From bbabc30d68b8bf47763d6d8f7b99b95ee6f82900 Mon Sep 17 00:00:00 2001
From: Lukasz Rajewski <lukasz.rajewski@orange.com>
Date: Thu, 14 May 2020 10:16:37 +0200
Subject: [PATCH] Fixed secrets used for appc

THe patch changes way how secrets are
resolved for appc after latest changes in
ONAP secrets policy.

Issue-ID: INT-1465
Signed-off-by: Lukasz Rajewski <lukasz.rajewski@orange.com>
Change-Id: I7f992477e612cb04eb3c4dd5dce64fa9c83d1258
---
 tutorials/vFWDT/get_secret.sh                  | 30 ++++++++++++++++++++++++++
 tutorials/vFWDT/playbooks/configure_ansible.sh | 12 +++++++----
 tutorials/vFWDT/workflow/workflow.py           |  5 ++++-
 3 files changed, 42 insertions(+), 5 deletions(-)
 create mode 100755 tutorials/vFWDT/get_secret.sh

diff --git a/tutorials/vFWDT/get_secret.sh b/tutorials/vFWDT/get_secret.sh
new file mode 100755
index 00000000..1b825205
--- /dev/null
+++ b/tutorials/vFWDT/get_secret.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 Orange
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END=========================================================
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+
+`$DIR/yq > /dev/null 2>&1`
+
+if [ $? -ne 0 ]; then
+	echo "Install yq"
+	wget -qcO $DIR/yq https://github.com/mikefarah/yq/releases/download/2.4.0/yq_linux_amd64 
+	chmod 755 $DIR/yq
+fi
+
+echo `kubectl get secret $1 -o jsonpath="{.data.password}" | base64 --decode`
diff --git a/tutorials/vFWDT/playbooks/configure_ansible.sh b/tutorials/vFWDT/playbooks/configure_ansible.sh
index c49153f8..e5a42d04 100755
--- a/tutorials/vFWDT/playbooks/configure_ansible.sh
+++ b/tutorials/vFWDT/playbooks/configure_ansible.sh
@@ -74,8 +74,12 @@ echo "vPGN Playbooks uploaded"
 APPCDB=`kubectl get pods -o go-template --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}' | grep appc-db-0`
 echo $APPCDB
 
-kubectl exec -n onap $APPCDB -- mysql -u sdnctl -pgamma sdnctl -e'SELECT * FROM DEVICE_AUTHENTICATION WHERE PROTOCOL LIKE "ANSIBLE";'
-kubectl exec -n onap $APPCDB -- mysql -u sdnctl -pgamma sdnctl -e'UPDATE DEVICE_AUTHENTICATION SET URL = "http://appc-ansible-server:8000/Dispatch" WHERE PROTOCOL LIKE "ANSIBLE" AND PASSWORD IS NULL;'
-kubectl exec -n onap $APPCDB -- mysql -u sdnctl -pgamma sdnctl -e'UPDATE DEVICE_AUTHENTICATION SET PASSWORD = "admin" WHERE PROTOCOL LIKE "ANSIBLE" AND PASSWORD IS NULL;'
-kubectl exec -n onap $APPCDB -- mysql -u sdnctl -pgamma sdnctl -e'SELECT * FROM DEVICE_AUTHENTICATION WHERE PROTOCOL LIKE "ANSIBLE";'
+APPC_SECRET=`kubectl get secrets | grep appc-db-root-pass`
+APPC_PWD=`./get_secret.sh $APPC_SECRET`
+echo "SECRET: $APPC_PWD"
+
+kubectl exec -n onap $APPCDB -- mysql -u root -p$APPC_PWD sdnctl -e'SELECT * FROM DEVICE_AUTHENTICATION WHERE PROTOCOL LIKE "ANSIBLE";'
+kubectl exec -n onap $APPCDB -- mysql -u root -p$APPC_PWD sdnctl -e'UPDATE DEVICE_AUTHENTICATION SET URL = "http://appc-ansible-server:8000/Dispatch" WHERE PROTOCOL LIKE "ANSIBLE" AND PASSWORD IS NULL;'
+kubectl exec -n onap $APPCDB -- mysql -u root -p$APPC_PWD sdnctl -e'UPDATE DEVICE_AUTHENTICATION SET PASSWORD = "admin" WHERE PROTOCOL LIKE "ANSIBLE" AND PASSWORD IS NULL;'
+kubectl exec -n onap $APPCDB -- mysql -u root -p$APPC_PWD sdnctl -e'SELECT * FROM DEVICE_AUTHENTICATION WHERE PROTOCOL LIKE "ANSIBLE";'
 echo "APPC database configured for LCM commands"
diff --git a/tutorials/vFWDT/workflow/workflow.py b/tutorials/vFWDT/workflow/workflow.py
index dce32b36..6d34eaf1 100755
--- a/tutorials/vFWDT/workflow/workflow.py
+++ b/tutorials/vFWDT/workflow/workflow.py
@@ -576,6 +576,9 @@ def _extract_osdf_appc_identifiers(has_result, demand, onap_ip):
     if demand.lower() not in ansible_inventory:
         ansible_inventory[demand.lower()] = {}
     ansible_inventory[demand.lower()][config['vserver-name']] = ansible_inventory_entry
+
+    _verify_vnfc_data(api, onap_ip, config['vserver-name'], config['ip'])
+
     return config
 
 
@@ -790,7 +793,7 @@ def _set_appc_lcm_timestamp(body, timestamp=None):
 
 @timing("Load OOF Data and Build APPC REQ")
 def build_appc_lcms_requests_body(rancher_ip, onap_ip, aai_data, use_oof_cache, if_close_loop_vfw, new_version=None):
-    if_has = True
+    if_has = False
 
     if if_has:
         migrate_from = _has_request(onap_ip, aai_data, False, use_oof_cache)
-- 
2.16.6