diff options
author | Jim Hahn <jrh3@att.com> | 2021-03-16 14:52:34 -0400 |
---|---|---|
committer | Jim Hahn <jrh3@att.com> | 2021-03-19 11:21:53 -0400 |
commit | 39b7b9897494d9f14ca196c8f0e2f0bc7e57cf4f (patch) | |
tree | a476ed8a72c4aad8d5e358c674430287960bbdea | |
parent | c6d046f50f01859b9e0873f65bed8621113ec120 (diff) |
Use generated keystore in CSITs
Added code to the CSITs to generate a self-signed certificate, which can
then be mounted over the policy-keystore of each docker image when it is
launched.
Converted xacml's API params to BusTopicParams.
Issue-ID: POLICY-3143
Change-Id: Ic1c25a7f29d87583b81515fd2caf72ba7c44924c
Signed-off-by: Jim Hahn <jrh3@att.com>
23 files changed, 491 insertions, 11 deletions
diff --git a/csit/config/distribution/defaultConfig.json b/csit/config/distribution/defaultConfig.json index facee9bc..140fd706 100644 --- a/csit/config/distribution/defaultConfig.json +++ b/csit/config/distribution/defaultConfig.json @@ -65,6 +65,7 @@ "password": "zb!XztG34" }, "isHttps": true, + "allowSelfSignedCerts": true, "deployPolicies": true } } diff --git a/csit/config/dns_keystore.txt b/csit/config/dns_keystore.txt new file mode 100644 index 00000000..50854a03 --- /dev/null +++ b/csit/config/dns_keystore.txt @@ -0,0 +1,14 @@ +DNS:policy +DNS:drools +DNS:drools.onap +DNS:policy-apex-pdp +DNS:policy-apex-pdp.onap +DNS:policy-api +DNS:policy-api.onap +DNS:policy-distribution +DNS:policy-distribution.onap +DNS:policy-pap +DNS:policy-pap.onap +DNS:policy-xacml-pdp +DNS:policy-xacml-pdp.onap +DNS:policy.api.simpledemo.onap.org diff --git a/csit/config/drools-apps/custom/AAI-http-client.properties b/csit/config/drools-apps/custom/AAI-http-client.properties new file mode 100644 index 00000000..35fa7f61 --- /dev/null +++ b/csit/config/drools-apps/custom/AAI-http-client.properties @@ -0,0 +1,28 @@ +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +http.client.services=AAI + +http.client.services.AAI.managed=true +http.client.services.AAI.https=true +http.client.services.AAI.host=${envd:AAI_HOST} +http.client.services.AAI.port=${envd:AAI_PORT} +http.client.services.AAI.userName=${envd:AAI_USERNAME} +http.client.services.AAI.password=${envd:AAI_PASSWORD} +http.client.services.AAI.contextUriPath=${envd:AAI_CONTEXT_URI} +http.client.services.AAI.selfSignedCertificates=true diff --git a/csit/config/drools-apps/custom/APPC-CL-topic.properties b/csit/config/drools-apps/custom/APPC-CL-topic.properties new file mode 100644 index 00000000..f265b7c6 --- /dev/null +++ b/csit/config/drools-apps/custom/APPC-CL-topic.properties @@ -0,0 +1,28 @@ +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +dmaap.source.topics=APPC-CL +dmaap.sink.topics=APPC-CL + +dmaap.source.topics.APPC-CL.servers=${env:DMAAP_SERVERS} +dmaap.source.topics.APPC-CL.https=true +dmaap.source.topics.APPC-CL.selfSignedCertificates=true + +dmaap.sink.topics.APPC-CL.servers=${env:DMAAP_SERVERS} +dmaap.sink.topics.APPC-CL.https=true +dmaap.sink.topics.APPC-CL.selfSignedCertificates=true diff --git a/csit/config/drools-apps/custom/APPC-LCM-READ-topic.properties b/csit/config/drools-apps/custom/APPC-LCM-READ-topic.properties new file mode 100644 index 00000000..f4a48dcb --- /dev/null +++ b/csit/config/drools-apps/custom/APPC-LCM-READ-topic.properties @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +dmaap.sink.topics=APPC-LCM-READ + +dmaap.sink.topics.APPC-LCM-READ.servers=${env:DMAAP_SERVERS} +dmaap.sink.topics.APPC-LCM-READ.https=true +dmaap.sink.topics.APPC-LCM-READ.selfSignedCertificates=true diff --git a/csit/config/drools-apps/custom/APPC-LCM-WRITE-topic.properties b/csit/config/drools-apps/custom/APPC-LCM-WRITE-topic.properties new file mode 100644 index 00000000..51cb0183 --- /dev/null +++ b/csit/config/drools-apps/custom/APPC-LCM-WRITE-topic.properties @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +dmaap.source.topics=APPC-LCM-WRITE + +dmaap.source.topics.APPC-LCM-WRITE.servers=${env:DMAAP_SERVERS} +dmaap.source.topics.APPC-LCM-WRITE.https=true +dmaap.source.topics.APPC-LCM-WRITE.selfSignedCertificates=true diff --git a/csit/config/drools-apps/custom/DCAE_CL_RSP-topic.properties b/csit/config/drools-apps/custom/DCAE_CL_RSP-topic.properties new file mode 100644 index 00000000..b02f90ce --- /dev/null +++ b/csit/config/drools-apps/custom/DCAE_CL_RSP-topic.properties @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +dmaap.sink.topics=DCAE_CL_RSP + +dmaap.sink.topics.DCAE_CL_RSP.servers=${env:DMAAP_SERVERS} +dmaap.sink.topics.DCAE_CL_RSP.https=true +dmaap.sink.topics.DCAE_CL_RSP.selfSignedCertificates=true diff --git a/csit/config/drools-apps/custom/DCAE_TOPIC-topic.properties b/csit/config/drools-apps/custom/DCAE_TOPIC-topic.properties new file mode 100644 index 00000000..608ba8d4 --- /dev/null +++ b/csit/config/drools-apps/custom/DCAE_TOPIC-topic.properties @@ -0,0 +1,25 @@ +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +dmaap.source.topics=DCAE_TOPIC + +dmaap.source.topics.DCAE_TOPIC.effectiveTopic=${env:DCAE_TOPIC} +dmaap.source.topics.DCAE_TOPIC.servers=${env:DMAAP_SERVERS} +dmaap.source.topics.DCAE_TOPIC.consumerGroup=${env:DCAE_CONSUMER_GROUP} +dmaap.source.topics.DCAE_TOPIC.https=true +dmaap.source.topics.DCAE_TOPIC.selfSignedCertificates=true diff --git a/csit/config/drools-apps/custom/GUARD-http-client.properties b/csit/config/drools-apps/custom/GUARD-http-client.properties new file mode 100644 index 00000000..e4c2553a --- /dev/null +++ b/csit/config/drools-apps/custom/GUARD-http-client.properties @@ -0,0 +1,28 @@ +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +http.client.services=GUARD + +http.client.services.GUARD.managed=true +http.client.services.GUARD.https=true +http.client.services.GUARD.host=${envd:PDP_HOST} +http.client.services.GUARD.port=${envd:PDP_PORT} +http.client.services.GUARD.userName=${envd:PDP_USERNAME} +http.client.services.GUARD.password=${envd:PDP_PASSWORD} +http.client.services.GUARD.contextUriPath=${envd:PDP_CONTEXT_URI:policy/pdpx/v1/} +http.client.services.GUARD.selfSignedCertificates=true diff --git a/csit/config/drools-apps/custom/POLICY-CL-MGT-topic.properties b/csit/config/drools-apps/custom/POLICY-CL-MGT-topic.properties new file mode 100644 index 00000000..f2b68265 --- /dev/null +++ b/csit/config/drools-apps/custom/POLICY-CL-MGT-topic.properties @@ -0,0 +1,22 @@ +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +dmaap.sink.topics=POLICY-CL-MGT +dmaap.sink.topics.POLICY-CL-MGT.servers=${env:DMAAP_SERVERS} +dmaap.sink.topics.POLICY-CL-MGT.https=true +dmaap.sink.topics.POLICY-CL-MGT.selfSignedCertificates=true diff --git a/csit/config/drools-apps/custom/SDNC-http-client.properties b/csit/config/drools-apps/custom/SDNC-http-client.properties new file mode 100644 index 00000000..9115950e --- /dev/null +++ b/csit/config/drools-apps/custom/SDNC-http-client.properties @@ -0,0 +1,28 @@ +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +http.client.services=SDNC + +http.client.services.SDNC.managed=true +http.client.services.SDNC.https=true +http.client.services.SDNC.host=${envd:SDNC_HOST} +http.client.services.SDNC.port=${envd:SDNC_PORT} +http.client.services.SDNC.userName=${envd:SDNC_USERNAME} +http.client.services.SDNC.password=${envd:SDNC_PASSWORD} +http.client.services.SDNC.contextUriPath=${envd:SDNC_CONTEXT_URI} +http.client.services.SDNC.selfSignedCertificates=true diff --git a/csit/config/drools-apps/custom/SDNR-CL-RSP-topic.properties b/csit/config/drools-apps/custom/SDNR-CL-RSP-topic.properties new file mode 100644 index 00000000..27a762c6 --- /dev/null +++ b/csit/config/drools-apps/custom/SDNR-CL-RSP-topic.properties @@ -0,0 +1,22 @@ +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +dmaap.source.topics=SDNR-CL-RSP +dmaap.source.topics.SDNR-CL-RSP.servers=${env:DMAAP_SERVERS} +dmaap.source.topics.SDNR-CL-RSP.https=true +dmaap.source.topics.SDNR-CL-RSP.selfSignedCertificates=true diff --git a/csit/config/drools-apps/custom/SDNR-CL-topic.properties b/csit/config/drools-apps/custom/SDNR-CL-topic.properties new file mode 100644 index 00000000..8f2a26c2 --- /dev/null +++ b/csit/config/drools-apps/custom/SDNR-CL-topic.properties @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +dmaap.sink.topics=SDNR-CL + +dmaap.sink.topics.SDNR-CL.servers=${env:DMAAP_SERVERS} +dmaap.sink.topics.SDNR-CL.https=true +dmaap.sink.topics.SDNR-CL.selfSignedCertificates=true diff --git a/csit/config/drools-apps/custom/SO-http-client.properties b/csit/config/drools-apps/custom/SO-http-client.properties new file mode 100644 index 00000000..7e71e359 --- /dev/null +++ b/csit/config/drools-apps/custom/SO-http-client.properties @@ -0,0 +1,28 @@ +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +http.client.services=SO + +http.client.services.SO.managed=true +http.client.services.SO.https=false +http.client.services.SO.host=${envd:SO_HOST} +http.client.services.SO.port=${envd:SO_PORT} +http.client.services.SO.userName=${envd:SO_USERNAME} +http.client.services.SO.password=${envd:SO_PASSWORD} +http.client.services.SO.contextUriPath=${envd:SO_CONTEXT_URI} +http.client.services.SO.selfSignedCertificates=true diff --git a/csit/config/drools-apps/custom/VFC-http-client.properties b/csit/config/drools-apps/custom/VFC-http-client.properties new file mode 100644 index 00000000..454e8a96 --- /dev/null +++ b/csit/config/drools-apps/custom/VFC-http-client.properties @@ -0,0 +1,28 @@ +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +http.client.services=VFC + +http.client.services.VFC.managed=true +http.client.services.VFC.https=true +http.client.services.VFC.host=${envd:VFC_HOST} +http.client.services.VFC.port=${envd:VFC_PORT} +http.client.services.VFC.userName=${envd:VFC_USERNAME} +http.client.services.VFC.password=${envd:VFC_PASSWORD} +http.client.services.VFC.contextUriPath=${envd:VFC_CONTEXT_URI:api/nslcm/v1/} +http.client.services.VFC.selfSignedCertificates=true diff --git a/csit/config/drools-apps/custom/engine.properties b/csit/config/drools-apps/custom/engine.properties new file mode 100644 index 00000000..cf2ed855 --- /dev/null +++ b/csit/config/drools-apps/custom/engine.properties @@ -0,0 +1,50 @@ +### +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +### + +# Policy Engine Configuration Channels + +dmaap.source.topics=PDPD-CONFIGURATION + +dmaap.source.topics.PDPD-CONFIGURATION.servers=${envd:DMAAP_SERVERS} +dmaap.source.topics.PDPD-CONFIGURATION.effectiveTopic=${envd:PDPD_CONFIGURATION_TOPIC} +dmaap.source.topics.PDPD-CONFIGURATION.apiKey=${envd:PDPD_CONFIGURATION_API_KEY} +dmaap.source.topics.PDPD-CONFIGURATION.apiSecret=${envd:PDPD_CONFIGURATION_API_SECRET} +dmaap.source.topics.PDPD-CONFIGURATION.consumerGroup=${envd:PDPD_CONFIGURATION_CONSUMER_GROUP} +dmaap.source.topics.PDPD-CONFIGURATION.consumerInstance=${envd:PDPD_CONFIGURATION_CONSUMER_INSTANCE} +dmaap.source.topics.PDPD-CONFIGURATION.managed=false +dmaap.source.topics.PDPD-CONFIGURATION.https=true +dmaap.source.topics.PDPD-CONFIGURATION.selfSignedCertificates=true + +http.server.services=SECURED-CONFIG + +http.server.services.SECURED-CONFIG.host=${envd:TELEMETRY_HOST} +http.server.services.SECURED-CONFIG.port=9696 +http.server.services.SECURED-CONFIG.userName=${envd:TELEMETRY_USER} +http.server.services.SECURED-CONFIG.password=${envd:TELEMETRY_PASSWORD} +http.server.services.SECURED-CONFIG.restPackages=org.onap.policy.drools.server.restful +http.server.services.SECURED-CONFIG.managed=false +http.server.services.SECURED-CONFIG.swagger=true +http.server.services.SECURED-CONFIG.https=true +http.server.services.SECURED-CONFIG.aaf=${envd:AAF:false} +http.server.services.SECURED-CONFIG.serialization.provider=org.onap.policy.common.gson.JacksonHandler,org.onap.policy.common.endpoints.http.server.YamlJacksonHandler + +aaf.namespace=${envd:AAF_NAMESPACE:false} +aaf.root.permission=${envd:AAF_NAMESPACE:org.onap.policy}.pdpd + diff --git a/csit/config/drools-apps/custom/feature-lifecycle.properties b/csit/config/drools-apps/custom/feature-lifecycle.properties new file mode 100644 index 00000000..2ce112ee --- /dev/null +++ b/csit/config/drools-apps/custom/feature-lifecycle.properties @@ -0,0 +1,40 @@ +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +lifecycle.pdp.group=${envd:POLICY_PDP_PAP_GROUP:defaultGroup} +lifecycle.pdp.type=${envd:POLICY_PDP_PAP_TYPE:drools} + +# Mandatory policy types that this PDP-D must support at a minimum +lifecycle.pdp.policytypes=${envd:POLICY_PDP_PAP_POLICYTYPES} + +dmaap.source.topics=POLICY-PDP-PAP +dmaap.sink.topics=POLICY-PDP-PAP + +dmaap.source.topics.POLICY-PDP-PAP.servers=${envd:DMAAP_SERVERS} +dmaap.source.topics.POLICY-PDP-PAP.effectiveTopic=${envd:POLICY_PDP_PAP_TOPIC} +dmaap.source.topics.POLICY-PDP-PAP.apiKey=${envd:POLICY_PDP_PAP_API_KEY} +dmaap.source.topics.POLICY-PDP-PAP.apiSecret=${envd:POLICY_PDP_PAP_API_SECRET} +dmaap.source.topics.POLICY-PDP-PAP.https=true +dmaap.source.topics.POLICY-PDP-PAP.selfSignedCertificates=true + +dmaap.sink.topics.POLICY-PDP-PAP.servers=${envd:DMAAP_SERVERS} +dmaap.sink.topics.POLICY-PDP-PAP.effectiveTopic=${envd:POLICY_PDP_PAP_TOPIC} +dmaap.sink.topics.POLICY-PDP-PAP.apiKey=${envd:POLICY_PDP_PAP_API_KEY} +dmaap.sink.topics.POLICY-PDP-PAP.apiSecret=${envd:POLICY_PDP_PAP_API_SECRET} +dmaap.sink.topics.POLICY-PDP-PAP.https=true +dmaap.sink.topics.POLICY-PDP-PAP.selfSignedCertificates=true diff --git a/csit/config/sim-all/simParameters.json b/csit/config/sim-all/simParameters.json index 4b009b6f..70e5a2e7 100644 --- a/csit/config/sim-all/simParameters.json +++ b/csit/config/sim-all/simParameters.json @@ -50,6 +50,7 @@ "servers": ["${HOST_NAME}"], "topicCommInfrastructure": "DMAAP", "useHttps": true, + "allowSelfSignedCerts": true, "apiKey": "some-key", "apiSecret": "some-secret" }, @@ -58,6 +59,7 @@ "servers": ["${HOST_NAME}"], "topicCommInfrastructure": "DMAAP", "useHttps": true, + "allowSelfSignedCerts": true, "apiKey": "some-key", "apiSecret": "some-secret" } @@ -68,6 +70,7 @@ "servers": ["${HOST_NAME}"], "topicCommInfrastructure": "DMAAP", "useHttps": true, + "allowSelfSignedCerts": true, "apiKey": "some-key", "apiSecret": "some-secret" }, @@ -76,6 +79,7 @@ "servers": ["${HOST_NAME}"], "topicCommInfrastructure": "DMAAP", "useHttps": true, + "allowSelfSignedCerts": true, "apiKey": "some-key", "apiSecret": "some-secret" } diff --git a/csit/config/xacml-pdp/defaultConfig.json b/csit/config/xacml-pdp/defaultConfig.json index f489919a..6ffd8bc3 100644 --- a/csit/config/xacml-pdp/defaultConfig.json +++ b/csit/config/xacml-pdp/defaultConfig.json @@ -11,11 +11,12 @@ "aaf": false }, "policyApiParameters": { - "host": "policy-api", + "hostname": "policy-api", "port": 6969, "userName": "healthcheck", "password": "zb!XztG34", - "https": true, + "useHttps": true, + "allowSelfSignedCerts" : true, "aaf": false }, "applicationPath": "/opt/app/policy/pdpx/apps", diff --git a/csit/docker-compose-all.yml b/csit/docker-compose-all.yml index 394631d2..3ef64368 100644 --- a/csit/docker-compose-all.yml +++ b/csit/docker-compose-all.yml @@ -33,6 +33,7 @@ services: hostname: policy.api.simpledemo.onap.org volumes: - ./config/sim-all:/opt/app/policy/simulators/etc/mounted:ro + - ./config/ks.jks:/opt/app/policy/simulators/etc/ssl/policy-keystore:ro expose: - 6666 - 6668 @@ -48,6 +49,7 @@ services: expose: - 6969 volumes: + - ./config/ks.jks:/opt/app/policy/api/etc/ssl/policy-keystore:ro - ./wait_for_port.sh:/opt/app/policy/api/bin/wait_for_port.sh:ro entrypoint: ./wait_for_port.sh command: [ @@ -66,6 +68,7 @@ services: - 6969 volumes: - ./config/pap/defaultConfig.json:/opt/app/policy/pap/etc/defaultConfig.json:ro + - ./config/ks.jks:/opt/app/policy/pap/etc/ssl/policy-keystore:ro - ./wait_for_port.sh:/opt/app/policy/pap/bin/wait_for_port.sh:ro entrypoint: ./wait_for_port.sh command: [ @@ -86,6 +89,7 @@ services: - 6969 volumes: - ./config/xacml-pdp/defaultConfig.json:/opt/app/policy/pdpx/etc/defaultConfig.json:ro + - ./config/ks.jks:/opt/app/policy/pdpx/etc/ssl/policy-keystore:ro - ./wait_for_port.sh:/opt/app/policy/pdpx/bin/wait_for_port.sh:ro entrypoint: ./wait_for_port.sh command: [ @@ -130,6 +134,7 @@ services: - 9696 volumes: - ./config/drools-apps/custom:/tmp/policy-install/config:ro + - ./config/drools-apps/custom/feature-lifecycle.properties:/opt/app/policy/features/lifecycle/config/feature-lifecycle.properties:ro - ./wait_for_port.sh:/opt/app/policy/bin/wait_for_port.sh:ro env_file: - config/drools-apps/env/base.conf @@ -159,6 +164,7 @@ services: - 23324 volumes: - ./config/apex-pdp/OnapPfConfig.json:/opt/app/policy/apex-pdp/etc/onappf/config/OnapPfConfig.json:ro + - ./config/ks.jks:/opt/app/policy/apex-pdp/etc/ssl/policy-keystore:ro - ./wait_for_port.sh:/opt/app/policy/bin/wait_for_port.sh:ro entrypoint: /opt/app/policy/bin/wait_for_port.sh command: [ @@ -178,6 +184,7 @@ services: hostname: policy-distribution volumes: - ./config/distribution/defaultConfig.json:/opt/app/policy/distribution/etc/defaultConfig.json:ro + - ./config/ks.jks:/opt/app/policy/distribution/etc/ssl/policy-keystore:ro - ../distribution/csit/config/temp/:/opt/app/policy/distribution/etc/temp/:ro - ./wait_for_port.sh:/opt/app/policy/bin/wait_for_port.sh:ro entrypoint: /opt/app/policy/bin/wait_for_port.sh diff --git a/csit/gen_keystore.sh b/csit/gen_keystore.sh new file mode 100755 index 00000000..d40ff68a --- /dev/null +++ b/csit/gen_keystore.sh @@ -0,0 +1,38 @@ +#!/bin/bash +# +# ===========LICENSE_START==================================================== +# Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END===================================================== +# + +# +# Generates a self-signed keystore for use by the various policy docker +# images. +# + +DIR="${0%/*}/config" +DNSFILE="${DIR}/dns_keystore.txt" +OUTFILE="${DIR}/ks.jks" + +dn="C=US, O=ONAP, OU=OSAAF, OU=policy@policy.onap.org:DEV, CN=policy" +san=`paste -sd , "${DNSFILE}"` + +rm -f "$OUTFILE" + +keytool -genkeypair -alias "policy@policy.onap.org" -validity 30 \ + -keyalg RSA -dname "$dn" -keystore "$OUTFILE" \ + -keypass Pol1cy_0nap -storepass Pol1cy_0nap -ext "SAN=$san" + +chmod 644 "$OUTFILE" diff --git a/csit/prepare-csit.sh b/csit/prepare-csit.sh index 4ca2c416..4275841f 100755 --- a/csit/prepare-csit.sh +++ b/csit/prepare-csit.sh @@ -50,12 +50,3 @@ rm -rf ${ROBOT_VENV}/src/onap/testsuite pip install --upgrade --extra-index-url="https://nexus3.onap.org/repository/PyPi.staging/simple" 'robotframework-onap==0.5.1.*' --pre pip freeze - -# install chrome driver -if [ ! -x ${ROBOT_VENV}/bin/chromedriver ]; then - pushd ${ROBOT_VENV}/bin - wget -N http://chromedriver.storage.googleapis.com/2.35/chromedriver_linux64.zip - unzip chromedriver_linux64.zip - chmod +x chromedriver - popd -fi diff --git a/csit/run-project-csit.sh b/csit/run-project-csit.sh index 8c020b12..c3d67d9e 100755 --- a/csit/run-project-csit.sh +++ b/csit/run-project-csit.sh @@ -181,6 +181,11 @@ cd "${WORKDIR}" # Sign in to nexus3 docker repo docker login -u docker -p docker nexus3.onap.org:10001 +# Generate keystore to be used by repos +${SCRIPTS}/gen_keystore.sh +cp ${SCRIPTS}/config/ks.jks ${SCRIPTS}/config/drools/custom/policy-keystore +cp ${SCRIPTS}/config/ks.jks ${SCRIPTS}/config/drools-apps/custom/policy-keystore + # Run setup script plan if it exists cd "${TESTPLANDIR}/csit/plans/" SETUP="${TESTPLANDIR}/csit/plans/setup.sh" |