X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fcomponents%2Faai-resources%2Fresources%2Fconfig%2Fapplication.properties;h=7258b7bef83f293974e3b08a0bac31201802d84c;hb=5a93da9aaa636ddc0a1ee72a00aa8037e2c54da5;hp=61410c551ea4c17127825d1a7cfadc8199195096;hpb=0f80df72a06ef7ae74be47de47d4bcb3ce3e4050;p=oom.git diff --git a/kubernetes/aai/components/aai-resources/resources/config/application.properties b/kubernetes/aai/components/aai-resources/resources/config/application.properties index 61410c551e..7258b7bef8 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/application.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/application.properties @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,9 +27,9 @@ spring.jersey.type=filter spring.main.allow-bean-definition-overriding=true server.servlet.context-path=/ -spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration +spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration -spring.profiles.active={{ .Values.global.config.profiles.active }} +spring.profiles.active={{ .Values.global.config.profiles.active }}{{ .Values.global.aafEnabled | ternary ",aaf-auth" "" }} spring.jersey.application-path=${schema.uri.base.path} #The max number of active threads in this pool server.tomcat.max-threads=200 @@ -43,18 +44,23 @@ server.local.startpath=aai-resources/src/main/resources/ server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties server.port=8447 +{{ if ( include "common.needTLS" .) }} server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 -server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} -server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) -server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} -server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +server.ssl.key-store-password=${KEYSTORE_PASSWORD} +server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} server.ssl.client-auth=want server.ssl.key-store-type=JKS +{{ else }} +security.require-ssl=false +server.ssl.enabled=false +{{ end }} # JMS bind address host port jms.bind.address=tcp://localhost:61647 -dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:3905 -dmaap.ribbon.transportType=https +dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }} +dmaap.ribbon.transportType={{ include "common.scheme" . }} # Schema related attributes for the oxm and edges # Any additional schema related attributes should start with prefix schema @@ -86,13 +92,19 @@ schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.lab schema.version.api.default={{ .Values.global.config.schema.version.api.default }} schema.translator.list={{ .Values.global.config.schema.translator.list }} -schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/ +schema.service.base.url={{ include "common.scheme" . }}://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/ schema.service.nodes.endpoint=nodes?version= schema.service.edges.endpoint=edgerules?version= schema.service.versions.endpoint=versions -schema.service.client={{ .Values.global.config.schema.service.client }} +schema.service.client={{ (eq "true" ( include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }} -schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} -schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} -schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) -schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +{{ if ( include "common.needTLS" .) }} +schema.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD} +schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} +{{ end }} + +#to expose the Prometheus scraping endpoint +management.metrics.distribution.percentiles-histogram[http.server.requests]=true +management.metrics.distribution.sla[http.server.requests]=20ms, 30ms, 40ms, 50ms, 60ms, 70ms, 80ms, 90ms, 100ms, 500ms, 1000ms, 5000ms, 7000ms \ No newline at end of file