summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--auth-client/pom.xml2
-rw-r--r--auth/auth-batch/pom.xml2
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java183
-rw-r--r--auth/auth-cass/pom.xml2
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java9
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java53
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java2
-rw-r--r--auth/auth-cass/src/test/java/org/onap/aaf/auth/direct/test/JU_DirectAAFLocator.java12
-rw-r--r--auth/auth-cass/src/test/java/org/onap/aaf/auth/direct/test/JU_DirectLocatorCreator.java3
-rw-r--r--auth/auth-certman/pom.xml2
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java9
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java7
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java72
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java4
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java5
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java14
-rw-r--r--auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/validation/JU_CertmanValidator.java2
-rw-r--r--auth/auth-cmd/pom.xml2
-rw-r--r--auth/auth-core/pom.xml2
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/validation/Validator.java9
-rw-r--r--auth/auth-deforg/pom.xml2
-rw-r--r--auth/auth-fs/pom.xml2
-rw-r--r--auth/auth-gui/pom.xml2
-rw-r--r--auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtiChangeAction.java31
-rw-r--r--auth/auth-hello/pom.xml2
-rw-r--r--auth/auth-locate/pom.xml2
-rw-r--r--auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java2
-rw-r--r--auth/auth-oauth/pom.xml2
-rw-r--r--auth/auth-service/pom.xml2
-rw-r--r--auth/docker/Dockerfile.ms47
-rw-r--r--auth/docker/agent.sh2
-rw-r--r--auth/helm/aaf-hello/values.yaml2
-rw-r--r--auth/helm/aaf/Chart.yaml2
-rw-r--r--auth/helm/aaf/values.yaml10
-rw-r--r--auth/pom.xml2
-rw-r--r--auth/sample/logs/clean2
-rw-r--r--cadi/aaf/pom.xml2
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java2
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java31
-rw-r--r--cadi/client/pom.xml2
-rw-r--r--cadi/core/pom.xml2
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java7
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java8
-rw-r--r--cadi/oauth-enduser/pom.xml2
-rw-r--r--cadi/pom.xml2
-rw-r--r--cadi/servlet-sample/pom.xml2
-rw-r--r--misc/env/pom.xml2
-rw-r--r--misc/log4j/pom.xml2
-rw-r--r--misc/pom.xml2
-rw-r--r--misc/rosetta/pom.xml2
-rw-r--r--misc/xgen/pom.xml2
-rw-r--r--pom.xml2
-rw-r--r--version.properties4
53 files changed, 453 insertions, 133 deletions
diff --git a/auth-client/pom.xml b/auth-client/pom.xml
index d1fbc4db..bbcffbb4 100644
--- a/auth-client/pom.xml
+++ b/auth-client/pom.xml
@@ -25,7 +25,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
</parent>
<artifactId>aaf-auth-client</artifactId>
diff --git a/auth/auth-batch/pom.xml b/auth/auth-batch/pom.xml
index 09ce6182..304a23f7 100644
--- a/auth/auth-batch/pom.xml
+++ b/auth/auth-batch/pom.xml
@@ -25,7 +25,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java
new file mode 100644
index 00000000..7b6e09f5
--- /dev/null
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java
@@ -0,0 +1,183 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.auth.batch.reports;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.Date;
+import java.util.GregorianCalendar;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.TreeMap;
+import java.util.UUID;
+
+import org.onap.aaf.auth.batch.Batch;
+import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.org.OrganizationException;
+import org.onap.aaf.cadi.routing.GreatCircle;
+import org.onap.aaf.cadi.util.CSV;
+import org.onap.aaf.cadi.util.CSV.Visitor;
+import org.onap.aaf.cadi.util.CSV.Writer;
+import org.onap.aaf.misc.env.APIException;
+import org.onap.aaf.misc.env.Env;
+import org.onap.aaf.misc.env.TimeTaken;
+import org.onap.aaf.misc.env.util.Chrono;
+import org.onap.aaf.misc.env.util.Split;
+
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.SimpleStatement;
+import com.datastax.driver.core.Statement;
+
+
+public class ApprovedRpt extends Batch {
+
+ private static final String APPR_RPT = "ApprovedRpt";
+ private static final String CSV = ".csv";
+ private static final String INFO = "info";
+ private Date now;
+ private Writer approvedW;
+ private CSV historyR;
+ private static String yr_mon;
+
+ public ApprovedRpt(AuthzTrans trans) throws APIException, IOException, OrganizationException {
+ super(trans.env());
+ trans.info().log("Starting Connection Process");
+
+ TimeTaken tt0 = trans.start("Cassandra Initialization", Env.SUB);
+ try {
+// TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
+// try {
+// session = cluster.connect();
+// } finally {
+// tt.done();
+// }
+
+ now = new Date();
+ String sdate = Chrono.dateOnlyStamp(now);
+ File file = new File(logDir(),APPR_RPT + sdate +CSV);
+ CSV csv = new CSV(env.access(),file);
+ approvedW = csv.writer(false);
+
+ historyR = new CSV(env.access(),args()[1]).setDelimiter('|');
+
+ yr_mon = args()[0];
+ } finally {
+ tt0.done();
+ }
+ }
+
+ @Override
+ protected void run(AuthzTrans trans) {
+ try {
+ Map<String,Boolean> checked = new TreeMap<String, Boolean>();
+
+ final AuthzTrans transNoAvg = trans.env().newTransNoAvg();
+// ResultSet results;
+// Statement stmt = new SimpleStatement( "select dateof(id), approver, status, user, type, memo from authz.approved;" );
+// results = session.execute(stmt);
+// Iterator<Row> iter = results.iterator();
+// Row row;
+ /*
+ * while (iter.hasNext()) {
+ ++totalLoaded;
+ row = iter.next();
+ d = row.getTimestamp(0);
+ if(d.after(begin)) {
+ approvedW.row("aprvd",
+ Chrono.dateOnlyStamp(d),
+ row.getString(1),
+ row.getString(2),
+ row.getString(3),
+ row.getString(4),
+ row.getString(5)
+ );
+ }
+ }
+
+ */
+ int totalLoaded = 0;
+ Date d;
+ GregorianCalendar gc = new GregorianCalendar();
+ gc.add(GregorianCalendar.MONTH, -2);
+ Date begin = gc.getTime();
+ approvedW.comment("date, approver, status, user, role, memo");
+
+ historyR.visit(row -> {
+ String s = row.get(7);
+ if(s.equals(yr_mon)) {
+ String target = row.get(5);
+ if("user_role".equals(target)) {
+ String action = row.get(1);
+ switch(action) {
+ case "create":
+ write("created",row);
+ break;
+ case "update":
+ write("approved",row);
+ break;
+ case "delete":
+ write("denied",row);
+ break;
+ }
+ }
+ }
+ });
+
+ } catch (Exception e) {
+ trans.info().log(e);
+ }
+ }
+
+ private void write(String a_or_d, List<String> row) {
+ String[] target = Split.splitTrim('|', row.get(4));
+
+ if(target.length>1) {
+ UUID id = UUID.fromString(row.get(0));
+ Date date = Chrono.uuidToDate(id);
+ String status;
+ String memo;
+ String approver = row.get(6);
+ if("batch:JobChange".equals(approver)) {
+ status = "reduced";
+ memo = "existing role membership reduced to invoke reapproval";
+ } else {
+ status = a_or_d;
+ memo = row.get(2);
+ }
+ if(!approver.equals(target[0])) {
+ approvedW.row(
+ Chrono.niceDateStamp(date),
+ approver,
+ status,
+ target[0],
+ target[1],
+ memo
+ );
+ }
+ }
+
+
+ }
+
+}
diff --git a/auth/auth-cass/pom.xml b/auth/auth-cass/pom.xml
index 646dcbbb..4b9f9fee 100644
--- a/auth/auth-cass/pom.xml
+++ b/auth/auth-cass/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
index c59312c0..4ec70d4a 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
@@ -628,12 +628,7 @@ public class Function {
return Result.err(Status.ERR_DependencyExists, sb.toString());
}
- if (move && parent == null) {
- return Result
- .err(Status.ERR_DependencyExists,
- "Cannot move users, roles or permissions - parent is missing.\nDelete dependencies and try again");
- }
- else if (move && parent.type == NsType.COMPANY.type) {
+ if (move && (parent == null || parent.type == NsType.COMPANY.type)) {
return Result
.err(Status.ERR_DependencyExists,
"Cannot move users, roles or permissions to [%s].\nDelete dependencies and try again",
@@ -1040,7 +1035,7 @@ public class Function {
// Attached to any Roles?
if (fullperm.roles != null) {
- if (force) {
+ if (force || fullperm.roles.contains(user+":user")) {
for (String role : fullperm.roles) {
Result<Void> rv = null;
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, q, role);
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
index 22b14cb4..3b61da31 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
@@ -246,15 +246,29 @@ public class Question {
approvalDAO.close(trans);
}
- public Result<PermDAO.Data> permFrom(AuthzTrans trans, String type,
- String instance, String action) {
- Result<NsDAO.Data> rnd = deriveNs(trans, type);
- if (rnd.isOK()) {
- return Result.ok(new PermDAO.Data(new NsSplit(rnd.value, type),
- instance, action));
- } else {
- return Result.err(rnd);
- }
+ public Result<PermDAO.Data> permFrom(AuthzTrans trans, String type, String instance, String action) {
+ if(type.indexOf('@') >= 0) {
+ int colon = type.indexOf(':');
+ if(colon>=0) {
+ PermDAO.Data pdd = new PermDAO.Data();
+ pdd.ns = type.substring(0, colon);
+ pdd.type = type.substring(colon+1);
+ pdd.instance = instance;
+ pdd.action = action;
+
+ return Result.ok(pdd);
+ } else {
+ return Result.err(Result.ERR_BadData,"Could not extract ns and type from " + type);
+ }
+ } else {
+ Result<NsDAO.Data> rnd = deriveNs(trans, type);
+ if (rnd.isOK()) {
+ return Result.ok(new PermDAO.Data(new NsSplit(rnd.value, type),
+ instance, action));
+ } else {
+ return Result.err(rnd);
+ }
+ }
}
/**
@@ -317,12 +331,21 @@ public class Question {
return Result.ok(rlpUser);
}
- public Result<List<PermDAO.Data>> getPermsByType(AuthzTrans trans, String perm) {
- Result<NsSplit> nss = deriveNsSplit(trans, perm);
- if (nss.notOK()) {
- return Result.err(nss);
- }
- return permDAO.readByType(trans, nss.value.ns, nss.value.name);
+ public Result<List<PermDAO.Data>> getPermsByType(AuthzTrans trans, String type) {
+ if(type.indexOf('@') >= 0) {
+ int colon = type.indexOf(':');
+ if(colon>=0) {
+ return permDAO.readByType(trans, type.substring(0, colon),type.substring(colon+1));
+ } else {
+ return Result.err(Result.ERR_BadData, "%s is malformed",type);
+ }
+ } else {
+ Result<NsSplit> nss = deriveNsSplit(trans, type);
+ if (nss.notOK()) {
+ return Result.err(nss);
+ }
+ return permDAO.readByType(trans, nss.value.ns, nss.value.name);
+ }
}
public Result<List<PermDAO.Data>> getPermsByName(AuthzTrans trans, String type, String instance, String action) {
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java
index 2f1d150c..27d5df74 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java
@@ -77,7 +77,7 @@ public class DirectAAFLocator extends AbsAAFLocator<AuthzTrans> {
if(name.indexOf('.')>=0) {
aaf_url = "https://"+Config.AAF_LOCATE_URL_TAG+'/'+name+':'+version;
} else {
- aaf_url = "https://"+Config.AAF_LOCATE_URL_TAG+"/%NS."+name+':'+version;
+ aaf_url = "https://"+Config.AAF_LOCATE_URL_TAG+"/%CNS.%NS."+name+':'+version;
}
RegistrationPropHolder rph = new RegistrationPropHolder(access,0);
aaf_url = rph.replacements(getClass().getSimpleName(),aaf_url, null,null);
diff --git a/auth/auth-cass/src/test/java/org/onap/aaf/auth/direct/test/JU_DirectAAFLocator.java b/auth/auth-cass/src/test/java/org/onap/aaf/auth/direct/test/JU_DirectAAFLocator.java
index 01d4b9a2..f6d2a593 100644
--- a/auth/auth-cass/src/test/java/org/onap/aaf/auth/direct/test/JU_DirectAAFLocator.java
+++ b/auth/auth-cass/src/test/java/org/onap/aaf/auth/direct/test/JU_DirectAAFLocator.java
@@ -103,7 +103,8 @@ public class JU_DirectAAFLocator {
Mockito.doReturn(access).when(env).access();
Mockito.doReturn("20").when(access).getProperty(Config.CADI_LATITUDE,null);
Mockito.doReturn("20").when(access).getProperty(Config.CADI_LONGITUDE,null);
- Mockito.doReturn("20").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+ Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+ Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER_NS,"");
Mockito.doReturn("20").when(access).getProperty(Config.AAF_LOCATOR_APP_NS,"AAF_NS");
try {
DirectAAFLocator aafLocatorObj=new DirectAAFLocator(env, ldao,"test",null);
@@ -118,7 +119,8 @@ public class JU_DirectAAFLocator {
Mockito.doReturn(access).when(env).access();
Mockito.doReturn("20").when(access).getProperty(Config.CADI_LATITUDE,null);
Mockito.doReturn("20").when(access).getProperty(Config.CADI_LONGITUDE,null);
- Mockito.doReturn("20").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+ Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+ Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER_NS,"");
Mockito.doReturn("20 30").when(access).getProperty(Config.AAF_URL,null);
try {
DirectAAFLocator aafLocatorObj=new DirectAAFLocator(env, ldao,"test","192.0.0.1");
@@ -138,7 +140,8 @@ public class JU_DirectAAFLocator {
Mockito.doReturn(trans).when(env).newTransNoAvg();
Mockito.doReturn("20").when(access).getProperty(Config.CADI_LATITUDE,null);
Mockito.doReturn("20").when(access).getProperty(Config.CADI_LONGITUDE,null);
- Mockito.doReturn("20").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+ Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+ Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER_NS,"");
Mockito.doReturn("http://aafurl.com").when(access).getProperty(Config.AAF_URL,null);
try {
aafLocatorObj = new DirectAAFLocator(env, ldao,"test","30.20.30.30");
@@ -171,7 +174,8 @@ public class JU_DirectAAFLocator {
Mockito.doReturn(trans).when(env).newTransNoAvg();
Mockito.doReturn("20").when(access).getProperty(Config.CADI_LATITUDE,null);
Mockito.doReturn("20").when(access).getProperty(Config.CADI_LONGITUDE,null);
- Mockito.doReturn("20").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+ Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+ Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER_NS,"");
Mockito.doReturn("http://aafurl.com").when(access).getProperty(Config.AAF_URL,null);
try {
aafLocatorObj = new DirectAAFLocator(env, ldao,"test","30.20.30.30");
diff --git a/auth/auth-cass/src/test/java/org/onap/aaf/auth/direct/test/JU_DirectLocatorCreator.java b/auth/auth-cass/src/test/java/org/onap/aaf/auth/direct/test/JU_DirectLocatorCreator.java
index c2b8597b..0eb75fcb 100644
--- a/auth/auth-cass/src/test/java/org/onap/aaf/auth/direct/test/JU_DirectLocatorCreator.java
+++ b/auth/auth-cass/src/test/java/org/onap/aaf/auth/direct/test/JU_DirectLocatorCreator.java
@@ -57,7 +57,8 @@ public class JU_DirectLocatorCreator {
Mockito.doReturn(access).when(env).access();
Mockito.doReturn("20").when(access).getProperty(Config.CADI_LATITUDE,null);
Mockito.doReturn("20").when(access).getProperty(Config.CADI_LONGITUDE,null);
- Mockito.doReturn("20").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+ Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+ Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER_NS,"");
Mockito.doReturn("http://aafurl.com").when(access).getProperty(Config.AAF_URL,null);
DirectLocatorCreator directLocObj = new DirectLocatorCreator(env, locateDAO);
try {
diff --git a/auth/auth-certman/pom.xml b/auth/auth-certman/pom.xml
index 8237b027..82d127ce 100644
--- a/auth/auth-certman/pom.xml
+++ b/auth/auth-certman/pom.xml
@@ -20,7 +20,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java
index 7dea9f07..aa5c1daf 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java
@@ -40,6 +40,7 @@ import org.onap.aaf.auth.cm.facade.FacadeFactory;
import org.onap.aaf.auth.cm.mapper.Mapper.API;
import org.onap.aaf.auth.cm.service.CMService;
import org.onap.aaf.auth.cm.service.Code;
+import org.onap.aaf.auth.cm.validation.CertmanValidator;
import org.onap.aaf.auth.dao.CassAccess;
import org.onap.aaf.auth.dao.cass.LocateDAO;
import org.onap.aaf.auth.direct.DirectLocatorCreator;
@@ -72,6 +73,7 @@ import com.datastax.driver.core.Cluster;
public class AAF_CM extends AbsService<AuthzEnv, AuthzTrans> {
private static final String USER_PERMS = "userPerms";
+ private static final String CM_ALLOW_TMP = "cm_allow_tmp";
private static final Map<String,CA> certAuths = new TreeMap<>();
public static Facade1_0 facade1_0; // this is the default Facade
public static Facade1_0 facade1_0_XML; // this is the XML Facade
@@ -106,6 +108,13 @@ public class AAF_CM extends AbsService<AuthzEnv, AuthzTrans> {
if (aafEnv==null) {
throw new APIException("aaf_env needs to be set");
}
+
+ // Check for allowing /tmp in Properties
+ String allowTmp = env.getProperty(CM_ALLOW_TMP);
+ if("true".equalsIgnoreCase(allowTmp)) {
+ CertmanValidator.allowTmp();
+ }
+
// Initialize Facade for all uses
AuthzTrans trans = env.newTrans();
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java
index 10da10d9..26b4e2aa 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java
@@ -73,10 +73,11 @@ public abstract class CA {
this.env = env;
this.env_tag = env==null || env.isEmpty()?false:
Boolean.parseBoolean(access.getProperty(CM_CA_ENV_TAG, Boolean.FALSE.toString()));
- permNS = CM_CA_PREFIX + name;
- permType = access.getProperty(permNS + ".perm_type",null);
+ permNS=null;
+ String prefix = CM_CA_PREFIX + name;
+ permType = access.getProperty(prefix + ".perm_type",null);
if (permType==null) {
- throw new CertException(permNS + ".perm_type" + MUST_EXIST_TO_CREATE_CSRS_FOR + caName);
+ throw new CertException(prefix + ".perm_type" + MUST_EXIST_TO_CREATE_CSRS_FOR + caName);
}
caIssuerDNs = Split.splitTrim(':', access.getProperty(Config.CADI_X509_ISSUERS, null));
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java
index 663cee82..22243ae4 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java
@@ -24,6 +24,7 @@ package org.onap.aaf.auth.cm.mapper;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
+import java.util.Set;
import org.onap.aaf.auth.cm.data.CertDrop;
import org.onap.aaf.auth.cm.data.CertRenew;
@@ -219,31 +220,31 @@ public class Mapper1_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> {
List<ArtiDAO.Data> ladd = new ArrayList<>();
for (Artifact arti : artifacts.getArtifact()) {
ArtiDAO.Data data = new ArtiDAO.Data();
- data.mechid = arti.getMechid();
- data.machine = arti.getMachine();
- data.type(true).addAll(arti.getType());
- data.ca = arti.getCa();
- data.dir = arti.getDir();
- data.os_user = arti.getOsUser();
+ data.mechid = trim(arti.getMechid());
+ data.machine = trim(arti.getMachine());
+ if(arti.getType()!=null) {
+ Set<String> ss = data.type(true);
+ for(String t : arti.getType()) {
+ ss.add(trim(t));
+ }
+ }
+ data.ca = trim(arti.getCa());
+ data.dir = trim(arti.getDir());
+ data.os_user = trim(arti.getOsUser());
// Optional (on way in)
- data.ns = arti.getNs();
+ data.ns = trim(arti.getNs());
data.renewDays = arti.getRenewDays();
- data.notify = arti.getNotification();
+ data.notify = trim(arti.getNotification());
// Ignored on way in for create/update
- data.sponsor = arti.getSponsor();
- data.expires = null;
-
- // Derive Optional Data from Machine (Domain) if exists
- if (data.machine!=null) {
- if (data.ca==null && data.machine.endsWith(".att.com")) {
- data.ca = "aaf"; // default
- }
- if (data.ns==null ) {
- data.ns=FQI.reverseDomain(data.machine);
- }
+ data.sponsor = (arti.getSponsor());
+ if(arti.getSans()!=null) {
+ Set<String> ls = data.sans(true);
+ for(String t : arti.getSans()) {
+ ls.add(trim(t));
+ }
}
- data.sans(true).addAll(arti.getSans());
+ data.expires = null;
ladd.add(data);
}
return ladd;
@@ -258,17 +259,21 @@ public class Mapper1_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> {
Artifacts artis = new Artifacts();
for (ArtiDAO.Data arti : lArtiDAO.value) {
Artifact a = new Artifact();
- a.setMechid(arti.mechid);
- a.setMachine(arti.machine);
- a.setSponsor(arti.sponsor);
- a.setNs(arti.ns);
- a.setCa(arti.ca);
- a.setDir(arti.dir);
- a.getType().addAll(arti.type(false));
- a.setOsUser(arti.os_user);
+ a.setMechid(trim(arti.mechid));
+ a.setMachine(trim(arti.machine));
+ a.setSponsor(trim(arti.sponsor));
+ a.setNs(trim(arti.ns));
+ a.setCa(trim(arti.ca));
+ a.setDir(trim(arti.dir));
+ for(String t : arti.type(false)) {
+ a.getType().add(trim(t));
+ }
+ a.setOsUser(trim(arti.os_user));
a.setRenewDays(arti.renewDays);
- a.setNotification(arti.notify);
- a.getSans().addAll(arti.sans(false));
+ a.setNotification(trim(arti.notify));
+ for(String t : arti.sans(false)) {
+ a.getSans().add(trim(t));
+ }
artis.getArtifact().add(a);
}
return Result.ok(artis);
@@ -279,4 +284,11 @@ public class Mapper1_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> {
+ private String trim(String s) {
+ if(s==null) {
+ return s;
+ } else {
+ return s.trim();
+ }
+ }
} \ No newline at end of file
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java
index 2b9204c9..53388f67 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java
@@ -210,8 +210,8 @@ public class Mapper2_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> {
ArtiDAO.Data data = new ArtiDAO.Data();
data.mechid = trim(arti.getMechid());
data.machine = trim(arti.getMachine());
- Set<String> ss = data.type(true);
if(arti.getType()!=null) {
+ Set<String> ss = data.type(true);
for(String t : arti.getType()) {
ss.add(t.trim());
}
@@ -228,8 +228,8 @@ public class Mapper2_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> {
// Ignored on way in for create/update
data.sponsor = trim(arti.getSponsor());
data.expires = null;
- ss = data.sans(true);
if(arti.getSans()!=null) {
+ Set<String> ss = data.sans(true);
for(String s : arti.getSans()) {
ss.add(s.trim());
}
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
index 893a6b17..6ebcadac 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
@@ -290,7 +290,7 @@ public class CMService {
trans.error().log("CMService var primary is null");
} else {
String fg = fqdns.get(i);
- if (fg!=null && fg.equals(primary.getHostName())) {
+ if (fg!=null && primary!=null && fg.equals(primary.getHostName())) {
if (i != 0) {
String tmp = fqdns.get(0);
fqdns.set(0, primary.getHostName());
@@ -301,7 +301,7 @@ public class CMService {
}
}
} catch (Exception e) {
- trans.debug().log(e);
+ trans.error().log(e);
return Result.err(Status.ERR_Denied,
"AppID Sponsorship cannot be determined at this time. Try later.");
}
@@ -474,7 +474,6 @@ public class CMService {
// Policy 6: Only do Domain by Exception
if (add.machine.startsWith("*")) { // Domain set
CA ca = certManager.getCA(add.ca);
-
if (!trans.fish(new AAFPermission(ca.getPermNS(),ca.getPermType(), add.ca, DOMAIN))) {
return Result.err(Result.ERR_Denied, "Domain Artifacts (%s) requires specific Permission",
add.machine);
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java
index f85eb44e..5835b31f 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java
@@ -22,6 +22,7 @@
package org.onap.aaf.auth.cm.validation;
import java.util.List;
+import java.util.regex.Pattern;
import org.onap.aaf.auth.dao.cass.ArtiDAO;
import org.onap.aaf.auth.dao.cass.ArtiDAO.Data;
@@ -47,7 +48,13 @@ public class CertmanValidator extends Validator{
private static final String MUST_HAVE_AT_LEAST = " must have at least ";
private static final String IS_NULL = " is null.";
private static final String ARTIFACTS_MUST_HAVE_AT_LEAST = "Artifacts must have at least ";
-
+ private static final Pattern ALPHA_NUM = Pattern.compile("[a-zA-Z0-9]*");
+
+ private static boolean disallowTmp = true;
+ public static void allowTmp() {
+ disallowTmp=false;
+ }
+
public CertmanValidator nullBlankMin(String name, List<String> list, int min) {
if (list==null) {
msg(name + IS_NULL);
@@ -72,7 +79,7 @@ public class CertmanValidator extends Validator{
} else {
for (ArtiDAO.Data a : list) {
allRequired(a);
- if(a.dir!=null && a.dir.startsWith("/tmp")) {
+ if(disallowTmp && a.dir!=null && a.dir.startsWith("/tmp")) {
msg("Certificates may not be deployed into /tmp directory (they will be removed at a random time by O/S)");
}
}
@@ -99,7 +106,8 @@ public class CertmanValidator extends Validator{
nullOrBlank(MACHINE, a.machine);
nullOrBlank("ca",a.ca);
nullOrBlank("dir",a.dir);
- nullOrBlank("os_user",a.os_user);
+ match("NS must be dot separated AlphaNumeric",a.ns,NAME_CHARS);
+ match("O/S User must be AlphaNumeric",a.os_user,ALPHA_NUM);
// Note: AppName, Notify & Sponsor are currently not required
}
return this;
diff --git a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/validation/JU_CertmanValidator.java b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/validation/JU_CertmanValidator.java
index 4aa3d6d3..6d090398 100644
--- a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/validation/JU_CertmanValidator.java
+++ b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/validation/JU_CertmanValidator.java
@@ -80,7 +80,7 @@ public class JU_CertmanValidator {
public void artisRequired_shouldReportErrorWhenArtifactDoesNotHaveAllRequiredFields() {
certmanValidator.artisRequired(newArrayList(newArtifactData("id", "", "ca", "dir", "user")), 1);
- assertEquals("machine is blank.\n", certmanValidator.errs());
+ assertEquals("machine is blank.\n" + "NS must be dot separated AlphaNumeric\n", certmanValidator.errs());
}
@Test
diff --git a/auth/auth-cmd/pom.xml b/auth/auth-cmd/pom.xml
index a564b59a..6c6505fc 100644
--- a/auth/auth-cmd/pom.xml
+++ b/auth/auth-cmd/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-core/pom.xml b/auth/auth-core/pom.xml
index 13952e4c..a7ae68c6 100644
--- a/auth/auth-core/pom.xml
+++ b/auth/auth-core/pom.xml
@@ -25,7 +25,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/validation/Validator.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/validation/Validator.java
index 98c09076..6d519c64 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/validation/Validator.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/validation/Validator.java
@@ -86,8 +86,15 @@ public class Validator {
}
protected final boolean noMatch(String str, Pattern p) {
- return !p.matcher(str).matches();
+ return str==null || !p.matcher(str).matches();
}
+
+ protected final void match(String text, String str, Pattern p) {
+ if(str==null || !p.matcher(str).matches()) {
+ msg(text);
+ }
+ }
+
protected final boolean nob(String str, Pattern p) {
return str==null || !p.matcher(str).matches();
}
diff --git a/auth/auth-deforg/pom.xml b/auth/auth-deforg/pom.xml
index a72a38a5..a4bf5e7b 100644
--- a/auth/auth-deforg/pom.xml
+++ b/auth/auth-deforg/pom.xml
@@ -26,7 +26,7 @@
<artifactId>authparent</artifactId>
<relativePath>../pom.xml</relativePath>
<groupId>org.onap.aaf.authz</groupId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
</parent>
<artifactId>aaf-auth-deforg</artifactId>
diff --git a/auth/auth-fs/pom.xml b/auth/auth-fs/pom.xml
index f5985e20..fc86d4a9 100644
--- a/auth/auth-fs/pom.xml
+++ b/auth/auth-fs/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-gui/pom.xml b/auth/auth-gui/pom.xml
index 884aff86..8dc9551a 100644
--- a/auth/auth-gui/pom.xml
+++ b/auth/auth-gui/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtiChangeAction.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtiChangeAction.java
index 1e06b109..f67f6d5c 100644
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtiChangeAction.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtiChangeAction.java
@@ -37,12 +37,13 @@ import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.cadi.client.Retryable;
import org.onap.aaf.cadi.util.Vars;
import org.onap.aaf.misc.env.APIException;
-import org.onap.aaf.misc.env.Slot;
import org.onap.aaf.misc.env.Data.TYPE;
+import org.onap.aaf.misc.env.Slot;
import org.onap.aaf.misc.env.util.IPValidator;
import org.onap.aaf.misc.env.util.Split;
import org.onap.aaf.misc.xgen.Cache;
import org.onap.aaf.misc.xgen.DynamicCode;
+import org.onap.aaf.misc.xgen.Mark;
import org.onap.aaf.misc.xgen.html.HTMLGen;
import aaf.v2_0.Error;
@@ -72,7 +73,7 @@ public class CMArtiChangeAction extends Page {
cache.dynamic(hgen, new DynamicCode<HTMLGen,AAF_GUI, AuthzTrans>() {
@Override
public void code(final AAF_GUI gui, final AuthzTrans trans,final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
-trans.info().log("Step 1");
+ trans.info().log("Step 1");
final Artifact arti = new Artifact();
final String machine = trans.get(sMachine,null);
final String ca = trans.get(sCA, null);
@@ -105,13 +106,6 @@ trans.info().log("Step 1");
}
}
- // Disallow Domain based Definitions without exception
- if (machine.startsWith("*")) { // Domain set
- if (!trans.fish(getPerm(ca, "domain"))) {
- hgen.p("Policy Failure: Domain Artifact Declarations are only allowed by Exception.");
- return;
- }
- }
}
arti.setMechid((String)trans.get(sID,null));
@@ -193,9 +187,24 @@ trans.info().log("Step 1");
if (f==null) {
hgen.p("Unknown Command");
} else {
- if (f.body().contains("%")) {
+ if (f.code() > 201) {
Error err = gui.getDF(Error.class).newData().in(TYPE.JSON).load(f.body()).asObject();
- hgen.p(Vars.convert(err.getText(),err.getVariables()));
+ if(f.body().contains("%") ) {
+ hgen.p(Vars.convert(err.getText(),err.getVariables()));
+ } else {
+ int colon = err.getText().indexOf(':');
+ if(colon>0) {
+ hgen.p(err.getMessageId() + ": " + err.getText().substring(0, colon));
+ Mark bq = new Mark();
+ hgen.incr(bq,"blockquote");
+ for(String em : Split.splitTrim('\n', err.getText().substring(colon+1))) {
+ hgen.p(em);
+ }
+ hgen.end(bq);
+ } else {
+ hgen.p(err.getMessageId() + ": " + err.getText());
+ }
+ }
} else {
hgen.p(arti.getMechid() + " on " + arti.getMachine() + ": " + f.body());
}
diff --git a/auth/auth-hello/pom.xml b/auth/auth-hello/pom.xml
index 25b836cd..665d724f 100644
--- a/auth/auth-hello/pom.xml
+++ b/auth/auth-hello/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-locate/pom.xml b/auth/auth-locate/pom.xml
index 6a855877..8ca9c892 100644
--- a/auth/auth-locate/pom.xml
+++ b/auth/auth-locate/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java
index 5ebabed7..ebbeae6b 100644
--- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java
+++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java
@@ -182,7 +182,7 @@ public class AAF_Locate extends AbsService<AuthzEnv, AuthzTrans> {
protected AAFConHttp _newAAFConHttp() throws CadiException {
try {
if (dal==null) {
- dal = AbsAAFLocator.create("%AAF_NS.service",Config.AAF_DEFAULT_API_VERSION);
+ dal = AbsAAFLocator.create("%CNS.%NS.service",Config.AAF_DEFAULT_API_VERSION);
}
// utilize pre-constructed DirectAAFLocator
return new AAFConHttp(env.access(),dal);
diff --git a/auth/auth-oauth/pom.xml b/auth/auth-oauth/pom.xml
index 2c7cc758..ec4c5bec 100644
--- a/auth/auth-oauth/pom.xml
+++ b/auth/auth-oauth/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-service/pom.xml b/auth/auth-service/pom.xml
index ff334874..72713dd3 100644
--- a/auth/auth-service/pom.xml
+++ b/auth/auth-service/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/docker/Dockerfile.ms b/auth/docker/Dockerfile.ms
new file mode 100644
index 00000000..351c3798
--- /dev/null
+++ b/auth/docker/Dockerfile.ms
@@ -0,0 +1,47 @@
+#########
+# ============LICENSE_START====================================================
+# org.onap.aaf
+# ===========================================================================
+# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
+# ===========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END====================================================
+#
+FROM ${DOCKER_REPOSITORY}/onap/aaf/aaf_core:${AAF_VERSION}
+MAINTAINER AAF Team, AT&T 2018
+ENV VERSION=${AAF_VERSION}
+
+LABEL description="aaf_${AAF_COMPONENT}"
+LABEL version=${AAF_VERSION}
+
+COPY bin/pod_wait.sh /opt/app/aaf/bin/
+RUN mkdir -p /opt/app/osaaf &&\
+ mkdir -p /opt/app/aaf/status &&\
+ chmod 755 /opt/app/aaf/bin/* &&\
+ if [ -n "${DUSER}" ]; then chown ${DUSER}:${DUSER} /opt/app/aaf/status \
+ && chown ${DUSER}:${DUSER} /opt/app/osaaf \
+ && chown -R ${DUSER}:${DUSER} /opt/app/aaf; fi
+
+#CMD ["bash","-c","cd /opt/app/aaf;bin/${AAF_COMPONENT}"]
+CMD []
+
+# For Debugging installation
+# CMD ["/bin/bash","-c","pwd;cd /opt/app/osaaf;find /opt/app/osaaf -depth;df -k; cat /opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT};cat /etc/hosts;/opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT}"]
+# Java Debugging VM Args
+# "-Xdebug",\
+# "-Xnoagent",\
+# "-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8000",\
+
+# TLS Debugging VM Args
+# "-Djavax.net.debug","ssl", \
+
diff --git a/auth/docker/agent.sh b/auth/docker/agent.sh
index 0538b70d..b0ae3fd0 100644
--- a/auth/docker/agent.sh
+++ b/auth/docker/agent.sh
@@ -28,7 +28,7 @@ fi
. ./aaf.props
DOCKER=${DOCKER:=docker}
-CADI_VERSION=${CADI_VERSION:=2.1.14-SNAPSHOT}
+CADI_VERSION=${CADI_VERSION:=2.1.15-SNAPSHOT}
for V in VERSION DOCKER_REPOSITORY HOSTNAME CONTAINER_NS AAF_FQDN AAF_FQDN_IP DEPLOY_FQI APP_FQDN APP_FQI VOLUME DRIVER LATITUDE LONGITUDE; do
if [ "$(grep $V ./aaf.props)" = "" ]; then
diff --git a/auth/helm/aaf-hello/values.yaml b/auth/helm/aaf-hello/values.yaml
index 3a0a377c..cc8765f5 100644
--- a/auth/helm/aaf-hello/values.yaml
+++ b/auth/helm/aaf-hello/values.yaml
@@ -54,7 +54,7 @@ image:
# When using Docker Repo, add, and include trailing "/"
# repository: nexus3.onap.org:10003/
# repository: localhost:5000/
- version: 2.1.14-SNAPSHOT
+ version: 2.1.15-SNAPSHOT
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
diff --git a/auth/helm/aaf/Chart.yaml b/auth/helm/aaf/Chart.yaml
index d0a1d286..3f370a55 100644
--- a/auth/helm/aaf/Chart.yaml
+++ b/auth/helm/aaf/Chart.yaml
@@ -22,4 +22,4 @@ apiVersion: v1
appVersion: "1.0"
description: AAF Helm Chart
name: aaf
-version: 2.1.14-SNAPSHOT
+version: 2.1.15-SNAPSHOT
diff --git a/auth/helm/aaf/values.yaml b/auth/helm/aaf/values.yaml
index fae26290..324cbc64 100644
--- a/auth/helm/aaf/values.yaml
+++ b/auth/helm/aaf/values.yaml
@@ -31,11 +31,11 @@ services:
aaf_env: "DEV"
public_fqdn: "aaf.osaaf.org"
# DUBLIN ONLY - for M4 compatibility with Casablanca
- aaf_locator_name: "public.%NS.%N"
- aaf_locator_name_helm: "%NS.%N"
+# aaf_locator_name: "public.%NS.%N"
+# aaf_locator_name_helm: "%NS.%N"
# EL ALTO and Beyond
-# aaf_locator_name: "%NS.%N"
-# aaf_locator_name_helm: "%CNS.%NS.%N"
+ aaf_locator_name: "%NS.%N"
+ aaf_locator_name_helm: "%CNS.%NS.%N"
cadi_latitude: "38.0"
cadi_longitude: "-72.0"
cass:
@@ -114,7 +114,7 @@ image:
# When using Docker Repo, add, and include trailing "/"
# repository: nexus3.onap.org:10003/
# repository: localhost:5000/
- version: 2.1.14-SNAPSHOT
+ version: 2.1.15-SNAPSHOT
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
diff --git a/auth/pom.xml b/auth/pom.xml
index 7951a641..071c1841 100644
--- a/auth/pom.xml
+++ b/auth/pom.xml
@@ -26,7 +26,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
</parent>
<artifactId>authparent</artifactId>
<name>AAF Auth Parent</name>
diff --git a/auth/sample/logs/clean b/auth/sample/logs/clean
index 7d5152b9..7fa18ef8 100644
--- a/auth/sample/logs/clean
+++ b/auth/sample/logs/clean
@@ -1,7 +1,7 @@
cd /opt/app/osaaf/logs
for D in `find . -type d`; do
if [ "$D" != "./" ]; then
- rm -f $D/*.log
+ rm -f $D/*.log.*
fi
done
diff --git a/cadi/aaf/pom.xml b/cadi/aaf/pom.xml
index ea8bb1ee..b5767b26 100644
--- a/cadi/aaf/pom.xml
+++ b/cadi/aaf/pom.xml
@@ -24,7 +24,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java
index f02c17f8..efcaa7ef 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java
@@ -76,7 +76,7 @@ public class TestConnectivity {
List<SecuritySetter<HttpURLConnection>> lss = loadSetters(access,si);
/////////
String directAAFURL = aaf_urls.get(Config.AAF_URL);
- if(directAAFURL!=null && !directAAFURL.contains("/locate/") || !directAAFURL.contains("AAF_LOCATE_URL")) {
+ if(directAAFURL!=null && !(directAAFURL.contains("/locate/") || directAAFURL.contains("AAF_LOCATE_URL"))) {
print(true,"Test Connections by non-located aaf_url");
Locator<URI> locator = new SingleEndpointLocator(directAAFURL);
connectTest(locator,new URI(directAAFURL));
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
index aa9bf138..fda591e3 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
@@ -52,6 +52,7 @@ import org.onap.aaf.cadi.CmdLine;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.Symm;
+import org.onap.aaf.cadi.aaf.TestConnectivity;
import org.onap.aaf.cadi.aaf.client.ErrMessage;
import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
@@ -137,6 +138,13 @@ public class Agent {
System.out.println(HASHES);
}
CmdLine.main(newArgs);
+ } else if(args.length>0 && "connectivity".equals(args[0])) {
+ String[] newArgs = new String[args.length-1];
+ System.arraycopy(args, 1, newArgs, 0, newArgs.length);
+ if(newArgs.length>0 && newArgs[0].indexOf('@')>=0) {
+ newArgs[0]=FQI.reverseDomain(newArgs[0])+".props";
+ }
+ TestConnectivity.main(newArgs);
} else {
try {
AAFSSO aafsso=null;
@@ -235,17 +243,18 @@ public class Agent {
}
// NOTE: CHANGE IN CMDS should be reflected in AAFSSO constructor, to get FQI->aaf-id or not
System.out.println("Usage: java -jar <cadi-aaf-*-full.jar> cmd [<tag=value>]*");
- System.out.println(" create <FQI> [<machine>]");
- System.out.println(" read <FQI> [<machine>]");
- System.out.println(" update <FQI> [<machine>]");
- System.out.println(" delete <FQI> [<machine>]");
- System.out.println(" copy <FQI> <machine> <newmachine>[,<newmachine>]*");
- System.out.println(" place <FQI> [<machine>]");
- System.out.println(" showpass <FQI> [<machine>]");
- System.out.println(" check <FQI> [<machine>]");
- System.out.println(" keypairgen <FQI>");
- System.out.println(" config <FQI>");
- System.out.println(" validate <NS>.props>");
+ System.out.println(" create <FQI> [<machine>]");
+ System.out.println(" read <FQI> [<machine>]");
+ System.out.println(" update <FQI> [<machine>]");
+ System.out.println(" delete <FQI> [<machine>]");
+ System.out.println(" copy <FQI> <machine> <newmachine>[,<newmachine>]*");
+ System.out.println(" place <FQI> [<machine>]");
+ System.out.println(" showpass <FQI> [<machine>]");
+ System.out.println(" check <FQI> [<machine>]");
+ System.out.println(" keypairgen <FQI>");
+ System.out.println(" config <FQI>");
+ System.out.println(" validate <NS>.props>");
+ System.out.println(" connectivity <NS>.props>");
System.out.println(" --- Additional Tool Access ---");
System.out.println(" ** Type with no params for Tool Help");
System.out.println(" ** If using with Agent, preface with \"cadi\"");
diff --git a/cadi/client/pom.xml b/cadi/client/pom.xml
index b2ae7052..38bee291 100644
--- a/cadi/client/pom.xml
+++ b/cadi/client/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
diff --git a/cadi/core/pom.xml b/cadi/core/pom.xml
index 9f1d8aeb..337262da 100644
--- a/cadi/core/pom.xml
+++ b/cadi/core/pom.xml
@@ -16,7 +16,7 @@
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
<relativePath>..</relativePath>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java
index 994e3250..26aa98cb 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java
@@ -21,12 +21,14 @@
package org.onap.aaf.cadi;
+import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintStream;
import java.io.PrintWriter;
+import java.io.StringBufferInputStream;
import java.io.StringWriter;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
@@ -303,6 +305,11 @@ public class PropAccess implements Access {
if (o!=null) {
if(o.getClass().isArray()) {
first = write(first,sb,(Object[])o);
+ } else if(o instanceof Throwable) {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ PrintStream ps = new PrintStream(baos);
+ ((Throwable)o).printStackTrace(ps);
+ sb.append(baos.toString());
} else {
s=o.toString();
if (first) {
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
index 48f5e2d1..b53b54da 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
@@ -976,6 +976,7 @@ public class Config {
public static<T> void add(Access access, final String tag, List<Priori<T>> list) {
String plugins = access.getProperty(tag, null);
if(plugins!=null) {
+ access.log(Level.INIT, "Adding TAF Plugins: ", plugins);
for(String tafs : Split.splitTrim(';', plugins)) {
String[] pluginArray = Split.splitTrim(',', tafs);
String clssn = null;
@@ -1004,7 +1005,12 @@ public class Config {
try {
list.add(new Priori<T>(cnst.newInstance(access),priority));
} catch (InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
- access.printf(Level.ERROR, "%s cannot be constructed with Access.\n",clssn);
+ String hostname = access.getProperty(Config.HOSTNAME,null);
+ if(hostname==null) {
+ access.printf(Level.ERROR, "%s cannot be constructed on this machine. Set valid 'hostname' in your properties\n",clssn);
+ } else {
+ access.printf(Level.ERROR, "%s cannot be constructed on %s with Access.\n",clssn, hostname);
+ }
}
} catch (NoSuchMethodException | SecurityException e) {
access.printf(Level.ERROR, "%s needs a Constructor taking Access as sole param.\n",clssn);
diff --git a/cadi/oauth-enduser/pom.xml b/cadi/oauth-enduser/pom.xml
index f4253bd6..14d3f77e 100644
--- a/cadi/oauth-enduser/pom.xml
+++ b/cadi/oauth-enduser/pom.xml
@@ -25,7 +25,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
diff --git a/cadi/pom.xml b/cadi/pom.xml
index 87d1ca75..fa1dd0f1 100644
--- a/cadi/pom.xml
+++ b/cadi/pom.xml
@@ -24,7 +24,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
</parent>
<artifactId>cadiparent</artifactId>
<name>AAF CADI Parent (Code, Access, Data, Identity)</name>
diff --git a/cadi/servlet-sample/pom.xml b/cadi/servlet-sample/pom.xml
index f46d197f..1533ad91 100644
--- a/cadi/servlet-sample/pom.xml
+++ b/cadi/servlet-sample/pom.xml
@@ -4,7 +4,7 @@
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
<relativePath>..</relativePath>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<name>CADI Servlet Sample (Test Only)</name>
diff --git a/misc/env/pom.xml b/misc/env/pom.xml
index 1192b78c..a0c6e4b7 100644
--- a/misc/env/pom.xml
+++ b/misc/env/pom.xml
@@ -24,7 +24,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>miscparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
diff --git a/misc/log4j/pom.xml b/misc/log4j/pom.xml
index d0129977..214805c8 100644
--- a/misc/log4j/pom.xml
+++ b/misc/log4j/pom.xml
@@ -24,7 +24,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>miscparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
diff --git a/misc/pom.xml b/misc/pom.xml
index 198f3d29..47ec26cf 100644
--- a/misc/pom.xml
+++ b/misc/pom.xml
@@ -25,7 +25,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
</parent>
<artifactId>miscparent</artifactId>
<name>AAF Misc Parent</name>
diff --git a/misc/rosetta/pom.xml b/misc/rosetta/pom.xml
index 9a82cea2..53295ab1 100644
--- a/misc/rosetta/pom.xml
+++ b/misc/rosetta/pom.xml
@@ -24,7 +24,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>miscparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
diff --git a/misc/xgen/pom.xml b/misc/xgen/pom.xml
index 7b1280f4..8a08d5ba 100644
--- a/misc/xgen/pom.xml
+++ b/misc/xgen/pom.xml
@@ -24,7 +24,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>miscparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
diff --git a/pom.xml b/pom.xml
index 753fc02c..ea732586 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<name>aaf-authz</name>
<packaging>pom</packaging>
diff --git a/version.properties b/version.properties
index d632abee..e341f3e4 100644
--- a/version.properties
+++ b/version.properties
@@ -24,10 +24,10 @@
# Note that these variables cannot be structured (e.g. : version.release or version.snapshot etc... )
# because they are used in Jenkins, whose plug-in doesn't support
-# This TAG <version>2.1.14-SNAPSHOT</version> is here to help remember to change this file. Keep it up to date with the following "real" entries:
+# This TAG <version>2.1.15-SNAPSHOT</version> is here to help remember to change this file. Keep it up to date with the following "real" entries:
major=2
minor=1
-patch=14
+patch=15
base_version=${major}.${minor}.${patch}