Configuration and Auto-Certificates
Issue-ID: AAF-378
Change-Id: Ic820a4e43684a6130f00b28b415a974876099fc3
Signed-off-by: Instrumental <jonathan.gathman@att.com>
diff --git a/auth/sample/bin/client.sh b/auth/sample/bin/client.sh
new file mode 100644
index 0000000..2c73614
--- /dev/null
+++ b/auth/sample/bin/client.sh
@@ -0,0 +1,183 @@
+#!/bin/bash
+# This script is run when starting aaf_config Container.
+# It needs to cover the cases where the initial data doesn't exist, and when it has already been configured (don't overwrite)
+#
+JAVA=/usr/bin/java
+AAF_INTERFACE_VERSION=2.1
+
+# Extract Name, Domain and NS from FQI
+FQIA=($(echo ${APP_FQI} | tr '@' '\n'))
+FQI_SHORT=${FQIA[0]}
+FQI_DOMAIN=${FQIA[1]}
+# Reverse DOMAIN for NS
+FQIA_E=($(echo ${FQI_DOMAIN} | tr '.' '\n'))
+for (( i=( ${#FQIA_E[@]} -1 ); i>0; i-- )); do
+ NS=${NS}${FQIA_E[i]}'.'
+done
+NS=${NS}${FQIA_E[0]}
+
+
+# Setup SSO info for Deploy ID
+function sso_encrypt() {
+ $JAVA -cp /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.CmdLine digest ${1} ~/.aaf/keyfile
+}
+
+if [ ! -e " ~/.aaf/keyfile" ]; then
+ mkdir -p ~/.aaf
+ SSO=~/.aaf/sso.props
+ $JAVA -cp /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.CmdLine keygen ~/.aaf/keyfile
+ chmod 400 ~/.aaf/keyfile
+ echo cadi_latitude=${LATITUDE} > ${SSO}
+ echo cadi_longitude=${LONGITUDE} >> ${SSO}
+ echo aaf_id=${DEPLOY_FQI} >> ${SSO}
+ if [ ! "${DEPLOY_PASSWORD}" = "" ]; then
+ echo aaf_password=enc:$(sso_encrypt ${DEPLOY_PASSWORD}) >> ${SSO}
+ fi
+ echo aaf_locate_url=https://${AAF_FQDN}:8095 >> ${SSO}
+ echo aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:${AAF_INTERFACE_VERSION} >> ${SSO}
+ echo cadi_truststore=$(ls /opt/app/aaf_config/public/*trust*) >> ${SSO}
+ echo cadi_truststore_password=enc:$(sso_encrypt changeit) >> ${SSO}
+fi
+
+# Only initialize once, automatically...
+if [ ! -e /opt/app/osaaf/local/${NS}.props ]; then
+ for D in bin logs; do
+ rsync -avzh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D
+ done
+
+ # setup Configs
+ $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar config $APP_FQI \
+ cadi_etc_dir=/opt/app/osaaf/local
+
+ # Place Certificates
+ $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar place ${APP_FQI} ${APP_FQDN}
+
+ # Validate
+ $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar validate \
+ cadi_prop_files=/opt/app/osaaf/local/${NS}.props
+fi
+
+# Now run a command
+CMD=$2
+if [ ! "$CMD" = "" ]; then
+ shift
+ shift
+ case "$CMD" in
+ ls)
+ echo ls requested
+ find /opt/app/osaaf -depth
+ ;;
+ cat)
+ if [ "$1" = "" ]; then
+ echo "usage: cat <file... ONLY files ending in .props>"
+ else
+ if [[ $1 == *.props ]]; then
+ echo
+ echo "## CONTENTS OF $3"
+ echo
+ cat "$1"
+ else
+ echo "### ERROR ####"
+ echo " \"cat\" may only be used with files ending with \".props\""
+ fi
+ fi
+ ;;
+ update)
+ for D in bin logs; do
+ rsync -uh --exclude=.gitignore /opt/app/aaf_config/$D/* /opt/app/osaaf/$D
+ done
+ ;;
+ validate)
+ echo "## validate requested"
+ $JAVA -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar validate cadi_prop_files=/opt/app/osaaf/local/${NS}.props
+ ;;
+ bash)
+ if [ ! -e ~/.bash_aliases ]; then
+ echo "alias cadi='$JAVA -cp /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.CmdLine \$*'" >~/.bash_aliases
+ echo "alias agent='$JAVA -cp /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar org.onap.aaf.cadi.configure.Agent \$*'" >>~/.bash_aliases
+ fi
+ shift
+ cd /opt/app/osaaf/local || exit
+ /bin/bash "$@"
+ ;;
+ setProp)
+ cd /opt/app/osaaf/local || exit
+ FILES=$(grep -l "$1" ./*.props)
+ if [ "$FILES" = "" ]; then
+ FILES="$3"
+ ADD=Y
+ fi
+ for F in $FILES; do
+ echo "Changing $1 in $F"
+ if [ "$ADD" = "Y" ]; then
+ echo $2 >> $F
+ else
+ sed -i.backup -e "s/\\(${1}.*=\\).*/\\1${2}/" $F
+ fi
+ cat $F
+ done
+ ;;
+ encrypt)
+ cd /opt/app/osaaf/local || exit
+ echo $1
+ FILES=$(grep -l "$1" ./*.props)
+ if [ "$FILES" = "" ]; then
+ FILES=/opt/app/osaaf/local/${NS}.cred.props
+ ADD=Y
+ fi
+ for F in $FILES; do
+ echo "Changing $1 in $F"
+ if [ "$2" = "" ]; then
+ read -r -p "Password (leave blank to cancel): " -s ORIG_PW
+ echo " "
+ if [ "$ORIG_PW" = "" ]; then
+ echo canceling...
+ break
+ fi
+ else
+ ORIG_PW="$2"
+ fi
+ PWD=$("$JAVA" -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi digest "$ORIG_PW" /opt/app/osaaf/local/${NS}.keyfile)
+ if [ "$ADD" = "Y" ]; then
+ echo "$1=enc:$PWD" >> $F
+ else
+ sed -i.backup -e "s/\\($1.*enc:\\).*/\\1$PWD/" $F
+ fi
+ cat $F
+ done
+ ;;
+ taillog)
+ sh /opt/app/osaaf/logs/taillog
+ ;;
+ --help | -?)
+ case "$1" in
+ "")
+ echo "--- Agent Container Comands ---"
+ echo " ls - Lists all files in Configuration"
+ echo " cat <file.props>> - Shows the contents (Prop files only)"
+ echo " validate - Runs a test using Configuration"
+ echo " setProp <tag> [<value>] - set value on 'tag' (if no value, it will be queried from config)"
+ echo " encrypt <tag> [<pass>] - set passwords on Configuration (if no pass, it will be queried)"
+ echo " bash - run bash in Container"
+ echo " Note: the following aliases are preset"
+ echo " cadi - CADI CmdLine tool"
+ echo " agent - Agent Java tool (see above help)"
+ echo ""
+ echo " --help|-? [cadi|agent] - This help, cadi help or agent help"
+ ;;
+ cadi)
+ echo "--- cadi Tool Comands ---"
+ $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/${NS}.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar cadi | tail -n +6
+ ;;
+ agent)
+ echo "--- agent Tool Comands ---"
+ $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/${NS}.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar
+ ;;
+ esac
+ echo ""
+ ;;
+ *)
+ $JAVA -Dcadi_prop_files=/opt/app/osaaf/local/${NS}.props -jar /opt/app/aaf_config/bin/aaf-cadi-aaf-*-full.jar "$CMD" "$@"
+ ;;
+ esac
+fi
diff --git a/auth/sample/bin/agent.sh b/auth/sample/bin/service.sh
similarity index 100%
rename from auth/sample/bin/agent.sh
rename to auth/sample/bin/service.sh
diff --git a/auth/sample/data/identities.dat b/auth/sample/data/identities.dat
index b5c6ce5..54c0a15 100644
--- a/auth/sample/data/identities.dat
+++ b/auth/sample/data/identities.dat
@@ -26,11 +26,22 @@
iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager
osaaf|ID of AAF|osaaf|AAF Application|||a|bdevl
# ONAP default Users
-demo|PORTAL DEMO|PORTAL|DEMO|||e|mmanager
-jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|mmanager
-cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|mmanager
-jm0007|PORTAL TESTER|PORTAL|TESTER|||e|mmanager
-op0001|PORTAL OPS|PORTAL|OPS|||e|mmanager
-gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|mmanager
-
-
+aaf_admin|AAF Administrator|Mr AAF|AAF Admin|||e|mmanager
+deploy|Deployer|Deployer|Depoyer|||e|aaf_admin
+demo|PORTAL DEMO|PORTAL|DEMO|||e|aaf
+jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|aaf
+cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|aaf
+jm0007|PORTAL TESTER|PORTAL|TESTER|||e|aaf
+op0001|PORTAL OPS|PORTAL|OPS|||e|aaf
+gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|aaf
+# ONAP App IDs
+aaf|AAF Application|AAF|Application|||a|aaf_admin
+aaf-sms|AAF SMS Application|AAF SMS|Application|||a|aaf_admin
+clamp|ONAP CLAMP Application|CLAMP|Application|||a|aaf_admin
+aai|ONAP AAI Application|AAI|ONAP Application|||a|aaf_admin
+appc|ONAP APPC Application|APPC|ONAP Application|||a|aaf_admin
+dcae|ONAP DCAE Application|CLAMP|ONAP Application|||a|aaf_admin
+dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|||_admina|aaf
+dmaap-mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|||a|aaf_admin
+oof|ONAP OOF Application|OOF|ONAP Application|||a|aaf_admin
+sdnc|ONAP SDNC Application|SDNC|ONAP Application|||a|aaf_admin
diff --git a/auth/sample/data/sample.identities.dat b/auth/sample/data/sample.identities.dat
index 13e94b1..05ed0cc 100644
--- a/auth/sample/data/sample.identities.dat
+++ b/auth/sample/data/sample.identities.dat
@@ -25,6 +25,8 @@
ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@people.osaaf.com|c|mmanager
iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@people.osaaf.com|n|mmanager
# ONAP default Users
+aaf_admin|AAF Administrator|Mr AAF|AAF Admin|||e|mmanager
+deploy|Deployer|Deployer|Depoyer|||e|aaf_admin
demo|PORTAL DEMO|PORTAL|DEMO|||e|aaf
jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|aaf
cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|aaf
@@ -32,15 +34,13 @@
op0001|PORTAL OPS|PORTAL|OPS|||e|aaf
gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|aaf
# ONAP App IDs
-aaf|AAF Application|AAF|Application|||a|bdevl
-aaf-sms|AAF SMS Application|AAF SMS|Application|||a|aaf
-clamp|ONAP CLAMP Application|CLAMP|Application|||a|aaf
-aai|ONAP AAI Application|AAI|ONAP Application|||a|aaf
-appc|ONAP APPC Application|APPC|ONAP Application|||a|aaf
-dcae|ONAP DCAE Application|CLAMP|ONAP Application|||a|aaf
-dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|||a|aaf
-dmaap-mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|||a|aaf
-oof|ONAP OOF Application|OOF|ONAP Application|||a|aaf
-sdnc|ONAP SDNC Application|SDNC|ONAP Application|||a|aaf
-
-
+aaf|AAF Application|AAF|Application|||a|aaf_admin
+aaf-sms|AAF SMS Application|AAF SMS|Application|||a|aaf_admin
+clamp|ONAP CLAMP Application|CLAMP|Application|||a|aaf_admin
+aai|ONAP AAI Application|AAI|ONAP Application|||a|aaf_admin
+appc|ONAP APPC Application|APPC|ONAP Application|||a|aaf_admin
+dcae|ONAP DCAE Application|CLAMP|ONAP Application|||a|aaf_admin
+dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|||_admina|aaf
+dmaap-mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|||a|aaf_admin
+oof|ONAP OOF Application|OOF|ONAP Application|||a|aaf_admin
+sdnc|ONAP SDNC Application|SDNC|ONAP Application|||a|aaf_admin
diff --git a/auth/sample/etc/org.osaaf.aaf.cm.props b/auth/sample/etc/org.osaaf.aaf.cm.props
index 628b5fd..661d8bb 100644
--- a/auth/sample/etc/org.osaaf.aaf.cm.props
+++ b/auth/sample/etc/org.osaaf.aaf.cm.props
@@ -3,8 +3,8 @@
## AAF Certificate Manager properties
## Note: Link to CA Properties in "local" dir
##
-cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props:/opt/app/osaaf/local/org.osaaf.aaf.cm.ca.props
-aaf_component=AAF_NS.cm:2.1.0.0
+cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props:/opt/app/osaaf/etc/org.osaaf.aaf.orgs.props:/opt/app/osaaf/local/org.osaaf.aaf.cm.ca.props
+aaf_component=AAF_NS.cm:2.1.2
port=8150
#Certman
diff --git a/auth/sample/etc/org.osaaf.aaf.fs.props b/auth/sample/etc/org.osaaf.aaf.fs.props
index 7307f62..d0aac3a 100644
--- a/auth/sample/etc/org.osaaf.aaf.fs.props
+++ b/auth/sample/etc/org.osaaf.aaf.fs.props
@@ -3,7 +3,7 @@
## AAF Fileserver Properties
##
cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props
-aaf_component=AAF_NS.fs:2.1.0.0
+aaf_component=AAF_NS.fs:2.1.2
port=8096
aaf_public_dir=/opt/app/osaaf/public
diff --git a/auth/sample/etc/org.osaaf.aaf.gui.props b/auth/sample/etc/org.osaaf.aaf.gui.props
index 619d60f..3cff29b 100644
--- a/auth/sample/etc/org.osaaf.aaf.gui.props
+++ b/auth/sample/etc/org.osaaf.aaf.gui.props
@@ -3,7 +3,7 @@
## AAF GUI Properties
##
cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/etc/org.osaaf.aaf.orgs.props
-aaf_component=AAF_NS.gui:2.1.0.0
+aaf_component=AAF_NS.gui:2.1.2
port=8200
aaf_gui_title=AAF
diff --git a/auth/sample/etc/org.osaaf.aaf.hello.props b/auth/sample/etc/org.osaaf.aaf.hello.props
index d26c104..db64baf 100644
--- a/auth/sample/etc/org.osaaf.aaf.hello.props
+++ b/auth/sample/etc/org.osaaf.aaf.hello.props
@@ -3,6 +3,6 @@
## AAF Hello Properties
##
cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props
-aaf_component=AAF_NS.hello:2.1.0.0
+aaf_component=AAF_NS.hello:2.1.2
port=8130
diff --git a/auth/sample/etc/org.osaaf.aaf.locate.props b/auth/sample/etc/org.osaaf.aaf.locate.props
index 521d63b..90c2c57 100644
--- a/auth/sample/etc/org.osaaf.aaf.locate.props
+++ b/auth/sample/etc/org.osaaf.aaf.locate.props
@@ -2,7 +2,7 @@
## org.osaaf.aaf.locate
## AAF Locator Properties
##
-cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props
-aaf_component=AAF_NS.locator:2.1.0.0
+cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opts/app/osaaf/etc/org.osaaf.aaf.orgs.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props
+aaf_component=AAF_NS.locator:2.1.2
port=8095
diff --git a/auth/sample/etc/org.osaaf.aaf.oauth.props b/auth/sample/etc/org.osaaf.aaf.oauth.props
index ce67de4..ac8b9a5 100644
--- a/auth/sample/etc/org.osaaf.aaf.oauth.props
+++ b/auth/sample/etc/org.osaaf.aaf.oauth.props
@@ -3,6 +3,6 @@
## AAF OAuth2 Properties
##
cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props
-aaf_component=AAF_NS.oauth:2.1.0.0
+aaf_component=AAF_NS.oauth:2.1.2
port=8140
diff --git a/auth/sample/etc/org.osaaf.aaf.service.props b/auth/sample/etc/org.osaaf.aaf.service.props
index 5472d82..ab05098 100644
--- a/auth/sample/etc/org.osaaf.aaf.service.props
+++ b/auth/sample/etc/org.osaaf.aaf.service.props
@@ -3,6 +3,6 @@
## AAF Service Properties
##
cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props:/opt/app/osaaf/etc/org.osaaf.aaf.orgs.props
-aaf_component=AAF_NS.service:2.1.0.0
+aaf_component=AAF_NS.service:2.1.2
port=8100
diff --git a/auth/sample/local/aaf.props b/auth/sample/local/aaf.props
index c9fb8f9..f8c4f88 100644
--- a/auth/sample/local/aaf.props
+++ b/auth/sample/local/aaf.props
@@ -3,7 +3,7 @@
#
# Controlling NS
aaf_root_ns=org.osaaf.aaf
-aaf_trust_perm=org.osaaf.aaf|org.onap|trust
+aaf_trust_perm=org.osaaf.aaf.appid|org|trust
# Domains and Realms
aaf_domain_support=.com:.org
@@ -19,3 +19,4 @@
# Other
aaf_data_dir=/opt/app/osaaf/data
+cadi_token_dir=/opt/app/osaaf/tokens
diff --git a/auth/sample/local/initialConfig.props b/auth/sample/local/initialConfig.props
index 1370424..2f599cd 100644
--- a/auth/sample/local/initialConfig.props
+++ b/auth/sample/local/initialConfig.props
@@ -1,4 +1,4 @@
-aaf_locate_url=https://aaf-onap-test.osaaf.org:8095
+aaf_locate_url=https://meriadoc.mithril.sbc.com:8095
aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect
aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.1/token
aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1
diff --git a/auth/sample/logs/taillog b/auth/sample/logs/taillog
index 2b3de6e..5689caa 100644
--- a/auth/sample/logs/taillog
+++ b/auth/sample/logs/taillog
@@ -1,2 +1,3 @@
+#!/bin/bash
cd /opt/app/osaaf/logs
-tail -f `find . -name *service*.log -ctime 0`
+tail -f `find ./$1 -name *service*.log -ctime 0`