[AAI] Remove AAF/TLS config from charts

[oom.git] / kubernetes / aai / resources / config / haproxy / haproxy.cfg

diff --git a/kubernetes/aai/resources/config/haproxy/haproxy.cfg b/kubernetes/aai/resources/config/haproxy/haproxy.cfg
index 8c2554e..a953a50 100644 (file)
--- a/kubernetes/aai/resources/config/haproxy/haproxy.cfg
+++ b/kubernetes/aai/resources/config/haproxy/haproxy.cfg
@@ -1,5 +1,6 @@
 {{/*
 # Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2023 Nordix Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -39,9 +40,6 @@ defaults
         log     global
         mode    http
         option  httplog
-{{- if ( include "common.needTLS" .) }}
-        option  ssl-hello-chk
-{{- end }}
         option  httpchk
         http-check send meth GET uri /aai/util/echo ver HTTP/1.1 hdr Host aai hdr X-TransactionId  haproxy-0111 hdr X-FromAppId haproxy hdr Accept application/json hdr Authorization 'Basic QUFJOkFBSQ=='
         default-server init-addr none
@@ -101,50 +99,6 @@ frontend IST_8080
 
         default_backend IST_Default_8447
 
-{{- if ( include "common.needTLS" .) }}
-frontend IST_8443
-        mode http
-        bind 0.0.0.0:8443 name https ssl crt /opt/app/osaaf/local/certs/fullchain.pem
-#       log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r
-        log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
-        option httplog
-        log global
-        option logasap
-        option forwardfor
-        capture request header  Host len 100
-        capture response header Host len 100
-        option log-separate-errors
-        option forwardfor
-
-        http-request set-header X-Forwarded-Proto https
-        http-request add-header X-Forwarded-Port 8443
-
-        http-request set-header X-Forwarded-Proto https if { ssl_fc }
-        http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used }
-        http-request set-header X-AAI-SSL                       %[ssl_fc]
-        http-request set-header X-AAI-SSL-Client-Verify         %[ssl_c_verify]
-        http-request set-header X-AAI-SSL-Client-DN             %{+Q}[ssl_c_s_dn]
-        http-request set-header X-AAI-SSL-Client-CN             %{+Q}[ssl_c_s_dn(cn)]
-        http-request set-header X-AAI-SSL-Issuer                %{+Q}[ssl_c_i_dn]
-        http-request set-header X-AAI-SSL-Client-NotBefore      %{+Q}[ssl_c_notbefore]
-        http-request set-header X-AAI-SSL-Client-NotAfter       %{+Q}[ssl_c_notafter]
-        http-request set-header X-AAI-SSL-ClientCert-Base64   %{+Q}[ssl_c_der,base64]
-        http-request set-header X-AAI-SSL-Client-OU             %{+Q}[ssl_c_s_dn(OU)]
-        http-request set-header X-AAI-SSL-Client-L              %{+Q}[ssl_c_s_dn(L)]
-        http-request set-header X-AAI-SSL-Client-ST             %{+Q}[ssl_c_s_dn(ST)]
-        http-request set-header X-AAI-SSL-Client-C              %{+Q}[ssl_c_s_dn(C)]
-        http-request set-header X-AAI-SSL-Client-O              %{+Q}[ssl_c_s_dn(O)]
-#######################################
-## Request blocking configuration ###
-#######################################
-        {{- if eq $.Values.haproxy.requestBlocking.enabled true }}
-        {{- range $custom_config := $.Values.haproxy.requestBlocking.customConfigs }}
-        {{ $custom_config }}
-        {{- end }}
-        {{- end }}
-
-{{- end }}
-
 #######################
 #ACLS FOR PORT 8446####
 #######################
@@ -169,11 +123,7 @@ backend IST_Default_8447
         stick on path
         http-request set-header X-Forwarded-Port %[src_port]
         http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
-{{- if ( include "common.needTLS" .) }}
-        server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
-{{- else }}
         server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check port 8447
-{{- end }}
 
 #######################
 # BACKEND 8446#########
@@ -185,8 +135,4 @@ backend IST_AAI_8446
         stick on path
         http-request set-header X-Forwarded-Port %[src_port]
         http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
-{{- if ( include "common.needTLS" .) }}
-        server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
-{{- else }}
         server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check port 8446
-{{- end }}