aboutsummaryrefslogtreecommitdiffstats
path: root/sidecar
AgeCommit message (Collapse)AuthorFilesLines
2019-04-11Update dependency versions to use non-snapshot5.0.2-ONAP5.0.0-ONAP4.0.0-ONAPelaltodublinLee, Tian (tl5884)1-2/+2
This is to circumvent the issue of latest fproxy and rproxy snapshot artifacts disappearing from nexus, causing the sonar job to fail Change-Id: I48448e3db09797392c4c7e833270165aca17bff6 Issue-ID: AAF-806 Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
2019-03-14Merge "Enhance RProxy authorization to use request method"Jonathan Gathman4-3/+63
2019-03-13Enhance RProxy authorization to use request methodIanB4-3/+63
Authorization filter now takes into account the request method. The desired method can now be added to the authorization file defaulting to GET if not supplied. The request URI & method can now be checked against the authorization configuration along with the needed permissions. Issue-ID: AAF-786 Change-Id: I25f6f2180ac9d94a30ca5ba1aa349fb424c18d81 Signed-off-by: IanB <IanB@amdocs.com>
2019-03-08Fix rproxy and fproxy logging issuesbwong211-0/+4
Fix to rproxy and fproxy to allow the log file to be generated at runtime. Changes to the sidecar pom.xml by adding logback-classic in the dependency management - Makes sure the correct logback-classic plugin version is pulled in from its transitive dependency - Override the scope dependency that was recently set to test Change-Id: I55ffee62e3e052c97fdda6d934cf3213473298b3 Issue-ID: AAF-781 Signed-off-by: bwong21 <bwong@amdocs.com>
2019-02-26Fix typo in package namesLee, Tian (tl5884)4-5/+5
Change-Id: I55e2c54427433aff7ddeb704da86e28a3b10f87d Issue-ID: AAF-774 Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
2019-02-22Add Multi-Realm class handlingInstrumental4-4/+4
Also, improve Logging Issue-ID: AAF-771 Change-Id: I4cf286b5c474596f5e824e5204598cf0c1bb014c Signed-off-by: Instrumental <jonathan.gathman@att.com>
2019-02-15fix shiro logs looping issueSai Gandham4-4/+4
Issue-ID: AAF-655 Change-Id: I6719683718ec8dc2695df1eb14b6b490df5976c5 Signed-off-by: Sai Gandham <sg481n@att.com>
2019-01-30Update shiro logging and sl4j init2.1.11Sai Gandham4-4/+4
Issue-ID: AAF-655 Change-Id: I1e1439efbee5900c82a6065a0581faae15622581 Signed-off-by: Sai Gandham <sg481n@att.com>
2019-01-16update logging path for shiroSai Gandham4-4/+4
Issue-ID: AAF-655 Change-Id: I12cab0cff0e8244cd6d477fb5cb6aa64ad353bf5 Signed-off-by: Sai Gandham <sg481n@att.com>
2019-01-04Replace Jackson Spring-Boot dependencies with GSONLee, Tian (tl5884)1-1/+10
Submodule: FProxy service By default, Spring-Boot uses Jackson dependencies to marshall/unmarshall JSON. However, all current releases of Jackson contain security vulnerabilities. This change will configure Spring-Boot to use the GSON library instead of Jackson, which contains no security vulnerabilities. Change-Id: Ifd36d2ddb79fa5da9310e1872f8936ab7ae91073 Issue-ID: AAF-693 Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
2019-01-03Upversion Spring Boot for NexusIQLee, Tian (tl5884)2-22/+34
Upversion to latest 2.1.1.RELEASE to fix new NexusIQ security vulnerabilities Change-Id: I8d7759d5f5dbdf70b1056bc4b6875caf8c25893d Issue-ID: AAF-693 Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
2018-11-26Re-enable sidecar unit testsIanB5-79/+149
After recent commits, sidecar unit tests had been disabled. These changes re-enable them and allow them to complete successfully. After review comments removed the dependency on Mockito and added a comment on the Surefire plugin configuration. Change-Id: I301b524e06460480e37d180a3fc9977588e87892 Issue-ID: AAF-642 Signed-off-by: IanB <IanB@amdocs.com>
2018-11-19Move CADI to 2.1.9Instrumental4-4/+4
Issue-ID: AAF-634 Change-Id: I3586bc4da38853b6320b887248f32c45f9704585 Signed-off-by: Instrumental <jonathan.gathman@att.com>
2018-11-13Setup for Release 2.1.8Instrumental4-4/+4
Issue-ID: AAF-630 Change-Id: I4c7b46b578921d53e0821dcee53ba66de96b6bd4 Signed-off-by: Instrumental <jonathan.gathman@att.com>
2018-11-09Update FProxy to separate truststore and keystoreMichael Arrastia8-63/+81
* Create default truststore, fproxy_truststore. * Require TRUST_STORE_PASSWORD system parameter on application start. * Harden parameter checks in FProxyApplication PostConstruct. * Rationalise properties in RestTemplateConfig. * Update unit tests to handle trust store. * Correct spring dependency in pom. Change-Id: I0254e5d27ff76bbd7a44b961169d7fe47761d3f9 Issue-ID: AAF-614 Signed-off-by: Michael Arrastia <MArrasti@amdocs.com>
2018-11-07Fix/Renable sidecar buildsInstrumental35-167/+193
Issue-ID: AAF-613 Change-Id: Ic13411eebbf3c1c9b6d8492aff1b37db37a965e4 Signed-off-by: Instrumental <jonathan.gathman@att.com>
2018-11-07Pom OParent, other hierarchyInstrumental8-39/+70
Issue-ID: AAF-613 Change-Id: I14531b546aebb9e5326ddc67eb3ec4eb9e17dac1 Signed-off-by: Instrumental <jonathan.gathman@att.com>
2018-11-06update license in cadi repoSai Gandham7-135/+126
Issue-ID: AAF-611 Change-Id: I0a273cdfc61798f77b22a58e2190cb5333eab730 Signed-off-by: Sai Gandham <sg481n@att.com>
2018-10-29Route Incoming TCP Traffic Via the Reverse ProxyIanB1-0/+2
By default any container is accessible from any pod inside a Kubernetes cluster. It is therefore possible to send requests directly to the primary microservice even if sidecar security is enabled. An additional netfilter rule will redirect any incoming TCP requests to the Reverse Proxy. The Reverse Proxy service listens on the hard coded port (10692) Issue-ID: AAF-591 Change-Id: I9afccadb08add4312cef770221702942d811cbdd Signed-off-by: IanB <IanB@amdocs.com>
2018-10-29Merge "Make 2-way TLS optional and fix cert errors"Jonathan Gathman2-6/+14
2018-10-26Make 2-way TLS optional and fix cert errorsRavi Geda2-6/+14
Change-Id: Ia7f94f8903039a7b55946c9cab4f026fe3558f1c Issue-ID: AAF-586 Signed-off-by: Ravi Geda <gravik@amdocs.com>
2018-10-23Documentation corrected markups.Stanislav Chlebec2-60/+68
Change-Id: I99ead3648f0175f188e280c76868da7c117d9a28 Signed-off-by: Stanislav Chlebec <stanislav.chlebec@pantheon.tech> Issue-ID: AAF-582
2018-10-19modify cadi aaf version in rproxySai Gandham1-1/+1
Issue-ID: AAF-576 Change-Id: I758608684f469610693c9682d10eb2746a89d970 Signed-off-by: Sai Gandham <sg481n@att.com>
2018-10-17Exempt Cassandra traffic from fproxyRavi Geda1-0/+4
The connection to cassandra is not http/https. Hence bypassing it from going through the forward proxy. Change-Id: Ic4f65222fca5f3698d6ed806333b265d0e392314 Issue-ID: AAF-572 Signed-off-by: Ravi Geda <gravik@amdocs.com>
2018-10-17Merge "Make 2-way TLS optional"Jonathan Gathman1-1/+1
2018-10-15Make 2-way TLS optionalRavi Geda1-1/+1
Change-Id: I180e584b78dbe32d4c00b05672c2f6aa182ce4b1 Issue-ID: AAF-562 Signed-off-by: Ravi Geda <gravik@amdocs.com>
2018-10-12Add to configuration information for rproxyIanB1-13/+38
Added more information on how to configure URIs & needed permissions for the ReverseProxyAuthorization filter, the authorization enforcement point. Added the necessary steps to use an alternative authorization provider. Issue-ID: AAI-1604 Change-Id: Ia16dd2687b0032a0bd75641c1523307e90ceeb32 Signed-off-by: IanB <IanB@amdocs.com>
2018-10-10Merge "Enhance fproxy unit tests"Jonathan Gathman1-1/+5
2018-10-10Correct the forward proxy portRavi Geda1-4/+1
Change-Id: I1531731713729dec57590f014dfe0c947ef55d37 Issue-ID: AAF-553 Signed-off-by: Ravi Geda <gravik@amdocs.com>
2018-10-09Enhance fproxy unit testsLee, Tian (tl5884)1-1/+5
Ensure that the fproxy unit tests are specifically testing the propagation of the X-TransactionId header in downstream requests. Change-Id: I5e2da81eacaaf2f30e08b2cb95a12049fd5da6ff Issue-ID: AAF-529 Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
2018-10-07Update cadi sidecar versionSai Gandham4-10/+10
Adding relative path to oparent Issue-ID: AAF-537 Change-Id: I6601b919c3e96bb7987aa316e460077a6de4e0bd Signed-off-by: Sai Gandham <sg481n@att.com>
2018-10-05Remove pom property preventing fproxy deployLee, Tian (tl5884)1-1/+0
rproxy sonar job is failing because fproxy artifact is not being deployed. Change-Id: I32d1b52e9420f76c0c1e27e0c87a2ecb5996e864 Issue-ID: AAF-528 Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
2018-10-04Update oparent version in aaf cadiSai Gandham1-1/+1
Issue-ID: AAF-537 Change-Id: Ifc517cc153b0e1cb0b3b990e347349b148ba883d Signed-off-by: Sai Gandham <sg481n@att.com>
2018-10-01Fix NexusIQ security vulnerabilitiesLee, Tian (tl5884)7-29/+25
Remove Spring Boot Jackson dependencies and replace with Gson implementation. Fix potential source of NullPointerException. Change-Id: I3a715a023223b596e8a0979f0e0d381511fca32d Issue-ID: AAF-529 Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
2018-09-27Fix version.properties line endingsRavi Geda2-26/+0
The docker jobs are failing when reading the version.properties. Also. remove unused version.properties under sub modules Change-Id: If2940ac3a158e8c0bfba7fcb34ca241838a34597 Issue-ID: AAI-1689 Signed-off-by: Ravi Geda <gravik@amdocs.com>
2018-09-26Fix failing jenkins jobsRavi Geda4-33/+10
The docker java daily job is hanging when it tries to build the image. Add rproxy and tproxy-config as submodules to sidecar. Align the groupid of sidecar pom. Change-Id: Idb24459b9eae43dbbef39b4a14b6167762fa126f Issue-ID: AAI-1676 Signed-off-by: Ravi Geda <gravik@amdocs.com>
2018-09-25Merge "Initial drop of rProxy code"Jonathan Gathman37-0/+2321
2018-09-25Merge "Initial drop of tproxy-config init container"Jonathan Gathman5-0/+187
2018-09-24Initial drop of rProxy codeLee, Tian (tl5884)37-0/+2321
The Reverse Proxy sidecar is used to separate the responsibility of authentication and authorization away from the primary microservice. In conjunction with the Forward Proxy sidecar, it is responsible for controlling access to the REST URL endpoints exposed by the primary microservice, and propogating security credentials to downstream microservices. Change-Id: I5d80429e5422d7b3937cde73ac10c2ec00d264e8 Issue-ID: AAI-1604 Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
2018-09-20Initial drop of tproxy-config init containerBlackwell, Ian (ib733q)5-0/+187
The tproxy-config init container sets up a pod's internal network routing such that any traffic outbound from the primary service is routed through the forward proxy. Change-Id: Ieca438fbed07db5fe7bce6162811634237c61b2a Issue-ID: AAI-1664 Signed-off-by: Blackwell, Ian (ib733q) <ib733q@att.com>
2018-09-20Add forward proxy codeRavi Geda24-0/+1360
Add a maven module called sidecar to cadi. Add forward proxy as a maven module to sidecar. Note that though sidecar is a module of cadi it does not inherit from cadi's pom. Change-Id: I617ecb1a66a3cbdd3f03287f28c6527693c6dfc6 Issue-ID: AAI-1603 Signed-off-by: Ravi Geda <gravik@amdocs.com>