grouper-study - RE: [grouper-users] Containerized Grouper and Secrets
Subject: grouper-study
List archive
- From: "Hyzer, Chris" <>
- To: Christopher Hubing <>, Jack Stewart <>
- Cc: "" <>, "csp study grouper" <>
- Subject: RE: [grouper-users] Containerized Grouper and Secrets
- Date: Thu, 26 Apr 2018 16:39:43 +0000
- Accept-language: en-US
- Arc-authentication-results: i=1; mx.umich.edu; iprev=pass policy.iprev=207.46.163.56 (mail-cys01nam02lp0056.outbound.protection.outlook.com); spf=pass ; dkim=pass ; dmarc=bestguesspass ; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; d=umich.edu; s=arc-2017-08-04; t=1524760787; c=relaxed/relaxed; bh=SJrbAf5zaGiHS0oxU3BlhHqNpWxvv7ZHXb+Ev6tpitY=; h=From:To:CC:Subject:Date:References:In-Reply-To; b=CXmvvbnjc3xGwiRcdWMbtbW03rjZgPl5WraiipCDPV1loqLyT7Aeuf6NhmgLLPO2AiUEtke3prF/jjaxrxpbXl75VccMQN+avsSjqA7FukPoO9mPUR8D0vTHBgiaiF8KDamqnq5MhnqKtV+NyvLpVX8aWDmcM95nt1DyY2BfT2biH3NLSA6txUa/ZjNDpXKEUwC4w9WSWNCNUJf/RwWPdu+f6ov2oqFLUmzcVtelD51N1oxZmU2Y3B0vsWaZIXQT/f2PXpG81fUhoKYMp4NaE8hzG0q9M7CnRz6/6ikTEIjqlY3o/pa31DUdPGzbeHLpNbLJTDnVufRu/WTkT2ILAw==
- Arc-seal: i=1; a=rsa-sha256; d=umich.edu; s=arc-2017-08-04; t=1524760787; cv=none; b=p2IMBGJKs/j5KIH8JlRmtypqQr4D6rIP4KnRn3oBWmOlQRe84t/pr4an2YfEa7RbBXFzNN4nmCXevplsKf0kckmqIS4QRi2schm/8Ig2WYRha4rGsc9P0xdbjzTphWq6PBi+xlR8Pt+f8+KLvcgjdx+tKV350EXVuu02f6hX9IgpZZ7+h85CqUECTlg+M1DoIgep09KpaGQPARa/UyILjd0OVoy1sJpCMqWIK+su6jL6SUcu15CU1Qp0yaMy4CncVWdl26BqDiZNoce2muUXkIDZjoZ3UaIQks22MuuCFZYov1yH2qzFeX2Q2j67aKsOXGjJoWUGZXCzQ9XJp7R2CQ==
- Authentication-results: spf=none (sender IP is ) ;
- Ironport-phdr: 9a23:HD8rwxZAn+xIqc7eyKbxc3L/LSx+4OfEezUN459isYplN5qZpsy7YR7h7PlgxGXEQZ/co6odzbaO6Oa4ASQp2tWoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7Ovr6GpLIj8Swyuu+54Dfbx9HiTahb75+Ngm6oRnMvcQKnIVuLbo8xAHUqXVSYeRWwm1oJVOXnxni48q74YBu/SdNtf8/7sBMSar1cbg2QrxeFzQmLns65Nb3uhnZTAuA/WUTX2MLmRdVGQfF7RX6XpDssivms+d2xSeXMdHqQb0yRD+v9LlgRgP2hygbNj456GDXhdJ2jKJHuxKquhhzz5fJbI2JKPZye6XQds4YS2VcRMZcTyxPDJ2hYYsTAeQPPuhYoIv8p1QSohWxChKhBP/0xTNUmnP6wbE23uYnHArb3AIgBdUOsHHModn7NqkTUeG0w7fSzTnbcvhbxzf96JLJchA6r/2HQLV9cc/NxkkvFwLEj0ufqZb+MjOUzeQCr3KX7/d4Ve2xjW4nrRt9rSayyccxk4TEgJ8exF7D9SV82ok1JNu4RVZ6Yd6iDJtfqTuaN41oTcM+XW1kojg1xaAbuZO9YSMEy4wnygbRZvGHaYSE/xPuWPuLLTtmhH9od6iziwux/EWj0uHwS8e53EpQoidBj9XArG4B2wHX58SdV/dw/Eas1S6B1w/N6exIPUU5mK/FJJI82LE9kp8evErdEiL3gkr7iaybelgq+uWt9ejrfqnpqoGaOoRpkA/xKL4ulda6AekgMggBQWyb+eOk2b3//E35RrVLguQqnajZsJDbJd4bqbSnDA9J0oYv8QiwDzi80NsGhnkHN0hJdwidg4jsIV7OIfT4Ae2ig1SpkTdk2/DGMqf/DZrQM3jPiLbhfbBj5E5A0Ac+w9BS64hJBrwAPf7/QFH9udzXAxMjLgC5wOXqBM141owEWGKPBqGZMLnVsV+N/u8gP/KMZJcPtDbmN/gl+uPhjH8jlV8SZ6mp2oYXaGimEfR8OkmWf2Dsgs0GEWcQpQozV/HqiFiDUTFPZ3a+Rbwz6SwmCI6+F4fMWpitgKCd3Ce8BpBWaXpGCleREXfwaYqEQe4AaDmOIs98jzMFVaOsS4sg1RG1qA/60KRrIvDV+i0eqZLsysJ15+vNmhEu6zB4FdqS3HyQTzI8omRdbD8s3btjplR9x03L8bVygvpXXYhY5+5DUwE1HZ/a0+FgDd3uAETMcsrfDB6ES96lSQotQ8042cNGN0N/AMmvkTje2iuhA/kYm6HdV7Iu9aeJlVjgNctnjz7t1LMglBNuFs5ENXy0i7RX9hPYQZPRnkOf0aumaPJPj2b26G6fwD/W7wljWwlqXPCABChHaw==
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
Fyi grouper config can happen in env vars, also the sources.xml can be
migrated to subject.properties
https://spaces.internet2.edu/display/Grouper/Grouper+configuration+overlay#Grouperconfigurationoverlay-Environmentvariables
https://spaces.internet2.edu/display/Grouper/Grouper+sources.xml+conversion+to+subject.properties
Thanks
Chris
-----Original Message-----
From:
[mailto:]
On Behalf Of Christopher Hubing
Sent: Wednesday, April 25, 2018 1:00 PM
To: Jack Stewart
<>
Cc:
;
csp study grouper
<>
Subject: Re: [grouper-users] Containerized Grouper and Secrets
For I2, we are storing secret things in an encrypted S3 bucket. The build
host has access to read from it, and then pushes the images to a private
Elastic Container Repo. The containers run in ECS.
Here's an example of our Dockerfile for the UI:
https://github.internet2.edu/gist/chubing/c4e663ab5a39fb73dccdcd748a92c5fe
Since the new Grouper container is pushed to Dockerhub (and have tags for
patches), it should make it pretty easy to manange (hopefully).
-c
On Wed, 25 Apr 2018, Jack Stewart wrote:
> Everyone,
> I would like to start out by saying that the new role-based Grouper
> containers are great! It was very easy to build the images.
>
> Now my question is, what are other schools doing with regard to their
> Grouper configurations? Are you "burning them into" storing them in the
> containers themselves, or are you using
> secrets?
>
> Converting an application like Grouper to use secrets would be a LOT of
> work. Effectively, you would need to convert all of the settings to
> environment variables. How would you deal with
> the sources.xml files which, by design, need to be customized?
>
> Many thanks,
> Jack
>
>
> --
> Jack Stewart
> Solutions Architect, Identity and Access Management
> University of Michigan
> 4251 Plymouth Road
> Ann Arbor, Michigan 48105-3640
> (734) 764-0853
>
>
- Containerized Grouper and Secrets, Jack Stewart, 04/25/2018
- Re: [grouper-users] Containerized Grouper and Secrets, Christopher Hubing, 04/25/2018
- RE: [grouper-users] Containerized Grouper and Secrets, Hyzer, Chris, 04/26/2018
- Re: [grouper-users] Containerized Grouper and Secrets, Jack Stewart, 04/26/2018
- Re: [grouper-users] Containerized Grouper and Secrets, John Schrader, 04/29/2018
- Re: [grouper-users] Containerized Grouper and Secrets, Christopher Hubing, 04/30/2018
- Re: [grouper-users] Containerized Grouper and Secrets, John Schrader, 04/29/2018
- Re: [grouper-users] Containerized Grouper and Secrets, Jack Stewart, 04/26/2018
- RE: [grouper-users] Containerized Grouper and Secrets, Hyzer, Chris, 04/26/2018
- Re: [grouper-users] Containerized Grouper and Secrets, Greg Haverkamp, 04/25/2018
- Re: [grouper-users] Containerized Grouper and Secrets, Christopher Hubing, 04/25/2018
Archive powered by MHonArc 2.6.19.