1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2019 Huawei Technologies Co., Ltd.
.. _csar-validation:
CSAR Compliance check for SOL004 and SOL001
===========================================
ONAP enabled the required compliance check by following VNFREQS and reports the non-compliant entries as errors.
When :ref:`vnf-test-platform` is deployed, by default this testing is enabled with test case name as below
scenario: onap-vtp
testsuite: validation
testcase: csar-validate
And every VNFREQS is modeled as separate test case with name csar-validate-rxxxxx, where xxxxx represents the VNFREQS.
Active VNF requirements
=======================
.. csv-table:: Table of VNF active requirements.
:delim: ;
:header: "Product", "Release", "Requirement No.", "Description"
:widths: 5, 5, 5, 50
:url: https://nexus.onap.org/content/sites/raw/org.onap.vnfsdk.validation/master/VnfActiveRulesTable.csv
Active PNF requirements
=======================
.. csv-table:: Table of PNF active requirements.
:delim: ;
:header: "Product", "Release", "Requirement No.", "Description"
:widths: 5, 5, 5, 50
:url: https://nexus.onap.org/content/sites/raw/org.onap.vnfsdk.validation/master/PnfActiveRulesTable.csv
OCLIP additional parameters in Dublin
=====================================
To run validation of PNF csar additional --pnf parameter must be used.
oclip --product onap-vtp csar-validate --pnf --csar <path to pnf.csar or package.zip>
Package zip structure
=====================
|image3|
.. |image3| image:: zip_package.png
:height: 250px
:width: 260px
Generate certificates
---------------------
openssl req -nodes -x509 -sha256 -newkey rsa:4096 -keyout "pnf.key" -out "pnf.cert" -days 365 -subj "/C=NL/ST=Zuid Holland/L=Rotterdam/O=Sparkling Network/OU=IT Dept/CN=$(whoami)s Sign Key"
Sign csar file with the private key
-----------------------------------
openssl dgst -sha256 -sign "pnf.key" -out pnf.sha256.cms pnf.csar
Verify signature
----------------
openssl dgst -sha256 -verify <(openssl x509 -in "pnf.cert" -pubkey -noout) -signature pnf.sha256.cms pnf.csar
|