The format is based on [Keep a Changelog](http://keepachangelog.com/)
and this project adheres to [Semantic Versioning](http://semver.org/).
+## [3.4.3]
+* OOM-2526 - Replace AAF CertService with OOM CertService
+* Rename truststore merger init container to cert post processor
+
## [3.4.1]
* DCAEGEN2-2253 - Add support to move CMPv2 keystore in place of AAF CertMan keystore
* Make secret for cert-service-client container configurable
TLS_COMP_CERT_PATH = "/opt/dcae/cacert"
TLS_CA_CONFIGMAP = "dcae-cacert-configmap"
-EXT_TLS_IMAGE = "nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:1.2.0"
-EXT_TLS_REQUEST_URL = "https://aaf-cert-service:8443/v1/certificate/"
+EXT_TLS_IMAGE = "nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0"
+EXT_TLS_REQUEST_URL = "https://oom-cert-service:8443/v1/certificate/"
EXT_TLS_TIMEOUT = "30000"
EXT_TLS_COUNTRY = "US"
EXT_TLS_ORGANIZATION = "Linux-Foundation"
EXT_TLS_STATE = "California"
EXT_TLS_ORGANIZATIONAL_UNIT = "ONAP"
EXT_TLS_LOCATION = "San-Francisco"
-EXT_TLS_CERT_SECRET_NAME = "aaf-cert-service-client-tls-secret"
+EXT_TLS_CERT_SECRET_NAME = "oom-cert-service-client-tls-secret"
EXT_TLS_KEYSTORE_PASSWORD = "secret"
EXT_TLS_TRUSTSTORE_PASSWORD = "secret"
-TRUST_STORE_MERGER_IMAGE = "nexus3.onap.org:10001/onap/org.onap.dcae.truststore-merger:1.2.0"
+CERT_POST_PROCESSOR_IMAGE = "nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.1.0"
CBS_BASE_URL = "https://config-binding-service:10443/service_component_all"
def _set_defaults():
"keystore_password" : EXT_TLS_KEYSTORE_PASSWORD, # Password to keystore file
"truststore_password" : EXT_TLS_TRUSTSTORE_PASSWORD # Password to truststore file
},
- "truststore_merger": {
- "image_tag": TRUST_STORE_MERGER_IMAGE
+ "cert_post_processor": {
+ "image_tag": CERT_POST_PROCESSOR_IMAGE # Docker image to use for cert post processor init container
},
"cbs": {
"base_url" : CBS_BASE_URL # URL prefix for accessing config binding service
PORTS = re.compile("^([0-9]+)(/(udp|UDP|tcp|TCP))?:([0-9]+)$")
# Constants for external_cert
-MOUNT_PATH = "/etc/onap/aaf/certservice/certs/"
+MOUNT_PATH = "/etc/onap/oom/certservice/certs/"
KEYSTORE_PATH = MOUNT_PATH + "certServiceClient-keystore.jks"
TRUSTSTORE_PATH = MOUNT_PATH + "truststore.jks"
DEFAULT_CERT_TYPE = "p12"
init_containers.append(_create_container_object("cert-service-client", docker_image, False, volume_mounts=init_volume_mounts, env=env))
-def _add_truststore_merger_init_container(ctx, init_containers, tls_info, tls_config, external_cert, truststore_merger_config):
+def _add_cert_post_processor_init_container(ctx, init_containers, tls_info, tls_config, external_cert, cert_post_processor_config):
# Adds an InitContainer to the pod to merge TLS and external TLS truststore into single file.
- docker_image = truststore_merger_config["image_tag"]
- ctx.logger.info("Creating init container: truststore merger \n * [" + docker_image + "]")
+ docker_image = cert_post_processor_config["image_tag"]
+ ctx.logger.info("Creating init container: cert post processor \n * [" + docker_image + "]")
tls_cert_dir = tls_info.get("cert_directory") or tls_config.get("component_cert_dir")
if not tls_cert_dir.endswith('/'):
init_volume_mounts = [client.V1VolumeMount(name="tls-info", mount_path=tls_cert_dir)]
# Create the init container
- init_containers.append(_create_container_object("truststore-merger", docker_image, False, volume_mounts=init_volume_mounts, env=env))
+ init_containers.append(_create_container_object("cert-post-processor", docker_image, False, volume_mounts=init_volume_mounts, env=env))
def _get_file_extension(output_type):
"cert_path": mount point for certificate volume in init container
"image": Docker image to use for TLS init container
"component_cert_dir" : default mount point for certs
- - truststore-merger: a dictionary of trustore-merger information:
- "image_tag": docker image to use for truststore-merger init container
+ - cert_post_processor: a dictionary of cert_post_processor information:
+ "image_tag": docker image to use for cert-post-processor init container
kwargs may have:
- volumes: array of volume objects, where a volume object is:
{"host":{"path": "/path/on/host"}, "container":{"bind":"/path/on/container","mode":"rw_or_ro"}
external_cert = kwargs.get("external_cert")
if external_cert and external_cert.get("use_external_tls"):
_add_external_tls_init_container(ctx, init_containers, volumes, external_cert, k8sconfig.get("external_cert"))
- _add_truststore_merger_init_container(ctx, init_containers, kwargs.get("tls_info") or {}, k8sconfig.get("tls"), external_cert, k8sconfig.get("truststore_merger"))
+ _add_cert_post_processor_init_container(ctx, init_containers, kwargs.get("tls_info") or {}, k8sconfig.get("tls"), external_cert, k8sconfig.get("cert_post_processor"))
# Create the container for the component
# Make it the first container in the pod
k8s:
executor: 'central_deployment_agent'
package_name: k8splugin
- package_version: 3.4.2
+ package_version: 3.4.3
data_types:
<groupId>org.onap.dcaegen2.platform.plugins</groupId>
<artifactId>k8s</artifactId>
<name>k8s-plugin</name>
- <version>3.4.2-SNAPSHOT</version>
+ <version>3.4.3-SNAPSHOT</version>
<url>http://maven.apache.org</url>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
setup(
name='k8splugin',
description='Cloudify plugin for containerized components deployed using Kubernetes',
- version="3.4.2",
- author='J. F. Lucas, Michael Hwang, Tommy Carpenter, Joanna Jeremicz, Sylwia Jakubek, Jan Malkiewicz, Remigiusz Janeczek',
+ version="3.4.3",
+ author='J. F. Lucas, Michael Hwang, Tommy Carpenter, Joanna Jeremicz, Sylwia Jakubek, Jan Malkiewicz, Remigiusz Janeczek, Piotr Marcinkiewicz',
packages=['k8splugin','k8sclient','configure'],
zip_safe=False,
install_requires=[
"component_cert_dir": "/opt/dcae/cacert"
},
"external_cert": {
- "image_tag": "repo/aaf-certservice-client:1.2.3",
+ "image_tag": "repo/oom-certservice-client:2.1.0",
"request_url" : "https://request:1010/url",
"timeout" : "30000",
"country" : "US",
"keystore_password" : "secret1",
"truststore_password" : "secret2"
},
- "truststore_merger": {
- "image_tag": "repo/oom-truststore-merger:1.2.3"
+ "cert_post_processor": {
+ "image_tag": "repo/oom-cert-post-processor:2.1.0"
},
"cbs": {
"base_url": "https://config-binding-service:10443/service_component_all/test-component"
def verify_external_cert(dep):
cert_container = dep.spec.template.spec.init_containers[1]
print(cert_container)
- assert cert_container.image == "repo/aaf-certservice-client:1.2.3"
+ assert cert_container.image == "repo/oom-certservice-client:2.1.0"
assert cert_container.name == "cert-service-client"
assert len(cert_container.volume_mounts) == 2
assert cert_container.volume_mounts[0].name == "tls-info"
assert cert_container.volume_mounts[0].mount_path == "/path/to/container/cert/directory/"
assert cert_container.volume_mounts[1].name == "tls-volume"
- assert cert_container.volume_mounts[1].mount_path == "/etc/onap/aaf/certservice/certs/"
+ assert cert_container.volume_mounts[1].mount_path == "/etc/onap/oom/certservice/certs/"
expected_envs = {
"REQUEST_URL": "https://request:1010/url",
"STATE": "California",
"COUNTRY": "US",
"SANS": "mysans",
- "KEYSTORE_PATH": "/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks",
+ "KEYSTORE_PATH": "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks",
"KEYSTORE_PASSWORD": "secret1",
- "TRUSTSTORE_PATH": "/etc/onap/aaf/certservice/certs/truststore.jks",
+ "TRUSTSTORE_PATH": "/etc/onap/oom/certservice/certs/truststore.jks",
"TRUSTSTORE_PASSWORD": "secret2"}
envs = {k.name: k.value for k in cert_container.env}
for k in expected_envs:
assert (k in envs and expected_envs[k] == envs[k])
-def verify_truststore_merger(dep):
+def verify_cert_post_processor(dep):
cert_container = dep.spec.template.spec.init_containers[2]
print(cert_container)
- assert cert_container.image == "repo/oom-truststore-merger:1.2.3"
- assert cert_container.name == "truststore-merger"
+ assert cert_container.image == "repo/oom-cert-post-processor:2.1.0"
+ assert cert_container.name == "cert-post-processor"
assert len(cert_container.volume_mounts) == 1
assert cert_container.volume_mounts[0].name == "tls-info"
assert cert_container.volume_mounts[0].mount_path == "/opt/dcae/cacert/"
from common import do_deploy
from common import do_deploy_ext
from common import verify_external_cert
-from common import verify_truststore_merger
+from common import verify_cert_post_processor
def test_deploy_full_tls(mockk8sapi):
''' Deploy component with a full TLS configuration, to act as a server '''
# Make sure all of the external init container parameters are correct
verify_external_cert(dep)
- verify_truststore_merger(dep)
+ verify_cert_post_processor(dep)