From f77b468c54fc275b8c7d820b4f094c09318b4642 Mon Sep 17 00:00:00 2001
From: Pavol Mederly <mederly@evolveum.com>
Date: Mon, 27 Aug 2018 23:48:17 +0200
Subject: [PATCH] Make building/starting easier

Added scripts to download midpoint binaries and to upload
server objects. Added a bit of install/run documentation.
---
 grouper-midpoint/README.md                    |  55 +++++++-
 grouper-midpoint/download-midpoint            |  19 +++
 .../midpoint-objects/linux.properties         |   6 -
 .../midpoint-objects/resources/ldap-main.xml  |  12 +-
 .../resources/scriptedsql-grouper.xml         | 129 ------------------
 .../resources/scriptedsql-grouper2.xml        |   4 +-
 .../resources/scriptedsql-sis-courses.xml     |   4 +-
 .../resources/scriptedsql-sis-persons.xml     |   4 +-
 .../mp-gr/midpoint-server/Dockerfile          |   2 +-
 grouper-midpoint/upload-objects               |  17 +++
 10 files changed, 97 insertions(+), 155 deletions(-)
 create mode 100755 grouper-midpoint/download-midpoint
 delete mode 100644 grouper-midpoint/midpoint-objects/linux.properties
 delete mode 100644 grouper-midpoint/midpoint-objects/resources/scriptedsql-grouper.xml
 create mode 100755 grouper-midpoint/upload-objects

diff --git a/grouper-midpoint/README.md b/grouper-midpoint/README.md
index 1bd0b58..b835c49 100644
--- a/grouper-midpoint/README.md
+++ b/grouper-midpoint/README.md
@@ -1,10 +1,8 @@
 # Overview
 
-This is a demonstration of midPoint - Grouper integration. It is a work in progress.
+This is a demonstration of midPoint - Grouper integration. It is a work in progress. It is described in more detail [here](https://spaces.at.internet2.edu/pages/viewpage.action?spaceKey=TIERENTREG&title=midPoint+-+Grouper+integration+demo).
 
-It is derived from [TIER Grouper composition](https://github.internet2.edu/docker/grouper/tree/master/test-compose).
-
-In contrary to the original idea, the midPoint -> Grouper connection is realized via intermediate LDAP repository. This allows for better isolation, easier diagnostics and troubleshooting.
+This demonstration is derived from [TIER Grouper composition](https://github.internet2.edu/docker/grouper/tree/master/test-compose).
 
 There are the following containers:
 
@@ -19,7 +17,52 @@ There are the following containers:
 
 All files needed to build and compose these containers are in `mp-gr` directory.
 
-TODO:
- - Grouper -> midPoint via MQ
+# Building and starting
+## Downloading midPoint
+
+Before building, please build or download current midpoint-3.9-SNAPSHOT-dist.tar.gz file and put it into `mp-gr/midpoint-server` directory. There are the following options:
+1. Build midPoint from sources as described [here](https://wiki.evolveum.com/display/midPoint/Building+MidPoint+From+Source+Code)
+2. Use `mp-gr/download-midpoint` script
+3. Download midPoint manually from [Evolveum Nexus](https://nexus.evolveum.com/nexus/content/repositories/snapshots/com/evolveum/midpoint/dist/3.9-SNAPSHOT/) - note you have to choose the correct version
+
+## Creating Docker composition
+
+After midPoint archive is correctly placed into `mp-gr/midpoint-server` directory, please execute the following commands:
+
+```
+$ cd mp-gr
+$ docker-compose up --build
+```
+
+## Uploading initial objects
+
+After Docker containers are up, check that you can log into midPoint at `http://localhost:8080/midpoint` using `administrator/5ecr3t`.
+Then execute the following:
+
+```
+$ ./upload-objects 
+Uploading midpoint-objects/objectTemplates/template-org-course.xml (objectTemplates, d35bdec6-643b-41d8-ad5d-8eeb701169d1)
+Uploading midpoint-objects/objectTemplates/template-role-generic-group.xml (objectTemplates, 804f8658-0828-4dab-a2ed-f13985e4f80b)
+Uploading midpoint-objects/objectTemplates/template-role-affiliation.xml (objectTemplates, d87aa04f-189c-4d6f-b6e1-216dad622142)
+Uploading midpoint-objects/objectTemplates/template-org-department.xml (objectTemplates, 0caf2f69-7c72-4946-b218-d84e78b2a057)
+Uploading midpoint-objects/resources/scriptedsql-sis-courses.xml (resources, 13660d60-071b-4596-9aa1-5efcd1256c04)
+Uploading midpoint-objects/resources/ldap-main.xml (resources, 0a37121f-d515-4a23-9b6d-554c5ef61272)
+Uploading midpoint-objects/resources/scriptedsql-sis-persons.xml (resources, 4d70a0da-02dd-41cf-b0a1-00e75d3eaa15)
+Uploading midpoint-objects/resources/scriptedsql-grouper.xml (resources, ef2bc95b-76e0-48e2-86d6-3d4f02d420db)
+Uploading midpoint-objects/resources/scriptedsql-grouper2.xml (resources, 6dcb84f5-bf82-4931-9072-fbdf87f96442)
+Uploading midpoint-objects/systemConfigurations/SystemConfiguration.xml (systemConfigurations, 00000000-0000-0000-0000-000000000001)
+Uploading midpoint-objects/orgs/org-departments.xml (orgs, bee44c51-2469-411d-bac7-695728e9c241)
+Uploading midpoint-objects/orgs/org-courses.xml (orgs, 225e9360-0639-40ba-8a31-7f31bef067be)
+Uploading midpoint-objects/roles/metarole-department.xml (roles, ffa9eaec-9539-4d15-97aa-24cd5b92ca5b)
+Uploading midpoint-objects/roles/role-grouper-sysadmin.xml (roles, d48ec05b-fffd-4262-acd3-d9ff63365b62)
+Uploading midpoint-objects/roles/metarole-course.xml (roles, 8aa99e7b-f7d3-4585-9800-14bab4d26a43)
+Uploading midpoint-objects/roles/metarole-affiliation.xml (roles, fecae27b-d1d3-40ae-95fa-8f7e44e2ee70)
+Uploading midpoint-objects/roles/role-grouper-basic.xml (roles, c89f31dd-8d4f-4e0a-82cb-58ff9d8c1b2f)
+Uploading midpoint-objects/roles/metarole-generic-group.xml (roles, c691e15a-f30b-4e15-8445-532db07ceeeb)
+```
+
+# TODO
+
+ - see the [wiki page](https://spaces.at.internet2.edu/pages/viewpage.action?spaceKey=TIERENTREG&title=midPoint+-+Grouper+integration+demo)
  - performance of initial import from courses (500ms per user)
  - fix hardcoded password for grouper loader LDAP
diff --git a/grouper-midpoint/download-midpoint b/grouper-midpoint/download-midpoint
new file mode 100755
index 0000000..a9e3afa
--- /dev/null
+++ b/grouper-midpoint/download-midpoint
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# There's something wrong with Evolveum nexus, so we have to manually resolve 3.9-SNAPSHOT
+
+echo "Determining midPoint 3.9-SNAPSHOT version"
+echo "-----------------------------------------"
+v=`curl "http://nexus.evolveum.com/nexus/content/repositories/snapshots/com/evolveum/midpoint/dist/3.9-SNAPSHOT/maven-metadata.xml" | sed -n 's:.*<value>\(.*\)</value>.*:\1:p' | sed -n '1 p'`
+echo "-----------------------------------------"
+echo "Current midPoint 3.9-SNAPSHOT version is $v; starting the download"
+echo "-----------------------------------------"
+curl --output mp-gr/midpoint-server/midpoint-3.9-SNAPSHOT-dist.tar.gz http://nexus.evolveum.com/nexus/service/local/repositories/snapshots/content/com/evolveum/midpoint/dist/3.9-SNAPSHOT/dist-$v-dist.tar.gz
+echo "-----------------------------------------"
+echo "Checking the download..."
+if tar -tf mp-gr/midpoint-server/midpoint-3.9-SNAPSHOT-dist.tar.gz >/dev/null; then
+  echo "OK"
+else
+  echo "The file was not downloaded correctly"
+fi
+
diff --git a/grouper-midpoint/midpoint-objects/linux.properties b/grouper-midpoint/midpoint-objects/linux.properties
deleted file mode 100644
index 4b729c9..0000000
--- a/grouper-midpoint/midpoint-objects/linux.properties
+++ /dev/null
@@ -1,6 +0,0 @@
-sources.db.host=sources
-sources.db.port=3306
-directory.ldap.host=directory
-directory.ldap.port=389
-grouper.db.host=grouper-data
-grouper.db.port=3306
diff --git a/grouper-midpoint/midpoint-objects/resources/ldap-main.xml b/grouper-midpoint/midpoint-objects/resources/ldap-main.xml
index 0d8af80..dbd0cb8 100644
--- a/grouper-midpoint/midpoint-objects/resources/ldap-main.xml
+++ b/grouper-midpoint/midpoint-objects/resources/ldap-main.xml
@@ -9,7 +9,8 @@
 	under the License. -->
 
 
-<objects xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+<resource oid="0a37121f-d515-4a23-9b6d-554c5ef61272"
+        xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
 	xmlns:t='http://prism.evolveum.com/xml/ns/public/types-3' xmlns:xsd="http://www.w3.org/2001/XMLSchema"
 	xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
@@ -18,8 +19,6 @@
 	xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3"
 	xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">
 
-	<resource oid="0a37121f-d515-4a23-9b6d-554c5ef61272">
-
 		<name>OpenLDAP (directory)</name>
 
 		<connectorRef type="ConnectorType">
@@ -36,8 +35,8 @@
 			xmlns:icfcldap="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector">
 			<icfc:configurationProperties
 				xmlns:icfcldap="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector">
-                <icfcldap:port>$(directory.ldap.port)</icfcldap:port>
-                <icfcldap:host>$(directory.ldap.host)</icfcldap:host>
+                <icfcldap:port>389</icfcldap:port>
+                <icfcldap:host>directory</icfcldap:host>
 				<icfcldap:baseContext>dc=internet2,dc=edu</icfcldap:baseContext>
 				<icfcldap:bindDn>cn=Directory Manager</icfcldap:bindDn>
 				<icfcldap:bindPassword>
@@ -442,5 +441,4 @@
         <consistency>
             <avoidDuplicateValues>true</avoidDuplicateValues>
         </consistency>
-	</resource>
-</objects>
+</resource>
diff --git a/grouper-midpoint/midpoint-objects/resources/scriptedsql-grouper.xml b/grouper-midpoint/midpoint-objects/resources/scriptedsql-grouper.xml
deleted file mode 100644
index b3e97da..0000000
--- a/grouper-midpoint/midpoint-objects/resources/scriptedsql-grouper.xml
+++ /dev/null
@@ -1,129 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<c:resource oid="ef2bc95b-76e0-48e2-86d6-3d4f02d420db" xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
-	xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3" xmlns:my="http://myself.me/schemas/whatever" xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">
-
-	<c:name>Grouper SQL</c:name>
-
-	<connectorRef type="ConnectorType">
-		<filter>
-			<q:equal>
-				<q:path>connectorType</q:path>
-				<q:value>net.tirasa.connid.bundles.db.scriptedsql.ScriptedSQLConnector</q:value>
-			</q:equal>
-		</filter>
-	</connectorRef>
-
-	<c:connectorConfiguration>
-
-		<icfc:configurationProperties 
-			xmlns:icscscriptedsql="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/net.tirasa.connid.bundles.db.scriptedsql/net.tirasa.connid.bundles.db.scriptedsql.ScriptedSQLConnector">
-			<icscscriptedsql:host>$(grouper.db.host)</icscscriptedsql:host>
-			<icscscriptedsql:port>$(grouper.db.port)</icscscriptedsql:port>
-			<icscscriptedsql:quoting></icscscriptedsql:quoting>
-			<icscscriptedsql:user>root</icscscriptedsql:user>
-			<icscscriptedsql:password>
-				<clearValue></clearValue>
-			</icscscriptedsql:password>
-			<icscscriptedsql:database>grouper</icscscriptedsql:database>
-			<!-- >icscscriptedsql:clearTextPasswordToScript>true</icscscriptedsql:clearTextPasswordToScript -->
-			<icscscriptedsql:scriptingLanguage>GROOVY</icscscriptedsql:scriptingLanguage>
-
-			<icscscriptedsql:searchScriptFileName>/opt/midpoint/var/res/grouper/SearchScript.groovy</icscscriptedsql:searchScriptFileName>
-			<icscscriptedsql:testScriptFileName>/opt/midpoint/var/res/grouper/TestScript.groovy</icscscriptedsql:testScriptFileName>
-			<icscscriptedsql:schemaScriptFileName>/opt/midpoint/var/res/grouper/SchemaScript.groovy</icscscriptedsql:schemaScriptFileName>
-			
-			<icscscriptedsql:reloadScriptOnExecution>true</icscscriptedsql:reloadScriptOnExecution>
-			<!-- >icscscriptedsql:syncScriptFileName>/opt/midpoint/var/res/SyncScript.groovy</icscscriptedsql:syncScriptFileName -->
-
-			<icscscriptedsql:validConnectionQuery></icscscriptedsql:validConnectionQuery>
-			<icscscriptedsql:jndiProperties></icscscriptedsql:jndiProperties>
-
-			<icscscriptedsql:jdbcDriver>org.mariadb.jdbc.Driver</icscscriptedsql:jdbcDriver>
-			<icscscriptedsql:jdbcUrlTemplate>jdbc:mysql://%h:%p/%d?useUnicode=true&amp;characterEncoding=utf8&amp;connectionCollation=utf8_bin</icscscriptedsql:jdbcUrlTemplate>
-			<icscscriptedsql:enableEmptyString>true</icscscriptedsql:enableEmptyString>
-			<icscscriptedsql:rethrowAllSQLExceptions>true</icscscriptedsql:rethrowAllSQLExceptions>
-			<icscscriptedsql:nativeTimestamps>false</icscscriptedsql:nativeTimestamps>
-			<icscscriptedsql:allNative>false</icscscriptedsql:allNative>
-			<!--<icscscriptedsql:changeLogColumn>timestamp</icscscriptedsql:changeLogColumn> -->
-			<icscscriptedsql:datasource></icscscriptedsql:datasource>
-		</icfc:configurationProperties>
-
-		<!-- Generic ICF configuration -->
-
-	</c:connectorConfiguration>
-
-	<schemaHandling>
-		<objectType>
-			<kind>account</kind>
-			<displayName>Normal Account</displayName>
-			<default>true</default>
-			<objectClass>ri:AccountObjectClass</objectClass>
-			<attribute>
-				<ref>ri:subject_id</ref>
-				<displayName>Subject ID</displayName>
-			</attribute>
-			<attribute>
-				<ref>ri:subject_identifier0</ref>
-				<displayName>Subject Identifier</displayName>
-			</attribute>
-			<attribute>
-				<ref>ri:name</ref>
-				<displayName>Name</displayName>
-			</attribute>
-			<!-- >attribute>
-				<ref>ri:group</ref>
-				<displayName>Subject Groups</displayName>
-				<inbound>
-					<target>
-						<path>extension/grouper_group</path>
-					</target>
-				</inbound>
-			</attribute  -->
-		</objectType>
-	</schemaHandling>
-
-	<!-- >synchronization>
-		<objectSynchronization>
-			<enabled>true</enabled>
-
-			<correlation>
-				<q:equal>
-					<q:path>employeeNumber</q:path>
-					<expression>
-						<path>
-							declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";
-							$account/attributes/ri:subject_identifier0
-						</path>
-					</expression>
-				</q:equal>
-			</correlation>
-
-			<reaction>
-				<situation>linked</situation>
-				<synchronize>true</synchronize>
-			</reaction>
-			<reaction>
-				<situation>deleted</situation>
-				<synchronize>true</synchronize>
-				<action>
-					<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
-				</action>
-			</reaction>
-
-			<reaction>
-				<situation>unlinked</situation>
-				<synchronize>true</synchronize>
-				<action>
-					<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
-				</action>
-			</reaction>
-			<reaction>
-				<situation>unmatched</situation>
-				<synchronize>true</synchronize>
-			</reaction>
-		</objectSynchronization>
-	</synchronization -->
-
-</c:resource>
-
diff --git a/grouper-midpoint/midpoint-objects/resources/scriptedsql-grouper2.xml b/grouper-midpoint/midpoint-objects/resources/scriptedsql-grouper2.xml
index 4db0766..7894c7e 100644
--- a/grouper-midpoint/midpoint-objects/resources/scriptedsql-grouper2.xml
+++ b/grouper-midpoint/midpoint-objects/resources/scriptedsql-grouper2.xml
@@ -18,8 +18,8 @@
 
 		<icfc:configurationProperties 
 			xmlns:icscscriptedsql="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/net.tirasa.connid.bundles.db.scriptedsql/net.tirasa.connid.bundles.db.scriptedsql.ScriptedSQLConnector">
-			<icscscriptedsql:host>$(grouper.db.host)</icscscriptedsql:host>
-			<icscscriptedsql:port>$(grouper.db.port)</icscscriptedsql:port>
+			<icscscriptedsql:host>grouper-data</icscscriptedsql:host>
+			<icscscriptedsql:port>3306</icscscriptedsql:port>
 			<icscscriptedsql:quoting></icscscriptedsql:quoting>
 			<icscscriptedsql:user>root</icscscriptedsql:user>
 			<icscscriptedsql:password>
diff --git a/grouper-midpoint/midpoint-objects/resources/scriptedsql-sis-courses.xml b/grouper-midpoint/midpoint-objects/resources/scriptedsql-sis-courses.xml
index f18f1cf..5b34689 100644
--- a/grouper-midpoint/midpoint-objects/resources/scriptedsql-sis-courses.xml
+++ b/grouper-midpoint/midpoint-objects/resources/scriptedsql-sis-courses.xml
@@ -18,8 +18,8 @@
 
 		<icfc:configurationProperties 
 			xmlns:icscscriptedsql="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/net.tirasa.connid.bundles.db.scriptedsql/net.tirasa.connid.bundles.db.scriptedsql.ScriptedSQLConnector">
-			<icscscriptedsql:host>$(sources.db.host)</icscscriptedsql:host>
-			<icscscriptedsql:port>$(sources.db.port)</icscscriptedsql:port>
+			<icscscriptedsql:host>sources</icscscriptedsql:host>
+			<icscscriptedsql:port>3306</icscscriptedsql:port>
 			<icscscriptedsql:quoting></icscscriptedsql:quoting>
 			<icscscriptedsql:user>root</icscscriptedsql:user>
 			<icscscriptedsql:password>
diff --git a/grouper-midpoint/midpoint-objects/resources/scriptedsql-sis-persons.xml b/grouper-midpoint/midpoint-objects/resources/scriptedsql-sis-persons.xml
index c09d793..b76751c 100644
--- a/grouper-midpoint/midpoint-objects/resources/scriptedsql-sis-persons.xml
+++ b/grouper-midpoint/midpoint-objects/resources/scriptedsql-sis-persons.xml
@@ -27,8 +27,8 @@
 
 		<icfc:configurationProperties 
 			xmlns:icscscriptedsql="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/net.tirasa.connid.bundles.db.scriptedsql/net.tirasa.connid.bundles.db.scriptedsql.ScriptedSQLConnector">
-			<icscscriptedsql:host>$(sources.db.host)</icscscriptedsql:host>
-			<icscscriptedsql:port>$(sources.db.port)</icscscriptedsql:port>
+			<icscscriptedsql:host>sources</icscscriptedsql:host>
+			<icscscriptedsql:port>3306</icscscriptedsql:port>
 			<icscscriptedsql:quoting></icscscriptedsql:quoting>
 			<icscscriptedsql:user>root</icscscriptedsql:user>
 			<icscscriptedsql:password>
diff --git a/grouper-midpoint/mp-gr/midpoint-server/Dockerfile b/grouper-midpoint/mp-gr/midpoint-server/Dockerfile
index bc08d87..ce798ed 100644
--- a/grouper-midpoint/mp-gr/midpoint-server/Dockerfile
+++ b/grouper-midpoint/mp-gr/midpoint-server/Dockerfile
@@ -2,7 +2,7 @@
 #  Building assumes midpoint-3.9-SNAPSHOT-dist.tar.gz is present in the current directory.
 #
 
-FROM tier/shib-sp
+FROM tier/shibboleth_sp
 
 MAINTAINER info@evolveum.com
 
diff --git a/grouper-midpoint/upload-objects b/grouper-midpoint/upload-objects
new file mode 100755
index 0000000..37aaf61
--- /dev/null
+++ b/grouper-midpoint/upload-objects
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+function upload () {
+  local filename=$1
+  local regex="midpoint-objects/(.*)/(.*)"
+  if [[ $filename =~ $regex ]]
+  then
+    type="${BASH_REMATCH[1]}"
+    oid=`cat $filename | sed -n 's:.*oid=\"\([A-Za-z0-9\-]*\)\".*:\1:p' | sed -n '1 p'`
+    echo "Uploading $filename ($type, $oid)"
+    curl --user administrator:5ecr3t -H "Content-Type: application/xml" -X PUT "http://localhost:8080/midpoint/ws/rest/$type/$oid?options=overwrite&options=raw" -d @$filename
+  else
+    echo "Skipping $filename"
+  fi
+}
+
+find midpoint-objects -name "*.xml" | while read filename; do upload $filename; done