summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2019-01-10Merge "Replace Jackson Spring-Boot dependencies with GSON"Jonathan Gathman1-1/+10
2019-01-08Add few more debug statements for logging2.1.9Sai Gandham1-7/+6
Issue-ID: AAF-655 Change-Id: Ib429e035dc6b217498bb88b7aa9153e58f01fddb Signed-off-by: Sai Gandham <sg481n@att.com>
2019-01-08Add missing shiro loggingSai Gandham3-16/+44
Issue-ID: AAF-655 Change-Id: If0dc4a11e2166f8ac9413aa7ab1f826c30d2f063 Signed-off-by: Sai Gandham <sg481n@att.com>
2019-01-04Replace Jackson Spring-Boot dependencies with GSONLee, Tian (tl5884)1-1/+10
Submodule: FProxy service By default, Spring-Boot uses Jackson dependencies to marshall/unmarshall JSON. However, all current releases of Jackson contain security vulnerabilities. This change will configure Spring-Boot to use the GSON library instead of Jackson, which contains no security vulnerabilities. Change-Id: Ifd36d2ddb79fa5da9310e1872f8936ab7ae91073 Issue-ID: AAF-693 Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
2019-01-03Upversion Spring Boot for NexusIQLee, Tian (tl5884)2-22/+34
Upversion to latest 2.1.1.RELEASE to fix new NexusIQ security vulnerabilities Change-Id: I8d7759d5f5dbdf70b1056bc4b6875caf8c25893d Issue-ID: AAF-693 Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
2018-12-03Add shiro permission mappingSai Gandham2-2/+2
revert to 2.1.9 Issue-ID: AAF-655 Change-Id: I306f05b75fe856ccecba435461ef0cb71d851b2a Signed-off-by: Sai Gandham <sg481n@att.com>
2018-11-26Re-enable sidecar unit testsIanB5-79/+149
After recent commits, sidecar unit tests had been disabled. These changes re-enable them and allow them to complete successfully. After review comments removed the dependency on Mockito and added a comment on the Surefire plugin configuration. Change-Id: I301b524e06460480e37d180a3fc9977588e87892 Issue-ID: AAF-642 Signed-off-by: IanB <IanB@amdocs.com>
2018-11-20CADI needs non-SNAPSHOT... againInstrumental1-1/+1
Issue-ID: AAF-634 Change-Id: Ifd1e7557f6d65dfdb713811b0ab65bbb4f531056 Signed-off-by: Instrumental <jonathan.gathman@att.com>
2018-11-19Move CADI to 2.1.9Instrumental7-8/+8
Issue-ID: AAF-634 Change-Id: I3586bc4da38853b6320b887248f32c45f9704585 Signed-off-by: Instrumental <jonathan.gathman@att.com>
2018-11-14version.properties to 2.1.83.0.1-ONAP3.0.0-ONAP2.1.8casablancaInstrumental1-2/+2
Issue-ID: AAF-630 Change-Id: I52b0a324fd9adb547b162356222bdcc6ad4b049b Signed-off-by: Instrumental <jonathan.gathman@att.com>
2018-11-13Setup for Release 2.1.8Instrumental7-8/+8
Issue-ID: AAF-630 Change-Id: I4c7b46b578921d53e0821dcee53ba66de96b6bd4 Signed-off-by: Instrumental <jonathan.gathman@att.com>
2018-11-12Create Authz mapInstrumental2-10/+47
Issue-ID: AAF-618 Change-Id: I9615734555591bff399d50d45e3d4c5e1ffe20c0 Signed-off-by: Instrumental <jonathan.gathman@att.com>
2018-11-12Add javax ws to OSGI bundleSai Gandham1-0/+2
javax.xml.ws webservics budle is missing in old shiro bundle. Now WS added to bundle. Issue-ID: AAF-618 Change-Id: Ia6ca04c1ba8d63122fd5ea325651052ec31f363d Signed-off-by: Sai Gandham <sg481n@att.com>
2018-11-12Add instantiation Log MessageInstrumental2-2/+5
Issue-ID: AAF-618 Change-Id: I7b9630056ee3aa8246ef0a90ac01d53a6853f79d Signed-off-by: Instrumental <jonathan.gathman@att.com>
2018-11-12Missed Version in POMInstrumental1-1/+1
Issue-ID: AAF-626 Change-Id: I89bc29be1655cad48bbb9e93ac88a9b2a5aae76d Signed-off-by: Instrumental <jonathan.gathman@att.com>
2018-11-12Put MapBath code in ShiroInstrumental3-28/+63
Issue-ID: AAF-618 Change-Id: Ibbee25744a479d40ed438f926d0d3785a76fc5d1 Signed-off-by: Instrumental <jonathan.gathman@att.com>
2018-11-12Merge "Update FProxy to separate truststore and keystore"Jonathan Gathman9-68/+102
2018-11-09Update FProxy to separate truststore and keystoreMichael Arrastia9-68/+102
* Create default truststore, fproxy_truststore. * Require TRUST_STORE_PASSWORD system parameter on application start. * Harden parameter checks in FProxyApplication PostConstruct. * Rationalise properties in RestTemplateConfig. * Update unit tests to handle trust store. * Correct spring dependency in pom. Change-Id: I0254e5d27ff76bbd7a44b961169d7fe47761d3f9 Issue-ID: AAF-614 Signed-off-by: Michael Arrastia <MArrasti@amdocs.com>
2018-11-09Use AAF cadi 2.1.7Instrumental1-1/+1
Issue-ID: AAF-620 Change-Id: I1cc1c58f4da676d33781b26da4aab3fb65869a12 Signed-off-by: Instrumental <jonathan.gathman@att.com>
2018-11-07Remove SNAPSHOTInstrumental1-1/+1
Did SNAPSHOT to help APPC test. Have to move back to non-SNAPSHOT for build. Issue-ID: AAF-613 Change-Id: I34c5b4bf1c02ee9de51137a283705ce5e240a350 Signed-off-by: Instrumental <jonathan.gathman@att.com>
2018-11-07Fix/Renable sidecar buildsInstrumental37-184/+204
Issue-ID: AAF-613 Change-Id: Ic13411eebbf3c1c9b6d8492aff1b37db37a965e4 Signed-off-by: Instrumental <jonathan.gathman@att.com>
2018-11-07All to 2.1.7-SNAPSHOTInstrumental1-1/+1
Issue-ID: AAF-613 Change-Id: I9d3cd657e39eff0246c9f3b343dd44bcccd90452 Signed-off-by: Instrumental <jonathan.gathman@att.com>
2018-11-07Pom OParent, other hierarchyInstrumental11-59/+90
Issue-ID: AAF-613 Change-Id: I14531b546aebb9e5326ddc67eb3ec4eb9e17dac1 Signed-off-by: Instrumental <jonathan.gathman@att.com>
2018-11-06update license in cadi repoSai Gandham10-195/+180
Issue-ID: AAF-611 Change-Id: I0a273cdfc61798f77b22a58e2190cb5333eab730 Signed-off-by: Sai Gandham <sg481n@att.com>
2018-10-29Route Incoming TCP Traffic Via the Reverse ProxyIanB1-0/+2
By default any container is accessible from any pod inside a Kubernetes cluster. It is therefore possible to send requests directly to the primary microservice even if sidecar security is enabled. An additional netfilter rule will redirect any incoming TCP requests to the Reverse Proxy. The Reverse Proxy service listens on the hard coded port (10692) Issue-ID: AAF-591 Change-Id: I9afccadb08add4312cef770221702942d811cbdd Signed-off-by: IanB <IanB@amdocs.com>
2018-10-29Merge "Make 2-way TLS optional and fix cert errors"Jonathan Gathman2-6/+14
2018-10-26Make 2-way TLS optional and fix cert errorsRavi Geda2-6/+14
Change-Id: Ia7f94f8903039a7b55946c9cab4f026fe3558f1c Issue-ID: AAF-586 Signed-off-by: Ravi Geda <gravik@amdocs.com>
2018-10-23Documentation corrected markups.Stanislav Chlebec3-60/+75
Change-Id: I99ead3648f0175f188e280c76868da7c117d9a28 Signed-off-by: Stanislav Chlebec <stanislav.chlebec@pantheon.tech> Issue-ID: AAF-582
2018-10-19modify cadi aaf version in rproxySai Gandham1-1/+1
Issue-ID: AAF-576 Change-Id: I758608684f469610693c9682d10eb2746a89d970 Signed-off-by: Sai Gandham <sg481n@att.com>
2018-10-17Exempt Cassandra traffic from fproxyRavi Geda1-0/+4
The connection to cassandra is not http/https. Hence bypassing it from going through the forward proxy. Change-Id: Ic4f65222fca5f3698d6ed806333b265d0e392314 Issue-ID: AAF-572 Signed-off-by: Ravi Geda <gravik@amdocs.com>
2018-10-17Merge "Make 2-way TLS optional"Jonathan Gathman1-1/+1
2018-10-15Make 2-way TLS optionalRavi Geda1-1/+1
Change-Id: I180e584b78dbe32d4c00b05672c2f6aa182ce4b1 Issue-ID: AAF-562 Signed-off-by: Ravi Geda <gravik@amdocs.com>
2018-10-12Add to configuration information for rproxyIanB1-13/+38
Added more information on how to configure URIs & needed permissions for the ReverseProxyAuthorization filter, the authorization enforcement point. Added the necessary steps to use an alternative authorization provider. Issue-ID: AAI-1604 Change-Id: Ia16dd2687b0032a0bd75641c1523307e90ceeb32 Signed-off-by: IanB <IanB@amdocs.com>
2018-10-10Merge "Enhance fproxy unit tests"Jonathan Gathman1-1/+5
2018-10-10Correct the forward proxy portRavi Geda1-4/+1
Change-Id: I1531731713729dec57590f014dfe0c947ef55d37 Issue-ID: AAF-553 Signed-off-by: Ravi Geda <gravik@amdocs.com>
2018-10-09Enhance fproxy unit testsLee, Tian (tl5884)1-1/+5
Ensure that the fproxy unit tests are specifically testing the propagation of the X-TransactionId header in downstream requests. Change-Id: I5e2da81eacaaf2f30e08b2cb95a12049fd5da6ff Issue-ID: AAF-529 Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
2018-10-07Update cadi sidecar versionSai Gandham4-10/+10
Adding relative path to oparent Issue-ID: AAF-537 Change-Id: I6601b919c3e96bb7987aa316e460077a6de4e0bd Signed-off-by: Sai Gandham <sg481n@att.com>
2018-10-05Remove pom property preventing fproxy deployLee, Tian (tl5884)1-1/+0
rproxy sonar job is failing because fproxy artifact is not being deployed. Change-Id: I32d1b52e9420f76c0c1e27e0c87a2ecb5996e864 Issue-ID: AAF-528 Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
2018-10-04Update oparent version in aaf cadiSai Gandham2-2/+2
Issue-ID: AAF-537 Change-Id: Ifc517cc153b0e1cb0b3b990e347349b148ba883d Signed-off-by: Sai Gandham <sg481n@att.com>
2018-10-04change cadi shiro versionSai Gandham1-2/+2
Issue-ID: AAF-537 Change-Id: I76cd87edad7acdb43ab48552cf68bc3df598ccf2 Signed-off-by: Sai Gandham <sg481n@att.com>
2018-10-04change cadi actual version from SNAPSHOTSai Gandham1-1/+1
Issue-ID: AAF-537 Change-Id: I9722b1d3541077f8900017b7293801fac343fbae Signed-off-by: Sai Gandham <sg481n@att.com>
2018-10-01Fix NexusIQ security vulnerabilitiesLee, Tian (tl5884)8-29/+26
Remove Spring Boot Jackson dependencies and replace with Gson implementation. Fix potential source of NullPointerException. Change-Id: I3a715a023223b596e8a0979f0e0d381511fca32d Issue-ID: AAF-529 Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
2018-10-01Fix aaf-cadi-master-release-version-java-daily jobLee, Tian (tl5884)1-17/+19
Job is failing because aaf-cadi-aaf version 2.1.2 cannot be found in the release repository. Change-Id: I1f339401e514c93b5311d9c995832b12a5983631 Issue-ID: AAF-528 Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
2018-09-27Fix version.properties line endingsRavi Geda3-61/+35
The docker jobs are failing when reading the version.properties. Also. remove unused version.properties under sub modules Change-Id: If2940ac3a158e8c0bfba7fcb34ca241838a34597 Issue-ID: AAI-1689 Signed-off-by: Ravi Geda <gravik@amdocs.com>
2018-09-26Fix failing jenkins jobsRavi Geda4-33/+10
The docker java daily job is hanging when it tries to build the image. Add rproxy and tproxy-config as submodules to sidecar. Align the groupid of sidecar pom. Change-Id: Idb24459b9eae43dbbef39b4a14b6167762fa126f Issue-ID: AAI-1676 Signed-off-by: Ravi Geda <gravik@amdocs.com>
2018-09-25Merge "Initial drop of rProxy code"Jonathan Gathman37-0/+2321
2018-09-25Merge "Initial drop of tproxy-config init container"Jonathan Gathman5-0/+187
2018-09-24Initial drop of rProxy codeLee, Tian (tl5884)37-0/+2321
The Reverse Proxy sidecar is used to separate the responsibility of authentication and authorization away from the primary microservice. In conjunction with the Forward Proxy sidecar, it is responsible for controlling access to the REST URL endpoints exposed by the primary microservice, and propogating security credentials to downstream microservices. Change-Id: I5d80429e5422d7b3937cde73ac10c2ec00d264e8 Issue-ID: AAI-1604 Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
2018-09-20Initial drop of tproxy-config init containerBlackwell, Ian (ib733q)5-0/+187
The tproxy-config init container sets up a pod's internal network routing such that any traffic outbound from the primary service is routed through the forward proxy. Change-Id: Ieca438fbed07db5fe7bce6162811634237c61b2a Issue-ID: AAI-1664 Signed-off-by: Blackwell, Ian (ib733q) <ib733q@att.com>
2018-09-20Add forward proxy codeRavi Geda25-0/+1361
Add a maven module called sidecar to cadi. Add forward proxy as a maven module to sidecar. Note that though sidecar is a module of cadi it does not inherit from cadi's pom. Change-Id: I617ecb1a66a3cbdd3f03287f28c6527693c6dfc6 Issue-ID: AAI-1603 Signed-off-by: Ravi Geda <gravik@amdocs.com>