More install to Container

Issue-ID: AAF-517 Change-Id: I102f0214b077fca0c4f2712e3005bbe5569475bd Signed-off-by: Instrumental <jonathan.gathman@att.com>
author: Instrumental <jonathan.gathman@att.com> 2018-09-25 06:42:31 -0500
committer: Instrumental <jonathan.gathman@att.com> 2018-09-25 06:42:50 -0500
commit: bc299c00e5a86732c5a063a1d7c7bccf1d4ab21b (patch)
tree: 1b6886a4f46bd817447db160738ef0744031cada /auth/auth-cass/cass_init
parent: e4a29f33ba3e5face52d36bfcbf4082a6357c623 (diff)
13 files changed, 639 insertions, 0 deletions
diff --git a/auth/auth-cass/cass_init/.gitignore b/auth/auth-cass/cass_init/.gitignore
new file mode 100644
index 00000000..ce22752c
--- /dev/null
+++ b/auth/auth-cass/cass_init/.gitignore
@@ -0,0 +1 @@
+temp.cql
diff --git a/auth/auth-cass/cass_init/build.sh b/auth/auth-cass/cass_init/build.sh
new file mode 100644
index 00000000..caa07494
--- /dev/null
+++ b/auth/auth-cass/cass_init/build.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+CQLSH=/Volumes/Data/apache-cassandra-2.1.14/bin/cqlsh
+DIR=.
+for T in ns perm role user_role cred config; do
+  $CQLSH -e  "COPY authz.$T TO '$DIR/$T.dat' WITH DELIMITER='|'"
+done
diff --git a/auth/auth-cass/cass_init/cmd.sh b/auth/auth-cass/cass_init/cmd.sh
new file mode 100644
index 00000000..056faed7
--- /dev/null
+++ b/auth/auth-cass/cass_init/cmd.sh
@@ -0,0 +1,89 @@
+#!/bin/bash 
+#
+# Engage normal Cass Init, then check for data installation
+#
+if [ ! -e /aaf_cmd ]; then
+  ln -s /opt/app/aaf/cass_init/cmd.sh /aaf_cmd
+  chmod u+x /aaf_cmd
+fi
+
+function install_cql {
+    # Now, make sure data exists
+    if [ "$(/usr/bin/cqlsh -e 'describe keyspaces' | grep authz)" = "" ]; then
+      for CNT in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15; do
+         if [ -z "$(grep 'listening for CQL clients' /var/log/cassandra/system.log)" ]; then
+            echo "Waiting for Cassandra to start... Sleep 10"
+            sleep 10
+         else
+            break
+         fi
+      done
+      echo "Initializing Cassandra DB" 
+      if [ "`/usr/bin/cqlsh -e 'describe keyspaces' | grep authz`" == "" ]; then
+        echo "Docker Installed Basic Cassandra on aaf_cass.  Executing the following "
+        echo "NOTE: This creator provided is only a Single Instance. For more complex Cassandra, create independently"
+        echo ""
+        echo " cd /opt/app/aaf/cass_init"
+        cd /opt/app/aaf/cass_init
+        echo " cqlsh -f keyspace.cql"
+        /usr/bin/cqlsh -f keyspace.cql
+        echo " cqlsh -f init.cql"
+        /usr/bin/cqlsh -f init.cql
+        echo ""
+        echo "The following will give you a temporary identity with which to start working, or emergency"
+        echo " cqlsh -f temp_identity.cql"
+      fi
+    fi
+}
+
+case "$1" in
+  start)
+    # Startup like normal
+    echo "Cassandra Startup"
+    /usr/local/bin/docker-entrypoint.sh 
+  ;;
+  onap)
+	install_cql
+
+	# Change date expiring dat files to more recent
+	ID_FILE=/opt/app/aaf/cass_init/sample.identities.dat	
+    	if [ -e $ID_FILE ]; then
+  	    DATE=$(date "+%Y-%m-%d %H:%M:%S.000+0000" -d "+6 months")
+  	    echo $DATE
+            CRED="/opt/app/aaf/cass_init/dats/cred.dat"
+            # Enter for People
+            echo "Default Passwords for Apps"
+            for ID in $(grep '|a|' $ID_FILE | sed -e "s/|.*//"); do
+               if [ "$ID" = "aaf" ]; then
+                  DOMAIN="aaf.osaaf.org";
+               else
+                  DOMAIN="$ID.onap.org";
+               fi
+               unset FIRST
+               for D in ${DOMAIN//./ }; do
+                  if [ -z "$FIRST" ]; then
+                    NS="$D"
+                    FIRST="N"
+                  else
+                    NS="$D.$NS"
+                  fi
+               done
+               echo "$ID@$DOMAIN|2|${DATE}|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|$NS|53344|" >> $CRED
+            done
+  	    
+	    # Enter for People
+            for ID in $(grep '|e|' $ID_FILE | sed -e "s/|.*//"); do
+               echo "$ID@people.osaaf.org|2|${DATE}|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|" >> $CRED
+            done
+
+	    # Change UserRole
+            mv dats/user_role.dat tmp
+            sed "s/\(^.*|\)\(.*|\)\(.*|\)\(.*\)/\1${DATE}|\3\4/" tmp > dats/user_role.dat
+
+	    # Remove ID File, which is marker for initializing Creds
+            rm $ID_FILE
+        fi
+	bash push.sh
+  ;;
+esac
+
diff --git a/auth/auth-cass/cass_init/config.dat b/auth/auth-cass/cass_init/config.dat
new file mode 100644
index 00000000..0e705b92
--- /dev/null
+++ b/auth/auth-cass/cass_init/config.dat
@@ -0,0 +1,9 @@
+aaf|aaf_env|DEV
+aaf|cadi_x509_issuers|CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
+aaf|aaf_oauth2_introspect_url|https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect
+aaf|aaf_oauth2_token_url|https://AAF_LOCATE_URL/AAF_NS.token:2.1/token
+aaf|aaf_url|https://AAF_LOCATE_URL/AAF_NS.service:2.1
+aaf|cadi_protocols|TLSv1.1,TLSv1.2
+aaf|cm_url|https://AAF_LOCATE_URL/AAF_NS.cm:2.1
+aaf|fs_url|https://AAF_LOCATE_URL/AAF_NS.fs.2.1
+aaf|gui_url|https://AAF_LOCATE_URL/AAF_NS.gui.2.1
diff --git a/auth/auth-cass/cass_init/data.sh b/auth/auth-cass/cass_init/data.sh
new file mode 100644
index 00000000..0374e619
--- /dev/null
+++ b/auth/auth-cass/cass_init/data.sh
@@ -0,0 +1,59 @@
+#!/bin/bash
+# 
+# Copies of Repo data need to be added to "dats" dir for loading by push.sh
+#
+# Further, repo data has dates that are out of date.  We need to update reasonable
+# expiration dates
+#
+
+DIR=/opt/app/aaf/cass_init
+cd $DIR/dats
+ID_FILE=$DIR/opt/app/aaf/cass_init/
+
+    if [ -e $ID_FILE ]; then
+      if [ "$(uname -s)" = "Darwin" ]; then 
+        DATE=$(date "+%Y-%m-%d %H:%M:%S.000+0000" -v "+6m")
+      else 
+        DATE=$(date "+%Y-%m-%d %H:%M:%S.000+0000" -d "+6 months")
+      fi
+      echo $DATE
+      CRED="cred.dat"
+      # Enter for People
+      echo "Default Passwords for People"
+      for ID in $(grep '|a|' $ID_FILE | sed -e "s/|.*//"); do
+	 if [ "$ID" = "aaf" ]; then
+	    DOMAIN="aaf.osaaf.org";
+	 else
+            DOMAIN="$ID.onap.org";
+	 fi
+	 unset FIRST
+	 for D in ${DOMAIN//./ }; do
+            if [ -z "$FIRST" ]; then
+	      NS="$D"
+	      FIRST="N"
+	    else
+              NS="$D.$NS"
+	    fi
+         done     
+	 echo "$ID@$DOMAIN|2|${DATE}|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|$NS|53344|" >> $CRED
+      done
+    
+      for ID in $(grep '|e|' $ID_FILE | sed -e "s/|.*//"); do
+	 echo "$ID@people.osaaf.org|2|${DATE}|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|" >> $CRED
+      done
+    
+      mv user_role.dat tmp
+      sed "s/\(^.*|\)\(.*|\)\(.*|\)\(.*\)/\1${DATE}|\3\4/" tmp > user_role.dat 
+
+      for DAT in ns perm role ns_attrib user_role cred; do 
+          $DOCKER container cp $DAT.dat aaf_cass:/tmp/$DAT.dat
+          $DOCKER exec aaf_cass bash /usr/bin/cqlsh -k authz -e "COPY authz.$DAT FROM '/tmp/$DAT.dat' WITH DELIMITER='|'"
+          $DOCKER exec -t aaf_cass rm /tmp/$DAT.dat
+      done
+      rm $CRED
+      mv tmp user_role.dat
+    else
+        echo DInstall requires access to 'identities.dat'
+    fi
+    cd -
+
diff --git a/auth/auth-cass/cass_init/extract.sh b/auth/auth-cass/cass_init/extract.sh
new file mode 100644
index 00000000..cdebbc8d
--- /dev/null
+++ b/auth/auth-cass/cass_init/extract.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+cd /opt/app/cass_init
+if [ -e dat.gz ]; then
+  tar -xvf dat.gz
+else 
+  echo "No data files"
+fi
diff --git a/auth/auth-cass/cass_init/init.cql b/auth/auth-cass/cass_init/init.cql
new file mode 100644
index 00000000..bf75998d
--- /dev/null
+++ b/auth/auth-cass/cass_init/init.cql
@@ -0,0 +1,273 @@
+
+// Table Initialization
+// First make sure the keyspace exists.
+
+USE authz;
+
+//
+// CORE Table function
+//
+
+// Namespace - establish hierarchical authority to modify
+// Permissions and Roles
+// "scope" is flag to determine Policy.  Typical important scope
+// is "company" (1)
+CREATE TABLE ns (
+  name			varchar,
+  scope			int,  // deprecated 2.0.11
+  description   	varchar,
+  parent 		varchar,
+  type			int,
+  PRIMARY KEY (name)  
+);
+CREATE INDEX ns_parent on ns(parent);
+  
+CREATE TABLE ns_attrib (
+  ns            varchar,
+  key           varchar,
+  value         varchar,
+  PRIMARY KEY (ns,key)
+);
+create index ns_attrib_key on ns_attrib(key);
+
+// Will be cached
+CREATE TABLE role (
+  ns	    varchar,
+  name		varchar,
+  perms		set<varchar>, // Use "Key" of "name|type|action"
+  description varchar,
+  PRIMARY KEY (ns,name)
+);
+CREATE INDEX role_name  ON role(name);
+ 
+// Will be cached
+CREATE TABLE perm (
+  ns	    varchar,
+  type 		varchar,
+  instance	varchar,
+  action	varchar,
+  roles		set<varchar>, // Need to find Roles given Permissions
+  description varchar,
+  PRIMARY KEY (ns,type,instance,action)
+);
+
+// This table is user for Authorization
+CREATE TABLE user_role (
+    user		varchar,
+    role		varchar, // deprecated: change to ns/rname after 2.0.11
+    ns			varchar,
+    rname		varchar,
+    expires		timestamp,
+    PRIMARY KEY(user,role)
+  );
+CREATE INDEX user_role_ns ON user_role(ns);
+CREATE INDEX user_role_role ON user_role(role);
+
+// This table is only for the case where return User Credential (MechID) Authentication
+CREATE TABLE cred (
+    id    varchar,
+    type  int,
+    expires timestamp,  
+    ns    varchar,
+    other int,
+    notes varchar,
+    cred  blob,
+    prev  blob,
+    PRIMARY KEY (id,type,expires)
+  );
+CREATE INDEX cred_ns ON cred(ns);
+
+// Certificate Cross Table
+//   coordinated with CRED type 2
+CREATE TABLE cert (
+    fingerprint blob,
+    id    	varchar,
+    x500	varchar,
+    expires 	timestamp,  
+    PRIMARY KEY (fingerprint)
+  );
+CREATE INDEX cert_id ON cert(id);
+CREATE INDEX cert_x500 ON cert(x500);
+
+CREATE TABLE notify (
+  user 		text,
+  type 		int,
+  last 		timestamp,
+  checksum 	int,
+  PRIMARY KEY (user,type)
+);
+
+CREATE TABLE x509 (
+  ca     text,
+  serial blob,
+  id     text,
+  x500   text,
+  x509   text,
+  PRIMARY KEY (ca,serial)
+);
+
+
+CREATE INDEX x509_id   ON x509 (id);
+CREATE INDEX x509_x500 ON x509 (x500);
+
+// 
+// Deployment Artifact (for Certman)
+//
+CREATE TABLE artifact (
+  mechid        text,
+  machine       text,
+  type          Set<text>,
+  sponsor       text,
+  ca            text,
+  dir           text,
+  os_user       text,
+  ns	        text,
+  notify        text,
+  expires	timestamp,
+  renewDays     int,
+  sans		Set<text>,
+  PRIMARY KEY (mechid,machine)
+);
+CREATE INDEX artifact_machine ON artifact(machine); 
+CREATE INDEX artifact_ns ON artifact(ns); 
+
+//
+// Non-Critical Table functions
+//
+// Table Info - for Caching
+CREATE TABLE cache (
+   name		varchar,
+   seg		int, 		// cache Segment
+   touched	timestamp,
+   PRIMARY KEY(name,seg)
+);
+
+CREATE TABLE history (
+  id			timeuuid,
+  yr_mon		int,
+  user			varchar,
+  action 		varchar,
+  target		varchar,   // user, user_role, 
+  subject		varchar,   // field for searching main portion of target key
+  memo			varchar,   //description of the action
+  reconstruct 	blob,      //serialized form of the target
+  // detail 	Map<varchar, varchar>,  // additional information
+  PRIMARY KEY (id)
+);
+CREATE INDEX history_yr_mon ON history(yr_mon);
+CREATE INDEX history_user ON history(user); 
+CREATE INDEX history_subject ON history(subject); 
+
+// 
+// A place to hold objects to be created at a future time.
+//
+CREATE TABLE future (
+  id        uuid,  		// uniquify
+  target    varchar,   		// Target Table
+  memo	    varchar,    	// Description
+  start     timestamp, 		// When it should take effect
+  expires   timestamp, 		// When not longer valid
+  construct blob, 		// How to construct this object (like History)
+  PRIMARY KEY(id)
+);
+CREATE INDEX future_idx ON future(target);
+CREATE INDEX future_start_idx ON future(start);
+
+
+CREATE TABLE approval (
+  id	    timeuuid,	      // unique Key
+  ticket    uuid,	      // Link to Future Record
+  user 	    varchar,          // the user who needs to be approved
+  approver  varchar, 	      // user approving
+  type      varchar,          // approver types i.e. Supervisor, Owner
+  status    varchar,          // approval status. pending, approved, denied
+  memo      varchar,          // Text for Approval to know what's going on
+  operation varchar,	      // List operation to perform
+  last_notified timestamp,    // Timestamp for the last time approver was notified
+  PRIMARY KEY(id)
+ );
+CREATE INDEX appr_approver_idx ON approval(approver);
+CREATE INDEX appr_user_idx ON approval(user);
+CREATE INDEX appr_ticket_idx ON approval(ticket);
+CREATE INDEX appr_status_idx ON approval(status);
+
+CREATE TABLE approved (
+  id        timeuuid,         // unique Key
+  user      varchar,          // the user who needs to be approved
+  approver  varchar,          // user approving
+  type      varchar,          // approver types i.e. Supervisor, Owner
+  status    varchar,          // approval status. pending, approved, denied
+  memo      varchar,          // Text for Approval to know what's going on
+  operation varchar,          // List operation to perform
+  PRIMARY KEY(id)
+ );
+CREATE INDEX approved_approver_idx ON approved(approver);
+CREATE INDEX approved_user_idx ON approved(user);
+
+CREATE TABLE delegate (
+  user      varchar,
+  delegate  varchar,
+  expires   timestamp,
+  PRIMARY KEY (user)  
+);
+CREATE INDEX delg_delg_idx ON delegate(delegate);
+
+// OAuth Tokens
+CREATE TABLE oauth_token (
+  id            text,                   // Reference
+  client_id     text,                   // Creating Client ID
+  user          text,                   // User requesting
+  active	boolean,		// Active or not
+  type		int,			// Type of Token
+  refresh       text,                   // Refresh Token
+  expires       timestamp,              // Expiration time/Date (signed long)
+  exp_sec	bigint,			// Seconds from Jan 1, 1970
+  content       text,                   // Content of Token
+  scopes        Set<text>,	 	// Scopes
+  state		text,			// Context string (Optional)
+  req_ip	text,			// Requesting IP (for logging purpose)
+  PRIMARY KEY(id)
+) with default_time_to_live = 21600;    // 6 hours
+CREATE INDEX oauth_token_user_idx ON oauth_token(user);
+
+CREATE TABLE locate (
+  name		text,			// Component/Server name
+  hostname	text,			// FQDN of Service/Component
+  port		int,			// Port of Service
+  major		int,			// Version, Major
+  minor		int,			// Version, Minor
+  patch		int,			// Version, Patch
+  pkg		int,			// Version, Package (if available)
+  latitude	float,			// Latitude
+  longitude	float,			// Longitude
+  protocol	text,			// Protocol (i.e. http https)
+  subprotocol   set<text>,		// Accepted SubProtocols, ie. TLS1.1 for https
+  port_key      uuid,			// Key into locate_ports
+  PRIMARY KEY(name,hostname,port)
+) with default_time_to_live = 1200;	// 20 mins
+
+CREATE TABLE locate_ports (
+  id		uuid,			// Id into locate
+  port		int,			// SubPort
+  name		text,			// Name of Other Port
+  protocol	text,			// Protocol of Other (i.e. JMX, DEBUG)
+  subprotocol   set<text>,		// Accepted sub protocols or versions
+  PRIMARY KEY(id, port)
+) with default_time_to_live = 1200;	// 20 mins; 
+
+//
+// Used by authz-batch processes to ensure only 1 runs at a time
+//
+CREATE TABLE run_lock (
+  class text,
+  host text,
+  start timestamp,
+  PRIMARY KEY ((class))
+);
+
+CREATE TABLE config (
+  name          varchar,
+  tag           varchar,
+  value         varchar,
+  PRIMARY KEY (name,tag)
+);
diff --git a/auth/auth-cass/cass_init/init2_1.cql b/auth/auth-cass/cass_init/init2_1.cql
new file mode 100644
index 00000000..701dd774
--- /dev/null
+++ b/auth/auth-cass/cass_init/init2_1.cql
@@ -0,0 +1,7 @@
+use authz;
+CREATE TABLE config (
+  name          varchar,
+  tag           varchar,
+  value         varchar,
+  PRIMARY KEY (name,tag)
+);
diff --git a/auth/auth-cass/cass_init/keyspace.cql b/auth/auth-cass/cass_init/keyspace.cql
new file mode 100644
index 00000000..52dc5ea7
--- /dev/null
+++ b/auth/auth-cass/cass_init/keyspace.cql
@@ -0,0 +1,11 @@
+// For Developer Machine single instance
+// CREATE KEYSPACE authz
+//  WITH REPLICATION = {'class' : 'SimpleStrategy','replication_factor':1};
+// 
+//
+ 
+// Example of Network Topology, with Datacenter dc1 & dc2
+// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'dc1': '2', 'dc2': '2' };
+// Out of the box Docker Cassandra comes with "datacenter1", one instance
+CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'datacenter1': '1' };
+// 
diff --git a/auth/auth-cass/cass_init/osaaf.cql b/auth/auth-cass/cass_init/osaaf.cql
new file mode 100644
index 00000000..51e6b908
--- /dev/null
+++ b/auth/auth-cass/cass_init/osaaf.cql
@@ -0,0 +1,132 @@
+USE authz;
+
+// Create 'org' root NS
+INSERT INTO ns (name,description,parent,scope,type)
+  VALUES('org','Root Namespace','.',1,1);
+
+INSERT INTO role(ns, name, perms, description)
+  VALUES('org','admin',{'org.access|*|*'},'Org Admins');
+
+INSERT INTO role(ns, name, perms, description)
+  VALUES('org','owner',{'org.access|*|read,approve'},'Org Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description) 
+  VALUES ('org','access','*','read,approve',{'org.owner'},'Org Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description) 
+  VALUES ('org','access','*','*',{'org.admin'},'Org Write Access');
+
+
+// Create org.osaaf
+INSERT INTO ns (name,description,parent,scope,type)
+  VALUES('org.osaaf','OSAAF Namespace','org',2,2);
+
+INSERT INTO role(ns, name, perms,description)
+  VALUES('org.osaaf','admin',{'org.osaaf.access|*|*'},'OSAAF Admins');
+
+INSERT INTO perm(ns, type, instance, action, roles,description) 
+  VALUES ('org.osaaf','access','*','*',{'org.osaaf.admin'},'OSAAF Write Access');
+
+INSERT INTO role(ns, name, perms,description)
+  VALUES('org.osaaf','owner',{'org.osaaf.access|*|read,approve'},'OSAAF Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles,description) 
+  VALUES ('org.osaaf','access','*','read,appove',{'org.osaaf.owner'},'OSAAF Read Access');
+
+// Create org.osaaf.aaf
+INSERT INTO ns (name,description,parent,scope,type)
+  VALUES('org.osaaf.aaf','Application Authorization Framework','org.osaaf',3,3);
+
+INSERT INTO role(ns, name, perms, description)
+  VALUES('org.osaaf.aaf','admin',{'org.osaaf.aaf.access|*|*'},'AAF Admins');
+
+INSERT INTO perm(ns, type, instance, action, roles, description) 
+  VALUES ('org.osaaf.aaf','access','*','*',{'org.osaaf.aaf.admin'},'AAF Write Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description) 
+  VALUES ('org.osaaf.aaf','access','*','read,approve',{'org.osaaf.aaf.owner'},'AAF Read Access');
+
+INSERT INTO role(ns, name, perms, description)
+  VALUES('org.osaaf.aaf','owner',{'org.osaaf.aaf.access|*|read,approve'},'AAF Owners');
+
+// OSAAF Root
+INSERT INTO user_role(user,role,expires,ns,rname)
+  VALUES ('aaf@aaf.osaaf.org','org.admin','2018-10-31','org','admin');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+  VALUES ('aaf@aaf.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin');
+
+
+// ONAP Specific Entities
+// ONAP initial env Namespace
+INSERT INTO ns (name,description,parent,scope,type)
+  VALUES('org.onap','ONAP','org',2,2);
+
+INSERT INTO ns (name,description,parent,scope,type)
+  VALUES('org.onap.portal','ONAP Portal','org.onap.portal',3,3);
+
+INSERT INTO perm(ns, type, instance, action, roles, description) 
+  VALUES ('org.onap.portal','access','*','read',{
+    'org.onap.portal.owner','org.onap.portal.designer','org.onap.portal.tester','org.onap.portal.ops','org.onap.portal.governor'
+  },'Portal Read Access');
+
+INSERT INTO role(ns, name, perms, description)
+  VALUES('org.onap.portal','owner',{'org.onap.portal.access|*|read'},'Portal Owner');
+
+INSERT INTO perm(ns, type, instance, action, roles, description) 
+  VALUES ('org.onap.portal','access','*','*',{'org.onap.portal.admin'},'Portal Write Access');
+
+INSERT INTO role(ns, name, perms, description)
+  VALUES('org.onap.portal','admin',{'org.onap.portal.access|*|*'},'Portal Admins');
+
+// AAF Admin
+insert into cred (id,type,expires,cred,notes,ns,other) values('aaf_admin@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO user_role(user,role,expires,ns,rname)
+  VALUES ('aaf_admin@people.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin');
+
+// A Deployer
+insert into cred (id,type,expires,cred,notes,ns,other) values('deployer@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO role(ns, name, perms, description)
+  VALUES('org.osaaf.aaf','deploy',{},'ONAP Deployment Role');
+INSERT INTO user_role(user,role,expires,ns,rname)
+  VALUES ('deployer@people.osaaf.org','org.osaaf.aaf.deploy','2018-10-31','org.osaaf.aaf','deploy');
+
+
+// DEMO ID (OPS)
+insert into cred (id,type,expires,cred,notes,ns,other) values('demo@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO user_role(user,role,expires,ns,rname)
+  VALUES ('demo@people.osaaf.org','org.onap.portal.admin','2018-10-31','org.onap.portal','admin');
+
+// ADMIN
+insert into cred (id,type,expires,cred,notes,ns,other) values('jh0003@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO user_role(user,role,expires,ns,rname)
+  VALUES ('jh0003@people.osaaf.org','org.onap.portal.admin','2018-10-31','org.onap.portal','admin');
+
+// DESIGNER
+INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('cs0008@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO role(ns, name, perms, description)
+  VALUES('org.onap.portal','designer',{'org.onap.portal.access|*|read'},'Portal Designer');
+INSERT INTO user_role(user,role,expires,ns,rname)
+  VALUES ('cs0008@people.osaaf.org','org.onap.portal.designer','2018-10-31','org.onap.portal','designer');
+
+// TESTER
+INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('jm0007@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO role(ns, name, perms, description)
+  VALUES('org.onap.portal','tester',{'org.onap.portal.access|*|read'},'Portal Tester');
+INSERT INTO user_role(user,role,expires,ns,rname)
+  VALUES ('jm0007@people.osaaf.org','org.onap.portal.tester','2018-10-31','org.onap.portal','tester');
+
+// OPS
+INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('op0001@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO role(ns, name, perms, description)
+  VALUES('org.onap.portal','ops',{'org.onap.portal.access|*|read'},'Portal Operations');
+INSERT INTO user_role(user,role,expires,ns,rname)
+  VALUES ('op0001@people.osaaf.org','org.onap.portal.ops','2018-10-31','org.onap.portal','ops');
+
+// GOVERNOR
+INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('gv0001@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO role(ns, name, perms, description)
+  VALUES('org.onap.portal','governor',{'org.onap.portal.access|*|read'},'Portal Governor');
+INSERT INTO user_role(user,role,expires,ns,rname)
+  VALUES ('gv0001@people.osaaf.org','org.onap.portal.governor','2018-10-31','org.onap.portal','governor');
+
diff --git a/auth/auth-cass/cass_init/pull.sh b/auth/auth-cass/cass_init/pull.sh
new file mode 100644
index 00000000..94695ed1
--- /dev/null
+++ b/auth/auth-cass/cass_init/pull.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+#
+# Pull data from Cassandra into ".dat" files, and "gzip" them
+#
+DIR=/opt/app/aaf/cass_init
+cd $DIR
+mkdir -p dats
+cd dats
+TABLES="$(cqlsh -e "use authz; describe tables")"
+for T in $TABLES ; do
+  cqlsh -e "use authz; COPY $T TO '$T.dat' WITH DELIMITER='|';"
+done
+cd $DIR
+tar -cvzf dat.gz dats/*.dat
+rm -Rf dats
+
diff --git a/auth/auth-cass/cass_init/push.sh b/auth/auth-cass/cass_init/push.sh
new file mode 100644
index 00000000..48521699
--- /dev/null
+++ b/auth/auth-cass/cass_init/push.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+#
+# Push data from Cassandra ".dat" files
+# These are obtained from "gzipped" files, or pre-placed (i.e. initialization) 
+#   in the "dats" directory
+#
+DIR=/opt/app/aaf/cass_init
+cd $DIR
+if [ ! -e dats ]; then
+  if [ -e dat.gz ]; then
+     tar -xvf dat.gz
+  else 
+     echo "No Data to push for Cassandra"
+     exit
+  fi
+fi
+cd dats
+for T in $(ls *.dat); do
+  if [ -s $T ]; then
+    cqlsh -e "use authz; COPY ${T%.dat} FROM '$T' WITH DELIMITER='|';"
+  fi
+done
+cd $DIR
+#rm -Rf dats
diff --git a/auth/auth-cass/cass_init/temp_identity.cql b/auth/auth-cass/cass_init/temp_identity.cql
new file mode 100644
index 00000000..3032372b
--- /dev/null
+++ b/auth/auth-cass/cass_init/temp_identity.cql
@@ -0,0 +1,5 @@
+USE authz;
+// Create Root pass
+INSERT INTO cred (id,ns,type,cred,expires)
+  VALUES ('aaf@aaf.osaaf.org','org.osaaf.aaf',1,0xdd82c1882969461de74b46427961ea2c,'2099-12-31') using TTL 14400;
+
author	Instrumental <jonathan.gathman@att.com>	2018-09-25 06:42:31 -0500
committer	Instrumental <jonathan.gathman@att.com>	2018-09-25 06:42:50 -0500
commit	bc299c00e5a86732c5a063a1d7c7bccf1d4ab21b (patch)
tree	1b6886a4f46bd817447db160738ef0744031cada /auth/auth-cass/cass_init
parent	e4a29f33ba3e5face52d36bfcbf4082a6357c623 (diff)