aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorvrvarma <vv8305@att.com>2019-04-10 15:13:38 -0400
committervrvarma <vv8305@att.com>2019-04-10 15:45:20 -0400
commit75f7a15a5a14af434e0e8430fcec880106d64dbf (patch)
treea42df7dc1a43b1d3156f1a941f42b504f2e865e8
parent4198ff2f181030c73b4cf43979fd8a40adf80f70 (diff)
Implement osdf code to enable ssl
Fix aaf related permissions Change-Id: Id458d7198d1ccef66e816d39bb7f8dce787c9a80 Signed-off-by: vrvarma <vv8305@att.com> Issue-ID: OPTFRA-223 Signed-off-by: vrvarma <vv8305@att.com>
-rwxr-xr-xconfig/osdf_config.yaml6
-rwxr-xr-xosdfapp.py16
-rwxr-xr-xtest/config/osdf_config.yaml3
-rw-r--r--test/test_aaf_authentication.py6
4 files changed, 22 insertions, 9 deletions
diff --git a/config/osdf_config.yaml b/config/osdf_config.yaml
index c867171..2abc651 100755
--- a/config/osdf_config.yaml
+++ b/config/osdf_config.yaml
@@ -36,10 +36,8 @@ is_aaf_enabled: False
aaf_cache_expiry_mins: 5
aaf_url: https://aaftest.simpledemo.onap.org:8095
aaf_user_roles:
- - /api/oof/v1/placement:org.onap.osdf.access|*|read ALL
- - /api/oof/placement/v1:org.onap.osdf.access|*|read ALL
- - /api/oof/v1/pci:org.onap.osdf.access|*|read ALL
- - /api/oof/pci/v1:org.onap.osdf.access|*|read ALL
+ - '/placement:org.onap.oof.access|*|read ALL'
+ - '/pci:org.onap.oof.access|*|read ALL'
# Secret Management Service from AAF
aaf_sms_url: https://aaf-sms.onap:10443
diff --git a/osdfapp.py b/osdfapp.py
index ed518b2..b8afbf4 100755
--- a/osdfapp.py
+++ b/osdfapp.py
@@ -21,6 +21,7 @@ OSDF Manager Main Flask Application
"""
import json
+import ssl
import sys
import traceback
from optparse import OptionParser
@@ -99,6 +100,12 @@ def handle_data_error(e):
def do_osdf_health_check():
"""Simple health check"""
audit_log.info("A health check request is processed!")
+ return "OK"
+
+
+@app.route("/api/oof/loadmodels/v1", methods=["GET"])
+def do_osdf_load_policies():
+ audit_log.info("Uploading policy models")
"""Upload policy models"""
response = upload_policy_models()
audit_log.info(response)
@@ -196,6 +203,13 @@ def get_options(argv):
return opts
+def build_ssl_context():
+ ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
+ ssl_context.set_ciphers('ECDHE-RSA-AES128-SHA256:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH')
+ ssl_context.load_cert_chain(sys_conf['ssl_context'][0], sys_conf['ssl_context'][1])
+ return ssl_context
+
+
if __name__ == "__main__":
sys_conf = osdf_config['core']['osdf_system']
@@ -207,7 +221,7 @@ if __name__ == "__main__":
ssl_opts = sys_conf.get('ssl_context')
if ssl_opts:
- common_app_opts.update({'ssl_context': tuple(ssl_opts)})
+ common_app_opts.update({'ssl_context': build_ssl_context()})
opts = get_options(sys.argv)
# Load secrets from SMS
diff --git a/test/config/osdf_config.yaml b/test/config/osdf_config.yaml
index 7582696..eaa31ff 100755
--- a/test/config/osdf_config.yaml
+++ b/test/config/osdf_config.yaml
@@ -51,7 +51,8 @@ is_aaf_enabled: False
aaf_cache_expiry_mins: 5
aaf_url: https://aaftest.simpledemo.onap.org:8095
aaf_user_roles:
- - /api/oof/v1/placement:org.onap.osdf.access|*|read ALL
+ - '/placement:org.onap.oof.access|*|read ALL'
+ - '/pci:org.onap.oof.access|*|read ALL'
# Secret Management Service from AAF
aaf_sms_url: https://aaf-sms.onap:10443
diff --git a/test/test_aaf_authentication.py b/test/test_aaf_authentication.py
index e69b2aa..6911337 100644
--- a/test/test_aaf_authentication.py
+++ b/test/test_aaf_authentication.py
@@ -34,7 +34,7 @@ class TestAafAuthentication():
def mock_aaf_response(*args, **kwargs):
return {"perm": [{"instance": "menu_ecd", "action": "*", "type": "org.onap.oof.controller.dev.menu"},
- {"instance": "*", "action": "read", "type": "org.onap.osdf.access"},
+ {"instance": "*", "action": "read", "type": "org.onap.oof.access"},
{"instance": "aaf", "action": "request", "type": "org.onap.osdf.certman"},
{"instance": "*", "action": "*", "type": "org.onap.osdf.dev.access"},
{"instance": ":*:*", "action": "*", "type": "org.onap.osdf.dev.k8"},
@@ -50,7 +50,7 @@ class TestAafAuthentication():
def mock_aaf_response(*args, **kwargs):
return {"perm": [{"instance": "menu_ecd", "action": "*", "type": "org.onap.osdf.controller.dev.menu"},
- {"instance": "*", "action": "read", "type": "org.onap.osdf.access"},
+ {"instance": "*", "action": "read", "type": "org.onap.oof.access"},
{"instance": "aaf", "action": "request", "type": "org.onap.osdf.certman"},
{"instance": "*", "action": "*", "type": "org.onap.osdf.dev.access"},
{"instance": ":*:*", "action": "*", "type": "org.onap.osdf.dev.k8"},
@@ -78,7 +78,7 @@ class TestAafAuthentication():
def mock_aaf_response(*args, **kwargs):
return {"perm": [{"instance": "menu_ecd", "action": "*", "type": "org.onap.oof.controller.dev.menu"},
- {"instance": "*", "action": "*", "type": "org.onap.osdf.access"},
+ {"instance": "*", "action": "*", "type": "org.onap.oof.access"},
{"instance": "aaf", "action": "request", "type": "org.onap.osdf.certman"},
{"instance": "*", "action": "*", "type": "org.onap.osdf.dev.access"},
{"instance": ":*:*", "action": "*", "type": "org.onap.osdf.dev.k8"},