Refine Local Agent.sh use

Issue-ID: AAF-770
Change-Id: Ic6593bde1e16db35cf538cb1d2caa152016f3a82
Signed-off-by: Instrumental <jonathan.gathman@att.com>

8 files changed, 112 insertions, 98 deletions

diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java
index 189857c9..bf73c1da 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java
@@ -200,30 +200,34 @@
 								 if(!identity.isPerson()) {
 									 identity = identity.responsibleTo();
 								 }
-								 for(int i=1;i<nb.escalation();++i) {
-									 if(identity != null) {
-										 if(i==1) {
-											 toList.add(identity.email());
-										 } else {
-											 identity=identity.responsibleTo();
-											 ccList.add(identity.email());
+								 if(identity==null) {
+									 trans.warn().printf("Responsible Identity %s is invalid for this Organization. Skipping notification.",id);
+								 } else {
+									 for(int i=1;i<nb.escalation();++i) {
+										 if(identity != null) {
+											 if(i==1) {
+												 toList.add(identity.email());
+											 } else {
+												 identity=identity.responsibleTo();
+												 ccList.add(identity.email());
+											 }
 										 }
 									 }
-								 }
-
-								 StringBuilder content = new StringBuilder();
-								 content.append(String.format(header,version,Identity.mixedCase(identity.firstName())));
-
-								 nb.body(noAvg, content, indent, notify, id);
-								 content.append(footer);
-
-								 if(mailer.sendEmail(noAvg, test, toList, ccList, subject,content.toString(), urgent)) {
-									 nb.inc();
-								 } else {
-									 trans.error().log("Mailer failed to send Mail");
-								 }
-								 if(maxEmails>0 && nb.count()>=maxEmails) {
-									 break ONE_EMAIL;
+	
+									 StringBuilder content = new StringBuilder();
+									 content.append(String.format(header,version,Identity.mixedCase(identity.firstName())));
+	
+									 nb.body(noAvg, content, indent, notify, id);
+									 content.append(footer);
+	
+									 if(mailer.sendEmail(noAvg, test, toList, ccList, subject,content.toString(), urgent)) {
+										 nb.inc();
+									 } else {
+										 trans.error().log("Mailer failed to send Mail");
+									 }
+									 if(maxEmails>0 && nb.count()>=maxEmails) {
+										 break ONE_EMAIL;
+									 }
 								 }
 							 }
 						 } catch (OrganizationException e) {
diff --git a/auth/auth-cass/cass_init/config.dat b/auth/auth-cass/cass_init/config.dat
deleted file mode 100644
index 0e705b92..00000000
--- a/auth/auth-cass/cass_init/config.dat
+++ /dev/null
@@ -1,9 +0,0 @@
-aaf|aaf_env|DEV

-aaf|cadi_x509_issuers|CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US

-aaf|aaf_oauth2_introspect_url|https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect

-aaf|aaf_oauth2_token_url|https://AAF_LOCATE_URL/AAF_NS.token:2.1/token

-aaf|aaf_url|https://AAF_LOCATE_URL/AAF_NS.service:2.1

-aaf|cadi_protocols|TLSv1.1,TLSv1.2

-aaf|cm_url|https://AAF_LOCATE_URL/AAF_NS.cm:2.1

-aaf|fs_url|https://AAF_LOCATE_URL/AAF_NS.fs.2.1

-aaf|gui_url|https://AAF_LOCATE_URL/AAF_NS.gui.2.1

diff --git a/auth/auth-cass/docker/Dockerfile.cass b/auth/auth-cass/docker/Dockerfile.cass
index aa6a9efb..f842a962 100644
--- a/auth/auth-cass/docker/Dockerfile.cass
+++ b/auth/auth-cass/docker/Dockerfile.cass
@@ -17,7 +17,9 @@
 #  limitations under the License.
 #  ============LICENSE_END====================================================
 #
+# public, multi-platform base image
 FROM nexus3.onap.org:10001/cassandra:3.11
+# FROM cassandra:3.11
 MAINTAINER AAF Team, AT&T 2018
 ENV VERSION=${AAF_VERSION}
 
diff --git a/auth/docker/Dockerfile.base b/auth/docker/Dockerfile.base
index af29b951..69627945 100644
--- a/auth/docker/Dockerfile.base
+++ b/auth/docker/Dockerfile.base
@@ -17,7 +17,9 @@
 #  limitations under the License.
 #  ============LICENSE_END====================================================
 #
+# Use Public Image
 FROM nexus3.onap.org:10001/openjdk:8-jre-alpine
+#FROM openjdk:8-jre-alpine
 MAINTAINER AAF Team, AT&T 2018
 
 LABEL description="aaf_base"
diff --git a/auth/docker/agent.sh b/auth/docker/agent.sh
index 7e7d08c0..4be485b8 100644
--- a/auth/docker/agent.sh
+++ b/auth/docker/agent.sh
@@ -127,13 +127,13 @@ function run_it() {
 
 function sso {
   if [ -n "$2" ]; then
-    echo "$1=$2" >> ~/.aaf/sso.props
+    echo "$1=$2" >> $HOME/.aaf/sso.props
   fi
 }
 
 function reset_sso {
     mkdir -p ~/.aaf
-    > ~/.aaf/sso.props
+    > $HOME/.aaf/sso.props
     sso aaf_locate_url "https://$AAF_FQDN:8095"
     sso cadi_latitude "$LATITUDE"
     sso cadi_longitude "$LONGITUDE"
@@ -160,9 +160,9 @@ case "$1" in
     shift
     reset_sso
     if [ -f aaf-auth-cmd-$VERSION*-full.jar ]; then
-      java -Dcadi_prop_files="~\/.aaf\/sso.props" -jar aaf-auth-cmd-$VERSION*-full.jar $@
+      java -Dcadi_prop_files="$HOME/.aaf/sso.props" -jar aaf-auth-cmd-$VERSION*-full.jar $@
     else 
-      echo "For local use, you need to have 'aaf-cadi-aaf-$VERSION*-full.jar' (or newer)"
+      echo "For local use, you need to have 'aaf-auth-cmd-$VERSION*-full.jar' (or newer)"
     fi
     ;;
   local) 
@@ -186,8 +186,7 @@ case "$1" in
     sso aaf_id "$DEPLOY_FQI"
     sso aaf_password "$DEPLOY_PASSWORD"
     if [ -f aaf-auth-cmd-$VERSION*-full.jar ]; then
-      mkdir -p $APP_FQDN
-      java -Dcadi_prop_files="~\/.aaf\/sso.props" -cp aaf-auth-cmd-$VERSION*-full.jar org.onap.aaf.cadi.configure.Agent $CMD 
+      java -Dcadi_prop_files="$HOME/.aaf/sso.props" -cp aaf-auth-cmd-$VERSION*-full.jar org.onap.aaf.cadi.configure.Agent $CMD 
     else 
       echo "For local use, you need to have 'aaf-cadi-aaf-$VERSION*-full.jar' (or newer)"
     fi
diff --git a/auth/sample/cass_data/config.dat b/auth/sample/cass_data/config.dat
index 46e57b40..606d23d4 100644
--- a/auth/sample/cass_data/config.dat
+++ b/auth/sample/cass_data/config.dat
@@ -1,11 +1,9 @@
-aaf|aaf_auth2_introspect_url|https://AAF_LOCATE_URL/%CNS%AAF_NS.introspect:2.1/introspect
-aaf|aaf_auth2_token_url|https://AAF_LOCATE_URL/%CNS%AAF_NS.token:2.1/token
-aaf|aaf_env|DEV
-aaf|aaf_oauth2_introspect_url|https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect
-aaf|aaf_oauth2_token_url|https://AAF_LOCATE_URL/AAF_NS.token:2.1/token
-aaf|aaf_url|https://AAF_LOCATE_URL/%CNS%AAF_NS.service:2.1
-aaf|cadi_protocols|TLSv1.1,TLSv1.2
-aaf|cadi_x509_issuers|CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
-aaf|cm_url|https://AAF_LOCATE_URL/%CNS%AAF_NS.cm:2.1
-aaf|fs_url|https://AAF_LOCATE_URL/%CNS%AAF_NS.fs:2.1
-aaf|gui_url|https://AAF_LOCATE_URL/%CNS%AAF_NS.gui:2.1
+aaf|aaf_env|DEV

+aaf|aaf_oauth2_introspect_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.introspect:2.1/introspect

+aaf|aaf_oauth2_token_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.token:2.1/token

+aaf|aaf_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:2.1

+aaf|cadi_protocols|TLSv1.1,TLSv1.2

+aaf|cadi_x509_issuers|CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US

+aaf|cm_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1

+aaf|fs_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs:2.1

+aaf|gui_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui:2.1

diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java
index 461ef43c..bbc3086a 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java
@@ -93,20 +93,10 @@ public class PropAccess implements Access {
         int eq;
         for (String arg : args) {
             if ((eq=arg.indexOf('='))>0) {
-            	String key = arg.substring(0, eq);
-                if(Config.CADI_PROP_FILES.equals(key)) {
-                	nprops.setProperty(key,arg.substring(eq+1));
-                }
+                nprops.setProperty(arg.substring(0, eq),arg.substring(eq+1));
             }
         }
         init(nprops);
-        
-        // Re-overlay Args
-        for (String arg : args) {
-            if ((eq=arg.indexOf('='))>0) {
-                props.setProperty(arg.substring(0, eq),arg.substring(eq+1));
-            }
-        }
     }
     
     protected void init(Properties p) {
@@ -115,16 +105,15 @@ public class PropAccess implements Access {
         level=DEFAULT.maskOf();
         
         props = new Properties();
-        
-        // Find the "cadi_prop_files"
-        //  First in VM Args
+        // First, load related System Properties
         for (Entry<Object,Object> es : System.getProperties().entrySet()) {
             String key = es.getKey().toString();
-            if(Config.CADI_PROP_FILES.equals(key)) {
-            	props.put(key,es.getValue().toString());
-            }
+            for (String start : new String[] {"cadi_","aaf_","cm_"}) {
+                if (key.startsWith(start)) {
+                    props.put(key, es.getValue());
+                }
+            }            
         }
-        
         // Second, overlay or fill in with Passed in Props
         if (p!=null) {
             props.putAll(p);
@@ -133,16 +122,6 @@ public class PropAccess implements Access {
         // Third, load any Chained Property Files
         load(props.getProperty(Config.CADI_PROP_FILES));
         
-        // Fourth, System.getProperties takes precedence over Files
-        for (Entry<Object,Object> es : System.getProperties().entrySet()) {
-            String key = es.getKey().toString();
-            for (String start : new String[] {"HOSTNAME","cadi_","aaf_","cm_"}) {
-                if (key.startsWith(start)) {
-                    props.put(key, es.getValue());
-                }
-            }            
-        }
-        
         String sLevel = props.getProperty(Config.CADI_LOGLEVEL); 
         if (sLevel!=null) {
             level=Level.valueOf(sLevel).maskOf(); 
@@ -162,7 +141,8 @@ public class PropAccess implements Access {
         
         specialConversions();
     }
-
+    
+   
     private void specialConversions() {
         // Critical - if no Security Protocols set, then set it.  We'll just get messed up if not
         if (props.get(Config.CADI_PROTOCOLS)==null) {
diff --git a/docs/sections/configuration/AAF_4.1_config.rst b/docs/sections/configuration/AAF_4.1_config.rst
index 6bb48749..bac03317 100644
--- a/docs/sections/configuration/AAF_4.1_config.rst
+++ b/docs/sections/configuration/AAF_4.1_config.rst
@@ -8,9 +8,9 @@ Automated Configuration and Certificates
 
 *Note: this document assumes UNIX Bash Shell.  Being Java, AAF works in Windows, but you will have to create your own script/instruction conversions.*
 
---------
-Strategy
---------
+=================
+Optimal Strategy
+=================
 
 ONAP is deployed in Docker Containers or Kubernetes managed Docker Containers.  Therefore, this instruction utilizes a Docker Container as a standalone Utility... (This means that this container will stop as soon as it is done with its work... it is not a long running daemon)
 
@@ -18,16 +18,38 @@ Given that all ONAP entities are also in Docker Containers, they all can access
 
 This tool creates all the Configurations, including Certificates, onto a declared Volume on the directories starting with "/opt/app/osaaf"
 
-------------------
+==================
 Prerequisites
-------------------
-  * Docker
-    * Note: it does NOT have to be the SAME Docker that AAF is deployed on...
-    | but it DOES have be accessible to the AAF Instance.  
-  * For ONAP, this means
-    
-    * Windriver VPN
-    * include "10.12.6.214 aaf-onap-test.osaaf.org" in your /etc/hosts or DNS
+==================
+  * Access to a RUNNING AAF System
+
+    * For ONAP TEST, this means
+
+      * Windriver VPN
+      * include "10.12.6.214 aaf-onap-test.osaaf.org" in your /etc/hosts or DNS
+  * For Writing to Volumes for Docker or K8s
+
+    * Docker
+
+      * Note: it does NOT have to be the SAME Docker that AAF is deployed on...
+
+         * but it DOES have be accessible to the AAF Instance.  
+
+  * For creating Configurations on Local Disk
+
+    * For Development purposes
+    * For running AAF on Bare Metal (or VM)
+    * A Truststore that includes your CA
+
+      * for ONAP TEST, you can obtain truststoreONAPall.jks from the `AAF FileServer`_.
+
+        * (You can also get the ONAP TEST Root CA there)
+
+    * the latest aaf-auth-cmd-<VERSION>-full.jar from `ONAP Nexus`_.
+    * you can still use the same "agent.sh" script below
+
+.. _AAF FileServer: http://aaf-onap-test.osaaf.org/-
+.. _ONAP Nexus: https://nexus.onap.org/#nexus-search;quick~aaf-auth-cmd
 
 -----------------------
 Obtain the Agent Script
@@ -43,10 +65,12 @@ If you don't want to clone all of AAF, just get the "agent.sh" from a Browser:
 Note: curl/wget returns an  html, instead of text.  This cannot be used!
   | You have to mv, and rename it to "agent.sh", but avoids full clone...
 
--------------------------
+=============
 Run Script
--------------------------
-
+=============
+----------------
+For Docker/K8s
+----------------
 In your chosen directory ::
  
   $ bash agent.sh
@@ -55,9 +79,20 @@ The Agent will look for "aaf.props", and if it doesn't exist, or is missing info
 
 This file is available to reuse for multiple calls. More importantly, you should use it as a template for auto-configuration.  (In ONAP, these are HEAT templates and OOM Helm Charts)
 
----------------------
+--------------------------
+For Local/BareMetal (VM)
+--------------------------
+In your chosen directory ::
+ 
+  $ bash agent.sh local <instructions>
+
+The Agent will look for "aaf.props", and if it doesn't exist, or is missing information, it will ask for it.
+
+=======================
 'aaf.prop' Properties
----------------------
+=======================
+
+These properties will be created when you run "agent.sh".  Many of the values will be defaulted, or allow you to change.  It will be placed into an "aaf.props" file for you to save, edit or otherwise modify/utilize.
 
 ==================== ================= ============
 Query                Tag               Description
@@ -74,11 +109,14 @@ App's Volume         VOLUME            Volume to put the data, see above. ex: 'c
 DRIVER               DRIVER            Docker Volume type... See Docker Volume documentation. Default is 'local'
 LATITUDE of Node     LATITUDE          Global latitude coordinate of Node (best guess in Kubernetes)
 LONGITUDE of Node    LONGITUDE         Global longitude coordinate of Node (best guess in Kubernetes)
+HOSTNAME             HOSTNAME          Defaults to SYSTEM provided "hostname". Use when System doesn't report what is actually needed, such as vanity urls, multi-NIC cards, short names, i.e. htydb77 reported instead of htydb77.some.company.org, etc.
+Docker User          DUSER             User needed inside the Docker Container.  Without, this will be root
+Container NS         CONTAINER_NS      The Namespace for the container.  Provided for Multi-NS support, this would be "onap" for Test OOM, etc.
 ==================== ================= ============
 
--------------------------------
+=================================
 Typical ONAP Entity Info in AAF
--------------------------------
+=================================
 *This is not intended to be a comprehensive list, but a short list of main entities*
 
 ============================= ===========================  ======================= ==============================================
@@ -115,9 +153,9 @@ If something goes wrong, and Certificate is not created, you can adjust the data
   root@77777:/opt/app/osaaf/local# exit
   $ bash agent.sh bash
 
--------------
+===============
 Informational
--------------
+===============
 
 There are two sets of Credentials at play here.  The ability to create the Certificate belongs to one of