diff options
22 files changed, 635 insertions, 190 deletions
@@ -2,7 +2,7 @@ project: 'aaf-cadi' project_creation_date: '2017-07-12' project_category: '' -lifecycle_state: 'Incubation' +lifecycle_state: 'Unmaintained' project_lead: &onap_aaf_ptl name: 'Jonathan Gathman' email: 'jonathan.gathman@us.att.com' @@ -20,20 +20,15 @@ mailing_list: tag: '<[sub-project_name]>' realtime_discussion: '' meetings: - - type: 'zoom' - agenda: 'https://wiki.onap.org/display/DW/AAF+Meeting+Minutes' - url: 'https://wiki.onap.org/pages/viewpage.action?pageId=15302787' + - type: 'n/a' + agenda: 'n/a' + url: 'n/a' server: 'n/a' channel: 'n/a' - repeats: 'weekly' - time: '14:00 UTC' + repeats: 'n/a' + time: 'n/a' repositories: - - 'aaf-authz' - 'aaf/cadi' - - 'aaf/luaplugin' - - 'aaf/oom' - - 'aaf/sms' - - 'aaf/sshsm' committers: - <<: *onap_aaf_ptl - name: 'Kiran Kamineni' @@ -56,5 +51,28 @@ committers: company: 'ZTE' id: 'Huabing_Zhao' timezone: 'China/Chengdu' + - name: 'Pawel Baniewski' + email: 'pawel.baniewski@nokia.com' + company: 'Nokia' + id: 'baniewsk' + - name: 'Gerard Nugent' + email: 'gerard.nugent@est.tech' + company: 'esttech' + id: 'egernug' + timezone: 'Europe/Dublin' + - name: 'John Franey' + email: 'john.franey@att.com' + company: 'ATT' + id: 'JohnFraney' tsc: approval: 'https://lists.onap.org/pipermail/onap-tsc' + changes: + - type: 'Addition' + name: 'Pawel Baniewski' + link: 'https://lists.onap.org/g/onap-tsc-vote/message/1358' + - type: 'Addition' + name: 'Gerard Nugent' + link: 'https://lists.onap.org/g/onap-tsc-vote/message/1358' + - type: 'Addition' + name: 'John Franey' + link: 'https://lists.onap.org/g/onap-tsc-vote/message/1358' @@ -22,19 +22,19 @@ <modelVersion>4.0.0</modelVersion> <groupId>org.onap.aaf.cadi</groupId> <artifactId>parent</artifactId> - <version>2.1.13-SNAPSHOT</version> + <version>2.1.19-SNAPSHOT</version> <name>CADI Plugins Parent</name> <packaging>pom</packaging> <parent> <groupId>org.onap.oparent</groupId> <artifactId>oparent</artifactId> - <version>1.2.1</version> + <version>2.0.0</version> </parent> <properties> <!-- This version needs to be RELEASED version. Fails on SNAPSHOT --> - <cadi.version>2.1.13</cadi.version> + <cadi.version>2.7.4</cadi.version> <!-- <sonar.skip>true</sonar.skip> --> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <!-- project.jettyVersion>9.4.12.v20180830</project.jettyVersion --> diff --git a/releases/2.1.17.yaml b/releases/2.1.17.yaml new file mode 100644 index 0000000..7fc3efe --- /dev/null +++ b/releases/2.1.17.yaml @@ -0,0 +1,4 @@ +distribution_type: 'maven' +version: '2.1.17' +project: 'aaf-cadi' +log_dir: 'aaf-cadi-maven-stage-master/459/' diff --git a/releases/2.1.18.yaml b/releases/2.1.18.yaml new file mode 100644 index 0000000..dfe1206 --- /dev/null +++ b/releases/2.1.18.yaml @@ -0,0 +1,4 @@ +distribution_type: 'maven' +version: '2.1.18' +project: 'aaf-cadi' +log_dir: 'aaf-cadi-maven-stage-master/481/' diff --git a/releases/2.1.19.yaml b/releases/2.1.19.yaml new file mode 100644 index 0000000..93c35e4 --- /dev/null +++ b/releases/2.1.19.yaml @@ -0,0 +1,4 @@ +distribution_type: 'maven' +version: '2.1.19' +project: 'aaf-cadi' +log_dir: 'aaf-cadi-maven-stage-master/515/' diff --git a/shiro-osgi-bundle/pom.xml b/shiro-osgi-bundle/pom.xml index 7d90542..228ae37 100644 --- a/shiro-osgi-bundle/pom.xml +++ b/shiro-osgi-bundle/pom.xml @@ -22,7 +22,7 @@ <parent> <groupId>org.onap.aaf.cadi</groupId> <artifactId>parent</artifactId> - <version>2.1.13-SNAPSHOT</version> + <version>2.1.19-SNAPSHOT</version> <relativePath>..</relativePath> </parent> @@ -40,7 +40,7 @@ <plugin> <groupId>org.apache.felix</groupId> <artifactId>maven-bundle-plugin</artifactId> - <version>2.5.4</version> + <version>4.2.1</version> <extensions>true</extensions> <configuration> <instructions> @@ -56,8 +56,8 @@ javax.net.ssl, javax.crypto, javax.crypto.spec, - javax.xml.bind.annotation, - javax.xml.bind, + javax.xml.bind.annotation;version="[2.0,3)", + javax.xml.bind;version="[2.0,3)", javax.xml.transform, javax.xml.datatype, javax.ws.rs, diff --git a/shiro/pom.xml b/shiro/pom.xml index 5502744..e7044ab 100644 --- a/shiro/pom.xml +++ b/shiro/pom.xml @@ -22,7 +22,7 @@ <parent> <groupId>org.onap.aaf.cadi</groupId> <artifactId>parent</artifactId> - <version>2.1.13-SNAPSHOT</version> + <version>2.1.19-SNAPSHOT</version> <relativePath>..</relativePath> </parent> @@ -89,11 +89,24 @@ <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-cadi-aaf</artifactId> - </dependency> + <exclusions> + <exclusion> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> + <exclusions> + <exclusion> + <groupId>commons-beanutils</groupId> + <artifactId>commons-beanutils</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java index 0035626..247683a 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java @@ -29,6 +29,7 @@ import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.Permission; import org.onap.aaf.cadi.Access; import org.onap.aaf.cadi.Access.Level; +import org.onap.aaf.cadi.aaf.AAFPermission; /** * We treat "roles" and "permissions" in a similar way for first pass. @@ -42,15 +43,27 @@ public class AAFAuthorizationInfo implements AuthorizationInfo { private Access access; private Principal bait; private List<org.onap.aaf.cadi.Permission> pond; - private ArrayList<String> sPerms; - private ArrayList<Permission> oPerms; + // Use these to save conversions + private List<org.onap.aaf.cadi.Permission> cPerms; + private List<Permission> oPerms; + private List<String> sPerms; + + public AAFAuthorizationInfo(Access access, Principal bait) { + this.access = access; + this.bait = bait; + cPerms=null; + oPerms=null; + sPerms=null; + pond=null; + } public AAFAuthorizationInfo(Access access, Principal bait, List<org.onap.aaf.cadi.Permission> pond) { this.access = access; this.bait = bait; this.pond = pond; - sPerms=null; oPerms=null; + sPerms=null; + cPerms=null; } public Principal principal() { @@ -62,9 +75,20 @@ public class AAFAuthorizationInfo implements AuthorizationInfo { access.log(Level.DEBUG, "AAFAuthorizationInfo.getObjectPermissions"); synchronized(bait) { if(oPerms == null) { - oPerms = new ArrayList<Permission>(); - for(final org.onap.aaf.cadi.Permission p : pond) { - oPerms.add(new AAFShiroPermission(p)); + if (pond != null) { + oPerms = new ArrayList<Permission>(); + for(final org.onap.aaf.cadi.Permission p : pond) { + oPerms.add(new AAFShiroPermission(p)); + } + } else { + oPerms = new ArrayList<>(); + if (cPerms == null) { + cPerms = new ArrayList<>(); + AAFRealm.singleton.authz.fishAll(bait, cPerms); + } + for (final org.onap.aaf.cadi.Permission p : cPerms) { + oPerms.add(new AAFShiroPermission(p)); + } } } } @@ -83,10 +107,21 @@ public class AAFAuthorizationInfo implements AuthorizationInfo { access.log(Level.DEBUG,"AAFAuthorizationInfo.getStringPermissions"); synchronized(bait) { if(sPerms == null) { - sPerms = new ArrayList<String>(); - for(org.onap.aaf.cadi.Permission p : pond) { - sPerms.add(p.getKey().replace("|",":")); - access.printf(Level.INFO,"%s has %s",bait.getName(),p.getKey()); + if (pond != null) { + sPerms = new ArrayList<String>(); + for(org.onap.aaf.cadi.Permission p : pond) { + sPerms.add(p.getKey().replace("|", ":")); + access.printf(Level.INFO, "%s has %s", bait.getName(), p.getKey()); + } + } else { + sPerms = new ArrayList<>(); + if (cPerms == null) { + cPerms = new ArrayList<>(); + AAFRealm.singleton.authz.fishAll(bait, cPerms); + } + for (final org.onap.aaf.cadi.Permission p : cPerms) { + sPerms.add(p.getKey()); + } } } } diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java index eb8bc60..818ec9e 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java @@ -33,6 +33,7 @@ import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.UsernamePasswordToken; +import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.onap.aaf.cadi.Access.Level; @@ -41,29 +42,40 @@ import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.Permission; import org.onap.aaf.cadi.PropAccess; import org.onap.aaf.cadi.Symm; +import org.onap.aaf.cadi.aaf.AAFPermission; import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn; import org.onap.aaf.cadi.aaf.v2_0.AAFCon; import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm; import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.filter.MapBathConverter; import org.onap.aaf.cadi.util.CSV; +import org.onap.aaf.cadi.util.Split; import org.onap.aaf.misc.env.APIException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +/* + * Note: Shiro Realm document + * https://shiro.apache.org/realm.html + */ + public class AAFRealm extends AuthorizingRealm { public static final String AAF_REALM = "AAFRealm"; private static final Logger logger = LoggerFactory.getLogger(AAFRealm.class); - private static Singleton singleton = Singleton.singleton(); - private static class Singleton { - private AAFCon<?> acon; - private AAFAuthn<?> authn; + // Package on purpose + static Singleton singleton = Singleton.singleton(); + + public static class Singleton { + public AAFCon<?> acon; + public AAFAuthn<?> authn; + public AAFLurPerm authz; // private Set<Class<? extends AuthenticationToken>> supports; - private AAFLurPerm authz; + private MapBathConverter mbc; private Map<String,String> idMap; private Singleton() { + logger.info("Creating AAFRealm.Singleton"); mbc = null; idMap = null; String cadi_prop_files = access.getProperty(Config.CADI_PROP_FILES); @@ -222,6 +234,7 @@ public class AAFRealm extends AuthorizingRealm { @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { + logger.debug("AAFRealm.doGetAuthenticationInfo"); final UsernamePasswordToken upt = (UsernamePasswordToken)token; final String user = upt.getUsername(); String authUser = user; @@ -241,7 +254,7 @@ public class AAFRealm extends AuthorizingRealm { } } catch (IOException e) { singleton.access.log(e); - } + } } String err; try { @@ -264,6 +277,7 @@ public class AAFRealm extends AuthorizingRealm { @Override protected void assertCredentialsMatch(AuthenticationToken atoken, AuthenticationInfo ai)throws AuthenticationException { + logger.debug("AAFRealm.assertCredentialsMatch"); if(ai instanceof AAFAuthenticationInfo) { if(!((AAFAuthenticationInfo)ai).matches(atoken)) { throw new AuthenticationException("Credentials do not match"); @@ -275,6 +289,7 @@ public class AAFRealm extends AuthorizingRealm { @Override protected AAFAuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { + logger.debug("AAFRealm.doGetAuthorizationInfo"); Principal bait = (Principal)principals.getPrimaryPrincipal(); Principal newBait = bait; if(singleton.idMap!=null) { @@ -306,4 +321,58 @@ public class AAFRealm extends AuthorizingRealm { return AAF_REALM; } + private AAFPermission aafPerm(String permission) { + String[] pa = Split.splitTrim('|', permission); + switch(pa.length) { + case 3: + return new AAFPermission(null,pa[0],pa[1],pa[2]); + case 4: + return new AAFPermission(pa[0],pa[1],pa[2],pa[3]); + default: + return null; + } + } +/* + @Override + public boolean isPermitted(PrincipalCollection principals, String permission) { + logger.debug("AAFRealm.isPermitted(principals,permission<String>)"); + AAFPermission ap = aafPerm(permission); + if(ap!=null) { + return singleton.authz.fish((Principal)principals.getPrimaryPrincipal(), ap); + } + return false; + } + + @Override + protected boolean isPermitted(org.apache.shiro.authz.Permission permission, AuthorizationInfo info) { + logger.debug("AAFRealm.isPermitted(shiro.Permission,AuthorizationInfo)"); + if(info instanceof AAFAuthorizationInfo) { + AAFPermission ap = aafPerm(permission.toString()); + if(ap!=null) { + return singleton.authz.fish(((AAFAuthorizationInfo)info).principal(), ap); + } + return false; + } + return super.isPermitted(permission, info); + } + + @Override + protected boolean[] isPermitted(List<org.apache.shiro.authz.Permission> permissions, AuthorizationInfo info) { + logger.debug("AAFRealm.isPermitted(List<shiro.Permission>,AuthorizationInfo)"); + if(info instanceof AAFAuthorizationInfo) { + boolean rv[] = new boolean[permissions.size()]; + int i=0; + for(org.apache.shiro.authz.Permission sp : permissions) { + AAFPermission ap = aafPerm(sp.toString()); + if(ap!=null) { + rv[i++]=singleton.authz.fish(((AAFAuthorizationInfo)info).principal(), ap); + } else { + rv[i++]=false; + } + } + return rv; + } + return super.isPermitted(permissions, info); + } +*/ } diff --git a/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/StandAloneTest.java b/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/StandAloneTest.java new file mode 100644 index 0000000..da026dd --- /dev/null +++ b/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/StandAloneTest.java @@ -0,0 +1,147 @@ + /* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.onap.aaf.cadi.shiro.test; + +import org.apache.shiro.SecurityUtils; +import org.apache.shiro.authc.AuthenticationException; +import org.apache.shiro.authc.IncorrectCredentialsException; +import org.apache.shiro.authc.LockedAccountException; +import org.apache.shiro.authc.UnknownAccountException; +import org.apache.shiro.authc.UsernamePasswordToken; +import org.apache.shiro.config.Ini; +import org.apache.shiro.config.Ini.Section; +import org.apache.shiro.config.IniSecurityManagerFactory; +import org.apache.shiro.mgt.SecurityManager; +import org.apache.shiro.session.Session; +import org.apache.shiro.subject.Subject; +import org.apache.shiro.util.Factory; +import org.onap.aaf.cadi.shiro.AAFRealm; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class StandAloneTest { + + /** + * Simple Quickstart application, from Shiro, showing how to use Shiro's API. + * + * @since 0.9 RC2 + */ + private static final transient Logger log = LoggerFactory.getLogger(StandAloneTest.class); + + public static void main(String[] args) { + if(args.length<3) { + System.out.println("Usage: java StandAloneTest fqi ns passwd"); + } else { + + String user = args[0]; + String ns = args[1]; + String pass = args[2]; + + // The easiest way to create a Shiro SecurityManager with configured + // realms, users, roles and permissions is to use the simple INI config. + // We'll do that by using a factory that can ingest a .ini file and + // return a SecurityManager instance: + + Ini ini = new Ini(); + Section section = ini.addSection("main"); + section.put("aafRealm", "org.onap.aaf.cadi.shiro.AAFRealm"); + section.put("securityManager.realms","$aafRealm"); + /* + * Equivalent to shiro.ini + * + * [main] + * aafRealm=org.onap.aaf.cadi.shiro.AAFRealm + * securityManager.realms=$aafRealm + */ + Factory<SecurityManager> factory = new IniSecurityManagerFactory(ini); + + // Alternative: Use the shiro.ini file at the root of the classpath + // (file: and url: prefixes load from files and urls respectively): + // Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini"); + SecurityManager securityManager = factory.getInstance(); + + // for this simple example quickstart, make the SecurityManager + // accessible as a JVM singleton. Most applications wouldn't do this + // and instead rely on their container configuration or web.xml for + // webapps. That is outside the scope of this simple quickstart, so + // we'll just do the bare minimum so you can continue to get a feel + // for things. + SecurityUtils.setSecurityManager(securityManager); + + // Now that a simple Shiro environment is set up, let's see what you can do: + + // get the currently executing user: + Subject currentUser = SecurityUtils.getSubject(); + + // Do some stuff with a Session (no need for a web or EJB container!!!) + Session session = currentUser.getSession(); + session.setAttribute("someKey", "aValue"); + String value = (String) session.getAttribute("someKey"); + if (value.equals("aValue")) { + log.info("Retrieved the correct value! [" + value + "]"); + } + + for(int i=0;i<3;++i) { + // let's login the current user so we can check against roles and permissions: + if (!currentUser.isAuthenticated()) { + UsernamePasswordToken token = new UsernamePasswordToken(user,pass); + // UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa"); + token.setRememberMe(true); + try { + currentUser.login(token); + } catch (UnknownAccountException uae) { + log.info("There is no user with username of " + token.getPrincipal()); + } catch (IncorrectCredentialsException ice) { + log.info("Password for account " + token.getPrincipal() + " was incorrect!"); + } catch (LockedAccountException lae) { + log.info("The account for username " + token.getPrincipal() + " is locked. " + + "Please contact your administrator to unlock it."); + } + // ... catch more exceptions here (maybe custom ones specific to your application? + catch (AuthenticationException ae) { + //unexpected condition? error? + // AT&T doesn't allow specifics + log.info(ae.getMessage()); + } + } + + // Uncomment following to test calls after Cache is Cleared + // AAFRealm.Singleton.singleton().authz.clearAll(); + + //say who they are: + //print their identifying principal (in this case, a username): + log.info("User [" + currentUser.getPrincipal() + "] logged in successfully."); + + //test NS Write Access + String msg = String.format("You are %s in role %s.admin", + currentUser.hasRole(ns+".admin")?"":"not", + ns); + log.info(msg); + + //test a typed permission (not instance-level) + msg = String.format("You %s have write access into NS %s", + currentUser.isPermitted(ns+".access|*|*")?"":"do not", + ns); + log.info(msg); + } + //all done - log out! + currentUser.logout(); + } + } +} diff --git a/sidecar/fproxy/pom.xml b/sidecar/fproxy/pom.xml index 5ad8b38..fce139d 100644 --- a/sidecar/fproxy/pom.xml +++ b/sidecar/fproxy/pom.xml @@ -24,9 +24,13 @@ <parent> <groupId>org.onap.aaf.cadi.sidecar</groupId> <artifactId>sidecar</artifactId> - <version>2.1.13-SNAPSHOT</version> + <version>2.1.19-SNAPSHOT</version> </parent> + <properties> + <fproxy.build.dir>${project.build.directory}/${project.artifactId}-build/</fproxy.build.dir> + </properties> + <artifactId>fproxy</artifactId> <packaging>jar</packaging> @@ -116,55 +120,83 @@ <configuration> <reuseForks>false</reuseForks> <forkCount>1</forkCount> + <argLine>-Xmx1024m -XX:MaxPermSize=256m</argLine> </configuration> </plugin> <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-resources-plugin</artifactId> - <version>3.0.2</version> - <executions> - <execution> - <id>copy-docker-file</id> - <phase>package</phase> - <goals> - <goal>copy-resources</goal> - </goals> - <configuration> - <outputDirectory>target</outputDirectory> - <overwrite>true</overwrite> - <resources> - <resource> - <directory>${basedir}/src/main/docker</directory> - <filtering>true</filtering> - </resource> - <resource> - <directory>${basedir}/src/main/bin/</directory> - <filtering>true</filtering> - </resource> - </resources> - </configuration> - </execution> - </executions> - </plugin> - <plugin> - <groupId>com.spotify</groupId> - <artifactId>docker-maven-plugin</artifactId> - <version>0.4.11</version> - <configuration> - <verbose>true</verbose> - <serverId>docker-hub</serverId> - <imageName>${docker.push.registry}/onap/${project.artifactId}</imageName> - <dockerDirectory>${docker.location}</dockerDirectory> - <imageTags> - <imageTag>latest</imageTag> - </imageTags> - <forceTags>true</forceTags> - </configuration> + <artifactId>maven-assembly-plugin</artifactId> + <configuration> + <descriptors> + <descriptor>src/main/assembly/descriptor.xml</descriptor> + </descriptors> + </configuration> + <executions> + <execution> + <id>make-assembly</id> + <phase>package</phase> + <goals> + <goal>single</goal> + </goals> + </execution> + </executions> + </plugin> + <!--<plugin> + <groupId>io.fabric8</groupId> + <artifactId>docker-maven-plugin</artifactId> + <version>0.28.0</version> + <configuration> + <verbose>true</verbose> + <apiVersion>${docker.apiVersion}</apiVersion> + <pullRegistry>${docker.pull.registry}</pullRegistry> + <pushRegistry>${docker.push.registry}</pushRegistry> + <serverId>docker-hub</serverId> + <dockerDirectory>${docker.location}</dockerDirectory> + <imageTags> + <imageTag>latest</imageTag> + </imageTags> + <forceTags>true</forceTags> + <images> + <image> + <name>${docker.push.registry}/onap/${project.artifactId}</name> + <build> + <cleanup>try</cleanup> + <dockerFileDir>${project.basedir}/src/main/docker</dockerFileDir> + <tags> + <tag>latest</tag> + </tags> + <assembly> + <inline> + <fileSets> + <fileSet> + <directory>${fproxy.build.dir}</directory> + <outputDirectory>/${project.artifactId}</outputDirectory> + </fileSet> + </fileSets> + </inline> + </assembly> + </build> + </image> + </images> + </configuration> + <executions> + <execution> + <id>generate-images</id> + <phase>install</phase> + + </execution> + <execution> + <id>push-images</id> + <phase>deploy</phase> + <goals> + <goal>push</goal> + </goals> + </execution> + </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-deploy-plugin</artifactId> - </plugin> + </plugin> --> </plugins> </build> </project> diff --git a/sidecar/fproxy/src/main/assembly/descriptor.xml b/sidecar/fproxy/src/main/assembly/descriptor.xml new file mode 100644 index 0000000..eb645f2 --- /dev/null +++ b/sidecar/fproxy/src/main/assembly/descriptor.xml @@ -0,0 +1,29 @@ +<assembly xmlns="http_://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2" + xmlns:xsi="http_://www.__w3.org/2001/XMLSchema-instance" + xsi:SchemaLocation="http_://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http_://maven.apache.org/xsd/assembly-1.1.2.xsd"> + <id>build</id> + <includeBaseDirectory>false</includeBaseDirectory> + <formats> + <format>dir</format> + </formats> + <fileSets> + <fileSet> + <directory>${project.basedir}/src/main/bin</directory> + <outputDirectory>/bin</outputDirectory> + <includes> + <include>**/*</include> + </includes> + </fileSet> + <fileSet> + <directory>${project.build.directory}</directory> + <outputDirectory>/</outputDirectory> + <includes> + <include>*.jar</include> + </includes> + <excludes> + <exclude>Dockerfile</exclude> + <exclude>*.sh</exclude> + </excludes> + </fileSet> + </fileSets> +</assembly> diff --git a/sidecar/fproxy/src/main/docker/Dockerfile b/sidecar/fproxy/src/main/docker/Dockerfile index d91f0e3..4537e24 100644 --- a/sidecar/fproxy/src/main/docker/Dockerfile +++ b/sidecar/fproxy/src/main/docker/Dockerfile @@ -1,35 +1,28 @@ -FROM ubuntu:14.04 +FROM openjdk:8-alpine ARG MICRO_HOME=/opt/app/fproxy ARG BIN_HOME=$MICRO_HOME/bin ARG JAR_FILE=fproxy-exec.jar -RUN apt-get update - -# Install and setup java8 -RUN apt-get update && apt-get install -y software-properties-common -## sudo -E is required to preserve the environment. If you remove that line, it will most like freeze at this step -RUN sudo -E add-apt-repository ppa:openjdk-r/ppa && apt-get update && apt-get install -y openjdk-8-jdk - -RUN sudo dpkg --purge --force-depends ca-certificates-java -RUN sudo apt-get install ca-certificates-java +RUN apk update && \ + apk add ca-certificates ## Setup JAVA_HOME, this is useful for docker commandline -ENV JAVA_HOME usr/lib/jvm/java-8-openjdk-$(dpkg --print-architecture) +ENV JAVA_HOME usr/lib/jvm/java-1.8-openjdk RUN export JAVA_HOME # Build up the deployment folder structure RUN mkdir -p $MICRO_HOME -COPY ${JAR_FILE} $MICRO_HOME -RUN mkdir -p $BIN_HOME -COPY *.sh $BIN_HOME -RUN chmod 755 $BIN_HOME/* -RUN ln -s /logs $MICRO_HOME/logs -RUN mkdir /logs +WORKDIR $MICRO_HOME +COPY maven/fproxy/ . +RUN chmod 755 $BIN_HOME/* && \ + mkdir /logs && \ + ln -s /logs $MICRO_HOME/logs # Create the appuser -RUN groupadd -r appgroup && \ - useradd -r -u 1001 -g appgroup appuser && \ +RUN addgroup --system appgroup && \ + adduser --system --uid 1001 --ingroup appgroup appuser && \ chown -R appuser:appgroup $MICRO_HOME && \ chmod 777 /logs USER appuser + CMD ["/opt/app/fproxy/bin/start.sh"] diff --git a/sidecar/pom.xml b/sidecar/pom.xml index cda9fb7..7634616 100644 --- a/sidecar/pom.xml +++ b/sidecar/pom.xml @@ -20,7 +20,7 @@ <parent> <groupId>org.onap.aaf.cadi</groupId> <artifactId>parent</artifactId> - <version>2.1.13-SNAPSHOT</version> + <version>2.1.19-SNAPSHOT</version> <relativePath>..</relativePath> </parent> <modelVersion>4.0.0</modelVersion> @@ -55,7 +55,7 @@ <spring.boot.version>2.1.1.RELEASE</spring.boot.version> <spring.web.version>5.1.3.RELEASE</spring.web.version> - <docker.location>${basedir}/target</docker.location> + <docker.location>${basedir}/target/build</docker.location> <!-- <skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo> --> </properties> diff --git a/sidecar/rproxy/pom.xml b/sidecar/rproxy/pom.xml index d1d7c22..088ac27 100644 --- a/sidecar/rproxy/pom.xml +++ b/sidecar/rproxy/pom.xml @@ -24,9 +24,13 @@ <parent> <groupId>org.onap.aaf.cadi.sidecar</groupId> <artifactId>sidecar</artifactId> - <version>2.1.13-SNAPSHOT</version> + <version>2.1.19-SNAPSHOT</version> </parent> + <properties> + <fproxy.build.dir>${project.build.directory}/${project.artifactId}-build/</fproxy.build.dir> + </properties> + <artifactId>rproxy</artifactId> <packaging>jar</packaging> @@ -128,50 +132,77 @@ <configuration> <reuseForks>false</reuseForks> <forkCount>1</forkCount> + <argLine>-Xmx1024m -XX:MaxPermSize=256m</argLine> </configuration> </plugin> <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-resources-plugin</artifactId> - <version>3.0.2</version> + <artifactId>maven-assembly-plugin</artifactId> + <configuration> + <descriptors> + <descriptor>src/main/assembly/descriptor.xml</descriptor> + </descriptors> + </configuration> <executions> <execution> - <id>copy-docker-file</id> + <id>make-assembly</id> <phase>package</phase> <goals> - <goal>copy-resources</goal> + <goal>single</goal> </goals> - <configuration> - <outputDirectory>target</outputDirectory> - <overwrite>true</overwrite> - <resources> - <resource> - <directory>${basedir}/src/main/docker</directory> - <filtering>true</filtering> - </resource> - <resource> - <directory>${basedir}/src/main/bin/</directory> - <filtering>true</filtering> - </resource> - </resources> - </configuration> </execution> </executions> </plugin> - <plugin> - <groupId>com.spotify</groupId> + <!--<plugin> + <groupId>io.fabric8</groupId> <artifactId>docker-maven-plugin</artifactId> - <version>0.4.11</version> + <version>0.28.0</version> <configuration> <verbose>true</verbose> + <apiVersion>${docker.apiVersion}</apiVersion> + <pullRegistry>${docker.pull.registry}</pullRegistry> + <pushRegistry>${docker.push.registry}</pushRegistry> <serverId>docker-hub</serverId> - <imageName>${docker.push.registry}/onap/${project.artifactId}</imageName> <dockerDirectory>${docker.location}</dockerDirectory> <imageTags> <imageTag>latest</imageTag> </imageTags> <forceTags>true</forceTags> + <images> + <image> + <name>${docker.push.registry}/onap/${project.artifactId}</name> + <build> + <cleanup>try</cleanup> + <dockerFileDir>${project.basedir}/src/main/docker</dockerFileDir> + <tags> + <tag>latest</tag> + </tags> + <assembly> + <inline> + <fileSets> + <fileSet> + <directory>${fproxy.build.dir}</directory> + <outputDirectory>/${project.artifactId}</outputDirectory> + </fileSet> + </fileSets> + </inline> + </assembly> + </build> + </image> + </images> </configuration> + <executions> + <execution> + <id>generate-images</id> + <phase>install</phase> + </execution> + <execution> + <id>push-images</id> + <phase>deploy</phase> + <goals> + <goal>push</goal> + </goals> + </execution> + </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> @@ -179,7 +210,7 @@ <configuration> <skip>true</skip> </configuration> - </plugin> + </plugin> --> </plugins> </build> </project> diff --git a/sidecar/rproxy/src/main/assembly/descriptor.xml b/sidecar/rproxy/src/main/assembly/descriptor.xml new file mode 100644 index 0000000..16b21de --- /dev/null +++ b/sidecar/rproxy/src/main/assembly/descriptor.xml @@ -0,0 +1,29 @@ +<assembly xmlns="http_://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2" + xmlns:xsi="http_://www.__w3.org/2001/XMLSchema-instance" + xsi:SchemaLocation="http_://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http_://maven.apache.org/xsd/assembly-1.1.2.xsd"> + <id>build</id> + <includeBaseDirectory>false</includeBaseDirectory> + <formats> + <format>dir</format> + </formats> + <fileSets> + <fileSet> + <directory>${project.basedir}/src/main/bin</directory> + <outputDirectory>/bin</outputDirectory> + <includes> + <include>**/*</include> + </includes> + </fileSet> + <fileSet> + <directory>${project.build.directory}</directory> + <outputDirectory>/</outputDirectory> + <includes> + <include>*.jar</include> + </includes> + <excludes> + <exclude>Dockerfile</exclude> + <exclude>*.sh</exclude> + </excludes> + </fileSet> + </fileSets> +</assembly> diff --git a/sidecar/rproxy/src/main/docker/Dockerfile b/sidecar/rproxy/src/main/docker/Dockerfile index 56b32fa..6311e9e 100644 --- a/sidecar/rproxy/src/main/docker/Dockerfile +++ b/sidecar/rproxy/src/main/docker/Dockerfile @@ -1,34 +1,26 @@ -FROM ubuntu:14.04 +FROM openjdk:8-alpine ARG MICRO_HOME=/opt/app/rproxy ARG BIN_HOME=$MICRO_HOME/bin ARG JAR_FILE=rproxy-exec.jar -RUN apt-get update - -# Install and setup java8 -RUN apt-get update && apt-get install -y software-properties-common -## sudo -E is required to preserve the environment. If you remove that line, it will most like freeze at this step -RUN sudo -E add-apt-repository ppa:openjdk-r/ppa && apt-get update && apt-get install -y openjdk-8-jdk - -RUN sudo dpkg --purge --force-depends ca-certificates-java -RUN sudo apt-get install ca-certificates-java +RUN apk update && \ + apk add ca-certificates ## Setup JAVA_HOME, this is useful for docker commandline -ENV JAVA_HOME usr/lib/jvm/java-8-openjdk-$(dpkg --print-architecture) +ENV JAVA_HOME usr/lib/jvm/java-1.8-openjdk RUN export JAVA_HOME # Build up the deployment folder structure RUN mkdir -p $MICRO_HOME -COPY ${JAR_FILE} $MICRO_HOME -RUN mkdir -p $BIN_HOME -COPY *.sh $BIN_HOME -RUN chmod 755 $BIN_HOME/* -RUN ln -s /logs $MICRO_HOME/logs -RUN mkdir /logs +WORKDIR $MICRO_HOME +COPY maven/rproxy/ . +RUN chmod 755 $BIN_HOME/* && \ + mkdir /logs && \ + ln -s /logs $MICRO_HOME/logs # Create the appuser -RUN groupadd -r appgroup && \ - useradd -r -u 1001 -g appgroup appuser && \ +RUN addgroup --system appgroup && \ + adduser --system -u 1001 -g appgroup appuser && \ chown -R appuser:appgroup $MICRO_HOME && \ chmod 777 /logs USER appuser diff --git a/sidecar/rproxy/src/main/java/org/onap/aaf/cadi/sidecar/rproxy/mocks/ReverseProxyMockCadiFilter.java b/sidecar/rproxy/src/main/java/org/onap/aaf/cadi/sidecar/rproxy/mocks/ReverseProxyMockCadiFilter.java index 6c9665f..068976d 100644 --- a/sidecar/rproxy/src/main/java/org/onap/aaf/cadi/sidecar/rproxy/mocks/ReverseProxyMockCadiFilter.java +++ b/sidecar/rproxy/src/main/java/org/onap/aaf/cadi/sidecar/rproxy/mocks/ReverseProxyMockCadiFilter.java @@ -176,6 +176,11 @@ public class ReverseProxyMockCadiFilter implements Filter { } @Override + public String getTarget() { + return null; + } + + @Override public RESP authenticate() throws IOException { return null; } diff --git a/sidecar/tproxy-config/pom.xml b/sidecar/tproxy-config/pom.xml index 63643d3..e849c58 100644 --- a/sidecar/tproxy-config/pom.xml +++ b/sidecar/tproxy-config/pom.xml @@ -24,7 +24,7 @@ <parent> <groupId>org.onap.aaf.cadi.sidecar</groupId> <artifactId>sidecar</artifactId> - <version>2.1.13-SNAPSHOT</version> + <version>2.1.19-SNAPSHOT</version> </parent> <artifactId>tproxy-config</artifactId> @@ -37,7 +37,7 @@ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding> <version.io.fabric8.fabric8-maven-plugin>3.5.32</version.io.fabric8.fabric8-maven-plugin> - <docker.location>${basedir}/target</docker.location> + <docker.location>${project.basedir}/target/${project.artifactId}-${project.version}-build</docker.location> <!-- <skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo> --> </properties> @@ -65,57 +65,79 @@ </execution> </executions> </plugin> - + <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-resources-plugin</artifactId> - <version>3.0.2</version> + <artifactId>maven-assembly-plugin</artifactId> + <configuration> + <descriptors> + <descriptor>src/main/assembly/descriptor.xml</descriptor> + </descriptors> + </configuration> + <executions> + <execution> + <id>make-assembly</id> + <phase>package</phase> + <goals> + <goal>single</goal> + </goals> + </execution> + </executions> + </plugin> + + <!--<plugin> + <groupId>io.fabric8</groupId> + <artifactId>docker-maven-plugin</artifactId> + <version>0.28.0</version> + <configuration> + <verbose>true</verbose> + <apiVersion>${docker.apiVersion}</apiVersion> + <pullRegistry>${docker.pull.registry}</pullRegistry> + <pushRegistry>${docker.push.registry}</pushRegistry> + <images> + <image> + <name>${docker.push.registry}/onap/${project.artifactId}</name> + <build> + <cleanup>try</cleanup> + <dockerFileDir>${project.basedir}/src/main/docker</dockerFileDir> + <tags> + <tag>latest</tag> + </tags> + <assembly> + <inline> + <fileSets> + <fileSet> + <directory>${docker.location}</directory> + <outputDirectory>/${project.artifactId}</outputDirectory> + </fileSet> + </fileSets> + </inline> + </assembly> + </build> + </image> + </images> + </configuration> <executions> - <execution> - <id>copy-docker-file</id> - <phase>package</phase> - <goals> - <goal>copy-resources</goal> - </goals> - <configuration> - <outputDirectory>target</outputDirectory> - <overwrite>true</overwrite> - <resources> - <resource> - <directory>${basedir}/src/main/docker</directory> - <filtering>true</filtering> - </resource> - <resource> - <directory>${basedir}/src/main/bin/</directory> - <filtering>true</filtering> - </resource> - </resources> - </configuration> - </execution> - </executions> - </plugin> - <plugin> - <groupId>com.spotify</groupId> - <artifactId>docker-maven-plugin</artifactId> - <version>0.4.11</version> - <configuration> - <verbose>true</verbose> - <serverId>docker-hub</serverId> - <imageName>${docker.push.registry}/onap/${project.artifactId}</imageName> - <dockerDirectory>${docker.location}</dockerDirectory> - <imageTags> - <imageTag>latest</imageTag> - </imageTags> - <forceTags>true</forceTags> - </configuration> + <execution> + <id>generate-images</id> + <phase>install</phase> + </execution> + <execution> + <id>push-images</id> + <phase>deploy</phase> + <goals> + <goal>push</goal> + </goals> + </execution> + </executions> </plugin> + <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-deploy-plugin</artifactId> <configuration> <skip>true</skip> </configuration> - </plugin> + </plugin> --> </plugins> </build> </project> diff --git a/sidecar/tproxy-config/src/main/assembly/descriptor.xml b/sidecar/tproxy-config/src/main/assembly/descriptor.xml new file mode 100644 index 0000000..b53f64e --- /dev/null +++ b/sidecar/tproxy-config/src/main/assembly/descriptor.xml @@ -0,0 +1,18 @@ +<assembly xmlns="http_://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2" + xmlns:xsi="http_://www.__w3.org/2001/XMLSchema-instance" + xsi:SchemaLocation="http_://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http_://maven.apache.org/xsd/assembly-1.1.2.xsd"> + <id>build</id> + <includeBaseDirectory>false</includeBaseDirectory> + <formats> + <format>dir</format> + </formats> + <fileSets> + <fileSet> + <directory>${project.basedir}/src/main/bin</directory> + <outputDirectory>/</outputDirectory> + <includes> + <include>**/*</include> + </includes> + </fileSet> + </fileSets> +</assembly> diff --git a/sidecar/tproxy-config/src/main/docker/Dockerfile b/sidecar/tproxy-config/src/main/docker/Dockerfile index b95cf74..4851a20 100644 --- a/sidecar/tproxy-config/src/main/docker/Dockerfile +++ b/sidecar/tproxy-config/src/main/docker/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.6 RUN apk add --update iptables curl bash -COPY start.sh /start.sh +COPY maven/tproxy-config/start.sh /start.sh RUN chmod 755 /start.sh #CMD start.sh ENTRYPOINT ["/start.sh"] diff --git a/version.properties b/version.properties index 9b2b66e..4f38cbc 100644 --- a/version.properties +++ b/version.properties @@ -28,7 +28,7 @@ # This TAG <version>2.1.13</version> is here to help remember to change this file. Keep it up to date with the following "real" entries: major=2 minor=1 -patch=13 +patch=19 base_version=${major}.${minor}.${patch} |