From 7ad6f76be9ad14c4cbd3b2660ef8a7c28273428b Mon Sep 17 00:00:00 2001 From: MichaelMorris Date: Fri, 20 Sep 2019 13:57:10 +0100 Subject: Updated VNFM adapter security readme Change-Id: I54fd7b942c444f13b75c929dd4abbf8c95b581db Issue-ID: SO-2355 Signed-off-by: MichaelMorris --- adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/Readme.txt | 12 ++++++++---- .../src/main/resources/application.yaml | 13 +------------ 2 files changed, 9 insertions(+), 16 deletions(-) diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/Readme.txt b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/Readme.txt index 66876311db..aaad60320d 100644 --- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/Readme.txt +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/Readme.txt @@ -1,5 +1,9 @@ The following describes how to configure authentication for the VNFM adapter. +TLS should always be configured to ensure secure communication between the VNFM-adapter <-> BPMN infra and VNFM-adapter <-> VNFM +If two-way TLS is configured then there is no need for any further authentication (i.e. no need for token or basic auth). +If two-way TLS is NOT configured then authentication is REQUIRED. Oauth token based authentication must be used for requests, while for notifications either oauth tokens or basic auth can be used. + ========================================== To confgure TLS @@ -12,8 +16,8 @@ The following parameters can be set to configure the certificate for the VNFM ad server: ssl: key-alias: so@so.onap.org - key--store-password: 'I,re7WWEJR$e]x370wRgx?qE' - key-store: classpath:org.onap.so.p12 + key--store-password: 'ywsqCy:EEo#j}HJHM7z^Rk[L' + key-store: classpath:so-vnfm-adapter.p12 key-store-type: PKCS12 The values shown above relate to the certificate included in the VNFM adapter jar which has been generated from AAF. If a different certificate is to be used then these values should be changed accordingly. @@ -21,8 +25,8 @@ The following paramters can be set to configure the trust store for the VNFM ada http: client: ssl: - trust-store: org.onap.so.trust.jks - trust-store-password: NyRD](z:EJJNIt?},QgM3o7H + trust-store: classpath:org.onap.so.trust.jks + trust-store-password: ',sx#.C*W)]wVgJC6ccFHI#:H' The values shown above relate to the trust store included in the VNFM adapter jar which has been generated from AAI. If a different trust store is to be used then these values should be changed accordingly. Ensure the value for the below parameter uses https instead of http diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml index 4434d2edd9..951d4a3bb9 100644 --- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml @@ -23,22 +23,11 @@ spring: http: converters: preferred-json-mapper: gson - -http: - client: - ssl: - trust-store: classpath:org.onap.so.trust.jks - trust-store-password: ',sx#.C*W)]wVgJC6ccFHI#:H' server: port: 9092 tomcat: max-threads: 50 - ssl: - key-alias: so@so.onap.org - key--store-password: 'ywsqCy:EEo#j}HJHM7z^Rk[L' - key-store: classpath:so-vnfm-adapter.p12 - key-store-type: PKCS12 mso: key: 07a7159d3bf51a0e53be7a8f89699be7 @@ -55,7 +44,7 @@ sdc: endpoint: http://sdc.onap/1234A vnfmadapter: - endpoint: https://so-vnfm-adapter.onap:9092 + endpoint: http://so-vnfm-adapter.onap:9092 #Actuator management: -- cgit 1.2.3-korg