Skip to content
Permalink
Browse files

Merge remote-tracking branch 'upstream/master'

  • Loading branch information
ethan committed Dec 17, 2019
2 parents 6596b78 + cf27258 commit 6dd9ae31104a0464940a4d0b6d1ff64b22c7969d
Showing with 12,540 additions and 0 deletions.
  1. +3 −0 .dockerignore
  2. +2 −0 .gitignore
  3. +115 −0 Dockerfile
  4. +118 −0 Jenkinsfile
  5. +29 −0 README.md
  6. +48 −0 build.sh
  7. +3 −0 common.bash
  8. +6 −0 container_files/httpd/conf/midpoint.conf.auth.internal
  9. +21 −0 container_files/httpd/conf/midpoint.conf.auth.shibboleth
  10. +28 −0 container_files/httpd/conf/ssl-enable.conf
  11. +13 −0 container_files/mp-dir/active-spring-profiles
  12. +52 −0 container_files/mp-dir/repository-url
  13. +7 −0 container_files/opt-tier/setenv.sh
  14. +153 −0 container_files/shibboleth/attribute-map.xml
  15. +39 −0 container_files/shibboleth/native.logger
  16. +59 −0 container_files/shibboleth/shibd.logger
  17. +25 −0 container_files/supervisor/supervisord.conf
  18. +3 −0 container_files/usr-local-bin/healthcheck.sh
  19. +37 −0 container_files/usr-local-bin/sendtierbeacon.sh
  20. +10 −0 container_files/usr-local-bin/setup-cron.sh
  21. +13 −0 container_files/usr-local-bin/setup-timezone.sh
  22. +36 −0 container_files/usr-local-bin/start-httpd.sh
  23. +48 −0 container_files/usr-local-bin/start-midpoint.sh
  24. +37 −0 container_files/usr-local-bin/startup.sh
  25. +10 −0 demo/extrepo/.env
  26. +1 −0 demo/extrepo/configs-and-secrets/midpoint/application/database_password.txt
  27. +1 −0 demo/extrepo/configs-and-secrets/midpoint/application/keystore_password.txt
  28. +22 −0 demo/extrepo/configs-and-secrets/midpoint/httpd/host-cert.pem
  29. +28 −0 demo/extrepo/configs-and-secrets/midpoint/httpd/host-key.pem
  30. +54 −0 demo/extrepo/docker-compose.yml
  31. +14 −0 demo/grouper/.env
  32. +9 −0 demo/grouper/README.md
  33. +21 −0 demo/grouper/add-ref-groups.gsh
  34. +4 −0 demo/grouper/add-ref-groups.sh
  35. +15 −0 demo/grouper/after-installation.sh
  36. 0 demo/grouper/configs-and-secrets/grouper/application/database_password.txt
  37. +71 −0 demo/grouper/configs-and-secrets/grouper/application/grouper-loader.properties
  38. +112 −0 demo/grouper/configs-and-secrets/grouper/application/grouper.client.properties
  39. +29 −0 demo/grouper/configs-and-secrets/grouper/application/grouper.hibernate.properties
  40. +25 −0 demo/grouper/configs-and-secrets/grouper/application/grouper.properties
  41. +1 −0 demo/grouper/configs-and-secrets/grouper/application/rabbitmq_password.txt
  42. +78 −0 demo/grouper/configs-and-secrets/grouper/application/subject.properties
  43. 0 demo/grouper/configs-and-secrets/grouper/httpd/cachain-cer.pem
  44. +20 −0 demo/grouper/configs-and-secrets/grouper/httpd/host-cert.pem
  45. +28 −0 demo/grouper/configs-and-secrets/grouper/httpd/host-key.pem
  46. +207 −0 demo/grouper/configs-and-secrets/grouper/shibboleth/idp-metadata.xml
  47. +136 −0 demo/grouper/configs-and-secrets/grouper/shibboleth/shibboleth2.xml
  48. +20 −0 demo/grouper/configs-and-secrets/grouper/shibboleth/sp-cert.pem
  49. +28 −0 demo/grouper/configs-and-secrets/grouper/shibboleth/sp-key.pem
  50. +1 −0 demo/grouper/configs-and-secrets/midpoint/application/database_password.txt
  51. +1 −0 demo/grouper/configs-and-secrets/midpoint/application/keystore_password.txt
  52. +22 −0 demo/grouper/configs-and-secrets/midpoint/httpd/host-cert.pem
  53. +28 −0 demo/grouper/configs-and-secrets/midpoint/httpd/host-key.pem
  54. +207 −0 demo/grouper/configs-and-secrets/midpoint/shibboleth/idp-metadata.xml
  55. +139 −0 demo/grouper/configs-and-secrets/midpoint/shibboleth/shibboleth2.xml
  56. +24 −0 demo/grouper/configs-and-secrets/midpoint/shibboleth/sp-encrypt-cert.pem
  57. +40 −0 demo/grouper/configs-and-secrets/midpoint/shibboleth/sp-encrypt-key.pem
  58. +24 −0 demo/grouper/configs-and-secrets/midpoint/shibboleth/sp-signing-cert.pem
  59. +40 −0 demo/grouper/configs-and-secrets/midpoint/shibboleth/sp-signing-key.pem
  60. +31 −0 demo/grouper/create-ref-loaders.gsh
  61. +5 −0 demo/grouper/create-ref-loaders.sh
  62. +28 −0 demo/grouper/directory/Dockerfile
  63. +51 −0 demo/grouper/directory/container_files/seed-data/data.ldif
  64. +28 −0 demo/grouper/directory/container_files/seed-data/ds-setup.inf
  65. +312 −0 demo/grouper/docker-compose.yml
  66. +5 −0 demo/grouper/get-import-sis-persons-status.sh
  67. +6 −0 demo/grouper/grouper_daemon/Dockerfile
  68. +33 −0 demo/grouper/grouper_daemon/container_files/tmp/initialize.gsh
  69. +12 −0 demo/grouper/grouper_daemon/container_files/usr-local-bin/startup.sh
  70. +36 −0 demo/grouper/grouper_data/Dockerfile
  71. +29 −0 demo/grouper/grouper_data/container_files/conf/grouper.hibernate.properties
  72. +25 −0 demo/grouper/grouper_data/container_files/conf/grouper.properties
  73. +7 −0 demo/grouper/grouper_ui/Dockerfile
  74. +69 −0 demo/grouper/grouper_ui/container_files/shibboleth/shibd.logger
  75. +9 −0 demo/grouper/grouper_ws/Dockerfile
  76. +180 −0 demo/grouper/grouper_ws/container_files/server.xml
  77. +46 −0 demo/grouper/grouper_ws/container_files/tomcat-users.xml
  78. +128 −0 demo/grouper/grouper_ws/container_files/web.xml
  79. +5 −0 demo/grouper/idp/Dockerfile
  80. +47 −0 demo/grouper/idp/shibboleth-idp/conf/attribute-filter.xml
  81. +293 −0 demo/grouper/idp/shibboleth-idp/conf/attribute-resolver.xml
  82. +195 −0 demo/grouper/idp/shibboleth-idp/conf/idp.properties
  83. +58 −0 demo/grouper/idp/shibboleth-idp/conf/ldap.properties
  84. +81 −0 demo/grouper/idp/shibboleth-idp/conf/metadata-providers.xml
  85. +19 −0 demo/grouper/idp/shibboleth-idp/credentials/idp-backchannel.crt
  86. BIN demo/grouper/idp/shibboleth-idp/credentials/idp-backchannel.p12
  87. BIN demo/grouper/idp/shibboleth-idp/credentials/idp-browser.p12
  88. +19 −0 demo/grouper/idp/shibboleth-idp/credentials/idp-encryption.crt
  89. +27 −0 demo/grouper/idp/shibboleth-idp/credentials/idp-encryption.key
  90. +19 −0 demo/grouper/idp/shibboleth-idp/credentials/idp-signing.crt
  91. +27 −0 demo/grouper/idp/shibboleth-idp/credentials/idp-signing.key
  92. BIN demo/grouper/idp/shibboleth-idp/credentials/sealer.jks
  93. +2 −0 demo/grouper/idp/shibboleth-idp/credentials/sealer.kver
  94. +78 −0 demo/grouper/idp/shibboleth-idp/metadata/grouper-sp.xml
  95. +206 −0 demo/grouper/idp/shibboleth-idp/metadata/idp-metadata.xml
  96. +37 −0 demo/grouper/idp/shibboleth-idp/metadata/midpoint-sp-new.xml
  97. +80 −0 demo/grouper/idp/shibboleth-idp/metadata/midpoint-sp.xml
  98. +43 −0 demo/grouper/midpoint-objects-manual/tasks/task-async-update-grouper.xml
  99. +31 −0 demo/grouper/midpoint-objects-manual/tasks/task-import-sis-persons.xml
  100. +25 −0 demo/grouper/midpoint-objects-manual/tasks/task-recomputation-users.xml
  101. +43 −0 demo/grouper/midpoint-objects-manual/tasks/task-reconciliation-grouper-groups.xml
  102. +9 −0 demo/grouper/midpoint_server/Dockerfile
  103. +22 −0 demo/grouper/midpoint_server/container_files/httpd/host-cert.pem
  104. +28 −0 demo/grouper/midpoint_server/container_files/httpd/host-key.pem
  105. +64 −0 demo/grouper/midpoint_server/container_files/mp-home/config.xml
  106. +1 −0 demo/grouper/midpoint_server/container_files/mp-home/cs-portal.csv
  107. +1 −0 demo/grouper/midpoint_server/container_files/mp-home/faculty-portal.csv
  108. BIN demo/grouper/midpoint_server/container_files/mp-home/icf-connectors/connector-grouper-rest-0.6.jar
  109. BIN ...ontainer_files/mp-home/icf-connectors/net.tirasa.connid.bundles.db.scriptedsql-2.2.6-SNAPSHOT.jar
  110. +1 −0 demo/grouper/midpoint_server/container_files/mp-home/mailing-lists.csv
  111. +72 −0 ...midpoint_server/container_files/mp-home/post-initial-objects/archetypes/archetype-affiliation.xml
  112. +63 −0 ...uper/midpoint_server/container_files/mp-home/post-initial-objects/archetypes/archetype-course.xml
  113. +53 −0 .../midpoint_server/container_files/mp-home/post-initial-objects/archetypes/archetype-department.xml
  114. +25 −0 ...oint_server/container_files/mp-home/post-initial-objects/archetypes/archetype-external-person.xml
  115. +40 −0 ...erver/container_files/mp-home/post-initial-objects/archetypes/archetype-generic-grouper-group.xml
  116. +56 −0 ...idpoint_server/container_files/mp-home/post-initial-objects/archetypes/archetype-mailing-list.xml
  117. +32 −0 ...point_server/container_files/mp-home/post-initial-objects/archetypes/archetype-midpoint-group.xml
  118. +25 −0 .../midpoint_server/container_files/mp-home/post-initial-objects/archetypes/archetype-sis-person.xml
  119. +21 −0 ...dpoint_server/container_files/mp-home/post-initial-objects/bulkActions/990-test-all-resources.xml
  120. +17 −0 ...idpoint_server/container_files/mp-home/post-initial-objects/bulkActions/991-recompute-grouper.xml
  121. +184 −0 ...erver/container_files/mp-home/post-initial-objects/functionLibraries/function-library-grouper.xml
  122. +92 −0 ...er/midpoint_server/container_files/mp-home/post-initial-objects/objectTemplates/template-user.xml
  123. +13 −0 demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/org-affiliations.xml
  124. +13 −0 demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/org-courses.xml
  125. +13 −0 demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/org-departments.xml
  126. +13 −0 .../grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/org-generic-groups.xml
  127. +16 −0 ...rouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/org-grouper-sysadmin.xml
  128. +13 −0 demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/org-mailing-lists.xml
  129. +13 −0 ...grouper/midpoint_server/container_files/mp-home/post-initial-objects/orgs/org-midpoint-groups.xml
  130. +341 −0 demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/ldap-main.xml
  131. +184 −0 ...ouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/resource-grouper.xml
  132. +221 −0 ...idpoint_server/container_files/mp-home/post-initial-objects/resources/scriptedsql-sis-persons.xml
  133. +112 −0 ...ouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/target-cs-portal.xml
  134. +121 −0 .../midpoint_server/container_files/mp-home/post-initial-objects/resources/target-faculty-portal.xml
  135. +102 −0 ...r/midpoint_server/container_files/mp-home/post-initial-objects/resources/target-mailing-lists.xml
  136. +192 −0 ...int_server/container_files/mp-home/post-initial-objects/roles/metarole-grouper-provided-group.xml
  137. +128 −0 ...rouper/midpoint_server/container_files/mp-home/post-initial-objects/roles/metarole-ldap-group.xml
  138. +25 −0 demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/roles/role-ldap-basic.xml
  139. +261 −0 ..._server/container_files/mp-home/post-initial-objects/systemConfigurations/SystemConfiguration.xml
  140. +85 −0 ...r/midpoint_server/container_files/mp-home/post-initial-objects/tasks/995-task-group-scavenger.xml
  141. +27 −0 demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/users/user-banderson.xml
  142. +57 −0 demo/grouper/midpoint_server/container_files/mp-home/res/sis-persons/SchemaScript.groovy
  143. +153 −0 demo/grouper/midpoint_server/container_files/mp-home/res/sis-persons/SearchScript.groovy
  144. +38 −0 demo/grouper/midpoint_server/container_files/mp-home/res/sis-persons/TestScript.groovy
  145. +47 −0 demo/grouper/midpoint_server/container_files/mp-home/schema/internet2.xsd
  146. +5 −0 demo/grouper/midpoint_server/container_files/mp-home/source-external.csv
  147. +2 −0 demo/grouper/midpoint_server/container_files/mp-home/staff-portal.csv
  148. +13 −0 demo/grouper/mq/Dockerfile
  149. +2 −0 demo/grouper/mq/container_files/etc-rabbitmq/rabbitmq.conf
  150. +8 −0 demo/grouper/mq/container_files/usr-local-bin/demo-entrypoint.sh
  151. +11 −0 demo/grouper/mq/container_files/usr-local-bin/initialize-rabbitmq.sh
  152. +1 −0 demo/grouper/purge-queue.sh
  153. +6 −0 demo/grouper/recompute.sh
  154. +1 −0 demo/grouper/show-queue-size.sh
  155. +10 −0 demo/grouper/sources/Dockerfile
  156. +531 −0 demo/grouper/sources/container_files/seed-data/persons-and-courses.sql
  157. +29 −0 demo/grouper/ssh-tunnel-redir-fix.sh
  158. +11 −0 demo/grouper/test-resources.sh
  159. +364 −0 demo/grouper/tests/main.bats
  160. +22 −0 demo/grouper/tests/resources/bulk-action/assign-role-grouper-sysadmin-to-banderson.xml
  161. +22 −0 demo/grouper/tests/resources/bulk-action/assign-role-grouper-sysadmin-to-test-user.xml
  162. +16 −0 demo/grouper/tests/resources/bulk-action/recompute-role-grouper-sysadmin.xml
  163. +15 −0 demo/grouper/tests/resources/grouper/t300.gsh
  164. +11 −0 demo/grouper/tests/resources/grouper/t330.gsh
  165. +12 −0 demo/grouper/tests/resources/grouper/t350.gsh
  166. +11 −0 demo/grouper/tests/resources/grouper/t410.gsh
  167. +8 −0 demo/grouper/tests/resources/rabbitmq/check-samplequeue.sh
  168. +29 −0 demo/grouper/tests/resources/tasks/task-livesync-grouper-single.xml
  169. +20 −0 demo/grouper/tests/resources/users/user-grouper-admin.xml
  170. +13 −0 demo/grouper/update-bgasper-in-grouper.gsh
  171. +5 −0 demo/grouper/update-bgasper-in-grouper.sh
  172. +5 −0 demo/grouper/upload-async-update-task.sh
  173. +5 −0 demo/grouper/upload-import-sis-persons.sh
  174. +17 −0 demo/grouper/upload-objects.sh
  175. +5 −0 demo/grouper/upload-recompute-users.sh
  176. +5 −0 demo/grouper/upload-reconcile-grouper-groups.sh
  177. +8 −0 demo/postgresql/.env
  178. +1 −0 demo/postgresql/configs-and-secrets/midpoint/application/database_password.txt
  179. +1 −0 demo/postgresql/configs-and-secrets/midpoint/application/keystore_password.txt
  180. +22 −0 demo/postgresql/configs-and-secrets/midpoint/httpd/host-cert.pem
  181. +28 −0 demo/postgresql/configs-and-secrets/midpoint/httpd/host-key.pem
  182. +71 −0 demo/postgresql/docker-compose-tests.yml
  183. +68 −0 demo/postgresql/docker-compose.yml
  184. +34 −0 demo/postgresql/tests/main.bats
  185. +16 −0 demo/shibboleth/.env
  186. +1 −0 demo/shibboleth/configs-and-secrets/midpoint/application/database_password.txt
  187. +1 −0 demo/shibboleth/configs-and-secrets/midpoint/application/keystore_password.txt
  188. +22 −0 demo/shibboleth/configs-and-secrets/midpoint/httpd/host-cert.pem
  189. +28 −0 demo/shibboleth/configs-and-secrets/midpoint/httpd/host-key.pem
  190. +207 −0 demo/shibboleth/configs-and-secrets/midpoint/shibboleth/idp-metadata.xml
  191. +139 −0 demo/shibboleth/configs-and-secrets/midpoint/shibboleth/shibboleth2.xml
  192. +24 −0 demo/shibboleth/configs-and-secrets/midpoint/shibboleth/sp-encrypt-cert.pem
  193. +40 −0 demo/shibboleth/configs-and-secrets/midpoint/shibboleth/sp-encrypt-key.pem
  194. +24 −0 demo/shibboleth/configs-and-secrets/midpoint/shibboleth/sp-signing-cert.pem
  195. +40 −0 demo/shibboleth/configs-and-secrets/midpoint/shibboleth/sp-signing-key.pem
  196. +207 −0 demo/shibboleth/configs-and-secrets/shibboleth/idp-metadata.xml
  197. +139 −0 demo/shibboleth/configs-and-secrets/shibboleth/shibboleth2.xml
  198. +24 −0 demo/shibboleth/configs-and-secrets/shibboleth/sp-encrypt-cert.pem
  199. +40 −0 demo/shibboleth/configs-and-secrets/shibboleth/sp-encrypt-key.pem
  200. +24 −0 demo/shibboleth/configs-and-secrets/shibboleth/sp-signing-cert.pem
  201. +40 −0 demo/shibboleth/configs-and-secrets/shibboleth/sp-signing-key.pem
  202. +30 −0 demo/shibboleth/directory/Dockerfile
  203. +28 −0 demo/shibboleth/directory/container_files/seed-data/ds-setup.inf
  204. +24 −0 demo/shibboleth/directory/container_files/seed-data/users.ldif
  205. +114 −0 demo/shibboleth/docker-compose-tests.yml
  206. +111 −0 demo/shibboleth/docker-compose.yml
  207. +5 −0 demo/shibboleth/idp/Dockerfile
  208. +29 −0 demo/shibboleth/idp/shibboleth-idp/conf/attribute-filter.xml
  209. +293 −0 demo/shibboleth/idp/shibboleth-idp/conf/attribute-resolver.xml
  210. +195 −0 demo/shibboleth/idp/shibboleth-idp/conf/idp.properties
  211. +58 −0 demo/shibboleth/idp/shibboleth-idp/conf/ldap.properties
  212. +80 −0 demo/shibboleth/idp/shibboleth-idp/conf/metadata-providers.xml
  213. +19 −0 demo/shibboleth/idp/shibboleth-idp/credentials/idp-backchannel.crt
  214. BIN demo/shibboleth/idp/shibboleth-idp/credentials/idp-backchannel.p12
  215. BIN demo/shibboleth/idp/shibboleth-idp/credentials/idp-browser.p12
  216. +19 −0 demo/shibboleth/idp/shibboleth-idp/credentials/idp-encryption.crt
  217. +27 −0 demo/shibboleth/idp/shibboleth-idp/credentials/idp-encryption.key
  218. +19 −0 demo/shibboleth/idp/shibboleth-idp/credentials/idp-signing.crt
  219. +27 −0 demo/shibboleth/idp/shibboleth-idp/credentials/idp-signing.key
  220. BIN demo/shibboleth/idp/shibboleth-idp/credentials/sealer.jks
  221. +2 −0 demo/shibboleth/idp/shibboleth-idp/credentials/sealer.kver
  222. +207 −0 demo/shibboleth/idp/shibboleth-idp/metadata/idp-metadata.xml
  223. +82 −0 demo/shibboleth/idp/shibboleth-idp/metadata/midpoint-sp.xml
  224. +86 −0 demo/shibboleth/tests/main.bats
  225. +14 −0 demo/simple/.env
  226. +1 −0 demo/simple/configs-and-secrets/midpoint/application/database_password.txt
  227. +1 −0 demo/simple/configs-and-secrets/midpoint/application/keystore_password.txt
  228. +22 −0 demo/simple/configs-and-secrets/midpoint/httpd/host-cert.pem
  229. +28 −0 demo/simple/configs-and-secrets/midpoint/httpd/host-key.pem
  230. +68 −0 demo/simple/docker-compose.yml
  231. +90 −0 demo/simple/tests/main.bats
  232. +36 −0 download-midpoint.sh
  233. +588 −0 library.bash
  234. +39 −0 tests/main.bats
@@ -0,0 +1,3 @@
demo
.git
tests
@@ -0,0 +1,2 @@
midpoint-dist.tar.gz
.tmp
@@ -0,0 +1,115 @@
#
# Building assumes midpoint-dist.tar.gz is present in the current directory.
#

FROM tier/shibboleth_sp:3.0.4_03122019

MAINTAINER info@evolveum.com

RUN rpm --import http://repos.azulsystems.com/RPM-GPG-KEY-azulsystems
RUN curl -o /etc/yum.repos.d/zulu.repo http://repos.azulsystems.com/rhel/zulu.repo
RUN yum -y update
RUN yum -y install \
zulu-11 \
cron \
supervisor \
libcurl \
&& yum clean -y all

RUN rm /etc/shibboleth/sp-signing-key.pem /etc/shibboleth/sp-signing-cert.pem /etc/shibboleth/sp-encrypt-key.pem /etc/shibboleth/sp-encrypt-cert.pem\
&& cd /etc/httpd/conf.d/ \
&& rm -f autoindex.conf ssl.conf userdir.conf welcome.conf

COPY container_files/supervisor/supervisord.conf /etc/supervisor/supervisord.conf
COPY container_files/httpd/conf/* /etc/httpd/conf.d/
COPY container_files/shibboleth/* /etc/shibboleth/
COPY container_files/usr-local-bin/* /usr/local/bin/
COPY container_files/opt-tier/* /opt/tier/

RUN chmod 755 /opt/tier/setenv.sh \
&& chmod 755 /usr/local/bin/sendtierbeacon.sh \
&& chmod 755 /usr/local/bin/setup-cron.sh \
&& chmod 755 /usr/local/bin/setup-timezone.sh \
&& chmod 755 /usr/local/bin/start-midpoint.sh \
&& chmod 755 /usr/local/bin/start-httpd.sh \
&& chmod 755 /usr/local/bin/startup.sh \
&& chmod 755 /usr/local/bin/healthcheck.sh

RUN cp /dev/null /etc/httpd/conf.d/ssl.conf \
&& mv /etc/httpd/conf.d/shib.conf /etc/httpd/conf.d/shib.conf.auth.shibboleth \
&& touch /etc/httpd/conf.d/shib.conf.auth.internal \
&& sed -i 's/LogFormat "/LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;/g' /etc/httpd/conf/httpd.conf \
&& echo -e "\nErrorLogFormat \"httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i\"" >> /etc/httpd/conf/httpd.conf \
&& sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/tmp\/loghttpd"/g' /etc/httpd/conf/httpd.conf \
&& sed -i 's/ErrorLog "logs\/error_log"/ErrorLog "\/tmp\/loghttpd"/g' /etc/httpd/conf/httpd.conf \
&& echo -e "\nPassEnv ENV" >> /etc/httpd/conf/httpd.conf \
&& echo -e "\nPassEnv USERTOKEN" >> /etc/httpd/conf/httpd.conf

# Build arguments

ARG MP_VERSION=4.0.1
ARG MP_DIST_FILE=midpoint-dist.tar.gz

ENV MP_DIR /opt/midpoint

RUN mkdir -p ${MP_DIR}/var

COPY ${MP_DIST_FILE} ${MP_DIR}
COPY container_files/mp-dir/ ${MP_DIR}/

RUN echo 'Extracting midPoint archive...' \
&& tar xzf ${MP_DIR}/${MP_DIST_FILE} -C ${MP_DIR} --strip-components=1

# Disabled because of wider compatibility issues (e.g. AWS)
# TODO: consider all the consequences
#VOLUME ${MP_DIR}/var

# Repository parameters

ENV REPO_DATABASE_TYPE mariadb
ENV REPO_JDBC_URL default
ENV REPO_HOST midpoint_data
ENV REPO_PORT default
ENV REPO_DATABASE registry
ENV REPO_USER registry_user
ENV REPO_PASSWORD_FILE /run/secrets/mp_database_password.txt
ENV REPO_MISSING_SCHEMA_ACTION create
ENV REPO_UPGRADEABLE_SCHEMA_ACTION stop

# Logging parameters

ENV ENV demo
ENV USERTOKEN ""

# Authentication/web

ENV AUTHENTICATION internal
ENV SSO_HEADER uid
ENV AJP_ENABLED true
ENV AJP_PORT 9090
ENV LOGOUT_URL https://localhost:8443/Shibboleth.sso/Logout

# Other parameters

ENV MP_KEYSTORE_PASSWORD_FILE /run/secrets/mp_keystore_password.txt
ENV MP_MEM_MAX 2048m
ENV MP_MEM_INIT 1024m
ENV TIMEZONE UTC
ENV TIER_RELEASE not-released-yet
ENV TIER_MAINTAINER tier

# TIER Beacon Opt-out
# Completely uncomment the following ENV line to prevent the containers from sending analytics information to Internet2.
# With the default/release configuration, it will only send product (Shibb/Grouper/COmanage/midPoint) and version (4.0, etc)
# once daily between midnight and 4am. There is no configuration or private information collected or sent.
# This data helps with the scaling and funding of TIER. Please do not disable it if you find the TIER tools useful.
# To keep it commented, keep multiple comments on the following line (to prevent other scripts from processing it).
##### ENV TIER_BEACON_OPT_OUT true

# requires MP_VERSION and TIER_xyz variables so we have to execute it here

RUN /opt/tier/setenv.sh

HEALTHCHECK --interval=1m --timeout=30s --start-period=2m CMD /usr/local/bin/healthcheck.sh

CMD ["/usr/local/bin/startup.sh"]
@@ -0,0 +1,118 @@
pipeline {
agent any
environment {
maintainer = "t"
imagename = 'm'
tag = 'l'
}
stages {
stage ('Setting build context') {
steps {
script {
maintainer = maintain()
imagename = imagename()
if (env.BRANCH_NAME == "master") {
tag = "latest"
} else {
tag = env.BRANCH_NAME
}
if (!imagename) {
echo "You must define imagename in common.bash"
currentBuild.result = 'FAILURE'
}
sh 'mkdir -p bin'
sh 'mkdir -p tmp'
dir ('tmp') {
git([ url: "https://github.internet2.edu/docker/util.git", credentialsId: "jenkins-github-access-token" ])
sh 'ls -l'
sh 'ls -lR ../bin'
sh 'rm -r ../bin/windows || true'
sh 'mv bin/* ../bin/.'
}
// Build and test scripts expect that 'tag' is present in common.bash. This is necessary for both Jenkins and standalone testing.
// We don't care if there are more 'tag' assignments there. The latest one wins.
sh "echo >> common.bash ; echo \"tag=\\\"${tag}\\\"\" >> common.bash ; echo common.bash ; cat common.bash"
}
}
}
stage ('Build') {
steps {
script {
try {
// using custom ./build.sh instead of bin/rebuild.sh because the bin/ version does not support building specific tag yet
sh './build.sh -r 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
} catch (error) {
def error_details = readFile('./debug')
def message = "BUILD ERROR: There was a problem building ${imagename}:${tag}. \n\n ${error_details}"
sh "rm -f ./debug"
handleError(message)
}
}
}
}
stage ('Test') {
steps {
script {
try {
sh 'echo Docker containers before root tests ; docker ps -a' // temporary
sh 'bin/test.sh 2>&1 | tee debug ; test ${PIPESTATUS[0]} -eq 0'
sh 'echo Docker containers before compositions tests ; docker ps -a' // temporary

sh '(cd demo/simple ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
sh '(cd demo/shibboleth ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
sh '(cd demo/postgresql ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
sh '(cd demo/grouper ; bats tests ) 2>&1 | tee -a debug ; test ${PIPESTATUS[0]} -eq 0'
} catch (error) {
def error_details = readFile('./debug')
def message = "BUILD ERROR: There was a problem testing ${imagename}:${tag}. \n\n ${error_details}"
sh "rm -f ./debug"
handleError(message)
}
}
}
}
stage ('Push') {
steps {
script {
docker.withRegistry('https://registry.hub.docker.com/', "dockerhub-$maintainer") {
def baseImg = docker.build("$maintainer/$imagename")
baseImg.push("$tag")
}
}
}
}
stage ('Notify') {
steps {
echo "$maintainer"
slackSend color: 'good', message: "$maintainer/$imagename:$tag pushed to DockerHub"
}
}
}
post {
always {
echo 'Done Building.'
}
failure {
// slackSend color: 'good', message: "Build failed"
handleError("BUILD ERROR: There was a problem building ${maintainer}/${imagename}:${tag}.")
}
}
}


def maintain() {
def matcher = readFile('common.bash') =~ 'maintainer="(.+)"'
matcher ? matcher[0][1] : 'tier'
}

def imagename() {
def matcher = readFile('common.bash') =~ 'imagename="(.+)"'
matcher ? matcher[0][1] : null
}

def handleError(String message) {
echo "${message}"
currentBuild.setResult("FAILED")
slackSend color: 'danger', message: "${message}"
sh 'exit 1'
}
@@ -0,0 +1,29 @@
[![Build Status](https://jenkins.testbed.tier.internet2.edu/buildStatus/icon?job=docker/midPoint_container/3.9)](https://jenkins.testbed.tier.internet2.edu/buildStatus/icon?job=docker/midPoint_container/3.9)

This repository contains sources for TIER-supported [midPoint](http://midpoint.evolveum.com) image.

The image contains the midPoint application along with some TIER-specific components: Apache reverse proxy with optional Shibboleth filter and TIER Beacon.

# Supported tags
- latest
- midPoint version-specific branches, e.g. 3.9, 3.9.1, 4.0, etc.

# Content
- the root directory contains build instructions for the `midpoint` image
- `demo` directory contains a couple of demonstration scenarios:
- `simple` to show simple composition of midPoint with the repository,
- `shibboleth` to show integration with Shibboleth IdP,
- `postgresql` to show how to use alternative dockerized repository,
- `extrepo` to show how to use external repository,
- `grouper` to demonstrate more complex deployment of midPoint in a sample university environment, featuring midPoint along with Grouper, LDAP directory, RabbitMQ, Shibboleth IdP, source and target systems.

# Build instructions
```
$ ./build.sh
```
You can then continue with one of demo composition.

# Documentation
Please see [Dockerized midPoint](https://spaces.at.internet2.edu/display/MID/Dockerized+midPoint) wiki page.

This is a work in progress, suitable for testing.
@@ -0,0 +1,48 @@
#!/bin/bash

cd "$(dirname "$0")"
source common.bash

SKIP_DOWNLOAD=0
REFRESH=""
while getopts "nhr?" opt; do
case $opt in
n)
SKIP_DOWNLOAD=1
;;
r)
result=$(docker ps -a | grep $maintainer/$imagename:$tag)
if [ ! -z "$result" ]; then
echo "Cleaning up $maintainer/$imagename:$tag..."
docker rm -f $(docker ps -a | grep $maintainer/$imagename:$tag | awk '{print $1}')
docker rmi -f $maintainer/$imagename:$tag
echo "Done"
fi
REFRESH="--no-cache --pull"
echo "Using 'refresh' mode: $REFRESH"
;;
h | ?)
echo "Options: -n skip download"
echo " -r refresh mode: uses --no-cache --pull and removes container and image before build"
exit 0
;;
*)
echo "Unknown option: $opt"
exit 1
;;
esac
done
if [ "$SKIP_DOWNLOAD" = "0" ]; then ./download-midpoint.sh || exit 1; fi
docker build $REFRESH --tag $maintainer/$imagename:$tag --build-arg maintainer=$maintainer --build-arg imagename=$imagename . || exit 1
echo "---------------------------------------------------------------------------------------"
echo "The midPoint containers were successfully built. To start them, execute the following:"
echo ""
echo "(for simple demo)"
echo ""
echo "$ cd" $(pwd)/demo/simple
echo "$ docker-compose up"
echo ""
echo "(for Grouper integration demo)"
echo ""
echo "$ cd" $(pwd)/demo/grouper
echo "$ docker-compose up --build"
@@ -0,0 +1,3 @@
maintainer="tier"
imagename="midpoint"
tag="latest"
@@ -0,0 +1,6 @@

Timeout 2400
ProxyTimeout 2400
ProxyBadHeader Ignore

ProxyPass /midpoint ajp://localhost:9090/midpoint timeout=2400 retry=0
@@ -0,0 +1,21 @@

Timeout 2400
ProxyTimeout 2400
ProxyBadHeader Ignore

ProxyPass /midpoint ajp://localhost:9090/midpoint timeout=2400 retry=0

<Location /midpoint>
AuthType shibboleth
ShibRequestSetting requireSession 1
ShibRequireSession on
ShibUseHeaders On
require shibboleth
</Location>

<Location ~ "/midpoint/(actuator/health|js/*|css/*|img/*|less/*|fonts/*|model/*|ws/*|rest/*|report/*|wro/*|static-web/*|wicket/resource/*)">
Satisfy Any
Allow from all
AuthType None
Require all granted
</Location>
@@ -0,0 +1,28 @@
# modern configuration, tweak to your needs
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off

# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)

Listen 443 https
<VirtualHost *:443>
RewriteEngine on
RewriteRule "^/$" "/midpoint/" [R]


SSLEngine on
SSLCertificateChainFile /etc/pki/tls/certs/cachain.pem

SSLCertificateFile /etc/pki/tls/certs/host-cert.pem

SSLCertificateKeyFile /etc/pki/tls/private/host-key.pem

# HSTS (mod_headers is required) (15768000 seconds = 6 months)
Header always set Strict-Transport-Security "max-age=15768000"
</VirtualHost>
@@ -0,0 +1,13 @@
#!/bin/bash

case $AUTHENTICATION in
shibboleth)
echo "default,sso"
;;
internal)
echo "default"
;;
*)
echo "default"
esac

0 comments on commit 6dd9ae3

Please sign in to comment.
You can’t perform that action at this time.