diff options
Diffstat (limited to 'kubernetes/aaf/charts/aaf-cs')
11 files changed, 269 insertions, 238 deletions
diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/ecomp.cql b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/ecomp.cql deleted file mode 100644 index 6fddf65001..0000000000 --- a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/ecomp.cql +++ /dev/null @@ -1,169 +0,0 @@ -USE authz; - -// Create Root pass -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('dgl@openecomp.org','org.openecomp',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - - -// Create 'com' root NS -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com',1,'Root Namespace',null,1); - -INSERT INTO role(ns, name, perms, description) - VALUES('com','admin',{'com.access|*|*'},'Com Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('com','owner',{'com.access|*|read'},'Com Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com','access','*','read',{'com.owner'},'Com Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com','access','*','*',{'com.admin'},'Com Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.owner','2020-12-31','com','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.admin','2020-12-31','com','admin'); - -// Create org root NS -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org',1,'Root Namespace Org',null,1); - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp.dcae',3,'DCAE Namespace Org','org.openecomp',3); - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp.dmaapBC',3,'DMaaP BC Namespace Org','org.openecomp',3); - -INSERT INTO role(ns, name, perms, description) - VALUES('org','admin',{'org.access|*|*'},'Com Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org','owner',{'org.access|*|read'},'Com Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org','access','*','read',{'org.owner'},'Com Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org','access','*','*',{'org.admin'},'Com Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.owner','2020-12-31','org','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.admin','2020-12-31','org','admin'); - - -// Create com.att - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com.att',2,'AT&T Namespace','com',2); - -INSERT INTO role(ns, name, perms,description) - VALUES('com.att','admin',{'com.att.access|*|*'},'AT&T Admins'); - -INSERT INTO role(ns, name, perms,description) - VALUES('com.att','owner',{'com.att.access|*|read'},'AT&T Owners'); - -INSERT INTO perm(ns, type, instance, action, roles,description) - VALUES ('com.att','access','*','read',{'com.att.owner'},'AT&T Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles,description) - VALUES ('com.att','access','*','*',{'com.att.admin'},'AT&T Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.owner','2020-12-31','com.att','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.admin','2020-12-31','com.att','admin'); - -// Create com.att.aaf - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com.att.aaf',3,'Application Authorization Framework','com.att',3); - -INSERT INTO role(ns, name, perms, description) - VALUES('com.att.aaf','admin',{'com.att.aaf.access|*|*'},'AAF Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('com.att.aaf','owner',{'com.att.aaf.access|*|read'},'AAF Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com.att.aaf','access','*','read',{'com.att.aaf.owner'},'AAF Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com.att.aaf','access','*','*',{'com.att.aaf.admin'},'AAF Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.aaf.admin','2020-12-31','com.att.aaf','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.aaf.owner','2020-12-31','com.att.aaf','owner'); - - -// Create org.openecomp -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp',2,'Open EComp NS','com.att',2); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp','admin',{'org.openecomp.access|*|*'},'OpenEcomp Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp','owner',{'org.openecomp.access|*|read'},'OpenEcomp Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp','access','*','read',{'org.openecomp.owner'},'OpenEcomp Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp','access','*','*',{'org.openecomp.admin'},'OpenEcomp Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.openecomp.admin','2020-12-31','org.openecomp','admin'); - -// Create org.openecomp.dmaapBC - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp.dmaapBC',3,'Application Authorization Framework','org.openecomp',3); - -//INSERT INTO role(ns, name, perms, description) -// VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*'},'AAF Admins'); - -INSERT INTO role(ns, name, perms, description) -VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.topicFactory|:org.openecomp.dmaapBC.topic:org.openecomp.dmaapBC|create','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins'); - -//INSERT INTO role(ns, name, perms, description) -//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub'},'AAF Admins'); - -//INSERT INTO role(ns, name, perms, description) -//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins'); - - - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp.dmaapBC','owner',{'org.openecomp.dmaapBC.access|*|read'},'AAF Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp.dmaapBC','access','*','read',{'org.openecomp.dmaapBC.owner'},'AAF Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp.dmaapBC','access','*','*',{'org.openecomp.dmaapBC.admin'},'AAF Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/identities.dat b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/identities.dat deleted file mode 100644 index 98bf99a3d1..0000000000 --- a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/identities.dat +++ /dev/null @@ -1,7 +0,0 @@ -iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e| -mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna -bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager -mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager -ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager -iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager -osaaf|ID of AAF|||||a|bdevl diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/identities.idx b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/identities.idx Binary files differdeleted file mode 100644 index 78fc0a5693..0000000000 --- a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/identities.idx +++ /dev/null diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/init.cql b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/init.cql index 81700f830c..c06e5ee952 100644 --- a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/init.cql +++ b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/init.cql @@ -1,35 +1,6 @@ -// For Developer Machine single instance -// -CREATE KEYSPACE authz -WITH REPLICATION = {'class' : 'SimpleStrategy','replication_factor':1}; -// -// From Ravi, 6-17-2014. User for DEVL->TEST -// -// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'HYWRCA02': '2', 'BRHMALDC': '2' }; -// -// PROD -// -// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','ALPSGACT': '2','STLSMORC': '2','BRHMALDC': '2' }; -// -// create user authz with password '<AUTHZ PASSWORD>' superuser; -// grant all on keyspace authz to authz; -// -// For TEST (aaf_test) -// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'BRHMALDC': '1' }; -// -// DEVL -// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '2' }; -// -// TEST / PERF -// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '3','KGMTNC20': '3' }; -// -// IST -// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC':'3', -// 'DLLSTXCF':'3','KGMTNC20':'3','SFLDMIBB':'3','HYWRCA02':'3' }; -// -// with 6 localized with ccm -// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'dc1': '2', 'dc2': '2' }; -// + +// Table Initialization +// First make sure the keyspace exists. USE authz; @@ -51,12 +22,6 @@ CREATE TABLE ns ( ); CREATE INDEX ns_parent on ns(parent); - -// Oct 2015, not performant. Made Owner and Attrib first class Roles, -// April, 2015. Originally, the plan was to utilize Cassandra 2.1.2, however, other team's preferences were to remain at current levels. -// Therefore, we are taking the separate table approach. (coder Jeremiah Rohwedder) -// We had dropped this by making first class objects of Responsible (Owner) and Admin. We need this again to mark namespaces -// as having certain tools, like SWM, etc. CREATE TABLE ns_attrib ( ns varchar, key varchar, @@ -125,10 +90,10 @@ CREATE INDEX cert_id ON cert(id); CREATE INDEX cert_x500 ON cert(x500); CREATE TABLE notify ( - user text, - type int, - last timestamp, - checksum int, + user text, + type int, + last timestamp, + checksum int, PRIMARY KEY (user,type) ); @@ -155,14 +120,16 @@ CREATE TABLE artifact ( sponsor text, ca text, dir text, - appName text, os_user text, + ns text, notify text, expires timestamp, - renewDays int, + renewDays int, + sans Set<text>, PRIMARY KEY (mechid,machine) ); CREATE INDEX artifact_machine ON artifact(machine); +CREATE INDEX artifact_ns ON artifact(ns); // // Non-Critical Table functions @@ -216,6 +183,7 @@ CREATE TABLE approval ( status varchar, // approval status. pending, approved, denied memo varchar, // Text for Approval to know what's going on operation varchar, // List operation to perform + last_notified timestamp, // Timestamp for the last time approver was notified PRIMARY KEY(id) ); CREATE INDEX appr_approver_idx ON approval(approver); @@ -223,6 +191,19 @@ CREATE INDEX appr_user_idx ON approval(user); CREATE INDEX appr_ticket_idx ON approval(ticket); CREATE INDEX appr_status_idx ON approval(status); +CREATE TABLE approved ( + id timeuuid, // unique Key + user varchar, // the user who needs to be approved + approver varchar, // user approving + type varchar, // approver types i.e. Supervisor, Owner + status varchar, // approval status. pending, approved, denied + memo varchar, // Text for Approval to know what's going on + operation varchar, // List operation to perform + PRIMARY KEY(id) + ); +CREATE INDEX approved_approver_idx ON approved(approver); +CREATE INDEX approved_user_idx ON approved(user); + CREATE TABLE delegate ( user varchar, delegate varchar, @@ -231,6 +212,49 @@ CREATE TABLE delegate ( ); CREATE INDEX delg_delg_idx ON delegate(delegate); +// OAuth Tokens +CREATE TABLE oauth_token ( + id text, // Reference + client_id text, // Creating Client ID + user text, // User requesting + active boolean, // Active or not + type int, // Type of Token + refresh text, // Refresh Token + expires timestamp, // Expiration time/Date (signed long) + exp_sec bigint, // Seconds from Jan 1, 1970 + content text, // Content of Token + scopes Set<text>, // Scopes + state text, // Context string (Optional) + req_ip text, // Requesting IP (for logging purpose) + PRIMARY KEY(id) +) with default_time_to_live = 21600; // 6 hours +CREATE INDEX oauth_token_user_idx ON oauth_token(user); + +CREATE TABLE locate ( + name text, // Component/Server name + hostname text, // FQDN of Service/Component + port int, // Port of Service + major int, // Version, Major + minor int, // Version, Minor + patch int, // Version, Patch + pkg int, // Version, Package (if available) + latitude float, // Latitude + longitude float, // Longitude + protocol text, // Protocol (i.e. http https) + subprotocol set<text>, // Accepted SubProtocols, ie. TLS1.1 for https + port_key uuid, // Key into locate_ports + PRIMARY KEY(name,hostname,port) +) with default_time_to_live = 1200; // 20 mins + +CREATE TABLE locate_ports ( + id uuid, // Id into locate + port int, // SubPort + name text, // Name of Other Port + protocol text, // Protocol of Other (i.e. JMX, DEBUG) + subprotocol set<text>, // Accepted sub protocols or versions + PRIMARY KEY(id, port) +) with default_time_to_live = 1200; // 20 mins; + // // Used by authz-batch processes to ensure only 1 runs at a time // diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/keyspace.cql b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/keyspace.cql new file mode 100644 index 0000000000..52dc5ea77e --- /dev/null +++ b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/keyspace.cql @@ -0,0 +1,11 @@ +// For Developer Machine single instance +// CREATE KEYSPACE authz +// WITH REPLICATION = {'class' : 'SimpleStrategy','replication_factor':1}; +// +// + +// Example of Network Topology, with Datacenter dc1 & dc2 +// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'dc1': '2', 'dc2': '2' }; +// Out of the box Docker Cassandra comes with "datacenter1", one instance +CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'datacenter1': '1' }; +// diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/osaaf.cql b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/osaaf.cql new file mode 100644 index 0000000000..e7385ab69d --- /dev/null +++ b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/osaaf.cql @@ -0,0 +1,122 @@ +USE authz; + +// Create 'org' root NS +INSERT INTO ns (name,description,parent,scope,type) + VALUES('org','Root Namespace','.',1,1); + +INSERT INTO role(ns, name, perms, description) + VALUES('org','admin',{'org.access|*|*'},'Org Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org','owner',{'org.access|*|read,approve'},'Org Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org','access','*','read,approve',{'org.owner'},'Org Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org','access','*','*',{'org.admin'},'Org Write Access'); + +// Create Root pass +INSERT INTO cred (id,ns,type,cred,expires) + VALUES ('initial@osaaf.org','org.osaaf',1,0x008c5926ca861023c1d2a36653fd88e2,'2099-12-31') using TTL 14400; + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('initial@osaaf.org','org.admin','2099-12-31','org','admin') using TTL 14400; + + +// Create org.osaaf +INSERT INTO ns (name,description,parent,scope,type) + VALUES('org.osaaf','OSAAF Namespace','org',2,2); + +INSERT INTO role(ns, name, perms,description) + VALUES('org.osaaf','admin',{'org.osaaf.access|*|*'},'OSAAF Admins'); + +INSERT INTO perm(ns, type, instance, action, roles,description) + VALUES ('org.osaaf','access','*','*',{'org.osaaf.admin'},'OSAAF Write Access'); + +INSERT INTO role(ns, name, perms,description) + VALUES('org.osaaf','owner',{'org.osaaf.access|*|read,approve'},'OSAAF Owners'); + +INSERT INTO perm(ns, type, instance, action, roles,description) + VALUES ('org.osaaf','access','*','read,appove',{'org.osaaf.owner'},'OSAAF Read Access'); + +// Create org.osaaf.aaf +INSERT INTO ns (name,description,parent,scope,type) + VALUES('org.osaaf.aaf','Application Authorization Framework','org.osaaf',3,3); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.osaaf.aaf','admin',{'org.osaaf.aaf.access|*|*'},'AAF Admins'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.osaaf.aaf','access','*','*',{'org.osaaf.aaf.admin'},'AAF Write Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.osaaf.aaf','access','*','read,approve',{'org.osaaf.aaf.owner'},'AAF Read Access'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.osaaf.aaf','owner',{'org.osaaf.aaf.access|*|read,approve'},'AAF Owners'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('initial@osaaf.org','org.osaaf.aaf.admin','2099-12-31','org.osaaf.aaf','admin') using TTL 14400; + + +// ONAP Specific Entities +// ONAP initial env Namespace +INSERT INTO ns (name,description,parent,scope,type) + VALUES('org.onap','ONAP','org',2,2); + +INSERT INTO ns (name,description,parent,scope,type) + VALUES('org.onap.portal','ONAP Portal','org.onap.portal',3,3); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.onap.portal','access','*','read',{ + 'org.onap.portal.owner','org.onap.portal.designer','org.onap.portal.tester','org.onap.portal.ops','org.onap.portal.governor' + },'Portal Read Access'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','owner',{'org.onap.portal.access|*|read'},'Portal Owner'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.onap.portal','access','*','*',{'org.onap.portal.admin'},'Portal Write Access'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','admin',{'org.onap.portal.access|*|*'},'Portal Admins'); + +// DEMO ID (OPS) +insert into cred (id,type,expires,cred,notes,ns,other) values('demo@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('demo@people.osaaf.org','org.onap.portal.admin','2018-10-31','org.onap.portal','admin'); + +// ADMIN +insert into cred (id,type,expires,cred,notes,ns,other) values('jh0003@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('jh0003@people.osaaf.org','org.onap.portal.admin','2018-10-31','org.onap.portal','admin'); + +// DESIGNER +INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('cs0008@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','designer',{'org.onap.portal.access|*|read'},'Portal Designer'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('cs0008@people.osaaf.org','org.onap.portal.designer','2018-10-31','org.onap.portal','designer'); + +// TESTER +INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('jm0007@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','tester',{'org.onap.portal.access|*|read'},'Portal Tester'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('jm0007@people.osaaf.org','org.onap.portal.tester','2018-10-31','org.onap.portal','tester'); + +// OPS +INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('op0001@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','ops',{'org.onap.portal.access|*|read'},'Portal Operations'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('op0001@people.osaaf.org','org.onap.portal.ops','2018-10-31','org.onap.portal','ops'); + +// GOVERNOR +INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('gv0001@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','governor',{'org.onap.portal.access|*|read'},'Portal Governor'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('gv0001@people.osaaf.org','org.onap.portal.governor','2018-10-31','org.onap.portal','governor'); + diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/temp_identity.cql b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/temp_identity.cql new file mode 100644 index 0000000000..5e7cfe1741 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/temp_identity.cql @@ -0,0 +1,8 @@ +USE authz; + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('demo@people.osaaf.org','org.admin','2099-12-31','org','admin') ; + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('demo@people.osaaf.org','org.osaaf.aaf.admin','2099-12-31','org.osaaf.aaf','admin') ; + diff --git a/kubernetes/aaf/charts/aaf-cs/templates/NOTES.txt b/kubernetes/aaf/charts/aaf-cs/templates/NOTES.txt new file mode 100644 index 0000000000..c60c745ca3 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-cs/templates/NOTES.txt @@ -0,0 +1,19 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml index 15e574f511..4253d2fb71 100644 --- a/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml @@ -24,14 +24,11 @@ metadata: heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} template: metadata: labels: app: {{ include "common.name" . }} - name: {{ .Release.Name }} + release: {{ .Release.Name }} spec: hostname: {{ include "common.name" . }} containers: @@ -39,24 +36,45 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }} + ports: + - containerPort: {{ .Values.service.externalPort }} + - containerPort: {{ .Values.service.externalPort2 }} + - containerPort: {{ .Values.service.externalPort3 }} + - containerPort: {{ .Values.service.externalPort4 }} volumeMounts: - mountPath: /data name: aaf-cs-data + - mountPath: /etc/localtime + name: localtime + readOnly: true # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ .Values.service.internalPort3 }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ .Values.service.internalPort3 }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: + lifecycle: + postStart: + exec: + command: + - /bin/sh + - -c + - > + /bin/sleep 30; + cd /data/; + cqlsh -u root -p root -f keyspace.cql ; + cqlsh -u root -p root -f init.cql ; + cqlsh -u root -p root -f osaaf.cql ; + cqlsh -u root -p root -f temp_identity.cql + resources: {{ toYaml .Values.resources | indent 12 }} {{- if .Values.nodeSelector }} nodeSelector: @@ -66,8 +84,10 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: + - name: localtime + hostPath: + path: /etc/localtime - name: aaf-cs-data secret: secretName: {{ include "common.fullname" . }} diff --git a/kubernetes/aaf/charts/aaf-cs/templates/service.yaml b/kubernetes/aaf/charts/aaf-cs/templates/service.yaml index 2e4a619a20..b1716e4936 100644 --- a/kubernetes/aaf/charts/aaf-cs/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-cs/templates/service.yaml @@ -22,6 +22,8 @@ metadata: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} +# annotations: +# service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" spec: type: {{ .Values.service.type }} ports: @@ -30,29 +32,29 @@ spec: #Example internal target port if required #targetPort: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.name }} + name: {{ .Values.service.portName }} - port: {{ .Values.service.externalPort2 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.name }}2 + name: {{ .Values.service.portName }}2 - port: {{ .Values.service.externalPort3 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }} - name: {{ .Values.service.name }}3 + name: {{ .Values.service.portName }}3 - port: {{ .Values.service.externalPort4 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }} - name: {{ .Values.service.name }}4 + name: {{ .Values.service.portName }}4 {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }} + name: {{ .Values.service.portName }} - port: {{ .Values.service.externalPort2 }} targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.name }}2 + name: {{ .Values.service.portName }}2 - port: {{ .Values.service.externalPort3 }} targetPort: {{ .Values.service.internalPort3 }} - name: {{ .Values.service.name }}3 + name: {{ .Values.service.portName }}3 - port: {{ .Values.service.externalPort4 }} targetPort: {{ .Values.service.internalPort4 }} - name: {{ .Values.service.name }}4 + name: {{ .Values.service.portName }}4 {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/aaf/charts/aaf-cs/values.yaml b/kubernetes/aaf/charts/aaf-cs/values.yaml index 89b83cd169..83bc972fd8 100644 --- a/kubernetes/aaf/charts/aaf-cs/values.yaml +++ b/kubernetes/aaf/charts/aaf-cs/values.yaml @@ -25,7 +25,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: library/cassandra:2.1.17 +image: library/cassandra:3.11 pullPolicy: Always # flag to enable debugging - application support required @@ -54,8 +54,9 @@ readiness: periodSeconds: 10 service: + name: aaf-cass type: ClusterIP - name: aaf-cs + portName: aaf-cs #targetPort internalPort: 7000 #port |