summaryrefslogtreecommitdiffstats
path: root/auth/auth-cass/cass_init
diff options
context:
space:
mode:
Diffstat (limited to 'auth/auth-cass/cass_init')
-rw-r--r--auth/auth-cass/cass_init/.gitignore1
-rw-r--r--auth/auth-cass/cass_init/build.sh6
-rw-r--r--auth/auth-cass/cass_init/cmd.sh89
-rw-r--r--auth/auth-cass/cass_init/config.dat9
-rw-r--r--auth/auth-cass/cass_init/data.sh59
-rw-r--r--auth/auth-cass/cass_init/extract.sh7
-rw-r--r--auth/auth-cass/cass_init/init.cql273
-rw-r--r--auth/auth-cass/cass_init/init2_1.cql7
-rw-r--r--auth/auth-cass/cass_init/keyspace.cql11
-rw-r--r--auth/auth-cass/cass_init/osaaf.cql132
-rw-r--r--auth/auth-cass/cass_init/pull.sh16
-rw-r--r--auth/auth-cass/cass_init/push.sh24
-rw-r--r--auth/auth-cass/cass_init/temp_identity.cql5
13 files changed, 639 insertions, 0 deletions
diff --git a/auth/auth-cass/cass_init/.gitignore b/auth/auth-cass/cass_init/.gitignore
new file mode 100644
index 00000000..ce22752c
--- /dev/null
+++ b/auth/auth-cass/cass_init/.gitignore
@@ -0,0 +1 @@
+temp.cql
diff --git a/auth/auth-cass/cass_init/build.sh b/auth/auth-cass/cass_init/build.sh
new file mode 100644
index 00000000..caa07494
--- /dev/null
+++ b/auth/auth-cass/cass_init/build.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+CQLSH=/Volumes/Data/apache-cassandra-2.1.14/bin/cqlsh
+DIR=.
+for T in ns perm role user_role cred config; do
+ $CQLSH -e "COPY authz.$T TO '$DIR/$T.dat' WITH DELIMITER='|'"
+done
diff --git a/auth/auth-cass/cass_init/cmd.sh b/auth/auth-cass/cass_init/cmd.sh
new file mode 100644
index 00000000..056faed7
--- /dev/null
+++ b/auth/auth-cass/cass_init/cmd.sh
@@ -0,0 +1,89 @@
+#!/bin/bash
+#
+# Engage normal Cass Init, then check for data installation
+#
+if [ ! -e /aaf_cmd ]; then
+ ln -s /opt/app/aaf/cass_init/cmd.sh /aaf_cmd
+ chmod u+x /aaf_cmd
+fi
+
+function install_cql {
+ # Now, make sure data exists
+ if [ "$(/usr/bin/cqlsh -e 'describe keyspaces' | grep authz)" = "" ]; then
+ for CNT in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15; do
+ if [ -z "$(grep 'listening for CQL clients' /var/log/cassandra/system.log)" ]; then
+ echo "Waiting for Cassandra to start... Sleep 10"
+ sleep 10
+ else
+ break
+ fi
+ done
+ echo "Initializing Cassandra DB"
+ if [ "`/usr/bin/cqlsh -e 'describe keyspaces' | grep authz`" == "" ]; then
+ echo "Docker Installed Basic Cassandra on aaf_cass. Executing the following "
+ echo "NOTE: This creator provided is only a Single Instance. For more complex Cassandra, create independently"
+ echo ""
+ echo " cd /opt/app/aaf/cass_init"
+ cd /opt/app/aaf/cass_init
+ echo " cqlsh -f keyspace.cql"
+ /usr/bin/cqlsh -f keyspace.cql
+ echo " cqlsh -f init.cql"
+ /usr/bin/cqlsh -f init.cql
+ echo ""
+ echo "The following will give you a temporary identity with which to start working, or emergency"
+ echo " cqlsh -f temp_identity.cql"
+ fi
+ fi
+}
+
+case "$1" in
+ start)
+ # Startup like normal
+ echo "Cassandra Startup"
+ /usr/local/bin/docker-entrypoint.sh
+ ;;
+ onap)
+ install_cql
+
+ # Change date expiring dat files to more recent
+ ID_FILE=/opt/app/aaf/cass_init/sample.identities.dat
+ if [ -e $ID_FILE ]; then
+ DATE=$(date "+%Y-%m-%d %H:%M:%S.000+0000" -d "+6 months")
+ echo $DATE
+ CRED="/opt/app/aaf/cass_init/dats/cred.dat"
+ # Enter for People
+ echo "Default Passwords for Apps"
+ for ID in $(grep '|a|' $ID_FILE | sed -e "s/|.*//"); do
+ if [ "$ID" = "aaf" ]; then
+ DOMAIN="aaf.osaaf.org";
+ else
+ DOMAIN="$ID.onap.org";
+ fi
+ unset FIRST
+ for D in ${DOMAIN//./ }; do
+ if [ -z "$FIRST" ]; then
+ NS="$D"
+ FIRST="N"
+ else
+ NS="$D.$NS"
+ fi
+ done
+ echo "$ID@$DOMAIN|2|${DATE}|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|$NS|53344|" >> $CRED
+ done
+
+ # Enter for People
+ for ID in $(grep '|e|' $ID_FILE | sed -e "s/|.*//"); do
+ echo "$ID@people.osaaf.org|2|${DATE}|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|" >> $CRED
+ done
+
+ # Change UserRole
+ mv dats/user_role.dat tmp
+ sed "s/\(^.*|\)\(.*|\)\(.*|\)\(.*\)/\1${DATE}|\3\4/" tmp > dats/user_role.dat
+
+ # Remove ID File, which is marker for initializing Creds
+ rm $ID_FILE
+ fi
+ bash push.sh
+ ;;
+esac
+
diff --git a/auth/auth-cass/cass_init/config.dat b/auth/auth-cass/cass_init/config.dat
new file mode 100644
index 00000000..0e705b92
--- /dev/null
+++ b/auth/auth-cass/cass_init/config.dat
@@ -0,0 +1,9 @@
+aaf|aaf_env|DEV
+aaf|cadi_x509_issuers|CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
+aaf|aaf_oauth2_introspect_url|https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect
+aaf|aaf_oauth2_token_url|https://AAF_LOCATE_URL/AAF_NS.token:2.1/token
+aaf|aaf_url|https://AAF_LOCATE_URL/AAF_NS.service:2.1
+aaf|cadi_protocols|TLSv1.1,TLSv1.2
+aaf|cm_url|https://AAF_LOCATE_URL/AAF_NS.cm:2.1
+aaf|fs_url|https://AAF_LOCATE_URL/AAF_NS.fs.2.1
+aaf|gui_url|https://AAF_LOCATE_URL/AAF_NS.gui.2.1
diff --git a/auth/auth-cass/cass_init/data.sh b/auth/auth-cass/cass_init/data.sh
new file mode 100644
index 00000000..0374e619
--- /dev/null
+++ b/auth/auth-cass/cass_init/data.sh
@@ -0,0 +1,59 @@
+#!/bin/bash
+#
+# Copies of Repo data need to be added to "dats" dir for loading by push.sh
+#
+# Further, repo data has dates that are out of date. We need to update reasonable
+# expiration dates
+#
+
+DIR=/opt/app/aaf/cass_init
+cd $DIR/dats
+ID_FILE=$DIR/opt/app/aaf/cass_init/
+
+ if [ -e $ID_FILE ]; then
+ if [ "$(uname -s)" = "Darwin" ]; then
+ DATE=$(date "+%Y-%m-%d %H:%M:%S.000+0000" -v "+6m")
+ else
+ DATE=$(date "+%Y-%m-%d %H:%M:%S.000+0000" -d "+6 months")
+ fi
+ echo $DATE
+ CRED="cred.dat"
+ # Enter for People
+ echo "Default Passwords for People"
+ for ID in $(grep '|a|' $ID_FILE | sed -e "s/|.*//"); do
+ if [ "$ID" = "aaf" ]; then
+ DOMAIN="aaf.osaaf.org";
+ else
+ DOMAIN="$ID.onap.org";
+ fi
+ unset FIRST
+ for D in ${DOMAIN//./ }; do
+ if [ -z "$FIRST" ]; then
+ NS="$D"
+ FIRST="N"
+ else
+ NS="$D.$NS"
+ fi
+ done
+ echo "$ID@$DOMAIN|2|${DATE}|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|$NS|53344|" >> $CRED
+ done
+
+ for ID in $(grep '|e|' $ID_FILE | sed -e "s/|.*//"); do
+ echo "$ID@people.osaaf.org|2|${DATE}|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|" >> $CRED
+ done
+
+ mv user_role.dat tmp
+ sed "s/\(^.*|\)\(.*|\)\(.*|\)\(.*\)/\1${DATE}|\3\4/" tmp > user_role.dat
+
+ for DAT in ns perm role ns_attrib user_role cred; do
+ $DOCKER container cp $DAT.dat aaf_cass:/tmp/$DAT.dat
+ $DOCKER exec aaf_cass bash /usr/bin/cqlsh -k authz -e "COPY authz.$DAT FROM '/tmp/$DAT.dat' WITH DELIMITER='|'"
+ $DOCKER exec -t aaf_cass rm /tmp/$DAT.dat
+ done
+ rm $CRED
+ mv tmp user_role.dat
+ else
+ echo DInstall requires access to 'identities.dat'
+ fi
+ cd -
+
diff --git a/auth/auth-cass/cass_init/extract.sh b/auth/auth-cass/cass_init/extract.sh
new file mode 100644
index 00000000..cdebbc8d
--- /dev/null
+++ b/auth/auth-cass/cass_init/extract.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+cd /opt/app/cass_init
+if [ -e dat.gz ]; then
+ tar -xvf dat.gz
+else
+ echo "No data files"
+fi
diff --git a/auth/auth-cass/cass_init/init.cql b/auth/auth-cass/cass_init/init.cql
new file mode 100644
index 00000000..bf75998d
--- /dev/null
+++ b/auth/auth-cass/cass_init/init.cql
@@ -0,0 +1,273 @@
+
+// Table Initialization
+// First make sure the keyspace exists.
+
+USE authz;
+
+//
+// CORE Table function
+//
+
+// Namespace - establish hierarchical authority to modify
+// Permissions and Roles
+// "scope" is flag to determine Policy. Typical important scope
+// is "company" (1)
+CREATE TABLE ns (
+ name varchar,
+ scope int, // deprecated 2.0.11
+ description varchar,
+ parent varchar,
+ type int,
+ PRIMARY KEY (name)
+);
+CREATE INDEX ns_parent on ns(parent);
+
+CREATE TABLE ns_attrib (
+ ns varchar,
+ key varchar,
+ value varchar,
+ PRIMARY KEY (ns,key)
+);
+create index ns_attrib_key on ns_attrib(key);
+
+// Will be cached
+CREATE TABLE role (
+ ns varchar,
+ name varchar,
+ perms set<varchar>, // Use "Key" of "name|type|action"
+ description varchar,
+ PRIMARY KEY (ns,name)
+);
+CREATE INDEX role_name ON role(name);
+
+// Will be cached
+CREATE TABLE perm (
+ ns varchar,
+ type varchar,
+ instance varchar,
+ action varchar,
+ roles set<varchar>, // Need to find Roles given Permissions
+ description varchar,
+ PRIMARY KEY (ns,type,instance,action)
+);
+
+// This table is user for Authorization
+CREATE TABLE user_role (
+ user varchar,
+ role varchar, // deprecated: change to ns/rname after 2.0.11
+ ns varchar,
+ rname varchar,
+ expires timestamp,
+ PRIMARY KEY(user,role)
+ );
+CREATE INDEX user_role_ns ON user_role(ns);
+CREATE INDEX user_role_role ON user_role(role);
+
+// This table is only for the case where return User Credential (MechID) Authentication
+CREATE TABLE cred (
+ id varchar,
+ type int,
+ expires timestamp,
+ ns varchar,
+ other int,
+ notes varchar,
+ cred blob,
+ prev blob,
+ PRIMARY KEY (id,type,expires)
+ );
+CREATE INDEX cred_ns ON cred(ns);
+
+// Certificate Cross Table
+// coordinated with CRED type 2
+CREATE TABLE cert (
+ fingerprint blob,
+ id varchar,
+ x500 varchar,
+ expires timestamp,
+ PRIMARY KEY (fingerprint)
+ );
+CREATE INDEX cert_id ON cert(id);
+CREATE INDEX cert_x500 ON cert(x500);
+
+CREATE TABLE notify (
+ user text,
+ type int,
+ last timestamp,
+ checksum int,
+ PRIMARY KEY (user,type)
+);
+
+CREATE TABLE x509 (
+ ca text,
+ serial blob,
+ id text,
+ x500 text,
+ x509 text,
+ PRIMARY KEY (ca,serial)
+);
+
+
+CREATE INDEX x509_id ON x509 (id);
+CREATE INDEX x509_x500 ON x509 (x500);
+
+//
+// Deployment Artifact (for Certman)
+//
+CREATE TABLE artifact (
+ mechid text,
+ machine text,
+ type Set<text>,
+ sponsor text,
+ ca text,
+ dir text,
+ os_user text,
+ ns text,
+ notify text,
+ expires timestamp,
+ renewDays int,
+ sans Set<text>,
+ PRIMARY KEY (mechid,machine)
+);
+CREATE INDEX artifact_machine ON artifact(machine);
+CREATE INDEX artifact_ns ON artifact(ns);
+
+//
+// Non-Critical Table functions
+//
+// Table Info - for Caching
+CREATE TABLE cache (
+ name varchar,
+ seg int, // cache Segment
+ touched timestamp,
+ PRIMARY KEY(name,seg)
+);
+
+CREATE TABLE history (
+ id timeuuid,
+ yr_mon int,
+ user varchar,
+ action varchar,
+ target varchar, // user, user_role,
+ subject varchar, // field for searching main portion of target key
+ memo varchar, //description of the action
+ reconstruct blob, //serialized form of the target
+ // detail Map<varchar, varchar>, // additional information
+ PRIMARY KEY (id)
+);
+CREATE INDEX history_yr_mon ON history(yr_mon);
+CREATE INDEX history_user ON history(user);
+CREATE INDEX history_subject ON history(subject);
+
+//
+// A place to hold objects to be created at a future time.
+//
+CREATE TABLE future (
+ id uuid, // uniquify
+ target varchar, // Target Table
+ memo varchar, // Description
+ start timestamp, // When it should take effect
+ expires timestamp, // When not longer valid
+ construct blob, // How to construct this object (like History)
+ PRIMARY KEY(id)
+);
+CREATE INDEX future_idx ON future(target);
+CREATE INDEX future_start_idx ON future(start);
+
+
+CREATE TABLE approval (
+ id timeuuid, // unique Key
+ ticket uuid, // Link to Future Record
+ user varchar, // the user who needs to be approved
+ approver varchar, // user approving
+ type varchar, // approver types i.e. Supervisor, Owner
+ status varchar, // approval status. pending, approved, denied
+ memo varchar, // Text for Approval to know what's going on
+ operation varchar, // List operation to perform
+ last_notified timestamp, // Timestamp for the last time approver was notified
+ PRIMARY KEY(id)
+ );
+CREATE INDEX appr_approver_idx ON approval(approver);
+CREATE INDEX appr_user_idx ON approval(user);
+CREATE INDEX appr_ticket_idx ON approval(ticket);
+CREATE INDEX appr_status_idx ON approval(status);
+
+CREATE TABLE approved (
+ id timeuuid, // unique Key
+ user varchar, // the user who needs to be approved
+ approver varchar, // user approving
+ type varchar, // approver types i.e. Supervisor, Owner
+ status varchar, // approval status. pending, approved, denied
+ memo varchar, // Text for Approval to know what's going on
+ operation varchar, // List operation to perform
+ PRIMARY KEY(id)
+ );
+CREATE INDEX approved_approver_idx ON approved(approver);
+CREATE INDEX approved_user_idx ON approved(user);
+
+CREATE TABLE delegate (
+ user varchar,
+ delegate varchar,
+ expires timestamp,
+ PRIMARY KEY (user)
+);
+CREATE INDEX delg_delg_idx ON delegate(delegate);
+
+// OAuth Tokens
+CREATE TABLE oauth_token (
+ id text, // Reference
+ client_id text, // Creating Client ID
+ user text, // User requesting
+ active boolean, // Active or not
+ type int, // Type of Token
+ refresh text, // Refresh Token
+ expires timestamp, // Expiration time/Date (signed long)
+ exp_sec bigint, // Seconds from Jan 1, 1970
+ content text, // Content of Token
+ scopes Set<text>, // Scopes
+ state text, // Context string (Optional)
+ req_ip text, // Requesting IP (for logging purpose)
+ PRIMARY KEY(id)
+) with default_time_to_live = 21600; // 6 hours
+CREATE INDEX oauth_token_user_idx ON oauth_token(user);
+
+CREATE TABLE locate (
+ name text, // Component/Server name
+ hostname text, // FQDN of Service/Component
+ port int, // Port of Service
+ major int, // Version, Major
+ minor int, // Version, Minor
+ patch int, // Version, Patch
+ pkg int, // Version, Package (if available)
+ latitude float, // Latitude
+ longitude float, // Longitude
+ protocol text, // Protocol (i.e. http https)
+ subprotocol set<text>, // Accepted SubProtocols, ie. TLS1.1 for https
+ port_key uuid, // Key into locate_ports
+ PRIMARY KEY(name,hostname,port)
+) with default_time_to_live = 1200; // 20 mins
+
+CREATE TABLE locate_ports (
+ id uuid, // Id into locate
+ port int, // SubPort
+ name text, // Name of Other Port
+ protocol text, // Protocol of Other (i.e. JMX, DEBUG)
+ subprotocol set<text>, // Accepted sub protocols or versions
+ PRIMARY KEY(id, port)
+) with default_time_to_live = 1200; // 20 mins;
+
+//
+// Used by authz-batch processes to ensure only 1 runs at a time
+//
+CREATE TABLE run_lock (
+ class text,
+ host text,
+ start timestamp,
+ PRIMARY KEY ((class))
+);
+
+CREATE TABLE config (
+ name varchar,
+ tag varchar,
+ value varchar,
+ PRIMARY KEY (name,tag)
+);
diff --git a/auth/auth-cass/cass_init/init2_1.cql b/auth/auth-cass/cass_init/init2_1.cql
new file mode 100644
index 00000000..701dd774
--- /dev/null
+++ b/auth/auth-cass/cass_init/init2_1.cql
@@ -0,0 +1,7 @@
+use authz;
+CREATE TABLE config (
+ name varchar,
+ tag varchar,
+ value varchar,
+ PRIMARY KEY (name,tag)
+);
diff --git a/auth/auth-cass/cass_init/keyspace.cql b/auth/auth-cass/cass_init/keyspace.cql
new file mode 100644
index 00000000..52dc5ea7
--- /dev/null
+++ b/auth/auth-cass/cass_init/keyspace.cql
@@ -0,0 +1,11 @@
+// For Developer Machine single instance
+// CREATE KEYSPACE authz
+// WITH REPLICATION = {'class' : 'SimpleStrategy','replication_factor':1};
+//
+//
+
+// Example of Network Topology, with Datacenter dc1 & dc2
+// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'dc1': '2', 'dc2': '2' };
+// Out of the box Docker Cassandra comes with "datacenter1", one instance
+CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'datacenter1': '1' };
+//
diff --git a/auth/auth-cass/cass_init/osaaf.cql b/auth/auth-cass/cass_init/osaaf.cql
new file mode 100644
index 00000000..51e6b908
--- /dev/null
+++ b/auth/auth-cass/cass_init/osaaf.cql
@@ -0,0 +1,132 @@
+USE authz;
+
+// Create 'org' root NS
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org','Root Namespace','.',1,1);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org','admin',{'org.access|*|*'},'Org Admins');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org','owner',{'org.access|*|read,approve'},'Org Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org','access','*','read,approve',{'org.owner'},'Org Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org','access','*','*',{'org.admin'},'Org Write Access');
+
+
+// Create org.osaaf
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org.osaaf','OSAAF Namespace','org',2,2);
+
+INSERT INTO role(ns, name, perms,description)
+ VALUES('org.osaaf','admin',{'org.osaaf.access|*|*'},'OSAAF Admins');
+
+INSERT INTO perm(ns, type, instance, action, roles,description)
+ VALUES ('org.osaaf','access','*','*',{'org.osaaf.admin'},'OSAAF Write Access');
+
+INSERT INTO role(ns, name, perms,description)
+ VALUES('org.osaaf','owner',{'org.osaaf.access|*|read,approve'},'OSAAF Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles,description)
+ VALUES ('org.osaaf','access','*','read,appove',{'org.osaaf.owner'},'OSAAF Read Access');
+
+// Create org.osaaf.aaf
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org.osaaf.aaf','Application Authorization Framework','org.osaaf',3,3);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.osaaf.aaf','admin',{'org.osaaf.aaf.access|*|*'},'AAF Admins');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.osaaf.aaf','access','*','*',{'org.osaaf.aaf.admin'},'AAF Write Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.osaaf.aaf','access','*','read,approve',{'org.osaaf.aaf.owner'},'AAF Read Access');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.osaaf.aaf','owner',{'org.osaaf.aaf.access|*|read,approve'},'AAF Owners');
+
+// OSAAF Root
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('aaf@aaf.osaaf.org','org.admin','2018-10-31','org','admin');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('aaf@aaf.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin');
+
+
+// ONAP Specific Entities
+// ONAP initial env Namespace
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org.onap','ONAP','org',2,2);
+
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org.onap.portal','ONAP Portal','org.onap.portal',3,3);
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.onap.portal','access','*','read',{
+ 'org.onap.portal.owner','org.onap.portal.designer','org.onap.portal.tester','org.onap.portal.ops','org.onap.portal.governor'
+ },'Portal Read Access');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','owner',{'org.onap.portal.access|*|read'},'Portal Owner');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.onap.portal','access','*','*',{'org.onap.portal.admin'},'Portal Write Access');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','admin',{'org.onap.portal.access|*|*'},'Portal Admins');
+
+// AAF Admin
+insert into cred (id,type,expires,cred,notes,ns,other) values('aaf_admin@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('aaf_admin@people.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin');
+
+// A Deployer
+insert into cred (id,type,expires,cred,notes,ns,other) values('deployer@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.osaaf.aaf','deploy',{},'ONAP Deployment Role');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('deployer@people.osaaf.org','org.osaaf.aaf.deploy','2018-10-31','org.osaaf.aaf','deploy');
+
+
+// DEMO ID (OPS)
+insert into cred (id,type,expires,cred,notes,ns,other) values('demo@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('demo@people.osaaf.org','org.onap.portal.admin','2018-10-31','org.onap.portal','admin');
+
+// ADMIN
+insert into cred (id,type,expires,cred,notes,ns,other) values('jh0003@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('jh0003@people.osaaf.org','org.onap.portal.admin','2018-10-31','org.onap.portal','admin');
+
+// DESIGNER
+INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('cs0008@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','designer',{'org.onap.portal.access|*|read'},'Portal Designer');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('cs0008@people.osaaf.org','org.onap.portal.designer','2018-10-31','org.onap.portal','designer');
+
+// TESTER
+INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('jm0007@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','tester',{'org.onap.portal.access|*|read'},'Portal Tester');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('jm0007@people.osaaf.org','org.onap.portal.tester','2018-10-31','org.onap.portal','tester');
+
+// OPS
+INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('op0001@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','ops',{'org.onap.portal.access|*|read'},'Portal Operations');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('op0001@people.osaaf.org','org.onap.portal.ops','2018-10-31','org.onap.portal','ops');
+
+// GOVERNOR
+INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('gv0001@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','governor',{'org.onap.portal.access|*|read'},'Portal Governor');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('gv0001@people.osaaf.org','org.onap.portal.governor','2018-10-31','org.onap.portal','governor');
+
diff --git a/auth/auth-cass/cass_init/pull.sh b/auth/auth-cass/cass_init/pull.sh
new file mode 100644
index 00000000..94695ed1
--- /dev/null
+++ b/auth/auth-cass/cass_init/pull.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+#
+# Pull data from Cassandra into ".dat" files, and "gzip" them
+#
+DIR=/opt/app/aaf/cass_init
+cd $DIR
+mkdir -p dats
+cd dats
+TABLES="$(cqlsh -e "use authz; describe tables")"
+for T in $TABLES ; do
+ cqlsh -e "use authz; COPY $T TO '$T.dat' WITH DELIMITER='|';"
+done
+cd $DIR
+tar -cvzf dat.gz dats/*.dat
+rm -Rf dats
+
diff --git a/auth/auth-cass/cass_init/push.sh b/auth/auth-cass/cass_init/push.sh
new file mode 100644
index 00000000..48521699
--- /dev/null
+++ b/auth/auth-cass/cass_init/push.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+#
+# Push data from Cassandra ".dat" files
+# These are obtained from "gzipped" files, or pre-placed (i.e. initialization)
+# in the "dats" directory
+#
+DIR=/opt/app/aaf/cass_init
+cd $DIR
+if [ ! -e dats ]; then
+ if [ -e dat.gz ]; then
+ tar -xvf dat.gz
+ else
+ echo "No Data to push for Cassandra"
+ exit
+ fi
+fi
+cd dats
+for T in $(ls *.dat); do
+ if [ -s $T ]; then
+ cqlsh -e "use authz; COPY ${T%.dat} FROM '$T' WITH DELIMITER='|';"
+ fi
+done
+cd $DIR
+#rm -Rf dats
diff --git a/auth/auth-cass/cass_init/temp_identity.cql b/auth/auth-cass/cass_init/temp_identity.cql
new file mode 100644
index 00000000..3032372b
--- /dev/null
+++ b/auth/auth-cass/cass_init/temp_identity.cql
@@ -0,0 +1,5 @@
+USE authz;
+// Create Root pass
+INSERT INTO cred (id,ns,type,cred,expires)
+ VALUES ('aaf@aaf.osaaf.org','org.osaaf.aaf',1,0xdd82c1882969461de74b46427961ea2c,'2099-12-31') using TTL 14400;
+