Merge "Adding trust-store and trust-store-password params"

diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst
index b5f3c07..5aeee2e 100644 (file)
--- a/docs/oom_hardcoded_certificates.rst
+++ b/docs/oom_hardcoded_certificates.rst
@@ -52,3 +52,9 @@ Here's the list of these certificates:
  +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
  | VID              | No               | Yes              | No              | kubernetes/vid/resources/cert                                            |
  +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | OOF/OOF-CMSO     | Yes              | No               | No              | kubernetes/oof/charts/oof-cmso/resources/certs                           |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | OOF/OOF-HAS      | Yes              | No               | No              | kubernetes/oof/charts/oof-has/resources/config                           |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | OOF/OOF-OSDF     | Yes              | No               | No              | kubernetes/oof/resources/config                                          |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+

diff --git a/kubernetes/aai b/kubernetes/aai
index ab137ca..eb70b3f 160000 (submodule)
--- a/kubernetes/aai
+++ b/kubernetes/aai
@@ -1 +1 @@
-Subproject commit ab137ca81f5d4f9eb3d442f37f8e7ea52d7757f0
+Subproject commit eb70b3f12b30d4d7ea010723707db8c3e2ef2354

diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json
index 41404b0..c52a0a8 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json
@@ -2,7 +2,6 @@
     "dmaap": {
         "username": "notused",
         "password": "doesnotmatter",
-        "owner": "dcaecm",
-        "protocol": "http"
-    }
+        "owner": "dcaecm"
+     }
 }
\ No newline at end of file

diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml
index c2d6f8c..6780847 100644 (file)
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml
@@ -45,6 +45,13 @@ spec:
         image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
+      - name: {{ include "common.name" . }}-chown
+        command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
+        image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts:
+        - name: {{ include "common.fullname" . }}-logs
+          mountPath: /share/logs
       - name: db-init
         image: "{{ include "common.repository" . }}/{{ .Values.dbinit.image }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}

diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml
index a9a89dd..f3f176f 100644 (file)
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml
@@ -25,12 +25,12 @@ subChartsOnly:
 
 # application image
 repository: nexus3.onap.org:10001
-image: onap/optf-cmso-optimizer:2.1.1
+image: onap/optf-cmso-optimizer:2.2.0
 pullPolicy: Always
 
 #init container image
 dbinit:
-  image: onap/optf-cmso-dbinit:2.1.1
+  image: onap/optf-cmso-dbinit:2.2.0
 
 # flag to enable debugging - application support required
 debugEnabled: false

diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml
index b41b840..ca45d7e 100644 (file)
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml
@@ -45,6 +45,13 @@ spec:
         image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
+      - name: {{ include "common.name" . }}-chown
+        command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
+        image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts:
+        - name: {{ include "common.fullname" . }}-logs
+          mountPath: /share/logs
       - name: db-init
         image: "{{ include "common.repository" . }}/{{ .Values.dbinit.image }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}

diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml
index 345f03d..90a74bd 100644 (file)
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml
@@ -25,13 +25,13 @@ subChartsOnly:
 
 # application image
 repository: nexus3.onap.org:10001
-image: onap/optf-cmso-service:2.1.1
-robotimage: onap/optf-cmso-robot:2.1.1
+image: onap/optf-cmso-service:2.2.0
+robotimage: onap/optf-cmso-robot:2.2.0
 pullPolicy: Always
 
 #init container image
 dbinit:
-  image: onap/optf-cmso-dbinit:2.1.1
+  image: onap/optf-cmso-dbinit:2.2.0
 
 # flag to enable debugging - application support required
 debugEnabled: false

diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/deployment.yaml
index 53d1b26..0b0b7e0 100644 (file)
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/deployment.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/deployment.yaml
@@ -30,6 +30,14 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
+      initContainers:
+      - name: {{ include "common.name" . }}-chown
+        command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
+        image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts:
+          - name: {{ include "common.fullname" . }}-logs
+            mountPath: /share/logs
       containers:
       - name: {{ include "common.name" . }}
         image: "{{ include "common.repository" . }}/{{ .Values.image }}"

diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/values.yaml
index 300a72c..846245a 100644 (file)
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/values.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/values.yaml
@@ -20,13 +20,12 @@ global: # global defaults
   readinessRepository: oomk8s
   readinessImage: readiness-check:2.0.0
   authentication: proprietary-auth
-  
 subChartsOnly:
   enabled: true
 
 # application image
 repository: nexus3.onap.org:10001
-image: onap/optf-cmso-ticketmgt:2.1.1
+image: onap/optf-cmso-ticketmgt:2.2.0
 pullPolicy: Always
 
 

diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/deployment.yaml
index 8cc4a98..a23ac43 100644 (file)
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/deployment.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/deployment.yaml
@@ -30,6 +30,14 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
+      initContainers:
+      - name: {{ include "common.name" . }}-chown
+        command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
+        image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts:
+        - name: {{ include "common.fullname" . }}-logs
+          mountPath: /share/logs
       containers:
       - name: {{ include "common.name" . }}
         image: "{{ include "common.repository" . }}/{{ .Values.image }}"

diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/values.yaml
index c8ac5d7..775da43 100644 (file)
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/values.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/values.yaml
@@ -25,7 +25,7 @@ subChartsOnly:
 
 # application image
 repository: nexus3.onap.org:10001
-image: onap/optf-cmso-topology:2.1.1
+image: onap/optf-cmso-topology:2.2.0
 pullPolicy: Always
 
 

diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks
index 535abaa..f1e0108 100644 (file)
Binary files a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks and b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks differ

diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile
index f85a567..78a6afb 100644 (file)
--- a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile
+++ b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile
@@ -1,27 +1,27 @@
-liD-IR8Y1MHqPDTUqq3AaTtqnWn5jCpfIRBlyi6xY4A0fbQz8ZPlTZPHkshRt0dHdST3R7TIvTyQ
-JpTCeBNBu2df3vBbUzsN0rIpPG9TGjzmE7cRu4V4kfefSqsIj-S7OTAaWaWpwGWJYLLCB2sQALkS
-f68VWdupUEw3g9jqCU1QzjKOnLGvhlp6Qrc1xG4Z5Ar8WERw-C3DqTWUKANoEvjWkvH2rAywzj93
-pmspvd5fQfH1rp1ACNvnPrRb_oYNfwPrNpE7Sb4LvM1muoiKMDF64IDO0TkxhjHZ9wpJgVsnowby
-qmokqf39dMRRk3S1IEpOiBGyLS_885JDj_XJKYRQsjvkTzjpFJ7wE2-HDZEVWCITvtS9-Xorm5TI
-3iU4rjMDew5fkBnjoKuSOS7Lksva4ouZOCiUkDos1jAJ5XMDEQm4BcPHtcW6PpC602-qRcgnNjjP
-wOPdF7hCm27ZTai3lAtNGByR7oBr9r5Uma-soORFvg8drV8Rgh0lax-poFVhoEH7RhKPIzYpSco9
-jnpURzi_epTjAhjjup-erTv2GAIllKsSEHZLbfsFWlNUZTOx58PSB0jBN5m_8HxTyNm0zsm0Cb7U
-KsjPduQ5ZblsfRIJwqpOBXoof7WerKReMZSOdgjZUNueiuEImVH9_SYOdKZhkluSi4yfEtme7CCP
-kZ2JhdiT5km3SeonalhU2MUsx60krxyQ1mnjI4jS9QagUME4mujdvM_L7mtjcPZVSfXUn49whakE
-J-NQV6q2iZgN2IxsT_uCnlZYwnE5i-IbQkQAEu13m6ETsMmf0cwPnKaSwRhb8G48EkJhTL-GP9Z0
--EsIKT7lQt7kfX-mmNoEirTg9gQAaN3uxLmdHvXpeJdlETnnaLYYJJ3h-SL0e_5Yz2SpdsEwZ3Bk
-PtR-QvlYKDhG1nhPOna65ctCzn81PZOUP3lsO6MSTOK6D6Taxfh1TYEBAvzCP0BfFBodw4lSglFP
-I5IfdiJmomTGARa36nC_O5YzH_jBWLQrgd2gxI5H5bB-5zqzu79SGX9o2_LRVY_LVV0BmI3xSYOI
-vziYYC1XyTY6blfdiOM5a5KjraErxSTEFZVFrsx4OQ_dLA0woVtixawrIy1rgfQr49U1oIRe8BgN
-j3eis_UQAbPbmdbEe1qtXnvi6T7trHskzt6K-vTgo5ITJkr-F2Sds_QgNdaFBGuES6X5RwRGlbHT
-Tl_M8Ja_1K-RMNKJRssoRTKstpwnrhk9IcoSwYcLykbDLgeC0mhSMHOOuWv1RGRaZdzObc5YA1eB
-idQmzy5xAHzNxPHHrB-fpjFJRYv_QZY9qZcGvP58d6bHO0upxbj-BBt9zfc7Qt0JLU6EAdYbW5TI
-2v4JImikrx6KvtoK8vcjJMTDAanTVB31J65tat0rq9wYKxUdjBJLzkT3psYs_DRtYQc0i02YTD7t
-dWya0-3p1Yrt0em3XGb8JAh2PA3BsQKmvKAOc054wf_B8n8saxSFw1WQL30vU5c4-Z_p53HfaUYd
-Qg7DZskzgwBRy48sLJNCrn81RtxXfQP1XtPEZs-AAlTUslHoUdoQ1cwrYEgkNT1cjk6sLI_oKSK-
-dDICBnlYLrZRBS3sH8K38WaIh1WRY6vbGVDs1tUectUpng_-Khavd0Crw7D_CE6T7Rnfcn0pnTV-
-HW1PIXejFsONQn-2c3a9HZ-v6Hg4JL6UWm-qgBPC5118ymO0LfmrviAFAC6Wt3WFiNzrvx9Jggus
-lE0qvLVfkQVZXAy-hSPHlYZmtxk5voVsf60qPoDN2-NdpWz62M9PrXd_A03YGxzt0G6J4VXExRES
-xqLeGNGB496AfX_vEub97sR8xcbbUXsyt12uVnygifGyND60coikaKrMktv2OLOLEl8AudLp0ZNA
-oOoYJZqfUnQqaLt0dNmNa5OtzYjf7f6bYX0V8XLTHlFqZ6QzqYGFMPNhDYjqtet6d--Q8t7_5S5C
-RfXP8Wh8CjbEh2_rsr9rvy1nhM_Cptxc0BFXcS5Dt_R4vjd2G4B_LEC4Hy1s_rZThzUVxRCl
\ No newline at end of file
+dX1X5XcwStbiOmKV2k-px6nukVP3Ucg3mB6Rx3IyAyAQOZx8nU-TBK9kOV635VI5559pLF6z7jGR
+BcBfEgQtiO93vGKsSfkiVjorFz5UDqqXvoW6kFz4yQHBYR8cfFIRQ4L6mitfrs6gsM0d7CBqBz29
+I5lyzeSzmaPmJDP92jw--y3cvGRYYNLGvl3U3IIeCFX9IkDY29OZazaQaihAZx2trjLZKEeuzLN1
+6JQGbKEqCCRzZ46TXnH1DKRPxxV2aNzb_3I8402XUmlGBPf0Ucyj2wlBWrSApVVaxKKIEgIjf7vs
+x2fEMD-ye--2MkalDZ6Tm_x75GFKiia7Uc2fBBb4xHGZZEmKTh4php1Gu3v1bVY8hjXXVTpF-WXm
+cm9T4uczm_CgnKE4PtqLnYQg87LI8ONbWIE5jkgu1D4lhWkzO8nMrQlnFT0HlB-CRGu_xRsIWvnc
+bTA8K4iKJMHm7IhRfrBFNRBSq8AH_9LoUfTQ62C-Nt8g6Wu7ox6fO_dus1S9H9ndNzos31IVrn1h
+5QHxuBCUORISWjGoEQSM6spz3pyvbNMgKpkkg2izwXzDwc3RbqOgiSY8WtpKXuWceU-Ltl_npFpO
+O1suykGF6fnuql87ERJ7mcEiNd8L2_GuxTr-0YbbWgCK2IBDyfNc6ayTcjN0huoF72umE0ODQ0aK
+0HUAWAV4W6cWXEj7iOpMx1jkDURbWEdPetlz-LZKv7aN3s65Cl4Nib7ltWrs9ilP5J-KUKTkUPpM
+poBWXVZf4IjNx3H2KFzdLeGSXO3kG46tQDeeloFuY2yk1FWeyS9xLS60H2komdIW6qRVVBzeJHRN
+7dYMK5AhAgOghhe5XBhH1yHVdjLJuOMXPRrXe8dTyNU6fD1rHuvGukwSLW9lXsQkJBENfsIxY-At
+-j6Gm54G_Dz5k7tu7ThpCREVxNoBDMOBC_RemS0P-pqHSEpxEc0OjLQbVSPBQRa3eaRiqLMz_dop
+FGJt56UE73Qn0HWQw16lSdKSDtuSlByEwbQ8fRFN6e2f6DCHwW81kPpfJBcoPgO4RcoazNfbLXGI
+c3q9SSpOy6r33lPT8ZigURWiNqgO2NgWswAhaN1lllbXooQxhmTnokTxi8lbQ45ZMI0n5TKFJVAB
+TtEpi4VESECsda-Rlt2w-SE9QMSSxbdYcoMutupHoj2EuRcEDAW9ghLcfBqBkGapS_Vk-E7VYBqT
+mCzuKx5WdvNj9RFCIHq7U6axpddRd7XGgKhQwyLo075DLlpULcXjHegh2Dv_U-CgwMc7J4NfCNYL
+atLIkKAhxiaHt7nkhSVKsJK89-7_NQd-OubYnUNMREoEBJautCFfyiL5fooEb2Vdu1S-27fAYk3f
+9Zv4j_lwldSGBkNZg8vKGsSLgl9acdXld_zyUI9iGe-cj5eibI7LLpaxRL9UyBJWvElyDdTQvTZL
+DdpWmy3QF9GUGx0AwZixPixXdIHmmu2yOu1kFqNAjHqfVfoyNETlGrQRM5IPQ6RmBhWC3Iv5mSNA
+FZ0J95bvy9_HS718wAhlEiw4B6FGnTR8KZozfOtr2ihh8QybBgvvJrs-68RIB56gWyavbn-aAnXi
+zTI1YYCVzBDVv4XPzqK4itVl5gPb3KCHPUSlrVhkPLXAUix3b4-nu4pk8veAE1CYZCIy_GqPNUOT
+LqLl4-WMHodF7SLNzvPSqgolCC1TjnuO1ysOHlK86W7nZPyrpnideiLbGs6G51cG0pIcDIyWNm6d
+9TXQTiRx87cZxRxEEFz57ftjqy3qhg_sw2ziFWOeItEO6OaOgwfH2OtMToeBWiJepyfG1eB4n7jH
+OsTQLSvCt2gHI1zXyCtYBZKeZI2dxO6cOdh5ljIuS0rABHe1BP2ZkKmJIXoEPFstJlAz4GPaghL4
+8rCndhdyoW7CayzBAAe5balYq63qjqUD_eOIp-pHcEe0Mfbmzu4CDSK8-40Qia6ApskFsRCkzu1V
+Pf1fH6-3rvQZFqt6irr_7HWUFhGRcXw9kBOy8h24nTawv-L6eydW5iX0pwRMz_QfHo_Krm6O
\ No newline at end of file

diff --git a/kubernetes/oof/charts/oof-cmso/values.yaml b/kubernetes/oof/charts/oof-cmso/values.yaml
index 2b8ad94..b1c3561 100644 (file)
--- a/kubernetes/oof/charts/oof-cmso/values.yaml
+++ b/kubernetes/oof/charts/oof-cmso/values.yaml
@@ -56,9 +56,11 @@ global:
   keystoreFile: "org.onap.oof.jks"
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
-  keystorePassword: N{$tSp*U)RQzjqE;)%4z;Pv[
+  keystorePassword: OA7*y0PEGTma?$be2z#0$:L]
   truststorePassword:
   authentication: aaf-auth
+  busyBoxImage: busybox:1.30
+  busyBoxRepository: docker.io
 
 flavor: small
 

diff --git a/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties b/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties
new file mode 100644 (file)
index 0000000..189248f
--- /dev/null
+++ b/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties
@@ -0,0 +1,47 @@
+###
+# ============LICENSE_START=======================================================
+# feature-healthcheck
+# ================================================================================
+# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+http.server.services=HEALTHCHECK
+http.server.services.HEALTHCHECK.host=0.0.0.0
+http.server.services.HEALTHCHECK.port=6969
+http.server.services.HEALTHCHECK.restClasses=org.onap.policy.drools.healthcheck.RestHealthCheck
+http.server.services.HEALTHCHECK.managed=false
+http.server.services.HEALTHCHECK.swagger=true
+http.server.services.HEALTHCHECK.userName=${envd:HEALTHCHECK_USER}
+http.server.services.HEALTHCHECK.password=${envd:HEALTHCHECK_PASSWORD}
+http.server.services.HEALTHCHECK.https=true
+http.server.services.HEALTHCHECK.aaf=${envd:AAF:false}
+http.server.services.HEALTHCHECK.serialization.provider=org.onap.policy.common.gson.JacksonHandler,org.onap.policy.common.endpoints.http.server.YamlJacksonHandler
+
+http.client.services=PAP
+
+http.client.services.PAP.host={{ .Values.global.pap.nameOverride }}
+http.client.services.PAP.port=9091
+http.client.services.PAP.contextUriPath=pap/test
+http.client.services.PAP.https=true
+http.client.services.PAP.userName=${envd:PAP_LEGACY_USERNAME}
+http.client.services.PAP.password=${envd:PAP_LEGACY_PASSWORD}
+
+http.client.services.PDP.host={{ .Values.global.pdp.nameOverride }}
+http.client.services.PDP.port=8081
+http.client.services.PDP.contextUriPath=pdp/test
+http.client.services.PDP.https=true
+http.client.services.PDP.userName=${envd:PDP_LEGACY_USERNAME}
+http.client.services.PDP.password=${envd:PDP_LEGACY_PASSWORD}

diff --git a/kubernetes/policy/charts/drools/resources/secrets/credentials.conf b/kubernetes/policy/charts/drools/resources/secrets/credentials.conf
index ee2acc4..bb2b90c 100644 (file)
--- a/kubernetes/policy/charts/drools/resources/secrets/credentials.conf
+++ b/kubernetes/policy/charts/drools/resources/secrets/credentials.conf
@@ -34,9 +34,15 @@ POLICY_PDP_PAP_API_SECRET={{.Values.dmaap.pap.secret}}
 PAP_USERNAME={{.Values.pap.user}}
 PAP_PASSWORD={{.Values.pap.password}}
 
+PAP_LEGACY_USERNAME={{.Values.papl.user}}
+PAP_LEGACY_PASSWORD={{.Values.papl.password}}
+
 PDP_USERNAME={{.Values.pdp.user}}
 PDP_PASSWORD={{.Values.pdp.password}}
 
+PDP_LEGACY_USERNAME={{.Values.pdpl.user}}
+PDP_LEGACY_PASSWORD={{.Values.pdpl.password}}
+
 AAI_USERNAME={{.Values.aai.user}}
 AAI_PASSWORD={{.Values.aai.password}}
 

diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/charts/drools/values.yaml
index b62772d..58ce2d0 100644 (file)
--- a/kubernetes/policy/charts/drools/values.yaml
+++ b/kubernetes/policy/charts/drools/values.yaml
@@ -115,6 +115,14 @@ pdp:
   user: healthcheck
   password: zb!XztG34
 
+papl:
+  user: testpap
+  password: alpha123
+
+pdpl:
+  user: testpdp
+  password: alpha123
+
 aai:
   user: policy@policy.onap.org
   password: demo123456!

diff --git a/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.p12 b/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.p12
deleted file mode 100644 (file)
index 9f52189..0000000
Binary files a/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.p12 and /dev/null differ

diff --git a/kubernetes/portal/charts/portal-app/resources/certs/truststoreONAPall.jks b/kubernetes/portal/charts/portal-app/resources/certs/truststoreONAPall.jks
deleted file mode 100644 (file)
index ff844b1..0000000
Binary files a/kubernetes/portal/charts/portal-app/resources/certs/truststoreONAPall.jks and /dev/null differ

diff --git a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
index 8d21859..63348f0 100755 (executable)
--- a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
+++ b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
@@ -1,4 +1,5 @@
 # Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2020 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -111,14 +112,16 @@ auditlog_del_day_from = 365
 #External system notification URL
 external_system_notification_url= https://jira.onap.org/browse/
 
+#cookie domain
+cookie_domain = onap.org
+
+{{- if .Values.global.aafEnabled }}
 # External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now)
 ext_central_access_user_name = aaf_admin@people.osaaf.org
-ext_central_access_password = VTCIC7wfMI0Zy61wkqKQC0bF0EK2YmL2JLl1fQU2YC4=
-ext_central_access_url = https://aaf-service:8100/authz/
+ext_central_access_password = thiswillbereplacedatruntime
+ext_central_access_url = {{ .Values.aafURL }}/authz/
 ext_central_access_user_domain = @people.osaaf.org
 
 # External Central Auth system access
 remote_centralized_system_access = true
-
-#cookie domain
-cookie_domain = onap.org
+{{- end }}

diff --git a/kubernetes/portal/charts/portal-app/resources/server/server.xml b/kubernetes/portal/charts/portal-app/resources/server/server.xml
index c9515c1..dec6837 100644 (file)
--- a/kubernetes/portal/charts/portal-app/resources/server/server.xml
+++ b/kubernetes/portal/charts/portal-app/resources/server/server.xml
@@ -14,7 +14,7 @@
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
-  
+
   Modifications to this file for use in ONAP are also subject to the Apache-2.0 license.
 -->
 <!-- Note:  A "Server" is not itself a "Container", so you may not
@@ -22,7 +22,7 @@
      Documentation at /docs/config/server.html
  -->
 <Server port="8005" shutdown="SHUTDOWN">
-  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+  <Listener className="org.apache.catalina.startup.VersionLoggerListener" logArgs="false"/>
   <!-- Security listener. Documentation at /docs/config/listeners.html
   <Listener className="org.apache.catalina.security.SecurityListener" />
   -->
@@ -70,7 +70,10 @@
     -->
     <Connector port="8080" protocol="HTTP/1.1"
                connectionTimeout="20000"
-               redirectPort="8443" />
+    {{ if .Values.global.aafEnabled }}
+               redirectPort="8443"
+    {{ end }}
+    />
     <!-- A "Connector" using the shared thread pool-->
     <!--
     <Connector executor="tomcatThreadPool"
@@ -88,14 +91,19 @@
                maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
                clientAuth="false" sslProtocol="TLS" />
     -->
-       
-        <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+    {{ if .Values.global.aafEnabled }}
+    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
                maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
-               keystoreFile="{{.Values.global.keystoreFile}}" keystorePass="{{.Values.global.keypass}}" 
+               keystoreFile="{{.Values.aafConfig.credsPath}}/{{.Values.aafConfig.keystoreFile}}"
+               keystorePass="${javax.net.ssl.keyStorePassword}"
                clientAuth="false" sslProtocol="TLS" />
-
+    {{ end }}
     <!-- Define an AJP 1.3 Connector on port 8009 -->
-    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
+    <Connector port="8009" protocol="AJP/1.3"
+    {{ if .Values.global.aafEnabled }}
+              redirectPort="8443"
+    {{ end }}
+    />
 
 
     <!-- An Engine represents the entry point (within Catalina) that processes

diff --git a/kubernetes/portal/charts/portal-app/templates/configmap.yaml b/kubernetes/portal/charts/portal-app/templates/configmap.yaml
index d19ffeb..d514fe6 100644 (file)
--- a/kubernetes/portal/charts/portal-app/templates/configmap.yaml
+++ b/kubernetes/portal/charts/portal-app/templates/configmap.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2020 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -25,3 +26,17 @@ metadata:
 data:
 {{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTAL/*").AsConfig . | indent 2 }}
 {{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
+
+{{ if .Values.global.aafEnabled }}
+{{- if .Values.aafConfig.addconfig -}}
+---
+apiVersion: v1
+kind: ConfigMap
+{{- $suffix := "aaf-add-config" }}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
+data:
+  aaf-add-config.sh: |-
+    /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
+    {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop
+{{- end -}}
+{{- end -}}

diff --git a/kubernetes/portal/charts/portal-app/templates/deployment.yaml b/kubernetes/portal/charts/portal-app/templates/deployment.yaml
index eb0dee0..14bbd3c 100644 (file)
--- a/kubernetes/portal/charts/portal-app/templates/deployment.yaml
+++ b/kubernetes/portal/charts/portal-app/templates/deployment.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2020 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -45,33 +46,27 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+      {{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config" . | indent 6 }}
+      {{- end }}
       containers:
       - name: {{ include "common.name" . }}
         image: "{{ include "common.repository" . }}/{{ .Values.image }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        command:
-          - /start-apache-tomcat.sh
-          - -i
-          - ""
-          - -n
-          - ""
-          - -b
-          - "{{ .Values.global.env.tomcatDir }}"
+        command: ["bash","-c"]
+        {{- if .Values.global.aafEnabled }}
+        args: ["export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0);\
+               export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
+              -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
+              /start-apache-tomcat.sh -i \"\" -n \"\" -b {{ .Values.global.env.tomcatDir }}"]
         env:
-          - name: CATALINA_OPTS
+          - name: _CATALINA_OPTS
             value: >
-              -Djavax.net.ssl.keyStore={{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}
-              -Djavax.net.ssl.keyStorePassword={{ .Values.global.trustpass }}
-              -Djavax.net.ssl.trustStore={{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}
-              -Djavax.net.ssl.trustStorePassword={{ .Values.global.trustpass }}
-          - name: javax.net.ssl.keyStore
-            value: {{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}} 
-          - name: javax.net.ssl.keyStorePassword
-            value: {{ .Values.global.trustpass }}
-          - name: javax.net.ssl.trustStore
-            value: {{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}
-          - name: javax.net.ssl.trustStorePassword
-            value: {{ .Values.global.trustpass }}
+              -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}"
+              -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}"
+        {{- else }}
+        args: ["/start-apache-tomcat.sh -i "" -n "" -b {{ .Values.global.env.tomcatDir }}"]
+        {{- end }}
         ports:
         - containerPort: {{ .Values.service.internalPort }}
         - containerPort: {{ .Values.service.internalPort2 }}
@@ -90,6 +85,9 @@ spec:
           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
           periodSeconds: {{ .Values.readiness.periodSeconds }}
         volumeMounts:
+        {{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config-volume-mountpath" . | indent 8 }}
+        {{- end }}
         - mountPath: /etc/localtime
           name: localtime
           readOnly: true
@@ -117,16 +115,10 @@ spec:
         - name: properties-onapportal
           mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/web.xml"
           subPath: web.xml
-        - name: authz-onapportal
-          mountPath: "{{ .Values.global.env.tomcatDir }}/{{ .Values.global.keystoreFile}}"
-          subPath: {{ .Values.global.keystoreFile}}
-        - name: authz-onapportal
-          mountPath: "{{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}"
-          subPath: {{ .Values.global.truststoreFile}}          
         - name: var-log-onap
           mountPath: /var/log/onap
         resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
       {{- if .Values.nodeSelector }}
       nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 10 }}
@@ -147,6 +139,9 @@ spec:
         - name: var-log-onap
           mountPath: /var/log/onap
       volumes:
+        {{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config-volumes" . | indent 8 }}
+        {{- end }}
         - name: localtime
           hostPath:
             path: /etc/localtime
@@ -154,9 +149,6 @@ spec:
           configMap:
             name: {{ include "common.fullname" . }}-onapportal
             defaultMode: 0755
-        - name: authz-onapportal
-          secret:
-            secretName: {{ include "common.fullname" . }}-authz-onapportal
         - name: filebeat-conf
           configMap:
             name: portal-filebeat

diff --git a/kubernetes/portal/charts/portal-app/templates/secret.yaml b/kubernetes/portal/charts/portal-app/templates/secret.yaml
index 85b0f40..a4019ef 100644 (file)
--- a/kubernetes/portal/charts/portal-app/templates/secret.yaml
+++ b/kubernetes/portal/charts/portal-app/templates/secret.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2020 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,16 +13,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-authz-onapportal
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
+{{ include "common.secretFast" . }}

diff --git a/kubernetes/portal/charts/portal-app/values.yaml b/kubernetes/portal/charts/portal-app/values.yaml
index 59a11ad..433352c 100644 (file)
--- a/kubernetes/portal/charts/portal-app/values.yaml
+++ b/kubernetes/portal/charts/portal-app/values.yaml
@@ -1,5 +1,5 @@
 # Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018,2020 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -22,15 +22,46 @@ global:
   readinessImage: readiness-check:2.0.0
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
+  #AAF service
+  aafEnabled: true
 
 #################################################################
 # Application configuration defaults.
 #################################################################
+
 # application image
 repository: nexus3.onap.org:10001
 image: onap/portal-app:2.6.0
 pullPolicy: Always
 
+#AAF local config
+
+aafURL: https://aaf-service:8100/
+aafConfig:
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  fqdn: portal
+  fqi: portal@portal.onap.org
+  publicFqdn: portal.onap.org
+  cadi_latitude: "38.0"
+  cadi_longitude: "-72.0"
+  credsPath: /opt/app/osaaf/local
+  app_ns: org.osaaf.aaf
+  permission_user: 1000
+  permission_group: 999
+  addconfig: true
+  secret_uid: &aaf_secret_uid portal-app-aaf-deploy-creds
+  keystoreFile: "org.onap.portal.p12"
+  truststoreFile: "org.onap.portal.trust.jks"
+
+secrets:
+  - uid: *aaf_secret_uid
+    type: basicAuth
+    externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
+    login: '{{ .Values.aafConfig.aafDeployFqi }}'
+    password: '{{ .Values.aafConfig.aafDeployPass }}'
+    passwordPolicy: required
+
 # default number of instances
 replicaCount: 1
 

diff --git a/kubernetes/portal/charts/portal-sdk/resources/server/server.xml b/kubernetes/portal/charts/portal-sdk/resources/server/server.xml
index 506a1ca..dffcfbe 100644 (file)
--- a/kubernetes/portal/charts/portal-sdk/resources/server/server.xml
+++ b/kubernetes/portal/charts/portal-sdk/resources/server/server.xml
@@ -94,7 +94,7 @@
     {{ if .Values.global.aafEnabled }}
     <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
                maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
-               keystoreFile="{{.Values.persistence.aafCredsPath}}/{{.Values.aafConfig.keystoreFile}}"
+               keystoreFile="{{.Values.aafConfig.credsPath}}/{{.Values.aafConfig.keystoreFile}}"
                keystorePass="${javax.net.ssl.keyStorePassword}"
                clientAuth="false" sslProtocol="TLS" />
     {{ end }}

diff --git a/kubernetes/portal/charts/portal-sdk/templates/configmap.yaml b/kubernetes/portal/charts/portal-sdk/templates/configmap.yaml
index 154276e..1dbdeed 100644 (file)
--- a/kubernetes/portal/charts/portal-sdk/templates/configmap.yaml
+++ b/kubernetes/portal/charts/portal-sdk/templates/configmap.yaml
@@ -1,5 +1,5 @@
 # Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -25,4 +25,18 @@ metadata:
     heritage: {{ .Release.Service }}
 data:
 {{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTALSDK/*").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
+
+{{ if .Values.global.aafEnabled }}
+{{- if .Values.aafConfig.addconfig -}}
+---
+apiVersion: v1
+kind: ConfigMap
+{{- $suffix := "aaf-add-config" }}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
+data:
+  aaf-add-config.sh: |-
+    /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
+    {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop
+{{- end -}}
+{{- end -}}
\ No newline at end of file

diff --git a/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml b/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml
index 8465d06..2de9a1b 100644 (file)
--- a/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml
+++ b/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml
@@ -47,71 +47,23 @@ spec:
               apiVersion: v1
               fieldPath: metadata.namespace
       {{- if .Values.global.aafEnabled }}
-      - name: {{ include "common.name" . }}-aaf-readiness
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        command:
-          - /root/ready.py
-        args:
-          - --container-name
-          - aaf-locate
-          - --container-name
-          - aaf-cm
-        env:
-          - name: NAMESPACE
-            valueFrom:
-              fieldRef:
-                apiVersion: v1
-                fieldPath: metadata.namespace
-      - name: {{ include "common.name" . }}-aaf-config
-        image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        command: ["bash","-c"]
-        args: ["/opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
-        {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.persistence.aafCredsPath }}/mycreds.prop"]
-        volumeMounts:
-          - mountPath: {{ .Values.persistence.aafCredsPath }}
-            name: {{ include "common.fullname" . }}-aaf-config-vol
-        env:
-          - name: APP_FQI
-            value: "{{ .Values.aafConfig.fqi }}"
-          - name: aaf_locate_url
-            value: "https://aaf-locate.{{ .Release.Namespace }}:8095"
-          - name: aaf_locator_container
-            value: "{{ .Values.global.aafLocatorContainer }}"
-          - name: aaf_locator_container_ns
-            value: "{{ .Release.Namespace }}"
-          - name: aaf_locator_fqdn
-            value: "{{ .Values.aafConfig.fqdn }}"
-          - name: aaf_locator_public_fqdn
-            value: "{{.Values.aafConfig.publicFqdn}}"
-          - name: aaf_locator_app_ns
-            value: "{{ .Values.global.aafAppNs }}"
-          - name: DEPLOY_FQI
-            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-deploy-creds" "key" "login") | indent 12 }}
-          - name: DEPLOY_PASSWORD
-            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-deploy-creds" "key" "password") | indent 12 }}
-          - name: cadi_longitude
-            value: "{{ .Values.aafConfig.cadiLongitude }}"
-          - name: cadi_latitude
-            value: "{{ .Values.aafConfig.cadiLatitude }}"
-      {{ end }}
+{{ include "common.aaf-config" . | indent 6 }}
+      {{- end }}
       containers:
       - name: {{ include "common.name" . }}
         image: "{{ include "common.repository" . }}/{{ .Values.image }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command: ["bash","-c"]
         {{- if .Values.global.aafEnabled }}
-        args: ["export $(grep '^c' {{ .Values.persistence.aafCredsPath }}/mycreds.prop | xargs -0);\
+        args: ["export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0);\
         export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
         -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
-        cat /dev/null > {{ .Values.persistence.aafCredsPath }}/mycreds.prop;\
         /start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
         env:
           - name: _CATALINA_OPTS
             value: >
-              -Djavax.net.ssl.keyStore="{{ .Values.persistence.aafCredsPath }}/{{ .Values.aafConfig.keystoreFile }}"
-              -Djavax.net.ssl.trustStore="{{ .Values.persistence.aafCredsPath }}/{{ .Values.aafConfig.truststoreFile }}"
+              -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}"
+              -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}"
         {{- else }}
         args: ["/start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
         {{- end }}
@@ -131,8 +83,7 @@ spec:
           periodSeconds: {{ .Values.readiness.periodSeconds }}
         volumeMounts:
         {{- if .Values.global.aafEnabled }}
-        - mountPath: {{ .Values.persistence.aafCredsPath }}
-          name: {{ include "common.fullname" . }}-aaf-config-vol
+{{ include "common.aaf-config-volume-mountpath" . | indent 8 }}
         {{- end }}
         - name: properties-onapportalsdk
           mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml"
@@ -160,7 +111,7 @@ spec:
         - name: var-log-onap
           mountPath: /var/log/onap
         resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
       {{- if .Values.nodeSelector }}
       nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 10 }}
@@ -198,9 +149,7 @@ spec:
         - name: portal-tomcat-logs
           emptyDir: {}
         {{- if .Values.global.aafEnabled }}
-        - name: {{ include "common.fullname" . }}-aaf-config-vol
-          emptyDir:
-            medium: Memory
+{{ include "common.aaf-config-volumes" . | indent 8 }}
         {{- end }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"

diff --git a/kubernetes/portal/charts/portal-sdk/values.yaml b/kubernetes/portal/charts/portal-sdk/values.yaml
index 34c29b5..77ceb27 100644 (file)
--- a/kubernetes/portal/charts/portal-sdk/values.yaml
+++ b/kubernetes/portal/charts/portal-sdk/values.yaml
@@ -23,47 +23,45 @@ global:
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
   persistence: {}
-  #AAF global config overrides
+  #AAF service
   aafEnabled: true
-  aafAgentImage: onap/aaf/aaf_agent:2.1.15
-  aafAppNs: org.osaaf.aaf
-  aafLocatorContainer: oom
+
 #################################################################
 # Application configuration defaults.
 #################################################################
-secrets:
-  - uid: aaf-deploy-creds
-    type: basicAuth
-    externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
-    login: '{{ .Values.aafConfig.aafDeployFqi }}'
-    password: '{{ .Values.aafConfig.aafDeployPass }}'
-    passwordPolicy: required
-
-## Persist cert data to a memory volume
-persistence:
-  aafCredsPath: /opt/app/osaaf/local
 
 # application image
 repository: nexus3.onap.org:10001
 image: onap/portal-sdk:2.6.0
 pullPolicy: Always
 
-#AAF service
-aafURL: https://aaf-service:8100/
-aafLocateUrl: https://aaf-locate:8095
-
 #AAF local config
+aafURL: https://aaf-service:8100/
 aafConfig:
   aafDeployFqi: deployer@people.osaaf.org
   aafDeployPass: demo123456!
   fqdn: portal
   fqi: portal@portal.onap.org
   publicFqdn: portal.onap.org
-  cadiLatitude: 0.0
-  cadiLongitude: 0.0
+  cadi_latitude: "38.0"
+  cadi_longitude: "-72.0"
+  credsPath: /opt/app/osaaf/local
+  app_ns: org.osaaf.aaf
+  permission_user: 1000
+  permission_group: 999
+  addconfig:  true
+  secret_uid: &aaf_secret_uid portal-sdk-aaf-deploy-creds
   keystoreFile: "org.onap.portal.p12"
   truststoreFile: "org.onap.portal.trust.jks"
 
+secrets:
+  - uid: *aaf_secret_uid
+    type: basicAuth
+    externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
+    login: '{{ .Values.aafConfig.aafDeployFqi }}'
+    password: '{{ .Values.aafConfig.aafDeployPass }}'
+    passwordPolicy: required
+
 # flag to enable debugging - application support required
 debugEnabled: false
 

diff --git a/kubernetes/portal/values.yaml b/kubernetes/portal/values.yaml
index 8c84cbd..1015c86 100644 (file)
--- a/kubernetes/portal/values.yaml
+++ b/kubernetes/portal/values.yaml
@@ -1,5 +1,5 @@
 # Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -21,18 +21,11 @@ global:
   portalFEPort: "30225"
   # application's front end hostname.  Must be resolvable on the client side environment
   portalHostName: "portal.api.simpledemo.onap.org"
-  keystoreFile: "keystoreONAPPortal.p12"
-  truststoreFile: "truststoreONAPall.jks"
-  keypass: ",@{9!OOv%HO@#c+0Z}axu!xV"
-  trustpass: "changeit"
-
 config:
   logstashServiceName: log-ls
   logstashPort: 5044
-  
 portal-mariadb:
   nameOverride: portal-db
-
 mariadb:
   service:
     name: portal-db
@@ -48,10 +41,8 @@ cassandra:
 zookeeper:
   service:
     name: portal-zookeeper
-
 messageRouter:
   service:
     name: message-router
-
 ingress:
   enabled: false
\ No newline at end of file

diff --git a/kubernetes/sdnc/resources/config/bin/startODL.sh b/kubernetes/sdnc/resources/config/bin/startODL.sh
index af5c362..6aa796a 100755 (executable)
--- a/kubernetes/sdnc/resources/config/bin/startODL.sh
+++ b/kubernetes/sdnc/resources/config/bin/startODL.sh
@@ -4,6 +4,7 @@
 # ============LICENSE_START=======================================================
 # SDNC
 # ================================================================================
+# Copyright © 2020 Samsung Electronics
 # Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -133,17 +134,17 @@ echo "  AAF_ENABLED=$SDNC_AAF_ENABLED"
 
 
 if $SDNC_AAF_ENABLED; then
-       export SDNC_STORE_DIR=/opt/app/osaaf/local
-       export SDNC_CONFIG_DIR=/opt/app/osaaf/local
+       export SDNC_AAF_STORE_DIR=/opt/app/osaaf/local
+       export SDNC_AAF_CONFIG_DIR=/opt/app/osaaf/local
        export SDNC_KEYPASS=`cat /opt/app/osaaf/local/.pass`
        export SDNC_KEYSTORE=org.onap.sdnc.p12
        sed -i '/cadi_prop_files/d' $ODL_HOME/etc/system.properties
-       echo "cadi_prop_files=$SDNC_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties
+       echo "cadi_prop_files=$SDNC_AAF_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties
 
        sed -i '/org.ops4j.pax.web.ssl.keystore/d' $ODL_HOME/etc/custom.properties
        sed -i '/org.ops4j.pax.web.ssl.password/d' $ODL_HOME/etc/custom.properties
        sed -i '/org.ops4j.pax.web.ssl.keypassword/d' $ODL_HOME/etc/custom.properties
-       echo org.ops4j.pax.web.ssl.keystore=$SDNC_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties
+       echo org.ops4j.pax.web.ssl.keystore=$SDNC_AAF_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties
        echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
        echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
 fi

diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index da5d8f3..4511ca9 100644 (file)
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -1,4 +1,5 @@
 {{/*
+# Copyright © 2020 Samsung Electronics
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -208,6 +209,9 @@ spec:
           - mountPath: {{ .Values.config.binDir }}/installSdncDb.sh
             name: bin
             subPath: installSdncDb.sh
+          - mountPath: {{ .Values.config.ccsdkConfigDir }}/aaiclient.properties
+            name: properties
+            subPath: aaiclient.properties
           - mountPath: {{ .Values.config.configDir }}/aaiclient.properties
             name: properties
             subPath: aaiclient.properties

diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index 8cb7c33..99ff4b7 100644 (file)
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -1,3 +1,4 @@
+# Copyright © 2020 Samsung Electronics
 # Copyright © 2017 Amdocs, Bell Canada
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -159,6 +160,7 @@ config:
   peerODLCluster: 127.0.0.1
   isPrimaryCluster: true
   configDir: /opt/onap/sdnc/data/properties
+  ccsdkConfigDir: /opt/onap/ccsdk/data/properties
   dmaapTopic: SUCCESS
   dmaapPort: 3904
   logstashServiceName: log-ls