...
For enabling TLS, as new application port is involved the service should be redeployed (by modifying the parameters in blueprint), esp when changing from noAuth to basicAuth/certOnly/certBasicAuth. The latter 3 types use 8443 while the noAuth uses 8080. Any changes within basicAuth/certOnly/certBasicAuth can be done through consul update as k8s deployment descriptor (which contains the service definition and healthcheck spec) are still valid.
High level test cases for auth.method = "basicAuth" :
When application is setup for TLS and auth.method = "basicAuth", healthcheck endpoint must be using 8443 (change submitted to override and support 8080 for healthcheck is not required nor valid).
...
- Copy attached k8s-ves-0529-secure.yaml file to ONAP Bootstrap node
- From Rancher node find bootstrap pod: kubectl -n onap get pod | grep -i bootstrap
- Login to found in point 1 pod: kubectl exec -it <bootstrap_pod_name> -n onap bash
- Uninstal VES: cfy uninstall ves
- Delete VES blueprint: cfy blueprints delete ves
- Overwrite VES default blueprint with copied k8s-ves-0529-secure.yaml: copy new bp - k8s-ves-0529-secure.yaml as /blueprints/k8s-ves.yaml
- Apply new blueprint: cfy install -b ves -d ves -i /inputs/k8s-ves-inputs.yaml /blueprints/k8s-ves.yaml
| TC ID | Test Case Name | Test Case Description | Expected Result |
|---|---|---|---|
| T01 | Client with correct basic auth and correct certificate | PASS | |
| T02 | Client with correct basic auth and incorrect certificate | PASS | |
| T03 | Client with correct basic auth and without certificate | PASS | |
| T04 | Client without basic auth and without certificate | FAIL | |
| T05 | Client without basic auth and with correct certificate | FAIL | |
| T06 | Client with incorrect basic auth and with correct certificate | FAIL | |
| T07 | Client with incorrect basic auth and with correct certificate | FAIL | |