SDC provides a set of external API's that are exposed from our side SDC API.
This API's are authenticated using basic authentication.
In order to integrate with other components, consumers are configured per component. This operation is performed as an integral part of executing the Backend Docker.
The following users are predefined:
- appc
- vid
- dcae
- aai
- sdnc
- mso
For the purposes of this document the manual consumer configuration process is described.
To create new SDC consumers:
you will need to compile our security utiles project, the project has a set of functionalities for hashing password using SHA-256.
clone the SDC project:
git clone http://gerrit.onap.org/r/a/sdc
- Under the cloned project go to security-utils.
Run:
mvn clean install
- If you get the error message "No compiler is provided in this environment. Perhaps you are running on a JRE rather than a JDK?" try running
sudo apt-get install openjdk-8-jdk
, then redo themvn
command.
- If you get the error message "No compiler is provided in this environment. Perhaps you are running on a JRE rather than a JDK?" try running
- This will generate a security-utils-<version>.jar under the target dir.
Executed the jar with the password you want to generate a hash for:
java -cp /tmp/security-utils-*.jar org.openecomp.sdc.security.Passwords password
- The jar will return the salt and the hash generated by adding the salt to the provided password before hashing it. the response format is <salt>:<hash>
- Now that we have the salt we need to create a consumer in SDC.
To create a consumer execute the following curl command towards the SDC backend server:
curl -X POST -i -H "Accept: application/json; charset=UTF-8" -H "Content-Type: application/json" -H "USER_ID: jh0003" http://<ip of the server you want to accses>:8080/sdc2/rest/v1/consumers/ -d '{"consumerName": '<consumer name>', "consumerSalt": '<salt>',"consumerPassword": '<hash>'}'
- The CURL creates the consumer in the SDC DB. from this moment you can access our external API's using the consumer name and the password used for the hash generation.
- the hash function is a one way so if you forget the password SDC will not be able to recreate it and you will need to delete the consumer and create a new one.
- This information should be added to the API call as a basic authentication header.
You can check if the created user exists by calling:
curl -X GET -i -H "Accept: application/json; charset=UTF-8" -H "Content-Type: application/json" -H "USER_ID: jh0003" http://localhost:8080/sdc2/rest/v1/consumers/<consumer name> HTTP/1.1 200 OK Set-Cookie: JSESSIONID=1ahpyqpjjgfblahos4f03qun9;Path=/ Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Type: application/json;charset=UTF-8 X-ECOMP-RequestID: 6e47cbde-44e8-4b82-8f17-c6a731bf0081 Vary: Accept-Encoding, User-Agent Content-Length: 268 Server: Jetty(9.3.12.v20160915) {"consumerName":"<consumer name>","consumerPassword":"<counsumer hashed password>","consumerSalt":"eaa62d9681d8f803ac05db342e3c9cc0","consumerLastAuthenticationTime":0,"consumerDetailsLastupdatedtime":1481211500749,"lastModfierUserId":"jh0003"}
In Linux you can use this commands:
Run the following commands, providing consumer specific values for the parameters that are inside <>:
consumerName=<Consumer user name> (For example: appc ) user_pass=<Consumer password> (For example: appcos ) IP=localhost <OR Docker IP> enc_pass=`java -cp <jar locataion>/security-utils-*.jar org.openecomp.sdc.security.Passwords $user_pass |tr '[]' ' '|awk '{print $1}'` salt=`echo $enc_pass |awk -F: '{print $1}' pass=`echo $enc_pass |awk -F: '{print $2}' curl -X POST -i -H "Accept: application/json; charset=UTF-8" -H "Content-Type: application/json" -H "USER_ID: jh0003" http://$IP:8080/sdc2/rest/v1/consumers/ -d '{"consumerName": '$consumerName', "consumerSalt": '$salt',"consumerPassword": '$pass'}'
Note: Repeat the consumer creation process for each consumer, providing Consumer specificconsumerNameand user_pass
For Eample:consumerName=appc user_pass=appcos enc_pass=`java -cp /tmp/security-utils-1702.0.11.jar org.openecomp.sdc.security.Passwords $user_pass |tr '[]' ' '|awk '{print $1}'` salt=`echo $enc_pass |awk -F: '{print $1}'` pass=`echo $enc_pass |awk -F: '{print $2}'` curl -X POST -i -H "Accept: application/json; charset=UTF-8" -H "Content-Type: application/json" -H "USER_ID: jh0003" http://localhost:8080/sdc2/rest/v1/consumers/ -d '{"consumerName": '$consumerName', "consumerSalt": '$salt',"consumerPassword": '$pass'}'
Check that the consumer was successfully created in SDC:
curl -X GET -i -H "Accept: application/json; charset=UTF-8" -H "Content-Type: application/json" -H "USER_ID: jh0003" http://localhost:8080/sdc2/rest/v1/consumers/<consumerName> HTTP/1.1 200 OK Set-Cookie: JSESSIONID=1ahpyqpjjgfblahos4f03qun9;Path=/ Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Type: application/json;charset=UTF-8 X-ECOMP-RequestID: 6e47cbde-44e8-4b82-8f17-c6a731bf0081 Vary: Accept-Encoding, User-Agent Content-Length: 268 Server: Jetty(9.3.12.v20160915) {"consumerName":"vid","consumerPassword":"3936abc03d50693c90ec68a4a60427d6bdde8b085d60314333c9e58a270ff6f3","consumerSalt":"eaa62d9681d8f803ac05db342e3c9cc0","consumerLastAuthenticationTime":0,"consumerDetailsLastupdatedtime":1481211500749,"lastModfierAtuid":"jh0003"}