aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--docs/conf.py3
-rw-r--r--docs/requirements-docs.txt14
-rw-r--r--docs/sections/change-log.rst2
-rw-r--r--docs/sections/offeredapis.rst164
-rw-r--r--docs/sections/release-notes.rst7
-rw-r--r--docs/sections/troubleshooting.rst15
-rw-r--r--docs/sections/usage.rst3
-rw-r--r--docs/tox.ini5
-rw-r--r--releases/2.4.0-container.yaml14
9 files changed, 45 insertions, 182 deletions
diff --git a/docs/conf.py b/docs/conf.py
index 9d614331..1e26e7dc 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -14,5 +14,6 @@ intersphinx_mapping = {}
html_last_updated_fmt = '%d-%b-%y %H:%M'
+
def setup(app):
- app.add_stylesheet("css/ribbon.css")
+ app.add_css_file("css/ribbon.css") \ No newline at end of file
diff --git a/docs/requirements-docs.txt b/docs/requirements-docs.txt
index 98fc25ce..1c3f85bf 100644
--- a/docs/requirements-docs.txt
+++ b/docs/requirements-docs.txt
@@ -1,16 +1,4 @@
-tox
-Sphinx
-doc8
-docutils
setuptools
six
-sphinx_rtd_theme>=0.4.3
-sphinxcontrib-blockdiag
-sphinxcontrib-needs>=0.2.3
-sphinxcontrib-nwdiag
-sphinxcontrib-seqdiag
-sphinxcontrib-swaggerdoc
-sphinxcontrib-openapi
-sphinxcontrib-plantuml
-sphinx_bootstrap_theme
+sphinxcontrib.openapi
lfdocs-conf
diff --git a/docs/sections/change-log.rst b/docs/sections/change-log.rst
index ad54434a..d8f4e938 100644
--- a/docs/sections/change-log.rst
+++ b/docs/sections/change-log.rst
@@ -15,7 +15,7 @@ Istanbul
Version: 2.4.0
--------------
-:Release Date:
+:Release Date: 2021-07-22
**New Features**
diff --git a/docs/sections/offeredapis.rst b/docs/sections/offeredapis.rst
index 21a4bb60..47a24ceb 100644
--- a/docs/sections/offeredapis.rst
+++ b/docs/sections/offeredapis.rst
@@ -1,6 +1,6 @@
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2020 NOKIA
+.. Copyright 2020-2021 NOKIA
.. _offeredapis:
Offered APIs
@@ -9,163 +9,5 @@ Offered APIs
OOM Cert Service Api
--------------------
-.. code-block:: yaml
-
- openapi: 3.0.1
- info:
- title: CertService Documentation
- description: Certification service API documentation
- version: 1.0.0
- servers:
- - url: http://localhost:8080
- description: Generated server url
- tags:
- - name: Actuator
- description: Monitor and interact
- externalDocs:
- description: Spring Boot Actuator Web API Documentation
- url: https://docs.spring.io/spring-boot/docs/current/actuator-api/html/
- paths:
- /v1/certificate/{caName}:
- get:
- tags:
- - CertificationService
- summary: sign certificate
- description: Web endpoint for requesting certificate signing. Used by system
- components to gain certificate signed by CA.
- operationId: signCertificate
- parameters:
- - name: caName
- in: path
- description: Name of certification authority that will sign CSR.
- required: true
- schema:
- type: string
- - name: CSR
- in: header
- description: Certificate signing request in form of PEM object encoded in
- Base64 (with header and footer).
- required: true
- schema:
- type: string
- - name: PK
- in: header
- description: Private key in form of PEM object encoded in Base64 (with header
- and footer).
- required: true
- schema:
- type: string
- responses:
- "200":
- description: certificate successfully signed
- content:
- application/json; charset=utf-8:
- schema:
- $ref: '#/components/schemas/CertificationModel'
- "500":
- description: something went wrong during connecting to cmp client
- content:
- application/json; charset=utf-8:
- schema:
- $ref: '#/components/schemas/ErrorResponseModel'
- "404":
- description: CA not found for given name
- content:
- application/json; charset=utf-8:
- schema:
- $ref: '#/components/schemas/ErrorResponseModel'
- "400":
- description: given CSR or/and PK is incorrect
- content:
- application/json; charset=utf-8:
- schema:
- $ref: '#/components/schemas/ErrorResponseModel'
- /ready:
- get:
- tags:
- - CertificationService
- summary: check is container is ready
- description: Web endpoint for checking if service is ready to be used.
- operationId: checkReady
- responses:
- "200":
- description: configuration is loaded and service is ready to use
- content:
- application/json; charset=utf-8:
- schema:
- type: string
- "503":
- description: configuration loading failed and service is unavailable
- content:
- application/json; charset=utf-8:
- schema:
- type: string
- /reload:
- get:
- tags:
- - CertificationService
- summary: reload service configuration from file
- description: Web endpoint for performing configuration reload. Used to reload
- configuration file from file.
- operationId: reloadConfiguration
- responses:
- "200":
- description: configuration has been successfully reloaded
- content:
- application/json; charset=utf-8:
- schema:
- type: string
- "500":
- description: something went wrong during configuration loading
- content:
- application/json; charset=utf-8:
- schema:
- $ref: '#/components/schemas/ErrorResponseModel'
- /actuator/health:
- get:
- tags:
- - Actuator
- summary: Actuator web endpoint 'health'
- operationId: handle_0
- responses:
- "200":
- description: default response
- content: {}
- /actuator/health/**:
- get:
- tags:
- - Actuator
- summary: Actuator web endpoint 'health-path'
- operationId: handle_1
- responses:
- "200":
- description: default response
- content: {}
- /actuator:
- get:
- tags:
- - Actuator
- summary: Actuator root web endpoint
- operationId: links_2
- responses:
- "200":
- description: default response
- content: {}
- components:
- schemas:
- ErrorResponseModel:
- type: object
- properties:
- errorMessage:
- type: string
- CertificationModel:
- type: object
- properties:
- certificateChain:
- type: array
- items:
- type: string
- trustedCertificates:
- type: array
- items:
- type: string
+.. include:: resources/OpenAPI.yaml
+ :code: \ No newline at end of file
diff --git a/docs/sections/release-notes.rst b/docs/sections/release-notes.rst
index 7d418211..094d10bf 100644
--- a/docs/sections/release-notes.rst
+++ b/docs/sections/release-notes.rst
@@ -11,8 +11,8 @@ OOM Certification Service Release Notes
:depth: 2
..
-Version: 2.4.0 [not released yet]
-=================================
+Version: 2.4.0
+==============
Abstract
--------
@@ -61,7 +61,8 @@ New features
**Known Issues**
-None
+If Cert-Manager was down for some time and did not trigger certificate update on time, then updating an outdated certificate may require manual actions.
+The required actions are described in :ref:`Troubleshooting section <troubleshooting>`
Deliverables
------------
diff --git a/docs/sections/troubleshooting.rst b/docs/sections/troubleshooting.rst
index 192a9d6a..87989cb7 100644
--- a/docs/sections/troubleshooting.rst
+++ b/docs/sections/troubleshooting.rst
@@ -1,9 +1,22 @@
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2020 NOKIA
+.. Copyright 2020-2021 NOKIA
+.. _troubleshooting:
Troubleshooting
================
+Update an outdated certificate after Cert-Manager was down
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+When a certificate expires because Cert-Manager was not able to trigger the update on time, for some CMPv2 servers, e.g.
+EJBCA, there are manual actions required to perform the update.
+Given the expired certificate status is *READY=False*:
+
+ 1. Edit the cert resource. It can be e.g. a small change in SANs.
+ 2. Use the cert-manager plugin *renew* command to trigger the update manually.
+ 3. Edit the cert again to revert the changes.
+ 4. Trigger the update manually.
+
+The certificate should now be alive and updated correctly.
diff --git a/docs/sections/usage.rst b/docs/sections/usage.rst
index cd48b55a..848852bf 100644
--- a/docs/sections/usage.rst
+++ b/docs/sections/usage.rst
@@ -154,7 +154,8 @@ Here is an example of generated *secret* containing certificates:
Certificate update
------------------------------
-When the certificate already exists, but its date has expired or certificate data should be changed, then the certificate update scenario can be executed.
+When the certificate already exists, but its date is close to expire or certificate data should be changed, then the certificate update scenario can be executed.
+It is performed automatically by cert-manager close to the expiration date or can be triggered manually.
This use case requires the update endpoint configured for *CMPv2Issuer* CRD:
.. code-block:: yaml
diff --git a/docs/tox.ini b/docs/tox.ini
index edac8c35..42ffa687 100644
--- a/docs/tox.ini
+++ b/docs/tox.ini
@@ -5,7 +5,10 @@ skipsdist = true
[testenv:docs]
basepython = python3
-deps = -r{toxinidir}/requirements-docs.txt
+deps =
+ -r{toxinidir}/requirements-docs.txt
+ -chttps://git.onap.org/doc/plain/etc/upper-constraints.os.txt
+ -chttps://git.onap.org/doc/plain/etc/upper-constraints.onap.txt
commands =
sphinx-build -b html -n -d {envtmpdir}/doctrees ./ {toxinidir}/_build/html
echo "Generated docs available in {toxinidir}/_build/html"
diff --git a/releases/2.4.0-container.yaml b/releases/2.4.0-container.yaml
new file mode 100644
index 00000000..9a750c04
--- /dev/null
+++ b/releases/2.4.0-container.yaml
@@ -0,0 +1,14 @@
+distribution_type: 'container'
+container_release_tag: '2.4.0'
+container_pull_registry: nexus3.onap.org:10003
+container_push_registry: nexus3.onap.org:10002
+project: 'oom-platform-cert-service'
+log_dir: 'oom-platform-cert-service-maven-docker-stage-master/377'
+ref: 8cf04372826916c1cd5e901367eb474cfe6918dc
+containers:
+ - name: 'org.onap.oom.platform.cert-service.oom-certservice-api'
+ version: '2.4.0-20210722T103725Z'
+ - name: 'org.onap.oom.platform.cert-service.oom-certservice-post-processor'
+ version: '2.4.0-20210722T103725Z'
+ - name: 'org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider'
+ version: '2.4.0-20210722T103725Z'