VES Collecotr - update documentation
https://jira.onap.org/browse/DCAEGEN2-1656
Issue-ID: DCAEGEN2-1618
Change-Id: I9f221163430f0913fbf96e8af005b0a10a772b73
Signed-off-by: Zlatko Murgoski <zlatko.murgoski@nokia.com>
diff --git a/docs/sections/services/ves-http/configuration.rst b/docs/sections/services/ves-http/configuration.rst
index a6862f5..eaadf27 100644
--- a/docs/sections/services/ves-http/configuration.rst
+++ b/docs/sections/services/ves-http/configuration.rst
@@ -16,7 +16,6 @@
"collector.service.port": "8080",
"collector.schema.file": "{\"v1\":\"./etc/CommonEventFormat_27.2.json\",\"v2\":\"./etc/CommonEventFormat_27.2.json\",\"v3\":\"./etc/CommonEventFormat_27.2.json\",\"v4\":\"./etc/CommonEventFormat_27.2.json\",\"v5\":\"./etc/CommonEventFormat_28.4.1.json\",\"v7\":\"./etc/CommonEventFormat_30.0.1.json\"}",
"collector.keystore.passwordfile": "/opt/app/VESCollector/etc/passwordfile",
- "collector.inputQueue.maxPending": "8096",
"streams_publishes": {
"ves-measurement": {
"type": "message_router",
@@ -58,7 +57,6 @@
"collector.service.secure.port": "8443",
"auth.method": "noAuth",
"collector.keystore.file.location": "/opt/app/VESCollector/etc/keystore",
- "services_calls": [],
"header.authlist": "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6"
}
diff --git a/docs/sections/services/ves-http/installation.rst b/docs/sections/services/ves-http/installation.rst
index 308a2ce..be32d89 100644
--- a/docs/sections/services/ves-http/installation.rst
+++ b/docs/sections/services/ves-http/installation.rst
@@ -134,7 +134,6 @@
properties:
application_config:
collector.dmaap.streamid: fault=ves-fault|syslog=ves-syslog|heartbeat=ves-heartbeat|measurementsForVfScaling=ves-measurement|measurement=ves-measurement|mobileFlow=ves-mobileflow|other=ves-other|stateChange=ves-statechange|thresholdCrossingAlert=ves-thresholdCrossingAlert|voiceQuality=ves-voicequality|sipSignaling=ves-sipsignaling|notification=ves-notification|pnfRegistration=ves-pnfRegistration
- collector.inputQueue.maxPending: "8096"
collector.keystore.file.location: /opt/app/VESCollector/etc/keystore
collector.keystore.passwordfile: /opt/app/VESCollector/etc/passwordfile
collector.schema.checkflag: "1"
@@ -144,7 +143,6 @@
event.transform.flag: "0"
auth.method: certBasicAuth
header.authlist: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6"
- services_calls: []
streams_publishes:
ves-fault:
dmaap_info:
diff --git a/docs/sections/services/ves-http/tls-authentication.rst b/docs/sections/services/ves-http/tls-authentication.rst
index ad8d8d2..1ace393 100644
--- a/docs/sections/services/ves-http/tls-authentication.rst
+++ b/docs/sections/services/ves-http/tls-authentication.rst
@@ -1,5 +1,11 @@
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
+.. raw:: html
+
+ <style> .red {color:red} </style>
+ <style> .green {color:green} </style>
+.. role:: red
+.. role:: green
Authentication Types
====================
@@ -19,6 +25,30 @@
Property *auth.method* is used to manage security mode, possible configuration: noAuth, basicAuth, certOnly, certBasicAuth
* *auth.method=noAuth* default option - no security (http)
+
* *auth.method=certOnly* is used to enable mutual TLS authentication (https)
+
+ * client without cert and without basic auth = :red:`Authentication failure`
+ * client without cert and wrong basic auth = :red:`Authentication failure`
+ * client without cert and correct basic auth = :red:`Authentication failure`
+ * client with cert and without/wrong basic auth = :green:`Authentication successful`
+ * client with cert and correct basic auth = :green:`Authentication successful`
+
* *auth.method=certBasicAuth* is used to enable mutual TLS authentication or/and basic HTTPs authentication
- * *auth.method=basicAuth* is used to enable basic HTTPs authentication
\ No newline at end of file
+
+ * client without cert and without basic auth = :red:`Authentication failure`
+ * client without cert and wrong basic auth = :red:`Authentication failure`
+ * client without cert and correct basic auth = :green:`Authentication successful`
+ * client with cert and without/wrong basic auth = :green:`Authentication successful`
+ * client with cert and correct basic auth = :green:`Authentication successful`
+
+ * *auth.method=basicAuth* is used to enable basic HTTPs authentication
+
+ * client without cert and without basic auth = :red:`Authentication failure`
+ * client without cert and wrong basic auth = :red:`Authentication failure`
+ * client without cert and correct basic auth = :green:`Authentication successful`
+ * client with cert and without/wrong basic auth = :red:`Authentication failure`
+ * client with cert and correct basic auth = :green:`Authentication successful`
+
+When application is in certOnly or certBasicAuth mode then certificates are also validated by regexp in /etc/certSubjectMatcher.properties,
+only SubjectDn field in certificate description are checked. Default regexp value is .* means that we approve all SubjectDN values.