Changes from Testing AAF Config

Issue-ID: AAF-378 Change-Id: Icca28ee4e76b8329c7e068ba9305f9f647b6e479 Signed-off-by: Instrumental <jonathan.gathman@att.com>
author: Instrumental <jonathan.gathman@att.com> 2018-07-16 18:41:10 -0500
committer: Instrumental <jonathan.gathman@att.com> 2018-07-16 18:42:18 -0500
commit: 9c8a8b0926b13b07fb1e5394903401e7a3f1ff79 (patch)
tree: 29d65b58d4ebfc79e8d91752133c85d48699b71d /auth
parent: 4ad4763d8c9191998cc671a884d1af5da6ba8bb9 (diff)
16 files changed, 104 insertions, 40 deletions
diff --git a/auth/auth-cass/docker/dinstall.sh b/auth/auth-cass/docker/dinstall.sh
index bdbadf68..d6fcb9f9 100644
--- a/auth/auth-cass/docker/dinstall.sh
+++ b/auth/auth-cass/docker/dinstall.sh
@@ -56,6 +56,7 @@ if [ "`$DOCKER ps -a | grep aaf_cass`" == "" ]; then
     echo " cqlsh -f keyspace.cql"
     echo " cqlsh -f init.cql"
     echo " cqlsh -f osaaf.cql"
+    echo " cqlsh -f temp_identity.cql"
     echo ""
     echo "The following will give you a temporary identity with which to start working, or emergency"
     echo " cqlsh -f temp_identity.cql"
diff --git a/auth/auth-cass/src/main/cql/osaaf.cql b/auth/auth-cass/src/main/cql/osaaf.cql
index 40e79f10..b3d895b9 100644
--- a/auth/auth-cass/src/main/cql/osaaf.cql
+++ b/auth/auth-cass/src/main/cql/osaaf.cql
@@ -51,10 +51,10 @@ INSERT INTO role(ns, name, perms, description)
 
 // OSAAF Root
 INSERT INTO user_role(user,role,expires,ns,rname)
-  VALUES ('osaaf@aaf.osaaf.org','org.admin','2018-10-31','org','admin') using TTL 14400;
+  VALUES ('aaf@aaf.osaaf.org','org.admin','2018-10-31','org','admin') using TTL 14400;
 
 INSERT INTO user_role(user,role,expires,ns,rname)
-  VALUES ('osaaf@aaf.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin') using TTL 14400;
+  VALUES ('aaf@aaf.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin') using TTL 14400;
 
 
 // ONAP Specific Entities
diff --git a/auth/auth-cass/src/main/cql/temp_identity.cql b/auth/auth-cass/src/main/cql/temp_identity.cql
index b7415beb..3032372b 100644
--- a/auth/auth-cass/src/main/cql/temp_identity.cql
+++ b/auth/auth-cass/src/main/cql/temp_identity.cql
@@ -1,5 +1,5 @@
 USE authz;
 // Create Root pass
 INSERT INTO cred (id,ns,type,cred,expires)
-  VALUES ('osaaf@aaf.osaaf.org','org.osaaf.aaf',1,0xdd82c1882969461de74b46427961ea2c,'2099-12-31') using TTL 14400;
+  VALUES ('aaf@aaf.osaaf.org','org.osaaf.aaf',1,0xdd82c1882969461de74b46427961ea2c,'2099-12-31') using TTL 14400;
 
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java
index 695d80f7..1ddf022c 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectRegistrar.java
@@ -63,7 +63,7 @@ public class DirectRegistrar implements Registrant<AuthzEnv> {
 			locate.patch = split.length>2?Integer.parseInt(split[2]):0;
 			locate.minor = split.length>1?Integer.parseInt(split[1]):0;
 			locate.major = split.length>0?Integer.parseInt(split[0]):0;
-			locate.hostname = access.getProperty(Config.CADI_REGISTRATION_HOSTNAME, null);
+			locate.hostname = access.getProperty(Config.AAF_REGISTER_AS, null);
 			if(locate.hostname==null) {
 				locate.hostname = access.getProperty(Config.HOSTNAME, null);
 			}
diff --git a/auth/docker/README.txt b/auth/docker/README.txt
index 32ed3489..3eb554b1 100644
--- a/auth/docker/README.txt
+++ b/auth/docker/README.txt
@@ -1,24 +1,33 @@
+#
+# Edit the following in <your ONAP authz dir>/auth/sample/local
+# 
+aaf.props
+org.osaaf.aaf.cm.ca.props  (leave out Password)
+
+# cd to main docker dir
+cd ../../docker
+
 # Start the container in bash mode, so it stays up
 sh agent.sh bash
 
-
 # in another shell, find out your Container name
 docker container ls | grep aaf_agent
 
+# CD to directory with CA info in it.
+# (example)
+cd /opt/app/osaaf/CA/intermediate_7
+
 # copy keystore for this AAF Env 
-docker container cp -L org.osaaf.aaf.p12 <Your Container>:/opt/app/osaaf/local
+docker container cp -L org.osaaf.aaf.p12 aaf_agent_<Your ID>:/opt/app/osaaf/local
 # (in Agent Window)
 agent encrypt cadi_keystore_password
 
 # If you intend to use Certman to sign certs, it is a "local" CA
 # copy Signing Keystore into container
-docker container cp -L org.osaaf.aaf.signer.p12 <Your Container>:/opt/app/osaaf/local
+docker container cp -L org.osaaf.aaf.signer.p12 aaf_agent_<Your ID>:/opt/app/osaaf/local
 # (in Agent Window)
 agent encrypt cm_ca.local 
 
-# Add in Cassandra Password 
-agent encrypt cassandra.clusters.password
-
 # Check to make sure all passwords are set
 grep "enc:" *.props
 
diff --git a/auth/docker/agent.sh b/auth/docker/agent.sh
index f734c629..8636cdd1 100644
--- a/auth/docker/agent.sh
+++ b/auth/docker/agent.sh
@@ -7,6 +7,10 @@ docker run \
     --mount 'type=volume,src=aaf_config,dst='$CONF_ROOT_DIR',volume-driver=local' \
     --add-host="$HOSTNAME:$HOST_IP" \
     --add-host="aaf.osaaf.org:$HOST_IP" \
+    --env AAF_ENV=${AAF_ENV} \
+    --env AAF_REGISTER_AS=${AAF_REGISTER_AS} \
+    --env LATITUDE=${LATITUDE} \
+    --env LONGITUDE=${LONGITUDE} \
     --name aaf_agent_$USER \
     ${ORG}/${PROJECT}/aaf_config:${VERSION} \
     /bin/bash "$@"
diff --git a/auth/docker/d.props.init b/auth/docker/d.props.init
index d65c11bb..8691591c 100644
--- a/auth/docker/d.props.init
+++ b/auth/docker/d.props.init
@@ -8,5 +8,10 @@ CONF_ROOT_DIR=/opt/app/osaaf
 # Local Env info
 HOSTNAME=
 HOST_IP=
-CASS_HOST=
+CASS_HOST=<cass FQDN>:<cass IP>
 
+# AAF Machine info
+aaf_env=DEV
+aaf_register_as=$HOSTNAME
+cadi_latitude=
+cadi_longitude=
diff --git a/auth/sample/bin/agent.sh b/auth/sample/bin/agent.sh
index 5d34a8a9..15c3714d 100644
--- a/auth/sample/bin/agent.sh
+++ b/auth/sample/bin/agent.sh
@@ -16,11 +16,21 @@ if [ ! -e /opt/app/osaaf/local/org.osaaf.aaf.props ]; then
     for D in public etc logs; do
         rsync -avzh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D
     done
-    $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar config osaaf@aaf.osaaf.org \
+
+    TMP=$(mktemp)
+    echo aaf_env=${AAF_ENV} >> ${TMP}
+    echo cadi_latitude=${LATITUDE} >> ${TMP}
+    echo cadi_longitude=${LONGITUDE} >> ${TMP}
+    echo aaf_register_as=${AAF_REGISTER_AS} >> ${TMP}
+    echo aaf_locate_url=https://${AAF_REGISTER_AS}:8095 >> ${TMP}
+
+    $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar config aaf@aaf.osaaf.org \
         cadi_etc_dir=/opt/app/osaaf/local \
-        cadi_prop_files=/opt/app/aaf_config/local/initialConfig.props:/opt/app/aaf_config/local/aaf.props \
-        cadi_latitude=38.4329 \
-        cadi_longitude=-90.43248
+        cadi_prop_files=/opt/app/aaf_config/local/initialConfig.props:/opt/app/aaf_config/local/aaf.props:${TMP}
+    rm ${TMP}
+    # Default Password for Default Cass
+    CASS_PASS=$("$JAVA" -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi digest "cassandra" /opt/app/osaaf/local/org.osaaf.aaf.keyfile)
+    sed -i.backup -e "s/\\(cassandra.clusters.password=enc:\\)/\\1$CASS_PASS/" /opt/app/osaaf/local/org.osaaf.aaf.cassandra.props
 fi
 
 # Now run a command
@@ -69,12 +79,30 @@ if [ ! "$CMD" = "" ]; then
         cd /opt/app/osaaf/local || exit
         /bin/bash "$@"
         ;;
+    setProp)
+        cd /opt/app/osaaf/local || exit
+        FILES=$(grep -l "$1" ./*.props)
+	if [ "$FILES" = "" ]; then 
+  	    FILES="$3"
+	    ADD=Y
+	fi
+        for F in $FILES; do
+            echo "Changing $1 in $F"
+	    if [ "$ADD" = "Y" ]; then
+		echo $2 >> $F
+	    else 
+                sed -i.backup -e "s/\\(${1}.*=\\).*/\\1${2}/" $F
+	    fi
+            cat $F
+        done
+        ;;
     encrypt)
         cd /opt/app/osaaf/local || exit
+	echo $1
         FILES=$(grep -l "$1" ./*.props)
-        if [ "$FILES" = "" ]; then
-            FILES=/opt/app/osaaf/local/org.osaaf.aaf.cred.props
-            echo "$1=enc:" >>FILES
+	if [ "$FILES" = "" ]; then
+             FILES=/opt/app/osaaf/local/org.osaaf.aaf.cred.props
+	     ADD=Y
         fi
         for F in $FILES; do
             echo "Changing $1 in $F"
@@ -89,10 +117,17 @@ if [ ! "$CMD" = "" ]; then
                 ORIG_PW="$2"
             fi
             PWD=$("$JAVA" -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi digest "$ORIG_PW" /opt/app/osaaf/local/org.osaaf.aaf.keyfile)
-            sed -i.backup -e "s/\\($1.*enc:\\).*/\\1$PWD/" $F
+            if [ "$ADD" = "Y" ]; then
+                  echo "$1=enc:$PWD" >> $F
+            else 
+            	sed -i.backup -e "s/\\($1.*enc:\\).*/\\1$PWD/" $F
+	   fi
             cat $F
         done
         ;;
+    taillog) 
+	sh /opt/app/osaaf/logs/taillog
+	;;
     --help | -?)
         case "$1" in
         "")
@@ -100,6 +135,7 @@ if [ ! "$CMD" = "" ]; then
             echo "  ls                      - Lists all files in Configuration"
             echo "  cat <file.props>>       - Shows the contents (Prop files only)"
             echo "  validate                - Runs a test using Configuration"
+            echo "  setProp <tag> [<value>] - set value on 'tag' (if no value, it will be queried from config)"
             echo "  encrypt <tag> [<pass>]  - set passwords on Configuration (if no pass, it will be queried)"
             echo "  bash                    - run bash in Container"
             echo "     Note: the following aliases are preset"
diff --git a/auth/sample/data/identities.dat b/auth/sample/data/identities.dat
index 358829ef..b5c6ce5a 100644
--- a/auth/sample/data/identities.dat
+++ b/auth/sample/data/identities.dat
@@ -24,7 +24,7 @@ bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|
 mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager
 ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager
 iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager
-osaaf|ID of AAF|||||a|bdevl
+osaaf|ID of AAF|osaaf|AAF Application|||a|bdevl
 # ONAP default Users
 demo|PORTAL DEMO|PORTAL|DEMO|||e|mmanager
 jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|mmanager
diff --git a/auth/sample/data/sample.identities.dat b/auth/sample/data/sample.identities.dat
index 358829ef..13e94b13 100644
--- a/auth/sample/data/sample.identities.dat
+++ b/auth/sample/data/sample.identities.dat
@@ -18,19 +18,29 @@
 #  7 - responsible to (i.e Supervisor for People, or AppOwner, if it's an App ID)
 #
 
-iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e|
-mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna
-bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager
-mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager
-ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager
-iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager
-osaaf|ID of AAF|||||a|bdevl
+iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@people.osaaf.com|e|
+mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@people.osaaf.com|e|iowna
+bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.developer@people.osaaf.com|e|mmanager
+mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@people.osaaf.com|e|mmanager
+ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@people.osaaf.com|c|mmanager
+iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@people.osaaf.com|n|mmanager
 # ONAP default Users
-demo|PORTAL DEMO|PORTAL|DEMO|||e|mmanager
-jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|mmanager
-cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|mmanager
-jm0007|PORTAL TESTER|PORTAL|TESTER|||e|mmanager
-op0001|PORTAL OPS|PORTAL|OPS|||e|mmanager
-gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|mmanager
+demo|PORTAL DEMO|PORTAL|DEMO|||e|aaf
+jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|aaf
+cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|aaf
+jm0007|PORTAL TESTER|PORTAL|TESTER|||e|aaf
+op0001|PORTAL OPS|PORTAL|OPS|||e|aaf
+gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|aaf
+# ONAP App IDs
+aaf|AAF Application|AAF|Application|||a|bdevl
+aaf-sms|AAF SMS Application|AAF SMS|Application|||a|aaf
+clamp|ONAP CLAMP Application|CLAMP|Application|||a|aaf
+aai|ONAP AAI Application|AAI|ONAP Application|||a|aaf
+appc|ONAP APPC Application|APPC|ONAP Application|||a|aaf
+dcae|ONAP DCAE Application|CLAMP|ONAP Application|||a|aaf
+dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|||a|aaf
+dmaap-mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|||a|aaf
+oof|ONAP OOF Application|OOF|ONAP Application|||a|aaf
+sdnc|ONAP SDNC Application|SDNC|ONAP Application|||a|aaf
 
 
diff --git a/auth/sample/local/.gitignore b/auth/sample/local/.gitignore
deleted file mode 100644
index e69de29b..00000000
--- a/auth/sample/local/.gitignore
+++ /dev/null
diff --git a/auth/sample/local/aaf.props b/auth/sample/local/aaf.props
index 8237c4e9..c9fb8f98 100644
--- a/auth/sample/local/aaf.props
+++ b/auth/sample/local/aaf.props
@@ -11,12 +11,11 @@ aaf_default_realm=people.osaaf.org
 
 # Initial Passwords and such
 aaf_password=startup
-cadi_alias=osaaf@aaf.osaaf.org
+cadi_alias=aaf@aaf.osaaf.org
 cadi_keystore=/opt/app/osaaf/local/org.osaaf.aaf.p12
-cadi_keystore_password=kumquat
 cadi_truststore=/opt/app/osaaf/public/truststoreONAPall.jks
 cadi_truststore_password=changeit
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US
 
 # Other
 aaf_data_dir=/opt/app/osaaf/data
-cadi_registration_hostname=meriadoc.mithril.sbc.com
diff --git a/auth/sample/local/initialConfig.props b/auth/sample/local/initialConfig.props
index f9ad077a..13704244 100644
--- a/auth/sample/local/initialConfig.props
+++ b/auth/sample/local/initialConfig.props
@@ -1,10 +1,8 @@
-aaf_env=DEV
 aaf_locate_url=https://aaf-onap-test.osaaf.org:8095
 aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect
 aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.1/token
 aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1
 cadi_protocols=TLSv1.1,TLSv1.2
-cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US
 cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1
 fs_url=https://AAF_LOCATE_URL/AAF_NS.fs.2.1
 gui_url=https://AAF_LOCATE_URL/AAF_NS.gui.2.1
diff --git a/auth/sample/local/org.osaaf.aaf.cm.ca.props b/auth/sample/local/org.osaaf.aaf.cm.ca.props
index 92d55f92..5c692f4b 100644
--- a/auth/sample/local/org.osaaf.aaf.cm.ca.props
+++ b/auth/sample/local/org.osaaf.aaf.cm.ca.props
@@ -1,10 +1,10 @@
 ##
 ## org.osaaf.cm.ca.props
-## Properties to access Certifiate Authority
+## Properties to access Certificate Authority
 ##
 
 #Certman
-cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,/opt/app/osaaf/local/aaf_intermediate_1.p12;aaf_intermediate_1;enc:
+cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,/opt/app/osaaf/local/org.osaaf.aaf.signer.p12;aaf_intermediate_7;enc:
 cm_ca.local.idDomains=org.osaaf
 cm_ca.local.baseSubject=/OU=OSAAF/O=ONAP/C=US
 cm_ca.local.perm_type=org.osaaf.aaf.ca
diff --git a/auth/sample/logs/clean b/auth/sample/logs/clean
index e92e1bd3..7d5152b9 100644
--- a/auth/sample/logs/clean
+++ b/auth/sample/logs/clean
@@ -1,3 +1,4 @@
+cd /opt/app/osaaf/logs
 for D in `find . -type d`; do 
   if [ "$D" != "./" ]; then 
 	rm -f $D/*.log
diff --git a/auth/sample/logs/taillog b/auth/sample/logs/taillog
index b4482d09..2b3de6e5 100644
--- a/auth/sample/logs/taillog
+++ b/auth/sample/logs/taillog
@@ -1 +1,2 @@
+cd /opt/app/osaaf/logs
 tail -f `find . -name *service*.log -ctime 0`
author	Instrumental <jonathan.gathman@att.com>	2018-07-16 18:41:10 -0500
committer	Instrumental <jonathan.gathman@att.com>	2018-07-16 18:42:18 -0500
commit	9c8a8b0926b13b07fb1e5394903401e7a3f1ff79 (patch)
tree	29d65b58d4ebfc79e8d91752133c85d48699b71d /auth
parent	4ad4763d8c9191998cc671a884d1af5da6ba8bb9 (diff)