From 7e560ed4f0c5a1fe82fc9f69944fe2feacc77fa3 Mon Sep 17 00:00:00 2001
From: Paul Caskey <pcaskey@internet2.edu>
Date: Wed, 9 Aug 2023 16:29:53 +0000
Subject: [PATCH] update grouper and midpoint

---
 .../grouper/application/grouper.hibernate.properties |  6 +++---
 Workbench/docker-compose.yml                         |  8 ++++----
 Workbench/grouper_daemon/Dockerfile                  |  4 +++-
 Workbench/grouper_data/Dockerfile                    | 12 +++++++-----
 .../container_files/sql/createSQLuser.sql            |  6 +++---
 Workbench/grouper_ui/Dockerfile                      |  3 ++-
 Workbench/grouper_ws/Dockerfile                      |  4 +++-
 Workbench/midpoint_server/Dockerfile                 |  2 +-
 Workbench/webproxy/container_files/httpd/index.html  |  4 ++--
 9 files changed, 28 insertions(+), 21 deletions(-)

diff --git a/Workbench/configs-and-secrets/grouper/application/grouper.hibernate.properties b/Workbench/configs-and-secrets/grouper/application/grouper.hibernate.properties
index 0806802..8bbdef1 100755
--- a/Workbench/configs-and-secrets/grouper/application/grouper.hibernate.properties
+++ b/Workbench/configs-and-secrets/grouper/application/grouper.hibernate.properties
@@ -20,12 +20,12 @@
 # e.g. hsqldb (b):      jdbc:hsqldb:hsql://localhost:9001/grouper
 # e.g. postgres:        jdbc:postgresql://localhost:5432/database
 # e.g. mssql:           jdbc:sqlserver://localhost:3280;databaseName=grouper
-hibernate.connection.url = jdbc:mysql://grouper_data:3306/grouper?CharSet=utf8&useUnicode=true&characterEncoding=utf8
+hibernate.connection.url = jdbc:postgresql://grouper-data:5432/grouper
 
-hibernate.connection.username         = grouper
+hibernate.connection.username = grouper
 # If you are using an empty password, depending upon your version of
 # Java and Ant you may need to specify a password of "".
 # Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122
 # hibernate.connection.password.elConfig = ${java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD') }
-hibernate.connection.password         = password
+hibernate.connection.password = password
 
diff --git a/Workbench/docker-compose.yml b/Workbench/docker-compose.yml
index 362f509..ddc83d0 100644
--- a/Workbench/docker-compose.yml
+++ b/Workbench/docker-compose.yml
@@ -3,7 +3,7 @@ version: "3.3"
 services:
   grouper_daemon:
     build: ./grouper_daemon/
-    command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql on grouper_data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec daemon"
+    command: bash -c "while ! nc -z grouper-data 5432; do echo waiting for pgsql on grouper_data to start; sleep 3; done; while ! nc -z directory 389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec daemon"
     depends_on:
      - grouper_data
      - directory
@@ -48,7 +48,7 @@ services:
       context: ./grouper_ui/
       args:
         - CSPHOSTNAME
-    command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql on grouper_data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec ui"
+    command: bash -c "while ! nc -z grouper-data 5432; do echo waiting for pgsql on grouper_data to start; sleep 3; done; while ! nc -z directory 389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec ui"
     depends_on:
      - grouper_data
      - directory
@@ -109,7 +109,7 @@ services:
        target: /opt/grouper/grouperWebapp/WEB-INF/classes/subject.properties
   grouper_ws:
     build: ./grouper_ws/
-    command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap to start; sleep 3; done; exec ws"
+    command: bash -c "while ! nc -z grouper_data 5432; do echo waiting for pgsql to start; sleep 3; done; while ! nc -z directory 389; do echo waiting for ldap to start; sleep 3; done; exec ws"
     depends_on:
      - grouper_data
      - directory
@@ -248,7 +248,7 @@ services:
      - comanage_midpoint_data:/var/lib/postgresql/data
 
   data_init:
-    image: i2incommon/midpoint:4.6
+    image: i2incommon/midpoint:4.7.1
     command: >
         bash -c "
         chmod 777 /opt/mp-pw/ ;
diff --git a/Workbench/grouper_daemon/Dockerfile b/Workbench/grouper_daemon/Dockerfile
index b9a458f..79fb8cf 100644
--- a/Workbench/grouper_daemon/Dockerfile
+++ b/Workbench/grouper_daemon/Dockerfile
@@ -1,4 +1,6 @@
-FROM i2incommon/grouper:4.4.0
+FROM i2incommon/grouper:4.5.2
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
 
+RUN yum -y install netcat
+
diff --git a/Workbench/grouper_data/Dockerfile b/Workbench/grouper_data/Dockerfile
index 87662aa..0811c3d 100644
--- a/Workbench/grouper_data/Dockerfile
+++ b/Workbench/grouper_data/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/grouper:4.4.0
+FROM i2incommon/grouper:4.5.2
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
 
@@ -21,10 +21,12 @@ RUN sudo -u postgres initdb -D /var/lib/pgsql/data/ --username=postgres --pwfile
 #create grouper DB
 RUN sudo -u postgres pg_ctl start -D /var/lib/pgsql/data/ \
     && psql -U postgres -f /createSQLuser.sql \
-    && /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh -registry -check -runscript -noprompt && \
-    /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh /tmp/initialize.gsh && \
-    /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh /tmp/set-prov.gsh
+    && /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh -registry -check -runscript -noprompt \
+    && /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh /tmp/initialize.gsh \
+    && /opt/grouper/grouperWebapp/WEB-INF/bin/gsh.sh /tmp/set-prov.gsh
+
+RUN echo "host    all             all             0.0.0.0/0            trust" >> /var/lib/pgsql/data/pg_hba.conf
 
 EXPOSE 5432
 
-CMD sudo -u postgres postgres -D /var/lib/pgsql/data/
+CMD sudo -u postgres postgres -c listen_addresses='*' -D /var/lib/pgsql/data/
diff --git a/Workbench/grouper_data/container_files/sql/createSQLuser.sql b/Workbench/grouper_data/container_files/sql/createSQLuser.sql
index 8037ea4..7827999 100644
--- a/Workbench/grouper_data/container_files/sql/createSQLuser.sql
+++ b/Workbench/grouper_data/container_files/sql/createSQLuser.sql
@@ -1,4 +1,4 @@
+CREATE USER grouper PASSWORD 'password';
 CREATE DATABASE grouper;
-CREATE USER grouper WITH PASSWORD 'password';
-CREATE SCHEMA grouper;
-GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA grouper TO grouper;
+GRANT ALL PRIVILEGES ON DATABASE grouper TO grouper;
+ALTER DATABASE grouper OWNER TO grouper;
diff --git a/Workbench/grouper_ui/Dockerfile b/Workbench/grouper_ui/Dockerfile
index 23d49a0..2e8d2a5 100644
--- a/Workbench/grouper_ui/Dockerfile
+++ b/Workbench/grouper_ui/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/grouper:4.4.0
+FROM i2incommon/grouper:4.5.2
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
 
@@ -7,6 +7,7 @@ ENV CSPHOSTNAME=$CSPHOSTNAME
 ENV GROUPER_UI_CONFIGURATION_EDITOR_SOURCEIPADDRESSES='0.0.0.0/0'
 
 RUN yum -y update
+RUN yum -y install netcat
 
 COPY container_files/shibboleth/idp-metadata.xml /etc/shibboleth/
 
diff --git a/Workbench/grouper_ws/Dockerfile b/Workbench/grouper_ws/Dockerfile
index 89dd81e..09b2663 100644
--- a/Workbench/grouper_ws/Dockerfile
+++ b/Workbench/grouper_ws/Dockerfile
@@ -1,7 +1,9 @@
-FROM i2incommon/grouper:4.4.0
+FROM i2incommon/grouper:4.5.2
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
 
+RUN yum -y install netcat
+
 COPY container_files/web.xml /opt/grouper/grouperWebapp/WEB-INF/
 COPY container_files/tomcat-users.xml /opt/tomee/conf/
 COPY container_files/server.xml /opt/tomee/conf/
diff --git a/Workbench/midpoint_server/Dockerfile b/Workbench/midpoint_server/Dockerfile
index 191fdfb..b41ea7c 100644
--- a/Workbench/midpoint_server/Dockerfile
+++ b/Workbench/midpoint_server/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/midpoint:4.6
+FROM i2incommon/midpoint:4.7.1
 
 ARG CSPHOSTNAME=localhost
 ENV CSPHOSTNAME=$CSPHOSTNAME
diff --git a/Workbench/webproxy/container_files/httpd/index.html b/Workbench/webproxy/container_files/httpd/index.html
index 1d8da5e..ce9d316 100644
--- a/Workbench/webproxy/container_files/httpd/index.html
+++ b/Workbench/webproxy/container_files/httpd/index.html
@@ -9,8 +9,8 @@ <h3>Welcome to the InCommon TAP Workbench!</h3>
 The system contains the following TAP components (click the links to access each component in its own tab):
 
 <ul>
-<li><a href="https://__CSPHOSTNAME__/grouper" target="TAP-WB-GROUPER">Grouper (2.6.19)</a></li>
-<li><a href="https://__CSPHOSTNAME__/midpoint" target="TAP-WB-MIDPOINT">midPoint (4.6)</a></li>
+<li><a href="https://__CSPHOSTNAME__/grouper" target="TAP-WB-GROUPER">Grouper (4.5.2)</a></li>
+<li><a href="https://__CSPHOSTNAME__/midpoint" target="TAP-WB-MIDPOINT">midPoint (4.7.1)</a></li>
 <ul><li><a href="https://__CSPHOSTNAME__/midPoint-doc.html" target="TAP-WB-MIDPOINT-CONFIG">Technical doc on midPoint's configuration</a></li></ul>
 <li><a href="https://__CSPHOSTNAME__/registry" target="TAP-WB-COMANAGE">COmanage Registry (4.1.0)</a></li>
 <li><a href="https://__CSPHOSTNAME__/idpui/" target="TAP-WB-IDPUI">Shibboleth IdP UI (1.18.0)</a></li>