diff options
author | Alex Shatov <alexs@att.com> | 2018-09-17 16:21:53 -0400 |
---|---|---|
committer | Alex Shatov <alexs@att.com> | 2018-09-17 16:21:53 -0400 |
commit | cb017456dbe09fc8f3e5270e641ab8f323ecde76 (patch) | |
tree | f62de1c4b25754700f0138785a9874db8170d83d | |
parent | ceda84d021dde70299f96984ca7aec16740854be (diff) |
3.0.2 tls web-server under k8s3.0.2
- external version 3.0.2
- internal version 5.0.2 for code change - no API change
- https server is enabled when either of the following pairs
are found in fs:
1. etc/cert/cert and etc/cert/pass (old behavior)
2. etc/cert/cert.p12 and etc/cert/p12.pass - added alternative
- hide secrets when logging the config
- changed Dockerfile to copy the whole etc/ folder
that might contain etc/cert/* files - easier to test
- replaced CRLF with LF in swagger-ui.js - no code change
- unit tested
Coverage summary
Statements : 77.45% ( 910/1175 )
Branches : 53.7% ( 283/527 )
Functions : 79.9% ( 159/199 )
Lines : 77.85% ( 900/1156 )
Change-Id: I921e0d6ac9573f60fa98910f799f9d034b573542
Signed-off-by: Alex Shatov <alexs@att.com>
Issue-ID: DCAEGEN2-780
-rw-r--r-- | Dockerfile | 39 | ||||
-rw-r--r-- | Dockerfile_UT | 6 | ||||
-rw-r--r-- | deployment-handler.js | 5 | ||||
-rw-r--r-- | lib/config.js | 44 | ||||
-rw-r--r-- | lib/swagger-ui.js | 62 | ||||
-rw-r--r-- | lib/utils.js | 19 | ||||
-rw-r--r-- | package.json | 2 | ||||
-rw-r--r-- | pom.xml | 2 | ||||
-rw-r--r-- | version.properties | 2 |
9 files changed, 106 insertions, 75 deletions
@@ -1,19 +1,30 @@ FROM node:6.10.3 -MAINTAINER maintainer -ENV INSROOT /opt/app + +ENV INSROOT /opt/app ENV APPUSER dh -RUN mkdir -p ${INSROOT}/${APPUSER}/lib \ - && mkdir -p ${INSROOT}/${APPUSER}/etc \ - && mkdir -p ${INSROOT}/${APPUSER}/log \ - && useradd -d ${INSROOT}/${APPUSER} ${APPUSER} -COPY *.js ${INSROOT}/${APPUSER}/ -COPY *.json ${INSROOT}/${APPUSER}/ -COPY *.yaml ${INSROOT}/${APPUSER}/ -COPY lib ${INSROOT}/${APPUSER}/lib/ -COPY etc/log4js.json ${INSROOT}/${APPUSER}/etc/log4js.json -WORKDIR ${INSROOT}/${APPUSER} -RUN npm install --only=production && chown -R ${APPUSER}:${APPUSER} ${INSROOT}/${APPUSER} && npm remove -g npm +ENV APPDIR ${INSROOT}/${APPUSER} + +RUN mkdir -p ${APPDIR}/lib \ + && mkdir -p ${APPDIR}/etc \ + && mkdir -p ${APPDIR}/log \ + && useradd -d ${APPDIR} ${APPUSER} + +COPY *.js ${APPDIR}/ +COPY *.json ${APPDIR}/ +COPY *.txt ${APPDIR}/ +COPY *.yaml ${APPDIR}/ +COPY ./lib/ ${APPDIR}/lib/ +COPY ./etc/ ${APPDIR}/etc/ + +WORKDIR ${APPDIR} + +RUN npm install --only=production \ + && chown -R ${APPUSER}:${APPUSER} ${APPDIR} \ + && npm remove -g npm \ + && ls -laR -Inode_modules + USER ${APPUSER} -VOLUME ${INSROOT}/${APPUSER}/log +VOLUME ${APPDIR}/log EXPOSE 8443 + ENTRYPOINT ["/usr/local/bin/node", "deployment-handler.js"] diff --git a/Dockerfile_UT b/Dockerfile_UT index df4ddac..e6a6509 100644 --- a/Dockerfile_UT +++ b/Dockerfile_UT @@ -14,10 +14,11 @@ RUN mkdir -p ${APPDIR}/lib \ COPY *.js ${APPDIR}/ COPY *.json ${APPDIR}/ +COPY *.txt ${APPDIR}/ COPY *.yaml ${APPDIR}/ COPY ./lib/ ${APPDIR}/lib/ COPY ./tests/ ${APPDIR}/tests/ -COPY ./etc/log4js.json ${APPDIR}/etc/log4js.json +COPY ./etc/ ${APPDIR}/etc/ RUN npm install \ && chown -R ${APPUSER}:${APPUSER} ${APPDIR} \ @@ -25,7 +26,8 @@ RUN npm install \ && chmod 777 ${APPDIR}/tests \ && chmod 777 ${APPDIR}/log \ && chmod 777 ${APPDIR}/etc \ - && ls -la && ls -la ./tests + && pwd \ + && ls -laR -Inode_modules USER ${APPUSER} VOLUME ${APPDIR}/log diff --git a/deployment-handler.js b/deployment-handler.js index 02a0750..edbf84e 100644 --- a/deployment-handler.js +++ b/deployment-handler.js @@ -26,6 +26,7 @@ const http = require('http'); const https = require('https'); const express = require('express'); const conf = require('./lib/config'); +const utils = require("./lib/utils"); const createError = require('./lib/dispatcher-error').createDispatcherError; /* Paths for API routes */ @@ -77,8 +78,8 @@ const start = function(config) { }; process.mainModule.exports.config = config; - log.info(null, "Configuration: " + JSON.stringify(config)); - console.log( (new Date()) + ": Configuration: " + JSON.stringify(config, undefined, 2) ); + log.info(null, "Configuration: " + JSON.stringify(config, utils.hideSecrets)); + console.log((new Date()) + ": Configuration: " + JSON.stringify(config, utils.hideSecrets, 2) ); set_app(); diff --git a/lib/config.js b/lib/config.js index fd7d38c..8daa87f 100644 --- a/lib/config.js +++ b/lib/config.js @@ -52,10 +52,12 @@ See the License for the specific language governing permissions and limitations * Basic authentication and supply "admin" as a user name with "admin123" as the password or * supply "other" as the user name with "other123" as the password. * - * The dispatcher will attempt to run using TLS (i.e., as an HTTPS server) if a certificate - * file in pkcs12 format is stored at etc/cert/cert and a file containing the corresponding - * passphrase is stored at etc/cert/pass. These files can be made available to the container - * running the dispatcher by mounting a volume to the container. + * The deployment-handler will attempt to run its web-server using TLS (i.e., as an HTTPS server) + * if a certificate file in pkcs12 format is stored at etc/cert/cert and a file containing the + * corresponding passphrase is stored at etc/cert/pass. + * - alternative files can be at etc/cert/cert.p12 and etc/cert/p12.pass, respectively. + * These files can be made available to the container running the deployment-handler by + * mounting a volume to the container. */ "use strict"; @@ -65,6 +67,9 @@ const consul = require("./consul"); const SSL_CERT_FILE = "etc/cert/cert"; const SSL_PASS_FILE = "etc/cert/pass"; +const SSL_CERT_P12_FILE = "etc/cert/cert.p12"; +const SSL_P12_PASS_FILE = "etc/cert/p12.pass"; + const PACKAGE_JSON_FILE = "./package.json"; const CONFIG_KEY = "deployment_handler"; /* Configuration is stored under the name "deployment_handler" */ @@ -120,21 +125,21 @@ const getFileContents = function(path) { else { resolve(data); } - }) - }) + }); + }); }; /* Check for a TLS cert file and passphrase */ -const getTLSCredentials = function() { - var ssl = {}; +const getTLSCredentials = function(ssl_pass_file, ssl_cert_file) { + const ssl = {}; /* Get the passphrase */ - return getFileContents(SSL_PASS_FILE) + return getFileContents(ssl_pass_file) .then(function(phrase) { ssl.passphrase = phrase.toString('utf8').trim(); /* Get the cert */ - return getFileContents(SSL_CERT_FILE); + return getFileContents(ssl_cert_file); }) .then(function(cert) { @@ -143,9 +148,10 @@ const getTLSCredentials = function() { }) .catch(function(err) { - return {}; + console.log((new Date()) + ": getTLSCredentials", err.toString()); + return; }); -} +}; exports.configure = function() { const config = {}; @@ -202,11 +208,17 @@ exports.configure = function() { .then(function(invService) { config.inventory.url = config.inventory.protocol + "://" + invService.address + ":" + invService.port + INV_API_PATH; - /* Get TLS credentials, if they exist */ - return getTLSCredentials(); + console.log((new Date()) + ": looking for tls files", SSL_PASS_FILE, SSL_CERT_FILE); + return getTLSCredentials(SSL_PASS_FILE, SSL_CERT_FILE); + }) + .then(function(tls) { + if (tls) {return tls;} + + console.log((new Date()) + ": looking for alternative tls files", SSL_P12_PASS_FILE, SSL_CERT_P12_FILE); + return getTLSCredentials(SSL_P12_PASS_FILE, SSL_CERT_P12_FILE); }) .then(function(tls) { - config.ssl = tls; + if (tls) {config.ssl = tls;} /* Check for missing required configuration parameters */ const missing = findMissingConfig(config); @@ -214,7 +226,7 @@ exports.configure = function() { throw new Error ("Required configuration elements missing: " + missing.join(',')); config = null; } - console.log( (new Date()) + ": config -> " + JSON.stringify(config, undefined, 2)); + console.log((new Date()) + ": config -> " + JSON.stringify(config, utils.hideSecrets, 2)); return config; }); }; diff --git a/lib/swagger-ui.js b/lib/swagger-ui.js index 8c50255..e397c75 100644 --- a/lib/swagger-ui.js +++ b/lib/swagger-ui.js @@ -1,31 +1,31 @@ -/*
-Copyright(c) 2017 AT&T Intellectual Property. All rights reserved.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and limitations under the License.
-*/
-
-/**
- * swagger-ui for deployment-handler API
- */
-
-"use strict";
-
-// ========================================================
-
-const app = require('express')();
-const swaggerUi = require('swagger-ui-express');
-const YAML = require('yamljs');
-const swaggerDocument = YAML.load('./deployment-handler-API.yaml');
-app.use("/", swaggerUi.serve, swaggerUi.setup(swaggerDocument));
-
-module.exports = app;
+/* +Copyright(c) 2017 AT&T Intellectual Property. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. + +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR +CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and limitations under the License. +*/ + +/** + * swagger-ui for deployment-handler API + */ + +"use strict"; + +// ======================================================== + +const app = require('express')(); +const swaggerUi = require('swagger-ui-express'); +const YAML = require('yamljs'); +const swaggerDocument = YAML.load('./deployment-handler-API.yaml'); +app.use("/", swaggerUi.serve, swaggerUi.setup(swaggerDocument)); + +module.exports = app; diff --git a/lib/utils.js b/lib/utils.js index 70146e3..8caf280 100644 --- a/lib/utils.js +++ b/lib/utils.js @@ -1,16 +1,16 @@ /* -Copyright(c) 2017 AT&T Intellectual Property. All rights reserved. +Copyright(c) 2017-2018 AT&T Intellectual Property. All rights reserved. -Licensed under the Apache License, Version 2.0 (the "License"); +Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, +Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR -CONDITIONS OF ANY KIND, either express or implied. +CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ @@ -26,14 +26,19 @@ exports.hasProperty = function(o, key) { if (typeof(o) === 'object' && o !== null && (e in o) && (typeof o[e] !== 'undefined')) { o = o[e]; return true; - } + } else { return false; - } + } }); }; /* Generate a random ID string */ exports.generateId = function() { - return uuid(); + return uuid(); +}; + +const hide_fields = ["passphrase", "pfx"]; +exports.hideSecrets = function(key, value) { + return (key && hide_fields.includes(key) && "*") || value; }; diff --git a/package.json b/package.json index 4611db6..e8083fd 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "onap-dcae-deployment-handler", - "version": "5.0.1", + "version": "5.0.2", "description": "ONAP DCAE Deployment Handler", "main": "deployment-handler.js", "dependencies": { @@ -29,7 +29,7 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property. <groupId>org.onap.dcaegen2.platform</groupId> <artifactId>deployment-handler</artifactId> <name>dcaegen2-platform-deployment-handler</name> - <version>3.0.1-SNAPSHOT</version> + <version>3.0.2-SNAPSHOT</version> <url>http://maven.apache.org</url> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> diff --git a/version.properties b/version.properties index 77d3d8c..40a0e39 100644 --- a/version.properties +++ b/version.properties @@ -1,6 +1,6 @@ major=3
minor=0
-patch=1
+patch=2
base_version=${major}.${minor}.${patch}
release_version=${base_version}
snapshot_version=${base_version}-SNAPSHOT
|