Age | Commit message (Collapse) | Author | Files | Lines |
|
* Create default truststore, fproxy_truststore.
* Require TRUST_STORE_PASSWORD system parameter on application start.
* Harden parameter checks in FProxyApplication PostConstruct.
* Rationalise properties in RestTemplateConfig.
* Update unit tests to handle trust store.
* Correct spring dependency in pom.
Change-Id: I0254e5d27ff76bbd7a44b961169d7fe47761d3f9
Issue-ID: AAF-614
Signed-off-by: Michael Arrastia <MArrasti@amdocs.com>
|
|
Issue-ID: AAF-613
Change-Id: Ic13411eebbf3c1c9b6d8492aff1b37db37a965e4
Signed-off-by: Instrumental <jonathan.gathman@att.com>
|
|
Issue-ID: AAF-613
Change-Id: I14531b546aebb9e5326ddc67eb3ec4eb9e17dac1
Signed-off-by: Instrumental <jonathan.gathman@att.com>
|
|
Issue-ID: AAF-611
Change-Id: I0a273cdfc61798f77b22a58e2190cb5333eab730
Signed-off-by: Sai Gandham <sg481n@att.com>
|
|
By default any container is accessible from any pod inside
a Kubernetes cluster. It is therefore possible to send requests
directly to the primary microservice even if sidecar security
is enabled.
An additional netfilter rule will redirect any incoming TCP
requests to the Reverse Proxy. The Reverse Proxy service
listens on the hard coded port (10692)
Issue-ID: AAF-591
Change-Id: I9afccadb08add4312cef770221702942d811cbdd
Signed-off-by: IanB <IanB@amdocs.com>
|
|
|
|
Change-Id: Ia7f94f8903039a7b55946c9cab4f026fe3558f1c
Issue-ID: AAF-586
Signed-off-by: Ravi Geda <gravik@amdocs.com>
|
|
Change-Id: I99ead3648f0175f188e280c76868da7c117d9a28
Signed-off-by: Stanislav Chlebec <stanislav.chlebec@pantheon.tech>
Issue-ID: AAF-582
|
|
Issue-ID: AAF-576
Change-Id: I758608684f469610693c9682d10eb2746a89d970
Signed-off-by: Sai Gandham <sg481n@att.com>
|
|
The connection to cassandra is not http/https. Hence bypassing it from
going through the forward proxy.
Change-Id: Ic4f65222fca5f3698d6ed806333b265d0e392314
Issue-ID: AAF-572
Signed-off-by: Ravi Geda <gravik@amdocs.com>
|
|
|
|
Change-Id: I180e584b78dbe32d4c00b05672c2f6aa182ce4b1
Issue-ID: AAF-562
Signed-off-by: Ravi Geda <gravik@amdocs.com>
|
|
Added more information on how to configure URIs & needed permissions
for the ReverseProxyAuthorization filter, the authorization enforcement
point. Added the necessary steps to use an alternative authorization
provider.
Issue-ID: AAI-1604
Change-Id: Ia16dd2687b0032a0bd75641c1523307e90ceeb32
Signed-off-by: IanB <IanB@amdocs.com>
|
|
|
|
Change-Id: I1531731713729dec57590f014dfe0c947ef55d37
Issue-ID: AAF-553
Signed-off-by: Ravi Geda <gravik@amdocs.com>
|
|
Ensure that the fproxy unit tests are specifically testing the
propagation of the X-TransactionId header in downstream requests.
Change-Id: I5e2da81eacaaf2f30e08b2cb95a12049fd5da6ff
Issue-ID: AAF-529
Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
|
|
Adding relative path to oparent
Issue-ID: AAF-537
Change-Id: I6601b919c3e96bb7987aa316e460077a6de4e0bd
Signed-off-by: Sai Gandham <sg481n@att.com>
|
|
rproxy sonar job is failing because fproxy artifact is not being
deployed.
Change-Id: I32d1b52e9420f76c0c1e27e0c87a2ecb5996e864
Issue-ID: AAF-528
Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
|
|
Issue-ID: AAF-537
Change-Id: Ifc517cc153b0e1cb0b3b990e347349b148ba883d
Signed-off-by: Sai Gandham <sg481n@att.com>
|
|
Remove Spring Boot Jackson dependencies and replace with Gson
implementation.
Fix potential source of NullPointerException.
Change-Id: I3a715a023223b596e8a0979f0e0d381511fca32d
Issue-ID: AAF-529
Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
|
|
The docker jobs are failing when reading the version.properties.
Also. remove unused version.properties under sub modules
Change-Id: If2940ac3a158e8c0bfba7fcb34ca241838a34597
Issue-ID: AAI-1689
Signed-off-by: Ravi Geda <gravik@amdocs.com>
|
|
The docker java daily job is hanging when it tries to build the image.
Add rproxy and tproxy-config as submodules to sidecar. Align the groupid
of sidecar pom.
Change-Id: Idb24459b9eae43dbbef39b4a14b6167762fa126f
Issue-ID: AAI-1676
Signed-off-by: Ravi Geda <gravik@amdocs.com>
|
|
|
|
|
|
The Reverse Proxy sidecar is used to separate the responsibility of
authentication and authorization away from the primary microservice. In
conjunction with the Forward Proxy sidecar, it is responsible for
controlling access to the REST URL endpoints exposed by the primary
microservice, and propogating security credentials to downstream
microservices.
Change-Id: I5d80429e5422d7b3937cde73ac10c2ec00d264e8
Issue-ID: AAI-1604
Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
|
|
The tproxy-config init container sets up a pod's internal
network routing such that any traffic outbound from
the primary service is routed through the forward
proxy.
Change-Id: Ieca438fbed07db5fe7bce6162811634237c61b2a
Issue-ID: AAI-1664
Signed-off-by: Blackwell, Ian (ib733q) <ib733q@att.com>
|
|
Add a maven module called sidecar to cadi.
Add forward proxy as a maven module to sidecar.
Note that though sidecar is a module of cadi it does not inherit from cadi's pom.
Change-Id: I617ecb1a66a3cbdd3f03287f28c6527693c6dfc6
Issue-ID: AAI-1603
Signed-off-by: Ravi Geda <gravik@amdocs.com>
|