Merge "Future.java - sonar fixes"
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java
index d05f38c..0120ba4 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/LastNotified.java
@@ -4,7 +4,7 @@
* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
* ===========================================================================
- * Modifications Copyright (C) 2018 IBM.
+ * Modifications Copyright (C) 2019 IBM.
* ===========================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -84,21 +84,16 @@
*
* @param user
* @param target
- * @param target_key
+ * @param targetkey
* @return
*/
- public Date lastNotified(String user, String target, String target_key) {
- String key = user + '|' + target + '|' + target_key;
+ public Date lastNotified(String user, String target, String targetkey) {
+ String key = user + '|' + target + '|' + targetkey;
return lastNotified(key);
}
public Date lastNotified(String key) {
- Date rv = lastNotified.get(key);
- if(rv==null) {
- rv = never;
- lastNotified.put(key, rv);
- }
- return rv;
+ return lastNotified.computeIfAbsent(key, k -> never);
}
private Date add(ResultSet result, Map<String, Date> lastNotified, MarkDelete md) {
@@ -124,8 +119,8 @@
}
private interface MarkDelete {
- public boolean process(String fullKey, Date last);
- };
+ boolean process(String fullKey, Date last);
+ }
private void startQuery(StringBuilder query) {
query.append(SELECT + " WHERE user in (");
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
index 5a5fada..51bf594 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
@@ -178,11 +178,6 @@
*/
public Result<Void> createNS(AuthzTrans trans, Namespace namespace, boolean fromApproval) {
Result<?> rq;
-// if (namespace.name.endsWith(Question.DOT_ADMIN)
-// || namespace.name.endsWith(Question.DOT_OWNER)) {
-// return Result.err(Status.ERR_BadData,
-// "'admin' and 'owner' are reserved names in AAF");
-// }
try {
for (String u : namespace.owner) {
@@ -264,9 +259,6 @@
// or helpful for Operations folks..
// Admins can be empty, because they can be changed by lower level
// NSs
- // if (ns.admin(false).isEmpty()) {
- // ns.admin(true).add(user);
- // }
if (namespace.admin != null) {
for (String u : namespace.admin) {
if ((r = checkValidID(trans, now, u)).notOK()) {
@@ -413,10 +405,8 @@
pdd.type = delP2;
if ((rq = q.permDAO.delete(trans, pdd, false)).notOK()) {
eb.log(rq);
- // } else {
// Need to invalidate directly, because we're
// switching places in NS, not normal cache behavior
- // q.permDAO.invalidate(trans,pdd);
}
} else {
eb.log(rq);
@@ -951,7 +941,7 @@
return Result.err(rnsd);
}
} else {
- rnsd = q.deriveNs(trans, perm.ns);
+ q.deriveNs(trans, perm.ns);
}
// Does Child exist?
@@ -1365,12 +1355,10 @@
Result<UserRoleDAO.Data> udr = q.userRoleDAO.create(trans, urData);
- switch (udr.status) {
- case OK:
+ if (udr.status == OK) {
return Result.ok();
- default:
- return Result.err(udr);
}
+ return Result.err(udr);
}
public Result<Void> addUserRole(AuthzTrans trans, String user, String ns, String rname) {
@@ -1497,7 +1485,7 @@
// User Future ID as ticket for Approvals
final UUID ticket = fr.value.id;
sb.append(", Approvals: ");
- Boolean first[] = new Boolean[]{true};
+ Boolean[] first = new Boolean[]{true};
if (op!=FUTURE_OP.A) {
for (Identity u : approvers) {
Result<ApprovalDAO.Data> r = addIdentity(trans,sb,first,user,data.memo,op,u,ticket,org.getApproverType());
@@ -1597,15 +1585,13 @@
case "denied":
aDenial=true;
break;
+ default:
+ break;
}
}
Result<OP_STATUS> ros=null;
if (aDenial) {
- // Note: Denial will be Audit-logged.
-// for (ApprovalDAO.Data ad : allApprovalsForTicket.value) {
-// q.approvalDAO.delete(trans, ad, false);
-// }
ros = OP_STATUS.RD;
if (q.futureDAO.delete(trans, curr, false).notOK()) {
trans.info().printf("Future %s could not be deleted", curr.id.toString());
@@ -1699,11 +1685,8 @@
} else if (FOP_NS.equalsIgnoreCase(curr.target)) {
Namespace namespace = new Namespace();
namespace.reconstitute(curr.construct);
- switch(fop) {
- case C:
- ros = set(OP_STATUS.RE,createNS(trans, namespace, true));
- break;
- default:
+ if (fop == FUTURE_OP.C) {
+ ros = set(OP_STATUS.RE, createNS(trans, namespace, true));
}
} else if (FOP_DELEGATE.equalsIgnoreCase(curr.target)) {
DelegateDAO.Data data = new DelegateDAO.Data();
@@ -1720,11 +1703,8 @@
} else if (FOP_CRED.equalsIgnoreCase(curr.target)) {
CredDAO.Data data = new CredDAO.Data();
data.reconstitute(curr.construct);
- switch(fop) {
- case C:
- ros = set(OP_STATUS.RE,q.credDAO.dao().create(trans, data));
- break;
- default:
+ if (fop == FUTURE_OP.C) {
+ ros = set(OP_STATUS.RE, q.credDAO.dao().create(trans, data));
}
}
} catch (Exception e) {
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java
index 81debc0..bd77bee 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java
@@ -73,8 +73,11 @@
}
try {
- RegistrationPropHolder rph = new RegistrationPropHolder(access,0);
- String aaf_url = rph.replacements(getClass().getSimpleName(),"https://"+Config.AAF_LOCATE_URL_TAG+"/%CNS."+name, null,null);
+ String aaf_url = access.getProperty(Config.AAF_URL, null);
+ if(aaf_url==null) {
+ RegistrationPropHolder rph = new RegistrationPropHolder(access,0);
+ aaf_url = rph.replacements(getClass().getSimpleName(),"https://"+Config.AAF_LOCATE_URL_TAG+"/%NS."+name, null,null);
+ }
//access.getProperty("/locate/"+name+':'+version;
access.printf(Level.INIT,"Creating DirectAAFLocator to %s",aaf_url);
uri = new URI(aaf_url);
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java
index cc9ccf9..d41f0cf 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java
@@ -38,7 +38,6 @@
public static final String ATTEMPT_FAILED_SPECIFICS_WITHELD = "Attempt Failed. Specifics witheld.";
private static final String CRED_PATH = "/authn/cred";
private static final String[] options = {"add","del","reset","extend"/*,"clean"*/};
-// private Clean clean;
public Cred(User parent) {
super(parent,"cred",
new Param(optionsToString(options),true),
@@ -46,7 +45,6 @@
new Param("password (! D|E)",false),
new Param("entry# (if multi)",false)
);
-// clean = new Clean(this);
}
@Override
@@ -62,11 +60,10 @@
cr.setPassword(args[idx++]);
}
if (args.length>idx)
- cr.setEntry(args[idx++]);
+ cr.setEntry(args[idx]);
// Set Start/End commands
setStartEnd(cr);
-// final int cleanIDX = _idx+1;
Integer ret = same(new Retryable<Integer>() {
@Override
public Integer code(Rcli<?> client) throws CadiException, APIException {
@@ -82,7 +79,6 @@
verb = "Added Credential [";
break;
case 1:
-// if (aafcli.addForce())cr.setForce("TRUE");
setQueryParamsOn(client);
fp = client.delete(CRED_PATH,
getDF(CredRequest.class),
@@ -106,8 +102,8 @@
);
verb = "Extended Credential [";
break;
-// case 4:
-// return clean.exec(cleanIDX, args);
+ default:
+ break;
}
if (fp==null) {
return null; // get by Sonar check.
diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java
index 7b0c120..80c6d82 100644
--- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java
+++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/perm/JU_Create.java
@@ -25,10 +25,6 @@
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.when;
-import org.junit.Before;
-
-import org.onap.aaf.auth.cmd.test.HMangrStub;
-
import java.io.ByteArrayOutputStream;
import java.io.PrintStream;
import java.io.Writer;
@@ -36,6 +32,7 @@
import java.net.URI;
import java.net.URISyntaxException;
+import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
@@ -44,6 +41,7 @@
import org.onap.aaf.auth.cmd.AAFcli;
import org.onap.aaf.auth.cmd.ns.Create;
import org.onap.aaf.auth.cmd.ns.NS;
+import org.onap.aaf.auth.cmd.test.HMangrStub;
import org.onap.aaf.auth.env.AuthzEnv;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.Locator;
diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java
index d8e8914..064a8a5 100644
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java
@@ -128,7 +128,7 @@
deployedVersion = access.getProperty(Config.AAF_RELEASE, "N/A:2.x");
// Certificate Manager
- cmCon = new AAFConHttp(env.access(),Config.CM_URL);
+ cmCon = new AAFConHttp(env.access(),Config.AAF_URL_CM);
artifactsDF = env.newDataFactory(Artifacts.class);
certInfoDF = env.newDataFactory(CertInfo.class);
diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsDetail.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsDetail.java
index 5d1d021..16a6c94 100644
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsDetail.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsDetail.java
@@ -65,7 +65,7 @@
private static final String BLANK = "";
private static Slot keySlot;
private static Model model;
- private static String gw_url;
+ private static String locate_url;
public NsDetail(final AAF_GUI gui, Page ... breadcrumbs) throws APIException, IOException {
@@ -75,11 +75,11 @@
);
model.set(this);
keySlot = gui.env.slot(NAME+".ns");
- gw_url = gui.env.getProperty(Config.GW_URL);
- if (gw_url==null) {
- gw_url="";
+ locate_url = gui.env.getProperty(Config.AAF_LOCATE_URL);
+ if (locate_url==null) {
+ locate_url="";
} else {
- gw_url+="/aaf/"+Config.AAF_DEFAULT_API_VERSION;
+ locate_url+="/aaf/"+Config.AAF_DEFAULT_API_VERSION;
}
}
@@ -217,7 +217,7 @@
AbsCell label = (i==0?new TextCell(sentenceCase(field)+":","style=width:20%"):AbsCell.Null);
String perm = values.get(i);
String[] fields = perm.split("\\|");
- String grantLink = gw_url
+ String grantLink = locate_url
+ PermGrantForm.HREF
+ "?type=" + fields[0].trim()
+ "&instance=" + fields[1].trim()
diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java
index a5e12f5..26bdb69 100644
--- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java
+++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java
@@ -23,6 +23,7 @@
package org.onap.aaf.auth.locate;
import java.net.URI;
+import java.net.UnknownHostException;
import java.util.Map;
import javax.servlet.Filter;
@@ -58,6 +59,7 @@
import org.onap.aaf.cadi.aaf.v2_0.AAFTrustChecker;
import org.onap.aaf.cadi.aaf.v2_0.AbsAAFLocator;
import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.config.RegistrationPropHolder;
import org.onap.aaf.cadi.register.Registrant;
import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.Data;
@@ -180,7 +182,7 @@
protected AAFConHttp _newAAFConHttp() throws CadiException {
try {
if (dal==null) {
- dal = AbsAAFLocator.create("%CNS.%AAF_NS.service",Config.AAF_DEFAULT_API_VERSION);
+ dal = AbsAAFLocator.create("%AAF_NS.service",Config.AAF_DEFAULT_API_VERSION);
}
// utilize pre-constructed DirectAAFLocator
return new AAFConHttp(env.access(),dal);
@@ -191,7 +193,14 @@
public Locator<URI> getGUILocator() throws LocatorException {
if (gui_locator==null) {
- gui_locator = AbsAAFLocator.create("AAF_NS.gui",Config.AAF_DEFAULT_API_VERSION);
+ RegistrationPropHolder rph;
+ try {
+ rph = new RegistrationPropHolder(access, 0);
+ } catch (UnknownHostException | CadiException e) {
+ throw new LocatorException(e);
+ }
+ gui_locator = AbsAAFLocator.create(rph.getPublicEntryName("gui", rph.default_container),
+ Config.AAF_DEFAULT_API_VERSION);
}
return gui_locator;
}
diff --git a/auth/docker/.gitignore b/auth/docker/.gitignore
index 30b97d7..fb1f79e 100644
--- a/auth/docker/.gitignore
+++ b/auth/docker/.gitignore
@@ -12,3 +12,4 @@
/*.jar
/*.jks
/sdnc
+/working
diff --git a/auth/helm/aaf-hello/templates/aaf-hello.yaml b/auth/helm/aaf-hello/templates/aaf-hello.yaml
index 787f32d..e19b599 100644
--- a/auth/helm/aaf-hello/templates/aaf-hello.yaml
+++ b/auth/helm/aaf-hello/templates/aaf-hello.yaml
@@ -63,38 +63,37 @@
name: aaf-hello-vol
command: ["bash","-c","cd /opt/app/osaaf/local && /opt/app/aaf_config/bin/agent.sh place aaf@aaf.osaaf.org aaf-hello "]
env:
- - name: "AAF_ENV"
+ - name: aaf_env
value: "{{ .Values.cadi.aaf_env }}"
- - name: "AAF_FQDN"
- value: "aaf-locate.{{ .Release.Namespace }}"
+ - name: cadi_latitude
+ value: "{{ .Values.cadi.cadi_latitude }}"
+ - name: cadi_longitude
+ value: "{{ .Values.cadi.cadi_longitude }}"
+ - name: aaf_locator_container
+ value: "helm"
+ - name: aaf_locator_container_ns
+ value: "{{ .Release.Namespace }}"
+ - name: aaf_locate_url
+ value: "https://aaf-locate.{{ .Release.Namespace }}:8095"
+ - name: aaf_locator_app_ns
+ value: "org.osaaf.aaf"
- name: "APP_FQDN"
value: "{{ .Values.cadi.fqdn }}"
- name: "APP_FQI"
value: "{{ .Values.cadi.fqi }}"
- - name: "LATITUDE"
- value: "{{ .Values.cadi.cadi_latitude }}"
- - name: "LONGITUDE"
- value: "{{ .Values.cadi.cadi_longitude }}"
- name: "DEPLOY_FQI"
value: "deployer@people.osaaf.org"
- name: "DEPLOY_PASSWORD"
value: "demo123456!"
- - name: "aaf_locator_container"
- value: "helm"
- - name: "aaf_locator_port"
- value: "{{ .Values.cadi.port }}"
- - name: "aaf_locator_fqdn.helm"
- value: "{{ .Values.cadi.fqdn }}.{{.Release.Namespace}}"
- - name: "aaf_locator_public_hostname"
- value: "{{ .Values.cadi.public_fqdn }}"
- - name: "aaf_locator_public_port"
- value: "{{ .Values.cadi.public_port }}"
- - name: "aaf_locator_container_ns"
- value: "{{ .Release.Namespace }}"
- - name: "aaf_locator_name"
- value: "{{.Values.cadi.app_ns}}.hello"
- - name: "aaf_locator_name.helm"
- value: "{{ .Release.Namespace}}.{{.Values.cadi.app_ns}}.hello"
+# Hello specific. Clients don't necessarily need this
+ - name: aaf_locator_public_fqdn
+ value: "{{.Values.cadi.public_fqdn}}"
+ - name: aaf_locator_name
+ value: "{{.Values.cadi.aaf_locator_name}}"
+ - name: aaf_locator_name_helm
+ value: "{{.Values.cadi.aaf_locator_name_helm}}"
+ - name: aaf_locator_fqdn_helm
+ value: "%N.%CNS"
###
### AAF-HELLO
diff --git a/auth/helm/aaf-hello/values.yaml b/auth/helm/aaf-hello/values.yaml
index a4fd23c..a695a45 100644
--- a/auth/helm/aaf-hello/values.yaml
+++ b/auth/helm/aaf-hello/values.yaml
@@ -33,11 +33,17 @@
fqdn: "aaf-hello"
port: 8130
public_fqdn: "aaf.osaaf.org"
+# DUBLIN ONLY - for M4 compatibility with Casablanca
+ aaf_locator_name: "public.%NS.%N"
+ aaf_locator_name_helm: "%NS.%N"
+# EL ALTO and Beyond
+# aaf_locator_name: "%NS.%N"
+# aaf_locator_name_helm: "%CNS.%NS.%N"
public_port: 30086
fqi: "aaf@aaf.osaaf.org"
app_ns: "org.osaaf.aaf"
- cadi_latitude: "38.0"
- cadi_longitude: "-72.0"
+ cadi_latitude: 38.0
+ cadi_longitude: -72.0
aaf_env: "DEV"
persistence: {}
diff --git a/auth/helm/aaf/templates/aaf-cm.yaml b/auth/helm/aaf/templates/aaf-cm.yaml
index b64a968..51b0043 100644
--- a/auth/helm/aaf/templates/aaf-cm.yaml
+++ b/auth/helm/aaf/templates/aaf-cm.yaml
@@ -83,6 +83,10 @@
value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}"
- name: aaf_locator_public_fqdn
value: "{{.Values.services.public_fqdn}}"
+ - name: aaf_locator_name
+ value: "{{.Values.services.aaf_locator_name}}"
+ - name: aaf_locator_name_helm
+ value: "{{.Values.services.aaf_locator_name_helm}}"
- name: CASSANDRA_CLUSTER
value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}"
# - name: CASSANDRA_USER
diff --git a/auth/helm/aaf/templates/aaf-fs.yaml b/auth/helm/aaf/templates/aaf-fs.yaml
index 5adc1d6..f0c6e8e 100644
--- a/auth/helm/aaf/templates/aaf-fs.yaml
+++ b/auth/helm/aaf/templates/aaf-fs.yaml
@@ -117,4 +117,8 @@
value: "https://aaf-locate.onap:8095"
- name: aaf_locator_public_fqdn
value: "{{.Values.services.public_fqdn}}"
+ - name: aaf_locator_name
+ value: "{{.Values.services.aaf_locator_name}}"
+ - name: aaf_locator_name_helm
+ value: "{{.Values.services.aaf_locator_name_helm}}"
diff --git a/auth/helm/aaf/templates/aaf-gui.yaml b/auth/helm/aaf/templates/aaf-gui.yaml
index 758b6b2..a977a9b 100644
--- a/auth/helm/aaf/templates/aaf-gui.yaml
+++ b/auth/helm/aaf/templates/aaf-gui.yaml
@@ -84,6 +84,10 @@
value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}"
- name: aaf_locator_public_fqdn
value: "{{.Values.services.public_fqdn}}"
+ - name: aaf_locator_name
+ value: "{{.Values.services.aaf_locator_name}}"
+ - name: aaf_locator_name_helm
+ value: "{{.Values.services.aaf_locator_name_helm}}"
- name: CASSANDRA_CLUSTER
value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}"
# - name: CASSANDRA_USER
diff --git a/auth/helm/aaf/templates/aaf-locate.yaml b/auth/helm/aaf/templates/aaf-locate.yaml
index a6a2e25..1f9bdc4 100644
--- a/auth/helm/aaf/templates/aaf-locate.yaml
+++ b/auth/helm/aaf/templates/aaf-locate.yaml
@@ -83,6 +83,10 @@
value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}"
- name: aaf_locator_public_fqdn
value: "{{.Values.services.public_fqdn}}"
+ - name: aaf_locator_name
+ value: "{{.Values.services.aaf_locator_name}}"
+ - name: aaf_locator_name_helm
+ value: "{{.Values.services.aaf_locator_name_helm}}"
- name: CASSANDRA_CLUSTER
value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}"
# - name: CASSANDRA_USER
diff --git a/auth/helm/aaf/templates/aaf-oauth.yaml b/auth/helm/aaf/templates/aaf-oauth.yaml
index 2e2acb4..ff9a18d 100644
--- a/auth/helm/aaf/templates/aaf-oauth.yaml
+++ b/auth/helm/aaf/templates/aaf-oauth.yaml
@@ -83,6 +83,10 @@
value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}"
- name: aaf_locator_public_fqdn
value: "{{.Values.services.public_fqdn}}"
+ - name: aaf_locator_name
+ value: "{{.Values.services.aaf_locator_name}}"
+ - name: aaf_locator_name_helm
+ value: "{{.Values.services.aaf_locator_name_helm}}"
- name: CASSANDRA_CLUSTER
value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}"
# - name: CASSANDRA_USER
diff --git a/auth/helm/aaf/templates/aaf-service.yaml b/auth/helm/aaf/templates/aaf-service.yaml
index a0935a6..be6e1c8 100644
--- a/auth/helm/aaf/templates/aaf-service.yaml
+++ b/auth/helm/aaf/templates/aaf-service.yaml
@@ -66,22 +66,24 @@
- mountPath: "/opt/app/osaaf"
name: aaf-config-vol
env:
- - name: AAF_ENV
+ - name: aaf_env
value: "{{ .Values.services.aaf_env }}"
- - name: LATITUDE
+ - name: cadi_latitude
value: "{{ .Values.services.cadi_latitude }}"
- - name: LONGITUDE
+ - name: cadi_longitude
value: "{{ .Values.services.cadi_longitude }}"
- name: aaf_locator_container
value: "helm"
- name: aaf_locator_container_ns
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
+ value: "{{ .Release.Namespace }}"
- name: aaf_locate_url
value: "https://{{.Values.services.locate.fqdn}}.{{.Values.services.ns}}:{{.Values.services.locate.internal_port}}"
- name: aaf_locator_public_fqdn
value: "{{.Values.services.public_fqdn}}"
+ - name: aaf_locator_name
+ value: "{{.Values.services.aaf_locator_name}}"
+ - name: aaf_locator_name_helm
+ value: "{{.Values.services.aaf_locator_name_helm}}"
- name: CASSANDRA_CLUSTER
value: "{{.Values.services.cass.fqdn}}.{{.Values.services.ns}}"
# - name: CASSANDRA_USER
diff --git a/auth/helm/aaf/values.yaml b/auth/helm/aaf/values.yaml
index 226f030..c38bbdb 100644
--- a/auth/helm/aaf/values.yaml
+++ b/auth/helm/aaf/values.yaml
@@ -30,6 +30,12 @@
ns: "onap"
aaf_env: "DEV"
public_fqdn: "aaf.osaaf.org"
+# DUBLIN ONLY - for M4 compatibility with Casablanca
+ aaf_locator_name: "public.%NS.%N"
+ aaf_locator_name_helm: "%NS.%N"
+# EL ALTO and Beyond
+# aaf_locator_name: "%NS.%N"
+# aaf_locator_name_helm: "%CNS.%NS.%N"
cadi_latitude: "38.0"
cadi_longitude: "-72.0"
cass:
diff --git a/auth/sample/bin/client.sh b/auth/sample/bin/client.sh
index dde1072..0dff803 100755
--- a/auth/sample/bin/client.sh
+++ b/auth/sample/bin/client.sh
@@ -76,41 +76,45 @@
$JAVA_CADI digest ${1} $DOT_AAF/keyfile
}
+if [ ! -e "$DOT_AAF/truststoreONAPall.jks" ]; then
+ mkdir -p $DOT_AAF
+ base64 -d $CONFIG/cert/truststoreONAPall.jks.b64 > $DOT_AAF/truststoreONAPall.jks
+fi
# Create Deployer Info, located at /root/.aaf
if [ ! -e "$DOT_AAF/keyfile" ]; then
- mkdir -p $DOT_AAF
$JAVA_CADI keygen $DOT_AAF/keyfile
chmod 400 $DOT_AAF/keyfile
- echo cadi_latitude=${LATITUDE} > ${SSO}
- echo cadi_longitude=${LONGITUDE} >> ${SSO}
- echo aaf_id=${DEPLOY_FQI} >> ${SSO}
+
+ # Add Deployer Creds to Root's SSO
+ DEPLOY_FQI="${DEPLOY_FQI:=$app_id}"
+ echo "aaf_id=${DEPLOY_FQI}" > ${SSO}
if [ ! "${DEPLOY_PASSWORD}" = "" ]; then
echo aaf_password=enc:$(sso_encrypt ${DEPLOY_PASSWORD}) >> ${SSO}
fi
- if [ ! -z "${aaf_locator_container}" ]; then
- echo "aaf_locator_container=${aaf_locator_container}" >> ${SSO}
- fi
- if [ -z "${aaf_locator_container_ns}" ]; then
- if [ !-z "${CONTAINER_NS}" ]; then
- echo "aaf_locator_container_ns=${CONTAINER_NS}" >> ${SSO}
- fi
- else
- echo "aaf_locator_container_ns=${aaf_locator_container_ns}" >> ${SSO}
- fi
- if [ ! -z "${AAF_ENV}" ]; then
- echo "aaf_env=${AAF_ENV}" >> ${SSO}
- fi
- echo aaf_locate_url=https://${AAF_FQDN}:8095 >> ${SSO}
- echo aaf_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:${AAF_INTERFACE_VERSION} >> ${SSO}
+ # Cover case where using app.props
+ aaf_locater_container_ns=${aaf_locator_container_ns:=$CONTAINER_NS}
- base64 -d $CONFIG/cert/truststoreONAPall.jks.b64 > $DOT_AAF/truststoreONAPall.jks
+ for E in $(env); do
+ if [ "${E:0:4}" = "aaf_" ] || [ "${E:0:5}" = "cadi_" ]; then
+ # Use Deployer ID in ${SSO}
+ if [ "app_id" != "${E%=*}" ]; then
+ S="${E/_helm/.helm}"
+ S="${S/_oom/.oom}"
+ echo "$S" >> ${SSO}
+ fi
+ fi
+ done
+
echo "cadi_truststore=$DOT_AAF/truststoreONAPall.jks" >> ${SSO}
echo cadi_truststore_password=enc:$(sso_encrypt changeit) >> ${SSO}
echo "Caller Properties Initialized"
INITIALIZED="true"
fi
+echo "cat SSO"
+cat ${SSO}
+echo "dog"
# Only initialize once, automatically...
if [ ! -e $LOCAL/${NS}.props ]; then
@@ -133,28 +137,22 @@
echo "java -cp $(ls aaf-auth-cmd-*-full.jar) org.onap.aaf.cadi.aaf.TestConnectivity $NS.props" >> testConnectivity
chmod ug+x agent cadi testConnectivity
fi
+
echo "#### Create Configuration files "
$JAVA_AGENT config $APP_FQI \
- aaf_url=https://AAF_LOCATE_URL/AAF_NS.locate:${AAF_INTERFACE_VERSION} \
- cadi_etc_dir=$LOCAL
-# Grab all properties passed in that start with "aaf_" or "cadi_"
- for E in $(env); do
- if [[ $E == aaf_* ]] || [[ $E == cadi_* ]]; then
- if [ -z "$(grep $E $LOCAL/$NS.props)" ]; then
- echo "${E}" >> $LOCAL/$NS.props
- fi
- fi
- done
+ cadi_etc_dir=$LOCAL \
+ cadi_prop_files=$SSO
+ #aaf_url=https://AAF_LOCATE_URL/AAF_NS.locate:${AAF_INTERFACE_VERSION}
cat $LOCAL/$NS.props
echo
echo "#### Certificate Authorization Artifact"
- TMP=$(mktemp)
+ # TMP=$(mktemp)
+ TMP=$LOCAL/agent.log
$JAVA_AGENT read ${APP_FQI} ${APP_FQDN} \
cadi_prop_files=${SSO} \
- cadi_etc_dir=$LOCAL > $TMP
- cat $TMP
- echo
+ cadi_etc_dir=$LOCAL | tee $TMP
+
if [ -n "$(grep 'Namespace:' $TMP)" ]; then
echo "#### Place Certificates (by deployer)"
$JAVA_AGENT place ${APP_FQI} ${APP_FQDN} \
diff --git a/auth/sample/bin/service.sh b/auth/sample/bin/service.sh
index 2b964b1..54a1cc5 100644
--- a/auth/sample/bin/service.sh
+++ b/auth/sample/bin/service.sh
@@ -135,7 +135,9 @@
echo aaf_locate_url=${AAF_LOCATE_URL} >> ${TMP}
for P in `env`; do
if [[ "$P" == aaf_locator* ]]; then
- echo "$P" >> ${TMP}
+ S="${P/_helm/.helm}"
+ S="${S/_oom/.oom}"
+ echo "$S" >> ${TMP}
fi
done
diff --git a/auth/sample/local/initialConfig.props b/auth/sample/local/initialConfig.props
index 6ea1d53..8b01d95 100644
--- a/auth/sample/local/initialConfig.props
+++ b/auth/sample/local/initialConfig.props
@@ -17,8 +17,6 @@
# limitations under the License.
# ============LICENSE_END====================================================
#
-cadi_protocols=TLSv1.1,TLSv1.2
-
################################
# Locator info
#
@@ -31,20 +29,21 @@
aaf_locator_app_ns=%AAF_NS
aaf_locator_name=%NS.%N
aaf_locator_name.docker=%CNS.%NS.%N
-aaf_locator_name.helm=%CNS.%NS.%N
-aaf_locator_name.oom=%CNS%.%NS.%N
+aaf_root_ns=org.osaaf.aaf
+
+# Dublin
+aaf_locator_name.oom=%NS.%N
+aaf_locator_name.helm=%NS.%N
+aaf_locator_public_name.oom=public.%NS.%N
+aaf_locator_public_name.helm=public.%NS.%N
+
+# EL Alto and beyond
+# aaf_locator_name.oom=%CNS.%NS.%N
+# aaf_locator_name.helm=%CNS.%NS.%N
+
aaf_locator_fqdn.docker=aaf-%N
aaf_locator_fqdn.helm=aaf-%N.%CNS
aaf_locator_fqdn.oom=aaf-%N.%CNS
-################################
-# AAF URLs
-################################
-aaf_locate_url=https://localhost:8095
-aaf_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:2.1
-aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.oauth:2.1/introspect
-aaf_oauth2_token_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.oauth:2.1/token
-cm_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1
-gui_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui.2.1
-fs_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs.2.1
-
+# initial trusted CAs
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java
index d380474..e5a0a28 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java
@@ -27,10 +27,10 @@
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.URI;
-import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
+import java.util.Map;
import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
@@ -43,6 +43,7 @@
import org.onap.aaf.cadi.client.Future;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.config.SecurityInfoC;
+import org.onap.aaf.cadi.configure.Agent;
import org.onap.aaf.cadi.http.HBasicAuthSS;
import org.onap.aaf.cadi.http.HClient;
import org.onap.aaf.cadi.http.HX509SS;
@@ -53,7 +54,10 @@
public class TestConnectivity {
- public static void main(String[] args) {
+ private static Map<String, String> aaf_urls;
+
+
+ public static void main(String[] args) {
if (args.length<1) {
System.out.println("Usage: ConnectivityTester <cadi_prop_files> [<AAF FQDN (i.e. aaf.dev.att.com)>]");
} else {
@@ -65,24 +69,14 @@
}
PropAccess access = new PropAccess(args);
- String aaflocate;
- if (args.length>1) {
- aaflocate = "https://" + args[1];
- access.setProperty(Config.AAF_LOCATE_URL, "https://" + args[1]);
- } else {
- aaflocate = access.getProperty(Config.AAF_LOCATE_URL);
- if (aaflocate==null) {
- print(true,"Properties must contain ",Config.AAF_LOCATE_URL);
- }
- }
-
try {
SecurityInfoC<HttpURLConnection> si = SecurityInfoC.instance(access, HttpURLConnection.class);
+ aaf_urls = Agent.loadURLs(access);
List<SecuritySetter<HttpURLConnection>> lss = loadSetters(access,si);
/////////
- String directAAFURL = access.getProperty(Config.AAF_URL,null);
- if(directAAFURL!=null && !directAAFURL.contains("AAF_LOCATE")) {
+ String directAAFURL = aaf_urls.get(Config.AAF_URL);
+ if(directAAFURL!=null && !directAAFURL.contains("/locate/")) {
print(true,"Test Connections by non-located aaf_url");
Locator<URI> locator = new SingleEndpointLocator(directAAFURL);
connectTest(locator,new URI(directAAFURL));
@@ -92,17 +86,18 @@
} else {
/////////
print(true,"Test Connections driven by AAFLocator");
- URI serviceURI = uri(access,"service");
+ String serviceURI = aaf_urls.get(Config.AAF_URL);
- for (URI uri : new URI[] {
+ for (String url : new String[] {
serviceURI,
- uri(access,"token"),
- uri(access,"introspect"),
- uri(access,"cm"),
- uri(access,"gui"),
- uri(access,"fs"),
- uri(access,"hello")
+ aaf_urls.get(Config.AAF_OAUTH2_TOKEN_URL),
+ aaf_urls.get(Config.AAF_OAUTH2_INTROSPECT_URL),
+ aaf_urls.get(Config.AAF_URL_CM),
+ aaf_urls.get(Config.AAF_URL_GUI),
+ aaf_urls.get(Config.AAF_URL_FS),
+ aaf_urls.get(Config.AAF_URL_HELLO)
}) {
+ URI uri = new URI(url);
Locator<URI> locator = new AAFLocator(si, uri);
try {
connectTest(locator, uri);
@@ -114,7 +109,7 @@
/////////
print(true,"Test Service for Perms driven by AAFLocator");
- Locator<URI> locator = new AAFLocator(si,serviceURI);
+ Locator<URI> locator = new AAFLocator(si,new URI(serviceURI));
for (SecuritySetter<HttpURLConnection> ss : lss) {
permTest(locator,ss);
}
@@ -125,7 +120,7 @@
for (SecuritySetter<HttpURLConnection> ss : lss) {
if (ss instanceof HBasicAuthSS) {
hasBath=true;
- basicAuthTest(new AAFLocator(si, serviceURI),ss);
+ basicAuthTest(new AAFLocator(si, new URI(serviceURI)),ss);
}
}
if(!hasBath) {
@@ -141,25 +136,6 @@
}
}
- private static URI uri(PropAccess access, String ms) throws URISyntaxException {
- String aaf_root_ns = access.getProperty(Config.AAF_ROOT_NS,Config.AAF_ROOT_NS_DEF);
- String aaf_api_version = access.getProperty(Config.AAF_API_VERSION,Config.AAF_DEFAULT_API_VERSION);
- String aaf_locate_url = access.getProperty(Config.AAF_LOCATE_URL,Defaults.AAF_LOCATE_CONST);
- String aaf_container = access.getProperty(Config.AAF_LOCATOR_CONTAINER,null);
- if(aaf_container!=null) {
- String ns = access.getProperty(Config.AAF_LOCATOR_CONTAINER_NS+'.'+aaf_container,null);
- if(ns==null) {
- ns = access.getProperty(Config.AAF_LOCATOR_CONTAINER_NS,null);
- }
- if(ns!=null) {
- aaf_root_ns=ns + '.' + aaf_root_ns;
- }
- }
- if("cm".equals(ms) && "2.0".equals(aaf_api_version)) {
- ms = "certman";
- }
- return new URI(aaf_locate_url + "/locate/" + aaf_root_ns + '.' + ms + ':' + aaf_api_version);
- }
private static List<SecuritySetter<HttpURLConnection>> loadSetters(PropAccess access, SecurityInfoC<HttpURLConnection> si) {
print(true,"Load Security Setters from Configuration Information");
@@ -192,12 +168,7 @@
access.log(Level.INFO, "X509 (Client certificate) Security Setter constructor threw exception: \"",e.getMessage(),"\". X509 tests will not be performed");
}
- String tokenURL = access.getProperty(Config.AAF_OAUTH2_TOKEN_URL);
- String locateURL=access.getProperty(Config.AAF_LOCATE_URL);
- if (tokenURL==null || (tokenURL.contains("/locate/") && locateURL!=null)) {
- tokenURL=Config.OAUTH2_TOKEN_URL_DEF;
- }
-
+ String tokenURL = aaf_urls.get(Config.AAF_OAUTH2_TOKEN_URL);
try {
HRenewingTokenSS hrtss = new HRenewingTokenSS(access, tokenURL);
@@ -256,6 +227,7 @@
if ((uri = dl.get(li)) == null) {
System.out.println("Locator Item empty");
} else {
+ System.out.printf("Located %s using %s\n",uri.toString(), locatorURI.toString());
socket = new Socket();
try {
FixURIinfo fui = new FixURIinfo(uri);
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLocator.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLocator.java
index 16fdb79..eda4a5a 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLocator.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLocator.java
@@ -130,4 +130,5 @@
protected HClient createClient(SecuritySetter<HttpURLConnection> ss, URI uri, int connectTimeout) throws LocatorException {
return new HClient(ss, uri, connectTimeout);
}
+
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java
index 5214ddb..2405962 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLocator.java
@@ -60,7 +60,7 @@
protected String myhostname;
protected int myport;
protected final String aaf_locator_host;
- protected final URI aaf_locator_uri;
+ protected URI aaf_locator_uri;
private long earliest;
private final long refreshWait;
@@ -462,5 +462,10 @@
return rv;
}
+ protected void clear() {
+ epList.clear();
+ earliest=0L;
+ }
+
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
index e04015c..caf15d3 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
@@ -50,6 +50,7 @@
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.Symm;
+import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.aaf.client.ErrMessage;
import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
@@ -57,6 +58,7 @@
import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.cadi.client.Retryable;
import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.config.RegistrationPropHolder;
import org.onap.aaf.cadi.config.SecurityInfoC;
import org.onap.aaf.cadi.http.HBasicAuthSS;
import org.onap.aaf.cadi.locator.SingleEndpointLocator;
@@ -113,6 +115,11 @@
Config.CADI_TRUSTSTORE,Config.CADI_TRUSTSTORE_PASSWORD,
Config.CADI_ALIAS, Config.CADI_X509_ISSUERS
});
+ private static List<String> LOC_TAGS = Arrays.asList(new String[] {
+ Config.CADI_LATITUDE, Config.CADI_LONGITUDE
+ });
+ // Note: This is set by loadURLs. Use that function as singleton, not directly.
+ private static Map<String,String> aaf_urls = null;
public static void main(String[] args) {
@@ -227,11 +234,8 @@
aafsso.setLogDefault();
aafsso.setStdErrDefault();
- // if CM_URL can be obtained, add to sso.props, if written
- String cm_url = getProperty(access,env,false, Config.CM_URL,Config.CM_URL_DEF);
- if (cm_url!=null) {
- aafsso.addProp(Config.CM_URL, cm_url);
- }
+ Map<String, String> aaf_urls = loadURLs(access);
+ aafsso.addProp(Config.AAF_URL_CM, aaf_urls.get(Config.AAF_URL_CM));
aafsso.writeFiles();
}
@@ -300,9 +304,53 @@
}
}
- private static synchronized AAFCon<?> aafcon(Access access) throws APIException, CadiException, LocatorException {
+ public synchronized static Map<String,String> loadURLs(Access access) throws UnknownHostException, CadiException {
+ if(aaf_urls==null) {
+ Map<String,String> rv = new HashMap<>();
+ RegistrationPropHolder rph = new RegistrationPropHolder(access, 0);
+ String dot_le = access.getProperty(Config.AAF_LOCATOR_CONTAINER,null);
+ dot_le=dot_le==null?"":'.'+dot_le;
+ String version = access.getProperty(Config.AAF_API_VERSION,Config.AAF_DEFAULT_API_VERSION);
+ for(String u : new String[] {"aaf","locate","oauth","cm","gui","fs","hello","token","introspect"}) {
+ String proto = "fs".equals(u)?"http://":"https://";
+ String lhost;
+ if("locate".equals(u)) {
+ lhost=rph.default_fqdn;
+ } else {
+ lhost=Config.AAF_LOCATE_URL_TAG;
+ }
+ String value = rph.replacements("Agent:loadURLs",
+ proto + lhost + "/AAF_NS." + ("aaf".equals(u)?"service":u) + ':' + version,
+ null,dot_le);
+ switch(u) {
+ case "aaf": rv.put(Config.AAF_URL, value); break;
+ case "locate": rv.put(Config.AAF_LOCATE_URL, value); break;
+ case "token": rv.put(Config.AAF_OAUTH2_TOKEN_URL, value); break;
+ case "introspect": rv.put(Config.AAF_OAUTH2_INTROSPECT_URL, value); break;
+ case "cm": rv.put(Config.AAF_URL_CM, value); break;
+ case "gui": rv.put(Config.AAF_URL_GUI, value); break;
+ case "fs": rv.put(Config.AAF_URL_FS, value); break;
+ case "hello": rv.put(Config.AAF_URL_HELLO, value); break;
+ default:
+ rv.put("aaf_url_" + u, value);
+ }
+ };
+ aaf_urls = rv;
+ }
+ return aaf_urls;
+ }
+
+ public static void fillMissing(PropAccess access, Map<String, String> map) {
+ for(Entry<String, String> es : map.entrySet()) {
+ if(access.getProperty(es.getKey())==null) {
+ access.setProperty(es.getKey(),es.getValue());
+ }
+ }
+ }
+
+ private static synchronized AAFCon<?> aafcon(Access access) throws APIException, CadiException, LocatorException {
if (aafcon==null) {
- aafcon = new AAFConHttp(access,Config.CM_URL);
+ aafcon = new AAFConHttp(access,Config.AAF_URL_CM);
}
return aafcon;
}
@@ -743,7 +791,6 @@
Artifact arti = new Artifact();
arti.setDir(propAccess.getProperty(Config.CADI_ETCDIR, "."));
arti.setNs(FQI.reverseDomain(fqi));
-
PropHolder loc = PropHolder.get(arti, "location.props");
PropHolder cred = PropHolder.get(arti,"cred.props");
PropHolder app= PropHolder.get(arti,"props");
@@ -771,51 +818,62 @@
}
}
+ // load all properties that are already setup.
+ Map<String, String> aaf_urls = loadURLs(propAccess);
+ for(Entry<String, String> es : aaf_urls.entrySet()) {
+ app.add(es.getKey(), es.getValue());
+ }
+
app.add(Config.AAF_LOCATE_URL, propAccess, null);
for(Entry<Object, Object> aaf_loc_prop : propAccess.getProperties().entrySet()) {
String key = aaf_loc_prop.getKey().toString();
- if(key.startsWith("aaf_locator")) {
+ if("aaf_env".equals(key) || key.startsWith("aaf_locator")) {
app.add(key, aaf_loc_prop.getValue().toString());
}
}
app.add(Config.AAF_APPID, fqi);
- app.add(Config.AAF_URL, propAccess, Config.AAF_URL_DEF);
String cts = propAccess.getProperty(Config.CADI_TRUSTSTORE);
+ System.out.println("Passed in Truststore is " + cts);
if (cts!=null) {
File origTruststore = new File(cts);
- if (!origTruststore.exists()) {
- // Try same directory as cadi_prop_files
- String cpf = propAccess.getProperty(Config.CADI_PROP_FILES);
- if (cpf!=null) {
- for (String f : Split.split(File.pathSeparatorChar, cpf)) {
- File fcpf = new File(f);
- if (fcpf.exists()) {
- int lastSep = cts.lastIndexOf(File.pathSeparator);
- origTruststore = new File(fcpf.getParentFile(),lastSep>=0?cts.substring(lastSep):cts);
- if (origTruststore.exists()) {
- break;
- }
- }
- }
- if (!origTruststore.exists()) {
- throw new CadiException(cts + " does not exist");
- }
- }
-
- }
File newTruststore = new File(app.getDir(),origTruststore.getName());
- if (!newTruststore.exists()) {
- Files.copy(origTruststore.toPath(), newTruststore.toPath());
+ if(!newTruststore.exists()) {
+ if (!origTruststore.exists()) {
+ // Try same directory as cadi_prop_files
+ String cpf = propAccess.getProperty(Config.CADI_PROP_FILES);
+ if (cpf!=null) {
+ for (String f : Split.split(File.pathSeparatorChar, cpf)) {
+ File fcpf = new File(f);
+ if (fcpf.exists()) {
+ int lastSep = cts.lastIndexOf(File.pathSeparator);
+ origTruststore = new File(fcpf.getParentFile(),lastSep>=0?cts.substring(lastSep):cts);
+ if (origTruststore.exists()) {
+ break;
+ }
+ }
+ }
+ if (!origTruststore.exists()) {
+ throw new CadiException(cts + " does not exist");
+ }
+ }
+
+ }
+ if (!newTruststore.exists() && origTruststore.exists()) {
+ Files.copy(origTruststore.toPath(), newTruststore.toPath());
+ }
}
-
- cred.add(Config.CADI_TRUSTSTORE, propAccess, newTruststore.getCanonicalPath());
- cred.addEnc(Config.CADI_TRUSTSTORE_PASSWORD, propAccess, "changeit" /* Java default */);
+
+ System.out.println("New Truststore is " + newTruststore);
+ cred.add(Config.CADI_TRUSTSTORE, newTruststore.getCanonicalPath());
+ cred.add(Config.CADI_TRUSTSTORE_PASSWORD, "changeit" /* Java default */);
String cpf = propAccess.getProperty(Config.CADI_PROP_FILES);
if (cpf!=null){
- for (String f : Split.split(File.pathSeparatorChar, cpf)) {
+ String[] propFiles = Split.splitTrim(File.pathSeparatorChar, cpf);
+ for (int pfi = propFiles.length-1;pfi>=0;--pfi) {
+ String f = propFiles[pfi];
System.out.format("Reading %s\n",f);
FileInputStream fis = new FileInputStream(f);
try {
@@ -824,6 +882,9 @@
for (Entry<Object, Object> prop : props.entrySet()) {
boolean lower = true;
String key = prop.getKey().toString();
+ if(LOC_TAGS.contains(key)) {
+ break;
+ }
for(int i=0;lower && i<key.length();++i) {
if(Character.isUpperCase(key.charAt(i))) {
lower = false;
@@ -876,8 +937,6 @@
}
- private static List<String> LOC_TAGS = Arrays.asList(new String[] {Config.CADI_LATITUDE, Config.CADI_LONGITUDE});
-
private static void validate(final PropAccess pa) throws LocatorException, CadiException, APIException {
System.out.println("Validating Configuration...");
final AAFCon<?> aafcon = new AAFConHttp(pa,Config.AAF_URL,new SecurityInfoC<HttpURLConnection>(pa));
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java
index c507a82..772040c 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/TokenClientFactory.java
@@ -38,11 +38,11 @@
import org.onap.aaf.cadi.Locator;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.Symm;
-import org.onap.aaf.cadi.aaf.Defaults;
import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
import org.onap.aaf.cadi.aaf.v2_0.AAFLocator;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.config.SecurityInfoC;
+import org.onap.aaf.cadi.configure.Agent;
import org.onap.aaf.cadi.locator.PropertyLocator;
import org.onap.aaf.cadi.locator.SingleEndpointLocator;
import org.onap.aaf.cadi.oauth.TokenClient.AUTHN_METHOD;
@@ -62,12 +62,12 @@
private TokenClientFactory(Access pa) throws APIException, GeneralSecurityException, IOException, CadiException {
super(pa, new RosettaEnv(pa.getProperties()),Token.class,"outgoing");
-
+ Map<String, String> aaf_urls = Agent.loadURLs(pa);
if (access.getProperty(Config.AAF_OAUTH2_TOKEN_URL,null)==null) {
- access.getProperties().put(Config.AAF_OAUTH2_TOKEN_URL, Config.OAUTH2_TOKEN_URL_DEF); // Default to AAF
+ access.getProperties().put(Config.AAF_OAUTH2_TOKEN_URL, aaf_urls.get(Config.AAF_OAUTH2_TOKEN_URL)); // Default to AAF
}
if (access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL,null)==null) {
- access.getProperties().put(Config.AAF_OAUTH2_INTROSPECT_URL, Config.OAUTH2_INTROSPECT_URL_DEF); // Default to AAF);
+ access.getProperties().put(Config.AAF_OAUTH2_INTROSPECT_URL, aaf_urls.get(Config.AAF_OAUTH2_INTROSPECT_URL)); // Default to AAF);
}
symm = Symm.encrypt.obtain();
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
index 75cddff..c9b8b4e 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
@@ -246,7 +246,7 @@
Symm decryptor = ArtifactDir.getSymm(dot_aaf_kf);
if (user == null) {
if (sso.exists()) {
- String cm_url = access.getProperty(Config.CM_URL); // SSO might overwrite...
+ String cm_url = access.getProperty(Config.AAF_URL_CM); // SSO might overwrite...
FileInputStream fos = new FileInputStream(sso);
try {
access.load(fos);
@@ -256,7 +256,7 @@
access.setProperty(Config.AAF_APPPASS,
access.encrypt(decryptor.depass(encrypted_pass)));
if (cm_url != null) { //Command line CM_URL Overwrites ssofile.
- access.setProperty(Config.CM_URL, cm_url);
+ access.setProperty(Config.AAF_URL_CM, cm_url);
}
} finally {
fos.close();
@@ -325,8 +325,8 @@
access.setProperty(Config.AAF_URL, locateRoot+".service:"+apiVersion);
}
- if(access.getProperty(Config.CM_URL)==null) {
- access.setProperty(Config.CM_URL, locateRoot+".cm:"+apiVersion);
+ if(access.getProperty(Config.AAF_URL_CM)==null) {
+ access.setProperty(Config.AAF_URL_CM, locateRoot+".cm:"+apiVersion);
}
String cadiLatitude = access.getProperty(Config.CADI_LATITUDE);
if (cadiLatitude==null) {
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_OAuthTest.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_OAuthTest.java
index 03c99d2..6759d31 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_OAuthTest.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_OAuthTest.java
@@ -67,6 +67,8 @@
System.setOut(new PrintStream(outStream));
access = new PropAccess();
+ access.setProperty(Config.CADI_LATITUDE, "38");
+ access.setProperty(Config.CADI_LONGITUDE, "-72");
try {
tcf = TokenClientFactory.instance(access);
} catch (Exception e) {
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/register/test/JU_RegistrationCreator.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/register/test/JU_RegistrationCreator.java
index 6f3884b..af344d2 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/register/test/JU_RegistrationCreator.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/register/test/JU_RegistrationCreator.java
@@ -45,6 +45,7 @@
PropAccess pa = new PropAccess();
pa.setProperty(Config.CADI_LATITUDE, "32.7");
pa.setProperty(Config.CADI_LONGITUDE, "-72.0");
+ pa.setProperty(Config.AAF_LOCATOR_NAME, "");
try {
String hostname = Inet4Address.getLocalHost().getHostName();
diff --git a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java
index 056651e..9255128 100644
--- a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java
+++ b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java
@@ -168,6 +168,10 @@
public URI getURI() {
return uri;
}
+
+ public void setURI(URI uri) {
+ this.uri = uri;
+ }
public int timeout() {
return connectTimeout;
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
index 07a791e..ff1f395 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
@@ -152,15 +152,7 @@
public static final String AAF_LOCATE_URL_TAG = "AAF_LOCATE_URL"; // Name of Above for use in Config Variables.
public static final String AAF_DEFAULT_API_VERSION = "2.1";
public static final String AAF_API_VERSION = "aaf_api_version";
- public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration
- public static final String AAF_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:" + AAF_DEFAULT_API_VERSION;
- public static final String GUI_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui:" + AAF_DEFAULT_API_VERSION;
- public static final String CM_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:" + AAF_DEFAULT_API_VERSION;
- public static final String FS_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs:" + AAF_DEFAULT_API_VERSION;
- public static final String HELLO_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.hello:" + AAF_DEFAULT_API_VERSION;
- public static final String OAUTH2_TOKEN_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.token:" + AAF_DEFAULT_API_VERSION +"/token";
- public static final String OAUTH2_INTROSPECT_URL_DEF = "https://AAF_LOCATE_URL/%CNS.%AAF_NS.introspect:" + AAF_DEFAULT_API_VERSION +"/introspect";;
-
+ public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration
public static final String AAF_LOCATOR_CLASS = "aaf_locator_class";
// AAF Locator Entries are ADDITIONAL entries, which also gives the Property ability
// to set these entries manually
@@ -181,6 +173,7 @@
public static final String AAF_LOCATOR_NAME = "aaf_locator_name";
public static final String AAF_LOCATOR_PUBLIC_PORT = "aaf_locator_public_port";
public static final String AAF_LOCATOR_PUBLIC_FQDN = "aaf_locator_public_fqdn";
+ public static final String AAF_LOCATOR_PUBLIC_NAME = "aaf_locator_public_name";
public static final String AAF_APPID = "aaf_id";
public static final String AAF_APPPASS = "aaf_password";
@@ -217,8 +210,10 @@
public static final String AAF_DATA_DIR = "aaf_data_dir"; // AAF processes and Components only.
public static final String AAF_RELEASE = "aaf_release";
- public static final String GW_URL = "gw_url";
- public static final String CM_URL = "cm_url";
+ public static final String AAF_URL_GUI="aaf_url_gui";
+ public static final String AAF_URL_FS="aaf_url_fs";
+ public static final String AAF_URL_CM = "aaf_url_cm";
+ public static final String AAF_URL_HELLO = "aaf_url_hello";
public static final String CM_TRUSTED_CAS = "cm_trusted_cas";
public static final String PATHFILTER_URLPATTERN = "pathfilter_urlpattern";
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/RegistrationPropHolder.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/RegistrationPropHolder.java
index 997803b..50f17e8 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/RegistrationPropHolder.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/RegistrationPropHolder.java
@@ -24,8 +24,8 @@
import java.net.UnknownHostException;
import org.onap.aaf.cadi.Access;
-import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.Access.Level;
+import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.util.Split;
public class RegistrationPropHolder {
@@ -89,8 +89,17 @@
if(firstlog) {
access.printf(Level.INIT, REGI,"public_fqdn",public_fqdn);
}
-
- default_name = access.getProperty(Config.AAF_LOCATOR_NAME, PUBLIC_NAME);
+
+ // Allow Container to reset the standard name for public
+ String container_public_name = access.getProperty(Config.AAF_LOCATOR_PUBLIC_NAME+'.'+default_container, null);
+ if(container_public_name==null) {
+ container_public_name = access.getProperty(Config.AAF_LOCATOR_PUBLIC_NAME, null);
+ if(container_public_name==null) {
+ container_public_name = access.getProperty(Config.AAF_LOCATOR_NAME, PUBLIC_NAME);
+ }
+ }
+ default_name = container_public_name;
+
if(firstlog) {
access.printf(Level.INIT, REGI,"default_name",default_name);
}
@@ -171,12 +180,23 @@
return replacements("RegistrationPropHolder.getEntryName",str,entry,dot_le);
}
+ public String getPublicEntryName(final String entry, final String dot_le) {
+ String str = access.getProperty(Config.AAF_LOCATOR_PUBLIC_NAME+dot_le, null);
+ if(str==null) {
+ str = access.getProperty(Config.AAF_LOCATOR_PUBLIC_NAME,null);
+ }
+ if(str==null) {
+ str = default_name;
+ }
+ return replacements("RegistrationPropHolder.getEntryName",str,entry,dot_le);
+ }
+
private String getNS(String dot_le) {
String ns;
ns = access.getProperty(Config.AAF_LOCATOR_APP_NS+dot_le,null);
if(ns==null) {
- ns = access.getProperty(Config.AAF_LOCATOR_APP_NS, "");
+ ns = access.getProperty(Config.AAF_LOCATOR_APP_NS, "AAF_NS");
}
return ns;
}
@@ -214,7 +234,12 @@
if(!str.endsWith("/locate/")) {
str+="locate/";
}
- value = value.replace("https://AAF_LOCATE_URL/", str);
+ if(value.startsWith("http:")) {
+ value = value.replace("http://AAF_LOCATE_URL/", str);
+ } else {
+ value = value.replace("https://AAF_LOCATE_URL/", str);
+
+ }
}
}
}
diff --git a/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OAuthExample.java b/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OAuthExample.java
index 10bcdcc..b09c2b7 100644
--- a/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OAuthExample.java
+++ b/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OAuthExample.java
@@ -26,17 +26,18 @@
import java.security.GeneralSecurityException;
import java.util.Date;
import java.util.GregorianCalendar;
+import java.util.Map;
import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.PropAccess;
-import org.onap.aaf.cadi.aaf.Defaults;
import org.onap.aaf.cadi.client.Future;
import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.cadi.client.Result;
import org.onap.aaf.cadi.client.Retryable;
import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.configure.Agent;
import org.onap.aaf.cadi.oauth.TimedToken;
import org.onap.aaf.cadi.oauth.TokenClient;
import org.onap.aaf.cadi.oauth.TokenClientFactory;
@@ -73,14 +74,16 @@
// Obtain Endpoints for OAuth2 from Properties. Expected is "cadi.properties" file, pointed to by "cadi_prop_files"
- String tokenServiceURL = access.getProperty(Config.AAF_OAUTH2_TOKEN_URL,Config.OAUTH2_TOKEN_URL_DEF); // Default to AAF
- String tokenIntrospectURL = access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL,Config.OAUTH2_INTROSPECT_URL_DEF); // Default to AAF);
- // Get Hello Service
- final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL,Config.HELLO_URL_DEF);
-
- final int CALL_TIMEOUT = Integer.parseInt(access.getProperty(Config.AAF_CALL_TIMEOUT,Config.AAF_CALL_TIMEOUT_DEF));
-
try {
+ Map<String, String> aaf_urls = Agent.loadURLs(access);
+ Agent.fillMissing(access, aaf_urls);
+ String tokenServiceURL = access.getProperty(Config.AAF_OAUTH2_TOKEN_URL); // Default to AAF
+ String tokenIntrospectURL = access.getProperty(Config.AAF_OAUTH2_INTROSPECT_URL); // Default to AAF);
+ // Get Hello Service
+ final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL);
+
+ final int CALL_TIMEOUT = Integer.parseInt(access.getProperty(Config.AAF_CALL_TIMEOUT,Config.AAF_CALL_TIMEOUT_DEF));
+
//////////////////////////////////////////////////////////////////////
// Scenario 1:
// Get and use an OAuth Client, which understands Token Management
diff --git a/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OnapClientExample.java b/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OnapClientExample.java
index 0a65329..b5d087e 100644
--- a/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OnapClientExample.java
+++ b/cadi/oauth-enduser/src/test/java/org/onap/aaf/cadi/enduser/test/OnapClientExample.java
@@ -26,17 +26,18 @@
import java.security.GeneralSecurityException;
import java.util.Date;
import java.util.GregorianCalendar;
+import java.util.Map;
import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.PropAccess;
-import org.onap.aaf.cadi.aaf.Defaults;
import org.onap.aaf.cadi.client.Future;
import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.cadi.client.Result;
import org.onap.aaf.cadi.client.Retryable;
import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.configure.Agent;
import org.onap.aaf.cadi.oauth.TimedToken;
import org.onap.aaf.cadi.oauth.TokenClient;
import org.onap.aaf.cadi.oauth.TokenClientFactory;
@@ -59,12 +60,13 @@
// Property Access
// This method will allow you to set "cadi_prop_files" (or any other property) on Command line
access = new PropAccess(args);
-
- // access = PropAccess();
// Note: This style will load "cadi_prop_files" from VM Args
-
- // Token aware Client Factory
+ // access = PropAccess();
try {
+ Map<String, String> aaf_urls = Agent.loadURLs(access);
+ Agent.fillMissing(access, aaf_urls);
+
+ // Token aware Client Factory
tcf = TokenClientFactory.instance(access);
} catch (APIException | GeneralSecurityException | IOException | CadiException e1) {
access.log(e1, "Unable to setup OAuth Client Factory, Fail Fast");
@@ -104,7 +106,7 @@
// Use this Token in your client calls with "Tokenized Client" (TzClient)
// These should NOT be used cross thread.
// Get Hello Service URL... roll your own in your own world.
- final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL,Config.HELLO_URL_DEF);
+ final String endServicesURL = access.getProperty(Config.AAF_OAUTH2_HELLO_URL);
TzClient helloClient = tcf.newTzClient(endServicesURL);
diff --git a/docs/sections/architecture/aaf_architecture.rst b/docs/sections/architecture/aaf_architecture.rst
index 8f0a5ad..50d20ee 100644
--- a/docs/sections/architecture/aaf_architecture.rst
+++ b/docs/sections/architecture/aaf_architecture.rst
@@ -40,7 +40,7 @@
Computer Identity
-----------------
-Whether or not you follow Science Fiction stories about Robots, are facinated by Isaac Azimov's Three Laws of Robotics, or think those who do are hopelessly socially inept, you will need to wrestle a bit with how much in common a human created machine with a human being. Without moral or religious implications, Identity can be discussed without stepping on the minefields that Science Fiction typically explores.
+Whether or not you follow Science Fiction stories about Robots, are fascinated by Isaac Azimov's Three Laws of Robotics, or think those who do are hopelessly socially inept, you will need to wrestle a bit with how much in common a human created machine has with a human being. Without moral or religious implications, Identity can be discussed without stepping on the minefields that Science Fiction typically explores.
An Application still must be named, and the name must be controlled within the Context of the Organization defining the name. Where the Application can affect Organzation Resources (i.e. Data), it must have the Authorization to do what it is doing, the question of being sentiently driven need not come up. (sorry sci-fi fans).
@@ -49,16 +49,15 @@
Sum of Parts
------------
-For a human, it is pretty clear, of our purposes, that it is the mind that focuses into Identity. Any given Employee might lose an arm or leg during the period of employment, and, as long as they can type or vocalize a voice-print, there is no discernable difference
-n whether the person is still the person.
+For a human, it is pretty clear, of our purposes, that it is the mind that focuses into Identity. Any given Employee might lose an arm or leg during the period of employment, and, as long as they can type or vocalize a voice-print, there is usually no doubt that the person is still the person.
-Computer Applications may be different. Typically, an Application is built of separate parts, and with the advent of MicroServices as a goal, the question whether each part needs a separate identity or not is actually a valid question. When a Programmer is writing his App, and making the parts, do they need to stand on their own as an Identity or not.
+Computer Applications may be different. Typically, an Application is built of separate parts, and with the advent of MicroServices as a goal, the question whether each part needs a separate identity or not is actually a valid question. When a Programmer is writing his App, and making the parts, he/she must decide if these parts need to stand on their own as an Identity or not.
The trick is, as an Architect, is to determine whether these individual components really are separate, or can be considered as a part of the whole.
-As a rule of thumb, look at you App. If you follow a Model-View-Controller method, it is hard to argue for a need to separate identities... They are clearly three parts to the whole. On the other hand, if you want to consider each Component as a separate Robot, where one may NOT do just anything that the others do, then you should create separate Identities for each.
+As a rule of thumb, look at your App. If you follow a Model-View-Controller method, it is hard to argue for a need to separate identities... They are clearly three parts to the whole. On the other hand, if you want to consider each Component as a separate Robot, where one may NOT do just anything that the others do, then you should create separate Identities for each.
-A clue to this kind of model is if you consider having different groups creating an managing the apps, with a view towards more separateness. If you believe your components are more separate, and the grouping is more by topic (i.e. a group of robots tasked with collectively doing something), the separate Identities may be more appropriate.
+A clue to this kind of model is if you consider having different groups creating an managing the apps, with a view towards more separateness. If you believe your components are more separate, and the grouping is more by topic (i.e. a group of robots tasked with collectively doing something), the separate Identities may be more appropriate.
Enjoy stretching your mind
--------------------------
@@ -74,7 +73,7 @@
- HTTP/S provides the core Encryption whenever used, so all of AAF Components require HTTP/S to the current protocol standards (current is TLS 1.1+ as of Nov 2016)
- HTTP/S requires X.509 certificates at least on the Server at minimum. (in this mode, 1 way, a client Certificate is generated)
- - Certificate Manager can generate certificates signed by the AT&T Internal Certificate Authority, which is secure and cost effective if external access are not needed
+ - Certificate Manager can generate certificates signed by the AT&T Internal Certificate Authority, which is secure and cost effective if external access is not needed
- These same certificates can be used for identifying the Application during the HTTP/S transaction, making a separate UserID/Password unnecessary for Authentication.
- Authentication - In order to tie generated certificates to a specific Application Identity, AAF Certificate Manager embeds a ILM AppID in the Subject. These are created by AT&T specific Internal Certificate Authority, which only generates certificates for AAF Certman. Since AAF Certman validates the Sponsorship of the AppID with requests (automatically), the end user can depend on the AppID embedded in the Subject to be valid without resorting to external calls or passwords.