diff options
author | Instrumental <jcgmisc@stl.gathman.org> | 2018-03-26 14:09:21 -0700 |
---|---|---|
committer | Instrumental <jcgmisc@stl.gathman.org> | 2018-03-26 14:09:26 -0700 |
commit | 0ed473b17619d749bbdf56ad17199e71fb04c2be (patch) | |
tree | 190e4d83bffbc386eb7b8dd670f14809343dd664 /authz-service/src/main/resources | |
parent | 10027f3cd15afd2c8ef341e5cd92de911e07965e (diff) |
AT&T 2.0.19 Code drop, stage 5
Issue-ID: AAF-197
Change-Id: I81dd2a8fd8cd4d4771e390609909c86ac09b7dac
Signed-off-by: Instrumental <jcgmisc@stl.gathman.org>
Diffstat (limited to 'authz-service/src/main/resources')
18 files changed, 0 insertions, 840 deletions
diff --git a/authz-service/src/main/resources/dme2reg/service=org.onap.aaf.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE.txt b/authz-service/src/main/resources/dme2reg/service=org.onap.aaf.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE.txt deleted file mode 100644 index b88df64e..00000000 --- a/authz-service/src/main/resources/dme2reg/service=org.onap.aaf.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE.txt +++ /dev/null @@ -1,8 +0,0 @@ -# -#Wed Nov 30 23:48:45 EST 2016 -alcdtl15rj6015,60498=latitude\=32.78014;longitude\=-96.800451;lease\=1480372013837;protocol\=http;contextPath\=/;routeOffer\=BAU_SE -ALCDTL46RJ6015,55998=latitude\=32.78014;longitude\=-96.800451;lease\=1479687428093;protocol\=http;contextPath\=/;routeOffer\=BAU_SE -localhost,42246=latitude\=32.78014;longitude\=-96.800451;lease\=1478985613892;protocol\=http;contextPath\=/;routeOffer\=BAU_SE -localhost,39157=latitude\=32.78014;longitude\=-96.800451;lease\=1478811101528;protocol\=http;contextPath\=/;routeOffer\=BAU_SE -alcdtl15rj6015,55889=latitude\=32.78014;longitude\=-96.800451;lease\=1480371829514;protocol\=http;contextPath\=/;routeOffer\=BAU_SE -localhost,36473=latitude\=32.78014;longitude\=-96.800451;lease\=1478801682319;protocol\=http;contextPath\=/;routeOffer\=BAU_SE diff --git a/authz-service/src/main/resources/docker-compose/data/ecomp.cql b/authz-service/src/main/resources/docker-compose/data/ecomp.cql deleted file mode 100644 index 6fddf650..00000000 --- a/authz-service/src/main/resources/docker-compose/data/ecomp.cql +++ /dev/null @@ -1,169 +0,0 @@ -USE authz; - -// Create Root pass -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('dgl@openecomp.org','org.openecomp',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - - -// Create 'com' root NS -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com',1,'Root Namespace',null,1); - -INSERT INTO role(ns, name, perms, description) - VALUES('com','admin',{'com.access|*|*'},'Com Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('com','owner',{'com.access|*|read'},'Com Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com','access','*','read',{'com.owner'},'Com Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com','access','*','*',{'com.admin'},'Com Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.owner','2020-12-31','com','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.admin','2020-12-31','com','admin'); - -// Create org root NS -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org',1,'Root Namespace Org',null,1); - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp.dcae',3,'DCAE Namespace Org','org.openecomp',3); - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp.dmaapBC',3,'DMaaP BC Namespace Org','org.openecomp',3); - -INSERT INTO role(ns, name, perms, description) - VALUES('org','admin',{'org.access|*|*'},'Com Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org','owner',{'org.access|*|read'},'Com Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org','access','*','read',{'org.owner'},'Com Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org','access','*','*',{'org.admin'},'Com Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.owner','2020-12-31','org','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.admin','2020-12-31','org','admin'); - - -// Create com.att - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com.att',2,'AT&T Namespace','com',2); - -INSERT INTO role(ns, name, perms,description) - VALUES('com.att','admin',{'com.att.access|*|*'},'AT&T Admins'); - -INSERT INTO role(ns, name, perms,description) - VALUES('com.att','owner',{'com.att.access|*|read'},'AT&T Owners'); - -INSERT INTO perm(ns, type, instance, action, roles,description) - VALUES ('com.att','access','*','read',{'com.att.owner'},'AT&T Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles,description) - VALUES ('com.att','access','*','*',{'com.att.admin'},'AT&T Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.owner','2020-12-31','com.att','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.admin','2020-12-31','com.att','admin'); - -// Create com.att.aaf - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com.att.aaf',3,'Application Authorization Framework','com.att',3); - -INSERT INTO role(ns, name, perms, description) - VALUES('com.att.aaf','admin',{'com.att.aaf.access|*|*'},'AAF Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('com.att.aaf','owner',{'com.att.aaf.access|*|read'},'AAF Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com.att.aaf','access','*','read',{'com.att.aaf.owner'},'AAF Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com.att.aaf','access','*','*',{'com.att.aaf.admin'},'AAF Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.aaf.admin','2020-12-31','com.att.aaf','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.aaf.owner','2020-12-31','com.att.aaf','owner'); - - -// Create org.openecomp -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp',2,'Open EComp NS','com.att',2); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp','admin',{'org.openecomp.access|*|*'},'OpenEcomp Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp','owner',{'org.openecomp.access|*|read'},'OpenEcomp Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp','access','*','read',{'org.openecomp.owner'},'OpenEcomp Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp','access','*','*',{'org.openecomp.admin'},'OpenEcomp Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.openecomp.admin','2020-12-31','org.openecomp','admin'); - -// Create org.openecomp.dmaapBC - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp.dmaapBC',3,'Application Authorization Framework','org.openecomp',3); - -//INSERT INTO role(ns, name, perms, description) -// VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*'},'AAF Admins'); - -INSERT INTO role(ns, name, perms, description) -VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.topicFactory|:org.openecomp.dmaapBC.topic:org.openecomp.dmaapBC|create','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins'); - -//INSERT INTO role(ns, name, perms, description) -//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub'},'AAF Admins'); - -//INSERT INTO role(ns, name, perms, description) -//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins'); - - - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp.dmaapBC','owner',{'org.openecomp.dmaapBC.access|*|read'},'AAF Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp.dmaapBC','access','*','read',{'org.openecomp.dmaapBC.owner'},'AAF Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp.dmaapBC','access','*','*',{'org.openecomp.dmaapBC.admin'},'AAF Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); diff --git a/authz-service/src/main/resources/docker-compose/data/identities.dat b/authz-service/src/main/resources/docker-compose/data/identities.dat deleted file mode 100644 index 98bf99a3..00000000 --- a/authz-service/src/main/resources/docker-compose/data/identities.dat +++ /dev/null @@ -1,7 +0,0 @@ -iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e| -mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna -bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager -mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager -ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager -iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager -osaaf|ID of AAF|||||a|bdevl diff --git a/authz-service/src/main/resources/docker-compose/data/identities.idx b/authz-service/src/main/resources/docker-compose/data/identities.idx Binary files differdeleted file mode 100644 index 78fc0a56..00000000 --- a/authz-service/src/main/resources/docker-compose/data/identities.idx +++ /dev/null diff --git a/authz-service/src/main/resources/docker-compose/data/init.cql b/authz-service/src/main/resources/docker-compose/data/init.cql deleted file mode 100644 index 81700f83..00000000 --- a/authz-service/src/main/resources/docker-compose/data/init.cql +++ /dev/null @@ -1,242 +0,0 @@ -// For Developer Machine single instance -// -CREATE KEYSPACE authz -WITH REPLICATION = {'class' : 'SimpleStrategy','replication_factor':1}; -// -// From Ravi, 6-17-2014. User for DEVL->TEST -// -// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'HYWRCA02': '2', 'BRHMALDC': '2' }; -// -// PROD -// -// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','ALPSGACT': '2','STLSMORC': '2','BRHMALDC': '2' }; -// -// create user authz with password '<AUTHZ PASSWORD>' superuser; -// grant all on keyspace authz to authz; -// -// For TEST (aaf_test) -// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'BRHMALDC': '1' }; -// -// DEVL -// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '2' }; -// -// TEST / PERF -// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '3','KGMTNC20': '3' }; -// -// IST -// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC':'3', -// 'DLLSTXCF':'3','KGMTNC20':'3','SFLDMIBB':'3','HYWRCA02':'3' }; -// -// with 6 localized with ccm -// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'dc1': '2', 'dc2': '2' }; -// - -USE authz; - -// -// CORE Table function -// - -// Namespace - establish hierarchical authority to modify -// Permissions and Roles -// "scope" is flag to determine Policy. Typical important scope -// is "company" (1) -CREATE TABLE ns ( - name varchar, - scope int, // deprecated 2.0.11 - description varchar, - parent varchar, - type int, - PRIMARY KEY (name) -); -CREATE INDEX ns_parent on ns(parent); - - -// Oct 2015, not performant. Made Owner and Attrib first class Roles, -// April, 2015. Originally, the plan was to utilize Cassandra 2.1.2, however, other team's preferences were to remain at current levels. -// Therefore, we are taking the separate table approach. (coder Jeremiah Rohwedder) -// We had dropped this by making first class objects of Responsible (Owner) and Admin. We need this again to mark namespaces -// as having certain tools, like SWM, etc. -CREATE TABLE ns_attrib ( - ns varchar, - key varchar, - value varchar, - PRIMARY KEY (ns,key) -); -create index ns_attrib_key on ns_attrib(key); - -// Will be cached -CREATE TABLE role ( - ns varchar, - name varchar, - perms set<varchar>, // Use "Key" of "name|type|action" - description varchar, - PRIMARY KEY (ns,name) -); -CREATE INDEX role_name ON role(name); - -// Will be cached -CREATE TABLE perm ( - ns varchar, - type varchar, - instance varchar, - action varchar, - roles set<varchar>, // Need to find Roles given Permissions - description varchar, - PRIMARY KEY (ns,type,instance,action) -); - -// This table is user for Authorization -CREATE TABLE user_role ( - user varchar, - role varchar, // deprecated: change to ns/rname after 2.0.11 - ns varchar, - rname varchar, - expires timestamp, - PRIMARY KEY(user,role) - ); -CREATE INDEX user_role_ns ON user_role(ns); -CREATE INDEX user_role_role ON user_role(role); - -// This table is only for the case where return User Credential (MechID) Authentication -CREATE TABLE cred ( - id varchar, - type int, - expires timestamp, - ns varchar, - other int, - notes varchar, - cred blob, - prev blob, - PRIMARY KEY (id,type,expires) - ); -CREATE INDEX cred_ns ON cred(ns); - -// Certificate Cross Table -// coordinated with CRED type 2 -CREATE TABLE cert ( - fingerprint blob, - id varchar, - x500 varchar, - expires timestamp, - PRIMARY KEY (fingerprint) - ); -CREATE INDEX cert_id ON cert(id); -CREATE INDEX cert_x500 ON cert(x500); - -CREATE TABLE notify ( - user text, - type int, - last timestamp, - checksum int, - PRIMARY KEY (user,type) -); - -CREATE TABLE x509 ( - ca text, - serial blob, - id text, - x500 text, - x509 text, - PRIMARY KEY (ca,serial) -); - - -CREATE INDEX x509_id ON x509 (id); -CREATE INDEX x509_x500 ON x509 (x500); - -// -// Deployment Artifact (for Certman) -// -CREATE TABLE artifact ( - mechid text, - machine text, - type Set<text>, - sponsor text, - ca text, - dir text, - appName text, - os_user text, - notify text, - expires timestamp, - renewDays int, - PRIMARY KEY (mechid,machine) -); -CREATE INDEX artifact_machine ON artifact(machine); - -// -// Non-Critical Table functions -// -// Table Info - for Caching -CREATE TABLE cache ( - name varchar, - seg int, // cache Segment - touched timestamp, - PRIMARY KEY(name,seg) -); - -CREATE TABLE history ( - id timeuuid, - yr_mon int, - user varchar, - action varchar, - target varchar, // user, user_role, - subject varchar, // field for searching main portion of target key - memo varchar, //description of the action - reconstruct blob, //serialized form of the target - // detail Map<varchar, varchar>, // additional information - PRIMARY KEY (id) -); -CREATE INDEX history_yr_mon ON history(yr_mon); -CREATE INDEX history_user ON history(user); -CREATE INDEX history_subject ON history(subject); - -// -// A place to hold objects to be created at a future time. -// -CREATE TABLE future ( - id uuid, // uniquify - target varchar, // Target Table - memo varchar, // Description - start timestamp, // When it should take effect - expires timestamp, // When not longer valid - construct blob, // How to construct this object (like History) - PRIMARY KEY(id) -); -CREATE INDEX future_idx ON future(target); -CREATE INDEX future_start_idx ON future(start); - - -CREATE TABLE approval ( - id timeuuid, // unique Key - ticket uuid, // Link to Future Record - user varchar, // the user who needs to be approved - approver varchar, // user approving - type varchar, // approver types i.e. Supervisor, Owner - status varchar, // approval status. pending, approved, denied - memo varchar, // Text for Approval to know what's going on - operation varchar, // List operation to perform - PRIMARY KEY(id) - ); -CREATE INDEX appr_approver_idx ON approval(approver); -CREATE INDEX appr_user_idx ON approval(user); -CREATE INDEX appr_ticket_idx ON approval(ticket); -CREATE INDEX appr_status_idx ON approval(status); - -CREATE TABLE delegate ( - user varchar, - delegate varchar, - expires timestamp, - PRIMARY KEY (user) -); -CREATE INDEX delg_delg_idx ON delegate(delegate); - -// -// Used by authz-batch processes to ensure only 1 runs at a time -// -CREATE TABLE run_lock ( - class text, - host text, - start timestamp, - PRIMARY KEY ((class)) -); diff --git a/authz-service/src/main/resources/docker-compose/data2/identities.dat b/authz-service/src/main/resources/docker-compose/data2/identities.dat deleted file mode 100644 index 95eb51d1..00000000 --- a/authz-service/src/main/resources/docker-compose/data2/identities.dat +++ /dev/null @@ -1,9 +0,0 @@ -iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e| -mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna -bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager -mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager -ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager -iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager -osaaf|ID of AAF|||||a|bdevl -m99751|ID of AAF|||||a|bdevl -m99501|ID of AAF|||||a|bdevl diff --git a/authz-service/src/main/resources/docker-compose/docker-compose.yml b/authz-service/src/main/resources/docker-compose/docker-compose.yml deleted file mode 100644 index 8ae91a6c..00000000 --- a/authz-service/src/main/resources/docker-compose/docker-compose.yml +++ /dev/null @@ -1,58 +0,0 @@ -#-------------------------------------------------------------------------------
-# ============LICENSE_START====================================================
-# * org.onap.aaf
-# * ===========================================================================
-# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
-# * ===========================================================================
-# * Licensed under the Apache License, Version 2.0 (the "License");
-# * you may not use this file except in compliance with the License.
-# * You may obtain a copy of the License at
-# *
-# * http://www.apache.org/licenses/LICENSE-2.0
-# *
-# * Unless required by applicable law or agreed to in writing, software
-# * distributed under the License is distributed on an "AS IS" BASIS,
-# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# * See the License for the specific language governing permissions and
-# * limitations under the License.
-# * ============LICENSE_END====================================================
-# *
-# * ECOMP is a trademark and service mark of AT&T Intellectual Property.
-# *
-#-------------------------------------------------------------------------------
-version: '2'
-services:
- aaf_container:
- image: attos/aaf
- ports:
- - "8101:8101"
-
- links:
- - cassandra_container
- volumes:
- # - ./authAPI.props:/opt/app/aaf/authz-service/2.0.15/etc/authAPI.props
- - ./wait_for_host_port.sh:/tmp/wait_for_host_port.sh
- - ./data2:/data
- # - ./runaafcli.sh:/opt/app/aaf/authz-service/2.0.15/runaafcli.sh
- # - ./com.osaaf.common.props:/opt/app/aaf/authz-service/2.0.15/etc/com.osaaf.common.props
- # - ./cadi-core-1.3.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-core-1.3.0.jar
- # - ./cadi-aaf-1.3.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-aaf-1.3.0.jar
- # - ./cadi-client-1.3.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-client-1.3.0.jar
- # - ./authz-service-2.0.15.jar:/opt/app/aaf/authz-service/2.0.15/lib/authz-service-2.0.15.jar
- # - ./dme2-3.1.200.jar:/opt/app/aaf/authz-service/2.0.15/lib/dme2-3.1.200.jar
- entrypoint: ["bash", "-c", "/tmp/wait_for_host_port.sh cassandra_container 9042; sleep 20; /bin/sh -c ./startup.sh"]
- environment:
- - CASSANDRA_CLUSTER=cassandra_container
-
-
- cassandra_container:
- image: cassandra:2.1.16
- ports:
- - "7000:7000"
- - "7001:7001"
- - "9042:9042"
- - "9160:9160"
- volumes:
- - ./data:/data
- - ./wait_for_host_port.sh:/tmp/wait_for_host_port.sh
- entrypoint: ["bash", "-c", "(/tmp/wait_for_host_port.sh localhost 9042 cqlsh --file /data/init.cql -u cassandra -p cassandra localhost; cqlsh --file /data/ecomp.cql -u cassandra -p cassandra localhost) & (/docker-entrypoint.sh cassandra -f)"]
diff --git a/authz-service/src/main/resources/docker-compose/startupaaf.sh b/authz-service/src/main/resources/docker-compose/startupaaf.sh deleted file mode 100644 index b45bba5e..00000000 --- a/authz-service/src/main/resources/docker-compose/startupaaf.sh +++ /dev/null @@ -1,34 +0,0 @@ -# lji: this startup file shadows the existing extry point startup.sh file of the container -# because we need to pass in the cassandra cluster location - -LIB=/opt/app/aaf/authz-service/lib - -ETC=/opt/app/aaf/authz-service/etc -DME2REG=/opt/dme2reg - -echo "this is LIB" $LIB -echo "this is ETC" $ETC -echo "this is DME2REG" $DME2REG - -CLASSPATH=$ETC -for FILE in `find $LIB -name *.jar`; do - CLASSPATH=$CLASSPATH:$FILE -done - -FILEPATHS="/opt/app/aaf/authz-service/etc/com.osaaf.common.props /opt/app/aaf/authz-service/etc/com.osaaf.common.props" -for FILEPATH in $FILEPATHS: -do - if [ -e ${FILEPATH} ]; then - if [ -z `grep "cassandra.clusters=$CASSANDRA_CLUSTER" $FILEPATH` ]; then - echo "cassandra.clusters=$CASSANDRA_CLUSTER" >> $FILEPATH; - fi - fi -done - - -java -classpath $CLASSPATH -DDME2_EP_REGISTRY_CLASS=DME2FS -DAFT_DME2_EP_REGISTRY_FS_DIR=$DME2REG org.onap.aaf.authz.service.AuthAPI - -# keet it running so we can check fs -while sleep 2; do echo thinking; done - - diff --git a/authz-service/src/main/resources/docker-compose/sysctl.conf b/authz-service/src/main/resources/docker-compose/sysctl.conf deleted file mode 100644 index c36fd688..00000000 --- a/authz-service/src/main/resources/docker-compose/sysctl.conf +++ /dev/null @@ -1,3 +0,0 @@ -net.ipv6.conf.all.disable_ipv6=1 -net.ipv6.conf.default.disable_ipv6=1 -net.ipv6.conf.lol.disable_ipv6=1 diff --git a/authz-service/src/main/resources/docker-compose/wait_for_host_port.sh b/authz-service/src/main/resources/docker-compose/wait_for_host_port.sh deleted file mode 100644 index e4e4bf9c..00000000 --- a/authz-service/src/main/resources/docker-compose/wait_for_host_port.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -set -e - -host="$1" -port="$2" -shift -shift -cmd="$@" - -until echo > /dev/tcp/${host}/${port} ; do - >&2 echo "${host}:${port} is unavailable - sleeping" - sleep 1 -done - ->&2 echo "${host}:${port} is up - executing command" -exec $cmd diff --git a/authz-service/src/main/resources/docker/Dockerfile b/authz-service/src/main/resources/docker/Dockerfile deleted file mode 100644 index 9b229cd7..00000000 --- a/authz-service/src/main/resources/docker/Dockerfile +++ /dev/null @@ -1,9 +0,0 @@ -FROM openjdk:8-jdk
-ADD opt /opt/
-ADD authz-service.jar /opt/app/aaf/authz-service/lib/authz-service.jar
-ADD startup.sh /startup.sh
-RUN chmod 777 /startup.sh
-RUN chmod -R 777 /opt/app/aaf/authz-service/etc
-ENTRYPOINT ./startup.sh
-
-
diff --git a/authz-service/src/main/resources/docker/authAPI.props b/authz-service/src/main/resources/docker/authAPI.props deleted file mode 100644 index d1acfb07..00000000 --- a/authz-service/src/main/resources/docker/authAPI.props +++ /dev/null @@ -1,35 +0,0 @@ -##
-## AUTHZ API (authz-service) Properties
-##
-#hostname=localhost
-hostname=0.0.0.0
-# Standard AFT for THIS box, and THIS box is in St Louis. Put your own LAT/LONG in here. Use "bing.com/maps" or
-# SWMTools (geoloc for DataCenters) to get YOURs
-
-AFT_LATITUDE=32.780140
-AFT_LONGITUDE=-96.800451
-AFT_ENVIRONMENT=AFTUAT
-DEPLOYED_VERSION=2.0.SAMPLE
-
-##DME2 related parameters
-DMEServiceName=service=org.onap.aaf.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE
-
-#DME2 can limit Port Ranges with the following:
-AFT_DME2_PORT_RANGE=8101-8101,8100
-#DME2 picks any unused port in +1024 range
-#AFT_DME2_PORT=0
-AFT_DME2_ALLOW_PORT_CACHING=false
-
-
-# Point to "Common" files, used between all the AAF Services. ...
-
-
-
-#cadi_prop_files=com.osaaf.common.props;com.osaaf.props
-cadi_prop_files=opt/app/aaf/authz-service/etc/com.osaaf.common.props:opt/app/aaf/authz-service/etc/com.osaaf.props
-CACHE_HIGH_COUNT=40000
-CACHE_CLEAN_INTERVAL=60000
-
-
-
-
diff --git a/authz-service/src/main/resources/docker/com.osaaf.common.props b/authz-service/src/main/resources/docker/com.osaaf.common.props deleted file mode 100644 index e27b594d..00000000 --- a/authz-service/src/main/resources/docker/com.osaaf.common.props +++ /dev/null @@ -1,81 +0,0 @@ -############################################################ -# Properties Written by Jonathan Gathman -# on 2016-08-12T04:17:59.628-0500 -# These properties encapsulate the Verisign Public Certificates -############################################################ -# DEVELOPER ONLY SETTING!!!!! DO NOT USE on ANY BOX other than your Developer box, and it -# would be better if you got a Cert for that, and remove this! There is nothing stupider than -# an unsecured Security Service. -cadi_trust_all_x509=true - -# Public (i.e. Verisign) Key stores. -# AFT_DME2_KEYSTORE= -# AFT_DME2_KEYSTORE_PASSWORD= -# AFT_DME2_KEY_PASSWORD= -# cadi_truststore= -# cadi_truststore_password= - -# Standard for this App/Machine -aaf_env=DEV -aaf_data_dir=opt/app/aaf/authz-service/etc/data -cadi_loglevel=WARN -aaf_id=<osaaf's Application Identity> -aaf_password=enc:31-LFPNtP9Yl1DZKAz1rx8N8YfYVY8VKnnDr - -aaf_conn_timeout=6000 -aaf_timeout=10000 -aaf_user_expires=600000 -aaf_clean_interval=45000 -aaf_refresh_trigger_count=3 -aaf_high_count=30000 - -# Basic Auth -aaf_default_realm=openecomp.org -#aaf_domain_support=.org -basic_realm=openecomp.org -basic_warn=false -aaf_root_ns=org.openecomp -localhost_deny=false - - -# Cassandra -# IP:Cass DataCenter:Latitude:Longitude,IP.... -cassandra.clusters=127.0.0.1 -cassandra.clusters.port=9042 -cassandra.clusters.user=authz -cassandra.clusters.password=authz -## Exceptions from Cassandra which require resetting the Cassandra Connections -cassandra.reset.exceptions=com.datastax.driver.core.exceptions.NoHostAvailableException:"no host was tried":"Connection has been closed" - -# Consistency Settings -cassandra.writeConsistency.ns=LOCAL_QUORUM -cassandra.writeConsistency.perm=LOCAL_QUORUM -cassandra.writeConsistency.role=LOCAL_QUORUM -cassandra.writeConsistency.user_role=LOCAL_QUORUM -cassandra.writeConsistency.cred=LOCAL_QUORUM -cassandra.writeConsistency.ns_attrib=LOCAL_QUORUM - -## Supported Plugin Organizational Units -Organization.org=org.onap.aaf.osaaf.defOrg.DefaultOrg - -## Email Server settings for Def Organization. -#Sender's email ID needs to be mentioned -com.osaaf.mailFromUserId=mailid@bogus.com -com.osaaf.supportEmail=support@bogus.com -com.osaaf.mailHost=smtp.bogus.com - -# Standard AAF DME2 Props -AFT_DME2_REMOVE_PERSISTENT_CACHE_ON_STARTUP=TRUE -AFT_DME2_DISABLE_PERSISTENT_CACHE=TRUE -AFT_DME2_DISABLE_PERSISTENT_CACHE_LOAD=TRUE - -## SSL OPTIONAL ONLY IN DEVELOPMENT PC/Local... WHATEVER YOU DO, don't use this on any box than your local PC -AFT_DME2_SSL_ENABLE=false -# for when you turn on SSL... Only TLSv1.1+ is secure as of 2016 -AFT_DME2_SSL_WANT_CLIENT_AUTH=TRUE -AFT_DME2_SSL_INCLUDE_PROTOCOLS=TLSv1.1,TLSv1.2 -AFT_DME2_SSL_VALIDATE_CERTS=FALSE -AFT_DME2_CLIENT_IGNORE_SSL_CONFIG=false - -## Extra CA Trusts, for Certifiate Manager to build truststore with external CAs -cm_trust_cas=VerisignG3_CA.cer;VerisignG4_CA.cer;VerisignG5_CA.cer diff --git a/authz-service/src/main/resources/docker/com.osaaf.props b/authz-service/src/main/resources/docker/com.osaaf.props deleted file mode 100644 index 24a0add7..00000000 --- a/authz-service/src/main/resources/docker/com.osaaf.props +++ /dev/null @@ -1,9 +0,0 @@ -############################################################ -# Initial File for Generating -# on 2016-10-26T06:56:19.905-0500 -# @copyright 2016, AT&T -############################################################ -cm_url=https://<certificate manager host>:8150 -hostname=localhost -cadi_x509_issuers=CN=ATT CADI Issuing CA - Test 01, OU=CSO, O=ATT, C=US -#cadi_keyfile=keyfile diff --git a/authz-service/src/main/resources/docker/startup.sh b/authz-service/src/main/resources/docker/startup.sh deleted file mode 100644 index b45bba5e..00000000 --- a/authz-service/src/main/resources/docker/startup.sh +++ /dev/null @@ -1,34 +0,0 @@ -# lji: this startup file shadows the existing extry point startup.sh file of the container -# because we need to pass in the cassandra cluster location - -LIB=/opt/app/aaf/authz-service/lib - -ETC=/opt/app/aaf/authz-service/etc -DME2REG=/opt/dme2reg - -echo "this is LIB" $LIB -echo "this is ETC" $ETC -echo "this is DME2REG" $DME2REG - -CLASSPATH=$ETC -for FILE in `find $LIB -name *.jar`; do - CLASSPATH=$CLASSPATH:$FILE -done - -FILEPATHS="/opt/app/aaf/authz-service/etc/com.osaaf.common.props /opt/app/aaf/authz-service/etc/com.osaaf.common.props" -for FILEPATH in $FILEPATHS: -do - if [ -e ${FILEPATH} ]; then - if [ -z `grep "cassandra.clusters=$CASSANDRA_CLUSTER" $FILEPATH` ]; then - echo "cassandra.clusters=$CASSANDRA_CLUSTER" >> $FILEPATH; - fi - fi -done - - -java -classpath $CLASSPATH -DDME2_EP_REGISTRY_CLASS=DME2FS -DAFT_DME2_EP_REGISTRY_FS_DIR=$DME2REG org.onap.aaf.authz.service.AuthAPI - -# keet it running so we can check fs -while sleep 2; do echo thinking; done - - diff --git a/authz-service/src/main/resources/etc/authAPI.props b/authz-service/src/main/resources/etc/authAPI.props deleted file mode 100644 index d1acfb07..00000000 --- a/authz-service/src/main/resources/etc/authAPI.props +++ /dev/null @@ -1,35 +0,0 @@ -##
-## AUTHZ API (authz-service) Properties
-##
-#hostname=localhost
-hostname=0.0.0.0
-# Standard AFT for THIS box, and THIS box is in St Louis. Put your own LAT/LONG in here. Use "bing.com/maps" or
-# SWMTools (geoloc for DataCenters) to get YOURs
-
-AFT_LATITUDE=32.780140
-AFT_LONGITUDE=-96.800451
-AFT_ENVIRONMENT=AFTUAT
-DEPLOYED_VERSION=2.0.SAMPLE
-
-##DME2 related parameters
-DMEServiceName=service=org.onap.aaf.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE
-
-#DME2 can limit Port Ranges with the following:
-AFT_DME2_PORT_RANGE=8101-8101,8100
-#DME2 picks any unused port in +1024 range
-#AFT_DME2_PORT=0
-AFT_DME2_ALLOW_PORT_CACHING=false
-
-
-# Point to "Common" files, used between all the AAF Services. ...
-
-
-
-#cadi_prop_files=com.osaaf.common.props;com.osaaf.props
-cadi_prop_files=opt/app/aaf/authz-service/etc/com.osaaf.common.props:opt/app/aaf/authz-service/etc/com.osaaf.props
-CACHE_HIGH_COUNT=40000
-CACHE_CLEAN_INTERVAL=60000
-
-
-
-
diff --git a/authz-service/src/main/resources/etc/com.osaaf.common.props b/authz-service/src/main/resources/etc/com.osaaf.common.props deleted file mode 100644 index e27b594d..00000000 --- a/authz-service/src/main/resources/etc/com.osaaf.common.props +++ /dev/null @@ -1,81 +0,0 @@ -############################################################ -# Properties Written by Jonathan Gathman -# on 2016-08-12T04:17:59.628-0500 -# These properties encapsulate the Verisign Public Certificates -############################################################ -# DEVELOPER ONLY SETTING!!!!! DO NOT USE on ANY BOX other than your Developer box, and it -# would be better if you got a Cert for that, and remove this! There is nothing stupider than -# an unsecured Security Service. -cadi_trust_all_x509=true - -# Public (i.e. Verisign) Key stores. -# AFT_DME2_KEYSTORE= -# AFT_DME2_KEYSTORE_PASSWORD= -# AFT_DME2_KEY_PASSWORD= -# cadi_truststore= -# cadi_truststore_password= - -# Standard for this App/Machine -aaf_env=DEV -aaf_data_dir=opt/app/aaf/authz-service/etc/data -cadi_loglevel=WARN -aaf_id=<osaaf's Application Identity> -aaf_password=enc:31-LFPNtP9Yl1DZKAz1rx8N8YfYVY8VKnnDr - -aaf_conn_timeout=6000 -aaf_timeout=10000 -aaf_user_expires=600000 -aaf_clean_interval=45000 -aaf_refresh_trigger_count=3 -aaf_high_count=30000 - -# Basic Auth -aaf_default_realm=openecomp.org -#aaf_domain_support=.org -basic_realm=openecomp.org -basic_warn=false -aaf_root_ns=org.openecomp -localhost_deny=false - - -# Cassandra -# IP:Cass DataCenter:Latitude:Longitude,IP.... -cassandra.clusters=127.0.0.1 -cassandra.clusters.port=9042 -cassandra.clusters.user=authz -cassandra.clusters.password=authz -## Exceptions from Cassandra which require resetting the Cassandra Connections -cassandra.reset.exceptions=com.datastax.driver.core.exceptions.NoHostAvailableException:"no host was tried":"Connection has been closed" - -# Consistency Settings -cassandra.writeConsistency.ns=LOCAL_QUORUM -cassandra.writeConsistency.perm=LOCAL_QUORUM -cassandra.writeConsistency.role=LOCAL_QUORUM -cassandra.writeConsistency.user_role=LOCAL_QUORUM -cassandra.writeConsistency.cred=LOCAL_QUORUM -cassandra.writeConsistency.ns_attrib=LOCAL_QUORUM - -## Supported Plugin Organizational Units -Organization.org=org.onap.aaf.osaaf.defOrg.DefaultOrg - -## Email Server settings for Def Organization. -#Sender's email ID needs to be mentioned -com.osaaf.mailFromUserId=mailid@bogus.com -com.osaaf.supportEmail=support@bogus.com -com.osaaf.mailHost=smtp.bogus.com - -# Standard AAF DME2 Props -AFT_DME2_REMOVE_PERSISTENT_CACHE_ON_STARTUP=TRUE -AFT_DME2_DISABLE_PERSISTENT_CACHE=TRUE -AFT_DME2_DISABLE_PERSISTENT_CACHE_LOAD=TRUE - -## SSL OPTIONAL ONLY IN DEVELOPMENT PC/Local... WHATEVER YOU DO, don't use this on any box than your local PC -AFT_DME2_SSL_ENABLE=false -# for when you turn on SSL... Only TLSv1.1+ is secure as of 2016 -AFT_DME2_SSL_WANT_CLIENT_AUTH=TRUE -AFT_DME2_SSL_INCLUDE_PROTOCOLS=TLSv1.1,TLSv1.2 -AFT_DME2_SSL_VALIDATE_CERTS=FALSE -AFT_DME2_CLIENT_IGNORE_SSL_CONFIG=false - -## Extra CA Trusts, for Certifiate Manager to build truststore with external CAs -cm_trust_cas=VerisignG3_CA.cer;VerisignG4_CA.cer;VerisignG5_CA.cer diff --git a/authz-service/src/main/resources/etc/com.osaaf.props b/authz-service/src/main/resources/etc/com.osaaf.props deleted file mode 100644 index 24a0add7..00000000 --- a/authz-service/src/main/resources/etc/com.osaaf.props +++ /dev/null @@ -1,9 +0,0 @@ -############################################################ -# Initial File for Generating -# on 2016-10-26T06:56:19.905-0500 -# @copyright 2016, AT&T -############################################################ -cm_url=https://<certificate manager host>:8150 -hostname=localhost -cadi_x509_issuers=CN=ATT CADI Issuing CA - Test 01, OU=CSO, O=ATT, C=US -#cadi_keyfile=keyfile |