summaryrefslogtreecommitdiffstats
path: root/kubernetes/aaf/resources
diff options
context:
space:
mode:
authorMahendra Raghuwanshi <mahendra.raghuwanshi@amdocs.com>2018-05-03 12:15:03 +0000
committerMandeep Khinda <mandeep.khinda@amdocs.com>2018-05-07 14:55:26 -0400
commitafb1e2a536aecbbf0a90155749a23eb2de54f223 (patch)
treebc17887d30dc4b01a72fd32270513dec32b8d77f /kubernetes/aaf/resources
parent89dbd64a432ccb3c08b8c6303d53d80c3d9fe3a6 (diff)
AAF Charts
-PS3-MK -renaming charts to remove hyphen -refactoring service name configuration. It wasn't quite correct the way it was. It was taking the chart name as the service name and not using the values.yaml from the top level chart as intended. -Jonathan asked to name the main app service "aaf-service and cassandra to "aaf-cass" as this is what is in the cert -squashed https://gerrit.onap.org/r/#/c/45923/1 into this commit. -updated robot to the latest settings Robot tests are failing but all pods come up. I think this can be merged and the AAF team investigate the robot health issue in a running system -PS4-MK -reverting sms changes and taking the latest from master -removing repository from the global section of the aaf values. -this was causing all images to be pulled from nexus3.onap.org which was failing to pull images that come from docker hub. There is supposed to be a proxy through nexus3 to dockerhub but maybe we are missing something. -PS5-MK -removing nodeports from non gui related charts. There are conflicts -PS6-Kiran -Adding imagepullsecrets for aaf-sms-vault subchart -updated image repository to pull from nexus3 -tested and works now and should fix the pull errors -PS7-Kiran -Previous patch picked up a couple of unintended changes -Reverting them -PS8-MK -removing names from identities -using https for robot test Issue-ID: OOM-930 Change-Id: I98f40ef5af03dda73aebf12f6fa48d928915ab34 Signed-off-by: Mahendra Raghuwanshi <mahendra.raghuwanshi@amdocs.com> Add Beijing CQLs into OOM Issue-ID: AAF-114 Change-Id: I2c2d46738ba0885c41f710997d4b212b6ce4d2de Signed-off-by: Instrumental <jonathan.gathman@att.com> Signed-off-by: Mandeep Khinda <mandeep.khinda@amdocs.com> Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
Diffstat (limited to 'kubernetes/aaf/resources')
-rw-r--r--kubernetes/aaf/resources/config/aaf-data/identities.dat9
-rw-r--r--kubernetes/aaf/resources/config/backup/backup.sh32
-rw-r--r--kubernetes/aaf/resources/config/backup/cbackup.sh8
-rw-r--r--kubernetes/aaf/resources/config/data/identities.dat27
-rw-r--r--kubernetes/aaf/resources/config/data/sample.identities.dat27
-rw-r--r--kubernetes/aaf/resources/config/etc/org.osaaf.cm.props14
-rw-r--r--kubernetes/aaf/resources/config/etc/org.osaaf.common.props29
-rw-r--r--kubernetes/aaf/resources/config/etc/org.osaaf.fs.props10
-rw-r--r--kubernetes/aaf/resources/config/etc/org.osaaf.gui.props31
-rw-r--r--kubernetes/aaf/resources/config/etc/org.osaaf.hello.props8
-rw-r--r--kubernetes/aaf/resources/config/etc/org.osaaf.locate.props8
-rw-r--r--kubernetes/aaf/resources/config/etc/org.osaaf.log4j.props51
-rw-r--r--kubernetes/aaf/resources/config/etc/org.osaaf.oauth.props8
-rw-r--r--kubernetes/aaf/resources/config/etc/org.osaaf.orgs.props11
-rw-r--r--kubernetes/aaf/resources/config/etc/org.osaaf.service.props8
-rw-r--r--kubernetes/aaf/resources/config/local/org.osaaf.aaf.cm.p12bin0 -> 2818 bytes
-rw-r--r--kubernetes/aaf/resources/config/local/org.osaaf.aaf.keyfile27
-rw-r--r--kubernetes/aaf/resources/config/local/org.osaaf.aaf.p12bin0 -> 4140 bytes
-rw-r--r--kubernetes/aaf/resources/config/local/org.osaaf.aaf.props17
-rw-r--r--kubernetes/aaf/resources/config/local/org.osaaf.aaf.trust.p12bin0 -> 4180 bytes
-rw-r--r--kubernetes/aaf/resources/config/local/org.osaaf.aaf_new-24e41f2f436018568cbdecdc1edbd605.p12bin0 -> 4140 bytes
-rw-r--r--kubernetes/aaf/resources/config/local/org.osaaf.cassandra.props29
-rw-r--r--kubernetes/aaf/resources/config/local/org.osaaf.cm.ca.props11
-rw-r--r--kubernetes/aaf/resources/config/local/org.osaaf.location.props12
-rw-r--r--kubernetes/aaf/resources/config/public/AAF_RootCA.cer31
-rw-r--r--kubernetes/aaf/resources/config/public/aaf_2_0.xsd527
-rw-r--r--kubernetes/aaf/resources/config/public/iframe_denied_test.html10
-rw-r--r--kubernetes/aaf/resources/config/public/truststoreONAP.p12bin0 -> 4180 bytes
-rw-r--r--kubernetes/aaf/resources/config/public/truststoreONAPall.jksbin0 -> 117990 bytes
29 files changed, 936 insertions, 9 deletions
diff --git a/kubernetes/aaf/resources/config/aaf-data/identities.dat b/kubernetes/aaf/resources/config/aaf-data/identities.dat
deleted file mode 100644
index 95eb51d1be..0000000000
--- a/kubernetes/aaf/resources/config/aaf-data/identities.dat
+++ /dev/null
@@ -1,9 +0,0 @@
-iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e|
-mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna
-bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager
-mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager
-ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager
-iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager
-osaaf|ID of AAF|||||a|bdevl
-m99751|ID of AAF|||||a|bdevl
-m99501|ID of AAF|||||a|bdevl
diff --git a/kubernetes/aaf/resources/config/backup/backup.sh b/kubernetes/aaf/resources/config/backup/backup.sh
new file mode 100644
index 0000000000..1359d3de83
--- /dev/null
+++ b/kubernetes/aaf/resources/config/backup/backup.sh
@@ -0,0 +1,32 @@
+# BEGIN Store prev
+BD=/opt/app/osaaf/backup
+if [ -e "$BD/6day" ]; then
+ rm -Rf $BD/6day
+fi
+
+PREV=$BD/6day
+for D in $BD/5day $BD/4day $BD/3day $BD/2day $BD/yesterday; do
+ if [ -e "$D" ]; then
+ mv "$D" "$PREV"
+ fi
+ PREV="$D"
+done
+
+if [ -e "$BD/today" ]; then
+ if [ -e "$BD/backup.log" ]; then
+ mv $BD/backup.log $BD/today
+ fi
+ gzip $BD/today/*
+ mv $BD/today $BD/yesterday
+fi
+
+mkdir $BD/today
+
+# END Store prev
+date
+docker exec -t aaf_cass bash -c "mkdir -p /opt/app/cass_backup"
+docker container cp $BD/cbackup.sh aaf_cass:/opt/app/cass_backup/backup.sh
+# echo "login as Root, then run \nbash /opt/app/cass_backup/backup.sh"
+docker exec -t aaf_cass bash /opt/app/cass_backup/backup.sh
+docker container cp aaf_cass:/opt/app/cass_backup/. $BD/today
+date
diff --git a/kubernetes/aaf/resources/config/backup/cbackup.sh b/kubernetes/aaf/resources/config/backup/cbackup.sh
new file mode 100644
index 0000000000..9c91d0c670
--- /dev/null
+++ b/kubernetes/aaf/resources/config/backup/cbackup.sh
@@ -0,0 +1,8 @@
+cd /opt/app/cass_backup
+DATA="ns role perm ns_attrib user_role cred cert x509 delegate approval approved future notify artifact health history"
+PWD=cassandra
+CQLSH="cqlsh -u cassandra -k authz -p $PWD"
+for T in $DATA ; do
+ echo "Creating $T.dat"
+ $CQLSH -e "COPY authz.$T TO '$T.dat' WITH DELIMITER='|'"
+done
diff --git a/kubernetes/aaf/resources/config/data/identities.dat b/kubernetes/aaf/resources/config/data/identities.dat
new file mode 100644
index 0000000000..39d18a12b9
--- /dev/null
+++ b/kubernetes/aaf/resources/config/data/identities.dat
@@ -0,0 +1,27 @@
+#
+# Sample Identities.dat
+# This file is for use with the "Default Organization". It is a simple mechanism to have a basic ILM structure to use with
+# out-of-the-box tire-kicking, or even for Small companies
+#
+# For Larger Companies, you will want to create a new class implementing the "Organization" interface, making calls to your ILM, or utilizing
+# batch feeds, as is appropriate for your company.
+#
+# Example Field Layout. note, in this example, Application IDs and People IDs are mixed. You may want to split
+# out AppIDs, choose your own status indicators, or whatever you use.
+# 0 - unique ID
+# 1 - full name
+# 2 - first name
+# 3 - last name
+# 4 - phone
+# 5 - official email
+# 6 - employment status e=employee, c=contractor, a=application, n=no longer with company
+# 7 - responsible to (i.e Supervisor for People, or AppOwner, if it's an App ID)
+#
+
+iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e|
+mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna
+bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager
+mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager
+ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager
+iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager
+osaaf|ID of AAF|||||a|bdevl
diff --git a/kubernetes/aaf/resources/config/data/sample.identities.dat b/kubernetes/aaf/resources/config/data/sample.identities.dat
new file mode 100644
index 0000000000..39d18a12b9
--- /dev/null
+++ b/kubernetes/aaf/resources/config/data/sample.identities.dat
@@ -0,0 +1,27 @@
+#
+# Sample Identities.dat
+# This file is for use with the "Default Organization". It is a simple mechanism to have a basic ILM structure to use with
+# out-of-the-box tire-kicking, or even for Small companies
+#
+# For Larger Companies, you will want to create a new class implementing the "Organization" interface, making calls to your ILM, or utilizing
+# batch feeds, as is appropriate for your company.
+#
+# Example Field Layout. note, in this example, Application IDs and People IDs are mixed. You may want to split
+# out AppIDs, choose your own status indicators, or whatever you use.
+# 0 - unique ID
+# 1 - full name
+# 2 - first name
+# 3 - last name
+# 4 - phone
+# 5 - official email
+# 6 - employment status e=employee, c=contractor, a=application, n=no longer with company
+# 7 - responsible to (i.e Supervisor for People, or AppOwner, if it's an App ID)
+#
+
+iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e|
+mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna
+bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager
+mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager
+ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager
+iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager
+osaaf|ID of AAF|||||a|bdevl
diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.cm.props b/kubernetes/aaf/resources/config/etc/org.osaaf.cm.props
new file mode 100644
index 0000000000..d634cfeb37
--- /dev/null
+++ b/kubernetes/aaf/resources/config/etc/org.osaaf.cm.props
@@ -0,0 +1,14 @@
+##
+## org.osaaf.cm.props
+## AAF Certificate Manager properties
+## Note: Link to CA Properties in "local" dir
+##
+cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props:/opt/app/osaaf/local/org.osaaf.cm.ca.props
+aaf_component=AAF_NS.cm:2.1.0.0
+port=8150
+cadi_registration_hostname={{.Values.config.cmServiceName}}
+#Certman
+cm_public_dir=/opt/app/osaaf/public
+cm_trust_cas=AAF_RootCA.cer
+
+
diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.common.props b/kubernetes/aaf/resources/config/etc/org.osaaf.common.props
new file mode 100644
index 0000000000..8b75e709d4
--- /dev/null
+++ b/kubernetes/aaf/resources/config/etc/org.osaaf.common.props
@@ -0,0 +1,29 @@
+############################################################
+# Common properties for all AAF Components
+# on 2018-03-02 06:59.628-0500
+############################################################
+# Pull in Global Coordinates and Certificate Information
+aaf_root_ns=org.osaaf.aaf
+aaf_trust_perm=org.osaaf.aaf|org.onap|trust
+
+cadi_prop_files=/opt/app/osaaf/local/org.osaaf.location.props:/opt/app/osaaf/local/org.osaaf.aaf.props
+cadi_protocols=TLSv1.1,TLSv1.2
+
+aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0
+cadi_loginpage_url=https://AAF_LOCATE_URL/AAF_NS.gui:2.0/login
+
+# Standard for this App/Machine
+aaf_env=DEV
+aaf_data_dir=/opt/app/osaaf/data
+cadi_loglevel=DEBUG
+
+# Domain Support (which will accept)
+aaf_domain_support=.com:.org
+
+# Basic Auth
+aaf_default_realm=people.osaaf.org
+
+# OAuth2
+aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token
+aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect
+
diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.fs.props b/kubernetes/aaf/resources/config/etc/org.osaaf.fs.props
new file mode 100644
index 0000000000..d499f97f56
--- /dev/null
+++ b/kubernetes/aaf/resources/config/etc/org.osaaf.fs.props
@@ -0,0 +1,10 @@
+##
+## org.osaaf.locator
+## AAF Locator Properties
+##
+cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props
+aaf_component=AAF_NS.fs:2.1.0.0
+port=8096
+cadi_registration_hostname={{.Values.config.fsServiceName}}
+
+aaf_public_dir=/opt/app/osaaf/public
diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.gui.props b/kubernetes/aaf/resources/config/etc/org.osaaf.gui.props
new file mode 100644
index 0000000000..86b3aa6467
--- /dev/null
+++ b/kubernetes/aaf/resources/config/etc/org.osaaf.gui.props
@@ -0,0 +1,31 @@
+##
+## org.osaaf.locator
+## AAF Locator Properties
+##
+cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/etc/org.osaaf.orgs.props
+aaf_component=AAF_NS.gui:2.1.0.0
+port=8200
+cadi_registration_hostname={{.Values.config.guiServiceName}}
+
+aaf_gui_title=AAF
+aaf_gui_copyright=(c) 2018 AT&T Intellectual Property. All rights reserved.
+aaf_gui_theme=theme/onap
+cadi_loginpage_url=https://AAF_LOCATE_URL/com.att.aaf.gui:2.0/login
+
+# GUI URLS and Help URLS
+cm_url=https://{{.Values.config.cmServiceName}}:8150
+gw_url=https://{{.Values.config.locateServiceName}}:8095
+fs_url=http://{{.Values.config.fsServiceName}}:8096
+
+aaf_url.gui_onboard=https://wiki.web.att.com/display/aaf/OnBoarding
+aaf_url.cuigui=https://wiki.web.att.com/display/aaf/Using+the+Command+Prompt
+
+aaf_url.aaf_help=https://wiki.onap.org/display/DW/Application+Authorization+Framework+Documentation
+aaf_url.aaf_help.sub=Bootstrapping+AAF,Installation+Guide
+aaf_url.aaf_help.sub.Bootstrapping+AAF=https://wiki.onap.org/display/DW/Bootstrapping+AAF
+aaf_url.aaf_help.sub.Installation+Guide=https://wiki.onap.org/display/DW/AAF+Installation+Guide
+#aaf_url.cadi_help=
+aaf_url.tools=AAF+Projects,AAF+Jira,AAF+Calendar
+aaf_url.tool=AAF+Jira=https://jira.onap.org/secure/RapidBoard.jspa?rapidView=69&projectKey=AAF&view=detail&selectedIssue=AAF-134
+aaf_url.tool.AAF+Projects=https://gerrit.onap.org/r/#/admin/projects/?filter=aaf%2F
+aaf_url.tool.AAF+Calendar=https://wiki.onap.org/pages/viewpage.action?pageId=6587439
diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.hello.props b/kubernetes/aaf/resources/config/etc/org.osaaf.hello.props
new file mode 100644
index 0000000000..d832aaf7e0
--- /dev/null
+++ b/kubernetes/aaf/resources/config/etc/org.osaaf.hello.props
@@ -0,0 +1,8 @@
+##
+## org.osaaf.locator
+## AAF Locator Properties
+##
+cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props
+aaf_component=AAF_NS.hello:2.1.0.0
+port=8130
+cadi_registration_hostname={{.Values.config.helloServiceName}}
diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.locate.props b/kubernetes/aaf/resources/config/etc/org.osaaf.locate.props
new file mode 100644
index 0000000000..47a174ed44
--- /dev/null
+++ b/kubernetes/aaf/resources/config/etc/org.osaaf.locate.props
@@ -0,0 +1,8 @@
+##
+## org.osaaf.locator
+## AAF Locator Properties
+##
+cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props
+aaf_component=AAF_NS.locator:2.1.0.0
+port=8095
+cadi_registration_hostname={{.Values.config.locateServiceName}}
diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.log4j.props b/kubernetes/aaf/resources/config/etc/org.osaaf.log4j.props
new file mode 100644
index 0000000000..9f10802821
--- /dev/null
+++ b/kubernetes/aaf/resources/config/etc/org.osaaf.log4j.props
@@ -0,0 +1,51 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+log4j.appender.INIT=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.INIT.File=${LOG4J_FILENAME_init}
+log4j.appender.INIT.DatePattern='.'yyyy-MM-dd
+log4j.appender.INIT.layout=org.apache.log4j.PatternLayout
+log4j.appender.INIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n
+
+log4j.appender.SRVR=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.SRVR.File=${LOG4J_FILENAME_service}
+log4j.appender.SRVR.DatePattern='.'yyyy-MM-dd
+log4j.appender.SRVR.layout=org.apache.log4j.PatternLayout
+log4j.appender.SRVR.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %p [%c] %m %n
+
+log4j.appender.AUDIT=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.AUDIT.File=${LOG4J_FILENAME_audit}
+log4j.appender.AUDIT.DatePattern='.'yyyy-MM-dd
+log4j.appender.AUDIT.layout=org.apache.log4j.PatternLayout
+log4j.appender.AUDIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n
+
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] %m %n
+
+# General Apache libraries
+log4j.rootLogger=WARN.SRVR
+log4j.logger.org.apache=WARN,SRVR
+log4j.logger.com.datastax=WARN,SRVR
+log4j.logger.init=INFO,INIT
+log4j.logger.service=${LOGGING_LEVEL},SRVR
+log4j.logger.audit=INFO,AUDIT
+# Additional configs, not cauth with Root Logger
+log4j.logger.io.netty=INFO,SRVR
+log4j.logger.org.eclipse=INFO,SRVR
+
+
diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.oauth.props b/kubernetes/aaf/resources/config/etc/org.osaaf.oauth.props
new file mode 100644
index 0000000000..82e80c716a
--- /dev/null
+++ b/kubernetes/aaf/resources/config/etc/org.osaaf.oauth.props
@@ -0,0 +1,8 @@
+##
+## org.osaaf.locator
+## AAF Locator Properties
+##
+cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props
+aaf_component=AAF_NS.oauth:2.1.0.0
+port=8140
+cadi_registration_hostname={{.Values.config.oauthServiceName}}
diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.orgs.props b/kubernetes/aaf/resources/config/etc/org.osaaf.orgs.props
new file mode 100644
index 0000000000..66bfd2fad3
--- /dev/null
+++ b/kubernetes/aaf/resources/config/etc/org.osaaf.orgs.props
@@ -0,0 +1,11 @@
+#
+# Define Organizations for use in some of the components. Not all use them
+#
+Organization.org.osaaf=org.onap.aaf.org.DefaultOrg
+org.osaaf.mailHost=smtp.mail.att.com
+org.osaaf.mailFrom=DL-aaf-support@aaf.att.com
+org.osaaf.default=true
+org.osaaf.also_supports=org.osaaf.people
+
+
+
diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.service.props b/kubernetes/aaf/resources/config/etc/org.osaaf.service.props
new file mode 100644
index 0000000000..ff3e0b5c33
--- /dev/null
+++ b/kubernetes/aaf/resources/config/etc/org.osaaf.service.props
@@ -0,0 +1,8 @@
+##
+## org.osaaf.service
+## AAF Service Properties
+##
+cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props:/opt/app/osaaf/etc/org.osaaf.orgs.props
+aaf_component=AAF_NS.service:2.1.0.0
+port=8100
+cadi_registration_hostname={{.Values.config.serviceServiceName}}
diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.cm.p12 b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.cm.p12
new file mode 100644
index 0000000000..63aedd2560
--- /dev/null
+++ b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.cm.p12
Binary files differ
diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.keyfile b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.keyfile
new file mode 100644
index 0000000000..7206ad9325
--- /dev/null
+++ b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.keyfile
@@ -0,0 +1,27 @@
+rmaOaytuFLnhz07oilUO0nO_mZ18XInIi56OoezdUTR5f1GR45lp_nX7marcYv7j2ZS-dpWOSur0
+sK5M-ByrgxfUPyk749Ex4nGSMLnAq-nFMaREpGZPmNP-ul_vCxCmaHUnWKPJB4jx_K_osKPb0-ng
+tqX0hnpbmcq4okV94MUdUs084ymM5LU-qVU_oYbLUM4dXatobe1go8eX2umrutZbQTjz75i4UEcF
+Dv9nDwVqHRGUFMU0NeJlrSlRSO-eiDgVtoSCBGtIkDdKPBTUT3wachHmUBiSBJ3GF05yQP1CwWzz
+AQRSwphP11xKI7tSViT5RoxjxfQZiVEbeyg9g9BROe_pLyIDskoW_ujdnPOWRcSIx6Q4J0eew3kb
+yqcWUPf1K2nSyBSshlsQ6A9NSOLz_KhyIvP_1OG82m1gir3I77Usl7QqMF8IBXCjJ-H_qqR1u-By
+qm_AFjagYA2TgF2YQN-fcneom_5_cA74_xwJ41juhOP72ZWGkX1bAdbiKf85uYo2H3g5HeNWijQL
+y4wJ4qFrSptQRyV2Ntf9OLgpOsKsPPiLlNBugmCjHBMaPMbQAYRbsyCH2nKdjjTG3c6iF5Cj9Jco
+6McvcrYYuq3ynH-2HoL-T-Zgl2AXLxqK4_dl_H243H-GutoJsmIkELLGS_pCpSt4t7xaDvzqxrTj
+4qZ1OjozcpnsqM8HebS28IgoqFaOmrCMqO1MLM_CjAyliTy31P28XEbcYvjEY-FWmnJRSpMLc1Pz
+-KOH-2V8uTqn5YlUsFt2TNnc8lEwMH6GSV1vkgxwPQaMUgWV2svc0FfBmTLZI4zNmpMu4cGjaG-f
+Z8r_hX7pDPANBTaqFxTp999dnaS3lLdZMNbJNEKFF0xxdRuBzsPKDiLa7ItixInZlUcEnwJVWOhC
+kcI2J0cEFGxHxWYmYdqyJIvQzjebk6iDqB-mLi0ai-_XYm1niCxZizT_XJADo9LQtTzq1V6pMgYR
+PPfbDKoiYRK6D8nbWsGNOh6xOS7zs8qrnTPxwu5CuZX_EFoejmooHTrXEqw2RzRFw9XqXM8p50C3
+YrwI2lA6kTQItGm0yftAxqfbhbjJp_K1P91ckOYL3ZSYze_hXRmguwYuT5NWlKhBtm5aawuDjXEg
+yn7PnRTT0smW40hbYbks5L-2VVxTd3tith6Ltqh95miL6vpG5ByDDQlZCWwkq7XH7iScejDvT6UN
+jF1K86mNa8CLXuuSzGl1li1CMxoVzW55G3s0-ICDHqjytiUkiUen2V9VzGT9h4BgDfzbShf31M4_
+biO4NL-mkqlDBbh-KcrYjvNj5qQwHSiLSLuQQBoBtJ3hG9jCu4YBYVWJYctV8r3Js_sGDH4rl5w1
+ujEF6QHWZIF73-u53G_LtvoXBnQcrBW8oLpqP-1Pz5d1bio--bRsNa5qAAilNbYmttiKYOYJn4My
+c6QvzF81SqTRZy0Fd0NK_hMCglPkH7sd32UX-LBquvQ_yDqB_ml_pADJhWcfuD4iPAQjR2Vgclxf
+GPCDva6YpJDzjjnaExDYmGFVFpbIPLfvGUCit_9zAycx0nW1J_cVT1BWFHijjAh_gnIpa6MtY3BE
+G3d8ee6_LAQvvVdBwZ955UwyRd-C7Buc7Xcccw-8hcNBKqOCDlE9j4tie2SdO9m53vZRzcLY6Aiw
+BiulIAllqHZQYs0OBcaYgbNgJU-gn9ZMWgS9i3ijPvTTBSNX7y7k4L1a4QOceyuOtt7nkv024YUS
+acTRmaGotRBuVfI-C0L4Q9NL56_nUATB5ca2GqgLEKnWKsiN3T9cBg4Ji88E8OdiVcoO8segB-0d
+QwWCqCZ8_z_R7zBMlDqpfu5wbvoVx0w9JhLgO9f7eoRozqA3qGLv94i1pN6LuU-Q7YPz4jVxmbb_
+2CHyP1n-o1ZWHfWdz6aByXEzrAZdvjfEWwwMYV5l5jFilTXaCNOCjr9S4YjNn0HITdl7E64C06Im
+3QWOsnDv9z1APjnFo12KH_1yWscU0t9gx7FG210Ug6C-G3Bko_tm_YOp0Lkum4qrnxgHMf_a \ No newline at end of file
diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.p12 b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.p12
new file mode 100644
index 0000000000..f40a7556da
--- /dev/null
+++ b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.p12
Binary files differ
diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.props b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.props
new file mode 100644
index 0000000000..37a9d62711
--- /dev/null
+++ b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.props
@@ -0,0 +1,17 @@
+############################################################
+# Properties Generated by AT&T Certificate Manager
+# by jg1555
+# on 2018-02-21T10:28:08.909-0600
+# @copyright 2016, AT&T
+############################################################
+cm_url=https://{{.Values.config.cmServiceName}}:8150
+#hostname=aaf.osaaf.org
+aaf_env=DEV
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US
+cadi_keyfile=/opt/app/osaaf/local/org.osaaf.aaf.keyfile
+cadi_keystore=/opt/app/osaaf/local/org.osaaf.aaf.p12
+cadi_keystore_password=enc:fDY3WPPqHCMQaZdox2UfpRoEq6b9wUqS-aepo0NiqEFa2t7uYHBdxfQAuEwj9Lwb
+#cadi_key_password=enc:<KEY PASSWORD (optional if the same as KEYSTORE PASSWORD)>
+cadi_alias=aaf-authz@aaf.osaaf.org
+cadi_truststore=/opt/app/osaaf/local/org.osaaf.aaf.trust.p12
+cadi_truststore_password=enc:5nzj6v3Rb0oZPV1zCxg8EJFfkFvWFGJflLB0i_FN0Np
diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.trust.p12 b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.trust.p12
new file mode 100644
index 0000000000..d01e8569ab
--- /dev/null
+++ b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.trust.p12
Binary files differ
diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.aaf_new-24e41f2f436018568cbdecdc1edbd605.p12 b/kubernetes/aaf/resources/config/local/org.osaaf.aaf_new-24e41f2f436018568cbdecdc1edbd605.p12
new file mode 100644
index 0000000000..f40a7556da
--- /dev/null
+++ b/kubernetes/aaf/resources/config/local/org.osaaf.aaf_new-24e41f2f436018568cbdecdc1edbd605.p12
Binary files differ
diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.cassandra.props b/kubernetes/aaf/resources/config/local/org.osaaf.cassandra.props
new file mode 100644
index 0000000000..17f238b851
--- /dev/null
+++ b/kubernetes/aaf/resources/config/local/org.osaaf.cassandra.props
@@ -0,0 +1,29 @@
+############################################################
+# Cassandra properties for AAF Components needing
+# on 2018-03-02 06:59.628-0500
+############################################################
+# LOCAL Cassandra
+cassandra.clusters={{.Values.config.csServiceName}}
+cassandra.clusters.port=9042
+#need this to be fully qualified name when REAL AAF integration
+cassandra.clusters.user=cassandra
+cassandra.clusters.password=enc:gF_I93pTRMIvj3rof-dx-yK84XYT1UKGf98s1LAJyWV
+
+# Name for exception that has happened in the past
+cassandra.reset.exceptions=com.datastax.driver.core.exceptions.NoHostAvailableException:"no host was tried":"Connection has been closed"
+
+# Example Consistency Settings for Clusters with at least instances
+#cassandra.writeConsistency.ns=LOCAL_QUORUM
+#cassandra.writeConsistency.perm=LOCAL_QUORUM
+#cassandra.writeConsistency.role=LOCAL_QUORUM
+#cassandra.writeConsistency.user_role=LOCAL_QUORUM
+#cassandra.writeConsistency.cred=LOCAL_QUORUM
+#cassandra.writeConsistency.ns_attrib=LOCAL_QUORUM
+
+# Consistency Settings when Single Instance
+cassandra.writeConsistency.ns=ONE
+cassandra.writeConsistency.perm=ONE
+cassandra.writeConsistency.role=ONE
+cassandra.writeConsistency.user_role=ONE
+cassandra.writeConsistency.cred=ONE
+cassandra.writeConsistency.ns_attrib=ONE
diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.cm.ca.props b/kubernetes/aaf/resources/config/local/org.osaaf.cm.ca.props
new file mode 100644
index 0000000000..8843705cbb
--- /dev/null
+++ b/kubernetes/aaf/resources/config/local/org.osaaf.cm.ca.props
@@ -0,0 +1,11 @@
+##
+## org.osaaf.cm.ca.props
+## Properties to access Certifiate Authority
+##
+
+#Certman
+cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,/opt/app/osaaf/local/org.osaaf.aaf.cm.p12;aaf_cm_ca;enc:asFEWMNqjH7GktBLb9EGl6L1zfS2qMH5ZS5Zd90KVT5B9ZyRsqx7Gb73YllO8Hyw
+cm_ca.local.idDomains=org.osaaf
+cm_ca.local.baseSubject=/OU=OSAAF/O=ONAP/C=US
+cm_ca.local.perm_type=org.osaaf.aaf.ca
+
diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.location.props b/kubernetes/aaf/resources/config/local/org.osaaf.location.props
new file mode 100644
index 0000000000..fd52d6db11
--- /dev/null
+++ b/kubernetes/aaf/resources/config/local/org.osaaf.location.props
@@ -0,0 +1,12 @@
+##
+## org.osaaf.location.props
+##
+## Localized Machine Information
+##
+# Almeda California
+cadi_latitude=37.78187
+cadi_longitude=-122.26147
+
+#cadi_registration_hostname=aaf-onap-beijing-test.osaaf.org
+cadi_trust_masks=10.12.6/24
+aaf_locate_url=https://{{.Values.config.locateServiceName}}:8095
diff --git a/kubernetes/aaf/resources/config/public/AAF_RootCA.cer b/kubernetes/aaf/resources/config/public/AAF_RootCA.cer
new file mode 100644
index 0000000000..e9a50d7ea0
--- /dev/null
+++ b/kubernetes/aaf/resources/config/public/AAF_RootCA.cer
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
+BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
+NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
+DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
+XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
+H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
+pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
+NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
+2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
+wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
+ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
+P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
+aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
+PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
+A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
+UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
+BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
+L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
+7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
+c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
+jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
+RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
+PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
+CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
+Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
+cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
+ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
+dYY=
+-----END CERTIFICATE-----
diff --git a/kubernetes/aaf/resources/config/public/aaf_2_0.xsd b/kubernetes/aaf/resources/config/public/aaf_2_0.xsd
new file mode 100644
index 0000000000..59d4331b22
--- /dev/null
+++ b/kubernetes/aaf/resources/config/public/aaf_2_0.xsd
@@ -0,0 +1,527 @@
+<!-- Used by AAF (ATT inc 2013) -->
+<xs:schema
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:aaf="urn:aaf:v2_0"
+ targetNamespace="urn:aaf:v2_0"
+ elementFormDefault="qualified">
+
+<!--
+ June 2, 2017, adding Roles, Perms, etc to NSRequest for Onboarding purposes.
+
+ Note: jan 22, 2015. Deprecating the "force" element in the "Request" Structure. Do that
+ with Query Params.
+
+ Eliminate in 3.0
+ -->
+<!--
+ Errors
+ Note: This Error Structure has been made to conform to the AT&T TSS Policies
+ -->
+ <xs:element name="error">
+ <xs:complexType>
+ <xs:sequence>
+ <!--
+ Unique message identifier of the format ‘ABCnnnn’ where ‘ABC’ is
+ either ‘SVC’ for Service Exceptions or ‘POL’ for Policy Exception.
+ Exception numbers may be in the range of 0001 to 9999 where :
+ * 0001 to 0199 are reserved for common exception messages
+ * 0200 to 0999 are reserved for Parlay Web Services specification use
+ * 1000-9999 are available for exceptions
+ -->
+ <xs:element name="messageId" type="xs:string" minOccurs="1" maxOccurs="1"/>
+
+ <!--
+ Message text, with replacement
+ variables marked with %n, where n is
+ an index into the list of <variables>
+ elements, starting at 1
+ -->
+ <xs:element name="text" type="xs:string" minOccurs="1" maxOccurs="1"/>
+
+ <!--
+ List of zero or more strings that
+ represent the contents of the variables
+ used by the message text. -->
+ <xs:element name="variables" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ Requests
+ -->
+ <xs:complexType name="Request">
+ <xs:sequence>
+ <xs:element name="start" type="xs:dateTime" minOccurs="1" maxOccurs="1" />
+ <xs:element name="end" type="xs:dateTime" minOccurs="1" maxOccurs="1"/>
+ <!-- Deprecated. Use Query Command
+ <xs:element name="force" type="xs:string" minOccurs="1" maxOccurs="1" default="false"/>
+ -->
+ </xs:sequence>
+ </xs:complexType>
+
+<!--
+ Keys
+ -->
+ <xs:element name="keys">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="key" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+
+<!--
+ Permissions
+-->
+ <xs:complexType name = "pkey">
+ <xs:sequence>
+ <xs:element name="type" type="xs:string"/>
+ <xs:element name="instance" type="xs:string"/>
+ <xs:element name="action" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:element name="permKey">
+ <xs:complexType >
+ <xs:complexContent>
+ <xs:extension base="aaf:pkey" />
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="perm">
+ <xs:complexType >
+ <xs:complexContent>
+ <xs:extension base="aaf:pkey">
+ <xs:sequence>
+ <xs:element name="roles" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
+ <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- This data not filled in unless Requested -->
+ <xs:element name="ns" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="perms">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element ref="aaf:perm" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="permRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="type" type="xs:string"/>
+ <xs:element name="instance" type="xs:string"/>
+ <xs:element name="action" type="xs:string"/>
+ <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
+ <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+
+<!--
+ Roles
+-->
+ <xs:complexType name="rkey">
+ <xs:sequence>
+ <xs:element name="name" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:element name="roleKey">
+ <xs:complexType >
+ <xs:complexContent>
+ <xs:extension base="aaf:rkey" />
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="role">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:rkey">
+ <xs:sequence>
+ <xs:element name="perms" type="aaf:pkey" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
+ <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- This data not filled in unless Requested -->
+ <xs:element name="ns" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="roles">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element ref="aaf:role" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="roleRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
+ <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <!-- Added userRole return types jg1555 9/16/2015 -->
+ <xs:element name="userRole">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="expires" type="xs:date" minOccurs="1" maxOccurs="1" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <!-- Added userRoles return types jg1555 9/16/2015 -->
+ <xs:element name="userRoles">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element ref="aaf:userRole" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="userRoleRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="rolePermRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="perm" type="aaf:pkey" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="nsRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="admin" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
+ <xs:element name="responsible" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
+ <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
+ <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- Note: dec 11, 2015. Request-able NS Type JG -->
+ <xs:element name="type" type="xs:string" minOccurs="0" maxOccurs="1"/>
+
+ <!-- "scope" is deprecated and unused as of AAF 2.0.11. It will be removed in future versions
+ <xs:element name="scope" type="xs:int" minOccurs="0" maxOccurs="1"/>
+
+
+ <xs:element ref="aaf:roleRequest" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element ref="aaf:permRequest" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="aaf_id" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <xs:element ref="aaf:userRoleRequest" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+
+ -->
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="nsAttribRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="ns" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name = "nss">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name = "ns" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name = "name" type = "xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name = "responsible" type = "xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name = "admin" type = "xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
+ <xs:element name = "description" type = "xs:string" minOccurs="0" maxOccurs="1"/>
+ <!-- Note: Dec 16, 2015. Added description field. Verify backward compatibility. JG -->
+ <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ Users
+-->
+ <xs:element name="users">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="user" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="id" type="xs:string" minOccurs="1" maxOccurs="1" />
+ <!-- Changed type to dateTime, because of importance of Certs -->
+ <xs:element name="expires" type="xs:dateTime" minOccurs="1" maxOccurs="1" />
+ <!-- need to differentiate User Cred Types, jg1555 5/20/2015
+ This Return Object is shared by multiple functions:
+ Type is not returned for "UserRole", but only "Cred"
+ -->
+ <xs:element name="type" type="xs:int" minOccurs="0" maxOccurs="1" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ Certs
+ Added jg1555 5/20/2015 to support identifying Certificate based Services
+ -->
+ <xs:element name="certs">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="cert" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="id" type="xs:string" minOccurs="1" maxOccurs="1" />
+ <xs:element name="x500" type="xs:string" minOccurs="1" maxOccurs="1" />
+ <xs:element name="expires" type="xs:dateTime" minOccurs="1" maxOccurs="1" />
+ <xs:element name="fingerprint" type="xs:hexBinary" minOccurs="1" maxOccurs="1" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ Credentials
+-->
+ <xs:element name="credRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="id" type="xs:string"/>
+ <xs:element name="type" type="xs:int" minOccurs="0" maxOccurs="1"/>
+ <xs:choice >
+ <xs:element name="password" type="xs:string" />
+ <xs:element name="entry" type="xs:string" />
+ </xs:choice>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ Multi Request
+ -->
+
+ <xs:element name="multiRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element ref="aaf:nsRequest" minOccurs="0" maxOccurs="1"/>
+ <xs:element ref="aaf:nsAttribRequest" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element ref="aaf:roleRequest" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element ref="aaf:permRequest" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element ref="aaf:credRequest" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element ref="aaf:userRoleRequest" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element ref="aaf:rolePermRequest" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ History
+ -->
+ <xs:element name="history">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="item" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="YYYYMM" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="timestamp" type="xs:dateTime" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="subject" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="target" type = "xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="action" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="memo" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ Approvals
+ -->
+ <xs:complexType name="approval">
+ <xs:sequence>
+ <!-- Note, id is set by system -->
+ <xs:element name="id" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <xs:element name="ticket" type="xs:string"/>
+ <xs:element name="user" type="xs:string"/>
+ <xs:element name="approver" type="xs:string"/>
+ <xs:element name="type" type="xs:string"/>
+ <xs:element name="memo" type="xs:string"/>
+ <xs:element name="updated" type="xs:dateTime"/>
+ <xs:element name="status">
+ <xs:simpleType>
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="approve"/>
+ <xs:enumeration value="reject"/>
+ <xs:enumeration value="pending"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ <xs:element name="operation">
+ <xs:simpleType>
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="C"/>
+ <xs:enumeration value="U"/>
+ <xs:enumeration value="D"/>
+ <xs:enumeration value="G"/>
+ <xs:enumeration value="UG"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ <xs:element name="approvals">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="approvals" type="aaf:approval" minOccurs="1" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ Delegates
+-->
+ <xs:complexType name="delg">
+ <xs:sequence>
+ <xs:element name="user" type="xs:string"/>
+ <xs:element name="delegate" type="xs:string"/>
+ <xs:element name="expires" type="xs:date"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:element name="delgRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="aaf:Request">
+ <xs:sequence>
+ <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="delegate" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="delgs">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="delgs" type="aaf:delg" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <!-- jg 3/11/2015 New for 2.0.8 -->
+ <xs:element name="api">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="route" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="meth" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="path" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="param" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="desc" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="comments" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="contentType" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="expected" type="xs:int" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="explicitErr" type="xs:int" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+</xs:schema> \ No newline at end of file
diff --git a/kubernetes/aaf/resources/config/public/iframe_denied_test.html b/kubernetes/aaf/resources/config/public/iframe_denied_test.html
new file mode 100644
index 0000000000..613e9c70c1
--- /dev/null
+++ b/kubernetes/aaf/resources/config/public/iframe_denied_test.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html>
+<body>
+
+<iframe src="https://mithrilcsp.sbc.com:8095/gui/home">
+ <p>Your browser does not support iframes.</p>
+</iframe>
+
+</body>
+</html>
diff --git a/kubernetes/aaf/resources/config/public/truststoreONAP.p12 b/kubernetes/aaf/resources/config/public/truststoreONAP.p12
new file mode 100644
index 0000000000..d01e8569ab
--- /dev/null
+++ b/kubernetes/aaf/resources/config/public/truststoreONAP.p12
Binary files differ
diff --git a/kubernetes/aaf/resources/config/public/truststoreONAPall.jks b/kubernetes/aaf/resources/config/public/truststoreONAPall.jks
new file mode 100644
index 0000000000..ff844b109d
--- /dev/null
+++ b/kubernetes/aaf/resources/config/public/truststoreONAPall.jks
Binary files differ