X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fcomponents%2Faai-resources%2Fvalues.yaml;h=f30b067b2e1ee552552d9a3262df24a7866e41fc;hb=c8c2a502a15e90110840d3e4cea6d8377419de48;hp=b1d8a0ad7b244b22b5b9f0e99f1ce59882fc2c16;hpb=b6e0f1a88ccb5f2bcaedc5e4d55682f18ed6be7a;p=oom.git

diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
index b1d8a0ad7b..f30b067b2e 100644
--- a/kubernetes/aai/components/aai-resources/values.yaml
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -49,7 +49,7 @@ global: # global defaults
 
     # Active spring profiles for the resources microservice
     profiles:
-      active: production,dmaap,aaf-auth
+      active: production,dmaap,aaf-auth #,keycloak
 
     # Notification event specific properties
     notification:
@@ -137,9 +137,19 @@ certInitializer:
   credsPath: /opt/app/osaaf/local
   fqi_namespace: org.onap.aai-resources
   aaf_add_config: |
-    echo "*** writing passwords into prop file"
-    echo "KEYSTORE_PASSWORD=${cadi_keystore_password_p12}" > {{ .Values.credsPath }}/mycreds.prop
-    echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> {{ .Values.credsPath }}/mycreds.prop
+    echo "*** changing them into shell safe ones"
+    export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+    export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+    cd {{ .Values.credsPath }}
+    keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
+      -storepass "${cadi_keystore_password_p12}" \
+      -keystore {{ .Values.fqi_namespace }}.p12
+    keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \
+      -storepass "${cadi_truststore_password}" \
+      -keystore {{ .Values.fqi_namespace }}.trust.jks
+    echo "*** save the generated passwords"
+    echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
+    echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop
     echo "*** change ownership of certificates to targeted user"
     chown -R 1000 {{ .Values.credsPath }}
 
@@ -154,9 +164,19 @@ replicaCount: 1
 
 # Configuration for the resources deployment
 config:
+  # configure keycloak according to your environment.
+  # don't forget to add keycloak in active profiles above (global.config.profiles)
   keycloak:
-    host: localhost
+    host: keycloak.your.domain
     port: 8180
+    # Specifies a set of users, credentials, roles, and groups
+    realm: aai-resources
+    # Used by any client application for enabling fine-grained authorization for their protected resources
+    resource: aai-resources-app
+    # If set to true, additional criteria will be added that match the data-owner property with the given role
+    # to the user in keycloak
+    multiTenancy:
+      enabled: true
 
   # Specifies crud related operation timeouts and overrides
   crud: