From 31dceea4851d67ec706185f9d6f5bd0bf427b2c3 Mon Sep 17 00:00:00 2001
From: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Date: Tue, 29 Jun 2021 16:15:49 +0200
Subject: [CONTRIB] Introduce certificate update use case in CertService

1. Make changes in order to allow performing KUR/CR in EJBCA:
- Add Certificate Update Admin role
- Enable EndEntityAuthentication module
- Create and set CA with constant UID
- Add configuration for provider.
2. Update CertService, which provides with new certificate update
endpoint.
3. Update release-notes.

Issue-ID: OOM-2753
Issue-ID: OOM-2754
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I9cb0cb4d6d6939ad229a4ea254f2bc35d45a3d52
Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
---
 .../platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml    | 5 ++++-
 .../components/cmpv2-cert-provider/templates/configuration.yaml      | 1 +
 kubernetes/platform/components/cmpv2-cert-provider/values.yaml       | 3 ++-
 3 files changed, 7 insertions(+), 2 deletions(-)

(limited to 'kubernetes/platform/components/cmpv2-cert-provider')

diff --git a/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml b/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml
index 0bc24afe86..e8418355d3 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml
@@ -56,7 +56,10 @@ spec:
                   description: Path of health check endpoint.
                   type: string
                 certEndpoint:
-                  description: Path of cerfificate signing enpoint.
+                  description: Path of cerfificate signing endpoint.
+                  type: string
+                updateEndpoint:
+                  description: Path of certificate update endpoint.
                   type: string
                 caName:
                   description: Name of the external CA server configured on CertService API side.
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml
index ae4ae81f02..52e35375d3 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml
@@ -25,6 +25,7 @@ spec:
   url:  {{ .Values.cmpv2issuer.url }}
   healthEndpoint:  {{ .Values.cmpv2issuer.healthcheckEndpoint }}
   certEndpoint:  {{ .Values.cmpv2issuer.certEndpoint }}
+  updateEndpoint:  {{ .Values.cmpv2issuer.updateEndpoint }}
   caName:  {{ .Values.cmpv2issuer.caName }}
   certSecretRef:
     name:  {{ .Values.cmpv2issuer.certSecretRef.name }}
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
index 38bddfbdc3..2237811465 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
@@ -28,7 +28,7 @@ namespace: onap
 # Deployment configuration
 deployment:
   name: oom-certservice-cmpv2issuer
-  image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.2
+  image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.4.0
   proxyImage: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
   # fol local development use IfNotPresent
   pullPolicy: Always
@@ -50,6 +50,7 @@ cmpv2issuer:
   url: https://oom-cert-service:8443
   healthcheckEndpoint: actuator/health
   certEndpoint: v1/certificate
+  updateEndpoint: v1/certificate-update
   caName: RA
   certSecretRef:
     name: oom-cert-service-client-tls-secret
-- 
cgit 1.2.3-korg