diff options
Diffstat (limited to 'components/aai-gizmo')
39 files changed, 1361 insertions, 0 deletions
diff --git a/components/aai-gizmo/.helmignore b/components/aai-gizmo/.helmignore new file mode 100644 index 0000000..daebc7d --- /dev/null +++ b/components/aai-gizmo/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/components/aai-gizmo/Chart.yaml b/components/aai-gizmo/Chart.yaml new file mode 100644 index 0000000..2a69250 --- /dev/null +++ b/components/aai-gizmo/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Gizmo service +name: aai-gizmo +version: 5.0.0 diff --git a/components/aai-gizmo/resources/config/README.txt b/components/aai-gizmo/resources/config/README.txt new file mode 100644 index 0000000..3761781 --- /dev/null +++ b/components/aai-gizmo/resources/config/README.txt @@ -0,0 +1,24 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +This directory contains all external configuration files that +need to be mounted into an application container. + +See the configmap.yaml in the templates directory for an example +of how to load (ie map) config files from this directory, into +Kubernetes, for distribution within the k8s cluster. + +See deployment.yaml in the templates directory for an example +of how the 'config mapped' files are then mounted into the +containers. diff --git a/components/aai-gizmo/resources/config/auth/champ-cert.p12 b/components/aai-gizmo/resources/config/auth/champ-cert.p12 Binary files differnew file mode 100644 index 0000000..dbf4fca --- /dev/null +++ b/components/aai-gizmo/resources/config/auth/champ-cert.p12 diff --git a/components/aai-gizmo/resources/config/auth/client-cert.p12 b/components/aai-gizmo/resources/config/auth/client-cert.p12 Binary files differnew file mode 100644 index 0000000..dbf4fca --- /dev/null +++ b/components/aai-gizmo/resources/config/auth/client-cert.p12 diff --git a/components/aai-gizmo/resources/config/auth/crud_policy.json b/components/aai-gizmo/resources/config/auth/crud_policy.json new file mode 100644 index 0000000..7a5007e --- /dev/null +++ b/components/aai-gizmo/resources/config/auth/crud_policy.json @@ -0,0 +1,18 @@ +{
+ "roles": [
+ {
+ "name": "admin",
+ "functions": [
+ {
+ "name": "crud", "methods": [ { "name": "GET" },{ "name": "DELETE" }, { "name": "PUT" }, { "name": "POST" }, { "name": "PATCH"} ]
+ }
+ ],
+
+ "users": [
+ {
+ "username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file diff --git a/components/aai-gizmo/resources/config/auth/datarouter-cert.p12 b/components/aai-gizmo/resources/config/auth/datarouter-cert.p12 Binary files differnew file mode 100644 index 0000000..dbf4fca --- /dev/null +++ b/components/aai-gizmo/resources/config/auth/datarouter-cert.p12 diff --git a/components/aai-gizmo/resources/config/auth/tomcat_keystore b/components/aai-gizmo/resources/config/auth/tomcat_keystore Binary files differnew file mode 100644 index 0000000..9eec841 --- /dev/null +++ b/components/aai-gizmo/resources/config/auth/tomcat_keystore diff --git a/components/aai-gizmo/resources/config/crud-api.properties b/components/aai-gizmo/resources/config/crud-api.properties new file mode 100644 index 0000000..0b7f95f --- /dev/null +++ b/components/aai-gizmo/resources/config/crud-api.properties @@ -0,0 +1,20 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# CRUD-API configuration + +crud.async.request.timeout=60000 +crud.async.response.process.poll.interval=1000 +crud.collection.properties.key=properties diff --git a/components/aai-gizmo/resources/config/crud-beans.xml b/components/aai-gizmo/resources/config/crud-beans.xml new file mode 100644 index 0000000..e0ab32b --- /dev/null +++ b/components/aai-gizmo/resources/config/crud-beans.xml @@ -0,0 +1,47 @@ +<!-- +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--> + +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:util="http://www.springframework.org/schema/util" + xsi:schemaLocation=" + http://www.springframework.org/schema/beans + http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/util + http://www.springframework.org/schema/util/spring-util.xsd + "> + + <bean id="champDao" class="org.onap.crud.dao.champ.ChampDao"> + <constructor-arg name="champUrl" value="https://aai-champ.{{.Release.Namespace}}:9522/services/champ-service/v1/"/> + <constructor-arg name="certPassword" value="OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10"/> + </bean> + + <bean id="dataRouterDAO" class="org.onap.crud.dao.DataRouterDAO"> + <constructor-arg name="url" value="https://data-router.{{.Release.Namespace}}:9502/services/champ-service/v1/"/> + <constructor-arg name="certPassword" value="OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10"/> + </bean> + + <!-- Synchronous Mode --> + <bean id="graphDataService" class="org.onap.crud.service.CrudGraphDataService" > + <constructor-arg name="dao" ref="champDao" /> + <constructor-arg name="daoForGet" ref="champDao" /> <!-- Using champ for both types of API for now --> + </bean> + + <bean id="crudRestService" class="org.onap.crud.service.CrudRestService" init-method="startup" > + <constructor-arg name="graphDataService" ref="graphDataService" /> + </bean> + +</beans> diff --git a/components/aai-gizmo/resources/config/edgeprops-ingest.properties b/components/aai-gizmo/resources/config/edgeprops-ingest.properties new file mode 100644 index 0000000..fbefd30 --- /dev/null +++ b/components/aai-gizmo/resources/config/edgeprops-ingest.properties @@ -0,0 +1,3 @@ +# DB Edge Property files are copied here: +edgePropsDir=/opt/app/crud-service/config/model + diff --git a/components/aai-gizmo/resources/config/log/filebeat/filebeat.yml b/components/aai-gizmo/resources/config/log/filebeat/filebeat.yml new file mode 100644 index 0000000..d7f0b0a --- /dev/null +++ b/components/aai-gizmo/resources/config/log/filebeat/filebeat.yml @@ -0,0 +1,55 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +filebeat.prospectors: +#it is mandatory, in our case it's log +- input_type: log + #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. + paths: + - /var/log/onap/*/*/*/*.log + - /var/log/onap/*/*/*.log + - /var/log/onap/*/*.log + #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive + ignore_older: 48h + # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit + clean_inactive: 96h + + +# Name of the registry file. If a relative path is used, it is considered relative to the +# data path. Else full qualified file name. +#filebeat.registry_file: ${path.data}/registry + + +output.logstash: + #List of logstash server ip addresses with port number. + #But, in our case, this will be the loadbalancer IP address. + #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. + hosts: ["logstash.{{ .Release.Name }}-log:5044"] + #If enable will do load balancing among availabe Logstash, automatically. + loadbalance: true + + #The list of root certificates for server verifications. + #If certificate_authorities is empty or not set, the trusted + #certificate authorities of the host system are used. + #ssl.certificate_authorities: $ssl.certificate_authorities + + #The path to the certificate for SSL client authentication. If the certificate is not specified, + #client authentication is not available. + #ssl.certificate: $ssl.certificate + + #The client certificate key used for client authentication. + #ssl.key: $ssl.key + + #The passphrase used to decrypt an encrypted key stored in the configured key file + #ssl.key_passphrase: $ssl.key_passphrase diff --git a/components/aai-gizmo/resources/config/log/logback.xml b/components/aai-gizmo/resources/config/log/logback.xml new file mode 100644 index 0000000..c6bcf57 --- /dev/null +++ b/components/aai-gizmo/resources/config/log/logback.xml @@ -0,0 +1,196 @@ +<!-- +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--> + + +<configuration scan="true" scanPeriod="3 seconds" debug="false"> + <!--<jmxConfigurator /> --> + <!-- directory path for all other type logs --> + + <property name="logDir" value="/var/log/onap" /> + + + <!-- specify the component name + <ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" --> + <property name="componentName" value="AAI-CRUD" /> + + <!-- default eelf log file names --> + <property name="generalLogName" value="error" /> + <property name="metricsLogName" value="metrics" /> + <property name="auditLogName" value="audit" /> + <property name="debugLogName" value="debug" /> + + <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|GIZMO|%mdc{PartnerName}|%logger||%.-5level|%msg%n" /> + <property name="auditMetricPattern" value="%m%n" /> + + <property name="logDirectory" value="${logDir}/${componentName}" /> + + <!-- Example evaluator filter applied against console appender --> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + + <!-- ============================================================================ --> + <!-- EELF Appenders --> + <!-- ============================================================================ --> + + <!-- The EELFAppender is used to record events to the general application + log --> + + <appender name="EELF" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${generalLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender"> + <!-- deny all events with a level below INFO, that is TRACE and DEBUG --> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>INFO</level> + </filter> + <queueSize>256</queueSize> + <appender-ref ref="EELF" /> + </appender> + + + <!-- EELF Audit Appender. This appender is used to record audit engine + related logging events. The audit logger and appender are specializations + of the EELF application root logger and appender. This can be used to segregate + Policy engine events from other components, or it can be eliminated to record + these events as part of the application root log. --> + + <appender name="EELFAudit" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${auditLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${auditMetricPattern}</pattern> + </encoder> + </appender> + <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFAudit" /> + </appender> + + <appender name="EELFMetrics" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${metricsLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - + %msg%n"</pattern> --> + <pattern>${auditMetricPattern}</pattern> + </encoder> + </appender> + + + <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFMetrics"/> + </appender> + + <appender name="EELFDebug" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${debugLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip + </fileNamePattern> + <maxHistory>60</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFDebug" /> + <includeCallerData>false</includeCallerData> + </appender> + + + <!-- ============================================================================ --> + <!-- EELF loggers --> + <!-- ============================================================================ --> + <logger name="com.att.eelf" level="info" additivity="false"> + <appender-ref ref="asyncEELF" /> + <appender-ref ref="asyncEELFDebug" /> + </logger> + + <logger name="com.att.eelf.audit" level="info" additivity="false"> + <appender-ref ref="asyncEELFAudit" /> + </logger> + <logger name="com.att.eelf.metrics" level="info" additivity="false"> + <appender-ref ref="asyncEELFMetrics" /> + </logger> + + <!-- Spring related loggers --> + <logger name="org.springframework" level="WARN" /> + <logger name="org.springframework.beans" level="WARN" /> + <logger name="org.springframework.web" level="WARN" /> + <logger name="com.blog.spring.jms" level="WARN" /> + + <!-- ARMAdapter Service loggers --> + <logger name="com.amdocs.aai.armadapter" level="INFO" /> + + <!-- Other Loggers that may help troubleshoot --> + <logger name="net.sf" level="WARN" /> + <logger name="org.apache" level="WARN" /> + <logger name="org.apache.commons.httpclient" level="WARN" /> + <logger name="org.apache.commons" level="WARN" /> + <logger name="org.apache.coyote" level="WARN" /> + <logger name="org.apache.jasper" level="WARN" /> + + <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. + May aid in troubleshooting) --> + <logger name="org.apache.camel" level="WARN" /> + <logger name="org.apache.cxf" level="WARN" /> + <logger name="org.apache.camel.processor.interceptor" level="WARN" /> + <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" /> + <logger name="org.apache.cxf.service" level="WARN" /> + <logger name="org.restlet" level="WARN" /> + <logger name="org.apache.camel.component.restlet" level="WARN" /> + + + <!-- logback internals logging --> + <logger name="ch.qos.logback.classic" level="WARN" /> + <logger name="ch.qos.logback.core" level="WARN" /> + + <root> + <appender-ref ref="asyncEELF" /> + <!-- <appender-ref ref="asyncEELFDebug" /> --> + </root> + +</configuration> diff --git a/components/aai-gizmo/resources/config/model/edge_properties_v10.json b/components/aai-gizmo/resources/config/model/edge_properties_v10.json new file mode 100644 index 0000000..7cbddae --- /dev/null +++ b/components/aai-gizmo/resources/config/model/edge_properties_v10.json @@ -0,0 +1,10 @@ +{ + "isParent":"java.lang.Boolean", + "isParent-REV":"java.lang.Boolean", + "usesResource":"java.lang.Boolean", + "usesResource-REV":"java.lang.Boolean", + "SVC-INFRA":"java.lang.Boolean", + "SVC-INFRA-REV":"java.lang.Boolean", + "hasDelTarget":"java.lang.Boolean", + "hasDelTarget-REV":"java.lang.Boolean" +} diff --git a/components/aai-gizmo/resources/config/model/edge_properties_v11.json b/components/aai-gizmo/resources/config/model/edge_properties_v11.json new file mode 100644 index 0000000..09e19b0 --- /dev/null +++ b/components/aai-gizmo/resources/config/model/edge_properties_v11.json @@ -0,0 +1,6 @@ +{
+ "contains-other-v": "java.lang.String",
+ "delete-other-v": "java.lang.String",
+ "SVC-INFRA": "java.lang.String",
+ "prevent-delete": "java.lang.String"
+}
\ No newline at end of file diff --git a/components/aai-gizmo/resources/config/model/edge_properties_v12.json b/components/aai-gizmo/resources/config/model/edge_properties_v12.json new file mode 100644 index 0000000..09e19b0 --- /dev/null +++ b/components/aai-gizmo/resources/config/model/edge_properties_v12.json @@ -0,0 +1,6 @@ +{
+ "contains-other-v": "java.lang.String",
+ "delete-other-v": "java.lang.String",
+ "SVC-INFRA": "java.lang.String",
+ "prevent-delete": "java.lang.String"
+}
\ No newline at end of file diff --git a/components/aai-gizmo/resources/config/model/edge_properties_v13.json b/components/aai-gizmo/resources/config/model/edge_properties_v13.json new file mode 100644 index 0000000..09e19b0 --- /dev/null +++ b/components/aai-gizmo/resources/config/model/edge_properties_v13.json @@ -0,0 +1,6 @@ +{
+ "contains-other-v": "java.lang.String",
+ "delete-other-v": "java.lang.String",
+ "SVC-INFRA": "java.lang.String",
+ "prevent-delete": "java.lang.String"
+}
\ No newline at end of file diff --git a/components/aai-gizmo/resources/config/model/edge_properties_v14.json b/components/aai-gizmo/resources/config/model/edge_properties_v14.json new file mode 100644 index 0000000..8d00636 --- /dev/null +++ b/components/aai-gizmo/resources/config/model/edge_properties_v14.json @@ -0,0 +1,6 @@ +{ + "contains-other-v": "java.lang.String", + "delete-other-v": "java.lang.String", + "SVC-INFRA": "java.lang.String", + "prevent-delete": "java.lang.String" +}
\ No newline at end of file diff --git a/components/aai-gizmo/resources/config/model/edge_properties_v15.json b/components/aai-gizmo/resources/config/model/edge_properties_v15.json new file mode 100644 index 0000000..8d00636 --- /dev/null +++ b/components/aai-gizmo/resources/config/model/edge_properties_v15.json @@ -0,0 +1,6 @@ +{ + "contains-other-v": "java.lang.String", + "delete-other-v": "java.lang.String", + "SVC-INFRA": "java.lang.String", + "prevent-delete": "java.lang.String" +}
\ No newline at end of file diff --git a/components/aai-gizmo/resources/config/model/edge_properties_v7.json b/components/aai-gizmo/resources/config/model/edge_properties_v7.json new file mode 100644 index 0000000..7cbddae --- /dev/null +++ b/components/aai-gizmo/resources/config/model/edge_properties_v7.json @@ -0,0 +1,10 @@ +{ + "isParent":"java.lang.Boolean", + "isParent-REV":"java.lang.Boolean", + "usesResource":"java.lang.Boolean", + "usesResource-REV":"java.lang.Boolean", + "SVC-INFRA":"java.lang.Boolean", + "SVC-INFRA-REV":"java.lang.Boolean", + "hasDelTarget":"java.lang.Boolean", + "hasDelTarget-REV":"java.lang.Boolean" +} diff --git a/components/aai-gizmo/resources/config/model/edge_properties_v8.json b/components/aai-gizmo/resources/config/model/edge_properties_v8.json new file mode 100644 index 0000000..7cbddae --- /dev/null +++ b/components/aai-gizmo/resources/config/model/edge_properties_v8.json @@ -0,0 +1,10 @@ +{ + "isParent":"java.lang.Boolean", + "isParent-REV":"java.lang.Boolean", + "usesResource":"java.lang.Boolean", + "usesResource-REV":"java.lang.Boolean", + "SVC-INFRA":"java.lang.Boolean", + "SVC-INFRA-REV":"java.lang.Boolean", + "hasDelTarget":"java.lang.Boolean", + "hasDelTarget-REV":"java.lang.Boolean" +} diff --git a/components/aai-gizmo/resources/config/model/edge_properties_v9.json b/components/aai-gizmo/resources/config/model/edge_properties_v9.json new file mode 100644 index 0000000..7cbddae --- /dev/null +++ b/components/aai-gizmo/resources/config/model/edge_properties_v9.json @@ -0,0 +1,10 @@ +{ + "isParent":"java.lang.Boolean", + "isParent-REV":"java.lang.Boolean", + "usesResource":"java.lang.Boolean", + "usesResource-REV":"java.lang.Boolean", + "SVC-INFRA":"java.lang.Boolean", + "SVC-INFRA-REV":"java.lang.Boolean", + "hasDelTarget":"java.lang.Boolean", + "hasDelTarget-REV":"java.lang.Boolean" +} diff --git a/components/aai-gizmo/resources/config/schema-ingest.properties b/components/aai-gizmo/resources/config/schema-ingest.properties new file mode 100644 index 0000000..647d4d9 --- /dev/null +++ b/components/aai-gizmo/resources/config/schema-ingest.properties @@ -0,0 +1,45 @@ +############################################################################### +# Schema Version Related Attributes +############################################################################### +schema.uri.base.path=/aai +# Lists all of the versions in the schema +schema.version.list=v10,v11,v12,v13,v14,v15 +# Specifies from which version should the depth parameter to default to zero +schema.version.depth.start=v10 +# Specifies from which version should the related link be displayed in response payload +schema.version.related.link.start=v10 +# Specifies from which version should the client see only the uri excluding host info +# Before this version server base will also be included +schema.version.app.root.start=v11 +# Specifies from which version should the namespace be changed +schema.version.namespace.change.start=v11 +# Specifies from which version should the client start seeing the edge label in payload +schema.version.edge.label.start=v12 +# Specifies the version that the application should default to +schema.version.api.default=v15 + +############################################################################### +# Schema Location Related Attributes +############################################################################### +# Schema Location Related Attributes +schema.configuration.location=NA +schema.nodes.location=/opt/app/crud-api/bundleconfig/etc/onap/oxm +schema.edges.location=/opt/app/crud-api/bundleconfig/etc/onap/dbedgerules + +############################################################################### +# Schema Service Related Attributes +############################################################################### +# Specifies whether to use the schema service or local schema files +schema.translator.list=config + +schema.service.base.url=https://<host>:8452/aai/schema-service/v1/ +schema.service.nodes.endpoint=nodes?version= +schema.service.edges.endpoint=edgerules?version= +schema.service.versions.endpoint=versions + +#Default rest client is the two-way-ssl +schema.service.client=two-way-ssl +#Replace the below with the A&AI client key store +schema.service.ssl.key-store=${CONFIG_HOME}/auth/client-cert.p12 +#Replace the below with the A&AI tomcat trust store +schema.service.ssl.trust-store=${CONFIG_HOME}/auth/tomcat_keystore
\ No newline at end of file diff --git a/components/aai-gizmo/resources/fproxy/config/fproxy.properties b/components/aai-gizmo/resources/fproxy/config/fproxy.properties new file mode 100644 index 0000000..f512fb7 --- /dev/null +++ b/components/aai-gizmo/resources/fproxy/config/fproxy.properties @@ -0,0 +1,2 @@ +credential.cache.timeout.ms=180000 +transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/components/aai-gizmo/resources/fproxy/config/logback-spring.xml b/components/aai-gizmo/resources/fproxy/config/logback-spring.xml new file mode 100644 index 0000000..2e62379 --- /dev/null +++ b/components/aai-gizmo/resources/fproxy/config/logback-spring.xml @@ -0,0 +1,45 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + + <property name="LOGS" value="./logs/AAF-FPS" /> + <property name="FILEPREFIX" value="application" /> + + <appender name="Console" + class="ch.qos.logback.core.ConsoleAppender"> + <layout class="ch.qos.logback.classic.PatternLayout"> + <Pattern> + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + </Pattern> + </layout> + </appender> + + <appender name="RollingFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOGS}/${FILEPREFIX}.log</file> + <encoder + class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> + </encoder> + + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <!-- rollover daily and when the file reaches 10 MegaBytes --> + <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + </fileNamePattern> + <timeBasedFileNamingAndTriggeringPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> + <maxFileSize>10MB</maxFileSize> + </timeBasedFileNamingAndTriggeringPolicy> + </rollingPolicy> + </appender> + + <!-- LOG everything at INFO level --> + <root level="info"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </root> + + <!-- LOG "org.onap.aaf.fproxy*" at INFO level --> + <logger name="org.onap.aaf.fproxy" level="info" /> + +</configuration>
\ No newline at end of file diff --git a/components/aai-gizmo/resources/fproxy/config/readme.txt b/components/aai-gizmo/resources/fproxy/config/readme.txt new file mode 100644 index 0000000..79cf29e --- /dev/null +++ b/components/aai-gizmo/resources/fproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/components/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json b/components/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json new file mode 100644 index 0000000..54d5de2 --- /dev/null +++ b/components/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json @@ -0,0 +1,99 @@ +[ + { + "uri": "\/not\/allowed\/at\/all$", + "permissions": [ + "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt" + ] + }, + { + "uri": "\/one\/auth\/required$", + "permissions": [ + "test.auth.access.aSimpleSingleAuth" + ] + }, + { + "uri": "\/multi\/auth\/required$", + "permissions": [ + "test.auth.access.aMultipleAuth1", + "test.auth.access.aMultipleAuth2", + "test.auth.access.aMultipleAuth3" + ] + }, + { + "uri": "\/one\/[^\/]+\/required$", + "permissions": [ + "test.auth.access.aSimpleSingleAuth" + ] + }, + { + "uri": "\/services\/getAAFRequest$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/admin\/getAAFRequest$", + "permissions": [ + "test.auth.access|admin|GET,PUT,POST" + ] + }, + { + "uri": "\/service\/aai\/webapp\/index.html$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/services\/aai\/webapp\/index.html$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/$", + "permissions": [ + "\\|services\\|GET", + "test\\.auth\\.access\\|services\\|GET,PUT" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$", + "permissions": [ + "test\\.auth\\.access\\|rest\\|read" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*", + "permissions": [ + "test.auth.access|clouds|read", + "test.auth.access|tenants|read" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$", + "permissions": [ + "test.auth.access|clouds|read", + "test.auth.access|tenants|read", + "test.auth.access|vservers|read" + ] + }, + { + "uri": "\/backend$", + "permissions": [ + "test\\.auth\\.access\\|services\\|GET,PUT", + "\\|services\\|GET" + ] + }, + { + "uri": "\/services\/inventory\/.*", + "permissions": [ + "org\\.onap\\.aai\\.resources\\|\\*\\|.*" + ] + }, + { + "uri": "\/services\/gizmo\/.*", + "permissions": [ + "org\\.onap\\.aai\\.resources\\|\\*\\|.*" + ] + } +] diff --git a/components/aai-gizmo/resources/rproxy/config/cadi.properties b/components/aai-gizmo/resources/rproxy/config/cadi.properties new file mode 100644 index 0000000..51ac56a --- /dev/null +++ b/components/aai-gizmo/resources/rproxy/config/cadi.properties @@ -0,0 +1,39 @@ +# This is a normal Java Properties File +# Comments are with Pound Signs at beginning of lines, +# and multi-line expression of properties can be obtained by backslash at end of line + +#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below +#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name +#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com +#to your hosts file on your machine. +#hostname=test.aic.cip.att.com + +cadi_loglevel=DEBUG + +# OAuth2 +aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect + +cadi_latitude=37.78187 +cadi_longitude=-122.26147 + +# Locate URL (which AAF Env) +aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 + +# AAF URL +aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0 + +cadi_keyfile=/opt/app/rproxy/config/security/keyfile +cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12 +cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV +cadi_alias=aai@aai.onap.org +cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore +cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + +aaf_env=DEV + +aaf_id=demo@people.osaaf.org +aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz + +# This is a colon separated list of client cert issuers +cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
\ No newline at end of file diff --git a/components/aai-gizmo/resources/rproxy/config/forward-proxy.properties b/components/aai-gizmo/resources/rproxy/config/forward-proxy.properties new file mode 100644 index 0000000..1b58d42 --- /dev/null +++ b/components/aai-gizmo/resources/rproxy/config/forward-proxy.properties @@ -0,0 +1,4 @@ +forward-proxy.protocol = https +forward-proxy.host = localhost +forward-proxy.port = 10680 +forward-proxy.cacheurl = /credential-cache
\ No newline at end of file diff --git a/components/aai-gizmo/resources/rproxy/config/logback-spring.xml b/components/aai-gizmo/resources/rproxy/config/logback-spring.xml new file mode 100644 index 0000000..7659e28 --- /dev/null +++ b/components/aai-gizmo/resources/rproxy/config/logback-spring.xml @@ -0,0 +1,45 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + + <property name="LOGS" value="./logs/reverse-proxy" /> + <property name="FILEPREFIX" value="application" /> + + <appender name="Console" + class="ch.qos.logback.core.ConsoleAppender"> + <layout class="ch.qos.logback.classic.PatternLayout"> + <Pattern> + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + </Pattern> + </layout> + </appender> + + <appender name="RollingFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOGS}/${FILEPREFIX}.log</file> + <encoder + class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> + </encoder> + + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <!-- rollover daily and when the file reaches 10 MegaBytes --> + <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + </fileNamePattern> + <timeBasedFileNamingAndTriggeringPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> + <maxFileSize>10MB</maxFileSize> + </timeBasedFileNamingAndTriggeringPolicy> + </rollingPolicy> + </appender> + + <!-- LOG everything at INFO level --> + <root level="info"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </root> + + <!-- LOG "org.onap.aaf.rproxy*" at INFO level --> + <logger name="org.onap.aaf.rproxy" level="info" /> + +</configuration> diff --git a/components/aai-gizmo/resources/rproxy/config/primary-service.properties b/components/aai-gizmo/resources/rproxy/config/primary-service.properties new file mode 100644 index 0000000..8ab780e --- /dev/null +++ b/components/aai-gizmo/resources/rproxy/config/primary-service.properties @@ -0,0 +1,3 @@ +primary-service.protocol = https +primary-service.host = localhost +primary-service.port = 9520 diff --git a/components/aai-gizmo/resources/rproxy/config/readme.txt b/components/aai-gizmo/resources/rproxy/config/readme.txt new file mode 100644 index 0000000..79cf29e --- /dev/null +++ b/components/aai-gizmo/resources/rproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/components/aai-gizmo/resources/rproxy/config/reverse-proxy.properties b/components/aai-gizmo/resources/rproxy/config/reverse-proxy.properties new file mode 100644 index 0000000..8d46e1f --- /dev/null +++ b/components/aai-gizmo/resources/rproxy/config/reverse-proxy.properties @@ -0,0 +1 @@ +transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/components/aai-gizmo/templates/NOTES.txt b/components/aai-gizmo/templates/NOTES.txt new file mode 100644 index 0000000..0def4ed --- /dev/null +++ b/components/aai-gizmo/templates/NOTES.txt @@ -0,0 +1,33 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/components/aai-gizmo/templates/configmap.yaml b/components/aai-gizmo/templates/configmap.yaml new file mode 100644 index 0000000..2a4a1b5 --- /dev/null +++ b/components/aai-gizmo/templates/configmap.yaml @@ -0,0 +1,110 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-model-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/model/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-filebeat-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }} + +{{ if .Values.global.installSidecarSecurity }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-fproxy-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-fproxy-log-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-log-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }} +{{ end }} + diff --git a/components/aai-gizmo/templates/deployment.yaml b/components/aai-gizmo/templates/deployment.yaml new file mode 100644 index 0000000..0f491d8 --- /dev/null +++ b/components/aai-gizmo/templates/deployment.yaml @@ -0,0 +1,271 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + {{ if .Values.global.installSidecarSecurity }} + initContainers: + - name: {{ .Values.global.tproxyConfig.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + privileged: true + {{ end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{ if .Values.liveness.enabled }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + env: + - name: CONFIG_HOME + value: /opt/app/crud-service/config/ + - name: KEY_STORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }}-pass + key: KEY_STORE_PASSWORD + - name: KEY_MANAGER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }}-pass + key: KEY_MANAGER_PASSWORD + - name: SERVICE_BEANS + value: /opt/app/crud-service/dynamic/conf + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/crud-service/config/crud-api.properties + subPath: crud-api.properties + name: {{ include "common.fullname" . }}-config + - mountPath: /opt/app/crud-service/config/schema-ingest.properties + subPath: schema-ingest.properties + name: {{ include "common.fullname" . }}-config + - mountPath: /opt/app/crud-service/config/edgeprops-ingest.properties + subPath: edgeprops-ingest.properties + name: {{ include "common.fullname" . }}-config + - mountPath: /opt/app/crud-service/config/model/ + name: {{ include "common.fullname" . }}-model-config + - mountPath: /opt/app/crud-service/config/auth + name: {{ include "common.fullname" . }}-auth-secret + - mountPath: /opt/app/crud-service/dynamic/conf/crud-beans.xml + name: {{ include "common.fullname" . }}-config + subPath: crud-beans.xml + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/crud-api/bundleconfig/etc/logback.xml + name: {{ include "common.fullname" . }}-logback-config + subPath: logback.xml + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + + - name: filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + name: filebeat-conf + subPath: filebeat.yml + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/share/filebeat/data + name: {{ include "common.fullname" . }}-data-filebeat + + {{ if .Values.global.installSidecarSecurity }} + - name: {{ .Values.global.rproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/rproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.rproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/forward-proxy.properties + subPath: forward-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/primary-service.properties + subPath: primary-service.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/reverse-proxy.properties + subPath: reverse-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/cadi.properties + subPath: cadi.properties + - name: {{ include "common.fullname" . }}-rproxy-log-config + mountPath: /opt/app/rproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + mountPath: /opt/app/rproxy/config/auth/uri-authorization.json + subPath: uri-authorization.json + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + mountPath: /opt/app/rproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + mountPath: /opt/app/rproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12 + subPath: org.onap.aai.p12 + - name: {{ include "common.fullname" . }}-rproxy-security-config + mountPath: /opt/app/rproxy/config/security/keyfile + subPath: keyfile + + ports: + - containerPort: {{ .Values.global.rproxy.port }} + + - name: {{ .Values.global.fproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/fproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: TRUST_STORE_PASSWORD + value: {{ .Values.config.trustStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.fproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-fproxy-config + mountPath: /opt/app/fproxy/config/fproxy.properties + subPath: fproxy.properties + - name: {{ include "common.fullname" . }}-fproxy-log-config + mountPath: /opt/app/fproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + mountPath: /opt/app/fproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + mountPath: /opt/app/fproxy/config/auth/fproxy_truststore + subPath: fproxy_truststore + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + mountPath: /opt/app/fproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + ports: + - containerPort: {{ .Values.global.fproxy.port }} + {{ end }} + + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: filebeat-conf + configMap: + name: {{ include "common.fullname" . }}-filebeat-configmap + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-auth-secret + secret: + secretName: {{ include "common.fullname" . }}-auth + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-configmap + items: + - key: crud-api.properties + path: crud-api.properties + - key: schema-ingest.properties + path: schema-ingest.properties + - key: edgeprops-ingest.properties + path: edgeprops-ingest.properties + - key: crud-beans.xml + path: crud-beans.xml + - name: {{ include "common.fullname" . }}-logback-config + configMap: + name: {{ include "common.fullname" . }}-log-configmap + items: + - key: logback.xml + path: logback.xml + - name: {{ include "common.fullname" . }}-model-config + configMap: + name: {{ include "common.fullname" . }}-model-configmap + {{ if .Values.global.installSidecarSecurity }} + - name: {{ include "common.fullname" . }}-rproxy-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-config + - name: {{ include "common.fullname" . }}-rproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-log-config + - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-config + secret: + secretName: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + secret: + secretName: aai-rproxy-auth-certs + - name: {{ include "common.fullname" . }}-rproxy-security-config + secret: + secretName: aai-rproxy-security-config + - name: {{ include "common.fullname" . }}-fproxy-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-config + - name: {{ include "common.fullname" . }}-fproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-log-config + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + secret: + secretName: aai-fproxy-auth-certs + {{ end }} + + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/components/aai-gizmo/templates/secrets.yaml b/components/aai-gizmo/templates/secrets.yaml new file mode 100644 index 0000000..96c3424 --- /dev/null +++ b/components/aai-gizmo/templates/secrets.yaml @@ -0,0 +1,54 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-auth + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ (.Files.Glob "resources/config/auth/*").AsSecrets | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-pass + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }} + KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }} + +{{ if .Values.global.installSidecarSecurity }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-rproxy-auth-config + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} +{{ end }} diff --git a/components/aai-gizmo/templates/service.yaml b/components/aai-gizmo/templates/service.yaml new file mode 100644 index 0000000..a584800 --- /dev/null +++ b/components/aai-gizmo/templates/service.yaml @@ -0,0 +1,54 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: +spec: + type: {{ .Values.service.type }} + ports: + {{ if .Values.global.installSidecarSecurity }} + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + targetPort: {{ .Values.global.rproxy.port }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.global.rproxy.port }} + name: {{ .Values.service.portName }} + {{- end}} + {{ else }} + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + {{ end }} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} diff --git a/components/aai-gizmo/values.yaml b/components/aai-gizmo/values.yaml new file mode 100644 index 0000000..f23c18d --- /dev/null +++ b/components/aai-gizmo/values.yaml @@ -0,0 +1,81 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +global: + nodePortPrefix: 302 + loggingImage: beats/filebeat:5.5.0 + +################################################################# +# Application configuration defaults. +################################################################# + +# application image +image: onap/gizmo:1.4.0 +flavor: small +# application configuration +config: + keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 60 + timeoutSeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 60 + timeoutSeconds: 10 + periodSeconds: 10 + +service: + type: NodePort + name: aai-crud-service + portName: aai-crud-service + internalPort: 9520 + externalPort: 9520 + nodePort: 68 + +ingress: + enabled: false + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 0.5 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 1 + memory: 1536Mi + unlimited: {} |