Gitiles
Code Review Sign In
gerrit.nordix.org / onap / so / be8ac5839bc9a4c30d396678ef1d352518c6ccd0^1..be8ac5839bc9a4c30d396678ef1d352518c6ccd0 / .
commitbe8ac5839bc9a4c30d396678ef1d352518c6ccd0[log] [tgz]
authorByung-Woo Jun <byung-woo.jun@est.tech>Thu Oct 03 15:07:06 2019 +0000
committerGerrit Code Review <gerrit@onap.org>Thu Oct 03 15:07:06 2019 +0000
tree8a16975744c0c47a47c232d1bbeb0a3e64d345ca
parent13e4f222a95ab068bb0be0fe6cd7997c9dd81b52 [diff]
parent7ad6f76be9ad14c4cbd3b2660ef8a7c28273428b [diff]
Merge "Updated VNFM adapter security readme"
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/Readme.txt b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/Readme.txt
index 6687631..aaad603 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/Readme.txt
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/Readme.txt

@@ -1,5 +1,9 @@
 The following describes how to configure authentication for the VNFM adapter.

 

+TLS should always be configured to ensure secure communication between the VNFM-adapter <-> BPMN infra and VNFM-adapter <-> VNFM

+If two-way TLS is configured then there is no need for any further authentication (i.e. no need for token or basic auth).

+If two-way TLS is NOT configured then authentication is REQUIRED. Oauth token based authentication must be used for requests, while for notifications either oauth tokens or basic auth can be used.

+

 

 ==========================================

 To confgure TLS

@@ -12,8 +16,8 @@
 server:

   ssl:

     key-alias: so@so.onap.org

-    key--store-password: 'I,re7WWEJR$e]x370wRgx?qE'

-    key-store: classpath:org.onap.so.p12

+    key--store-password: 'ywsqCy:EEo#j}HJHM7z^Rk[L'

+    key-store: classpath:so-vnfm-adapter.p12

     key-store-type: PKCS12

 The values shown above relate to the certificate included in the VNFM adapter jar which has been generated from AAF. If a different certificate is to be used then these values should be changed accordingly.

 

@@ -21,8 +25,8 @@
 http:

   client:

     ssl:

-      trust-store: org.onap.so.trust.jks

-      trust-store-password: NyRD](z:EJJNIt?},QgM3o7H

+      trust-store: classpath:org.onap.so.trust.jks

+      trust-store-password: ',sx#.C*W)]wVgJC6ccFHI#:H'

 The values shown above relate to the trust store included in the VNFM adapter jar which has been generated from AAI. If a different trust store is to be used then these values should be changed accordingly.

 

 Ensure the value for the below parameter uses https instead of http


diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml
index 4434d2e..951d4a3 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml

@@ -23,22 +23,11 @@
   http:
     converters:
     preferred-json-mapper: gson
-    
-http:
-  client:
-    ssl:
-      trust-store: classpath:org.onap.so.trust.jks
-      trust-store-password: ',sx#.C*W)]wVgJC6ccFHI#:H'
         
 server:
   port: 9092
   tomcat:
     max-threads: 50
-  ssl:
-    key-alias: so@so.onap.org
-    key--store-password: 'ywsqCy:EEo#j}HJHM7z^Rk[L'
-    key-store: classpath:so-vnfm-adapter.p12
-    key-store-type: PKCS12
 
 mso:
   key: 07a7159d3bf51a0e53be7a8f89699be7
@@ -55,7 +44,7 @@
   endpoint: http://sdc.onap/1234A
   
 vnfmadapter:
-  endpoint: https://so-vnfm-adapter.onap:9092
+  endpoint: http://so-vnfm-adapter.onap:9092
 
 #Actuator
 management: