summaryrefslogtreecommitdiffstats
path: root/sidecar
AgeCommit message (Collapse)AuthorFilesLines
2018-11-09Update FProxy to separate truststore and keystoreMichael Arrastia8-63/+81
* Create default truststore, fproxy_truststore. * Require TRUST_STORE_PASSWORD system parameter on application start. * Harden parameter checks in FProxyApplication PostConstruct. * Rationalise properties in RestTemplateConfig. * Update unit tests to handle trust store. * Correct spring dependency in pom. Change-Id: I0254e5d27ff76bbd7a44b961169d7fe47761d3f9 Issue-ID: AAF-614 Signed-off-by: Michael Arrastia <MArrasti@amdocs.com>
2018-11-07Fix/Renable sidecar buildsInstrumental35-167/+193
Issue-ID: AAF-613 Change-Id: Ic13411eebbf3c1c9b6d8492aff1b37db37a965e4 Signed-off-by: Instrumental <jonathan.gathman@att.com>
2018-11-07Pom OParent, other hierarchyInstrumental8-39/+70
Issue-ID: AAF-613 Change-Id: I14531b546aebb9e5326ddc67eb3ec4eb9e17dac1 Signed-off-by: Instrumental <jonathan.gathman@att.com>
2018-11-06update license in cadi repoSai Gandham7-135/+126
Issue-ID: AAF-611 Change-Id: I0a273cdfc61798f77b22a58e2190cb5333eab730 Signed-off-by: Sai Gandham <sg481n@att.com>
2018-10-29Route Incoming TCP Traffic Via the Reverse ProxyIanB1-0/+2
By default any container is accessible from any pod inside a Kubernetes cluster. It is therefore possible to send requests directly to the primary microservice even if sidecar security is enabled. An additional netfilter rule will redirect any incoming TCP requests to the Reverse Proxy. The Reverse Proxy service listens on the hard coded port (10692) Issue-ID: AAF-591 Change-Id: I9afccadb08add4312cef770221702942d811cbdd Signed-off-by: IanB <IanB@amdocs.com>
2018-10-29Merge "Make 2-way TLS optional and fix cert errors"Jonathan Gathman2-6/+14
2018-10-26Make 2-way TLS optional and fix cert errorsRavi Geda2-6/+14
Change-Id: Ia7f94f8903039a7b55946c9cab4f026fe3558f1c Issue-ID: AAF-586 Signed-off-by: Ravi Geda <gravik@amdocs.com>
2018-10-23Documentation corrected markups.Stanislav Chlebec2-60/+68
Change-Id: I99ead3648f0175f188e280c76868da7c117d9a28 Signed-off-by: Stanislav Chlebec <stanislav.chlebec@pantheon.tech> Issue-ID: AAF-582
2018-10-19modify cadi aaf version in rproxySai Gandham1-1/+1
Issue-ID: AAF-576 Change-Id: I758608684f469610693c9682d10eb2746a89d970 Signed-off-by: Sai Gandham <sg481n@att.com>
2018-10-17Exempt Cassandra traffic from fproxyRavi Geda1-0/+4
The connection to cassandra is not http/https. Hence bypassing it from going through the forward proxy. Change-Id: Ic4f65222fca5f3698d6ed806333b265d0e392314 Issue-ID: AAF-572 Signed-off-by: Ravi Geda <gravik@amdocs.com>
2018-10-17Merge "Make 2-way TLS optional"Jonathan Gathman1-1/+1
2018-10-15Make 2-way TLS optionalRavi Geda1-1/+1
Change-Id: I180e584b78dbe32d4c00b05672c2f6aa182ce4b1 Issue-ID: AAF-562 Signed-off-by: Ravi Geda <gravik@amdocs.com>
2018-10-12Add to configuration information for rproxyIanB1-13/+38
Added more information on how to configure URIs & needed permissions for the ReverseProxyAuthorization filter, the authorization enforcement point. Added the necessary steps to use an alternative authorization provider. Issue-ID: AAI-1604 Change-Id: Ia16dd2687b0032a0bd75641c1523307e90ceeb32 Signed-off-by: IanB <IanB@amdocs.com>
2018-10-10Merge "Enhance fproxy unit tests"Jonathan Gathman1-1/+5
2018-10-10Correct the forward proxy portRavi Geda1-4/+1
Change-Id: I1531731713729dec57590f014dfe0c947ef55d37 Issue-ID: AAF-553 Signed-off-by: Ravi Geda <gravik@amdocs.com>
2018-10-09Enhance fproxy unit testsLee, Tian (tl5884)1-1/+5
Ensure that the fproxy unit tests are specifically testing the propagation of the X-TransactionId header in downstream requests. Change-Id: I5e2da81eacaaf2f30e08b2cb95a12049fd5da6ff Issue-ID: AAF-529 Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
2018-10-07Update cadi sidecar versionSai Gandham4-10/+10
Adding relative path to oparent Issue-ID: AAF-537 Change-Id: I6601b919c3e96bb7987aa316e460077a6de4e0bd Signed-off-by: Sai Gandham <sg481n@att.com>
2018-10-05Remove pom property preventing fproxy deployLee, Tian (tl5884)1-1/+0
rproxy sonar job is failing because fproxy artifact is not being deployed. Change-Id: I32d1b52e9420f76c0c1e27e0c87a2ecb5996e864 Issue-ID: AAF-528 Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
2018-10-04Update oparent version in aaf cadiSai Gandham1-1/+1
Issue-ID: AAF-537 Change-Id: Ifc517cc153b0e1cb0b3b990e347349b148ba883d Signed-off-by: Sai Gandham <sg481n@att.com>
2018-10-01Fix NexusIQ security vulnerabilitiesLee, Tian (tl5884)7-29/+25
Remove Spring Boot Jackson dependencies and replace with Gson implementation. Fix potential source of NullPointerException. Change-Id: I3a715a023223b596e8a0979f0e0d381511fca32d Issue-ID: AAF-529 Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
2018-09-27Fix version.properties line endingsRavi Geda2-26/+0
The docker jobs are failing when reading the version.properties. Also. remove unused version.properties under sub modules Change-Id: If2940ac3a158e8c0bfba7fcb34ca241838a34597 Issue-ID: AAI-1689 Signed-off-by: Ravi Geda <gravik@amdocs.com>
2018-09-26Fix failing jenkins jobsRavi Geda4-33/+10
The docker java daily job is hanging when it tries to build the image. Add rproxy and tproxy-config as submodules to sidecar. Align the groupid of sidecar pom. Change-Id: Idb24459b9eae43dbbef39b4a14b6167762fa126f Issue-ID: AAI-1676 Signed-off-by: Ravi Geda <gravik@amdocs.com>
2018-09-25Merge "Initial drop of rProxy code"Jonathan Gathman37-0/+2321
2018-09-25Merge "Initial drop of tproxy-config init container"Jonathan Gathman5-0/+187
2018-09-24Initial drop of rProxy codeLee, Tian (tl5884)37-0/+2321
The Reverse Proxy sidecar is used to separate the responsibility of authentication and authorization away from the primary microservice. In conjunction with the Forward Proxy sidecar, it is responsible for controlling access to the REST URL endpoints exposed by the primary microservice, and propogating security credentials to downstream microservices. Change-Id: I5d80429e5422d7b3937cde73ac10c2ec00d264e8 Issue-ID: AAI-1604 Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
2018-09-20Initial drop of tproxy-config init containerBlackwell, Ian (ib733q)5-0/+187
The tproxy-config init container sets up a pod's internal network routing such that any traffic outbound from the primary service is routed through the forward proxy. Change-Id: Ieca438fbed07db5fe7bce6162811634237c61b2a Issue-ID: AAI-1664 Signed-off-by: Blackwell, Ian (ib733q) <ib733q@att.com>
2018-09-20Add forward proxy codeRavi Geda24-0/+1360
Add a maven module called sidecar to cadi. Add forward proxy as a maven module to sidecar. Note that though sidecar is a module of cadi it does not inherit from cadi's pom. Change-Id: I617ecb1a66a3cbdd3f03287f28c6527693c6dfc6 Issue-ID: AAI-1603 Signed-off-by: Ravi Geda <gravik@amdocs.com>