From e2fa0e67712b92c69f6863afe10c1c973a068e3e Mon Sep 17 00:00:00 2001
From: Instrumental <jonathan.gathman@att.com>
Date: Thu, 7 Feb 2019 11:09:32 -0600
Subject: Add Batch in Config image

Change Images to run as aaf

Issue-ID: AAF-740
Change-Id: If5b8583dc19ac4095ba9b25715e9330d2a0ed5fc
Signed-off-by: Instrumental <jonathan.gathman@att.com>
---
 auth/auth-batch/pom.xml                            |  2 +-
 .../onap/aaf/auth/batch/reports/PrepExtend.java    |  2 +-
 .../aaf/auth/batch/update/NotifyApprovals.java     | 19 ++++++-----
 .../org/onap/aaf/auth/org/OrganizationFactory.java | 12 +++++++
 .../onap/aaf/auth/server/AbsServiceStarter.java    |  8 +++--
 .../onap/aaf/auth/server/JettyServiceStarter.java  |  2 +-
 .../aaf/auth/org/test/JU_OrganizationFactory.java  | 15 ++++++---
 .../aaf/auth/server/test/JU_AbsServiceStarter.java |  2 +-
 auth/docker/Dockerfile.base                        |  1 +
 auth/docker/Dockerfile.client                      |  2 ++
 auth/docker/Dockerfile.config                      |  6 ++--
 auth/docker/Dockerfile.core                        |  1 +
 auth/docker/Dockerfile.ms                          |  1 +
 auth/docker/README.txt                             |  6 ++++
 auth/docker/aaf.sh                                 |  5 +++
 auth/docker/dbuild.sh                              |  3 +-
 auth/docker/drun.sh                                |  1 +
 auth/sample/bin/service.sh                         | 12 ++++---
 auth/sample/local/org.osaaf.aaf.batch.props        | 38 ++++++++++++++++++++++
 19 files changed, 111 insertions(+), 27 deletions(-)
 create mode 100644 auth/sample/local/org.osaaf.aaf.batch.props

diff --git a/auth/auth-batch/pom.xml b/auth/auth-batch/pom.xml
index 1994d9e8..fb32d2de 100644
--- a/auth/auth-batch/pom.xml
+++ b/auth/auth-batch/pom.xml
@@ -226,7 +226,7 @@
 					<classifier>tests</classifier>
 					<archive>
 						<manifest>
-							<mainClass>org.onap.aaf.auth.Batch</mainClass>
+							<mainClass>org.onap.aaf.auth.batch.Batch</mainClass>
 						</manifest>
 						<manifestEntries>
 							<Sealed>true</Sealed>
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/PrepExtend.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/PrepExtend.java
index 3e0dd011..d0eab007 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/PrepExtend.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/PrepExtend.java
@@ -82,7 +82,7 @@ public class PrepExtend extends Batch {
 		Date now = gc.getTime();
 		
 		int ifrom = 0;
-		int ito = 0;
+		int ito = 4;
 		
 		for(int i=0; i< args().length;++i) {
 			switch(args()[i]) {
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/NotifyApprovals.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/NotifyApprovals.java
index c88eecde..4acf269d 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/NotifyApprovals.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/NotifyApprovals.java
@@ -43,9 +43,12 @@ import org.onap.aaf.auth.dao.cass.FutureDAO;
 import org.onap.aaf.auth.dao.cass.HistoryDAO;
 import org.onap.aaf.auth.env.AuthzTrans;
 import org.onap.aaf.auth.org.Organization;
+import org.onap.aaf.auth.org.Organization.Identity;
 import org.onap.aaf.auth.org.OrganizationException;
 import org.onap.aaf.auth.org.OrganizationFactory;
-import org.onap.aaf.auth.org.Organization.Identity;
+import org.onap.aaf.cadi.Access;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.config.RegistrationPropHolder;
 import org.onap.aaf.misc.env.APIException;
 import org.onap.aaf.misc.env.util.Chrono;
 
@@ -59,9 +62,11 @@ public class NotifyApprovals extends Batch {
     private final PrintStream ps;
     private final AuthzTrans noAvg;
 
-    public NotifyApprovals(AuthzTrans trans) throws APIException, IOException, OrganizationException {
+    public NotifyApprovals(AuthzTrans trans) throws APIException, IOException, OrganizationException, CadiException {
         super(trans.env());
-        
+        Access access = trans.env().access();
+        RegistrationPropHolder rph = new RegistrationPropHolder(access, 0);
+        String guiURL = rph.replacements(access.getProperty(GUI_URL,"https://%P/gui"),"","");
         noAvg = env.newTransNoAvg();
         noAvg.setUser(new BatchPrincipal("batch:NotifyApprovals"));
 
@@ -77,13 +82,11 @@ public class NotifyApprovals extends Batch {
             maxEmails = Integer.parseInt(trans.getProperty("MAX_EMAILS","3"));
         }
         email.subject("AAF Approval Notification (ENV: %s)",batchEnv);
-        email.preamble("AAF (MOTS 22830) is the AT&T Authorization System used by many AT&T Tools and Applications." +
+        email.preamble("AAF is the ONAP Authorization System." +
                 "\n  Your approval is required, which you may enter on the following page:"
                 + "\n\n\t%s/approve\n\n"
-                ,env.getProperty(GUI_URL));
-        email.signature("Sincerely,\nAAF Team (Our MOTS# 22830)\n"
-                + "https://wiki.web.att.com/display/aaf/Contact+Us\n"
-                + "(Use 'Other Misc Requests (TOPS)')");
+                ,guiURL);
+        email.signature("Sincerely,\nAAF Team\n");
 
         Approval.load(trans, session, Approval.v2_0_17);
         Future.load(trans, session, Future.v2_0_17); // Skip the Construct Data
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java
index 33201864..40c8c2d3 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java
@@ -28,6 +28,7 @@ import java.util.Map.Entry;
 import java.util.concurrent.ConcurrentHashMap;
 
 import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.cadi.config.Config;
 import org.onap.aaf.cadi.util.FQI;
 import org.onap.aaf.cadi.util.Split;
 import org.onap.aaf.misc.env.Env;
@@ -62,6 +63,17 @@ public class OrganizationFactory {
                 }
             }
         }
+        if(firstOrg==null) { // attempt to load DefaultOrg
+        	try {
+				Class<?> cls = Class.forName("org.onap.aaf.org.DefaultOrg");
+				@SuppressWarnings("unchecked")
+				Constructor<Organization> cnst = (Constructor<Organization>)cls.getConstructor(Env.class,String.class);
+				String realm = env.getProperty(Config.AAF_DEFAULT_REALM,"people.osaaf.org");
+				defaultOrg = cnst.newInstance(env,realm);
+			} catch (ClassNotFoundException | InstantiationException | IllegalAccessException | NoSuchMethodException | SecurityException | IllegalArgumentException | InvocationTargetException e) {
+	        	throw new OrganizationException("At least one Organization must be defined",e);
+			}
+        }
         if (defaultOrg == null) {
             defaultOrg = firstOrg;
         }
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java
index 8f0eb8aa..1bc367e6 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java
@@ -41,13 +41,15 @@ public abstract class AbsServiceStarter<ENV extends RosettaEnv, TRANS extends Tr
     protected AbsService<ENV,TRANS> service;
 
 
-    public AbsServiceStarter(final AbsService<ENV,TRANS> service) {
+    public AbsServiceStarter(final AbsService<ENV,TRANS> service, boolean noexit) {
         this.service = service;
         try {
             OrganizationFactory.init(service.env);
         } catch (OrganizationException e) {
-            service.access.log(e, "Missing defined Organzation Plugins");
-            System.exit(3);
+            service.access.log(e, "Missing defined Organization Plugins");
+            if(!noexit) {
+            	System.exit(3);
+            }
         }
         // do_register - this is used for specialty Debug Situations.  Developer can create an Instance for a remote system
         // for Debugging purposes without fear that real clients will start to call your debug instance
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java
index 413b7919..98503d11 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java
@@ -59,7 +59,7 @@ public class JettyServiceStarter<ENV extends RosettaEnv, TRANS extends Trans> ex
     private boolean secure;
 
     public JettyServiceStarter(final AbsService<ENV,TRANS> service) throws OrganizationException {
-        super(service);
+        super(service,false);
         secure = true;
     }
     
diff --git a/auth/auth-core/src/test/java/org/onap/aaf/auth/org/test/JU_OrganizationFactory.java b/auth/auth-core/src/test/java/org/onap/aaf/auth/org/test/JU_OrganizationFactory.java
index 5124a506..36d071fd 100644
--- a/auth/auth-core/src/test/java/org/onap/aaf/auth/org/test/JU_OrganizationFactory.java
+++ b/auth/auth-core/src/test/java/org/onap/aaf/auth/org/test/JU_OrganizationFactory.java
@@ -22,20 +22,22 @@
 
 package org.onap.aaf.auth.org.test;
 
+import static org.mockito.Mockito.mock;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
-import static org.mockito.Mockito.mock;
 import org.onap.aaf.auth.env.AuthzEnv;
 import org.onap.aaf.auth.env.AuthzTrans;
 import org.onap.aaf.auth.org.OrganizationException;
 import org.onap.aaf.auth.org.OrganizationFactory;
-import org.onap.aaf.misc.env.APIException;
 import org.onap.aaf.misc.env.impl.BasicEnv;
 import org.powermock.api.mockito.PowerMockito;
 import org.powermock.modules.junit4.PowerMockRunner;
 
+import junit.framework.Assert;
+
 @RunWith(PowerMockRunner.class)
 public class JU_OrganizationFactory {
     private static final String ORG_SLOT = null;
@@ -53,8 +55,13 @@ public class JU_OrganizationFactory {
 
     @SuppressWarnings("static-access")
     @Test
-    public void testInit() throws OrganizationException {
-        organizationFactory.init(bEnv);
+    public void testInit() {
+    	try { 
+    		organizationFactory.init(bEnv);
+    		Assert.fail("Expect an exception");
+    	} catch (OrganizationException e) {
+    		Assert.assertEquals("At least one Organization must be defined", e.getMessage());
+    	}
     }
 
     @SuppressWarnings("static-access")                //TODO:Fix this once real input is available AAF-111
diff --git a/auth/auth-core/src/test/java/org/onap/aaf/auth/server/test/JU_AbsServiceStarter.java b/auth/auth-core/src/test/java/org/onap/aaf/auth/server/test/JU_AbsServiceStarter.java
index 2fa9e123..04d58d6b 100644
--- a/auth/auth-core/src/test/java/org/onap/aaf/auth/server/test/JU_AbsServiceStarter.java
+++ b/auth/auth-core/src/test/java/org/onap/aaf/auth/server/test/JU_AbsServiceStarter.java
@@ -76,7 +76,7 @@ public class JU_AbsServiceStarter {
     private class AbsServiceStarterStub extends AbsServiceStarter {
 
         public AbsServiceStarterStub(AbsService service) {
-            super(service);
+            super(service, true);
             // TODO Auto-generated constructor stub
         }
 
diff --git a/auth/docker/Dockerfile.base b/auth/docker/Dockerfile.base
index 623d18d4..1d74362d 100644
--- a/auth/docker/Dockerfile.base
+++ b/auth/docker/Dockerfile.base
@@ -23,4 +23,5 @@ MAINTAINER AAF Team, AT&T 2018
 LABEL description="aaf_base"
 RUN apk add --no-cache bash
 RUN apk add --no-cache openssl
+RUN addgroup aaf && adduser aaf -G aaf -D -s /bin/bash
 
diff --git a/auth/docker/Dockerfile.client b/auth/docker/Dockerfile.client
index c2e1d787..f662aace 100644
--- a/auth/docker/Dockerfile.client
+++ b/auth/docker/Dockerfile.client
@@ -31,4 +31,6 @@ COPY bin/aaf-auth-cmd-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/
 COPY bin/aaf-cadi-servlet-sample-*-sample.jar /opt/app/aaf_config/bin/
 COPY cert/*trust*.b64 /opt/app/aaf_config/cert/
 
+RUN chown -R aaf:aaf /opt/app/aaf_config
+
 CMD ["/bin/bash","-c","/opt/app/aaf_config/bin/agent.sh"]
diff --git a/auth/docker/Dockerfile.config b/auth/docker/Dockerfile.config
index d1b6b237..ca3df765 100644
--- a/auth/docker/Dockerfile.config
+++ b/auth/docker/Dockerfile.config
@@ -35,7 +35,9 @@ COPY logs /opt/app/aaf_config/logs
 COPY bin/service.sh /opt/app/aaf_config/bin/agent.sh
 COPY bin/pod_wait.sh /opt/app/aaf_config/bin/
 COPY bin/aaf-auth-cmd-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/
- 
+COPY bin/aaf-auth-batch-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/
+
+RUN chown -R aaf:aaf /opt/app/aaf_config && mkdir /opt/app/osaaf && chown aaf:aaf /opt/app/osaaf
+
 CMD ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"]
-#CMD ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"]
 CMD []
diff --git a/auth/docker/Dockerfile.core b/auth/docker/Dockerfile.core
index a15039aa..7237a00d 100644
--- a/auth/docker/Dockerfile.core
+++ b/auth/docker/Dockerfile.core
@@ -30,4 +30,5 @@ COPY lib /opt/app/aaf/lib
 COPY bin /opt/app/aaf/bin
 COPY theme /opt/app/aaf/theme
 
+RUN chown -R aaf:aaf /opt/app/aaf
 
diff --git a/auth/docker/Dockerfile.ms b/auth/docker/Dockerfile.ms
index 1eee1eec..222816c6 100644
--- a/auth/docker/Dockerfile.ms
+++ b/auth/docker/Dockerfile.ms
@@ -25,6 +25,7 @@ LABEL description="aaf_${AAF_COMPONENT}"
 LABEL version=${AAF_VERSION}
  
 COPY bin/pod_wait.sh /opt/app/aaf/bin/
+RUN mkdir /opt/app/osaaf && chown aaf:aaf /opt/app/osaaf && chown -R aaf:aaf /opt/app/aaf/bin
 
 #CMD ["bash","-c","cd /opt/app/aaf;bin/${AAF_COMPONENT}"]
 CMD []
diff --git a/auth/docker/README.txt b/auth/docker/README.txt
index f0d5ca57..d81fec84 100644
--- a/auth/docker/README.txt
+++ b/auth/docker/README.txt
@@ -57,3 +57,9 @@ bash drun.sh
 # watch logs in Agent Window
 cd ../logs
 sh taillog
+
+
+#Running as ROOT
+# docker gets the non-root user in its config during kubernetes 
+# install
https://git.onap.org/logging-analytics/tree/deploy/rancher/oom_rancher_setup.sh#n90

+# sudo usermod -aG docker $USERNAME
where $USERNAME can be ubuntu
diff --git a/auth/docker/aaf.sh b/auth/docker/aaf.sh
index 3ed7eafb..a039be8a 100644
--- a/auth/docker/aaf.sh
+++ b/auth/docker/aaf.sh
@@ -22,10 +22,15 @@
 . ./d.props
 
 DOCKER=${DOCKER:=docker}
+# if something, may not want CASS attached all the tim
+LINKS="--link $CASSANDRA_DOCKER"
+
 function run_it() {
   $DOCKER run $@ \
+    --user aaf \
     -v "aaf_config:$CONF_ROOT_DIR" \
     -v "aaf_status:/opt/app/aaf/status" \
+    $LINKS \
     --env aaf_locator_container=docker \
     --env aaf_locator_fqdn=${HOSTNAME} \
     --env aaf_locate_url=https://aaf-locate:8095 \
diff --git a/auth/docker/dbuild.sh b/auth/docker/dbuild.sh
index 924feea0..fd59ed49 100755
--- a/auth/docker/dbuild.sh
+++ b/auth/docker/dbuild.sh
@@ -47,6 +47,7 @@ rm Dockerfile
 # Create the AAF Config (Security) Images
 cd ..
 cp auth-cmd/target/aaf-auth-cmd-$VERSION-full.jar sample/bin
+cp auth-batch/target/aaf-auth-batch-$VERSION-full.jar sample/bin
 cp -Rf ../conf/CA sample
 
 
@@ -70,7 +71,7 @@ $DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/$
 $DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:latest
 
 # Clean up 
-rm sample/Dockerfile sample/bin/aaf-auth-cmd-${VERSION}-full.jar sample/bin/aaf-cadi-servlet-sample-${VERSION}-sample.jar 
+rm sample/Dockerfile sample/bin/aaf-*-${VERSION}-full.jar sample/bin/aaf-cadi-servlet-sample-${VERSION}-sample.jar 
 rm -Rf sample/CA
 cd -
 
diff --git a/auth/docker/drun.sh b/auth/docker/drun.sh
index 32660760..6fc3a9a6 100644
--- a/auth/docker/drun.sh
+++ b/auth/docker/drun.sh
@@ -94,6 +94,7 @@ for AAF_COMPONENT in ${AAF_COMPONENTS}; do
     #	$ADD_HOST \
     $DOCKER run  \
         -d \
+        --user aaf \
         --name aaf-$AAF_COMPONENT \
         ${LINKS} \
         --env AAF_ENV=${AAF_ENV} \
diff --git a/auth/sample/bin/service.sh b/auth/sample/bin/service.sh
index 75d658d1..df8a744a 100644
--- a/auth/sample/bin/service.sh
+++ b/auth/sample/bin/service.sh
@@ -32,6 +32,7 @@ CONFIG=/opt/app/aaf_config
 JAVA_CADI="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar org.onap.aaf.cadi.CmdLine" 
 JAVA_AGENT="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar -Dcadi_prop_files=$LOCAL/org.osaaf.aaf.props org.onap.aaf.cadi.configure.Agent" 
 JAVA_AAFCLI="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar -Dcadi_prop_files=$LOCAL/org.osaaf.aaf.props org.onap.aaf.auth.cmd.AAFcli" 
+JAVA_AAFBATCH="$JAVA -Dcadi_prop_files=$LOCAL/org.osaaf.aaf.batch.props -jar $CONFIG/bin/aaf-auth-batch-*-full.jar"
 
 # If doesn't exist... still create
 mkdir -p $OSAAF
@@ -43,12 +44,13 @@ mkdir -p /opt/app/aaf/status
 FILE=
 
 # Setup Bash, first time only
-if [ ! -e "$HOME/.bash_aliases" ] || [ -z "$(grep cadi $HOME/.bash_aliases)" ]; then
-  echo "alias cadi='$JAVA_CADI \$*'" >>$HOME/.bash_aliases
-  echo "alias agent='$CONFIG/bin/agent.sh \$*'" >>$HOME/.bash_aliases
-  echo "alias aafcli='$JAVA_AAFCLI \$*'" >>$HOME/.bash_aliases
+if [ ! -e "$HOME/.bashrc" ] || [ -z "$(grep cadi $HOME/.bashrc)" ]; then
+  echo "alias cadi='$JAVA_CADI \$*'" >>$HOME/.bashrc
+  echo "alias agent='$CONFIG/bin/agent.sh \$*'" >>$HOME/.bashrc
+  echo "alias aafcli='$JAVA_AAFCLI \$*'" >>$HOME/.bashrc
+  echo "alias batch='$JAVA_AAFBATCH \$*'" >>$HOME/.bashrc
   chmod a+x $CONFIG/bin/agent.sh
-  . $HOME/.bash_aliases
+  . $HOME/.bashrc
 fi
 
 # Only load Identities once
diff --git a/auth/sample/local/org.osaaf.aaf.batch.props b/auth/sample/local/org.osaaf.aaf.batch.props
new file mode 100644
index 00000000..7572af0a
--- /dev/null
+++ b/auth/sample/local/org.osaaf.aaf.batch.props
@@ -0,0 +1,38 @@
+#########
+#  ============LICENSE_START====================================================
+#  org.onap.aaf
+#  ===========================================================================
+#  Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
+#  ===========================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#  ============LICENSE_END====================================================
+#
+# Container based Batch Properties
+#
+# Common Properties, including Cassandra, RootNS and GPS coords
+cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/local/org.osaaf.aaf.location.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props
+
+DRY_RUN=false
+
+LOG_DIR=/opt/app/osaaf/logs/batch
+SPECIAL_NAMES=aaf@aaf.osaaf.org
+GUI_URL=https://$PH/gui
+# MAX_EMAILS=3
+# Put any IDs that are critical to the system, and/or might in any way be removed by 
+# Organization rules
+# Example: The AAF ID, any special Test IDs that aren't in the Organization
+# ID Set.
+
+ALERT_TO_ADDRESS=DL-aaf-support@att.com
+
+
-- 
cgit 1.2.3-korg