summaryrefslogtreecommitdiffstats
path: root/docs/files/csar-validation.rst
blob: 4224218db002ac4fbc556de19dad5a53511dd8d8 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2019 Huawei Technologies Co., Ltd.

.. _csar-validation:

CSAR Compliance check for SOL004 and SOL001
===========================================

ONAP enabled the required compliance check by following VNFREQS and reports the non-compliant entries as errors.

When :ref:`vnf-test-platform` is deployed, by default this testing is enabled with test case name as below

scenario: onap-vtp

testsuite: validation

testcase: csar-validate

And every VNFREQS is modeled as separate test case with name csar-validate-rxxxxx, where xxxxx represents the VNFREQS.

Active VNF requirements
=======================

.. csv-table:: Table of VNF active requirements.
   :delim: ;
   :header: "Product", "Release", "Requirement No.", "Description"
   :widths: 5, 5, 5, 50
   :url: https://nexus.onap.org/content/sites/raw/org.onap.vnfsdk.validation/master/VnfActiveRulesTable.csv

Active PNF requirements
=======================

.. csv-table:: Table of PNF active requirements.
   :delim: ;
   :header: "Product", "Release", "Requirement No.", "Description"
   :widths: 5, 5, 5, 50
   :url: https://nexus.onap.org/content/sites/raw/org.onap.vnfsdk.validation/master/PnfActiveRulesTable.csv

OCLIP additional parameters in Dublin
=====================================

To run validation of PNF csar additional --pnf parameter must be used.

  oclip --product onap-vtp csar-validate --pnf --csar <path to pnf.csar or package.zip>

Package zip structure
=====================
|image3|

.. |image3| image:: zip_package.png
   :height: 250px
   :width: 260px

Generate certificates
---------------------
  openssl req -nodes -x509 -sha256 -newkey rsa:4096 -keyout "pnf.key" -out "pnf.cert" -days 365 -subj "/C=NL/ST=Zuid Holland/L=Rotterdam/O=Sparkling Network/OU=IT Dept/CN=$(whoami)s Sign Key"

Sign csar file with the private key
-----------------------------------

  openssl dgst -sha256 -sign "pnf.key" -out pnf.sha256.cms pnf.csar

Verify signature
----------------

  openssl dgst -sha256 -verify  <(openssl x509 -in "pnf.cert"  -pubkey -noout) -signature pnf.sha256.cms pnf.csar