10 files changed, 388 insertions, 24 deletions

diff --git a/authz-service/src/main/resources/authAPI.props b/authz-service/src/main/resources/authAPI.props
deleted file mode 100644
index 6bc78699..00000000
--- a/authz-service/src/main/resources/authAPI.props
+++ /dev/null
@@ -1,24 +0,0 @@
-##
-## AUTHZ API (authz-service) Properties
-##
-
-hostname=_HOSTNAME_
-
-## DISCOVERY (DME2) Parameters on the Command Line
-AFT_LATITUDE=_AFT_LATITUDE_
-AFT_LONGITUDE=_AFT_LONGITUDE_
-AFT_ENVIRONMENT=_AFT_ENVIRONMENT_
-DEPLOYED_VERSION=_ARTIFACT_VERSION_
-
-## Pull in common/security properties
-
-cadi_prop_files=_COMMON_DIR_/com.att.aaf.common.props;_COMMON_DIR_/com.att.aaf.props
-
-##DME2 related parameters
-
-DMEServiceName=service=com.att.authz.AuthorizationService/version=_MAJOR_VER_._MINOR_VER_._PATCH_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_
-AFT_DME2_PORT_RANGE=_AUTHZ_SERVICE_PORT_RANGE_
-
-
-CACHE_HIGH_COUNT=20000
-CACHE_CLEAN_INTERVAL=60000
\ No newline at end of file
diff --git a/authz-service/src/main/resources/dme2reg/service=org.onap.aaf.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE.txt b/authz-service/src/main/resources/dme2reg/service=org.onap.aaf.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE.txt
new file mode 100644
index 00000000..b88df64e
--- /dev/null
+++ b/authz-service/src/main/resources/dme2reg/service=org.onap.aaf.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE.txt
@@ -0,0 +1,8 @@
+#
+#Wed Nov 30 23:48:45 EST 2016
+alcdtl15rj6015,60498=latitude\=32.78014;longitude\=-96.800451;lease\=1480372013837;protocol\=http;contextPath\=/;routeOffer\=BAU_SE
+ALCDTL46RJ6015,55998=latitude\=32.78014;longitude\=-96.800451;lease\=1479687428093;protocol\=http;contextPath\=/;routeOffer\=BAU_SE
+localhost,42246=latitude\=32.78014;longitude\=-96.800451;lease\=1478985613892;protocol\=http;contextPath\=/;routeOffer\=BAU_SE
+localhost,39157=latitude\=32.78014;longitude\=-96.800451;lease\=1478811101528;protocol\=http;contextPath\=/;routeOffer\=BAU_SE
+alcdtl15rj6015,55889=latitude\=32.78014;longitude\=-96.800451;lease\=1480371829514;protocol\=http;contextPath\=/;routeOffer\=BAU_SE
+localhost,36473=latitude\=32.78014;longitude\=-96.800451;lease\=1478801682319;protocol\=http;contextPath\=/;routeOffer\=BAU_SE
diff --git a/authz-service/src/main/resources/docker/Dockerfile b/authz-service/src/main/resources/docker/Dockerfile
new file mode 100644
index 00000000..6894ed8a
--- /dev/null
+++ b/authz-service/src/main/resources/docker/Dockerfile
@@ -0,0 +1,9 @@
+FROM openjdk:8-jdk 

+ADD opt /opt/

+ADD authz-service-1.0.0-SNAPSHOT.jar /opt/app/aaf/authz-service/1.0.0-SNAPSHOT/lib/authz-service-1.0.0-SNAPSHOT.jar

+ADD startup.sh /startup.sh

+RUN chmod 777 /startup.sh

+RUN chmod -R 777 /opt/app/aaf/authz-service/1.0.0-SNAPSHOT/etc

+ENTRYPOINT ./startup.sh

+

+

diff --git a/authz-service/src/main/resources/docker/authAPI.props b/authz-service/src/main/resources/docker/authAPI.props
new file mode 100644
index 00000000..f8c1b400
--- /dev/null
+++ b/authz-service/src/main/resources/docker/authAPI.props
@@ -0,0 +1,111 @@
+##

+## AUTHZ API (authz-service) Properties

+##

+#hostname=localhost

+hostname=0.0.0.0

+# Standard AFT for THIS box, and THIS box is in St Louis.  Put your own LAT/LONG in here.  Use "bing.com/maps" or 

+# SWMTools (geoloc for DataCenters) to get YOURs

+

+AFT_LATITUDE=32.780140

+AFT_LONGITUDE=-96.800451

+AFT_ENVIRONMENT=AFTUAT

+DEPLOYED_VERSION=2.0.SAMPLE

+

+##DME2 related parameters

+DMEServiceName=service=org.onap.aaf.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE

+

+#DME2 can limit Port Ranges with the following:

+#AFT_DME2_PORT_RANGE=8101-8029,8100

+#DME2 picks any unused port in +1024 range

+#AFT_DME2_PORT=0

+AFT_DME2_ALLOW_PORT_CACHING=false

+aaf_root_ns=org.openecomp

+

+# Point to "Common" files, used between all the AAF Services. ... 

+

+# DEVELOPER ONLY SETTING!!!!!  DO NOT USE on ANY BOX other than your Developer box, and it

+# would be better if you got a Cert for that, and remove this!  There is nothing stupider than

+# an unsecured Security Service.

+cadi_trust_all_x509=true

+

+# Public (i.e. Verisign) Key stores.

+# AFT_DME2_KEYSTORE=

+# AFT_DME2_KEYSTORE_PASSWORD=

+# AFT_DME2_KEY_PASSWORD=

+# cadi_truststore=

+# cadi_truststore_password=

+

+# Standard for this App/Machine

+aaf_env=DEV

+aaf_data_dir=../data

+cadi_loglevel=WARN

+aaf_id=<osaaf's Application Identity>

+aaf_password=enc:31-LFPNtP9Yl1DZKAz1rx8N8YfYVY8VKnnDr

+

+aaf_conn_timeout=6000

+aaf_timeout=10000

+aaf_user_expires=600000

+aaf_clean_interval=45000

+aaf_refresh_trigger_count=3

+aaf_high_count=30000

+

+# Basic Auth

+aaf_default_realm=openecomp.org

+#aaf_domain_support=.org

+basic_realm=openecomp.org

+basic_warn=false

+aaf_root_ns=org.openecomp

+localhost_deny=false

+

+

+# Cassandra

+# IP:Cass DataCenter:Latitude:Longitude,IP....

+cassandra.clusters=127.0.0.1

+cassandra.clusters.port=9042

+cassandra.clusters.user=authz

+cassandra.clusters.password=authz

+## Exceptions from Cassandra which require resetting the Cassandra Connections

+cassandra.reset.exceptions=com.datastax.driver.core.exceptions.NoHostAvailableException:"no host was tried":"Connection has been closed"

+

+# Consistency Settings

+cassandra.writeConsistency.ns=LOCAL_QUORUM

+cassandra.writeConsistency.perm=LOCAL_QUORUM

+cassandra.writeConsistency.role=LOCAL_QUORUM

+cassandra.writeConsistency.user_role=LOCAL_QUORUM

+cassandra.writeConsistency.cred=LOCAL_QUORUM

+cassandra.writeConsistency.ns_attrib=LOCAL_QUORUM

+

+## Supported Plugin Organizational Units

+Organization.com.osaaf=org.onap.aaf.osaaf.defOrg.DefaultOrg

+

+## Email Server settings for Def Organization.

+#Sender's email ID needs to be mentioned

+com.osaaf.mailFromUserId=mailid@bogus.com

+com.osaaf.supportEmail=support@bogus.com

+com.osaaf.mailHost=smtp.bogus.com

+

+# Standard AAF DME2 Props

+AFT_DME2_REMOVE_PERSISTENT_CACHE_ON_STARTUP=TRUE

+AFT_DME2_DISABLE_PERSISTENT_CACHE=TRUE

+AFT_DME2_DISABLE_PERSISTENT_CACHE_LOAD=TRUE

+

+## SSL OPTIONAL ONLY IN DEVELOPMENT PC/Local... WHATEVER YOU DO, don't use this on any box than your local PC

+AFT_DME2_SSL_ENABLE=false

+# for when you turn on SSL... Only TLSv1.1+ is secure as of 2016

+AFT_DME2_SSL_WANT_CLIENT_AUTH=TRUE

+AFT_DME2_SSL_INCLUDE_PROTOCOLS=TLSv1.1,TLSv1.2

+AFT_DME2_SSL_VALIDATE_CERTS=FALSE

+AFT_DME2_CLIENT_IGNORE_SSL_CONFIG=false

+

+## Extra CA Trusts, for Certifiate Manager to build truststore with external CAs

+cm_trust_cas=VerisignG3_CA.cer;VerisignG4_CA.cer;VerisignG5_CA.cer

+

+

+#cadi_prop_files=com.osaaf.common.props;com.osaaf.props

+cadi_prop_files=opt/app/aaf/authz-service/1.0.0-SNAPSHOT/etc/com.osaaf.common.props;opt/app/aaf/authz-service/1.0.0-SNAPSHOT/etc/com.osaaf.props

+CACHE_HIGH_COUNT=40000

+CACHE_CLEAN_INTERVAL=60000

+

+

+

+

diff --git a/authz-service/src/main/resources/docker/com.osaaf.common.props b/authz-service/src/main/resources/docker/com.osaaf.common.props
new file mode 100644
index 00000000..5bf127ce
--- /dev/null
+++ b/authz-service/src/main/resources/docker/com.osaaf.common.props
@@ -0,0 +1,81 @@
+############################################################
+# Properties Written by Jonathan Gathman
+#   on 2016-08-12T04:17:59.628-0500
+# These properties encapsulate the Verisign Public Certificates
+############################################################
+# DEVELOPER ONLY SETTING!!!!!  DO NOT USE on ANY BOX other than your Developer box, and it
+# would be better if you got a Cert for that, and remove this!  There is nothing stupider than
+# an unsecured Security Service.
+cadi_trust_all_x509=true
+
+# Public (i.e. Verisign) Key stores.
+# AFT_DME2_KEYSTORE=
+# AFT_DME2_KEYSTORE_PASSWORD=
+# AFT_DME2_KEY_PASSWORD=
+# cadi_truststore=
+# cadi_truststore_password=
+
+# Standard for this App/Machine
+aaf_env=DEV
+aaf_data_dir=../data
+cadi_loglevel=WARN
+aaf_id=<osaaf's Application Identity>
+aaf_password=enc:31-LFPNtP9Yl1DZKAz1rx8N8YfYVY8VKnnDr
+
+aaf_conn_timeout=6000
+aaf_timeout=10000
+aaf_user_expires=600000
+aaf_clean_interval=45000
+aaf_refresh_trigger_count=3
+aaf_high_count=30000
+
+# Basic Auth
+aaf_default_realm=openecomp.org
+#aaf_domain_support=.org
+basic_realm=openecomp.org
+basic_warn=false
+aaf_root_ns=org.openecomp
+localhost_deny=false
+
+
+# Cassandra
+# IP:Cass DataCenter:Latitude:Longitude,IP....
+cassandra.clusters=127.0.0.1
+cassandra.clusters.port=9042
+cassandra.clusters.user=authz
+cassandra.clusters.password=authz
+## Exceptions from Cassandra which require resetting the Cassandra Connections
+cassandra.reset.exceptions=com.datastax.driver.core.exceptions.NoHostAvailableException:"no host was tried":"Connection has been closed"
+
+# Consistency Settings
+cassandra.writeConsistency.ns=LOCAL_QUORUM
+cassandra.writeConsistency.perm=LOCAL_QUORUM
+cassandra.writeConsistency.role=LOCAL_QUORUM
+cassandra.writeConsistency.user_role=LOCAL_QUORUM
+cassandra.writeConsistency.cred=LOCAL_QUORUM
+cassandra.writeConsistency.ns_attrib=LOCAL_QUORUM
+
+## Supported Plugin Organizational Units
+Organization.com.osaaf=org.onap.aaf.osaaf.defOrg.DefaultOrg
+
+## Email Server settings for Def Organization.
+#Sender's email ID needs to be mentioned
+com.osaaf.mailFromUserId=mailid@bogus.com
+com.osaaf.supportEmail=support@bogus.com
+com.osaaf.mailHost=smtp.bogus.com
+
+# Standard AAF DME2 Props
+AFT_DME2_REMOVE_PERSISTENT_CACHE_ON_STARTUP=TRUE
+AFT_DME2_DISABLE_PERSISTENT_CACHE=TRUE
+AFT_DME2_DISABLE_PERSISTENT_CACHE_LOAD=TRUE
+
+## SSL OPTIONAL ONLY IN DEVELOPMENT PC/Local... WHATEVER YOU DO, don't use this on any box than your local PC
+AFT_DME2_SSL_ENABLE=false
+# for when you turn on SSL... Only TLSv1.1+ is secure as of 2016
+AFT_DME2_SSL_WANT_CLIENT_AUTH=TRUE
+AFT_DME2_SSL_INCLUDE_PROTOCOLS=TLSv1.1,TLSv1.2
+AFT_DME2_SSL_VALIDATE_CERTS=FALSE
+AFT_DME2_CLIENT_IGNORE_SSL_CONFIG=false
+
+## Extra CA Trusts, for Certifiate Manager to build truststore with external CAs
+cm_trust_cas=VerisignG3_CA.cer;VerisignG4_CA.cer;VerisignG5_CA.cer
diff --git a/authz-service/src/main/resources/docker/com.osaaf.props b/authz-service/src/main/resources/docker/com.osaaf.props
new file mode 100644
index 00000000..24a0add7
--- /dev/null
+++ b/authz-service/src/main/resources/docker/com.osaaf.props
@@ -0,0 +1,9 @@
+############################################################
+# Initial File for Generating
+#   on 2016-10-26T06:56:19.905-0500
+# @copyright 2016, AT&T
+############################################################
+cm_url=https://<certificate manager host>:8150
+hostname=localhost
+cadi_x509_issuers=CN=ATT CADI Issuing CA - Test 01, OU=CSO, O=ATT, C=US
+#cadi_keyfile=keyfile
diff --git a/authz-service/src/main/resources/docker/startup.sh b/authz-service/src/main/resources/docker/startup.sh
new file mode 100644
index 00000000..7b18f9dc
--- /dev/null
+++ b/authz-service/src/main/resources/docker/startup.sh
@@ -0,0 +1,21 @@
+
+LIB=/opt/app/aaf/authz-service/1.0.0-SNAPSHOT/lib
+
+ETC=/opt/app/aaf/authz-service/1.0.0-SNAPSHOT/etc
+DME2REG=/opt/dme2reg
+
+echo "this is LIB" $LIB
+echo "this is ETC" $ETC
+echo "this is DME2REG" $DME2REG
+
+CLASSPATH=$ETC
+for FILE in `find $LIB -name *.jar`; do
+  CLASSPATH=$CLASSPATH:$FILE
+done
+java -classpath $CLASSPATH -DDME2_EP_REGISTRY_CLASS=DME2FS -DAFT_DME2_EP_REGISTRY_FS_DIR=$DME2REG org.onap.aaf.authz.service.AuthAPI
+
+
+
+
+
+
diff --git a/authz-service/src/main/resources/etc/authAPI.props b/authz-service/src/main/resources/etc/authAPI.props
new file mode 100644
index 00000000..f0dbc8be
--- /dev/null
+++ b/authz-service/src/main/resources/etc/authAPI.props
@@ -0,0 +1,59 @@
+##

+## AUTHZ API (authz-service) Properties

+##

+#hostname=localhost

+hostname=0.0.0.0

+# Standard AFT for THIS box, and THIS box is in St Louis.  Put your own LAT/LONG in here.  Use "bing.com/maps" or 

+# SWMTools (geoloc for DataCenters) to get YOURs

+

+AFT_LATITUDE=32.780140

+AFT_LONGITUDE=-96.800451

+AFT_ENVIRONMENT=AFTUAT

+DEPLOYED_VERSION=2.0.SAMPLE

+

+##DME2 related parameters

+DMEServiceName=service=org.onap.aaf.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE

+

+#DME2 can limit Port Ranges with the following:

+#AFT_DME2_PORT_RANGE=8101-8029,8100

+#DME2 picks any unused port in +1024 range

+#AFT_DME2_PORT=0

+AFT_DME2_ALLOW_PORT_CACHING=false

+aaf_root_ns=org.openecomp

+

+# Point to "Common" files, used between all the AAF Services. ... 

+

+

+

+

+# Cassandra

+# IP:Cass DataCenter:Latitude:Longitude,IP....

+cassandra.clusters=127.0.0.1

+cassandra.clusters.port=9042

+cassandra.clusters.user=authz

+cassandra.clusters.password=authz

+## Exceptions from Cassandra which require resetting the Cassandra Connections

+cassandra.reset.exceptions=com.datastax.driver.core.exceptions.NoHostAvailableException:"no host was tried":"Connection has been closed"

+

+# Consistency Settings

+cassandra.writeConsistency.ns=LOCAL_QUORUM

+cassandra.writeConsistency.perm=LOCAL_QUORUM

+cassandra.writeConsistency.role=LOCAL_QUORUM

+cassandra.writeConsistency.user_role=LOCAL_QUORUM

+cassandra.writeConsistency.cred=LOCAL_QUORUM

+cassandra.writeConsistency.ns_attrib=LOCAL_QUORUM

+

+## Supported Plugin Organizational Units

+Organization.com.osaaf=org.onap.aaf.osaaf.defOrg.DefaultOrg

+

+

+

+

+#cadi_prop_files=com.osaaf.common.props;com.osaaf.props

+cadi_prop_files=opt/app/aaf/authz-service/1.0.0-SNAPSHOT/etc/com.osaaf.common.props;opt/app/aaf/authz-service/1.0.0-SNAPSHOT/etc/com.osaaf.props

+CACHE_HIGH_COUNT=40000

+CACHE_CLEAN_INTERVAL=60000

+

+

+

+

diff --git a/authz-service/src/main/resources/etc/com.osaaf.common.props b/authz-service/src/main/resources/etc/com.osaaf.common.props
new file mode 100644
index 00000000..5bf127ce
--- /dev/null
+++ b/authz-service/src/main/resources/etc/com.osaaf.common.props
@@ -0,0 +1,81 @@
+############################################################
+# Properties Written by Jonathan Gathman
+#   on 2016-08-12T04:17:59.628-0500
+# These properties encapsulate the Verisign Public Certificates
+############################################################
+# DEVELOPER ONLY SETTING!!!!!  DO NOT USE on ANY BOX other than your Developer box, and it
+# would be better if you got a Cert for that, and remove this!  There is nothing stupider than
+# an unsecured Security Service.
+cadi_trust_all_x509=true
+
+# Public (i.e. Verisign) Key stores.
+# AFT_DME2_KEYSTORE=
+# AFT_DME2_KEYSTORE_PASSWORD=
+# AFT_DME2_KEY_PASSWORD=
+# cadi_truststore=
+# cadi_truststore_password=
+
+# Standard for this App/Machine
+aaf_env=DEV
+aaf_data_dir=../data
+cadi_loglevel=WARN
+aaf_id=<osaaf's Application Identity>
+aaf_password=enc:31-LFPNtP9Yl1DZKAz1rx8N8YfYVY8VKnnDr
+
+aaf_conn_timeout=6000
+aaf_timeout=10000
+aaf_user_expires=600000
+aaf_clean_interval=45000
+aaf_refresh_trigger_count=3
+aaf_high_count=30000
+
+# Basic Auth
+aaf_default_realm=openecomp.org
+#aaf_domain_support=.org
+basic_realm=openecomp.org
+basic_warn=false
+aaf_root_ns=org.openecomp
+localhost_deny=false
+
+
+# Cassandra
+# IP:Cass DataCenter:Latitude:Longitude,IP....
+cassandra.clusters=127.0.0.1
+cassandra.clusters.port=9042
+cassandra.clusters.user=authz
+cassandra.clusters.password=authz
+## Exceptions from Cassandra which require resetting the Cassandra Connections
+cassandra.reset.exceptions=com.datastax.driver.core.exceptions.NoHostAvailableException:"no host was tried":"Connection has been closed"
+
+# Consistency Settings
+cassandra.writeConsistency.ns=LOCAL_QUORUM
+cassandra.writeConsistency.perm=LOCAL_QUORUM
+cassandra.writeConsistency.role=LOCAL_QUORUM
+cassandra.writeConsistency.user_role=LOCAL_QUORUM
+cassandra.writeConsistency.cred=LOCAL_QUORUM
+cassandra.writeConsistency.ns_attrib=LOCAL_QUORUM
+
+## Supported Plugin Organizational Units
+Organization.com.osaaf=org.onap.aaf.osaaf.defOrg.DefaultOrg
+
+## Email Server settings for Def Organization.
+#Sender's email ID needs to be mentioned
+com.osaaf.mailFromUserId=mailid@bogus.com
+com.osaaf.supportEmail=support@bogus.com
+com.osaaf.mailHost=smtp.bogus.com
+
+# Standard AAF DME2 Props
+AFT_DME2_REMOVE_PERSISTENT_CACHE_ON_STARTUP=TRUE
+AFT_DME2_DISABLE_PERSISTENT_CACHE=TRUE
+AFT_DME2_DISABLE_PERSISTENT_CACHE_LOAD=TRUE
+
+## SSL OPTIONAL ONLY IN DEVELOPMENT PC/Local... WHATEVER YOU DO, don't use this on any box than your local PC
+AFT_DME2_SSL_ENABLE=false
+# for when you turn on SSL... Only TLSv1.1+ is secure as of 2016
+AFT_DME2_SSL_WANT_CLIENT_AUTH=TRUE
+AFT_DME2_SSL_INCLUDE_PROTOCOLS=TLSv1.1,TLSv1.2
+AFT_DME2_SSL_VALIDATE_CERTS=FALSE
+AFT_DME2_CLIENT_IGNORE_SSL_CONFIG=false
+
+## Extra CA Trusts, for Certifiate Manager to build truststore with external CAs
+cm_trust_cas=VerisignG3_CA.cer;VerisignG4_CA.cer;VerisignG5_CA.cer
diff --git a/authz-service/src/main/resources/etc/com.osaaf.props b/authz-service/src/main/resources/etc/com.osaaf.props
new file mode 100644
index 00000000..24a0add7
--- /dev/null
+++ b/authz-service/src/main/resources/etc/com.osaaf.props
@@ -0,0 +1,9 @@
+############################################################
+# Initial File for Generating
+#   on 2016-10-26T06:56:19.905-0500
+# @copyright 2016, AT&T
+############################################################
+cm_url=https://<certificate manager host>:8150
+hostname=localhost
+cadi_x509_issuers=CN=ATT CADI Issuing CA - Test 01, OU=CSO, O=ATT, C=US
+#cadi_keyfile=keyfile