From 98946fc36faed6acb5500ccb84f24029c0594769 Mon Sep 17 00:00:00 2001 From: Benn Oshrin Date: Fri, 4 Aug 2023 13:54:14 -0400 Subject: [PATCH 01/34] Additional commit for CO-2662 --- app/AvailablePlugin/SqlSource/Model/SqlSourceBackend.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/AvailablePlugin/SqlSource/Model/SqlSourceBackend.php b/app/AvailablePlugin/SqlSource/Model/SqlSourceBackend.php index 4b63d658a..7ba83cf01 100644 --- a/app/AvailablePlugin/SqlSource/Model/SqlSourceBackend.php +++ b/app/AvailablePlugin/SqlSource/Model/SqlSourceBackend.php @@ -226,7 +226,7 @@ protected function getChangeListFromArchive() { } // We perform an array_unique here once rather than after each merge - return !empty($changedSorids) ? array_unique($changedSorids) : false; + return !empty($changedSorids) ? array_unique($changedSorids) : array(); } /** From deca50ec8bd4b442249e58a3b07eefe1d96b330f Mon Sep 17 00:00:00 2001 From: Benn Oshrin Date: Fri, 4 Aug 2023 15:32:47 -0400 Subject: [PATCH 02/34] Additional commit for CO-2662 --- app/AvailablePlugin/SqlSource/Model/SqlSourceBackend.php | 8 ++++++++ app/Model/OrgIdentitySource.php | 5 +++++ 2 files changed, 13 insertions(+) diff --git a/app/AvailablePlugin/SqlSource/Model/SqlSourceBackend.php b/app/AvailablePlugin/SqlSource/Model/SqlSourceBackend.php index 7ba83cf01..e141efef7 100644 --- a/app/AvailablePlugin/SqlSource/Model/SqlSourceBackend.php +++ b/app/AvailablePlugin/SqlSource/Model/SqlSourceBackend.php @@ -204,6 +204,14 @@ protected function getChangeListFromArchive() { // and in Full Mode OrgIdentitySource::syncOrgIdentitySource will separately // calculate the list of new IDs. Note order is important, if $archiveTableName // and $sourceTableName are swapped, the query will generate INSERTs but not DELETEs. + + // Note that because we can't return new rows here bootstrapping an existing + // instannce gets a bit complicated. Basically we won't be able to detect any + // changes until the archive tables are populated, and we need an external event + // to make that happen. In FULL mode, a new record will trigger a call to updateCache(), + // but that might happen after several updates get ignored. In UPDATE mode + // new records won't get processed so we never have the cache updated. The + // solution (for now) is for the deployer to prepopulate the tables. $diffQuery = "SELECT * FROM " . $archiveTableName . " EXCEPT SELECT * FROM " . $sourceTableName; diff --git a/app/Model/OrgIdentitySource.php b/app/Model/OrgIdentitySource.php index 77cb10724..91dbebb6d 100644 --- a/app/Model/OrgIdentitySource.php +++ b/app/Model/OrgIdentitySource.php @@ -1673,6 +1673,11 @@ public function syncOrgIdentitySource($orgIdentitySource, $force=false, $coJobId } } + if($changelist !== false) { + // Technically these are changes for purposes of updating the backend cache + $changelist = array_merge($changelist, $newKeys); + } + $this->Co->CoJob->CoJobHistoryRecord->record($jobId, null, _txt('jb.ois.sync.full.finish'), From 44720c87c1ce7ebda8a09bc2108fc970529a5a03 Mon Sep 17 00:00:00 2001 From: Ioannis Igoumenos Date: Sat, 5 Aug 2023 15:35:29 +0300 Subject: [PATCH 03/34] Improve database query --- .../Controller/CoEligibilityWidgetsController.php | 15 +++++++++++++++ .../Model/CoEligibilityWidget.php | 6 ++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/app/AvailablePlugin/EligibilityWidget/Controller/CoEligibilityWidgetsController.php b/app/AvailablePlugin/EligibilityWidget/Controller/CoEligibilityWidgetsController.php index 5fc4dc755..1dc8c2fe1 100644 --- a/app/AvailablePlugin/EligibilityWidget/Controller/CoEligibilityWidgetsController.php +++ b/app/AvailablePlugin/EligibilityWidget/Controller/CoEligibilityWidgetsController.php @@ -188,18 +188,22 @@ public function assign($id) { $this->layout = 'ajax'; if (empty($this->request->params['pass'][0])) { + $this->log(__METHOD__ . "::message " . _txt('pl.er.eligibilitywidget.param.notfound', array(_txt('ct.eligibility_widget.1') . ' Id')), LOG_ERROR); throw new BadRequestException(_txt('pl.er.eligibilitywidget.param.notfound', array(_txt('ct.eligibility_widget.1') . ' Id'))); } if (empty($this->request->data['cou_id'])) { + $this->log(__METHOD__ . "::message " . _txt('pl.er.eligibilitywidget.param.notfound', array('cou_id')), LOG_ERROR); throw new BadRequestException(_txt('pl.er.eligibilitywidget.param.notfound', array('cou_id'))); } if(empty($this->request->data['co_person_id'])) { + $this->log(__METHOD__ . "::message " . _txt('pl.er.eligibilitywidget.param.notfound', array('co_person_id')), LOG_ERROR); throw new BadRequestException(_txt('pl.er.eligibilitywidget.param.notfound', array('co_person_id'))); } // I need to verify that the CO Person is part of the CO $copersonid = $this->request->data['co_person_id']; if(!$this->Role->isCoPerson($copersonid, $this->cur_co["Co"]["id"])) { + $this->log(__METHOD__ . "::message " . _txt('er.cop.nf', array($copersonid)), LOG_ERROR); throw new NotFoundException(_txt('er.cop.nf', array($copersonid))); } @@ -217,6 +221,7 @@ public function assign($id) { $this->CoPersonRole->save($copr); if(!$this->CoPersonRole->save($copr)) { + $this->log(__METHOD__ . "::message " . _txt('er.db.save'), LOG_ERROR); throw new InternalErrorException(_txt('er.db.save')); } @@ -292,19 +297,23 @@ public function eligibility($id) { $this->layout = 'ajax'; if (empty($this->request->params['pass'][0])) { + $this->log(__METHOD__ . "::message " . _txt('pl.er.eligibilitywidget.param.notfound', array(_txt('ct.eligibility_widget.1') . ' Id')), LOG_ERROR); throw new BadRequestException(_txt('pl.er.eligibilitywidget.param.notfound', array(_txt('ct.eligibility_widget.1') . ' Id'))); } if (empty($this->request->data['ois_id'])) { + $this->log(__METHOD__ . "::message " . _txt('pl.er.eligibilitywidget.param.notfound', array('ois_id')), LOG_ERROR); throw new BadRequestException(_txt('pl.er.eligibilitywidget.param.notfound', array('ois_id'))); } if(empty($this->request->data['co_person_id'])) { + $this->log(__METHOD__ . "::message " . _txt('pl.er.eligibilitywidget.param.notfound', array('co_person_id')), LOG_ERROR); throw new BadRequestException(_txt('pl.er.eligibilitywidget.param.notfound', array('co_person_id'))); } // I need to verify that the CO Person is part of the CO $copersonid = $this->request->data['co_person_id']; if(!$this->Role->isCoPerson($copersonid, $this->cur_co["Co"]["id"])) { + $this->log(__METHOD__ . "::message " . _txt('er.cop.nf', array($copersonid)), LOG_ERROR); throw new NotFoundException(_txt('er.cop.nf', array($copersonid))); } @@ -313,6 +322,7 @@ public function eligibility($id) { $this->cur_co["Co"]["id"], $this->request->data['co_person_id']); } catch(Exception $e) { + $this->log(__METHOD__ . "::message " .$e->getMessage(), LOG_ERROR); // Double quotes are not JSON accepted throw new BadRequestException(str_replace('"', "", $e->getMessage())); } @@ -343,9 +353,11 @@ public function personroles($id) { $this->layout = 'ajax'; if (empty($this->request->params['pass'][0])) { + $this->log(__METHOD__ . "::message " . _txt('pl.er.eligibilitywidget.param.notfound', array(_txt('ct.eligibility_widget.1') . ' Id')), LOG_ERROR); throw new BadRequestException(_txt('pl.er.eligibilitywidget.param.notfound', array(_txt('ct.eligibility_widget.1') . ' Id'))); } if(empty($this->request->query["copersonid"])) { + $this->log(__METHOD__ . "::message " . _txt('pl.er.eligibilitywidget.param.notfound', array('copersonid')), LOG_ERROR); throw new BadRequestException(_txt('pl.er.eligibilitywidget.param.notfound', array('copersonid'))); } @@ -369,6 +381,7 @@ public function personroles($id) { $roles = $this->CoPersonRole->find('all', $args); } catch(Exception $e) { + $this->log(__METHOD__ . "::message " .$e->getMessage(), LOG_ERROR); // Double quotes are not JSON accepted throw new BadRequestException(str_replace('"', "", $e->getMessage())); } @@ -393,12 +406,14 @@ public function sync($id) { $this->layout = 'ajax'; if(empty($this->request->query["copersonrole"])) { + $this->log(__METHOD__ . "::message " . _txt('pl.er.eligibilitywidget.param.specify'), LOG_ERROR); throw new InvalidArgumentException(_txt('pl.er.eligibilitywidget.param.specify')); } try{ $data = $this->CoEligibilityWidget->syncEligibility($this->request->query["copersonrole"]); } catch(Exception $e) { + $this->log(__METHOD__ . "::message " .$e->getMessage(), LOG_ERROR); throw new BadRequestException(str_replace('"', "", $e->getMessage())); } diff --git a/app/AvailablePlugin/EligibilityWidget/Model/CoEligibilityWidget.php b/app/AvailablePlugin/EligibilityWidget/Model/CoEligibilityWidget.php index fe71d2be3..e0f4e673f 100644 --- a/app/AvailablePlugin/EligibilityWidget/Model/CoEligibilityWidget.php +++ b/app/AvailablePlugin/EligibilityWidget/Model/CoEligibilityWidget.php @@ -130,6 +130,7 @@ public function allPersonOrgIdentityFromSource($coId, $coPersonId) { $args['conditions']['CoOrgIdentityLink.co_person_id'] = $coPersonId; $args['conditions'][] = 'PipelineCoPersonRole.source_org_identity_id IS NOT NULL'; $args['conditions']['OrgIdentity.co_id'] = $coId; + $args['contain'] = false; $OrgIdentity = ClassRegistry::init('OrgIdentity'); $org_identities = $OrgIdentity->find('all', $args); @@ -180,7 +181,6 @@ public function checkEligibility($oidId, $coId, $coPersonId) { throw new InvalidArgumentException(_txt('pl.er.eligibilitywidget.ois.inappropriate')); } - $ret = array(); foreach($emailAddresses as $ea) { if (!empty($ea['EmailAddress']['mail'])) { try { @@ -307,7 +307,9 @@ public function personCouMembership($copersonid, $args['joins'][0]['table'] = 'cous'; $args['joins'][0]['alias'] = 'Cou'; $args['joins'][0]['type'] = 'INNER'; - $args['joins'][0]['conditions'][0] = 'CoPersonRole.cou_id=Cou.id'; + $args['joins'][0]['conditions'][] = 'CoPersonRole.cou_id=Cou.id'; + $args['joins'][0]['conditions'][] = 'Cou.deleted IS NOT TRUE'; + $args['joins'][0]['conditions'][] = 'Cou.cou_id IS NULL'; $args['conditions']['CoPersonRole.co_person_id'] = $copersonid; $args['conditions'][] = 'CoPersonRole.deleted IS NOT true'; $args['conditions'][] = 'CoPersonRole.co_person_role_id IS NULL'; From 79b083900249e836800e5d59b824b2cbf7ff9119 Mon Sep 17 00:00:00 2001 From: Scott Koranda Date: Wed, 16 Aug 2023 10:41:02 -0500 Subject: [PATCH 04/34] Add first draft of OpenAPI for Core API (CO-2686) --- app/Plugin/CoreApi/Config/Schema/coreapi.yaml | 786 ++++++++++++++++++ 1 file changed, 786 insertions(+) create mode 100644 app/Plugin/CoreApi/Config/Schema/coreapi.yaml diff --git a/app/Plugin/CoreApi/Config/Schema/coreapi.yaml b/app/Plugin/CoreApi/Config/Schema/coreapi.yaml new file mode 100644 index 000000000..fff099b52 --- /dev/null +++ b/app/Plugin/CoreApi/Config/Schema/coreapi.yaml @@ -0,0 +1,786 @@ +openapi: 3.0.3 +info: + title: COmanage Registry Core API + description: | + A collection of higher level APIs for COmanage Registry that provide transaction-oriented operations. + Note that the Core API must be configured/enabled and the available functionality depends on the + service configuration details. + contact: + name: COmanage Project + url: https://spaces.at.internet2.edu/display/COmanage/About+the+COmanage+Project + email: comanage-users@internet2.edu + license: + name: APACHE LICENSE, VERSION 2.0 + url: https://www.apache.org/licenses/LICENSE-2.0.html + version: 1.0.0 +servers: + - url: https://localhost/registry + description: | + Most deployments serve Registry using the default path /registry. If your deployment changes the + default path you must adjust the relative URIs. +paths: + /api/co/{coid}/core/v1/people: + get: + summary: Retrieve a CO Person + description: | + Use an **Identifier** value to Retrieve a CO Person and related models/objects. + operationId: getCoPersonByIdentifier + parameters: + - name: coid + in: path + description: CO ID + required: true + schema: + type: integer + - name: identifier + in: query + description: CO Person Identifier of the configured type + required: true + schema: + type: string + responses: + '200': + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/PagedCoPersonReadResponse' + + post: + summary: Create a CO Person + description: | + Create a CO Person and related models/objects. + operationId: addCoPerson + parameters: + - name: coid + in: path + description: CO ID + required: true + schema: + type: integer + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/CoPersonWriteRequest' + responses: + '201': + description: Created + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/Identifier' + +components: + schemas: + PagedCoPersonReadResponse: + type: object + properties: + 0: + $ref: '#/components/schemas/CoPersonReadResponse' + description: CO Person read response object + readOnly: true + currentPage: + description: current page + type: string + readOnly: true + example: "1" + itemsPerPage: + description: items per page + type: string + readOnly: true + example: "1" + pageCount: + description: page count + type: string + readOnly: true + example: "1" + startIndex: + description: start index + type: string + readOnly: true + example: "1" + totalResults: + description: total count of results + type: string + readOnly: true + example: "1" + + CoPersonReadResponse: + type: object + properties: + CoPerson: + $ref: '#/components/schemas/CoPerson' + CoGroupMember: + type: array + items: + $ref: '#/components/schemas/CoGroupMember' + EmailAddress: + type: array + items: + $ref: '#/components/schemas/EmailAddress' + CoPersonRole: + type: array + items: + $ref: '#/components/schemas/CoPersonRole' + Identifier: + type: array + items: + $ref: '#/components/schemas/Identifier' + Name: + type: array + items: + $ref: '#/components/schemas/Name' + SshKey: + type: array + items: + $ref: '#/components/schemas/SshKey' + Url: + type: array + items: + $ref: '#/components/schemas/Url' + OrgIdentity: + type: array + items: + $ref: '#/components/schemas/OrgIdentity' + + CoPersonWriteRequest: + type: object + properties: + CoPerson: + $ref: '#/components/schemas/CoPerson' + CoGroupMember: + type: array + items: + $ref: '#/components/schemas/CoGroupMember' + EmailAddress: + type: array + items: + $ref: '#/components/schemas/EmailAddress' + CoPersonRole: + type: array + items: + $ref: '#/components/schemas/CoPersonRole' + Identifier: + type: array + items: + $ref: '#/components/schemas/Identifier' + Name: + type: array + items: + $ref: '#/components/schemas/Name' + SshKey: + type: array + items: + $ref: '#/components/schemas/SshKey' + Url: + type: array + items: + $ref: '#/components/schemas/Url' + OrgIdentity: + type: array + items: + $ref: '#/components/schemas/OrgIdentity' + + + meta: + type: object + properties: + id: + description: COmanage identifier for this object + type: integer + readOnly: true + actor_identifier: + description: The identifier for the actor who last modified this object + type: string + readOnly: true + created: + description: When this object was originally created + type: string + format: date-time + readOnly: true + deleted: + description: Whether this object has been deleted + type: boolean + readOnly: true + modified: + description: When this object was last modified + type: string + format: date-time + readOnly: true + revision: + description: The revision number for this object + type: integer + minimum: 0 + readOnly: true + required: + - id + + CoPerson: + type: object + properties: + meta: + $ref: '#/components/schemas/meta' + co_id: + description: CO ID for this CO Person + type: integer + date_of_birth: + description: CO Person date of birth + type: string + format: date + status: + type: string + description: | + CO Person status: + **A** - Active, + **Y** - Approved, + **C** - Confirmed, + **D** - Deleted, + **N** - Denied, + **D2** - Duplicate, + **XP** - Expired, + **GP** - GracePeriod, + **I** - Invited, + **LK** - Locked, + **P** - Pending, + **PA** - PendingApproval, + **PC** - PendingConfirmation, + **PV** - PendingVetting, + **S** - Suspended, + **D** - Declined + enum: + - A + - Y + - C + - D + - N + - D2 + - XP + - GP + - I + - LK + - P + - PA + - PC + - PV + - S + - X + timezone: + description: Preferred timezone of this CO Person, for UI purposes + type: string + required: + - co_id + - status + + CoGroupMember: + type: object + properties: + meta: + $ref: '#/components/schemas/meta' + co_group_id: + type: integer + description: CO Group ID for this membership + member: + type: boolean + description: If this CO Person is a member of this group + owner: + type: boolean + description: If this CO Person is an owner of this group + co_group_nesting_id: + type: integer + description: CO Group Nesting that created this membership, if set + valid_from: + type: string + format: date + description: Member validity date from + valid_through: + type: string + format: date + description: Member validity date through + required: + - co_group_id + + CoPersonRole: + type: object + properties: + meta: + $ref: '#/components/schemas/meta' + cou_id: + type: integer + description: COU for this Role + title: + type: string + description: Title for this Role + o: + type: string + description: Organization for this Role + ou: + type: string + description: Department for this Role + valid_from: + type: string + format: date-time + description: Valid from time for this Role + valid_through: + type: string + format: date-time + description: Valid through time for this Role + status: + type: string + description: | + CO Person Role status: + **A** - Active, + **Y** - Approved, + **C** - Confirmed, + **D** - Deleted, + **N** - Denied, + **D2** - Duplicate, + **XP** - Expired, + **GP** - GracePeriod, + **I** - Invited, + **LK** - Locked, + **P** - Pending, + **PA** - PendingApproval, + **PC** - PendingConfirmation, + **PV** - PendingVetting, + **S** - Suspended, + **D** - Declined + enum: + - A + - Y + - C + - D + - N + - D2 + - XP + - GP + - I + - LK + - P + - PA + - PC + - PV + - S + - X + sponsor_co_person_id: + type: integer + description: CO Person ID of the sponsor for this Role + affiliation: + type: string + description: | + CO Person Role affiliation: + **faculty**, + **student**, + **staff**, + **alum**, + **member**, + **affiliate**, + **employee**, + **librarywalkin + enum: + - faculty + - student + - staff + - alum + - member + - affiliate + - employee + - librarywalkin + ordr: + type: integer + description: Order of this Role, relative to other roles for this person + Address: + type: array + items: + $ref: '#/components/schemas/Address' + AdHocAttribute: + type: array + items: + $ref: '#/components/schemas/AdHocAttribute' + TelephoneNumber: + type: array + items: + $ref: '#/components/schemas/TelephoneNumber' + required: + - affiliation + - status + + Identifier: + type: object + properties: + meta: + $ref: '#/components/schemas/meta' + identifier: + type: string + description: Identifier value + type: + type: string + description: | + Identifier type: + **sor-affiliate**, + **badge**, + **enterprise**, + **eppn**, + **eptid**, + **epuid**, + **gid**, + **sor-guest**, + **sor-hr**, + **mail**, + **national**, + **network**, + **oidcsub**, + **openid**, + **orcid**, + **provisioningtarget**, + **reference**, + **pairwiseid**, + **subjectid**, + **sor-student**, + **sorid**, + **uid** + enum: + - sor-affiliate + - badge + - enterprise + - eppn + - eptid + - epuid + - gid + - sor-guest + - sor-hr + - mail + - national + - network + - oidcsub + - openid + - orcid + - provisioningtarget + - reference + - pairwiseid + - subjectid + - sor-student + - sorid + - uid + login: + type: boolean + description: Whether this Identifier can be used to login to Registry + status: + type: string + description: | + Identifier status: + **A** - Active, + **S** - Suspended + enum: + - A + - S + required: + - identifier + + EmailAddress: + type: object + properties: + meta: + $ref: '#/components/schemas/meta' + mail: + type: string + description: Email address + format: email + type: + type: string + description: Type of email address + verified: + type: boolean + description: Whether the email address has been verified + required: + - mail + + Name: + type: object + properties: + meta: + $ref: '#/components/schemas/meta' + given: + type: string + description: Given name + family: + type: string + description: Family name + formatted: + type: string + description: The fully formatted name + language: + type: string + description: The language encoding for this Name + middle: + type: string + description: Middle name + prefix: + type: string + description: The honorific or prefix for the Name + primary_name: + type: boolean + description: Whether this is the primary Name + honorific: + type: string + description: Honorific prefix + suffix: + type: string + description: Honorific suffix + type: + type: string + description: | + Type of name: + **alternate**, + **author**, + **fka**, + **official**, + **preferred** + enum: + - alternate + - author + - fka + - official + - preferred + required: + - given + + Address: + type: object + properties: + meta: + $ref: '#/components/schemas/meta' + country: + description: Country for this Address + type: string + description: + description: Description of this Address + type: string + language: + description: Language encoding of this Address + type: string + locality: + description: Locality eg city of this Address + type: string + postal_code: + description: Postal code of this Address + type: string + room: + description: Room associated with this Address + type: string + state: + description: State of this Address + type: string + street: + description: Street of this Address + type: string + type: + description: Type of this Address + type: string + + AdHocAttribute: + type: object + properties: + meta: + $ref: '#/components/schemas/meta' + tag: + description: Tag for this Ad Hoc Attribute + type: string + value: + description: Value of this Ad Hoc Attribute + type: string + required: + - tag + additionalProperties: false + + TelephoneNumber: + type: object + properties: + meta: + $ref: '#/components/schemas/meta' + country_code: + description: Country code for this Telephone Number + type: string + area_code: + description: Area code for this Telephone Number + type: string + number: + description: Number for this Telephone Number + type: string + extension: + description: Extension for this Telephone Number + type: string + description: + description: Description of this Telephone Number + type: string + type: + description: Type of this Telephone Number + type: string + required: + - number + additionalProperties: false + + SshKey: + type: object + properties: + meta: + $ref: '#/components/schemas/meta' + comment: + description: Comment for this SSH Key + type: string + type: + type: string + description: | + SSH Key type: + **ssh-dss**, + **ecdsa-sha2-nistp256**, + **ecdsa-sha2-nistp384**, + **ecdsa-sha2-nistp521**, + **ssh-ed25519**, + **ssh-rsa**, + **ssh-rsa1 + enum: + - ssh-dss + - ecdsa-sha2-nistp256 + - ecdsa-sha2-nistp384 + - ecdsa-sha2-nistp521 + - ssh-ed25519 + - ssh-rsa + - ssh-rsa1 + skey: + description: SSH Key + type: string + ssh_key_authenticator_id: + description: SSH Key Authenticator ID associated with this SSH Key + type: integer + readOnly: true + required: + - type + - skey + additionalProperties: false + + Url: + type: object + properties: + meta: + $ref: '#/components/schemas/meta' + description: + type: string + description: Description of this URL + url: + type: string + description: | + URL: + **official**, + **personal** + enum: + - official + - personal + type: + type: string + description: Type of URL + required: + - url + + OrgIdentity: + type: object + properties: + meta: + $ref: '#/components/schemas/meta' + co_id: + type: string + description: CO for this Org Identity + title: + type: string + description: Title for this Org Identity + o: + type: string + description: Organization for this Org Identity + ou: + type: string + description: Department for this Org Identity + valid_from: + type: string + description: Valid from time for this Org Identity + format: date-time + valid_through: + type: string + description: Valid through time for this Org Identity + format: date-time + status: + type: string + description: | + Org Identity status: + **RM** - Removed, + **SY** - Synced + enum: + - RM + - SY + affiliation: + type: string + description: | + Org Identity affiliation: + **faculty**, + **student**, + **staff**, + **alum**, + **member**, + **affiliate**, + **employee**, + **librarywalkin + enum: + - faculty + - student + - staff + - alum + - member + - affiliate + - employee + - librarywalkin + date_of_birth: + type: string + description: Org Identity date of birth + format: date + Address: + type: array + items: + $ref: '#/components/schemas/Address' + AdHocAttribute: + type: array + items: + $ref: '#/components/schemas/AdHocAttribute' + EmailAddress: + type: array + items: + $ref: '#/components/schemas/EmailAddress' + Identifier: + type: array + items: + $ref: '#/components/schemas/Identifier' + Name: + type: array + items: + $ref: '#/components/schemas/Name' + TelephoneNumber: + type: array + items: + $ref: '#/components/schemas/TelephoneNumber' + Url: + type: array + items: + $ref: '#/components/schemas/Url' + + securitySchemes: + basicAuth: + type: http + scheme: basic + +security: + - basicAuth: [] + +externalDocs: + description: COmanage Registry Core API + url: https://spaces.at.internet2.edu/display/COmanage/Core+API From 9d4ac3d86cbc8a853eeeecb8d3a3616d4a07ce45 Mon Sep 17 00:00:00 2001 From: Scott Koranda Date: Thu, 17 Aug 2023 14:03:51 -0500 Subject: [PATCH 05/34] Refactor OpenAPI document and support index (CO-2686) --- app/Plugin/CoreApi/Config/Schema/coreapi.yaml | 737 +++++++++--------- 1 file changed, 387 insertions(+), 350 deletions(-) diff --git a/app/Plugin/CoreApi/Config/Schema/coreapi.yaml b/app/Plugin/CoreApi/Config/Schema/coreapi.yaml index fff099b52..a8791ded3 100644 --- a/app/Plugin/CoreApi/Config/Schema/coreapi.yaml +++ b/app/Plugin/CoreApi/Config/Schema/coreapi.yaml @@ -20,11 +20,13 @@ servers: default path you must adjust the relative URIs. paths: /api/co/{coid}/core/v1/people: - get: - summary: Retrieve a CO Person + delete: + summary: Delete a CO Person description: | - Use an **Identifier** value to Retrieve a CO Person and related models/objects. - operationId: getCoPersonByIdentifier + Use an **Identifier** value to delete a CO Person and related models/objects. + Note that whether or not the delete is soft or hard (expunge) is configurable + using the COmanage Registry Configuration Core API menu. + operationId: deleteCoPerson parameters: - name: coid in: path @@ -40,16 +42,53 @@ paths: type: string responses: '200': - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/PagedCoPersonReadResponse' + description: Deleted + + get: + summary: Retrieve one or more CO Person and related objects + description: | + Use the **identifier** query parameter to retrieve a single object. + No query parameters retrieves all CO Person objects. Use the + **direction**, **limit**, and **page** query parameters to + control the order and number of returned objects. + operationId: getCoPerson + parameters: + - name: coid + in: path + description: CO ID + required: true + schema: + type: integer + - name: identifier + in: query + description: CO Person Identifier of the configured type + schema: + type: string + - name: direction + in: query + description: asc (return older records first) or desc (return newer records first) + schema: + type: string + enum: + - asc + - desc + - name: limit + in: query + description: The maximum number of records to return in the response + schema: + type: integer + - name: page + in: query + description: Return this page of the result set + schema: + type: integer + responses: + '200': + $ref: '#/components/responses/PagedCoPersonMessage' post: summary: Create a CO Person - description: | - Create a CO Person and related models/objects. + description: Create a CO Person and related models/objects operationId: addCoPerson parameters: - name: coid @@ -57,13 +96,13 @@ paths: description: CO ID required: true schema: - type: integer + type: integer requestBody: required: true content: application/json: schema: - $ref: '#/components/schemas/CoPersonWriteRequest' + $ref: '#/components/schemas/CoPersonMessage' responses: '201': description: Created @@ -74,81 +113,39 @@ paths: items: $ref: '#/components/schemas/Identifier' -components: - schemas: - PagedCoPersonReadResponse: - type: object - properties: - 0: - $ref: '#/components/schemas/CoPersonReadResponse' - description: CO Person read response object - readOnly: true - currentPage: - description: current page - type: string - readOnly: true - example: "1" - itemsPerPage: - description: items per page - type: string - readOnly: true - example: "1" - pageCount: - description: page count - type: string - readOnly: true - example: "1" - startIndex: - description: start index - type: string - readOnly: true - example: "1" - totalResults: - description: total count of results - type: string - readOnly: true - example: "1" + put: + summary: Update a CO Person + description: Update a CO Person and related models/objects + operationId: updateCoPerson + parameters: + - name: coid + in: path + description: CO ID + required: true + schema: + type: integer + - name: identifier + in: query + description: CO Person Identifier of the configured type + required: true + schema: + type: string + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/CoPersonMessage' - CoPersonReadResponse: - type: object - properties: - CoPerson: - $ref: '#/components/schemas/CoPerson' - CoGroupMember: - type: array - items: - $ref: '#/components/schemas/CoGroupMember' - EmailAddress: - type: array - items: - $ref: '#/components/schemas/EmailAddress' - CoPersonRole: - type: array - items: - $ref: '#/components/schemas/CoPersonRole' - Identifier: - type: array - items: - $ref: '#/components/schemas/Identifier' - Name: - type: array - items: - $ref: '#/components/schemas/Name' - SshKey: - type: array - items: - $ref: '#/components/schemas/SshKey' - Url: - type: array - items: - $ref: '#/components/schemas/Url' - OrgIdentity: - type: array - items: - $ref: '#/components/schemas/OrgIdentity' + responses: + '200': + description: Updated - CoPersonWriteRequest: +components: + schemas: + CoPersonMessage: type: object + description: Collection of a CO Person and related objects properties: CoPerson: $ref: '#/components/schemas/CoPerson' @@ -185,48 +182,19 @@ components: items: $ref: '#/components/schemas/OrgIdentity' - - meta: - type: object - properties: - id: - description: COmanage identifier for this object - type: integer - readOnly: true - actor_identifier: - description: The identifier for the actor who last modified this object - type: string - readOnly: true - created: - description: When this object was originally created - type: string - format: date-time - readOnly: true - deleted: - description: Whether this object has been deleted - type: boolean - readOnly: true - modified: - description: When this object was last modified - type: string - format: date-time - readOnly: true - revision: - description: The revision number for this object - type: integer - minimum: 0 - readOnly: true - required: - - id - CoPerson: type: object + description: | + Simple object representing a person in a CO and their status. + Other objects like Name, EmailAddress, and Identifier link against + this object. Multiple Organizational Identities representing external + identities may also be linked against this object. properties: meta: $ref: '#/components/schemas/meta' co_id: description: CO ID for this CO Person - type: integer + type: string date_of_birth: description: CO Person date of birth type: string @@ -275,13 +243,134 @@ components: - co_id - status + Name: + type: object + description: Name for a CO Person or an Organizational Identity + properties: + meta: + $ref: '#/components/schemas/meta' + given: + type: string + description: Given name + family: + type: string + description: Family name + formatted: + type: string + description: The fully formatted name + language: + type: string + description: The language encoding for this Name + middle: + type: string + description: Middle name + prefix: + type: string + description: The honorific or prefix for the Name + primary_name: + type: boolean + description: Whether this is the primary Name + honorific: + type: string + description: Honorific prefix + suffix: + type: string + description: Honorific suffix + type: + type: string + description: | + Type of name: + **alternate**, + **author**, + **fka**, + **official**, + **preferred** + enum: + - alternate + - author + - fka + - official + - preferred + required: + - given + + EmailAddress: + type: object + description: Email address for a CO Person or an Organizational Identity + properties: + meta: + $ref: '#/components/schemas/meta' + mail: + type: string + description: Email address + format: email + type: + type: string + description: Type of email address + verified: + type: boolean + description: Whether the email address has been verified + required: + - mail + + Identifier: + type: object + description: Identifier for CO Person or an Organizational Identity + properties: + meta: + $ref: '#/components/schemas/meta' + identifier: + type: string + description: Identifier value + type: + type: string + description: | + Identifier type: + **sor-affiliate**, + **badge**, + **enterprise**, + **eppn**, + **eptid**, + **epuid**, + **gid**, + **sor-guest**, + **sor-hr**, + **mail**, + **national**, + **network**, + **oidcsub**, + **openid**, + **orcid**, + **provisioningtarget**, + **reference**, + **pairwiseid**, + **subjectid**, + **sor-student**, + **sorid**, + **uid** + login: + type: boolean + description: Whether this Identifier can be used to login to Registry + status: + type: string + description: | + Identifier status: + **A** - Active, + **S** - Suspended + enum: + - A + - S + required: + - identifier + CoGroupMember: type: object + description: Membership of CO Person in a CO Group properties: meta: $ref: '#/components/schemas/meta' co_group_id: - type: integer + type: string description: CO Group ID for this membership member: type: boolean @@ -290,7 +379,7 @@ components: type: boolean description: If this CO Person is an owner of this group co_group_nesting_id: - type: integer + type: string description: CO Group Nesting that created this membership, if set valid_from: type: string @@ -305,11 +394,12 @@ components: CoPersonRole: type: object + description: Role for a CO Person properties: meta: $ref: '#/components/schemas/meta' cou_id: - type: integer + type: string description: COU for this Role title: type: string @@ -366,12 +456,89 @@ components: - S - X sponsor_co_person_id: - type: integer + type: string description: CO Person ID of the sponsor for this Role affiliation: type: string description: | - CO Person Role affiliation: + CO Person Role affiliation: + **faculty**, + **student**, + **staff**, + **alum**, + **member**, + **affiliate**, + **employee**, + **librarywalkin + enum: + - faculty + - student + - staff + - alum + - member + - affiliate + - employee + - librarywalkin + ordr: + type: string + description: Order of this Role, relative to other roles for this person + Address: + type: array + items: + $ref: '#/components/schemas/Address' + AdHocAttribute: + type: array + items: + $ref: '#/components/schemas/AdHocAttribute' + TelephoneNumber: + type: array + items: + $ref: '#/components/schemas/TelephoneNumber' + required: + - affiliation + - status + + OrgIdentity: + type: object + description: | + Organizational Identity linked to a CO Person, representing an external identity. + Note that multiple Organizational Identities may be linked to a single CO Person. + properties: + meta: + $ref: '#/components/schemas/meta' + co_id: + type: string + description: CO for this Org Identity + title: + type: string + description: Title for this Org Identity + o: + type: string + description: Organization for this Org Identity + ou: + type: string + description: Department for this Org Identity + valid_from: + type: string + description: Valid from time for this Org Identity + format: date-time + valid_through: + type: string + description: Valid through time for this Org Identity + format: date-time + status: + type: string + description: | + Org Identity status: + **RM** - Removed, + **SY** - Synced + enum: + - RM + - SY + affiliation: + type: string + description: | + Org Identity affiliation: **faculty**, **student**, **staff**, @@ -389,9 +556,10 @@ components: - affiliate - employee - librarywalkin - ordr: - type: integer - description: Order of this Role, relative to other roles for this person + date_of_birth: + type: string + description: Org Identity date of birth + format: date Address: type: array items: @@ -400,156 +568,30 @@ components: type: array items: $ref: '#/components/schemas/AdHocAttribute' + EmailAddress: + type: array + items: + $ref: '#/components/schemas/EmailAddress' + Identifier: + type: array + items: + $ref: '#/components/schemas/Identifier' + Name: + type: array + items: + $ref: '#/components/schemas/Name' TelephoneNumber: type: array items: $ref: '#/components/schemas/TelephoneNumber' - required: - - affiliation - - status - - Identifier: - type: object - properties: - meta: - $ref: '#/components/schemas/meta' - identifier: - type: string - description: Identifier value - type: - type: string - description: | - Identifier type: - **sor-affiliate**, - **badge**, - **enterprise**, - **eppn**, - **eptid**, - **epuid**, - **gid**, - **sor-guest**, - **sor-hr**, - **mail**, - **national**, - **network**, - **oidcsub**, - **openid**, - **orcid**, - **provisioningtarget**, - **reference**, - **pairwiseid**, - **subjectid**, - **sor-student**, - **sorid**, - **uid** - enum: - - sor-affiliate - - badge - - enterprise - - eppn - - eptid - - epuid - - gid - - sor-guest - - sor-hr - - mail - - national - - network - - oidcsub - - openid - - orcid - - provisioningtarget - - reference - - pairwiseid - - subjectid - - sor-student - - sorid - - uid - login: - type: boolean - description: Whether this Identifier can be used to login to Registry - status: - type: string - description: | - Identifier status: - **A** - Active, - **S** - Suspended - enum: - - A - - S - required: - - identifier - - EmailAddress: - type: object - properties: - meta: - $ref: '#/components/schemas/meta' - mail: - type: string - description: Email address - format: email - type: - type: string - description: Type of email address - verified: - type: boolean - description: Whether the email address has been verified - required: - - mail - - Name: - type: object - properties: - meta: - $ref: '#/components/schemas/meta' - given: - type: string - description: Given name - family: - type: string - description: Family name - formatted: - type: string - description: The fully formatted name - language: - type: string - description: The language encoding for this Name - middle: - type: string - description: Middle name - prefix: - type: string - description: The honorific or prefix for the Name - primary_name: - type: boolean - description: Whether this is the primary Name - honorific: - type: string - description: Honorific prefix - suffix: - type: string - description: Honorific suffix - type: - type: string - description: | - Type of name: - **alternate**, - **author**, - **fka**, - **official**, - **preferred** - enum: - - alternate - - author - - fka - - official - - preferred - required: - - given + Url: + type: array + items: + $ref: '#/components/schemas/Url' Address: type: object + description: Postal address for a CO Person Role or Organizational Identity properties: meta: $ref: '#/components/schemas/meta' @@ -583,6 +625,7 @@ components: AdHocAttribute: type: object + description: An ad-hoc attribute for a CO Person Role or an Organizational Identity properties: meta: $ref: '#/components/schemas/meta' @@ -598,6 +641,7 @@ components: TelephoneNumber: type: object + description: Telephone number for a CO Person Role or an Organizational Identity properties: meta: $ref: '#/components/schemas/meta' @@ -625,6 +669,7 @@ components: SshKey: type: object + description: Object representing an SSH key for a CO Person, including the comment and key type properties: meta: $ref: '#/components/schemas/meta' @@ -655,7 +700,7 @@ components: type: string ssh_key_authenticator_id: description: SSH Key Authenticator ID associated with this SSH Key - type: integer + type: string readOnly: true required: - type @@ -664,6 +709,7 @@ components: Url: type: object + description: Url for a CO Person or an Organizational Identity properties: meta: $ref: '#/components/schemas/meta' @@ -685,93 +731,84 @@ components: required: - url - OrgIdentity: + meta: type: object + description: | + Metadata about objects returned when reading (get). Note that most metadata returned by read + calls is not permitted (and will be ignored) when invoking write operations (post|put). + The exception is the sub-element id, which when present is used to indicate the update + of an existing object (such as an EmailAddress) rather than the creation of a new one. properties: - meta: - $ref: '#/components/schemas/meta' - co_id: - type: string - description: CO for this Org Identity - title: - type: string - description: Title for this Org Identity - o: + id: + description: COmanage Registry identifier for this object type: string - description: Organization for this Org Identity - ou: + actor_identifier: + description: The identifier for the actor who last modified this object type: string - description: Department for this Org Identity - valid_from: + readOnly: true + created: + description: When this object was originally created type: string - description: Valid from time for this Org Identity format: date-time - valid_through: + readOnly: true + deleted: + description: Whether this object has been deleted + type: boolean + readOnly: true + modified: + description: When this object was last modified type: string - description: Valid through time for this Org Identity format: date-time - status: - type: string - description: | - Org Identity status: - **RM** - Removed, - **SY** - Synced - enum: - - RM - - SY - affiliation: - type: string - description: | - Org Identity affiliation: - **faculty**, - **student**, - **staff**, - **alum**, - **member**, - **affiliate**, - **employee**, - **librarywalkin - enum: - - faculty - - student - - staff - - alum - - member - - affiliate - - employee - - librarywalkin - date_of_birth: + readOnly: true + revision: + description: The revision number for this object type: string - description: Org Identity date of birth - format: date - Address: - type: array - items: - $ref: '#/components/schemas/Address' - AdHocAttribute: - type: array - items: - $ref: '#/components/schemas/AdHocAttribute' - EmailAddress: - type: array - items: - $ref: '#/components/schemas/EmailAddress' - Identifier: - type: array - items: - $ref: '#/components/schemas/Identifier' - Name: - type: array - items: - $ref: '#/components/schemas/Name' - TelephoneNumber: - type: array - items: - $ref: '#/components/schemas/TelephoneNumber' - Url: - type: array - items: - $ref: '#/components/schemas/Url' + minimum: 0 + readOnly: true + required: + - id + additionalProperties: false + + responses: + PagedCoPersonMessage: + description: Paged collection of CoPersonMessage objects indexed by integer values + content: + application/json: + schema: + type: object + properties: + 0: + $ref: '#/components/schemas/CoPersonMessage' + description: CO Person read response object + currentPage: + description: current page + type: string + readOnly: true + example: "1" + itemsPerPage: + description: items per page + type: string + readOnly: true + example: "1" + pageCount: + description: page count + type: string + readOnly: true + example: "1" + startIndex: + description: start index + type: string + readOnly: true + example: "1" + totalResults: + description: total count of results + type: string + readOnly: true + example: "1" + additionalProperties: + type: array + items: + $ref: '#/components/schemas/CoPersonMessage' securitySchemes: basicAuth: From 4d565f5e4a64ee9a24fd355d0ad60ef5f67e42f3 Mon Sep 17 00:00:00 2001 From: Scott Koranda Date: Fri, 18 Aug 2023 08:00:01 -0500 Subject: [PATCH 06/34] container update PHP to 8.0.30 --- container/registry/base/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/container/registry/base/Dockerfile b/container/registry/base/Dockerfile index 4712a3723..0b91c8be5 100644 --- a/container/registry/base/Dockerfile +++ b/container/registry/base/Dockerfile @@ -16,7 +16,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -FROM php:8.0.29-apache-bullseye +FROM php:8.0.30-apache-bullseye # Official PHP image with Apache HTTPD includes # --with-openssl From 0a9aa1cb835a911b3a935e3092637251dc4996b2 Mon Sep 17 00:00:00 2001 From: Ioannis Igoumenos Date: Sat, 19 Aug 2023 00:22:52 +0300 Subject: [PATCH 07/34] Add missing dependency (#522, CO-2673) --- app/Model/Co.php | 1 + 1 file changed, 1 insertion(+) diff --git a/app/Model/Co.php b/app/Model/Co.php index b293fa08a..6dd3f3c64 100644 --- a/app/Model/Co.php +++ b/app/Model/Co.php @@ -425,6 +425,7 @@ public function duplicate($id) { 'MatchServer' => 'Server', 'Oauth2Server' => 'Server', 'SqlServer' => 'Server', + 'KafkaServer' => 'Server', 'DictionaryEntry' => 'Dictionary' ) as $m => $parentm) { $fk = Inflector::underscore($parentm) . "_id"; From 556b016e8a19835e7d02f21ed80129b7b941ae5f Mon Sep 17 00:00:00 2001 From: Ioannis Igoumenos Date: Sat, 19 Aug 2023 18:17:04 +0300 Subject: [PATCH 08/34] Decouple the handling of empty given and family name default value assignment (#526, CO-2678) --- .../EnvSource/Model/EnvSourceBackend.php | 25 ++++++------------- 1 file changed, 8 insertions(+), 17 deletions(-) diff --git a/app/Plugin/EnvSource/Model/EnvSourceBackend.php b/app/Plugin/EnvSource/Model/EnvSourceBackend.php index 3bdc7b041..9b769bb99 100644 --- a/app/Plugin/EnvSource/Model/EnvSourceBackend.php +++ b/app/Plugin/EnvSource/Model/EnvSourceBackend.php @@ -111,27 +111,18 @@ protected function resultToOrgIdentity($result) { $orgdata['Name'] = array(); $orgdata['Name'][0]['honorific'] = $result['env_name_honorific']; - $orgdata['Name'][0]['given'] = $result['env_name_given']; + // We need a Name in order to save an OrgIdentity, but we may not get one since + // some IdPs don't release meaningful attributes. So we create default values. + $orgdata['Name'][0]['given'] = !empty($result['env_name_given']) ? + $result['env_name_given'] : $result['env_identifier_sorid']; $orgdata['Name'][0]['middle'] = $result['env_name_middle']; - $orgdata['Name'][0]['family'] = $result['env_name_family']; + // Populate a default last name in case it's required. + $orgdata['Name'][0]['family'] = !empty($result['env_name_family']) ? + $result['env_name_family'] : _txt('pl.envsource.name.unknown'); $orgdata['Name'][0]['suffix'] = $result['env_name_suffix']; $orgdata['Name'][0]['primary_name'] = true; $orgdata['Name'][0]['type'] = NameEnum::Official; - - // We need a Name in order to save an OrgIdentity, but we may not get one since - // some IdPs don't release meaningful attributes. So we create default values. - - if(empty($orgdata['Name'][0]['given'])) { - // For now we only check given, though it's possible we only received a - // given name but the current configuration requires both given and family. - - // The only thing we can guarantee is SORID - $orgdata['Name'][0]['given'] = $result['env_identifier_sorid']; - - // Populate a default last name in case it's required. - $orgdata['Name'][0]['family'] = _txt('pl.envsource.name.unknown'); - } - + $orgdata['EmailAddress'] = array(); if($result['env_mail']) { From 10676bff2e1c213ff51a7f93f23f30424ff04b5d Mon Sep 17 00:00:00 2001 From: Ioannis Igoumenos Date: Sun, 20 Aug 2023 18:37:46 +0300 Subject: [PATCH 09/34] Fix COU index view sort by parent COU. Parent COU dropdown to contain only COUs with children. (#515, CO-2651) --- app/Controller/CousController.php | 4 ++-- app/Model/Cou.php | 31 +++++++++++++++++++++++++++---- app/View/Cous/index.ctp | 2 +- 3 files changed, 30 insertions(+), 7 deletions(-) diff --git a/app/Controller/CousController.php b/app/Controller/CousController.php index 9578737a3..299d511ba 100644 --- a/app/Controller/CousController.php +++ b/app/Controller/CousController.php @@ -90,8 +90,8 @@ function beforeRender() { // XXX This block should execute before its parent. The parent needs the $vv_cou_list if(!$this->request->is('restful') && $this->action == 'index') { - // Get the full list of COUs - $cous_all = $this->Cou->allCous($this->cur_co["Co"]["id"]); + // Get all COUs with children + $cous_all = $this->Cou->allCous($this->cur_co["Co"]["id"], "hash", true); asort($cous_all, SORT_STRING); // `Any` option will return all COUs with a parent // `None` option will return all COUs with parent equal to null diff --git a/app/Model/Cou.php b/app/Model/Cou.php index 71485aeee..ffbfc0b6f 100644 --- a/app/Model/Cou.php +++ b/app/Model/Cou.php @@ -153,15 +153,38 @@ public function afterSave($created, $options = Array()) { /** * Obtain all COUs within a specified CO. * - * @since COmanage Registry v0.4 - * @param integer CO ID - * @param string Format, one of "names", "ids", or "hash" of id => name + * @param Integer $coId CO ID + * @param String $format Format, one of "names", "ids", or "hash" of id => name + * @param Null|Boolean $isParent If null retrieve all COUs. + * If true retrieve all COUs that have children. + * If false retrieve all COUs that have no Children + * * @return Array List or hash of member COUs, as specified by $format + * @since COmanage Registry v0.4 */ - public function allCous($coId, $format="hash") { + public function allCous($coId, $format="hash", $isParent=null) { + $parent_ids = array(); + if(!is_null($isParent)) { + $args = array(); + $args['conditions']['Cou.co_id'] = $coId; + $args['conditions'][] = 'Cou.parent_id IS NOT NULL'; + $args['fields'] = array('Cou.parent_id'); + $args['contain'] = false; + $cous = $this->find("all", $args); + + $parent_ids = Hash::extract($cous, '{n}.Cou.parent_id'); + } + $args = array(); $args['conditions']['Cou.co_id'] = $coId; + if(!is_null($isParent) && !empty($parent_ids)) { + if($isParent) { + $args['conditions']['Cou.id'] = $parent_ids; + } else { + $args['conditions']['NOT']['Cou.id'] = $parent_ids; + } + } $args['order'] = 'Cou.name ASC'; $args['contain'] = false; diff --git a/app/View/Cous/index.ctp b/app/View/Cous/index.ctp index 5dab57642..9c4e79ac0 100644 --- a/app/View/Cous/index.ctp +++ b/app/View/Cous/index.ctp @@ -61,7 +61,7 @@ Paginator->sort('name', _txt('fd.name')); ?> - Paginator->sort('name', _txt('fd.parent')); ?> + Paginator->sort('ParentCou.name', _txt('fd.parent')); ?> Paginator->sort('description', _txt('fd.desc')); ?> From dbf8c26be9e1e70256cdc89fa8973de9c9544306 Mon Sep 17 00:00:00 2001 From: Ioannis Igoumenos Date: Sun, 20 Aug 2023 18:48:05 +0300 Subject: [PATCH 10/34] CO-2665_DEF_GARBAGE_COLLECT_INTERVAL_is_1440_seconds (#510) * set default garbage collect interval to once every 24 hours * Review changes * Cast garbage collect interval from minutes to seconds --- app/Controller/CoSettingsController.php | 8 +++++++- app/Lib/lang.php | 2 +- app/Model/Co.php | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/app/Controller/CoSettingsController.php b/app/Controller/CoSettingsController.php index 4ffa42079..5a02041e7 100644 --- a/app/Controller/CoSettingsController.php +++ b/app/Controller/CoSettingsController.php @@ -83,6 +83,12 @@ public function add() { $this->redirect(array('action' => 'edit', $settingId)); } + + /** + * Register GarbageCollector job + * + * @since COmanage Registry v4.1.0 + */ public function job($id) { $this->Co = ClassRegistry::init('Co'); // Get the delay interval from Platform Settings @@ -107,7 +113,7 @@ public function job($id) { 'object_type' => 'Co', ), 0, // $delay (in seconds) - $interval // $requeueInterval (in seconds) + $interval*60 // $requeueInterval (in seconds) ); $this->Flash->set(_txt('rs.jb.registered', array($jobid)), array('key' => 'success')); diff --git a/app/Lib/lang.php b/app/Lib/lang.php index bf43edd2e..61ff85d6a 100644 --- a/app/Lib/lang.php +++ b/app/Lib/lang.php @@ -1614,7 +1614,7 @@ 'fd.false' => 'False', 'fd.garbage.collect' => 'Garbage Collection', 'fd.garbage.collect.interval' => 'Re-queue Interval', - 'fd.garbage.collect.interval.desc' => 'After the job successfully schedules, it will automatically execute and re-queue after this interval (in seconds).', + 'fd.garbage.collect.interval.desc' => 'After the job successfully schedules, it will automatically execute and re-queue after this interval (in minutes).', 'fd.group.desc.adm' => '%1$s Administrators', 'fd.group.desc.apr' => '%1$s Approvers', 'fd.group.desc.mem' => '%1$s Members', diff --git a/app/Model/Co.php b/app/Model/Co.php index 6dd3f3c64..b3f4624ca 100644 --- a/app/Model/Co.php +++ b/app/Model/Co.php @@ -670,7 +670,7 @@ public function setup($coId) { 'object_type' => 'Co', ), 0, // $delay (in seconds) - DEF_GARBAGE_COLLECT_INTERVAL // $requeueInterval (in seconds) + DEF_GARBAGE_COLLECT_INTERVAL*60 // $requeueInterval (in seconds) ); } From 7d72fe173943132c2491bb28e906269efbf809ca Mon Sep 17 00:00:00 2001 From: Ioannis Igoumenos Date: Mon, 21 Aug 2023 00:46:03 +0300 Subject: [PATCH 11/34] CO-2640_Deleting_an_API_User_Broken (#491, CO-2640) * Fix ApiUser beforeDelete dependencies * Checkbox in dialog * Handle database exception throw when deleting a record * Add changelog behavior to api user model --- app/Config/Schema/schema.xml | 13 +++++++++++-- app/Controller/StandardController.php | 20 +++++++++++++++++++- app/Model/ApiUser.php | 22 ++++++++++++++-------- app/View/ApiUsers/fields.inc | 2 ++ 4 files changed, 46 insertions(+), 11 deletions(-) diff --git a/app/Config/Schema/schema.xml b/app/Config/Schema/schema.xml index f379f1680..af0d8dc1e 100644 --- a/app/Config/Schema/schema.xml +++ b/app/Config/Schema/schema.xml @@ -450,10 +450,19 @@ - + + REFERENCES cm_api_users(id) + + + + + username - + + + + api_user_id diff --git a/app/Controller/StandardController.php b/app/Controller/StandardController.php index 34be1913e..bfa173950 100644 --- a/app/Controller/StandardController.php +++ b/app/Controller/StandardController.php @@ -440,8 +440,25 @@ function delete($id) { } // Remove the object. + $ret = false; + $dataSource = $model->getDataSource(); + $dataSource->begin(); + try { + $ret = $model->delete($id); + } catch (PDOException $e) { + $dataSource->rollback(); + if(!empty($e->errorInfo[2])) { + $error_split = explode("\n", $e->errorInfo[2]); + foreach ($error_split as $details) { + $this->Flash->set($details, array('key' => 'information')); + } + } else { + $this->Flash->set($e->getMessage(), array('key' => 'error')); + } + } - if($model->delete($id)) { + if($ret) { + $dataSource->commit(); if($this->recordHistory('delete', null, $curdata)) { if($this->request->is('restful')) { $this->Api->restResultHeader(200, "Deleted"); @@ -450,6 +467,7 @@ function delete($id) { } } } else { + $dataSource->rollback(); if($this->request->is('restful')) { $this->Api->restResultHeader(500, "Other Error"); } else { diff --git a/app/Model/ApiUser.php b/app/Model/ApiUser.php index 4bc4df9a9..059e361d6 100644 --- a/app/Model/ApiUser.php +++ b/app/Model/ApiUser.php @@ -42,7 +42,8 @@ class ApiUser extends AppModel { // Default ordering for find operations public $order = array("username"); - public $actsAs = array('Containable'); + public $actsAs = array('Containable', + 'Changelog' => array('priority' => 5)); // Validation rules for table elements public $validate = array( @@ -63,12 +64,7 @@ class ApiUser extends AppModel { 'rule' => array('validateInput'), 'message' => array('Username contains invalid characters.'), 'last' => 'true', - ), - 'unique' => array( - 'rule' => array('isUnique', true), - 'message' => array('API username already in use.'), - 'last' => 'true', - ), + ) ), // This column will be renamed api_key in v5 'password' => array( @@ -146,7 +142,7 @@ public function availableApiUsers($coId) { return $this->find('list', $args); } - /** + /** * Actions to take before a validate operation is executed. * * @since COmanage Registry v3.3.0 @@ -159,6 +155,16 @@ public function beforeValidate($options = array()) $prefix = "co_" . $this->data['ApiUser']['co_id'] . "."; // Prepend the prefix to the username i got from post $this->data['ApiUser']['username'] = $prefix . $this->data['ApiUser']['username']; + + // Check if the username is unique. Since we enabled changelog we need to do it manually + $args = array(); + $args['conditions']['ApiUser.username'] = $this->data['ApiUser']['username']; + $args['contain'] = false; + + if($this->find('count', $args) > 0 + && empty($this->data['ApiUser']["id"])) { + return false; + } } return parent::beforeValidate($options); diff --git a/app/View/ApiUsers/fields.inc b/app/View/ApiUsers/fields.inc index 06b99cf26..ea6e7d64e 100644 --- a/app/View/ApiUsers/fields.inc +++ b/app/View/ApiUsers/fields.inc @@ -267,3 +267,5 @@ +element("changelog"); \ No newline at end of file From d9d9f9e6dfb8350d6709eecbf4950c343c66303c Mon Sep 17 00:00:00 2001 From: Ioannis Igoumenos Date: Mon, 21 Aug 2023 00:51:46 +0300 Subject: [PATCH 12/34] CO-1032_CoPetition_API_Not_Implemented (#499) * CoreAPI Petitions Read * Fetch petition by id. Apply query parameters. --- app/Plugin/CoreApi/Config/routes.php | 24 +++ .../CoreApi/Controller/CoreApiController.php | 25 ++- .../Controller/CoreApiPetitionsController.php | 174 ++++++++++++++++ app/Plugin/CoreApi/Lib/enum.php | 11 +- app/Plugin/CoreApi/Lib/lang.php | 1 + app/Plugin/CoreApi/Model/CoreApi.php | 13 +- app/Plugin/CoreApi/Model/CoreApiPetition.php | 187 ++++++++++++++++++ app/Plugin/CoreApi/View/CoreApiPetitions/json | 1 + app/Plugin/CoreApi/View/CoreApis/fields.inc | 1 + 9 files changed, 421 insertions(+), 16 deletions(-) create mode 100644 app/Plugin/CoreApi/Controller/CoreApiPetitionsController.php create mode 100644 app/Plugin/CoreApi/Model/CoreApiPetition.php create mode 120000 app/Plugin/CoreApi/View/CoreApiPetitions/json diff --git a/app/Plugin/CoreApi/Config/routes.php b/app/Plugin/CoreApi/Config/routes.php index 99c4c661e..b4e1654dd 100644 --- a/app/Plugin/CoreApi/Config/routes.php +++ b/app/Plugin/CoreApi/Config/routes.php @@ -260,6 +260,30 @@ ) ); +// Petitions +// GET https://{{hos}}/registry/api/co/2/core/v1/petitions?limit=20&page=2&direction=desc +// GET https://{{hos}}/registry/api/co/2/core/v1/petitions?status=PA +// GET https://{{hos}}/registry/api/co/2/core/v1/petitions?couid=4 +Router::connect( + '/api/co/:coid/core/v1/petitions', + array( + 'plugin' => 'core_api', + 'controller' => 'CoreApiPetitions', + 'action' => 'index', + '[method]' => 'GET', + ) +); + +Router::connect( + '/api/co/:coid/core/v1/petitions/:id', + array( + 'plugin' => 'core_api', + 'controller' => 'CoreApiPetitions', + 'action' => 'read', + '[method]' => 'GET' + ) +); + // Scoped identifiers are not parsed properly because they are perceived as file extensions // Enable extensions parse to resolve this problem Router::parseExtensions('json', 'xml'); diff --git a/app/Plugin/CoreApi/Controller/CoreApiController.php b/app/Plugin/CoreApi/Controller/CoreApiController.php index 3224cf267..f5fd48c84 100644 --- a/app/Plugin/CoreApi/Controller/CoreApiController.php +++ b/app/Plugin/CoreApi/Controller/CoreApiController.php @@ -174,19 +174,25 @@ public function beforeFilter() { // Which API was requested? $targetedController = str_replace('CoreApi', '', $this->request->params['controller']); $targetedSingular = Inflector::singularize($targetedController); + + $read = defined("CoreApiEnum::{$targetedSingular}Read") + ? constant("CoreApiEnum::{$targetedSingular}Read") : null; + // ApiUsers with Write permission can also read + $write = defined("CoreApiEnum::{$targetedSingular}Write") + ? constant("CoreApiEnum::{$targetedSingular}Write") : null; switch($this->request->params['action']) { case 'read': // Read single record case 'index': // Read all records $args['conditions']['CoreApi.api'] = array( - constant("CoreApiEnum::{$targetedSingular}Read"), + $read, // ApiUsers with Write permission can also read - constant("CoreApiEnum::{$targetedSingular}Write"), + $write, ); break; case 'create': case 'update': case 'delete': - $args['conditions']['CoreApi.api'] = array(constant("CoreApiEnum::{$targetedSingular}Write")); + $args['conditions']['CoreApi.api'] = array($write); break; case 'resolveMatch': $args['conditions']['CoreApi.api'] = CoreApiEnum::MatchCallback; @@ -214,13 +220,6 @@ public function beforeFilter() { $this->response->send(); exit; } - - if($this->request->params['action'] == 'index') { - // Filter/Validate Query parameters - $this->params->query = $this->CoreApi->validateQueryParams($this->params->query); - // Parse query parameters - $this->params->query = $this->CoreApi->parseQueryParams($this->params->query); - } } /** @@ -314,6 +313,12 @@ public function delete() { public function index() { $modelApiName = $this->modelName; $modelMapperName = $this->$modelApiName->mapper; + + // Validate the query parameters + $this->params->query = $this->CoreApi->validateQueryParams($this->params->query); + // Parse query parameters + $this->params->query = $this->CoreApi->parseQueryParams($this->params->query); + try { $query_filters = array(); // Load the default ordering and pagination settings diff --git a/app/Plugin/CoreApi/Controller/CoreApiPetitionsController.php b/app/Plugin/CoreApi/Controller/CoreApiPetitionsController.php new file mode 100644 index 000000000..e9d3748b6 --- /dev/null +++ b/app/Plugin/CoreApi/Controller/CoreApiPetitionsController.php @@ -0,0 +1,174 @@ +modelName; + $modelMapperName = $this->$modelApiName->mapper; + + // Validate the query parameters + $this->params->query = $this->CoreApiPetition->validateQueryParams($this->params->query); + + // Load the default ordering and pagination settings + $this->Paginator->settings = $this->paginate; + $this->Paginator->settings['conditions']["CoPetition.co_id"] = (int)$this->cur_api['CoreApi']['co_id']; + + // Filter by status + if(!empty($this->request->query["status"])) { + $this->Paginator->settings['conditions']["CoPetition.status"] = $this->request->query["status"]; + } + + // Filter by Petition ID + if(!empty($this->request->query["id"]) + || !empty($this->request->params["id"])) { + $this->Paginator->settings['conditions']["CoPetition.id"] = (int)($this->request->query["id"] ?? $this->request->params["id"]); + } + + // Filter by Enrollment Flow + if(!empty($this->request->query["enrollmentflowid"])) { + $this->Paginator->settings['conditions']["CoPetition.co_enrollment_flow_id"] = (int)$this->request->query["enrollmentflowid"]; + } + + // Filter by COU + if(!empty($this->request->query["couid"])) { + $this->Paginator->settings['conditions']['CoPetition.cou_id'] = (int)$this->request->query["couid"]; + } + + // CO Person mappings + $coperson_alias_mapping = array( + "enrollee" => "EnrolleePrimaryName", + "petitioner" => "PetitionerPrimaryName", + "sponsor'"=> "SponsorPrimaryName", + "approver" => "ApproverPrimaryName", + ); + + // Filter by Name + foreach($coperson_alias_mapping as $search_field => $class) { + if(!empty($this->request->query[$search_field])) { + $searchterm = $this->request->query[$search_field]; + $searchterm = strtolower(str_replace(urlencode("/"), "/", $searchterm)); + $this->Paginator->settings['conditions']['AND'][] = array( + 'OR' => array( + 'LOWER('. $class . '.family) LIKE' => '%' . $searchterm . '%', + 'LOWER('. $class . '.given) LIKE' => '%' . $searchterm . '%', + ) + ); + } + } + + // We need all the relational data for the full mode + $this->Paginator->settings['link'] = $this->$modelApiName->index_contains; + + // Query offset + if(!empty($this->request->query['limit'])) { + $this->Paginator->settings['limit'] = $this->request->query['limit']; + } + // Order Direction + if(!empty($this->request->query['direction'])) { + $this->Paginator->settings['order']["CoPetition.id"] = $this->request->query['direction']; + } + // Page + if(!empty($this->request->query['page'])) { + $this->Paginator->settings['page'] = $this->request->query['page']; + } + } + + /** + * Handle a Core API CO People Index API request. + * /api/co/:coid/core/v1/petitions + * + * @since COmanage Registry v4.3.0 + */ + + public function index() { + $modelApiName = $this->modelName; + $modelMapperName = $this->$modelApiName->mapper; + + try { + $this->pullPetitionData(); + $modelObj = $this->Paginator->paginate($modelMapperName); + + $ret = $this->$modelApiName->readV1Index($this->cur_api['CoreApi']['co_id'], $modelObj); + + // Set the results + $this->set('results', $ret); + $this->Api->restResultHeader(200); + } + catch(InvalidArgumentException $e) { + $this->set('results', array('error' => $e->getMessage())); + $this->Api->restResultHeader(404); + } + catch(Exception $e) { + $this->set('results', array('error' => $e->getMessage())); + $this->Api->restResultHeader(500); + } + } + + /** + * Handle a Core API CO People Read API request. + * /api/co/:coid/core/v1/petitions/:id + * + * @since COmanage Registry v4.3.0 + */ + + public function read() { + $modelApiName = $this->modelName; + $modelMapperName = $this->$modelApiName->mapper; + + try { + $this->pullPetitionData(); + $modelObj = $this->Paginator->paginate($modelMapperName); + + $ret = $this->$modelApiName->readV1Index($this->cur_api['CoreApi']['co_id'], $modelObj); + + $this->set('results', $ret); + $this->Api->restResultHeader(200); + } + catch(InvalidArgumentException $e) { + $this->set('results', array('error' => $e->getMessage())); + $this->Api->restResultHeader(404); + } + catch(Exception $e) { + $this->set('results', array('error' => $e->getMessage())); + $this->Api->restResultHeader(500); + } + } + +} diff --git a/app/Plugin/CoreApi/Lib/enum.php b/app/Plugin/CoreApi/Lib/enum.php index 71538ffa0..3a92346ea 100644 --- a/app/Plugin/CoreApi/Lib/enum.php +++ b/app/Plugin/CoreApi/Lib/enum.php @@ -27,14 +27,17 @@ class CoreApiEnum { - const PersonRead = "CR"; - const OrganizationRead = "OR"; + // Read const DepartmentRead = "DR"; + const OrganizationRead = "OR"; + const PersonRead = "CR"; + const PetitionRead = "PR"; + // Write implies Read - const PersonWrite = "CW"; - const OrganizationWrite = "OW"; const DepartmentWrite = "DW"; const MatchCallback = "MC"; + const OrganizationWrite = "OW"; + const PersonWrite = "CW"; } class ResponseTypeEnum diff --git a/app/Plugin/CoreApi/Lib/lang.php b/app/Plugin/CoreApi/Lib/lang.php index 1a162b6a6..afbf12462 100644 --- a/app/Plugin/CoreApi/Lib/lang.php +++ b/app/Plugin/CoreApi/Lib/lang.php @@ -38,6 +38,7 @@ // Enumeration language texts 'pl.coreapi.en.api' => array( + CoreApiEnum::PetitionRead => 'Petition Read API', CoreApiEnum::PersonRead => 'Person Read API', CoreApiEnum::PersonWrite => 'Person Write API', CoreApiEnum::OrganizationRead => 'Organization Read API', diff --git a/app/Plugin/CoreApi/Model/CoreApi.php b/app/Plugin/CoreApi/Model/CoreApi.php index c128b2063..17ddfb9c6 100644 --- a/app/Plugin/CoreApi/Model/CoreApi.php +++ b/app/Plugin/CoreApi/Model/CoreApi.php @@ -46,7 +46,7 @@ class CoreApi extends AppModel { // Currently the dot character is not a valid character for a PHP variable name. So co_person.status // will be transformed to co_person_status. // XXX We are making the convention that the field will be placed last and will be a single word - private $allowed_query_params = array( + protected $allowed_query_params = array( 'limit' => array('integer' => array('range' => array(1, 1001))), 'direction' => array('string' => array('inList' => array(array('asc' , 'desc')))), 'page' => array('integer' => array('comparison' => array('>=', 1))), @@ -125,7 +125,8 @@ class CoreApi extends AppModel { ), 'api' => array( 'content' => array( - 'rule' => array('inList', array(CoreApiEnum::PersonRead, + 'rule' => array('inList', array(CoreApiEnum::PetitionRead, + CoreApiEnum::PersonRead, CoreApiEnum::PersonWrite, CoreApiEnum::OrganizationRead, CoreApiEnum::OrganizationWrite, @@ -413,6 +414,14 @@ protected function filterMetadataOutbound($record, $modelName=null) { 'source_name_id', 'source_org_identity_id', 'source_telephone_number_id', + 'enrollee_org_identity_id', + 'archived_org_identity_id', + 'enrollee_co_person_id', + 'enrollee_co_person_role_id', + 'petitioner_co_person_id', + 'sponsor_co_person_id', + 'approver_co_person_id', + 'co_invite_id', $mfk)) || ($modelName != 'CoGroupMember' && $k == 'co_group_id')) { // Move the value to metadata diff --git a/app/Plugin/CoreApi/Model/CoreApiPetition.php b/app/Plugin/CoreApi/Model/CoreApiPetition.php new file mode 100644 index 000000000..83977f7ba --- /dev/null +++ b/app/Plugin/CoreApi/Model/CoreApiPetition.php @@ -0,0 +1,187 @@ + array('integer' => array('range' => array(1, 1001))), + 'direction' => array('string' => array('inList' => array(array('asc' , 'desc')))), + 'page' => array('integer' => array('comparison' => array('>=', 1))), + 'id' => array('string' => array('custom' => array('/^[0-9]{1,}$/'))), + 'couid' => array('string' => array('custom' => array('/^[0-9]{1,}$/'))), + 'enrollmentflowid' => array('string' => array('custom' => array('/^[0-9]{1,}$/'))), + 'status' => array('string' => array('custom' => array('/^[A-Za-z]{1,10}$/'))), + 'enrollee' => array('string' => array('custom' => array('/^[A-Za-z]{1,10}$/'))), + 'petitioner' => array('string' => array('custom' => array('/^[A-Za-z]{1,10}$/'))), + 'sponsor' => array('string' => array('custom' => array('/^[A-Za-z]{1,10}$/'))), + 'approver' => array('string' => array('custom' => array('/^[A-Za-z]{1,10}$/'))), + ); + + public $index_contains = array( + 'ApproverCoPerson' => array( + 'class' => 'CoPerson', + 'ApproverPrimaryName' => array( + 'class' => 'Name', + 'conditions' => array( + // Linkable behavior doesn't seem to be able to handle multiple joins + // against the same table, so we manually specify the join condition for + // each name. We then have to explicitly filter on primary name so as + // not to produce multiple rows in the join for alternate names the + // CO Person might have. + 'exactly' => 'ApproverPrimaryName.co_person_id = ApproverCoPerson.id AND ApproverPrimaryName.primary_name = true' + ) + ) + ), + 'CoEnrollmentFlow', + 'Cou', + 'EnrolleeCoPerson' => array( + 'class' => 'CoPerson', + 'EnrolleePrimaryName' => array( + 'class' => 'Name', + 'conditions' => array( + 'exactly' => 'EnrolleePrimaryName.co_person_id = EnrolleeCoPerson.id AND EnrolleePrimaryName.primary_name = true') + ) + ), + 'PetitionerCoPerson' => array( + 'class' => 'CoPerson', + 'PetitionerPrimaryName' => array( + 'class' => 'Name', + 'conditions' => array( + 'exactly' => 'PetitionerPrimaryName.co_person_id = PetitionerCoPerson.id AND PetitionerPrimaryName.primary_name = true') + ) + ), + 'SponsorCoPerson' => array( + 'class' => 'CoPerson', + 'SponsorPrimaryName' => array( + 'class' => 'Name', + 'conditions' => array( + 'exactly' => 'SponsorPrimaryName.co_person_id = SponsorCoPerson.id AND SponsorPrimaryName.primary_name = true') + ) + ), + 'CoInvite', + 'VettingRequest' + ); + + public $related_models = array(); + + public $view_contains = array( + 'ApproverCoPerson' => array( + 'class' => 'CoPerson', + 'ApproverPrimaryName' => array( + 'class' => 'Name', + 'conditions' => array( + // Linkable behavior doesn't seem to be able to handle multiple joins + // against the same table, so we manually specify the join condition for + // each name. We then have to explicitly filter on primary name so as + // not to produce multiple rows in the join for alternate names the + // CO Person might have. + 'exactly' => 'ApproverPrimaryName.co_person_id = ApproverCoPerson.id AND ApproverPrimaryName.primary_name = true' + ) + ) + ), + 'CoEnrollmentFlow', + 'Cou', + 'EnrolleeCoPerson' => array( + 'EnrolleePrimaryName' => array( + 'class' => 'Name', + 'conditions' => array( + 'exactly' => 'EnrolleePrimaryName.co_person_id = EnrolleeCoPerson.id AND EnrolleePrimaryName.primary_name = true') + ) + ), + 'PetitionerCoPerson' => array( + 'class' => 'CoPerson', + 'PetitionerPrimaryName' => array( + 'class' => 'Name', + 'conditions' => array( + 'exactly' => 'PetitionerPrimaryName.co_person_id = PetitionerCoPerson.id AND PetitionerPrimaryName.primary_name = true') + ) + ), + 'SponsorCoPerson' => array( + 'class' => 'CoPerson', + 'SponsorPrimaryName' => array( + 'class' => 'Name', + 'conditions' => array( + 'exactly' => 'SponsorPrimaryName.co_person_id = SponsorCoPerson.id AND SponsorPrimaryName.primary_name = true') + ) + ), + 'CoPetitionHistoryRecord' + ); + + /** + * Query Parameters need now transmogrification here. Return the dataset as is. + * + * @since COmanage Registry v4.1.0 + * @param array $queryParams List of query parameters + * @return array + */ + public function parseQueryParams($queryParams) { + return $queryParams; + } + + /** + * Pull a CoPetition record, including associated models. + * + * @since COmanage Registry v4.0.0 + * @param integer $coId CO ID + * @param string $identifier Identifier to query + * @param string $identifierType Identifier type + * @return array Array of CO Person data + * @throws InvalidArgumentException + */ + + protected function pullRecord($coId, $identifier, $identifierType) { + $args = array(); + $args['conditions']['Identifier.identifier'] = $identifier; + $args['conditions']['Identifier.type'] = $identifierType; + $args['conditions']['Identifier.status'] = SuspendableStatusEnum::Active; + $args['conditions']['CoPetition.co_id'] = $coId; + $args['joins'][0]['table'] = 'identifiers'; + $args['joins'][0]['alias'] = 'Identifier'; + $args['joins'][0]['type'] = 'INNER'; + $args['joins'][0]['conditions'][0] = 'Identifier.co_department_id=CoPetition.id'; + // While we're here pull the data we need + $args['contain'] = $this->view_contains; + + // find('first') won't result in two records, though if identifier is not + // unique it's non-deterministic as to which record we'll retrieve. + + $org = $this->Co->CoPetition->find('first', $args); + + if(empty($org)) { + throw new InvalidArgumentException(_txt('er.notfound', array(_txt('ct.identifiers.1'), filter_var($identifier,FILTER_SANITIZE_SPECIAL_CHARS)))); + } + return $org; + } +} \ No newline at end of file diff --git a/app/Plugin/CoreApi/View/CoreApiPetitions/json b/app/Plugin/CoreApi/View/CoreApiPetitions/json new file mode 120000 index 000000000..de2a4e5db --- /dev/null +++ b/app/Plugin/CoreApi/View/CoreApiPetitions/json @@ -0,0 +1 @@ +../CoreApi/json/ \ No newline at end of file diff --git a/app/Plugin/CoreApi/View/CoreApis/fields.inc b/app/Plugin/CoreApi/View/CoreApis/fields.inc index b63141f9b..039917aed 100644 --- a/app/Plugin/CoreApi/View/CoreApis/fields.inc +++ b/app/Plugin/CoreApi/View/CoreApis/fields.inc @@ -76,6 +76,7 @@ function identifier_toggle() { var api = document.getElementById('CoreApiApi').value; var supportedApis = [ + "", "", "", "", From c10f1fccb8776268896010814d59fb0a058ef237 Mon Sep 17 00:00:00 2001 From: Ioannis Igoumenos Date: Tue, 22 Aug 2023 19:24:41 +0300 Subject: [PATCH 13/34] internationalize hardcoded phrase --- app/Lib/lang.php | 1 + app/View/CoJobs/fields.inc | 7 ++++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/app/Lib/lang.php b/app/Lib/lang.php index 61ff85d6a..66775d709 100644 --- a/app/Lib/lang.php +++ b/app/Lib/lang.php @@ -1694,6 +1694,7 @@ 'fd.job.requeue_interval' => 'Requeue Interval', 'fd.job.requeue_interval.desc' => 'After the job successfully completes, it will automatically be requeued to execute after this interval (in seconds). (To stop requeuing, simply cancel this job.)', 'fd.job.requeued_from_co_job_id' => 'Requeued From Job', + 'fd.job.retry.info' => '%1$s out of %2$s', 'fd.job.retry_interval' => 'Retry Interval', 'fd.job.retry_interval.desc' => 'If the job fails, it will automatically be retried after this interval (in seconds). (To stop retrying, simply cancel this job.)', 'fd.job.start_after_time' => 'Start After', diff --git a/app/View/CoJobs/fields.inc b/app/View/CoJobs/fields.inc index 8472a8c44..7532a0375 100644 --- a/app/View/CoJobs/fields.inc +++ b/app/View/CoJobs/fields.inc @@ -234,9 +234,10 @@
From bdb540b6749733c04ab5a9db5326c53a2803ac31 Mon Sep 17 00:00:00 2001 From: Shayna Atkinson Date: Wed, 23 Aug 2023 10:33:16 -0400 Subject: [PATCH 14/34] bump version to 4.3.0 (rc1) --- app/Config/VERSION | 2 +- container/aws/buildspec/aws_buildspec.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/Config/VERSION b/app/Config/VERSION index fae6e3d04..80895903a 100644 --- a/app/Config/VERSION +++ b/app/Config/VERSION @@ -1 +1 @@ -4.2.1 +4.3.0 diff --git a/container/aws/buildspec/aws_buildspec.yml b/container/aws/buildspec/aws_buildspec.yml index 190d19c6f..484d114e0 100644 --- a/container/aws/buildspec/aws_buildspec.yml +++ b/container/aws/buildspec/aws_buildspec.yml @@ -3,7 +3,7 @@ version: 0.2 env: shell: bash variables: - LABEL: "4.2.1" + LABEL: "4.3.0-rc1" exported-variables: - LABEL From 6bd63c2f5a04844ce91b836d161d4822a97b1c4f Mon Sep 17 00:00:00 2001 From: Ioannis Igoumenos Date: Wed, 23 Aug 2023 20:41:27 +0300 Subject: [PATCH 15/34] Update message.json with CoPetition API. Minor fixes. --- app/Plugin/CoreApi/Config/Schema/message.json | 488 +++++++++++++++--- app/Plugin/CoreApi/Model/CoreApi.php | 6 +- 2 files changed, 428 insertions(+), 66 deletions(-) diff --git a/app/Plugin/CoreApi/Config/Schema/message.json b/app/Plugin/CoreApi/Config/Schema/message.json index 699d529aa..c6c0e89b8 100644 --- a/app/Plugin/CoreApi/Config/Schema/message.json +++ b/app/Plugin/CoreApi/Config/Schema/message.json @@ -3,7 +3,7 @@ "$id": "https://github.com/Internet2/comanage-registry/tree/4.0.0/app/Plugin/CoreApi/Config/Schema/message.json", "title": "COmanage Core API Message Format", "description": "COmanage Core API Message Format", - + "definitions": { "meta": { "type": "object", @@ -58,7 +58,7 @@ "additionalProperties": false } }, - + "type": "object", "properties": { "CoPerson": { @@ -89,6 +89,69 @@ "required": [ "co_id", "status" ], "additionalProperties": false }, + "CoDepartment": { + "type": "array", + "items": { + "type": "object", + "properties": { + "meta": { + "$ref": "#/definitions/meta" + }, + "co_id": { + "description": "CO for this Department", + "type": "integer" + }, + "cou_id": { + "description": "COU for this Department", + "type": "integer" + }, + "leadership_co_group_id": { + "description": "Leadership Group for this Department", + "type": "integer" + }, + "administrative_co_group_id": { + "description": "Administrative Group for this Department", + "type": "integer" + }, + "support_co_group_id": { + "description": "Support Group for this Department", + "type": "integer" + }, + "name": { + "description": "Name for this Department", + "type": "string" + }, + "introduction": { + "description": "Introduction for this Department", + "type": "string" + }, + "type": { + "description": "Type for this Department", + "type": "string" + }, + "Address": { + "$ref": "#/properties/CoPersonRole/items/properties/Address" + }, + "AdHocAttribute": { + "$ref": "#/properties/CoPersonRole/items/properties/AdHocAttribute" + }, + "EmailAddress": { + "$ref": "#/properties/EmailAddress" + }, + "Identifier": { + "$ref": "#/properties/Identifier" + }, + "TelephoneNumber": { + "$ref": "#/properties/CoPersonRole/items/properties/TelephoneNumber" + }, + "Url": { + "$ref": "#/properties/Url" + } + }, + "required": ["name", "type"], + "additionalProperties": false + } + }, "CoGroupMember": { "type": "array", "items": { @@ -282,6 +345,364 @@ "additionalProperties": false } }, + "CoPetition": { + "type": "array", + "items": { + "type": "object", + "properties": { + "meta": { + "$ref": "#/definitions/meta" + }, + "co_id": { + "description": "CO for this Petition", + "type": "integer" + }, + "cou_id": { + "description": "COU for this Petition", + "type": "integer" + }, + "authenticated_identifier": { + "description": "Authenticated Identifier for this Petition", + "type": "string" + }, + "petitioner_token": { + "description": "Petitioner Token for this Petition", + "type": "string" + }, + "enrollee_token": { + "description": "Enrollee Token for this Petition", + "type": "string" + }, + "return_url": { + "description": "Return URL for this Petition", + "type": "string" + }, + "status": { + "description": "Petition status", + "type": "string" + }, + "approver_comment": { + "description": "Approver Comment for this Petition", + "type": "string" + }, + "reference_identifier": { + "description": "Petition Reference Identifier", + "type": "string" + }, + "ApproverPrimaryName": { + "$ref": "#/properties/Name" + }, + "CoEnrollmentFlow": { + "type": "array", + "items": { + "type": "object", + "properties": { + "meta": { + "$ref": "#/definitions/meta" + }, + "name": { + "description": "Name for this Enrollment Flow", + "type": "string" + }, + "co_id": { + "description": "CO ID for this Enrollment Flow", + "type": "integer" + }, + "authz_level": { + "description": "Authorization level for this Enrollment Flow", + "type": "string" + }, + "authz_cou_id": { + "description": "Authorization COU ID for this Enrollment Flow", + "type": "integer" + }, + "authz_cou_idauthz_co_group_id": { + "description": "Authorization Group ID for this Enrollment Flow", + "type": "integer" + }, + "match_policy": { + "description": "Match Policy for this Enrollment Flow", + "type": "string" + }, + "match_policy": { + "description": "Match Policy for this Enrollment Flow", + "type": "string" + }, + "approval_required": { + "description": "Approval configuration for this Enrollment Flow", + "type": "boolean" + }, + "approver_co_group_id": { + "description": "Approvers Group for this Enrollment Flow", + "type": "integer" + }, + "verify_email": { + "description": "Verify email configuration for this Enrollment Flow", + "type": "boolean" + }, + "invitation_validity": { + "description": "Invitation validity in minutes for this Enrollment Flow", + "type": "integer" + }, + "require_authn": { + "description": "Require Authentication for this Enrollment Flow", + "type": "integer" + }, + "notification_co_group_id": { + "description": "Groups to Notify for this Enrollment Flow", + "type": "integer" + }, + "status": { + "description": "Enrollment Flow status", + "type": "string" + }, + "notify_from": { + "description": "Notify from for this Enrollment Flow", + "type": "string" + }, + "verification_subject": { + "description": "Email Verification subject for this Enrollment Flow", + "type": "string" + }, + "verification_body": { + "description": "Email Verification body for this Enrollment Flow", + "type": "string" + }, + "notify_on_approval": { + "description": "Notify on approval for this Enrollment Flow", + "type": "boolean" + }, + "approval_subject": { + "description": "Email Approval Subject for this Enrollment Flow", + "type": "string" + }, + "approval_body": { + "description": "Email Approval Body for this Enrollment Flow", + "type": "string" + }, + "introduction_text": { + "description": "Introduction Text for this Enrollment Flow", + "type": "string" + }, + "conclusion_text": { + "description": "Conclusion Text for this Enrollment Flow", + "type": "string" + }, + "t_and_c_mode": { + "description": "Terms and Conditions mode for this Enrollment Flow", + "type": "string" + }, + "redirect_on_submit": { + "description": "Redirect on Submit URL for this Enrollment Flow", + "type": "string" + }, + "redirect_on_confirm": { + "description": "Redirect on Confirm URL for this Enrollment Flow", + "type": "string" + }, + "ignore_authoritative": { + "description": "Ignore Authoritative for this Enrollment Flow", + "type": "boolean" + }, + "duplicate_mode": { + "description": "Duplicate Mode for this Enrollment Flow", + "type": "string" + }, + "email_verification_mode": { + "description": "Email Verification Mode for this Enrollment Flow", + "type": "string" + }, + "verification_template_id": { + "description": "Verification Template ID for this Enrollment Flow", + "type": "integer" + }, + "approval_template_id": { + "description": "Approval Template ID for this Enrollment Flow", + "type": "integer" + }, + "notify_on_finalize": { + "description": "Notify on Finalize for this Enrollment Flow", + "type": "boolean" + }, + "finalization_template_id": { + "description": "Finalization Template ID for this Enrollment Flow", + "type": "integer" + }, + "co_theme_id": { + "description": "CO Theme ID for this Enrollment Flow", + "type": "integer" + }, + "redirect_on_finalize": { + "description": "Redirect On Finalize URL for this Enrollment Flow", + "type": "string" + }, + "my_identity_shortcut": { + "description": "Idetity Shortcut enable for this Enrollment Flow", + "type": "boolean" + }, + "denial_template_id": { + "description": "Denial Template ID for this Enrollment Flow", + "type": "integer" + }, + "establish_authenticators": { + "description": "Establish Authenticators enable for this Enrollment Flow", + "type": "boolean" + }, + "theme_stacking": { + "description": "Theme stacking enable for this Enrollment Flow", + "type": "boolean" + }, + "return_url_allowlist": { + "description": "Return URL whitelist for this Enrollment Flow", + "type": "text" + }, + "establish_cluster_accounts": { + "description": "Establish Cluster accounts enable for this Enrollment Flow", + "type": "boolean" + }, + "enable_person_find": { + "description": "Person find enable for this Enrollment Flow", + "type": "boolean" + }, + "match_server_id": { + "description": "Match Server ID for this Enrollment Flow", + "type": "integer" + }, + "regenerate_expired_verification": { + "description": "Regenarate Expired Verification for this Enrollment Flow", + "type": "boolean" + }, + "request_vetting": { + "description": "Request Vetting for this Enrollment Flow", + "type": "boolean" + }, + "sor_label": { + "description": "SOR Label for this Enrollment Flow", + "type": "string" + }, + "introduction_text_pa": { + "description": "Introduction Text (Petition Form) for this Enrollment Flow", + "type": "string" + }, + "approver_template_id": { + "description": "Approver Template ID for this Enrollment Flow", + "type": "integer" + } + }, + "required": [], + "additionalProperties": false + } + }, + "CoInvite": { + "type": "array", + "items": { + "type": "object", + "properties": { + "meta": { + "$ref": "#/definitions/meta" + }, + "mail": { + "description": "Email for this Invite", + "type": "string" + }, + "email_address_id": { + "description": "Email Address ID for this Invite", + "type": "integer" + }, + "invitation": { + "description": "Invitation for this Invite", + "type": "string" + }, + "expires": { + "description": "Expiration date for this Invite", + "type": "string", + "format": "date-time" + } + }, + "required": [], + "additionalProperties": false + } + }, + "Cou": { + "$ref": "#/properties/Cou" + }, + "EnrolleeCoPerson": { + "$ref": "#/properties/CoPerson" + }, + "EnrolleePrimaryName": { + "$ref": "#/properties/Name" + }, + "PetitionerCoPerson": { + "$ref": "#/properties/CoPerson" + }, + "PetitionerPrimaryName": { + "$ref": "#/properties/Name" + }, + "SponsorCoPerson": { + "$ref": "#/properties/CoPerson" + }, + "SponsorPrimaryName": { + "$ref": "#/properties/Name" + }, + "VettingRequest": { + "type": "array", + "items": { + "type": "object", + "properties": { + "meta": { + "$ref": "#/definitions/meta" + }, + "co_job_id": { + "description": "CO Job ID for this Vetting Request", + "type": "integer" + }, + "vetting_step_id": { + "description": "Vetting Step ID for this Vetting Request", + "type": "integer" + }, + "status": { + "description": "Status for this Vetting Request", + "type": "string" + } + }, + "required": [], + "additionalProperties": false + } + } + }, + "required": [], + "additionalProperties": false + } + }, + "Cou": { + "type": "array", + "items": { + "type": "object", + "properties": { + "meta": { + "$ref": "#/definitions/meta" + }, + "co_id": { + "description": "CO for this Petition", + "type": "integer" + }, + "name": { + "description": "COU Name", + "type": "string" + }, + "description": { + "description": "COU description", + "type": "string" + }, + "parent_id": { + "description": "COU parent node", + "type": "integer" + } + }, + "required": [], + "additionalProperties": false + } + }, "EmailAddress": { "type": "array", "items": { @@ -485,69 +906,6 @@ "additionalProperties": false } }, - "CoDepartment": { - "type": "array", - "items": { - "type": "object", - "properties": { - "meta": { - "$ref": "#/definitions/meta" - }, - "co_id": { - "description": "CO for this Department", - "type": "integer" - }, - "cou_id": { - "description": "COU for this Department", - "type": "integer" - }, - "leadership_co_group_id": { - "description": "Leadership Group for this Department", - "type": "integer" - }, - "administrative_co_group_id": { - "description": "Administrative Group for this Department", - "type": "integer" - }, - "support_co_group_id": { - "description": "Support Group for this Department", - "type": "integer" - }, - "name": { - "description": "Name for this Department", - "type": "string" - }, - "introduction": { - "description": "Introduction for this Department", - "type": "string" - }, - "type": { - "description": "Type for this Department", - "type": "string" - }, - "Address": { - "$ref": "#/properties/CoPersonRole/items/properties/Address" - }, - "AdHocAttribute": { - "$ref": "#/properties/CoPersonRole/items/properties/AdHocAttribute" - }, - "EmailAddress": { - "$ref": "#/properties/EmailAddress" - }, - "Identifier": { - "$ref": "#/properties/Identifier" - }, - "TelephoneNumber": { - "$ref": "#/properties/CoPersonRole/items/properties/TelephoneNumber" - }, - "Url": { - "$ref": "#/properties/Url" - } - }, - "required": ["name", "type"], - "additionalProperties": false - } - }, "Organization": { "type": "array", "items": { diff --git a/app/Plugin/CoreApi/Model/CoreApi.php b/app/Plugin/CoreApi/Model/CoreApi.php index 17ddfb9c6..f42166d2b 100644 --- a/app/Plugin/CoreApi/Model/CoreApi.php +++ b/app/Plugin/CoreApi/Model/CoreApi.php @@ -405,6 +405,8 @@ protected function filterMetadataOutbound($record, $modelName=null) { 'id', 'modified', 'revision', + 'lft', + 'rght', 'co_person_role_id', 'source_ad_hoc_attribute_id', 'source_url_id', @@ -422,6 +424,8 @@ protected function filterMetadataOutbound($record, $modelName=null) { 'sponsor_co_person_id', 'approver_co_person_id', 'co_invite_id', + 'co_enrollment_flow_id', + 'vetting_request_id', $mfk)) || ($modelName != 'CoGroupMember' && $k == 'co_group_id')) { // Move the value to metadata @@ -727,7 +731,7 @@ protected function upsertRecord($coId, // Verify that id is in $currentSet. If it's not, throw an error since // the client can't specify a new ID. - $current = Hash::extract($currentSet, "{n}[id=$id]"); + $current = Hash::extract($currentSet ?? [], "{n}[id=$id]"); if(empty($current)) { throw new InvalidArgumentException(_txt('er.coreapi.id.invalid', array($id))); From f8a34f0c47cf302850a1db78fe6a15f7c2ffc0af Mon Sep 17 00:00:00 2001 From: Scott Koranda Date: Wed, 23 Aug 2023 14:50:27 -0500 Subject: [PATCH 16/34] multi-arch images (CO-2426) --- .../comanage-registry-pipeline-iam.yml | 3 + .../aws/build_pipeline/comanage-registry.yml | 102 ++++++++ .../build_project/comanage-registry-amd64.yml | 42 +++ .../build_project/comanage-registry-arm64.yml | 42 +++ .../comanage-registry-buildnumber.yml | 32 +++ .../comanage-registry-manifest.yml | 39 +++ container/aws/buildspec/aws_buildspec.yml | 111 ++++++-- .../buildspec/aws_buildspec_buildnumber.yml | 10 + .../buildspec}/aws_buildspec_hotfix-4.2.x.yml | 0 .../aws/buildspec/aws_buildspec_manifest.yml | 246 ++++++++++++++++++ 10 files changed, 608 insertions(+), 19 deletions(-) create mode 100644 container/aws/build_pipeline/comanage-registry.yml create mode 100644 container/aws/build_project/comanage-registry-amd64.yml create mode 100644 container/aws/build_project/comanage-registry-arm64.yml create mode 100644 container/aws/build_project/comanage-registry-buildnumber.yml create mode 100644 container/aws/build_project/comanage-registry-manifest.yml create mode 100644 container/aws/buildspec/aws_buildspec_buildnumber.yml rename container/{ => aws/buildspec}/aws_buildspec_hotfix-4.2.x.yml (100%) create mode 100644 container/aws/buildspec/aws_buildspec_manifest.yml diff --git a/container/aws/build_pipeline/comanage-registry-pipeline-iam.yml b/container/aws/build_pipeline/comanage-registry-pipeline-iam.yml index 9f2262123..32d768eb9 100644 --- a/container/aws/build_pipeline/comanage-registry-pipeline-iam.yml +++ b/container/aws/build_pipeline/comanage-registry-pipeline-iam.yml @@ -18,6 +18,9 @@ Resources: - !Sub - "arn:aws:codepipeline:us-east-2:${AWS::AccountId}:${PipelineName}" - PipelineName: !ImportValue comanage-registry-develop-pipeline::PipelineName + - !Sub + - "arn:aws:codepipeline:us-east-2:${AWS::AccountId}:${PipelineName}" + - PipelineName: !ImportValue comanage-registry-pipeline::PipelineName CILogonCOmanagePipelineRunnerRole: Type: AWS::IAM::Role diff --git a/container/aws/build_pipeline/comanage-registry.yml b/container/aws/build_pipeline/comanage-registry.yml new file mode 100644 index 000000000..65ae794e8 --- /dev/null +++ b/container/aws/build_pipeline/comanage-registry.yml @@ -0,0 +1,102 @@ +--- +AWSTemplateFormatVersion: '2010-09-09' +Description: 'CodePipeline pipeline for COmanage Registry container images' + +Resources: + COmanageRegistryPipeline: + Type: AWS::CodePipeline::Pipeline + Properties: + Name: comanage-registry + RestartExecutionOnUpdate: False + RoleArn: arn:aws:iam::495649616520:role/CILogonCOmanagePipelineRole + ArtifactStore: + Type: S3 + Location: cilogon-comanage-registry-pipeline + Stages: + - Name: Source + Actions: + - Name: RegistrySource + ActionTypeId: + Category: Source + Owner: ThirdParty + Provider: GitHub + Version: 1 + RunOrder: 1 + Configuration: + Owner: Internet2 + Repo: comanage-registry + Branch: main + OAuthToken: "{{resolve:secretsmanager:COmanageImagePipelineGitHubOAuthToken:SecretString:token}}" + PollForSourceChanges: "false" + OutputArtifacts: + - Name: RegistrySourceArtifact + Region: us-east-2 + Namespace: SourceVariables + - Name: BuildNumber + Actions: + - Name: Build + ActionTypeId: + Category: Build + Owner: AWS + Provider: CodeBuild + Version: 1 + RunOrder: 1 + Configuration: + ProjectName: comanage-registry-buildnumber + InputArtifacts: + - Name: RegistrySourceArtifact + Region: us-east-2 + Namespace: BuildNumberVariables + - Name: BuildArch + Actions: + - Name: BuildAmd64 + ActionTypeId: + Category: Build + Owner: AWS + Provider: CodeBuild + Version: 1 + RunOrder: 3 + Configuration: + ProjectName: comanage-registry-amd64 + EnvironmentVariables: "[{\"name\":\"COMANAGE_REGISTRY_BUILD_NUMBER\",\"value\":\"#{BuildNumberVariables.CODEBUILD_BUILD_NUMBER}\",\"type\":\"PLAINTEXT\"}]" + InputArtifacts: + - Name: RegistrySourceArtifact + Region: us-east-2 + Namespace: BuildAmd64Variables + - Name: BuildArm64 + ActionTypeId: + Category: Build + Owner: AWS + Provider: CodeBuild + Version: 1 + RunOrder: 3 + Configuration: + ProjectName: comanage-registry-arm64 + EnvironmentVariables: "[{\"name\":\"COMANAGE_REGISTRY_BUILD_NUMBER\",\"value\":\"#{BuildNumberVariables.CODEBUILD_BUILD_NUMBER}\",\"type\":\"PLAINTEXT\"}]" + InputArtifacts: + - Name: RegistrySourceArtifact + Region: us-east-2 + Namespace: BuildArm64Variables + - Name: BuildManifest + Actions: + - Name: Build + ActionTypeId: + Category: Build + Owner: AWS + Provider: CodeBuild + Version: 1 + RunOrder: 4 + Configuration: + ProjectName: comanage-registry-manifest + EnvironmentVariables: "[{\"name\":\"COMANAGE_REGISTRY_BUILD_NUMBER\",\"value\":\"#{BuildNumberVariables.CODEBUILD_BUILD_NUMBER}\",\"type\":\"PLAINTEXT\"}]" + InputArtifacts: + - Name: RegistrySourceArtifact + Region: us-east-2 + Namespace: BuildManifestVariables + +Outputs: + COmanageRegistryPipelineName: + Value: !Ref COmanageRegistryPipeline + Export: + Name: + Fn::Sub: "${AWS::StackName}::PipelineName" diff --git a/container/aws/build_project/comanage-registry-amd64.yml b/container/aws/build_project/comanage-registry-amd64.yml new file mode 100644 index 000000000..01aaca6f3 --- /dev/null +++ b/container/aws/build_project/comanage-registry-amd64.yml @@ -0,0 +1,42 @@ +--- +AWSTemplateFormatVersion: '2010-09-09' +Description: 'CodeBuild project for COmanage Registry AMD64' + +Resources: + COmanageRegistryBuildProjectAMD64: + Type: AWS::CodeBuild::Project + Properties: + Name: comanage-registry-amd64 + Source: + Type: CODEPIPELINE + BuildSpec: container/aws/buildspec/aws_buildspec.yml + Artifacts: + Type: CODEPIPELINE + Cache: + Type: NO_CACHE + Environment: + Type: LINUX_CONTAINER + Image: aws/codebuild/standard:7.0 + ComputeType: BUILD_GENERAL1_SMALL + PrivilegedMode: True + ImagePullCredentialsType: CODEBUILD + EnvironmentVariables: + - Name: HUB_DOCKER_COM_TOKEN + Value: "{{resolve:secretsmanager:COmanageImagePipelineHubDockerComToken:SecretString:token}}" + Type: PLAINTEXT + - Name: GITHUB_COM_TOKEN + Value: "{{resolve:secretsmanager:COmanageImagePipelineGitHubOAuthToken:SecretString:token}}" + Type: PLAINTEXT + - Name: ARCH + Value: amd64 + Type: PLAINTEXT + ServiceRole: arn:aws:iam::495649616520:role/CilogonBuildComanagePublicContainerImage + TimeoutInMinutes: 60 + QueuedTimeoutInMinutes: 480 + EncryptionKey: arn:aws:kms:us-east-2:495649616520:alias/aws/s3 + BadgeEnabled: False + LogsConfig: + CloudWatchLogs: + Status: ENABLED + GroupName: /aws/codebuild/comanage + StreamName: registry-amd64 diff --git a/container/aws/build_project/comanage-registry-arm64.yml b/container/aws/build_project/comanage-registry-arm64.yml new file mode 100644 index 000000000..57c83bf11 --- /dev/null +++ b/container/aws/build_project/comanage-registry-arm64.yml @@ -0,0 +1,42 @@ +--- +AWSTemplateFormatVersion: '2010-09-09' +Description: 'CodeBuild project for COmanage Registry ARM64' + +Resources: + COmanageRegistryBuildProjectARM64: + Type: AWS::CodeBuild::Project + Properties: + Name: comanage-registry-arm64 + Source: + Type: CODEPIPELINE + BuildSpec: container/aws/buildspec/aws_buildspec.yml + Artifacts: + Type: CODEPIPELINE + Cache: + Type: NO_CACHE + Environment: + Type: ARM_CONTAINER + Image: aws/codebuild/amazonlinux2-aarch64-standard:3.0 + ComputeType: BUILD_GENERAL1_SMALL + PrivilegedMode: True + ImagePullCredentialsType: CODEBUILD + EnvironmentVariables: + - Name: HUB_DOCKER_COM_TOKEN + Value: "{{resolve:secretsmanager:COmanageImagePipelineHubDockerComToken:SecretString:token}}" + Type: PLAINTEXT + - Name: GITHUB_COM_TOKEN + Value: "{{resolve:secretsmanager:COmanageImagePipelineGitHubOAuthToken:SecretString:token}}" + Type: PLAINTEXT + - Name: ARCH + Value: arm64 + Type: PLAINTEXT + ServiceRole: arn:aws:iam::495649616520:role/CilogonBuildComanagePublicContainerImage + TimeoutInMinutes: 55 + QueuedTimeoutInMinutes: 480 + EncryptionKey: arn:aws:kms:us-east-2:495649616520:alias/aws/s3 + BadgeEnabled: False + LogsConfig: + CloudWatchLogs: + Status: ENABLED + GroupName: /aws/codebuild/comanage + StreamName: registry-arm64 diff --git a/container/aws/build_project/comanage-registry-buildnumber.yml b/container/aws/build_project/comanage-registry-buildnumber.yml new file mode 100644 index 000000000..8da7e4c86 --- /dev/null +++ b/container/aws/build_project/comanage-registry-buildnumber.yml @@ -0,0 +1,32 @@ +--- +AWSTemplateFormatVersion: '2010-09-09' +Description: 'CodeBuild project for COmanage Registry build number' + +Resources: + COmanageRegistryBuildProjectBuildNumber: + Type: AWS::CodeBuild::Project + Properties: + Name: comanage-registry-buildnumber + Source: + Type: CODEPIPELINE + BuildSpec: container/aws/buildspec/aws_buildspec_buildnumber.yml + Artifacts: + Type: CODEPIPELINE + Cache: + Type: NO_CACHE + Environment: + Type: LINUX_CONTAINER + Image: aws/codebuild/standard:7.0 + ComputeType: BUILD_GENERAL1_SMALL + PrivilegedMode: True + ImagePullCredentialsType: CODEBUILD + ServiceRole: arn:aws:iam::495649616520:role/CilogonBuildComanagePublicContainerImage + TimeoutInMinutes: 60 + QueuedTimeoutInMinutes: 480 + EncryptionKey: arn:aws:kms:us-east-2:495649616520:alias/aws/s3 + BadgeEnabled: False + LogsConfig: + CloudWatchLogs: + Status: ENABLED + GroupName: /aws/codebuild/comanage + StreamName: registry-buildnumber diff --git a/container/aws/build_project/comanage-registry-manifest.yml b/container/aws/build_project/comanage-registry-manifest.yml new file mode 100644 index 000000000..bad406642 --- /dev/null +++ b/container/aws/build_project/comanage-registry-manifest.yml @@ -0,0 +1,39 @@ +--- +AWSTemplateFormatVersion: '2010-09-09' +Description: 'CodeBuild project for COmanage Registry manifest' + +Resources: + COmanageRegistryBuildProjectManifest: + Type: AWS::CodeBuild::Project + Properties: + Name: comanage-registry-manifest + Source: + Type: CODEPIPELINE + BuildSpec: container/aws/buildspec/aws_buildspec_manifest.yml + Artifacts: + Type: CODEPIPELINE + Cache: + Type: NO_CACHE + Environment: + Type: LINUX_CONTAINER + Image: aws/codebuild/standard:7.0 + ComputeType: BUILD_GENERAL1_SMALL + PrivilegedMode: True + ImagePullCredentialsType: CODEBUILD + EnvironmentVariables: + - Name: HUB_DOCKER_COM_TOKEN + Value: "{{resolve:secretsmanager:COmanageImagePipelineHubDockerComToken:SecretString:token}}" + Type: PLAINTEXT + - Name: GITHUB_COM_TOKEN + Value: "{{resolve:secretsmanager:COmanageImagePipelineGitHubOAuthToken:SecretString:token}}" + Type: PLAINTEXT + ServiceRole: arn:aws:iam::495649616520:role/CilogonBuildComanagePublicContainerImage + TimeoutInMinutes: 55 + QueuedTimeoutInMinutes: 480 + EncryptionKey: arn:aws:kms:us-east-2:495649616520:alias/aws/s3 + BadgeEnabled: False + LogsConfig: + CloudWatchLogs: + Status: ENABLED + GroupName: /aws/codebuild/comanage + StreamName: registry-manifest diff --git a/container/aws/buildspec/aws_buildspec.yml b/container/aws/buildspec/aws_buildspec.yml index 484d114e0..369d15042 100644 --- a/container/aws/buildspec/aws_buildspec.yml +++ b/container/aws/buildspec/aws_buildspec.yml @@ -19,27 +19,100 @@ phases: build: commands: - echo Build started on `date` - - container/build.sh --image_registry=public.ecr.aws --repository=u0z2s2z8 --label=$LABEL --suffix=$CODEBUILD_BUILD_NUMBER registry all - - container/build.sh --image_registry=docker.io --repository=comanageproject --label=$LABEL --suffix=$CODEBUILD_BUILD_NUMBER registry all - - container/build.sh --image_registry=ghcr.io --repository=cilogon --label=$LABEL --suffix=$CODEBUILD_BUILD_NUMBER registry all - - container/build.sh --image_registry=public.ecr.aws --repository=u0z2s2z8 --label=$LABEL --suffix=$CODEBUILD_BUILD_NUMBER crond - - container/build.sh --image_registry=docker.io --repository=comanageproject --label=$LABEL --suffix=$CODEBUILD_BUILD_NUMBER crond - - container/build.sh --image_registry=ghcr.io --repository=cilogon --label=$LABEL --suffix=$CODEBUILD_BUILD_NUMBER crond + # Build all registry and crond images for AWS repository + - container/build.sh --image_registry=public.ecr.aws --repository=u0z2s2z8 --label=$LABEL --suffix=$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH registry all + - container/build.sh --image_registry=public.ecr.aws --repository=u0z2s2z8 --label=$LABEL --suffix=$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH crond + # Copy the basic-auth tag to a comanage-registry-basic-auth image with full tag and also latest tag + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:latest-$ARCH + # Copy the mod_auth_openidc tag to a comanage-registry-mod_auth_openidc image with full tag and also latest tag + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:latest-$ARCH + # Copy the shibboleth-sp-supervisor tag to a comanage-registry-shibboleth-sp-supervisor image with full tag and also latest tag + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:latest-$ARCH + # Copy the cron image to a latest tag + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH public.ecr.aws/u0z2s2z8/comanage-registry-cron:latest-$ARCH + # Copy the AWS images to DockerHub images + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH docker.io/comanageproject/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH docker.io/comanageproject/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:latest-$ARCH docker.io/comanageproject/comanage-registry-basic-auth:latest-$ARCH + # + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH docker.io/comanageproject/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH docker.io/comanageproject/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:latest-$ARCH docker.io/comanageproject/comanage-registry-mod_auth_openidc:latest-$ARCH + # + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH docker.io/comanageproject/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:latest-$ARCH docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:latest-$ARCH + # + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH docker.io/comanageproject/comanage-registry-cron:latest-$ARCH + # Copy the AWS images to GitHub images + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH ghcr.io/cilogon/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH ghcr.io/cilogon/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:latest-$ARCH ghcr.io/cilogon/comanage-registry-basic-auth:latest-$ARCH + # + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH ghcr.io/cilogon/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH ghcr.io/cilogon/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:latest-$ARCH ghcr.io/cilogon/comanage-registry-mod_auth_openidc:latest-$ARCH + # + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH ghcr.io/cilogon/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:latest-$ARCH ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:latest-$ARCH + # + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker tag public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH ghcr.io/cilogon/comanage-registry-cron:latest-$ARCH post_build: commands: - echo Build completed on `date` - echo Pushing the Docker images to AWS public repository... - - docker push public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-basic-auth-$CODEBUILD_BUILD_NUMBER - - docker push public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-mod_auth_openidc-$CODEBUILD_BUILD_NUMBER - - docker push public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-shibboleth-sp-supervisor-$CODEBUILD_BUILD_NUMBER - - docker push public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$CODEBUILD_BUILD_NUMBER - - echo Pushing the Docker images to Docker Hub public repository... - - docker push docker.io/comanageproject/comanage-registry:$LABEL-basic-auth-$CODEBUILD_BUILD_NUMBER - - docker push docker.io/comanageproject/comanage-registry:$LABEL-mod_auth_openidc-$CODEBUILD_BUILD_NUMBER - - docker push docker.io/comanageproject/comanage-registry:$LABEL-shibboleth-sp-supervisor-$CODEBUILD_BUILD_NUMBER - - docker push docker.io/comanageproject/comanage-registry-cron:$LABEL-$CODEBUILD_BUILD_NUMBER + # + - docker push public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker push public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker push public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:latest-$ARCH + # + - docker push public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker push public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker push public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:latest-$ARCH + # + - docker push public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker push public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker push public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:latest-$ARCH + # + - docker push public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker push public.ecr.aws/u0z2s2z8/comanage-registry-cron:latest-$ARCH + # + - echo Pushing the Docker images to DockerHub public repository... + # + - docker push docker.io/comanageproject/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker push docker.io/comanageproject/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker push docker.io/comanageproject/comanage-registry-basic-auth:latest-$ARCH + # + - docker push docker.io/comanageproject/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker push docker.io/comanageproject/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker push docker.io/comanageproject/comanage-registry-mod_auth_openidc:latest-$ARCH + # + - docker push docker.io/comanageproject/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker push docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker push docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:latest-$ARCH + # + - docker push docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker push docker.io/comanageproject/comanage-registry-cron:latest-$ARCH + # - echo Pushing the Docker images to GitHub public repository... - - docker push ghcr.io/cilogon/comanage-registry:$LABEL-basic-auth-$CODEBUILD_BUILD_NUMBER - - docker push ghcr.io/cilogon/comanage-registry:$LABEL-mod_auth_openidc-$CODEBUILD_BUILD_NUMBER - - docker push ghcr.io/cilogon/comanage-registry:$LABEL-shibboleth-sp-supervisor-$CODEBUILD_BUILD_NUMBER - - docker push ghcr.io/cilogon/comanage-registry-cron:$LABEL-$CODEBUILD_BUILD_NUMBER + # + - docker push ghcr.io/cilogon/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker push ghcr.io/cilogon/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker push ghcr.io/cilogon/comanage-registry-basic-auth:latest-$ARCH + # + - docker push ghcr.io/cilogon/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker push ghcr.io/cilogon/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker push ghcr.io/cilogon/comanage-registry-mod_auth_openidc:latest-$ARCH + # + - docker push ghcr.io/cilogon/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker push ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker push ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:latest-$ARCH + # + - docker push ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH + - docker push ghcr.io/cilogon/comanage-registry-cron:latest-$ARCH diff --git a/container/aws/buildspec/aws_buildspec_buildnumber.yml b/container/aws/buildspec/aws_buildspec_buildnumber.yml new file mode 100644 index 000000000..8a70b948e --- /dev/null +++ b/container/aws/buildspec/aws_buildspec_buildnumber.yml @@ -0,0 +1,10 @@ +version: 0.2 + +env: + exported-variables: + - CODEBUILD_BUILD_NUMBER + +phases: + build: + commands: + - echo COmanage Registry build number is $CODEBUILD_BUILD_NUMBER diff --git a/container/aws_buildspec_hotfix-4.2.x.yml b/container/aws/buildspec/aws_buildspec_hotfix-4.2.x.yml similarity index 100% rename from container/aws_buildspec_hotfix-4.2.x.yml rename to container/aws/buildspec/aws_buildspec_hotfix-4.2.x.yml diff --git a/container/aws/buildspec/aws_buildspec_manifest.yml b/container/aws/buildspec/aws_buildspec_manifest.yml new file mode 100644 index 000000000..0236c6601 --- /dev/null +++ b/container/aws/buildspec/aws_buildspec_manifest.yml @@ -0,0 +1,246 @@ +version: 0.2 + +env: + shell: bash + variables: + LABEL: "4.3.0-rc1" + exported-variables: + - LABEL + +phases: + pre_build: + commands: + - echo Logging in to Amazon ECR... + - aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/u0z2s2z8 + - echo Logging in to Docker Hub + - echo $HUB_DOCKER_COM_TOKEN | docker login --username skoranda --password-stdin + - echo Logging in to GitHub + - echo $GITHUB_COM_TOKEN | docker login ghcr.io --username skoranda --password-stdin + build: + commands: + - echo Build started on `date` + - echo Building and pushing the Docker manifests to AWS... + # + - docker manifest create public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:latest-amd64 public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:latest-arm64 + - docker manifest annotate --arch amd64 public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:latest-amd64 + - docker manifest annotate --arch arm64 public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:latest-arm64 + - docker manifest push public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth + - docker manifest rm public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth + # + - docker manifest create public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:latest-amd64 public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:latest-arm64 + - docker manifest annotate --arch amd64 public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:latest-amd64 + - docker manifest annotate --arch arm64 public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:latest-arm64 + - docker manifest push public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc + - docker manifest rm public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc + # + - docker manifest create public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:latest-amd64 public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:latest-arm64 + - docker manifest annotate --arch amd64 public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:latest-amd64 + - docker manifest annotate --arch arm64 public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:latest-arm64 + - docker manifest push public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor + - docker manifest rm public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor + # + - docker manifest create public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create public.ecr.aws/u0z2s2z8/comanage-registry-cron public.ecr.aws/u0z2s2z8/comanage-registry-cron:latest-amd64 public.ecr.aws/u0z2s2z8/comanage-registry-cron:latest-arm64 + - docker manifest annotate --arch amd64 public.ecr.aws/u0z2s2z8/comanage-registry-cron public.ecr.aws/u0z2s2z8/comanage-registry-cron:latest-amd64 + - docker manifest annotate --arch arm64 public.ecr.aws/u0z2s2z8/comanage-registry-cron public.ecr.aws/u0z2s2z8/comanage-registry-cron:latest-arm64 + - docker manifest push public.ecr.aws/u0z2s2z8/comanage-registry-cron + - docker manifest rm public.ecr.aws/u0z2s2z8/comanage-registry-cron + # + - echo Building and pushing the Docker manifests to DockerHub... + # + - docker manifest create docker.io/comanageproject/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 docker.io/comanageproject/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 docker.io/comanageproject/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 docker.io/comanageproject/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push docker.io/comanageproject/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm docker.io/comanageproject/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create docker.io/comanageproject/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 docker.io/comanageproject/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 docker.io/comanageproject/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 docker.io/comanageproject/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push docker.io/comanageproject/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm docker.io/comanageproject/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create docker.io/comanageproject/comanage-registry-basic-auth docker.io/comanageproject/comanage-registry-basic-auth:latest-amd64 docker.io/comanageproject/comanage-registry-basic-auth:latest-arm64 + - docker manifest annotate --arch amd64 docker.io/comanageproject/comanage-registry-basic-auth docker.io/comanageproject/comanage-registry-basic-auth:latest-amd64 + - docker manifest annotate --arch arm64 docker.io/comanageproject/comanage-registry-basic-auth docker.io/comanageproject/comanage-registry-basic-auth:latest-arm64 + - docker manifest push docker.io/comanageproject/comanage-registry-basic-auth + - docker manifest rm docker.io/comanageproject/comanage-registry-basic-auth + # + - docker manifest create docker.io/comanageproject/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 docker.io/comanageproject/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 docker.io/comanageproject/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 docker.io/comanageproject/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push docker.io/comanageproject/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm docker.io/comanageproject/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create docker.io/comanageproject/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 docker.io/comanageproject/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 docker.io/comanageproject/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 docker.io/comanageproject/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push docker.io/comanageproject/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm docker.io/comanageproject/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create docker.io/comanageproject/comanage-registry-mod_auth_openidc docker.io/comanageproject/comanage-registry-mod_auth_openidc:latest-amd64 docker.io/comanageproject/comanage-registry-mod_auth_openidc:latest-arm64 + - docker manifest annotate --arch amd64 docker.io/comanageproject/comanage-registry-mod_auth_openidc docker.io/comanageproject/comanage-registry-mod_auth_openidc:latest-amd64 + - docker manifest annotate --arch arm64 docker.io/comanageproject/comanage-registry-mod_auth_openidc docker.io/comanageproject/comanage-registry-mod_auth_openidc:latest-arm64 + - docker manifest push docker.io/comanageproject/comanage-registry-mod_auth_openidc + - docker manifest rm docker.io/comanageproject/comanage-registry-mod_auth_openidc + # + - docker manifest create docker.io/comanageproject/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 docker.io/comanageproject/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 docker.io/comanageproject/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 docker.io/comanageproject/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push docker.io/comanageproject/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm docker.io/comanageproject/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:latest-amd64 docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:latest-arm64 + - docker manifest annotate --arch amd64 docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:latest-amd64 + - docker manifest annotate --arch arm64 docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:latest-arm64 + - docker manifest push docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor + - docker manifest rm docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor + # + - docker manifest create docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create docker.io/comanageproject/comanage-registry-cron docker.io/comanageproject/comanage-registry-cron:latest-amd64 docker.io/comanageproject/comanage-registry-cron:latest-arm64 + - docker manifest annotate --arch amd64 docker.io/comanageproject/comanage-registry-cron docker.io/comanageproject/comanage-registry-cron:latest-amd64 + - docker manifest annotate --arch arm64 docker.io/comanageproject/comanage-registry-cron docker.io/comanageproject/comanage-registry-cron:latest-arm64 + - docker manifest push docker.io/comanageproject/comanage-registry-cron + - docker manifest rm docker.io/comanageproject/comanage-registry-cron + # + - echo Building and pushing the Docker manifests to GitHub... + # + - docker manifest create ghcr.io/cilogon/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 ghcr.io/cilogon/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 ghcr.io/cilogon/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 ghcr.io/cilogon/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push ghcr.io/cilogon/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm ghcr.io/cilogon/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create ghcr.io/cilogon/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 ghcr.io/cilogon/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 ghcr.io/cilogon/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 ghcr.io/cilogon/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push ghcr.io/cilogon/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm ghcr.io/cilogon/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create ghcr.io/cilogon/comanage-registry-basic-auth ghcr.io/cilogon/comanage-registry-basic-auth:latest-amd64 ghcr.io/cilogon/comanage-registry-basic-auth:latest-arm64 + - docker manifest annotate --arch amd64 ghcr.io/cilogon/comanage-registry-basic-auth ghcr.io/cilogon/comanage-registry-basic-auth:latest-amd64 + - docker manifest annotate --arch arm64 ghcr.io/cilogon/comanage-registry-basic-auth ghcr.io/cilogon/comanage-registry-basic-auth:latest-arm64 + - docker manifest push ghcr.io/cilogon/comanage-registry-basic-auth + - docker manifest rm ghcr.io/cilogon/comanage-registry-basic-auth + # + - docker manifest create ghcr.io/cilogon/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 ghcr.io/cilogon/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 ghcr.io/cilogon/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 ghcr.io/cilogon/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push ghcr.io/cilogon/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm ghcr.io/cilogon/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create ghcr.io/cilogon/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 ghcr.io/cilogon/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 ghcr.io/cilogon/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 ghcr.io/cilogon/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push ghcr.io/cilogon/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm ghcr.io/cilogon/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create ghcr.io/cilogon/comanage-registry-mod_auth_openidc ghcr.io/cilogon/comanage-registry-mod_auth_openidc:latest-amd64 ghcr.io/cilogon/comanage-registry-mod_auth_openidc:latest-arm64 + - docker manifest annotate --arch amd64 ghcr.io/cilogon/comanage-registry-mod_auth_openidc ghcr.io/cilogon/comanage-registry-mod_auth_openidc:latest-amd64 + - docker manifest annotate --arch arm64 ghcr.io/cilogon/comanage-registry-mod_auth_openidc ghcr.io/cilogon/comanage-registry-mod_auth_openidc:latest-arm64 + - docker manifest push ghcr.io/cilogon/comanage-registry-mod_auth_openidc + - docker manifest rm ghcr.io/cilogon/comanage-registry-mod_auth_openidc + # + - docker manifest create ghcr.io/cilogon/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 ghcr.io/cilogon/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 ghcr.io/cilogon/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 ghcr.io/cilogon/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push ghcr.io/cilogon/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm ghcr.io/cilogon/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:latest-amd64 ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:latest-arm64 + - docker manifest annotate --arch amd64 ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:latest-amd64 + - docker manifest annotate --arch arm64 ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:latest-arm64 + - docker manifest push ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor + - docker manifest rm ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor + # + - docker manifest create ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create ghcr.io/cilogon/comanage-registry-cron ghcr.io/cilogon/comanage-registry-cron:latest-amd64 ghcr.io/cilogon/comanage-registry-cron:latest-arm64 + - docker manifest annotate --arch amd64 ghcr.io/cilogon/comanage-registry-cron ghcr.io/cilogon/comanage-registry-cron:latest-amd64 + - docker manifest annotate --arch arm64 ghcr.io/cilogon/comanage-registry-cron ghcr.io/cilogon/comanage-registry-cron:latest-arm64 + - docker manifest push ghcr.io/cilogon/comanage-registry-cron + - docker manifest rm ghcr.io/cilogon/comanage-registry-cron + + post_build: + commands: + - echo Build completed on `date` From 63a65400457a7ac0642a96ccfb714f130d0ac718 Mon Sep 17 00:00:00 2001 From: Benn Oshrin Date: Thu, 24 Aug 2023 16:43:01 -0400 Subject: [PATCH 17/34] Fix SqlSource Errors (CO-2693) --- app/AvailablePlugin/SqlSource/Lib/lang.php | 6 ++--- .../SqlSource/Model/SqlSource.php | 6 +++-- .../SqlSource/Model/SqlSourceBackend.php | 24 ++++++++++++------- 3 files changed, 21 insertions(+), 15 deletions(-) diff --git a/app/AvailablePlugin/SqlSource/Lib/lang.php b/app/AvailablePlugin/SqlSource/Lib/lang.php index ae1755841..d6f095133 100644 --- a/app/AvailablePlugin/SqlSource/Lib/lang.php +++ b/app/AvailablePlugin/SqlSource/Lib/lang.php @@ -42,11 +42,9 @@ SqlSourceTableModeEnum::Relational => 'Relational Tables' ), - /* // Error messages - 'er.sqlsource.placeholder' => 'Placeholder', - */ - + 'er.sqlsource.source_table' => 'Source Table Name must consist only of alphanumeric characters, dots, dashes, and underscores', + // Plugin texts 'pl.sqlsource.source_table' => 'Source Table', 'pl.sqlsource.table_mode' => 'Table Mode', diff --git a/app/AvailablePlugin/SqlSource/Model/SqlSource.php b/app/AvailablePlugin/SqlSource/Model/SqlSource.php index 1b4dd4834..b39a55f94 100644 --- a/app/AvailablePlugin/SqlSource/Model/SqlSource.php +++ b/app/AvailablePlugin/SqlSource/Model/SqlSource.php @@ -67,9 +67,11 @@ class SqlSource extends AppModel { // We need to constrain the table name here not just for SQL conformance // but because SqlSourceBackend will construct raw SQL queries using the // source_table name. - 'rule' => '/^[a-zA-Z0-9\-\.]+$/', +// Commit with PMO 1156 + 'rule' => '/^[a-zA-Z0-9_\-\.]+$/', 'required' => true, - 'allowEmpty' => false + 'allowEmpty' => false, + 'message' => 'Source Table Name must consist only of alphanumeric characters, dots, dashes, and underscores' ), 'server_id' => array( 'content' => array( diff --git a/app/AvailablePlugin/SqlSource/Model/SqlSourceBackend.php b/app/AvailablePlugin/SqlSource/Model/SqlSourceBackend.php index e141efef7..e4dada3fa 100644 --- a/app/AvailablePlugin/SqlSource/Model/SqlSourceBackend.php +++ b/app/AvailablePlugin/SqlSource/Model/SqlSourceBackend.php @@ -85,21 +85,27 @@ protected function getAdHocAttributes() { ); // Introspect the inbound attributes - $SourceRecord = $this->getRecordModel(); - - $columnTypes = $SourceRecord->getColumnTypes(); + try { + $SourceRecord = $this->getRecordModel(); + + $columnTypes = $SourceRecord->getColumnTypes(); + } + catch(MissingTableException $e) { + // If there is no AdHocAttribute table just return an empty array + return array(); + } return array_diff(array_keys($columnTypes), $standardAttrs); } else { // In Relational mode, we pull the unique tags - $AdHoc = $this->getRecordModel('AdHocAttribute'); - - $args = array(); - $args['fields'] = 'DISTINCT '.$AdHoc->alias.'.tag'; - $args['contain'] = false; - try { + $AdHoc = $this->getRecordModel('AdHocAttribute'); + + $args = array(); + $args['fields'] = 'DISTINCT '.$AdHoc->alias.'.tag'; + $args['contain'] = false; + // find('list') would make more sense but because of the nature of our // query doesn't work so well $tags = $AdHoc->find('all', $args); From 9c60d641c46637360201eb801ce6669953aa6d3d Mon Sep 17 00:00:00 2001 From: Scott Koranda Date: Fri, 25 Aug 2023 12:17:35 -0500 Subject: [PATCH 18/34] Additional commit for multi-arch image (CO-2426) --- container/aws/build_pipeline/comanage-registry.yml | 6 +++--- container/aws/buildspec/aws_buildspec.yml | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/container/aws/build_pipeline/comanage-registry.yml b/container/aws/build_pipeline/comanage-registry.yml index 65ae794e8..61ae7655b 100644 --- a/container/aws/build_pipeline/comanage-registry.yml +++ b/container/aws/build_pipeline/comanage-registry.yml @@ -55,7 +55,7 @@ Resources: Owner: AWS Provider: CodeBuild Version: 1 - RunOrder: 3 + RunOrder: 1 Configuration: ProjectName: comanage-registry-amd64 EnvironmentVariables: "[{\"name\":\"COMANAGE_REGISTRY_BUILD_NUMBER\",\"value\":\"#{BuildNumberVariables.CODEBUILD_BUILD_NUMBER}\",\"type\":\"PLAINTEXT\"}]" @@ -69,7 +69,7 @@ Resources: Owner: AWS Provider: CodeBuild Version: 1 - RunOrder: 3 + RunOrder: 1 Configuration: ProjectName: comanage-registry-arm64 EnvironmentVariables: "[{\"name\":\"COMANAGE_REGISTRY_BUILD_NUMBER\",\"value\":\"#{BuildNumberVariables.CODEBUILD_BUILD_NUMBER}\",\"type\":\"PLAINTEXT\"}]" @@ -85,7 +85,7 @@ Resources: Owner: AWS Provider: CodeBuild Version: 1 - RunOrder: 4 + RunOrder: 1 Configuration: ProjectName: comanage-registry-manifest EnvironmentVariables: "[{\"name\":\"COMANAGE_REGISTRY_BUILD_NUMBER\",\"value\":\"#{BuildNumberVariables.CODEBUILD_BUILD_NUMBER}\",\"type\":\"PLAINTEXT\"}]" diff --git a/container/aws/buildspec/aws_buildspec.yml b/container/aws/buildspec/aws_buildspec.yml index 369d15042..66e4f46d2 100644 --- a/container/aws/buildspec/aws_buildspec.yml +++ b/container/aws/buildspec/aws_buildspec.yml @@ -19,6 +19,9 @@ phases: build: commands: - echo Build started on `date` + # Clone the repository + - git clone https://skoranda:$GITHUB_COM_TOKEN@github.com/Internet2/comanage-registry.git + - cd comanage-registry # Build all registry and crond images for AWS repository - container/build.sh --image_registry=public.ecr.aws --repository=u0z2s2z8 --label=$LABEL --suffix=$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH registry all - container/build.sh --image_registry=public.ecr.aws --repository=u0z2s2z8 --label=$LABEL --suffix=$COMANAGE_REGISTRY_BUILD_NUMBER-$ARCH crond From ac25a0cdc9263f12169cdf4b8c2b652d80312ad9 Mon Sep 17 00:00:00 2001 From: Ioannis Igoumenos Date: Sun, 27 Aug 2023 11:13:03 +0300 Subject: [PATCH 19/34] Default REMOTE_USER identifier type set to ePPN --- .../Controller/DuplicateCheckEnrollerCoPetitionsController.php | 2 +- app/AvailablePlugin/DuplicateCheckEnroller/Lib/lang.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/AvailablePlugin/DuplicateCheckEnroller/Controller/DuplicateCheckEnrollerCoPetitionsController.php b/app/AvailablePlugin/DuplicateCheckEnroller/Controller/DuplicateCheckEnrollerCoPetitionsController.php index eddc83858..fd19a4c9b 100644 --- a/app/AvailablePlugin/DuplicateCheckEnroller/Controller/DuplicateCheckEnrollerCoPetitionsController.php +++ b/app/AvailablePlugin/DuplicateCheckEnroller/Controller/DuplicateCheckEnrollerCoPetitionsController.php @@ -70,7 +70,7 @@ protected function execute_plugin_start($id, $onFinish) { $this->set('vv_duplicate_account', $duplicate_account); $this->set('vv_petition_id', $id); - $remote_user = getenv($duplicate_account['DuplicateCheckEnroller']['env_remote_user']); + $remote_user = getenv($duplicate_account['DuplicateCheckEnroller']['env_remote_user'] ?? IdentifierEnum::ePPN); if(empty($remote_user)) { throw new RuntimeException(_txt('er.duplicate_check_enrollers.remote_user.notfound')); diff --git a/app/AvailablePlugin/DuplicateCheckEnroller/Lib/lang.php b/app/AvailablePlugin/DuplicateCheckEnroller/Lib/lang.php index 83ab373c3..c97f86236 100644 --- a/app/AvailablePlugin/DuplicateCheckEnroller/Lib/lang.php +++ b/app/AvailablePlugin/DuplicateCheckEnroller/Lib/lang.php @@ -44,7 +44,7 @@ // Fields 'fd.duplicate_check_enrollers.env_remote_user' => 'Enviromental Variable', - 'fd.duplicate_check_enrollers.env_remote_user.desc' => 'Enviromental Variable used to save the REMOTE USER', + 'fd.duplicate_check_enrollers.env_remote_user.desc' => 'Enviromental Variable used to save the REMOTE USER, defaults to ePPN type', 'fd.duplicate_check_enrollers.identifier_type' => 'Identifier Type', 'fd.duplicate_check_enrollers.identifier_type.desc' => 'Identifier Type to query for (e.g. ePPN)', 'fd.duplicate_check_enrollers.redirect_url' => 'Redirect URL', From 23cd88991ff6c65541206ab4f62a446e1f6797c6 Mon Sep 17 00:00:00 2001 From: Scott Koranda Date: Sun, 10 Sep 2023 16:05:30 -0500 Subject: [PATCH 20/34] Handle no configured attributes for LdapSchema plugin objectclass (CO-2691) (#534) --- app/Plugin/LdapProvisioner/Model/CoLdapProvisionerTarget.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/app/Plugin/LdapProvisioner/Model/CoLdapProvisionerTarget.php b/app/Plugin/LdapProvisioner/Model/CoLdapProvisionerTarget.php index 772545245..6705e26a2 100644 --- a/app/Plugin/LdapProvisioner/Model/CoLdapProvisionerTarget.php +++ b/app/Plugin/LdapProvisioner/Model/CoLdapProvisionerTarget.php @@ -285,6 +285,11 @@ protected function assembleAttributes($coProvisioningTargetData, // a use case for this. continue; } + + // No attributes may be configured for the objectclass handled by the plugin. + if(!array_key_exists($oc, $configuredAttributes)) { + continue; + } // Ask the plugin to assemble the attributes for this objectclass for us. // First, get a pointer to the plugin model. From 0df934bb9cafbfc0fa33f73468d444d2f41ca1c2 Mon Sep 17 00:00:00 2001 From: Ioannis Igoumenos Date: Sat, 2 Sep 2023 16:07:43 +0300 Subject: [PATCH 21/34] Add missing associations Pipeline,CoEnrollmentFlow,CoGroup,DataFilter.Changelog Behavior enable correct find for contain equals to true. --- app/Model/Behavior/ChangelogBehavior.php | 13 ++++++++++++- app/Model/CoEnrollmentFlow.php | 2 +- app/Model/CoGroup.php | 4 ++++ app/Model/CoPipeline.php | 2 +- app/Model/DataFilter.php | 3 ++- 5 files changed, 20 insertions(+), 4 deletions(-) diff --git a/app/Model/Behavior/ChangelogBehavior.php b/app/Model/Behavior/ChangelogBehavior.php index 308c3513d..3c7e5d5af 100644 --- a/app/Model/Behavior/ChangelogBehavior.php +++ b/app/Model/Behavior/ChangelogBehavior.php @@ -229,7 +229,11 @@ public function beforeFind(Model $model, $query) { $ret['conditions'][] = $malias . '.deleted IS NOT true'; if(!empty($query['contain']) - && (!isset($query['contain'][0]) || $query['contain'][0] != false)) { + && (!isset($query['contain'][0]) + || $query['contain'][0] != false + || (is_bool($query['contain']) && $query['contain']) + ) + ) { $ret['contain'] = $this->modifyContain($model, $query['contain']); } @@ -536,6 +540,13 @@ protected function modifyContain($model, $contain) { if(is_string($contain)) { $contain = array(0 => $contain); } + + if(is_bool($contain) && $contain) { + // We will create the contain array here by using the associations of the model + $has = array_merge($model->hasOne, $model->hasMany); + $belongs = $model->belongsTo; + $contain = array_merge(array_keys($has), array_keys($belongs)); + } $ret = $contain; diff --git a/app/Model/CoEnrollmentFlow.php b/app/Model/CoEnrollmentFlow.php index eaa1f8acc..ecf7e3947 100644 --- a/app/Model/CoEnrollmentFlow.php +++ b/app/Model/CoEnrollmentFlow.php @@ -81,7 +81,7 @@ class CoEnrollmentFlow extends AppModel { ), "CoTheme", "MatchServer" => array( - 'className' => 'Server', + 'className' => 'MatchServer', 'foreignKey' => 'match_server_id' ) ); diff --git a/app/Model/CoGroup.php b/app/Model/CoGroup.php index 16de2bfb7..8ba602e5b 100644 --- a/app/Model/CoGroup.php +++ b/app/Model/CoGroup.php @@ -40,6 +40,10 @@ class CoGroup extends AppModel { 'dependent' => true, 'foreignKey' => 'target_co_group_id' ), + "CoGroupOisMapping" => array( + 'dependent' => true, + 'foreignKey' => 'co_group_id' + ), "SourceCoGroupNesting" => array( 'dependent' => true, 'className' => 'CoGroupNesting', diff --git a/app/Model/CoPipeline.php b/app/Model/CoPipeline.php index e4cd21ce0..066db2333 100644 --- a/app/Model/CoPipeline.php +++ b/app/Model/CoPipeline.php @@ -37,7 +37,7 @@ class CoPipeline extends AppModel { "Co", "CoEnrollmentFlow", "MatchServer" => array( - 'className' => 'Server', + 'className' => 'MatchServer', 'foreignKey' => 'match_server_id' ), "SyncCou" => array( diff --git a/app/Model/DataFilter.php b/app/Model/DataFilter.php index da0c111ab..c0e573854 100644 --- a/app/Model/DataFilter.php +++ b/app/Model/DataFilter.php @@ -42,7 +42,8 @@ class DataFilter extends AppModel { ); public $hasMany = array( - 'CoProvisioningTargetFilter' + 'CoProvisioningTargetFilter', + 'OrgIdentitySourceFilter' ); public $hasManyPlugins = array( From 2931e1019eabd14885fe3136d9fa8498612f9640 Mon Sep 17 00:00:00 2001 From: Ioannis Igoumenos Date: Tue, 12 Sep 2023 19:14:44 +0300 Subject: [PATCH 22/34] Fix CO::duplicateObjects order Cous by partent_id with null first.Fix initialization of Plugin Model in afterSave callback of Datafilter. --- app/Model/Co.php | 19 ++++++++++++++----- app/Model/DataFilter.php | 3 ++- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/app/Model/Co.php b/app/Model/Co.php index b3f4624ca..66c8584ab 100644 --- a/app/Model/Co.php +++ b/app/Model/Co.php @@ -556,11 +556,20 @@ protected function duplicateObjects($model, $foreignKey, $fkid, &$idmap, $isTree $args['conditions'][$model->name.'.'.$foreignKey] = $fkid; $args['contain'] = false; if($isTree) { - // If we order by left, then we shouldn't see a node with a parent_id - // that we haven't copied yet. (Presumably order by parent_id ASC would - // work as well, but only if NULLS FIRST.) - // https://book.cakephp.org/2.0/en/core-libraries/behaviors/tree.html - $args['order'] = $model->name.'.lft ASC'; + // We will order by parent_id using the NULLS FIRST option. + // PostgreSQL needs the NULLS FIRST in order to put the null at the top + // We will treat this as the default + $args['order'] = $model->name . '.parent_id ASC NULLS FIRST'; + + // What should we do in the case of MySQL + $db = $model->getDataSource(); + $db_driver = explode("/", $db->config['datasource'], 2); + $db_driverName = $db_driver[1]; + if(preg_match("/mysql/i", $db_driverName)) { + // MySQL, MariaDB treats NULLs as NULLs are treated as less than 0 and + // places them at the top of an ASC dataset + $args['order'] = $model->name . '.parent_id ASC'; + } } $objs = $model->find('all', $args); diff --git a/app/Model/DataFilter.php b/app/Model/DataFilter.php index c0e573854..fe37ba887 100644 --- a/app/Model/DataFilter.php +++ b/app/Model/DataFilter.php @@ -116,7 +116,8 @@ public function afterSave($created, $options = Array()) { $source[$modelName]['data_filter_id'] = $this->id; // Note that we have to disable validation because we want to create an empty row. - if(!$this->$modelName->save($source, false)) { + $modelNameInstance = ClassRegistry::init($pluginModelName); + if(!$modelNameInstance->save($source, false)) { return false; } } From e1a01fa38deac0147d66e9976799f8bebe2c9e03 Mon Sep 17 00:00:00 2001 From: Ioannis Igoumenos Date: Wed, 13 Sep 2023 10:39:39 +0300 Subject: [PATCH 23/34] Make identifier assignment exclusion an option field during validation --- app/Model/CoIdentifierAssignment.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/Model/CoIdentifierAssignment.php b/app/Model/CoIdentifierAssignment.php index 28b28238e..aabbd2455 100644 --- a/app/Model/CoIdentifierAssignment.php +++ b/app/Model/CoIdentifierAssignment.php @@ -170,7 +170,9 @@ class CoIdentifierAssignment extends AppModel { IdentifierAssignmentExclusionEnum::Offensive, IdentifierAssignmentExclusionEnum::Superstitious ) - ) + ), + 'required' => false, + 'allowEmpty' => true ), 'ordr' => array( 'rule' => 'numeric', From 230a6e27a0cdc9005ba591dae9984d78d0a49a55 Mon Sep 17 00:00:00 2001 From: Ioannis Igoumenos Date: Thu, 3 Aug 2023 12:40:49 +0300 Subject: [PATCH 24/34] Handle multi value email attributes in ENVSource plugin --- app/Plugin/EnvSource/Config/Schema/schema.xml | 1 + app/Plugin/EnvSource/Lib/enum.php | 7 +++++ app/Plugin/EnvSource/Lib/lang.php | 17 +++++++---- app/Plugin/EnvSource/Model/EnvSource.php | 18 +++++++++++ .../EnvSource/Model/EnvSourceBackend.php | 30 +++++++++++++++++-- .../EnvSource/View/EnvSources/fields.inc | 29 +++++++++++++++++- 6 files changed, 93 insertions(+), 9 deletions(-) diff --git a/app/Plugin/EnvSource/Config/Schema/schema.xml b/app/Plugin/EnvSource/Config/Schema/schema.xml index 4ed2fdffe..229392709 100644 --- a/app/Plugin/EnvSource/Config/Schema/schema.xml +++ b/app/Plugin/EnvSource/Config/Schema/schema.xml @@ -39,6 +39,7 @@ + diff --git a/app/Plugin/EnvSource/Lib/enum.php b/app/Plugin/EnvSource/Lib/enum.php index 445a4b9d7..426e2f3bd 100644 --- a/app/Plugin/EnvSource/Lib/enum.php +++ b/app/Plugin/EnvSource/Lib/enum.php @@ -31,3 +31,10 @@ class EnvSourceDuplicateModeEnum const LoginIdentifier = "LI"; const SORIdentifier = "SI"; } + +class AuthProviderEnum +{ + const Shibboleth = "SH"; + const Simplesamlphp = "SS"; + const Other = "O"; +} diff --git a/app/Plugin/EnvSource/Lib/lang.php b/app/Plugin/EnvSource/Lib/lang.php index 638a41615..86e39a032 100644 --- a/app/Plugin/EnvSource/Lib/lang.php +++ b/app/Plugin/EnvSource/Lib/lang.php @@ -42,7 +42,13 @@ EnvSourceDuplicateModeEnum::AnyIdentifier => 'Any Identifier Match', EnvSourceDuplicateModeEnum::LoginIdentifier => 'Login Identifier Match', ), - + + 'pl.envsource.en.auth.provider' => array( + AuthProviderEnum::Shibboleth => 'Shibboleth SP', + AuthProviderEnum::Simplesamlphp => 'SimpleSamlPHP SP', + AuthProviderEnum::Other => 'Other', + ), + // Error messages 'er.envsource.dupe' => 'Identifier "%1$s" is already registered', 'er.envsource.sorid' => 'Identifier (SORID) variable "%1$s" not set', @@ -52,8 +58,9 @@ 'er.envsource.token' => 'Token error', // Plugin texts - 'pl.envsource.mode.dupe' => 'Duplicate Handling Mode', - 'pl.envsource.name.unknown' => 'Unknownname', - 'pl.envsource.redirect.dupe' => 'Redirect on Duplicate', - 'pl.envsource.sorid.desc' => 'This must be set to an environment variable holding a unique identifier for any authenticated user.' + 'pl.envsource.mode.dupe' => 'Duplicate Handling Mode', + 'pl.envsource.sp.type' => 'Web Server SP Provider', + 'pl.envsource.name.unknown' => 'Unknownname', + 'pl.envsource.redirect.dupe' => 'Redirect on Duplicate', + 'pl.envsource.sorid.desc' => 'This must be set to an environment variable holding a unique identifier for any authenticated user.' ); diff --git a/app/Plugin/EnvSource/Model/EnvSource.php b/app/Plugin/EnvSource/Model/EnvSource.php index 65677d249..36dcf7acd 100644 --- a/app/Plugin/EnvSource/Model/EnvSource.php +++ b/app/Plugin/EnvSource/Model/EnvSource.php @@ -40,6 +40,24 @@ class EnvSource extends AppModel { // Validation rules for table elements public $validate = array( + 'duplicate_mode' => array( + 'content' => array( + 'rule' => array('inList', array(EnvSourceDuplicateModeEnum::SORIdentifier, + EnvSourceDuplicateModeEnum::LoginIdentifier, + EnvSourceDuplicateModeEnum::AnyIdentifier)), + 'required' => true, + 'allowEmpty' => false + ) + ), + 'sp_type' => array( + 'content' => array( + 'rule' => array('inList', array(AuthProviderEnum::Shibboleth, + AuthProviderEnum::Simplesamlphp, + AuthProviderEnum::Other)), + 'required' => true, + 'allowEmpty' => true + ) + ), 'org_identity_source_id' => array( 'rule' => 'numeric', 'required' => true, diff --git a/app/Plugin/EnvSource/Model/EnvSourceBackend.php b/app/Plugin/EnvSource/Model/EnvSourceBackend.php index 9b769bb99..07ab2d3e4 100644 --- a/app/Plugin/EnvSource/Model/EnvSourceBackend.php +++ b/app/Plugin/EnvSource/Model/EnvSourceBackend.php @@ -126,9 +126,33 @@ protected function resultToOrgIdentity($result) { $orgdata['EmailAddress'] = array(); if($result['env_mail']) { - $orgdata['EmailAddress'][0]['mail'] = $result['env_mail']; - $orgdata['EmailAddress'][0]['type'] = EmailAddressEnum::Official; - $orgdata['EmailAddress'][0]['verified'] = true; + if(!empty($this->pluginCfg['sp_type']) + && $this->pluginCfg['sp_type'] != AuthProviderEnum::Other) { + $delimiter = ""; + if($this->pluginCfg['sp_type'] == AuthProviderEnum::Shibboleth) { + $delimiter = ";"; + } elseif($this->pluginCfg['sp_type'] == AuthProviderEnum::Simplesamlphp) { + $delimiter =","; + } + + $env_email_list = explode($delimiter, $result['env_email']); + if(count($env_email_list) > 1) { + foreach($env_email_list as $idx => $mail) { + $orgdata['EmailAddress'][$idx] = array(); + $orgdata['EmailAddress'][$idx]['mail'] = $mail; + $orgdata['EmailAddress'][$idx]['type'] = EmailAddressEnum::Official; + $orgdata['EmailAddress'][$idx]['verified'] = true; + } + } else { + $orgdata['EmailAddress'][0]['mail'] = $result['env_mail']; + $orgdata['EmailAddress'][0]['type'] = EmailAddressEnum::Official; + $orgdata['EmailAddress'][0]['verified'] = true; + } + } else { + $orgdata['EmailAddress'][0]['mail'] = $result['env_mail']; + $orgdata['EmailAddress'][0]['type'] = EmailAddressEnum::Official; + $orgdata['EmailAddress'][0]['verified'] = true; + } } $orgdata['Address'] = array(); diff --git a/app/Plugin/EnvSource/View/EnvSources/fields.inc b/app/Plugin/EnvSource/View/EnvSources/fields.inc index 977f1d8f4..75f9e84e4 100644 --- a/app/Plugin/EnvSource/View/EnvSources/fields.inc +++ b/app/Plugin/EnvSource/View/EnvSources/fields.inc @@ -64,7 +64,7 @@
- *
+ *
@@ -100,6 +100,33 @@ : filter_var($env_sources[0]['EnvSource']['redirect_on_duplicate'],FILTER_SANITIZE_SPECIAL_CHARS)); ?>
+
  • +
    +
    + Form->label('sp_type', _txt('pl.envsource.sp.type')) : _txt('pl.envsource.sp.type')); ?> +
    +
    +
    + Form->select('sp_type', + $cm_texts[ $cm_lang ]['pl.envsource.en.auth.provider'], + $attrs); + + if($this->Form->isFieldError('sp_type')) { + print $this->Form->error('sp_type'); + } + } else { + print _txt('pl.envsource.en.sp.type', null, $env_sources[0]['EnvSource']['sp_type']); + } + ?> +
    +
    • From 9303d8ca3eb04fb4939786704ba69781363dace9 Mon Sep 17 00:00:00 2001 From: Shayna Atkinson Date: Thu, 14 Sep 2023 08:14:50 -0400 Subject: [PATCH 25/34] bump aws_buildspec.yml label to 4.3.0-rc2 --- container/aws/buildspec/aws_buildspec.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/container/aws/buildspec/aws_buildspec.yml b/container/aws/buildspec/aws_buildspec.yml index 484d114e0..7d343c1ac 100644 --- a/container/aws/buildspec/aws_buildspec.yml +++ b/container/aws/buildspec/aws_buildspec.yml @@ -3,7 +3,7 @@ version: 0.2 env: shell: bash variables: - LABEL: "4.3.0-rc1" + LABEL: "4.3.0-rc2" exported-variables: - LABEL From 2dcc15203a077ba734f2d6dfed64d09ff29215bf Mon Sep 17 00:00:00 2001 From: Scott Koranda Date: Thu, 14 Sep 2023 08:02:15 -0500 Subject: [PATCH 26/34] container add manifest buildspec --- .../aws/buildspec/aws_buildspec_manifest.yml | 246 ++++++++++++++++++ 1 file changed, 246 insertions(+) create mode 100644 container/aws/buildspec/aws_buildspec_manifest.yml diff --git a/container/aws/buildspec/aws_buildspec_manifest.yml b/container/aws/buildspec/aws_buildspec_manifest.yml new file mode 100644 index 000000000..0236c6601 --- /dev/null +++ b/container/aws/buildspec/aws_buildspec_manifest.yml @@ -0,0 +1,246 @@ +version: 0.2 + +env: + shell: bash + variables: + LABEL: "4.3.0-rc1" + exported-variables: + - LABEL + +phases: + pre_build: + commands: + - echo Logging in to Amazon ECR... + - aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/u0z2s2z8 + - echo Logging in to Docker Hub + - echo $HUB_DOCKER_COM_TOKEN | docker login --username skoranda --password-stdin + - echo Logging in to GitHub + - echo $GITHUB_COM_TOKEN | docker login ghcr.io --username skoranda --password-stdin + build: + commands: + - echo Build started on `date` + - echo Building and pushing the Docker manifests to AWS... + # + - docker manifest create public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:latest-amd64 public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:latest-arm64 + - docker manifest annotate --arch amd64 public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:latest-amd64 + - docker manifest annotate --arch arm64 public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth:latest-arm64 + - docker manifest push public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth + - docker manifest rm public.ecr.aws/u0z2s2z8/comanage-registry-basic-auth + # + - docker manifest create public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:latest-amd64 public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:latest-arm64 + - docker manifest annotate --arch amd64 public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:latest-amd64 + - docker manifest annotate --arch arm64 public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc:latest-arm64 + - docker manifest push public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc + - docker manifest rm public.ecr.aws/u0z2s2z8/comanage-registry-mod_auth_openidc + # + - docker manifest create public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm public.ecr.aws/u0z2s2z8/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:latest-amd64 public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:latest-arm64 + - docker manifest annotate --arch amd64 public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:latest-amd64 + - docker manifest annotate --arch arm64 public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor:latest-arm64 + - docker manifest push public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor + - docker manifest rm public.ecr.aws/u0z2s2z8/comanage-registry-shibboleth-sp-supervisor + # + - docker manifest create public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm public.ecr.aws/u0z2s2z8/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create public.ecr.aws/u0z2s2z8/comanage-registry-cron public.ecr.aws/u0z2s2z8/comanage-registry-cron:latest-amd64 public.ecr.aws/u0z2s2z8/comanage-registry-cron:latest-arm64 + - docker manifest annotate --arch amd64 public.ecr.aws/u0z2s2z8/comanage-registry-cron public.ecr.aws/u0z2s2z8/comanage-registry-cron:latest-amd64 + - docker manifest annotate --arch arm64 public.ecr.aws/u0z2s2z8/comanage-registry-cron public.ecr.aws/u0z2s2z8/comanage-registry-cron:latest-arm64 + - docker manifest push public.ecr.aws/u0z2s2z8/comanage-registry-cron + - docker manifest rm public.ecr.aws/u0z2s2z8/comanage-registry-cron + # + - echo Building and pushing the Docker manifests to DockerHub... + # + - docker manifest create docker.io/comanageproject/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 docker.io/comanageproject/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 docker.io/comanageproject/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 docker.io/comanageproject/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push docker.io/comanageproject/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm docker.io/comanageproject/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create docker.io/comanageproject/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 docker.io/comanageproject/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 docker.io/comanageproject/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 docker.io/comanageproject/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push docker.io/comanageproject/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm docker.io/comanageproject/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create docker.io/comanageproject/comanage-registry-basic-auth docker.io/comanageproject/comanage-registry-basic-auth:latest-amd64 docker.io/comanageproject/comanage-registry-basic-auth:latest-arm64 + - docker manifest annotate --arch amd64 docker.io/comanageproject/comanage-registry-basic-auth docker.io/comanageproject/comanage-registry-basic-auth:latest-amd64 + - docker manifest annotate --arch arm64 docker.io/comanageproject/comanage-registry-basic-auth docker.io/comanageproject/comanage-registry-basic-auth:latest-arm64 + - docker manifest push docker.io/comanageproject/comanage-registry-basic-auth + - docker manifest rm docker.io/comanageproject/comanage-registry-basic-auth + # + - docker manifest create docker.io/comanageproject/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 docker.io/comanageproject/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 docker.io/comanageproject/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 docker.io/comanageproject/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push docker.io/comanageproject/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm docker.io/comanageproject/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create docker.io/comanageproject/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 docker.io/comanageproject/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 docker.io/comanageproject/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 docker.io/comanageproject/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push docker.io/comanageproject/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm docker.io/comanageproject/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create docker.io/comanageproject/comanage-registry-mod_auth_openidc docker.io/comanageproject/comanage-registry-mod_auth_openidc:latest-amd64 docker.io/comanageproject/comanage-registry-mod_auth_openidc:latest-arm64 + - docker manifest annotate --arch amd64 docker.io/comanageproject/comanage-registry-mod_auth_openidc docker.io/comanageproject/comanage-registry-mod_auth_openidc:latest-amd64 + - docker manifest annotate --arch arm64 docker.io/comanageproject/comanage-registry-mod_auth_openidc docker.io/comanageproject/comanage-registry-mod_auth_openidc:latest-arm64 + - docker manifest push docker.io/comanageproject/comanage-registry-mod_auth_openidc + - docker manifest rm docker.io/comanageproject/comanage-registry-mod_auth_openidc + # + - docker manifest create docker.io/comanageproject/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 docker.io/comanageproject/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 docker.io/comanageproject/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 docker.io/comanageproject/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push docker.io/comanageproject/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm docker.io/comanageproject/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:latest-amd64 docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:latest-arm64 + - docker manifest annotate --arch amd64 docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:latest-amd64 + - docker manifest annotate --arch arm64 docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor:latest-arm64 + - docker manifest push docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor + - docker manifest rm docker.io/comanageproject/comanage-registry-shibboleth-sp-supervisor + # + - docker manifest create docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm docker.io/comanageproject/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create docker.io/comanageproject/comanage-registry-cron docker.io/comanageproject/comanage-registry-cron:latest-amd64 docker.io/comanageproject/comanage-registry-cron:latest-arm64 + - docker manifest annotate --arch amd64 docker.io/comanageproject/comanage-registry-cron docker.io/comanageproject/comanage-registry-cron:latest-amd64 + - docker manifest annotate --arch arm64 docker.io/comanageproject/comanage-registry-cron docker.io/comanageproject/comanage-registry-cron:latest-arm64 + - docker manifest push docker.io/comanageproject/comanage-registry-cron + - docker manifest rm docker.io/comanageproject/comanage-registry-cron + # + - echo Building and pushing the Docker manifests to GitHub... + # + - docker manifest create ghcr.io/cilogon/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 ghcr.io/cilogon/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 ghcr.io/cilogon/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 ghcr.io/cilogon/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push ghcr.io/cilogon/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm ghcr.io/cilogon/comanage-registry:$LABEL-basic-auth-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create ghcr.io/cilogon/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 ghcr.io/cilogon/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 ghcr.io/cilogon/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 ghcr.io/cilogon/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push ghcr.io/cilogon/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm ghcr.io/cilogon/comanage-registry-basic-auth:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create ghcr.io/cilogon/comanage-registry-basic-auth ghcr.io/cilogon/comanage-registry-basic-auth:latest-amd64 ghcr.io/cilogon/comanage-registry-basic-auth:latest-arm64 + - docker manifest annotate --arch amd64 ghcr.io/cilogon/comanage-registry-basic-auth ghcr.io/cilogon/comanage-registry-basic-auth:latest-amd64 + - docker manifest annotate --arch arm64 ghcr.io/cilogon/comanage-registry-basic-auth ghcr.io/cilogon/comanage-registry-basic-auth:latest-arm64 + - docker manifest push ghcr.io/cilogon/comanage-registry-basic-auth + - docker manifest rm ghcr.io/cilogon/comanage-registry-basic-auth + # + - docker manifest create ghcr.io/cilogon/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 ghcr.io/cilogon/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 ghcr.io/cilogon/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 ghcr.io/cilogon/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push ghcr.io/cilogon/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm ghcr.io/cilogon/comanage-registry:$LABEL-mod_auth_openidc-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create ghcr.io/cilogon/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 ghcr.io/cilogon/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 ghcr.io/cilogon/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 ghcr.io/cilogon/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push ghcr.io/cilogon/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm ghcr.io/cilogon/comanage-registry-mod_auth_openidc:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create ghcr.io/cilogon/comanage-registry-mod_auth_openidc ghcr.io/cilogon/comanage-registry-mod_auth_openidc:latest-amd64 ghcr.io/cilogon/comanage-registry-mod_auth_openidc:latest-arm64 + - docker manifest annotate --arch amd64 ghcr.io/cilogon/comanage-registry-mod_auth_openidc ghcr.io/cilogon/comanage-registry-mod_auth_openidc:latest-amd64 + - docker manifest annotate --arch arm64 ghcr.io/cilogon/comanage-registry-mod_auth_openidc ghcr.io/cilogon/comanage-registry-mod_auth_openidc:latest-arm64 + - docker manifest push ghcr.io/cilogon/comanage-registry-mod_auth_openidc + - docker manifest rm ghcr.io/cilogon/comanage-registry-mod_auth_openidc + # + - docker manifest create ghcr.io/cilogon/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 ghcr.io/cilogon/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 ghcr.io/cilogon/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 ghcr.io/cilogon/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push ghcr.io/cilogon/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm ghcr.io/cilogon/comanage-registry:$LABEL-shibboleth-sp-supervisor-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:latest-amd64 ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:latest-arm64 + - docker manifest annotate --arch amd64 ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:latest-amd64 + - docker manifest annotate --arch arm64 ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor:latest-arm64 + - docker manifest push ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor + - docker manifest rm ghcr.io/cilogon/comanage-registry-shibboleth-sp-supervisor + # + - docker manifest create ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest annotate --arch amd64 ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-amd64 + - docker manifest annotate --arch arm64 ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER-arm64 + - docker manifest push ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + - docker manifest rm ghcr.io/cilogon/comanage-registry-cron:$LABEL-$COMANAGE_REGISTRY_BUILD_NUMBER + # + - docker manifest create ghcr.io/cilogon/comanage-registry-cron ghcr.io/cilogon/comanage-registry-cron:latest-amd64 ghcr.io/cilogon/comanage-registry-cron:latest-arm64 + - docker manifest annotate --arch amd64 ghcr.io/cilogon/comanage-registry-cron ghcr.io/cilogon/comanage-registry-cron:latest-amd64 + - docker manifest annotate --arch arm64 ghcr.io/cilogon/comanage-registry-cron ghcr.io/cilogon/comanage-registry-cron:latest-arm64 + - docker manifest push ghcr.io/cilogon/comanage-registry-cron + - docker manifest rm ghcr.io/cilogon/comanage-registry-cron + + post_build: + commands: + - echo Build completed on `date` From 620e3945ebb4897ed78a71b596c44d47d6c8b1b7 Mon Sep 17 00:00:00 2001 From: Shayna Atkinson Date: Thu, 14 Sep 2023 09:09:41 -0400 Subject: [PATCH 27/34] bump aws_buildspec_manifest.yml label to 4.3.0-rc2 --- container/aws/buildspec/aws_buildspec_manifest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/container/aws/buildspec/aws_buildspec_manifest.yml b/container/aws/buildspec/aws_buildspec_manifest.yml index 0236c6601..c5e1bd008 100644 --- a/container/aws/buildspec/aws_buildspec_manifest.yml +++ b/container/aws/buildspec/aws_buildspec_manifest.yml @@ -3,7 +3,7 @@ version: 0.2 env: shell: bash variables: - LABEL: "4.3.0-rc1" + LABEL: "4.3.0-rc2" exported-variables: - LABEL From a47934ba03abb83a06a2c412b849cb17ce769e64 Mon Sep 17 00:00:00 2001 From: Ioannis Igoumenos Date: Wed, 20 Sep 2023 19:40:27 +0300 Subject: [PATCH 28/34] declare cm_co_provisioning_counts after cm_co_provisioning_targets --- app/Config/Schema/schema.xml | 60 ++++++++++++++++++------------------ 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/app/Config/Schema/schema.xml b/app/Config/Schema/schema.xml index af0d8dc1e..031f181ed 100644 --- a/app/Config/Schema/schema.xml +++ b/app/Config/Schema/schema.xml @@ -1263,7 +1263,36 @@ source_label
    - + + + + + + + + + REFERENCES cm_cos(id) + + + + + REFERENCES cm_co_groups(id) + + + REFERENCES cm_org_identity_sources(id) + + + + + + + + + + co_id + +
    + @@ -1297,35 +1326,6 @@
    - - - - - - - - REFERENCES cm_cos(id) - - - - - REFERENCES cm_co_groups(id) - - - REFERENCES cm_org_identity_sources(id) - - - - - - - - - - co_id - -
    - From ef842600d16b1c911c023b4303115d744c81ad48 Mon Sep 17 00:00:00 2001 From: Ioannis Igoumenos Date: Wed, 20 Sep 2023 19:41:56 +0300 Subject: [PATCH 29/34] optional function parameter must not come before required --- app/Model/CoInvite.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Model/CoInvite.php b/app/Model/CoInvite.php index f2ca70ff8..c9ba1ae1a 100644 --- a/app/Model/CoInvite.php +++ b/app/Model/CoInvite.php @@ -289,7 +289,7 @@ public function send($coPersonId, $actorPersonId, $toEmail, $fromEmail=null, - $coName, + $coName=null, $subject=null, $template=null, $emailAddressID=null, From 103c995a05545a929da3dda220852eb2afac72c7 Mon Sep 17 00:00:00 2001 From: Arlen Johnson Date: Mon, 25 Sep 2023 12:42:28 -0400 Subject: [PATCH 30/34] Fix COU Manager Permissions (CO-2698) --- app/Controller/Component/RoleComponent.php | 33 +++++++++++++++++++--- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/app/Controller/Component/RoleComponent.php b/app/Controller/Component/RoleComponent.php index 1c41a8b23..84e3fcfe6 100644 --- a/app/Controller/Component/RoleComponent.php +++ b/app/Controller/Component/RoleComponent.php @@ -1276,12 +1276,20 @@ public function isCoOrCouAdminForCoPerson($coPersonId, $subjectCoPersonId) { * @param Integer CO Person Role ID of subject * @return Boolean True if the CO Person is a CO(U) Administrator for the subject, false otherwise */ - + public function isCoOrCouAdminForCoPersonRole($coPersonId, $subjectCoPersonRoleId) { if(!$coPersonId) { return false; } + // Find the person's CO + try { + $coId = $this->cachedCoIdLookup($coPersonId); + } + catch(InvalidArgumentException $e) { + throw new InvalidArgumentException($e->getMessage()); + } + // Look up the CO Person ID for the subject and then hand off the request. $CoPersonRole = ClassRegistry::init('CoPersonRole'); @@ -1292,11 +1300,28 @@ public function isCoOrCouAdminForCoPersonRole($coPersonId, $subjectCoPersonRoleI $copr = $CoPersonRole->find('first', $args); - if($copr && isset($copr['CoPersonRole']['co_person_id'])) { - return $this->isCoOrCouAdminForCoPerson($coPersonId, $copr['CoPersonRole']['co_person_id']); - } else { + if(empty($copr) + || !isset($copr['CoPersonRole']['co_person_id']) + || empty($copr["CoPersonRole"]["cou_id"])) { return false; } + + // I am the CO Admin + if($this->isCoAdminForCoPerson($coPersonId, $copr['CoPersonRole']['co_person_id'])) { + return true; + } + + // Next, pull the COUs for which $coPersonId is a COU admin + $adminCous = $this->couAdminFor($coPersonId); + + if(empty($adminCous)) { + return false; + } + + $adminCousIds = array_keys($adminCous); + + // I am the COU admin + return in_array($copr["CoPersonRole"]["cou_id"], $adminCousIds); } /** From c5d399cdf985f6b8729d7731d19f584af2be1ca2 Mon Sep 17 00:00:00 2001 From: Arlen Johnson Date: Tue, 26 Sep 2023 11:45:59 -0400 Subject: [PATCH 31/34] Upgrade jQuery to version 3.7.1 (CO-2707) --- app/View/Layouts/default.ctp | 2 +- app/View/Layouts/redirect.ctp | 2 +- app/webroot/js/jquery/jquery-3.5.1.min.js | 2 -- app/webroot/js/jquery/jquery-3.7.1.min.js | 2 ++ 4 files changed, 4 insertions(+), 4 deletions(-) delete mode 100644 app/webroot/js/jquery/jquery-3.5.1.min.js create mode 100644 app/webroot/js/jquery/jquery-3.7.1.min.js diff --git a/app/View/Layouts/default.ctp b/app/View/Layouts/default.ctp index a46825d92..96e6b9d05 100644 --- a/app/View/Layouts/default.ctp +++ b/app/View/Layouts/default.ctp @@ -81,7 +81,7 @@ Html->script('jquery/jquery-3.5.1.min.js') . "\n "; + print $this->Html->script('jquery/jquery-3.7.1.min.js') . "\n "; print $this->Html->script('bootstrap/bootstrap-4.5.3-dist/js/bootstrap.bundle.min.js') . "\n "; print $this->Html->script('jquery/jquery-ui-1.13.2.custom/jquery-ui.min.js') . "\n "; print $this->Html->script('vue/vue-3.2.31.global.prod.js') . "\n "; diff --git a/app/View/Layouts/redirect.ctp b/app/View/Layouts/redirect.ctp index 322566fae..294285826 100644 --- a/app/View/Layouts/redirect.ctp +++ b/app/View/Layouts/redirect.ctp @@ -55,7 +55,7 @@ Html->script('jquery/jquery-3.5.1.min.js') . "\n "; + print $this->Html->script('jquery/jquery-3.7.1.min.js') . "\n "; print $this->Html->script('bootstrap/bootstrap-4.5.3-dist/js/bootstrap.min.js') . "\n "; print $this->Html->script('jquery/jquery-ui-1.13.2.custom/jquery-ui.min.js') . "\n "; ?> diff --git a/app/webroot/js/jquery/jquery-3.5.1.min.js b/app/webroot/js/jquery/jquery-3.5.1.min.js deleted file mode 100644 index b0614034a..000000000 --- a/app/webroot/js/jquery/jquery-3.5.1.min.js +++ /dev/null @@ -1,2 +0,0 @@ -/*! jQuery v3.5.1 | (c) JS Foundation and other contributors | jquery.org/license */ -!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.5.1",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0+~]|"+M+")"+M+"*"),U=new RegExp(M+"|>"),X=new RegExp(F),V=new RegExp("^"+I+"$"),G={ID:new RegExp("^#("+I+")"),CLASS:new RegExp("^\\.("+I+")"),TAG:new RegExp("^("+I+"|[*])"),ATTR:new RegExp("^"+W),PSEUDO:new RegExp("^"+F),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+M+"*(even|odd|(([+-]|)(\\d*)n|)"+M+"*(?:([+-]|)"+M+"*(\\d+)|))"+M+"*\\)|)","i"),bool:new RegExp("^(?:"+R+")$","i"),needsContext:new RegExp("^"+M+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+M+"*((?:-\\d)?\\d*)"+M+"*\\)|)(?=[^-]|$)","i")},Y=/HTML$/i,Q=/^(?:input|select|textarea|button)$/i,J=/^h\d$/i,K=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,ee=/[+~]/,te=new RegExp("\\\\[\\da-fA-F]{1,6}"+M+"?|\\\\([^\\r\\n\\f])","g"),ne=function(e,t){var n="0x"+e.slice(1)-65536;return t||(n<0?String.fromCharCode(n+65536):String.fromCharCode(n>>10|55296,1023&n|56320))},re=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g,ie=function(e,t){return t?"\0"===e?"\ufffd":e.slice(0,-1)+"\\"+e.charCodeAt(e.length-1).toString(16)+" ":"\\"+e},oe=function(){T()},ae=be(function(e){return!0===e.disabled&&"fieldset"===e.nodeName.toLowerCase()},{dir:"parentNode",next:"legend"});try{H.apply(t=O.call(p.childNodes),p.childNodes),t[p.childNodes.length].nodeType}catch(e){H={apply:t.length?function(e,t){L.apply(e,O.call(t))}:function(e,t){var n=e.length,r=0;while(e[n++]=t[r++]);e.length=n-1}}}function se(t,e,n,r){var i,o,a,s,u,l,c,f=e&&e.ownerDocument,p=e?e.nodeType:9;if(n=n||[],"string"!=typeof t||!t||1!==p&&9!==p&&11!==p)return n;if(!r&&(T(e),e=e||C,E)){if(11!==p&&(u=Z.exec(t)))if(i=u[1]){if(9===p){if(!(a=e.getElementById(i)))return n;if(a.id===i)return n.push(a),n}else if(f&&(a=f.getElementById(i))&&y(e,a)&&a.id===i)return n.push(a),n}else{if(u[2])return H.apply(n,e.getElementsByTagName(t)),n;if((i=u[3])&&d.getElementsByClassName&&e.getElementsByClassName)return H.apply(n,e.getElementsByClassName(i)),n}if(d.qsa&&!N[t+" "]&&(!v||!v.test(t))&&(1!==p||"object"!==e.nodeName.toLowerCase())){if(c=t,f=e,1===p&&(U.test(t)||z.test(t))){(f=ee.test(t)&&ye(e.parentNode)||e)===e&&d.scope||((s=e.getAttribute("id"))?s=s.replace(re,ie):e.setAttribute("id",s=S)),o=(l=h(t)).length;while(o--)l[o]=(s?"#"+s:":scope")+" "+xe(l[o]);c=l.join(",")}try{return H.apply(n,f.querySelectorAll(c)),n}catch(e){N(t,!0)}finally{s===S&&e.removeAttribute("id")}}}return g(t.replace($,"$1"),e,n,r)}function ue(){var r=[];return function e(t,n){return r.push(t+" ")>b.cacheLength&&delete e[r.shift()],e[t+" "]=n}}function le(e){return e[S]=!0,e}function ce(e){var t=C.createElement("fieldset");try{return!!e(t)}catch(e){return!1}finally{t.parentNode&&t.parentNode.removeChild(t),t=null}}function fe(e,t){var n=e.split("|"),r=n.length;while(r--)b.attrHandle[n[r]]=t}function pe(e,t){var n=t&&e,r=n&&1===e.nodeType&&1===t.nodeType&&e.sourceIndex-t.sourceIndex;if(r)return r;if(n)while(n=n.nextSibling)if(n===t)return-1;return e?1:-1}function de(t){return function(e){return"input"===e.nodeName.toLowerCase()&&e.type===t}}function he(n){return function(e){var t=e.nodeName.toLowerCase();return("input"===t||"button"===t)&&e.type===n}}function ge(t){return function(e){return"form"in e?e.parentNode&&!1===e.disabled?"label"in e?"label"in e.parentNode?e.parentNode.disabled===t:e.disabled===t:e.isDisabled===t||e.isDisabled!==!t&&ae(e)===t:e.disabled===t:"label"in e&&e.disabled===t}}function ve(a){return le(function(o){return o=+o,le(function(e,t){var n,r=a([],e.length,o),i=r.length;while(i--)e[n=r[i]]&&(e[n]=!(t[n]=e[n]))})})}function ye(e){return e&&"undefined"!=typeof e.getElementsByTagName&&e}for(e in d=se.support={},i=se.isXML=function(e){var t=e.namespaceURI,n=(e.ownerDocument||e).documentElement;return!Y.test(t||n&&n.nodeName||"HTML")},T=se.setDocument=function(e){var t,n,r=e?e.ownerDocument||e:p;return r!=C&&9===r.nodeType&&r.documentElement&&(a=(C=r).documentElement,E=!i(C),p!=C&&(n=C.defaultView)&&n.top!==n&&(n.addEventListener?n.addEventListener("unload",oe,!1):n.attachEvent&&n.attachEvent("onunload",oe)),d.scope=ce(function(e){return a.appendChild(e).appendChild(C.createElement("div")),"undefined"!=typeof e.querySelectorAll&&!e.querySelectorAll(":scope fieldset div").length}),d.attributes=ce(function(e){return e.className="i",!e.getAttribute("className")}),d.getElementsByTagName=ce(function(e){return e.appendChild(C.createComment("")),!e.getElementsByTagName("*").length}),d.getElementsByClassName=K.test(C.getElementsByClassName),d.getById=ce(function(e){return a.appendChild(e).id=S,!C.getElementsByName||!C.getElementsByName(S).length}),d.getById?(b.filter.ID=function(e){var t=e.replace(te,ne);return function(e){return e.getAttribute("id")===t}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n=t.getElementById(e);return n?[n]:[]}}):(b.filter.ID=function(e){var n=e.replace(te,ne);return function(e){var t="undefined"!=typeof e.getAttributeNode&&e.getAttributeNode("id");return t&&t.value===n}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n,r,i,o=t.getElementById(e);if(o){if((n=o.getAttributeNode("id"))&&n.value===e)return[o];i=t.getElementsByName(e),r=0;while(o=i[r++])if((n=o.getAttributeNode("id"))&&n.value===e)return[o]}return[]}}),b.find.TAG=d.getElementsByTagName?function(e,t){return"undefined"!=typeof t.getElementsByTagName?t.getElementsByTagName(e):d.qsa?t.querySelectorAll(e):void 0}:function(e,t){var n,r=[],i=0,o=t.getElementsByTagName(e);if("*"===e){while(n=o[i++])1===n.nodeType&&r.push(n);return r}return o},b.find.CLASS=d.getElementsByClassName&&function(e,t){if("undefined"!=typeof t.getElementsByClassName&&E)return t.getElementsByClassName(e)},s=[],v=[],(d.qsa=K.test(C.querySelectorAll))&&(ce(function(e){var t;a.appendChild(e).innerHTML="",e.querySelectorAll("[msallowcapture^='']").length&&v.push("[*^$]="+M+"*(?:''|\"\")"),e.querySelectorAll("[selected]").length||v.push("\\["+M+"*(?:value|"+R+")"),e.querySelectorAll("[id~="+S+"-]").length||v.push("~="),(t=C.createElement("input")).setAttribute("name",""),e.appendChild(t),e.querySelectorAll("[name='']").length||v.push("\\["+M+"*name"+M+"*="+M+"*(?:''|\"\")"),e.querySelectorAll(":checked").length||v.push(":checked"),e.querySelectorAll("a#"+S+"+*").length||v.push(".#.+[+~]"),e.querySelectorAll("\\\f"),v.push("[\\r\\n\\f]")}),ce(function(e){e.innerHTML="";var t=C.createElement("input");t.setAttribute("type","hidden"),e.appendChild(t).setAttribute("name","D"),e.querySelectorAll("[name=d]").length&&v.push("name"+M+"*[*^$|!~]?="),2!==e.querySelectorAll(":enabled").length&&v.push(":enabled",":disabled"),a.appendChild(e).disabled=!0,2!==e.querySelectorAll(":disabled").length&&v.push(":enabled",":disabled"),e.querySelectorAll("*,:x"),v.push(",.*:")})),(d.matchesSelector=K.test(c=a.matches||a.webkitMatchesSelector||a.mozMatchesSelector||a.oMatchesSelector||a.msMatchesSelector))&&ce(function(e){d.disconnectedMatch=c.call(e,"*"),c.call(e,"[s!='']:x"),s.push("!=",F)}),v=v.length&&new RegExp(v.join("|")),s=s.length&&new RegExp(s.join("|")),t=K.test(a.compareDocumentPosition),y=t||K.test(a.contains)?function(e,t){var n=9===e.nodeType?e.documentElement:e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)while(t=t.parentNode)if(t===e)return!0;return!1},D=t?function(e,t){if(e===t)return l=!0,0;var n=!e.compareDocumentPosition-!t.compareDocumentPosition;return n||(1&(n=(e.ownerDocument||e)==(t.ownerDocument||t)?e.compareDocumentPosition(t):1)||!d.sortDetached&&t.compareDocumentPosition(e)===n?e==C||e.ownerDocument==p&&y(p,e)?-1:t==C||t.ownerDocument==p&&y(p,t)?1:u?P(u,e)-P(u,t):0:4&n?-1:1)}:function(e,t){if(e===t)return l=!0,0;var n,r=0,i=e.parentNode,o=t.parentNode,a=[e],s=[t];if(!i||!o)return e==C?-1:t==C?1:i?-1:o?1:u?P(u,e)-P(u,t):0;if(i===o)return pe(e,t);n=e;while(n=n.parentNode)a.unshift(n);n=t;while(n=n.parentNode)s.unshift(n);while(a[r]===s[r])r++;return r?pe(a[r],s[r]):a[r]==p?-1:s[r]==p?1:0}),C},se.matches=function(e,t){return se(e,null,null,t)},se.matchesSelector=function(e,t){if(T(e),d.matchesSelector&&E&&!N[t+" "]&&(!s||!s.test(t))&&(!v||!v.test(t)))try{var n=c.call(e,t);if(n||d.disconnectedMatch||e.document&&11!==e.document.nodeType)return n}catch(e){N(t,!0)}return 0":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(e){return e[1]=e[1].replace(te,ne),e[3]=(e[3]||e[4]||e[5]||"").replace(te,ne),"~="===e[2]&&(e[3]=" "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),"nth"===e[1].slice(0,3)?(e[3]||se.error(e[0]),e[4]=+(e[4]?e[5]+(e[6]||1):2*("even"===e[3]||"odd"===e[3])),e[5]=+(e[7]+e[8]||"odd"===e[3])):e[3]&&se.error(e[0]),e},PSEUDO:function(e){var t,n=!e[6]&&e[2];return G.CHILD.test(e[0])?null:(e[3]?e[2]=e[4]||e[5]||"":n&&X.test(n)&&(t=h(n,!0))&&(t=n.indexOf(")",n.length-t)-n.length)&&(e[0]=e[0].slice(0,t),e[2]=n.slice(0,t)),e.slice(0,3))}},filter:{TAG:function(e){var t=e.replace(te,ne).toLowerCase();return"*"===e?function(){return!0}:function(e){return e.nodeName&&e.nodeName.toLowerCase()===t}},CLASS:function(e){var t=m[e+" "];return t||(t=new RegExp("(^|"+M+")"+e+"("+M+"|$)"))&&m(e,function(e){return t.test("string"==typeof e.className&&e.className||"undefined"!=typeof e.getAttribute&&e.getAttribute("class")||"")})},ATTR:function(n,r,i){return function(e){var t=se.attr(e,n);return null==t?"!="===r:!r||(t+="","="===r?t===i:"!="===r?t!==i:"^="===r?i&&0===t.indexOf(i):"*="===r?i&&-1:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i;function D(e,n,r){return m(n)?S.grep(e,function(e,t){return!!n.call(e,t,e)!==r}):n.nodeType?S.grep(e,function(e){return e===n!==r}):"string"!=typeof n?S.grep(e,function(e){return-1)[^>]*|#([\w-]+))$/;(S.fn.init=function(e,t,n){var r,i;if(!e)return this;if(n=n||j,"string"==typeof e){if(!(r="<"===e[0]&&">"===e[e.length-1]&&3<=e.length?[null,e,null]:q.exec(e))||!r[1]&&t)return!t||t.jquery?(t||n).find(e):this.constructor(t).find(e);if(r[1]){if(t=t instanceof S?t[0]:t,S.merge(this,S.parseHTML(r[1],t&&t.nodeType?t.ownerDocument||t:E,!0)),N.test(r[1])&&S.isPlainObject(t))for(r in t)m(this[r])?this[r](t[r]):this.attr(r,t[r]);return this}return(i=E.getElementById(r[2]))&&(this[0]=i,this.length=1),this}return e.nodeType?(this[0]=e,this.length=1,this):m(e)?void 0!==n.ready?n.ready(e):e(S):S.makeArray(e,this)}).prototype=S.fn,j=S(E);var L=/^(?:parents|prev(?:Until|All))/,H={children:!0,contents:!0,next:!0,prev:!0};function O(e,t){while((e=e[t])&&1!==e.nodeType);return e}S.fn.extend({has:function(e){var t=S(e,this),n=t.length;return this.filter(function(){for(var e=0;e\x20\t\r\n\f]*)/i,he=/^$|^module$|\/(?:java|ecma)script/i;ce=E.createDocumentFragment().appendChild(E.createElement("div")),(fe=E.createElement("input")).setAttribute("type","radio"),fe.setAttribute("checked","checked"),fe.setAttribute("name","t"),ce.appendChild(fe),y.checkClone=ce.cloneNode(!0).cloneNode(!0).lastChild.checked,ce.innerHTML="",y.noCloneChecked=!!ce.cloneNode(!0).lastChild.defaultValue,ce.innerHTML="",y.option=!!ce.lastChild;var ge={thead:[1,"
    ","
    "],col:[2,"","
    "],tr:[2,"","
    "],td:[3,"","
    "],_default:[0,"",""]};function ve(e,t){var n;return n="undefined"!=typeof e.getElementsByTagName?e.getElementsByTagName(t||"*"):"undefined"!=typeof e.querySelectorAll?e.querySelectorAll(t||"*"):[],void 0===t||t&&A(e,t)?S.merge([e],n):n}function ye(e,t){for(var n=0,r=e.length;n",""]);var me=/<|&#?\w+;/;function xe(e,t,n,r,i){for(var o,a,s,u,l,c,f=t.createDocumentFragment(),p=[],d=0,h=e.length;d\s*$/g;function qe(e,t){return A(e,"table")&&A(11!==t.nodeType?t:t.firstChild,"tr")&&S(e).children("tbody")[0]||e}function Le(e){return e.type=(null!==e.getAttribute("type"))+"/"+e.type,e}function He(e){return"true/"===(e.type||"").slice(0,5)?e.type=e.type.slice(5):e.removeAttribute("type"),e}function Oe(e,t){var n,r,i,o,a,s;if(1===t.nodeType){if(Y.hasData(e)&&(s=Y.get(e).events))for(i in Y.remove(t,"handle events"),s)for(n=0,r=s[i].length;n").attr(n.scriptAttrs||{}).prop({charset:n.scriptCharset,src:n.url}).on("load error",i=function(e){r.remove(),i=null,e&&t("error"===e.type?404:200,e.type)}),E.head.appendChild(r[0])},abort:function(){i&&i()}}});var Ut,Xt=[],Vt=/(=)\?(?=&|$)|\?\?/;S.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var e=Xt.pop()||S.expando+"_"+Ct.guid++;return this[e]=!0,e}}),S.ajaxPrefilter("json jsonp",function(e,t,n){var r,i,o,a=!1!==e.jsonp&&(Vt.test(e.url)?"url":"string"==typeof e.data&&0===(e.contentType||"").indexOf("application/x-www-form-urlencoded")&&Vt.test(e.data)&&"data");if(a||"jsonp"===e.dataTypes[0])return r=e.jsonpCallback=m(e.jsonpCallback)?e.jsonpCallback():e.jsonpCallback,a?e[a]=e[a].replace(Vt,"$1"+r):!1!==e.jsonp&&(e.url+=(Et.test(e.url)?"&":"?")+e.jsonp+"="+r),e.converters["script json"]=function(){return o||S.error(r+" was not called"),o[0]},e.dataTypes[0]="json",i=C[r],C[r]=function(){o=arguments},n.always(function(){void 0===i?S(C).removeProp(r):C[r]=i,e[r]&&(e.jsonpCallback=t.jsonpCallback,Xt.push(r)),o&&m(i)&&i(o[0]),o=i=void 0}),"script"}),y.createHTMLDocument=((Ut=E.implementation.createHTMLDocument("").body).innerHTML="
    ",2===Ut.childNodes.length),S.parseHTML=function(e,t,n){return"string"!=typeof e?[]:("boolean"==typeof t&&(n=t,t=!1),t||(y.createHTMLDocument?((r=(t=E.implementation.createHTMLDocument("")).createElement("base")).href=E.location.href,t.head.appendChild(r)):t=E),o=!n&&[],(i=N.exec(e))?[t.createElement(i[1])]:(i=xe([e],t,o),o&&o.length&&S(o).remove(),S.merge([],i.childNodes)));var r,i,o},S.fn.load=function(e,t,n){var r,i,o,a=this,s=e.indexOf(" ");return-1").append(S.parseHTML(e)).find(r):e)}).always(n&&function(e,t){a.each(function(){n.apply(this,o||[e.responseText,t,e])})}),this},S.expr.pseudos.animated=function(t){return S.grep(S.timers,function(e){return t===e.elem}).length},S.offset={setOffset:function(e,t,n){var r,i,o,a,s,u,l=S.css(e,"position"),c=S(e),f={};"static"===l&&(e.style.position="relative"),s=c.offset(),o=S.css(e,"top"),u=S.css(e,"left"),("absolute"===l||"fixed"===l)&&-1<(o+u).indexOf("auto")?(a=(r=c.position()).top,i=r.left):(a=parseFloat(o)||0,i=parseFloat(u)||0),m(t)&&(t=t.call(e,n,S.extend({},s))),null!=t.top&&(f.top=t.top-s.top+a),null!=t.left&&(f.left=t.left-s.left+i),"using"in t?t.using.call(e,f):("number"==typeof f.top&&(f.top+="px"),"number"==typeof f.left&&(f.left+="px"),c.css(f))}},S.fn.extend({offset:function(t){if(arguments.length)return void 0===t?this:this.each(function(e){S.offset.setOffset(this,t,e)});var e,n,r=this[0];return r?r.getClientRects().length?(e=r.getBoundingClientRect(),n=r.ownerDocument.defaultView,{top:e.top+n.pageYOffset,left:e.left+n.pageXOffset}):{top:0,left:0}:void 0},position:function(){if(this[0]){var e,t,n,r=this[0],i={top:0,left:0};if("fixed"===S.css(r,"position"))t=r.getBoundingClientRect();else{t=this.offset(),n=r.ownerDocument,e=r.offsetParent||n.documentElement;while(e&&(e===n.body||e===n.documentElement)&&"static"===S.css(e,"position"))e=e.parentNode;e&&e!==r&&1===e.nodeType&&((i=S(e).offset()).top+=S.css(e,"borderTopWidth",!0),i.left+=S.css(e,"borderLeftWidth",!0))}return{top:t.top-i.top-S.css(r,"marginTop",!0),left:t.left-i.left-S.css(r,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){var e=this.offsetParent;while(e&&"static"===S.css(e,"position"))e=e.offsetParent;return e||re})}}),S.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(t,i){var o="pageYOffset"===i;S.fn[t]=function(e){return $(this,function(e,t,n){var r;if(x(e)?r=e:9===e.nodeType&&(r=e.defaultView),void 0===n)return r?r[i]:e[t];r?r.scrollTo(o?r.pageXOffset:n,o?n:r.pageYOffset):e[t]=n},t,e,arguments.length)}}),S.each(["top","left"],function(e,n){S.cssHooks[n]=$e(y.pixelPosition,function(e,t){if(t)return t=Be(e,n),Me.test(t)?S(e).position()[n]+"px":t})}),S.each({Height:"height",Width:"width"},function(a,s){S.each({padding:"inner"+a,content:s,"":"outer"+a},function(r,o){S.fn[o]=function(e,t){var n=arguments.length&&(r||"boolean"!=typeof e),i=r||(!0===e||!0===t?"margin":"border");return $(this,function(e,t,n){var r;return x(e)?0===o.indexOf("outer")?e["inner"+a]:e.document.documentElement["client"+a]:9===e.nodeType?(r=e.documentElement,Math.max(e.body["scroll"+a],r["scroll"+a],e.body["offset"+a],r["offset"+a],r["client"+a])):void 0===n?S.css(e,t,i):S.style(e,t,n,i)},s,n?e:void 0,n)}})}),S.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(e,t){S.fn[t]=function(e){return this.on(t,e)}}),S.fn.extend({bind:function(e,t,n){return this.on(e,null,t,n)},unbind:function(e,t){return this.off(e,null,t)},delegate:function(e,t,n,r){return this.on(t,e,n,r)},undelegate:function(e,t,n){return 1===arguments.length?this.off(e,"**"):this.off(t,e||"**",n)},hover:function(e,t){return this.mouseenter(e).mouseleave(t||e)}}),S.each("blur focus focusin focusout resize scroll click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup contextmenu".split(" "),function(e,n){S.fn[n]=function(e,t){return 0+~]|"+ge+")"+ge+"*"),x=new RegExp(ge+"|>"),j=new RegExp(g),A=new RegExp("^"+t+"$"),D={ID:new RegExp("^#("+t+")"),CLASS:new RegExp("^\\.("+t+")"),TAG:new RegExp("^("+t+"|[*])"),ATTR:new RegExp("^"+p),PSEUDO:new RegExp("^"+g),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+ge+"*(even|odd|(([+-]|)(\\d*)n|)"+ge+"*(?:([+-]|)"+ge+"*(\\d+)|))"+ge+"*\\)|)","i"),bool:new RegExp("^(?:"+f+")$","i"),needsContext:new RegExp("^"+ge+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+ge+"*((?:-\\d)?\\d*)"+ge+"*\\)|)(?=[^-]|$)","i")},N=/^(?:input|select|textarea|button)$/i,q=/^h\d$/i,L=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,H=/[+~]/,O=new RegExp("\\\\[\\da-fA-F]{1,6}"+ge+"?|\\\\([^\\r\\n\\f])","g"),P=function(e,t){var n="0x"+e.slice(1)-65536;return t||(n<0?String.fromCharCode(n+65536):String.fromCharCode(n>>10|55296,1023&n|56320))},M=function(){V()},R=J(function(e){return!0===e.disabled&&fe(e,"fieldset")},{dir:"parentNode",next:"legend"});try{k.apply(oe=ae.call(ye.childNodes),ye.childNodes),oe[ye.childNodes.length].nodeType}catch(e){k={apply:function(e,t){me.apply(e,ae.call(t))},call:function(e){me.apply(e,ae.call(arguments,1))}}}function I(t,e,n,r){var i,o,a,s,u,l,c,f=e&&e.ownerDocument,p=e?e.nodeType:9;if(n=n||[],"string"!=typeof t||!t||1!==p&&9!==p&&11!==p)return n;if(!r&&(V(e),e=e||T,C)){if(11!==p&&(u=L.exec(t)))if(i=u[1]){if(9===p){if(!(a=e.getElementById(i)))return n;if(a.id===i)return k.call(n,a),n}else if(f&&(a=f.getElementById(i))&&I.contains(e,a)&&a.id===i)return k.call(n,a),n}else{if(u[2])return k.apply(n,e.getElementsByTagName(t)),n;if((i=u[3])&&e.getElementsByClassName)return k.apply(n,e.getElementsByClassName(i)),n}if(!(h[t+" "]||d&&d.test(t))){if(c=t,f=e,1===p&&(x.test(t)||m.test(t))){(f=H.test(t)&&U(e.parentNode)||e)==e&&le.scope||((s=e.getAttribute("id"))?s=ce.escapeSelector(s):e.setAttribute("id",s=S)),o=(l=Y(t)).length;while(o--)l[o]=(s?"#"+s:":scope")+" "+Q(l[o]);c=l.join(",")}try{return k.apply(n,f.querySelectorAll(c)),n}catch(e){h(t,!0)}finally{s===S&&e.removeAttribute("id")}}}return re(t.replace(ve,"$1"),e,n,r)}function W(){var r=[];return function e(t,n){return r.push(t+" ")>b.cacheLength&&delete e[r.shift()],e[t+" "]=n}}function F(e){return e[S]=!0,e}function $(e){var t=T.createElement("fieldset");try{return!!e(t)}catch(e){return!1}finally{t.parentNode&&t.parentNode.removeChild(t),t=null}}function B(t){return function(e){return fe(e,"input")&&e.type===t}}function _(t){return function(e){return(fe(e,"input")||fe(e,"button"))&&e.type===t}}function z(t){return function(e){return"form"in e?e.parentNode&&!1===e.disabled?"label"in e?"label"in e.parentNode?e.parentNode.disabled===t:e.disabled===t:e.isDisabled===t||e.isDisabled!==!t&&R(e)===t:e.disabled===t:"label"in e&&e.disabled===t}}function X(a){return F(function(o){return o=+o,F(function(e,t){var n,r=a([],e.length,o),i=r.length;while(i--)e[n=r[i]]&&(e[n]=!(t[n]=e[n]))})})}function U(e){return e&&"undefined"!=typeof e.getElementsByTagName&&e}function V(e){var t,n=e?e.ownerDocument||e:ye;return n!=T&&9===n.nodeType&&n.documentElement&&(r=(T=n).documentElement,C=!ce.isXMLDoc(T),i=r.matches||r.webkitMatchesSelector||r.msMatchesSelector,r.msMatchesSelector&&ye!=T&&(t=T.defaultView)&&t.top!==t&&t.addEventListener("unload",M),le.getById=$(function(e){return r.appendChild(e).id=ce.expando,!T.getElementsByName||!T.getElementsByName(ce.expando).length}),le.disconnectedMatch=$(function(e){return i.call(e,"*")}),le.scope=$(function(){return T.querySelectorAll(":scope")}),le.cssHas=$(function(){try{return T.querySelector(":has(*,:jqfake)"),!1}catch(e){return!0}}),le.getById?(b.filter.ID=function(e){var t=e.replace(O,P);return function(e){return e.getAttribute("id")===t}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&C){var n=t.getElementById(e);return n?[n]:[]}}):(b.filter.ID=function(e){var n=e.replace(O,P);return function(e){var t="undefined"!=typeof e.getAttributeNode&&e.getAttributeNode("id");return t&&t.value===n}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&C){var n,r,i,o=t.getElementById(e);if(o){if((n=o.getAttributeNode("id"))&&n.value===e)return[o];i=t.getElementsByName(e),r=0;while(o=i[r++])if((n=o.getAttributeNode("id"))&&n.value===e)return[o]}return[]}}),b.find.TAG=function(e,t){return"undefined"!=typeof t.getElementsByTagName?t.getElementsByTagName(e):t.querySelectorAll(e)},b.find.CLASS=function(e,t){if("undefined"!=typeof t.getElementsByClassName&&C)return t.getElementsByClassName(e)},d=[],$(function(e){var t;r.appendChild(e).innerHTML="",e.querySelectorAll("[selected]").length||d.push("\\["+ge+"*(?:value|"+f+")"),e.querySelectorAll("[id~="+S+"-]").length||d.push("~="),e.querySelectorAll("a#"+S+"+*").length||d.push(".#.+[+~]"),e.querySelectorAll(":checked").length||d.push(":checked"),(t=T.createElement("input")).setAttribute("type","hidden"),e.appendChild(t).setAttribute("name","D"),r.appendChild(e).disabled=!0,2!==e.querySelectorAll(":disabled").length&&d.push(":enabled",":disabled"),(t=T.createElement("input")).setAttribute("name",""),e.appendChild(t),e.querySelectorAll("[name='']").length||d.push("\\["+ge+"*name"+ge+"*="+ge+"*(?:''|\"\")")}),le.cssHas||d.push(":has"),d=d.length&&new RegExp(d.join("|")),l=function(e,t){if(e===t)return a=!0,0;var n=!e.compareDocumentPosition-!t.compareDocumentPosition;return n||(1&(n=(e.ownerDocument||e)==(t.ownerDocument||t)?e.compareDocumentPosition(t):1)||!le.sortDetached&&t.compareDocumentPosition(e)===n?e===T||e.ownerDocument==ye&&I.contains(ye,e)?-1:t===T||t.ownerDocument==ye&&I.contains(ye,t)?1:o?se.call(o,e)-se.call(o,t):0:4&n?-1:1)}),T}for(e in I.matches=function(e,t){return I(e,null,null,t)},I.matchesSelector=function(e,t){if(V(e),C&&!h[t+" "]&&(!d||!d.test(t)))try{var n=i.call(e,t);if(n||le.disconnectedMatch||e.document&&11!==e.document.nodeType)return n}catch(e){h(t,!0)}return 0":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(e){return e[1]=e[1].replace(O,P),e[3]=(e[3]||e[4]||e[5]||"").replace(O,P),"~="===e[2]&&(e[3]=" "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),"nth"===e[1].slice(0,3)?(e[3]||I.error(e[0]),e[4]=+(e[4]?e[5]+(e[6]||1):2*("even"===e[3]||"odd"===e[3])),e[5]=+(e[7]+e[8]||"odd"===e[3])):e[3]&&I.error(e[0]),e},PSEUDO:function(e){var t,n=!e[6]&&e[2];return D.CHILD.test(e[0])?null:(e[3]?e[2]=e[4]||e[5]||"":n&&j.test(n)&&(t=Y(n,!0))&&(t=n.indexOf(")",n.length-t)-n.length)&&(e[0]=e[0].slice(0,t),e[2]=n.slice(0,t)),e.slice(0,3))}},filter:{TAG:function(e){var t=e.replace(O,P).toLowerCase();return"*"===e?function(){return!0}:function(e){return fe(e,t)}},CLASS:function(e){var t=s[e+" "];return t||(t=new RegExp("(^|"+ge+")"+e+"("+ge+"|$)"))&&s(e,function(e){return t.test("string"==typeof e.className&&e.className||"undefined"!=typeof e.getAttribute&&e.getAttribute("class")||"")})},ATTR:function(n,r,i){return function(e){var t=I.attr(e,n);return null==t?"!="===r:!r||(t+="","="===r?t===i:"!="===r?t!==i:"^="===r?i&&0===t.indexOf(i):"*="===r?i&&-1:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i;function T(e,n,r){return v(n)?ce.grep(e,function(e,t){return!!n.call(e,t,e)!==r}):n.nodeType?ce.grep(e,function(e){return e===n!==r}):"string"!=typeof n?ce.grep(e,function(e){return-1)[^>]*|#([\w-]+))$/;(ce.fn.init=function(e,t,n){var r,i;if(!e)return this;if(n=n||k,"string"==typeof e){if(!(r="<"===e[0]&&">"===e[e.length-1]&&3<=e.length?[null,e,null]:S.exec(e))||!r[1]&&t)return!t||t.jquery?(t||n).find(e):this.constructor(t).find(e);if(r[1]){if(t=t instanceof ce?t[0]:t,ce.merge(this,ce.parseHTML(r[1],t&&t.nodeType?t.ownerDocument||t:C,!0)),w.test(r[1])&&ce.isPlainObject(t))for(r in t)v(this[r])?this[r](t[r]):this.attr(r,t[r]);return this}return(i=C.getElementById(r[2]))&&(this[0]=i,this.length=1),this}return e.nodeType?(this[0]=e,this.length=1,this):v(e)?void 0!==n.ready?n.ready(e):e(ce):ce.makeArray(e,this)}).prototype=ce.fn,k=ce(C);var E=/^(?:parents|prev(?:Until|All))/,j={children:!0,contents:!0,next:!0,prev:!0};function A(e,t){while((e=e[t])&&1!==e.nodeType);return e}ce.fn.extend({has:function(e){var t=ce(e,this),n=t.length;return this.filter(function(){for(var e=0;e\x20\t\r\n\f]*)/i,Ce=/^$|^module$|\/(?:java|ecma)script/i;xe=C.createDocumentFragment().appendChild(C.createElement("div")),(be=C.createElement("input")).setAttribute("type","radio"),be.setAttribute("checked","checked"),be.setAttribute("name","t"),xe.appendChild(be),le.checkClone=xe.cloneNode(!0).cloneNode(!0).lastChild.checked,xe.innerHTML="",le.noCloneChecked=!!xe.cloneNode(!0).lastChild.defaultValue,xe.innerHTML="",le.option=!!xe.lastChild;var ke={thead:[1,"","
    "],col:[2,"","
    "],tr:[2,"","
    "],td:[3,"","
    "],_default:[0,"",""]};function Se(e,t){var n;return n="undefined"!=typeof e.getElementsByTagName?e.getElementsByTagName(t||"*"):"undefined"!=typeof e.querySelectorAll?e.querySelectorAll(t||"*"):[],void 0===t||t&&fe(e,t)?ce.merge([e],n):n}function Ee(e,t){for(var n=0,r=e.length;n",""]);var je=/<|&#?\w+;/;function Ae(e,t,n,r,i){for(var o,a,s,u,l,c,f=t.createDocumentFragment(),p=[],d=0,h=e.length;d\s*$/g;function Re(e,t){return fe(e,"table")&&fe(11!==t.nodeType?t:t.firstChild,"tr")&&ce(e).children("tbody")[0]||e}function Ie(e){return e.type=(null!==e.getAttribute("type"))+"/"+e.type,e}function We(e){return"true/"===(e.type||"").slice(0,5)?e.type=e.type.slice(5):e.removeAttribute("type"),e}function Fe(e,t){var n,r,i,o,a,s;if(1===t.nodeType){if(_.hasData(e)&&(s=_.get(e).events))for(i in _.remove(t,"handle events"),s)for(n=0,r=s[i].length;n").attr(n.scriptAttrs||{}).prop({charset:n.scriptCharset,src:n.url}).on("load error",i=function(e){r.remove(),i=null,e&&t("error"===e.type?404:200,e.type)}),C.head.appendChild(r[0])},abort:function(){i&&i()}}});var Jt,Kt=[],Zt=/(=)\?(?=&|$)|\?\?/;ce.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var e=Kt.pop()||ce.expando+"_"+jt.guid++;return this[e]=!0,e}}),ce.ajaxPrefilter("json jsonp",function(e,t,n){var r,i,o,a=!1!==e.jsonp&&(Zt.test(e.url)?"url":"string"==typeof e.data&&0===(e.contentType||"").indexOf("application/x-www-form-urlencoded")&&Zt.test(e.data)&&"data");if(a||"jsonp"===e.dataTypes[0])return r=e.jsonpCallback=v(e.jsonpCallback)?e.jsonpCallback():e.jsonpCallback,a?e[a]=e[a].replace(Zt,"$1"+r):!1!==e.jsonp&&(e.url+=(At.test(e.url)?"&":"?")+e.jsonp+"="+r),e.converters["script json"]=function(){return o||ce.error(r+" was not called"),o[0]},e.dataTypes[0]="json",i=ie[r],ie[r]=function(){o=arguments},n.always(function(){void 0===i?ce(ie).removeProp(r):ie[r]=i,e[r]&&(e.jsonpCallback=t.jsonpCallback,Kt.push(r)),o&&v(i)&&i(o[0]),o=i=void 0}),"script"}),le.createHTMLDocument=((Jt=C.implementation.createHTMLDocument("").body).innerHTML="
    ",2===Jt.childNodes.length),ce.parseHTML=function(e,t,n){return"string"!=typeof e?[]:("boolean"==typeof t&&(n=t,t=!1),t||(le.createHTMLDocument?((r=(t=C.implementation.createHTMLDocument("")).createElement("base")).href=C.location.href,t.head.appendChild(r)):t=C),o=!n&&[],(i=w.exec(e))?[t.createElement(i[1])]:(i=Ae([e],t,o),o&&o.length&&ce(o).remove(),ce.merge([],i.childNodes)));var r,i,o},ce.fn.load=function(e,t,n){var r,i,o,a=this,s=e.indexOf(" ");return-1").append(ce.parseHTML(e)).find(r):e)}).always(n&&function(e,t){a.each(function(){n.apply(this,o||[e.responseText,t,e])})}),this},ce.expr.pseudos.animated=function(t){return ce.grep(ce.timers,function(e){return t===e.elem}).length},ce.offset={setOffset:function(e,t,n){var r,i,o,a,s,u,l=ce.css(e,"position"),c=ce(e),f={};"static"===l&&(e.style.position="relative"),s=c.offset(),o=ce.css(e,"top"),u=ce.css(e,"left"),("absolute"===l||"fixed"===l)&&-1<(o+u).indexOf("auto")?(a=(r=c.position()).top,i=r.left):(a=parseFloat(o)||0,i=parseFloat(u)||0),v(t)&&(t=t.call(e,n,ce.extend({},s))),null!=t.top&&(f.top=t.top-s.top+a),null!=t.left&&(f.left=t.left-s.left+i),"using"in t?t.using.call(e,f):c.css(f)}},ce.fn.extend({offset:function(t){if(arguments.length)return void 0===t?this:this.each(function(e){ce.offset.setOffset(this,t,e)});var e,n,r=this[0];return r?r.getClientRects().length?(e=r.getBoundingClientRect(),n=r.ownerDocument.defaultView,{top:e.top+n.pageYOffset,left:e.left+n.pageXOffset}):{top:0,left:0}:void 0},position:function(){if(this[0]){var e,t,n,r=this[0],i={top:0,left:0};if("fixed"===ce.css(r,"position"))t=r.getBoundingClientRect();else{t=this.offset(),n=r.ownerDocument,e=r.offsetParent||n.documentElement;while(e&&(e===n.body||e===n.documentElement)&&"static"===ce.css(e,"position"))e=e.parentNode;e&&e!==r&&1===e.nodeType&&((i=ce(e).offset()).top+=ce.css(e,"borderTopWidth",!0),i.left+=ce.css(e,"borderLeftWidth",!0))}return{top:t.top-i.top-ce.css(r,"marginTop",!0),left:t.left-i.left-ce.css(r,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){var e=this.offsetParent;while(e&&"static"===ce.css(e,"position"))e=e.offsetParent;return e||J})}}),ce.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(t,i){var o="pageYOffset"===i;ce.fn[t]=function(e){return M(this,function(e,t,n){var r;if(y(e)?r=e:9===e.nodeType&&(r=e.defaultView),void 0===n)return r?r[i]:e[t];r?r.scrollTo(o?r.pageXOffset:n,o?n:r.pageYOffset):e[t]=n},t,e,arguments.length)}}),ce.each(["top","left"],function(e,n){ce.cssHooks[n]=Ye(le.pixelPosition,function(e,t){if(t)return t=Ge(e,n),_e.test(t)?ce(e).position()[n]+"px":t})}),ce.each({Height:"height",Width:"width"},function(a,s){ce.each({padding:"inner"+a,content:s,"":"outer"+a},function(r,o){ce.fn[o]=function(e,t){var n=arguments.length&&(r||"boolean"!=typeof e),i=r||(!0===e||!0===t?"margin":"border");return M(this,function(e,t,n){var r;return y(e)?0===o.indexOf("outer")?e["inner"+a]:e.document.documentElement["client"+a]:9===e.nodeType?(r=e.documentElement,Math.max(e.body["scroll"+a],r["scroll"+a],e.body["offset"+a],r["offset"+a],r["client"+a])):void 0===n?ce.css(e,t,i):ce.style(e,t,n,i)},s,n?e:void 0,n)}})}),ce.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(e,t){ce.fn[t]=function(e){return this.on(t,e)}}),ce.fn.extend({bind:function(e,t,n){return this.on(e,null,t,n)},unbind:function(e,t){return this.off(e,null,t)},delegate:function(e,t,n,r){return this.on(t,e,n,r)},undelegate:function(e,t,n){return 1===arguments.length?this.off(e,"**"):this.off(t,e||"**",n)},hover:function(e,t){return this.on("mouseenter",e).on("mouseleave",t||e)}}),ce.each("blur focus focusin focusout resize scroll click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup contextmenu".split(" "),function(e,n){ce.fn[n]=function(e,t){return 0 Date: Thu, 21 Sep 2023 15:01:11 +0300 Subject: [PATCH 32/34] check the entire cou tree for a match when calculating action permissions --- app/Controller/CoPeopleController.php | 32 ++++++++++++++++++++++++++- app/View/CoPeople/fields.inc | 2 +- 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/app/Controller/CoPeopleController.php b/app/Controller/CoPeopleController.php index 0b5ab3bee..0b45a3de5 100644 --- a/app/Controller/CoPeopleController.php +++ b/app/Controller/CoPeopleController.php @@ -237,6 +237,14 @@ public function beforeRender() { $args['contain'] = false; $this->set('vv_vetting_step_count', $this->Co->VettingStep->find('count', $args)); + + // Calculate COU node path from root in case the role COU has a parent id. + foreach($this->viewVars["co_people"][0]["CoPersonRole"] as $idx => $prole) { + if(isset($prole['Cou']['id'])) { + // Add the path to parent node under the COU record + $this->viewVars["co_people"][0]["CoPersonRole"][$idx]["Cou"]["path"] = $this->constructTreeParentPath($prole['Cou']['id']); + } + } } parent::beforeRender(); @@ -474,7 +482,29 @@ public function compare($id) { $this->view($id); } } - + + /** + * Create path from parent + * + * @param int $nodeId The ID of the node + * @return string The path + * + * @since COmanage Registry v4.3.0 + */ + public function constructTreeParentPath($nodeId) { + if(empty($nodeId)) return ""; + if(!$this->CoPerson->CoPersonRole->Cou->Behaviors->enabled('Tree')) { + return ""; + } + + $parents = $this->CoPerson->CoPersonRole->Cou->getPath($nodeId); + + if(empty($parents)) return ""; + + $parent_names = Hash::extract($parents, '{n}.Cou.name'); + return implode(" / ", $parent_names); + } + /** * Expunge (delete with intelligent clean up) a CO Person. * - precondition: must exist diff --git a/app/View/CoPeople/fields.inc b/app/View/CoPeople/fields.inc index 4e9f548dd..0355e5545 100644 --- a/app/View/CoPeople/fields.inc +++ b/app/View/CoPeople/fields.inc @@ -1105,7 +1105,7 @@ // Action Column if ($es // Editing self || empty($r['Cou']) // No COU set for this person - || (isset($r['Cou']['name']) && in_array($r['Cou']['name'], $permissions['cous'])) + || (isset($r['Cou']['name']) && in_array($r['Cou']['path'], $permissions['cous'])) ) // Admin for the COU { // COU Admins can only edit their own folks, so we need a bit of From d99adb32f179940deef3faeefc7def5fa0f63c4c Mon Sep 17 00:00:00 2001 From: Scott Koranda Date: Fri, 22 Sep 2023 12:14:12 -0500 Subject: [PATCH 33/34] container add CSP headers to Apache config (CO-2705) --- container/registry/base/comanage_utils.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/container/registry/base/comanage_utils.sh b/container/registry/base/comanage_utils.sh index e270143f8..3f13316bd 100644 --- a/container/registry/base/comanage_utils.sh +++ b/container/registry/base/comanage_utils.sh @@ -1348,6 +1348,8 @@ ServerName ${COMANAGE_REGISTRY_VIRTUAL_HOST_SCHEME:-http}://${COMANAGE_REGISTRY_ UseCanonicalName On UseCanonicalPhysicalPort On +Header set Content-Security-Policy "frame-ancestors 'self';" + EOF } @@ -1375,6 +1377,7 @@ UseCanonicalName On UseCanonicalPhysicalPort On Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" +Header always set Content-Security-Policy "frame-ancestors 'self';" SSLEngine on SSLProtocol all -SSLv2 -SSLv3 From 0562175be0348870b311d342205df60b386a6254 Mon Sep 17 00:00:00 2001 From: Shayna Atkinson Date: Fri, 29 Sep 2023 09:18:20 -0400 Subject: [PATCH 34/34] change buldpec labels to 4.3.0 --- container/aws/buildspec/aws_buildspec.yml | 2 +- container/aws/buildspec/aws_buildspec_manifest.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/container/aws/buildspec/aws_buildspec.yml b/container/aws/buildspec/aws_buildspec.yml index 7d343c1ac..ae3d483d7 100644 --- a/container/aws/buildspec/aws_buildspec.yml +++ b/container/aws/buildspec/aws_buildspec.yml @@ -3,7 +3,7 @@ version: 0.2 env: shell: bash variables: - LABEL: "4.3.0-rc2" + LABEL: "4.3.0" exported-variables: - LABEL diff --git a/container/aws/buildspec/aws_buildspec_manifest.yml b/container/aws/buildspec/aws_buildspec_manifest.yml index c5e1bd008..35d66ae2a 100644 --- a/container/aws/buildspec/aws_buildspec_manifest.yml +++ b/container/aws/buildspec/aws_buildspec_manifest.yml @@ -3,7 +3,7 @@ version: 0.2 env: shell: bash variables: - LABEL: "4.3.0-rc2" + LABEL: "4.3.0" exported-variables: - LABEL