EXT_TLS_STATE = "California"
EXT_TLS_ORGANIZATIONAL_UNIT = "ONAP"
EXT_TLS_LOCATION = "San-Francisco"
+EXT_TLS_CERT_SECRET_NAME = "aaf-cert-service-client-tls-secret"
EXT_TLS_KEYSTORE_PASSWORD = "secret"
EXT_TLS_TRUSTSTORE_PASSWORD = "secret"
"state" : EXT_TLS_STATE, # State name, for which certificate will be created
"organizational_unit" : EXT_TLS_ORGANIZATIONAL_UNIT, # Organizational unit name, for which certificate will be created
"location" : EXT_TLS_LOCATION, # Location name, for which certificate will be created
+ "cert_secret_name": EXT_TLS_CERT_SECRET_NAME, # Name of secret containing keystore and truststore for secure communication of Cert Service Client and Cert Service
"keystore_password" : EXT_TLS_KEYSTORE_PASSWORD, # Password to keystore file
"truststore_password" : EXT_TLS_TRUSTSTORE_PASSWORD # Password to truststore file
},
MOUNT_PATH = "/etc/onap/aaf/certservice/certs/"
KEYSTORE_PATH = MOUNT_PATH + "certServiceClient-keystore.jks"
TRUSTSTORE_PATH = MOUNT_PATH + "truststore.jks"
-CERT_SECRET_NAME = "aaf-cert-service-client-tls-secret"
+DEFAULT_CERT_TYPE = "p12"
def _create_deployment_name(component_name):
return "dep-{0}".format(component_name)[:63]
env["TRUSTSTORE_PASSWORD"] = external_tls_config.get("truststore_password")
# Create the volumes and volume mounts
- sec = client.V1SecretVolumeSource(secret_name=CERT_SECRET_NAME)
+ sec = client.V1SecretVolumeSource(secret_name=external_tls_config.get("cert_secret_name"))
volumes.append(client.V1Volume(name="tls-volume", secret=sec))
init_volume_mounts = [client.V1VolumeMount(name="tls-info", mount_path=external_cert.get("external_cert_directory")),
client.V1VolumeMount(name="tls-volume", mount_path=MOUNT_PATH)]
ext_cert_dir = tls_cert_dir + "external/"
- output_type = (external_cert.get("cert_type") or 'p12').lower()
+ output_type = (external_cert.get("cert_type") or DEFAULT_CERT_TYPE).lower()
ext_truststore_path = ext_cert_dir + "truststore." + _get_file_extension(output_type)
ext_truststore_pass = ''
if output_type != 'pem':
env = {}
env["TRUSTSTORES_PATHS"] = tls_cert_file_path + ":" + ext_truststore_path
env["TRUSTSTORES_PASSWORDS_PATHS"] = tls_cert_file_pass + ":" + ext_truststore_pass
+ env["KEYSTORE_SOURCE_PATHS"] = _get_keystore_source_paths(output_type, ext_cert_dir)
+ env["KEYSTORE_DESTINATION_PATHS"] = _get_keystore_destination_paths(output_type, tls_cert_dir)
ctx.logger.info("TRUSTSTORES_PATHS: " + env["TRUSTSTORES_PATHS"])
ctx.logger.info("TRUSTSTORES_PASSWORDS_PATHS: " + env["TRUSTSTORES_PASSWORDS_PATHS"])
+ ctx.logger.info("KEYSTORE_SOURCE_PATHS: " + env["KEYSTORE_SOURCE_PATHS"])
+ ctx.logger.info("KEYSTORE_DESTINATION_PATHS: " + env["KEYSTORE_DESTINATION_PATHS"])
# Create the volumes and volume mounts
init_volume_mounts = [client.V1VolumeMount(name="tls-info", mount_path=tls_cert_dir)]
# Create the init container
init_containers.append(_create_container_object("truststore-merger", docker_image, False, volume_mounts=init_volume_mounts, env=env))
+
def _get_file_extension(output_type):
return {
'p12': 'p12',
'jks': 'jks',
}[output_type]
+def _get_keystore_source_paths(output_type, ext_cert_dir):
+ source_paths_template = {
+ 'p12': "{0}keystore.p12:{0}keystore.pass",
+ 'jks': "{0}keystore.jks:{0}keystore.pass",
+ 'pem': "{0}keystore.pem:{0}key.pem",
+ }[output_type]
+ return source_paths_template.format(ext_cert_dir)
+
+def _get_keystore_destination_paths(output_type, tls_cert_dir):
+ destination_paths_template = {
+ 'p12': "{0}cert.p12:{0}p12.pass",
+ 'jks': "{0}cert.jks:{0}jks.pass",
+ 'pem': "{0}cert.pem:{0}key.pem",
+ }[output_type]
+ return destination_paths_template.format(tls_cert_dir)
+
def _process_port_map(port_map):
service_ports = [] # Ports exposed internally on the k8s network
exposed_ports = [] # Ports to be mapped to ports on the k8s nodes via NodePort
setup(
name='k8splugin',
description='Cloudify plugin for containerized components deployed using Kubernetes',
- version="3.4.0",
- author='J. F. Lucas, Michael Hwang, Tommy Carpenter, Joanna Jeremicz, Sylwia Jakubek, Jan Malkiewicz',
+ version="3.4.1",
+ author='J. F. Lucas, Michael Hwang, Tommy Carpenter, Joanna Jeremicz, Sylwia Jakubek, Jan Malkiewicz, Remigiusz Janeczek',
packages=['k8splugin','k8sclient','configure'],
zip_safe=False,
install_requires=[