/cadisample/
.classpath
/bin/
+.vscode/
+cadi/core/src/test/resources/keystore.p12
+cadi/core/src/test/resources/output_key
+cadi/core/src/test/resources/truststore.jks
+.vscode/launch.json
tag: '<[sub-project_name]>'
realtime_discussion: ''
meetings:
- - type: 'zoom'
- agenda: 'https://wiki.onap.org/display/DW/AAF+Meeting+Minutes'
- url: 'https://wiki.onap.org/pages/viewpage.action?pageId=15302787'
+ - type: 'n/a'
+ agenda: 'n/a'
+ url: 'n/a'
server: 'n/a'
channel: 'n/a'
- repeats: 'weekly'
- time: '14:00 UTC'
+ repeats: 'n/a'
+ time: 'n/a'
repositories:
- 'aaf/authz'
committers:
--- /dev/null
+#!groovy
+
+properties([[$class: 'ParametersDefinitionProperty', parameterDefinitions: [
+[$class: 'hudson.model.StringParameterDefinition', name: 'ECO_PIPELINE_ID', defaultValue: '0', description: 'Select an environment'],
+[$class: 'hudson.model.StringParameterDefinition', name: 'PHASE', defaultValue: 'BUILD, PACKAGE, SONAR, SAST', description: 'Select an instance'],
+[$class: 'hudson.model.StringParameterDefinition', name: 'TARGET_NODE', defaultValue: 'zld03318.vci.att.com', description: 'Select an environment to deploy to']
+]]])
+
+def wf = new MavenWorkflow()
+
+wf defaultPhase:'BUILD, SONAR, SAST, DAST',
+ language:'MAVEN',
+ deployType: 'SWM',
+ deployOptions:"swm:install -Dswm.target.node=${params.TARGET_NODE}"
/.settings/
/target/
/.project
+/.checkstyle
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
</parent>
<artifactId>aaf-auth-client</artifactId>
<build>
<plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-deploy-plugin</artifactId>
- <configuration>
- <skip>true</skip>
- </configuration>
- </plugin>
<plugin>
<groupId>org.jvnet.jaxb2.maven2</groupId>
<artifactId>maven-jaxb2-plugin</artifactId>
</configuration>
</plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-deploy-plugin</artifactId>
- <configuration>
- <skip>false</skip>
- </configuration>
- </plugin>
-
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
NotifyCredExpiringOrig.java
/*.dat
/logs
+/.checkstyle
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
</developers>
<properties>
-
-
-
<maven.test.failure.ignore>false</maven.test.failure.ignore>
<!-- SONAR -->
<!-- <sonar.skip>true</sonar.skip> -->
<dependencySet>
<unpack>true</unpack>
<scope>compile</scope>
- <!-- includes>
- <include>org.onap.aaf.authz:aaf-auth-batch</include>
- <include>org.onap.aaf.authz:aaf-auth-core</include>
- <include>org.onap.aaf.authz:aaf-cadi-core</include>
- <include>org.onap.aaf.authz:aaf-misc-env</include>
- <include>org.onap.aaf.authz:aaf-misc-rosetta</include>
- <include>javax.xml.bind:jaxb-api</include>
- <include>org.glassfish.jaxb:jaxb-runtime</include>
- </includes -->
- <includes>
- <include>org.onap.aaf.authz:aaf-auth-batch</include>
- <include>org.onap.aaf.authz:aaf-auth-core</include>
- <include>org.onap.aaf.authz:aaf-cadi-core</include>
- <include>org.onap.aaf.authz:aaf-misc-env</include>
- <include>org.onap.aaf.authz:aaf-misc-rosetta</include>
- <include>javax.xml.bind:jaxb-api</include>
- <include>org.glassfish.jaxb:jaxb-runtime</include>
- <include>com.sun.istack:istack-commons-runtime</include>
- <include>javax.activation:javax.activation-api</include>
- </includes>
</dependencySet>
</dependencySets>
-</assembly>
\ No newline at end of file
+</assembly>
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.Env;
-import org.onap.aaf.misc.env.StaticSlot;
import org.onap.aaf.misc.env.TimeTaken;
import org.onap.aaf.misc.env.util.Chrono;
import org.onap.aaf.misc.env.util.Split;
import com.datastax.driver.core.Statement;
public abstract class Batch {
-
- private static StaticSlot ssargs;
-
protected static final String STARS = "*****";
protected static Cluster cluster;
private static File logdir;
+ private static String[] batchArgs;
+
public static final String CASS_ENV = "CASS_ENV";
public static final String LOG_DIR = "LOG_DIR";
protected static final String MAX_EMAILS="MAX_EMAILS";
protected void _close(AuthzTrans trans) {}
public String[] args() {
- return env.get(ssargs);
+ return batchArgs;
}
public boolean isDryRun()
// Use a StringBuilder to save off logs until a File can be setup
StringBuilderOutputStream sbos = new StringBuilderOutputStream();
PropAccess access = new PropAccess(new PrintStream(sbos),args);
- access.log(Level.INIT, "------- Starting Batch ------\n Args: ");
+ access.log(Level.INFO, "------- Starting Batch ------\n Args: ");
for(String s: args) {
sbos.getBuffer().append(s);
sbos.getBuffer().append(' ');
}
+ sbos.getBuffer().append('\n');
InputStream is = null;
String filename;
len -= 1;
if (len < 0)
len = 0;
- String nargs[] = new String[len];
+ batchArgs = new String[len];
if (len > 0) {
- System.arraycopy(args, 1, nargs, 0, len);
+ System.arraycopy(args, 1, batchArgs, 0, len);
}
-
- env.put(ssargs = env.staticSlot("ARGS"), nargs);
-
/*
* Add New Batch Programs (inherit from Batch) here
*/
try {
batch.run(trans);
} catch (Exception e) {
+ trans.error().log(e);
if(cluster!=null && !cluster.isClosed()) {
cluster.close();
}
trans.auditTrail(4, sb, AuthzTrans.SUB, AuthzTrans.REMOTE);
trans.info().log(sb);
}
+ } catch (Exception e) {
+ env.warn().log(e);
} finally {
batchLog.close();
}
if(r!=null) {
Approval existing = findApproval(ur);
if(existing==null) {
- ur.row(needApproveCW,UserRole.APPROVE_UR);
+ if (org.isUserExpireExempt(ur.user(), ur.expires())) {
+ ur.row(notCompliantCW, UserRole.UR);
+ } else {
+ ur.row(needApproveCW, UserRole.APPROVE_UR,
+ "Expired user role! Membership expired " + Chrono.dateOnlyStamp(ur.expires()));
+ }
}
}
}
private Date now;
private Writer approvedW;
private CSV historyR;
- private static String yr_mon;
+ private static String yearMon;
public ApprovedRpt(AuthzTrans trans) throws APIException, IOException, OrganizationException {
super(trans.env());
historyR = new CSV(env.access(),args()[1]).setDelimiter('|');
- yr_mon = args()[0];
+ yearMon = args()[0];
} finally {
tt0.done();
}
@Override
protected void run(AuthzTrans trans) {
try {
-// ResultSet results;
-// Statement stmt = new SimpleStatement( "select dateof(id), approver, status, user, type, memo from authz.approved;" );
-// results = session.execute(stmt);
-// Iterator<Row> iter = results.iterator();
-// Row row;
- /*
- * while (iter.hasNext()) {
- ++totalLoaded;
- row = iter.next();
- d = row.getTimestamp(0);
- if(d.after(begin)) {
- approvedW.row("aprvd",
- Chrono.dateOnlyStamp(d),
- row.getString(1),
- row.getString(2),
- row.getString(3),
- row.getString(4),
- row.getString(5)
- );
- }
- }
- */
GregorianCalendar gc = new GregorianCalendar();
gc.add(GregorianCalendar.MONTH, -2);
approvedW.comment("date, approver, status, user, role, memo");
historyR.visit(row -> {
String s = row.get(7);
- if(s.equals(yr_mon)) {
+ if(s.equals(yearMon)) {
String target = row.get(5);
if("user_role".equals(target)) {
String action = row.get(1);
@Override
protected void run(AuthzTrans trans) {
List<File> files = new ArrayList<>();
+ for(String s : args()) {
+ trans.init().log(s);
+ }
+
if(args().length>0) {
File dir = new File(args()[0]);
if(dir.isDirectory()) {
}
}
}
+
for(File file : files) {
String f = file.getName();
final Feed feed = feeds.get(f.substring(0,f.length()-4));
* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
* ===========================================================================
+ * Modification Copyright © 2020 IBM.
+ * ===========================================================================
+ *
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
package org.onap.aaf.auth.batch.helpers;
-import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.assertEquals;
import static org.mockito.MockitoAnnotations.initMocks;
import java.io.IOException;
@Test
public void testNs() {
Result<NsDAO.Data> retVal = batchDataViewObj.ns(trans, "test");
- assertTrue(retVal.status == 9);
+ assertEquals(9,retVal.status);
NS n = new NS("test1", "test2", "test3", 1, 2);
NS.data.put("test", n);
retVal = batchDataViewObj.ns(trans, "test");
- assertTrue(retVal.status == 0);
+ assertEquals(0,retVal.status);
}
@Test
public void testRoleByName() {
Result<RoleDAO.Data> retVal = batchDataViewObj.roleByName(trans,
"test");
- assertTrue(retVal.status == 9);
+ assertEquals(9,retVal.status);
Role n = new Role("test1");
n.rdd = new RoleDAO.Data();
Role.byName.put("test", n);
retVal = batchDataViewObj.roleByName(trans, "test");
- assertTrue(retVal.status == 0);
+ assertEquals(0,retVal.status);
n.rdd = null;
Role.byName.put("test", n);
retVal = batchDataViewObj.roleByName(trans, "test");
- assertTrue(retVal.status == 9);
+ assertEquals(9,retVal.status);
}
@Test
public void testUrsByRole() {
Result<List<UserRoleDAO.Data>> retVal = batchDataViewObj
.ursByRole(trans, "test");
- assertTrue(retVal.status == 9);
+ assertEquals(9,retVal.status);
Role n = new Role("test1");
n.rdd = new RoleDAO.Data();
UserRole ur = new UserRole("user", "role", "ns", "rname", new Date());
(new UserRole.DataLoadVisitor()).visit(ur);
retVal = batchDataViewObj.ursByRole(trans, "role");
- assertTrue(retVal.status == 0);
+ assertEquals(retVal.status,0);
}
@Test
public void testUrsByUser() {
Result<List<UserRoleDAO.Data>> retVal = batchDataViewObj
.ursByUser(trans, "test");
- assertTrue(retVal.status == 9);
+ assertEquals(retVal.status,9);
Role n = new Role("test1");
n.rdd = new RoleDAO.Data();
UserRole ur = new UserRole("user", "role", "ns", "rname", new Date());
(new UserRole.DataLoadVisitor()).visit(ur);
retVal = batchDataViewObj.ursByUser(trans, "user");
- assertTrue(retVal.status == 0);
+ assertEquals(retVal.status,0);
}
@Test
FutureDAO.Data dataObj = new FutureDAO.Data();
dataObj.id = new UUID(1000L, 1000L);
Result<FutureDAO.Data> retVal = batchDataViewObj.delete(trans, dataObj);
- assertTrue(retVal.status == 0);
+ assertEquals(retVal.status,0);
}
@Test
dataObj.id = new UUID(1000L, 1000L);
Result<ApprovalDAO.Data> retVal = batchDataViewObj.delete(trans,
dataObj);
- assertTrue(retVal.status == 0);
+ assertEquals(retVal.status, 0);
}
dataObj.ticket = new UUID(1000L, 1000L);
Result<ApprovalDAO.Data> retVal = batchDataViewObj.insert(trans,
dataObj);
- assertTrue(retVal.status == 0);
+ assertEquals(retVal.status, 0);
}
@Test
dataObj.memo = "memo";
dataObj.construct = ByteBuffer.allocate(1000);
Result<FutureDAO.Data> retVal = batchDataViewObj.insert(trans, dataObj);
- assertTrue(retVal.status == 0);
+ assertEquals(retVal.status, 0);
dataObj.target_key = "memo";
retVal = batchDataViewObj.insert(trans, dataObj);
- assertTrue(retVal.status == 0);
+ assertEquals(retVal.status, 0);
}
@Test
public void testFlush() {
/target/
/.classpath
/*.tgz
+/.checkstyle
-aaf_data_dir=/opt/app/aaf/data
+aaf_data_dir=/opt/app/aaf/cass_init/data
aaf_root_ns=org.osaaf.aaf
cadi_latitude=38.0
cadi_longitude=-72.0
+cadi_loglevel=INFO
## Supported Plugin Organizational Units
Organization.att.com=org.onap.aaf.org.DefaultOrg
DRY_RUN=false
-CASS_ENV=DOCKER
-
-UNKNOWN.LOG_DIR=logs/DOCKER
## Cassandra Configurations, when commented out, uses LocalHost (non authenticated) and default ports
-DOCKER.cassandra.clusters=127.0.0.1
-DOCKER.cassandra.clusters.port=9042
-DOCKER.cassandra.clusters.user=cassandra
-DOCKER.cassandra.clusters.password=cassandra
-DOCKER.VERSION=3.1.0
-DOCKER.GUI_URL=https://mithrilcsp.sbc.com:8095/gui
-DOCKER.MAX_EMAILS=3
-DOCKER.SPECIAL_NAMES=aaf@aaf.osaaf.org
+cassandra.clusters=127.0.0.1
+cassandra.clusters.port=9042
+cassandra.clusters.user=cassandra
+cassandra.clusters.password=cassandra
+
+GUI_URL=https://aaf-gui.onap:8095/gui
+MAX_EMAILS=3
+SPECIAL_NAMES=aaf@aaf.osaaf.org
-cadi_loglevel=AUDIT
DIR="/opt/app/aaf/status"
INSTALLED_VERSION=/var/lib/cassandra/AAF_VERSION
AAF_INIT_DATA=/var/lib/cassandra/AAF_INIT_DATA
+CQLSH=${CQLSH:=/usr/bin/cqlsh}
if [ ! -e /aaf_cmd ]; then
ln -s /opt/app/aaf/cass_init/cmd.sh /aaf_cmd
function wait_cql {
status wait for keyspace to be initialized
for CNT in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15; do
- if [ -n "$(/usr/bin/cqlsh -e 'describe keyspaces' | grep authz)" ]; then
+ if [ -n "$($CQLSH -e 'describe keyspaces' | grep authz)" ]; then
break
else
echo "Waiting for Keyspaces to be loaded... Sleep 10"
function install_cql {
wait_start cassandra responsive
# Now, make sure data exists
- if [ ! -e $INSTALLED_VERSION ] && [ -n "$(/usr/bin/cqlsh -e 'describe keyspaces' | grep authz)" ]; then
- /usr/bin/cqlsh --request-timeout=60 -e 'DROP KEYSPACE authz'
+ if [ ! -e $INSTALLED_VERSION ] && [ -n "$($CQLSH -e 'describe keyspaces' | grep authz)" ]; then
+ $CQLSH --request-timeout=60 -e 'DROP KEYSPACE authz'
fi
- if [ -z "`/usr/bin/cqlsh --request-timeout 60 -e 'describe keyspaces' | grep authz`" ]; then
+ if [ -z "$($CQLSH --request-timeout 60 -e 'describe keyspaces' | grep authz)" ]; then
status install
echo "Initializing Cassandra DB"
echo "Docker Installed Basic Cassandra on aaf.cass. Executing the following "
echo " cd /opt/app/aaf/cass_init"
cd /opt/app/aaf/cass_init
echo " cqlsh -f keyspace.cql"
- /usr/bin/cqlsh --request-timeout=100 -f keyspace.cql
+ $CQLSH --request-timeout=100 -f keyspace.cql
status keyspace installed
echo " cqlsh -f init.cql"
- /usr/bin/cqlsh --request-timeout=100 -f init.cql
+ $CQLSH --request-timeout=100 -f init.cql
status data initialized
echo ""
echo "The following will give you a temporary identity with which to start working, or emergency"
echo " cqlsh -f temp_identity.cql"
- echo "casablanca" > $INSTALLED_VERSION
+ echo "frankfurt" > $INSTALLED_VERSION
else
echo "Cassandra DB already includes 'authz' keyspace"
fi
status prep data
bash prep.sh
status push data to cassandra
+ # bash push.sh
bash push.sh
cd -
echo $(date) > $AAF_INIT_DATA
--- /dev/null
+USE authz;
+
+// Create 'org' root NS
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org','Root Namespace','.',1,1);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org','admin',{'org.access|*|*'},'Org Admins');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org','owner',{'org.access|*|read,approve'},'Org Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org','access','*','read,approve',{'org.owner'},'Org Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org','access','*','*',{'org.admin'},'Org Write Access');
+
+
+// Create org.osaaf
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org.osaaf','OSAAF Namespace','org',2,2);
+
+INSERT INTO role(ns, name, perms,description)
+ VALUES('org.osaaf','admin',{'org.osaaf.access|*|*'},'OSAAF Admins');
+
+INSERT INTO perm(ns, type, instance, action, roles,description)
+ VALUES ('org.osaaf','access','*','*',{'org.osaaf.admin'},'OSAAF Write Access');
+
+INSERT INTO role(ns, name, perms,description)
+ VALUES('org.osaaf','owner',{'org.osaaf.access|*|read,approve'},'OSAAF Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles,description)
+ VALUES ('org.osaaf','access','*','read,appove',{'org.osaaf.owner'},'OSAAF Read Access');
+
+// Create org.osaaf.aaf
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org.osaaf.aaf','Application Authorization Framework','org.osaaf',3,3);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.osaaf.aaf','admin',{'org.osaaf.aaf.access|*|*'},'AAF Admins');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.osaaf.aaf','access','*','*',{'org.osaaf.aaf.admin'},'AAF Write Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.osaaf.aaf','access','*','read,approve',{'org.osaaf.aaf.owner'},'AAF Read Access');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.osaaf.aaf','owner',{'org.osaaf.aaf.access|*|read,approve'},'AAF Owners');
+
+// OSAAF Root
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('aaf@aaf.osaaf.org','org.admin','2018-10-31','org','admin');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('aaf@aaf.osaaf.org','org.osaaf.aaf.admin','2018-10-31','org.osaaf.aaf','admin');
+
+
# These are obtained from "gzipped" files, or pre-placed (i.e. initialization)
# in the "dats" directory
#
+
+CQLSH="${CQLSH:=/usr/bin/cqlsh} -k authz"
+
DIR=/opt/app/aaf/cass_init
cd $DIR
if [ ! -e dats ]; then
cd dats
for T in $(ls *.dat); do
if [ -s $T ]; then
- cqlsh --request-timeout=100 -e "COPY authz.${T/.dat/} FROM '$T' WITH DELIMITER='|';";
+ $CQLSH --request-timeout=100 -e "COPY authz.${T/.dat/} FROM '$T' WITH DELIMITER='|';";
fi
done
cd $DIR
echo `date`
ENV=DOCKER
-CQLSH="/usr/bin/cqlsh -k authz"
+CQLSH="${CQLSH:=/usr/bin/cqlsh} -k authz"
cd dats
if [ "$*" = "" ]; then
if [ ! "$UPLOAD" = "" ]; then
cd dats
- java -Dcadi_prop_files=../authBatch.props -DCASS_ENV=$ENV -jar ../aaf-auth-batch-*-full.jar Upload $UPLOAD
+ java -Dcadi_prop_files=../authBatch.props -DCASS_ENV=$ENV -jar ../aaf-auth-batch-*-full.jar Upload $UPLOAD 2>&1 logs/stdout
cd -
fi
COPY cass_init/*.cql /opt/app/aaf/cass_init/
COPY cass_init/*.sh /opt/app/aaf/cass_init/
COPY cass_init/*.props /opt/app/aaf/cass_init/
-COPY aaf-auth-batch-${AAF_VERSION}-full.jar /opt/app/aaf/cass_init/
+COPY aaf-auth-batch-*-full.jar /opt/app/aaf/cass_init/
COPY cass_data/*.dat /opt/app/aaf/cass_init/dats/
+COPY sample.identities.dat /opt/app/aaf/cass_init/data/identities.dat
-RUN mkdir -p /opt/app/aaf/status && chmod 777 /opt/app/aaf/status && \
- addgroup ${USER} && adduser --no-create-home --ingroup ${USER} --disabled-password --gecos "" --shell /bin/bash ${USER} && \
- chown -R ${USER}:${USER} /opt/app/aaf/cass_init
-
+RUN mkdir -p /opt/app/aaf/status &&\
+ chmod 777 /opt/app/aaf/status && \
+ if [ ! -z "${DUSER}" ]; then \
+ addgroup --gid 1000 ${DUSER}; \
+ adduser --ingroup ${DUSER} --disabled-password --gecos "" --shell /bin/bash -u 1000 ${DUSER} ; \
+ mkdir -p /var/lib/cassandra/data /var/log/cassandra ; \
+ chown -R 1000:1000 /opt/app/aaf /etc/cassandra /var/log/cassandra /var/lib/cassandra ; \
+ fi && \
+ ln -s /opt/app/aaf/cass_init/cmd.sh /aaf_cmd && chmod a+x /aaf_cmd
+USER ${DUSER}
ENTRYPOINT ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh"]
CMD ["start"]
# Default is to start up with CQL setup only
fi
DOCKER=${DOCKER:-docker}
+function SCP() {
+ SANS=${1/-SNAPSHOT/}
+ echo $1 = $SANS
+ if [ -e $SANS ]; then
+ cp $SANS $2
+ else
+
+ ln $1 $SANS
+ cp $SANS $2
+ rm $SANS
+ fi
+}
+
echo "$0: Building aaf_cass Container for aaf_cass:$VERSION"
# default nexus repo only contains Amd64 images, use docker.io for multi-platform builds
DIR=$(pwd)
cd ..
-sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \
- -e 's/${USER}/'${USER}'/g' \
+sed -e 's/${AAF_VERSION}/'${VERSION/-SNAPSHOT/}'/g' \
+ -e 's/${DUSER}/'${DUSER}'/g' \
-e 's/${REGISTRY}/'${DOCKER_PULL_REGISTRY}'/g' \
$DIR/Dockerfile.cass > Dockerfile
cd ..
+pwd
cp -Rf sample/cass_data auth-cass/cass_data
cp sample/data/sample.identities.dat auth-cass
-pwd
-ls -ltr auth-batch/target
-cp auth-batch/target/aaf-auth-batch-$VERSION-full.jar auth-cass
+SCP auth-batch/target/aaf-auth-batch-$VERSION-full.jar auth-cass
echo "$0: $DOCKER build -t ${ORG}/${PROJECT}/aaf_cass:${VERSION} auth-cass"
$DOCKER build -t ${ORG}/${PROJECT}/aaf_cass:${VERSION} auth-cass
rm Dockerfile
rm -Rf cass_data
rm sample.identities.dat
-rm aaf-auth-batch-$VERSION-full.jar
+rm aaf-auth-batch-*-full.jar
cd $DIR
if [ -e ../../docker/d.props ]; then
. ../../docker/d.props
fi
-${DOCKER:=docker} exec -it aaf-cass /usr/bin/cqlsh -k authz
+${DOCKER:=docker} exec -it aaf-cass ${CQLSH:=/usr/bin/cqlsh} -k authz
. ../../docker/d.props
fi
DOCKER=${DOCKER:-docker}
-
-if [ "$1" = "publish" ]; then
+if [ "$DOCKER" = "podman" ]; then
+ PODNAME=aaf-cass.onap
+ if $(podman pod exists $PODNAME); then
+ echo "Using existing 'podman' pod $PODNAME"
+ POD="--pod $PODNAME "
+ else
+ echo "Create new 'podman' pod $PODNAME"
+ # Note: Cassandra needs "infra" to work
+ # Keep in separate pod
+ #podman pod create --infra=true -n $PODNAME --publish 9042:9042
+ podman pod create --infra=false -n $PODNAME
+ #POD="--pod new:$PODNAME "
+ POD="--pod $PODNAME "
+ PUBLISH='--publish 9042:9042 '
+ fi
+else
PUBLISH='--publish 9042:9042 '
fi
-e CASSANDRA_CLUSTER_NAME=osaaf \
-v "aaf_cass_data:/var/lib/cassandra" \
-v "aaf_status:/opt/app/aaf/status" \
+ ${POD} \
$PUBLISH \
-d ${PREFIX}${ORG}/${PROJECT}/aaf_cass:${VERSION} "onap"
else
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<artifactId>slf4j-log4j12</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.onap.aaf.authz</groupId>
+ <artifactId>aaf-auth-deforg</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
<plugins>
if(CredDAO.CERT_SHA256_RSA == type) {
return;
}
+ byte ba[];
CredDAO.Data cdd = new CredDAO.Data();
cdd.id=row.get(0);
cdd.type = type;
try {
cdd.expires = sdf.parse(row.get(2));
- cdd.cred = ByteBuffer.wrap(Hash.fromHex(row.get(3)));
+ // Note: Note sure this can be null, but throwing was
+ // part of original "fromHex" method. Remove if you can
+ // prove ba will never be null J - May 19,2020
+ if((ba=Hash.fromHex(row.get(3)))==null) {
+ throw new CadiException("Invalid Cred");
+ }
+ cdd.cred = ByteBuffer.wrap(ba);
cdd.notes= row.get(4);
cdd.ns = row.get(5);
cdd.other = Integer.parseInt(row.get(6));
}
for (CredDAO.Data cd : cdr.value) {
- if (cd.expires.after(now)) {
+ if (cd.expires.after(now) || trans.org().isUserExpireExempt(cd.id, cd.expires)) {
return Result.ok();
}
}
List<UserRoleDAO.Data> list = rurdd.value;
List<String> rv = new ArrayList<>(list.size()); // presize
for (UserRoleDAO.Data urdd : rurdd.value) {
- if (includeExpired || urdd.expires.after(now)) {
+ if (includeExpired || urdd.expires.after(now) || trans.org().isUserExpireExempt(urdd.user, urdd.expires)) {
rv.add(urdd.user);
}
}
List<UserRoleDAO.Data> lurdd = new ArrayList<>();
Date now = new Date();
for (UserRoleDAO.Data urdd : userRoles.value) {
- if (urdd.expires.after(now)) { // Remove Expired
+ if (urdd.expires.after(now) || trans.org().isUserExpireExempt(user, urdd.expires)) { // Remove Expired
lurdd.add(urdd);
}
}
if (!cdd.id.equals(user)) {
trans.error().log("doesUserCredMatch DB call does not match for user: " + user);
}
- if (cdd.expires.after(now)) {
+ if (cdd.expires.after(now) || trans.org().isUserExpireExempt(cdd.id, cdd.expires)) {
byte[] dbcred = cdd.cred.array();
try {
if (rur.isOKhasData()) {
Date now = new Date();
for (UserRoleDAO.Data urdd : rur.value){
- if (urdd.expires.after(now)) {
+ if (urdd.expires.after(now) || trans.org().isUserExpireExempt(urdd.user, urdd.expires)) {
return true;
}
}
Result<List<UserRoleDAO.Data>> rur = userRoleDAO().read(trans, user,ns+DOT_OWNER);
if (rur.isOKhasData()) {for (UserRoleDAO.Data urdd : rur.value){
Date now = new Date();
- if (urdd.expires.after(now)) {
+ if (urdd.expires.after(now) || trans.org().isUserExpireExempt(urdd.user, urdd.expires)) {
return true;
}
}};
Date now = new Date();
int count = 0;
if (rur.isOKhasData()) {for (UserRoleDAO.Data urdd : rur.value){
- if (urdd.expires.after(now)) {
+ if (urdd.expires.after(now) || trans.org().isUserExpireExempt(urdd.user, urdd.expires)) {
++count;
}
}};
import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.misc.env.LogTarget;
+import org.onap.aaf.org.DefaultOrg;
@RunWith(MockitoJUnitRunner.class)
Result<List<UserRoleDAO.Data>> retVal1 = Mockito.mock(Result.class);
retVal1.value = new ArrayList<UserRoleDAO.Data>();
UserRoleDAO.Data dataObj = Mockito.mock( UserRoleDAO.Data.class);
-
dataObj.expires = new Date();
retVal1.value.add(dataObj);
Mockito.doReturn(true).when(retVal1).isOKhasData();
+
Mockito.doReturn(retVal1).when(userRoleDAO).readByUser(trans,"");
- PermLookup cassExecutorObj =PermLookup.get(trans, q,"");
+
+ DefaultOrg org = Mockito.mock(DefaultOrg.class);
+ when(trans.org()).thenReturn(org);
+
+ PermLookup cassExecutorObj = PermLookup.get(trans, q,"");
Result<List<UserRoleDAO.Data>> userRoles = cassExecutorObj.getUserRoles();
//System.out.println(""+userRoles.status);
Mockito.doReturn(false).when(retVal1).isOKhasData();
Mockito.doReturn(retVal1).when(userRoleDAO).readByUser(trans,"");
- PermLookup cassExecutorObj =PermLookup.get(trans, q,"");
+
+ DefaultOrg org = Mockito.mock(DefaultOrg.class);
+ when(trans.org()).thenReturn(org);
+
+ PermLookup cassExecutorObj = PermLookup.get(trans, q,"");
Result<List<UserRoleDAO.Data>> userRoles = cassExecutorObj.getUserRoles();
// System.out.println("output is"+userRoles.status);
retVal1.value.add(dataObj);
Mockito.doReturn(true).when(retVal1).isOKhasData();
Mockito.doReturn(retVal1).when(userRoleDAO).readByUser(trans,"");
- PermLookup cassExecutorObj =PermLookup.get(trans, q,"");
+
+ DefaultOrg org = Mockito.mock(DefaultOrg.class);
+ when(trans.org()).thenReturn(org);
+
+ PermLookup cassExecutorObj = PermLookup.get(trans, q,"");
Result<List<UserRoleDAO.Data>> userRoles = cassExecutorObj.getUserRoles();
//System.out.println(userRoles.status);
/.settings/
/target/
/.project
+/.checkstyle
+
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<commandLineArguments>
<commandLineArgument>cadi_prop_files=${project.ext_root_dir}/etc/org.osaaf.aaf.cm.props</commandLineArgument>
<commandLineArgument>cadi_log_dir=${project.ext_root_dir}/logs/cm</commandLineArgument>
+ <commandLineArgument>cadi_etc_dir=${project.ext_root_dir}/etc</commandLineArgument>
</commandLineArguments>
</program>
</programs>
/.settings/
/target/
/.project
+/.checkstyle
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<groupId>jline</groupId>
<artifactId>jline</artifactId>
<version>2.14.2</version>
- </dependency>
-
+ </dependency>
</dependencies>
<distributionManagement>
import aaf.v2_0.History.Item;
import aaf.v2_0.Request;
-
public abstract class Cmd {
// Sonar claims DateFormat is not thread safe. Leave as Instance Variable.
private final DateFormat dateFmt = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss:SSS");
sb.append(", ");
sb.append(desc);
}
- pw().println(sb);
+ pw().println(sb.toString());
}
public class List extends BaseCmd<NS> {
- private static final String cformat = " %-30s %-6s %-24s\n";
+ private static final String cformat = " %-30s %-6s %-24s %-20s\n";
private static final String pformat = " %-30s %-24s %-15s\n";
private static final String sformat = " %-72s\n";
protected static final String kformat = " %-72s\n";
if (this.aafcli.isTest()) {
pw().format(sformat,u.getId());
} else {
- pw().format(cformat,u.getId(),getType(u),Chrono.niceDateStamp(u.getExpires()));
+ pw().format(cformat,u.getId(),getType(u),Chrono.niceDateStamp(u.getExpires()),u.getTag());
}
}
}
/.settings/
/target/
/.project
+/.checkstyle
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
- </dependency>
+ </dependency>
</dependencies>
<build>
public void setTestMode(boolean dryRun);
+ /**
+ * Evaluates a user to determine if they are exempt from role and cred expiration.
+ * Returns true if true, false if false. Default implementation is always false.
+ *
+ * @param user
+ * @param expires
+ * @return
+ */
+ public boolean isUserExpireExempt(String user, Date expires);
+
public static final Organization NULL = new Organization()
{
private final GregorianCalendar gc = new GregorianCalendar(1900, 1, 1);
return null;
}
+ @Override
+ public boolean isUserExpireExempt(String user, Date expires) {
+ return false;
+ }
+
};
}
}
if(deleted) {
service.access.log(Level.INIT, "Deleted Status",status.getAbsolutePath());
- } else {
+ } else if(status.exists()) {
service.access.log(Level.INIT, "Status not deleted: ",status.getAbsolutePath());
}
service.destroy();
/.settings/
/target/
/.project
-
+/.checkstyle
<artifactId>authparent</artifactId>
<relativePath>../pom.xml</relativePath>
<groupId>org.onap.aaf.authz</groupId>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
</parent>
<artifactId>aaf-auth-deforg</artifactId>
root_ns = env.getProperty(Config.AAF_ROOT_NS,Config.AAF_ROOT_NS_DEF);
try {
- String defFile;
- String temp=env.getProperty(defFile = (getClass().getName()+".file"));
+ String temp=env.getProperty(realm +".file");
File fIdentities=null;
if (temp==null) {
temp = env.getProperty(AAF_DATA_DIR);
if (temp!=null) {
- env.warn().log(defFile, " is not defined. Using default: ",temp+"/identities.dat");
+ env.warn().log("Datafile for " + realm + " is not defined. Using default: ",temp+"/identities.dat");
File dir = new File(temp);
fIdentities=new File(dir,"identities.dat");
return 0;
}
}
+
+ @Override
+ public boolean isUserExpireExempt(String user, Date expires) {
+ return false;
+ }
}
/.settings/
/target/
/.project
-
+/.checkstyle
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-cadi-core</artifactId>
- </dependency>
+ </dependency>
</dependencies>
<build>
import org.onap.aaf.cadi.register.Registrant;
import org.onap.aaf.cadi.register.RemoteRegistrant;
-
-
public class AAF_FS extends AbsService<AuthzEnv, AuthzTrans> {
public AAF_FS(final AuthzEnv env) throws IOException, CadiException {
/.settings/
/target/
/.project
+/.checkstyle
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
}
first=false;
hgen.end().leaf(HTMLGen.TD,cls,STYLE_WIDTH_70)
- .text(Chrono.niceDateStamp(u.getExpires()))
+ .text(Chrono.niceDateStamp(u.getExpires()) + ", TAG ID: " + u.getTag())
.end();
hgen.end(uRow);
/.settings/
/target/
/.project
+/.checkstyle
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-cadi-aaf</artifactId>
- </dependency>
-
+ </dependency>
+
</dependencies>
<build>
/.settings/
/target/
/.project
+/.checkstyle
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-misc-rosetta</artifactId>
- </dependency>
+ </dependency>
+
</dependencies>
<build>
import org.onap.aaf.auth.dao.CassAccess;
import org.onap.aaf.auth.dao.cass.ConfigDAO;
import org.onap.aaf.auth.dao.cass.LocateDAO;
+import org.onap.aaf.auth.dao.hl.Question;
import org.onap.aaf.auth.direct.DirectLocatorCreator;
import org.onap.aaf.auth.direct.DirectRegistrar;
import org.onap.aaf.auth.env.AuthzEnv;
public final ConfigDAO configDAO;
private Locator<URI> dal;
-
+ public final Question question;
/**
* Construct AuthzAPI with all the Context Supporting Routes that Authz needs
*
}
}
+ question = new Question(trans, cluster, CassAccess.KEYSPACE);
////////////////////////////////////////////////////////////////////////////
// Time Critical
////////////////////////////////////////////////////////////////////////
API_AAFAccess.init(this,facade);
API_Find.init(this, facade);
- API_Proxy.init(this, facade);
+ API_Proxy.init(this, facade, question);
////////////////////////////////////////////////////////////////////////
// Management APIs
redirectURL.append('?');
redirectURL.append(str);
}
- trans.info().log("Redirect to",redirectURL);
+ trans.info().log("Redirect to",redirectURL);
resp.sendRedirect(redirectURL.toString());
} else {
context.error(trans, resp, Result.err(Result.ERR_NotFound,"No Locations found for redirection"));
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.http.HttpStatus;
+import org.onap.aaf.auth.dao.hl.Question;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.locate.AAF_Locate;
import org.onap.aaf.auth.locate.BasicAuthCode;
import org.onap.aaf.auth.locate.mapper.Mapper.API;
import org.onap.aaf.auth.rserv.HttpMethods;
import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.Symm;
import org.onap.aaf.cadi.client.Future;
import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.cadi.client.Retryable;
import org.onap.aaf.cadi.oauth.OAuth2Principal;
import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.Env;
+import org.onap.aaf.misc.env.LogTarget;
import org.onap.aaf.misc.env.TimeTaken;
/**
* @param facade
* @throws Exception
*/
- public static void init(final AAF_Locate gwAPI, LocateFacade facade) {
+ public static void init(final AAF_Locate gwAPI, LocateFacade facade, final Question question) {
String aafurl = gwAPI.access.getProperty(Config.AAF_URL,null);
if (aafurl!=null) {
gwAPI.routeAll(HttpMethods.GET,"/proxy/:path*",API.VOID,new LocateCode(facade,"Proxy GET", true) {
@Override
public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {
+ populateCredentialTag(trans, req, question);
if ("/proxy/authn/basicAuth".equals(req.getPathInfo()) && !(req.getUserPrincipal() instanceof OAuth2Principal)) {
bac.handle(trans, req, resp);
} else {
});
}
}
+
+ /**
+ * Populates TAG value for the user from DB
+ *
+ * @param trans
+ * @param req
+ * @param question
+ */
+ private static void populateCredentialTag(AuthzTrans trans, HttpServletRequest req, Question question) {
+
+ try {
+ String authz = req.getHeader("Authorization");
+ String decoded = Symm.base64noSplit.decode(authz.substring(6));
+ int colon = decoded.indexOf(':');
+ // Update transaction object with TAG information from DB
+ question.doesUserCredMatch(trans, decoded.substring(0, colon), decoded.substring(colon + 1).getBytes());
+ String tag = trans.getTag();
+ if (null != tag) {
+ req.setAttribute("CRED_TAG", tag);
+ }
+ } catch (Exception e) {
+ LogTarget lt = trans.error();
+ lt.log("Exception occured while fetching TAG details from DB :" + e.getMessage());
+ }
+ }
}
/.settings/
/target/
/.project
+/.checkstyle
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
/target/
/.project
/logs/
+/.checkstyle
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
/sdnc
/working
/target
+/ldrun.sh
+/.checkstyle
COPY bin/client.sh /opt/app/aaf_config/bin/agent.sh
COPY bin/pod_wait.sh /opt/app/aaf_config/bin/pod_wait.sh
COPY bin/aaf-cadi-aaf-${JAR_VERSION}-full.jar /opt/app/aaf_config/bin/
-COPY bin/aaf-cadi-servlet-sample-*-sample.jar /opt/app/aaf_config/bin/
+#COPY bin/aaf-cadi-servlet-sample-*-sample.jar /opt/app/aaf_config/bin/
COPY cert/*trust*.b64 /opt/app/aaf_config/cert/
-RUN chmod 755 /opt/app/aaf_config/bin/* &&\
- if [ -n "${DUSER}" ]; then chown -R ${DUSER}:${DUSER} /opt/app/aaf_config; fi
CMD []
+
+RUN mkdir -p /opt/app/osaaf/local && \
+ if [ -n "${DUSER}" ]; then \
+ addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash; \
+ chown ${DUSER}:${DUSER} /opt/app/osaaf/local; \
+ fi
+# Note: User added if in d.props
# ============LICENSE_END====================================================
#
# Use dbuild.sh input parameter to set registry
-#FROM ${REGISTRY}/openjdk:11-jre-slim
#FROM ${REGISTRY}/openjdk:8-jdk-alpine
FROM ${REGISTRY}/alpine
-#FROM openjdk:12-jdk-alpine
-#FROM openjdk:13-jdk-alpine
MAINTAINER AAF Team, AT&T 2018
LABEL description="aaf_base"
ENV JAVA_HOME /usr/lib/jvm/java-11-openjdk
-RUN apk --no-cache add openjdk11 &&\
- apk add --no-cache bash &&\
+
+RUN apk add --no-cache bash &&\
+ apk --no-cache add openjdk11 &&\
apk add --no-cache openssl &&\
- apk add --no-cache curl &&\
- if [ -n "${DUSER}" ]; then addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash; fi
+ apk add --no-cache curl
+
+# mkdir -p /opt/app/aaf/status
+# addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash
+# Note: User added if in d.props
COPY bin/aaf-auth-cmd-${JAR_VERSION}-full.jar /opt/app/aaf_config/bin/
COPY bin/aaf-auth-batch-${JAR_VERSION}-full.jar /opt/app/aaf_config/bin/
-RUN mkdir -p /opt/app/osaaf &&\
- chmod 755 /opt/app/aaf_config/bin/*.sh &&\
- if [ -n "${DUSER}" ]; then chown ${DUSER}:${DUSER} /opt/app/osaaf && chown -R ${DUSER}:${DUSER} /opt/app/aaf_config; fi
-
+RUN mkdir -p /opt/app/aaf /opt/app/osaaf/logs && \
+ if [ -n "${DUSER}" ]; then \
+ addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash; \
+ chown -R ${DUSER}:${DUSER} /opt/app/aaf /opt/app/osaaf /opt/app/aaf_config; \
+ fi && \
+ chmod 774 /opt/app/aaf_config/bin/*.sh
+
CMD ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"]
+# Note: User added if in d.props
+# if [ -n "${DUSER}" ]; then \
+# addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash; \
+# chown -R ${DUSER}:${DUSER} /opt/app/aaf /opt/app/aaf_config; \
+# fi && \
COPY bin /opt/app/aaf/bin
COPY theme/ /opt/app/aaf/theme/
-RUN mkdir -p /opt/app/osaaf &&\
- mkdir -p /opt/app/aaf/status &&\
- chmod 755 /opt/app/aaf/bin/* &&\
- if [ -n "${DUSER}" ]; then chown ${DUSER}:${DUSER} /opt/app/aaf/status \
- && chown ${DUSER}:${DUSER} /opt/app/osaaf \
- && chown -R ${DUSER}:${DUSER} /opt/app/aaf;\
+RUN mkdir -p /opt/app/aaf && \
+ if [ -n "${DUSER}" ]; then \
+ addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash ;\
+ chown -R ${DUSER}:${DUSER} /opt/app/aaf ;\
+ chmod 774 /opt/app/aaf/bin/* ;\
fi
+# Note: User added if in d.props
COPY bin/pod_wait.sh /opt/app/aaf/bin/
COPY lib /opt/app/aaf/lib
COPY bin/hello /opt/app/aaf/bin/
-COPY etc /opt/app/aaf/etc
-COPY logs /opt/app/aaf/logs
+COPY etc /opt/app/osaaf/etc
+COPY logs /opt/app/osaaf/logs
-RUN mkdir -p /opt/app/osaaf &&\
- mkdir -p /opt/app/aaf/status &&\
- chmod 755 /opt/app/aaf/bin/* &&\
- if [ -n "${DUSER}" ]; then chown ${DUSER}:${DUSER} /opt/app/aaf/status \
- && chown ${DUSER}:${DUSER} /opt/app/osaaf \
- && chown -R ${DUSER}:${DUSER} /opt/app/aaf;\
+RUN mkdir -p /opt/app/aaf /opt/app/osaaf/logs/hello /opt/app/osaaf/local && \
+ if [ -n "${DUSER}" ]; then \
+ addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash ;\
+ chown -R ${DUSER}:${DUSER} /opt/app/aaf /opt/app/osaaf;\
+ chmod 774 /opt/app/aaf/bin/* ;\
fi
CMD []
+
+# Note: User added if in d.props
. ./d.props
-DOCKER=${DOCKER:=docker}
-# if something, may not want CASS attached all the tim
-#LINKS="--link $CASSANDRA_DOCKER"
+DOCKER=${DOCKER:-docker}
+if [ "$DOCKER" = "podman" ]; then
+ PODNAME=${PODNAME:-$HOSTNAME}
+ if $(podman pod exists $PODNAME); then
+ echo "Using existing 'podman' pod $PODNAME"
+ LINKS="--pod $PODNAME "
+ #else
+ #echo "Create new 'podman' pod $PODNAME"
+ #podman pod create --infra=true -n $PODNAME --publish 8100:8100
+ fi
+ LINKS="--pod $PODNAME "
+fi
# DOCKER doesn't have DNS out of the box, only links.
# so we add cm_always_ignore_ips in --env
fi
$DOCKER run -it --rm \
${USER_LINE} \
- -v "${VOLUME}:/opt/app/osaaf" \
+ -v "${VOLUME}:/opt/app/osaaf/local" \
--add-host="$AAF_FQDN:$AAF_FQDN_IP" \
+ $USER_LINE \
--env AAF_FQDN=${AAF_FQDN} \
--env DEPLOY_FQI=${DEPLOY_FQI} \
--env DEPLOY_PASSWORD=${DEPLOY_PASSWORD} \
mkdir -p ~/.aaf
> $HOME/.aaf/sso.props
sso aaf_locate_url "https://$AAF_FQDN:8095"
+ sso aaf_url_cm "https://$AAF_FQDN:8150"
sso cadi_latitude "$LATITUDE"
sso cadi_longitude "$LONGITUDE"
sso cadi_loglevel "DEBUG"
# Note: Override can happen on dbuild.sh Commandline, -r <registry>
DOCKER_PULL_REGISTRY=nexus3.onap.org:10001
DOCKER_REPOSITORY=nexus3.onap.org:10003
-VERSION=2.1.17-SNAPSHOT
+VERSION=2.1.20-SNAPSHOT
CONF_ROOT_DIR=/opt/app/osaaf
# For local builds, set PREFIX=
PREFIX="$DOCKER_REPOSITORY/"
# Remove "SNAPSHOT" from AAF Jars in Containers
JAR_VERSION=${VERSION/-SNAPSHOT/}
+function SCP() {
+ SANS=${1/-SNAPSHOT/}
+ echo $1 = $SANS
+ if [ -e $SANS ]; then
+ cp $SANS $2
+ else
+
+ ln $1 $SANS
+ cp $SANS $2
+ rm $SANS
+ fi
+}
+
# process input. originally, an optional positional parameter is used to designate a component.
# A flagged parameter has been added to optionally indicate docker pull registry. Ideally, options
# would be flagged but we're avoiding ripple effect of changing original usage
else
DOCKER_PULL_REGISTRY=$3
fi
+ shift
fi
fi
fi
DOCKER=${DOCKER:=docker}
-echo "Building Containers for aaf components, version $VERSION"
-# AAF_cass now needs a version...
-echo "### Build Cass"
-cd ../auth-cass/docker
-pwd
-bash ./dbuild.sh $DOCKER_PULL_REGISTRY
-cd -
-
########
-# First, build a AAF Base version - set the core image, etc
-echo "### Build Base"
-sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \
- -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \
- -e 's/${DUSER}/'${DUSER}'/g' \
- -e 's/${REGISTRY}/'${DOCKER_PULL_REGISTRY}'/g' \
- Dockerfile.base > Dockerfile
-$DOCKER build -t ${ORG}/${PROJECT}/aaf_base:${VERSION} .
-$DOCKER tag ${ORG}/${PROJECT}/aaf_base:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_base:${VERSION}
-$DOCKER tag ${ORG}/${PROJECT}/aaf_base:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_base:latest
-rm Dockerfile
-
-function SCP() {
- SANS=${1/-SNAPSHOT/}
- echo $1 = $SANS
- if [ -e $SANS ]; then
- cp $SANS $2
- else
-
- ln $1 $SANS
- cp $SANS $2
- rm $SANS
- fi
-}
+# Preliminary: if Cass exists, build that first
+if [[ -z "$1" || "$1" = "cass" ]]; then
+ echo "#### Delegate to Cassandra build"
+ echo "Building Containers for aaf components, version $VERSION"
+ # AAF_cass now needs a version...
+ echo "### Build Cass"
+ cd ../auth-cass/docker
+ bash ./dbuild.sh $DOCKER_PULL_REGISTRY
+ cd -
+fi
-########
-# Second, Create the AAF Config (Security) Images
+if [[ -z "$1" || "$1" = "base" ]]; then
+ ########
+ # First, build a AAF Base version - set the core image, etc
+ echo "### Build Base"
+ sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \
+ -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \
+ -e 's/${DUSER}/'${DUSER}'/g' \
+ -e 's/${REGISTRY}/'${DOCKER_PULL_REGISTRY}'/g' \
+ Dockerfile.base > Dockerfile
+ $DOCKER build -t ${ORG}/${PROJECT}/aaf_base:${VERSION} .
+ $DOCKER tag ${ORG}/${PROJECT}/aaf_base:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_base:${VERSION}
+ $DOCKER tag ${ORG}/${PROJECT}/aaf_base:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_base:latest
+ rm Dockerfile
+fi
+
+# Common copies
cd ..
-# Note: only 2 jars each in Agent/Config
-SCP auth-cmd/target/aaf-auth-cmd-$VERSION-full.jar sample/bin
-SCP auth-batch/target/aaf-auth-batch-$VERSION-full.jar sample/bin
SCP ../cadi/aaf/target/aaf-cadi-aaf-${VERSION}-full.jar sample/bin
-SCP ../cadi/servlet-sample/target/aaf-cadi-servlet-sample-${VERSION}-sample.jar sample/bin
-cp -Rf ../conf/CA sample
-
-# AAF Config image (for AAF itself)
-echo "### Build Config"
-sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \
- -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \
- -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \
- -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \
- -e 's/${DUSER}/'${DUSER}'/g' \
- docker/Dockerfile.config > sample/Dockerfile
-$DOCKER build -t ${ORG}/${PROJECT}/aaf_config:${VERSION} sample
-$DOCKER tag ${ORG}/${PROJECT}/aaf_config:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_config:${VERSION}
-$DOCKER tag ${ORG}/${PROJECT}/aaf_config:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_config:latest
-
-
-# AAF Agent Image (for Clients)
-echo "### Build Agent"
-sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \
- -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \
- -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \
- -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \
- -e 's/${DUSER}/'${DUSER}'/g' \
- docker/Dockerfile.agent > sample/Dockerfile
-$DOCKER build -t ${ORG}/${PROJECT}/aaf_agent:${VERSION} sample
-$DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:${VERSION}
-$DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:latest
+
+if [[ -z "$1" || "$1" = "config" ]]; then
+ ########
+ # Second, Create the AAF Config (Security) Images
+ # Note: only 2 jars each in Agent/Config
+ SCP auth-cmd/target/aaf-auth-cmd-$VERSION-full.jar sample/bin
+ SCP auth-batch/target/aaf-auth-batch-$VERSION-full.jar sample/bin
+ SCP ../cadi/servlet-sample/target/aaf-cadi-servlet-sample-${VERSION}-sample.jar sample/bin
+ cp -Rf ../conf/CA sample
+
+ # AAF Config image (for AAF itself)
+ echo "### Build Config"
+ sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \
+ -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \
+ -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \
+ -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \
+ -e 's/${DUSER}/'${DUSER}'/g' \
+ docker/Dockerfile.config > sample/Dockerfile
+ # Note: do Config as Root, to get directories correct
+ $DOCKER build -t ${ORG}/${PROJECT}/aaf_config:${VERSION} sample
+ $DOCKER tag ${ORG}/${PROJECT}/aaf_config:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_config:${VERSION}
+ $DOCKER tag ${ORG}/${PROJECT}/aaf_config:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_config:latest
+fi
+
+if [[ -z "$1" || "$1" = "agent" ]]; then
+ # AAF Agent Image (for Clients)
+ echo "### Build Agent"
+ sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \
+ -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \
+ -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \
+ -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \
+ -e 's/${DUSER}/'${DUSER}'/g' \
+ docker/Dockerfile.agent > sample/Dockerfile
+ #if [ -n "$DUSER" ]; then
+ # echo "USER $DUSER" >> sample/Dockerfile
+ #fi
+ $DOCKER build -t ${ORG}/${PROJECT}/aaf_agent:${VERSION} sample
+ $DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:${VERSION}
+ $DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:latest
+
+fi
# Clean up
-rm sample/Dockerfile sample/bin/aaf-*-*.jar
-rm -Rf sample/CA
+rm -Rf sample/Dockerfile sample/bin/aaf-*-*.jar sample/CA
cd -
-
########
# Third Copy AAF Executables to a BUILD Directory, for easy Cleanup
echo "### Copy to aaf_DBUILD"
done
cd ${START_DIR}
fi
-
-########
-# Third, build a core Docker Image to be used for all AAF Components
cp ../sample/bin/pod_wait.sh ../aaf_DBUILD/bin
-# Apply currrent Properties to Docker file, and put in place.
-sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \
- -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \
- -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \
- -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \
- -e 's/${DUSER}/'${DUSER}'/g' \
- Dockerfile.core >../aaf_DBUILD/Dockerfile
-cd ..
-
-echo "### Building Core"
-# Don't need "Hello" App in core
-mv aaf_DBUILD/lib/aaf-auth-hello-${JAR_VERSION}* /tmp
-$DOCKER build -t ${ORG}/${PROJECT}/aaf_core:${VERSION} aaf_DBUILD
-$DOCKER tag ${ORG}/${PROJECT}/aaf_core:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_core:${VERSION}
-$DOCKER tag ${ORG}/${PROJECT}/aaf_core:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_core:latest
-rm aaf_DBUILD/Dockerfile
-mv /tmp/aaf-auth-hello-${JAR_VERSION}* aaf_DBUILD/lib
-
-########
-# Fourth, do Hello
-# Apply currrent Properties to Docker file, and put in place.
-echo "### Building Hello"
-cd -
-sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \
- -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \
- -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \
- -e 's/${DUSER}/'${DUSER}'/g' \
- Dockerfile.hello >../aaf_DBUILD/Dockerfile
-cd ..
-
-cp -Rf sample/etc aaf_DBUILD
-cp -Rf sample/logs aaf_DBUILD
-
-for C in cass certman cmd deforg fs gui locate oauth service; do
- rm aaf_DBUILD/lib/aaf-auth-$C-*
-done
+if [[ -z "$1" || "$1" = "core" ]]; then
+ ########
+ # Fourth, build a core Docker Image to be used for all AAF Components
+ # Apply currrent Properties to Docker file, and put in place.
+ sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \
+ -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \
+ -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \
+ -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \
+ -e 's/${DUSER}/'${DUSER}'/g' \
+ Dockerfile.core >../aaf_DBUILD/Dockerfile
+ if [ -n "$DUSER" ]; then
+ echo "USER $DUSER" >> ../aaf_DBUILD/Dockerfile
+ fi
+ cd ..
+
+ $DOCKER build -t ${ORG}/${PROJECT}/aaf_core:${VERSION} aaf_DBUILD
+ $DOCKER tag ${ORG}/${PROJECT}/aaf_core:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_core:${VERSION}
+ $DOCKER tag ${ORG}/${PROJECT}/aaf_core:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_core:latest
+ rm aaf_DBUILD/Dockerfile
+
+ cd -
+fi
-$DOCKER build -t ${ORG}/${PROJECT}/aaf_hello:${VERSION} aaf_DBUILD
-$DOCKER tag ${ORG}/${PROJECT}/aaf_hello:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_hello:${VERSION}
-$DOCKER tag ${ORG}/${PROJECT}/aaf_hello:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_hello:latest
+if [[ -z "$1" || "$1" = "hello" ]]; then
+ ########
+ # Fifth, do Hello
+ # Apply currrent Properties to Docker file, and put in place.
+ echo "### Building Hello"
+ cp ../sample/bin/client.sh ../aaf_DBUILD/bin
+ cp ../sample/hello/init.sh ../aaf_DBUILD/bin/hello_init.sh
+ SCP ../../cadi/aaf/target/aaf-cadi-aaf-${VERSION}-full.jar ../aaf_DBUILD/bin
+
+ sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \
+ -e 's/${JAR_VERSION}/'${JAR_VERSION}'/g' \
+ -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \
+ -e 's/${DUSER}/'${DUSER}'/g' \
+ Dockerfile.hello >../aaf_DBUILD/Dockerfile
+ #if [ -n "$DUSER" ]; then
+ # echo "USER $DUSER" >> ../aaf_DBUILD/Dockerfile
+ #fi
+
+ cd ..
+ cp -Rf sample/etc aaf_DBUILD
+ cp -Rf sample/logs aaf_DBUILD
+ cp -Rf sample/cert aaf_DBUILD
+
+ for C in cass certman cmd deforg fs gui locate oauth service; do
+ rm aaf_DBUILD/lib/aaf-auth-$C-*
+ done
+ $DOCKER build -t ${ORG}/${PROJECT}/aaf_hello:${VERSION} aaf_DBUILD
+ if [ -n ${DOCKER_REPOSITORY} ]; then
+ $DOCKER tag ${ORG}/${PROJECT}/aaf_hello:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_hello:${VERSION}
+ $DOCKER tag ${ORG}/${PROJECT}/aaf_hello:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_hello:latest
+ fi
+ cd -
+fi
# Final cleanup
-rm -Rf aaf_DBUILD
+rm -Rf ../aaf_DBUILD
-cd -
. ./d.props
DOCKER=${DOCKER:=docker}
+if [ "$1" == "all" ]; then
+ AAF_COMPONENTS=cass
+ shift
+fi
if [ "$1" == "" ]; then
AAF_COMPONENTS="$(cat components) config core agent base "
else
AAF_COMPONENTS="$@"
fi
+# All the NORMAL services use common directory
+# remove this for Hello, which we want non shared
+CONFIG="-v aaf_config:$CONF_ROOT_DIR"
+if [ -n "${DUSER}" ]; then
+ THE_USER="--user $DUSER"
+fi
+IMAGE="${PREFIX}${ORG}/${PROJECT}/aaf_core:${VERSION}"
+
for AAF_COMPONENT in ${AAF_COMPONENTS}; do
LINKS=""
CMD_LINE=""
CMD_LINE="cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-fs aaf-locate && exec bin/fs"
;;
"hello")
- PUBLISH="--publish 8130:8130"
LINKS="--link aaf-service --link aaf-locate --link aaf-oauth --link aaf-cm"
- CMD_LINE="cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-hello aaf-locate && exec bin/hello"
+ CONFIG="-v aaf_hello_config:/opt/app/osaaf/local"
+
+ # Since Helm based element have init-containers, take the same approach here.
+ if [ -z "$(docker volume ls | grep aaf_hello_config)" ]; then
+ echo Init Hello Config Container
+
+ echo -n "Creating Volume: "
+ $DOCKER volume create -d local aaf_hello_config
+
+ $DOCKER run --rm --name aaf_hello_config ${LINKS} \
+ $CONFIG \
+ --env AAF_FQDN=$HOSTNAME \
+ --env DEPLOY_FQI=deployer@people.osaaf.org \
+ --env DEPLOY_PASSWORD=demo123456! \
+ --env APP_FQI=aaf@aaf.osaaf.org \
+ --env APP_FQDN=aaf-hello \
+ --env LATITUDE=$LATITUDE \
+ --env LONGITUDE=$LONGITUDE \
+ --env aaf_locator_container_ns=onap \
+ --env aaf_locator_container=docker \
+ $LINKS \
+ "${PREFIX}${ORG}/${PROJECT}/aaf_agent:${VERSION}" \
+ bash -c "bash /opt/app/aaf_config/bin/agent.sh && chown -R ${DUSER}:${DUSER} /opt/app/osaaf/local"
+ fi
+
+ PUBLISH="--publish 8130:8130"
+ #CMD_LINE="cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-hello aaf-locate aaf-cm && sleep 240"
+ CMD_LINE="cd /opt/app/aaf && /bin/bash bin/pod_wait.sh aaf-hello aaf-locate aaf-cm && exec bin/hello"
+ IMAGE="${PREFIX}${ORG}/${PROJECT}/aaf_hello:${VERSION}"
;;
esac
echo Starting aaf-$AAF_COMPONENT...
- if [ -n "${DUSER}" ]; then
- THE_USER="--user $DUSER"
- fi
-
$DOCKER run \
-d \
--env CASSANDRA_USER=${CASSANDRA_USER} \
--env CASSANDRA_PASSWORD=${CASSANDRA_PASSWORD} \
--env CASSANDRA_PORT=${CASSANDRA_PORT} \
- $PUBLISH \
- -v "aaf_config:$CONF_ROOT_DIR" \
-v "aaf_status:/opt/app/aaf/status" \
- ${PREFIX}${ORG}/${PROJECT}/aaf_core:${VERSION} \
+ $PUBLISH \
+ $CONFIG \
+ $IMAGE \
/bin/bash -c "$CMD_LINE"
+
done
. ./d.props
DOCKER=${DOCKER:=docker}
-if [ "$1" == "" ]; then
+if [ "$1" = "all" ]; then
+ AAF_COMPONENTS="cass"
+ shift
+fi
+if [ -z "$1" ]; then
for C in $(cat components); do
AAF_COMPONENTS="$C $AAF_COMPONENTS"
done
for AAF_COMPONENT in ${AAF_COMPONENTS}; do
$DOCKER stop aaf-$AAF_COMPONENT
done
+
--- /dev/null
+podman pod create --name "aaf.gathsys.com" --publish 9042,8100
+
+#--publish 8095:8095 --publish 8140:8140 --publish 8150:8150 --publish 8200:8200 --publish 8130:8130 --publish 9042:9042
+
+# --publish 80:8096
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
image: "{{ .Values.image.repository }}{{ .Values.service.agentImage }}"
imagePullPolicy: IfNotPresent
volumeMounts:
- - mountPath: "/opt/app/osaaf"
+ - mountPath: "/opt/app/osaaf/local"
name: aaf-hello-vol
command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"]
env:
imagePullPolicy: IfNotPresent
command: ["bash","-c","cd /opt/app/aaf && if [ ! -d /opt/app/osaaf/etc ]; then cp -Rf etc logs /opt/app/osaaf; fi && exec bin/hello"]
volumeMounts:
- - mountPath: "/opt/app/osaaf"
+ - mountPath: "/opt/app/osaaf/local"
name: aaf-hello-vol
ports:
- name: aaf-hello
# repository: localhost:5000/
service:
- agentImage: onap/aaf/aaf_agent:2.1.17-SNAPSHOT
- image: onap/aaf/aaf_hello:2.1.17-SNAPSHOT
+ agentImage: onap/aaf/aaf_agent:2.1.20-SNAPSHOT
+ image: onap/aaf/aaf_hello:2.1.20-SNAPSHOT
app_ns: "org.osaaf.aaf"
fqi: "aaf@aaf.osaaf.org"
fqdn: "aaf-hello"
appVersion: "1.0"
description: AAF Helm Chart
name: aaf
-version: 2.1.17-SNAPSHOT
+## Use this to pull Released Version
+# version: 2.1.19
+
+version: 2.1.19-SNAPSHOT
-. ../../docker/aaf.props
-IMAGE=onap/aaf/aaf_config:$VERSION
+. ../../docker/d.props
+IMAGE=$DOCKER_REPOSITORY/onap/aaf/aaf_config:$VERSION
kubectl -n onap run -it --rm aaf-config-$USER --image=$IMAGE --overrides='
{
- name: aaf-status-vol
persistentVolumeClaim:
claimName: aaf-status-pvc
+ initContainers:
+ - command:
+ - /bin/sh
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /var/lib/cassandra
+ chown -R 1000:1000 /var/lib/cassandra
+ image: busybox:1.28
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: init-sysctl
+ volumeMounts:
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
+ - mountPath: /var/lib/cassandra
+ name: aaf-cass-vol
containers:
###
### AAF-CASS
persistentVolumeClaim:
claimName: aaf-status-pvc
initContainers:
+ - command:
+ - /bin/sh
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /opt/app/osaaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: busybox:1.28
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: init-sysctl
+ volumeMounts:
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
- name: aaf-config-container
image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }}
imagePullPolicy: IfNotPresent
persistentVolumeClaim:
claimName: aaf-status-pvc
initContainers:
+ - command:
+ - /bin/sh
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /opt/app/osaaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: busybox:1.28
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: init-sysctl
+ volumeMounts:
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
- name: aaf-config-container
image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }}
imagePullPolicy: IfNotPresent
persistentVolumeClaim:
claimName: aaf-status-pvc
initContainers:
+ - command:
+ - /bin/sh
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /opt/app/osaaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: busybox:1.28
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: init-sysctl
+ volumeMounts:
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
- name: aaf-config-container
image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }}
imagePullPolicy: IfNotPresent
persistentVolumeClaim:
claimName: aaf-status-pvc
initContainers:
+ - command:
+ - /bin/sh
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /opt/app/osaaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: busybox:1.28
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: init-sysctl
+ volumeMounts:
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
- name: aaf-config-container
image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }}
imagePullPolicy: IfNotPresent
persistentVolumeClaim:
claimName: aaf-status-pvc
initContainers:
+ - command:
+ - /bin/sh
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /opt/app/osaaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: busybox:1.28
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: init-sysctl
+ volumeMounts:
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
- name: aaf-config-container
image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }}
imagePullPolicy: IfNotPresent
persistentVolumeClaim:
claimName: aaf-status-pvc
initContainers:
+ - command:
+ - /bin/sh
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /opt/app/osaaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: busybox:1.28
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: init-sysctl
+ volumeMounts:
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
- name: aaf-config-container
image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }}
imagePullPolicy: IfNotPresent
- command: ["bash","/opt/app/aaf_config/bin/agent.sh"]
+ command: ["bash","-c","/opt/app/aaf_config/bin/agent.sh"]
volumeMounts:
- mountPath: "/opt/app/osaaf"
name: aaf-config-vol
persistence:
enabled: true
+image:
+ ### FOR RELEASED VERSION ###
+ # When using Docker Repo, add, and include trailing "/"
+ # For Released Versions (both Repo and remove "-SNAPSHOT" from version)
+ # repository: nexus3.onap.org:10001/
+ # version: 2.1.20
+
+ ### FOR SNAPSHOTS, DEVELOPMENT, ETC ###
+ # When using Locally built images, comment out "repository"
+ # repository: nexus3.onap.org:10001/
+ # For your own Repo
+ # repository: localhost:5000/
+ # When using locally built Docker Container, set Repository to ""
+ repository: ""
+ version: 2.1.20-SNAPSHOT
+
services:
aaf_env: "DEV"
aaf_id: "aaf@aaf.osaaf.org"
mountSubPath: "config"
storageClass: "manual"
-image:
- # When using locally built Docker Container, set Repository to ""
- repository: ""
- # When using Docker Repo, add, and include trailing "/"
- # repository: nexus3.onap.org:10003/
- # repository: localhost:5000/
- version: 2.1.17-SNAPSHOT
-
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
</parent>
<artifactId>authparent</artifactId>
<name>AAF Auth Parent</name>
# This script is run when starting client Container.
# It needs to cover the cases where the initial data doesn't exist, and when it has already been configured (don't overwrite)
#
+
+#
+# error handling. REQUIRED: if this script fails, it must give non-zero exit value
+#
+# We exit non-zero with an explanation echod to standard
+# out in some situations, like bad input or failed keygen.
+# We exit non-zero without explanation in other situations
+# like command not found, or file access perms error.
+#
+# exit without explaining to stdout if some error
+set -e
+
+[ -z "$JAVA_HOME" ] && { echo FAILURE: JAVA_HOME is not set; exit 1;}
JAVA=${JAVA_HOME}/bin/java
+
+[ -e ${JAVA_HOME} ] || { echo FAILURE: java home does not exist: ${JAVA_HOME}; exit 1;}
+[ -e ${JAVA} ] || { echo FAILURE: java executable does not exist: ${JAVA}; exit 1;}
+
AAF_INTERFACE_VERSION=2.1
# Extract Name, Domain and NS from FQI
+[ -z "$APP_FQI" ] && { echo FAILURE: APP_FQI is not set; exit 1; }
+
FQIA=($(echo ${APP_FQI} | tr '@' '\n'))
FQI_SHORT=${FQIA[0]}
FQI_DOMAIN=${FQIA[1]}
+[ -z "$FQI_SHORT" ] && { echo FAILURE: malformed APP_FQI, should be like email form: name@domain; exit 1; }
+[ -z "$FQI_DOMAIN" ] && { echo FAILURE: malformed APP_FQI, should be like email form: name@domain; exit 1; }
+
# Reverse DOMAIN for NS
FQIA_E=($(echo ${FQI_DOMAIN} | tr '.' '\n'))
for (( i=( ${#FQIA_E[@]} -1 ); i>0; i-- )); do
NS=${NS}${FQIA_E[i]}'.'
done
NS=${NS}${FQIA_E[0]}
-CONFIG="/opt/app/aaf_config"
-OSAAF="/opt/app/osaaf"
-LOCAL="$OSAAF/local"
-DOT_AAF="$HOME/.aaf"
+CONFIG=${CONFIG:-"/opt/app/aaf_config"}
+
+# perhaps AAF HOME? (root of aaf installation)
+OSAAF=${OSAAF:-"/opt/app/osaaf"}
+
+# this is the 'place' operation's destination
+LOCAL=${LOCAL:-"$OSAAF/local"}
+DOT_AAF=${DOT_AAF:-"${HOME}/.aaf"}
SSO="$DOT_AAF/sso.props"
+# for *backup files
+backupDir=${BACKUP_DIR:-${LOCAL}}
+
if [ -e "$CONFIG" ]; then
CONFIG_BIN="$CONFIG/bin"
else
JAVA_AGENT="$JAVA -Dcadi_loglevel=DEBUG -Dcadi_etc_dir=${LOCAL} -Dcadi_log_dir=${LOCAL} -jar $AGENT_JAR "
+function backup() {
+ # any backup files?
+ if stat -t *.backup > /dev/null 2>&1; then
+ # move them somewhere else?
+ if [ "${backupDir}" != "${LOCAL}" ]; then
+ mkdir -p ${backupDir}
+ mv -f ${LOCAL}/*.backup ${backupDir}
+ fi
+ fi
+}
+
# Setup SSO info for Deploy ID
function sso_encrypt() {
- $JAVA_AGENT cadi digest ${1} $DOT_AAF/keyfile
+ $JAVA_AGENT cadi digest ${1} $DOT_AAF/keyfile || {
+ echo agent fails to digest password
+ exit 1
+ }
}
-# Setup Bash, first time only
-if [ ! -e "$HOME/.bashrc" ] || [ -z "$(grep agent $HOME/.bashrc)" ]; then
- echo "alias agent='$CONFIG_BIN/agent.sh agent \$*'" >>$HOME/.bashrc
+# Setup Bash, first time only, Agent only
+if [ ! -f "$HOME/.bashrc" ] || [ -z "$(grep agent $HOME/.bashrc)" ]; then
+ echo "alias agent='$CONFIG_BIN/agent.sh agent \$*'" >> $HOME/.bashrc
chmod a+x $CONFIG_BIN/agent.sh
. $HOME/.bashrc
fi
+
if [ ! -e "$DOT_AAF/truststoreONAPall.jks" ]; then
mkdir -p $DOT_AAF
base64 -d $CONFIG/cert/truststoreONAPall.jks.b64 > $DOT_AAF/truststoreONAPall.jks
# Create Deployer Info, located at /root/.aaf
if [ ! -e "$DOT_AAF/keyfile" ]; then
- $JAVA_AGENT cadi keygen $DOT_AAF/keyfile
+
+ $JAVA_AGENT cadi keygen $DOT_AAF/keyfile || {
+ echo "Cannot create $DOT_AAF/keyfile"
+ exit 1
+ }
+
chmod 400 $DOT_AAF/keyfile
+
+fi
+
+if [ ! -e "${SSO}" ]; then
+ echo Creating and adding content to ${SSO}
echo "cadi_keyfile=$DOT_AAF/keyfile" > ${SSO}
# Add Deployer Creds to Root's SSO
echo "aaf_url_cm=https://aaf-cm:8150" >> ${SSO}
echo "aaf_url=https://aaf-service:8100" >> ${SSO}
else
- echo "aaf_locate_url=https://$aaf-locator.${CONTAINER_NS}:8095" >> ${SSO}
+ echo "aaf_locate_url=https://${aaf_locator_fqdn}:8095" >> ${SSO}
echo "aaf_url_cm=https://AAF_LOCATE_URL/%CNS.%NS.cm:2.1" >> ${SSO}
echo "aaf_url=https://AAF_LOCATE_URL/%CNS.%NS.service:2.1" >> ${SSO}
fi
. ${SSO}
echo "Caller Properties Initialized"
- INITIALIZED="true"
echo "cat SSO"
cat ${SSO}
fi
echo "Existing files in $LOCAL"
ls -l
-# Should we clean up?
+# Should we refresh the client version??
if [ "${VERSION}" != "$(cat ${LOCAL}/VERSION 2> /dev/null)" ]; then
echo "Clean up directory ${LOCAL}"
rm -Rf ${LOCAL}/*
+
+ echo "${VERSION}" > $LOCAL/VERSION
+ cp $AGENT_JAR $LOCAL
+ echo "#!/bin/bash" > $LOCAL/agent
+ echo 'java -jar aaf-cadi-aaf-*-full.jar $*' >> $LOCAL/agent
+ echo "#!/bin/bash" > $LOCAL/cadi
+ echo 'java -jar aaf-cadi-aaf-*-full.jar cadi $*' >> $LOCAL/cadi
+ chmod 755 $LOCAL/agent $LOCAL/cadi
fi
-echo "${VERSION}" > $LOCAL/VERSION
echo "Namespace is ${NS}"
+
# Only initialize once, automatically...
-if [ ! -e $LOCAL/${NS}.props ]; then
+if [ ! -f $LOCAL/${NS}.props ]; then
+ [ -z "$APP_FQDN" ] && { echo FAILURE: APP_FQDN is not set; exit 1; }
+
echo "#### Create Configuration files "
- $JAVA_AGENT config $APP_FQI $APP_FQDN
+ > $LOCAL/$NS
+ $JAVA_AGENT config $APP_FQI $APP_FQDN --nopasswd || {
+ echo Cannot create config files
+ exit 1
+ }
cat $LOCAL/$NS.props
echo
echo "#### Certificate Authorization Artifact"
# TMP=$(mktemp)
TMP=$LOCAL/agent.log
- $JAVA_AGENT read ${APP_FQI} ${APP_FQDN} | tee $TMP
+
+
+ $JAVA_AGENT read ${APP_FQI} ${APP_FQDN} | tee $TMP ; [ ${PIPESTATUS[0]} -eq 0 ] || {
+ echo Cannot read artificate;
+ exit 1;
+ }
+
if [ -n "$(grep 'Namespace:' $TMP)" ]; then
echo "#### Place Certificates (by deployer)"
- $JAVA_AGENT place $APP_FQI $APP_FQDN
+ $JAVA_AGENT place $APP_FQI $APP_FQDN || {
+ echo Failed to obtain new certificate
+ exit 1
+
+ }
- if [ -z "$(grep cadi_alias $NS.cred.props)" ]; then
- echo "FAILED to get Certificate"
- INITIALIZED="false"
+ if [ -z "$(grep cadi_alias ${LOCAL}/$NS.cred.props)" ]; then
+ echo "FAILED to get Certificate, cadi_alias is not defined."
+ exit 1
else
echo "Obtained Certificates"
echo "#### Validate Configuration and Certificate with live call"
- $JAVA_AGENT validate cadi_prop_files=${NS}.props
- INITIALIZED="true"
+ $JAVA_AGENT validate cadi_prop_files=${NS}.props || {
+ echo Failed to validate new certificate
+ exit 1
+ }
fi
else
echo "#### Certificate Authorization Artifact must be valid to continue"
INITIALIZED="true"
fi
-# Now run a command
-CMD=$2
-if [ -z "$CMD" ]; then
- if [ -n "$INITIALIZED" ]; then
- echo "Initialization complete"
- fi
+if [ -z "$*" ]; then
+ echo "Initialization complete"
else
- shift
+ # Now run a command
+ CMD=$1
shift
case "$CMD" in
ls)
echo ls requested
- find /opt/app/osaaf -depth
+ find ${OSAAF} -depth
;;
cat)
if [ "$1" = "" ]; then
;;
read)
echo "## Read Artifacts"
- $JAVA_AGENT read $APP_FQI $APP_FQDN cadi_prop_files=${SSO} cadi_loglevel=INFO
+ $JAVA_AGENT read $APP_FQI $APP_FQDN cadi_prop_files=${SSO} cadi_loglevel=INFO || {
+ echo Command faile, cannot read artifacts
+ exit 1
+ }
;;
showpass)
echo "## Show Passwords"
- $JAVA_AGENT showpass $APP_FQI $APP_FQDN cadi_prop_files=${SSO} cadi_loglevel=ERROR
+ $JAVA_AGENT showpass $APP_FQI $APP_FQDN cadi_prop_files=${SSO} cadi_loglevel=ERROR || {
+ echo Failure showing password
+ exit 1
+ }
;;
check)
echo "## Check Certificate"
echo "$JAVA_AGENT check $APP_FQI $APP_FQDN cadi_prop_files=${LOCAL}/${NS}.props"
- $JAVA_AGENT check $APP_FQI $APP_FQDN cadi_prop_files=${LOCAL}/${NS}.props
+ # inspects and repots on certificate validation and renewal date
+ $JAVA_AGENT check $APP_FQI $APP_FQDN cadi_prop_files=${LOCAL}/${NS}.props || {
+ echo Checking certificate fails.
+ exit 1
+ }
;;
validate)
echo "## validate requested"
- $JAVA_AGENT validate $APP_FQI $APP_FQDN
+ # attempt to send request to aaf; authenticate with this local certificate
+ $JAVA_AGENT validate $APP_FQI $APP_FQDN || {
+ echo Validation fails.
+ exit 1
+ }
;;
place)
echo "## Renew Certificate"
- $JAVA_AGENT place $APP_FQI $APP_FQDN cadi_prop_files=${SSO}
+ $JAVA_AGENT place $APP_FQI $APP_FQDN cadi_prop_files=${SSO} || {
+ echo Placing certificate fails.
+ exit 1
+ }
;;
renew)
echo "## Renew Certificate"
- $JAVA_AGENT place $APP_FQI $APP_FQDN
+ $JAVA_AGENT place $APP_FQI $APP_FQDN || {
+ echo Failure renewing certificate
+ exit 1
+ }
;;
bash)
shift
cd $LOCAL || exit
- exec bash "$@"
+ exec bash "$@"
;;
setProp)
cd $LOCAL || exit
done
;;
taillog)
- sh /opt/app/osaaf/logs/taillog
+ sh ${OSAAF}/logs/taillog
;;
testConnectivity|testconnectivity)
echo "--- Test Connectivity ---"
- $JAVA -cp $CONFIG_BIN/aaf-auth-cmd-*-full.jar org.onap.aaf.cadi.aaf.TestConnectivity $LOCAL/org.osaaf.aaf.props
+ $JAVA -cp $AGENT_JAR org.onap.aaf.cadi.aaf.TestConnectivity $LOCAL/${NS}.props || {
+ echo Failure while testing connectivity
+ exit 1
+ }
;;
--help | -?)
case "$1" in
### Possible Dublin
# sample)
# echo "--- run Sample Servlet App ---"
- # $JAVA -Dcadi_prop_files=$LOCAL/${NS}.props -cp $CONFIG_BIN/aaf-auth-cmd-*-full.jar:$CONFIG_BIN/aaf-cadi-servlet-sample-*-sample.jar org.onap.aaf.sample.cadi.jetty.JettyStandalone ${NS}.props
+ # $JAVA -Dcadi_prop_files=$LOCAL/${NS}.props -cp $AGENT_JAR:$CONFIG_BIN/aaf-cadi-servlet-sample-*-sample.jar org.onap.aaf.sample.cadi.jetty.JettyStandalone ${NS}.props
# ;;
*)
$JAVA_AGENT "$CMD" "$@"
;;
esac
fi
+
+backup
fi
echo "Created AAF Initial Configurations"
INITIALIZED="true"
+ if [ -n ${DUSER} ]; then
+ mkdir -p /opt/app/osaaf/logs
+ chown -R 1000:1000 /opt/app/aaf /opt/app/osaaf
+ fi
fi
-portal@portal.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.portal|53344|
-shi@shi.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.shi|53344|
-aaf@aaf.osaaf.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.aaf|53344|
-aaf-sms@aaf-sms.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aaf-sms|53344|
-clamp@clamp.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.clamp|53344|
-aai@aai.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aai|53344|
-appc@appc.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.appc|53344|
-dcae@dcae.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dcae|53344|
-oof@oof.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.oof|53344|
-so@so.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.so|53344|
-sdc@sdc.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.sdc|53344|
-sdnc@sdnc.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.sdnc|53344|
-sdnc-cds@sdnc-cds.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.sdnc-cds|53344|
-vfc@vfc.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.vfc|53344|
-policy@policy.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.policy|53344|
-pomba@pomba.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.pomba|53344|
-holmes@holmes.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.holmes|53344|
-nbi@nbi.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.nbi|53344|
-music@music.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.music|53344|
-vid@vid.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.vid|53344|
-vid1@vid1.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.vid1|53344|
-vid2@vid2.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.vid2|53344|
-dmaap-bc@dmaap-bc.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dmaap-bc|53344|
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dmaap-bc-topic-mgr|53344|
-dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dmaap-bc-mm-prov|53344|
-dmaap-dr@dmaap-dr.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dmaap-dr|53344|
-dmaap-dr-prov@dmaap-dr-prov.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dmaap-dr-prov|53344|
-dmaap-dr-node@dmaap-dr-node.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dmaap-dr-node|53344|
-dmaap-mr@dmaap-mr.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dmaap-mr|53344|
-dmaapmr@dmaapmr.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dmaapmr|53344|
-#dmaap.mr@#dmaap.mr.onap.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.mr.#dmaap|53344|
-iowna@people.osaaf.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
-mmanager@people.osaaf.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
-bdevl@people.osaaf.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
-mmarket@people.osaaf.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
-demo@people.osaaf.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
-jh0003@people.osaaf.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
-cs0008@people.osaaf.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
-jm0007@people.osaaf.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
-op0001@people.osaaf.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
-gv0001@people.osaaf.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
-pm0001@people.osaaf.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
-gs0001@people.osaaf.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
-ps0001@people.osaaf.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
-aaf_admin@people.osaaf.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
-deployer@people.osaaf.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
-portal_admin@people.osaaf.org|2|2020-08-18 08:41:56.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
+portal@portal.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.portal|53344|
+shi@shi.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.shi|53344|
+aaf@aaf.osaaf.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.aaf|53344|
+aaf-sms@aaf-sms.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aaf-sms|53344|
+clamp@clamp.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.clamp|53344|
+aai@aai.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aai|53344|
+appc@appc.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.appc|53344|
+dcae@dcae.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dcae|53344|
+oof@oof.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.oof|53344|
+so@so.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.so|53344|
+sdc@sdc.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.sdc|53344|
+sdnc@sdnc.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.sdnc|53344|
+sdnc-cds@sdnc-cds.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.sdnc-cds|53344|
+vfc@vfc.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.vfc|53344|
+policy@policy.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.policy|53344|
+pomba@pomba.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.pomba|53344|
+holmes@holmes.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.holmes|53344|
+nbi@nbi.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.nbi|53344|
+music@music.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.music|53344|
+vid@vid.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.vid|53344|
+vid1@vid1.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.vid1|53344|
+vid2@vid2.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.vid2|53344|
+dmaap-bc@dmaap-bc.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dmaap-bc|53344|
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dmaap-bc-topic-mgr|53344|
+dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dmaap-bc-mm-prov|53344|
+dmaap-dr@dmaap-dr.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dmaap-dr|53344|
+dmaap-dr-prov@dmaap-dr-prov.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dmaap-dr-prov|53344|
+dmaap-dr-node@dmaap-dr-node.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dmaap-dr-node|53344|
+dmaap-mr@dmaap-mr.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dmaap-mr|53344|
+dmaapmr@dmaapmr.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dmaapmr|53344|
+#dmaap.mr@#dmaap.mr.onap.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.mr.#dmaap|53344|
+iowna@people.osaaf.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
+mmanager@people.osaaf.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
+bdevl@people.osaaf.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
+mmarket@people.osaaf.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
+demo@people.osaaf.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
+jh0003@people.osaaf.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
+cs0008@people.osaaf.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
+jm0007@people.osaaf.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
+op0001@people.osaaf.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
+gv0001@people.osaaf.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
+pm0001@people.osaaf.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
+gs0001@people.osaaf.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
+ps0001@people.osaaf.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
+aaf_admin@people.osaaf.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
+deployer@people.osaaf.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
+portal_admin@people.osaaf.org|2|2020-09-05 12:09:20.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|
org.onap.sdnc|odl|odl-api|update||"{'org.onap.sdnc|service'}"
org.onap.so|access|*|*|AAF Namespace Write Access|"{'org.onap.so|admin', 'org.onap.so|app'}"
org.onap.so|access|*|read|AAF Namespace Read Access|"{'org.onap.so|owner'}"
-org.onap.so|actuatorManagementPerm|/manage/*|GET||"{'org.onap.so|actuatorManagementUsers'}"
-org.onap.so|apihPerm|/globalhealthcheck|GET||"{'org.onap.so|apihUsers.Read'}"
-org.onap.so|apihPerm|/manage/*|GET||
-org.onap.so|apihPerm|/nodehealthcheck|GET||"{'org.onap.so|apihUsers.Read'}"
-org.onap.so|apihPerm|/onap/so/infra/*|DELETE||"{'org.onap.so|apihUsers.Write'}"
-org.onap.so|apihPerm|/onap/so/infra/*|GET||"{'org.onap.so|apihUsers.Read', 'org.onap.so|apihUsers.Write'}"
-org.onap.so|apihPerm|/onap/so/infra/*|PATCH||"{'org.onap.so|apihUsers.Write'}"
-org.onap.so|apihPerm|/onap/so/infra/*|POST||"{'org.onap.so|apihUsers.Write'}"
-org.onap.so|apihPerm|/onap/so/infra/*|PUT||"{'org.onap.so|apihUsers.Write'}"
-org.onap.so|apihPerm|/tasks/*|POST||"{'org.onap.so|apihUsers.Write'}"
-org.onap.so|bpmnPerm|*|DELETE||"{'org.onap.so|bpmnUsers.Write'}"
-org.onap.so|bpmnPerm|*|GET||"{'org.onap.so|bpmnUsers.Read', 'org.onap.so|bpmnUsers.Write'}"
-org.onap.so|bpmnPerm|*|POST||"{'org.onap.so|bpmnUsers.Write'}"
-org.onap.so|bpmnPerm|*|PUT||"{'org.onap.so|bpmnUsers.Write'}"
-org.onap.so|bpmnPerm|/manage/*|GET||
-org.onap.so|catalogDbAdapterPerm|*|DELETE||"{'org.onap.so|catalogDbAdapterUsers.Write'}"
-org.onap.so|catalogDbAdapterPerm|*|GET||"{'org.onap.so|catalogDbAdapterUsers.Read', 'org.onap.so|catalogDbAdapterUsers.Write'}"
-org.onap.so|catalogDbAdapterPerm|*|POST||"{'org.onap.so|catalogDbAdapterUsers.Write'}"
-org.onap.so|catalogDbAdapterPerm|*|PUT||"{'org.onap.so|catalogDbAdapterUsers.Write'}"
-org.onap.so|catalogDbAdapterPerm|/manage/*|GET||
org.onap.so|certman|local|request,ignoreIPs,showpass||"{'org.onap.so|admin', 'org.osaaf.aaf|deploy'}"
-org.onap.so|monitoringPerm|*|GET||"{'org.onap.so|monitoringUsers.Read', 'org.onap.so|monitoringUsers.Write'}"
-org.onap.so|monitoringPerm|*|POST||"{'org.onap.so|monitoringUsers.Write'}"
-org.onap.so|monitoringPerm|/manage/*|GET||
-org.onap.so|openStackAdapterPerm|*|DELETE||"{'org.onap.so|openStackAdapterUsers.Write'}"
-org.onap.so|openStackAdapterPerm|*|GET||"{'org.onap.so|openStackAdapterUsers.Read', 'org.onap.so|openStackAdapterUsers.Write'}"
-org.onap.so|openStackAdapterPerm|*|POST||"{'org.onap.so|openStackAdapterUsers.Write'}"
-org.onap.so|openStackAdapterPerm|*|PUT||"{'org.onap.so|openStackAdapterUsers.Write'}"
-org.onap.so|openStackAdapterPerm|/manage/*|GET||
-org.onap.so|requestDbAdapterPerm|*|DELETE||"{'org.onap.so|requestDbAdapterUsers.Write'}"
-org.onap.so|requestDbAdapterPerm|*|GET||"{'org.onap.so|requestDbAdapterUsers.Read', 'org.onap.so|requestDbAdapterUsers.Write'}"
-org.onap.so|requestDbAdapterPerm|*|PATCH||"{'org.onap.so|requestDbAdapterUsers.Write'}"
-org.onap.so|requestDbAdapterPerm|*|POST||"{'org.onap.so|requestDbAdapterUsers.Write'}"
-org.onap.so|requestDbAdapterPerm|*|PUT||"{'org.onap.so|requestDbAdapterUsers.Write'}"
-org.onap.so|requestDbAdapterPerm|/manage/*|GET||
-org.onap.so|sdcControllerPerm|*|GET||"{'org.onap.so|sdcControllerUsers.Read', 'org.onap.so|sdcControllerUsers.Write'}"
-org.onap.so|sdcControllerPerm|*|POST||"{'org.onap.so|sdcControllerUsers.Write'}"
-org.onap.so|sdcControllerPerm|*|PUT||"{'org.onap.so|sdcControllerUsers.Write'}"
-org.onap.so|sdcControllerPerm|/manage/*|GET||
-org.onap.so|sdncAdapterPerm|*|GET||"{'org.onap.so|sdncAdapterUsers.Read', 'org.onap.so|sdncAdapterUsers.Write'}"
-org.onap.so|sdncAdapterPerm|*|POST||"{'org.onap.so|sdncAdapterUsers.Write'}"
-org.onap.so|sdncAdapterPerm|/manage/*|GET||
-org.onap.so|vfcAdapterPerm|*|GET||"{'org.onap.so|vfcAdapterUsers.Read', 'org.onap.so|vfcAdapterUsers.Write'}"
-org.onap.so|vfcAdapterPerm|*|POST||"{'org.onap.so|vfcAdapterUsers.Write'}"
-org.onap.so|vfcAdapterPerm|/manage/*|GET||
-org.onap.so|vnfmAdapterPerm|*|GET||"{'org.onap.so|vnfmAdapterUsers.Read', 'org.onap.so|vnfmAdapterUsers.Write'}"
-org.onap.so|vnfmAdapterPerm|*|POST||"{'org.onap.so|vnfmAdapterUsers.Write'}"
-org.onap.so|vnfmAdapterPerm|/manage/*|GET||
org.onap.vfc|access|*|*|AAF Namespace Write Access|"{'org.onap.vfc|admin', 'org.onap.vfc|service'}"
org.onap.vfc|access|*|read|AAF Namespace Read Access|"{'org.onap.vfc|owner'}"
org.onap.vfc|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
org.onap.sdnc|admin|AAF Namespace Administrators|"{'org.onap.sdnc|access|*|*', 'org.onap.sdnc|odl|odl-api|*'}"
org.onap.sdnc|owner|AAF Namespace Owners|"{'org.onap.sdnc|access|*|read'}"
org.onap.sdnc|service||"{'org.onap.sdnc|access|*|*', 'org.onap.sdnc|odl|odl-api|*', 'org.onap.sdnc|odl|odl-api|create', 'org.onap.sdnc|odl|odl-api|delete', 'org.onap.sdnc|odl|odl-api|read', 'org.onap.sdnc|odl|odl-api|update'}"
-org.onap.so|actuatorManagementUsers||"{'org.onap.so|actuatorManagementPerm|/manage/*|GET'}"
org.onap.so|admin|AAF Namespace Administrators|"{'org.onap.so|access|*|*', 'org.onap.so|certman|local|request,ignoreIPs,showpass'}"
-org.onap.so|apihUsers.Read||"{'org.onap.so|apihPerm|/globalhealthcheck|GET', 'org.onap.so|apihPerm|/nodehealthcheck|GET', 'org.onap.so|apihPerm|/onap/so/infra/*|GET'}"
-org.onap.so|apihUsers.Write||"{'org.onap.so|apihPerm|/onap/so/infra/*|DELETE', 'org.onap.so|apihPerm|/onap/so/infra/*|GET', 'org.onap.so|apihPerm|/onap/so/infra/*|PATCH', 'org.onap.so|apihPerm|/onap/so/infra/*|POST', 'org.onap.so|apihPerm|/onap/so/infra/*|PUT', 'org.onap.so|apihPerm|/tasks/*|POST'}"
org.onap.so|app||"{'org.onap.so|access|*|*'}"
-org.onap.so|bpmnUsers.Read||"{'org.onap.so|bpmnPerm|*|GET'}"
-org.onap.so|bpmnUsers.Write||"{'org.onap.so|bpmnPerm|*|DELETE', 'org.onap.so|bpmnPerm|*|GET', 'org.onap.so|bpmnPerm|*|POST', 'org.onap.so|bpmnPerm|*|PUT'}"
-org.onap.so|catalogDbAdapterUsers.Read||"{'org.onap.so|catalogDbAdapterPerm|*|GET'}"
-org.onap.so|catalogDbAdapterUsers.Write||"{'org.onap.so|catalogDbAdapterPerm|*|DELETE', 'org.onap.so|catalogDbAdapterPerm|*|GET', 'org.onap.so|catalogDbAdapterPerm|*|POST', 'org.onap.so|catalogDbAdapterPerm|*|PUT'}"
-org.onap.so|monitoringUsers.Read||"{'org.onap.so|monitoringPerm|*|GET'}"
-org.onap.so|monitoringUsers.Write||"{'org.onap.so|monitoringPerm|*|GET', 'org.onap.so|monitoringPerm|*|POST'}"
-org.onap.so|openStackAdapterUsers.Read||"{'org.onap.so|openStackAdapterPerm|*|GET'}"
-org.onap.so|openStackAdapterUsers.Write||"{'org.onap.so|openStackAdapterPerm|*|DELETE', 'org.onap.so|openStackAdapterPerm|*|GET', 'org.onap.so|openStackAdapterPerm|*|POST', 'org.onap.so|openStackAdapterPerm|*|PUT'}"
org.onap.so|owner|AAF Namespace Owners|"{'org.onap.so|access|*|read'}"
-org.onap.so|requestDbAdapterUsers.Read||"{'org.onap.so|requestDbAdapterPerm|*|GET'}"
-org.onap.so|requestDbAdapterUsers.Write||"{'org.onap.so|requestDbAdapterPerm|*|DELETE', 'org.onap.so|requestDbAdapterPerm|*|GET', 'org.onap.so|requestDbAdapterPerm|*|PATCH', 'org.onap.so|requestDbAdapterPerm|*|POST', 'org.onap.so|requestDbAdapterPerm|*|PUT'}"
-org.onap.so|sdcControllerUsers.Read||"{'org.onap.so|sdcControllerPerm|*|GET'}"
-org.onap.so|sdcControllerUsers.Write||"{'org.onap.so|sdcControllerPerm|*|GET', 'org.onap.so|sdcControllerPerm|*|POST', 'org.onap.so|sdcControllerPerm|*|PUT'}"
-org.onap.so|sdncAdapterUsers.Read||"{'org.onap.so|sdncAdapterPerm|*|GET'}"
-org.onap.so|sdncAdapterUsers.Write||"{'org.onap.so|sdncAdapterPerm|*|GET', 'org.onap.so|sdncAdapterPerm|*|POST'}"
-org.onap.so|vfcAdapterUsers.Read||"{'org.onap.so|vfcAdapterPerm|*|GET'}"
-org.onap.so|vfcAdapterUsers.Write||"{'org.onap.so|vfcAdapterPerm|*|GET', 'org.onap.so|vfcAdapterPerm|*|POST'}"
-org.onap.so|vnfmAdapterUsers.Read||"{'org.onap.so|vnfmAdapterPerm|*|GET'}"
-org.onap.so|vnfmAdapterUsers.Write||"{'org.onap.so|vnfmAdapterPerm|*|GET', 'org.onap.so|vnfmAdapterPerm|*|POST'}"
org.onap.vfc|admin|AAF Namespace Administrators|"{'org.onap.vfc|access|*|*'}"
org.onap.vfc|owner|AAF Namespace Owners|"{'org.onap.vfc|access|*|read'}"
org.onap.vfc|service||"{'org.onap.vfc|access|*|*'}"
-mmanager@people.osaaf.org|org.onap.aaf-sms.admin|2020-08-18 08:41:56.000+0000|org.onap.aaf-sms|admin
-mmanager@people.osaaf.org|org.onap.aaf-sms.owner|2020-08-18 08:41:56.000+0000|org.onap.aaf-sms|owner
-mmanager@people.osaaf.org|org.onap.aai.admin|2020-08-18 08:41:56.000+0000|org.onap.aai|admin
-mmanager@people.osaaf.org|org.onap.aai.owner|2020-08-18 08:41:56.000+0000|org.onap.aai|owner
-mmanager@people.osaaf.org|org.onap.admin|2020-08-18 08:41:56.000+0000|org.onap|admin
-mmanager@people.osaaf.org|org.onap.appc.admin|2020-08-18 08:41:56.000+0000|org.onap.appc|admin
-mmanager@people.osaaf.org|org.onap.appc.owner|2020-08-18 08:41:56.000+0000|org.onap.appc|owner
-mmanager@people.osaaf.org|org.onap.cds.admin|2020-08-18 08:41:56.000+0000|org.onap.cds|admin
-mmanager@people.osaaf.org|org.onap.cds.owner|2020-08-18 08:41:56.000+0000|org.onap.cds|owner
-mmanager@people.osaaf.org|org.onap.clamp.admin|2020-08-18 08:41:56.000+0000|org.onap.clamp|admin
-mmanager@people.osaaf.org|org.onap.clamp.owner|2020-08-18 08:41:56.000+0000|org.onap.clamp|owner
-mmanager@people.osaaf.org|org.onap.dcae.admin|2020-08-18 08:41:56.000+0000|org.onap.dcae|admin
-mmanager@people.osaaf.org|org.onap.dcae.owner|2020-08-18 08:41:56.000+0000|org.onap.dcae|owner
-mmanager@people.osaaf.org|org.onap.dmaap-bc-mm-prov.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap-bc-mm-prov|admin
-mmanager@people.osaaf.org|org.onap.dmaap-bc-mm-prov.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap-bc-mm-prov|owner
-mmanager@people.osaaf.org|org.onap.dmaap-bc-topic-mgr.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap-bc-topic-mgr|admin
-mmanager@people.osaaf.org|org.onap.dmaap-bc-topic-mgr.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap-bc-topic-mgr|owner
-mmanager@people.osaaf.org|org.onap.dmaap-bc.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap-bc|admin
-mmanager@people.osaaf.org|org.onap.dmaap-bc.api.Controller|2020-08-18 08:41:56.000+0000|org.onap.dmaap-bc.api|Controller
-mmanager@people.osaaf.org|org.onap.dmaap-bc.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap-bc|owner
-mmanager@people.osaaf.org|org.onap.dmaap-dr.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap-dr|owner
-mmanager@people.osaaf.org|org.onap.dmaap-mr.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap-mr|admin
-mmanager@people.osaaf.org|org.onap.dmaap-mr.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap-mr|owner
-mmanager@people.osaaf.org|org.onap.dmaap-mr.sunil.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap-mr.sunil|owner
-mmanager@people.osaaf.org|org.onap.dmaap-mr.test.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap-mr.test|owner
-mmanager@people.osaaf.org|org.onap.dmaap.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap|admin
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aNewTopic-.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aNewTopic-|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aNewTopic-123450.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aNewTopic-123450|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aNewTopic-123451.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aNewTopic-123451|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aNewTopic-1547667570.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aNewTopic-1547667570|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTest-1547665517.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTest-1547665517|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTest-1547666628.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTest-1547666628|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTest-1547666760.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTest-1547666760|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTest-1547666950.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTest-1547666950|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTest-1547667031.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTest-1547667031|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-123456.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTestTopic-123456|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-123457.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTestTopic-123457|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-1547660509.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTestTopic-1547660509|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-1547660861.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTestTopic-1547660861|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-1547661011.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTestTopic-1547661011|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-1547662122.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTestTopic-1547662122|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-1547662451.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTestTopic-1547662451|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-1547664813.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTestTopic-1547664813|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-1547664928.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTestTopic-1547664928|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-1547666068.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTestTopic-1547666068|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTopic-1547654909.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTopic-1547654909|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.dgl000.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.dgl000|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.partitionTest-1546033194.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.partitionTest-1546033194|owner
-mmanager@people.osaaf.org|org.onap.dmaap.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap|owner
-mmanager@people.osaaf.org|org.onap.holmes.owner|2020-08-18 08:41:56.000+0000|org.onap.holmes|owner
-mmanager@people.osaaf.org|org.onap.music.admin|2020-08-18 08:41:56.000+0000|org.onap.music|admin
-mmanager@people.osaaf.org|org.onap.music.owner|2020-08-18 08:41:56.000+0000|org.onap.music|owner
-mmanager@people.osaaf.org|org.onap.nbi.owner|2020-08-18 08:41:56.000+0000|org.onap.nbi|owner
-mmanager@people.osaaf.org|org.onap.ngi.owner|2020-08-18 08:41:56.000+0000|org.onap.ngi|owner
-mmanager@people.osaaf.org|org.onap.oof.admin|2020-08-18 08:41:56.000+0000|org.onap.oof|admin
-mmanager@people.osaaf.org|org.onap.oof.owner|2020-08-18 08:41:56.000+0000|org.onap.oof|owner
-mmanager@people.osaaf.org|org.onap.owner|2020-08-18 08:41:56.000+0000|org.onap|owner
-mmanager@people.osaaf.org|org.onap.policy.owner|2020-08-18 08:41:56.000+0000|org.onap.policy|owner
-mmanager@people.osaaf.org|org.onap.pomba.admin|2020-08-18 08:41:56.000+0000|org.onap.pomba|admin
-mmanager@people.osaaf.org|org.onap.pomba.owner|2020-08-18 08:41:56.000+0000|org.onap.pomba|owner
-mmanager@people.osaaf.org|org.onap.portal.admin|2020-08-18 08:41:56.000+0000|org.onap.portal|admin
-mmanager@people.osaaf.org|org.onap.portal.owner|2020-08-18 08:41:56.000+0000|org.onap.portal|owner
-mmanager@people.osaaf.org|org.onap.sdc.admin|2020-08-18 08:41:56.000+0000|org.onap.sdc|admin
-mmanager@people.osaaf.org|org.onap.sdc.owner|2020-08-18 08:41:56.000+0000|org.onap.sdc|owner
-mmanager@people.osaaf.org|org.onap.sdnc-cds.admin|2020-08-18 08:41:56.000+0000|org.onap.sdnc-cds|admin
-mmanager@people.osaaf.org|org.onap.sdnc-cds.owner|2020-08-18 08:41:56.000+0000|org.onap.sdnc-cds|owner
-mmanager@people.osaaf.org|org.onap.sdnc.admin|2020-08-18 08:41:56.000+0000|org.onap.sdnc|admin
-mmanager@people.osaaf.org|org.onap.sdnc.owner|2020-08-18 08:41:56.000+0000|org.onap.sdnc|owner
-mmanager@people.osaaf.org|org.onap.so.admin|2020-08-18 08:41:56.000+0000|org.onap.so|admin
-mmanager@people.osaaf.org|org.onap.so.owner|2020-08-18 08:41:56.000+0000|org.onap.so|owner
-mmanager@people.osaaf.org|org.onap.vfc.admin|2020-08-18 08:41:56.000+0000|org.onap.vfc|admin
-mmanager@people.osaaf.org|org.onap.vfc.owner|2020-08-18 08:41:56.000+0000|org.onap.vfc|owner
-mmanager@people.osaaf.org|org.onap.vid.admin|2020-08-18 08:41:56.000+0000|org.onap.vid|admin
-mmanager@people.osaaf.org|org.onap.vid.owner|2020-08-18 08:41:56.000+0000|org.onap.vid|owner
-mmanager@people.osaaf.org|org.onap.vid1.admin|2020-08-18 08:41:56.000+0000|org.onap.vid1|admin
-mmanager@people.osaaf.org|org.onap.vid1.owner|2020-08-18 08:41:56.000+0000|org.onap.vid1|owner
-mmanager@people.osaaf.org|org.onap.vid2.admin|2020-08-18 08:41:56.000+0000|org.onap.vid2|admin
-mmanager@people.osaaf.org|org.onap.vid2.owner|2020-08-18 08:41:56.000+0000|org.onap.vid2|owner
-mmanager@people.osaaf.org|org.osaaf.people.owner|2020-08-18 08:41:56.000+0000|org.osaaf.people|owner
-shi@portal.onap.org|org.onap.portal.admin|2020-08-18 08:41:56.000+0000|org.onap.portal|admin
-demo@mr.dmaap.onap.org|org.onap.dmaap.mr.view|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr|view
-demo@people.osaaf.org|org.onap.aai.Account_Administrator|2020-08-18 08:41:56.000+0000|org.onap.aai|Account_Administrator
-demo@people.osaaf.org|org.onap.aai.aaiui|2020-08-18 08:41:56.000+0000|org.onap.aai|aaiui
-demo@people.osaaf.org|org.onap.aai.resources_readonly|2020-08-18 08:41:56.000+0000|org.onap.aai|resources_readonly
-demo@people.osaaf.org|org.onap.aai.traversal_basic|2020-08-18 08:41:56.000+0000|org.onap.aai|traversal_basic
-demo@people.osaaf.org|org.onap.dcae.pnfPublisher|2020-08-18 08:41:56.000+0000|org.onap.dcae|pnfPublisher
-demo@people.osaaf.org|org.onap.dcae.pnfSubscriber|2020-08-18 08:41:56.000+0000|org.onap.dcae|pnfSubscriber
-demo@people.osaaf.org|org.onap.dmaap-bc.api.Controller|2020-08-18 08:41:56.000+0000|org.onap.dmaap-bc.api|Controller
-demo@people.osaaf.org|org.onap.dmaap.mr.aNewTopic-123451.publisher|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aNewTopic-123451|publisher
-demo@people.osaaf.org|org.onap.dmaap.mr.create|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr|create
-demo@people.osaaf.org|org.onap.dmaap.mr.destroy|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr|destroy
-demo@people.osaaf.org|org.onap.dmaap.mr.mirrormakeragent.publisher|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.mirrormakeragent|publisher
-demo@people.osaaf.org|org.onap.dmaap.mr.mirrormakeragent.pub|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.mirrormakeragent|pub
-demo@people.osaaf.org|org.onap.dmaap.mr.mirrormakeragent.subscriber|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.mirrormakeragent|subscriber
-demo@people.osaaf.org|org.onap.dmaap.mr.mirrormakeragent.sub|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.mirrormakeragent|sub
-demo@people.osaaf.org|org.onap.dmaap.mr.mrtesttopic.pub|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr|mrtesttopic.pub
-demo@people.osaaf.org|org.onap.dmaap.mr.mrtesttopic.sub|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr|mrtesttopic.sub
-demo@people.osaaf.org|org.onap.dmaap.mr.view|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr|view
-demo@people.osaaf.org|org.onap.policy.Account_Administrator|2020-08-18 08:41:56.000+0000|org.onap.policy|Account_Administrator
-demo@people.osaaf.org|org.onap.policy.System_Administrator|2020-08-18 08:41:56.000+0000|org.onap.policy|System_Administrator
-demo@people.osaaf.org|org.onap.policy.pdpd.admin|2020-08-18 08:41:56.000+0000|org.onap.policy|pdpd.admin
-demo@people.osaaf.org|org.onap.policy.pdpx.admin|2020-08-18 08:41:56.000+0000|org.onap.policy|pdpx.admin
-demo@people.osaaf.org|org.onap.portal.Account_Administrator|2020-08-18 08:41:56.000+0000|org.onap.portal|Account_Administrator
-demo@people.osaaf.org|org.onap.portal.System_Administrator|2020-08-18 08:41:56.000+0000|org.onap.portal|System_Administrator
-demo@people.osaaf.org|org.onap.portal.admin|2020-08-18 08:41:56.000+0000|org.onap.portal|admin
-demo@people.osaaf.org|org.onap.portal.test.admin|2020-08-18 08:41:56.000+0000|org.onap.portal.test|admin
-demo@people.osaaf.org|org.onap.portal.test.owner|2020-08-18 08:41:56.000+0000|org.onap.portal.test|owner
-demo@people.osaaf.org|org.onap.portal.test.user1|2020-08-18 08:41:56.000+0000|org.onap.portal.test|user1
-demo@people.osaaf.org|org.onap.sdc.ADMIN|2020-08-18 08:41:56.000+0000|org.onap.sdc|ADMIN
-demo@people.osaaf.org|org.onap.sdc.Account_Administrator|2020-08-18 08:41:56.000+0000|org.onap.sdc|Account_Administrator
-demo@people.osaaf.org|org.onap.vid.Account_Administrator|2020-08-18 08:41:56.000+0000|org.onap.vid|Account_Administrator
-demo@people.osaaf.org|org.onap.vid.Demonstration___gNB|2020-08-18 08:41:56.000+0000|org.onap.vid|Demonstration___gNB
-demo@people.osaaf.org|org.onap.vid.Demonstration___vCPE|2020-08-18 08:41:56.000+0000|org.onap.vid|Demonstration___vCPE
-demo@people.osaaf.org|org.onap.vid.Demonstration___vFWCL|2020-08-18 08:41:56.000+0000|org.onap.vid|Demonstration___vFWCL
-demo@people.osaaf.org|org.onap.vid.Demonstration___vFW|2020-08-18 08:41:56.000+0000|org.onap.vid|Demonstration___vFW
-demo@people.osaaf.org|org.onap.vid.Demonstration___vIMS|2020-08-18 08:41:56.000+0000|org.onap.vid|Demonstration___vIMS
-demo@people.osaaf.org|org.onap.vid.Demonstration___vLB|2020-08-18 08:41:56.000+0000|org.onap.vid|Demonstration___vLB
-demo@people.osaaf.org|org.onap.vid.System_Administrator|2020-08-18 08:41:56.000+0000|org.onap.vid|System_Administrator
-jh0003@people.osaaf.org|org.onap.portal.admin|2020-08-18 08:41:56.000+0000|org.onap.portal|admin
-jh0003@people.osaaf.org|org.onap.sdc.ADMIN|2020-08-18 08:41:56.000+0000|org.onap.sdc|ADMIN
-jh0003@people.osaaf.org|org.onap.sdc.Account_Administrator|2020-08-18 08:41:56.000+0000|org.onap.sdc|Account_Administrator
-cs0008@people.osaaf.org|org.onap.sdc.TESTOR|2020-08-18 08:41:56.000+0000|org.onap.sdc|TESTOR
-jm0007@people.osaaf.org|org.onap.sdc.TESTOR|2020-08-18 08:41:56.000+0000|org.onap.sdc|TESTOR
-op0001@people.osaaf.org|org.onap.sdc.TESTOR|2020-08-18 08:41:56.000+0000|org.onap.sdc|TESTOR
-gv0001@people.osaaf.org|org.onap.sdc.TESTOR|2020-08-18 08:41:56.000+0000|org.onap.sdc|TESTOR
-pm0001@people.osaaf.org|org.onap.sdc.TESTOR|2020-08-18 08:41:56.000+0000|org.onap.sdc|TESTOR
-ps0001@people.osaaf.org|org.onap.sdc.TESTOR|2020-08-18 08:41:56.000+0000|org.onap.sdc|TESTOR
-aaf_admin@people.osaaf.org|org.onap.aaf-sms.admin|2020-08-18 08:41:56.000+0000|org.onap.aaf-sms|admin
-aaf_admin@people.osaaf.org|org.onap.aai.admin|2020-08-18 08:41:56.000+0000|org.onap.aai|admin
-aaf_admin@people.osaaf.org|org.onap.appc.admin|2020-08-18 08:41:56.000+0000|org.onap.appc|admin
-aaf_admin@people.osaaf.org|org.onap.appc.apidoc|2020-08-18 08:41:56.000+0000|org.onap.appc|apidoc
-aaf_admin@people.osaaf.org|org.onap.appc.restconf|2020-08-18 08:41:56.000+0000|org.onap.appc|restconf
-aaf_admin@people.osaaf.org|org.onap.cds.admin|2020-08-18 08:41:56.000+0000|org.onap.cds|admin
-aaf_admin@people.osaaf.org|org.onap.clamp.admin|2020-08-18 08:41:56.000+0000|org.onap.clamp|admin
-aaf_admin@people.osaaf.org|org.onap.dcae.admin|2020-08-18 08:41:56.000+0000|org.onap.dcae|admin
-aaf_admin@people.osaaf.org|org.onap.dmaap-bc-mm-prov.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap-bc-mm-prov|admin
-aaf_admin@people.osaaf.org|org.onap.dmaap-bc-topic-mgr.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap-bc-topic-mgr|admin
-aaf_admin@people.osaaf.org|org.onap.dmaap-bc.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap-bc|admin
-aaf_admin@people.osaaf.org|org.onap.dmaap-bc.api.Controller|2020-08-18 08:41:56.000+0000|org.onap.dmaap-bc.api|Controller
-aaf_admin@people.osaaf.org|org.onap.dmaap-bc.api.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap-bc.api|admin
-aaf_admin@people.osaaf.org|org.onap.dmaap-dr.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap-dr|admin
-aaf_admin@people.osaaf.org|org.onap.dmaap-mr.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap-mr|admin
-aaf_admin@people.osaaf.org|org.onap.dmaap-mr.sunil.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap-mr.sunil|admin
-aaf_admin@people.osaaf.org|org.onap.dmaap-mr.test.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap-mr.test|admin
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.IdentityTopic-12345.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.IdentityTopic-12345|owner
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.IdentityTopic-1547839476.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.IdentityTopic-1547839476|owner
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.PM_MAPPER.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.PM_MAPPER|owner
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.PNF_READY.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.PNF_READY|owner
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.PNF_REGISTRATION.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.PNF_REGISTRATION|owner
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr|admin
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.dgl_ready.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.dgl_ready|owner
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.mirrormakeragent.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.mirrormakeragent|owner
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.mrtesttopic.sub|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr|mrtesttopic.sub
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.test1|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr|test1
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.topic-000.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.topic-000|owner
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.topic-001.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.topic-001|owner
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.topic-002.owner|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.topic-002|owner
-aaf_admin@people.osaaf.org|org.onap.holmes.admin|2020-08-18 08:41:56.000+0000|org.onap.holmes|admin
-aaf_admin@people.osaaf.org|org.onap.music.admin|2020-08-18 08:41:56.000+0000|org.onap.music|admin
-aaf_admin@people.osaaf.org|org.onap.music.owner|2020-08-18 08:41:56.000+0000|org.onap.music|owner
-aaf_admin@people.osaaf.org|org.onap.nbi.admin|2020-08-18 08:41:56.000+0000|org.onap.nbi|admin
-aaf_admin@people.osaaf.org|org.onap.ngi.admin|2020-08-18 08:41:56.000+0000|org.onap.ngi|admin
-aaf_admin@people.osaaf.org|org.onap.oof.admin|2020-08-18 08:41:56.000+0000|org.onap.oof|admin
-aaf_admin@people.osaaf.org|org.onap.policy.admin|2020-08-18 08:41:56.000+0000|org.onap.policy|admin
-aaf_admin@people.osaaf.org|org.onap.pomba.admin|2020-08-18 08:41:56.000+0000|org.onap.pomba|admin
-aaf_admin@people.osaaf.org|org.onap.portal.admin|2020-08-18 08:41:56.000+0000|org.onap.portal|admin
-aaf_admin@people.osaaf.org|org.onap.sdc.admin|2020-08-18 08:41:56.000+0000|org.onap.sdc|admin
-aaf_admin@people.osaaf.org|org.onap.sdnc-cds.admin|2020-08-18 08:41:56.000+0000|org.onap.sdnc-cds|admin
-aaf_admin@people.osaaf.org|org.onap.sdnc.admin|2020-08-18 08:41:56.000+0000|org.onap.sdnc|admin
-aaf_admin@people.osaaf.org|org.onap.so.admin|2020-08-18 08:41:56.000+0000|org.onap.so|admin
-aaf_admin@people.osaaf.org|org.onap.vfc.admin|2020-08-18 08:41:56.000+0000|org.onap.vfc|admin
-aaf_admin@people.osaaf.org|org.onap.vid.admin|2020-08-18 08:41:56.000+0000|org.onap.vid|admin
-aaf_admin@people.osaaf.org|org.onap.vid1.admin|2020-08-18 08:41:56.000+0000|org.onap.vid1|admin
-aaf_admin@people.osaaf.org|org.onap.vid2.admin|2020-08-18 08:41:56.000+0000|org.onap.vid2|admin
-aaf_admin@people.osaaf.org|org.osaaf.aaf.admin|2020-08-18 08:41:56.000+0000|org.osaaf.aaf|admin
-aaf_admin@people.osaaf.org|org.osaaf.people.admin|2020-08-18 08:41:56.000+0000|org.osaaf.people|admin
-deployer@people.osaaf.org|org.osaaf.aaf.deploy|2020-08-18 08:41:56.000+0000|org.osaaf.aaf|deploy
-portal_admin@people.osaaf.org|org.onap.portal.admin|2020-08-18 08:41:56.000+0000|org.onap.portal|admin
-aaf@aaf.osaaf.org|org.admin|2020-08-18 08:41:56.000+0000|org|admin
-aaf@aaf.osaaf.org|org.osaaf.aaf.admin|2020-08-18 08:41:56.000+0000|org.osaaf.aaf|admin
-aaf@aaf.osaaf.org|org.osaaf.aaf.service|2020-08-18 08:41:56.000+0000|org.osaaf.aaf|service
-aaf@aaf.osaaf.org|org.osaaf.people.admin|2020-08-18 08:41:56.000+0000|org.osaaf.people|admin
-osaaf@aaf.osaaf.org|org.osaaf.aaf.admin|2020-08-18 08:41:56.000+0000|org.osaaf.aaf|admin
-aaf-sms@aaf-sms.onap.org|org.onap.aaf-sms.service|2020-08-18 08:41:56.000+0000|org.onap.aaf-sms|service
-clamp@clamp.onap.org|org.onap.clamp.clds.admin.dev|2020-08-18 08:41:56.000+0000|org.onap.clamp|clds.admin.dev
-clamp@clamp.onap.org|org.onap.clamp.clds.designer.dev|2020-08-18 08:41:56.000+0000|org.onap.clamp|clds.designer.dev
-clamp@clamp.onap.org|org.onap.clamp.clds.vf_filter_all.dev|2020-08-18 08:41:56.000+0000|org.onap.clamp|clds.vf_filter_all.dev
-clamp@clamp.onap.org|org.onap.clamp.seeCerts|2020-08-18 08:41:56.000+0000|org.onap.clamp|seeCerts
-clamp@clamp.onap.org|org.onap.clamp.service|2020-08-18 08:41:56.000+0000|org.onap.clamp|service
-clamp@clamp.onap.org|org.onap.clampdemo.owner|2020-08-18 08:41:56.000+0000|org.onap.clampdemo|owner
-clamp@clamp.onap.org|org.onap.clampdemo.service|2020-08-18 08:41:56.000+0000|org.onap.clampdemo|admin
-clamp@clamp.onap.org|org.onap.clamptest.owner|2020-08-18 08:41:56.000+0000|org.onap.clamptest|owner
-clamp@clamp.onap.org|org.onap.clamptest.service|2020-08-18 08:41:56.000+0000|org.onap.clamptest|admin
-clamp@clamp.onap.org|org.onap.dmaap.mr.aNewTopic-123451.subscriber|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aNewTopic-123451|subscriber
-clamp@clamp.onap.org|org.onap.dmaap.mr.dgl000.subscriber|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.dgl000|subscriber
-clamp@clamp.osaaf.org|org.onap.clamp.service|2020-08-18 08:41:56.000+0000|org.onap.clamp|service
-clamp@clampdemo.onap.org|org.onap.clampdemo.owner|2020-08-18 08:41:56.000+0000|org.onap.clampdemo|owner
-clamp@clampdemo.onap.org|org.onap.clampdemo.service|2020-08-18 08:41:56.000+0000|org.onap.clampdemo|admin
-clamp@clamptest.onap.org|org.onap.clamptest.owner|2020-08-18 08:41:56.000+0000|org.onap.clamptest|owner
-clamp@clamptest.onap.org|org.onap.clamptest.service|2020-08-18 08:41:56.000+0000|org.onap.clamptest|admin
-aai@aai.onap.org|org.onap.aai.admin|2020-08-18 08:41:56.000+0000|org.onap.aai|admin
-aai@aai.onap.org|org.onap.aai.resources_all|2020-08-18 08:41:56.000+0000|org.onap.aai|resources_all
-aai@aai.onap.org|org.onap.aai.traversal_advanced|2020-08-18 08:41:56.000+0000|org.onap.aai|traversal_advanced
-appc@appc.onap.org|org.onap.aai.resources_all|2020-08-18 08:41:56.000+0000|org.onap.aai|resources_all
-appc@appc.onap.org|org.onap.aai.traversal_advanced|2020-08-18 08:41:56.000+0000|org.onap.aai|traversal_advanced
-appc@appc.onap.org|org.onap.appc.admin|2020-08-18 08:41:56.000+0000|org.onap.appc|admin
-appc@appc.onap.org|org.onap.appc.odl|2020-08-18 08:41:56.000+0000|org.onap.appc|odl
-appc@appc.onap.org|org.onap.appc.service|2020-08-18 08:41:56.000+0000|org.onap.appc|service
-dcae@dcae.onap.org|org.onap.aai.resources_all|2020-08-18 08:41:56.000+0000|org.onap.aai|resources_all
-dcae@dcae.onap.org|org.onap.aai.traversal_advanced|2020-08-18 08:41:56.000+0000|org.onap.aai|traversal_advanced
-dcae@dcae.onap.org|org.onap.dcae.pmPublisher|2020-08-18 08:41:56.000+0000|org.onap.dcae|pmPublisher
-dcae@dcae.onap.org|org.onap.dcae.pmSubscriber|2020-08-18 08:41:56.000+0000|org.onap.dcae|pmSubscriber
-dcae@dcae.onap.org|org.onap.dcae.pnfPublisher|2020-08-18 08:41:56.000+0000|org.onap.dcae|pnfPublisher
-dcae@dcae.onap.org|org.onap.dcae.pnfSubscriber|2020-08-18 08:41:56.000+0000|org.onap.dcae|pnfSubscriber
-dcae@dcae.onap.org|org.onap.dcae.seeCerts|2020-08-18 08:41:56.000+0000|org.onap.dcae|seeCerts
-dcae@dcae.onap.org|org.onap.dmaap-dr.feed.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap-dr|feed.admin
-dcae@dcae.onap.org|org.onap.dmaap-dr.sub.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap-dr|sub.admin
-dcae@dcae.onap.org|org.onap.dmaap.mr.PM_MAPPER.publisher|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.PM_MAPPER|publisher
-dcae@dcae.onap.org|org.onap.dmaap.mr.PNF_READY.pub|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.PNF_READY|pub
-dcae@dcae.onap.org|org.onap.dmaap.mr.PNF_REGISTRATION.sub|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.PNF_REGISTRATION|sub
-dcae@dcae.onap.org|org.onap.dmaap.mr.aNewTopic-123451.subscriber|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aNewTopic-123451|subscriber
-oof@oof.onap.org|org.onap.aai.resources_all|2020-08-18 08:41:56.000+0000|org.onap.aai|resources_all
-oof@oof.onap.org|org.onap.aai.traversal_advanced|2020-08-18 08:41:56.000+0000|org.onap.aai|traversal_advanced
-oof@oof.onap.org|org.onap.oof.admin|2020-08-18 08:41:56.000+0000|org.onap.oof|admin
-oof@oof.onap.org|org.onap.oof.service|2020-08-18 08:41:56.000+0000|org.onap.oof|service
-so@so.onap.org|org.onap.aai.resources_all|2020-08-18 08:41:56.000+0000|org.onap.aai|resources_all
-so@so.onap.org|org.onap.aai.traversal_advanced|2020-08-18 08:41:56.000+0000|org.onap.aai|traversal_advanced
-so@so.onap.org|org.onap.appc.service|2020-08-18 08:41:56.000+0000|org.onap.appc|service
-so@so.onap.org|org.onap.sdnc.service|2020-08-18 08:41:56.000+0000|org.onap.sdnc|service
-so@so.onap.org|org.onap.so.actuatorManagementUsers|2020-08-18 08:41:56.000+0000|org.onap.so|actuatorManagementUsers
-so@so.onap.org|org.onap.so.admin|2020-08-18 08:41:56.000+0000|org.onap.so|admin
-so@so.onap.org|org.onap.so.apihUsers.Read|2020-08-18 08:41:56.000+0000|org.onap.so|apihUsers.Read
-so@so.onap.org|org.onap.so.apihUsers.Write|2020-08-18 08:41:56.000+0000|org.onap.so|apihUsers.Write
-so@so.onap.org|org.onap.so.app|2020-08-18 08:41:56.000+0000|org.onap.so|app
-so@so.onap.org|org.onap.so.bpmnUsers.Read|2020-08-18 08:41:56.000+0000|org.onap.so|bpmnUsers.Read
-so@so.onap.org|org.onap.so.bpmnUsers.Write|2020-08-18 08:41:56.000+0000|org.onap.so|bpmnUsers.Write
-so@so.onap.org|org.onap.so.catalogDbAdapterUsers.Read|2020-08-18 08:41:56.000+0000|org.onap.so|catalogDbAdapterUsers.Read
-so@so.onap.org|org.onap.so.catalogDbAdapterUsers.Write|2020-08-18 08:41:56.000+0000|org.onap.so|catalogDbAdapterUsers.Write
-so@so.onap.org|org.onap.so.monitoringUsers.Read|2020-08-18 08:41:56.000+0000|org.onap.so|monitoringUsers.Read
-so@so.onap.org|org.onap.so.monitoringUsers.Write|2020-08-18 08:41:56.000+0000|org.onap.so|monitoringUsers.Write
-so@so.onap.org|org.onap.so.openStackAdapterUsers.Read|2020-08-18 08:41:56.000+0000|org.onap.so|openStackAdapterUsers.Read
-so@so.onap.org|org.onap.so.openStackAdapterUsers.Write|2020-08-18 08:41:56.000+0000|org.onap.so|openStackAdapterUsers.Write
-so@so.onap.org|org.onap.so.requestDbAdapterUsers.Read|2020-08-18 08:41:56.000+0000|org.onap.so|requestDbAdapterUsers.Read
-so@so.onap.org|org.onap.so.requestDbAdapterUsers.Write|2020-08-18 08:41:56.000+0000|org.onap.so|requestDbAdapterUsers.Write
-so@so.onap.org|org.onap.so.sdcControllerUsers.Read|2020-08-18 08:41:56.000+0000|org.onap.so|sdcControllerUsers.Read
-so@so.onap.org|org.onap.so.sdcControllerUsers.Write|2020-08-18 08:41:56.000+0000|org.onap.so|sdcControllerUsers.Write
-so@so.onap.org|org.onap.so.sdncAdapterUsers.Read|2020-08-18 08:41:56.000+0000|org.onap.so|sdncAdapterUsers.Read
-so@so.onap.org|org.onap.so.sdncAdapterUsers.Write|2020-08-18 08:41:56.000+0000|org.onap.so|sdncAdapterUsers.Write
-so@so.onap.org|org.onap.so.vfcAdapterUsers.Read|2020-08-18 08:41:56.000+0000|org.onap.so|vfcAdapterUsers.Read
-so@so.onap.org|org.onap.so.vfcAdapterUsers.Write|2020-08-18 08:41:56.000+0000|org.onap.so|vfcAdapterUsers.Write
-so@so.onap.org|org.onap.so.vnfmAdapterUsers.Read|2020-08-18 08:41:56.000+0000|org.onap.so|vnfmAdapterUsers.Read
-so@so.onap.org|org.onap.so.vnfmAdapterUsers.Write|2020-08-18 08:41:56.000+0000|org.onap.so|vnfmAdapterUsers.Write
-sdc@sdc.onap.org|org.onap.aai.resources_all|2020-08-18 08:41:56.000+0000|org.onap.aai|resources_all
-sdc@sdc.onap.org|org.onap.aai.traversal_advanced|2020-08-18 08:41:56.000+0000|org.onap.aai|traversal_advanced
-sdc@sdc.onap.org|org.onap.so.apihUsers.Write|2020-08-18 08:41:56.000+0000|org.onap.so|apihUsers.Write
-sdc@sdc.onap.org|org.onap.so.sdcControllerUsers.Write|2020-08-18 08:41:56.000+0000|org.onap.so|sdcControllerUsers.Write
-sdnc@sdnc.onap.org|org.onap.aai.resources_all|2020-08-18 08:41:56.000+0000|org.onap.aai|resources_all
-sdnc@sdnc.onap.org|org.onap.dmaap.mr.aNewTopic-123451.publisher|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aNewTopic-123451|publisher
-sdnc@sdnc.onap.org|org.onap.dmaap.mr.dgl000.publisher|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.dgl000|publisher
-sdnc@sdnc.onap.org|org.onap.sdnc.admin|2020-08-18 08:41:56.000+0000|org.onap.sdnc|admin
-sdnc@sdnc.onap.org|org.onap.sdnc.service|2020-08-18 08:41:56.000+0000|org.onap.sdnc|service
-sdnc-cds@sdnc-cds.onap.org|org.onap.sdnc-cds.service|2020-08-18 08:41:56.000+0000|org.onap.sdnc-cds|service
-vfc@vfc.onap.org|org.onap.aai.resources_all|2020-08-18 08:41:56.000+0000|org.onap.aai|resources_all
-vfc@vfc.onap.org|org.onap.aai.traversal_advanced|2020-08-18 08:41:56.000+0000|org.onap.aai|traversal_advanced
-vfc@vfc.onap.org|org.onap.dmaap-mr.Publisher|2020-08-18 08:41:56.000+0000|org.onap.dmaap-mr|Publisher
-vfc@vfc.onap.org|org.onap.vfc.service|2020-08-18 08:41:56.000+0000|org.onap.vfc|service
-policy@policy.onap.org|org.onap.aai.resources_all|2020-08-18 08:41:56.000+0000|org.onap.aai|resources_all
-policy@policy.onap.org|org.onap.aai.traversal_advanced|2020-08-18 08:41:56.000+0000|org.onap.aai|traversal_advanced
-policy@policy.onap.org|org.onap.policy.pdpd.admin|2020-08-18 08:41:56.000+0000|org.onap.policy|pdpd.admin
-policy@policy.onap.org|org.onap.policy.pdpx.admin|2020-08-18 08:41:56.000+0000|org.onap.policy|pdpx.admin
-policy@policy.onap.org|org.onap.policy.seeCerts|2020-08-18 08:41:56.000+0000|org.onap.policy|seeCerts
-pomba@pomba.onap.org|org.onap.aai.resources_all|2020-08-18 08:41:56.000+0000|org.onap.aai|resources_all
-pomba@pomba.onap.org|org.onap.aai.traversal_advanced|2020-08-18 08:41:56.000+0000|org.onap.aai|traversal_advanced
-holmes@holmes.onap.org|org.onap.holmes.service|2020-08-18 08:41:56.000+0000|org.onap.holmes|service
-nbi@nbi.onap.org|org.onap.nbi.service|2020-08-18 08:41:56.000+0000|org.onap.nbi|service
-music@music.onap.org|org.onap.music.service|2020-08-18 08:41:56.000+0000|org.onap.music|service
-vid@vid.onap.org|org.onap.aai.resources_all|2020-08-18 08:41:56.000+0000|org.onap.aai|resources_all
-vid@vid.onap.org|org.onap.aai.traversal_advanced|2020-08-18 08:41:56.000+0000|org.onap.aai|traversal_advanced
-vid@vid.onap.org|org.onap.so.apihUsers.Write|2020-08-18 08:41:56.000+0000|org.onap.so|apihUsers.Write
-vid@vid.onap.org|org.onap.vid.service|2020-08-18 08:41:56.000+0000|org.onap.vid|service
-vid1@people.osaaf.org|org.onap.vid.System_Administrator|2020-08-18 08:41:56.000+0000|org.onap.vid|System_Administrator
-vid2@people.osaaf.org|org.onap.vid.Standard_User|2020-08-18 08:41:56.000+0000|org.onap.vid|Standard_User
-vid2@people.osaaf.org|org.onap.vid.System_Administrator|2020-08-18 08:41:56.000+0000|org.onap.vid|System_Administrator
-dmaap-bc@bc.dmaap.onap.org|org.onap.dmaap.bc.service|2020-08-18 08:41:56.000+0000|org.onap.dmaap.bc|service
-dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap-bc.api.Controller|2020-08-18 08:41:56.000+0000|org.onap.dmaap-bc.api|Controller
-dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap-bc.seeCerts|2020-08-18 08:41:56.000+0000|org.onap.dmaap-bc|seeCerts
-dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap-bc.service|2020-08-18 08:41:56.000+0000|org.onap.dmaap-bc|service
-dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap.mr.PM_MAPPER.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.PM_MAPPER|admin
-dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap.mr.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr|admin
-dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap.mr.dgl000.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.dgl000|admin
-dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap.mr.mirrormakeragent.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.mirrormakeragent|admin
-dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap.mr.topic-001.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.topic-001|admin
-dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap.mr.topic-002.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.topic-002|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap-bc-topic-mgr.client|2020-08-18 08:41:56.000+0000|org.onap.dmaap-bc-topic-mgr|client
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap-dr.feed.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap-dr|feed.admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap-dr.sub.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap-dr|sub.admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.IdentityTopic-12345.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.IdentityTopic-12345|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.IdentityTopic-1547839476.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.IdentityTopic-1547839476|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.PNF_READY.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.PNF_READY|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.PNF_REGISTRATION.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.PNF_REGISTRATION|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aNewTopic-.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aNewTopic-|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aNewTopic-123450.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aNewTopic-123450|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aNewTopic-123451.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aNewTopic-123451|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aNewTopic-1547667570.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aNewTopic-1547667570|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTest-1547665517.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTest-1547665517|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTest-1547666628.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTest-1547666628|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTest-1547666760.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTest-1547666760|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTest-1547666950.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTest-1547666950|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTest-1547667031.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTest-1547667031|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-123456.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTestTopic-123456|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-123457.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTestTopic-123457|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-1547660509.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTestTopic-1547660509|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-1547660861.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTestTopic-1547660861|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-1547661011.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTestTopic-1547661011|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-1547662122.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTestTopic-1547662122|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-1547662451.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTestTopic-1547662451|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-1547664813.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTestTopic-1547664813|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-1547664928.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTestTopic-1547664928|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-1547666068.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTestTopic-1547666068|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTopic-1547654909.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.aTopic-1547654909|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.create|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr|create
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.destroy|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr|destroy
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.dgl_ready.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.dgl_ready|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.mirrormaker.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr|mirrormaker.admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.mirrormaker.user|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr|mirrormaker.user
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.mirrormakeragent.publisher|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.mirrormakeragent|publisher
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.mirrormakeragent.pub|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.mirrormakeragent|pub
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.mirrormakeragent.subscriber|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.mirrormakeragent|subscriber
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.mirrormakeragent.sub|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.mirrormakeragent|sub
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.partitionTest-1546033194.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.partitionTest-1546033194|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.topic-000.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.topic-000|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.view|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr|view
-dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.create|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr|create
-dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.destroy|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr|destroy
-dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.mirrormaker.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr|mirrormaker.admin
-dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.mirrormaker.user|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr|mirrormaker.user
-dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.mirrormakeragent.publisher|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.mirrormakeragent|publisher
-dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.mirrormakeragent.pub|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.mirrormakeragent|pub
-dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.mirrormakeragent.subscriber|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.mirrormakeragent|subscriber
-dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.mirrormakeragent.sub|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr.mirrormakeragent|sub
-dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.view|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr|view
-dmaap-dr@dmaap-dr.onap.org|org.onap.dmaap-dr.seeCerts|2020-08-18 08:41:56.000+0000|org.onap.dmaap-dr|seeCerts
-dmaap-dr-prov@dmaap-dr.onap.org|org.onap.dmaap-dr.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap-dr|admin
-dmaap-dr-prov@dmaap-dr.onap.org|org.onap.dmaap-dr.seeCerts|2020-08-18 08:41:56.000+0000|org.onap.dmaap-dr|seeCerts
-dmaap-dr-node@dmaap-dr.onap.org|org.onap.dmaap-dr.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap-dr|admin
-dmaap-dr-node@dmaap-dr.onap.org|org.onap.dmaap-dr.seeCerts|2020-08-18 08:41:56.000+0000|org.onap.dmaap-dr|seeCerts
-dmaapmr@mr.dmaap.onap.org|org.onap.dmaap.mr.admin|2020-08-18 08:41:56.000+0000|org.onap.dmaap.mr|admin
+mmanager@people.osaaf.org|org.onap.aaf-sms.admin|2020-09-05 12:09:20.000+0000|org.onap.aaf-sms|admin
+mmanager@people.osaaf.org|org.onap.aaf-sms.owner|2020-09-05 12:09:20.000+0000|org.onap.aaf-sms|owner
+mmanager@people.osaaf.org|org.onap.aai.admin|2020-09-05 12:09:20.000+0000|org.onap.aai|admin
+mmanager@people.osaaf.org|org.onap.aai.owner|2020-09-05 12:09:20.000+0000|org.onap.aai|owner
+mmanager@people.osaaf.org|org.onap.admin|2020-09-05 12:09:20.000+0000|org.onap|admin
+mmanager@people.osaaf.org|org.onap.appc.admin|2020-09-05 12:09:20.000+0000|org.onap.appc|admin
+mmanager@people.osaaf.org|org.onap.appc.owner|2020-09-05 12:09:20.000+0000|org.onap.appc|owner
+mmanager@people.osaaf.org|org.onap.cds.admin|2020-09-05 12:09:20.000+0000|org.onap.cds|admin
+mmanager@people.osaaf.org|org.onap.cds.owner|2020-09-05 12:09:20.000+0000|org.onap.cds|owner
+mmanager@people.osaaf.org|org.onap.clamp.admin|2020-09-05 12:09:20.000+0000|org.onap.clamp|admin
+mmanager@people.osaaf.org|org.onap.clamp.owner|2020-09-05 12:09:20.000+0000|org.onap.clamp|owner
+mmanager@people.osaaf.org|org.onap.dcae.admin|2020-09-05 12:09:20.000+0000|org.onap.dcae|admin
+mmanager@people.osaaf.org|org.onap.dcae.owner|2020-09-05 12:09:20.000+0000|org.onap.dcae|owner
+mmanager@people.osaaf.org|org.onap.dmaap-bc-mm-prov.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-bc-mm-prov|admin
+mmanager@people.osaaf.org|org.onap.dmaap-bc-mm-prov.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap-bc-mm-prov|owner
+mmanager@people.osaaf.org|org.onap.dmaap-bc-topic-mgr.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-bc-topic-mgr|admin
+mmanager@people.osaaf.org|org.onap.dmaap-bc-topic-mgr.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap-bc-topic-mgr|owner
+mmanager@people.osaaf.org|org.onap.dmaap-bc.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-bc|admin
+mmanager@people.osaaf.org|org.onap.dmaap-bc.api.Controller|2020-09-05 12:09:20.000+0000|org.onap.dmaap-bc.api|Controller
+mmanager@people.osaaf.org|org.onap.dmaap-bc.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap-bc|owner
+mmanager@people.osaaf.org|org.onap.dmaap-dr.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap-dr|owner
+mmanager@people.osaaf.org|org.onap.dmaap-mr.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-mr|admin
+mmanager@people.osaaf.org|org.onap.dmaap-mr.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap-mr|owner
+mmanager@people.osaaf.org|org.onap.dmaap-mr.sunil.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap-mr.sunil|owner
+mmanager@people.osaaf.org|org.onap.dmaap-mr.test.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap-mr.test|owner
+mmanager@people.osaaf.org|org.onap.dmaap.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap|admin
+mmanager@people.osaaf.org|org.onap.dmaap.mr.aNewTopic-.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aNewTopic-|owner
+mmanager@people.osaaf.org|org.onap.dmaap.mr.aNewTopic-123450.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aNewTopic-123450|owner
+mmanager@people.osaaf.org|org.onap.dmaap.mr.aNewTopic-123451.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aNewTopic-123451|owner
+mmanager@people.osaaf.org|org.onap.dmaap.mr.aNewTopic-1547667570.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aNewTopic-1547667570|owner
+mmanager@people.osaaf.org|org.onap.dmaap.mr.aTest-1547665517.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTest-1547665517|owner
+mmanager@people.osaaf.org|org.onap.dmaap.mr.aTest-1547666628.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTest-1547666628|owner
+mmanager@people.osaaf.org|org.onap.dmaap.mr.aTest-1547666760.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTest-1547666760|owner
+mmanager@people.osaaf.org|org.onap.dmaap.mr.aTest-1547666950.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTest-1547666950|owner
+mmanager@people.osaaf.org|org.onap.dmaap.mr.aTest-1547667031.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTest-1547667031|owner
+mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-123456.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTestTopic-123456|owner
+mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-123457.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTestTopic-123457|owner
+mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-1547660509.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTestTopic-1547660509|owner
+mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-1547660861.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTestTopic-1547660861|owner
+mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-1547661011.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTestTopic-1547661011|owner
+mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-1547662122.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTestTopic-1547662122|owner
+mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-1547662451.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTestTopic-1547662451|owner
+mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-1547664813.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTestTopic-1547664813|owner
+mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-1547664928.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTestTopic-1547664928|owner
+mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-1547666068.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTestTopic-1547666068|owner
+mmanager@people.osaaf.org|org.onap.dmaap.mr.aTopic-1547654909.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTopic-1547654909|owner
+mmanager@people.osaaf.org|org.onap.dmaap.mr.dgl000.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.dgl000|owner
+mmanager@people.osaaf.org|org.onap.dmaap.mr.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|owner
+mmanager@people.osaaf.org|org.onap.dmaap.mr.partitionTest-1546033194.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.partitionTest-1546033194|owner
+mmanager@people.osaaf.org|org.onap.dmaap.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap|owner
+mmanager@people.osaaf.org|org.onap.holmes.owner|2020-09-05 12:09:20.000+0000|org.onap.holmes|owner
+mmanager@people.osaaf.org|org.onap.music.admin|2020-09-05 12:09:20.000+0000|org.onap.music|admin
+mmanager@people.osaaf.org|org.onap.music.owner|2020-09-05 12:09:20.000+0000|org.onap.music|owner
+mmanager@people.osaaf.org|org.onap.nbi.owner|2020-09-05 12:09:20.000+0000|org.onap.nbi|owner
+mmanager@people.osaaf.org|org.onap.ngi.owner|2020-09-05 12:09:20.000+0000|org.onap.ngi|owner
+mmanager@people.osaaf.org|org.onap.oof.admin|2020-09-05 12:09:20.000+0000|org.onap.oof|admin
+mmanager@people.osaaf.org|org.onap.oof.owner|2020-09-05 12:09:20.000+0000|org.onap.oof|owner
+mmanager@people.osaaf.org|org.onap.owner|2020-09-05 12:09:20.000+0000|org.onap|owner
+mmanager@people.osaaf.org|org.onap.policy.owner|2020-09-05 12:09:20.000+0000|org.onap.policy|owner
+mmanager@people.osaaf.org|org.onap.pomba.admin|2020-09-05 12:09:20.000+0000|org.onap.pomba|admin
+mmanager@people.osaaf.org|org.onap.pomba.owner|2020-09-05 12:09:20.000+0000|org.onap.pomba|owner
+mmanager@people.osaaf.org|org.onap.portal.admin|2020-09-05 12:09:20.000+0000|org.onap.portal|admin
+mmanager@people.osaaf.org|org.onap.portal.owner|2020-09-05 12:09:20.000+0000|org.onap.portal|owner
+mmanager@people.osaaf.org|org.onap.sdc.admin|2020-09-05 12:09:20.000+0000|org.onap.sdc|admin
+mmanager@people.osaaf.org|org.onap.sdc.owner|2020-09-05 12:09:20.000+0000|org.onap.sdc|owner
+mmanager@people.osaaf.org|org.onap.sdnc-cds.admin|2020-09-05 12:09:20.000+0000|org.onap.sdnc-cds|admin
+mmanager@people.osaaf.org|org.onap.sdnc-cds.owner|2020-09-05 12:09:20.000+0000|org.onap.sdnc-cds|owner
+mmanager@people.osaaf.org|org.onap.sdnc.admin|2020-09-05 12:09:20.000+0000|org.onap.sdnc|admin
+mmanager@people.osaaf.org|org.onap.sdnc.owner|2020-09-05 12:09:20.000+0000|org.onap.sdnc|owner
+mmanager@people.osaaf.org|org.onap.so.admin|2020-09-05 12:09:20.000+0000|org.onap.so|admin
+mmanager@people.osaaf.org|org.onap.so.owner|2020-09-05 12:09:20.000+0000|org.onap.so|owner
+mmanager@people.osaaf.org|org.onap.vfc.admin|2020-09-05 12:09:20.000+0000|org.onap.vfc|admin
+mmanager@people.osaaf.org|org.onap.vfc.owner|2020-09-05 12:09:20.000+0000|org.onap.vfc|owner
+mmanager@people.osaaf.org|org.onap.vid.admin|2020-09-05 12:09:20.000+0000|org.onap.vid|admin
+mmanager@people.osaaf.org|org.onap.vid.owner|2020-09-05 12:09:20.000+0000|org.onap.vid|owner
+mmanager@people.osaaf.org|org.onap.vid1.admin|2020-09-05 12:09:20.000+0000|org.onap.vid1|admin
+mmanager@people.osaaf.org|org.onap.vid1.owner|2020-09-05 12:09:20.000+0000|org.onap.vid1|owner
+mmanager@people.osaaf.org|org.onap.vid2.admin|2020-09-05 12:09:20.000+0000|org.onap.vid2|admin
+mmanager@people.osaaf.org|org.onap.vid2.owner|2020-09-05 12:09:20.000+0000|org.onap.vid2|owner
+mmanager@people.osaaf.org|org.osaaf.people.owner|2020-09-05 12:09:20.000+0000|org.osaaf.people|owner
+shi@portal.onap.org|org.onap.portal.admin|2020-09-05 12:09:20.000+0000|org.onap.portal|admin
+demo@mr.dmaap.onap.org|org.onap.dmaap.mr.view|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|view
+demo@people.osaaf.org|org.onap.aai.Account_Administrator|2020-09-05 12:09:20.000+0000|org.onap.aai|Account_Administrator
+demo@people.osaaf.org|org.onap.aai.aaiui|2020-09-05 12:09:20.000+0000|org.onap.aai|aaiui
+demo@people.osaaf.org|org.onap.aai.resources_readonly|2020-09-05 12:09:20.000+0000|org.onap.aai|resources_readonly
+demo@people.osaaf.org|org.onap.aai.traversal_basic|2020-09-05 12:09:20.000+0000|org.onap.aai|traversal_basic
+demo@people.osaaf.org|org.onap.dcae.pnfPublisher|2020-09-05 12:09:20.000+0000|org.onap.dcae|pnfPublisher
+demo@people.osaaf.org|org.onap.dcae.pnfSubscriber|2020-09-05 12:09:20.000+0000|org.onap.dcae|pnfSubscriber
+demo@people.osaaf.org|org.onap.dmaap-bc.api.Controller|2020-09-05 12:09:20.000+0000|org.onap.dmaap-bc.api|Controller
+demo@people.osaaf.org|org.onap.dmaap.mr.aNewTopic-123451.publisher|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aNewTopic-123451|publisher
+demo@people.osaaf.org|org.onap.dmaap.mr.create|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|create
+demo@people.osaaf.org|org.onap.dmaap.mr.destroy|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|destroy
+demo@people.osaaf.org|org.onap.dmaap.mr.mirrormakeragent.publisher|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.mirrormakeragent|publisher
+demo@people.osaaf.org|org.onap.dmaap.mr.mirrormakeragent.pub|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.mirrormakeragent|pub
+demo@people.osaaf.org|org.onap.dmaap.mr.mirrormakeragent.subscriber|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.mirrormakeragent|subscriber
+demo@people.osaaf.org|org.onap.dmaap.mr.mirrormakeragent.sub|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.mirrormakeragent|sub
+demo@people.osaaf.org|org.onap.dmaap.mr.mrtesttopic.pub|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|mrtesttopic.pub
+demo@people.osaaf.org|org.onap.dmaap.mr.mrtesttopic.sub|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|mrtesttopic.sub
+demo@people.osaaf.org|org.onap.dmaap.mr.view|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|view
+demo@people.osaaf.org|org.onap.policy.Account_Administrator|2020-09-05 12:09:20.000+0000|org.onap.policy|Account_Administrator
+demo@people.osaaf.org|org.onap.policy.System_Administrator|2020-09-05 12:09:20.000+0000|org.onap.policy|System_Administrator
+demo@people.osaaf.org|org.onap.policy.pdpd.admin|2020-09-05 12:09:20.000+0000|org.onap.policy|pdpd.admin
+demo@people.osaaf.org|org.onap.policy.pdpx.admin|2020-09-05 12:09:20.000+0000|org.onap.policy|pdpx.admin
+demo@people.osaaf.org|org.onap.portal.Account_Administrator|2020-09-05 12:09:20.000+0000|org.onap.portal|Account_Administrator
+demo@people.osaaf.org|org.onap.portal.System_Administrator|2020-09-05 12:09:20.000+0000|org.onap.portal|System_Administrator
+demo@people.osaaf.org|org.onap.portal.admin|2020-09-05 12:09:20.000+0000|org.onap.portal|admin
+demo@people.osaaf.org|org.onap.portal.test.admin|2020-09-05 12:09:20.000+0000|org.onap.portal.test|admin
+demo@people.osaaf.org|org.onap.portal.test.owner|2020-09-05 12:09:20.000+0000|org.onap.portal.test|owner
+demo@people.osaaf.org|org.onap.portal.test.user1|2020-09-05 12:09:20.000+0000|org.onap.portal.test|user1
+demo@people.osaaf.org|org.onap.sdc.ADMIN|2020-09-05 12:09:20.000+0000|org.onap.sdc|ADMIN
+demo@people.osaaf.org|org.onap.sdc.Account_Administrator|2020-09-05 12:09:20.000+0000|org.onap.sdc|Account_Administrator
+demo@people.osaaf.org|org.onap.vid.Account_Administrator|2020-09-05 12:09:20.000+0000|org.onap.vid|Account_Administrator
+demo@people.osaaf.org|org.onap.vid.Demonstration___gNB|2020-09-05 12:09:20.000+0000|org.onap.vid|Demonstration___gNB
+demo@people.osaaf.org|org.onap.vid.Demonstration___vCPE|2020-09-05 12:09:20.000+0000|org.onap.vid|Demonstration___vCPE
+demo@people.osaaf.org|org.onap.vid.Demonstration___vFWCL|2020-09-05 12:09:20.000+0000|org.onap.vid|Demonstration___vFWCL
+demo@people.osaaf.org|org.onap.vid.Demonstration___vFW|2020-09-05 12:09:20.000+0000|org.onap.vid|Demonstration___vFW
+demo@people.osaaf.org|org.onap.vid.Demonstration___vIMS|2020-09-05 12:09:20.000+0000|org.onap.vid|Demonstration___vIMS
+demo@people.osaaf.org|org.onap.vid.Demonstration___vLB|2020-09-05 12:09:20.000+0000|org.onap.vid|Demonstration___vLB
+demo@people.osaaf.org|org.onap.vid.System_Administrator|2020-09-05 12:09:20.000+0000|org.onap.vid|System_Administrator
+jh0003@people.osaaf.org|org.onap.portal.admin|2020-09-05 12:09:20.000+0000|org.onap.portal|admin
+jh0003@people.osaaf.org|org.onap.sdc.ADMIN|2020-09-05 12:09:20.000+0000|org.onap.sdc|ADMIN
+jh0003@people.osaaf.org|org.onap.sdc.Account_Administrator|2020-09-05 12:09:20.000+0000|org.onap.sdc|Account_Administrator
+cs0008@people.osaaf.org|org.onap.sdc.TESTOR|2020-09-05 12:09:20.000+0000|org.onap.sdc|TESTOR
+jm0007@people.osaaf.org|org.onap.sdc.TESTOR|2020-09-05 12:09:20.000+0000|org.onap.sdc|TESTOR
+op0001@people.osaaf.org|org.onap.sdc.TESTOR|2020-09-05 12:09:20.000+0000|org.onap.sdc|TESTOR
+gv0001@people.osaaf.org|org.onap.sdc.TESTOR|2020-09-05 12:09:20.000+0000|org.onap.sdc|TESTOR
+pm0001@people.osaaf.org|org.onap.sdc.TESTOR|2020-09-05 12:09:20.000+0000|org.onap.sdc|TESTOR
+ps0001@people.osaaf.org|org.onap.sdc.TESTOR|2020-09-05 12:09:20.000+0000|org.onap.sdc|TESTOR
+aaf_admin@people.osaaf.org|org.onap.aaf-sms.admin|2020-09-05 12:09:20.000+0000|org.onap.aaf-sms|admin
+aaf_admin@people.osaaf.org|org.onap.aai.admin|2020-09-05 12:09:20.000+0000|org.onap.aai|admin
+aaf_admin@people.osaaf.org|org.onap.appc.admin|2020-09-05 12:09:20.000+0000|org.onap.appc|admin
+aaf_admin@people.osaaf.org|org.onap.appc.apidoc|2020-09-05 12:09:20.000+0000|org.onap.appc|apidoc
+aaf_admin@people.osaaf.org|org.onap.appc.restconf|2020-09-05 12:09:20.000+0000|org.onap.appc|restconf
+aaf_admin@people.osaaf.org|org.onap.cds.admin|2020-09-05 12:09:20.000+0000|org.onap.cds|admin
+aaf_admin@people.osaaf.org|org.onap.clamp.admin|2020-09-05 12:09:20.000+0000|org.onap.clamp|admin
+aaf_admin@people.osaaf.org|org.onap.dcae.admin|2020-09-05 12:09:20.000+0000|org.onap.dcae|admin
+aaf_admin@people.osaaf.org|org.onap.dmaap-bc-mm-prov.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-bc-mm-prov|admin
+aaf_admin@people.osaaf.org|org.onap.dmaap-bc-topic-mgr.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-bc-topic-mgr|admin
+aaf_admin@people.osaaf.org|org.onap.dmaap-bc.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-bc|admin
+aaf_admin@people.osaaf.org|org.onap.dmaap-bc.api.Controller|2020-09-05 12:09:20.000+0000|org.onap.dmaap-bc.api|Controller
+aaf_admin@people.osaaf.org|org.onap.dmaap-bc.api.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-bc.api|admin
+aaf_admin@people.osaaf.org|org.onap.dmaap-dr.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-dr|admin
+aaf_admin@people.osaaf.org|org.onap.dmaap-mr.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-mr|admin
+aaf_admin@people.osaaf.org|org.onap.dmaap-mr.sunil.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-mr.sunil|admin
+aaf_admin@people.osaaf.org|org.onap.dmaap-mr.test.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-mr.test|admin
+aaf_admin@people.osaaf.org|org.onap.dmaap.mr.IdentityTopic-12345.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.IdentityTopic-12345|owner
+aaf_admin@people.osaaf.org|org.onap.dmaap.mr.IdentityTopic-1547839476.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.IdentityTopic-1547839476|owner
+aaf_admin@people.osaaf.org|org.onap.dmaap.mr.PM_MAPPER.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.PM_MAPPER|owner
+aaf_admin@people.osaaf.org|org.onap.dmaap.mr.PNF_READY.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.PNF_READY|owner
+aaf_admin@people.osaaf.org|org.onap.dmaap.mr.PNF_REGISTRATION.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.PNF_REGISTRATION|owner
+aaf_admin@people.osaaf.org|org.onap.dmaap.mr.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|admin
+aaf_admin@people.osaaf.org|org.onap.dmaap.mr.dgl_ready.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.dgl_ready|owner
+aaf_admin@people.osaaf.org|org.onap.dmaap.mr.mirrormakeragent.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.mirrormakeragent|owner
+aaf_admin@people.osaaf.org|org.onap.dmaap.mr.mrtesttopic.sub|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|mrtesttopic.sub
+aaf_admin@people.osaaf.org|org.onap.dmaap.mr.test1|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|test1
+aaf_admin@people.osaaf.org|org.onap.dmaap.mr.topic-000.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.topic-000|owner
+aaf_admin@people.osaaf.org|org.onap.dmaap.mr.topic-001.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.topic-001|owner
+aaf_admin@people.osaaf.org|org.onap.dmaap.mr.topic-002.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.topic-002|owner
+aaf_admin@people.osaaf.org|org.onap.holmes.admin|2020-09-05 12:09:20.000+0000|org.onap.holmes|admin
+aaf_admin@people.osaaf.org|org.onap.music.admin|2020-09-05 12:09:20.000+0000|org.onap.music|admin
+aaf_admin@people.osaaf.org|org.onap.music.owner|2020-09-05 12:09:20.000+0000|org.onap.music|owner
+aaf_admin@people.osaaf.org|org.onap.nbi.admin|2020-09-05 12:09:20.000+0000|org.onap.nbi|admin
+aaf_admin@people.osaaf.org|org.onap.ngi.admin|2020-09-05 12:09:20.000+0000|org.onap.ngi|admin
+aaf_admin@people.osaaf.org|org.onap.oof.admin|2020-09-05 12:09:20.000+0000|org.onap.oof|admin
+aaf_admin@people.osaaf.org|org.onap.policy.admin|2020-09-05 12:09:20.000+0000|org.onap.policy|admin
+aaf_admin@people.osaaf.org|org.onap.pomba.admin|2020-09-05 12:09:20.000+0000|org.onap.pomba|admin
+aaf_admin@people.osaaf.org|org.onap.portal.admin|2020-09-05 12:09:20.000+0000|org.onap.portal|admin
+aaf_admin@people.osaaf.org|org.onap.sdc.admin|2020-09-05 12:09:20.000+0000|org.onap.sdc|admin
+aaf_admin@people.osaaf.org|org.onap.sdnc-cds.admin|2020-09-05 12:09:20.000+0000|org.onap.sdnc-cds|admin
+aaf_admin@people.osaaf.org|org.onap.sdnc.admin|2020-09-05 12:09:20.000+0000|org.onap.sdnc|admin
+aaf_admin@people.osaaf.org|org.onap.so.admin|2020-09-05 12:09:20.000+0000|org.onap.so|admin
+aaf_admin@people.osaaf.org|org.onap.vfc.admin|2020-09-05 12:09:20.000+0000|org.onap.vfc|admin
+aaf_admin@people.osaaf.org|org.onap.vid.admin|2020-09-05 12:09:20.000+0000|org.onap.vid|admin
+aaf_admin@people.osaaf.org|org.onap.vid1.admin|2020-09-05 12:09:20.000+0000|org.onap.vid1|admin
+aaf_admin@people.osaaf.org|org.onap.vid2.admin|2020-09-05 12:09:20.000+0000|org.onap.vid2|admin
+aaf_admin@people.osaaf.org|org.osaaf.aaf.admin|2020-09-05 12:09:20.000+0000|org.osaaf.aaf|admin
+aaf_admin@people.osaaf.org|org.osaaf.people.admin|2020-09-05 12:09:20.000+0000|org.osaaf.people|admin
+deployer@people.osaaf.org|org.osaaf.aaf.deploy|2020-09-05 12:09:20.000+0000|org.osaaf.aaf|deploy
+portal_admin@people.osaaf.org|org.onap.portal.admin|2020-09-05 12:09:20.000+0000|org.onap.portal|admin
+aaf@aaf.osaaf.org|org.admin|2020-09-05 12:09:20.000+0000|org|admin
+aaf@aaf.osaaf.org|org.osaaf.aaf.admin|2020-09-05 12:09:20.000+0000|org.osaaf.aaf|admin
+aaf@aaf.osaaf.org|org.osaaf.aaf.service|2020-09-05 12:09:20.000+0000|org.osaaf.aaf|service
+aaf@aaf.osaaf.org|org.osaaf.people.admin|2020-09-05 12:09:20.000+0000|org.osaaf.people|admin
+osaaf@aaf.osaaf.org|org.osaaf.aaf.admin|2020-09-05 12:09:20.000+0000|org.osaaf.aaf|admin
+aaf-sms@aaf-sms.onap.org|org.onap.aaf-sms.service|2020-09-05 12:09:20.000+0000|org.onap.aaf-sms|service
+clamp@clamp.onap.org|org.onap.clamp.clds.admin.dev|2020-09-05 12:09:20.000+0000|org.onap.clamp|clds.admin.dev
+clamp@clamp.onap.org|org.onap.clamp.clds.designer.dev|2020-09-05 12:09:20.000+0000|org.onap.clamp|clds.designer.dev
+clamp@clamp.onap.org|org.onap.clamp.clds.vf_filter_all.dev|2020-09-05 12:09:20.000+0000|org.onap.clamp|clds.vf_filter_all.dev
+clamp@clamp.onap.org|org.onap.clamp.seeCerts|2020-09-05 12:09:20.000+0000|org.onap.clamp|seeCerts
+clamp@clamp.onap.org|org.onap.clamp.service|2020-09-05 12:09:20.000+0000|org.onap.clamp|service
+clamp@clamp.onap.org|org.onap.clampdemo.owner|2020-09-05 12:09:20.000+0000|org.onap.clampdemo|owner
+clamp@clamp.onap.org|org.onap.clampdemo.service|2020-09-05 12:09:20.000+0000|org.onap.clampdemo|admin
+clamp@clamp.onap.org|org.onap.clamptest.owner|2020-09-05 12:09:20.000+0000|org.onap.clamptest|owner
+clamp@clamp.onap.org|org.onap.clamptest.service|2020-09-05 12:09:20.000+0000|org.onap.clamptest|admin
+clamp@clamp.onap.org|org.onap.dmaap.mr.aNewTopic-123451.subscriber|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aNewTopic-123451|subscriber
+clamp@clamp.onap.org|org.onap.dmaap.mr.dgl000.subscriber|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.dgl000|subscriber
+clamp@clamp.osaaf.org|org.onap.clamp.service|2020-09-05 12:09:20.000+0000|org.onap.clamp|service
+clamp@clampdemo.onap.org|org.onap.clampdemo.owner|2020-09-05 12:09:20.000+0000|org.onap.clampdemo|owner
+clamp@clampdemo.onap.org|org.onap.clampdemo.service|2020-09-05 12:09:20.000+0000|org.onap.clampdemo|admin
+clamp@clamptest.onap.org|org.onap.clamptest.owner|2020-09-05 12:09:20.000+0000|org.onap.clamptest|owner
+clamp@clamptest.onap.org|org.onap.clamptest.service|2020-09-05 12:09:20.000+0000|org.onap.clamptest|admin
+aai@aai.onap.org|org.onap.aai.admin|2020-09-05 12:09:20.000+0000|org.onap.aai|admin
+aai@aai.onap.org|org.onap.aai.resources_all|2020-09-05 12:09:20.000+0000|org.onap.aai|resources_all
+aai@aai.onap.org|org.onap.aai.traversal_advanced|2020-09-05 12:09:20.000+0000|org.onap.aai|traversal_advanced
+appc@appc.onap.org|org.onap.aai.resources_all|2020-09-05 12:09:20.000+0000|org.onap.aai|resources_all
+appc@appc.onap.org|org.onap.aai.traversal_advanced|2020-09-05 12:09:20.000+0000|org.onap.aai|traversal_advanced
+appc@appc.onap.org|org.onap.appc.admin|2020-09-05 12:09:20.000+0000|org.onap.appc|admin
+appc@appc.onap.org|org.onap.appc.odl|2020-09-05 12:09:20.000+0000|org.onap.appc|odl
+appc@appc.onap.org|org.onap.appc.service|2020-09-05 12:09:20.000+0000|org.onap.appc|service
+dcae@dcae.onap.org|org.onap.aai.resources_all|2020-09-05 12:09:20.000+0000|org.onap.aai|resources_all
+dcae@dcae.onap.org|org.onap.aai.traversal_advanced|2020-09-05 12:09:20.000+0000|org.onap.aai|traversal_advanced
+dcae@dcae.onap.org|org.onap.dcae.pmPublisher|2020-09-05 12:09:20.000+0000|org.onap.dcae|pmPublisher
+dcae@dcae.onap.org|org.onap.dcae.pmSubscriber|2020-09-05 12:09:20.000+0000|org.onap.dcae|pmSubscriber
+dcae@dcae.onap.org|org.onap.dcae.pnfPublisher|2020-09-05 12:09:20.000+0000|org.onap.dcae|pnfPublisher
+dcae@dcae.onap.org|org.onap.dcae.pnfSubscriber|2020-09-05 12:09:20.000+0000|org.onap.dcae|pnfSubscriber
+dcae@dcae.onap.org|org.onap.dcae.seeCerts|2020-09-05 12:09:20.000+0000|org.onap.dcae|seeCerts
+dcae@dcae.onap.org|org.onap.dmaap-dr.feed.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-dr|feed.admin
+dcae@dcae.onap.org|org.onap.dmaap-dr.sub.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-dr|sub.admin
+dcae@dcae.onap.org|org.onap.dmaap.mr.PM_MAPPER.publisher|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.PM_MAPPER|publisher
+dcae@dcae.onap.org|org.onap.dmaap.mr.PNF_READY.pub|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.PNF_READY|pub
+dcae@dcae.onap.org|org.onap.dmaap.mr.PNF_REGISTRATION.sub|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.PNF_REGISTRATION|sub
+dcae@dcae.onap.org|org.onap.dmaap.mr.aNewTopic-123451.subscriber|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aNewTopic-123451|subscriber
+oof@oof.onap.org|org.onap.aai.resources_all|2020-09-05 12:09:20.000+0000|org.onap.aai|resources_all
+oof@oof.onap.org|org.onap.aai.traversal_advanced|2020-09-05 12:09:20.000+0000|org.onap.aai|traversal_advanced
+oof@oof.onap.org|org.onap.oof.admin|2020-09-05 12:09:20.000+0000|org.onap.oof|admin
+oof@oof.onap.org|org.onap.oof.service|2020-09-05 12:09:20.000+0000|org.onap.oof|service
+so@so.onap.org|org.onap.aai.resources_all|2020-09-05 12:09:20.000+0000|org.onap.aai|resources_all
+so@so.onap.org|org.onap.aai.traversal_advanced|2020-09-05 12:09:20.000+0000|org.onap.aai|traversal_advanced
+so@so.onap.org|org.onap.appc.service|2020-09-05 12:09:20.000+0000|org.onap.appc|service
+so@so.onap.org|org.onap.sdnc.service|2020-09-05 12:09:20.000+0000|org.onap.sdnc|service
+so@so.onap.org|org.onap.so.admin|2020-09-05 12:09:20.000+0000|org.onap.so|admin
+so@so.onap.org|org.onap.so.app|2020-09-05 12:09:20.000+0000|org.onap.so|app
+sdc@sdc.onap.org|org.onap.aai.resources_all|2020-09-05 12:09:20.000+0000|org.onap.aai|resources_all
+sdc@sdc.onap.org|org.onap.aai.traversal_advanced|2020-09-05 12:09:20.000+0000|org.onap.aai|traversal_advanced
+sdnc@sdnc.onap.org|org.onap.aai.resources_all|2020-09-05 12:09:20.000+0000|org.onap.aai|resources_all
+sdnc@sdnc.onap.org|org.onap.dmaap.mr.aNewTopic-123451.publisher|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aNewTopic-123451|publisher
+sdnc@sdnc.onap.org|org.onap.dmaap.mr.dgl000.publisher|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.dgl000|publisher
+sdnc@sdnc.onap.org|org.onap.sdnc.admin|2020-09-05 12:09:20.000+0000|org.onap.sdnc|admin
+sdnc@sdnc.onap.org|org.onap.sdnc.service|2020-09-05 12:09:20.000+0000|org.onap.sdnc|service
+sdnc-cds@sdnc-cds.onap.org|org.onap.sdnc-cds.service|2020-09-05 12:09:20.000+0000|org.onap.sdnc-cds|service
+vfc@vfc.onap.org|org.onap.aai.resources_all|2020-09-05 12:09:20.000+0000|org.onap.aai|resources_all
+vfc@vfc.onap.org|org.onap.aai.traversal_advanced|2020-09-05 12:09:20.000+0000|org.onap.aai|traversal_advanced
+vfc@vfc.onap.org|org.onap.dmaap-mr.Publisher|2020-09-05 12:09:20.000+0000|org.onap.dmaap-mr|Publisher
+vfc@vfc.onap.org|org.onap.vfc.service|2020-09-05 12:09:20.000+0000|org.onap.vfc|service
+policy@policy.onap.org|org.onap.aai.resources_all|2020-09-05 12:09:20.000+0000|org.onap.aai|resources_all
+policy@policy.onap.org|org.onap.aai.traversal_advanced|2020-09-05 12:09:20.000+0000|org.onap.aai|traversal_advanced
+policy@policy.onap.org|org.onap.policy.pdpd.admin|2020-09-05 12:09:20.000+0000|org.onap.policy|pdpd.admin
+policy@policy.onap.org|org.onap.policy.pdpx.admin|2020-09-05 12:09:20.000+0000|org.onap.policy|pdpx.admin
+policy@policy.onap.org|org.onap.policy.seeCerts|2020-09-05 12:09:20.000+0000|org.onap.policy|seeCerts
+pomba@pomba.onap.org|org.onap.aai.resources_all|2020-09-05 12:09:20.000+0000|org.onap.aai|resources_all
+pomba@pomba.onap.org|org.onap.aai.traversal_advanced|2020-09-05 12:09:20.000+0000|org.onap.aai|traversal_advanced
+holmes@holmes.onap.org|org.onap.holmes.service|2020-09-05 12:09:20.000+0000|org.onap.holmes|service
+nbi@nbi.onap.org|org.onap.nbi.service|2020-09-05 12:09:20.000+0000|org.onap.nbi|service
+music@music.onap.org|org.onap.music.service|2020-09-05 12:09:20.000+0000|org.onap.music|service
+vid@vid.onap.org|org.onap.aai.resources_all|2020-09-05 12:09:20.000+0000|org.onap.aai|resources_all
+vid@vid.onap.org|org.onap.aai.traversal_advanced|2020-09-05 12:09:20.000+0000|org.onap.aai|traversal_advanced
+vid@vid.onap.org|org.onap.vid.service|2020-09-05 12:09:20.000+0000|org.onap.vid|service
+vid1@people.osaaf.org|org.onap.vid.System_Administrator|2020-09-05 12:09:20.000+0000|org.onap.vid|System_Administrator
+vid2@people.osaaf.org|org.onap.vid.Standard_User|2020-09-05 12:09:20.000+0000|org.onap.vid|Standard_User
+vid2@people.osaaf.org|org.onap.vid.System_Administrator|2020-09-05 12:09:20.000+0000|org.onap.vid|System_Administrator
+dmaap-bc@bc.dmaap.onap.org|org.onap.dmaap.bc.service|2020-09-05 12:09:20.000+0000|org.onap.dmaap.bc|service
+dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap-bc.api.Controller|2020-09-05 12:09:20.000+0000|org.onap.dmaap-bc.api|Controller
+dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap-bc.seeCerts|2020-09-05 12:09:20.000+0000|org.onap.dmaap-bc|seeCerts
+dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap-bc.service|2020-09-05 12:09:20.000+0000|org.onap.dmaap-bc|service
+dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap.mr.PM_MAPPER.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.PM_MAPPER|admin
+dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap.mr.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|admin
+dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap.mr.dgl000.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.dgl000|admin
+dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap.mr.mirrormakeragent.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.mirrormakeragent|admin
+dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap.mr.topic-001.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.topic-001|admin
+dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap.mr.topic-002.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.topic-002|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap-bc-topic-mgr.client|2020-09-05 12:09:20.000+0000|org.onap.dmaap-bc-topic-mgr|client
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap-dr.feed.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-dr|feed.admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap-dr.sub.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-dr|sub.admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.IdentityTopic-12345.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.IdentityTopic-12345|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.IdentityTopic-1547839476.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.IdentityTopic-1547839476|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.PNF_READY.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.PNF_READY|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.PNF_REGISTRATION.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.PNF_REGISTRATION|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aNewTopic-.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aNewTopic-|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aNewTopic-123450.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aNewTopic-123450|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aNewTopic-123451.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aNewTopic-123451|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aNewTopic-1547667570.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aNewTopic-1547667570|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTest-1547665517.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTest-1547665517|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTest-1547666628.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTest-1547666628|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTest-1547666760.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTest-1547666760|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTest-1547666950.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTest-1547666950|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTest-1547667031.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTest-1547667031|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-123456.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTestTopic-123456|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-123457.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTestTopic-123457|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-1547660509.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTestTopic-1547660509|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-1547660861.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTestTopic-1547660861|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-1547661011.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTestTopic-1547661011|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-1547662122.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTestTopic-1547662122|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-1547662451.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTestTopic-1547662451|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-1547664813.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTestTopic-1547664813|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-1547664928.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTestTopic-1547664928|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-1547666068.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTestTopic-1547666068|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTopic-1547654909.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.aTopic-1547654909|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.create|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|create
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.destroy|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|destroy
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.dgl_ready.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.dgl_ready|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.mirrormaker.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|mirrormaker.admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.mirrormaker.user|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|mirrormaker.user
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.mirrormakeragent.publisher|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.mirrormakeragent|publisher
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.mirrormakeragent.pub|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.mirrormakeragent|pub
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.mirrormakeragent.subscriber|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.mirrormakeragent|subscriber
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.mirrormakeragent.sub|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.mirrormakeragent|sub
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.partitionTest-1546033194.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.partitionTest-1546033194|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.topic-000.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.topic-000|admin
+dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.view|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|view
+dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.create|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|create
+dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.destroy|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|destroy
+dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.mirrormaker.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|mirrormaker.admin
+dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.mirrormaker.user|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|mirrormaker.user
+dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.mirrormakeragent.publisher|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.mirrormakeragent|publisher
+dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.mirrormakeragent.pub|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.mirrormakeragent|pub
+dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.mirrormakeragent.subscriber|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.mirrormakeragent|subscriber
+dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.mirrormakeragent.sub|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.mirrormakeragent|sub
+dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.view|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|view
+dmaap-dr@dmaap-dr.onap.org|org.onap.dmaap-dr.seeCerts|2020-09-05 12:09:20.000+0000|org.onap.dmaap-dr|seeCerts
+dmaap-dr-prov@dmaap-dr.onap.org|org.onap.dmaap-dr.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-dr|admin
+dmaap-dr-prov@dmaap-dr.onap.org|org.onap.dmaap-dr.seeCerts|2020-09-05 12:09:20.000+0000|org.onap.dmaap-dr|seeCerts
+dmaap-dr-node@dmaap-dr.onap.org|org.onap.dmaap-dr.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-dr|admin
+dmaap-dr-node@dmaap-dr.onap.org|org.onap.dmaap-dr.seeCerts|2020-09-05 12:09:20.000+0000|org.onap.dmaap-dr|seeCerts
+dmaapmr@mr.dmaap.onap.org|org.onap.dmaap.mr.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|admin
+portal@portal.onap.org|org.onap.aaf-sms.admin|2020-09-05 12:09:20.000+0000|org.onap.aaf-sms|admin
+portal@portal.onap.org|org.onap.aai.admin|2020-09-05 12:09:20.000+0000|org.onap.aai|admin
+portal@portal.onap.org|org.onap.appc.admin|2020-09-05 12:09:20.000+0000|org.onap.appc|admin
+portal@portal.onap.org|org.onap.appc.apidoc|2020-09-05 12:09:20.000+0000|org.onap.appc|apidoc
+portal@portal.onap.org|org.onap.appc.restconf|2020-09-05 12:09:20.000+0000|org.onap.appc|restconf
+portal@portal.onap.org|org.onap.cds.admin|2020-09-05 12:09:20.000+0000|org.onap.cds|admin
+portal@portal.onap.org|org.onap.clamp.admin|2020-09-05 12:09:20.000+0000|org.onap.clamp|admin
+portal@portal.onap.org|org.onap.dcae.admin|2020-09-05 12:09:20.000+0000|org.onap.dcae|admin
+portal@portal.onap.org|org.onap.dmaap-bc-mm-prov.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-bc-mm-prov|admin
+portal@portal.onap.org|org.onap.dmaap-bc-topic-mgr.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-bc-topic-mgr|admin
+portal@portal.onap.org|org.onap.dmaap-bc.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-bc|admin
+portal@portal.onap.org|org.onap.dmaap-bc.api.Controller|2020-09-05 12:09:20.000+0000|org.onap.dmaap-bc.api|Controller
+portal@portal.onap.org|org.onap.dmaap-bc.api.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-bc.api|admin
+portal@portal.onap.org|org.onap.dmaap-dr.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-dr|admin
+portal@portal.onap.org|org.onap.dmaap-mr.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-mr|admin
+portal@portal.onap.org|org.onap.dmaap-mr.sunil.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-mr.sunil|admin
+portal@portal.onap.org|org.onap.dmaap-mr.test.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap-mr.test|admin
+portal@portal.onap.org|org.onap.dmaap.mr.IdentityTopic-12345.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.IdentityTopic-12345|owner
+portal@portal.onap.org|org.onap.dmaap.mr.IdentityTopic-1547839476.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.IdentityTopic-1547839476|owner
+portal@portal.onap.org|org.onap.dmaap.mr.PM_MAPPER.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.PM_MAPPER|owner
+portal@portal.onap.org|org.onap.dmaap.mr.PNF_READY.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.PNF_READY|owner
+portal@portal.onap.org|org.onap.dmaap.mr.PNF_REGISTRATION.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.PNF_REGISTRATION|owner
+portal@portal.onap.org|org.onap.dmaap.mr.admin|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|admin
+portal@portal.onap.org|org.onap.dmaap.mr.dgl_ready.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.dgl_ready|owner
+portal@portal.onap.org|org.onap.dmaap.mr.mirrormakeragent.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.mirrormakeragent|owner
+portal@portal.onap.org|org.onap.dmaap.mr.mrtesttopic.sub|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|mrtesttopic.sub
+portal@portal.onap.org|org.onap.dmaap.mr.test1|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr|test1
+portal@portal.onap.org|org.onap.dmaap.mr.topic-000.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.topic-000|owner
+portal@portal.onap.org|org.onap.dmaap.mr.topic-001.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.topic-001|owner
+portal@portal.onap.org|org.onap.dmaap.mr.topic-002.owner|2020-09-05 12:09:20.000+0000|org.onap.dmaap.mr.topic-002|owner
+portal@portal.onap.org|org.onap.holmes.admin|2020-09-05 12:09:20.000+0000|org.onap.holmes|admin
+portal@portal.onap.org|org.onap.music.admin|2020-09-05 12:09:20.000+0000|org.onap.music|admin
+portal@portal.onap.org|org.onap.music.owner|2020-09-05 12:09:20.000+0000|org.onap.music|owner
+portal@portal.onap.org|org.onap.nbi.admin|2020-09-05 12:09:20.000+0000|org.onap.nbi|admin
+portal@portal.onap.org|org.onap.ngi.admin|2020-09-05 12:09:20.000+0000|org.onap.ngi|admin
+portal@portal.onap.org|org.onap.oof.admin|2020-09-05 12:09:20.000+0000|org.onap.oof|admin
+portal@portal.onap.org|org.onap.policy.admin|2020-09-05 12:09:20.000+0000|org.onap.policy|admin
+portal@portal.onap.org|org.onap.pomba.admin|2020-09-05 12:09:20.000+0000|org.onap.pomba|admin
+portal@portal.onap.org|org.onap.portal.admin|2020-09-05 12:09:20.000+0000|org.onap.portal|admin
+portal@portal.onap.org|org.onap.sdc.admin|2020-09-05 12:09:20.000+0000|org.onap.sdc|admin
+portal@portal.onap.org|org.onap.sdnc-cds.admin|2020-09-05 12:09:20.000+0000|org.onap.sdnc-cds|admin
+portal@portal.onap.org|org.onap.sdnc.admin|2020-09-05 12:09:20.000+0000|org.onap.sdnc|admin
+portal@portal.onap.org|org.onap.so.admin|2020-09-05 12:09:20.000+0000|org.onap.so|admin
+portal@portal.onap.org|org.onap.vfc.admin|2020-09-05 12:09:20.000+0000|org.onap.vfc|admin
+portal@portal.onap.org|org.onap.vid.admin|2020-09-05 12:09:20.000+0000|org.onap.vid|admin
+portal@portal.onap.org|org.onap.vid1.admin|2020-09-05 12:09:20.000+0000|org.onap.vid1|admin
+portal@portal.onap.org|org.onap.vid2.admin|2020-09-05 12:09:20.000+0000|org.onap.vid2|admin
+portal@portal.onap.org|org.osaaf.aaf.admin|2020-09-05 12:09:20.000+0000|org.osaaf.aaf|admin
+portal@portal.onap.org|org.osaaf.people.admin|2020-09-05 12:09:20.000+0000|org.osaaf.people|admin
\ No newline at end of file
iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@people.osaaf.com|n|mmanager
# Portal Identities
-portal|ONAP Portal Application|PORTAL|ONAP Application|||a|aaf_admin
-shi|ONAP SHI Portal Identity|shi|Portal Application|||a|aaf_admin
-demo|PORTAL DEMO|demo|PORTAL|DEMO|||e|aaf_admin
-jh0003|PORTAL ADMIN|jh|PORTAL ADMIN|||e|aaf_admin
-cs0008|PORTAL DESIGNER|cs|PORTAL DESIGNER|||e|aaf_admin
-jm0007|PORTAL TESTER|jm|PORTAL TESTER|||e|aaf_admin
-op0001|PORTAL OPS|op|PORTAL OPS|||e|aaf_admin
-gv0001|GV PORTAL|gv|PORTAL|||e|aaf_admin
-pm0001|PM PORTAL|pm|PORTAL|||e|aaf_admin
-gs0001|GS PORTAL|gs|PORTAL|||e|aaf_admin
-ps0001|PS PORTAL|ps|PORTAL|||e|aaf_admin
+portal|ONAP Portal Application|PORTAL|ONAP Application|314-123-1234|portal@people.osaaf.com|a|aaf_admin
+shi|ONAP SHI Portal Identity|shi|Portal Application|314-123-1234|shi@people.osaaf.com|a|aaf_admin
+demo|PORTAL DEMO|demo|PORTAL|DEMO|314-123-1234|demo@people.osaaf.com|e|aaf_admin
+jh0003|PORTAL ADMIN|jh|PORTAL ADMIN|314-123-1234|jh0003@people.osaaf.com|e|aaf_admin
+cs0008|PORTAL DESIGNER|cs|PORTAL DESIGNER|314-123-1234|cs0008@people.osaaf.com|e|aaf_admin
+jm0007|PORTAL TESTER|jm|PORTAL TESTER|314-123-1234|jm0007@people.osaaf.com|e|aaf_admin
+op0001|PORTAL OPS|op|PORTAL OPS|314-123-1234|op0001@people.osaaf.com|e|aaf_admin
+gv0001|GV PORTAL|gv|PORTAL|314-123-1234|gv0001@people.osaaf.com|e|aaf_admin
+pm0001|PM PORTAL|pm|PORTAL|314-123-1234|pm0001@people.osaaf.com|e|aaf_admin
+gs0001|GS PORTAL|gs|PORTAL|314-123-1234|gs0001@people.osaaf.com|e|aaf_admin
+ps0001|PS PORTAL|ps|PORTAL|314-123-1234|ps0001@people.osaaf.com|e|aaf_admin
# AAF Defined Users
-aaf_admin|AAF Administrator|Mr AAF|AAF Admin|||e|mmanager
-deployer|Deployer|Deployer|Depoyer|||e|aaf_admin
+aaf_admin|AAF Administrator|Mr AAF|AAF Admin|314-123-1234|aaf_admin@people.osaaf.com|e|mmanager
+deployer|Deployer|Deployer|Depoyer|314-123-1234|deployer@people.osaaf.com|e|aaf_admin
# Requested Users
-portal_admin|Portal Admin|Portal|Admin|||e|mmanager
+portal_admin|Portal Admin|Portal|Admin|314-123-1234|portal_admin@people.osaaf.com|e|mmanager
# ONAP App IDs
-aaf|AAF Application|AAF|Application|||a|aaf_admin
-aaf-sms|AAF SMS Application|AAF SMS|Application|||a|aaf_admin
-clamp|ONAP CLAMP Application|CLAMP|Application|||a|mmanager
-aai|ONAP AAI Application|AAI|ONAP Application|||a|mmanager
-appc|ONAP APPC Application|APPC|ONAP Application|||a|mmanager
-dcae|ONAP DCAE Application|CLAMP|ONAP Application|||a|mmanager
-oof|ONAP OOF Application|OOF|ONAP Application|||a|mmanager
-so|ONAP SO Application|SO|ONAP Application|||a|mmanager
-sdc|ONAP SDC Application|SDC|ONAP Application|||a|mmanager
-sdnc|ONAP SDNC Application|SDNC|ONAP Application|||a|mmanager
-sdnc-cds|ONAP SDNC CDS Application|SDNC-CDS|ONAP Application|||a|mmanager
-vfc|ONAP VFC Application|VNC|ONAP Application|||a|mmanager
-policy|ONAP Policy Application|POLICY|ONAP Application|||a|mmanager
-pomba|ONAP Pomba Application|POMBA|ONAP Application|||a|mmanager
-holmes|ONAP Holmes Application|HOLMES|ONAP Application|||a|mmanager
-nbi|ONAP NBI Application|NBI|ONAP Application|||a|mmanager
-music|ONAP MUSIC Application|MUSIC|ONAP Application|||a|mmanager
+aaf|AAF Application|AAF|Application|314-123-1234|no_reply@people.osaaf.com|a|aaf_admin
+aaf-sms|AAF SMS Application|AAF SMS|Application|314-123-1234|no_reply@people.osaaf.com|a|aaf_admin
+clamp|ONAP CLAMP Application|CLAMP|Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+aai|ONAP AAI Application|AAI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+appc|ONAP APPC Application|APPC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+dcae|ONAP DCAE Application|CLAMP|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+oof|ONAP OOF Application|OOF|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+so|ONAP SO Application|SO|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+sdc|ONAP SDC Application|SDC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+sdnc|ONAP SDNC Application|SDNC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+sdnc-cds|ONAP SDNC CDS Application|SDNC-CDS|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+vfc|ONAP VFC Application|VNC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+policy|ONAP Policy Application|POLICY|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+pomba|ONAP Pomba Application|POMBA|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+holmes|ONAP Holmes Application|HOLMES|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+nbi|ONAP NBI Application|NBI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+music|ONAP MUSIC Application|MUSIC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
# VID Identities
-vid|ONAP VID Application|VID|ONAP Application|||a|mmanager
-vid1|ONAP VID Application 1|VID 1|ONAP Application|||a|mmanager
-vid2|ONAP VID Application 2|VID 2|ONAP Application|||a|mmanager
+vid|ONAP VID Application|VID|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+vid1|ONAP VID Application 1|VID 1|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+vid2|ONAP VID Application 2|VID 2|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
# DMAAP Identities
-dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|||a|mmanager
-dmaap-bc-topic-mgr|ONAP DMaap BC Topic Manager|DMaap BC Topic Manager|DMaap BC|||a|mmanager
-dmaap-bc-mm-prov|ONAP DMaap BC Provisioning Manager|DMaap BC Provision Manager|DMaap BC|||a|mmanager
-dmaap-dr|ONAP DMaap DR|Prov|DMaap DR|||a|mmanager
-dmaap-dr-prov|ONAP DMaap DR Prov|Prov|DMaap MR|||a|mmanager
-dmaap-dr-node|ONAP DMaap DR Node|Node|DMaap MR|||a|mmanager
-dmaap-mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|||a|mmanager
+dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+dmaap-bc-topic-mgr|ONAP DMaap BC Topic Manager|DMaap BC Topic Manager|DMaap BC|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+dmaap-bc-mm-prov|ONAP DMaap BC Provisioning Manager|DMaap BC Provision Manager|DMaap BC|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+dmaap-dr|ONAP DMaap DR|Prov|DMaap DR|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+dmaap-dr-prov|ONAP DMaap DR Prov|Prov|DMaap MR|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+dmaap-dr-node|ONAP DMaap DR Node|Node|DMaap MR|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+dmaap-mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
#deprecate these in El Alto
-dmaapmr|ONAP DMaap MR Application|DMaap MR|ONAP Application|||a|mmanager
-#dmaap.mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|||a|mmanager
+dmaapmr|ONAP DMaap MR Application|DMaap MR|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+#dmaap.mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
--- /dev/null
+l.props
+*.swp
--- /dev/null
+#
+. ./l.props
+if [ -z "$1" ]; then
+ echo "Enter 'user:group' for the directory after creation"
+ read CHOWN
+else
+ CHOWN="$1"
+fi
+
+
+for D in $INSTALL_DIR $ORG_DIR; do
+ if [ -e $D ]; then
+ echo "$D already exists"
+ else
+ mkdir -p $D
+ echo "$D created"
+ fi
+ echo "Setting Ownership of $D to $CHOWN"
+ chown $CHOWN $D
+done
--- /dev/null
+#! /bin/sh
+
+##############################
+# STATICALLY Named Properties
+# The Batch class to start
+BATCH_CLS="${CATCH_CLS:=org.onap.aaf.auth.batch.Batch}"
+
+##############################
+# Initial Setup for AAF, on regular UNIX O/Ss (not Docker)
+. ./l.props
+
+##############################
+# Functions
+
+# SED needs escaped slashes
+function escSlash {
+ echo "${1//\//\\\/}"
+}
+
+function debug {
+ if [ -n "$DEBUG" ]; then
+ echo "$*"
+ fi
+}
+
+
+##############################
+# TEST if ORG_DIR and INSTALL_DIR are writable by this script
+if [ -z "$ORG_DIR" ]; then echo "Shell variable ORG_DIR must be set"; exit 1; fi
+if [ -z "$INSTALL_DIR" ]; then echo "Shell variable INSTALL_DIR must be set"; exit 1; fi
+
+for D in "$ORG_DIR" "$INSTALL_DIR"; do
+ if [ -w "$D" ]; then
+ debug "$D is writable by $USER"
+ else
+ echo "$D must be writable by $USER to continue..."
+ echo "You may run 'firstAsRoot.sh <user>:<group>' as root to fix this issue, or fix manually"
+ exit 1
+ fi
+done
+
+# If not set, use HOSTNAME
+CASSANDRA_CLUSTERS=${CASSANDRA_CLUSTERS:=$HOSTNAME}
+ORIG_NS="org.osaaf.aaf"
+ROOT_NS="${ROOT_NS:=$ORIG_NS}"
+AAF_ID="${AAF_ID:=aaf@aaf.osaaf.org}"
+
+##############################
+# DEFINES
+JAVA_AGENT="-Dcadi_prop_files=$ORG_DIR/local/$ROOT_NS.props org.onap.aaf.cadi.configure.Agent"
+
+##############################
+# Create directory Structure
+INSTALL_DIR=${INSTALL_DIR:=/opt/app/aaf}
+for D in "" "status" "cass_init" "cass_init/dats"; do
+ if [ -e "$INSTALL_DIR/$D" ]; then
+ debug "$INSTALL_DIR/$D exists"
+ else
+ mkdir -p "$INSTALL_DIR/$D"
+ debug "created $INSTALL_DIR/$D "
+ fi
+done
+
+##############################
+# Check for previous install, backup as necessary
+if [[ -e $INSTALL_DIR/AAF_VERSION && "$VERSION" = "$(cat $INSTALL_DIR/AAF_VERSION)" ]]; then
+ echo Current Version
+elif [ -e $INSTALL_DIR/lib ]; then
+ PREV_VER="$(cat $INSTALL_DIR/AAF_VERSION)"
+ echo Backing up $PREV_VER
+ if [ -e $INSTALL_DIR/$PREV_VER ]; then
+ rm -Rf $INSTALL_DIR/$PREV_VER
+ fi
+ mkdir $INSTALL_DIR/$PREV_VER
+ mv $INSTALL_DIR/bin $INSTALL_DIR/lib $INSTALL_DIR/theme $INSTALL_DIR/$PREV_VER
+ echo "Backed up bin,lib and theme to $INSTALL_DIR/$PREV_VER"
+fi
+
+##############################
+# Copy from Compiled Version
+cp -Rf ../aaf_$VERSION/* $INSTALL_DIR
+echo $VERSION > $INSTALL_DIR/AAF_VERSION
+
+##############################
+# Add Theme links
+for D in "$ORG_DIR" "$ORG_DIR/public"; do
+ if [ -e "$D/theme" ]; then
+ debug "$D/theme exists"
+ else
+ debug "Soft Linking theme $INSTALL_DIR/theme to $D"
+ ln -s "$INSTALL_DIR/theme" "$D"
+ fi
+done
+
+##############################
+# Copy from Cass Samples
+debug "Copying Casssandra Samples to $INSTALL_DIR/cass_init"
+cp ../auth-cass/cass_init/*.cql $INSTALL_DIR/cass_init
+cp $(ls ../auth-cass/cass_init/*.sh | grep -v push.sh | grep -v restore.sh) $INSTALL_DIR/cass_init
+
+##############################
+# adjust push.sh and restore.sh
+BATCH_JAR=$(find .. -name aaf-auth-batch-$VERSION.jar)
+if [ -z "$BATCH_JAR" ]; then
+ if [ -z "$INSTALL_DIR/lib/aaf-auth-batch-$VERSION.jar" ]; then
+ echo "You need to build the AAF Jars with 'mvn' for $VERSION to continue this configuration"
+ exit 1
+ fi
+else
+ debug "Copying $BATCH_JAR to $INSTALL_DIR/lib"
+ cp $BATCH_JAR $INSTALL_DIR/lib
+fi
+
+DEF_ORG_JAR=$(find .. -name aaf-auth-deforg-$VERSION.jar | head -1)
+if [ -z "$DEF_ORG_JAR" ]; then
+ echo "You need to build the deforg jar to continue this configuration"
+ exit 1
+else
+ echo "Copying $DEF_ORG_JAR to $INSTALL_DIR/lib"
+ cp $DEF_ORG_JAR $INSTALL_DIR/lib
+fi
+
+# Note: Docker Cass only needs Batch Jar, but AAF on the disk can have only one lib
+# so we copy just the Batch jar
+for S in push.sh restore.sh; do
+ debug "Writing Cassandra $INSTALL_DIR/cass_init/$S script with replacements"
+ sed -e "/CQLSH=.*/s//CQLSH=\"cqlsh -k authz $CASSANDRA_CLUSTERS\"/" \
+ -e "/-jar .*full.jar/s//-cp .:$(escSlash $INSTALL_DIR/lib/)* $BATCH_CLS /" \
+ ../auth-cass/cass_init/$S > $INSTALL_DIR/cass_init/$S
+done
+
+##############################
+# adjust authBatch.props
+CHANGES="-e /GUI_URL=.*/s//GUI_URL=https:\/\/$HOSTNAME:8095\/gui/"
+
+for TAG in "LATITUDE" "LONGITUDE"; do
+ CHANGES="$CHANGES -e /${TAG,,}=.*/s//cadi_${TAG,,}=${!TAG}/"
+done
+
+CHANGES="$CHANGES -e /aaf_data_dir=.*/s//aaf_data_dir=$(escSlash $ORG_DIR/data)/"
+
+# Cassandra Properties have dots in them, which cause problems for BASH processing
+for TAG in "CASSANDRA_CLUSTERS" "CASSANDRA_CLUSTERS_PORT" "CASSANDRA_CLUSTERS_USER" "CASSANDRA_CLUSTERS_PASSWORD"; do
+ VALUE="${!TAG}"
+ if [ ! -z "$VALUE" ]; then
+ DOTTED="${TAG//_/.}"
+ NTAG=${DOTTED,,}
+ CHANGES="$CHANGES -e /${NTAG}=.*/s//${NTAG}=${!TAG}/"
+ fi
+done
+
+echo "Writing Batch Properties with conversions to $INSTALL_DIR/cass_init/authBatch.props"
+debug "Conversions: $CHANGES"
+sed $CHANGES ../auth-cass/cass_init/authBatch.props > $INSTALL_DIR/cass_init/authBatch.props
+
+##############################
+# Setup Organizational Data Directories
+for D in $ORG_DIR/data $ORG_DIR/local $ORG_DIR/logs $ORG_DIR/public $ORG_DIR/etc $ORG_DIR/bin; do
+ if [ ! -e $D ]; then
+ debug "Creating $D"
+ mkdir -p $D
+ fi
+done
+
+##############################
+# Convert generated bin files to correct ORG DIR
+for B in $(ls $INSTALL_DIR/bin | grep -v .bat); do
+ sed -e "/cadi_prop_files=/s//aaf_log4j_prefix=$ROOT_NS cadi_prop_files=/" \
+ -e "/$ORIG_NS/s//$ROOT_NS/g" \
+ -e "/$(escSlash /opt/app/osaaf)/s//$(escSlash $ORG_DIR)/g" \
+ -e "/^CLASSPATH=.*/s//CLASSPATH=$(escSlash $INSTALL_DIR/lib/)*/" \
+ $INSTALL_DIR/bin/$B > $ORG_DIR/bin/$B
+ chmod u+x $ORG_DIR/bin/$B
+ debug "Converted generated app $B and placed in $INSTALL_DIR/bin"
+done
+
+##############################
+# Create new Initialized Data from ONAP "sample"
+if [ "$1" = "sample" ]; then
+ ##############################
+ # Copy sample dat files
+ # (ONAP Samples)
+ echo "### Copying all ONAP Sample data"
+ cp ../sample/cass_data/*.dat $INSTALL_DIR/cass_init/dats
+
+ # Scrub data, because it is coming from ONAP Test systems,
+ # and also, need current dates
+ echo "### Scrubbing ONAP Sample data"
+ mkdir -p $INSTALL_DIR/cass_init/data
+ cp ../sample/data/sample.identities.dat $INSTALL_DIR/cass_init/data
+ CURR=$(pwd)
+ cd $INSTALL_DIR/cass_init/dats
+ bash $CURR/../sample/cass_data/scrub.sh
+ cd $CURR
+ rm -Rf $INSTALL_DIR/cass_init/data
+
+ ##############################
+ # Sample Identities
+ # Only create if not exists. DO NOT OVERWRITE after that
+ if [ ! -e $ORG_DIR/data/identities.dat ]; then
+ cp ../sample/data/sample.identities.dat $ORG_DIR/data/identities.dat
+ fi
+
+ ##############################
+ # ONAP Test Certs and p12s
+ cp ../sample/cert/AAF_RootCA.cer $ORG_DIR/public
+ for F in $(ls ../sample/cert | grep b64); do
+ if [ ! -e "$F" ]; then
+ if [[ $F = "trust"* ]]; then
+ SUB=public
+ else
+ SUB=local
+ fi
+ if [[ $F = "demoONAPsigner"* ]]; then
+ FILENAME="$ROOT_NS.signer.p12"
+ else
+ FILENAME="${F/.b64/}"
+ fi
+ base64 -d ../sample/cert/$F > $ORG_DIR/$SUB/$FILENAME
+ fi
+ done
+
+ if [ ! -e "$ORG_DIR/CA" ]; then
+ cp -Rf ../../conf/CA $ORG_DIR
+ fi
+
+ FILE="$ORG_DIR/local/$ROOT_NS.p12"
+ if [ ! -e $FILE ]; then
+ echo "Bootstrap Creation of Keystore from Signer"
+ cd $ORG_DIR/CA
+
+ # Redo all of this after Dublin
+ export cadi_x509_issuers="CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US"
+ export signer_subj="/CN=intermediateCA_9/OU=OSAAF/O=ONAP/C=US"
+ bash bootstrap.sh $ORG_DIR/local/$ROOT_NS.signer.p12 'something easy'
+ cp aaf.bootstrap.p12 $FILE
+
+ cd -
+# if [ -n "$CADI_X509_ISSUERS" ]; then
+# CADI_X509_ISSUERS="$CADI_X509_ISSUERS:"
+# fi
+# BOOT_ISSUER="$(cat aaf.bootstrap.issuer)"
+# CADI_X509_ISSUERS="$CADI_X509_ISSUERS$BOOT_ISSUER"
+#
+# I=${BOOT_ISSUER##CN=};I=${I%%,*}
+# CM_CA_PASS="something easy"
+# CM_CA_LOCAL="org.onap.aaf.auth.cm.ca.LocalCA,$LOCAL/$ROOT_NS.signer.p12;aaf_intermediate_9;enc:"
+# CM_TRUST_CAS="$PUBLIC/AAF_RootCA.cer"
+# echo "Generated ONAP Test AAF certs"
+ fi
+
+ ##############################
+ # Initial Properties
+ debug "Create Initial Properties"
+ if [ ! -e $ORG_DIR/local/$ROOT_NS.props ]; then
+ for F in $(ls ../sample/local/$ORIG_NS.*); do
+ NEWFILE="$ORG_DIR/local/${F/*$ORIG_NS./$ROOT_NS.}"
+ sed -e "/$ORIG_NS/s//$ROOT_NS/g" \
+ $F > $NEWFILE
+ debug "Created $NEWFILE"
+ done
+ for D in public etc logs; do
+ for F in $(ls ../sample/$D); do
+ NEWFILE="$ORG_DIR/$D/${F/*$ORIG_NS./$ROOT_NS.}"
+ sed -e "/$(escSlash /opt/app/osaaf)/s//$(escSlash $ORG_DIR)/g" \
+ -e "/$ORIG_NS/s//$ROOT_NS/g" \
+ ../sample/$D/$F > $NEWFILE
+ echo "Created $NEWFILE"
+ done
+ done
+
+ ##############################
+ # Set Cassandra Variables
+ CHANGES=""
+ for TAG in "CASSANDRA_CLUSTERS" "CASSANDRA_CLUSTERS_PORT" "CASSANDRA_CLUSTERS_USER" "CASSANDRA_CLUSTERS_PASSWORD"; do
+ VALUE="${!TAG}"
+ if [ ! -z "$VALUE" ]; then
+ DOTTED="${TAG//_/.}"
+ NTAG=${DOTTED,,}
+ CHANGES="$CHANGES -e /${NTAG}=.*/s//${NTAG}=${!TAG}/"
+ fi
+ done
+ mv $ORG_DIR/local/$ROOT_NS.cassandra.props $ORG_DIR/local/$ROOT_NS.cassandra.props.backup
+ sed $CHANGES $ORG_DIR/local/$ROOT_NS.cassandra.props.backup > $ORG_DIR/local/$ROOT_NS.cassandra.props
+
+ ##############################
+ # CADI Config Tool
+
+ # Change references to /opt/app/osaaf to ORG_DIR
+ sed -e "/$(escSlash /opt/app/osaaf)/s//$(escSlash $ORG_DIR)/g" \
+ -e "/$ORIG_NS/s//$ROOT_NS/" \
+ -e "/$ORIG_AAF_ID/s//$AAF_ID/" \
+ ../sample/local/aaf.props > _temp.props
+
+ java -cp $INSTALL_DIR/lib/\* $JAVA_AGENT config \
+ $AAF_ID \
+ aaf_root_ns=$ROOT_NS \
+ cadi_etc_dir=$ORG_DIR/local \
+ cadi_latitude=${LATITUDE} \
+ cadi_longitude=${LONGITUDE} \
+ aaf_data_dir=$ORG_DIR/data \
+ aaf_locate_url=${AAF_LOCATE_URL:=https://$HOSTNAME:8095} \
+ cadi_prop_files=_temp.props:../sample/local/initialConfig.props
+ rm _temp.props
+ fi
+
+fi
+
--- /dev/null
+# Properties about your machine
+ROOT_NS=org.test.aaf
+AAF_ID=aaf@aaf.test.org
+ORG_DIR=/opt/app/test
+INSTALL_DIR=/opt/app/aaf
+ORG_DIR=/opt/app/osaaf
+VERSION=2.1.20-SNAPSHOT
+
+# Add Debugging Messages
+# DEBUG=true
+
+# If you need a Locator URL that isn't this HOSTNAME, then set here
+# AAF_LOCATE_URL=https://<vanity>:8095
+
+# Note: If you do not know your machine's GPS Coord, http://bing.com/maps shows by directory
+LATITUDE=38.0
+LONGITUDE=-90.0
+
+# CASSANDRA - Assumes out-of-the-box Passwords until changed, or adding CADI Security
+#CASSANDRA_CLUSTERS=
+CASSANDRA_CLUSTERS_PORT=9042
+CASSANDRA_CLUSTERS_USER=cassandra
+CASSANDRA_CLUSTERS_PASSWORD=cassandra
+
/target/
/.project
/tokens/
+/.checkstyle
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
<dependencySet>
<unpack>true</unpack>
<scope>compile</scope>
- <includes>
- <include>org.onap.aaf.authz:aaf-auth-client</include>
- <include>org.onap.aaf.authz:aaf-cadi-aaf</include>
- <include>org.onap.aaf.authz:aaf-cadi-core</include>
- <include>org.onap.aaf.authz:aaf-cadi-client</include>
- <include>org.onap.aaf.authz:aaf-misc-env</include>
- <include>org.onap.aaf.authz:aaf-misc-rosetta</include>
- <include>javax.xml.bind:jaxb-api</include>
- <include>org.glassfish.jaxb:jaxb-runtime</include>
- </includes>
</dependencySet>
</dependencySets>
SecuritySetter<HttpURLConnection> ss = si.defSS;
permTest(locator,ss);
+ basicAuthTest(locator,ss);
} else {
/////////
print(true,"Test Connections driven by AAFLocator");
package org.onap.aaf.cadi.aaf.v2_0;
import java.io.IOException;
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.List;
import org.onap.aaf.cadi.AbsUserCache;
+import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.CachedPrincipal;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.User;
import org.onap.aaf.cadi.aaf.AAFPermission;
import org.onap.aaf.cadi.client.Future;
+import org.onap.aaf.cadi.client.Rcli;
+import org.onap.aaf.cadi.locator.SingleEndpointLocator;
import org.onap.aaf.cadi.lur.ConfigPrincipal;
import aaf.v2_0.CredRequest;
}
}
- AAFCachedPrincipal cp = new AAFCachedPrincipal(user, bytes, con.cleanInterval);
+ AAFCachedPrincipal cp = new AAFCachedPrincipal(user, bytes, con.userExpires);
// Since I've relocated the Validation piece in the Principal, just revalidate, then do Switch
// Statement
switch(cp.revalidate(state)) {
if (usr!=null) {
usr.principal = cp;
} else {
- addUser(new User<AAFPermission>(cp,con.timeout));
+ addUser(new User<AAFPermission>(cp,con.userExpires));
}
return null;
case INACCESSIBLE:
return "AAF Inaccessible";
case UNVALIDATED:
- addUser(new User<AAFPermission>(user,bytes,con.timeout));
+ addUser(new User<AAFPermission>(user,bytes,con.userExpires));
return "user/pass combo invalid for " + user;
case DENIED:
return "AAF denies API for " + user;
}
public Resp revalidate(Object state) {
- try {
- Miss missed = missed(getName(),getCred());
- if (missed==null || missed.mayContinue()) {
- CredRequest cr = new CredRequest();
- cr.setId(getName());
- cr.setPassword(new String(getCred()));
- Future<String> fp = con.client().readPost("/authn/validate", con.credReqDF, cr);
- //Rcli<CLIENT> client = con.client().forUser(con.basicAuth(getName(), new String(getCred())));
- //Future<String> fp = client.read(
- // "/authn/basicAuth",
- // "text/plain"
- // );
- if (fp.get(con.timeout)) {
- expires = System.currentTimeMillis() + timeToLive;
- addUser(new User<AAFPermission>(this, expires));
- return Resp.REVALIDATED;
+ int maxRetries = 15;
+ try { // these SHOULD be an AAFConHttp and a AAFLocator or SingleEndpointLocator objects, but put in a try to be safe
+ AAFConHttp forceCastCon = (AAFConHttp) con;
+ if (forceCastCon.hman().loc instanceof SingleEndpointLocator) {
+ maxRetries = 1; // we cannot retry the single LGW gateway!
+ } else {
+ AAFLocator forceCastLoc = (AAFLocator) forceCastCon.hman().loc;
+ maxRetries = forceCastLoc.maxIters();
+ }
+ } catch (Exception e) {
+ access.log(Access.Level.DEBUG, e);
+ }
+ List<URI> attemptedUris = new ArrayList<>();
+ URI thisUri = null;
+ for (int retries = 0;; retries++) {
+ try {
+ Miss missed = missed(getName(), getCred());
+ if (missed == null || missed.mayContinue()) {
+ Rcli<CLIENT> client = con.clientIgnoreAlreadyAttempted(attemptedUris).forUser(con.basicAuth(getName(), new String(getCred())));
+ thisUri = client.getURI();
+ Future<String> fp = client.read(
+ "/authn/basicAuth",
+ "text/plain"
+ );
+ if (fp.get(con.timeout)) {
+ expires = System.currentTimeMillis() + timeToLive;
+ addUser(new User<AAFPermission>(this, timeToLive));
+ return Resp.REVALIDATED;
+ } else {
+ addMiss(getName(), getCred());
+ return Resp.UNVALIDATED;
+ }
} else {
- addMiss(getName(), getCred());
return Resp.UNVALIDATED;
}
- } else {
- return Resp.UNVALIDATED;
+ } catch (Exception e) {
+ if (thisUri != null) {
+ attemptedUris.add(thisUri);
+ }
+ con.access.log(e);
+ if (retries > maxRetries) {
+ return Resp.INACCESSIBLE;
+ }
}
- } catch (Exception e) {
- con.access.log(e);
- return Resp.INACCESSIBLE;
}
}
import java.net.URI;
import java.net.UnknownHostException;
+import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
usageRefreshTriggerCount = Integer.parseInt(access.getProperty(Config.AAF_USER_EXPIRES, Config.AAF_USER_EXPIRES_DEF).trim())-1; // zero based
app=FQI.reverseDomain(si.defSS.getID());
- //TODO Get Realm from AAF
- realm="people.osaaf.org";
+ realm = access.getProperty(Config.AAF_DEFAULT_REALM, Config.getDefaultRealm());
env = new RosettaEnv();
permsDF = env.newDataFactory(Perms.class);
}
+ /**
+ * Use this call to get the appropriate client based on configuration (HTTP, future),
+ * ignoring those already attempted, using the default api version
+ *
+ * @param attemptedClients
+ * @return
+ * @throws CadiException
+ */
+ public Rcli<CLIENT> clientIgnoreAlreadyAttempted(List<URI> attemptedClients) throws CadiException {
+ Rcli<CLIENT> client = rclient(attemptedClients, si.defSS);
+ client.apiVersion(apiVersion)
+ .readTimeout(connTimeout);
+ clients.put(apiVersion, client);
+
+ return client;
+ }
+
+
public RosettaEnv env() {
return env;
}
protected abstract Rcli<CLIENT> rclient(URI uri, SecuritySetter<CLIENT> ss) throws CadiException;
+ protected abstract Rcli<CLIENT> rclient(List<URI> uris, SecuritySetter<CLIENT> ss) throws CadiException;
+
public abstract Rcli<CLIENT> rclient(Locator<URI> loc, SecuritySetter<CLIENT> ss) throws CadiException;
public Rcli<CLIENT> client(Locator<URI> locator) throws CadiException {
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URI;
+import java.util.List;
import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.CadiException;
}
}
+ protected Rcli<HttpURLConnection> rclient(List<URI> ignoredURIs, SecuritySetter<HttpURLConnection> ss) throws CadiException {
+ if (hman.loc==null) {
+ throw new CadiException("No Locator set in AAFConHttp");
+ }
+ try {
+ if (ignoredURIs.isEmpty()) {
+ return new HRcli(hman, hman.loc.best(), ss);
+ } else {
+ Item item = hman.loc.first();
+ HRcli currentClient = new HRcli(hman, item, ss);
+
+ item = hman.loc.next(item);
+
+ while (item != null) {
+ if (!ignoredURIs.contains(currentClient.getURI())) {
+ break;
+ } else {
+ currentClient = new HRcli(hman, item, ss);
+ }
+ item = hman.loc.next(item);
+ }
+ return currentClient;
+ }
+ } catch (Exception e) {
+ throw new CadiException(e);
+ }
+ }
+
@Override
public Rcli<HttpURLConnection> rclient(Locator<URI> loc, SecuritySetter<HttpURLConnection> ss) throws CadiException {
try {
*
*/
public class AAFLurPerm extends AbsAAFLur<AAFPermission> {
- private static final String ORG_OSAAF_CADI_OAUTH_O_AUTH2_LUR = "org.osaaf.cadi.oauth.OAuth2Lur";
+ private static final String ORG_ONAP_AAF_CADI_OAUTH_OAUTH_2_LUR = "org.onap.aaf.cadi.oauth.OAuth2Lur";
/**
* Need to be able to transmutate a Principal into either Person or AppID, which are the only ones accepted at this
private void attachOAuth2(AAFCon<?> con) throws APIException {
String oauth2_url;
- Class<?> tmcls = Config.loadClass(access,"org.osaaf.cadi.oauth.TokenMgr");
+ Class<?> tmcls = Config.loadClass(access,"org.onap.aaf.cadi.oauth.TokenMgr");
if (tmcls!=null) {
if ((oauth2_url = con.access.getProperty(Config.CADI_OAUTH2_URL,null))!=null) {
try {
Constructor<?> tmconst = tmcls.getConstructor(AAFCon.class,String.class);
Object tokMangr = tmconst.newInstance(con,oauth2_url);
@SuppressWarnings("unchecked")
- Class<Lur> oa2cls = (Class<Lur>)Config.loadClass(access,ORG_OSAAF_CADI_OAUTH_O_AUTH2_LUR);
+ Class<Lur> oa2cls = (Class<Lur>)Config.loadClass(access, ORG_ONAP_AAF_CADI_OAUTH_OAUTH_2_LUR);
Constructor<Lur> oa2const = oa2cls.getConstructor(tmcls);
Lur oa2 = oa2const.newInstance(tokMangr);
setPreemptiveLur(oa2);
public static void main(String[] args) {
int exitCode = 0;
doExit = true;
+ for (String arg: args) {
+ if ("-noexit".equalsIgnoreCase(arg)) {
+ doExit = false;
+ }
+ }
+
if (args.length>0 && "cadi".equals(args[0])) {
String[] newArgs = new String[args.length-1];
System.arraycopy(args, 1, newArgs, 0, newArgs.length);
}
if(access==null) {
+ boolean createOutsideForLoop = false;
for(Entry<Object, Object> es : System.getProperties().entrySet()) {
if(Config.CADI_PROP_FILES.equals(es.getKey())) {
- access = new PropAccess();
+ createOutsideForLoop = true;
+ break;
}
}
+ if(createOutsideForLoop) {
+ access = new PropAccess();
+ }
}
// When using Config file, check if Cred Exists, and if not, work with Deployer.
}
}
+
if (aafsso!=null && aafsso.loginOnly()) {
aafsso.setLogDefault();
aafsso.writeFiles();
Deque<String> cmds = new ArrayDeque<String>();
for (String p : args) {
int eq;
- if ("-noexit".equalsIgnoreCase(p)) {
- doExit = false;
- } else if ((eq=p.indexOf('=')) < 0) {
+ if ((eq=p.indexOf('=')) < 0) {
cmds.add(p);
} else {
access.setProperty(p.substring(0,eq), p.substring(eq+1));
}
-
String cmd = cmds.removeFirst();
switch(cmd) {
case "place":
- placeCerts(trans,aafcon(access),cmds);
+ exitCode = placeCerts(trans,aafcon(access),cmds);
break;
case "create":
- createArtifact(trans, aafcon(access),cmds);
+ exitCode = createArtifact(trans, aafcon(access),cmds);
break;
case "read":
- readArtifact(trans, aafcon(access), cmds);
+ exitCode = readArtifact(trans, aafcon(access), cmds);
break;
case "copy":
- copyArtifact(trans, aafcon(access), cmds);
+ exitCode = copyArtifact(trans, aafcon(access), cmds);
break;
case "update":
- updateArtifact(trans, aafcon(access), cmds);
+ exitCode = updateArtifact(trans, aafcon(access), cmds);
break;
case "delete":
- deleteArtifact(trans, aafcon(access), cmds);
+ exitCode = deleteArtifact(trans, aafcon(access), cmds);
break;
case "showpass":
- showPass(trans, aafcon(access), cmds);
+ exitCode = showPass(trans, aafcon(access), cmds);
break;
case "keypairgen":
- keypairGen(trans, access, cmds);
+ exitCode = keypairGen(trans, access, cmds);
break;
case "config":
- config(trans,access,args,cmds);
+ exitCode = config(trans,access,args,cmds);
break;
case "validate":
- validate(access);
+ exitCode = validate(access);
break;
case "check":
- try {
- exitCode = check(trans,aafcon(access),cmds);
- } catch (Exception e) {
- exitCode = 1;
- throw e;
- }
+ exitCode = check(trans,aafcon(access),cmds);
break;
default:
AAFSSO.cons.printf("Unknown command \"%s\"\n", cmd);
+ break;
}
} finally {
StringBuilder sb = new StringBuilder();
}
} catch (Exception e) {
e.printStackTrace();
+ exitCode = 1;
}
}
- if (exitCode != 0 && doExit) {
+ if (doExit) {
System.exit(exitCode);
}
}
return Split.split(',', machines);
}
- private static void createArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
+ private static int createArtifact(Trans transitiveInfo, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
+ boolean success = false;
final String mechID = fqi(cmds);
final String machine = machine(cmds);
arti.setRenewDays(Integer.parseInt(AAFSSO.cons.readLine("Renewal Days (%s):", "30")));
arti.setNotification(toNotification(AAFSSO.cons.readLine("Notification (mailto owner):", "")));
- TimeTaken tt = trans.start("Create Artifact", Env.REMOTE);
+ TimeTaken tt = transitiveInfo.start("Create Artifact", Env.REMOTE);
try {
Future<Artifacts> future = aafcon.client(CM_VER).create("/cert/artifacts", artifactsDF, artifacts);
if (future.get(TIMEOUT)) {
- trans.info().printf("Call to AAF Certman successful %s, %s",arti.getMechid(), arti.getMachine());
+ transitiveInfo.info().printf("Call to AAF Certman successful %s, %s",arti.getMechid(), arti.getMachine());
+ success = true;
} else {
- trans.error().printf("Call to AAF Certman failed, %s",
+ transitiveInfo.error().printf("Call to AAF Certman failed, %s",
errMsg.toMsg(future));
}
} finally {
tt.done();
}
+ return success ? 0 : 1;
}
private static String toNotification(String notification) {
return notification;
}
-
- private static void readArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
+ /**
+ *
+ * @param transitiveInfo
+ * @param aafcon
+ * @param cmds
+ * @return exit cocde for shell
+ * @throws Exception
+ */
+ private static int readArtifact(Trans transitiveInfo, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
String mechID = fqi(cmds);
String machine = machine(cmds);
+ boolean success = false;
- TimeTaken tt = trans.start("Read Artifact", Env.SUB);
+ TimeTaken tt = transitiveInfo.start("Read Artifact", Env.SUB);
try {
Future<Artifacts> future = aafcon.client(CM_VER)
- .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF,"Authorization","Bearer " + trans.getProperty("oauth_token"));
+ .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF,"Authorization","Bearer " + transitiveInfo.getProperty("oauth_token"));
if (future.get(TIMEOUT)) {
- boolean printed = false;
- for (Artifact a : future.value.getArtifact()) {
+ List<Artifact> artifacts = future.value.getArtifact();
+ for (Artifact a : artifacts) {
AAFSSO.cons.printf("AppID: %s\n",a.getMechid());
AAFSSO.cons.printf(" Sponsor: %s\n",a.getSponsor());
AAFSSO.cons.printf("Machine: %s\n",a.getMachine());
AAFSSO.cons.printf("O/S User: %s\n",a.getOsUser());
AAFSSO.cons.printf("Renew Days: %d\n",a.getRenewDays());
AAFSSO.cons.printf("Notification %s\n",a.getNotification());
- printed = true;
}
- if (!printed) {
+ if (artifacts.isEmpty()) {
AAFSSO.cons.printf("Artifact for %s %s does not exist\n", mechID, machine);
+ } else {
+ success = true;
}
} else {
- trans.error().log(errMsg.toMsg(future));
+ transitiveInfo.error().log(errMsg.toMsg(future));
}
} finally {
tt.done();
}
+ return success ? 0 : 1;
}
- private static void copyArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
+ /**
+ *
+ * @param transitiveInfo
+ * @param aafcon
+ * @param cmds
+ * @return exit code for shell
+ * @throws Exception
+ */
+ private static int copyArtifact(Trans transitiveInfo, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
+ boolean success = false;
String mechID = fqi(cmds);
String machine = machine(cmds);
String[] newmachs = machines(cmds);
if (machine==null || newmachs == null) {
- trans.error().log("No machines listed to copy to");
+ transitiveInfo.error().log("No machines listed to copy to");
} else {
- TimeTaken tt = trans.start("Copy Artifact", Env.REMOTE);
+ TimeTaken tt = transitiveInfo.start("Copy Artifact", Env.REMOTE);
try {
Future<Artifacts> future = aafcon.client(CM_VER)
.read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);
if (future.get(TIMEOUT)) {
- boolean printed = false;
for (Artifact a : future.value.getArtifact()) {
for (String m : newmachs) {
a.setMachine(m);
Future<Artifacts> fup = aafcon.client(CM_VER).update("/cert/artifacts", artifactsDF, future.value);
if (fup.get(TIMEOUT)) {
- trans.info().printf("Copy of %s %s successful to %s",mechID,machine,m);
+ transitiveInfo.info().printf("Copy of %s %s successful to %s",mechID,machine,m);
+ success = true;
} else {
- trans.error().printf("Call to AAF Certman failed, %s",
+ transitiveInfo.error().printf("Call to AAF Certman failed, %s",
errMsg.toMsg(fup));
}
-
- printed = true;
}
}
- if (!printed) {
+ if (!success) {
AAFSSO.cons.printf("Artifact for %s %s does not exist", mechID, machine);
}
} else {
- trans.error().log(errMsg.toMsg(future));
+ transitiveInfo.error().log(errMsg.toMsg(future));
}
} finally {
tt.done();
}
}
+ return success ? 0 : 1;
}
- private static void updateArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
+ /**
+ *
+ * @param transitiveInfo
+ * @param aafcon
+ * @param cmds
+ * @return exit code for shell
+ * @throws Exception
+ */
+ private static int updateArtifact(Trans transitiveInfo, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
+ boolean success = false;
String mechID = fqi(cmds);
String machine = machine(cmds);
- TimeTaken tt = trans.start("Update Artifact", Env.REMOTE);
+ TimeTaken tt = transitiveInfo.start("Update Artifact", Env.REMOTE);
try {
Future<Artifacts> fread = aafcon.client(CM_VER)
.read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);
} else {
Future<Artifacts> fup = aafcon.client(CM_VER).update("/cert/artifacts", artifactsDF, artifacts);
if (fup.get(TIMEOUT)) {
- trans.info().printf("Call to AAF Certman successful %s, %s",mechID,machine);
+ transitiveInfo.info().printf("Call to AAF Certman successful %s, %s",mechID,machine);
+ success = true;
} else {
- trans.error().printf("Call to AAF Certman failed, %s",
+ transitiveInfo.error().printf("Call to AAF Certman failed, %s",
errMsg.toMsg(fup));
}
}
} else {
- trans.error().printf("Call to AAF Certman failed, %s %s, %s",
+ transitiveInfo.error().printf("Call to AAF Certman failed, %s %s, %s",
errMsg.toMsg(fread),mechID,machine);
}
} finally {
tt.done();
}
+ return success ? 0 : 1;
}
- private static void deleteArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
+ /**
+ *
+ * @param transitiveInfo
+ * @param aafcon
+ * @param cmds
+ * @return exit code for shell
+ * @throws Exception
+ */
+ private static int deleteArtifact(Trans transitiveInfo, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
+ boolean success = false;
String mechid = fqi(cmds);
String machine = machine(cmds);
- TimeTaken tt = trans.start("Delete Artifact", Env.REMOTE);
+ TimeTaken tt = transitiveInfo.start("Delete Artifact", Env.REMOTE);
try {
Future<Void> future = aafcon.client(CM_VER)
.delete("/cert/artifacts/"+mechid+"/"+machine,"application/json" );
if (future.get(TIMEOUT)) {
- trans.info().printf("Call to AAF Certman successful %s, %s",mechid,machine);
+ transitiveInfo.info().printf("Call to AAF Certman successful %s, %s",mechid,machine);
+ success = true;
} else {
- trans.error().printf("Call to AAF Certman failed, %s %s, %s",
+ transitiveInfo.error().printf("Call to AAF Certman failed, %s %s, %s",
errMsg.toMsg(future),mechid,machine);
}
} finally {
tt.done();
}
+ return success ? 0 : 1;
}
-
- private static boolean placeCerts(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
- boolean rv = false;
+ /**
+ *
+ * @param transitiveInfo
+ * @param aafcon
+ * @param cmds
+ * @return exit code for shell
+ * @throws Exception
+ */
+ private static int placeCerts(Trans transitiveInfo, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
+ boolean success = false;
String mechID = fqi(cmds);
String machine = machine(cmds);
String[] fqdns = Split.split(':', machine);
machine = fqdns[1];
} else {
key = machine;
- fqdns = machines(cmds);
+ if(cmds.size()>0) {
+ fqdns = machines(cmds);
+ } else {
+ // make sure machine is also in SANS
+ fqdns = new String[] {machine};
+ }
}
- TimeTaken tt = trans.start("Place Artifact", Env.REMOTE);
+ TimeTaken tt = transitiveInfo.start("Place Artifact", Env.REMOTE);
try {
Future<Artifacts> acf = aafcon.client(CM_VER)
.read("/cert/artifacts/"+mechID+'/'+key, artifactsDF);
for (String type : a.getType()) {
PlaceArtifact pa = placeArtifact.get(type);
if (pa!=null) {
- if (rv = pa.place(trans, capi, a,machine)) {
- notifyPlaced(a,rv);
- }
+ pa.place(transitiveInfo, capi, a,machine);
+ success = true;
}
}
// Cover for the above multiple pass possibilities with some static Data, then clear per Artifact
} else {
- trans.error().log(errMsg.toMsg(f));
+ transitiveInfo.error().log(errMsg.toMsg(f));
}
} else {
- trans.error().log("You must be OS User \"" + a.getOsUser() +"\" to place Certificates on this box");
+ transitiveInfo.error().log("You must be OS User \"" + a.getOsUser() +"\" to place Certificates on this box");
}
}
}
PropHolder.writeAll();
} else {
- trans.error().log(errMsg.toMsg(acf));
+ transitiveInfo.error().log(errMsg.toMsg(acf));
}
} finally {
tt.done();
}
- return rv;
+ return success ? 0 : 1;
}
- private static void notifyPlaced(Artifact a, boolean rv) {
- }
- private static void showPass(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
+ /**
+ *
+ * @param transitiveInfo
+ * @param aafcon
+ * @param cmds
+ * @return exit code for shell
+ * @throws Exception
+ */
+ private static int showPass(Trans transitiveInfo, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
+ boolean success = false;
String mechID = fqi(cmds);
String machine = machine(cmds);
- TimeTaken tt = trans.start("Show Password", Env.REMOTE);
+ TimeTaken tt = transitiveInfo.start("Show Password", Env.REMOTE);
try {
Future<Artifacts> acf = aafcon.client(CM_VER)
.read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);
if (pf.get(TIMEOUT)) {
allowed = true;
} else {
- trans.error().log(errMsg.toMsg(pf));
+ transitiveInfo.error().log(errMsg.toMsg(pf));
}
}
if (allowed) {
System.out.printf("%s=%s\n", en.getKey(), symm.depass(en.getValue().toString()));
}
}
+ success = true;
} else {
- trans.error().printf("%s.keyfile must exist to read passwords for %s on %s",
+ transitiveInfo.error().printf("%s.keyfile must exist to read passwords for %s on %s",
f.getAbsolutePath(),a.getMechid(), a.getMachine());
}
}
}
}
} else {
- trans.error().log(errMsg.toMsg(acf));
+ transitiveInfo.error().log(errMsg.toMsg(acf));
}
} finally {
tt.done();
}
+ return success ? 0 : 1;
}
- private static void keypairGen(final Trans trans, final PropAccess access, final Deque<String> cmds) throws IOException {
+
+ /**
+ *
+ * @param transitiveInfo
+ * @param aafcon
+ * @param cmds
+ * @return exit code for shell
+ * @throws IOException
+ */
+ private static int keypairGen(final Trans transitiveInfo, final PropAccess access, final Deque<String> cmds) throws IOException {
final String fqi = fqi(cmds);
final String ns = FQI.reverseDomain(fqi);
File dir = new File(access.getProperty(Config.CADI_ETCDIR,".")); // default to current Directory
String line = AAFSSO.cons.readLine("%s exists. Overwrite? (y/n): ", f.getCanonicalPath());
if (!"Y".equalsIgnoreCase(line)) {
System.out.println("Canceling...");
- return;
+ return 0;
}
}
- KeyPair kp = Factory.generateKeyPair(trans);
- ArtifactDir.write(f, Chmod.to400, Factory.toString(trans, kp.getPrivate()));
+ KeyPair kp = Factory.generateKeyPair(transitiveInfo);
+ ArtifactDir.write(f, Chmod.to400, Factory.toString(transitiveInfo, kp.getPrivate()));
System.out.printf("Wrote %s\n", f.getCanonicalFile());
f=new File(dir,ns+".pubkey");
- ArtifactDir.write(f, Chmod.to644, Factory.toString(trans, kp.getPublic()));
+ ArtifactDir.write(f, Chmod.to644, Factory.toString(transitiveInfo, kp.getPublic()));
System.out.printf("Wrote %s\n", f.getCanonicalFile());
+ return 0;
}
- private static void config(Trans trans, PropAccess propAccess, String[] args, Deque<String> cmds) throws Exception {
- TimeTaken tt = trans.start("Get Configuration", Env.REMOTE);
+ /**
+ *
+ * @param transitiveInfo
+ * @param propAccess
+ * @param args
+ * @param cmds
+ * @return exit code for shell
+ * @throws Exception
+ */
+ private static int config(Trans transitiveInfo, PropAccess propAccess, String[] args, Deque<String> cmds) throws Exception {
+ boolean success = true;
+ TimeTaken tt = transitiveInfo.start("Get Configuration", Env.REMOTE);
try {
final String fqi = fqi(cmds);
Artifact arti = new Artifact();
app.add(Config.CADI_PROP_FILES, loc.getPath()+':'+cred.getPath());
for (String tag : LOC_TAGS) {
- loc.add(tag, getProperty(propAccess, trans, false, tag, "%s: ",tag));
+ loc.add(tag, getProperty(propAccess, transitiveInfo, false, tag, "%s: ",tag));
}
String keyfile = cred.getKeyPath();
} else {
aafcon = aafcon(propAccess);
if (aafcon!=null) { // get Properties from Remote AAF
- for (Props props : aafProps(trans,aafcon,getProperty(propAccess,aafcon.env,false,Config.AAF_LOCATE_URL,"AAF Locator URL: "),fqi)) {
+ for (Props props : aafProps(transitiveInfo,aafcon,getProperty(propAccess,aafcon.env,false,Config.AAF_LOCATE_URL,"AAF Locator URL: "),fqi)) {
PropHolder ph = CRED_TAGS.contains(props.getTag())?cred:app;
if(props.getTag().endsWith("_password")) {
ph.addEnc(props.getTag(), props.getValue());
} finally {
tt.done();
}
+ return success ? 0 : 1;
}
- public static List<Props> aafProps(Trans trans, AAFCon<?> aafcon, String locator, String fqi) throws CadiException, APIException, LocatorException {
+ public static List<Props> aafProps(Trans transitiveInfo, AAFCon<?> aafcon, String locator, String fqi) throws CadiException, APIException, LocatorException {
Future<Configuration> acf = aafcon.client(new SingleEndpointLocator(locator))
.read("/configure/"+fqi+"/aaf", configDF);
if (acf.get(TIMEOUT)) {
return acf.value.getProps();
} else if (acf.code()==401){
- trans.error().log("Bad Password sent to AAF");
+ transitiveInfo.error().log("Bad Password sent to AAF");
} else if (acf.code()==404){
- trans.error().log("This version of AAF does not support remote Properties");
+ transitiveInfo.error().log("This version of AAF does not support remote Properties");
} else {
- trans.error().log(errMsg.toMsg(acf));
+ transitiveInfo.error().log(errMsg.toMsg(acf));
}
return new ArrayList<>();
}
- private static void validate(final PropAccess pa) throws LocatorException, CadiException, APIException {
+ /**
+ *
+ * @param pa
+ * @return exit code for shell
+ * @throws LocatorException
+ * @throws CadiException
+ * @throws APIException
+ */
+ private static int validate(final PropAccess pa) throws LocatorException, CadiException, APIException {
System.out.println("Validating Configuration...");
final AAFCon<?> aafcon = new AAFConHttp(pa,Config.AAF_URL,new SecurityInfoC<HttpURLConnection>(pa));
- aafcon.best(new Retryable<Void>() {
+ return aafcon.best(new Retryable<Integer>() {
@Override
- public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ public Integer code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ boolean success = false;
Future<Perms> fc = client.read("/authz/perms/user/"+aafcon.defID(),permDF);
if (fc.get(aafcon.timeout)) {
System.out.print("Success connecting to ");
System.out.print('|');
System.out.println(p.getAction());
}
+ success = true;
} else {
System.err.println("Error: " + fc.code() + ' ' + fc.body());
}
- return null;
+ return success ? 0 : 1;
}
});
}
/**
* Check returns Error Codes, so that Scripts can know what to do
*
- * 0 - Check Complete, nothing to do
- * 1 - General Error
- * 2 - Error for specific Artifact - read check.msg
- * 10 - Certificate Updated - check.msg is email content
+ * <ul>0 - Check Complete, nothing to do</ul>
+ * <ul>1 - General Error</ul>
+ * <ul>2 - Error for specific Artifact - read check.msg</ul>
+ * <ul>10 - Certificate Updated - check.msg is email content</ul>
*
- * @param trans
+ * @param transitiveInfo
* @param aafcon
* @param cmds
* @return
* @throws Exception
*/
- private static int check(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
+ private static int check(Trans transitiveInfo, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {
int exitCode=1;
String mechID = fqi(cmds);
String machine = machine(cmds);
- TimeTaken tt = trans.start("Check Certificate", Env.REMOTE);
+ TimeTaken tt = transitiveInfo.start("Check Certificate", Env.REMOTE);
try {
Future<Artifacts> acf = aafcon.client(CM_VER)
String prop;
File f;
- if ((prop=trans.getProperty(Config.CADI_KEYFILE))==null ||
+ if ((prop=transitiveInfo.getProperty(Config.CADI_KEYFILE))==null ||
!(f=new File(prop)).exists()) {
- trans.error().printf("Keyfile must exist to check Certificates for %s on %s",
+ transitiveInfo.error().printf("Keyfile must exist to check Certificates for %s on %s",
a.getMechid(), a.getMachine());
} else {
- String ksf = trans.getProperty(Config.CADI_KEYSTORE);
- String ksps = trans.getProperty(Config.CADI_KEYSTORE_PASSWORD);
+ String ksf = transitiveInfo.getProperty(Config.CADI_KEYSTORE);
+ String ksps = transitiveInfo.getProperty(Config.CADI_KEYSTORE_PASSWORD);
if (ksf==null || ksps == null) {
- trans.error().printf("Properties %s and %s must exist to check Certificates for %s on %s",
+ transitiveInfo.error().printf("Properties %s and %s must exist to check Certificates for %s on %s",
Config.CADI_KEYSTORE, Config.CADI_KEYSTORE_PASSWORD,a.getMechid(), a.getMachine());
} else {
Symm symm = ArtifactDir.getSymm(f);
if (cert==null) {
msg = String.format("X509Certificate does not exist for %s on %s in %s",
a.getMechid(), a.getMachine(), ksf);
- trans.error().log(msg);
+ transitiveInfo.error().log(msg);
exitCode = 2;
} else {
GregorianCalendar renew = new GregorianCalendar();
if (renew.after(now)) {
msg = String.format("X509Certificate for %s on %s has been checked on %s. It expires on %s; it will not be renewed until %s.\n",
a.getMechid(), a.getMachine(),Chrono.dateOnlyStamp(now),cert.getNotAfter(),Chrono.dateOnlyStamp(renew));
- trans.info().log(msg);
+ transitiveInfo.info().log(msg);
exitCode = 0; // OK
} else {
- trans.info().printf("X509Certificate for %s on %s expiration, %s, needs Renewal.\n",
+ transitiveInfo.info().printf("X509Certificate for %s on %s expiration, %s, needs Renewal.\n",
a.getMechid(), a.getMachine(),cert.getNotAfter());
cmds.offerLast(mechID);
cmds.offerLast(machine);
- if (placeCerts(trans,aafcon,cmds)) {
+ if (placeCerts(transitiveInfo,aafcon,cmds) == 0) {
msg = String.format("X509Certificate for %s on %s has been renewed. Ensure services using are refreshed.\n",
a.getMechid(), a.getMachine());
exitCode = 10; // Refreshed
}
}
} else {
- trans.error().log(errMsg.toMsg(acf));
+ transitiveInfo.error().log(errMsg.toMsg(acf));
exitCode=1;
}
} finally {
import org.onap.aaf.misc.env.Trans;
public interface PlaceArtifact {
- public boolean place(Trans trans, CertInfo cert, Artifact arti, String machine) throws CadiException;
+ /**
+ *
+ * @param transientInfo of the caller
+ * @param certificateInfo describing the certificate
+ * @param artifact
+ * @param machineName
+ * @return if successful, true, otherwise false
+ * @throws CadiException
+ */
+ public boolean place(Trans transientInfo, CertInfo certificateInfo, Artifact artifact, String machineName) throws CadiException;
}
/.settings/
/target/
/.project
+/.checkstyle
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
import org.onap.aaf.misc.env.Data.TYPE;
import org.onap.aaf.misc.env.util.Pool.Pooled;
import org.onap.aaf.misc.rosetta.env.RosettaDF;
-
/**
* Low Level Http Client Mechanism. Chances are, you want the high level "HRcli"
* for Rosetta Object Translation
is = huc.getInputStream();
// reuse Buffers
Pooled<byte[]> pbuff = Rcli.buffPool.get();
- try {
+ try {
while ((read=is.read(pbuff.content))>=0) {
- os.write(pbuff.content,0,read);
+ os.write(pbuff.content,0,read);
}
} finally {
pbuff.done();
if (is!=null) {
errContent = new StringBuilder();
Pooled<byte[]> pbuff = Rcli.buffPool.get();
- try {
+ try {
while ((read=is.read(pbuff.content))>=0) {
- os.write(pbuff.content,0,read);
+ os.write(pbuff.content,0,read);
}
} finally {
pbuff.done();
import java.util.Date;
import org.onap.aaf.cadi.LocatorException;
+import org.onap.aaf.cadi.config.SecurityInfoC;
public class SingleEndpointLocator implements SizedLocator<URI> {
private final URI uri;
private final static Item item = new Item() {};
private Date noRetryUntil;
+ /**
+ * New constructor that works with the Config.loadLocator function
+ */
+ public SingleEndpointLocator(final SecurityInfoC<?> sec, final URI uri) throws LocatorException {
+ this.uri = uri;
+ }
+
public SingleEndpointLocator(final URI uri) {
this.uri = uri;
}
package org.onap.aaf.cadi.locator.test;
import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.CoreMatchers.anyOf;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.fail;
item = dl.best();
uri = dl.get(item);
- assertThat(uri.toString(), is("https://localhost:8100"));
+ assertThat(uri.toString(), anyOf(is("https://localhost:8100"), is("https://127.0.0.1:8100")));
item = dl.best();
- assertThat(uri.toString(), is("https://localhost:8100"));
+ assertThat(uri.toString(), anyOf(is("https://localhost:8100"), is("https://127.0.0.1:8100")));
assertThat(dl.hasItems(), is(true));
for (item = dl.first(); item != null; item = dl.next(item)) {
/.settings/
/target/
/.project
+/.checkstyle
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
<relativePath>..</relativePath>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
+/**
+ *
+ *
+ * @author Jonathan
+ *
+ */
public class Hash {
private static char hexDigit[] = "0123456789abcdef".toCharArray();
return compare;
}
+ /**
+ * @param ba
+ * @return
+ */
public static String toHexNo0x(byte[] ba) {
StringBuilder sb = new StringBuilder();
for (byte b : ba) {
return sb.toString();
}
+ /**
+ * @param ba
+ * @return
+ */
public static String toHex(byte[] ba) {
StringBuilder sb = new StringBuilder("0x");
for (byte b : ba) {
}
- public static byte[] fromHex(String s) throws CadiException{
- if (!s.startsWith("0x")) {
- throw new CadiException("HexString must start with \"0x\"");
- }
- boolean high = true;
- int c;
+ public static byte[] fromHex(String s) {
+ if(!s.startsWith("0x")) {
+ return fromHexNo0x(s);
+ }
byte b;
- byte[] ba = new byte[(s.length()-2)/2];
+ int c;
+ byte[] ba;
+ int extra = s.length()%2; // odd requires extra
+ ba = new byte[(s.length()-2)/2 + extra];
+ boolean high = extra==0;
+
int idx;
for (int i=2;i<s.length();++i) {
c = s.charAt(i);
} else if (c>=0x41 && c<=0x46) {
b=(byte)(c-0x37);
} else {
- throw new CadiException("Invalid char '" + c + "' in HexString");
+ return null;
}
- idx = (i-2)/2;
+ idx = (i-2+extra)/2;
if (high) {
ba[idx]=(byte)(b<<4);
high = false;
}
return ba;
}
-
+
/**
* Does not expect to start with "0x"
* if Any Character doesn't match, it returns null;
* @return
*/
public static byte[] fromHexNo0x(String s) {
- int c;
byte b;
+ int c;
byte[] ba;
- boolean high;
- int start;
- if (s.length()%2==0) {
- ba = new byte[s.length()/2];
- high=true;
- start=0;
- } else {
- ba = new byte[(s.length()/2)+1];
- high = false;
- start=1;
- }
+ int extra = s.length()%2; // odd requires extra byte to store
+ ba = new byte[(s.length())/2 + extra];
+ boolean high = extra==0;
+
int idx;
- for (int i=start;i<s.length();++i) {
- c = s.charAt((i-start));
+ for (int i=0;i<s.length();++i) {
+ c = s.charAt(i);
if (c>=0x30 && c<=0x39) {
b=(byte)(c-0x30);
} else if (c>=0x61 && c<=0x66) {
} else {
return null;
}
- idx = i/2;
+ idx = (i+extra)/2;
if (high) {
ba[idx]=(byte)(b<<4);
high = false;
}
return ba;
}
-
}
import org.onap.aaf.cadi.util.Split;
/**
- * Create a Consistent Configuration mechanism, even when configuration styles are as vastly different as
- * Properties vs JavaBeans vs FilterConfigs...
+ * Create a Consistent Configuration mechanism, even when configuration styles
+ * are as vastly different as Properties vs JavaBeans vs FilterConfigs...
*
* @author Jonathan
*
public class Config {
private static final String AAF_V2_0 = "org.onap.aaf.cadi.aaf.v2_0";
- private static final String AAF_V2_0_AAFCON = AAF_V2_0+".AAFCon";
- private static final String AAF_V2_0_AAF_LUR_PERM = AAF_V2_0+".AAFLurPerm";
- public static final String AAF_V2_0_AAF_CON_HTTP = AAF_V2_0+".AAFConHttp";
+ private static final String AAF_V2_0_AAFCON = AAF_V2_0 + ".AAFCon";
+ private static final String AAF_V2_0_AAF_LUR_PERM = AAF_V2_0 + ".AAFLurPerm";
+ public static final String AAF_V2_0_AAF_CON_HTTP = AAF_V2_0 + ".AAFConHttp";
private static final String OAUTH = "org.onap.auth.oauth";
- private static final String OAUTH_TOKEN_MGR = OAUTH+".TokenMgr";
- private static final String OAUTH_HTTP_TAF = OAUTH+".OAuth2HttpTaf";
- private static final String OAUTH_DIRECT_TAF = OAUTH+".OAuthDirectTAF";
+ private static final String OAUTH_TOKEN_MGR = OAUTH + ".TokenMgr";
+ private static final String OAUTH_HTTP_TAF = OAUTH + ".OAuth2HttpTaf";
+ private static final String OAUTH_DIRECT_TAF = OAUTH + ".OAuthDirectTAF";
public static final String UTF_8 = "UTF-8";
// Property Names associated with configurations.
- // As of 1.0.2, these have had the dots removed so as to be compatible with JavaBean style
+ // As of 1.0.2, these have had the dots removed so as to be compatible with
+ // JavaBean style
// configurations as well as property list style.
public static final String HOSTNAME = "hostname";
public static final String CADI_PROP_FILES = "cadi_prop_files"; // Additional Properties files (separate with ;)
public static final String CADI_LOGDIR = "cadi_log_dir";
public static final String CADI_ETCDIR = "cadi_etc_dir";
public static final String CADI_LOGNAME = "cadi_logname";
-// public static final String CADI_LOGFMT="cad_logging_format";
-// public static final String CADI_LOGFMT_UTC="UTC";
-// public static final String CADI_LOGFMT_ISO8601="ISO-8601";
+ // public static final String CADI_LOGFMT="cad_logging_format";
+ // public static final String CADI_LOGFMT_UTC="UTC";
+ // public static final String CADI_LOGFMT_ISO8601="ISO-8601";
public static final String CADI_KEYFILE = "cadi_keyfile";
public static final String CADI_KEYSTORE = "cadi_keystore";
public static final String CADI_KEYSTORE_PASSWORD = "cadi_keystore_password";
public static final String CADI_LATITUDE = "cadi_latitude";
public static final String CADI_LONGITUDE = "cadi_longitude";
-
public static final String CADI_KEY_PASSWORD = "cadi_key_password";
public static final String CADI_TRUSTSTORE = "cadi_truststore";
public static final String CADI_TRUSTSTORE_PASSWORD = "cadi_truststore_password";
public static final String CADI_X509_ISSUERS = "cadi_x509_issuers";
- public static final String CADI_TRUST_MASKS="cadi_trust_masks";
- public static final String CADI_TRUST_PERM="cadi_trust_perm"; // IDs with this perm can utilize the "AS " user concept
+ public static final String CADI_TRUST_MASKS = "cadi_trust_masks";
+ public static final String CADI_TRUST_PERM = "cadi_trust_perm"; // IDs with this perm can utilize the "AS " user
+ // concept
public static final String CADI_PROTOCOLS = "cadi_protocols";
public static final String CADI_NOAUTHN = "cadi_noauthn";
public static final String CADI_LOC_LIST = "cadi_loc_list";
public static final String CADI_USER_CHAIN_TAG = "cadi_user_chain";
public static final String CADI_USER_CHAIN = "USER_CHAIN";
- public static final String CADI_OAUTH2_URL="cadi_oauth2_url";
+ public static final String CADI_OAUTH2_URL = "cadi_oauth2_url";
public static final String CADI_TOKEN_DIR = "cadi_token_dir";
public static final String HTTPS_PROTOCOLS = "https.protocols";
- public static final String HTTPS_CLIENT_PROTOCOLS="jdk.tls.client.protocols";
+ public static final String HTTPS_CLIENT_PROTOCOLS = "jdk.tls.client.protocols";
public static final String HTTPS_PROTOCOLS_DEFAULT = "TLSv1.1,TLSv1.2";
public static final String HTTPS_CIPHER_SUITES = "https.cipherSuites";
- public static final String HTTPS_CIPHER_SUITES_DEFAULT="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,"
+ public static final String HTTPS_CIPHER_SUITES_DEFAULT = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,"
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,"
+ "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,"
+ "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,"
+ "TLS_ECDH_RSA_WITH_RC4_128_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,"
+ "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV";
-
public static final String LOCALHOST_ALLOW = "localhost_allow";
public static final String LOCALHOST_DENY = "localhost_deny";
- public static final String BASIC_REALM = "basic_realm"; // what is sent to the client
- public static final String BASIC_WARN = "basic_warn"; // Warning of insecure channel
+ public static final String BASIC_REALM = "basic_realm"; // what is sent to the client
+ public static final String BASIC_WARN = "basic_warn"; // Warning of insecure channel
public static final String USERS = "local_users";
public static final String GROUPS = "local_groups";
public static final String WRITE_TO = "local_writeto"; // dump RBAC to local file in Tomcat Style (some apps use)
- public static final String OAUTH_CLIENT_ID="client_id";
- public static final String OAUTH_CLIENT_SECRET="client_secret";
+ public static final String OAUTH_CLIENT_ID = "client_id";
+ public static final String OAUTH_CLIENT_SECRET = "client_secret";
public static final String AAF_ENV = "aaf_env";
public static final String AAF_ROOT_NS = "aaf_root_ns";
public static final String AAF_ROOT_NS_DEF = "org.osaaf.aaf";
public static final String AAF_ROOT_COMPANY = "aaf_root_company";
/**
- * Use Config.getAAFLocateUrl(access) to get correct property in/out of container
+ * Use Config.getAAFLocateUrl(access) to get correct property in/out of
+ * container
*/
- public static final String AAF_LOCATE_URL = "aaf_locate_url"; //URL for AAF locator
+ public static final String AAF_LOCATE_URL = "aaf_locate_url"; // URL for AAF locator
public static final String AAF_LOCATE_URL_TAG = "AAF_LOCATE_URL"; // Name of Above for use in Config Variables.
public static final String AAF_DEFAULT_API_VERSION = "2.1";
- public static final String AAF_DEPLOYED_VERSION="aaf_deployed_version";
+ public static final String AAF_DEPLOYED_VERSION = "aaf_deployed_version";
public static final String AAF_API_VERSION = "aaf_api_version";
- public static final String AAF_URL = "aaf_url"; //URL for AAF... Use to trigger AAF configuration
+ public static final String AAF_URL = "aaf_url"; // URL for AAF... Use to trigger AAF configuration
public static final String AAF_LOCATOR_CLASS = "aaf_locator_class";
- // AAF Locator Entries are ADDITIONAL entries, which also gives the Property ability
+ // AAF Locator Entries are ADDITIONAL entries, which also gives the Property
+ // ability
// to set these entries manually
// example: adding a K8S name like "oom"
// this will allow Registrations to pick up
// locator_ns.oom for onap's "OOM" based k8s entries, etc.
- public static final String AAF_LOCATOR_CONTAINER="aaf_locator_container";
- // An ID for another Container, to be used to avoid picking up the wrong internal info
+ public static final String AAF_LOCATOR_CONTAINER = "aaf_locator_container";
+ // An ID for another Container, to be used to avoid picking up the wrong
+ // internal info
// for another container.
public static final String AAF_LOCATOR_CONTAINER_ID = "aaf_locator_container_id";
public static final String AAF_LOCATOR_CONTAINER_NS = "aaf_locator_container_ns";
// AAF Service will write to the Audit Log if a past due AAF stored Password
// is being used within # of days specified.
- public static final String AAF_CRED_WARN_DAYS="aaf_cred_warn_days";
- public static final String AAF_CRED_WARN_DAYS_DFT="7";
+ public static final String AAF_CRED_WARN_DAYS = "aaf_cred_warn_days";
+ public static final String AAF_CRED_WARN_DAYS_DFT = "7";
public static final String AAF_APPID = "aaf_id";
public static final String AAF_APPPASS = "aaf_password";
// Default Classes: These are for Class loading to avoid direct compile links
public static final String AAF_TAF_CLASS_DEF = "org.onap.aaf.cadi.aaf.v2_0.AAFTaf";
public static final String AAF_LOCATOR_CLASS_DEF = "org.onap.aaf.cadi.aaf.v2_0.AAFLocator";
+ public static final String AAF_LOCATOR_CLASS_SINGLE = "org.onap.aaf.cadi.locator.SingleEndpointLocator";
+
public static final String CADI_OLUR_CLASS_DEF = "org.onap.aaf.cadi.olur.OLur";
public static final String CADI_OBASIC_HTTP_TAF_DEF = "org.onap.aaf.cadi.obasic.OBasicHttpTaf";
public static final String CADI_AAF_CON_DEF = "org.onap.aaf.cadi.aaf.v2_0.AAFCon";
public static final String AAF_HIGH_COUNT = "aaf_high_count";
public static final String AAF_HIGH_COUNT_DEF = "1000"; // Default is 1000 entries
public static final String AAF_PERM_MAP = "aaf_perm_map";
-// public static final String AAF_COMPONENT = "aaf_component";
+ // public static final String AAF_COMPONENT = "aaf_component";
public static final String AAF_CERT_IDS = "aaf_cert_ids";
public static final String AAF_DEBUG_IDS = "aaf_debug_ids"; // comma delimited
public static final String AAF_DATA_DIR = "aaf_data_dir"; // AAF processes and Components only.
public static final String AAF_URL_OAUTH = "aaf_url_oauth";
- public static final String AAF_URL_GUI="aaf_url_gui";
- public static final String AAF_URL_FS="aaf_url_fs";
+ public static final String AAF_URL_GUI = "aaf_url_gui";
+ public static final String AAF_URL_FS = "aaf_url_fs";
public static final String AAF_URL_CM = "aaf_url_cm";
- public static final String AAF_URL_CM_DEF = "https://AAF_LOCATE_URL/AAF_NS.cm:"+AAF_DEFAULT_API_VERSION;
+ public static final String AAF_URL_CM_DEF = "https://AAF_LOCATE_URL/AAF_NS.cm:" + AAF_DEFAULT_API_VERSION;
public static final String AAF_URL_HELLO = "aaf_url_hello";
public static final String CM_TRUSTED_CAS = "cm_trusted_cas";
- // let NS Owners choose with <ns>.certman aaf ignoreIPs" to ignoreIP Check for Configs
+ // let NS Owners choose with <ns>.certman aaf ignoreIPs" to ignoreIP Check for
+ // Configs
// Probably only want to allow in a DEV Env.
- public static final String CM_ALLOW_IGNORE_IPS="cm_allow_ignore_ips";
- // Docker doesn't have a default DNS. The property turns off IP Checking of DNSs before creating.
- public static final String CM_ALWAYS_IGNORE_IPS="cm_always_ignore_ips";
+ public static final String CM_ALLOW_IGNORE_IPS = "cm_allow_ignore_ips";
+ // Docker doesn't have a default DNS. The property turns off IP Checking of DNSs
+ // before creating.
+ public static final String CM_ALWAYS_IGNORE_IPS = "cm_always_ignore_ips";
public static final String PATHFILTER_URLPATTERN = "pathfilter_urlpattern";
public static final String PATHFILTER_STACK = "pathfilter_stack";
// This one should go unpublic
public static final String AAF_DEFAULT_REALM = "aaf_default_realm";
- private static String defaultRealm="none";
+ private static String defaultRealm = "people.osaaf.org";
public static final String AAF_DOMAIN_SUPPORT = "aaf_domain_support";
public static final String AAF_DOMAIN_SUPPORT_DEF = ".com:.org";
public static final String AAF_ALT_CLIENT_ID = "aaf_alt_oauth2_client_id";
public static final String AAF_ALT_CLIENT_SECRET = "aaf_alt_oauth2_client_secret";
public static final String AAF_OAUTH2_HELLO_URL = "aaf_oauth2_hello_url";
-
-
-
+
public static void setDefaultRealm(Access access) {
try {
- defaultRealm = logProp(access,Config.AAF_DEFAULT_REALM,
- logProp(access,Config.BASIC_REALM,
- logProp(access,HOSTNAME,InetAddress.getLocalHost().getHostName())
- )
- );
+ defaultRealm = logProp(access, Config.AAF_DEFAULT_REALM, logProp(access, Config.BASIC_REALM,
+ logProp(access, HOSTNAME, InetAddress.getLocalHost().getHostName())));
} catch (UnknownHostException e) {
- access.log(Level.INIT, "Unable to determine Hostname",e);
+ access.log(Level.INIT, "Unable to determine Hostname", e);
}
}
- public static HttpTaf configHttpTaf(Connector con, SecurityInfoC<HttpURLConnection> si, TrustChecker tc, CredVal up, Lur lur, Object ... additionalTafLurs) throws CadiException, LocatorException {
+ public static HttpTaf configHttpTaf(Connector con, SecurityInfoC<HttpURLConnection> si, TrustChecker tc, CredVal up,
+ Lur lur, Object... additionalTafLurs) throws CadiException, LocatorException {
Access access = si.access;
RegistrationPropHolder rph;
try {
/////////////////////////////////////////////////////
// Setup AAFCon for any following
/////////////////////////////////////////////////////
- Class<?> aafConClass = loadClass(access,CADI_AAF_CON_DEF);
+ Class<?> aafConClass = loadClass(access, CADI_AAF_CON_DEF);
Object aafcon = null;
- if (con!=null && aafConClass!=null && aafConClass.isAssignableFrom(con.getClass())) {
+ if (con != null && aafConClass != null && aafConClass.isAssignableFrom(con.getClass())) {
aafcon = con;
} else if (lur != null) {
Field f;
}
}
- boolean hasDirectAAF = hasDirect("DirectAAFLur",additionalTafLurs);
- // IMPORTANT! Don't attempt to load AAF Connector if there is no AAF URL
- String aafURL = logProp(rph, AAF_URL,null);
- if (!hasDirectAAF && aafcon==null && aafURL!=null) {
+ boolean hasDirectAAF = hasDirect("DirectAAFLur", additionalTafLurs);
+ // IMPORTANT! Don't attempt to load AAF Connector if there is no AAF URL
+ String aafURL = logProp(rph, AAF_URL, null);
+ if (!hasDirectAAF && aafcon == null && aafURL != null) {
aafcon = loadAAFConnector(si, aafURL);
}
HttpTaf taf;
- // Setup Host, in case Network reports an unusable Hostname (i.e. VTiers, VPNs, etc)
- String hostname = logProp(access, HOSTNAME,null);
- if (hostname==null) {
+ // Setup Host, in case Network reports an unusable Hostname (i.e. VTiers, VPNs,
+ // etc)
+ String hostname = logProp(access, HOSTNAME, null);
+ if (hostname == null) {
try {
hostname = InetAddress.getLocalHost().getHostName();
} catch (UnknownHostException e1) {
- throw new CadiException("Unable to determine Hostname",e1);
+ throw new CadiException("Unable to determine Hostname", e1);
}
}
- access.log(Level.INIT, "Hostname set to",hostname);
+ access.log(Level.INIT, "Hostname set to", hostname);
// Get appropriate TAFs
ArrayList<Priori<HttpTaf>> htlist = new ArrayList<>();
// Note: how IPs and IDs are added are up to service type.
// They call "DenialOfServiceTaf.denyIP(String) or denyID(String)
/////////////////////////////////////////////////////
- htlist.add(new Priori<HttpTaf>(new DenialOfServiceTaf(access),0));
+ htlist.add(new Priori<HttpTaf>(new DenialOfServiceTaf(access), 0));
/////////////////////////////////////////////////////
// Configure Client Cert TAF
/////////////////////////////////////////////////////
X509Taf x509TAF = null;
- String truststore = logProp(access, CADI_TRUSTSTORE,null);
- if (truststore!=null) {
- String truststorePwd = access.getProperty(CADI_TRUSTSTORE_PASSWORD,null);
- if (truststorePwd!=null) {
+ String truststore = logProp(access, CADI_TRUSTSTORE, null);
+ if (truststore != null) {
+ String truststorePwd = access.getProperty(CADI_TRUSTSTORE_PASSWORD, null);
+ if (truststorePwd != null) {
if (truststorePwd.startsWith(Symm.ENC)) {
try {
- access.decrypt(truststorePwd,false);
+ access.decrypt(truststorePwd, false);
} catch (IOException e) {
- throw new CadiException(CADI_TRUSTSTORE_PASSWORD + " cannot be decrypted",e);
+ throw new CadiException(CADI_TRUSTSTORE_PASSWORD + " cannot be decrypted", e);
}
}
try {
- x509TAF=new X509Taf(access,lur);
- htlist.add(new Priori<HttpTaf>(x509TAF,10));
- access.log(Level.INIT,"Certificate Authorization enabled");
+ x509TAF = new X509Taf(access, lur);
+ htlist.add(new Priori<HttpTaf>(x509TAF, 10));
+ access.log(Level.INIT, "Certificate Authorization enabled");
} catch (SecurityException | IllegalArgumentException e) {
- access.log(Level.INIT,"AAFListedCertIdentity cannot be instantiated. Certificate Authorization is now disabled",e);
+ access.log(Level.INIT,
+ "AAFListedCertIdentity cannot be instantiated. Certificate Authorization is now disabled",
+ e);
} catch (CertificateException e) {
- access.log(Level.INIT,"Certificate Authorization failed, it is disabled",e);
+ access.log(Level.INIT, "Certificate Authorization failed, it is disabled", e);
} catch (NoSuchAlgorithmException e) {
- access.log(Level.INIT,"Certificate Authorization failed, wrong Security Algorithm",e);
+ access.log(Level.INIT, "Certificate Authorization failed, wrong Security Algorithm", e);
}
}
} else {
- access.log(Level.INIT,"Certificate Authorization not enabled");
+ access.log(Level.INIT, "Certificate Authorization not enabled");
}
/////////////////////////////////////////////////////
// Configure Basic Auth (local content)
/////////////////////////////////////////////////////
boolean hasOAuthDirectTAF = hasDirect("DirectOAuthTAF", additionalTafLurs);
- String basicRealm = logProp(access, BASIC_REALM,null);
- String aafCleanup = logProp(access, AAF_USER_EXPIRES,AAF_USER_EXPIRES_DEF); // Default is 10 mins
+ String basicRealm = logProp(access, BASIC_REALM, null);
+ String aafCleanup = logProp(access, AAF_USER_EXPIRES, AAF_USER_EXPIRES_DEF); // Default is 10 mins
long userExp = Long.parseLong(aafCleanup);
- boolean basicWarn = "TRUE".equals(access.getProperty(BASIC_WARN,"FALSE"));
+ boolean basicWarn = "TRUE".equals(access.getProperty(BASIC_WARN, "FALSE"));
if (!hasDirectAAF) {
- HttpTaf aaftaf=null;
+ HttpTaf aaftaf = null;
if (!hasOAuthDirectTAF) {
- if (basicRealm!=null) {
+ if (basicRealm != null) {
@SuppressWarnings("unchecked")
- Class<HttpTaf> obasicCls = (Class<HttpTaf>)loadClass(access,CADI_OBASIC_HTTP_TAF_DEF);
- if (obasicCls!=null) {
+ Class<HttpTaf> obasicCls = (Class<HttpTaf>) loadClass(access, CADI_OBASIC_HTTP_TAF_DEF);
+ if (obasicCls != null) {
try {
- String tokenurl = logProp(rph,Config.AAF_OAUTH2_TOKEN_URL, null);
- String introspecturl = logProp(rph,Config.AAF_OAUTH2_INTROSPECT_URL, null);
- if (tokenurl==null || introspecturl==null) {
- access.log(Level.INIT,"Both tokenurl and introspecturl are required. Oauth Authorization is disabled.");
+ String tokenurl = logProp(rph, Config.AAF_OAUTH2_TOKEN_URL, null);
+ String introspecturl = logProp(rph, Config.AAF_OAUTH2_INTROSPECT_URL, null);
+ if (tokenurl == null || introspecturl == null) {
+ access.log(Level.INIT,
+ "Both tokenurl and introspecturl are required. Oauth Authorization is disabled.");
+ } else {
+ // try to construct the TAF instance. Try without the CredVal first (original code), change
+ // to try with a CredVal paramater if it fails as the newer ONAP code contains this in the OBasicHttpTaf constructor
+ System.out.println("TokenURL="+ tokenurl + "; IntrospectURL="+introspecturl);
+ Constructor<HttpTaf> obasicConst = null;
+ try {
+ obasicConst = obasicCls.getConstructor(PropAccess.class, String.class,
+ String.class, String.class);
+ htlist.add(new Priori<HttpTaf>(
+ obasicConst.newInstance(access, basicRealm, tokenurl, introspecturl), 20));
+ } catch (Exception e) {
+ obasicConst = obasicCls.getConstructor(PropAccess.class, CredVal.class, String.class, String.class, String.class);
+ htlist.add(new Priori<HttpTaf>(
+ obasicConst.newInstance(access, up, basicRealm, tokenurl, introspecturl), 20));
+ }
+
+ access.log(Level.INIT, "Oauth supported Basic Authorization is enabled");
}
- Constructor<HttpTaf> obasicConst = obasicCls.getConstructor(PropAccess.class,String.class, String.class, String.class);
- htlist.add(new Priori<HttpTaf>(obasicConst.newInstance(access,basicRealm,tokenurl,introspecturl),20));
- access.log(Level.INIT,"Oauth supported Basic Authorization is enabled");
- } catch (NoSuchMethodException | SecurityException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
+ } catch (NoSuchMethodException | SecurityException | InstantiationException
+ | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
access.log(Level.INIT, e);
}
- } else if (up!=null) {
- access.log(Level.INIT,"Basic Authorization is enabled using realm",basicRealm);
+ } else if (up != null) {
+ access.log(Level.INIT, "Basic Authorization is enabled using realm", basicRealm);
// Allow warning about insecure channel to be turned off
if (!basicWarn) {
access.log(Level.INIT, "WARNING! The basicWarn property has been set to false.",
- " There will be no additional warning if Basic Auth is used on an insecure channel");
+ " There will be no additional warning if Basic Auth is used on an insecure channel");
}
BasicHttpTaf bht = new BasicHttpTaf(access, up, basicRealm, userExp, basicWarn);
for (Object o : additionalTafLurs) {
if (o instanceof CredValDomain) {
- bht.add((CredValDomain)o);
+ bht.add((CredValDomain) o);
}
}
- if (x509TAF!=null) {
+ if (x509TAF != null) {
x509TAF.add(bht);
}
- htlist.add(new Priori<HttpTaf>(bht,20));
- access.log(Level.INIT,"Basic Authorization is enabled");
+ htlist.add(new Priori<HttpTaf>(bht, 20));
+ access.log(Level.INIT, "Basic Authorization is enabled");
}
} else {
- access.log(Level.INIT,"Local Basic Authorization is disabled. Enable by setting basicRealm=<appropriate realm, i.e. my.att.com>");
+ access.log(Level.INIT,
+ "Local Basic Authorization is disabled. Enable by setting basicRealm=<appropriate realm, i.e. my.att.com>");
}
/////////////////////////////////////////////////////
// Configure AAF Driven Basic Auth
/////////////////////////////////////////////////////
- if (aafcon==null) {
- access.log(Level.INIT,"AAF Connection (AAFcon) is null. Cannot create an AAF TAF");
- } else if (aafURL==null) {
- access.log(Level.INIT,"No AAF URL in properties, Cannot create an AAF TAF");
+ if (aafcon == null) {
+ access.log(Level.INIT, "AAF Connection (AAFcon) is null. Cannot create an AAF TAF");
+ } else if (aafURL == null) {
+ access.log(Level.INIT, "No AAF URL in properties, Cannot create an AAF TAF");
} else {// There's an AAF_URL... try to configure an AAF
- String aafTafClassName = logProp(access, AAF_TAF_CLASS,AAF_TAF_CLASS_DEF);
+ String aafTafClassName = logProp(access, AAF_TAF_CLASS, AAF_TAF_CLASS_DEF);
// Only 2.0 available at this time
if (AAF_TAF_CLASS_DEF.equals(aafTafClassName)) {
try {
- Class<?> aafTafClass = loadClass(access,aafTafClassName);
- if (aafTafClass!=null) {
- Constructor<?> cstr = aafTafClass.getConstructor(Connector.class,boolean.class,AbsUserCache.class);
- if (cstr!=null) {
+ Class<?> aafTafClass = loadClass(access, aafTafClassName);
+ if (aafTafClass != null) {
+ Constructor<?> cstr = aafTafClass.getConstructor(Connector.class, boolean.class,
+ AbsUserCache.class);
+ if (cstr != null) {
if (lur instanceof AbsUserCache) {
- aaftaf = (HttpTaf)cstr.newInstance(aafcon,basicWarn,lur);
+ aaftaf = (HttpTaf) cstr.newInstance(aafcon, basicWarn, lur);
} else {
- cstr = aafTafClass.getConstructor(Connector.class,boolean.class);
- if (cstr!=null) {
- aaftaf = (HttpTaf)cstr.newInstance(aafcon,basicWarn);
+ cstr = aafTafClass.getConstructor(Connector.class, boolean.class);
+ if (cstr != null) {
+ aaftaf = (HttpTaf) cstr.newInstance(aafcon, basicWarn);
}
}
- if (aaftaf==null) {
- access.log(Level.INIT,"ERROR! AAF TAF Failed construction. NOT Configured");
+ if (aaftaf == null) {
+ access.log(Level.INIT, "ERROR! AAF TAF Failed construction. NOT Configured");
} else {
- access.log(Level.INIT,"AAF TAF Configured to ",aafURL);
+ access.log(Level.INIT, "AAF TAF Configured to ", aafURL);
// Note: will add later, after all others configured
}
}
} else {
- access.log(Level.INIT, "There is no AAF TAF class available: %s. AAF TAF not configured.",aafTafClassName);
+ access.log(Level.INIT,
+ "There is no AAF TAF class available: %s. AAF TAF not configured.",
+ aafTafClassName);
}
} catch (Exception e) {
- access.log(Level.INIT,"ERROR! AAF TAF Failed construction. NOT Configured",e);
+ access.log(Level.INIT, "ERROR! AAF TAF Failed construction. NOT Configured", e);
}
}
}
// Configure OAuth TAF
/////////////////////////////////////////////////////
if (!hasOAuthDirectTAF) {
- String oauthTokenUrl = logProp(rph,Config.AAF_OAUTH2_TOKEN_URL,null);
+ String oauthTokenUrl = logProp(rph, Config.AAF_OAUTH2_TOKEN_URL, null);
Class<?> oadtClss;
try {
oadtClss = Class.forName(OAUTH_DIRECT_TAF);
oadtClss = null;
access.log(Level.DEBUG, e1);
}
- if (additionalTafLurs!=null && additionalTafLurs.length>0 && (oadtClss!=null && additionalTafLurs[0].getClass().isAssignableFrom(oadtClss))) {
- htlist.add(new Priori<HttpTaf>((HttpTaf)additionalTafLurs[0],30));
- String[] array= new String[additionalTafLurs.length-1];
- if (array.length>0) {
+ if (additionalTafLurs != null && additionalTafLurs.length > 0
+ && (oadtClss != null && additionalTafLurs[0].getClass().isAssignableFrom(oadtClss))) {
+ htlist.add(new Priori<HttpTaf>((HttpTaf) additionalTafLurs[0], 30));
+ String[] array = new String[additionalTafLurs.length - 1];
+ if (array.length > 0) {
System.arraycopy(htlist, 1, array, 0, array.length);
}
additionalTafLurs = array;
- access.log(Level.INIT,"OAuth2 Direct is enabled");
- } else if (oauthTokenUrl!=null) {
- String oauthIntrospectUrl = logProp(rph,Config.AAF_OAUTH2_INTROSPECT_URL,null);
+ access.log(Level.INIT, "OAuth2 Direct is enabled");
+ } else if (oauthTokenUrl != null) {
+ String oauthIntrospectUrl = logProp(rph, Config.AAF_OAUTH2_INTROSPECT_URL, null);
@SuppressWarnings("unchecked")
- Class<HttpTaf> oaTCls = (Class<HttpTaf>)loadClass(access,OAUTH_HTTP_TAF);
- if (oaTCls!=null) {
+ Class<HttpTaf> oaTCls = (Class<HttpTaf>) loadClass(access, OAUTH_HTTP_TAF);
+ if (oaTCls != null) {
Class<?> oaTTmgrCls = loadClass(access, OAUTH_TOKEN_MGR);
- if (oaTTmgrCls!=null) {
+ if (oaTTmgrCls != null) {
try {
- Method oaTTmgrGI = oaTTmgrCls.getMethod("getInstance",PropAccess.class,String.class,String.class);
- Object oaTTmgr = oaTTmgrGI.invoke(null /*this is static method*/,access,oauthTokenUrl,oauthIntrospectUrl);
- Constructor<HttpTaf> oaTConst = oaTCls.getConstructor(Access.class,oaTTmgrCls);
- htlist.add(new Priori<HttpTaf>(oaTConst.newInstance(access,oaTTmgr),30));
- access.log(Level.INIT,"OAuth2 TAF is enabled");
- } catch (NoSuchMethodException | SecurityException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | InstantiationException e) {
- access.log(Level.INIT,"OAuth2HttpTaf cannot be instantiated. OAuth2 is disabled",e);
+ Method oaTTmgrGI = oaTTmgrCls.getMethod("getInstance", PropAccess.class, String.class,
+ String.class);
+ Object oaTTmgr = oaTTmgrGI.invoke(null /* this is static method */, access,
+ oauthTokenUrl, oauthIntrospectUrl);
+ Constructor<HttpTaf> oaTConst = oaTCls.getConstructor(Access.class, oaTTmgrCls);
+ htlist.add(new Priori<HttpTaf>(oaTConst.newInstance(access, oaTTmgr), 30));
+ access.log(Level.INIT, "OAuth2 TAF is enabled");
+ } catch (NoSuchMethodException | SecurityException | IllegalAccessException
+ | IllegalArgumentException | InvocationTargetException | InstantiationException e) {
+ access.log(Level.INIT, "OAuth2HttpTaf cannot be instantiated. OAuth2 is disabled", e);
}
}
}
} else {
- access.log(Level.INIT,"OAuth TAF is not configured");
+ access.log(Level.INIT, "OAuth TAF is not configured");
}
}
// Adding BasicAuth (AAF) last, after other primary Cookie Based
// Needs to be before Cert... see below
/////////////////////////////////////////////////////
- if (aaftaf!=null) {
- htlist.add(new Priori<HttpTaf>(aaftaf,40));
+ if (aaftaf != null) {
+ htlist.add(new Priori<HttpTaf>(aaftaf, 40));
}
}
/////////////////////////////////////////////////////
// Any Additional Tafs passed in Constructor
/////////////////////////////////////////////////////
- if (additionalTafLurs!=null) {
- int i=0;
+ if (additionalTafLurs != null) {
+ int i = 0;
for (Object additional : additionalTafLurs) {
if (additional instanceof BasicHttpTaf) {
- BasicHttpTaf ht = (BasicHttpTaf)additional;
+ BasicHttpTaf ht = (BasicHttpTaf) additional;
for (Object cv : additionalTafLurs) {
if (cv instanceof CredValDomain) {
- ht.add((CredValDomain)cv);
- access.printf(Level.INIT,"%s Authentication is enabled",cv);
+ ht.add((CredValDomain) cv);
+ access.printf(Level.INIT, "%s Authentication is enabled", cv);
}
}
- htlist.add(new Priori<HttpTaf>(ht,50+i++));
+ htlist.add(new Priori<HttpTaf>(ht, 50 + i++));
} else if (additional instanceof HttpTaf) {
- HttpTaf ht = (HttpTaf)additional;
- htlist.add(new Priori<HttpTaf>(ht,50+i++));
- access.printf(Level.INIT,"%s Authentication is enabled",additional.getClass().getSimpleName());
+ HttpTaf ht = (HttpTaf) additional;
+ htlist.add(new Priori<HttpTaf>(ht, 50 + i++));
+ access.printf(Level.INIT, "%s Authentication is enabled", additional.getClass().getSimpleName());
} else if (hasOAuthDirectTAF) {
Class<?> daupCls;
try {
access.log(Level.INIT, e);
}
if (daupCls != null && additional.getClass().isAssignableFrom(daupCls)) {
- htlist.add(new Priori<HttpTaf>(new BasicHttpTaf(access, (CredVal)additional , basicRealm, userExp, basicWarn),50+i++));
- access.printf(Level.INIT,"Direct BasicAuth Authentication is enabled",additional.getClass().getSimpleName());
+ htlist.add(new Priori<HttpTaf>(
+ new BasicHttpTaf(access, (CredVal) additional, basicRealm, userExp, basicWarn),
+ 50 + i++));
+ access.printf(Level.INIT, "Direct BasicAuth Authentication is enabled",
+ additional.getClass().getSimpleName());
}
}
}
}
// Add BasicAuth, if any, to x509Taf
- if (x509TAF!=null) {
- for ( Priori<HttpTaf> ht : htlist) {
+ if (x509TAF != null) {
+ for (Priori<HttpTaf> ht : htlist) {
if (ht.t instanceof BasicHttpTaf) {
- x509TAF.add((BasicHttpTaf)ht.t);
+ x509TAF.add((BasicHttpTaf) ht.t);
}
}
}
/////////////////////////////////////////////////////
// Create EpiTaf from configured TAFs
/////////////////////////////////////////////////////
- if (htlist.size()==1) {
+ if (htlist.size() == 1) {
// just return the one
taf = htlist.get(0).t;
} else {
Collections.sort(htlist);
HttpTaf[] htarray = new HttpTaf[htlist.size()];
- int i=-1;
+ int i = -1;
StringBuilder sb = new StringBuilder("Tafs processed in this order:\n");
- for(Priori<HttpTaf> pht : htlist) {
+ for (Priori<HttpTaf> pht : htlist) {
htarray[++i] = pht.t;
sb.append(" ");
sb.append(pht.t.getClass().getName());
Locator<URI> locator = loadLocator(si, aafURL);
- taf = new HttpEpiTaf(access,locator, tc, htarray); // ok to pass locator == null
+ taf = new HttpEpiTaf(access, locator, tc, htarray); // ok to pass locator == null
String level = logProp(access, CADI_LOGLEVEL, null);
- if (level!=null) {
+ if (level != null) {
access.setLogLevel(Level.valueOf(level));
}
}
public static String logProp(RegistrationPropHolder rph, String tag, String def) {
String rv = rph.access().getProperty(tag, def);
if (rv == null) {
- rph.access().log(Level.INIT,tag,"is not explicitly set");
+ rph.access().log(Level.INIT, tag, "is not explicitly set");
} else {
- rv = rph.replacements("Config.logProp",rv, null, null);
- rph.access().log(Level.INIT,tag,"is set to",rv);
+ rv = rph.replacements("Config.logProp", rv, null, null);
+ rph.access().log(Level.INIT, tag, "is set to", rv);
}
return rv;
}
- public static String logProp(Access access,String tag, String def) {
+ public static String logProp(Access access, String tag, String def) {
String rv = access.getProperty(tag, def);
if (rv == null) {
- access.log(Level.INIT,tag,"is not explicitly set");
+ access.log(Level.INIT, tag, "is not explicitly set");
} else {
- access.log(Level.INIT,tag,"is set to",rv);
+ access.log(Level.INIT, tag, "is set to", rv);
}
return rv;
}
- public static Lur configLur(SecurityInfoC<HttpURLConnection> si, Connector con, Object ... additionalTafLurs) throws CadiException {
+ public static Lur configLur(SecurityInfoC<HttpURLConnection> si, Connector con, Object... additionalTafLurs)
+ throws CadiException {
Access access = si.access;
RegistrationPropHolder rph;
try {
// Configure a Local Property Based RBAC/LUR
/////////////////////////////////////////////////////
try {
- String users = access.getProperty(USERS,null);
- String groups = access.getProperty(GROUPS,null);
+ String users = access.getProperty(USERS, null);
+ String groups = access.getProperty(GROUPS, null);
- if (groups!=null || users!=null) {
- LocalLur ll = new LocalLur(access, users, groups); // note b64==null is ok.. just means no encryption.
- lurs.add(new Priori<Lur>(ll,10));
+ if (groups != null || users != null) {
+ LocalLur ll = new LocalLur(access, users, groups); // note b64==null is ok.. just means no encryption.
+ lurs.add(new Priori<Lur>(ll, 10));
- String writeto = access.getProperty(WRITE_TO,null);
- if (writeto!=null) {
+ String writeto = access.getProperty(WRITE_TO, null);
+ if (writeto != null) {
String msg = UsersDump.updateUsers(writeto, ll);
- if (msg!=null) {
- access.log(Level.INIT,"ERROR! Error Updating ",writeto,"with roles and users:",msg);
+ if (msg != null) {
+ access.log(Level.INIT, "ERROR! Error Updating ", writeto, "with roles and users:", msg);
}
}
}
/////////////////////////////////////////////////////
// Configure the OAuth Lur (if any)
/////////////////////////////////////////////////////
- String tokenUrl = logProp(rph,AAF_OAUTH2_TOKEN_URL, null);
- String introspectUrl = logProp(rph,AAF_OAUTH2_INTROSPECT_URL, null);
- if (tokenUrl!=null && introspectUrl !=null) {
+ String tokenUrl = logProp(rph, AAF_OAUTH2_TOKEN_URL, null);
+ String introspectUrl = logProp(rph, AAF_OAUTH2_INTROSPECT_URL, null);
+ if (tokenUrl != null && introspectUrl != null) {
try {
Class<?> olurCls = loadClass(access, CADI_OLUR_CLASS_DEF);
- if (olurCls!=null) {
- Constructor<?> olurCnst = olurCls.getConstructor(PropAccess.class,String.class,String.class);
- Lur olur = (Lur)olurCnst.newInstance(access,tokenUrl,introspectUrl);
- lurs.add(new Priori<Lur>(olur,20));
+ if (olurCls != null) {
+ Constructor<?> olurCnst = olurCls.getConstructor(PropAccess.class, String.class, String.class);
+ Lur olur = (Lur) olurCnst.newInstance(access, tokenUrl, introspectUrl);
+ lurs.add(new Priori<Lur>(olur, 20));
access.log(Level.INIT, "OAuth2 LUR enabled");
} else {
- access.log(Level.INIT,"AAF/OAuth LUR plugin is not available.");
+ access.log(Level.INIT, "AAF/OAuth LUR plugin is not available.");
}
- } catch (NoSuchMethodException| SecurityException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
+ } catch (NoSuchMethodException | SecurityException | InstantiationException | IllegalAccessException
+ | IllegalArgumentException | InvocationTargetException e) {
String msg = e.getMessage();
- if (msg==null && e.getCause()!=null) {
+ if (msg == null && e.getCause() != null) {
msg = e.getCause().getMessage();
}
- access.log(Level.INIT,"AAF/OAuth LUR is not instantiated.",msg,e);
+ access.log(Level.INIT, "AAF/OAuth LUR is not instantiated.", msg, e);
}
} else {
access.log(Level.INIT, "OAuth2 Lur disabled");
}
- if (con!=null) { // try to reutilize connector
- lurs.add(new Priori<Lur>(con.newLur(),30));
+ if (con != null) { // try to reutilize connector
+ lurs.add(new Priori<Lur>(con.newLur(), 30));
} else {
/////////////////////////////////////////////////////
// Configure the AAF Lur (if any)
/////////////////////////////////////////////////////
- String aafURL = logProp(rph,AAF_URL,null); // Trigger Property
- String aafEnv = access.getProperty(AAF_ENV,null);
- if (aafEnv == null && aafURL!=null && access instanceof PropAccess) { // set AAF_ENV from AAF_URL
+ String aafURL = logProp(rph, AAF_URL, null); // Trigger Property
+ String aafEnv = access.getProperty(AAF_ENV, null);
+ if (aafEnv == null && aafURL != null && access instanceof PropAccess) { // set AAF_ENV from AAF_URL
int ec = aafURL.indexOf("envContext=");
- if (ec>0) {
+ if (ec > 0) {
ec += 11; // length of envContext=
int slash = aafURL.indexOf('/', ec);
- if (slash>0) {
+ if (slash > 0) {
aafEnv = aafURL.substring(ec, slash);
- ((PropAccess)access).setProperty(AAF_ENV, aafEnv);
- access.printf(Level.INIT, "Setting aafEnv to %s from aaf_url value",aafEnv);
+ ((PropAccess) access).setProperty(AAF_ENV, aafEnv);
+ access.printf(Level.INIT, "Setting aafEnv to %s from aaf_url value", aafEnv);
}
}
}
// Don't configure AAF if it is using DirectAccess
- if (!hasDirect("DirectAAFLur",additionalTafLurs)) {
- if (aafURL==null) {
- access.log(Level.INIT,"No AAF LUR properties, AAF will not be loaded");
+ if (!hasDirect("DirectAAFLur", additionalTafLurs)) {
+ if (aafURL == null) {
+ access.log(Level.INIT, "No AAF LUR properties, AAF will not be loaded");
} else {// There's an AAF_URL... try to configure an AAF
- String aafLurClassStr = logProp(access,AAF_LUR_CLASS,AAF_V2_0_AAF_LUR_PERM);
- ////////////AAF Lur 2.0 /////////////
- if (aafLurClassStr!=null && aafLurClassStr.startsWith(AAF_V2_0)) {
+ String aafLurClassStr = logProp(access, AAF_LUR_CLASS, AAF_V2_0_AAF_LUR_PERM);
+ //////////// AAF Lur 2.0 /////////////
+ if (aafLurClassStr != null && aafLurClassStr.startsWith(AAF_V2_0)) {
try {
Object aafcon = loadAAFConnector(si, aafURL);
- if (aafcon==null) {
- access.log(Level.INIT,"AAF LUR class,",aafLurClassStr,"cannot be constructed without valid AAFCon object.");
+ if (aafcon == null) {
+ access.log(Level.INIT, "AAF LUR class,", aafLurClassStr,
+ "cannot be constructed without valid AAFCon object.");
} else {
Class<?> aafAbsAAFCon = loadClass(access, AAF_V2_0_AAFCON);
- if (aafAbsAAFCon!=null) {
+ if (aafAbsAAFCon != null) {
Method mNewLur = aafAbsAAFCon.getMethod("newLur");
Object aaflur = mNewLur.invoke(aafcon);
- if (aaflur==null) {
- access.log(Level.INIT,"ERROR! AAF LUR Failed construction. NOT Configured");
+ if (aaflur == null) {
+ access.log(Level.INIT, "ERROR! AAF LUR Failed construction. NOT Configured");
} else {
- access.log(Level.INIT,"AAF LUR Configured to ",aafURL);
- lurs.add(new Priori<Lur>((Lur)aaflur,40));
- String debugIDs = logProp(access,Config.AAF_DEBUG_IDS, null);
- if (debugIDs !=null && aaflur instanceof CachingLur) {
- ((CachingLur<?>)aaflur).setDebug(debugIDs);
+ access.log(Level.INIT, "AAF LUR Configured to ", aafURL);
+ lurs.add(new Priori<Lur>((Lur) aaflur, 40));
+ String debugIDs = logProp(access, Config.AAF_DEBUG_IDS, null);
+ if (debugIDs != null && aaflur instanceof CachingLur) {
+ ((CachingLur<?>) aaflur).setDebug(debugIDs);
}
}
}
}
} catch (Exception e) {
- access.log(e,"AAF LUR class,",aafLurClassStr,"could not be constructed with given Constructors.");
+ access.log(e, "AAF LUR class,", aafLurClassStr,
+ "could not be constructed with given Constructors.");
}
}
}
/////////////////////////////////////////////////////
// Any Additional passed in Constructor
/////////////////////////////////////////////////////
- if (additionalTafLurs!=null) {
- int i=0;
+ if (additionalTafLurs != null) {
+ int i = 0;
for (Object additional : additionalTafLurs) {
if (additional instanceof Lur) {
- lurs.add(new Priori<Lur>((Lur)additional,50+i++));
+ lurs.add(new Priori<Lur>((Lur) additional, 50 + i++));
access.log(Level.INIT, additional);
}
}
/////////////////////////////////////////////////////
// Return a Lur based on how many there are...
/////////////////////////////////////////////////////
- switch(lurs.size()) {
+ switch (lurs.size()) {
case 0:
- access.log(Level.INIT,"WARNING! No CADI LURs configured");
+ access.log(Level.INIT, "WARNING! No CADI LURs configured");
// Return a NULL Lur that does nothing.
return new NullLur();
case 1:
// Multiple Lurs, use EpiLUR to handle
Collections.sort(lurs);
Lur[] la = new Lur[lurs.size()];
- int i=-1;
+ int i = -1;
StringBuilder sb = new StringBuilder("Lurs processed in this order:\n");
- for(Priori<Lur> pht : lurs) {
+ for (Priori<Lur> pht : lurs) {
la[++i] = pht.t;
sb.append(" ");
sb.append(pht.t.getClass().getName());
}
private static boolean hasDirect(String simpleClassName, Object[] additionalTafLurs) {
- if (additionalTafLurs!=null) {
+ if (additionalTafLurs != null) {
for (Object tf : additionalTafLurs) {
if (tf.getClass().getSimpleName().equals(simpleClassName)) {
return true;
}
@SuppressWarnings("unchecked")
- public static Object loadAAFConnector(SecurityInfoC<?> si, String aafURL) {
+ public static Object loadAAFConnector(SecurityInfoC<?> si, String aafURL) {
Access access = si.access;
Object aafcon = null;
Class<?> aafConClass = null;
try {
- if (aafURL!=null) {
+ if (aafURL != null) {
String aafConnector = access.getProperty(AAF_CONNECTOR_CLASS, AAF_V2_0_AAF_CON_HTTP);
if (AAF_V2_0_AAF_CON_HTTP.equals(aafConnector)) {
aafConClass = loadClass(access, AAF_V2_0_AAF_CON_HTTP);
if (pc.equals(Access.class)) {
lo.add(access);
} else if (pc.equals(Locator.class)) {
- lo.add(loadLocator((SecurityInfoC<HttpURLConnection>)si, aafURL));
+ lo.add(loadLocator((SecurityInfoC<HttpURLConnection>) si, aafURL));
}
}
if (c.getParameterTypes().length != lo.size()) {
}
public static Class<?> loadClass(Access access, String className) {
- Class<?> cls=null;
+ Class<?> cls = null;
try {
cls = access.classLoader().loadClass(className);
} catch (ClassNotFoundException cnfe) {
}
@SuppressWarnings("unchecked")
- public static Locator<URI> loadLocator(SecurityInfoC<HttpURLConnection> si, final String _url) throws LocatorException {
+ public static Locator<URI> loadLocator(SecurityInfoC<HttpURLConnection> si, final String _url)
+ throws LocatorException {
Access access = si.access;
Locator<URI> locator = null;
- if (_url==null) {
- access.log(Level.INIT,"No URL passed to 'loadLocator'. Disabled");
+ if (_url == null) {
+ access.log(Level.INIT, "No URL passed to 'loadLocator'. Disabled");
} else {
try {
Class<?> aalCls = Class.forName("org.onap.aaf.cadi.aaf.v2_0.AbsAAFLocator");
- Method aalMth = aalCls.getMethod("create", String.class,String.class);
+ Method aalMth = aalCls.getMethod("create", String.class, String.class);
int colon = _url.lastIndexOf(':');
- if(colon>=0) {
- int slash = _url.indexOf('/',colon);
+ if (colon >= 0) {
+ int slash = _url.indexOf('/', colon);
String version;
- if(slash<0) {
- version = _url.substring(colon+1);
+ if (slash < 0) {
+ version = _url.substring(colon + 1);
} else {
- version = _url.substring(colon+1,slash);
+ version = _url.substring(colon + 1, slash);
}
- slash = _url.lastIndexOf('/',colon);
- if(slash>=0) {
- Object aal = aalMth.invoke(null/*static*/, _url.substring(slash+1, colon),version);
- return (Locator<URI>)aal;
+ slash = _url.lastIndexOf('/', colon);
+ if (slash >= 0) {
+ Object aal = aalMth.invoke(null/* static */, _url.substring(slash + 1, colon), version);
+ return (Locator<URI>) aal;
}
}
- } catch (ClassNotFoundException | NoSuchMethodException | SecurityException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
+ } catch (ClassNotFoundException | NoSuchMethodException | SecurityException | IllegalAccessException
+ | IllegalArgumentException | InvocationTargetException e) {
String msg;
char quote;
- if(e.getCause()!=null) {
- msg=e.getCause().getMessage();
- quote='"';
+ if (e.getCause() != null) {
+ msg = e.getCause().getMessage();
+ quote = '"';
} else {
msg = "-";
- quote=' ';
+ quote = ' ';
}
- access.printf(Level.DEBUG, "Configured AbsAAFLocator not found%c%s%cContinuing Locator creation ",quote,msg,quote);
+ access.printf(Level.DEBUG, "Configured AbsAAFLocator not found%c%s%cContinuing Locator creation ",
+ quote, msg, quote);
}
-// String url = _url.replace("/AAF_NS.", "/%C%CID%AAF_NS.");
-// String root_ns = access.getProperty(Config.AAF_ROOT_NS, null);
+ // String url = _url.replace("/AAF_NS.", "/%C%CID%AAF_NS.");
+ // String root_ns = access.getProperty(Config.AAF_ROOT_NS, null);
String url;
RegistrationPropHolder rph;
try {
- rph = new RegistrationPropHolder(access, 0);
- url = rph.replacements("Config.loadLocator",_url, null, null);
- access.printf(Level.INFO, "loadLocator URL is %s",url);
+ rph = new RegistrationPropHolder(access, 0);
+ url = rph.replacements("Config.loadLocator", _url, null, null);
+ access.printf(Level.INFO, "loadLocator URL is %s", url);
} catch (UnknownHostException | CadiException e1) {
throw new LocatorException(e1);
}
- String aaf_locator_class;
- if(_url.equals(url) && !url.contains("/locate/")) {
- aaf_locator_class = "org.onap.aaf.cadi.locator.DNSLocator";
- } else {
+ /**
+ * Simplify logic - if we have a URL with /locate/ in it, we use the default locator.
+ * If we have an explicitly set locator from configuration, we use that one.
+ * Otherwise we fall back to the SingleEndpointLocator, basically default normal HTTP client behavior.
+ */
+ String aaf_locator_class = null;
+ if (url.contains("/locate/")) {
aaf_locator_class = AAF_LOCATOR_CLASS_DEF;
+ } else if (si.access.getProperty(Config.AAF_LOCATOR_CLASS, null) != null) {
+ aaf_locator_class = si.access.getProperty(Config.AAF_LOCATOR_CLASS, null);
+ }
+ if (aaf_locator_class == null) {
+ aaf_locator_class = Config.AAF_LOCATOR_CLASS_SINGLE;
}
+
try {
Class<?> lcls = loadClass(access,aaf_locator_class);
if (lcls==null) {
int port = fui.getPort();
String portS = port<0?"":(":"+port);
- access.log(Level.INFO, "AAFLocator enabled using " + locatorURI.getScheme() +"://"+fui.getHost() + portS);
+ access.log(Level.INFO, "AAFLocator [" + locator.getClass().getSimpleName() + "] enabled using " + locatorURI.getScheme() +"://"+fui.getHost() + portS);
} else {
- access.log(Level.INFO, "AAFLocator enabled using preloaded " + locator.getClass().getSimpleName());
+ access.log(Level.INFO, "AAFLocator [" + locator.getClass().getSimpleName() + "] enabled using " + url);
}
} catch (InvocationTargetException e) {
if (e.getTargetException() instanceof LocatorException) {
float code=0f, validate=0f;
String user = "n/a";
String tag = "";
+ TafResp tresp = null;
try {
HttpServletRequest hreq = (HttpServletRequest)request;
if (noAuthn(hreq)) {
} else {
HttpServletResponse hresp = (HttpServletResponse)response;
startValidate=System.nanoTime();
- TafResp tresp = httpChecker.validate(hreq, hresp, hreq);
+ tresp = httpChecker.validate(hreq, hresp, hreq);
validate = Timing.millis(startValidate);
if (tresp.isAuthenticated()==RESP.IS_AUTHENTICATED) {
user = tresp.getPrincipal().personalName();
} catch (ClassCastException e) {
throw new ServletException("CadiFilter expects Servlet to be an HTTP Servlet",e);
} finally {
- access.printf(Level.WARN, "Trans: user=%s[%s],ip=%s,ms=%f,validate=%f,code=%f",
- user,tag,request.getRemoteAddr(),
- Timing.millis(startAll),validate,code);
+ if (tresp != null) {
+ access.printf(Level.INFO, "Trans: user=%s[%s],ip=%s,ms=%f,validate=%f,code=%f,result=%s",
+ user,tag,request.getRemoteAddr(),
+ Timing.millis(startAll),validate,code,tresp.isAuthenticated().toString());
+ } else {
+ access.printf(Level.INFO, "Trans: user=%s[%s],ip=%s,ms=%f,validate=%f,code=%f,result=FAIL",
+ user,tag,request.getRemoteAddr(),
+ Timing.millis(startAll),validate,code);
+ }
}
}
} else {
host = auth;
port = uri.getPort();
+ if (port < 1) {
+ if ("http".equals(uri.getScheme())) {
+ port = 80;
+ } else if ("https".equals(uri.getScheme())) {
+ port = 443;
+ } else {
+ throw new RuntimeException ("Invalid scheme provided for URI " + uri);
+ }
+ }
}
auth=null;
}
--- /dev/null
+/**
+ * ============LICENSE_START====================================================
+ * Log
+ * ===========================================================================
+ * Copyright (c) May 11, 2020 Gathman Systems. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ */
+package org.onap.aaf.cadi.util;
+
+/**
+ * A basic log interface used to Facade into Log Libraries used locally.
+ *
+ * @author Jonathan
+ *
+ */
+public interface Log {
+ enum Type {debug,info,warn,error,trace};
+ public void log(Log.Type type, Object ... o);
+
+ public final static Log NULL = new Log() {
+ @Override
+ public void log(Log.Type type, Object ... o) {
+ }
+ };
+}
\ No newline at end of file
* This is a constant which specified the default maximum number of unused
* objects to be held at any given time.
*/
- private static final int MAX_RANGE = 6; // safety
+ public static final int MAX_RANGE = 6; // safety
+
+ /**
+ * Maximum objects, in use or waiting
+ */
+ public static final int MAX_OBJECTS = 20; // assumption for thread
/**
* only Simple List needed.
private LinkedList<Pooled<T>> list;
/**
- * keep track of how many elements exist, to avoid asking list.
+ * keep track of how many elements are currently available to use, to avoid asking list.
*/
private int count;
-
+
/**
- * Spares are those Object that are primed and ready to go.
+ * how many objects have been asked for, but not returned or tossed
*/
- private int spares;
-
+ private int used;
+
/**
* Actual MAX number of spares allowed to hang around. Can be set to
* something besides the default MAX_RANGE.
*/
private int max_range = MAX_RANGE;
+ /**
+ * Actual MAX number of Objects both in use, or waiting.
+ * This does not actually affect the Pool, because the objects, once they leave the pool, are not known until
+ * they are put back with done (offer). It only affects the "overLimit()" function.
+ *
+ * Important... this information is only valid if PooledObjects call "done()" or "toss()".
+ */
+ private int max_objects = MAX_OBJECTS;
+
/**
* The Creator for this particular pool. It must work for type T.
*/
* @param creator
*/
public Pool(Creator<T> creator) {
- count = spares = 0;
+ count = used = 0;
this.creator = creator;
list = new LinkedList<>();
logger = Log.NULL;
*/
public void setLogger(Log logger) {
this.logger = logger;
+ // Also reset existing Pooled objects
+ for(Pooled<?> p : list) {
+ if(p.content instanceof LogAware) {
+ ((LogAware)p.content).setLog(logger);
+ } else {
+ break;
+ }
+ }
}
- public void log(Object ...objects) {
- logger.log(objects);
+ public void log(Log.Type type, Object ...objects) {
+ logger.log(type,objects);
}
/**
* Preallocate a certain number of T Objects. Useful for services so that
* the first transactions don't get hit with all the Object creation costs
- *
+ *
+ * It is assumed that priming also means that it is the minimum desired available resources. Therefore,
+ * max_range is set to prime, if less than current max_range, if it is default.
+ *
* @param lt
* @param prime
* @throws CadiException
*/
- public void prime(int prime) throws CadiException {
+ public Pool<T> prime(int prime) throws CadiException {
+ if(max_range == MAX_RANGE && prime<max_range) {
+ max_range = prime;
+ }
for (int i = 0; i < prime; ++i) {
Pooled<T> pt = new Pooled<T>(creator.create(), this);
synchronized (list) {
list.addFirst(pt);
++count;
+ ++used;
}
}
-
+ return this;
}
/**
* down all Allocated objects cleanly for exiting. It is also a good method
* for removing objects when, for instance, all Objects are invalid because
* of broken connections, etc.
+ *
+ * Use in conjunction with setMaxRange to no longer store objects, i.e.
+ *
+ * pool.setMaxRange(0).drain();
*/
- public void drain() {
- synchronized (list) {
- for (int i = 0; i < list.size(); ++i) {
- Pooled<T> pt = list.remove();
- creator.destroy(pt.content);
- logger.log("Pool drained ", creator.toString());
- }
- count = spares = 0;
- }
-
+ public synchronized void drain() {
+ while(list.size()>0) {
+ Pooled<T> pt = list.remove();
+ --used;
+ String name = pt.content.toString();
+ creator.destroy(pt.content);
+ logger.log(Log.Type.debug,"Pool destroyed", name);
+ }
+ count = 0;
}
-
+
/**
* This is the essential function for Pool. Get an Object "T" inside a
* "Pooled<T>" object. If there is a spare Object, then use it. If not, then
public Pooled<T> get() throws CadiException {
Pooled<T> pt;
synchronized (list) {
- if (list.isEmpty()) {
- pt = null;
- } else {
- pt = list.removeLast();
- --count;
- creator.reuse(pt.content);
- }
+ pt = list.pollLast();
}
if (pt == null) {
- if (spares < max_range)
- ++spares;
pt = new Pooled<T>(creator.create(), this);
+ ++used;
} else {
- if (spares > 1)
- --spares;
+ --count;
+ creator.reuse(pt.content);
}
return pt;
}
* @return
*/
// Used only by Pooled<T>
- private boolean offer(Pooled<T> used) {
- if (count < spares) {
+ private boolean offer(Pooled<T> usedP) {
+ if (count < max_range) {
synchronized (list) {
- list.addFirst(used);
+ list.addFirst(usedP);
++count;
}
- logger.log("Pool recovered ", creator);
+ logger.log(Log.Type.trace,"Pool recovered ", creator);
} else {
- logger.log("Pool destroyed ", creator);
- creator.destroy(used.content);
+ destroy(usedP.content);
}
return false;
}
+
+ /**
+ * Destroy, using Creator's specific semantics, the Object, and decrement "used"
+ *
+ * @param t
+ */
+ private void destroy(T t) {
+ creator.destroy(t);
+ synchronized (list) {
+ --used;
+ }
+ logger.log(Log.Type.debug,"Pool destroyed ", creator);
+ }
/**
* The Creator Interface give the Pool the ability to Create, Destroy and
public void reuse(T t);
}
- public interface Log {
- public void log(Object ... o);
-
- public final static Log NULL = new Log() {
- @Override
- public void log(Object ... o) {
- }
- };
+ /**
+ * Pooled Classes can be "Log Aware", which means they can tie into the same
+ * Logging element that the Pool is using. To do this, the Object must implement "LogAware"
+ *
+ * @author Jonathan
+ *
+ */
+ public interface LogAware {
+ public void setLog(Log log);
}
+
/**
* The "Pooled<T>" class is the transient class that wraps the actual Object
* T for API use/ It gives the ability to return ("done()", or "toss()") the
*/
public Pooled(T t, Pool<T> pool) {
content = t;
+ if(t instanceof LogAware) {
+ ((LogAware)t).setLog(pool.logger);
+ }
this.pool = pool;
-
}
/**
*/
public void toss() {
if (pool != null) {
- pool.creator.destroy(content);
+ pool.destroy(content);
}
// Don't allow finalize to put it back in.
pool = null;
pool = null;
}
}
+
+ @Override
+ public String toString() {
+ return content.toString();
+ }
}
/**
- * Get the maximum number of spare objects allowed at any moment
+ * Set a Max Range for numbers of spare objects waiting to be used.
+ *
+ * No negative numbers are allowed
+ *
+ * Use in conjunction with drain to no longer store objects, i.e.
+ *
+ * pool.setMaxRange(0).drain();
*
* @return
*/
- public int getMaxRange() {
- return max_range;
+ public Pool<T> setMaxRange(int max_range) {
+ // Do not allow negative numbers
+ this.max_range = Math.max(0, max_range);
+ return this;
}
-
+
/**
* Set a Max Range for numbers of spare objects waiting to be used.
*
*
* @return
*/
- public void setMaxRange(int max_range) {
+ public Pool<T> setMaxObjects(int max_objects) {
// Do not allow negative numbers
- this.max_range = Math.max(0, max_range);
+ this.max_objects = Math.max(0, max_objects);
+ return this;
}
+ /**
+ * return whether objects in use or waiting are beyond max allowed
+ *
+ * Pool does not actually stop new creations, but allows this to be used by
+ * other entities to limit number of creations of expensive Objects, like
+ * Thread Pooling
+ *
+ */
+ public boolean tooManyObjects() {
+ return used > max_objects;
+ }
+
+ public String toString() {
+ return String.format("Pool: count(%d), used(%d), max_range(%d), max_objects(%d)",
+ count, used,max_range,max_objects);
+ }
}
" <role rolename=\"groupB\"/>\n" +
" <role rolename=\"groupA\"/>\n" +
" \n" +
- " <user username=\"yourname@none\" roles=\"admin\"/>\n" +
- " <user username=\"m1234@none\" roles=\"suser\"/>\n" +
- " <user username=\"hisname@none\" roles=\"suser\"/>\n" +
- " <user username=\"hername@none\" roles=\"suser\"/>\n" +
+ " <user username=\"hisname@people.osaaf.org\" roles=\"suser\"/>\n" +
+ " <user username=\"yourname@people.osaaf.org\" roles=\"admin\"/>\n" +
+ " <user username=\"myname@people.osaaf.org\" roles=\"admin\"/>\n" +
+ " <user username=\"m1234@people.osaaf.org\" roles=\"suser\"/>\n" +
" <user username=\"myname\" roles=\"groupB,groupA\"/>\n" +
- " <user username=\"myname@none\" roles=\"admin\"/>\n" +
+ " <user username=\"hername@people.osaaf.org\" roles=\"suser\"/>\n" +
"</tomcat-users>\n";
private final static String groups = "myname:groupA,groupB";
lur = new LocalLur(access, "user1%" + encrypted, null);
info = lur.dumpInfo();
assertThat(info.size(), is(1));
- assertThat(info.get(0).user, is("user1@none"));
+ assertThat(info.get(0).user, is("user1@people.osaaf.org"));
lur.clearAll();
assertThat(lur.dumpInfo().size(), is(0));
package org.onap.aaf.cadi.test;
-import org.junit.Test;
-import org.onap.aaf.cadi.CadiException;
-import org.onap.aaf.cadi.Hash;
-
-import static org.junit.Assert.*;
+import static org.hamcrest.CoreMatchers.equalTo;
+import static org.hamcrest.CoreMatchers.not;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertThat;
+import static org.junit.Assert.assertTrue;
import org.junit.BeforeClass;
-
-import static org.hamcrest.CoreMatchers.*;
+import org.junit.Test;
+import org.onap.aaf.cadi.Hash;
public class JU_Hash {
// Some common test vectors
private String numbersDec = "1234567890";
private String numbersHex = "0x31323334353637383930";
private String numbersHexNo0x = "31323334353637383930";
-
+
@SuppressWarnings("unused")
@BeforeClass
public static void getCoverage() {
assertEquals(lowersDec, new String(Hash.fromHex(lowersHex)));
assertEquals(numbersDec, new String(Hash.fromHex(numbersHex)));
- try {
- // This string doesn't begin with "0x"
- Hash.fromHex("0X65");
- fail("Should have thrown CadiException");
- } catch (CadiException e) {
- assertEquals("HexString must start with \"0x\"", e.getMessage());
- }
+ // This string doesn't begin with "0x"
+ assertNull(Hash.fromHex("0X65"));
- try {
// This string has invalid hex characters
- Hash.fromHex("0xQ");
- fail("Should have thrown CadiException");
- } catch (CadiException e) {
- // 81 is dec(Q)
- assertEquals("Invalid char '81' in HexString", e.getMessage());
- }
+ assertNull(Hash.fromHex("0xQ"));
}
@Test
assertEquals(lowersDec, new String(Hash.fromHexNo0x(lowersHexNo0x1)));
assertEquals(uppersDec, new String(Hash.fromHexNo0x(uppersHexNo0x2)));
assertEquals(lowersDec, new String(Hash.fromHexNo0x(lowersHexNo0x2)));
- assertEquals(numbersDec, new String(Hash.fromHexNo0x(numbersHexNo0x)));
byte[] output = Hash.fromHexNo0x("ABC");
- assertEquals(new String(new byte[] {(byte)0x0A, (byte)0xB0}), new String(output));
+ assertEquals(new String(new byte[] {(byte)0x0A, (byte)0xBC}), new String(output));
assertNull(Hash.fromHexNo0x("~~"));
}
-//
-// @Test
-// public void aaf_941() throws Exception {
-// // User notes: From reported error "aaf" not coded right
-//
-//
-// }
+
+ @Test
+ public void aaf_941() throws Exception {
+ // User notes: From reported error "aaf" not coded right for odd digits
+ // Note: In the original concept, this isn't a valid Hex digit. It has to do with whether to assume an initial
+ // char of "0" if left out.
+
+ String sample = "aaf";
+ byte[] bytes = Hash.fromHexNo0x(sample);
+ String back = Hash.toHexNo0x(bytes);
+ // Note: We don't presume to know that someone left off leading 0 on start.
+ assertEquals("0aaf", back);
+
+ sample = "0x0aaf";
+ bytes = Hash.fromHex(sample);
+ back = Hash.toHex(bytes);
+ assertEquals(sample, back);
+
+ // Assumed leading zero. Note, we ALWAYS translate back with leading zero.
+ bytes = Hash.fromHex("0xaaf");
+ back = Hash.toHex(bytes);
+ assertEquals(sample, back);
+
+ }
}
import static org.hamcrest.CoreMatchers.*;
import org.junit.*;
import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.util.Log;
import org.onap.aaf.cadi.util.Pool;
import org.onap.aaf.cadi.util.Pool.*;
public class JU_Pool {
- private StringBuilder sb = new StringBuilder();
-
private class IntegerCreator implements Creator<Integer> {
private int current = 0;
}
}
+ // Used for CustomLogger Testing
+ private StringBuilder sb = new StringBuilder();
+
private class CustomLogger implements Log {
@Override
- public void log(Object... o) {
+ public void log(Log.Type type, Object... o) {
for (Object item : o) {
sb.append(item.toString());
}
}
}
+ /**
+ * Enter variable amount in this order
+ *
+ * count, used, max_range, max_objects
+ * @param intPool
+ * @param ints
+ */
+ private void check(Pool<Integer> intPool, int ... ints) {
+ String rpt = intPool.toString();
+ // Fallthrough on purpose, to process only the ints entered, but in the right order.
+ switch(ints.length) {
+ case 4:
+ assertTrue(rpt.contains(String.format("max_objects(%d)", ints[3])));
+ case 3:
+ assertTrue(rpt.contains(String.format("max_range(%d)", ints[2])));
+ case 2:
+ assertTrue(rpt.contains(String.format("used(%d)", ints[1])));
+ case 1:
+ assertTrue(rpt.contains(String.format("count(%d)", ints[0])));
+ }
+ }
+
+ @Test
+ public void settings() throws CadiException {
+ Pool<Integer> intPool = new Pool<Integer>(new IntegerCreator());
+ check(intPool,0,0,Pool.MAX_RANGE,Pool.MAX_OBJECTS);
+
+ // Check MaxObjects, min is 0
+ intPool.setMaxObjects(-10);
+ check(intPool,0,0,Pool.MAX_RANGE,0);
+
+ intPool.setMaxObjects(10);
+ check(intPool,0,0,Pool.MAX_RANGE,10);
+
+ // Check MaxRange, min is 0
+ intPool.setMaxRange(-10);
+ check(intPool,0,0,0,10);
+
+ intPool.setMaxRange(2);
+ check(intPool,0,0,2,10);
+
+ // Validate Priming
+ intPool.prime(3);
+ check(intPool,3,3,2,10);
+
+ // Drain
+ intPool.drain();
+ check(intPool,0,0,2,10);
+ }
+
@Test
- public void getTest() throws CadiException {
- Pool<Integer> intPool = new Pool<Integer>(new IntegerCreator());
-
- List<Pooled<Integer>> gotten = new ArrayList<>();
- for (int i = 0; i < 10; i++) {
- gotten.add(intPool.get());
- assertThat(gotten.get(i).content, is(i));
- }
-
- gotten.get(9).done();
- gotten.set(9, intPool.get());
- assertThat(gotten.get(9).content, is(9));
-
- for (int i = 0; i < 10; i++) {
- gotten.get(i).done();
- }
-
- for (int i = 0; i < 10; i++) {
- gotten.set(i, intPool.get());
- if (i < 5) {
- assertThat(gotten.get(i).content, is(i));
- } else {
- assertThat(gotten.get(i).content, is(i + 5));
- }
- }
-
- for (int i = 0; i < 10; i++) {
- gotten.get(i).toss();
- // Coverage calls
- gotten.get(i).toss();
- gotten.get(i).done();
-
- // only set some objects to null -> this is for the finalize coverage test
- if (i < 5) {
- gotten.set(i, null);
- }
- }
-
- // Coverage of finalize()
- System.gc();
+ public void range() throws CadiException {
+ Pool<Integer> intPool = new Pool<Integer>(new IntegerCreator());
+ intPool.setMaxRange(2);
+ check(intPool,0,0,2);
+
+ // Prime
+ intPool.prime(3);
+ check(intPool,3,3,2);
+
+ // Using 3 leaves count (in Pool) and Used (by System) 3
+ List<Pooled<Integer>> using = new ArrayList<>();
+ for(int i=0;i<3;++i) {
+ using.add(intPool.get());
+ }
+ check(intPool,0,3,2);
+
+ // Using 3 more creates more Objects, and uses immediately
+ for(int i=0;i<3;++i) {
+ using.add(intPool.get());
+ }
+ check(intPool,0,6,2);
+
+ // Clean out all Objects in possession, but there are 6 Objects not returned yet.
+ intPool.drain();
+ check(intPool,0,6,2);
+
+ // Returning Objects
+ for(Pooled<Integer> i : using) {
+ i.done();
+ }
+
+ // Since Range is 2, keep only 2, and destroy the rest
+ check(intPool,2,2,2);
+
+ // Shutdown (helpful for stopping Services) involves turning off range
+ intPool.setMaxRange(0).drain();
+ check(intPool,0,0,0);
}
-
+
@Test
+ public void tooManyObjects() throws CadiException {
+ /*
+ * It should be noted that "tooManyObjects" isn't enforced by the Pool, because Objects are not
+ * tracked (other than used) once they leave the pool.
+ *
+ * It is information that using entities, like Thread Pools, can use to limit creations of expensive objects
+ */
+ Pool<Integer> intPool = new Pool<Integer>(new IntegerCreator());
+ intPool.setMaxObjects(10).setMaxRange(2);
+ check(intPool,0,0,2,10);
+
+ assertFalse(intPool.tooManyObjects());
+
+ // Obtain up to maxium Objects
+ List<Pooled<Integer>> using = new ArrayList<>();
+ for(int i=0;i<10;++i) {
+ using.add(intPool.get());
+ }
+
+ check(intPool,0,10,2,10);
+ assertFalse(intPool.tooManyObjects());
+
+ using.add(intPool.get());
+ check(intPool,0,11,2,10);
+ assertTrue(intPool.tooManyObjects());
+
+ // Returning Objects
+ for(Pooled<Integer> i : using) {
+ i.done();
+ }
+
+ // Returning Objects puts Pool back in range
+ check(intPool,2,2,2,10);
+ assertFalse(intPool.tooManyObjects());
+
+ }
+
+ @Test
public void bulkTest() throws CadiException {
Pool<Integer> intPool = new Pool<Integer>(new IntegerCreator());
}
- @Test
- public void setMaxTest() {
- Pool<Integer> intPool = new Pool<Integer>(new IntegerCreator());
- intPool.setMaxRange(10);
- assertThat(intPool.getMaxRange(), is(10));
- intPool.setMaxRange(-10);
- assertThat(intPool.getMaxRange(), is(0));
- }
-
@Test
public void loggingTest() {
Pool<Integer> intPool = new Pool<Integer>(new IntegerCreator());
// Log to Log.NULL for coverage
- intPool.log("Test log output");
+ intPool.log(Log.Type.info,"Test log output");
intPool.setLogger(new CustomLogger());
- intPool.log("Test log output");
+ intPool.log(Log.Type.info,"Test log output");
assertThat(sb.toString(), is("Test log output"));
}
/target/
/.project
tokens/
+/.checkstyle
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
</execution>
</executions>
</plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-deploy-plugin</artifactId>
- <version>2.8.1</version>
- <configuration>
- <skip>false</skip>
- </configuration>
-
- </plugin>
</plugins>
</pluginManagement>
</build>
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
</parent>
<artifactId>cadiparent</artifactId>
<name>AAF CADI Parent (Code, Access, Data, Identity)</name>
<version>2.5.5</version>
</plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-deploy-plugin</artifactId>
- <version>2.8.1</version>
- <configuration>
- <skip>false</skip>
- </configuration>
-
- </plugin>
-
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
/logs/
/run/
/caditest.war
+/.checkstyle
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
<relativePath>..</relativePath>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<name>CADI Servlet Sample (Test Only)</name>
--- /dev/null
+# SED needs escaped slashes
+function escSlash {
+ echo "${1//\//\\\/}"
+}
+
+NS="$(cat ns.aaf)"
+DEPLOY_DIR=${PWD/\/CA/}
+read -p "AAF Config Directory: [$DEPLOY_DIR]: " input
+DEPLOY_DIR=${input:-$DEPLOY_DIR}
+
+echo "Deploying to $DEPLOY_DIR"
+
+APP_NAME="${DEPLOY_DIR##*/}"
+CA_CRT="CA_${APP_NAME^^}.crt"
+cp -v certs/ca.crt $DEPLOY_DIR/public/$CA_CRT
+sed -i.bak \
+ -e "/cm_public_dir=.*/s//cm_public_dir=$(escSlash $DEPLOY_DIR/public)/" \
+ -e "/cm_trust_cas=.*/s//cm_trust_cas=${CA_CRT}/" \
+ $DEPLOY_DIR/etc/org.osaaf.aaf.cm.props
+
+INT_DIR="intermediate_$(cat intermediate.serial)"
+
+cp -v $INT_DIR/certs/ca.crt $DEPLOY_DIR/public/${APP_NAME^^}_SIGNER.crt
+SIGNER=${NS}.signer.p12
+cp -v $INT_DIR/aaf_$INT_DIR.p12 $DEPLOY_DIR/local/${SIGNER}
+
+CADI="java -jar /opt/app/aaf/lib/aaf-cadi-core-*.jar"
+KEYFILE="$DEPLOY_DIR/local/org.osaaf.aaf.keyfile"
+if [ ! -f "$KEYFILE" ]; then
+ echo $CADI keygen $KEYFILE
+fi
+
+echo "Enter Issuer Key Password "
+read -s ISSUER_PASS
+ISSUER_PASS=$($CADI digest "$ISSUER_PASS" $KEYFILE)
+sed -i.bak \
+ -e "/cm_ca.local=.*/s//cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,$(escSlash $DEPLOY_DIR/local/$SIGNER);aaf_$INT_DIR;enc:$ISSUER_PASS/" \
+ $DEPLOY_DIR/local/org.osaaf.aaf.cm.ca.props
html_last_updated_fmt = '%d-%b-%y %H:%M'
def setup(app):
- app.add_stylesheet("css/ribbon_onap.css")
+ app.add_stylesheet("css/ribbon.css")
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+.. _master_index:
AAF - Application Authorization Framework
==================================================
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+.. _release_notes:
Release Notes
=============
+Version: 2.1.23 (Frankfurt Maintenance, 6.0.0)
+----------------------------------
+:Release Date: 2020-08-17
+
+Note : there is no new containers for this release as this was fixed by a patch in OOM repo (using Certinitializer to override certificates in container)
+
+**Bug Fixes**
+ - `AAF-1159 <https://jira.onap.org/browse/AAF-1159>`_ Certificate expired for AAF-SMS
+ - 'AAF-1175 <https://jira.onap.org/browse/AAF-1159>`_ Certificate between CertService client and CertService server has expired
+
+**Known Issues - solve in Guilin**
+
+ - `AAF-1087 <https://jira.onap.org/browse/AAF-1087>`_ AAF init containers init with exit 0 even if failing
+
+Version: 2.1.23 (Frankfurt, 6.0.0)
+---------------------------------------------
+
+:Release Date: 2020-06-05
+
+**New Features**
+Certificate Management Protocol Version 2 (CMPv2) support was added to retrieve X.509 certificates from servers which supports CMPv2 over HTTP. SDNC as first ONAP component was integrated to enroll certificate from CMPv2 server to protect traffic between SDNC and Network Functions (xNFs).
+More details about CMPv2 support in ONAP can be found on a dedicated page.
+
+
+**Bug Fixes**
+ - `AAF-383 <https://jira.onap.org/browse/AAF-383>`_ AAF aaf-sms chart should use nodePortPrefix variable
+ - `AAF-783 <https://jira.onap.org/browse/AAF-783>`_ Consul container is outdated
+ - `AAF-784 <https://jira.onap.org/browse/AAF-784>`_ Vault container is outdated
+ - `AAF-1102 <https://jira.onap.org/browse/AAF-1102>`_ Pods still run as root
+
+**Known Issues - solve in Guilin**
+ - `AAF-1087 <https://jira.onap.org/browse/AAF-1087>`_ AAF init containers init with exit 0 even if failing
+
+Version: 2.1.15 (El Alto Maintenance, 5.0.2)
+--------------------------------------------
+
+:Release Date: 2020-08-24
+
+Note : there is no new containers for this release as this was fixed by a patch in OOM repo (mounting replacement certificates through oom)
+
+**Bug Fixes**
+
+ - `AAF-1159 <https://jira.onap.org/browse/AAF-1159>`_ Certificate expired for AAF-SMS
+
Version: 2.1.15 (El Alto, 5.0.1)
---------------------------------------------
/.settings/
/target/
/.project
+/.checkstyle
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>miscparent</artifactId>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
<version>2.5.5</version>
</plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-deploy-plugin</artifactId>
- <version>2.8.1</version>
- <configuration>
- <skip>false</skip>
- </configuration>
-
- </plugin>
-
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
super(tag, props);\r
}\r
\r
-\r
-\r
- // @Override\r
+ @Override\r
public LogTarget fatal() {\r
return fatal;\r
}\r
\r
- // @Override\r
+ public void fatal(LogTarget lt) {\r
+ fatal = lt;\r
+ }\r
+\r
+ @Override\r
public LogTarget error() {\r
return error;\r
}\r
\r
+ public void error(LogTarget lt) {\r
+ error = lt;\r
+ }\r
\r
- // @Override\r
+ @Override\r
public LogTarget audit() {\r
return audit;\r
}\r
\r
- // @Override\r
+ public void audit(LogTarget lt) {\r
+ audit = lt;\r
+ }\r
+\r
+ @Override\r
public LogTarget init() {\r
return init;\r
}\r
\r
- // @Override\r
+ public void init(LogTarget lt) {\r
+ init = lt;\r
+ }\r
+\r
+ @Override\r
public LogTarget warn() {\r
return warn;\r
}\r
\r
- // @Override\r
+ public void warn(LogTarget lt) {\r
+ warn = lt;\r
+ }\r
+\r
+ @Override\r
public LogTarget info() {\r
return info;\r
}\r
\r
- // @Override\r
+ public void info(LogTarget lt) {\r
+ info = lt;\r
+ }\r
+\r
+ @Override\r
public LogTarget debug() {\r
return debug;\r
}\r
debug = lt;\r
}\r
\r
- // @Override\r
+ @Override\r
public LogTarget trace() {\r
return trace;\r
}\r
\r
+ public void trace(LogTarget lt) {\r
+ trace = lt;\r
+ }\r
+\r
@Override\r
public TimeTaken start(String name, int flag, Object ... values) {\r
return new TimeTaken(name, flag, values) {\r
/.classpath\r
/logs/\r
/.project\r
+/.checkstyle\r
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>miscparent</artifactId>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
<version>2.5.5</version>
</plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-deploy-plugin</artifactId>
- <version>2.8.1</version>
- <configuration>
- <skip>false</skip>
- </configuration>
-
- </plugin>
-
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
</parent>
<artifactId>miscparent</artifactId>
<name>AAF Misc Parent</name>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
- </dependency>
+ </dependency>
+
</dependencies>
<modules>
<version>2.5.5</version>
</plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-deploy-plugin</artifactId>
- <version>2.8.1</version>
- <configuration>
- <skip>false</skip>
- </configuration>
-
- </plugin>
-
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
/.settings/
/logs/
/.project
+/.checkstyle
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>miscparent</artifactId>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
<artifactId>maven-assembly-plugin</artifactId>
</plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-deploy-plugin</artifactId>
- <configuration>
- <skip>false</skip>
- </configuration>
-
- </plugin>
-
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
/.classpath
/.settings/
/.project
+/.checkstyle
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>miscparent</artifactId>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-misc-env</artifactId>
<version>${project.version}</version>
- </dependency>
+ </dependency>
</dependencies>
<!-- ============================================================== -->
<version>2.5.5</version>
</plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-deploy-plugin</artifactId>
- <version>2.8.1</version>
- <configuration>
- <skip>false</skip>
- </configuration>
- </plugin>
-
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
}\r
\r
public void forward(Writer w) throws IOException {\r
- w.write(forward);\r
+ w.write(forward);\r
}\r
\r
public void back(Writer w) throws IOException {\r
- w.write(backward);\r
+ w.write(backward);\r
}\r
\r
public String toString() {\r
\r
@SuppressWarnings("unchecked")\r
public RT text(String txt) {\r
- forward.append(txt);\r
+ if(txt!=null) {\r
+ forward.append(txt);\r
+ }\r
return (RT)this;\r
}\r
\r
for (int i=0;i<tabs;++i) {\r
forward.append(" ");\r
}\r
- forward.append(txt);\r
- if (pretty)forward.println();\r
+ if(txt!=null) {\r
+ forward.append(txt);\r
+ }\r
+ if (pretty) {\r
+ forward.println();\r
+ }\r
return (RT)this;\r
}\r
\r
\r
@Override\r
public HTMLGen html(String ... attrib) {\r
- //forward.println("<!DOCTYPE html>");\r
+ forward.println("<!DOCTYPE html>");\r
incr("html",attrib);\r
return this;\r
}\r
<modelVersion>4.0.0</modelVersion>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.17-SNAPSHOT</version>
+ <version>2.7.4-SNAPSHOT</version>
<name>aaf-authz</name>
<packaging>pom</packaging>
Frankfurt working Version
-->
- <version>3.0.0-SNAPSHOT</version>
+ <version>3.0.1</version>
</parent>
<properties>
</properties>
<build>
<plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-deploy-plugin</artifactId>
- <configuration>
- <skip>true</skip>
- </configuration>
- </plugin>
<plugin>
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
--- /dev/null
+distribution_type: 'container'
+container_release_tag: '2.1.17'
+project: 'aaf-authz'
+container_pull_registry: nexus3.onap.org:10003
+container_push_registry: nexus3.onap.org:10002
+ref: 'add60903781f8bb4cbe59555bf79181cb5f73b8c'
+containers:
+ - name: 'aaf/aaf_base'
+ version: '2.1.17-SNAPSHOT'
+ - name: 'aaf/aaf_core'
+ version: '2.1.17-SNAPSHOT'
+ - name: 'aaf/aaf_config'
+ version: '2.1.17-SNAPSHOT'
+ - name: 'aaf/aaf_agent'
+ version: '2.1.17-SNAPSHOT'
+ - name: 'aaf/aaf_hello'
+ version: '2.1.17-SNAPSHOT'
--- /dev/null
+distribution_type: 'maven'
+version: '2.1.17'
+project: 'aaf-authz'
+log_dir: 'aaf-authz-maven-stage-master/271/'
--- /dev/null
+distribution_type: 'container'
+container_release_tag: '2.1.18'
+project: 'aaf-authz'
+container_pull_registry: nexus3.onap.org:10003
+container_push_registry: nexus3.onap.org:10002
+ref: '28d2e7a6daa59749f6fefa302840943961c3ba9e'
+containers:
+ - name: 'aaf/aaf_cass'
+ version: '2.1.18-SNAPSHOT'
+ - name: 'aaf/aaf_base'
+ version: '2.1.18-SNAPSHOT'
+ - name: 'aaf/aaf_core'
+ version: '2.1.18-SNAPSHOT'
+ - name: 'aaf/aaf_config'
+ version: '2.1.18-SNAPSHOT'
+ - name: 'aaf/aaf_agent'
+ version: '2.1.18-SNAPSHOT'
+ - name: 'aaf/aaf_hello'
+ version: '2.1.18-SNAPSHOT'
--- /dev/null
+distribution_type: 'maven'
+version: '2.1.18'
+project: 'aaf-authz'
+log_dir: 'aaf-authz-maven-stage-master/288/'
--- /dev/null
+distribution_type: 'container'
+container_release_tag: '2.1.19'
+project: 'aaf-authz'
+container_pull_registry: nexus3.onap.org:10003
+container_push_registry: nexus3.onap.org:10002
+ref: 'eeb50d3b600eb5c781c53cb6f9519e503e22ca6d'
+containers:
+ - name: 'aaf/aaf_cass'
+ version: '2.1.19-SNAPSHOT'
+ - name: 'aaf/aaf_base'
+ version: '2.1.19-SNAPSHOT'
+ - name: 'aaf/aaf_core'
+ version: '2.1.19-SNAPSHOT'
+ - name: 'aaf/aaf_config'
+ version: '2.1.19-SNAPSHOT'
+ - name: 'aaf/aaf_agent'
+ version: '2.1.19-SNAPSHOT'
+ - name: 'aaf/aaf_hello'
+ version: '2.1.19-SNAPSHOT'
--- /dev/null
+distribution_type: 'maven'
+version: '2.1.19'
+project: 'aaf-authz'
+log_dir: 'aaf-authz-maven-stage-master/304/'
--- /dev/null
+distribution_type: 'container'
+container_release_tag: '2.1.20'
+project: 'aaf-authz'
+container_pull_registry: nexus3.onap.org:10003
+container_push_registry: nexus3.onap.org:10002
+ref: '96bf6a2771dfe992fb27bd6361d191d83b6ff605'
+containers:
+ - name: 'aaf/aaf_cass'
+ version: '2.1.20-SNAPSHOT'
+ - name: 'aaf/aaf_base'
+ version: '2.1.20-SNAPSHOT'
+ - name: 'aaf/aaf_core'
+ version: '2.1.20-SNAPSHOT'
+ - name: 'aaf/aaf_config'
+ version: '2.1.20-SNAPSHOT'
+ - name: 'aaf/aaf_agent'
+ version: '2.1.20-SNAPSHOT'
+ - name: 'aaf/aaf_hello'
+ version: '2.1.20-SNAPSHOT'
--- /dev/null
+distribution_type: 'maven'
+version: '2.1.20'
+project: 'aaf-authz'
+log_dir: 'aaf-authz-maven-stage-master/344/'
--- /dev/null
+distribution_type: 'maven'
+version: '2.1.21'
+project: 'aaf-authz'
+log_dir: 'aaf-authz-maven-stage-master/350/'
--- /dev/null
+distribution_type: 'maven'
+version: '2.7.0'
+project: 'aaf-authz'
+log_dir: 'aaf-authz-maven-stage-master/448/'
--- /dev/null
+distribution_type: 'maven'
+version: '2.7.1'
+project: 'aaf-authz'
+log_dir: 'aaf-authz-maven-stage-master/482/'
--- /dev/null
+distribution_type: 'maven'
+version: '2.7.2'
+project: 'aaf-authz'
+log_dir: 'aaf-authz-maven-stage-master/506/'
--- /dev/null
+distribution_type: 'maven'
+version: '2.7.3'
+project: 'aaf-authz'
+log_dir: 'aaf-authz-maven-stage-master/512/'
--- /dev/null
+distribution_type: 'maven'
+version: '2.7.4'
+project: 'aaf-authz'
+log_dir: 'aaf-authz-maven-stage-master/540/'
# Note that these variables cannot be structured (e.g. : version.release or version.snapshot etc... )
# because they are used in Jenkins, whose plug-in doesn't support
-# This TAG <version>2.1.17-SNAPSHOT</version> is here to help remember to change this file. Keep it up to date with the following "real" entries:
+# This TAG <version>2.7.0-SNAPSHOT</version> is here to help remember to change this file. Keep it up to date with the following "real" entries:
major=2
-minor=1
-patch=17
+minor=7
+patch=4
base_version=${major}.${minor}.${patch}