diff options
author | Mahendra Raghuwanshi <mahendra.raghuwanshi@amdocs.com> | 2018-05-03 12:15:03 +0000 |
---|---|---|
committer | Mandeep Khinda <mandeep.khinda@amdocs.com> | 2018-05-07 14:55:26 -0400 |
commit | afb1e2a536aecbbf0a90155749a23eb2de54f223 (patch) | |
tree | bc17887d30dc4b01a72fd32270513dec32b8d77f /kubernetes/aaf/resources | |
parent | 89dbd64a432ccb3c08b8c6303d53d80c3d9fe3a6 (diff) |
AAF Charts
-PS3-MK
-renaming charts to remove hyphen
-refactoring service name configuration. It wasn't quite correct
the way it was. It was taking the chart name as the service name
and not using the values.yaml from the top level chart as intended.
-Jonathan asked to name the main app service "aaf-service and cassandra
to "aaf-cass" as this is what is in the cert
-squashed https://gerrit.onap.org/r/#/c/45923/1 into this commit.
-updated robot to the latest settings
Robot tests are failing but all pods come up. I think this can be merged
and the AAF team investigate the robot health issue in a running system
-PS4-MK
-reverting sms changes and taking the latest from master
-removing repository from the global section of the aaf values.
-this was causing all images to be pulled from nexus3.onap.org
which was failing to pull images that come from docker hub.
There is supposed to be a proxy through nexus3 to dockerhub but maybe
we are missing something.
-PS5-MK
-removing nodeports from non gui related charts. There are conflicts
-PS6-Kiran
-Adding imagepullsecrets for aaf-sms-vault subchart
-updated image repository to pull from nexus3
-tested and works now and should fix the pull errors
-PS7-Kiran
-Previous patch picked up a couple of unintended changes
-Reverting them
-PS8-MK
-removing names from identities
-using https for robot test
Issue-ID: OOM-930
Change-Id: I98f40ef5af03dda73aebf12f6fa48d928915ab34
Signed-off-by: Mahendra Raghuwanshi <mahendra.raghuwanshi@amdocs.com>
Add Beijing CQLs into OOM
Issue-ID: AAF-114
Change-Id: I2c2d46738ba0885c41f710997d4b212b6ce4d2de
Signed-off-by: Instrumental <jonathan.gathman@att.com>
Signed-off-by: Mandeep Khinda <mandeep.khinda@amdocs.com>
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
Diffstat (limited to 'kubernetes/aaf/resources')
29 files changed, 936 insertions, 9 deletions
diff --git a/kubernetes/aaf/resources/config/aaf-data/identities.dat b/kubernetes/aaf/resources/config/aaf-data/identities.dat deleted file mode 100644 index 95eb51d1be..0000000000 --- a/kubernetes/aaf/resources/config/aaf-data/identities.dat +++ /dev/null @@ -1,9 +0,0 @@ -iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e| -mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna -bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager -mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager -ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager -iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager -osaaf|ID of AAF|||||a|bdevl -m99751|ID of AAF|||||a|bdevl -m99501|ID of AAF|||||a|bdevl diff --git a/kubernetes/aaf/resources/config/backup/backup.sh b/kubernetes/aaf/resources/config/backup/backup.sh new file mode 100644 index 0000000000..1359d3de83 --- /dev/null +++ b/kubernetes/aaf/resources/config/backup/backup.sh @@ -0,0 +1,32 @@ +# BEGIN Store prev +BD=/opt/app/osaaf/backup +if [ -e "$BD/6day" ]; then + rm -Rf $BD/6day +fi + +PREV=$BD/6day +for D in $BD/5day $BD/4day $BD/3day $BD/2day $BD/yesterday; do + if [ -e "$D" ]; then + mv "$D" "$PREV" + fi + PREV="$D" +done + +if [ -e "$BD/today" ]; then + if [ -e "$BD/backup.log" ]; then + mv $BD/backup.log $BD/today + fi + gzip $BD/today/* + mv $BD/today $BD/yesterday +fi + +mkdir $BD/today + +# END Store prev +date +docker exec -t aaf_cass bash -c "mkdir -p /opt/app/cass_backup" +docker container cp $BD/cbackup.sh aaf_cass:/opt/app/cass_backup/backup.sh +# echo "login as Root, then run \nbash /opt/app/cass_backup/backup.sh" +docker exec -t aaf_cass bash /opt/app/cass_backup/backup.sh +docker container cp aaf_cass:/opt/app/cass_backup/. $BD/today +date diff --git a/kubernetes/aaf/resources/config/backup/cbackup.sh b/kubernetes/aaf/resources/config/backup/cbackup.sh new file mode 100644 index 0000000000..9c91d0c670 --- /dev/null +++ b/kubernetes/aaf/resources/config/backup/cbackup.sh @@ -0,0 +1,8 @@ +cd /opt/app/cass_backup +DATA="ns role perm ns_attrib user_role cred cert x509 delegate approval approved future notify artifact health history" +PWD=cassandra +CQLSH="cqlsh -u cassandra -k authz -p $PWD" +for T in $DATA ; do + echo "Creating $T.dat" + $CQLSH -e "COPY authz.$T TO '$T.dat' WITH DELIMITER='|'" +done diff --git a/kubernetes/aaf/resources/config/data/identities.dat b/kubernetes/aaf/resources/config/data/identities.dat new file mode 100644 index 0000000000..39d18a12b9 --- /dev/null +++ b/kubernetes/aaf/resources/config/data/identities.dat @@ -0,0 +1,27 @@ +# +# Sample Identities.dat +# This file is for use with the "Default Organization". It is a simple mechanism to have a basic ILM structure to use with +# out-of-the-box tire-kicking, or even for Small companies +# +# For Larger Companies, you will want to create a new class implementing the "Organization" interface, making calls to your ILM, or utilizing +# batch feeds, as is appropriate for your company. +# +# Example Field Layout. note, in this example, Application IDs and People IDs are mixed. You may want to split +# out AppIDs, choose your own status indicators, or whatever you use. +# 0 - unique ID +# 1 - full name +# 2 - first name +# 3 - last name +# 4 - phone +# 5 - official email +# 6 - employment status e=employee, c=contractor, a=application, n=no longer with company +# 7 - responsible to (i.e Supervisor for People, or AppOwner, if it's an App ID) +# + +iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e| +mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna +bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager +mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager +ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager +iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager +osaaf|ID of AAF|||||a|bdevl diff --git a/kubernetes/aaf/resources/config/data/sample.identities.dat b/kubernetes/aaf/resources/config/data/sample.identities.dat new file mode 100644 index 0000000000..39d18a12b9 --- /dev/null +++ b/kubernetes/aaf/resources/config/data/sample.identities.dat @@ -0,0 +1,27 @@ +# +# Sample Identities.dat +# This file is for use with the "Default Organization". It is a simple mechanism to have a basic ILM structure to use with +# out-of-the-box tire-kicking, or even for Small companies +# +# For Larger Companies, you will want to create a new class implementing the "Organization" interface, making calls to your ILM, or utilizing +# batch feeds, as is appropriate for your company. +# +# Example Field Layout. note, in this example, Application IDs and People IDs are mixed. You may want to split +# out AppIDs, choose your own status indicators, or whatever you use. +# 0 - unique ID +# 1 - full name +# 2 - first name +# 3 - last name +# 4 - phone +# 5 - official email +# 6 - employment status e=employee, c=contractor, a=application, n=no longer with company +# 7 - responsible to (i.e Supervisor for People, or AppOwner, if it's an App ID) +# + +iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e| +mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna +bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager +mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager +ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager +iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager +osaaf|ID of AAF|||||a|bdevl diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.cm.props b/kubernetes/aaf/resources/config/etc/org.osaaf.cm.props new file mode 100644 index 0000000000..d634cfeb37 --- /dev/null +++ b/kubernetes/aaf/resources/config/etc/org.osaaf.cm.props @@ -0,0 +1,14 @@ +## +## org.osaaf.cm.props +## AAF Certificate Manager properties +## Note: Link to CA Properties in "local" dir +## +cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props:/opt/app/osaaf/local/org.osaaf.cm.ca.props +aaf_component=AAF_NS.cm:2.1.0.0 +port=8150 +cadi_registration_hostname={{.Values.config.cmServiceName}} +#Certman +cm_public_dir=/opt/app/osaaf/public +cm_trust_cas=AAF_RootCA.cer + + diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.common.props b/kubernetes/aaf/resources/config/etc/org.osaaf.common.props new file mode 100644 index 0000000000..8b75e709d4 --- /dev/null +++ b/kubernetes/aaf/resources/config/etc/org.osaaf.common.props @@ -0,0 +1,29 @@ +############################################################ +# Common properties for all AAF Components +# on 2018-03-02 06:59.628-0500 +############################################################ +# Pull in Global Coordinates and Certificate Information +aaf_root_ns=org.osaaf.aaf +aaf_trust_perm=org.osaaf.aaf|org.onap|trust + +cadi_prop_files=/opt/app/osaaf/local/org.osaaf.location.props:/opt/app/osaaf/local/org.osaaf.aaf.props +cadi_protocols=TLSv1.1,TLSv1.2 + +aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0 +cadi_loginpage_url=https://AAF_LOCATE_URL/AAF_NS.gui:2.0/login + +# Standard for this App/Machine +aaf_env=DEV +aaf_data_dir=/opt/app/osaaf/data +cadi_loglevel=DEBUG + +# Domain Support (which will accept) +aaf_domain_support=.com:.org + +# Basic Auth +aaf_default_realm=people.osaaf.org + +# OAuth2 +aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect + diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.fs.props b/kubernetes/aaf/resources/config/etc/org.osaaf.fs.props new file mode 100644 index 0000000000..d499f97f56 --- /dev/null +++ b/kubernetes/aaf/resources/config/etc/org.osaaf.fs.props @@ -0,0 +1,10 @@ +## +## org.osaaf.locator +## AAF Locator Properties +## +cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props +aaf_component=AAF_NS.fs:2.1.0.0 +port=8096 +cadi_registration_hostname={{.Values.config.fsServiceName}} + +aaf_public_dir=/opt/app/osaaf/public diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.gui.props b/kubernetes/aaf/resources/config/etc/org.osaaf.gui.props new file mode 100644 index 0000000000..86b3aa6467 --- /dev/null +++ b/kubernetes/aaf/resources/config/etc/org.osaaf.gui.props @@ -0,0 +1,31 @@ +## +## org.osaaf.locator +## AAF Locator Properties +## +cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/etc/org.osaaf.orgs.props +aaf_component=AAF_NS.gui:2.1.0.0 +port=8200 +cadi_registration_hostname={{.Values.config.guiServiceName}} + +aaf_gui_title=AAF +aaf_gui_copyright=(c) 2018 AT&T Intellectual Property. All rights reserved. +aaf_gui_theme=theme/onap +cadi_loginpage_url=https://AAF_LOCATE_URL/com.att.aaf.gui:2.0/login + +# GUI URLS and Help URLS +cm_url=https://{{.Values.config.cmServiceName}}:8150 +gw_url=https://{{.Values.config.locateServiceName}}:8095 +fs_url=http://{{.Values.config.fsServiceName}}:8096 + +aaf_url.gui_onboard=https://wiki.web.att.com/display/aaf/OnBoarding +aaf_url.cuigui=https://wiki.web.att.com/display/aaf/Using+the+Command+Prompt + +aaf_url.aaf_help=https://wiki.onap.org/display/DW/Application+Authorization+Framework+Documentation +aaf_url.aaf_help.sub=Bootstrapping+AAF,Installation+Guide +aaf_url.aaf_help.sub.Bootstrapping+AAF=https://wiki.onap.org/display/DW/Bootstrapping+AAF +aaf_url.aaf_help.sub.Installation+Guide=https://wiki.onap.org/display/DW/AAF+Installation+Guide +#aaf_url.cadi_help= +aaf_url.tools=AAF+Projects,AAF+Jira,AAF+Calendar +aaf_url.tool=AAF+Jira=https://jira.onap.org/secure/RapidBoard.jspa?rapidView=69&projectKey=AAF&view=detail&selectedIssue=AAF-134 +aaf_url.tool.AAF+Projects=https://gerrit.onap.org/r/#/admin/projects/?filter=aaf%2F +aaf_url.tool.AAF+Calendar=https://wiki.onap.org/pages/viewpage.action?pageId=6587439 diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.hello.props b/kubernetes/aaf/resources/config/etc/org.osaaf.hello.props new file mode 100644 index 0000000000..d832aaf7e0 --- /dev/null +++ b/kubernetes/aaf/resources/config/etc/org.osaaf.hello.props @@ -0,0 +1,8 @@ +## +## org.osaaf.locator +## AAF Locator Properties +## +cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props +aaf_component=AAF_NS.hello:2.1.0.0 +port=8130 +cadi_registration_hostname={{.Values.config.helloServiceName}} diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.locate.props b/kubernetes/aaf/resources/config/etc/org.osaaf.locate.props new file mode 100644 index 0000000000..47a174ed44 --- /dev/null +++ b/kubernetes/aaf/resources/config/etc/org.osaaf.locate.props @@ -0,0 +1,8 @@ +## +## org.osaaf.locator +## AAF Locator Properties +## +cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props +aaf_component=AAF_NS.locator:2.1.0.0 +port=8095 +cadi_registration_hostname={{.Values.config.locateServiceName}} diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.log4j.props b/kubernetes/aaf/resources/config/etc/org.osaaf.log4j.props new file mode 100644 index 0000000000..9f10802821 --- /dev/null +++ b/kubernetes/aaf/resources/config/etc/org.osaaf.log4j.props @@ -0,0 +1,51 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +log4j.appender.INIT=org.apache.log4j.DailyRollingFileAppender +log4j.appender.INIT.File=${LOG4J_FILENAME_init} +log4j.appender.INIT.DatePattern='.'yyyy-MM-dd +log4j.appender.INIT.layout=org.apache.log4j.PatternLayout +log4j.appender.INIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n + +log4j.appender.SRVR=org.apache.log4j.DailyRollingFileAppender +log4j.appender.SRVR.File=${LOG4J_FILENAME_service} +log4j.appender.SRVR.DatePattern='.'yyyy-MM-dd +log4j.appender.SRVR.layout=org.apache.log4j.PatternLayout +log4j.appender.SRVR.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %p [%c] %m %n + +log4j.appender.AUDIT=org.apache.log4j.DailyRollingFileAppender +log4j.appender.AUDIT.File=${LOG4J_FILENAME_audit} +log4j.appender.AUDIT.DatePattern='.'yyyy-MM-dd +log4j.appender.AUDIT.layout=org.apache.log4j.PatternLayout +log4j.appender.AUDIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n + +log4j.appender.stdout=org.apache.log4j.ConsoleAppender +log4j.appender.stdout.layout=org.apache.log4j.PatternLayout +log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] %m %n + +# General Apache libraries +log4j.rootLogger=WARN.SRVR +log4j.logger.org.apache=WARN,SRVR +log4j.logger.com.datastax=WARN,SRVR +log4j.logger.init=INFO,INIT +log4j.logger.service=${LOGGING_LEVEL},SRVR +log4j.logger.audit=INFO,AUDIT +# Additional configs, not cauth with Root Logger +log4j.logger.io.netty=INFO,SRVR +log4j.logger.org.eclipse=INFO,SRVR + + diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.oauth.props b/kubernetes/aaf/resources/config/etc/org.osaaf.oauth.props new file mode 100644 index 0000000000..82e80c716a --- /dev/null +++ b/kubernetes/aaf/resources/config/etc/org.osaaf.oauth.props @@ -0,0 +1,8 @@ +## +## org.osaaf.locator +## AAF Locator Properties +## +cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props +aaf_component=AAF_NS.oauth:2.1.0.0 +port=8140 +cadi_registration_hostname={{.Values.config.oauthServiceName}} diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.orgs.props b/kubernetes/aaf/resources/config/etc/org.osaaf.orgs.props new file mode 100644 index 0000000000..66bfd2fad3 --- /dev/null +++ b/kubernetes/aaf/resources/config/etc/org.osaaf.orgs.props @@ -0,0 +1,11 @@ +# +# Define Organizations for use in some of the components. Not all use them +# +Organization.org.osaaf=org.onap.aaf.org.DefaultOrg +org.osaaf.mailHost=smtp.mail.att.com +org.osaaf.mailFrom=DL-aaf-support@aaf.att.com +org.osaaf.default=true +org.osaaf.also_supports=org.osaaf.people + + + diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.service.props b/kubernetes/aaf/resources/config/etc/org.osaaf.service.props new file mode 100644 index 0000000000..ff3e0b5c33 --- /dev/null +++ b/kubernetes/aaf/resources/config/etc/org.osaaf.service.props @@ -0,0 +1,8 @@ +## +## org.osaaf.service +## AAF Service Properties +## +cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props:/opt/app/osaaf/etc/org.osaaf.orgs.props +aaf_component=AAF_NS.service:2.1.0.0 +port=8100 +cadi_registration_hostname={{.Values.config.serviceServiceName}} diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.cm.p12 b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.cm.p12 Binary files differnew file mode 100644 index 0000000000..63aedd2560 --- /dev/null +++ b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.cm.p12 diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.keyfile b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.keyfile new file mode 100644 index 0000000000..7206ad9325 --- /dev/null +++ b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.keyfile @@ -0,0 +1,27 @@ +rmaOaytuFLnhz07oilUO0nO_mZ18XInIi56OoezdUTR5f1GR45lp_nX7marcYv7j2ZS-dpWOSur0 +sK5M-ByrgxfUPyk749Ex4nGSMLnAq-nFMaREpGZPmNP-ul_vCxCmaHUnWKPJB4jx_K_osKPb0-ng +tqX0hnpbmcq4okV94MUdUs084ymM5LU-qVU_oYbLUM4dXatobe1go8eX2umrutZbQTjz75i4UEcF +Dv9nDwVqHRGUFMU0NeJlrSlRSO-eiDgVtoSCBGtIkDdKPBTUT3wachHmUBiSBJ3GF05yQP1CwWzz +AQRSwphP11xKI7tSViT5RoxjxfQZiVEbeyg9g9BROe_pLyIDskoW_ujdnPOWRcSIx6Q4J0eew3kb +yqcWUPf1K2nSyBSshlsQ6A9NSOLz_KhyIvP_1OG82m1gir3I77Usl7QqMF8IBXCjJ-H_qqR1u-By +qm_AFjagYA2TgF2YQN-fcneom_5_cA74_xwJ41juhOP72ZWGkX1bAdbiKf85uYo2H3g5HeNWijQL +y4wJ4qFrSptQRyV2Ntf9OLgpOsKsPPiLlNBugmCjHBMaPMbQAYRbsyCH2nKdjjTG3c6iF5Cj9Jco +6McvcrYYuq3ynH-2HoL-T-Zgl2AXLxqK4_dl_H243H-GutoJsmIkELLGS_pCpSt4t7xaDvzqxrTj +4qZ1OjozcpnsqM8HebS28IgoqFaOmrCMqO1MLM_CjAyliTy31P28XEbcYvjEY-FWmnJRSpMLc1Pz +-KOH-2V8uTqn5YlUsFt2TNnc8lEwMH6GSV1vkgxwPQaMUgWV2svc0FfBmTLZI4zNmpMu4cGjaG-f +Z8r_hX7pDPANBTaqFxTp999dnaS3lLdZMNbJNEKFF0xxdRuBzsPKDiLa7ItixInZlUcEnwJVWOhC +kcI2J0cEFGxHxWYmYdqyJIvQzjebk6iDqB-mLi0ai-_XYm1niCxZizT_XJADo9LQtTzq1V6pMgYR +PPfbDKoiYRK6D8nbWsGNOh6xOS7zs8qrnTPxwu5CuZX_EFoejmooHTrXEqw2RzRFw9XqXM8p50C3 +YrwI2lA6kTQItGm0yftAxqfbhbjJp_K1P91ckOYL3ZSYze_hXRmguwYuT5NWlKhBtm5aawuDjXEg +yn7PnRTT0smW40hbYbks5L-2VVxTd3tith6Ltqh95miL6vpG5ByDDQlZCWwkq7XH7iScejDvT6UN +jF1K86mNa8CLXuuSzGl1li1CMxoVzW55G3s0-ICDHqjytiUkiUen2V9VzGT9h4BgDfzbShf31M4_ +biO4NL-mkqlDBbh-KcrYjvNj5qQwHSiLSLuQQBoBtJ3hG9jCu4YBYVWJYctV8r3Js_sGDH4rl5w1 +ujEF6QHWZIF73-u53G_LtvoXBnQcrBW8oLpqP-1Pz5d1bio--bRsNa5qAAilNbYmttiKYOYJn4My +c6QvzF81SqTRZy0Fd0NK_hMCglPkH7sd32UX-LBquvQ_yDqB_ml_pADJhWcfuD4iPAQjR2Vgclxf +GPCDva6YpJDzjjnaExDYmGFVFpbIPLfvGUCit_9zAycx0nW1J_cVT1BWFHijjAh_gnIpa6MtY3BE +G3d8ee6_LAQvvVdBwZ955UwyRd-C7Buc7Xcccw-8hcNBKqOCDlE9j4tie2SdO9m53vZRzcLY6Aiw +BiulIAllqHZQYs0OBcaYgbNgJU-gn9ZMWgS9i3ijPvTTBSNX7y7k4L1a4QOceyuOtt7nkv024YUS +acTRmaGotRBuVfI-C0L4Q9NL56_nUATB5ca2GqgLEKnWKsiN3T9cBg4Ji88E8OdiVcoO8segB-0d +QwWCqCZ8_z_R7zBMlDqpfu5wbvoVx0w9JhLgO9f7eoRozqA3qGLv94i1pN6LuU-Q7YPz4jVxmbb_ +2CHyP1n-o1ZWHfWdz6aByXEzrAZdvjfEWwwMYV5l5jFilTXaCNOCjr9S4YjNn0HITdl7E64C06Im +3QWOsnDv9z1APjnFo12KH_1yWscU0t9gx7FG210Ug6C-G3Bko_tm_YOp0Lkum4qrnxgHMf_a
\ No newline at end of file diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.p12 b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.p12 Binary files differnew file mode 100644 index 0000000000..f40a7556da --- /dev/null +++ b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.p12 diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.props b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.props new file mode 100644 index 0000000000..37a9d62711 --- /dev/null +++ b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.props @@ -0,0 +1,17 @@ +############################################################ +# Properties Generated by AT&T Certificate Manager +# by jg1555 +# on 2018-02-21T10:28:08.909-0600 +# @copyright 2016, AT&T +############################################################ +cm_url=https://{{.Values.config.cmServiceName}}:8150 +#hostname=aaf.osaaf.org +aaf_env=DEV +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US +cadi_keyfile=/opt/app/osaaf/local/org.osaaf.aaf.keyfile +cadi_keystore=/opt/app/osaaf/local/org.osaaf.aaf.p12 +cadi_keystore_password=enc:fDY3WPPqHCMQaZdox2UfpRoEq6b9wUqS-aepo0NiqEFa2t7uYHBdxfQAuEwj9Lwb +#cadi_key_password=enc:<KEY PASSWORD (optional if the same as KEYSTORE PASSWORD)> +cadi_alias=aaf-authz@aaf.osaaf.org +cadi_truststore=/opt/app/osaaf/local/org.osaaf.aaf.trust.p12 +cadi_truststore_password=enc:5nzj6v3Rb0oZPV1zCxg8EJFfkFvWFGJflLB0i_FN0Np diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.trust.p12 b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.trust.p12 Binary files differnew file mode 100644 index 0000000000..d01e8569ab --- /dev/null +++ b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.trust.p12 diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.aaf_new-24e41f2f436018568cbdecdc1edbd605.p12 b/kubernetes/aaf/resources/config/local/org.osaaf.aaf_new-24e41f2f436018568cbdecdc1edbd605.p12 Binary files differnew file mode 100644 index 0000000000..f40a7556da --- /dev/null +++ b/kubernetes/aaf/resources/config/local/org.osaaf.aaf_new-24e41f2f436018568cbdecdc1edbd605.p12 diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.cassandra.props b/kubernetes/aaf/resources/config/local/org.osaaf.cassandra.props new file mode 100644 index 0000000000..17f238b851 --- /dev/null +++ b/kubernetes/aaf/resources/config/local/org.osaaf.cassandra.props @@ -0,0 +1,29 @@ +############################################################ +# Cassandra properties for AAF Components needing +# on 2018-03-02 06:59.628-0500 +############################################################ +# LOCAL Cassandra +cassandra.clusters={{.Values.config.csServiceName}} +cassandra.clusters.port=9042 +#need this to be fully qualified name when REAL AAF integration +cassandra.clusters.user=cassandra +cassandra.clusters.password=enc:gF_I93pTRMIvj3rof-dx-yK84XYT1UKGf98s1LAJyWV + +# Name for exception that has happened in the past +cassandra.reset.exceptions=com.datastax.driver.core.exceptions.NoHostAvailableException:"no host was tried":"Connection has been closed" + +# Example Consistency Settings for Clusters with at least instances +#cassandra.writeConsistency.ns=LOCAL_QUORUM +#cassandra.writeConsistency.perm=LOCAL_QUORUM +#cassandra.writeConsistency.role=LOCAL_QUORUM +#cassandra.writeConsistency.user_role=LOCAL_QUORUM +#cassandra.writeConsistency.cred=LOCAL_QUORUM +#cassandra.writeConsistency.ns_attrib=LOCAL_QUORUM + +# Consistency Settings when Single Instance +cassandra.writeConsistency.ns=ONE +cassandra.writeConsistency.perm=ONE +cassandra.writeConsistency.role=ONE +cassandra.writeConsistency.user_role=ONE +cassandra.writeConsistency.cred=ONE +cassandra.writeConsistency.ns_attrib=ONE diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.cm.ca.props b/kubernetes/aaf/resources/config/local/org.osaaf.cm.ca.props new file mode 100644 index 0000000000..8843705cbb --- /dev/null +++ b/kubernetes/aaf/resources/config/local/org.osaaf.cm.ca.props @@ -0,0 +1,11 @@ +## +## org.osaaf.cm.ca.props +## Properties to access Certifiate Authority +## + +#Certman +cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,/opt/app/osaaf/local/org.osaaf.aaf.cm.p12;aaf_cm_ca;enc:asFEWMNqjH7GktBLb9EGl6L1zfS2qMH5ZS5Zd90KVT5B9ZyRsqx7Gb73YllO8Hyw +cm_ca.local.idDomains=org.osaaf +cm_ca.local.baseSubject=/OU=OSAAF/O=ONAP/C=US +cm_ca.local.perm_type=org.osaaf.aaf.ca + diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.location.props b/kubernetes/aaf/resources/config/local/org.osaaf.location.props new file mode 100644 index 0000000000..fd52d6db11 --- /dev/null +++ b/kubernetes/aaf/resources/config/local/org.osaaf.location.props @@ -0,0 +1,12 @@ +## +## org.osaaf.location.props +## +## Localized Machine Information +## +# Almeda California +cadi_latitude=37.78187 +cadi_longitude=-122.26147 + +#cadi_registration_hostname=aaf-onap-beijing-test.osaaf.org +cadi_trust_masks=10.12.6/24 +aaf_locate_url=https://{{.Values.config.locateServiceName}}:8095 diff --git a/kubernetes/aaf/resources/config/public/AAF_RootCA.cer b/kubernetes/aaf/resources/config/public/AAF_RootCA.cer new file mode 100644 index 0000000000..e9a50d7ea0 --- /dev/null +++ b/kubernetes/aaf/resources/config/public/AAF_RootCA.cer @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV +BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx +NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK +DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 +XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn +H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM +pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 +NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg +2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY +wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd +ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM +P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 +aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY +PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G +A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ +UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN +BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz +L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 +7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx +c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf +jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 +RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h +PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF +CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ +Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A +cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR +ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX +dYY= +-----END CERTIFICATE----- diff --git a/kubernetes/aaf/resources/config/public/aaf_2_0.xsd b/kubernetes/aaf/resources/config/public/aaf_2_0.xsd new file mode 100644 index 0000000000..59d4331b22 --- /dev/null +++ b/kubernetes/aaf/resources/config/public/aaf_2_0.xsd @@ -0,0 +1,527 @@ +<!-- Used by AAF (ATT inc 2013) --> +<xs:schema + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:aaf="urn:aaf:v2_0" + targetNamespace="urn:aaf:v2_0" + elementFormDefault="qualified"> + +<!-- + June 2, 2017, adding Roles, Perms, etc to NSRequest for Onboarding purposes. + + Note: jan 22, 2015. Deprecating the "force" element in the "Request" Structure. Do that + with Query Params. + + Eliminate in 3.0 + --> +<!-- + Errors + Note: This Error Structure has been made to conform to the AT&T TSS Policies + --> + <xs:element name="error"> + <xs:complexType> + <xs:sequence> + <!-- + Unique message identifier of the format ‘ABCnnnn’ where ‘ABC’ is + either ‘SVC’ for Service Exceptions or ‘POL’ for Policy Exception. + Exception numbers may be in the range of 0001 to 9999 where : + * 0001 to 0199 are reserved for common exception messages + * 0200 to 0999 are reserved for Parlay Web Services specification use + * 1000-9999 are available for exceptions + --> + <xs:element name="messageId" type="xs:string" minOccurs="1" maxOccurs="1"/> + + <!-- + Message text, with replacement + variables marked with %n, where n is + an index into the list of <variables> + elements, starting at 1 + --> + <xs:element name="text" type="xs:string" minOccurs="1" maxOccurs="1"/> + + <!-- + List of zero or more strings that + represent the contents of the variables + used by the message text. --> + <xs:element name="variables" type="xs:string" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> + </xs:complexType> + </xs:element> + +<!-- + Requests + --> + <xs:complexType name="Request"> + <xs:sequence> + <xs:element name="start" type="xs:dateTime" minOccurs="1" maxOccurs="1" /> + <xs:element name="end" type="xs:dateTime" minOccurs="1" maxOccurs="1"/> + <!-- Deprecated. Use Query Command + <xs:element name="force" type="xs:string" minOccurs="1" maxOccurs="1" default="false"/> + --> + </xs:sequence> + </xs:complexType> + +<!-- + Keys + --> + <xs:element name="keys"> + <xs:complexType> + <xs:sequence> + <xs:element name="key" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + +<!-- + Permissions +--> + <xs:complexType name = "pkey"> + <xs:sequence> + <xs:element name="type" type="xs:string"/> + <xs:element name="instance" type="xs:string"/> + <xs:element name="action" type="xs:string"/> + </xs:sequence> + </xs:complexType> + + <xs:element name="permKey"> + <xs:complexType > + <xs:complexContent> + <xs:extension base="aaf:pkey" /> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="perm"> + <xs:complexType > + <xs:complexContent> + <xs:extension base="aaf:pkey"> + <xs:sequence> + <xs:element name="roles" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR --> + <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/> + <!-- This data not filled in unless Requested --> + <xs:element name="ns" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="perms"> + <xs:complexType> + <xs:sequence> + <xs:element ref="aaf:perm" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + <xs:element name="permRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element name="type" type="xs:string"/> + <xs:element name="instance" type="xs:string"/> + <xs:element name="action" type="xs:string"/> + <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR --> + <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + +<!-- + Roles +--> + <xs:complexType name="rkey"> + <xs:sequence> + <xs:element name="name" type="xs:string"/> + </xs:sequence> + </xs:complexType> + + <xs:element name="roleKey"> + <xs:complexType > + <xs:complexContent> + <xs:extension base="aaf:rkey" /> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="role"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:rkey"> + <xs:sequence> + <xs:element name="perms" type="aaf:pkey" minOccurs="0" maxOccurs="unbounded"/> + <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR --> + <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/> + <!-- This data not filled in unless Requested --> + <xs:element name="ns" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="roles"> + <xs:complexType> + <xs:sequence> + <xs:element ref="aaf:role" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + <xs:element name="roleRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/> + <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR --> + <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <!-- Added userRole return types jg1555 9/16/2015 --> + <xs:element name="userRole"> + <xs:complexType> + <xs:sequence> + <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="expires" type="xs:date" minOccurs="1" maxOccurs="1" /> + </xs:sequence> + </xs:complexType> + </xs:element> + + <!-- Added userRoles return types jg1555 9/16/2015 --> + <xs:element name="userRoles"> + <xs:complexType> + <xs:sequence> + <xs:element ref="aaf:userRole" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + <xs:element name="userRoleRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="rolePermRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element name="perm" type="aaf:pkey" minOccurs="1" maxOccurs="1"/> + <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="nsRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="admin" type="xs:string" minOccurs="1" maxOccurs="unbounded"/> + <xs:element name="responsible" type="xs:string" minOccurs="1" maxOccurs="unbounded"/> + <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR --> + <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/> + <!-- Note: dec 11, 2015. Request-able NS Type JG --> + <xs:element name="type" type="xs:string" minOccurs="0" maxOccurs="1"/> + + <!-- "scope" is deprecated and unused as of AAF 2.0.11. It will be removed in future versions + <xs:element name="scope" type="xs:int" minOccurs="0" maxOccurs="1"/> + + + <xs:element ref="aaf:roleRequest" minOccurs="0" maxOccurs="unbounded"/> + <xs:element ref="aaf:permRequest" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="aaf_id" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element ref="aaf:userRoleRequest" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + + --> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="nsAttribRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element name="ns" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name = "nss"> + <xs:complexType> + <xs:sequence> + <xs:element name = "ns" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name = "name" type = "xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name = "responsible" type = "xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name = "admin" type = "xs:string" minOccurs="0" maxOccurs="unbounded"/> + <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR --> + <xs:element name = "description" type = "xs:string" minOccurs="0" maxOccurs="1"/> + <!-- Note: Dec 16, 2015. Added description field. Verify backward compatibility. JG --> + <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + +<!-- + Users +--> + <xs:element name="users"> + <xs:complexType> + <xs:sequence> + <xs:element name="user" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name="id" type="xs:string" minOccurs="1" maxOccurs="1" /> + <!-- Changed type to dateTime, because of importance of Certs --> + <xs:element name="expires" type="xs:dateTime" minOccurs="1" maxOccurs="1" /> + <!-- need to differentiate User Cred Types, jg1555 5/20/2015 + This Return Object is shared by multiple functions: + Type is not returned for "UserRole", but only "Cred" + --> + <xs:element name="type" type="xs:int" minOccurs="0" maxOccurs="1" /> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + +<!-- + Certs + Added jg1555 5/20/2015 to support identifying Certificate based Services + --> + <xs:element name="certs"> + <xs:complexType> + <xs:sequence> + <xs:element name="cert" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name="id" type="xs:string" minOccurs="1" maxOccurs="1" /> + <xs:element name="x500" type="xs:string" minOccurs="1" maxOccurs="1" /> + <xs:element name="expires" type="xs:dateTime" minOccurs="1" maxOccurs="1" /> + <xs:element name="fingerprint" type="xs:hexBinary" minOccurs="1" maxOccurs="1" /> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + +<!-- + Credentials +--> + <xs:element name="credRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element name="id" type="xs:string"/> + <xs:element name="type" type="xs:int" minOccurs="0" maxOccurs="1"/> + <xs:choice > + <xs:element name="password" type="xs:string" /> + <xs:element name="entry" type="xs:string" /> + </xs:choice> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + +<!-- + Multi Request + --> + + <xs:element name="multiRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element ref="aaf:nsRequest" minOccurs="0" maxOccurs="1"/> + <xs:element ref="aaf:nsAttribRequest" minOccurs="0" maxOccurs="unbounded"/> + <xs:element ref="aaf:roleRequest" minOccurs="0" maxOccurs="unbounded"/> + <xs:element ref="aaf:permRequest" minOccurs="0" maxOccurs="unbounded"/> + <xs:element ref="aaf:credRequest" minOccurs="0" maxOccurs="unbounded"/> + <xs:element ref="aaf:userRoleRequest" minOccurs="0" maxOccurs="unbounded"/> + <xs:element ref="aaf:rolePermRequest" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + +<!-- + History + --> + <xs:element name="history"> + <xs:complexType> + <xs:sequence> + <xs:element name="item" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name="YYYYMM" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="timestamp" type="xs:dateTime" minOccurs="1" maxOccurs="1"/> + <xs:element name="subject" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="target" type = "xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="action" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="memo" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + +<!-- + Approvals + --> + <xs:complexType name="approval"> + <xs:sequence> + <!-- Note, id is set by system --> + <xs:element name="id" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element name="ticket" type="xs:string"/> + <xs:element name="user" type="xs:string"/> + <xs:element name="approver" type="xs:string"/> + <xs:element name="type" type="xs:string"/> + <xs:element name="memo" type="xs:string"/> + <xs:element name="updated" type="xs:dateTime"/> + <xs:element name="status"> + <xs:simpleType> + <xs:restriction base="xs:string"> + <xs:enumeration value="approve"/> + <xs:enumeration value="reject"/> + <xs:enumeration value="pending"/> + </xs:restriction> + </xs:simpleType> + </xs:element> + <xs:element name="operation"> + <xs:simpleType> + <xs:restriction base="xs:string"> + <xs:enumeration value="C"/> + <xs:enumeration value="U"/> + <xs:enumeration value="D"/> + <xs:enumeration value="G"/> + <xs:enumeration value="UG"/> + </xs:restriction> + </xs:simpleType> + </xs:element> + </xs:sequence> + </xs:complexType> + <xs:element name="approvals"> + <xs:complexType> + <xs:sequence> + <xs:element name="approvals" type="aaf:approval" minOccurs="1" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + +<!-- + Delegates +--> + <xs:complexType name="delg"> + <xs:sequence> + <xs:element name="user" type="xs:string"/> + <xs:element name="delegate" type="xs:string"/> + <xs:element name="expires" type="xs:date"/> + </xs:sequence> + </xs:complexType> + + <xs:element name="delgRequest"> + <xs:complexType> + <xs:complexContent> + <xs:extension base="aaf:Request"> + <xs:sequence> + <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="delegate" type="xs:string" minOccurs="1" maxOccurs="1"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + </xs:element> + + <xs:element name="delgs"> + <xs:complexType> + <xs:sequence> + <xs:element name="delgs" type="aaf:delg" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + + <!-- jg 3/11/2015 New for 2.0.8 --> + <xs:element name="api"> + <xs:complexType> + <xs:sequence> + <xs:element name="route" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name="meth" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="path" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="param" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="desc" type="xs:string" minOccurs="1" maxOccurs="1"/> + <xs:element name="comments" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="contentType" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="expected" type="xs:int" minOccurs="1" maxOccurs="1"/> + <xs:element name="explicitErr" type="xs:int" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> +</xs:schema>
\ No newline at end of file diff --git a/kubernetes/aaf/resources/config/public/iframe_denied_test.html b/kubernetes/aaf/resources/config/public/iframe_denied_test.html new file mode 100644 index 0000000000..613e9c70c1 --- /dev/null +++ b/kubernetes/aaf/resources/config/public/iframe_denied_test.html @@ -0,0 +1,10 @@ +<!DOCTYPE html> +<html> +<body> + +<iframe src="https://mithrilcsp.sbc.com:8095/gui/home"> + <p>Your browser does not support iframes.</p> +</iframe> + +</body> +</html> diff --git a/kubernetes/aaf/resources/config/public/truststoreONAP.p12 b/kubernetes/aaf/resources/config/public/truststoreONAP.p12 Binary files differnew file mode 100644 index 0000000000..d01e8569ab --- /dev/null +++ b/kubernetes/aaf/resources/config/public/truststoreONAP.p12 diff --git a/kubernetes/aaf/resources/config/public/truststoreONAPall.jks b/kubernetes/aaf/resources/config/public/truststoreONAPall.jks Binary files differnew file mode 100644 index 0000000000..ff844b109d --- /dev/null +++ b/kubernetes/aaf/resources/config/public/truststoreONAPall.jks |