diff options
35 files changed, 361 insertions, 279 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java index d05f38c5..0120ba40 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java @@ -4,7 +4,7 @@ * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. * =========================================================================== - * Modifications Copyright (C) 2018 IBM. + * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -84,21 +84,16 @@ public class LastNotified { * * @param user * @param target - * @param target_key + * @param targetkey * @return */ - public Date lastNotified(String user, String target, String target_key) { - String key = user + '|' + target + '|' + target_key; + public Date lastNotified(String user, String target, String targetkey) { + String key = user + '|' + target + '|' + targetkey; return lastNotified(key); } public Date lastNotified(String key) { - Date rv = lastNotified.get(key); - if(rv==null) { - rv = never; - lastNotified.put(key, rv); - } - return rv; + return lastNotified.computeIfAbsent(key, k -> never); } private Date add(ResultSet result, Map<String, Date> lastNotified, MarkDelete md) { @@ -124,8 +119,8 @@ public class LastNotified { } private interface MarkDelete { - public boolean process(String fullKey, Date last); - }; + boolean process(String fullKey, Date last); + } private void startQuery(StringBuilder query) { query.append(SELECT + " WHERE user in ("); diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java index 5a5fada2..51bf594a 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java @@ -178,11 +178,6 @@ public class Function { */ public Result<Void> createNS(AuthzTrans trans, Namespace namespace, boolean fromApproval) { Result<?> rq; -// if (namespace.name.endsWith(Question.DOT_ADMIN) -// || namespace.name.endsWith(Question.DOT_OWNER)) { -// return Result.err(Status.ERR_BadData, -// "'admin' and 'owner' are reserved names in AAF"); -// } try { for (String u : namespace.owner) { @@ -264,9 +259,6 @@ public class Function { // or helpful for Operations folks.. // Admins can be empty, because they can be changed by lower level // NSs - // if (ns.admin(false).isEmpty()) { - // ns.admin(true).add(user); - // } if (namespace.admin != null) { for (String u : namespace.admin) { if ((r = checkValidID(trans, now, u)).notOK()) { @@ -413,10 +405,8 @@ public class Function { pdd.type = delP2; if ((rq = q.permDAO.delete(trans, pdd, false)).notOK()) { eb.log(rq); - // } else { // Need to invalidate directly, because we're // switching places in NS, not normal cache behavior - // q.permDAO.invalidate(trans,pdd); } } else { eb.log(rq); @@ -951,7 +941,7 @@ public class Function { return Result.err(rnsd); } } else { - rnsd = q.deriveNs(trans, perm.ns); + q.deriveNs(trans, perm.ns); } // Does Child exist? @@ -1365,12 +1355,10 @@ public class Function { Result<UserRoleDAO.Data> udr = q.userRoleDAO.create(trans, urData); - switch (udr.status) { - case OK: + if (udr.status == OK) { return Result.ok(); - default: - return Result.err(udr); } + return Result.err(udr); } public Result<Void> addUserRole(AuthzTrans trans, String user, String ns, String rname) { @@ -1497,7 +1485,7 @@ public class Function { // User Future ID as ticket for Approvals final UUID ticket = fr.value.id; sb.append(", Approvals: "); - Boolean first[] = new Boolean[]{true}; + Boolean[] first = new Boolean[]{true}; if (op!=FUTURE_OP.A) { for (Identity u : approvers) { Result<ApprovalDAO.Data> r = addIdentity(trans,sb,first,user,data.memo,op,u,ticket,org.getApproverType()); @@ -1597,15 +1585,13 @@ public class Function { case "denied": aDenial=true; break; + default: + break; } } Result<OP_STATUS> ros=null; if (aDenial) { - // Note: Denial will be Audit-logged. -// for (ApprovalDAO.Data ad : allApprovalsForTicket.value) { -// q.approvalDAO.delete(trans, ad, false); -// } ros = OP_STATUS.RD; if (q.futureDAO.delete(trans, curr, false).notOK()) { trans.info().printf("Future %s could not be deleted", curr.id.toString()); @@ -1699,11 +1685,8 @@ public class Function { } else if (FOP_NS.equalsIgnoreCase(curr.target)) { Namespace namespace = new Namespace(); namespace.reconstitute(curr.construct); - switch(fop) { - case C: - ros = set(OP_STATUS.RE,createNS(trans, namespace, true)); - break; - default: + if (fop == FUTURE_OP.C) { + ros = set(OP_STATUS.RE, createNS(trans, namespace, true)); } } else if (FOP_DELEGATE.equalsIgnoreCase(curr.target)) { DelegateDAO.Data data = new DelegateDAO.Data(); @@ -1720,11 +1703,8 @@ public class Function { } else if (FOP_CRED.equalsIgnoreCase(curr.target)) { CredDAO.Data data = new CredDAO.Data(); data.reconstitute(curr.construct); - switch(fop) { - case C: - ros = set(OP_STATUS.RE,q.credDAO.dao().create(trans, data)); - break; - default: + if (fop == FUTURE_OP.C) { + ros = set(OP_STATUS.RE, q.credDAO.dao().create(trans, data)); } } } catch (Exception e) { diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java index 81debc05..bd77bee6 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java @@ -73,8 +73,11 @@ public class DirectAAFLocator extends AbsAAFLocator<AuthzTrans> { } try { - RegistrationPropHolder rph = new RegistrationPropHolder(access,0); - String aaf_url = rph.replacements(getClass().getSimpleName(),"https://"+Config.AAF_LOCATE_URL_TAG+"/%CNS."+name, null,null); + String aaf_url = access.getProperty(Config.AAF_URL, null); + if(aaf_url==null) { + RegistrationPropHolder rph = new RegistrationPropHolder(access,0); + aaf_url = rph.replacements(getClass().getSimpleName(),"https://"+Config.AAF_LOCATE_URL_TAG+"/%NS."+name, null,null); + } //access.getProperty("/locate/"+name+':'+version; access.printf(Level.INIT,"Creating DirectAAFLocator to %s",aaf_url); uri = new URI(aaf_url); diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java index cc9ccf98..d41f0cf3 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java @@ -38,7 +38,6 @@ public class Cred extends Cmd { public static final String ATTEMPT_FAILED_SPECIFICS_WITHELD = "Attempt Failed. Specifics witheld."; private static final String CRED_PATH = "/authn/cred"; private static final String[] options = {"add","del","reset","extend"/*,"clean"*/}; -// private Clean clean; public Cred(User parent) { super(parent,"cred", new Param(optionsToString(options),true), @@ -46,7 +45,6 @@ public class Cred extends Cmd { new Param("password (! D|E)",false), new Param("entry# (if multi)",false) ); -// clean = new Clean(this); } @Override @@ -62,11 +60,10 @@ public class Cred extends Cmd { cr.setPassword(args[idx++]); } if (args.length>idx) - cr.setEntry(args[idx++]); + cr.setEntry(args[idx]); // Set Start/End commands setStartEnd(cr); -// final int cleanIDX = _idx+1; Integer ret = same(new Retryable<Integer>() { @Override public Integer code(Rcli<?> client) throws CadiException, APIException { @@ -82,7 +79,6 @@ public class Cred extends Cmd { verb = "Added Credential ["; break; case 1: -// if (aafcli.addForce())cr.setForce("TRUE"); setQueryParamsOn(client); fp = client.delete(CRED_PATH, getDF(CredRequest.class), @@ -106,8 +102,8 @@ public class Cred extends Cmd { ); verb = "Extended Credential ["; break; -// case 4: -// return clean.exec(cleanIDX, args); + default: + break; } if (fp==null) { return null; // get by Sonar check. diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java index 7b0c1204..80c6d825 100644 --- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java +++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java @@ -25,10 +25,6 @@ package org.onap.aaf.auth.cmd.test.perm; import static org.mockito.Matchers.any; import static org.mockito.Mockito.when; -import org.junit.Before; - -import org.onap.aaf.auth.cmd.test.HMangrStub; - import java.io.ByteArrayOutputStream; import java.io.PrintStream; import java.io.Writer; @@ -36,6 +32,7 @@ import java.net.HttpURLConnection; import java.net.URI; import java.net.URISyntaxException; +import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; @@ -44,6 +41,7 @@ import org.mockito.runners.MockitoJUnitRunner; import org.onap.aaf.auth.cmd.AAFcli; import org.onap.aaf.auth.cmd.ns.Create; import org.onap.aaf.auth.cmd.ns.NS; +import org.onap.aaf.auth.cmd.test.HMangrStub; import org.onap.aaf.auth.env.AuthzEnv; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.Locator; diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java index d8e8914e..064a8a5c 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java @@ -128,7 +128,7 @@ public class AAF_GUI extends AbsService<AuthzEnv, AuthzTrans> implements State<E deployedVersion = access.getProperty(Config.AAF_RELEASE, "N/A:2.x"); // Certificate Manager - cmCon = new AAFConHttp(env.access(),Config.CM_URL); + cmCon = new AAFConHttp(env.access(),Config.AAF_URL_CM); artifactsDF = env.newDataFactory(Artifacts.class); certInfoDF = env.newDataFactory(CertInfo.class); diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsDetail.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsDetail.java index 5d1d0219..16a6c940 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsDetail.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsDetail.java @@ -65,7 +65,7 @@ public class NsDetail extends Page { private static final String BLANK = ""; private static Slot keySlot; private static Model model; - private static String gw_url; + private static String locate_url; public NsDetail(final AAF_GUI gui, Page ... breadcrumbs) throws APIException, IOException { @@ -75,11 +75,11 @@ public class NsDetail extends Page { ); model.set(this); keySlot = gui.env.slot(NAME+".ns"); - gw_url = gui.env.getProperty(Config.GW_URL); - if (gw_url==null) { - gw_url=""; + locate_url = gui.env.getProperty(Config.AAF_LOCATE_URL); + if (locate_url==null) { + locate_url=""; } else { - gw_url+="/aaf/"+Config.AAF_DEFAULT_API_VERSION; + locate_url+="/aaf/"+Config.AAF_DEFAULT_API_VERSION; } } @@ -217,7 +217,7 @@ public class NsDetail extends Page { AbsCell label = (i==0?new TextCell(sentenceCase(field)+":","style=width:20%"):AbsCell.Null); String perm = values.get(i); String[] fields = perm.split("\\|"); - String grantLink = gw_url + String grantLink = locate_url + PermGrantForm.HREF + "?type=" + fields[0].trim() + "&instance=" + fields[1].trim() diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java index a5e12f52..26bdb695 100644 --- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java +++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java @@ -23,6 +23,7 @@ package org.onap.aaf.auth.locate; import java.net.URI; +import java.net.UnknownHostException; import java.util.Map; import javax.servlet.Filter; @@ -58,6 +59,7 @@ import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm; import org.onap.aaf.cadi.aaf.v2_0.AAFTrustChecker; import org.onap.aaf.cadi.aaf.v2_0.AbsAAFLocator; import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.config.RegistrationPropHolder; import org.onap.aaf.cadi.register.Registrant; import org.onap.aaf.misc.env.APIException; import org.onap.aaf.misc.env.Data; @@ -180,7 +182,7 @@ public class AAF_Locate extends AbsService<AuthzEnv, AuthzTrans> { protected AAFConHttp _newAAFConHttp() throws CadiException { try { if (dal==null) { - dal = AbsAAFLocator.create("%CNS.%AAF_NS.service",Config.AAF_DEFAULT_API_VERSION); + dal = AbsAAFLocator.create("%AAF_NS.service",Config.AAF_DEFAULT_API_VERSION); } // utilize pre-constructed DirectAAFLocator return new AAFConHttp(env.access(),dal); @@ -191,7 +193,14 @@ public class AAF_Locate extends AbsService<AuthzEnv, AuthzTrans> { public Locator<URI> getGUILocator() throws LocatorException { if (gui_locator==null) { - gui_locator = AbsAAFLocator.create("AAF_NS.gui",Config.AAF_DEFAULT_API_VERSION); + RegistrationPropHolder rph; + try { + rph = new RegistrationPropHolder(access, 0); + } catch (UnknownHostException | CadiException e) { + throw new LocatorException(e); + } + gui_locator = AbsAAFLocator.create(rph.getPublicEntryName("gui", rph.default_container), + Config.AAF_DEFAULT_API_VERSION); } return gui_locator; } diff --git a/auth/docker/.gitignore b/auth/docker/.gitignore index 30b97d74..fb1f79ea 100644 --- a/auth/docker/.gitignore +++ b/auth/docker/.gitignore @@ -12,3 +12,4 @@ /*.jar /*.jks /sdnc +/working diff --git a/auth/helm/aaf-hello/templates/aaf-hello.yaml b/auth/helm/aaf-hello/templates/aaf-hello.yaml index 787f32d5..e19b5997 100644 --- a/auth/helm/aaf-hello/templates/aaf-hello.yaml +++ b/auth/helm/aaf-hello/templates/aaf-hello.yaml @@ -63,38 +63,37 @@ spec: name: aaf-hello-vol command: ["bash","-c","cd /opt/app/osaaf/local && /opt/app/aaf_config/bin/agent.sh place aaf@aaf.osaaf.org aaf-hello "] env: - - name: "AAF_ENV" + - name: aaf_env value: "{{ .Values.cadi.aaf_env }}" - - name: "AAF_FQDN" - value: "aaf-locate.{{ .Release.Namespace }}" + - name: cadi_latitude + value: "{{ .Values.cadi.cadi_latitude }}" + - name: cadi_longitude + value: "{{ .Values.cadi.cadi_longitude }}" + - name: aaf_locator_container + value: "helm" + - name: aaf_locator_container_ns + value: "{{ .Release.Namespace }}" + - name: aaf_locate_url + value: "https://aaf-locate.{{ .Release.Namespace }}:8095" + - name: aaf_locator_app_ns + value: "org.osaaf.aaf" - name: "APP_FQDN" value: "{{ .Values.cadi.fqdn }}" - name: "APP_FQI" value: "{{ .Values.cadi.fqi }}" - - name: "LATITUDE" - value: "{{ .Values.cadi.cadi_latitude }}" - - name: "LONGITUDE" - value: "{{ .Values.cadi.cadi_longitude }}" - name: "DEPLOY_FQI" value: "deployer@people.osaaf.org" - name: "DEPLOY_PASSWORD" value: "demo123456!" - - name: "aaf_locator_container" - value: "helm" - - name: "aaf_locator_port" - value: "{{ .Values.cadi.port }}" - - name: "aaf_locator_fqdn.helm" - value: "{{ .Values.cadi.fqdn }}.{{.Release.Namespace}}" - - name: "aaf_locator_public_hostname" - value: "{{ .Values.cadi.public_fqdn }}" - - name: "aaf_locator_public_port" - value: "{{ .Values.cadi.public_port }}" - - name: "aaf_locator_container_ns" - value: "{{ .Release.Namespace }}" - - name: "aaf_locator_name" - value: "{{.Values.cadi.app_ns}}.hello" - - name: "aaf_locator_name.helm" - value: "{{ .Release.Namespace}}.{{.Values.cadi.app_ns}}.hello" +# Hello specific. Clients don't necessarily need this + - name: aaf_locator_public_fqdn + value: "{{.Values.cadi.public_fqdn}}" + - name: aaf_locator_name + value: "{{.Values.cadi.aaf_locator_name}}" + - name: aaf_locator_name_helm + value: "{{.Values.cadi.aaf_locator_name_helm}}" + - name: aaf_locator_fqdn_helm + value: "%N.%CNS" ### ### AAF-HELLO diff --git a/auth/helm/aaf-hello/values.yaml b/auth/helm/aaf-hello/values.yaml index a4fd23c4..a695a456 100644 --- a/auth/helm/aaf-hello/values.yaml +++ b/auth/helm/aaf-hello/values.yaml @@ -33,11 +33,17 @@ cadi: fqdn: "aaf-hello" port: 8130 public_fqdn: "aaf.osaaf.org" +# DUBLIN ONLY - for M4 compatibility with Casablanca + aaf_locator_name: "public.%NS.%N" + aaf_locator_name_helm: "%NS.%N" +# EL ALTO and Beyond +# aaf_locator_name: "%NS.%N" +# aaf_locator_name_helm: "%CNS.%NS.%N" public_port: 30086 fqi: "aaf@aaf.osaaf.org" app_ns: "org.osaaf.aaf" - cadi_latitude: "38.0" - cadi_longitude: "-72.0" + cadi_latitude: 38.0 + cadi_longitude: -72.0 aaf_env: "DEV" persistence: {} diff --git a/auth/helm/aaf/templates/aaf-cm.yaml b/auth/helm/aaf/templates/aaf-cm.yaml index b64a968e..51b0043d 100644 --- a/auth/helm/aaf/templates/aaf-cm.yaml +++ b/auth/helm/aaf/templates/aaf-cm.yaml @@ -83,6 +83,10 @@ spec: value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}" - name: aaf_locator_public_fqdn value: "{{.Values.services.public_fqdn}}" + - name: aaf_locator_name + value: "{{.Values.services.aaf_locator_name}}" + - name: aaf_locator_name_helm + value: "{{.Values.services.aaf_locator_name_helm}}" - name: CASSANDRA_CLUSTER value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}" # - name: CASSANDRA_USER diff --git a/auth/helm/aaf/templates/aaf-fs.yaml b/auth/helm/aaf/templates/aaf-fs.yaml index 5adc1d62..f0c6e8e5 100644 --- a/auth/helm/aaf/templates/aaf-fs.yaml +++ b/auth/helm/aaf/templates/aaf-fs.yaml @@ -117,4 +117,8 @@ spec: value: "https://aaf-locate.onap:8095" - name: aaf_locator_public_fqdn value: "{{.Values.services.public_fqdn}}" + - name: aaf_locator_name + value: "{{.Values.services.aaf_locator_name}}" + - name: aaf_locator_name_helm + value: "{{.Values.services.aaf_locator_name_helm}}" diff --git a/auth/helm/aaf/templates/aaf-gui.yaml b/auth/helm/aaf/templates/aaf-gui.yaml index 758b6b27..a977a9b3 100644 --- a/auth/helm/aaf/templates/aaf-gui.yaml +++ b/auth/helm/aaf/templates/aaf-gui.yaml @@ -84,6 +84,10 @@ spec: value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}" - name: aaf_locator_public_fqdn value: "{{.Values.services.public_fqdn}}" + - name: aaf_locator_name + value: "{{.Values.services.aaf_locator_name}}" + - name: aaf_locator_name_helm + value: "{{.Values.services.aaf_locator_name_helm}}" - name: CASSANDRA_CLUSTER value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}" # - name: CASSANDRA_USER diff --git a/auth/helm/aaf/templates/aaf-locate.yaml b/auth/helm/aaf/templates/aaf-locate.yaml index a6a2e258..1f9bdc40 100644 --- a/auth/helm/aaf/templates/aaf-locate.yaml +++ b/auth/helm/aaf/templates/aaf-locate.yaml @@ -83,6 +83,10 @@ spec: value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}" - name: aaf_locator_public_fqdn value: "{{.Values.services.public_fqdn}}" + - name: aaf_locator_name + value: "{{.Values.services.aaf_locator_name}}" + - name: aaf_locator_name_helm + value: "{{.Values.services.aaf_locator_name_helm}}" - name: CASSANDRA_CLUSTER value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}" # - name: CASSANDRA_USER diff --git a/auth/helm/aaf/templates/aaf-oauth.yaml b/auth/helm/aaf/templates/aaf-oauth.yaml index 2e2acb4b..ff9a18dd 100644 --- a/auth/helm/aaf/templates/aaf-oauth.yaml +++ b/auth/helm/aaf/templates/aaf-oauth.yaml @@ -83,6 +83,10 @@ spec: value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}" - name: aaf_locator_public_fqdn value: "{{.Values.services.public_fqdn}}" + - name: aaf_locator_name + value: "{{.Values.services.aaf_locator_name}}" + - name: aaf_locator_name_helm + value: "{{.Values.services.aaf_locator_name_helm}}" - name: CASSANDRA_CLUSTER value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}" # - name: CASSANDRA_USER diff --git a/auth/helm/aaf/templates/aaf-service.yaml b/auth/helm/aaf/templates/aaf-service.yaml index a0935a65..be6e1c8b 100644 --- a/auth/helm/aaf/templates/aaf-service.yaml +++ b/auth/helm/aaf/templates/aaf-service.yaml @@ -66,22 +66,24 @@ spec: - mountPath: "/opt/app/osaaf" name: aaf-config-vol env: - - name: AAF_ENV + - name: aaf_env value: "{{ .Values.services.aaf_env }}" - - name: LATITUDE + - name: cadi_latitude value: "{{ .Values.services.cadi_latitude }}" - - name: LONGITUDE + - name: cadi_longitude value: "{{ .Values.services.cadi_longitude }}" - name: aaf_locator_container value: "helm" - name: aaf_locator_container_ns - valueFrom: - fieldRef: - fieldPath: metadata.namespace + value: "{{ .Release.Namespace }}" - name: aaf_locate_url value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}" - name: aaf_locator_public_fqdn value: "{{.Values.services.public_fqdn}}" + - name: aaf_locator_name + value: "{{.Values.services.aaf_locator_name}}" + - name: aaf_locator_name_helm + value: "{{.Values.services.aaf_locator_name_helm}}" - name: CASSANDRA_CLUSTER value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}" # - name: CASSANDRA_USER diff --git a/auth/helm/aaf/values.yaml b/auth/helm/aaf/values.yaml index 226f030c..c38bbdb5 100644 --- a/auth/helm/aaf/values.yaml +++ b/auth/helm/aaf/values.yaml @@ -30,6 +30,12 @@ services: ns: "onap" aaf_env: "DEV" public_fqdn: "aaf.osaaf.org" +# DUBLIN ONLY - for M4 compatibility with Casablanca + aaf_locator_name: "public.%NS.%N" + aaf_locator_name_helm: "%NS.%N" +# EL ALTO and Beyond +# aaf_locator_name: "%NS.%N" +# aaf_locator_name_helm: "%CNS.%NS.%N" cadi_latitude: "38.0" cadi_longitude: "-72.0" cass: diff --git a/auth/sample/bin/client.sh b/auth/sample/bin/client.sh index dde10720..0dff8037 100755 --- a/auth/sample/bin/client.sh +++ b/auth/sample/bin/client.sh @@ -76,41 +76,45 @@ function sso_encrypt() { $JAVA_CADI digest ${1} $DOT_AAF/keyfile } +if [ ! -e "$DOT_AAF/truststoreONAPall.jks" ]; then + mkdir -p $DOT_AAF + base64 -d $CONFIG/cert/truststoreONAPall.jks.b64 > $DOT_AAF/truststoreONAPall.jks +fi # Create Deployer Info, located at /root/.aaf if [ ! -e "$DOT_AAF/keyfile" ]; then - mkdir -p $DOT_AAF $JAVA_CADI keygen $DOT_AAF/keyfile chmod 400 $DOT_AAF/keyfile - echo cadi_latitude=${LATITUDE} > ${SSO} - echo cadi_longitude=${LONGITUDE} >> ${SSO} - echo aaf_id=${DEPLOY_FQI} >> ${SSO} + + # Add Deployer Creds to Root's SSO + DEPLOY_FQI="${DEPLOY_FQI:=$app_id}" + echo "aaf_id=${DEPLOY_FQI}" > ${SSO} if [ ! "${DEPLOY_PASSWORD}" = "" ]; then echo aaf_password=enc:$(sso_encrypt ${DEPLOY_PASSWORD}) >> ${SSO} fi - if [ ! -z "${aaf_locator_container}" ]; then - echo "aaf_locator_container=${aaf_locator_container}" >> ${SSO} - fi - if [ -z "${aaf_locator_container_ns}" ]; then - if [ !-z "${CONTAINER_NS}" ]; then - echo "aaf_locator_container_ns=${CONTAINER_NS}" >> ${SSO} - fi - else - echo "aaf_locator_container_ns=${aaf_locator_container_ns}" >> ${SSO} - fi - if [ ! -z "${AAF_ENV}" ]; then - echo "aaf_env=${AAF_ENV}" >> ${SSO} - fi - echo aaf_locate_url=https://${AAF_FQDN}:8095 >> ${SSO} - echo aaf_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:${AAF_INTERFACE_VERSION} >> ${SSO} + # Cover case where using app.props + aaf_locater_container_ns=${aaf_locator_container_ns:=$CONTAINER_NS} + + for E in $(env); do + if [ "${E:0:4}" = "aaf_" ] || [ "${E:0:5}" = "cadi_" ]; then + # Use Deployer ID in ${SSO} + if [ "app_id" != "${E%=*}" ]; then + S="${E/_helm/.helm}" + S="${S/_oom/.oom}" + echo "$S" >> ${SSO} + fi + fi + done - base64 -d $CONFIG/cert/truststoreONAPall.jks.b64 > $DOT_AAF/truststoreONAPall.jks echo "cadi_truststore=$DOT_AAF/truststoreONAPall.jks" >> ${SSO} echo cadi_truststore_password=enc:$(sso_encrypt changeit) >> ${SSO} echo "Caller Properties Initialized" INITIALIZED="true" fi +echo "cat SSO" +cat ${SSO} +echo "dog" # Only initialize once, automatically... if [ ! -e $LOCAL/${NS}.props ]; then @@ -133,28 +137,22 @@ if [ ! -e $LOCAL/${NS}.props ]; then echo "java -cp $(ls aaf-auth-cmd-*-full.jar) org.onap.aaf.cadi.aaf.TestConnectivity $NS.props" >> testConnectivity chmod ug+x agent cadi testConnectivity fi + echo "#### Create Configuration files " $JAVA_AGENT config $APP_FQI \ - aaf_url=https://AAF_LOCATE_URL/AAF_NS.locate:${AAF_INTERFACE_VERSION} \ - cadi_etc_dir=$LOCAL -# Grab all properties passed in that start with "aaf_" or "cadi_" - for E in $(env); do - if [[ $E == aaf_* ]] || [[ $E == cadi_* ]]; then - if [ -z "$(grep $E $LOCAL/$NS.props)" ]; then - echo "${E}" >> $LOCAL/$NS.props - fi - fi - done + cadi_etc_dir=$LOCAL \ + cadi_prop_files=$SSO + #aaf_url=https://AAF_LOCATE_URL/AAF_NS.locate:${AAF_INTERFACE_VERSION} cat $LOCAL/$NS.props echo echo "#### Certificate Authorization Artifact" - TMP=$(mktemp) + # TMP=$(mktemp) + TMP=$LOCAL/agent.log $JAVA_AGENT read ${APP_FQI} ${APP_FQDN} \ cadi_prop_files=${SSO} \ - cadi_etc_dir=$LOCAL > $TMP - cat $TMP - echo + cadi_etc_dir=$LOCAL | tee $TMP + if [ -n "$(grep 'Namespace:' $TMP)" ]; then echo "#### Place Certificates (by deployer)" $JAVA_AGENT place ${APP_FQI} ${APP_FQDN} \ diff --git a/auth/sample/bin/service.sh b/auth/sample/bin/service.sh index 2b964b1c..54a1cc58 100644 --- a/auth/sample/bin/service.sh +++ b/auth/sample/bin/service.sh @@ -135,7 +135,9 @@ if [ ! -e $LOCAL/org.osaaf.aaf.props ]; then echo aaf_locate_url=${AAF_LOCATE_URL} >> ${TMP} for P in `env`; do if [[ "$P" == aaf_locator* ]]; then - echo "$P" >> ${TMP} + S="${P/_helm/.helm}" + S="${S/_oom/.oom}" + echo "$S" >> ${TMP} fi done diff --git a/auth/sample/local/initialConfig.props b/auth/sample/local/initialConfig.props index 6ea1d537..8b01d951 100644 --- a/auth/sample/local/initialConfig.props +++ b/auth/sample/local/initialConfig.props @@ -17,8 +17,6 @@ # limitations under the License.
# ============LICENSE_END====================================================
#
-cadi_protocols=TLSv1.1,TLSv1.2
-
################################
# Locator info
#
@@ -31,20 +29,21 @@ cadi_protocols=TLSv1.1,TLSv1.2 aaf_locator_app_ns=%AAF_NS
aaf_locator_name=%NS.%N
aaf_locator_name.docker=%CNS.%NS.%N
-aaf_locator_name.helm=%CNS.%NS.%N
-aaf_locator_name.oom=%CNS%.%NS.%N
+aaf_root_ns=org.osaaf.aaf
+
+# Dublin
+aaf_locator_name.oom=%NS.%N
+aaf_locator_name.helm=%NS.%N
+aaf_locator_public_name.oom=public.%NS.%N
+aaf_locator_public_name.helm=public.%NS.%N
+
+# EL Alto and beyond
+# aaf_locator_name.oom=%CNS.%NS.%N
+# aaf_locator_name.helm=%CNS.%NS.%N
+
aaf_locator_fqdn.docker=aaf-%N
aaf_locator_fqdn.helm=aaf-%N.%CNS
aaf_locator_fqdn.oom=aaf-%N.%CNS
-################################
-# AAF URLs
-################################
-aaf_locate_url=https://localhost:8095
-aaf_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:2.1
-aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.oauth:2.1/introspect
-aaf_oauth2_token_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.oauth:2.1/token
-cm_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1
-gui_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui.2.1
-fs_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs.2.1
-
+# initial trusted CAs
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java index d3804743..e5a0a28c 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java @@ -27,10 +27,10 @@ import java.net.HttpURLConnection; import java.net.InetSocketAddress; import java.net.Socket; import java.net.URI; -import java.net.URISyntaxException; import java.util.ArrayList; import java.util.Date; import java.util.List; +import java.util.Map; import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.CadiException; @@ -43,6 +43,7 @@ import org.onap.aaf.cadi.aaf.v2_0.AAFLocator; import org.onap.aaf.cadi.client.Future; import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.config.SecurityInfoC; +import org.onap.aaf.cadi.configure.Agent; import org.onap.aaf.cadi.http.HBasicAuthSS; import org.onap.aaf.cadi.http.HClient; import org.onap.aaf.cadi.http.HX509SS; @@ -53,7 +54,10 @@ import org.onap.aaf.misc.env.APIException; public class TestConnectivity { - public static void main(String[] args) { + private static Map<String, String> aaf_urls; + + + public static void main(String[] args) { if (args.length<1) { System.out.println("Usage: ConnectivityTester <cadi_prop_files> [<AAF FQDN (i.e. aaf.dev.att.com)>]"); } else { @@ -65,24 +69,14 @@ public class TestConnectivity { } PropAccess access = new PropAccess(args); - String aaflocate; - if (args.length>1) { - aaflocate = "https://" + args[1]; - access.setProperty(Config.AAF_LOCATE_URL, "https://" + args[1]); - } else { - aaflocate = access.getProperty(Config.AAF_LOCATE_URL); - if (aaflocate==null) { - print(true,"Properties must contain ",Config.AAF_LOCATE_URL); - } - } - try { SecurityInfoC<HttpURLConnection> si = SecurityInfoC.instance(access, HttpURLConnection.class); + aaf_urls = Agent.loadURLs(access); List<SecuritySetter<HttpURLConnection>> lss = loadSetters(access,si); ///////// - String directAAFURL = access.getProperty(Config.AAF_URL,null); - if(directAAFURL!=null && !directAAFURL.contains("AAF_LOCATE")) { + String directAAFURL = aaf_urls.get(Config.AAF_URL); + if(directAAFURL!=null && !directAAFURL.contains("/locate/")) { print(true,"Test Connections by non-located aaf_url"); Locator<URI> locator = new SingleEndpointLocator(directAAFURL); connectTest(locator,new URI(directAAFURL)); @@ -92,17 +86,18 @@ public class TestConnectivity { } else { ///////// print(true,"Test Connections driven by AAFLocator"); - URI serviceURI = uri(access,"service"); + String serviceURI = aaf_urls.get(Config.AAF_URL); - for (URI uri : new URI[] { + for (String url : new String[] { serviceURI, - uri(access,"token"), - uri(access,"introspect"), - uri(access,"cm"), - uri(access,"gui"), - uri(access,"fs"), - uri(access,"hello") + aaf_urls.get(Config.AAF_OAUTH2_TOKEN_URL), + aaf_urls.get(Config.AAF_OAUTH2_INTROSPECT_URL), + aaf_urls.get(Config.AAF_URL_CM), + aaf_urls.get(Config.AAF_URL_GUI), + aaf_urls.get(Config.AAF_URL_FS), + aaf_urls.get(Config.AAF_URL_HELLO) }) { + URI uri = new URI(url); Locator<URI> locator = new AAFLocator(si, uri); try { connectTest(locator, uri); @@ -114,7 +109,7 @@ public class TestConnectivity { ///////// print(true,"Test Service for Perms driven by AAFLocator"); - Locator<URI> locator = new AAFLocator(si,serviceURI); + Locator<URI> locator = new AAFLocator(si,new URI(serviceURI)); for (SecuritySetter<HttpURLConnection> ss : lss) { permTest(locator,ss); } @@ -125,7 +120,7 @@ public class TestConnectivity { for (SecuritySetter<HttpURLConnection> ss : lss) { if (ss instanceof HBasicAuthSS) { hasBath=true; - basicAuthTest(new AAFLocator(si, serviceURI),ss); + basicAuthTest(new AAFLocator(si, new URI(serviceURI)),ss); } } if(!hasBath) { @@ -141,25 +136,6 @@ public class TestConnectivity { } } - private static URI uri(PropAccess access, String ms) throws URISyntaxException { - String aaf_root_ns = access.getProperty(Config.AAF_ROOT_NS,Config.AAF_ROOT_NS_DEF); - String aaf_api_version = access.getProperty(Config.AAF_API_VERSION,Config.AAF_DEFAULT_API_VERSION); - String aaf_locate_url = access.getProperty(Config.AAF_LOCATE_URL,Defaults.AAF_LOCATE_CONST); - String aaf_container = access.getProperty(Config.AAF_LOCATOR_CONTAINER,null); - if(aaf_container!=null) { - String ns = access.getProperty(Config.AAF_LOCATOR_CONTAINER_NS+'.'+aaf_container,null); - if(ns==null) { - ns = access.getProperty(Config.AAF_LOCATOR_CONTAINER_NS,null); - } - if(ns!=null) { - aaf_root_ns=ns + '.' + aaf_root_ns; - } - } - if("cm".equals(ms) && "2.0".equals(aaf_api_version)) { - ms = "certman"; - } - return new URI(aaf_locate_url + "/locate/" + aaf_root_ns + '.' + ms + ':' + aaf_api_version); - } private static List<SecuritySetter<HttpURLConnection>> loadSetters(PropAccess access, SecurityInfoC<HttpURLConnection> si) { print(true,"Load Security Setters from Configuration Information"); @@ -192,12 +168,7 @@ public class TestConnectivity { access.log(Level.INFO, "X509 (Client certificate) Security Setter constructor threw exception: \"",e.getMessage(),"\". X509 tests will not be performed"); } - String tokenURL = access.getProperty(Config.AAF_OAUTH2_TOKEN_URL); - String locateURL=access.getProperty(Config.AAF_LOCATE_URL); - if (tokenURL==null || (tokenURL.contains("/locate/") && locateURL!=null)) { - tokenURL=Config.OAUTH2_TOKEN_URL_DEF; - } - + String tokenURL = aaf_urls.get(Config.AAF_OAUTH2_TOKEN_URL); try { HRenewingTokenSS hrtss = new HRenewingTokenSS(access, tokenURL); @@ -256,6 +227,7 @@ public class TestConnectivity { if ((uri = dl.get(li)) == null) { System.out.println("Locator Item empty"); } else { + System.out.printf("Located %s using %s\n",uri.toString(), locatorURI.toString()); socket = new Socket(); try { FixURIinfo fui = new FixURIinfo(uri); diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLocator.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLocator.java index 16fdb79c..eda4a5aa 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLocator.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLocator.java @@ -130,4 +130,5 @@ public class AAFLocator extends AbsAAFLocator<BasicTrans> { protected HClient createClient(SecuritySetter<HttpURLConnection> ss, URI uri, int connectTimeout) throws LocatorException { return new HClient(ss, uri, connectTimeout); } + } diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java index 5214ddba..2405962c 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java @@ -60,7 +60,7 @@ public abstract class AbsAAFLocator<TRANS extends Trans> implements Locator<URI> protected String myhostname; protected int myport; protected final String aaf_locator_host; - protected final URI aaf_locator_uri; + protected URI aaf_locator_uri; private long earliest; private final long refreshWait; @@ -462,5 +462,10 @@ public abstract class AbsAAFLocator<TRANS extends Trans> implements Locator<URI> return rv; } + protected void clear() { + epList.clear(); + earliest=0L; + } + } diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java index e04015c4..caf15d35 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java @@ -50,6 +50,7 @@ import org.onap.aaf.cadi.CmdLine; import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.PropAccess; import org.onap.aaf.cadi.Symm; +import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.aaf.client.ErrMessage; import org.onap.aaf.cadi.aaf.v2_0.AAFCon; import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp; @@ -57,6 +58,7 @@ import org.onap.aaf.cadi.client.Future; import org.onap.aaf.cadi.client.Rcli; import org.onap.aaf.cadi.client.Retryable; import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.config.RegistrationPropHolder; import org.onap.aaf.cadi.config.SecurityInfoC; import org.onap.aaf.cadi.http.HBasicAuthSS; import org.onap.aaf.cadi.locator.SingleEndpointLocator; @@ -113,6 +115,11 @@ public class Agent { Config.CADI_TRUSTSTORE,Config.CADI_TRUSTSTORE_PASSWORD, Config.CADI_ALIAS, Config.CADI_X509_ISSUERS }); + private static List<String> LOC_TAGS = Arrays.asList(new String[] { + Config.CADI_LATITUDE, Config.CADI_LONGITUDE + }); + // Note: This is set by loadURLs. Use that function as singleton, not directly. + private static Map<String,String> aaf_urls = null; public static void main(String[] args) { @@ -227,11 +234,8 @@ public class Agent { aafsso.setLogDefault(); aafsso.setStdErrDefault(); - // if CM_URL can be obtained, add to sso.props, if written - String cm_url = getProperty(access,env,false, Config.CM_URL,Config.CM_URL_DEF); - if (cm_url!=null) { - aafsso.addProp(Config.CM_URL, cm_url); - } + Map<String, String> aaf_urls = loadURLs(access); + aafsso.addProp(Config.AAF_URL_CM, aaf_urls.get(Config.AAF_URL_CM)); aafsso.writeFiles(); } @@ -300,9 +304,53 @@ public class Agent { } } - private static synchronized AAFCon<?> aafcon(Access access) throws APIException, CadiException, LocatorException { + public synchronized static Map<String,String> loadURLs(Access access) throws UnknownHostException, CadiException { + if(aaf_urls==null) { + Map<String,String> rv = new HashMap<>(); + RegistrationPropHolder rph = new RegistrationPropHolder(access, 0); + String dot_le = access.getProperty(Config.AAF_LOCATOR_CONTAINER,null); + dot_le=dot_le==null?"":'.'+dot_le; + String version = access.getProperty(Config.AAF_API_VERSION,Config.AAF_DEFAULT_API_VERSION); + for(String u : new String[] {"aaf","locate","oauth","cm","gui","fs","hello","token","introspect"}) { + String proto = "fs".equals(u)?"http://":"https://"; + String lhost; + if("locate".equals(u)) { + lhost=rph.default_fqdn; + } else { + lhost=Config.AAF_LOCATE_URL_TAG; + } + String value = rph.replacements("Agent:loadURLs", + proto + lhost + "/AAF_NS." + ("aaf".equals(u)?"service":u) + ':' + version, + null,dot_le); + switch(u) { + case "aaf": rv.put(Config.AAF_URL, value); break; + case "locate": rv.put(Config.AAF_LOCATE_URL, value); break; + case "token": rv.put(Config.AAF_OAUTH2_TOKEN_URL, value); break; + case "introspect": rv.put(Config.AAF_OAUTH2_INTROSPECT_URL, value); break; + case "cm": rv.put(Config.AAF_URL_CM, value); break; + case "gui": rv.put(Config.AAF_URL_GUI, value); break; + case "fs": rv.put(Config.AAF_URL_FS, value); break; + case "hello": rv.put(Config.AAF_URL_HELLO, value); break; + default: + rv.put("aaf_url_" + u, value); + } + }; + aaf_urls = rv; + } + return aaf_urls; + } + + public static void fillMissing(PropAccess access, Map<String, String> map) { + for(Entry<String, String> es : map.entrySet()) { + if(access.getProperty(es.getKey())==null) { + access.setProperty(es.getKey(),es.getValue()); + } + } + } + + private static synchronized AAFCon<?> aafcon(Access access) throws APIException, CadiException, LocatorException { if (aafcon==null) { - aafcon = new AAFConHttp(access,Config.CM_URL); + aafcon = new AAFConHttp(access,Config.AAF_URL_CM); } return aafcon; } @@ -743,7 +791,6 @@ public class Agent { Artifact arti = new Artifact(); arti.setDir(propAccess.getProperty(Config.CADI_ETCDIR, ".")); arti.setNs(FQI.reverseDomain(fqi)); - PropHolder loc = PropHolder.get(arti, "location.props"); PropHolder cred = PropHolder.get(arti,"cred.props"); PropHolder app= PropHolder.get(arti,"props"); @@ -771,51 +818,62 @@ public class Agent { } } + // load all properties that are already setup. + Map<String, String> aaf_urls = loadURLs(propAccess); + for(Entry<String, String> es : aaf_urls.entrySet()) { + app.add(es.getKey(), es.getValue()); + } + app.add(Config.AAF_LOCATE_URL, propAccess, null); for(Entry<Object, Object> aaf_loc_prop : propAccess.getProperties().entrySet()) { String key = aaf_loc_prop.getKey().toString(); - if(key.startsWith("aaf_locator")) { + if("aaf_env".equals(key) || key.startsWith("aaf_locator")) { app.add(key, aaf_loc_prop.getValue().toString()); } } app.add(Config.AAF_APPID, fqi); - app.add(Config.AAF_URL, propAccess, Config.AAF_URL_DEF); String cts = propAccess.getProperty(Config.CADI_TRUSTSTORE); + System.out.println("Passed in Truststore is " + cts); if (cts!=null) { File origTruststore = new File(cts); - if (!origTruststore.exists()) { - // Try same directory as cadi_prop_files - String cpf = propAccess.getProperty(Config.CADI_PROP_FILES); - if (cpf!=null) { - for (String f : Split.split(File.pathSeparatorChar, cpf)) { - File fcpf = new File(f); - if (fcpf.exists()) { - int lastSep = cts.lastIndexOf(File.pathSeparator); - origTruststore = new File(fcpf.getParentFile(),lastSep>=0?cts.substring(lastSep):cts); - if (origTruststore.exists()) { - break; - } - } - } - if (!origTruststore.exists()) { - throw new CadiException(cts + " does not exist"); - } - } - - } File newTruststore = new File(app.getDir(),origTruststore.getName()); - if (!newTruststore.exists()) { - Files.copy(origTruststore.toPath(), newTruststore.toPath()); + if(!newTruststore.exists()) { + if (!origTruststore.exists()) { + // Try same directory as cadi_prop_files + String cpf = propAccess.getProperty(Config.CADI_PROP_FILES); + if (cpf!=null) { + for (String f : Split.split(File.pathSeparatorChar, cpf)) { + File fcpf = new File(f); + if (fcpf.exists()) { + int lastSep = cts.lastIndexOf(File.pathSeparator); + origTruststore = new File(fcpf.getParentFile(),lastSep>=0?cts.substring(lastSep):cts); + if (origTruststore.exists()) { + break; + } + } + } + if (!origTruststore.exists()) { + throw new CadiException(cts + " does not exist"); + } + } + + } + if (!newTruststore.exists() && origTruststore.exists()) { + Files.copy(origTruststore.toPath(), newTruststore.toPath()); + } } - - cred.add(Config.CADI_TRUSTSTORE, propAccess, newTruststore.getCanonicalPath()); - cred.addEnc(Config.CADI_TRUSTSTORE_PASSWORD, propAccess, "changeit" /* Java default */); + + System.out.println("New Truststore is " + newTruststore); + cred.add(Config.CADI_TRUSTSTORE, newTruststore.getCanonicalPath()); + cred.add(Config.CADI_TRUSTSTORE_PASSWORD, "changeit" /* Java default */); String cpf = propAccess.getProperty(Config.CADI_PROP_FILES); if (cpf!=null){ - for (String f : Split.split(File.pathSeparatorChar, cpf)) { + String[] propFiles = Split.splitTrim(File.pathSeparatorChar, cpf); + for (int pfi = propFiles.length-1;pfi>=0;--pfi) { + String f = propFiles[pfi]; System.out.format("Reading %s\n",f); FileInputStream fis = new FileInputStream(f); try { @@ -824,6 +882,9 @@ public class Agent { for (Entry<Object, Object> prop : props.entrySet()) { boolean lower = true; String key = prop.getKey().toString(); + if(LOC_TAGS.contains(key)) { + break; + } for(int i=0;lower && i<key.length();++i) { if(Character.isUpperCase(key.charAt(i))) { lower = false; @@ -876,8 +937,6 @@ public class Agent { } - private static List<String> LOC_TAGS = Arrays.asList(new String[] {Config.CADI_LATITUDE, Config.CADI_LONGITUDE}); - private static void validate(final PropAccess pa) throws LocatorException, CadiException, APIException { System.out.println("Validating Configuration..."); final AAFCon<?> aafcon = new AAFConHttp(pa,Config.AAF_URL,new SecurityInfoC<HttpURLConnection>(pa)); diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java index c507a826..772040c3 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java @@ -38,11 +38,11 @@ import org.onap.aaf.cadi.Hash; import org.onap.aaf.cadi.Locator; import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.Symm; -import org.onap.aaf.cadi.aaf.Defaults; import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp; import org.onap.aaf.cadi.aaf.v2_0.AAFLocator; import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.config.SecurityInfoC; +import org.onap.aaf.cadi.configure.Agent; import org.onap.aaf.cadi.locator.PropertyLocator; import org.onap.aaf.cadi.locator.SingleEndpointLocator; import org.onap.aaf.cadi.oauth.TokenClient.AUTHN_METHOD; @@ -62,12 +62,12 @@ public class TokenClientFactory extends Persist<Token,TimedToken> { private TokenClientFactory(Access pa) throws APIException, GeneralSecurityException, IOException, CadiException { super(pa, new RosettaEnv(pa.getProperties()),Token.class,"outgoing"); - + Map<String, String> aaf_urls = Agent.loadURLs(pa); if (access.getProperty(Config.AAF_OAUTH2_TOKEN_URL,null)==null) { - access.getProperties().put(Config.AAF_OAUTH2_TOKEN_URL, Config.OAUTH2_TOKEN_URL_DEF); // Default to AAF + access.getProperties().put(Config.AAF_OAUTH2_TOKEN_URL, aaf_urls.get(Config.AAF_OAUTH2_TOKEN_URL)); // Default to AAF } if (access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL,null)==null) { - access.getProperties().put(Config.AAF_OAUTH2_INTROSPECT_URL, Config.OAUTH2_INTROSPECT_URL_DEF); // Default to AAF); + access.getProperties().put(Config.AAF_OAUTH2_INTROSPECT_URL, aaf_urls.get(Config.AAF_OAUTH2_INTROSPECT_URL)); // Default to AAF); } symm = Symm.encrypt.obtain(); diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java index 75cddfff..c9b8b4ee 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java @@ -246,7 +246,7 @@ public class AAFSSO { Symm decryptor = ArtifactDir.getSymm(dot_aaf_kf); if (user == null) { if (sso.exists()) { - String cm_url = access.getProperty(Config.CM_URL); // SSO might overwrite... + String cm_url = access.getProperty(Config.AAF_URL_CM); // SSO might overwrite... FileInputStream fos = new FileInputStream(sso); try { access.load(fos); @@ -256,7 +256,7 @@ public class AAFSSO { access.setProperty(Config.AAF_APPPASS, access.encrypt(decryptor.depass(encrypted_pass))); if (cm_url != null) { //Command line CM_URL Overwrites ssofile. - access.setProperty(Config.CM_URL, cm_url); + access.setProperty(Config.AAF_URL_CM, cm_url); } } finally { fos.close(); @@ -325,8 +325,8 @@ public class AAFSSO { access.setProperty(Config.AAF_URL, locateRoot+".service:"+apiVersion); } - if(access.getProperty(Config.CM_URL)==null) { - access.setProperty(Config.CM_URL, locateRoot+".cm:"+apiVersion); + if(access.getProperty(Config.AAF_URL_CM)==null) { + access.setProperty(Config.AAF_URL_CM, locateRoot+".cm:"+apiVersion); } String cadiLatitude = access.getProperty(Config.CADI_LATITUDE); if (cadiLatitude==null) { diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_OAuthTest.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_OAuthTest.java index 03c99d2a..6759d314 100644 --- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_OAuthTest.java +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_OAuthTest.java @@ -67,6 +67,8 @@ public class JU_OAuthTest { System.setOut(new PrintStream(outStream)); access = new PropAccess(); + access.setProperty(Config.CADI_LATITUDE, "38"); + access.setProperty(Config.CADI_LONGITUDE, "-72"); try { tcf = TokenClientFactory.instance(access); } catch (Exception e) { diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/register/test/JU_RegistrationCreator.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/register/test/JU_RegistrationCreator.java index 6f3884b7..af344d2f 100644 --- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/register/test/JU_RegistrationCreator.java +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/register/test/JU_RegistrationCreator.java @@ -45,6 +45,7 @@ public class JU_RegistrationCreator { PropAccess pa = new PropAccess(); pa.setProperty(Config.CADI_LATITUDE, "32.7"); pa.setProperty(Config.CADI_LONGITUDE, "-72.0"); + pa.setProperty(Config.AAF_LOCATOR_NAME, ""); try { String hostname = Inet4Address.getLocalHost().getHostName(); diff --git a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java index 056651eb..9255128c 100644 --- a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java +++ b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java @@ -168,6 +168,10 @@ public class HClient implements EClient<HttpURLConnection> { public URI getURI() { return uri; } + + public void setURI(URI uri) { + this.uri = uri; + } public int timeout() { return connectTimeout; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java index 07a791e8..ff1f3955 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java @@ -152,15 +152,7 @@ public class Config { public static final String AAF_LOCATE_URL_TAG = "AAF_LOCATE_URL"; // Name of Above for use in Config Variables. public static final String AAF_DEFAULT_API_VERSION = "2.1"; public static final String AAF_API_VERSION = "aaf_api_version"; - public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration - public static final String AAF_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:" + AAF_DEFAULT_API_VERSION; - public static final String GUI_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui:" + AAF_DEFAULT_API_VERSION; - public static final String CM_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:" + AAF_DEFAULT_API_VERSION; - public static final String FS_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs:" + AAF_DEFAULT_API_VERSION; - public static final String HELLO_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.hello:" + AAF_DEFAULT_API_VERSION; - public static final String OAUTH2_TOKEN_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.token:" + AAF_DEFAULT_API_VERSION +"/token"; - public static final String OAUTH2_INTROSPECT_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.introspect:" + AAF_DEFAULT_API_VERSION +"/introspect";; - + public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration public static final String AAF_LOCATOR_CLASS = "aaf_locator_class"; // AAF Locator Entries are ADDITIONAL entries, which also gives the Property ability // to set these entries manually @@ -181,6 +173,7 @@ public class Config { public static final String AAF_LOCATOR_NAME = "aaf_locator_name"; public static final String AAF_LOCATOR_PUBLIC_PORT = "aaf_locator_public_port"; public static final String AAF_LOCATOR_PUBLIC_FQDN = "aaf_locator_public_fqdn"; + public static final String AAF_LOCATOR_PUBLIC_NAME = "aaf_locator_public_name"; public static final String AAF_APPID = "aaf_id"; public static final String AAF_APPPASS = "aaf_password"; @@ -217,8 +210,10 @@ public class Config { public static final String AAF_DATA_DIR = "aaf_data_dir"; // AAF processes and Components only. public static final String AAF_RELEASE = "aaf_release"; - public static final String GW_URL = "gw_url"; - public static final String CM_URL = "cm_url"; + public static final String AAF_URL_GUI="aaf_url_gui"; + public static final String AAF_URL_FS="aaf_url_fs"; + public static final String AAF_URL_CM = "aaf_url_cm"; + public static final String AAF_URL_HELLO = "aaf_url_hello"; public static final String CM_TRUSTED_CAS = "cm_trusted_cas"; public static final String PATHFILTER_URLPATTERN = "pathfilter_urlpattern"; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/RegistrationPropHolder.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/RegistrationPropHolder.java index 997803bb..50f17e88 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/RegistrationPropHolder.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/RegistrationPropHolder.java @@ -24,8 +24,8 @@ import java.net.Inet4Address; import java.net.UnknownHostException; import org.onap.aaf.cadi.Access; -import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.Access.Level; +import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.util.Split; public class RegistrationPropHolder { @@ -89,8 +89,17 @@ public class RegistrationPropHolder { if(firstlog) { access.printf(Level.INIT, REGI,"public_fqdn",public_fqdn); } - - default_name = access.getProperty(Config.AAF_LOCATOR_NAME, PUBLIC_NAME); + + // Allow Container to reset the standard name for public + String container_public_name = access.getProperty(Config.AAF_LOCATOR_PUBLIC_NAME+'.'+default_container, null); + if(container_public_name==null) { + container_public_name = access.getProperty(Config.AAF_LOCATOR_PUBLIC_NAME, null); + if(container_public_name==null) { + container_public_name = access.getProperty(Config.AAF_LOCATOR_NAME, PUBLIC_NAME); + } + } + default_name = container_public_name; + if(firstlog) { access.printf(Level.INIT, REGI,"default_name",default_name); } @@ -171,12 +180,23 @@ public class RegistrationPropHolder { return replacements("RegistrationPropHolder.getEntryName",str,entry,dot_le); } + public String getPublicEntryName(final String entry, final String dot_le) { + String str = access.getProperty(Config.AAF_LOCATOR_PUBLIC_NAME+dot_le, null); + if(str==null) { + str = access.getProperty(Config.AAF_LOCATOR_PUBLIC_NAME,null); + } + if(str==null) { + str = default_name; + } + return replacements("RegistrationPropHolder.getEntryName",str,entry,dot_le); + } + private String getNS(String dot_le) { String ns; ns = access.getProperty(Config.AAF_LOCATOR_APP_NS+dot_le,null); if(ns==null) { - ns = access.getProperty(Config.AAF_LOCATOR_APP_NS, ""); + ns = access.getProperty(Config.AAF_LOCATOR_APP_NS, "AAF_NS"); } return ns; } @@ -214,7 +234,12 @@ public class RegistrationPropHolder { if(!str.endsWith("/locate/")) { str+="locate/"; } - value = value.replace("https://AAF_LOCATE_URL/", str); + if(value.startsWith("http:")) { + value = value.replace("http://AAF_LOCATE_URL/", str); + } else { + value = value.replace("https://AAF_LOCATE_URL/", str); + + } } } } diff --git a/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OAuthExample.java b/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OAuthExample.java index 10bcdcc2..b09c2b78 100644 --- a/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OAuthExample.java +++ b/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OAuthExample.java @@ -26,17 +26,18 @@ import java.net.ConnectException; import java.security.GeneralSecurityException; import java.util.Date; import java.util.GregorianCalendar; +import java.util.Map; import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.PropAccess; -import org.onap.aaf.cadi.aaf.Defaults; import org.onap.aaf.cadi.client.Future; import org.onap.aaf.cadi.client.Rcli; import org.onap.aaf.cadi.client.Result; import org.onap.aaf.cadi.client.Retryable; import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.configure.Agent; import org.onap.aaf.cadi.oauth.TimedToken; import org.onap.aaf.cadi.oauth.TokenClient; import org.onap.aaf.cadi.oauth.TokenClientFactory; @@ -73,14 +74,16 @@ public class OAuthExample { // Obtain Endpoints for OAuth2 from Properties. Expected is "cadi.properties" file, pointed to by "cadi_prop_files" - String tokenServiceURL = access.getProperty(Config.AAF_OAUTH2_TOKEN_URL,Config.OAUTH2_TOKEN_URL_DEF); // Default to AAF - String tokenIntrospectURL = access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL,Config.OAUTH2_INTROSPECT_URL_DEF); // Default to AAF); - // Get Hello Service - final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL,Config.HELLO_URL_DEF); - - final int CALL_TIMEOUT = Integer.parseInt(access.getProperty(Config.AAF_CALL_TIMEOUT,Config.AAF_CALL_TIMEOUT_DEF)); - try { + Map<String, String> aaf_urls = Agent.loadURLs(access); + Agent.fillMissing(access, aaf_urls); + String tokenServiceURL = access.getProperty(Config.AAF_OAUTH2_TOKEN_URL); // Default to AAF + String tokenIntrospectURL = access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL); // Default to AAF); + // Get Hello Service + final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL); + + final int CALL_TIMEOUT = Integer.parseInt(access.getProperty(Config.AAF_CALL_TIMEOUT,Config.AAF_CALL_TIMEOUT_DEF)); + ////////////////////////////////////////////////////////////////////// // Scenario 1: // Get and use an OAuth Client, which understands Token Management diff --git a/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OnapClientExample.java b/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OnapClientExample.java index 0a653297..b5d087ea 100644 --- a/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OnapClientExample.java +++ b/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OnapClientExample.java @@ -26,17 +26,18 @@ import java.net.ConnectException; import java.security.GeneralSecurityException; import java.util.Date; import java.util.GregorianCalendar; +import java.util.Map; import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.PropAccess; -import org.onap.aaf.cadi.aaf.Defaults; import org.onap.aaf.cadi.client.Future; import org.onap.aaf.cadi.client.Rcli; import org.onap.aaf.cadi.client.Result; import org.onap.aaf.cadi.client.Retryable; import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.configure.Agent; import org.onap.aaf.cadi.oauth.TimedToken; import org.onap.aaf.cadi.oauth.TokenClient; import org.onap.aaf.cadi.oauth.TokenClientFactory; @@ -59,12 +60,13 @@ public class OnapClientExample { // Property Access // This method will allow you to set "cadi_prop_files" (or any other property) on Command line access = new PropAccess(args); - - // access = PropAccess(); // Note: This style will load "cadi_prop_files" from VM Args - - // Token aware Client Factory + // access = PropAccess(); try { + Map<String, String> aaf_urls = Agent.loadURLs(access); + Agent.fillMissing(access, aaf_urls); + + // Token aware Client Factory tcf = TokenClientFactory.instance(access); } catch (APIException | GeneralSecurityException | IOException | CadiException e1) { access.log(e1, "Unable to setup OAuth Client Factory, Fail Fast"); @@ -104,7 +106,7 @@ public class OnapClientExample { // Use this Token in your client calls with "Tokenized Client" (TzClient) // These should NOT be used cross thread. // Get Hello Service URL... roll your own in your own world. - final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL,Config.HELLO_URL_DEF); + final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL); TzClient helloClient = tcf.newTzClient(endServicesURL); diff --git a/docs/sections/architecture/aaf_architecture.rst b/docs/sections/architecture/aaf_architecture.rst index 8f0a5add..50d20eec 100644 --- a/docs/sections/architecture/aaf_architecture.rst +++ b/docs/sections/architecture/aaf_architecture.rst @@ -40,7 +40,7 @@ Thus, the key element is that the Organization itself, delegated by the ultimate Computer Identity ----------------- -Whether or not you follow Science Fiction stories about Robots, are facinated by Isaac Azimov's Three Laws of Robotics, or think those who do are hopelessly socially inept, you will need to wrestle a bit with how much in common a human created machine with a human being. Without moral or religious implications, Identity can be discussed without stepping on the minefields that Science Fiction typically explores. +Whether or not you follow Science Fiction stories about Robots, are fascinated by Isaac Azimov's Three Laws of Robotics, or think those who do are hopelessly socially inept, you will need to wrestle a bit with how much in common a human created machine has with a human being. Without moral or religious implications, Identity can be discussed without stepping on the minefields that Science Fiction typically explores. An Application still must be named, and the name must be controlled within the Context of the Organization defining the name. Where the Application can affect Organzation Resources (i.e. Data), it must have the Authorization to do what it is doing, the question of being sentiently driven need not come up. (sorry sci-fi fans). @@ -49,16 +49,15 @@ Therefore, from an Organization Context, the very same Authentication and Author Sum of Parts ------------ -For a human, it is pretty clear, of our purposes, that it is the mind that focuses into Identity. Any given Employee might lose an arm or leg during the period of employment, and, as long as they can type or vocalize a voice-print, there is no discernable difference -n whether the person is still the person. +For a human, it is pretty clear, of our purposes, that it is the mind that focuses into Identity. Any given Employee might lose an arm or leg during the period of employment, and, as long as they can type or vocalize a voice-print, there is usually no doubt that the person is still the person. -Computer Applications may be different. Typically, an Application is built of separate parts, and with the advent of MicroServices as a goal, the question whether each part needs a separate identity or not is actually a valid question. When a Programmer is writing his App, and making the parts, do they need to stand on their own as an Identity or not. +Computer Applications may be different. Typically, an Application is built of separate parts, and with the advent of MicroServices as a goal, the question whether each part needs a separate identity or not is actually a valid question. When a Programmer is writing his App, and making the parts, he/she must decide if these parts need to stand on their own as an Identity or not. The trick is, as an Architect, is to determine whether these individual components really are separate, or can be considered as a part of the whole. -As a rule of thumb, look at you App. If you follow a Model-View-Controller method, it is hard to argue for a need to separate identities... They are clearly three parts to the whole. On the other hand, if you want to consider each Component as a separate Robot, where one may NOT do just anything that the others do, then you should create separate Identities for each. +As a rule of thumb, look at your App. If you follow a Model-View-Controller method, it is hard to argue for a need to separate identities... They are clearly three parts to the whole. On the other hand, if you want to consider each Component as a separate Robot, where one may NOT do just anything that the others do, then you should create separate Identities for each. -A clue to this kind of model is if you consider having different groups creating an managing the apps, with a view towards more separateness. If you believe your components are more separate, and the grouping is more by topic (i.e. a group of robots tasked with collectively doing something), the separate Identities may be more appropriate. +A clue to this kind of model is if you consider having different groups creating an managing the apps, with a view towards more separateness. If you believe your components are more separate, and the grouping is more by topic (i.e. a group of robots tasked with collectively doing something), the separate Identities may be more appropriate. Enjoy stretching your mind -------------------------- @@ -74,7 +73,7 @@ Every secure transaction requires 1) Encryption 2) Authentication 3) Authorizati - HTTP/S provides the core Encryption whenever used, so all of AAF Components require HTTP/S to the current protocol standards (current is TLS 1.1+ as of Nov 2016) - HTTP/S requires X.509 certificates at least on the Server at minimum. (in this mode, 1 way, a client Certificate is generated) - - Certificate Manager can generate certificates signed by the AT&T Internal Certificate Authority, which is secure and cost effective if external access are not needed + - Certificate Manager can generate certificates signed by the AT&T Internal Certificate Authority, which is secure and cost effective if external access is not needed - These same certificates can be used for identifying the Application during the HTTP/S transaction, making a separate UserID/Password unnecessary for Authentication. - Authentication - In order to tie generated certificates to a specific Application Identity, AAF Certificate Manager embeds a ILM AppID in the Subject. These are created by AT&T specific Internal Certificate Authority, which only generates certificates for AAF Certman. Since AAF Certman validates the Sponsorship of the AppID with requests (automatically), the end user can depend on the AppID embedded in the Subject to be valid without resorting to external calls or passwords. |