aboutsummaryrefslogtreecommitdiffstats
path: root/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be
diff options
context:
space:
mode:
authorMichaelMorris <michael.morris@est.tech>2023-09-13 12:12:46 +0100
committerVasyl Razinkov <vasyl.razinkov@est.tech>2023-09-27 20:50:45 +0000
commit5f3e9912406897ee18c424b940881ce08d59bb44 (patch)
tree044f7d60aa41ddbd8f0fdeb54f2e16ff21bd58bf /catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be
parentd4fd2ca0fba827042fc5313efeaf9cdf850be647 (diff)
Remove legacy certificate handling
Signed-off-by: MichaelMorris <michael.morris@est.tech> Issue-ID: SDC-4621 Change-Id: I834f2a0a4f73693dbb656dfa9186506bf88c62c1
Diffstat (limited to 'catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be')
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb42
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi.properties4
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi_truststore.jks4
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/keyfile4
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12bin4443 -> 0 bytes
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jksbin1413 -> 0 bytes
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_10_setup_cadi.rb37
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_locate_keystore.rb23
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb15
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb42
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/cadi.properties.erb54
11 files changed, 0 insertions, 225 deletions
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
index a3e519826c..3f7a041a4c 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
@@ -12,14 +12,6 @@ default['disableHttp'] = true
#| |
#+----------------------------------+
-default['jetty']['dmaap_truststore_pwd'] = "dmaap_truststore_pwd"
-default['jetty']['keystore_pwd'] = "?(kP!Yur![*!Y5!E^f(ZKc31"
-default['jetty']['keymanager_pwd'] = "?(kP!Yur![*!Y5!E^f(ZKc31"
-default['jetty']['truststore_path'] = "#{ENV['JETTY_BASE']}/etc/truststore"
-# TO CHANGE THE TRUSTSTORE CERT THE JVM CONFIGURATION
-# MUST BE ALSO CHANGE IN THE startup.sh FILE
-default['jetty'][:truststore_pwd] = "z+KEj;t+,KN^iimSiS89e#p0"
-
#BasicAuth
default['basic_auth']['enabled'] = false
default['basic_auth'][:user_name] = "testName"
@@ -33,7 +25,6 @@ default['cassandra']['cluster_name'] = "SDC-CS-"
default['cassandra']['socket_read_timeout'] = 20000
default['cassandra']['socket_connect_timeout'] = 20000
default['cassandra']['janusgraph_connection_timeout'] = 10000
-default['cassandra'][:truststore_password] = "Aa123456"
default['cassandra']['janusgraph_config_file'] = "#{ENV['JETTY_BASE']}/config/catalog-be/janusgraph.properties"
default['cassandra'][:db_cache] = true
default['cassandra'][:read_consistency_level] = "ONE"
@@ -82,36 +73,3 @@ default['DMAAP']['consumer']['topic'] = "com.onap.ccd.CCD-CatalogManagement-v1"
default['DMAAP']['consumer']['username'] = "user"
default['DMAAP']['partitioncount'] = "3"
default['DMAAP']['replicationcount'] = "3"
-
-
-#+----------------------------------+
-#| |
-#| Access Restriction / CADI |
-#| |
-#+----------------------------------+
-
-# Cadi
-default['access_restriction']['cadi_root_dir'] = "#{ENV['JETTY_BASE']}/etc"
-default['access_restriction']['cadi_keyfile'] = "#{ENV['JETTY_BASE']}/etc/org.onap.sdc.p12"
-default['access_restriction']['cadi_loglevel'] = "DEBUG"
-default['access_restriction']['cadi_truststore'] = "#{ENV['JETTY_BASE']}/etc/org.onap.sdc.trust.jks"
-default['access_restriction']['cadi_truststore_password'] = "changeit"
-default['access_restriction']['cadiX509Issuers'] = "CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US"
-default['access_restriction']['encrypted_password'] = "enc:AccessRestrictionEncryptedPassword"
-default['access_restriction_key'] = nil
-
-# Access Restriction Key
-default['aafNamespace'] = "com.onap.sdc"
-default['access_restriction']['aaf_env'] = "TEST"
-default['access_restriction']['aaf_id'] = "user"
-default['access_restriction']['aaf_locate_url'] = ""
-default['access_restriction']['aaf_password'] = "enc:AafEncriptedPassword"
-default['access_restriction']['aaf_url'] = ""
-default['access_restriction']['aafAuthNeeded'] = false
-default['access_restriction']['AFT_DME2_CLIENT_IGNORE_SSL_CONFIG'] = true
-default['access_restriction']['AFT_DME2_HTTP_EXCHANGE_TRACE_ON'] = true
-default['access_restriction']['AFT_ENVIRONMENT'] = "AFTUAT"
-default['access_restriction']['csp_domain'] = "PROD"
-default['access_restriction']['excluded_urls'] = "'/.*'"
-default['access_restriction']['excluded_urls_onboarding'] = "'/.*'"
-
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi.properties b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi.properties
deleted file mode 100644
index 1011ba344d..0000000000
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi.properties
+++ /dev/null
@@ -1,4 +0,0 @@
-#############################################################
-# This file should be replaced with jetty cadi.properties: #
-# /var/lib/jetty/base/be/etc/cadi.properties #
-#############################################################
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi_truststore.jks b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi_truststore.jks
deleted file mode 100644
index 0835ef4542..0000000000
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi_truststore.jks
+++ /dev/null
@@ -1,4 +0,0 @@
-##################################################################
-## This file should be replaced with jetty cadi_truststore.jks: #
-## /var/lib/jetty/base/be/etc/cadi_truststore.jks #
-##################################################################
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/keyfile b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/keyfile
deleted file mode 100644
index 43d20d4c05..0000000000
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/keyfile
+++ /dev/null
@@ -1,4 +0,0 @@
-#############################################################
-# This file should be replaced with jetty keyfile: #
-# /var/lib/jetty/base/be/etc/keyfile #
-#############################################################
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12 b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12
deleted file mode 100644
index 446856071b..0000000000
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12
+++ /dev/null
Binary files differ
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks
deleted file mode 100644
index e6686cc08c..0000000000
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks
+++ /dev/null
Binary files differ
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_10_setup_cadi.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_10_setup_cadi.rb
deleted file mode 100644
index e7d11c9f2d..0000000000
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_10_setup_cadi.rb
+++ /dev/null
@@ -1,37 +0,0 @@
-jetty_base = "#{ENV['JETTY_BASE']}"
-
-
-directory "Jetty_etc_dir_creation" do
- path "#{jetty_base}/etc"
- owner "#{ENV['JETTY_USER']}"
- owner "#{ENV['JETTY_GROUP']}"
- mode '0755'
- action :create
- not_if { ::File.directory?("#{jetty_base}/etc") }
-end
-
-
-cookbook_file "#{jetty_base}/etc/keyfile" do
- source "keyfile"
- owner "#{ENV['JETTY_USER']}"
- owner "#{ENV['JETTY_GROUP']}"
- mode 0755
-end
-
-
-cookbook_file "#{jetty_base}/etc/cadi_truststore.jks" do
- source "cadi_truststore.jks"
- owner "#{ENV['JETTY_USER']}"
- owner "#{ENV['JETTY_GROUP']}"
- mode 0755
-end
-
-
-template "#{jetty_base}/etc/cadi.properties" do
- path "#{jetty_base}/etc/cadi.properties"
- source "cadi.properties.erb"
- owner "#{ENV['JETTY_USER']}"
- owner "#{ENV['JETTY_GROUP']}"
- mode "0755"
-end
-
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_locate_keystore.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_locate_keystore.rb
deleted file mode 100644
index 176edcf71c..0000000000
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_locate_keystore.rb
+++ /dev/null
@@ -1,23 +0,0 @@
-
-directory "Jetty_etcdir_creation" do
- path "#{ENV['JETTY_BASE']}/etc"
- owner "#{ENV['JETTY_USER']}"
- owner "#{ENV['JETTY_GROUP']}"
- mode '0755'
- action :create
-end
-
-cookbook_file "#{ENV['JETTY_BASE']}/etc/org.onap.sdc.p12" do
- source "org.onap.sdc.p12"
- owner "#{ENV['JETTY_USER']}"
- owner "#{ENV['JETTY_GROUP']}"
- mode 0755
-end
-
-cookbook_file "#{ENV['JETTY_BASE']}/etc/org.onap.sdc.trust.jks" do
- source "org.onap.sdc.trust.jks"
- owner "#{ENV['JETTY_USER']}"
- owner "#{ENV['JETTY_GROUP']}"
- mode 0755
-end
-
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb
index 5655d0fd6f..f029fb07fe 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb
@@ -41,18 +41,3 @@ template "https-ini" do
mode "0755"
variables :https_port => "#{node['BE'][:https_port]}"
end
-
-
-template "ssl-ini" do
- path "#{ENV['JETTY_BASE']}/start.d/ssl.ini"
- source "ssl-ini.erb"
- owner "#{ENV['JETTY_USER']}"
- group "#{ENV['JETTY_GROUP']}"
- mode "0755"
- variables ({
- :https_port => "#{node['BE'][:https_port]}" ,
- :jetty_keystore_pwd => "#{node['jetty'][:keystore_pwd]}" ,
- :jetty_keymanager_pwd => "#{node['jetty'][:keymanager_pwd]}" ,
- :jetty_truststore_pwd => "#{node['jetty'][:truststore_pwd]}"
- })
-end
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
index 9a2437c2c1..d6d034fcb6 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
@@ -81,20 +81,6 @@ users:
tom: passwd
bob: passwd
-# access restriction
-authCookie:
- securityKey: "sdcaccessrestrictionsecureykey"
- maxSessionTimeOut: 86400000
- sessionIdleTimeOut: 3600000
- cookieName: "AuthenticationCookie"
- path: /
- domain: ""
- isHttpOnly: true
- # redirect variable name from portal.properties file
- redirectURL: ""
- excludedUrls: [<%= node['access_restriction']['excluded_urls'] %>]
- onboardingExcludedUrls: [<%= node['access_restriction']['excluded_urls_onboarding'] %>]
-
basicAuth:
enabled: <%= @basic_auth_flag %>
userName: <%= @user_name %>
@@ -112,8 +98,6 @@ cassandraConfig:
username: <%= @cassandra_usr %>
password: <%= @cassandra_pwd %>
ssl: <%= @cassandra_ssl_enabled %>
- truststorePath : <%= node['jetty']['truststore_path'] %>
- truststorePassword : <%= @cassandra_truststore_password %>
keySpaces:
- { name: dox, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']}
- { name: sdcaudit, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']}
@@ -1004,8 +988,6 @@ toscaValidators:
disableAudit: false
-consumerBusinessLogic: true
-
vfModuleProperties:
min_vf_module_instances:
forBaseModule: 1
@@ -1145,8 +1127,6 @@ dmaapConsumerConfiguration:
username: user
password:
aftDme2SslEnable: true
- aftDme2ClientKeystore: <%= node['jetty']['truststore_path'] %>
- aftDme2ClientKeystorePassword: ""
aftDme2ClientSslCertAlias: certman
dmaapProducerConfiguration:
@@ -1178,8 +1158,6 @@ dmaapProducerConfiguration:
username: <%= node['DMAAP']['producer']['username'] %>
password: <%= node['DMAAP']['producer']['password'] %>
aftDme2SslEnable: true
- aftDme2ClientKeystore: <%= node['jetty']['truststore_path'] %>
- aftDme2ClientKeystorePassword: <%= node['jetty']['dmaap_truststore_pwd'] %>
aftDme2ClientSslCertAlias: certman
@@ -1245,26 +1223,6 @@ supportAllottedResourcesAndProxy: true
deleteLockTimeoutInSeconds: 60
maxDeleteComponents: 10
-# Cadi filter (access restriction) Parameters
-aafNamespace: <%= node['aafNamespace'] %>
-aafAuthNeeded: <%= node['access_restriction']['aafAuthNeeded'] %>
-
-cadiFilterParams:
- AFT_LATITUDE: "32.780140"
- AFT_LONGITUDE: "-96.800451"
- hostname: <%= node['BE_VIP'] %>
- aaf_id: <%= node['access_restriction']['aaf_id'] %>
- aaf_env: <%= node['access_restriction']['aaf_env'] %>
- aaf_url: <%= node['access_restriction']['aaf_url'] %>
- csp_domain: <%= node['access_restriction']['csp_domain'] %>
- cadi_keyfile: <%= node['access_restriction']['cadi_keyfile'] %>
- aaf_password: <%= node['access_restriction']['aaf_password'] %>
- cadi_loglevel: <%= node['access_restriction']['cadi_loglevel'] %>
- AFT_ENVIRONMENT: <%= node['access_restriction']['AFT_ENVIRONMENT'] %>
- cadiX509Issuers: <%= node['access_restriction']['cadiX509Issuers'] %>
- cadi_truststore: <%= node['access_restriction']['cadi_truststore'] %>
- cadi_truststore_password: <%= node['access_restriction']['cadi_truststore_password'] %>
-
# This configuration entry lists all node type names prefix that shall be allowed on SDC.
definedResourceNamespace:
- org.openecomp.resource.
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/cadi.properties.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/cadi.properties.erb
deleted file mode 100644
index 66654310e0..0000000000
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/cadi.properties.erb
+++ /dev/null
@@ -1,54 +0,0 @@
-# Configure AAF
-aaf_locate_url=<%= node['access_restriction']['aaf_locate_url'] %>
-
-aaf_url=<%= node['access_restriction']['aaf_url'] %>
-
-#if you are running aaf service from a docker image you have to use aaf service IP and port number
-aaf_id=<%= node['access_restriction']['aaf_id'] %>
-#Encrypt the password using AAF Jar
-aaf_password=<%= node['access_restriction']['aaf_password'] %>
-# Sample CADI Properties, from CADI 1.4.2
-hostname=<%= node['BE_VIP'] %>
-csp_domain=<%= node['access_restriction']['csp_domain'] %>
-
-# Add Absolute path to Keyfile
-cadi_keyfile=<%= node['access_restriction']['cadi_keyfile'] %>
-
-
-# This is required to accept Certificate Authentication from Certman certificates.
-# can be TEST, IST or PROD
-aaf_env=<%= node['access_restriction']['aaf_env'] %>
-
-# DEBUG prints off all the properties. Use to get started.
-cadi_loglevel=<%= node['access_restriction']['cadi_loglevel'] %>
-
-
-# Become CSO Poodle Compliant by only allowing sanctioned TLS versions
-# The following is the default
-# cadi_protocols=TLSv1.1,TLSv1.2
-
-# Default TrustStore - REQUIRED for changing PROTOCOL Defaults for DME2
-# Read https://wiki.web.att.com/pages/viewpage.action?pageId=574623569#URGENT:SolvingSSL2-3/TLSv1removalissues-Up-to-dateTruststore
-# Add Absolute path to truststore2020.jks
-cadi_truststore=<%= node['access_restriction']['cadi_truststore'] %>
-# Note: This is the ONLY password that doesn't have to be encrypted. All Java's TrustStores are this passcode by default, because they are public certs
-cadi_truststore_password=<%= node['access_restriction']['cadi_truststore_password'] %>
-
-# how to turn on SSL Logging
-#javax.net.debug=ssl
-
-##
-# Hint
-# Use "maps.bing.com" to get Lat and Long for an Address
-AFT_LATITUDE=32.780140
-AFT_LONGITUDE=-96.800451
-AFT_ENVIRONMENT=<%= node['access_restriction']['AFT_ENVIRONMENT'] %>
-AFT_DME2_CLIENT_IGNORE_SSL_CONFIG=<%= node['access_restriction']['AFT_DME2_CLIENT_IGNORE_SSL_CONFIG'] %>
-DME2.DEBUG=true
-AFT_DME2_HTTP_EXCHANGE_TRACE_ON=<%= node['access_restriction']['AFT_DME2_HTTP_EXCHANGE_TRACE_ON'] %>
-
-cadi_latitude=32.780140
-cadi_longitude=-96.800451
-
-aaf_root_ns=<%= node['aafNamespace'] %>
-aaf_api_version=2.0