org.onap.clamp|clds.template|dev|read|Onap Clamp Dev Read Access|"{'org.onap.clamp.clds.designer.dev', 'org.onap.clamp|clds.admin.dev'}"
org.onap.clamp|clds.template|dev|update|Onap Clamp Dev Update Access|"{'org.onap.clamp.clds.designer.dev', 'org.onap.clamp|clds.admin.dev'}"
org.onap.clamp|clds.tosca|dev|*||"{'org.onap.clamp|service'}"
+org.onap.clamp|clds.policies|dev|*||"{'org.onap.clamp|service'}"
org.onap.clampdemo|access|*|*|ClampDemo Write Access|{'org.onap.clampdemo.admin'}
org.onap.clampdemo|access|*|read|ClampDemo Read Access|{'org.onap.clampdemo.owner'}
org.onap.clamptest|access|*|*|Onap Write Access|{'org.onap.clamptest.admin'}
org.onap.clampdemo|owner|onap clamp Test Owners|"{'org.onap.clampdemo.access|*|read'}"
org.onap.clamp|owner|AAF Namespace Owners|
org.onap.clamp|seeCerts||"{'org.onap.clamp|certman|local|request,ignoreIPs,showpass'}"
-org.onap.clamp|service||"{'org.onap.clamp|access|*|*', 'org.onap.clamp|clds.cl.manage|dev|*', 'org.onap.clamp|clds.cl|dev|*', 'org.onap.clamp|clds.filter.vf|dev|*', 'org.onap.clamp|clds.template|dev|*', 'org.onap.clamp|clds.tosca|dev|*'}"
+org.onap.clamp|service||"{'org.onap.clamp|access|*|*', 'org.onap.clamp|clds.cl.manage|dev|*', 'org.onap.clamp|clds.cl|dev|*', 'org.onap.clamp|clds.filter.vf|dev|*', 'org.onap.clamp|clds.template|dev|*', 'org.onap.clamp|clds.tosca|dev|*', 'org.onap.clamp|clds.policies|dev|*'}"
org.onap.clamptest|admin|Onap Clamp Test Admins|"{'org.onap.clamptest.access|*|*'}"
org.onap.clamptest|owner|onap clamp Test Owners|"{'org.onap.clamptest.access|*|read'}"
org.onap.cli|admin|AAF Namespace Administrators|"{'org.onap.cli|access|*|*'}"
spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,default-dictionary-elements
#The log folder that will be used in logback.xml file
-clamp.config.files.sdcController=file:/opt/policy/clamp/sdc-controllers-config.json
+clamp.config.files.sdcController=file:/opt/policy/clamp/sdc-controllers-config-pass.json
#
# Configuration Settings for Policy Engine Components
-clamp.config.policy.api.url=https4://policy-api.{{ include "common.namespace" . }}:6969
+clamp.config.policy.api.url=https://policy-api.{{ include "common.namespace" . }}:6969
clamp.config.policy.api.userName=healthcheck
clamp.config.policy.api.password=zb!XztG34
-clamp.config.policy.pap.url=https4://policy-pap.{{ include "common.namespace" . }}:6969
+clamp.config.policy.pap.url=https://policy-pap.{{ include "common.namespace" . }}:6969
clamp.config.policy.pap.userName=healthcheck
clamp.config.policy.pap.password=zb!XztG34
#DCAE Inventory Url Properties
-clamp.config.dcae.inventory.url=https4://inventory.{{ include "common.namespace" . }}:8080
-clamp.config.dcae.dispatcher.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443
+clamp.config.dcae.inventory.url=https://inventory.{{ include "common.namespace" . }}:8080
+clamp.config.dcae.dispatcher.url=https://deployment-handler.{{ include "common.namespace" . }}:8443
#DCAE Deployment Url Properties
-clamp.config.dcae.deployment.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443
+clamp.config.dcae.deployment.url=https://deployment-handler.{{ include "common.namespace" . }}:8443
clamp.config.dcae.deployment.userName=none
clamp.config.dcae.deployment.password=none
"consumerId": "clamp",
"environmentName": "AUTO",
"sdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
- "password": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981",
+ "password": "${SDC_CLIENT_PASSWORD_ENC}",
"pollingInterval":30,
"pollingTimeout":30,
"activateServerTLSAuth":"false",
- |
{{- if .Values.global.aafEnabled }}
export $(grep '^cadi_' {{ .Values.certInitializer.credsPath }}/org.onap.clamp.cred.props | xargs -0)
+ export SDC_CLIENT_PASSWORD_ENC=`java -jar {{ .Values.certInitializer.credsPath }}/aaf-cadi-aaf-2.1.20-full.jar cadi digest ${SDC_CLIENT_PASSWORD} {{ .Values.certInitializer.credsPath }}/org.onap.clamp.keyfile`;
+ envsubst < "/opt/policy/clamp/sdc-controllers-config.json" > "/opt/policy/clamp/sdc-controllers-config-pass.json"
{{- end }}
java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./policy-clamp-backend.jar
ports:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
- name: MYSQL_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }}
+ - name: SDC_CLIENT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "password") | indent 12 }}
{{- if ne "unlimited" (include "common.flavor" .) }}
- name: JAVA_RAM_CONFIGURATION
value: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=75
app_ns: org.osaaf.aaf
credsPath: /opt/app/osaaf/local
aaf_add_config: >
- echo "$cadi_truststore_password" > {{ .Values.credsPath }}/cadi_truststore_password.pwd;
- echo "$cadi_key_password" > {{ .Values.credsPath }}/cadi_key_password.pwd;
- echo "$cadi_keystore_password" > {{ .Values.credsPath }}/cadi_keystore_password.pwd;
- echo "$cadi_keystore_password_p12" > {{ .Values.credsPath }}/cadi_keystore_password_p12.pwd;
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
cd {{ .Values.credsPath }};
chmod a+rx *;
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
+ - uid: sdc-creds
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.sdc.sdcClientExternalSecret) . }}'
+ password: '{{ .Values.sdc.clientPassword }}'
+ passwordPolicy: required
flavor: small
# application image
-image: onap/policy-clamp-backend:6.0.2
+image: onap/policy-clamp-backend:6.1.1
pullPolicy: Always
# flag to enable debugging - application support required
#####dummy values for db user and password to pass lint!!!#######
+sdc:
+ clientPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
db:
user: policy_user
password: policy_user
flavor: small
# application image
-image: onap/policy-clamp-frontend:6.0.2
+image: onap/policy-clamp-frontend:6.1.1
pullPolicy: Always
# flag to enable debugging - application support required
Code Review / oom.git / commitdiff