#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2021 ZTE Corporation Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================

#################################################################
# Global configuration defaults.
#################################################################
global:
  nodePortPrefixExt: 302
  msbProtocol: https
  msbServiceName: msb-iag
  msbPort: 443

#################################################################
# Application configuration defaults.
#################################################################
# application image
image: onap/holmes/engine-management:10.0.2
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0

#################################################################
# AAF part
#################################################################
certInitializer:
  nameOverride: holmes-engine-mgmt-cert-initializer
  aafDeployFqi: deployer@people.osaaf.org
  aafDeployPass: demo123456!
  # aafDeployCredsExternalSecret: some secret
  fqdn: holmes-engine-mgmt
  fqi: holmes-engine-mgmt@holmes-engine-mgmt.onap.org
  fqi_namespace: org.onap.holmes-engine-mgmt
  public_fqdn: holmes-engine-mgmt.onap.org
  cadi_longitude: "0.0"
  cadi_latitude: "0.0"
  app_ns: org.osaaf.aaf
  credsPath: /opt/app/osaaf/local
  aaf_add_config: |
    echo "*** changing them into shell safe ones"
    export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
    export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
    cd {{ .Values.credsPath }}
    keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
      -storepass "${cadi_keystore_password_p12}" \
      -keystore {{ .Values.fqi_namespace }}.p12
    keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
      -storepass "${cadi_truststore_password}" \
      -keystore {{ .Values.fqi_namespace }}.trust.jks
    echo "*** save the generated passwords"
    echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
    echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
    echo "*** change ownership of certificates to targeted user"
    chown -R 1000 .

#################################################################
# Secrets metaconfig
#################################################################
secrets:
- uid: pg-user-creds
  type: basicAuth
  externalSecret: '{{ tpl (default "" .Values.config.pgConfig.dbUserCredsExternalSecret) . }}'
  login: '{{ .Values.config.pgConfig.dbUser }}'
  password: '{{ .Values.config.pgConfig.dbUserPassword }}'

# application configuration
config:
  logstashServiceName: log-ls
  logstashPort: 5044
  # Addresses of other ONAP entities
  address:
    consul:
      host: consul-server
      port: 8500
  pgConfig:
    dbName: defaultName
    dbHost: defaultHost
    dbPort: 1234
    dbUser: admin
    dbUserPassword: admin
    # dbUserCredsExternalSecret

service:
  type: ClusterIP
  name: holmes-engine-mgmt
  ports:
  - name: https-rest
    port: &svc_port 9102

# probe configuration parameters
liveness:
  initialDelaySeconds: 10
  periodSeconds: 10
  path: /api/holmes-engine-mgmt/v1/healthcheck
  scheme: HTTPS
  port: *svc_port
  enabled: true

readiness:
  initialDelaySeconds: 30
  periodSeconds: 30
  path: /api/holmes-engine-mgmt/v1/healthcheck
  scheme: HTTPS
  port: *svc_port

# Segregation for Different environment (Small and Large)
resources:
  small:
    limits:
      cpu: 500m
      memory: 1Gi
    requests:
      cpu: 250m
      memory: 500Mi
  large:
    limits:
      cpu: 500m
      memory: 2Gi
    requests:
      cpu: 250m
      memory: 1Gi
  unlimited: {}

#Pods Service Account
serviceAccount:
  nameOverride: holmes-engine-mgmt
  roles:
    - read