diff options
Diffstat (limited to 'auth/auth-cass')
-rw-r--r-- | auth/auth-cass/cass_init/minimal.cql | 59 | ||||
-rw-r--r-- | auth/auth-cass/docker/drun.sh | 19 |
2 files changed, 76 insertions, 2 deletions
diff --git a/auth/auth-cass/cass_init/minimal.cql b/auth/auth-cass/cass_init/minimal.cql new file mode 100644 index 00000000..af8f8c60 --- /dev/null +++ b/auth/auth-cass/cass_init/minimal.cql @@ -0,0 +1,59 @@ +USE authz; + +// Create 'org' root NS +INSERT INTO ns (name,description,parent,scope,type) + VALUES('org','Root Namespace','.',1,1); + +INSERT INTO role(ns, name, perms, description) + VALUES('org','admin',{'org.access|*|*'},'Org Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org','owner',{'org.access|*|read,approve'},'Org Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org','access','*','read,approve',{'org.owner'},'Org Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org','access','*','*',{'org.admin'},'Org Write Access'); + + +// Create org.osaaf +INSERT INTO ns (name,description,parent,scope,type) + VALUES('org.osaaf','OSAAF Namespace','org',2,2); + +INSERT INTO role(ns, name, perms,description) + VALUES('org.osaaf','admin',{'org.osaaf.access|*|*'},'OSAAF Admins'); + +INSERT INTO perm(ns, type, instance, action, roles,description) + VALUES ('org.osaaf','access','*','*',{'org.osaaf.admin'},'OSAAF Write Access'); + +INSERT INTO role(ns, name, perms,description) + VALUES('org.osaaf','owner',{'org.osaaf.access|*|read,approve'},'OSAAF Owners'); + +INSERT INTO perm(ns, type, instance, action, roles,description) + VALUES ('org.osaaf','access','*','read,appove',{'org.osaaf.owner'},'OSAAF Read Access'); + +// Create org.osaaf.aaf +INSERT INTO ns (name,description,parent,scope,type) + VALUES('org.osaaf.aaf','Application Authorization Framework','org.osaaf',3,3); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.osaaf.aaf','admin',{'org.osaaf.aaf.access|*|*'},'AAF Admins'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.osaaf.aaf','access','*','*',{'org.osaaf.aaf.admin'},'AAF Write Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.osaaf.aaf','access','*','read,approve',{'org.osaaf.aaf.owner'},'AAF Read Access'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.osaaf.aaf','owner',{'org.osaaf.aaf.access|*|read,approve'},'AAF Owners'); + +// OSAAF Root +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('aaf@aaf.osaaf.org','org.admin','2018-10-31','org','admin'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('aaf@aaf.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin'); + + diff --git a/auth/auth-cass/docker/drun.sh b/auth/auth-cass/docker/drun.sh index cd8ab78c..33b59d7c 100644 --- a/auth/auth-cass/docker/drun.sh +++ b/auth/auth-cass/docker/drun.sh @@ -23,8 +23,22 @@ if [ -e ../../docker/d.props ]; then . ../../docker/d.props fi DOCKER=${DOCKER:-docker} - -if [ "$1" = "publish" ]; then +if [ "$DOCKER" = "podman" ]; then + PODNAME=aaf-cass.onap + if $(podman pod exists $PODNAME); then + echo "Using existing 'podman' pod $PODNAME" + POD="--pod $PODNAME " + else + echo "Create new 'podman' pod $PODNAME" + # Note: Cassandra needs "infra" to work + # Keep in separate pod + #podman pod create --infra=true -n $PODNAME --publish 9042:9042 + podman pod create --infra=false -n $PODNAME + #POD="--pod new:$PODNAME " + POD="--pod $PODNAME " + PUBLISH='--publish 9042:9042 ' + fi +else PUBLISH='--publish 9042:9042 ' fi @@ -47,6 +61,7 @@ if [ "`$DOCKER ps -a | grep aaf-cass`" == "" ]; then -e CASSANDRA_CLUSTER_NAME=osaaf \ -v "aaf_cass_data:/var/lib/cassandra" \ -v "aaf_status:/opt/app/aaf/status" \ + ${POD} \ $PUBLISH \ -d ${PREFIX}${ORG}/${PROJECT}/aaf_cass:${VERSION} "onap" else |