Update the expired certificates and recreate the docker files
Update the release notes and update some Sphinx files
Fix some linting problems in the files
Issue-ID: OOM-2953
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I1a26d7289890eee7fb38b11a45da3db5fc70ba8d
install:
- requirements: docs/requirements-docs.txt
install:
- requirements: docs/requirements-docs.txt
+submodules:
+ include: all
+
sphinx:
configuration: docs/conf.py
sphinx:
configuration: docs/conf.py
linkcheck_ignore = [
'http://localhost',
linkcheck_ignore = [
'http://localhost',
+ 'http://ejbca',
+ 'https://localhost'
+]
+
+exclude_patterns = [
+ '.tox'
-setuptools
-six
-sphinxcontrib.openapi
+sphinx>=4.2.0 # BSD
+sphinx-rtd-theme>=1.0.0 # MIT
+sphinxcontrib.openapi
How to build images?
--------------------
How to build images?
--------------------
-#. Checkout the project from https://gerrit.onap.org/r/#/admin/projects/oom/platform/cert-service
+#. Checkout the project from https://gerrit.onap.org/r/admin/repos/oom/platform/cert-service
#. Read information stored in README.md file
#. Use a Makefile to build images::
#. Read information stored in README.md file
#. Use a Makefile to build images::
---------
-
-==============
Version: 2.5.0
--------------
Version: 2.5.0
--------------
--------
Istanbul
--------
--------
Istanbul
--------
Version: 2.4.0
--------------
Version: 2.4.0
--------------
--------
Honolulu
--------
--------
Honolulu
--------
Version: 2.3.3
--------------
Version: 2.3.3
--------------
Version: 2.3.2
--------------
Version: 2.3.2
--------------
Version: 2.3.1
--------------
Version: 2.3.1
--------------
Version: 2.3.0
--------------
Version: 2.3.0
--------------
Version: 2.2.0
--------------
Version: 2.2.0
--------------
Version: 2.1.0
--------------
Version: 2.1.0
--------------
Version: 2.0.0
--------------
Version: 2.0.0
--------------
Version: 1.2.0
--------------
Version: 1.2.0
--------------
Version: 1.1.0
--------------
Version: 1.1.0
--------------
----------
Frankfurt
----------
----------
Frankfurt
----------
Version: 1.0.1
--------------
Version: 1.0.1
--------------
Version: 1.0.0
--------------
Version: 1.0.0
--------------
1. Edit *cmpServers.json* file. If OOM *global.addTestingComponents* flag is set to:
- *true* - edit *kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json*
1. Edit *cmpServers.json* file. If OOM *global.addTestingComponents* flag is set to:
- *true* - edit *kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json*
- - *false* - edit *kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json
+ - *false* - edit *kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json*
2. Build and start OOM deployment
2. Build and start OOM deployment
==============
Abstract
--------
==============
Abstract
--------
-This document provides the release notes for the Istanbul release.
+This document provides the release notes for the Jakarta release.
-Certificate update use case is now available. For details go to:
-:ref:`How to use instructions<how_to_use_certificate_update>`
Release Data
------------
Release Data
------------
| **Project** | OOM |
| | |
+--------------------------------------+---------------------------------------------------------------------------------------+
| **Project** | OOM |
| | |
+--------------------------------------+---------------------------------------------------------------------------------------+
-| **Docker images** | * onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.4.0 |
-| | * onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0 |
-| | * onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.4.0|
+| **Docker images** | * onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.5.0 |
+| | * onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.5.0 |
+| | * onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.5.0|
| | |
+--------------------------------------+---------------------------------------------------------------------------------------+
| | |
+--------------------------------------+---------------------------------------------------------------------------------------+
-| **Release designation** | Istanbul |
+| **Release designation** | Jakarta |
| | |
+--------------------------------------+---------------------------------------------------------------------------------------+
| | |
+--------------------------------------+---------------------------------------------------------------------------------------+
New features
------------
New features
------------
-- `OOM-2754 <https://jira.onap.org/browse/OOM-2754>`_ Implement certificate update in CMPv2 external issuer
-
-- `OOM-2753 <https://jira.onap.org/browse/OOM-2753>`_ Implement certificate update in CMPv2 CertService
-
-- `OOM-2744 <https://jira.onap.org/browse/OOM-2744>`_ Remove CertService Client mechanism from ONAP
-
-- `OOM-2649 <https://jira.onap.org/browse/OOM-2649>`_ Update contrib/ejbca to 7.x
-
-- `OOM-2771 <https://jira.onap.org/browse/OOM-2771>`_ Fix CertificateRequest resource was not found issue in CMPv2 external issuer
-
-- `OOM-2764 <https://jira.onap.org/browse/OOM-2764>`_ Fix sonar issues in CertService
-
**Known Issues**
If Cert-Manager was down for some time and did not trigger certificate update on time, then updating an outdated certificate may require manual actions.
**Known Issues**
If Cert-Manager was down for some time and did not trigger certificate update on time, then updating an outdated certificate may require manual actions.
**Fixed Security Issues**
**Fixed Security Issues**
+- `OOM-2903 <https://jira.onap.org/browse/OOM-2903>`_ Fix Apache Vulnerability [CVE-2021-44228] in CertService
**Known Security Issues**
**Known Security Issues**
#. `ONAP Release Downloads`_
#. `ONAP Wiki Page`_
#. `ONAP Release Downloads`_
#. `ONAP Wiki Page`_
==============
Abstract
--------
==============
Abstract
--------
-This document provides the release notes for the Honolulu release.
+This document provides the release notes for the Istanbul release.
-Certification Service provides certificates signed by external CMPv2 server - such certificates are further called operators certificates. Operators certificates are meant to secure external ONAP traffic - traffic between network functions (xNFs) and ONAP.
-
-This project was moved from Application Authorization Framework (AAF), to check previous release notes see, `AAF CertService release notes <https://docs.onap.org/projects/onap-aaf-certservice/en/frankfurt/sections/release-notes.html>`_ .
-
+Certificate update use case is now available. For details go to:
+:ref:`How to use instructions<how_to_use_certificate_update>`
Release Data
------------
Release Data
------------
| **Project** | OOM |
| | |
+--------------------------------------+---------------------------------------------------------------------------------------+
| **Project** | OOM |
| | |
+--------------------------------------+---------------------------------------------------------------------------------------+
-| **Docker images** | * onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.3 |
-| | * onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3 |
-| | * onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3 |
-| | * onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.3|
+| **Docker images** | * onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.4.0 |
+| | * onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0 |
+| | * onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.4.0|
| | |
+--------------------------------------+---------------------------------------------------------------------------------------+
| | |
+--------------------------------------+---------------------------------------------------------------------------------------+
-| **Release designation** | Honolulu |
+| **Release designation** | Istanbul |
| | |
+--------------------------------------+---------------------------------------------------------------------------------------+
| | |
+--------------------------------------+---------------------------------------------------------------------------------------+
New features
------------
New features
------------
-- `OOM-2560 <https://jira.onap.org/browse/OOM-2560>`_ Integrated CMPv2 certificate provider with Cert-Manager
+- `OOM-2754 <https://jira.onap.org/browse/OOM-2754>`_ Implement certificate update in CMPv2 external issuer
- An CMPv2 certificate provider is a part of PKI infrastructure. It consumes CertificateRequest custom resource from Cert-Manager and calls CertService API to enroll certificate from CMPv2 server.
- During ONAP deployment, the CMPv2 certificate provider is enabled when flags cmpv2Enabled, CMPv2CertManagerIntegration and platform.enabled equals true.
+- `OOM-2753 <https://jira.onap.org/browse/OOM-2753>`_ Implement certificate update in CMPv2 CertService
- More information can be found on dedicated `wiki page <https://wiki.onap.org/display/DW/CertService+and+K8s+Cert-Manager+integration>`_
+- `OOM-2744 <https://jira.onap.org/browse/OOM-2744>`_ Remove CertService Client mechanism from ONAP
-- `OOM-2632 <https://jira.onap.org/browse/OOM-2632>`_ Extended CertService API and clients to correctly support SANs parameters such as: e-mails, URIs and IP addresses.
+- `OOM-2649 <https://jira.onap.org/browse/OOM-2649>`_ Update contrib/ejbca to 7.x
-- `OOM-2656 <https://jira.onap.org/browse/OOM-2656>`_ Adjusted CertService API to RFC4210 - changed MAC protection algorithm and number of iteration for such algorithm.
-
-- `OOM-2657 <https://jira.onap.org/browse/OOM-2657>`_ Enhanced CertServiceAPI response in order to include CMP server error messages.
+- `OOM-2771 <https://jira.onap.org/browse/OOM-2771>`_ Fix CertificateRequest resource was not found issue in CMPv2 external issuer
-- `OOM-2658 <https://jira.onap.org/browse/OOM-2658>`_ Fixed KeyUsage extension sent to CMPv2 server
+- `OOM-2764 <https://jira.onap.org/browse/OOM-2764>`_ Fix sonar issues in CertService
+If Cert-Manager was down for some time and did not trigger certificate update on time, then updating an outdated certificate may require manual actions.
+The required actions are described in :ref:`Troubleshooting section <troubleshooting>`
Deliverables
------------
Deliverables
------------
-----------------------------------------
System Limitations
-----------------------------------------
System Limitations
Any known system limitations.
Known Vulnerabilities
Any known system limitations.
Known Vulnerabilities
Any known vulnerabilities.
Workarounds
Any known vulnerabilities.
Workarounds
-For more information on the ONAP Honolulu release, please see:
+For more information on the ONAP Istanbul release, please see:
#. `ONAP Home Page`_
#. `ONAP Documentation`_
#. `ONAP Release Downloads`_
#. `ONAP Wiki Page`_
#. `ONAP Home Page`_
#. `ONAP Documentation`_
#. `ONAP Release Downloads`_
#. `ONAP Wiki Page`_
.. _`ONAP Home Page`: https://www.onap.org
.. _`ONAP Wiki Page`: https://wiki.onap.org
.. _`ONAP Documentation`: https://docs.onap.org
.. _`ONAP Home Page`: https://www.onap.org
.. _`ONAP Wiki Page`: https://wiki.onap.org
.. _`ONAP Documentation`: https://docs.onap.org
-.. _`ONAP Release Downloads`: https://git.onap.org
+.. _`ONAP Release Downloads`: https://git.onap.org
\ No newline at end of file
+envlist = docs,docs-linkcheck
skipsdist = true
[testenv:docs]
skipsdist = true
[testenv:docs]
-chttps://git.onap.org/doc/plain/etc/upper-constraints.os.txt
-chttps://git.onap.org/doc/plain/etc/upper-constraints.onap.txt
commands =
-chttps://git.onap.org/doc/plain/etc/upper-constraints.os.txt
-chttps://git.onap.org/doc/plain/etc/upper-constraints.onap.txt
commands =
- sphinx-build -b html -n -d {envtmpdir}/doctrees ./ {toxinidir}/_build/html
+ sphinx-build -W -b html -n -d {envtmpdir}/doctrees ./ {toxinidir}/_build/html
echo "Generated docs available in {toxinidir}/_build/html"
whitelist_externals =
echo
echo "Generated docs available in {toxinidir}/_build/html"
whitelist_externals =
echo
[testenv:docs-linkcheck]
basepython = python3
[testenv:docs-linkcheck]
basepython = python3
+deps =
+ -r{toxinidir}/requirements-docs.txt
+ -chttps://git.onap.org/doc/plain/etc/upper-constraints.os.txt?h=master
+ -chttps://git.onap.org/doc/plain/etc/upper-constraints.onap.txt?h=master
+commands =
+ sphinx-build -W -b linkcheck -d {envtmpdir}/doctrees ./ {toxinidir}/_build/linkcheck
+
#deps = -r{toxinidir}/requirements-docs.txt
#deps = -r{toxinidir}/requirements-docs.txt
-commands = echo "Link Checking not enforced"
+#commands = echo "Link Checking not enforced"
#commands = sphinx-build -b linkcheck -d {envtmpdir}/doctrees ./ {toxinidir}/_build/linkcheck
#commands = sphinx-build -b linkcheck -d {envtmpdir}/doctrees ./ {toxinidir}/_build/linkcheck
-whitelist_externals = echo
+#whitelist_externals = echo