Update Gizmo and Champ security config

- Update rProxy to use AAF geo-locate endpoint rather than hard coded IP
address
- Update fProxy to use separate truststore
- Restructure charts to reduce certificate duplication

Change-Id: I1e63ceb0ebabd8bb3dfacc71dac841858279b6f1
Issue-ID: AAF-718
Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>

2 files changed, 18 insertions, 33 deletions

diff --git a/charts/aai-gizmo/templates/deployment.yaml b/charts/aai-gizmo/templates/deployment.yaml
index 0a30388..ba90fdc 100644
--- a/charts/aai-gizmo/templates/deployment.yaml
+++ b/charts/aai-gizmo/templates/deployment.yaml
@@ -32,11 +32,6 @@ spec:
         release: {{ .Release.Name }}
     spec:
     {{ if .Values.global.installSidecarSecurity }}
-      hostAliases:
-      - ip: {{ .Values.global.aaf.serverIp }}
-        hostnames:
-        - {{ .Values.global.aaf.serverHostname }}
-
       initContainers:
         - name: {{ .Values.global.tproxyConfig.name }}
           image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
@@ -154,18 +149,18 @@ spec:
           - name: {{ include "common.fullname" . }}-rproxy-log-config
             mountPath: /opt/app/rproxy/config/logback-spring.xml
             subPath: logback-spring.xml
-          - name: {{ include "common.fullname" . }}-rproxy-auth-config
+          - name: {{ include "common.fullname" . }}-rproxy-auth-certs
             mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
             subPath: tomcat_keystore
-          - name: {{ include "common.fullname" . }}-rproxy-auth-config
+          - name: {{ include "common.fullname" . }}-rproxy-auth-certs
             mountPath: /opt/app/rproxy/config/auth/client-cert.p12
             subPath: client-cert.p12
+          - name: {{ include "common.fullname" . }}-rproxy-auth-certs
+            mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
+            subPath: org.onap.aai.p12
           - name: {{ include "common.fullname" . }}-rproxy-auth-config
             mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
             subPath: uri-authorization.json
-          - name: {{ include "common.fullname" . }}-rproxy-auth-config
-            mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
-            subPath: aaf_truststore.jks
           - name: {{ include "common.fullname" . }}-rproxy-security-config
             mountPath: /opt/app/rproxy/config/security/keyfile
             subPath: keyfile
@@ -181,6 +176,8 @@ spec:
             value: "/opt/app/fproxy/config"
           - name: KEY_STORE_PASSWORD
             value: {{ .Values.config.keyStorePassword }}
+          - name: TRUST_STORE_PASSWORD
+            value: {{ .Values.config.trustStorePassword }}
           - name: spring_profiles_active
             value: {{ .Values.global.fproxy.activeSpringProfiles }}
           volumeMounts:
@@ -190,10 +187,13 @@ spec:
           - name: {{ include "common.fullname" . }}-fproxy-log-config
             mountPath: /opt/app/fproxy/config/logback-spring.xml
             subPath: logback-spring.xml
-          - name: {{ include "common.fullname" . }}-fproxy-auth-config
+          - name: {{ include "common.fullname" . }}-fproxy-auth-certs
             mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
             subPath: tomcat_keystore
-          - name: {{ include "common.fullname" . }}-fproxy-auth-config
+          - name: {{ include "common.fullname" . }}-fproxy-auth-certs
+            mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
+            subPath: fproxy_truststore
+          - name: {{ include "common.fullname" . }}-fproxy-auth-certs
             mountPath: /opt/app/fproxy/config/auth/client-cert.p12
             subPath: client-cert.p12
           ports:
@@ -245,18 +245,21 @@ spec:
         - name: {{ include "common.fullname" . }}-rproxy-auth-config
           secret:
             secretName: {{ include "common.fullname" . }}-rproxy-auth-config
+        - name: {{ include "common.fullname" . }}-rproxy-auth-certs
+          secret:
+            secretName: aai-rproxy-auth-certs
         - name: {{ include "common.fullname" . }}-rproxy-security-config
           secret:
-            secretName: {{ include "common.fullname" . }}-rproxy-security-config
+            secretName: aai-rproxy-security-config
         - name: {{ include "common.fullname" . }}-fproxy-config
           configMap:
             name: {{ include "common.fullname" . }}-fproxy-config
         - name: {{ include "common.fullname" . }}-fproxy-log-config
           configMap:
             name: {{ include "common.fullname" . }}-fproxy-log-config
-        - name: {{ include "common.fullname" . }}-fproxy-auth-config
+        - name: {{ include "common.fullname" . }}-fproxy-auth-certs
           secret:
-            secretName: {{ include "common.fullname" . }}-fproxy-auth-config
+            secretName: aai-fproxy-auth-certs
     {{ end }}
 
       imagePullSecrets:
diff --git a/charts/aai-gizmo/templates/secrets.yaml b/charts/aai-gizmo/templates/secrets.yaml
index 7db7605..96c3424 100644
--- a/charts/aai-gizmo/templates/secrets.yaml
+++ b/charts/aai-gizmo/templates/secrets.yaml
@@ -46,27 +46,9 @@ data:
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "common.fullname" . }}-fproxy-auth-config
-  namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
   name: {{ include "common.fullname" . }}-rproxy-auth-config
   namespace: {{ include "common.namespace" . }}
 type: Opaque
 data:
 {{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-rproxy-security-config
-  namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
 {{ end }}