------------------
- VES collector deployed as docker containers
- Acknowledgement to sender with appropriate response code (both successful and failure)
-- Authentication of the events posted to collector (support 4 types of authentication setting)
+- Authentication of the events posted to collector (support 2 types of authentication setting)
- Support single or batch JSON events input
- Schema validation (against standard VES definition)
- Multiple schema support and backward compatibility
VES Collector support following authentication types
* *auth.method=noAuth* default option - no security (http)
- * *auth.method=certOnly* is used to enable mutual TLS authentication (https)
* *auth.method=certBasicAuth* is used to enable mutual TLS authentication or/and basic HTTPs authentication
- * *auth.method=basicAuth* is used to enable basic HTTPs authentication
Default ONAP deployed VESCOllector is configured for "noAuth". If VESCollector instance need to be deployed with authentication enabled, follow below setup
cfy blueprint delete ves-tls
-Known Issue : When VESCollector is required to be deployed with authentication enabled *auth.method=certOnly* or *auth.method: certBasicAuth* or *auth.method: basicAuth*
+Known Issue : When VESCollector is required to be deployed with authentication enabled *auth.method: certBasicAuth*
the blueprint currently disables healthcheck parameters configuration (below). This causes no readiness probe to be deployed in K8S when VES Collector is deployed with authentication enabled.
* *collector.keystore.file.location* - a path to jks key store containing certificates which can be used for TLS handshake
* *collector.keystore.passwordfile* - a path to file containing a password for the key store
-Property *auth.method* is used to manage security mode, possible configuration: noAuth, basicAuth, certOnly, certBasicAuth
+Property *auth.method* is used to manage security mode, possible configuration: noAuth, certBasicAuth
* *auth.method=noAuth* default option - no security (http)
- * *auth.method=certOnly* is used to enable mutual TLS authentication (https)
-
- * client without cert and without basic auth = :red:`Authentication failure`
- * client without cert and wrong basic auth = :red:`Authentication failure`
- * client without cert and correct basic auth = :red:`Authentication failure`
- * client with cert and without/wrong basic auth = :green:`Authentication successful`
- * client with cert and correct basic auth = :green:`Authentication successful`
-
* *auth.method=certBasicAuth* is used to enable mutual TLS authentication or/and basic HTTPs authentication
* client without cert and without basic auth = :red:`Authentication failure`
* client with cert and without/wrong basic auth = :green:`Authentication successful`
* client with cert and correct basic auth = :green:`Authentication successful`
- * *auth.method=basicAuth* is used to enable basic HTTPs authentication
-
- * client without cert and without basic auth = :red:`Authentication failure`
- * client without cert and wrong basic auth = :red:`Authentication failure`
- * client without cert and correct basic auth = :green:`Authentication successful`
- * client with cert and without/wrong basic auth = :red:`Authentication failure`
- * client with cert and correct basic auth = :green:`Authentication successful`
-
-When application is in certOnly or certBasicAuth mode then certificates are also validated by regexp in /etc/certSubjectMatcher.properties,
+When application is in certBasicAuth mode then certificates are also validated by regexp in /etc/certSubjectMatcher.properties,
only SubjectDn field in certificate description are checked. Default regexp value is .* means that we approve all SubjectDN values.
Code Review / dcaegen2.git / commitdiff