aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/aaf/charts/aaf-cs
diff options
context:
space:
mode:
authorMahendra Raghuwanshi <mahendra.raghuwanshi@amdocs.com>2018-05-03 12:15:03 +0000
committerMandeep Khinda <mandeep.khinda@amdocs.com>2018-05-07 14:55:26 -0400
commitafb1e2a536aecbbf0a90155749a23eb2de54f223 (patch)
treebc17887d30dc4b01a72fd32270513dec32b8d77f /kubernetes/aaf/charts/aaf-cs
parent89dbd64a432ccb3c08b8c6303d53d80c3d9fe3a6 (diff)
AAF Charts
-PS3-MK -renaming charts to remove hyphen -refactoring service name configuration. It wasn't quite correct the way it was. It was taking the chart name as the service name and not using the values.yaml from the top level chart as intended. -Jonathan asked to name the main app service "aaf-service and cassandra to "aaf-cass" as this is what is in the cert -squashed https://gerrit.onap.org/r/#/c/45923/1 into this commit. -updated robot to the latest settings Robot tests are failing but all pods come up. I think this can be merged and the AAF team investigate the robot health issue in a running system -PS4-MK -reverting sms changes and taking the latest from master -removing repository from the global section of the aaf values. -this was causing all images to be pulled from nexus3.onap.org which was failing to pull images that come from docker hub. There is supposed to be a proxy through nexus3 to dockerhub but maybe we are missing something. -PS5-MK -removing nodeports from non gui related charts. There are conflicts -PS6-Kiran -Adding imagepullsecrets for aaf-sms-vault subchart -updated image repository to pull from nexus3 -tested and works now and should fix the pull errors -PS7-Kiran -Previous patch picked up a couple of unintended changes -Reverting them -PS8-MK -removing names from identities -using https for robot test Issue-ID: OOM-930 Change-Id: I98f40ef5af03dda73aebf12f6fa48d928915ab34 Signed-off-by: Mahendra Raghuwanshi <mahendra.raghuwanshi@amdocs.com> Add Beijing CQLs into OOM Issue-ID: AAF-114 Change-Id: I2c2d46738ba0885c41f710997d4b212b6ce4d2de Signed-off-by: Instrumental <jonathan.gathman@att.com> Signed-off-by: Mandeep Khinda <mandeep.khinda@amdocs.com> Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
Diffstat (limited to 'kubernetes/aaf/charts/aaf-cs')
-rw-r--r--kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/ecomp.cql169
-rw-r--r--kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/identities.dat7
-rw-r--r--kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/identities.idxbin56 -> 0 bytes
-rw-r--r--kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/init.cql112
-rw-r--r--kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/keyspace.cql11
-rw-r--r--kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/osaaf.cql122
-rw-r--r--kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/temp_identity.cql8
-rw-r--r--kubernetes/aaf/charts/aaf-cs/templates/NOTES.txt19
-rw-r--r--kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml36
-rw-r--r--kubernetes/aaf/charts/aaf-cs/templates/service.yaml18
-rw-r--r--kubernetes/aaf/charts/aaf-cs/values.yaml5
11 files changed, 269 insertions, 238 deletions
diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/ecomp.cql b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/ecomp.cql
deleted file mode 100644
index 6fddf65001..0000000000
--- a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/ecomp.cql
+++ /dev/null
@@ -1,169 +0,0 @@
-USE authz;
-
-// Create Root pass
-INSERT INTO cred (id,ns,type,cred,expires)
- VALUES ('dgl@openecomp.org','org.openecomp',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31');
-
-INSERT INTO cred (id,ns,type,cred,expires)
- VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31');
-
-INSERT INTO cred (id,ns,type,cred,expires)
- VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31');
-
-
-// Create 'com' root NS
-INSERT INTO ns (name,scope,description,parent,type)
- VALUES('com',1,'Root Namespace',null,1);
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('com','admin',{'com.access|*|*'},'Com Admins');
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('com','owner',{'com.access|*|read'},'Com Owners');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('com','access','*','read',{'com.owner'},'Com Read Access');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('com','access','*','*',{'com.admin'},'Com Write Access');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('dgl@openecomp.org','com.owner','2020-12-31','com','owner');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('dgl@openecomp.org','com.admin','2020-12-31','com','admin');
-
-// Create org root NS
-INSERT INTO ns (name,scope,description,parent,type)
- VALUES('org',1,'Root Namespace Org',null,1);
-
-INSERT INTO ns (name,scope,description,parent,type)
- VALUES('org.openecomp.dcae',3,'DCAE Namespace Org','org.openecomp',3);
-
-INSERT INTO ns (name,scope,description,parent,type)
- VALUES('org.openecomp.dmaapBC',3,'DMaaP BC Namespace Org','org.openecomp',3);
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('org','admin',{'org.access|*|*'},'Com Admins');
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('org','owner',{'org.access|*|read'},'Com Owners');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('org','access','*','read',{'org.owner'},'Com Read Access');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('org','access','*','*',{'org.admin'},'Com Write Access');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('dgl@openecomp.org','org.owner','2020-12-31','org','owner');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('dgl@openecomp.org','org.admin','2020-12-31','org','admin');
-
-
-// Create com.att
-
-INSERT INTO ns (name,scope,description,parent,type)
- VALUES('com.att',2,'AT&T Namespace','com',2);
-
-INSERT INTO role(ns, name, perms,description)
- VALUES('com.att','admin',{'com.att.access|*|*'},'AT&T Admins');
-
-INSERT INTO role(ns, name, perms,description)
- VALUES('com.att','owner',{'com.att.access|*|read'},'AT&T Owners');
-
-INSERT INTO perm(ns, type, instance, action, roles,description)
- VALUES ('com.att','access','*','read',{'com.att.owner'},'AT&T Read Access');
-
-INSERT INTO perm(ns, type, instance, action, roles,description)
- VALUES ('com.att','access','*','*',{'com.att.admin'},'AT&T Write Access');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('dgl@openecomp.org','com.att.owner','2020-12-31','com.att','owner');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('dgl@openecomp.org','com.att.admin','2020-12-31','com.att','admin');
-
-// Create com.att.aaf
-
-INSERT INTO ns (name,scope,description,parent,type)
- VALUES('com.att.aaf',3,'Application Authorization Framework','com.att',3);
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('com.att.aaf','admin',{'com.att.aaf.access|*|*'},'AAF Admins');
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('com.att.aaf','owner',{'com.att.aaf.access|*|read'},'AAF Owners');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('com.att.aaf','access','*','read',{'com.att.aaf.owner'},'AAF Read Access');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('com.att.aaf','access','*','*',{'com.att.aaf.admin'},'AAF Write Access');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('dgl@openecomp.org','com.att.aaf.admin','2020-12-31','com.att.aaf','admin');
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('dgl@openecomp.org','com.att.aaf.owner','2020-12-31','com.att.aaf','owner');
-
-
-// Create org.openecomp
-INSERT INTO ns (name,scope,description,parent,type)
- VALUES('org.openecomp',2,'Open EComp NS','com.att',2);
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('org.openecomp','admin',{'org.openecomp.access|*|*'},'OpenEcomp Admins');
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('org.openecomp','owner',{'org.openecomp.access|*|read'},'OpenEcomp Owners');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('org.openecomp','access','*','read',{'org.openecomp.owner'},'OpenEcomp Read Access');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('org.openecomp','access','*','*',{'org.openecomp.admin'},'OpenEcomp Write Access');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('dgl@openecomp.org','org.openecomp.admin','2020-12-31','org.openecomp','admin');
-
-// Create org.openecomp.dmaapBC
-
-INSERT INTO ns (name,scope,description,parent,type)
- VALUES('org.openecomp.dmaapBC',3,'Application Authorization Framework','org.openecomp',3);
-
-//INSERT INTO role(ns, name, perms, description)
-// VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*'},'AAF Admins');
-
-INSERT INTO role(ns, name, perms, description)
-VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.topicFactory|:org.openecomp.dmaapBC.topic:org.openecomp.dmaapBC|create','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins');
-
-//INSERT INTO role(ns, name, perms, description)
-//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub'},'AAF Admins');
-
-//INSERT INTO role(ns, name, perms, description)
-//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins');
-
-
-
-INSERT INTO role(ns, name, perms, description)
- VALUES('org.openecomp.dmaapBC','owner',{'org.openecomp.dmaapBC.access|*|read'},'AAF Owners');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('org.openecomp.dmaapBC','access','*','read',{'org.openecomp.dmaapBC.owner'},'AAF Read Access');
-
-INSERT INTO perm(ns, type, instance, action, roles, description)
- VALUES ('org.openecomp.dmaapBC','access','*','*',{'org.openecomp.dmaapBC.admin'},'AAF Write Access');
-
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin');
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner');
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin');
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner');
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin');
-INSERT INTO user_role(user,role,expires,ns,rname)
- VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner');
diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/identities.dat b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/identities.dat
deleted file mode 100644
index 98bf99a3d1..0000000000
--- a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/identities.dat
+++ /dev/null
@@ -1,7 +0,0 @@
-iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e|
-mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna
-bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager
-mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager
-ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager
-iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager
-osaaf|ID of AAF|||||a|bdevl
diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/identities.idx b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/identities.idx
deleted file mode 100644
index 78fc0a5693..0000000000
--- a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/identities.idx
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/init.cql b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/init.cql
index 81700f830c..c06e5ee952 100644
--- a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/init.cql
+++ b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/init.cql
@@ -1,35 +1,6 @@
-// For Developer Machine single instance
-//
-CREATE KEYSPACE authz
-WITH REPLICATION = {'class' : 'SimpleStrategy','replication_factor':1};
-//
-// From Ravi, 6-17-2014. User for DEVL->TEST
-//
-// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'HYWRCA02': '2', 'BRHMALDC': '2' };
-//
-// PROD
-//
-// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','ALPSGACT': '2','STLSMORC': '2','BRHMALDC': '2' };
-//
-// create user authz with password '<AUTHZ PASSWORD>' superuser;
-// grant all on keyspace authz to authz;
-//
-// For TEST (aaf_test)
-// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'BRHMALDC': '1' };
-//
-// DEVL
-// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '2' };
-//
-// TEST / PERF
-// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '3','KGMTNC20': '3' };
-//
-// IST
-// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC':'3',
-// 'DLLSTXCF':'3','KGMTNC20':'3','SFLDMIBB':'3','HYWRCA02':'3' };
-//
-// with 6 localized with ccm
-// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'dc1': '2', 'dc2': '2' };
-//
+
+// Table Initialization
+// First make sure the keyspace exists.
USE authz;
@@ -51,12 +22,6 @@ CREATE TABLE ns (
);
CREATE INDEX ns_parent on ns(parent);
-
-// Oct 2015, not performant. Made Owner and Attrib first class Roles,
-// April, 2015. Originally, the plan was to utilize Cassandra 2.1.2, however, other team's preferences were to remain at current levels.
-// Therefore, we are taking the separate table approach. (coder Jeremiah Rohwedder)
-// We had dropped this by making first class objects of Responsible (Owner) and Admin. We need this again to mark namespaces
-// as having certain tools, like SWM, etc.
CREATE TABLE ns_attrib (
ns varchar,
key varchar,
@@ -125,10 +90,10 @@ CREATE INDEX cert_id ON cert(id);
CREATE INDEX cert_x500 ON cert(x500);
CREATE TABLE notify (
- user text,
- type int,
- last timestamp,
- checksum int,
+ user text,
+ type int,
+ last timestamp,
+ checksum int,
PRIMARY KEY (user,type)
);
@@ -155,14 +120,16 @@ CREATE TABLE artifact (
sponsor text,
ca text,
dir text,
- appName text,
os_user text,
+ ns text,
notify text,
expires timestamp,
- renewDays int,
+ renewDays int,
+ sans Set<text>,
PRIMARY KEY (mechid,machine)
);
CREATE INDEX artifact_machine ON artifact(machine);
+CREATE INDEX artifact_ns ON artifact(ns);
//
// Non-Critical Table functions
@@ -216,6 +183,7 @@ CREATE TABLE approval (
status varchar, // approval status. pending, approved, denied
memo varchar, // Text for Approval to know what's going on
operation varchar, // List operation to perform
+ last_notified timestamp, // Timestamp for the last time approver was notified
PRIMARY KEY(id)
);
CREATE INDEX appr_approver_idx ON approval(approver);
@@ -223,6 +191,19 @@ CREATE INDEX appr_user_idx ON approval(user);
CREATE INDEX appr_ticket_idx ON approval(ticket);
CREATE INDEX appr_status_idx ON approval(status);
+CREATE TABLE approved (
+ id timeuuid, // unique Key
+ user varchar, // the user who needs to be approved
+ approver varchar, // user approving
+ type varchar, // approver types i.e. Supervisor, Owner
+ status varchar, // approval status. pending, approved, denied
+ memo varchar, // Text for Approval to know what's going on
+ operation varchar, // List operation to perform
+ PRIMARY KEY(id)
+ );
+CREATE INDEX approved_approver_idx ON approved(approver);
+CREATE INDEX approved_user_idx ON approved(user);
+
CREATE TABLE delegate (
user varchar,
delegate varchar,
@@ -231,6 +212,49 @@ CREATE TABLE delegate (
);
CREATE INDEX delg_delg_idx ON delegate(delegate);
+// OAuth Tokens
+CREATE TABLE oauth_token (
+ id text, // Reference
+ client_id text, // Creating Client ID
+ user text, // User requesting
+ active boolean, // Active or not
+ type int, // Type of Token
+ refresh text, // Refresh Token
+ expires timestamp, // Expiration time/Date (signed long)
+ exp_sec bigint, // Seconds from Jan 1, 1970
+ content text, // Content of Token
+ scopes Set<text>, // Scopes
+ state text, // Context string (Optional)
+ req_ip text, // Requesting IP (for logging purpose)
+ PRIMARY KEY(id)
+) with default_time_to_live = 21600; // 6 hours
+CREATE INDEX oauth_token_user_idx ON oauth_token(user);
+
+CREATE TABLE locate (
+ name text, // Component/Server name
+ hostname text, // FQDN of Service/Component
+ port int, // Port of Service
+ major int, // Version, Major
+ minor int, // Version, Minor
+ patch int, // Version, Patch
+ pkg int, // Version, Package (if available)
+ latitude float, // Latitude
+ longitude float, // Longitude
+ protocol text, // Protocol (i.e. http https)
+ subprotocol set<text>, // Accepted SubProtocols, ie. TLS1.1 for https
+ port_key uuid, // Key into locate_ports
+ PRIMARY KEY(name,hostname,port)
+) with default_time_to_live = 1200; // 20 mins
+
+CREATE TABLE locate_ports (
+ id uuid, // Id into locate
+ port int, // SubPort
+ name text, // Name of Other Port
+ protocol text, // Protocol of Other (i.e. JMX, DEBUG)
+ subprotocol set<text>, // Accepted sub protocols or versions
+ PRIMARY KEY(id, port)
+) with default_time_to_live = 1200; // 20 mins;
+
//
// Used by authz-batch processes to ensure only 1 runs at a time
//
diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/keyspace.cql b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/keyspace.cql
new file mode 100644
index 0000000000..52dc5ea77e
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/keyspace.cql
@@ -0,0 +1,11 @@
+// For Developer Machine single instance
+// CREATE KEYSPACE authz
+// WITH REPLICATION = {'class' : 'SimpleStrategy','replication_factor':1};
+//
+//
+
+// Example of Network Topology, with Datacenter dc1 & dc2
+// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'dc1': '2', 'dc2': '2' };
+// Out of the box Docker Cassandra comes with "datacenter1", one instance
+CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'datacenter1': '1' };
+//
diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/osaaf.cql b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/osaaf.cql
new file mode 100644
index 0000000000..e7385ab69d
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/osaaf.cql
@@ -0,0 +1,122 @@
+USE authz;
+
+// Create 'org' root NS
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org','Root Namespace','.',1,1);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org','admin',{'org.access|*|*'},'Org Admins');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org','owner',{'org.access|*|read,approve'},'Org Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org','access','*','read,approve',{'org.owner'},'Org Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org','access','*','*',{'org.admin'},'Org Write Access');
+
+// Create Root pass
+INSERT INTO cred (id,ns,type,cred,expires)
+ VALUES ('initial@osaaf.org','org.osaaf',1,0x008c5926ca861023c1d2a36653fd88e2,'2099-12-31') using TTL 14400;
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('initial@osaaf.org','org.admin','2099-12-31','org','admin') using TTL 14400;
+
+
+// Create org.osaaf
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org.osaaf','OSAAF Namespace','org',2,2);
+
+INSERT INTO role(ns, name, perms,description)
+ VALUES('org.osaaf','admin',{'org.osaaf.access|*|*'},'OSAAF Admins');
+
+INSERT INTO perm(ns, type, instance, action, roles,description)
+ VALUES ('org.osaaf','access','*','*',{'org.osaaf.admin'},'OSAAF Write Access');
+
+INSERT INTO role(ns, name, perms,description)
+ VALUES('org.osaaf','owner',{'org.osaaf.access|*|read,approve'},'OSAAF Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles,description)
+ VALUES ('org.osaaf','access','*','read,appove',{'org.osaaf.owner'},'OSAAF Read Access');
+
+// Create org.osaaf.aaf
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org.osaaf.aaf','Application Authorization Framework','org.osaaf',3,3);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.osaaf.aaf','admin',{'org.osaaf.aaf.access|*|*'},'AAF Admins');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.osaaf.aaf','access','*','*',{'org.osaaf.aaf.admin'},'AAF Write Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.osaaf.aaf','access','*','read,approve',{'org.osaaf.aaf.owner'},'AAF Read Access');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.osaaf.aaf','owner',{'org.osaaf.aaf.access|*|read,approve'},'AAF Owners');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('initial@osaaf.org','org.osaaf.aaf.admin','2099-12-31','org.osaaf.aaf','admin') using TTL 14400;
+
+
+// ONAP Specific Entities
+// ONAP initial env Namespace
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org.onap','ONAP','org',2,2);
+
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org.onap.portal','ONAP Portal','org.onap.portal',3,3);
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.onap.portal','access','*','read',{
+ 'org.onap.portal.owner','org.onap.portal.designer','org.onap.portal.tester','org.onap.portal.ops','org.onap.portal.governor'
+ },'Portal Read Access');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','owner',{'org.onap.portal.access|*|read'},'Portal Owner');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.onap.portal','access','*','*',{'org.onap.portal.admin'},'Portal Write Access');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','admin',{'org.onap.portal.access|*|*'},'Portal Admins');
+
+// DEMO ID (OPS)
+insert into cred (id,type,expires,cred,notes,ns,other) values('demo@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('demo@people.osaaf.org','org.onap.portal.admin','2018-10-31','org.onap.portal','admin');
+
+// ADMIN
+insert into cred (id,type,expires,cred,notes,ns,other) values('jh0003@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('jh0003@people.osaaf.org','org.onap.portal.admin','2018-10-31','org.onap.portal','admin');
+
+// DESIGNER
+INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('cs0008@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','designer',{'org.onap.portal.access|*|read'},'Portal Designer');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('cs0008@people.osaaf.org','org.onap.portal.designer','2018-10-31','org.onap.portal','designer');
+
+// TESTER
+INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('jm0007@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','tester',{'org.onap.portal.access|*|read'},'Portal Tester');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('jm0007@people.osaaf.org','org.onap.portal.tester','2018-10-31','org.onap.portal','tester');
+
+// OPS
+INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('op0001@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','ops',{'org.onap.portal.access|*|read'},'Portal Operations');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('op0001@people.osaaf.org','org.onap.portal.ops','2018-10-31','org.onap.portal','ops');
+
+// GOVERNOR
+INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('gv0001@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','governor',{'org.onap.portal.access|*|read'},'Portal Governor');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('gv0001@people.osaaf.org','org.onap.portal.governor','2018-10-31','org.onap.portal','governor');
+
diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/temp_identity.cql b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/temp_identity.cql
new file mode 100644
index 0000000000..5e7cfe1741
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/temp_identity.cql
@@ -0,0 +1,8 @@
+USE authz;
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('demo@people.osaaf.org','org.admin','2099-12-31','org','admin') ;
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('demo@people.osaaf.org','org.osaaf.aaf.admin','2099-12-31','org.osaaf.aaf','admin') ;
+
diff --git a/kubernetes/aaf/charts/aaf-cs/templates/NOTES.txt b/kubernetes/aaf/charts/aaf-cs/templates/NOTES.txt
new file mode 100644
index 0000000000..c60c745ca3
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-cs/templates/NOTES.txt
@@ -0,0 +1,19 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+ http://{{ . }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+ export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ echo "Visit http://127.0.0.1:8080 to use your application"
+ kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
+{{- end }}
diff --git a/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml
index 15e574f511..4253d2fb71 100644
--- a/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml
@@ -24,14 +24,11 @@ metadata:
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
template:
metadata:
labels:
app: {{ include "common.name" . }}
- name: {{ .Release.Name }}
+ release: {{ .Release.Name }}
spec:
hostname: {{ include "common.name" . }}
containers:
@@ -39,24 +36,45 @@ spec:
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}
+ ports:
+ - containerPort: {{ .Values.service.externalPort }}
+ - containerPort: {{ .Values.service.externalPort2 }}
+ - containerPort: {{ .Values.service.externalPort3 }}
+ - containerPort: {{ .Values.service.externalPort4 }}
volumeMounts:
- mountPath: /data
name: aaf-cs-data
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ .Values.service.internalPort3 }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ .Values.service.internalPort3 }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
+ lifecycle:
+ postStart:
+ exec:
+ command:
+ - /bin/sh
+ - -c
+ - >
+ /bin/sleep 30;
+ cd /data/;
+ cqlsh -u root -p root -f keyspace.cql ;
+ cqlsh -u root -p root -f init.cql ;
+ cqlsh -u root -p root -f osaaf.cql ;
+ cqlsh -u root -p root -f temp_identity.cql
+ resources:
{{ toYaml .Values.resources | indent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
@@ -66,8 +84,10 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
-
volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
- name: aaf-cs-data
secret:
secretName: {{ include "common.fullname" . }}
diff --git a/kubernetes/aaf/charts/aaf-cs/templates/service.yaml b/kubernetes/aaf/charts/aaf-cs/templates/service.yaml
index 2e4a619a20..b1716e4936 100644
--- a/kubernetes/aaf/charts/aaf-cs/templates/service.yaml
+++ b/kubernetes/aaf/charts/aaf-cs/templates/service.yaml
@@ -22,6 +22,8 @@ metadata:
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
+# annotations:
+# service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
spec:
type: {{ .Values.service.type }}
ports:
@@ -30,29 +32,29 @@ spec:
#Example internal target port if required
#targetPort: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.name }}
+ name: {{ .Values.service.portName }}
- port: {{ .Values.service.externalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.name }}2
+ name: {{ .Values.service.portName }}2
- port: {{ .Values.service.externalPort3 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- name: {{ .Values.service.name }}3
+ name: {{ .Values.service.portName }}3
- port: {{ .Values.service.externalPort4 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
- name: {{ .Values.service.name }}4
+ name: {{ .Values.service.portName }}4
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
+ name: {{ .Values.service.portName }}
- port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.name }}2
+ name: {{ .Values.service.portName }}2
- port: {{ .Values.service.externalPort3 }}
targetPort: {{ .Values.service.internalPort3 }}
- name: {{ .Values.service.name }}3
+ name: {{ .Values.service.portName }}3
- port: {{ .Values.service.externalPort4 }}
targetPort: {{ .Values.service.internalPort4 }}
- name: {{ .Values.service.name }}4
+ name: {{ .Values.service.portName }}4
{{- end}}
selector:
app: {{ include "common.name" . }}
diff --git a/kubernetes/aaf/charts/aaf-cs/values.yaml b/kubernetes/aaf/charts/aaf-cs/values.yaml
index 89b83cd169..83bc972fd8 100644
--- a/kubernetes/aaf/charts/aaf-cs/values.yaml
+++ b/kubernetes/aaf/charts/aaf-cs/values.yaml
@@ -25,7 +25,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: library/cassandra:2.1.17
+image: library/cassandra:3.11
pullPolicy: Always
# flag to enable debugging - application support required
@@ -54,8 +54,9 @@ readiness:
periodSeconds: 10
service:
+ name: aaf-cass
type: ClusterIP
- name: aaf-cs
+ portName: aaf-cs
#targetPort
internalPort: 7000
#port