summaryrefslogtreecommitdiffstats
path: root/sidecar/rproxy/config
diff options
context:
space:
mode:
Diffstat (limited to 'sidecar/rproxy/config')
-rw-r--r--sidecar/rproxy/config/auth/client-cert.p12bin0 -> 2556 bytes
-rw-r--r--sidecar/rproxy/config/auth/tomcat_keystorebin0 -> 3594 bytes
-rw-r--r--sidecar/rproxy/config/auth/uri-authorization.json114
-rw-r--r--sidecar/rproxy/config/cadi.properties19
-rw-r--r--sidecar/rproxy/config/forward-proxy.properties4
-rw-r--r--sidecar/rproxy/config/logback-spring.xml48
-rw-r--r--sidecar/rproxy/config/primary-service.properties5
-rw-r--r--sidecar/rproxy/config/readme.txt1
-rw-r--r--sidecar/rproxy/config/reverse-proxy.properties1
-rw-r--r--sidecar/rproxy/config/security/keyfile27
10 files changed, 219 insertions, 0 deletions
diff --git a/sidecar/rproxy/config/auth/client-cert.p12 b/sidecar/rproxy/config/auth/client-cert.p12
new file mode 100644
index 0000000..dbf4fca
--- /dev/null
+++ b/sidecar/rproxy/config/auth/client-cert.p12
Binary files differ
diff --git a/sidecar/rproxy/config/auth/tomcat_keystore b/sidecar/rproxy/config/auth/tomcat_keystore
new file mode 100644
index 0000000..99129c1
--- /dev/null
+++ b/sidecar/rproxy/config/auth/tomcat_keystore
Binary files differ
diff --git a/sidecar/rproxy/config/auth/uri-authorization.json b/sidecar/rproxy/config/auth/uri-authorization.json
new file mode 100644
index 0000000..29b152d
--- /dev/null
+++ b/sidecar/rproxy/config/auth/uri-authorization.json
@@ -0,0 +1,114 @@
+ [
+ {
+ "uri": "\/not\/allowed\/at\/all$",
+ "permissions": [
+ "test.auth.access\\|not\\|granted"
+ ]
+ },
+ {
+ "uri": "\/single\/permission\/required$",
+ "permissions": [
+ "test.single.access\\|single\\|permission"
+ ]
+ },
+ {
+ "uri": "\/multiple\/permissions\/required$",
+ "permissions": [
+ "test.multiple.access\\|first\\|permission",
+ "test.multiple.access\\|second\\|permission",
+ "test.multiple.access\\|third\\|permission"
+ ]
+ },
+ {
+ "uri": "\/multiple\/permissions\/required/one/missing$",
+ "permissions": [
+ "test.multiple.access\\|first\\|permission",
+ "test.multiple.access\\|second\\|permission",
+ "test.multiple.access\\|third\\|permission",
+ "test.multiple.access\\|fourth\\|permission"
+ ]
+ },
+ {
+ "uri": "\/wildcard\/permission\/granted$",
+ "permissions": [
+ "test.wildcard.access\\|first\\|permission",
+ "test.wildcard.access\\|second\\|permission",
+ "test.wildcard.access\\|third\\|consent"
+ ]
+ },
+ {
+ "uri": "\/instance\/wildcard\/permission\/granted$",
+ "permissions": [
+ "test.wildcard.access\\|first\\|permission",
+ "test.wildcard.access\\|second\\|permission",
+ "test.wildcard.access\\|third\\|permission"
+ ]
+ },
+ {
+ "uri": "\/action\/wildcard\/permission\/granted$",
+ "permissions": [
+ "test.wildcard.access\\|first\\|permission",
+ "test.wildcard.access\\|first\\|permission",
+ "test.wildcard.access\\|first\\|consent"
+ ]
+ },
+ {
+ "uri": "\/services\/getAAFRequest$",
+ "permissions": [
+ "test.auth.access\\|services\\|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/admin\/getAAFRequest$",
+ "permissions": [
+ "test.auth.access\\|admin\\|GET,PUT,POST"
+ ]
+ },
+ {
+ "uri": "\/service\/aai\/webapp\/index.html$",
+ "permissions": [
+ "test.auth.access\\|services\\|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/services\/aai\/webapp\/index.html$",
+ "permissions": [
+ "test.auth.access\\|services\\|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/$",
+ "permissions": [
+ "\\|services\\|GET",
+ "test\\.auth\\.access\\|services\\|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/aai\/v13\/cloud-infrastructure\/cloud-regions$",
+ "permissions": [
+ "test\\.auth\\.access\\|rest\\|write",
+ "test\\.auth\\.access\\|rpc\\|write"
+ ]
+ },
+ {
+ "uri": "\/aai\/v13\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
+ "permissions": [
+ "test.auth.access\\|clouds\\|read",
+ "test.auth.access\\|tenants\\|read"
+ ]
+ },
+ {
+ "uri": "\/aai\/v13\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$",
+ "permissions": [
+ "test.auth.access\\|clouds\\|read",
+ "test.auth.access\\|tenants\\|read",
+ "test.auth.access\\|vservers\\|read"
+ ]
+ },
+ {
+ "uri": "\/rproxy\/.*",
+ "permissions": [
+ "org\\.access\\|rproxy\\|get"
+ ]
+ }
+ ] \ No newline at end of file
diff --git a/sidecar/rproxy/config/cadi.properties b/sidecar/rproxy/config/cadi.properties
new file mode 100644
index 0000000..543bc1e
--- /dev/null
+++ b/sidecar/rproxy/config/cadi.properties
@@ -0,0 +1,19 @@
+# This is a normal Java Properties File
+# Comments are with Pound Signs at beginning of lines,
+# and multi-line expression of properties can be obtained by backslash at end of line
+
+cadi_loglevel=DEBUG
+cadi_keyfile=config/security/keyfile
+
+cadi_truststore=config/auth/tomcat_keystore
+cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
+# Configure AAF
+aaf_url=https://aaf.osaaf.org:30247
+aaf_env=DEV
+
+aaf_id=demo@people.osaaf.org
+aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
+
+# This is a colon separated list of client cert issuers
+cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA \ No newline at end of file
diff --git a/sidecar/rproxy/config/forward-proxy.properties b/sidecar/rproxy/config/forward-proxy.properties
new file mode 100644
index 0000000..1b58d42
--- /dev/null
+++ b/sidecar/rproxy/config/forward-proxy.properties
@@ -0,0 +1,4 @@
+forward-proxy.protocol = https
+forward-proxy.host = localhost
+forward-proxy.port = 10680
+forward-proxy.cacheurl = /credential-cache \ No newline at end of file
diff --git a/sidecar/rproxy/config/logback-spring.xml b/sidecar/rproxy/config/logback-spring.xml
new file mode 100644
index 0000000..5b3a8dc
--- /dev/null
+++ b/sidecar/rproxy/config/logback-spring.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+ <property name="LOGS" value="./logs/reverse-proxy" />
+ <property name="FILEPREFIX" value="application" />
+
+ <appender name="Console"
+ class="ch.qos.logback.core.ConsoleAppender">
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>
+ %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+ </Pattern>
+ </layout>
+ </appender>
+
+ <appender name="RollingFile"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${LOGS}/${FILEPREFIX}.log</file>
+ <encoder
+ class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+ </encoder>
+
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- rollover daily and when the file reaches 10 MegaBytes -->
+ <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+ </fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>10MB</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ </rollingPolicy>
+ </appender>
+
+ <!-- LOG everything at INFO level -->
+ <root level="info">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </root>
+
+ <!-- LOG "org.onap.aaf.rproxy" at DEBUG level -->
+ <logger name="org.onap.aaf.rproxy" level="debug" additivity="false">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </logger>
+
+</configuration>
diff --git a/sidecar/rproxy/config/primary-service.properties b/sidecar/rproxy/config/primary-service.properties
new file mode 100644
index 0000000..d0f7a32
--- /dev/null
+++ b/sidecar/rproxy/config/primary-service.properties
@@ -0,0 +1,5 @@
+primary-service.protocol = https
+primary-service.host = localhost
+
+# This needs to be configured to match the port of the primary service running in the pod
+primary-service.port = 9000
diff --git a/sidecar/rproxy/config/readme.txt b/sidecar/rproxy/config/readme.txt
new file mode 100644
index 0000000..79cf29e
--- /dev/null
+++ b/sidecar/rproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file
diff --git a/sidecar/rproxy/config/reverse-proxy.properties b/sidecar/rproxy/config/reverse-proxy.properties
new file mode 100644
index 0000000..8d46e1f
--- /dev/null
+++ b/sidecar/rproxy/config/reverse-proxy.properties
@@ -0,0 +1 @@
+transactionid.header.name=X-TransactionId \ No newline at end of file
diff --git a/sidecar/rproxy/config/security/keyfile b/sidecar/rproxy/config/security/keyfile
new file mode 100644
index 0000000..6cd12fc
--- /dev/null
+++ b/sidecar/rproxy/config/security/keyfile
@@ -0,0 +1,27 @@
+bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM
+1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29
+xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK
+BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm
+6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99
+QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm
+zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6
+x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf
+8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz
+FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz
+UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r
+banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv
+6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG
+yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB
+xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB
+lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq
+ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE
+fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v
+1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5
+liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc
+0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u
+PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm
+8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv
+dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ
+-85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn
+c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J
+uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao \ No newline at end of file