aboutsummaryrefslogtreecommitdiffstats
path: root/README.md
diff options
context:
space:
mode:
authorAlex Shatov <alexs@att.com>2018-09-14 16:54:05 -0400
committerAlex Shatov <alexs@att.com>2018-09-14 16:54:05 -0400
commit6556fd79eb177d8ed7c390d56410b42afb4a0c70 (patch)
treea45f57fbdd4ba1468390868371484d299d23ed8c /README.md
parent1d693376205c66af93283d04e8e9740c947a7d02 (diff)
4.3.0 policy-handler - tls to policy-engine
- tls to policy-engine - tls on web-socket to policy-engine - tls to deployment-handler - no tls on the web-server side = that is internal API = will add TLS in R4 - policy-handler expecting the deployment process to mount certs at /opt/app/policy_handler/etc/tls/certs/ - blueprint for policy-handler will be updated to contain cert_directory : /opt/app/policy_handler/etc/tls/certs/ - the matching local etc/config.json has new part tls with: = cert_directory : etc/tls/certs/ = cacert : cacert.pem - new optional fields tls_ca_mode in config on consul that specify where to find the cacert.pem for tls per each https/web-socket values are: "cert_directory" - use the cacert.pem stored locally in cert_directory this is the default if cacert.pem file is found "os_ca_bundle" - use the public ca_bundle provided by linux system. this is the default if cacert.pem file not found "do_not_verify" - special hack to turn off the verification by cacert and hostname - config on consul now has 2 new fields for policy_engine = "tls_ca_mode" : "cert_directory" = "tls_wss_ca_mode" : "cert_directory" - config on consul now has 1 new field for deploy_handler = "tls_ca_mode" : "cert_directory" - removed customization for verify -- it is now a built-in feature Change-Id: Ibe9120504ed6036d1ed4c84ff4cd8ad1d9e80f17 Signed-off-by: Alex Shatov <alexs@att.com> Issue-ID: DCAEGEN2-611
Diffstat (limited to 'README.md')
-rw-r--r--README.md11
1 files changed, 0 insertions, 11 deletions
diff --git a/README.md b/README.md
index 75ff79a..15c9002 100644
--- a/README.md
+++ b/README.md
@@ -119,17 +119,6 @@ class Customizer(CustomizerBase):
service_url = super().get_service_url(audit, service_name, service)
audit.info("TODO: customization for service_url on {0}".format(service_name))
return service_url
-
- def get_deploy_handler_kwargs(self, audit):
- """
- returns the optional dict-kwargs for requests.post to deploy-handler
-
- this is just a sample code - replace it with the real customization
- """
- kwargs = {"verify": "/usr/local/share/ca-certificates/aafcacert.crt"}
- audit.info("kwargs for requests.post to deploy-handler: {0}".format(json.dumps(kwargs)))
- return kwargs
-
```
----------