[AAI] Create Authorization Policies for AAI

[oom.git] / kubernetes / aai / components / aai-schema-service / values.yaml

diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml
index 19ee9d4..88f1786 100644 (file)
--- a/kubernetes/aai/components/aai-schema-service/values.yaml
+++ b/kubernetes/aai/components/aai-schema-service/values.yaml
@@ -98,6 +98,13 @@ service:
 ingress:
   enabled: false
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: aai-graphadmin-read
+      - serviceAccount: aai-resources-read
+      - serviceAccount: aai-traversal-read
+
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
   # resources, such as Minikube. If you do want to specify resources, uncomment the following