Merge pull request #101 from ericvaandering/cern_shib2

Cern shib2
ericvaandering · Dec 29, 2020 · 4e5b406 · 4e5b406
2 parents 1c2c482 + 65435c8
commit 4e5b406
Show file tree

Hide file tree

Showing 7 changed files with 191 additions and 11 deletions.
diff --git a/DocDB/cgi/DocDBVersion.pm b/DocDB/cgi/DocDBVersion.pm
@@ -21,6 +21,6 @@
 #    along with DocDB; if not, write to the Free Software
 #    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 
-$DocDBVersion = "8.8.10b1";
+$DocDBVersion = "8.8.11";
 
 1;
diff --git a/DocDB/cgi/ShibbolethUtilities.pm b/DocDB/cgi/ShibbolethUtilities.pm
@@ -42,8 +42,8 @@ sub FetchSecurityGroupsForShib (%) {
 
   # Otherwise map shibboleth groups to DocDB groups
 
-  push @DebugStack,"Setting DocDB groups from shibboleth groups";
-  my @ShibGroups = split /;/,$ENV{ADFS_GROUP};
+  push @DebugStack,"Setting DocDB groups from shibboleth groups ".$ENV{CERN_ROLES};
+  my @ShibGroups = split /;/,$ENV{CERN_ROLES};
 
   foreach my $ShibGroup (@ShibGroups) {
     if ($ShibGroupMap{$ShibGroup}) {
@@ -59,7 +59,7 @@ sub FetchSecurityGroupsForShib (%) {
 }
 
 sub FetchEmailUserIDForShib () {
-  my $ShibName = $ENV{ADFS_LOGIN};
+  my $ShibName = $ENV{CERN_LOGIN};
   push @DebugStack,"Finding EmailUserID by shibboleth name $ShibName";
 
   my $EmailUserSelect = $dbh->prepare("select EmailUserID from EmailUser ".
@@ -103,10 +103,10 @@ sub GetUserInfoShib() {
   my $EmailAddress = "Unknown";
   my $Name = "Unknown";
 
-  if (exists $ENV{'ADFS_LOGIN'}) {
-    $Name = $ENV{ADFS_FULLNAME};
-    $EmailAddress = $ENV{ADFS_EMAIL};
-    $Username = $ENV{ADFS_LOGIN};
+  if (exists $ENV{'CERN_LOGIN'}) {
+    $Name = $ENV{CERN_FULLNAME};
+    $EmailAddress = $ENV{CERN_EMAIL};
+    $Username = $ENV{CERN_LOGIN};
   }
 
   push @DebugStack, "GetUserInfoShib returning $Username, $Username, $EmailAddress, $Name";

diff --git a/DocDB/scripts/CheckModules b/DocDB/scripts/CheckModules
@@ -30,16 +30,14 @@ my @Modules = (
                "CGI::Untaint",
                "Cwd",
                "DateTime",
-               "Digest::SHA",
+               "Digest::SHA1",
                "DBI",
                "File::Find",
                "File::MimeInfo",
                "Getopt::Std",
                "Mail::Send",
                "Mail::Mailer",
                "Time::Local",
-               "XML::Grove::AsCanonXML",
-               "XML::Grove::AsString",
                "XML::Parser::PerlSAX",
                "XML::PatAct::MatchName",
                "XML::PatAct::ToObjects",

diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -0,0 +1,35 @@
+FROM cern/cc7-base:latest
+
+RUN yum upgrade -y && \
+    yum clean all && \
+    rm -rf /var/cache/yum
+
+RUN yum install -y httpd mod_ssl \
+                   sudo git \
+                   perl perl-CPAN perl-CGI perl-DBI perl-DBD-MySQL perl-DateTime perl-File-MimeInfo \
+                   perl-MailTools perl-XML-Twig perl-libxml-perl perl-DateTime-Format-ICal perl-libwww-perl \
+                   perl-Data-ICal python-pip perl-Digest-SHA1 \
+                   sendmail sendmail-cf \
+                   && yum clean all \
+                   && rm -rf /var/cache/yum
+
+# Jobber is a lightweight cron replacement written in Go
+RUN rpm -i https://github.com/dshearer/jobber/releases/download/v1.4.4/jobber-1.4.4-1.el8.x86_64.rpm
+
+# j2cli is used for templating config files which will be useful for passing environment variables
+RUN pip install --no-cache-dir --upgrade pip
+RUN pip install --no-cache-dir --upgrade setuptools
+RUN pip install --no-cache-dir j2cli
+
+# This file was generated by running CPAN once in "manual" not "local::lib" mode
+ADD MyConfig.pm /root/.cpan/CPAN/MyConfig.pm
+RUN sudo cpan -i CGI::Untaint
+
+# Get DocDB software and install it
+RUN git clone https://github.com/ericvaandering/DocDB.git
+RUN mkdir -p /var/www/cgi-bin/DocDB && cp DocDB/DocDB/cgi/* /var/www/cgi-bin/DocDB
+RUN mkdir -p /var/www/html/DocDB/Static/ && cp -R /DocDB/DocDB/html/css/ /DocDB/DocDB/html/js/ /DocDB/DocDB/html/img/ /var/www/html/DocDB/Static/
+
+ADD docker-entrypoint.sh /
+ADD dot-jobber.yaml /root/.jobber
+ENTRYPOINT ["/docker-entrypoint.sh"]
diff --git a/docker/MyConfig.pm b/docker/MyConfig.pm
@@ -0,0 +1,67 @@
+$CPAN::Config = {
+  'applypatch' => q[],
+  'auto_commit' => q[0],
+  'build_cache' => q[100],
+  'build_dir' => q[/root/.cpan/build],
+  'build_dir_reuse' => q[0],
+  'build_requires_install_policy' => q[yes],
+  'bzip2' => q[],
+  'cache_metadata' => q[1],
+  'check_sigs' => q[0],
+  'colorize_output' => q[0],
+  'commandnumber_in_prompt' => q[1],
+  'connect_to_internet_ok' => q[1],
+  'cpan_home' => q[/root/.cpan],
+  'curl' => q[/usr/bin/curl],
+  'ftp_passive' => q[1],
+  'ftp_proxy' => q[],
+  'getcwd' => q[cwd],
+  'gpg' => q[/usr/bin/gpg],
+  'gzip' => q[/usr/bin/gzip],
+  'halt_on_failure' => q[0],
+  'histfile' => q[/root/.cpan/histfile],
+  'histsize' => q[100],
+  'http_proxy' => q[],
+  'inactivity_timeout' => q[0],
+  'index_expire' => q[1],
+  'inhibit_startup_message' => q[0],
+  'keep_source_where' => q[/root/.cpan/sources],
+  'load_module_verbosity' => q[none],
+  'make' => q[/usr/bin/make],
+  'make_arg' => q[],
+  'make_install_arg' => q[],
+  'make_install_make_command' => q[/usr/bin/make],
+  'makepl_arg' => q[],
+  'mbuild_arg' => q[],
+  'mbuild_install_arg' => q[],
+  'mbuild_install_build_command' => q[./Build],
+  'mbuildpl_arg' => q[],
+  'no_proxy' => q[],
+  'pager' => q[/usr/bin/less],
+  'patch' => q[],
+  'perl5lib_verbosity' => q[none],
+  'prefer_external_tar' => q[1],
+  'prefer_installer' => q[MB],
+  'prefs_dir' => q[/root/.cpan/prefs],
+  'prerequisites_policy' => q[follow],
+  'scan_cache' => q[atstart],
+  'shell' => undef,
+  'show_unparsable_versions' => q[0],
+  'show_upload_date' => q[0],
+  'show_zero_versions' => q[0],
+  'tar' => q[/usr/bin/tar],
+  'tar_verbosity' => q[none],
+  'term_is_latin' => q[1],
+  'term_ornaments' => q[1],
+  'test_report' => q[0],
+  'trust_test_report_history' => q[0],
+  'unzip' => q[],
+  'urllist' => [q[http://ftp.halifax.rwth-aachen.de/cpan/], q[http://mirror.koddos.net/CPAN/], q[http://tux.rainside.sk/CPAN/]],
+  'use_sqlite' => q[0],
+  'version_timeout' => q[15],
+  'wget' => q[],
+  'yaml_load_code' => q[0],
+  'yaml_module' => q[YAML],
+};
+1;
+__END__
diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh
@@ -0,0 +1,13 @@
+#! /bin/bash
+
+cp /etc/grid-security/tls.crt /etc/pki/tls/certs/localhost.crt
+cp /etc/grid-security/tls.key /etc/pki/tls/private/localhost.key
+
+echo "Starting jobber"
+/usr/local/libexec/jobbermaster &
+
+echo "Starting sendmail"
+sendmail -bd
+
+echo "Starting apache"
+httpd -D FOREGROUND
diff --git a/docker/dot-jobber.yaml b/docker/dot-jobber.yaml
@@ -0,0 +1,67 @@
+## This is your jobfile: use it to tell Jobber what jobs you want it to
+## run on your behalf.  For details of what you can specify here,
+## please see https://dshearer.github.io/jobber/doc/.
+##
+## It consists of two sections: "prefs" and "jobs".  In "prefs" you can
+## set various general settings.  In "jobs", you define your jobs.
+
+version: 1.4
+
+prefs:
+  ## You can have the Jobber daemon keep a log of various activities
+  ## with the "logPath" setting; the log will be written to the given
+  ## path (if the path is relative, it will be interpreted relative to
+  ## your home directory).  Your user account must be able to write to
+  ## the given path.  NOTE: This is NOT where logs about job runs
+  ## are stored --- for that, see the "runLog" setting below.  WARNING:
+  ## Jobber will NOT rotate this file.
+  #logPath: jobber-log
+
+  ## You can specify how info about past runs is stored.  For
+  ## "type: memory" (the default), they are stored in memory and
+  ## are lost when the Jobber service stops.
+  #runLog:
+  #    type: memory
+  #    maxLen: 100  # the max number of entries to remember
+
+  ## For "type: file", past run logs are stored on disk.  The log file is
+  ## rotated when it reaches a size of 'maxFileLen' MB.  Up to
+  ## 'maxHistories' historical run logs (that is, not including the
+  ## current one) are kept.
+  #runLog:
+  #    type: file
+  #    path: /tmp/claudius
+  #    maxFileLen: 50m  # in MB
+  #    maxHistories: 5
+
+resultSinks:
+  #- &programSink
+  #  type: program
+  #  path: /home/handleError.sh
+
+  #- &systemEmailSink
+  #  type: system-email
+
+  #- &filesystemSink
+  #  type: filesystem
+  #  path: /path/to/dir
+  #  data: [stdout, stderr]
+  #  maxAgeDays: 10
+
+jobs:
+  ## This section must contain a YAML sequence of maps like the following:
+  #DailyBackup:
+  #    cmd: backup daily  # shell command to execute
+  #    time: '* * * * * *'  # SEC MIN HOUR MONTH_DAY MONTH WEEK_DAY.
+  #    onError: Continue  # what to do when the job has an error: Stop, Backoff, or Continue
+  #    notifyOnError: [*programSink]  # what to do with result when job has an error
+  #    notifyOnFailure: [*systemEmailSink, *programSink]  # what to do with result when the job stops due to errors
+  #    notifyOnSuccess: [*filesystemSink]  # what to do with result when the job succeeds
+  Daily:
+    cmd: cd /DocDB/DocDB/scripts; ./DocDBDaily.csh  > /dev/null
+    time: R 0 * * * *
+    onError: Continue
+  Weekly:
+    cmd: cd /DocDB/DocDB/scripts; ./DocDBWeekly.csh > /dev/null
+    time: R 0 * * * 0
+    onError: Continue