Truststore given by AAF is only giving ONAP root_ca.
In order to have access to other platforms, we must also have all the
other ones.
As ONAP root ÇA and all known CAs are present in truststore All, let's
use it.
Issue-ID: OOM-2688
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I551b8e4a316dcf4f2dee1bf6c45327496a488cdd
18 files changed:
- |
export ACTUATOR_PASSWORD="$(cat /tmp/app/encoded)"
{{- if .Values.global.aafEnabled }}
- |
export ACTUATOR_PASSWORD="$(cat /tmp/app/encoded)"
{{- if .Values.global.aafEnabled }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
export AAF_AUTH=$(echo "Basic ${AAF_BASE64}")
export AAI_AUTH=$(cat /input/.aai_creds)
{{- if .Values.global.aafEnabled }}
export AAF_AUTH=$(echo "Basic ${AAF_BASE64}")
export AAI_AUTH=$(cat /input/.aai_creds)
{{- if .Values.global.aafEnabled }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password}"
{{- end }}
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password}"
{{- end }}
medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- |
export ETSI_NFVO_PASSWORD=`htpasswd -bnBC 10 "" $ETSI_NFVO_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
{{- if .Values.global.aafEnabled }}
- |
export ETSI_NFVO_PASSWORD=`htpasswd -bnBC 10 "" $ETSI_NFVO_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
{{- if .Values.global.aafEnabled }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
export SO_MONITORING_PASSWORD=`htpasswd -bnBC 10 "" $SO_MON_PASS | tr -d ':\n' | sed 's/\$2y/\$2a/'`
{{- if .Values.global.aafEnabled }}
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.cred.props | xargs -0)
export SO_MONITORING_PASSWORD=`htpasswd -bnBC 10 "" $SO_MON_PASS | tr -d ':\n' | sed 's/\$2y/\$2a/'`
{{- if .Values.global.aafEnabled }}
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.cred.props | xargs -0)
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export KEYSTORE=file://$cadi_keystore
export KEYSTORE_PASSWORD=$cadi_keystore_password_p12
export TRUSTSTORE=file://$cadi_truststore
export KEYSTORE=file://$cadi_keystore
export KEYSTORE_PASSWORD=$cadi_keystore_password_p12
export TRUSTSTORE=file://$cadi_truststore
export BPEL_PASSWORD=`htpasswd -bnBC 10 "" $BPEL_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
export ACTUATOR_PASSWORD=`htpasswd -bnBC 10 "" $ACTUATOR_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
{{- if .Values.global.aafEnabled }}
export BPEL_PASSWORD=`htpasswd -bnBC 10 "" $BPEL_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
export ACTUATOR_PASSWORD=`htpasswd -bnBC 10 "" $ACTUATOR_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
{{- if .Values.global.aafEnabled }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
export KEYSTORE="{{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.p12"
/app/start-app.sh
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
export KEYSTORE="{{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.p12"
/app/start-app.sh
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
cadiLoglevel: {{ $initRoot.cadi.logLevel }}
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
cadiLoglevel: {{ $initRoot.cadi.logLevel }}
-cadiKeyFile: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.keyFile }}
-cadiTrustStore: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.trustore }}
+cadiKeyFile: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.certInitializer.fqi_namespace }}.keyfile
+cadiTrustStore: {{ $initRoot.certInitializer.credsPath }}/truststoreONAPall.jks
cadiTruststorePassword: ${TRUSTSTORE_PASSWORD}
cadiLatitude: {{ $initRoot.cadi.latitude }}
cadiLongitude: {{ $initRoot.cadi.longitude }}
cadiTruststorePassword: ${TRUSTSTORE_PASSWORD}
cadiLatitude: {{ $initRoot.cadi.latitude }}
cadiLongitude: {{ $initRoot.cadi.longitude }}
{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
{{- if $dot.Values.global.aafEnabled }}
- name: TRUSTSTORE
{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
{{- if $dot.Values.global.aafEnabled }}
- name: TRUSTSTORE
- value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}
+ value: {{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks
{{- if $dot.Values.global.security.aaf.enabled }}
- name: KEYSTORE
{{- if $dot.Values.global.security.aaf.enabled }}
- name: KEYSTORE
- value: {{ $subchartDot.Values.certInitializer.credsPath }}/org.onap.so.p12
+ value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.certInitializer.fqi_namespace }}.p12
{{- end }}
{{- end }}
{{- end -}}
{{- end }}
{{- end }}
{{- end -}}
enabled: false
app:
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
enabled: false
app:
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
- client:
- certs:
- truststore: /app/client/org.onap.so.trust.jks
- keystore: /app/client/org.onap.so.jks
- trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI
- keyStorePassword: c280b25hcA==
- certificates:
- path: /etc/ssl/certs
- share_path: /usr/local/share/ca-certificates/
-
#################################################################
# AAF part
#################################################################
# AAF part
cadi_latitude: '0.0'
app_ns: org.osaaf.aaf
credsPath: /opt/app/osaaf/local
cadi_latitude: '0.0'
app_ns: org.osaaf.aaf
credsPath: /opt/app/osaaf/local
- trustStoreAllPass: changeit
+ qi_namespace: org.onap.so
aaf_add_config: |
echo "cadi_truststore_password=$cadi_truststore_password" > {{ .Values.credsPath }}/mycreds.prop
aaf_add_config: |
echo "cadi_truststore_password=$cadi_truststore_password" > {{ .Values.credsPath }}/mycreds.prop
- echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
+ echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" >> {{ .Values.credsPath }}/mycreds.prop
+ echo "TRUSTSTORE_PASSWORD={{ .Values.truststorePassword }}" >> {{ .Values.credsPath }}/mycreds.prop
aafConfig:
permission_user: 1000
permission_group: 999
aafConfig:
permission_user: 1000
permission_group: 999
-aaf:
- trustore: org.onap.so.trust.jks
- keyFile: org.onap.so.keyfile
-
#################################################################
# Application configuration defaults.
#################################################################
#################################################################
# Application configuration defaults.
#################################################################
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
defaultCloudOwner: onap
auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
defaultCloudOwner: onap
- client:
- certs:
- truststore: /app/client/org.onap.so.trust.jks
- keystore: /app/client/org.onap.so.jks
- trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI
- keyStorePassword: c280b25hcA==
certificates:
path: /etc/ssl/certs
share_path: /usr/local/share/ca-certificates/
certificates:
path: /etc/ssl/certs
share_path: /usr/local/share/ca-certificates/