diff options
author | Jorge Hernandez <jh1730@att.com> | 2018-09-10 23:27:53 -0500 |
---|---|---|
committer | Jorge Hernandez <jh1730@att.com> | 2018-09-10 23:38:30 -0500 |
commit | 64004833c5c71ae75c8fff71d48e4d3d670ac70e (patch) | |
tree | 657df5a78d05bf776d35eb2435b7840fb78edd0f /policy-management | |
parent | 6c11303e4a4af3df99754a7c7028284231961fe5 (diff) |
disabling http for configuration services
per security recommendations.
Change-Id: Ic195f8270c2270239408e33e27f87436878e28b4
Signed-off-by: Jorge Hernandez <jh1730@att.com>
Issue-ID: POLICY-1104
Diffstat (limited to 'policy-management')
-rw-r--r-- | policy-management/src/main/server-gen/bin/telemetry | 4 | ||||
-rw-r--r-- | policy-management/src/main/server/config/policy-engine.properties | 47 |
2 files changed, 21 insertions, 30 deletions
diff --git a/policy-management/src/main/server-gen/bin/telemetry b/policy-management/src/main/server-gen/bin/telemetry index 397c2508..7058d64c 100644 --- a/policy-management/src/main/server-gen/bin/telemetry +++ b/policy-management/src/main/server-gen/bin/telemetry @@ -35,10 +35,10 @@ fi if [[ ! -r ${TELEMETRY_SPEC} ]]; then echo "generating new spec .." - if ! http -a "${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD}" :9696/swagger.json > ${TELEMETRY_SPEC} 2> /dev/null; then + if ! http --verify=no -a "${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD}" https://localhost:9696/swagger.json > ${TELEMETRY_SPEC} 2> /dev/null; then echo "error: cannot generate telemetry spec" exit 3 fi fi -exec http-prompt http://localhost:9696/policy/pdp/engine --auth "${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD}" --spec ${TELEMETRY_SPEC} +exec http-prompt https://localhost:9696/policy/pdp/engine --verify=no --auth "${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD}" --spec ${TELEMETRY_SPEC} diff --git a/policy-management/src/main/server/config/policy-engine.properties b/policy-management/src/main/server/config/policy-engine.properties index c89b95bb..758d13eb 100644 --- a/policy-management/src/main/server/config/policy-engine.properties +++ b/policy-management/src/main/server/config/policy-engine.properties @@ -22,36 +22,27 @@ # Configuration Channel Settings: PDPD_CONFIGURATION -ueb.source.topics=${{PDPD_CONFIGURATION_TOPIC}} -ueb.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.servers=${{PDPD_CONFIGURATION_SERVERS}} -ueb.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.apiKey=${{PDPD_CONFIGURATION_API_KEY}} -ueb.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.apiSecret=${{PDPD_CONFIGURATION_API_SECRET}} -ueb.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.consumerGroup=${{PDPD_CONFIGURATION_CONSUMER_GROUP}} -ueb.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.consumerInstance=${{PDPD_CONFIGURATION_CONSUMER_INSTANCE}} -ueb.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.managed=false - -ueb.sink.topics=${{PDPD_CONFIGURATION_TOPIC}} -ueb.sink.topics.${{PDPD_CONFIGURATION_TOPIC}}.servers=${{PDPD_CONFIGURATION_SERVERS}} -ueb.sink.topics.${{PDPD_CONFIGURATION_TOPIC}}.apiKey=${{PDPD_CONFIGURATION_API_KEY}} -ueb.sink.topics.${{PDPD_CONFIGURATION_TOPIC}}.apiSecret=${{PDPD_CONFIGURATION_API_SECRET}} -ueb.sink.topics.${{PDPD_CONFIGURATION_TOPIC}}.partitionKey=${{PDPD_CONFIGURATION_PARTITION_KEY}} -ueb.sink.topics.${{PDPD_CONFIGURATION_TOPIC}}.managed=false - -# temporary configuration to support an http and https server, -# to support the incremental phase out of http. - -http.server.services=CONFIG,SECURED-CONFIG - -http.server.services.CONFIG.host=${{ENGINE_MANAGEMENT_HOST}} -http.server.services.CONFIG.port=${{ENGINE_MANAGEMENT_PORT}} -http.server.services.CONFIG.userName=${{ENGINE_MANAGEMENT_USER}} -http.server.services.CONFIG.password=${{ENGINE_MANAGEMENT_PASSWORD}} -http.server.services.CONFIG.restPackages=org.onap.policy.drools.server.restful -http.server.services.CONFIG.managed=false -http.server.services.CONFIG.swagger=true +dmaap.source.topics=${{PDPD_CONFIGURATION_TOPIC}} +dmaap.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.servers=${{PDPD_CONFIGURATION_SERVERS}} +dmaap.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.apiKey=${{PDPD_CONFIGURATION_API_KEY}} +dmaap.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.apiSecret=${{PDPD_CONFIGURATION_API_SECRET}} +dmaap.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.consumerGroup=${{PDPD_CONFIGURATION_CONSUMER_GROUP}} +dmaap.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.consumerInstance=${{PDPD_CONFIGURATION_CONSUMER_INSTANCE}} +dmaap.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.managed=false +dmaap.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.https=true + +dmaap.sink.topics=${{PDPD_CONFIGURATION_TOPIC}} +dmaap.sink.topics.${{PDPD_CONFIGURATION_TOPIC}}.servers=${{PDPD_CONFIGURATION_SERVERS}} +dmaap.sink.topics.${{PDPD_CONFIGURATION_TOPIC}}.apiKey=${{PDPD_CONFIGURATION_API_KEY}} +dmaap.sink.topics.${{PDPD_CONFIGURATION_TOPIC}}.apiSecret=${{PDPD_CONFIGURATION_API_SECRET}} +dmaap.sink.topics.${{PDPD_CONFIGURATION_TOPIC}}.partitionKey=${{PDPD_CONFIGURATION_PARTITION_KEY}} +dmaap.sink.topics.${{PDPD_CONFIGURATION_TOPIC}}.managed=false +dmaap.sink.topics.${{PDPD_CONFIGURATION_TOPIC}}.https=true + +http.server.services=SECURED-CONFIG http.server.services.SECURED-CONFIG.host=${{ENGINE_MANAGEMENT_HOST}} -http.server.services.SECURED-CONFIG.port=9697 +http.server.services.SECURED-CONFIG.port=9696 http.server.services.SECURED-CONFIG.userName=${{ENGINE_MANAGEMENT_USER}} http.server.services.SECURED-CONFIG.password=${{ENGINE_MANAGEMENT_PASSWORD}} http.server.services.SECURED-CONFIG.restPackages=org.onap.policy.drools.server.restful |