diff options
Diffstat (limited to 'docs/sections')
| -rw-r--r-- | docs/sections/change-log.rst | 262 | ||||
| -rw-r--r-- | docs/sections/logging.rst | 2 | ||||
| -rw-r--r-- | docs/sections/release-notes.rst | 329 | ||||
| -rw-r--r-- | docs/sections/usage.rst | 42 |
4 files changed, 357 insertions, 278 deletions
diff --git a/docs/sections/change-log.rst b/docs/sections/change-log.rst new file mode 100644 index 00000000..b2423a10 --- /dev/null +++ b/docs/sections/change-log.rst @@ -0,0 +1,262 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. Copyright 2020 NOKIA + + +Change Log +============== + + +Version: 2.1.0 +-------------- + +:Release Date: + +**New Features** + +* Added module **oom-certservice-post-processor** with following functionality: + + * appending CMPv2 certificates to CertMan truststore + * replacing CertMan keystore with CMPv2 keystore + +**Bug Fixes** + + N/A + +**Known Issues** + + N/A + +**Security Notes** + + N/A + +*Fixed Security Issues* + + N/A + +*Known Security Issues* + + N/A + +*Known Vulnerabilities in Used Modules* + + N/A + +**Upgrade Notes** + +**Deprecation Notes** + +**Other** + +============== + +Version: 2.0.0 +-------------- + +:Release Date: + +**New Features** + + - The same functionality as in aaf-certservice 1.2.0 + +**Bug Fixes** + + N/A + +**Known Issues** + + N/A + +**Security Notes** + + N/A + +*Fixed Security Issues* + + N/A + +*Known Security Issues* + + N/A + +*Known Vulnerabilities in Used Modules* + + N/A + +**Upgrade Notes** + +**Deprecation Notes** + +**Other** + +=========== + +Version: 1.2.0 +-------------- + +:Release Date: + +**New Features** + + - Client creates subdirectories in given OUTPUT_PATH and place certificate into it. + +**Bug Fixes** + + N/A + +**Known Issues** + + N/A + +**Security Notes** + + N/A + +*Fixed Security Issues* + + N/A + +*Known Security Issues* + + N/A + +*Known Vulnerabilities in Used Modules* + + N/A + +**Upgrade Notes** + +**Deprecation Notes** + +**Other** + +=========== + +Version: 1.1.0 +-------------- + +:Release Date: 2020-06-29 + +**New Features** + + - Added property to CertService Client to allow selection of output certificates type (One of: PEM, JKS, P12). + +**Bug Fixes** + + - Resolved issue where created PKCS12 certificates had jks extension. + +**Known Issues** + + N/A + +**Security Notes** + + N/A + +*Fixed Security Issues* + + N/A + +*Known Security Issues* + + N/A + +*Known Vulnerabilities in Used Modules* + + N/A + +**Upgrade Notes** + +**Deprecation Notes** + +**Other** + +=========== + +Version: 1.0.1 +-------------- + +:Release Date: 2020-05-22 + +**New Features** + +The Frankfurt Release is the first release of the Certification Service. + + +**Bug Fixes** + + - `AAF-1132 <https://jira.onap.org/browse/AAF-1132>`_ - CertService Client returns exit status 5 when TLS configuration fails + +**Known Issues** + + - PKCS12 certificates have jks extension + +**Security Notes** + + N/A + +*Fixed Security Issues* + + N/A + +*Known Security Issues* + + N/A + +*Known Vulnerabilities in Used Modules* + + N/A + +**Upgrade Notes** + +**Deprecation Notes** + +**Other** + +=========== + +Version: 1.0.0 +-------------- + +:Release Date: 2020-04-16 + +**New Features** + +The Frankfurt Release is the first release of the Certification Service. + +**Bug Fixes** + + - No new fixes were implemented for this release + +**Known Issues** + + - `AAF-1132 <https://jira.onap.org/browse/AAF-1132>`_ - CertService Client returns exit status 5 when TLS configuration fails + + - PKCS12 certificates have jks extension + +**Security Notes** + + N/A + +*Fixed Security Issues* + + N/A + +*Known Security Issues* + + N/A + +*Known Vulnerabilities in Used Modules* + + N/A + +**Upgrade Notes** + +**Deprecation Notes** + +**Other** + +=========== + +End of Change Log diff --git a/docs/sections/logging.rst b/docs/sections/logging.rst index 92a87fb0..0e3511cf 100644 --- a/docs/sections/logging.rst +++ b/docs/sections/logging.rst @@ -122,3 +122,5 @@ Client application exits with following exit codes: +-------+------------------------------------------------+ | 10 | File could not be created | +-------+------------------------------------------------+ +| 99 | Application exited abnormally | ++-------+------------------------------------------------+ diff --git a/docs/sections/release-notes.rst b/docs/sections/release-notes.rst index f1c7eecb..56dd8cc7 100644 --- a/docs/sections/release-notes.rst +++ b/docs/sections/release-notes.rst @@ -1,307 +1,122 @@ .. This work is licensed under a Creative Commons Attribution 4.0 International License. .. http://creativecommons.org/licenses/by/4.0 .. Copyright 2020 NOKIA +.. _release_notes: +*************************************** +OOM Certification Service Release Notes +*************************************** -Release Notes +Abstract +======== -============== +This document provides the release notes for the Guilin release. -Version: 2.2.0 --------------- - -:Release Date: - -**New Features** - -* Added module **oom-certservice-k8s-external-provider** with following functionality: - - An external provider is a part of PKI infrastructure. It consumes CertificateRequest CRD from Cert-Manager and calls CertService API to enroll certificate from CMPv2 server. - - More information can be found on dedicated `wiki page <https://wiki.onap.org/display/DW/CertService+and+K8s+Cert-Manager+integration>`_ - -**Bug Fixes** - - N/A - -**Known Issues** - - N/A - -**Security Notes** - - N/A - -*Fixed Security Issues* - - N/A - -*Known Security Issues* - - N/A - -*Known Vulnerabilities in Used Modules* - - N/A - -**Upgrade Notes** - -**Deprecation Notes** - -**Other** - -============== - -Version: 2.1.0 --------------- - -:Release Date: - -**New Features** - -* Added module **oom-certservice-post-processor** with following functionality: - - * appending CMPv2 certificates to CertMan truststore - * replacing CertMan keystore with CMPv2 keystore - -**Bug Fixes** - - N/A - -**Known Issues** - - N/A - -**Security Notes** - - N/A - -*Fixed Security Issues* - - N/A - -*Known Security Issues* - - N/A - -*Known Vulnerabilities in Used Modules* - - N/A - -**Upgrade Notes** - -**Deprecation Notes** - -**Other** - -============== - -Version: 2.0.0 --------------- - -:Release Date: - -**New Features** - - - The same functionality as in aaf-certservice 1.2.0 - -**Bug Fixes** - - N/A - -**Known Issues** - - N/A - -**Security Notes** - - N/A +Summary +======= -*Fixed Security Issues* +Certification Service provides certificates signed by external CMPv2 server - such certificates are further called operators certificates. Operators certificates are meant to secure external ONAP traffic - traffic between network functions (xNFs) and ONAP. - N/A +This project was moved from Application Authorization Framework (AAF), to check previous release notes see, `AAF CertService release notes <https://docs.onap.org/projects/onap-aaf-certservice/en/frankfurt/sections/release-notes.html>`_ . -*Known Security Issues* - N/A +Release Data +============ -*Known Vulnerabilities in Used Modules* ++--------------------------------------+--------------------------------------------------------------------------------+ +| **Project** | OOM | +| | | ++--------------------------------------+--------------------------------------------------------------------------------+ +| **Docker images** | * onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0 | +| | * onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0 | +| | * onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.1.0| +| | | ++--------------------------------------+--------------------------------------------------------------------------------+ +| **Release designation** | Guilin | +| | | ++--------------------------------------+--------------------------------------------------------------------------------+ - N/A -**Upgrade Notes** +New features +------------ -**Deprecation Notes** +- `AAF-1152 <https://jira.onap.org/browse/AAF-1152>`_ Added to CertService's client parameter which controls output type of certificates (JKS, PKCS12, PEM) -**Other** +- `DCAEGEN2-2252 <https://jira.onap.org/browse/DCAEGEN2-2252>`_ Added new not existing subfolders creation in output path (CMPv2 Integration). -=========== +- `DCAEGEN2-2253 <https://jira.onap.org/browse/DCAEGEN2-2253>`_ Implemented CertServicePostprocessor, allows merging truststores and moving keystore files. -Version: 1.2.0 --------------- - -:Release Date: - -**New Features** - - - Client creates subdirectories in given OUTPUT_PATH and place certificate into it. +- `OOM-2526 <https://jira.onap.org/browse/OOM-2526>`_ Moved project from AAF to OOM platform. -**Bug Fixes** +**Bug fixes** - N/A +- `OOM-2524 <https://jira.onap.org/browse/OOM-2524>`_ Fixed project makefile. **Known Issues** - N/A - -**Security Notes** - - N/A - -*Fixed Security Issues* - - N/A - -*Known Security Issues* - - N/A - -*Known Vulnerabilities in Used Modules* - - N/A - -**Upgrade Notes** - -**Deprecation Notes** - -**Other** - -=========== - -Version: 1.1.0 --------------- - -:Release Date: 2020-06-29 - -**New Features** - - - Added property to CertService Client to allow selection of output certificates type (One of: PEM, JKS, P12). - -**Bug Fixes** - - - Resolved issue where created PKCS12 certificates had jks extension. - -**Known Issues** - - N/A - -**Security Notes** - - N/A - -*Fixed Security Issues* +None - N/A +Deliverables +------------ -*Known Security Issues* +Software Deliverables +~~~~~~~~~~~~~~~~~~~~~ +Docker images mentioned in Release Date section. - N/A +Documentation Deliverables +~~~~~~~~~~~~~~~~~~~~~~~~~~ +Documentation moved from AAF - `OOM Certification Service <https://docs.onap.org/projects/onap-oom-platform-cert-service/en/latest/index.html#master-index>`_ . -*Known Vulnerabilities in Used Modules* +Known Limitations, Issues and Workarounds +========================================= - N/A +System Limitations +------------------ -**Upgrade Notes** +Any known system limitations. -**Deprecation Notes** -**Other** +Known Vulnerabilities +--------------------- -=========== +Any known vulnerabilities. -Version: 1.0.1 --------------- - -:Release Date: 2020-05-22 - -**New Features** - -The Frankfurt Release is the first release of the Certification Service. - - -**Bug Fixes** - - - `AAF-1132 <https://jira.onap.org/browse/AAF-1132>`_ - CertService Client returns exit status 5 when TLS configuration fails - -**Known Issues** - - - PKCS12 certificates have jks extension - -**Security Notes** - - N/A - -*Fixed Security Issues* - - N/A - -*Known Security Issues* - N/A +Workarounds +----------- -*Known Vulnerabilities in Used Modules* +Any known workarounds. - N/A -**Upgrade Notes** - -**Deprecation Notes** - -**Other** - -=========== - -Version: 1.0.0 +Security Notes -------------- -:Release Date: 2020-04-16 - -**New Features** - -The Frankfurt Release is the first release of the Certification Service. - -**Bug Fixes** - - - No new fixes were implemented for this release - -**Known Issues** - - - `AAF-1132 <https://jira.onap.org/browse/AAF-1132>`_ - CertService Client returns exit status 5 when TLS configuration fails - - - PKCS12 certificates have jks extension - -**Security Notes** - - N/A +**Fixed Security Issues** -*Fixed Security Issues* +None - N/A +**Known Security Issues** -*Known Security Issues* +None - N/A -*Known Vulnerabilities in Used Modules* +Test Results +============ +Not applicable - N/A -**Upgrade Notes** +References +========== -**Deprecation Notes** +For more information on the ONAP Guilin release, please see: -**Other** +#. `ONAP Home Page`_ +#. `ONAP Documentation`_ +#. `ONAP Release Downloads`_ +#. `ONAP Wiki Page`_ -=========== -End of Release Notes +.. _`ONAP Home Page`: https://www.onap.org +.. _`ONAP Wiki Page`: https://wiki.onap.org +.. _`ONAP Documentation`: https://docs.onap.org +.. _`ONAP Release Downloads`: https://git.onap.org diff --git a/docs/sections/usage.rst b/docs/sections/usage.rst index e4a75444..6cba936a 100644 --- a/docs/sections/usage.rst +++ b/docs/sections/usage.rst @@ -31,7 +31,7 @@ CertService client needs the following configuration parameters to work properly - LOCATION *(optional)* - Location for which certificate from CMPv2 server should be issued - STATE *(required)* - State for which certificate from CMPv2 server should be issued - COUNTRY *(required)* - Country for which certificate from CMPv2 server should be issued - - SANS *(optional)(SANS's should be separated by a colon e.g. test.onap.org:onap.com)* - Subject Alternative Names (SANs) for which certificate from CMPv2 server should be issued. + - SANS *(optional)(SANS's should be separated by a comma e.g. test.onap.org,onap.com)* - Subject Alternative Names (SANs) for which certificate from CMPv2 server should be issued. All SANs types are supported (DNS names, IPs, URIs, emails). 3. Parameters to establish secure communication to CertService: @@ -71,7 +71,7 @@ To run CertService client as standalone docker container execute following steps LOCATION=San-Francisco STATE=California COUNTRY=US - SANS=test.onap.org:onap.com + SANS=test.onap.org,onap.com,onap@onap.org,127.0.0.1,onap://cluster.local/ #TLS config envs KEYSTORE_PATH=/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks @@ -99,24 +99,24 @@ After successful creation of certifications, container exits with exit code 0, e .. code-block:: bash - INFO 1 [ main] o.o.a.c.c.c.f.ClientConfigurationFactory : Successful validation of Client configuration. Configuration data: REQUEST_URL: https://oom-cert-service:8443/v1/certificate/, REQUEST_TIMEOUT: 10000, OUTPUT_PATH: /var/certs, CA_NAME: RA, OUTPUT_TYPE: P12 - INFO 1 [ main] o.o.a.c.c.c.f.CsrConfigurationFactory : Successful validation of CSR configuration. Configuration data: COMMON_NAME: onap.org, COUNTRY: US, STATE: California, ORGANIZATION: Linux-Foundation, ORGANIZATION_UNIT: ONAP, LOCATION: San-Francisco, SANS: test.onap.org:onap.org - INFO 1 [ main] o.o.a.c.c.c.KeyPairFactory : KeyPair generation started with algorithm: RSA and key size: 2048 - INFO 1 [ main] o.o.a.c.c.c.CsrFactory : Creation of CSR has been started with following parameters: COMMON_NAME: onap.org, COUNTRY: US, STATE: California, ORGANIZATION: Linux-Foundation, ORGANIZATION_UNIT: ONAP, LOCATION: San-Francisco, SANS: test.onap.org:onap.org - INFO 1 [ main] o.o.a.c.c.c.CsrFactory : Creation of CSR has been completed successfully - INFO 1 [ main] o.o.a.c.c.c.CsrFactory : Conversion of CSR to PEM has been started - INFO 1 [ main] o.o.a.c.c.c.PrivateKeyToPemEncoder : Attempt to encode private key to PEM - INFO 1 [ main] o.o.a.c.c.h.HttpClient : Attempt to send request to API, on url: https://oom-cert-service:8443/v1/certificate/RA - INFO 1 [ main] o.o.a.c.c.h.HttpClient : Received response from API - DEBUG 1 [ main] o.o.a.c.c.c.c.ConvertedArtifactsCreator : Attempt to create keystore files and saving data. File names: keystore.p12, keystore.pass - INFO 1 [ main] o.o.a.c.c.c.c.PemConverter : Conversion of PEM certificates to PKCS12 keystore - DEBUG 1 [ main] o.o.a.c.c.c.w.CertFileWriter : Attempt to save file keystore.p12 in path /var/certs - DEBUG 1 [ main] o.o.a.c.c.c.w.CertFileWriter : Attempt to save file keystore.pass in path /var/certs - DEBUG 1 [ main] o.o.a.c.c.c.c.ConvertedArtifactsCreator : Attempt to create truststore files and saving data. File names: truststore.p12, truststore.pass - INFO 1 [ main] o.o.a.c.c.c.c.PemConverter : Conversion of PEM certificates to PKCS12 truststore - DEBUG 1 [ main] o.o.a.c.c.c.w.CertFileWriter : Attempt to save file truststore.p12 in path /var/certs - DEBUG 1 [ main] o.o.a.c.c.c.w.CertFileWriter : Attempt to save file truststore.pass in path /var/certs - INFO 1 [ main] o.o.a.c.c.AppExitHandler : Application exits with following exit code: 0 and message: Success + INFO 1 [ main] o.o.o.c.c.c.f.ClientConfigurationFactory : Successful validation of Client configuration. Configuration data: REQUEST_URL: https://oom-cert-service:8443/v1/certificate/, REQUEST_TIMEOUT: 10000, OUTPUT_PATH: /var/certs, CA_NAME: RA, OUTPUT_TYPE: P12 + INFO 1 [ main] o.o.o.c.c.c.f.CsrConfigurationFactory : Successful validation of CSR configuration. Configuration data: COMMON_NAME: onap.org, COUNTRY: US, STATE: California, ORGANIZATION: Linux-Foundation, ORGANIZATION_UNIT: ONAP, LOCATION: San-Francisco, SANS: [{SAN value: example.org, type: dNSName}, {SAN value: test.onap.org, type: dNSName}, {SAN value: onap@onap.org, type: rfc822Name}, {SAN value: 127.0.0.1, type: iPAddress}, {SAN value: onap://cluster.local/, type: uniformResourceIdentifier}] + INFO 1 [ main] o.o.o.c.c.c.KeyPairFactory : KeyPair generation started with algorithm: RSA and key size: 2048 + INFO 1 [ main] o.o.o.c.c.c.CsrFactory : Creation of CSR has been started with following parameters: COMMON_NAME: onap.org, COUNTRY: US, STATE: California, ORGANIZATION: Linux-Foundation, ORGANIZATION_UNIT: ONAP, LOCATION: San-Francisco, SANS: [{SAN value: example.org, type: dNSName}, {SAN value: test.onap.org, type: dNSName}, {SAN value: onap@onap.org, type: rfc822Name}, {SAN value: 127.0.0.1, type: iPAddress}, {SAN value: onap://cluster.local/, type: uniformResourceIdentifier}] + INFO 1 [ main] o.o.o.c.c.c.CsrFactory : Creation of CSR has been completed successfully + INFO 1 [ main] o.o.o.c.c.c.CsrFactory : Conversion of CSR to PEM has been started + INFO 1 [ main] o.o.o.c.c.c.PrivateKeyToPemEncoder : Attempt to encode private key to PEM + INFO 1 [ main] o.o.o.c.c.h.HttpClient : Attempt to send request to API, on url: https://oom-cert-service:8443/v1/certificate/RA + INFO 1 [ main] o.o.o.c.c.h.HttpClient : Received response from API + DEBUG 1 [ main] o.o.o.c.c.c.c.ConvertedArtifactsCreator : Attempt to create keystore files and saving data. File names: keystore.p12, keystore.pass + INFO 1 [ main] o.o.o.c.c.c.c.PemConverter : Conversion of PEM certificates to PKCS12 keystore + DEBUG 1 [ main] o.o.o.c.c.c.w.CertFileWriter : Attempt to save file keystore.p12 in path /var/certs + DEBUG 1 [ main] o.o.o.c.c.c.w.CertFileWriter : Attempt to save file keystore.pass in path /var/certs + DEBUG 1 [ main] o.o.o.c.c.c.c.ConvertedArtifactsCreator : Attempt to create truststore files and saving data. File names: truststore.p12, truststore.pass + INFO 1 [ main] o.o.o.c.c.c.c.PemConverter : Conversion of PEM certificates to PKCS12 truststore + DEBUG 1 [ main] o.o.o.c.c.c.w.CertFileWriter : Attempt to save file truststore.p12 in path /var/certs + DEBUG 1 [ main] o.o.o.c.c.c.w.CertFileWriter : Attempt to save file truststore.pass in path /var/certs + INFO 1 [ main] o.o.o.c.c.AppExitHandler : Application exits with following exit code: 0 and message: Success @@ -186,7 +186,7 @@ You can use the following deployment example as a reference: - name: COUNTRY value: US - name: SANS - value: test.onap.org:onap.com + value: test.onap.org,onap.com,onap@onap.org,127.0.0.1,onap://cluster.local/ - name: KEYSTORE_PATH value: /etc/onap/oom/certservice/certs/certServiceClient-keystore.jks - name: KEYSTORE_PASSWORD |