X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fcomponents%2Faai-traversal%2Fvalues.yaml;h=ad4279a5431081ba8d1781fa8eb9671cfe4424d8;hb=21349802fd5b6aea04b66630f108b3603930c7c4;hp=253f9b9e93f8c9374b98e02d752356478aefb030;hpb=12632a7217a7137caa4c1ab87c76f44c9add8b3b;p=oom.git

diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml
index 253f9b9e93..ad4279a543 100644
--- a/kubernetes/aai/components/aai-traversal/values.yaml
+++ b/kubernetes/aai/components/aai-traversal/values.yaml
@@ -59,7 +59,7 @@ global: # global defaults
 
     # Active spring profiles for the resources microservice
     profiles:
-      active: production,dmaap,aaf-auth
+      active: production,dmaap,aaf-auth #,keycloak
 
     # Notification event specific properties
     notification:
@@ -133,11 +133,6 @@ certInitializer:
     keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \
       -storepass "${cadi_truststore_password}" \
       -keystore {{ .Values.fqi_namespace }}.trust.jks
-    echo "*** set key password as same password as keystore password"
-    keytool -keypasswd -new "${KEYSTORE_PASSWORD}" \
-      -keystore {{ .Values.fqi_namespace }}.p12 \
-      -keypass "${cadi_keystore_password_p12}" \
-      -storepass "${KEYSTORE_PASSWORD}" -alias {{ .Values.fqi }}
     echo "*** save the generated passwords"
     echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
     echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop
@@ -173,6 +168,20 @@ aai_enpoints:
 # application configuration
 config:
 
+  # configure keycloak according to your environment.
+  # don't forget to add keycloak in active profiles above (global.config.profiles)
+  keycloak:
+    host: keycloak.your.domain
+    port: 8180
+    # Specifies a set of users, credentials, roles, and groups
+    realm: aai-traversal
+    # Used by any client application for enabling fine-grained authorization for their protected resources
+    resource: aai-traversal-app
+    # If set to true, additional criteria will be added into traversal query to returns all the vertices that match
+    # the data-owner property with the given role to the user in keycloak
+    multiTenancy:
+      enabled: true
+
   # Specifies timeout information such as application specific and limits
   timeout:
     # If set to true application will timeout for queries taking longer than limit