Collector authentication enhancement

Collector authentication enhancement

Change-Id: I03a05cb83dd8c498fb218e82e9b3958348fbb4ac
Issue-ID: DCAEGEN2-1101
Signed-off-by: Zlatko Murgoski <zlatko.murgoski@nokia.com>

1 files changed, 16 insertions, 23 deletions

diff --git a/etc/collector.properties b/etc/collector.properties
index f0aac3b5..36c79b51 100755
--- a/etc/collector.properties
+++ b/etc/collector.properties
@@ -11,19 +11,30 @@
 ##	Normally:

 ##

 ##		- 8080 is http service

-##		- https is disabled by default (-1)

+##		- https is disabled by default

 ##

 ##		- At this time, the server always binds to 0.0.0.0

 ##

-## The default port when header.authflag is disabled (0)

+##

 collector.service.port=8080

 

-## The secure port is required if header.authflag is set to 1 (true)

 ## Authentication is only supported via secure port

 ## When enabled - require valid keystore defined

 collector.service.secure.port=8443

 

-collector.service.secure.clientauth=0

+# auth.method flags:

+#

+# noAuth - default option - no security (http)

+# certOnly - auth by certificate (https)

+# basicAuth - auth by basic auth username and password (https)

+# certBasicAuth - auth by certificate and basic auth username / password (https)

+auth.method=noAuth

+

+## Combination of userid,hashPassword encoded pwd list to be supported

+## userid and pwd comma separated; pipe delimitation between each pair

+## Password is generated by crypt-password library using BCrypt algorithm stored in dcaegen2/sdk package

+## or https://nexus.onap.org/#nexus-search;quick~crypt-password

+header.authlist=sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6

 

 ## The keystore must be setup per installation when secure port is configured

 collector.keystore.file.location=etc/keystore

@@ -33,7 +44,6 @@ collector.keystore.passwordfile=etc/passwordfile
 collector.truststore.file.location=etc/truststore

 collector.truststore.passwordfile=etc/trustpasswordfile

 

-###############################################################################

 ## Processing

 ##

 ## If there's a problem that prevents the collector from processing alarms,

@@ -53,27 +63,10 @@ collector.schema.file={\"v1\":\"./etc/CommonEventFormat_27.2.json\",\"v2\":\"./e
 collector.dmaap.streamid=fault=ves-fault|syslog=ves-syslog|heartbeat=ves-heartbeat|measurementsForVfScaling=ves-measurement|mobileFlow=ves-mobileflow|other=ves-other|stateChange=ves-statechange|thresholdCrossingAlert=ves-thresholdCrossingAlert|voiceQuality=ves-voicequality|sipSignaling=ves-sipsignaling|notification=ves-notification|pnfRegistration=ves-pnfRegistration

 collector.dmaapfile=./etc/DmaapConfig.json

 

-## authflag control authentication by the collector

-## If enabled (1) - then authlist has to be defined

-## When authflag is enabled, only secure port will be supported

-## To disable enter 0

-header.authflag=0

-

-## Combination of userid,hashPassword encoded pwd list to be supported

-## userid and pwd comma separated; pipe delimitation between each pair

-header.authlist=sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6

-

 ## Event transformation Flag - when set expects configurable transformation

 ## defined under ./etc/eventTransform.json

 ## Enabled by default; to disable set to 0

 event.transform.flag=1

 

 # Describes at what frequency (measured in minutes) should application try to fetch config from CBS

-collector.dynamic.config.update.frequency=5

-

-###############################################################################

-##

-## Tomcat control

-##

-#tomcat.maxthreads=(tomcat default, which is usually 200)

-

+collector.dynamic.config.update.frequency=5
\ No newline at end of file