From 49d2deae8aa7b57ecf6fb692803594c1bae8e8bf Mon Sep 17 00:00:00 2001 From: dfarrelly Date: Wed, 3 Apr 2019 14:40:31 +0000 Subject: Add support for HTTPS *Add AAF certificates *Switch PM Mapper endpoints to HTTPS *Make external API calls secure if applicable Issue-ID: DCAEGEN2-1296 Change-Id: I63aef8a93cfe6d6a37dcd32496b35ed0841cec4b Signed-off-by: dfarrelly --- dpo/blueprints/k8s-pm-mapper.yaml | 64 ++++++++++++++++++++++++++------------- 1 file changed, 43 insertions(+), 21 deletions(-) (limited to 'dpo/blueprints/k8s-pm-mapper.yaml') diff --git a/dpo/blueprints/k8s-pm-mapper.yaml b/dpo/blueprints/k8s-pm-mapper.yaml index 88fb44a..0944da3 100644 --- a/dpo/blueprints/k8s-pm-mapper.yaml +++ b/dpo/blueprints/k8s-pm-mapper.yaml @@ -22,17 +22,17 @@ tosca_definitions_version: cloudify_dsl_1_3 imports: - "http://www.getcloudify.org/spec/cloudify/3.4/types.yaml" - - "https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R3/k8splugin/1.4.4/k8splugin_types.yaml" + - "https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R4/k8splugin/1.4.5/k8splugin_types.yaml" inputs: service_name: type: string description: Name of the serice - default: "pm-mapper" + default: "dcae-pm-mapper" tag_version: type: string description: Docker image to be used - default: "nexus3.onap.org:10001/onap/org.onap.dcaegen2.services.pm-mapper:1.0-SNAPSHOT" + default: "nexus3.onap.org:10001/onap/org.onap.dcaegen2.services.pm-mapper:latest" replicas: type: integer description: Number of instances @@ -55,11 +55,11 @@ inputs: default: "ves-pub-1" dmaap_dr_username: type: string - description: dmaap datarouter user name + description: DMAAP Data Router user name default: "username" dmaap_dr_password: type: string - description: dmaap datarouter password + description: DMAAP Data Router password default: "password" dcae_location: type: string @@ -69,42 +69,54 @@ inputs: type: string description: Subscriber id in Data Router default: "" + pm_mapper_service_protocol: + type: string + description: PM Mapper protocol + default: "https" + pm_mapper_service_port: + type: string + description: PM Mapper host port + default: "8443" dmaap_buscontroller_service_host: type: string description: DMAAP Bus Controller host address default: "dmaap-bc.onap.svc.cluster.local" dmaap_buscontroller_service_port: type: string - description: DMAAP bus Controller host port + description: DMAAP Bus Controller host port default: "8080" dmaap_dr_feed_id: type: string - description: ID of the data router feed that the PM Mapper will subscribe to + description: ID of the Data Router feed that the PM Mapper will subscribe to default: "1" dmaap_dr_service_host: type: string description: DMAAP Data Router host address - default: "dmaap-dr-node.onap.svc.cluster.local" + default: "dmaap-dr-node" dmaap_dr_service_port: type: string description: DMAAP Data Router host port default: "8443" dmaap_mr_service_host: type: string - description: DMAAP Data Router host address - default: "message-router.onap.svc.cluster.local" + description: DMAAP Message Router host address + default: "dmaap-mr" dmaap_mr_service_port: type: string - description: DMAAP Data Router host port - default: "3904" + description: DMAAP Message Router host port + default: "3905" dmaap_mr_topic_name: type: string - description: Name of MR topic events will be published to + description: Name of Message Router topic events will be published to default: "pm-mapper-ves" filter: type: string - description: PM mapper filter on measInfo, measInfoId, measType, instanceId + description: PM Mapper filter on measInfo, measInfoId, measType, instanceId default: "{ \"filters\":[]}" + enable_http: + type: boolean + description: Option to turn on HTTP connections + default: false node_templates: pm-mapper: @@ -113,18 +125,25 @@ node_templates: start: inputs: ports: - - '8080:0' + - '8443:0' + - '8081:0' properties: application_config: + enable_http: + { get_input: enable_http } + trust_store_path: "/opt/app/pm-mapper/etc/cert/trust.jks.b64" + trust_store_pass_path: "/opt/app/pm-mapper/etc/cert/trust.pass" + key_store_path: "/opt/app/pm-mapper/etc/cert/cert.jks.b64" + key_store_pass_path: "/opt/app/pm-mapper/etc/cert/cert.pass" buscontroller_feed_subscription_endpoint: { concat: ["http://", { get_input: dmaap_buscontroller_service_host }, ":", { get_input: dmaap_buscontroller_service_port}, "/webapi/dr_subs"]} dmaap_dr_feed_id: get_input: dmaap_dr_feed_id dmaap_dr_delete_endpoint: - { concat: ["http://", { get_input: dmaap_dr_service_host }, + { concat: ["https://", { get_input: dmaap_dr_service_host }, ":", { get_input: dmaap_dr_service_port}, "/delete"]} - filters: + pm-mapper-filter: get_input: filter streams_subscribes: dmaap_subscriber: @@ -140,8 +159,8 @@ node_templates: subscriber_id: get_input: subscriber_id delivery_url: - { concat: ["http://", { get_input: service_name }, ".onap.svc.cluster.local", - ":8081/delivery"]} + { concat: [{ get_input: pm_mapper_service_protocol },"://", { get_input: service_name }, ".onap.svc.cluster.local", + ":", { get_input: pm_mapper_service_port }, "/delivery"]} streams_publishes: dmaap_publisher: aaf_username: @@ -156,7 +175,7 @@ node_templates: client_id: get_input: client_id topic_url: - { concat: ["http://", { get_input: dmaap_mr_service_host }, + { concat: ["https://", { get_input: dmaap_mr_service_host }, ":", { get_input: dmaap_mr_service_port }, "/events/", { get_input: dmaap_mr_topic_name }]} location: get_input: dcae_location @@ -165,7 +184,7 @@ node_templates: endpoint: /healthcheck interval: 15s timeout: 1s - type: http + type: https image: get_input: tag_version replicas: { get_input: replicas } @@ -173,4 +192,7 @@ node_templates: dns_name: { get_input: service_name } log_info: log_directory: "/var/log/ONAP/dcaegen2/services/pm-mapper" + tls_info: + cert_directory: "/opt/app/pm-mapper/etc/cert/" + use_tls: true type: dcae.nodes.ContainerizedPlatformComponent \ No newline at end of file -- cgit 1.2.3-korg