From 58c2a7132f861e269ed707eb585657b0c9ead9f5 Mon Sep 17 00:00:00 2001
From: "Gathman, Jonathan (jg1555)" <jg1555@us.att.com>
Date: Wed, 17 Jul 2019 16:07:20 -0500
Subject: [PATCH] Change API Version to 2.1.15

Issue-ID: AAF-902
Change-Id: I25ea4791fcbe45612197d7206b4af1ae23b6c489
Signed-off-by: Gathman, Jonathan (jg1555) <jg1555@us.att.com>
---
 auth-client/pom.xml                                |   2 +-
 auth/auth-batch/pom.xml                            |   2 +-
 .../onap/aaf/auth/batch/reports/ApprovedRpt.java   | 183 +++++++++++++++++++++
 auth/auth-cass/pom.xml                             |   2 +-
 .../java/org/onap/aaf/auth/dao/hl/Function.java    |   9 +-
 .../java/org/onap/aaf/auth/dao/hl/Question.java    |  53 ++++--
 .../org/onap/aaf/auth/direct/DirectAAFLocator.java |   2 +-
 .../aaf/auth/direct/test/JU_DirectAAFLocator.java  |  12 +-
 .../auth/direct/test/JU_DirectLocatorCreator.java  |   3 +-
 auth/auth-certman/pom.xml                          |   2 +-
 .../src/main/java/org/onap/aaf/auth/cm/AAF_CM.java |   9 +
 .../src/main/java/org/onap/aaf/auth/cm/ca/CA.java  |   7 +-
 .../org/onap/aaf/auth/cm/mapper/Mapper1_0.java     |  72 ++++----
 .../org/onap/aaf/auth/cm/mapper/Mapper2_0.java     |   4 +-
 .../org/onap/aaf/auth/cm/service/CMService.java    |   5 +-
 .../aaf/auth/cm/validation/CertmanValidator.java   |  14 +-
 .../auth/cm/validation/JU_CertmanValidator.java    |   2 +-
 auth/auth-cmd/pom.xml                              |   2 +-
 auth/auth-core/pom.xml                             |   2 +-
 .../org/onap/aaf/auth/validation/Validator.java    |   9 +-
 auth/auth-deforg/pom.xml                           |   2 +-
 auth/auth-fs/pom.xml                               |   2 +-
 auth/auth-gui/pom.xml                              |   2 +-
 .../aaf/auth/gui/pages/CMArtiChangeAction.java     |  31 ++--
 auth/auth-hello/pom.xml                            |   2 +-
 auth/auth-locate/pom.xml                           |   2 +-
 .../java/org/onap/aaf/auth/locate/AAF_Locate.java  |   2 +-
 auth/auth-oauth/pom.xml                            |   2 +-
 auth/auth-service/pom.xml                          |   2 +-
 auth/docker/Dockerfile.ms                          |  47 ++++++
 auth/docker/agent.sh                               |   2 +-
 auth/helm/aaf-hello/values.yaml                    |   2 +-
 auth/helm/aaf/Chart.yaml                           |   2 +-
 auth/helm/aaf/values.yaml                          |  10 +-
 auth/pom.xml                                       |   2 +-
 auth/sample/logs/clean                             |   2 +-
 cadi/aaf/pom.xml                                   |   2 +-
 .../org/onap/aaf/cadi/aaf/TestConnectivity.java    |   2 +-
 .../java/org/onap/aaf/cadi/configure/Agent.java    |  31 ++--
 cadi/client/pom.xml                                |   2 +-
 cadi/core/pom.xml                                  |   2 +-
 .../main/java/org/onap/aaf/cadi/PropAccess.java    |   7 +
 .../main/java/org/onap/aaf/cadi/config/Config.java |   8 +-
 cadi/oauth-enduser/pom.xml                         |   2 +-
 cadi/pom.xml                                       |   2 +-
 cadi/servlet-sample/pom.xml                        |   2 +-
 misc/env/pom.xml                                   |   2 +-
 misc/log4j/pom.xml                                 |   2 +-
 misc/pom.xml                                       |   2 +-
 misc/rosetta/pom.xml                               |   2 +-
 misc/xgen/pom.xml                                  |   2 +-
 pom.xml                                            |   2 +-
 version.properties                                 |   4 +-
 53 files changed, 453 insertions(+), 133 deletions(-)
 create mode 100644 auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java
 create mode 100644 auth/docker/Dockerfile.ms

diff --git a/auth-client/pom.xml b/auth-client/pom.xml
index d1fbc4db..bbcffbb4 100644
--- a/auth-client/pom.xml
+++ b/auth-client/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>parent</artifactId>
-        <version>2.1.14-SNAPSHOT</version>
+        <version>2.1.15-SNAPSHOT</version>
     </parent>
 	
 	<artifactId>aaf-auth-client</artifactId>
diff --git a/auth/auth-batch/pom.xml b/auth/auth-batch/pom.xml
index 09ce6182..304a23f7 100644
--- a/auth/auth-batch/pom.xml
+++ b/auth/auth-batch/pom.xml
@@ -25,7 +25,7 @@
 	<parent>
 		<groupId>org.onap.aaf.authz</groupId>
 		<artifactId>authparent</artifactId>
-		<version>2.1.14-SNAPSHOT</version>
+		<version>2.1.15-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java
new file mode 100644
index 00000000..7b6e09f5
--- /dev/null
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java
@@ -0,0 +1,183 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.auth.batch.reports;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.Date;
+import java.util.GregorianCalendar;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.TreeMap;
+import java.util.UUID;
+
+import org.onap.aaf.auth.batch.Batch;
+import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.org.OrganizationException;
+import org.onap.aaf.cadi.routing.GreatCircle;
+import org.onap.aaf.cadi.util.CSV;
+import org.onap.aaf.cadi.util.CSV.Visitor;
+import org.onap.aaf.cadi.util.CSV.Writer;
+import org.onap.aaf.misc.env.APIException;
+import org.onap.aaf.misc.env.Env;
+import org.onap.aaf.misc.env.TimeTaken;
+import org.onap.aaf.misc.env.util.Chrono;
+import org.onap.aaf.misc.env.util.Split;
+
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.SimpleStatement;
+import com.datastax.driver.core.Statement;
+
+
+public class ApprovedRpt extends Batch {
+    
+	private static final String APPR_RPT = "ApprovedRpt";
+	private static final String CSV = ".csv";
+	private static final String INFO = "info";
+	private Date now;
+	private Writer approvedW;
+	private CSV historyR;
+	private static String yr_mon;
+	
+	public ApprovedRpt(AuthzTrans trans) throws APIException, IOException, OrganizationException {
+        super(trans.env());
+        trans.info().log("Starting Connection Process");
+        
+        TimeTaken tt0 = trans.start("Cassandra Initialization", Env.SUB);
+        try {
+//            TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
+//            try {
+//                session = cluster.connect();
+//            } finally {
+//                tt.done();
+//            }
+            
+            now = new Date();
+            String sdate = Chrono.dateOnlyStamp(now);
+           	File file = new File(logDir(),APPR_RPT + sdate +CSV);
+            CSV csv = new CSV(env.access(),file);
+            approvedW = csv.writer(false);
+            
+            historyR = new CSV(env.access(),args()[1]).setDelimiter('|');
+            
+            yr_mon = args()[0];
+        } finally {
+            tt0.done();
+        }
+    }
+
+    @Override
+    protected void run(AuthzTrans trans) {
+		try {
+			Map<String,Boolean> checked = new TreeMap<String, Boolean>();
+			
+			final AuthzTrans transNoAvg = trans.env().newTransNoAvg();
+//	        ResultSet results;
+//            Statement stmt = new SimpleStatement( "select dateof(id), approver, status, user, type, memo from authz.approved;" );
+//            results = session.execute(stmt);
+//            Iterator<Row> iter = results.iterator();
+//            Row row;
+			/*
+			 *             while (iter.hasNext()) {
+                ++totalLoaded;
+                row = iter.next();
+                d = row.getTimestamp(0);
+                if(d.after(begin)) {
+	                approvedW.row("aprvd",
+	                		Chrono.dateOnlyStamp(d),
+	                		row.getString(1),
+	                		row.getString(2),
+	                		row.getString(3),
+	                		row.getString(4),
+	                		row.getString(5)
+	                );
+                }
+            }
+
+			 */
+            int totalLoaded = 0;
+            Date d;
+            GregorianCalendar gc = new GregorianCalendar();
+            gc.add(GregorianCalendar.MONTH, -2);
+            Date begin = gc.getTime();
+            approvedW.comment("date, approver, status, user, role, memo");
+            
+            historyR.visit(row -> {
+                String s = row.get(7);
+                if(s.equals(yr_mon)) {
+                	String target = row.get(5);
+                	if("user_role".equals(target)) {
+                		String action = row.get(1);
+                		switch(action) {
+                			case "create":
+                				write("created",row);
+                				break;
+                			case "update":
+                				write("approved",row);
+                				break;
+                			case "delete":
+                				write("denied",row);
+                				break;
+                		}
+                	}
+                }
+            });
+            
+		} catch (Exception e) {
+			trans.info().log(e);
+		}
+	}
+    
+	private void write(String a_or_d, List<String> row) {
+		String[] target = Split.splitTrim('|', row.get(4));
+		
+		if(target.length>1) {
+			UUID id = UUID.fromString(row.get(0));
+			Date date = Chrono.uuidToDate(id);
+			String status;
+			String memo;
+			String approver = row.get(6);
+			if("batch:JobChange".equals(approver)) {
+				status = "reduced";
+				memo = "existing role membership reduced to invoke reapproval";
+			} else {
+				status = a_or_d;
+				memo = row.get(2);
+			}
+			if(!approver.equals(target[0])) {
+		        approvedW.row(
+		        	Chrono.niceDateStamp(date),
+		        	approver,
+		        	status,
+		        	target[0],
+		        	target[1],
+		        	memo
+		        );
+			}
+		}
+
+		
+	}
+
+}
diff --git a/auth/auth-cass/pom.xml b/auth/auth-cass/pom.xml
index 646dcbbb..4b9f9fee 100644
--- a/auth/auth-cass/pom.xml
+++ b/auth/auth-cass/pom.xml
@@ -17,7 +17,7 @@
 	<parent>
 		<groupId>org.onap.aaf.authz</groupId>
 		<artifactId>authparent</artifactId>
-		<version>2.1.14-SNAPSHOT</version>
+		<version>2.1.15-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
index c59312c0..4ec70d4a 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
@@ -628,12 +628,7 @@ public class Function {
                 return Result.err(Status.ERR_DependencyExists, sb.toString());
             }
 
-            if (move && parent == null) {
-                return Result
-                        .err(Status.ERR_DependencyExists,
-                                "Cannot move users, roles or permissions - parent is missing.\nDelete dependencies and try again");
-            }
-            else if (move && parent.type == NsType.COMPANY.type) {
+            if (move && (parent == null || parent.type == NsType.COMPANY.type)) {
                 return Result
                         .err(Status.ERR_DependencyExists,
                                 "Cannot move users, roles or permissions to [%s].\nDelete dependencies and try again",
@@ -1040,7 +1035,7 @@ public class Function {
 
         // Attached to any Roles?
         if (fullperm.roles != null) {
-            if (force) {
+            if (force || fullperm.roles.contains(user+":user")) {
                 for (String role : fullperm.roles) {
                     Result<Void> rv = null;
                     Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, q, role);
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
index 22b14cb4..3b61da31 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
@@ -246,15 +246,29 @@ public class Question {
         approvalDAO.close(trans);
     }
 
-    public Result<PermDAO.Data> permFrom(AuthzTrans trans, String type,
-            String instance, String action) {
-        Result<NsDAO.Data> rnd = deriveNs(trans, type);
-        if (rnd.isOK()) {
-            return Result.ok(new PermDAO.Data(new NsSplit(rnd.value, type),
-                    instance, action));
-        } else {
-            return Result.err(rnd);
-        }
+    public Result<PermDAO.Data> permFrom(AuthzTrans trans, String type, String instance, String action) {
+    	if(type.indexOf('@') >= 0) {
+    		int colon = type.indexOf(':');
+    		if(colon>=0) {
+    			PermDAO.Data pdd = new PermDAO.Data();
+    			pdd.ns = type.substring(0, colon);
+    			pdd.type = type.substring(colon+1);
+    			pdd.instance = instance;
+    			pdd.action = action;
+    		
+    			return Result.ok(pdd);
+    		} else {
+    			return Result.err(Result.ERR_BadData,"Could not extract ns and type from " + type);
+    		}
+    	} else {
+	        Result<NsDAO.Data> rnd = deriveNs(trans, type);
+	        if (rnd.isOK()) {
+	            return Result.ok(new PermDAO.Data(new NsSplit(rnd.value, type),
+	                    instance, action));
+	        } else {
+	            return Result.err(rnd);
+	        }
+    	}
     }
 
     /**
@@ -317,12 +331,21 @@ public class Question {
         return Result.ok(rlpUser); 
     }
 
-    public Result<List<PermDAO.Data>> getPermsByType(AuthzTrans trans, String perm) {
-        Result<NsSplit> nss = deriveNsSplit(trans, perm);
-        if (nss.notOK()) {
-            return Result.err(nss);
-        }
-        return permDAO.readByType(trans, nss.value.ns, nss.value.name);
+    public Result<List<PermDAO.Data>> getPermsByType(AuthzTrans trans, String type) {
+    	if(type.indexOf('@') >= 0) {
+    		int colon = type.indexOf(':');
+    		if(colon>=0) {
+    			return permDAO.readByType(trans, type.substring(0, colon),type.substring(colon+1));
+    		} else {
+    			return Result.err(Result.ERR_BadData, "%s is malformed",type);
+    		}
+    	} else {
+	        Result<NsSplit> nss = deriveNsSplit(trans, type);
+	        if (nss.notOK()) {
+	            return Result.err(nss);
+	        }
+	        return permDAO.readByType(trans, nss.value.ns, nss.value.name);
+    	}
     }
 
     public Result<List<PermDAO.Data>> getPermsByName(AuthzTrans trans, String type, String instance, String action) {
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java
index 2f1d150c..27d5df74 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFLocator.java
@@ -77,7 +77,7 @@ public class DirectAAFLocator extends AbsAAFLocator<AuthzTrans> {
         	if(name.indexOf('.')>=0) {
             	aaf_url = "https://"+Config.AAF_LOCATE_URL_TAG+'/'+name+':'+version;
         	} else {
-            	aaf_url = "https://"+Config.AAF_LOCATE_URL_TAG+"/%NS."+name+':'+version;
+       			aaf_url = "https://"+Config.AAF_LOCATE_URL_TAG+"/%CNS.%NS."+name+':'+version;
         	}
     		RegistrationPropHolder rph = new RegistrationPropHolder(access,0);
         	aaf_url = rph.replacements(getClass().getSimpleName(),aaf_url, null,null);
diff --git a/auth/auth-cass/src/test/java/org/onap/aaf/auth/direct/test/JU_DirectAAFLocator.java b/auth/auth-cass/src/test/java/org/onap/aaf/auth/direct/test/JU_DirectAAFLocator.java
index 01d4b9a2..f6d2a593 100644
--- a/auth/auth-cass/src/test/java/org/onap/aaf/auth/direct/test/JU_DirectAAFLocator.java
+++ b/auth/auth-cass/src/test/java/org/onap/aaf/auth/direct/test/JU_DirectAAFLocator.java
@@ -103,7 +103,8 @@ public class JU_DirectAAFLocator {
 		Mockito.doReturn(access).when(env).access();
 		Mockito.doReturn("20").when(access).getProperty(Config.CADI_LATITUDE,null);
 		Mockito.doReturn("20").when(access).getProperty(Config.CADI_LONGITUDE,null);
-		Mockito.doReturn("20").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+		Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+		Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER_NS,"");
 		Mockito.doReturn("20").when(access).getProperty(Config.AAF_LOCATOR_APP_NS,"AAF_NS");
 		try {
 			DirectAAFLocator aafLocatorObj=new DirectAAFLocator(env, ldao,"test",null);
@@ -118,7 +119,8 @@ public class JU_DirectAAFLocator {
 		Mockito.doReturn(access).when(env).access();
 		Mockito.doReturn("20").when(access).getProperty(Config.CADI_LATITUDE,null);
 		Mockito.doReturn("20").when(access).getProperty(Config.CADI_LONGITUDE,null);
-		Mockito.doReturn("20").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+		Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+		Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER_NS,"");
 		Mockito.doReturn("20 30").when(access).getProperty(Config.AAF_URL,null);
 		try {
 			DirectAAFLocator aafLocatorObj=new DirectAAFLocator(env, ldao,"test","192.0.0.1");
@@ -138,7 +140,8 @@ public class JU_DirectAAFLocator {
 		Mockito.doReturn(trans).when(env).newTransNoAvg();
 		Mockito.doReturn("20").when(access).getProperty(Config.CADI_LATITUDE,null);
 		Mockito.doReturn("20").when(access).getProperty(Config.CADI_LONGITUDE,null);
-		Mockito.doReturn("20").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+		Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+		Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER_NS,"");
 		Mockito.doReturn("http://aafurl.com").when(access).getProperty(Config.AAF_URL,null);
 		try {
 			aafLocatorObj = new DirectAAFLocator(env, ldao,"test","30.20.30.30");
@@ -171,7 +174,8 @@ public class JU_DirectAAFLocator {
 		Mockito.doReturn(trans).when(env).newTransNoAvg();
 		Mockito.doReturn("20").when(access).getProperty(Config.CADI_LATITUDE,null);
 		Mockito.doReturn("20").when(access).getProperty(Config.CADI_LONGITUDE,null);
-		Mockito.doReturn("20").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+		Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+		Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER_NS,"");
 		Mockito.doReturn("http://aafurl.com").when(access).getProperty(Config.AAF_URL,null);
 		try {
 			aafLocatorObj = new DirectAAFLocator(env, ldao,"test","30.20.30.30");
diff --git a/auth/auth-cass/src/test/java/org/onap/aaf/auth/direct/test/JU_DirectLocatorCreator.java b/auth/auth-cass/src/test/java/org/onap/aaf/auth/direct/test/JU_DirectLocatorCreator.java
index c2b8597b..0eb75fcb 100644
--- a/auth/auth-cass/src/test/java/org/onap/aaf/auth/direct/test/JU_DirectLocatorCreator.java
+++ b/auth/auth-cass/src/test/java/org/onap/aaf/auth/direct/test/JU_DirectLocatorCreator.java
@@ -57,7 +57,8 @@ public class JU_DirectLocatorCreator {
 		Mockito.doReturn(access).when(env).access();
 		Mockito.doReturn("20").when(access).getProperty(Config.CADI_LATITUDE,null);
 		Mockito.doReturn("20").when(access).getProperty(Config.CADI_LONGITUDE,null);
-		Mockito.doReturn("20").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+		Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+		Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER_NS,"");
 		Mockito.doReturn("http://aafurl.com").when(access).getProperty(Config.AAF_URL,null);
 		DirectLocatorCreator directLocObj = new DirectLocatorCreator(env, locateDAO);
 		try {
diff --git a/auth/auth-certman/pom.xml b/auth/auth-certman/pom.xml
index 8237b027..82d127ce 100644
--- a/auth/auth-certman/pom.xml
+++ b/auth/auth-certman/pom.xml
@@ -20,7 +20,7 @@
 	<parent>
 		<groupId>org.onap.aaf.authz</groupId>
 		<artifactId>authparent</artifactId>
-		<version>2.1.14-SNAPSHOT</version>
+		<version>2.1.15-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java
index 7dea9f07..aa5c1daf 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java
@@ -40,6 +40,7 @@ import org.onap.aaf.auth.cm.facade.FacadeFactory;
 import org.onap.aaf.auth.cm.mapper.Mapper.API;
 import org.onap.aaf.auth.cm.service.CMService;
 import org.onap.aaf.auth.cm.service.Code;
+import org.onap.aaf.auth.cm.validation.CertmanValidator;
 import org.onap.aaf.auth.dao.CassAccess;
 import org.onap.aaf.auth.dao.cass.LocateDAO;
 import org.onap.aaf.auth.direct.DirectLocatorCreator;
@@ -72,6 +73,7 @@ import com.datastax.driver.core.Cluster;
 public class AAF_CM extends AbsService<AuthzEnv, AuthzTrans> {
 
     private static final String USER_PERMS = "userPerms";
+	private static final String CM_ALLOW_TMP = "cm_allow_tmp";
     private static final Map<String,CA> certAuths = new TreeMap<>();
     public static  Facade1_0 facade1_0; // this is the default Facade
     public static  Facade1_0 facade1_0_XML; // this is the XML Facade
@@ -106,6 +108,13 @@ public class AAF_CM extends AbsService<AuthzEnv, AuthzTrans> {
         if (aafEnv==null) {
             throw new APIException("aaf_env needs to be set");
         }
+        
+        // Check for allowing /tmp in Properties
+        String allowTmp = env.getProperty(CM_ALLOW_TMP);
+        if("true".equalsIgnoreCase(allowTmp)) {
+        	CertmanValidator.allowTmp();
+        }
+
 
         // Initialize Facade for all uses
         AuthzTrans trans = env.newTrans();
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java
index 10da10d9..26b4e2aa 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/ca/CA.java
@@ -73,10 +73,11 @@ public abstract class CA {
         this.env = env;
         this.env_tag = env==null || env.isEmpty()?false: 
         		Boolean.parseBoolean(access.getProperty(CM_CA_ENV_TAG, Boolean.FALSE.toString()));
-        permNS = CM_CA_PREFIX + name;
-        permType = access.getProperty(permNS + ".perm_type",null);
+        permNS=null;
+        String prefix = CM_CA_PREFIX + name;
+        permType = access.getProperty(prefix + ".perm_type",null);
         if (permType==null) {
-            throw new CertException(permNS + ".perm_type" + MUST_EXIST_TO_CREATE_CSRS_FOR + caName);
+            throw new CertException(prefix + ".perm_type" + MUST_EXIST_TO_CREATE_CSRS_FOR + caName);
         }
         caIssuerDNs = Split.splitTrim(':', access.getProperty(Config.CADI_X509_ISSUERS, null));
         
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java
index 663cee82..22243ae4 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper1_0.java
@@ -24,6 +24,7 @@ package org.onap.aaf.auth.cm.mapper;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Set;
 
 import org.onap.aaf.auth.cm.data.CertDrop;
 import org.onap.aaf.auth.cm.data.CertRenew;
@@ -219,31 +220,31 @@ public class Mapper1_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> {
         List<ArtiDAO.Data> ladd = new ArrayList<>();
         for (Artifact arti : artifacts.getArtifact()) {
             ArtiDAO.Data data = new ArtiDAO.Data();
-            data.mechid = arti.getMechid();
-            data.machine = arti.getMachine();
-            data.type(true).addAll(arti.getType());
-            data.ca = arti.getCa();
-            data.dir = arti.getDir();
-            data.os_user = arti.getOsUser();
+            data.mechid = trim(arti.getMechid());
+            data.machine = trim(arti.getMachine());
+            if(arti.getType()!=null) {
+	            Set<String> ss = data.type(true);
+	            for(String t : arti.getType()) {
+	            	ss.add(trim(t));
+	            }
+            }
+            data.ca = trim(arti.getCa());
+            data.dir = trim(arti.getDir());
+            data.os_user = trim(arti.getOsUser());
             // Optional (on way in)
-            data.ns = arti.getNs();
+            data.ns = trim(arti.getNs());
             data.renewDays = arti.getRenewDays();
-            data.notify = arti.getNotification();
+            data.notify = trim(arti.getNotification());
             
             // Ignored on way in for create/update
-            data.sponsor = arti.getSponsor();
-            data.expires = null;
-            
-            // Derive Optional Data from Machine (Domain) if exists
-            if (data.machine!=null) {
-                if (data.ca==null && data.machine.endsWith(".att.com")) {
-                        data.ca = "aaf"; // default
-                }
-                if (data.ns==null ) {
-                    data.ns=FQI.reverseDomain(data.machine);
-                }
+            data.sponsor = (arti.getSponsor());
+            if(arti.getSans()!=null) {
+                Set<String> ls = data.sans(true);
+	            for(String t : arti.getSans()) {
+	            	ls.add(trim(t));
+	            }
             }
-            data.sans(true).addAll(arti.getSans());
+            data.expires = null;
             ladd.add(data);
         }
         return ladd;
@@ -258,17 +259,21 @@ public class Mapper1_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> {
             Artifacts artis = new Artifacts();
             for (ArtiDAO.Data arti : lArtiDAO.value) {
                 Artifact a = new Artifact();
-                a.setMechid(arti.mechid);
-                a.setMachine(arti.machine);
-                a.setSponsor(arti.sponsor);
-                a.setNs(arti.ns);
-                a.setCa(arti.ca);
-                a.setDir(arti.dir);
-                a.getType().addAll(arti.type(false));
-                a.setOsUser(arti.os_user);
+                a.setMechid(trim(arti.mechid));
+                a.setMachine(trim(arti.machine));
+                a.setSponsor(trim(arti.sponsor));
+                a.setNs(trim(arti.ns));
+                a.setCa(trim(arti.ca));
+                a.setDir(trim(arti.dir));
+                for(String t : arti.type(false)) {
+                	a.getType().add(trim(t));
+                }
+                a.setOsUser(trim(arti.os_user));
                 a.setRenewDays(arti.renewDays);
-                a.setNotification(arti.notify);
-                a.getSans().addAll(arti.sans(false));
+                a.setNotification(trim(arti.notify));
+                for(String t : arti.sans(false)) {
+                	a.getSans().add(trim(t));
+                }
                 artis.getArtifact().add(a);
             }
             return Result.ok(artis);
@@ -279,4 +284,11 @@ public class Mapper1_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> {
     
     
 
+    private String trim(String s) {
+    	if(s==null) {
+    		return s;
+    	} else {
+    		return s.trim();
+    	}
+	}
 }
\ No newline at end of file
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java
index 2b9204c9..53388f67 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/mapper/Mapper2_0.java
@@ -210,8 +210,8 @@ public class Mapper2_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> {
             ArtiDAO.Data data = new ArtiDAO.Data();
             data.mechid = trim(arti.getMechid());
             data.machine = trim(arti.getMachine());
-            Set<String> ss = data.type(true);
             if(arti.getType()!=null) {
+                Set<String> ss = data.type(true);
 	            for(String t : arti.getType()) {
 	            	ss.add(t.trim());
 	            }
@@ -228,8 +228,8 @@ public class Mapper2_0 implements Mapper<BaseRequest,CertInfo,Artifacts,Error> {
             // Ignored on way in for create/update
             data.sponsor = trim(arti.getSponsor());
             data.expires = null;
-            ss = data.sans(true);
             if(arti.getSans()!=null) {
+              Set<String> ss = data.sans(true);
               for(String s : arti.getSans()) {
             	  ss.add(s.trim());
               }
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
index 893a6b17..6ebcadac 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java
@@ -290,7 +290,7 @@ public class CMService {
                             trans.error().log("CMService var primary is null");
                         } else {
                             String fg = fqdns.get(i);
-                            if (fg!=null && fg.equals(primary.getHostName())) {
+                            if (fg!=null && primary!=null && fg.equals(primary.getHostName())) {
                                 if (i != 0) {
                                     String tmp = fqdns.get(0);
                                     fqdns.set(0, primary.getHostName());
@@ -301,7 +301,7 @@ public class CMService {
                     }
                 }
             } catch (Exception e) {
-                trans.debug().log(e);
+                trans.error().log(e);
                 return Result.err(Status.ERR_Denied,
                         "AppID Sponsorship cannot be determined at this time.  Try later.");
             }
@@ -474,7 +474,6 @@ public class CMService {
                 // Policy 6: Only do Domain by Exception
                 if (add.machine.startsWith("*")) { // Domain set
                     CA ca = certManager.getCA(add.ca);
-
                     if (!trans.fish(new AAFPermission(ca.getPermNS(),ca.getPermType(), add.ca, DOMAIN))) {
                         return Result.err(Result.ERR_Denied, "Domain Artifacts (%s) requires specific Permission",
                                 add.machine);
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java
index f85eb44e..5835b31f 100644
--- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/validation/CertmanValidator.java
@@ -22,6 +22,7 @@
 package org.onap.aaf.auth.cm.validation;
 
 import java.util.List;
+import java.util.regex.Pattern;
 
 import org.onap.aaf.auth.dao.cass.ArtiDAO;
 import org.onap.aaf.auth.dao.cass.ArtiDAO.Data;
@@ -47,7 +48,13 @@ public class CertmanValidator extends Validator{
     private static final String MUST_HAVE_AT_LEAST = " must have at least ";
     private static final String IS_NULL = " is null.";
     private static final String ARTIFACTS_MUST_HAVE_AT_LEAST = "Artifacts must have at least ";
-
+	private static final Pattern ALPHA_NUM = Pattern.compile("[a-zA-Z0-9]*");
+	
+	private static boolean disallowTmp = true;
+	public static void allowTmp() {
+		disallowTmp=false;
+	}
+	
     public CertmanValidator nullBlankMin(String name, List<String> list, int min) {
         if (list==null) {
             msg(name + IS_NULL);
@@ -72,7 +79,7 @@ public class CertmanValidator extends Validator{
             } else {
                 for (ArtiDAO.Data a : list) {
                     allRequired(a);
-                    if(a.dir!=null && a.dir.startsWith("/tmp")) {
+                    if(disallowTmp && a.dir!=null && a.dir.startsWith("/tmp")) {
                     	msg("Certificates may not be deployed into /tmp directory (they will be removed at a random time by O/S)");
                     }
                 }
@@ -99,7 +106,8 @@ public class CertmanValidator extends Validator{
             nullOrBlank(MACHINE, a.machine);
             nullOrBlank("ca",a.ca);
             nullOrBlank("dir",a.dir);
-            nullOrBlank("os_user",a.os_user);
+           	match("NS must be dot separated AlphaNumeric",a.ns,NAME_CHARS);
+            match("O/S User must be AlphaNumeric",a.os_user,ALPHA_NUM);
             // Note: AppName, Notify & Sponsor are currently not required
         }
         return this;
diff --git a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/validation/JU_CertmanValidator.java b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/validation/JU_CertmanValidator.java
index 4aa3d6d3..6d090398 100644
--- a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/validation/JU_CertmanValidator.java
+++ b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/validation/JU_CertmanValidator.java
@@ -80,7 +80,7 @@ public class JU_CertmanValidator {
     public void artisRequired_shouldReportErrorWhenArtifactDoesNotHaveAllRequiredFields() {
 
         certmanValidator.artisRequired(newArrayList(newArtifactData("id", "", "ca", "dir", "user")), 1);
-        assertEquals("machine is blank.\n", certmanValidator.errs());
+        assertEquals("machine is blank.\n"  + "NS must be dot separated AlphaNumeric\n", certmanValidator.errs());
     }
 
     @Test
diff --git a/auth/auth-cmd/pom.xml b/auth/auth-cmd/pom.xml
index a564b59a..6c6505fc 100644
--- a/auth/auth-cmd/pom.xml
+++ b/auth/auth-cmd/pom.xml
@@ -18,7 +18,7 @@
 	<parent>
 		<groupId>org.onap.aaf.authz</groupId>
 		<artifactId>authparent</artifactId>
-		<version>2.1.14-SNAPSHOT</version>
+		<version>2.1.15-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
diff --git a/auth/auth-core/pom.xml b/auth/auth-core/pom.xml
index 13952e4c..a7ae68c6 100644
--- a/auth/auth-core/pom.xml
+++ b/auth/auth-core/pom.xml
@@ -25,7 +25,7 @@
 	<parent>
 		<groupId>org.onap.aaf.authz</groupId>
 		<artifactId>authparent</artifactId>
-		<version>2.1.14-SNAPSHOT</version>
+		<version>2.1.15-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/validation/Validator.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/validation/Validator.java
index 98c09076..6d519c64 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/validation/Validator.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/validation/Validator.java
@@ -86,8 +86,15 @@ public class Validator {
     }
 
     protected final boolean noMatch(String str, Pattern p) {
-        return !p.matcher(str).matches();
+        return str==null || !p.matcher(str).matches();
     }
+
+    protected final void match(String text, String str, Pattern p) {
+    	if(str==null || !p.matcher(str).matches()) {
+    		msg(text);
+    	}
+    }
+
     protected final boolean nob(String str, Pattern p) {
         return str==null || !p.matcher(str).matches(); 
     }
diff --git a/auth/auth-deforg/pom.xml b/auth/auth-deforg/pom.xml
index a72a38a5..a4bf5e7b 100644
--- a/auth/auth-deforg/pom.xml
+++ b/auth/auth-deforg/pom.xml
@@ -26,7 +26,7 @@
 		<artifactId>authparent</artifactId>
 		<relativePath>../pom.xml</relativePath>
 		<groupId>org.onap.aaf.authz</groupId>
-		<version>2.1.14-SNAPSHOT</version>
+		<version>2.1.15-SNAPSHOT</version>
 	</parent>
 
 	<artifactId>aaf-auth-deforg</artifactId>
diff --git a/auth/auth-fs/pom.xml b/auth/auth-fs/pom.xml
index f5985e20..fc86d4a9 100644
--- a/auth/auth-fs/pom.xml
+++ b/auth/auth-fs/pom.xml
@@ -17,7 +17,7 @@
 	<parent>
 		<groupId>org.onap.aaf.authz</groupId>
 		<artifactId>authparent</artifactId>
-		<version>2.1.14-SNAPSHOT</version>
+		<version>2.1.15-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
diff --git a/auth/auth-gui/pom.xml b/auth/auth-gui/pom.xml
index 884aff86..8dc9551a 100644
--- a/auth/auth-gui/pom.xml
+++ b/auth/auth-gui/pom.xml
@@ -17,7 +17,7 @@
 	<parent>
 		<groupId>org.onap.aaf.authz</groupId>
 		<artifactId>authparent</artifactId>
-		<version>2.1.14-SNAPSHOT</version>
+		<version>2.1.15-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtiChangeAction.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtiChangeAction.java
index 1e06b109..f67f6d5c 100644
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtiChangeAction.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtiChangeAction.java
@@ -37,12 +37,13 @@ import org.onap.aaf.cadi.client.Rcli;
 import org.onap.aaf.cadi.client.Retryable;
 import org.onap.aaf.cadi.util.Vars;
 import org.onap.aaf.misc.env.APIException;
-import org.onap.aaf.misc.env.Slot;
 import org.onap.aaf.misc.env.Data.TYPE;
+import org.onap.aaf.misc.env.Slot;
 import org.onap.aaf.misc.env.util.IPValidator;
 import org.onap.aaf.misc.env.util.Split;
 import org.onap.aaf.misc.xgen.Cache;
 import org.onap.aaf.misc.xgen.DynamicCode;
+import org.onap.aaf.misc.xgen.Mark;
 import org.onap.aaf.misc.xgen.html.HTMLGen;
 
 import aaf.v2_0.Error;
@@ -72,7 +73,7 @@ public class CMArtiChangeAction extends Page {
                     cache.dynamic(hgen, new DynamicCode<HTMLGen,AAF_GUI, AuthzTrans>() {
                         @Override
                         public void code(final AAF_GUI gui, final AuthzTrans trans,final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
-trans.info().log("Step 1");
+                        	trans.info().log("Step 1");
                             final Artifact arti = new Artifact();
                             final String machine = trans.get(sMachine,null);
                             final String ca = trans.get(sCA, null);
@@ -105,13 +106,6 @@ trans.info().log("Step 1");
 	                                }
 	                            }
 	                            
-	                            // Disallow Domain based Definitions without exception
-	                            if (machine.startsWith("*")) { // Domain set
-	                                if (!trans.fish(getPerm(ca, "domain"))) {
-	                                    hgen.p("Policy Failure: Domain Artifact Declarations are only allowed by Exception.");
-	                                    return;
-	                                }
-	                            }
                             }
                             
                             arti.setMechid((String)trans.get(sID,null));
@@ -193,9 +187,24 @@ trans.info().log("Step 1");
                                         if (f==null) {
                                             hgen.p("Unknown Command");
                                         } else {
-                                            if (f.body().contains("%")) {
+                                            if (f.code() > 201) {
                                                 Error err = gui.getDF(Error.class).newData().in(TYPE.JSON).load(f.body()).asObject();
-                                                hgen.p(Vars.convert(err.getText(),err.getVariables()));
+                                                if(f.body().contains("%") ) {
+                                                    hgen.p(Vars.convert(err.getText(),err.getVariables()));
+                                                } else {
+                                            		int colon = err.getText().indexOf(':');
+                                            		if(colon>0) {
+                                            			hgen.p(err.getMessageId() + ": " + err.getText().substring(0, colon));
+                                            			Mark bq = new Mark();
+                                                		hgen.incr(bq,"blockquote");
+	                                                	for(String em : Split.splitTrim('\n', err.getText().substring(colon+1))) {
+	                                                		hgen.p(em);
+	                                                	}
+	                                                	hgen.end(bq);
+                                            		} else {
+                                            			hgen.p(err.getMessageId() + ": " + err.getText());
+                                            		}
+                                                }
                                             } else {
                                                 hgen.p(arti.getMechid() + " on " + arti.getMachine() + ": " + f.body());
                                             }
diff --git a/auth/auth-hello/pom.xml b/auth/auth-hello/pom.xml
index 25b836cd..665d724f 100644
--- a/auth/auth-hello/pom.xml
+++ b/auth/auth-hello/pom.xml
@@ -17,7 +17,7 @@
 	<parent>
 		<groupId>org.onap.aaf.authz</groupId>
 		<artifactId>authparent</artifactId>
-		<version>2.1.14-SNAPSHOT</version>
+		<version>2.1.15-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
diff --git a/auth/auth-locate/pom.xml b/auth/auth-locate/pom.xml
index 6a855877..8ca9c892 100644
--- a/auth/auth-locate/pom.xml
+++ b/auth/auth-locate/pom.xml
@@ -17,7 +17,7 @@
 	<parent>
 		<groupId>org.onap.aaf.authz</groupId>
 		<artifactId>authparent</artifactId>
-		<version>2.1.14-SNAPSHOT</version>
+		<version>2.1.15-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java
index 5ebabed7..ebbeae6b 100644
--- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java
+++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java
@@ -182,7 +182,7 @@ public class AAF_Locate extends AbsService<AuthzEnv, AuthzTrans> {
     protected AAFConHttp _newAAFConHttp() throws CadiException {
         try {
             if (dal==null) {
-                dal = AbsAAFLocator.create("%AAF_NS.service",Config.AAF_DEFAULT_API_VERSION);
+                dal = AbsAAFLocator.create("%CNS.%NS.service",Config.AAF_DEFAULT_API_VERSION);
             }
             // utilize pre-constructed DirectAAFLocator
             return new AAFConHttp(env.access(),dal);
diff --git a/auth/auth-oauth/pom.xml b/auth/auth-oauth/pom.xml
index 2c7cc758..ec4c5bec 100644
--- a/auth/auth-oauth/pom.xml
+++ b/auth/auth-oauth/pom.xml
@@ -17,7 +17,7 @@
 	<parent>
 		<groupId>org.onap.aaf.authz</groupId>
 		<artifactId>authparent</artifactId>
-		<version>2.1.14-SNAPSHOT</version>
+		<version>2.1.15-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
diff --git a/auth/auth-service/pom.xml b/auth/auth-service/pom.xml
index ff334874..72713dd3 100644
--- a/auth/auth-service/pom.xml
+++ b/auth/auth-service/pom.xml
@@ -17,7 +17,7 @@
 	<parent>
 		<groupId>org.onap.aaf.authz</groupId>
 		<artifactId>authparent</artifactId>
-		<version>2.1.14-SNAPSHOT</version>
+		<version>2.1.15-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 
diff --git a/auth/docker/Dockerfile.ms b/auth/docker/Dockerfile.ms
new file mode 100644
index 00000000..351c3798
--- /dev/null
+++ b/auth/docker/Dockerfile.ms
@@ -0,0 +1,47 @@
+#########
+#  ============LICENSE_START====================================================
+#  org.onap.aaf
+#  ===========================================================================
+#  Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
+#  ===========================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#  ============LICENSE_END====================================================
+#
+FROM ${DOCKER_REPOSITORY}/onap/aaf/aaf_core:${AAF_VERSION}
+MAINTAINER AAF Team, AT&T 2018
+ENV VERSION=${AAF_VERSION}
+
+LABEL description="aaf_${AAF_COMPONENT}"
+LABEL version=${AAF_VERSION}
+ 
+COPY bin/pod_wait.sh /opt/app/aaf/bin/
+RUN mkdir -p /opt/app/osaaf &&\
+    mkdir -p /opt/app/aaf/status &&\
+    chmod 755 /opt/app/aaf/bin/* &&\
+    if [ -n "${DUSER}" ]; then  chown ${DUSER}:${DUSER} /opt/app/aaf/status \
+    && chown ${DUSER}:${DUSER} /opt/app/osaaf \
+    && chown -R ${DUSER}:${DUSER} /opt/app/aaf; fi
+
+#CMD ["bash","-c","cd /opt/app/aaf;bin/${AAF_COMPONENT}"]
+CMD []
+
+# For Debugging installation
+# CMD ["/bin/bash","-c","pwd;cd /opt/app/osaaf;find /opt/app/osaaf -depth;df -k; cat /opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT};cat /etc/hosts;/opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT}"]
+# Java Debugging VM Args
+#     "-Xdebug",\
+#     "-Xnoagent",\
+#     "-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8000",\
+
+# TLS Debugging VM Args
+#     "-Djavax.net.debug","ssl", \
+     
diff --git a/auth/docker/agent.sh b/auth/docker/agent.sh
index 0538b70d..b0ae3fd0 100644
--- a/auth/docker/agent.sh
+++ b/auth/docker/agent.sh
@@ -28,7 +28,7 @@ fi
 . ./aaf.props
 
 DOCKER=${DOCKER:=docker}
-CADI_VERSION=${CADI_VERSION:=2.1.14-SNAPSHOT}
+CADI_VERSION=${CADI_VERSION:=2.1.15-SNAPSHOT}
 
 for V in VERSION DOCKER_REPOSITORY HOSTNAME CONTAINER_NS AAF_FQDN AAF_FQDN_IP DEPLOY_FQI APP_FQDN APP_FQI VOLUME DRIVER LATITUDE LONGITUDE; do
    if [ "$(grep $V ./aaf.props)" = "" ]; then
diff --git a/auth/helm/aaf-hello/values.yaml b/auth/helm/aaf-hello/values.yaml
index 3a0a377c..cc8765f5 100644
--- a/auth/helm/aaf-hello/values.yaml
+++ b/auth/helm/aaf-hello/values.yaml
@@ -54,7 +54,7 @@ image:
   # When using Docker Repo, add, and include trailing "/"
   # repository: nexus3.onap.org:10003/
   # repository: localhost:5000/
-  version: 2.1.14-SNAPSHOT
+  version: 2.1.15-SNAPSHOT
 
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
diff --git a/auth/helm/aaf/Chart.yaml b/auth/helm/aaf/Chart.yaml
index d0a1d286..3f370a55 100644
--- a/auth/helm/aaf/Chart.yaml
+++ b/auth/helm/aaf/Chart.yaml
@@ -22,4 +22,4 @@ apiVersion: v1
 appVersion: "1.0"
 description: AAF Helm Chart
 name: aaf
-version: 2.1.14-SNAPSHOT
+version: 2.1.15-SNAPSHOT
diff --git a/auth/helm/aaf/values.yaml b/auth/helm/aaf/values.yaml
index fae26290..324cbc64 100644
--- a/auth/helm/aaf/values.yaml
+++ b/auth/helm/aaf/values.yaml
@@ -31,11 +31,11 @@ services:
   aaf_env: "DEV"
   public_fqdn: "aaf.osaaf.org"
 # DUBLIN ONLY - for M4 compatibility with Casablanca
-  aaf_locator_name: "public.%NS.%N"
-  aaf_locator_name_helm: "%NS.%N"
+#  aaf_locator_name: "public.%NS.%N"
+#  aaf_locator_name_helm: "%NS.%N"
 # EL ALTO and Beyond
-#  aaf_locator_name: "%NS.%N"
-#  aaf_locator_name_helm: "%CNS.%NS.%N"
+  aaf_locator_name: "%NS.%N"
+  aaf_locator_name_helm: "%CNS.%NS.%N"
   cadi_latitude: "38.0"  
   cadi_longitude: "-72.0"  
   cass:
@@ -114,7 +114,7 @@ image:
   # When using Docker Repo, add, and include trailing "/"
   # repository: nexus3.onap.org:10003/
   # repository: localhost:5000/
-  version: 2.1.14-SNAPSHOT
+  version: 2.1.15-SNAPSHOT
 
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
diff --git a/auth/pom.xml b/auth/pom.xml
index 7951a641..071c1841 100644
--- a/auth/pom.xml
+++ b/auth/pom.xml
@@ -26,7 +26,7 @@
 	<parent>
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>parent</artifactId>
-        <version>2.1.14-SNAPSHOT</version>
+        <version>2.1.15-SNAPSHOT</version>
     </parent>
 	<artifactId>authparent</artifactId>
 	<name>AAF Auth Parent</name>
diff --git a/auth/sample/logs/clean b/auth/sample/logs/clean
index 7d5152b9..7fa18ef8 100644
--- a/auth/sample/logs/clean
+++ b/auth/sample/logs/clean
@@ -1,7 +1,7 @@
 cd /opt/app/osaaf/logs
 for D in `find . -type d`; do 
   if [ "$D" != "./" ]; then 
-	rm -f $D/*.log
+	rm -f $D/*.log.*
   fi
 done
 
diff --git a/cadi/aaf/pom.xml b/cadi/aaf/pom.xml
index ea8bb1ee..b5767b26 100644
--- a/cadi/aaf/pom.xml
+++ b/cadi/aaf/pom.xml
@@ -24,7 +24,7 @@
 	<parent>
 		<groupId>org.onap.aaf.authz</groupId>
 		<artifactId>cadiparent</artifactId>
-		<version>2.1.14-SNAPSHOT</version>
+		<version>2.1.15-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java
index f02c17f8..efcaa7ef 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java
@@ -76,7 +76,7 @@ public class TestConnectivity {
                 List<SecuritySetter<HttpURLConnection>> lss = loadSetters(access,si);
                 /////////
                 String directAAFURL = aaf_urls.get(Config.AAF_URL);
-                if(directAAFURL!=null && !directAAFURL.contains("/locate/") || !directAAFURL.contains("AAF_LOCATE_URL")) {
+                if(directAAFURL!=null && !(directAAFURL.contains("/locate/") || directAAFURL.contains("AAF_LOCATE_URL"))) {
                     print(true,"Test Connections by non-located aaf_url");
                     Locator<URI> locator = new SingleEndpointLocator(directAAFURL);
                     connectTest(locator,new URI(directAAFURL));
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
index aa9bf138..fda591e3 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/configure/Agent.java
@@ -52,6 +52,7 @@ import org.onap.aaf.cadi.CmdLine;
 import org.onap.aaf.cadi.LocatorException;
 import org.onap.aaf.cadi.PropAccess;
 import org.onap.aaf.cadi.Symm;
+import org.onap.aaf.cadi.aaf.TestConnectivity;
 import org.onap.aaf.cadi.aaf.client.ErrMessage;
 import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
 import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
@@ -137,6 +138,13 @@ public class Agent {
                 System.out.println(HASHES);
             }
             CmdLine.main(newArgs);
+        } else if(args.length>0 && "connectivity".equals(args[0])) {
+            String[] newArgs = new String[args.length-1];
+            System.arraycopy(args, 1, newArgs, 0, newArgs.length);
+            if(newArgs.length>0 && newArgs[0].indexOf('@')>=0) {
+            	newArgs[0]=FQI.reverseDomain(newArgs[0])+".props";
+            }
+        	TestConnectivity.main(newArgs);
         } else {
             try {
                 AAFSSO aafsso=null;
@@ -235,17 +243,18 @@ public class Agent {
                         }
                         // NOTE: CHANGE IN CMDS should be reflected in AAFSSO constructor, to get FQI->aaf-id or not
                         System.out.println("Usage: java -jar <cadi-aaf-*-full.jar> cmd [<tag=value>]*");
-                        System.out.println("   create     <FQI> [<machine>]");
-                        System.out.println("   read       <FQI> [<machine>]");
-                        System.out.println("   update     <FQI> [<machine>]");
-                        System.out.println("   delete     <FQI> [<machine>]");
-                        System.out.println("   copy       <FQI> <machine> <newmachine>[,<newmachine>]*");
-                        System.out.println("   place      <FQI> [<machine>]");
-                        System.out.println("   showpass   <FQI> [<machine>]");
-                        System.out.println("   check      <FQI> [<machine>]");
-                        System.out.println("   keypairgen <FQI>");
-                        System.out.println("   config     <FQI>");
-                        System.out.println("   validate   <NS>.props>");
+                        System.out.println("   create       <FQI> [<machine>]");
+                        System.out.println("   read         <FQI> [<machine>]");
+                        System.out.println("   update       <FQI> [<machine>]");
+                        System.out.println("   delete       <FQI> [<machine>]");
+                        System.out.println("   copy         <FQI> <machine> <newmachine>[,<newmachine>]*");
+                        System.out.println("   place        <FQI> [<machine>]");
+                        System.out.println("   showpass     <FQI> [<machine>]");
+                        System.out.println("   check        <FQI> [<machine>]");
+                        System.out.println("   keypairgen   <FQI>");
+                        System.out.println("   config       <FQI>");
+                        System.out.println("   validate     <NS>.props>");
+                        System.out.println("   connectivity <NS>.props>");
                         System.out.println("   --- Additional Tool Access ---");
                         System.out.println("     ** Type with no params for Tool Help");
                         System.out.println("     ** If using with Agent, preface with \"cadi\"");
diff --git a/cadi/client/pom.xml b/cadi/client/pom.xml
index b2ae7052..38bee291 100644
--- a/cadi/client/pom.xml
+++ b/cadi/client/pom.xml
@@ -22,7 +22,7 @@
 	<parent>
 		<groupId>org.onap.aaf.authz</groupId>
 		<artifactId>cadiparent</artifactId>
-		<version>2.1.14-SNAPSHOT</version>
+		<version>2.1.15-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 
diff --git a/cadi/core/pom.xml b/cadi/core/pom.xml
index 9f1d8aeb..337262da 100644
--- a/cadi/core/pom.xml
+++ b/cadi/core/pom.xml
@@ -16,7 +16,7 @@
 		<groupId>org.onap.aaf.authz</groupId>
 		<artifactId>cadiparent</artifactId>
 		<relativePath>..</relativePath>
-		<version>2.1.14-SNAPSHOT</version>
+		<version>2.1.15-SNAPSHOT</version>
 	</parent>
 
 	<modelVersion>4.0.0</modelVersion>
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java
index 994e3250..26aa98cb 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java
@@ -21,12 +21,14 @@
 
 package org.onap.aaf.cadi;
 
+import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.PrintStream;
 import java.io.PrintWriter;
+import java.io.StringBufferInputStream;
 import java.io.StringWriter;
 import java.text.DateFormat;
 import java.text.SimpleDateFormat;
@@ -303,6 +305,11 @@ public class PropAccess implements Access {
             if (o!=null) {
             	if(o.getClass().isArray()) {
             		first = write(first,sb,(Object[])o);
+            	} else if(o instanceof Throwable) {
+            		ByteArrayOutputStream baos = new ByteArrayOutputStream();
+            		PrintStream ps = new PrintStream(baos);
+            		((Throwable)o).printStackTrace(ps);
+            		sb.append(baos.toString());
             	} else {
 	                s=o.toString();
 	                if (first) {
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
index 48f5e2d1..b53b54da 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
@@ -976,6 +976,7 @@ public class Config {
 	    public static<T> void add(Access access, final String tag, List<Priori<T>> list) {
 		    String plugins = access.getProperty(tag, null);
 		    if(plugins!=null) {
+		    	access.log(Level.INIT, "Adding TAF Plugins: ", plugins);
 		    	for(String tafs : Split.splitTrim(';', plugins)) {
 		    		String[] pluginArray = Split.splitTrim(',', tafs);
 		    		String clssn = null;
@@ -1004,7 +1005,12 @@ public class Config {
 			            		try {
 									list.add(new Priori<T>(cnst.newInstance(access),priority));
 								} catch (InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
-									access.printf(Level.ERROR, "%s cannot be constructed with Access.\n",clssn);
+									String hostname = access.getProperty(Config.HOSTNAME,null);
+									if(hostname==null) {
+										access.printf(Level.ERROR, "%s cannot be constructed on this machine.  Set valid 'hostname' in your properties\n",clssn);	
+									} else {
+										access.printf(Level.ERROR, "%s cannot be constructed on %s with Access.\n",clssn, hostname);
+									}
 								}
 							} catch (NoSuchMethodException | SecurityException e) {
 								access.printf(Level.ERROR, "%s needs a Constructor taking Access as sole param.\n",clssn);
diff --git a/cadi/oauth-enduser/pom.xml b/cadi/oauth-enduser/pom.xml
index f4253bd6..14d3f77e 100644
--- a/cadi/oauth-enduser/pom.xml
+++ b/cadi/oauth-enduser/pom.xml
@@ -25,7 +25,7 @@
 	<parent>
 		<groupId>org.onap.aaf.authz</groupId>
 		<artifactId>cadiparent</artifactId>
-		<version>2.1.14-SNAPSHOT</version>
+		<version>2.1.15-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 	
diff --git a/cadi/pom.xml b/cadi/pom.xml
index 87d1ca75..fa1dd0f1 100644
--- a/cadi/pom.xml
+++ b/cadi/pom.xml
@@ -24,7 +24,7 @@
 	<parent>
 	    <groupId>org.onap.aaf.authz</groupId>
 	    <artifactId>parent</artifactId>
-	    <version>2.1.14-SNAPSHOT</version>
+	    <version>2.1.15-SNAPSHOT</version>
     </parent>
 	<artifactId>cadiparent</artifactId>
 	<name>AAF CADI Parent (Code, Access, Data, Identity)</name>
diff --git a/cadi/servlet-sample/pom.xml b/cadi/servlet-sample/pom.xml
index f46d197f..1533ad91 100644
--- a/cadi/servlet-sample/pom.xml
+++ b/cadi/servlet-sample/pom.xml
@@ -4,7 +4,7 @@
 		<groupId>org.onap.aaf.authz</groupId>
 		<artifactId>cadiparent</artifactId>
 		<relativePath>..</relativePath>
-		<version>2.1.14-SNAPSHOT</version>
+		<version>2.1.15-SNAPSHOT</version>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
 	<name>CADI Servlet Sample (Test Only)</name>
diff --git a/misc/env/pom.xml b/misc/env/pom.xml
index 1192b78c..a0c6e4b7 100644
--- a/misc/env/pom.xml
+++ b/misc/env/pom.xml
@@ -24,7 +24,7 @@
 	<parent>
 		<groupId>org.onap.aaf.authz</groupId>
 		<artifactId>miscparent</artifactId>
-		<version>2.1.14-SNAPSHOT</version>
+		<version>2.1.15-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 
diff --git a/misc/log4j/pom.xml b/misc/log4j/pom.xml
index d0129977..214805c8 100644
--- a/misc/log4j/pom.xml
+++ b/misc/log4j/pom.xml
@@ -24,7 +24,7 @@
 	<parent>
 		<groupId>org.onap.aaf.authz</groupId>
 		<artifactId>miscparent</artifactId>
-		<version>2.1.14-SNAPSHOT</version>
+		<version>2.1.15-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 
diff --git a/misc/pom.xml b/misc/pom.xml
index 198f3d29..47ec26cf 100644
--- a/misc/pom.xml
+++ b/misc/pom.xml
@@ -25,7 +25,7 @@
 	<parent>
        <groupId>org.onap.aaf.authz</groupId>
        <artifactId>parent</artifactId>
-       <version>2.1.14-SNAPSHOT</version>
+       <version>2.1.15-SNAPSHOT</version>
     </parent>
 	<artifactId>miscparent</artifactId>
 	<name>AAF Misc Parent</name>
diff --git a/misc/rosetta/pom.xml b/misc/rosetta/pom.xml
index 9a82cea2..53295ab1 100644
--- a/misc/rosetta/pom.xml
+++ b/misc/rosetta/pom.xml
@@ -24,7 +24,7 @@
 	<parent>
 		<groupId>org.onap.aaf.authz</groupId>
 		<artifactId>miscparent</artifactId>
-		<version>2.1.14-SNAPSHOT</version>
+		<version>2.1.15-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 
diff --git a/misc/xgen/pom.xml b/misc/xgen/pom.xml
index 7b1280f4..8a08d5ba 100644
--- a/misc/xgen/pom.xml
+++ b/misc/xgen/pom.xml
@@ -24,7 +24,7 @@
 	<parent>
 		<groupId>org.onap.aaf.authz</groupId>
 		<artifactId>miscparent</artifactId>
-		<version>2.1.14-SNAPSHOT</version>
+		<version>2.1.15-SNAPSHOT</version>
 		<relativePath>..</relativePath>
 	</parent>
 
diff --git a/pom.xml b/pom.xml
index 753fc02c..ea732586 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.onap.aaf.authz</groupId>
     <artifactId>parent</artifactId>
-    <version>2.1.14-SNAPSHOT</version>
+    <version>2.1.15-SNAPSHOT</version>
     <name>aaf-authz</name>
     <packaging>pom</packaging>
 
diff --git a/version.properties b/version.properties
index d632abee..e341f3e4 100644
--- a/version.properties
+++ b/version.properties
@@ -24,10 +24,10 @@
 # Note that these variables cannot be structured (e.g. : version.release or version.snapshot etc... )
 # because they are used in Jenkins, whose plug-in doesn't support
 
-# This TAG <version>2.1.14-SNAPSHOT</version> is here to help remember to change this file.  Keep it up to date with the following "real" entries:
+# This TAG <version>2.1.15-SNAPSHOT</version> is here to help remember to change this file.  Keep it up to date with the following "real" entries:
 major=2
 minor=1
-patch=14
+patch=15
 
 base_version=${major}.${minor}.${patch}
 
-- 
2.16.6