diff options
21 files changed, 1124 insertions, 13 deletions
diff --git a/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/JU_DirectOAuthTAF.java b/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/JU_DirectOAuthTAF.java new file mode 100644 index 00000000..ed80b10c --- /dev/null +++ b/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/JU_DirectOAuthTAF.java @@ -0,0 +1,127 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.auth.oauth; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.mockito.Mockito.when; +import static org.mockito.MockitoAnnotations.initMocks; + +import java.util.Map; +import java.util.Properties; +import java.util.TreeMap; + +import javax.servlet.http.HttpServletRequest; + +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mock; +import org.onap.aaf.auth.env.AuthzEnv; +import org.onap.aaf.auth.env.AuthzTrans; +import org.onap.aaf.auth.layer.Result; +import org.onap.aaf.auth.oauth.facade.DirectIntrospect; +import org.onap.aaf.auth.rserv.TransFilter; +import org.onap.aaf.cadi.CadiException; +import org.onap.aaf.cadi.PropAccess; +import org.onap.aaf.cadi.taf.TafResp; +import org.onap.aaf.misc.env.APIException; + +import aafoauth.v2_0.Introspect; + +public class JU_DirectOAuthTAF { + + @Mock + private AuthzEnv env; + + @Mock + private PropAccess access; + + private Properties props = new Properties(); + + @Mock + private HttpServletRequest req; + + private Map<String, String[]> parameterMap; + @Mock + private DirectIntrospect<Introspect> facade; + @Mock + private AuthzTrans trans; + @Mock + private Result<Introspect> ri; + + @Before + public void setup() { + initMocks(this); + parameterMap = new TreeMap<String, String[]>(); + + } + + @Test + public void testValidateWithoutSecret() throws APIException, CadiException { + parameterMap.put("client_id", new String[] { "Client1" }); + // parameterMap.put("client_secret", new String[] { "Secret1" }); + parameterMap.put("username", new String[] { "User1" }); + parameterMap.put("password", new String[] { "Pass1" }); + parameterMap.put("token", new String[] { "token1" }); + when(env.access()).thenReturn(access); + when(access.getProperties()).thenReturn(props); + when(req.getContentType()).thenReturn("application/x-www-form-urlencoded"); + when(req.getParameterMap()).thenReturn(parameterMap); + + DirectOAuthTAF oAuthTaf = new DirectOAuthTAF(env, null, null); + + TafResp validate = oAuthTaf.validate(null, req, null); + + assertNotNull(validate); + assertEquals(validate.getAccess(), access); + assertEquals(validate.desc(), "client_id and client_secret required"); + } + + @Test + public void testValidateWithSecret() throws APIException, CadiException { + parameterMap.put("client_id", new String[] { "Client1" }); + parameterMap.put("client_secret", new String[] { "Secret1" }); + parameterMap.put("username", new String[] { "User1" }); + parameterMap.put("password", new String[] { "Pass1" }); + parameterMap.put("token", new String[] { "token1" }); + + when(env.access()).thenReturn(access); + when(access.getProperties()).thenReturn(props); + when(req.getContentType()).thenReturn("application/x-www-form-urlencoded"); + when(req.getParameterMap()).thenReturn(parameterMap); + when(req.getAttribute(TransFilter.TRANS_TAG)).thenReturn(trans); + when(facade.mappedIntrospect(trans, "token1")).thenReturn(ri); + + DirectOAuthTAF oAuthTaf = new DirectOAuthTAF(env, null, facade); + + TafResp validate = oAuthTaf.validate(null, req, null); + + assertNotNull(validate); + assertEquals(validate.getAccess(), access); + assertEquals(validate.desc(), ri.errorString()); + + assertNull(oAuthTaf.revalidate(null, null)); + assertNotNull(oAuthTaf.directUserPass()); + } + +} diff --git a/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/JU_OACodeTest.java b/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/JU_OACodeTest.java new file mode 100644 index 00000000..9ae7a012 --- /dev/null +++ b/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/JU_OACodeTest.java @@ -0,0 +1,71 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.auth.oauth; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotSame; +import static org.junit.Assert.assertTrue; +import static org.mockito.MockitoAnnotations.initMocks; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mock; +import org.onap.aaf.auth.env.AuthzTrans; +import org.onap.aaf.auth.oauth.facade.OAFacade; + +import aafoauth.v2_0.Introspect; + +public class JU_OACodeTest { + + @Mock + private OAFacade<Introspect> facade; + + @Mock + private OAFacade<Introspect> facade1; + + @Before + public void setup() { + initMocks(this); + } + + @Test + public void testOACodeDefaultMethod() throws Exception { + OACode code = new OACode(facade, "Original Description", true, "role1") { + + @Override + public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { + // Blank implementation to test abstract OACode class. + } + }; + + OACode clone = code.clone(facade1, false); + + assertNotSame(code, clone); + + assertTrue(code.useJSON); + assertFalse(clone.useJSON); + + } +} diff --git a/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/JU_OAuth2FilterTest.java b/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/JU_OAuth2FilterTest.java new file mode 100644 index 00000000..56dc669d --- /dev/null +++ b/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/JU_OAuth2FilterTest.java @@ -0,0 +1,88 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ +package org.onap.aaf.auth.oauth; + +import static org.mockito.Mockito.only; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; +import static org.mockito.MockitoAnnotations.initMocks; + +import java.io.IOException; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; + +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mock; +import org.onap.aaf.cadi.principal.BearerPrincipal; + +public class JU_OAuth2FilterTest { + + @Mock + private HttpServletRequest request; + @Mock + private FilterChain chain; + @Mock + private BearerPrincipal principal; + + @Before + public void setup() { + initMocks(this); + } + + @Test + public void testDoFilterWithContentType() throws IOException, ServletException { + when(request.getContentType()).thenReturn("application/x-www-form-urlencoded"); + + OAuth2Filter filter = new OAuth2Filter(); + filter.doFilter(request, null, chain); + + verify(chain, only()).doFilter(request, null); + } + + @Test + public void testDoFilter() throws IOException, ServletException { + when(request.getContentType()).thenReturn("somethingElse"); + when(request.getUserPrincipal()).thenReturn(principal); + when(request.getHeader("Authorization")).thenReturn("Bearer 1;Bearer2"); + + OAuth2Filter filter = new OAuth2Filter(); + filter.init(null); + filter.destroy(); + filter.doFilter(request, null, chain); + + verify(chain, only()).doFilter(request, null); + verify(principal, only()).setBearer("1"); + } + + @Test + public void testDoFilterWithoutBearerPrincipal() throws IOException, ServletException { + when(request.getContentType()).thenReturn("somethingElse"); + when(request.getHeader("Authorization")).thenReturn("Bearer 1;Bearer2"); + + OAuth2Filter filter = new OAuth2Filter(); + filter.doFilter(request, null, chain); + + verify(chain, only()).doFilter(request, null); + } +} diff --git a/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/JU_OAuth2FormHttpTafRespTest.java b/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/JU_OAuth2FormHttpTafRespTest.java new file mode 100644 index 00000000..7a332fa3 --- /dev/null +++ b/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/JU_OAuth2FormHttpTafRespTest.java @@ -0,0 +1,64 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ +package org.onap.aaf.auth.oauth; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.mockito.Mockito.only; +import static org.mockito.Mockito.verify; +import static org.mockito.MockitoAnnotations.initMocks; + +import java.io.IOException; + +import javax.servlet.http.HttpServletResponse; + +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mock; +import org.onap.aaf.cadi.taf.TafResp.RESP; + +public class JU_OAuth2FormHttpTafRespTest { + + @Mock + private HttpServletResponse resp; + + @Before + public void setup() { + initMocks(this); + } + + @Test + public void testAuthenticated() throws IOException { + OAuth2FormHttpTafResp oAuth2 = new OAuth2FormHttpTafResp(null, null, null, null, resp); + + assertEquals(oAuth2.authenticate(), RESP.HTTP_REDIRECT_INVOKED); + + verify(resp, only()).setStatus(401); + } + + @Test + public void testIsAuthenticated() throws IOException { + OAuth2FormHttpTafResp oAuth2 = new OAuth2FormHttpTafResp(null, null, null, RESP.HAS_PROCESSED, null, false); + + assertEquals(oAuth2.isAuthenticated(), RESP.HAS_PROCESSED); + assertFalse(oAuth2.isFailedAttempt()); + } +} diff --git a/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/facade/JU_DirectOAFacadeImplTest.java b/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/facade/JU_DirectOAFacadeImplTest.java new file mode 100644 index 00000000..1393f291 --- /dev/null +++ b/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/facade/JU_DirectOAFacadeImplTest.java @@ -0,0 +1,36 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.auth.oauth.facade; + +import static org.junit.Assert.assertNotNull; + +import org.junit.Test; + +public class JU_DirectOAFacadeImplTest { + + @Test + public void test() { + DirectOAFacadeImpl oAFacade = new DirectOAFacadeImpl(); + assertNotNull(oAFacade); + } + +} diff --git a/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/facade/JU_OAFacadeFactory.java b/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/facade/JU_OAFacadeFactory.java new file mode 100644 index 00000000..bf9cbdd6 --- /dev/null +++ b/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/facade/JU_OAFacadeFactory.java @@ -0,0 +1,87 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ +package org.onap.aaf.auth.oauth.facade; + +import static org.junit.Assert.assertEquals; +import static org.mockito.Mockito.when; +import static org.mockito.MockitoAnnotations.initMocks; + +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mock; +import org.onap.aaf.auth.dao.cass.OAuthTokenDAO.Data; +import org.onap.aaf.auth.env.AuthzTrans; +import org.onap.aaf.auth.layer.Result; +import org.onap.aaf.auth.oauth.service.OAuthService; +import org.onap.aaf.misc.env.APIException; + +import aafoauth.v2_0.Introspect; + +public class JU_OAFacadeFactory { + + @Mock + private OAuthService service; + + private String token; + + private AuthzTrans trans; + @Mock + private Result<Data> rs; + + @Before + public void setUp() throws Exception { + initMocks(this); + } + + @Test + public void testStatusNotOk() throws APIException { + when(service.introspect(trans, token)).thenReturn(rs); + when(rs.notOK()).thenReturn(true); + + DirectIntrospect<Introspect> direct = OAFacadeFactory.directV1_0(service); + Result<Introspect> rti = direct.mappedIntrospect(trans, token); + + assertEquals(rti.status, 0); + } + + @Test + public void testStatusOk() throws APIException { + when(service.introspect(trans, token)).thenReturn(rs); + when(rs.notOK()).thenReturn(false); + + DirectIntrospect<Introspect> directV1_0 = OAFacadeFactory.directV1_0(service); + Result<Introspect> rti = directV1_0.mappedIntrospect(trans, token); + + assertEquals(rti.status, 0); + } + + @Test + public void testStatusOkWithResultSetEmpty() throws APIException { + when(service.introspect(trans, token)).thenReturn(rs); + when(rs.isEmpty()).thenReturn(true); + when(rs.notOK()).thenReturn(false); + + DirectIntrospect<Introspect> directV1_0 = OAFacadeFactory.directV1_0(service); + Result<Introspect> rti = directV1_0.mappedIntrospect(trans, token); + + assertEquals(rti.status, Result.ERR_NotFound); + } +} diff --git a/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/mapper/JU_Mapper1_0Test.java b/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/mapper/JU_Mapper1_0Test.java new file mode 100644 index 00000000..c872cb8e --- /dev/null +++ b/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/mapper/JU_Mapper1_0Test.java @@ -0,0 +1,226 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ +package org.onap.aaf.auth.oauth.mapper; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; +import static org.mockito.Mockito.when; +import static org.mockito.MockitoAnnotations.initMocks; + +import java.util.Map; +import java.util.TreeMap; + +import javax.servlet.http.HttpServletRequest; + +import org.junit.Before; +import org.junit.Test; +import org.mockito.Answers; +import org.mockito.Mock; +import org.onap.aaf.auth.dao.cass.OAuthTokenDAO.Data; +import org.onap.aaf.auth.layer.Result; +import org.onap.aaf.auth.oauth.mapper.Mapper.API; +import org.onap.aaf.auth.oauth.service.OAuthService.GRANT_TYPE; +import org.onap.aaf.auth.oauth.service.OCreds; +import org.onap.aaf.cadi.client.Holder; +import org.onap.aaf.cadi.oauth.OAuth2Principal; + +import aaf.v2_0.Error; +import aafoauth.v2_0.Introspect; +import aafoauth.v2_0.Token; +import aafoauth.v2_0.TokenRequest; + +public class JU_Mapper1_0Test { + @Mock + private HttpServletRequest req; + + @Mock + private TokenRequest tokenRequest; + + @Mock + private Holder<GRANT_TYPE> hgt; + + @Mock(answer = Answers.RETURNS_DEEP_STUBS) + private OAuth2Principal p; + + private Data data; + + @Before + public void setup() { + initMocks(this); + data = new Data(); + data.id = "id"; + } + + @Test + public void testMapper() { + Mapper<TokenRequest, Token, Introspect, Error> mapper = new Mapper1_0(); + assertEquals(TokenRequest.class, mapper.getClass(API.TOKEN_REQ)); + assertEquals(Token.class, mapper.getClass(API.TOKEN)); + assertEquals(Introspect.class, mapper.getClass(API.INTROSPECT)); + assertEquals(Error.class, mapper.getClass(API.ERROR)); + assertEquals(Void.class, mapper.getClass(API.VOID)); + + assertTrue(mapper.newInstance(API.TOKEN_REQ) instanceof TokenRequest); + assertTrue(mapper.newInstance(API.TOKEN) instanceof Token); + assertTrue(mapper.newInstance(API.INTROSPECT) instanceof Introspect); + assertTrue(mapper.newInstance(API.ERROR) instanceof Error); + assertEquals(null, mapper.newInstance(API.VOID)); + + Error error = mapper.errorFromMessage(null, null, "text", "var1", "var2"); + assertEquals("text", error.getText()); + + Object tokenReqFromParams = mapper.tokenReqFromParams(req); + assertNull(tokenReqFromParams); + } + + @Test + public void testTokeReqFromParams() { + Map<String, String[]> parameterMap = new TreeMap<String, String[]>(); + parameterMap.put("client_id", new String[] { "ClientId1" }); + parameterMap.put("client_secret", new String[] { "client_secret" }); + parameterMap.put("username", new String[] { "username" }); + parameterMap.put("password", new String[] { "password" }); + parameterMap.put("scope", new String[] { "scope" }); + parameterMap.put("grant_type", new String[] { "grant_type" }); + parameterMap.put("refresh_token", new String[] { "refresh_token" }); + parameterMap.put("etc", new String[] { "etc" }); + when(req.getParameterMap()).thenReturn(parameterMap); + + Mapper<TokenRequest, Token, Introspect, Error> mapper = new Mapper1_0(); + + TokenRequest param = mapper.tokenReqFromParams(req); + + assertEquals("ClientId1", param.getClientId()); + assertEquals("client_secret", param.getClientSecret()); + assertEquals("username", param.getUsername()); + assertEquals("password", param.getPassword()); + assertEquals("scope", param.getScope()); + assertEquals("grant_type", param.getGrantType()); + assertEquals("refresh_token", param.getRefreshToken()); + + OCreds credsFromReq = mapper.credsFromReq(param); + assertEquals("ClientId1", credsFromReq.client_id); + assertEquals("username", credsFromReq.username); + + } + + @Test + public void testTokeReqFromParamsWithNoValues() { + Map<String, String[]> parameterMap = new TreeMap<String, String[]>(); + parameterMap.put("client_id", new String[] {}); + parameterMap.put("client_secret", new String[] {}); + parameterMap.put("username", new String[] {}); + parameterMap.put("password", new String[] {}); + parameterMap.put("scope", new String[] {}); + parameterMap.put("grant_type", new String[] {}); + parameterMap.put("refresh_token", new String[] {}); + parameterMap.put("etc", new String[] {}); + when(req.getParameterMap()).thenReturn(parameterMap); + + Mapper<TokenRequest, Token, Introspect, Error> mapper = new Mapper1_0(); + + Object param = mapper.tokenReqFromParams(req); + + assertNull(param); + + } + + @Test + public void testClientTokenReqWithClientCred() { + when(hgt.get()).thenReturn(GRANT_TYPE.client_credentials); + when(tokenRequest.getState()).thenReturn("State"); + when(tokenRequest.getGrantType()).thenReturn("client_credentials"); + when(tokenRequest.getScope()).thenReturn("Scope"); + + Mapper<TokenRequest, Token, Introspect, Error> mapper = new Mapper1_0(); + + Data clientTokenReq = mapper.clientTokenReq(tokenRequest, hgt); + + assertEquals("State", clientTokenReq.state); + assertTrue(clientTokenReq.scopes.contains("Scope")); + + } + + @Test + public void testClientTokenReqWithPassword() { + when(hgt.get()).thenReturn(GRANT_TYPE.unknown); + when(tokenRequest.getState()).thenReturn("State"); + when(tokenRequest.getRefreshToken()).thenReturn("UnKnown"); + + Mapper<TokenRequest, Token, Introspect, Error> mapper = new Mapper1_0(); + + Data clientTokenReq = mapper.clientTokenReq(tokenRequest, hgt); + + assertEquals("State", clientTokenReq.state); + assertEquals(clientTokenReq.type, 0); + } + + @Test + public void testTokenFromDataWithNotOk() { + Result<Data> dataResult = Result.create(null, 1, "detail", "var"); + + Mapper<TokenRequest, Token, Introspect, Error> mapper = new Mapper1_0(); + + Result<Token> clientTokenReq = mapper.tokenFromData(dataResult); + + assertEquals(null, clientTokenReq.value); + } + + @Test + public void testTokenFromData() { + + Result<Data> dataResult = Result.create(data, 0, "detail", "var"); + + Mapper<TokenRequest, Token, Introspect, Error> mapper = new Mapper1_0(); + + Result<Token> clientTokenReq = mapper.tokenFromData(dataResult); + + assertEquals(clientTokenReq.value.getAccessToken(), data.id); + } + + @Test + public void testTokenFromDataWithNoTokenType() { + data.type = 20; + + Result<Data> dataResult = Result.create(data, 0, "detail", "var"); + + Mapper<TokenRequest, Token, Introspect, Error> mapper = new Mapper1_0(); + + Result<Token> clientTokenReq = mapper.tokenFromData(dataResult); + + assertEquals(clientTokenReq.value.getAccessToken(), data.id); + assertEquals(clientTokenReq.value.getTokenType(), "Invalid"); + } + + @Test + public void testFromPrincipal() { + + Introspect introspect = new Introspect(); + when(p.tokenPerm().getIntrospect()).thenReturn(introspect); + + Mapper<TokenRequest, Token, Introspect, Error> mapper = new Mapper1_0(); + + Introspect intro = mapper.fromPrincipal(p); + + assertEquals(introspect, intro); + } +} diff --git a/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/mapper/JU_MapperIntrospect1_0Test.java b/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/mapper/JU_MapperIntrospect1_0Test.java new file mode 100644 index 00000000..d303755f --- /dev/null +++ b/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/mapper/JU_MapperIntrospect1_0Test.java @@ -0,0 +1,94 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ +package org.onap.aaf.auth.oauth.mapper; + +import static org.junit.Assert.assertEquals; +import static org.mockito.MockitoAnnotations.initMocks; + +import java.util.HashSet; + +import javax.servlet.http.HttpServletRequest; +import javax.xml.ws.handler.MessageContext.Scope; + +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mock; +import org.onap.aaf.auth.dao.cass.OAuthTokenDAO.Data; +import org.onap.aaf.auth.layer.Result; + +import aafoauth.v2_0.Introspect; + +public class JU_MapperIntrospect1_0Test { + @Mock + private HttpServletRequest req; + + Data data; + + @Before + public void setup() { + initMocks(this); + data = new Data(); + } + + @Test + public void testIntrospect() { + data.type = 1; + + Result<Data> dataResult = Result.create(data, 0, "detail", "var"); + + MapperIntrospect<Introspect> mapper = new MapperIntrospect1_0(); + + Result<Introspect> intro = mapper.introspect(dataResult); + + assertEquals(intro.value.getClientType(), "confidential"); + } + + @Test + public void testIntrospectWithUnknowType() { + data.type = 5; + data.scopes = new HashSet<String>(); + + data.scopes.add(Scope.APPLICATION.toString()); + data.scopes.add(Scope.HANDLER.toString()); + + Result<Data> dataResult = Result.create(data, 0, "detail", "var"); + + MapperIntrospect<Introspect> mapper = new MapperIntrospect1_0(); + + Result<Introspect> intro = mapper.introspect(dataResult); + + assertEquals(intro.value.getClientType(), "unknown"); + } + + @Test + public void testIntrospectWithNotOk() { + data.type = 5; + + Result<Data> dataResult = Result.create(data, 1, "detail", "var"); + + MapperIntrospect<Introspect> mapper = new MapperIntrospect1_0(); + + Result<Introspect> intro = mapper.introspect(dataResult); + + assertEquals(intro.value, null); + } + +}
\ No newline at end of file diff --git a/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/service/JU_JSONPermLoaderFactoryTest.java b/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/service/JU_JSONPermLoaderFactoryTest.java new file mode 100644 index 00000000..1a13580f --- /dev/null +++ b/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/service/JU_JSONPermLoaderFactoryTest.java @@ -0,0 +1,200 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ +package org.onap.aaf.auth.oauth.service; + +import static org.junit.Assert.assertEquals; +import static org.mockito.Mockito.only; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; +import static org.mockito.MockitoAnnotations.initMocks; + +import java.util.ArrayList; +import java.util.HashSet; +import java.util.List; +import java.util.Set; + +import javax.xml.ws.handler.MessageContext.Scope; + +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mock; +import org.onap.aaf.auth.common.Define; +import org.onap.aaf.auth.dao.cass.NsSplit; +import org.onap.aaf.auth.dao.cass.PermDAO; +import org.onap.aaf.auth.dao.hl.Question; +import org.onap.aaf.auth.env.AuthzEnv; +import org.onap.aaf.auth.env.AuthzTrans; +import org.onap.aaf.auth.layer.Result; +import org.onap.aaf.cadi.Access; +import org.onap.aaf.cadi.CadiException; +import org.onap.aaf.cadi.aaf.v2_0.AAFCon; +import org.onap.aaf.cadi.client.Future; +import org.onap.aaf.cadi.client.Rcli; +import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.misc.env.APIException; +import org.onap.aaf.misc.env.Env; +import org.onap.aaf.misc.env.TimeTaken; + +public class JU_JSONPermLoaderFactoryTest { + @Mock + private AAFCon<?> aafcon; + @Mock + private AuthzTrans trans; + @Mock + private TimeTaken tt; + @Mock + Rcli c; + @Mock + private Future fs; + @Mock + private Question question; + @Mock + private Result<NsSplit> rdns; + private NsSplit nss; + + private Access access; + + @Before + public void setup() throws CadiException { + access = new AuthzEnv(); + Define.set(access); + initMocks(this); + nss = new NsSplit("APPLICATION", "APPLICATION"); + } + + @Test + public void testRemoteWithTimeOut() throws APIException, CadiException { + when(trans.start("Call AAF Service", Env.REMOTE)).thenReturn(tt); + when(aafcon.clientAs(Config.AAF_DEFAULT_VERSION, trans.getUserPrincipal())).thenReturn(c); + when(c.read("/authz/perms/user/null?scopes=APPLICATION:HANDLER", + "application/Perms+json;charset=utf-8;version=2.0")).thenReturn(fs); + when(fs.get(0)).thenReturn(true); + + Set<String> scopes = new HashSet<String>(); + scopes.add(Scope.APPLICATION.toString()); + scopes.add(Scope.HANDLER.toString()); + + JSONPermLoader factory = JSONPermLoaderFactory.remote(aafcon, 0); + + Result<String> loadJSONPerms = factory.loadJSONPerms(trans, null, scopes); + + assertEquals(0, loadJSONPerms.status); + + verify(tt, only()).done(); + } + + @Test + public void testRemoteWith404() throws APIException, CadiException { + when(trans.start("Call AAF Service", Env.REMOTE)).thenReturn(tt); + when(aafcon.clientAs(Config.AAF_DEFAULT_VERSION, trans.getUserPrincipal())).thenReturn(c); + when(c.read("/authz/perms/user/null?scopes=APPLICATION:HANDLER", + "application/Perms+json;charset=utf-8;version=2.0")).thenReturn(fs); + when(fs.get(0)).thenReturn(false); + when(fs.code()).thenReturn(404); + + Set<String> scopes = new HashSet<String>(); + scopes.add(Scope.APPLICATION.toString()); + scopes.add(Scope.HANDLER.toString()); + + JSONPermLoader factory = JSONPermLoaderFactory.remote(aafcon, 0); + + Result<String> loadJSONPerms = factory.loadJSONPerms(trans, null, scopes); + + assertEquals(Result.ERR_NotFound, loadJSONPerms.status); + + verify(tt, only()).done(); + } + + @Test + public void testRemote() throws APIException, CadiException { + when(trans.start("Call AAF Service", Env.REMOTE)).thenReturn(tt); + when(aafcon.clientAs(Config.AAF_DEFAULT_VERSION, trans.getUserPrincipal())).thenReturn(c); + when(c.read("/authz/perms/user/null?scopes=APPLICATION:HANDLER", + "application/Perms+json;charset=utf-8;version=2.0")).thenReturn(fs); + when(fs.get(0)).thenReturn(false); + + Set<String> scopes = new HashSet<String>(); + scopes.add(Scope.APPLICATION.toString()); + scopes.add(Scope.HANDLER.toString()); + + JSONPermLoader factory = JSONPermLoaderFactory.remote(aafcon, 0); + + Result<String> loadJSONPerms = factory.loadJSONPerms(trans, null, scopes); + + assertEquals(Result.ERR_Backend, loadJSONPerms.status); + + verify(tt, only()).done(); + } + + @Test + public void testDirectWhenPdNotOk() throws APIException, CadiException { + + Result<List<PermDAO.Data>> pd = Result.create(null, Result.ERR_Backend, "details", "vars"); + + when(question.getPermsByUser(trans, "user", false)).thenReturn(pd); + when(trans.start("Cached DB Perm lookup", Env.SUB)).thenReturn(tt); + + Set<String> scopes = new HashSet<String>(); + scopes.add(Scope.APPLICATION.toString()); + scopes.add(Scope.HANDLER.toString()); + + JSONPermLoader factory = JSONPermLoaderFactory.direct(question); + + Result<String> loadJSONPerms = factory.loadJSONPerms(trans, "user", scopes); + + assertEquals(Result.ERR_Backend, loadJSONPerms.status); + + verify(tt, only()).done(); + } + + @Test + public void testDirectWhenPdOk() throws APIException, CadiException { + + when(trans.start("Cached DB Perm lookup", Env.SUB)).thenReturn(tt); + when(question.deriveNsSplit(trans, "name")).thenReturn(rdns); + when(rdns.isOKhasData()).thenReturn(false); + + List<PermDAO.Data> list = new ArrayList<PermDAO.Data>(); + list.add(new PermDAO.Data(nss, "instance", "action")); + list.add(new PermDAO.Data(nss, "instance", "action")); + + Result<List<PermDAO.Data>> pd = Result.create(list, Result.OK, "details", "vars"); + + when(question.getPermsByUser(trans, "user", false)).thenReturn(pd); + + Set<String> scopes = new HashSet<String>(); + scopes.add(Scope.APPLICATION.toString()); + scopes.add(Scope.HANDLER.toString()); + + JSONPermLoader factory = JSONPermLoaderFactory.direct(question); + + Result<String> loadJSONPerms = factory.loadJSONPerms(trans, "user", scopes); + + assertEquals(Result.OK, loadJSONPerms.status); + assertEquals("Success", loadJSONPerms.details); + assertEquals( + "{\"perm\":[{\"ns\":\"APPLICATION\",\"type\":\"APPLICATION\",\"instance\":\"instance\",\"action\":\"action\"},{\"ns\":\"APPLICATION\",\"type\":\"APPLICATION\",\"instance\":\"instance\",\"action\":\"action\"}]}", + loadJSONPerms.value); + + verify(tt, only()).done(); + } + +} diff --git a/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/service/JU_OCredsTest.java b/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/service/JU_OCredsTest.java new file mode 100644 index 00000000..1c16772b --- /dev/null +++ b/auth/auth-oauth/src/test/java/org/onap/aaf/auth/oauth/service/JU_OCredsTest.java @@ -0,0 +1,49 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ +package org.onap.aaf.auth.oauth.service; + +import static org.junit.Assert.assertEquals; + +import org.junit.Test; + +public class JU_OCredsTest { + + @Test + public void test() { + OCreds cred = new OCreds("client_id", "client_secret", "username", "password"); + + assertEquals(cred.client_id, "client_id"); + assertEquals(cred.username, "username"); + assertEquals(new String(cred.client_secret), "client_secret"); + assertEquals(new String(cred.password), "password"); + } + + @Test + public void testWithNullValues() { + OCreds cred = new OCreds("client_id", null, "username", null); + + assertEquals(cred.client_id, "client_id"); + assertEquals(cred.username, "username"); + assertEquals(cred.client_secret, null); + assertEquals(cred.password, null); + } + +} diff --git a/auth/docker/.gitignore b/auth/docker/.gitignore index f644e05c..47b48da5 100644 --- a/auth/docker/.gitignore +++ b/auth/docker/.gitignore @@ -1,3 +1,4 @@ /local /d.props /aaf.props +/cass.props diff --git a/auth/docker/Dockerfile.core b/auth/docker/Dockerfile.core index c4e8a461..b54dce77 100644 --- a/auth/docker/Dockerfile.core +++ b/auth/docker/Dockerfile.core @@ -7,4 +7,6 @@ LABEL version=${AAF_VERSION} COPY lib /opt/app/aaf/lib COPY bin /opt/app/aaf/bin +COPY theme /opt/app/aaf/theme + diff --git a/auth/docker/Dockerfile.ms b/auth/docker/Dockerfile.ms index b8ef6d9a..121bd06c 100644 --- a/auth/docker/Dockerfile.ms +++ b/auth/docker/Dockerfile.ms @@ -5,8 +5,6 @@ ENV VERSION=${AAF_VERSION} LABEL description="aaf_${AAF_COMPONENT}" LABEL version=${AAF_VERSION} -COPY theme /opt/app/aaf/theme - CMD ["/bin/bash","-c","/opt/app/aaf/bin/${AAF_COMPONENT}"] # For Debugging installation diff --git a/auth/docker/agent.sh b/auth/docker/agent.sh index 4aba092c..1ca12eb8 100644 --- a/auth/docker/agent.sh +++ b/auth/docker/agent.sh @@ -9,10 +9,15 @@ fi . ./aaf.props -for V in VERSION AAF_FQDN AAF_FQDN_IP DEPLOY_FQI APP_FQDN APP_FQI VOLUME DRIVER LATITUDE LONGITUDE; do + +for V in VERSION DOCKER_REPOSITORY AAF_FQDN AAF_FQDN_IP DEPLOY_FQI APP_FQDN APP_FQI VOLUME DRIVER LATITUDE LONGITUDE; do if [ "$(grep $V ./aaf.props)" = "" ]; then unset DEF case $V in + DOCKER_REPOSITORY) + PROMPT="Docker Repo" + DEF=nexus3.onap.org:10003 + ;; AAF_FQDN) PROMPT="AAF's FQDN";; DEPLOY_FQI) PROMPT="Deployer's FQI";; AAF_FQDN_IP) @@ -66,5 +71,5 @@ docker run \ --env LATITUDE=${LATITUDE} \ --env LONGITUDE=${LONGITUDE} \ --name aaf_agent_$USER \ - onap/aaf/aaf_agent:$VERSION \ + $DOCKER_REPOSITORY/onap/aaf/aaf_agent:$VERSION \ /bin/bash "$@" diff --git a/auth/docker/cass.props.init b/auth/docker/cass.props.init new file mode 100644 index 00000000..fc9bab43 --- /dev/null +++ b/auth/docker/cass.props.init @@ -0,0 +1,3 @@ +#!/bin/bash + +CASS_HOST=cass.aaf.osaaf.org:<Cass IP> diff --git a/auth/docker/d.props.init b/auth/docker/d.props.init index b0ba63d8..54a83b71 100644 --- a/auth/docker/d.props.init +++ b/auth/docker/d.props.init @@ -8,7 +8,6 @@ CONF_ROOT_DIR=/opt/app/osaaf # Local Env info HOSTNAME=aaf.osaaf.org HOST_IP= -CASS_HOST=cass.aaf.osaaf.org:<Cass IP> # AAF Machine info AAF_ENV=DEV diff --git a/auth/docker/dbuild.sh b/auth/docker/dbuild.sh index da0b9b64..517afe02 100755 --- a/auth/docker/dbuild.sh +++ b/auth/docker/dbuild.sh @@ -16,10 +16,12 @@ cp ../cadi/aaf/target/aaf-cadi-aaf-${VERSION}-full.jar sample/bin # AAF Config image (for AAF itself) sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' docker/Dockerfile.config > sample/Dockerfile docker build -t ${ORG}/${PROJECT}/aaf_config:${VERSION} sample +docker tag ${ORG}/${PROJECT}/aaf_config:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_config:${VERSION} # AAF Agent Image (for Clients) sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' docker/Dockerfile.client > sample/Dockerfile docker build -t ${ORG}/${PROJECT}/aaf_agent:${VERSION} sample +docker tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:${VERSION} # Clean up rm sample/Dockerfile sample/bin/aaf-cadi-aaf-${VERSION}-full.jar @@ -31,6 +33,7 @@ echo Building aaf_$AAF_COMPONENT... sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' Dockerfile.core >../aaf_${VERSION}/Dockerfile cd .. docker build -t ${ORG}/${PROJECT}/aaf_core:${VERSION} aaf_${VERSION} +docker tag ${ORG}/${PROJECT}/aaf_core:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_core:${VERSION} rm aaf_${VERSION}/Dockerfile cd - @@ -45,6 +48,7 @@ for AAF_COMPONENT in ${AAF_COMPONENTS}; do sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' Dockerfile.ms >../aaf_${VERSION}/Dockerfile cd .. docker build -t ${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} aaf_${VERSION} + docker tag ${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} rm aaf_${VERSION}/Dockerfile cd - done diff --git a/auth/docker/dpush.sh b/auth/docker/dpush.sh index 761ae2a8..0cfd1fc1 100644 --- a/auth/docker/dpush.sh +++ b/auth/docker/dpush.sh @@ -5,14 +5,13 @@ . ./d.props if ["$1" == ""]; then - AAF_COMPONENTS=`ls ../aaf_*HOT/bin | grep -v '\.'` + AAF_COMPONENTS="config agent core `ls ../aaf_*HOT/bin | grep -v '\.'`" else AAF_COMPONENTS=$1 fi for AAF_COMPONENT in ${AAF_COMPONENTS}; do - docker push ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${OLD_VERSION} + # docker push ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${OLD_VERSION} docker push ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} - docker push ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${NEW_VERSION} - + # docker push ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${NEW_VERSION} done diff --git a/auth/docker/drun.sh b/auth/docker/drun.sh index c62adfc2..8cedbcc4 100644 --- a/auth/docker/drun.sh +++ b/auth/docker/drun.sh @@ -2,6 +2,15 @@ # Pull in Variables from d.props . ./d.props +# Only need Cassandra Link Info when initializing the container. +if [ ! -e ./cass.props ]; then + cp cass.props.init cass.props + echo "Edit appropriate Cassandra Link Info into cass.props" + exit +fi + +. ./cass.props + if [ "$1" == "" ]; then AAF_COMPONENTS=$(ls -r ../aaf_${VERSION}/bin | grep -v '\.') else diff --git a/docs/sections/architecture/aaf_architecture.rst b/docs/sections/architecture/aaf_architecture.rst index 815a5a48..e806fb64 100644 --- a/docs/sections/architecture/aaf_architecture.rst +++ b/docs/sections/architecture/aaf_architecture.rst @@ -15,6 +15,55 @@ To be effective during a computer transaction, Security must not only be secure, :height: 600px :width: 800px +Philosophy of Identity +====================== + +It may seem out of place to use the word "Philosophy" in a technical document, but given that philosophy is the study of knowledge, reality and existence, perhaps it is not so strange after all. When you combine this with the fact that the stereotypical "computer guy" also spends a lot of time reading/watching Science Fiction, then perhaps it is extraordinarily appropriate instead. + +In security, the two main tasks are to establish the validity to a claim of Identity (Authentication), and subsequently to relay what that Identity may do in certain contexts (Authorization). + +What is Identity? +----------------- + +Fundamentally, Identity is the direct association of a name to some object, person or concept. The goal of naming is to make a consistent reference point to the same object, person or concept, and be able to share that via communications betwween a community. Thus, in a conversation, someone might bring up the name Charles de Gaulle in conversation, and the person and work of the French Minister of Armed Forces in France should come to mind. There is an anchor point in the minds of both persons while discussing this person. Even if one of the parties knows little about Charles de Gaulle, it becomes an anchor point to start gathering information, and can be returned to in future converstations. + +"Person and work" are polite ways of referring to people, who they are (or were), and what they do (or did). We will be more succint, and refer to Identity and Function, and apply this in the context of an Organization. + +Identity in Context +------------------- + +A common experience for most people is "getting a job". Upon acceptance, the new person is added to company records, and assigned certain unique names so that the money you receive can be in direct association to the work you accomplish. The same is true for Schools, volunteer organizations. The existing Organization assigns this name, typically known as an "ID". It may or may not be created with any other names in it, but it associated with other names in records. Even when you are born, you are born into a family, and the parents choose the name, and record it within the country (Birth Certificate). + +Thus, the key element is that the Organization itself, delegated by the ultimate Authority of that Organiaztion, determines the name that you will use in Context. That name remains throughout the association with that Organization. Even if your ID is changed, that is usually recorded, so that records can be associated with past and present records. + +Computer Identity +----------------- + +Whether or not you follow Science Fiction stories about Robots, are facinated by Isaac Azimov's Three Laws of Robotics, or think those who do are hopelessly socially inept, you will need to wrestle a bit with how much in common a human created machine with a human being. Without moral or religious implications, Identity can be discussed without stepping on the minefields that Science Fiction typically explores. + +An Application still must be named, and the name must be controlled within the Context of the Organization defining the name. Where the Application can affect Organzation Resources (i.e. Data), it must have the Authorization to do what it is doing, the question of being sentiently driven need not come up. (sorry sci-fi fans). + +Therefore, from an Organization Context, the very same Authentication and Authorization questions apply whether the Identity in question is "Carbon Based Life Form" or "Silicon Based Life Form". + +Sum of Parts +------------ + +For a human, it is pretty clear, of our purposes, that it is the mind that focuses into Identity. Any given Employee might lose an arm or leg during the period of employment, and, as long as they can type or vocalize a voice-print, there is no discernable difference +n whether the person is still the person. + +Computer Applications may be different. Typically, an Application is built of separate parts, and with the advent of MicroServices as a goal, the question whether each part needs a separate identity or not is actually a valid question. When a Programmer is writing his App, and making the parts, do they need to stand on their own as an Identity or not. + +The trick is, as an Architect, is to determine whether these individual components really are separate, or can be considered as a part of the whole. + +As a rule of thumb, look at you App. If you follow a Model-View-Controller method, it is hard to argue for a need to separate identities... They are clearly three parts to the whole. On the other hand, if you want to consider each Component as a separate Robot, where one may NOT do just anything that the others do, then you should create separate Identities for each. + +A clue to this kind of model is if you consider having different groups creating an managing the apps, with a view towards more separateness. If you believe your components are more separate, and the grouping is more by topic (i.e. a group of robots tasked with collectively doing something), the separate Identities may be more appropriate. + +Enjoy stretching your mind +-------------------------- + +AAF can support models of either side. In the meantime, enjoy the use of your mind to comtemplate things beyond tickets and this will help drive what you need to ask for in terms of Identities for your Apps. + Certificate Manager =================== diff --git a/docs/sections/installation/install_from_source.rst b/docs/sections/installation/install_from_source.rst index 761069cb..dd7f71e0 100644 --- a/docs/sections/installation/install_from_source.rst +++ b/docs/sections/installation/install_from_source.rst @@ -93,7 +93,7 @@ New Docker Cassandra Assuming you are in your src/authz directory:: $ cd auth/auth-cass/docker - $ sh dinstall.sh + $ bash dinstall.sh --------------------- AAF Itself @@ -127,7 +127,7 @@ You will need to edit and fill out the information in your d.props file. Here i AAF can be built, and local Docker Images built with the following:: - $ sh dbuild.sh + $ bash dbuild.sh Otherwise, just let it pull from Nexus @@ -140,7 +140,7 @@ AAF uses a Persistent Volume to store data longer term, such as CADI configs, Or This volume is created automatically, as necessary, and linked into the container when starting. :: ## Be sure to have your 'd.props' file filled out before running. - $ sh aaf.sh + $ bash aaf.sh ============================== Bootstrapping with Keystores @@ -187,7 +187,7 @@ Check the Container logs for correct Keystore passwords, other issues :: Watch logs :: - $ sh aaf.sh taillog + $ bash aaf.sh taillog Notes: |