demo/docker_files/preconfigure-ecomp-keystopics.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191

#!/bin/bash

HOSTPORT="127.0.0.1:3904"
KEYDIR="."


# dictionary of API Keys and the tpics owned by each API key
declare -A topics
topics=( \
["anonymous"]="APPC-CL APPC-TEST2 PDPD-CONFIGURATION POLICY-CL-MGT DCAE-CL-EVENT unauthenticated.SEC_MEASUREMENT_OUTPUT unauthenticated.TCA_EVENT_OUTPUT " \
["apikey-SDC1"]="SDC-DISTR-NOTIF-TOPIC-SDC-OPENSOURCE-ENV1 SDC-DISTR-STATUS-TOPIC-SDC-OPENSOURCE-ENV1" \
["apikey-APPC1"]="APPC-TEST1" \
["apikey-PORTAL1"]="ECOMP-PORTAL-INBOX" \
["apikey-PORTALAPP1"]="ECOMP-PORTAL-OUTBOX-APP1" \
["apikey-PORTALDBC1"]="ECOMP-PORTAL-OUTBOX-DBC1" \
["apikey-PORTALSDC1"]="ECOMP-PORTAL-OUTBOX-SDC1" \
["apikey-PORTALVID1"]="ECOMP-PORTAL-OUTBOX-VID1" \
["apikey-PORTALPOL1"]="ECOMP-PORTAL-OUTBOX-POL1" \
)

# dictionary of producers for each topic
declare -A acl_producers
acl_producers=(\
["SDC-DISTR-NOTIF-TOPIC-SDC-OPENSOURCE-ENV1"]="apikey-sdc1" \
["SDC-DISTR-STATUS-TOPIC-SDC-OPENSOURCE-ENV1"]="apikey-sdc1" \
["ECOMP-PORTAL-INBOX"]="apikey-PORTALAPP1 apikey-PORTALDBC1 apikey-PORTALSDC1 apikey-PORTALVID1 apikey-PORTALPOL1" \
["ECOMP-PORTAL-OUTBOX-APP1"]="apikey-PORTAL1" \
["ECOMP-PORTAL-OUTBOX-DBC1"]="apikey-PORTAL1" \
["ECOMP-PORTAL-OUTBOX-SDC1"]="apikey-PORTAL1" \
["ECOMP-PORTAL-OUTBOX-VID1"]="apikey-PORTAL1" \
["ECOMP-PORTAL-OUTBOX-POL1"]="apikey-PORTAL1" \
["APPC-TEST1"]="apikey-APPC1" \
)

# dictionary of consumers for each topic
declare -A acl_consumers
acl_consumers=(\
["SDC-DISTR-NOTIF-TOPIC-SDC-OPENSOURCE-ENV1"]="apikey-sdc1" \
["SDC-DISTR-STATUS-TOPIC-SDC-OPENSOURCE-ENV1"]="apikey-sdc1" \
["ECOMP-PORTAL-INBOX"]="apikey-PORTAL1" \
["ECOMP-PORTAL-OUTBOX-APP1"]="apikey-PORTALAPP1" \
["ECOMP-PORTAL-OUTBOX-DBC1"]="apikey-PORTALDBC1" \
["ECOMP-PORTAL-OUTBOX-SDC1"]="apikey-PORTALSDC1" \
["ECOMP-PORTAL-OUTBOX-VID1"]="apikey-PORTALVID1" \
["ECOMP-PORTAL-OUTBOX-POL1"]="apikey-PORTALPOL1" \
["APPC-TEST1"]="apikey-APPC1" \
)

myrun () {
    CMD="$1"
    echo "CMD:[$CMD]"
    eval $CMD
}

getowner () {
    local -n outowner=$2
    target_topic="$1"
    echo "look for owner for $target_topic"
    for o in "${!topics[@]}"; do 
        keytopics=${topics[$o]}
        for topic in ${keytopics}; do
            if [ "$topic" == "-" ]; then
                continue
            fi
            if [ "$topic" == "$target_topic" ]; then
                echo "found owner $o"
                outowner=$o
                return
            fi
        done
    done
}

add_acl () {
    acl_group="$1"
    topic="$2"
    client="$3"
    echo " adding $client to group $acl_group for topic $2"

    getowner "$topic" owner
    echo "==owner for $topic is $owner"


    if [ -z "$owner" ]; then
        echo "No owner API key found for topic $topic"
        #exit
    fi
    OWNER_API_KEYFILE="${KEYDIR}/${owner}.key"
    if [ ! -e $API_KEYFILE ]; then
        echo "No API key file $OWNER_API_KEYFILE for owner $owner of topic $topic, exit "
        #exit
    fi 

    CLIENT_API_KEYFILE="${KEYDIR}/${client}.key"
    if [ ! -e $CLIENT_API_KEYFILE ]; then
        echo "No API key file $CLIENT_API_KEYFILE for client $client, exit "
        #exit
    else
        CLIENTKEY=`cat ${CLIENT_API_KEYFILE} |jq -r ".key"`
        UEBAPIKEYSECRET=`cat ${OWNER_API_KEYFILE} |jq -r ".secret"`
        UEBAPIKEYKEY=`cat ${OWNER_API_KEYFILE} |jq -r ".key"`
        time=`date --iso-8601=seconds`
        signature=$(echo -n "$time" | openssl sha1 -hmac $UEBAPIKEYSECRET -binary | openssl base64)
        xAuth=$UEBAPIKEYKEY:$signature
        xDate="$time"
        CMD="curl -i -H \"Content-Type: application/json\"  -H \"X-CambriaAuth:$xAuth\"  -H \"X-CambriaDate:$xDate\" -X PUT http://${HOSTPORT}/topics/${topic}/${acl_group}/${CLIENTKEY}"
        myrun "$CMD"
    fi
}


for key in "${!topics[@]}"; do 
    # try to create key if no such key exists
    API_KEYFILE="${KEYDIR}/${key}.key"
    if [ "$key" != "anonymous" ]; then
        if [ -e ${API_KEYFILE} ]; then
            echo "API key for $key already exists, no need to create new"
        else
            echo "generating API key $key"
            echo '{"email":"no email","description":"API key for '$key'"}' > /tmp/input.txt

            CMD="curl -s -o ${API_KEYFILE} -H \"Content-Type: application/json\" -X POST -d @/tmp/input.txt http://${HOSTPORT}/apiKeys/create"
            myrun "$CMD"
            echo "API key for $key has been created: "; cat ${API_KEYFILE}
            echo "generating API key $key done"; echo
        fi
    fi

    # create the topics for this key
    keytopics=${topics[$key]}
    for topic in ${keytopics}; do
        if [ "$topic" == "-" ]; then
            continue
        fi
        if [ "$key" == "anonymous" ]; then
            echo "creating anonymous topic $topic"
            CMD="curl  -H \"Content-Type:text/plain\" -X POST -d @/tmp/sample.txt http://${HOSTPORT}/events/${topic}"
            myrun "$CMD"
            echo "done creating anonymous topic $topic"; echo
        else
            echo "creating API key secured topic $topic for API key $key"
            UEBAPIKEYSECRET=`cat ${API_KEYFILE} |jq -r ".secret"`
            UEBAPIKEYKEY=`cat ${API_KEYFILE} |jq -r ".key"`
            echo '{"topicName":"'${topic}'","topicDescription":"'$key' API Key secure topic","partitionCount":"1","replicationCount":"1","transactionEnabled":"true"}' > /tmp/topicname.txt
            time=`date --iso-8601=seconds`
            signature=$(echo -n "$time" | openssl sha1 -hmac $UEBAPIKEYSECRET -binary | openssl base64)
            xAuth=$UEBAPIKEYKEY:$signature
            xDate="$time"
            CMD="curl -i -H \"Content-Type: application/json\"  -H \"X-CambriaAuth: $xAuth\"  -H \"X-CambriaDate: $xDate\" -X POST -d @/tmp/topicname.txt http://${HOSTPORT}/topics/create"
            myrun "$CMD"
            echo "done creating api key topic $topic"
            echo
        fi
    done
done


echo 
echo "============ post loading state of topics ================="
CMD="curl http://${HOSTPORT}/topics"
myrun "$CMD"
for key in "${!topics[@]}"; do 
    keytopics=${topics[$key]}
    echo "---------- key: ${key} "
    for topic in ${keytopics}; do
        if [ "$topic" == "-" ]; then
            continue
        fi
        CMD="curl http://${HOSTPORT}/topics/${topic}"
        myrun "$CMD"
        echo
    done
    echo "end of key: ${key} secured topics"
done


# adding publisher and subscriber ACL 
for topic in "${!acl_consumers[@]}"; do 
    consumers=${acl_consumers[$topic]}
    for consumer in ${consumers}; do
        add_acl "consumers" "$topic" "$consumer"
    done
done

for topic in "${!acl_producers[@]}"; do 
    producers=${acl_producers[$topic]}
    for producer in ${producers}; do
        add_acl "producers" "$topic" "$producer"
    done
done