From bd890c575163e4d87ac24198b9c68a39cf4bbc4d Mon Sep 17 00:00:00 2001 From: sg481n Date: Mon, 28 Aug 2017 12:11:35 -0400 Subject: Update project structure to org.onap.aaf Update project structure of authz module in aaf from com.att to org.onap.aaf and add distribution management and repositories. Issue-id: AAF-21 Change-Id: Ia2486954e99f2bd60f18122ed60d32d5590781e9 Signed-off-by: sg481n --- authz-service/src/main/resources/authAPI.props | 24 ++ .../src/main/resources/docker-compose/aafcli.sh | 9 + .../main/resources/docker-compose/data/ecomp.cql | 169 ++++++++++++++ .../resources/docker-compose/data/identities.dat | 7 + .../resources/docker-compose/data/identities.idx | Bin 0 -> 56 bytes .../main/resources/docker-compose/data/init.cql | 242 +++++++++++++++++++++ .../resources/docker-compose/data2/identities.dat | 9 + .../resources/docker-compose/docker-compose.yml | 58 +++++ .../resources/docker-compose/old/dme2-3.1.200.jar | Bin 0 -> 21798449 bytes .../src/main/resources/docker-compose/runaafcli.sh | 9 + .../main/resources/docker-compose/startupaaf.sh | 32 +++ .../src/main/resources/docker-compose/sysctl.conf | 3 + .../resources/docker-compose/wait_for_host_port.sh | 17 ++ 13 files changed, 579 insertions(+) create mode 100644 authz-service/src/main/resources/authAPI.props create mode 100644 authz-service/src/main/resources/docker-compose/aafcli.sh create mode 100644 authz-service/src/main/resources/docker-compose/data/ecomp.cql create mode 100644 authz-service/src/main/resources/docker-compose/data/identities.dat create mode 100644 authz-service/src/main/resources/docker-compose/data/identities.idx create mode 100644 authz-service/src/main/resources/docker-compose/data/init.cql create mode 100644 authz-service/src/main/resources/docker-compose/data2/identities.dat create mode 100644 authz-service/src/main/resources/docker-compose/docker-compose.yml create mode 100644 authz-service/src/main/resources/docker-compose/old/dme2-3.1.200.jar create mode 100644 authz-service/src/main/resources/docker-compose/runaafcli.sh create mode 100644 authz-service/src/main/resources/docker-compose/startupaaf.sh create mode 100644 authz-service/src/main/resources/docker-compose/sysctl.conf create mode 100644 authz-service/src/main/resources/docker-compose/wait_for_host_port.sh (limited to 'authz-service/src/main/resources') diff --git a/authz-service/src/main/resources/authAPI.props b/authz-service/src/main/resources/authAPI.props new file mode 100644 index 00000000..6bc78699 --- /dev/null +++ b/authz-service/src/main/resources/authAPI.props @@ -0,0 +1,24 @@ +## +## AUTHZ API (authz-service) Properties +## + +hostname=_HOSTNAME_ + +## DISCOVERY (DME2) Parameters on the Command Line +AFT_LATITUDE=_AFT_LATITUDE_ +AFT_LONGITUDE=_AFT_LONGITUDE_ +AFT_ENVIRONMENT=_AFT_ENVIRONMENT_ +DEPLOYED_VERSION=_ARTIFACT_VERSION_ + +## Pull in common/security properties + +cadi_prop_files=_COMMON_DIR_/com.att.aaf.common.props;_COMMON_DIR_/com.att.aaf.props + +##DME2 related parameters + +DMEServiceName=service=com.att.authz.AuthorizationService/version=_MAJOR_VER_._MINOR_VER_._PATCH_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_ +AFT_DME2_PORT_RANGE=_AUTHZ_SERVICE_PORT_RANGE_ + + +CACHE_HIGH_COUNT=20000 +CACHE_CLEAN_INTERVAL=60000 \ No newline at end of file diff --git a/authz-service/src/main/resources/docker-compose/aafcli.sh b/authz-service/src/main/resources/docker-compose/aafcli.sh new file mode 100644 index 00000000..89e9a4ea --- /dev/null +++ b/authz-service/src/main/resources/docker-compose/aafcli.sh @@ -0,0 +1,9 @@ +DIR=`pwd` +DME2REG=$DIR/../dme2reg +CLASSPATH=etc:target/authz-cmd-2.0.15-jar-with-dependencies.jar + +java -cp $CLASSPATH \ + -Dcadi_prop_files=../authz-service/src/main/sample/authAPI.props \ + -DDME2_EP_REGISTRY_CLASS=DME2FS -DAFT_DME2_EP_REGISTRY_FS_DIR=$DME2REG \ + com.att.cmd.AAFcli $* + diff --git a/authz-service/src/main/resources/docker-compose/data/ecomp.cql b/authz-service/src/main/resources/docker-compose/data/ecomp.cql new file mode 100644 index 00000000..6fddf650 --- /dev/null +++ b/authz-service/src/main/resources/docker-compose/data/ecomp.cql @@ -0,0 +1,169 @@ +USE authz; + +// Create Root pass +INSERT INTO cred (id,ns,type,cred,expires) + VALUES ('dgl@openecomp.org','org.openecomp',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); + +INSERT INTO cred (id,ns,type,cred,expires) + VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); + +INSERT INTO cred (id,ns,type,cred,expires) + VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); + + +// Create 'com' root NS +INSERT INTO ns (name,scope,description,parent,type) + VALUES('com',1,'Root Namespace',null,1); + +INSERT INTO role(ns, name, perms, description) + VALUES('com','admin',{'com.access|*|*'},'Com Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('com','owner',{'com.access|*|read'},'Com Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('com','access','*','read',{'com.owner'},'Com Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('com','access','*','*',{'com.admin'},'Com Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','com.owner','2020-12-31','com','owner'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','com.admin','2020-12-31','com','admin'); + +// Create org root NS +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org',1,'Root Namespace Org',null,1); + +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org.openecomp.dcae',3,'DCAE Namespace Org','org.openecomp',3); + +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org.openecomp.dmaapBC',3,'DMaaP BC Namespace Org','org.openecomp',3); + +INSERT INTO role(ns, name, perms, description) + VALUES('org','admin',{'org.access|*|*'},'Com Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org','owner',{'org.access|*|read'},'Com Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org','access','*','read',{'org.owner'},'Com Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org','access','*','*',{'org.admin'},'Com Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.owner','2020-12-31','org','owner'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.admin','2020-12-31','org','admin'); + + +// Create com.att + +INSERT INTO ns (name,scope,description,parent,type) + VALUES('com.att',2,'AT&T Namespace','com',2); + +INSERT INTO role(ns, name, perms,description) + VALUES('com.att','admin',{'com.att.access|*|*'},'AT&T Admins'); + +INSERT INTO role(ns, name, perms,description) + VALUES('com.att','owner',{'com.att.access|*|read'},'AT&T Owners'); + +INSERT INTO perm(ns, type, instance, action, roles,description) + VALUES ('com.att','access','*','read',{'com.att.owner'},'AT&T Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles,description) + VALUES ('com.att','access','*','*',{'com.att.admin'},'AT&T Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','com.att.owner','2020-12-31','com.att','owner'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','com.att.admin','2020-12-31','com.att','admin'); + +// Create com.att.aaf + +INSERT INTO ns (name,scope,description,parent,type) + VALUES('com.att.aaf',3,'Application Authorization Framework','com.att',3); + +INSERT INTO role(ns, name, perms, description) + VALUES('com.att.aaf','admin',{'com.att.aaf.access|*|*'},'AAF Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('com.att.aaf','owner',{'com.att.aaf.access|*|read'},'AAF Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('com.att.aaf','access','*','read',{'com.att.aaf.owner'},'AAF Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('com.att.aaf','access','*','*',{'com.att.aaf.admin'},'AAF Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','com.att.aaf.admin','2020-12-31','com.att.aaf','admin'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','com.att.aaf.owner','2020-12-31','com.att.aaf','owner'); + + +// Create org.openecomp +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org.openecomp',2,'Open EComp NS','com.att',2); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.openecomp','admin',{'org.openecomp.access|*|*'},'OpenEcomp Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.openecomp','owner',{'org.openecomp.access|*|read'},'OpenEcomp Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.openecomp','access','*','read',{'org.openecomp.owner'},'OpenEcomp Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.openecomp','access','*','*',{'org.openecomp.admin'},'OpenEcomp Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.openecomp.admin','2020-12-31','org.openecomp','admin'); + +// Create org.openecomp.dmaapBC + +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org.openecomp.dmaapBC',3,'Application Authorization Framework','org.openecomp',3); + +//INSERT INTO role(ns, name, perms, description) +// VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*'},'AAF Admins'); + +INSERT INTO role(ns, name, perms, description) +VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.topicFactory|:org.openecomp.dmaapBC.topic:org.openecomp.dmaapBC|create','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins'); + +//INSERT INTO role(ns, name, perms, description) +//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub'},'AAF Admins'); + +//INSERT INTO role(ns, name, perms, description) +//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins'); + + + +INSERT INTO role(ns, name, perms, description) + VALUES('org.openecomp.dmaapBC','owner',{'org.openecomp.dmaapBC.access|*|read'},'AAF Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.openecomp.dmaapBC','access','*','read',{'org.openecomp.dmaapBC.owner'},'AAF Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.openecomp.dmaapBC','access','*','*',{'org.openecomp.dmaapBC.admin'},'AAF Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); diff --git a/authz-service/src/main/resources/docker-compose/data/identities.dat b/authz-service/src/main/resources/docker-compose/data/identities.dat new file mode 100644 index 00000000..98bf99a3 --- /dev/null +++ b/authz-service/src/main/resources/docker-compose/data/identities.dat @@ -0,0 +1,7 @@ +iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e| +mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna +bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager +mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager +ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager +iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager +osaaf|ID of AAF|||||a|bdevl diff --git a/authz-service/src/main/resources/docker-compose/data/identities.idx b/authz-service/src/main/resources/docker-compose/data/identities.idx new file mode 100644 index 00000000..78fc0a56 Binary files /dev/null and b/authz-service/src/main/resources/docker-compose/data/identities.idx differ diff --git a/authz-service/src/main/resources/docker-compose/data/init.cql b/authz-service/src/main/resources/docker-compose/data/init.cql new file mode 100644 index 00000000..81700f83 --- /dev/null +++ b/authz-service/src/main/resources/docker-compose/data/init.cql @@ -0,0 +1,242 @@ +// For Developer Machine single instance +// +CREATE KEYSPACE authz +WITH REPLICATION = {'class' : 'SimpleStrategy','replication_factor':1}; +// +// From Ravi, 6-17-2014. User for DEVL->TEST +// +// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'HYWRCA02': '2', 'BRHMALDC': '2' }; +// +// PROD +// +// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','ALPSGACT': '2','STLSMORC': '2','BRHMALDC': '2' }; +// +// create user authz with password '' superuser; +// grant all on keyspace authz to authz; +// +// For TEST (aaf_test) +// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'BRHMALDC': '1' }; +// +// DEVL +// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '2' }; +// +// TEST / PERF +// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '3','KGMTNC20': '3' }; +// +// IST +// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC':'3', +// 'DLLSTXCF':'3','KGMTNC20':'3','SFLDMIBB':'3','HYWRCA02':'3' }; +// +// with 6 localized with ccm +// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'dc1': '2', 'dc2': '2' }; +// + +USE authz; + +// +// CORE Table function +// + +// Namespace - establish hierarchical authority to modify +// Permissions and Roles +// "scope" is flag to determine Policy. Typical important scope +// is "company" (1) +CREATE TABLE ns ( + name varchar, + scope int, // deprecated 2.0.11 + description varchar, + parent varchar, + type int, + PRIMARY KEY (name) +); +CREATE INDEX ns_parent on ns(parent); + + +// Oct 2015, not performant. Made Owner and Attrib first class Roles, +// April, 2015. Originally, the plan was to utilize Cassandra 2.1.2, however, other team's preferences were to remain at current levels. +// Therefore, we are taking the separate table approach. (coder Jeremiah Rohwedder) +// We had dropped this by making first class objects of Responsible (Owner) and Admin. We need this again to mark namespaces +// as having certain tools, like SWM, etc. +CREATE TABLE ns_attrib ( + ns varchar, + key varchar, + value varchar, + PRIMARY KEY (ns,key) +); +create index ns_attrib_key on ns_attrib(key); + +// Will be cached +CREATE TABLE role ( + ns varchar, + name varchar, + perms set, // Use "Key" of "name|type|action" + description varchar, + PRIMARY KEY (ns,name) +); +CREATE INDEX role_name ON role(name); + +// Will be cached +CREATE TABLE perm ( + ns varchar, + type varchar, + instance varchar, + action varchar, + roles set, // Need to find Roles given Permissions + description varchar, + PRIMARY KEY (ns,type,instance,action) +); + +// This table is user for Authorization +CREATE TABLE user_role ( + user varchar, + role varchar, // deprecated: change to ns/rname after 2.0.11 + ns varchar, + rname varchar, + expires timestamp, + PRIMARY KEY(user,role) + ); +CREATE INDEX user_role_ns ON user_role(ns); +CREATE INDEX user_role_role ON user_role(role); + +// This table is only for the case where return User Credential (MechID) Authentication +CREATE TABLE cred ( + id varchar, + type int, + expires timestamp, + ns varchar, + other int, + notes varchar, + cred blob, + prev blob, + PRIMARY KEY (id,type,expires) + ); +CREATE INDEX cred_ns ON cred(ns); + +// Certificate Cross Table +// coordinated with CRED type 2 +CREATE TABLE cert ( + fingerprint blob, + id varchar, + x500 varchar, + expires timestamp, + PRIMARY KEY (fingerprint) + ); +CREATE INDEX cert_id ON cert(id); +CREATE INDEX cert_x500 ON cert(x500); + +CREATE TABLE notify ( + user text, + type int, + last timestamp, + checksum int, + PRIMARY KEY (user,type) +); + +CREATE TABLE x509 ( + ca text, + serial blob, + id text, + x500 text, + x509 text, + PRIMARY KEY (ca,serial) +); + + +CREATE INDEX x509_id ON x509 (id); +CREATE INDEX x509_x500 ON x509 (x500); + +// +// Deployment Artifact (for Certman) +// +CREATE TABLE artifact ( + mechid text, + machine text, + type Set, + sponsor text, + ca text, + dir text, + appName text, + os_user text, + notify text, + expires timestamp, + renewDays int, + PRIMARY KEY (mechid,machine) +); +CREATE INDEX artifact_machine ON artifact(machine); + +// +// Non-Critical Table functions +// +// Table Info - for Caching +CREATE TABLE cache ( + name varchar, + seg int, // cache Segment + touched timestamp, + PRIMARY KEY(name,seg) +); + +CREATE TABLE history ( + id timeuuid, + yr_mon int, + user varchar, + action varchar, + target varchar, // user, user_role, + subject varchar, // field for searching main portion of target key + memo varchar, //description of the action + reconstruct blob, //serialized form of the target + // detail Map, // additional information + PRIMARY KEY (id) +); +CREATE INDEX history_yr_mon ON history(yr_mon); +CREATE INDEX history_user ON history(user); +CREATE INDEX history_subject ON history(subject); + +// +// A place to hold objects to be created at a future time. +// +CREATE TABLE future ( + id uuid, // uniquify + target varchar, // Target Table + memo varchar, // Description + start timestamp, // When it should take effect + expires timestamp, // When not longer valid + construct blob, // How to construct this object (like History) + PRIMARY KEY(id) +); +CREATE INDEX future_idx ON future(target); +CREATE INDEX future_start_idx ON future(start); + + +CREATE TABLE approval ( + id timeuuid, // unique Key + ticket uuid, // Link to Future Record + user varchar, // the user who needs to be approved + approver varchar, // user approving + type varchar, // approver types i.e. Supervisor, Owner + status varchar, // approval status. pending, approved, denied + memo varchar, // Text for Approval to know what's going on + operation varchar, // List operation to perform + PRIMARY KEY(id) + ); +CREATE INDEX appr_approver_idx ON approval(approver); +CREATE INDEX appr_user_idx ON approval(user); +CREATE INDEX appr_ticket_idx ON approval(ticket); +CREATE INDEX appr_status_idx ON approval(status); + +CREATE TABLE delegate ( + user varchar, + delegate varchar, + expires timestamp, + PRIMARY KEY (user) +); +CREATE INDEX delg_delg_idx ON delegate(delegate); + +// +// Used by authz-batch processes to ensure only 1 runs at a time +// +CREATE TABLE run_lock ( + class text, + host text, + start timestamp, + PRIMARY KEY ((class)) +); diff --git a/authz-service/src/main/resources/docker-compose/data2/identities.dat b/authz-service/src/main/resources/docker-compose/data2/identities.dat new file mode 100644 index 00000000..95eb51d1 --- /dev/null +++ b/authz-service/src/main/resources/docker-compose/data2/identities.dat @@ -0,0 +1,9 @@ +iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e| +mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna +bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager +mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager +ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager +iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager +osaaf|ID of AAF|||||a|bdevl +m99751|ID of AAF|||||a|bdevl +m99501|ID of AAF|||||a|bdevl diff --git a/authz-service/src/main/resources/docker-compose/docker-compose.yml b/authz-service/src/main/resources/docker-compose/docker-compose.yml new file mode 100644 index 00000000..fce6824d --- /dev/null +++ b/authz-service/src/main/resources/docker-compose/docker-compose.yml @@ -0,0 +1,58 @@ +#------------------------------------------------------------------------------- +# ============LICENSE_START==================================================== +# * org.onap.aaf +# * =========================================================================== +# * Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# * =========================================================================== +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +# * ============LICENSE_END==================================================== +# * +# * ECOMP is a trademark and service mark of AT&T Intellectual Property. +# * +#------------------------------------------------------------------------------- +version: '2' +services: + aaf_container: + image: attos/aaf + ports: + - "8101:8101" + + links: + - cassandra_container + volumes: + # - ./authAPI.props:/opt/app/aaf/authz-service/2.0.15/etc/authAPI.props + - ./wait_for_host_port.sh:/tmp/wait_for_host_port.sh + - ./data2:/data + - ./runaafcli.sh:/opt/app/aaf/authz-service/2.0.15/runaafcli.sh + # - ./com.osaaf.common.props:/opt/app/aaf/authz-service/2.0.15/etc/com.osaaf.common.props + # - ./cadi-core-1.3.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-core-1.3.0.jar + # - ./cadi-aaf-1.3.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-aaf-1.3.0.jar + # - ./cadi-client-1.3.0.jar:/opt/app/aaf/authz-service/2.0.15/lib/cadi-client-1.3.0.jar + # - ./authz-service-2.0.15.jar:/opt/app/aaf/authz-service/2.0.15/lib/authz-service-2.0.15.jar + # - ./dme2-3.1.200.jar:/opt/app/aaf/authz-service/2.0.15/lib/dme2-3.1.200.jar + entrypoint: ["bash", "-c", "/tmp/wait_for_host_port.sh cassandra_container 9042; sleep 20; /bin/sh -c ./startup.sh"] + environment: + - CASSANDRA_CLUSTER=cassandra_container + + + cassandra_container: + image: cassandra:2.1.16 + ports: + - "7000:7000" + - "7001:7001" + - "9042:9042" + - "9160:9160" + volumes: + - ./data:/data + - ./wait_for_host_port.sh:/tmp/wait_for_host_port.sh + entrypoint: ["bash", "-c", "(/tmp/wait_for_host_port.sh localhost 9042 cqlsh --file /data/init.cql -u cassandra -p cassandra localhost; cqlsh --file /data/ecomp.cql -u cassandra -p cassandra localhost) & (/docker-entrypoint.sh cassandra -f)"] diff --git a/authz-service/src/main/resources/docker-compose/old/dme2-3.1.200.jar b/authz-service/src/main/resources/docker-compose/old/dme2-3.1.200.jar new file mode 100644 index 00000000..213fb9c3 Binary files /dev/null and b/authz-service/src/main/resources/docker-compose/old/dme2-3.1.200.jar differ diff --git a/authz-service/src/main/resources/docker-compose/runaafcli.sh b/authz-service/src/main/resources/docker-compose/runaafcli.sh new file mode 100644 index 00000000..a4ce5182 --- /dev/null +++ b/authz-service/src/main/resources/docker-compose/runaafcli.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +DIR=`pwd` +#DME2REG=$DIR/../dme2reg +DME2REG=/opt/dme2reg +#CLASSPATH=etc:target/authz-cmd-2.0.15-jar-with-dependencies.jar +CLASSPATH=/opt/app/aaf/authz-service/2.0.15/etc:/opt/app/aaf/authz-service/2.0.15/lib/authz-cmd-2.0.15-jar-with-dependencies.jar +#java -cp $CLASSPATH -Dcadi_prop_files=../authz-service/src/main/sample/authAPI.props -DDME2_EP_REGISTRY_CLASS=DME2FS -DAFT_DME2_EP_REGISTRY_FS_DIR=$DME2REG com.att.cmd.AAFcli $* +java -cp $CLASSPATH -Dcadi_prop_files=/opt/app/aaf/authz-service/2.0.15/etc/authAPI.props -DDME2_EP_REGISTRY_CLASS=DME2FS -DAFT_DME2_EP_REGISTRY_FS_DIR=$DME2REG com.att.cmd.AAFcli $* diff --git a/authz-service/src/main/resources/docker-compose/startupaaf.sh b/authz-service/src/main/resources/docker-compose/startupaaf.sh new file mode 100644 index 00000000..bc1f0b29 --- /dev/null +++ b/authz-service/src/main/resources/docker-compose/startupaaf.sh @@ -0,0 +1,32 @@ +# lji: this startup file shadows the existing extry point startup.sh file of the container +# because we need to pass in the cassandra cluster location + +LIB=/opt/app/aaf/authz-service/2.0.15/lib + +ETC=/opt/app/aaf/authz-service/2.0.15/etc +DME2REG=/opt/dme2reg + +echo "this is LIB" $LIB +echo "this is ETC" $ETC +echo "this is DME2REG" $DME2REG + +CLASSPATH=$ETC +for FILE in `find $LIB -name *.jar`; do + CLASSPATH=$CLASSPATH:$FILE +done + +FILEPATHS="/opt/app/aaf/common/com.osaaf.common.props /opt/app/aaf/authz-service/2.0.15/etc/com.osaaf.common.props" +for FILEPATH in $FILEPATHS: +do + if [ -e ${FILEPATH} ]; then + if [ -z `grep "cassandra.clusters=$CASSANDRA_CLUSTER" $FILEPATH` ]; then + echo "cassandra.clusters=$CASSANDRA_CLUSTER" >> $FILEPATH; + fi + fi +done + + +java -classpath $CLASSPATH -DDME2_EP_REGISTRY_CLASS=DME2FS -DAFT_DME2_EP_REGISTRY_FS_DIR=$DME2REG com.att.authz.service.AuthAPI + +# keet it running so we can check fs +while sleep 2; do echo thinking; done diff --git a/authz-service/src/main/resources/docker-compose/sysctl.conf b/authz-service/src/main/resources/docker-compose/sysctl.conf new file mode 100644 index 00000000..c36fd688 --- /dev/null +++ b/authz-service/src/main/resources/docker-compose/sysctl.conf @@ -0,0 +1,3 @@ +net.ipv6.conf.all.disable_ipv6=1 +net.ipv6.conf.default.disable_ipv6=1 +net.ipv6.conf.lol.disable_ipv6=1 diff --git a/authz-service/src/main/resources/docker-compose/wait_for_host_port.sh b/authz-service/src/main/resources/docker-compose/wait_for_host_port.sh new file mode 100644 index 00000000..e4e4bf9c --- /dev/null +++ b/authz-service/src/main/resources/docker-compose/wait_for_host_port.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +set -e + +host="$1" +port="$2" +shift +shift +cmd="$@" + +until echo > /dev/tcp/${host}/${port} ; do + >&2 echo "${host}:${port} is unavailable - sleeping" + sleep 1 +done + +>&2 echo "${host}:${port} is up - executing command" +exec $cmd -- cgit 1.2.3-korg