diff options
34 files changed, 47 insertions, 35 deletions
diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 4972492afc..ae22cb25ee 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -49,6 +49,15 @@ Summary **Security Notes** +*Fixed Security Issues* + +*Known Security Issues* + +* In default deployment OOM (consul-server-ui) exposes HTTP port 30270 outside of cluster. [`OJSI-134 <https://jira.onap.org/browse/OJSI-134>`_] +* Hard coded password used for all oom deployments [`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_] + +*Known Vulnerabilities in Used Modules* + OOM code has been formally scanned during build time using NexusIQ and no Critical vulnerability was found. diff --git a/kubernetes/appc/charts/appc-cdt/values.yaml b/kubernetes/appc/charts/appc-cdt/values.yaml index ba91c19ed5..13dcc1c75b 100644 --- a/kubernetes/appc/charts/appc-cdt/values.yaml +++ b/kubernetes/appc/charts/appc-cdt/values.yaml @@ -26,7 +26,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/appc-cdt-image:1.5.1 +image: onap/appc-cdt-image:1.5.2 pullPolicy: Always # application configuration diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties index 91ab8ff3ed..0e8b71cf53 100644 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties @@ -29,7 +29,7 @@ cadi_bath_convert=/opt/onap/appc/data/properties/bath_config.csv cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US cadi_keyfile=/opt/onap/appc/data/stores/org.onap.appc.keyfile cadi_keystore=/opt/onap/appc/data/stores/org.onap.appc.p12 -cadi_keystore_password=enc:4DVUTKvRCCtebQrKskDsuKFIHLzOf2M9XxNOhVIK4xb +cadi_keystore_password=enc:tQTHVtbdCuzqrQY1TBRt9SkFL9tCY3OzwbsfaVyAa2dOfZlI0krFOJSBnkm1WdGr #cadi_key_password=enc:<KEY PASSWORD (optional if the same as KEYSTORE PASSWORD)> cadi_alias=appc@appc.onap.org cadi_truststore=/opt/onap/appc/data/stores/truststoreONAPall.jks diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml index 633d4e5bb2..4998b2ec5a 100644 --- a/kubernetes/appc/values.yaml +++ b/kubernetes/appc/values.yaml @@ -31,7 +31,7 @@ global: flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/appc-image:1.5.1 +image: onap/appc-image:1.5.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml index 43b5f498c9..51e8e5bed1 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml @@ -40,7 +40,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-blueprintsprocessor:0.4.4 +image: onap/ccsdk-blueprintsprocessor:0.4.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/cds/charts/cds-command-executor/values.yaml b/kubernetes/cds/charts/cds-command-executor/values.yaml index 73f449bfd9..14432ecab2 100755 --- a/kubernetes/cds/charts/cds-command-executor/values.yaml +++ b/kubernetes/cds/charts/cds-command-executor/values.yaml @@ -40,7 +40,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-commandexecutor:0.4.4 +image: onap/ccsdk-commandexecutor:0.4.5 pullPolicy: Always # application configuration diff --git a/kubernetes/cds/charts/cds-controller-blueprints/values.yaml b/kubernetes/cds/charts/cds-controller-blueprints/values.yaml index 9030000719..c924b2bd5c 100755 --- a/kubernetes/cds/charts/cds-controller-blueprints/values.yaml +++ b/kubernetes/cds/charts/cds-controller-blueprints/values.yaml @@ -38,7 +38,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-controllerblueprints:0.4.4 +image: onap/ccsdk-controllerblueprints:0.4.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/cds/charts/cds-sdc-listener/values.yaml b/kubernetes/cds/charts/cds-sdc-listener/values.yaml index d4c0cd72fb..cd2fbf5ad4 100644 --- a/kubernetes/cds/charts/cds-sdc-listener/values.yaml +++ b/kubernetes/cds/charts/cds-sdc-listener/values.yaml @@ -37,7 +37,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-sdclistener:0.4.4 +image: onap/ccsdk-sdclistener:0.4.5 name: sdc-listener pullPolicy: Always diff --git a/kubernetes/cds/charts/cds-ui/values.yaml b/kubernetes/cds/charts/cds-ui/values.yaml index c7bf6ecdd5..036b888ea7 100644 --- a/kubernetes/cds/charts/cds-ui/values.yaml +++ b/kubernetes/cds/charts/cds-ui/values.yaml @@ -28,7 +28,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-cds-ui-server:0.4.4 +image: onap/ccsdk-cds-ui-server:0.4.5 pullPolicy: Always # application configuration diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml index 5965b4117e..954de3a953 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml +++ b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml @@ -34,7 +34,7 @@ busyboxImage: library/busybox:latest # application image repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-kibana:4.0.3 +image: onap/clamp-dashboard-kibana:4.0.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml b/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml index 356d64b72e..893860b839 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml +++ b/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml @@ -30,7 +30,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-logstash:4.0.3 +image: onap/clamp-dashboard-logstash:4.0.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml index 214eed6ccc..398c9ead9e 100644 --- a/kubernetes/clamp/values.yaml +++ b/kubernetes/clamp/values.yaml @@ -30,7 +30,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp:4.0.3 +image: onap/clamp:4.0.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/dcaegen2/charts/dcae-policy-handler/resources/config/config.json b/kubernetes/dcaegen2/charts/dcae-policy-handler/resources/config/config.json index 1db11ad476..7342ca633a 100644 --- a/kubernetes/dcaegen2/charts/dcae-policy-handler/resources/config/config.json +++ b/kubernetes/dcaegen2/charts/dcae-policy-handler/resources/config/config.json @@ -12,7 +12,7 @@ }, "policy_engine": { "url": "https://{{ .Values.config.address.policy_xacml_pdp }}:6969", - "path_decision": "/policy/pdpx/v1/decision" + "path_decision": "/policy/pdpx/v1/decision", "path_notifications": "/pdp/notifications", "path_api": "/pdp/api/", "headers": { diff --git a/kubernetes/helm/plugins/deploy/deploy.sh b/kubernetes/helm/plugins/deploy/deploy.sh index 2bbae80a3e..3416a02596 100755 --- a/kubernetes/helm/plugins/deploy/deploy.sh +++ b/kubernetes/helm/plugins/deploy/deploy.sh @@ -206,6 +206,9 @@ deploy() { # upgrade/install each "enabled" subchart cd $CACHE_SUBCHART_DIR/ + #“helm ls” is an expensive command in that it can take a long time to execute. + #So cache the results to prevent repeated execution. + ALL_HELM_RELEASES=$(helm ls -q) for subchart in * ; do SUBCHART_OVERRIDES=$CACHE_SUBCHART_DIR/$subchart/subchart-overrides.yaml @@ -236,7 +239,7 @@ deploy() { fi fi else - array=($(helm ls -q | grep "${RELEASE}-${subchart}")) + array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}")) n=${#array[*]} for (( i = n-1; i >= 0; i-- )); do helm del "${array[i]}" --purge diff --git a/kubernetes/oof/charts/oof-has/values.yaml b/kubernetes/oof/charts/oof-has/values.yaml index 8bc3e176d3..e53c3422e9 100755 --- a/kubernetes/oof/charts/oof-has/values.yaml +++ b/kubernetes/oof/charts/oof-has/values.yaml @@ -25,7 +25,7 @@ global: commonConfigPrefix: onap-oof-has image: readiness: oomk8s/readiness-check:2.0.0 - optf_has: onap/optf-has:1.3.0 + optf_has: onap/optf-has:1.3.1 filebeat: docker.elastic.co/beats/filebeat:5.5.0 pullPolicy: Always diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml index bf87f0fa6e..d72b1f0457 100644 --- a/kubernetes/oof/values.yaml +++ b/kubernetes/oof/values.yaml @@ -26,7 +26,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/optf-osdf:1.3.0 +image: onap/optf-osdf:1.3.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/charts/drools/values.yaml index 08da64d5df..d9582013b1 100644 --- a/kubernetes/policy/charts/drools/values.yaml +++ b/kubernetes/policy/charts/drools/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pdpd-cl:1.4.1 +image: onap/policy-pdpd-cl:1.4.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml index 5d41e065e4..f19c0e25a6 100755..100644 --- a/kubernetes/robot/values.yaml +++ b/kubernetes/robot/values.yaml @@ -22,7 +22,7 @@ global: # global defaults # application image repository: nexus3.onap.org:10001 -image: onap/testsuite:1.4.0 +image: onap/testsuite:1.4.1 pullPolicy: Always ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 @@ -40,7 +40,7 @@ config: # Demo configuration # Nexus demo artifact version. Maps to GLOBAL_INJECTED_ARTIFACTS_VERSION -demoArtifactsVersion: "1.4.0-SNAPSHOT" +demoArtifactsVersion: "1.4.0" # Nexus demo artifact URL. demoArtifactsRepoUrl: "https://nexus.onap.org/content/repositories/releases" # Openstack medium sized flavour name. Maps GLOBAL_INJECTED_VM_FLAVOR @@ -80,7 +80,7 @@ ubuntu14Image: "Ubuntu_14_trusty" # Openstack glance image name for Ubuntu 16. Maps to GLOBAL_INJECTED_UBUNTU_1604_IMAGE ubuntu16Image: "Ubuntu_16_xenial" # GLOBAL_INJECTED_SCRIPT_VERSION. Maps to GLOBAL_INJECTED_SCRIPT_VERSION -scriptVersion: "1.4.0-SNAPSHOT" +scriptVersion: "1.4.0" # Openstack network to which VNFs will bind their primary (first) interface. Maps to GLOBAL_INJECTED_NETWORK openStackPrivateNetId: "e8f51956-00dd-4425-af36-045716781ffc" # Openstack security group for instantiating VNFs diff --git a/kubernetes/sdnc/charts/dmaap-listener/values.yaml b/kubernetes/sdnc/charts/dmaap-listener/values.yaml index 65c1dcf09c..cd1a88793a 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/charts/dmaap-listener/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-dmaap-listener-image:1.5.3 +image: onap/sdnc-dmaap-listener-image:1.5.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml index e5df37d557..a7e249a212 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ansible-server-image:1.5.3 +image: onap/sdnc-ansible-server-image:1.5.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/sdnc-portal/values.yaml b/kubernetes/sdnc/charts/sdnc-portal/values.yaml index 2cfab8f6e1..ef76ed345a 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-portal/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/admportal-sdnc-image:1.5.3 +image: onap/admportal-sdnc-image:1.5.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/ueb-listener/values.yaml b/kubernetes/sdnc/charts/ueb-listener/values.yaml index 5e6fe53460..7c985ce1b6 100644 --- a/kubernetes/sdnc/charts/ueb-listener/values.yaml +++ b/kubernetes/sdnc/charts/ueb-listener/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ueb-listener-image:1.5.3 +image: onap/sdnc-ueb-listener-image:1.5.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 4013486f05..9bd50a1c47 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -32,7 +32,7 @@ global: # application images repository: nexus3.onap.org:10001 pullPolicy: Always -image: onap/sdnc-image:1.5.3 +image: onap/sdnc-image:1.5.4 # flag to enable debugging - application support required debugEnabled: false diff --git a/kubernetes/so/charts/so-bpmn-infra/values.yaml b/kubernetes/so/charts/so-bpmn-infra/values.yaml index 5ac258ebcc..d97a6291db 100755 --- a/kubernetes/so/charts/so-bpmn-infra/values.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/bpmn-infra:1.4.3 +image: onap/so/bpmn-infra:1.4.4 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml index 23c1f25670..614986bdd5 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/catalog-db-adapter:1.4.3 +image: onap/so/catalog-db-adapter:1.4.4 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-monitoring/values.yaml b/kubernetes/so/charts/so-monitoring/values.yaml index 9254abe831..ade711693b 100644 --- a/kubernetes/so/charts/so-monitoring/values.yaml +++ b/kubernetes/so/charts/so-monitoring/values.yaml @@ -32,7 +32,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/so-monitoring:1.4.3 +image: onap/so/so-monitoring:1.4.4 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-openstack-adapter/values.yaml b/kubernetes/so/charts/so-openstack-adapter/values.yaml index 37c7887f45..02379cd807 100755 --- a/kubernetes/so/charts/so-openstack-adapter/values.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/values.yaml @@ -26,7 +26,7 @@ global: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/openstack-adapter:1.4.3 +image: onap/so/openstack-adapter:1.4.4 pullPolicy: Always repository: nexus3.onap.org:10001 diff --git a/kubernetes/so/charts/so-request-db-adapter/values.yaml b/kubernetes/so/charts/so-request-db-adapter/values.yaml index 308b304894..a6d29f52df 100755 --- a/kubernetes/so/charts/so-request-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-request-db-adapter/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/request-db-adapter:1.4.3 +image: onap/so/request-db-adapter:1.4.4 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-sdc-controller/values.yaml b/kubernetes/so/charts/so-sdc-controller/values.yaml index 1109d7dcb1..90b5e773c8 100755 --- a/kubernetes/so/charts/so-sdc-controller/values.yaml +++ b/kubernetes/so/charts/so-sdc-controller/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/sdc-controller:1.4.3 +image: onap/so/sdc-controller:1.4.4 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-sdnc-adapter/values.yaml b/kubernetes/so/charts/so-sdnc-adapter/values.yaml index 3f13e83358..32ab607ea5 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/values.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/sdnc-adapter:1.4.3 +image: onap/so/sdnc-adapter:1.4.4 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-vfc-adapter/values.yaml b/kubernetes/so/charts/so-vfc-adapter/values.yaml index ca4d1d9450..6265b83ed8 100755 --- a/kubernetes/so/charts/so-vfc-adapter/values.yaml +++ b/kubernetes/so/charts/so-vfc-adapter/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/vfc-adapter:1.4.3 +image: onap/so/vfc-adapter:1.4.4 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-vnfm-adapter/values.yaml b/kubernetes/so/charts/so-vnfm-adapter/values.yaml index c48428a5f6..b3bd8f51db 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/values.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/values.yaml @@ -26,7 +26,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/vnfm-adapter:1.4.3 +image: onap/so/vnfm-adapter:1.4.4 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml index e274b7abbf..0825c76fb0 100644 --- a/kubernetes/vid/values.yaml +++ b/kubernetes/vid/values.yaml @@ -27,7 +27,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/vid:4.3.0 +image: onap/vid:4.3.1 pullPolicy: Always # mariadb image for initializing diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml index a6d7efc62d..2b6fd99b2e 100644 --- a/kubernetes/vnfsdk/values.yaml +++ b/kubernetes/vnfsdk/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/vnfsdk/refrepo:1.3.0 +image: onap/vnfsdk/refrepo:1.3.2 postgresRepository: crunchydata postgresImage: crunchy-postgres:centos7-10.3-1.8.2 pullPolicy: Always |