From c40d75739834fe2bd237d543cc9f8549931620af Mon Sep 17 00:00:00 2001
From: "Tait,Trevor(rt0435)" <rtait@amdocs.com>
Date: Mon, 10 Dec 2018 11:37:25 -0500
Subject: [PATCH] Update OOM to for HTTPS for Network Discovery

Issue-ID: SDNC-375
Change-Id: Ib1c045f08654e39d613a57f37cd336c129875604
Signed-off-by: Tait,Trevor(rt0435) <rtait@amdocs.com>
---
 .../resources/config/application.properties              |   8 ++++++++
 .../resources/config/auth/tomcat_keystore                | Bin 0 -> 2214 bytes
 .../pomba-networkdiscovery/templates/deployment.yaml     |   4 ++++
 .../pomba/charts/pomba-networkdiscovery/values.yaml      |  13 +++++++++++--
 .../charts/pomba-networkdiscoveryctxbuilder/values.yaml  |   4 ++--
 5 files changed, 25 insertions(+), 4 deletions(-)
 create mode 100644 kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/tomcat_keystore

diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties
index a59cf41b33..cccba6b7bc 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties
+++ b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties
@@ -31,6 +31,14 @@ server.tomcat.max-idle-time=60000
 #Servlet context parameters
 server.context_parameters.p-name=value #context parameter with p-name as key and value as value.
 
+#Enable HTTPS
+server.port={{ .Values.config.serverSslPort }}
+server.ssl.key-store={{ .Values.config.serverSslKeyStore }}
+server.ssl.key-store-password={{ .Values.config.serverSslKeyStorePassword }}
+server.ssl.client-auth={{ .Values.config.serverSslClientAuth }}
+server.ssl.enabled={{ .Values.config.serverSslEnabled }}
+server.ssl.enabled-protocols={{ .Values.config.serverSslEnabledProtocols }}
+
 # Basic Authentication
 basicAuth.username={{ .Values.config.networkDiscoveryUserId }}
 basicAuth.password={{ .Values.config.networkDiscoveryPassword }}
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/tomcat_keystore b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/tomcat_keystore
new file mode 100644
index 0000000000000000000000000000000000000000..9eec841aa2c1243b5ca3e22b0b116e5bca2afd49
GIT binary patch
literal 2214
zcmcJQXHyf35{A<VB@{6fLkAT^BqRil5ULV-69qv52}MBZRq==tIub!Zia=;mq#a67
zdX*wlrI*kNMG*x75ljyE+<Rxv{Q>vG`{CJ{ot=GmXP3T7-vj^vpko357Sz|n&7R<U
zjJGQwyRrZP69`3w&{3RFHW?@o0z41m1_GG?5F%s)O`o5m>YU`$h=up~Z`{XDvR*`$
zzz#)47haP~tv|D6mK5}zGvJ;XTcs8(8BRtSutt0nY_g%MoRa|;|Md5m6Fh;Jq2N{Y
z_@3}C$JB}YtUs*Za?s`JeoMO1+r=63TnZY#qy*QgQqWyhEkSt;6nsS%)@q-fP~E0k
z;;U!hctBy*u?73i4m--P-{w7I<y>}r@otzjdND9D8ErKeeYe+W<Y2)3AQCAR))OIG
z^Of&?&*?4%{T#)_qJO$vt0J{2VT<O8)I!*AEfi9!PZ6%Z^404&*>~WR6XoY%67E(c
zKG2?clD{PU%-x8D{xsDjm8_i!Iz*!~sprgz-pbd|wD(J^B61Y&c8N|WjVZ|w(#tL3
z);vAKL47*5^D&KRS;w=+hJbeg9DS27bTdLTKaF?v@IGVZYIWHjnM2&;#FbO!hU2qE
z+bdse`Ua`*ZDSbQ2`zD<k*dyCFluvm{sA+8PGe0{D2-)Me|0SscGuan{z0l@O0?^R
zM?;T<hW6^*KV~+Q`o3scZL(LZugo=5UFx2YoJ>ZPe8T@&;k+)>fplIw{8rpK#w_<z
zdPOtpW*EAbe9yw;DFq{_$<k5~Mu<D&^B%#SajUxi>^oyy@JG-<*ytx4iE#yxnm0w=
zsQ3mhmsjlZsqDe$)4tZiZ8RyqHRA(V@Z-;JVxjT&?A7`G1xSuj{d4<CurJXMs-f&F
zT|z|*@-U+~Vj5rYkD_t4r&?JmIiaixpWdR|h<PDIRm{y|(%OJD0<~A{OdA`pXg>T^
z`)2$ClX^CNSj2ZA7>6eiBWnlCZ#_k7+R{j3Zs3k}#59ZG%&egH70h}?*UV&AM*Nux
zftp}&{@Bu4uYsw@OI5B^W#l8Gva3CRE@@gldvhn`*Zk<$Y0#?*w(wKl@IPPerG#ew
zF#ma(&R;XYX7qXa!7I*7ye&-MlMsvA*gq!(+D7brD%esfz4f5p*wqG`A;*o|ZZ!I}
z+5PP#v@U?VeeENz+c5~Ar}mueC$HJKfJ&S_*{uz6VF>tC@l@c(g?Mr?%9Bnz=F$N%
zGJwGPmUyvf1q#=GQSz;4>Y0n!PhQ=nPlaG+ZKuVDSYCSTCB@@0XY72sTWR}GFu0sM
zuJU)M7B9no2}*V)H*Q$sZ4bK=uc;9Z#*YlOBsxVL(zz4`vhyg-qh<?POEu2U{+u&X
zz3`ZuowcXSU_X2%+^B|dGo;&<)*PN>WGi7huPU<11)Y5*UN!14#^-uFzS7BV58VKr
zEA@&jM5+va6#HX6u>AXmQdEdZs8yblX}kfBR64HCf0!aQRy-pc`BR7Bd{w0`La7pI
zkm=yi-+ve=rYfwtttU<AljTeuLl>geMdb|Jcjx%UI#bu~NFgHk+;KiDl~>v4d7X3w
z9rc55$0f!7n&sJ9{L+P^xOe}Ks>QqeF)(&V{YCm!er2w>_iX(t<sRx<V%CyaXAbJ^
zs5k30%?|ktTfgkGB2Myx$Z8Ze5MYu1wKo1}eVN>_Tivuge8N>R-3qr~xQviRhIz7E
zmF2Mnc|_>mPq`r8ijUH>?@90qr{15OW~Xm0vAh<vfGfY+&O4CnXIvURBGZ2--J<Bd
zi$T`gR0cF$hS@N@kQWdMH_Z6^S5lW_(IV$aAUjBz9XUgOYo}Y|@5{(!fxL)P1OUL+
zC?ePrMFeSNfk8kJ2!bcfoJMg#S<i>-gzs|zfiNZj${Gzru|mOS5GWjURRewE_<kM(
z3!K^5-Iw6);(_Km&Nz-R!=c8$zJve*nga#<SAY!;F*edL`7gr$7s3BVln6fu8jDhp
z$I7En7ctmd{2Ul83XPWk5B|T)6M+){Z20&efQdjZ0E!4?0}+8hK-!6X)WhrA6%KyU
z=Cc)Ciowv6i=gR4jb=<mxsZ6m_nKmf2aDb>Y};HIkp*=k2hB<ubXZDJUm7u{9OLxT
zs5PYdosfBb+Goq)ZJ46qp3n}r4Q!_H`~A@wTLXl2=cE<FYXRH?%)ghAGM_^+E(pFx
z=i&9jQm2H}cYa<L8qVGB4`FoJDG1<Jls+=vBqy_}M$ZSjAKi$(WT>Qiz7ez0-g*`J
z;kBFnkU1$tF0Q3m>%h|VsX%2p1>*X`1iB_Xsp#U?;-t;1ook?X4d(qVk*{RR6P$!(
zp1b3J(1hT0hDnnDpuGp1ZS=|N6}7K@$PGzIw|!Z2!?d{VA_xow0CUArqA20xnF@14
z_#iwJi$B9~LoCv7gCyLen@bi+ATHT|ns~f5$0h;+Rx~^Phbuh2WcIpC_L=IRX6m;L
zysyK_ECDymj03FucK5@FeBsQGhhk{RwcU?BM=B2vJs7~^Rk^HuniMI0TX<ajx9pqo
zrr@xO(Z_v2!nXlK5NYe$VE$!h;VVszze&n!+|pll0X@o|PMIB*KsmkPPC`?)sSH_|
zYP895yL1=tasPd~zpQ`VNQ-4|WYT9?uK&m`x%AhB*caA8rU(V>6bN0{i~@uuQZjr@
z0~JCi^gFuj9Za{klpnkui<5%Dg>7HPFqAv?53G&aN9E<Q1#nS`pgVz%r^&mISf*J0
z4J648l4@6$HS39!%%e1%j+AH6Jb$_hGe=s09I>0RU&+ronb{ED1*wh|l;Zsh_>tSL

literal 0
HcmV?d00001

diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml b/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml
index 91b4c5a254..7b955b4286 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml
+++ b/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml
@@ -68,6 +68,10 @@ spec:
             name: {{ include "common.fullname" . }}-auth-secret
             subPath: client-cert-onap.p12
             readOnly: true
+          - mountPath: /opt/app/config/auth/tomcat_keystore
+            name: {{ include "common.fullname" . }}-auth-secret
+            subPath: tomcat_keystore
+            readOnly: true
 
           resources:
 {{ include "common.resources" . | indent 12 }}
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml b/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml
index 35369e7ba8..33eb2b82ed 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml
+++ b/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml
@@ -34,6 +34,15 @@ debugEnabled: false
 # Example:
 config:
   # Network Discovery Micro Service REST Client Configuration
+
+  #Enable HTTPS
+  serverSslPort: 8443
+  serverSslKeyStore: /opt/app/config/auth/tomcat_keystore
+  serverSslKeyStorePassword: password(OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10)
+  serverSslClientAuth: want
+  serverSslEnabled: true
+  serverSslEnabledProtocols: TLSv1.1,TLSv1.2
+
   # Basic Authorization credentials for Network Discovery Micro Service Rest Service
   networkDiscoveryUserId: admin
   networkDiscoveryPassword: OBF:1u2a1toa1w8v1tok1u30
@@ -77,8 +86,8 @@ service:
   #service being defined.
   type: NodePort
   name: pomba-networkdiscovery  
-  externalPort: 8080
-  internalPort: 8080
+  externalPort: 8443
+  internalPort: 8443
   nodePort: 99
 #  nodePort: <replace with unused node port suffix eg. 23>
   # optional port name override - default can be defined in service.yaml
diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml
index ff1f6c86af..9e4a8807cb 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml
+++ b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml
@@ -52,7 +52,7 @@ config:
   # Network Discovery Micro Service REST Client Configuration
   networkDiscoveryServiceName: pomba-networkdiscovery
   networkDiscoveryPort: 9531
-  networkDiscoveryHttpProtocol: http
+  networkDiscoveryHttpProtocol: https
   networkDiscoveryPath: /network-discovery/v1/network/resource
   # Wait for Network Discovery MicroService response in milliseconds
   networkDiscoveryTimeOutInMilliseconds: 60000
@@ -116,4 +116,4 @@ resources:
     requests:
       cpu: 200m
       memory: 800Mi
-  unlimited: {}
\ No newline at end of file
+  unlimited: {}
-- 
2.16.6