Add an aggregator flow that flags up eduGAIN entities which have reco…

…vered from an error condition.
internet2 · Mar 6, 2014 · 851df1c · 851df1c
1 parent e6e259c
commit 851df1c
Show file tree

Hide file tree

Showing 4 changed files with 80 additions and 4 deletions.
diff --git a/build.xml b/build.xml
@@ -1051,14 +1051,17 @@
         
         Verify the eduGAIN production aggregate.
         
-        The intention is that this be called from Jenkins.
+        The intention is that these targets be called from Jenkins.
     -->
     <target name="flow.verifyEdugain.output">
         <CHANNEL.do verb="verify" channel="int_edugain"/>
     </target>
     <target name="flow.verifyEdugain.output.all">
         <CHANNEL.do verb="verify.all" channel="int_edugain"/>
     </target>
+    <target name="flow.verifyEdugain.output.recovered">
+        <CHANNEL.do verb="verify.recovered" channel="int_edugain"/>
+    </target>
 
 	<!--
 	    flow.importRaw.all

diff --git a/mdx/common-beans.xml b/mdx/common-beans.xml
@@ -223,6 +223,10 @@
     <bean id="EntityRegistrationAuthorityFilterStage" abstract="true" parent="stage_parent"
         class="net.shibboleth.metadata.dom.saml.EntityRegistrationAuthorityFilterStage"/>
 
+    <!-- *** Parent beans for Shibboleth MDA components. *** -->
+
+    <bean id="EntityFilterStage" abstract="true" parent="stage_parent"
+        class="net.shibboleth.metadata.dom.saml.EntityFilterStage"/>
 
     <!-- *** Parent beans for ukf-mda. *** -->
 

diff --git a/mdx/int_edugain/check_recovered.xsl b/mdx/int_edugain/check_recovered.xsl
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+	check_recovered.xsl
+	
+	Checking ruleset which labels every entity as having recovered from a previous
+	error condition.
+-->
+<xsl:stylesheet version="1.0"
+	xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+	xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+
+	<!--
+		Common support functions.
+	-->
+	<xsl:import href="../_rules/check_framework.xsl"/>
+
+	<xsl:template match="md:EntityDescriptor">
+		<xsl:call-template name="error">
+			<xsl:with-param name="m">entity has recovered from a previous error condition</xsl:with-param>
+		</xsl:call-template>
+	</xsl:template>
+
+</xsl:stylesheet>
diff --git a/mdx/int_edugain/verbs.xml b/mdx/int_edugain/verbs.xml
@@ -66,14 +66,21 @@
         </property>
     </bean>
 
+    <!--
+        verify
+        
+        Verifies that entities being imported from eduGAIN match our checks.
+        Intended to be run from Jenkins once a week. Errors on the verification
+        blacklist are ignored, so that we only need to deal with each entity
+        entering an error state once.
+    -->
     <bean id="verify" parent="SimplePipeline"
         p:id="verify">
         <property name="stages">
             <list>
                 <ref bean="int_edugain_productionEntities"/>
-                <bean id="removeBlacklistedEntities" parent="stage_parent"
-                    class="net.shibboleth.metadata.dom.saml.EntityFilterStage"
-                    p:id="us_incommon_pilot_filterEntities"
+                <bean id="removeBlacklistedEntities" parent="EntityFilterStage"
+                    p:id="removeBlacklistedEntities"
                     p:whitelistingEntities="false"
                     p:designatedEntities-ref="int_edugain_verify_blacklist"/>
 
@@ -83,6 +90,42 @@
         </property>
     </bean>
 
+    <!--
+        verify.recovered
+        
+        Looks for eduGAIN entities which *were* in an error state, as shown by
+        their inclusion in our verification blacklist, but have now recovered.
+    -->
+    <bean id="verify.recovered" parent="SimplePipeline"
+        p:id="verify.recovered">
+        <property name="stages">
+            <list>
+                <ref bean="int_edugain_productionEntities"/>
+
+                <!-- remove all entities which still have errors -->
+                <ref bean="standardImportActions"/>
+                <ref bean="errorRemover"/>
+
+                <!-- remove all entities *other* than the ones in the blacklist -->
+                <bean id="removeAllButBlacklistedEntities" parent="EntityFilterStage"
+                    p:id="removeAllButBlacklistedEntities"
+                    p:whitelistingEntities="true"
+                    p:designatedEntities-ref="int_edugain_verify_blacklist"/>
+
+                <!-- flag up any remaining entities -->
+                <bean id="check_recovered" parent="XSLValidationStage"
+                    p:id="check_recovered">
+                    <property name="XSLResource">
+                        <bean parent="FilesystemResource">
+                            <constructor-arg value="#{ systemProperties['basedir'] }/mdx/int_edugain/check_recovered.xsl"/>
+                        </bean>
+                    </property>
+                </bean>
+                <ref bean="errorTerminatingFilter"/>
+            </list>
+        </property>
+    </bean>
+
     <!--
         verify.all