| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Add service account to requirements.yaml,
values.yaml and deployment/statefulset.
Issue-ID: OOM-2726
Signed-off-by: farida azmy <farida.azmy.ext@orange.com>
Co-authored-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6bafed3c621f4e7b1a307bc9338334586eb6795e
Signed-off-by: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com>
|
|
1. Make changes in order to allow performing KUR/CR in EJBCA:
- Add Certificate Update Admin role
- Enable EndEntityAuthentication module
- Create and set CA with constant UID
- Add configuration for provider.
2. Update CertService, which provides with new certificate update
endpoint.
3. Update release-notes.
Issue-ID: OOM-2753
Issue-ID: OOM-2754
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I9cb0cb4d6d6939ad229a4ea254f2bc35d45a3d52
Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
|
|
- remove certificate generation deployment
- change certificate secret for provider (from server to client)
- correct documentation
Issue-ID: OOM-2712
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I21a8e277e1fd5f5190c7b67fb6ef97c1b3355230
|
|
Utilize Cert-Manager to secure communication between
Cert-Service and its clients, adjust templates and
configs.
Issue-ID: OOM-2712
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I96426b1a184b4d254575e76d29214d9deda08cce
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
|
|
Enhance CertServiceAPI response (include CMP server error messages)
Fix KeyUsage extension sent to CMPv2 server
Issue-ID: OOM-2658
Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
Change-Id: Ic2c68b85fce08d20e423b316a3234e6f00799a42
|
|
Align Cert Service Api to RFC4210.
Fix Cert Service Client CA_NAME validation.
Fix Cert Service External Provider logging.
Issue-ID: OOM-2656
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I644946b139bd4879e44cdf705eadcc4c2c81a0e2
|
|
|
|
Cert Service K8s external provider ia a part of certificate distribution infrastructure in ONAP.
The main functionality of the provider is to forward Certificate Signing Requests (CSRs) created by cert-mananger (https://cert-manager.io) to CertServiceAPI.
More information can found on a dedicated page: https://wiki.onap.org/display/DW/CertService+and+K8s+Cert-Manager+integration.
Issue-ID: OOM-2560
Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com>
Change-Id: Ibc94d5db5cac9649d47143406b47ce179beddd14
|
|
Update cert service and cert service client to allow IPAddresses,
E-mails and URIs as SANs.
Update ejbca configuration with IPAddresses, E-mail and URIs.
Fix dcae bp inputs to use comma as SANs delimiter (from to allow
use of IPv6)
Issue-ID: OOM-2559
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I71bea7f63540eb5d345bce6867fa25e098353d6d
|
|
Add new fake deployment to CertService, controlled by new global flag global.offlineDeployment, which is disabled as default. Change Makefile to use java image from ONAP Nexus for certificate generation.
Signed-off-by: Adam Wudzinski <adam.wudzinski@nokia.com>
Issue-ID: OOM-2588
Change-Id: I2f9fe4b626604c5bfd8512449d893015bdc6ca98
|
|
This commit makes platform chart to use the new generator for repositories and
images.
Issue-ID: OOM-2364
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I95c238eff8e7e166fb4d70d388e7952c2f1c1dd2
|
|
`registry.hub.docker.com` needs authentication now, in contrary to
previous behavior.
As OOM deployments is unauthenticated when using docker hib repository,
all OOM deployments is broken.
`docker.io` seems to be still OK with unauthenticated requests so let's
move to this endpoint.
Issue-ID: OOM-2636
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Iea81b882d347124af22b0a9c408081706b1c6c6d
|
|
|
|
Top up certservice-api image
Update config for k8splugin 3.4.1:
- update images of certservice-client
- add certservice-client secret name to config
- add certservice-post-processor image to config
CertPostProcessor is an application which appends CMPv2
truststore entries to AAF CertMan truststore and allows
swapping AAF CertMan keystore for CMPv2 keystore.
Issue-ID: DCAEGEN2-2253
Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com>
Change-Id: Icc7020d8e1431f4ba2f49206b84bf3930d3c2c23
|
|
Changes for 111973
Issue-ID: SDNC-1136
Signed-off-by: esobmar <mariusz.sobucki@est.tech>
Change-Id: If185ee3658b8f51a969bb3505f8bfb163cfea2a3
Signed-off-by: egernug <gerard.nugent@est.tech>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
[Access EJBCA secret from cert service]
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
aaf-cert-service has been renamed to oom-cert-service and moved from oom/kubernetes/aaf/components to oom/kubernetes/platform/components.
All aaf-cert-service references have been replaced with oom-cert-service.
Issue-ID: OOM-2526
Change-Id: I70ef4bf3ee7085a5ef7075bde68eb0ea0a95ebf7
Signed-off-by: Maciej Malewski <maciej.malewski@nokia.com>
|
farida azmy
Piotr Marcinkiewicz
Joanna Jeremicz
Remigiusz Janeczek
Sylvain Desbureaux
Jan Malkiewicz
Adam Wudzinski
egernug
Maciej Malewski