Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

REQ-361: Continue hard coded password removal

Description

 

Updating scope based on Guilin focus

Currently all DCAE component certificates are retrieved dynamically during deploying using a onap/org.onap.dcaegen2.deployments.tls-init-container (which is built of aaf_agent). This container upon retrieval of certificates does some translation to standardize the certificate/format for DCAE service components. Source for init-container - https://git.onap.org/dcaegen2/deployments/tree/tls-init-container

Based on discussion on PTL meeting earlier this week, DCAE impact should be assessed for below

1) CertInitializer integration impact on DCAE-tls init container 
2) Impact to K8s plugin

Inaddition following component charts should be updated to remove hardcoded password.

  • Cloudify (to be confimed with Cloudify/vendor)

  • Cloudify password on Bootstrap, DH, Dashboard helm chart can be changed to use secret (secret may still have to be hardcoded depending on Cloudify feedback on #1)

 

100% Done
0

Activity

Show:

Former user November 4, 2020 at 9:58 PM

 Jira closed based on reduced scope delivered for Guilin; separate Jira will be created for migration to certinitializer template in future release.

Former user October 30, 2020 at 3:06 PM

There were two scope on this Jira

  1.  Removing hardcoded password for Cloudify and dependent component and switch to dynamic generated password via k8S secret

  2.  Switch to CertInitializer template (instead of DCAE TLS init container)

The #1 item is completed/delivered for Guilin.  As for #2 - I dont any progress happened.

This possibly could be done part of DCAE microservice helm migration support in future release;   ,   - Do you agree? If so, this Jira can be closed with reduced scope delivered for Guilin.

Former user October 29, 2020 at 10:10 PM

This issue is marked as delivered. Can it be closed now?

Former user July 8, 2020 at 5:34 PM

,

Based on OOM meeting discussion today, w.r.t to CertInitializer integration - DCAE changes will be phased.

  • All platform components (deployed) via helm will be updated to use Certinitialized template  (Supported by OOM Team)

  • Assess reusing the resource/init-container from Certinitializer directly in K8S plugin (to support DCAE service components) for alignment post Guilin

 

Former user July 6, 2020 at 1:02 PM

Sounds good. Thanks  .

 

Done

Details

Assignee

Reporter

Labels

Fix versions

Priority

Epic Name

Created December 5, 2019 at 4:40 AM
Updated November 4, 2020 at 9:58 PM
Resolved November 4, 2020 at 9:58 PM

Flag notifications