Merge "Portal AAF REST API perm fixes for Roles"

author Sylvain Desbureaux <sylvain.desbureaux@orange.com>

Mon, 4 May 2020 15:30:15 +0000 (15:30 +0000)

committer Gerrit Code Review <gerrit@onap.org>

Mon, 4 May 2020 15:30:15 +0000 (15:30 +0000)
author Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Mon, 4 May 2020 15:30:15 +0000 (15:30 +0000)
committer Gerrit Code Review <gerrit@onap.org>
Mon, 4 May 2020 15:30:15 +0000 (15:30 +0000)
diff --git a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties

index 63348f0..aeef85e 100755 (executable)
--- a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
+++ b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
@@ -115,13 +115,12 @@ external_system_notification_url= https://jira.onap.org/browse/
  #cookie domain
  cookie_domain = onap.org
  
-{{- if .Values.global.aafEnabled }}
-# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now)
-ext_central_access_user_name = aaf_admin@people.osaaf.org
-ext_central_access_password = thiswillbereplacedatruntime
-ext_central_access_url = {{ .Values.aafURL }}/authz/
-ext_central_access_user_domain = @people.osaaf.org
-
  # External Central Auth system access
-remote_centralized_system_access = true
-{{- end }}
+remote_centralized_system_access = {{.Values.global.aafEnabled}}
+
+# External Access System Basic Auth Credentials & Rest endpoint
+# The credentials are placeholders as these are replaced by AAF X509 identity at runtime
+ext_central_access_user_name = portal@portal.onap.org
+ext_central_access_password = thisfakepasswordwillbereplacedbythex509cert
+ext_central_access_url = {{.Values.aafURL}}
+ext_central_access_user_domain = @people.osaaf.org
+\ No newline at end of file
diff --git a/kubernetes/portal/charts/portal-app/templates/deployment.yaml b/kubernetes/portal/charts/portal-app/templates/deployment.yaml

index 14bbd3c..af00b5f 100644 (file)
--- a/kubernetes/portal/charts/portal-app/templates/deployment.yaml
+++ b/kubernetes/portal/charts/portal-app/templates/deployment.yaml
@@ -60,7 +60,7 @@ spec:
                -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
                /start-apache-tomcat.sh -i \"\" -n \"\" -b {{ .Values.global.env.tomcatDir }}"]
          env:
-          - name: _CATALINA_OPTS
+          - name: CATALINA_OPTS
              value: >
                -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}"
                -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}"
diff --git a/kubernetes/portal/charts/portal-app/values.yaml b/kubernetes/portal/charts/portal-app/values.yaml

index 2438827..a33bff1 100644 (file)
--- a/kubernetes/portal/charts/portal-app/values.yaml
+++ b/kubernetes/portal/charts/portal-app/values.yaml
@@ -37,7 +37,7 @@ pullPolicy: Always
  
  #AAF local config
  
-aafURL: https://aaf-service:8100/
+aafURL: https://aaf-service:8100/authz/
  aafConfig:
    aafDeployFqi: deployer@people.osaaf.org
    aafDeployPass: demo123456!
diff --git a/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties b/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties

index 063ba3d..45ea9b7 100755 (executable)
--- a/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
+++ b/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
@@ -82,13 +82,12 @@ authenticate_user_server=http://{{.Values.global.portalHostName}}:8383/openid-co
  #cookie domain
  cookie_domain = onap.org
  
-{{- if .Values.global.aafEnabled }}
-# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now)
-ext_central_access_user_name = aaf_admin@people.osaaf.org
-ext_central_access_password = thiswillbereplacedatruntime
-ext_central_access_url = {{ .Values.aafURL }}/authz/
-ext_central_access_user_domain = @people.osaaf.org
-
  # External Central Auth system access
-remote_centralized_system_access = true
-{{- end }}
-\ No newline at end of file
+remote_centralized_system_access = {{.Values.global.aafEnabled}}
+
+# External Access System Basic Auth Credentials & Rest endpoint
+# The credentials are placeholders as these are replaced by AAF X509 identity at runtime
+ext_central_access_user_name = portal@portal.onap.org
+ext_central_access_password = thisfakepasswordwillbereplacedbythex509cert
+ext_central_access_url = {{.Values.aafURL}}
+ext_central_access_user_domain = @people.osaaf.org
+\ No newline at end of file
diff --git a/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml b/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml

index 2de9a1b..b78ef34 100644 (file)
--- a/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml
+++ b/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml
@@ -60,7 +60,7 @@ spec:
          -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
          /start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
          env:
-          - name: _CATALINA_OPTS
+          - name: CATALINA_OPTS
              value: >
                -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}"
                -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}"
diff --git a/kubernetes/portal/charts/portal-sdk/values.yaml b/kubernetes/portal/charts/portal-sdk/values.yaml

index 45af55f..96ae909 100644 (file)
--- a/kubernetes/portal/charts/portal-sdk/values.yaml
+++ b/kubernetes/portal/charts/portal-sdk/values.yaml
@@ -37,7 +37,7 @@ image: onap/portal-sdk:3.2.0
  pullPolicy: Always
  
  #AAF local config
-aafURL: https://aaf-service:8100/
+aafURL: https://aaf-service:8100/authz/
  aafConfig:
    aafDeployFqi: deployer@people.osaaf.org
    aafDeployPass: demo123456!
author	Sylvain Desbureaux <sylvain.desbureaux@orange.com>
	Mon, 4 May 2020 15:30:15 +0000 (15:30 +0000)
committer	Gerrit Code Review <gerrit@onap.org>
	Mon, 4 May 2020 15:30:15 +0000 (15:30 +0000)
kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties		patch \| blob \| history
kubernetes/portal/charts/portal-app/templates/deployment.yaml		patch \| blob \| history
kubernetes/portal/charts/portal-app/values.yaml		patch \| blob \| history
kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties		patch \| blob \| history
kubernetes/portal/charts/portal-sdk/templates/deployment.yaml		patch \| blob \| history
kubernetes/portal/charts/portal-sdk/values.yaml		patch \| blob \| history