-
Story
-
Resolution: Done
-
Medium
-
None
-
None
-
None
As a vendor I would like to have the ability to import TOSCA Based VNF.
A CSAR VNF package shall have a manifest file. The manifest file shall have an extension .mf and the same name as
the main TOSCA definitions YAML file and be located at the root of the archive .
The manifest file shall start with the VNF package metadata in the form of a name-value pairs. Each pair shall appear
on a different line. The "name" and the "value" shall be separated by a colon. The name shall be one of those specified
List of valid names and values for VNF package metadata:
Name Value
EXAMPLE:
metadata:
vnf_product_name: vMRF-1-0-0
vnf_provider_id: Acme
vnf_package_version: 1.0
vnf_release_data_time: 2017.01.01T10:00+03:00
END OF EXAMPLE
If the VNF package refers to external files, the manifest file shall contain digests of individual files in the package, both
local files contained in the package and external files referenced in the package.
If the VNF package does not refer to external files, the manifest files may contain digests of individual files contained
in the package. If the manifest file does not include digests, the complete CSAR file shall be digitally signed by the
VNF provider. A consumer of the VNF package verifies the digests in the manifest file by computing the actual digests
and comparing them with the digests listed in the manifest file.
The manifest file, or alternatively, the signature of the CSAR file, is the key for decision regarding a VNF package
integrity and validity in terms of its contained artifacts. The specification of the manifest file and specific algorithms
used in digest creation and validation is described in the security related sub-clause.