From 4c5e8955a2271d9450e31184be93ae5c6a7db0c6 Mon Sep 17 00:00:00 2001
From: Pavol Mederly <mederly@evolveum.com>
Date: Sun, 30 Sep 2018 01:21:51 +0200
Subject: [PATCH 1/3] Adapt test to midpoint change

---
 demo/simple/tests/main.bats | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/demo/simple/tests/main.bats b/demo/simple/tests/main.bats
index 16e6ca5..c7a4ca8 100755
--- a/demo/simple/tests/main.bats
+++ b/demo/simple/tests/main.bats
@@ -52,7 +52,7 @@ load ../../../library
 
 @test "350 Test DB schema version check" {
     echo "Removing version information from m_global_metadata"
-    docker exec simple_midpoint-data_1 mysql -p123321 registry -e "delete from m_global_metadata"
+    docker exec simple_midpoint-data_1 mysql -p123321 registry -e "drop table m_global_metadata"
 
     echo "Bringing the containers down"
     docker-compose down
@@ -60,7 +60,7 @@ load ../../../library
     echo "Re-creating the containers"
     docker-compose up -d
 
-    wait_for_log_message simple_midpoint-server_1 "com.evolveum.midpoint.util.exception.SystemException: Existing database schema version could not be determined"
+    wait_for_log_message simple_midpoint-server_1 "Database schema is not compatible with the executing code; however, an upgrade path is available."
 }
 
 @test "999 Clean up" {

From ceafa77a75096781e1e9191372f7f08ebe567754 Mon Sep 17 00:00:00 2001
From: Pavol Mederly <mederly@evolveum.com>
Date: Mon, 1 Oct 2018 17:07:51 +0200
Subject: [PATCH 2/3] Add auto-upgrade support

---
 Dockerfile                                    |  2 +
 .../usr-local-bin/start-midpoint.sh           | 13 ++--
 demo/complex/.env                             |  2 +
 demo/complex/docker-compose.yml               | 73 +------------------
 demo/simple/.env                              |  1 +
 demo/simple/docker-compose.yml                |  4 +
 demo/simple/tests/main.bats                   | 21 ++++++
 7 files changed, 39 insertions(+), 77 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 27b026b..6b1b804 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -68,6 +68,8 @@ ENV REPO_DATABASE midpoint
 ENV REPO_JDBC_URL default
 ENV REPO_PASSWORD_FILE /run/secrets/m_database_password.txt
 ENV REPO_DATABASE_TYPE mariadb
+ENV REPO_MISSING_SCHEMA_ACTION create
+ENV REPO_UPGRADEABLE_SCHEMA_ACTION stop
 
 # Logging parameters
 
diff --git a/container_files/usr-local-bin/start-midpoint.sh b/container_files/usr-local-bin/start-midpoint.sh
index 856f34e..da47e3a 100755
--- a/container_files/usr-local-bin/start-midpoint.sh
+++ b/container_files/usr-local-bin/start-midpoint.sh
@@ -1,11 +1,5 @@
 #!/bin/bash
 
-if [ "$AUTHENTICATION" = "shibboleth" ]; then
-  LOGOUT_URL_DIRECTIVE="-Dauth.logout.url=$LOGOUT_URL"
-else
-  LOGOUT_URL_DIRECTIVE=
-fi
-
 java -Xmx$MEM -Xms2048m -Dfile.encoding=UTF8 \
        -Dmidpoint.home=$MP_DIR/var \
        -Dmidpoint.repository.database=$REPO_DATABASE_TYPE \
@@ -13,7 +7,10 @@ java -Xmx$MEM -Xms2048m -Dfile.encoding=UTF8 \
        -Dmidpoint.repository.jdbcPassword_FILE=$REPO_PASSWORD_FILE \
        -Dmidpoint.repository.jdbcUrl="`$MP_DIR/repository-url`" \
        -Dmidpoint.repository.hibernateHbm2ddl=none \
-       -Dmidpoint.repository.missingSchemaAction=create \
+       -Dmidpoint.repository.missingSchemaAction=$REPO_MISSING_SCHEMA_ACTION \
+       -Dmidpoint.repository.upgradeableSchemaAction=$REPO_UPGRADEABLE_SCHEMA_ACTION \
+       $(if [ -n "$REPO_SCHEMA_VERSION_IF_MISSING" ]; then echo "-Dmidpoint.repository.schemaVersionIfMissing=$REPO_SCHEMA_VERSION_IF_MISSING"; fi) \
+       $(if [ -n "$REPO_SCHEMA_VARIANT" ]; then echo "-Dmidpoint.repository.schemaVariant=$REPO_SCHEMA_VARIANT"; fi) \
        -Dmidpoint.repository.initializationFailTimeout=60000 \
        -Dmidpoint.keystore.keyStorePassword_FILE=$KEYSTORE_PASSWORD_FILE \
        -Dmidpoint.logging.alt.enabled=true \
@@ -21,7 +18,7 @@ java -Xmx$MEM -Xms2048m -Dfile.encoding=UTF8 \
        -Dmidpoint.logging.alt.timezone=UTC \
        -Dspring.profiles.active="`$MP_DIR/active-spring-profiles`" \
        -Dauth.sso.header=$SSO_HEADER \
-       $LOGOUT_URL_DIRECTIVE \
+       $(if [ "$AUTHENTICATION" = "shibboleth" ]; then echo "-Dauth.logout.url=$LOGOUT_URL"; fi) \
        -Dserver.tomcat.ajp.enabled=$AJP_ENABLED \
        -Dserver.tomcat.ajp.port=$AJP_PORT \
        -Dlogging.path=/tmp/logtomcat \
diff --git a/demo/complex/.env b/demo/complex/.env
index ce20478..cabe686 100644
--- a/demo/complex/.env
+++ b/demo/complex/.env
@@ -7,6 +7,8 @@ REPO_HOST=midpoint-data
 REPO_PORT=default
 REPO_DATABASE=registry
 REPO_USER=registry_user
+REPO_MISSING_SCHEMA_ACTION=create
+REPO_UPGRADEABLE_SCHEMA_ACTION=stop
 REPO_PASSWORD_FILE=/run/secrets/m_database_password.txt
 KEYSTORE_PASSWORD_FILE=/run/secrets/m_keystore_password.txt
 MEM=2048m
diff --git a/demo/complex/docker-compose.yml b/demo/complex/docker-compose.yml
index 8e16c92..bd2fb36 100644
--- a/demo/complex/docker-compose.yml
+++ b/demo/complex/docker-compose.yml
@@ -84,75 +84,6 @@ services:
        source: ./configs-and-secrets/grouper/httpd/host-cert.pem
        target: /etc/pki/tls/certs/cachain.pem
 
-
-#  grouper-ws:
-#    build: ./grouper-ws/
-#    command: bash -c "while ! curl -s grouper-data:3306 > /dev/null; do echo waiting for mysql on grouper-data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec ws"
-#    depends_on:
-#     - grouper-data
-#     - directory
-#    environment:
-#     - ENV=dev
-#     - GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt
-#     - SUBJECT_SOURCE_LDAP_PASSWORD=password
-#     - USERTOKEN=build-2
-#    networks:
-#     - back
-#    ports:
-#     - "8443:443"
-#    secrets:
-#     - g_database_password.txt
-#     - source: grouper.hibernate.properties
-#       target: grouper_grouper.hibernate.properties
-#     - source: grouper-loader.properties
-#       target: grouper_grouper-loader.properties
-#     - source: subject.properties
-#       target: grouper_subject.properties
-#     - source: sp-key.pem
-#       target: shib_sp-key.pem
-#     - source: host-key.pem
-#    volumes:
-#     - type: bind
-#       source: ./configs-and-secrets/grouper/grouper.properties
-#       target: /opt/grouper/conf/grouper.properties
-#     - type: bind
-#       source: ./configs-and-secrets/grouper/grouper.client.properties
-#       target: /opt/grouper/conf/grouper.client.properties
-#     - type: bind
-#       source: ./configs-and-secrets/httpd/host-cert.pem
-#       target: /etc/pki/tls/certs/host-cert.pem
-#     - type: bind
-#       source: ./configs-and-secrets/httpd/host-cert.pem
-#       target: /etc/pki/tls/certs/cachain.pem
-#
-#  gsh:
-#    build: ./gsh/
-#    depends_on:
-#     - grouper-data
-#     - directory
-#    environment:
-#     - ENV=dev
-#     - GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt
-#     - SUBJECT_SOURCE_LDAP_PASSWORD=password
-#     - USERTOKEN=build-2
-#    networks:
-#     - back
-#    secrets:
-#     - g_database_password.txt
-#     - source: grouper.hibernate.properties
-#       target: grouper_grouper.hibernate.properties
-#     - source: grouper-loader.properties
-#       target: grouper_grouper-loader.properties
-#     - source: subject.properties
-#       target: grouper_subject.properties
-#    volumes:
-#     - type: bind
-#       source: ./configs-and-secrets/grouper/grouper.properties
-#       target: /opt/grouper/conf/grouper.properties
-#     - type: bind
-#       source: ./configs-and-secrets/grouper/grouper.client.properties
-#       target: /opt/grouper/conf/grouper.client.properties
-
   grouper-data:
     build: ./grouper-data/
     networks:
@@ -215,6 +146,10 @@ services:
      - REPO_DATABASE
      - REPO_USER
      - REPO_PASSWORD_FILE
+     - REPO_MISSING_SCHEMA_ACTION
+     - REPO_UPGRADEABLE_SCHEMA_ACTION
+     - REPO_SCHEMA_VERSION_IF_MISSING
+     - REPO_SCHEMA_VARIANT
      - KEYSTORE_PASSWORD_FILE
      - MEM
      - SSO_HEADER
diff --git a/demo/simple/.env b/demo/simple/.env
index 2c8a3e3..25f5a2d 100644
--- a/demo/simple/.env
+++ b/demo/simple/.env
@@ -8,4 +8,5 @@ REPO_HOST=midpoint-data
 REPO_PORT=default
 REPO_DATABASE=registry
 REPO_USER=registry_user
+REPO_MISSING_SCHEMA_ACTION=create
 MEM=2048m
diff --git a/demo/simple/docker-compose.yml b/demo/simple/docker-compose.yml
index 924f2e2..e80734f 100644
--- a/demo/simple/docker-compose.yml
+++ b/demo/simple/docker-compose.yml
@@ -27,6 +27,10 @@ services:
      - REPO_PORT
      - REPO_DATABASE
      - REPO_USER
+     - REPO_MISSING_SCHEMA_ACTION
+     - REPO_UPGRADEABLE_SCHEMA_ACTION
+     - REPO_SCHEMA_VERSION_IF_MISSING
+     - REPO_SCHEMA_VARIANT
      - MEM
      - TIER_BEACON_OPT_OUT
     networks:
diff --git a/demo/simple/tests/main.bats b/demo/simple/tests/main.bats
index c7a4ca8..664cc22 100755
--- a/demo/simple/tests/main.bats
+++ b/demo/simple/tests/main.bats
@@ -63,6 +63,27 @@ load ../../../library
     wait_for_log_message simple_midpoint-server_1 "Database schema is not compatible with the executing code; however, an upgrade path is available."
 }
 
+@test "360 Test DB schema upgrade" {
+    echo "Stopping midpoint-server container"
+    docker stop simple_midpoint-server_1
+
+    echo "Installing empty 3.8 repository"
+    docker exec simple_midpoint-data_1 mysql -p123321 -e "DROP DATABASE registry"
+    docker exec simple_midpoint-data_1 bash -c " curl https://raw.githubusercontent.com/Evolveum/midpoint/v3.8/config/sql/_all/mysql-3.8-all-utf8mb4.sql > /tmp/create-3.8-utf8mb4.sql"
+    docker exec simple_midpoint-data_1 mysql -p123321 -e "CREATE DATABASE IF NOT EXISTS registry;"
+    docker exec simple_midpoint-data_1 mysql -p123321 -e "GRANT ALL ON registry.* TO 'registry_user'@'%' IDENTIFIED BY 'WJzesbe3poNZ91qIbmR7' ;"
+    docker exec simple_midpoint-data_1 bash -c "mysql -p123321 registry < /tmp/create-3.8-utf8mb4.sql"
+
+    echo "Bringing the containers down"
+    docker-compose down
+
+    echo "Re-creating the containers"
+    env REPO_SCHEMA_VERSION_IF_MISSING=3.8 REPO_UPGRADEABLE_SCHEMA_ACTION=upgrade REPO_SCHEMA_VARIANT=utf8mb4 docker-compose up -d
+
+    wait_for_log_message simple_midpoint-server_1 "Schema was successfully upgraded from 3.8 to 3.9 using script 'mysql-upgrade-3.8-3.9-utf8mb4.sql'"
+    wait_for_midpoint_start simple_midpoint-server_1
+}
+
 @test "999 Clean up" {
     docker-compose down -v
 }

From 2d8dee228aa84812c32b6c2460364bfdc9c86d61 Mon Sep 17 00:00:00 2001
From: Pavol Mederly <mederly@evolveum.com>
Date: Mon, 1 Oct 2018 17:28:55 +0200
Subject: [PATCH 3/3] Add assert_task_success method

---
 library.bash | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/library.bash b/library.bash
index a8d5561..0aa34fe 100644
--- a/library.bash
+++ b/library.bash
@@ -67,7 +67,6 @@ function wait_for_shibboleth_idp_start () {
     return 1
 }
 
-
 # Checks the health of midPoint server
 function check_health () {
     echo Checking health...
@@ -98,6 +97,15 @@ function check_health_shibboleth_idp () {
 }
 
 
+function get_object () {
+    local TYPE=$1
+    local OID=$2
+    TMPFILE=$(mktemp /tmp/get.XXXXXX)
+    echo tmp file is $TMPFILE
+    curl -k --user administrator:5ecr3t -H "Content-Type: application/xml" -X GET "https://localhost:8443/midpoint/ws/rest/$TYPE/$OID" >$TMPFILE || (rm $TMPFILE ; return 1)
+    return 0
+}
+
 # Retrieves XML object and checks if the name matches
 function get_and_check_object () {
     TYPE=$1
@@ -190,8 +198,18 @@ function test_resource () {
 
 function assert_task_success () {
     local OID=$1
-    # TODO
-    return 0
+    get_object tasks $OID
+    TASK_STATUS=$(xmllint --xpath "/*/*[local-name()='resultStatus']/text()" $TMPFILE) || (echo "Couldn't extract task status from task $OID" ; cat $TMPFILE ; rm $TMPFILE ; return 1)
+    if [[ $TASK_STATUS = "success" ]]; then
+        echo "Task $OID status is OK"
+        rm $TMPFILE
+        return 0
+    else
+        echo "Task $OID status is not OK: $TASK_STATUS"
+        cat $TMPFILE
+        rm $TMPFILE
+        return 1
+    fi
 }
 
 function wait_for_task_completion () {