diff options
Diffstat (limited to 'auth')
19 files changed, 111 insertions, 27 deletions
diff --git a/auth/auth-batch/pom.xml b/auth/auth-batch/pom.xml index 1994d9e8..fb32d2de 100644 --- a/auth/auth-batch/pom.xml +++ b/auth/auth-batch/pom.xml @@ -226,7 +226,7 @@ <classifier>tests</classifier> <archive> <manifest> - <mainClass>org.onap.aaf.auth.Batch</mainClass> + <mainClass>org.onap.aaf.auth.batch.Batch</mainClass> </manifest> <manifestEntries> <Sealed>true</Sealed> diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/PrepExtend.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/PrepExtend.java index 3e0dd011..d0eab007 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/PrepExtend.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/PrepExtend.java @@ -82,7 +82,7 @@ public class PrepExtend extends Batch { Date now = gc.getTime(); int ifrom = 0; - int ito = 0; + int ito = 4; for(int i=0; i< args().length;++i) { switch(args()[i]) { diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/NotifyApprovals.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/NotifyApprovals.java index c88eecde..4acf269d 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/NotifyApprovals.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/NotifyApprovals.java @@ -43,9 +43,12 @@ import org.onap.aaf.auth.dao.cass.FutureDAO; import org.onap.aaf.auth.dao.cass.HistoryDAO; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.org.Organization; +import org.onap.aaf.auth.org.Organization.Identity; import org.onap.aaf.auth.org.OrganizationException; import org.onap.aaf.auth.org.OrganizationFactory; -import org.onap.aaf.auth.org.Organization.Identity; +import org.onap.aaf.cadi.Access; +import org.onap.aaf.cadi.CadiException; +import org.onap.aaf.cadi.config.RegistrationPropHolder; import org.onap.aaf.misc.env.APIException; import org.onap.aaf.misc.env.util.Chrono; @@ -59,9 +62,11 @@ public class NotifyApprovals extends Batch { private final PrintStream ps; private final AuthzTrans noAvg; - public NotifyApprovals(AuthzTrans trans) throws APIException, IOException, OrganizationException { + public NotifyApprovals(AuthzTrans trans) throws APIException, IOException, OrganizationException, CadiException { super(trans.env()); - + Access access = trans.env().access(); + RegistrationPropHolder rph = new RegistrationPropHolder(access, 0); + String guiURL = rph.replacements(access.getProperty(GUI_URL,"https://%P/gui"),"",""); noAvg = env.newTransNoAvg(); noAvg.setUser(new BatchPrincipal("batch:NotifyApprovals")); @@ -77,13 +82,11 @@ public class NotifyApprovals extends Batch { maxEmails = Integer.parseInt(trans.getProperty("MAX_EMAILS","3")); } email.subject("AAF Approval Notification (ENV: %s)",batchEnv); - email.preamble("AAF (MOTS 22830) is the AT&T Authorization System used by many AT&T Tools and Applications." + + email.preamble("AAF is the ONAP Authorization System." + "\n Your approval is required, which you may enter on the following page:" + "\n\n\t%s/approve\n\n" - ,env.getProperty(GUI_URL)); - email.signature("Sincerely,\nAAF Team (Our MOTS# 22830)\n" - + "https://wiki.web.att.com/display/aaf/Contact+Us\n" - + "(Use 'Other Misc Requests (TOPS)')"); + ,guiURL); + email.signature("Sincerely,\nAAF Team\n"); Approval.load(trans, session, Approval.v2_0_17); Future.load(trans, session, Future.v2_0_17); // Skip the Construct Data diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java index 33201864..40c8c2d3 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java @@ -28,6 +28,7 @@ import java.util.Map.Entry; import java.util.concurrent.ConcurrentHashMap; import org.onap.aaf.auth.env.AuthzTrans; +import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.util.FQI; import org.onap.aaf.cadi.util.Split; import org.onap.aaf.misc.env.Env; @@ -62,6 +63,17 @@ public class OrganizationFactory { } } } + if(firstOrg==null) { // attempt to load DefaultOrg + try { + Class<?> cls = Class.forName("org.onap.aaf.org.DefaultOrg"); + @SuppressWarnings("unchecked") + Constructor<Organization> cnst = (Constructor<Organization>)cls.getConstructor(Env.class,String.class); + String realm = env.getProperty(Config.AAF_DEFAULT_REALM,"people.osaaf.org"); + defaultOrg = cnst.newInstance(env,realm); + } catch (ClassNotFoundException | InstantiationException | IllegalAccessException | NoSuchMethodException | SecurityException | IllegalArgumentException | InvocationTargetException e) { + throw new OrganizationException("At least one Organization must be defined",e); + } + } if (defaultOrg == null) { defaultOrg = firstOrg; } diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java index 8f0eb8aa..1bc367e6 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java @@ -41,13 +41,15 @@ public abstract class AbsServiceStarter<ENV extends RosettaEnv, TRANS extends Tr protected AbsService<ENV,TRANS> service; - public AbsServiceStarter(final AbsService<ENV,TRANS> service) { + public AbsServiceStarter(final AbsService<ENV,TRANS> service, boolean noexit) { this.service = service; try { OrganizationFactory.init(service.env); } catch (OrganizationException e) { - service.access.log(e, "Missing defined Organzation Plugins"); - System.exit(3); + service.access.log(e, "Missing defined Organization Plugins"); + if(!noexit) { + System.exit(3); + } } // do_register - this is used for specialty Debug Situations. Developer can create an Instance for a remote system // for Debugging purposes without fear that real clients will start to call your debug instance diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java index 413b7919..98503d11 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java @@ -59,7 +59,7 @@ public class JettyServiceStarter<ENV extends RosettaEnv, TRANS extends Trans> ex private boolean secure; public JettyServiceStarter(final AbsService<ENV,TRANS> service) throws OrganizationException { - super(service); + super(service,false); secure = true; } diff --git a/auth/auth-core/src/test/java/org/onap/aaf/auth/org/test/JU_OrganizationFactory.java b/auth/auth-core/src/test/java/org/onap/aaf/auth/org/test/JU_OrganizationFactory.java index 5124a506..36d071fd 100644 --- a/auth/auth-core/src/test/java/org/onap/aaf/auth/org/test/JU_OrganizationFactory.java +++ b/auth/auth-core/src/test/java/org/onap/aaf/auth/org/test/JU_OrganizationFactory.java @@ -22,20 +22,22 @@ package org.onap.aaf.auth.org.test; +import static org.mockito.Mockito.mock; + import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; -import static org.mockito.Mockito.mock; import org.onap.aaf.auth.env.AuthzEnv; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.org.OrganizationException; import org.onap.aaf.auth.org.OrganizationFactory; -import org.onap.aaf.misc.env.APIException; import org.onap.aaf.misc.env.impl.BasicEnv; import org.powermock.api.mockito.PowerMockito; import org.powermock.modules.junit4.PowerMockRunner; +import junit.framework.Assert; + @RunWith(PowerMockRunner.class) public class JU_OrganizationFactory { private static final String ORG_SLOT = null; @@ -53,8 +55,13 @@ public class JU_OrganizationFactory { @SuppressWarnings("static-access") @Test - public void testInit() throws OrganizationException { - organizationFactory.init(bEnv); + public void testInit() { + try { + organizationFactory.init(bEnv); + Assert.fail("Expect an exception"); + } catch (OrganizationException e) { + Assert.assertEquals("At least one Organization must be defined", e.getMessage()); + } } @SuppressWarnings("static-access") //TODO:Fix this once real input is available AAF-111 diff --git a/auth/auth-core/src/test/java/org/onap/aaf/auth/server/test/JU_AbsServiceStarter.java b/auth/auth-core/src/test/java/org/onap/aaf/auth/server/test/JU_AbsServiceStarter.java index 2fa9e123..04d58d6b 100644 --- a/auth/auth-core/src/test/java/org/onap/aaf/auth/server/test/JU_AbsServiceStarter.java +++ b/auth/auth-core/src/test/java/org/onap/aaf/auth/server/test/JU_AbsServiceStarter.java @@ -76,7 +76,7 @@ public class JU_AbsServiceStarter { private class AbsServiceStarterStub extends AbsServiceStarter { public AbsServiceStarterStub(AbsService service) { - super(service); + super(service, true); // TODO Auto-generated constructor stub } diff --git a/auth/docker/Dockerfile.base b/auth/docker/Dockerfile.base index 623d18d4..1d74362d 100644 --- a/auth/docker/Dockerfile.base +++ b/auth/docker/Dockerfile.base @@ -23,4 +23,5 @@ MAINTAINER AAF Team, AT&T 2018 LABEL description="aaf_base" RUN apk add --no-cache bash RUN apk add --no-cache openssl +RUN addgroup aaf && adduser aaf -G aaf -D -s /bin/bash diff --git a/auth/docker/Dockerfile.client b/auth/docker/Dockerfile.client index c2e1d787..f662aace 100644 --- a/auth/docker/Dockerfile.client +++ b/auth/docker/Dockerfile.client @@ -31,4 +31,6 @@ COPY bin/aaf-auth-cmd-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/ COPY bin/aaf-cadi-servlet-sample-*-sample.jar /opt/app/aaf_config/bin/ COPY cert/*trust*.b64 /opt/app/aaf_config/cert/ +RUN chown -R aaf:aaf /opt/app/aaf_config + CMD ["/bin/bash","-c","/opt/app/aaf_config/bin/agent.sh"] diff --git a/auth/docker/Dockerfile.config b/auth/docker/Dockerfile.config index d1b6b237..ca3df765 100644 --- a/auth/docker/Dockerfile.config +++ b/auth/docker/Dockerfile.config @@ -35,7 +35,9 @@ COPY logs /opt/app/aaf_config/logs COPY bin/service.sh /opt/app/aaf_config/bin/agent.sh COPY bin/pod_wait.sh /opt/app/aaf_config/bin/ COPY bin/aaf-auth-cmd-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/ - +COPY bin/aaf-auth-batch-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/ + +RUN chown -R aaf:aaf /opt/app/aaf_config && mkdir /opt/app/osaaf && chown aaf:aaf /opt/app/osaaf + CMD ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"] -#CMD ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"] CMD [] diff --git a/auth/docker/Dockerfile.core b/auth/docker/Dockerfile.core index a15039aa..7237a00d 100644 --- a/auth/docker/Dockerfile.core +++ b/auth/docker/Dockerfile.core @@ -30,4 +30,5 @@ COPY lib /opt/app/aaf/lib COPY bin /opt/app/aaf/bin COPY theme /opt/app/aaf/theme +RUN chown -R aaf:aaf /opt/app/aaf diff --git a/auth/docker/Dockerfile.ms b/auth/docker/Dockerfile.ms index 1eee1eec..222816c6 100644 --- a/auth/docker/Dockerfile.ms +++ b/auth/docker/Dockerfile.ms @@ -25,6 +25,7 @@ LABEL description="aaf_${AAF_COMPONENT}" LABEL version=${AAF_VERSION} COPY bin/pod_wait.sh /opt/app/aaf/bin/ +RUN mkdir /opt/app/osaaf && chown aaf:aaf /opt/app/osaaf && chown -R aaf:aaf /opt/app/aaf/bin #CMD ["bash","-c","cd /opt/app/aaf;bin/${AAF_COMPONENT}"] CMD [] diff --git a/auth/docker/README.txt b/auth/docker/README.txt index f0d5ca57..d81fec84 100644 --- a/auth/docker/README.txt +++ b/auth/docker/README.txt @@ -57,3 +57,9 @@ bash drun.sh # watch logs in Agent Window cd ../logs sh taillog + + +#Running as ROOT +# docker gets the non-root user in its config during kubernetes +# install
https://git.onap.org/logging-analytics/tree/deploy/rancher/oom_rancher_setup.sh#n90
+# sudo usermod -aG docker $USERNAME
where $USERNAME can be ubuntu diff --git a/auth/docker/aaf.sh b/auth/docker/aaf.sh index 3ed7eafb..a039be8a 100644 --- a/auth/docker/aaf.sh +++ b/auth/docker/aaf.sh @@ -22,10 +22,15 @@ . ./d.props DOCKER=${DOCKER:=docker} +# if something, may not want CASS attached all the tim +LINKS="--link $CASSANDRA_DOCKER" + function run_it() { $DOCKER run $@ \ + --user aaf \ -v "aaf_config:$CONF_ROOT_DIR" \ -v "aaf_status:/opt/app/aaf/status" \ + $LINKS \ --env aaf_locator_container=docker \ --env aaf_locator_fqdn=${HOSTNAME} \ --env aaf_locate_url=https://aaf-locate:8095 \ diff --git a/auth/docker/dbuild.sh b/auth/docker/dbuild.sh index 924feea0..fd59ed49 100755 --- a/auth/docker/dbuild.sh +++ b/auth/docker/dbuild.sh @@ -47,6 +47,7 @@ rm Dockerfile # Create the AAF Config (Security) Images cd .. cp auth-cmd/target/aaf-auth-cmd-$VERSION-full.jar sample/bin +cp auth-batch/target/aaf-auth-batch-$VERSION-full.jar sample/bin cp -Rf ../conf/CA sample @@ -70,7 +71,7 @@ $DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/$ $DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:latest # Clean up -rm sample/Dockerfile sample/bin/aaf-auth-cmd-${VERSION}-full.jar sample/bin/aaf-cadi-servlet-sample-${VERSION}-sample.jar +rm sample/Dockerfile sample/bin/aaf-*-${VERSION}-full.jar sample/bin/aaf-cadi-servlet-sample-${VERSION}-sample.jar rm -Rf sample/CA cd - diff --git a/auth/docker/drun.sh b/auth/docker/drun.sh index 32660760..6fc3a9a6 100644 --- a/auth/docker/drun.sh +++ b/auth/docker/drun.sh @@ -94,6 +94,7 @@ for AAF_COMPONENT in ${AAF_COMPONENTS}; do # $ADD_HOST \ $DOCKER run \ -d \ + --user aaf \ --name aaf-$AAF_COMPONENT \ ${LINKS} \ --env AAF_ENV=${AAF_ENV} \ diff --git a/auth/sample/bin/service.sh b/auth/sample/bin/service.sh index 75d658d1..df8a744a 100644 --- a/auth/sample/bin/service.sh +++ b/auth/sample/bin/service.sh @@ -32,6 +32,7 @@ CONFIG=/opt/app/aaf_config JAVA_CADI="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar org.onap.aaf.cadi.CmdLine" JAVA_AGENT="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar -Dcadi_prop_files=$LOCAL/org.osaaf.aaf.props org.onap.aaf.cadi.configure.Agent" JAVA_AAFCLI="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar -Dcadi_prop_files=$LOCAL/org.osaaf.aaf.props org.onap.aaf.auth.cmd.AAFcli" +JAVA_AAFBATCH="$JAVA -Dcadi_prop_files=$LOCAL/org.osaaf.aaf.batch.props -jar $CONFIG/bin/aaf-auth-batch-*-full.jar" # If doesn't exist... still create mkdir -p $OSAAF @@ -43,12 +44,13 @@ mkdir -p /opt/app/aaf/status FILE= # Setup Bash, first time only -if [ ! -e "$HOME/.bash_aliases" ] || [ -z "$(grep cadi $HOME/.bash_aliases)" ]; then - echo "alias cadi='$JAVA_CADI \$*'" >>$HOME/.bash_aliases - echo "alias agent='$CONFIG/bin/agent.sh \$*'" >>$HOME/.bash_aliases - echo "alias aafcli='$JAVA_AAFCLI \$*'" >>$HOME/.bash_aliases +if [ ! -e "$HOME/.bashrc" ] || [ -z "$(grep cadi $HOME/.bashrc)" ]; then + echo "alias cadi='$JAVA_CADI \$*'" >>$HOME/.bashrc + echo "alias agent='$CONFIG/bin/agent.sh \$*'" >>$HOME/.bashrc + echo "alias aafcli='$JAVA_AAFCLI \$*'" >>$HOME/.bashrc + echo "alias batch='$JAVA_AAFBATCH \$*'" >>$HOME/.bashrc chmod a+x $CONFIG/bin/agent.sh - . $HOME/.bash_aliases + . $HOME/.bashrc fi # Only load Identities once diff --git a/auth/sample/local/org.osaaf.aaf.batch.props b/auth/sample/local/org.osaaf.aaf.batch.props new file mode 100644 index 00000000..7572af0a --- /dev/null +++ b/auth/sample/local/org.osaaf.aaf.batch.props @@ -0,0 +1,38 @@ +######### +# ============LICENSE_START==================================================== +# org.onap.aaf +# =========================================================================== +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# =========================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END==================================================== +# +# Container based Batch Properties +# +# Common Properties, including Cassandra, RootNS and GPS coords +cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/local/org.osaaf.aaf.location.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props + +DRY_RUN=false + +LOG_DIR=/opt/app/osaaf/logs/batch +SPECIAL_NAMES=aaf@aaf.osaaf.org +GUI_URL=https://$PH/gui +# MAX_EMAILS=3 +# Put any IDs that are critical to the system, and/or might in any way be removed by +# Organization rules +# Example: The AAF ID, any special Test IDs that aren't in the Organization +# ID Set. + +ALERT_TO_ADDRESS=DL-aaf-support@att.com + + |