From 795d6e923b863e0ddbde15b47cbaea9ca1115f4a Mon Sep 17 00:00:00 2001 From: root Date: Fri, 27 Jan 2023 23:01:54 +0000 Subject: [PATCH] updates to grouper, midpoint, comanage --- Workbench/comanage/Dockerfile | 3 +- Workbench/comanage_cron/Dockerfile | 3 +- .../application/grouper-loader.properties | 40 +++++++++++++++++++ .../application/grouper.client.properties | 0 .../application/grouper.hibernate.properties | 6 ++- .../grouper/application/grouper.properties | 0 .../grouper/application/subject.properties | 0 .../grouper/httpd/shib.conf | 0 Workbench/docker-compose.yml | 2 +- Workbench/grouper_daemon/Dockerfile | 2 +- Workbench/grouper_data/Dockerfile | 6 ++- .../conf/grouper.hibernate.properties | 6 ++- Workbench/grouper_ui/Dockerfile | 2 +- Workbench/grouper_ws/Dockerfile | 2 +- Workbench/idp/Dockerfile | 2 +- Workbench/idp_ui/Dockerfile | 2 +- Workbench/idp_ui_api/Dockerfile | 2 +- Workbench/midpoint_server/Dockerfile | 2 +- .../webproxy/container_files/httpd/index.html | 18 ++++----- 19 files changed, 74 insertions(+), 24 deletions(-) mode change 100644 => 100755 Workbench/configs-and-secrets/grouper/application/grouper-loader.properties mode change 100644 => 100755 Workbench/configs-and-secrets/grouper/application/grouper.client.properties mode change 100644 => 100755 Workbench/configs-and-secrets/grouper/application/grouper.hibernate.properties mode change 100644 => 100755 Workbench/configs-and-secrets/grouper/application/grouper.properties mode change 100644 => 100755 Workbench/configs-and-secrets/grouper/application/subject.properties mode change 100644 => 100755 Workbench/configs-and-secrets/grouper/httpd/shib.conf diff --git a/Workbench/comanage/Dockerfile b/Workbench/comanage/Dockerfile index 8e2f543..8c3fda4 100644 --- a/Workbench/comanage/Dockerfile +++ b/Workbench/comanage/Dockerfile @@ -1,4 +1,5 @@ -FROM i2incommon/comanage-registry:4.0.2-20220223 +FROM i2incommon/comanage-registry:4.1.0-20230117 +#FROM i2incommon/comanage-registry:4.0.2-20220223 ENV COMANAGE_REGISTRY_ADMIN_FAMILY_NAME=Anderson ENV COMANAGE_REGISTRY_ADMIN_USERNAME=banderson diff --git a/Workbench/comanage_cron/Dockerfile b/Workbench/comanage_cron/Dockerfile index a9b2242..47ed382 100644 --- a/Workbench/comanage_cron/Dockerfile +++ b/Workbench/comanage_cron/Dockerfile @@ -1,4 +1,5 @@ -FROM i2incommon/comanage-registry-cron:4.0.2-20220223 +FROM i2incommon/comanage-registry-cron:4.1.0-20230117 +#FROM i2incommon/comanage-registry-cron:4.0.2-20220223 ENV COMANAGE_REGISTRY_ADMIN_FAMILY_NAME=Anderson ENV COMANAGE_REGISTRY_ADMIN_USERNAME=banderson diff --git a/Workbench/configs-and-secrets/grouper/application/grouper-loader.properties b/Workbench/configs-and-secrets/grouper/application/grouper-loader.properties old mode 100644 new mode 100755 index 62ef5f0..a3d5c61 --- a/Workbench/configs-and-secrets/grouper/application/grouper-loader.properties +++ b/Workbench/configs-and-secrets/grouper/application/grouper-loader.properties @@ -52,6 +52,46 @@ db.sis.url = jdbc:mysql://sources:3306/sis db.sis.driver = com.mysql.jdbc.Driver +# midpoint External System +#db.midPoint.driver = com.mysql.jdbc.Driver +db.midPoint.driver = com.mysql.cj.jdbc.Driver +#db.midPoint.pass = ${java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD') } +db.midPoint.pass = password +db.midPoint.url = jdbc:mysql://grouper_data:3306/grouper_to_midpoint?CharSet=utf8&useUnicode=true&characterEncoding=utf8 +db.midPoint.user = grouper + +# provisioner midpoint +provisioner.midPoint.class = edu.internet2.middleware.grouper.app.midpointProvisioning.MidPointProvisioner +provisioner.midPoint.customizeEntityCrud = true +provisioner.midPoint.customizeGroupCrud = true +provisioner.midPoint.customizeMembershipCrud = true +provisioner.midPoint.dbExternalSystemConfigId = midPoint +provisioner.midPoint.deleteEntities = false +provisioner.midPoint.deleteGroups = false +provisioner.midPoint.deleteMemberships = false +provisioner.midPoint.makeChangesToEntities = true +provisioner.midPoint.midPointDeletedColumnName = deleted +provisioner.midPoint.midPointLastModifiedColumnName = last_modified +provisioner.midPoint.midPointLastModifiedColumnType = long +provisioner.midPoint.midPointTablesPrefix = gr +provisioner.midPoint.operateOnGrouperEntities = true +provisioner.midPoint.operateOnGrouperGroups = true +provisioner.midPoint.operateOnGrouperMemberships = true +provisioner.midPoint.provisioningType = membershipObjects +provisioner.midPoint.selectAllEntities = true +provisioner.midPoint.startWith = this is start with read only +provisioner.midPoint.subjectSourcesToProvision = ldap + +# changeLog/FullSync midPoint +changeLog.consumer.midPoint.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer +changeLog.consumer.midPoint.provisionerConfigId = midPoint +changeLog.consumer.midPoint.publisher.class = edu.internet2.middleware.grouper.app.provisioning.ProvisioningConsumer +changeLog.consumer.midPoint.quartzCron = 0/10 * * * * ? +otherJob.midPoint_FullSync.class = edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningFullSyncJob +otherJob.midPoint_FullSync.provisionerConfigId = midPoint +otherJob.midPoint_FullSync.quartzCron = 0 0 4 * * ? + + ##################################### ## Messaging integration with change log ##################################### diff --git a/Workbench/configs-and-secrets/grouper/application/grouper.client.properties b/Workbench/configs-and-secrets/grouper/application/grouper.client.properties old mode 100644 new mode 100755 diff --git a/Workbench/configs-and-secrets/grouper/application/grouper.hibernate.properties b/Workbench/configs-and-secrets/grouper/application/grouper.hibernate.properties old mode 100644 new mode 100755 index deb0d75..0806802 --- a/Workbench/configs-and-secrets/grouper/application/grouper.hibernate.properties +++ b/Workbench/configs-and-secrets/grouper/application/grouper.hibernate.properties @@ -22,8 +22,10 @@ # e.g. mssql: jdbc:sqlserver://localhost:3280;databaseName=grouper hibernate.connection.url = jdbc:mysql://grouper_data:3306/grouper?CharSet=utf8&useUnicode=true&characterEncoding=utf8 -hibernate.connection.username = root +hibernate.connection.username = grouper # If you are using an empty password, depending upon your version of # Java and Ant you may need to specify a password of "". # Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122 -hibernate.connection.password.elConfig = ${java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD') } +# hibernate.connection.password.elConfig = ${java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD') } +hibernate.connection.password = password + diff --git a/Workbench/configs-and-secrets/grouper/application/grouper.properties b/Workbench/configs-and-secrets/grouper/application/grouper.properties old mode 100644 new mode 100755 diff --git a/Workbench/configs-and-secrets/grouper/application/subject.properties b/Workbench/configs-and-secrets/grouper/application/subject.properties old mode 100644 new mode 100755 diff --git a/Workbench/configs-and-secrets/grouper/httpd/shib.conf b/Workbench/configs-and-secrets/grouper/httpd/shib.conf old mode 100644 new mode 100755 diff --git a/Workbench/docker-compose.yml b/Workbench/docker-compose.yml index 964c101..5d6bc40 100644 --- a/Workbench/docker-compose.yml +++ b/Workbench/docker-compose.yml @@ -246,7 +246,7 @@ services: - comanage_midpoint_data:/var/lib/postgresql/data data_init: - image: i2incommon/midpoint:4.5 + image: i2incommon/midpoint:4.6 command: > bash -c " chmod 777 /opt/mp-pw/ ; diff --git a/Workbench/grouper_daemon/Dockerfile b/Workbench/grouper_daemon/Dockerfile index ed2aac3..6a4f9b8 100644 --- a/Workbench/grouper_daemon/Dockerfile +++ b/Workbench/grouper_daemon/Dockerfile @@ -1,4 +1,4 @@ -FROM i2incommon/grouper:2.6.16 +FROM i2incommon/grouper:2.6.19 LABEL author="tier-packaging@internet2.edu " diff --git a/Workbench/grouper_data/Dockerfile b/Workbench/grouper_data/Dockerfile index 5a548cc..07cc0bd 100644 --- a/Workbench/grouper_data/Dockerfile +++ b/Workbench/grouper_data/Dockerfile @@ -1,4 +1,4 @@ -FROM i2incommon/grouper:2.6.16 +FROM i2incommon/grouper:2.6.19 LABEL author="tier-packaging@internet2.edu " @@ -10,6 +10,8 @@ RUN yum install -y epel-release \ COPY container_files/conf/ /opt/grouper/grouperWebapp/WEB-INF/classes/ COPY container_files/bootstrap/ /tmp/ +COPY container_files/mysql/createDBforMP.sql / +COPY container_files/mysql/setupDBforMP.sql / RUN ln -s /usr/bin/resolveip /usr/libexec/resolveip @@ -25,6 +27,8 @@ RUN mysql_install_db \ && echo "mysqladmin --silent --wait=30 ping || exit 1" >> /tmp/config \ && echo "mysql -e 'GRANT ALL PRIVILEGES ON *.* TO \"root\"@\"%\" WITH GRANT OPTION;'" >> /tmp/config \ && echo "mysql -e 'CREATE DATABASE grouper CHARACTER SET utf8 COLLATE utf8_bin;'" >> /tmp/config \ + && echo "mysql < /createDBforMP.sql" >> /tmp/config \ + && echo "mysql -u grouper -p'password' grouper_to_midpoint < /setupDBforMP.sql" >> /tmp/config \ && bash /tmp/config \ && rm -f /tmp/config diff --git a/Workbench/grouper_data/container_files/conf/grouper.hibernate.properties b/Workbench/grouper_data/container_files/conf/grouper.hibernate.properties index 154b8eb..c0a1e47 100644 --- a/Workbench/grouper_data/container_files/conf/grouper.hibernate.properties +++ b/Workbench/grouper_data/container_files/conf/grouper.hibernate.properties @@ -22,8 +22,10 @@ # e.g. mssql: jdbc:sqlserver://localhost:3280;databaseName=grouper hibernate.connection.url = jdbc:mysql://localhost:3306/grouper?CharSet=utf8&useUnicode=true&characterEncoding=utf8 -hibernate.connection.username = root +hibernate.connection.username = grouper # If you are using an empty password, depending upon your version of # Java and Ant you may need to specify a password of "". # Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122 -hibernate.connection.password = +hibernate.connection.password = password +registry.auto.ddl.upToVersion = 2.6.* + diff --git a/Workbench/grouper_ui/Dockerfile b/Workbench/grouper_ui/Dockerfile index 1b08601..caec998 100644 --- a/Workbench/grouper_ui/Dockerfile +++ b/Workbench/grouper_ui/Dockerfile @@ -1,4 +1,4 @@ -FROM i2incommon/grouper:2.6.16 +FROM i2incommon/grouper:2.6.19 LABEL author="tier-packaging@internet2.edu " diff --git a/Workbench/grouper_ws/Dockerfile b/Workbench/grouper_ws/Dockerfile index c0613a6..d6b603c 100644 --- a/Workbench/grouper_ws/Dockerfile +++ b/Workbench/grouper_ws/Dockerfile @@ -1,4 +1,4 @@ -FROM i2incommon/grouper:2.6.16 +FROM i2incommon/grouper:2.6.19 LABEL author="tier-packaging@internet2.edu " diff --git a/Workbench/idp/Dockerfile b/Workbench/idp/Dockerfile index fa3fac4..ff7c26d 100644 --- a/Workbench/idp/Dockerfile +++ b/Workbench/idp/Dockerfile @@ -1,4 +1,4 @@ -FROM tier/shib-idp:latest +FROM i2incommon/shib-idp:4.3.0_20230118 LABEL author="tier-packaging@internet2.edu " diff --git a/Workbench/idp_ui/Dockerfile b/Workbench/idp_ui/Dockerfile index f0029ed..cd5e7e3 100644 --- a/Workbench/idp_ui/Dockerfile +++ b/Workbench/idp_ui/Dockerfile @@ -1,4 +1,4 @@ -FROM i2incommon/shib-idp-ui:1.13.3 +FROM i2incommon/shib-idp-ui:1.16.0 ARG CSPHOSTNAME=localhost ENV CSPHOSTNAME=$CSPHOSTNAME diff --git a/Workbench/idp_ui_api/Dockerfile b/Workbench/idp_ui_api/Dockerfile index c3fb509..d4d66e7 100644 --- a/Workbench/idp_ui_api/Dockerfile +++ b/Workbench/idp_ui_api/Dockerfile @@ -1,4 +1,4 @@ -FROM i2incommon/shib-idp-ui:1.13.3 +FROM i2incommon/shib-idp-ui:1.16.0 ARG CSPHOSTNAME=localhost ENV CSPHOSTNAME=$CSPHOSTNAME diff --git a/Workbench/midpoint_server/Dockerfile b/Workbench/midpoint_server/Dockerfile index e482e0a..191fdfb 100644 --- a/Workbench/midpoint_server/Dockerfile +++ b/Workbench/midpoint_server/Dockerfile @@ -1,4 +1,4 @@ -FROM i2incommon/midpoint:4.5 +FROM i2incommon/midpoint:4.6 ARG CSPHOSTNAME=localhost ENV CSPHOSTNAME=$CSPHOSTNAME diff --git a/Workbench/webproxy/container_files/httpd/index.html b/Workbench/webproxy/container_files/httpd/index.html index f0bdd5e..352e934 100644 --- a/Workbench/webproxy/container_files/httpd/index.html +++ b/Workbench/webproxy/container_files/httpd/index.html @@ -9,11 +9,11 @@

Welcome to the InCommon TAP Workbench!

The system contains the following TAP components (click the links to access each component in its own tab):
@@ -32,13 +32,13 @@

Welcome to the InCommon TAP Workbench!


Shibboleth SAML Identity Provider and Service Providers: