From a1bbe5c43828e8d54a7b43fde0d14834318c192e Mon Sep 17 00:00:00 2001 From: Sylvain Desbureaux Date: Wed, 28 Oct 2020 16:55:18 +0100 Subject: [PATCH] [SO] Remove so-secret component SO secret was used to give truststore to SO components. As we're using dynamic certificate retrieval, it's not needed anymore. Issue-ID: OOM-2534 Issue-ID: SO-3348 Signed-off-by: Sylvain Desbureaux Change-Id: I0eb2e052096923fc69bf5f1a1876d9a76a22102b --- .../so-appc-orchestrator/templates/deployment.yaml | 2 +- .../so-bpmn-infra/templates/deployment.yaml | 2 +- .../templates/deployment.yaml | 2 +- .../so-cnf-adapter/templates/deployment.yaml | 6 --- .../resources/config/overrides/override.yaml | 2 +- .../so-etsi-nfvo-ns-lcm/templates/deployment.yaml | 9 +---- .../so-nssmf-adapter/templates/deployment.yaml | 8 +--- .../so-openstack-adapter/templates/deployment.yaml | 2 +- .../templates/deployment.yaml | 2 +- .../so-sdc-controller/templates/deployment.yaml | 2 +- .../so-sdnc-adapter/templates/deployment.yaml | 2 +- kubernetes/so/components/so-secrets/Chart.yaml | 17 --------- .../so/components/so-secrets/requirements.yaml | 20 ---------- .../resources/certs/org.onap.so.trust.jks | Bin 4641 -> 0 bytes .../components/so-secrets/templates/secrets.yaml | 42 --------------------- kubernetes/so/components/so-secrets/values.yaml | 20 ---------- .../so-vfc-adapter/templates/deployment.yaml | 2 +- .../resources/config/overrides/override.yaml | 10 ++--- .../so-vnfm-adapter/templates/deployment.yaml | 11 +----- .../soHelpers/templates/_certificates.tpl | 2 +- kubernetes/so/requirements.yaml | 3 -- kubernetes/so/templates/deployment.yaml | 2 +- 22 files changed, 20 insertions(+), 148 deletions(-) delete mode 100644 kubernetes/so/components/so-secrets/Chart.yaml delete mode 100755 kubernetes/so/components/so-secrets/requirements.yaml delete mode 100644 kubernetes/so/components/so-secrets/resources/certs/org.onap.so.trust.jks delete mode 100644 kubernetes/so/components/so-secrets/templates/secrets.yaml delete mode 100644 kubernetes/so/components/so-secrets/values.yaml diff --git a/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml index 50d42ca44d..24592ba50a 100644 --- a/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml +++ b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml @@ -58,7 +58,7 @@ spec: export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password}" + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} {{- end }} /app/start-app.sh diff --git a/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml index e7cb3aa782..108b928eb5 100755 --- a/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml +++ b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml @@ -67,7 +67,7 @@ spec: export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password}" + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} /app/start-app.sh {{- end }} diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml index d58fd86194..b532515d56 100755 --- a/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml @@ -67,7 +67,7 @@ spec: export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password}" + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} /app/start-app.sh {{- end }} diff --git a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml index 63e36a6c2c..8c894ad49a 100755 --- a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml @@ -105,9 +105,6 @@ spec: - name: config mountPath: /app/config readOnly: true - - name: {{ include "common.fullname" . }}-truststore - mountPath: /app/client - readOnly: true - name: encoder mountPath: /input livenessProbe: @@ -129,8 +126,5 @@ spec: - name: encoder emptyDir: medium: Memory - - name: {{ include "common.fullname" . }}-truststore - secret: - secretName: {{ include "common.release" . }}-so-truststore-secret imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml index c9aa5823bf..7b85b445a2 100644 --- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml @@ -58,7 +58,7 @@ etsi-catalog-manager: http: client: ssl: - trust-store: ${TRUSTSTORE} + trust-store: file:${TRUSTSTORE} trust-store-password: ${TRUSTSTORE_PASSWORD} {{- else }} endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml index 9408c1f556..bf770bb992 100644 --- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml @@ -41,9 +41,8 @@ spec: {{- if .Values.global.aafEnabled }} export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" - export TRUSTSTORE="file:/${TRUSTSTORE}" {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password}" + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} {{- end }} ./start-app.sh @@ -83,9 +82,6 @@ spec: - name: config mountPath: /app/config readOnly: true - - name: {{ include "common.fullname" . }}-truststore - mountPath: /app/client - readOnly: true livenessProbe: tcpSocket: port: {{ index .Values.livenessProbe.port }} @@ -100,8 +96,5 @@ spec: - name: config configMap: name: {{ include "common.fullname" . }}-app-configmap - - name: {{ include "common.fullname" . }}-truststore - secret: - secretName: {{ include "common.release" . }}-so-truststore-secret imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml index f1ec31adf1..50bb9ce233 100755 --- a/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml @@ -57,7 +57,7 @@ spec: export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password}" + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} {{- end }} ./start-app.sh @@ -102,9 +102,6 @@ spec: - name: config mountPath: /app/config readOnly: true - - name: {{ include "common.fullname" . }}-truststore - mountPath: /app/client - readOnly: true livenessProbe: httpGet: path: {{ index .Values.livenessProbe.path}} @@ -121,8 +118,5 @@ spec: - name: config configMap: name: {{ include "common.fullname" . }} - - name: {{ include "common.fullname" . }}-truststore - secret: - secretName: {{ include "common.release" . }}-so-truststore-secret imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml index e7cb3aa782..108b928eb5 100755 --- a/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml @@ -67,7 +67,7 @@ spec: export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password}" + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} /app/start-app.sh {{- end }} diff --git a/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml index d58fd86194..b532515d56 100755 --- a/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml @@ -67,7 +67,7 @@ spec: export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password}" + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} /app/start-app.sh {{- end }} diff --git a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml index e7cb3aa782..108b928eb5 100755 --- a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml +++ b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml @@ -67,7 +67,7 @@ spec: export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password}" + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} /app/start-app.sh {{- end }} diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml index 5797007243..6d440fe00a 100755 --- a/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml @@ -53,7 +53,7 @@ spec: export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password}" + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} /app/start-app.sh {{- end }} diff --git a/kubernetes/so/components/so-secrets/Chart.yaml b/kubernetes/so/components/so-secrets/Chart.yaml deleted file mode 100644 index d96245d752..0000000000 --- a/kubernetes/so/components/so-secrets/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright © 2018 AT&T USA -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -description: A Helm chart for so secrets -name: so-secrets -version: 6.0.0 diff --git a/kubernetes/so/components/so-secrets/requirements.yaml b/kubernetes/so/components/so-secrets/requirements.yaml deleted file mode 100755 index 2eb32d00ed..0000000000 --- a/kubernetes/so/components/so-secrets/requirements.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -dependencies: - - name: common - version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' diff --git a/kubernetes/so/components/so-secrets/resources/certs/org.onap.so.trust.jks b/kubernetes/so/components/so-secrets/resources/certs/org.onap.so.trust.jks deleted file mode 100644 index 31ea6ba650907cfa4747fb2ceb06398e613e29a7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4641 zcmeI0c{o*H+sDu3m=1>s$#6tEWZ1`C_~A&&JgX4LEc2A1BRZi>5gBvLgcLGQ#~d;w zLS|A48A`?s&(W{n^Y;AS_mB6vuIG>Uk9S|!-fP`!-PgX>Ue~?8_vhXR%LmIK5C}rP zp+8$1E1bELs};`48~}m9?uE8`Rv?NiB9g#45QqW`5Geit2vGhEC5u zs~`e&aB9I&)zB?EFqoDC1PEd10R$Xs2%|+%XzME}UBu7ZZR5GZ-V`iE zI5a{}&OLPfR{cUHSnIyglZFca$a~GPhe(@>nNgkL(g@U(R>k@rwcXQrw^c%%pAs+b zfqX*Cu|jP_sguGQyQMu%k4~>)@2(?4uQZ2N`Ek!!R7wWzXEEybspLyLm5n_aHvXUu zwbdAul=)2h_F*lLki5mN)8Yj0pM)ebhfi$0>3Y+ZC|MdX!(_ZgpV}|}G=TOoy)hq- zuI;H{VTtQ#xmvG`DXf9zRiuJ93l338=T#c7$mS3zKeozme8oL&G9#*?^5QjCpf4_K zUAk1TOI?F<*UYZZ$KT#?xYC$FbJG& z1>gWqatLzL!&qR<`iA1))R+2oOPhUDn$ehBtBcE*0q&z|UKks|67)YiAdeiFz~Dm| z1pp;C0R7Pb@@N1?J|LmLhave?ki!rRQsC~iFZNB>EKy*$!^x3^^*TE!Zya1Kk(|2k z!YeM?x1KZzP4a;|?=sRT(8r$4xD%+}VcrtUZXE8IR2mn86){O@T-iO~=cz-v*f*>w zr0Tf69u)iL@x8b$bGe(S-eQ}$@f?Ur_Ukz=BWuFB7wCMonZJp+pD>UQ%W(IcI^pRX z`8f5N3NHJH+N++DCR3Gy%rq0GxbD+WgBBE9+Qg>I+}%RT>#Ai??Ge+_d?6onq8Jr? zGt%?E^$q#n`s~;l&GvMpD4gh1(aPl?#&4)rT+^U_smGNE{I#?4;$R~Ev`^TkWGy?a zTq7s_-VF*t{4LpDF+AFA7)k$qa&so=_{R|8Yf~_aQXd!GA5HoXW6p&pG!`NA1P_7& zLzIm8&wlOM_KqoHM!STETz6izB(P6Mav$bDDPR$Ar$w)$Ctdnu^A4Q?&#{+26puRj z%BNZmjrx+6e2J+-Ty)NM+Co9@LS9Y*k1^95k{$M=eFnH-`_V{PM>P$ zOyZK(B#84_=Gsk*s?Tip1dcbu=Z#m1itfpq1_AxE9xt9~n)3CBovKUOMn3K+nw{iG zSQ4XpSdMkNaG;}5ozlp{(-u7CsB3f8E<~|!P9bpLGSXP?*ajQ^K)tB1G=x_#CR?(F zqjuufP2>X03H&^9bzsDSgVj6qr^rH`JuS)V>el5Mw(w7Nh2A48>s_);Ig*8S-$Lc4 zpc!)TZy^NS3I9zxm9;R8z)=vws1Q`14p#QwI2St%!_P2;Q6ea<>}_1^ti3S^fab`F z1_AZ=viVJ!{cT)uZe-<^I+}$dM6VgBptRj=Ty$_wHeOyfC_PtKFO;&4hnIt`gB6ZE zpycgk@9N>;<%bdjFw#GDTN)52_rw4hj09P?#g0tLUnYS6kFWJO!1U)@5rQJ*ZxOL_ zbr!L5!7u@g|I9zsU>2B*x04e<0RQ(q06xkCU~(P+gF!DVEDbtEn~)wB$6VQ4myt># zmiydPBypn?ZU=Y56x2A=*Q)9m@rOQ0C7Vv-YL!?hv+x`CPFVe6BwI!d9rx8U z$vmVpTGN{|iD~GvIgCmg6wc+sSDo8MMeWCwQ-k08B2@USxpICJtJ!sfj#)N!RkFrw zYf;{qkHbq2$tgH)=B-DwUc{ndVxX4X1O8#e8lL`B2mcmd(4&o!O{7DatsgwxV%})U zk+MHWGe%=<{o{J_ax|TO`bCk~%s%bZA*EZaY^WXeG>ICj64bCo+}wq+qQNr)dciw$ zx-NI?{novUUSwq1KFTYyYsKar+Hla4{HZ_y|Ipj!jpX>tg*?y!cp4Ezae{%jle9Bf zlCX(NjAVpedC!!?%&G{g*J_PZPS#v8taW?>pYKdw7Vu@I$l3NeZ#7!GHByi}^FL%|B4 zJyW8}>GU9p>j%x+7akkjgDq2im3o6#d0%Pe?op%9usemcclF@4%@ZTtXeG4hdG}na zhO*G{nDij=z_Tiz-!0I(CE-oIIX4yGu36?ifTlj&?$K6_`o!9n*s;J>t|+}By%jTN zVb`Z|TJ*6p){e4q2)!^s?=6(DN_V2-%eys1a*8`iG&%{;?d|gBx zRkH<{dDS$>pBfvKEk(S*zZS^qR&Wzq&vFfX^E~*id$*pk#n5R!ypY*5*%zm@aAWck zpHdKvEh2Ij0H+}<@5Ed9o&4g6eXh;;$d%~mJh(rzDdjk+6>@^XwZ?z^2K1$NoE6?g z$W1gyXH1s&i>L7@2`Oz*me60)<+34~+~~+6TW? zHbS?OFRIencKy`-uxj%)B~l1n9-f-@Ho1VU;cQ^uVrw!)$Rr@$jo598jUPCsfA-i5 zu~gHKN*)bEk^yzHNlzwPC?`ruXBcz@HIL26hXS3F%G8_h%IOCpRy$^Nq8WCqsTXUWcI=ciq zkef2kjo7~VLs4TLfbR00@iepJq3$DIeHV@1|76BhG?Kc)vCCRm8)wvD;MLG7)?pfZ zb)ez(C|2v^Ee0<~@7BZ>zG-zgK^Ai*@MO`&d_&Fp%op$0s3!e#bR^}Ug4w{n8|fMr zmJPV8T#&aV91+0FI`{$-R_W;n=0vP7I1bQjIo%PvDc<*4C>T#wJK|!h*>NM1`@}oS zxl^`vv)ep!0_-EVzEQpGvCIcu_V4mO3}VK&IdT#RSy;p5l%|p}$P?Y6u7+I_98{b<&Z$KR}XJO0<(RJ6x`2w{UJ$j=hT^9xt9L zUXWZzo}g+pGDz}NnR>_xfzCEjNpQuJUWQc`H8ECGFNKLw!gKZUsYTV)u#QlO`tYND z;dS#!y`3Agj&jx#)>?~62IcpNVSanH)4i8?E{j<>c8X?%4vZffY0fc%WG8}sho(-7 z4|1yq5u`vQ6g)rj+>UJ5m4O?3vQkk|A0%!^Pabj=UR291xM+UE3u!m7(Y+QP*6nig zlwe|DN0m0aya>S4I@KhdJGWMn6vd?Lw)ymO4b$`c%e*aK*K+O@%1^&_zaF`-=3ME@S5Q!Fj~Y*D3IP)x>5x8qF#Wtb zfisp_G?QAD&tqP_FUYNIT>ZvY z%D>p^Z*}c2)S^W|HTAK7xkC|@WZ)Baz}aC00rc;ra?+JdV8Yf8o>tzTo{CNmo?f0J zM?)g69(Ml^F#j8X$(ADjI1nR4Atxj3EFeJmYp4J0*x>94#|1?^9h}{qY^-gZUH@x$ z|Mic>Pw;6#XZdx^f;qRe=*p-d^Y6m_OeC3Q+TYYw8d$$+GbX06L=-)6rubw#J2amy zWgVG|9)3JZJPtRBDI|2&a|Cfhw1yiCOQ7(*islQ#?$aVZa}mo7o9|=egxGGmbA<)f zeREc&))O@>j;=yad_)-pev_=?c-8Lwl*19f+Zb<|VyYU3aOc6HY8P=Pn65_*;KoYU@ya zEYq|wC!EH2RhCP$nO`|~Gk!C34eb@M