<classifier>tests</classifier>
<archive>
<manifest>
- <mainClass>org.onap.aaf.auth.Batch</mainClass>
+ <mainClass>org.onap.aaf.auth.batch.Batch</mainClass>
</manifest>
<manifestEntries>
<Sealed>true</Sealed>
Date now = gc.getTime();
int ifrom = 0;
- int ito = 0;
+ int ito = 4;
for(int i=0; i< args().length;++i) {
switch(args()[i]) {
import org.onap.aaf.auth.dao.cass.HistoryDAO;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.org.Organization;
+import org.onap.aaf.auth.org.Organization.Identity;
import org.onap.aaf.auth.org.OrganizationException;
import org.onap.aaf.auth.org.OrganizationFactory;
-import org.onap.aaf.auth.org.Organization.Identity;
+import org.onap.aaf.cadi.Access;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.config.RegistrationPropHolder;
import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.util.Chrono;
private final PrintStream ps;
private final AuthzTrans noAvg;
- public NotifyApprovals(AuthzTrans trans) throws APIException, IOException, OrganizationException {
+ public NotifyApprovals(AuthzTrans trans) throws APIException, IOException, OrganizationException, CadiException {
super(trans.env());
-
+ Access access = trans.env().access();
+ RegistrationPropHolder rph = new RegistrationPropHolder(access, 0);
+ String guiURL = rph.replacements(access.getProperty(GUI_URL,"https://%P/gui"),"","");
noAvg = env.newTransNoAvg();
noAvg.setUser(new BatchPrincipal("batch:NotifyApprovals"));
maxEmails = Integer.parseInt(trans.getProperty("MAX_EMAILS","3"));
}
email.subject("AAF Approval Notification (ENV: %s)",batchEnv);
- email.preamble("AAF (MOTS 22830) is the AT&T Authorization System used by many AT&T Tools and Applications." +
+ email.preamble("AAF is the ONAP Authorization System." +
"\n Your approval is required, which you may enter on the following page:"
+ "\n\n\t%s/approve\n\n"
- ,env.getProperty(GUI_URL));
- email.signature("Sincerely,\nAAF Team (Our MOTS# 22830)\n"
- + "https://wiki.web.att.com/display/aaf/Contact+Us\n"
- + "(Use 'Other Misc Requests (TOPS)')");
+ ,guiURL);
+ email.signature("Sincerely,\nAAF Team\n");
Approval.load(trans, session, Approval.v2_0_17);
Future.load(trans, session, Future.v2_0_17); // Skip the Construct Data
import java.util.concurrent.ConcurrentHashMap;
import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.util.FQI;
import org.onap.aaf.cadi.util.Split;
import org.onap.aaf.misc.env.Env;
}
}
}
+ if(firstOrg==null) { // attempt to load DefaultOrg
+ try {
+ Class<?> cls = Class.forName("org.onap.aaf.org.DefaultOrg");
+ @SuppressWarnings("unchecked")
+ Constructor<Organization> cnst = (Constructor<Organization>)cls.getConstructor(Env.class,String.class);
+ String realm = env.getProperty(Config.AAF_DEFAULT_REALM,"people.osaaf.org");
+ defaultOrg = cnst.newInstance(env,realm);
+ } catch (ClassNotFoundException | InstantiationException | IllegalAccessException | NoSuchMethodException | SecurityException | IllegalArgumentException | InvocationTargetException e) {
+ throw new OrganizationException("At least one Organization must be defined",e);
+ }
+ }
if (defaultOrg == null) {
defaultOrg = firstOrg;
}
protected AbsService<ENV,TRANS> service;
- public AbsServiceStarter(final AbsService<ENV,TRANS> service) {
+ public AbsServiceStarter(final AbsService<ENV,TRANS> service, boolean noexit) {
this.service = service;
try {
OrganizationFactory.init(service.env);
} catch (OrganizationException e) {
- service.access.log(e, "Missing defined Organzation Plugins");
- System.exit(3);
+ service.access.log(e, "Missing defined Organization Plugins");
+ if(!noexit) {
+ System.exit(3);
+ }
}
// do_register - this is used for specialty Debug Situations. Developer can create an Instance for a remote system
// for Debugging purposes without fear that real clients will start to call your debug instance
private boolean secure;
public JettyServiceStarter(final AbsService<ENV,TRANS> service) throws OrganizationException {
- super(service);
+ super(service,false);
secure = true;
}
package org.onap.aaf.auth.org.test;
+import static org.mockito.Mockito.mock;
+
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
-import static org.mockito.Mockito.mock;
import org.onap.aaf.auth.env.AuthzEnv;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.org.OrganizationException;
import org.onap.aaf.auth.org.OrganizationFactory;
-import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.impl.BasicEnv;
import org.powermock.api.mockito.PowerMockito;
import org.powermock.modules.junit4.PowerMockRunner;
+import junit.framework.Assert;
+
@RunWith(PowerMockRunner.class)
public class JU_OrganizationFactory {
private static final String ORG_SLOT = null;
@SuppressWarnings("static-access")
@Test
- public void testInit() throws OrganizationException {
- organizationFactory.init(bEnv);
+ public void testInit() {
+ try {
+ organizationFactory.init(bEnv);
+ Assert.fail("Expect an exception");
+ } catch (OrganizationException e) {
+ Assert.assertEquals("At least one Organization must be defined", e.getMessage());
+ }
}
@SuppressWarnings("static-access") //TODO:Fix this once real input is available AAF-111
private class AbsServiceStarterStub extends AbsServiceStarter {
public AbsServiceStarterStub(AbsService service) {
- super(service);
+ super(service, true);
// TODO Auto-generated constructor stub
}
LABEL description="aaf_base"
RUN apk add --no-cache bash
RUN apk add --no-cache openssl
+RUN addgroup aaf && adduser aaf -G aaf -D -s /bin/bash
COPY bin/aaf-cadi-servlet-sample-*-sample.jar /opt/app/aaf_config/bin/
COPY cert/*trust*.b64 /opt/app/aaf_config/cert/
+RUN chown -R aaf:aaf /opt/app/aaf_config
+
CMD ["/bin/bash","-c","/opt/app/aaf_config/bin/agent.sh"]
COPY bin/service.sh /opt/app/aaf_config/bin/agent.sh
COPY bin/pod_wait.sh /opt/app/aaf_config/bin/
COPY bin/aaf-auth-cmd-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/
-
+COPY bin/aaf-auth-batch-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/
+
+RUN chown -R aaf:aaf /opt/app/aaf_config && mkdir /opt/app/osaaf && chown aaf:aaf /opt/app/osaaf
+
CMD ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"]
-#CMD ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"]
CMD []
COPY bin /opt/app/aaf/bin
COPY theme /opt/app/aaf/theme
+RUN chown -R aaf:aaf /opt/app/aaf
LABEL version=${AAF_VERSION}
COPY bin/pod_wait.sh /opt/app/aaf/bin/
+RUN mkdir /opt/app/osaaf && chown aaf:aaf /opt/app/osaaf && chown -R aaf:aaf /opt/app/aaf/bin
#CMD ["bash","-c","cd /opt/app/aaf;bin/${AAF_COMPONENT}"]
CMD []
# watch logs in Agent Window
cd ../logs
sh taillog
+
+
+#Running as ROOT
+# docker gets the non-root user in its config during kubernetes
+# install
https://git.onap.org/logging-analytics/tree/deploy/rancher/oom_rancher_setup.sh#n90
+# sudo usermod -aG docker $USERNAME
where $USERNAME can be ubuntu
. ./d.props
DOCKER=${DOCKER:=docker}
+# if something, may not want CASS attached all the tim
+LINKS="--link $CASSANDRA_DOCKER"
+
function run_it() {
$DOCKER run $@ \
+ --user aaf \
-v "aaf_config:$CONF_ROOT_DIR" \
-v "aaf_status:/opt/app/aaf/status" \
+ $LINKS \
--env aaf_locator_container=docker \
--env aaf_locator_fqdn=${HOSTNAME} \
--env aaf_locate_url=https://aaf-locate:8095 \
# Create the AAF Config (Security) Images
cd ..
cp auth-cmd/target/aaf-auth-cmd-$VERSION-full.jar sample/bin
+cp auth-batch/target/aaf-auth-batch-$VERSION-full.jar sample/bin
cp -Rf ../conf/CA sample
$DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:latest
# Clean up
-rm sample/Dockerfile sample/bin/aaf-auth-cmd-${VERSION}-full.jar sample/bin/aaf-cadi-servlet-sample-${VERSION}-sample.jar
+rm sample/Dockerfile sample/bin/aaf-*-${VERSION}-full.jar sample/bin/aaf-cadi-servlet-sample-${VERSION}-sample.jar
rm -Rf sample/CA
cd -
# $ADD_HOST \
$DOCKER run \
-d \
+ --user aaf \
--name aaf-$AAF_COMPONENT \
${LINKS} \
--env AAF_ENV=${AAF_ENV} \
JAVA_CADI="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar org.onap.aaf.cadi.CmdLine"
JAVA_AGENT="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar -Dcadi_prop_files=$LOCAL/org.osaaf.aaf.props org.onap.aaf.cadi.configure.Agent"
JAVA_AAFCLI="$JAVA -cp $CONFIG/bin/aaf-auth-cmd-*-full.jar -Dcadi_prop_files=$LOCAL/org.osaaf.aaf.props org.onap.aaf.auth.cmd.AAFcli"
+JAVA_AAFBATCH="$JAVA -Dcadi_prop_files=$LOCAL/org.osaaf.aaf.batch.props -jar $CONFIG/bin/aaf-auth-batch-*-full.jar"
# If doesn't exist... still create
mkdir -p $OSAAF
FILE=
# Setup Bash, first time only
-if [ ! -e "$HOME/.bash_aliases" ] || [ -z "$(grep cadi $HOME/.bash_aliases)" ]; then
- echo "alias cadi='$JAVA_CADI \$*'" >>$HOME/.bash_aliases
- echo "alias agent='$CONFIG/bin/agent.sh \$*'" >>$HOME/.bash_aliases
- echo "alias aafcli='$JAVA_AAFCLI \$*'" >>$HOME/.bash_aliases
+if [ ! -e "$HOME/.bashrc" ] || [ -z "$(grep cadi $HOME/.bashrc)" ]; then
+ echo "alias cadi='$JAVA_CADI \$*'" >>$HOME/.bashrc
+ echo "alias agent='$CONFIG/bin/agent.sh \$*'" >>$HOME/.bashrc
+ echo "alias aafcli='$JAVA_AAFCLI \$*'" >>$HOME/.bashrc
+ echo "alias batch='$JAVA_AAFBATCH \$*'" >>$HOME/.bashrc
chmod a+x $CONFIG/bin/agent.sh
- . $HOME/.bash_aliases
+ . $HOME/.bashrc
fi
# Only load Identities once
--- /dev/null
+#########
+# ============LICENSE_START====================================================
+# org.onap.aaf
+# ===========================================================================
+# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
+# ===========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END====================================================
+#
+# Container based Batch Properties
+#
+# Common Properties, including Cassandra, RootNS and GPS coords
+cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/local/org.osaaf.aaf.location.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props
+
+DRY_RUN=false
+
+LOG_DIR=/opt/app/osaaf/logs/batch
+SPECIAL_NAMES=aaf@aaf.osaaf.org
+GUI_URL=https://$PH/gui
+# MAX_EMAILS=3
+# Put any IDs that are critical to the system, and/or might in any way be removed by
+# Organization rules
+# Example: The AAF ID, any special Test IDs that aren't in the Organization
+# ID Set.
+
+ALERT_TO_ADDRESS=DL-aaf-support@att.com
+
+
Code Review / aaf / authz.git / commitdiff