diff options
-rw-r--r-- | README.md | 4 | ||||
-rw-r--r-- | runtime/pom.xml | 2 | ||||
-rw-r--r-- | runtime/src/main/docker/frontend/Dockerfile | 71 | ||||
-rw-r--r-- | runtime/src/main/docker/frontend/frontend-files.xml | 48 | ||||
-rw-r--r-- | runtime/src/main/docker/frontend/nginx/default.conf | 25 | ||||
-rw-r--r-- | runtime/src/main/docker/frontend/nginx/nginx.conf | 18 | ||||
-rw-r--r-- | runtime/src/main/resources/clds/aaf/ssl/ca-certs.pem | 32 | ||||
-rw-r--r-- | runtime/src/main/resources/clds/aaf/ssl/clamp.key | 32 | ||||
-rw-r--r-- | runtime/src/main/resources/clds/aaf/ssl/clamp.pem | 33 |
9 files changed, 1 insertions, 264 deletions
@@ -150,11 +150,7 @@ resource clds/aaf/org.onap.clamp.p12. - wget https://nexus.onap.org/content/repositories/releases/org/onap/aaf/authz/aaf-cadi-aaf/2.1.13/aaf-cadi-aaf-2.1.13-full.jar - to encrypt or decrypt the store passwords: java -jar aaf-cadi-aaf-2.1.13-full.jar cadi <digest|undigest> changeit testos.key - you can also use the agent.sh script to decrypt the passwords, by running the showpass commands (see wiki below) -- Extract private key from P12: 'openssl pkcs12 -in org.onap.clamp.p12 -nocerts -nodes > clamp.key' -- Extract public certificate from P12: 'openssl pkcs12 -in org.onap.clamp.p12 -clcerts -nokeys > clamp.pem' -- Extract CA certificate from P12: 'openssl pkcs12 -in org.onap.clamp.p12 -cacerts -nokeys -chain > ca-certs.pem' - reference wiki: https://wiki.onap.org/display/DW/AAF+Certificate+Management+for+Dummies -- you need to place new clamp.key, clamp.pem and ca-certs.pem into src/main/resources/clds/aaf/ssl, this will be used by the FrontEnd - you need to replace the password of the generated keystore (clamp uses the p12 keystore), we want to keep the same demo password across release to do so, you can use keytool to update the password and set it back to 'China in the Spring' keytool -storepasswd -keystore ./org.onap.clamp.p12 diff --git a/runtime/pom.xml b/runtime/pom.xml index 98ff42a24..7e3d7b261 100644 --- a/runtime/pom.xml +++ b/runtime/pom.xml @@ -59,7 +59,7 @@ To start POLICY-CLAMP (Build it before. In order to start frontend, is also required policy/gui repo built): - Use docker-compose file in ./extra/docker/clamp/docker-compose.yml - - Use the script located in ./extra/bin/start-backend.sh + start-frontend.sh + - Use the scripts located in ./extra/bin-for-dev/: start-db.sh + start-backend.sh - Use your IDE to use the Jar or start NVM </description> diff --git a/runtime/src/main/docker/frontend/Dockerfile b/runtime/src/main/docker/frontend/Dockerfile deleted file mode 100644 index 1d64d2a2d..000000000 --- a/runtime/src/main/docker/frontend/Dockerfile +++ /dev/null @@ -1,71 +0,0 @@ -### -# ============LICENSE_START======================================================= -# ONAP CLAMP -# ================================================================================ -# Copyright (C) 2019 AT&T Intellectual Property. All rights -# reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END============================================ -# =================================================================== -# -### - -# build environment -FROM node:12.10.0-alpine as build -WORKDIR /app -#ENV PATH /app/node_modules/.bin:$PATH -COPY onap-policy-clamp-frontend/ /app/ -RUN npm install --silent && \ - npm run build - -FROM nginx:1.17.0-alpine - -MAINTAINER "The Onap Team" -LABEL Description="This image contains Clamp frontend" - -ARG http_proxy -ARG https_proxy -ENV HTTP_PROXY=$http_proxy -ENV HTTPS_PROXY=$https_proxy -ENV http_proxy=$HTTP_PROXY -ENV https_proxy=$HTTPS_PROXY - -RUN addgroup onap && \ - adduser -D -G onap clamp && \ - mkdir /var/log/onap && \ - chmod a+rwx /var/log/onap - -COPY --from=build /app/build /usr/share/nginx/html -COPY --from=build /app/ssl /etc/ssl - -RUN rm /etc/nginx/conf.d/default.conf && \ - ln -sf /dev/stdout /var/log/nginx/access.log && \ - ln -sf /dev/stderr /var/log/nginx/error.log - -COPY nginx/nginx.conf /etc/nginx/nginx.conf -COPY nginx/default.conf /etc/nginx/conf.d/default.conf - -WORKDIR /app - -RUN chown -R clamp:onap /app && chmod -R 755 /app && \ - chown -R clamp:onap /var/cache/nginx && \ - chown -R clamp:onap /var/log/nginx && \ - chown -R clamp:onap /etc/nginx/conf.d && \ - touch /var/run/nginx.pid && \ - chown -R clamp:onap /var/run/nginx.pid - -USER clamp -EXPOSE 2443 -CMD ["nginx", "-g", "daemon off;"] - diff --git a/runtime/src/main/docker/frontend/frontend-files.xml b/runtime/src/main/docker/frontend/frontend-files.xml deleted file mode 100644 index aaf32be81..000000000 --- a/runtime/src/main/docker/frontend/frontend-files.xml +++ /dev/null @@ -1,48 +0,0 @@ -<!-- - ============LICENSE_START======================================================= - ECOMP CLAMP - ================================================================================ - Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. - ================================================================================ - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - ============LICENSE_END========================================================= - --> - -<assembly - xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.1" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.1 http://maven.apache.org/xsd/assembly-1.1.1.xsd"> - <id>clamp-files</id> - - <formats> - <format>tar.gz</format> - </formats> - <includeBaseDirectory>false</includeBaseDirectory> - - <fileSets> - <!-- include config files --> - <fileSet> - <excludes> - <exclude>node_modules</exclude> - </excludes> - <directory>${project.build.directory}/${ui.react.src}</directory> - <outputDirectory></outputDirectory> - </fileSet> - <!-- include ssl certificates files obtain from aaf p12 --> - <fileSet> - <directory>${project.basedir}/src/main/resources/clds/aaf/ssl</directory> - <outputDirectory>ssl</outputDirectory> - </fileSet> - </fileSets> - -</assembly> diff --git a/runtime/src/main/docker/frontend/nginx/default.conf b/runtime/src/main/docker/frontend/nginx/default.conf deleted file mode 100644 index 570806034..000000000 --- a/runtime/src/main/docker/frontend/nginx/default.conf +++ /dev/null @@ -1,25 +0,0 @@ -server { - - listen 2443 default ssl; - ssl_protocols TLSv1.2; - ssl_certificate /etc/ssl/clamp.pem; - ssl_certificate_key /etc/ssl/clamp.key; - ssl_verify_client optional_no_ca; - location /restservices/clds/ { - proxy_pass https://policy-clamp-backend:8443; - proxy_set_header X-SSL-Cert $ssl_client_escaped_cert; - } - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - try_files $uri $uri/ /index.html; - } - - error_page 500 502 503 504 /50x.html; - - location = /50x.html { - root /usr/share/nginx/html; - } - -}
\ No newline at end of file diff --git a/runtime/src/main/docker/frontend/nginx/nginx.conf b/runtime/src/main/docker/frontend/nginx/nginx.conf deleted file mode 100644 index a8fdc2a94..000000000 --- a/runtime/src/main/docker/frontend/nginx/nginx.conf +++ /dev/null @@ -1,18 +0,0 @@ -worker_processes 1; -pid /var/run/nginx.pid; -error_log /dev/stdout warn; -events { -} -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - access_log /var/log/nginx/access.log main; - sendfile on; - #tcp_nopush on; - keepalive_timeout 65; - #gzip on; - include /etc/nginx/conf.d/*.conf; - } diff --git a/runtime/src/main/resources/clds/aaf/ssl/ca-certs.pem b/runtime/src/main/resources/clds/aaf/ssl/ca-certs.pem deleted file mode 100644 index 70bb844b7..000000000 --- a/runtime/src/main/resources/clds/aaf/ssl/ca-certs.pem +++ /dev/null @@ -1,32 +0,0 @@ -Bag Attributes - friendlyName: CN=intermediateCA_9,OU=OSAAF,O=ONAP,C=US -subject=C = US, O = ONAP, OU = OSAAF, CN = intermediateCA_9 - -issuer=OU = OSAAF, O = ONAP, C = US - ------BEGIN CERTIFICATE----- -MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB -RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN -MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG -A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL -neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d -o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3 -nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV -v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO -15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw -gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV -M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/ -BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B -AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q -ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl -u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+ -+pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/ -QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht -8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX -kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3 -aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky -uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w -tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep -BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k= ------END CERTIFICATE----- diff --git a/runtime/src/main/resources/clds/aaf/ssl/clamp.key b/runtime/src/main/resources/clds/aaf/ssl/clamp.key deleted file mode 100644 index bcbb9f17e..000000000 --- a/runtime/src/main/resources/clds/aaf/ssl/clamp.key +++ /dev/null @@ -1,32 +0,0 @@ -Bag Attributes - friendlyName: clamp@clamp.onap.org - localKeyID: 54 69 6D 65 20 31 35 38 30 38 32 39 30 36 35 34 37 39 -Key Attributes: <No Attributes> ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCTB30nMh0hczIk -vWJo7Omg7cAHhz50NBhLB7u+60oXRGCya4SqssqqxNnNqNQQP9MmflW2q/bZepWn -8Rk23X6CLmoIUlrj8BMPkUCRqzgvlaWPSNAK5QcOp6GUvXTuX4EsaWxJhbs9Ujz2 -+qi137iNOqfAx1sUygah1kjALrqHkXDqJGvIfxU5ES0akBi/lB7A3WpE52KTioSF -JS5Kbnpj1ogffGNKyAiNqU61LcF1FjWmINat2z3ZMk/3Xm+HCDg/GLPnbh4E1KoE -10O22AMys6YGEyPvgRfrTF13DsDX52PmmUHbkSB6kwS/CeV5Uu++8b6T2IWpPyZ2 -+5ptmL+tAgMBAAECggEBAIUplzRUswWEq7mSvPqC9+YE7pLi7rGYLRhnXKdBuszv -5RQzROjFHcEkoI8fhVFiPP70FPVpMh0uZTTBrDCA0v9cwjPfQuqGmPzUdUJ5bF3M -jzICpEn5vDaNpE5ueOUcIoXyxVyhfj+/p++YfgybHy7qHN0AsYFWqEMTLLjCmbYF -pZozbAcGQoAR8PSfwuvgusuEezrhYertHsdFwlfZhDtJvnm/4YKRUVEBzuaaA7B9 -sUhnQFS8ScqiUbkAGdjfY9wOYRHnQgjtqiP8poIzLkqCNSoVctgh5Pdv4jp4HO90 -J5QC+f7m7rOoWUw8EYbRo/4C4Mckh0GQQ+oP4xzrtZECgYEA3DYALFgOEY+0RR1K -61HAKqdNy1YbeuidpCBEJEwmIbzdgO1DcJdNznbfdRlmS7VB9orwRfNbf7Hxm2w/ -/xn9USENXWx7fvDoISqSDegvEsBSq5hSEMVl3f7CfQZrYl1f6gxfe7L/jtmbn0eQ -avsr9RaUCWP794DEXKuA9pC8hVsCgYEAquy5I4hO4jNBQ6v5+omjsEgk4513/RNs -f47Md8bsDHKJMbCMKCdqM1D3J1xbgV3DgSv0yNlKdU2wenWdgQAyBtz18NBgno85 -YNanFhp1CymgLFHdLJHSOqAkzutSuCNnGTT6AKspOQvy+cuj7XsnbsxtYK3Cgw5h -Mom3RnUy9ZcCgYAnForHVEYDBgAYuI9g39z9dT8Q1dMA6SN6S6Ps0Xt/R5gF15e9 -941/FYiqr3yB+cWgrp7hu8XFD9/0F63waTuW2AgYSjZNnROHN5g/UbRxXqQOA3al -tXRUiHEbYjVTe4GX+ORF/8rvH19JUZmn87ekxII4fH/wOfIhBOxaV+yuuwKBgHtz -5Tizz/3y9TWSdkgtt6uwP+yipLKGn/v1wNrWM1G+PDdGg8TQyxTrasfkHjdu6LFY -dUHIJ85X4ZphbvRolrl8SKq5Zr+/RLsb7qy5SUZZt1Wrfysc25H6bvuA3ksfTuzW -5acr+Oc6KTGgkvMI229cebe1aONNtIhTDav3JGpbAoGAX5DQvNreqnP8qSAvUN2I -TAHXIzawR3f6vgGgVIdkHkiS2eKzs/fgP3VAK80TbrGSR8HvBcPEcR/icOn1u/e6 -tDp0j6mGt5aPKK9VQkBn94bW35T12FUbdB+L8FWWTUrfiVWJtEW8tEsKil5ac8U4 -Bn3vC5WUeKhW6v6kD4AigqE= ------END PRIVATE KEY----- diff --git a/runtime/src/main/resources/clds/aaf/ssl/clamp.pem b/runtime/src/main/resources/clds/aaf/ssl/clamp.pem deleted file mode 100644 index a01b587a5..000000000 --- a/runtime/src/main/resources/clds/aaf/ssl/clamp.pem +++ /dev/null @@ -1,33 +0,0 @@ -Bag Attributes - friendlyName: clamp@clamp.onap.org - localKeyID: 54 69 6D 65 20 31 35 38 30 38 32 39 30 36 35 34 37 39 -subject=CN = clamp, emailAddress = mark.d.manager@people.osaaf.com, OU = clamp@clamp.onap.org:DEV, OU = OSAAF, O = ONAP, C = US - -issuer=C = US, O = ONAP, OU = OSAAF, CN = intermediateCA_9 - ------BEGIN CERTIFICATE----- -MIIEWDCCA0CgAwIBAgIILw1zyDGqB5IwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE -BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp -bnRlcm1lZGlhdGVDQV85MB4XDTIwMDIwNDEyMjM1MloXDTIxMDIwNDEyMjM1Mlow -gY8xDjAMBgNVBAMMBWNsYW1wMS4wLAYJKoZIhvcNAQkBFh9tYXJrLmQubWFuYWdl -ckBwZW9wbGUub3NhYWYuY29tMSEwHwYDVQQLDBhjbGFtcEBjbGFtcC5vbmFwLm9y -ZzpERVYxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJV -UzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJMHfScyHSFzMiS9Ymjs -6aDtwAeHPnQ0GEsHu77rShdEYLJrhKqyyqrE2c2o1BA/0yZ+Vbar9tl6lafxGTbd -foIuaghSWuPwEw+RQJGrOC+VpY9I0ArlBw6noZS9dO5fgSxpbEmFuz1SPPb6qLXf -uI06p8DHWxTKBqHWSMAuuoeRcOoka8h/FTkRLRqQGL+UHsDdakTnYpOKhIUlLkpu -emPWiB98Y0rICI2pTrUtwXUWNaYg1q3bPdkyT/deb4cIOD8Ys+duHgTUqgTXQ7bY -AzKzpgYTI++BF+tMXXcOwNfnY+aZQduRIHqTBL8J5XlS777xvpPYhak/Jnb7mm2Y -v60CAwEAAaOB/jCB+zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB -Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze -81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ -MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUzfIed+18wgFs7E6q0b6BbMICtfsw -RwYDVR0RBEAwPoIFY2xhbXCCCmNsYW1wLW9uYXCCHWNsYW1wLmFwaS5zaW1wbGVk -ZW1vLm9uYXAub3JnggpjbGFtcC5vbmFwMA0GCSqGSIb3DQEBCwUAA4IBAQBizhsW -XrJ9wQy3PrBxgh90sOF15tayXPRZSFYPoQb5LhRh3IY/PvXLaSHlkgPHlCLLx36S -0/DiVf86/83ABvyaq9gJIyg/m4ntNae23OKH1AkA1aN+JCKA8yhsAzDBcRF6Aj7E -VJ+vQlSzz5oh+efP1e/8DUMd1/WwbTXvRd0Iqv/fyZunbjb82qNMrsK1mQ2q+87A -0jx9u1EdeMihP6vWiuKzlwy4mKoNT573SPpvaOkjX3yDlmf2CTQZ9vdAvjmFmVsH -1wyrNZOIgW4VjluiZfAk3mOEskrZiP/7aUXnxmNnYTpgZMbhiouLbRrTc4lLEyhx -G7A61/KGTsLZlvxb ------END CERTIFICATE----- |