From b3a6814af9ab63fa59d0233f5d2ebb032f0b1597 Mon Sep 17 00:00:00 2001
From: Instrumental <jonathan.gathman@att.com>
Date: Wed, 24 Jul 2019 14:42:22 -0500
Subject: update Agent for Helm

Issue-ID: AAF-904
Change-Id: I015cd19dcf95d1edfd86542750acc95447726120
Signed-off-by: Instrumental <jonathan.gathman@att.com>
---
 .../java/org/onap/aaf/auth/cm/service/CMService.java     | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'auth/auth-certman')

diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
index 6ebcadac..26b3a22a 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
@@ -90,6 +90,7 @@ public class CMService {
     private final ArtiDAO artiDAO;
     private AAF_CM certManager;
 	private Boolean allowIgnoreIPs;
+	private Boolean alwaysIgnoreIPs;
 
     // @SuppressWarnings("unchecked")
     public CMService(final AuthzTrans trans, AAF_CM certman) throws APIException, IOException {
@@ -110,9 +111,14 @@ public class CMService {
                 "*",
                 "read"
         );
-        allowIgnoreIPs = Boolean.valueOf(certman.access.getProperty(Config.CM_ALLOW_IGNORE_IPS, "false"));
-        if(allowIgnoreIPs) {
-            trans.env().access().log(Level.INIT, "Allowing DNS Evaluation to be turned off with <ns>.certman|<ca name>|"+IGNORE_IPS);
+        alwaysIgnoreIPs = Boolean.valueOf(certman.access.getProperty(Config.CM_ALWAYS_IGNORE_IPS, "false"));
+        if(alwaysIgnoreIPs) {
+        	trans.env().access().log(Level.INIT, "DNS Evaluation for Cert Creation is turned off with " + Config.CM_ALWAYS_IGNORE_IPS );
+        } else {
+	        allowIgnoreIPs = Boolean.valueOf(certman.access.getProperty(Config.CM_ALLOW_IGNORE_IPS, "false"));
+	        if(allowIgnoreIPs) {
+	            trans.env().access().log(Level.INIT, "Allowing DNS Evaluation to be turned off with <ns>.certman|<ca name>|"+IGNORE_IPS);
+	        }
         }
     }
 
@@ -140,7 +146,9 @@ public class CMService {
                 Organization org = trans.org();
 
                 boolean ignoreIPs;
-                if(allowIgnoreIPs) {
+                if(alwaysIgnoreIPs) {
+                	ignoreIPs=true;
+                } else if(allowIgnoreIPs) {
                 	ignoreIPs = trans.fish(new AAFPermission(mechNS,CERTMAN, ca.getName(), IGNORE_IPS));
                 } else {
                 	ignoreIPs = false;
-- 
cgit 1.2.3-korg