networks:
- net
secrets:
@@ -5,3 +5,4 @@ REPO_MISSING_SCHEMA_ACTION=create
REPO_UPGRADEABLE_SCHEMA_ACTION=stop
MP_MEM_MAX=2048m
MP_MEM_INIT=1024m
TIMEZONE=UTC
@@ -35,6 +35,7 @@ services:
- MP_MEM_INIT
- MP_JAVA_OPTS
- TIER_BEACON_OPT_OUT
- TIMEZONE
networks:
- net
secrets:
@@ -12,3 +12,5 @@ REPO_MISSING_SCHEMA_ACTION=create
REPO_UPGRADEABLE_SCHEMA_ACTION=stop
MP_MEM_MAX=2048m
MP_MEM_INIT=1024m
TIMEZONE=UTC

@@ -36,6 +36,7 @@ services:
- MP_MEM_INIT
- MP_JAVA_OPTS
- TIER_BEACON_OPT_OUT
- TIMEZONE
networks:
- net
secrets:
@@ -11,3 +11,4 @@ REPO_MISSING_SCHEMA_ACTION=create
REPO_UPGRADEABLE_SCHEMA_ACTION=stop
MP_MEM_MAX=2048m
MP_MEM_INIT=1024m
TIMEZONE=UTC
@@ -34,6 +34,7 @@ services:
- MP_MEM_INIT
- MP_JAVA_OPTS
- TIER_BEACON_OPT_OUT
- TIMEZONE
networks:
- net
secrets:
@@ -12,7 +12,7 @@ function generic_wait_for_log () {
FAILURE="$4"
ADDITIONAL_CONTAINER_NAME=$5
ATTEMPT=0
MAX_ATTEMPTS=40
MAX_ATTEMPTS=20
DELAY=10

until [[ $ATTEMPT = $MAX_ATTEMPTS ]]; do
@@ -340,7 +340,7 @@ function search_ldap_object_by_filter () {
local LDAP_CONTAINER=$3
TMPFILE=$(mktemp /tmp/ldapsearch.XXXXXX)

docker exec $LDAP_CONTAINER ldapsearch -h localhost -p 389 -D "cn=Directory Manager" -w password -b "$BASE_CONTEXT_FOR_SEARCH" "($FILTER)" >$TMPFILE || (rm $TMPFILE ; return 1)
docker exec $LDAP_CONTAINER ldapsearch -h localhost -p 389 -D "cn=Directory Manager" -w password -b "$BASE_CONTEXT_FOR_SEARCH" "($FILTER)" >$TMPFILE || (echo "Couldn't search $FILTER:" ;rm $TMPFILE ; return 1)
LDAPSEARCH_RESULT_FILE=$TMPFILE
return 0
}
@@ -370,15 +370,39 @@ function check_ldap_account_by_user_name () {
return 1
}

function check_ldap_courses_by_name () {
local NAME="$1"
local LDAP_CONTAINER=$2
search_objects_by_name orgs $NAME

local MP_ORG_IDENTIFIER=$(xmllint --xpath "/*/*/*[local-name()='identifier']/text()" $SEARCH_RESULT_FILE) || (echo "Couldn't extract user identifier from file:" ; cat $SEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; return 1)

search_ldap_object_by_filter "ou=courses,ou=groups,dc=internet2,dc=edu" "cn=$MP_ORG_IDENTIFIER" $LDAP_CONTAINER

local LDAP_CN=$(grep -oP "cn: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user cn from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)

rm $SEARCH_RESULT_FILE
rm $LDAPSEARCH_RESULT_FILE

if [[ $MP_ORG_IDENTIFIER = $LDAP_CN ]]; then
return 0
fi

echo "Orgs $NAME in Midpoint and LDAP Group(Course) with cn $MP_ORG_IDENTIFIER are not same"
return 1
}


function check_of_ldap_membership () {
local NAME_OF_USER="$1"
local NAME_OF_GROUP="$2"
local LDAP_CONTAINER=$3
local BASE_CONTEXT_FOR_GROUP="$2"
local NAME_OF_GROUP="$3"
local LDAP_CONTAINER=$4
search_ldap_object_by_filter "ou=people,dc=internet2,dc=edu" "uid=$NAME_OF_USER" $LDAP_CONTAINER

local LDAP_ACCOUNT_DN=$(grep -oP "dn: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user dn from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)

search_ldap_object_by_filter "ou=groups,dc=internet2,dc=edu" "cn=$NAME_OF_GROUP" $LDAP_CONTAINER
search_ldap_object_by_filter "$BASE_CONTEXT_FOR_GROUP" "cn=$NAME_OF_GROUP" $LDAP_CONTAINER

local LDAP_MEMBERS_DNS=$(grep -oP "uniqueMember: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user uniqueMember from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)

@@ -388,6 +412,6 @@ function check_of_ldap_membership () {
return 0
fi

echo "LDAP Account with uid $NAME_OF_USER is not member of LDAP Group $NAME_OF_GROUP"
echo "LDAP Account with uid $NAME_OF_USER is not member of LDAP Group $NAME_OF_GROUP in base context $BASE_CONTEXT_FOR_GROUP"
return 1
}

0 comments on commit 0d77461

Please sign in to comment.
You can’t perform that action at this time.