From 64004833c5c71ae75c8fff71d48e4d3d670ac70e Mon Sep 17 00:00:00 2001 From: Jorge Hernandez Date: Mon, 10 Sep 2018 23:27:53 -0500 Subject: disabling http for configuration services per security recommendations. Change-Id: Ic195f8270c2270239408e33e27f87436878e28b4 Signed-off-by: Jorge Hernandez Issue-ID: POLICY-1104 --- .../src/main/server-gen/bin/telemetry | 4 +- .../main/server/config/policy-engine.properties | 47 +++++++++------------- 2 files changed, 21 insertions(+), 30 deletions(-) (limited to 'policy-management/src/main') diff --git a/policy-management/src/main/server-gen/bin/telemetry b/policy-management/src/main/server-gen/bin/telemetry index 397c2508..7058d64c 100644 --- a/policy-management/src/main/server-gen/bin/telemetry +++ b/policy-management/src/main/server-gen/bin/telemetry @@ -35,10 +35,10 @@ fi if [[ ! -r ${TELEMETRY_SPEC} ]]; then echo "generating new spec .." - if ! http -a "${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD}" :9696/swagger.json > ${TELEMETRY_SPEC} 2> /dev/null; then + if ! http --verify=no -a "${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD}" https://localhost:9696/swagger.json > ${TELEMETRY_SPEC} 2> /dev/null; then echo "error: cannot generate telemetry spec" exit 3 fi fi -exec http-prompt http://localhost:9696/policy/pdp/engine --auth "${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD}" --spec ${TELEMETRY_SPEC} +exec http-prompt https://localhost:9696/policy/pdp/engine --verify=no --auth "${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD}" --spec ${TELEMETRY_SPEC} diff --git a/policy-management/src/main/server/config/policy-engine.properties b/policy-management/src/main/server/config/policy-engine.properties index c89b95bb..758d13eb 100644 --- a/policy-management/src/main/server/config/policy-engine.properties +++ b/policy-management/src/main/server/config/policy-engine.properties @@ -22,36 +22,27 @@ # Configuration Channel Settings: PDPD_CONFIGURATION -ueb.source.topics=${{PDPD_CONFIGURATION_TOPIC}} -ueb.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.servers=${{PDPD_CONFIGURATION_SERVERS}} -ueb.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.apiKey=${{PDPD_CONFIGURATION_API_KEY}} -ueb.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.apiSecret=${{PDPD_CONFIGURATION_API_SECRET}} -ueb.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.consumerGroup=${{PDPD_CONFIGURATION_CONSUMER_GROUP}} -ueb.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.consumerInstance=${{PDPD_CONFIGURATION_CONSUMER_INSTANCE}} -ueb.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.managed=false - -ueb.sink.topics=${{PDPD_CONFIGURATION_TOPIC}} -ueb.sink.topics.${{PDPD_CONFIGURATION_TOPIC}}.servers=${{PDPD_CONFIGURATION_SERVERS}} -ueb.sink.topics.${{PDPD_CONFIGURATION_TOPIC}}.apiKey=${{PDPD_CONFIGURATION_API_KEY}} -ueb.sink.topics.${{PDPD_CONFIGURATION_TOPIC}}.apiSecret=${{PDPD_CONFIGURATION_API_SECRET}} -ueb.sink.topics.${{PDPD_CONFIGURATION_TOPIC}}.partitionKey=${{PDPD_CONFIGURATION_PARTITION_KEY}} -ueb.sink.topics.${{PDPD_CONFIGURATION_TOPIC}}.managed=false - -# temporary configuration to support an http and https server, -# to support the incremental phase out of http. - -http.server.services=CONFIG,SECURED-CONFIG - -http.server.services.CONFIG.host=${{ENGINE_MANAGEMENT_HOST}} -http.server.services.CONFIG.port=${{ENGINE_MANAGEMENT_PORT}} -http.server.services.CONFIG.userName=${{ENGINE_MANAGEMENT_USER}} -http.server.services.CONFIG.password=${{ENGINE_MANAGEMENT_PASSWORD}} -http.server.services.CONFIG.restPackages=org.onap.policy.drools.server.restful -http.server.services.CONFIG.managed=false -http.server.services.CONFIG.swagger=true +dmaap.source.topics=${{PDPD_CONFIGURATION_TOPIC}} +dmaap.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.servers=${{PDPD_CONFIGURATION_SERVERS}} +dmaap.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.apiKey=${{PDPD_CONFIGURATION_API_KEY}} +dmaap.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.apiSecret=${{PDPD_CONFIGURATION_API_SECRET}} +dmaap.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.consumerGroup=${{PDPD_CONFIGURATION_CONSUMER_GROUP}} +dmaap.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.consumerInstance=${{PDPD_CONFIGURATION_CONSUMER_INSTANCE}} +dmaap.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.managed=false +dmaap.source.topics.${{PDPD_CONFIGURATION_TOPIC}}.https=true + +dmaap.sink.topics=${{PDPD_CONFIGURATION_TOPIC}} +dmaap.sink.topics.${{PDPD_CONFIGURATION_TOPIC}}.servers=${{PDPD_CONFIGURATION_SERVERS}} +dmaap.sink.topics.${{PDPD_CONFIGURATION_TOPIC}}.apiKey=${{PDPD_CONFIGURATION_API_KEY}} +dmaap.sink.topics.${{PDPD_CONFIGURATION_TOPIC}}.apiSecret=${{PDPD_CONFIGURATION_API_SECRET}} +dmaap.sink.topics.${{PDPD_CONFIGURATION_TOPIC}}.partitionKey=${{PDPD_CONFIGURATION_PARTITION_KEY}} +dmaap.sink.topics.${{PDPD_CONFIGURATION_TOPIC}}.managed=false +dmaap.sink.topics.${{PDPD_CONFIGURATION_TOPIC}}.https=true + +http.server.services=SECURED-CONFIG http.server.services.SECURED-CONFIG.host=${{ENGINE_MANAGEMENT_HOST}} -http.server.services.SECURED-CONFIG.port=9697 +http.server.services.SECURED-CONFIG.port=9696 http.server.services.SECURED-CONFIG.userName=${{ENGINE_MANAGEMENT_USER}} http.server.services.SECURED-CONFIG.password=${{ENGINE_MANAGEMENT_PASSWORD}} http.server.services.SECURED-CONFIG.restPackages=org.onap.policy.drools.server.restful -- cgit 1.2.3-korg