{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
-spring.profiles.active={{ .Values.global.config.profiles.active }}
+spring.profiles.active={{ .Values.global.config.profiles.active }}{{ (eq "true" (include "common.needTLS" .)) | ternary ",one-way-ssl" "" }}
spring.jersey.application-path=${schema.uri.base.path}
#The max number of active threads in this pool
server.tomcat.max-threads=200
server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
server.port=8446
+{{ if ( include "common.needTLS" .) }}
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
-server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
-server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
-server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }}
-server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+server.ssl.key-store-password=${KEYSTORE_PASSWORD}
+server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
server.ssl.client-auth=want
server.ssl.key-store-type=JKS
+{{ else }}
+security.require-ssl=false
+server.ssl.enabled=false
+{{ end }}
# JMS bind address host port
jms.bind.address=tcp://localhost:61647
-dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:3905
-dmaap.ribbon.transportType=https
+dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }}
+dmaap.ribbon.transportType={{ include "common.scheme" . }}
# Schema related attributes for the oxm and edges
# Any additional schema related attributes should start with prefix schema
schema.version.api.default={{ .Values.global.config.schema.version.api.default }}
schema.translator.list={{ .Values.global.config.schema.translator.list }}
-schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
+schema.service.base.url={{ include "common.scheme" . }}://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
schema.service.nodes.endpoint=nodes?version=
schema.service.edges.endpoint=edgerules?version=
schema.service.versions.endpoint=versions
schema.service.custom.queries.endpoint=stored-queries
-schema.service.client={{ .Values.global.config.schema.service.client }}
+schema.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
-schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
-schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }}
-schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
-schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+{{ if ( include "common.needTLS" .) }}
+schema.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD}
+schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
+{{ end }}