**Security Notes**
+*Fixed Security Issues*
+
+*Known Security Issues*
+
+* In default deployment OOM (consul-server-ui) exposes HTTP port 30270 outside of cluster. [`OJSI-134 <https://jira.onap.org/browse/OJSI-134>`_]
+* Hard coded password used for all oom deployments [`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_]
+
+*Known Vulnerabilities in Used Modules*
+
OOM code has been formally scanned during build time using NexusIQ and no
Critical vulnerability was found.
# application image
repository: nexus3.onap.org:10001
-image: onap/appc-cdt-image:1.5.1
+image: onap/appc-cdt-image:1.5.2
pullPolicy: Always
# application configuration
cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US
cadi_keyfile=/opt/onap/appc/data/stores/org.onap.appc.keyfile
cadi_keystore=/opt/onap/appc/data/stores/org.onap.appc.p12
-cadi_keystore_password=enc:4DVUTKvRCCtebQrKskDsuKFIHLzOf2M9XxNOhVIK4xb
+cadi_keystore_password=enc:tQTHVtbdCuzqrQY1TBRt9SkFL9tCY3OzwbsfaVyAa2dOfZlI0krFOJSBnkm1WdGr
#cadi_key_password=enc:<KEY PASSWORD (optional if the same as KEYSTORE PASSWORD)>
cadi_alias=appc@appc.onap.org
cadi_truststore=/opt/onap/appc/data/stores/truststoreONAPall.jks
flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/appc-image:1.5.1
+image: onap/appc-image:1.5.2
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-blueprintsprocessor:0.4.4
+image: onap/ccsdk-blueprintsprocessor:0.4.5
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-commandexecutor:0.4.4
+image: onap/ccsdk-commandexecutor:0.4.5
pullPolicy: Always
# application configuration
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-controllerblueprints:0.4.4
+image: onap/ccsdk-controllerblueprints:0.4.5
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-sdclistener:0.4.4
+image: onap/ccsdk-sdclistener:0.4.5
name: sdc-listener
pullPolicy: Always
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-cds-ui-server:0.4.4
+image: onap/ccsdk-cds-ui-server:0.4.5
pullPolicy: Always
# application configuration
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-kibana:4.0.3
+image: onap/clamp-dashboard-kibana:4.0.5
pullPolicy: Always
# flag to enable debugging - application support required
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-logstash:4.0.3
+image: onap/clamp-dashboard-logstash:4.0.5
pullPolicy: Always
# flag to enable debugging - application support required
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp:4.0.3
+image: onap/clamp:4.0.5
pullPolicy: Always
# flag to enable debugging - application support required
},
"policy_engine": {
"url": "https://{{ .Values.config.address.policy_xacml_pdp }}:6969",
- "path_decision": "/policy/pdpx/v1/decision"
+ "path_decision": "/policy/pdpx/v1/decision",
"path_notifications": "/pdp/notifications",
"path_api": "/pdp/api/",
"headers": {
# upgrade/install each "enabled" subchart
cd $CACHE_SUBCHART_DIR/
+ #“helm ls” is an expensive command in that it can take a long time to execute.
+ #So cache the results to prevent repeated execution.
+ ALL_HELM_RELEASES=$(helm ls -q)
for subchart in * ; do
SUBCHART_OVERRIDES=$CACHE_SUBCHART_DIR/$subchart/subchart-overrides.yaml
fi
fi
else
- array=($(helm ls -q | grep "${RELEASE}-${subchart}"))
+ array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}"))
n=${#array[*]}
for (( i = n-1; i >= 0; i-- )); do
helm del "${array[i]}" --purge
commonConfigPrefix: onap-oof-has
image:
readiness: oomk8s/readiness-check:2.0.0
- optf_has: onap/optf-has:1.3.0
+ optf_has: onap/optf-has:1.3.1
filebeat: docker.elastic.co/beats/filebeat:5.5.0
pullPolicy: Always
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-osdf:1.3.0
+image: onap/optf-osdf:1.3.2
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pdpd-cl:1.4.1
+image: onap/policy-pdpd-cl:1.4.2
pullPolicy: Always
# flag to enable debugging - application support required
# application image
repository: nexus3.onap.org:10001
-image: onap/testsuite:1.4.0
+image: onap/testsuite:1.4.1
pullPolicy: Always
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
# Demo configuration
# Nexus demo artifact version. Maps to GLOBAL_INJECTED_ARTIFACTS_VERSION
-demoArtifactsVersion: "1.4.0-SNAPSHOT"
+demoArtifactsVersion: "1.4.0"
# Nexus demo artifact URL.
demoArtifactsRepoUrl: "https://nexus.onap.org/content/repositories/releases"
# Openstack medium sized flavour name. Maps GLOBAL_INJECTED_VM_FLAVOR
# Openstack glance image name for Ubuntu 16. Maps to GLOBAL_INJECTED_UBUNTU_1604_IMAGE
ubuntu16Image: "Ubuntu_16_xenial"
# GLOBAL_INJECTED_SCRIPT_VERSION. Maps to GLOBAL_INJECTED_SCRIPT_VERSION
-scriptVersion: "1.4.0-SNAPSHOT"
+scriptVersion: "1.4.0"
# Openstack network to which VNFs will bind their primary (first) interface. Maps to GLOBAL_INJECTED_NETWORK
openStackPrivateNetId: "e8f51956-00dd-4425-af36-045716781ffc"
# Openstack security group for instantiating VNFs
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-dmaap-listener-image:1.5.3
+image: onap/sdnc-dmaap-listener-image:1.5.4
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ansible-server-image:1.5.3
+image: onap/sdnc-ansible-server-image:1.5.4
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/admportal-sdnc-image:1.5.3
+image: onap/admportal-sdnc-image:1.5.4
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ueb-listener-image:1.5.3
+image: onap/sdnc-ueb-listener-image:1.5.4
pullPolicy: Always
# flag to enable debugging - application support required
# application images
repository: nexus3.onap.org:10001
pullPolicy: Always
-image: onap/sdnc-image:1.5.3
+image: onap/sdnc-image:1.5.4
# flag to enable debugging - application support required
debugEnabled: false
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/bpmn-infra:1.4.3
+image: onap/so/bpmn-infra:1.4.4
pullPolicy: Always
replicaCount: 1
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/catalog-db-adapter:1.4.3
+image: onap/so/catalog-db-adapter:1.4.4
pullPolicy: Always
replicaCount: 1
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/so-monitoring:1.4.3
+image: onap/so/so-monitoring:1.4.4
pullPolicy: Always
replicaCount: 1
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/openstack-adapter:1.4.3
+image: onap/so/openstack-adapter:1.4.4
pullPolicy: Always
repository: nexus3.onap.org:10001
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/request-db-adapter:1.4.3
+image: onap/so/request-db-adapter:1.4.4
pullPolicy: Always
replicaCount: 1
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdc-controller:1.4.3
+image: onap/so/sdc-controller:1.4.4
pullPolicy: Always
replicaCount: 1
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdnc-adapter:1.4.3
+image: onap/so/sdnc-adapter:1.4.4
pullPolicy: Always
replicaCount: 1
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/vfc-adapter:1.4.3
+image: onap/so/vfc-adapter:1.4.4
pullPolicy: Always
replicaCount: 1
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/vnfm-adapter:1.4.3
+image: onap/so/vnfm-adapter:1.4.4
pullPolicy: Always
replicaCount: 1
# application image
repository: nexus3.onap.org:10001
-image: onap/vid:4.3.0
+image: onap/vid:4.3.1
pullPolicy: Always
# mariadb image for initializing
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/vnfsdk/refrepo:1.3.0
+image: onap/vnfsdk/refrepo:1.3.2
postgresRepository: crunchydata
postgresImage: crunchy-postgres:centos7-10.3-1.8.2
pullPolicy: Always