[OOF] Update containers to latest versions

- OSDF: 3.0.4
     - Fixed NST selection response
- HAS: 2.1.4
     - Fixed SDC interface
     - Fixed weak cryptography issues
- CMSO: 2.3.2
     - Fixed weak cryptography issues
Chart changes
     - Remove encrypted password from
       CMSO and move it to k8s secret

Issue-ID: OPTFRA-917
Signed-off-by: Krishna Moorthy <krishna.moorthy6@wipro.com>
Change-Id: I1cf272f66f76412d5042fdf3ed3bcf1d461ab254

diff --git a/kubernetes/aaf/components/aaf-sms/resources/config/has.json b/kubernetes/aaf/components/aaf-sms/resources/config/has.json
index 679b518..ef42ce9 100644 (file)
--- a/kubernetes/aaf/components/aaf-sms/resources/config/has.json
+++ b/kubernetes/aaf/components/aaf-sms/resources/config/has.json
@@ -38,6 +38,13 @@
                     "password": "${AAF_PASS}",
                     "aaf_conductor_user": "oof@oof.onap.org"
                 }
+            },
+            {
+                "name": "sdc",
+                "values": {
+                    "username": "${SDC_USER}",
+                    "password": "${SDC_PASS}"
+                }
             }
         ]
     }

diff --git a/kubernetes/aaf/components/aaf-sms/templates/job.yaml b/kubernetes/aaf/components/aaf-sms/templates/job.yaml
index 1341889..6e50620 100644 (file)
--- a/kubernetes/aaf/components/aaf-sms/templates/job.yaml
+++ b/kubernetes/aaf/components/aaf-sms/templates/job.yaml
@@ -51,6 +51,7 @@ spec:
            export OSDF_PCI_OPT_PASS=${OSDF_PCI_OPT_PASS_PLAIN};
            export OSDF_OPT_ENGINE_PASS=${OSDF_OPT_ENGINE_PASS_PLAIN};
            export SO_PASS=${SO_PASS_PLAIN};
+           export SDC_PASS=${SDC_PASS_PLAIN};
            cd /config-input;
            for PFILE in `find . -not -type d | grep -v -F ..`; do
              envsubst <${PFILE} >/config/${PFILE};
@@ -131,6 +132,11 @@ spec:
         - name: SO_PASS_PLAIN
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-creds" "key" "password") | indent 10 }}
 
+        - name: SDC_USER
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "login") | indent 10 }}
+        - name: SDC_PASS_PLAIN
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "password") | indent 10 }}
+
         volumeMounts:
         - mountPath: /config-input
           name: {{ include "common.name" . }}-preload-input

diff --git a/kubernetes/aaf/components/aaf-sms/values.yaml b/kubernetes/aaf/components/aaf-sms/values.yaml
index 3b777c6..ab7d8fb 100644 (file)
--- a/kubernetes/aaf/components/aaf-sms/values.yaml
+++ b/kubernetes/aaf/components/aaf-sms/values.yaml
@@ -192,7 +192,11 @@ secrets:
     login: '{{ .Values.oofCreds.soUsername }}'
     password: '{{ .Values.oofCreds.soPassword }}'
     passwordPolicy: required
-
+  - uid: sdc-creds
+    type: basicAuth
+    login: '{{ .Values.oofCreds.sdcUsername }}'
+    password: '{{ .Values.oofCreds.sdcPassword }}'
+    passwordPolicy: required
 oofCreds:
   aaiUsername: oof@oof.onap.org
   aaiPassword: demo123456!
@@ -239,6 +243,9 @@ oofCreds:
   soUsername: apihBpmn
   soPassword: password1$
 
+  sdcUsername: aai
+  sdcPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
 # Configure resource requests and limits
 resources:
   small:

diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties
index 4bf8f74..04a5714 100644 (file)
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties
@@ -52,8 +52,8 @@ cmso.minizinc.command.solver=OSICBC
 cmso.minizinc.command.timelimit=60000
 cmso.minizinc.command.mzn=scripts/minizinc/generic_attributes.mzn
 
-mechid.user=oof@oof.onap.org
-mechid.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw==
+mechid.user=${AAF_USER}
+mechid.pass=${AAF_PASSWORD}
 
 aaf.urls=https://aaf-locate:8095
 aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties

diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml
index c1d2602..1f96183 100644 (file)
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml
@@ -116,6 +116,10 @@ spec:
           value: {{ .Values.global.truststorePassword }}
         - name: AUTHENTICATION
           value: {{ .Values.global.authentication }}
+        - name: AAF_USER
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "login") | indent 10}}
+        - name: AAF_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "password") | indent 10}}
         command:
         - /bin/sh
         args:

diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml
index aa6ae19..d50995a 100644 (file)
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml
@@ -24,12 +24,12 @@ subChartsOnly:
   enabled: true
 
 # application image
-image: onap/optf-cmso-optimizer:2.3.1
+image: onap/optf-cmso-optimizer:2.3.2
 pullPolicy: Always
 
 #init container image
 dbinit:
-  image: onap/optf-cmso-dbinit:2.3.1
+  image: onap/optf-cmso-dbinit:2.3.2
 
 # flag to enable debugging - application support required
 debugEnabled: false
@@ -45,6 +45,12 @@ secrets:
     login: '{{ .Values.config.db.user }}'
     password: '{{ .Values.config.db.password }}'
     passwordPolicy: required
+  - uid: cmso-aaf-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.aaf.userCredentialsExternalSecret) . }}'
+    login: '{{ .Values.config.aaf.user }}'
+    password: '{{ .Values.config.aaf.password }}'
+    passwordPolicy: required
 
 #################################################################
 # Application configuration defaults.
@@ -81,6 +87,10 @@ service:
 
 
 config:
+  aaf:
+    user: user
+    password: pass
+#    userCredentialsExternalSecret: some-secret
   db:
     port: 3306
 #    rootPassword: pass

diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties
index 6525a4e..363aecb 100644 (file)
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties
@@ -94,11 +94,11 @@ so.polling.interval.ms=10000
 
 ## loopback settings
 so.url=http://127.0.0.1:5000/onap/so/infra/orchestrationRequests/v7
-so.user=oof@oof.onap.org
-so.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw==
+so.user=${AAF_USER}
+so.pass=${AAF_USER}
 
-mechid.user=oof@oof.onap.org
-mechid.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw==
+mechid.user=${AAF_USER}
+mechid.pass=${AAF_PASSWORD}
 
 cmso.dispatch.url=http://localhost:8089
 

diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml
index 27d52a2..d9f2bd0 100644 (file)
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml
@@ -140,6 +140,10 @@ spec:
           value: {{ .Values.global.truststorePassword }}
         - name: AUTHENTICATION
           value: {{ .Values.global.authentication }}
+        - name: AAF_USER
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "login") | indent 10}}
+        - name: AAF_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "password") | indent 10}}
         command:
         - /bin/sh
         args:

diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml
index f0e62e4..06dd478 100644 (file)
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml
@@ -23,13 +23,13 @@ subChartsOnly:
   enabled: true
 
 # application image
-image: onap/optf-cmso-service:2.3.1
-robotimage: onap/optf-cmso-robot:2.3.1
+image: onap/optf-cmso-service:2.3.2
+robotimage: onap/optf-cmso-robot:2.3.2
 pullPolicy: Always
 
 #init container image
 dbinit:
-  image: onap/optf-cmso-dbinit:2.3.1
+  image: onap/optf-cmso-dbinit:2.3.2
 
 # flag to enable debugging - application support required
 debugEnabled: false
@@ -44,6 +44,12 @@ secrets:
     login: '{{ .Values.config.db.user }}'
     password: '{{ .Values.config.db.password }}'
     passwordPolicy: required
+  - uid: cmso-aaf-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.aaf.userCredentialsExternalSecret) . }}'
+    login: '{{ .Values.config.aaf.user }}'
+    password: '{{ .Values.config.aaf.password }}'
+    passwordPolicy: required
 
 #################################################################
 # Application configuration defaults.
@@ -80,6 +86,10 @@ service:
 
 
 config:
+  aaf:
+    user: user
+    password: pass
+#    userCredentialsExternalSecret: some-secret
   db:
     port: 3306
 #    rootPassword: pass
@@ -93,6 +103,7 @@ config:
   optimizer_host: oof-cmso-optimizer
   optimizer_port: 7997
 
+
 ingress:
   enabled: false
 

diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml
index d88e1b2..4f6976e 100644 (file)
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml
@@ -23,7 +23,7 @@ subChartsOnly:
   enabled: true
 
 # application image
-image: onap/optf-cmso-ticketmgt:2.3.1
+image: onap/optf-cmso-ticketmgt:2.3.2
 pullPolicy: Always
 
 

diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml
index 56d9c7c..b3adb5c 100644 (file)
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml
@@ -22,7 +22,7 @@ subChartsOnly:
   enabled: true
 
 # application image
-image: onap/optf-cmso-topology:2.3.1
+image: onap/optf-cmso-topology:2.3.2
 pullPolicy: Always
 
 

diff --git a/kubernetes/oof/components/oof-cmso/values.yaml b/kubernetes/oof/components/oof-cmso/values.yaml
index c574a86..c46fd0a 100644 (file)
--- a/kubernetes/oof/components/oof-cmso/values.yaml
+++ b/kubernetes/oof/components/oof-cmso/values.yaml
@@ -36,6 +36,11 @@ secrets:
     login: '{{ .Values.config.db.optimizer.userName }}'
     password: '{{ .Values.config.db.optimizer.userPassword }}'
     passwordPolicy: generate
+  - uid: cmso-aaf-creds
+    name: &aafCreds '{{ include "common.release" . }}-cmso-aaf-creds'
+    type: basicAuth
+    login: '{{ .Values.config.aaf.user }}'
+    password: '{{ .Values.config.aaf.password }}'
 
 mariadb-galera:
   replicaCount: 1
@@ -75,6 +80,9 @@ mariadb-init:
 flavor: small
 
 config:
+  aaf:
+    user: oof@oof.onap.org
+    password: demo123456!
   log:
     logstashServiceName: log-ls
     logstashPort: 5044
@@ -115,6 +123,8 @@ oof-cmso-service:
       host: *dbName
       container: *dbName
       mysqlDatabase: cmso
+    aaf:
+      userCredentialsExternalSecret: *aafCreds
 
 oof-cmso-optimizer:
   enabled: true
@@ -128,6 +138,8 @@ oof-cmso-optimizer:
       host: *dbName
       container: *dbName
       mysqlDatabase: optimizer
+    aaf:
+      userCredentialsExternalSecret: *aafCreds
 
 oof-cmso-topology:
   enabled: true

diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
index 0f2e01f..d6743cd 100755 (executable)
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
@@ -16,7 +16,7 @@
 global: # global defaults
   nodePortPrefix: 302
   image:
-    optf_has: onap/optf-has:2.1.3
+    optf_has: onap/optf-has:2.1.5
 
 #################################################################
 # secrets metaconfig

diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
index df50561..3cbf96a 100755 (executable)
--- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
@@ -14,7 +14,7 @@
 
 global:
   image:
-    optf_has: onap/optf-has:2.1.3
+    optf_has: onap/optf-has:2.1.5
 
 #################################################################
 # Secrets metaconfig

diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
index b069be6..0940a9d 100755 (executable)
--- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
@@ -14,7 +14,7 @@
 
 global:
   image:
-    optf_has: onap/optf-has:2.1.3
+    optf_has: onap/optf-has:2.1.5
 
 #################################################################
 # secrets metaconfig

diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
index b069be6..0940a9d 100755 (executable)
--- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
@@ -14,7 +14,7 @@
 
 global:
   image:
-    optf_has: onap/optf-has:2.1.3
+    optf_has: onap/optf-has:2.1.5
 
 #################################################################
 # secrets metaconfig

diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
index b069be6..0940a9d 100755 (executable)
--- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
@@ -14,7 +14,7 @@
 
 global:
   image:
-    optf_has: onap/optf-has:2.1.3
+    optf_has: onap/optf-has:2.1.5
 
 #################################################################
 # secrets metaconfig

diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml
index 2891f80..3615a3b 100755 (executable)
--- a/kubernetes/oof/components/oof-has/values.yaml
+++ b/kubernetes/oof/components/oof-has/values.yaml
@@ -19,7 +19,7 @@
 global:
   commonConfigPrefix: onap-oof-has
   image:
-    optf_has: onap/optf-has:2.1.3
+    optf_has: onap/optf-has:2.1.5
   persistence:
     enabled: true
 

diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml
index 87e6536..7362ec7 100644 (file)
--- a/kubernetes/oof/values.yaml
+++ b/kubernetes/oof/values.yaml
@@ -35,7 +35,7 @@ secrets:
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/optf-osdf:3.0.3
+image: onap/optf-osdf:3.0.4
 pullPolicy: Always
 
 # flag to enable debugging - application support required