Merge branch 'master' into 3.9-SNAPSHOT-stable

Dockerfile

@@ -29,6 +29,7 @@ COPY container_files/opt-tier/* /opt/tier/
 RUN chmod 755 /opt/tier/setenv.sh \
     && chmod 755 /usr/local/bin/sendtierbeacon.sh \
     && chmod 755 /usr/local/bin/setup-cron.sh \
+    && chmod 755 /usr/local/bin/setup-timezone.sh \
     && chmod 755 /usr/local/bin/start-midpoint.sh \
     && chmod 755 /usr/local/bin/start-httpd.sh \
     && chmod 755 /usr/local/bin/startup.sh \
@@ -93,6 +94,7 @@ ENV LOGOUT_URL https://localhost:8443/Shibboleth.sso/Logout
 ENV MP_KEYSTORE_PASSWORD_FILE /run/secrets/mp_keystore_password.txt
 ENV MP_MEM_MAX 2048m
 ENV MP_MEM_INIT 1024m
+ENV TIMEZONE UTC
 ENV TIER_RELEASE not-released-yet
 ENV TIER_MAINTAINER tier
 

Jenkinsfile

@@ -58,10 +58,7 @@ pipeline {
                         sh '(cd demo/simple ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
                         sh '(cd demo/shibboleth ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
                         sh '(cd demo/postgresql ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
-
-                        // temporarily disabled
-                        //sh '(cd demo/complex ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
-                        // sh 'echo Test output ; cat debug'
+                        sh '(cd demo/complex ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
                     } catch (error) {
                         def error_details = readFile('./debug')
                         def message = "BUILD ERROR: There was a problem testing ${imagename}:${tag}. \n\n ${error_details}"

container_files/usr-local-bin/setup-timezone.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+if [[ -n $TIMEZONE ]]; then
+    echo "*** Setting timezone to '$TIMEZONE'"
+    if [[ -e /usr/share/zoneinfo/$TIMEZONE ]]; then
+        unlink /etc/localtime
+        ln -s /usr/share/zoneinfo/$TIMEZONE /etc/localtime
+        echo "date (UTC) is: $(date -u)"
+        echo "date (current timezone) is $(date)"
+    else
+        echo "Error: time zone '$TIMEZONE' is unknown; not setting it."
+    fi
+fi

container_files/usr-local-bin/start-midpoint.sh

@@ -39,7 +39,6 @@ java -Xmx$MP_MEM_MAX -Xms$MP_MEM_INIT -Dfile.encoding=UTF8 \
        -Dmidpoint.keystore.keyStorePassword_FILE=$MP_KEYSTORE_PASSWORD_FILE \
        -Dmidpoint.logging.alt.enabled=true \
        -Dmidpoint.logging.alt.filename=/tmp/logmidpoint \
-       -Dmidpoint.logging.alt.timezone=UTC \
        -Dspring.profiles.active="`$MP_DIR/active-spring-profiles`" \
        $(if [ "$AUTHENTICATION" = "shibboleth" ]; then echo "-Dauth.logout.url=$LOGOUT_URL -Dauth.sso.header=$SSO_HEADER"; fi) \
        -Dserver.tomcat.ajp.enabled=$AJP_ENABLED \

container_files/usr-local-bin/startup.sh

@@ -4,6 +4,8 @@
 export ENV=${ENV//[; ]/_}
 export USERTOKEN=${USERTOKEN//[; ]/_}
 
+/usr/local/bin/setup-timezone.sh
+
 # this is to be executed at run time, not at build time -- to ensure sufficient variability of execution times
 /usr/local/bin/setup-cron.sh
 

demo/complex/.env

@@ -11,3 +11,4 @@ REPO_UPGRADEABLE_SCHEMA_ACTION=stop
 MP_MEM_MAX=2048m
 MP_MEM_INIT=1024m
 SSO_HEADER=uid
+TIMEZONE=UTC

demo/complex/docker-compose.yml

@@ -157,6 +157,7 @@ services:
      - MP_JAVA_OPTS
      - SSO_HEADER
      - TIER_BEACON_OPT_OUT
+     - TIMEZONE
     networks:
      - net
     secrets:

demo/complex/tests/main.bats

@@ -128,21 +128,76 @@ load ../../../library
     # TODO check assignments etc
 }
 
-@test "230 Check 'TestUser230' in Midpoint and LDAP" {
+@test "230 Import SIS_COURSES" {
+    if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
+
+    add_object tasks midpoint-objects-manual/tasks/task-import-sis-courses.xml
+    search_and_check_object tasks "Import from SIS courses"
+    wait_for_task_completion b73a2e66-8233-4c20-928f-acb30027b33e 8 10
+    assert_task_success b73a2e66-8233-4c20-928f-acb30027b33e
+
+    search_and_check_object orgs course_ACCT101
+    search_and_check_object orgs course_ACCT201
+    search_and_check_object orgs course_CS251
+    search_and_check_object orgs course_CS252
+    search_and_check_object orgs course_MATH100
+    search_and_check_object orgs course_MATH101
+    search_and_check_object orgs course_SCI123
+    search_and_check_object orgs course_SCI404
+
+    check_ldap_courses_by_name course_ACCT101 complex_directory_1
+    check_ldap_courses_by_name course_ACCT201 complex_directory_1
+    check_ldap_courses_by_name course_CS251 complex_directory_1
+    check_ldap_courses_by_name course_CS252 complex_directory_1
+    check_ldap_courses_by_name course_MATH100 complex_directory_1
+    check_ldap_courses_by_name course_MATH101 complex_directory_1
+    check_ldap_courses_by_name course_SCI123 complex_directory_1
+    check_ldap_courses_by_name course_SCI404 complex_directory_1
+
+    check_of_ldap_membership amorrison "ou=courses,ou=groups,dc=internet2,dc=edu" "ACCT101" complex_directory_1
+    check_of_ldap_membership cmorrison "ou=courses,ou=groups,dc=internet2,dc=edu" "ACCT101" complex_directory_1
+    check_of_ldap_membership mroberts "ou=courses,ou=groups,dc=internet2,dc=edu" "ACCT101" complex_directory_1
+    check_of_ldap_membership whenderson "ou=courses,ou=groups,dc=internet2,dc=edu" "ACCT101" complex_directory_1
+
+    check_of_ldap_membership amorrison "ou=courses,ou=groups,dc=internet2,dc=edu" "CS251" complex_directory_1
+    check_of_ldap_membership cmorrison "ou=courses,ou=groups,dc=internet2,dc=edu" "CS251" complex_directory_1
+    check_of_ldap_membership ddavis "ou=courses,ou=groups,dc=internet2,dc=edu" "CS251" complex_directory_1
+    check_of_ldap_membership mroberts "ou=courses,ou=groups,dc=internet2,dc=edu" "CS251" complex_directory_1
+
+    check_of_ldap_membership kwhite "ou=courses,ou=groups,dc=internet2,dc=edu" "CS252" complex_directory_1
+
+    check_of_ldap_membership danderson "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH100" complex_directory_1
+    check_of_ldap_membership ddavis "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH100" complex_directory_1
+    check_of_ldap_membership kwhite "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH100" complex_directory_1
+    check_of_ldap_membership wprice "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH100" complex_directory_1
+
+    check_of_ldap_membership amorrison "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH101" complex_directory_1
+    check_of_ldap_membership cmorrison "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH101" complex_directory_1
+    check_of_ldap_membership mroberts "ou=courses,ou=groups,dc=internet2,dc=edu" "MATH101" complex_directory_1
+
+    check_of_ldap_membership danderson "ou=courses,ou=groups,dc=internet2,dc=edu" "SCI123" complex_directory_1
+    check_of_ldap_membership mroberts "ou=courses,ou=groups,dc=internet2,dc=edu" "SCI123" complex_directory_1
+
+    check_of_ldap_membership kwhite "ou=courses,ou=groups,dc=internet2,dc=edu" "SCI404" complex_directory_1
+    check_of_ldap_membership wprice "ou=courses,ou=groups,dc=internet2,dc=edu" "SCI404" complex_directory_1
+}
+
+
+@test "240 Check 'TestUser240' in Midpoint and LDAP" {
     if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
     check_health
-    echo "<user><name>TestUser230</name><fullName>Test User230</fullName><givenName>Test</givenName><familyName>User230</familyName><credentials><password><value><clearValue>password</clearValue></value></password></credentials></user>" >/tmp/testuser230.xml
-    add_object users /tmp/testuser230.xml
-    rm /tmp/testuser230.xml
-    search_and_check_object users TestUser230
+    echo "<user><name>TestUser240</name><fullName>Test User240</fullName><givenName>Test</givenName><familyName>User240</familyName><credentials><password><value><clearValue>password</clearValue></value></password></credentials></user>" >/tmp/testuser240.xml
+    add_object users /tmp/testuser240.xml
+    rm /tmp/testuser240.xml
+    search_and_check_object users TestUser240
 
     execute_bulk_action tests/resources/bulk-action/recompute-role-grouper-sysadmin.xml complex_midpoint_server_1
     execute_bulk_action tests/resources/bulk-action/assign-role-grouper-sysadmin-to-test-user.xml complex_midpoint_server_1
 
-    check_ldap_account_by_user_name TestUser230 complex_directory_1
-    check_of_ldap_membership TestUser230 sysadmingroup complex_directory_1
+    check_ldap_account_by_user_name TestUser240 complex_directory_1
+    check_of_ldap_membership TestUser240 "ou=groups,dc=internet2,dc=edu" "sysadmingroup" complex_directory_1
 
-    delete_object_by_name users TestUser230
+    delete_object_by_name users TestUser240
 }
 
 

demo/complex/tests/resources/bulk-action/assign-role-grouper-sysadmin-to-test-user.xml

@@ -8,7 +8,7 @@
                     <s:searchFilter>
                         <q:equal>
                             <q:path>c:name</q:path>
-                            <q:value>TestUser230</q:value>
+                            <q:value>TestUser240</q:value>
                         </q:equal>
                     </s:searchFilter>
                     <s:action>

demo/extrepo/.env

@@ -7,3 +7,4 @@ REPO_MISSING_SCHEMA_ACTION=create
 REPO_UPGRADEABLE_SCHEMA_ACTION=stop
 MP_MEM_MAX=2048m
 MP_MEM_INIT=1024m
+TIMEZONE=UTC

demo/extrepo/docker-compose.yml

@@ -22,6 +22,7 @@ services:
      - MP_MEM_INIT
      - MP_JAVA_OPTS
      - TIER_BEACON_OPT_OUT
+     - TIMEZONE
     networks:
      - net
     secrets:

demo/postgresql/.env

@@ -5,3 +5,4 @@ REPO_MISSING_SCHEMA_ACTION=create
 REPO_UPGRADEABLE_SCHEMA_ACTION=stop
 MP_MEM_MAX=2048m
 MP_MEM_INIT=1024m
+TIMEZONE=UTC

demo/postgresql/docker-compose.yml

@@ -35,6 +35,7 @@ services:
      - MP_MEM_INIT
      - MP_JAVA_OPTS
      - TIER_BEACON_OPT_OUT
+     - TIMEZONE
     networks:
      - net
     secrets:

demo/shibboleth/.env

@@ -12,3 +12,5 @@ REPO_MISSING_SCHEMA_ACTION=create
 REPO_UPGRADEABLE_SCHEMA_ACTION=stop
 MP_MEM_MAX=2048m
 MP_MEM_INIT=1024m
+TIMEZONE=UTC
+

demo/shibboleth/docker-compose.yml

@@ -36,6 +36,7 @@ services:
      - MP_MEM_INIT
      - MP_JAVA_OPTS
      - TIER_BEACON_OPT_OUT
+     - TIMEZONE
     networks:
      - net
     secrets:

demo/simple/.env

@@ -11,3 +11,4 @@ REPO_MISSING_SCHEMA_ACTION=create
 REPO_UPGRADEABLE_SCHEMA_ACTION=stop
 MP_MEM_MAX=2048m
 MP_MEM_INIT=1024m
+TIMEZONE=UTC

demo/simple/docker-compose.yml

@@ -34,6 +34,7 @@ services:
      - MP_MEM_INIT
      - MP_JAVA_OPTS
      - TIER_BEACON_OPT_OUT
+     - TIMEZONE
     networks:
      - net
     secrets:

library.bash

@@ -12,7 +12,7 @@ function generic_wait_for_log () {
     FAILURE="$4"
     ADDITIONAL_CONTAINER_NAME=$5
     ATTEMPT=0
-    MAX_ATTEMPTS=40
+    MAX_ATTEMPTS=20
     DELAY=10
 
     until [[ $ATTEMPT = $MAX_ATTEMPTS ]]; do
@@ -340,7 +340,7 @@ function search_ldap_object_by_filter () {
     local LDAP_CONTAINER=$3
     TMPFILE=$(mktemp /tmp/ldapsearch.XXXXXX)
 
-    docker exec $LDAP_CONTAINER ldapsearch -h localhost -p 389 -D "cn=Directory Manager" -w password -b "$BASE_CONTEXT_FOR_SEARCH" "($FILTER)" >$TMPFILE || (rm $TMPFILE ; return 1)
+    docker exec $LDAP_CONTAINER ldapsearch -h localhost -p 389 -D "cn=Directory Manager" -w password -b "$BASE_CONTEXT_FOR_SEARCH" "($FILTER)" >$TMPFILE || (echo "Couldn't search $FILTER:" ;rm $TMPFILE ; return 1)
     LDAPSEARCH_RESULT_FILE=$TMPFILE
     return 0
 }
@@ -370,15 +370,39 @@ function check_ldap_account_by_user_name () {
     return 1
 }
 
+function check_ldap_courses_by_name () {
+    local NAME="$1"
+    local LDAP_CONTAINER=$2
+    search_objects_by_name orgs $NAME
+
+    local MP_ORG_IDENTIFIER=$(xmllint --xpath "/*/*/*[local-name()='identifier']/text()" $SEARCH_RESULT_FILE) || (echo "Couldn't extract user identifier from file:" ; cat $SEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; return 1)
+
+    search_ldap_object_by_filter "ou=courses,ou=groups,dc=internet2,dc=edu" "cn=$MP_ORG_IDENTIFIER" $LDAP_CONTAINER
+
+    local LDAP_CN=$(grep -oP "cn: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user cn from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
+
+    rm $SEARCH_RESULT_FILE
+    rm $LDAPSEARCH_RESULT_FILE
+
+    if [[ $MP_ORG_IDENTIFIER = $LDAP_CN ]]; then
+        return 0
+    fi
+
+    echo "Orgs $NAME in Midpoint and LDAP Group(Course) with cn $MP_ORG_IDENTIFIER are not same"
+    return 1
+}
+
+
 function check_of_ldap_membership () {
     local NAME_OF_USER="$1"
-    local NAME_OF_GROUP="$2"
-    local LDAP_CONTAINER=$3
+    local BASE_CONTEXT_FOR_GROUP="$2" 
+    local NAME_OF_GROUP="$3"
+    local LDAP_CONTAINER=$4
     search_ldap_object_by_filter "ou=people,dc=internet2,dc=edu" "uid=$NAME_OF_USER" $LDAP_CONTAINER
 
     local LDAP_ACCOUNT_DN=$(grep -oP "dn: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user dn from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
 
-    search_ldap_object_by_filter "ou=groups,dc=internet2,dc=edu" "cn=$NAME_OF_GROUP" $LDAP_CONTAINER
+    search_ldap_object_by_filter "$BASE_CONTEXT_FOR_GROUP" "cn=$NAME_OF_GROUP" $LDAP_CONTAINER
 
     local LDAP_MEMBERS_DNS=$(grep -oP "uniqueMember: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user uniqueMember from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
 
@@ -388,6 +412,6 @@ function check_of_ldap_membership () {
         return 0
     fi
 
-    echo "LDAP Account with uid $NAME_OF_USER is not member of LDAP Group $NAME_OF_GROUP"
+    echo "LDAP Account with uid $NAME_OF_USER is not member of LDAP Group $NAME_OF_GROUP in base context $BASE_CONTEXT_FOR_GROUP"
     return 1
 }