Merge branch 'master' into 'master'

[faas#33] faas-registry updated.

See merge request !4

Dockerfile

@@ -9,25 +9,26 @@ RUN echo $FAAS_REGISTRY_NAME > /faas-docker-name
 RUN echo $FAAS_REGISTRY_VERSION > /faas-docker-version
 
 RUN apt-get -q update  && \
-    apt-get install -y  memcached apache2  composer git mc wget && \
-    apt-get install -y php-mysql php-curl php-memcached php-apcu php-cli php-bcmath php-xml libapache2-mod-php && \
+    apt-get install -y  memcached apache2 python3-pip composer git mc wget gearman-tools gearman && \
+    apt-get install -y php php-common php7.4-opcache php-gd php-curl php-intl php-mbstring php-xmlrpc php-mysql php-soap php-bcmath php-zip php-memcached php-apcu php-cli php-xml php-gearman libapache2-mod-php && \
     apt-get install -y mariadb-client && \
     apt-get -y autoremove && \
     apt-get -y clean
 
 RUN a2enmod rewrite
 
-RUN git clone https://github.com/Edugate/Jagger /opt/rr3 && cd /opt/rr3 && git checkout v1.8.0
+#RUN git clone https://github.com/Edugate/Jagger /opt/rr3 && cd /opt/rr3 && git checkout v1.8.0
+RUN git clone https://github.com/Edugate/Jagger /opt/rr3
 RUN git clone https://github.com/bcit-ci/CodeIgniter.git /opt/codeigniter && cd /opt/codeigniter && git checkout 3.1.11
 
 RUN cd /opt/rr3 && bash install.sh && \
     cd /opt/rr3/application/config && \
-    cp config_rr-default.php config_rr.php && \
-    cp email-default.php email.php && \
     cp memcached-default.php memcached.php
 
 COPY ./conf/etc/registry/application/config/config.php /opt/rr3/application/config/config.php
+COPY ./conf/etc/registry/application/config/config_rr.php /opt/rr3/application/config/config_rr.php
 COPY ./conf/etc/registry/application/config/database.php /opt/rr3/application/config/database.php
+COPY ./conf/etc/registry/application/config/email.php /opt/rr3/application/config/email.php
 COPY ./conf/etc/registry/application/composer.json /opt/rr3/application/composer.json
 
 RUN cp /opt/codeigniter/index.php /opt/rr3/index.php && \
@@ -36,6 +37,8 @@ RUN cp /opt/codeigniter/index.php /opt/rr3/index.php && \
     composer update && \
     composer install
 
+RUN cd /opt && wget -4 http://shibboleth.net/downloads/tools/xmlsectool/latest/xmlsectool-3.0.0-bin.zip && unzip xmlsectool-3.0.0-bin.zip && ln -s xmlsectool-3.0.0 xmlsectool
+
 EXPOSE 80
 
 RUN mkdir -p /docker-entrypoint-initdb.d /var/log/rr3
@@ -44,6 +47,7 @@ RUN chmod 777 /var/log/rr3 /opt/rr3/application/models/Proxies
 COPY ./conf/sql/01-init-registry.sql.template /docker-entrypoint-initdb.d
 
 COPY ./conf/etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available
+COPY ./conf/etc/supervisord.conf /etc/supervisord.conf
 COPY ./conf/etc/entrypoint /etc/entrypoint
 
 ENTRYPOINT ["/etc/entrypoint"]
\ No newline at end of file

conf/credentials/faas-registry-default.cnf

 MYSQL_ROOT_PASSWORD=changeme
 FAAS_REGISTRY_DB_PASSWORD=changeme
+FAAS_REGISTRY_RR_SYNCPASS=changeme
+FAAS_REGISTRY_RR_MAIL_PASS=
\ No newline at end of file

conf/etc/apache2/sites-available/000-default.conf

@@ -28,6 +28,12 @@
             Require all granted
         </Directory>
 
+        <Location /auth/fedauth>
+            AuthType shibboleth
+            ShibRequestSetting requireSession 1
+            require valid-user
+        </Location>
+
         # For most configuration files from conf-available/, which are
         # enabled or disabled at a global level, it is possible to
         # include a line for only one particular virtual host. For example the

conf/etc/entrypoint

@@ -8,8 +8,13 @@ sed -E -i -e 's/memory_limit = 128M/memory_limit = 256M/' /etc/php/7.4/apache2/p
 
 #sed -i 's#$config\[\x27base_url\x27\]\s=\s\x27\x27#$config\[\x27base_url\x27\] = \x27'${FAAS_REGISTRY_BASE_URL}'\x27#g' /opt/rr3/application/config/config.php
 
-
 sed -i 's#__FAAS_REGISTRY_BASE_URL__#'${FAAS_REGISTRY_BASE_URL}'#g' /opt/rr3/application/config/config.php
+sed -i 's#__FAAS_REGISTRY_COOKIE_SECURE__#'${FAAS_REGISTRY_COOKIE_SECURE}'#g' /opt/rr3/application/config/config.php
+
+sed -i 's#__FAAS_REGISTRY_RR_SYNCPASS__#'${FAAS_REGISTRY_RR_SYNCPASS}'#g' /opt/rr3/application/config/config_rr.php
+sed -i 's#__FAAS_REGISTRY_RR_SETUP_ALLOWED__#'${FAAS_REGISTRY_RR_SETUP_ALLOWED}'#g' /opt/rr3/application/config/config_rr.php
+sed -i 's#__FAAS_REGISTRY_RR_SUPPORT_MAILTO__#'${FAAS_REGISTRY_RR_SUPPORT_MAILTO}'#g' /opt/rr3/application/config/config_rr.php
+
 
 sed -i 's#__FAAS_REGISTRY_DB_HOSTNAME__#'${FAAS_REGISTRY_DB_HOSTNAME}'#g' /opt/rr3/application/config/database.php
 sed -i 's#__FAAS_REGISTRY_DB_USERNAME__#'${FAAS_REGISTRY_DB_USERNAME}'#g' /opt/rr3/application/config/database.php
@@ -18,6 +23,14 @@ sed -i 's#__FAAS_REGISTRY_DB_PASSWORD__#'${FAAS_REGISTRY_DB_PASSWORD}'#g' /opt/r
 sed -i 's#__FAAS_REGISTRY_DB_PORT__#'${FAAS_REGISTRY_DB_PORT}'#g' /opt/rr3/application/config/database.php
 
 
+sed -i 's#__FAAS_REGISTRY_RR_SMTP_HOST__#'${FAAS_REGISTRY_RR_SMTP_HOST}'#g' /opt/rr3/application/config/email.php
+sed -i 's#__FAAS_REGISTRY_RR_SMTP_PORT__#'${FAAS_REGISTRY_RR_SMTP_PORT}'#g' /opt/rr3/application/config/email.php
+sed -i 's#__FAAS_REGISTRY_RR_MAIL_USER__#'${FAAS_REGISTRY_RR_MAIL_USER}'#g' /opt/rr3/application/config/email.php
+sed -i 's#__FAAS_REGISTRY_RR_MAIL_PASS__#'${FAAS_REGISTRY_RR_MAIL_PASS}'#g' /opt/rr3/application/config/email.php
+sed -i 's#__FAAS_REGISTRY_RR_MAIL_FROM__#'${FAAS_REGISTRY_RR_MAIL_FROM}'#g' /opt/rr3/application/config/email.php
+
+
+
 sed -i 's#__FAAS_REGISTRY_DB_USERNAME__#'${FAAS_REGISTRY_DB_USERNAME}'#g' /docker-entrypoint-initdb.d/01-init-registry.sql.template
 sed -i 's#__FAAS_REGISTRY_DB_NAME__#'${FAAS_REGISTRY_DB_NAME}'#g' /docker-entrypoint-initdb.d/01-init-registry.sql.template
 sed -i 's#__FAAS_REGISTRY_DB_PASSWORD__#'${FAAS_REGISTRY_DB_PASSWORD}'#g' /docker-entrypoint-initdb.d/01-init-registry.sql.template
@@ -28,6 +41,8 @@ mysql -h ${FAAS_REGISTRY_DB_HOSTNAME} -uroot -p${MYSQL_ROOT_PASSWORD} < /docker-
 
 cd /opt/rr3/application
 ./doctrine orm:schema-tool:create
+./doctrine orm:schema-tool:update --force
 ./doctrine orm:generate-proxies
 
+
 exec supervisord -c /etc/supervisord.conf

conf/etc/registry/application/composer.json

@@ -3,7 +3,8 @@
     "description": "Federation(s) (SAML)  management",
     "license": "MIT",
     "require": {
-        "doctrine/orm": "2.5.*",
+        "symfony/console": "*",
+        "doctrine/orm": "*",
         "zendframework/zend-permissions-acl": "^2.6",
         "mtdowling/cron-expression": "1.1.*",
         "phpseclib/phpseclib": "2.0.*",

conf/etc/registry/application/config/config.php

@@ -273,7 +273,7 @@ $config['sess_time_to_update']	= 300;
 $config['cookie_prefix']	= "";
 $config['cookie_domain']	= "";
 $config['cookie_path']		= "/";
-$config['cookie_secure']	= TRUE;
+$config['cookie_secure']	= __FAAS_REGISTRY_COOKIE_SECURE__;
 $config['cookie_httponly']      = TRUE;
 
 /*

conf/etc/registry/application/config/config_rr.php

+<?php
+
+if (!defined('BASEPATH'))
+    exit('No direct script access allowed');
+
+
+$config['rr_setup_allowed'] = __FAAS_REGISTRY_RR_SETUP_ALLOWED__;
+$config['site_logo'] = 'logo-default.png';
+$config['syncpass'] = ' __FAAS_REGISTRY_RR_SYNCPASS__';
+$config['support_mailto'] = '__FAAS_REGISTRY_RR_SUPPORT_MAILTO__';
+
+/**
+ * Federation Registration
+**/
+$config['fedname_min_length'] = 5;
+
+
+/**
+ * if TRUE feadmin may remove member from his fed without approve queue
+ * don't change to FALSE as it's not finished yet
+ */
+$config['rr_rm_member_from_fed'] = TRUE;
+
+/**
+ * Logos
+ * if rr_logobaseurl   - (with slash on the end) is null then codeigniter baseurl is used
+ *    rr_logouriprefix - uri with slash on the end ex. 'app/uploaded/'
+ * url od logo is $rr_baseurl.$rr_logouriprefix/$logo_file
+ */
+$config['rr_logobaseurl'] = null;
+$config['rr_logouriprefix'] = 'logos/';
+/**
+ * Logos upload
+ */
+$config['rr_logoupload'] = false;
+/**
+ * rr_logoupload_relpath must be under your installation path
+ */
+$config['rr_logoupload_relpath'] = 'logos/';
+
+$config['rr_logo_maxwidth'] = 300;
+$config['rr_logo_maxheight'] = 300;
+$config['rr_logo_types'] = 'png';
+$config['rr_logo_maxsize'] = 2000;
+
+
+
+/**
+ * optional path for nonpublic data used for reports, stats
+ * if enabled pls create reports and stats directories inside specified below path with apache write access
+ */
+// $config['datastorage_path'] = '/opt/rr3data';
+
+
+
+/**
+ * autoregister_federated: if true then user authenticated with shibboleth is created in db 
+ */
+$config['autoregister_federated'] = false;
+/**
+ * set default Role for autoregistered user: Guest or Member
+ * Guest has lowest level of permission, he can access only some pages
+ * Member has read access to most pages
+ */
+$config['register_defaultrole'] = 'Guest';
+/**
+ * Defines the minimum allowed length of a username
+ */
+$config['username_min_length'] = 5;
+/** 
+ * make sure that all Shib_required are mapped
+ * 
+ */
+$config['Shib_required'] = array('Shib_mail','Shib_username');
+$config['Shib_username'] = 'eppn';
+$config['Shib_mail'] = 'mail';
+$config['Shib_groups'] = 'isMemberOf';
+/**
+ * optional firstname and surname
+ */
+$config['Shib_fname'] = 'givenName';
+$config['Shib_sname'] = 'sn';
+/**
+ * shibb_updatefullname - if TRUE then every time when user is logging in and shib receives fname and sname then user records is updated
+ */
+$config['shibb_updatefullname'] = TRUE;
+
+$config['Shibboleth']['loginapp_uri'] = 'auth/fedauth';
+$config['Shibboleth']['logout_uri'] = '/Shibboleth.sso/Logout';
+$config['Shibboleth']['enabled'] = TRUE;
+
+/**
+ * to enable simplesamlphp support 
+ * notice: remember both jagger and simplesamlphp must have the same name for cookie session 
+ */
+/**
+
+$config['simplesamlphp'] = array(
+      'enabled'=>true,
+      'location'=>'/opt/www-sites/simplesamlphp-1.11.0/www/_include.php',
+      'authsourceid'=>'default-sp',
+      'attributes'=> array('username'=>'eduPersonPrincipalName','mail'=>'mail'),
+);
+*/
+$config['nameids'] = array(
+	'urn:mace:shibboleth:1.0:nameIdentifier' => 'urn:mace:shibboleth:1.0:nameIdentifier',
+        'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
+	'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'=>'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
+	'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
+	'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
+		);
+
+$config['metadata_validuntil_days'] = '7';
+
+
+$config['policy_dropdown'] = array('0' => 'never', '1' => 'permit only if required', '2' => 'permit if required or desired');
+
+/**
+ * default registrationAuthority for example http://www.heanet.ie
+ */
+$config['registrationAutority'] = null;
+/**
+ * (boolean) load default registrationAuthority to localy managed entities if not  set. It will be visible in generated metadata 
+ */
+$config['load_registrationAutority'] = false;
+
+/**
+ * caching in seconds
+ */
+
+$config['arp_cache_time'] = 1200;
+$config['metadata_cache_time'] = 120;
+
+/**
+ * map defaul center
+ */
+$config['geocenterpoint']  = array('-6.247856140071235','53.34961629053703');
+
+/**
+ * acls
+ */
+
+
+/**
+ * styles
+ */
+/**
+ * translator access
+ * example: $config['translator_access']['pl'] = 'USERNAME_WITH_ACCESS';
+ */
+
+
+$config['curl_timeout'] = 90;
+/**
+ * optional -example if you want to limit list of langs in dropdown list in edit forms
+ */
+//$config['langselectlimit'] = array('en','pl');
+
+/**
+ * optional what lang should be selected by default 
+ */
+//$config['langselectdefault'] = 'pl';
+
+
+
+
+$config['translator_access']['pl'] = null;
+$config['translator_access']['pt'] = null;
+$config['translator_access']['it'] = null;
+
+
+/**
+ * datastorage_path
+ * it is used for generated stats/report files. it must be outsite application
+ * value must end with forward slash
+ * inside this location you need to create folders : stats , reports 
+
+ */
+/**
+ * $config['datastorage_path'] = '/opt/rr3data/'
+ */
+
+
+$config['mq'] = 'rabbitmq';
+
+
+/**
+ * gearman
+ */
+$config['gearman'] = FALSE;
+$config['gearmanconf']['jobserver'] = array(array('ip'=>'127.0.0.1','port'=>'4730'));
+$config['statistics'] = FALSE;
+
+
+/**
+ * rabbitmq
+ */
+
+$config['rabbitmq'] = array(
+    'enabled' => true,
+    'vhost' => '/',
+    'host'=>'127.0.0.1',
+    'port'=> 5672,
+    'user'=>'guest',
+    'password'=>'guest'
+);
+
+
+
+/**
+ * enable statistics collection gearman also has to be enabled
+ */
+$config['statistics'] = FALSE;
+
+
+$config['disable_extcirclemeta'] = TRUE;
+
+
+$config['fedmetadataidprefix'] = 'prefix-';
+$config['fedexportmetadataidprefix'] = 'prefixexport-';
+$config['circlemetadataidprefix'] = 'prefixcircle-';
+
+//  optional
+//$config['colortheme'] = 'orange';
+
+
+/**
+ *  you may create own gearman worker for collecting stats which can be called if below is enabled.
+ *  below few examples.
+ */
+//$config['predefinedstats']['raptor1'] = array('worker'=>'heanetraptor','desc'=>'predefined stat defitnition');
+//$config['predefinedstats']['thisiskey'] = array('worker'=>'otherwokername','desc'=>'predefined stat defitnition 2');
+
+/**
+ * disable generating circle metadata for providers who are not managed locally
+ */
+$config['disable_extcirclemeta'] = TRUE;
+
+
+/**
+ * optional add prefix to ID in EntitiesDescriptor
+ */
+//$config['fedmetadataidprefix'] = 'edugate-';
+//$config['fedexportmetadataidprefix'] = 'edugateexport-';
+//$config['circlemetadataidprefix'] = 'edugatecircle-';
+
+// set if you want to disable change entityid and/or scope for no Admins
+$config['entpartschangesdisallowed'] = array('entityid','scope');
+
+$config['featenable']['tasks'] = TRUE;
+

conf/etc/registry/application/config/email.php

+<?php
+
+if (!defined('BASEPATH'))
+    exit('No direct script access allowed');
+
+
+$config['protocol'] = 'smtp';
+$config['smtp_host'] = "__FAAS_REGISTRY_RR_SMTP_HOST__";
+$config['smtp_port'] = __FAAS_REGISTRY_RR_SMTP_PORT__;
+$config['charset'] = 'utf-8';
+$config['crlf'] = "\r\n";
+$config['newline'] = "\r\n";
+$config['wordwrap'] = TRUE;
+$config['useragent']='ResourceRegistr3';
+$config['smtp_user'] = '__FAAS_REGISTRY_RR_MAIL_USER__';
+$config['smtp_pass'] = '__FAAS_REGISTRY_RR_MAIL_PASS__';
+$config['smtp_crypto'] = '';
+
+
+/**
+ * default 
+ */
+$config['mail_sending_active'] = TRUE;
+$config['notify_if_provider_rm_from_fed'] = TRUE;
+$config['notify_if_queue_rejected'] = TRUE;
+$config['notify_admins_if_queue_accepted'] = TRUE;
+$config['notify_requester_if_queue_accepted'] = TRUE;
+$config['mail_from'] = '__FAAS_REGISTRY_RR_MAIL_FROM__';
+$config['fake_mail_from'] = 'FAKEMAIL';
+$config['reply_to'] = '';
+$config['mail_subject_suffix'] = '';
+$config['mail_header'] = "Dear technical contact person\r\n";
+
+
+/** 
+ * overwrite builtin messages and localized
+ */
+
+/**
+ * $config['defaultmail']['joinfed'] 
+ * overwrites builtin mailbody of message sent to Adminisrtators
+ * about provider request to join federation. You need to keep %s in proper order as they will be replaced with values of:
+ * providername,entityid,federationname,url,additionalmessage
+ */
+$config['defaultmail']['joinfed'] = "Hi,\r\nJust few moments ago Administator of Provider %s (%s) \r\n
+sent request to Administrators of Federation: %s \r\n
+to access  him as new federation member.\r\n
+To accept or reject this request please go to Resource Registry\r\n %s \r\n
+\r\n\r\n======= additional message attached by requestor ===========\r\n
+%s \r\n=============================================================\r\n
+";
+
+/**
+ * $config['localizedmail']['joinfed'] 
+ * creates localized mailbody of message sent to Adminisrtators
+ * about provider request to join federation. You need to keep %s in proper order as they will be replaced with values of:
+ * providername,entityid,federationname,url,additionalmessage
+ */
+$config['localizedmail']['joinfed'] = NULL;
+
+/**
+ *  if you set $config['localizedmail']['joinfed'] then mail will contain text from $config['localizedmail']['joinfed'] first 
+ *  and then built-in/$config['defaultmail']['joinfed'] on the bottom. ex. in you local language and english
+ *  if you want to use only you local language then set $config['defaultmail']['joinfed'] but not $config['localizedmail']['joinfed']
+ */
+
+
+
+

conf/etc/supervisord.conf

+[supervisord]
+user            = root
+nodaemon        = true
+logfile         = /dev/null
+logfile_maxbytes= 0
+
+[program:rsyslog]
+command         = rsyslogd -n
+autostart       = true
+autorestart     = true
+startsecs       = 2
+stopwaitsecs    = 2
+stdout_logfile  = /dev/stdout
+stderr_logfile  = /dev/stderr
+stdout_logfile_maxbytes = 0
+stderr_logfile_maxbytes = 0
+priority        = 1
+
+[program:apache2]
+command         = /etc/init.d/apache2 start
+autostart       = true
+autorestart     = false
+directory       = /var
+startsecs       = 0
+priority        = 2
+
+[program:shibd]
+command         = /etc/init.d/shibd start
+autostart       = true
+autorestart     = false
+directory       = /var
+startsecs       = 0
+priority        = 3
+
+[program:JaggerMailer]
+; http://jagger.heanet.ie/jaggerdocadmin/notifications.html#setup-jaggermailer
+command=/usr/bin/php /opt/rr3/index.php gworkers mailqueuesender
+autostart=true
+autorestart=true
+logfile=/var/log/rr3/jaggermailer.log
+priority        = 4

conf/faas-registry.cnf

@@ -3,9 +3,17 @@ FAAS_REGISTRY_NAME=faas-registry
 FAAS_REGISTRY_VERSION=1.0-SNAPSHOT
 
 FAAS_REGISTRY_PORT=9080
+
 FAAS_REGISTRY_BASE_URL=http://localhost:9080/rr3/
+FAAS_REGISTRY_COOKIE_SECURE=FALSE
 FAAS_REGISTRY_TIMEZONE=Europe/Warsaw
 
+FAAS_REGISTRY_RR_SETUP_ALLOWED=TRUE
+FAAS_REGISTRY_RR_SUPPORT_MAILTO=janny@man.poznan.pl
+
 FAAS_REGISTRY_DB_HOSTNAME=faas_db
 FAAS_REGISTRY_DB_USERNAME=rr3_user
 FAAS_REGISTRY_DB_NAME=rr3_db
+
+FAAS_REGISTRY_RR_MAIL_USER=postfix
+FAAS_REGISTRY_RR_MAIL_FROM=janny@man.poznan.pl
\ No newline at end of file

docker-compose.yml

@@ -33,6 +33,10 @@ services:
          restart: always
          environment:
             FAAS_REGISTRY_BASE_URL: ${FAAS_REGISTRY_BASE_URL}
+            FAAS_REGISTRY_COOKIE_SECURE: ${FAAS_REGISTRY_COOKIE_SECURE}
+            FAAS_REGISTRY_RR_SYNCPASS: ${FAAS_REGISTRY_RR_SYNCPASS}
+            FAAS_REGISTRY_RR_SETUP_ALLOWED: ${FAAS_REGISTRY_RR_SETUP_ALLOWED}
+            FAAS_REGISTRY_RR_SUPPORT_MAILTO: ${FAAS_REGISTRY_RR_SUPPORT_MAILTO}
             FAAS_REGISTRY_TIMEZONE: ${FAAS_REGISTRY_TIMEZONE}
             FAAS_REGISTRY_DB_HOSTNAME: ${FAAS_REGISTRY_DB_HOSTNAME}
             FAAS_REGISTRY_DB_USERNAME: ${FAAS_REGISTRY_DB_USERNAME}
@@ -40,3 +44,8 @@ services:
             FAAS_REGISTRY_DB_NAME: ${FAAS_REGISTRY_DB_NAME}
             FAAS_REGISTRY_DB_PASSWORD: ${FAAS_REGISTRY_DB_PASSWORD}
             MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
+            FAAS_REGISTRY_RR_SMTP_HOST: faas_smtp
+            FAAS_REGISTRY_RR_SMTP_PORT: 25
+            FAAS_REGISTRY_RR_MAIL_USER: ${FAAS_REGISTRY_RR_MAIL_USER}
+            FAAS_REGISTRY_RR_MAIL_PASS: ${FAAS_REGISTRY_RR_MAIL_PASS}
+            FAAS_REGISTRY_RR_MAIL_FROM: ${FAAS_REGISTRY_RR_MAIL_FROM}
\ No newline at end of file