diff options
Diffstat (limited to 'auth')
21 files changed, 159 insertions, 145 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java index d05f38c5..0120ba40 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java @@ -4,7 +4,7 @@ * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. * =========================================================================== - * Modifications Copyright (C) 2018 IBM. + * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -84,21 +84,16 @@ public class LastNotified { * * @param user * @param target - * @param target_key + * @param targetkey * @return */ - public Date lastNotified(String user, String target, String target_key) { - String key = user + '|' + target + '|' + target_key; + public Date lastNotified(String user, String target, String targetkey) { + String key = user + '|' + target + '|' + targetkey; return lastNotified(key); } public Date lastNotified(String key) { - Date rv = lastNotified.get(key); - if(rv==null) { - rv = never; - lastNotified.put(key, rv); - } - return rv; + return lastNotified.computeIfAbsent(key, k -> never); } private Date add(ResultSet result, Map<String, Date> lastNotified, MarkDelete md) { @@ -124,8 +119,8 @@ public class LastNotified { } private interface MarkDelete { - public boolean process(String fullKey, Date last); - }; + boolean process(String fullKey, Date last); + } private void startQuery(StringBuilder query) { query.append(SELECT + " WHERE user in ("); diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java index 5a5fada2..51bf594a 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java @@ -178,11 +178,6 @@ public class Function { */ public Result<Void> createNS(AuthzTrans trans, Namespace namespace, boolean fromApproval) { Result<?> rq; -// if (namespace.name.endsWith(Question.DOT_ADMIN) -// || namespace.name.endsWith(Question.DOT_OWNER)) { -// return Result.err(Status.ERR_BadData, -// "'admin' and 'owner' are reserved names in AAF"); -// } try { for (String u : namespace.owner) { @@ -264,9 +259,6 @@ public class Function { // or helpful for Operations folks.. // Admins can be empty, because they can be changed by lower level // NSs - // if (ns.admin(false).isEmpty()) { - // ns.admin(true).add(user); - // } if (namespace.admin != null) { for (String u : namespace.admin) { if ((r = checkValidID(trans, now, u)).notOK()) { @@ -413,10 +405,8 @@ public class Function { pdd.type = delP2; if ((rq = q.permDAO.delete(trans, pdd, false)).notOK()) { eb.log(rq); - // } else { // Need to invalidate directly, because we're // switching places in NS, not normal cache behavior - // q.permDAO.invalidate(trans,pdd); } } else { eb.log(rq); @@ -951,7 +941,7 @@ public class Function { return Result.err(rnsd); } } else { - rnsd = q.deriveNs(trans, perm.ns); + q.deriveNs(trans, perm.ns); } // Does Child exist? @@ -1365,12 +1355,10 @@ public class Function { Result<UserRoleDAO.Data> udr = q.userRoleDAO.create(trans, urData); - switch (udr.status) { - case OK: + if (udr.status == OK) { return Result.ok(); - default: - return Result.err(udr); } + return Result.err(udr); } public Result<Void> addUserRole(AuthzTrans trans, String user, String ns, String rname) { @@ -1497,7 +1485,7 @@ public class Function { // User Future ID as ticket for Approvals final UUID ticket = fr.value.id; sb.append(", Approvals: "); - Boolean first[] = new Boolean[]{true}; + Boolean[] first = new Boolean[]{true}; if (op!=FUTURE_OP.A) { for (Identity u : approvers) { Result<ApprovalDAO.Data> r = addIdentity(trans,sb,first,user,data.memo,op,u,ticket,org.getApproverType()); @@ -1597,15 +1585,13 @@ public class Function { case "denied": aDenial=true; break; + default: + break; } } Result<OP_STATUS> ros=null; if (aDenial) { - // Note: Denial will be Audit-logged. -// for (ApprovalDAO.Data ad : allApprovalsForTicket.value) { -// q.approvalDAO.delete(trans, ad, false); -// } ros = OP_STATUS.RD; if (q.futureDAO.delete(trans, curr, false).notOK()) { trans.info().printf("Future %s could not be deleted", curr.id.toString()); @@ -1699,11 +1685,8 @@ public class Function { } else if (FOP_NS.equalsIgnoreCase(curr.target)) { Namespace namespace = new Namespace(); namespace.reconstitute(curr.construct); - switch(fop) { - case C: - ros = set(OP_STATUS.RE,createNS(trans, namespace, true)); - break; - default: + if (fop == FUTURE_OP.C) { + ros = set(OP_STATUS.RE, createNS(trans, namespace, true)); } } else if (FOP_DELEGATE.equalsIgnoreCase(curr.target)) { DelegateDAO.Data data = new DelegateDAO.Data(); @@ -1720,11 +1703,8 @@ public class Function { } else if (FOP_CRED.equalsIgnoreCase(curr.target)) { CredDAO.Data data = new CredDAO.Data(); data.reconstitute(curr.construct); - switch(fop) { - case C: - ros = set(OP_STATUS.RE,q.credDAO.dao().create(trans, data)); - break; - default: + if (fop == FUTURE_OP.C) { + ros = set(OP_STATUS.RE, q.credDAO.dao().create(trans, data)); } } } catch (Exception e) { diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java index 81debc05..bd77bee6 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java @@ -73,8 +73,11 @@ public class DirectAAFLocator extends AbsAAFLocator<AuthzTrans> { } try { - RegistrationPropHolder rph = new RegistrationPropHolder(access,0); - String aaf_url = rph.replacements(getClass().getSimpleName(),"https://"+Config.AAF_LOCATE_URL_TAG+"/%CNS."+name, null,null); + String aaf_url = access.getProperty(Config.AAF_URL, null); + if(aaf_url==null) { + RegistrationPropHolder rph = new RegistrationPropHolder(access,0); + aaf_url = rph.replacements(getClass().getSimpleName(),"https://"+Config.AAF_LOCATE_URL_TAG+"/%NS."+name, null,null); + } //access.getProperty("/locate/"+name+':'+version; access.printf(Level.INIT,"Creating DirectAAFLocator to %s",aaf_url); uri = new URI(aaf_url); diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java index cc9ccf98..d41f0cf3 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java @@ -38,7 +38,6 @@ public class Cred extends Cmd { public static final String ATTEMPT_FAILED_SPECIFICS_WITHELD = "Attempt Failed. Specifics witheld."; private static final String CRED_PATH = "/authn/cred"; private static final String[] options = {"add","del","reset","extend"/*,"clean"*/}; -// private Clean clean; public Cred(User parent) { super(parent,"cred", new Param(optionsToString(options),true), @@ -46,7 +45,6 @@ public class Cred extends Cmd { new Param("password (! D|E)",false), new Param("entry# (if multi)",false) ); -// clean = new Clean(this); } @Override @@ -62,11 +60,10 @@ public class Cred extends Cmd { cr.setPassword(args[idx++]); } if (args.length>idx) - cr.setEntry(args[idx++]); + cr.setEntry(args[idx]); // Set Start/End commands setStartEnd(cr); -// final int cleanIDX = _idx+1; Integer ret = same(new Retryable<Integer>() { @Override public Integer code(Rcli<?> client) throws CadiException, APIException { @@ -82,7 +79,6 @@ public class Cred extends Cmd { verb = "Added Credential ["; break; case 1: -// if (aafcli.addForce())cr.setForce("TRUE"); setQueryParamsOn(client); fp = client.delete(CRED_PATH, getDF(CredRequest.class), @@ -106,8 +102,8 @@ public class Cred extends Cmd { ); verb = "Extended Credential ["; break; -// case 4: -// return clean.exec(cleanIDX, args); + default: + break; } if (fp==null) { return null; // get by Sonar check. diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java index 7b0c1204..80c6d825 100644 --- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java +++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java @@ -25,10 +25,6 @@ package org.onap.aaf.auth.cmd.test.perm; import static org.mockito.Matchers.any; import static org.mockito.Mockito.when; -import org.junit.Before; - -import org.onap.aaf.auth.cmd.test.HMangrStub; - import java.io.ByteArrayOutputStream; import java.io.PrintStream; import java.io.Writer; @@ -36,6 +32,7 @@ import java.net.HttpURLConnection; import java.net.URI; import java.net.URISyntaxException; +import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; @@ -44,6 +41,7 @@ import org.mockito.runners.MockitoJUnitRunner; import org.onap.aaf.auth.cmd.AAFcli; import org.onap.aaf.auth.cmd.ns.Create; import org.onap.aaf.auth.cmd.ns.NS; +import org.onap.aaf.auth.cmd.test.HMangrStub; import org.onap.aaf.auth.env.AuthzEnv; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.Locator; diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java index d8e8914e..064a8a5c 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java @@ -128,7 +128,7 @@ public class AAF_GUI extends AbsService<AuthzEnv, AuthzTrans> implements State<E deployedVersion = access.getProperty(Config.AAF_RELEASE, "N/A:2.x"); // Certificate Manager - cmCon = new AAFConHttp(env.access(),Config.CM_URL); + cmCon = new AAFConHttp(env.access(),Config.AAF_URL_CM); artifactsDF = env.newDataFactory(Artifacts.class); certInfoDF = env.newDataFactory(CertInfo.class); diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsDetail.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsDetail.java index 5d1d0219..16a6c940 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsDetail.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsDetail.java @@ -65,7 +65,7 @@ public class NsDetail extends Page { private static final String BLANK = ""; private static Slot keySlot; private static Model model; - private static String gw_url; + private static String locate_url; public NsDetail(final AAF_GUI gui, Page ... breadcrumbs) throws APIException, IOException { @@ -75,11 +75,11 @@ public class NsDetail extends Page { ); model.set(this); keySlot = gui.env.slot(NAME+".ns"); - gw_url = gui.env.getProperty(Config.GW_URL); - if (gw_url==null) { - gw_url=""; + locate_url = gui.env.getProperty(Config.AAF_LOCATE_URL); + if (locate_url==null) { + locate_url=""; } else { - gw_url+="/aaf/"+Config.AAF_DEFAULT_API_VERSION; + locate_url+="/aaf/"+Config.AAF_DEFAULT_API_VERSION; } } @@ -217,7 +217,7 @@ public class NsDetail extends Page { AbsCell label = (i==0?new TextCell(sentenceCase(field)+":","style=width:20%"):AbsCell.Null); String perm = values.get(i); String[] fields = perm.split("\\|"); - String grantLink = gw_url + String grantLink = locate_url + PermGrantForm.HREF + "?type=" + fields[0].trim() + "&instance=" + fields[1].trim() diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java index a5e12f52..26bdb695 100644 --- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java +++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java @@ -23,6 +23,7 @@ package org.onap.aaf.auth.locate; import java.net.URI; +import java.net.UnknownHostException; import java.util.Map; import javax.servlet.Filter; @@ -58,6 +59,7 @@ import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm; import org.onap.aaf.cadi.aaf.v2_0.AAFTrustChecker; import org.onap.aaf.cadi.aaf.v2_0.AbsAAFLocator; import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.config.RegistrationPropHolder; import org.onap.aaf.cadi.register.Registrant; import org.onap.aaf.misc.env.APIException; import org.onap.aaf.misc.env.Data; @@ -180,7 +182,7 @@ public class AAF_Locate extends AbsService<AuthzEnv, AuthzTrans> { protected AAFConHttp _newAAFConHttp() throws CadiException { try { if (dal==null) { - dal = AbsAAFLocator.create("%CNS.%AAF_NS.service",Config.AAF_DEFAULT_API_VERSION); + dal = AbsAAFLocator.create("%AAF_NS.service",Config.AAF_DEFAULT_API_VERSION); } // utilize pre-constructed DirectAAFLocator return new AAFConHttp(env.access(),dal); @@ -191,7 +193,14 @@ public class AAF_Locate extends AbsService<AuthzEnv, AuthzTrans> { public Locator<URI> getGUILocator() throws LocatorException { if (gui_locator==null) { - gui_locator = AbsAAFLocator.create("AAF_NS.gui",Config.AAF_DEFAULT_API_VERSION); + RegistrationPropHolder rph; + try { + rph = new RegistrationPropHolder(access, 0); + } catch (UnknownHostException | CadiException e) { + throw new LocatorException(e); + } + gui_locator = AbsAAFLocator.create(rph.getPublicEntryName("gui", rph.default_container), + Config.AAF_DEFAULT_API_VERSION); } return gui_locator; } diff --git a/auth/docker/.gitignore b/auth/docker/.gitignore index 30b97d74..fb1f79ea 100644 --- a/auth/docker/.gitignore +++ b/auth/docker/.gitignore @@ -12,3 +12,4 @@ /*.jar /*.jks /sdnc +/working diff --git a/auth/helm/aaf-hello/templates/aaf-hello.yaml b/auth/helm/aaf-hello/templates/aaf-hello.yaml index 787f32d5..e19b5997 100644 --- a/auth/helm/aaf-hello/templates/aaf-hello.yaml +++ b/auth/helm/aaf-hello/templates/aaf-hello.yaml @@ -63,38 +63,37 @@ spec: name: aaf-hello-vol command: ["bash","-c","cd /opt/app/osaaf/local && /opt/app/aaf_config/bin/agent.sh place aaf@aaf.osaaf.org aaf-hello "] env: - - name: "AAF_ENV" + - name: aaf_env value: "{{ .Values.cadi.aaf_env }}" - - name: "AAF_FQDN" - value: "aaf-locate.{{ .Release.Namespace }}" + - name: cadi_latitude + value: "{{ .Values.cadi.cadi_latitude }}" + - name: cadi_longitude + value: "{{ .Values.cadi.cadi_longitude }}" + - name: aaf_locator_container + value: "helm" + - name: aaf_locator_container_ns + value: "{{ .Release.Namespace }}" + - name: aaf_locate_url + value: "https://aaf-locate.{{ .Release.Namespace }}:8095" + - name: aaf_locator_app_ns + value: "org.osaaf.aaf" - name: "APP_FQDN" value: "{{ .Values.cadi.fqdn }}" - name: "APP_FQI" value: "{{ .Values.cadi.fqi }}" - - name: "LATITUDE" - value: "{{ .Values.cadi.cadi_latitude }}" - - name: "LONGITUDE" - value: "{{ .Values.cadi.cadi_longitude }}" - name: "DEPLOY_FQI" value: "deployer@people.osaaf.org" - name: "DEPLOY_PASSWORD" value: "demo123456!" - - name: "aaf_locator_container" - value: "helm" - - name: "aaf_locator_port" - value: "{{ .Values.cadi.port }}" - - name: "aaf_locator_fqdn.helm" - value: "{{ .Values.cadi.fqdn }}.{{.Release.Namespace}}" - - name: "aaf_locator_public_hostname" - value: "{{ .Values.cadi.public_fqdn }}" - - name: "aaf_locator_public_port" - value: "{{ .Values.cadi.public_port }}" - - name: "aaf_locator_container_ns" - value: "{{ .Release.Namespace }}" - - name: "aaf_locator_name" - value: "{{.Values.cadi.app_ns}}.hello" - - name: "aaf_locator_name.helm" - value: "{{ .Release.Namespace}}.{{.Values.cadi.app_ns}}.hello" +# Hello specific. Clients don't necessarily need this + - name: aaf_locator_public_fqdn + value: "{{.Values.cadi.public_fqdn}}" + - name: aaf_locator_name + value: "{{.Values.cadi.aaf_locator_name}}" + - name: aaf_locator_name_helm + value: "{{.Values.cadi.aaf_locator_name_helm}}" + - name: aaf_locator_fqdn_helm + value: "%N.%CNS" ### ### AAF-HELLO diff --git a/auth/helm/aaf-hello/values.yaml b/auth/helm/aaf-hello/values.yaml index a4fd23c4..a695a456 100644 --- a/auth/helm/aaf-hello/values.yaml +++ b/auth/helm/aaf-hello/values.yaml @@ -33,11 +33,17 @@ cadi: fqdn: "aaf-hello" port: 8130 public_fqdn: "aaf.osaaf.org" +# DUBLIN ONLY - for M4 compatibility with Casablanca + aaf_locator_name: "public.%NS.%N" + aaf_locator_name_helm: "%NS.%N" +# EL ALTO and Beyond +# aaf_locator_name: "%NS.%N" +# aaf_locator_name_helm: "%CNS.%NS.%N" public_port: 30086 fqi: "aaf@aaf.osaaf.org" app_ns: "org.osaaf.aaf" - cadi_latitude: "38.0" - cadi_longitude: "-72.0" + cadi_latitude: 38.0 + cadi_longitude: -72.0 aaf_env: "DEV" persistence: {} diff --git a/auth/helm/aaf/templates/aaf-cm.yaml b/auth/helm/aaf/templates/aaf-cm.yaml index b64a968e..51b0043d 100644 --- a/auth/helm/aaf/templates/aaf-cm.yaml +++ b/auth/helm/aaf/templates/aaf-cm.yaml @@ -83,6 +83,10 @@ spec: value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}" - name: aaf_locator_public_fqdn value: "{{.Values.services.public_fqdn}}" + - name: aaf_locator_name + value: "{{.Values.services.aaf_locator_name}}" + - name: aaf_locator_name_helm + value: "{{.Values.services.aaf_locator_name_helm}}" - name: CASSANDRA_CLUSTER value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}" # - name: CASSANDRA_USER diff --git a/auth/helm/aaf/templates/aaf-fs.yaml b/auth/helm/aaf/templates/aaf-fs.yaml index 5adc1d62..f0c6e8e5 100644 --- a/auth/helm/aaf/templates/aaf-fs.yaml +++ b/auth/helm/aaf/templates/aaf-fs.yaml @@ -117,4 +117,8 @@ spec: value: "https://aaf-locate.onap:8095" - name: aaf_locator_public_fqdn value: "{{.Values.services.public_fqdn}}" + - name: aaf_locator_name + value: "{{.Values.services.aaf_locator_name}}" + - name: aaf_locator_name_helm + value: "{{.Values.services.aaf_locator_name_helm}}" diff --git a/auth/helm/aaf/templates/aaf-gui.yaml b/auth/helm/aaf/templates/aaf-gui.yaml index 758b6b27..a977a9b3 100644 --- a/auth/helm/aaf/templates/aaf-gui.yaml +++ b/auth/helm/aaf/templates/aaf-gui.yaml @@ -84,6 +84,10 @@ spec: value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}" - name: aaf_locator_public_fqdn value: "{{.Values.services.public_fqdn}}" + - name: aaf_locator_name + value: "{{.Values.services.aaf_locator_name}}" + - name: aaf_locator_name_helm + value: "{{.Values.services.aaf_locator_name_helm}}" - name: CASSANDRA_CLUSTER value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}" # - name: CASSANDRA_USER diff --git a/auth/helm/aaf/templates/aaf-locate.yaml b/auth/helm/aaf/templates/aaf-locate.yaml index a6a2e258..1f9bdc40 100644 --- a/auth/helm/aaf/templates/aaf-locate.yaml +++ b/auth/helm/aaf/templates/aaf-locate.yaml @@ -83,6 +83,10 @@ spec: value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}" - name: aaf_locator_public_fqdn value: "{{.Values.services.public_fqdn}}" + - name: aaf_locator_name + value: "{{.Values.services.aaf_locator_name}}" + - name: aaf_locator_name_helm + value: "{{.Values.services.aaf_locator_name_helm}}" - name: CASSANDRA_CLUSTER value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}" # - name: CASSANDRA_USER diff --git a/auth/helm/aaf/templates/aaf-oauth.yaml b/auth/helm/aaf/templates/aaf-oauth.yaml index 2e2acb4b..ff9a18dd 100644 --- a/auth/helm/aaf/templates/aaf-oauth.yaml +++ b/auth/helm/aaf/templates/aaf-oauth.yaml @@ -83,6 +83,10 @@ spec: value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}" - name: aaf_locator_public_fqdn value: "{{.Values.services.public_fqdn}}" + - name: aaf_locator_name + value: "{{.Values.services.aaf_locator_name}}" + - name: aaf_locator_name_helm + value: "{{.Values.services.aaf_locator_name_helm}}" - name: CASSANDRA_CLUSTER value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}" # - name: CASSANDRA_USER diff --git a/auth/helm/aaf/templates/aaf-service.yaml b/auth/helm/aaf/templates/aaf-service.yaml index a0935a65..be6e1c8b 100644 --- a/auth/helm/aaf/templates/aaf-service.yaml +++ b/auth/helm/aaf/templates/aaf-service.yaml @@ -66,22 +66,24 @@ spec: - mountPath: "/opt/app/osaaf" name: aaf-config-vol env: - - name: AAF_ENV + - name: aaf_env value: "{{ .Values.services.aaf_env }}" - - name: LATITUDE + - name: cadi_latitude value: "{{ .Values.services.cadi_latitude }}" - - name: LONGITUDE + - name: cadi_longitude value: "{{ .Values.services.cadi_longitude }}" - name: aaf_locator_container value: "helm" - name: aaf_locator_container_ns - valueFrom: - fieldRef: - fieldPath: metadata.namespace + value: "{{ .Release.Namespace }}" - name: aaf_locate_url value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}" - name: aaf_locator_public_fqdn value: "{{.Values.services.public_fqdn}}" + - name: aaf_locator_name + value: "{{.Values.services.aaf_locator_name}}" + - name: aaf_locator_name_helm + value: "{{.Values.services.aaf_locator_name_helm}}" - name: CASSANDRA_CLUSTER value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}" # - name: CASSANDRA_USER diff --git a/auth/helm/aaf/values.yaml b/auth/helm/aaf/values.yaml index 226f030c..c38bbdb5 100644 --- a/auth/helm/aaf/values.yaml +++ b/auth/helm/aaf/values.yaml @@ -30,6 +30,12 @@ services: ns: "onap" aaf_env: "DEV" public_fqdn: "aaf.osaaf.org" +# DUBLIN ONLY - for M4 compatibility with Casablanca + aaf_locator_name: "public.%NS.%N" + aaf_locator_name_helm: "%NS.%N" +# EL ALTO and Beyond +# aaf_locator_name: "%NS.%N" +# aaf_locator_name_helm: "%CNS.%NS.%N" cadi_latitude: "38.0" cadi_longitude: "-72.0" cass: diff --git a/auth/sample/bin/client.sh b/auth/sample/bin/client.sh index dde10720..0dff8037 100755 --- a/auth/sample/bin/client.sh +++ b/auth/sample/bin/client.sh @@ -76,41 +76,45 @@ function sso_encrypt() { $JAVA_CADI digest ${1} $DOT_AAF/keyfile } +if [ ! -e "$DOT_AAF/truststoreONAPall.jks" ]; then + mkdir -p $DOT_AAF + base64 -d $CONFIG/cert/truststoreONAPall.jks.b64 > $DOT_AAF/truststoreONAPall.jks +fi # Create Deployer Info, located at /root/.aaf if [ ! -e "$DOT_AAF/keyfile" ]; then - mkdir -p $DOT_AAF $JAVA_CADI keygen $DOT_AAF/keyfile chmod 400 $DOT_AAF/keyfile - echo cadi_latitude=${LATITUDE} > ${SSO} - echo cadi_longitude=${LONGITUDE} >> ${SSO} - echo aaf_id=${DEPLOY_FQI} >> ${SSO} + + # Add Deployer Creds to Root's SSO + DEPLOY_FQI="${DEPLOY_FQI:=$app_id}" + echo "aaf_id=${DEPLOY_FQI}" > ${SSO} if [ ! "${DEPLOY_PASSWORD}" = "" ]; then echo aaf_password=enc:$(sso_encrypt ${DEPLOY_PASSWORD}) >> ${SSO} fi - if [ ! -z "${aaf_locator_container}" ]; then - echo "aaf_locator_container=${aaf_locator_container}" >> ${SSO} - fi - if [ -z "${aaf_locator_container_ns}" ]; then - if [ !-z "${CONTAINER_NS}" ]; then - echo "aaf_locator_container_ns=${CONTAINER_NS}" >> ${SSO} - fi - else - echo "aaf_locator_container_ns=${aaf_locator_container_ns}" >> ${SSO} - fi - if [ ! -z "${AAF_ENV}" ]; then - echo "aaf_env=${AAF_ENV}" >> ${SSO} - fi - echo aaf_locate_url=https://${AAF_FQDN}:8095 >> ${SSO} - echo aaf_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:${AAF_INTERFACE_VERSION} >> ${SSO} + # Cover case where using app.props + aaf_locater_container_ns=${aaf_locator_container_ns:=$CONTAINER_NS} + + for E in $(env); do + if [ "${E:0:4}" = "aaf_" ] || [ "${E:0:5}" = "cadi_" ]; then + # Use Deployer ID in ${SSO} + if [ "app_id" != "${E%=*}" ]; then + S="${E/_helm/.helm}" + S="${S/_oom/.oom}" + echo "$S" >> ${SSO} + fi + fi + done - base64 -d $CONFIG/cert/truststoreONAPall.jks.b64 > $DOT_AAF/truststoreONAPall.jks echo "cadi_truststore=$DOT_AAF/truststoreONAPall.jks" >> ${SSO} echo cadi_truststore_password=enc:$(sso_encrypt changeit) >> ${SSO} echo "Caller Properties Initialized" INITIALIZED="true" fi +echo "cat SSO" +cat ${SSO} +echo "dog" # Only initialize once, automatically... if [ ! -e $LOCAL/${NS}.props ]; then @@ -133,28 +137,22 @@ if [ ! -e $LOCAL/${NS}.props ]; then echo "java -cp $(ls aaf-auth-cmd-*-full.jar) org.onap.aaf.cadi.aaf.TestConnectivity $NS.props" >> testConnectivity chmod ug+x agent cadi testConnectivity fi + echo "#### Create Configuration files " $JAVA_AGENT config $APP_FQI \ - aaf_url=https://AAF_LOCATE_URL/AAF_NS.locate:${AAF_INTERFACE_VERSION} \ - cadi_etc_dir=$LOCAL -# Grab all properties passed in that start with "aaf_" or "cadi_" - for E in $(env); do - if [[ $E == aaf_* ]] || [[ $E == cadi_* ]]; then - if [ -z "$(grep $E $LOCAL/$NS.props)" ]; then - echo "${E}" >> $LOCAL/$NS.props - fi - fi - done + cadi_etc_dir=$LOCAL \ + cadi_prop_files=$SSO + #aaf_url=https://AAF_LOCATE_URL/AAF_NS.locate:${AAF_INTERFACE_VERSION} cat $LOCAL/$NS.props echo echo "#### Certificate Authorization Artifact" - TMP=$(mktemp) + # TMP=$(mktemp) + TMP=$LOCAL/agent.log $JAVA_AGENT read ${APP_FQI} ${APP_FQDN} \ cadi_prop_files=${SSO} \ - cadi_etc_dir=$LOCAL > $TMP - cat $TMP - echo + cadi_etc_dir=$LOCAL | tee $TMP + if [ -n "$(grep 'Namespace:' $TMP)" ]; then echo "#### Place Certificates (by deployer)" $JAVA_AGENT place ${APP_FQI} ${APP_FQDN} \ diff --git a/auth/sample/bin/service.sh b/auth/sample/bin/service.sh index 2b964b1c..54a1cc58 100644 --- a/auth/sample/bin/service.sh +++ b/auth/sample/bin/service.sh @@ -135,7 +135,9 @@ if [ ! -e $LOCAL/org.osaaf.aaf.props ]; then echo aaf_locate_url=${AAF_LOCATE_URL} >> ${TMP} for P in `env`; do if [[ "$P" == aaf_locator* ]]; then - echo "$P" >> ${TMP} + S="${P/_helm/.helm}" + S="${S/_oom/.oom}" + echo "$S" >> ${TMP} fi done diff --git a/auth/sample/local/initialConfig.props b/auth/sample/local/initialConfig.props index 6ea1d537..8b01d951 100644 --- a/auth/sample/local/initialConfig.props +++ b/auth/sample/local/initialConfig.props @@ -17,8 +17,6 @@ # limitations under the License.
# ============LICENSE_END====================================================
#
-cadi_protocols=TLSv1.1,TLSv1.2
-
################################
# Locator info
#
@@ -31,20 +29,21 @@ cadi_protocols=TLSv1.1,TLSv1.2 aaf_locator_app_ns=%AAF_NS
aaf_locator_name=%NS.%N
aaf_locator_name.docker=%CNS.%NS.%N
-aaf_locator_name.helm=%CNS.%NS.%N
-aaf_locator_name.oom=%CNS%.%NS.%N
+aaf_root_ns=org.osaaf.aaf
+
+# Dublin
+aaf_locator_name.oom=%NS.%N
+aaf_locator_name.helm=%NS.%N
+aaf_locator_public_name.oom=public.%NS.%N
+aaf_locator_public_name.helm=public.%NS.%N
+
+# EL Alto and beyond
+# aaf_locator_name.oom=%CNS.%NS.%N
+# aaf_locator_name.helm=%CNS.%NS.%N
+
aaf_locator_fqdn.docker=aaf-%N
aaf_locator_fqdn.helm=aaf-%N.%CNS
aaf_locator_fqdn.oom=aaf-%N.%CNS
-################################
-# AAF URLs
-################################
-aaf_locate_url=https://localhost:8095
-aaf_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:2.1
-aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.oauth:2.1/introspect
-aaf_oauth2_token_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.oauth:2.1/token
-cm_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1
-gui_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui.2.1
-fs_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs.2.1
-
+# initial trusted CAs
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
|