X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fsample%2Fbin%2Fclient.sh;h=4132e6cadbf7067ca03f681326785c16cb8ad914;hb=4d0a045d78b8ad411534888464d977f65ff9efc7;hp=dbf0862264d610a4765f72cc6246d579ea19a9af;hpb=5c01796be69ed71c360dade8a080a4fd22c06447;p=aaf%2Fauthz.git diff --git a/auth/sample/bin/client.sh b/auth/sample/bin/client.sh index dbf08622..4132e6ca 100755 --- a/auth/sample/bin/client.sh +++ b/auth/sample/bin/client.sh @@ -21,7 +21,7 @@ # This script is run when starting client Container. # It needs to cover the cases where the initial data doesn't exist, and when it has already been configured (don't overwrite) # -JAVA=/usr/bin/java +JAVA=${JAVA_HOME}/bin/java AAF_INTERFACE_VERSION=2.1 # Extract Name, Domain and NS from FQI @@ -46,36 +46,21 @@ else CONFIG_BIN="." fi -CLPATH="$CONFIG_BIN/aaf-auth-cmd-*-full.jar" +AGENT_JAR="$CONFIG_BIN/aaf-cadi-aaf-*-full.jar" -JAVA_CADI="$JAVA -cp $CLPATH org.onap.aaf.cadi.CmdLine" -JAVA_AGENT="$JAVA -cp $CLPATH -Dcadi_prop_files=$SSO org.onap.aaf.cadi.configure.Agent" -JAVA_AGENT_SELF="$JAVA -cp $CLPATH -Dcadi_prop_files=$LOCAL/${NS}.props org.onap.aaf.cadi.configure.Agent" -JAVA_AAFCLI="$JAVA -cp $CLPATH -Dcadi_prop_files=$LOCAL/org.osaaf.aaf.props org.onap.aaf.auth.cmd.AAFcli" +JAVA_AGENT="$JAVA -Dcadi_loglevel=DEBUG -Dcadi_etc_dir=${LOCAL} -Dcadi_log_dir=${LOCAL} -jar $AGENT_JAR " -# Check for local dir -if [ ! -d $LOCAL ]; then - mkdir -p $LOCAL - for D in bin logs; do - mkdir -p $OSAAF/$D - cp $CONFIG/$D/* $OSAAF/$D - done -fi +# Setup SSO info for Deploy ID +function sso_encrypt() { + $JAVA_AGENT cadi digest ${1} $DOT_AAF/keyfile +} # Setup Bash, first time only -if [ ! -e "$HOME/.bashrc" ] || [ -z "$(grep cadi $HOME/.bashrc)" ]; then - echo "alias cadi='$JAVA_CADI \$*'" >>$HOME/.bashrc +if [ ! -e "$HOME/.bashrc" ] || [ -z "$(grep agent $HOME/.bashrc)" ]; then echo "alias agent='$CONFIG_BIN/agent.sh agent \$*'" >>$HOME/.bashrc - echo "alias aafcli='$JAVA_AAFCLI \$*'" >>$HOME/.bashrc chmod a+x $CONFIG_BIN/agent.sh . $HOME/.bashrc fi - -# Setup SSO info for Deploy ID -function sso_encrypt() { - $JAVA_CADI digest ${1} $DOT_AAF/keyfile -} - if [ ! -e "$DOT_AAF/truststoreONAPall.jks" ]; then mkdir -p $DOT_AAF base64 -d $CONFIG/cert/truststoreONAPall.jks.b64 > $DOT_AAF/truststoreONAPall.jks @@ -83,19 +68,36 @@ fi # Create Deployer Info, located at /root/.aaf if [ ! -e "$DOT_AAF/keyfile" ]; then - $JAVA_CADI keygen $DOT_AAF/keyfile + $JAVA_AGENT cadi keygen $DOT_AAF/keyfile chmod 400 $DOT_AAF/keyfile + echo "cadi_keyfile=$DOT_AAF/keyfile" > ${SSO} # Add Deployer Creds to Root's SSO DEPLOY_FQI="${DEPLOY_FQI:=$app_id}" - echo "aaf_id=${DEPLOY_FQI}" > ${SSO} + echo "aaf_id=${DEPLOY_FQI}" >> ${SSO} if [ ! "${DEPLOY_PASSWORD}" = "" ]; then echo aaf_password=enc:$(sso_encrypt ${DEPLOY_PASSWORD}) >> ${SSO} fi # Cover case where using app.props - aaf_locater_container_ns=${aaf_locator_container_ns:=$CONTAINER_NS} + aaf_locator_container_ns=${aaf_locator_container_ns:=$CONTAINER_NS} + if [ "$aaf_locator_container" = "docker" ]; then + echo "aaf_locate_url=https://aaf-locate:8095" >> ${SSO} + echo "aaf_url_cm=https://aaf-cm:8150" >> ${SSO} + echo "aaf_url=https://aaf-service:8100" >> ${SSO} + else + echo "aaf_locate_url=https://$aaf-locator.${CONTAINER_NS}:8095" >> ${SSO} + echo "aaf_url_cm=https://AAF_LOCATE_URL/%CNS.%NS.cm:2.1" >> ${SSO} + echo "aaf_url=https://AAF_LOCATE_URL/%CNS.%NS.service:2.1" >> ${SSO} + fi + + echo "cadi_truststore=$DOT_AAF/truststoreONAPall.jks" >> ${SSO} + echo "cadi_truststore_password=changeit" >> ${SSO} + echo "cadi_latitude=${LATITUDE}" >> ${SSO} + echo "cadi_longitude=${LONGITUDE}" >> ${SSO} + echo "hostname=${aaf_locator_fqdn}" >> ${SSO} + # Push in all AAF and CADI properties to SSO for E in $(env); do if [ "${E:0:4}" = "aaf_" ] || [ "${E:0:5}" = "cadi_" ]; then # Use Deployer ID in ${SSO} @@ -107,65 +109,64 @@ if [ ! -e "$DOT_AAF/keyfile" ]; then fi done - echo "cadi_truststore=$DOT_AAF/truststoreONAPall.jks" >> ${SSO} - echo cadi_truststore_password=enc:$(sso_encrypt changeit) >> ${SSO} + . ${SSO} echo "Caller Properties Initialized" INITIALIZED="true" + echo "cat SSO" + cat ${SSO} fi -echo "cat SSO" -cat ${SSO} -echo "dog" -# Only initialize once, automatically... -if [ ! -e $LOCAL/${NS}.props ]; then - if [ -e '/opt/app/aaf_config/bin' ]; then - cp /opt/app/aaf_config/bin/*.jar $LOCAL - echo "#!/bin/bash" > agent - echo 'case "$1" in' >> agent - echo ' ""|-?|--help)CMD="";FQI="";FQDN="";;' >> agent - echo ' validate)CMD="$1";FQI="";FQDN="${2:-'"$NS.props"'}";;' >> agent - echo ' *)CMD="$1";FQI="${2:-'"$APP_FQI"'}";FQDN="${3:-'"$APP_FQDN"'}";;' >> agent - echo 'esac' >> agent - echo 'java -cp '$(ls aaf-auth-cmd-*-full.jar)' -Dcadi_prop_files='"$NS"'.props org.onap.aaf.cadi.configure.Agent $CMD $FQI $FQDN' >> agent +# Check for local dir +if [ -d $LOCAL ]; then + echo "$LOCAL exists" +else + mkdir -p $LOCAL + echo "Created $LOCAL" +fi - echo "#!/bin/bash" > cadi - echo "java -cp $(ls aaf-auth-cmd-*-full.jar) -Dcadi_prop_files=$NS.props org.onap.aaf.cadi.CmdLine " '$*' >> cadi - # echo "#!/bin/bash" > aafcli - # echo "java -cp $(ls aaf-auth-cmd-*-full.jar) -Dcadi_prop_files=$NS.props org.onap.aaf.auth.cmd.AAFcli " '$*' >> aafcli +cd $LOCAL +echo "Existing files in $LOCAL" +ls -l - echo "#!/bin/bash" > testConnectivity - echo "java -cp $(ls aaf-auth-cmd-*-full.jar) org.onap.aaf.cadi.aaf.TestConnectivity $NS.props" >> testConnectivity - chmod ug+x agent cadi testConnectivity - fi +# Should we clean up? +if [ "${VERSION}" != "$(cat ${LOCAL}/VERSION 2> /dev/null)" ]; then + echo "Clean up directory ${LOCAL}" + rm -Rf ${LOCAL}/* +fi +echo "${VERSION}" > $LOCAL/VERSION +echo "Namespace is ${NS}" +# Only initialize once, automatically... +if [ ! -e $LOCAL/${NS}.props ]; then echo "#### Create Configuration files " - $JAVA_AGENT config $APP_FQI \ - cadi_etc_dir=$LOCAL \ - cadi_prop_files=$SSO - #aaf_url=https://AAF_LOCATE_URL/AAF_NS.locate:${AAF_INTERFACE_VERSION} + $JAVA_AGENT config $APP_FQI $APP_FQDN cat $LOCAL/$NS.props echo echo "#### Certificate Authorization Artifact" # TMP=$(mktemp) TMP=$LOCAL/agent.log - $JAVA_AGENT read ${APP_FQI} ${APP_FQDN} \ - cadi_prop_files=${SSO} \ - cadi_etc_dir=$LOCAL | tee $TMP + $JAVA_AGENT read ${APP_FQI} ${APP_FQDN} | tee $TMP if [ -n "$(grep 'Namespace:' $TMP)" ]; then echo "#### Place Certificates (by deployer)" - $JAVA_AGENT place ${APP_FQI} ${APP_FQDN} \ - cadi_prop_files=${SSO} \ - cadi_etc_dir=$LOCAL + $JAVA_AGENT place $APP_FQI $APP_FQDN - echo "#### Validate Configuration and Certificate with live call" - echo "Obtained Certificates" - INITIALIZED="true" + if [ -z "$(grep cadi_alias $NS.cred.props)" ]; then + echo "FAILED to get Certificate" + INITIALIZED="false" + else + echo "Obtained Certificates" + echo "#### Validate Configuration and Certificate with live call" + $JAVA_AGENT validate cadi_prop_files=${NS}.props + INITIALIZED="true" + fi else echo "#### Certificate Authorization Artifact must be valid to continue" fi rm $TMP +else + INITIALIZED="true" fi # Now run a command @@ -173,8 +174,6 @@ CMD=$2 if [ -z "$CMD" ]; then if [ -n "$INITIALIZED" ]; then echo "Initialization complete" - else - $JAVA_AGENT_SELF validate $FQI $FQDN fi else shift @@ -199,21 +198,30 @@ else fi fi ;; + read) + echo "## Read Artifacts" + $JAVA_AGENT read $APP_FQI $APP_FQDN cadi_prop_files=${SSO} cadi_loglevel=INFO + ;; showpass) echo "## Show Passwords" - $JAVA_AGENT showpass ${APP_FQI} ${APP_FQDN} + $JAVA_AGENT showpass $APP_FQI $APP_FQDN cadi_prop_files=${SSO} cadi_loglevel=ERROR ;; check) echo "## Check Certificate" - $JAVA_AGENT check ${APP_FQI} ${APP_FQDN} + echo "$JAVA_AGENT check $APP_FQI $APP_FQDN cadi_prop_files=${LOCAL}/${NS}.props" + $JAVA_AGENT check $APP_FQI $APP_FQDN cadi_prop_files=${LOCAL}/${NS}.props ;; validate) echo "## validate requested" - $JAVA_AGENT_SELF validate $FQI $FQDN + $JAVA_AGENT validate $APP_FQI $APP_FQDN + ;; + place) + echo "## Renew Certificate" + $JAVA_AGENT place $APP_FQI $APP_FQDN cadi_prop_files=${SSO} ;; renew) echo "## Renew Certificate" - $JAVA_AGENT place ${APP_FQI} ${APP_FQDN} + $JAVA_AGENT place $APP_FQI $APP_FQDN ;; bash) shift