diff options
Diffstat (limited to 'auth/auth-cass/cass_init')
-rw-r--r-- | auth/auth-cass/cass_init/.gitignore | 1 | ||||
-rw-r--r-- | auth/auth-cass/cass_init/build.sh | 6 | ||||
-rw-r--r-- | auth/auth-cass/cass_init/cmd.sh | 89 | ||||
-rw-r--r-- | auth/auth-cass/cass_init/config.dat | 9 | ||||
-rw-r--r-- | auth/auth-cass/cass_init/data.sh | 59 | ||||
-rw-r--r-- | auth/auth-cass/cass_init/extract.sh | 7 | ||||
-rw-r--r-- | auth/auth-cass/cass_init/init.cql | 273 | ||||
-rw-r--r-- | auth/auth-cass/cass_init/init2_1.cql | 7 | ||||
-rw-r--r-- | auth/auth-cass/cass_init/keyspace.cql | 11 | ||||
-rw-r--r-- | auth/auth-cass/cass_init/osaaf.cql | 132 | ||||
-rw-r--r-- | auth/auth-cass/cass_init/pull.sh | 16 | ||||
-rw-r--r-- | auth/auth-cass/cass_init/push.sh | 24 | ||||
-rw-r--r-- | auth/auth-cass/cass_init/temp_identity.cql | 5 |
13 files changed, 639 insertions, 0 deletions
diff --git a/auth/auth-cass/cass_init/.gitignore b/auth/auth-cass/cass_init/.gitignore new file mode 100644 index 00000000..ce22752c --- /dev/null +++ b/auth/auth-cass/cass_init/.gitignore @@ -0,0 +1 @@ +temp.cql diff --git a/auth/auth-cass/cass_init/build.sh b/auth/auth-cass/cass_init/build.sh new file mode 100644 index 00000000..caa07494 --- /dev/null +++ b/auth/auth-cass/cass_init/build.sh @@ -0,0 +1,6 @@ +#!/bin/bash +CQLSH=/Volumes/Data/apache-cassandra-2.1.14/bin/cqlsh +DIR=. +for T in ns perm role user_role cred config; do + $CQLSH -e "COPY authz.$T TO '$DIR/$T.dat' WITH DELIMITER='|'" +done diff --git a/auth/auth-cass/cass_init/cmd.sh b/auth/auth-cass/cass_init/cmd.sh new file mode 100644 index 00000000..056faed7 --- /dev/null +++ b/auth/auth-cass/cass_init/cmd.sh @@ -0,0 +1,89 @@ +#!/bin/bash +# +# Engage normal Cass Init, then check for data installation +# +if [ ! -e /aaf_cmd ]; then + ln -s /opt/app/aaf/cass_init/cmd.sh /aaf_cmd + chmod u+x /aaf_cmd +fi + +function install_cql { + # Now, make sure data exists + if [ "$(/usr/bin/cqlsh -e 'describe keyspaces' | grep authz)" = "" ]; then + for CNT in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15; do + if [ -z "$(grep 'listening for CQL clients' /var/log/cassandra/system.log)" ]; then + echo "Waiting for Cassandra to start... Sleep 10" + sleep 10 + else + break + fi + done + echo "Initializing Cassandra DB" + if [ "`/usr/bin/cqlsh -e 'describe keyspaces' | grep authz`" == "" ]; then + echo "Docker Installed Basic Cassandra on aaf_cass. Executing the following " + echo "NOTE: This creator provided is only a Single Instance. For more complex Cassandra, create independently" + echo "" + echo " cd /opt/app/aaf/cass_init" + cd /opt/app/aaf/cass_init + echo " cqlsh -f keyspace.cql" + /usr/bin/cqlsh -f keyspace.cql + echo " cqlsh -f init.cql" + /usr/bin/cqlsh -f init.cql + echo "" + echo "The following will give you a temporary identity with which to start working, or emergency" + echo " cqlsh -f temp_identity.cql" + fi + fi +} + +case "$1" in + start) + # Startup like normal + echo "Cassandra Startup" + /usr/local/bin/docker-entrypoint.sh + ;; + onap) + install_cql + + # Change date expiring dat files to more recent + ID_FILE=/opt/app/aaf/cass_init/sample.identities.dat + if [ -e $ID_FILE ]; then + DATE=$(date "+%Y-%m-%d %H:%M:%S.000+0000" -d "+6 months") + echo $DATE + CRED="/opt/app/aaf/cass_init/dats/cred.dat" + # Enter for People + echo "Default Passwords for Apps" + for ID in $(grep '|a|' $ID_FILE | sed -e "s/|.*//"); do + if [ "$ID" = "aaf" ]; then + DOMAIN="aaf.osaaf.org"; + else + DOMAIN="$ID.onap.org"; + fi + unset FIRST + for D in ${DOMAIN//./ }; do + if [ -z "$FIRST" ]; then + NS="$D" + FIRST="N" + else + NS="$D.$NS" + fi + done + echo "$ID@$DOMAIN|2|${DATE}|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|$NS|53344|" >> $CRED + done + + # Enter for People + for ID in $(grep '|e|' $ID_FILE | sed -e "s/|.*//"); do + echo "$ID@people.osaaf.org|2|${DATE}|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|" >> $CRED + done + + # Change UserRole + mv dats/user_role.dat tmp + sed "s/\(^.*|\)\(.*|\)\(.*|\)\(.*\)/\1${DATE}|\3\4/" tmp > dats/user_role.dat + + # Remove ID File, which is marker for initializing Creds + rm $ID_FILE + fi + bash push.sh + ;; +esac + diff --git a/auth/auth-cass/cass_init/config.dat b/auth/auth-cass/cass_init/config.dat new file mode 100644 index 00000000..0e705b92 --- /dev/null +++ b/auth/auth-cass/cass_init/config.dat @@ -0,0 +1,9 @@ +aaf|aaf_env|DEV
+aaf|cadi_x509_issuers|CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
+aaf|aaf_oauth2_introspect_url|https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect
+aaf|aaf_oauth2_token_url|https://AAF_LOCATE_URL/AAF_NS.token:2.1/token
+aaf|aaf_url|https://AAF_LOCATE_URL/AAF_NS.service:2.1
+aaf|cadi_protocols|TLSv1.1,TLSv1.2
+aaf|cm_url|https://AAF_LOCATE_URL/AAF_NS.cm:2.1
+aaf|fs_url|https://AAF_LOCATE_URL/AAF_NS.fs.2.1
+aaf|gui_url|https://AAF_LOCATE_URL/AAF_NS.gui.2.1
diff --git a/auth/auth-cass/cass_init/data.sh b/auth/auth-cass/cass_init/data.sh new file mode 100644 index 00000000..0374e619 --- /dev/null +++ b/auth/auth-cass/cass_init/data.sh @@ -0,0 +1,59 @@ +#!/bin/bash +# +# Copies of Repo data need to be added to "dats" dir for loading by push.sh +# +# Further, repo data has dates that are out of date. We need to update reasonable +# expiration dates +# + +DIR=/opt/app/aaf/cass_init +cd $DIR/dats +ID_FILE=$DIR/opt/app/aaf/cass_init/ + + if [ -e $ID_FILE ]; then + if [ "$(uname -s)" = "Darwin" ]; then + DATE=$(date "+%Y-%m-%d %H:%M:%S.000+0000" -v "+6m") + else + DATE=$(date "+%Y-%m-%d %H:%M:%S.000+0000" -d "+6 months") + fi + echo $DATE + CRED="cred.dat" + # Enter for People + echo "Default Passwords for People" + for ID in $(grep '|a|' $ID_FILE | sed -e "s/|.*//"); do + if [ "$ID" = "aaf" ]; then + DOMAIN="aaf.osaaf.org"; + else + DOMAIN="$ID.onap.org"; + fi + unset FIRST + for D in ${DOMAIN//./ }; do + if [ -z "$FIRST" ]; then + NS="$D" + FIRST="N" + else + NS="$D.$NS" + fi + done + echo "$ID@$DOMAIN|2|${DATE}|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|$NS|53344|" >> $CRED + done + + for ID in $(grep '|e|' $ID_FILE | sed -e "s/|.*//"); do + echo "$ID@people.osaaf.org|2|${DATE}|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|" >> $CRED + done + + mv user_role.dat tmp + sed "s/\(^.*|\)\(.*|\)\(.*|\)\(.*\)/\1${DATE}|\3\4/" tmp > user_role.dat + + for DAT in ns perm role ns_attrib user_role cred; do + $DOCKER container cp $DAT.dat aaf_cass:/tmp/$DAT.dat + $DOCKER exec aaf_cass bash /usr/bin/cqlsh -k authz -e "COPY authz.$DAT FROM '/tmp/$DAT.dat' WITH DELIMITER='|'" + $DOCKER exec -t aaf_cass rm /tmp/$DAT.dat + done + rm $CRED + mv tmp user_role.dat + else + echo DInstall requires access to 'identities.dat' + fi + cd - + diff --git a/auth/auth-cass/cass_init/extract.sh b/auth/auth-cass/cass_init/extract.sh new file mode 100644 index 00000000..cdebbc8d --- /dev/null +++ b/auth/auth-cass/cass_init/extract.sh @@ -0,0 +1,7 @@ +#!/bin/bash +cd /opt/app/cass_init +if [ -e dat.gz ]; then + tar -xvf dat.gz +else + echo "No data files" +fi diff --git a/auth/auth-cass/cass_init/init.cql b/auth/auth-cass/cass_init/init.cql new file mode 100644 index 00000000..bf75998d --- /dev/null +++ b/auth/auth-cass/cass_init/init.cql @@ -0,0 +1,273 @@ + +// Table Initialization +// First make sure the keyspace exists. + +USE authz; + +// +// CORE Table function +// + +// Namespace - establish hierarchical authority to modify +// Permissions and Roles +// "scope" is flag to determine Policy. Typical important scope +// is "company" (1) +CREATE TABLE ns ( + name varchar, + scope int, // deprecated 2.0.11 + description varchar, + parent varchar, + type int, + PRIMARY KEY (name) +); +CREATE INDEX ns_parent on ns(parent); + +CREATE TABLE ns_attrib ( + ns varchar, + key varchar, + value varchar, + PRIMARY KEY (ns,key) +); +create index ns_attrib_key on ns_attrib(key); + +// Will be cached +CREATE TABLE role ( + ns varchar, + name varchar, + perms set<varchar>, // Use "Key" of "name|type|action" + description varchar, + PRIMARY KEY (ns,name) +); +CREATE INDEX role_name ON role(name); + +// Will be cached +CREATE TABLE perm ( + ns varchar, + type varchar, + instance varchar, + action varchar, + roles set<varchar>, // Need to find Roles given Permissions + description varchar, + PRIMARY KEY (ns,type,instance,action) +); + +// This table is user for Authorization +CREATE TABLE user_role ( + user varchar, + role varchar, // deprecated: change to ns/rname after 2.0.11 + ns varchar, + rname varchar, + expires timestamp, + PRIMARY KEY(user,role) + ); +CREATE INDEX user_role_ns ON user_role(ns); +CREATE INDEX user_role_role ON user_role(role); + +// This table is only for the case where return User Credential (MechID) Authentication +CREATE TABLE cred ( + id varchar, + type int, + expires timestamp, + ns varchar, + other int, + notes varchar, + cred blob, + prev blob, + PRIMARY KEY (id,type,expires) + ); +CREATE INDEX cred_ns ON cred(ns); + +// Certificate Cross Table +// coordinated with CRED type 2 +CREATE TABLE cert ( + fingerprint blob, + id varchar, + x500 varchar, + expires timestamp, + PRIMARY KEY (fingerprint) + ); +CREATE INDEX cert_id ON cert(id); +CREATE INDEX cert_x500 ON cert(x500); + +CREATE TABLE notify ( + user text, + type int, + last timestamp, + checksum int, + PRIMARY KEY (user,type) +); + +CREATE TABLE x509 ( + ca text, + serial blob, + id text, + x500 text, + x509 text, + PRIMARY KEY (ca,serial) +); + + +CREATE INDEX x509_id ON x509 (id); +CREATE INDEX x509_x500 ON x509 (x500); + +// +// Deployment Artifact (for Certman) +// +CREATE TABLE artifact ( + mechid text, + machine text, + type Set<text>, + sponsor text, + ca text, + dir text, + os_user text, + ns text, + notify text, + expires timestamp, + renewDays int, + sans Set<text>, + PRIMARY KEY (mechid,machine) +); +CREATE INDEX artifact_machine ON artifact(machine); +CREATE INDEX artifact_ns ON artifact(ns); + +// +// Non-Critical Table functions +// +// Table Info - for Caching +CREATE TABLE cache ( + name varchar, + seg int, // cache Segment + touched timestamp, + PRIMARY KEY(name,seg) +); + +CREATE TABLE history ( + id timeuuid, + yr_mon int, + user varchar, + action varchar, + target varchar, // user, user_role, + subject varchar, // field for searching main portion of target key + memo varchar, //description of the action + reconstruct blob, //serialized form of the target + // detail Map<varchar, varchar>, // additional information + PRIMARY KEY (id) +); +CREATE INDEX history_yr_mon ON history(yr_mon); +CREATE INDEX history_user ON history(user); +CREATE INDEX history_subject ON history(subject); + +// +// A place to hold objects to be created at a future time. +// +CREATE TABLE future ( + id uuid, // uniquify + target varchar, // Target Table + memo varchar, // Description + start timestamp, // When it should take effect + expires timestamp, // When not longer valid + construct blob, // How to construct this object (like History) + PRIMARY KEY(id) +); +CREATE INDEX future_idx ON future(target); +CREATE INDEX future_start_idx ON future(start); + + +CREATE TABLE approval ( + id timeuuid, // unique Key + ticket uuid, // Link to Future Record + user varchar, // the user who needs to be approved + approver varchar, // user approving + type varchar, // approver types i.e. Supervisor, Owner + status varchar, // approval status. pending, approved, denied + memo varchar, // Text for Approval to know what's going on + operation varchar, // List operation to perform + last_notified timestamp, // Timestamp for the last time approver was notified + PRIMARY KEY(id) + ); +CREATE INDEX appr_approver_idx ON approval(approver); +CREATE INDEX appr_user_idx ON approval(user); +CREATE INDEX appr_ticket_idx ON approval(ticket); +CREATE INDEX appr_status_idx ON approval(status); + +CREATE TABLE approved ( + id timeuuid, // unique Key + user varchar, // the user who needs to be approved + approver varchar, // user approving + type varchar, // approver types i.e. Supervisor, Owner + status varchar, // approval status. pending, approved, denied + memo varchar, // Text for Approval to know what's going on + operation varchar, // List operation to perform + PRIMARY KEY(id) + ); +CREATE INDEX approved_approver_idx ON approved(approver); +CREATE INDEX approved_user_idx ON approved(user); + +CREATE TABLE delegate ( + user varchar, + delegate varchar, + expires timestamp, + PRIMARY KEY (user) +); +CREATE INDEX delg_delg_idx ON delegate(delegate); + +// OAuth Tokens +CREATE TABLE oauth_token ( + id text, // Reference + client_id text, // Creating Client ID + user text, // User requesting + active boolean, // Active or not + type int, // Type of Token + refresh text, // Refresh Token + expires timestamp, // Expiration time/Date (signed long) + exp_sec bigint, // Seconds from Jan 1, 1970 + content text, // Content of Token + scopes Set<text>, // Scopes + state text, // Context string (Optional) + req_ip text, // Requesting IP (for logging purpose) + PRIMARY KEY(id) +) with default_time_to_live = 21600; // 6 hours +CREATE INDEX oauth_token_user_idx ON oauth_token(user); + +CREATE TABLE locate ( + name text, // Component/Server name + hostname text, // FQDN of Service/Component + port int, // Port of Service + major int, // Version, Major + minor int, // Version, Minor + patch int, // Version, Patch + pkg int, // Version, Package (if available) + latitude float, // Latitude + longitude float, // Longitude + protocol text, // Protocol (i.e. http https) + subprotocol set<text>, // Accepted SubProtocols, ie. TLS1.1 for https + port_key uuid, // Key into locate_ports + PRIMARY KEY(name,hostname,port) +) with default_time_to_live = 1200; // 20 mins + +CREATE TABLE locate_ports ( + id uuid, // Id into locate + port int, // SubPort + name text, // Name of Other Port + protocol text, // Protocol of Other (i.e. JMX, DEBUG) + subprotocol set<text>, // Accepted sub protocols or versions + PRIMARY KEY(id, port) +) with default_time_to_live = 1200; // 20 mins; + +// +// Used by authz-batch processes to ensure only 1 runs at a time +// +CREATE TABLE run_lock ( + class text, + host text, + start timestamp, + PRIMARY KEY ((class)) +); + +CREATE TABLE config ( + name varchar, + tag varchar, + value varchar, + PRIMARY KEY (name,tag) +); diff --git a/auth/auth-cass/cass_init/init2_1.cql b/auth/auth-cass/cass_init/init2_1.cql new file mode 100644 index 00000000..701dd774 --- /dev/null +++ b/auth/auth-cass/cass_init/init2_1.cql @@ -0,0 +1,7 @@ +use authz; +CREATE TABLE config ( + name varchar, + tag varchar, + value varchar, + PRIMARY KEY (name,tag) +); diff --git a/auth/auth-cass/cass_init/keyspace.cql b/auth/auth-cass/cass_init/keyspace.cql new file mode 100644 index 00000000..52dc5ea7 --- /dev/null +++ b/auth/auth-cass/cass_init/keyspace.cql @@ -0,0 +1,11 @@ +// For Developer Machine single instance +// CREATE KEYSPACE authz +// WITH REPLICATION = {'class' : 'SimpleStrategy','replication_factor':1}; +// +// + +// Example of Network Topology, with Datacenter dc1 & dc2 +// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'dc1': '2', 'dc2': '2' }; +// Out of the box Docker Cassandra comes with "datacenter1", one instance +CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'datacenter1': '1' }; +// diff --git a/auth/auth-cass/cass_init/osaaf.cql b/auth/auth-cass/cass_init/osaaf.cql new file mode 100644 index 00000000..51e6b908 --- /dev/null +++ b/auth/auth-cass/cass_init/osaaf.cql @@ -0,0 +1,132 @@ +USE authz; + +// Create 'org' root NS +INSERT INTO ns (name,description,parent,scope,type) + VALUES('org','Root Namespace','.',1,1); + +INSERT INTO role(ns, name, perms, description) + VALUES('org','admin',{'org.access|*|*'},'Org Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org','owner',{'org.access|*|read,approve'},'Org Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org','access','*','read,approve',{'org.owner'},'Org Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org','access','*','*',{'org.admin'},'Org Write Access'); + + +// Create org.osaaf +INSERT INTO ns (name,description,parent,scope,type) + VALUES('org.osaaf','OSAAF Namespace','org',2,2); + +INSERT INTO role(ns, name, perms,description) + VALUES('org.osaaf','admin',{'org.osaaf.access|*|*'},'OSAAF Admins'); + +INSERT INTO perm(ns, type, instance, action, roles,description) + VALUES ('org.osaaf','access','*','*',{'org.osaaf.admin'},'OSAAF Write Access'); + +INSERT INTO role(ns, name, perms,description) + VALUES('org.osaaf','owner',{'org.osaaf.access|*|read,approve'},'OSAAF Owners'); + +INSERT INTO perm(ns, type, instance, action, roles,description) + VALUES ('org.osaaf','access','*','read,appove',{'org.osaaf.owner'},'OSAAF Read Access'); + +// Create org.osaaf.aaf +INSERT INTO ns (name,description,parent,scope,type) + VALUES('org.osaaf.aaf','Application Authorization Framework','org.osaaf',3,3); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.osaaf.aaf','admin',{'org.osaaf.aaf.access|*|*'},'AAF Admins'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.osaaf.aaf','access','*','*',{'org.osaaf.aaf.admin'},'AAF Write Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.osaaf.aaf','access','*','read,approve',{'org.osaaf.aaf.owner'},'AAF Read Access'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.osaaf.aaf','owner',{'org.osaaf.aaf.access|*|read,approve'},'AAF Owners'); + +// OSAAF Root +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('aaf@aaf.osaaf.org','org.admin','2018-10-31','org','admin'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('aaf@aaf.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin'); + + +// ONAP Specific Entities +// ONAP initial env Namespace +INSERT INTO ns (name,description,parent,scope,type) + VALUES('org.onap','ONAP','org',2,2); + +INSERT INTO ns (name,description,parent,scope,type) + VALUES('org.onap.portal','ONAP Portal','org.onap.portal',3,3); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.onap.portal','access','*','read',{ + 'org.onap.portal.owner','org.onap.portal.designer','org.onap.portal.tester','org.onap.portal.ops','org.onap.portal.governor' + },'Portal Read Access'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','owner',{'org.onap.portal.access|*|read'},'Portal Owner'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.onap.portal','access','*','*',{'org.onap.portal.admin'},'Portal Write Access'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','admin',{'org.onap.portal.access|*|*'},'Portal Admins'); + +// AAF Admin +insert into cred (id,type,expires,cred,notes,ns,other) values('aaf_admin@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('aaf_admin@people.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin'); + +// A Deployer +insert into cred (id,type,expires,cred,notes,ns,other) values('deployer@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO role(ns, name, perms, description) + VALUES('org.osaaf.aaf','deploy',{},'ONAP Deployment Role'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('deployer@people.osaaf.org','org.osaaf.aaf.deploy','2018-10-31','org.osaaf.aaf','deploy'); + + +// DEMO ID (OPS) +insert into cred (id,type,expires,cred,notes,ns,other) values('demo@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('demo@people.osaaf.org','org.onap.portal.admin','2018-10-31','org.onap.portal','admin'); + +// ADMIN +insert into cred (id,type,expires,cred,notes,ns,other) values('jh0003@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('jh0003@people.osaaf.org','org.onap.portal.admin','2018-10-31','org.onap.portal','admin'); + +// DESIGNER +INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('cs0008@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','designer',{'org.onap.portal.access|*|read'},'Portal Designer'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('cs0008@people.osaaf.org','org.onap.portal.designer','2018-10-31','org.onap.portal','designer'); + +// TESTER +INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('jm0007@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','tester',{'org.onap.portal.access|*|read'},'Portal Tester'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('jm0007@people.osaaf.org','org.onap.portal.tester','2018-10-31','org.onap.portal','tester'); + +// OPS +INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('op0001@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','ops',{'org.onap.portal.access|*|read'},'Portal Operations'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('op0001@people.osaaf.org','org.onap.portal.ops','2018-10-31','org.onap.portal','ops'); + +// GOVERNOR +INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('gv0001@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','governor',{'org.onap.portal.access|*|read'},'Portal Governor'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('gv0001@people.osaaf.org','org.onap.portal.governor','2018-10-31','org.onap.portal','governor'); + diff --git a/auth/auth-cass/cass_init/pull.sh b/auth/auth-cass/cass_init/pull.sh new file mode 100644 index 00000000..94695ed1 --- /dev/null +++ b/auth/auth-cass/cass_init/pull.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# +# Pull data from Cassandra into ".dat" files, and "gzip" them +# +DIR=/opt/app/aaf/cass_init +cd $DIR +mkdir -p dats +cd dats +TABLES="$(cqlsh -e "use authz; describe tables")" +for T in $TABLES ; do + cqlsh -e "use authz; COPY $T TO '$T.dat' WITH DELIMITER='|';" +done +cd $DIR +tar -cvzf dat.gz dats/*.dat +rm -Rf dats + diff --git a/auth/auth-cass/cass_init/push.sh b/auth/auth-cass/cass_init/push.sh new file mode 100644 index 00000000..48521699 --- /dev/null +++ b/auth/auth-cass/cass_init/push.sh @@ -0,0 +1,24 @@ +#!/bin/bash +# +# Push data from Cassandra ".dat" files +# These are obtained from "gzipped" files, or pre-placed (i.e. initialization) +# in the "dats" directory +# +DIR=/opt/app/aaf/cass_init +cd $DIR +if [ ! -e dats ]; then + if [ -e dat.gz ]; then + tar -xvf dat.gz + else + echo "No Data to push for Cassandra" + exit + fi +fi +cd dats +for T in $(ls *.dat); do + if [ -s $T ]; then + cqlsh -e "use authz; COPY ${T%.dat} FROM '$T' WITH DELIMITER='|';" + fi +done +cd $DIR +#rm -Rf dats diff --git a/auth/auth-cass/cass_init/temp_identity.cql b/auth/auth-cass/cass_init/temp_identity.cql new file mode 100644 index 00000000..3032372b --- /dev/null +++ b/auth/auth-cass/cass_init/temp_identity.cql @@ -0,0 +1,5 @@ +USE authz; +// Create Root pass +INSERT INTO cred (id,ns,type,cred,expires) + VALUES ('aaf@aaf.osaaf.org','org.osaaf.aaf',1,0xdd82c1882969461de74b46427961ea2c,'2099-12-31') using TTL 14400; + |