summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorpawel <pawel.kasperkiewicz@nokia.com>2019-11-07 11:15:00 +0100
committerpawel <pawel.kasperkiewicz@nokia.com>2019-11-07 11:15:00 +0100
commit014bacae0fbb76c6e6baf83f267258211e28d3cc (patch)
tree726e721fbc0d00e3e9e851be8303fdce0078f67f
parent5e1694cfaa768d2c1bea4fccd1cb5fce7504f803 (diff)
Update authentication types description
Issue-ID: DCAEGEN2-1913 Signed-off-by: pawel <pawel.kasperkiewicz@nokia.com> Change-Id: Ic8b611a65c1c7eb781265b2481f60952b7abfb24
-rw-r--r--docs/sections/services/ves-http/architecture.rst2
-rw-r--r--docs/sections/services/ves-http/installation.rst4
-rw-r--r--docs/sections/services/ves-http/tls-authentication.rst20
3 files changed, 4 insertions, 22 deletions
diff --git a/docs/sections/services/ves-http/architecture.rst b/docs/sections/services/ves-http/architecture.rst
index 41f3e8f1..960c9cc5 100644
--- a/docs/sections/services/ves-http/architecture.rst
+++ b/docs/sections/services/ves-http/architecture.rst
@@ -33,7 +33,7 @@ Features Supported
------------------
- VES collector deployed as docker containers
- Acknowledgement to sender with appropriate response code (both successful and failure)
-- Authentication of the events posted to collector (support 4 types of authentication setting)
+- Authentication of the events posted to collector (support 2 types of authentication setting)
- Support single or batch JSON events input
- Schema validation (against standard VES definition)
- Multiple schema support and backward compatibility
diff --git a/docs/sections/services/ves-http/installation.rst b/docs/sections/services/ves-http/installation.rst
index 3f8f943a..0e399301 100644
--- a/docs/sections/services/ves-http/installation.rst
+++ b/docs/sections/services/ves-http/installation.rst
@@ -34,9 +34,7 @@ Authentication Support
VES Collector support following authentication types
* *auth.method=noAuth* default option - no security (http)
- * *auth.method=certOnly* is used to enable mutual TLS authentication (https)
* *auth.method=certBasicAuth* is used to enable mutual TLS authentication or/and basic HTTPs authentication
- * *auth.method=basicAuth* is used to enable basic HTTPs authentication
Default ONAP deployed VESCOllector is configured for "noAuth". If VESCollector instance need to be deployed with authentication enabled, follow below setup
@@ -218,7 +216,7 @@ In this case blueprint can be deleted explicitly using this command.
cfy blueprint delete ves-tls
-Known Issue : When VESCollector is required to be deployed with authentication enabled *auth.method=certOnly* or *auth.method: certBasicAuth* or *auth.method: basicAuth*
+Known Issue : When VESCollector is required to be deployed with authentication enabled *auth.method: certBasicAuth*
the blueprint currently disables healthcheck parameters configuration (below). This causes no readiness probe to be deployed in K8S when VES Collector is deployed with authentication enabled.
diff --git a/docs/sections/services/ves-http/tls-authentication.rst b/docs/sections/services/ves-http/tls-authentication.rst
index 1ace3937..12301383 100644
--- a/docs/sections/services/ves-http/tls-authentication.rst
+++ b/docs/sections/services/ves-http/tls-authentication.rst
@@ -22,18 +22,10 @@ Of course, mutual TLS authentication requires also server certificates, so follo
* *collector.keystore.file.location* - a path to jks key store containing certificates which can be used for TLS handshake
* *collector.keystore.passwordfile* - a path to file containing a password for the key store
-Property *auth.method* is used to manage security mode, possible configuration: noAuth, basicAuth, certOnly, certBasicAuth
+Property *auth.method* is used to manage security mode, possible configuration: noAuth, certBasicAuth
* *auth.method=noAuth* default option - no security (http)
- * *auth.method=certOnly* is used to enable mutual TLS authentication (https)
-
- * client without cert and without basic auth = :red:`Authentication failure`
- * client without cert and wrong basic auth = :red:`Authentication failure`
- * client without cert and correct basic auth = :red:`Authentication failure`
- * client with cert and without/wrong basic auth = :green:`Authentication successful`
- * client with cert and correct basic auth = :green:`Authentication successful`
-
* *auth.method=certBasicAuth* is used to enable mutual TLS authentication or/and basic HTTPs authentication
* client without cert and without basic auth = :red:`Authentication failure`
@@ -42,13 +34,5 @@ Property *auth.method* is used to manage security mode, possible configuration:
* client with cert and without/wrong basic auth = :green:`Authentication successful`
* client with cert and correct basic auth = :green:`Authentication successful`
- * *auth.method=basicAuth* is used to enable basic HTTPs authentication
-
- * client without cert and without basic auth = :red:`Authentication failure`
- * client without cert and wrong basic auth = :red:`Authentication failure`
- * client without cert and correct basic auth = :green:`Authentication successful`
- * client with cert and without/wrong basic auth = :red:`Authentication failure`
- * client with cert and correct basic auth = :green:`Authentication successful`
-
-When application is in certOnly or certBasicAuth mode then certificates are also validated by regexp in /etc/certSubjectMatcher.properties,
+When application is in certBasicAuth mode then certificates are also validated by regexp in /etc/certSubjectMatcher.properties,
only SubjectDn field in certificate description are checked. Default regexp value is .* means that we approve all SubjectDN values.