From: dglFromAtt Date: Wed, 22 Aug 2018 22:02:11 +0000 (-0400) Subject: New Casablanca SSL certs X-Git-Tag: 1.0.22~15 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=dmaap%2Fbuscontroller.git;a=commitdiff_plain;h=f5e3ff50881c3c332dacc98b7994e6172a114d97 New Casablanca SSL certs Change-Id: Ida5e782acda64fba89cc3ea647ce72657565d770 Signed-off-by: dglFromAtt Issue-ID: DMAAP-532 --- diff --git a/Dockerfile b/Dockerfile index 491a8d5..b246871 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,6 +37,8 @@ COPY misc/LocalKey ${insdir}/etc/ COPY misc/logback.xml ${insdir}/etc/ COPY misc/dbc-api.jks ${insdir}/etc/keystore RUN chmod 600 ${insdir}/etc/keystore +COPY misc/org.onap.dmaap-bc.trust.jks ${insdir}/etc +RUN chmod 600 ${insdir}/etc/org.onap.dmaap-bc.trust.jks COPY ./version.properties ${insdir}/etc COPY misc/opensource.env ${insdir}/misc/ COPY misc/*.tmpl ${insdir}/misc/ diff --git a/misc/dbc-api.jks b/misc/dbc-api.jks index 902a747..66142d3 100644 Binary files a/misc/dbc-api.jks and b/misc/dbc-api.jks differ diff --git a/misc/dmaapbc.properties.tmpl b/misc/dmaapbc.properties.tmpl index 414771b..7214497 100644 --- a/misc/dmaapbc.properties.tmpl +++ b/misc/dmaapbc.properties.tmpl @@ -58,11 +58,11 @@ KeyStoreFile: ${DMAAPBC_KSTOREFILE:-etc/keystore} # # The password for the https keystore # -KeyStorePassword: ${DMAAPBC_KSTOREPASS:-Demolition Artist Floating} +KeyStorePassword: ${DMAAPBC_KSTOREPASS:-*j&Z*Ma;.4My4M]W0eB*fal$} # # The password for the private key in the https keystore # -KeyPassword: ${DMAAPBC_PVTKEYPASS:-Demolition Artist Floating} +KeyPassword: ${DMAAPBC_PVTKEYPASS:-*j&Z*Ma;.4My4M]W0eB*fal$} # # The type of truststore for https # @@ -70,11 +70,11 @@ TrustStoreType: jks # # The path to the truststore for https # -TrustStoreFile: ${DMAAPBC_TSTOREFILE} +TrustStoreFile: ${DMAAPBC_TSTOREFILE:-etc/org.onap.dmaap-bc.trust.jks} # # The password for the https truststore # -TrustStorePassword: ${DMAAPBC_TSTOREPASS:-changeit} +TrustStorePassword: ${DMAAPBC_TSTOREPASS:-pi8HuuSbN03MtQQ7(5TcyQ6;} # # The path to the file used to trigger an orderly shutdown # @@ -108,7 +108,7 @@ Feed.deleteHandling: ${DMAAPBC_FEED_DELETE:-DeleteOnDR} ################################################################################ # MR Related Properties: # -# ONAP Beijing is a single site deployment. +# ONAP Beijing and Casablanca are a single site deployment. MR.multisite: false # # Value of the CNAME DNS entry which resolves to the primary central MR cluster (when there are more than one central clusters). @@ -149,6 +149,12 @@ MM.ProvUserPwd: ${DMAAPBC_MMPROV_PWD:-pwdNotSet} # The Role of the MirrorMaker Agent. This is used by MM to sub to provisioning topic # MM.AgentRole: ${DMAAPBC_MMAGENT_ROLE:-org.onap.dmaapBC.MMagent.agent} +################# +# +# path to cadi.properties +# +cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props + ################# # AAF Properties: # @@ -183,49 +189,29 @@ CredentialCodecKeyfile: ${DMAAPBC_CODEC_KEYFILE:-etc/LocalKey} # # URL of AAF environment to use. # -aaf.URL: ${DMAAPBC_AAF_URL:-https://authentication.simpledemo.onap.org:8095/proxy/} +aaf.URL: ${DMAAPBC_AAF_URL:-https://aaf-onap-test.osaaf.org:8095} # # TopicMgr mechid@namespace # -aaf.TopicMgrUser: ${DMAAPBC_TOPICMGR_USER:-idNotSet@namespaceNotSet} +aaf.TopicMgrUser: ${DMAAPBC_TOPICMGR_USER:-topic_mgr@dmaap-bc.onap.org} # # TopicMgr password # -aaf.TopicMgrPassword: ${DMAAPBC_TOPICMGR_PWD:-pwdNotSet} +aaf.TopicMgrPassword: ${DMAAPBC_TOPICMGR_PWD:-enc:l0ScEojNQiiKbbkuM6U1mtnrme69q960} # # Bus Controller Namespace Admin mechid@namespace # -aaf.AdminUser: ${DMAAPBC_ADMIN_USER:-idNotSet@namespaceNotSet} +aaf.AdminUser: ${DMAAPBC_ADMIN_USER:-aaf_admin@people.osaag.org} # # Bus Controller Namespace Admin password # -aaf.AdminPassword: ${DMAAPBC_ADMIN_PWD:-pwdNotSet} -# -# endof AAF Properties -################# -################# -# PolicyEngine Properties -# -# Flag to turn on/off Authentication -UsePE: ${DMAAPBC_PE_ENABLED:-false} -# -# Argument to decisionAttributes.put("AAF_ENVIRONMENT", X); -# where X is: TEST= UAT, PROD = PROD, DEVL = TEST -# -PeAafEnvironment: ${DMAAPBC_PE_AAF_ENV:-CSIT} -PeAafUrl.CSIT: ${DMAAPBC_AAF_URL:-http://localhost:8095/proxy/} -PeAafUrl.DEVL: https://aafdev.onap.org:8095/proxy/ -PeAafUrl.TEST: https://aafist..onap.org:8095/proxy/ -PeAafUrl.PROD: https://aafprod.onap.org:8095/proxy/ +aaf.AdminPassword: ${DMAAPBC_ADMIN_PWD:-demo123456!} + -# -# Name of PolicyEngineApi properties file -PolicyEngineProperties: config/PolicyEngineApi.properties -# # Namespace for URI values for API used to create AAF permissions # e.g. if ApiNamespace is X.Y..dmaapBC.api then for URI /topics we create an AAF perm X.Y..dmaapBC.api.topics -ApiNamespace: ${DMAAPBC_API_NAMESPACE:-org.onap.dmaapBC.api} +ApiNamespace: ${DMAAPBC_API_NAMESPACE:-org.onap.dmaap-bc.api} # -# endof PolicyEngineProperties +# endof AAF Properties ################# !EOF diff --git a/misc/org.onap.dmaap-bc.trust.jks b/misc/org.onap.dmaap-bc.trust.jks new file mode 100644 index 0000000..00cc35e Binary files /dev/null and b/misc/org.onap.dmaap-bc.trust.jks differ diff --git a/pom.xml b/pom.xml index bc30ee2..aeb8a3d 100644 --- a/pom.xml +++ b/pom.xml @@ -50,6 +50,13 @@ No Snapshots Allowed! org.onap.dmaap.dbcapi:dbcapi + org.onap.aaf.authz:aaf-cadi-client + org.onap.aaf.authz:aaf-misc-env + org.onap.aaf.authz:aaf-cadi-aaf + org.onap.aaf.authz:aaf-auth-client + org.onap.aaf.authz:aaf-cadi-core + org.onap.aaf.authz:aaf-misc-rosetta + @@ -250,6 +257,13 @@ jetty-server ${jettyVersion} + + org.onap.aaf.authz + aaf-cadi-aaf + 2.1.2-SNAPSHOT + full + + org.eclipse.jetty jetty-servlet @@ -287,7 +301,7 @@ org.onap.dmaap.dbcapi dbcapi - 1.0.8-SNAPSHOT + 1.0.12-SNAPSHOT @@ -322,7 +336,7 @@ UTF-8 9.3.7.v20160115 0.0.1 - 1.0.13 + 1.0.14 0.7.7.201606060606 3.2 diff --git a/version.properties b/version.properties index 7e97219..e104878 100644 --- a/version.properties +++ b/version.properties @@ -27,7 +27,7 @@ major=1 minor=0 -patch=13 +patch=14 base_version=${major}.${minor}.${patch} # Release must be completed with git revision # in Jenkins