From 5135fde49e1268873e688d14f541b8ff673bae22 Mon Sep 17 00:00:00 2001 From: Jan Malkiewicz Date: Wed, 15 Jul 2020 15:28:41 +0200 Subject: Add sftp strict host key checking to DFC. Issue-ID: DCAEGEN2-2219 Signed-off-by: Jan Malkiewicz Change-Id: Iadf6c6bd743c42ebb3bf9ad8ac443fc0f3f58063 --- datafile-app-server/dpo/blueprints/k8s-datafile.yaml | 2 +- datafile-app-server/dpo/spec/datafile-component-spec.json | 11 +++++++++++ datafile-app-server/dpo/tosca_models/schema.yaml | 2 ++ datafile-app-server/dpo/tosca_models/template.yaml | 1 + 4 files changed, 15 insertions(+), 1 deletion(-) (limited to 'datafile-app-server/dpo') diff --git a/datafile-app-server/dpo/blueprints/k8s-datafile.yaml b/datafile-app-server/dpo/blueprints/k8s-datafile.yaml index 5a0b0bb6..a38d5e3b 100644 --- a/datafile-app-server/dpo/blueprints/k8s-datafile.yaml +++ b/datafile-app-server/dpo/blueprints/k8s-datafile.yaml @@ -73,7 +73,6 @@ node_templates: PM_MEAS_FILES: dmaap_info: <> type: data_router - streams_subscribes: {} dmaap.ftpesConfig.keyCert: /opt/app/datafile/config/cert.jks dmaap.ftpesConfig.keyPasswordPath: /opt/app/datafile/config/jks.pass dmaap.ftpesConfig.trustedCa: /opt/app/datafile/config/trust.jks @@ -83,6 +82,7 @@ node_templates: dmaap.security.keyStorePath: /opt/app/datafile/etc/cert/key.p12 dmaap.security.trustStorePasswordPath: /opt/app/datafile/etc/cert/trust.pass dmaap.security.trustStorePath: /opt/app/datafile/etc/cert/trust.jks + sftp.security.strictHostKeyChecking: true streams_subscribes: dmaap_subscriber: dmaap_info: diff --git a/datafile-app-server/dpo/spec/datafile-component-spec.json b/datafile-app-server/dpo/spec/datafile-component-spec.json index 6047a7c0..e7843283 100644 --- a/datafile-app-server/dpo/spec/datafile-component-spec.json +++ b/datafile-app-server/dpo/spec/datafile-component-spec.json @@ -140,6 +140,17 @@ "policy_editable": false, "type": "string", "required": true + }, + { + "name": "sftp.security.strictHostKeyChecking", + "value": true, + "description": "", + "designer_editable": true, + "sourced_at_deployment": false, + "policy_editable": false, + "type": "string", + "required": true } + ] } diff --git a/datafile-app-server/dpo/tosca_models/schema.yaml b/datafile-app-server/dpo/tosca_models/schema.yaml index 474af7ac..f5eca0e5 100644 --- a/datafile-app-server/dpo/tosca_models/schema.yaml +++ b/datafile-app-server/dpo/tosca_models/schema.yaml @@ -528,6 +528,8 @@ node_types: type: string streams_subscribes: type: string + sftp.security.strictHostKeyChecking: + type: boolean requirements: - stream_subscribe_0: capability: dcae.capabilities.dmmap.topic diff --git a/datafile-app-server/dpo/tosca_models/template.yaml b/datafile-app-server/dpo/tosca_models/template.yaml index a1fdadb7..246f4a45 100644 --- a/datafile-app-server/dpo/tosca_models/template.yaml +++ b/datafile-app-server/dpo/tosca_models/template.yaml @@ -31,6 +31,7 @@ topology_template: security.keyStorePath: /opt/app/datafile/etc/cert/cert.jks security.trustStorePasswordPath: /opt/app/datafile/etc/cert/trust.pass security.trustStorePath: /opt/app/datafile/etc/cert/trust.jks + sftp.security.strictHostKeyChecking: true service_name: datafile streams_subscribes: '{''dmaap_subscriber'': {''dmmap_info'': {''topic_url'': ''http://message-router.onap.svc.cluster.local:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/OpenDcae-c12/C12''}}}' requirements: -- cgit 1.2.3-korg