diff options
Diffstat (limited to 'auth/auth-service')
4 files changed, 361 insertions, 372 deletions
diff --git a/auth/auth-service/pom.xml b/auth/auth-service/pom.xml index 10e3e4e7..16592856 100644 --- a/auth/auth-service/pom.xml +++ b/auth/auth-service/pom.xml @@ -121,6 +121,7 @@ <name>service</name> <commandLineArguments> <commandLineArgument>cadi_prop_files=${project.conf_dir}/org.osaaf.service.props</commandLineArgument> + <commandLineArgument>cadi_log_dir=${project.ext_root_dir}/logs/service</commandLineArgument> </commandLineArguments> </program> </programs> diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java index 0040912f..bdabc39e 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java @@ -21,8 +21,6 @@ package org.onap.aaf.auth.service; -import java.io.File; - import javax.servlet.Filter; import org.onap.aaf.auth.cache.Cache; @@ -216,19 +214,9 @@ public class AAF_Service extends AbsService<AuthzEnv,AuthzTrans> { */ public static void main(final String[] args) { try { - String propsFile = getArg(AAF_LOG4J_PREFIX, args, "org.osaaf")+".log4j.props"; - String log_dir = getArg(Config.CADI_LOGDIR,args,"./logs"); - String log_level = getArg(Config.CADI_LOGLEVEL,args,"INFO"); - File logs = new File(log_dir); - if(!logs.isDirectory()) { - logs.delete(); - } - if(!logs.exists()) { - logs.mkdirs(); - } - Log4JLogIt logIt = new Log4JLogIt(log_dir,log_level,propsFile, "authz"); + Log4JLogIt logIt = new Log4JLogIt(args, "authz"); PropAccess propAccess = new PropAccess(logIt,args); - + AbsService<AuthzEnv, AuthzTrans> service = new AAF_Service(new AuthzEnv(propAccess)); JettyServiceStarter<AuthzEnv,AuthzTrans> jss = new JettyServiceStarter<AuthzEnv,AuthzTrans>(service); jss.start(); diff --git a/auth/auth-service/src/main/resources/docker-compose/data/ecomp.txt b/auth/auth-service/src/main/resources/docker-compose/data/ecomp.txt index bf1bc3c1..a5839f30 100644 --- a/auth/auth-service/src/main/resources/docker-compose/data/ecomp.txt +++ b/auth/auth-service/src/main/resources/docker-compose/data/ecomp.txt @@ -1,302 +1,302 @@ -USE authz;
-
-// Create Root pass
-INSERT INTO cred (id,ns,type,cred,expires)
- VALUES ('dgl@openecomp.org','org.openecomp',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31');
-
-INSERT INTO cred (id,ns,type,cred,expires)
- VALUES ('ryan@appc.onap.org','org.onap.appc',1,0x9fb680a2292b51d5dc40335cabfa1a9a,'2020-12-31');
-
-INSERT INTO cred (id,ns,type,cred,expires)
- VALUES ('sai@onap.org','org.onap.appc',1,0x9fb680a2292b51d5dc40335cabfa1a9a,'2020-12-31');
-
-INSERT INTO cred (id,ns,type,cred,expires)
- VALUES ('shi@portal.onap.org','org.onap.portal',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31');
-
-INSERT INTO cred (id,ns,type,cred,expires)
- VALUES ('admin@portal.onap.org','org.onap.portal',1,0x37c77980eee6a7d47050d199f7191ba9,'2020-12-31');
-
-INSERT INTO cred (id,ns,type,cred,expires)
- VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31');
-
-INSERT INTO cred (id,ns,type,cred,expires)
- VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31');
-
-
-// Create 'com' root NS
-INSERT INTO ns (name,scope,description,parent,type)
- VALUES('com',1,'Root Namespace',null,1);
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('com','admin',{'com.access|*|*'},'Com Admins');
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('com','owner',{'com.access|*|read'},'Com Owners');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('com','access','*','read',{'com.owner'},'Com Read Access');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('com','access','*','*',{'com.admin'},'Com Write Access');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('dgl@openecomp.org','com.owner','2020-12-31','com','owner');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('dgl@openecomp.org','com.admin','2020-12-31','com','admin');
-
-// Create org root NS
-INSERT INTO ns (name,scope,description,parent,type)
- VALUES('org',1,'Root Namespace Org',null,1);
-
-INSERT INTO ns (name,scope,description,parent,type)
- VALUES('org.openecomp.dcae',3,'DCAE Namespace Org','org.openecomp',3);
-
-INSERT INTO ns (name,scope,description,parent,type)
- VALUES('org.openecomp.dmaapBC',3,'DMaaP BC Namespace Org','org.openecomp',3);
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('org','admin',{'org.access|*|*'},'Com Admins');
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('org','owner',{'org.access|*|read'},'Com Owners');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('org','access','*','read',{'org.owner'},'Com Read Access');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('org','access','*','*',{'org.admin'},'Com Write Access');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('dgl@openecomp.org','org.owner','2020-12-31','org','owner');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('dgl@openecomp.org','org.admin','2020-12-31','org','admin');
-
-
-// Create com.att
-
-INSERT INTO ns (name,scope,description,parent,type)
- VALUES('com.att',2,'AT&T Namespace','com',2);
-
-INSERT INTO role(ns, name, perms,description)
- VALUES('com.att','admin',{'com.att.access|*|*'},'AT&T Admins');
-
-INSERT INTO role(ns, name, perms,description)
- VALUES('com.att','owner',{'com.att.access|*|read'},'AT&T Owners');
-
-INSERT INTO perm(ns, type, instance, action, roles,description)
- VALUES ('com.att','access','*','read',{'com.att.owner'},'AT&T Read Access');
-
-INSERT INTO perm(ns, type, instance, action, roles,description)
- VALUES ('com.att','access','*','*',{'com.att.admin'},'AT&T Write Access');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('dgl@openecomp.org','com.att.owner','2020-12-31','com.att','owner');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('dgl@openecomp.org','com.att.admin','2020-12-31','com.att','admin');
-
-// Create com.att.aaf
-
-INSERT INTO ns (name,scope,description,parent,type)
- VALUES('com.att.aaf',3,'Application Authorization Framework','com.att',3);
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('com.att.aaf','admin',{'com.att.aaf.access|*|*'},'AAF Admins');
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('com.att.aaf','owner',{'com.att.aaf.access|*|read'},'AAF Owners');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('com.att.aaf','access','*','read',{'com.att.aaf.owner'},'AAF Read Access');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('com.att.aaf','access','*','*',{'com.att.aaf.admin'},'AAF Write Access');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('dgl@openecomp.org','com.att.aaf.admin','2020-12-31','com.att.aaf','admin');
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('dgl@openecomp.org','com.att.aaf.owner','2020-12-31','com.att.aaf','owner');
-
-
-// Create org.openecomp
-INSERT INTO ns (name,scope,description,parent,type)
- VALUES('org.openecomp',2,'Open EComp NS','com.att',2);
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('org.openecomp','admin',{'org.openecomp.access|*|*'},'OpenEcomp Admins');
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('org.openecomp','owner',{'org.openecomp.access|*|read'},'OpenEcomp Owners');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('org.openecomp','access','*','read',{'org.openecomp.owner'},'OpenEcomp Read Access');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('org.openecomp','access','*','*',{'org.openecomp.admin'},'OpenEcomp Write Access');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('dgl@openecomp.org','org.openecomp.admin','2020-12-31','org.openecomp','admin');
-
-
-
-
-// Create org.onap
-INSERT INTO ns (name,scope,description,parent,type)
- VALUES('org.onap',2,'Onap NS','com.att',2);
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('org.onap','admin',{'org.onap.access|*|*'},'Onap Admins');
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('org.onap','owner',{'org.onap.access|*|read'},'onap Owners');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('org.onap','access','*','read',{'org.onap.owner'},'Onap Read Access');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('org.onap','access','*','*',{'org.onap.admin'},'Onap Write Access');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('dgl@openecomp.org','org.onap.admin','2020-12-31','org.onap','admin');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('sai@onap.org','org.onap.admin','2020-12-31','org.onap','admin');
-
-
-
-// Create org.onap.appc
-INSERT INTO ns (name,scope,description,parent,type)
- VALUES('org.onap.appc',2,'Onap NS','com.att',2);
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('org.onap.appc','admin',{'org.onap.appc.access|*|*'},'OnapAPPC Admins');
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('org.onap.appc','owner',{'org.onap.appc.access|*|read'},'onap APPC Owners');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('org.onap.appc','access','*','read',{'org.onap.appc.owner'},'Onap Read Access');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('org.onap.appc','access','*','*',{'org.onap.appc.admin'},'Onap Write Access');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('dgl@openecomp.org','org.onap.appc.admin','2020-12-31','org.onap.appc','admin');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('sai@onap.org','org.onap.appc.admin','2020-12-31','org.onap.appc','admin');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('ryan@appc.onap.org','org.onap.appc.admin','2020-12-31','org.onap.appc','admin');
-
-
-
-// Create org.onap.portal
-INSERT INTO ns (name,scope,description,parent,type)
- VALUES('org.onap.portal',2,'Onap NS','com.att',2);
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('org.onap.portal','admin',{'org.onap.portal.access|*|*'},'Onap Portal Admins');
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('org.onap.portal','owner',{'org.onap.portal.access|*|read'},'onap Portal Owners');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('org.onap.portal','access','*','read',{'org.onap.portal.owner'},'Onap Portal Read Access');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('org.onap.portal','access','*','*',{'org.onap.portal.admin'},'Onap Portal Write Access');
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('org.onap.portal','System_Administrator',{'org.onap.portal.access|*|*'},
- '{\"id\":\"1\",\"name\":\"System Administrator\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'System Administrator');
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('org.onap.portal','Standard_User',{'org.onap.portal.access|*|*'},
- '{\"id\":\"16\",\"name\":\"Standard User\",\"active\":\"true\",\"priority\":\"5\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Standard User');
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('org.onap.portal','Restricted_App_Role',{'org.onap.portal.access|*|*'},
- '{\"id\":\"900\",\"name\":\"Restricted App Role\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Restricted App Role');
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('org.onap.portal','Portal_Notification_Admin',{'org.onap.portal.access|*|*'},
- '{\"id\":\"950\",\"name\":\"Portal Notification Admin\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Portal Notification Admin');
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('org.onap.portal','Account_Administrator',{'org.onap.portal.access|*|*'},
- '{\"id\":\"999\",\"name\":\"Account Administrator\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Account Administrator');
-
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('dgl@openecomp.org','org.onap.portal.admin','2020-12-31','org.onap.portal','admin');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','admin');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('shi@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','admin');
-
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','System_Administrator');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Standard_User');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Restricted_App_Role');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Portal_Notification_Admin');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Account_Administrator');
-
-
-
-
-
-
-// Create org.openecomp.dmaapBC
-
-INSERT INTO ns (name,scope,description,parent,type)
- VALUES('org.openecomp.dmaapBC',3,'Application Authorization Framework','org.openecomp',3);
-
-//INSERT INTO role(ns, name, perms, description)
-// VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*'},'AAF Admins');
-
-INSERT INTO role(ns, name, perms, description)
-VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.topicFactory|:org.openecomp.dmaapBC.topic:org.openecomp.dmaapBC|create','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins');
-
-//INSERT INTO role(ns, name, perms, description)
-//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub'},'AAF Admins');
-
-//INSERT INTO role(ns, name, perms, description)
-//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins');
-
-
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('org.openecomp.dmaapBC','owner',{'org.openecomp.dmaapBC.access|*|read'},'AAF Owners');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('org.openecomp.dmaapBC','access','*','read',{'org.openecomp.dmaapBC.owner'},'AAF Read Access');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('org.openecomp.dmaapBC','access','*','*',{'org.openecomp.dmaapBC.admin'},'AAF Write Access');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin');
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner');
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin');
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner');
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin');
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner');
+USE authz; + +// Create Root pass +INSERT INTO cred (id,ns,type,cred,expires) + VALUES ('dgl@openecomp.org','org.openecomp',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); + +INSERT INTO cred (id,ns,type,cred,expires) + VALUES ('ryan@appc.onap.org','org.onap.appc',1,0x9fb680a2292b51d5dc40335cabfa1a9a,'2020-12-31'); + +INSERT INTO cred (id,ns,type,cred,expires) + VALUES ('sai@onap.org','org.onap.appc',1,0x9fb680a2292b51d5dc40335cabfa1a9a,'2020-12-31'); + +INSERT INTO cred (id,ns,type,cred,expires) + VALUES ('shi@portal.onap.org','org.onap.portal',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); + +INSERT INTO cred (id,ns,type,cred,expires) + VALUES ('admin@portal.onap.org','org.onap.portal',1,0x37c77980eee6a7d47050d199f7191ba9,'2020-12-31'); + +INSERT INTO cred (id,ns,type,cred,expires) + VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); + +INSERT INTO cred (id,ns,type,cred,expires) + VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); + + +// Create 'com' root NS +INSERT INTO ns (name,scope,description,parent,type) + VALUES('com',1,'Root Namespace',null,1); + +INSERT INTO role(ns, name, perms, description) + VALUES('com','admin',{'com.access|*|*'},'Com Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('com','owner',{'com.access|*|read'},'Com Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('com','access','*','read',{'com.owner'},'Com Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('com','access','*','*',{'com.admin'},'Com Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','com.owner','2020-12-31','com','owner'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','com.admin','2020-12-31','com','admin'); + +// Create org root NS +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org',1,'Root Namespace Org',null,1); + +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org.openecomp.dcae',3,'DCAE Namespace Org','org.openecomp',3); + +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org.openecomp.dmaapBC',3,'DMaaP BC Namespace Org','org.openecomp',3); + +INSERT INTO role(ns, name, perms, description) + VALUES('org','admin',{'org.access|*|*'},'Com Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org','owner',{'org.access|*|read'},'Com Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org','access','*','read',{'org.owner'},'Com Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org','access','*','*',{'org.admin'},'Com Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.owner','2020-12-31','org','owner'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.admin','2020-12-31','org','admin'); + + +// Create com.att + +INSERT INTO ns (name,scope,description,parent,type) + VALUES('com.att',2,'AT&T Namespace','com',2); + +INSERT INTO role(ns, name, perms,description) + VALUES('com.att','admin',{'com.att.access|*|*'},'AT&T Admins'); + +INSERT INTO role(ns, name, perms,description) + VALUES('com.att','owner',{'com.att.access|*|read'},'AT&T Owners'); + +INSERT INTO perm(ns, type, instance, action, roles,description) + VALUES ('com.att','access','*','read',{'com.att.owner'},'AT&T Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles,description) + VALUES ('com.att','access','*','*',{'com.att.admin'},'AT&T Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','com.att.owner','2020-12-31','com.att','owner'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','com.att.admin','2020-12-31','com.att','admin'); + +// Create com.att.aaf + +INSERT INTO ns (name,scope,description,parent,type) + VALUES('com.att.aaf',3,'Application Authorization Framework','com.att',3); + +INSERT INTO role(ns, name, perms, description) + VALUES('com.att.aaf','admin',{'com.att.aaf.access|*|*'},'AAF Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('com.att.aaf','owner',{'com.att.aaf.access|*|read'},'AAF Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('com.att.aaf','access','*','read',{'com.att.aaf.owner'},'AAF Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('com.att.aaf','access','*','*',{'com.att.aaf.admin'},'AAF Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','com.att.aaf.admin','2020-12-31','com.att.aaf','admin'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','com.att.aaf.owner','2020-12-31','com.att.aaf','owner'); + + +// Create org.openecomp +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org.openecomp',2,'Open EComp NS','com.att',2); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.openecomp','admin',{'org.openecomp.access|*|*'},'OpenEcomp Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.openecomp','owner',{'org.openecomp.access|*|read'},'OpenEcomp Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.openecomp','access','*','read',{'org.openecomp.owner'},'OpenEcomp Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.openecomp','access','*','*',{'org.openecomp.admin'},'OpenEcomp Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.openecomp.admin','2020-12-31','org.openecomp','admin'); + + + + +// Create org.onap +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org.onap',2,'Onap NS','com.att',2); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap','admin',{'org.onap.access|*|*'},'Onap Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap','owner',{'org.onap.access|*|read'},'onap Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.onap','access','*','read',{'org.onap.owner'},'Onap Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.onap','access','*','*',{'org.onap.admin'},'Onap Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.onap.admin','2020-12-31','org.onap','admin'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('sai@onap.org','org.onap.admin','2020-12-31','org.onap','admin'); + + + +// Create org.onap.appc +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org.onap.appc',2,'Onap NS','com.att',2); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.appc','admin',{'org.onap.appc.access|*|*'},'OnapAPPC Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.appc','owner',{'org.onap.appc.access|*|read'},'onap APPC Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.onap.appc','access','*','read',{'org.onap.appc.owner'},'Onap Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.onap.appc','access','*','*',{'org.onap.appc.admin'},'Onap Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.onap.appc.admin','2020-12-31','org.onap.appc','admin'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('sai@onap.org','org.onap.appc.admin','2020-12-31','org.onap.appc','admin'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('ryan@appc.onap.org','org.onap.appc.admin','2020-12-31','org.onap.appc','admin'); + + + +// Create org.onap.portal +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org.onap.portal',2,'Onap NS','com.att',2); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','admin',{'org.onap.portal.access|*|*'},'Onap Portal Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','owner',{'org.onap.portal.access|*|read'},'onap Portal Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.onap.portal','access','*','read',{'org.onap.portal.owner'},'Onap Portal Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.onap.portal','access','*','*',{'org.onap.portal.admin'},'Onap Portal Write Access'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','System_Administrator',{'org.onap.portal.access|*|*'}, + '{\"id\":\"1\",\"name\":\"System Administrator\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'System Administrator'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','Standard_User',{'org.onap.portal.access|*|*'}, + '{\"id\":\"16\",\"name\":\"Standard User\",\"active\":\"true\",\"priority\":\"5\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Standard User'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','Restricted_App_Role',{'org.onap.portal.access|*|*'}, + '{\"id\":\"900\",\"name\":\"Restricted App Role\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Restricted App Role'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','Portal_Notification_Admin',{'org.onap.portal.access|*|*'}, + '{\"id\":\"950\",\"name\":\"Portal Notification Admin\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Portal Notification Admin'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','Account_Administrator',{'org.onap.portal.access|*|*'}, + '{\"id\":\"999\",\"name\":\"Account Administrator\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Account Administrator'); + + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.onap.portal.admin','2020-12-31','org.onap.portal','admin'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','admin'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('shi@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','admin'); + + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','System_Administrator'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Standard_User'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Restricted_App_Role'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Portal_Notification_Admin'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Account_Administrator'); + + + + + + +// Create org.openecomp.dmaapBC + +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org.openecomp.dmaapBC',3,'Application Authorization Framework','org.openecomp',3); + +//INSERT INTO role(ns, name, perms, description) +// VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*'},'AAF Admins'); + +INSERT INTO role(ns, name, perms, description) +VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.topicFactory|:org.openecomp.dmaapBC.topic:org.openecomp.dmaapBC|create','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins'); + +//INSERT INTO role(ns, name, perms, description) +//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub'},'AAF Admins'); + +//INSERT INTO role(ns, name, perms, description) +//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins'); + + + +INSERT INTO role(ns, name, perms, description) + VALUES('org.openecomp.dmaapBC','owner',{'org.openecomp.dmaapBC.access|*|read'},'AAF Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.openecomp.dmaapBC','access','*','read',{'org.openecomp.dmaapBC.owner'},'AAF Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.openecomp.dmaapBC','access','*','*',{'org.openecomp.dmaapBC.admin'},'AAF Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); diff --git a/auth/auth-service/src/main/resources/docker-compose/docker-compose.yml b/auth/auth-service/src/main/resources/docker-compose/docker-compose.yml index eedfe266..78579adc 100644 --- a/auth/auth-service/src/main/resources/docker-compose/docker-compose.yml +++ b/auth/auth-service/src/main/resources/docker-compose/docker-compose.yml @@ -1,56 +1,56 @@ -#-------------------------------------------------------------------------------
-# ============LICENSE_START====================================================
-# * org.onap.aaf
-# * ===========================================================================
-# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
-# * ===========================================================================
-# * Licensed under the Apache License, Version 2.0 (the "License");
-# * you may not use this file except in compliance with the License.
-# * You may obtain a copy of the License at
-# *
-# * http://www.apache.org/licenses/LICENSE-2.0
-# *
-# * Unless required by applicable law or agreed to in writing, software
-# * distributed under the License is distributed on an "AS IS" BASIS,
-# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# * See the License for the specific language governing permissions and
-# * limitations under the License.
-# * ============LICENSE_END====================================================
-# *
-# *
-#-------------------------------------------------------------------------------
-version: '2'
-services:
- aaf_container:
- image: attos/aaf
- ports:
- - "8101:8101"
- links:
- - cassandra_container
- volumes:
- # - ./authAPI.props:/opt/app/aaf/authz-service/2.0.15/etc/authAPI.props
- - ./wait_for_host_port.sh:/tmp/wait_for_host_port.sh
- - ./data2:/data
- # - ./runaafcli.sh:/opt/app/aaf/authz-service/2.0.15/runaafcli.sh
- # - ./com.osaaf.common.props:/opt/app/aaf/authz-service/2.0.15/etc/com.osaaf.common.props
- # - ./cadi-core-2.1.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-core-2.1.0.jar
- # - ./cadi-aaf-2.1.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-aaf-2.1.0.jar
- # - ./cadi-client-2.1.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-client-2.1.0.jar
- # - ./authz-service-2.0.15.jar:/opt/app/aaf/authz-service/2.0.15/lib/authz-service-2.0.15.jar
- # - ./dme2-3.1.200.jar:/opt/app/aaf/authz-service/2.0.15/lib/dme2-3.1.200.jar
- entrypoint: ["bash", "-c", "/tmp/wait_for_host_port.sh cassandra_container 9042; sleep 20; /bin/sh -c ./startup.sh"]
- environment:
- - CASSANDRA_CLUSTER=cassandra_container
-
-
- cassandra_container:
- image: cassandra:2.1.16
- ports:
- - "7000:7000"
- - "7001:7001"
- - "9042:9042"
- - "9160:9160"
- volumes:
- - ./data:/data
- - ./wait_for_host_port.sh:/tmp/wait_for_host_port.sh
- entrypoint: ["bash", "-c", "(/tmp/wait_for_host_port.sh localhost 9042 cqlsh --file /data/init.cql -u cassandra -p cassandra localhost; cqlsh --file /data/ecomp.cql -u cassandra -p cassandra localhost) & (/docker-entrypoint.sh cassandra -f)"]
+#------------------------------------------------------------------------------- +# ============LICENSE_START==================================================== +# * org.onap.aaf +# * =========================================================================== +# * Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# * =========================================================================== +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +# * ============LICENSE_END==================================================== +# * +# * +#------------------------------------------------------------------------------- +version: '2' +services: + aaf_container: + image: attos/aaf + ports: + - "8101:8101" + links: + - cassandra_container + volumes: + # - ./authAPI.props:/opt/app/aaf/authz-service/2.0.15/etc/authAPI.props + - ./wait_for_host_port.sh:/tmp/wait_for_host_port.sh + - ./data2:/data + # - ./runaafcli.sh:/opt/app/aaf/authz-service/2.0.15/runaafcli.sh + # - ./com.osaaf.common.props:/opt/app/aaf/authz-service/2.0.15/etc/com.osaaf.common.props + # - ./cadi-core-2.1.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-core-2.1.0.jar + # - ./cadi-aaf-2.1.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-aaf-2.1.0.jar + # - ./cadi-client-2.1.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-client-2.1.0.jar + # - ./authz-service-2.0.15.jar:/opt/app/aaf/authz-service/2.0.15/lib/authz-service-2.0.15.jar + # - ./dme2-3.1.200.jar:/opt/app/aaf/authz-service/2.0.15/lib/dme2-3.1.200.jar + entrypoint: ["bash", "-c", "/tmp/wait_for_host_port.sh cassandra_container 9042; sleep 20; /bin/sh -c ./startup.sh"] + environment: + - CASSANDRA_CLUSTER=cassandra_container + + + cassandra_container: + image: cassandra:2.1.16 + ports: + - "7000:7000" + - "7001:7001" + - "9042:9042" + - "9160:9160" + volumes: + - ./data:/data + - ./wait_for_host_port.sh:/tmp/wait_for_host_port.sh + entrypoint: ["bash", "-c", "(/tmp/wait_for_host_port.sh localhost 9042 cqlsh --file /data/init.cql -u cassandra -p cassandra localhost; cqlsh --file /data/ecomp.cql -u cassandra -p cassandra localhost) & (/docker-entrypoint.sh cassandra -f)"] |