Dependency upgrades (#13)

.gitignore

@@ -7,5 +7,5 @@
 /dist/*.war.MD5
 /release
 /.vscode
-*.zip
-/ssb/components/iiq*/**/*.jar
+/ssb/components/**/*.zip
+/ssb/components/iiq*/**/*.jar

README.md

@@ -10,22 +10,21 @@ If you were previously on v1, v2 has breaking changes. The `src` folder has been
 ## SailPoint Binaries
 
 Please note that IdentityIQ is closed source so you first need to get a license for IdentityIQ.
-To do this, go to <https://community.sailpoint.com/> to download the software (identityiq-8.1.zip & identityiq-8.1p2.jar & 1_ssb-v6.1.zip).
+To do this, go to <https://community.sailpoint.com/> to download the software (identityiq-8.1.zip & identityiq-8.1p3.jar & ssb-v7.zip).
 
 The file identityiq-8.1.zip can currently be found at: <https://community.sailpoint.com/t5/IdentityIQ-Server-Software/IdentityIQ-8-1/ta-p/158175>
 
-The file identityiq-8.1p2.jar can currently be found at: <https://community.sailpoint.com/t5/IdentityIQ-Server-Software/IdentityIQ-8-1p2/ta-p/182114>
+The file identityiq-8.1p3.jar can currently be found at: <https://community.sailpoint.com/t5/IdentityIQ-Server-Software/IdentityIQ-8-1p3/ta-p/190689>
 
-The file 1_ssb-v6.1.zip can currently be found at: <https://community.sailpoint.com/t5/Services-Standard-Deployment/Services-Standard-Build-SSB-v6-1/ta-p/76056>
+The file ssb-v7.zip can currently be found at: <https://community.sailpoint.com/t5/Professional-Services/Services-Standard-Build-SSB-v7/ta-p/190496>
 
 Once you clone the repository, you will put the downloaded files into the proper ssb folders within components to get started.
 
 The file locations should be as follows:
 
  * `identityiq-8.1.zip`: ssb => components => iiq8.1 => base => ga
- * `identityiq-8.1p2.jar`: ssb => components => iiq8.1 => base => patch
- * `1_ssb-v6.1.zip`: ssb => components => ssb-v6.1
-     * This must also be renamed to `ssb-v6.1.zip`
+ * `identityiq-8.1p3.jar`: ssb => components => iiq8.1 => base => patch
+ * `ssb-v7.zip`: ssb => components => ssb-v7
 
 This does not include **ANY** SailPoint proprietary code and can only be used if you get these binaries from Compass.
 
@@ -63,7 +62,7 @@ Add the following `127.0.0.1 dev.icam.local`
 
 # Description
 
-This installation will provide you a working instance of SailPoint IdentityIQ 8.1p2 running with OpenJDK and Tomcat 9 in a Docker container.
+This installation will provide you a working instance of SailPoint IdentityIQ 8.1p3 running with OpenJDK and Tomcat 9 in a Docker container.
 
 An additional container is built utilizing MySQL to host the IdentityIQ database and an Apache HTTP Server proxying the connections back to Tomcat.
 

ssb/build.bat

@@ -10,14 +10,9 @@ rem
 
 if EXIST build-lib\ant GOTO RUN_SSB
 
-echo "Unzipping Ant from SSB"
-mkdir t
-powershell.exe -nologo -noprofile -command "& { Add-Type -A 'System.IO.Compression.FileSystem'; [IO.Compression.ZipFile]::ExtractToDirectory('components\ssb-v6.1\ssb-v6.1.zip', 't'); }"
-move t\lib\ant build-lib\
-rmdir /S /Q t
-
-mv build-lib/lib/ant build-lib
-rmdir build-lib/lib
+echo "Unzipping Ant"
+powershell.exe -nologo -noprofile -command "& { Add-Type -A 'System.IO.Compression.FileSystem'; [IO.Compression.ZipFile]::ExtractToDirectory('build-lib/apache-ant-1.10.10-bin.zip', 'build-lib'); }"
+ren build-lib\apache-ant-1.10.10 build-lib\ant
 
 :RUN_SSB
 build-lib\ant\bin\ant.bat -logger org.apache.tools.ant.listener.ProfileLogger %*

ssb/build.sh

@@ -7,10 +7,9 @@
 #
 
 if [ ! -d build-lib/ant ]; then
-    echo "Unzipping Ant from SSB"
-    unzip -q components/ssb-v6.1/ssb-v6.1.zip 'lib/ant/**' -d 'build-lib'
-    mv build-lib/lib/ant build-lib
-    rmdir build-lib/lib
+    echo "Unzipping Ant"
+    unzip -q build-lib/apache-ant-1.10.10-bin.zip -d 'build-lib'
+    mv build-lib/apache-ant-1.10.10 build-lib/ant
     chmod +x build-lib/ant/bin/ant
 fi
 

ssb/build.xml

@@ -1,5 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project name="com.ue.sailpoint.build" default="war">
+<project name="com.ue.sailpoint.build" default="war"
+xmlns:if="ant:if"
+xmlns:unless="ant:unless">
 
     <!--
         Default is to build local-dev.  To override target environment, add the
@@ -19,7 +21,7 @@
 
     <!-- local-dev is default value - set from command line with -Due.env=FOO -->
     <property name="ue.env" value="local-dev" />
-    <property name="ue.env.ssb" value="ssb-v6.1" />
+    <property name="ue.env.ssb" value="ssb-v7" />
 
     <!-- Constants for where things are -->
     <property name="ue.envconfig.path" value="./envconfig/${ue.env}" />
@@ -30,11 +32,10 @@
 
     <property name="ue.dist.releasedir" location="../release/" />
 
-    <!-- Location of libraries -->
-    <property name="ue.lib.antcontrib" location="build-lib/ant-contrib-1.0b3.jar" />
+    <!-- Location of libraries, location is inside extracted SSB -->
+    <property name="ue.lib.antcontrib" location="./build/lib/ant-contrib-1.0b3.jar" />
 
-    <!-- Load AntContrib -->
-    <taskdef resource="net/sf/antcontrib/antlib.xml" classpath="${ue.lib.antcontrib}" />
+
 
     <!-- loadConfig - Loads all configuration settings -->
     <target name="loadConfig">
@@ -70,6 +71,8 @@
 
         <echo message="****** Copying binaries" />
         <unzip src="components/${ue.env.ssb}/${ue.env.ssb}.zip" dest="${ue.build.workdir}" overwrite="true"/>
+        <!-- Load AntContrib -->
+        <taskdef resource="net/sf/antcontrib/antlib.xml" classpath="${ue.lib.antcontrib}" />
         <echo message="****** Removing example scripts" />
         <delete dir="${ue.build.workdir}/scripts" includes="build.custom*" />
 
@@ -108,6 +111,10 @@
                 <exclude name="**/archive/**"/>
             </fileset>
         </copy>
+        <echo message="******************************************" />
+        <echo message="*** Executing Target Properties against Plugins" />
+        <echo message="******************************************" />
+        <replace dir="${ue.build.workdir}/pluginsrc" replacefilterfile="${ue.build.workdir}/${ue.env}.target.properties" includes="**/*.xml" encoding="UTF-8"/>
     </target>
 
     <!-- buildWar - Calls the SailPoint SSB to build the war

ssb/envconfig/local-dev/build.properties

@@ -5,7 +5,7 @@
 ######################################################
 ue.dist.ver=2.0.2
 IIQVersion=8.1
-IIQPatchLevel=p2
+IIQPatchLevel=p3
 
 ######################################################
 ### Properties that vary by environment
@@ -22,8 +22,7 @@ ue.keepDevDocs=true
 webXmlSessionTimeout=600
 
 # Database type
-# mysql in local dev, sqlserver in DC2
-#db.type=sqlserver
+# mysql in local dev
 db.type=mysql
 
 ######################################################

ssb/envconfig/local-dev/components.txt

@@ -1,3 +1,3 @@
 iiq8.1
-ssb-v6.1
-ue-configuration
+ssb-v7
+ue-configuration

uedocker/ICAM-TOMCAT/Dockerfile

@@ -42,15 +42,15 @@ RUN ln -sf /usr/local/tomcat /ue/iiq/tomcat && \
     rm -rf /usr/local/tomcat/logs && \
     ln -sfT /ue/logs/tomcat /usr/local/tomcat/logs && \
     mkdir /ue/iiq/tomcat/webapps/ue && \
-    ln -sfT /usr/lib/jvm/java-8-openjdk-amd64 /ue/java && \
-    ln -sfT /usr/lib/jvm/java-8-openjdk-amd64 /ue/iiq/java && \
+    ln -sfT $JAVA_HOME /ue/java && \
+    ln -sfT $JAVA_HOME /ue/iiq/java && \
     ln -sfT /ue/iiq/tomcat/webapps/ue/WEB-INF /ue/iiq/WEB-INF
 
 #
 # ADD OUR DEV CERTS TO THE JAVA TRUST CHAIN
 #
 ADD dev.icam.local.cer .
-RUN keytool -importcert -noprompt -trustcacerts -alias 'dev.icam.local' -file dev.icam.local.cer -keystore /etc/ssl/certs/java/cacerts -storepass changeit -v && \
+RUN keytool -importcert -noprompt -trustcacerts -alias 'dev.icam.local' -file dev.icam.local.cer -keystore /ue/java/lib/security/cacerts -storepass changeit -v && \
     rm dev.icam.local.cer
 
 #
@@ -101,6 +101,10 @@ ENV CATALINA_OPTS="-Xms512M -Xmx1024M -XX:+UseG1GC ${JAVA_DEBUG_OPTS} ${JMX_OPTS
 EXPOSE 8080
 EXPOSE 8000
 EXPOSE 8001
+EXPOSE 8009
+
+COPY server.xml /usr/local/tomcat/conf/
+
 VOLUME [ "/ue/logs/tomcat", "/usr/local/tomcat/webapps/ue", "/ue/iiq/scripts" ]
 
 #

uedocker/ICAM-TOMCAT/server.xml

@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<Server port="-1" shutdown="SHUTDOWN">
+  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/>
+  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+  <GlobalNamingResources>
+    <Resource name="UserDatabase" auth="Container"
+              type="org.apache.catalina.UserDatabase"
+              description="User database that can be updated and saved"
+              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+              pathname="conf/tomcat-users.xml" />
+  </GlobalNamingResources>
+
+  <Service name="Catalina">
+    <Connector URIEncoding="UTF-8" port="8080" protocol="HTTP/1.1"
+              connectionTimeout="20000"
+              redirectPort="443"
+              />
+    <Connector URIEncoding="UTF-8" port="8009" protocol="AJP/1.3"
+              redirectPort="443"
+              address="0.0.0.0"
+              secretRequired="false"
+              allowedRequestAttributesPattern=".*"
+              />
+
+
+    <Engine name="Catalina" defaultHost="localhost">
+
+      <Realm className="org.apache.catalina.realm.LockOutRealm" failureCount="5" lockOutTime="600">
+        <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
+      </Realm>
+
+      <Host name="localhost"  appBase="webapps" unpackWARs="true">
+        <Valve className="org.apache.catalina.valves.ErrorReportValve" showServerInfo="false" showReport="false"/>
+        <Valve className="org.apache.catalina.valves.RemoteIpValve" requestAttributesEnabled="true" />
+        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+               prefix="localhost_access_log" suffix=".txt"
+               pattern="%h %l %u %t &quot;%r&quot; %s %b"
+               requestAttributesEnabled="true"/>
+      </Host>
+    </Engine>
+  </Service>
+</Server>

uedocker/docker-compose.yml

@@ -1,5 +1,5 @@
 # docker-compose.yaml
-version: '2'
+version: '3.8'
 
 volumes:
   db_volume: # Separate persistent volume for the DB data
@@ -8,44 +8,45 @@ services:
   db:
     build: ./ICAM-MYSQL
     expose:
-       - "3306"
+      - "3306"
     ports:
-       - "3306:3306" # For dev debugging
+      - "3306:3306" # For dev debugging
     volumes:
       - "db_volume:/var/lib/mysql"
       - "./volumes/app-ue:/ue/iiq/tomcat/webapps/ue:rw"
       - "./volumes/app-scripts:/ue/iiq/scripts:ro"
+    hostname: mysql.icam.local
+
   app:
     build: ./ICAM-TOMCAT
     depends_on:
-       - db
-    links:
-       - db:mysql.icam.local
+      - db
     expose:
-       - "8009"
+      - "8009"
     ports:
-       - "8080:8080" # For dev debugging - HTTP interface
-       - "8000:8000" # For dev debugging - Java debug (if enabled in Dockerfile)
-       - "8001:8001" # For dev debugging - JMX (if enabled in Dockerfile)
+      - "8080:8080" # For dev debugging - HTTP interface
+      - "8000:8000" # For dev debugging - Java debug (if enabled in Dockerfile)
+      - "8001:8001" # For dev debugging - JMX (if enabled in Dockerfile)
     volumes:
-       - "./volumes/app-logs:/ue/logs/tomcat"
-       - "./volumes/app-ue:/usr/local/tomcat/webapps/ue"
-       - "./volumes/app-scripts:/ue/iiq/scripts:ro"
+      - "./volumes/app-logs:/ue/logs/tomcat"
+      - "./volumes/app-ue:/usr/local/tomcat/webapps/ue"
+      - "./volumes/app-scripts:/ue/iiq/scripts:ro"
+    hostname: iiq.icam.local
+
   web: # Note: URL is http://dev.icam.local/ue
     build: ./ICAM-HTTPD
     depends_on:
-       - app
-    links:
-       - app:iiq.icam.local
+      - app
     ports:
-       - "443:443"
-       - "80:80"
+      - "443:443"
+      - "80:80"
     volumes:
-       - "./volumes/web-logs:/ue/logs/httpd"
+      - "./volumes/web-logs:/ue/logs/httpd"
+
   mail: # Note: URL is http://dev.icam.local:8025
     build: ./ICAM-MAIL
     depends_on:
-       - app
+      - app
     ports:
-       - "1025:1025" # smtp server
-       - "8025:8025" # web ui
+      - "1025:1025" # smtp server
+      - "8025:8025" # web ui