Age | Commit message (Collapse) | Author | Files | Lines |
|
- made consul-url configurable thru env var or local config
consul url is taken from env var $CONSUL_URL
if not provided, then from consul_url in etc/config.json
if not provided, then from hardcoded value of http://consul:8500
- per request from convergence team
- needed to avoid the collision between two consuls provided by
ONAP/OOM/DCAE and cloudify ver >= 4.x
Change-Id: Ic702c872bda3d851842ec41085480a9df200cbde
Signed-off-by: Alex Shatov <alexs@att.com>
Issue-ID: DCAEGEN2-822
|
|
- tls to policy-engine
- tls on web-socket to policy-engine
- tls to deployment-handler
- no tls on the web-server side
= that is internal API
= will add TLS in R4
- policy-handler expecting the deployment process
to mount certs at /opt/app/policy_handler/etc/tls/certs/
- blueprint for policy-handler will be updated to contain
cert_directory : /opt/app/policy_handler/etc/tls/certs/
- the matching local etc/config.json has new part tls with:
= cert_directory : etc/tls/certs/
= cacert : cacert.pem
- new optional fields tls_ca_mode in config on consul that
specify where to find the cacert.pem for tls per each https/web-socket
values are:
"cert_directory" - use the cacert.pem stored locally in cert_directory
this is the default if cacert.pem file is found
"os_ca_bundle" - use the public ca_bundle provided by linux system.
this is the default if cacert.pem file not found
"do_not_verify" - special hack to turn off the verification by cacert
and hostname
- config on consul now has 2 new fields for policy_engine
= "tls_ca_mode" : "cert_directory"
= "tls_wss_ca_mode" : "cert_directory"
- config on consul now has 1 new field for deploy_handler
= "tls_ca_mode" : "cert_directory"
- removed customization for verify -- it is now a built-in feature
Change-Id: Ibe9120504ed6036d1ed4c84ff4cd8ad1d9e80f17
Signed-off-by: Alex Shatov <alexs@att.com>
Issue-ID: DCAEGEN2-611
|
|
- reconfigure == periodically retrieve the policy-handler config
from consul-kv and compare to previous config and subconfigs.
If changed, reconfigure the subunits
- selectively change one or any settings for the following
= catch_up timer interval
= reconfigure timer interval
= deployment-handler url and params (thread-safe)
= policy-engine url and params (thread-safe)
= web-socket url to policy-engine (through a callback)
- each subunit has its own Settings that keep track of changes
- try-catch and metrics around discovery - consul API
- hidden the secrets from logs
- froze the web-socket version to 0.49.0 because 0.50.0
and 0.51.0 are broken - looking around for stable alternatives
- fixed-adapted the callbacks passed to the web-socket lib
that changed its API in 0.49.0 and later
- log the stack on the exception occurring in the web-socket lib
- unit test refactoring
Change-Id: Id53bad59660a197f59d9aeb7c05ab761d1060cd0
Signed-off-by: Alex Shatov <alexs@att.com>
Issue-ID: DCAEGEN2-470
|
|
- no change of functionality or API
- removed the unused enum34>=1.1.6 from requirements.txt and setup.py
- refactored run_policy.sh to redirect the stdout+stderr only once
- refactoring to remove smells+vulnerability reported by sonar
-- renamed Config.config to Config.settings
-- removed the commented out code in customizer.py
-- renamed StepTimer.NEXT to StepTimer.STATE_NEXT to avoid the
naming confusion with the method StepTimer.next.
Also renamed the related StepTimer.STATE_* constants
-- refactored several functions by extracting methods to eliminate
4 out of 5 "brain-overload" smells reported by sonar
-- moved the literal string for the socket_host "0.0.0.0" to a
constant on the web-server to avoid the reported vulnerability
Change-Id: I4c7d47d41c6ecd7cb28f6704f5dad2053c1ca7d6
Signed-off-by: Alex Shatov <alexs@att.com>
Issue-ID: DCAEGEN2-515
|
|
- migrated from python 2.7 to 3.6
- brought up the latest versions of dependencies
-- Cherrypy 15.0.0, requests 2.18.4, websocket-client 0.48.0
- fixed migration errors
-- renamed the standard package Queue to queue
-- dict.items() instead of dict.iteritems()
-- dict.keys() instead of dict.viewkeys()
-- range() instead of xrange()
-- subprocess.check_output(..., universal_newlines=True) to
get str instead of byte-stream from stdout
- cleaned up migration warnings
-- super() instead of super(A, self)
-- logger.warning() instead of .warn()
- moved main() from policy_handler.py to __main__.py
- getting the policy_handler version directly from setup.py
instead of the env var on init of the audit
Change-Id: I0fc4ddc51c08a64f3cfdc5d2f010b1c6a1ae92f0
Signed-off-by: Alex Shatov <alexs@att.com>
Issue-ID: DCAEGEN2-515
|
|
- added etc_customize/ folder and customize.sh script
= customize.sh script is expected to be overridden by company
to customize Docker image build
= the whole etc_customize/ folder is copied into docker image
= it is up to the company what to put into that folder - any files
- added customize/ folder with CustomizeBase and Customize classes
= CustomizeBase defines the interface and the default=ONAP behavior
= CustomizeBase is owned by ONAP and should not be changed
by the company
= Customize inherits CustomizeBase
= policy-handler instantiates Customize
to get the customized behavior
= Customize is owned by the company and should be changed
by the company = ONAP is not going to change Customize
= the methods of Customize are expected to be overridden
by the company to change the behavior of the policy-handler
= sample Customize class can be found in README.md
= Company is allowed to add more files to customize/ folder
if that is required for better structuring of their code
as soon as it is invoked by the methods of Customize
Change-Id: I46f8170afaaa48e1005e4398a768a781db0a0e6c
Signed-off-by: Alex Shatov <alexs@att.com>
Issue-ID: DCAEGEN2-379
|
|
- removed #org.onap.dcae from license text
Change-Id: I07f11e60c4677109ccb826c4e969b47acb4c498a
Signed-off-by: Alex Shatov <alexs@att.com>
Issue-ID: DCAEGEN2-347
|
|
Change-Id: I5626e0bbd3abaf96d8ab6a9b864329917b728c12
Signed-off-by: Lusheng Ji <lji@research.att.com>
Issue-ID: DCAEGEN2-325
|
|
Change-Id: I2a3628cb67d15ab2828f6818764d111df13e795a
Issue-ID: DCAEGEN2-249
Signed-off-by: Alex Shatov <alexs@att.com>
|
|
* new feature variable collection of policies per component in DCAE
* massive refactoring
* dissolved the external PolicyEngine.py into policy_receiver.py
- kept only the web-socket communication to PolicyEngine
* new /healthcheck - shows some stats of service running
* Unit Test coverage 75%
Change-Id: I816b7d5713ae0dd88fa73d3656f272b4f3e7946e
Issue-ID: DCAEGEN2-249
Signed-off-by: Alex Shatov <alexs@att.com>
|
|
PDP client (PolicyEngine.py) now can handle
two formats of ClientAuth to match what we have in config
* Basic <auth>
* <auth>
Change-Id: I4010d430a6675e3f259c1fc53b0b3373bd225352
Issue-Id: DCAEGEN2-128
Signed-off-by: Alex Shatov <alexs@att.com>
|
|
two formats of ClientAuth and Authorization
* Basic <auth>
* <auth>
Change-Id: I177a86caef6b2a2406277413d5de1972bcf19cfe
Issue-Id: DCAEGEN2-128
Signed-off-by: Alex Shatov <alexs@att.com>
|
|
usage on local run:
tox -c tox-local.ini
usage on ONAP run:
tox
Change-Id: Ic455f0f44f5b3bee92b60ea282851e72c3a12b7e
Issue-Id: DCAEGEN2-62
Signed-off-by: Alex Shatov <alexs@att.com>
|
|
* policy API to deployment-handler /policy
* removed pycrypto of config - the same way as other apps
* simple upload of config to consul - curl
* preparation for policy-handler blueprint
Change-Id: I424a1ded0795562ea36b5409304cbb8b5a7e8a24
Issue-Id: DCAEGEN2-62
Signed-off-by: Alex Shatov <alexs@att.com>
|
|
Change-Id: I35cd80b6e082f4b84740bab752774e8abc40ca35
Issue-Id: DCAEGEN2-46
Signed-off-by: Alex Shatov <alexs@att.com>
|