summaryrefslogtreecommitdiffstats
path: root/auth
diff options
context:
space:
mode:
authorInstrumental <jonathan.gathman@att.com>2018-07-16 18:41:10 -0500
committerInstrumental <jonathan.gathman@att.com>2018-07-16 18:42:18 -0500
commit9c8a8b0926b13b07fb1e5394903401e7a3f1ff79 (patch)
tree29d65b58d4ebfc79e8d91752133c85d48699b71d /auth
parent4ad4763d8c9191998cc671a884d1af5da6ba8bb9 (diff)
Changes from Testing AAF Config
Issue-ID: AAF-378 Change-Id: Icca28ee4e76b8329c7e068ba9305f9f647b6e479 Signed-off-by: Instrumental <jonathan.gathman@att.com>
Diffstat (limited to 'auth')
-rw-r--r--auth/auth-cass/docker/dinstall.sh1
-rw-r--r--auth/auth-cass/src/main/cql/osaaf.cql4
-rw-r--r--auth/auth-cass/src/main/cql/temp_identity.cql2
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java2
-rw-r--r--auth/docker/README.txt21
-rw-r--r--auth/docker/agent.sh4
-rw-r--r--auth/docker/d.props.init7
-rw-r--r--auth/sample/bin/agent.sh52
-rw-r--r--auth/sample/data/identities.dat2
-rw-r--r--auth/sample/data/sample.identities.dat36
-rw-r--r--auth/sample/local/.gitignore0
-rw-r--r--auth/sample/local/aaf.props5
-rw-r--r--auth/sample/local/initialConfig.props2
-rw-r--r--auth/sample/local/org.osaaf.aaf.cm.ca.props4
-rw-r--r--auth/sample/logs/clean1
-rw-r--r--auth/sample/logs/taillog1
16 files changed, 104 insertions, 40 deletions
diff --git a/auth/auth-cass/docker/dinstall.sh b/auth/auth-cass/docker/dinstall.sh
index bdbadf68..d6fcb9f9 100644
--- a/auth/auth-cass/docker/dinstall.sh
+++ b/auth/auth-cass/docker/dinstall.sh
@@ -56,6 +56,7 @@ if [ "`$DOCKER ps -a | grep aaf_cass`" == "" ]; then
echo " cqlsh -f keyspace.cql"
echo " cqlsh -f init.cql"
echo " cqlsh -f osaaf.cql"
+ echo " cqlsh -f temp_identity.cql"
echo ""
echo "The following will give you a temporary identity with which to start working, or emergency"
echo " cqlsh -f temp_identity.cql"
diff --git a/auth/auth-cass/src/main/cql/osaaf.cql b/auth/auth-cass/src/main/cql/osaaf.cql
index 40e79f10..b3d895b9 100644
--- a/auth/auth-cass/src/main/cql/osaaf.cql
+++ b/auth/auth-cass/src/main/cql/osaaf.cql
@@ -51,10 +51,10 @@ INSERT INTO role(ns, name, perms, description)
// OSAAF Root
INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('osaaf@aaf.osaaf.org','org.admin','2018-10-31','org','admin') using TTL 14400;
+ VALUES ('aaf@aaf.osaaf.org','org.admin','2018-10-31','org','admin') using TTL 14400;
INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('osaaf@aaf.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin') using TTL 14400;
+ VALUES ('aaf@aaf.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin') using TTL 14400;
// ONAP Specific Entities
diff --git a/auth/auth-cass/src/main/cql/temp_identity.cql b/auth/auth-cass/src/main/cql/temp_identity.cql
index b7415beb..3032372b 100644
--- a/auth/auth-cass/src/main/cql/temp_identity.cql
+++ b/auth/auth-cass/src/main/cql/temp_identity.cql
@@ -1,5 +1,5 @@
USE authz;
// Create Root pass
INSERT INTO cred (id,ns,type,cred,expires)
- VALUES ('osaaf@aaf.osaaf.org','org.osaaf.aaf',1,0xdd82c1882969461de74b46427961ea2c,'2099-12-31') using TTL 14400;
+ VALUES ('aaf@aaf.osaaf.org','org.osaaf.aaf',1,0xdd82c1882969461de74b46427961ea2c,'2099-12-31') using TTL 14400;
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java
index 695d80f7..1ddf022c 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java
@@ -63,7 +63,7 @@ public class DirectRegistrar implements Registrant<AuthzEnv> {
locate.patch = split.length>2?Integer.parseInt(split[2]):0;
locate.minor = split.length>1?Integer.parseInt(split[1]):0;
locate.major = split.length>0?Integer.parseInt(split[0]):0;
- locate.hostname = access.getProperty(Config.CADI_REGISTRATION_HOSTNAME, null);
+ locate.hostname = access.getProperty(Config.AAF_REGISTER_AS, null);
if(locate.hostname==null) {
locate.hostname = access.getProperty(Config.HOSTNAME, null);
}
diff --git a/auth/docker/README.txt b/auth/docker/README.txt
index 32ed3489..3eb554b1 100644
--- a/auth/docker/README.txt
+++ b/auth/docker/README.txt
@@ -1,24 +1,33 @@
+#
+# Edit the following in <your ONAP authz dir>/auth/sample/local
+#
+aaf.props
+org.osaaf.aaf.cm.ca.props (leave out Password)
+
+# cd to main docker dir
+cd ../../docker
+
# Start the container in bash mode, so it stays up
sh agent.sh bash
-
# in another shell, find out your Container name
docker container ls | grep aaf_agent
+# CD to directory with CA info in it.
+# (example)
+cd /opt/app/osaaf/CA/intermediate_7
+
# copy keystore for this AAF Env
-docker container cp -L org.osaaf.aaf.p12 <Your Container>:/opt/app/osaaf/local
+docker container cp -L org.osaaf.aaf.p12 aaf_agent_<Your ID>:/opt/app/osaaf/local
# (in Agent Window)
agent encrypt cadi_keystore_password
# If you intend to use Certman to sign certs, it is a "local" CA
# copy Signing Keystore into container
-docker container cp -L org.osaaf.aaf.signer.p12 <Your Container>:/opt/app/osaaf/local
+docker container cp -L org.osaaf.aaf.signer.p12 aaf_agent_<Your ID>:/opt/app/osaaf/local
# (in Agent Window)
agent encrypt cm_ca.local
-# Add in Cassandra Password
-agent encrypt cassandra.clusters.password
-
# Check to make sure all passwords are set
grep "enc:" *.props
diff --git a/auth/docker/agent.sh b/auth/docker/agent.sh
index f734c629..8636cdd1 100644
--- a/auth/docker/agent.sh
+++ b/auth/docker/agent.sh
@@ -7,6 +7,10 @@ docker run \
--mount 'type=volume,src=aaf_config,dst='$CONF_ROOT_DIR',volume-driver=local' \
--add-host="$HOSTNAME:$HOST_IP" \
--add-host="aaf.osaaf.org:$HOST_IP" \
+ --env AAF_ENV=${AAF_ENV} \
+ --env AAF_REGISTER_AS=${AAF_REGISTER_AS} \
+ --env LATITUDE=${LATITUDE} \
+ --env LONGITUDE=${LONGITUDE} \
--name aaf_agent_$USER \
${ORG}/${PROJECT}/aaf_config:${VERSION} \
/bin/bash "$@"
diff --git a/auth/docker/d.props.init b/auth/docker/d.props.init
index d65c11bb..8691591c 100644
--- a/auth/docker/d.props.init
+++ b/auth/docker/d.props.init
@@ -8,5 +8,10 @@ CONF_ROOT_DIR=/opt/app/osaaf
# Local Env info
HOSTNAME=
HOST_IP=
-CASS_HOST=
+CASS_HOST=<cass FQDN>:<cass IP>
+# AAF Machine info
+aaf_env=DEV
+aaf_register_as=$HOSTNAME
+cadi_latitude=
+cadi_longitude=
diff --git a/auth/sample/bin/agent.sh b/auth/sample/bin/agent.sh
index 5d34a8a9..15c3714d 100644
--- a/auth/sample/bin/agent.sh
+++ b/auth/sample/bin/agent.sh
@@ -16,11 +16,21 @@ if [ ! -e /opt/app/osaaf/local/org.osaaf.aaf.props ]; then
for D in public etc logs; do
rsync -avzh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D
done
- $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar config osaaf@aaf.osaaf.org \
+
+ TMP=$(mktemp)
+ echo aaf_env=${AAF_ENV} >> ${TMP}
+ echo cadi_latitude=${LATITUDE} >> ${TMP}
+ echo cadi_longitude=${LONGITUDE} >> ${TMP}
+ echo aaf_register_as=${AAF_REGISTER_AS} >> ${TMP}
+ echo aaf_locate_url=https://${AAF_REGISTER_AS}:8095 >> ${TMP}
+
+ $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar config aaf@aaf.osaaf.org \
cadi_etc_dir=/opt/app/osaaf/local \
- cadi_prop_files=/opt/app/aaf_config/local/initialConfig.props:/opt/app/aaf_config/local/aaf.props \
- cadi_latitude=38.4329 \
- cadi_longitude=-90.43248
+ cadi_prop_files=/opt/app/aaf_config/local/initialConfig.props:/opt/app/aaf_config/local/aaf.props:${TMP}
+ rm ${TMP}
+ # Default Password for Default Cass
+ CASS_PASS=$("$JAVA" -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi digest "cassandra" /opt/app/osaaf/local/org.osaaf.aaf.keyfile)
+ sed -i.backup -e "s/\\(cassandra.clusters.password=enc:\\)/\\1$CASS_PASS/" /opt/app/osaaf/local/org.osaaf.aaf.cassandra.props
fi
# Now run a command
@@ -69,12 +79,30 @@ if [ ! "$CMD" = "" ]; then
cd /opt/app/osaaf/local || exit
/bin/bash "$@"
;;
+ setProp)
+ cd /opt/app/osaaf/local || exit
+ FILES=$(grep -l "$1" ./*.props)
+ if [ "$FILES" = "" ]; then
+ FILES="$3"
+ ADD=Y
+ fi
+ for F in $FILES; do
+ echo "Changing $1 in $F"
+ if [ "$ADD" = "Y" ]; then
+ echo $2 >> $F
+ else
+ sed -i.backup -e "s/\\(${1}.*=\\).*/\\1${2}/" $F
+ fi
+ cat $F
+ done
+ ;;
encrypt)
cd /opt/app/osaaf/local || exit
+ echo $1
FILES=$(grep -l "$1" ./*.props)
- if [ "$FILES" = "" ]; then
- FILES=/opt/app/osaaf/local/org.osaaf.aaf.cred.props
- echo "$1=enc:" >>FILES
+ if [ "$FILES" = "" ]; then
+ FILES=/opt/app/osaaf/local/org.osaaf.aaf.cred.props
+ ADD=Y
fi
for F in $FILES; do
echo "Changing $1 in $F"
@@ -89,10 +117,17 @@ if [ ! "$CMD" = "" ]; then
ORIG_PW="$2"
fi
PWD=$("$JAVA" -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi digest "$ORIG_PW" /opt/app/osaaf/local/org.osaaf.aaf.keyfile)
- sed -i.backup -e "s/\\($1.*enc:\\).*/\\1$PWD/" $F
+ if [ "$ADD" = "Y" ]; then
+ echo "$1=enc:$PWD" >> $F
+ else
+ sed -i.backup -e "s/\\($1.*enc:\\).*/\\1$PWD/" $F
+ fi
cat $F
done
;;
+ taillog)
+ sh /opt/app/osaaf/logs/taillog
+ ;;
--help | -?)
case "$1" in
"")
@@ -100,6 +135,7 @@ if [ ! "$CMD" = "" ]; then
echo " ls - Lists all files in Configuration"
echo " cat <file.props>> - Shows the contents (Prop files only)"
echo " validate - Runs a test using Configuration"
+ echo " setProp <tag> [<value>] - set value on 'tag' (if no value, it will be queried from config)"
echo " encrypt <tag> [<pass>] - set passwords on Configuration (if no pass, it will be queried)"
echo " bash - run bash in Container"
echo " Note: the following aliases are preset"
diff --git a/auth/sample/data/identities.dat b/auth/sample/data/identities.dat
index 358829ef..b5c6ce5a 100644
--- a/auth/sample/data/identities.dat
+++ b/auth/sample/data/identities.dat
@@ -24,7 +24,7 @@ bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|
mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager
ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager
iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager
-osaaf|ID of AAF|||||a|bdevl
+osaaf|ID of AAF|osaaf|AAF Application|||a|bdevl
# ONAP default Users
demo|PORTAL DEMO|PORTAL|DEMO|||e|mmanager
jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|mmanager
diff --git a/auth/sample/data/sample.identities.dat b/auth/sample/data/sample.identities.dat
index 358829ef..13e94b13 100644
--- a/auth/sample/data/sample.identities.dat
+++ b/auth/sample/data/sample.identities.dat
@@ -18,19 +18,29 @@
# 7 - responsible to (i.e Supervisor for People, or AppOwner, if it's an App ID)
#
-iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e|
-mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna
-bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager
-mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager
-ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager
-iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager
-osaaf|ID of AAF|||||a|bdevl
+iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@people.osaaf.com|e|
+mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@people.osaaf.com|e|iowna
+bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.developer@people.osaaf.com|e|mmanager
+mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@people.osaaf.com|e|mmanager
+ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@people.osaaf.com|c|mmanager
+iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@people.osaaf.com|n|mmanager
# ONAP default Users
-demo|PORTAL DEMO|PORTAL|DEMO|||e|mmanager
-jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|mmanager
-cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|mmanager
-jm0007|PORTAL TESTER|PORTAL|TESTER|||e|mmanager
-op0001|PORTAL OPS|PORTAL|OPS|||e|mmanager
-gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|mmanager
+demo|PORTAL DEMO|PORTAL|DEMO|||e|aaf
+jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|aaf
+cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|aaf
+jm0007|PORTAL TESTER|PORTAL|TESTER|||e|aaf
+op0001|PORTAL OPS|PORTAL|OPS|||e|aaf
+gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|aaf
+# ONAP App IDs
+aaf|AAF Application|AAF|Application|||a|bdevl
+aaf-sms|AAF SMS Application|AAF SMS|Application|||a|aaf
+clamp|ONAP CLAMP Application|CLAMP|Application|||a|aaf
+aai|ONAP AAI Application|AAI|ONAP Application|||a|aaf
+appc|ONAP APPC Application|APPC|ONAP Application|||a|aaf
+dcae|ONAP DCAE Application|CLAMP|ONAP Application|||a|aaf
+dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|||a|aaf
+dmaap-mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|||a|aaf
+oof|ONAP OOF Application|OOF|ONAP Application|||a|aaf
+sdnc|ONAP SDNC Application|SDNC|ONAP Application|||a|aaf
diff --git a/auth/sample/local/.gitignore b/auth/sample/local/.gitignore
deleted file mode 100644
index e69de29b..00000000
--- a/auth/sample/local/.gitignore
+++ /dev/null
diff --git a/auth/sample/local/aaf.props b/auth/sample/local/aaf.props
index 8237c4e9..c9fb8f98 100644
--- a/auth/sample/local/aaf.props
+++ b/auth/sample/local/aaf.props
@@ -11,12 +11,11 @@ aaf_default_realm=people.osaaf.org
# Initial Passwords and such
aaf_password=startup
-cadi_alias=osaaf@aaf.osaaf.org
+cadi_alias=aaf@aaf.osaaf.org
cadi_keystore=/opt/app/osaaf/local/org.osaaf.aaf.p12
-cadi_keystore_password=kumquat
cadi_truststore=/opt/app/osaaf/public/truststoreONAPall.jks
cadi_truststore_password=changeit
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US
# Other
aaf_data_dir=/opt/app/osaaf/data
-cadi_registration_hostname=meriadoc.mithril.sbc.com
diff --git a/auth/sample/local/initialConfig.props b/auth/sample/local/initialConfig.props
index f9ad077a..13704244 100644
--- a/auth/sample/local/initialConfig.props
+++ b/auth/sample/local/initialConfig.props
@@ -1,10 +1,8 @@
-aaf_env=DEV
aaf_locate_url=https://aaf-onap-test.osaaf.org:8095
aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect
aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.1/token
aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1
cadi_protocols=TLSv1.1,TLSv1.2
-cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US
cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1
fs_url=https://AAF_LOCATE_URL/AAF_NS.fs.2.1
gui_url=https://AAF_LOCATE_URL/AAF_NS.gui.2.1
diff --git a/auth/sample/local/org.osaaf.aaf.cm.ca.props b/auth/sample/local/org.osaaf.aaf.cm.ca.props
index 92d55f92..5c692f4b 100644
--- a/auth/sample/local/org.osaaf.aaf.cm.ca.props
+++ b/auth/sample/local/org.osaaf.aaf.cm.ca.props
@@ -1,10 +1,10 @@
##
## org.osaaf.cm.ca.props
-## Properties to access Certifiate Authority
+## Properties to access Certificate Authority
##
#Certman
-cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,/opt/app/osaaf/local/aaf_intermediate_1.p12;aaf_intermediate_1;enc:
+cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,/opt/app/osaaf/local/org.osaaf.aaf.signer.p12;aaf_intermediate_7;enc:
cm_ca.local.idDomains=org.osaaf
cm_ca.local.baseSubject=/OU=OSAAF/O=ONAP/C=US
cm_ca.local.perm_type=org.osaaf.aaf.ca
diff --git a/auth/sample/logs/clean b/auth/sample/logs/clean
index e92e1bd3..7d5152b9 100644
--- a/auth/sample/logs/clean
+++ b/auth/sample/logs/clean
@@ -1,3 +1,4 @@
+cd /opt/app/osaaf/logs
for D in `find . -type d`; do
if [ "$D" != "./" ]; then
rm -f $D/*.log
diff --git a/auth/sample/logs/taillog b/auth/sample/logs/taillog
index b4482d09..2b3de6e5 100644
--- a/auth/sample/logs/taillog
+++ b/auth/sample/logs/taillog
@@ -1 +1,2 @@
+cd /opt/app/osaaf/logs
tail -f `find . -name *service*.log -ctime 0`