Specification
REQ - 140 Create Client, Plugin using Client and mechanisms for using CMPv2 as a CA
Team
| Role | Name | |
|---|---|---|
| Specificator | Pawel Baniewski | pawel.baniewski@nokia.com |
| Commiter | Bogumil Zebek | bogumil.zebek@nokia.com |
Project details
- Location: https://gerrit.onap.org/r/admin/repos/aaf/certservice
- Information for developers (README.md): https://gerrit.onap.org/r/gitweb?p=aaf/certservice.git;a=blob;f=certService/README.md;h=db96fa98661586015935c05ac222ef83ca779ff5;hb=HEAD
Requirements for developers
- Follow Google Java Style Guide
- Follow SONAR rules
- SONAR is available at https://sonarcloud.io/dashboard?id=onap_aaf-certservice
- Code Coverage MUST be at >= 80% level
- No new violation in NEW code
- New libraries
- Before you add a new JAVA library contact with Specificator and Commiter to get confirmation that library can be used in project!
- Remember to update README.md file (https://gerrit.onap.org/r/gitweb?p=aaf/certservice.git;a=blob;f=certService/README.md;h=db96fa98661586015935c05ac222ef83ca779ff5;hb=HEAD)
Licenses
Tips & Tricks
Run Jenkins Builds
How to create new project in ONAP
- Create a repository in gerrit
- Configure pom.xml in project
- Configure Jenkins Jobs
- Documentation
- An example: https://gerrit.onap.org/r/#/c/cli/ /101293/
- Contact person:
How to run CertService Client
As standalone docker:
Create file with environments as in example below.
client_docker.env
#Client envs REQUEST_TIMEOUT=1000 OUTPUT_PATH=/var/log CA_NAME=RA #Csr config envs COMMON_NAME=onap.org ORGANIZATION=Linux-Foundation ORGANIZATION_UNIT=ONAP LOCATION=San-Francisco STATE=California COUNTRY=US SANS=example.com:example2.com
Run docker container with environments file and docker network (API and client must be running in same network)
AAFCERT_CLIENT_IMAGE=nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest DOCKER_ENV_FILE= <path to environment file> NETWORK_CERT_SERVICE= <docker network of cert service> docker run --env-file $DOCKER_ENV_FILE --network $NETWORK_CERT_SERVICE $AAFCERT_CLIENT_IMAGE
As init container for K8s:
Sample deployment
...
kind: Deployment
metadata:
...
spec:
...
template:
...
spec:
initContainers:
- name: cert-service-client
image: nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:latest
imagePullPolicy: Always
env:
- name: REQUEST_URL
value: http://aaf-cert-service-service:8080/v1/certificate/
- name: REQUEST_TIMEOUT
value: "1000"
- name: OUTPUT_PATH
value: /var/log/certs
- name: CA_NAME
value: TEST
- name: COMMON_NAME
value: onap.org
- name: ORGANIZATION
value: Linux-Foundation
- name: ORGANIZATION_UNIT
value: ONAP
- name: LOCATION
value: San-Francisco
- name: STATE
value: California
- name: COUNTRY
value: US
- name: SANS
value: test.onap.org:onap.com
volumeMounts:
- mountPath: /var/log/certs
name: certs
...
Client's exiting codes:
| Code | Information |
|---|---|
| 0 | Success |
| 1 | Invalid client configuration |
| 2 | Invalid CSR configuration |
| 3 | Fail in key pair generation |
| 4 | Fail in CSR generation |
| 5 | API return unsuccessful response |
| 6 | Internal Http Client connection problem |
| 7 | Fail in PKCS12 conversion |
| 8 | Fail in Private Key to PEM Encoding |