summaryrefslogtreecommitdiffstats
path: root/auth
diff options
context:
space:
mode:
Diffstat (limited to 'auth')
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java19
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java40
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java7
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java10
-rw-r--r--auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java6
-rw-r--r--auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java2
-rw-r--r--auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsDetail.java12
-rw-r--r--auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java13
-rw-r--r--auth/docker/.gitignore1
-rw-r--r--auth/helm/aaf-hello/templates/aaf-hello.yaml45
-rw-r--r--auth/helm/aaf-hello/values.yaml10
-rw-r--r--auth/helm/aaf/templates/aaf-cm.yaml4
-rw-r--r--auth/helm/aaf/templates/aaf-fs.yaml4
-rw-r--r--auth/helm/aaf/templates/aaf-gui.yaml4
-rw-r--r--auth/helm/aaf/templates/aaf-locate.yaml4
-rw-r--r--auth/helm/aaf/templates/aaf-oauth.yaml4
-rw-r--r--auth/helm/aaf/templates/aaf-service.yaml14
-rw-r--r--auth/helm/aaf/values.yaml6
-rwxr-xr-xauth/sample/bin/client.sh66
-rw-r--r--auth/sample/bin/service.sh4
-rw-r--r--auth/sample/local/initialConfig.props29
21 files changed, 159 insertions, 145 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java
index d05f38c5..0120ba40 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java
@@ -4,7 +4,7 @@
* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
* ===========================================================================
- * Modifications Copyright (C) 2018 IBM.
+ * Modifications Copyright (C) 2019 IBM.
* ===========================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -84,21 +84,16 @@ public class LastNotified {
*
* @param user
* @param target
- * @param target_key
+ * @param targetkey
* @return
*/
- public Date lastNotified(String user, String target, String target_key) {
- String key = user + '|' + target + '|' + target_key;
+ public Date lastNotified(String user, String target, String targetkey) {
+ String key = user + '|' + target + '|' + targetkey;
return lastNotified(key);
}
public Date lastNotified(String key) {
- Date rv = lastNotified.get(key);
- if(rv==null) {
- rv = never;
- lastNotified.put(key, rv);
- }
- return rv;
+ return lastNotified.computeIfAbsent(key, k -> never);
}
private Date add(ResultSet result, Map<String, Date> lastNotified, MarkDelete md) {
@@ -124,8 +119,8 @@ public class LastNotified {
}
private interface MarkDelete {
- public boolean process(String fullKey, Date last);
- };
+ boolean process(String fullKey, Date last);
+ }
private void startQuery(StringBuilder query) {
query.append(SELECT + " WHERE user in (");
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
index 5a5fada2..51bf594a 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
@@ -178,11 +178,6 @@ public class Function {
*/
public Result<Void> createNS(AuthzTrans trans, Namespace namespace, boolean fromApproval) {
Result<?> rq;
-// if (namespace.name.endsWith(Question.DOT_ADMIN)
-// || namespace.name.endsWith(Question.DOT_OWNER)) {
-// return Result.err(Status.ERR_BadData,
-// "'admin' and 'owner' are reserved names in AAF");
-// }
try {
for (String u : namespace.owner) {
@@ -264,9 +259,6 @@ public class Function {
// or helpful for Operations folks..
// Admins can be empty, because they can be changed by lower level
// NSs
- // if (ns.admin(false).isEmpty()) {
- // ns.admin(true).add(user);
- // }
if (namespace.admin != null) {
for (String u : namespace.admin) {
if ((r = checkValidID(trans, now, u)).notOK()) {
@@ -413,10 +405,8 @@ public class Function {
pdd.type = delP2;
if ((rq = q.permDAO.delete(trans, pdd, false)).notOK()) {
eb.log(rq);
- // } else {
// Need to invalidate directly, because we're
// switching places in NS, not normal cache behavior
- // q.permDAO.invalidate(trans,pdd);
}
} else {
eb.log(rq);
@@ -951,7 +941,7 @@ public class Function {
return Result.err(rnsd);
}
} else {
- rnsd = q.deriveNs(trans, perm.ns);
+ q.deriveNs(trans, perm.ns);
}
// Does Child exist?
@@ -1365,12 +1355,10 @@ public class Function {
Result<UserRoleDAO.Data> udr = q.userRoleDAO.create(trans, urData);
- switch (udr.status) {
- case OK:
+ if (udr.status == OK) {
return Result.ok();
- default:
- return Result.err(udr);
}
+ return Result.err(udr);
}
public Result<Void> addUserRole(AuthzTrans trans, String user, String ns, String rname) {
@@ -1497,7 +1485,7 @@ public class Function {
// User Future ID as ticket for Approvals
final UUID ticket = fr.value.id;
sb.append(", Approvals: ");
- Boolean first[] = new Boolean[]{true};
+ Boolean[] first = new Boolean[]{true};
if (op!=FUTURE_OP.A) {
for (Identity u : approvers) {
Result<ApprovalDAO.Data> r = addIdentity(trans,sb,first,user,data.memo,op,u,ticket,org.getApproverType());
@@ -1597,15 +1585,13 @@ public class Function {
case "denied":
aDenial=true;
break;
+ default:
+ break;
}
}
Result<OP_STATUS> ros=null;
if (aDenial) {
- // Note: Denial will be Audit-logged.
-// for (ApprovalDAO.Data ad : allApprovalsForTicket.value) {
-// q.approvalDAO.delete(trans, ad, false);
-// }
ros = OP_STATUS.RD;
if (q.futureDAO.delete(trans, curr, false).notOK()) {
trans.info().printf("Future %s could not be deleted", curr.id.toString());
@@ -1699,11 +1685,8 @@ public class Function {
} else if (FOP_NS.equalsIgnoreCase(curr.target)) {
Namespace namespace = new Namespace();
namespace.reconstitute(curr.construct);
- switch(fop) {
- case C:
- ros = set(OP_STATUS.RE,createNS(trans, namespace, true));
- break;
- default:
+ if (fop == FUTURE_OP.C) {
+ ros = set(OP_STATUS.RE, createNS(trans, namespace, true));
}
} else if (FOP_DELEGATE.equalsIgnoreCase(curr.target)) {
DelegateDAO.Data data = new DelegateDAO.Data();
@@ -1720,11 +1703,8 @@ public class Function {
} else if (FOP_CRED.equalsIgnoreCase(curr.target)) {
CredDAO.Data data = new CredDAO.Data();
data.reconstitute(curr.construct);
- switch(fop) {
- case C:
- ros = set(OP_STATUS.RE,q.credDAO.dao().create(trans, data));
- break;
- default:
+ if (fop == FUTURE_OP.C) {
+ ros = set(OP_STATUS.RE, q.credDAO.dao().create(trans, data));
}
}
} catch (Exception e) {
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java
index 81debc05..bd77bee6 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java
@@ -73,8 +73,11 @@ public class DirectAAFLocator extends AbsAAFLocator<AuthzTrans> {
}
try {
- RegistrationPropHolder rph = new RegistrationPropHolder(access,0);
- String aaf_url = rph.replacements(getClass().getSimpleName(),"https://"+Config.AAF_LOCATE_URL_TAG+"/%CNS."+name, null,null);
+ String aaf_url = access.getProperty(Config.AAF_URL, null);
+ if(aaf_url==null) {
+ RegistrationPropHolder rph = new RegistrationPropHolder(access,0);
+ aaf_url = rph.replacements(getClass().getSimpleName(),"https://"+Config.AAF_LOCATE_URL_TAG+"/%NS."+name, null,null);
+ }
//access.getProperty("/locate/"+name+':'+version;
access.printf(Level.INIT,"Creating DirectAAFLocator to %s",aaf_url);
uri = new URI(aaf_url);
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java
index cc9ccf98..d41f0cf3 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java
@@ -38,7 +38,6 @@ public class Cred extends Cmd {
public static final String ATTEMPT_FAILED_SPECIFICS_WITHELD = "Attempt Failed. Specifics witheld.";
private static final String CRED_PATH = "/authn/cred";
private static final String[] options = {"add","del","reset","extend"/*,"clean"*/};
-// private Clean clean;
public Cred(User parent) {
super(parent,"cred",
new Param(optionsToString(options),true),
@@ -46,7 +45,6 @@ public class Cred extends Cmd {
new Param("password (! D|E)",false),
new Param("entry# (if multi)",false)
);
-// clean = new Clean(this);
}
@Override
@@ -62,11 +60,10 @@ public class Cred extends Cmd {
cr.setPassword(args[idx++]);
}
if (args.length>idx)
- cr.setEntry(args[idx++]);
+ cr.setEntry(args[idx]);
// Set Start/End commands
setStartEnd(cr);
-// final int cleanIDX = _idx+1;
Integer ret = same(new Retryable<Integer>() {
@Override
public Integer code(Rcli<?> client) throws CadiException, APIException {
@@ -82,7 +79,6 @@ public class Cred extends Cmd {
verb = "Added Credential [";
break;
case 1:
-// if (aafcli.addForce())cr.setForce("TRUE");
setQueryParamsOn(client);
fp = client.delete(CRED_PATH,
getDF(CredRequest.class),
@@ -106,8 +102,8 @@ public class Cred extends Cmd {
);
verb = "Extended Credential [";
break;
-// case 4:
-// return clean.exec(cleanIDX, args);
+ default:
+ break;
}
if (fp==null) {
return null; // get by Sonar check.
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java
index 7b0c1204..80c6d825 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java
@@ -25,10 +25,6 @@ package org.onap.aaf.auth.cmd.test.perm;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.when;
-import org.junit.Before;
-
-import org.onap.aaf.auth.cmd.test.HMangrStub;
-
import java.io.ByteArrayOutputStream;
import java.io.PrintStream;
import java.io.Writer;
@@ -36,6 +32,7 @@ import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URISyntaxException;
+import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
@@ -44,6 +41,7 @@ import org.mockito.runners.MockitoJUnitRunner;
import org.onap.aaf.auth.cmd.AAFcli;
import org.onap.aaf.auth.cmd.ns.Create;
import org.onap.aaf.auth.cmd.ns.NS;
+import org.onap.aaf.auth.cmd.test.HMangrStub;
import org.onap.aaf.auth.env.AuthzEnv;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.Locator;
diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java
index d8e8914e..064a8a5c 100644
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java
@@ -128,7 +128,7 @@ public class AAF_GUI extends AbsService<AuthzEnv, AuthzTrans> implements State<E
deployedVersion = access.getProperty(Config.AAF_RELEASE, "N/A:2.x");
// Certificate Manager
- cmCon = new AAFConHttp(env.access(),Config.CM_URL);
+ cmCon = new AAFConHttp(env.access(),Config.AAF_URL_CM);
artifactsDF = env.newDataFactory(Artifacts.class);
certInfoDF = env.newDataFactory(CertInfo.class);
diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsDetail.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsDetail.java
index 5d1d0219..16a6c940 100644
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsDetail.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsDetail.java
@@ -65,7 +65,7 @@ public class NsDetail extends Page {
private static final String BLANK = "";
private static Slot keySlot;
private static Model model;
- private static String gw_url;
+ private static String locate_url;
public NsDetail(final AAF_GUI gui, Page ... breadcrumbs) throws APIException, IOException {
@@ -75,11 +75,11 @@ public class NsDetail extends Page {
);
model.set(this);
keySlot = gui.env.slot(NAME+".ns");
- gw_url = gui.env.getProperty(Config.GW_URL);
- if (gw_url==null) {
- gw_url="";
+ locate_url = gui.env.getProperty(Config.AAF_LOCATE_URL);
+ if (locate_url==null) {
+ locate_url="";
} else {
- gw_url+="/aaf/"+Config.AAF_DEFAULT_API_VERSION;
+ locate_url+="/aaf/"+Config.AAF_DEFAULT_API_VERSION;
}
}
@@ -217,7 +217,7 @@ public class NsDetail extends Page {
AbsCell label = (i==0?new TextCell(sentenceCase(field)+":","style=width:20%"):AbsCell.Null);
String perm = values.get(i);
String[] fields = perm.split("\\|");
- String grantLink = gw_url
+ String grantLink = locate_url
+ PermGrantForm.HREF
+ "?type=" + fields[0].trim()
+ "&amp;instance=" + fields[1].trim()
diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java
index a5e12f52..26bdb695 100644
--- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java
+++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java
@@ -23,6 +23,7 @@
package org.onap.aaf.auth.locate;
import java.net.URI;
+import java.net.UnknownHostException;
import java.util.Map;
import javax.servlet.Filter;
@@ -58,6 +59,7 @@ import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
import org.onap.aaf.cadi.aaf.v2_0.AAFTrustChecker;
import org.onap.aaf.cadi.aaf.v2_0.AbsAAFLocator;
import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.config.RegistrationPropHolder;
import org.onap.aaf.cadi.register.Registrant;
import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.Data;
@@ -180,7 +182,7 @@ public class AAF_Locate extends AbsService<AuthzEnv, AuthzTrans> {
protected AAFConHttp _newAAFConHttp() throws CadiException {
try {
if (dal==null) {
- dal = AbsAAFLocator.create("%CNS.%AAF_NS.service",Config.AAF_DEFAULT_API_VERSION);
+ dal = AbsAAFLocator.create("%AAF_NS.service",Config.AAF_DEFAULT_API_VERSION);
}
// utilize pre-constructed DirectAAFLocator
return new AAFConHttp(env.access(),dal);
@@ -191,7 +193,14 @@ public class AAF_Locate extends AbsService<AuthzEnv, AuthzTrans> {
public Locator<URI> getGUILocator() throws LocatorException {
if (gui_locator==null) {
- gui_locator = AbsAAFLocator.create("AAF_NS.gui",Config.AAF_DEFAULT_API_VERSION);
+ RegistrationPropHolder rph;
+ try {
+ rph = new RegistrationPropHolder(access, 0);
+ } catch (UnknownHostException | CadiException e) {
+ throw new LocatorException(e);
+ }
+ gui_locator = AbsAAFLocator.create(rph.getPublicEntryName("gui", rph.default_container),
+ Config.AAF_DEFAULT_API_VERSION);
}
return gui_locator;
}
diff --git a/auth/docker/.gitignore b/auth/docker/.gitignore
index 30b97d74..fb1f79ea 100644
--- a/auth/docker/.gitignore
+++ b/auth/docker/.gitignore
@@ -12,3 +12,4 @@
/*.jar
/*.jks
/sdnc
+/working
diff --git a/auth/helm/aaf-hello/templates/aaf-hello.yaml b/auth/helm/aaf-hello/templates/aaf-hello.yaml
index 787f32d5..e19b5997 100644
--- a/auth/helm/aaf-hello/templates/aaf-hello.yaml
+++ b/auth/helm/aaf-hello/templates/aaf-hello.yaml
@@ -63,38 +63,37 @@ spec:
name: aaf-hello-vol
command: ["bash","-c","cd /opt/app/osaaf/local && /opt/app/aaf_config/bin/agent.sh place aaf@aaf.osaaf.org aaf-hello "]
env:
- - name: "AAF_ENV"
+ - name: aaf_env
value: "{{ .Values.cadi.aaf_env }}"
- - name: "AAF_FQDN"
- value: "aaf-locate.{{ .Release.Namespace }}"
+ - name: cadi_latitude
+ value: "{{ .Values.cadi.cadi_latitude }}"
+ - name: cadi_longitude
+ value: "{{ .Values.cadi.cadi_longitude }}"
+ - name: aaf_locator_container
+ value: "helm"
+ - name: aaf_locator_container_ns
+ value: "{{ .Release.Namespace }}"
+ - name: aaf_locate_url
+ value: "https://aaf-locate.{{ .Release.Namespace }}:8095"
+ - name: aaf_locator_app_ns
+ value: "org.osaaf.aaf"
- name: "APP_FQDN"
value: "{{ .Values.cadi.fqdn }}"
- name: "APP_FQI"
value: "{{ .Values.cadi.fqi }}"
- - name: "LATITUDE"
- value: "{{ .Values.cadi.cadi_latitude }}"
- - name: "LONGITUDE"
- value: "{{ .Values.cadi.cadi_longitude }}"
- name: "DEPLOY_FQI"
value: "deployer@people.osaaf.org"
- name: "DEPLOY_PASSWORD"
value: "demo123456!"
- - name: "aaf_locator_container"
- value: "helm"
- - name: "aaf_locator_port"
- value: "{{ .Values.cadi.port }}"
- - name: "aaf_locator_fqdn.helm"
- value: "{{ .Values.cadi.fqdn }}.{{.Release.Namespace}}"
- - name: "aaf_locator_public_hostname"
- value: "{{ .Values.cadi.public_fqdn }}"
- - name: "aaf_locator_public_port"
- value: "{{ .Values.cadi.public_port }}"
- - name: "aaf_locator_container_ns"
- value: "{{ .Release.Namespace }}"
- - name: "aaf_locator_name"
- value: "{{.Values.cadi.app_ns}}.hello"
- - name: "aaf_locator_name.helm"
- value: "{{ .Release.Namespace}}.{{.Values.cadi.app_ns}}.hello"
+# Hello specific. Clients don't necessarily need this
+ - name: aaf_locator_public_fqdn
+ value: "{{.Values.cadi.public_fqdn}}"
+ - name: aaf_locator_name
+ value: "{{.Values.cadi.aaf_locator_name}}"
+ - name: aaf_locator_name_helm
+ value: "{{.Values.cadi.aaf_locator_name_helm}}"
+ - name: aaf_locator_fqdn_helm
+ value: "%N.%CNS"
###
### AAF-HELLO
diff --git a/auth/helm/aaf-hello/values.yaml b/auth/helm/aaf-hello/values.yaml
index a4fd23c4..a695a456 100644
--- a/auth/helm/aaf-hello/values.yaml
+++ b/auth/helm/aaf-hello/values.yaml
@@ -33,11 +33,17 @@ cadi:
fqdn: "aaf-hello"
port: 8130
public_fqdn: "aaf.osaaf.org"
+# DUBLIN ONLY - for M4 compatibility with Casablanca
+ aaf_locator_name: "public.%NS.%N"
+ aaf_locator_name_helm: "%NS.%N"
+# EL ALTO and Beyond
+# aaf_locator_name: "%NS.%N"
+# aaf_locator_name_helm: "%CNS.%NS.%N"
public_port: 30086
fqi: "aaf@aaf.osaaf.org"
app_ns: "org.osaaf.aaf"
- cadi_latitude: "38.0"
- cadi_longitude: "-72.0"
+ cadi_latitude: 38.0
+ cadi_longitude: -72.0
aaf_env: "DEV"
persistence: {}
diff --git a/auth/helm/aaf/templates/aaf-cm.yaml b/auth/helm/aaf/templates/aaf-cm.yaml
index b64a968e..51b0043d 100644
--- a/auth/helm/aaf/templates/aaf-cm.yaml
+++ b/auth/helm/aaf/templates/aaf-cm.yaml
@@ -83,6 +83,10 @@ spec:
value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}"
- name: aaf_locator_public_fqdn
value: "{{.Values.services.public_fqdn}}"
+ - name: aaf_locator_name
+ value: "{{.Values.services.aaf_locator_name}}"
+ - name: aaf_locator_name_helm
+ value: "{{.Values.services.aaf_locator_name_helm}}"
- name: CASSANDRA_CLUSTER
value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}"
# - name: CASSANDRA_USER
diff --git a/auth/helm/aaf/templates/aaf-fs.yaml b/auth/helm/aaf/templates/aaf-fs.yaml
index 5adc1d62..f0c6e8e5 100644
--- a/auth/helm/aaf/templates/aaf-fs.yaml
+++ b/auth/helm/aaf/templates/aaf-fs.yaml
@@ -117,4 +117,8 @@ spec:
value: "https://aaf-locate.onap:8095"
- name: aaf_locator_public_fqdn
value: "{{.Values.services.public_fqdn}}"
+ - name: aaf_locator_name
+ value: "{{.Values.services.aaf_locator_name}}"
+ - name: aaf_locator_name_helm
+ value: "{{.Values.services.aaf_locator_name_helm}}"
diff --git a/auth/helm/aaf/templates/aaf-gui.yaml b/auth/helm/aaf/templates/aaf-gui.yaml
index 758b6b27..a977a9b3 100644
--- a/auth/helm/aaf/templates/aaf-gui.yaml
+++ b/auth/helm/aaf/templates/aaf-gui.yaml
@@ -84,6 +84,10 @@ spec:
value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}"
- name: aaf_locator_public_fqdn
value: "{{.Values.services.public_fqdn}}"
+ - name: aaf_locator_name
+ value: "{{.Values.services.aaf_locator_name}}"
+ - name: aaf_locator_name_helm
+ value: "{{.Values.services.aaf_locator_name_helm}}"
- name: CASSANDRA_CLUSTER
value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}"
# - name: CASSANDRA_USER
diff --git a/auth/helm/aaf/templates/aaf-locate.yaml b/auth/helm/aaf/templates/aaf-locate.yaml
index a6a2e258..1f9bdc40 100644
--- a/auth/helm/aaf/templates/aaf-locate.yaml
+++ b/auth/helm/aaf/templates/aaf-locate.yaml
@@ -83,6 +83,10 @@ spec:
value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}"
- name: aaf_locator_public_fqdn
value: "{{.Values.services.public_fqdn}}"
+ - name: aaf_locator_name
+ value: "{{.Values.services.aaf_locator_name}}"
+ - name: aaf_locator_name_helm
+ value: "{{.Values.services.aaf_locator_name_helm}}"
- name: CASSANDRA_CLUSTER
value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}"
# - name: CASSANDRA_USER
diff --git a/auth/helm/aaf/templates/aaf-oauth.yaml b/auth/helm/aaf/templates/aaf-oauth.yaml
index 2e2acb4b..ff9a18dd 100644
--- a/auth/helm/aaf/templates/aaf-oauth.yaml
+++ b/auth/helm/aaf/templates/aaf-oauth.yaml
@@ -83,6 +83,10 @@ spec:
value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}"
- name: aaf_locator_public_fqdn
value: "{{.Values.services.public_fqdn}}"
+ - name: aaf_locator_name
+ value: "{{.Values.services.aaf_locator_name}}"
+ - name: aaf_locator_name_helm
+ value: "{{.Values.services.aaf_locator_name_helm}}"
- name: CASSANDRA_CLUSTER
value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}"
# - name: CASSANDRA_USER
diff --git a/auth/helm/aaf/templates/aaf-service.yaml b/auth/helm/aaf/templates/aaf-service.yaml
index a0935a65..be6e1c8b 100644
--- a/auth/helm/aaf/templates/aaf-service.yaml
+++ b/auth/helm/aaf/templates/aaf-service.yaml
@@ -66,22 +66,24 @@ spec:
- mountPath: "/opt/app/osaaf"
name: aaf-config-vol
env:
- - name: AAF_ENV
+ - name: aaf_env
value: "{{ .Values.services.aaf_env }}"
- - name: LATITUDE
+ - name: cadi_latitude
value: "{{ .Values.services.cadi_latitude }}"
- - name: LONGITUDE
+ - name: cadi_longitude
value: "{{ .Values.services.cadi_longitude }}"
- name: aaf_locator_container
value: "helm"
- name: aaf_locator_container_ns
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
+ value: "{{ .Release.Namespace }}"
- name: aaf_locate_url
value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}"
- name: aaf_locator_public_fqdn
value: "{{.Values.services.public_fqdn}}"
+ - name: aaf_locator_name
+ value: "{{.Values.services.aaf_locator_name}}"
+ - name: aaf_locator_name_helm
+ value: "{{.Values.services.aaf_locator_name_helm}}"
- name: CASSANDRA_CLUSTER
value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}"
# - name: CASSANDRA_USER
diff --git a/auth/helm/aaf/values.yaml b/auth/helm/aaf/values.yaml
index 226f030c..c38bbdb5 100644
--- a/auth/helm/aaf/values.yaml
+++ b/auth/helm/aaf/values.yaml
@@ -30,6 +30,12 @@ services:
ns: "onap"
aaf_env: "DEV"
public_fqdn: "aaf.osaaf.org"
+# DUBLIN ONLY - for M4 compatibility with Casablanca
+ aaf_locator_name: "public.%NS.%N"
+ aaf_locator_name_helm: "%NS.%N"
+# EL ALTO and Beyond
+# aaf_locator_name: "%NS.%N"
+# aaf_locator_name_helm: "%CNS.%NS.%N"
cadi_latitude: "38.0"
cadi_longitude: "-72.0"
cass:
diff --git a/auth/sample/bin/client.sh b/auth/sample/bin/client.sh
index dde10720..0dff8037 100755
--- a/auth/sample/bin/client.sh
+++ b/auth/sample/bin/client.sh
@@ -76,41 +76,45 @@ function sso_encrypt() {
$JAVA_CADI digest ${1} $DOT_AAF/keyfile
}
+if [ ! -e "$DOT_AAF/truststoreONAPall.jks" ]; then
+ mkdir -p $DOT_AAF
+ base64 -d $CONFIG/cert/truststoreONAPall.jks.b64 > $DOT_AAF/truststoreONAPall.jks
+fi
# Create Deployer Info, located at /root/.aaf
if [ ! -e "$DOT_AAF/keyfile" ]; then
- mkdir -p $DOT_AAF
$JAVA_CADI keygen $DOT_AAF/keyfile
chmod 400 $DOT_AAF/keyfile
- echo cadi_latitude=${LATITUDE} > ${SSO}
- echo cadi_longitude=${LONGITUDE} >> ${SSO}
- echo aaf_id=${DEPLOY_FQI} >> ${SSO}
+
+ # Add Deployer Creds to Root's SSO
+ DEPLOY_FQI="${DEPLOY_FQI:=$app_id}"
+ echo "aaf_id=${DEPLOY_FQI}" > ${SSO}
if [ ! "${DEPLOY_PASSWORD}" = "" ]; then
echo aaf_password=enc:$(sso_encrypt ${DEPLOY_PASSWORD}) >> ${SSO}
fi
- if [ ! -z "${aaf_locator_container}" ]; then
- echo "aaf_locator_container=${aaf_locator_container}" >> ${SSO}
- fi
- if [ -z "${aaf_locator_container_ns}" ]; then
- if [ !-z "${CONTAINER_NS}" ]; then
- echo "aaf_locator_container_ns=${CONTAINER_NS}" >> ${SSO}
- fi
- else
- echo "aaf_locator_container_ns=${aaf_locator_container_ns}" >> ${SSO}
- fi
- if [ ! -z "${AAF_ENV}" ]; then
- echo "aaf_env=${AAF_ENV}" >> ${SSO}
- fi
- echo aaf_locate_url=https://${AAF_FQDN}:8095 >> ${SSO}
- echo aaf_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:${AAF_INTERFACE_VERSION} >> ${SSO}
+ # Cover case where using app.props
+ aaf_locater_container_ns=${aaf_locator_container_ns:=$CONTAINER_NS}
+
+ for E in $(env); do
+ if [ "${E:0:4}" = "aaf_" ] || [ "${E:0:5}" = "cadi_" ]; then
+ # Use Deployer ID in ${SSO}
+ if [ "app_id" != "${E%=*}" ]; then
+ S="${E/_helm/.helm}"
+ S="${S/_oom/.oom}"
+ echo "$S" >> ${SSO}
+ fi
+ fi
+ done
- base64 -d $CONFIG/cert/truststoreONAPall.jks.b64 > $DOT_AAF/truststoreONAPall.jks
echo "cadi_truststore=$DOT_AAF/truststoreONAPall.jks" >> ${SSO}
echo cadi_truststore_password=enc:$(sso_encrypt changeit) >> ${SSO}
echo "Caller Properties Initialized"
INITIALIZED="true"
fi
+echo "cat SSO"
+cat ${SSO}
+echo "dog"
# Only initialize once, automatically...
if [ ! -e $LOCAL/${NS}.props ]; then
@@ -133,28 +137,22 @@ if [ ! -e $LOCAL/${NS}.props ]; then
echo "java -cp $(ls aaf-auth-cmd-*-full.jar) org.onap.aaf.cadi.aaf.TestConnectivity $NS.props" >> testConnectivity
chmod ug+x agent cadi testConnectivity
fi
+
echo "#### Create Configuration files "
$JAVA_AGENT config $APP_FQI \
- aaf_url=https://AAF_LOCATE_URL/AAF_NS.locate:${AAF_INTERFACE_VERSION} \
- cadi_etc_dir=$LOCAL
-# Grab all properties passed in that start with "aaf_" or "cadi_"
- for E in $(env); do
- if [[ $E == aaf_* ]] || [[ $E == cadi_* ]]; then
- if [ -z "$(grep $E $LOCAL/$NS.props)" ]; then
- echo "${E}" >> $LOCAL/$NS.props
- fi
- fi
- done
+ cadi_etc_dir=$LOCAL \
+ cadi_prop_files=$SSO
+ #aaf_url=https://AAF_LOCATE_URL/AAF_NS.locate:${AAF_INTERFACE_VERSION}
cat $LOCAL/$NS.props
echo
echo "#### Certificate Authorization Artifact"
- TMP=$(mktemp)
+ # TMP=$(mktemp)
+ TMP=$LOCAL/agent.log
$JAVA_AGENT read ${APP_FQI} ${APP_FQDN} \
cadi_prop_files=${SSO} \
- cadi_etc_dir=$LOCAL > $TMP
- cat $TMP
- echo
+ cadi_etc_dir=$LOCAL | tee $TMP
+
if [ -n "$(grep 'Namespace:' $TMP)" ]; then
echo "#### Place Certificates (by deployer)"
$JAVA_AGENT place ${APP_FQI} ${APP_FQDN} \
diff --git a/auth/sample/bin/service.sh b/auth/sample/bin/service.sh
index 2b964b1c..54a1cc58 100644
--- a/auth/sample/bin/service.sh
+++ b/auth/sample/bin/service.sh
@@ -135,7 +135,9 @@ if [ ! -e $LOCAL/org.osaaf.aaf.props ]; then
echo aaf_locate_url=${AAF_LOCATE_URL} >> ${TMP}
for P in `env`; do
if [[ "$P" == aaf_locator* ]]; then
- echo "$P" >> ${TMP}
+ S="${P/_helm/.helm}"
+ S="${S/_oom/.oom}"
+ echo "$S" >> ${TMP}
fi
done
diff --git a/auth/sample/local/initialConfig.props b/auth/sample/local/initialConfig.props
index 6ea1d537..8b01d951 100644
--- a/auth/sample/local/initialConfig.props
+++ b/auth/sample/local/initialConfig.props
@@ -17,8 +17,6 @@
# limitations under the License.
# ============LICENSE_END====================================================
#
-cadi_protocols=TLSv1.1,TLSv1.2
-
################################
# Locator info
#
@@ -31,20 +29,21 @@ cadi_protocols=TLSv1.1,TLSv1.2
aaf_locator_app_ns=%AAF_NS
aaf_locator_name=%NS.%N
aaf_locator_name.docker=%CNS.%NS.%N
-aaf_locator_name.helm=%CNS.%NS.%N
-aaf_locator_name.oom=%CNS%.%NS.%N
+aaf_root_ns=org.osaaf.aaf
+
+# Dublin
+aaf_locator_name.oom=%NS.%N
+aaf_locator_name.helm=%NS.%N
+aaf_locator_public_name.oom=public.%NS.%N
+aaf_locator_public_name.helm=public.%NS.%N
+
+# EL Alto and beyond
+# aaf_locator_name.oom=%CNS.%NS.%N
+# aaf_locator_name.helm=%CNS.%NS.%N
+
aaf_locator_fqdn.docker=aaf-%N
aaf_locator_fqdn.helm=aaf-%N.%CNS
aaf_locator_fqdn.oom=aaf-%N.%CNS
-################################
-# AAF URLs
-################################
-aaf_locate_url=https://localhost:8095
-aaf_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:2.1
-aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.oauth:2.1/introspect
-aaf_oauth2_token_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.oauth:2.1/token
-cm_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1
-gui_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui.2.1
-fs_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs.2.1
-
+# initial trusted CAs
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US