Merge pull request #138 from internet2/pc_feb2023

updates to grouper, midpoint, comanage
internet2 · Jan 30, 2023 · c6231a7 · c6231a7
2 parents 0aa7d5b + 795d6e9
commit c6231a7
Show file tree

Hide file tree

Showing 19 changed files with 74 additions and 24 deletions.
diff --git a/Workbench/comanage/Dockerfile b/Workbench/comanage/Dockerfile
@@ -1,4 +1,5 @@
-FROM i2incommon/comanage-registry:4.0.2-20220223
+FROM i2incommon/comanage-registry:4.1.0-20230117
+#FROM i2incommon/comanage-registry:4.0.2-20220223
 
 ENV COMANAGE_REGISTRY_ADMIN_FAMILY_NAME=Anderson
 ENV COMANAGE_REGISTRY_ADMIN_USERNAME=banderson

diff --git a/Workbench/comanage_cron/Dockerfile b/Workbench/comanage_cron/Dockerfile
@@ -1,4 +1,5 @@
-FROM i2incommon/comanage-registry-cron:4.0.2-20220223
+FROM i2incommon/comanage-registry-cron:4.1.0-20230117
+#FROM i2incommon/comanage-registry-cron:4.0.2-20220223
 
 ENV COMANAGE_REGISTRY_ADMIN_FAMILY_NAME=Anderson
 ENV COMANAGE_REGISTRY_ADMIN_USERNAME=banderson

diff --git a/Workbench/configs-and-secrets/grouper/application/grouper-loader.properties b/Workbench/configs-and-secrets/grouper/application/grouper-loader.properties
@@ -52,6 +52,46 @@ db.sis.url = jdbc:mysql://sources:3306/sis
 db.sis.driver = com.mysql.jdbc.Driver
 
 
+# midpoint External System
+#db.midPoint.driver = com.mysql.jdbc.Driver
+db.midPoint.driver = com.mysql.cj.jdbc.Driver
+#db.midPoint.pass = ${java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD') }
+db.midPoint.pass = password
+db.midPoint.url = jdbc:mysql://grouper_data:3306/grouper_to_midpoint?CharSet=utf8&useUnicode=true&characterEncoding=utf8
+db.midPoint.user = grouper
+
+# provisioner midpoint
+provisioner.midPoint.class = edu.internet2.middleware.grouper.app.midpointProvisioning.MidPointProvisioner
+provisioner.midPoint.customizeEntityCrud = true
+provisioner.midPoint.customizeGroupCrud = true
+provisioner.midPoint.customizeMembershipCrud = true
+provisioner.midPoint.dbExternalSystemConfigId = midPoint
+provisioner.midPoint.deleteEntities = false
+provisioner.midPoint.deleteGroups = false
+provisioner.midPoint.deleteMemberships = false
+provisioner.midPoint.makeChangesToEntities = true
+provisioner.midPoint.midPointDeletedColumnName = deleted
+provisioner.midPoint.midPointLastModifiedColumnName = last_modified
+provisioner.midPoint.midPointLastModifiedColumnType = long
+provisioner.midPoint.midPointTablesPrefix = gr
+provisioner.midPoint.operateOnGrouperEntities = true
+provisioner.midPoint.operateOnGrouperGroups = true
+provisioner.midPoint.operateOnGrouperMemberships = true
+provisioner.midPoint.provisioningType = membershipObjects
+provisioner.midPoint.selectAllEntities = true
+provisioner.midPoint.startWith = this is start with read only
+provisioner.midPoint.subjectSourcesToProvision = ldap
+
+# changeLog/FullSync midPoint
+changeLog.consumer.midPoint.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer
+changeLog.consumer.midPoint.provisionerConfigId = midPoint
+changeLog.consumer.midPoint.publisher.class = edu.internet2.middleware.grouper.app.provisioning.ProvisioningConsumer
+changeLog.consumer.midPoint.quartzCron = 0/10 * * * * ?
+otherJob.midPoint_FullSync.class = edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningFullSyncJob
+otherJob.midPoint_FullSync.provisionerConfigId = midPoint
+otherJob.midPoint_FullSync.quartzCron = 0 0 4 * * ?
+
+
 #####################################
 ## Messaging integration with change log
 #####################################

diff --git a/Workbench/configs-and-secrets/grouper/application/grouper.client.properties b/Workbench/configs-and-secrets/grouper/application/grouper.client.properties
diff --git a/Workbench/configs-and-secrets/grouper/application/grouper.hibernate.properties b/Workbench/configs-and-secrets/grouper/application/grouper.hibernate.properties
@@ -22,8 +22,10 @@
 # e.g. mssql:           jdbc:sqlserver://localhost:3280;databaseName=grouper
 hibernate.connection.url = jdbc:mysql://grouper_data:3306/grouper?CharSet=utf8&useUnicode=true&characterEncoding=utf8
 
-hibernate.connection.username         = root
+hibernate.connection.username         = grouper
 # If you are using an empty password, depending upon your version of
 # Java and Ant you may need to specify a password of "".
 # Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122
-hibernate.connection.password.elConfig = ${java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD') }
+# hibernate.connection.password.elConfig = ${java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD_FILE'), "utf-8") : java.lang.System.getenv().get('GROUPER_DATABASE_PASSWORD') }
+hibernate.connection.password         = password
+
diff --git a/Workbench/configs-and-secrets/grouper/application/grouper.properties b/Workbench/configs-and-secrets/grouper/application/grouper.properties
diff --git a/Workbench/configs-and-secrets/grouper/application/subject.properties b/Workbench/configs-and-secrets/grouper/application/subject.properties
diff --git a/Workbench/configs-and-secrets/grouper/httpd/shib.conf b/Workbench/configs-and-secrets/grouper/httpd/shib.conf
diff --git a/Workbench/docker-compose.yml b/Workbench/docker-compose.yml
@@ -246,7 +246,7 @@ services:
      - comanage_midpoint_data:/var/lib/postgresql/data
 
   data_init:
-    image: i2incommon/midpoint:4.5
+    image: i2incommon/midpoint:4.6
     command: >
         bash -c "
         chmod 777 /opt/mp-pw/ ;

diff --git a/Workbench/grouper_daemon/Dockerfile b/Workbench/grouper_daemon/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/grouper:2.6.16
+FROM i2incommon/grouper:2.6.19
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
 
diff --git a/Workbench/grouper_data/Dockerfile b/Workbench/grouper_data/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/grouper:2.6.16
+FROM i2incommon/grouper:2.6.19
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
 
@@ -10,6 +10,8 @@ RUN yum install -y epel-release \
 
 COPY container_files/conf/ /opt/grouper/grouperWebapp/WEB-INF/classes/
 COPY container_files/bootstrap/ /tmp/
+COPY container_files/mysql/createDBforMP.sql /
+COPY container_files/mysql/setupDBforMP.sql /
 
 RUN ln -s /usr/bin/resolveip /usr/libexec/resolveip
 
@@ -25,6 +27,8 @@ RUN mysql_install_db \
     && echo "mysqladmin --silent --wait=30 ping || exit 1" >> /tmp/config \
     && echo "mysql -e 'GRANT ALL PRIVILEGES ON *.* TO \"root\"@\"%\" WITH GRANT OPTION;'" >> /tmp/config \
     && echo "mysql -e 'CREATE DATABASE grouper CHARACTER SET utf8 COLLATE utf8_bin;'" >> /tmp/config \
+    && echo "mysql < /createDBforMP.sql" >> /tmp/config \
+    && echo "mysql -u grouper -p'password' grouper_to_midpoint < /setupDBforMP.sql" >> /tmp/config \
     && bash /tmp/config \
     && rm -f /tmp/config
 

diff --git a/Workbench/grouper_data/container_files/conf/grouper.hibernate.properties b/Workbench/grouper_data/container_files/conf/grouper.hibernate.properties
@@ -22,8 +22,10 @@
 # e.g. mssql:           jdbc:sqlserver://localhost:3280;databaseName=grouper
 hibernate.connection.url = jdbc:mysql://localhost:3306/grouper?CharSet=utf8&useUnicode=true&characterEncoding=utf8
 
-hibernate.connection.username         = root
+hibernate.connection.username         = grouper
 # If you are using an empty password, depending upon your version of
 # Java and Ant you may need to specify a password of "".
 # Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122
-hibernate.connection.password =
+hibernate.connection.password = password
+registry.auto.ddl.upToVersion = 2.6.*
+
diff --git a/Workbench/grouper_ui/Dockerfile b/Workbench/grouper_ui/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/grouper:2.6.16
+FROM i2incommon/grouper:2.6.19
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
 

diff --git a/Workbench/grouper_ws/Dockerfile b/Workbench/grouper_ws/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/grouper:2.6.16
+FROM i2incommon/grouper:2.6.19
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
 

diff --git a/Workbench/idp/Dockerfile b/Workbench/idp/Dockerfile
@@ -1,4 +1,4 @@
-FROM tier/shib-idp:latest
+FROM i2incommon/shib-idp:4.3.0_20230118
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
 

diff --git a/Workbench/idp_ui/Dockerfile b/Workbench/idp_ui/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/shib-idp-ui:1.13.3
+FROM i2incommon/shib-idp-ui:1.16.0
 
 ARG CSPHOSTNAME=localhost
 ENV CSPHOSTNAME=$CSPHOSTNAME

diff --git a/Workbench/idp_ui_api/Dockerfile b/Workbench/idp_ui_api/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/shib-idp-ui:1.13.3
+FROM i2incommon/shib-idp-ui:1.16.0
 
 ARG CSPHOSTNAME=localhost
 ENV CSPHOSTNAME=$CSPHOSTNAME

diff --git a/Workbench/midpoint_server/Dockerfile b/Workbench/midpoint_server/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/midpoint:4.5
+FROM i2incommon/midpoint:4.6
 
 ARG CSPHOSTNAME=localhost
 ENV CSPHOSTNAME=$CSPHOSTNAME

diff --git a/Workbench/webproxy/container_files/httpd/index.html b/Workbench/webproxy/container_files/httpd/index.html
@@ -9,11 +9,11 @@ <h3>Welcome to the InCommon TAP Workbench!</h3>
 The system contains the following TAP components (click the links to access each component in its own tab):
 
 <ul>
-<li><a href="https://__CSPHOSTNAME__/grouper" target="TAP-WB-GROUPER">Grouper (2.6.16)</a></li>
-<li><a href="https://__CSPHOSTNAME__/midpoint" target="TAP-WB-MIDPOINT">midPoint (4.5)</a></li>
+<li><a href="https://__CSPHOSTNAME__/grouper" target="TAP-WB-GROUPER">Grouper (2.6.19)</a></li>
+<li><a href="https://__CSPHOSTNAME__/midpoint" target="TAP-WB-MIDPOINT">midPoint (4.6)</a></li>
 <ul><li><a href="https://__CSPHOSTNAME__/midPoint-doc.html" target="TAP-WB-MIDPOINT-CONFIG">Technical doc on midPoint's configuration</a></li></ul>
-<li><a href="https://__CSPHOSTNAME__/registry" target="TAP-WB-COMANAGE">COmanage Registry (4.0.2)</a></li>
-<li><a href="https://__CSPHOSTNAME__/idpui/" target="TAP-WB-IDPUI">Shibboleth IdP UI (1.13.3)</a></li>
+<li><a href="https://__CSPHOSTNAME__/registry" target="TAP-WB-COMANAGE">COmanage Registry (4.1.0)</a></li>
+<li><a href="https://__CSPHOSTNAME__/idpui/" target="TAP-WB-IDPUI">Shibboleth IdP UI (1.16.0)</a></li>
 </ul>
 
 <br />
@@ -32,13 +32,13 @@ <h3>Welcome to the InCommon TAP Workbench!</h3>
 <br />
 Shibboleth SAML Identity Provider and Service Providers:
 <ul>
-<li><a href="https://__CSPHOSTNAME__/idp/status" target="TAP-WB-IDP">Shibboleth IdP (4.2.1) status</a></li>
+<li><a href="https://__CSPHOSTNAME__/idp/status" target="TAP-WB-IDP">Shibboleth IdP (4.3.0) status</a></li>
 <li>Shibboleth SPs:</li>
 <ul>
-  <li><a href="https://__CSPHOSTNAME__/grouperSSO/Shibboleth.sso/Status" target="TAP-WB-gSP">Grouper SP (3.2.3) status</a></li>
-  <li><a href="https://__CSPHOSTNAME__/MPSSO/Shibboleth.sso/Status" target="TAP-WB-mSP">midPoint SP (3.3.0) status</a></li>
-  <li><a href="https://__CSPHOSTNAME__/registrySSO/Shibboleth.sso/Status" target="TAP-WB-cSP">COmanage SP (3.3.0) status</a></li>
-  <li><a href="https://__CSPHOSTNAME__/wordpressSSO/Shibboleth.sso/Status" target="TAP-WB-wSP">Wordpress SP (3.3.0) status</a></li>
+  <li><a href="https://__CSPHOSTNAME__/grouperSSO/Shibboleth.sso/Status" target="TAP-WB-gSP">Grouper SP (3.4.1) status</a></li>
+  <li><a href="https://__CSPHOSTNAME__/MPSSO/Shibboleth.sso/Status" target="TAP-WB-mSP">midPoint SP (3.4.1) status</a></li>
+  <li><a href="https://__CSPHOSTNAME__/registrySSO/Shibboleth.sso/Status" target="TAP-WB-cSP">COmanage SP (3.4.1) status</a></li>
+  <li><a href="https://__CSPHOSTNAME__/wordpressSSO/Shibboleth.sso/Status" target="TAP-WB-wSP">Wordpress SP (3.4.1) status</a></li>
 </ul>
 </ul>
 <br /><br /><br />