diff options
author | Keren Joseph <keren.joseph@amdocs.com> | 2018-04-08 13:20:09 +0300 |
---|---|---|
committer | Keren Joseph <keren.joseph@amdocs.com> | 2018-04-08 13:20:09 +0300 |
commit | aa05ca5ec5f8a6c1d44d7e822847f8907c8a887a (patch) | |
tree | 8e30bbd7c6694a46ebe7682756ffed0dff95e300 /kubernetes/aaf/resources | |
parent | 6cfff80ec93d4a4fa3bdeb5289a70c4296560db1 (diff) |
aaf mapping fix
Issue-ID: OOM-888
Change-Id: I005c686239e366318f08ec3b810ca2b1d3dbda56
Signed-off-by: Keren Joseph <keren.joseph@amdocs.com>
Diffstat (limited to 'kubernetes/aaf/resources')
-rw-r--r-- | kubernetes/aaf/resources/config/aaf-cs-data/ecomp.cql | 169 | ||||
-rw-r--r-- | kubernetes/aaf/resources/config/aaf-cs-data/identities.idx | bin | 56 -> 0 bytes | |||
-rw-r--r-- | kubernetes/aaf/resources/config/aaf-cs-data/init.cql | 242 | ||||
-rw-r--r-- | kubernetes/aaf/resources/config/aaf-data/identities.dat (renamed from kubernetes/aaf/resources/config/aaf-cs-data/identities.dat) | 2 |
4 files changed, 2 insertions, 411 deletions
diff --git a/kubernetes/aaf/resources/config/aaf-cs-data/ecomp.cql b/kubernetes/aaf/resources/config/aaf-cs-data/ecomp.cql deleted file mode 100644 index 6fddf65001..0000000000 --- a/kubernetes/aaf/resources/config/aaf-cs-data/ecomp.cql +++ /dev/null @@ -1,169 +0,0 @@ -USE authz; - -// Create Root pass -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('dgl@openecomp.org','org.openecomp',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - - -// Create 'com' root NS -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com',1,'Root Namespace',null,1); - -INSERT INTO role(ns, name, perms, description) - VALUES('com','admin',{'com.access|*|*'},'Com Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('com','owner',{'com.access|*|read'},'Com Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com','access','*','read',{'com.owner'},'Com Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com','access','*','*',{'com.admin'},'Com Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.owner','2020-12-31','com','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.admin','2020-12-31','com','admin'); - -// Create org root NS -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org',1,'Root Namespace Org',null,1); - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp.dcae',3,'DCAE Namespace Org','org.openecomp',3); - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp.dmaapBC',3,'DMaaP BC Namespace Org','org.openecomp',3); - -INSERT INTO role(ns, name, perms, description) - VALUES('org','admin',{'org.access|*|*'},'Com Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org','owner',{'org.access|*|read'},'Com Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org','access','*','read',{'org.owner'},'Com Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org','access','*','*',{'org.admin'},'Com Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.owner','2020-12-31','org','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.admin','2020-12-31','org','admin'); - - -// Create com.att - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com.att',2,'AT&T Namespace','com',2); - -INSERT INTO role(ns, name, perms,description) - VALUES('com.att','admin',{'com.att.access|*|*'},'AT&T Admins'); - -INSERT INTO role(ns, name, perms,description) - VALUES('com.att','owner',{'com.att.access|*|read'},'AT&T Owners'); - -INSERT INTO perm(ns, type, instance, action, roles,description) - VALUES ('com.att','access','*','read',{'com.att.owner'},'AT&T Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles,description) - VALUES ('com.att','access','*','*',{'com.att.admin'},'AT&T Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.owner','2020-12-31','com.att','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.admin','2020-12-31','com.att','admin'); - -// Create com.att.aaf - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com.att.aaf',3,'Application Authorization Framework','com.att',3); - -INSERT INTO role(ns, name, perms, description) - VALUES('com.att.aaf','admin',{'com.att.aaf.access|*|*'},'AAF Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('com.att.aaf','owner',{'com.att.aaf.access|*|read'},'AAF Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com.att.aaf','access','*','read',{'com.att.aaf.owner'},'AAF Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com.att.aaf','access','*','*',{'com.att.aaf.admin'},'AAF Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.aaf.admin','2020-12-31','com.att.aaf','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.aaf.owner','2020-12-31','com.att.aaf','owner'); - - -// Create org.openecomp -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp',2,'Open EComp NS','com.att',2); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp','admin',{'org.openecomp.access|*|*'},'OpenEcomp Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp','owner',{'org.openecomp.access|*|read'},'OpenEcomp Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp','access','*','read',{'org.openecomp.owner'},'OpenEcomp Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp','access','*','*',{'org.openecomp.admin'},'OpenEcomp Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.openecomp.admin','2020-12-31','org.openecomp','admin'); - -// Create org.openecomp.dmaapBC - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp.dmaapBC',3,'Application Authorization Framework','org.openecomp',3); - -//INSERT INTO role(ns, name, perms, description) -// VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*'},'AAF Admins'); - -INSERT INTO role(ns, name, perms, description) -VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.topicFactory|:org.openecomp.dmaapBC.topic:org.openecomp.dmaapBC|create','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins'); - -//INSERT INTO role(ns, name, perms, description) -//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub'},'AAF Admins'); - -//INSERT INTO role(ns, name, perms, description) -//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins'); - - - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp.dmaapBC','owner',{'org.openecomp.dmaapBC.access|*|read'},'AAF Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp.dmaapBC','access','*','read',{'org.openecomp.dmaapBC.owner'},'AAF Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp.dmaapBC','access','*','*',{'org.openecomp.dmaapBC.admin'},'AAF Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); diff --git a/kubernetes/aaf/resources/config/aaf-cs-data/identities.idx b/kubernetes/aaf/resources/config/aaf-cs-data/identities.idx Binary files differdeleted file mode 100644 index 78fc0a5693..0000000000 --- a/kubernetes/aaf/resources/config/aaf-cs-data/identities.idx +++ /dev/null diff --git a/kubernetes/aaf/resources/config/aaf-cs-data/init.cql b/kubernetes/aaf/resources/config/aaf-cs-data/init.cql deleted file mode 100644 index 81700f830c..0000000000 --- a/kubernetes/aaf/resources/config/aaf-cs-data/init.cql +++ /dev/null @@ -1,242 +0,0 @@ -// For Developer Machine single instance -// -CREATE KEYSPACE authz -WITH REPLICATION = {'class' : 'SimpleStrategy','replication_factor':1}; -// -// From Ravi, 6-17-2014. User for DEVL->TEST -// -// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'HYWRCA02': '2', 'BRHMALDC': '2' }; -// -// PROD -// -// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','ALPSGACT': '2','STLSMORC': '2','BRHMALDC': '2' }; -// -// create user authz with password '<AUTHZ PASSWORD>' superuser; -// grant all on keyspace authz to authz; -// -// For TEST (aaf_test) -// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'BRHMALDC': '1' }; -// -// DEVL -// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '2' }; -// -// TEST / PERF -// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '3','KGMTNC20': '3' }; -// -// IST -// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC':'3', -// 'DLLSTXCF':'3','KGMTNC20':'3','SFLDMIBB':'3','HYWRCA02':'3' }; -// -// with 6 localized with ccm -// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'dc1': '2', 'dc2': '2' }; -// - -USE authz; - -// -// CORE Table function -// - -// Namespace - establish hierarchical authority to modify -// Permissions and Roles -// "scope" is flag to determine Policy. Typical important scope -// is "company" (1) -CREATE TABLE ns ( - name varchar, - scope int, // deprecated 2.0.11 - description varchar, - parent varchar, - type int, - PRIMARY KEY (name) -); -CREATE INDEX ns_parent on ns(parent); - - -// Oct 2015, not performant. Made Owner and Attrib first class Roles, -// April, 2015. Originally, the plan was to utilize Cassandra 2.1.2, however, other team's preferences were to remain at current levels. -// Therefore, we are taking the separate table approach. (coder Jeremiah Rohwedder) -// We had dropped this by making first class objects of Responsible (Owner) and Admin. We need this again to mark namespaces -// as having certain tools, like SWM, etc. -CREATE TABLE ns_attrib ( - ns varchar, - key varchar, - value varchar, - PRIMARY KEY (ns,key) -); -create index ns_attrib_key on ns_attrib(key); - -// Will be cached -CREATE TABLE role ( - ns varchar, - name varchar, - perms set<varchar>, // Use "Key" of "name|type|action" - description varchar, - PRIMARY KEY (ns,name) -); -CREATE INDEX role_name ON role(name); - -// Will be cached -CREATE TABLE perm ( - ns varchar, - type varchar, - instance varchar, - action varchar, - roles set<varchar>, // Need to find Roles given Permissions - description varchar, - PRIMARY KEY (ns,type,instance,action) -); - -// This table is user for Authorization -CREATE TABLE user_role ( - user varchar, - role varchar, // deprecated: change to ns/rname after 2.0.11 - ns varchar, - rname varchar, - expires timestamp, - PRIMARY KEY(user,role) - ); -CREATE INDEX user_role_ns ON user_role(ns); -CREATE INDEX user_role_role ON user_role(role); - -// This table is only for the case where return User Credential (MechID) Authentication -CREATE TABLE cred ( - id varchar, - type int, - expires timestamp, - ns varchar, - other int, - notes varchar, - cred blob, - prev blob, - PRIMARY KEY (id,type,expires) - ); -CREATE INDEX cred_ns ON cred(ns); - -// Certificate Cross Table -// coordinated with CRED type 2 -CREATE TABLE cert ( - fingerprint blob, - id varchar, - x500 varchar, - expires timestamp, - PRIMARY KEY (fingerprint) - ); -CREATE INDEX cert_id ON cert(id); -CREATE INDEX cert_x500 ON cert(x500); - -CREATE TABLE notify ( - user text, - type int, - last timestamp, - checksum int, - PRIMARY KEY (user,type) -); - -CREATE TABLE x509 ( - ca text, - serial blob, - id text, - x500 text, - x509 text, - PRIMARY KEY (ca,serial) -); - - -CREATE INDEX x509_id ON x509 (id); -CREATE INDEX x509_x500 ON x509 (x500); - -// -// Deployment Artifact (for Certman) -// -CREATE TABLE artifact ( - mechid text, - machine text, - type Set<text>, - sponsor text, - ca text, - dir text, - appName text, - os_user text, - notify text, - expires timestamp, - renewDays int, - PRIMARY KEY (mechid,machine) -); -CREATE INDEX artifact_machine ON artifact(machine); - -// -// Non-Critical Table functions -// -// Table Info - for Caching -CREATE TABLE cache ( - name varchar, - seg int, // cache Segment - touched timestamp, - PRIMARY KEY(name,seg) -); - -CREATE TABLE history ( - id timeuuid, - yr_mon int, - user varchar, - action varchar, - target varchar, // user, user_role, - subject varchar, // field for searching main portion of target key - memo varchar, //description of the action - reconstruct blob, //serialized form of the target - // detail Map<varchar, varchar>, // additional information - PRIMARY KEY (id) -); -CREATE INDEX history_yr_mon ON history(yr_mon); -CREATE INDEX history_user ON history(user); -CREATE INDEX history_subject ON history(subject); - -// -// A place to hold objects to be created at a future time. -// -CREATE TABLE future ( - id uuid, // uniquify - target varchar, // Target Table - memo varchar, // Description - start timestamp, // When it should take effect - expires timestamp, // When not longer valid - construct blob, // How to construct this object (like History) - PRIMARY KEY(id) -); -CREATE INDEX future_idx ON future(target); -CREATE INDEX future_start_idx ON future(start); - - -CREATE TABLE approval ( - id timeuuid, // unique Key - ticket uuid, // Link to Future Record - user varchar, // the user who needs to be approved - approver varchar, // user approving - type varchar, // approver types i.e. Supervisor, Owner - status varchar, // approval status. pending, approved, denied - memo varchar, // Text for Approval to know what's going on - operation varchar, // List operation to perform - PRIMARY KEY(id) - ); -CREATE INDEX appr_approver_idx ON approval(approver); -CREATE INDEX appr_user_idx ON approval(user); -CREATE INDEX appr_ticket_idx ON approval(ticket); -CREATE INDEX appr_status_idx ON approval(status); - -CREATE TABLE delegate ( - user varchar, - delegate varchar, - expires timestamp, - PRIMARY KEY (user) -); -CREATE INDEX delg_delg_idx ON delegate(delegate); - -// -// Used by authz-batch processes to ensure only 1 runs at a time -// -CREATE TABLE run_lock ( - class text, - host text, - start timestamp, - PRIMARY KEY ((class)) -); diff --git a/kubernetes/aaf/resources/config/aaf-cs-data/identities.dat b/kubernetes/aaf/resources/config/aaf-data/identities.dat index 98bf99a3d1..95eb51d1be 100644 --- a/kubernetes/aaf/resources/config/aaf-cs-data/identities.dat +++ b/kubernetes/aaf/resources/config/aaf-data/identities.dat @@ -5,3 +5,5 @@ mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e| ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager osaaf|ID of AAF|||||a|bdevl +m99751|ID of AAF|||||a|bdevl +m99501|ID of AAF|||||a|bdevl |