-
Bug
-
Resolution: Done
-
High
-
Guilin Release
-
None
Cert folder has been bring back to docker-nfs folder however it is wrongly mounted to sdc on boarding. Same issue like in Frankfurt release.
According to read the docs there should be possibility to pre install root certificate for package validation by copping it directly to pod to /var/lib/jetty/cert in sdc-onboarding-be.
Currently when non root user has been introduced to sdc container it become impossible because cert folder is requires root privileges.
ubuntu@onap-7993-rke-node:~/oom/kubernetes/robot$ kubectl exec -it dev-sdc-onboarding-be-6d9cb67749-qghhk -n onap bash Defaulting container name to sdc-onboarding-be. Use 'kubectl describe pod/dev-sdc-onboarding-be-6d9cb67749-qghhk -n onap' to see all of the containers in this pod. jetty@dev-sdc-onboarding-be-6d9cb67749-qghhk:/var/lib/jetty$ ls -all total 140 drwxr-xr-x 1 jetty jetty 4096 Nov 20 14:46 . drwxr-xr-x 1 root root 4096 Oct 26 15:27 .. -rw-rw-r-- 1 jetty jetty 70949 Nov 20 15:20 VSPPackage.zip drwxr-xr-x 2 root root 4096 Nov 20 15:38 cert drwxr-xr-x 1 jetty jetty 4096 Nov 20 14:02 chef-solo drwxr-xr-x 3 jetty jetty 4096 Nov 20 14:02 config drwxr-xr-x 2 jetty jetty 4096 Nov 20 14:02 etc drwxr-xr-x 1 jetty jetty 4096 Sep 11 08:28 lib drwxr-xr-x 2 jetty jetty 4096 Nov 20 14:02 logs -rwxr-xr-x 1 jetty jetty 324 Nov 20 14:02 ready-probe.sh drwxr-xr-x 1 jetty jetty 4096 Nov 20 14:02 resources drwxr-xr-x 1 jetty jetty 4096 Nov 20 14:02 start.d -rwxrwx--- 1 jetty jetty 606 Oct 26 15:21 startup.sh drwxr-xr-x 2 jetty jetty 4096 Nov 20 14:02 temp -rw-r--r-- 1 jetty jetty 25 Nov 20 14:02 wait_logback.log drwxr-xr-x 1 jetty jetty 4096 Oct 26 15:29 webapps jetty@dev-sdc-onboarding-be-6d9cb67749-qghhk:/var/lib/jetty$
In robot test cases we prepared test case that was loading cert directly to sdc onboarding pod and validating VSP both in VNFSDK and SDC. Now we cannot validate secured packages in sdc onboarading.