From 75f7a15a5a14af434e0e8430fcec880106d64dbf Mon Sep 17 00:00:00 2001
From: vrvarma <vv8305@att.com>
Date: Wed, 10 Apr 2019 15:13:38 -0400
Subject: Implement osdf code to enable ssl

Fix aaf related permissions

Change-Id: Id458d7198d1ccef66e816d39bb7f8dce787c9a80
Signed-off-by: vrvarma <vv8305@att.com>
Issue-ID: OPTFRA-223
Signed-off-by: vrvarma <vv8305@att.com>
---
 config/osdf_config.yaml         |  6 ++----
 osdfapp.py                      | 16 +++++++++++++++-
 test/config/osdf_config.yaml    |  3 ++-
 test/test_aaf_authentication.py |  6 +++---
 4 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/config/osdf_config.yaml b/config/osdf_config.yaml
index c867171..2abc651 100755
--- a/config/osdf_config.yaml
+++ b/config/osdf_config.yaml
@@ -36,10 +36,8 @@ is_aaf_enabled: False
 aaf_cache_expiry_mins: 5
 aaf_url: https://aaftest.simpledemo.onap.org:8095
 aaf_user_roles:
-    - /api/oof/v1/placement:org.onap.osdf.access|*|read ALL
-    - /api/oof/placement/v1:org.onap.osdf.access|*|read ALL
-    - /api/oof/v1/pci:org.onap.osdf.access|*|read ALL
-    - /api/oof/pci/v1:org.onap.osdf.access|*|read ALL
+  - '/placement:org.onap.oof.access|*|read ALL'
+  - '/pci:org.onap.oof.access|*|read ALL'
 
 # Secret Management Service from AAF
 aaf_sms_url: https://aaf-sms.onap:10443
diff --git a/osdfapp.py b/osdfapp.py
index ed518b2..b8afbf4 100755
--- a/osdfapp.py
+++ b/osdfapp.py
@@ -21,6 +21,7 @@ OSDF Manager Main Flask Application
 """
 
 import json
+import ssl
 import sys
 import traceback
 from optparse import OptionParser
@@ -99,6 +100,12 @@ def handle_data_error(e):
 def do_osdf_health_check():
     """Simple health check"""
     audit_log.info("A health check request is processed!")
+    return "OK"
+
+
+@app.route("/api/oof/loadmodels/v1", methods=["GET"])
+def do_osdf_load_policies():
+    audit_log.info("Uploading policy models")
     """Upload policy models"""
     response = upload_policy_models()
     audit_log.info(response)
@@ -196,6 +203,13 @@ def get_options(argv):
     return opts
 
 
+def build_ssl_context():
+    ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
+    ssl_context.set_ciphers('ECDHE-RSA-AES128-SHA256:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH')
+    ssl_context.load_cert_chain(sys_conf['ssl_context'][0], sys_conf['ssl_context'][1])
+    return ssl_context
+
+
 if __name__ == "__main__":
 
     sys_conf = osdf_config['core']['osdf_system']
@@ -207,7 +221,7 @@ if __name__ == "__main__":
 
     ssl_opts = sys_conf.get('ssl_context')
     if ssl_opts:
-        common_app_opts.update({'ssl_context': tuple(ssl_opts)})
+        common_app_opts.update({'ssl_context': build_ssl_context()})
 
     opts = get_options(sys.argv)
     # Load secrets from SMS
diff --git a/test/config/osdf_config.yaml b/test/config/osdf_config.yaml
index 7582696..eaa31ff 100755
--- a/test/config/osdf_config.yaml
+++ b/test/config/osdf_config.yaml
@@ -51,7 +51,8 @@ is_aaf_enabled: False
 aaf_cache_expiry_mins: 5
 aaf_url: https://aaftest.simpledemo.onap.org:8095
 aaf_user_roles:
-    - /api/oof/v1/placement:org.onap.osdf.access|*|read ALL
+  - '/placement:org.onap.oof.access|*|read ALL'
+  - '/pci:org.onap.oof.access|*|read ALL'
 
 # Secret Management Service from AAF
 aaf_sms_url: https://aaf-sms.onap:10443
diff --git a/test/test_aaf_authentication.py b/test/test_aaf_authentication.py
index e69b2aa..6911337 100644
--- a/test/test_aaf_authentication.py
+++ b/test/test_aaf_authentication.py
@@ -34,7 +34,7 @@ class TestAafAuthentication():
 
         def mock_aaf_response(*args, **kwargs):
             return {"perm": [{"instance": "menu_ecd", "action": "*", "type": "org.onap.oof.controller.dev.menu"},
-                             {"instance": "*", "action": "read", "type": "org.onap.osdf.access"},
+                             {"instance": "*", "action": "read", "type": "org.onap.oof.access"},
                              {"instance": "aaf", "action": "request", "type": "org.onap.osdf.certman"},
                              {"instance": "*", "action": "*", "type": "org.onap.osdf.dev.access"},
                              {"instance": ":*:*", "action": "*", "type": "org.onap.osdf.dev.k8"},
@@ -50,7 +50,7 @@ class TestAafAuthentication():
 
         def mock_aaf_response(*args, **kwargs):
             return {"perm": [{"instance": "menu_ecd", "action": "*", "type": "org.onap.osdf.controller.dev.menu"},
-                             {"instance": "*", "action": "read", "type": "org.onap.osdf.access"},
+                             {"instance": "*", "action": "read", "type": "org.onap.oof.access"},
                              {"instance": "aaf", "action": "request", "type": "org.onap.osdf.certman"},
                              {"instance": "*", "action": "*", "type": "org.onap.osdf.dev.access"},
                              {"instance": ":*:*", "action": "*", "type": "org.onap.osdf.dev.k8"},
@@ -78,7 +78,7 @@ class TestAafAuthentication():
 
         def mock_aaf_response(*args, **kwargs):
             return {"perm": [{"instance": "menu_ecd", "action": "*", "type": "org.onap.oof.controller.dev.menu"},
-                             {"instance": "*", "action": "*", "type": "org.onap.osdf.access"},
+                             {"instance": "*", "action": "*", "type": "org.onap.oof.access"},
                              {"instance": "aaf", "action": "request", "type": "org.onap.osdf.certman"},
                              {"instance": "*", "action": "*", "type": "org.onap.osdf.dev.access"},
                              {"instance": ":*:*", "action": "*", "type": "org.onap.osdf.dev.k8"},
-- 
cgit 1.2.3-korg