...
- Credentials for ONAP users to access ONAP. These are referred to as Type A as ONAP_USER credentials.
- Credentials for using the APIs exposed by ONAP. These are referred to as ONAP_ExtAPI credentials.
- Credentials for ONAP to communicate to other ONAP components. These are referred to as Type B credentialsONAP Component credentials.
- Note: This includes credentials for VNF SDK to package the artefacts onboarded into SDC.
- Credentials for ONAP to communicate with other systems. These are referred to as Type C ONAP_Foreign credentials.
- As an example, if ONAP is to communicate to an external SDN controller or a cloud infrastructure, these need credentials need to be managed.
2.2 Credential Lifecycle
...
- Credential Creation
- The credentials are created. The means to create the credentials is considered out-of-scope from ONAP and an existing credential creation scheme is used.
Note: The credentials may be created by a CA.
- The credentials are created. The means to create the credentials is considered out-of-scope from ONAP and an existing credential creation scheme is used.
- Credential Provisioning
- Provisioning the credentials involves putting the credentials into the ONAP system, ensuring that they are securily stored.
- Credential Update
- The credentials that have been previously provisioned are updated.
- Credential Validation
- The validation of provisioned credentials to ensure that the credentials are still valid.
- Credential Distribution
- The distribution of the credentials so that they are accessable to the ONAP functions.
Note: this implies no statement on the means to distribute the credentials.
- The distribution of the credentials so that they are accessable to the ONAP functions.
- Credential Revoke
- The ability to revoke and remove a credential
...
- The credential management solution must be able to interact with existing credential creation and validation schemes
The credential management solution must be able to interact with certificate authorities selected by the ONAP operator.
2.4 ONAP Credential Management Overview
...
Component 1: Secrets Vault - A service that can be integrated with ONAP that provides secure storage of the credentials used by ONAP to authenticate to VNFs.
- OpenStack’s Barbican: specific to OpenStack, not a mature service
- Various commercial services such as LastPass
NOTE to seccom: Probably should describe how this works for all lifecycle steps.
Recommendation: ONAP should provide a reference implementation of a secrets vault service as an ONAP project.
...
Describe what this means to ONAP
QUESTIONS:
3 ONAP Static Code Scans
Status: Draft
...
Languages supported: C/C++, C#, Java, Javascript, Python, Ruby
Question: How to trigger the code scan from Jenkins?
→ Jenkis plug in?
→ what API does Coverity offer
Question: What about Go? which versions of Phython.
...