diff options
Diffstat (limited to 'auth/auth-service')
9 files changed, 0 insertions, 863 deletions
diff --git a/auth/auth-service/src/main/resources/docker-compose/data/.gitignore b/auth/auth-service/src/main/resources/docker-compose/data/.gitignore deleted file mode 100644 index 41ab7536..00000000 --- a/auth/auth-service/src/main/resources/docker-compose/data/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -/identities.dat -/identities.idx diff --git a/auth/auth-service/src/main/resources/docker-compose/data/ecomp.cql b/auth/auth-service/src/main/resources/docker-compose/data/ecomp.cql deleted file mode 100644 index c4798398..00000000 --- a/auth/auth-service/src/main/resources/docker-compose/data/ecomp.cql +++ /dev/null @@ -1,206 +0,0 @@ -USE authz; - -// Create Root pass -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('dgl@openecomp.org','org.openecomp',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('ryan@appc.onap.org','org.onap.appc',1,0x9fb680a2292b51d5dc40335cabfa1a9a,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('sai@onap.org','org.onap.appc',1,0x9fb680a2292b51d5dc40335cabfa1a9a,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('shi@portal.onap.org','org.onap.portal',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('admin@portal.onap.org','org.onap.portal',1,0x37c77980eee6a7d47050d199f7191ba9,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('clamp@clamp.onap.org','org.onap.clamp',1,0xe18977785f423b7c3e5d1f283fce4e2e,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - - -// Create 'com' root NS -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com',1,'Root Namespace',null,1); - -INSERT INTO role(ns, name, perms, description) - VALUES('com','admin',{'com.access|*|*'},'Com Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('com','owner',{'com.access|*|read'},'Com Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com','access','*','read',{'com.owner'},'Com Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com','access','*','*',{'com.admin'},'Com Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.owner','2020-12-31','com','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.admin','2020-12-31','com','admin'); - -// Create org root NS -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org',1,'Root Namespace Org',null,1); - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp.dcae',3,'DCAE Namespace Org','org.openecomp',3); - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp.dmaapBC',3,'DMaaP BC Namespace Org','org.openecomp',3); - -INSERT INTO role(ns, name, perms, description) - VALUES('org','admin',{'org.access|*|*'},'Com Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org','owner',{'org.access|*|read'},'Com Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org','access','*','read',{'org.owner'},'Com Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org','access','*','*',{'org.admin'},'Com Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.owner','2020-12-31','org','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.admin','2020-12-31','org','admin'); - - -// Create com.att - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com.att',2,'AT&T Namespace','com',2); - -INSERT INTO role(ns, name, perms,description) - VALUES('com.att','admin',{'com.att.access|*|*'},'AT&T Admins'); - -INSERT INTO role(ns, name, perms,description) - VALUES('com.att','owner',{'com.att.access|*|read'},'AT&T Owners'); - -INSERT INTO perm(ns, type, instance, action, roles,description) - VALUES ('com.att','access','*','read',{'com.att.owner'},'AT&T Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles,description) - VALUES ('com.att','access','*','*',{'com.att.admin'},'AT&T Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.owner','2020-12-31','com.att','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.admin','2020-12-31','com.att','admin'); - -// Create com.att.aaf - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com.att.aaf',3,'Application Authorization Framework','com.att',3); - -INSERT INTO role(ns, name, perms, description) - VALUES('com.att.aaf','admin',{'com.att.aaf.access|*|*'},'AAF Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('com.att.aaf','owner',{'com.att.aaf.access|*|read'},'AAF Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com.att.aaf','access','*','read',{'com.att.aaf.owner'},'AAF Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com.att.aaf','access','*','*',{'com.att.aaf.admin'},'AAF Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.aaf.admin','2020-12-31','com.att.aaf','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.aaf.owner','2020-12-31','com.att.aaf','owner'); - - -// Create org.openecomp -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp',2,'Open EComp NS','com.att',2); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp','admin',{'org.openecomp.access|*|*'},'OpenEcomp Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp','owner',{'org.openecomp.access|*|read'},'OpenEcomp Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp','access','*','read',{'org.openecomp.owner'},'OpenEcomp Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp','access','*','*',{'org.openecomp.admin'},'OpenEcomp Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.openecomp.admin','2020-12-31','org.openecomp','admin'); - - - - -// Create org.onap -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.onap',2,'Open ONAP NS','com.att',2); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap','admin',{'org.onap.access|*|*'},'onap Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap','owner',{'org.onap.access|*|read'},'onap Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.onap','access','*','read',{'org.onap.owner'},'onap Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.onap','access','*','*',{'org.onap.admin'},'onap Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.onap.admin','2020-12-31','org.onap','admin'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.onap.owner','2020-12-31','org.onap','admin'); - - -// Create org.openecomp.dmaapBC - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp.dmaapBC',3,'Application Authorization Framework','org.openecomp',3); - - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.topicFactory|:org.openecomp.dmaapBC.topic:org.openecomp.dmaapBC|create','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins'); - - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp.dmaapBC','owner',{'org.openecomp.dmaapBC.access|*|read'},'AAF Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp.dmaapBC','access','*','read',{'org.openecomp.dmaapBC.owner'},'AAF Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp.dmaapBC','access','*','*',{'org.openecomp.dmaapBC.admin'},'AAF Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); diff --git a/auth/auth-service/src/main/resources/docker-compose/data/ecomp.txt b/auth/auth-service/src/main/resources/docker-compose/data/ecomp.txt deleted file mode 100644 index a5839f30..00000000 --- a/auth/auth-service/src/main/resources/docker-compose/data/ecomp.txt +++ /dev/null @@ -1,302 +0,0 @@ -USE authz; - -// Create Root pass -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('dgl@openecomp.org','org.openecomp',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('ryan@appc.onap.org','org.onap.appc',1,0x9fb680a2292b51d5dc40335cabfa1a9a,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('sai@onap.org','org.onap.appc',1,0x9fb680a2292b51d5dc40335cabfa1a9a,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('shi@portal.onap.org','org.onap.portal',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('admin@portal.onap.org','org.onap.portal',1,0x37c77980eee6a7d47050d199f7191ba9,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - - -// Create 'com' root NS -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com',1,'Root Namespace',null,1); - -INSERT INTO role(ns, name, perms, description) - VALUES('com','admin',{'com.access|*|*'},'Com Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('com','owner',{'com.access|*|read'},'Com Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com','access','*','read',{'com.owner'},'Com Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com','access','*','*',{'com.admin'},'Com Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.owner','2020-12-31','com','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.admin','2020-12-31','com','admin'); - -// Create org root NS -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org',1,'Root Namespace Org',null,1); - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp.dcae',3,'DCAE Namespace Org','org.openecomp',3); - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp.dmaapBC',3,'DMaaP BC Namespace Org','org.openecomp',3); - -INSERT INTO role(ns, name, perms, description) - VALUES('org','admin',{'org.access|*|*'},'Com Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org','owner',{'org.access|*|read'},'Com Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org','access','*','read',{'org.owner'},'Com Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org','access','*','*',{'org.admin'},'Com Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.owner','2020-12-31','org','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.admin','2020-12-31','org','admin'); - - -// Create com.att - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com.att',2,'AT&T Namespace','com',2); - -INSERT INTO role(ns, name, perms,description) - VALUES('com.att','admin',{'com.att.access|*|*'},'AT&T Admins'); - -INSERT INTO role(ns, name, perms,description) - VALUES('com.att','owner',{'com.att.access|*|read'},'AT&T Owners'); - -INSERT INTO perm(ns, type, instance, action, roles,description) - VALUES ('com.att','access','*','read',{'com.att.owner'},'AT&T Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles,description) - VALUES ('com.att','access','*','*',{'com.att.admin'},'AT&T Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.owner','2020-12-31','com.att','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.admin','2020-12-31','com.att','admin'); - -// Create com.att.aaf - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com.att.aaf',3,'Application Authorization Framework','com.att',3); - -INSERT INTO role(ns, name, perms, description) - VALUES('com.att.aaf','admin',{'com.att.aaf.access|*|*'},'AAF Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('com.att.aaf','owner',{'com.att.aaf.access|*|read'},'AAF Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com.att.aaf','access','*','read',{'com.att.aaf.owner'},'AAF Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com.att.aaf','access','*','*',{'com.att.aaf.admin'},'AAF Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.aaf.admin','2020-12-31','com.att.aaf','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.aaf.owner','2020-12-31','com.att.aaf','owner'); - - -// Create org.openecomp -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp',2,'Open EComp NS','com.att',2); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp','admin',{'org.openecomp.access|*|*'},'OpenEcomp Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp','owner',{'org.openecomp.access|*|read'},'OpenEcomp Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp','access','*','read',{'org.openecomp.owner'},'OpenEcomp Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp','access','*','*',{'org.openecomp.admin'},'OpenEcomp Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.openecomp.admin','2020-12-31','org.openecomp','admin'); - - - - -// Create org.onap -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.onap',2,'Onap NS','com.att',2); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap','admin',{'org.onap.access|*|*'},'Onap Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap','owner',{'org.onap.access|*|read'},'onap Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.onap','access','*','read',{'org.onap.owner'},'Onap Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.onap','access','*','*',{'org.onap.admin'},'Onap Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.onap.admin','2020-12-31','org.onap','admin'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('sai@onap.org','org.onap.admin','2020-12-31','org.onap','admin'); - - - -// Create org.onap.appc -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.onap.appc',2,'Onap NS','com.att',2); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap.appc','admin',{'org.onap.appc.access|*|*'},'OnapAPPC Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap.appc','owner',{'org.onap.appc.access|*|read'},'onap APPC Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.onap.appc','access','*','read',{'org.onap.appc.owner'},'Onap Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.onap.appc','access','*','*',{'org.onap.appc.admin'},'Onap Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.onap.appc.admin','2020-12-31','org.onap.appc','admin'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('sai@onap.org','org.onap.appc.admin','2020-12-31','org.onap.appc','admin'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('ryan@appc.onap.org','org.onap.appc.admin','2020-12-31','org.onap.appc','admin'); - - - -// Create org.onap.portal -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.onap.portal',2,'Onap NS','com.att',2); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap.portal','admin',{'org.onap.portal.access|*|*'},'Onap Portal Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap.portal','owner',{'org.onap.portal.access|*|read'},'onap Portal Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.onap.portal','access','*','read',{'org.onap.portal.owner'},'Onap Portal Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.onap.portal','access','*','*',{'org.onap.portal.admin'},'Onap Portal Write Access'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap.portal','System_Administrator',{'org.onap.portal.access|*|*'}, - '{\"id\":\"1\",\"name\":\"System Administrator\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'System Administrator'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap.portal','Standard_User',{'org.onap.portal.access|*|*'}, - '{\"id\":\"16\",\"name\":\"Standard User\",\"active\":\"true\",\"priority\":\"5\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Standard User'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap.portal','Restricted_App_Role',{'org.onap.portal.access|*|*'}, - '{\"id\":\"900\",\"name\":\"Restricted App Role\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Restricted App Role'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap.portal','Portal_Notification_Admin',{'org.onap.portal.access|*|*'}, - '{\"id\":\"950\",\"name\":\"Portal Notification Admin\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Portal Notification Admin'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap.portal','Account_Administrator',{'org.onap.portal.access|*|*'}, - '{\"id\":\"999\",\"name\":\"Account Administrator\",\"active\":\"true\",\"priority\":\"1\",\"appId\":\"NULL\",\"appRoleId\":\"NULL\"},'Account Administrator'); - - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.onap.portal.admin','2020-12-31','org.onap.portal','admin'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','admin'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('shi@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','admin'); - - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','System_Administrator'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Standard_User'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Restricted_App_Role'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Portal_Notification_Admin'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('admin@portal.onap.org','org.onap.portal.admin','2020-12-31','org.onap.portal','Account_Administrator'); - - - - - - -// Create org.openecomp.dmaapBC - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp.dmaapBC',3,'Application Authorization Framework','org.openecomp',3); - -//INSERT INTO role(ns, name, perms, description) -// VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*'},'AAF Admins'); - -INSERT INTO role(ns, name, perms, description) -VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.topicFactory|:org.openecomp.dmaapBC.topic:org.openecomp.dmaapBC|create','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins'); - -//INSERT INTO role(ns, name, perms, description) -//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub'},'AAF Admins'); - -//INSERT INTO role(ns, name, perms, description) -//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins'); - - - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp.dmaapBC','owner',{'org.openecomp.dmaapBC.access|*|read'},'AAF Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp.dmaapBC','access','*','read',{'org.openecomp.dmaapBC.owner'},'AAF Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp.dmaapBC','access','*','*',{'org.openecomp.dmaapBC.admin'},'AAF Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); diff --git a/auth/auth-service/src/main/resources/docker-compose/data/init.cql b/auth/auth-service/src/main/resources/docker-compose/data/init.cql deleted file mode 100644 index 81700f83..00000000 --- a/auth/auth-service/src/main/resources/docker-compose/data/init.cql +++ /dev/null @@ -1,242 +0,0 @@ -// For Developer Machine single instance -// -CREATE KEYSPACE authz -WITH REPLICATION = {'class' : 'SimpleStrategy','replication_factor':1}; -// -// From Ravi, 6-17-2014. User for DEVL->TEST -// -// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'HYWRCA02': '2', 'BRHMALDC': '2' }; -// -// PROD -// -// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','ALPSGACT': '2','STLSMORC': '2','BRHMALDC': '2' }; -// -// create user authz with password '<AUTHZ PASSWORD>' superuser; -// grant all on keyspace authz to authz; -// -// For TEST (aaf_test) -// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'BRHMALDC': '1' }; -// -// DEVL -// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '2' }; -// -// TEST / PERF -// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '3','KGMTNC20': '3' }; -// -// IST -// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC':'3', -// 'DLLSTXCF':'3','KGMTNC20':'3','SFLDMIBB':'3','HYWRCA02':'3' }; -// -// with 6 localized with ccm -// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'dc1': '2', 'dc2': '2' }; -// - -USE authz; - -// -// CORE Table function -// - -// Namespace - establish hierarchical authority to modify -// Permissions and Roles -// "scope" is flag to determine Policy. Typical important scope -// is "company" (1) -CREATE TABLE ns ( - name varchar, - scope int, // deprecated 2.0.11 - description varchar, - parent varchar, - type int, - PRIMARY KEY (name) -); -CREATE INDEX ns_parent on ns(parent); - - -// Oct 2015, not performant. Made Owner and Attrib first class Roles, -// April, 2015. Originally, the plan was to utilize Cassandra 2.1.2, however, other team's preferences were to remain at current levels. -// Therefore, we are taking the separate table approach. (coder Jeremiah Rohwedder) -// We had dropped this by making first class objects of Responsible (Owner) and Admin. We need this again to mark namespaces -// as having certain tools, like SWM, etc. -CREATE TABLE ns_attrib ( - ns varchar, - key varchar, - value varchar, - PRIMARY KEY (ns,key) -); -create index ns_attrib_key on ns_attrib(key); - -// Will be cached -CREATE TABLE role ( - ns varchar, - name varchar, - perms set<varchar>, // Use "Key" of "name|type|action" - description varchar, - PRIMARY KEY (ns,name) -); -CREATE INDEX role_name ON role(name); - -// Will be cached -CREATE TABLE perm ( - ns varchar, - type varchar, - instance varchar, - action varchar, - roles set<varchar>, // Need to find Roles given Permissions - description varchar, - PRIMARY KEY (ns,type,instance,action) -); - -// This table is user for Authorization -CREATE TABLE user_role ( - user varchar, - role varchar, // deprecated: change to ns/rname after 2.0.11 - ns varchar, - rname varchar, - expires timestamp, - PRIMARY KEY(user,role) - ); -CREATE INDEX user_role_ns ON user_role(ns); -CREATE INDEX user_role_role ON user_role(role); - -// This table is only for the case where return User Credential (MechID) Authentication -CREATE TABLE cred ( - id varchar, - type int, - expires timestamp, - ns varchar, - other int, - notes varchar, - cred blob, - prev blob, - PRIMARY KEY (id,type,expires) - ); -CREATE INDEX cred_ns ON cred(ns); - -// Certificate Cross Table -// coordinated with CRED type 2 -CREATE TABLE cert ( - fingerprint blob, - id varchar, - x500 varchar, - expires timestamp, - PRIMARY KEY (fingerprint) - ); -CREATE INDEX cert_id ON cert(id); -CREATE INDEX cert_x500 ON cert(x500); - -CREATE TABLE notify ( - user text, - type int, - last timestamp, - checksum int, - PRIMARY KEY (user,type) -); - -CREATE TABLE x509 ( - ca text, - serial blob, - id text, - x500 text, - x509 text, - PRIMARY KEY (ca,serial) -); - - -CREATE INDEX x509_id ON x509 (id); -CREATE INDEX x509_x500 ON x509 (x500); - -// -// Deployment Artifact (for Certman) -// -CREATE TABLE artifact ( - mechid text, - machine text, - type Set<text>, - sponsor text, - ca text, - dir text, - appName text, - os_user text, - notify text, - expires timestamp, - renewDays int, - PRIMARY KEY (mechid,machine) -); -CREATE INDEX artifact_machine ON artifact(machine); - -// -// Non-Critical Table functions -// -// Table Info - for Caching -CREATE TABLE cache ( - name varchar, - seg int, // cache Segment - touched timestamp, - PRIMARY KEY(name,seg) -); - -CREATE TABLE history ( - id timeuuid, - yr_mon int, - user varchar, - action varchar, - target varchar, // user, user_role, - subject varchar, // field for searching main portion of target key - memo varchar, //description of the action - reconstruct blob, //serialized form of the target - // detail Map<varchar, varchar>, // additional information - PRIMARY KEY (id) -); -CREATE INDEX history_yr_mon ON history(yr_mon); -CREATE INDEX history_user ON history(user); -CREATE INDEX history_subject ON history(subject); - -// -// A place to hold objects to be created at a future time. -// -CREATE TABLE future ( - id uuid, // uniquify - target varchar, // Target Table - memo varchar, // Description - start timestamp, // When it should take effect - expires timestamp, // When not longer valid - construct blob, // How to construct this object (like History) - PRIMARY KEY(id) -); -CREATE INDEX future_idx ON future(target); -CREATE INDEX future_start_idx ON future(start); - - -CREATE TABLE approval ( - id timeuuid, // unique Key - ticket uuid, // Link to Future Record - user varchar, // the user who needs to be approved - approver varchar, // user approving - type varchar, // approver types i.e. Supervisor, Owner - status varchar, // approval status. pending, approved, denied - memo varchar, // Text for Approval to know what's going on - operation varchar, // List operation to perform - PRIMARY KEY(id) - ); -CREATE INDEX appr_approver_idx ON approval(approver); -CREATE INDEX appr_user_idx ON approval(user); -CREATE INDEX appr_ticket_idx ON approval(ticket); -CREATE INDEX appr_status_idx ON approval(status); - -CREATE TABLE delegate ( - user varchar, - delegate varchar, - expires timestamp, - PRIMARY KEY (user) -); -CREATE INDEX delg_delg_idx ON delegate(delegate); - -// -// Used by authz-batch processes to ensure only 1 runs at a time -// -CREATE TABLE run_lock ( - class text, - host text, - start timestamp, - PRIMARY KEY ((class)) -); diff --git a/auth/auth-service/src/main/resources/docker-compose/data2/.gitignore b/auth/auth-service/src/main/resources/docker-compose/data2/.gitignore deleted file mode 100644 index b4e2528b..00000000 --- a/auth/auth-service/src/main/resources/docker-compose/data2/.gitignore +++ /dev/null @@ -1 +0,0 @@ -/identities.dat diff --git a/auth/auth-service/src/main/resources/docker-compose/docker-compose.yml b/auth/auth-service/src/main/resources/docker-compose/docker-compose.yml deleted file mode 100644 index 78579adc..00000000 --- a/auth/auth-service/src/main/resources/docker-compose/docker-compose.yml +++ /dev/null @@ -1,56 +0,0 @@ -#------------------------------------------------------------------------------- -# ============LICENSE_START==================================================== -# * org.onap.aaf -# * =========================================================================== -# * Copyright © 2017 AT&T Intellectual Property. All rights reserved. -# * =========================================================================== -# * Licensed under the Apache License, Version 2.0 (the "License"); -# * you may not use this file except in compliance with the License. -# * You may obtain a copy of the License at -# * -# * http://www.apache.org/licenses/LICENSE-2.0 -# * -# * Unless required by applicable law or agreed to in writing, software -# * distributed under the License is distributed on an "AS IS" BASIS, -# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# * See the License for the specific language governing permissions and -# * limitations under the License. -# * ============LICENSE_END==================================================== -# * -# * -#------------------------------------------------------------------------------- -version: '2' -services: - aaf_container: - image: attos/aaf - ports: - - "8101:8101" - links: - - cassandra_container - volumes: - # - ./authAPI.props:/opt/app/aaf/authz-service/2.0.15/etc/authAPI.props - - ./wait_for_host_port.sh:/tmp/wait_for_host_port.sh - - ./data2:/data - # - ./runaafcli.sh:/opt/app/aaf/authz-service/2.0.15/runaafcli.sh - # - ./com.osaaf.common.props:/opt/app/aaf/authz-service/2.0.15/etc/com.osaaf.common.props - # - ./cadi-core-2.1.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-core-2.1.0.jar - # - ./cadi-aaf-2.1.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-aaf-2.1.0.jar - # - ./cadi-client-2.1.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-client-2.1.0.jar - # - ./authz-service-2.0.15.jar:/opt/app/aaf/authz-service/2.0.15/lib/authz-service-2.0.15.jar - # - ./dme2-3.1.200.jar:/opt/app/aaf/authz-service/2.0.15/lib/dme2-3.1.200.jar - entrypoint: ["bash", "-c", "/tmp/wait_for_host_port.sh cassandra_container 9042; sleep 20; /bin/sh -c ./startup.sh"] - environment: - - CASSANDRA_CLUSTER=cassandra_container - - - cassandra_container: - image: cassandra:2.1.16 - ports: - - "7000:7000" - - "7001:7001" - - "9042:9042" - - "9160:9160" - volumes: - - ./data:/data - - ./wait_for_host_port.sh:/tmp/wait_for_host_port.sh - entrypoint: ["bash", "-c", "(/tmp/wait_for_host_port.sh localhost 9042 cqlsh --file /data/init.cql -u cassandra -p cassandra localhost; cqlsh --file /data/ecomp.cql -u cassandra -p cassandra localhost) & (/docker-entrypoint.sh cassandra -f)"] diff --git a/auth/auth-service/src/main/resources/docker-compose/startupaaf.sh b/auth/auth-service/src/main/resources/docker-compose/startupaaf.sh deleted file mode 100644 index b45bba5e..00000000 --- a/auth/auth-service/src/main/resources/docker-compose/startupaaf.sh +++ /dev/null @@ -1,34 +0,0 @@ -# lji: this startup file shadows the existing extry point startup.sh file of the container -# because we need to pass in the cassandra cluster location - -LIB=/opt/app/aaf/authz-service/lib - -ETC=/opt/app/aaf/authz-service/etc -DME2REG=/opt/dme2reg - -echo "this is LIB" $LIB -echo "this is ETC" $ETC -echo "this is DME2REG" $DME2REG - -CLASSPATH=$ETC -for FILE in `find $LIB -name *.jar`; do - CLASSPATH=$CLASSPATH:$FILE -done - -FILEPATHS="/opt/app/aaf/authz-service/etc/com.osaaf.common.props /opt/app/aaf/authz-service/etc/com.osaaf.common.props" -for FILEPATH in $FILEPATHS: -do - if [ -e ${FILEPATH} ]; then - if [ -z `grep "cassandra.clusters=$CASSANDRA_CLUSTER" $FILEPATH` ]; then - echo "cassandra.clusters=$CASSANDRA_CLUSTER" >> $FILEPATH; - fi - fi -done - - -java -classpath $CLASSPATH -DDME2_EP_REGISTRY_CLASS=DME2FS -DAFT_DME2_EP_REGISTRY_FS_DIR=$DME2REG org.onap.aaf.authz.service.AuthAPI - -# keet it running so we can check fs -while sleep 2; do echo thinking; done - - diff --git a/auth/auth-service/src/main/resources/docker-compose/sysctl.conf b/auth/auth-service/src/main/resources/docker-compose/sysctl.conf deleted file mode 100644 index c36fd688..00000000 --- a/auth/auth-service/src/main/resources/docker-compose/sysctl.conf +++ /dev/null @@ -1,3 +0,0 @@ -net.ipv6.conf.all.disable_ipv6=1 -net.ipv6.conf.default.disable_ipv6=1 -net.ipv6.conf.lol.disable_ipv6=1 diff --git a/auth/auth-service/src/main/resources/docker-compose/wait_for_host_port.sh b/auth/auth-service/src/main/resources/docker-compose/wait_for_host_port.sh deleted file mode 100644 index e4e4bf9c..00000000 --- a/auth/auth-service/src/main/resources/docker-compose/wait_for_host_port.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -set -e - -host="$1" -port="$2" -shift -shift -cmd="$@" - -until echo > /dev/tcp/${host}/${port} ; do - >&2 echo "${host}:${port} is unavailable - sleeping" - sleep 1 -done - ->&2 echo "${host}:${port} is up - executing command" -exec $cmd |