+ # dbCredsExternalSecret: some secret
+ msbEnabled: true
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+ app:
+ siteName: onapheat
+ auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+ defaultCloudOwner: onap
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ client:
+ certs:
+ truststore: /app/client/org.onap.so.trust.jks
+ keystore: /app/client/org.onap.so.jks
+ trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI
+ keyStorePassword: c280b25hcA==
+ certificates:
+ path: /etc/ssl/certs
+ share_path: /usr/local/share/ca-certificates/
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-pass
+ name: &dbRootPassSecretName '{{ include "common.release" . }}-so-db-root-pass'
+ type: password
+ externalSecret: '{{ ternary .Values.global.mariadbGalera.rootPasswordExternalSecret (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.rootPasswordExternalSecret) .Values.global.mariadbGalera.localCluster }}'
+ password: '{{ .Values.global.mariadbGalera.mariadbRootpassword }}'
+ - uid: db-backup-creds
+ name: &dbBackupCredsSecretName '{{ include "common.release" . }}-so-db-backup-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary .Values.global.migration.dbCredsExternalSecret "migrationDisabled" .Values.global.migration.enabled }}'
+ login: '{{ ternary .Values.global.migration.dbUser "migrationDisabled" .Values.global.migration.enabled }}'
+ password: '{{ ternary .Values.global.migration.dbPassword "migrationDisabled" .Values.global.migration.enabled }}'
+ passwordPolicy: required
+ annotations:
+ helm.sh/hook: pre-upgrade,pre-install
+ helm.sh/hook-weight: "0"
+ helm.sh/hook-delete-policy: before-hook-creation
+ - uid: db-user-creds
+ name: &dbUserCredsSecretName '{{ include "common.release" . }}-so-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.dbCreds.userCredsExternalSecret }}'
+ login: '{{ .Values.dbCreds.userName }}'
+ password: '{{ .Values.dbCreds.userPassword }}'
+ passwordPolicy: generate
+ - uid: db-admin-creds
+ name: &dbAdminCredsSecretName '{{ include "common.release" . }}-so-db-admin-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.dbCreds.adminCredsExternalSecret }}'
+ login: '{{ .Values.dbCreds.adminName }}'
+ password: '{{ .Values.dbCreds.adminPassword }}'
+ passwordPolicy: generate
+ - uid: "so-onap-certs"
+ name: &so-certs '{{ include "common.release" . }}-so-certs'
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths:
+ - resources/config/certificates/msb-ca.crt
+ - uid: "mso-key"
+ name: &mso-key '{{ include "common.release" . }}-mso-key'
+ type: password
+ password: '{{ .Values.global.app.msoKey }}'
+ - uid: mso-oof-auth
+ name: &mso-oof-auth '{{ include "common.release" . }}-mso-oof-auth'
+ type: basicAuth
+ login: '{{ .Values.mso.oof.login }}'
+ password: '{{ .Values.mso.oof.password }}'
+ passwordPolicy: required
+
+aafConfig:
+ permission_user: 1000
+ permission_group: 999
+
+aaf:
+ trustore: org.onap.so.trust.jks