summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichaelMorris <michael.morris@est.tech>2019-09-20 13:57:10 +0100
committerMichaelMorris <michael.morris@est.tech>2019-09-30 11:13:26 +0100
commit7ad6f76be9ad14c4cbd3b2660ef8a7c28273428b (patch)
tree972a2ff465a1550e5014804eafa0b3d727c2da9a
parentd6a26f001eb691c6e8b7269e9045980ca3a57e9b (diff)
Updated VNFM adapter security readme
Change-Id: I54fd7b942c444f13b75c929dd4abbf8c95b581db Issue-ID: SO-2355 Signed-off-by: MichaelMorris <michael.morris@est.tech>
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/Readme.txt12
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml13
2 files changed, 9 insertions, 16 deletions
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/Readme.txt b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/Readme.txt
index 66876311db..aaad60320d 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/Readme.txt
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/Readme.txt
@@ -1,5 +1,9 @@
The following describes how to configure authentication for the VNFM adapter.
+TLS should always be configured to ensure secure communication between the VNFM-adapter <-> BPMN infra and VNFM-adapter <-> VNFM
+If two-way TLS is configured then there is no need for any further authentication (i.e. no need for token or basic auth).
+If two-way TLS is NOT configured then authentication is REQUIRED. Oauth token based authentication must be used for requests, while for notifications either oauth tokens or basic auth can be used.
+
==========================================
To confgure TLS
@@ -12,8 +16,8 @@ The following parameters can be set to configure the certificate for the VNFM ad
server:
ssl:
key-alias: so@so.onap.org
- key--store-password: 'I,re7WWEJR$e]x370wRgx?qE'
- key-store: classpath:org.onap.so.p12
+ key--store-password: 'ywsqCy:EEo#j}HJHM7z^Rk[L'
+ key-store: classpath:so-vnfm-adapter.p12
key-store-type: PKCS12
The values shown above relate to the certificate included in the VNFM adapter jar which has been generated from AAF. If a different certificate is to be used then these values should be changed accordingly.
@@ -21,8 +25,8 @@ The following paramters can be set to configure the trust store for the VNFM ada
http:
client:
ssl:
- trust-store: org.onap.so.trust.jks
- trust-store-password: NyRD](z:EJJNIt?},QgM3o7H
+ trust-store: classpath:org.onap.so.trust.jks
+ trust-store-password: ',sx#.C*W)]wVgJC6ccFHI#:H'
The values shown above relate to the trust store included in the VNFM adapter jar which has been generated from AAI. If a different trust store is to be used then these values should be changed accordingly.
Ensure the value for the below parameter uses https instead of http
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml
index 4434d2edd9..951d4a3bb9 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml
@@ -23,22 +23,11 @@ spring:
http:
converters:
preferred-json-mapper: gson
-
-http:
- client:
- ssl:
- trust-store: classpath:org.onap.so.trust.jks
- trust-store-password: ',sx#.C*W)]wVgJC6ccFHI#:H'
server:
port: 9092
tomcat:
max-threads: 50
- ssl:
- key-alias: so@so.onap.org
- key--store-password: 'ywsqCy:EEo#j}HJHM7z^Rk[L'
- key-store: classpath:so-vnfm-adapter.p12
- key-store-type: PKCS12
mso:
key: 07a7159d3bf51a0e53be7a8f89699be7
@@ -55,7 +44,7 @@ sdc:
endpoint: http://sdc.onap/1234A
vnfmadapter:
- endpoint: https://so-vnfm-adapter.onap:9092
+ endpoint: http://so-vnfm-adapter.onap:9092
#Actuator
management: