From 5f78603950e8329a280a815c27cea27c7e17e18d Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 14 Aug 2024 13:08:21 +0000 Subject: [PATCH] fixup for full test script --- test-compose/data/Dockerfile | 39 +++--- .../data/container_files/seed-data/data.ldif | 69 +++++++++++ .../container_files/seed-data/ds-setup.inf | 2 +- .../seed-data/edumember-obj.ldif | 30 +++++ .../seed-data/ldappublickey-obj.ldif | 29 +++++ .../data/container_files/seed-data/users.ldif | 30 ----- .../seed-data/voperson-obj.ldif | 113 ++++++++++++++++++ .../seed-data/voposixaccount-obj.ldif | 63 ++++++++++ test-compose/sp/Dockerfile | 5 +- test-compose/webisoget/Dockerfile | 4 +- tests/fulltest.sh | 16 +-- 11 files changed, 344 insertions(+), 56 deletions(-) create mode 100644 test-compose/data/container_files/seed-data/data.ldif create mode 100644 test-compose/data/container_files/seed-data/edumember-obj.ldif create mode 100644 test-compose/data/container_files/seed-data/ldappublickey-obj.ldif create mode 100644 test-compose/data/container_files/seed-data/voperson-obj.ldif create mode 100644 test-compose/data/container_files/seed-data/voposixaccount-obj.ldif diff --git a/test-compose/data/Dockerfile b/test-compose/data/Dockerfile index c876a2c..d1ef65b 100644 --- a/test-compose/data/Dockerfile +++ b/test-compose/data/Dockerfile @@ -1,4 +1,4 @@ -FROM centos:centos7 +FROM rockylinux:8.9 LABEL author="tier-packaging@internet2.edu " @@ -6,14 +6,19 @@ LABEL author="tier-packaging@internet2.edu " RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime \ && echo "NETWORKING=yes" > /etc/sysconfig/network -# Install base deps -RUN rm -fr /var/cache/yum/* && yum clean all && yum -y update && yum -y install --setopt=tsflags=nodocs epel-release && \ - yum -y install 389-ds-base 389-admin 389-adminutil net-tools wget curl tar unzip mlocate logrotate strace telnet man unzip vim wget rsyslog cronie krb5-workstation openssl-devel wget supervisor && \ - yum -y clean all && \ - mkdir -p /opt/tier && \ -# Install Trusted Certificates - update-ca-trust force-enable - +RUN dnf module enable -y php:7.4 +RUN yum install -y epel-release \ + && yum update -y \ + && yum install -y phpldapadmin mod_ssl net-tools wget epel-release yum-utils php php-common php-opcache php-cli php-gd mod_php php-pgsql php-curl php-zip php-mbstring \ + && yum clean all \ + && rm -rf /var/cache/yum +RUN yum module enable -y 389-ds:1.4 +RUN yum install -y 389-ds-base 389-ds-base-devel 389-ds-base-legacy-tools +RUN yum install --allowerasing -y curl-full libcurl-full +RUN rpm -Uvh https://rpms.remirepo.net/enterprise/remi-release-8.9.rpm +RUN yum --enablerepo=remi,remi-test install -y phpMyAdmin +RUN yum install -y php71-php-mcrypt + COPY container_files/seed-data/ /seed-data/ RUN useradd ldapadmin \ @@ -25,17 +30,23 @@ RUN useradd ldapadmin \ # Do not restart at the end \ && sed -i '/if (@errs = startServer($inf))/,/}/d' /usr/lib64/dirsrv/perl/* \ && setup-ds.pl --silent --file /seed-data/ds-setup.inf \ - && /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir \ + && /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir \ && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \ - ldapadd -H ldap:/// -f /seed-data/users.ldif -x -D "cn=Directory Manager" -w password + ldapadd -H ldap:/// -f /seed-data/data.ldif -x -D "cn=Directory Manager" -w password \ + && ldapmodify -H ldap:/// -f /seed-data/edumember-obj.ldif -x -D "cn=Directory Manager" -w password \ + && ldapmodify -H ldap:/// -f /seed-data/ldappublickey-obj.ldif -x -D "cn=Directory Manager" -w password \ + && ldapmodify -H ldap:/// -f /seed-data/voperson-obj.ldif -x -D "cn=Directory Manager" -w password \ + && ldapmodify -H ldap:/// -f /seed-data/voposixaccount-obj.ldif -x -D "cn=Directory Manager" -w password \ + && ldapadd -c -H ldap:/// -f /seed-data/users.ldif -x -D "cn=Directory Manager" -w password -RUN (/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir &) \ - && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; +RUN openssl req -new -nodes -newkey rsa:2048 -subj "/commonName=localhost.localdomain" -batch -keyout /etc/pki/tls/private/localhost.key -out localhost.csr +RUN openssl x509 -req -days 1825 -in localhost.csr -signkey /etc/pki/tls/private/localhost.key -out /etc/pki/tls/certs/localhost.crt +RUN mkdir -p /run/php-fpm/ EXPOSE 389 HEALTHCHECK --interval=1m --timeout=10s \ CMD cat < /dev/null > /dev/tcp/127.0.0.1/389 || exit 1 -CMD /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir && tail -F /var/log/dirsrv/slapd-dir/errors +CMD rm -rf /var/lock/dirsrv/slapd-dir/server/* && /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir && php-fpm -D && httpd -DFOREGROUND && sleep infinity diff --git a/test-compose/data/container_files/seed-data/data.ldif b/test-compose/data/container_files/seed-data/data.ldif new file mode 100644 index 0000000..1a1036a --- /dev/null +++ b/test-compose/data/container_files/seed-data/data.ldif @@ -0,0 +1,69 @@ +dn: cn=admin,dc=internet2,dc=edu +objectClass: simpleSecurityObject +objectClass: organizationalRole +cn: admin +userPassword: password +description: LDAP administrator + +dn: uid=banderson,ou=People,dc=internet2,dc=edu +objectClass: eduPerson +objectClass: inetOrgPerson +objectClass: organizationalPerson +objectClass: person +objectClass: top +cn: Bob Anderson +sn: Anderson +givenName: Bob +userPassword: password +description: LDAP administrator + +dn: ou=Affiliations,ou=Groups,dc=internet2,dc=edu +objectClass: top +objectClass: organizationalUnit +ou: Affiliations + +dn: ou=Courses,ou=Groups,dc=internet2,dc=edu +objectClass: top +objectClass: organizationalUnit +ou: Courses + +dn: ou=midpoint,ou=Groups,dc=internet2,dc=edu +objectClass: top +objectClass: organizationalUnit +ou: midpoint + +dn: ou=Generic,ou=Groups,dc=internet2,dc=edu +objectClass: top +objectClass: organizationalUnit +ou: Generic + +dn: cn=users,ou=Groups,dc=internet2,dc=edu +objectClass: groupOfUniqueNames +objectClass: top +uniqueMember: uid=banderson,ou=People,dc=internet2,dc=edu +cn: users + +dn: cn=sysadmingroup,ou=midpoint,ou=Groups,dc=internet2,dc=edu +objectClass: groupOfUniqueNames +objectClass: top +uniqueMember: uid=banderson,ou=People,dc=internet2,dc=edu +cn: sysadmingroup + +dn: ou=Guests,dc=internet2,dc=edu +objectClass: top +objectClass: organizationalUnit +ou: Guests + +dn: uid=aguest,ou=Guests,dc=internet2,dc=edu +objectClass: eduPerson +objectClass: inetOrgPerson +objectClass: organizationalPerson +objectClass: person +objectClass: top +cn: Andy Guest +sn: Aguest +mail: andyaguestcspuser@workbench.incommon.org +givenName: Andy +userPassword: password +description: A guest user + diff --git a/test-compose/data/container_files/seed-data/ds-setup.inf b/test-compose/data/container_files/seed-data/ds-setup.inf index df44e86..a52876e 100644 --- a/test-compose/data/container_files/seed-data/ds-setup.inf +++ b/test-compose/data/container_files/seed-data/ds-setup.inf @@ -16,7 +16,7 @@ ServerIpAddress = 0.0.0.0 SysUser = nobody [slapd] -AddOrgEntries = Yes +AddOrgEntries = No AddSampleEntries = No InstallLdifFile = suggest RootDN = cn=Directory Manager diff --git a/test-compose/data/container_files/seed-data/edumember-obj.ldif b/test-compose/data/container_files/seed-data/edumember-obj.ldif new file mode 100644 index 0000000..38b287f --- /dev/null +++ b/test-compose/data/container_files/seed-data/edumember-obj.ldif @@ -0,0 +1,30 @@ +# +# eduMember Objectclass +# +# +# "eduMember" attributes +# +dn: cn=schema +changetype: modify +# +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.5923.1.5.1.1 + NAME 'isMemberOf' + DESC 'identifiers for groups to which containing entity belongs' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.5923.1.5.1.2 + NAME 'hasMember' + DESC 'identifiers for entities that are members of the group' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +- +# +add: objectclasses +objectClasses: ( 1.3.6.1.4.1.5923.1.5.2 NAME 'eduMember' + AUXILIARY + MAY ( isMemberOf $ hasMember ) + ) +# +# end of LDIF +# diff --git a/test-compose/data/container_files/seed-data/ldappublickey-obj.ldif b/test-compose/data/container_files/seed-data/ldappublickey-obj.ldif new file mode 100644 index 0000000..2e3c112 --- /dev/null +++ b/test-compose/data/container_files/seed-data/ldappublickey-obj.ldif @@ -0,0 +1,29 @@ +# +# ldapPublicKey Objectclass +# +# +# ldapPublicKey attribute +# +dn: cn=schema +changetype: modify +# +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 + NAME 'sshPublicKey' + DESC 'MANDATORY: OpenSSH Public key' + EQUALITY octetStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +- +# +add: objectclasses +objectClasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0 + NAME 'ldapPublicKey' + DESC 'MANDATORY: OpenSSH LPK objectclass' + SUP top + AUXILIARY + MUST ( sshPublicKey $ uid ) + ) +# +# end of LDIF +# + diff --git a/test-compose/data/container_files/seed-data/users.ldif b/test-compose/data/container_files/seed-data/users.ldif index 4f27649..7caf5e0 100644 --- a/test-compose/data/container_files/seed-data/users.ldif +++ b/test-compose/data/container_files/seed-data/users.ldif @@ -1,10 +1,3 @@ -dn: cn=admin,dc=internet2,dc=edu -objectClass: simpleSecurityObject -objectClass: organizationalRole -cn: admin -userPassword: password -description: LDAP administrator - dn: uid=jsmith,ou=People,dc=internet2,dc=edu objectClass: organizationalPerson objectClass: person @@ -16,29 +9,6 @@ sn: Smith cn: John Smith userPassword: password -dn: uid=banderson,ou=People,dc=internet2,dc=edu -objectClass: organizationalPerson -objectClass: person -objectClass: top -objectClass: inetOrgPerson -givenName: Bob -uid: banderson -sn: Anderson -cn: Bob Anderson -userPassword: password - -dn: cn=users,ou=Groups,dc=internet2,dc=edu -objectClass: groupOfUniqueNames -objectClass: top -uniqueMember: uid=banderson,ou=People,dc=internet2,dc=edu -uniqueMember: uid=jsmith,ou=People,dc=internet2,dc=edu -cn: users - - - - - - dn: uid=kwhite,ou=People,dc=internet2,dc=edu objectClass: organizationalPerson objectClass: person diff --git a/test-compose/data/container_files/seed-data/voperson-obj.ldif b/test-compose/data/container_files/seed-data/voperson-obj.ldif new file mode 100644 index 0000000..4d7e85a --- /dev/null +++ b/test-compose/data/container_files/seed-data/voperson-obj.ldif @@ -0,0 +1,113 @@ +# +# voPerson Objectclass +# +# +# "voPerson" attributes +# +objectIdentifier: voPersonRoot 1.3.6.1.4.1.25178.4 +objectIdentifier: voPersonObjectClass voPersonRoot:1 +dn: cn=schema +changetype: modify +# +add: attributetypes +attributeTypes: ( voPersonObjectClass:10 + NAME 'voPersonAffiliation' + DESC 'voPerson Affiliation Within Local Scope' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( voPersonObjectClass:13 + NAME 'voPersonApplicationPassword' + DESC 'voPerson Application-Specific Password' + EQUALITY octetStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) +attributeTypes: ( voPersonObjectClass:1 + NAME 'voPersonApplicationUID' + DESC 'voPerson Application-Specific User Identifier' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( voPersonObjectClass:2 + NAME 'voPersonAuthorName' + DESC 'voPerson Author Name' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( voPersonObjectClass:3 + NAME 'voPersonCertificateDN' + DESC 'voPerson Certificate Distinguished Name' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( voPersonObjectClass:4 + NAME 'voPersonCertificateIssuerDN' + DESC 'voPerson Certificate Issuer DN' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) +attributeTypes: ( voPersonObjectClass:11 + NAME 'voPersonExternalAffiliation' + DESC 'voPerson Scoped External Affiliation' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( voPersonObjectClass:5 + NAME 'voPersonExternalID' + DESC 'voPerson Scoped External Identifier' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( voPersonObjectClass:6 + NAME 'voPersonID' + DESC 'voPerson Unique Identifier' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( voPersonObjectClass:7 + NAME 'voPersonPolicyAgreement' + DESC 'voPerson Policy Agreement Indicator' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( voPersonObjectClass:12 + NAME 'voPersonScopedAffiliation' + DESC 'voPerson Affiliation With Explicit Local Scope' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( voPersonObjectClass:8 + NAME 'voPersonSoRID' + DESC 'voPerson External Identifier' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( voPersonObjectClass:9 + NAME 'voPersonStatus' + DESC 'voPerson Status' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( voPersonObjectClass:15 + NAME 'voPersonToken' + DESC 'voPerson Token' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( voPersonObjectClass:14 + NAME 'voPersonVerifiedEmail' + DESC 'voPerson Verified Email Address' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +- +# +add: objectclasses +objectClasses: ( voPersonObjectClass + NAME 'voPerson' + AUXILIARY + MAY ( voPersonAffiliation $ + voPersonApplicationPassword $ + voPersonApplicationUID $ + voPersonAuthorName $ + voPersonCertificateDN $ + voPersonCertificateIssuerDN $ + voPersonExternalAffiliation $ + voPersonExternalID $ + voPersonID $ + voPersonPolicyAgreement $ + voPersonScopedAffiliation $ + voPersonSoRID $ + voPersonStatus $ + voPersonToken $ + voPersonVerifiedEmail ) + ) +# +# end of LDIF +# + diff --git a/test-compose/data/container_files/seed-data/voposixaccount-obj.ldif b/test-compose/data/container_files/seed-data/voposixaccount-obj.ldif new file mode 100644 index 0000000..527b669 --- /dev/null +++ b/test-compose/data/container_files/seed-data/voposixaccount-obj.ldif @@ -0,0 +1,63 @@ +# +# voPosixAccount Objectclass +# +# +# "voPosixAccount" attributes +# +objectIdentifier: voPersonRoot 1.3.6.1.4.1.25178.4 +objectIdentifier: voPosixAccountObjectClass voPersonRoot:2 +objectIdentifier: voPosixGroupObjectClass voPersonRoot:3 +dn: cn=schema +changetype: modify +# +add: attributetypes +attributeTypes: ( voPosixAccountObjectClass:1 + NAME 'voPosixAccountGecos' + DESC 'voPerson domain specific GECOS field' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( voPosixAccountObjectClass:2 + NAME 'voPosixAccountGidNumber' + DESC 'voPerson domain specific primary group identifier' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +attributeTypes: ( voPosixAccountObjectClass:3 + NAME 'voPosixAccountHomeDirectory' + DESC 'voPerson domain specific absolute path to the home directory' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( voPosixAccountObjectClass:4 + NAME 'voPosixAccountLoginShell' + DESC 'voPerson domain specific path to the login shell' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( voPosixAccountObjectClass:5 + NAME 'voPosixAccountUidNumber' + DESC 'voPerson domain specific unique user identifier' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) +- +# +add: objectclasses +objectClasses: ( voPosixAccountObjectClass + NAME 'voPosixAccount' + AUXILIARY + MUST ( cn $ + uid $ + voPosixAccountUidNumber $ + voPosixAccountGidNumber $ + voPosixAccountHomeDirectory ) + MAY ( voPosixAccountLoginShell $ + voPosixAccountGecos ) + ) +objectClasses: ( voPosixGroupObjectClass + NAME 'voPosixGroup' + AUXILIARY + MUST ( cn $ voPosixAccountGidNumber ) + MAY ( memberUid ) + ) +# +# end of LDIF +# + diff --git a/test-compose/sp/Dockerfile b/test-compose/sp/Dockerfile index cc8c22a..700cfdf 100644 --- a/test-compose/sp/Dockerfile +++ b/test-compose/sp/Dockerfile @@ -1,4 +1,4 @@ -FROM tier/shibboleth_sp:latest +FROM i2incommon/shibboleth_sp:latest LABEL author="tier-packaging@internet2.edu " \ Vendor="TIER" \ @@ -26,6 +26,9 @@ COPY container_files/sp-encrypt-cert.pem /etc/shibboleth/ HEALTHCHECK --interval=1m --timeout=30s \ CMD curl -k -f https://127.0.0.1:8443/Shibboleth.sso/Status || exit 1 + +RUN mkdir -p /run/php-fpm/ EXPOSE 8443 +CMD php-fpm -D && /usr/local/bin/startup.sh diff --git a/test-compose/webisoget/Dockerfile b/test-compose/webisoget/Dockerfile index dadf692..cc35e64 100644 --- a/test-compose/webisoget/Dockerfile +++ b/test-compose/webisoget/Dockerfile @@ -1,10 +1,10 @@ -FROM rockylinux:8.6 +FROM rockylinux:8.9 RUN yum -y install libtool autoconf automake gcc make libcurl-devel openssl-devel git RUN cd /; git clone https://github.com/UWIT-IAM/webisoget; cd /webisoget; bash ./boot;./configure --disable-dependency-tracking;make;make install -COPY sptest.login /webisoget +COPY sptest.login /webisoget/ #ENTRYPOINT ["usr/local/bin/webisoget"] CMD ["tail", "-f", "/dev/null"] diff --git a/tests/fulltest.sh b/tests/fulltest.sh index 9f0814b..3b31208 100755 --- a/tests/fulltest.sh +++ b/tests/fulltest.sh @@ -18,17 +18,17 @@ rm -f ./lastpage.txt #ensure that name resolution is in place ping -c 1 sptest.example.edu &>/dev/null if [ $? -ne '0' ]; then - echo "ERROR: You must set name resolution for the IdP test suite on this host for tests to completei (SP missing)" - exit 1 -# echo "adding hosts record for sp..." -# echo '127.0.0.1 sptest.example.edu' | sudo tee -a /etc/hosts + #echo "ERROR: You must set name resolution for the IdP test suite on this host for tests to complete (SP missing)" + #exit 1 + echo "adding hosts record for sp..." + echo '127.0.0.1 sptest.example.edu' | sudo tee -a /etc/hosts fi ping -c 1 idp.example.edu &>/dev/null if [ $? -ne '0' ]; then - echo "ERROR: You must set name resolution for the IdP test suite on this host for tests to completei (IdP missing)" - exit 1 -# echo "adding hosts record for idp..." -# echo '127.0.0.1 idp.example.edu' | sudo tee -a /etc/hosts + #echo "ERROR: You must set name resolution for the IdP test suite on this host for tests to completei (IdP missing)" + #exit 1 + echo "adding hosts record for idp..." + echo '127.0.0.1 idp.example.edu' | sudo tee -a /etc/hosts fi # replace FROM line in IdP Dockerfile to newly-built local image