[AAI][TRAVERSAL] Remove Hardcoded certificates

[oom.git] / kubernetes / aai / components / aai-traversal / values.yaml

diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml
index 0242ced..69222db 100644 (file)
--- a/kubernetes/aai/components/aai-traversal/values.yaml
+++ b/kubernetes/aai/components/aai-traversal/values.yaml
@@ -26,8 +26,6 @@ global: # global defaults
     #Override it to aai-cassandra if localCluster is enabled.
     serviceName: cassandra
 
-  initContainers:
-    enabled: true
   # Specifies a list of jobs to be run
   jobs:
     # When enabled, it will create the schema based on oxm and edge rules
@@ -104,25 +102,42 @@ global: # global defaults
         edge:
           label: v12
 
-    # Keystore configuration password and filename
-    keystore:
-      filename: aai_keystore
-      passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
-
-    # Truststore configuration password and filename
-    truststore:
-      filename: aai_keystore
-      passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
-
-    # Specifies a list of files to be included in auth volume
-    auth:
-      files:
-        - aai_keystore
-
     # Specifies which clients should always default to realtime graph connection
     realtime:
       clients: SDNC,MSO,SO,robot-ete
 
+#################################################################
+# Certificate configuration
+#################################################################
+certInitializer:
+  nameOverride: aai-traversal-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: aai-traversal
+  fqi: aai-traversal@aai-traversal.onap.org
+  public_fqdn: aai-traversal.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  fqi_namespace: org.onap.aai-traversal
+  aaf_add_config: |
+    echo "*** retrieving password for keystore and trustore"
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass \
+      {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0)
+    if [ -z "$cadi_keystore_password_p12" ]
+    then
+      echo "  /!\ certificates retrieval wasn't good"
+      exit 1
+    else
+      echo "*** writing passwords into prop file"
+      echo "KEYSTORE_PASSWORD=${cadi_keystore_password_p12}" > {{ .Values.credsPath }}/mycreds.prop
+      echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> {{ .Values.credsPath }}/mycreds.prop
+      echo "*** change ownership of certificates to targeted user"
+      chown -R 1000 {{ .Values.credsPath }}
+    fi
+  truststoreAllPassword: changeit
 
 # application image
 image: onap/aai-traversal:1.7.2