aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlex Shatov <alexs@att.com>2018-09-17 16:21:53 -0400
committerAlex Shatov <alexs@att.com>2018-09-17 16:21:53 -0400
commitcb017456dbe09fc8f3e5270e641ab8f323ecde76 (patch)
treef62de1c4b25754700f0138785a9874db8170d83d
parentceda84d021dde70299f96984ca7aec16740854be (diff)
3.0.2 tls web-server under k8s3.0.2
- external version 3.0.2 - internal version 5.0.2 for code change - no API change - https server is enabled when either of the following pairs are found in fs: 1. etc/cert/cert and etc/cert/pass (old behavior) 2. etc/cert/cert.p12 and etc/cert/p12.pass - added alternative - hide secrets when logging the config - changed Dockerfile to copy the whole etc/ folder that might contain etc/cert/* files - easier to test - replaced CRLF with LF in swagger-ui.js - no code change - unit tested Coverage summary Statements : 77.45% ( 910/1175 ) Branches : 53.7% ( 283/527 ) Functions : 79.9% ( 159/199 ) Lines : 77.85% ( 900/1156 ) Change-Id: I921e0d6ac9573f60fa98910f799f9d034b573542 Signed-off-by: Alex Shatov <alexs@att.com> Issue-ID: DCAEGEN2-780
-rw-r--r--Dockerfile39
-rw-r--r--Dockerfile_UT6
-rw-r--r--deployment-handler.js5
-rw-r--r--lib/config.js44
-rw-r--r--lib/swagger-ui.js62
-rw-r--r--lib/utils.js19
-rw-r--r--package.json2
-rw-r--r--pom.xml2
-rw-r--r--version.properties2
9 files changed, 106 insertions, 75 deletions
diff --git a/Dockerfile b/Dockerfile
index 284f124..b2eddc8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,19 +1,30 @@
FROM node:6.10.3
-MAINTAINER maintainer
-ENV INSROOT /opt/app
+
+ENV INSROOT /opt/app
ENV APPUSER dh
-RUN mkdir -p ${INSROOT}/${APPUSER}/lib \
- && mkdir -p ${INSROOT}/${APPUSER}/etc \
- && mkdir -p ${INSROOT}/${APPUSER}/log \
- && useradd -d ${INSROOT}/${APPUSER} ${APPUSER}
-COPY *.js ${INSROOT}/${APPUSER}/
-COPY *.json ${INSROOT}/${APPUSER}/
-COPY *.yaml ${INSROOT}/${APPUSER}/
-COPY lib ${INSROOT}/${APPUSER}/lib/
-COPY etc/log4js.json ${INSROOT}/${APPUSER}/etc/log4js.json
-WORKDIR ${INSROOT}/${APPUSER}
-RUN npm install --only=production && chown -R ${APPUSER}:${APPUSER} ${INSROOT}/${APPUSER} && npm remove -g npm
+ENV APPDIR ${INSROOT}/${APPUSER}
+
+RUN mkdir -p ${APPDIR}/lib \
+ && mkdir -p ${APPDIR}/etc \
+ && mkdir -p ${APPDIR}/log \
+ && useradd -d ${APPDIR} ${APPUSER}
+
+COPY *.js ${APPDIR}/
+COPY *.json ${APPDIR}/
+COPY *.txt ${APPDIR}/
+COPY *.yaml ${APPDIR}/
+COPY ./lib/ ${APPDIR}/lib/
+COPY ./etc/ ${APPDIR}/etc/
+
+WORKDIR ${APPDIR}
+
+RUN npm install --only=production \
+ && chown -R ${APPUSER}:${APPUSER} ${APPDIR} \
+ && npm remove -g npm \
+ && ls -laR -Inode_modules
+
USER ${APPUSER}
-VOLUME ${INSROOT}/${APPUSER}/log
+VOLUME ${APPDIR}/log
EXPOSE 8443
+
ENTRYPOINT ["/usr/local/bin/node", "deployment-handler.js"]
diff --git a/Dockerfile_UT b/Dockerfile_UT
index df4ddac..e6a6509 100644
--- a/Dockerfile_UT
+++ b/Dockerfile_UT
@@ -14,10 +14,11 @@ RUN mkdir -p ${APPDIR}/lib \
COPY *.js ${APPDIR}/
COPY *.json ${APPDIR}/
+COPY *.txt ${APPDIR}/
COPY *.yaml ${APPDIR}/
COPY ./lib/ ${APPDIR}/lib/
COPY ./tests/ ${APPDIR}/tests/
-COPY ./etc/log4js.json ${APPDIR}/etc/log4js.json
+COPY ./etc/ ${APPDIR}/etc/
RUN npm install \
&& chown -R ${APPUSER}:${APPUSER} ${APPDIR} \
@@ -25,7 +26,8 @@ RUN npm install \
&& chmod 777 ${APPDIR}/tests \
&& chmod 777 ${APPDIR}/log \
&& chmod 777 ${APPDIR}/etc \
- && ls -la && ls -la ./tests
+ && pwd \
+ && ls -laR -Inode_modules
USER ${APPUSER}
VOLUME ${APPDIR}/log
diff --git a/deployment-handler.js b/deployment-handler.js
index 02a0750..edbf84e 100644
--- a/deployment-handler.js
+++ b/deployment-handler.js
@@ -26,6 +26,7 @@ const http = require('http');
const https = require('https');
const express = require('express');
const conf = require('./lib/config');
+const utils = require("./lib/utils");
const createError = require('./lib/dispatcher-error').createDispatcherError;
/* Paths for API routes */
@@ -77,8 +78,8 @@ const start = function(config) {
};
process.mainModule.exports.config = config;
- log.info(null, "Configuration: " + JSON.stringify(config));
- console.log( (new Date()) + ": Configuration: " + JSON.stringify(config, undefined, 2) );
+ log.info(null, "Configuration: " + JSON.stringify(config, utils.hideSecrets));
+ console.log((new Date()) + ": Configuration: " + JSON.stringify(config, utils.hideSecrets, 2) );
set_app();
diff --git a/lib/config.js b/lib/config.js
index fd7d38c..8daa87f 100644
--- a/lib/config.js
+++ b/lib/config.js
@@ -52,10 +52,12 @@ See the License for the specific language governing permissions and limitations
* Basic authentication and supply "admin" as a user name with "admin123" as the password or
* supply "other" as the user name with "other123" as the password.
*
- * The dispatcher will attempt to run using TLS (i.e., as an HTTPS server) if a certificate
- * file in pkcs12 format is stored at etc/cert/cert and a file containing the corresponding
- * passphrase is stored at etc/cert/pass. These files can be made available to the container
- * running the dispatcher by mounting a volume to the container.
+ * The deployment-handler will attempt to run its web-server using TLS (i.e., as an HTTPS server)
+ * if a certificate file in pkcs12 format is stored at etc/cert/cert and a file containing the
+ * corresponding passphrase is stored at etc/cert/pass.
+ * - alternative files can be at etc/cert/cert.p12 and etc/cert/p12.pass, respectively.
+ * These files can be made available to the container running the deployment-handler by
+ * mounting a volume to the container.
*/
"use strict";
@@ -65,6 +67,9 @@ const consul = require("./consul");
const SSL_CERT_FILE = "etc/cert/cert";
const SSL_PASS_FILE = "etc/cert/pass";
+const SSL_CERT_P12_FILE = "etc/cert/cert.p12";
+const SSL_P12_PASS_FILE = "etc/cert/p12.pass";
+
const PACKAGE_JSON_FILE = "./package.json";
const CONFIG_KEY = "deployment_handler"; /* Configuration is stored under the name "deployment_handler" */
@@ -120,21 +125,21 @@ const getFileContents = function(path) {
else {
resolve(data);
}
- })
- })
+ });
+ });
};
/* Check for a TLS cert file and passphrase */
-const getTLSCredentials = function() {
- var ssl = {};
+const getTLSCredentials = function(ssl_pass_file, ssl_cert_file) {
+ const ssl = {};
/* Get the passphrase */
- return getFileContents(SSL_PASS_FILE)
+ return getFileContents(ssl_pass_file)
.then(function(phrase) {
ssl.passphrase = phrase.toString('utf8').trim();
/* Get the cert */
- return getFileContents(SSL_CERT_FILE);
+ return getFileContents(ssl_cert_file);
})
.then(function(cert) {
@@ -143,9 +148,10 @@ const getTLSCredentials = function() {
})
.catch(function(err) {
- return {};
+ console.log((new Date()) + ": getTLSCredentials", err.toString());
+ return;
});
-}
+};
exports.configure = function() {
const config = {};
@@ -202,11 +208,17 @@ exports.configure = function() {
.then(function(invService) {
config.inventory.url = config.inventory.protocol + "://" + invService.address + ":" + invService.port + INV_API_PATH;
- /* Get TLS credentials, if they exist */
- return getTLSCredentials();
+ console.log((new Date()) + ": looking for tls files", SSL_PASS_FILE, SSL_CERT_FILE);
+ return getTLSCredentials(SSL_PASS_FILE, SSL_CERT_FILE);
+ })
+ .then(function(tls) {
+ if (tls) {return tls;}
+
+ console.log((new Date()) + ": looking for alternative tls files", SSL_P12_PASS_FILE, SSL_CERT_P12_FILE);
+ return getTLSCredentials(SSL_P12_PASS_FILE, SSL_CERT_P12_FILE);
})
.then(function(tls) {
- config.ssl = tls;
+ if (tls) {config.ssl = tls;}
/* Check for missing required configuration parameters */
const missing = findMissingConfig(config);
@@ -214,7 +226,7 @@ exports.configure = function() {
throw new Error ("Required configuration elements missing: " + missing.join(','));
config = null;
}
- console.log( (new Date()) + ": config -> " + JSON.stringify(config, undefined, 2));
+ console.log((new Date()) + ": config -> " + JSON.stringify(config, utils.hideSecrets, 2));
return config;
});
};
diff --git a/lib/swagger-ui.js b/lib/swagger-ui.js
index 8c50255..e397c75 100644
--- a/lib/swagger-ui.js
+++ b/lib/swagger-ui.js
@@ -1,31 +1,31 @@
-/*
-Copyright(c) 2017 AT&T Intellectual Property. All rights reserved.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and limitations under the License.
-*/
-
-/**
- * swagger-ui for deployment-handler API
- */
-
-"use strict";
-
-// ========================================================
-
-const app = require('express')();
-const swaggerUi = require('swagger-ui-express');
-const YAML = require('yamljs');
-const swaggerDocument = YAML.load('./deployment-handler-API.yaml');
-app.use("/", swaggerUi.serve, swaggerUi.setup(swaggerDocument));
-
-module.exports = app;
+/*
+Copyright(c) 2017 AT&T Intellectual Property. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and limitations under the License.
+*/
+
+/**
+ * swagger-ui for deployment-handler API
+ */
+
+"use strict";
+
+// ========================================================
+
+const app = require('express')();
+const swaggerUi = require('swagger-ui-express');
+const YAML = require('yamljs');
+const swaggerDocument = YAML.load('./deployment-handler-API.yaml');
+app.use("/", swaggerUi.serve, swaggerUi.setup(swaggerDocument));
+
+module.exports = app;
diff --git a/lib/utils.js b/lib/utils.js
index 70146e3..8caf280 100644
--- a/lib/utils.js
+++ b/lib/utils.js
@@ -1,16 +1,16 @@
/*
-Copyright(c) 2017 AT&T Intellectual Property. All rights reserved.
+Copyright(c) 2017-2018 AT&T Intellectual Property. All rights reserved.
-Licensed under the Apache License, Version 2.0 (the "License");
+Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing,
+Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-CONDITIONS OF ANY KIND, either express or implied.
+CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and limitations under the License.
*/
@@ -26,14 +26,19 @@ exports.hasProperty = function(o, key) {
if (typeof(o) === 'object' && o !== null && (e in o) && (typeof o[e] !== 'undefined')) {
o = o[e];
return true;
- }
+ }
else {
return false;
- }
+ }
});
};
/* Generate a random ID string */
exports.generateId = function() {
- return uuid();
+ return uuid();
+};
+
+const hide_fields = ["passphrase", "pfx"];
+exports.hideSecrets = function(key, value) {
+ return (key && hide_fields.includes(key) && "*") || value;
};
diff --git a/package.json b/package.json
index 4611db6..e8083fd 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "onap-dcae-deployment-handler",
- "version": "5.0.1",
+ "version": "5.0.2",
"description": "ONAP DCAE Deployment Handler",
"main": "deployment-handler.js",
"dependencies": {
diff --git a/pom.xml b/pom.xml
index 03ed413..d161251 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property.
<groupId>org.onap.dcaegen2.platform</groupId>
<artifactId>deployment-handler</artifactId>
<name>dcaegen2-platform-deployment-handler</name>
- <version>3.0.1-SNAPSHOT</version>
+ <version>3.0.2-SNAPSHOT</version>
<url>http://maven.apache.org</url>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
diff --git a/version.properties b/version.properties
index 77d3d8c..40a0e39 100644
--- a/version.properties
+++ b/version.properties
@@ -1,6 +1,6 @@
major=3
minor=0
-patch=1
+patch=2
base_version=${major}.${minor}.${patch}
release_version=${base_version}
snapshot_version=${base_version}-SNAPSHOT