TLS sdc-be-init: truststore & keystore handling

[sdc.git] / catalog-be / sdc-backend-init / chef-repo / cookbooks / sdc-catalog-be-setup / recipes / 3_import_Normatives.rb

diff --git a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/3_import_Normatives.rb b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/3_import_Normatives.rb
index f59d916..cb36ffd 100644 (file)
--- a/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/3_import_Normatives.rb
+++ b/catalog-be/sdc-backend-init/chef-repo/cookbooks/sdc-catalog-be-setup/recipes/3_import_Normatives.rb
@@ -1,49 +1,43 @@
+require 'base64'
 be_ip=node['Nodes'][:BE]
 
 if node['disableHttp']
   protocol = "https"
   be_port = node['BE']['https_port']
   param="-i #{be_ip} -p #{be_port} --https"
+  if node['BE-init']['tls_cert'] && node['BE-init']['tls_key']
+    tls_key = "--tls_key " + node['BE-init']['tls_key']
+    tls_cert = "--tls_cert " + node['BE-init']['tls_cert']
+    if node['BE-init']['tls_password']
+      tls_key_pw = "--tls_key_pw " + node['BE-init']['tls_password']
+    end
+  end
+  if node['BE-init']['ca_cert']
+    ca_cert =  "--ca_cert " + node['BE-init']['ca_cert']
+  end
 else
   protocol = "http"
   be_port = node['BE']['http_port']
   param="-i #{be_ip} -p #{be_port}"
 end
 
+if node['basic_auth']
+  basic_auth_enabled = node['basic_auth']['enabled']
+  basic_auth_user = node['basic_auth']['user_name']
+  basic_auth_pass = node['basic_auth']['user_pass']
+  if basic_auth_enabled
+    basic_auth_config = "--header " + Base64.strict_encode64(basic_auth_user + ":" + basic_auth_pass)
+  else
+    # set default user configuration file
+    basic_auth_config = ""
+  end
+end
 cookbook_file "/var/tmp/normatives.tar.gz" do
   source "normatives.tar.gz"
 end
 
-bash "executing-import_Normatives" do
-  code <<-EOH
-    set -ex
-
-    cd /var/tmp/
-    tar -xvf normatives.tar.gz
-    
-    # executing the normatives
-    # add --debug to the importNormativeAll.py arguments to enable debug
-    
-    check_normative="/tmp/check_normative.out"
-    status_code=$(curl -k -s -o ${check_normative} -w "%{http_code}\\n" -X GET -H 'Content-Type: application/json;charset=UTF-8' -H 'USER_ID: jh0003' -H 'X-ECOMP-RequestID: cbe744a0-037b-458f-aab5-df6e543c4090' "#{protocol}://#{be_ip}:#{be_port}/sdc2/rest/v1/screen")
-    if [ "$status_code" != 200 ] ; then
-      exit "$status_code"
-    fi
-    
-    #curl -s -X GET -H "Content-Type: application/json;charset=UTF-8" -H "USER_ID: jh0003" -H "X-ECOMP-RequestID: cbe744a0-037b-458f-aab5-df6e543c4090" "#{protocol}://#{be_ip}:#{be_port}/sdc2/rest/v1/screen" > ${check_normative}
-    
-    resources_len=`cat ${check_normative}| jq '.["resources"]|length'`
-    mkdir -p /var/lib/jetty/logs
-
-    cd /var/tmp/normatives/import/tosca/
-    if [ $resources_len -eq 0 ] ; then
-      sdcimportall #{param} > /var/lib/jetty/logs/importNormativeAll.log
-      rc=$?
-      if [[ $rc != 0 ]]; then exit $rc; fi
-    else
-      sdcupgradeall #{param} > /var/lib/jetty/logs/upgradeNormative.log
-      rc=$?
-      if [[ $rc != 0 ]]; then exit $rc; fi
-    fi
-  EOH
+execute "create-jetty-modules" do
+  command "set -ex && tar -xvf normatives.tar.gz && cd /var/tmp/normatives/import/tosca && sdcinit #{param} #{basic_auth_config} #{tls_cert} #{tls_key} #{tls_key_pw} #{ca_cert} > #{ENV['ONAP_LOG']}/init.log"
+  cwd "/var/tmp/"
+  action :run
 end