diff options
author | MichaelMorris <michael.morris@est.tech> | 2023-09-13 12:12:46 +0100 |
---|---|---|
committer | Vasyl Razinkov <vasyl.razinkov@est.tech> | 2023-09-27 20:50:45 +0000 |
commit | 5f3e9912406897ee18c424b940881ce08d59bb44 (patch) | |
tree | 044f7d60aa41ddbd8f0fdeb54f2e16ff21bd58bf /catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be | |
parent | d4fd2ca0fba827042fc5313efeaf9cdf850be647 (diff) |
Remove legacy certificate handling
Signed-off-by: MichaelMorris <michael.morris@est.tech>
Issue-ID: SDC-4621
Change-Id: I834f2a0a4f73693dbb656dfa9186506bf88c62c1
Diffstat (limited to 'catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be')
11 files changed, 0 insertions, 225 deletions
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb index a3e519826c..3f7a041a4c 100644 --- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb +++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb @@ -12,14 +12,6 @@ default['disableHttp'] = true #| | #+----------------------------------+ -default['jetty']['dmaap_truststore_pwd'] = "dmaap_truststore_pwd" -default['jetty']['keystore_pwd'] = "?(kP!Yur![*!Y5!E^f(ZKc31" -default['jetty']['keymanager_pwd'] = "?(kP!Yur![*!Y5!E^f(ZKc31" -default['jetty']['truststore_path'] = "#{ENV['JETTY_BASE']}/etc/truststore" -# TO CHANGE THE TRUSTSTORE CERT THE JVM CONFIGURATION -# MUST BE ALSO CHANGE IN THE startup.sh FILE -default['jetty'][:truststore_pwd] = "z+KEj;t+,KN^iimSiS89e#p0" - #BasicAuth default['basic_auth']['enabled'] = false default['basic_auth'][:user_name] = "testName" @@ -33,7 +25,6 @@ default['cassandra']['cluster_name'] = "SDC-CS-" default['cassandra']['socket_read_timeout'] = 20000 default['cassandra']['socket_connect_timeout'] = 20000 default['cassandra']['janusgraph_connection_timeout'] = 10000 -default['cassandra'][:truststore_password] = "Aa123456" default['cassandra']['janusgraph_config_file'] = "#{ENV['JETTY_BASE']}/config/catalog-be/janusgraph.properties" default['cassandra'][:db_cache] = true default['cassandra'][:read_consistency_level] = "ONE" @@ -82,36 +73,3 @@ default['DMAAP']['consumer']['topic'] = "com.onap.ccd.CCD-CatalogManagement-v1" default['DMAAP']['consumer']['username'] = "user" default['DMAAP']['partitioncount'] = "3" default['DMAAP']['replicationcount'] = "3" - - -#+----------------------------------+ -#| | -#| Access Restriction / CADI | -#| | -#+----------------------------------+ - -# Cadi -default['access_restriction']['cadi_root_dir'] = "#{ENV['JETTY_BASE']}/etc" -default['access_restriction']['cadi_keyfile'] = "#{ENV['JETTY_BASE']}/etc/org.onap.sdc.p12" -default['access_restriction']['cadi_loglevel'] = "DEBUG" -default['access_restriction']['cadi_truststore'] = "#{ENV['JETTY_BASE']}/etc/org.onap.sdc.trust.jks" -default['access_restriction']['cadi_truststore_password'] = "changeit" -default['access_restriction']['cadiX509Issuers'] = "CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US" -default['access_restriction']['encrypted_password'] = "enc:AccessRestrictionEncryptedPassword" -default['access_restriction_key'] = nil - -# Access Restriction Key -default['aafNamespace'] = "com.onap.sdc" -default['access_restriction']['aaf_env'] = "TEST" -default['access_restriction']['aaf_id'] = "user" -default['access_restriction']['aaf_locate_url'] = "" -default['access_restriction']['aaf_password'] = "enc:AafEncriptedPassword" -default['access_restriction']['aaf_url'] = "" -default['access_restriction']['aafAuthNeeded'] = false -default['access_restriction']['AFT_DME2_CLIENT_IGNORE_SSL_CONFIG'] = true -default['access_restriction']['AFT_DME2_HTTP_EXCHANGE_TRACE_ON'] = true -default['access_restriction']['AFT_ENVIRONMENT'] = "AFTUAT" -default['access_restriction']['csp_domain'] = "PROD" -default['access_restriction']['excluded_urls'] = "'/.*'" -default['access_restriction']['excluded_urls_onboarding'] = "'/.*'" - diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi.properties b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi.properties deleted file mode 100644 index 1011ba344d..0000000000 --- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi.properties +++ /dev/null @@ -1,4 +0,0 @@ -############################################################# -# This file should be replaced with jetty cadi.properties: # -# /var/lib/jetty/base/be/etc/cadi.properties # -############################################################# diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi_truststore.jks b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi_truststore.jks deleted file mode 100644 index 0835ef4542..0000000000 --- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/cadi_truststore.jks +++ /dev/null @@ -1,4 +0,0 @@ -################################################################## -## This file should be replaced with jetty cadi_truststore.jks: # -## /var/lib/jetty/base/be/etc/cadi_truststore.jks # -################################################################## diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/keyfile b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/keyfile deleted file mode 100644 index 43d20d4c05..0000000000 --- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/keyfile +++ /dev/null @@ -1,4 +0,0 @@ -############################################################# -# This file should be replaced with jetty keyfile: # -# /var/lib/jetty/base/be/etc/keyfile # -############################################################# diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12 b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12 Binary files differdeleted file mode 100644 index 446856071b..0000000000 --- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12 +++ /dev/null diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks Binary files differdeleted file mode 100644 index e6686cc08c..0000000000 --- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks +++ /dev/null diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_10_setup_cadi.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_10_setup_cadi.rb deleted file mode 100644 index e7d11c9f2d..0000000000 --- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_10_setup_cadi.rb +++ /dev/null @@ -1,37 +0,0 @@ -jetty_base = "#{ENV['JETTY_BASE']}" - - -directory "Jetty_etc_dir_creation" do - path "#{jetty_base}/etc" - owner "#{ENV['JETTY_USER']}" - owner "#{ENV['JETTY_GROUP']}" - mode '0755' - action :create - not_if { ::File.directory?("#{jetty_base}/etc") } -end - - -cookbook_file "#{jetty_base}/etc/keyfile" do - source "keyfile" - owner "#{ENV['JETTY_USER']}" - owner "#{ENV['JETTY_GROUP']}" - mode 0755 -end - - -cookbook_file "#{jetty_base}/etc/cadi_truststore.jks" do - source "cadi_truststore.jks" - owner "#{ENV['JETTY_USER']}" - owner "#{ENV['JETTY_GROUP']}" - mode 0755 -end - - -template "#{jetty_base}/etc/cadi.properties" do - path "#{jetty_base}/etc/cadi.properties" - source "cadi.properties.erb" - owner "#{ENV['JETTY_USER']}" - owner "#{ENV['JETTY_GROUP']}" - mode "0755" -end - diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_locate_keystore.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_locate_keystore.rb deleted file mode 100644 index 176edcf71c..0000000000 --- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_3_locate_keystore.rb +++ /dev/null @@ -1,23 +0,0 @@ - -directory "Jetty_etcdir_creation" do - path "#{ENV['JETTY_BASE']}/etc" - owner "#{ENV['JETTY_USER']}" - owner "#{ENV['JETTY_GROUP']}" - mode '0755' - action :create -end - -cookbook_file "#{ENV['JETTY_BASE']}/etc/org.onap.sdc.p12" do - source "org.onap.sdc.p12" - owner "#{ENV['JETTY_USER']}" - owner "#{ENV['JETTY_GROUP']}" - mode 0755 -end - -cookbook_file "#{ENV['JETTY_BASE']}/etc/org.onap.sdc.trust.jks" do - source "org.onap.sdc.trust.jks" - owner "#{ENV['JETTY_USER']}" - owner "#{ENV['JETTY_GROUP']}" - mode 0755 -end - diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb index 5655d0fd6f..f029fb07fe 100644 --- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb +++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb @@ -41,18 +41,3 @@ template "https-ini" do mode "0755" variables :https_port => "#{node['BE'][:https_port]}" end - - -template "ssl-ini" do - path "#{ENV['JETTY_BASE']}/start.d/ssl.ini" - source "ssl-ini.erb" - owner "#{ENV['JETTY_USER']}" - group "#{ENV['JETTY_GROUP']}" - mode "0755" - variables ({ - :https_port => "#{node['BE'][:https_port]}" , - :jetty_keystore_pwd => "#{node['jetty'][:keystore_pwd]}" , - :jetty_keymanager_pwd => "#{node['jetty'][:keymanager_pwd]}" , - :jetty_truststore_pwd => "#{node['jetty'][:truststore_pwd]}" - }) -end diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb index 9a2437c2c1..d6d034fcb6 100644 --- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb +++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb @@ -81,20 +81,6 @@ users: tom: passwd bob: passwd -# access restriction -authCookie: - securityKey: "sdcaccessrestrictionsecureykey" - maxSessionTimeOut: 86400000 - sessionIdleTimeOut: 3600000 - cookieName: "AuthenticationCookie" - path: / - domain: "" - isHttpOnly: true - # redirect variable name from portal.properties file - redirectURL: "" - excludedUrls: [<%= node['access_restriction']['excluded_urls'] %>] - onboardingExcludedUrls: [<%= node['access_restriction']['excluded_urls_onboarding'] %>] - basicAuth: enabled: <%= @basic_auth_flag %> userName: <%= @user_name %> @@ -112,8 +98,6 @@ cassandraConfig: username: <%= @cassandra_usr %> password: <%= @cassandra_pwd %> ssl: <%= @cassandra_ssl_enabled %> - truststorePath : <%= node['jetty']['truststore_path'] %> - truststorePassword : <%= @cassandra_truststore_password %> keySpaces: - { name: dox, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']} - { name: sdcaudit, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']} @@ -1004,8 +988,6 @@ toscaValidators: disableAudit: false -consumerBusinessLogic: true - vfModuleProperties: min_vf_module_instances: forBaseModule: 1 @@ -1145,8 +1127,6 @@ dmaapConsumerConfiguration: username: user password: aftDme2SslEnable: true - aftDme2ClientKeystore: <%= node['jetty']['truststore_path'] %> - aftDme2ClientKeystorePassword: "" aftDme2ClientSslCertAlias: certman dmaapProducerConfiguration: @@ -1178,8 +1158,6 @@ dmaapProducerConfiguration: username: <%= node['DMAAP']['producer']['username'] %> password: <%= node['DMAAP']['producer']['password'] %> aftDme2SslEnable: true - aftDme2ClientKeystore: <%= node['jetty']['truststore_path'] %> - aftDme2ClientKeystorePassword: <%= node['jetty']['dmaap_truststore_pwd'] %> aftDme2ClientSslCertAlias: certman @@ -1245,26 +1223,6 @@ supportAllottedResourcesAndProxy: true deleteLockTimeoutInSeconds: 60 maxDeleteComponents: 10 -# Cadi filter (access restriction) Parameters -aafNamespace: <%= node['aafNamespace'] %> -aafAuthNeeded: <%= node['access_restriction']['aafAuthNeeded'] %> - -cadiFilterParams: - AFT_LATITUDE: "32.780140" - AFT_LONGITUDE: "-96.800451" - hostname: <%= node['BE_VIP'] %> - aaf_id: <%= node['access_restriction']['aaf_id'] %> - aaf_env: <%= node['access_restriction']['aaf_env'] %> - aaf_url: <%= node['access_restriction']['aaf_url'] %> - csp_domain: <%= node['access_restriction']['csp_domain'] %> - cadi_keyfile: <%= node['access_restriction']['cadi_keyfile'] %> - aaf_password: <%= node['access_restriction']['aaf_password'] %> - cadi_loglevel: <%= node['access_restriction']['cadi_loglevel'] %> - AFT_ENVIRONMENT: <%= node['access_restriction']['AFT_ENVIRONMENT'] %> - cadiX509Issuers: <%= node['access_restriction']['cadiX509Issuers'] %> - cadi_truststore: <%= node['access_restriction']['cadi_truststore'] %> - cadi_truststore_password: <%= node['access_restriction']['cadi_truststore_password'] %> - # This configuration entry lists all node type names prefix that shall be allowed on SDC. definedResourceNamespace: - org.openecomp.resource. diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/cadi.properties.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/cadi.properties.erb deleted file mode 100644 index 66654310e0..0000000000 --- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/cadi.properties.erb +++ /dev/null @@ -1,54 +0,0 @@ -# Configure AAF -aaf_locate_url=<%= node['access_restriction']['aaf_locate_url'] %> - -aaf_url=<%= node['access_restriction']['aaf_url'] %> - -#if you are running aaf service from a docker image you have to use aaf service IP and port number -aaf_id=<%= node['access_restriction']['aaf_id'] %> -#Encrypt the password using AAF Jar -aaf_password=<%= node['access_restriction']['aaf_password'] %> -# Sample CADI Properties, from CADI 1.4.2 -hostname=<%= node['BE_VIP'] %> -csp_domain=<%= node['access_restriction']['csp_domain'] %> - -# Add Absolute path to Keyfile -cadi_keyfile=<%= node['access_restriction']['cadi_keyfile'] %> - - -# This is required to accept Certificate Authentication from Certman certificates. -# can be TEST, IST or PROD -aaf_env=<%= node['access_restriction']['aaf_env'] %> - -# DEBUG prints off all the properties. Use to get started. -cadi_loglevel=<%= node['access_restriction']['cadi_loglevel'] %> - - -# Become CSO Poodle Compliant by only allowing sanctioned TLS versions -# The following is the default -# cadi_protocols=TLSv1.1,TLSv1.2 - -# Default TrustStore - REQUIRED for changing PROTOCOL Defaults for DME2 -# Read https://wiki.web.att.com/pages/viewpage.action?pageId=574623569#URGENT:SolvingSSL2-3/TLSv1removalissues-Up-to-dateTruststore -# Add Absolute path to truststore2020.jks -cadi_truststore=<%= node['access_restriction']['cadi_truststore'] %> -# Note: This is the ONLY password that doesn't have to be encrypted. All Java's TrustStores are this passcode by default, because they are public certs -cadi_truststore_password=<%= node['access_restriction']['cadi_truststore_password'] %> - -# how to turn on SSL Logging -#javax.net.debug=ssl - -## -# Hint -# Use "maps.bing.com" to get Lat and Long for an Address -AFT_LATITUDE=32.780140 -AFT_LONGITUDE=-96.800451 -AFT_ENVIRONMENT=<%= node['access_restriction']['AFT_ENVIRONMENT'] %> -AFT_DME2_CLIENT_IGNORE_SSL_CONFIG=<%= node['access_restriction']['AFT_DME2_CLIENT_IGNORE_SSL_CONFIG'] %> -DME2.DEBUG=true -AFT_DME2_HTTP_EXCHANGE_TRACE_ON=<%= node['access_restriction']['AFT_DME2_HTTP_EXCHANGE_TRACE_ON'] %> - -cadi_latitude=32.780140 -cadi_longitude=-96.800451 - -aaf_root_ns=<%= node['aafNamespace'] %> -aaf_api_version=2.0 |