aboutsummaryrefslogtreecommitdiffstats
path: root/docs/sections/release-notes.rst
blob: 8b2536fc154af7b6d9bdbe4c3df54c556ef5ae6b (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129

.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2020-2021 NOKIA
.. _release_notes:

***************************************
OOM Certification Service Release Notes
***************************************

Abstract
========

This document provides the release notes for the Honolulu release.

Summary
=======

Certification Service provides certificates signed by external CMPv2 server - such certificates are further called operators certificates. Operators certificates are meant to secure external ONAP traffic - traffic between network functions (xNFs) and ONAP.

This project was moved from Application Authorization Framework (AAF), to check previous release notes see,  `AAF CertService release notes <https://docs.onap.org/projects/onap-aaf-certservice/en/frankfurt/sections/release-notes.html>`_ .


Release Data
============

+--------------------------------------+---------------------------------------------------------------------------------------+
| **Project**                          | OOM                                                                                   |
|                                      |                                                                                       |
+--------------------------------------+---------------------------------------------------------------------------------------+
| **Docker images**                    |  * onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.3                  |
|                                      |  * onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3               |
|                                      |  * onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3       |
|                                      |  * onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.3|
|                                      |                                                                                       |
+--------------------------------------+---------------------------------------------------------------------------------------+
| **Release designation**              | Honolulu                                                                              |
|                                      |                                                                                       |
+--------------------------------------+---------------------------------------------------------------------------------------+


New features
------------

- `OOM-2560 <https://jira.onap.org/browse/OOM-2560>`_ Integrated CMPv2 certificate provider with Cert-Manager

  An CMPv2 certificate provider is a part of PKI infrastructure. It consumes CertificateRequest custom resource from Cert-Manager and calls CertService API to enroll certificate from CMPv2 server.
  During ONAP deployment, the CMPv2 certificate provider is enabled when flags cmpv2Enabled, CMPv2CertManagerIntegration and platform.enabled equals true.

  More information can be found on dedicated `wiki page <https://wiki.onap.org/display/DW/CertService+and+K8s+Cert-Manager+integration>`_

- `OOM-2632 <https://jira.onap.org/browse/OOM-2632>`_ Extended CertService API and clients to correctly support SANs parameters such as: e-mails, URIs and IP addresses.

**Bug fixes**

- `OOM-2656 <https://jira.onap.org/browse/OOM-2656>`_ Adjusted CertService API to RFC4210 - changed MAC protection algorithm and number of iteration for such algorithm.

- `OOM-2657 <https://jira.onap.org/browse/OOM-2657>`_ Enhanced CertServiceAPI response in order to include CMP server error messages.

- `OOM-2658 <https://jira.onap.org/browse/OOM-2658>`_ Fixed KeyUsage extension sent to CMPv2 server

**Known Issues**

None

Deliverables
------------

Software Deliverables
~~~~~~~~~~~~~~~~~~~~~
Docker images mentioned in Release Date section.

Documentation Deliverables
~~~~~~~~~~~~~~~~~~~~~~~~~~

- :doc:`CMPv2 certificate provider description <cmpv2-cert-provider>`

Known Limitations, Issues and Workarounds
=========================================

System Limitations
------------------

Any known system limitations.


Known Vulnerabilities
---------------------

Any known vulnerabilities.


Workarounds
-----------

Any known workarounds.


Security Notes
--------------

**Fixed Security Issues**

None

**Known Security Issues**

None


Test Results
============
Not applicable


References
==========

For more information on the ONAP Honolulu release, please see:

#. `ONAP Home Page`_
#. `ONAP Documentation`_
#. `ONAP Release Downloads`_
#. `ONAP Wiki Page`_


.. _`ONAP Home Page`: https://www.onap.org
.. _`ONAP Wiki Page`: https://wiki.onap.org
.. _`ONAP Documentation`: https://docs.onap.org
.. _`ONAP Release Downloads`: https://git.onap.org