From fd8e7fbf73b93b2dd302108c7a1bcebb132647cd Mon Sep 17 00:00:00 2001 From: "Lee, Tian (tl5884)" Date: Fri, 11 Jan 2019 16:52:27 +0000 Subject: Update Gizmo and Champ security config - Update rProxy to use AAF geo-locate endpoint rather than hard coded IP address - Update fProxy to use separate truststore - Restructure charts to reduce certificate duplication Change-Id: I1e63ceb0ebabd8bb3dfacc71dac841858279b6f1 Issue-ID: AAF-718 Signed-off-by: Lee, Tian (tl5884) --- .../resources/rproxy/config/auth/client-cert.p12 | Bin 2556 -> 0 bytes .../resources/rproxy/config/auth/tomcat_keystore | Bin 3594 -> 0 bytes .../resources/rproxy/config/auth/uri-authorization.json | 10 +++++----- 3 files changed, 5 insertions(+), 5 deletions(-) delete mode 100644 kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/client-cert.p12 delete mode 100644 kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/tomcat_keystore (limited to 'kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth') diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/client-cert.p12 deleted file mode 100644 index dbf4fcacec..0000000000 Binary files a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/client-cert.p12 and /dev/null differ diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/tomcat_keystore deleted file mode 100644 index 99129c145f..0000000000 Binary files a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/tomcat_keystore and /dev/null differ diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json index e468b3d7bd..54d5de2721 100644 --- a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json +++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json @@ -82,18 +82,18 @@ "permissions": [ "test\\.auth\\.access\\|services\\|GET,PUT", "\\|services\\|GET" - ] + ] }, { "uri": "\/services\/inventory\/.*", "permissions": [ - "org\\.access\\|\\*\\|\\*" - ] + "org\\.onap\\.aai\\.resources\\|\\*\\|.*" + ] }, { "uri": "\/services\/gizmo\/.*", "permissions": [ - "org\\.access\\|\\*\\|\\*" - ] + "org\\.onap\\.aai\\.resources\\|\\*\\|.*" + ] } ] -- cgit 1.2.3-korg