From e9312923e96a2678f794fcf08ff5918d1b005bbd Mon Sep 17 00:00:00 2001
From: Michael Mokry <mm117s@att.com>
Date: Fri, 21 Sep 2018 15:56:43 -0500
Subject: CADI AAF changes for policy/engine

Added cadi properties and modified policy aaf client code.

Fixed issue with namespace and modified code to reverse it for
structuring the username sent in AAF API call

Added properties for keystore and keystore password after getting error
response from AAF when setting up the connection to AAF

Missed a fix for one of Jorge's comments in last patch, here it is.

Change-Id: Ic164ade8aa34da95a560c1592656e0caf990a595
Issue-ID: POLICY-913
Signed-off-by: Michael Mokry <mm117s@att.com>
---
 .../install/servers/pdp/bin/xacml.pdp.properties   | 26 ++++++++++++++++++----
 1 file changed, 22 insertions(+), 4 deletions(-)

(limited to 'packages/base/src/files/install/servers/pdp')

diff --git a/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties b/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties
index f05f9e951..ad27cd09e 100644
--- a/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties
+++ b/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties
@@ -136,10 +136,28 @@ javax.persistence.jdbc.password=${{JDBC_PASSWORD}}
 ENVIRONMENT=${{ENVIRONMENT}}
 xacml.rest.pep.idfile = client.properties
 
-#AAF Policy Name space
-#Required only, when we use AAF
-policy.aaf.namespace = ${{POLICY_AAF_NAMESPACE}}
-policy.aaf.resource = ${{POLICY_AAF_RESOURCE}}
+#AAF cadi properties
+policy.aaf.namespace = ${{AAF_NAMESPACE}}
+policy.aaf.root.permission=${{AAF_NAMESPACE}}.pdpx
+cm_url=https://${{AAF_HOST}}:8095/AAF_NS.cm:2.1
+cadi_latitude=38.000
+cadi.longitude=72.000
+cadi_alias=policy@policy.onap.org
+cadi_loglevel=DEBUG
+cadi_keyfile=${{POLICY_HOME}}/etc/ssl/aaf-cadi.keyfile
+cadi_protocols=TLSv1.1,TLSv1.2
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US
+cadi_keystore=${{POLICY_HOME}}/etc/ssl/policy-keystore
+cadi_keystore_password=${{KEYSTORE_PASSWD}}
+cadi_key_password=${{KEYSTORE_PASSWD}}
+aaf_env=DEV
+aaf_url=https://${{AAF_HOST}}:8095/AAF_NS.service:2.1
+aaf_fqdn=${{AAF_HOST}}
+aaf_oauth2_introspect_url=https://${{AAF_HOST}}:8095/AAF_NS.introspect:2.1/introspect
+aaf_oauth2_token_url=https://${{AAF_HOST}}:8095/AAF_NS.token:2.1/token
+fs_url=https://${{AAF_HOST}}:8095/AAF_NS.fs.2.1
+gui_url=https://${{AAF_HOST}}:8095/AAF_NS.gui.2.1
+
 # Decision Response settings. 
 # can be either PERMIT or DENY. 
 decision.indeterminate.response=${{DECISION_INDETERMINATE_RESPONSE}}
-- 
cgit