X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fsample%2Fbin%2Fclient.sh;h=97a1262fde43c13dd9d3c8aba49efeebc4f18681;hb=96bf6a2771dfe992fb27bd6361d191d83b6ff605;hp=e94228805b8f34eb7f7a5bcc02461bb61b302e9d;hpb=693ebced47f4211b5b6b8874b41e60cedf9dba0e;p=aaf%2Fauthz.git diff --git a/auth/sample/bin/client.sh b/auth/sample/bin/client.sh index e9422880..97a1262f 100755 --- a/auth/sample/bin/client.sh +++ b/auth/sample/bin/client.sh @@ -1,8 +1,27 @@ #!/bin/bash +######### +# ============LICENSE_START==================================================== +# org.onap.aaf +# =========================================================================== +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# =========================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END==================================================== +# # This script is run when starting client Container. # It needs to cover the cases where the initial data doesn't exist, and when it has already been configured (don't overwrite) # -JAVA=/usr/bin/java +JAVA=${JAVA_HOME}/bin/java AAF_INTERFACE_VERSION=2.1 # Extract Name, Domain and NS from FQI @@ -20,86 +39,144 @@ OSAAF="/opt/app/osaaf" LOCAL="$OSAAF/local" DOT_AAF="$HOME/.aaf" SSO="$DOT_AAF/sso.props" - -JAVA_CADI="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar org.onap.aaf.cadi.CmdLine" -JAVA_AGENT="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar -Dcadi_prop_files=$SSO org.onap.aaf.cadi.configure.Agent" -JAVA_AGENT_SELF="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar -Dcadi_prop_files=$LOCAL/${NS}.props org.onap.aaf.cadi.configure.Agent" -JAVA_AAFCLI="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar -Dcadi_prop_files=$LOCAL/org.osaaf.aaf.props org.onap.aaf.auth.cmd.AAFcli" -# Check for local dir -if [ ! -d $LOCAL ]; then - mkdir -p $LOCAL - for D in bin logs; do - rsync -avzh --exclude=.gitignore $CONFIG/$D/* /opt/app/osaaf/$D - done +if [ -e "$CONFIG" ]; then + CONFIG_BIN="$CONFIG/bin" +else + CONFIG_BIN="." fi -# Setup Bash, first time only -if [ ! -e "$HOME/.bash_aliases" ] || [ -z "$(grep agent $HOME/.bash_aliases)" ]; then - echo "alias cadi='$JAVA_CADI \$*'" >>$HOME/.bash_aliases - echo "alias agent='$OSAAF/bin/agent.sh EMPTY \$*'" >>$HOME/.bash_aliases - echo "alias aafcli='$JAVA_AAFCLI \$*'" >>$HOME/.bash_aliases - chmod a+x $OSAAF/bin/agent.sh - . $HOME/.bash_aliases -fi +AGENT_JAR="$CONFIG_BIN/aaf-cadi-aaf-*-full.jar" + +JAVA_AGENT="$JAVA -Dcadi_loglevel=DEBUG -Dcadi_etc_dir=${LOCAL} -Dcadi_log_dir=${LOCAL} -jar $AGENT_JAR " # Setup SSO info for Deploy ID function sso_encrypt() { - $JAVA_CADI digest ${1} $DOT_AAF/keyfile + $JAVA_AGENT cadi digest ${1} $DOT_AAF/keyfile } +# Setup Bash, first time only, Agent only +if [ -n "$HOME/.bashrc" ] || [ -z "$(grep agent $HOME/.bashrc)" ]; then + echo "alias agent='$CONFIG_BIN/agent.sh agent \$*'" > $HOME/.bashrc + chmod a+x $CONFIG_BIN/agent.sh + . $HOME/.bashrc +fi + +if [ ! -e "$DOT_AAF/truststoreONAPall.jks" ]; then + mkdir -p $DOT_AAF + base64 -d $CONFIG/cert/truststoreONAPall.jks.b64 > $DOT_AAF/truststoreONAPall.jks +fi # Create Deployer Info, located at /root/.aaf if [ ! -e "$DOT_AAF/keyfile" ]; then - mkdir -p $DOT_AAF - $JAVA_CADI keygen $DOT_AAF/keyfile + $JAVA_AGENT cadi keygen $DOT_AAF/keyfile chmod 400 $DOT_AAF/keyfile - echo cadi_latitude=${LATITUDE} > ${SSO} - echo cadi_longitude=${LONGITUDE} >> ${SSO} - echo aaf_id=${DEPLOY_FQI} >> ${SSO} + echo "cadi_keyfile=$DOT_AAF/keyfile" > ${SSO} + + # Add Deployer Creds to Root's SSO + DEPLOY_FQI="${DEPLOY_FQI:=$app_id}" + echo "aaf_id=${DEPLOY_FQI}" >> ${SSO} if [ ! "${DEPLOY_PASSWORD}" = "" ]; then echo aaf_password=enc:$(sso_encrypt ${DEPLOY_PASSWORD}) >> ${SSO} fi - echo aaf_locate_url=https://${AAF_FQDN}:8095 >> ${SSO} - echo aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:${AAF_INTERFACE_VERSION} >> ${SSO} + + # Cover case where using app.props + aaf_locator_container_ns=${aaf_locator_container_ns:=$CONTAINER_NS} + if [ "$aaf_locator_container" = "docker" ]; then + echo "aaf_locate_url=https://aaf-locate:8095" >> ${SSO} + echo "aaf_url_cm=https://aaf-cm:8150" >> ${SSO} + echo "aaf_url=https://aaf-service:8100" >> ${SSO} + else + echo "aaf_locate_url=https://$aaf-locator.${CONTAINER_NS}:8095" >> ${SSO} + echo "aaf_url_cm=https://AAF_LOCATE_URL/%CNS.%NS.cm:2.1" >> ${SSO} + echo "aaf_url=https://AAF_LOCATE_URL/%CNS.%NS.service:2.1" >> ${SSO} + fi - base64 -d $CONFIG/cert/truststoreONAPall.jks.b64 > $DOT_AAF/truststoreONAPall.jks echo "cadi_truststore=$DOT_AAF/truststoreONAPall.jks" >> ${SSO} - echo cadi_truststore_password=enc:$(sso_encrypt changeit) >> ${SSO} + echo "cadi_truststore_password=changeit" >> ${SSO} + echo "cadi_latitude=${LATITUDE}" >> ${SSO} + echo "cadi_longitude=${LONGITUDE}" >> ${SSO} + echo "hostname=${aaf_locator_fqdn}" >> ${SSO} + + # Push in all AAF and CADI properties to SSO + for E in $(env); do + if [ "${E:0:4}" = "aaf_" ] || [ "${E:0:5}" = "cadi_" ]; then + # Use Deployer ID in ${SSO} + if [ "app_id" != "${E%=*}" ]; then + S="${E/_helm/.helm}" + S="${S/_oom/.oom}" + echo "$S" >> ${SSO} + fi + fi + done + + . ${SSO} echo "Caller Properties Initialized" INITIALIZED="true" + echo "cat SSO" + cat ${SSO} +fi + +# Check for local dir +if [ -d $LOCAL ]; then + echo "$LOCAL exists" +else + mkdir -p $LOCAL + echo "Created $LOCAL" +fi + +cd $LOCAL +echo "Existing files in $LOCAL" +ls -l + +# Should we clean up? +if [ "${VERSION}" != "$(cat ${LOCAL}/VERSION 2> /dev/null)" ]; then + echo "Clean up directory ${LOCAL}" + rm -Rf ${LOCAL}/* fi +# update client info +echo "${VERSION}" > $LOCAL/VERSION +cp $AGENT_JAR $LOCAL +echo "#!/bin/bash" > $LOCAL/agent + echo 'java -jar aaf-cadi-aaf-*-full.jar $*' >> $LOCAL/agent +echo "#!/bin/bash" > $LOCAL/cadi + echo 'java -jar aaf-cadi-aaf-*-full.jar cadi $*' >> $LOCAL/cadi +chmod 755 $LOCAL/agent $LOCAL/cadi + +echo "Namespace is ${NS}" # Only initialize once, automatically... -if [ ! -e $LOCAL/${NS}.props ]; then +if [ -n $LOCAL/${NS}.props ]; then echo "#### Create Configuration files " - $JAVA_AGENT config $APP_FQI \ - aaf_url=https://AAF_LOCATE_URL/AAF_NS.locate:${AAF_INTERFACE_VERSION} \ - cadi_etc_dir=$LOCAL + > $LOCAL/$NS + $JAVA_AGENT config $APP_FQI $APP_FQDN --nopasswd cat $LOCAL/$NS.props echo echo "#### Certificate Authorization Artifact" - TMP=$(mktemp) - $JAVA_AGENT read ${APP_FQI} ${APP_FQDN} \ - cadi_prop_files=${SSO} \ - cadi_etc_dir=$LOCAL > $TMP - cat $TMP - echo + # TMP=$(mktemp) + TMP=$LOCAL/agent.log + $JAVA_AGENT read ${APP_FQI} ${APP_FQDN} | tee $TMP + if [ -n "$(grep 'Namespace:' $TMP)" ]; then echo "#### Place Certificates (by deployer)" - $JAVA_AGENT place ${APP_FQI} ${APP_FQDN} \ - cadi_prop_files=${SSO} \ - cadi_etc_dir=$LOCAL + $JAVA_AGENT place $APP_FQI $APP_FQDN - echo "#### Validate Configuration and Certificate with live call" - $JAVA_AGENT_SELF validate - echo "Obtained Certificates" - INITIALIZED="true" + if [ -z "$(grep cadi_alias $NS.cred.props)" ]; then + echo "FAILED to get Certificate" + INITIALIZED="false" + else + echo "Obtained Certificates" + echo "#### Validate Configuration and Certificate with live call" + $JAVA_AGENT validate cadi_prop_files=${NS}.props + INITIALIZED="true" + fi else echo "#### Certificate Authorization Artifact must be valid to continue" fi rm $TMP +else + INITIALIZED="true" fi # Now run a command @@ -107,8 +184,6 @@ CMD=$2 if [ -z "$CMD" ]; then if [ -n "$INITIALIZED" ]; then echo "Initialization complete" - else - $JAVA_AGENT fi else shift @@ -133,26 +208,35 @@ else fi fi ;; - update) - for D in bin logs; do - rsync -uh --exclude=.gitignore $CONFIG/$D/* /opt/app/osaaf/$D - done + read) + echo "## Read Artifacts" + $JAVA_AGENT read $APP_FQI $APP_FQDN cadi_prop_files=${SSO} cadi_loglevel=INFO ;; showpass) echo "## Show Passwords" - $JAVA_AGENT showpass ${APP_FQI} ${APP_FQDN} + $JAVA_AGENT showpass $APP_FQI $APP_FQDN cadi_prop_files=${SSO} cadi_loglevel=ERROR ;; check) - $JAVA_AGENT check ${APP_FQI} ${APP_FQDN} + echo "## Check Certificate" + echo "$JAVA_AGENT check $APP_FQI $APP_FQDN cadi_prop_files=${LOCAL}/${NS}.props" + $JAVA_AGENT check $APP_FQI $APP_FQDN cadi_prop_files=${LOCAL}/${NS}.props ;; validate) echo "## validate requested" - $JAVA_AGENT_SELF validate + $JAVA_AGENT validate $APP_FQI $APP_FQDN + ;; + place) + echo "## Renew Certificate" + $JAVA_AGENT place $APP_FQI $APP_FQDN cadi_prop_files=${SSO} + ;; + renew) + echo "## Renew Certificate" + $JAVA_AGENT place $APP_FQI $APP_FQDN ;; bash) shift cd $LOCAL || exit - /bin/bash "$@" + exec bash "$@" ;; setProp) cd $LOCAL || exit @@ -208,6 +292,10 @@ else taillog) sh /opt/app/osaaf/logs/taillog ;; + testConnectivity|testconnectivity) + echo "--- Test Connectivity ---" + $JAVA -cp $AGENT_JAR org.onap.aaf.cadi.aaf.TestConnectivity $LOCAL/org.osaaf.aaf.props + ;; --help | -?) case "$1" in "") @@ -242,7 +330,7 @@ else ### Possible Dublin # sample) # echo "--- run Sample Servlet App ---" - # $JAVA -Dcadi_prop_files=$LOCAL/${NS}.props -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar:$CONFIG/bin/aaf-cadi-servlet-sample-*-sample.jar org.onap.aaf.sample.cadi.jetty.JettyStandalone ${NS}.props + # $JAVA -Dcadi_prop_files=$LOCAL/${NS}.props -cp $AGENT_JAR:$CONFIG_BIN/aaf-cadi-servlet-sample-*-sample.jar org.onap.aaf.sample.cadi.jetty.JettyStandalone ${NS}.props # ;; *) $JAVA_AGENT "$CMD" "$@"