diff options
-rw-r--r-- | auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java | 29 | ||||
-rw-r--r-- | auth/sample/data/identities.dat | 2 | ||||
-rw-r--r-- | auth/sample/data/sample.identities.dat | 14 | ||||
-rw-r--r-- | docs/sections/installation/client_vol.rst | 70 | ||||
-rw-r--r-- | docs/sections/installation/install_from_source.rst | 3 |
5 files changed, 96 insertions, 22 deletions
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java index f9cd060b..744c3c3f 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java @@ -164,22 +164,25 @@ public class CMService { } else { for (String cn : req.value.fqdns) { - try { - InetAddress[] ias = InetAddress.getAllByName(cn); - Set<String> potentialSanNames = new HashSet<>(); - for (InetAddress ia1 : ias) { - InetAddress ia2 = InetAddress.getByAddress(ia1.getAddress()); - if (primary == null && ias.length == 1 && trans.ip().equals(ia1.getHostAddress())) { - primary = ia1; - } else if (!cn.equals(ia1.getHostName()) - && !ia2.getHostName().equals(ia2.getHostAddress())) { - potentialSanNames.add(ia1.getHostName()); + if(ignoreIPs) { + potentialSanNames.add(cn); + } else { + try { + InetAddress[] ias = InetAddress.getAllByName(cn); + Set<String> potentialSanNames = new HashSet<>(); + for (InetAddress ia1 : ias) { + InetAddress ia2 = InetAddress.getByAddress(ia1.getAddress()); + if (primary == null && ias.length == 1 && trans.ip().equals(ia1.getHostAddress())) { + primary = ia1; + } else if (!cn.equals(ia1.getHostName()) + && !ia2.getHostName().equals(ia2.getHostAddress())) { + potentialSanNames.add(ia1.getHostName()); + } } + } catch (UnknownHostException e1) { + return Result.err(Result.ERR_BadData, "There is no DNS lookup for %s", cn); } - } catch (UnknownHostException e1) { - return Result.err(Result.ERR_BadData, "There is no DNS lookup for %s", cn); } - } } } diff --git a/auth/sample/data/identities.dat b/auth/sample/data/identities.dat index 54c0a15d..7bf14d5b 100644 --- a/auth/sample/data/identities.dat +++ b/auth/sample/data/identities.dat @@ -41,7 +41,7 @@ clamp|ONAP CLAMP Application|CLAMP|Application|||a|aaf_admin aai|ONAP AAI Application|AAI|ONAP Application|||a|aaf_admin appc|ONAP APPC Application|APPC|ONAP Application|||a|aaf_admin dcae|ONAP DCAE Application|CLAMP|ONAP Application|||a|aaf_admin -dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|||_admina|aaf +dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|||a|aaf_admin dmaap-mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|||a|aaf_admin oof|ONAP OOF Application|OOF|ONAP Application|||a|aaf_admin sdnc|ONAP SDNC Application|SDNC|ONAP Application|||a|aaf_admin diff --git a/auth/sample/data/sample.identities.dat b/auth/sample/data/sample.identities.dat index 05ed0cc1..185e1604 100644 --- a/auth/sample/data/sample.identities.dat +++ b/auth/sample/data/sample.identities.dat @@ -27,12 +27,12 @@ iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@people # ONAP default Users aaf_admin|AAF Administrator|Mr AAF|AAF Admin|||e|mmanager deploy|Deployer|Deployer|Depoyer|||e|aaf_admin -demo|PORTAL DEMO|PORTAL|DEMO|||e|aaf -jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|aaf -cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|aaf -jm0007|PORTAL TESTER|PORTAL|TESTER|||e|aaf -op0001|PORTAL OPS|PORTAL|OPS|||e|aaf -gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|aaf +demo|PORTAL DEMO|PORTAL|DEMO|||e|aaf_admin +jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|aaf_admin +cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|aaf_admin +jm0007|PORTAL TESTER|PORTAL|TESTER|||e|aaf_admin +op0001|PORTAL OPS|PORTAL|OPS|||e|aaf_admin +gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|aaf_admin # ONAP App IDs aaf|AAF Application|AAF|Application|||a|aaf_admin aaf-sms|AAF SMS Application|AAF SMS|Application|||a|aaf_admin @@ -40,7 +40,7 @@ clamp|ONAP CLAMP Application|CLAMP|Application|||a|aaf_admin aai|ONAP AAI Application|AAI|ONAP Application|||a|aaf_admin appc|ONAP APPC Application|APPC|ONAP Application|||a|aaf_admin dcae|ONAP DCAE Application|CLAMP|ONAP Application|||a|aaf_admin -dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|||_admina|aaf +dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|||a|aaf_admin dmaap-mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|||a|aaf_admin oof|ONAP OOF Application|OOF|ONAP Application|||a|aaf_admin sdnc|ONAP SDNC Application|SDNC|ONAP Application|||a|aaf_admin diff --git a/docs/sections/installation/client_vol.rst b/docs/sections/installation/client_vol.rst new file mode 100644 index 00000000..ea98e5f2 --- /dev/null +++ b/docs/sections/installation/client_vol.rst @@ -0,0 +1,70 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. Copyright © 2017 AT&T Intellectual Property. All rights reserved. + +======================================== +Setting up Certs and CADI Configurations +======================================== + +*Note: this document assumes UNIX Bash Shell. Being Java, AAF works in Windows, but you will have to create your own script/instruction conversions.* + +------------------ +Strategy +------------------ + +ONAP is deployed in Docker Containers or Kubernetes managed Docker Containers. Therefore, this instruction utilizes a Docker Container as a standalone Utility... (This means that this container will stop as soon as it is done with its work... it is not a long running daemon) + +Given that all ONAP entities are also in Docker Containers, they all can access Persistent Volumes. + +This tool creates all the Configurations, including Certificates, onto a declared Volume on the directories starting with "/opt/app/osaaf" + +------------------ +Prerequisites +------------------ + * Docker + * Note: it does NOT have to be the SAME Docker that AAF is deployed on... + | but it DOES have be accessible to the AAF Instance. + * For ONAP, this means + + * Windriver VPN + * include "10.12.6.214 aaf-onap-test.osaaf.org" in your /etc/hosts or DNS + +----------------------- +Obtain the Agent Script +----------------------- +Choose the directory you wish to start in... + +If you don't want to clone all of AAF, just get the "agent.sh" from a Browser: + + https://gerrit.onap.org/r/gitweb?p=aaf/authz.git;a=blob_plain;f=auth/docker/agent.sh;hb=HEAD + + Note: curl/wget get html, instead of text + | You might have to mv, and rename it to "agent.sh", but avoids full clone + +------------------------- +Run Script +------------------------- + +In your chosen directory :: + + $ bash agent.sh + +The Agent will look for "aaf.props", and if it doesn't exist, or is missing information, it will ask for it + + +--------------- --------------- +Tag Value +--------------- --------------- +CADI Version Defaults to CADI version of this +AAF's FQDN PUBLIC Name for AAF. For ONAP Test, it is 'aaf-onap-test.osaaf.org' +Deployer's FQI deployer@people.osaaf.org. In a REAL system, this would be a person or process +App's Root FQDN This will show up in the Cert Subject, and should be the name given by Docker. i.e. clamp.onap +App's FQI Fully Qualified ID given by Organization and with AAF NS/domain. ex: clamp@clamp.onap.org +App's Volume Volume to put the data, see above. ex: clamp_aaf +DRIVER Docker Volume type... See Docker Volume documentation +LATITUDE Global latitude coordinate of Node (best guess for Kubernetes) +LONGITUDE Global longitude coordinate of Node (best guess for Kubernetes) +--------------- --------------- + + + diff --git a/docs/sections/installation/install_from_source.rst b/docs/sections/installation/install_from_source.rst index 4a4b03c5..761069cb 100644 --- a/docs/sections/installation/install_from_source.rst +++ b/docs/sections/installation/install_from_source.rst @@ -2,10 +2,11 @@ .. http://creativecommons.org/licenses/by/4.0 .. Copyright © 2017 AT&T Intellectual Property. All rights reserved. +============================ Installing from Source Code ============================ -*Note: this document assumes UNIX Bash Shell. Being AAF works in Windows, but you will have to create your own script/instruction conversions.* +*Note: this document assumes UNIX Bash Shell. Being Java, AAF works in Windows, but you will have to create your own script/instruction conversions.* ------------------ Modes |