...
| Group | Property name | Origin | Default | Description |
|---|---|---|---|---|
| external_cert | image_tag | plugin | nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:$VERSION | Image name and version |
| request_url | plugin | https://aaf-cert-service:8443/v1/certificate/ | URL to Cert Service API | |
| timeout | plugin | 30000 | Request timeout. Needs to be taken from global CMPv2 helm variable | |
| country | plugin | US | Country name inĀ ISO 3166-1 alpha-2 format, for which certificate will be created. Needs to be taken from global CMPv2 helm variable | |
| organization | plugin | Linux-Foundation | Organization name, for which certificate will be created. Needs to be taken from global CMPv2 helm variable | |
| state | plugin | California | State name, for which certificate will be created. Needs to be taken from global CMPv2 helm variable | |
| organizational_unit | plugin | ONAP | Organizational unit name, for which certificate will be created. Needs to be taken from global CMPv2 helm variable | |
| location | plugin | San-Francisco | Location name, for which certificate will be created. Needs to be taken from global CMPv2 helm variable |
...
Take into account X.509 certificates from CMPv2 server
There are two options to proceed with using certificates from CMPv2 server:
Option 1 (DCAE extra init container (aka trust merger))
Keep application intact and implement truststore truststores merger and invoke it as new init container to provide to application one truststore with multiple trust anchors taken from multiple truststores and one keystore with certificate from CMPv2 server.
Option 2
Adjust applications to support different certificates and trusted certificates on external and internal traffic separately.
DCAE extra init container (aka trust merger)
Cause DCAE wants to keep the same application implementation (one keystore and one truststore) need to implement new container which
...
Optionally adjust components which use different certificates internally and externally to support the same truststore and keystore on both traffics.
Option 2 (Adjust DCAE components to support two internal and external truststores and keystores)
Components which don't distinguish between external and internal traffic must be refactored adjusted to support different certificates and trusted certificates on both traffics separately.
...