diff options
author | Jorge Hernandez <jh1730@att.com> | 2018-09-19 14:35:22 -0500 |
---|---|---|
committer | Jorge Hernandez <jh1730@att.com> | 2018-09-19 15:42:09 -0500 |
commit | 88d1b6ccc92a42c94c2cd462789a90fcf245efb2 (patch) | |
tree | 160cc62dbd4798c0de2037f494d352bf7a9d1b7f /policy-management/src/main | |
parent | bc7885882394ec60a1fb255a16b63c00a91c7172 (diff) |
AAF Configuration in PDP-D
AAF is disabled by default until pairwise testing is completed.
Change-Id: Ica83873a2605742689ed0c2e06dfade20bef8bf0
Signed-off-by: Jorge Hernandez <jh1730@att.com>
Issue-ID: POLICY-1043
Signed-off-by: Jorge Hernandez <jh1730@att.com>
Diffstat (limited to 'policy-management/src/main')
11 files changed, 142 insertions, 10 deletions
diff --git a/policy-management/src/main/java/org/onap/policy/drools/server/restful/aaf/AafBase.java b/policy-management/src/main/java/org/onap/policy/drools/server/restful/aaf/AafBase.java new file mode 100644 index 00000000..0c8465a7 --- /dev/null +++ b/policy-management/src/main/java/org/onap/policy/drools/server/restful/aaf/AafBase.java @@ -0,0 +1,35 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP + * ================================================================================ + * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.drools.server.restful.aaf; + +import org.onap.policy.common.endpoints.http.server.aaf.AafAuthFilter; +import org.onap.policy.drools.system.PolicyEngine; + +/** + * AAF Base Class + */ +public abstract class AafBase extends AafAuthFilter { + public static final String AAF_NODETYPE = "pdpd"; + public static final String AAF_ROOT_PERMISSION_PROPERTY = "aaf.root.permission"; + public static final String AAF_ROOT_PERMISSION = + PolicyEngine.manager.getProperties().getProperty + (AAF_ROOT_PERMISSION_PROPERTY, DEFAULT_NAMESPACE + "." + AAF_NODETYPE); +} diff --git a/policy-management/src/main/java/org/onap/policy/drools/server/restful/aaf/AafTelemetryAuthFilter.java b/policy-management/src/main/java/org/onap/policy/drools/server/restful/aaf/AafTelemetryAuthFilter.java new file mode 100644 index 00000000..f2e50ee2 --- /dev/null +++ b/policy-management/src/main/java/org/onap/policy/drools/server/restful/aaf/AafTelemetryAuthFilter.java @@ -0,0 +1,41 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP + * ================================================================================ + * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.drools.server.restful.aaf; + +import javax.servlet.http.HttpServletRequest; +import org.onap.policy.common.utils.network.NetworkUtil; + +/** + * AAF Telemetry Authorization + */ +public class AafTelemetryAuthFilter extends AafBase { + private static final String RESOURCE_TYPE = AAF_ROOT_PERMISSION + "." + "telemetry"; + + @Override + protected String getPermissionType(HttpServletRequest request) { + return RESOURCE_TYPE; + } + + @Override + protected String getPermissionInstance(HttpServletRequest request) { + return NetworkUtil.getHostname(); + } +} diff --git a/policy-management/src/main/server-gen/bin/policy-management-controller b/policy-management/src/main/server-gen/bin/policy-management-controller index cc6a8c7d..bad1783f 100644 --- a/policy-management/src/main/server-gen/bin/policy-management-controller +++ b/policy-management/src/main/server-gen/bin/policy-management-controller @@ -96,9 +96,9 @@ function um_stop() { remove_pid_file else if [[ -n ${ENGINE_MANAGEMENT_PASSWORD} ]]; then - http_proxy= curl --silent --user ${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD} -X DELETE http://localhost:${ENGINE_MANAGEMENT_PORT}/policy/pdp/engine -o /dev/null + http_proxy= curl -k --silent --user ${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD} -X DELETE https://localhost:${ENGINE_MANAGEMENT_PORT}/policy/pdp/engine -o /dev/null else - http_proxy= curl --silent -X DELETE http://localhost:${ENGINE_MANAGEMENT_PORT}/policy/pdp/engine -o /dev/null + http_proxy= curl -k --silent -X DELETE https://localhost:${ENGINE_MANAGEMENT_PORT}/policy/pdp/engine -o /dev/null fi sleep 5 echo "Stopping $SNAME..." diff --git a/policy-management/src/main/server-gen/bin/rest-add-controller b/policy-management/src/main/server-gen/bin/rest-add-controller index 187b2916..0dd82eec 100644 --- a/policy-management/src/main/server-gen/bin/rest-add-controller +++ b/policy-management/src/main/server-gen/bin/rest-add-controller @@ -26,11 +26,11 @@ json=$1-controller.rest.json if [ -f ${json} ]; then if [[ -n ${ENGINE_MANAGEMENT_PASSWORD} ]]; then - curl --silent --user ${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD} -X POST --data @${json} --header "Content-Type: application/json" \ - http://localhost:${ENGINE_MANAGEMENT_PORT}/policy/pdp/engine/controllers + curl -k --silent --user ${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD} -X POST --data @${json} --header "Content-Type: application/json" \ + https://localhost:${ENGINE_MANAGEMENT_PORT}/policy/pdp/engine/controllers else - curl --silent -X POST --data @${json} --header "Content-Type: application/json" \ - http://localhost:${ENGINE_MANAGEMENT_PORT}/policy/pdp/engine/controllers + curl -k --silent -X POST --data @${json} --header "Content-Type: application/json" \ + https://localhost:${ENGINE_MANAGEMENT_PORT}/policy/pdp/engine/controllers fi else echo "Usage: rest-add-controller.sh closed-loop-sample|reporter|sepc|vsegw|.. (or any other config file ending with *-controller.rest.json)" diff --git a/policy-management/src/main/server-gen/bin/rest-delete-controller b/policy-management/src/main/server-gen/bin/rest-delete-controller index de1d601c..03e67483 100644 --- a/policy-management/src/main/server-gen/bin/rest-delete-controller +++ b/policy-management/src/main/server-gen/bin/rest-delete-controller @@ -24,11 +24,11 @@ source $POLICY_HOME/etc/profile.d/env.sh if [[ -n $1 ]]; then if [[ -n ${ENGINE_MANAGEMENT_PASSWORD} ]]; then - curl --silent --user ${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD} -X DELETE --header "Content-Type: application/json" \ - http://localhost:${ENGINE_MANAGEMENT_PORT}/policy/pdp/engine/controllers/${1} + curl -k --silent --user ${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD} -X DELETE --header "Content-Type: application/json" \ + https://localhost:${ENGINE_MANAGEMENT_PORT}/policy/pdp/engine/controllers/${1} else - curl --silent -X DELETE --header "Content-Type: application/json" \ - http://localhost:${ENGINE_MANAGEMENT_PORT}/policy/pdp/engine/controllers/${1} + curl -k --silent -X DELETE --header "Content-Type: application/json" \ + https://localhost:${ENGINE_MANAGEMENT_PORT}/policy/pdp/engine/controllers/${1} fi echo exit diff --git a/policy-management/src/main/server/config/aaf-cadi.keyfile b/policy-management/src/main/server/config/aaf-cadi.keyfile new file mode 100644 index 00000000..59d544f3 --- /dev/null +++ b/policy-management/src/main/server/config/aaf-cadi.keyfile @@ -0,0 +1,27 @@ +N3INM2bAlQ8cNODnjR3Fuvo5z4GeID0KnRYlELmt-oHCFxq_XYVyepBVR591CIbJI9prNd_LLuv7 +tQD8xX_ypcNA-jQsecTwtw4GxvpqkZPhq6Q8BWNQaCegtXGDVTQ8gG2biKiQ7v-2C6Qhx4zj62b6 +bRPS5j1bfxqcAZu7082V00oQjbn40T2zFcLwCuBChZfx5DXTW49bwtLbkCbGqJSzFcIJpbGQ8gLg +ussIoL8VE2Vee7bPJmUAdT4x9B1wrMIuvKlUMppeq0Bj-6ZJgxhM9F0WT8eEBh6NFANdK3LUgZrk +D3kY3LrK-MT9u1TOMx13nOU7vOaVjl7_rkp5Q65gFd9VYbnJBYvJcc7asOQMsrugiSiRIoXH0Fyy +-f9L3ROGae042J4M8qxcoOihMbcjVkEXqn6eRIFbDe0eIAlkSRYfaxg9v4tf8GbBjQcShBjzGaI2 +g6QxTA5G6Aa7p63aVRGv3ZODCHcbsbxnkyByXgmkON4cTk9vR0RbT6YYhT5t8xTU3rhqV3jeE0Bz +KbU0c4188xTnhdq_bje2TuuLvtEvevdvDsbtAj7chQmWMOW7GMF3MnqdEpcw1NCoNRdN8wpAdE-5 +mkG-jlYHljSRh9qZK5wdEoO4IXgpFktdGj50XuzcskqqURNfDGHGb29fHznL1-ssdQK6EXcKN0AU +nYyGLAie3VfFxWKj5dGODBs5RttvkX4PHyLcLD3kOrVgtQrz7d0PWWYCxDRqKT6qnJkLB1CUwghn +XweEiDfoQmuUmwFEQNRDp0NGLnde5nsw7NYgLrv5VafGK8EyT4GeVhuu5Tnb6T-HalxCq2p5JaIA +SG8zlDmRx_TykrhfQEJe7sr0pRcAMwgxEhwunG2oBiKnzdRx5jxMfqnVC8xGirumhmOQNterfnd5 +0pIsfvIuntyxRQ48yzIb2gb5kaSkfSzCaVnlqK-_jpj1T74qO86eaKVee4faQAbXDPYF2z5w06nD +WS2dd54wBjGmkFNzi13ejTrAJeA6UzOd1CF_WSpc9XSJJPTPUGxmnfLjmGThErFBYuQxjhpH7vKN +uZgokkIXX78rVcO3zpfa5kTYWjE8lk9y3WA7sGNtTWfG8bR3WLWNLPCnrzxtKZdhq2JsQYC0gwW7 +ZgJSXhgPoaC_RrtCn7haj1_601G_MkD-jcUEsO-4XOBVicsCgG8hn7B-SpgKspqv8gulbeKoORqa +CkrtiFPlXEqdNuaBSHcQ0MWJ3tpXzWtIPM3ouEFOR32xVfptfz4sRPOkM_PNiVXxQtLOn_z3uC7K +VVJCKZxVaavQ6QiZvRRANS9_GD3kDILX15EnbEvh-2DfycDrEo330vMwvNJP7i9eM5vo0YADe--G +r5UDqctmFjl1ulc1yAQkDBGWGxT92x-hhLqCnCXcYPu_aeWssfDpRj573PHPaTiM0SYxJixjszRD +6-AMC1DqugkjiGA5_enQORn-G_H4ZVtoQ_zebizEfIxKv5-8uRdyZDHGG3mDu6_nasEffry-UyVu +STU3oJMycZ1qf5GR1evRJ7gxkrtPXHWKNnVgxfrBC72ON6wJnr7KaY-l9L44epIsk1pEmXm3YQu1 +N0NxiAwdus9OnCXQ7GgZPRXCpxjJPNs7EIKFrYjKJfdtSzT85ZrTpHQtjim2L1ZP9iIlq2QVKD1v +bKSjCwjtb9ztjrV-Bw1BHcAApPcfpXHLhYkJ7iL1XUhxjXp_DGUkD7ZN9S5tuyrsMXz5hh6wMfcq +NPR_XqHaS2ur-ONNrHuFFCmY7Ehc5FArFzb_Xn1JTpOQJTcy6_3r3u3B_euT8GmXHahtVN1Rv8RM +kAD5m_UBx-nHoZDVDYZkfR9k4hF2Sz5rfrWs6Zrl0r8FBrVFtU1j2vOTvTGwrkO9yZvgIqOkX_eq +TnGIpM4paHxEGTP8H8A3Y0ZpsvLttmh0rT_OwzBPa1Mof3RQKhyTzfbptxuUJyVxU0Ln-9f--5Mk +wEFqhuSrgssI6b1iMqm97PqFQMYrWX3SV8l0V-PKxFxDM1bguHq4mOXEtmZBUtMBepwSsI96
\ No newline at end of file diff --git a/policy-management/src/main/server/config/aaf-credentials.properties b/policy-management/src/main/server/config/aaf-credentials.properties new file mode 100644 index 00000000..aaa5f161 --- /dev/null +++ b/policy-management/src/main/server/config/aaf-credentials.properties @@ -0,0 +1,9 @@ +cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1 +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US +cadi_keyfile=${{POLICY_HOME}}/config/aaf-cadi.keyfile +cadi_keystore=${{POLICY_HOME}}/etc/ssl/policy-keystore +cadi_keystore_password=${{KEYSTORE_PASSWD}} +cadi_key_password=${{KEYSTORE_PASSWD}} +cadi_alias=policy@policy.onap.org +cadi_truststore=${{POLICY_HOME}}/etc/ssl/policy-truststore +cadi_truststore_password=${{TRUSTSTORE_PASSWD}}
\ No newline at end of file diff --git a/policy-management/src/main/server/config/aaf-location.properties b/policy-management/src/main/server/config/aaf-location.properties new file mode 100644 index 00000000..dc828e71 --- /dev/null +++ b/policy-management/src/main/server/config/aaf-location.properties @@ -0,0 +1,2 @@ +cadi_latitude=38.000 +cadi_longitude=-72.000 diff --git a/policy-management/src/main/server/config/aaf.properties b/policy-management/src/main/server/config/aaf.properties new file mode 100644 index 00000000..8084be99 --- /dev/null +++ b/policy-management/src/main/server/config/aaf.properties @@ -0,0 +1,11 @@ +cadi_prop_files=${{POLICY_HOME}}/config/aaf-credentials.properties:${{POLICY_HOME}}/config/aaf-location.properties +cadi_loglevel=DEBUG +aaf_env=DEV +aaf_locate_url=https://${{AAF_HOST}}:8095 +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect +aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.1/token +aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1 +cadi_protocols=TLSv1.1,TLSv1.2 +cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1 +fs_url=https://AAF_LOCATE_URL/AAF_NS.fs.2.1 +gui_url=https://AAF_LOCATE_URL/AAF_NS.gui.2.1 diff --git a/policy-management/src/main/server/config/policy-engine.properties b/policy-management/src/main/server/config/policy-engine.properties index 758d13eb..8e517528 100644 --- a/policy-management/src/main/server/config/policy-engine.properties +++ b/policy-management/src/main/server/config/policy-engine.properties @@ -49,3 +49,6 @@ http.server.services.SECURED-CONFIG.restPackages=org.onap.policy.drools.server.r http.server.services.SECURED-CONFIG.managed=false http.server.services.SECURED-CONFIG.swagger=true http.server.services.SECURED-CONFIG.https=true + +aaf.namespace=${{AAF_NAMESPACE}} +aaf.root.permission=${{AAF_NAMESPACE}}.pdpd diff --git a/policy-management/src/main/server/config/system.properties b/policy-management/src/main/server/config/system.properties index 5c024e15..6bac0ea6 100644 --- a/policy-management/src/main/server/config/system.properties +++ b/policy-management/src/main/server/config/system.properties @@ -34,6 +34,10 @@ javax.net.ssl.trustStorePassword=${{TRUSTSTORE_PASSWD}} javax.net.ssl.keyStore=${{POLICY_HOME}}/etc/ssl/policy-keystore javax.net.ssl.keyStorePassword=${{KEYSTORE_PASSWD}} +# aaf + +cadi_prop_files=config/aaf.properties + # standard logging logback.configurationFile=config/logback.xml |