Implement truststore & keystore handling for cassandra

author vasraz <vasyl.razinkov@est.tech>

Tue, 26 Sep 2023 13:22:31 +0000 (14:22 +0100)

committer Michael Morris <michael.morris@est.tech>

Thu, 26 Oct 2023 21:20:29 +0000 (21:20 +0000)
author vasraz <vasyl.razinkov@est.tech>
Tue, 26 Sep 2023 13:22:31 +0000 (14:22 +0100)
committer Michael Morris <michael.morris@est.tech>
Thu, 26 Oct 2023 21:20:29 +0000 (21:20 +0000)
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb

index 3f7a041..787a764 100644 (file)
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
@@ -46,7 +46,6 @@ default['Pair_EnvName'] = ""
  #|  Portal                          |
  #|                                  |
  #+----------------------------------+
-
  default['ECompP']['cipher_key'] = "AGLDdG4D04BKm2IxIWEr8o=="
  default['ECompP']['portal_user'] = "Ipwxi2oLvDxctMA1royaRw1W0jhucLx+grHzci3ePIA="
  default['ECompP']['portal_pass'] = "j85yNhyIs7zKYbR1VlwEfNhS6b7Om4l0Gx5O8931sCI="
@@ -58,7 +57,6 @@ default['ECompP']['portal_app_name'] = "Ipwxi2oLvDxctMA1royaRw1W0jhucLx+grHzci3e
  #|  DMAAP Consumer                  |
  #|                                  |
  #+----------------------------------+
-
  default['DMAAP']['active'] = false
  default['DMAAP']['consumer']['aftEnvironment'] = "AFTUAT"
  default['DMAAP']['consumer']['consumerGroup'] = "ccd_onap"
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb

index a1d0df5..d2ec242 100644 (file)
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb
@@ -30,7 +30,10 @@ template "janusgraph.properties" do
                  :DC_NAME => node['cassandra']['datacenter_name'],
                  :DC_NAME_WITH_REP => janusgraph_dcname_with_rep,
                  :janus_connection_timeout => node['cassandra']['janusgraph_connection_timeout'],
-                :cassandra_truststore_password => node['cassandra'][:truststore_password],
+                :cassandra_keystore_path => node['cassandra'][:cassandra_keystore_path],
+                :cassandra_keystore_password => node['cassandra'][:cassandra_keystore_password],
+                :cassandra_truststore_path => node['cassandra'][:cassandra_truststore_path],
+                :cassandra_truststore_password => node['cassandra'][:cassandra_truststore_password],
                  :cassandra_ssl_enabled => "#{ENV['cassandra_ssl_enabled']}",
                  :cassandra_read_consistency_level => node['cassandra'][:read_consistency_level],
                  :cassandra_write_consistency_level => node['cassandra'][:write_consistency_level],
@@ -62,7 +65,6 @@ template "catalog-be-config" do
                  :socket_read_timeout => node['cassandra']['socket_read_timeout'],
                  :cassandra_pwd => node['cassandra'][:cassandra_password],
                  :cassandra_usr => node['cassandra'][:cassandra_user],
-                :cassandra_truststore_password => node['cassandra'][:truststore_password],
                  :cassandra_ssl_enabled => "#{ENV['cassandra_ssl_enabled']}",
                  :permittedAncestors => "#{ENV['permittedAncestors']}",
                  :dmaap_active => node['DMAAP']['active']
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb

index ada01a9..3f5ec42 100644 (file)
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
@@ -102,6 +102,10 @@ cassandraConfig:
      username: <%= @cassandra_usr %>
      password: <%= @cassandra_pwd %>
      ssl: <%= @cassandra_ssl_enabled %>
+    keystorePath: <%= @cassandra_keystore_password %>
+    keystorePassword: <%= @cassandra_ssl_enabled %>
+    truststorePath: <%= @cassandra_truststore_path %>
+    truststorePassword: <%= @cassandra_truststore_password %>
      keySpaces:
          - { name: dox,           replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']}
          - { name: sdcaudit,      replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']}
@@ -109,7 +113,6 @@ cassandraConfig:
          - { name: sdccomponent,  replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']}
          - { name: sdcrepository, replicationStrategy: NetworkTopologyStrategy, replicationInfo: ['<%= @REP_STRING %>']}
  
-
  licenseTypes:
     - User
     - Installation
@@ -909,7 +912,6 @@ serviceApiArtifacts:
        displayName: Testing
        type: OTHER
  
-
  additionalInformationMaxNumberOfKeys: 50
  
  systemMonitoring:
@@ -1164,7 +1166,6 @@ dmaapProducerConfiguration:
      aftDme2SslEnable: true
      aftDme2ClientSslCertAlias: certman
  
-
  # ToDo: AF - had to remove due to configuration laod class failure
  #dmeConfiguration:
  #    lookupUriFormat: "http://DME2RESOLVE/service=%s/version=1.0.0/envContext=%s/routeOffer=DEFAULT"
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-janusgraph.properties.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-janusgraph.properties.erb

index c8130dd..4c894b4 100644 (file)
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-janusgraph.properties.erb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-janusgraph.properties.erb
@@ -7,6 +7,8 @@ storage.connection-timeout=<%= @janus_connection_timeout %>
  storage.cql.keyspace=sdctitan
  
  storage.cql.ssl.enabled=<%= @cassandra_ssl_enabled %>
+storage.cql.ssl.keystore.location=<%= @cassandra_keystore_path %>
+storage.cql.ssl.keystore.password=<%= @cassandra_keystore_password %>
  storage.cql.ssl.truststore.location=<%= @cassandra_truststore_path %>
  storage.cql.ssl.truststore.password=<%= @cassandra_truststore_password %>
  
diff --git a/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java b/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java

index 3222c26..d33a80d 100644 (file)
--- a/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java
+++ b/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java
@@ -221,12 +221,14 @@ public class Configuration extends BasicConfiguration {
          private String username;
          private String password;
          private boolean ssl;
+        private String keystorePath;
+        private String keystorePassword;
          private String truststorePath;
          private String truststorePassword;
          private int maxWaitSeconds = 120;
  
          public Integer getCassandraPort() {
-            return cassandraPort != null ? cassandraPort : Configuration.CassandrConfig.CASSANDRA_DEFAULT_PORT;
+            return cassandraPort != null ? cassandraPort : CASSANDRA_DEFAULT_PORT;
          }
  
          @Getter
diff --git a/sdc-os-chef/environments/Template.json b/sdc-os-chef/environments/Template.json

index 7cd95cc..369d224 100644 (file)
--- a/sdc-os-chef/environments/Template.json
+++ b/sdc-os-chef/environments/Template.json
@@ -91,7 +91,11 @@
           "socket_read_timeout": "40000",
           "socket_connect_timeout": "40000",
           "janusgraph_connection_timeout": "20000",
-         "replication_factor": "1"
+         "replication_factor": "1",
+         "cassandra_keystore_path": "cassandra_keystore_path",
+         "cassandra_keystore_password": "cassandra_keystore_password",
+         "cassandra_truststore_path": "cassandra_truststore_path",
+         "cassandra_truststore_password": "cassandra_truststore_password"
        },
        "DMAAP": {
           "consumer": {
author	vasraz <vasyl.razinkov@est.tech>
	Tue, 26 Sep 2023 13:22:31 +0000 (14:22 +0100)
committer	Michael Morris <michael.morris@est.tech>
	Thu, 26 Oct 2023 21:20:29 +0000 (21:20 +0000)
catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb		patch \| blob \| history
catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb		patch \| blob \| history
catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb		patch \| blob \| history
catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-janusgraph.properties.erb		patch \| blob \| history
common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java		patch \| blob \| history
sdc-os-chef/environments/Template.json		patch \| blob \| history