Secure Kafka Authentication

[ccsdk/cds.git] / ms / blueprintsprocessor / application / src / main / resources / application.properties

#
#  Copyright (c) 2017-2019 AT&T, IBM, Bell Canada, Nordix Foundation.
#
#  Licensed under the Apache License, Version 2.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.
#
# Web server config
### START -Controller Blueprints Properties
# Load Resource Source Mappings
resourceSourceMappings=processor-db=source-db,input=source-input,default=source-default,sdnc=source-rest,aai-data=source-rest,capability=source-capability,rest=source-rest,vault-data=source-rest,script=source-capability

# Controller Blueprints Core Configuration
blueprintsprocessor.blueprintDeployPath=/opt/app/onap/blueprints/deploy
blueprintsprocessor.blueprintArchivePath=/opt/app/onap/blueprints/archive
blueprintsprocessor.blueprintWorkingPath=/opt/app/onap/blueprints/working

# Controller Blueprint Load Configurations
blueprintsprocessor.loadBluePrintPaths=/opt/app/onap/model-catalog/blueprint-model
blueprintsprocessor.loadModeTypePaths=/opt/app/onap/model-catalog/definition-type
blueprintsprocessor.loadResourceDictionaryPaths=/opt/app/onap/model-catalog/resource-dictionary

# CBA file extension
controllerblueprints.loadCbaExtension=zip

### END -Controller Blueprints Properties

blueprintsprocessor.grpcEnable=true
blueprintsprocessor.httpPort=8080
blueprintsprocessor.grpcPort=9111

# db
blueprintsprocessor.db.url=jdbc:mysql://db:3306/sdnctl
blueprintsprocessor.db.username=sdnctl
blueprintsprocessor.db.password=sdnctl
blueprintsprocessor.db.driverClassName=org.mariadb.jdbc.Driver
blueprintsprocessor.db.hibernateHbm2ddlAuto=update
blueprintsprocessor.db.hibernateDDLAuto=update
blueprintsprocessor.db.hibernateNamingStrategy=org.hibernate.cfg.ImprovedNamingStrategy
blueprintsprocessor.db.hibernateDialect=org.hibernate.dialect.MySQL5InnoDBDialect

# processor-db endpoint
blueprintsprocessor.db.processor-db.type=maria-db
blueprintsprocessor.db.processor-db.url=jdbc:mysql://mariadb-galera:3306/sdnctl
blueprintsprocessor.db.processor-db.username=root
blueprintsprocessor.db.processor-db.password=secretpassword

# Python executor
blueprints.processor.functions.python.executor.executionPath=/opt/app/onap/scripts/jython/ccsdk_blueprints
blueprints.processor.functions.python.executor.modulePaths=/opt/app/onap/scripts/jython/ccsdk_blueprints,/opt/app/onap/scripts/jython/ccsdk_netconf,/opt/app/onap/scripts/jython/ccsdk_restconf

security.user.password: {bcrypt}$2a$10$duaUzVUVW0YPQCSIbGEkQOXwafZGwQ/b32/Ys4R1iwSSawFgz7QNu
security.user.name: ccsdkapps

# Error Managements
error.catalog.applicationId=cds
error.catalog.type=properties
error.catalog.errorDefinitionDir=/opt/app/onap/config/

# Used in Health Check
#endpoints.user.name=ccsdkapps
#endpoints.user.password=ccsdkapps

# Executor Options
blueprintsprocessor.resourceResolution.enabled=true
blueprintsprocessor.netconfExecutor.enabled=true
blueprintsprocessor.restConfExecutor.enabled=true
blueprintsprocessor.cliExecutor.enabled=true
blueprintsprocessor.remoteScriptCommand.enabled=true

# Command executor
blueprintsprocessor.grpcclient.remote-python.type=token-auth
blueprintsprocessor.grpcclient.remote-python.host=localhost
blueprintsprocessor.grpcclient.remote-python.port=50051
blueprintsprocessor.grpcclient.remote-python.token=Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==

# Py executor
blueprintsprocessor.grpcclient.py-executor.type=tls-auth
blueprintsprocessor.grpcclient.py-executor.host=py-executor-default:50052
blueprintsprocessor.grpcclient.py-executor.trustCertCollection=/opt/app/onap/config/certs/py-executor/py-executor-chain.pem

# Config Data REST client settings
blueprintsprocessor.restconfEnabled=true
blueprintsprocessor.restclient.sdnc.type=basic-auth
blueprintsprocessor.restclient.sdnc.url=http://sdnc:8282
blueprintsprocessor.restclient.sdnc.username=admin
blueprintsprocessor.restclient.sdnc.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U

# Primary AAI Data REST Client settings
blueprintsprocessor.restclient.aai-data.type=basic-auth
blueprintsprocessor.restclient.aai-data.url=https://aai:8443
blueprintsprocessor.restclient.aai-data.username=aai@aai.onap.org
blueprintsprocessor.restclient.aai-data.password=demo123456!
blueprintsprocessor.restclient.aai-data.additionalHeaders.X-TransactionId=cds-transaction-id
blueprintsprocessor.restclient.aai-data.additionalHeaders.X-FromAppId=cds-app-id
blueprintsprocessor.restclient.aai-data.additionalHeaders.Accept=application/json

# Kafka audit service Configurations
## Audit request
blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable=false
blueprintsprocessor.messageproducer.self-service-api.audit.request.type=kafka-basic-auth
blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers=127.0.0.1:9092
blueprintsprocessor.messageproducer.self-service-api.audit.request.clientId=audit-request-producer-client-id
blueprintsprocessor.messageproducer.self-service-api.audit.request.topic=audit-request-producer.t
#### Security settings
#### SSL
#blueprintsprocessor.messageproducer.self-service-api.audit.request.truststore=/path/to/truststore.jks
#blueprintsprocessor.messageproducer.self-service-api.audit.request.truststorePassword=truststorePassword
#blueprintsprocessor.messageproducer.self-service-api.audit.request.keystore=/path/to/keystore.jks
#blueprintsprocessor.messageproducer.self-service-api.audit.request.keystorePassword=keystorePassword
#### SCRAM
#blueprintsprocessor.messageproducer.self-service-api.audit.request.scramUsername=test-user
#blueprintsprocessor.messageproducer.self-service-api.audit.request.scramPassword=testUserPassword

## Audit response
blueprintsprocessor.messageproducer.self-service-api.audit.response.type=kafka-basic-auth
blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers=127.0.0.1:9092
blueprintsprocessor.messageproducer.self-service-api.audit.response.clientId=audit-response-producer-client-id
blueprintsprocessor.messageproducer.self-service-api.audit.response.topic=audit-response-producer.t

# Message prioritization kakfa properties, Enable if Prioritization service is needed
# Deploy message-prioritization function along with blueprintsprocessor application.
#blueprintsprocessor.messageconsumer.prioritize-input.type=kafka-streams-basic-auth
#blueprintsprocessor.messageconsumer.prioritize-input.bootstrapServers=127.0.0.1:9092
#blueprintsprocessor.messageconsumer.prioritize-input.applicationId=cds-controller
#blueprintsprocessor.messageconsumer.prioritize-input.topic=prioritize-input-topic

blueprintprocessor.remoteScriptCommand.enabled=true

#Encrypted username and password for health check service
endpoints.user.name=eHbVUbJAj4AG2522cSbrOQ==
endpoints.user.password=eHbVUbJAj4AG2522cSbrOQ==

#BaseUrls for health check blueprint processor services
blueprintprocessor.healthcheck.baseUrl=http://localhost:8080/
blueprintprocessor.healthcheck.mapping-service-name-with-service-link=[Execution service,/api/v1/execution-service/health-check],[Resources service,/api/v1/resources/health-check],[Template service,/api/v1/template/health-check]

#BaseUrls for health check Cds Listener services
cdslistener.healthcheck.baseUrl=http://cds-sdc-listener:8080/
cdslistener.healthcheck.mapping-service-name-with-service-link=[SDC Listener service,/api/v1/sdclistener/healthcheck]

#Actuator properties
management.endpoints.web.exposure.include=*
management.endpoint.health.show-details=always
management.info.git.mode=full