KAFKA_OPTS: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl
ZOOKEEPER_SERVER_ID: 1
volumes:
- - ./zk/zk_server_jaas.conf:/etc/zookeeper/secrets/jaas/zk_server_jaas.conf
+ - ./mr/zk/zk_server_jaas.conf:/etc/zookeeper/secrets/jaas/zk_server_jaas.conf
networks:
- default
# Reduced the number of partitions only to avoid the timeout error for the first subscribe call in slow environment
KAFKA_OFFSETS_TOPIC_NUM_PARTITIONS: 1
volumes:
- - ./kafka/zk_client_jaas.conf:/etc/kafka/secrets/jaas/zk_client_jaas.conf
+ - ./mr/kafka/zk_client_jaas.conf:/etc/kafka/secrets/jaas/zk_client_jaas.conf
networks:
- default
depends_on:
environment:
enableCadi: 'false'
volumes:
- - ./mr/MsgRtrApi.properties:/appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties
- - ./mr/logback.xml:/appl/dmaapMR1/bundleconfig/etc/logback.xml
- - ./mr/cadi.properties:/appl/dmaapMR1/etc/cadi.properties
+ - ./mr/mr/MsgRtrApi.properties:/appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties
+ - ./mr/mr/logback.xml:/appl/dmaapMR1/bundleconfig/etc/logback.xml
+ - ./mr/mr/cadi.properties:/appl/dmaapMR1/etc/cadi.properties
networks:
- default
depends_on:
- 8081:8081
- 8433:8433
volumes:
- - ./config/application_configuration.json:/opt/app/policy-agent/data/application_configuration.json:ro
+ - ./policy-service/config/application_configuration.json:/opt/app/policy-agent/data/application_configuration.json:ro
# For using own certs instead of the default ones (built into the container),
# place them in config/ directory, update the application-policyagent.yaml file, and uncomment the following lines
- # - ./config/keystore-policyagent.jks:/opt/app/policy-agent/etc/cert/keystore.jks:ro
- # - ./config/truststore-policyagent.jks:/opt/app/policy-agent/etc/cert/truststore.jks:ro
- # - ./config/application-policyagent.yaml:/opt/app/policy-agent/config/application.yaml:ro
+ # - ./policy-service/config/keystore-policyagent.jks:/opt/app/policy-agent/etc/cert/keystore.jks:ro
+ # - ./policy-service/config/truststore-policyagent.jks:/opt/app/policy-agent/etc/cert/truststore.jks:ro
+ # - ./policy-service/config/application-policyagent.yaml:/opt/app/policy-agent/config/application.yaml:ro
aliases:
- r-app-catalogue
ports:
- - 8080:8080
- - 8433:8433
+ - 8680:8680
+ - 8633:8633
# For using own certs instead of the default ones (built into the container),
# place them in config/ directory, update the https-props-a1controller.properties file, and uncomment the following lines
#volumes:
- # - ./config/keystore-a1controller.jks:/etc/ssl/certs/java/keystore.jks:ro
- # - ./config/truststore-a1controller.jks:/etc/ssl/certs/java/truststore.jks:ro
- # - ./config/https-props-a1controller.properties:/opt/onap/sdnc/data/properties/https-props.properties:ro
+ # - ./sdnc/config/keystore-a1controller.jks:/etc/ssl/certs/java/keystore.jks:ro
+ # - ./sdnc/config/truststore-a1controller.jks:/etc/ssl/certs/java/truststore.jks:ro
+ # - ./sdnc/config/https-props-a1controller.properties:/opt/onap/sdnc/data/properties/https-props.properties:ro
logging:
driver: "json-file"
options:
WORKDIR /opt/app/r-app-catalogue
RUN mkdir -p /var/log/r-app-catalogue
+RUN mkdir -p /opt/app/r-app-catalogue/etc/cert/
-EXPOSE 8081 8433
+EXPOSE 8680 8633
ADD /config/application.yaml /opt/app/r-app-catalogue/config/application.yaml
+ADD /config/r-app-catalogue-keystore.jks /opt/app/r-app-catalogue/etc/cert/keystore.jks
ADD target/${JAR} /opt/app/r-app-catalogue/r-app-catalogue.jar
+ # ========================LICENSE_START=================================
+ # Copyright (C) 2021 Nordix Foundation. All rights reserved.
+ # ======================================================================
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ # ========================LICENSE_END===================================
+
spring:
profiles:
active: prod
-
+server:
+ # Configuration of the HTTP/REST server. The parameters are defined and handled by the springboot framework.
+ # See springboot documentation.
+ port : 8633
+ http-port: 8680
+ ssl:
+ key-store-type: JKS
+ key-store: /opt/app/r-app-catalogue/etc/cert/keystore.jks
+ key-store-password: r-app-catalogue
+ key-password: r-app-catalogue
+ key-alias: server-cert
<artifactId>junit-jupiter-engine</artifactId>\r
<scope>test</scope>\r
</dependency>\r
+ <dependency>\r
+ <groupId>org.springframework.boot</groupId>\r
+ <artifactId>spring-boot-starter-test</artifactId>\r
+ <scope>test</scope>\r
+ </dependency>\r
+ <dependency>\r
+ <groupId>org.apache.httpcomponents</groupId>\r
+ <artifactId>httpclient</artifactId>\r
+ <scope>test</scope>\r
+ </dependency>\r
+\r
</dependencies>\r
\r
<build>\r
--- /dev/null
+/*-
+ * ========================LICENSE_START=================================
+ * Copyright (C) 2021 Nordix Foundation. All rights reserved.
+ * ======================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ========================LICENSE_END===================================
+ */
+
+package org.oransc.rappcatalogue.configuration;
+
+import org.apache.catalina.connector.Connector;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
+import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * Configure embedded Tomcat
+ */
+
+@Configuration
+public class TomcatConfig {
+
+ @Value("${server.http-port}")
+ private int httpPort = 0;
+
+ // Embedded Tomcat with HTTP and HTTPS support
+ @Bean
+ public ServletWebServerFactory servletContainer() {
+ TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();
+
+ if (httpPort > 0) {
+ tomcat.addAdditionalTomcatConnectors(getHttpConnector(httpPort));
+ }
+ return tomcat;
+ }
+
+ private static Connector getHttpConnector(int httpPort) {
+ Connector connector = new Connector(TomcatServletWebServerFactory.DEFAULT_PROTOCOL);
+ connector.setScheme("http");
+ connector.setPort(httpPort);
+ connector.setSecure(false);
+ return connector;
+ }
+}
--- /dev/null
+/*-
+ * ========================LICENSE_START=================================
+ * Copyright (C) 2021 Nordix Foundation. All rights reserved.
+ * ======================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ========================LICENSE_END===================================
+ */
+
+package org.oransc.rappcatalogue;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertThrows;
+import static org.junit.Assert.assertTrue;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.http.client.HttpClient;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContextBuilder;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.boot.test.web.client.TestRestTemplate.HttpClientOption;
+import org.springframework.boot.web.client.RestTemplateBuilder;
+import org.springframework.boot.web.server.AbstractConfigurableWebServerFactory;
+import org.springframework.boot.web.server.LocalServerPort;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.util.ResourceUtils;
+import org.springframework.web.client.ResourceAccessException;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
+@TestPropertySource(
+ properties = { //
+ "server.ssl.key-store=./config/r-app-catalogue-keystore.jks", //
+ "server.http-port=0"})
+public class HttpsRequestTest {
+
+ @Value("${server.ssl.key-store-password}")
+ private String keyStorePassword; // inject password from config
+
+ @Value("${server.ssl.key-store}")
+ private String keyStore; // inject keyStore from config
+
+ @LocalServerPort
+ private int port;
+
+ @Autowired
+ private AbstractConfigurableWebServerFactory webServerFactory;
+
+ @Test
+ public void testSsl() {
+ assertEquals(this.webServerFactory.getSsl().isEnabled(), true);
+ }
+
+ @Test
+ public void rest_OverPlainHttp_GetsBadRequestRequiresTLS() throws Exception {
+ TestRestTemplate template = new TestRestTemplate();
+ ResponseEntity<String> responseEntity =
+ template.getForEntity("http://localhost:" + port + "/services", String.class);
+ assertEquals(HttpStatus.BAD_REQUEST, responseEntity.getStatusCode());
+ assertTrue(responseEntity.getBody().contains("This combination of host and port requires TLS"));
+ }
+
+ @Test
+ public void rest_WithoutSSLConfiguration_ThrowsSSLExceptionUnableFindValidCertPath() throws Exception {
+ TestRestTemplate template = new TestRestTemplate();
+
+ ResourceAccessException thrown = assertThrows(ResourceAccessException.class, () -> {
+ template.getForEntity("https://localhost:" + port + "/services", String.class);
+ });
+ assertTrue(thrown.getMessage().contains("unable to find valid certification path to requested target"));
+ }
+
+ @Test
+ public void rest_WithTwoWaySSL_AuthenticatesAndGetsExpectedResponse() throws Exception {
+
+ SSLContext sslContext = new SSLContextBuilder().loadKeyMaterial(ResourceUtils.getFile(keyStore),
+ keyStorePassword.toCharArray(), keyStorePassword.toCharArray()).build();
+
+ SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext);
+ HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
+ HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);
+ RestTemplateBuilder rtb =
+ new RestTemplateBuilder().requestFactory(() -> factory).rootUri("https://localhost:" + port);
+
+ TestRestTemplate template = new TestRestTemplate(rtb, null, null, HttpClientOption.SSL);
+
+ ResponseEntity<String> responseEntity = template.getForEntity("/services", String.class);
+ assertEquals(HttpStatus.OK, responseEntity.getStatusCode());
+ assertEquals("[]", responseEntity.getBody());
+ }
+
+}