From 187d1435142c50e627890ddd5049a9f43ebbe1a2 Mon Sep 17 00:00:00 2001 From: Andreas Geissler Date: Thu, 19 May 2022 15:12:05 +0200 Subject: [DOCS] Update J release notes for cert-service Update the expired certificates and recreate the docker files Update the release notes and update some Sphinx files Fix some linting problems in the files Issue-ID: OOM-2953 Signed-off-by: Andreas Geissler Change-Id: I1a26d7289890eee7fb38b11a45da3db5fc70ba8d --- .readthedocs.yaml | 3 ++ docs/conf.py | 6 ++++ docs/requirements-docs.txt | 6 ++-- docs/sections/build.rst | 2 +- docs/sections/change-log.rst | 30 ++-------------- docs/sections/configuration.rst | 2 +- docs/sections/release-notes.rst | 77 ++++++++++++++++------------------------- docs/tox.ini | 15 +++++--- 8 files changed, 57 insertions(+), 84 deletions(-) diff --git a/.readthedocs.yaml b/.readthedocs.yaml index 3797dc8b..df46e4ce 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -16,5 +16,8 @@ python: install: - requirements: docs/requirements-docs.txt +submodules: + include: all + sphinx: configuration: docs/conf.py diff --git a/docs/conf.py b/docs/conf.py index 1e26e7dc..351d0ccd 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -5,6 +5,12 @@ master_doc = 'index' linkcheck_ignore = [ 'http://localhost', + 'http://ejbca', + 'https://localhost' +] + +exclude_patterns = [ + '.tox' ] extensions = [ diff --git a/docs/requirements-docs.txt b/docs/requirements-docs.txt index 9d2f6fcb..522d8574 100644 --- a/docs/requirements-docs.txt +++ b/docs/requirements-docs.txt @@ -1,5 +1,5 @@ -setuptools -six -sphinxcontrib.openapi lfdocs-conf +sphinx>=4.2.0 # BSD +sphinx-rtd-theme>=1.0.0 # MIT +sphinxcontrib.openapi mistune==0.8.4 diff --git a/docs/sections/build.rst b/docs/sections/build.rst index 27a40b18..2f203992 100644 --- a/docs/sections/build.rst +++ b/docs/sections/build.rst @@ -36,7 +36,7 @@ Environment How to build images? -------------------- -#. Checkout the project from https://gerrit.onap.org/r/#/admin/projects/oom/platform/cert-service +#. Checkout the project from https://gerrit.onap.org/r/admin/repos/oom/platform/cert-service #. Read information stored in README.md file #. Use a Makefile to build images:: diff --git a/docs/sections/change-log.rst b/docs/sections/change-log.rst index 2eef9b32..36e31cca 100644 --- a/docs/sections/change-log.rst +++ b/docs/sections/change-log.rst @@ -4,13 +4,11 @@ Change Log -============== +========== --------- +------- Jakarta --------- - -============== +------- Version: 2.5.0 -------------- @@ -55,14 +53,11 @@ Version: 2.5.0 **Other** -============== -------- Istanbul -------- -============== - Version: 2.4.0 -------------- @@ -106,14 +101,11 @@ Version: 2.4.0 **Other** -============== -------- Honolulu -------- -============== - Version: 2.3.3 -------------- @@ -154,7 +146,6 @@ Version: 2.3.3 **Other** -============== Version: 2.3.2 -------------- @@ -197,7 +188,6 @@ Version: 2.3.2 **Other** -============== Version: 2.3.1 -------------- @@ -238,7 +228,6 @@ Version: 2.3.1 **Other** -============== Version: 2.3.0 -------------- @@ -280,7 +269,6 @@ Version: 2.3.0 **Other** -============== Version: 2.2.0 -------------- @@ -326,15 +314,10 @@ Version: 2.2.0 **Other** - -============= - ------- Guilin ------- -============= - Version: 2.1.0 -------------- @@ -377,7 +360,6 @@ Version: 2.1.0 **Other** -============== Version: 2.0.0 -------------- @@ -418,7 +400,6 @@ Version: 2.0.0 **Other** -=========== Version: 1.2.0 -------------- @@ -459,7 +440,6 @@ Version: 1.2.0 **Other** -=========== Version: 1.1.0 -------------- @@ -500,13 +480,11 @@ Version: 1.1.0 **Other** -=========== ---------- Frankfurt ---------- -=========== Version: 1.0.1 -------------- @@ -548,7 +526,6 @@ The Frankfurt Release is the first release of the Certification Service. **Other** -=========== Version: 1.0.0 -------------- @@ -591,6 +568,5 @@ The Frankfurt Release is the first release of the Certification Service. **Other** -=========== End of Change Log diff --git a/docs/sections/configuration.rst b/docs/sections/configuration.rst index 97630731..6ffe3531 100644 --- a/docs/sections/configuration.rst +++ b/docs/sections/configuration.rst @@ -102,7 +102,7 @@ Note! This must be executed before calling *make all* (from OOM Installation) or 1. Edit *cmpServers.json* file. If OOM *global.addTestingComponents* flag is set to: - *true* - edit *kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json* - - *false* - edit *kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json + - *false* - edit *kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json* 2. Build and start OOM deployment diff --git a/docs/sections/release-notes.rst b/docs/sections/release-notes.rst index 094d10bf..803ba056 100644 --- a/docs/sections/release-notes.rst +++ b/docs/sections/release-notes.rst @@ -11,19 +11,18 @@ OOM Certification Service Release Notes :depth: 2 .. -Version: 2.4.0 +Version: 2.5.0 ============== Abstract -------- -This document provides the release notes for the Istanbul release. +This document provides the release notes for the Jakarta release. Summary ------- -Certificate update use case is now available. For details go to: -:ref:`How to use instructions` +Vulnerability Fix Release Data ------------ @@ -32,12 +31,12 @@ Release Data | **Project** | OOM | | | | +--------------------------------------+---------------------------------------------------------------------------------------+ -| **Docker images** | * onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.4.0 | -| | * onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0 | -| | * onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.4.0| +| **Docker images** | * onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.5.0 | +| | * onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.5.0 | +| | * onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.5.0| | | | +--------------------------------------+---------------------------------------------------------------------------------------+ -| **Release designation** | Istanbul | +| **Release designation** | Jakarta | | | | +--------------------------------------+---------------------------------------------------------------------------------------+ @@ -45,20 +44,8 @@ Release Data New features ------------ -- `OOM-2754 `_ Implement certificate update in CMPv2 external issuer - -- `OOM-2753 `_ Implement certificate update in CMPv2 CertService - -- `OOM-2744 `_ Remove CertService Client mechanism from ONAP - -- `OOM-2649 `_ Update contrib/ejbca to 7.x - **Bug fixes** -- `OOM-2771 `_ Fix CertificateRequest resource was not found issue in CMPv2 external issuer - -- `OOM-2764 `_ Fix sonar issues in CertService - **Known Issues** If Cert-Manager was down for some time and did not trigger certificate update on time, then updating an outdated certificate may require manual actions. @@ -102,7 +89,7 @@ Security Notes **Fixed Security Issues** -None +- `OOM-2903 `_ Fix Apache Vulnerability [CVE-2021-44228] in CertService **Known Security Issues** @@ -124,21 +111,19 @@ For more information on the ONAP Istanbul release, please see: #. `ONAP Release Downloads`_ #. `ONAP Wiki Page`_ -Version: 2.3.3 +Version: 2.4.0 ============== Abstract -------- -This document provides the release notes for the Honolulu release. +This document provides the release notes for the Istanbul release. Summary ------- -Certification Service provides certificates signed by external CMPv2 server - such certificates are further called operators certificates. Operators certificates are meant to secure external ONAP traffic - traffic between network functions (xNFs) and ONAP. - -This project was moved from Application Authorization Framework (AAF), to check previous release notes see, `AAF CertService release notes `_ . - +Certificate update use case is now available. For details go to: +:ref:`How to use instructions` Release Data ------------ @@ -147,13 +132,12 @@ Release Data | **Project** | OOM | | | | +--------------------------------------+---------------------------------------------------------------------------------------+ -| **Docker images** | * onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.3 | -| | * onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3 | -| | * onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3 | -| | * onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.3| +| **Docker images** | * onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.4.0 | +| | * onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0 | +| | * onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.4.0| | | | +--------------------------------------+---------------------------------------------------------------------------------------+ -| **Release designation** | Honolulu | +| **Release designation** | Istanbul | | | | +--------------------------------------+---------------------------------------------------------------------------------------+ @@ -161,26 +145,24 @@ Release Data New features ------------ -- `OOM-2560 `_ Integrated CMPv2 certificate provider with Cert-Manager +- `OOM-2754 `_ Implement certificate update in CMPv2 external issuer - An CMPv2 certificate provider is a part of PKI infrastructure. It consumes CertificateRequest custom resource from Cert-Manager and calls CertService API to enroll certificate from CMPv2 server. - During ONAP deployment, the CMPv2 certificate provider is enabled when flags cmpv2Enabled, CMPv2CertManagerIntegration and platform.enabled equals true. +- `OOM-2753 `_ Implement certificate update in CMPv2 CertService - More information can be found on dedicated `wiki page `_ +- `OOM-2744 `_ Remove CertService Client mechanism from ONAP -- `OOM-2632 `_ Extended CertService API and clients to correctly support SANs parameters such as: e-mails, URIs and IP addresses. +- `OOM-2649 `_ Update contrib/ejbca to 7.x **Bug fixes** -- `OOM-2656 `_ Adjusted CertService API to RFC4210 - changed MAC protection algorithm and number of iteration for such algorithm. - -- `OOM-2657 `_ Enhanced CertServiceAPI response in order to include CMP server error messages. +- `OOM-2771 `_ Fix CertificateRequest resource was not found issue in CMPv2 external issuer -- `OOM-2658 `_ Fixed KeyUsage extension sent to CMPv2 server +- `OOM-2764 `_ Fix sonar issues in CertService **Known Issues** -None +If Cert-Manager was down for some time and did not trigger certificate update on time, then updating an outdated certificate may require manual actions. +The required actions are described in :ref:`Troubleshooting section ` Deliverables ------------ @@ -198,19 +180,19 @@ Known Limitations, Issues and Workarounds ----------------------------------------- System Limitations ------------------- +~~~~~~~~~~~~~~~~~~ Any known system limitations. Known Vulnerabilities ---------------------- +~~~~~~~~~~~~~~~~~~~~~ Any known vulnerabilities. Workarounds ------------ +~~~~~~~~~~~ Any known workarounds. @@ -235,15 +217,14 @@ Not applicable References ---------- -For more information on the ONAP Honolulu release, please see: +For more information on the ONAP Istanbul release, please see: #. `ONAP Home Page`_ #. `ONAP Documentation`_ #. `ONAP Release Downloads`_ #. `ONAP Wiki Page`_ - .. _`ONAP Home Page`: https://www.onap.org .. _`ONAP Wiki Page`: https://wiki.onap.org .. _`ONAP Documentation`: https://docs.onap.org -.. _`ONAP Release Downloads`: https://git.onap.org +.. _`ONAP Release Downloads`: https://git.onap.org \ No newline at end of file diff --git a/docs/tox.ini b/docs/tox.ini index 42ffa687..509ac7d2 100644 --- a/docs/tox.ini +++ b/docs/tox.ini @@ -1,6 +1,6 @@ [tox] minversion = 1.6 -envlist = docs, +envlist = docs,docs-linkcheck skipsdist = true [testenv:docs] @@ -10,7 +10,7 @@ deps = -chttps://git.onap.org/doc/plain/etc/upper-constraints.os.txt -chttps://git.onap.org/doc/plain/etc/upper-constraints.onap.txt commands = - sphinx-build -b html -n -d {envtmpdir}/doctrees ./ {toxinidir}/_build/html + sphinx-build -W -b html -n -d {envtmpdir}/doctrees ./ {toxinidir}/_build/html echo "Generated docs available in {toxinidir}/_build/html" whitelist_externals = echo @@ -19,7 +19,14 @@ whitelist_externals = [testenv:docs-linkcheck] basepython = python3 +deps = + -r{toxinidir}/requirements-docs.txt + -chttps://git.onap.org/doc/plain/etc/upper-constraints.os.txt?h=master + -chttps://git.onap.org/doc/plain/etc/upper-constraints.onap.txt?h=master +commands = + sphinx-build -W -b linkcheck -d {envtmpdir}/doctrees ./ {toxinidir}/_build/linkcheck + #deps = -r{toxinidir}/requirements-docs.txt -commands = echo "Link Checking not enforced" +#commands = echo "Link Checking not enforced" #commands = sphinx-build -b linkcheck -d {envtmpdir}/doctrees ./ {toxinidir}/_build/linkcheck -whitelist_externals = echo +#whitelist_externals = echo -- cgit 1.2.3-korg