Verifies the MANIFEST file (MainServiceTemplate.mf) and  checks that the defined directories of the PNF package against the manifest file. for example the manifest file might say a files should exist: "Measurements: source: Artifacts/Deployment/Measurements/PM_Dictionary.yaml", the VNF SDK would check that the file PM_Dictionary.yaml exists in the actual PNF package.

(Confirmed that VNF-SDK supports already Feb 14, 2019). Bogumil Zebek

There are two repositories: Java, Python. (investigate)

ASSOCIATED DEVELOPMENT:

• Adapt unit tests to run in Local DCE
• Extract common manifest logic to separate module
• Create PNF Manifest file validator
• Integrate PNF Manifest file validator in CSAR Reader
• Add CSAR Type flag to CSAR Validation command line.

(Test only) CERTIFICATE check. In the PNF package it is expected that there will be MainServiceTemplate.cert. This is mentioned in the TOSCA MetaFile. For example, in the TOSCA MetaFile, it could be mentioned "Entry-Certificate: Artifacts/resource-gnodeb-template.cert". And VNF SDK would check to make sure that the resource-gnodeb-template.cert file exists in the mentioned directory, the Artifacts in this case. VNF SDK does not look inside this file.

(Needs Investigation) SOL004 has option 1 (signing each artifact individually / individual digest) and option 2 (sign entire package). It would be nice if VNF SDK supported both Option 1 and Option 2.

(Needs Investigation) VNF-SDK option 1/2 support still needs investigation (as of Feb 18, 2019). Need to clarify how to do the test.

ASSOCIATED DEVELOPMENT:

QUESTION is the file is not there will the process abort or is a warning given?

Check keywords. needs VNF SDK to check the PNF keywords. in the MainServiceTemplate.mf there are new tags:

• pnfd_name
• pnfd_provider,
• pnfd_archive_version,
• pnfd_release_date_time

and the file list

and the NON ETSI MANO artifact tags public tags. These public tags are under the "non_mano_artifact_sets". This would be NEW development in VNF SDK. An example Manifest file is shown in this diagram:

metadata:                                                      

pnfd_name: gNB

pnfd_provider: Ericsson

pnfd_archive_version:1.0

pnfd_release_date_time:2018-12-03T08:44:00-05:00

source: Definitions/MainServiceTemplate.yaml    

source: Definitions/etsi_nfv_sol001_vnfd_2_5_1_types.yaml

source: Definitions/etsi_nfv_sol001_pnfd_2_5_1_types.yaml

non_mano_artifact_sets: 

onap_ves_events:

  source: Artifacts/Events/VES_registration.yaml

onap_pm_dictionary:

  source: Artifacts/Measurements/PM_Dictionary.yaml

onap_yang_module:

  source: Artifacts/Yang_module/Yang_module.yaml

onap_others:

  source: Artifacts/scripts/install.sh

  source: Artifacts/Informational/user_guide.txt

  source: Artifacts/Other/installation_guide.txt

  source: Artifacts/Other/review_log.txt

   which shows the use of some of these fields.

ASSOCIATED DEVELOPMENT:

Following ETSI SOL004 Validation for Meta-Data file and Manufacturer file, this is the TOSCA.meta file that is part of the PNF Package. Both VNF SDK implementing only meta-data option, in the package there is a meta file. Check TOSCA.meta, while this file is not mandatory, when it is included that it follows the SOL004 standard (ETSI). We expect that "TOSCA-Meta-Version" and "CSAR-Version" and "Created by" are already supported, and new checks for "Entry definition, ETSI-Entry-manifest, ETSI-Entry-change-log" would be new VNF SDK development work (needs to be verified).

TOSCA-Meta-File-Version: 1.0

CSAR-Version: 1.1

Created-By: Ericsson

Entry-Definitions: Definitions/MainServiceTemplate.yml     

ETSI-Entry-Manifest: MainServiceTemplate.mf

ETSI-Entry-Change-Log: Artifacts/ChangeLog.txt

VNF SDK does the check the TOSCA.meta file today, if a few keywords is there.

ASSOCIATED DEVELOPMENT:

R4

HIGH

Driven from SOL004: Option 1 (Supported in R4 Dublin): TOSCA.meta (exists) Meta-directory based, XML based approach. Option 2 (NOT support in R4 Dublin): CSAR without TOSCA.meta. Manifest (.mf) file that has everything (so the TOSCA.meta is redundant). Yaml-based approach.

The Public Key a key to open the package. SOL004 Option 1, 2 and use key to open the package - X.509 certificates public key, private key to sign the package and private key correspond to the private key of the package also delivered with the package. a package, a signature, and public key certificate delivered together. There may be more than one signature. Option 1 there is a digest for every file. All of those digests are listed in the manifest file. The manifest file is signed, one signature on the manifest. One signature and one key/pair & 1 certificate. Still optional to sign other files. The signature is a file beside. myimage.iso myimage.xyz but the same file/directory. Every file signed should have a signature files. CSAR file signed in a .sm file, package signature. The public key is signed can be signed by a root certificate.

An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate.

(investigate) if VNF-SDK would like to use AAF as the CA. Can AAF perform the CA functions.

To open the package need: (1) Public Key (to open the manifest file) (2) file input (3) certificate input. create a hash, the hash is verified against the signature. SHA-256

ASSOCIATED DEVELOPMENT:

The descriptor. There is validation of the VNFD. PNF Descriptor: TOSCA descriptor, and validate the node type. Validation of TOSCA PNFD. Following TOSCA rules. Components required are there.  (NEEDS INVESTIGATION)

VNFSDK check the VNFD based on VNF requirements.

ASSOCIATED DEVELOPMENT:

Enhancement of Package Testing. A item to make sure that integration testing is performed and that VNF-SDK supports the functions as will be described in the Requirements work. Testing the package against the requirements (a user can enter a requirement#) VNF-RQTS project.

It would be ideal if the PNF Package used by the VNF-SDK work is shared by the rest of the PNF preonboarding/onboarding development & integration.

ASSOCIATED DEVELOPMENT: