[CPS] Add credentials for service basic auth

Set environment variables for basic authentication to cps service.
Username and password are provided from values file. If the password
is not provided, it is generated from master password at deployment
time.

Issue-ID: CPS-175
Signed-off-by: Bruno Sakoto <bruno.sakoto@bell.ca>
Change-Id: Icc2744b851cfd4288a3951f791f2bd284f4ad3ca

diff --git a/kubernetes/cps/templates/deployment.yaml b/kubernetes/cps/templates/deployment.yaml
index 4f87d20..59062cc 100755 (executable)
--- a/kubernetes/cps/templates/deployment.yaml
+++ b/kubernetes/cps/templates/deployment.yaml
@@ -1,6 +1,6 @@
 {{/*
 # Copyright (C) 2021 Pantheon.tech, Orange
-# Modifications Copyright (C) 2020 Bell Canada. All rights reserved.
+# Modifications Copyright (C) 2021 Bell Canada.
 # Modifications Copyright (C) 2021 Nordix Foundation. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -70,6 +70,11 @@ spec:
             path: {{ .Values.readiness.path }}
           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
           periodSeconds: {{ .Values.readiness.periodSeconds }}
+        env:
+          - name: CPS_USERNAME
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }}
+          - name: CPS_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }}
         resources: {{ include "common.resources" . | nindent 10 }}
         {{- if .Values.nodeSelector }}
         nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }}

diff --git a/kubernetes/cps/values.yaml b/kubernetes/cps/values.yaml
index 2c28231..77ebb09 100755 (executable)
--- a/kubernetes/cps/values.yaml
+++ b/kubernetes/cps/values.yaml
@@ -1,4 +1,4 @@
-#  Copyright (C) 2021 Pantheon.tech, Orange
+#  Copyright (C) 2021 Pantheon.tech, Orange, Bell Canada.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -29,6 +29,12 @@ secrets:
     login: '{{ .Values.postgres.config.pgUserName }}'
     password: '{{ .Values.postgres.config.pgUserPassword }}'
     passwordPolicy: generate
+  - uid: app-user-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}'
+    login: '{{ .Values.config.appUserName }}'
+    password: '{{ .Values.config.appUserPassword }}'
+    passwordPolicy: generate
 
 #################################################################
 # Global configuration defaults.
@@ -44,10 +50,6 @@ global:
 image: onap/cps-and-nf-proxy:1.0.0
 containerPort: &svc_port 8080
 
-config:
-  # Set it for pre loading xnfdata, else set to null
-  liquibaseLabels: xnf-data-preload
-
 service:
   type: ClusterIP
   name: cps
@@ -117,9 +119,20 @@ securityContext:
 #################################################################
 # Application configuration defaults.
 #################################################################
+
+config:
+
+  # Set it for pre loading xnfdata, else set to null
+  liquibaseLabels: xnf-data-preload
+
+  # REST API basic authentication credentials (passsword is generated if not provided)
+  appUserName: cpsuser
+  #appUserPassword:
+
 logging:
   level: INFO
   path: /tmp
+
 #################################################################
 # Postgres overriding defaults in the postgres
 #################################################################