Merge "Added AAF containers to ONAP Kubernetes"
diff --git a/kubernetes/aaf/Chart.yaml b/kubernetes/aaf/Chart.yaml
new file mode 100644
index 0000000..60e4370
--- /dev/null
+++ b/kubernetes/aaf/Chart.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+description: A Helm chart for Kubernetes
+name: aaf
+version: 1.1.0
diff --git a/kubernetes/aaf/templates/aaf-cs-deployment.yaml b/kubernetes/aaf/templates/aaf-cs-deployment.yaml
new file mode 100644
index 0000000..f240150
--- /dev/null
+++ b/kubernetes/aaf/templates/aaf-cs-deployment.yaml
@@ -0,0 +1,36 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: aaf-cs
+ namespace: "{{ .Values.nsPrefix }}-aaf"
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: aaf-cs
+ template:
+ metadata:
+ labels:
+ app: aaf-cs
+ name: aaf-cs
+ spec:
+ hostname: aaf-cs
+ containers:
+ - args:
+ image: {{ .Values.image.csImage }}:{{ .Values.image.csVersion }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ name: "aaf-cs"
+ volumeMounts:
+ - mountPath: /data
+ name: aaf-data
+ readinessProbe:
+ tcpSocket:
+ port: 7000
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ volumes:
+ - name: aaf-data
+ hostPath:
+ path: /dockerdata-nfs/{{ .Values.nsPrefix }}/aaf/data
+ imagePullSecrets:
+ - name: {{ .Values.nsPrefix }}-docker-registry-key
diff --git a/kubernetes/aaf/templates/aaf-deployment.yaml b/kubernetes/aaf/templates/aaf-deployment.yaml
new file mode 100644
index 0000000..20e21c4
--- /dev/null
+++ b/kubernetes/aaf/templates/aaf-deployment.yaml
@@ -0,0 +1,57 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ labels:
+ app: aaf
+ name: aaf
+ namespace: "{{ .Values.nsPrefix }}-aaf"
+spec:
+ selector:
+ matchLabels:
+ app: aaf
+ template:
+ metadata:
+ labels:
+ app: aaf
+ name: aaf
+ annotations:
+ pod.beta.kubernetes.io/init-containers: '[
+ {
+ "args": [
+ "--container-name",
+ "aaf-cs"
+ ],
+ "command": [
+ "/root/ready.py"
+ ],
+ "env": [
+ {
+ "name": "NAMESPACE",
+ "valueFrom": {
+ "fieldRef": {
+ "apiVersion": "v1",
+ "fieldPath": "metadata.namespace"
+ }
+ }
+ }
+ ],
+ "image": "{{ .Values.image.readiness }}",
+ "imagePullPolicy": "{{ .Values.pullPolicy }}",
+ "name": "aaf-readiness"
+ }
+ ]'
+ spec:
+ containers:
+ - env:
+ - name: CASSANDRA_CLUSTER
+ value: cassandra_container
+ image: {{ .Values.image.aafImage }}:{{ .Values.image.aafVersion }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ name: aaf
+ readinessProbe:
+ tcpSocket:
+ port: 8101
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ imagePullSecrets:
+ - name: {{ .Values.nsPrefix }}-docker-registry-key
diff --git a/kubernetes/aaf/templates/all-services.yaml b/kubernetes/aaf/templates/all-services.yaml
new file mode 100644
index 0000000..0d1dc22
--- /dev/null
+++ b/kubernetes/aaf/templates/all-services.yaml
@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: aaf-cs
+ namespace: "{{ .Values.nsPrefix }}-aaf"
+ labels:
+ app: aaf-cs
+spec:
+ ports:
+ - name: aaf-cs-port-7000
+ port: 7000
+ - name: aaf-cs-port-7001
+ port: 7001
+ - name: aaf-cs-port-9042
+ port: 9042
+ - name: aaf-cs-port-9160
+ port: 9160
+ selector:
+ app: aaf-cs
+ clusterIP: None
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: aaf-authz-service
+ namespace: "{{ .Values.nsPrefix }}-aaf"
+ labels:
+ app: aaf-authz-service
+spec:
+ ports:
+ - name: aaf-authz-service
+ port: 8101
+ nodePort: {{ .Values.nodePortPrefix }}99
+ selector:
+ app: clamp
+ type: NodePort
diff --git a/kubernetes/aaf/values.yaml b/kubernetes/aaf/values.yaml
new file mode 100644
index 0000000..a8589a3
--- /dev/null
+++ b/kubernetes/aaf/values.yaml
@@ -0,0 +1,9 @@
+nsPrefix: onap
+pullPolicy: Always
+nodePortPrefix: 302
+image:
+ readiness: oomk8s/readiness-check:1.0.0
+ aafImage: nexus3.onap.org:10001/onap/aaf/authz-service
+ aafVersion: latest
+ csImage: nexus3.onap.org:10001/library/cassandra
+ csVersion: 2.1.17
diff --git a/kubernetes/config/docker/init/src/config/aaf/data/ecomp.cql b/kubernetes/config/docker/init/src/config/aaf/data/ecomp.cql
new file mode 100644
index 0000000..6fddf65
--- /dev/null
+++ b/kubernetes/config/docker/init/src/config/aaf/data/ecomp.cql
@@ -0,0 +1,169 @@
+USE authz;
+
+// Create Root pass
+INSERT INTO cred (id,ns,type,cred,expires)
+ VALUES ('dgl@openecomp.org','org.openecomp',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31');
+
+INSERT INTO cred (id,ns,type,cred,expires)
+ VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31');
+
+INSERT INTO cred (id,ns,type,cred,expires)
+ VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC',1,0xab3831f27b39d7a039f9a92aa2bbfe51,'2020-12-31');
+
+
+// Create 'com' root NS
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('com',1,'Root Namespace',null,1);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('com','admin',{'com.access|*|*'},'Com Admins');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('com','owner',{'com.access|*|read'},'Com Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('com','access','*','read',{'com.owner'},'Com Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('com','access','*','*',{'com.admin'},'Com Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','com.owner','2020-12-31','com','owner');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','com.admin','2020-12-31','com','admin');
+
+// Create org root NS
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('org',1,'Root Namespace Org',null,1);
+
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('org.openecomp.dcae',3,'DCAE Namespace Org','org.openecomp',3);
+
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('org.openecomp.dmaapBC',3,'DMaaP BC Namespace Org','org.openecomp',3);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org','admin',{'org.access|*|*'},'Com Admins');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org','owner',{'org.access|*|read'},'Com Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org','access','*','read',{'org.owner'},'Com Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org','access','*','*',{'org.admin'},'Com Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','org.owner','2020-12-31','org','owner');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','org.admin','2020-12-31','org','admin');
+
+
+// Create com.att
+
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('com.att',2,'AT&T Namespace','com',2);
+
+INSERT INTO role(ns, name, perms,description)
+ VALUES('com.att','admin',{'com.att.access|*|*'},'AT&T Admins');
+
+INSERT INTO role(ns, name, perms,description)
+ VALUES('com.att','owner',{'com.att.access|*|read'},'AT&T Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles,description)
+ VALUES ('com.att','access','*','read',{'com.att.owner'},'AT&T Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles,description)
+ VALUES ('com.att','access','*','*',{'com.att.admin'},'AT&T Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','com.att.owner','2020-12-31','com.att','owner');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','com.att.admin','2020-12-31','com.att','admin');
+
+// Create com.att.aaf
+
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('com.att.aaf',3,'Application Authorization Framework','com.att',3);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('com.att.aaf','admin',{'com.att.aaf.access|*|*'},'AAF Admins');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('com.att.aaf','owner',{'com.att.aaf.access|*|read'},'AAF Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('com.att.aaf','access','*','read',{'com.att.aaf.owner'},'AAF Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('com.att.aaf','access','*','*',{'com.att.aaf.admin'},'AAF Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','com.att.aaf.admin','2020-12-31','com.att.aaf','admin');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','com.att.aaf.owner','2020-12-31','com.att.aaf','owner');
+
+
+// Create org.openecomp
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('org.openecomp',2,'Open EComp NS','com.att',2);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.openecomp','admin',{'org.openecomp.access|*|*'},'OpenEcomp Admins');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.openecomp','owner',{'org.openecomp.access|*|read'},'OpenEcomp Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.openecomp','access','*','read',{'org.openecomp.owner'},'OpenEcomp Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.openecomp','access','*','*',{'org.openecomp.admin'},'OpenEcomp Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','org.openecomp.admin','2020-12-31','org.openecomp','admin');
+
+// Create org.openecomp.dmaapBC
+
+INSERT INTO ns (name,scope,description,parent,type)
+ VALUES('org.openecomp.dmaapBC',3,'Application Authorization Framework','org.openecomp',3);
+
+//INSERT INTO role(ns, name, perms, description)
+// VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*'},'AAF Admins');
+
+INSERT INTO role(ns, name, perms, description)
+VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.topicFactory|:org.openecomp.dmaapBC.topic:org.openecomp.dmaapBC|create','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins');
+
+//INSERT INTO role(ns, name, perms, description)
+//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub'},'AAF Admins');
+
+//INSERT INTO role(ns, name, perms, description)
+//VALUES('org.openecomp.dmaapBC','admin',{'org.openecomp.dmaapBC.access|*|*','org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub'},'AAF Admins');
+
+
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.openecomp.dmaapBC','owner',{'org.openecomp.dmaapBC.access|*|read'},'AAF Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.openecomp.dmaapBC','access','*','read',{'org.openecomp.dmaapBC.owner'},'AAF Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.openecomp.dmaapBC','access','*','*',{'org.openecomp.dmaapBC.admin'},'AAF Write Access');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('dgl@openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('m99751@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.admin','2020-12-31','org.openecomp.dmaapBC','admin');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('m99501@dmaapBC.openecomp.org','org.openecomp.dmaapBC.owner','2020-12-31','org.openecomp.dmaapBC','owner');
diff --git a/kubernetes/config/docker/init/src/config/aaf/data/identities.dat b/kubernetes/config/docker/init/src/config/aaf/data/identities.dat
new file mode 100644
index 0000000..98bf99a
--- /dev/null
+++ b/kubernetes/config/docker/init/src/config/aaf/data/identities.dat
@@ -0,0 +1,7 @@
+iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e|
+mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna
+bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager
+mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager
+ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager
+iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager
+osaaf|ID of AAF|||||a|bdevl
diff --git a/kubernetes/config/docker/init/src/config/aaf/data/identities.idx b/kubernetes/config/docker/init/src/config/aaf/data/identities.idx
new file mode 100644
index 0000000..78fc0a5
--- /dev/null
+++ b/kubernetes/config/docker/init/src/config/aaf/data/identities.idx
Binary files differ
diff --git a/kubernetes/config/docker/init/src/config/aaf/data/init.cql b/kubernetes/config/docker/init/src/config/aaf/data/init.cql
new file mode 100644
index 0000000..81700f8
--- /dev/null
+++ b/kubernetes/config/docker/init/src/config/aaf/data/init.cql
@@ -0,0 +1,242 @@
+// For Developer Machine single instance
+//
+CREATE KEYSPACE authz
+WITH REPLICATION = {'class' : 'SimpleStrategy','replication_factor':1};
+//
+// From Ravi, 6-17-2014. User for DEVL->TEST
+//
+// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'HYWRCA02': '2', 'BRHMALDC': '2' };
+//
+// PROD
+//
+// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','ALPSGACT': '2','STLSMORC': '2','BRHMALDC': '2' };
+//
+// create user authz with password '<AUTHZ PASSWORD>' superuser;
+// grant all on keyspace authz to authz;
+//
+// For TEST (aaf_test)
+// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'BRHMALDC': '1' };
+//
+// DEVL
+// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '2' };
+//
+// TEST / PERF
+// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '3','KGMTNC20': '3' };
+//
+// IST
+// CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC':'3',
+// 'DLLSTXCF':'3','KGMTNC20':'3','SFLDMIBB':'3','HYWRCA02':'3' };
+//
+// with 6 localized with ccm
+// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'dc1': '2', 'dc2': '2' };
+//
+
+USE authz;
+
+//
+// CORE Table function
+//
+
+// Namespace - establish hierarchical authority to modify
+// Permissions and Roles
+// "scope" is flag to determine Policy. Typical important scope
+// is "company" (1)
+CREATE TABLE ns (
+ name varchar,
+ scope int, // deprecated 2.0.11
+ description varchar,
+ parent varchar,
+ type int,
+ PRIMARY KEY (name)
+);
+CREATE INDEX ns_parent on ns(parent);
+
+
+// Oct 2015, not performant. Made Owner and Attrib first class Roles,
+// April, 2015. Originally, the plan was to utilize Cassandra 2.1.2, however, other team's preferences were to remain at current levels.
+// Therefore, we are taking the separate table approach. (coder Jeremiah Rohwedder)
+// We had dropped this by making first class objects of Responsible (Owner) and Admin. We need this again to mark namespaces
+// as having certain tools, like SWM, etc.
+CREATE TABLE ns_attrib (
+ ns varchar,
+ key varchar,
+ value varchar,
+ PRIMARY KEY (ns,key)
+);
+create index ns_attrib_key on ns_attrib(key);
+
+// Will be cached
+CREATE TABLE role (
+ ns varchar,
+ name varchar,
+ perms set<varchar>, // Use "Key" of "name|type|action"
+ description varchar,
+ PRIMARY KEY (ns,name)
+);
+CREATE INDEX role_name ON role(name);
+
+// Will be cached
+CREATE TABLE perm (
+ ns varchar,
+ type varchar,
+ instance varchar,
+ action varchar,
+ roles set<varchar>, // Need to find Roles given Permissions
+ description varchar,
+ PRIMARY KEY (ns,type,instance,action)
+);
+
+// This table is user for Authorization
+CREATE TABLE user_role (
+ user varchar,
+ role varchar, // deprecated: change to ns/rname after 2.0.11
+ ns varchar,
+ rname varchar,
+ expires timestamp,
+ PRIMARY KEY(user,role)
+ );
+CREATE INDEX user_role_ns ON user_role(ns);
+CREATE INDEX user_role_role ON user_role(role);
+
+// This table is only for the case where return User Credential (MechID) Authentication
+CREATE TABLE cred (
+ id varchar,
+ type int,
+ expires timestamp,
+ ns varchar,
+ other int,
+ notes varchar,
+ cred blob,
+ prev blob,
+ PRIMARY KEY (id,type,expires)
+ );
+CREATE INDEX cred_ns ON cred(ns);
+
+// Certificate Cross Table
+// coordinated with CRED type 2
+CREATE TABLE cert (
+ fingerprint blob,
+ id varchar,
+ x500 varchar,
+ expires timestamp,
+ PRIMARY KEY (fingerprint)
+ );
+CREATE INDEX cert_id ON cert(id);
+CREATE INDEX cert_x500 ON cert(x500);
+
+CREATE TABLE notify (
+ user text,
+ type int,
+ last timestamp,
+ checksum int,
+ PRIMARY KEY (user,type)
+);
+
+CREATE TABLE x509 (
+ ca text,
+ serial blob,
+ id text,
+ x500 text,
+ x509 text,
+ PRIMARY KEY (ca,serial)
+);
+
+
+CREATE INDEX x509_id ON x509 (id);
+CREATE INDEX x509_x500 ON x509 (x500);
+
+//
+// Deployment Artifact (for Certman)
+//
+CREATE TABLE artifact (
+ mechid text,
+ machine text,
+ type Set<text>,
+ sponsor text,
+ ca text,
+ dir text,
+ appName text,
+ os_user text,
+ notify text,
+ expires timestamp,
+ renewDays int,
+ PRIMARY KEY (mechid,machine)
+);
+CREATE INDEX artifact_machine ON artifact(machine);
+
+//
+// Non-Critical Table functions
+//
+// Table Info - for Caching
+CREATE TABLE cache (
+ name varchar,
+ seg int, // cache Segment
+ touched timestamp,
+ PRIMARY KEY(name,seg)
+);
+
+CREATE TABLE history (
+ id timeuuid,
+ yr_mon int,
+ user varchar,
+ action varchar,
+ target varchar, // user, user_role,
+ subject varchar, // field for searching main portion of target key
+ memo varchar, //description of the action
+ reconstruct blob, //serialized form of the target
+ // detail Map<varchar, varchar>, // additional information
+ PRIMARY KEY (id)
+);
+CREATE INDEX history_yr_mon ON history(yr_mon);
+CREATE INDEX history_user ON history(user);
+CREATE INDEX history_subject ON history(subject);
+
+//
+// A place to hold objects to be created at a future time.
+//
+CREATE TABLE future (
+ id uuid, // uniquify
+ target varchar, // Target Table
+ memo varchar, // Description
+ start timestamp, // When it should take effect
+ expires timestamp, // When not longer valid
+ construct blob, // How to construct this object (like History)
+ PRIMARY KEY(id)
+);
+CREATE INDEX future_idx ON future(target);
+CREATE INDEX future_start_idx ON future(start);
+
+
+CREATE TABLE approval (
+ id timeuuid, // unique Key
+ ticket uuid, // Link to Future Record
+ user varchar, // the user who needs to be approved
+ approver varchar, // user approving
+ type varchar, // approver types i.e. Supervisor, Owner
+ status varchar, // approval status. pending, approved, denied
+ memo varchar, // Text for Approval to know what's going on
+ operation varchar, // List operation to perform
+ PRIMARY KEY(id)
+ );
+CREATE INDEX appr_approver_idx ON approval(approver);
+CREATE INDEX appr_user_idx ON approval(user);
+CREATE INDEX appr_ticket_idx ON approval(ticket);
+CREATE INDEX appr_status_idx ON approval(status);
+
+CREATE TABLE delegate (
+ user varchar,
+ delegate varchar,
+ expires timestamp,
+ PRIMARY KEY (user)
+);
+CREATE INDEX delg_delg_idx ON delegate(delegate);
+
+//
+// Used by authz-batch processes to ensure only 1 runs at a time
+//
+CREATE TABLE run_lock (
+ class text,
+ host text,
+ start timestamp,
+ PRIMARY KEY ((class))
+);
diff --git a/kubernetes/oneclick/aaf.sh b/kubernetes/oneclick/aaf.sh
new file mode 100644
index 0000000..9a85300
--- /dev/null
+++ b/kubernetes/oneclick/aaf.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+KUBECTL_CMD="kubectl --namespace $1-$2 $3 -f ../$2"
+
+printf "AAF....\n"
+
+$KUBECTL_CMD/aaf-deployment.yaml
+$KUBECTL_CMD/aaf-cs-deployment.yaml
diff --git a/kubernetes/oneclick/createAll.bash b/kubernetes/oneclick/createAll.bash
index 2963a40..8d41ee4 100755
--- a/kubernetes/oneclick/createAll.bash
+++ b/kubernetes/oneclick/createAll.bash
@@ -13,7 +13,7 @@
-i [INSTANCE] : ONAP deployment instance # (default: 1)
-a [APP] : Specify a specific ONAP component (default: all)
from the following choices:
- sdc, aai ,mso, message-router, robot, vid,
+ sdc, aai ,mso, message-router, robot, vid, aaf
sdnc, portal, policy, appc, multicloud, clamp, consul, vnfsdk
EOF
}
diff --git a/kubernetes/oneclick/deleteAll.bash b/kubernetes/oneclick/deleteAll.bash
index f3b8da7..c0e696c 100755
--- a/kubernetes/oneclick/deleteAll.bash
+++ b/kubernetes/oneclick/deleteAll.bash
@@ -27,8 +27,8 @@
-n [NAMESPACE] : Kubernetes namespace (required)
-a [APP] : Specify a specific ONAP component (default: all)
from the following choices:
- sdc, aai ,mso, message-router, robot,
- vid, sdnc, portal, policy, appc, multicloud, clamp, consul, vnfsdk
+ sdc, aai ,mso, message-router, robot, vid, aaf
+ sdnc, portal, policy, appc, multicloud, clamp, consul, vnfsdk
EOF
}
diff --git a/kubernetes/oneclick/setenv.bash b/kubernetes/oneclick/setenv.bash
index 16472e7..dde9ca1 100644
--- a/kubernetes/oneclick/setenv.bash
+++ b/kubernetes/oneclick/setenv.bash
@@ -1,7 +1,7 @@
#!/bin/bash
# Deploying MSB first and kube2msb last will ensure all the ONAP services can be registered to MSB
-HELM_APPS=('consul' 'msb' 'mso' 'message-router' 'sdnc' 'vid' 'robot' 'portal' 'policy' 'appc' 'aai' 'sdc' 'dcaegen2' 'log' 'cli' 'multicloud' 'clamp' 'vnfsdk' 'kube2msb')
+HELM_APPS=('consul' 'msb' 'mso' 'message-router' 'sdnc' 'vid' 'robot' 'portal' 'policy' 'appc' 'aai' 'sdc' 'dcaegen2' 'log' 'cli' 'multicloud' 'clamp' 'vnfsdk' 'kube2msb' 'aaf')
ONAP_DOCKER_REGISTRY=${ONAP_DOCKER_REGISTRY:-nexus3.onap.org:10001}
ONAP_DOCKER_USER=${ONAP_DOCKER_USER:-docker}
ONAP_DOCKER_PASS=${ONAP_DOCKER_PASS:-docker}