Code Review / oom.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Merge "[AAI] Create Authorization Policies for AAI"
[oom.git] / kubernetes / aai / values.yaml
diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml
index b162de7..c40dbe0 100644 (file)
--- a/kubernetes/aai/values.yaml
+++ b/kubernetes/aai/values.yaml
@@ -406,6 +406,34 @@ ingress:
       config:
        ssl: "redirect"
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipalsMetrics: []
+    authorizedPrincipals:
+      - serviceAccount: aai-graphadmin-read
+      - serviceAccount: aai-modelloader-read
+      - serviceAccount: aai-resources-read
+      - serviceAccount: aai-schema-service-read
+      - serviceAccount: aai-traversal-read
+      - serviceAccount: cds-blueprints-processor-read
+      - serviceAccount: consul-read
+      - serviceAccount: dcae-prh-read
+      - serviceAccount: dcae-slice-analysis-ms-read
+      - serviceAccount: dcae-tcagen2
+      - serviceAccount: nbi-read
+      - serviceAccount: sdnc-read
+      - serviceAccount: so-read
+      - serviceAccount: so-bpmn-infra-read
+      - serviceAccount: so-cnf-adapter-read
+      - serviceAccount: so-nssmf-adapter-read
+      - serviceAccount: so-etsi-nfvo-ns-lcm-read
+      - serviceAccount: so-etsi-sol003-adapter-read
+      - serviceAccount: so-openstack-adapter-read
+      - serviceAccount: so-sdc-controller-read
+      - serviceAccount: so-ve-vnfm-adapter
+      - serviceAccount: istio-ingress
+        namespace: istio-ingress
+
 resources:
   small:
     limits:
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).