summaryrefslogtreecommitdiffstats
path: root/auth
diff options
context:
space:
mode:
Diffstat (limited to 'auth')
-rw-r--r--auth/auth-batch/pom.xml2
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/PrepExtend.java2
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/NotifyApprovals.java19
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java12
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java8
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java2
-rw-r--r--auth/auth-core/src/test/java/org/onap/aaf/auth/org/test/JU_OrganizationFactory.java15
-rw-r--r--auth/auth-core/src/test/java/org/onap/aaf/auth/server/test/JU_AbsServiceStarter.java2
-rw-r--r--auth/docker/Dockerfile.base1
-rw-r--r--auth/docker/Dockerfile.client2
-rw-r--r--auth/docker/Dockerfile.config6
-rw-r--r--auth/docker/Dockerfile.core1
-rw-r--r--auth/docker/Dockerfile.ms1
-rw-r--r--auth/docker/README.txt6
-rw-r--r--auth/docker/aaf.sh5
-rwxr-xr-xauth/docker/dbuild.sh3
-rw-r--r--auth/docker/drun.sh1
-rw-r--r--auth/sample/bin/service.sh12
-rw-r--r--auth/sample/local/org.osaaf.aaf.batch.props38
19 files changed, 111 insertions, 27 deletions
diff --git a/auth/auth-batch/pom.xml b/auth/auth-batch/pom.xml
index 1994d9e8..fb32d2de 100644
--- a/auth/auth-batch/pom.xml
+++ b/auth/auth-batch/pom.xml
@@ -226,7 +226,7 @@
<classifier>tests</classifier>
<archive>
<manifest>
- <mainClass>org.onap.aaf.auth.Batch</mainClass>
+ <mainClass>org.onap.aaf.auth.batch.Batch</mainClass>
</manifest>
<manifestEntries>
<Sealed>true</Sealed>
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/PrepExtend.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/PrepExtend.java
index 3e0dd011..d0eab007 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/PrepExtend.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/PrepExtend.java
@@ -82,7 +82,7 @@ public class PrepExtend extends Batch {
Date now = gc.getTime();
int ifrom = 0;
- int ito = 0;
+ int ito = 4;
for(int i=0; i< args().length;++i) {
switch(args()[i]) {
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/NotifyApprovals.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/NotifyApprovals.java
index c88eecde..4acf269d 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/NotifyApprovals.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/NotifyApprovals.java
@@ -43,9 +43,12 @@ import org.onap.aaf.auth.dao.cass.FutureDAO;
import org.onap.aaf.auth.dao.cass.HistoryDAO;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.org.Organization;
+import org.onap.aaf.auth.org.Organization.Identity;
import org.onap.aaf.auth.org.OrganizationException;
import org.onap.aaf.auth.org.OrganizationFactory;
-import org.onap.aaf.auth.org.Organization.Identity;
+import org.onap.aaf.cadi.Access;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.config.RegistrationPropHolder;
import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.util.Chrono;
@@ -59,9 +62,11 @@ public class NotifyApprovals extends Batch {
private final PrintStream ps;
private final AuthzTrans noAvg;
- public NotifyApprovals(AuthzTrans trans) throws APIException, IOException, OrganizationException {
+ public NotifyApprovals(AuthzTrans trans) throws APIException, IOException, OrganizationException, CadiException {
super(trans.env());
-
+ Access access = trans.env().access();
+ RegistrationPropHolder rph = new RegistrationPropHolder(access, 0);
+ String guiURL = rph.replacements(access.getProperty(GUI_URL,"https://%P/gui"),"","");
noAvg = env.newTransNoAvg();
noAvg.setUser(new BatchPrincipal("batch:NotifyApprovals"));
@@ -77,13 +82,11 @@ public class NotifyApprovals extends Batch {
maxEmails = Integer.parseInt(trans.getProperty("MAX_EMAILS","3"));
}
email.subject("AAF Approval Notification (ENV: %s)",batchEnv);
- email.preamble("AAF (MOTS 22830) is the AT&T Authorization System used by many AT&T Tools and Applications." +
+ email.preamble("AAF is the ONAP Authorization System." +
"\n Your approval is required, which you may enter on the following page:"
+ "\n\n\t%s/approve\n\n"
- ,env.getProperty(GUI_URL));
- email.signature("Sincerely,\nAAF Team (Our MOTS# 22830)\n"
- + "https://wiki.web.att.com/display/aaf/Contact+Us\n"
- + "(Use 'Other Misc Requests (TOPS)')");
+ ,guiURL);
+ email.signature("Sincerely,\nAAF Team\n");
Approval.load(trans, session, Approval.v2_0_17);
Future.load(trans, session, Future.v2_0_17); // Skip the Construct Data
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java
index 33201864..40c8c2d3 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java
@@ -28,6 +28,7 @@ import java.util.Map.Entry;
import java.util.concurrent.ConcurrentHashMap;
import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.util.FQI;
import org.onap.aaf.cadi.util.Split;
import org.onap.aaf.misc.env.Env;
@@ -62,6 +63,17 @@ public class OrganizationFactory {
}
}
}
+ if(firstOrg==null) { // attempt to load DefaultOrg
+ try {
+ Class<?> cls = Class.forName("org.onap.aaf.org.DefaultOrg");
+ @SuppressWarnings("unchecked")
+ Constructor<Organization> cnst = (Constructor<Organization>)cls.getConstructor(Env.class,String.class);
+ String realm = env.getProperty(Config.AAF_DEFAULT_REALM,"people.osaaf.org");
+ defaultOrg = cnst.newInstance(env,realm);
+ } catch (ClassNotFoundException | InstantiationException | IllegalAccessException | NoSuchMethodException | SecurityException | IllegalArgumentException | InvocationTargetException e) {
+ throw new OrganizationException("At least one Organization must be defined",e);
+ }
+ }
if (defaultOrg == null) {
defaultOrg = firstOrg;
}
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java
index 8f0eb8aa..1bc367e6 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java
@@ -41,13 +41,15 @@ public abstract class AbsServiceStarter<ENV extends RosettaEnv, TRANS extends Tr
protected AbsService<ENV,TRANS> service;
- public AbsServiceStarter(final AbsService<ENV,TRANS> service) {
+ public AbsServiceStarter(final AbsService<ENV,TRANS> service, boolean noexit) {
this.service = service;
try {
OrganizationFactory.init(service.env);
} catch (OrganizationException e) {
- service.access.log(e, "Missing defined Organzation Plugins");
- System.exit(3);
+ service.access.log(e, "Missing defined Organization Plugins");
+ if(!noexit) {
+ System.exit(3);
+ }
}
// do_register - this is used for specialty Debug Situations. Developer can create an Instance for a remote system
// for Debugging purposes without fear that real clients will start to call your debug instance
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java
index 413b7919..98503d11 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java
@@ -59,7 +59,7 @@ public class JettyServiceStarter<ENV extends RosettaEnv, TRANS extends Trans> ex
private boolean secure;
public JettyServiceStarter(final AbsService<ENV,TRANS> service) throws OrganizationException {
- super(service);
+ super(service,false);
secure = true;
}
diff --git a/auth/auth-core/src/test/java/org/onap/aaf/auth/org/test/JU_OrganizationFactory.java b/auth/auth-core/src/test/java/org/onap/aaf/auth/org/test/JU_OrganizationFactory.java
index 5124a506..36d071fd 100644
--- a/auth/auth-core/src/test/java/org/onap/aaf/auth/org/test/JU_OrganizationFactory.java
+++ b/auth/auth-core/src/test/java/org/onap/aaf/auth/org/test/JU_OrganizationFactory.java
@@ -22,20 +22,22 @@
package org.onap.aaf.auth.org.test;
+import static org.mockito.Mockito.mock;
+
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
-import static org.mockito.Mockito.mock;
import org.onap.aaf.auth.env.AuthzEnv;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.org.OrganizationException;
import org.onap.aaf.auth.org.OrganizationFactory;
-import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.impl.BasicEnv;
import org.powermock.api.mockito.PowerMockito;
import org.powermock.modules.junit4.PowerMockRunner;
+import junit.framework.Assert;
+
@RunWith(PowerMockRunner.class)
public class JU_OrganizationFactory {
private static final String ORG_SLOT = null;
@@ -53,8 +55,13 @@ public class JU_OrganizationFactory {
@SuppressWarnings("static-access")
@Test
- public void testInit() throws OrganizationException {
- organizationFactory.init(bEnv);
+ public void testInit() {
+ try {
+ organizationFactory.init(bEnv);
+ Assert.fail("Expect an exception");
+ } catch (OrganizationException e) {
+ Assert.assertEquals("At least one Organization must be defined", e.getMessage());
+ }
}
@SuppressWarnings("static-access") //TODO:Fix this once real input is available AAF-111
diff --git a/auth/auth-core/src/test/java/org/onap/aaf/auth/server/test/JU_AbsServiceStarter.java b/auth/auth-core/src/test/java/org/onap/aaf/auth/server/test/JU_AbsServiceStarter.java
index 2fa9e123..04d58d6b 100644
--- a/auth/auth-core/src/test/java/org/onap/aaf/auth/server/test/JU_AbsServiceStarter.java
+++ b/auth/auth-core/src/test/java/org/onap/aaf/auth/server/test/JU_AbsServiceStarter.java
@@ -76,7 +76,7 @@ public class JU_AbsServiceStarter {
private class AbsServiceStarterStub extends AbsServiceStarter {
public AbsServiceStarterStub(AbsService service) {
- super(service);
+ super(service, true);
// TODO Auto-generated constructor stub
}
diff --git a/auth/docker/Dockerfile.base b/auth/docker/Dockerfile.base
index 623d18d4..1d74362d 100644
--- a/auth/docker/Dockerfile.base
+++ b/auth/docker/Dockerfile.base
@@ -23,4 +23,5 @@ MAINTAINER AAF Team, AT&T 2018
LABEL description="aaf_base"
RUN apk add --no-cache bash
RUN apk add --no-cache openssl
+RUN addgroup aaf && adduser aaf -G aaf -D -s /bin/bash
diff --git a/auth/docker/Dockerfile.client b/auth/docker/Dockerfile.client
index c2e1d787..f662aace 100644
--- a/auth/docker/Dockerfile.client
+++ b/auth/docker/Dockerfile.client
@@ -31,4 +31,6 @@ COPY bin/aaf-auth-cmd-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/
COPY bin/aaf-cadi-servlet-sample-*-sample.jar /opt/app/aaf_config/bin/
COPY cert/*trust*.b64 /opt/app/aaf_config/cert/
+RUN chown -R aaf:aaf /opt/app/aaf_config
+
CMD ["/bin/bash","-c","/opt/app/aaf_config/bin/agent.sh"]
diff --git a/auth/docker/Dockerfile.config b/auth/docker/Dockerfile.config
index d1b6b237..ca3df765 100644
--- a/auth/docker/Dockerfile.config
+++ b/auth/docker/Dockerfile.config
@@ -35,7 +35,9 @@ COPY logs /opt/app/aaf_config/logs
COPY bin/service.sh /opt/app/aaf_config/bin/agent.sh
COPY bin/pod_wait.sh /opt/app/aaf_config/bin/
COPY bin/aaf-auth-cmd-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/
-
+COPY bin/aaf-auth-batch-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/
+
+RUN chown -R aaf:aaf /opt/app/aaf_config && mkdir /opt/app/osaaf && chown aaf:aaf /opt/app/osaaf
+
CMD ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"]
-#CMD ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"]
CMD []
diff --git a/auth/docker/Dockerfile.core b/auth/docker/Dockerfile.core
index a15039aa..7237a00d 100644
--- a/auth/docker/Dockerfile.core
+++ b/auth/docker/Dockerfile.core
@@ -30,4 +30,5 @@ COPY lib /opt/app/aaf/lib
COPY bin /opt/app/aaf/bin
COPY theme /opt/app/aaf/theme
+RUN chown -R aaf:aaf /opt/app/aaf
diff --git a/auth/docker/Dockerfile.ms b/auth/docker/Dockerfile.ms
index 1eee1eec..222816c6 100644
--- a/auth/docker/Dockerfile.ms
+++ b/auth/docker/Dockerfile.ms
@@ -25,6 +25,7 @@ LABEL description="aaf_${AAF_COMPONENT}"
LABEL version=${AAF_VERSION}
COPY bin/pod_wait.sh /opt/app/aaf/bin/
+RUN mkdir /opt/app/osaaf && chown aaf:aaf /opt/app/osaaf && chown -R aaf:aaf /opt/app/aaf/bin
#CMD ["bash","-c","cd /opt/app/aaf;bin/${AAF_COMPONENT}"]
CMD []
diff --git a/auth/docker/README.txt b/auth/docker/README.txt
index f0d5ca57..d81fec84 100644
--- a/auth/docker/README.txt
+++ b/auth/docker/README.txt
@@ -57,3 +57,9 @@ bash drun.sh
# watch logs in Agent Window
cd ../logs
sh taillog
+
+
+#Running as ROOT
+# docker gets the non-root user in its config during kubernetes
+# install
https://git.onap.org/logging-analytics/tree/deploy/rancher/oom_rancher_setup.sh#n90

+# sudo usermod -aG docker $USERNAME
where $USERNAME can be ubuntu
diff --git a/auth/docker/aaf.sh b/auth/docker/aaf.sh
index 3ed7eafb..a039be8a 100644
--- a/auth/docker/aaf.sh
+++ b/auth/docker/aaf.sh
@@ -22,10 +22,15 @@
. ./d.props
DOCKER=${DOCKER:=docker}
+# if something, may not want CASS attached all the tim
+LINKS="--link $CASSANDRA_DOCKER"
+
function run_it() {
$DOCKER run $@ \
+ --user aaf \
-v "aaf_config:$CONF_ROOT_DIR" \
-v "aaf_status:/opt/app/aaf/status" \
+ $LINKS \
--env aaf_locator_container=docker \
--env aaf_locator_fqdn=${HOSTNAME} \
--env aaf_locate_url=https://aaf-locate:8095 \
diff --git a/auth/docker/dbuild.sh b/auth/docker/dbuild.sh
index 924feea0..fd59ed49 100755
--- a/auth/docker/dbuild.sh
+++ b/auth/docker/dbuild.sh
@@ -47,6 +47,7 @@ rm Dockerfile
# Create the AAF Config (Security) Images
cd ..
cp auth-cmd/target/aaf-auth-cmd-$VERSION-full.jar sample/bin
+cp auth-batch/target/aaf-auth-batch-$VERSION-full.jar sample/bin
cp -Rf ../conf/CA sample
@@ -70,7 +71,7 @@ $DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/$
$DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:latest
# Clean up
-rm sample/Dockerfile sample/bin/aaf-auth-cmd-${VERSION}-full.jar sample/bin/aaf-cadi-servlet-sample-${VERSION}-sample.jar
+rm sample/Dockerfile sample/bin/aaf-*-${VERSION}-full.jar sample/bin/aaf-cadi-servlet-sample-${VERSION}-sample.jar
rm -Rf sample/CA
cd -
diff --git a/auth/docker/drun.sh b/auth/docker/drun.sh
index 32660760..6fc3a9a6 100644
--- a/auth/docker/drun.sh
+++ b/auth/docker/drun.sh
@@ -94,6 +94,7 @@ for AAF_COMPONENT in ${AAF_COMPONENTS}; do
# $ADD_HOST \
$DOCKER run \
-d \
+ --user aaf \
--name aaf-$AAF_COMPONENT \
${LINKS} \
--env AAF_ENV=${AAF_ENV} \
diff --git a/auth/sample/bin/service.sh b/auth/sample/bin/service.sh
index 75d658d1..df8a744a 100644
--- a/auth/sample/bin/service.sh
+++ b/auth/sample/bin/service.sh
@@ -32,6 +32,7 @@ CONFIG=/opt/app/aaf_config
JAVA_CADI="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar org.onap.aaf.cadi.CmdLine"
JAVA_AGENT="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar -Dcadi_prop_files=$LOCAL/org.osaaf.aaf.props org.onap.aaf.cadi.configure.Agent"
JAVA_AAFCLI="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar -Dcadi_prop_files=$LOCAL/org.osaaf.aaf.props org.onap.aaf.auth.cmd.AAFcli"
+JAVA_AAFBATCH="$JAVA -Dcadi_prop_files=$LOCAL/org.osaaf.aaf.batch.props -jar $CONFIG/bin/aaf-auth-batch-*-full.jar"
# If doesn't exist... still create
mkdir -p $OSAAF
@@ -43,12 +44,13 @@ mkdir -p /opt/app/aaf/status
FILE=
# Setup Bash, first time only
-if [ ! -e "$HOME/.bash_aliases" ] || [ -z "$(grep cadi $HOME/.bash_aliases)" ]; then
- echo "alias cadi='$JAVA_CADI \$*'" >>$HOME/.bash_aliases
- echo "alias agent='$CONFIG/bin/agent.sh \$*'" >>$HOME/.bash_aliases
- echo "alias aafcli='$JAVA_AAFCLI \$*'" >>$HOME/.bash_aliases
+if [ ! -e "$HOME/.bashrc" ] || [ -z "$(grep cadi $HOME/.bashrc)" ]; then
+ echo "alias cadi='$JAVA_CADI \$*'" >>$HOME/.bashrc
+ echo "alias agent='$CONFIG/bin/agent.sh \$*'" >>$HOME/.bashrc
+ echo "alias aafcli='$JAVA_AAFCLI \$*'" >>$HOME/.bashrc
+ echo "alias batch='$JAVA_AAFBATCH \$*'" >>$HOME/.bashrc
chmod a+x $CONFIG/bin/agent.sh
- . $HOME/.bash_aliases
+ . $HOME/.bashrc
fi
# Only load Identities once
diff --git a/auth/sample/local/org.osaaf.aaf.batch.props b/auth/sample/local/org.osaaf.aaf.batch.props
new file mode 100644
index 00000000..7572af0a
--- /dev/null
+++ b/auth/sample/local/org.osaaf.aaf.batch.props
@@ -0,0 +1,38 @@
+#########
+# ============LICENSE_START====================================================
+# org.onap.aaf
+# ===========================================================================
+# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
+# ===========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END====================================================
+#
+# Container based Batch Properties
+#
+# Common Properties, including Cassandra, RootNS and GPS coords
+cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/local/org.osaaf.aaf.location.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props
+
+DRY_RUN=false
+
+LOG_DIR=/opt/app/osaaf/logs/batch
+SPECIAL_NAMES=aaf@aaf.osaaf.org
+GUI_URL=https://$PH/gui
+# MAX_EMAILS=3
+# Put any IDs that are critical to the system, and/or might in any way be removed by
+# Organization rules
+# Example: The AAF ID, any special Test IDs that aren't in the Organization
+# ID Set.
+
+ALERT_TO_ADDRESS=DL-aaf-support@att.com
+
+