6 files changed, 68 insertions, 5 deletions

diff --git a/ChangeLog.md b/ChangeLog.md
index 71de2fc..80e80cf 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -5,10 +5,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/) 
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
-## []
+## [1.3.0]
 
 * Add non-root user in Docker image so that the inventory service can be run in non-privileged mode for security reasons DCAEGEN2-1555
 * Change base image to alpine based DCAEGEN2-1566
+* Support calling inventory using HTTPS DCAEGEN2-1597
 
 ## [1.1.3]
 
diff --git a/README.md b/README.md
index 540d0e9..4128632 100644
--- a/README.md
+++ b/README.md
@@ -43,3 +43,14 @@ Usage of production mode when config is remote stored in Consul:
 ```
 java -jar dcae-service-change-handler-0.1.0.jar prod http://consul:8500/v1/kv/service-change-handler?raw=true
 ```
+
+#### Use script
+
+[`sch.sh`](resources/sch.sh) is a script to run service change handler that connects with inventory using HTTPS.  The script attempts to add a custom CA cert to the OS's key store `/etc/ssl/certs/java/cacerts` and then launches service change handler.  The custom CA cert is used to validate the server-side cert provided by inventory at runtime.
+
+The script uses the following environment variables:
+
+Name | Description | Default
+---- | ----------- | -------
+`PATH_TO_CACERT` | Local file path to the CA cert that needs to be added to the keystore | `/opt/cert/cacert.pem`
+`SCH_ARGS` | Args to be passed into the SCH run command | `prod http://consul:8500/v1/kv/service-change-handler?raw=true`
diff --git a/pom.xml b/pom.xml
index 82975c3..172a81d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property.
 
     <groupId>org.onap.dcaegen2.platform</groupId>
     <artifactId>servicechange-handler</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
     <!-- Not sure why clojure-maven-plugin says packaging should be "clojure" -->
     <packaging>jar</packaging>
 
@@ -224,12 +224,15 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property.
                     <baseImage>openjdk:8-jre-alpine</baseImage>
                     <user>sch</user>
                     <runs>
+                        <run>apk update</run>
+                        <run>apk add bash</run>
+                        <run>chmod 666 /etc/ssl/certs/java/cacerts</run>
                         <run>addgroup -S sch</run>
                         <run>adduser -S -G sch sch</run>
                     </runs>
                     <!-- NOTE: Couldn't figure out how to package the jar to be named: ${project.build.finalName}. This might be
                             because of the clojure maven plugin -->
-                    <cmd>["java", "-jar", "/opt/servicechange-handler.jar", "prod", "http://consul:8500/v1/kv/service-change-handler?raw=true"]</cmd>
+                    <cmd>["sch.sh"]</cmd>
                     <!-- copy the service's jar file from target into the root directory of the image -->
                     <resources>
                         <resource>
@@ -241,6 +244,7 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property.
                             <targetPath>/opt</targetPath>
                             <directory>${project.basedir}/resources</directory>
                             <include>health.sh</include>
+                            <include>sch.sh</include>
                         </resource>
                     </resources>
                     <exposes>
diff --git a/project.clj b/project.clj
index 3731a39..d1b95a8 100644
--- a/project.clj
+++ b/project.clj
@@ -21,7 +21,7 @@
 ; Using lein for REPL and testing because couldn't get Maven clojure plugin to work
 ; for these functional areas.
 
-(defproject service-change-handler "0.1.0"
+(defproject service-change-handler "1.3.0"
   :description "Service change handler"
   :dependencies [[org.clojure/clojure "1.8.0"]
                  [cheshire/cheshire "5.8.0"]
diff --git a/resources/sch.sh b/resources/sch.sh
new file mode 100755
index 0000000..0a68858
--- /dev/null
+++ b/resources/sch.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+# ================================================================================
+# Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+
+# The following variables are checked if set, if not set then an error is raised
+# PATH_TO_CACERT is the full file path to the cacert that must be added to the
+# existing keystore
+if [ -z "$PATH_TO_CACERT" ]; then
+    # TODO: Make this variable not required and thus not do the keytool call
+    echo "Missing required environment variable: PATH_TO_CACERT"
+    echo "Please set this variable to the full local path of the CA cert pem file that is to be added"
+    echo "Example: PATH_TO_CACERT=/opt/cert/cacert.pem"
+    exit 1
+fi
+
+# SCH_ARGS are all the args to be passed into the SCH java run command
+if [ -z "$SCH_ARGS" ]; then
+    echo "Missing required environment variable: SCH_ARGS"
+    echo "Please set this variable to the command-line args to be used to run service change handler"
+    echo "Example: SCH_ARGS=prod /opt/config.json"
+    echo "Example: SCH_ARGS=prod http://consul:8500/v1/kv/service-change-handler?raw=true"
+    exit 1
+fi
+
+# Add the cacert to validate inventory's cert to support TLS.  This command is
+# allowed to fail when there is no need for https.
+# NOTE: This user must have permission to write to /etc/ssl/certs/java/cacerts
+keytool -importcert -file $PATH_TO_CACERT -keystore /etc/ssl/certs/java/cacerts -alias "inventory" -noprompt -storepass changeit
+
+# Now launch SCH
+java -jar /opt/servicechange-handler.jar $SCH_ARGS
+
diff --git a/version.properties b/version.properties
index 00ef564..7d6815b 100644
--- a/version.properties
+++ b/version.properties
@@ -1,5 +1,5 @@
 major=1
-minor=2
+minor=3
 patch=0
 base_version=${major}.${minor}.${patch}
 release_version=${base_version}