blob: 03cf45c7cc1f29c7347bb2bb7a1bd245e7097343 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
|
#!/bin/bash
HOSTPORT="127.0.0.1:3904"
KEYDIR="."
# dictionary of API Keys and the tpics owned by each API key
declare -A topics
topics=( \
["anonymous"]="APPC-CL APPC-TEST2 PDPD-CONFIGURATION POLICY-CL-MGT DCAE-CL-EVENT unauthenticated.SEC_MEASUREMENT_OUTPUT unauthenticated.TCA_EVENT_OUTPUT " \
["apikey-SDC1"]="SDC-DISTR-NOTIF-TOPIC-SDC-OPENSOURCE-ENV1 SDC-DISTR-STATUS-TOPIC-SDC-OPENSOURCE-ENV1" \
["apikey-APPC1"]="APPC-TEST1" \
["apikey-PORTAL1"]="ECOMP-PORTAL-INBOX" \
["apikey-PORTALAPP1"]="ECOMP-PORTAL-OUTBOX-APP1" \
["apikey-PORTALDBC1"]="ECOMP-PORTAL-OUTBOX-DBC1" \
["apikey-PORTALSDC1"]="ECOMP-PORTAL-OUTBOX-SDC1" \
["apikey-PORTALVID1"]="ECOMP-PORTAL-OUTBOX-VID1" \
["apikey-PORTALPOL1"]="ECOMP-PORTAL-OUTBOX-POL1" \
)
# dictionary of producers for each topic
declare -A acl_producers
acl_producers=(\
["SDC-DISTR-NOTIF-TOPIC-SDC-OPENSOURCE-ENV1"]="apikey-sdc1" \
["SDC-DISTR-STATUS-TOPIC-SDC-OPENSOURCE-ENV1"]="apikey-sdc1" \
["ECOMP-PORTAL-INBOX"]="apikey-PORTALAPP1 apikey-PORTALDBC1 apikey-PORTALSDC1 apikey-PORTALVID1 apikey-PORTALPOL1" \
["ECOMP-PORTAL-OUTBOX-APP1"]="apikey-PORTAL1" \
["ECOMP-PORTAL-OUTBOX-DBC1"]="apikey-PORTAL1" \
["ECOMP-PORTAL-OUTBOX-SDC1"]="apikey-PORTAL1" \
["ECOMP-PORTAL-OUTBOX-VID1"]="apikey-PORTAL1" \
["ECOMP-PORTAL-OUTBOX-POL1"]="apikey-PORTAL1" \
["APPC-TEST1"]="apikey-APPC1" \
)
# dictionary of consumers for each topic
declare -A acl_consumers
acl_consumers=(\
["SDC-DISTR-NOTIF-TOPIC-SDC-OPENSOURCE-ENV1"]="apikey-sdc1" \
["SDC-DISTR-STATUS-TOPIC-SDC-OPENSOURCE-ENV1"]="apikey-sdc1" \
["ECOMP-PORTAL-INBOX"]="apikey-PORTAL1" \
["ECOMP-PORTAL-OUTBOX-APP1"]="apikey-PORTALAPP1" \
["ECOMP-PORTAL-OUTBOX-DBC1"]="apikey-PORTALDBC1" \
["ECOMP-PORTAL-OUTBOX-SDC1"]="apikey-PORTALSDC1" \
["ECOMP-PORTAL-OUTBOX-VID1"]="apikey-PORTALVID1" \
["ECOMP-PORTAL-OUTBOX-POL1"]="apikey-PORTALPOL1" \
["APPC-TEST1"]="apikey-APPC1" \
)
myrun () {
CMD="$1"
echo "CMD:[$CMD]"
eval $CMD
}
getowner () {
local -n outowner=$2
target_topic="$1"
echo "look for owner for $target_topic"
for o in "${!topics[@]}"; do
keytopics=${topics[$o]}
for topic in ${keytopics}; do
if [ "$topic" == "-" ]; then
continue
fi
if [ "$topic" == "$target_topic" ]; then
echo "found owner $o"
outowner=$o
return
fi
done
done
}
add_acl () {
acl_group="$1"
topic="$2"
client="$3"
echo " adding $client to group $acl_group for topic $2"
getowner "$topic" owner
echo "==owner for $topic is $owner"
if [ -z "$owner" ]; then
echo "No owner API key found for topic $topic"
#exit
fi
OWNER_API_KEYFILE="${KEYDIR}/${owner}.key"
if [ ! -e $API_KEYFILE ]; then
echo "No API key file $OWNER_API_KEYFILE for owner $owner of topic $topic, exit "
#exit
fi
CLIENT_API_KEYFILE="${KEYDIR}/${client}.key"
if [ ! -e $CLIENT_API_KEYFILE ]; then
echo "No API key file $CLIENT_API_KEYFILE for client $client, exit "
#exit
else
CLIENTKEY=`cat ${CLIENT_API_KEYFILE} |jq -r ".key"`
UEBAPIKEYSECRET=`cat ${OWNER_API_KEYFILE} |jq -r ".secret"`
UEBAPIKEYKEY=`cat ${OWNER_API_KEYFILE} |jq -r ".key"`
time=`date --iso-8601=seconds`
signature=$(echo -n "$time" | openssl sha1 -hmac $UEBAPIKEYSECRET -binary | openssl base64)
xAuth=$UEBAPIKEYKEY:$signature
xDate="$time"
CMD="curl -i -H \"Content-Type: application/json\" -H \"X-CambriaAuth:$xAuth\" -H \"X-CambriaDate:$xDate\" -X PUT http://${HOSTPORT}/topics/${topic}/${acl_group}/${CLIENTKEY}"
myrun "$CMD"
fi
}
for key in "${!topics[@]}"; do
# try to create key if no such key exists
API_KEYFILE="${KEYDIR}/${key}.key"
if [ "$key" != "anonymous" ]; then
if [ -e ${API_KEYFILE} ]; then
echo "API key for $key already exists, no need to create new"
else
echo "generating API key $key"
echo '{"email":"no email","description":"API key for '$key'"}' > /tmp/input.txt
CMD="curl -s -o ${API_KEYFILE} -H \"Content-Type: application/json\" -X POST -d @/tmp/input.txt http://${HOSTPORT}/apiKeys/create"
myrun "$CMD"
echo "API key for $key has been created: "; cat ${API_KEYFILE}
echo "generating API key $key done"; echo
fi
fi
# create the topics for this key
keytopics=${topics[$key]}
for topic in ${keytopics}; do
if [ "$topic" == "-" ]; then
continue
fi
if [ "$key" == "anonymous" ]; then
echo "creating anonymous topic $topic"
CMD="curl -H \"Content-Type:text/plain\" -X POST -d @/tmp/sample.txt http://${HOSTPORT}/events/${topic}"
myrun "$CMD"
echo "done creating anonymous topic $topic"; echo
else
echo "creating API key secured topic $topic for API key $key"
UEBAPIKEYSECRET=`cat ${API_KEYFILE} |jq -r ".secret"`
UEBAPIKEYKEY=`cat ${API_KEYFILE} |jq -r ".key"`
echo '{"topicName":"'${topic}'","topicDescription":"'$key' API Key secure topic","partitionCount":"1","replicationCount":"1","transactionEnabled":"true"}' > /tmp/topicname.txt
time=`date --iso-8601=seconds`
signature=$(echo -n "$time" | openssl sha1 -hmac $UEBAPIKEYSECRET -binary | openssl base64)
xAuth=$UEBAPIKEYKEY:$signature
xDate="$time"
CMD="curl -i -H \"Content-Type: application/json\" -H \"X-CambriaAuth: $xAuth\" -H \"X-CambriaDate: $xDate\" -X POST -d @/tmp/topicname.txt http://${HOSTPORT}/topics/create"
myrun "$CMD"
echo "done creating api key topic $topic"
echo
fi
done
done
echo
echo "============ post loading state of topics ================="
CMD="curl http://${HOSTPORT}/topics"
myrun "$CMD"
for key in "${!topics[@]}"; do
keytopics=${topics[$key]}
echo "---------- key: ${key} "
for topic in ${keytopics}; do
if [ "$topic" == "-" ]; then
continue
fi
CMD="curl http://${HOSTPORT}/topics/${topic}"
myrun "$CMD"
echo
done
echo "end of key: ${key} secured topics"
done
# adding publisher and subscriber ACL
for topic in "${!acl_consumers[@]}"; do
consumers=${acl_consumers[$topic]}
for consumer in ${consumers}; do
add_acl "consumers" "$topic" "$consumer"
done
done
for topic in "${!acl_producers[@]}"; do
producers=${acl_producers[$topic]}
for producer in ${producers}; do
add_acl "producers" "$topic" "$producer"
done
done
|
