Add Pluggable Security to aai-resources

Note that by default this feature is turned off. To enable update the
installSidecarSecurity in aai/values.yaml to true.

Change-Id: If5d2be859ead2f0bd81aabb4fde749f105974bcf
Issue-ID: AAF-616
Signed-off-by: Ravi Geda <gravik@amdocs.com>

4 files changed, 99 insertions, 0 deletions

diff --git a/charts/aai-resources/resources/rproxy/config/auth/client-cert.p12 b/charts/aai-resources/resources/rproxy/config/auth/client-cert.p12
new file mode 100644
index 0000000..071d407
--- /dev/null
+++ b/charts/aai-resources/resources/rproxy/config/auth/client-cert.p12
diff --git a/charts/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 b/charts/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12
new file mode 100644
index 0000000..023e2ea
--- /dev/null
+++ b/charts/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12
diff --git a/charts/aai-resources/resources/rproxy/config/auth/tomcat_keystore b/charts/aai-resources/resources/rproxy/config/auth/tomcat_keystore
new file mode 100644
index 0000000..6ad5f51
--- /dev/null
+++ b/charts/aai-resources/resources/rproxy/config/auth/tomcat_keystore
diff --git a/charts/aai-resources/resources/rproxy/config/auth/uri-authorization.json b/charts/aai-resources/resources/rproxy/config/auth/uri-authorization.json
new file mode 100644
index 0000000..e23c03d
--- /dev/null
+++ b/charts/aai-resources/resources/rproxy/config/auth/uri-authorization.json
@@ -0,0 +1,99 @@
+[
+  {
+    "uri": "\/not\/allowed\/at\/all$",
+    "permissions": [
+      "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt"
+     ]
+  },
+  {
+    "uri": "\/one\/auth\/required$",
+    "permissions": [
+      "test.auth.access.aSimpleSingleAuth"
+     ]
+  },
+  {
+    "uri": "\/multi\/auth\/required$",
+    "permissions": [
+      "test.auth.access.aMultipleAuth1",
+      "test.auth.access.aMultipleAuth2",
+      "test.auth.access.aMultipleAuth3"
+     ]
+  },
+  {
+    "uri": "\/one\/[^\/]+\/required$",
+    "permissions": [
+      "test.auth.access.aSimpleSingleAuth"
+     ]
+  },
+  {
+    "uri": "\/services\/getAAFRequest$",
+    "permissions": [
+      "test.auth.access|services|GET,PUT"
+     ]
+  },
+  {
+    "uri": "\/admin\/getAAFRequest$",
+    "permissions": [
+      "test.auth.access|admin|GET,PUT,POST"
+     ]
+  },
+  {
+    "uri": "\/service\/aai\/webapp\/index.html$",
+    "permissions": [
+      "test.auth.access|services|GET,PUT"
+     ]
+  },
+  {
+    "uri": "\/services\/aai\/webapp\/index.html$",
+    "permissions": [
+      "test.auth.access|services|GET,PUT"
+     ]
+  },
+  {
+    "uri": "\/$",
+    "permissions": [
+    	"\\|services\\|GET",
+      "test\\.auth\\.access\\|services\\|GET,PUT"
+     ]
+  },
+  {
+    "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$",
+    "permissions": [
+      "test\\.auth\\.access\\|rest\\|read"
+     ]
+  },
+  {
+    "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
+    "permissions": [
+      "test.auth.access|clouds|read",
+      "test.auth.access|tenants|read"
+    ]
+  },
+  {
+    "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$",
+    "permissions": [
+      "test.auth.access|clouds|read",
+      "test.auth.access|tenants|read",
+      "test.auth.access|vservers|read"
+    ]
+  },
+  {
+    "uri": "\/backend$",
+    "permissions": [
+      "test\\.auth\\.access\\|services\\|GET,PUT",
+      "\\|services\\|GET"
+     ]
+  },
+  {
+    "uri": "\/aai\/.*",
+    "permissions": [
+      "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
+     ]
+  },
+  {
+    "uri": "\/aai\/util\/echo",
+    "permissions": [
+      "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
+     ]
+  }
+]