summaryrefslogtreecommitdiffstats
path: root/auth/auth-cass/src
diff options
context:
space:
mode:
authorInstrumental <jonathan.gathman@att.com>2018-07-19 13:29:32 -0500
committerInstrumental <jonathan.gathman@att.com>2018-07-19 13:29:44 -0500
commit32cdd553a8668e6d03a9cf5b11b360d35a63c87f (patch)
tree48c02e4be820d87efb777d7be20bad57d517b61c /auth/auth-cass/src
parent9c8a8b0926b13b07fb1e5394903401e7a3f1ff79 (diff)
Configuration and Auto-Certificates
Issue-ID: AAF-378 Change-Id: Ic820a4e43684a6130f00b28b415a974876099fc3 Signed-off-by: Instrumental <jonathan.gathman@att.com>
Diffstat (limited to 'auth/auth-cass/src')
-rw-r--r--auth/auth-cass/src/main/cql/build.sh6
-rw-r--r--auth/auth-cass/src/main/cql/config.dat10
-rw-r--r--auth/auth-cass/src/main/cql/osaaf.cql17
-rw-r--r--auth/auth-cass/src/main/cql/pull.sh5
-rw-r--r--auth/auth-cass/src/main/cql/push.sh5
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLur.java22
6 files changed, 55 insertions, 10 deletions
diff --git a/auth/auth-cass/src/main/cql/build.sh b/auth/auth-cass/src/main/cql/build.sh
new file mode 100644
index 00000000..caa07494
--- /dev/null
+++ b/auth/auth-cass/src/main/cql/build.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+CQLSH=/Volumes/Data/apache-cassandra-2.1.14/bin/cqlsh
+DIR=.
+for T in ns perm role user_role cred config; do
+ $CQLSH -e "COPY authz.$T TO '$DIR/$T.dat' WITH DELIMITER='|'"
+done
diff --git a/auth/auth-cass/src/main/cql/config.dat b/auth/auth-cass/src/main/cql/config.dat
new file mode 100644
index 00000000..7eba23e1
--- /dev/null
+++ b/auth/auth-cass/src/main/cql/config.dat
@@ -0,0 +1,10 @@
+aaf|aaf_env|DEV
+aaf|aaf_locate_url|https://meriadoc.mithril.sbc.com:8095
+aaf|cadi_x509_issuers|CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US
+aaf|aaf_oauth2_introspect_url|https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect
+aaf|aaf_oauth2_token_url|https://AAF_LOCATE_URL/AAF_NS.token:2.1/token
+aaf|aaf_url|https://AAF_LOCATE_URL/AAF_NS.service:2.1
+aaf|cadi_protocols|TLSv1.1,TLSv1.2
+aaf|cm_url|https://AAF_LOCATE_URL/AAF_NS.cm:2.1
+aaf|fs_url|https://AAF_LOCATE_URL/AAF_NS.fs.2.1
+aaf|gui_url|https://AAF_LOCATE_URL/AAF_NS.gui.2.1
diff --git a/auth/auth-cass/src/main/cql/osaaf.cql b/auth/auth-cass/src/main/cql/osaaf.cql
index b3d895b9..51e6b908 100644
--- a/auth/auth-cass/src/main/cql/osaaf.cql
+++ b/auth/auth-cass/src/main/cql/osaaf.cql
@@ -51,10 +51,10 @@ INSERT INTO role(ns, name, perms, description)
// OSAAF Root
INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('aaf@aaf.osaaf.org','org.admin','2018-10-31','org','admin') using TTL 14400;
+ VALUES ('aaf@aaf.osaaf.org','org.admin','2018-10-31','org','admin');
INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('aaf@aaf.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin') using TTL 14400;
+ VALUES ('aaf@aaf.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin');
// ONAP Specific Entities
@@ -79,6 +79,19 @@ INSERT INTO perm(ns, type, instance, action, roles, description)
INSERT INTO role(ns, name, perms, description)
VALUES('org.onap.portal','admin',{'org.onap.portal.access|*|*'},'Portal Admins');
+// AAF Admin
+insert into cred (id,type,expires,cred,notes,ns,other) values('aaf_admin@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('aaf_admin@people.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin');
+
+// A Deployer
+insert into cred (id,type,expires,cred,notes,ns,other) values('deployer@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.osaaf.aaf','deploy',{},'ONAP Deployment Role');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('deployer@people.osaaf.org','org.osaaf.aaf.deploy','2018-10-31','org.osaaf.aaf','deploy');
+
+
// DEMO ID (OPS)
insert into cred (id,type,expires,cred,notes,ns,other) values('demo@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
INSERT INTO user_role(user,role,expires,ns,rname)
diff --git a/auth/auth-cass/src/main/cql/pull.sh b/auth/auth-cass/src/main/cql/pull.sh
new file mode 100644
index 00000000..f4db573a
--- /dev/null
+++ b/auth/auth-cass/src/main/cql/pull.sh
@@ -0,0 +1,5 @@
+for T in x509 ns_attrib config cred user_role perm role artifact ns; do
+ cqlsh -e "use authz; COPY $T TO '$T.dat' WITH DELIMITER='|';"
+done
+tar -cvzf dat.gz *.dat
+
diff --git a/auth/auth-cass/src/main/cql/push.sh b/auth/auth-cass/src/main/cql/push.sh
new file mode 100644
index 00000000..8026c9f9
--- /dev/null
+++ b/auth/auth-cass/src/main/cql/push.sh
@@ -0,0 +1,5 @@
+tar -xvf dat.gz
+for T in x509 ns_attrib config cred user_role perm role artifact ns; do
+ cqlsh -e "use authz; COPY $T FROM '$T.dat' WITH DELIMITER='|';"
+done
+
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLur.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLur.java
index 5bdb215e..eb44e143 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLur.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLur.java
@@ -28,16 +28,16 @@ import java.util.List;
import org.onap.aaf.auth.dao.cass.NsSplit;
import org.onap.aaf.auth.dao.cass.PermDAO;
-import org.onap.aaf.auth.dao.cass.Status;
import org.onap.aaf.auth.dao.cass.PermDAO.Data;
+import org.onap.aaf.auth.dao.cass.Status;
import org.onap.aaf.auth.dao.hl.Question;
import org.onap.aaf.auth.env.AuthzEnv;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.env.NullTrans;
import org.onap.aaf.auth.layer.Result;
+import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.Lur;
import org.onap.aaf.cadi.Permission;
-import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.lur.LocalPermission;
import org.onap.aaf.misc.env.util.Split;
@@ -52,17 +52,23 @@ public class DirectAAFLur implements Lur {
}
@Override
- public boolean fish(Principal bait, Permission pond) {
+ public boolean fish(Principal bait, Permission ... pond) {
return fish(env.newTransNoAvg(),bait,pond);
}
- public boolean fish(AuthzTrans trans, Principal bait, Permission pond) {
+ public boolean fish(AuthzTrans trans, Principal bait, Permission ... pond) {
+ boolean rv = false;
Result<List<Data>> pdr = question.getPermsByUser(trans, bait.getName(),false);
switch(pdr.status) {
case OK:
for(PermDAO.Data d : pdr.value) {
- if(new PermPermission(d).match(pond)) {
- return true;
+ if(!rv) {
+ for (Permission p : pond) {
+ if(new PermPermission(d).match(p)) {
+ rv=true;
+ break;
+ }
+ }
}
}
break;
@@ -72,7 +78,7 @@ public class DirectAAFLur implements Lur {
default:
trans.error().log("Can't access Cassandra to fulfill Permission Query: ",pdr.status,"-",pdr.details);
}
- return false;
+ return rv;
}
@Override
@@ -94,7 +100,7 @@ public class DirectAAFLur implements Lur {
}
@Override
- public boolean handlesExclusively(Permission pond) {
+ public boolean handlesExclusively(Permission ... pond) {
return false;
}