From d1943c0a3a483012c49fd4f47c1421bbb01855a2 Mon Sep 17 00:00:00 2001
From: Dominik Mizyn <d.mizyn@samsung.com>
Date: Thu, 16 Apr 2020 10:41:01 +0200
Subject: [PATCH] [POLICY] Use common secret template in brmsgw

Use common secret template in brmsgw module instead of hardcoding them in
config map.

For now creds are hardcoded but this will be remove in further commits.

Issue-ID: OOM-2342
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Change-Id: Ic6ea25004d87d993b40df838dd30a71e25386b2c
---
 .../charts/brmsgw/resources/config/pe/brmsgw.conf  | 12 +++++-----
 .../policy/charts/brmsgw/templates/deployment.yaml | 26 +++++++++++++++++++++
 kubernetes/policy/charts/brmsgw/values.yaml        | 27 ++++++++++++++++++++++
 3 files changed, 59 insertions(+), 6 deletions(-)

diff --git a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf
index 7c58b3da54..1598a8ff3f 100644
--- a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf
+++ b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf
@@ -21,10 +21,10 @@ COMPONENT_X_MS_MB=1024
 REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/
 REST_PDP_ID=https://{{ .Values.global.pdp.nameOverride }}:{{.Values.config.pdpPort}}/pdp/
 
-PDP_HTTP_USER_ID=testpdp
-PDP_HTTP_PASSWORD=alpha123
-PDP_PAP_PDP_HTTP_USER_ID=testpap
-PDP_PAP_PDP_HTTP_PASSWORD=alpha123
+PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID}
+PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD}
+PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID}
+PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD}
 
 M2_HOME=/usr/share/java/maven-3
 snapshotRepositoryID=policy-nexus-snapshots
@@ -33,8 +33,8 @@ snapshotRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.c
 releaseRepositoryID=policy-nexus-releases
 releaseRepositoryName=Releases
 releaseRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases
-repositoryUsername=admin
-repositoryPassword=admin123
+repositoryUsername=${REPOSITORY_USERNAME}
+repositoryPassword=${REPOSITORY_PASSWORD}
 UEB_URL=message-router
 UEB_TOPIC=PDPD-CONFIGURATION
 UEB_API_KEY=
diff --git a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml
index 5bbffb5836..a636e9011f 100644
--- a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml
+++ b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml
@@ -42,6 +42,19 @@ spec:
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
         - name: JDBC_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+        - name: PDP_HTTP_USER_ID
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
+        - name: PDP_HTTP_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
+        - name: PDP_PAP_PDP_HTTP_USER_ID
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
+        - name: PDP_PAP_PDP_HTTP_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
+        - name: REPOSITORY_USERNAME
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }}
+        - name: REPOSITORY_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
+        volumeMounts:
         volumeMounts:
         - mountPath: /config-input
           name: pe
@@ -77,6 +90,19 @@ spec:
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
         - name: JDBC_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+        - name: PDP_HTTP_USER_ID
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
+        - name: PDP_HTTP_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
+        - name: PDP_PAP_PDP_HTTP_USER_ID
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
+        - name: PDP_PAP_PDP_HTTP_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
+        - name: REPOSITORY_USERNAME
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }}
+        - name: REPOSITORY_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
+        volumeMounts:
         ports:
         - containerPort: {{ .Values.service.externalPort }}
         {{- if eq .Values.liveness.enabled true }}
diff --git a/kubernetes/policy/charts/brmsgw/values.yaml b/kubernetes/policy/charts/brmsgw/values.yaml
index bf6ccab156..ee47b4a4c3 100644
--- a/kubernetes/policy/charts/brmsgw/values.yaml
+++ b/kubernetes/policy/charts/brmsgw/values.yaml
@@ -32,6 +32,24 @@ secrets:
     login: '{{ .Values.db.user }}'
     password: '{{ .Values.db.password }}'
     passwordPolicy: required
+  - uid: pdp-http-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}'
+    login: '{{ .Values.pdp.pdphttpuserid }}'
+    password: '{{ .Values.pdp.pdphttppassword }}'
+    passwordPolicy: required
+  - uid: pap-http-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}'
+    login: '{{ .Values.pap.pdppappdphttpuserid }}'
+    password: '{{ .Values.pap.pdppappdphttppassword }}'
+    passwordPolicy: required
+  - uid: nexus-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.nexus.nexusCredsExternalSecret) . }}'
+    login: '{{ .Values.nexus.repositoryUsername }}'
+    password: '{{ .Values.nexus.repositoryPassword }}'
+    passwordPolicy: required
 
 #################################################################
 # Application configuration defaults.
@@ -53,6 +71,15 @@ config:
 db:
   user: policy_user
   password: policy_user
+pdp:
+  pdphttpuserid: testpdp
+  pdphttppassword: alpha123
+pap:
+  pdppappdphttpuserid: testpap
+  pdppappdphttppassword: alpha123
+nexus:
+  repositoryUsername: admin
+  repositoryPassword: admin123
 
 # default number of instances
 replicaCount: 1
-- 
2.16.6