[GLOBAL] Don't try to set keypassword when storetype is PKCS12
[oom.git] / kubernetes / aai / components / aai-traversal / values.yaml
index 1e3a962..38011a0 100644 (file)
@@ -123,21 +123,21 @@ certInitializer:
   credsPath: /opt/app/osaaf/local
   fqi_namespace: org.onap.aai-traversal
   aaf_add_config: |
-    echo "*** retrieving password for keystore and trustore"
-    export $(/opt/app/aaf_config/bin/agent.sh local showpass \
-      {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0)
-    if [ -z "$cadi_keystore_password_p12" ]
-    then
-      echo "  /!\ certificates retrieval wasn't good"
-      exit 1
-    else
-      echo "*** writing passwords into prop file"
-      echo "KEYSTORE_PASSWORD=${cadi_keystore_password_p12}" > {{ .Values.credsPath }}/mycreds.prop
-      echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> {{ .Values.credsPath }}/mycreds.prop
-      echo "*** change ownership of certificates to targeted user"
-      chown -R 1000 {{ .Values.credsPath }}
-    fi
-  truststoreAllPassword: changeit
+    echo "*** changing them into shell safe ones"
+    export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+    export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+    cd {{ .Values.credsPath }}
+    keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
+      -storepass "${cadi_keystore_password_p12}" \
+      -keystore {{ .Values.fqi_namespace }}.p12
+    keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \
+      -storepass "${cadi_truststore_password}" \
+      -keystore {{ .Values.fqi_namespace }}.trust.jks
+    echo "*** save the generated passwords"
+    echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
+    echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop
+    echo "*** change ownership of certificates to targeted user"
+    chown -R 1000 {{ .Values.credsPath }}
 
 # application image
 image: onap/aai-traversal:1.8.0