...
- Proposed name for the project:
ConfigPersistencySvc - Proposed name for the repository:
ConfigPersistencySvc - Project Logo:
PROJECT DESCRIPTION
The Configuration Persistence Service is a platform component that is designed to serve as a data repository for Run time data that needs to be persistent. It is characterized by the following purpose statements:
...
CPS SECURITY REQUIREMENTS
Authentication and Authorization
- CPS uses Basic Authentication control provided by spring security
- Usernames and passwords are configurable by the clients via passing the environment variables for use in application.yml file.
- For deployments, CPS uses K8s secrets which are generated and stored as the application is deployed.
When CPS is run with docker, the services use usernames and passwords that are stored as environment variables.
HTTPS
- CPS is compatible and in the process of migrating to a service mesh via the ONAP service mesh implementation. (https://gerrit.onap.org/r/c/oom/+/124287)
Input ValidationLogging and Monitoring
- CPS uses spring boots Logback and Log4j for logging information without exposing credentials (usernames and passwords).
- CPS has no logging of sensitive information such as usernames and passwords in plain text. The log files are only accessible within the authorized users of the application deployment.
SECURITY ASSURANCE
Input Validation
- CPS uses spring boot boot input validation support for initial input validation.
- CPS uses java mechanisms to further validate inputs such as parameters.
- CPS accepts models and data which are validated via a third-party tool (OpenDayLight YANG parser).
Logging Authentication and MonitoringAuthorization
- CPS uses spring boots Logback and Log4j for logging information without exposing credentials (usernames and passwords)Basic Authentication control provided by spring security
- Usernames and passwords are configurable by the clients via passing the environment variables for use in application.yml file.
- For deployments, CPS uses K8s secrets which are generated and stored as the application is deployed.
When CPS is run with docker, the services use usernames and passwords that are stored as environment variables.
CPS does not run docker containers or services as 'root'.
- For deployments, CPS uses K8s secrets which are generated and stored as the application is deployed.
OPERATIONAL DESCRIPTION
C&PS DB operation is described. The following sections describe the basic operations of C&PS DB.
...