| commit | ee07ee287cab944dfc7371b3eeb230d1ba7e736e | [log] [tgz] |
|---|---|---|
| author | Lee, Tian (tl5884) <TianL@amdocs.com> | Tue May 08 12:01:21 2018 +0100 |
| committer | Lee, Tian (tl5884) <TianL@amdocs.com> | Tue May 08 12:01:21 2018 +0100 |
| tree | add8f7a8546d31fa17b663defb3b6c7259db1760 | |
| parent | 4229965d8a112a9311505224e2bae254d25710dc [diff] |
Fix Babel authorisation mechanism Change-Id: Iae3139b33e315fae0c205fd7e0df67554d91cd5b Issue-ID: AAI-1126 Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
Babel is a microservice in the AAI project that can be used by clients that work with TOSCA CSAR files.
It parses the TOSCA CSAR to generate xml files from a set of YAML files found in the TOSCA CSAR file.
Babel service can be compiled easily using maven command mvn clean install
The compiled results will be the following artifacts in the "target" folder:
Maven will install the following artifacts in the local repository:
Create the docker image: docker build -t aai/babel target
The project will build a client jar that can be used by clients when using the Babel service.
The client jar contains two objects that are used in the Babel service API.
BabelRequest is used to supply the inputs into the Babel service. BabelArtifact is the response artifact in the list of artifacts returned from the Babel service.
Push the Docker image that you have built to your Docker repository and pull it down to the location that you will be running Babel from.
Create the following directories on the host machine:
./logs ./opt/app/babel/appconfig ./opt/app/babel/appconfig/auth
You will be mounting these as data volumes when you start the Docker container. For examples of the files required in these directories, see the aai/test/config repository (https://gerrit.onap.org/r/#/admin/projects/aai/test-config)
Populate these directories as follows:
The following file must be present in this directory on the host machine:
The purpose of this configuration directory is to maintain configuration files specific to authentication/authorization for the Babel service. The following files must be present in this directory on the host machine:
babel-auth.properties
auth.policy.file=/auth/auth_policy.json auth.authentication.disable=false
artifact-generator.properties
Contains model invariants ids used by SDC artifact generator library
logback.xml
Logging configuration.
auth_policy.json
Create a policy file defining the roles and users that will be allowed to access Babel service. This is a JSON format file which will look something like the following example:
{
"roles": [
{
"name": "admin",
"functions": [
{
"name": "search", "methods": [ { "name": "GET" },{ "name": "DELETE" }, { "name": "PUT" }, { "name": "POST" } ]
}
],
"users": [
{
"username": "CN=babeladmin, OU=My Organization Unit, O=, L=Sometown, ST=SomeProvince, C=CA"
}
]
}
]
}
tomcatkeystore
Create a keystore with this name containing whatever CA certificates that you want your instance of the Babel service to accept for HTTPS traffic.
To include the Babel service client jar in your project add the following maven dependency to your project's pom:
<dependency> <groupId>org.onap.aai</groupId> <artifactId>babel</artifactId> <version>*</version> <classifier>client</classifier> </dependency>