diff options
author | Lee, Tian (tl5884) <TianL@amdocs.com> | 2018-09-20 12:27:40 +0100 |
---|---|---|
committer | Tian Lee <TianL@amdocs.com> | 2018-09-24 09:25:29 +0000 |
commit | 0d7feec2e32f69a8e919f06f03df3ce46e78801d (patch) | |
tree | d712e56fb78bea085eb1bf9c04447a07d0f50341 /sidecar/rproxy/config/auth | |
parent | 6c3031ea90d5b51ae44a599c0cd0d95c057cf633 (diff) |
Initial drop of rProxy code
The Reverse Proxy sidecar is used to separate the responsibility of
authentication and authorization away from the primary microservice. In
conjunction with the Forward Proxy sidecar, it is responsible for
controlling access to the REST URL endpoints exposed by the primary
microservice, and propogating security credentials to downstream
microservices.
Change-Id: I5d80429e5422d7b3937cde73ac10c2ec00d264e8
Issue-ID: AAI-1604
Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
Diffstat (limited to 'sidecar/rproxy/config/auth')
-rw-r--r-- | sidecar/rproxy/config/auth/client-cert.p12 | bin | 0 -> 2556 bytes | |||
-rw-r--r-- | sidecar/rproxy/config/auth/tomcat_keystore | bin | 0 -> 3594 bytes | |||
-rw-r--r-- | sidecar/rproxy/config/auth/uri-authorization.json | 114 |
3 files changed, 114 insertions, 0 deletions
diff --git a/sidecar/rproxy/config/auth/client-cert.p12 b/sidecar/rproxy/config/auth/client-cert.p12 Binary files differnew file mode 100644 index 0000000..dbf4fca --- /dev/null +++ b/sidecar/rproxy/config/auth/client-cert.p12 diff --git a/sidecar/rproxy/config/auth/tomcat_keystore b/sidecar/rproxy/config/auth/tomcat_keystore Binary files differnew file mode 100644 index 0000000..99129c1 --- /dev/null +++ b/sidecar/rproxy/config/auth/tomcat_keystore diff --git a/sidecar/rproxy/config/auth/uri-authorization.json b/sidecar/rproxy/config/auth/uri-authorization.json new file mode 100644 index 0000000..29b152d --- /dev/null +++ b/sidecar/rproxy/config/auth/uri-authorization.json @@ -0,0 +1,114 @@ + [ + { + "uri": "\/not\/allowed\/at\/all$", + "permissions": [ + "test.auth.access\\|not\\|granted" + ] + }, + { + "uri": "\/single\/permission\/required$", + "permissions": [ + "test.single.access\\|single\\|permission" + ] + }, + { + "uri": "\/multiple\/permissions\/required$", + "permissions": [ + "test.multiple.access\\|first\\|permission", + "test.multiple.access\\|second\\|permission", + "test.multiple.access\\|third\\|permission" + ] + }, + { + "uri": "\/multiple\/permissions\/required/one/missing$", + "permissions": [ + "test.multiple.access\\|first\\|permission", + "test.multiple.access\\|second\\|permission", + "test.multiple.access\\|third\\|permission", + "test.multiple.access\\|fourth\\|permission" + ] + }, + { + "uri": "\/wildcard\/permission\/granted$", + "permissions": [ + "test.wildcard.access\\|first\\|permission", + "test.wildcard.access\\|second\\|permission", + "test.wildcard.access\\|third\\|consent" + ] + }, + { + "uri": "\/instance\/wildcard\/permission\/granted$", + "permissions": [ + "test.wildcard.access\\|first\\|permission", + "test.wildcard.access\\|second\\|permission", + "test.wildcard.access\\|third\\|permission" + ] + }, + { + "uri": "\/action\/wildcard\/permission\/granted$", + "permissions": [ + "test.wildcard.access\\|first\\|permission", + "test.wildcard.access\\|first\\|permission", + "test.wildcard.access\\|first\\|consent" + ] + }, + { + "uri": "\/services\/getAAFRequest$", + "permissions": [ + "test.auth.access\\|services\\|GET,PUT" + ] + }, + { + "uri": "\/admin\/getAAFRequest$", + "permissions": [ + "test.auth.access\\|admin\\|GET,PUT,POST" + ] + }, + { + "uri": "\/service\/aai\/webapp\/index.html$", + "permissions": [ + "test.auth.access\\|services\\|GET,PUT" + ] + }, + { + "uri": "\/services\/aai\/webapp\/index.html$", + "permissions": [ + "test.auth.access\\|services\\|GET,PUT" + ] + }, + { + "uri": "\/$", + "permissions": [ + "\\|services\\|GET", + "test\\.auth\\.access\\|services\\|GET,PUT" + ] + }, + { + "uri": "\/aai\/v13\/cloud-infrastructure\/cloud-regions$", + "permissions": [ + "test\\.auth\\.access\\|rest\\|write", + "test\\.auth\\.access\\|rpc\\|write" + ] + }, + { + "uri": "\/aai\/v13\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*", + "permissions": [ + "test.auth.access\\|clouds\\|read", + "test.auth.access\\|tenants\\|read" + ] + }, + { + "uri": "\/aai\/v13\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$", + "permissions": [ + "test.auth.access\\|clouds\\|read", + "test.auth.access\\|tenants\\|read", + "test.auth.access\\|vservers\\|read" + ] + }, + { + "uri": "\/rproxy\/.*", + "permissions": [ + "org\\.access\\|rproxy\\|get" + ] + } + ]
\ No newline at end of file |