From 360d63a7609c566a6b8043a7de70ae35bd1f258a Mon Sep 17 00:00:00 2001
From: rajeevme <rajeev.mehta@amdocs.com>
Date: Sat, 28 Sep 2019 00:05:44 +0530
Subject: [PATCH] [AAI-2617] Search guard is no longer available

Change-Id: I5cc786073ac27d3d36d05f0aa89ac5b7f1aadc02

Signed-off-by: rajeevme<rajeev.mehta@amdocs.com>
Change-Id: I6b8ce9867d8b1d8108fcd7002e84f798a5b4e8e2
---
 .../aai-elasticsearch/resources/bin/init_sg.sh     |  11 -
 components/aai-elasticsearch/resources/bin/run.sh  |   8 -
 .../resources/bin/wait_until_started.sh            |   9 -
 .../resources/config/elasticsearch.yml             |  25 --
 .../resources/config/sg/auth/esaai-keystore.jks    | Bin 3979 -> 0 bytes
 .../resources/config/sg/auth/sgadmin-keystore.p12  | Bin 4575 -> 0 bytes
 .../resources/config/sg/auth/truststore.jks        | Bin 930 -> 0 bytes
 .../resources/config/sg/sg_action_groups.yml       | 137 -----------
 .../resources/config/sg/sg_config.yml              | 123 ----------
 .../resources/config/sg/sg_internal_users.yml      |  45 ----
 .../resources/config/sg/sg_roles.yml               | 262 ---------------------
 .../resources/config/sg/sg_roles_mapping.yml       |  38 ---
 .../aai-elasticsearch/templates/configmap.yaml     |  26 --
 .../aai-elasticsearch/templates/deployment.yaml    |  27 +--
 .../aai-elasticsearch/templates/secrets.yaml       |  22 --
 components/aai-elasticsearch/values.yaml           |   2 +-
 .../resources/config/elastic-search.properties     |   2 +-
 17 files changed, 4 insertions(+), 733 deletions(-)
 delete mode 100644 components/aai-elasticsearch/resources/bin/init_sg.sh
 delete mode 100644 components/aai-elasticsearch/resources/bin/run.sh
 delete mode 100644 components/aai-elasticsearch/resources/bin/wait_until_started.sh
 delete mode 100644 components/aai-elasticsearch/resources/config/sg/auth/esaai-keystore.jks
 delete mode 100644 components/aai-elasticsearch/resources/config/sg/auth/sgadmin-keystore.p12
 delete mode 100644 components/aai-elasticsearch/resources/config/sg/auth/truststore.jks
 delete mode 100644 components/aai-elasticsearch/resources/config/sg/sg_action_groups.yml
 delete mode 100644 components/aai-elasticsearch/resources/config/sg/sg_config.yml
 delete mode 100644 components/aai-elasticsearch/resources/config/sg/sg_internal_users.yml
 delete mode 100644 components/aai-elasticsearch/resources/config/sg/sg_roles.yml
 delete mode 100644 components/aai-elasticsearch/resources/config/sg/sg_roles_mapping.yml
 delete mode 100644 components/aai-elasticsearch/templates/secrets.yaml

diff --git a/components/aai-elasticsearch/resources/bin/init_sg.sh b/components/aai-elasticsearch/resources/bin/init_sg.sh
deleted file mode 100644
index e859365..0000000
--- a/components/aai-elasticsearch/resources/bin/init_sg.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/sh
-
-/usr/share/elasticsearch/plugins/search-guard-6/tools/sgadmin.sh \
-  -cd /usr/share/elasticsearch/config/sg \
-  -ks /usr/share/elasticsearch/config/sg/auth/{{ .Values.config.adminKeyStore }} \
-  -ts /usr/share/elasticsearch/config/sg/auth/{{ .Values.config.trustStore }} \
-  -kspass {{ .Values.config.adminKeyStorePassword }} \
-  -tspass {{ .Values.config.trustStorePassword}} \
-  -nhnv \
-  -icl \
-  -p {{ .Values.service.internalPort2 }}
\ No newline at end of file
diff --git a/components/aai-elasticsearch/resources/bin/run.sh b/components/aai-elasticsearch/resources/bin/run.sh
deleted file mode 100644
index a612c74..0000000
--- a/components/aai-elasticsearch/resources/bin/run.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-
-# Wait for ES to start then initialize SearchGuard
-/usr/local/bin/docker-entrypoint.sh eswrapper &
-/usr/share/elasticsearch/bin/wait_until_started.sh
-/usr/share/elasticsearch/bin/init_sg.sh
-
-wait
\ No newline at end of file
diff --git a/components/aai-elasticsearch/resources/bin/wait_until_started.sh b/components/aai-elasticsearch/resources/bin/wait_until_started.sh
deleted file mode 100644
index 279253b..0000000
--- a/components/aai-elasticsearch/resources/bin/wait_until_started.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/sh
-RET=1
-
-while [[ RET -ne 0 ]]; do
-    echo "Waiting for Elasticsearch to become ready before running sgadmin..."
-    curl -XGET -k "https://localhost:{{ .Values.service.internalPort }}/" >/dev/null 2>&1
-    RET=$?
-    sleep 5
-done
\ No newline at end of file
diff --git a/components/aai-elasticsearch/resources/config/elasticsearch.yml b/components/aai-elasticsearch/resources/config/elasticsearch.yml
index 87536e3..ae12344 100644
--- a/components/aai-elasticsearch/resources/config/elasticsearch.yml
+++ b/components/aai-elasticsearch/resources/config/elasticsearch.yml
@@ -364,31 +364,6 @@ discovery.zen.ping.unicast.hosts: ["0.0.0.0"]
 #monitor.jvm.gc.old.info: 5s
 #monitor.jvm.gc.old.debug: 2s
 
-#############################################################################################
-###                                     SEARCH GUARD SSL                                      #
-###                                       Configuration                                       #
-###############################################################################################
-######## Start Search Guard Demo Configuration ########
-
-searchguard.enterprise_modules_enabled: false
-
-searchguard.ssl.transport.keystore_filepath: sg/auth/{{ .Values.config.nodeKeyStore }}
-searchguard.ssl.transport.keystore_password: {{ .Values.config.nodeKeyStorePassword }}
-searchguard.ssl.transport.truststore_filepath: sg/auth/{{ .Values.config.trustStore }}
-searchguard.ssl.transport.truststore_password: {{ .Values.config.trustStorePassword }}
-searchguard.ssl.transport.enforce_hostname_verification: false
-
-searchguard.ssl.http.enabled: true
-searchguard.ssl.http.keystore_filepath: sg/auth/{{ .Values.config.nodeKeyStore }}
-searchguard.ssl.http.keystore_password: {{ .Values.config.nodeKeyStorePassword }}
-searchguard.ssl.http.truststore_filepath: sg/auth/{{ .Values.config.trustStore }}
-searchguard.ssl.http.truststore_password: {{ .Values.config.trustStorePassword }}
-
-searchguard.nodes_dn:
-  - CN=esaai
-
-searchguard.authcz.admin_dn:
-  - CN=sgadmin
 
 # x-pack security conflicts with searchguard
 xpack.security.enabled: false
diff --git a/components/aai-elasticsearch/resources/config/sg/auth/esaai-keystore.jks b/components/aai-elasticsearch/resources/config/sg/auth/esaai-keystore.jks
deleted file mode 100644
index 21ec9bba97307c1879b022d50941919bb2d89e78..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 3979
zcmcK5c{r3^{{Zk=ZJ8NsgtE-YmfVwNQc*~jkZtUvG<GIrU!E|QFnP)rWA_uIWXbj*
zlqK1sG=)54sVv!wEJ=7r^?Tpv?R~H7y{_N#$GPtF{hs^W*L|Ju`JA(}xU&cXfgsEV
z{@&P#SJa$*9UR=43D+5he<TP5hX7>Q4uE9gkYfSEz_Ji-Fc=PkkzsQUe3!gSX0PY?
z%}o$YWM5EZPx&XNdA)Z{(~=qDu8c$AT}<aA9aSl2_h<rR6>y|$Mh;<As$aMmM>s;U
zV6&DhE5L4+1&BYZ;1$YbZ>ml2lt}wM^9;7(^?|!{dZ%@Grvxoj%<X+JiC3*5<k-Na
z6--ABu{ow94NXr?YYZG4|CTa&jLKi?Xyw}}jAh)(4HOIZcJXm(o>QMc1KG*Bwn#>e
zdE12&?ufxk*yUChLuDVEh9;;jCSjT$pN?>TpfU)Ym8InkrQX&Q2qK30i9G8=c@N@O
z+-|M(t?Yob)0%tpu8=a^V&8l?yS`QyDb*vLbmZd|T95K{la-!1d#?@=<_-pFi6l4X
zwgrxdCKbxZmncL#X1I;jr0ZUr9dS18p2fCW46nZD(*WHYhe$stPn}6#eO4ze)~Nn0
zTer)~2=V9On-Z0_{vd5#6Wa4`dGyDYgK@3G6YKZZ6_Zf;AN7h?ZM;8w+`cW)1vFob
z)BJ3>!=ZO+h3LW1>VJW$D2hJ;k_sFc7W!P;-M_fpFK>Nw*8*!3^HIjsD|F1<#tk89
z7%$yjcHrf6{ns*sU%w_1G&5;)S9NL^mzG~N8b!;9to5zImo<*B2GOY6Jt$?nd0L8t
zk;a|;?a2wFjNfgCqR|6%Wz-YCbq;O!Z%#FD4ifL1(jPvwH#}5Y?deQy_fp*6>b;x-
z);=n7yhfy`az4pwchzk}x?%UfE?xN}nVgy&Ea9mhkjWJQUf?~4>VI(b)gP4>3J2_v
z(}o3I^=*FQgspeAcpSu$Gn$~HvCAID<Lf(@p6P6d>$Uq_j5}nF?<_hoak}0Rn1T}I
zH%BE1enx?xd9_b!Y_tlhjLJ)}Zakk9?|90|-P=%lvCHQ^Km4SM+R|J&quV)PhEzJ2
zUUe!^B$j@aE~bB9ZcB%Iy$2lTKE07_kUvPh-;{^)GT)5rllcu3vLdDQ#EuJhu<l*S
zzLfa3h_@PHx}qDJQS!$^^4P;;JD*Ss$2nXAM5A4>y_^7|7~kPEjy6}4Jn`YQ0%NUF
zC4+P?@Os!5ZtYP_Q?x33-i*+OJNaaI5Bz0^>*GiaE^Kp|7nqJ1{4}NSfev7gIf3wt
zl_l90{_*vi_T_kz*?=NlbI2s+f-{u!fbUo3xvrfm^K_DKrM=3d7RkOGZQGE28Rw%)
z0uL`(@@2PgAJjkYQ@C=8yKkvWOH;e<o#k>cr;wPp_~B9Ph8c|i?*1)<P4nTPwRbs@
z9%;j9FsHNmBT3R30s7z}64E5KF0V9JpkGy0^T9v_SVN%Mdn|s%ESO*V=<lWANcTw%
zHd0WI7G_M5y3-%olO}QO?W3V;L7PDBgG#NDm<nslEDEJIK<fTt75}x=*$2{`J3;4g
z%6jRvp0SAd0RL))0$bD|$(!&{1BFPFXkL;M{{6Caz6+|PrOc<FXwGYto)E0Wljc&0
z>fp)pG4Z+@Ud2+@^Je3C#m7p-xntDF1RKtig~<sp<L0}a_t|T0H7|O89j{KOTQcHT
zzxbDr+-zR9X1&7b?JN}8&=AZjJ;5=|I=?=3(@JO{q`$MlC%(WhnXI6L$<gLFMxP{0
zNv~_fNRc6y&_A;5sikc;@rv26v#>ZDUHEzQ{?C*ro*^HMs|15Xvz_sGzNmW}JTMu-
z3c=OdikW946a=?Astl+ydu{+3>I9G>hWStk7y<!90R#)XY^-kV1_BJ;2L}OKSOl<-
z1&W7paKgN<ICx_Pf&F{oK2FqLC}!s7a>eb6i<p+ie~&=_Wdt}RfWWE($FPc692Tdn
zVk3Y!hGmAweue-S771|feHF?J|9)fxWU$0v|Acu;L&;zih?(brkilS3c|FN9m-bdN
zf)eHit>7vwq5EwL<NTEuq%JkzxsW_*oxCffhs2a){SUjMb==)4CZ2t=ufPehi%0ma
z`GV0JD!$o|>uvMYV-j{-5?zCoDiUP-(a1Urnmw*&#;7uNO*cW}S=g=lGP6c8F=rz6
zZpJvTB;M$9=F8oy@jhnXu4m@REvljD*6$_Ww^))6+o*P~*wf9D%()$$=4BH&AqpuF
z{&ah1{VyWujSdXnesW}qc=TnSbB%1O5|Z<ysFC}vd`v>|mslU?Ke1mv%!sn!!{$sC
zl-|D&OVV;eexOl`gCkNyGZojbJ?yb`Gi!%+#yb((%XJ!7Lp)IsC>R7TjJyp*rZBHF
zDE=S{4Bmyopb&UIz`hsr!XN+$IJno9gzX3TSlF0X9vsdJ1^>MV`7w-y?T7I>``;K)
zKRaMs9!$L9RCxi(?Q{nKME7Q+Va$q0@aa(F=Fb{y=W4zv(HFkHdNYW7Bm@xHdx0Cq
z1t7^k>J|r=g~H(Qzm|@<iI}AWgHGz$REH#91RZ6_KDvBBV#lRp^Lb{BSn;-f;ak7a
zs`=c*&mQGc#$PA=sZzMPY?gAo@rG>79TUkzaiZr^g8O7mO^zGjlP!JnY>KCg^c>-z
z4jF<k(dB#rzP{js@rdK@63yeRe6>A>0_2^(!wR9#O%tKd6IqY;)A5nlXB#joj8^H(
z;a>HaD1NDgYMJw9W6n>XARBvhyQq{WGN_g`L-*E0V#=4_PbLMe#~r^QZT*sa<e>3|
z4lR+}uDfu-=!LTV&C(@B>L)OcJt23smI_$it)uenF?#8G(Gz2%78>(*vXTUuGm}xX
zL27XUNpnwk3+6yTwBkY^e|K!+Kg=<`K^>Up^nRLy{IXnt+OOvL0bb@xGtF^+H)rbQ
z<+lg!XBzs?>0h)d?rGb@_d}ba&HoMQ{{-}j-9*;ca}ToQU5C!=K4_03khpy*Zae}$
z$z@7guk;l7yd?TLoOIhnA*t1UpQX0N<#aqXOJ7Yl8xbA&qT4x2YCEAtjjD+0p)~cm
zdryOOA&Ks<Jr-s^$%_Pv8`F*X&-%rmn;aE5^Px_JVdWQCj_<l`*r*kj*(IFXO9-Xc
zzF0Yu8+%WK@ba6$l5|Tu;oS&%c3s&H-0P3CrJ00LlrPv$v<Z%P7FwdqFhVigCGGP2
z7$)c{qGjxgEZeBBlS;kDbBuoW)sYI0(Hj@+j7Hy6wD+%x;8qOcULR>&SwDa;v7Pif
ze={qW-CQE#RJ``m9ATv5R$eu4LG6s;51`I~<3IBRvj9AMXn6OyvH>j22L$}n>34|#
z*4bYnlCpvkZ7aRY{pV+n)TK1F<miUte%V0Zy&>br9U9DFjZ^1*ao@7V<r%}NbqhLN
zx=mX(ALYYMYgC#R^cy_1@P;ES(^#El!{4%O+|rFI$4YZXAnvKj<Bm$}@SB}dP%0M?
zF4;CQi5!(vcJPTcN~NeJmyi9%@IAms-UXUz;8S^Cr^j)E{4dHI`bF9FdbbEIjUyq_
z`jd65_^VY80Tq5ziWxdpCdua3m7p_=srtucZi#XYN8w%`sh+O)_25e7hBfp??`zcN
z_sF*@7u6I#8B#1ad==hqzx7(EK`BFpkz*67n1okV^;T1h7c6k<yd$$>F!HI__JdRr
z*U7H|L_5WWm?mTMX!fhYq(O>F9ef+T^AB%!Om9|9Z)bjb1OKvI|KHyJmz@8Tv>`2{
z)mt~VYXRX+>yJ+Pp_T6V%haM*gTqJjidBvE9}>C-oS<q$oD1zAb{SE^m|lL;E%v1&
za=I^ISccv6%=3Oi!2{4t?s%%Zdr7@qrNDYfvHDx(9L4C;SpTF`MU^d;U0kstL$i?G
zkL-0d>ooSV+esTLtaUGJW!I>wVnk$v*NYv{z=GWrj#!Cvyq!pUGFaTj^GH}`MX<l%
z?L0Xz?KD^w=Fv>M9cC-q5v^m#+pTZmdTM5>x>{oUh6duIlil4MG;&d6H#(z-o56Fi
z^IjmupUg6C`8L2{l79D$_Lp`SlkUacWmV7sfXi<A{Io`-!gMhU*FM^_`9m5JaQGK#
zsJ}~t15l>4zub5KR?+{2nbgpi)<@rns5cv%G2cjntrKEPI1F3@sa<J+pc?eh!&EL=
z&3~g4g)J0`o+yv{62)AkVq)T-4?ll;CgH-48OZ9g7mFD_8@#bE-*$55EMQ8dzjJdP
zGfyeW)~l_xmn$t(*4$8&p8cAJlYdr>9peYxn1J+%lTL)+S7B2Qhk(_2ZsE~i`jX8r
z>7cr^1B9B(Xd6@@A&{ag&AJxAsJCFJr*T=dI>Ec(EXK*w)3kK8{Bw>rvF1z99o&Qt
zo9~7sHE)ZNVvlX{GxB|19T|`&szG!dUtqexD`9fHLk;DWskM08cDIPJZy<V&XCa~v
j%spk6Pw=Ou)C=T(a!(0IOpj(x2K0J2;Um@_H{ARiQn_f8

diff --git a/components/aai-elasticsearch/resources/config/sg/auth/sgadmin-keystore.p12 b/components/aai-elasticsearch/resources/config/sg/auth/sgadmin-keystore.p12
deleted file mode 100644
index db7cbf401c3bd17645b020bbf99c057af1864cf4..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 4575
zcmY+EWl$83y2ck+8eCXPB$uUgLAsj-mXHvnL0Uk%a|!8&RY__72ue4ybO_QQos!Zm
zalCi#J!j5`cb=Ii-j6>Rl5_zR0}F;EO~=9KjDkm95o6$D<ReKVfk@J@zjhD|iS6)T
z5w;N!iT(1gt@HOZaR~o!MMQvsnU4gX!H~cs7zYl)|J#3`(*Viy$_GBXR@dLQu*a9N
z`Cv|%A>a^9EI_w55DDzer&94)!9yfBeROC=V0`B%ZkiQrKeP!^fcDI`zf<PerTh)b
z$$;zOn^j51=+853EUcFdXll_m`j-P+Zu1lXaUlY&F(PHZgl21u&I6npPs*8@Lkd-D
zuC>u6EMKqer&7FJJj!EY?3S|Bzugtxoyd2279BiuEem7oibo>TCx<-L%B6_Y%MIyg
z{T|E9EGL}EZgKC2{|G@abABuKWC51S5nAsYH81I0d2MG#k9?zL9_Sr>od@nyKb~~&
z=Ae>8Iv|hoA567)%c4D?-3_VI?8ep@1=r-k{6~}{a!J`(#uiAULlC-Y4lm%A8R3>l
ze$$vMj<IUART*oSZH2>q5C`meVZ>^`g9MR{!4aub5z3?oitGr*W2FF2It@k0hGW=6
zEog*3Lk$vCBJgVeY1M8hHztk2vYHV5H=*f78(|Mn)bU*&st9bAr$yOEPs{9pY{4EL
zD+<Au3nz}{^JS=+bLk@5t}~a;`bE?9Ro&6X`w;a{UTZf?z2nas=<`ht-Dmlukz)NR
z3p|<qPXhsf$zs-Vl$j+!TvSvy0rZ~GKD~r)<*sNU`eVeD9u+?)_oYb!ODRuPN4|Wr
z&_nIzo4be2zFS-2mfW9TL+9-}XPpJ-&AD`Sco3V0PjrUw4GQ?I3>HN28t@LPuUQba
zUwoM4Ip)G@j5AC@#UO9&oVBbk-z2Jy#+t@wUa5AyjlMN3W!g*o9{EB2mY$&X3@Oui
zTADaSE~|RQ0h?`?z6P5C+x^h9zVv5plJyX~H%akm?k<O2J&RZD5OaDuciHbv49{cT
zup4pr)QtU|zO&8wRO-3bFc0=E>;$5fHxo)s6cjFml&}|rM|A?=aVN-}{EHhwKx1`*
z^;Grv56e$|TKG<{8a+?_pwexdvqhZ-ZA4n-jXI$-Eosu9m0zQ{(7(l*gg0D1y=&E3
zbq!pWCcL~=cl8QNY&Oay!KU`|iW@B%F1D<G-)hOfH+DUqDcdqQySa=5rc9Z&Bnwcs
zDu$<lH^$5KUi6v}o4-EU@(H}!6CSoZAE~Q;13Dj2unW+gEaB@V%a-;q0JW@A`V2Uy
z)BFM#E@qB$8@NG}RbqP~#b%fo<kN{5moIql)XcIVsY{;@b@sDNXB<ad^v4_&ov0vr
zinE>NW?1-te1t>}K4~WeGhT!d@ghn~rmL~{3e|3dzmP6e(klJ}#4q3VrIKyNs{l~p
zmehU)Lw+Imb4pGwvL;NYat+2u=uFD>H_voQQ3R3OY<U%%;?E>J+D8~}6ZPm`d9<ev
zBzGouUi=1tr>4r^m|jg-;5ZFPG!<Ubnh)fgA4d(b-pnjN-7|beHqiNCl_;#h4^faK
z{7u18Au?i16Y!S4y;bIk2csuJn@SAKa$B&+xG*4=mUKsl5><qcm@0&?o-?lWd)Q`(
zvAuL9m+YE=M1%?Niz%PwlAp}~d9ep0_$U*+d%JU-mA?L~#(Hhx=i1_jU|Bib$+e{~
z(e(vC1M#;5*@y+F+E0Ik%U8T^*up-n7ey8=Srnbs_7OW5wTkR2%*GLyJ=RI+H@EIE
zRgE8NzMFw>vsGCVk)4V+U4`_4vY#HlJPzUO)*+j5%AZ%_hr^)%MkGEtKP5dm;5EPn
zAO-LM*a0j7)&OUK1Hc6a`A><0pBxC*b8xm{<QEcx!9+v_ME(j4h9n~TcL^6KA4zx*
zLlWL#VgUZi>3<T8{~|2T{}9%<))JWTjB?oRiFvBA$fm}t%J-}POW05(VH2Gkp4LLj
z?h!mb)L?GNwSA{et2DMcLK|P>?qO^oDw{*{v?<kHNU{$fE=R;78e;p_d_ThwZqw=Y
zmFYDu$|En8BUmW&@KOO;(FMp7w3a=lfGtfC&Uas}l+`e&t7;L&zuYUL;wk=~Md_le
zR6sWXL3VUv6?stTp*4kllSxd}-5KtM?WFM;*uVJSS&z07R0c0h^k}4YHW!C`$Hn6G
zLQW2`-*-_2tP*C-ly~zM*6!Ojl}LiPu9pR8R^tj|1v30ttJj`#XsWFvdaK9v{fQK6
z*47yBvT|3Re^GXQ!Sr!k!MkPT?x>64pf$`+gqhVxZf5P(g?Vc0kBz31_Z#BHHYG-)
zv}H-WGjAiJT8}kpFgXUzn<lrB`-~Vey*isC%E||Mj0RXyvU->#&CyR{crJKWhIuq4
z89LJXq9kKDgS|;2RmAH#g%gjUKbhd+B_$EMCcbIKOuzF3h0~~H4mb&mvsq+9@P{)<
zu5LwfO+Fbp{d^a$K=HD)p37Ruc9C~Gz>d5aJ}EW4#o+i4-|U|gbrnW>tGFnRIZ>hm
zGF@C5xao<2Ph$un_ki|_Q?}mdJ?dLp>iIW<OJ&O^^B%wE`A7(Tni=iS->~74ZjAX0
zYjROilTtC3X7e8e8HR}AI+d1siP5}#U<5@>^NzPBFb&gkv~l=+N9i@&X++<kknx{y
zG99B=*FAZ_6*N=NL!X-WHb)e7FDpvxFF-t7IV%k~?W!=W(La6>kIK_;#x=O6iIY~g
zNzcQVteInn8C@49bXn~kEk8Nk*9DgRct*>$<lSel9so~Hl{6;l<!88i8R?ESsQKJT
z*y!0Z+cM<?ITmZtapZeqPuv*X7l{ZXj=3kE$uW-1O6pG)v3@Xvxm6`>0tc^BAFi<`
z=_F5<&Q#~xSre}te<8|&s>K~2*V??XO&%lf5=lg4Z!{;;d$b?PEAWBVWU{W}RffT@
zb;3I;5?^+_tn0{CV%u{&M_?tCP!F?tuNQFU>sDiYZB<sja2^f;Rb^8<Vo{3Zj~1qr
z(G(L+>x9XJ*}*S@h$(kw6v??lGO#CEp9zrtj_Z_2Krb7mI2c-lSPZJo366Px!V7bY
zckdm(n+gm7<zepAD6%d^<KX1sJ8?K3sxR=`lFw!FmS=H$4@qfUGN+71h5!r~8>L@B
zehSu#w{@G=gmmG8e^a=Fm9wQvY>Mz4y@sa)UB;Z0KIRUpCcP}TPf8FEK<r0<)|sL+
zA;_^d3{(F@a}B9q&6T7FZk(8!7h~Yju`XVn<S6Wfd7pF+C-^EEyBEOEYKNwVd4jCg
z(>Xfgqlul3k*5vFmB=HJOuz4p-)a|@T}r-P1uycgB{$sXrzEayXpY2&Bz&lcR+0Jl
zBibG=Oo^-2xNdV?oP6>uzK{1-QOXy>OE4<&UN_$#@QU>pK1d}R>G-ysIr&-`h)i3R
zPgtjFa86qP`NvKDt&k%PO*>%5JzchI(>QY3jOntg>77{`{DDAzDaLeR_62U}Cw&^<
zVy)zUGKSG~nRn?<_iQEo>bX-B5^siOs!o1ptUA)W)DW!)EE7bxpO(&q9)*Ar!_e`5
z5s5naOm3JVZHy#{<1Hx{MUp%9^!#O=){2z>mVV08H(;{@s%&cU(az`Xk4GvhrO}mP
zsjv2XqJ3@z@<l;2d9t~pHERtTo=>DVSIfmSUUNvA?zs6x5+c;4)TH*I3D3kyny#DW
zenaW3WGz<a88tI3u8_^YlBypgsORzu+9%<Spb2%fG=^q@%xrVd@pJ0)q!&Xyt5j`_
zVJH!-o@ZO3p#sNITcHA-8x_AR7agR(m5gf1--xNmY#x@f5a1n+0fKLnXO?%C_PGzp
zm^M{WdG!KJLwE_I{3K#&JA?2em{z6PAg>SW5fAxM9>o>J^u~>|Ha}s}!IpJ$hlg)S
z{XM~iBXo88b2X&2F@$?6BTaG^{Dw^C6o1<a3gsWGp?Ss?tABOr+^FHB>S;b&^0`Hq
zYb_#0gfDzQc!bd2uA~e#Z&bbBG00vj1sqN7vt2EzgF4}VOf9MxwpRsmFVXMIH1lPw
zE$A4gGgh1%Ts&ON$tkyTNY)Lo@CaDZf-st7NEu+1Z$12Ong^il4AOO(`93nNS(n7#
z$EI0I*QslIE^n6|(B{DA4>d{FZ(hvG7m!7)?~fE~3W2U4nRJc3E~P_mjJa<xTh30+
z#$(d#SVLR%sNCi$|2Y#S`ls#ZrH=us0gK!faKaca&?8}^xP{N3Wgqv&Y5Q*IJ&y-j
z7`DfjI+94J_H{jk9kXS=GU)R+37&=uj$(&jhu=y1(aVcP4Zh)}+MHpebCTlSnBsno
zJ_D5&I8UE8RpXc2PlqM7_!}m7O!huazR=b$<iT#vxSnaC8Pv<~Tt2@_5$)ixd63Yt
zKIX-9=-uq@${wfQrDBO3y{HH?+9eJ<eZF6)a<LP?A>ngVYRKd0-IhqIz5AVN0<GJV
zVeFQVVSD&i2@O$J&5=iqkWOgZClOyYPLtprJmDs6@c$9P9TZKtTJSElDJx#T=<r1u
zIDaD8{N&8Zlm06ISQ!MWI-IupvGQfDP}zRqh`;aT+uF+1F(g}>PRi5klQUrZywd>3
z0gUF1h_~vdjjtc-qgzK;+VrGV8(T7d!nX^nw@s?**~+F_NVO+2KMm~^#QZ$Fg#_WI
z+um9TNQ=4UrlIJk=69_7$*9%>dGAwx*?qi5v{{DL5}*&?lu|oKzx({fa?}KcsRBLo
zN3qt|B+7bCqaRJdDB#fPPHy?tHanWbUR*9D^Gh1M@!R;j{E3=DRVxi0g6HE)?u9TK
z9=_x0+L06v$<lQCr>Gy_-2KtJ3^Cf}%wNU|rX~a6Ox}S+t4n;07n1c;rw8@Dj+2ev
zMNvQc1U}qHIKf?R6(=jHTNrsGCnZ1Iv2?O3-NKN(+RV2C<t=!`M(KP}X7!4Jin`tU
zuxN#{+;c%Wixpou*U^V2&uUzLtS(MP<VVh2t>uI58e9SEuXgHUkGjb8d8)clnFQD^
z7P_u;p+QLWRPwTgU%!!g`OLiiM{cH+NRh(S8dlzUPqWSHA6BF&(6u|Qu)EzST`=fN
zv~}_gjXm%=^U{Q15(Nw;o+01;T{uevYIN)G$+klF7=Mr3?;0qVF+btlgl>a-MTO<C
zj0#Xy(<+#G<rZeuXH!5Cf~GZYFaYCkWhSxHjjHuJ7Q1yh^NoxN0DlESj^KSkWMSf4
z<t*raaw9cjzC(j0m5BEhFAf+CK_blOBcUr7MCZ5)XJJpy1pV{Oi{euE>s;6uz<VB&
z`u-+kpkIIT<b&k5&(w{{+u3fefeGDdWN*~mt6_Mf<r{{NX=f|eth^rfA&h$}=Ccvq
zQqQaACp~Vr*0g%8$;5WgD=#XmI}UzknFh^7nq&|4Z7vhFe5e&OFRoi?Q|F>dAOS<i
zrA0HB+L-t^Lkd=kzdtas`>~Gnrw8k<-1#w)bqGWr-vy@meOz5#lEp<XjS|#ETX4I>
zj2Q+Qx7x2_>nEXV*zEG=)Jb{$6SlJjQJeC^72Md;wx5WwMbG`ZdNvpX9p*6stX?KK
zDh~H4{nqd0>~eQc%0Dbny!nYm8ia{uYtrgtF>wK06A)vK5EFOC=^I+%1g~L50Vyt!
z4Xlf?RY*WrE*b=u48#Za=j7vrI}j*^k^18zM?7>cF}k)P&h5NDER?(}F?C)Npew=%
zpQiO10<i?K)VtWHuNETC7ojAW+3PEFd|Z0M0x88KFPkt1-L!*kC{v|&1lu1bhas=Z
zj&qfD)`_UJBXS`9Bc$uJAEf@sak@H&e$7XpqjT@?XS)pAG^4h_DIdCZ5s4D(rV6K|
z)h82)3@YS*P}U5rnY)=e?cst>mNf0pkCU*%tmX+e%H8x@<k>z+v2WoTLGfPi`n1`o
zdhGGhjnj!i=to~GCQaWnjEF-09(1)NbZRvnZ8u=jFbE7E2b=2&7UnZ-0Fb<v&({;u
uZC0%`%ONhMy8l^IxX2YqZt57FI}*%HG_k`~fUB-g2s-U_z{J9c%KsPDDV%};

diff --git a/components/aai-elasticsearch/resources/config/sg/auth/truststore.jks b/components/aai-elasticsearch/resources/config/sg/auth/truststore.jks
deleted file mode 100644
index b3bd666652b444e21a657530da95276feeb63495..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 930
zcmezO_TO6u1_mY|W(3o`Mfv$9y2**U$r*{6c|g&O=XW!2Gq6VJnHpF!Ffhj$G%-gQ
zG%-0WU}j=uVq#=8;AP{~YV&CO&dbQi&B|b4YshQB&Bh$c!o|aqpO;u*C~6=K;&Suw
zfVc`lK=T!x9bv-EsKN$v;=G2I21bU)hUSLmrp8g?yhb3d5tK`*@lA|M$PQ*?WngY%
z<YzEwV&r0KVq|2v?(FwvLeJl=2GTzx-={99-jEfVG;`_IOE>i9FS88r+8ul1d@8f;
zb)GkeU;e+_EUj`{G<O2$I~{G0i!6qBV=m0{E|ID{&pb=8b7of7iXGY;#J^Q7vwLJZ
z*SKYMTj@lbr5pBbI3dthb^Qg?|M#5RwtQR8xpvyb?`G`VE=Fs8ojFAznQv$Q#eWRv
z-^4sMPu^gjGOc&{(M!ut2<?~F{3LO1;iK10^QYP~TC!yCT|TWQTK-6jdyMc&udoc8
z=TA3pR{GoH$Qz#;vvRI7-&@E3Ei+CD-W8HPwyM0lw2AFm_@gqPhgViQxc)et9(eNY
z|Bsdo=MBu~?E8Fti_H3<x3kR;-#+z|iJ6gsadEOiq5&T;(q#D=8UM4e0ArfXfFHyc
z2Ju-9n1PgmEJ%QlMT|uxcXlQ3p--njp7VaLvu*O8eRDmk%?;#1(#k9n24W4^6`-aY
zU^Fl?s9*naaQ~lV{#)OFw*JYLIQT%}ow*9D5})e^AKsZhr>@kPB}Babb0t|i%s4rR
zKYPat<9U3>y}fsKfBtY*DV<a0{Ol8P3avL>D!+3th<^Co#UN<rmB*PG_d+JGnB%#1
zYn=A#wWdzrZ8cu}nrg0lcA4QlQHGueOs5oct?Jj9ahTRKG1>`D2vz=ZW>QFkJO9Z!
zWm0?BF8@B$psT#wLxcTm+1(vsoL8m_gdI#}J;BNrFiGRt^69n<+)|?2Lf&0S%#>0K
z`Cm10?_Y)7HlyF7cNY|Aq}*lNGt;M~L!^AV_*Lnq&crR<HbIe!Q~#cn2`DaC{wnmQ
nVH>01)8GZMrOPMp5D)nEO5Wqt&cBh@Yz-%F6RkF7x#|u8__k-F

diff --git a/components/aai-elasticsearch/resources/config/sg/sg_action_groups.yml b/components/aai-elasticsearch/resources/config/sg/sg_action_groups.yml
deleted file mode 100644
index be5901a..0000000
--- a/components/aai-elasticsearch/resources/config/sg/sg_action_groups.yml
+++ /dev/null
@@ -1,137 +0,0 @@
-UNLIMITED:
-  readonly: true
-  permissions:
-    - "*"
-
-###### INDEX LEVEL ######
-
-INDICES_ALL:
-  readonly: true
-  permissions:
-    - "indices:*"
-
-# for backward compatibility
-ALL:
-  readonly: true
-  permissions:
-    - INDICES_ALL
-
-MANAGE:
-  readonly: true
-  permissions:
-    - "indices:monitor/*"
-    - "indices:admin/*"
-
-CREATE_INDEX:
-  readonly: true
-  permissions:
-    - "indices:admin/create"
-    - "indices:admin/mapping/put"
-
-MANAGE_ALIASES:
-  readonly: true
-  permissions:
-    - "indices:admin/aliases*"
-
-# for backward compatibility
-MONITOR:
-  readonly: true
-  permissions:
-    - INDICES_MONITOR
-
-INDICES_MONITOR:
-  readonly: true
-  permissions:
-    - "indices:monitor/*"
-
-DATA_ACCESS:
-  readonly: true
-  permissions:
-    - "indices:data/*"
-    - CRUD
-
-WRITE:
-  readonly: true
-  permissions:
-    - "indices:data/write*"
-    - "indices:admin/mapping/put"
-
-READ:
-  readonly: true
-  permissions:
-    - "indices:data/read*"
-    - "indices:admin/mappings/fields/get*"
-
-DELETE:
-  readonly: true
-  permissions:
-    - "indices:data/write/delete*"
-
-CRUD:
-  readonly: true
-  permissions:
-    - READ
-    - WRITE
-
-SEARCH:
-  readonly: true
-  permissions:
-    - "indices:data/read/search*"
-    - "indices:data/read/msearch*"
-    - SUGGEST
-
-SUGGEST:
-  readonly: true
-  permissions:
-    - "indices:data/read/suggest*"
-
-INDEX:
-  readonly: true
-  permissions:
-    - "indices:data/write/index*"
-    - "indices:data/write/update*"
-    - "indices:admin/mapping/put"
-    - "indices:data/write/bulk*"
-
-GET:
-  readonly: true
-  permissions:
-    - "indices:data/read/get*"
-    - "indices:data/read/mget*"
-
-###### CLUSTER LEVEL ######
-
-CLUSTER_ALL:
-  readonly: true
-  permissions:
-    - "cluster:*"
-
-CLUSTER_MONITOR:
-  readonly: true
-  permissions:
-    - "cluster:monitor/*"
-
-CLUSTER_COMPOSITE_OPS_RO:
-  readonly: true
-  permissions:
-    - "indices:data/read/mget"
-    - "indices:data/read/msearch"
-    - "indices:data/read/mtv"
-    - "indices:data/read/coordinate-msearch*"
-    - "indices:admin/aliases/exists*"
-    - "indices:admin/aliases/get*"
-    - "indices:data/read/scroll"
-
-CLUSTER_COMPOSITE_OPS:
-  readonly: true
-  permissions:
-    - "indices:data/write/bulk"
-    - "indices:admin/aliases*"
-    - "indices:data/write/reindex"
-    - CLUSTER_COMPOSITE_OPS_RO
-
-MANAGE_SNAPSHOTS:
-  readonly: true
-  permissions:
-    - "cluster:admin/snapshot/*"
-    - "cluster:admin/repository/*"
\ No newline at end of file
diff --git a/components/aai-elasticsearch/resources/config/sg/sg_config.yml b/components/aai-elasticsearch/resources/config/sg/sg_config.yml
deleted file mode 100644
index d0050e0..0000000
--- a/components/aai-elasticsearch/resources/config/sg/sg_config.yml
+++ /dev/null
@@ -1,123 +0,0 @@
-# This is the main Search Guard configuration file where authentication 
-# and authorization is defined.
-# 
-# You need to configure at least one authentication domain in the authc of this file.
-# An authentication domain is responsible for extracting the user credentials from 
-# the request and for validating them against an authentication backend like Active Directory for example. 
-#
-# If more than one authentication domain is configured the first one which succeeds wins. 
-# If all authentication domains fail then the request is unauthenticated.
-# In this case an exception is thrown and/or the HTTP status is set to 401.
-# 
-# After authentication authorization (authz) will be applied. There can be zero or more authorizers which collect
-# the roles from a given backend for the authenticated user.
-#
-# Both, authc and auth can be enabled/disabled separately for REST and TRANSPORT layer. Default is true for both.
-#        http_enabled: true
-#        transport_enabled: true
-#
-# 5.x Migration: "enabled: true/false" will also be respected currently but only to provide backward compatibility.
-#
-# For HTTP it is possible to allow anonymous authentication. If that is the case then the HTTP authenticators try to
-# find user credentials in the HTTP request. If credentials are found then the user gets regularly authenticated.
-# If none can be found the user will be authenticated as an "anonymous" user. This user has always the username "sg_anonymous"
-# and one role named "sg_anonymous_backendrole". 
-# If you enable anonymous authentication all HTTP authenticators will not challenge.
-# 
-#
-# Note: If you define more than one HTTP authenticators make sure to put non-challenging authenticators like "proxy" or "clientcert"
-# first and the challenging one last. 
-# Because it's not possible to challenge a client with two different authentication methods (for example
-# Kerberos and Basic) only one can have the challenge flag set to true. You can cope with this situation
-# by using pre-authentication, e.g. sending a HTTP Basic authentication header in the request.
-#
-# Default value of the challenge flag is true.
-# 
-#
-# HTTP
-#   basic (challenging)
-#   proxy (not challenging, needs xff)
-#   clientcert (not challenging, needs https)
-#   host (not challenging) #DEPRECATED, will be removed in a future version.
-#                           host based authentication is configurable in sg_roles_mapping
-
-# Authc
-#   internal
-#   noop
-
-# Authz
-#   noop
-
-# Some SearchGuard functionality is licensed under Apache-2.0, while other functionality is non-free;
-# see https://github.com/floragunncom/search-guard. The functionality enabled in this configuration
-# file only include those that are licensed under Apache-2.0. Please use care and review SearchGuard's
-# license details before enabling any additional features here.
-
-searchguard:
-  dynamic:
-    # Set filtered_alias_mode to 'disallow' to forbid more than 2 filtered aliases per index
-    # Set filtered_alias_mode to 'warn' to allow more than 2 filtered aliases per index but warns about it (default)
-    # Set filtered_alias_mode to 'nowarn' to allow more than 2 filtered aliases per index silently
-    #filtered_alias_mode: warn
-    http:
-      anonymous_auth_enabled: false
-      xff:
-        enabled: false
-        internalProxies: '192\.168\.0\.10|192\.168\.0\.11' # regex pattern
-        #internalProxies: '.*' # trust all internal proxies, regex pattern
-        remoteIpHeader:  'x-forwarded-for'
-        proxiesHeader:   'x-forwarded-by'
-        #trustedProxies: '.*' # trust all external proxies, regex pattern
-        ###### see https://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html for regex help
-        ###### more information about XFF https://en.wikipedia.org/wiki/X-Forwarded-For
-        ###### and here https://tools.ietf.org/html/rfc7239
-        ###### and https://tomcat.apache.org/tomcat-8.0-doc/config/valve.html#Remote_IP_Valve
-    authc:
-      basic_internal_auth_domain:
-        http_enabled: true
-        transport_enabled: true
-        order: 2
-        http_authenticator:
-          type: basic
-          challenge: true
-        authentication_backend:
-          type: intern
-      proxy_auth_domain:
-        http_enabled: false
-        transport_enabled: false
-        order: 3
-        http_authenticator:
-          type: proxy
-          challenge: false
-          config:
-            user_header: "x-proxy-user"
-            roles_header: "x-proxy-roles"
-        authentication_backend:
-          type: noop
-      jwt_auth_domain:
-        http_enabled: false
-        transport_enabled: false
-        order: 0
-        http_authenticator:
-          type: jwt
-          challenge: false
-          config:
-            signing_key: "base64 encoded HMAC key or public RSA/ECDSA pem key"
-            jwt_header: "Authorization"
-            jwt_url_parameter: null
-            roles_key: null
-            subject_key: null
-        authentication_backend:
-          type: noop
-      clientcert_auth_domain:
-        http_enabled: true
-        transport_enabled: true
-        order: 1
-        http_authenticator:
-          type: clientcert
-          config:
-            username_attribute: cn #optional, if omitted DN becomes username
-          challenge: false
-        authentication_backend:
-          type: noop
-    authz:
\ No newline at end of file
diff --git a/components/aai-elasticsearch/resources/config/sg/sg_internal_users.yml b/components/aai-elasticsearch/resources/config/sg/sg_internal_users.yml
deleted file mode 100644
index 942a716..0000000
--- a/components/aai-elasticsearch/resources/config/sg/sg_internal_users.yml
+++ /dev/null
@@ -1,45 +0,0 @@
-# This is the internal user database
-# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
-
-#password is: admin
-admin:
-  readonly: true
-  hash: $2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG
-  roles:
-    - admin
-  attributes:
-    #no dots allowed in attribute names
-    attribute1: value1
-    attribute2: value2
-    attribute3: value3
-
-#password is: logstash
-logstash:
-  hash: $2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2
-  roles:
-    - logstash
-
-#password is: kibanaserver
-kibanaserver:
-  readonly: true
-  hash: $2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H.
-
-#password is: kibanaro
-kibanaro:
-  hash: $2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC
-  roles:
-    - kibanauser
-    - readall
-
-#password is: readall
-readall:
-  hash: $2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2
-  #password is: readall
-  roles:
-    - readall
-
-#password is: snapshotrestore
-snapshotrestore:
-  hash: $2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W
-  roles:
-    - snapshotrestore
\ No newline at end of file
diff --git a/components/aai-elasticsearch/resources/config/sg/sg_roles.yml b/components/aai-elasticsearch/resources/config/sg/sg_roles.yml
deleted file mode 100644
index c918e85..0000000
--- a/components/aai-elasticsearch/resources/config/sg/sg_roles.yml
+++ /dev/null
@@ -1,262 +0,0 @@
-# Allows everything, but no changes to searchguard configuration index
-sg_all_access:
-  readonly: true
-  cluster:
-    - UNLIMITED
-  indices:
-    '*':
-      '*':
-        - UNLIMITED
-  tenants:
-    admin_tenant: RW
-
-# Read all, but no write permissions
-sg_readall:
-  readonly: true
-  cluster:
-    - CLUSTER_COMPOSITE_OPS_RO
-  indices:
-    '*':
-      '*':
-        - READ
-
-# Read all and monitor, but no write permissions
-sg_readall_and_monitor:
-  cluster:
-    - CLUSTER_MONITOR
-    - CLUSTER_COMPOSITE_OPS_RO
-  indices:
-    '*':
-      '*':
-        - READ
-
-# For users which use kibana, access to indices must be granted separately
-sg_kibana_user:
-  readonly: true
-  cluster:
-    - INDICES_MONITOR
-    - CLUSTER_COMPOSITE_OPS
-  indices:
-    '?kibana':
-      '*':
-        - MANAGE
-        - INDEX
-        - READ
-        - DELETE
-    '?kibana-6':
-      '*':
-        - MANAGE
-        - INDEX
-        - READ
-        - DELETE
-    '?kibana_*':
-      '*':
-        - MANAGE
-        - INDEX
-        - READ
-        - DELETE
-    '?tasks':
-      '*':
-        - INDICES_ALL
-    '?management-beats':
-      '*':
-        - INDICES_ALL
-    '*':
-      '*':
-        - indices:data/read/field_caps*
-        - indices:data/read/xpack/rollup*
-        - indices:admin/mappings/get*
-        - indices:admin/get
-
-# For the kibana server
-sg_kibana_server:
-  readonly: true
-  cluster:
-      - CLUSTER_MONITOR
-      - CLUSTER_COMPOSITE_OPS
-      - cluster:admin/xpack/monitoring*
-      - indices:admin/template*
-      - indices:data/read/scroll*
-  indices:
-    '?kibana':
-      '*':
-        - INDICES_ALL
-    '?kibana-6':
-      '*':
-        - INDICES_ALL
-    '?kibana_*':
-      '*':
-        - INDICES_ALL
-    '?reporting*':
-      '*':
-        - INDICES_ALL
-    '?monitoring*':
-      '*':
-        - INDICES_ALL
-    '?tasks':
-      '*':
-        - INDICES_ALL
-    '?management-beats*':
-      '*':
-        - INDICES_ALL
-    '*':
-      '*':
-        - "indices:admin/aliases*"
-
-# For logstash and beats
-sg_logstash:
-  cluster:
-    - CLUSTER_MONITOR
-    - CLUSTER_COMPOSITE_OPS
-    - indices:admin/template/get
-    - indices:admin/template/put
-  indices:
-    'logstash-*':
-      '*':
-        - CRUD
-        - CREATE_INDEX
-    '*beat*':
-      '*':
-        - CRUD
-        - CREATE_INDEX
-
-# Allows adding and modifying repositories and creating and restoring snapshots
-sg_manage_snapshots:
-  cluster:
-    - MANAGE_SNAPSHOTS
-  indices:
-    '*':
-      '*':
-        - "indices:data/write/index"
-        - "indices:admin/create"
-
-# Allows each user to access own named index
-sg_own_index:
-  cluster:
-    - CLUSTER_COMPOSITE_OPS
-  indices:
-    '${user_name}':
-      '*':
-        - INDICES_ALL
-
-### X-Pack COMPATIBILITY
-sg_xp_monitoring:
-  readonly: true
-  cluster:
-    - cluster:monitor/xpack/info
-    - cluster:monitor/main
-    - cluster:admin/xpack/monitoring/bulk
-  indices:
-    '?monitor*':
-      '*':
-        - INDICES_ALL
-
-sg_xp_alerting:
-  readonly: true
-  cluster:
-    - indices:data/read/scroll
-    - cluster:admin/xpack/watcher*
-    - cluster:monitor/xpack/watcher*
-  indices:
-    '?watches*':
-      '*':
-        - INDICES_ALL
-    '?watcher-history-*':
-      '*':
-        - INDICES_ALL
-    '?triggered_watches':
-      '*':
-        - INDICES_ALL
-    '*':
-      '*':
-        - READ
-        - indices:admin/aliases/get
-
-sg_xp_machine_learning:
-  readonly: true
-  cluster:
-    - cluster:admin/persistent*
-    - cluster:internal/xpack/ml*
-    - indices:data/read/scroll*
-    - cluster:admin/xpack/ml*
-    - cluster:monitor/xpack/ml*
-  indices:
-    '*':
-      '*':
-        - READ
-        - indices:admin/get*
-    '?ml-*':
-      '*':
-        - "*"
-
-### LEGACY ROLES, FOR COMPATIBILITY ONLY
-### WILL BE REMOVED IN SG7, DO NOT USE ANYMORE
-
-sg_readonly_and_monitor:
-  cluster:
-    - CLUSTER_MONITOR
-    - CLUSTER_COMPOSITE_OPS_RO
-  indices:
-    '*':
-      '*':
-        - READ
-
-# Make xpack monitoring work
-sg_monitor:
-  cluster:
-    - cluster:admin/xpack/monitoring/*
-    - cluster:admin/ingest/pipeline/put       
-    - cluster:admin/ingest/pipeline/get
-    - indices:admin/template/get
-    - indices:admin/template/put
-    - CLUSTER_MONITOR
-    - CLUSTER_COMPOSITE_OPS
-  indices:
-    '?monitor*':
-      '*':
-        - INDICES_ALL
-    '?marvel*':
-      '*':
-        - INDICES_ALL
-    '?kibana*':
-      '*':
-        - READ
-    '*':
-      '*':
-        - indices:data/read/field_caps
-
-# Make xpack alerting work
-sg_alerting:
-  cluster:
-    - indices:data/read/scroll
-    - cluster:admin/xpack/watcher/watch/put
-    - cluster:admin/xpack/watcher*
-    - CLUSTER_MONITOR
-    - CLUSTER_COMPOSITE_OPS
-  indices:
-    '?kibana*':
-      '*':
-        - READ
-    '?watches*':
-      '*':
-        - INDICES_ALL
-    '?watcher-history-*':
-      '*':
-        - INDICES_ALL
-    '?triggered_watches':
-      '*':
-        - INDICES_ALL
-    '*':
-      '*':
-        - READ
-
-
-sg_role_test:
-  cluster:
-    - indices:admin/template/get
-    - indices:admin/template/put
-    - CLUSTER_COMPOSITE_OPS
-  indices:
-    '*':
-      '*':
-        - UNLIMITED
diff --git a/components/aai-elasticsearch/resources/config/sg/sg_roles_mapping.yml b/components/aai-elasticsearch/resources/config/sg/sg_roles_mapping.yml
deleted file mode 100644
index 970e027..0000000
--- a/components/aai-elasticsearch/resources/config/sg/sg_roles_mapping.yml
+++ /dev/null
@@ -1,38 +0,0 @@
-# In this file users, backendroles and hosts can be mapped to Search Guard roles.
-# Permissions for Search Guard roles are configured in sg_roles.yml
-
-sg_all_access:
-  readonly: true
-  backendroles:
-    - admin
-
-sg_logstash:
-  backendroles:
-    - logstash
-    
-sg_kibana_server:
-  readonly: true
-  users:
-    - kibanaserver
-    
-sg_kibana_user:
-  backendroles:
-    - kibanauser
-
-sg_readall:
-  readonly: true
-  backendroles:
-    - readall
-
-sg_manage_snapshots:
-  readonly: true
-  backendroles:
-    - snapshotrestore
-
-sg_own_index:
-  users:
-    - '*'
-
-sg_role_test:
-  users:
-    - test
diff --git a/components/aai-elasticsearch/templates/configmap.yaml b/components/aai-elasticsearch/templates/configmap.yaml
index 4be124f..5067c83 100644
--- a/components/aai-elasticsearch/templates/configmap.yaml
+++ b/components/aai-elasticsearch/templates/configmap.yaml
@@ -24,29 +24,3 @@ metadata:
     heritage: {{ .Release.Service }}
 data:
 {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-sg-scripts
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/bin/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-sg-config
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/sg/*").AsConfig . | indent 2 }}
diff --git a/components/aai-elasticsearch/templates/deployment.yaml b/components/aai-elasticsearch/templates/deployment.yaml
index 785693a..0c54738 100644
--- a/components/aai-elasticsearch/templates/deployment.yaml
+++ b/components/aai-elasticsearch/templates/deployment.yaml
@@ -60,8 +60,8 @@ spec:
         - name: elasticsearch-data
           mountPath: /logroot/
       containers:
-      - name: {{ include "common.name" . }}
-        image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+      - name: {{ include "common.name" . }}        
+        image: "{{ .Values.global.loggingRepository }}/{{ .Values.image }}"
         imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
         ports:
         - containerPort: {{ .Values.service.internalPort }}
@@ -93,19 +93,6 @@ spec:
           - name: elasticsearch-config
             subPath: log4j2.properties
             mountPath: /usr/share/elasticsearch/config/log4j2.properties
-          - name: searchguard-scripts
-            subPath: run.sh
-            mountPath: /usr/share/elasticsearch/bin/run.sh
-          - name: searchguard-scripts
-            subPath: wait_until_started.sh
-            mountPath: /usr/share/elasticsearch/bin/wait_until_started.sh
-          - name: searchguard-scripts
-            subPath: init_sg.sh
-            mountPath: /usr/share/elasticsearch/bin/init_sg.sh
-          - name: searchguard-config
-            mountPath: /usr/share/elasticsearch/config/sg
-          - name: searchguard-auth-config
-            mountPath: /usr/share/elasticsearch/config/sg/auth
           - name: elasticsearch-data
             mountPath: /usr/share/elasticsearch/data
         resources:
@@ -126,16 +113,6 @@ spec:
       - name: elasticsearch-config
         configMap:
           name: {{ include "common.fullname" . }}-es-config
-      - name: searchguard-scripts
-        configMap:
-          name: {{ include "common.fullname" . }}-sg-scripts
-          defaultMode: 0754
-      - name: searchguard-config
-        configMap:
-          name: {{ include "common.fullname" . }}-sg-config
-      - name: searchguard-auth-config
-        secret:
-          secretName: {{ include "common.fullname" . }}-sg-auth
       - name: elasticsearch-data
         hostPath:
           path: {{ .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
diff --git a/components/aai-elasticsearch/templates/secrets.yaml b/components/aai-elasticsearch/templates/secrets.yaml
deleted file mode 100644
index 34b272f..0000000
--- a/components/aai-elasticsearch/templates/secrets.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-sg-auth
-  namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/sg/auth/*").AsSecrets . | indent 2 }}
\ No newline at end of file
diff --git a/components/aai-elasticsearch/values.yaml b/components/aai-elasticsearch/values.yaml
index 2cd835f..dff0703 100644
--- a/components/aai-elasticsearch/values.yaml
+++ b/components/aai-elasticsearch/values.yaml
@@ -19,7 +19,7 @@ global: # global defaults
   nodePortPrefix: 302
 
 # application image
-image: onap/elasticsearch-sg:1.5.1
+image: elasticsearch/elasticsearch:6.1.2
 pullPolicy: Always
 restartPolicy: Always
 
diff --git a/components/aai-search-data/resources/config/elastic-search.properties b/components/aai-search-data/resources/config/elastic-search.properties
index 6232c14..65de20d 100644
--- a/components/aai-search-data/resources/config/elastic-search.properties
+++ b/components/aai-search-data/resources/config/elastic-search.properties
@@ -17,7 +17,7 @@
 es.cluster-name=ES_AAI
 es.ip-address=aai-elasticsearch.{{.Release.Namespace}}
 es.http-port={{ .Values.config.elasticsearchHttpPort }}
-es.uri-scheme=https
+es.uri-scheme=http
 es.auth-user=admin
 es.auth-password=OBF:1u2a1toa1w8v1tok1u30
 es.trust-store=auth/tomcat_keystore
-- 
2.16.6