aboutsummaryrefslogtreecommitdiffstats
path: root/policyhandler/policy_consts.py
diff options
context:
space:
mode:
authorAlex Shatov <alexs@att.com>2018-09-14 16:54:05 -0400
committerAlex Shatov <alexs@att.com>2018-09-14 16:54:05 -0400
commit6556fd79eb177d8ed7c390d56410b42afb4a0c70 (patch)
treea45f57fbdd4ba1468390868371484d299d23ed8c /policyhandler/policy_consts.py
parent1d693376205c66af93283d04e8e9740c947a7d02 (diff)
4.3.0 policy-handler - tls to policy-engine
- tls to policy-engine - tls on web-socket to policy-engine - tls to deployment-handler - no tls on the web-server side = that is internal API = will add TLS in R4 - policy-handler expecting the deployment process to mount certs at /opt/app/policy_handler/etc/tls/certs/ - blueprint for policy-handler will be updated to contain cert_directory : /opt/app/policy_handler/etc/tls/certs/ - the matching local etc/config.json has new part tls with: = cert_directory : etc/tls/certs/ = cacert : cacert.pem - new optional fields tls_ca_mode in config on consul that specify where to find the cacert.pem for tls per each https/web-socket values are: "cert_directory" - use the cacert.pem stored locally in cert_directory this is the default if cacert.pem file is found "os_ca_bundle" - use the public ca_bundle provided by linux system. this is the default if cacert.pem file not found "do_not_verify" - special hack to turn off the verification by cacert and hostname - config on consul now has 2 new fields for policy_engine = "tls_ca_mode" : "cert_directory" = "tls_wss_ca_mode" : "cert_directory" - config on consul now has 1 new field for deploy_handler = "tls_ca_mode" : "cert_directory" - removed customization for verify -- it is now a built-in feature Change-Id: Ibe9120504ed6036d1ed4c84ff4cd8ad1d9e80f17 Signed-off-by: Alex Shatov <alexs@att.com> Issue-ID: DCAEGEN2-611
Diffstat (limited to 'policyhandler/policy_consts.py')
0 files changed, 0 insertions, 0 deletions