summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java29
-rw-r--r--auth/sample/data/identities.dat2
-rw-r--r--auth/sample/data/sample.identities.dat14
-rw-r--r--docs/sections/installation/client_vol.rst70
-rw-r--r--docs/sections/installation/install_from_source.rst3
5 files changed, 96 insertions, 22 deletions
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
index f9cd060b..744c3c3f 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
@@ -164,22 +164,25 @@ public class CMService {
} else {
for (String cn : req.value.fqdns) {
- try {
- InetAddress[] ias = InetAddress.getAllByName(cn);
- Set<String> potentialSanNames = new HashSet<>();
- for (InetAddress ia1 : ias) {
- InetAddress ia2 = InetAddress.getByAddress(ia1.getAddress());
- if (primary == null && ias.length == 1 && trans.ip().equals(ia1.getHostAddress())) {
- primary = ia1;
- } else if (!cn.equals(ia1.getHostName())
- && !ia2.getHostName().equals(ia2.getHostAddress())) {
- potentialSanNames.add(ia1.getHostName());
+ if(ignoreIPs) {
+ potentialSanNames.add(cn);
+ } else {
+ try {
+ InetAddress[] ias = InetAddress.getAllByName(cn);
+ Set<String> potentialSanNames = new HashSet<>();
+ for (InetAddress ia1 : ias) {
+ InetAddress ia2 = InetAddress.getByAddress(ia1.getAddress());
+ if (primary == null && ias.length == 1 && trans.ip().equals(ia1.getHostAddress())) {
+ primary = ia1;
+ } else if (!cn.equals(ia1.getHostName())
+ && !ia2.getHostName().equals(ia2.getHostAddress())) {
+ potentialSanNames.add(ia1.getHostName());
+ }
}
+ } catch (UnknownHostException e1) {
+ return Result.err(Result.ERR_BadData, "There is no DNS lookup for %s", cn);
}
- } catch (UnknownHostException e1) {
- return Result.err(Result.ERR_BadData, "There is no DNS lookup for %s", cn);
}
-
}
}
}
diff --git a/auth/sample/data/identities.dat b/auth/sample/data/identities.dat
index 54c0a15d..7bf14d5b 100644
--- a/auth/sample/data/identities.dat
+++ b/auth/sample/data/identities.dat
@@ -41,7 +41,7 @@ clamp|ONAP CLAMP Application|CLAMP|Application|||a|aaf_admin
aai|ONAP AAI Application|AAI|ONAP Application|||a|aaf_admin
appc|ONAP APPC Application|APPC|ONAP Application|||a|aaf_admin
dcae|ONAP DCAE Application|CLAMP|ONAP Application|||a|aaf_admin
-dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|||_admina|aaf
+dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|||a|aaf_admin
dmaap-mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|||a|aaf_admin
oof|ONAP OOF Application|OOF|ONAP Application|||a|aaf_admin
sdnc|ONAP SDNC Application|SDNC|ONAP Application|||a|aaf_admin
diff --git a/auth/sample/data/sample.identities.dat b/auth/sample/data/sample.identities.dat
index 05ed0cc1..185e1604 100644
--- a/auth/sample/data/sample.identities.dat
+++ b/auth/sample/data/sample.identities.dat
@@ -27,12 +27,12 @@ iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@people
# ONAP default Users
aaf_admin|AAF Administrator|Mr AAF|AAF Admin|||e|mmanager
deploy|Deployer|Deployer|Depoyer|||e|aaf_admin
-demo|PORTAL DEMO|PORTAL|DEMO|||e|aaf
-jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|aaf
-cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|aaf
-jm0007|PORTAL TESTER|PORTAL|TESTER|||e|aaf
-op0001|PORTAL OPS|PORTAL|OPS|||e|aaf
-gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|aaf
+demo|PORTAL DEMO|PORTAL|DEMO|||e|aaf_admin
+jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|aaf_admin
+cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|aaf_admin
+jm0007|PORTAL TESTER|PORTAL|TESTER|||e|aaf_admin
+op0001|PORTAL OPS|PORTAL|OPS|||e|aaf_admin
+gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|aaf_admin
# ONAP App IDs
aaf|AAF Application|AAF|Application|||a|aaf_admin
aaf-sms|AAF SMS Application|AAF SMS|Application|||a|aaf_admin
@@ -40,7 +40,7 @@ clamp|ONAP CLAMP Application|CLAMP|Application|||a|aaf_admin
aai|ONAP AAI Application|AAI|ONAP Application|||a|aaf_admin
appc|ONAP APPC Application|APPC|ONAP Application|||a|aaf_admin
dcae|ONAP DCAE Application|CLAMP|ONAP Application|||a|aaf_admin
-dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|||_admina|aaf
+dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|||a|aaf_admin
dmaap-mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|||a|aaf_admin
oof|ONAP OOF Application|OOF|ONAP Application|||a|aaf_admin
sdnc|ONAP SDNC Application|SDNC|ONAP Application|||a|aaf_admin
diff --git a/docs/sections/installation/client_vol.rst b/docs/sections/installation/client_vol.rst
new file mode 100644
index 00000000..ea98e5f2
--- /dev/null
+++ b/docs/sections/installation/client_vol.rst
@@ -0,0 +1,70 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+
+========================================
+Setting up Certs and CADI Configurations
+========================================
+
+*Note: this document assumes UNIX Bash Shell. Being Java, AAF works in Windows, but you will have to create your own script/instruction conversions.*
+
+------------------
+Strategy
+------------------
+
+ONAP is deployed in Docker Containers or Kubernetes managed Docker Containers. Therefore, this instruction utilizes a Docker Container as a standalone Utility... (This means that this container will stop as soon as it is done with its work... it is not a long running daemon)
+
+Given that all ONAP entities are also in Docker Containers, they all can access Persistent Volumes.
+
+This tool creates all the Configurations, including Certificates, onto a declared Volume on the directories starting with "/opt/app/osaaf"
+
+------------------
+Prerequisites
+------------------
+ * Docker
+ * Note: it does NOT have to be the SAME Docker that AAF is deployed on...
+ | but it DOES have be accessible to the AAF Instance.
+ * For ONAP, this means
+
+ * Windriver VPN
+ * include "10.12.6.214 aaf-onap-test.osaaf.org" in your /etc/hosts or DNS
+
+-----------------------
+Obtain the Agent Script
+-----------------------
+Choose the directory you wish to start in...
+
+If you don't want to clone all of AAF, just get the "agent.sh" from a Browser:
+
+ https://gerrit.onap.org/r/gitweb?p=aaf/authz.git;a=blob_plain;f=auth/docker/agent.sh;hb=HEAD
+
+ Note: curl/wget get html, instead of text
+ | You might have to mv, and rename it to "agent.sh", but avoids full clone
+
+-------------------------
+Run Script
+-------------------------
+
+In your chosen directory ::
+
+ $ bash agent.sh
+
+The Agent will look for "aaf.props", and if it doesn't exist, or is missing information, it will ask for it
+
+
+--------------- ---------------
+Tag Value
+--------------- ---------------
+CADI Version Defaults to CADI version of this
+AAF's FQDN PUBLIC Name for AAF. For ONAP Test, it is 'aaf-onap-test.osaaf.org'
+Deployer's FQI deployer@people.osaaf.org. In a REAL system, this would be a person or process
+App's Root FQDN This will show up in the Cert Subject, and should be the name given by Docker. i.e. clamp.onap
+App's FQI Fully Qualified ID given by Organization and with AAF NS/domain. ex: clamp@clamp.onap.org
+App's Volume Volume to put the data, see above. ex: clamp_aaf
+DRIVER Docker Volume type... See Docker Volume documentation
+LATITUDE Global latitude coordinate of Node (best guess for Kubernetes)
+LONGITUDE Global longitude coordinate of Node (best guess for Kubernetes)
+--------------- ---------------
+
+
+
diff --git a/docs/sections/installation/install_from_source.rst b/docs/sections/installation/install_from_source.rst
index 4a4b03c5..761069cb 100644
--- a/docs/sections/installation/install_from_source.rst
+++ b/docs/sections/installation/install_from_source.rst
@@ -2,10 +2,11 @@
.. http://creativecommons.org/licenses/by/4.0
.. Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+============================
Installing from Source Code
============================
-*Note: this document assumes UNIX Bash Shell. Being AAF works in Windows, but you will have to create your own script/instruction conversions.*
+*Note: this document assumes UNIX Bash Shell. Being Java, AAF works in Windows, but you will have to create your own script/instruction conversions.*
------------------
Modes