From e9312923e96a2678f794fcf08ff5918d1b005bbd Mon Sep 17 00:00:00 2001 From: Michael Mokry Date: Fri, 21 Sep 2018 15:56:43 -0500 Subject: CADI AAF changes for policy/engine Added cadi properties and modified policy aaf client code. Fixed issue with namespace and modified code to reverse it for structuring the username sent in AAF API call Added properties for keystore and keystore password after getting error response from AAF when setting up the connection to AAF Missed a fix for one of Jorge's comments in last patch, here it is. Change-Id: Ic164ade8aa34da95a560c1592656e0caf990a595 Issue-ID: POLICY-913 Signed-off-by: Michael Mokry --- .../install/servers/pdp/bin/xacml.pdp.properties | 26 ++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) (limited to 'packages/base/src/files/install/servers/pdp/bin') diff --git a/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties b/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties index f05f9e951..ad27cd09e 100644 --- a/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties +++ b/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties @@ -136,10 +136,28 @@ javax.persistence.jdbc.password=${{JDBC_PASSWORD}} ENVIRONMENT=${{ENVIRONMENT}} xacml.rest.pep.idfile = client.properties -#AAF Policy Name space -#Required only, when we use AAF -policy.aaf.namespace = ${{POLICY_AAF_NAMESPACE}} -policy.aaf.resource = ${{POLICY_AAF_RESOURCE}} +#AAF cadi properties +policy.aaf.namespace = ${{AAF_NAMESPACE}} +policy.aaf.root.permission=${{AAF_NAMESPACE}}.pdpx +cm_url=https://${{AAF_HOST}}:8095/AAF_NS.cm:2.1 +cadi_latitude=38.000 +cadi.longitude=72.000 +cadi_alias=policy@policy.onap.org +cadi_loglevel=DEBUG +cadi_keyfile=${{POLICY_HOME}}/etc/ssl/aaf-cadi.keyfile +cadi_protocols=TLSv1.1,TLSv1.2 +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US +cadi_keystore=${{POLICY_HOME}}/etc/ssl/policy-keystore +cadi_keystore_password=${{KEYSTORE_PASSWD}} +cadi_key_password=${{KEYSTORE_PASSWD}} +aaf_env=DEV +aaf_url=https://${{AAF_HOST}}:8095/AAF_NS.service:2.1 +aaf_fqdn=${{AAF_HOST}} +aaf_oauth2_introspect_url=https://${{AAF_HOST}}:8095/AAF_NS.introspect:2.1/introspect +aaf_oauth2_token_url=https://${{AAF_HOST}}:8095/AAF_NS.token:2.1/token +fs_url=https://${{AAF_HOST}}:8095/AAF_NS.fs.2.1 +gui_url=https://${{AAF_HOST}}:8095/AAF_NS.gui.2.1 + # Decision Response settings. # can be either PERMIT or DENY. decision.indeterminate.response=${{DECISION_INDETERMINATE_RESPONSE}} -- cgit 1.2.3-korg