From 12e6aba510f0ccb2ea21ea87ba77a08bc044cd0a Mon Sep 17 00:00:00 2001 From: Krzysztof Opasiak Date: Thu, 4 Mar 2021 22:14:51 +0100 Subject: [PATCH] Revert "[AAI][SPARKY] Automatically retrieve certs" This reverts commit a9a41d84026f059aae70f9042c0b99af5b72e619. aai-sparky-be with this patch fails often in the gate. I expect this to be related to this patch as the stack trace contains below error message: java.io.IOException: keystore password was incorrect Issue-ID: OOM-2683 Signed-off-by: Krzysztof Opasiak Change-Id: I53650671eae700ef553b2f9158744ab72d881820 --- .../aai/components/aai-sparky-be/requirements.yaml | 3 - .../application-oxm-default.properties | 0 .../application-oxm-override.properties | 0 .../application-oxm-schema-prod.properties | 10 +- .../application-resources.properties | 5 +- .../{application => }/application-ssl.properties | 8 +- .../{application => }/application-sync.properties | 0 .../{application => }/application.properties | 8 +- .../resources/config/application/logback.xml | 187 --------------------- .../resources/config/auth/client-cert-onap.p12 | Bin 0 -> 4117 bytes .../resources/config/auth/org.onap.aai.p12 | Bin 0 -> 4347 bytes .../portal/BOOT-INF/classes/portal.properties | 2 +- .../resources/config/portal/cadi.properties | 14 +- .../config/{application => }/roles.config | 0 .../config/{application => }/users.config | 0 .../aai-sparky-be/templates/configmap.yaml | 21 ++- .../aai-sparky-be/templates/deployment.yaml | 118 ++++++------- .../aai/components/aai-sparky-be/values.yaml | 45 +---- 18 files changed, 105 insertions(+), 316 deletions(-) rename kubernetes/aai/components/aai-sparky-be/resources/config/{application => }/application-oxm-default.properties (100%) rename kubernetes/aai/components/aai-sparky-be/resources/config/{application => }/application-oxm-override.properties (100%) rename kubernetes/aai/components/aai-sparky-be/resources/config/{application => }/application-oxm-schema-prod.properties (72%) rename kubernetes/aai/components/aai-sparky-be/resources/config/{application => }/application-resources.properties (70%) rename kubernetes/aai/components/aai-sparky-be/resources/config/{application => }/application-ssl.properties (66%) rename kubernetes/aai/components/aai-sparky-be/resources/config/{application => }/application-sync.properties (100%) rename kubernetes/aai/components/aai-sparky-be/resources/config/{application => }/application.properties (76%) delete mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12 create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12 rename kubernetes/aai/components/aai-sparky-be/resources/config/{application => }/roles.config (100%) rename kubernetes/aai/components/aai-sparky-be/resources/config/{application => }/users.config (100%) diff --git a/kubernetes/aai/components/aai-sparky-be/requirements.yaml b/kubernetes/aai/components/aai-sparky-be/requirements.yaml index 498f1b837d..42641a2e5c 100644 --- a/kubernetes/aai/components/aai-sparky-be/requirements.yaml +++ b/kubernetes/aai/components/aai-sparky-be/requirements.yaml @@ -21,9 +21,6 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' - - name: certInitializer - version: ~7.x-0 - repository: '@local' - name: repositoryGenerator version: ~7.x-0 repository: '@local' \ No newline at end of file diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-default.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties similarity index 100% rename from kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-default.properties rename to kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-override.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties similarity index 100% rename from kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-override.properties rename to kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties similarity index 72% rename from kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties rename to kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties index b6c5f68368..094c815744 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties @@ -15,14 +15,14 @@ */}} oxm.schemaNodeDir=/opt/app/sparky/onap/oxm -#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config +#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config oxm.schemaServiceTranslatorList=config # The end point for onap is https://:/onap/schema-service/v1/ oxm.schemaServiceBaseUrl=https:///aai/schema-service/v1/ -oxm.schemaServiceKeystore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 -oxm.schemaServiceTruststore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks -oxm.schemaServiceKeystorePassword=${KEYSTORE_PASSWORD} -oxm.schemaServiceTruststorePassword=${KEYSTORE_PASSWORD} +oxm.schemaServiceKeystore=file:${CONFIG_HOME}/auth/aai-client-cert.p12 +oxm.schemaServiceTruststore=file:${CONFIG_HOME}/auth/tomcat_keystore +oxm.schemaServiceKeystorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o +oxm.schemaServiceTruststorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties similarity index 70% rename from kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties rename to kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties index 2143bf8902..59c0349b06 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties @@ -19,7 +19,4 @@ resources.port=8443 resources.authType=SSL_BASIC resources.basicAuthUserName=aai@aai.onap.org resources.basicAuthPassword=1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek -resources.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks -resources.trust-store-password=${TRUSTSTORE_PASSWORD} -resources.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 -resources.client-cert-password=${KEYSTORE_PASSWORD} \ No newline at end of file +resources.trust-store=tomcat_keystore diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties similarity index 66% rename from kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties rename to kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties index 073e9d318a..26565bb1a0 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties @@ -15,8 +15,8 @@ */}} server.port=8000 -server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 -server.ssl.key-store-password=${KEYSTORE_PASSWORD} +server.ssl.key-store=file:${CONFIG_HOME}/auth/org.onap.aai.p12 +server.ssl.key-store-password=OBF:1cqc1l4h1qhu1j751p3j1kmy1ncw1o6g1hf418571g7i1d9r1dan1ga8185f1hfy1o461ncu1kjo1p671j7x1qjg1l8t1cne server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 -server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks -server.ssl.trust-store-password=${KEYSTORE_PASSWORD} +server.ssl.trust-store=file:${CONFIG_HOME}/auth/truststoreONAPall.jks +server.ssl.trust-store-password=OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-sync.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties similarity index 100% rename from kubernetes/aai/components/aai-sparky-be/resources/config/application/application-sync.properties rename to kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties similarity index 76% rename from kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties rename to kubernetes/aai/components/aai-sparky-be/resources/config/application.properties index a9e5908ec7..1ae00d95c4 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties @@ -26,12 +26,12 @@ spring.mvc.favicon.enabled=false spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,portal,aai-proxy +portal.cadiFileLocation={{.Values.config.cadiFileLocation}} portal.cadiFileLocation={{.Values.config.cadiFileLocation}} searchservice.hostname={{.Values.global.searchData.serviceName}} searchservice.port=9509 -searchservice.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 -searchservice.client-cert-password=${KEYSTORE_PASSWORD} -searchservice.truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks -searchservice.truststore-password=${TRUSTSTORE_PASSWORD} +searchservice.client-cert=client-cert-onap.p12 +searchservice.client-cert-password=1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 +searchservice.truststore=tomcat_keystore schema.ingest.file=${CONFIG_HOME}/schemaIngest.properties diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml b/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml deleted file mode 100644 index cd5338f5b3..0000000000 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml +++ /dev/null @@ -1,187 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - ${errorLogPattern} - - - - - - - - - - - ${logDirectory}/${generalLogName}.log - - ${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip - - 60 - - - ${errorLogPattern} - - - - - - INFO - - 256 - - - - - - - - ${logDirectory}/${auditLogName}.log - - ${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip - - 60 - - - ${auditMetricPattern} - - - - 256 - - - - - ${logDirectory}/${metricsLogName}.log - - ${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip - - 60 - - - - ${auditMetricPattern} - - - - - - 256 - - - - - ${logDirectory}/${debugLogName}.log - - ${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip - - 60 - - - ${errorLogPattern} - - - - - 256 - - false - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12 b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12 new file mode 100644 index 0000000000000000000000000000000000000000..aa4ae742721c1f4e88f1cbaec06a8ceee9dabf5d GIT binary patch literal 4117 zcmV+w5bEzRf)Eh`0Ru3C57!0>Duzgg_YDCD0ic2p$OM89#4v&nz%YUecLoV6hDe6@ z4FLxRpn?i$FoFtX0s#Opf(l&*2`Yw2hW8Bt2LUh~1_~;MNQUE$RiNx{Y1&xtJVXu5s;?ZJ#`5#nR@KV;5YSmCM>{4i0C2DwnV6Eh2Cn8oC z>aB+2u_`r>u&>Xu>kO+q3s-7=tj1K#EUSU{%X;oT4BF;O9_9xyn1B9kd9@EFTKpV* zp_J@*Z_Wn6AsRN{zoPam^qIr{*Bjc|epOz=UU~z%YJIGH zILGy4X#u}BXVW4Lq+2zw8oUs4MEj+1Uy*C)Ilh_7^12_%)~F(Cd@n7_?+L}8GBmx^ z_oDYI@Nanb!jLi&L8od4xe{9LR71+mI|TW+5-WsX(|rYtT%x)#Z!)cs5eNLc81 zVVMIz8#JL{6}_r%4e@17Hc%$-Sy}k()7{K$e#tDZlW{7y`iQ16xq`i5wGjUD|I}_8 ze%2S5WexRy;{cz^Q+Zp!@xlN22lD&K_j6oA&eOD-Qf z7rEOWjDk(>s3QK4xjY@NS=%~vH%qKRaG&rz5O|8zkiYUbO+TsQ-*<q;mdL+w`6As4!*~RM_rbr(nrp4G7L9@kgS>1 z{#z9^0RJT}z!(j*#A%kHN(lMwE|ZG_Fg9=~ik_I0_HW9Fs#?$tS2r828IP=>SfnBZ z>?wo6*+nq%ft($wuOgHZl`tY?HOvkPE5fl_2~Wvs92fKkIXJNf=r3qD+QuiB+k~lm zYp8$QPU(G((fouA4pe2^4?&;tDuX3zp0dgc4-klt1CIu<8yd%o5El%9J+*%#J<3$* zE9$riE&(#5BQQWvz}gY#)qgeMP0GQ9}vOWb|d=X`Iabz z-XzpnIK1n*LY~@tZZ=*FxMO2S|>*Y)Ark-*U1^dzf*SFZUVd{WJT3PIp<5u(J;3kyOKA97nCsTZxQkxqZ0~@14pL{rYvj7=p~?c^J@( z7Fc^zb9|xWVKv8K#H(Mu@a9Jk9GcdH9XrC&wn-=NDw>jZ-1bjP_tryR13*yhXl;(D z^Ql-4DdjsZ{r#lu-)S;0)^lbzUW%)U7zZMuD~*z-f2&j3^xqKJfQZg5bdmINHkoB7 zy5XFIDEhQr-JZw+yp;*<^(aQQn0JHZ){pct84^8_f#ADwwi*ok=^nGwz5UDu5V)lC zAdD(%;t~9^(EEC;-7wK=P5v4W(J}=#24CUa+@_7E6x6^Xh?4TsYeBJB!~7LXRy9A} zdzQf^_y(d8&A>~g9Fvg-si{sSmdj%}fFiPf_=*u%ej~{H=}uLH>qop-(+#vZgo!YE<9DxC?x0H(VZn<{R_qD7crd$kMleBw zSn1lpic7s$D3fZp+lO3q$v**yBlvudue35GwA*DZX?h&TNjY9kRP2OrO26priUemc zZl~D~^xa!(zNBU9&+2LJ#wa*j0WVb9Gg1%Cja#DqfnW9)g3jqHx29GF&GvfGD|k!>+Ve6=$JnZ2jr`QD6s$^eJvm!ZD*z>64*x=iI~ZY{%;C7B4I z*ArN9$TZwGrvW4NXj7!OJj)94ddG~(FNwXp89J`ZqTOsJdd~XaU4fl>6YpyP#X`@u zE$c>;*#486d)*d>2(N5%o{{uX|}hOs$}*EevCI1aP-kZWQS82f$)>L)KA$F(Mk zG`!+L2k%AYSz}no1lVEhR_{4Ib=uYI0(g$Q0$P<6T84$**-Yr%f*y>$w3i3BQ#Q%I3j<@-*{n#=93zjlI?^~m`-;GEJ`|Merci_V7#39Q=>VZ4SUkT z;+;NWWd(z7ovYOMS|qiNIDZv)weqTqR^d6k%QktX=fW(RU&>Jxwq_Z#vtEgh+!>c+ zLHrH+mH5#&M{{luUW(0UQe8S2ILPQkJjeCDUfzi^G2okS17+BK!oS&COP55*q#~jR zw7a5>Phd^tBq#+;1oIm-{d!SCJS&LNQUz9WL??@pNa-{7miHr0t0YpiKCQyru($Ls-J@Z5>V%Ai_K zjw@||5T*48w7#PyC0qGQj@9E=BW`9UIOjnKH$0pZd#}`M47-a>Cv51^`bjs}e`YB* zH6=sbuc7RtZSSv8c96hVp#k&S8MHTEGscj|d28ZZIfN{kVn1i?wUyF`~;lQ_3H5_=N#-*w!hNoDKU%hiKu=$WIrQs8^_N>JQvgvSkl^)Jm827^!Xb z+y;SEKpb=9<(#GF0%FpsZ!x}ijI5N>OI{qI^5t<+bo!29ZIxk*pHFGjC+>6VUd2!@YP0F$oi%AV`-C=I2TPa?**^8oO@R8fp6L_Ab1=wF`8G2BHT>$22@c>>GZ z&23{Xn0g8<(pAr%Q)yyRmfV~OWwhInv=~70e%jfi^}*{LeIv|pht^IA7ok0v#tbi} z>X6t|X zM3qSLnM*PYF@{D5BqW}exM&5ja4$b~aKCVJ-!V1DQg62_D4fgpBmwZ&mON?^r+KFG zlr%iS(}z0}b<+Ct16hitKVSZDLN6#`HXL{D?IBEq6c&Ra-+ZK5x%Ig`*VLk7AHZ#2 zK15m;J|MbM{BN>WiLObe-5t%~I@b`{^|vh&Y>+iDbmY64_z5@0X)$C-8YZYv;vBpd z>7$3f-O0?f;lIRbXj-Lgh67pK6WHyh&$RGynKBH2YnvrKcP#VK!(Ff=K2rxjIi$5%)ms(yxX7u%a0n9-gc9%hVLBtqq`QKGmZ? z#SLR4gByaA2i1u@Zydq0-K9y(e^B#MXCTXMw7xp)DGPy4Z6wMa3Kv_VB8g57ll-w2 zus145a>rkMr4E*dp&QpErIT^!*LPo(j3mP!6QmiP;imPo2ZUMBU3y46Zdb2TE1+&|A;2$J*~69Wr^ByGUK=Z;Z}xhBTI#VA3NmSQ7G3;)u&5F{|< z|4BekY$VY2FAe|Ob~uFpb`cR^V3r`U?;uF*YX}z(!T-^JkJDp=MH&apPe9LC&M7)l zR)5i+me`1gU}6FKb+M7y!!+sN%Jw8=6UB4%R|B;)?gwfV+**qLZ#)aAJ}KRaC)sIy z^Ppop-Obpjvy&@UO2C!N6`$E0q>+Iy_81B?EuiM0;D);5}Lgm1l-c+MMH zXlhOyv;=$qX3%(IzOjC0@MvK%@VggFPp5g)QjoyRPM1Si(pd-PmIYWORw1IL$mZMI z{?hN`=Ep;&)orJ^UPW15tYD@w+(;d(wKW@!yeT-zoJ`(7uGJhd z8ZltB`O)BgAnwSak{l5~IQBk9O@2XAhe^y#6NkKQDTM}q%)vZNyP{ZzN|H;bAGngH za!h|zS)fc?{;uXdh&~$v#C3)puuBVxen_+VC@vK=V6pcS7ttDrOCM!nL-cZ-vM1?| zHsa=Fx)OC!kn*tOD@!3QyiZ22uD5-3@-*@*6OvtI6rNT}c)r9_KTAua>R7X<)}IuL z)i<0swj-?bn!iwYR8Gzm#?PFoH(e0267glXb+qWG)kcMlSaj5Lq<>aM)z^MY@J?3W z*hpFu`Wq^HW^S~o7Yl7&u6%CXn2<p z#6~h=*PlF|7tsG%yt0*zA#`M$e9`p%XO|wc<^`VS4g#0igF9PVX|Cx9)6&6CTbwo7 zd|Q^^*C&E`&DUf2y4$xN%kL6%GsmP#47yM#_F?zj>a)-_-%WG*VXoKS)gT-VHyd#UWesOrPl$F=&VQXJf@>O%y(bj;0-~&;EY&-NgWhzat$yJG&^=Dis6^ zKni*bIr7AE=R*5KMkm{&VZ6+Pv*SM7_VxE4pi#)Vm(V=t1kAV6zb_p_E#1_Ae>W{4 zGU~4CrK%kkJ;Zx%<|Tm!y_;$z;VC@pynCVCkv&?G&lC zP4Hu!)p_41P8Hknq3LRLH5U)^ZdcjJP!P%=)hI7g>*N$|TgIxyGXIEfO<3ygDxw;c{k>Y4tZ^zm@kQil~QTT?JZ`u zUB=Sk(ohXq1Tu3}ytPlbtAKmsv0@_KFp7gvtMpIQ?_Vj~hJ(m$JkI`?muC<$HPsRC z?S*<{pH4ztl1(%dzJka8dxkAj{uhabjtSwwt17Yf@^jp_=NVjHaXvWS4$o`_ZcSv8 z@hGx^Spt*5`NI5}jiRY8f1iMM{8ptwl}YK8)f{S+6!h4tano=f3R1_4@GEok2p~JZ zQpBuCYzMdR>)LJG9a7$8e}2MBqPB zi4TUdK4Avf{w)`P+`lJ3zzg8{7kdN#g?s@{5SITMD4}3%azhsnM`oyqxUjI8sDzNH z2vh`uBn1Cw2^XgXNeKK)VPIkaAV`AS|0)>&FLiPLmAd1*!=hFbBtY(ZJ#!Xz^*KYL zQ`7%V-Ebs9kAOok0g-jii=Z+rkkdyM$p5uTXS0e_n;ru!Rzd}!Y*R|XqeB!a)G~vuSVt!_ib~2L;woWFHdK@ znX*&TT&%GSfhcYP$>7;jJF(nv6tev>x$^N^ZLYdCale#f>E%Z@<!~1 z2lWAQq{Axhy*q2BZ~dbDNm30H1h3SBt#WYM=rnUAcvgH!(xyFS;DKrQV*+Y^u{P@> zreKYwn~+A}$>*h|L+JgAMn@D$Y_18TTJ|C?lR!h0t&8_3lBIzrV#UGD6Fvpz7I%?O zU(>V5n+?3*mXpserpbp^Vc6L7e8k&@N`Wm9H12u9H0P^7^ogUik`-sNwD;QCf+De^ zEQzb#TF+(eDYwLyx*sPBIYr;*@g9mH9FJAke|{nNqq`HP7d~N z{=oodqOC0Kd5J+1ya~6Fze%{73DA1gWB?+uss0t~mZT$N;T%_s?KN^aEJm3j?ptp0I6~Pde?A+Cs_Ovl=&=#_=(zCQw-f)z&Bl|Wi zMg_7`J?KA5mAW zD}CJ-FED8@W$U^TNpwJMStGheS5UD`gEN3Yb$&)Rf1JHZ-oSJwy4Hy4m+P6<(HaG9K4VbRwIo!KL|f2}np?H~m3(5&;w zVR1mMvm#(dWf{YDJj9PTMNCe4Y)r+%Ep5%g3n^EHvs*Ss@>MOHL!|I*<^|c)w^l+~ z?(+{uO8(tP>x{bKbptqyfA(W>`8O`a8b%6=s?+|nz*(I!Xm29S$-aMqv^dK3_NAMA z^#DlJyA;!KO3|j3tufDWSzP2uH`32cN(Pai&?p0z8y*{MrHx;4fB56TtJ5|VjvgTI zRZRBEeIqn=fE4eb(Y6BcL8+f1dS^F#>M04a>4rem@x@65PL4?OMZ$J5om6Nm=J9HI zgWs8cQ*<8*p}X6GOt4nWdPY7XdvU-a=lS`5r}v$gtE!Nx!tF)&@yfpE3`C$OcuS~M zN4l9^9okvAukMqalVE&|<6mSw@D4ZB=Z;KS?;i#_*eHb5qkyPv+wp}GoGv=$0lL*w z?!rl-3p%kf9K7zxR(#E<-18gv^H-C|`-Sm_lTZ)YLw`bg>h^KvgjW9uO#~lMpFly> zy3)U#Xm{c%@)O12!sf2CJ8fHa9Hxea)BsUz1sT+K<lzIeKLZ=b>b~>0@&()XVdoTl_(25Y{+;a>j~alpW$|i7nWFaa z9xGU>Nd^&Yd|YKCmhh&L9Vd3~UJpOdY0auHar1gi>N9;PzT0Q_$QAt_&-RDMUnY$P z!5O?{lLO<=I5)eb%9@pYhSp+^vunYU61#~&x4pG0$Gy(}t8^@Oc-*M`Cun&!wsKx2 z)^1~RTV*Fo-*UD@#Czg_wXPs`EFLRfKrGNpuRPkSw54{|8rqcud#W0&F#9W6Ld{L7 z{CC6LT=Cby4!Y4p{mQP$URq=24107O_2F-0aH%pHt~7Rv01NY>t0veH6mq&*LBv%j zao;j8C|`pbEN+x+0261{gdME%GO*jV*XH>aoD>L_h}ouRn-t?BiCm_cF^m`*p6M<3 z?UUM_^EkYIDb}uvCx_v}89&7?pP1o0FDQ?>2q#$hy+B>qiK${*+w92;mID`Ht2hUaYI+OA2M9!H9w*;@coEvlx;qq z3H%_Ng{VS4h1>(kOt9A(Rl3D&j^A;5`LCxXC zwHt1Qrr^{#^u4iO;94W^6?miZ@DQMB*OPdzbSMyL+uq{i@n*Yq&kEpCP0c_x${-b> zO)ng>Iy3vlXGT`S#B*YM=;d|1d*6tTm-ef$(X`s&W#vz+V88@!;oUogCcGYuo0`mh zShCTAK{g{}P?i92KtT9D=&7@$noOg@mLsSN38<-B1>YYvZ#DBB#(u7oLje%jcdq5P z{T>rh*vu7M7CH8`eUJnKg!$Vq%^Y(0mATZlR|PN4W=#VAG&{xjP>Z^+nyj-L{GOa{ zIa)3M^TEXH&N^_)mopzkq!>PyS(Wl`QizCgczZt1GZqE)7ZE!wC(up2I8ZBEWlsE) zwtHMnDSvbL-VR5hHmLI|19Ktz&p#f{Pc;c%z>A_oQUhAq?#-vjnbgt(z6qQQ1ieOU z6Nga1n>n7p+y+xy2uu@?MMfDYU8 zH8}xodbGNpVIRRg1N>FB-rU1zj)APJ?^`h8Gr9${l?q-#miW7-)C;v-!*emY{4Xub zyk*|&!Vkj<_CxL%b*T?dF`B}QCSjcAPH8tH^i&4tTqVf6`NM z9*k|5nPYklhS558e9bL8bPTv3CPJS3##e1fn!1RpcrYKKmGQI#hGv4D>I47wRFTc?#8}D6P&-TtNeqINO@ayCzdmOX4Z?JeQ@XN{$XC-oKOv4=>XS&E7J7O{K>OtG@9PxA3CF;E ztlEOeKv*F7I6xi{7A74KfDP7z78Hule%OV2HC9xj7$0f0!C2T}>(J9`9Wui#i_FB8 Sk_|*CjxSL#CKg6a$^QVck|7}g literal 0 HcmV?d00001 diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties index 7a0fb8250b..2592e5ca7c 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties @@ -46,4 +46,4 @@ ext_req_connection_timeout=15000 ext_req_read_timeout=20000 #Add AAF namespace if the app is centralized -auth_namespace={{ .Values.certInitializer.fqi_namespace }} +auth_namespace={{.Values.config.aafNamespace}} diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties index baefd9806b..1f154b6101 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties @@ -6,18 +6,14 @@ aaf_url=<%=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 # AAF Environment Designation #if you are running aaf service from a docker image you have to use aaf service IP and port number -aaf_id={{ .Values.certInitializer.fqi }} +aaf_id={{.Values.config.aafUsername}} #Encrypt the password using AAF Jar -aaf_password={{ .Values.certInitializer.aafDeployPass }} +aaf_password={{.Values.config.aafPassword}} # Sample CADI Properties, from CADI 1.4.2 #hostname=org.onap.aai.orr csp_domain=PROD # Add Absolute path to Keyfile -cadi_keyfile={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.keyfile -cadi_keystore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 -cadi_keystore_password=${KEYSTORE_PASSWORD} - -cadi_alias={{ .Values.certInitializer.fqi }} +cadi_keyfile={{.Values.config.cadiKeyFile}} # This is required to accept Certificate Authentication from Certman certificates. # can be TEST, IST or PROD @@ -27,9 +23,9 @@ aaf_env=DEV cadi_loglevel=DEBUG # Add Absolute path to truststore2018.jks -cadi_truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +cadi_truststore={{.Values.config.cadiTrustStore}} # Note: This is the ONLY password that doesn't have to be encrypted. All Java's TrustStores are this passcode by default, because they are public certs -cadi_truststore_password=${TRUSTSTORE_PASSWORD} +cadi_truststore_password={{.Values.config.cadiTrustStorePassword}} # how to turn on SSL Logging #javax.net.debug=ssl diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/roles.config b/kubernetes/aai/components/aai-sparky-be/resources/config/roles.config similarity index 100% rename from kubernetes/aai/components/aai-sparky-be/resources/config/application/roles.config rename to kubernetes/aai/components/aai-sparky-be/resources/config/roles.config diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config b/kubernetes/aai/components/aai-sparky-be/resources/config/users.config similarity index 100% rename from kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config rename to kubernetes/aai/components/aai-sparky-be/resources/config/users.config diff --git a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml index fee07d8acf..162e96b0dc 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml @@ -14,6 +14,25 @@ # limitations under the License. */}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-prop + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application-resources.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application-ssl.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application-oxm-default.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application-oxm-override.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application-oxm-schema-prod.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/roles.config").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/users.config").AsConfig . | indent 2 }} --- apiVersion: v1 kind: ConfigMap @@ -26,7 +45,7 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/application/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} --- apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml index 51d577ba91..6e74526ddc 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml @@ -38,29 +38,7 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: - initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - - command: - - sh - args: - - -c - - | - echo "*** retrieve Truststore and Keystore password" - export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \ - | xargs -0) - echo "*** write them in portal part" - cd /config-input - for PFILE in `ls -1 .` - do - envsubst <${PFILE} >/config/${PFILE} - done - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - - mountPath: /config-input - name: portal-config-input - - mountPath: /config - name: portal-config - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config + initContainers: - command: - /app/ready.py args: @@ -79,56 +57,68 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - args: - - -c - - | - echo "*** retrieve Truststore and Keystore password" - export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \ - | xargs -0) - echo "*** actual launch of AAI Sparky BE" - /opt/app/sparky/bin/start.sh - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + + volumeMounts: - mountPath: /etc/localtime name: localtime readOnly: true + - mountPath: /opt/app/sparky/config/auth/client-cert-onap.p12 + name: {{ include "common.fullname" . }}-auth-config + subPath: client-cert-onap.p12 + - mountPath: /opt/app/sparky/config/auth/csp-cookie-filter.properties - name: auth-config + name: {{ include "common.fullname" . }}-auth-config subPath: csp-cookie-filter.properties + + - mountPath: /opt/app/sparky/config/auth/org.onap.aai.p12 + name: {{ include "common.fullname" . }}-auth-config + subPath: org.onap.aai.p12 + + - mountPath: /opt/app/sparky/config/auth/truststoreONAPall.jks + name: aai-common-aai-auth-mount + subPath: truststoreONAPall.jks + - mountPath: /opt/app/sparky/config/portal/ - name: portal-config + name: {{ include "common.fullname" . }}-portal-config + - mountPath: /opt/app/sparky/config/portal/BOOT-INF/classes/ - name: portal-config-props + name: {{ include "common.fullname" . }}-portal-config-props + - mountPath: /var/log/onap - name: logs + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/sparky/config/application.properties - name: config + name: {{ include "common.fullname" . }}-properties subPath: application.properties + - mountPath: /opt/app/sparky/config/application-resources.properties - name: config + name: {{ include "common.fullname" . }}-properties subPath: application-resources.properties + - mountPath: /opt/app/sparky/config/application-ssl.properties - name: config + name: {{ include "common.fullname" . }}-properties subPath: application-ssl.properties + - mountPath: /opt/app/sparky/config/application-oxm-default.properties - name: config + name: {{ include "common.fullname" . }}-properties subPath: application-oxm-default.properties + - mountPath: /opt/app/sparky/config/application-oxm-override.properties - name: config + name: {{ include "common.fullname" . }}-properties subPath: application-oxm-override.properties + - mountPath: /opt/app/sparky/config/application-oxm-schema-prod.properties - name: config + name: {{ include "common.fullname" . }}-properties subPath: application-oxm-schema-prod.properties + - mountPath: /opt/app/sparky/config/roles.config - name: config + name: {{ include "common.fullname" . }}-properties subPath: roles.config + - mountPath: /opt/app/sparky/config/users.config - name: config + name: {{ include "common.fullname" . }}-properties subPath: users.config - - mountPath: /opt/app/sparky/config/logging/logback.xml - name: config - subPath: logback.xml + ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -165,35 +155,45 @@ spec: subPath: filebeat.yml name: filebeat-conf - mountPath: /var/log/onap - name: logs + name: {{ include "common.fullname" . }}-logs - mountPath: /usr/share/filebeat/data name: aai-sparky-filebeat resources: {{ include "common.resources" . }} - volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} + volumes: - name: localtime hostPath: path: /etc/localtime - - name: config + + - name: {{ include "common.fullname" . }}-properties + configMap: + name: {{ include "common.fullname" . }}-prop + + - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} - - name: portal-config - emptyDir: - medium: Memory - - name: portal-config-input + + - name: {{ include "common.fullname" . }}-portal-config configMap: name: {{ include "common.fullname" . }}-portal - - name: portal-config-props + + - name: {{ include "common.fullname" . }}-portal-config-props configMap: name: {{ include "common.fullname" . }}-portal-props - - name: auth-config + + - name: {{ include "common.fullname" . }}-auth-config secret: secretName: {{ include "common.fullname" . }} + + - name: aai-common-aai-auth-mount + secret: + secretName: aai-common-aai-auth + - name: filebeat-conf configMap: name: aai-filebeat - - name: logs + - name: {{ include "common.fullname" . }}-logs emptyDir: {} - name: aai-sparky-filebeat emptyDir: {} diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml index 147feb13c8..ed21030dc8 100644 --- a/kubernetes/aai/components/aai-sparky-be/values.yaml +++ b/kubernetes/aai/components/aai-sparky-be/values.yaml @@ -27,45 +27,6 @@ global: # global defaults searchData: serviceName: aai-search-data - -################################################################# -# Certificate configuration -################################################################# -certInitializer: - nameOverride: aai-sparky-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: "aai" - app_ns: "org.osaaf.aaf" - fqi_namespace: "org.onap.aai" - fqi: "aai@aai.onap.org" - public_fqdn: "aaf.osaaf.org" - cadi_longitude: "0.0" - cadi_latitude: "0.0" - credsPath: /opt/app/osaaf/local - aaf_add_config: | - echo "*** changing passwords into shell safe ones" - export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - export TRUSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - cd {{ .Values.credsPath }} - keytool -storepasswd -new "${KEYSTORE_PASSWD}" \ - -storepass "${cadi_keystore_password_jks}" \ - -keystore {{ .Values.fqi_namespace }}.jks - keytool -storepasswd -new "${TRUSTORE_PASSWD}" \ - -storepass "${cadi_truststore_password}" \ - -keystore {{ .Values.fqi_namespace }}.trust.jks - echo "*** set key password as same password as keystore password" - keytool -keypasswd -new "${KEYSTORE_PASSWD}" \ - -keystore {{ .Values.fqi_namespace }}.jks \ - -keypass "${cadi_keystore_password_jks}" \ - -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }} - echo "*** save the generated passwords" - echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop - echo "TRUSTSTORE_PASSWORD=${TRUSTORE_PASSWD}" >> mycreds.prop - echo "*** change ownership of certificates to targeted user" - chown -R 1000 {{ .Values.credsPath }} - # application image image: onap/sparky-be:2.0.2 pullPolicy: Always @@ -83,7 +44,13 @@ config: portalPassword: OBF:1t2v1vfv1unz1vgz1t3b portalCookieName: UserId portalAppRoles: ui_view + aafUsername: aai@aai.onap.org + aafNamespace: org.onap.aai + aafPassword: enc:xxYw1FqXU5UpianbPeH5Rezg0YfjzuwQrSiLcCmJGfz + cadiKeyFile: /opt/app/sparky/config/portal/keyFile + cadiTrustStore: /opt/app/sparky/config/auth/truststoreONAPall.jks cadiFileLocation: /opt/app/sparky/config/portal/cadi.properties + cadiTrustStorePassword: changeit cookieDecryptorClass: org.onap.aai.sparky.security.BaseCookieDecryptor # ONAP Cookie Processing - During initial development, the following flag, if true, will -- 2.16.6