Configuration and Auto-Certificates

Issue-ID: AAF-378 Change-Id: Ic820a4e43684a6130f00b28b415a974876099fc3 Signed-off-by: Instrumental <jonathan.gathman@att.com>
author: Instrumental <jonathan.gathman@att.com> 2018-07-19 13:29:32 -0500
committer: Instrumental <jonathan.gathman@att.com> 2018-07-19 13:29:44 -0500
commit: 32cdd553a8668e6d03a9cf5b11b360d35a63c87f (patch)
tree: 48c02e4be820d87efb777d7be20bad57d517b61c /auth/auth-cass/src
parent: 9c8a8b0926b13b07fb1e5394903401e7a3f1ff79 (diff)
6 files changed, 55 insertions, 10 deletions
diff --git a/auth/auth-cass/src/main/cql/build.sh b/auth/auth-cass/src/main/cql/build.sh
new file mode 100644
index 00000000..caa07494
--- /dev/null
+++ b/auth/auth-cass/src/main/cql/build.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+CQLSH=/Volumes/Data/apache-cassandra-2.1.14/bin/cqlsh
+DIR=.
+for T in ns perm role user_role cred config; do
+  $CQLSH -e  "COPY authz.$T TO '$DIR/$T.dat' WITH DELIMITER='|'"
+done
diff --git a/auth/auth-cass/src/main/cql/config.dat b/auth/auth-cass/src/main/cql/config.dat
new file mode 100644
index 00000000..7eba23e1
--- /dev/null
+++ b/auth/auth-cass/src/main/cql/config.dat
@@ -0,0 +1,10 @@
+aaf|aaf_env|DEV
+aaf|aaf_locate_url|https://meriadoc.mithril.sbc.com:8095
+aaf|cadi_x509_issuers|CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US
+aaf|aaf_oauth2_introspect_url|https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect
+aaf|aaf_oauth2_token_url|https://AAF_LOCATE_URL/AAF_NS.token:2.1/token
+aaf|aaf_url|https://AAF_LOCATE_URL/AAF_NS.service:2.1
+aaf|cadi_protocols|TLSv1.1,TLSv1.2
+aaf|cm_url|https://AAF_LOCATE_URL/AAF_NS.cm:2.1
+aaf|fs_url|https://AAF_LOCATE_URL/AAF_NS.fs.2.1
+aaf|gui_url|https://AAF_LOCATE_URL/AAF_NS.gui.2.1
diff --git a/auth/auth-cass/src/main/cql/osaaf.cql b/auth/auth-cass/src/main/cql/osaaf.cql
index b3d895b9..51e6b908 100644
--- a/auth/auth-cass/src/main/cql/osaaf.cql
+++ b/auth/auth-cass/src/main/cql/osaaf.cql
@@ -51,10 +51,10 @@ INSERT INTO role(ns, name, perms, description)
 
 // OSAAF Root
 INSERT INTO user_role(user,role,expires,ns,rname)
-  VALUES ('aaf@aaf.osaaf.org','org.admin','2018-10-31','org','admin') using TTL 14400;
+  VALUES ('aaf@aaf.osaaf.org','org.admin','2018-10-31','org','admin');
 
 INSERT INTO user_role(user,role,expires,ns,rname)
-  VALUES ('aaf@aaf.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin') using TTL 14400;
+  VALUES ('aaf@aaf.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin');
 
 
 // ONAP Specific Entities
@@ -79,6 +79,19 @@ INSERT INTO perm(ns, type, instance, action, roles, description)
 INSERT INTO role(ns, name, perms, description)
   VALUES('org.onap.portal','admin',{'org.onap.portal.access|*|*'},'Portal Admins');
 
+// AAF Admin
+insert into cred (id,type,expires,cred,notes,ns,other) values('aaf_admin@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO user_role(user,role,expires,ns,rname)
+  VALUES ('aaf_admin@people.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin');
+
+// A Deployer
+insert into cred (id,type,expires,cred,notes,ns,other) values('deployer@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO role(ns, name, perms, description)
+  VALUES('org.osaaf.aaf','deploy',{},'ONAP Deployment Role');
+INSERT INTO user_role(user,role,expires,ns,rname)
+  VALUES ('deployer@people.osaaf.org','org.osaaf.aaf.deploy','2018-10-31','org.osaaf.aaf','deploy');
+
+
 // DEMO ID (OPS)
 insert into cred (id,type,expires,cred,notes,ns,other) values('demo@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
 INSERT INTO user_role(user,role,expires,ns,rname)
diff --git a/auth/auth-cass/src/main/cql/pull.sh b/auth/auth-cass/src/main/cql/pull.sh
new file mode 100644
index 00000000..f4db573a
--- /dev/null
+++ b/auth/auth-cass/src/main/cql/pull.sh
@@ -0,0 +1,5 @@
+for T in x509 ns_attrib config cred user_role perm role artifact ns; do
+  cqlsh -e "use authz; COPY $T TO '$T.dat' WITH DELIMITER='|';"
+done
+tar -cvzf dat.gz *.dat
+
diff --git a/auth/auth-cass/src/main/cql/push.sh b/auth/auth-cass/src/main/cql/push.sh
new file mode 100644
index 00000000..8026c9f9
--- /dev/null
+++ b/auth/auth-cass/src/main/cql/push.sh
@@ -0,0 +1,5 @@
+tar -xvf dat.gz
+for T in x509 ns_attrib config cred user_role perm role artifact ns; do
+  cqlsh -e "use authz; COPY $T FROM '$T.dat' WITH DELIMITER='|';"
+done
+
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLur.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLur.java
index 5bdb215e..eb44e143 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLur.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLur.java
@@ -28,16 +28,16 @@ import java.util.List;
 
 import org.onap.aaf.auth.dao.cass.NsSplit;
 import org.onap.aaf.auth.dao.cass.PermDAO;
-import org.onap.aaf.auth.dao.cass.Status;
 import org.onap.aaf.auth.dao.cass.PermDAO.Data;
+import org.onap.aaf.auth.dao.cass.Status;
 import org.onap.aaf.auth.dao.hl.Question;
 import org.onap.aaf.auth.env.AuthzEnv;
 import org.onap.aaf.auth.env.AuthzTrans;
 import org.onap.aaf.auth.env.NullTrans;
 import org.onap.aaf.auth.layer.Result;
+import org.onap.aaf.cadi.Access.Level;
 import org.onap.aaf.cadi.Lur;
 import org.onap.aaf.cadi.Permission;
-import org.onap.aaf.cadi.Access.Level;
 import org.onap.aaf.cadi.lur.LocalPermission;
 import org.onap.aaf.misc.env.util.Split;
 
@@ -52,17 +52,23 @@ public class DirectAAFLur implements Lur {
 	}
 
 	@Override
-	public boolean fish(Principal bait, Permission pond) {
+	public boolean fish(Principal bait, Permission ... pond) {
 		return fish(env.newTransNoAvg(),bait,pond);
 	}
 	
-	public boolean fish(AuthzTrans trans, Principal bait, Permission pond) {
+	public boolean fish(AuthzTrans trans, Principal bait, Permission ... pond) {
+		boolean rv = false;
 		Result<List<Data>> pdr = question.getPermsByUser(trans, bait.getName(),false);
 		switch(pdr.status) {
 			case OK:
 				for(PermDAO.Data d : pdr.value) {
-					if(new PermPermission(d).match(pond)) {
-						return true;
+					if(!rv) {
+						for (Permission p : pond) {
+							if(new PermPermission(d).match(p)) {
+								rv=true;
+								break;
+							}
+						}
 					}
 				}
 				break;
@@ -72,7 +78,7 @@ public class DirectAAFLur implements Lur {
 			default:
 				trans.error().log("Can't access Cassandra to fulfill Permission Query: ",pdr.status,"-",pdr.details);
 		}
-		return false;
+		return rv;
 	}
 
 	@Override
@@ -94,7 +100,7 @@ public class DirectAAFLur implements Lur {
 	}
 
 	@Override
-	public boolean handlesExclusively(Permission pond) {
+	public boolean handlesExclusively(Permission ... pond) {
 		return false;
 	}
author	Instrumental <jonathan.gathman@att.com>	2018-07-19 13:29:32 -0500
committer	Instrumental <jonathan.gathman@att.com>	2018-07-19 13:29:44 -0500
commit	32cdd553a8668e6d03a9cf5b11b360d35a63c87f (patch)
tree	48c02e4be820d87efb777d7be20bad57d517b61c /auth/auth-cass/src
parent	9c8a8b0926b13b07fb1e5394903401e7a3f1ff79 (diff)