Merge "[PORTAL ] Non-root user DB access from WMS"

author Krzysztof Opasiak <k.opasiak@samsung.com>

Tue, 27 Oct 2020 18:02:50 +0000 (18:02 +0000)

committer Gerrit Code Review <gerrit@onap.org>

Tue, 27 Oct 2020 18:02:50 +0000 (18:02 +0000)
author Krzysztof Opasiak <k.opasiak@samsung.com>
Tue, 27 Oct 2020 18:02:50 +0000 (18:02 +0000)
committer Gerrit Code Review <gerrit@onap.org>
Tue, 27 Oct 2020 18:02:50 +0000 (18:02 +0000)
diff --combined kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.yml

index 08a9714,3d7f9a8..f3da66f
--- 1/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.yml
--- 2/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.yml
+++ b/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.yml
@@@ -1,4 -1,3 +1,4 @@@
+ +{{/*
   # Copyright © 2018 Amdocs, Bell Canada, AT&T
   #
   # Licensed under the Apache License, Version 2.0 (the "License");
@@@ -12,8 -11,7 +12,8 @@@
   # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   # See the License for the specific language governing permissions and
   # limitations under the License.
+ +*/}}
   
   jasypt:
     encryptor:
-     password: EncryptionKey
+     password: ${JASYPT_ENC_KEY}
diff --combined kubernetes/portal/components/portal-widget/templates/deployment.yaml

index 9d345d9,44d7fc4..eb6fc9e
--- 1/kubernetes/portal/components/portal-widget/templates/deployment.yaml
--- 2/kubernetes/portal/components/portal-widget/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-widget/templates/deployment.yaml
@@@ -1,4 -1,3 +1,4 @@@
+ +{{/*
   # Copyright © 2017 Amdocs, Bell Canada
   # Modifications Copyright © 2018 AT&T
   #
@@@ -13,7 -12,6 +13,7 @@@
   # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   # See the License for the specific language governing permissions and
   # limitations under the License.
+ +*/}}
   
   apiVersion: apps/v1
   kind: Deployment
@@@ -51,6 -49,40 +51,40 @@@ spec
               fieldRef:
                 apiVersion: v1
                 fieldPath: metadata.namespace
+       - name: {{ include "common.name" . }}-portal-widget-config
+         image: "{{ .Values.global.envsubstImage }}"
+         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+         command:
+         - sh
+         args:
+         - "-c"
+         - |
+           cd /config-input && \
+           for PFILE in `ls -1 *.*`
+           do
+             envsubst <${PFILE} >/config/${PFILE}
+             chmod 0755 /config/${PFILE}
+           done
+         env:
+           - name: PORTAL_DB_USER
+             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }}
+           - name: PORTAL_DB_PASSWORD
+             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }}
+           - name: WIDGET_USER
+             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-widget" "key" "login") | indent 12 }}
+           - name: WIDGET_PASSWORD
+             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-widget" "key" "password") | indent 12 }}
+           - name: ACC_USER
+             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-account" "key" "login") | indent 12 }}
+           - name: ACC_PASSWORD
+             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-account" "key" "password") | indent 12 }}
+           - name: JASYPT_ENC_KEY
+             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "jasypt-enc-key" "key" "password") | indent 12 }}
+         volumeMounts:
+         - mountPath: /config-input
+           name: properties-onapwidgetms-scrubbed
+         - mountPath: /config
+           name: properties-onapwidgetms
         containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@@ -96,6 -128,9 +130,9 @@@
             hostPath:
               path: /etc/localtime
           - name: properties-onapwidgetms
+           emptyDir:
+             medium: Memory
+         - name: properties-onapwidgetms-scrubbed
             configMap:
               name: {{ include "common.fullname" . }}-onapwidgetms
               defaultMode: 0755
author	Krzysztof Opasiak <k.opasiak@samsung.com>
	Tue, 27 Oct 2020 18:02:50 +0000 (18:02 +0000)
committer	Gerrit Code Review <gerrit@onap.org>
	Tue, 27 Oct 2020 18:02:50 +0000 (18:02 +0000)
		1	2
kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.yml	patch \|	diff1 \|	diff2 \|	blob \| history
kubernetes/portal/components/portal-widget/templates/deployment.yaml	patch \|	diff1 \|	diff2 \|	blob \| history