From c27240ba03334c57a012b9b4f535cecdde602526 Mon Sep 17 00:00:00 2001 From: Bruno Sakoto Date: Mon, 8 Mar 2021 17:59:44 -0500 Subject: [PATCH] [CPS] Add credentials for service basic auth Set environment variables for basic authentication to cps service. Username and password are provided from values file. If the password is not provided, it is generated from master password at deployment time. Issue-ID: CPS-175 Signed-off-by: Bruno Sakoto Change-Id: Icc2744b851cfd4288a3951f791f2bd284f4ad3ca --- kubernetes/cps/templates/deployment.yaml | 7 ++++++- kubernetes/cps/values.yaml | 23 ++++++++++++++++++----- 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/kubernetes/cps/templates/deployment.yaml b/kubernetes/cps/templates/deployment.yaml index 4f87d206a7..59062cc0f8 100755 --- a/kubernetes/cps/templates/deployment.yaml +++ b/kubernetes/cps/templates/deployment.yaml @@ -1,6 +1,6 @@ {{/* # Copyright (C) 2021 Pantheon.tech, Orange -# Modifications Copyright (C) 2020 Bell Canada. All rights reserved. +# Modifications Copyright (C) 2021 Bell Canada. # Modifications Copyright (C) 2021 Nordix Foundation. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -70,6 +70,11 @@ spec: path: {{ .Values.readiness.path }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + env: + - name: CPS_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }} + - name: CPS_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }} resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }} diff --git a/kubernetes/cps/values.yaml b/kubernetes/cps/values.yaml index 2c28231490..77ebb09dd9 100755 --- a/kubernetes/cps/values.yaml +++ b/kubernetes/cps/values.yaml @@ -1,4 +1,4 @@ -# Copyright (C) 2021 Pantheon.tech, Orange +# Copyright (C) 2021 Pantheon.tech, Orange, Bell Canada. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -29,6 +29,12 @@ secrets: login: '{{ .Values.postgres.config.pgUserName }}' password: '{{ .Values.postgres.config.pgUserPassword }}' passwordPolicy: generate + - uid: app-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}' + login: '{{ .Values.config.appUserName }}' + password: '{{ .Values.config.appUserPassword }}' + passwordPolicy: generate ################################################################# # Global configuration defaults. @@ -44,10 +50,6 @@ global: image: onap/cps-and-nf-proxy:1.0.0 containerPort: &svc_port 8080 -config: - # Set it for pre loading xnfdata, else set to null - liquibaseLabels: xnf-data-preload - service: type: ClusterIP name: cps @@ -117,9 +119,20 @@ securityContext: ################################################################# # Application configuration defaults. ################################################################# + +config: + + # Set it for pre loading xnfdata, else set to null + liquibaseLabels: xnf-data-preload + + # REST API basic authentication credentials (passsword is generated if not provided) + appUserName: cpsuser + #appUserPassword: + logging: level: INFO path: /tmp + ################################################################# # Postgres overriding defaults in the postgres ################################################################# -- 2.16.6