diff --git a/Dockerfile b/Dockerfile
index 0b8a5c5..1b1b1e8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -45,7 +45,6 @@ RUN cp /dev/null /etc/httpd/conf.d/ssl.conf \
# Build arguments
-ARG MP_VERSION=4.0.1
ARG MP_DIST_FILE=midpoint-dist.tar.gz
ENV MP_DIR /opt/midpoint
@@ -62,31 +61,13 @@ RUN echo 'Extracting midPoint archive...' \
# TODO: consider all the consequences
#VOLUME ${MP_DIR}/var
-# Repository parameters
-
-ENV REPO_DATABASE_TYPE mariadb
-ENV REPO_JDBC_URL default
-ENV REPO_HOST midpoint_data
-ENV REPO_PORT default
-ENV REPO_DATABASE registry
-ENV REPO_USER registry_user
-ENV REPO_PASSWORD_FILE /run/secrets/mp_database_password.txt
-ENV REPO_MISSING_SCHEMA_ACTION create
-ENV REPO_UPGRADEABLE_SCHEMA_ACTION stop
-
# Logging parameters
ENV ENV demo
ENV USERTOKEN ""
-# Authentication/web
-
-ENV AJP_ENABLED true
-ENV AJP_PORT 9090
-
# Other parameters
-ENV MP_KEYSTORE_PASSWORD_FILE /run/secrets/mp_keystore_password.txt
ENV MP_MEM_MAX 2048m
ENV MP_MEM_INIT 1024m
ENV TIMEZONE UTC
diff --git a/Jenkinsfile b/Jenkinsfile
index 5aa7067..9d5e4bf 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -11,11 +11,7 @@ pipeline {
script {
maintainer = maintain()
imagename = imagename()
- if (env.BRANCH_NAME == "master") {
- tag = "latest"
- } else {
- tag = env.BRANCH_NAME
- }
+ tag = tag()
if (!imagename) {
echo "You must define imagename in common.bash"
currentBuild.result = 'FAILURE'
@@ -60,7 +56,6 @@ pipeline {
sh '(cd demo/simple ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
sh '(cd demo/shibboleth ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
- sh '(cd demo/postgresql ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
sh '(cd demo/grouper ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
} catch (error) {
def error_details = readFile('./debug')
@@ -74,9 +69,13 @@ pipeline {
stage ('Push') {
steps {
script {
- docker.withRegistry('https://registry.hub.docker.com/', "dockerhub-$maintainer") {
- def baseImg = docker.build("$maintainer/$imagename")
+ docker.withRegistry('https://registry.hub.docker.com/', "dockerhub-tier") {
+ def baseImg = docker.image("$maintainer/$imagename:$tag")
baseImg.push("$tag")
+
+ if (env.BRANCH_NAME == "master") {
+ baseImg.push("latest")
+ }
}
}
}
@@ -110,6 +109,11 @@ def imagename() {
matcher ? matcher[0][1] : null
}
+def tag() {
+ def matcher = readFile('common.bash') =~ 'tag="(.+)"'
+ matcher ? matcher[0][1] : latest
+}
+
def handleError(String message) {
echo "${message}"
currentBuild.setResult("FAILED")
diff --git a/common.bash b/common.bash
index f61b220..90dc7cd 100644
--- a/common.bash
+++ b/common.bash
@@ -1,3 +1,3 @@
-maintainer="tier"
+maintainer="i2incommon"
imagename="midpoint"
-tag="latest"
+tag="4.4.1"
diff --git a/container_files/usr-local-bin/start-midpoint.sh b/container_files/usr-local-bin/start-midpoint.sh
index 15d9aa7..abccd4b 100755
--- a/container_files/usr-local-bin/start-midpoint.sh
+++ b/container_files/usr-local-bin/start-midpoint.sh
@@ -25,37 +25,11 @@ done
check MP_MEM_MAX
check MP_MEM_INIT
check MP_DIR
-check REPO_DATABASE_TYPE
-check REPO_USER
-check REPO_PASSWORD_FILE
-check REPO_MISSING_SCHEMA_ACTION
-check REPO_UPGRADEABLE_SCHEMA_ACTION
-check MP_KEYSTORE_PASSWORD_FILE
-check AJP_ENABLED
-check AJP_PORT
-java -Xmx$MP_MEM_MAX -Xms$MP_MEM_INIT -Dfile.encoding=UTF8 \
- -Dmidpoint.home=$MP_DIR/var \
- -Dmidpoint.repository.database=$REPO_DATABASE_TYPE \
- -Dmidpoint.repository.jdbcUsername=$REPO_USER \
- -Dmidpoint.repository.jdbcPassword_FILE=$REPO_PASSWORD_FILE \
- -Dmidpoint.repository.jdbcUrl="`$MP_DIR/repository-url`" \
- -Dmidpoint.repository.hibernateHbm2ddl=none \
- -Dmidpoint.repository.missingSchemaAction=$REPO_MISSING_SCHEMA_ACTION \
- -Dmidpoint.repository.upgradeableSchemaAction=$REPO_UPGRADEABLE_SCHEMA_ACTION \
- $(if [ -n "$REPO_SCHEMA_VERSION_IF_MISSING" ]; then echo "-Dmidpoint.repository.schemaVersionIfMissing=$REPO_SCHEMA_VERSION_IF_MISSING"; fi) \
- $(if [ -n "$REPO_SCHEMA_VARIANT" ]; then echo "-Dmidpoint.repository.schemaVariant=$REPO_SCHEMA_VARIANT"; fi) \
- -Dmidpoint.repository.initializationFailTimeout=60000 \
- -Dmidpoint.keystore.keyStorePassword_FILE=$MP_KEYSTORE_PASSWORD_FILE \
- -Dmidpoint.logging.alt.enabled=true \
- -Dmidpoint.logging.alt.filename=/tmp/logmidpoint \
- -Dspring.profiles.active="`$MP_DIR/active-spring-profiles`" \
- -Dserver.tomcat.ajp.enabled=$AJP_ENABLED \
- -Dserver.tomcat.ajp.port=$AJP_PORT \
- -Dserver.tomcat.ajp.secret=s3cr3t \
- -Dlogging.path=/tmp/logtomcat \
- -cp $MP_DIR/lib/midpoint.war \
- -Dloader.path="WEB-INF/classes,WEB-INF/lib,WEB-INF/lib-provided,$MP_DIR/var/lib" \
- org.springframework.boot.loader.PropertiesLauncher \
- $MP_JAVA_OPTS \
- -jar $MP_DIR/lib/midpoint.war &>/tmp/logmidpoint-console
+
+export MP_SET_midpoint_logging_alt_enabled=true
+export MP_SET_midpoint_logging_alt_filename=/tmp/logmidpoint
+export MP_SET_spring_profiles_active="`$MP_DIR/active-spring-profiles`"
+export MP_SET_logging_path=/tmp/logtomcat
+
+/opt/midpoint/bin/midpoint.sh 'container' &>/tmp/logmidpoint-console
\ No newline at end of file
diff --git a/demo/extrepo/.env b/demo/extrepo/.env
deleted file mode 100644
index 589cfcf..0000000
--- a/demo/extrepo/.env
+++ /dev/null
@@ -1,10 +0,0 @@
-# These parameters can be overridden by setting environment variables before calling docker-compose up
-ENV=demo
-USERTOKEN=
-REPO_JDBC_URL=default
-REPO_PORT=default
-REPO_MISSING_SCHEMA_ACTION=create
-REPO_UPGRADEABLE_SCHEMA_ACTION=stop
-MP_MEM_MAX=2048m
-MP_MEM_INIT=1024m
-TIMEZONE=UTC
diff --git a/demo/extrepo/configs-and-secrets/midpoint/application/database_password.txt b/demo/extrepo/configs-and-secrets/midpoint/application/database_password.txt
deleted file mode 100644
index d71d29d..0000000
--- a/demo/extrepo/configs-and-secrets/midpoint/application/database_password.txt
+++ /dev/null
@@ -1 +0,0 @@
-oracle
diff --git a/demo/extrepo/configs-and-secrets/midpoint/application/keystore_password.txt b/demo/extrepo/configs-and-secrets/midpoint/application/keystore_password.txt
deleted file mode 100644
index 1d40192..0000000
--- a/demo/extrepo/configs-and-secrets/midpoint/application/keystore_password.txt
+++ /dev/null
@@ -1 +0,0 @@
-changeit
diff --git a/demo/extrepo/configs-and-secrets/midpoint/httpd/host-cert.pem b/demo/extrepo/configs-and-secrets/midpoint/httpd/host-cert.pem
deleted file mode 100644
index 9b1021b..0000000
--- a/demo/extrepo/configs-and-secrets/midpoint/httpd/host-cert.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDqDCCApCgAwIBAgIJAMOSkn4oS2aAMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRcwFQYDVQQK
-DA5JbnRlcm5ldDIvVElFUjEgMB4GA1UEAwwXbWlkcG9pbnQuc3AuZXhhbXBsZS5v
-cmcwHhcNMTgwOTE0MDU1OTQ1WhcNMTkwOTE0MDU1OTQ1WjBpMQswCQYDVQQGEwJV
-UzELMAkGA1UECAwCTUkxEjAQBgNVBAcMCUFubiBBcmJvcjEXMBUGA1UECgwOSW50
-ZXJuZXQyL1RJRVIxIDAeBgNVBAMMF21pZHBvaW50LnNwLmV4YW1wbGUub3JnMIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApj/b7MEUSfu3oXMfNgRwTse7
-a5UV7Jswf1M/ZN/ZZkAkIxNBevZgozjesvLPWrmsTgONi7XigJUJvCjdjmlW9eDM
-lri/rkD8HuOR1DQCVKL9nvoS2c3D7sq5Emda3V8Tlj82VqfEmePd3sajx7mcTfbH
-8jwAL9NhkC+WMib5IpjLGpG0FEAC0ha7Lxb+7jIiqHVJaqLXJGCyGN4mh6c1Q9S1
-f8RVTiW2a8x22G+9wnZYbkiA2Kxls177imHlhSz8EdvV4IpGw1amrEWhhuDEum7B
-vZ1xQDLatgRqh4qAKLIVYeRnJ8H1FelMa90qB4G08MIPifmTsQwqJyBYaEdgWQID
-AQABo1MwUTAdBgNVHQ4EFgQUqb9BteODF6wv5R57aEON/wGXMiowHwYDVR0jBBgw
-FoAUqb9BteODF6wv5R57aEON/wGXMiowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
-9w0BAQsFAAOCAQEAAcKhxI+tSItrXmqC0PSmgWyAYpqbkz6W/cefTutXqhIgY09f
-h0LSv7ogTahoGpyiZk9vy6u3OE9bYwxapEfa4KBjO6HxBMIVBBb3RegVjoPzjElN
-BDwAx0VGFcZTXwMxDWycWdG8ql7rCZBvS50w04uTaIgnGmqXAdWWmBgfJ9cRbxW+
-JwO/mOl1QM1lR/5142NpvuUVWlmZSKEGydE5A1qPz2wpDbBR1ym1BQNS4NEqw6Kp
-GSB8jKyCS1Ve0v2wVze2038Wukz02dq9uKPTIO3T+B+ibZmxn6Op/kFCc1/kK5NS
-Q6JdO1B6KquGAYdGmKAcQ19mv+jqGktqWEEf0g==
------END CERTIFICATE-----
diff --git a/demo/extrepo/configs-and-secrets/midpoint/httpd/host-key.pem b/demo/extrepo/configs-and-secrets/midpoint/httpd/host-key.pem
deleted file mode 100644
index 5746e59..0000000
--- a/demo/extrepo/configs-and-secrets/midpoint/httpd/host-key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCmP9vswRRJ+7eh
-cx82BHBOx7trlRXsmzB/Uz9k39lmQCQjE0F69mCjON6y8s9auaxOA42LteKAlQm8
-KN2OaVb14MyWuL+uQPwe45HUNAJUov2e+hLZzcPuyrkSZ1rdXxOWPzZWp8SZ493e
-xqPHuZxN9sfyPAAv02GQL5YyJvkimMsakbQUQALSFrsvFv7uMiKodUlqotckYLIY
-3iaHpzVD1LV/xFVOJbZrzHbYb73CdlhuSIDYrGWzXvuKYeWFLPwR29XgikbDVqas
-RaGG4MS6bsG9nXFAMtq2BGqHioAoshVh5GcnwfUV6Uxr3SoHgbTwwg+J+ZOxDCon
-IFhoR2BZAgMBAAECggEAEIRBpjjceiku6jRUwnoYaks/nIWYQwR8AfpUTwJKR/VR
-Yca097Fokm7A+UhUP3A45RtHQb0VPq8P44iv0kk24YCu8r5yFK7SHYOAZnOwU5ZJ
-2jSAEPF3aM7tKh3okhuzB3dKP7u1NZDE5zAW723KUJiW7sL1RcsbY0bHBj6G+9/H
-NplmsjuGt684vRBB0qOBfKF7EiG7mT69tHuNj4gRza9SMY31UtKbZdt2fNY6mp5V
-HscMba7egZP+Ke0pVX4+go9j7K8GG8hYaQDLjrzlPqrxZ2c5X9cC+CRDI/CHuL/s
-V/2yGZJ6n6UabwZoH83RdFrbQ94rU8Hkli6EvxXvMQKBgQDRpheNW5jDG5TfeJKh
-yfKTDQqH2Tk3BsBYYBN7Hf3m7vbkzlxnAKJAoSLmtRMuoeXvI5MrhzaHGsNIUS76
-LDIZnvB7DLUxhFUZsCPkpAA1QHuTWY96oR3PHnPjpk8lSUvtbOPwDLdzVApeFJgZ
-VqMNArZ7AHsK3Kkyi+f4WVQjbQKBgQDLAWiGb5dx6fAM2W6B6HjNmzjBWOuVEXa2
-76to9jzupBZmETfZgxtWUaWUDuNS+f7dtVUTE+p6v/w8clrHEhEZYkqunIOLo/UA
-LFPiuoTfEsWb1rh+nsCjCgy4uimixj/bSkf7NC6NyKTvCygA1mGnVVJUEPegYlDy
-LXCkaKWxHQKBgQCmyHSKL2lrJkEcOwakEU2acNCE3Gno/cT9SYmV83kvQ8JEqmrW
-QqnRsp9aXIljGscapPmKsmnNt5vNp1AxFAHTYh88NRLczsMIyZj0ZwgHVUI6KhC7
-5Psa78YQQBlMt2/g9TSsnuE+rYgF6mpKFiNm0Vasqeg47uzn2mdzqlUGTQKBgE04
-JutkTUY+h1pL5vYxWKpVDfy19z7H2tFxT1FowPrBneeLSyRI88Ac5I/yLdRlVeY9
-0LOmEr5Igwj3MsKgg7KVKfVLgdo/LrW3Jt2Kt3onKNXDkoBPoNUjwH0QC0Boiue+
-VK0gR0kVdm+bXccbxR+im+NwZNE0NLg6Qqu3RredAoGBALuVoqbPPmTCZXYG328H
-bzOs2aiR7BzPSVByV+qG6jW7w03RAnFPJZp7HMU+ViI5VY0wabUscMSvz5163+gM
-4KwY3v9ZjZzZGukIfLuudkdqtaiVOx/KeAC0n+nG21YU+wpZww8gkfHh1/sa2CME
-CWYCgOnmiTHcj83UaTqEXtmv
------END PRIVATE KEY-----
diff --git a/demo/extrepo/docker-compose.yml b/demo/extrepo/docker-compose.yml
deleted file mode 100644
index ae4ad6a..0000000
--- a/demo/extrepo/docker-compose.yml
+++ /dev/null
@@ -1,54 +0,0 @@
-version: "3.3"
-
-services:
- midpoint_server:
- image: tier/midpoint:latest
- ports:
- - 8443:443
- environment:
- - ENV
- - USERTOKEN
- - REPO_DATABASE_TYPE
- - REPO_JDBC_URL
- - REPO_HOST
- - REPO_PORT
- - REPO_DATABASE
- - REPO_USER
- - REPO_MISSING_SCHEMA_ACTION
- - REPO_UPGRADEABLE_SCHEMA_ACTION
- - REPO_SCHEMA_VERSION_IF_MISSING
- - REPO_SCHEMA_VARIANT
- - MP_MEM_MAX
- - MP_MEM_INIT
- - MP_JAVA_OPTS
- - TIER_BEACON_OPT_OUT
- - TIMEZONE
- networks:
- - net
- secrets:
- - mp_database_password.txt
- - mp_keystore_password.txt
- - mp_host-key.pem
- volumes:
- - midpoint_home:/opt/midpoint/var
- - type: bind
- source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
- target: /etc/pki/tls/certs/host-cert.pem
- - type: bind
- source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
- target: /etc/pki/tls/certs/cachain.pem
-
-networks:
- net:
- driver: bridge
-
-secrets:
- mp_database_password.txt:
- file: ./configs-and-secrets/midpoint/application/database_password.txt
- mp_keystore_password.txt:
- file: ./configs-and-secrets/midpoint/application/keystore_password.txt
- mp_host-key.pem:
- file: ./configs-and-secrets/midpoint/httpd/host-key.pem
-
-volumes:
- midpoint_home:
diff --git a/demo/grouper/.env b/demo/grouper/.env
index 6cca1f1..e927f1c 100644
--- a/demo/grouper/.env
+++ b/demo/grouper/.env
@@ -1,12 +1,4 @@
ENV=demo
-REPO_DATABASE_TYPE=mariadb
-REPO_JDBC_URL=default
-REPO_HOST=midpoint_data
-REPO_PORT=default
-REPO_DATABASE=registry
-REPO_USER=registry_user
-REPO_MISSING_SCHEMA_ACTION=create
-REPO_UPGRADEABLE_SCHEMA_ACTION=stop
MP_MEM_MAX=2048m
MP_MEM_INIT=1024m
TIMEZONE=UTC
diff --git a/demo/grouper/configs-and-secrets/midpoint/application/database_password.txt b/demo/grouper/configs-and-secrets/midpoint/application/database_password.txt
deleted file mode 100644
index 11bff19..0000000
--- a/demo/grouper/configs-and-secrets/midpoint/application/database_password.txt
+++ /dev/null
@@ -1 +0,0 @@
-WJzesbe3poNZ91qIbmR7
diff --git a/demo/grouper/configs-and-secrets/midpoint/application/keystore_password.txt b/demo/grouper/configs-and-secrets/midpoint/application/keystore_password.txt
deleted file mode 100644
index 1d40192..0000000
--- a/demo/grouper/configs-and-secrets/midpoint/application/keystore_password.txt
+++ /dev/null
@@ -1 +0,0 @@
-changeit
diff --git a/demo/grouper/docker-compose.yml b/demo/grouper/docker-compose.yml
index 83071fc..6f44a86 100644
--- a/demo/grouper/docker-compose.yml
+++ b/demo/grouper/docker-compose.yml
@@ -172,39 +172,82 @@ services:
environment:
- CREATE_NEW_DATABASE=if_needed
+ data_init:
+ image: i2incommon/midpoint:${tag:-4.4.1}
+ command: >
+ bash -c "
+ chmod 777 /opt/mp-pw/ ;
+ touch /opt/mp-pw/db_init_in_progress ;
+ echo -e '#!/bin/sh\ntouch /opt/mp-pw/db_init' >/opt/db-init/000-start.sh ;
+ echo -e '#!/bin/sh\necho DB structure init process has finished...\nrm -f /opt/mp-pw/db_init_in_progress /opt/mp-pw/db_init' > /opt/db-init/999-finish.sh ;
+ /opt/midpoint/bin/midpoint.sh init-native
+ "
+ environment:
+ - MP_INIT_DB_CONCAT=/opt/db-init/init.sql
+ - MP_DB_PW=/opt/mp-pw/dbpassword
+ - MP_PW_DEF=/opt/mp-pw/keystorepw
+ volumes:
+ - db_init:/opt/db-init
+ - mp_pw:/opt/mp-pw
+
midpoint_data:
- image: tier/mariadb:mariadb10
+ image: postgres:13-alpine
+ command: >
+ bash -c "
+ rm -f /var/lib/postgresql/data/postmaster.pid ;
+ while [ ! -s /opt/mp-pw/dbpassword -o -e /opt/mp-pw/init_in_progress ] ; do
+ echo 'Waiting to the end of the init process...';
+ sleep 1;
+ done ;
+ {
+ sleep 2 ;
+ if [ ! -e /opt/mp-pw/db_init -a -e /opt/mp-pw/db_init_in_progress ] ;
+ then echo 'DB init did not start...' ;
+ rm -f /opt/mp-pw/db_ini*;
+ echo 'The lock files has been removed...';
+ fi ;
+ } &
+ docker-entrypoint.sh postgres
+ "
+ user: "70:70"
+ depends_on:
+ - data_init
+ environment:
+ - POSTGRES_PASSWORD_FILE=/opt/mp-pw/dbpassword
+ - POSTGRES_USER=midpoint
+ - POSTGRES_INITDB_ARGS=--lc-collate=en_US.utf8 --lc-ctype=en_US.utf8
ports:
- - 33306:3306
+ - 5432:5432
networks:
- net:
- aliases:
- - midpoint-data
+ - net
volumes:
- - midpoint_mysql:/var/lib/mysql
- - midpoint_data:/var/lib/mysqlmounted
- environment:
- - CREATE_NEW_DATABASE=if_needed
+ - midpoint_data:/var/lib/postgresql/data
+ - db_init:/docker-entrypoint-initdb.d/
+ - mp_pw:/opt/mp-pw
midpoint_server:
- build: ./midpoint_server/
+ build:
+ context: ./midpoint_server/
+ args:
+ tag: ${tag:-4.4.1}
depends_on:
+ - data_init
- midpoint_data
ports:
- 8443:443
environment:
- ENV
- USERTOKEN
- - REPO_DATABASE_TYPE
- - REPO_JDBC_URL
- - REPO_HOST
- - REPO_PORT
- - REPO_DATABASE
- - REPO_USER
- - REPO_MISSING_SCHEMA_ACTION
- - REPO_UPGRADEABLE_SCHEMA_ACTION
- - REPO_SCHEMA_VERSION_IF_MISSING
- - REPO_SCHEMA_VARIANT
+ - MP_SET_midpoint_repository_jdbcUsername=midpoint
+ - MP_SET_midpoint_repository_jdbcPassword_FILE=/opt/mp-pw/dbpassword
+ - MP_SET_midpoint_repository_jdbcUrl=jdbc:postgresql://midpoint_data:5432/midpoint
+ - MP_SET_midpoint_keystore_keyStorePassword_FILE=/opt/mp-pw/keystorepw
+ - MP_SET_server_tomcat_ajp_enabled=true
+ - MP_SET_server_tomcat_ajp_port=9090
+ - MP_SET_server_tomcat_ajp_secret=s3cr3t
+ - MP_SET_logging_path=/tmp/logtomcat
+ - MP_UNSET_midpoint_repository_hibernateHbm2ddl=1
+ - MP_NO_ENV_COMPAT=1
- MP_MEM_MAX
- MP_MEM_INIT
- MP_JAVA_OPTS
@@ -215,8 +258,6 @@ services:
aliases:
- midpoint-server
secrets:
- - mp_database_password.txt
- - mp_keystore_password.txt
- mp_host-key.pem
- mp_shibboleth_sp_keys.jks
volumes:
@@ -230,6 +271,7 @@ services:
- type: bind
source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
target: /etc/pki/tls/certs/cachain.pem
+ - mp_pw:/opt/mp-pw
idp:
build: ./idp/
@@ -279,10 +321,6 @@ secrets:
# midPoint
mp_host-key.pem:
file: ./configs-and-secrets/midpoint/httpd/host-key.pem
- mp_database_password.txt:
- file: ./configs-and-secrets/midpoint/application/database_password.txt
- mp_keystore_password.txt:
- file: ./configs-and-secrets/midpoint/application/keystore_password.txt
mp_shibboleth_sp_keys.jks:
file: ./configs-and-secrets/midpoint/shibboleth/shibboleth_sp_keys.jks
@@ -292,7 +330,8 @@ volumes:
source_mysql:
target_data:
ldap:
+ db_init:
+ mp_pw:
midpoint_data:
- midpoint_mysql:
midpoint_home:
mq:
diff --git a/demo/grouper/midpoint-objects-manual/tasks/task-async-update-grouper.xml b/demo/grouper/midpoint-objects-manual/tasks/task-async-update-grouper.xml
index 5007ae4..08f3c1a 100644
--- a/demo/grouper/midpoint-objects-manual/tasks/task-async-update-grouper.xml
+++ b/demo/grouper/midpoint-objects-manual/tasks/task-async-update-grouper.xml
@@ -15,26 +15,37 @@
-->
- Grouper async updates
-
- 1
-
-
-
-
- 1552664339630-0-2
-
-
-
- runnable
- AsynchronousUpdate
-
-
-
- single
- loose
- restart
+ xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+ xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
+ oid="47fc57bd-8c34-4555-9b9f-7087ff179860">
+ Grouper async updates
+
+
+
+
+ 1552664339630-0-2
+
+
+
+ runnable
+
+
+
+
+ single
+
+ loose
+ restart
+
+
+
+
+
+
+
+
+
+ 1
+
+
diff --git a/demo/grouper/midpoint-objects-manual/tasks/task-import-sis-persons.xml b/demo/grouper/midpoint-objects-manual/tasks/task-import-sis-persons.xml
index 58189c0..c4f396b 100644
--- a/demo/grouper/midpoint-objects-manual/tasks/task-import-sis-persons.xml
+++ b/demo/grouper/midpoint-objects-manual/tasks/task-import-sis-persons.xml
@@ -1,34 +1,43 @@
- Import from SIS persons
-
- account
- ri:AccountObjectClass
-
-
-
-
-
- 1535407239440-0-1
-
- runnable
- ImportingAccounts
-
- single
- loose
+
+
+
+
+
+ 1535407239440-0-1
+
+
+
+ runnable
+
+
+
+
+ single
+
+ loose
+
+
+
+
+
+ account
+ ri:AccountObjectClass
+
+
+
+
diff --git a/demo/grouper/midpoint-objects-manual/tasks/task-recomputation-users.xml b/demo/grouper/midpoint-objects-manual/tasks/task-recomputation-users.xml
index 179b565..03fe35f 100644
--- a/demo/grouper/midpoint-objects-manual/tasks/task-recomputation-users.xml
+++ b/demo/grouper/midpoint-objects-manual/tasks/task-recomputation-users.xml
@@ -1,22 +1,32 @@
+ xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+ xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
+ oid="83a737ea-5eb7-4e78-b431-331cccf02354">
User recomputation
- c:UserType
-
+
+
1571729899646-0-1
http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#recompute
- runnable
- Recomputation
- single
+ runnable
+
+ single
+
tight
+
+
+
+
+ c:UserType
+
+
+
+
diff --git a/demo/grouper/midpoint-objects-manual/tasks/task-reconciliation-grouper-groups.xml b/demo/grouper/midpoint-objects-manual/tasks/task-reconciliation-grouper-groups.xml
index 4e024cc..421c1a0 100644
--- a/demo/grouper/midpoint-objects-manual/tasks/task-reconciliation-grouper-groups.xml
+++ b/demo/grouper/midpoint-objects-manual/tasks/task-reconciliation-grouper-groups.xml
@@ -15,27 +15,36 @@
-->
- Grouper reconciliation (groups)
-
- ri:Group
-
-
-
-
- 605a0127-a313-442a-9d5e-151eac8b0745
-
-
-
- runnable
- Reconciliation
-
-
-
- single
- loose
- restart
+ xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+ xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
+ xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
+ oid="605a0127-a313-442a-9d5e-151eac8b0745">
+ Grouper reconciliation (groups)
+
+
+
+
+ 605a0127-a313-442a-9d5e-151eac8b0745
+
+
+
+ runnable
+
+
+
+
+ single
+
+ loose
+ restart
+
+
+
+
+
+ ri:Group
+
+
+
+
diff --git a/demo/grouper/midpoint_server/Dockerfile b/demo/grouper/midpoint_server/Dockerfile
index 34ce0cd..00f664a 100644
--- a/demo/grouper/midpoint_server/Dockerfile
+++ b/demo/grouper/midpoint_server/Dockerfile
@@ -1,4 +1,6 @@
-FROM tier/midpoint:latest
+ARG tag=4.4.1
+
+FROM i2incommon/midpoint:${tag}
MAINTAINER info@evolveum.com
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/config.xml b/demo/grouper/midpoint_server/container_files/mp-home/config.xml
index 5a4e0ea..c45e612 100644
--- a/demo/grouper/midpoint_server/container_files/mp-home/config.xml
+++ b/demo/grouper/midpoint_server/container_files/mp-home/config.xml
@@ -20,19 +20,15 @@
${midpoint.home}/import
- com.evolveum.midpoint.repo.sql.SqlRepositoryFactory
- ${midpoint.home}
- true
- true
- true
- true
+ native
+ jdbc:postgresql://localhost:5432/midpoint
com.evolveum.midpoint.audit.impl.LoggerAuditServiceFactory
- com.evolveum.midpoint.repo.sql.SqlAuditServiceFactory
+ com.evolveum.midpoint.repo.sqale.audit.SqaleAuditServiceFactory
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/icf-connectors/connector-grouper-rest-0.6.jar b/demo/grouper/midpoint_server/container_files/mp-home/icf-connectors/connector-grouper-rest-0.7.jar
similarity index 98%
rename from demo/grouper/midpoint_server/container_files/mp-home/icf-connectors/connector-grouper-rest-0.6.jar
rename to demo/grouper/midpoint_server/container_files/mp-home/icf-connectors/connector-grouper-rest-0.7.jar
index e0ba84d..d03a75b 100644
Binary files a/demo/grouper/midpoint_server/container_files/mp-home/icf-connectors/connector-grouper-rest-0.6.jar and b/demo/grouper/midpoint_server/container_files/mp-home/icf-connectors/connector-grouper-rest-0.7.jar differ
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-midpoint-group.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-midpoint-group.xml
index e3bc872..bb9c140 100644
--- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-midpoint-group.xml
+++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/300-archetype-midpoint-group.xml
@@ -19,7 +19,7 @@
midPoint Groups
fa fa-users
- darkgviolet
+ darkviolet
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-grouper.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-grouper.xml
index 74fd191..af60e56 100644
--- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-grouper.xml
+++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-grouper.xml
@@ -14,7 +14,7 @@
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"
xmlns:rest="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-grouper-rest/com.evolveum.polygon.connector.grouper.rest.GrouperConnector"
- xmlns:conf="http://midpoint.evolveum.com/xml/ns/public/connector/builtin-1/bundle/com.evolveum.midpoint.provisioning.ucf.impl.builtin.async/AsyncUpdateConnector"
+ xmlns:conf="http://midpoint.evolveum.com/xml/ns/public/connector/builtin-1/bundle/com.evolveum.midpoint.provisioning.ucf.impl.builtin.async.update/AsyncUpdateConnector"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml
index cfe767f..9c607c7 100644
--- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml
+++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/systemConfigurations/010-system-configuration.xml
@@ -1,6 +1,6 @@
@@ -26,6 +27,11 @@
ERROR
ro.isdc.wro.extensions.processor.css.Less4jProcessor
+
+
+ OFF
+ org.springframework.security.web.DefaultSecurityFilterChain
+
@@ -47,16 +53,11 @@
WARN
org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl
-
+
OFF
org.hibernate.internal.ExceptionMapperStandardImpl
-
-
- OFF
- net.sf.jasperreports.engine.fill.JRFillDataset
-
@@ -85,7 +86,7 @@
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
%date [%X{subsystem}] [%thread] %level \(%logger\): %msg%n
${midpoint.home}/log/midpoint.log
${midpoint.home}/log/midpoint-%d{yyyy-MM-dd}.%i.log
@@ -95,7 +96,7 @@
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
%date %level: %msg%n
${midpoint.home}/log/midpoint-profile.log
${midpoint.home}/log/midpoint-profile-%d{yyyy-MM-dd}.%i.log
@@ -246,8 +247,8 @@
/self/profile
-
- View/edit your profile
+
+ PageSelfDashboard.profile.description
fa fa-user
@@ -257,8 +258,8 @@
/self/credentials
-
- View/edit your credentials
+
+ PageSelfDashboard.credentials.description
fa fa-shield
@@ -268,7 +269,7 @@
/admin/users
-
+
fa fa-users
@@ -277,7 +278,7 @@
/admin/resources
-
+
fa fa-database
@@ -290,7 +291,12 @@
- My cases
+
+ My cases
+
+ MyCases.title
+
+
My case
fe fe-case-object
@@ -308,7 +314,12 @@
- All manual cases
+
+ All manual cases
+
+ AllManualCases.title
+
+
Manual case
Manual provisioning cases
@@ -324,7 +335,12 @@
- All requests
+
+ All requests
+
+ AllRequests.title
+
+
Request
Operation requests
@@ -340,7 +356,12 @@
- All approvals
+
+ All approvals
+
+ AllApprovals.title
+
+
Approval
Approval cases
@@ -404,11 +425,11 @@
30
TaskType
-
+
- single-bulk-action-tasks-view
+ non-iterative-bulk-tasks-view
30
TaskType
@@ -416,13 +437,44 @@
- iterative-bulk-action-tasks-view
+ iterative-bulk-tasks-view
30
TaskType
+
+ report-import-task-view
+ 30
+ add
+ TaskType
+
+
+
+
+
+ export-report-tasks-view
+ add
+ 30
+ TaskType
+
+
+
+
+
+
+
+ export-report-distributed-tasks-view
+ add
+ 30
+ TaskType
+
+
+
+
+
+
certification-tasks-view
30
@@ -455,114 +507,154 @@
+
+ dashboard-reports-view
+ ReportType
+
+
+
+
+
+ collection-reports-view
+ ReportType
+
+
+
+
c:TaskType
-
- 150
+
+ advanced-options-panel
- -
- cleanupAfterCompletion
-
- -
- threadStopAction
-
- -
- binding
-
- -
- dependent
-
-
-
- 900
-
-
-
- -
- executionStatus
-
- -
- node
-
- -
- nodeAsObserved
-
- -
- resultStatus
-
- -
- result
-
- -
- nextRunStartTimestamp
-
- -
- nextRetryTimestamp
-
- -
- unpauseAction
-
- -
- taskIdentifier
-
- -
- parent
-
- -
- waitingReason
-
- -
- stateBeforeSuspend
-
- -
- category
-
- -
- otherHandlersUriStack
-
- -
- channel
-
- -
- subtaskRef
-
- -
- dependentTaskRef
-
- -
- lastRunStartTimestamp
-
- -
- lastRunFinishTimestamp
-
- -
- completionTimestamp
-
-
-
- 910
- hidden
+ formPanel
+
+ advanced-options
+ 150
+
+
+
+ -
+ cleanupAfterCompletion
+
+ -
+ threadStopAction
+
+ -
+ binding
+
+ -
+ dependent
+
+
+
+
+ operational-attributes-panel
-
+
- -
- progress
-
- -
- expectedTotal
-
- -
- stalledSince
-
-
-
+ formPanel
+
+ operational-attributes
+ 900
+
+
+
+ -
+ executionState
+
+ -
+ schedulingState
+
+ -
+ node
+
+ -
+ nodeAsObserved
+
+ -
+ resultStatus
+
+ -
+ result
+
+ -
+ nextRunStartTimestamp
+
+ -
+ nextRetryTimestamp
+
+ -
+ unpauseAction
+
+ -
+ taskIdentifier
+
+ -
+ parent
+
+ -
+ waitingReason
+
+ -
+ stateBeforeSuspend
+
+ -
+ schedulingStateBeforeSuspend
+
+ -
+ category
+
+ -
+ otherHandlersUriStack
+
+ -
+ channel
+
+ -
+ subtaskRef
+
+ -
+ dependentTaskRef
+
+ -
+ lastRunStartTimestamp
+
+ -
+ lastRunFinishTimestamp
+
+ -
+ completionTimestamp
+
+
+
+ 910
+ hidden
+ operation-attributes-progress
+
+
+
+ -
+ progress
+
+ -
+ expectedTotal
+
+ -
+ stalledSince
+
+
+
true
+
+ admin-dashboard
+
+
never
@@ -627,50 +719,51 @@
java.lang.Object
- Basic Java operations.
- deny
-
- equals
- allow
-
- hashCode
- allow
-
+ Basic Java operations.
+ deny
+
+ equals
+ allow
+
+
+ hashCode
+ allow
+
java.lang.String
- String operations are generally safe. But Groovy is adding execute() method which is very dangerous.
- allow
-
- execute
- deny
-
+ String operations are generally safe. But Groovy is adding execute() method which is very dangerous.
+ allow
+
+ execute
+ deny
+
java.lang.CharSequence
- allow
+ allow
java.lang.Enum
- allow
+ allow
java.util.List
- List operations are generally safe. But Groovy is adding execute() method which is very dangerous.
- allow
-
- execute
- deny
-
+ List operations are generally safe. But Groovy is adding execute() method which is very dangerous.
+ allow
+
+ execute
+ deny
+
java.util.ArrayList
- List operations are generally safe. But Groovy is adding execute() method which is very dangerous.
- allow
-
- execute
- deny
-
+ List operations are generally safe. But Groovy is adding execute() method which is very dangerous.
+ allow
+
+ execute
+ deny
+
java.util.Map
diff --git a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/tasks/995-task-group-scavenger.xml b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/tasks/995-task-group-scavenger.xml
index 50c98af..11a3005 100644
--- a/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/tasks/995-task-group-scavenger.xml
+++ b/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/tasks/995-task-group-scavenger.xml
@@ -14,22 +14,45 @@ Looks for groups with the lifecycleState of 'retired' and completes their deleti
-->
- Group Scavenger
-
-
-
- execute-script
-
- script
-
- import com.evolveum.midpoint.xml.ns._public.common.common_3.*
+ xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+ xmlns:mext="http://midpoint.evolveum.com/xml/ns/public/model/extension-3"
+ xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+ xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3"
+ xmlns:scext="http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ oid="1d7bef40-953e-443e-8e9a-ec6e313668c4">
+ Group Scavenger
+
+
+
+
+
+ runnable
+
+ recurring
+ 60
+
+
+
+
+
+ OrgType
+
+
+
+ lifecycleState
+ retired
+
+
+
+
+
+
+ execute-script
+
+ script
+
+ import com.evolveum.midpoint.xml.ns._public.common.common_3.*
result = midpoint.currentResult
log.info('Processing dead group: {}', input)
@@ -59,28 +82,11 @@ Looks for groups with the lifecycleState of 'retired' and completes their deleti
}
log.info('Dead group processing done: {}', input)
-
-
-
-
- OrgType
-
-
-
- lifecycleState
- retired
-
-
-
-
-
-
-
-
- runnable
- BulkActions
- recurring
-
- 60
-
+
+
+
+
+
+
+
diff --git a/demo/grouper/tests/main.bats b/demo/grouper/tests/main.bats
index 2065bbf..31fe679 100644
--- a/demo/grouper/tests/main.bats
+++ b/demo/grouper/tests/main.bats
@@ -6,7 +6,6 @@ load ../../../library
@test "000 Cleanup before running the tests" {
(cd ../simple ; docker-compose down -v)
(cd ../shibboleth ; docker-compose down -v)
- (cd ../postgresql ; docker-compose down -v)
docker-compose down -v
}
diff --git a/demo/postgresql/.env b/demo/postgresql/.env
deleted file mode 100644
index 06d99ad..0000000
--- a/demo/postgresql/.env
+++ /dev/null
@@ -1,8 +0,0 @@
-# These parameters can be overridden by setting environment variables before calling docker-compose up
-ENV=demo
-USERTOKEN=
-REPO_MISSING_SCHEMA_ACTION=create
-REPO_UPGRADEABLE_SCHEMA_ACTION=stop
-MP_MEM_MAX=2048m
-MP_MEM_INIT=1024m
-TIMEZONE=UTC
diff --git a/demo/postgresql/configs-and-secrets/midpoint/application/database_password.txt b/demo/postgresql/configs-and-secrets/midpoint/application/database_password.txt
deleted file mode 100644
index 11bff19..0000000
--- a/demo/postgresql/configs-and-secrets/midpoint/application/database_password.txt
+++ /dev/null
@@ -1 +0,0 @@
-WJzesbe3poNZ91qIbmR7
diff --git a/demo/postgresql/configs-and-secrets/midpoint/application/keystore_password.txt b/demo/postgresql/configs-and-secrets/midpoint/application/keystore_password.txt
deleted file mode 100644
index 1d40192..0000000
--- a/demo/postgresql/configs-and-secrets/midpoint/application/keystore_password.txt
+++ /dev/null
@@ -1 +0,0 @@
-changeit
diff --git a/demo/postgresql/configs-and-secrets/midpoint/httpd/host-cert.pem b/demo/postgresql/configs-and-secrets/midpoint/httpd/host-cert.pem
deleted file mode 100644
index 9b1021b..0000000
--- a/demo/postgresql/configs-and-secrets/midpoint/httpd/host-cert.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDqDCCApCgAwIBAgIJAMOSkn4oS2aAMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRcwFQYDVQQK
-DA5JbnRlcm5ldDIvVElFUjEgMB4GA1UEAwwXbWlkcG9pbnQuc3AuZXhhbXBsZS5v
-cmcwHhcNMTgwOTE0MDU1OTQ1WhcNMTkwOTE0MDU1OTQ1WjBpMQswCQYDVQQGEwJV
-UzELMAkGA1UECAwCTUkxEjAQBgNVBAcMCUFubiBBcmJvcjEXMBUGA1UECgwOSW50
-ZXJuZXQyL1RJRVIxIDAeBgNVBAMMF21pZHBvaW50LnNwLmV4YW1wbGUub3JnMIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApj/b7MEUSfu3oXMfNgRwTse7
-a5UV7Jswf1M/ZN/ZZkAkIxNBevZgozjesvLPWrmsTgONi7XigJUJvCjdjmlW9eDM
-lri/rkD8HuOR1DQCVKL9nvoS2c3D7sq5Emda3V8Tlj82VqfEmePd3sajx7mcTfbH
-8jwAL9NhkC+WMib5IpjLGpG0FEAC0ha7Lxb+7jIiqHVJaqLXJGCyGN4mh6c1Q9S1
-f8RVTiW2a8x22G+9wnZYbkiA2Kxls177imHlhSz8EdvV4IpGw1amrEWhhuDEum7B
-vZ1xQDLatgRqh4qAKLIVYeRnJ8H1FelMa90qB4G08MIPifmTsQwqJyBYaEdgWQID
-AQABo1MwUTAdBgNVHQ4EFgQUqb9BteODF6wv5R57aEON/wGXMiowHwYDVR0jBBgw
-FoAUqb9BteODF6wv5R57aEON/wGXMiowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
-9w0BAQsFAAOCAQEAAcKhxI+tSItrXmqC0PSmgWyAYpqbkz6W/cefTutXqhIgY09f
-h0LSv7ogTahoGpyiZk9vy6u3OE9bYwxapEfa4KBjO6HxBMIVBBb3RegVjoPzjElN
-BDwAx0VGFcZTXwMxDWycWdG8ql7rCZBvS50w04uTaIgnGmqXAdWWmBgfJ9cRbxW+
-JwO/mOl1QM1lR/5142NpvuUVWlmZSKEGydE5A1qPz2wpDbBR1ym1BQNS4NEqw6Kp
-GSB8jKyCS1Ve0v2wVze2038Wukz02dq9uKPTIO3T+B+ibZmxn6Op/kFCc1/kK5NS
-Q6JdO1B6KquGAYdGmKAcQ19mv+jqGktqWEEf0g==
------END CERTIFICATE-----
diff --git a/demo/postgresql/configs-and-secrets/midpoint/httpd/host-key.pem b/demo/postgresql/configs-and-secrets/midpoint/httpd/host-key.pem
deleted file mode 100644
index 5746e59..0000000
--- a/demo/postgresql/configs-and-secrets/midpoint/httpd/host-key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCmP9vswRRJ+7eh
-cx82BHBOx7trlRXsmzB/Uz9k39lmQCQjE0F69mCjON6y8s9auaxOA42LteKAlQm8
-KN2OaVb14MyWuL+uQPwe45HUNAJUov2e+hLZzcPuyrkSZ1rdXxOWPzZWp8SZ493e
-xqPHuZxN9sfyPAAv02GQL5YyJvkimMsakbQUQALSFrsvFv7uMiKodUlqotckYLIY
-3iaHpzVD1LV/xFVOJbZrzHbYb73CdlhuSIDYrGWzXvuKYeWFLPwR29XgikbDVqas
-RaGG4MS6bsG9nXFAMtq2BGqHioAoshVh5GcnwfUV6Uxr3SoHgbTwwg+J+ZOxDCon
-IFhoR2BZAgMBAAECggEAEIRBpjjceiku6jRUwnoYaks/nIWYQwR8AfpUTwJKR/VR
-Yca097Fokm7A+UhUP3A45RtHQb0VPq8P44iv0kk24YCu8r5yFK7SHYOAZnOwU5ZJ
-2jSAEPF3aM7tKh3okhuzB3dKP7u1NZDE5zAW723KUJiW7sL1RcsbY0bHBj6G+9/H
-NplmsjuGt684vRBB0qOBfKF7EiG7mT69tHuNj4gRza9SMY31UtKbZdt2fNY6mp5V
-HscMba7egZP+Ke0pVX4+go9j7K8GG8hYaQDLjrzlPqrxZ2c5X9cC+CRDI/CHuL/s
-V/2yGZJ6n6UabwZoH83RdFrbQ94rU8Hkli6EvxXvMQKBgQDRpheNW5jDG5TfeJKh
-yfKTDQqH2Tk3BsBYYBN7Hf3m7vbkzlxnAKJAoSLmtRMuoeXvI5MrhzaHGsNIUS76
-LDIZnvB7DLUxhFUZsCPkpAA1QHuTWY96oR3PHnPjpk8lSUvtbOPwDLdzVApeFJgZ
-VqMNArZ7AHsK3Kkyi+f4WVQjbQKBgQDLAWiGb5dx6fAM2W6B6HjNmzjBWOuVEXa2
-76to9jzupBZmETfZgxtWUaWUDuNS+f7dtVUTE+p6v/w8clrHEhEZYkqunIOLo/UA
-LFPiuoTfEsWb1rh+nsCjCgy4uimixj/bSkf7NC6NyKTvCygA1mGnVVJUEPegYlDy
-LXCkaKWxHQKBgQCmyHSKL2lrJkEcOwakEU2acNCE3Gno/cT9SYmV83kvQ8JEqmrW
-QqnRsp9aXIljGscapPmKsmnNt5vNp1AxFAHTYh88NRLczsMIyZj0ZwgHVUI6KhC7
-5Psa78YQQBlMt2/g9TSsnuE+rYgF6mpKFiNm0Vasqeg47uzn2mdzqlUGTQKBgE04
-JutkTUY+h1pL5vYxWKpVDfy19z7H2tFxT1FowPrBneeLSyRI88Ac5I/yLdRlVeY9
-0LOmEr5Igwj3MsKgg7KVKfVLgdo/LrW3Jt2Kt3onKNXDkoBPoNUjwH0QC0Boiue+
-VK0gR0kVdm+bXccbxR+im+NwZNE0NLg6Qqu3RredAoGBALuVoqbPPmTCZXYG328H
-bzOs2aiR7BzPSVByV+qG6jW7w03RAnFPJZp7HMU+ViI5VY0wabUscMSvz5163+gM
-4KwY3v9ZjZzZGukIfLuudkdqtaiVOx/KeAC0n+nG21YU+wpZww8gkfHh1/sa2CME
-CWYCgOnmiTHcj83UaTqEXtmv
------END PRIVATE KEY-----
diff --git a/demo/postgresql/docker-compose-tests.yml b/demo/postgresql/docker-compose-tests.yml
deleted file mode 100644
index b0c2363..0000000
--- a/demo/postgresql/docker-compose-tests.yml
+++ /dev/null
@@ -1,71 +0,0 @@
-# Version for running Bats tests.
-# Minimizes the number of ports mapped to localhost, to avoid collisions during testing.
-
-version: "3.3"
-
-services:
- midpoint_data:
- image: postgres:11
- environment:
- - POSTGRES_PASSWORD_FILE=/run/secrets/mp_database_password.txt
- - POSTGRES_USER=midpoint
- - POSTGRES_INITDB_ARGS=--lc-collate=en_US.utf8 --lc-ctype=en_US.utf8
- expose:
- - 5432
- networks:
- - net
- secrets:
- - mp_database_password.txt
- volumes:
- - midpoint_data:/var/lib/postgresql/data
-
- midpoint_server:
- image: tier/midpoint:latest
- ports:
- - 8443:443
- environment:
- - ENV
- - USERTOKEN
- - REPO_DATABASE_TYPE=postgresql
- - REPO_HOST=midpoint_data
- - REPO_DATABASE=midpoint
- - REPO_USER=midpoint
- - REPO_MISSING_SCHEMA_ACTION
- - REPO_UPGRADEABLE_SCHEMA_ACTION
- - REPO_SCHEMA_VERSION_IF_MISSING
- - REPO_SCHEMA_VARIANT
- - MP_MEM_MAX
- - MP_MEM_INIT
- - MP_JAVA_OPTS
- - TIER_BEACON_OPT_OUT
- - TIMEZONE
- networks:
- - net
- secrets:
- - mp_database_password.txt
- - mp_keystore_password.txt
- - mp_host-key.pem
- volumes:
- - midpoint_home:/opt/midpoint/var
- - type: bind
- source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
- target: /etc/pki/tls/certs/host-cert.pem
- - type: bind
- source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
- target: /etc/pki/tls/certs/cachain.pem
-
-networks:
- net:
- driver: bridge
-
-secrets:
- mp_database_password.txt:
- file: ./configs-and-secrets/midpoint/application/database_password.txt
- mp_keystore_password.txt:
- file: ./configs-and-secrets/midpoint/application/keystore_password.txt
- mp_host-key.pem:
- file: ./configs-and-secrets/midpoint/httpd/host-key.pem
-
-volumes:
- midpoint_data:
- midpoint_home:
diff --git a/demo/postgresql/docker-compose.yml b/demo/postgresql/docker-compose.yml
deleted file mode 100644
index 5bab706..0000000
--- a/demo/postgresql/docker-compose.yml
+++ /dev/null
@@ -1,68 +0,0 @@
-version: "3.3"
-
-services:
- midpoint_data:
- image: postgres:11
- environment:
- - POSTGRES_PASSWORD_FILE=/run/secrets/mp_database_password.txt
- - POSTGRES_USER=midpoint
- - POSTGRES_INITDB_ARGS=--lc-collate=en_US.utf8 --lc-ctype=en_US.utf8
- ports:
- - 5432:5432
- networks:
- - net
- secrets:
- - mp_database_password.txt
- volumes:
- - midpoint_data:/var/lib/postgresql/data
-
- midpoint_server:
- image: tier/midpoint:latest
- ports:
- - 8443:443
- environment:
- - ENV
- - USERTOKEN
- - REPO_DATABASE_TYPE=postgresql
- - REPO_HOST=midpoint_data
- - REPO_DATABASE=midpoint
- - REPO_USER=midpoint
- - REPO_MISSING_SCHEMA_ACTION
- - REPO_UPGRADEABLE_SCHEMA_ACTION
- - REPO_SCHEMA_VERSION_IF_MISSING
- - REPO_SCHEMA_VARIANT
- - MP_MEM_MAX
- - MP_MEM_INIT
- - MP_JAVA_OPTS
- - TIER_BEACON_OPT_OUT
- - TIMEZONE
- networks:
- - net
- secrets:
- - mp_database_password.txt
- - mp_keystore_password.txt
- - mp_host-key.pem
- volumes:
- - midpoint_home:/opt/midpoint/var
- - type: bind
- source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
- target: /etc/pki/tls/certs/host-cert.pem
- - type: bind
- source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
- target: /etc/pki/tls/certs/cachain.pem
-
-networks:
- net:
- driver: bridge
-
-secrets:
- mp_database_password.txt:
- file: ./configs-and-secrets/midpoint/application/database_password.txt
- mp_keystore_password.txt:
- file: ./configs-and-secrets/midpoint/application/keystore_password.txt
- mp_host-key.pem:
- file: ./configs-and-secrets/midpoint/httpd/host-key.pem
-
-volumes:
- midpoint_data:
- midpoint_home:
diff --git a/demo/postgresql/tests/main.bats b/demo/postgresql/tests/main.bats
deleted file mode 100755
index e5681f5..0000000
--- a/demo/postgresql/tests/main.bats
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/usr/bin/env bats
-
-load ../../../common
-load ../../../library
-
-@test "000 Cleanup before running the tests" {
- run docker-compose down -v
-}
-
-@test "010 Initialize and start midPoint" {
- docker-compose -f docker-compose-tests.yml up --build -d
- wait_for_midpoint_start postgresql_midpoint_server_1
-}
-
-@test "020 Check health" {
- check_health
-}
-
-@test "100 Get 'administrator'" {
- check_health
- get_and_check_object users 00000000-0000-0000-0000-000000000002 administrator
-}
-
-@test "110 And and get 'test110'" {
- check_health
- echo "test110" >/tmp/test110.xml
- add_object users /tmp/test110.xml
- rm /tmp/test110.xml
- search_and_check_object users test110
-}
-
-@test "999 Clean up" {
- docker-compose down -v
-}
diff --git a/demo/shibboleth/.env b/demo/shibboleth/.env
index 9f71d51..f99ab0c 100644
--- a/demo/shibboleth/.env
+++ b/demo/shibboleth/.env
@@ -1,15 +1,6 @@
# These parameters can be overridden by setting environment variables before calling docker-compose up
ENV=demo
USERTOKEN=
-REPO_DATABASE_TYPE=mariadb
-REPO_JDBC_URL=default
-REPO_HOST=midpoint_data
-REPO_PORT=default
-REPO_DATABASE=registry
-REPO_USER=registry_user
-REPO_MISSING_SCHEMA_ACTION=create
-REPO_UPGRADEABLE_SCHEMA_ACTION=stop
MP_MEM_MAX=2048m
MP_MEM_INIT=1024m
TIMEZONE=UTC
-
diff --git a/demo/shibboleth/configs-and-secrets/midpoint/application/database_password.txt b/demo/shibboleth/configs-and-secrets/midpoint/application/database_password.txt
deleted file mode 100644
index 11bff19..0000000
--- a/demo/shibboleth/configs-and-secrets/midpoint/application/database_password.txt
+++ /dev/null
@@ -1 +0,0 @@
-WJzesbe3poNZ91qIbmR7
diff --git a/demo/shibboleth/configs-and-secrets/midpoint/application/keystore_password.txt b/demo/shibboleth/configs-and-secrets/midpoint/application/keystore_password.txt
deleted file mode 100644
index 1d40192..0000000
--- a/demo/shibboleth/configs-and-secrets/midpoint/application/keystore_password.txt
+++ /dev/null
@@ -1 +0,0 @@
-changeit
diff --git a/demo/shibboleth/docker-compose-tests.yml b/demo/shibboleth/docker-compose-tests.yml
index 25a28a4..f28b318 100644
--- a/demo/shibboleth/docker-compose-tests.yml
+++ b/demo/shibboleth/docker-compose-tests.yml
@@ -4,46 +4,93 @@
version: "3.3"
services:
+ data_init:
+ image: i2incommon/midpoint:${tag:-4.4.1}
+ command: >
+ bash -c "
+ chmod 777 /opt/mp-pw/ ;
+ touch /opt/mp-pw/db_init_in_progress ;
+ echo -e '#!/bin/sh\ntouch /opt/mp-pw/db_init' >/opt/db-init/000-start.sh ;
+ echo -e '#!/bin/sh\necho DB structure init process has finished...\nrm -f /opt/mp-pw/db_init_in_progress /opt/mp-pw/db_init' > /opt/db-init/999-finish.sh ;
+ /opt/midpoint/bin/midpoint.sh init-native
+ "
+ environment:
+ - MP_INIT_DB_CONCAT=/opt/db-init/init.sql
+ - MP_DB_PW=/opt/mp-pw/dbpassword
+ - MP_PW_DEF=/opt/mp-pw/keystorepw
+ volumes:
+ - db_init:/opt/db-init
+ - mp_pw:/opt/mp-pw
midpoint_data:
- image: tier/mariadb:mariadb10
- expose:
- - 3306
+ image: postgres:13-alpine
+ command: >
+ bash -c "
+ rm -f /var/lib/postgresql/data/postmaster.pid ;
+ while [ ! -s /opt/mp-pw/dbpassword -o -e /opt/mp-pw/init_in_progress ] ; do
+ echo 'Waiting to the end of the init process...';
+ sleep 1;
+ done ;
+ {
+ sleep 2 ;
+ if [ ! -e /opt/mp-pw/db_init -a -e /opt/mp-pw/db_init_in_progress ] ;
+ then echo 'DB init did not start...' ;
+ rm -f /opt/mp-pw/db_ini*;
+ echo 'The lock files has been removed...';
+ fi ;
+ } &
+ docker-entrypoint.sh postgres
+ "
+ user: "70:70"
+ depends_on:
+ - data_init
+ environment:
+ - POSTGRES_PASSWORD_FILE=/opt/mp-pw/dbpassword
+ - POSTGRES_USER=midpoint
+ - POSTGRES_INITDB_ARGS=--lc-collate=en_US.utf8 --lc-ctype=en_US.utf8
+ ports:
+ - 5432:5432
networks:
- net
volumes:
- - midpoint_mysql:/var/lib/mysql
- - midpoint_data:/var/lib/mysqlmounted
- environment:
- - CREATE_NEW_DATABASE=if_needed
+ - midpoint_data:/var/lib/postgresql/data
+ - db_init:/docker-entrypoint-initdb.d/
+ - mp_pw:/opt/mp-pw
midpoint_server:
- build: ./midpoint_server/
+ build:
+ context: ./midpoint_server/
+ args:
+ tag: ${tag:-4.4.1}
+ command: /usr/local/bin/startup.sh
+ depends_on:
+ - data_init
+ - midpoint_data
ports:
- - 8443:443
+ - 8443:443
environment:
- ENV
- USERTOKEN
- - REPO_DATABASE_TYPE
- - REPO_JDBC_URL
- - REPO_HOST
- - REPO_PORT
- - REPO_DATABASE
- - REPO_USER
- - REPO_MISSING_SCHEMA_ACTION
- - REPO_UPGRADEABLE_SCHEMA_ACTION
- - REPO_SCHEMA_VERSION_IF_MISSING
- - REPO_SCHEMA_VARIANT
+ - MP_SET_midpoint_repository_jdbcUsername=midpoint
+ - MP_SET_midpoint_repository_jdbcPassword_FILE=/opt/mp-pw/dbpassword
+ - MP_SET_midpoint_repository_jdbcUrl=jdbc:postgresql://midpoint_data:5432/midpoint
+ - MP_SET_midpoint_keystore_keyStorePassword_FILE=/opt/mp-pw/keystorepw
+ - MP_SET_server_tomcat_ajp_enabled=true
+ - MP_SET_server_tomcat_ajp_port=9090
+ - MP_SET_server_tomcat_ajp_secret=s3cr3t
+ - MP_SET_logging_path=/tmp/logtomcat
+ - MP_UNSET_midpoint_repository_hibernateHbm2ddl=1
+ - MP_NO_ENV_COMPAT=1
- MP_MEM_MAX
- MP_MEM_INIT
- MP_JAVA_OPTS
- TIER_BEACON_OPT_OUT
- TIMEZONE
networks:
- - net
+ net:
+ aliases:
+ - midpoint-server
secrets:
- - mp_database_password.txt
- - mp_keystore_password.txt
- mp_host-key.pem
- mp_shibboleth_sp_keys.jks
volumes:
@@ -72,11 +119,12 @@ services:
- type: bind
source: ./configs-and-secrets/midpoint/httpd/vhosts.conf
target: /etc/httpd/conf.d/vhosts/vhosts.conf
+ - mp_pw:/opt/mp-pw
directory:
build: ./directory/
- expose:
- - 389
+ ports:
+ - 389:389
networks:
- net
volumes:
@@ -102,15 +150,12 @@ networks:
secrets:
mp_host-key.pem:
file: ./configs-and-secrets/midpoint/httpd/host-key.pem
- mp_database_password.txt:
- file: ./configs-and-secrets/midpoint/application/database_password.txt
- mp_keystore_password.txt:
- file: ./configs-and-secrets/midpoint/application/keystore_password.txt
mp_shibboleth_sp_keys.jks:
file: ./configs-and-secrets/midpoint/shibboleth/shibboleth_sp_keys.jks
volumes:
- midpoint_mysql:
+ db_init:
+ mp_pw:
midpoint_data:
midpoint_home:
ldap:
diff --git a/demo/shibboleth/docker-compose.yml b/demo/shibboleth/docker-compose.yml
index 3817e6b..b496ffb 100644
--- a/demo/shibboleth/docker-compose.yml
+++ b/demo/shibboleth/docker-compose.yml
@@ -1,47 +1,93 @@
version: "3.3"
services:
+ data_init:
+ image: i2incommon/midpoint:${tag:-4.4.1}
+ command: >
+ bash -c "
+ chmod 777 /opt/mp-pw/ ;
+ touch /opt/mp-pw/db_init_in_progress ;
+ echo -e '#!/bin/sh\ntouch /opt/mp-pw/db_init' >/opt/db-init/000-start.sh ;
+ echo -e '#!/bin/sh\necho DB structure init process has finished...\nrm -f /opt/mp-pw/db_init_in_progress /opt/mp-pw/db_init' > /opt/db-init/999-finish.sh ;
+ /opt/midpoint/bin/midpoint.sh init-native
+ "
+ environment:
+ - MP_INIT_DB_CONCAT=/opt/db-init/init.sql
+ - MP_DB_PW=/opt/mp-pw/dbpassword
+ - MP_PW_DEF=/opt/mp-pw/keystorepw
+ volumes:
+ - db_init:/opt/db-init
+ - mp_pw:/opt/mp-pw
midpoint_data:
- image: tier/mariadb:mariadb10
+ image: postgres:13-alpine
+ command: >
+ bash -c "
+ rm -f /var/lib/postgresql/data/postmaster.pid ;
+ while [ ! -s /opt/mp-pw/dbpassword -o -e /opt/mp-pw/init_in_progress ] ; do
+ echo 'Waiting to the end of the init process...';
+ sleep 1;
+ done ;
+ {
+ sleep 2 ;
+ if [ ! -e /opt/mp-pw/db_init -a -e /opt/mp-pw/db_init_in_progress ] ;
+ then echo 'DB init did not start...' ;
+ rm -f /opt/mp-pw/db_ini*;
+ echo 'The lock files has been removed...';
+ fi ;
+ } &
+ docker-entrypoint.sh postgres
+ "
+ user: "70:70"
+ depends_on:
+ - data_init
+ environment:
+ - POSTGRES_PASSWORD_FILE=/opt/mp-pw/dbpassword
+ - POSTGRES_USER=midpoint
+ - POSTGRES_INITDB_ARGS=--lc-collate=en_US.utf8 --lc-ctype=en_US.utf8
ports:
- - 3306:3306
+ - 5432:5432
networks:
- net
volumes:
- - midpoint_mysql:/var/lib/mysql
- - midpoint_data:/var/lib/mysqlmounted
- environment:
- - CREATE_NEW_DATABASE=if_needed
+ - midpoint_data:/var/lib/postgresql/data
+ - db_init:/docker-entrypoint-initdb.d/
+ - mp_pw:/opt/mp-pw
midpoint_server:
- build: ./midpoint_server/
+ build:
+ context: ./midpoint_server/
+ args:
+ tag: ${tag:-4.4.1}
command: /usr/local/bin/startup.sh
+ depends_on:
+ - data_init
+ - midpoint_data
ports:
- - 8443:443
+ - 8443:443
environment:
- ENV
- USERTOKEN
- - REPO_DATABASE_TYPE
- - REPO_JDBC_URL
- - REPO_HOST
- - REPO_PORT
- - REPO_DATABASE
- - REPO_USER
- - REPO_MISSING_SCHEMA_ACTION
- - REPO_UPGRADEABLE_SCHEMA_ACTION
- - REPO_SCHEMA_VERSION_IF_MISSING
- - REPO_SCHEMA_VARIANT
+ - MP_SET_midpoint_repository_jdbcUsername=midpoint
+ - MP_SET_midpoint_repository_jdbcPassword_FILE=/opt/mp-pw/dbpassword
+ - MP_SET_midpoint_repository_jdbcUrl=jdbc:postgresql://midpoint_data:5432/midpoint
+ - MP_SET_midpoint_keystore_keyStorePassword_FILE=/opt/mp-pw/keystorepw
+ - MP_SET_server_tomcat_ajp_enabled=true
+ - MP_SET_server_tomcat_ajp_port=9090
+ - MP_SET_server_tomcat_ajp_secret=s3cr3t
+ - MP_SET_logging_path=/tmp/logtomcat
+ - MP_UNSET_midpoint_repository_hibernateHbm2ddl=1
+ - MP_NO_ENV_COMPAT=1
- MP_MEM_MAX
- MP_MEM_INIT
- MP_JAVA_OPTS
- TIER_BEACON_OPT_OUT
- TIMEZONE
networks:
- - net
+ net:
+ aliases:
+ - midpoint-server
secrets:
- - mp_database_password.txt
- - mp_keystore_password.txt
- mp_host-key.pem
- mp_shibboleth_sp_keys.jks
volumes:
@@ -70,6 +116,7 @@ services:
- type: bind
source: ./configs-and-secrets/midpoint/httpd/vhosts.conf
target: /etc/httpd/conf.d/vhosts/vhosts.conf
+ - mp_pw:/opt/mp-pw
directory:
build: ./directory/
@@ -100,15 +147,12 @@ networks:
secrets:
mp_host-key.pem:
file: ./configs-and-secrets/midpoint/httpd/host-key.pem
- mp_database_password.txt:
- file: ./configs-and-secrets/midpoint/application/database_password.txt
- mp_keystore_password.txt:
- file: ./configs-and-secrets/midpoint/application/keystore_password.txt
mp_shibboleth_sp_keys.jks:
file: ./configs-and-secrets/midpoint/shibboleth/shibboleth_sp_keys.jks
volumes:
- midpoint_mysql:
+ db_init:
+ mp_pw:
midpoint_data:
midpoint_home:
ldap:
diff --git a/demo/shibboleth/midpoint_server/Dockerfile b/demo/shibboleth/midpoint_server/Dockerfile
index 34ce0cd..00f664a 100644
--- a/demo/shibboleth/midpoint_server/Dockerfile
+++ b/demo/shibboleth/midpoint_server/Dockerfile
@@ -1,4 +1,6 @@
-FROM tier/midpoint:latest
+ARG tag=4.4.1
+
+FROM i2incommon/midpoint:${tag}
MAINTAINER info@evolveum.com
diff --git a/demo/shibboleth/midpoint_server/container_files/mp-home/config.xml b/demo/shibboleth/midpoint_server/container_files/mp-home/config.xml
new file mode 100644
index 0000000..0fc3410
--- /dev/null
+++ b/demo/shibboleth/midpoint_server/container_files/mp-home/config.xml
@@ -0,0 +1,60 @@
+
+
+
+
+
+
+
+ ${midpoint.home}/import
+
+
+ native
+ jdbc:postgresql://localhost:5432/midpoint
+ midpoint
+ password
+
+
+
+ com.evolveum.midpoint.audit.impl.LoggerAuditServiceFactory
+
+
+ com.evolveum.midpoint.repo.sqale.audit.SqaleAuditServiceFactory
+
+
+
+ true
+ ${midpoint.home}/icf-connectors
+
+
+ ${midpoint.home}/keystore.jceks
+ changeit
+ default
+
+
+
diff --git a/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml b/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml
index 4abf399..d033a3d 100644
--- a/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml
+++ b/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/SecurityPolicy.xml
@@ -1,8 +1,8 @@
-
+ xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+ xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3">
+
Default Security Policy
@@ -28,30 +28,19 @@
true
urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
- /etc/pki/mp/sp-shibboleth-keys.jks
-
- changeit
-
- signing-key
-
- password
-
-
-
- /etc/pki/mp/sp-shibboleth-keys.jks
-
- changeit
-
- encrypt-key
-
- password
-
- encryption
-
+
+ /etc/pki/mp/sp-shibboleth-keys.jks
+
+ changeit
+
+ signing-key
+
+ password
+
+
-
- https://idptestbed/idp/shibboleth
+
+ https://idptestbed/idp/shibboleth
idp-shibboleth
/etc/shibboleth/idp-metadata.xml
@@ -60,7 +49,7 @@
Shibboleth
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
uid
-
+
@@ -151,8 +140,8 @@
sufficient
- /actuator
- /actuator/health
+ /actuator
+ /actuator/health
diff --git a/demo/shibboleth/tests/main.bats b/demo/shibboleth/tests/main.bats
index dd17314..e48527e 100755
--- a/demo/shibboleth/tests/main.bats
+++ b/demo/shibboleth/tests/main.bats
@@ -4,7 +4,8 @@ load ../../../common
load ../../../library
@test "000 Cleanup before running the tests" {
- cd ../simple ; docker-compose down -v ; true
+ (cd ../simple ; docker-compose down -v)
+ (cd ../grouper ; docker-compose down -v)
run docker-compose down -v
}
@@ -33,12 +34,12 @@ load ../../../library
}
@test "040 Check internal SAML redirection (/midpoint/auth/saml-internal)" {
- curl -k --write-out %{redirect_url} --silent --output /dev/null https://localhost:8443/midpoint/auth/saml-internal/ | grep 'https:\/\/localhost:8443\/midpoint\/auth\/saml-internal\/mySamlSso\/discovery?idp=https%3A%2F%2Fidptestbed%2Fidp%2Fshibboleth'
+ curl -k --write-out %{redirect_url} --silent --output /dev/null https://localhost:8443/midpoint/auth/saml-internal/ | grep 'https:\/\/localhost:8443\/midpoint\/auth\/saml-internal\/mySamlSso\/authenticate\/midpointdemo-shibboleth'
}
@test "041 Check internal SAML redirection action (midpoint/..../discovery?...)" {
TMPFILE=$(mktemp /tmp/samlForm.XXXXXX)
- curl -k https://localhost:8443/midpoint/auth/saml-internal/mySamlSso/discovery?idp=https://idptestbed/idp/shibboleth >$TMPFILE || (rm $TMPFILE ; return 1)
+ curl -k https:\/\/localhost:8443\/midpoint\/auth\/saml-internal\/mySamlSso\/authenticate\/midpointdemo-shibboleth >$TMPFILE || (rm $TMPFILE ; return 1)
if (grep -q "
+ bash -c "
+ chmod 777 /opt/mp-pw/ ;
+ touch /opt/mp-pw/db_init_in_progress ;
+ echo -e '#!/bin/sh\ntouch /opt/mp-pw/db_init' >/opt/db-init/000-start.sh ;
+ echo -e '#!/bin/sh\necho DB structure init process has finished...\nrm -f /opt/mp-pw/db_init_in_progress /opt/mp-pw/db_init' > /opt/db-init/999-finish.sh ;
+ /opt/midpoint/bin/midpoint.sh init-native
+ "
+ environment:
+ - MP_INIT_CFG=/opt/mp-home
+ - MP_INIT_DB_CONCAT=/opt/db-init/init.sql
+ - MP_DB_PW=/opt/mp-pw/dbpassword
+ - MP_PW_DEF=/opt/mp-pw/keystorepw
+ volumes:
+ - db_init:/opt/db-init
+ - mp_pw:/opt/mp-pw
+ - midpoint_home:/opt/mp-home
+
midpoint_data:
- image: tier/mariadb:mariadb10
+ image: postgres:13-alpine
+ command: >
+ bash -c "
+ rm -f /var/lib/postgresql/data/postmaster.pid ;
+ while [ ! -s /opt/mp-pw/dbpassword -o -e /opt/mp-pw/init_in_progress ] ; do
+ echo 'Waiting to the end of the init process...';
+ sleep 1;
+ done ;
+ {
+ sleep 2 ;
+ if [ ! -e /opt/mp-pw/db_init -a -e /opt/mp-pw/db_init_in_progress ] ;
+ then echo 'DB init did not start...' ;
+ rm -f /opt/mp-pw/db_ini*;
+ echo 'The lock files has been removed...';
+ fi ;
+ } &
+ docker-entrypoint.sh postgres
+ "
+ user: "70:70"
+ depends_on:
+ - data_init
+ environment:
+ - POSTGRES_PASSWORD_FILE=/opt/mp-pw/dbpassword
+ - POSTGRES_USER=midpoint
+ - POSTGRES_INITDB_ARGS=--lc-collate=en_US.utf8 --lc-ctype=en_US.utf8
ports:
- - 3306:3306
+ - 5432:5432
networks:
- net
volumes:
- - midpoint_mysql:/var/lib/mysql
- - midpoint_data:/var/lib/mysqlmounted
- environment:
- - CREATE_NEW_DATABASE=if_needed
+ - midpoint_data:/var/lib/postgresql/data
+ - db_init:/docker-entrypoint-initdb.d/
+ - mp_pw:/opt/mp-pw
midpoint_server:
- image: tier/midpoint:latest
+ image: i2incommon/midpoint:${tag:-4.4.1}
+ depends_on:
+ - data_init
+ - midpoint_data
ports:
- - 8443:443
+ - 8443:443
environment:
- ENV
- USERTOKEN
- - REPO_DATABASE_TYPE
- - REPO_JDBC_URL
- - REPO_HOST
- - REPO_PORT
- - REPO_DATABASE
- - REPO_USER
- - REPO_MISSING_SCHEMA_ACTION
- - REPO_UPGRADEABLE_SCHEMA_ACTION
- - REPO_SCHEMA_VERSION_IF_MISSING
- - REPO_SCHEMA_VARIANT
+ - MP_SET_midpoint_repository_jdbcUsername=midpoint
+ - MP_SET_midpoint_repository_jdbcPassword_FILE=/opt/mp-pw/dbpassword
+ - MP_SET_midpoint_repository_jdbcUrl=jdbc:postgresql://midpoint_data:5432/midpoint
+ - MP_SET_midpoint_keystore_keyStorePassword_FILE=/opt/mp-pw/keystorepw
+ - MP_SET_server_tomcat_ajp_enabled=true
+ - MP_SET_server_tomcat_ajp_port=9090
+ - MP_SET_server_tomcat_ajp_secret=s3cr3t
+ - MP_SET_logging_path=/tmp/logtomcat
+ - MP_UNSET_midpoint_repository_hibernateHbm2ddl=1
+ - MP_NO_ENV_COMPAT=1
- MP_MEM_MAX
- MP_MEM_INIT
- MP_JAVA_OPTS
- TIER_BEACON_OPT_OUT
- TIMEZONE
networks:
- - net
+ net:
+ aliases:
+ - midpoint-server
secrets:
- - mp_database_password.txt
- - mp_keystore_password.txt
- mp_host-key.pem
volumes:
- midpoint_home:/opt/midpoint/var
@@ -49,20 +95,18 @@ services:
- type: bind
source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
target: /etc/pki/tls/certs/cachain.pem
+ - mp_pw:/opt/mp-pw
networks:
net:
driver: bridge
secrets:
- mp_database_password.txt:
- file: ./configs-and-secrets/midpoint/application/database_password.txt
- mp_keystore_password.txt:
- file: ./configs-and-secrets/midpoint/application/keystore_password.txt
mp_host-key.pem:
file: ./configs-and-secrets/midpoint/httpd/host-key.pem
volumes:
- midpoint_mysql:
+ db_init:
+ mp_pw:
midpoint_data:
midpoint_home:
diff --git a/demo/simple/tests/main.bats b/demo/simple/tests/main.bats
index 0aae1fa..2445dd5 100755
--- a/demo/simple/tests/main.bats
+++ b/demo/simple/tests/main.bats
@@ -4,7 +4,9 @@ load ../../../common
load ../../../library
@test "000 Cleanup before running the tests" {
- run docker-compose down -v
+ (cd ../grouper ; docker-compose down -v)
+ (cd ../shibboleth ; docker-compose down -v)
+ docker-compose down -v
}
@test "010 Initialize and start midPoint" {
@@ -50,41 +52,6 @@ load ../../../library
search_and_check_object users test300
}
-@test "350 Test DB schema version check" {
- echo "Removing version information from m_global_metadata"
- docker exec simple_midpoint_data_1 mysql -p123321 registry -e "drop table m_global_metadata"
-
- echo "Bringing the containers down"
- docker-compose down
-
- echo "Re-creating the containers"
- docker-compose up -d
-
- wait_for_log_message simple_midpoint_server_1 "Database schema is not compatible with the executing code; however, an upgrade path is available."
-}
-
-@test "360 Test DB schema upgrade" {
- skip 'Not supported for 4.0-SNAPSHOT'
- echo "Stopping midpoint_server container"
- docker stop simple_midpoint_server_1
-
- echo "Installing empty 3.8 repository"
- docker exec simple_midpoint_data_1 mysql -p123321 -e "DROP DATABASE registry"
- docker exec simple_midpoint_data_1 bash -c " curl https://raw.githubusercontent.com/Evolveum/midpoint/v3.8/config/sql/_all/mysql-3.8-all-utf8mb4.sql > /tmp/create-3.8-utf8mb4.sql"
- docker exec simple_midpoint_data_1 mysql -p123321 -e "CREATE DATABASE IF NOT EXISTS registry;"
- docker exec simple_midpoint_data_1 mysql -p123321 -e "GRANT ALL ON registry.* TO 'registry_user'@'%' IDENTIFIED BY 'WJzesbe3poNZ91qIbmR7' ;"
- docker exec simple_midpoint_data_1 bash -c "mysql -p123321 registry < /tmp/create-3.8-utf8mb4.sql"
-
- echo "Bringing the containers down"
- docker-compose down
-
- echo "Re-creating the containers"
- env REPO_SCHEMA_VERSION_IF_MISSING=3.8 REPO_UPGRADEABLE_SCHEMA_ACTION=upgrade REPO_SCHEMA_VARIANT=utf8mb4 docker-compose up -d
-
- wait_for_log_message simple_midpoint_server_1 "Schema was successfully upgraded from 3.8 to 3.9 using script 'mysql-upgrade-3.8-3.9-utf8mb4.sql'"
- wait_for_midpoint_start simple_midpoint_server_1
-}
-
@test "999 Clean up" {
docker-compose down -v
}
diff --git a/download-midpoint.sh b/download-midpoint.sh
index 5964c16..92c356c 100755
--- a/download-midpoint.sh
+++ b/download-midpoint.sh
@@ -10,7 +10,7 @@ else
# But if we need to incorporate interim changes to I2 distribution during
# midPoint development cycle, we can specify concrete file from "midpoint-tier"
# download directory by using its name (like "latest-stable").
- MP_VERSION="4.2"
+ MP_VERSION="4.4.1"
else
MP_VERSION=$tag
fi
diff --git a/library.bash b/library.bash
index ff08822..e57b4c6 100644
--- a/library.bash
+++ b/library.bash
@@ -12,7 +12,7 @@ function generic_wait_for_log () {
FAILURE="$4"
ADDITIONAL_CONTAINER_NAME=$5
ATTEMPT=0
- MAX_ATTEMPTS=20
+ MAX_ATTEMPTS=30
DELAY=10
until [[ $ATTEMPT = $MAX_ATTEMPTS ]]; do
@@ -411,7 +411,7 @@ function wait_for_task_completion () {
echo "Waiting $DELAY seconds for task with oid $OID to finish (attempt $ATTEMPT) ..."
sleep $DELAY
get_object tasks $OID
- TASK_EXECUTION_STATUS=$(xmllint --xpath "/*/*[local-name()='executionStatus']/text()" $OUTFILE) || (echo "Couldn't extract task status from task $OID" ; cat $OUTFILE ; rm $OUTFILE ; return 1)
+ TASK_EXECUTION_STATUS=$(xmllint --xpath "/*/*[local-name()='executionState']/text()" $OUTFILE) || (echo "Couldn't extract task status from task $OID" ; cat $OUTFILE ; rm $OUTFILE ; return 1)
if [[ $TASK_EXECUTION_STATUS = "suspended" ]] || [[ $TASK_EXECUTION_STATUS = "closed" ]]; then
echo "Task $OID is finished"
rm $OUTFILE
diff --git a/tests/main.bats b/tests/main.bats
index eadbc5b..d04ed36 100755
--- a/tests/main.bats
+++ b/tests/main.bats
@@ -3,7 +3,7 @@
load ../common
@test "010 Image is present" {
- docker image inspect tier/midpoint:$tag
+ docker image inspect $maintainer/$imagename:$tag
}
@test "020 Check basic components" {
@@ -25,11 +25,6 @@ load ../common
cd demo/shibboleth ; docker-compose down -v ; true
}
-@test "120 Cleanup before further tests - demo/postgresql" {
- docker ps -a
- cd demo/postgresql ; docker-compose down -v ; true
-}
-
@test "130 Cleanup before further tests - demo/grouper" {
docker ps -a
cd demo/grouper ; docker-compose down -v ; true