...
Group | Property name | Component spec type | Type Blueprint type (input*/blueprint**) | Default | Description |
---|---|---|---|---|---|
external_cert | use_external_tls | input | input | true | A boolean that indicates whether the component uses AAF CertService to acquire operator certificate to protect external (between xNFs and ONAP) traffic. For a time being only operator certificate from CMPv2 server is supported |
external_cert_directory | ?hardcoded in BP Generator | blueprint | /opt/app/dcae-certificate/external_cert | Directory where operator certificate and trusted certs should be created | |
ca_name | hardcoded in BP Generator | input | RA | Name of Certificate Authority configured on CertService side (in cmpServers.json). Default RA_TEST corresponds to default CMPv2 testing configuration. | |
output_type | hardcoded in BP Generator | input | P12 | Certificate output type | |
external_cert: external_certificate_parameters | common_name | hardcoded in BP Generator | input | <Specific for every blueprint> | Common name which should be present in certificate. Specific for every blueprint (e.g. dcae-ves-collector for VES) |
sans | hardcoded in BP Generator | input | <Specific for every blueprint> | List of Subject Alternative Names (SANs) which should be present in certificate. Delimiter - : Should contain common_name value and other FQDNs under which given component is accessible, e.g. if xNFs uses ves-collector in request URL, such should be also present in SANs - e.g. dcae-ves-collector:ves-collector. |
...
Property name | Example | Description |
---|---|---|
TRUSTSTORES_PATHS | /etc/dcae/truststore.jks:/etc/dcae/cacert.pem:/etc/dcae/truststore2.p12 | List of truststores to be merged. Certificates from all provided truststores will be added to first provided truststore after success execution. |
TRUSTSTORES_PASSWORDS_PATHS | /etc/dcae/truststore.pass::/etc/dcae/truststore2.pass | List of passwords to provided truststores - order must be the same as in truststores WARNING: PEM is not protected by password so its value should be empty |
...
Group | Property name | Origin | Default | Description |
---|---|---|---|---|
externaltruststore_certmerger | trust_merger_image_tag | global helm value | nexus3.onap.org:10001/onap/org.onap.dcae.trusttruststore-merger:$VERSION | Truststore merger image name and version |
...
Group | Property name | Default | Description |
---|---|---|---|
properties: application_config | external_keystore_path | /opt/app/dcae-certificate/external_cert/keystore.jks | Path to keystore with external certificate |
external_keystore_password_path | /opt/app/dcae-certificate/external_cert/keystore.pass | Path to password for keystore with external certificate | |
external_truststore_path | /opt/app/dcae-certificate/external_cert/truststore.jks | Path to truststore with external trust anchors | |
external_truststore_password_path | /opt/app/dcae-certificate/external_cert/truststore.pass | Path to password for truststore with external trust anchors |
...