summaryrefslogtreecommitdiffstats
path: root/auth/auth-cass
diff options
context:
space:
mode:
Diffstat (limited to 'auth/auth-cass')
-rw-r--r--auth/auth-cass/cass_init/minimal.cql59
-rw-r--r--auth/auth-cass/docker/drun.sh19
2 files changed, 76 insertions, 2 deletions
diff --git a/auth/auth-cass/cass_init/minimal.cql b/auth/auth-cass/cass_init/minimal.cql
new file mode 100644
index 00000000..af8f8c60
--- /dev/null
+++ b/auth/auth-cass/cass_init/minimal.cql
@@ -0,0 +1,59 @@
+USE authz;
+
+// Create 'org' root NS
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org','Root Namespace','.',1,1);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org','admin',{'org.access|*|*'},'Org Admins');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org','owner',{'org.access|*|read,approve'},'Org Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org','access','*','read,approve',{'org.owner'},'Org Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org','access','*','*',{'org.admin'},'Org Write Access');
+
+
+// Create org.osaaf
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org.osaaf','OSAAF Namespace','org',2,2);
+
+INSERT INTO role(ns, name, perms,description)
+ VALUES('org.osaaf','admin',{'org.osaaf.access|*|*'},'OSAAF Admins');
+
+INSERT INTO perm(ns, type, instance, action, roles,description)
+ VALUES ('org.osaaf','access','*','*',{'org.osaaf.admin'},'OSAAF Write Access');
+
+INSERT INTO role(ns, name, perms,description)
+ VALUES('org.osaaf','owner',{'org.osaaf.access|*|read,approve'},'OSAAF Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles,description)
+ VALUES ('org.osaaf','access','*','read,appove',{'org.osaaf.owner'},'OSAAF Read Access');
+
+// Create org.osaaf.aaf
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org.osaaf.aaf','Application Authorization Framework','org.osaaf',3,3);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.osaaf.aaf','admin',{'org.osaaf.aaf.access|*|*'},'AAF Admins');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.osaaf.aaf','access','*','*',{'org.osaaf.aaf.admin'},'AAF Write Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.osaaf.aaf','access','*','read,approve',{'org.osaaf.aaf.owner'},'AAF Read Access');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.osaaf.aaf','owner',{'org.osaaf.aaf.access|*|read,approve'},'AAF Owners');
+
+// OSAAF Root
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('aaf@aaf.osaaf.org','org.admin','2018-10-31','org','admin');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('aaf@aaf.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin');
+
+
diff --git a/auth/auth-cass/docker/drun.sh b/auth/auth-cass/docker/drun.sh
index cd8ab78c..33b59d7c 100644
--- a/auth/auth-cass/docker/drun.sh
+++ b/auth/auth-cass/docker/drun.sh
@@ -23,8 +23,22 @@ if [ -e ../../docker/d.props ]; then
. ../../docker/d.props
fi
DOCKER=${DOCKER:-docker}
-
-if [ "$1" = "publish" ]; then
+if [ "$DOCKER" = "podman" ]; then
+ PODNAME=aaf-cass.onap
+ if $(podman pod exists $PODNAME); then
+ echo "Using existing 'podman' pod $PODNAME"
+ POD="--pod $PODNAME "
+ else
+ echo "Create new 'podman' pod $PODNAME"
+ # Note: Cassandra needs "infra" to work
+ # Keep in separate pod
+ #podman pod create --infra=true -n $PODNAME --publish 9042:9042
+ podman pod create --infra=false -n $PODNAME
+ #POD="--pod new:$PODNAME "
+ POD="--pod $PODNAME "
+ PUBLISH='--publish 9042:9042 '
+ fi
+else
PUBLISH='--publish 9042:9042 '
fi
@@ -47,6 +61,7 @@ if [ "`$DOCKER ps -a | grep aaf-cass`" == "" ]; then
-e CASSANDRA_CLUSTER_NAME=osaaf \
-v "aaf_cass_data:/var/lib/cassandra" \
-v "aaf_status:/opt/app/aaf/status" \
+ ${POD} \
$PUBLISH \
-d ${PREFIX}${ORG}/${PROJECT}/aaf_cass:${VERSION} "onap"
else