[DOCS] Update J release notes for cert-service

Update the expired certificates and recreate the docker files
Update the release notes and update some Sphinx files
Fix some linting problems in the files

Issue-ID: OOM-2953

Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I1a26d7289890eee7fb38b11a45da3db5fc70ba8d

diff --git a/.readthedocs.yaml b/.readthedocs.yaml
index 3797dc8..df46e4c 100644 (file)
--- a/.readthedocs.yaml
+++ b/.readthedocs.yaml
@@ -16,5 +16,8 @@ python:
   install:
     - requirements: docs/requirements-docs.txt
 
+submodules:
+   include: all
+
 sphinx:
   configuration: docs/conf.py

diff --git a/docs/conf.py b/docs/conf.py
index 1e26e7d..351d0cc 100644 (file)
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -5,6 +5,12 @@ master_doc = 'index'
 
 linkcheck_ignore = [
     'http://localhost',
+    'http://ejbca',
+    'https://localhost'
+]
+
+exclude_patterns = [
+    '.tox'
 ]
 
 extensions = [

diff --git a/docs/requirements-docs.txt b/docs/requirements-docs.txt
index 9d2f6fc..522d857 100644 (file)
--- a/docs/requirements-docs.txt
+++ b/docs/requirements-docs.txt
@@ -1,5 +1,5 @@
-setuptools
-six
-sphinxcontrib.openapi
 lfdocs-conf
+sphinx>=4.2.0  # BSD
+sphinx-rtd-theme>=1.0.0  # MIT
+sphinxcontrib.openapi
 mistune==0.8.4

diff --git a/docs/sections/build.rst b/docs/sections/build.rst
index 27a40b1..2f20399 100644 (file)
--- a/docs/sections/build.rst
+++ b/docs/sections/build.rst
@@ -36,7 +36,7 @@ Environment
 How to build images?
 --------------------
 
-#. Checkout the project from https://gerrit.onap.org/r/#/admin/projects/oom/platform/cert-service
+#. Checkout the project from https://gerrit.onap.org/r/admin/repos/oom/platform/cert-service
 #. Read information stored in README.md file
 #. Use a Makefile to build images::
 

diff --git a/docs/sections/change-log.rst b/docs/sections/change-log.rst
index 2eef9b3..36e31cc 100644 (file)
--- a/docs/sections/change-log.rst
+++ b/docs/sections/change-log.rst
@@ -4,13 +4,11 @@
 
 
 Change Log
-==============
+==========
 
---------
+-------
 Jakarta
---------
-
-==============
+-------
 
 Version: 2.5.0
 --------------
@@ -55,14 +53,11 @@ Version: 2.5.0
 
 **Other**
 
-==============
 
 --------
 Istanbul
 --------
 
-==============
-
 Version: 2.4.0
 --------------
 
@@ -106,14 +101,11 @@ Version: 2.4.0
 
 **Other**
 
-==============
 
 --------
 Honolulu
 --------
 
-==============
-
 Version: 2.3.3
 --------------
 
@@ -154,7 +146,6 @@ Version: 2.3.3
 
 **Other**
 
-==============
 
 Version: 2.3.2
 --------------
@@ -197,7 +188,6 @@ Version: 2.3.2
 
 **Other**
 
-==============
 
 Version: 2.3.1
 --------------
@@ -238,7 +228,6 @@ Version: 2.3.1
 
 **Other**
 
-==============
 
 Version: 2.3.0
 --------------
@@ -280,7 +269,6 @@ Version: 2.3.0
 
 **Other**
 
-==============
 
 Version: 2.2.0
 --------------
@@ -326,15 +314,10 @@ Version: 2.2.0
 **Other**
 
 
-
-=============
-
 -------
 Guilin
 -------
 
-=============
-
 Version: 2.1.0
 --------------
 
@@ -377,7 +360,6 @@ Version: 2.1.0
 
 **Other**
 
-==============
 
 Version: 2.0.0
 --------------
@@ -418,7 +400,6 @@ Version: 2.0.0
 
 **Other**
 
-===========
 
 Version: 1.2.0
 --------------
@@ -459,7 +440,6 @@ Version: 1.2.0
 
 **Other**
 
-===========
 
 Version: 1.1.0
 --------------
@@ -500,13 +480,11 @@ Version: 1.1.0
 
 **Other**
 
-===========
 
 ----------
 Frankfurt
 ----------
 
-===========
 
 Version: 1.0.1
 --------------
@@ -548,7 +526,6 @@ The Frankfurt Release is the first release of the Certification Service.
 
 **Other**
 
-===========
 
 Version: 1.0.0
 --------------
@@ -591,6 +568,5 @@ The Frankfurt Release is the first release of the Certification Service.
 
 **Other**
 
-===========
 
 End of Change Log

diff --git a/docs/sections/configuration.rst b/docs/sections/configuration.rst
index 9763073..6ffe353 100644 (file)
--- a/docs/sections/configuration.rst
+++ b/docs/sections/configuration.rst
@@ -102,7 +102,7 @@ Note! This must be executed before calling *make all* (from OOM Installation) or
 1. Edit *cmpServers.json* file. If OOM *global.addTestingComponents* flag is set to:
 
     - *true* - edit *kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json*
-    - *false* - edit *kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json
+    - *false* - edit *kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json*
 
 2. Build and start OOM deployment
 

diff --git a/docs/sections/release-notes.rst b/docs/sections/release-notes.rst
index 094d10b..803ba05 100644 (file)
--- a/docs/sections/release-notes.rst
+++ b/docs/sections/release-notes.rst
@@ -11,19 +11,18 @@ OOM Certification Service Release Notes
     :depth: 2
 ..
 
-Version: 2.4.0
+Version: 2.5.0
 ==============
 
 Abstract
 --------
 
-This document provides the release notes for the Istanbul release.
+This document provides the release notes for the Jakarta release.
 
 Summary
 -------
 
-Certificate update use case is now available. For details go to:
-:ref:`How to use instructions<how_to_use_certificate_update>`
+Vulnerability Fix
 
 Release Data
 ------------
@@ -32,12 +31,12 @@ Release Data
 | **Project**                          | OOM                                                                                   |
 |                                      |                                                                                       |
 +--------------------------------------+---------------------------------------------------------------------------------------+
-| **Docker images**                    |  * onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.4.0                  |
-|                                      |  * onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0       |
-|                                      |  * onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.4.0|
+| **Docker images**                    |  * onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.5.0                  |
+|                                      |  * onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.5.0       |
+|                                      |  * onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.5.0|
 |                                      |                                                                                       |
 +--------------------------------------+---------------------------------------------------------------------------------------+
-| **Release designation**              | Istanbul                                                                              |
+| **Release designation**              | Jakarta                                                                               |
 |                                      |                                                                                       |
 +--------------------------------------+---------------------------------------------------------------------------------------+
 
@@ -45,20 +44,8 @@ Release Data
 New features
 ------------
 
-- `OOM-2754 <https://jira.onap.org/browse/OOM-2754>`_ Implement certificate update in CMPv2 external issuer
-
-- `OOM-2753 <https://jira.onap.org/browse/OOM-2753>`_ Implement certificate update in CMPv2 CertService
-
-- `OOM-2744 <https://jira.onap.org/browse/OOM-2744>`_ Remove CertService Client mechanism from ONAP
-
-- `OOM-2649 <https://jira.onap.org/browse/OOM-2649>`_ Update contrib/ejbca to 7.x
-
 **Bug fixes**
 
-- `OOM-2771 <https://jira.onap.org/browse/OOM-2771>`_ Fix CertificateRequest resource was not found issue in CMPv2 external issuer
-
-- `OOM-2764 <https://jira.onap.org/browse/OOM-2764>`_ Fix sonar issues in CertService
-
 **Known Issues**
 
 If Cert-Manager was down for some time and did not trigger certificate update on time, then updating an outdated certificate may require manual actions.
@@ -102,7 +89,7 @@ Security Notes
 
 **Fixed Security Issues**
 
-None
+- `OOM-2903 <https://jira.onap.org/browse/OOM-2903>`_ Fix Apache Vulnerability [CVE-2021-44228] in CertService
 
 **Known Security Issues**
 
@@ -124,21 +111,19 @@ For more information on the ONAP Istanbul release, please see:
 #. `ONAP Release Downloads`_
 #. `ONAP Wiki Page`_
 
-Version: 2.3.3
+Version: 2.4.0
 ==============
 
 Abstract
 --------
 
-This document provides the release notes for the Honolulu release.
+This document provides the release notes for the Istanbul release.
 
 Summary
 -------
 
-Certification Service provides certificates signed by external CMPv2 server - such certificates are further called operators certificates. Operators certificates are meant to secure external ONAP traffic - traffic between network functions (xNFs) and ONAP.
-
-This project was moved from Application Authorization Framework (AAF), to check previous release notes see,  `AAF CertService release notes <https://docs.onap.org/projects/onap-aaf-certservice/en/frankfurt/sections/release-notes.html>`_ .
-
+Certificate update use case is now available. For details go to:
+:ref:`How to use instructions<how_to_use_certificate_update>`
 
 Release Data
 ------------
@@ -147,13 +132,12 @@ Release Data
 | **Project**                          | OOM                                                                                   |
 |                                      |                                                                                       |
 +--------------------------------------+---------------------------------------------------------------------------------------+
-| **Docker images**                    |  * onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.3                  |
-|                                      |  * onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3               |
-|                                      |  * onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3       |
-|                                      |  * onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.3|
+| **Docker images**                    |  * onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.4.0                  |
+|                                      |  * onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0       |
+|                                      |  * onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.4.0|
 |                                      |                                                                                       |
 +--------------------------------------+---------------------------------------------------------------------------------------+
-| **Release designation**              | Honolulu                                                                              |
+| **Release designation**              | Istanbul                                                                              |
 |                                      |                                                                                       |
 +--------------------------------------+---------------------------------------------------------------------------------------+
 
@@ -161,26 +145,24 @@ Release Data
 New features
 ------------
 
-- `OOM-2560 <https://jira.onap.org/browse/OOM-2560>`_ Integrated CMPv2 certificate provider with Cert-Manager
+- `OOM-2754 <https://jira.onap.org/browse/OOM-2754>`_ Implement certificate update in CMPv2 external issuer
 
-  An CMPv2 certificate provider is a part of PKI infrastructure. It consumes CertificateRequest custom resource from Cert-Manager and calls CertService API to enroll certificate from CMPv2 server.
-  During ONAP deployment, the CMPv2 certificate provider is enabled when flags cmpv2Enabled, CMPv2CertManagerIntegration and platform.enabled equals true.
+- `OOM-2753 <https://jira.onap.org/browse/OOM-2753>`_ Implement certificate update in CMPv2 CertService
 
-  More information can be found on dedicated `wiki page <https://wiki.onap.org/display/DW/CertService+and+K8s+Cert-Manager+integration>`_
+- `OOM-2744 <https://jira.onap.org/browse/OOM-2744>`_ Remove CertService Client mechanism from ONAP
 
-- `OOM-2632 <https://jira.onap.org/browse/OOM-2632>`_ Extended CertService API and clients to correctly support SANs parameters such as: e-mails, URIs and IP addresses.
+- `OOM-2649 <https://jira.onap.org/browse/OOM-2649>`_ Update contrib/ejbca to 7.x
 
 **Bug fixes**
 
-- `OOM-2656 <https://jira.onap.org/browse/OOM-2656>`_ Adjusted CertService API to RFC4210 - changed MAC protection algorithm and number of iteration for such algorithm.
-
-- `OOM-2657 <https://jira.onap.org/browse/OOM-2657>`_ Enhanced CertServiceAPI response in order to include CMP server error messages.
+- `OOM-2771 <https://jira.onap.org/browse/OOM-2771>`_ Fix CertificateRequest resource was not found issue in CMPv2 external issuer
 
-- `OOM-2658 <https://jira.onap.org/browse/OOM-2658>`_ Fixed KeyUsage extension sent to CMPv2 server
+- `OOM-2764 <https://jira.onap.org/browse/OOM-2764>`_ Fix sonar issues in CertService
 
 **Known Issues**
 
-None
+If Cert-Manager was down for some time and did not trigger certificate update on time, then updating an outdated certificate may require manual actions.
+The required actions are described in :ref:`Troubleshooting section <troubleshooting>`
 
 Deliverables
 ------------
@@ -198,19 +180,19 @@ Known Limitations, Issues and Workarounds
 -----------------------------------------
 
 System Limitations
-------------------
+~~~~~~~~~~~~~~~~~~
 
 Any known system limitations.
 
 
 Known Vulnerabilities
----------------------
+~~~~~~~~~~~~~~~~~~~~~
 
 Any known vulnerabilities.
 
 
 Workarounds
------------
+~~~~~~~~~~~
 
 Any known workarounds.
 
@@ -235,15 +217,14 @@ Not applicable
 References
 ----------
 
-For more information on the ONAP Honolulu release, please see:
+For more information on the ONAP Istanbul release, please see:
 
 #. `ONAP Home Page`_
 #. `ONAP Documentation`_
 #. `ONAP Release Downloads`_
 #. `ONAP Wiki Page`_
 
-
 .. _`ONAP Home Page`: https://www.onap.org
 .. _`ONAP Wiki Page`: https://wiki.onap.org
 .. _`ONAP Documentation`: https://docs.onap.org
-.. _`ONAP Release Downloads`: https://git.onap.org
+.. _`ONAP Release Downloads`: https://git.onap.org
\ No newline at end of file

diff --git a/docs/tox.ini b/docs/tox.ini
index 42ffa68..509ac7d 100644 (file)
--- a/docs/tox.ini
+++ b/docs/tox.ini
@@ -1,6 +1,6 @@
 [tox]
 minversion = 1.6
-envlist = docs,
+envlist = docs,docs-linkcheck
 skipsdist = true
 
 [testenv:docs]
@@ -10,7 +10,7 @@ deps =
     -chttps://git.onap.org/doc/plain/etc/upper-constraints.os.txt
     -chttps://git.onap.org/doc/plain/etc/upper-constraints.onap.txt
 commands =
-    sphinx-build -b html -n -d {envtmpdir}/doctrees ./ {toxinidir}/_build/html
+    sphinx-build -W -b html -n -d {envtmpdir}/doctrees ./ {toxinidir}/_build/html
     echo "Generated docs available in {toxinidir}/_build/html"
 whitelist_externals =
     echo
@@ -19,7 +19,14 @@ whitelist_externals =
 
 [testenv:docs-linkcheck]
 basepython = python3
+deps =
+    -r{toxinidir}/requirements-docs.txt
+    -chttps://git.onap.org/doc/plain/etc/upper-constraints.os.txt?h=master
+    -chttps://git.onap.org/doc/plain/etc/upper-constraints.onap.txt?h=master
+commands =
+    sphinx-build -W -b linkcheck -d {envtmpdir}/doctrees ./ {toxinidir}/_build/linkcheck
+
 #deps = -r{toxinidir}/requirements-docs.txt
-commands = echo "Link Checking not enforced"
+#commands = echo "Link Checking not enforced"
 #commands = sphinx-build -b linkcheck -d {envtmpdir}/doctrees ./ {toxinidir}/_build/linkcheck
-whitelist_externals = echo
+#whitelist_externals = echo