From 375d0eaa1368368df3c2b9512d9ac8ee6056c63d Mon Sep 17 00:00:00 2001
From: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Date: Mon, 8 Mar 2021 16:52:20 +0000
Subject: [PATCH] [AAI][SPARKY] Automatically retrieve certs

Instead of using hardcoded certificates, use certInitializer in order to
retrieve them automatically.

Issue-ID: OOM-2683
Change-Id: I1bd3fe575c1d3450905bdc5876b442fdb43660a9
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
---
 .../aai/components/aai-sparky-be/requirements.yaml |   3 +
 .../application-oxm-default.properties             |   0
 .../application-oxm-override.properties            |   0
 .../application-oxm-schema-prod.properties         |  10 +-
 .../application-resources.properties               |   5 +-
 .../{ => application}/application-ssl.properties   |   8 +-
 .../{ => application}/application-sync.properties  |   0
 .../{ => application}/application.properties       |   8 +-
 .../resources/config/application/logback.xml       | 187 +++++++++++++++++++++
 .../config/{ => application}/roles.config          |   0
 .../config/{ => application}/users.config          |   0
 .../resources/config/auth/client-cert-onap.p12     | Bin 4347 -> 0 bytes
 .../resources/config/auth/org.onap.aai.p12         | Bin 4347 -> 0 bytes
 .../portal/BOOT-INF/classes/portal.properties      |   2 +-
 .../resources/config/portal/cadi.properties        |  14 +-
 .../aai-sparky-be/templates/configmap.yaml         |  21 +--
 .../aai-sparky-be/templates/deployment.yaml        | 123 +++++++-------
 .../aai/components/aai-sparky-be/values.yaml       |  40 ++++-
 18 files changed, 316 insertions(+), 105 deletions(-)
 rename kubernetes/aai/components/aai-sparky-be/resources/config/{ => application}/application-oxm-default.properties (100%)
 rename kubernetes/aai/components/aai-sparky-be/resources/config/{ => application}/application-oxm-override.properties (100%)
 rename kubernetes/aai/components/aai-sparky-be/resources/config/{ => application}/application-oxm-schema-prod.properties (72%)
 rename kubernetes/aai/components/aai-sparky-be/resources/config/{ => application}/application-resources.properties (70%)
 rename kubernetes/aai/components/aai-sparky-be/resources/config/{ => application}/application-ssl.properties (65%)
 rename kubernetes/aai/components/aai-sparky-be/resources/config/{ => application}/application-sync.properties (100%)
 rename kubernetes/aai/components/aai-sparky-be/resources/config/{ => application}/application.properties (75%)
 create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml
 rename kubernetes/aai/components/aai-sparky-be/resources/config/{ => application}/roles.config (100%)
 rename kubernetes/aai/components/aai-sparky-be/resources/config/{ => application}/users.config (100%)
 delete mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12
 delete mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12

diff --git a/kubernetes/aai/components/aai-sparky-be/requirements.yaml b/kubernetes/aai/components/aai-sparky-be/requirements.yaml
index cf22720435..f9ba1c1fb7 100644
--- a/kubernetes/aai/components/aai-sparky-be/requirements.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/requirements.yaml
@@ -21,6 +21,9 @@ dependencies:
     # a part of this chart's package and will not
     # be published independently to a repo (at this point)
     repository: '@local'
+  - name: certInitializer
+    version: ~8.x-0
+    repository: '@local'
   - name: repositoryGenerator
     version: ~8.x-0
     repository: '@local'
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-default.properties
similarity index 100%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-default.properties
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-override.properties
similarity index 100%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-override.properties
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties
similarity index 72%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties
index 094c815744..fe8bd16fa1 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties
@@ -15,14 +15,14 @@
 */}}
 
 oxm.schemaNodeDir=/opt/app/sparky/onap/oxm
-#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config 
+#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config
 oxm.schemaServiceTranslatorList=config
 # The end point for onap is https://<hostname>:<port>/onap/schema-service/v1/
 oxm.schemaServiceBaseUrl=https://<schema-service/config>/aai/schema-service/v1/
-oxm.schemaServiceKeystore=file:${CONFIG_HOME}/auth/aai-client-cert.p12
-oxm.schemaServiceTruststore=file:${CONFIG_HOME}/auth/tomcat_keystore
-oxm.schemaServiceKeystorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
-oxm.schemaServiceTruststorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
+oxm.schemaServiceKeystore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+oxm.schemaServiceTruststore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+oxm.schemaServiceKeystorePassword=${KEYSTORE_PASSWORD}
+oxm.schemaServiceTruststorePassword=${TRUSTSTORE_PASSWORD}
 
 
 
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties
similarity index 70%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties
index 59c0349b06..3c6bd4e1ad 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties
@@ -19,4 +19,7 @@ resources.port=8443
 resources.authType=SSL_BASIC
 resources.basicAuthUserName=aai@aai.onap.org
 resources.basicAuthPassword=1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek
-resources.trust-store=tomcat_keystore
+resources.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+resources.trust-store-password=${TRUSTSTORE_PASSWORD}
+resources.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+resources.client-cert-password=${KEYSTORE_PASSWORD}
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties
similarity index 65%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties
index 4db6c0a374..2e2351ad95 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties
@@ -13,8 +13,8 @@
 # limitations under the License.
 
 server.port=8000
-server.ssl.key-store=file:${CONFIG_HOME}/auth/org.onap.aai.p12
-server.ssl.key-store-password=OBF:1xfz1qie1jf81b3s1ir91tag1h381cvr1kze1zli16kj1b301b4y16kb1zm01kzo1cw71gze1t9y1ivd1b461je21qiw1xf3
+server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+server.ssl.key-store-password=${KEYSTORE_PASSWORD}
 server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
-server.ssl.trust-store=file:${CONFIG_HOME}/auth/truststoreONAPall.jks
-server.ssl.trust-store-password=OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
+server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-sync.properties
similarity index 100%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application-sync.properties
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties
similarity index 75%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/application.properties
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties
index 1269f25355..120f8ac114 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties
@@ -24,12 +24,12 @@ spring.mvc.favicon.enabled=false
 
 spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,aai-proxy
 
-portal.cadiFileLocation={{.Values.config.cadiFileLocation}}
 portal.cadiFileLocation={{.Values.config.cadiFileLocation}}
 searchservice.hostname={{.Values.global.searchData.serviceName}}
 searchservice.port=9509
-searchservice.client-cert=client-cert-onap.p12
-searchservice.client-cert-password=1xfz1qie1jf81b3s1ir91tag1h381cvr1kze1zli16kj1b301b4y16kb1zm01kzo1cw71gze1t9y1ivd1b461je21qiw1xf3
-searchservice.truststore=tomcat_keystore
+searchservice.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+searchservice.client-cert-password=${KEYSTORE_PASSWORD}
+searchservice.truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+searchservice.truststore-password=${TRUSTSTORE_PASSWORD}
 
 schema.ingest.file=${CONFIG_HOME}/schemaIngest.properties
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml b/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml
new file mode 100644
index 0000000000..cd5338f5b3
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml
@@ -0,0 +1,187 @@
+<configuration scan="true" scanPeriod="3 seconds" debug="false">
+    <!--{{/*
+    # Copyright Â© 2018 AT&T
+    # Copyright Â© 2021 Orange
+    #
+    # Licensed under the Apache License, Version 2.0 (the "License");
+    # you may not use this file except in compliance with the License.
+    # You may obtain a copy of the License at
+    #
+    #       http://www.apache.org/licenses/LICENSE-2.0
+    #
+    # Unless required by applicable law or agreed to in writing, software
+    # distributed under the License is distributed on an "AS IS" BASIS,
+    # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    # See the License for the specific language governing permissions and
+    # limitations under the License.
+    */}}-->
+  <!--<jmxConfigurator /> -->
+  <!-- directory path for all other type logs -->
+
+  <property name="logDir" value="/var/log/onap" />
+
+  <!-- <ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy"
+          | "SDNC" | "AC" -->
+  <property name="componentName" value="AAI-UI"></property>
+
+  <!-- default eelf log file names -->
+  <property name="generalLogName" value="error" />
+  <property name="metricsLogName" value="metrics" />
+  <property name="auditLogName" value="audit" />
+  <property name="debugLogName" value="debug" />
+
+  <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|AAIUI|%mdc{PartnerName}|%logger|%.-5level|%msg%n" />
+  <property name="auditMetricPattern" value="%m%n" />
+
+  <property name="logDirectory" value="${logDir}/${componentName}" />
+
+
+  <!-- Example evaluator filter applied against console appender -->
+  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>${errorLogPattern}</pattern>
+    </encoder>
+  </appender>
+
+  <!-- ============================================================================ -->
+  <!-- EELF Appenders -->
+  <!-- ============================================================================ -->
+
+  <!-- The EELFAppender is used to record events to the general application
+          log -->
+
+  <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${generalLogName}.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip
+</fileNamePattern>
+      <maxHistory>60</maxHistory>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${errorLogPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+    <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
+    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+      <level>INFO</level>
+    </filter>
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELF" />
+  </appender>
+
+
+  <!-- EELF Audit Appender. This appender is used to record audit engine related
+          logging events. The audit logger and appender are specializations of the
+          EELF application root logger and appender. This can be used to segregate
+          Policy engine events from other components, or it can be eliminated to record
+          these events as part of the application root log. -->
+
+  <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${auditLogName}.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip
+</fileNamePattern>
+      <maxHistory>60</maxHistory>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${auditMetricPattern}</pattern>
+    </encoder>
+  </appender>
+  <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELFAudit" />
+  </appender>
+
+  <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${metricsLogName}.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip
+</fileNamePattern>
+      <maxHistory>60</maxHistory>
+    </rollingPolicy>
+    <encoder>
+      <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
+      <pattern>${auditMetricPattern}</pattern>
+    </encoder>
+  </appender>
+
+
+  <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELFMetrics" />
+  </appender>
+
+  <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+    <file>${logDirectory}/${debugLogName}.log</file>
+    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+      <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip
+</fileNamePattern>
+      <maxHistory>60</maxHistory>
+    </rollingPolicy>
+    <encoder>
+      <pattern>${errorLogPattern}</pattern>
+    </encoder>
+  </appender>
+
+  <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>256</queueSize>
+    <appender-ref ref="EELFDebug" />
+    <includeCallerData>false</includeCallerData>
+  </appender>
+
+  <!-- ============================================================================ -->
+  <!-- EELF loggers -->
+  <!-- ============================================================================ -->
+  <logger name="com.att.eelf" level="info" additivity="false">
+    <appender-ref ref="asyncEELF" />
+    <appender-ref ref="asyncEELFDebug" />
+    <appender-ref ref="STDOUT" />
+  </logger>
+
+  <logger name="com.att.eelf.audit" level="info" additivity="false">
+    <appender-ref ref="asyncEELFAudit" />
+  </logger>
+  <logger name="com.att.eelf.metrics" level="info" additivity="false">
+    <appender-ref ref="asyncEELFMetrics" />
+  </logger>
+
+  <!-- Spring related loggers -->
+  <logger name="org.springframework" level="WARN" />
+  <logger name="org.springframework.beans" level="WARN" />
+  <logger name="org.springframework.web" level="WARN" />
+  <logger name="com.blog.spring.jms" level="WARN" />
+
+  <!-- Sparky loggers -->
+  <logger name="org.onap" level="INFO">
+    <appender-ref ref="STDOUT" />
+  </logger>
+
+  <!-- Other Loggers that may help troubleshoot -->
+  <logger name="net.sf" level="WARN" />
+  <logger name="org.apache.commons.httpclient" level="WARN" />
+  <logger name="org.apache.commons" level="WARN" />
+  <logger name="org.apache.coyote" level="WARN" />
+  <logger name="org.apache.jasper" level="WARN" />
+
+  <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+          May aid in troubleshooting) -->
+  <logger name="org.apache.camel" level="WARN" />
+  <logger name="org.apache.cxf" level="WARN" />
+  <logger name="org.apache.camel.processor.interceptor" level="WARN" />
+  <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" />
+  <logger name="org.apache.cxf.service" level="WARN" />
+  <logger name="org.restlet" level="WARN" />
+  <logger name="org.apache.camel.component.restlet" level="WARN" />
+
+  <!-- logback internals logging -->
+  <logger name="ch.qos.logback.classic" level="WARN" />
+  <logger name="ch.qos.logback.core" level="WARN" />
+
+  <root>
+    <appender-ref ref="asyncEELF" />
+    <appender-ref ref="STDOUT" />
+    <!-- <appender-ref ref="asyncEELFDebug" /> -->
+  </root>
+
+</configuration>
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/roles.config b/kubernetes/aai/components/aai-sparky-be/resources/config/application/roles.config
similarity index 100%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/roles.config
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/roles.config
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/users.config b/kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config
similarity index 100%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/users.config
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12 b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12
deleted file mode 100644
index 2601acf88a40cb2147135e9d3b598a478c29c068..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 4347
zcmY*ZWmFRY7u{eqNViBy*GK_TS{fbQ4WmJU(I{gA4naxjMmilOF$JW%yF<F9VSIky
z`Qm)%op;_n_rCkyzYB(wU0?yR!EmxFTms&3)$j`vARaIqPL>0LlV$v+Q^0VX;Qy0w
z+(B?0=fAYW-?qUe`nQXi5Qvox2i<_-pbIb$F5!RZzsDItRO(I3ZK~T=EX2v6PudsW
z$}OmbE-Y+7`zsI})NLbhYnxDjWl>19QA@_{aLHkd3gt9uU3~5;Px__sdx@s~cujyC
z?6&e_bXuZ1%2elL=dK#Z$J-Lkho9aY7r!iSn&Hrz&3K_jnQY#^ENfHE94)}T{Mti;
zIY0lcr86Kxj;lY8hfxF4XfopUIC*+)>H~Wek@tXjHaC}BZ_V*`jiN20uX-;DH|rb5
z$dZ1QhUHd8ufUJ#sbu`LlMu9|C;iQMBrIw6$I5S(c}N#dP(PjxYL{+LE3Kj*i{SDo
z0h)oR^c$hmmUGG}Pdw`I`cdOf8$4e|?Z2#MzxmF+K#}X@Qw*rTA)Lff8QUX+yD2WB
z{Kn@M<P^bRsF@N)xtM9Ep*nb131x?6Ya~kV4Q;Fh^(cRoFqm9mcJuW8x+z1e7cWto
zQh#Q&9DbwyCYU1yH!dB)?^?uIvfib1$rSjR!Z+_MSlaIAHJki|XN0r^=hJ9$v)w;C
zMT~6_IM8K8X1dxo;z6Jih2nTbj@V|^)Yob;$G#nDO$aI3i}GwTh2#FA^|BqLyO@?g
zDXCvsiWk}7vlD+Tf#rs@17a$x^NFlN<LRA>3tB_{pDwcEeeb0Uf5N9C1N)E$<oJfB
ztAyl7E9b_?IOQ7eD=X{R3hilkpjeHJ@!J*__TTJblIW(*`$!&tjO<P_sllk=bAwQa
z#nr*A==|hvio?rfCa$NyXZSd_pZ+l>={=+T*1o**HUp3)da6iYBGN+2D-s|ijh`ma
zv^dLu7t>)w^6&~Q!=KFUHkW;yjcb+IXOM}Ma<6>+nno2nFN};UU`jp*CF+Qqd_M4=
z7>5$}(VQxlTR){Y!5>-l#7QW&oD4WGGOf(1U&;akTjtbk9}K$L;4UJ{kSXLJ$7}%s
zIapKTpV2WDktU22avEn&PC8Q(K~@i8wz{sTdd{G+bdyIIl3DGs>tTvlAsf0JOv`Y-
zy$I@9mN!>e_1|A=sWc68>`9KnLg*?qTQ*6`n+yB%ytS&%R2Qm+*52JbeZ&d_jiA#i
z4?Q@m<`taJj20R6TBMdq5k*~LoDJZbCa2}O-v^m{Z0b_*>?|A+S<-?nb6a*V<OkyM
z0QTO^wP~3A$OX~Shu9T*A;z9)aie`qVaE@s2<4+kztu{}A~au^HQ!Z?uQ15vpgs$#
z9tD@LbI`fzz!I{I2+$*Zhg6m>ds-5mcsyaNk${6an|@;=q6I#ct0D+VjAI_{F4Cdy
z)xAX*9&le`lt64l^}2X!BZ@RSB<Vx<T<A4Bb^Z%wVPS=I^!&2pNjh&Dn}%wf=boUY
z-iOkx?;Z4f&dJOH6~lZaPj2(r;yKcpc4L(9C{hF-I>(?K_UBWm?F}C|cMM}sX1#Rr
zLZk!5ETvhKk1n|g*{OPCf^r_aecukab4uGWa3}kz=qgzpvlZJo9nc6iuyylYVQO=I
z`A9rV_Rtjn{5d&Avn*Jak~0$Kv_Aii-Pel#1uGJvdz=7wvDc~JeOwkdTyO?F{blj+
zjm7Y0=H`W<+m_xl!uVfu`!!%rV{#dFsV}YPLR$9QCfb>^6#1>-o~Hs0x?>1o8l;_L
z$?*Q;-*_Lj)pmKab9!JXmawOd!PYn<#w>VJA#1B4M5t>dRL)>KqgRYaSPv}p->4*@
z5@vhE0<ivDP5`-oPeFhO!2K`w1pE`d0YJg5|1(evQ-LV-oZReLge8Q9MV?5BiAqU5
z0fXU0RR3MV!_9^h;ryk5SU><6PI&!41^9odi~G;ijo_{M`y7vXlFuj7#p^aY?xlG2
zzf$)dobX3Q?M-K5l}a?@T(VvyCQ8dqu<gaxmpzM-)q&t<NTa|)oaS<Byuv^;>l_pE
z;MEPj!=LW<Bd_0jjaN@Dc{kJpw}g?jN`yzzawt=QHeRtBZG^@4uY++<6Pan|x*4f;
z;zW^myms4^!n8^_WCU{W?^+!40!Higm=0%}*_Q`aj1(ZxU0tj#&Q*fA81TGcAT;DV
zxJYN+-Z4bU8*1*`G0R~Fy&s9LKi$P1eDMIYbDnw}GN;`-!TLObGgv10Nn#{BICY`l
z=Rp)q+-|c8--m1KR}bXpz|1#w@Y?w6N8v&4($Ft~Qi)U9Uv~*WX&b(ER-Zy=P5KwF
z3F-%@KPF*Kz@v$9kIk~L8;6IpB;RHw`ty^Z6s@o$T^!I7O<<5I)un|_%!La9kL}y~
zip_$eOOoq*y}Q$gkrRtrjZDc({y!T<{q>=eUqmopn0ymxXKcC88%ndfwB)*1*#Mhk
z(HW&&yi@{G8chCjThb}%mTo*mw;SRmDd=U27@-nmhOng9^OJfu2!2{Bo)Hv0K@`^J
z8sHZU1yaI{jZ~F?I1{`wc&w9e)Hkjc);hkByN<{RVK-bZYZf5o>!uyO+tItp+Rv5_
z2r=EBH9suya2q^M*U<;asS)Oyd{TuB<4WpY_LZlZUj&`M6igB>P6OMINMGL6?W+<7
z3h%zJpT5?|)?`Z*9qnveS;Dh@13I|l4X3o|rOv5iYO1?B0aI8v>_=8t*KJQ>sFDox
zT=}`fhIZ?%6F!i~r_=$dX=6AjI7>ISe_a=C-%;%_q8+<2*|_PT#cItwMyWrh9HIy$
zrml8f!r@-lF)pwivSo(VnWPxdUt5?KIp=3Qg_*$<sk?QO?NCPa=tod;mR5X51#dJT
zH_fdcp_a<51Wd^pQQLWCY0v^|f_A&uKS~I#@0|x)?-v_KhAy#RvwNM8+7x%q=6S$)
zb1CDPgC&%zp#1e;TojkuOK^Czr_|Bp@+MmuH4XMXA#hW)T;sOjD?9RB@vTA(mo4dM
z?d@=IY&#r7D-xCo@lk)D)y0A-AHrYK{_bNV_<h%vq^DbN%@vK4k;43=jugKFZyaNh
zfBgaVu)t}L|7Ye2xTzm@(!^E-$`-xK^KEg&yscK?=^1r2+~_)GX4A}dOMPvivAt;{
z6EXbC-#Q;Mt44>^;9F?H;W-)>l@&o8l2dosG#dt$^f{Q^CYU%p)-uC(TlYbANH1yl
z%bcx$>MHAuSxxxrL6b+E%5#5qi2F&_Sf3KpSCO~Go|47mTh;^>kKt{1ygRt@DUh~F
zyVY-|uqpfY0JIVv)xlN_{6G}wVW_S(iS&YjEu+sFWP|UHd-c6vJ_-kj2PZuUaUoum
zm1mtHee<c)oa3_yeZ~bOE-JH;zi^hq97igK5oE4w=&@Du9v;85oPldTN~@Cjq~>5B
z6L(ZD)z0730?_p8R_7M^c3Ni-Gd4q1QBxjkSG+Z=P>_GQ^q?&)mo-+YLw?*Wp4|Ap
z;zGZ<{&v~=4Qxf+jZN!?U%Uk&<&d-|oGsUp1P*FkQKI~HaY*;XaZv~JK^ynaTiPoz
z*e{RX&5qXsm%r)sAu43=4~T$OXfF{_Rb|e^=I`b<YE$z}VG4k;_99*HNOz&8U;Oc>
zjd*;t1!+wlXmbMPF6{o5adf1gxXIpQ-FJJk5U^xC3i6D;VBncfKT=N@D^TX7sQpa`
zuG-0iK=j@vP^~(N+uSK92e){aaN%XG%^sOTj_=)GkMoCxtG>B>@zw$6CN&ReFfvKx
z`<T^(O>D>T91a{uX&-MSp$K}&bnUJ8GZPnu^DksP+KGBigiSa}vTvu)`A~i81!i(Z
z-kRD4VSotTzD^cTfD-dnu_cl8kwn8TDlb&ga?5f-?^;KMq-+fW4DM=9PSMWzY)A1-
zS=M`9k&_84d+T9q_zI$kH+aQv^vi|*7@N__@(qn}iOhi4N^LwF%~(=C9;bk|?~57j
zsC7ZM_&LD|K_IVRH*x27DyhDvg(Sg`all}buDpJwUqe2h{rGi%bgb5}>bnj9F|laZ
zTp419nq35|%xpA!Th&)yB}B;-Q#VR-z;pu?s7(J<r+1&Z>&IA^cxj@?<fs@Oeu*_v
z2=ZwhW&%|?8$hk|gc$RY2-#Af3C^~oO|V;<om8qmuhN+GAJHniAVEog3%#2J7q6#Q
zbEiVG+*$-g3vIOta}V^{XBcE_5+j48=*&c_CV`!?PahwUm~+gJZl#fw8fs<hl@zx!
zGGrfiurCO1d+97cKF?f*%o*bL1g)$S#L^xzh^1!~_iziXvjuBzE#pvrpXu|AX>7mT
zeSNCZQdV;>7(=cG=#@>GsezR0Nmf^&&xP97+ke_GR|%}uTISXJUOr3U4%K9NH{B|v
zS?a4+P9x&3dXpct5tL5tM3J^=@0pC{EkGexWK`nR!@!Tol{%_ksx^@h3LWxArBh3K
zN>;w4fe3d>4bYi>mh={X*u>jVCnwoL;U!i|f8BYH_1m{|{Y}dJHH9#7f+FOEzByvh
z%q+Qs_NH<K6}qGO@lT11&CKtUPXsE)I+${qAPrpWfU=d%`smx()S<14Lp$iiLJZQ0
zNAYH|7jecWx(Ke(EeK7R%W!CBf+ouaiBT04*r|;V|AD(GV^xTW4AInh(>Y@(-O@mN
z_(p+PbBSNR$$iRnI(BP2JuNj=$T}$t69SkHX#6BHa(pe~p2sBux2O5Edt<;+HdNCK
zr5gSt6Ct#AD5I=X5PHxVoLBoiH&ok4Fv3c@Nx5+zjn7m5tcP+K#i9X;_`tLmh0QSv
zoFm=%x~N6HnY1UMDxYwAl;aQv{5cizfXd`7b#THCPx@y!RwWg2KC60z(6q!%Km|`O
zV_i&lamQ&kzW@CIZ5rZpzU|<<c2RU!-FB%!!--ik&y>L3sg<nl1YYojjwhB+hO+({
z2`OuA0sFfv^D+D}k7#H(zX}>ZT$l5#n%>#Q%3-mAAzh+$oLa3UsH|?%&uTTxqq<ho
zlV;>jW$^vJGr{v<3lo<D?HQm<6^T|q%g%A=y~;6eUcb~ULKt2YE%y(Ts}5;5^zHtV
z)?p%$espEVwco+IK;AXt=F3_;gB&?8&dG1B3a3VD`w%N6<1bN%umM!6VkR+rCRBey
znHN~HNHrAk<B!-B74(4Kz&W2Ipmk$S2<H5>%6y14T}OAp6DqTr>oE6P#||>7^VsKW
zSWXr@mFf_2{c~oU`D3^Ospmwo^|l`5tfSV+U}E?{(Y3>U|LSUsSchEA^4*zGFpp@x
zH`eH({Vq{$$;3+a8vXO5uxk2T0-Bz-d*M1)k9NTLY~`g)SUCG&CADODgMW1H$XOu%
zx#-fLHVvHa(dGp6uN|w#1Y%ZsTN=Zw{ld39xW@>o_@;5R;C!_TkxZdes#vQMYoN9t
z@?qYsuZZfSf>SuZlm`aENiN~%#5j<o+gnOsMEpXMM7$L1{dh0Jx5y{-hKD)aTEj24
z-C^nFYjEtwTs)nc+>({H6r_aHh3i+Gdw7p3|9Grq(oiqR)5qk*m}x*?SA!=sB;6#B
zM(W%k>LcK2M~N#7ESag8s!$1+NYHfnGY4jhw(|OR6~bmgz_vHXSSkJ%ZGO8gNn8$z
z2R{e1f(dYO_#R+mG2j3|R04sXzoHfd85cn?QI`yTv`ds)1c>U=c`~yVksQBoV@&TZ
QepcE*HvSL`8yKGb4@4g=4gdfE

diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12 b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12
deleted file mode 100644
index 2601acf88a40cb2147135e9d3b598a478c29c068..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 4347
zcmY*ZWmFRY7u{eqNViBy*GK_TS{fbQ4WmJU(I{gA4naxjMmilOF$JW%yF<F9VSIky
z`Qm)%op;_n_rCkyzYB(wU0?yR!EmxFTms&3)$j`vARaIqPL>0LlV$v+Q^0VX;Qy0w
z+(B?0=fAYW-?qUe`nQXi5Qvox2i<_-pbIb$F5!RZzsDItRO(I3ZK~T=EX2v6PudsW
z$}OmbE-Y+7`zsI})NLbhYnxDjWl>19QA@_{aLHkd3gt9uU3~5;Px__sdx@s~cujyC
z?6&e_bXuZ1%2elL=dK#Z$J-Lkho9aY7r!iSn&Hrz&3K_jnQY#^ENfHE94)}T{Mti;
zIY0lcr86Kxj;lY8hfxF4XfopUIC*+)>H~Wek@tXjHaC}BZ_V*`jiN20uX-;DH|rb5
z$dZ1QhUHd8ufUJ#sbu`LlMu9|C;iQMBrIw6$I5S(c}N#dP(PjxYL{+LE3Kj*i{SDo
z0h)oR^c$hmmUGG}Pdw`I`cdOf8$4e|?Z2#MzxmF+K#}X@Qw*rTA)Lff8QUX+yD2WB
z{Kn@M<P^bRsF@N)xtM9Ep*nb131x?6Ya~kV4Q;Fh^(cRoFqm9mcJuW8x+z1e7cWto
zQh#Q&9DbwyCYU1yH!dB)?^?uIvfib1$rSjR!Z+_MSlaIAHJki|XN0r^=hJ9$v)w;C
zMT~6_IM8K8X1dxo;z6Jih2nTbj@V|^)Yob;$G#nDO$aI3i}GwTh2#FA^|BqLyO@?g
zDXCvsiWk}7vlD+Tf#rs@17a$x^NFlN<LRA>3tB_{pDwcEeeb0Uf5N9C1N)E$<oJfB
ztAyl7E9b_?IOQ7eD=X{R3hilkpjeHJ@!J*__TTJblIW(*`$!&tjO<P_sllk=bAwQa
z#nr*A==|hvio?rfCa$NyXZSd_pZ+l>={=+T*1o**HUp3)da6iYBGN+2D-s|ijh`ma
zv^dLu7t>)w^6&~Q!=KFUHkW;yjcb+IXOM}Ma<6>+nno2nFN};UU`jp*CF+Qqd_M4=
z7>5$}(VQxlTR){Y!5>-l#7QW&oD4WGGOf(1U&;akTjtbk9}K$L;4UJ{kSXLJ$7}%s
zIapKTpV2WDktU22avEn&PC8Q(K~@i8wz{sTdd{G+bdyIIl3DGs>tTvlAsf0JOv`Y-
zy$I@9mN!>e_1|A=sWc68>`9KnLg*?qTQ*6`n+yB%ytS&%R2Qm+*52JbeZ&d_jiA#i
z4?Q@m<`taJj20R6TBMdq5k*~LoDJZbCa2}O-v^m{Z0b_*>?|A+S<-?nb6a*V<OkyM
z0QTO^wP~3A$OX~Shu9T*A;z9)aie`qVaE@s2<4+kztu{}A~au^HQ!Z?uQ15vpgs$#
z9tD@LbI`fzz!I{I2+$*Zhg6m>ds-5mcsyaNk${6an|@;=q6I#ct0D+VjAI_{F4Cdy
z)xAX*9&le`lt64l^}2X!BZ@RSB<Vx<T<A4Bb^Z%wVPS=I^!&2pNjh&Dn}%wf=boUY
z-iOkx?;Z4f&dJOH6~lZaPj2(r;yKcpc4L(9C{hF-I>(?K_UBWm?F}C|cMM}sX1#Rr
zLZk!5ETvhKk1n|g*{OPCf^r_aecukab4uGWa3}kz=qgzpvlZJo9nc6iuyylYVQO=I
z`A9rV_Rtjn{5d&Avn*Jak~0$Kv_Aii-Pel#1uGJvdz=7wvDc~JeOwkdTyO?F{blj+
zjm7Y0=H`W<+m_xl!uVfu`!!%rV{#dFsV}YPLR$9QCfb>^6#1>-o~Hs0x?>1o8l;_L
z$?*Q;-*_Lj)pmKab9!JXmawOd!PYn<#w>VJA#1B4M5t>dRL)>KqgRYaSPv}p->4*@
z5@vhE0<ivDP5`-oPeFhO!2K`w1pE`d0YJg5|1(evQ-LV-oZReLge8Q9MV?5BiAqU5
z0fXU0RR3MV!_9^h;ryk5SU><6PI&!41^9odi~G;ijo_{M`y7vXlFuj7#p^aY?xlG2
zzf$)dobX3Q?M-K5l}a?@T(VvyCQ8dqu<gaxmpzM-)q&t<NTa|)oaS<Byuv^;>l_pE
z;MEPj!=LW<Bd_0jjaN@Dc{kJpw}g?jN`yzzawt=QHeRtBZG^@4uY++<6Pan|x*4f;
z;zW^myms4^!n8^_WCU{W?^+!40!Higm=0%}*_Q`aj1(ZxU0tj#&Q*fA81TGcAT;DV
zxJYN+-Z4bU8*1*`G0R~Fy&s9LKi$P1eDMIYbDnw}GN;`-!TLObGgv10Nn#{BICY`l
z=Rp)q+-|c8--m1KR}bXpz|1#w@Y?w6N8v&4($Ft~Qi)U9Uv~*WX&b(ER-Zy=P5KwF
z3F-%@KPF*Kz@v$9kIk~L8;6IpB;RHw`ty^Z6s@o$T^!I7O<<5I)un|_%!La9kL}y~
zip_$eOOoq*y}Q$gkrRtrjZDc({y!T<{q>=eUqmopn0ymxXKcC88%ndfwB)*1*#Mhk
z(HW&&yi@{G8chCjThb}%mTo*mw;SRmDd=U27@-nmhOng9^OJfu2!2{Bo)Hv0K@`^J
z8sHZU1yaI{jZ~F?I1{`wc&w9e)Hkjc);hkByN<{RVK-bZYZf5o>!uyO+tItp+Rv5_
z2r=EBH9suya2q^M*U<;asS)Oyd{TuB<4WpY_LZlZUj&`M6igB>P6OMINMGL6?W+<7
z3h%zJpT5?|)?`Z*9qnveS;Dh@13I|l4X3o|rOv5iYO1?B0aI8v>_=8t*KJQ>sFDox
zT=}`fhIZ?%6F!i~r_=$dX=6AjI7>ISe_a=C-%;%_q8+<2*|_PT#cItwMyWrh9HIy$
zrml8f!r@-lF)pwivSo(VnWPxdUt5?KIp=3Qg_*$<sk?QO?NCPa=tod;mR5X51#dJT
zH_fdcp_a<51Wd^pQQLWCY0v^|f_A&uKS~I#@0|x)?-v_KhAy#RvwNM8+7x%q=6S$)
zb1CDPgC&%zp#1e;TojkuOK^Czr_|Bp@+MmuH4XMXA#hW)T;sOjD?9RB@vTA(mo4dM
z?d@=IY&#r7D-xCo@lk)D)y0A-AHrYK{_bNV_<h%vq^DbN%@vK4k;43=jugKFZyaNh
zfBgaVu)t}L|7Ye2xTzm@(!^E-$`-xK^KEg&yscK?=^1r2+~_)GX4A}dOMPvivAt;{
z6EXbC-#Q;Mt44>^;9F?H;W-)>l@&o8l2dosG#dt$^f{Q^CYU%p)-uC(TlYbANH1yl
z%bcx$>MHAuSxxxrL6b+E%5#5qi2F&_Sf3KpSCO~Go|47mTh;^>kKt{1ygRt@DUh~F
zyVY-|uqpfY0JIVv)xlN_{6G}wVW_S(iS&YjEu+sFWP|UHd-c6vJ_-kj2PZuUaUoum
zm1mtHee<c)oa3_yeZ~bOE-JH;zi^hq97igK5oE4w=&@Du9v;85oPldTN~@Cjq~>5B
z6L(ZD)z0730?_p8R_7M^c3Ni-Gd4q1QBxjkSG+Z=P>_GQ^q?&)mo-+YLw?*Wp4|Ap
z;zGZ<{&v~=4Qxf+jZN!?U%Uk&<&d-|oGsUp1P*FkQKI~HaY*;XaZv~JK^ynaTiPoz
z*e{RX&5qXsm%r)sAu43=4~T$OXfF{_Rb|e^=I`b<YE$z}VG4k;_99*HNOz&8U;Oc>
zjd*;t1!+wlXmbMPF6{o5adf1gxXIpQ-FJJk5U^xC3i6D;VBncfKT=N@D^TX7sQpa`
zuG-0iK=j@vP^~(N+uSK92e){aaN%XG%^sOTj_=)GkMoCxtG>B>@zw$6CN&ReFfvKx
z`<T^(O>D>T91a{uX&-MSp$K}&bnUJ8GZPnu^DksP+KGBigiSa}vTvu)`A~i81!i(Z
z-kRD4VSotTzD^cTfD-dnu_cl8kwn8TDlb&ga?5f-?^;KMq-+fW4DM=9PSMWzY)A1-
zS=M`9k&_84d+T9q_zI$kH+aQv^vi|*7@N__@(qn}iOhi4N^LwF%~(=C9;bk|?~57j
zsC7ZM_&LD|K_IVRH*x27DyhDvg(Sg`all}buDpJwUqe2h{rGi%bgb5}>bnj9F|laZ
zTp419nq35|%xpA!Th&)yB}B;-Q#VR-z;pu?s7(J<r+1&Z>&IA^cxj@?<fs@Oeu*_v
z2=ZwhW&%|?8$hk|gc$RY2-#Af3C^~oO|V;<om8qmuhN+GAJHniAVEog3%#2J7q6#Q
zbEiVG+*$-g3vIOta}V^{XBcE_5+j48=*&c_CV`!?PahwUm~+gJZl#fw8fs<hl@zx!
zGGrfiurCO1d+97cKF?f*%o*bL1g)$S#L^xzh^1!~_iziXvjuBzE#pvrpXu|AX>7mT
zeSNCZQdV;>7(=cG=#@>GsezR0Nmf^&&xP97+ke_GR|%}uTISXJUOr3U4%K9NH{B|v
zS?a4+P9x&3dXpct5tL5tM3J^=@0pC{EkGexWK`nR!@!Tol{%_ksx^@h3LWxArBh3K
zN>;w4fe3d>4bYi>mh={X*u>jVCnwoL;U!i|f8BYH_1m{|{Y}dJHH9#7f+FOEzByvh
z%q+Qs_NH<K6}qGO@lT11&CKtUPXsE)I+${qAPrpWfU=d%`smx()S<14Lp$iiLJZQ0
zNAYH|7jecWx(Ke(EeK7R%W!CBf+ouaiBT04*r|;V|AD(GV^xTW4AInh(>Y@(-O@mN
z_(p+PbBSNR$$iRnI(BP2JuNj=$T}$t69SkHX#6BHa(pe~p2sBux2O5Edt<;+HdNCK
zr5gSt6Ct#AD5I=X5PHxVoLBoiH&ok4Fv3c@Nx5+zjn7m5tcP+K#i9X;_`tLmh0QSv
zoFm=%x~N6HnY1UMDxYwAl;aQv{5cizfXd`7b#THCPx@y!RwWg2KC60z(6q!%Km|`O
zV_i&lamQ&kzW@CIZ5rZpzU|<<c2RU!-FB%!!--ik&y>L3sg<nl1YYojjwhB+hO+({
z2`OuA0sFfv^D+D}k7#H(zX}>ZT$l5#n%>#Q%3-mAAzh+$oLa3UsH|?%&uTTxqq<ho
zlV;>jW$^vJGr{v<3lo<D?HQm<6^T|q%g%A=y~;6eUcb~ULKt2YE%y(Ts}5;5^zHtV
z)?p%$espEVwco+IK;AXt=F3_;gB&?8&dG1B3a3VD`w%N6<1bN%umM!6VkR+rCRBey
znHN~HNHrAk<B!-B74(4Kz&W2Ipmk$S2<H5>%6y14T}OAp6DqTr>oE6P#||>7^VsKW
zSWXr@mFf_2{c~oU`D3^Ospmwo^|l`5tfSV+U}E?{(Y3>U|LSUsSchEA^4*zGFpp@x
zH`eH({Vq{$$;3+a8vXO5uxk2T0-Bz-d*M1)k9NTLY~`g)SUCG&CADODgMW1H$XOu%
zx#-fLHVvHa(dGp6uN|w#1Y%ZsTN=Zw{ld39xW@>o_@;5R;C!_TkxZdes#vQMYoN9t
z@?qYsuZZfSf>SuZlm`aENiN~%#5j<o+gnOsMEpXMM7$L1{dh0Jx5y{-hKD)aTEj24
z-C^nFYjEtwTs)nc+>({H6r_aHh3i+Gdw7p3|9Grq(oiqR)5qk*m}x*?SA!=sB;6#B
zM(W%k>LcK2M~N#7ESag8s!$1+NYHfnGY4jhw(|OR6~bmgz_vHXSSkJ%ZGO8gNn8$z
z2R{e1f(dYO_#R+mG2j3|R04sXzoHfd85cn?QI`yTv`ds)1c>U=c`~yVksQBoV@&TZ
QepcE*HvSL`8yKGb4@4g=4gdfE

diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties
index 2592e5ca7c..7a0fb8250b 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties
@@ -46,4 +46,4 @@ ext_req_connection_timeout=15000
 ext_req_read_timeout=20000
 
 #Add AAF namespace if the app is centralized
-auth_namespace={{.Values.config.aafNamespace}}
+auth_namespace={{ .Values.certInitializer.fqi_namespace }}
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties
index 1f154b6101..baefd9806b 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties
@@ -6,14 +6,18 @@ aaf_url=<%=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
 # AAF Environment Designation
 
 #if you are running aaf service from a docker image you have to use aaf service IP and port number
-aaf_id={{.Values.config.aafUsername}}
+aaf_id={{ .Values.certInitializer.fqi }}
 #Encrypt the password using AAF Jar
-aaf_password={{.Values.config.aafPassword}}
+aaf_password={{ .Values.certInitializer.aafDeployPass }}
 # Sample CADI Properties, from CADI 1.4.2
 #hostname=org.onap.aai.orr
 csp_domain=PROD
 # Add Absolute path to Keyfile
-cadi_keyfile={{.Values.config.cadiKeyFile}}
+cadi_keyfile={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.keyfile
+cadi_keystore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+cadi_keystore_password=${KEYSTORE_PASSWORD}
+
+cadi_alias={{ .Values.certInitializer.fqi }}
 
 # This is required to accept Certificate Authentication from Certman certificates.
 # can be TEST, IST or PROD
@@ -23,9 +27,9 @@ aaf_env=DEV
 cadi_loglevel=DEBUG
 
 # Add Absolute path to truststore2018.jks
-cadi_truststore={{.Values.config.cadiTrustStore}}
+cadi_truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
 # Note: This is the ONLY password that doesn't have to be encrypted. All Java's TrustStores are this passcode by default, because they are public certs
-cadi_truststore_password={{.Values.config.cadiTrustStorePassword}}
+cadi_truststore_password=${TRUSTSTORE_PASSWORD}
 
 # how to turn on SSL Logging
 #javax.net.debug=ssl
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml
index 162e96b0dc..fee07d8acf 100644
--- a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml
@@ -14,25 +14,6 @@
 # limitations under the License.
 */}}
 
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.fullname" . }}-prop
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/application-resources.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/application-ssl.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/application-oxm-default.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/application-oxm-override.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/application-oxm-schema-prod.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/roles.config").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/users.config").AsConfig . | indent 2 }}
 ---
 apiVersion: v1
 kind: ConfigMap
@@ -45,7 +26,7 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application/*").AsConfig . | indent 2 }}
 ---
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
index 6e74526ddc..45ff270047 100644
--- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
@@ -38,7 +38,34 @@ spec:
         release: {{ include "common.release" . }}
       name: {{ include "common.name" . }}
     spec:
-      initContainers:
+      initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+      - command:
+        - sh
+        args:
+        - -c
+        - |
+          echo "*** retrieve Truststore and Keystore password"
+          export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \
+            | xargs -0)
+          if [ -z "$KEYSTORE_PASSWORD" ]
+          then
+            echo " /!\ certificates retrieval failed"
+            exit 1
+          fi
+          echo "*** write them in portal part"
+          cd /config-input
+          for PFILE in `ls -1 .`
+            do
+              envsubst <${PFILE} >/config/${PFILE}
+          done
+        volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+        - mountPath: /config-input
+          name: portal-config-input
+        - mountPath: /config
+          name: portal-config
+        image: {{ include "repositoryGenerator.image.envsubst" . }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        name: {{ include "common.name" . }}-update-config
       - command:
         - /app/ready.py
         args:
@@ -57,68 +84,56 @@ spec:
       - name: {{ include "common.name" . }}
         image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
-        volumeMounts:
+        command:
+        - sh
+        args:
+        - -c
+        - |
+          echo "*** retrieve Truststore and Keystore password"
+          export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \
+            | xargs -0)
+          echo "*** actual launch of AAI Sparky BE"
+          /opt/app/sparky/bin/start.sh
+        volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
         - mountPath: /etc/localtime
           name: localtime
           readOnly: true
-        - mountPath: /opt/app/sparky/config/auth/client-cert-onap.p12
-          name: {{ include "common.fullname" . }}-auth-config
-          subPath: client-cert-onap.p12
-
         - mountPath: /opt/app/sparky/config/auth/csp-cookie-filter.properties
-          name: {{ include "common.fullname" . }}-auth-config
+          name: auth-config
           subPath: csp-cookie-filter.properties
-
-        - mountPath: /opt/app/sparky/config/auth/org.onap.aai.p12
-          name: {{ include "common.fullname" . }}-auth-config
-          subPath: org.onap.aai.p12
-
-        - mountPath: /opt/app/sparky/config/auth/truststoreONAPall.jks
-          name: aai-common-aai-auth-mount
-          subPath: truststoreONAPall.jks
-
         - mountPath: /opt/app/sparky/config/portal/
-          name: {{ include "common.fullname" . }}-portal-config
-
+          name: portal-config
         - mountPath: /opt/app/sparky/config/portal/BOOT-INF/classes/
-          name: {{ include "common.fullname" . }}-portal-config-props
-
+          name: portal-config-props
         - mountPath: /var/log/onap
-          name: {{ include "common.fullname" . }}-logs
-
+          name: logs
         - mountPath:  /opt/app/sparky/config/application.properties
-          name: {{ include "common.fullname" . }}-properties
+          name: config
           subPath: application.properties
-
         - mountPath:  /opt/app/sparky/config/application-resources.properties
-          name: {{ include "common.fullname" . }}-properties
+          name: config
           subPath: application-resources.properties
-
         - mountPath:  /opt/app/sparky/config/application-ssl.properties
-          name: {{ include "common.fullname" . }}-properties
+          name: config
           subPath: application-ssl.properties
-
         - mountPath:  /opt/app/sparky/config/application-oxm-default.properties
-          name: {{ include "common.fullname" . }}-properties
+          name: config
           subPath: application-oxm-default.properties
-
         - mountPath:  /opt/app/sparky/config/application-oxm-override.properties
-          name: {{ include "common.fullname" . }}-properties
+          name: config
           subPath: application-oxm-override.properties
-
         - mountPath:  /opt/app/sparky/config/application-oxm-schema-prod.properties
-          name: {{ include "common.fullname" . }}-properties
+          name: config
           subPath: application-oxm-schema-prod.properties
-
         - mountPath:  /opt/app/sparky/config/roles.config
-          name: {{ include "common.fullname" . }}-properties
+          name: config
           subPath: roles.config
-
         - mountPath:  /opt/app/sparky/config/users.config
-          name: {{ include "common.fullname" . }}-properties
+          name: config
           subPath: users.config
-
+        - mountPath:  /opt/app/sparky/config/logging/logback.xml
+          name: config
+          subPath: logback.xml
         ports:
         - containerPort: {{ .Values.service.internalPort }}
         # disable liveness probe when breakpoints set in debugger
@@ -155,45 +170,35 @@ spec:
           subPath: filebeat.yml
           name: filebeat-conf
         - mountPath: /var/log/onap
-          name: {{ include "common.fullname" . }}-logs
+          name: logs
         - mountPath: /usr/share/filebeat/data
           name: aai-sparky-filebeat
         resources:
 {{ include "common.resources" . }}
 
-      volumes:
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
       - name: localtime
         hostPath:
           path: /etc/localtime
-
-      - name: {{ include "common.fullname" . }}-properties
-        configMap:
-          name: {{ include "common.fullname" . }}-prop
-
-      - name: {{ include "common.fullname" . }}-config
+      - name: config
         configMap:
           name: {{ include "common.fullname" . }}
-
-      - name: {{ include "common.fullname" . }}-portal-config
+      - name: portal-config
+        emptyDir:
+          medium: Memory
+      - name: portal-config-input
         configMap:
           name: {{ include "common.fullname" . }}-portal
-
-      - name: {{ include "common.fullname" . }}-portal-config-props
+      - name: portal-config-props
         configMap:
           name: {{ include "common.fullname" . }}-portal-props
-
-      - name: {{ include "common.fullname" . }}-auth-config
+      - name: auth-config
         secret:
           secretName: {{ include "common.fullname" . }}
-
-      - name: aai-common-aai-auth-mount
-        secret:
-          secretName: aai-common-aai-auth
-
       - name: filebeat-conf
         configMap:
           name: aai-filebeat
-      - name: {{ include "common.fullname" . }}-logs
+      - name: logs
         emptyDir: {}
       - name: aai-sparky-filebeat
         emptyDir: {}
diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml
index f8de79d31a..98dca5d11d 100644
--- a/kubernetes/aai/components/aai-sparky-be/values.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/values.yaml
@@ -27,6 +27,40 @@ global: # global defaults
   searchData:
     serviceName: aai-search-data
 
+
+#################################################################
+# Certificate configuration
+#################################################################
+certInitializer:
+  nameOverride: aai-sparky-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: "aai"
+  app_ns: "org.osaaf.aaf"
+  fqi_namespace: "org.onap.aai"
+  fqi: "aai@aai.onap.org"
+  public_fqdn: "aaf.osaaf.org"
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: |
+    echo "*** changing passwords into shell safe ones"
+    export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+    export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+    cd {{ .Values.credsPath }}
+    keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
+      -storepass "${cadi_keystore_password_p12}" \
+      -keystore {{ .Values.fqi_namespace }}.p12
+    keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \
+      -storepass "${cadi_truststore_password}" \
+      -keystore {{ .Values.fqi_namespace }}.trust.jks
+    echo "*** save the generated passwords"
+    echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
+    echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop
+    echo "*** change ownership of certificates to targeted user"
+    chown -R 1000 {{ .Values.credsPath }}
+
 # application image
 image: onap/sparky-be:2.0.3
 pullPolicy: Always
@@ -44,13 +78,7 @@ config:
   portalPassword: OBF:1t2v1vfv1unz1vgz1t3b
   portalCookieName: UserId
   portalAppRoles: ui_view
-  aafUsername: aai@aai.onap.org
-  aafNamespace: org.onap.aai
-  aafPassword: enc:xxYw1FqXU5UpianbPeH5Rezg0YfjzuwQrSiLcCmJGfz
-  cadiKeyFile: /opt/app/sparky/config/portal/keyFile
-  cadiTrustStore: /opt/app/sparky/config/auth/truststoreONAPall.jks
   cadiFileLocation: /opt/app/sparky/config/portal/cadi.properties
-  cadiTrustStorePassword: changeit
   cookieDecryptorClass: org.onap.aai.sparky.security.BaseCookieDecryptor
 
 # ONAP Cookie Processing - During initial development, the following flag, if true, will
-- 
2.16.6