diff options
author | sg481n <sg481n@att.com> | 2017-09-15 13:06:30 -0400 |
---|---|---|
committer | sg481n <sg481n@att.com> | 2017-09-15 13:06:37 -0400 |
commit | dc5fcf12db027827a32c54089a4d064908e52dca (patch) | |
tree | c101c8e4cce9ffc5e55c27b677dab0d4a295beaf /authz-service | |
parent | 3e504757a272d3468d27bea2c20540f342520b79 (diff) |
Release docker image of AAF to onap nexus
Adding new plugins in authz-service to release aaf
docker image into ONAP nexus
Issue-id: AAF-60
Change-Id: I373f6861e3bd62f16ee3256ff56b51487af578e5
Signed-off-by: sg481n <sg481n@att.com>
Diffstat (limited to 'authz-service')
12 files changed, 584 insertions, 36 deletions
diff --git a/authz-service/pom.xml b/authz-service/pom.xml index 609967f6..ec11fb2c 100644 --- a/authz-service/pom.xml +++ b/authz-service/pom.xml @@ -54,6 +54,9 @@ <maven.test.failure.ignore>true</maven.test.failure.ignore>
<project.swmVersion>1</project.swmVersion>
<project.cadiVersion>1.0.0-SNAPSHOT</project.cadiVersion>
+ <dockerLocation>${basedir}/target/</dockerLocation>
+ <docker.registry>zlp11313.vci.att.com:5100</docker.registry>
+ <distFilesRootDirPath>opt/app/aaf/${project.artifactId}/${project.version}</distFilesRootDirPath>
<sonar.language>java</sonar.language>
<sonar.java.coveragePlugin>jacoco</sonar.java.coveragePlugin>
<sonar.surefire.reportsPath>${project.build.directory}/surefire-reports</sonar.surefire.reportsPath>
@@ -74,7 +77,11 @@ <groupId>org.onap.aaf.authz</groupId>
<artifactId>authz-client</artifactId>
</dependency>
-
+
+ <dependency>
+ <groupId>org.onap.aaf.authz</groupId>
+ <artifactId>authz-cmd</artifactId>
+ </dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authz-core</artifactId>
@@ -122,15 +129,182 @@ <dependency>
<groupId>org.onap.aaf.cadi</groupId>
<artifactId>cadi-aaf</artifactId>
- </dependency>
-
-
-
-
+ </dependency>
</dependencies>
<build>
<plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-resources-plugin</artifactId>
+ <version>2.7</version>
+ <executions>
+ <execution>
+ <id>copy-docker-file</id>
+ <phase>package</phase>
+ <goals>
+ <goal>copy-resources</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>${dockerLocation}</outputDirectory>
+ <overwrite>true</overwrite>
+ <resources>
+ <resource>
+ <directory>${basedir}/src/main/resources/docker</directory>
+ <filtering>true</filtering>
+ <includes>
+ <include>**/*</include>
+ </includes>
+ </resource>
+ </resources>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>com.spotify</groupId>
+ <artifactId>docker-maven-plugin</artifactId>
+ <version>0.4.11</version>
+ <configuration>
+ <imageName>onap/aaf/authz-service</imageName>
+ <dockerDirectory>${dockerLocation}</dockerDirectory>
+ <serverId>docker-hub</serverId>
+ <registryUrl>https://${docker.registry}</registryUrl>
+ <imageTags>
+ <imageTag>${project.version}</imageTag>
+ <imageTag>latest</imageTag>
+ </imageTags>
+ <resources>
+ <resource>
+ <targetPath>/</targetPath>
+ <directory>/${basedir}/target/opt</directory>
+ <filtering>true</filtering>
+ <includes>
+ <include>**/*</include>
+ </includes>
+ </resource>
+ </resources>
+ <forceTags>true</forceTags>
+ </configuration>
+ </plugin>
+ <plugin>
+ <artifactId>maven-resources-plugin</artifactId>
+ <version>2.7</version>
+ <executions>
+ <execution>
+ <id>copy-resources-1</id>
+ <phase>validate</phase>
+ <goals>
+ <goal>copy-resources</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>${project.build.directory}/opt/dme2reg/</outputDirectory>
+ <resources>
+ <resource>
+ <directory>${project.basedir}/src/main/resources/dme2reg/</directory>
+ <includes>
+ <include>**/*.txt</include>
+ </includes>
+ </resource>
+ </resources>
+ </configuration>
+ </execution>
+ <execution>
+ <id>copy-resources-2</id>
+ <phase>validate</phase>
+ <goals>
+ <goal>copy-resources</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>${project.build.directory}/opt/app/aaf/authz-service/${project.version}/etc</outputDirectory>
+ <resources>
+ <resource>
+ <directory>${project.basedir}/src/main/resources/etc</directory>
+ <includes>
+ <include>**/**</include>
+ </includes>
+ </resource>
+ </resources>
+ </configuration>
+ </execution>
+
+ <execution>
+ <id>copy-resources-3</id>
+ <phase>validate</phase>
+ <goals>
+ <goal>copy-resources</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>${project.build.directory}/opt/app/aaf/authz-service/${project.version}/lib</outputDirectory>
+ <resources>
+ <resource>
+ <directory>${project.basedir}/../authz-cmd/target</directory>
+ <includes>
+ <include>**/authz-cmd-1.0.0-SNAPSHOT-jar-with-dependencies.jar</include>
+ </includes>
+ </resource>
+ </resources>
+ </configuration>
+ </execution>
+ <execution>
+ <id>copy-resources-4</id>
+ <phase>validate</phase>
+ <goals>
+ <goal>copy-resources</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>${project.build.directory}/opt/app/aaf/authz-service/${project.version}</outputDirectory>
+ <resources>
+ <resource>
+ <directory>${project.basedir}/../authz-cmd</directory>
+ <includes>
+ <include>**/aafcli.sh</include>
+ </includes>
+ </resource>
+ </resources>
+ </configuration>
+ </execution>
+ <execution>
+ <id>copy-resources-5</id>
+ <phase>validate</phase>
+ <goals>
+ <goal>copy-resources</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>${project.build.directory}/opt/app/aaf/authz-service/${project.version}/etc</outputDirectory>
+ <resources>
+ <resource>
+ <directory>${project.basedir}/../authz-cmd/etc</directory>
+ <includes>
+ <include>**/**</include>
+ </includes>
+ </resource>
+ </resources>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <version>2.10</version>
+ <executions>
+ <execution>
+ <id>copy-dependencies</id>
+ <phase>package</phase>
+ <goals>
+ <goal>copy-dependencies</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>${project.build.directory}/opt/app/aaf/authz-service/${project.version}/lib</outputDirectory>
+ <overWriteReleases>false</overWriteReleases>
+ <overWriteSnapshots>false</overWriteSnapshots>
+ <overWriteIfNewer>true</overWriteIfNewer>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
diff --git a/authz-service/src/main/resources/authAPI.props b/authz-service/src/main/resources/authAPI.props deleted file mode 100644 index 6bc78699..00000000 --- a/authz-service/src/main/resources/authAPI.props +++ /dev/null @@ -1,24 +0,0 @@ -## -## AUTHZ API (authz-service) Properties -## - -hostname=_HOSTNAME_ - -## DISCOVERY (DME2) Parameters on the Command Line -AFT_LATITUDE=_AFT_LATITUDE_ -AFT_LONGITUDE=_AFT_LONGITUDE_ -AFT_ENVIRONMENT=_AFT_ENVIRONMENT_ -DEPLOYED_VERSION=_ARTIFACT_VERSION_ - -## Pull in common/security properties - -cadi_prop_files=_COMMON_DIR_/com.att.aaf.common.props;_COMMON_DIR_/com.att.aaf.props - -##DME2 related parameters - -DMEServiceName=service=com.att.authz.AuthorizationService/version=_MAJOR_VER_._MINOR_VER_._PATCH_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_ -AFT_DME2_PORT_RANGE=_AUTHZ_SERVICE_PORT_RANGE_ - - -CACHE_HIGH_COUNT=20000 -CACHE_CLEAN_INTERVAL=60000
\ No newline at end of file diff --git a/authz-service/src/main/resources/dme2reg/service=org.onap.aaf.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE.txt b/authz-service/src/main/resources/dme2reg/service=org.onap.aaf.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE.txt new file mode 100644 index 00000000..b88df64e --- /dev/null +++ b/authz-service/src/main/resources/dme2reg/service=org.onap.aaf.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE.txt @@ -0,0 +1,8 @@ +# +#Wed Nov 30 23:48:45 EST 2016 +alcdtl15rj6015,60498=latitude\=32.78014;longitude\=-96.800451;lease\=1480372013837;protocol\=http;contextPath\=/;routeOffer\=BAU_SE +ALCDTL46RJ6015,55998=latitude\=32.78014;longitude\=-96.800451;lease\=1479687428093;protocol\=http;contextPath\=/;routeOffer\=BAU_SE +localhost,42246=latitude\=32.78014;longitude\=-96.800451;lease\=1478985613892;protocol\=http;contextPath\=/;routeOffer\=BAU_SE +localhost,39157=latitude\=32.78014;longitude\=-96.800451;lease\=1478811101528;protocol\=http;contextPath\=/;routeOffer\=BAU_SE +alcdtl15rj6015,55889=latitude\=32.78014;longitude\=-96.800451;lease\=1480371829514;protocol\=http;contextPath\=/;routeOffer\=BAU_SE +localhost,36473=latitude\=32.78014;longitude\=-96.800451;lease\=1478801682319;protocol\=http;contextPath\=/;routeOffer\=BAU_SE diff --git a/authz-service/src/main/resources/docker/Dockerfile b/authz-service/src/main/resources/docker/Dockerfile new file mode 100644 index 00000000..6894ed8a --- /dev/null +++ b/authz-service/src/main/resources/docker/Dockerfile @@ -0,0 +1,9 @@ +FROM openjdk:8-jdk
+ADD opt /opt/
+ADD authz-service-1.0.0-SNAPSHOT.jar /opt/app/aaf/authz-service/1.0.0-SNAPSHOT/lib/authz-service-1.0.0-SNAPSHOT.jar
+ADD startup.sh /startup.sh
+RUN chmod 777 /startup.sh
+RUN chmod -R 777 /opt/app/aaf/authz-service/1.0.0-SNAPSHOT/etc
+ENTRYPOINT ./startup.sh
+
+
diff --git a/authz-service/src/main/resources/docker/authAPI.props b/authz-service/src/main/resources/docker/authAPI.props new file mode 100644 index 00000000..f8c1b400 --- /dev/null +++ b/authz-service/src/main/resources/docker/authAPI.props @@ -0,0 +1,111 @@ +##
+## AUTHZ API (authz-service) Properties
+##
+#hostname=localhost
+hostname=0.0.0.0
+# Standard AFT for THIS box, and THIS box is in St Louis. Put your own LAT/LONG in here. Use "bing.com/maps" or
+# SWMTools (geoloc for DataCenters) to get YOURs
+
+AFT_LATITUDE=32.780140
+AFT_LONGITUDE=-96.800451
+AFT_ENVIRONMENT=AFTUAT
+DEPLOYED_VERSION=2.0.SAMPLE
+
+##DME2 related parameters
+DMEServiceName=service=org.onap.aaf.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE
+
+#DME2 can limit Port Ranges with the following:
+#AFT_DME2_PORT_RANGE=8101-8029,8100
+#DME2 picks any unused port in +1024 range
+#AFT_DME2_PORT=0
+AFT_DME2_ALLOW_PORT_CACHING=false
+aaf_root_ns=org.openecomp
+
+# Point to "Common" files, used between all the AAF Services. ...
+
+# DEVELOPER ONLY SETTING!!!!! DO NOT USE on ANY BOX other than your Developer box, and it
+# would be better if you got a Cert for that, and remove this! There is nothing stupider than
+# an unsecured Security Service.
+cadi_trust_all_x509=true
+
+# Public (i.e. Verisign) Key stores.
+# AFT_DME2_KEYSTORE=
+# AFT_DME2_KEYSTORE_PASSWORD=
+# AFT_DME2_KEY_PASSWORD=
+# cadi_truststore=
+# cadi_truststore_password=
+
+# Standard for this App/Machine
+aaf_env=DEV
+aaf_data_dir=../data
+cadi_loglevel=WARN
+aaf_id=<osaaf's Application Identity>
+aaf_password=enc:31-LFPNtP9Yl1DZKAz1rx8N8YfYVY8VKnnDr
+
+aaf_conn_timeout=6000
+aaf_timeout=10000
+aaf_user_expires=600000
+aaf_clean_interval=45000
+aaf_refresh_trigger_count=3
+aaf_high_count=30000
+
+# Basic Auth
+aaf_default_realm=openecomp.org
+#aaf_domain_support=.org
+basic_realm=openecomp.org
+basic_warn=false
+aaf_root_ns=org.openecomp
+localhost_deny=false
+
+
+# Cassandra
+# IP:Cass DataCenter:Latitude:Longitude,IP....
+cassandra.clusters=127.0.0.1
+cassandra.clusters.port=9042
+cassandra.clusters.user=authz
+cassandra.clusters.password=authz
+## Exceptions from Cassandra which require resetting the Cassandra Connections
+cassandra.reset.exceptions=com.datastax.driver.core.exceptions.NoHostAvailableException:"no host was tried":"Connection has been closed"
+
+# Consistency Settings
+cassandra.writeConsistency.ns=LOCAL_QUORUM
+cassandra.writeConsistency.perm=LOCAL_QUORUM
+cassandra.writeConsistency.role=LOCAL_QUORUM
+cassandra.writeConsistency.user_role=LOCAL_QUORUM
+cassandra.writeConsistency.cred=LOCAL_QUORUM
+cassandra.writeConsistency.ns_attrib=LOCAL_QUORUM
+
+## Supported Plugin Organizational Units
+Organization.com.osaaf=org.onap.aaf.osaaf.defOrg.DefaultOrg
+
+## Email Server settings for Def Organization.
+#Sender's email ID needs to be mentioned
+com.osaaf.mailFromUserId=mailid@bogus.com
+com.osaaf.supportEmail=support@bogus.com
+com.osaaf.mailHost=smtp.bogus.com
+
+# Standard AAF DME2 Props
+AFT_DME2_REMOVE_PERSISTENT_CACHE_ON_STARTUP=TRUE
+AFT_DME2_DISABLE_PERSISTENT_CACHE=TRUE
+AFT_DME2_DISABLE_PERSISTENT_CACHE_LOAD=TRUE
+
+## SSL OPTIONAL ONLY IN DEVELOPMENT PC/Local... WHATEVER YOU DO, don't use this on any box than your local PC
+AFT_DME2_SSL_ENABLE=false
+# for when you turn on SSL... Only TLSv1.1+ is secure as of 2016
+AFT_DME2_SSL_WANT_CLIENT_AUTH=TRUE
+AFT_DME2_SSL_INCLUDE_PROTOCOLS=TLSv1.1,TLSv1.2
+AFT_DME2_SSL_VALIDATE_CERTS=FALSE
+AFT_DME2_CLIENT_IGNORE_SSL_CONFIG=false
+
+## Extra CA Trusts, for Certifiate Manager to build truststore with external CAs
+cm_trust_cas=VerisignG3_CA.cer;VerisignG4_CA.cer;VerisignG5_CA.cer
+
+
+#cadi_prop_files=com.osaaf.common.props;com.osaaf.props
+cadi_prop_files=opt/app/aaf/authz-service/1.0.0-SNAPSHOT/etc/com.osaaf.common.props;opt/app/aaf/authz-service/1.0.0-SNAPSHOT/etc/com.osaaf.props
+CACHE_HIGH_COUNT=40000
+CACHE_CLEAN_INTERVAL=60000
+
+
+
+
diff --git a/authz-service/src/main/resources/docker/com.osaaf.common.props b/authz-service/src/main/resources/docker/com.osaaf.common.props new file mode 100644 index 00000000..5bf127ce --- /dev/null +++ b/authz-service/src/main/resources/docker/com.osaaf.common.props @@ -0,0 +1,81 @@ +############################################################ +# Properties Written by Jonathan Gathman +# on 2016-08-12T04:17:59.628-0500 +# These properties encapsulate the Verisign Public Certificates +############################################################ +# DEVELOPER ONLY SETTING!!!!! DO NOT USE on ANY BOX other than your Developer box, and it +# would be better if you got a Cert for that, and remove this! There is nothing stupider than +# an unsecured Security Service. +cadi_trust_all_x509=true + +# Public (i.e. Verisign) Key stores. +# AFT_DME2_KEYSTORE= +# AFT_DME2_KEYSTORE_PASSWORD= +# AFT_DME2_KEY_PASSWORD= +# cadi_truststore= +# cadi_truststore_password= + +# Standard for this App/Machine +aaf_env=DEV +aaf_data_dir=../data +cadi_loglevel=WARN +aaf_id=<osaaf's Application Identity> +aaf_password=enc:31-LFPNtP9Yl1DZKAz1rx8N8YfYVY8VKnnDr + +aaf_conn_timeout=6000 +aaf_timeout=10000 +aaf_user_expires=600000 +aaf_clean_interval=45000 +aaf_refresh_trigger_count=3 +aaf_high_count=30000 + +# Basic Auth +aaf_default_realm=openecomp.org +#aaf_domain_support=.org +basic_realm=openecomp.org +basic_warn=false +aaf_root_ns=org.openecomp +localhost_deny=false + + +# Cassandra +# IP:Cass DataCenter:Latitude:Longitude,IP.... +cassandra.clusters=127.0.0.1 +cassandra.clusters.port=9042 +cassandra.clusters.user=authz +cassandra.clusters.password=authz +## Exceptions from Cassandra which require resetting the Cassandra Connections +cassandra.reset.exceptions=com.datastax.driver.core.exceptions.NoHostAvailableException:"no host was tried":"Connection has been closed" + +# Consistency Settings +cassandra.writeConsistency.ns=LOCAL_QUORUM +cassandra.writeConsistency.perm=LOCAL_QUORUM +cassandra.writeConsistency.role=LOCAL_QUORUM +cassandra.writeConsistency.user_role=LOCAL_QUORUM +cassandra.writeConsistency.cred=LOCAL_QUORUM +cassandra.writeConsistency.ns_attrib=LOCAL_QUORUM + +## Supported Plugin Organizational Units +Organization.com.osaaf=org.onap.aaf.osaaf.defOrg.DefaultOrg + +## Email Server settings for Def Organization. +#Sender's email ID needs to be mentioned +com.osaaf.mailFromUserId=mailid@bogus.com +com.osaaf.supportEmail=support@bogus.com +com.osaaf.mailHost=smtp.bogus.com + +# Standard AAF DME2 Props +AFT_DME2_REMOVE_PERSISTENT_CACHE_ON_STARTUP=TRUE +AFT_DME2_DISABLE_PERSISTENT_CACHE=TRUE +AFT_DME2_DISABLE_PERSISTENT_CACHE_LOAD=TRUE + +## SSL OPTIONAL ONLY IN DEVELOPMENT PC/Local... WHATEVER YOU DO, don't use this on any box than your local PC +AFT_DME2_SSL_ENABLE=false +# for when you turn on SSL... Only TLSv1.1+ is secure as of 2016 +AFT_DME2_SSL_WANT_CLIENT_AUTH=TRUE +AFT_DME2_SSL_INCLUDE_PROTOCOLS=TLSv1.1,TLSv1.2 +AFT_DME2_SSL_VALIDATE_CERTS=FALSE +AFT_DME2_CLIENT_IGNORE_SSL_CONFIG=false + +## Extra CA Trusts, for Certifiate Manager to build truststore with external CAs +cm_trust_cas=VerisignG3_CA.cer;VerisignG4_CA.cer;VerisignG5_CA.cer diff --git a/authz-service/src/main/resources/docker/com.osaaf.props b/authz-service/src/main/resources/docker/com.osaaf.props new file mode 100644 index 00000000..24a0add7 --- /dev/null +++ b/authz-service/src/main/resources/docker/com.osaaf.props @@ -0,0 +1,9 @@ +############################################################ +# Initial File for Generating +# on 2016-10-26T06:56:19.905-0500 +# @copyright 2016, AT&T +############################################################ +cm_url=https://<certificate manager host>:8150 +hostname=localhost +cadi_x509_issuers=CN=ATT CADI Issuing CA - Test 01, OU=CSO, O=ATT, C=US +#cadi_keyfile=keyfile diff --git a/authz-service/src/main/resources/docker/startup.sh b/authz-service/src/main/resources/docker/startup.sh new file mode 100644 index 00000000..7b18f9dc --- /dev/null +++ b/authz-service/src/main/resources/docker/startup.sh @@ -0,0 +1,21 @@ + +LIB=/opt/app/aaf/authz-service/1.0.0-SNAPSHOT/lib + +ETC=/opt/app/aaf/authz-service/1.0.0-SNAPSHOT/etc +DME2REG=/opt/dme2reg + +echo "this is LIB" $LIB +echo "this is ETC" $ETC +echo "this is DME2REG" $DME2REG + +CLASSPATH=$ETC +for FILE in `find $LIB -name *.jar`; do + CLASSPATH=$CLASSPATH:$FILE +done +java -classpath $CLASSPATH -DDME2_EP_REGISTRY_CLASS=DME2FS -DAFT_DME2_EP_REGISTRY_FS_DIR=$DME2REG org.onap.aaf.authz.service.AuthAPI + + + + + + diff --git a/authz-service/src/main/resources/etc/authAPI.props b/authz-service/src/main/resources/etc/authAPI.props new file mode 100644 index 00000000..f0dbc8be --- /dev/null +++ b/authz-service/src/main/resources/etc/authAPI.props @@ -0,0 +1,59 @@ +##
+## AUTHZ API (authz-service) Properties
+##
+#hostname=localhost
+hostname=0.0.0.0
+# Standard AFT for THIS box, and THIS box is in St Louis. Put your own LAT/LONG in here. Use "bing.com/maps" or
+# SWMTools (geoloc for DataCenters) to get YOURs
+
+AFT_LATITUDE=32.780140
+AFT_LONGITUDE=-96.800451
+AFT_ENVIRONMENT=AFTUAT
+DEPLOYED_VERSION=2.0.SAMPLE
+
+##DME2 related parameters
+DMEServiceName=service=org.onap.aaf.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE
+
+#DME2 can limit Port Ranges with the following:
+#AFT_DME2_PORT_RANGE=8101-8029,8100
+#DME2 picks any unused port in +1024 range
+#AFT_DME2_PORT=0
+AFT_DME2_ALLOW_PORT_CACHING=false
+aaf_root_ns=org.openecomp
+
+# Point to "Common" files, used between all the AAF Services. ...
+
+
+
+
+# Cassandra
+# IP:Cass DataCenter:Latitude:Longitude,IP....
+cassandra.clusters=127.0.0.1
+cassandra.clusters.port=9042
+cassandra.clusters.user=authz
+cassandra.clusters.password=authz
+## Exceptions from Cassandra which require resetting the Cassandra Connections
+cassandra.reset.exceptions=com.datastax.driver.core.exceptions.NoHostAvailableException:"no host was tried":"Connection has been closed"
+
+# Consistency Settings
+cassandra.writeConsistency.ns=LOCAL_QUORUM
+cassandra.writeConsistency.perm=LOCAL_QUORUM
+cassandra.writeConsistency.role=LOCAL_QUORUM
+cassandra.writeConsistency.user_role=LOCAL_QUORUM
+cassandra.writeConsistency.cred=LOCAL_QUORUM
+cassandra.writeConsistency.ns_attrib=LOCAL_QUORUM
+
+## Supported Plugin Organizational Units
+Organization.com.osaaf=org.onap.aaf.osaaf.defOrg.DefaultOrg
+
+
+
+
+#cadi_prop_files=com.osaaf.common.props;com.osaaf.props
+cadi_prop_files=opt/app/aaf/authz-service/1.0.0-SNAPSHOT/etc/com.osaaf.common.props;opt/app/aaf/authz-service/1.0.0-SNAPSHOT/etc/com.osaaf.props
+CACHE_HIGH_COUNT=40000
+CACHE_CLEAN_INTERVAL=60000
+
+
+
+
diff --git a/authz-service/src/main/resources/etc/com.osaaf.common.props b/authz-service/src/main/resources/etc/com.osaaf.common.props new file mode 100644 index 00000000..5bf127ce --- /dev/null +++ b/authz-service/src/main/resources/etc/com.osaaf.common.props @@ -0,0 +1,81 @@ +############################################################ +# Properties Written by Jonathan Gathman +# on 2016-08-12T04:17:59.628-0500 +# These properties encapsulate the Verisign Public Certificates +############################################################ +# DEVELOPER ONLY SETTING!!!!! DO NOT USE on ANY BOX other than your Developer box, and it +# would be better if you got a Cert for that, and remove this! There is nothing stupider than +# an unsecured Security Service. +cadi_trust_all_x509=true + +# Public (i.e. Verisign) Key stores. +# AFT_DME2_KEYSTORE= +# AFT_DME2_KEYSTORE_PASSWORD= +# AFT_DME2_KEY_PASSWORD= +# cadi_truststore= +# cadi_truststore_password= + +# Standard for this App/Machine +aaf_env=DEV +aaf_data_dir=../data +cadi_loglevel=WARN +aaf_id=<osaaf's Application Identity> +aaf_password=enc:31-LFPNtP9Yl1DZKAz1rx8N8YfYVY8VKnnDr + +aaf_conn_timeout=6000 +aaf_timeout=10000 +aaf_user_expires=600000 +aaf_clean_interval=45000 +aaf_refresh_trigger_count=3 +aaf_high_count=30000 + +# Basic Auth +aaf_default_realm=openecomp.org +#aaf_domain_support=.org +basic_realm=openecomp.org +basic_warn=false +aaf_root_ns=org.openecomp +localhost_deny=false + + +# Cassandra +# IP:Cass DataCenter:Latitude:Longitude,IP.... +cassandra.clusters=127.0.0.1 +cassandra.clusters.port=9042 +cassandra.clusters.user=authz +cassandra.clusters.password=authz +## Exceptions from Cassandra which require resetting the Cassandra Connections +cassandra.reset.exceptions=com.datastax.driver.core.exceptions.NoHostAvailableException:"no host was tried":"Connection has been closed" + +# Consistency Settings +cassandra.writeConsistency.ns=LOCAL_QUORUM +cassandra.writeConsistency.perm=LOCAL_QUORUM +cassandra.writeConsistency.role=LOCAL_QUORUM +cassandra.writeConsistency.user_role=LOCAL_QUORUM +cassandra.writeConsistency.cred=LOCAL_QUORUM +cassandra.writeConsistency.ns_attrib=LOCAL_QUORUM + +## Supported Plugin Organizational Units +Organization.com.osaaf=org.onap.aaf.osaaf.defOrg.DefaultOrg + +## Email Server settings for Def Organization. +#Sender's email ID needs to be mentioned +com.osaaf.mailFromUserId=mailid@bogus.com +com.osaaf.supportEmail=support@bogus.com +com.osaaf.mailHost=smtp.bogus.com + +# Standard AAF DME2 Props +AFT_DME2_REMOVE_PERSISTENT_CACHE_ON_STARTUP=TRUE +AFT_DME2_DISABLE_PERSISTENT_CACHE=TRUE +AFT_DME2_DISABLE_PERSISTENT_CACHE_LOAD=TRUE + +## SSL OPTIONAL ONLY IN DEVELOPMENT PC/Local... WHATEVER YOU DO, don't use this on any box than your local PC +AFT_DME2_SSL_ENABLE=false +# for when you turn on SSL... Only TLSv1.1+ is secure as of 2016 +AFT_DME2_SSL_WANT_CLIENT_AUTH=TRUE +AFT_DME2_SSL_INCLUDE_PROTOCOLS=TLSv1.1,TLSv1.2 +AFT_DME2_SSL_VALIDATE_CERTS=FALSE +AFT_DME2_CLIENT_IGNORE_SSL_CONFIG=false + +## Extra CA Trusts, for Certifiate Manager to build truststore with external CAs +cm_trust_cas=VerisignG3_CA.cer;VerisignG4_CA.cer;VerisignG5_CA.cer diff --git a/authz-service/src/main/resources/etc/com.osaaf.props b/authz-service/src/main/resources/etc/com.osaaf.props new file mode 100644 index 00000000..24a0add7 --- /dev/null +++ b/authz-service/src/main/resources/etc/com.osaaf.props @@ -0,0 +1,9 @@ +############################################################ +# Initial File for Generating +# on 2016-10-26T06:56:19.905-0500 +# @copyright 2016, AT&T +############################################################ +cm_url=https://<certificate manager host>:8150 +hostname=localhost +cadi_x509_issuers=CN=ATT CADI Issuing CA - Test 01, OU=CSO, O=ATT, C=US +#cadi_keyfile=keyfile diff --git a/authz-service/start.sh b/authz-service/start.sh index 8d247c23..7b18f9dc 100644 --- a/authz-service/start.sh +++ b/authz-service/start.sh @@ -1,11 +1,21 @@ -DIR=`pwd` -LIB=$DIR/target/swm/package/nix/dist_files/opt/app/aaf/authz-service/2.0.15/lib -ETC=$DIR/src/main/sample -DME2REG=$DIR/../dme2reg + +LIB=/opt/app/aaf/authz-service/1.0.0-SNAPSHOT/lib + +ETC=/opt/app/aaf/authz-service/1.0.0-SNAPSHOT/etc +DME2REG=/opt/dme2reg + +echo "this is LIB" $LIB +echo "this is ETC" $ETC +echo "this is DME2REG" $DME2REG CLASSPATH=$ETC -for FILE in `find $LIB -depth 1 -name *.jar`; do +for FILE in `find $LIB -name *.jar`; do CLASSPATH=$CLASSPATH:$FILE done -java -classpath $CLASSPATH -DDME2_EP_REGISTRY_CLASS=DME2FS -DAFT_DME2_EP_REGISTRY_FS_DIR=$DME2REG com.att.authz.service.AuthAPI +java -classpath $CLASSPATH -DDME2_EP_REGISTRY_CLASS=DME2FS -DAFT_DME2_EP_REGISTRY_FS_DIR=$DME2REG org.onap.aaf.authz.service.AuthAPI + + + + + |