[
{
"httpRequest": {
- "path": "/events/AAI_EVENT/dcae_pmsh_cg/dcae_pmsh_aai_event",
+ "path": "/events/AAI_EVENT/.*",
"queryStringParameters" : {
"timeout" : [ "1000" ]
}
"application/json"
]
},
- "body": "{}"
+ "body": []
}
},
{
"application/json"
]
},
- "body": {
- "type": "JSON",
- "json": {}
- }
+ "body": []
}
},
{
"httpRequest": {
- "path": "/events/unauthenticated.PMSH_CL_INPUT/dcae_pmsh_cg/dcae_pmsh_policy_cl_input",
+ "path": "/events/unauthenticated.PMSH_CL_INPUT/.*",
"queryStringParameters" : {
"timeout" : [ "1000" ]
}
"application/json"
]
},
- "body": {
- "type": "JSON",
- "json": {}
- }
+ "body": []
}
}
]
MSB_IP==`get-instance-ip.sh msb_internal_apigateway`
echo MSB_IP=${MSB_IP}
-docker run -d -p 3306:3306 --name vfc-db -v /var/lib/mysql -e MYSQL_ROOT_PASSWORD=root nexus3.onap.org:10001/library/mariadb
+docker run -d -p 3306:3306 --name vfc-db -v /var/lib/mysql -e MYSQL_USER="etsicatalog" -e MYSQL_PASSWORD="etsicatalog" -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE="etsicatalog" nexus3.onap.org:10001/library/mariadb
DB_IP=`get-instance-ip.sh vfc-db`
echo DB_IP=${DB_IP}
sleep 60
# start modeling-etsicatalog
-docker run -d --name modeling-etsicatalog -v /var/lib/mysql -e MSB_ADDR=${DISCOVERY_IP}:10081 -e MYSQL_ADDR=${DB_IP}:3306 nexus3.onap.org:10001/onap/modeling/etsicatalog
+docker run -d --name modeling-etsicatalog -v /var/lib/mysql -e MSB_ADDR=${DISCOVERY_IP}:10081 -e DB_IP=${DB_IP} nexus3.onap.org:10001/onap/modeling/etsicatalog
EtsiCatalog_IP=`get-instance-ip.sh modeling-etsicatalog`
for i in {1..10}; do
curl -sS -m 1 ${EtsiCatalog_IP}:8806 && break
#Generate certService private and public keys
step_9:
@echo "Generate certService private and public keys"
- keytool -genkeypair -v -alias aaf-cert-service -keyalg RSA -keysize 2048 -validity 730 \
+ keytool -genkeypair -v -alias oom-cert-service -keyalg RSA -keysize 2048 -validity 730 \
-keystore certServiceServer-keystore.jks -storetype JKS \
- -dname "CN=aaf-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \
+ -dname "CN=oom-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \
-keypass secret -storepass secret -ext BasicConstraints:critical="ca:false"
@echo "####done####"
#Generate certificate signing request for certService
step_10:
@echo "Generate certificate signing request for certService"
- keytool -certreq -keystore certServiceServer-keystore.jks -alias aaf-cert-service -storepass secret -file certServiceServer.csr
+ keytool -certreq -keystore certServiceServer-keystore.jks -alias oom-cert-service -storepass secret -file certServiceServer.csr
@echo "####done####"
#Sign certService certificate by root CA
@echo "Sign certService certificate by root CA"
keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \
-outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \
- -ext SubjectAlternativeName:="DNS:aaf-cert-service,DNS:localhost"
+ -ext SubjectAlternativeName:="DNS:oom-cert-service,DNS:localhost"
@echo "####done####"
#Import root certificate into server
#Import signed certificate into certService
step_13:
@echo "Import signed certificate into certService"
- keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias aaf-cert-service \
+ keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias oom-cert-service \
-storepass secret -noprompt
@echo "####done####"
"cmpv2Servers": [
{
"caName": "Client",
- "url": "http://aafcert-ejbca:8080/ejbca/publicweb/cmp/cmp",
+ "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmp",
"issuerDN": "CN=ManagementCA",
"caMode": "CLIENT",
"authentication": {
},
{
"caName": "RA",
- "url": "http://aafcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA",
+ "url": "http://oomcert-ejbca:8080/ejbca/publicweb/cmp/cmpRA",
"issuerDN": "CN=ManagementCA",
"caMode": "RA",
"authentication": {
ejbca:
image: primekey/ejbca-ce:6.15.2.5
hostname: cahostname
- container_name: aafcert-ejbca
+ container_name: oomcert-ejbca
ports:
- "80:8080"
- "443:8443"
networks:
- certservice
- aaf-cert-service:
- image: nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-api:latest
+ oom-cert-service:
+ image: nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-api:latest
volumes:
- - $CONFIGURATION_PATH:/etc/onap/aaf/certservice/cmpServers.json
- - ./certs/truststore.jks:/etc/onap/aaf/certservice/certs/truststore.jks
- - ./certs/root.crt:/etc/onap/aaf/certservice/certs/root.crt
- - ./certs/certServiceServer-keystore.jks:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.jks
- - ./certs/certServiceServer-keystore.p12:/etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12
- container_name: aafcert-service
+ - $CONFIGURATION_PATH:/etc/onap/oom/certservice/cmpServers.json
+ - ./certs/truststore.jks:/etc/onap/oom/certservice/certs/truststore.jks
+ - ./certs/root.crt:/etc/onap/oom/certservice/certs/root.crt
+ - ./certs/certServiceServer-keystore.jks:/etc/onap/oom/certservice/certs/certServiceServer-keystore.jks
+ - ./certs/certServiceServer-keystore.p12:/etc/onap/oom/certservice/certs/certServiceServer-keystore.p12
+ container_name: oomcert-service
ports:
- "8443:8443"
depends_on:
ejbca:
condition: service_healthy
healthcheck:
- test: ["CMD-SHELL", "curl https://localhost:8443/actuator/health --cacert /etc/onap/aaf/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/aaf/certservice/certs/certServiceServer-keystore.p12 --pass secret"]
+ test: ["CMD-SHELL", "curl https://localhost:8443/actuator/health --cacert /etc/onap/oom/certservice/certs/root.crt --cert-type p12 --cert /etc/onap/oom/certservice/certs/certServiceServer-keystore.p12 --pass secret"]
interval: 10s
timeout: 3s
retries: 15
SCRIPT=`realpath $0`
CURRENT_WORKDIR_PATH=`dirname $SCRIPT`
-PROJECT_DIRECTORY="plans/aaf/certservice"
+PROJECT_DIRECTORY="plans/oom-platform-cert-service/certservice"
SCRIPTS_DIRECTORY="scripts"
export SCRIPTS_PATH=${SCRIPTS_PATH}
#Generate keystores, truststores, certificates and keys
-mkdir -p ${WORKSPACE}/tests/aaf/certservice/assets/certs/
+mkdir -p ${WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/
make all -C ./certs/
-cp ${WORKSPACE}/plans/aaf/certservice/certs/root.crt ${WORKSPACE}/tests/aaf/certservice/assets/certs/root.crt
+cp ${WORKSPACE}/plans/oom-platform-cert-service/certservice/certs/root.crt ${WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/root.crt
echo "Generated keystores"
-openssl pkcs12 -in ${WORKSPACE}/plans/aaf/certservice/certs/certServiceServer-keystore.p12 -clcerts -nokeys -password pass:secret | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${WORKSPACE}/tests/aaf/certservice/assets/certs/certServiceServer.crt
+openssl pkcs12 -in ${WORKSPACE}/plans/oom-platform-cert-service/certservice/certs/certServiceServer-keystore.p12 -clcerts -nokeys -password pass:secret | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ${WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/certServiceServer.crt
echo "Generated server certificate"
-openssl pkcs12 -in ${WORKSPACE}/plans/aaf/certservice/certs/certServiceServer-keystore.p12 -nocerts -nodes -password pass:secret| sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > ${WORKSPACE}/tests/aaf/certservice/assets/certs/certServiceServer.key
+openssl pkcs12 -in ${WORKSPACE}/plans/oom-platform-cert-service/certservice/certs/certServiceServer-keystore.p12 -nocerts -nodes -password pass:secret| sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > ${WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/certServiceServer.key
echo "Generated server key"
docker-compose up -d
-AAFCERT_IP='none'
+OOMCERT_IP='none'
# Wait container ready
for i in {1..9}
do
- AAFCERT_IP=`get-instance-ip.sh aafcert-service`
+ OOMCERT_IP=`get-instance-ip.sh oomcert-service`
RESP_CODE=$(curl -s https://localhost:8443/actuator/health --cacert ./certs/root.crt --cert-type p12 --cert ./certs/certServiceServer-keystore.p12 --pass secret | \
python2 -c 'import json,sys;obj=json.load(sys.stdin);print obj["status"]')
if [[ "$RESP_CODE" == "UP" ]]; then
- echo 'AAF Cert Service is ready'
- export AAFCERT_IP=${AAFCERT_IP}
- docker exec aafcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh
+ echo 'OOM Cert Service is ready'
+ export OOMCERT_IP=${OOMCERT_IP}
+ docker exec oomcert-ejbca /opt/primekey/scripts/ejbca-configuration.sh
break
fi
- echo 'Waiting for AAF Cert Service to start up...'
+ echo 'Waiting for OOM Cert Service to start up...'
sleep 30s
done
-if [ "$AAFCERT_IP" == 'none' -o "$AAFCERT_IP" == '' ]; then
- echo "AAF Cert Service is not ready!"
+if [ "$OOMCERT_IP" == 'none' -o "$OOMCERT_IP" == '' ]; then
+ echo "OOM Cert Service is not ready!"
exit 1 # Return error code
fi
make clear -C ./certs/
echo "Removed old keystores"
-rm -rf ${WORKSPACE}/tests/aaf/certservice/assets/certs
+rm -rf ${WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs
echo "Removed old certificates"
kill-instance.sh ${ClientContainerName}
\ No newline at end of file
# Test suites are relative paths under [integration/csit.git]/tests/.
# Place the suites in run order.
-aaf/certservice
+oom-platform-cert-service/certservice
Bag Attributes
- friendlyName: so@so.onap.org
- localKeyID: 54 69 6D 65 20 31 35 36 34 30 35 32 33 31 34 37 38 34
-subject=CN = aai-simulator, emailAddress = , OU = so@so.onap.org, OU = OSAAF, O = ONAP, C = US
+ friendlyName: aai-cert
+ localKeyID: 59 C6 CE 53 FF 25 7B 6F 86 4D E4 3A 2D EB 48 98 E0 20 B9 54
+subject=C = US, O = ONAP, OU = OSAAF, CN = aai-simulator
-issuer=C = US, O = ONAP, OU = OSAAF, CN = intermediateCA_9
+issuer=C = US, O = ONAP, OU = OSAAF, CN = intermediate
-----BEGIN CERTIFICATE-----
-MIIEBzCCAu+gAwIBAgIIdC1kel7DdnYwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
-BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
-bnRlcm1lZGlhdGVDQV85MB4XDTE5MDcyNTEwNTgzNFoXDTIwMDcyNTEwNTgzNFow
-bjEWMBQGA1UEAwwNYWFpLXNpbXVsYXRvcjEPMA0GCSqGSIb3DQEJARYAMRcwFQYD
-VQQLDA5zb0Bzby5vbmFwLm9yZzEOMAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9O
-QVAxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-185xCE6cmsY6XB5Dd/5GlfuWjN05KKk3akymxhbJLa9ektlusmuTPt4cnxD+e4b6
-dymqHzQ6C206TBK1jaDzcF07Ag7VTpxmlgaSukQ+aZoXfIcs80lWCLnNvC2MrOuh
-9uhUILAmuddo01cIHJvti5R2g6BEirCGsVKBSwmXRotxHyzUg9IwOpeGy0G1ZDjU
-OiMqY5qOonVTEz1AganctdiWK1/eZ5IBD7gQwckS5n1a6RYMVSnr1vKLoiZq76Bp
-wKy3EBX16jlmQMC5Aj9/GDezJg0bPvlikL3VUsC76DRShucsxS3SzVxeAJ5nsH8S
-qUElpbe3uabhFG2qKmtvdwIDAQABo4HPMIHMMAkGA1UdEwQCMAAwDgYDVR0PAQH/
-BAQDAgXgMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBUBgNVHSME
-TTBLgBSB95lbELnIjN7zUl7qTmmgQz6s3aEwpC4wLDEOMAwGA1UECwwFT1NBQUYx
-DTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTggEHMB0GA1UdDgQWBBSQ54p+SID0
-2p21lUHY9YC1ZZfkZTAYBgNVHREEETAPgg1hYWktc2ltdWxhdG9yMA0GCSqGSIb3
-DQEBCwUAA4IBAQBRGK6Iyjc/0bC3+qjPuNwSlu1pUcgHtgxP/oTU5f9xMSkSjIP0
-weVnIEGOwlW8GRbDPQza14AHETTxJ17rv6p6h7l/dZZmbMPl2S+QXGptgDWR6zY7
-q5ROecGcQzgto6lTMcKgBMW+ct3Tb3khMqP6ewzGz85SY7BgyVE7HFG9M5BM3NhX
-ovAcj93C24DFKLDKxHrrsVIROlFk6QW2+kb0zo1YzVc6NNJY2ViXBrM5zrG21tDj
-VEv0JaHKPYhzWCb7ZcSSo/ftZ2yDsRGS8r6DK5sYCfLifloMVJhF04hOC+ZbxiiB
-JgYniQPmb0Zj5BfXWovdAe/89wr5aokQ3GZL
+MIIE/TCCAuUCAQIwDQYJKoZIhvcNAQELBQAwQzELMAkGA1UEBhMCVVMxDTALBgNV
+BAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRUwEwYDVQQDDAxpbnRlcm1lZGlhdGUw
+IBcNMjAwODEzMTUxMDI5WhgPMjEyMDA3MjAxNTEwMjlaMEQxCzAJBgNVBAYTAlVT
+MQ0wCwYDVQQKDARPTkFQMQ4wDAYDVQQLDAVPU0FBRjEWMBQGA1UEAwwNYWFpLXNp
+bXVsYXRvcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM/5ReR7rfi1
+KKJSOKSzq+B+jLDOSeBzg6XtuSwcxW9glm09GzxRz7TGTdIRmGz3Y2SRY1En40Ep
+ZwEoyPgTBBNNR5hC+da9amvjFil/cvB1GqPS5v5PSNR38kmYjMGCUPtgqFv3Nl3L
+zAdgBBwrS4vitDXfq3oDyArGiY2DU1JZzGhPbLdrt8CNetk4csz5v/yHlcY3IMTz
+DYyuxfCRNBZvQd1rdusGo/FARLTRD4btMY3i/0/u0weXAsZrzjwiYiuA0i2qjmv7
+AeakNYLBC/nK/UTZFpwoZzFiAzcMs9fUwTDUhWm4nKoVSxRnkjlJoUx/vsctJbSl
++KKJBUYXrznkAQw34BhEZGQdjsUrpoIYti/pZ2w1O0xxfWMz98NE1qZH4TKKirNo
+cG7BZJ7EjqO25Ye6rZjfFdUa+Ri7pY7JBNobK8htR72BBX8+j1e8q3IuJ+GjUi9K
+fcSH1qK3ypztS8qjfFxYjehBktNt95MgaQdAvz2Xkyzpuj565+54B4YZtv+mfa98
+M/Osc11eox9GTY0nMw/8oohdNt9mzlgsUmCR3rK/3O5xkbmaOyWrgNj/0QlyjVsn
+w0pnmHTPmL321U/N5OQe21E54r0PI40DD6pfzUQ9CY/9j45o2f+eD29el4gjTf3l
+Bx4+9Hm116oHA9CxFqN7OOySAgrvLm5vAgMBAAEwDQYJKoZIhvcNAQELBQADggIB
+ALDeWIRGGVWLgYi1hbvTF/YrZyEPaHW2DSAZHVq+B6YE5O7hpcr5xesT52/zKwVJ
+wkithWEeYRkr3/zOtBWYA1luGNf3eQ3MbbaNfatGrv1NrMtp+x7QsLT8u1+YArwj
+Vr2Z4h7MHIO9EjdgH5IEMJRaUnOLRTZvvkNESJwVVy+Jlw3NVPvkw+wJcZF2n8Wf
+SNdE/FIBLLhJtX2/tiYeO+npn1WAcqifT5k0nOIRxZYEk0GdIq2P53nuaJ74GcWC
+enNI/CHjkJKix3yk8GlJPZkL/PfUbne6UwuNmAovoOcnd9hRbzv/IFXnJkmp4aun
+pdaSDpbWHyN/pEQBiSPN6QdgNzR7l+zkn+tprZtR143zAvsRBRf2JhpHQqI0EJLV
+HPVOGX9ph8f7Dixbka7EiCwy1yoaFuewQ0h/Ofqa8Nw7LPkTi3rp+FWZbZoZahlk
+A3k8StZwVOFvUIbvoj0bP3e2nJgnJKwfWppX29m6M0xUTn54hIm2TRkMy2SSIIHl
+7jYcaNKbmPibVeaW9Y8bjwBPkvvLbS7ZFb8QTYpYQbBUwLpkbuPImaQq+V4VqRJl
+Jzb5ZY7rSk/sp+vu2PuU4QkGGLC1X0bNCIi7ucwt9ie8uNCsYdNfQLYRy3x/BrWq
+BsmHg+f5zPyVmKd+qXBwfa7UeT2zJLs3IlFwBeg4sk3f
-----END CERTIFICATE-----
description
"Free-text description of the UP.";
}
+ leaf node-health {
+ type string;
+ description "Reflect Node Health Status";
+ }
}
}
}
\ No newline at end of file
<?xml version='1.0' encoding='UTF-8'?>
<software-upgrade xmlns="http://onap.org/pnf-sw-upgrade">
- <upgrade-package>
- <id>sw-id-1</id>
- <current-status>CREATED</current-status>
- <software-version>test_software_1</software-version>
- <uri>sftp://127.0.0.1/test_software_1.img</uri>
- <user>test_user</user>
- <password>test_password</password>
- <user-label>trial software update</user-label>
- </upgrade-package>
+ <upgrade-package>
+ <id>sw-id-1</id>
+ <current-status>CREATED</current-status>
+ <software-version>test_software_1</software-version>
+ <uri>sftp://127.0.0.1/test_software_1.img</uri>
+ <user>test_user</user>
+ <password>test_password</password>
+ <user-label>trial software update</user-label>
+ <node-health>Ok</node-health>
+ </upgrade-package>
</software-upgrade>
\ No newline at end of file
Bag Attributes
- friendlyName: so@so.onap.org
- localKeyID: 54 69 6D 65 20 31 35 36 34 30 35 32 33 31 34 37 38 34
-subject=CN = aai-simulator, emailAddress = , OU = so@so.onap.org, OU = OSAAF, O = ONAP, C = US
+ friendlyName: aai-cert
+ localKeyID: 59 C6 CE 53 FF 25 7B 6F 86 4D E4 3A 2D EB 48 98 E0 20 B9 54
+subject=C = US, O = ONAP, OU = OSAAF, CN = aai-simulator
-issuer=C = US, O = ONAP, OU = OSAAF, CN = intermediateCA_9
+issuer=C = US, O = ONAP, OU = OSAAF, CN = intermediate
-----BEGIN CERTIFICATE-----
-MIIEBzCCAu+gAwIBAgIIdC1kel7DdnYwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
-BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
-bnRlcm1lZGlhdGVDQV85MB4XDTE5MDcyNTEwNTgzNFoXDTIwMDcyNTEwNTgzNFow
-bjEWMBQGA1UEAwwNYWFpLXNpbXVsYXRvcjEPMA0GCSqGSIb3DQEJARYAMRcwFQYD
-VQQLDA5zb0Bzby5vbmFwLm9yZzEOMAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9O
-QVAxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-185xCE6cmsY6XB5Dd/5GlfuWjN05KKk3akymxhbJLa9ektlusmuTPt4cnxD+e4b6
-dymqHzQ6C206TBK1jaDzcF07Ag7VTpxmlgaSukQ+aZoXfIcs80lWCLnNvC2MrOuh
-9uhUILAmuddo01cIHJvti5R2g6BEirCGsVKBSwmXRotxHyzUg9IwOpeGy0G1ZDjU
-OiMqY5qOonVTEz1AganctdiWK1/eZ5IBD7gQwckS5n1a6RYMVSnr1vKLoiZq76Bp
-wKy3EBX16jlmQMC5Aj9/GDezJg0bPvlikL3VUsC76DRShucsxS3SzVxeAJ5nsH8S
-qUElpbe3uabhFG2qKmtvdwIDAQABo4HPMIHMMAkGA1UdEwQCMAAwDgYDVR0PAQH/
-BAQDAgXgMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBUBgNVHSME
-TTBLgBSB95lbELnIjN7zUl7qTmmgQz6s3aEwpC4wLDEOMAwGA1UECwwFT1NBQUYx
-DTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTggEHMB0GA1UdDgQWBBSQ54p+SID0
-2p21lUHY9YC1ZZfkZTAYBgNVHREEETAPgg1hYWktc2ltdWxhdG9yMA0GCSqGSIb3
-DQEBCwUAA4IBAQBRGK6Iyjc/0bC3+qjPuNwSlu1pUcgHtgxP/oTU5f9xMSkSjIP0
-weVnIEGOwlW8GRbDPQza14AHETTxJ17rv6p6h7l/dZZmbMPl2S+QXGptgDWR6zY7
-q5ROecGcQzgto6lTMcKgBMW+ct3Tb3khMqP6ewzGz85SY7BgyVE7HFG9M5BM3NhX
-ovAcj93C24DFKLDKxHrrsVIROlFk6QW2+kb0zo1YzVc6NNJY2ViXBrM5zrG21tDj
-VEv0JaHKPYhzWCb7ZcSSo/ftZ2yDsRGS8r6DK5sYCfLifloMVJhF04hOC+ZbxiiB
-JgYniQPmb0Zj5BfXWovdAe/89wr5aokQ3GZL
+MIIE/TCCAuUCAQIwDQYJKoZIhvcNAQELBQAwQzELMAkGA1UEBhMCVVMxDTALBgNV
+BAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRUwEwYDVQQDDAxpbnRlcm1lZGlhdGUw
+IBcNMjAwODEzMTUxMDI5WhgPMjEyMDA3MjAxNTEwMjlaMEQxCzAJBgNVBAYTAlVT
+MQ0wCwYDVQQKDARPTkFQMQ4wDAYDVQQLDAVPU0FBRjEWMBQGA1UEAwwNYWFpLXNp
+bXVsYXRvcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM/5ReR7rfi1
+KKJSOKSzq+B+jLDOSeBzg6XtuSwcxW9glm09GzxRz7TGTdIRmGz3Y2SRY1En40Ep
+ZwEoyPgTBBNNR5hC+da9amvjFil/cvB1GqPS5v5PSNR38kmYjMGCUPtgqFv3Nl3L
+zAdgBBwrS4vitDXfq3oDyArGiY2DU1JZzGhPbLdrt8CNetk4csz5v/yHlcY3IMTz
+DYyuxfCRNBZvQd1rdusGo/FARLTRD4btMY3i/0/u0weXAsZrzjwiYiuA0i2qjmv7
+AeakNYLBC/nK/UTZFpwoZzFiAzcMs9fUwTDUhWm4nKoVSxRnkjlJoUx/vsctJbSl
++KKJBUYXrznkAQw34BhEZGQdjsUrpoIYti/pZ2w1O0xxfWMz98NE1qZH4TKKirNo
+cG7BZJ7EjqO25Ye6rZjfFdUa+Ri7pY7JBNobK8htR72BBX8+j1e8q3IuJ+GjUi9K
+fcSH1qK3ypztS8qjfFxYjehBktNt95MgaQdAvz2Xkyzpuj565+54B4YZtv+mfa98
+M/Osc11eox9GTY0nMw/8oohdNt9mzlgsUmCR3rK/3O5xkbmaOyWrgNj/0QlyjVsn
+w0pnmHTPmL321U/N5OQe21E54r0PI40DD6pfzUQ9CY/9j45o2f+eD29el4gjTf3l
+Bx4+9Hm116oHA9CxFqN7OOySAgrvLm5vAgMBAAEwDQYJKoZIhvcNAQELBQADggIB
+ALDeWIRGGVWLgYi1hbvTF/YrZyEPaHW2DSAZHVq+B6YE5O7hpcr5xesT52/zKwVJ
+wkithWEeYRkr3/zOtBWYA1luGNf3eQ3MbbaNfatGrv1NrMtp+x7QsLT8u1+YArwj
+Vr2Z4h7MHIO9EjdgH5IEMJRaUnOLRTZvvkNESJwVVy+Jlw3NVPvkw+wJcZF2n8Wf
+SNdE/FIBLLhJtX2/tiYeO+npn1WAcqifT5k0nOIRxZYEk0GdIq2P53nuaJ74GcWC
+enNI/CHjkJKix3yk8GlJPZkL/PfUbne6UwuNmAovoOcnd9hRbzv/IFXnJkmp4aun
+pdaSDpbWHyN/pEQBiSPN6QdgNzR7l+zkn+tprZtR143zAvsRBRf2JhpHQqI0EJLV
+HPVOGX9ph8f7Dixbka7EiCwy1yoaFuewQ0h/Ofqa8Nw7LPkTi3rp+FWZbZoZahlk
+A3k8StZwVOFvUIbvoj0bP3e2nJgnJKwfWppX29m6M0xUTn54hIm2TRkMy2SSIIHl
+7jYcaNKbmPibVeaW9Y8bjwBPkvvLbS7ZFb8QTYpYQbBUwLpkbuPImaQq+V4VqRJl
+Jzb5ZY7rSk/sp+vu2PuU4QkGGLC1X0bNCIi7ucwt9ie8uNCsYdNfQLYRy3x/BrWq
+BsmHg+f5zPyVmKd+qXBwfa7UeT2zJLs3IlFwBeg4sk3f
-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIFbTCCA1WgAwIBAgIUcuJ40Js2R5pukZRainsbfHjZMc8wDQYJKoZIhvcNAQEL
+BQAwPTEPMA0GA1UEAwwGUm9vdENBMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwE
+T05BUDELMAkGA1UEBhMCVVMwIBcNMjAwODEzMTQ1ODM2WhgPMjEyMDA3MjAxNDU4
+MzZaMD0xDzANBgNVBAMMBlJvb3RDQTEOMAwGA1UECwwFT1NBQUYxDTALBgNVBAoM
+BE9OQVAxCzAJBgNVBAYTAlVTMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
+AgEA1hsnL+g+86ZvckGH2FF8etyyHkre0NioqsR2ppPXQmejhcL03yGjFPNNVsb5
+eXYmAets4sbNbgjbcEiNVYbj0KkYZvXN+YHPys3W7LADE0d+RyIvuw2v1OdZbAZU
+BexGDYIW+bz1Bvrw5Vw7n7mCGVgZgbTj6hXDKMOb8EyhhzOQj4trasuz63/kZPtZ
+NzlzXh7AU+FOVOkfWEGsAKzyOwqsTLD5IlD85vahYiSe8xMVYdMz+JAFwNvMdOGH
+uVdwFEa0bGh+GAonGK1bRhfqjrronOfhnVhMccS3uFyHHhRzT3JmifXRih0/v9Le
+EPyc1GwUJd1lMI1iITCAsxlOSwINr0H4FrhV576hUBlZCZxRYQ1Srt04BNP1NjrB
+wDQKPQhhlFZYwxn4YCG7T/ktN4ANtFiPa5/ZP4OSYHjF+v6L97vIGQ4DlQ+rvvsY
+6/HhRcDhnKm0v3DMY4rF2gPzVZQTVnHgQY3hXaILi7p2kGMVyD5J4lFMGNwYseXP
+wxtQL03vlXdLIOcxYP0WjeFyHe7mTZMAS++xzIkcwXPZBTZzOzzxB15V4Hl2WeNE
+DSTizLQjKw3vcSkmTEoLVCR/GelVhpXP3WmqmbtbMM6V8g6u+csmiERmoAyGR6hI
+h/9pKIBznJChEAdGKLZvsNCC2MjbLDa/n160Ho8G5zLKz5cCAwEAAaNjMGEwHQYD
+VR0OBBYEFFFA2kBuZQ5ypVzKvp5CSMztpaDdMB8GA1UdIwQYMBaAFFFA2kBuZQ5y
+pVzKvp5CSMztpaDdMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0G
+CSqGSIb3DQEBCwUAA4ICAQCezmNt0W5hHUMLCAYfvzw5C85HslIW1OsdYtv7Ck6Q
++qrVqku36/7EesziQfBhB1BYOoGkUbAizrkFVCSvHSenRYaukVirPR5EfmWtAocD
+1Tg8EepiFG7FeSWLBflyHbeoq66opVIqooJ9EZT6SDQRc/bYojMu+ZRQ6CJe9mlL
+1JAnfWpJJc4c/WevcXo6LqumB4JGA+Dg+ca2ELfEaGNjJs32mDDeWHcKeFzXOk/g
+jkfwuDmOc//j/M0ehT3RSnI1b3YXw5gHP0Axne/fFooXtoR8A4ofw8pCu/OsJIdD
+AgBtu81klFbPmXZtlcN0lC34KqcUZUkGPcBbKg741wFAmjqCl40FUSofhaARm4gS
+zn6CcDx11+JWtAu8kgr7gLtFFYm+pnQdHTnzL7Rd4Wuk4V5i8I/Vx9SCJEHWQx1V
+d0EQzZMbLxMxlg8eEUDHm8RBVQahbAmTLPtLxiPtw/a2YY5Ck2ilH1L0CPkJtlvB
+AW2uZFJ4DNaIQBDB4hbJgRuVK3K3hzZ5SHyJKmMO0XZ2O+zoQJ4Tl+yasu30lsZU
+0qiDgP+WjhzZh+pCS1WkxGZGL7HG0P0HVXkqW2yrzThGurrc5ACAN15UUhrYcuUT
+bgfv0R7oe+bp+ZtUQ/d8rU9vR+OcIL0pENfI9vIwtfmNpIWizeJLWc9Kafqd+c8j
+kw==
+-----END CERTIFICATE-----
- "8081:8081"
volumes:
- /etc/localtime:/etc/localtime:ro
- - ${TEST_LAB_DIR}/volumes/so/ca-certificates/onapheat:/app/ca-certificates
- ${CONFIG_DIR_PATH}/override-files/bpmn-infra/onapheat:/app/config
- ${CONFIG_DIR_PATH}/certificates/aai-certificate/aai.cert:/app/ca-certificates/aai.cert
+ - ${CONFIG_DIR_PATH}/certificates/root-certificate/root.crt:/app/ca-certificates/root.crt
environment:
- APP=bpmn-infra
- JVM_ARGS=-Xms64m -Xmx512m
tomcat:
max-threads: 4
ssl:
- key-store: classpath:keystore/org.onap.so.p12
- key-store-password: u!@JQoYD])@ykq.NKM,O7iA.
+ key-store: classpath:keystore/keystore.p12
+ key-store-password: mYHC98!qX}7h?W}jRv}MIXTJ
keyStoreType: PKCS12
ssl-enable: true
spring:
http:
client:
ssl:
- trust-store: classpath:truststore/org.onap.so.trust.jks
- trust-store-password: '[)3KV.k*!IlkFhWEq0Nv2dDa'
\ No newline at end of file
+ trust-store: classpath:truststore/truststore.jks
+ trust-store-password: '*TQH?Lnszprs4LmlAj38yds('
\ No newline at end of file
MSB_IAG_IP=`get-instance-ip.sh msb_internal_apigateway`
echo MSB_IAG_IP=${MSB_IAG_IP}
-docker run -d -p 3306:3306 --name vfc-db -v /var/lib/mysql nexus3.onap.org:10001/onap/vfc/db
+# Start Mysql
+docker run -d -p 3306:3306 --name vfc-db -v /var/lib/mysql -e MYSQL_USER="gvnfm" -e MYSQL_PASSWORD="gvnfm" -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE="gvnfm" nexus3.onap.org:10001/library/mariadb
VFC_DB_IP=`get-instance-ip.sh vfc-db`
echo VFC_DB_IP=${VFC_DB_IP}
+# Start Redis
+docker run -d -p 6379:6379 --name vfc-redis redis
+VFC_REDIS_IP=`get-instance-ip.sh vfc-redis`
+echo VFC_REDIS_IP=${VFC_REDIS_IP}
+
# Wait for initialization(8500 Consul, 10081 Service Registration & Discovery, 80 api gateway)
for i in {1..10}; do
curl -sS -m 1 ${MSB_CONSUL_IP}:8500 && curl -sS -m 1 ${MSB_DISCOVERY_IP}:10081 && curl -sS -m 1 ${MSB_IAG_IP}:80 && break
sleep 30
# start vfc-vnflcm
-docker run -d --name vfc-vnflcm -e MSB_ADDR=${MSB_IAG_IP}:80 -e MYSQL_ADDR=${VFC_DB_IP}:3306 nexus3.onap.org:10001/onap/vfc/vnflcm
+docker run -d --name vfc-vnflcm -e MSB_ADDR=${MSB_IAG_IP}:80 -e MYSQL_ADDR=${VFC_DB_IP}:3306 -e REDIS_HOST=${VFC_REDIS_IP} nexus3.onap.org:10001/onap/vfc/vnflcm
VNFLCM_IP=`get-instance-ip.sh vfc-vnflcm`
# Wait for initialization
source ${SCRIPTS}/common_functions.sh
-
#start msb
docker run -d -p 8500:8500 --name msb_consul consul:0.9.3
MSB_CONSUL_IP=`get-instance-ip.sh msb_consul`
MSB_IAG_IP=`get-instance-ip.sh msb_internal_apigateway`
echo MSB_IAG_IP=${MSB_IAG_IP}
-docker run -d -p 3306:3306 --name vfc-db nexus3.onap.org:10001/onap/vfc/db
+# Start Mysql
+docker run -d -p 3306:3306 --name vfc-db -v /var/lib/mysql -e MYSQL_USER="gvnfm" -e MYSQL_PASSWORD="gvnfm" -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE="gvnfm" nexus3.onap.org:10001/library/mariadb
VFC_DB_IP=`get-instance-ip.sh vfc-db`
echo VFC_DB_IP=${VFC_DB_IP}
+# Start Redis
+docker run -d -p 6379:6379 --name vfc-redis redis
+VFC_REDIS_IP=`get-instance-ip.sh vfc-redis`
+echo VFC_REDIS_IP=${VFC_REDIS_IP}
+
# Wait for initialization(8500 Consul, 10081 Service Registration & Discovery, 80 api gateway)
for i in {1..10}; do
curl -sS -m 1 ${MSB_CONSUL_IP}:8500 && curl -sS -m 1 ${MSB_DISCOVERY_IP}:10081 && curl -sS -m 1 ${MSB_IAG_IP}:80 && break
sleep 60
# start vfc-vnflcm
-docker run -d --name vfc-vnflcm -e MSB_ADDR=${MSB_IAG_IP}:80 -e MYSQL_ADDR=${VFC_DB_IP}:3306 nexus3.onap.org:10001/onap/vfc/vnflcm
+docker run -d --name vfc-vnflcm -e MSB_ADDR=${MSB_IAG_IP}:80 -e MYSQL_ADDR=${VFC_DB_IP}:3306 -e REDIS_HOST=${VFC_REDIS_IP} nexus3.onap.org:10001/onap/vfc/vnflcm
VNFLCM_IP=`get-instance-ip.sh vfc-vnflcm`
# Wait for initialization
done
# start vfc-vnfres
-docker run -d --name vfc-vnfmgr -e MSB_ADDR=${MSB_IAG_IP}:80 -e MYSQL_ADDR=${VFC_DB_IP}:3306 nexus3.onap.org:10001/onap/vfc/vnfmgr
+docker run -d --name vfc-vnfmgr -e MSB_ADDR=${MSB_IAG_IP}:80 -e MYSQL_ADDR=${VFC_DB_IP}:3306 -e REDIS_HOST=${VFC_REDIS_IP} nexus3.onap.org:10001/onap/vfc/vnfmgr
VNFMGR_IP=`get-instance-ip.sh vfc-vnfmgr`
# Wait for initialization
source ${SCRIPTS}/common_functions.sh
-
#start msb
docker run -d -p 8500:8500 --name msb_consul consul:0.9.3
MSB_CONSUL_IP=`get-instance-ip.sh msb_consul`
MSB_IAG_IP=`get-instance-ip.sh msb_internal_apigateway`
echo MSB_IAG_IP=${MSB_IAG_IP}
-docker run -d -p 3306:3306 --name vfc-db nexus3.onap.org:10001/onap/vfc/db
+# Start Mysql
+docker run -d -p 3306:3306 --name vfc-db -v /var/lib/mysql -e MYSQL_USER="gvnfm" -e MYSQL_PASSWORD="gvnfm" -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE="gvnfm" nexus3.onap.org:10001/library/mariadb
VFC_DB_IP=`get-instance-ip.sh vfc-db`
echo VFC_DB_IP=${VFC_DB_IP}
+# Start Redis
+docker run -d -p 6379:6379 --name vfc-redis redis
+VFC_REDIS_IP=`get-instance-ip.sh vfc-redis`
+echo VFC_REDIS_IP=${VFC_REDIS_IP}
+
# Wait for initialization(8500 Consul, 10081 Service Registration & Discovery, 80 api gateway)
for i in {1..10}; do
curl -sS -m 1 ${MSB_CONSUL_IP}:8500 && curl -sS -m 1 ${MSB_DISCOVERY_IP}:10081 && curl -sS -m 1 ${MSB_IAG_IP}:80 && break
sleep 60
# start vfc-vnflcm
-docker run -d --name vfc-vnflcm -e MSB_ADDR=${MSB_IAG_IP}:80 -e MYSQL_ADDR=${VFC_DB_IP}:3306 nexus3.onap.org:10001/onap/vfc/vnflcm
+docker run -d --name vfc-vnflcm -e MSB_ADDR=${MSB_IAG_IP}:80 -e MYSQL_ADDR=${VFC_DB_IP}:3306 -e REDIS_HOST=${VFC_REDIS_IP} nexus3.onap.org:10001/onap/vfc/vnflcm
VNFLCM_IP=`get-instance-ip.sh vfc-vnflcm`
# Wait for initialization
done
# start vfc-vnfres
-docker run -d --name vfc-vnfres -e MSB_ADDR=${MSB_IAG_IP}:80 -e MYSQL_ADDR=${VFC_DB_IP}:3306 nexus3.onap.org:10001/onap/vfc/vnfres
+docker run -d --name vfc-vnfres -e MSB_ADDR=${MSB_IAG_IP}:80 -e MYSQL_ADDR=${VFC_DB_IP}:3306 -e REDIS_HOST=${VFC_REDIS_IP} nexus3.onap.org:10001/onap/vfc/vnfres
VNFRES_IP=`get-instance-ip.sh vfc-vnfres`
# Wait for initialization
MSB_IAG_IP=`get-instance-ip.sh msb_internal_apigateway`
echo MSB_IAG_IP=${MSB_IAG_IP}
-docker run -d -p 3306:3306 --name vfc-db -v /var/lib/mysql nexus3.onap.org:10001/onap/vfc/db
+# Mysql
+docker run -d -p 3306:3306 --name vfc-db -v /var/lib/mysql -e MYSQL_USER="vfcnfvolcm" -e MYSQL_PASSWORD="vfcnfvolcm" -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE="vfcnfvolcm" nexus3.onap.org:10001/library/mariadb
VFC_DB_IP=`get-instance-ip.sh vfc-db`
echo VFC_DB_IP=${VFC_DB_IP}
+# Redis
+docker run -d -p 6379:6379 --name vfc-redis redis
+VFC_REDIS_IP=`get-instance-ip.sh vfc-redis`
+echo VFC_REDIS_IP=${VFC_REDIS_IP}
+
# Wait for initialization(8500 Consul, 10081 Service Registration & Discovery, 80 api gateway)
for i in {1..10}; do
curl -sS -m 1 ${MSB_CONSUL_IP}:8500 && curl -sS -m 1 ${MSB_DISCOVERY_IP}:10081 && curl -sS -m 1 ${MSB_IAG_IP}:80 && break
sleep 60
# start vfc-nslcm
-docker run -d --name vfc-nslcm -v /var/lib/mysql -e MSB_ADDR=${MSB_IAG_IP}:80 -e MYSQL_ADDR=${VFC_DB_IP}:3306 -e REG_TO_MSB_WHEN_START=true nexus3.onap.org:10001/onap/vfc/nslcm
+docker run -d --name vfc-nslcm -v /var/lib/mysql -e MSB_ADDR=${MSB_IAG_IP}:80 -e MYSQL_ADDR=${VFC_DB_IP}:3306 -e REDIS_HOST=${VFC_REDIS_IP} -e REG_TO_MSB_WHEN_START=true nexus3.onap.org:10001/onap/vfc/nslcm
NSLCM_IP=`get-instance-ip.sh vfc-nslcm`
# Wait for initialization
+++ /dev/null
-*** Variables ***
-
-${CERT_SERVICE_CONTAINER_NAME} aaf-cert-service
-${CERT_SERVICE_PORT} 8443
-${AAFCERT_URL} https://localhost:${cert_service_port}
-${CLIENT_CA_NAME} Client
-${RA_CA_NAME} RA
-${CERT_SERVICE_ENDPOINT} /v1/certificate/
-${ROOTCA} %{WORKSPACE}/tests/aaf/certservice/assets/certs/root.crt
-${CERTSERVICE_SERVER_CRT} %{WORKSPACE}/tests/aaf/certservice/assets/certs/certServiceServer.crt
-${CERTSERVICE_SERVER_KEY} %{WORKSPACE}/tests/aaf/certservice/assets/certs/certServiceServer.key
-${VALID_CLIENT_CSR_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client.csr
-${VALID_CLIENT_PK_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client.pk
-${VALID_RA_CSR_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/valid_ra.csr
-${VALID_RA_PK_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/valid_ra.pk
-${INVALID_CSR_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/invalid.csr
-${INVALID_PK_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/invalid.key
-
-
-${CERT_SERVICE_ADDRESS} https://${CERT_SERVICE_CONTAINER_NAME}:${CERT_SERVICE_PORT}
-${VALID_ENV_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client_docker.env
-${VALID_ENV_FILE_JKS} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client_docker_jks.env
-${VALID_ENV_FILE_P12} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client_docker_p12.env
-${VALID_ENV_FILE_PEM} %{WORKSPACE}/tests/aaf/certservice/assets/valid_client_docker_pem.env
-${INVALID_ENV_FILE_OUTPUT_TYPE} %{WORKSPACE}/tests/aaf/certservice/assets/invalid_client_docker_output_type.env
-${INVALID_ENV_FILE} %{WORKSPACE}/tests/aaf/certservice/assets/invalid_client_docker.env
-${DOCKER_CLIENT_IMAGE} nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest
-${CLIENT_CONTAINER_NAME} %{ClientContainerName}
-${CERT_SERVICE_NETWORK} certservice_certservice
-${MOUNT_PATH} %{WORKSPACE}/tests/aaf/certservice/tmp
-${TRUSTSTORE_PATH} %{WORKSPACE}/plans/aaf/certservice/certs
"dmaap_info": {
"client_id": "1475976809466",
"client_role": "org.onap.dcae.pmPublisher",
- "topic_url": "https://mr-sim:3095/events/org.onap.dmaap.mr.PM_SUBSCRIPTIONS",
+ "topic_url": "https://mr-sim:3095/events/unauthenticated.DCAE_CL_OUTPUT",
"location": "san-francisco"
},
"type": "message_router"
"policy_pm_subscriber": {
"dmaap_info": {
"location": "san-francisco",
- "topic_url": "https://mr-sim:3095/events/org.onap.dmaap.mr.PM_SUBSCRIPTIONS",
+ "topic_url": "https://mr-sim:3095/events/unauthenticated.PMSH_CL_INPUT",
"client_role": "org.onap.dcae.pmSubscriber",
"client_id": "1575876809456"
},
[
{
"httpRequest": {
- "path": "/events/AAI_EVENT/dcae_pmsh_cg/dcae_pmsh_aai_event",
+ "path": "/events/AAI_EVENT/.*",
"queryStringParameters" : {
"timeout" : [ "1000" ]
}
},
{
"httpRequest": {
- "path": "/events/AAI_EVENT/dcae_pmsh_cg/dcae_pmsh_aai_event",
+ "path": "/events/AAI_EVENT/.*",
"queryStringParameters" : {
"timeout" : [ "1000" ]
}
"application/json"
]
},
- "body": "{}"
+ "body": []
}
}
]
[
{
"httpRequest": {
- "path": "/events/AAI_EVENT/dcae_pmsh_cg/dcae_pmsh_aai_event",
+ "path": "/events/AAI_EVENT/.*",
"queryStringParameters" : {
"timeout" : [ "1000" ]
}
},
{
"httpRequest": {
- "path": "/events/AAI_EVENT/dcae_pmsh_cg/dcae_pmsh_aai_event",
+ "path": "/events/AAI_EVENT/.*",
"queryStringParameters" : {
"timeout" : [ "1000" ]
}
"application/json"
]
},
- "body": "{}"
+ "body": []
}
}
]
[
{
"httpRequest": {
- "path": "/events/unauthenticated.PMSH_CL_INPUT/dcae_pmsh_cg/dcae_pmsh_policy_cl_input",
+ "path": "/events/unauthenticated.PMSH_CL_INPUT/.*",
"queryStringParameters" : {
"timeout" : [ "1000" ]
}
},
{
"httpRequest": {
- "path": "/events/unauthenticated.PMSH_CL_INPUT/dcae_pmsh_cg/dcae_pmsh_policy_cl_input",
+ "path": "/events/unauthenticated.PMSH_CL_INPUT/.*",
"queryStringParameters" : {
"timeout" : [ "1000" ]
}
"application/json"
]
},
- "body": {
- "type": "JSON",
- "json": {}
- }
+ "body": []
}
}
]
+++ /dev/null
-[
- {
- "httpRequest": {
- "path": "/events/unauthenticated.PMSH_CL_INPUT/dcae_pmsh_cg/dcae_pmsh_policy_cl_input",
- "queryStringParameters" : {
- "timeout" : [ "1000" ]
- }
- },
- "httpResponse": {
- "statusCode": 200,
- "headers": {
- "content-type": [
- "application/json"
- ]
- },
- "body": [
- "{\"name\": \"ResponseEvent\", \"nameSpace\": \"org.onap.policy.apex.onap.pmcontrol\", \"source\": \"APEX\", \"target\": \"DCAE\", \"version\": \"0.0.1\", \"status\": {\"subscriptionName\": \"ExtraPM-All-gNB-R2B\", \"nfName\": \"pnf_new\", \"changeType\": \"CREATE\", \"message\": \"success\"}}"
- ]
- },
- "times": {
- "remainingTimes": 1,
- "unlimited": false
- }
- },
- {
- "httpRequest": {
- "path": "/events/unauthenticated.PMSH_CL_INPUT/dcae_pmsh_cg/dcae_pmsh_policy_cl_input",
- "queryStringParameters" : {
- "timeout" : [ "1000" ]
- }
- },
- "httpResponse": {
- "statusCode": 200,
- "headers": {
- "content-type": [
- "application/json"
- ]
- },
- "body": {
- "type": "JSON",
- "json": {}
- }
- }
- }
-]
${MR_EXPECTATION_AAI_PNF_CREATED} %{WORKSPACE}/tests/dcaegen2-services-pmsh/testcases/assets/mr-expectation-aai-pnf-created.json
${MR_EXPECTATION_AAI_PNF_REMOVED} %{WORKSPACE}/tests/dcaegen2-services-pmsh/testcases/assets/mr-expectation-aai-pnf-deleted.json
-${MR_EXPECTATION_POLICY_RESPONSE_PNF_NEW} %{WORKSPACE}/tests/dcaegen2-services-pmsh/testcases/assets/mr-expectation-policy-subscription-created-pnf-new.json
${MR_EXPECTATION_POLICY_RESPONSE_PNF_EXISTING} %{WORKSPACE}/tests/dcaegen2-services-pmsh/testcases/assets/mr-expectation-policy-subscription-created-pnf-existing.json
${CBS_EXPECTATION_ADMIN_STATE_UNLOCKED} %{WORKSPACE}/tests/dcaegen2-services-pmsh/testcases/assets/cbs-expectation-unlocked-config.json
Verify Policy response on MR is handled
[Tags] PMSH_04
[Documentation] Verify policy response on MR is handled
- [Timeout] 40 seconds
+ [Timeout] 60 seconds
SimulatePolicyResponse ${MR_EXPECTATION_POLICY_RESPONSE_PNF_EXISTING}
- Sleep 15 seconds Ensure Policy response on MR is picked up
+ Sleep 31 seconds Ensure Policy response on MR is picked up
${resp}= Get Request pmsh_session ${SUBSCRIPTIONS_ENDPOINT}
Should Be Equal As Strings ${resp.json()[0]['network_functions'][0]['nf_sub_status']} CREATED
Verify AAI event on MR detailing new PNF being detected is handled
[Tags] PMSH_05
[Documentation] Verify PNF created AAI event on MR is handled
- [Timeout] 30 seconds
+ [Timeout] 60 seconds
SimulateNewPNF
- Sleep 15 seconds Ensure AAI event on MR is picked up
+ Sleep 31 seconds Ensure AAI event on MR is picked up
${resp}= Get Request pmsh_session ${SUBSCRIPTIONS_ENDPOINT}
Should Be Equal As Strings ${resp.json()[0]['network_functions'][1]['nf_name']} pnf_newly_discovered
Should Be Equal As Strings ${resp.json()[0]['network_functions'][1]['orchestration_status']} Active
Verify AAI event on MR detailing PNF being deleted is handled
[Tags] PMSH_06
[Documentation] Verify PNF deleted AAI event on MR is handled
- [Timeout] 30 seconds
+ [Timeout] 60 seconds
SimulateDeletedPNF
- Sleep 12 seconds Ensure AAI event on MR is picked up
+ Sleep 31 seconds Ensure AAI event on MR is picked up
${resp}= Get Request pmsh_session ${SUBSCRIPTIONS_ENDPOINT}
Should Not Contain ${resp.text} pnf_newly_discovered
Send Request And Validate Response Publish Event To VES Collector ${https_no_cert_no_auth_session} ${VES_BATCH_EVENT_ENDPOINT_V7} ${VES_VALID_BATCH_JSON_V7} 401
Publish VES Event With Empty Stnd Domain Namespace Parameter
- [Tags] DCAE-VESC-R1
- [Documentation] Post single event with invalid data (empty stnd namespace parameter) to /eventListener/v7 endpoint, expect 400 Response Status Code and "Mandatory input event.commonEventHeader.stndDefinedNamespace is empty in request" message
- Send Request And Validate Response And Error Message Publish Event To VES Collector ${https_basic_auth_session} ${VES_EVENTLISTENER_V7} ${VES_STDN_DEFINED_EMMPTY_NAMESPACE} 400 Mandatory input attribute event.commonEventHeader.stndDefinedNamespace is empty in request
+ [Tags] DCAE-VESC-R1 DCAE-VESC-STNDDEFINED
+ [Documentation] Post single event with invalid data (empty stnd namespace parameter) to /eventListener/v7 endpoint, expect 400 Response Status Code and "Mandatory input %1 %2 is empty in request" message
+ Send Request And Validate Response And Error Message Publish Event To VES Collector ${https_basic_auth_session} ${VES_EVENTLISTENER_V7} ${VES_STDN_DEFINED_EMMPTY_NAMESPACE} 400 Mandatory input %1 %2 is empty in request
Publish VES Event With Missing Stnd Domain Namespace Parameter
- [Tags] DCAE-VESC-R1
- [Documentation] Post single event with invalid data (missing stnd namespace parameter) to /eventListener/v7 endpoint, expect 400 Response Status Code and "Mandatory input attribute event.commonEventHeader.stndDefinedNamespace is missing from request" message
- Send Request And Validate Response And Error Message Publish Event To VES Collector ${https_basic_auth_session} ${VES_EVENTLISTENER_V7} ${VES_STDN_DEFINED_MISSING_NAMESPACE} 400 Mandatory input attribute event.commonEventHeader.stndDefinedNamespace is missing from request
+ [Tags] DCAE-VESC-R1 DCAE-VESC-STNDDEFINED
+ [Documentation] Post single event with invalid data (missing stnd namespace parameter) to /eventListener/v7 endpoint, expect 400 Response Status Code and "Mandatory input %1 %2 is missing from request" message
+ Send Request And Validate Response And Error Message Publish Event To VES Collector ${https_basic_auth_session} ${VES_EVENTLISTENER_V7} ${VES_STDN_DEFINED_MISSING_NAMESPACE} 400 Mandatory input %1 %2 is missing from request
Publish Single VES Event With Empty JSON
- [Tags] DCAE-VESC-R1
+ [Tags] DCAE-VESC-R1 DCAE-VESC-STNDDEFINED
[Documentation] Post single event with empty json and expect 400 Response Status Code
Send Request And Validate Response Publish Event To VES Collector ${https_basic_auth_session} ${VES_EVENTLISTENER_V7} ${VES_EMPTY_JSON} 400
Publish Single VES Event With Missing SourceName Parameter
- [Tags] DCAE-VESC-R1
+ [Tags] DCAE-VESC-R1 DCAE-VESC-STNDDEFINED
[Documentation] Post single event with empty json and expect 400 Response Status Code
Send Request And Validate Response Publish Event To VES Collector ${https_basic_auth_session} ${VES_EVENTLISTENER_V7} ${VES_NAMESPACE_3GPP_PROVISIONING_MISSING_SOURCENAME} 400
Publish Single VES Event With stndDefinedNamespace = 3GPP-Provisioning
- [Tags] DCAE-VESC-R1
+ [Tags] DCAE-VESC-R1 DCAE-VESC-STNDDEFINED
[Documentation] Post single event with stndDefinedNamespace = 3GPP-Provisioning and event should routed to topic unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT
Send Request And Validate Response Publish Event To VES Collector ${https_basic_auth_session} ${VES_EVENTLISTENER_V7} ${VES_STDN_DEFINED_3GPP_PROVISIONING} 202 unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT
Publish Single VES Event With stndDefinedNamespace = 3GPP-Heartbeat
- [Tags] DCAE-VESC-R1
+ [Tags] DCAE-VESC-R1 DCAE-VESC-STNDDEFINED
[Documentation] Post single event with stndDefinedNamespace = 3GPP-Heartbeat and event should routed to topic unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT
Send Request And Validate Response Publish Event To VES Collector ${https_basic_auth_session} ${VES_EVENTLISTENER_V7} ${VES_STDN_DEFINED_3GPP_HEARTBEAT} 202 unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT
Publish Single VES Event With stndDefinedNamespace = 3GPP-PerformanceAssurance
- [Tags] DCAE-VESC-R1
+ [Tags] DCAE-VESC-R1 DCAE-VESC-STNDDEFINED
[Documentation] Post single event with stndDefinedNamespace = 3GPP-PerformanceAssurance and event should routed to topic unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT
Send Request And Validate Response Publish Event To VES Collector ${https_basic_auth_session} ${VES_EVENTLISTENER_V7} ${VES_STDN_DEFINED_3GPP_PERFORMANCE_ASSURANCE} 202 unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT
Publish Single VES Event With stndDefinedNamespace = 3GPP-FaultSupervision
- [Tags] DCAE-VESC-R1
+ [Tags] DCAE-VESC-R1 DCAE-VESC-STNDDEFINED
[Documentation] Post single event with stndDefinedNamespace = 3GPP-FaultSupervision and event should routed to topic unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT
- Send Request And Validate Response Publish Event To VES Collector ${https_basic_auth_session} ${VES_EVENTLISTENER_V7} ${VES_STDN_DEFINED_3GPP_FAULTSUPERVISION} 202 unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT
\ No newline at end of file
+ Send Request And Validate Response Publish Event To VES Collector ${https_basic_auth_session} ${VES_EVENTLISTENER_V7} ${VES_STDN_DEFINED_3GPP_FAULTSUPERVISION} 202 unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT
REQUEST_TIMEOUT=5000
OUTPUT_PATH=/var/certs
CA_NAME=Invalid
-KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/certServiceClient-keystore.jks
KEYSTORE_PASSWORD=secret
-TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/truststore.jks
TRUSTSTORE_PASSWORD=secret
#Csr config envs
COMMON_NAME=onap.org
OUTPUT_PATH=/var/certs
CA_NAME=RA
OUTPUT_TYPE=INV
-KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/certServiceClient-keystore.jks
KEYSTORE_PASSWORD=secret
-TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/truststore.jks
TRUSTSTORE_PASSWORD=secret
#Csr config envs
COMMON_NAME=onap.org
REQUEST_TIMEOUT=30000
OUTPUT_PATH=/var/certs
CA_NAME=RA
-KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/certServiceClient-keystore.jks
KEYSTORE_PASSWORD=secret
-TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/truststore.jks
TRUSTSTORE_PASSWORD=secret
#Csr config envs
COMMON_NAME=onap.org
OUTPUT_PATH=/var/certs
CA_NAME=RA
OUTPUT_TYPE=JKS
-KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/certServiceClient-keystore.jks
KEYSTORE_PASSWORD=secret
-TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/truststore.jks
TRUSTSTORE_PASSWORD=secret
#Csr config envs
COMMON_NAME=onap.org
OUTPUT_PATH=/var/certs
CA_NAME=RA
OUTPUT_TYPE=P12
-KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/certServiceClient-keystore.jks
KEYSTORE_PASSWORD=secret
-TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/truststore.jks
TRUSTSTORE_PASSWORD=secret
#Csr config envs
COMMON_NAME=onap.org
OUTPUT_PATH=/var/certs
CA_NAME=RA
OUTPUT_TYPE=PEM
-KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
+KEYSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/certServiceClient-keystore.jks
KEYSTORE_PASSWORD=secret
-TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
+TRUSTSTORE_PATH=/etc/onap/oom-platform-cert-service/certservice/certs/truststore.jks
TRUSTSTORE_PASSWORD=secret
#Csr config envs
COMMON_NAME=onap.org
*** Settings ***
-Documentation AAF Cert Service API test case scenarios
+Documentation OOM Cert Service API test case scenarios
Library RequestsLibrary
Resource ./resources/cert-service-keywords.robot
*** Test Cases ***
Health Check
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Service is up and running
Run health check
Reload Configuration
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Configuration was changed
Send Get Request And Validate Response /reload 200
Check if application is ready
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Send request to /ready endpoint and expect 200
Send Get Request And Validate Response /ready 200
Generate Certificate In RA Mode For CA Name
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Send request to ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} endpoint and expect 200
Send Get Request with Header And Expect Success ${CERT_SERVICE_ENDPOINT}${RA_CA_NAME} ${VALID_RA_CSR_FILE} ${VALID_RA_PK_FILE}
Report Not Found Error When Path To Service Is Not Valid
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Send request to ${CERT_SERVICE_ENDPOINT} endpoint and expect 404
Send Get Request with Header And Expect Error ${CERT_SERVICE_ENDPOINT} ${VALID_CLIENT_CSR_FILE} ${VALID_CLIENT_PK_FILE} 404
Report Bad Request Error When Header Is Missing In Request
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Send request without header to ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} endpoint and expect 400
Send Get Request And Validate Response ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} 400
Report Bad Request Error When CSR Is Not Valid
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Send request to ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} endpoint and expect 400
Send Get Request with Header And Expect Error ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} ${INVALID_CSR_FILE} ${VALID_CLIENT_PK_FILE} 400
Report Bad Request Error When PK Is Not Valid
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Send request to ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} endpoint and expect 400
Send Get Request with Header And Expect Error ${CERT_SERVICE_ENDPOINT}${CLIENT_CA_NAME} ${VALID_CLIENT_CSR_FILE} ${INVALID_PK_FILE} 400
Cert Service Client successfully creates keystore.p12 and truststore.p12
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Run with correct env and expected exit code 0
Run Cert Service Client And Validate PKCS12 File Creation And Client Exit Code ${VALID_ENV_FILE} 0
Cert Service Client successfully creates keystore.jks and truststore.jks
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Run with correct env and expected exit code 0
Run Cert Service Client And Validate JKS File Creation And Client Exit Code ${VALID_ENV_FILE_JKS} 0
Cert Service Client successfully creates keystore and truststore with expected data with no OUTPUT_TYPE
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Run with correct env and PKCS12 files created with correct data
Run Cert Service Client And Validate PKCS12 Files Contain Expected Data ${VALID_ENV_FILE} 0
Cert Service Client successfully creates keystore and truststore with expected data with OUTPUT_TYPE=JKS
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Run with correct env and JKS files created with correct data
Run Cert Service Client And Validate JKS Files Contain Expected Data ${VALID_ENV_FILE_JKS} 0
Cert Service Client successfully creates keystore and truststore with expected data with OUTPUT_TYPE=P12
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Run with correct env and PKCS12 files created with correct data
Run Cert Service Client And Validate PKCS12 Files Contain Expected Data ${VALID_ENV_FILE_P12} 0
Cert Service Client successfully creates keystore and truststore with expected data with OUTPUT_TYPE=PEM
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Run with correct env and PEM files created with correct data
Run Cert Service Client And Validate PEM Files Contain Expected Data ${VALID_ENV_FILE_PEM} 0
Cert Service Client reports error when OUTPUT_TYPE is invalid
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Run with invalid OUTPUT_TYPE env and expected exit code 1
Run Cert Service Client And Validate Client Exit Code ${INVALID_ENV_FILE_OUTPUT_TYPE} 1
Run Cert Service Client Container And Validate Exit Code And API Response
- [Tags] AAF-CERT-SERVICE
+ [Tags] OOM-CERT-SERVICE
[Documentation] Run with invalid CaName env and expected exit code 5
Run Cert Service Client And Validate Http Response Code And Client Exit Code ${INVALID_ENV_FILE} 404 5
network=network,
user='root', # Run container as root to avoid permission issues with volume mount access
mounts=[Mount(target='/var/certs', source=self.mount_path, type='bind'),
- Mount(target='/etc/onap/aaf/certservice/certs/', source=self.truststore_path, type='bind')],
+ Mount(target='/etc/onap/oom-platform-cert-service/certservice/certs/', source=self.truststore_path, type='bind')],
detach=True
)
exitcode = container.wait()
Create sessions
[Documentation] Create all required sessions
${certs}= Create List ${CERTSERVICE_SERVER_CRT} ${CERTSERVICE_SERVER_KEY}
- Create Client Cert Session alias ${AAFCERT_URL} client_certs=${certs} verify=${ROOTCA}
+ Create Client Cert Session alias ${OOMCERT_URL} client_certs=${certs} verify=${ROOTCA}
Set Suite Variable ${https_valid_cert_session} alias
Run Healthcheck
--- /dev/null
+*** Variables ***
+
+${CERT_SERVICE_CONTAINER_NAME} oom-cert-service
+${CERT_SERVICE_PORT} 8443
+${OOMCERT_URL} https://localhost:${cert_service_port}
+${CLIENT_CA_NAME} Client
+${RA_CA_NAME} RA
+${CERT_SERVICE_ENDPOINT} /v1/certificate/
+${ROOTCA} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/root.crt
+${CERTSERVICE_SERVER_CRT} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/certServiceServer.crt
+${CERTSERVICE_SERVER_KEY} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/certs/certServiceServer.key
+${VALID_CLIENT_CSR_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client.csr
+${VALID_CLIENT_PK_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client.pk
+${VALID_RA_CSR_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_ra.csr
+${VALID_RA_PK_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_ra.pk
+${INVALID_CSR_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/invalid.csr
+${INVALID_PK_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/invalid.key
+
+
+${CERT_SERVICE_ADDRESS} https://${CERT_SERVICE_CONTAINER_NAME}:${CERT_SERVICE_PORT}
+${VALID_ENV_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client_docker.env
+${VALID_ENV_FILE_JKS} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_jks.env
+${VALID_ENV_FILE_P12} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_p12.env
+${VALID_ENV_FILE_PEM} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/valid_client_docker_pem.env
+${INVALID_ENV_FILE_OUTPUT_TYPE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/invalid_client_docker_output_type.env
+${INVALID_ENV_FILE} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/assets/invalid_client_docker.env
+${DOCKER_CLIENT_IMAGE} nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-client:latest
+${CLIENT_CONTAINER_NAME} %{ClientContainerName}
+${CERT_SERVICE_NETWORK} certservice_certservice
+${MOUNT_PATH} %{WORKSPACE}/tests/oom-platform-cert-service/certservice/tmp
+${TRUSTSTORE_PATH} %{WORKSPACE}/plans/oom-platform-cert-service/certservice/certs
REQUEST_TIMEOUT=30000
OUTPUT_PATH=/var/certs
CA_NAME=RA
-OUTPUT_TYPE=JKS
+OUTPUT_TYPE=PEM
KEYSTORE_PATH=/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks
KEYSTORE_PASSWORD=secret
TRUSTSTORE_PATH=/etc/onap/aaf/certservice/certs/truststore.jks
import subprocess
import docker
-import jks
from OpenSSL import crypto
from docker.types import Mount
def __init__(self, mount_path, truststore_path):
self.mount_path = mount_path
self.truststore_path = truststore_path
+ self.keyPem = mount_path + '/key.pem'
self.caCertPem = mount_path + '/ca.pem'
self.serverKeyPem = mount_path + '/server_key.pem'
self.serverCertPem = mount_path + '/server_cert.pem'
- self.keystoreJksPath = mount_path + '/keystore.jks'
+ self.keystorePemPath = mount_path + '/keystore.pem'
self.keystoreP12Path = mount_path + '/keystore.p12'
self.keystorePassPath = mount_path + '/keystore.pass'
- self.truststoreJksPath = mount_path + '/truststore.jks'
+ self.truststorePemPath = mount_path + '/truststore.pem'
self.truststoreP12Path = mount_path + '/truststore.p12'
self.truststorePassPath = mount_path + '/truststore.pass'
# Function to validate keystore/truststore can be opened with generated pass-phrase.
def can_open_keystore_and_truststore_with_pass(self, container_name):
if container_name != NETCONF_PNP_SIM_CONTAINER_NAME:
- return self.can_open_keystore_and_truststore_jks_files()
+ return self.can_open_keystore_and_truststore_pem_files()
else:
return self.can_open_keystore_and_truststore_p12_files()
- # Function to validate keystore.jks/truststore.jks can be opened with generated pass-phrase.
- def can_open_keystore_and_truststore_jks_files(self):
+ # Function to validate keystore.pem/truststore.pem exist and are not empty.
+ def can_open_keystore_and_truststore_pem_files(self):
try:
- jks.KeyStore.load(self.keystoreJksPath, open(self.keystorePassPath, 'rb').read())
- jks.KeyStore.load(self.truststoreJksPath, open(self.truststorePassPath, 'rb').read())
- return True
+ private_key = self.file_exist_and_not_empty(self.keyPem)
+ keystore_pem = self.file_exist_and_not_empty(self.keystorePemPath)
+ truststore_pem = self.file_exist_and_not_empty(self.truststorePemPath)
+ return private_key and keystore_pem and truststore_pem
except Exception as e:
- print("UnExpected Error in validating keystore.jks/truststore.jks: {0}".format(e))
+ print("UnExpected Error in validating keystore.pem/truststore.pem: {0}".format(e))
return False
# Function to validate keystore.p12/truststore.p12 can be opened with generated pass-phrase.
# Method for Uploading Certificate in SDNC-Container.
# Creating/Uploading Server-key, Server-cert, Ca-cert PEM files in Netconf-Pnp-Simulator.
- def can_install_keystore_and_truststore_certs(self, cmd, container_name):
+ def can_install_keystore_and_truststore_certs(self, cmd, cmd_tls, container_name):
continue_exec = True
if container_name == NETCONF_PNP_SIM_CONTAINER_NAME:
print("Generating PEM files for {0} from P12 files".format(container_name))
continue_exec = self.create_pem(self.keystorePassPath, self.keystoreP12Path, self.truststorePassPath,
self.truststoreP12Path)
+ else:
+ cmd = cmd_tls
if continue_exec:
print("Initiate Configuration Push for : {0}".format(container_name))
resp_code = self.execute_bash_config(cmd, container_name)
def remove_mount_dir(self):
shutil.rmtree(self.mount_path)
+ def file_exist_and_not_empty(self, path_to_file):
+ return os.path.isfile(path_to_file) and os.path.getsize(path_to_file) > 0
+
@staticmethod
def get_pkcs12(pass_file_path, p12_file_path):
# Load PKCS12 Object
--- /dev/null
+#!/bin/bash
+
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+set -o errexit
+set -o pipefail
+set -o nounset
+[ "${SHELL_XTRACE:-false}" = "true" ] && set -o xtrace
+
+CONFIG=${CONFIG:-"${WORKSPACE}"/tests/sdnc/sdnc_netconf_tls_post_deploy/cert-data}
+CONTAINER_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.Gateway}}{{end}}' sdnc)
+ODL_URL=${ODL_URL:-http://"${CONTAINER_IP}":8282}
+PROC_NAME=${0##*/}
+PROC_NAME=${PROC_NAME%.sh}
+
+function now_ms() {
+ # Requires coreutils package
+ date +"%Y-%m-%d %H:%M:%S.%3N"
+}
+
+function log() {
+ local level=$1
+ shift
+ local message="$*"
+ printf "%s %-5s [%s] %s\n" "$(now_ms)" $level $PROC_NAME "$message"
+}
+
+# Extracts the body of a PEM file by removing the dashed header and footer
+pem_body() {
+ grep -Fv -- ----- $1
+}
+
+CA_CERT_ID=xNF_CA_certificate_0_0
+CA_CERT=$(pem_body $CONFIG/truststore.pem)
+
+SERVER_PRIV_KEY_ID=ODL_private_key_0
+SERVER_KEY=$(pem_body $CONFIG/key.pem)
+SERVER_CERT=$(pem_body $CONFIG/keystore.pem)
+
+RESTCONF_URL=$ODL_URL/restconf
+NETCONF_KEYSTORE_PATH=$RESTCONF_URL/config/netconf-keystore:keystore
+
+xcurl() {
+ curl -s -o /dev/null -H "Authorization: Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==" -w %{http_code} "$@"
+}
+
+log INFO Delete Keystore
+sc=$(xcurl -X DELETE $NETCONF_KEYSTORE_PATH)
+
+if [ "$sc" != "200" -a "$sc" != "404" ]; then
+ log ERROR "Keystore deletion failed with SC=$sc"
+ exit 1
+fi
+
+log INFO Load CA certificate
+sc=$(xcurl -X POST $NETCONF_KEYSTORE_PATH --header "Content-Type: application/json" --data "
+{
+ \"trusted-certificate\": [
+ {
+ \"name\": \"$CA_CERT_ID\",
+ \"certificate\": \"$CA_CERT\"
+ }
+ ]
+}
+")
+
+if [ "$sc" != "200" -a "$sc" != "204" ]; then
+ log ERROR Trusted-certificate update failed with SC=$sc
+ exit 1
+fi
+
+log INFO Load server private key and certificate
+sc=$(xcurl -X POST $NETCONF_KEYSTORE_PATH --header "Content-Type: application/json" --data "
+{
+ \"private-key\": {
+ \"name\": \"$SERVER_PRIV_KEY_ID\",
+ \"certificate-chain\": [
+ \"$SERVER_CERT\"
+ ],
+ \"data\": \"$SERVER_KEY\"
+ }
+}
+")
+
+if [ "$sc" != "200" -a "$sc" != "204" ]; then
+ log ERROR Private-key update failed with SC=$sc
+ exit 1
+fi
\ No newline at end of file
[Arguments] ${env_file} ${CONTAINER_NAME} ${expected_exit_code}
${exit_code}= Run Client Container ${DOCKER_CLIENT_IMAGE} ${CLIENT_CONTAINER_NAME} ${env_file} ${CERT_SERVICE_ADDRESS}${CERT_SERVICE_ENDPOINT} ${CERT_SERVICE_NETWORK}
${can_open}= Can Open Keystore And Truststore With Pass ${CONTAINER_NAME}
- ${install_certs}= Can Install Keystore And Truststore Certs ${CONF_SCRIPT} ${CONTAINER_NAME}
+ ${install_certs}= Can Install Keystore And Truststore Certs ${CONF_SCRIPT} ${CONF_TLS_SCRIPT} ${CONTAINER_NAME}
Remove Client Container And Save Logs ${CLIENT_CONTAINER_NAME} positive_path
Should Be Equal As Strings ${exit_code} ${expected_exit_code} Client return: ${exitcode} exit code, but expected: ${expected_exit_code}
Should Be True ${can_open} Cannot Open Keystore/TrustStore by Passphrase
Code Review / integration / csit.git / commitdiff