summaryrefslogtreecommitdiffstats
path: root/auth/auth-cass
diff options
context:
space:
mode:
Diffstat (limited to 'auth/auth-cass')
-rw-r--r--auth/auth-cass/docker/dbash.sh2
-rw-r--r--auth/auth-cass/docker/dinstall.sh77
-rw-r--r--auth/auth-cass/src/main/cql/.gitignore5
-rw-r--r--auth/auth-cass/src/main/cql/osaaf.cql61
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java24
5 files changed, 118 insertions, 51 deletions
diff --git a/auth/auth-cass/docker/dbash.sh b/auth/auth-cass/docker/dbash.sh
index e10afcc0..38e43dd0 100644
--- a/auth/auth-cass/docker/dbash.sh
+++ b/auth/auth-cass/docker/dbash.sh
@@ -1,3 +1,3 @@
-#!/bin/bash dbash
+#!/bin/bash
docker exec -it aaf_cass bash
diff --git a/auth/auth-cass/docker/dinstall.sh b/auth/auth-cass/docker/dinstall.sh
index 7a3009db..8449fe17 100644
--- a/auth/auth-cass/docker/dinstall.sh
+++ b/auth/auth-cass/docker/dinstall.sh
@@ -1,31 +1,46 @@
-if [ "`docker ps -a | grep aaf_cass`" == "" ]; then
- docker run --name aaf_cass -d cassandra:3.11
- echo "Check for running Docker Container aaf_cass, then run again."
- exit
-else
- docker exec aaf_cass mkdir -p /opt/app/cass_init
- docker cp "../src/main/cql/." aaf_cass:/opt/app/cass_init
-fi
-
-
-echo "Docker Installed Basic Cassandra on aaf_cass. Executing the following "
-echo "NOTE: This creator provided is only a Single Instance. For more complex Cassandra, create independently"
-echo ""
-echo " cd /opt/app/cass_init"
-echo " cqlsh -u root -p root -f keyspace.cql"
-echo " cqlsh -u root -p root -f init.cql"
-echo " cqlsh -u root -p root -f osaaf.cql"
-echo ""
-echo "The following will give you a temporary identity with which to start working, or emergency"
-echo " cqlsh -u root -p root -f temp_identity.cql"
-echo "Sleeping for 10 seconds"
-sleep 10
-docker exec -it aaf_cass bash -c '\
-cd /opt/app/cass_init; \
-echo "Creating Keyspace";cqlsh -u root -p root -f keyspace.cql;\
-echo "Creating init";cqlsh -u root -p root -f init.cql;\
-echo "Creating osaaf";cqlsh -u root -p root -f osaaf.cql;\
-echo "Creating temp Identity";cqlsh -u root -p root -f temp_identity.cql'
-
-echo "Inspecting aafcassadra. Use to get the IP address to update org.osaaf.cassandra.props"
-docker inspect aaf_cass | grep '"IPAddress' | head -1
+#!/bin/bash
+DOCKER=/usr/bin/docker
+echo "Running DInstall"
+if [ "`$DOCKER ps -a | grep aaf_cass`" == "" ]; then
+ echo "starting Cass from 'run'"
+ $DOCKER run --name aaf_cass -d cassandra:3.11
+ echo "aaf_cass Starting"
+ for CNT in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15; do
+ if [ "`$DOCKER container logs aaf_cass | grep 'listening for CQL clients'`" == "" ]; then
+ echo "Sleep 10"
+ sleep 10
+ else
+ break
+ fi
+ done
+
+ echo "Running Phase 2 DInstall"
+ $DOCKER container ps
+
+ echo "Creating /opt/app/cass_init dir on aaf_cass"
+ $DOCKER exec aaf_cass mkdir -p /opt/app/cass_init
+ echo "cp the following files to /opt/app/cass_init dir on aaf_cass"
+ ls ../src/main/cql
+ $DOCKER cp "../src/main/cql/." aaf_cass:/opt/app/cass_init
+ echo "The following files are on /opt/app/cass_init dir on aaf_cass"
+ $DOCKER exec aaf_cass ls /opt/app/cass_init
+
+ echo "Docker Installed Basic Cassandra on aaf_cass. Executing the following "
+ echo "NOTE: This creator provided is only a Single Instance. For more complex Cassandra, create independently"
+ echo ""
+ echo " cd /opt/app/cass_init"
+ echo " cqlsh -f keyspace.cql"
+ echo " cqlsh -f init.cql"
+ echo " cqlsh -f osaaf.cql"
+ echo ""
+ echo "The following will give you a temporary identity with which to start working, or emergency"
+ echo " cqlsh -f temp_identity.cql"
+ echo "Create Keyspaces and Tables"
+ $DOCKER exec aaf_cass bash /usr/bin/cqlsh -f /opt/app/cass_init/keyspace.cql
+ $DOCKER exec aaf_cass bash /usr/bin/cqlsh -e 'describe keyspaces'
+ $DOCKER exec aaf_cass bash /usr/bin/cqlsh -f /opt/app/cass_init/init.cql
+ $DOCKER exec aaf_cass bash /usr/bin/cqlsh -f /opt/app/cass_init/osaaf.cql
+ $DOCKER exec aaf_cass bash /usr/bin/cqlsh -f /opt/app/cass_init/temp_indentity.cql
+else
+ $DOCKER start aaf_cass
+fi
diff --git a/auth/auth-cass/src/main/cql/.gitignore b/auth/auth-cass/src/main/cql/.gitignore
index 5fd2ede3..ce22752c 100644
--- a/auth/auth-cass/src/main/cql/.gitignore
+++ b/auth/auth-cass/src/main/cql/.gitignore
@@ -1,4 +1 @@
-/.settings/
-/.project
-/target/
-/.classpath
+temp.cql
diff --git a/auth/auth-cass/src/main/cql/osaaf.cql b/auth/auth-cass/src/main/cql/osaaf.cql
index 83c7fdf0..e7385ab6 100644
--- a/auth/auth-cass/src/main/cql/osaaf.cql
+++ b/auth/auth-cass/src/main/cql/osaaf.cql
@@ -59,3 +59,64 @@ INSERT INTO role(ns, name, perms, description)
INSERT INTO user_role(user,role,expires,ns,rname)
VALUES ('initial@osaaf.org','org.osaaf.aaf.admin','2099-12-31','org.osaaf.aaf','admin') using TTL 14400;
+
+// ONAP Specific Entities
+// ONAP initial env Namespace
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org.onap','ONAP','org',2,2);
+
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org.onap.portal','ONAP Portal','org.onap.portal',3,3);
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.onap.portal','access','*','read',{
+ 'org.onap.portal.owner','org.onap.portal.designer','org.onap.portal.tester','org.onap.portal.ops','org.onap.portal.governor'
+ },'Portal Read Access');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','owner',{'org.onap.portal.access|*|read'},'Portal Owner');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.onap.portal','access','*','*',{'org.onap.portal.admin'},'Portal Write Access');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','admin',{'org.onap.portal.access|*|*'},'Portal Admins');
+
+// DEMO ID (OPS)
+insert into cred (id,type,expires,cred,notes,ns,other) values('demo@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('demo@people.osaaf.org','org.onap.portal.admin','2018-10-31','org.onap.portal','admin');
+
+// ADMIN
+insert into cred (id,type,expires,cred,notes,ns,other) values('jh0003@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('jh0003@people.osaaf.org','org.onap.portal.admin','2018-10-31','org.onap.portal','admin');
+
+// DESIGNER
+INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('cs0008@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','designer',{'org.onap.portal.access|*|read'},'Portal Designer');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('cs0008@people.osaaf.org','org.onap.portal.designer','2018-10-31','org.onap.portal','designer');
+
+// TESTER
+INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('jm0007@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','tester',{'org.onap.portal.access|*|read'},'Portal Tester');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('jm0007@people.osaaf.org','org.onap.portal.tester','2018-10-31','org.onap.portal','tester');
+
+// OPS
+INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('op0001@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','ops',{'org.onap.portal.access|*|read'},'Portal Operations');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('op0001@people.osaaf.org','org.onap.portal.ops','2018-10-31','org.onap.portal','ops');
+
+// GOVERNOR
+INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('gv0001@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','governor',{'org.onap.portal.access|*|read'},'Portal Governor');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('gv0001@people.osaaf.org','org.onap.portal.governor','2018-10-31','org.onap.portal','governor');
+
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
index 3634af97..95041ea3 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
@@ -50,6 +50,7 @@ import org.onap.aaf.auth.dao.cass.ApprovalDAO;
import org.onap.aaf.auth.dao.cass.CacheInfoDAO;
import org.onap.aaf.auth.dao.cass.CertDAO;
import org.onap.aaf.auth.dao.cass.CredDAO;
+import org.onap.aaf.auth.dao.cass.CredDAO.Data;
import org.onap.aaf.auth.dao.cass.DelegateDAO;
import org.onap.aaf.auth.dao.cass.FutureDAO;
import org.onap.aaf.auth.dao.cass.HistoryDAO;
@@ -61,10 +62,9 @@ import org.onap.aaf.auth.dao.cass.PermDAO;
import org.onap.aaf.auth.dao.cass.RoleDAO;
import org.onap.aaf.auth.dao.cass.Status;
import org.onap.aaf.auth.dao.cass.UserRoleDAO;
-import org.onap.aaf.auth.dao.cass.CredDAO.Data;
import org.onap.aaf.auth.env.AuthzTrans;
-import org.onap.aaf.auth.env.AuthzTransFilter;
import org.onap.aaf.auth.env.AuthzTrans.REQD_TYPE;
+import org.onap.aaf.auth.env.AuthzTransFilter;
import org.onap.aaf.auth.layer.Result;
import org.onap.aaf.auth.org.Organization;
import org.onap.aaf.cadi.Hash;
@@ -351,9 +351,9 @@ public class Question {
*
* Given a Child Namespace, figure out what the best Namespace parent is.
*
- * For instance, if in the NS table, the parent "com.att" exists, but not
+ * For instance, if in the NS table, the parent "org.osaaf" exists, but not
* "org.osaaf.child" or "org.osaaf.a.b.c", then passing in either
- * "org.osaaf.child" or "org.osaaf.a.b.c" will return "com.att"
+ * "org.osaaf.child" or "org.osaaf.a.b.c" will return "org.osaaf"
*
* Uses recursive search on Cached DAO data
*
@@ -780,7 +780,7 @@ public class Question {
checkLessThanDays(trans,7,now,cdd);
return Result.ok(cdd.expires);
} else if (debug!=null) {
- load(debug, cdd,dbcred);
+ load(debug, cdd);
}
break;
case CredDAO.BASIC_AUTH_SHA256:
@@ -793,7 +793,7 @@ public class Question {
checkLessThanDays(trans,7,now,cdd);
return Result.ok(cdd.expires);
} else if (debug!=null) {
- load(debug, cdd, dbcred);
+ load(debug, cdd);
}
break;
default:
@@ -809,14 +809,10 @@ public class Question {
}
} // end for each
if(debug==null) {
- debug=new StringBuilder();
+ trans.audit().printf("No cred matches ip=%s, user=%s\n",trans.ip(),user);
} else {
- debug.append(", ");
+ trans.audit().printf("No cred matches ip=%s, user=%s %s\n",trans.ip(),user,debug.toString());
}
-
- debug.append("cred=");
- debug.append(new String(cred));
- trans.audit().printf("No cred matches ip=%s, user=%s, %s\n",trans.ip(),user,trans.encryptor().encrypt(debug.toString()));
if(expired!=null) {
// Note: this is only returned if there are no good Credentials
rv = Result.err(Status.ERR_Security,
@@ -830,13 +826,11 @@ public class Question {
}
- private void load(StringBuilder debug, Data cdd, byte[] dbcred) {
+ private void load(StringBuilder debug, Data cdd) {
debug.append("DB Entry: user=");
debug.append(cdd.id);
debug.append(",type=");
debug.append(cdd.type);
- debug.append(",cred=");
- debug.append(Hash.toHex(dbcred));
debug.append(",expires=");
debug.append(Chrono.dateTime(cdd.expires));
debug.append('\n');