diff options
author | Instrumental <jonathan.gathman@att.com> | 2018-07-16 18:41:10 -0500 |
---|---|---|
committer | Instrumental <jonathan.gathman@att.com> | 2018-07-16 18:42:18 -0500 |
commit | 9c8a8b0926b13b07fb1e5394903401e7a3f1ff79 (patch) | |
tree | 29d65b58d4ebfc79e8d91752133c85d48699b71d /auth | |
parent | 4ad4763d8c9191998cc671a884d1af5da6ba8bb9 (diff) |
Changes from Testing AAF Config
Issue-ID: AAF-378
Change-Id: Icca28ee4e76b8329c7e068ba9305f9f647b6e479
Signed-off-by: Instrumental <jonathan.gathman@att.com>
Diffstat (limited to 'auth')
-rw-r--r-- | auth/auth-cass/docker/dinstall.sh | 1 | ||||
-rw-r--r-- | auth/auth-cass/src/main/cql/osaaf.cql | 4 | ||||
-rw-r--r-- | auth/auth-cass/src/main/cql/temp_identity.cql | 2 | ||||
-rw-r--r-- | auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java | 2 | ||||
-rw-r--r-- | auth/docker/README.txt | 21 | ||||
-rw-r--r-- | auth/docker/agent.sh | 4 | ||||
-rw-r--r-- | auth/docker/d.props.init | 7 | ||||
-rw-r--r-- | auth/sample/bin/agent.sh | 52 | ||||
-rw-r--r-- | auth/sample/data/identities.dat | 2 | ||||
-rw-r--r-- | auth/sample/data/sample.identities.dat | 36 | ||||
-rw-r--r-- | auth/sample/local/.gitignore | 0 | ||||
-rw-r--r-- | auth/sample/local/aaf.props | 5 | ||||
-rw-r--r-- | auth/sample/local/initialConfig.props | 2 | ||||
-rw-r--r-- | auth/sample/local/org.osaaf.aaf.cm.ca.props | 4 | ||||
-rw-r--r-- | auth/sample/logs/clean | 1 | ||||
-rw-r--r-- | auth/sample/logs/taillog | 1 |
16 files changed, 104 insertions, 40 deletions
diff --git a/auth/auth-cass/docker/dinstall.sh b/auth/auth-cass/docker/dinstall.sh index bdbadf68..d6fcb9f9 100644 --- a/auth/auth-cass/docker/dinstall.sh +++ b/auth/auth-cass/docker/dinstall.sh @@ -56,6 +56,7 @@ if [ "`$DOCKER ps -a | grep aaf_cass`" == "" ]; then echo " cqlsh -f keyspace.cql" echo " cqlsh -f init.cql" echo " cqlsh -f osaaf.cql" + echo " cqlsh -f temp_identity.cql" echo "" echo "The following will give you a temporary identity with which to start working, or emergency" echo " cqlsh -f temp_identity.cql" diff --git a/auth/auth-cass/src/main/cql/osaaf.cql b/auth/auth-cass/src/main/cql/osaaf.cql index 40e79f10..b3d895b9 100644 --- a/auth/auth-cass/src/main/cql/osaaf.cql +++ b/auth/auth-cass/src/main/cql/osaaf.cql @@ -51,10 +51,10 @@ INSERT INTO role(ns, name, perms, description) // OSAAF Root INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('osaaf@aaf.osaaf.org','org.admin','2018-10-31','org','admin') using TTL 14400; + VALUES ('aaf@aaf.osaaf.org','org.admin','2018-10-31','org','admin') using TTL 14400; INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('osaaf@aaf.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin') using TTL 14400; + VALUES ('aaf@aaf.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin') using TTL 14400; // ONAP Specific Entities diff --git a/auth/auth-cass/src/main/cql/temp_identity.cql b/auth/auth-cass/src/main/cql/temp_identity.cql index b7415beb..3032372b 100644 --- a/auth/auth-cass/src/main/cql/temp_identity.cql +++ b/auth/auth-cass/src/main/cql/temp_identity.cql @@ -1,5 +1,5 @@ USE authz; // Create Root pass INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('osaaf@aaf.osaaf.org','org.osaaf.aaf',1,0xdd82c1882969461de74b46427961ea2c,'2099-12-31') using TTL 14400; + VALUES ('aaf@aaf.osaaf.org','org.osaaf.aaf',1,0xdd82c1882969461de74b46427961ea2c,'2099-12-31') using TTL 14400; diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java index 695d80f7..1ddf022c 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java @@ -63,7 +63,7 @@ public class DirectRegistrar implements Registrant<AuthzEnv> { locate.patch = split.length>2?Integer.parseInt(split[2]):0; locate.minor = split.length>1?Integer.parseInt(split[1]):0; locate.major = split.length>0?Integer.parseInt(split[0]):0; - locate.hostname = access.getProperty(Config.CADI_REGISTRATION_HOSTNAME, null); + locate.hostname = access.getProperty(Config.AAF_REGISTER_AS, null); if(locate.hostname==null) { locate.hostname = access.getProperty(Config.HOSTNAME, null); } diff --git a/auth/docker/README.txt b/auth/docker/README.txt index 32ed3489..3eb554b1 100644 --- a/auth/docker/README.txt +++ b/auth/docker/README.txt @@ -1,24 +1,33 @@ +# +# Edit the following in <your ONAP authz dir>/auth/sample/local +# +aaf.props +org.osaaf.aaf.cm.ca.props (leave out Password) + +# cd to main docker dir +cd ../../docker + # Start the container in bash mode, so it stays up sh agent.sh bash - # in another shell, find out your Container name docker container ls | grep aaf_agent +# CD to directory with CA info in it. +# (example) +cd /opt/app/osaaf/CA/intermediate_7 + # copy keystore for this AAF Env -docker container cp -L org.osaaf.aaf.p12 <Your Container>:/opt/app/osaaf/local +docker container cp -L org.osaaf.aaf.p12 aaf_agent_<Your ID>:/opt/app/osaaf/local # (in Agent Window) agent encrypt cadi_keystore_password # If you intend to use Certman to sign certs, it is a "local" CA # copy Signing Keystore into container -docker container cp -L org.osaaf.aaf.signer.p12 <Your Container>:/opt/app/osaaf/local +docker container cp -L org.osaaf.aaf.signer.p12 aaf_agent_<Your ID>:/opt/app/osaaf/local # (in Agent Window) agent encrypt cm_ca.local -# Add in Cassandra Password -agent encrypt cassandra.clusters.password - # Check to make sure all passwords are set grep "enc:" *.props diff --git a/auth/docker/agent.sh b/auth/docker/agent.sh index f734c629..8636cdd1 100644 --- a/auth/docker/agent.sh +++ b/auth/docker/agent.sh @@ -7,6 +7,10 @@ docker run \ --mount 'type=volume,src=aaf_config,dst='$CONF_ROOT_DIR',volume-driver=local' \ --add-host="$HOSTNAME:$HOST_IP" \ --add-host="aaf.osaaf.org:$HOST_IP" \ + --env AAF_ENV=${AAF_ENV} \ + --env AAF_REGISTER_AS=${AAF_REGISTER_AS} \ + --env LATITUDE=${LATITUDE} \ + --env LONGITUDE=${LONGITUDE} \ --name aaf_agent_$USER \ ${ORG}/${PROJECT}/aaf_config:${VERSION} \ /bin/bash "$@" diff --git a/auth/docker/d.props.init b/auth/docker/d.props.init index d65c11bb..8691591c 100644 --- a/auth/docker/d.props.init +++ b/auth/docker/d.props.init @@ -8,5 +8,10 @@ CONF_ROOT_DIR=/opt/app/osaaf # Local Env info HOSTNAME= HOST_IP= -CASS_HOST= +CASS_HOST=<cass FQDN>:<cass IP> +# AAF Machine info +aaf_env=DEV +aaf_register_as=$HOSTNAME +cadi_latitude= +cadi_longitude= diff --git a/auth/sample/bin/agent.sh b/auth/sample/bin/agent.sh index 5d34a8a9..15c3714d 100644 --- a/auth/sample/bin/agent.sh +++ b/auth/sample/bin/agent.sh @@ -16,11 +16,21 @@ if [ ! -e /opt/app/osaaf/local/org.osaaf.aaf.props ]; then for D in public etc logs; do rsync -avzh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D done - $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar config osaaf@aaf.osaaf.org \ + + TMP=$(mktemp) + echo aaf_env=${AAF_ENV} >> ${TMP} + echo cadi_latitude=${LATITUDE} >> ${TMP} + echo cadi_longitude=${LONGITUDE} >> ${TMP} + echo aaf_register_as=${AAF_REGISTER_AS} >> ${TMP} + echo aaf_locate_url=https://${AAF_REGISTER_AS}:8095 >> ${TMP} + + $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar config aaf@aaf.osaaf.org \ cadi_etc_dir=/opt/app/osaaf/local \ - cadi_prop_files=/opt/app/aaf_config/local/initialConfig.props:/opt/app/aaf_config/local/aaf.props \ - cadi_latitude=38.4329 \ - cadi_longitude=-90.43248 + cadi_prop_files=/opt/app/aaf_config/local/initialConfig.props:/opt/app/aaf_config/local/aaf.props:${TMP} + rm ${TMP} + # Default Password for Default Cass + CASS_PASS=$("$JAVA" -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi digest "cassandra" /opt/app/osaaf/local/org.osaaf.aaf.keyfile) + sed -i.backup -e "s/\\(cassandra.clusters.password=enc:\\)/\\1$CASS_PASS/" /opt/app/osaaf/local/org.osaaf.aaf.cassandra.props fi # Now run a command @@ -69,12 +79,30 @@ if [ ! "$CMD" = "" ]; then cd /opt/app/osaaf/local || exit /bin/bash "$@" ;; + setProp) + cd /opt/app/osaaf/local || exit + FILES=$(grep -l "$1" ./*.props) + if [ "$FILES" = "" ]; then + FILES="$3" + ADD=Y + fi + for F in $FILES; do + echo "Changing $1 in $F" + if [ "$ADD" = "Y" ]; then + echo $2 >> $F + else + sed -i.backup -e "s/\\(${1}.*=\\).*/\\1${2}/" $F + fi + cat $F + done + ;; encrypt) cd /opt/app/osaaf/local || exit + echo $1 FILES=$(grep -l "$1" ./*.props) - if [ "$FILES" = "" ]; then - FILES=/opt/app/osaaf/local/org.osaaf.aaf.cred.props - echo "$1=enc:" >>FILES + if [ "$FILES" = "" ]; then + FILES=/opt/app/osaaf/local/org.osaaf.aaf.cred.props + ADD=Y fi for F in $FILES; do echo "Changing $1 in $F" @@ -89,10 +117,17 @@ if [ ! "$CMD" = "" ]; then ORIG_PW="$2" fi PWD=$("$JAVA" -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi digest "$ORIG_PW" /opt/app/osaaf/local/org.osaaf.aaf.keyfile) - sed -i.backup -e "s/\\($1.*enc:\\).*/\\1$PWD/" $F + if [ "$ADD" = "Y" ]; then + echo "$1=enc:$PWD" >> $F + else + sed -i.backup -e "s/\\($1.*enc:\\).*/\\1$PWD/" $F + fi cat $F done ;; + taillog) + sh /opt/app/osaaf/logs/taillog + ;; --help | -?) case "$1" in "") @@ -100,6 +135,7 @@ if [ ! "$CMD" = "" ]; then echo " ls - Lists all files in Configuration" echo " cat <file.props>> - Shows the contents (Prop files only)" echo " validate - Runs a test using Configuration" + echo " setProp <tag> [<value>] - set value on 'tag' (if no value, it will be queried from config)" echo " encrypt <tag> [<pass>] - set passwords on Configuration (if no pass, it will be queried)" echo " bash - run bash in Container" echo " Note: the following aliases are preset" diff --git a/auth/sample/data/identities.dat b/auth/sample/data/identities.dat index 358829ef..b5c6ce5a 100644 --- a/auth/sample/data/identities.dat +++ b/auth/sample/data/identities.dat @@ -24,7 +24,7 @@ bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e| mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager -osaaf|ID of AAF|||||a|bdevl +osaaf|ID of AAF|osaaf|AAF Application|||a|bdevl # ONAP default Users demo|PORTAL DEMO|PORTAL|DEMO|||e|mmanager jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|mmanager diff --git a/auth/sample/data/sample.identities.dat b/auth/sample/data/sample.identities.dat index 358829ef..13e94b13 100644 --- a/auth/sample/data/sample.identities.dat +++ b/auth/sample/data/sample.identities.dat @@ -18,19 +18,29 @@ # 7 - responsible to (i.e Supervisor for People, or AppOwner, if it's an App ID) # -iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e| -mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna -bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager -mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager -ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager -iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager -osaaf|ID of AAF|||||a|bdevl +iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@people.osaaf.com|e| +mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@people.osaaf.com|e|iowna +bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.developer@people.osaaf.com|e|mmanager +mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@people.osaaf.com|e|mmanager +ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@people.osaaf.com|c|mmanager +iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@people.osaaf.com|n|mmanager # ONAP default Users -demo|PORTAL DEMO|PORTAL|DEMO|||e|mmanager -jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|mmanager -cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|mmanager -jm0007|PORTAL TESTER|PORTAL|TESTER|||e|mmanager -op0001|PORTAL OPS|PORTAL|OPS|||e|mmanager -gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|mmanager +demo|PORTAL DEMO|PORTAL|DEMO|||e|aaf +jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|aaf +cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|aaf +jm0007|PORTAL TESTER|PORTAL|TESTER|||e|aaf +op0001|PORTAL OPS|PORTAL|OPS|||e|aaf +gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|aaf +# ONAP App IDs +aaf|AAF Application|AAF|Application|||a|bdevl +aaf-sms|AAF SMS Application|AAF SMS|Application|||a|aaf +clamp|ONAP CLAMP Application|CLAMP|Application|||a|aaf +aai|ONAP AAI Application|AAI|ONAP Application|||a|aaf +appc|ONAP APPC Application|APPC|ONAP Application|||a|aaf +dcae|ONAP DCAE Application|CLAMP|ONAP Application|||a|aaf +dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|||a|aaf +dmaap-mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|||a|aaf +oof|ONAP OOF Application|OOF|ONAP Application|||a|aaf +sdnc|ONAP SDNC Application|SDNC|ONAP Application|||a|aaf diff --git a/auth/sample/local/.gitignore b/auth/sample/local/.gitignore deleted file mode 100644 index e69de29b..00000000 --- a/auth/sample/local/.gitignore +++ /dev/null diff --git a/auth/sample/local/aaf.props b/auth/sample/local/aaf.props index 8237c4e9..c9fb8f98 100644 --- a/auth/sample/local/aaf.props +++ b/auth/sample/local/aaf.props @@ -11,12 +11,11 @@ aaf_default_realm=people.osaaf.org # Initial Passwords and such aaf_password=startup -cadi_alias=osaaf@aaf.osaaf.org +cadi_alias=aaf@aaf.osaaf.org cadi_keystore=/opt/app/osaaf/local/org.osaaf.aaf.p12 -cadi_keystore_password=kumquat cadi_truststore=/opt/app/osaaf/public/truststoreONAPall.jks cadi_truststore_password=changeit +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US # Other aaf_data_dir=/opt/app/osaaf/data -cadi_registration_hostname=meriadoc.mithril.sbc.com diff --git a/auth/sample/local/initialConfig.props b/auth/sample/local/initialConfig.props index f9ad077a..13704244 100644 --- a/auth/sample/local/initialConfig.props +++ b/auth/sample/local/initialConfig.props @@ -1,10 +1,8 @@ -aaf_env=DEV
aaf_locate_url=https://aaf-onap-test.osaaf.org:8095
aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect
aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.1/token
aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1
cadi_protocols=TLSv1.1,TLSv1.2
-cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US
cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1
fs_url=https://AAF_LOCATE_URL/AAF_NS.fs.2.1
gui_url=https://AAF_LOCATE_URL/AAF_NS.gui.2.1
diff --git a/auth/sample/local/org.osaaf.aaf.cm.ca.props b/auth/sample/local/org.osaaf.aaf.cm.ca.props index 92d55f92..5c692f4b 100644 --- a/auth/sample/local/org.osaaf.aaf.cm.ca.props +++ b/auth/sample/local/org.osaaf.aaf.cm.ca.props @@ -1,10 +1,10 @@ ## ## org.osaaf.cm.ca.props -## Properties to access Certifiate Authority +## Properties to access Certificate Authority ## #Certman -cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,/opt/app/osaaf/local/aaf_intermediate_1.p12;aaf_intermediate_1;enc: +cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,/opt/app/osaaf/local/org.osaaf.aaf.signer.p12;aaf_intermediate_7;enc: cm_ca.local.idDomains=org.osaaf cm_ca.local.baseSubject=/OU=OSAAF/O=ONAP/C=US cm_ca.local.perm_type=org.osaaf.aaf.ca diff --git a/auth/sample/logs/clean b/auth/sample/logs/clean index e92e1bd3..7d5152b9 100644 --- a/auth/sample/logs/clean +++ b/auth/sample/logs/clean @@ -1,3 +1,4 @@ +cd /opt/app/osaaf/logs for D in `find . -type d`; do if [ "$D" != "./" ]; then rm -f $D/*.log diff --git a/auth/sample/logs/taillog b/auth/sample/logs/taillog index b4482d09..2b3de6e5 100644 --- a/auth/sample/logs/taillog +++ b/auth/sample/logs/taillog @@ -1 +1,2 @@ +cd /opt/app/osaaf/logs tail -f `find . -name *service*.log -ctime 0` |