From 4ac37bffd664bbc2d6d419d9420393193573320d Mon Sep 17 00:00:00 2001 From: Instrumental Date: Wed, 10 Apr 2019 13:01:30 -0500 Subject: switch Internal/External Locator Names for Dublin Issue-ID: AAF-808 Change-Id: If7c600cddef0f7d0fce1a8f7b1518d9ffe0983fe Signed-off-by: Instrumental --- .../org/onap/aaf/auth/direct/DirectAAFLocator.java | 7 ++- .../org/onap/aaf/auth/cmd/test/perm/JU_Create.java | 6 +- .../main/java/org/onap/aaf/auth/gui/AAF_GUI.java | 2 +- .../java/org/onap/aaf/auth/gui/pages/NsDetail.java | 12 ++-- .../java/org/onap/aaf/auth/locate/AAF_Locate.java | 13 ++++- auth/docker/.gitignore | 1 + auth/helm/aaf-hello/templates/aaf-hello.yaml | 45 ++++++++------- auth/helm/aaf-hello/values.yaml | 10 +++- auth/helm/aaf/templates/aaf-cm.yaml | 4 ++ auth/helm/aaf/templates/aaf-fs.yaml | 4 ++ auth/helm/aaf/templates/aaf-gui.yaml | 4 ++ auth/helm/aaf/templates/aaf-locate.yaml | 4 ++ auth/helm/aaf/templates/aaf-oauth.yaml | 4 ++ auth/helm/aaf/templates/aaf-service.yaml | 14 +++-- auth/helm/aaf/values.yaml | 6 ++ auth/sample/bin/client.sh | 66 +++++++++++----------- auth/sample/bin/service.sh | 4 +- auth/sample/local/initialConfig.props | 29 +++++----- 18 files changed, 139 insertions(+), 96 deletions(-) (limited to 'auth') diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java index 81debc05..bd77bee6 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java @@ -73,8 +73,11 @@ public class DirectAAFLocator extends AbsAAFLocator { } try { - RegistrationPropHolder rph = new RegistrationPropHolder(access,0); - String aaf_url = rph.replacements(getClass().getSimpleName(),"https://"+Config.AAF_LOCATE_URL_TAG+"/%CNS."+name, null,null); + String aaf_url = access.getProperty(Config.AAF_URL, null); + if(aaf_url==null) { + RegistrationPropHolder rph = new RegistrationPropHolder(access,0); + aaf_url = rph.replacements(getClass().getSimpleName(),"https://"+Config.AAF_LOCATE_URL_TAG+"/%NS."+name, null,null); + } //access.getProperty("/locate/"+name+':'+version; access.printf(Level.INIT,"Creating DirectAAFLocator to %s",aaf_url); uri = new URI(aaf_url); diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java index 7b0c1204..80c6d825 100644 --- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java +++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java @@ -25,10 +25,6 @@ package org.onap.aaf.auth.cmd.test.perm; import static org.mockito.Matchers.any; import static org.mockito.Mockito.when; -import org.junit.Before; - -import org.onap.aaf.auth.cmd.test.HMangrStub; - import java.io.ByteArrayOutputStream; import java.io.PrintStream; import java.io.Writer; @@ -36,6 +32,7 @@ import java.net.HttpURLConnection; import java.net.URI; import java.net.URISyntaxException; +import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; @@ -44,6 +41,7 @@ import org.mockito.runners.MockitoJUnitRunner; import org.onap.aaf.auth.cmd.AAFcli; import org.onap.aaf.auth.cmd.ns.Create; import org.onap.aaf.auth.cmd.ns.NS; +import org.onap.aaf.auth.cmd.test.HMangrStub; import org.onap.aaf.auth.env.AuthzEnv; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.Locator; diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java index d8e8914e..064a8a5c 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java @@ -128,7 +128,7 @@ public class AAF_GUI extends AbsService implements State { public Locator getGUILocator() throws LocatorException { if (gui_locator==null) { - gui_locator = AbsAAFLocator.create("AAF_NS.gui",Config.AAF_DEFAULT_API_VERSION); + RegistrationPropHolder rph; + try { + rph = new RegistrationPropHolder(access, 0); + } catch (UnknownHostException | CadiException e) { + throw new LocatorException(e); + } + gui_locator = AbsAAFLocator.create(rph.getPublicEntryName("gui", rph.default_container), + Config.AAF_DEFAULT_API_VERSION); } return gui_locator; } diff --git a/auth/docker/.gitignore b/auth/docker/.gitignore index 30b97d74..fb1f79ea 100644 --- a/auth/docker/.gitignore +++ b/auth/docker/.gitignore @@ -12,3 +12,4 @@ /*.jar /*.jks /sdnc +/working diff --git a/auth/helm/aaf-hello/templates/aaf-hello.yaml b/auth/helm/aaf-hello/templates/aaf-hello.yaml index 787f32d5..e19b5997 100644 --- a/auth/helm/aaf-hello/templates/aaf-hello.yaml +++ b/auth/helm/aaf-hello/templates/aaf-hello.yaml @@ -63,38 +63,37 @@ spec: name: aaf-hello-vol command: ["bash","-c","cd /opt/app/osaaf/local && /opt/app/aaf_config/bin/agent.sh place aaf@aaf.osaaf.org aaf-hello "] env: - - name: "AAF_ENV" + - name: aaf_env value: "{{ .Values.cadi.aaf_env }}" - - name: "AAF_FQDN" - value: "aaf-locate.{{ .Release.Namespace }}" + - name: cadi_latitude + value: "{{ .Values.cadi.cadi_latitude }}" + - name: cadi_longitude + value: "{{ .Values.cadi.cadi_longitude }}" + - name: aaf_locator_container + value: "helm" + - name: aaf_locator_container_ns + value: "{{ .Release.Namespace }}" + - name: aaf_locate_url + value: "https://aaf-locate.{{ .Release.Namespace }}:8095" + - name: aaf_locator_app_ns + value: "org.osaaf.aaf" - name: "APP_FQDN" value: "{{ .Values.cadi.fqdn }}" - name: "APP_FQI" value: "{{ .Values.cadi.fqi }}" - - name: "LATITUDE" - value: "{{ .Values.cadi.cadi_latitude }}" - - name: "LONGITUDE" - value: "{{ .Values.cadi.cadi_longitude }}" - name: "DEPLOY_FQI" value: "deployer@people.osaaf.org" - name: "DEPLOY_PASSWORD" value: "demo123456!" - - name: "aaf_locator_container" - value: "helm" - - name: "aaf_locator_port" - value: "{{ .Values.cadi.port }}" - - name: "aaf_locator_fqdn.helm" - value: "{{ .Values.cadi.fqdn }}.{{.Release.Namespace}}" - - name: "aaf_locator_public_hostname" - value: "{{ .Values.cadi.public_fqdn }}" - - name: "aaf_locator_public_port" - value: "{{ .Values.cadi.public_port }}" - - name: "aaf_locator_container_ns" - value: "{{ .Release.Namespace }}" - - name: "aaf_locator_name" - value: "{{.Values.cadi.app_ns}}.hello" - - name: "aaf_locator_name.helm" - value: "{{ .Release.Namespace}}.{{.Values.cadi.app_ns}}.hello" +# Hello specific. Clients don't necessarily need this + - name: aaf_locator_public_fqdn + value: "{{.Values.cadi.public_fqdn}}" + - name: aaf_locator_name + value: "{{.Values.cadi.aaf_locator_name}}" + - name: aaf_locator_name_helm + value: "{{.Values.cadi.aaf_locator_name_helm}}" + - name: aaf_locator_fqdn_helm + value: "%N.%CNS" ### ### AAF-HELLO diff --git a/auth/helm/aaf-hello/values.yaml b/auth/helm/aaf-hello/values.yaml index a4fd23c4..a695a456 100644 --- a/auth/helm/aaf-hello/values.yaml +++ b/auth/helm/aaf-hello/values.yaml @@ -33,11 +33,17 @@ cadi: fqdn: "aaf-hello" port: 8130 public_fqdn: "aaf.osaaf.org" +# DUBLIN ONLY - for M4 compatibility with Casablanca + aaf_locator_name: "public.%NS.%N" + aaf_locator_name_helm: "%NS.%N" +# EL ALTO and Beyond +# aaf_locator_name: "%NS.%N" +# aaf_locator_name_helm: "%CNS.%NS.%N" public_port: 30086 fqi: "aaf@aaf.osaaf.org" app_ns: "org.osaaf.aaf" - cadi_latitude: "38.0" - cadi_longitude: "-72.0" + cadi_latitude: 38.0 + cadi_longitude: -72.0 aaf_env: "DEV" persistence: {} diff --git a/auth/helm/aaf/templates/aaf-cm.yaml b/auth/helm/aaf/templates/aaf-cm.yaml index b64a968e..51b0043d 100644 --- a/auth/helm/aaf/templates/aaf-cm.yaml +++ b/auth/helm/aaf/templates/aaf-cm.yaml @@ -83,6 +83,10 @@ spec: value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}" - name: aaf_locator_public_fqdn value: "{{.Values.services.public_fqdn}}" + - name: aaf_locator_name + value: "{{.Values.services.aaf_locator_name}}" + - name: aaf_locator_name_helm + value: "{{.Values.services.aaf_locator_name_helm}}" - name: CASSANDRA_CLUSTER value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}" # - name: CASSANDRA_USER diff --git a/auth/helm/aaf/templates/aaf-fs.yaml b/auth/helm/aaf/templates/aaf-fs.yaml index 5adc1d62..f0c6e8e5 100644 --- a/auth/helm/aaf/templates/aaf-fs.yaml +++ b/auth/helm/aaf/templates/aaf-fs.yaml @@ -117,4 +117,8 @@ spec: value: "https://aaf-locate.onap:8095" - name: aaf_locator_public_fqdn value: "{{.Values.services.public_fqdn}}" + - name: aaf_locator_name + value: "{{.Values.services.aaf_locator_name}}" + - name: aaf_locator_name_helm + value: "{{.Values.services.aaf_locator_name_helm}}" diff --git a/auth/helm/aaf/templates/aaf-gui.yaml b/auth/helm/aaf/templates/aaf-gui.yaml index 758b6b27..a977a9b3 100644 --- a/auth/helm/aaf/templates/aaf-gui.yaml +++ b/auth/helm/aaf/templates/aaf-gui.yaml @@ -84,6 +84,10 @@ spec: value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}" - name: aaf_locator_public_fqdn value: "{{.Values.services.public_fqdn}}" + - name: aaf_locator_name + value: "{{.Values.services.aaf_locator_name}}" + - name: aaf_locator_name_helm + value: "{{.Values.services.aaf_locator_name_helm}}" - name: CASSANDRA_CLUSTER value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}" # - name: CASSANDRA_USER diff --git a/auth/helm/aaf/templates/aaf-locate.yaml b/auth/helm/aaf/templates/aaf-locate.yaml index a6a2e258..1f9bdc40 100644 --- a/auth/helm/aaf/templates/aaf-locate.yaml +++ b/auth/helm/aaf/templates/aaf-locate.yaml @@ -83,6 +83,10 @@ spec: value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}" - name: aaf_locator_public_fqdn value: "{{.Values.services.public_fqdn}}" + - name: aaf_locator_name + value: "{{.Values.services.aaf_locator_name}}" + - name: aaf_locator_name_helm + value: "{{.Values.services.aaf_locator_name_helm}}" - name: CASSANDRA_CLUSTER value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}" # - name: CASSANDRA_USER diff --git a/auth/helm/aaf/templates/aaf-oauth.yaml b/auth/helm/aaf/templates/aaf-oauth.yaml index 2e2acb4b..ff9a18dd 100644 --- a/auth/helm/aaf/templates/aaf-oauth.yaml +++ b/auth/helm/aaf/templates/aaf-oauth.yaml @@ -83,6 +83,10 @@ spec: value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}" - name: aaf_locator_public_fqdn value: "{{.Values.services.public_fqdn}}" + - name: aaf_locator_name + value: "{{.Values.services.aaf_locator_name}}" + - name: aaf_locator_name_helm + value: "{{.Values.services.aaf_locator_name_helm}}" - name: CASSANDRA_CLUSTER value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}" # - name: CASSANDRA_USER diff --git a/auth/helm/aaf/templates/aaf-service.yaml b/auth/helm/aaf/templates/aaf-service.yaml index a0935a65..be6e1c8b 100644 --- a/auth/helm/aaf/templates/aaf-service.yaml +++ b/auth/helm/aaf/templates/aaf-service.yaml @@ -66,22 +66,24 @@ spec: - mountPath: "/opt/app/osaaf" name: aaf-config-vol env: - - name: AAF_ENV + - name: aaf_env value: "{{ .Values.services.aaf_env }}" - - name: LATITUDE + - name: cadi_latitude value: "{{ .Values.services.cadi_latitude }}" - - name: LONGITUDE + - name: cadi_longitude value: "{{ .Values.services.cadi_longitude }}" - name: aaf_locator_container value: "helm" - name: aaf_locator_container_ns - valueFrom: - fieldRef: - fieldPath: metadata.namespace + value: "{{ .Release.Namespace }}" - name: aaf_locate_url value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}" - name: aaf_locator_public_fqdn value: "{{.Values.services.public_fqdn}}" + - name: aaf_locator_name + value: "{{.Values.services.aaf_locator_name}}" + - name: aaf_locator_name_helm + value: "{{.Values.services.aaf_locator_name_helm}}" - name: CASSANDRA_CLUSTER value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}" # - name: CASSANDRA_USER diff --git a/auth/helm/aaf/values.yaml b/auth/helm/aaf/values.yaml index 226f030c..c38bbdb5 100644 --- a/auth/helm/aaf/values.yaml +++ b/auth/helm/aaf/values.yaml @@ -30,6 +30,12 @@ services: ns: "onap" aaf_env: "DEV" public_fqdn: "aaf.osaaf.org" +# DUBLIN ONLY - for M4 compatibility with Casablanca + aaf_locator_name: "public.%NS.%N" + aaf_locator_name_helm: "%NS.%N" +# EL ALTO and Beyond +# aaf_locator_name: "%NS.%N" +# aaf_locator_name_helm: "%CNS.%NS.%N" cadi_latitude: "38.0" cadi_longitude: "-72.0" cass: diff --git a/auth/sample/bin/client.sh b/auth/sample/bin/client.sh index dde10720..0dff8037 100755 --- a/auth/sample/bin/client.sh +++ b/auth/sample/bin/client.sh @@ -76,41 +76,45 @@ function sso_encrypt() { $JAVA_CADI digest ${1} $DOT_AAF/keyfile } +if [ ! -e "$DOT_AAF/truststoreONAPall.jks" ]; then + mkdir -p $DOT_AAF + base64 -d $CONFIG/cert/truststoreONAPall.jks.b64 > $DOT_AAF/truststoreONAPall.jks +fi # Create Deployer Info, located at /root/.aaf if [ ! -e "$DOT_AAF/keyfile" ]; then - mkdir -p $DOT_AAF $JAVA_CADI keygen $DOT_AAF/keyfile chmod 400 $DOT_AAF/keyfile - echo cadi_latitude=${LATITUDE} > ${SSO} - echo cadi_longitude=${LONGITUDE} >> ${SSO} - echo aaf_id=${DEPLOY_FQI} >> ${SSO} + + # Add Deployer Creds to Root's SSO + DEPLOY_FQI="${DEPLOY_FQI:=$app_id}" + echo "aaf_id=${DEPLOY_FQI}" > ${SSO} if [ ! "${DEPLOY_PASSWORD}" = "" ]; then echo aaf_password=enc:$(sso_encrypt ${DEPLOY_PASSWORD}) >> ${SSO} fi - if [ ! -z "${aaf_locator_container}" ]; then - echo "aaf_locator_container=${aaf_locator_container}" >> ${SSO} - fi - if [ -z "${aaf_locator_container_ns}" ]; then - if [ !-z "${CONTAINER_NS}" ]; then - echo "aaf_locator_container_ns=${CONTAINER_NS}" >> ${SSO} - fi - else - echo "aaf_locator_container_ns=${aaf_locator_container_ns}" >> ${SSO} - fi - if [ ! -z "${AAF_ENV}" ]; then - echo "aaf_env=${AAF_ENV}" >> ${SSO} - fi - echo aaf_locate_url=https://${AAF_FQDN}:8095 >> ${SSO} - echo aaf_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:${AAF_INTERFACE_VERSION} >> ${SSO} + # Cover case where using app.props + aaf_locater_container_ns=${aaf_locator_container_ns:=$CONTAINER_NS} + + for E in $(env); do + if [ "${E:0:4}" = "aaf_" ] || [ "${E:0:5}" = "cadi_" ]; then + # Use Deployer ID in ${SSO} + if [ "app_id" != "${E%=*}" ]; then + S="${E/_helm/.helm}" + S="${S/_oom/.oom}" + echo "$S" >> ${SSO} + fi + fi + done - base64 -d $CONFIG/cert/truststoreONAPall.jks.b64 > $DOT_AAF/truststoreONAPall.jks echo "cadi_truststore=$DOT_AAF/truststoreONAPall.jks" >> ${SSO} echo cadi_truststore_password=enc:$(sso_encrypt changeit) >> ${SSO} echo "Caller Properties Initialized" INITIALIZED="true" fi +echo "cat SSO" +cat ${SSO} +echo "dog" # Only initialize once, automatically... if [ ! -e $LOCAL/${NS}.props ]; then @@ -133,28 +137,22 @@ if [ ! -e $LOCAL/${NS}.props ]; then echo "java -cp $(ls aaf-auth-cmd-*-full.jar) org.onap.aaf.cadi.aaf.TestConnectivity $NS.props" >> testConnectivity chmod ug+x agent cadi testConnectivity fi + echo "#### Create Configuration files " $JAVA_AGENT config $APP_FQI \ - aaf_url=https://AAF_LOCATE_URL/AAF_NS.locate:${AAF_INTERFACE_VERSION} \ - cadi_etc_dir=$LOCAL -# Grab all properties passed in that start with "aaf_" or "cadi_" - for E in $(env); do - if [[ $E == aaf_* ]] || [[ $E == cadi_* ]]; then - if [ -z "$(grep $E $LOCAL/$NS.props)" ]; then - echo "${E}" >> $LOCAL/$NS.props - fi - fi - done + cadi_etc_dir=$LOCAL \ + cadi_prop_files=$SSO + #aaf_url=https://AAF_LOCATE_URL/AAF_NS.locate:${AAF_INTERFACE_VERSION} cat $LOCAL/$NS.props echo echo "#### Certificate Authorization Artifact" - TMP=$(mktemp) + # TMP=$(mktemp) + TMP=$LOCAL/agent.log $JAVA_AGENT read ${APP_FQI} ${APP_FQDN} \ cadi_prop_files=${SSO} \ - cadi_etc_dir=$LOCAL > $TMP - cat $TMP - echo + cadi_etc_dir=$LOCAL | tee $TMP + if [ -n "$(grep 'Namespace:' $TMP)" ]; then echo "#### Place Certificates (by deployer)" $JAVA_AGENT place ${APP_FQI} ${APP_FQDN} \ diff --git a/auth/sample/bin/service.sh b/auth/sample/bin/service.sh index 2b964b1c..54a1cc58 100644 --- a/auth/sample/bin/service.sh +++ b/auth/sample/bin/service.sh @@ -135,7 +135,9 @@ if [ ! -e $LOCAL/org.osaaf.aaf.props ]; then echo aaf_locate_url=${AAF_LOCATE_URL} >> ${TMP} for P in `env`; do if [[ "$P" == aaf_locator* ]]; then - echo "$P" >> ${TMP} + S="${P/_helm/.helm}" + S="${S/_oom/.oom}" + echo "$S" >> ${TMP} fi done diff --git a/auth/sample/local/initialConfig.props b/auth/sample/local/initialConfig.props index 6ea1d537..8b01d951 100644 --- a/auth/sample/local/initialConfig.props +++ b/auth/sample/local/initialConfig.props @@ -17,8 +17,6 @@ # limitations under the License. # ============LICENSE_END==================================================== # -cadi_protocols=TLSv1.1,TLSv1.2 - ################################ # Locator info # @@ -31,20 +29,21 @@ cadi_protocols=TLSv1.1,TLSv1.2 aaf_locator_app_ns=%AAF_NS aaf_locator_name=%NS.%N aaf_locator_name.docker=%CNS.%NS.%N -aaf_locator_name.helm=%CNS.%NS.%N -aaf_locator_name.oom=%CNS%.%NS.%N +aaf_root_ns=org.osaaf.aaf + +# Dublin +aaf_locator_name.oom=%NS.%N +aaf_locator_name.helm=%NS.%N +aaf_locator_public_name.oom=public.%NS.%N +aaf_locator_public_name.helm=public.%NS.%N + +# EL Alto and beyond +# aaf_locator_name.oom=%CNS.%NS.%N +# aaf_locator_name.helm=%CNS.%NS.%N + aaf_locator_fqdn.docker=aaf-%N aaf_locator_fqdn.helm=aaf-%N.%CNS aaf_locator_fqdn.oom=aaf-%N.%CNS -################################ -# AAF URLs -################################ -aaf_locate_url=https://localhost:8095 -aaf_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:2.1 -aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.oauth:2.1/introspect -aaf_oauth2_token_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.oauth:2.1/token -cm_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1 -gui_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui.2.1 -fs_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs.2.1 - +# initial trusted CAs +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US -- cgit 1.2.3-korg