Add support for HTTPS
*Add AAF certificates
*Switch PM Mapper endpoints to HTTPS
*Make external API calls secure if applicable
Issue-ID: DCAEGEN2-1296
Change-Id: I63aef8a93cfe6d6a37dcd32496b35ed0841cec4b
Signed-off-by: dfarrelly <david.farrelly@est.tech>
diff --git a/dpo/blueprints/k8s-pm-mapper.yaml b/dpo/blueprints/k8s-pm-mapper.yaml
index 88fb44a..0944da3 100644
--- a/dpo/blueprints/k8s-pm-mapper.yaml
+++ b/dpo/blueprints/k8s-pm-mapper.yaml
@@ -22,17 +22,17 @@
imports:
- "http://www.getcloudify.org/spec/cloudify/3.4/types.yaml"
- - "https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R3/k8splugin/1.4.4/k8splugin_types.yaml"
+ - "https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R4/k8splugin/1.4.5/k8splugin_types.yaml"
inputs:
service_name:
type: string
description: Name of the serice
- default: "pm-mapper"
+ default: "dcae-pm-mapper"
tag_version:
type: string
description: Docker image to be used
- default: "nexus3.onap.org:10001/onap/org.onap.dcaegen2.services.pm-mapper:1.0-SNAPSHOT"
+ default: "nexus3.onap.org:10001/onap/org.onap.dcaegen2.services.pm-mapper:latest"
replicas:
type: integer
description: Number of instances
@@ -55,11 +55,11 @@
default: "ves-pub-1"
dmaap_dr_username:
type: string
- description: dmaap datarouter user name
+ description: DMAAP Data Router user name
default: "username"
dmaap_dr_password:
type: string
- description: dmaap datarouter password
+ description: DMAAP Data Router password
default: "password"
dcae_location:
type: string
@@ -69,42 +69,54 @@
type: string
description: Subscriber id in Data Router
default: ""
+ pm_mapper_service_protocol:
+ type: string
+ description: PM Mapper protocol
+ default: "https"
+ pm_mapper_service_port:
+ type: string
+ description: PM Mapper host port
+ default: "8443"
dmaap_buscontroller_service_host:
type: string
description: DMAAP Bus Controller host address
default: "dmaap-bc.onap.svc.cluster.local"
dmaap_buscontroller_service_port:
type: string
- description: DMAAP bus Controller host port
+ description: DMAAP Bus Controller host port
default: "8080"
dmaap_dr_feed_id:
type: string
- description: ID of the data router feed that the PM Mapper will subscribe to
+ description: ID of the Data Router feed that the PM Mapper will subscribe to
default: "1"
dmaap_dr_service_host:
type: string
description: DMAAP Data Router host address
- default: "dmaap-dr-node.onap.svc.cluster.local"
+ default: "dmaap-dr-node"
dmaap_dr_service_port:
type: string
description: DMAAP Data Router host port
default: "8443"
dmaap_mr_service_host:
type: string
- description: DMAAP Data Router host address
- default: "message-router.onap.svc.cluster.local"
+ description: DMAAP Message Router host address
+ default: "dmaap-mr"
dmaap_mr_service_port:
type: string
- description: DMAAP Data Router host port
- default: "3904"
+ description: DMAAP Message Router host port
+ default: "3905"
dmaap_mr_topic_name:
type: string
- description: Name of MR topic events will be published to
+ description: Name of Message Router topic events will be published to
default: "pm-mapper-ves"
filter:
type: string
- description: PM mapper filter on measInfo, measInfoId, measType, instanceId
+ description: PM Mapper filter on measInfo, measInfoId, measType, instanceId
default: "{ \"filters\":[]}"
+ enable_http:
+ type: boolean
+ description: Option to turn on HTTP connections
+ default: false
node_templates:
pm-mapper:
@@ -113,18 +125,25 @@
start:
inputs:
ports:
- - '8080:0'
+ - '8443:0'
+ - '8081:0'
properties:
application_config:
+ enable_http:
+ { get_input: enable_http }
+ trust_store_path: "/opt/app/pm-mapper/etc/cert/trust.jks.b64"
+ trust_store_pass_path: "/opt/app/pm-mapper/etc/cert/trust.pass"
+ key_store_path: "/opt/app/pm-mapper/etc/cert/cert.jks.b64"
+ key_store_pass_path: "/opt/app/pm-mapper/etc/cert/cert.pass"
buscontroller_feed_subscription_endpoint:
{ concat: ["http://", { get_input: dmaap_buscontroller_service_host },
":", { get_input: dmaap_buscontroller_service_port}, "/webapi/dr_subs"]}
dmaap_dr_feed_id:
get_input: dmaap_dr_feed_id
dmaap_dr_delete_endpoint:
- { concat: ["http://", { get_input: dmaap_dr_service_host },
+ { concat: ["https://", { get_input: dmaap_dr_service_host },
":", { get_input: dmaap_dr_service_port}, "/delete"]}
- filters:
+ pm-mapper-filter:
get_input: filter
streams_subscribes:
dmaap_subscriber:
@@ -140,8 +159,8 @@
subscriber_id:
get_input: subscriber_id
delivery_url:
- { concat: ["http://", { get_input: service_name }, ".onap.svc.cluster.local",
- ":8081/delivery"]}
+ { concat: [{ get_input: pm_mapper_service_protocol },"://", { get_input: service_name }, ".onap.svc.cluster.local",
+ ":", { get_input: pm_mapper_service_port }, "/delivery"]}
streams_publishes:
dmaap_publisher:
aaf_username:
@@ -156,7 +175,7 @@
client_id:
get_input: client_id
topic_url:
- { concat: ["http://", { get_input: dmaap_mr_service_host },
+ { concat: ["https://", { get_input: dmaap_mr_service_host },
":", { get_input: dmaap_mr_service_port }, "/events/", { get_input: dmaap_mr_topic_name }]}
location:
get_input: dcae_location
@@ -165,7 +184,7 @@
endpoint: /healthcheck
interval: 15s
timeout: 1s
- type: http
+ type: https
image:
get_input: tag_version
replicas: { get_input: replicas }
@@ -173,4 +192,7 @@
dns_name: { get_input: service_name }
log_info:
log_directory: "/var/log/ONAP/dcaegen2/services/pm-mapper"
+ tls_info:
+ cert_directory: "/opt/app/pm-mapper/etc/cert/"
+ use_tls: true
type: dcae.nodes.ContainerizedPlatformComponent
\ No newline at end of file