Certificates from CMPv2 server - handle incorrect blueprint

K8splugin will stop without deployment creation when external_cert does not contain all the required parameters
Bugfix: K8splugin will not create cert-service-client init container by default

Issue-ID: DCAEGEN2-2252 DCAEGEN2-2380
Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
Change-Id: Ibb6ada925ad8c7f1609e01ba9021a7dbcf0fe644

diff --git a/k8s/ChangeLog.md b/k8s/ChangeLog.md
index 16300b0..d7b1da6 100644 (file)
--- a/k8s/ChangeLog.md
+++ b/k8s/ChangeLog.md
@@ -5,6 +5,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [3.3.0]
+* DCAEGEN2-2252 - Add support to request certificates from CMPv2 server in DCAE cloudify blueprints
+  - handle incorrect blueprint
+* DCAEGEN2-2380 - K8splugin should not create cert-service-client init container by default
+
 ## [3.2.0]
 * DCAEGEN2-2309 - Adapt with K8S 1.17 version of APIs
 

diff --git a/k8s/k8splugin/tasks.py b/k8s/k8splugin/tasks.py
index 57fb8fb..e03e4d2 100644 (file)
--- a/k8s/k8splugin/tasks.py
+++ b/k8s/k8splugin/tasks.py
@@ -59,6 +59,14 @@ K8S_DEPLOYMENT = "k8s_deployment"
 RESOURCE_KW = "resource_config"
 LOCATION_ID = "location_id"
 
+# External cert parameters
+EXT_CERT_DIR = "external_cert_directory"
+EXT_CA_NAME = "ca_name"
+EXT_CERT_PARAMS = "external_certificate_parameters"
+EXT_COMMON_NAME = "common_name"
+EXT_CERT_ERROR_MESSAGE = "Provided blueprint is incorrect. It specifies external_cert without all the required parameters. " \
+                         "Required parameters are: {0}, {1}, {2}.{3}".format(EXT_CERT_DIR, EXT_CA_NAME, EXT_CERT_PARAMS, EXT_COMMON_NAME)
+
 # Utility methods
 
 # Lifecycle interface calls for dcae.nodes.DockerContainer
@@ -227,6 +235,14 @@ def _verify_k8s_deployment(location, service_component_name, max_wait):
 
     return True
 
+def _fail_if_external_cert_incorrect(external_cert):
+    if not (external_cert.get(EXT_CERT_DIR)
+            and external_cert.get(EXT_CA_NAME)
+            and external_cert.get(EXT_CERT_PARAMS)
+            and external_cert.get(EXT_CERT_PARAMS).get(EXT_COMMON_NAME)):
+        ctx.logger.error(EXT_CERT_ERROR_MESSAGE)
+        raise NonRecoverableError(EXT_CERT_ERROR_MESSAGE)
+
 def _create_and_start_container(container_name, image, **kwargs):
     '''
     This will create a k8s Deployment and, if needed, a k8s Service or two.
@@ -262,6 +278,9 @@ def _create_and_start_container(container_name, image, **kwargs):
         - k8s_location: name of the Kubernetes location (cluster) where the component is to be deployed
     '''
     tls_info = kwargs.get("tls_info") or {}
+    external_cert = kwargs.get("external_cert")
+    if external_cert and external_cert.get("use_external_tls"):
+        _fail_if_external_cert_incorrect(external_cert)
     cert_dir = tls_info.get("cert_directory") or COMPONENT_CERT_DIR
     env = { "CONSUL_HOST": CONSUL_INTERNAL_NAME,
             "CONFIG_BINDING_SERVICE": "config-binding-service",

diff --git a/k8s/k8splugin_types.yaml b/k8s/k8splugin_types.yaml
index ff649df..5d354f7 100644 (file)
--- a/k8s/k8splugin_types.yaml
+++ b/k8s/k8splugin_types.yaml
@@ -23,7 +23,7 @@ plugins:
   k8s:
     executor: 'central_deployment_agent'
     package_name: k8splugin
-    package_version: 3.2.0
+    package_version: 3.3.0
 
 data_types:
 
@@ -100,7 +100,7 @@ data_types:
           Flag indicating whether external TLS is to be used
         type: boolean
         required: false
-        default: true
+        default: false
       ca_name:
         description: >
           Name of Certificate Authority configured on CertService side

diff --git a/k8s/pom.xml b/k8s/pom.xml
index 8a541d4..c91dcbf 100644 (file)
--- a/k8s/pom.xml
+++ b/k8s/pom.xml
@@ -28,7 +28,7 @@ limitations under the License.
   <groupId>org.onap.dcaegen2.platform.plugins</groupId>
   <artifactId>k8s</artifactId>
   <name>k8s-plugin</name>
-  <version>3.2.0-SNAPSHOT</version>
+  <version>3.3.0-SNAPSHOT</version>
   <url>http://maven.apache.org</url>
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

diff --git a/k8s/setup.py b/k8s/setup.py
index da3a7d3..7ff694b 100644 (file)
--- a/k8s/setup.py
+++ b/k8s/setup.py
@@ -23,7 +23,7 @@ from setuptools import setup
 setup(
     name='k8splugin',
     description='Cloudify plugin for containerized components deployed using Kubernetes',
-    version="3.2.0",
+    version="3.3.0",
     author='J. F. Lucas, Michael Hwang, Tommy Carpenter, Joanna Jeremicz, Sylwia Jakubek',
     packages=['k8splugin','k8sclient','configure'],
     zip_safe=False,