X-Git-Url: https://gerrit.onap.org/r/gitweb?p=dmaap%2Fdbcapi.git;a=blobdiff_plain;f=README.md;h=14ebef1acc3d71d4e39fb0906ce7379a637e7818;hp=d96612c560c6409077765bc213971a9ae80c96e4;hb=HEAD;hpb=a05efb7b7b3cfc77f5e3fda11e8434834829f56a diff --git a/README.md b/README.md index d96612c..14ebef1 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,24 @@ +# +# ============LICENSE_START========================================== +# org.onap.dmaap +# =================================================================== +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END============================================ +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# +# DMaaP Bus Controller API ======================= @@ -23,165 +44,129 @@ After cloning from this git repo: mvn clean install javadoc:javadoc ``` -### Configurable Parameters +A description of the API is generated, and found in targets/generated-source/swagger.json. -Behavior of the API is controlled by settings in a properties file (typically etc/dmaapbc.properties). -The following describes these properties: +### Properties File -``` - -# -# Configuration parameters fixed at startup for the DMaaP Bus Controller -# -# -# URI to retrieve dynamic DR configuration -# -ProvisioningURI: /internal/prov -# -# Allow http access to API -# -HttpAllowed: true -# -# The port number for http as seen within the server -# -IntHttpPort: 8080 -# -# The port number for https as seen within the server -# Set to 0 if no certificate is available yet... -# -IntHttpsPort: 8443 -# -# The external port number for https taking port mapping into account -# -ExtHttpsPort: 443 -# -# The type of keystore for https -# -KeyStoreType: jks -# -# The path to the keystore for https -# -KeyStoreFile: etc/keystore -# -# The password for the https keystore -# -KeyStorePassword: changeit -# -# The password for the private key in the https keystore -# -KeyPassword: changeit -# -# The type of truststore for https -# -TrustStoreType: jks -# -# The path to the truststore for https -# -TrustStoreFile: /opt/app/java/jdk/jdk180/jre/security/cacerts -# -# The password for the https truststore -# -TrustStorePassword: changeit -# -# The path to the file used to trigger an orderly shutdown -# -QuiesceFile: etc/SHUTDOWN -# -# Enable postgress -# -UsePGSQL: true -# -# The host for postgres access -# -DB.host: HostNotSet -# -# For postgres access -# -DB.cred: ValueNotSet -# -# Name of this environment -# -DmaapName: DeploymentEnvName -# -# Name of DR prov server -# -DR.provhost: dcae-drps.domain.notset.com -# -# The Role and credentials of the MirrorMaker Provisioner. This is used by DMaaP Bus Controller to pub to the provisioning topic -# Not part of 1701 -# -#MM.ProvRole: org.openecomp.dmaapBC.MMprov.prov -#MM.ProvUserMechId: idNotSet@namespaceNotSet -#MM.ProvUserPwd: enc:fMxh-hzYZldbtyXumQq9aJU08SslhbM6mXtt -# -# The Role of the MirrorMaker Agent. This is used by MM to sub to provisioning topic -# -MM.AgentRole: org.openecomp.dmaapBC.MMagent.agent -################# -# AAF Properties: -# -# regarding password encryption: -# In the dependencies that Maven retrieves (e.g., under dcae_dmaapbc/target/deps/ is a jar file cadi-core-version.jar. Generate the key file with: -# -# java \u2013jar wherever/cadi-core-*.jar keygen keyfilename -# chmod 400 keyfilename -# -# To encrypt a key: -# -# java \u2013jar wherever/cadi-core-*.jar digest password-to-encrypt keyfilename -# -# This will generate a string. Put \u201Cenc:\u201D on the front of the string, and put the result in this properties file. -# -# Location of the Codec Keyfile which is used to decrypt passwords in this properties file before they are passed to AAF -# -# REF: https://wiki.domain.notset.com/display/cadi/CADI+Deployment -# -CredentialCodecKeyfile: etc/LocalKey -# -# URL of AAF environment to use. -# -aaf.URL: https://authentication.simpledemo.openecomp.org:8095/proxy/ -# -# TopicMgr mechid@namespace -# -aaf.TopicMgrUser: idNotSet@namespaceNotSet -# -# TopicMgr password -# -aaf.TopicMgrPassword: enc:zyRL9zbI0py3rJAjMS0dFOnYfEw_mJhO -# -# Bus Controller Namespace Admin mechid@namespace -# -aaf.AdminUser: idNotSet@namespaceNotSet -# -# Bus Controller Namespace Admin password -# -aaf.AdminPassword: enc:YEaHwOJrwhDY8a6usetlhbB9mEjUq9m -# -# endof AAF Properties -################# -################# -# PolicyEngine Properties -# -# Flag to turn on/off Authentication -UsePE: false -# -# Argument to decisionAttributes.put("AAF_ENVIRONMENT", X); -# where X is: TEST= UAT, PROD = PROD, DEVL = TEST -# -PeAafEnvironment: DEVL -# -# Name of PolicyEngineApi properties file -PolicyEngineProperties: config/PolicyEngineApi.properties -# -# Namespace for URI values for API used to create AAF permissions -# e.g. if ApiNamespace is X.Y..dmaapBC.api then for URI /topics we create an AAF perm X.Y..dmaapBC.api.topics -ApiNamespace: org.onap.dmaap.dbcapi -# -# endof PolicyEngineProperties -################# - -``` +This section is intended to describe the behavior customization of Bus Controller that can be obtained via properties file used by the dbcapi library. +By default, this file is located in etc/dmaapbc.properties. +However, a java argument -DConfigFile can be set to a different path. (Our kubernetes deployment relies on this and points to a configmap, for example.) +The table below lists all the settings, default values (if not set), and shows any explicit setting in ONAP oom kubernetes deployment. +|-|-|-|-| +| Property | Description | Default | ONAP Kubernetes Setting | +|-|-|-|-| +|UseAAF | Flag for whether AAF authz API is to be used | false | false | +|-|-|-|-| +|csit | Flag for stubbing out many southbound calls in a CSIT environment | No | No | +|-|-|-|-| +|DR.provhost | FQDN of Data Router Provisioning Server (deprecated - now set via API) | notSet | dcae-drps.domain.not.set | +|-|-|-|-| +|ProvisioningURI | URI to retrieve dynamic DR configuration | /internal/prov | /internal/prov | +|-|-|-|-| +|Feed.deleteHandling | indicator for handling feed delete request | DeleteOnDR | SimulateDelete | +| | DeleteOnDR - means use the DR API to DELETE a feed. (default for backwards compatibility) | | | +| | SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. | | | +|-|-|-|-| +|UsePGSQL | flag indicates whether to retain data in Postgresql | false | true | +| | when false, objects will be kept in memory but will be | | | +| | lost on restart and not shared between instances | | | +|-|-|-|-| +|DB.host | FQDN or service name of Postresql host | dcae-pstg-write-ftl.domain.notset.com | dbc-pg-primary | +|-|-|-|-| +|DB.name | name of Postresql database | dmaap | | +|-|-|-|-| +|DB.schema | name of database schema | public | | +|-|-|-|-| +|DB.user | username for Postgresql access | dmaap_admin | | +|-|-|-|-| +|DB.cred | password for Postrgresql access | test234-ftl | onapdemodb | +|-|-|-|-| +|MR.multisite | Indicates if there can be multiple sites (locations) where MR is deployed | true | false | +|-|-|-|-| +|MR.CentralCname | FQDN or service name of MR (deployed in central if multilocation is true) | MRcname.not.set | message-router | +|-|-|-|-| +|MR ClientDeleteLevel | MR Client Delete thoroughness | 0 | 1 | +| | 0 = don't delete | | | +| | 1 = delete from persistent store (PG) | | | +| | 2 = delete from persistent store (PG) and authorization store (AAF) | | | +|-|-|-|-| +|MR.TopicFactoryNS | AAF namespace used to create perms for MR topics | MR.topicFactoryNS.not.set | org.onap.dmaap.mr.topicFactory | +|-|-|-|-| +|MR.TopicMgrRole | AAF Role used by Buscontroller to create topics on MR | MR.TopicMgrRole.not.set | org.onap.dmaap-bc-topic-mgr.client | +|-|-|-|-| +|MR.projectID | Value for some constructs of fully qualified topic names | 99999 | ONAP | +|-|-|-|-| +|MR.hostnameVerify | Indicates if we want to relax hostname verification on SSL connection | true | false | +|-|-|-|-| +|MR.authentication | Authentication method used when connecting to MR | none | basicAuth | +| | none = no creds sent (default) | | | +| | basicAuth = formulate Basic Auth HTTP Header using name and pwd credentials | | | +| | cert = use client certificate | | | +|-|-|-|-| +|cadi.properties | Path to CADI properties file | /opt/app/osaaf/local/org.onap.dmaap-bc.props | /opt/app/osaaf/lcoal/org.onap.dmaap-bc.props | +|-|-|-|-| +|aaf.URL | URL of the AAF server | https://authentication.domain.netset.com:8100/proxy/ | https://aaf-service.onap:8100/ | +|-|-|-|-| +|aaf.TopicMgrUser | AAF Identity of Topic Mgr | noMechId@domain.netset.com | dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org | +|-|-|-|-| +|aaf.TopicMgrPassword | AAF Credential for Topic Mgr | notSet | demo123456! | +|-|-|-|-| +|aaf.AdminUser | AAF Identity of user with Admin role for API namespace | noMechId@domain.netset.com | aaf_admin@people.osaaf.org | +|-|-|-|-| +|aaf.AdminPassword | AAF credential of AdminUser | notSet | demo123456! | +|-|-|-|-| +|aaf.NsOwnerIdentity | AAF Identity to be used as topic Namespace owner | notSet | aaf_admin@people.osaaf.org | +|topicNsRoot | AAF namespace value used to create FQTN | org.onap.dcae.dmaap | org.onap.dcae.dmaap | +|-|-|-|-| +|CredentialCodeKeyfile | location of the codec keyfile used to decrypt passwords | LocalKey | etc/LocalKey | +| | in this properties file before they are passed to AAF | LocalKey | etc/LocalKey | +|-|-|-|-| +|AafDecryption.Class | Specifies the Class to be used for decryption | org.onap.dmaap.dbcapi.aaf.ClearDecrypt | | +|-|-|-|-| +|ApiNamespace | Root namespace for AAF perms related to dbcapi access | apiNamespace.not.set | org.onap.dmaap-bc.api | +|-|-|-|-| +|ApiPermission.Class | the Class that determines if a call to API is authorized| allow | | +|-|-|-|-| +|MM.ProvRole | AAF Role of client publishing MM prov cmds | notSet | org.onap.dmaap-bc-mm-prov.prov | +|-|-|-|-| +|MM.ProvUserMechId | AAF Identity when publishing to MM command topic | notSet | dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org| +|-|-|-|-| +|MM.ProvUserPwd | AAF credenital for ProvUserMechId | notSet | demo123456! | +|-|-|-|-| +|MM.AgentRole | AAF Role of client susbcribing to MM command topic | notSet | org.onal.dmaap-bc-mm-prov.agent | +|-|-|-|-| +|DR.provApi | Version name of DR API (ONAP or AT&T) | ONAP | ONAP | +|-|-|-|-| +|DR.onBehalfHeader | String for "On Behalf Of" HTTP Header in DR API | X-DR-ON-BEHALF-OF | X-DR-ON-BEHALF-OF | +|-|-|-|-| +|DR.feedContentType | Value for Content-Type Header in DR Feed API | application/vnd.dr.feed | application/vnd.dr.feed | +|-|-|-|-| +|DR subContentType | Value for Content-Type Header in DR Subscription API | application/vnd.dr.subscription | application/vnd.dr.subscription | +|-|-|-|-| +|HttpAllowed | flag indicating whether http is supported | false | true | +|-|-|-|-| +|IntHttpPort | Internal port for http service | 80 | 8080 | +|-|-|-|-| +|IntHttpsPort | Internal port for https service (0 if no cert is avail) | 443 | 8443 | +|-|-|-|-| +|ExtHttpsPort | Externally advertised port for https service (deprecated)| 443 | 443 | +|-|-|-|-| +|KeyStoreType | Format of Java keystore | jks | jks | +|-|-|-|-| +|KeyStoreFile | Path to java keystore | etc/keystore | etc/keystore | +|-|-|-|-| +|KeyStorePassword | Password for keystore | changeit | | +|-|-|-|-| +|KeyPassword | Password for private key in the https keystore | changeit | | +|-|-|-|-| +|TrustStoreType | Format of Trust Store file | jks | jks | +|-|-|-|-| +|TrustStoreFile | Path to Trust Store file | | etc/org.onap.dmaap-bc.trust.jks | +|-|-|-|-| +|TrustStorePassword | Password for Trust Store | | | +|-|-|-|-| +|QuiesceFile | Path to file which signals needs to queiesce | | etc/SHUTDOWN | +|-|-|-|-|