blob: 094d10bf0f67c0b1ef90710637a71bf8c46f078c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
|
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2020-2021 NOKIA
.. _release_notes:
***************************************
OOM Certification Service Release Notes
***************************************
.. contents::
:depth: 2
..
Version: 2.4.0
==============
Abstract
--------
This document provides the release notes for the Istanbul release.
Summary
-------
Certificate update use case is now available. For details go to:
:ref:`How to use instructions<how_to_use_certificate_update>`
Release Data
------------
+--------------------------------------+---------------------------------------------------------------------------------------+
| **Project** | OOM |
| | |
+--------------------------------------+---------------------------------------------------------------------------------------+
| **Docker images** | * onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.4.0 |
| | * onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0 |
| | * onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.4.0|
| | |
+--------------------------------------+---------------------------------------------------------------------------------------+
| **Release designation** | Istanbul |
| | |
+--------------------------------------+---------------------------------------------------------------------------------------+
New features
------------
- `OOM-2754 <https://jira.onap.org/browse/OOM-2754>`_ Implement certificate update in CMPv2 external issuer
- `OOM-2753 <https://jira.onap.org/browse/OOM-2753>`_ Implement certificate update in CMPv2 CertService
- `OOM-2744 <https://jira.onap.org/browse/OOM-2744>`_ Remove CertService Client mechanism from ONAP
- `OOM-2649 <https://jira.onap.org/browse/OOM-2649>`_ Update contrib/ejbca to 7.x
**Bug fixes**
- `OOM-2771 <https://jira.onap.org/browse/OOM-2771>`_ Fix CertificateRequest resource was not found issue in CMPv2 external issuer
- `OOM-2764 <https://jira.onap.org/browse/OOM-2764>`_ Fix sonar issues in CertService
**Known Issues**
If Cert-Manager was down for some time and did not trigger certificate update on time, then updating an outdated certificate may require manual actions.
The required actions are described in :ref:`Troubleshooting section <troubleshooting>`
Deliverables
------------
Software Deliverables
~~~~~~~~~~~~~~~~~~~~~
Docker images mentioned in Release Date section.
Documentation Deliverables
~~~~~~~~~~~~~~~~~~~~~~~~~~
- :ref:`CMPv2 certificate provider description <cmpv2_cert_provider>`
Known Limitations, Issues and Workarounds
-----------------------------------------
System Limitations
~~~~~~~~~~~~~~~~~~
Any known system limitations.
Known Vulnerabilities
~~~~~~~~~~~~~~~~~~~~~
Any known vulnerabilities.
Workarounds
~~~~~~~~~~~
Any known workarounds.
Security Notes
--------------
**Fixed Security Issues**
None
**Known Security Issues**
None
Test Results
------------
Not applicable
References
----------
For more information on the ONAP Istanbul release, please see:
#. `ONAP Home Page`_
#. `ONAP Documentation`_
#. `ONAP Release Downloads`_
#. `ONAP Wiki Page`_
Version: 2.3.3
==============
Abstract
--------
This document provides the release notes for the Honolulu release.
Summary
-------
Certification Service provides certificates signed by external CMPv2 server - such certificates are further called operators certificates. Operators certificates are meant to secure external ONAP traffic - traffic between network functions (xNFs) and ONAP.
This project was moved from Application Authorization Framework (AAF), to check previous release notes see, `AAF CertService release notes <https://docs.onap.org/projects/onap-aaf-certservice/en/frankfurt/sections/release-notes.html>`_ .
Release Data
------------
+--------------------------------------+---------------------------------------------------------------------------------------+
| **Project** | OOM |
| | |
+--------------------------------------+---------------------------------------------------------------------------------------+
| **Docker images** | * onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.3 |
| | * onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3 |
| | * onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3 |
| | * onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.3|
| | |
+--------------------------------------+---------------------------------------------------------------------------------------+
| **Release designation** | Honolulu |
| | |
+--------------------------------------+---------------------------------------------------------------------------------------+
New features
------------
- `OOM-2560 <https://jira.onap.org/browse/OOM-2560>`_ Integrated CMPv2 certificate provider with Cert-Manager
An CMPv2 certificate provider is a part of PKI infrastructure. It consumes CertificateRequest custom resource from Cert-Manager and calls CertService API to enroll certificate from CMPv2 server.
During ONAP deployment, the CMPv2 certificate provider is enabled when flags cmpv2Enabled, CMPv2CertManagerIntegration and platform.enabled equals true.
More information can be found on dedicated `wiki page <https://wiki.onap.org/display/DW/CertService+and+K8s+Cert-Manager+integration>`_
- `OOM-2632 <https://jira.onap.org/browse/OOM-2632>`_ Extended CertService API and clients to correctly support SANs parameters such as: e-mails, URIs and IP addresses.
**Bug fixes**
- `OOM-2656 <https://jira.onap.org/browse/OOM-2656>`_ Adjusted CertService API to RFC4210 - changed MAC protection algorithm and number of iteration for such algorithm.
- `OOM-2657 <https://jira.onap.org/browse/OOM-2657>`_ Enhanced CertServiceAPI response in order to include CMP server error messages.
- `OOM-2658 <https://jira.onap.org/browse/OOM-2658>`_ Fixed KeyUsage extension sent to CMPv2 server
**Known Issues**
None
Deliverables
------------
Software Deliverables
~~~~~~~~~~~~~~~~~~~~~
Docker images mentioned in Release Date section.
Documentation Deliverables
~~~~~~~~~~~~~~~~~~~~~~~~~~
- :ref:`CMPv2 certificate provider description <cmpv2_cert_provider>`
Known Limitations, Issues and Workarounds
-----------------------------------------
System Limitations
------------------
Any known system limitations.
Known Vulnerabilities
---------------------
Any known vulnerabilities.
Workarounds
-----------
Any known workarounds.
Security Notes
--------------
**Fixed Security Issues**
None
**Known Security Issues**
None
Test Results
------------
Not applicable
References
----------
For more information on the ONAP Honolulu release, please see:
#. `ONAP Home Page`_
#. `ONAP Documentation`_
#. `ONAP Release Downloads`_
#. `ONAP Wiki Page`_
.. _`ONAP Home Page`: https://www.onap.org
.. _`ONAP Wiki Page`: https://wiki.onap.org
.. _`ONAP Documentation`: https://docs.onap.org
.. _`ONAP Release Downloads`: https://git.onap.org
|