Closed alexstuart closed 9 months ago
Trying to figure out what profiles are running. Running samlmd.aggregates.generate
executes the pipelines:
uk_statisticsPipeline
uk_exportPipeline
nonSelectedItemPipeline
uk_exportPreviewPipeline
nonSelectedItemPipeline#1
uk_int_edugain_importPipeline
uk_productionPipeline
uk_fallbackPipeline
uk_wayfPipeline
CDSAllPipeline
WugenPipeline
I think the "eduGAIN profile" that we're working towards can be defined as the checks that we do on import from eduGAIN, and then to the uk_productionPipeline
.
I think this is the set of checks related to an eduGain Entity. These are just what I see as the checks by name—possible I've missed something:
<!--
Checks for uk_int_edugain_importPipeline
-->
<bean id="uk_int_edugain_importPipeline" parent="mda.SimplePipeline">
<property name="stages">
<list>
<ref bean="int_edugain_productionEntities"/>
<ref bean="standardImportActions"/>
<ref bean="edugainPolicy"/>
</list>
</property>
</bean>
<bean id="int_edugain_productionEntities" parent="mda.CompositeStage">
<property name="composedStages">
<list>
<ref bean="check_validUntil"/>
</list>
</property>
</bean>
<bean id="standardImportActions" parent="mda.CompositeStage">
<property name="composedStages">
<list>
<ref bean="checkSchemas"/>
<ref bean="CHECK_std"/>
<ref bean="check_namespaces"/>
<bean id="checkCertificates" parent="mda.X509ValidationStage">
</bean>
</list>
</property>
</bean>
<bean id="edugainPolicy" parent="mda.CompositeStage">
<property name="composedStages">
<list>
<bean id="checkScopes" parent="inc.stage_parent" class="uk.org.iay.incommon.mda.dom.saml.shib.ScopeValidationStage">
</bean>
<ref bean="check_hasreginfo"/>
<ref bean="check_ukf_compromised"/>
</list>
</property>
</bean>
<!--
Checks for uk_productionPipeline
-->
<bean id="uk_productionPipeline" parent="mda.SimplePipeline">
<property name="stages">
<list>
<ref bean="checkPublishable"/>
</list>
</property>
</bean>
<bean id="checkPublishable" parent="mda.CompositeStage">
<property name="composedStages">
<list>
<ref bean="checkSchemas"/>
<ref bean="check_aggregate"/>
<ref bean="check_filtered"/>
<ref bean="check_namespaces"/>
</list>
</property>
</bean>
<bean id="CHECK_std" parent="mda.CompositeStage">
<property name="composedStages">
<list>
<ref bean="check_adfs"/>
<ref bean="check_algsupport"/>
<ref bean="check_bindings"/>
<ref bean="check_cr"/>
<ref bean="check_entityid_prefix"/>
<ref bean="check_hoksso"/>
<ref bean="check_idpdisc"/>
<ref bean="check_idp_tls"/>
<ref bean="check_incmd"/>
<ref bean="check_init"/>
<ref bean="check_mdattr"/>
<ref bean="check_mdiop"/>
<ref bean="check_mdrpi"/>
<ref bean="check_mdui"/>
<ref bean="check_misc"/>
<ref bean="check_rands"/>
<ref bean="check_coco_v2"/>
<ref bean="check_reqattr"/>
<ref bean="check_saml1"/>
<ref bean="check_saml2"/>
<ref bean="check_saml2_lang"/>
<ref bean="check_saml2int"/>
<ref bean="check_saml2meta"/>
<ref bean="check_saml_strings"/>
<ref bean="check_shib_noregscope"/>
<ref bean="check_shibboleth"/>
<ref bean="check_sirtfi"/>
<ref bean="check_sp_tls"/>
<ref bean="check_uk_algorithms"/>
<ref bean="check_uk_trust"/>
</list>
</property>
</bean>
flattened:
check_validUntil
checkSchemas
check_adfs
check_algsupport
check_bindings
check_cr
check_entityid_prefix
check_hoksso
check_idpdisc
check_idp_tls
check_incmd
check_init
check_mdattr
check_mdiop
check_mdrpi
check_mdui
check_misc
check_rands
check_coco_v2
check_reqattr
check_saml1
check_saml2
check_saml2_lang
check_saml2int
check_saml2meta
check_saml_strings
check_shib_noregscope
check_shibboleth
check_sirtfi
check_sp_tls
check_uk_algorithms
check_uk_trust
check_namespaces
checkCertificates
checkScopes
check_hasreginfo
check_ukf_compromised
checkSchemas
check_aggregate
check_filtered
check_namespaces
If two or more people are independently adding new checks and associated tests, there can be a bottleneck landing PRs. This happens because the checks are added to the list in default-validator-stages.xml and two PRs would add different checks to the same file. Consequently the PRs cannot be merged as a fast-forward.
This issue is to bring forward all the additions to the
default-validator-stages.xml
file so that we can parallelise adding tests.Some things that @philsmart, @iay and I agreed on: