From 8de39a774d0e58e70fa5bde7fd1ecc158db1453f Mon Sep 17 00:00:00 2001 From: vaibhav_16dec Date: Wed, 17 Jan 2018 12:22:52 +0000 Subject: Policy config segreggation Issue-ID: OOM-553 Change-Id: I8dab41aea5b0fad1395f6deb47b2faa6f7dcbdbc Signed-off-by: vaibhav_16dec --- .../init/src/config/log/policy/drools/logback.xml | 107 --------- .../src/config/log/policy/ep_sdk_app/logback.xml | 190 ---------------- .../src/config/log/policy/pypdpserver/logback.xml | 154 ------------- .../config/log/policy/xacml-pap-rest/logback.xml | 153 ------------- .../config/log/policy/xacml-pdp-rest/logback.xml | 153 ------------- .../init/src/config/policy/drools/settings.xml | 99 -------- .../policy/opt/policy/config/drools/base.conf | 100 --------- .../opt/policy/config/drools/drools-tweaks.sh | 23 -- .../policy/config/drools/feature-healthcheck.conf | 2 - .../opt/policy/config/drools/policy-keystore | Bin 5640 -> 0 bytes .../policy/config/drools/policy-management.conf | 5 - .../config/policy/opt/policy/config/pe/base.conf | 24 -- .../policy/opt/policy/config/pe/brmsgw-tweaks.sh | 38 ---- .../config/policy/opt/policy/config/pe/brmsgw.conf | 53 ----- .../policy/opt/policy/config/pe/console.conf | 132 ----------- .../config/policy/opt/policy/config/pe/elk.conf | 3 - .../config/policy/opt/policy/config/pe/mysql.conf | 5 - .../policy/opt/policy/config/pe/pap-tweaks.sh | 1 - .../config/policy/opt/policy/config/pe/pap.conf | 55 ----- .../config/policy/opt/policy/config/pe/paplp.conf | 12 - .../policy/opt/policy/config/pe/pdp-tweaks.sh | 2 - .../config/policy/opt/policy/config/pe/pdp.conf | 56 ----- .../config/policy/opt/policy/config/pe/pdplp.conf | 12 - .../policy/opt/policy/config/pe/push-policies.sh | 250 --------------------- 24 files changed, 1629 deletions(-) delete mode 100644 kubernetes/config/docker/init/src/config/log/policy/drools/logback.xml delete mode 100644 kubernetes/config/docker/init/src/config/log/policy/ep_sdk_app/logback.xml delete mode 100644 kubernetes/config/docker/init/src/config/log/policy/pypdpserver/logback.xml delete mode 100644 kubernetes/config/docker/init/src/config/log/policy/xacml-pap-rest/logback.xml delete mode 100644 kubernetes/config/docker/init/src/config/log/policy/xacml-pdp-rest/logback.xml delete mode 100755 kubernetes/config/docker/init/src/config/policy/drools/settings.xml delete mode 100755 kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/base.conf delete mode 100755 kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/drools-tweaks.sh delete mode 100644 kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/feature-healthcheck.conf delete mode 100644 kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-keystore delete mode 100755 kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-management.conf delete mode 100755 kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/base.conf delete mode 100755 kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/brmsgw-tweaks.sh delete mode 100755 kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/brmsgw.conf delete mode 100755 kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/console.conf delete mode 100644 kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/elk.conf delete mode 100755 kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/mysql.conf delete mode 100755 kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/pap-tweaks.sh delete mode 100755 kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/pap.conf delete mode 100755 kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/paplp.conf delete mode 100755 kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/pdp-tweaks.sh delete mode 100755 kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/pdp.conf delete mode 100755 kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/pdplp.conf delete mode 100755 kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/push-policies.sh (limited to 'kubernetes/config') diff --git a/kubernetes/config/docker/init/src/config/log/policy/drools/logback.xml b/kubernetes/config/docker/init/src/config/log/policy/drools/logback.xml deleted file mode 100644 index daecf97850..0000000000 --- a/kubernetes/config/docker/init/src/config/log/policy/drools/logback.xml +++ /dev/null @@ -1,107 +0,0 @@ - - - - - - - - - - - - - - - - ${logDir}/${errorLog}.log - - ${logDir}/${errorLog}.%i.log.zip - 1 - 5 - - - WARN - - - 15MB - - - ${errorPattern} - - - - - - - - - ${logDir}/${debugLog}.log - - ${logDir}/${debugLog}.%i.log.zip - 1 - 9 - - - 20MB - - - ${debugPattern} - - - - - - - - - ${logDir}/${networkLog}.log - - ${logDir}/${networkLog}.%i.log.zip - 1 - 9 - - - 15MB - - - ${networkPattern} - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/kubernetes/config/docker/init/src/config/log/policy/ep_sdk_app/logback.xml b/kubernetes/config/docker/init/src/config/log/policy/ep_sdk_app/logback.xml deleted file mode 100644 index d0871bdb4a..0000000000 --- a/kubernetes/config/docker/init/src/config/log/policy/ep_sdk_app/logback.xml +++ /dev/null @@ -1,190 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ${pattern} - - - - - - - - ${logDirectory}/${generalLogName}.log - - - ${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.%i.log - - ${maxFileSize} - - ${maxHistory} - ${totalSizeCap} - - - ${pattern} - - - - - ${queueSize} - - true - - - - - ${logDirectory}/${auditLogName}.log - - - ${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log - - ${maxFileSize} - - ${maxHistory} - ${totalSizeCap} - - - ${pattern} - - - - ${queueSize} - - - - ${logDirectory}/${metricsLogName}.log - - - ${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log - - ${maxFileSize} - - ${maxHistory} - ${totalSizeCap} - - - ${pattern} - - - - ${queueSize} - - - - ${logDirectory}/${errorLogName}.log - - - ${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log - - ${maxFileSize} - - ${maxHistory} - ${totalSizeCap} - - - ${pattern} - - - INFO - - - - ${queueSize} - - - - ${logDirectory}/${debugLogName}.log - - - ${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log - - ${maxFileSize} - - ${maxHistory} - ${totalSizeCap} - - - ${pattern} - - - - ${queueSize} - - true - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/kubernetes/config/docker/init/src/config/log/policy/pypdpserver/logback.xml b/kubernetes/config/docker/init/src/config/log/policy/pypdpserver/logback.xml deleted file mode 100644 index c4b596b6d5..0000000000 --- a/kubernetes/config/docker/init/src/config/log/policy/pypdpserver/logback.xml +++ /dev/null @@ -1,154 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - ${pattern} - - - - - - - - - ${logDirectory}/${auditLogName}.log - - ${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log - - ${maxFileSize} - - ${maxHistory} - ${totalSizeCap} - - - ${pattern} - - - - ${queueSize} - - - - ${logDirectory}/${metricsLogName}.log - - ${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log - - ${maxFileSize} - - ${maxHistory} - ${totalSizeCap} - - - - ${pattern} - - - - ${queueSize} - - - - ${logDirectory}/${errorLogName}.log - - ${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log - - ${maxFileSize} - - ${maxHistory} - ${totalSizeCap} - - - ${pattern} - - - INFO - - - - ${queueSize} - - - - ${logDirectory}/${debugLogName}.log - - ${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log - - ${maxFileSize} - - ${maxHistory} - ${totalSizeCap} - - - ${pattern} - - - - ${queueSize} - - true - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/kubernetes/config/docker/init/src/config/log/policy/xacml-pap-rest/logback.xml b/kubernetes/config/docker/init/src/config/log/policy/xacml-pap-rest/logback.xml deleted file mode 100644 index 77068bb9aa..0000000000 --- a/kubernetes/config/docker/init/src/config/log/policy/xacml-pap-rest/logback.xml +++ /dev/null @@ -1,153 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - ${pattern} - - - - - - - - - ${logDirectory}/${auditLogName}.log - - ${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log - - ${maxFileSize} - - ${maxHistory} - ${totalSizeCap} - - - ${pattern} - - - - ${queueSize} - - - - ${logDirectory}/${metricsLogName}.log - - ${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log - - ${maxFileSize} - - ${maxHistory} - ${totalSizeCap} - - - - ${pattern} - - - - ${queueSize} - - - - ${logDirectory}/${errorLogName}.log - - ${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log - - ${maxFileSize} - - ${maxHistory} - ${totalSizeCap} - - - ${pattern} - - - INFO - - - - ${queueSize} - - - - ${logDirectory}/${debugLogName}.log - - ${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log - - ${maxFileSize} - - ${maxHistory} - ${totalSizeCap} - - - ${pattern} - - - - ${queueSize} - - true - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/kubernetes/config/docker/init/src/config/log/policy/xacml-pdp-rest/logback.xml b/kubernetes/config/docker/init/src/config/log/policy/xacml-pdp-rest/logback.xml deleted file mode 100644 index c9c05d922d..0000000000 --- a/kubernetes/config/docker/init/src/config/log/policy/xacml-pdp-rest/logback.xml +++ /dev/null @@ -1,153 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - ${pattern} - - - - - - - - - ${logDirectory}/${auditLogName}.log - - ${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log - - ${maxFileSize} - - ${maxHistory} - ${totalSizeCap} - - - ${pattern} - - - - ${queueSize} - - - - ${logDirectory}/${metricsLogName}.log - - ${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log - - ${maxFileSize} - - ${maxHistory} - ${totalSizeCap} - - - - ${pattern} - - - - ${queueSize} - - - - ${logDirectory}/${errorLogName}.log - - ${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log - - ${maxFileSize} - - ${maxHistory} - ${totalSizeCap} - - - ${pattern} - - - INFO - - - - ${queueSize} - - - - ${logDirectory}/${debugLogName}.log - - ${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log - - ${maxFileSize} - - ${maxHistory} - ${totalSizeCap} - - - ${pattern} - - - - ${queueSize} - - true - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/kubernetes/config/docker/init/src/config/policy/drools/settings.xml b/kubernetes/config/docker/init/src/config/policy/drools/settings.xml deleted file mode 100755 index 2a9e2a0b24..0000000000 --- a/kubernetes/config/docker/init/src/config/policy/drools/settings.xml +++ /dev/null @@ -1,99 +0,0 @@ - - - - - - - - - policy-profile - - true - - - - - policy-nexus-snapshots - http://nexus:8081/nexus/content/repositories/snapshots/ - - false - always - - - true - always - - - - - policy-nexus-releases - http://nexus:8081/nexus/content/repositories/releases/ - - true - always - - - false - always - - - - - - - - - policy-profile - - - - - policy-nexus-snapshots - admin - admin123 - - - policy-nexus-releases - admin - admin123 - - - - diff --git a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/base.conf b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/base.conf deleted file mode 100755 index 4f904444f7..0000000000 --- a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/base.conf +++ /dev/null @@ -1,100 +0,0 @@ -### -# ============LICENSE_START======================================================= -# ONAP POLICY -# ================================================================================ -# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -### - - -# SYSTEM software configuration - -POLICY_HOME=/opt/app/policy -JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64 -KEYSTORE_PASSWD=PolicyR0ck$ - -# Telemetry credentials - -ENGINE_MANAGEMENT_PORT=9696 -ENGINE_MANAGEMENT_HOST=0.0.0.0 -ENGINE_MANAGEMENT_USER=@1b3rt -ENGINE_MANAGEMENT_PASSWORD=31nst31n - -# nexus repository - -snapshotRepositoryID=policy-nexus-snapshots -snapshotRepositoryUrl=http://nexus:8081/nexus/content/repositories/snapshots/ -releaseRepositoryID=policy-nexus-releases -releaseRepositoryUrl=http://nexus:8081/nexus/content/repositories/releases/ -repositoryUsername=admin -repositoryPassword=admin123 - -# Relational (SQL) DB access - -SQL_HOST=mariadb.onap-policy -SQL_USER=policy_user -SQL_PASSWORD=policy_user - -# PDP-D DMaaP configuration channel - -PDPD_CONFIGURATION_TOPIC=PDPD-CONFIGURATION -PDPD_CONFIGURATION_SERVERS=dmaap.onap-message-router -PDPD_CONFIGURATION_API_KEY= -PDPD_CONFIGURATION_API_SECRET= -PDPD_CONFIGURATION_CONSUMER_GROUP= -PDPD_CONFIGURATION_CONSUMER_INSTANCE= -PDPD_CONFIGURATION_PARTITION_KEY= - -# PAP - -PAP_HOST=pap.onap-policy -PAP_USERNAME=testpap -PAP_PASSWORD=alpha123 - -# PDP-X - -PDP_HOST=pdp.onap-policy -PDP_USERNAME=testpdp -PDP_PASSWORD=alpha123 -PDP_CLIENT_USERNAME=python -PDP_CLIENT_PASSWORD=test -PDP_ENVIRONMENT=TEST - -# DCAE DMaaP - -DCAE_TOPIC=unauthenticated.DCAE_CL_OUTPUT -DCAE_SERVERS=dmaap.onap-message-router - -# Open DMaaP - -DMAAP_SERVERS=dmaap.onap-message-router - -# AAI - -AAI_URL=https://aai.api.simpledemo.openecomp.org:8443 -AAI_USERNAME=POLICY -AAI_PASSWORD=POLICY - -# MSO - -SO_URL=http://mso.onap-mso:8080/ecomp/mso/infra -SO_USERNAME=InfraPortalClient -SO_PASSWORD=password1$ - -# VFC - -VFC_URL= -VFC_USERNAME= -VFC_PASSWORD= \ No newline at end of file diff --git a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/drools-tweaks.sh b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/drools-tweaks.sh deleted file mode 100755 index 8bff59c2e7..0000000000 --- a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/drools-tweaks.sh +++ /dev/null @@ -1,23 +0,0 @@ -#! /bin/bash - -### -# ============LICENSE_START======================================================= -# ONAP -# ================================================================================ -# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -### - -${POLICY_HOME}/bin/features enable healthcheck diff --git a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/feature-healthcheck.conf b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/feature-healthcheck.conf deleted file mode 100644 index 31baed21e3..0000000000 --- a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/feature-healthcheck.conf +++ /dev/null @@ -1,2 +0,0 @@ -HEALTHCHECK_USER=healthcheck -HEALTHCHECK_PASSWORD=zb!XztG34 diff --git a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-keystore b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-keystore deleted file mode 100644 index ab25c3a341..0000000000 Binary files a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-keystore and /dev/null differ diff --git a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-management.conf b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-management.conf deleted file mode 100755 index 843b832ea7..0000000000 --- a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-management.conf +++ /dev/null @@ -1,5 +0,0 @@ -CONTROLLER_ARTIFACT_ID=policy-management -CONTROLLER_NAME=policy-management-controller -CONTROLLER_PORT=9696 -RULES_ARTIFACT=not-used:not-used:1.0.0-SNAPSHOT -UEB_TOPIC=policyengine-develop diff --git a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/base.conf b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/base.conf deleted file mode 100755 index 9c87d9ca72..0000000000 --- a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/base.conf +++ /dev/null @@ -1,24 +0,0 @@ -JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64 -POLICY_HOME=/opt/app/policy -KEYSTORE_PASSWD=PolicyR0ck$ - -JDBC_DRIVER=org.mariadb.jdbc.Driver -JDBC_URL=jdbc:mariadb://mariadb.onap-policy:3306/onap_sdk?failOverReadOnly=false&autoReconnect=true -JDBC_LOG_URL=jdbc:mariadb://mariadb.onap-policy:3306/log?failOverReadOnly=false&autoReconnect=true -JDBC_USER=policy_user -JDBC_PASSWORD=policy_user - -site_name=site_1 -fp_monitor_interval=30 -failed_counter_threshold=3 -test_trans_interval=20 -write_fpc_interval=5 -max_fpc_update_interval=60 -test_via_jmx=false -jmx_fqdn= - -ENVIRONMENT=TEST - -#Micro Service Model Properties -policy_msOnapName= -policy_msPolicyName= \ No newline at end of file diff --git a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/brmsgw-tweaks.sh b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/brmsgw-tweaks.sh deleted file mode 100755 index daa3596e6e..0000000000 --- a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/brmsgw-tweaks.sh +++ /dev/null @@ -1,38 +0,0 @@ -#! /bin/bash - -PROPS_BUILD="${POLICY_HOME}/etc/build.info" - -PROPS_RUNTIME="${POLICY_HOME}/servers/brmsgw/config.properties" -PROPS_INSTALL="${POLICY_HOME}/install/servers/brmsgw/config.properties" - - -if [ ! -f "${PROPS_BUILD}" ]; then - echo "error: version information does not exist: ${PROPS_BUILD}" - exit 1 -fi - -source "${POLICY_HOME}/etc/build.info" - -if [ -z "${version}" ]; then - echo "error: no version information present" - exit 1 -fi - -for CONFIG in ${PROPS_RUNTIME} ${PROPS_INSTALL}; do - if [ ! -f "${CONFIG}" ]; then - echo "warning: configuration does not exist: ${CONFIG}" - else - sed -i -e "s/brms.dependency.version=.*/brms.dependency.version=${version}/g" "${CONFIG}" - fi -done - -DEPS_JSON_RUNTIME="${POLICY_HOME}/servers/brmsgw/dependency.json" -DEPS_JSON_INSTALL="${POLICY_HOME}/install/servers/brmsgw/dependency.json" - -for DEP in ${DEPS_JSON_RUNTIME} ${DEPS_JSON_INSTALL}; do - if [ ! -f "${DEP}" ]; then - echo "warning: configuration does not exist: ${DEP}" - else - sed -i -e "s/\"version\":.*-SNAPSHOT\"/\"version\": \"${version}\"/g" "${DEP}" - fi -done diff --git a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/brmsgw.conf b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/brmsgw.conf deleted file mode 100755 index ff4d2e487d..0000000000 --- a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/brmsgw.conf +++ /dev/null @@ -1,53 +0,0 @@ -# BRMSpep component installation configuration parameters -BRMSGW_JMX_PORT=9989 - -COMPONENT_X_MX_MB=1024 -COMPONENT_X_MS_MB=1024 - -REST_PAP_URL=http://pap.onap-policy:9091/pap/ -REST_PDP_ID=http://pdp.onap-policy:8081/pdp/ - -PDP_HTTP_USER_ID=testpdp -PDP_HTTP_PASSWORD=alpha123 -PDP_PAP_PDP_HTTP_USER_ID=testpap -PDP_PAP_PDP_HTTP_PASSWORD=alpha123 - -M2_HOME=/usr/share/maven -snapshotRepositoryID=policy-nexus-snapshots -snapshotRepositoryName=Snapshots -snapshotRepositoryURL=http://nexus.onap-policy:8081/nexus/content/repositories/snapshots -releaseRepositoryID=policy-nexus-releases -releaseRepositoryName=Releases -releaseRepositoryURL=http://nexus.onap-policy:8081/nexus/content/repositories/releases -repositoryUsername=admin -repositoryPassword=admin123 -UEB_URL=dmaap.onap-message-router -UEB_TOPIC=PDPD-CONFIGURATION -UEB_API_KEY= -UEB_API_SECRET= - -groupID=org.onap.policy-engine -artifactID=drlPDPGroup -AMSTERDAM_GROUP_ID=org.onap.policy-engine.drools.amsterdam -AMSTERDAM_ARTIFACT_ID=policy-amsterdam-rules - -# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase -resource_name=brmsgw_1 -node_type=brms_gateway - -#Environment should be Set either DEV, TEST or PROD -ENVIRONMENT=TEST - -#Notification Properties... type can be either websocket, ueb, or dmaap -BRMS_NOTIFICATION_TYPE=websocket -BRMS_UEB_URL=dmaap.onap-message-router -BRMS_UEB_TOPIC=PDPD-CONFIGURATION -BRMS_UEB_DELAY= -BRMS_CLIENT_ID=python -BRMS_CLIENT_KEY=dGVzdA== -BRMS_UEB_API_KEY= -BRMS_UEB_API_SECRET= - -#Dependency.json file version -BRMS_DEPENDENCY_VERSION=1.2.0 - diff --git a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/console.conf b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/console.conf deleted file mode 100755 index 938543cb7e..0000000000 --- a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/console.conf +++ /dev/null @@ -1,132 +0,0 @@ -# configs component installation configuration parameters - -# tomcat specific parameters - -TOMCAT_JMX_PORT=9993 -TOMCAT_SHUTDOWN_PORT=8090 -SSL_HTTP_CONNECTOR_PORT=8443 -SSL_HTTP_CONNECTOR_REDIRECT_PORT=8443 -SSL_AJP_CONNECTOR_PORT=8383 -SSL_AJP_CONNECTOR_REDIRECT_PORT=8443 - -TOMCAT_X_MS_MB=2048 -TOMCAT_X_MX_MB=2048 - -# ------------------ console properties --------------------------- - -# -# Authorization Policy - -ROOT_POLICIES=admin -ADMIN_FILE=Policy-Admin.xml - - -# Set your domain here: - -REST_ADMIN_DOMAIN=com - -# -# Location where the GIT repository is located -# -REST_ADMIN_REPOSITORY=repository - -# -# Location where all the user workspaces are located. -# -REST_ADMIN_WORKSPACE=${{POLICY_HOME}}/servers/console/bin/workspace - -# -# These can be set so the Admin Console knows who is logged on. Ideally, you can run the console in a J2EE -# container and setup authentication as you please. Setting HttpSession attribute values will override these -# values set in the properties files. -# -# ((HttpServletRequest) request).getSession().setAttribute("xacml.rest.admin.user.name", "Homer"); -# -# The default policy: Policy-Admin.xml is extremely simple. -# -# You can test authorization within the Admin Console by changing the user id. -# There are 3 supported user ids: -# guest - Read only access -# editor - Read/Write access -# admin - Read/Write/Admin access -# -# An empty or null value for xacml.rest.admin.user.id results in no access to the application at all. -# -# This is for development/demonstration purposes only. A production environment should provide authentication which is -# outside the scope of this application. This application can be used to develop a XACML policy for user authorization -# within this application. -# - -REST_ADMIN_USER_NAME=Administrator -REST_ADMIN_USER_ID=super-admin - -# -# -# Property to declare the max time frame for logs. -# -LOG_TIMEFRAME=30 - -# Property to declare the number of visible rows for users in MicroService Policy -COLUMN_COUNT=3 - -# Dashboard refresh rate in miliseconds -REFRESH_RATE=40000 - -# -# URL location for the PAP servlet. -# - - -REST_PAP_URL=http://pap.onap-policy:9091/pap/ - -# -# Config/Action Properties location. -# - -REST_CONFIG_HOME=${{POLICY_HOME}}/servers/pap/webapps/Config/ -REST_ACTION_HOME=${{POLICY_HOME}}/servers/pap/webapps/Action/ -REST_CONFIG_URL=http://pap.onap-policy:9091/ -REST_CONFIG_WEBAPPS=${{POLICY_HOME}}/servers/pap/webapps/ - -# PAP account information -CONSOLE_PAP_HTTP_USER_ID=testpap -CONSOLE_PAP_HTTP_PASSWORD=alpha123 - - -node_type=pap_admin -resource_name=console_1 - -# The (optional) period of time in seconds between executions of the integrity audit. -# Value < 0 : Audit does not run (default value if property is not present = -1) -# Value = 0 : Audit runs continuously -# Value > 0 : The period of time in seconds between execution of the audit on a particular node -integrity_audit_period_seconds=-1 - -#Automatic Policy Distribution -automatic_push=false - -#Diff of policies for Firewall feature -FW_GETURL= -FW_AUTHOURL= -FW_PROXY= -FW_PORT= - -#SMTP Server Details for Java Mail -onap_smtp_host= -onap_smtp_port=25 -onap_smtp_userName= -onap_smtp_password= -onap_smtp_emailExtension= -onap_application_name= - -#-----------------------ONAP-PORTAL-Properties---------------------- - -ONAP_REDIRECT_URL=http://portalapps.onap-portal:8989/ONAPPORTAL/login.htm -ONAP_REST_URL=http://portalapps.onap-portal:8989/ONAPPORTAL/auxapi -ONAP_UEB_URL_LIST= -ONAP_PORTAL_INBOX_NAME= -ONAP_UEB_APP_KEY= -ONAP_UEB_APP_SECRET= -ONAP_UEB_APP_MAILBOX_NAME= -APP_DISPLAY_NAME=ONAP Policy -ONAP_SHARED_CONTEXT_REST_URL=http://portalapps.onap-portal:8989/ONAPPORTAL/context diff --git a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/elk.conf b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/elk.conf deleted file mode 100644 index 938954ce63..0000000000 --- a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/elk.conf +++ /dev/null @@ -1,3 +0,0 @@ -# elasticsearch - -ELK_JMX_PORT=9995 \ No newline at end of file diff --git a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/mysql.conf b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/mysql.conf deleted file mode 100755 index 28b9e3ca33..0000000000 --- a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/mysql.conf +++ /dev/null @@ -1,5 +0,0 @@ -# mysql scripts component installation configuration parameters - -# Path to mysql bin -MYSQL_BIN=/usr/local/mysql/bin - diff --git a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/pap-tweaks.sh b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/pap-tweaks.sh deleted file mode 100755 index 36ac3689b1..0000000000 --- a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/pap-tweaks.sh +++ /dev/null @@ -1 +0,0 @@ -#! /bin/bash diff --git a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/pap.conf b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/pap.conf deleted file mode 100755 index 53c52aaceb..0000000000 --- a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/pap.conf +++ /dev/null @@ -1,55 +0,0 @@ -# pap component installation configuration parameters - -# tomcat specific parameters - -TOMCAT_JMX_PORT=9990 -TOMCAT_SHUTDOWN_PORT=9405 -SSL_HTTP_CONNECTOR_PORT=9091 -SSL_AJP_CONNECTOR_PORT=8380 -SSL_AJP_CONNECTOR_REDIRECT_PORT=8443 - -TOMCAT_X_MS_MB=1024 -TOMCAT_X_MX_MB=1024 - -# pap properties - -PAP_PDPS=${{POLICY_HOME}}/servers/pap/bin/pdps -PAP_URL=http://pap.onap-policy:9091/pap/ - -PAP_INITIATE_PDP=true -PAP_HEARTBEAT_INTERVAL=10000 -PAP_HEARTBEAT_TIMEOUT=10000 - -REST_ADMIN_DOMAIN=com -REST_ADMIN_REPOSITORY=repository -REST_ADMIN_WORKSPACE=workspace - -# PDP related properties - -PAP_PDP_URL=http://pdp.onap-policy:8081/pdp/ -PAP_PDP_HTTP_USER_ID=testpdp -PAP_PDP_HTTP_PASSWORD=alpha123 - -PAP_HTTP_USER_ID=testpap -PAP_HTTP_PASSWORD=alpha123 - -#new values added 10-21-2015 -PROP_PAP_TRANS_WAIT=500000 -PROP_PAP_TRANS_TIMEOUT=5000 -PROP_PAP_AUDIT_TIMEOUT=300000 -PROP_PAP_RUN_AUDIT_FLAG=true -PROP_PAP_AUDIT_FLAG=true - -PROP_PAP_INCOMINGNOTIFICATION_TRIES=4 - - -node_type=pap -resource_name=pap_1 -dependency_groups=paplp_1 -test_via_jmx=true - -# The (optional) period of time in seconds between executions of the integrity audit. -# Value < 0 : Audit does not run (default value if property is not present = -1) -# Value = 0 : Audit runs continuously -# Value > 0 : The period of time in seconds between execution of the audit on a particular node -integrity_audit_period_seconds=-1 diff --git a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/paplp.conf b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/paplp.conf deleted file mode 100755 index d25f11be3b..0000000000 --- a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/paplp.conf +++ /dev/null @@ -1,12 +0,0 @@ -# JVM specific parameters -LOGPARSER_JMX_PORT=9996 -LOGPARSER_X_MS_MB=1024 -LOGPARSER_X_MX_MB=1024 - -SERVER=http://pap.onap-policy:9091/pap/ -LOGPATH=${{POLICY_HOME}}/servers/pap/logs/pap-rest.log -PARSERLOGPATH=IntegrityMonitor.log - -node_type=logparser -# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase -resource_name=paplp_1 diff --git a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/pdp-tweaks.sh b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/pdp-tweaks.sh deleted file mode 100755 index f68253635a..0000000000 --- a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/pdp-tweaks.sh +++ /dev/null @@ -1,2 +0,0 @@ -#! /bin/bash - diff --git a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/pdp.conf b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/pdp.conf deleted file mode 100755 index dba8af2e10..0000000000 --- a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/pdp.conf +++ /dev/null @@ -1,56 +0,0 @@ -# pdp component installation configuration parameters - -# tomcat specific parameters - -TOMCAT_JMX_PORT=9991 -TOMCAT_SHUTDOWN_PORT=8087 -SSL_HTTP_CONNECTOR_PORT=8081 -SSL_AJP_CONNECTOR_PORT=8381 -SSL_AJP_CONNECTOR_REDIRECT_PORT=8443 - -TOMCAT_X_MS_MB=1024 -TOMCAT_X_MX_MB=1024 - -# pdp properties - -UEB_CLUSTER=dmaap.onap-message-router - -REST_PAP_URL=http://pap.onap-policy:9091/pap/ -REST_PDP_ID=http://pdp.onap-policy:8081/pdp/ -REST_PDP_CONFIG=${{POLICY_HOME}}/servers/pdp/bin/config -REST_PDP_WEBAPPS=${{POLICY_HOME}}/servers/pdp/webapps -REST_PDP_REGISTER=true -REST_PDP_REGISTER_SLEEP=15 -REST_PDP_REGISTER_RETRIES=-1 -REST_PDP_MAXCONTENT=999999999 - -# PDP related properties -PDP_HTTP_USER_ID=testpdp -PDP_HTTP_PASSWORD=alpha123 -PDP_PAP_PDP_HTTP_USER_ID=testpap -PDP_PAP_PDP_HTTP_PASSWORD=alpha123 - -node_type=pdp_xacml -resource_name=pdp_1 -dependency_groups=pdplp_1;brmsgw_1 -test_via_jmx=true - -# -# Notification Properties -# Notification type: websocket, ueb or dmaap... if left blank websocket is the default -PDP_NOTIFICATION_TYPE=websocket -PDP_UEB_CLUSTER= -PDP_UEB_TOPIC= -PDP_UEB_DELAY= -PDP_UEB_API_KEY= -PDP_UEB_API_SECRET= -PDP_DMAAP_AAF_LOGIN= -PDP_DMAAP_AAF_PASSWORD= - -#AAF Policy Name space -#Required only, when we use AAF -POLICY_AAF_NAMESPACE= -POLICY_AAF_RESOURCE= - -# Indeterminate resolution -DECISION_INDETERMINATE_RESPONSE=PERMIT \ No newline at end of file diff --git a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/pdplp.conf b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/pdplp.conf deleted file mode 100755 index 8320caa56b..0000000000 --- a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/pdplp.conf +++ /dev/null @@ -1,12 +0,0 @@ -# JVM specific parameters -LOGPARSER_JMX_PORT=9997 -LOGPARSER_X_MS_MB=1024 -LOGPARSER_X_MX_MB=1024 - -SERVER=http://pdp.onap-policy:8081/pdp/ -LOGPATH=${{POLICY_HOME}}/servers/pdp/logs/pdp-rest.log -PARSERLOGPATH=IntegrityMonitor.log - -node_type=logparser -# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase -resource_name=pdplp_1 diff --git a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/push-policies.sh b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/push-policies.sh deleted file mode 100755 index 0461731c16..0000000000 --- a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/pe/push-policies.sh +++ /dev/null @@ -1,250 +0,0 @@ -#! /bin/bash - -# forked from https://gerrit.onap.org/r/gitweb?p=policy/docker.git;a=blob;f=config/pe/push-policies.sh;h=555ab357e6b4f54237bf07ef5e6777d782564bc0;hb=refs/heads/amsterdam and adapted for OOM - -#########################################Upload BRMS Param Template########################################## - -echo "Upload BRMS Param Template" - -sleep 2 - -wget -O cl-amsterdam-template.drl https://git.onap.org/policy/drools-applications/plain/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl - -sleep 2 - -curl -v --silent -X POST --header 'Content-Type: multipart/form-data' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -F "file=@cl-amsterdam-template.drl" -F "importParametersJson={\"serviceName\":\"ClosedLoopControlName\",\"serviceType\":\"BRMSPARAM\"}" 'http://pdp.onap-policy:8081/pdp/api/policyEngineImport' - -echo "PRELOAD_POLICIES is $PRELOAD_POLICIES" - -if [ "$PRELOAD_POLICIES" == "false" ]; then - exit 0 -fi - -#########################################Create BRMS Param policies########################################## - -echo "Create BRMSParam Operational Policies" - -sleep 2 - -echo "Create BRMSParamvFirewall Policy" -curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamvFirewall", - "policyDescription": "BRMS Param vFirewall policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller" : "amsterdam" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", - "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a%0D%0A++trigger_policy%3A+unique-policy-id-1-modifyConfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-modifyConfig%0D%0A++++name%3A+modify+packet+gen+config%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+TBD+-+Cannot+be+known+until+instantiation+is+done%0D%0A++++++resourceID%3A+Eace933104d443b496b8.nodes.heat.vpg%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" - } - } -}' 'http://pdp.onap-policy:8081/pdp/api/createPolicy' - -sleep 2 - -echo "Create BRMSParamvDNS Policy" -curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamvDNS", - "policyDescription": "BRMS Param vDNS policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller" : "amsterdam" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3", - "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3%0D%0A++trigger_policy%3A+unique-policy-id-1-scale-up%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-scale-up%0D%0A++++name%3A+Create+a+new+VF+Module%0D%0A++++description%3A%0D%0A++++actor%3A+SO%0D%0A++++recipe%3A+VF+Module+Create%0D%0A++++target%3A%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" - } - } -}' 'http://pdp.onap-policy:8081/pdp/api/createPolicy' - -sleep 2 - -echo "Create BRMSParamVOLTE Policy" -curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamVOLTE", - "policyDescription": "BRMS Param VOLTE policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller" : "amsterdam" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b", - "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b%0D%0A++trigger_policy%3A+unique-policy-id-1-restart%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-restart%0D%0A++++name%3A+Restart+the+VM%0D%0A++++description%3A%0D%0A++++actor%3A+VFC%0D%0A++++recipe%3A+Restart%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" - } - } -}' 'http://pdp.onap-policy:8081/pdp/api/createPolicy' - -sleep 2 - -echo "Create BRMSParamvCPE Policy" -curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamvCPE", - "policyDescription": "BRMS Param vCPE policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller" : "amsterdam" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e", - "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e%0D%0A++trigger_policy%3A+unique-policy-id-1-restart%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+true%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-restart%0D%0A++++name%3A+Restart+the+VM%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+Restart%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" - } - } -}' 'http://pdp.onap-policy:8081/pdp/api/createPolicy' - -#########################################Create Micro Service Config policies########################################## - -echo "Create MicroService Config Policies" - -sleep 2 - -echo "Create MicroServicevFirewall Policy" -curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevFirewall\", \"description\": \"MicroService vFirewall Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vFirewallBroadcastPackets\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 300, \"direction\": \"LESS_OR_EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ONSET\" }, { \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 700, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" } ] }] } } }", - "policyConfigType": "MicroService", - "policyName": "com.MicroServicevFirewall", - "onapName": "DCAE" -}' 'http://pdp.onap-policy:8081/pdp/api/createPolicy' - - -sleep 2 - -echo "Create MicroServicevDNS Policy" -curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevDNS\", \"description\": \"MicroService vDNS Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vLoadBalancer\", \"controlLoopSchemaType\": \"VM\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 300, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" }] }] } } }", - "policyConfigType": "MicroService", - "policyName": "com.MicroServicevDNS", - "onapName": "DCAE" -}' 'http://pdp.onap-policy:8081/pdp/api/createPolicy' - - -sleep 2 - -echo "Create MicroServicevCPE Policy" -curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevCPE\", \"description\": \"MicroService vCPE Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"Measurement_vGMUX\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value\", \"thresholdValue\": 0, \"direction\": \"EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ABATED\" }, { \"closedLoopControlName\": \"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value\", \"thresholdValue\": 0, \"direction\": \"GREATER\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" }] }] } } }", - "policyConfigType": "MicroService", - "policyName": "com.MicroServicevCPE", - "onapName": "DCAE" -}' 'http://pdp.onap-policy:8081/pdp/api/createPolicy' - - -#########################################Creating Decision Guard policy######################################### - -sleep 2 - -echo "Creating Decision Guard policy" -curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyClass": "Decision", - "policyName": "com.AllPermitGuard", - "policyDescription": "Testing all Permit YAML Guard Policy", - "ecompName": "PDPD", - "ruleProvider": "GUARD_YAML", - "attributes": { - "MATCHING": { - "actor": ".*", - "recipe": ".*", - "targets": ".*", - "clname": ".*", - "limit": "10", - "timeWindow": "1", - "timeUnits": "minute", - "guardActiveStart": "00:00:01-05:00", - "guardActiveEnd": "00:00:00-05:00" - } - } -}' 'http://pdp.onap-policy:8081/pdp/api/createPolicy' - -#########################################Push Decision policy######################################### - -sleep 2 - -echo "Push Decision policy" -curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.AllPermitGuard", - "policyType": "DECISION" -}' 'http://pdp.onap-policy:8081/pdp/api/pushPolicy' - -#########################################Pushing BRMS Param policies########################################## - -echo "Pushing BRMSParam Operational policies" - -sleep 2 - -echo "pushPolicy : PUT : com.BRMSParamvFirewall" -curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamvFirewall", - "policyType": "BRMS_Param" -}' 'http://pdp.onap-policy:8081/pdp/api/pushPolicy' - -sleep 2 - -echo "pushPolicy : PUT : com.BRMSParamvDNS" -curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamvDNS", - "policyType": "BRMS_Param" -}' 'http://pdp.onap-policy:8081/pdp/api/pushPolicy' - -sleep 2 - -echo "pushPolicy : PUT : com.BRMSParamVOLTE" -curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamVOLTE", - "policyType": "BRMS_Param" -}' 'http://pdp.onap-policy:8081/pdp/api/pushPolicy' - -sleep 2 - -echo "pushPolicy : PUT : com.BRMSParamvCPE" -curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamvCPE", - "policyType": "BRMS_Param" -}' 'http://pdp.onap-policy:8081/pdp/api/pushPolicy' - -#########################################Pushing MicroService Config policies########################################## - -echo "Pushing MicroService Config policies" - -sleep 2 - -echo "pushPolicy : PUT : com.MicroServicevFirewall" -curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.MicroServicevFirewall", - "policyType": "MicroService" -}' 'http://pdp.onap-policy:8081/pdp/api/pushPolicy' - -sleep 10 - -echo "pushPolicy : PUT : com.MicroServicevDNS" -curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.MicroServicevDNS", - "policyType": "MicroService" -}' 'http://pdp.onap-policy:8081/pdp/api/pushPolicy' - -sleep 10 - -echo "pushPolicy : PUT : com.MicroServicevCPE" -curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.MicroServicevCPE", - "policyType": "MicroService" -}' 'http://pdp.onap-policy:8081/pdp/api/pushPolicy' \ No newline at end of file -- cgit 1.2.3-korg From adb27b4bbc8cf67ad0c2a272d39ccfc5fb4d482f Mon Sep 17 00:00:00 2001 From: vaibhav_16dec Date: Wed, 17 Jan 2018 12:42:39 +0000 Subject: AAF config seggregation Issue-ID: OOM-554 Change-Id: I24367eac50b3d46be964a6d60e24b317af376c3e Signed-off-by: vaibhav_16dec --- .../aaf/resources/config/aaf-cs-data/ecomp.cql | 169 ++++++++++++++ .../resources/config/aaf-cs-data/identities.dat | 7 + .../resources/config/aaf-cs-data/identities.idx | Bin 0 -> 56 bytes .../aaf/resources/config/aaf-cs-data/init.cql | 242 +++++++++++++++++++++ .../aaf/resources/config/aaf-data/identities.dat | 9 + kubernetes/aaf/templates/aaf-configmap.yaml | 9 + kubernetes/aaf/templates/aaf-cs-deployment.yaml | 6 +- kubernetes/aaf/templates/aaf-deployment.yaml | 4 +- kubernetes/aaf/templates/aaf-secret.yaml | 10 + .../docker/init/src/config/aaf/data/ecomp.cql | 169 -------------- .../docker/init/src/config/aaf/data/identities.dat | 7 - .../docker/init/src/config/aaf/data/identities.idx | Bin 56 -> 0 bytes .../docker/init/src/config/aaf/data/init.cql | 242 --------------------- .../init/src/config/aaf/data2/identities.dat | 9 - 14 files changed, 451 insertions(+), 432 deletions(-) create mode 100644 kubernetes/aaf/resources/config/aaf-cs-data/ecomp.cql create mode 100644 kubernetes/aaf/resources/config/aaf-cs-data/identities.dat create mode 100644 kubernetes/aaf/resources/config/aaf-cs-data/identities.idx create mode 100644 kubernetes/aaf/resources/config/aaf-cs-data/init.cql create mode 100644 kubernetes/aaf/resources/config/aaf-data/identities.dat create mode 100644 kubernetes/aaf/templates/aaf-configmap.yaml create mode 100644 kubernetes/aaf/templates/aaf-secret.yaml delete mode 100644 kubernetes/config/docker/init/src/config/aaf/data/ecomp.cql delete mode 100644 kubernetes/config/docker/init/src/config/aaf/data/identities.dat delete mode 100644 kubernetes/config/docker/init/src/config/aaf/data/identities.idx delete mode 100644 kubernetes/config/docker/init/src/config/aaf/data/init.cql delete mode 100644 kubernetes/config/docker/init/src/config/aaf/data2/identities.dat (limited to 'kubernetes/config') diff --git a/kubernetes/aaf/resources/config/aaf-cs-data/ecomp.cql b/kubernetes/aaf/resources/config/aaf-cs-data/ecomp.cql new file mode 100644 index 0000000000..6fddf65001 --- /dev/null +++ b/kubernetes/aaf/resources/config/aaf-cs-data/ecomp.cql @@ -0,0 +1,169 @@ +USE authz; + +// Create Root pass +INSERT INTO cred (id,ns,type,cred,expires) + VALUES ('dgl@openecomp.org','org.openecomp',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); + +INSERT INTO cred (id,ns,type,cred,expires) + VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); + +INSERT INTO cred (id,ns,type,cred,expires) + VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); + + +// Create 'com' root NS +INSERT INTO ns (name,scope,description,parent,type) + VALUES('com',1,'Root Namespace',null,1); + +INSERT INTO role(ns, name, perms, description) + VALUES('com','admin',{'com.access|*|*'},'Com Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('com','owner',{'com.access|*|read'},'Com Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('com','access','*','read',{'com.owner'},'Com Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('com','access','*','*',{'com.admin'},'Com Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','com.owner','2020-12-31','com','owner'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','com.admin','2020-12-31','com','admin'); + +// Create org root NS +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org',1,'Root Namespace Org',null,1); + +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org.openecomp.dcae',3,'DCAE Namespace Org','org.openecomp',3); + +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org.openecomp.dmaapBC',3,'DMaaP BC Namespace Org','org.openecomp',3); + +INSERT INTO role(ns, name, perms, description) + VALUES('org','admin',{'org.access|*|*'},'Com Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org','owner',{'org.access|*|read'},'Com Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org','access','*','read',{'org.owner'},'Com Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org','access','*','*',{'org.admin'},'Com Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.owner','2020-12-31','org','owner'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.admin','2020-12-31','org','admin'); + + +// Create com.att + +INSERT INTO ns (name,scope,description,parent,type) + VALUES('com.att',2,'AT&T Namespace','com',2); + +INSERT INTO role(ns, name, perms,description) + VALUES('com.att','admin',{'com.att.access|*|*'},'AT&T Admins'); + +INSERT INTO role(ns, name, perms,description) + VALUES('com.att','owner',{'com.att.access|*|read'},'AT&T Owners'); + +INSERT INTO perm(ns, type, instance, action, roles,description) + VALUES ('com.att','access','*','read',{'com.att.owner'},'AT&T Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles,description) + VALUES ('com.att','access','*','*',{'com.att.admin'},'AT&T Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','com.att.owner','2020-12-31','com.att','owner'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','com.att.admin','2020-12-31','com.att','admin'); + +// Create com.att.aaf + +INSERT INTO ns (name,scope,description,parent,type) + VALUES('com.att.aaf',3,'Application Authorization Framework','com.att',3); + +INSERT INTO role(ns, name, perms, description) + VALUES('com.att.aaf','admin',{'com.att.aaf.access|*|*'},'AAF Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('com.att.aaf','owner',{'com.att.aaf.access|*|read'},'AAF Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('com.att.aaf','access','*','read',{'com.att.aaf.owner'},'AAF Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('com.att.aaf','access','*','*',{'com.att.aaf.admin'},'AAF Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','com.att.aaf.admin','2020-12-31','com.att.aaf','admin'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','com.att.aaf.owner','2020-12-31','com.att.aaf','owner'); + + +// Create org.openecomp +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org.openecomp',2,'Open EComp NS','com.att',2); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.openecomp','admin',{'org.openecomp.access|*|*'},'OpenEcomp Admins'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.openecomp','owner',{'org.openecomp.access|*|read'},'OpenEcomp Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.openecomp','access','*','read',{'org.openecomp.owner'},'OpenEcomp Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.openecomp','access','*','*',{'org.openecomp.admin'},'OpenEcomp Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.openecomp.admin','2020-12-31','org.openecomp','admin'); + +// Create org.openecomp.dmaapBC + +INSERT INTO ns (name,scope,description,parent,type) + VALUES('org.openecomp.dmaapBC',3,'Application Authorization Framework','org.openecomp',3); + +//INSERT INTO role(ns, name, perms, description) +// VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*'},'AAF Admins'); + +INSERT INTO role(ns, name, perms, description) +VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.topicFactory|:org.openecomp.dmaapBC.topic:org.openecomp.dmaapBC|create','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins'); + +//INSERT INTO role(ns, name, perms, description) +//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub'},'AAF Admins'); + +//INSERT INTO role(ns, name, perms, description) +//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins'); + + + +INSERT INTO role(ns, name, perms, description) + VALUES('org.openecomp.dmaapBC','owner',{'org.openecomp.dmaapBC.access|*|read'},'AAF Owners'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.openecomp.dmaapBC','access','*','read',{'org.openecomp.dmaapBC.owner'},'AAF Read Access'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.openecomp.dmaapBC','access','*','*',{'org.openecomp.dmaapBC.admin'},'AAF Write Access'); + +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); diff --git a/kubernetes/aaf/resources/config/aaf-cs-data/identities.dat b/kubernetes/aaf/resources/config/aaf-cs-data/identities.dat new file mode 100644 index 0000000000..98bf99a3d1 --- /dev/null +++ b/kubernetes/aaf/resources/config/aaf-cs-data/identities.dat @@ -0,0 +1,7 @@ +iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e| +mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna +bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager +mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager +ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager +iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager +osaaf|ID of AAF|||||a|bdevl diff --git a/kubernetes/aaf/resources/config/aaf-cs-data/identities.idx b/kubernetes/aaf/resources/config/aaf-cs-data/identities.idx new file mode 100644 index 0000000000..78fc0a5693 Binary files /dev/null and b/kubernetes/aaf/resources/config/aaf-cs-data/identities.idx differ diff --git a/kubernetes/aaf/resources/config/aaf-cs-data/init.cql b/kubernetes/aaf/resources/config/aaf-cs-data/init.cql new file mode 100644 index 0000000000..81700f830c --- /dev/null +++ b/kubernetes/aaf/resources/config/aaf-cs-data/init.cql @@ -0,0 +1,242 @@ +// For Developer Machine single instance +// +CREATE KEYSPACE authz +WITH REPLICATION = {'class' : 'SimpleStrategy','replication_factor':1}; +// +// From Ravi, 6-17-2014. User for DEVL->TEST +// +// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'HYWRCA02': '2', 'BRHMALDC': '2' }; +// +// PROD +// +// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','ALPSGACT': '2','STLSMORC': '2','BRHMALDC': '2' }; +// +// create user authz with password '' superuser; +// grant all on keyspace authz to authz; +// +// For TEST (aaf_test) +// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'BRHMALDC': '1' }; +// +// DEVL +// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '2' }; +// +// TEST / PERF +// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '3','KGMTNC20': '3' }; +// +// IST +// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC':'3', +// 'DLLSTXCF':'3','KGMTNC20':'3','SFLDMIBB':'3','HYWRCA02':'3' }; +// +// with 6 localized with ccm +// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'dc1': '2', 'dc2': '2' }; +// + +USE authz; + +// +// CORE Table function +// + +// Namespace - establish hierarchical authority to modify +// Permissions and Roles +// "scope" is flag to determine Policy. Typical important scope +// is "company" (1) +CREATE TABLE ns ( + name varchar, + scope int, // deprecated 2.0.11 + description varchar, + parent varchar, + type int, + PRIMARY KEY (name) +); +CREATE INDEX ns_parent on ns(parent); + + +// Oct 2015, not performant. Made Owner and Attrib first class Roles, +// April, 2015. Originally, the plan was to utilize Cassandra 2.1.2, however, other team's preferences were to remain at current levels. +// Therefore, we are taking the separate table approach. (coder Jeremiah Rohwedder) +// We had dropped this by making first class objects of Responsible (Owner) and Admin. We need this again to mark namespaces +// as having certain tools, like SWM, etc. +CREATE TABLE ns_attrib ( + ns varchar, + key varchar, + value varchar, + PRIMARY KEY (ns,key) +); +create index ns_attrib_key on ns_attrib(key); + +// Will be cached +CREATE TABLE role ( + ns varchar, + name varchar, + perms set, // Use "Key" of "name|type|action" + description varchar, + PRIMARY KEY (ns,name) +); +CREATE INDEX role_name ON role(name); + +// Will be cached +CREATE TABLE perm ( + ns varchar, + type varchar, + instance varchar, + action varchar, + roles set, // Need to find Roles given Permissions + description varchar, + PRIMARY KEY (ns,type,instance,action) +); + +// This table is user for Authorization +CREATE TABLE user_role ( + user varchar, + role varchar, // deprecated: change to ns/rname after 2.0.11 + ns varchar, + rname varchar, + expires timestamp, + PRIMARY KEY(user,role) + ); +CREATE INDEX user_role_ns ON user_role(ns); +CREATE INDEX user_role_role ON user_role(role); + +// This table is only for the case where return User Credential (MechID) Authentication +CREATE TABLE cred ( + id varchar, + type int, + expires timestamp, + ns varchar, + other int, + notes varchar, + cred blob, + prev blob, + PRIMARY KEY (id,type,expires) + ); +CREATE INDEX cred_ns ON cred(ns); + +// Certificate Cross Table +// coordinated with CRED type 2 +CREATE TABLE cert ( + fingerprint blob, + id varchar, + x500 varchar, + expires timestamp, + PRIMARY KEY (fingerprint) + ); +CREATE INDEX cert_id ON cert(id); +CREATE INDEX cert_x500 ON cert(x500); + +CREATE TABLE notify ( + user text, + type int, + last timestamp, + checksum int, + PRIMARY KEY (user,type) +); + +CREATE TABLE x509 ( + ca text, + serial blob, + id text, + x500 text, + x509 text, + PRIMARY KEY (ca,serial) +); + + +CREATE INDEX x509_id ON x509 (id); +CREATE INDEX x509_x500 ON x509 (x500); + +// +// Deployment Artifact (for Certman) +// +CREATE TABLE artifact ( + mechid text, + machine text, + type Set, + sponsor text, + ca text, + dir text, + appName text, + os_user text, + notify text, + expires timestamp, + renewDays int, + PRIMARY KEY (mechid,machine) +); +CREATE INDEX artifact_machine ON artifact(machine); + +// +// Non-Critical Table functions +// +// Table Info - for Caching +CREATE TABLE cache ( + name varchar, + seg int, // cache Segment + touched timestamp, + PRIMARY KEY(name,seg) +); + +CREATE TABLE history ( + id timeuuid, + yr_mon int, + user varchar, + action varchar, + target varchar, // user, user_role, + subject varchar, // field for searching main portion of target key + memo varchar, //description of the action + reconstruct blob, //serialized form of the target + // detail Map, // additional information + PRIMARY KEY (id) +); +CREATE INDEX history_yr_mon ON history(yr_mon); +CREATE INDEX history_user ON history(user); +CREATE INDEX history_subject ON history(subject); + +// +// A place to hold objects to be created at a future time. +// +CREATE TABLE future ( + id uuid, // uniquify + target varchar, // Target Table + memo varchar, // Description + start timestamp, // When it should take effect + expires timestamp, // When not longer valid + construct blob, // How to construct this object (like History) + PRIMARY KEY(id) +); +CREATE INDEX future_idx ON future(target); +CREATE INDEX future_start_idx ON future(start); + + +CREATE TABLE approval ( + id timeuuid, // unique Key + ticket uuid, // Link to Future Record + user varchar, // the user who needs to be approved + approver varchar, // user approving + type varchar, // approver types i.e. Supervisor, Owner + status varchar, // approval status. pending, approved, denied + memo varchar, // Text for Approval to know what's going on + operation varchar, // List operation to perform + PRIMARY KEY(id) + ); +CREATE INDEX appr_approver_idx ON approval(approver); +CREATE INDEX appr_user_idx ON approval(user); +CREATE INDEX appr_ticket_idx ON approval(ticket); +CREATE INDEX appr_status_idx ON approval(status); + +CREATE TABLE delegate ( + user varchar, + delegate varchar, + expires timestamp, + PRIMARY KEY (user) +); +CREATE INDEX delg_delg_idx ON delegate(delegate); + +// +// Used by authz-batch processes to ensure only 1 runs at a time +// +CREATE TABLE run_lock ( + class text, + host text, + start timestamp, + PRIMARY KEY ((class)) +); diff --git a/kubernetes/aaf/resources/config/aaf-data/identities.dat b/kubernetes/aaf/resources/config/aaf-data/identities.dat new file mode 100644 index 0000000000..95eb51d1be --- /dev/null +++ b/kubernetes/aaf/resources/config/aaf-data/identities.dat @@ -0,0 +1,9 @@ +iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e| +mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna +bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager +mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager +ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager +iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager +osaaf|ID of AAF|||||a|bdevl +m99751|ID of AAF|||||a|bdevl +m99501|ID of AAF|||||a|bdevl diff --git a/kubernetes/aaf/templates/aaf-configmap.yaml b/kubernetes/aaf/templates/aaf-configmap.yaml new file mode 100644 index 0000000000..c8565f2d90 --- /dev/null +++ b/kubernetes/aaf/templates/aaf-configmap.yaml @@ -0,0 +1,9 @@ +#{{ if not .Values.disableAafAaf }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: aaf-data-configmap + namespace: {{ .Values.nsPrefix }}-aaf +data: +{{ (.Files.Glob "resources/config/aaf-data/*").AsConfig | indent 2 }} +#{{ end }} diff --git a/kubernetes/aaf/templates/aaf-cs-deployment.yaml b/kubernetes/aaf/templates/aaf-cs-deployment.yaml index acd6a7aeb6..55619b3280 100644 --- a/kubernetes/aaf/templates/aaf-cs-deployment.yaml +++ b/kubernetes/aaf/templates/aaf-cs-deployment.yaml @@ -31,8 +31,8 @@ spec: periodSeconds: 10 volumes: - name: aaf-cs-data - hostPath: - path: /dockerdata-nfs/{{ .Values.nsPrefix }}/aaf/data + secret: + secretName: aaf-cs-data-secret imagePullSecrets: - name: {{ .Values.nsPrefix }}-docker-registry-key -#{{ end }} \ No newline at end of file +#{{ end }} diff --git a/kubernetes/aaf/templates/aaf-deployment.yaml b/kubernetes/aaf/templates/aaf-deployment.yaml index 6664f18886..4f64048aad 100644 --- a/kubernetes/aaf/templates/aaf-deployment.yaml +++ b/kubernetes/aaf/templates/aaf-deployment.yaml @@ -48,8 +48,8 @@ spec: periodSeconds: 10 volumes: - name: aaf-data - hostPath: - path: /dockerdata-nfs/{{ .Values.nsPrefix }}/aaf/data2 + configMap: + name: aaf-data-configmap imagePullSecrets: - name: {{ .Values.nsPrefix }}-docker-registry-key #{{ end }} diff --git a/kubernetes/aaf/templates/aaf-secret.yaml b/kubernetes/aaf/templates/aaf-secret.yaml new file mode 100644 index 0000000000..705d05053c --- /dev/null +++ b/kubernetes/aaf/templates/aaf-secret.yaml @@ -0,0 +1,10 @@ +#{{ if not .Values.disableAafAafCs }} +apiVersion: v1 +kind: Secret +metadata: + name: aaf-cs-data-secret + namespace: {{ .Values.nsPrefix }}-aaf +type: Opaque +data: +{{ (.Files.Glob "resources/config/aaf-cs-data/*").AsSecrets | indent 2 }} +#{{ end }} diff --git a/kubernetes/config/docker/init/src/config/aaf/data/ecomp.cql b/kubernetes/config/docker/init/src/config/aaf/data/ecomp.cql deleted file mode 100644 index 6fddf65001..0000000000 --- a/kubernetes/config/docker/init/src/config/aaf/data/ecomp.cql +++ /dev/null @@ -1,169 +0,0 @@ -USE authz; - -// Create Root pass -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('dgl@openecomp.org','org.openecomp',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31'); - - -// Create 'com' root NS -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com',1,'Root Namespace',null,1); - -INSERT INTO role(ns, name, perms, description) - VALUES('com','admin',{'com.access|*|*'},'Com Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('com','owner',{'com.access|*|read'},'Com Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com','access','*','read',{'com.owner'},'Com Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com','access','*','*',{'com.admin'},'Com Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.owner','2020-12-31','com','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.admin','2020-12-31','com','admin'); - -// Create org root NS -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org',1,'Root Namespace Org',null,1); - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp.dcae',3,'DCAE Namespace Org','org.openecomp',3); - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp.dmaapBC',3,'DMaaP BC Namespace Org','org.openecomp',3); - -INSERT INTO role(ns, name, perms, description) - VALUES('org','admin',{'org.access|*|*'},'Com Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org','owner',{'org.access|*|read'},'Com Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org','access','*','read',{'org.owner'},'Com Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org','access','*','*',{'org.admin'},'Com Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.owner','2020-12-31','org','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.admin','2020-12-31','org','admin'); - - -// Create com.att - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com.att',2,'AT&T Namespace','com',2); - -INSERT INTO role(ns, name, perms,description) - VALUES('com.att','admin',{'com.att.access|*|*'},'AT&T Admins'); - -INSERT INTO role(ns, name, perms,description) - VALUES('com.att','owner',{'com.att.access|*|read'},'AT&T Owners'); - -INSERT INTO perm(ns, type, instance, action, roles,description) - VALUES ('com.att','access','*','read',{'com.att.owner'},'AT&T Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles,description) - VALUES ('com.att','access','*','*',{'com.att.admin'},'AT&T Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.owner','2020-12-31','com.att','owner'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.admin','2020-12-31','com.att','admin'); - -// Create com.att.aaf - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('com.att.aaf',3,'Application Authorization Framework','com.att',3); - -INSERT INTO role(ns, name, perms, description) - VALUES('com.att.aaf','admin',{'com.att.aaf.access|*|*'},'AAF Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('com.att.aaf','owner',{'com.att.aaf.access|*|read'},'AAF Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com.att.aaf','access','*','read',{'com.att.aaf.owner'},'AAF Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('com.att.aaf','access','*','*',{'com.att.aaf.admin'},'AAF Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.aaf.admin','2020-12-31','com.att.aaf','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','com.att.aaf.owner','2020-12-31','com.att.aaf','owner'); - - -// Create org.openecomp -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp',2,'Open EComp NS','com.att',2); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp','admin',{'org.openecomp.access|*|*'},'OpenEcomp Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp','owner',{'org.openecomp.access|*|read'},'OpenEcomp Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp','access','*','read',{'org.openecomp.owner'},'OpenEcomp Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp','access','*','*',{'org.openecomp.admin'},'OpenEcomp Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.openecomp.admin','2020-12-31','org.openecomp','admin'); - -// Create org.openecomp.dmaapBC - -INSERT INTO ns (name,scope,description,parent,type) - VALUES('org.openecomp.dmaapBC',3,'Application Authorization Framework','org.openecomp',3); - -//INSERT INTO role(ns, name, perms, description) -// VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*'},'AAF Admins'); - -INSERT INTO role(ns, name, perms, description) -VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.topicFactory|:org.openecomp.dmaapBC.topic:org.openecomp.dmaapBC|create','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins'); - -//INSERT INTO role(ns, name, perms, description) -//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub'},'AAF Admins'); - -//INSERT INTO role(ns, name, perms, description) -//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins'); - - - -INSERT INTO role(ns, name, perms, description) - VALUES('org.openecomp.dmaapBC','owner',{'org.openecomp.dmaapBC.access|*|read'},'AAF Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp.dmaapBC','access','*','read',{'org.openecomp.dmaapBC.owner'},'AAF Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.openecomp.dmaapBC','access','*','*',{'org.openecomp.dmaapBC.admin'},'AAF Write Access'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner'); diff --git a/kubernetes/config/docker/init/src/config/aaf/data/identities.dat b/kubernetes/config/docker/init/src/config/aaf/data/identities.dat deleted file mode 100644 index 98bf99a3d1..0000000000 --- a/kubernetes/config/docker/init/src/config/aaf/data/identities.dat +++ /dev/null @@ -1,7 +0,0 @@ -iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e| -mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna -bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager -mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager -ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager -iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager -osaaf|ID of AAF|||||a|bdevl diff --git a/kubernetes/config/docker/init/src/config/aaf/data/identities.idx b/kubernetes/config/docker/init/src/config/aaf/data/identities.idx deleted file mode 100644 index 78fc0a5693..0000000000 Binary files a/kubernetes/config/docker/init/src/config/aaf/data/identities.idx and /dev/null differ diff --git a/kubernetes/config/docker/init/src/config/aaf/data/init.cql b/kubernetes/config/docker/init/src/config/aaf/data/init.cql deleted file mode 100644 index 81700f830c..0000000000 --- a/kubernetes/config/docker/init/src/config/aaf/data/init.cql +++ /dev/null @@ -1,242 +0,0 @@ -// For Developer Machine single instance -// -CREATE KEYSPACE authz -WITH REPLICATION = {'class' : 'SimpleStrategy','replication_factor':1}; -// -// From Ravi, 6-17-2014. User for DEVL->TEST -// -// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'HYWRCA02': '2', 'BRHMALDC': '2' }; -// -// PROD -// -// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','ALPSGACT': '2','STLSMORC': '2','BRHMALDC': '2' }; -// -// create user authz with password '' superuser; -// grant all on keyspace authz to authz; -// -// For TEST (aaf_test) -// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'BRHMALDC': '1' }; -// -// DEVL -// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '2' }; -// -// TEST / PERF -// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '3','KGMTNC20': '3' }; -// -// IST -// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC':'3', -// 'DLLSTXCF':'3','KGMTNC20':'3','SFLDMIBB':'3','HYWRCA02':'3' }; -// -// with 6 localized with ccm -// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'dc1': '2', 'dc2': '2' }; -// - -USE authz; - -// -// CORE Table function -// - -// Namespace - establish hierarchical authority to modify -// Permissions and Roles -// "scope" is flag to determine Policy. Typical important scope -// is "company" (1) -CREATE TABLE ns ( - name varchar, - scope int, // deprecated 2.0.11 - description varchar, - parent varchar, - type int, - PRIMARY KEY (name) -); -CREATE INDEX ns_parent on ns(parent); - - -// Oct 2015, not performant. Made Owner and Attrib first class Roles, -// April, 2015. Originally, the plan was to utilize Cassandra 2.1.2, however, other team's preferences were to remain at current levels. -// Therefore, we are taking the separate table approach. (coder Jeremiah Rohwedder) -// We had dropped this by making first class objects of Responsible (Owner) and Admin. We need this again to mark namespaces -// as having certain tools, like SWM, etc. -CREATE TABLE ns_attrib ( - ns varchar, - key varchar, - value varchar, - PRIMARY KEY (ns,key) -); -create index ns_attrib_key on ns_attrib(key); - -// Will be cached -CREATE TABLE role ( - ns varchar, - name varchar, - perms set, // Use "Key" of "name|type|action" - description varchar, - PRIMARY KEY (ns,name) -); -CREATE INDEX role_name ON role(name); - -// Will be cached -CREATE TABLE perm ( - ns varchar, - type varchar, - instance varchar, - action varchar, - roles set, // Need to find Roles given Permissions - description varchar, - PRIMARY KEY (ns,type,instance,action) -); - -// This table is user for Authorization -CREATE TABLE user_role ( - user varchar, - role varchar, // deprecated: change to ns/rname after 2.0.11 - ns varchar, - rname varchar, - expires timestamp, - PRIMARY KEY(user,role) - ); -CREATE INDEX user_role_ns ON user_role(ns); -CREATE INDEX user_role_role ON user_role(role); - -// This table is only for the case where return User Credential (MechID) Authentication -CREATE TABLE cred ( - id varchar, - type int, - expires timestamp, - ns varchar, - other int, - notes varchar, - cred blob, - prev blob, - PRIMARY KEY (id,type,expires) - ); -CREATE INDEX cred_ns ON cred(ns); - -// Certificate Cross Table -// coordinated with CRED type 2 -CREATE TABLE cert ( - fingerprint blob, - id varchar, - x500 varchar, - expires timestamp, - PRIMARY KEY (fingerprint) - ); -CREATE INDEX cert_id ON cert(id); -CREATE INDEX cert_x500 ON cert(x500); - -CREATE TABLE notify ( - user text, - type int, - last timestamp, - checksum int, - PRIMARY KEY (user,type) -); - -CREATE TABLE x509 ( - ca text, - serial blob, - id text, - x500 text, - x509 text, - PRIMARY KEY (ca,serial) -); - - -CREATE INDEX x509_id ON x509 (id); -CREATE INDEX x509_x500 ON x509 (x500); - -// -// Deployment Artifact (for Certman) -// -CREATE TABLE artifact ( - mechid text, - machine text, - type Set, - sponsor text, - ca text, - dir text, - appName text, - os_user text, - notify text, - expires timestamp, - renewDays int, - PRIMARY KEY (mechid,machine) -); -CREATE INDEX artifact_machine ON artifact(machine); - -// -// Non-Critical Table functions -// -// Table Info - for Caching -CREATE TABLE cache ( - name varchar, - seg int, // cache Segment - touched timestamp, - PRIMARY KEY(name,seg) -); - -CREATE TABLE history ( - id timeuuid, - yr_mon int, - user varchar, - action varchar, - target varchar, // user, user_role, - subject varchar, // field for searching main portion of target key - memo varchar, //description of the action - reconstruct blob, //serialized form of the target - // detail Map, // additional information - PRIMARY KEY (id) -); -CREATE INDEX history_yr_mon ON history(yr_mon); -CREATE INDEX history_user ON history(user); -CREATE INDEX history_subject ON history(subject); - -// -// A place to hold objects to be created at a future time. -// -CREATE TABLE future ( - id uuid, // uniquify - target varchar, // Target Table - memo varchar, // Description - start timestamp, // When it should take effect - expires timestamp, // When not longer valid - construct blob, // How to construct this object (like History) - PRIMARY KEY(id) -); -CREATE INDEX future_idx ON future(target); -CREATE INDEX future_start_idx ON future(start); - - -CREATE TABLE approval ( - id timeuuid, // unique Key - ticket uuid, // Link to Future Record - user varchar, // the user who needs to be approved - approver varchar, // user approving - type varchar, // approver types i.e. Supervisor, Owner - status varchar, // approval status. pending, approved, denied - memo varchar, // Text for Approval to know what's going on - operation varchar, // List operation to perform - PRIMARY KEY(id) - ); -CREATE INDEX appr_approver_idx ON approval(approver); -CREATE INDEX appr_user_idx ON approval(user); -CREATE INDEX appr_ticket_idx ON approval(ticket); -CREATE INDEX appr_status_idx ON approval(status); - -CREATE TABLE delegate ( - user varchar, - delegate varchar, - expires timestamp, - PRIMARY KEY (user) -); -CREATE INDEX delg_delg_idx ON delegate(delegate); - -// -// Used by authz-batch processes to ensure only 1 runs at a time -// -CREATE TABLE run_lock ( - class text, - host text, - start timestamp, - PRIMARY KEY ((class)) -); diff --git a/kubernetes/config/docker/init/src/config/aaf/data2/identities.dat b/kubernetes/config/docker/init/src/config/aaf/data2/identities.dat deleted file mode 100644 index 95eb51d1be..0000000000 --- a/kubernetes/config/docker/init/src/config/aaf/data2/identities.dat +++ /dev/null @@ -1,9 +0,0 @@ -iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e| -mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna -bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager -mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager -ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager -iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager -osaaf|ID of AAF|||||a|bdevl -m99751|ID of AAF|||||a|bdevl -m99501|ID of AAF|||||a|bdevl -- cgit 1.2.3-korg