From 3e0ba3015118b87223fdc6d5e876536fd4ac847b Mon Sep 17 00:00:00 2001 From: =?utf8?q?Michael=20D=C3=9Crre?= Date: Mon, 22 Feb 2021 15:12:24 +0100 Subject: [PATCH] fixed oauth scenario MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit add oauth aaa-app-config into container to cp if flag is set Issue-ID: SDNC-1486 Signed-off-by: Michael DÜrre Change-Id: I30fcced6f49341110b9ec259d629d2bf86700f3a --- installation/sdnc/pom.xml | 1 + .../src/main/resources/oauth-aaa-app-config.xml | 347 +++++++++++++++++++++ installation/sdnc/src/main/scripts/startODL.sh | 18 +- 3 files changed, 360 insertions(+), 6 deletions(-) create mode 100644 installation/sdnc/src/main/resources/oauth-aaa-app-config.xml diff --git a/installation/sdnc/pom.xml b/installation/sdnc/pom.xml index 57b560e9..be951d2d 100644 --- a/installation/sdnc/pom.xml +++ b/installation/sdnc/pom.xml @@ -347,6 +347,7 @@ src/main/resources *.dump + oauth-aaa-app-config.xml false diff --git a/installation/sdnc/src/main/resources/oauth-aaa-app-config.xml b/installation/sdnc/src/main/resources/oauth-aaa-app-config.xml new file mode 100644 index 00000000..a8c44d32 --- /dev/null +++ b/installation/sdnc/src/main/resources/oauth-aaa-app-config.xml @@ -0,0 +1,347 @@ + + + + + + + + + + + + + + + + + + + + + + + + + +
+ tokenAuthRealm + org.onap.ccsdk.features.sdnr.wt.oauthprovider.OAuth2Realm +
+ + + + + + + + + + + +
+ securityManager.realms + $tokenAuthRealm +
+ +
+ authcBasic + org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter +
+
+ anyroles + org.opendaylight.aaa.shiro.filters.AnyRoleHttpAuthenticationFilter +
+
+ authcBearer + org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter2 +
+ + + + +
+ accountingListener + org.opendaylight.aaa.shiro.filters.AuthenticationListener +
+
+ securityManager.authenticator.authenticationListeners + $accountingListener +
+ + +
+ dynamicAuthorization + org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter +
+ + + + + + + + + /**/operations/cluster-admin** + authcBearer, roles[admin] + + + /**/v1/** + authcBearer, roles[admin] + + + /**/config/aaa*/** + authcBearer, roles[admin] + + + /oauth/** + anon + + + /odlux/** + anon + + + /apidoc/** + authcBasic + + + /rests/** + authcBearer, roles[admin] + + + /** + authcBearer, roles[admin] + + + diff --git a/installation/sdnc/src/main/scripts/startODL.sh b/installation/sdnc/src/main/scripts/startODL.sh index 81e6d7f1..7a224877 100755 --- a/installation/sdnc/src/main/scripts/startODL.sh +++ b/installation/sdnc/src/main/scripts/startODL.sh @@ -220,11 +220,7 @@ if $ODL_REMOVEIDMDB ; then rm $ODL_HOME/data/idmlight.db.mv.db fi fi -# do not start container if ADMIN_PASSWORD is not set -if [ -z "$ODL_ADMIN_PASSWORD" ]; then - echo "ODL_ADMIN_PASSWORD is not set" - exit 1 -fi + SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc} SDNC_BIN=${SDNC_BIN:-/opt/onap/sdnc/bin} # Whether to intialize MYSql DB or not. Default is to initialize @@ -329,6 +325,12 @@ if $SDNRINIT ; then fi fi +# do not start container if ADMIN_PASSWORD is not set +if [ -z "$ODL_ADMIN_PASSWORD" ]; then + echo "ODL_ADMIN_PASSWORD is not set" + exit 1 +fi + # Check for MySQL DB connectivity only if SDNC_DB_INIT is set to "true" if $SDNC_DB_INIT; then # @@ -343,6 +345,7 @@ if $SDNC_DB_INIT; then printf "\nmysql ready" fi + if [ ! -d "${INSTALLED_DIR}" ] then mkdir -p "${INSTALLED_DIR}" @@ -367,7 +370,10 @@ then fi if $SDNRWT ; then install_sdnrwt_features ; fi - if $ENABLE_OAUTH ; then install_sdnr_oauth_features ; fi + if $ENABLE_OAUTH ; then + cp $SDNC_HOME/data/oauth-aaa-app-config.xml $ODL_HOME/system/org/opendaylight/aaa/aaa-shiro/0.12.1/aaa-shiro-0.12.1-aaa-app-config.xml + install_sdnr_oauth_features + fi # The enable_odl_cluster call should not be moved above this line as the cleanFeatureBoot will overwrite entries. Ex: odl-jolokia if $ENABLE_ODL_CLUSTER ; then enable_odl_cluster ; fi -- 2.16.6