Remove vulnerability - dcaegen2/services/prh

diff options

author	Joanna Jeremicz <joanna.jeremicz@nokia.com>	2022-02-11 13:48:25 +0100
committer	Joanna Jeremicz <joanna.jeremicz@nokia.com>	2022-02-14 10:31:56 +0100
commit	992e070cc195fcc291dbeb3e2f844ddc4b1364cd (patch)
tree	ebd3b0bec6d5c76e17038e7e898170eb0af0bb93 /Changelog.md
parent	56e7cf48416cf1f5da46723c3a27f350d46fc20b (diff)

Remove vulnerability1.8.0

- Update DCAE SDK version from 1.8.7 to 1.8.8 - Update Spring Boot version from 2.4.8 to 2.5.9 - Update Spring Cloud version from 2020.0.1 to 2020.0.5 Change-Id: I0de15135572521feb399d75cd617f007394c6e4e Issue-ID: DCAEGEN2-3050 Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>

Diffstat (limited to 'Changelog.md')

-rw-r--r--

Changelog.md

1 files changed, 5 insertions, 0 deletions

# # ============LICENSE_START======================================================= # org.onap.aai # ================================================================================ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # Copyright (c) 2020 Nokia Intellectual Property. All rights reserved. # Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= # Default values for resources. # This is a YAML-formatted file. # Declare variables to be passed into your templates. global: # global defaults nodePortPrefix: 302 cassandra: #This will instantiate AAI cassandra cluster, default:shared cassandra. localCluster: false initContainers: enabled: true jobs: # When enabled, it will create the schema based on oxm and edge rules createSchema: enabled: true #migration using helm hooks migration: enabled: false config: # Specifies that the cluster connected to a dynamic # cluster being spinned up by kubernetes deployment cluster: cassandra: dynamic: true # Specifies if the basic authorization is enabled basic: auth: enabled: true username: AAI passwd: AAI # Notification event specific properties notification: eventType: AAI-EVENT domain: dev # Schema specific properties that include supported versions of api schema: # Specifies if the connection should be one way ssl, two way ssl or no auth # will be set to no-auth if tls is disabled service: client: one-way-ssl # Specifies which translator to use if it has schema-service, then it will # make a rest request to schema service translator: list: schema-service source: # Specifies which folder to take a look at name: onap uri: # Base URI Path of the application base: path: /aai version: # Current version of the REST API api: default: v27 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27 # Specifies from which version related link should appear related: link: v11 # Specifies from which version the app root change happened app: root: v11 # Specifies from which version the xml namespace changed namespace: change: v12 # Specifies from which version the edge label appeared in API edge: label: v12 # Specifies which clients should always default to realtime graph connection realtime: clients: SDNC,-1|MSO,-1|SO,-1|robot-ete,-1 ################################################################# # Certificate configuration ################################################################# certInitializer: nameOverride: aai-graphadmin-cert-initializer aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! # aafDeployCredsExternalSecret: some secret fqdn: aai fqi: aai@aai.onap.org public_fqdn: aai.onap.org cadi_longitude: "0.0" cadi_latitude: "0.0" app_ns: org.osaaf.aaf credsPath: /opt/app/osaaf/local fqi_namespace: org.onap.aai user_id: &user_id 1000 group_id: &group_id 1000 aaf_add_config: | echo "*** changing them into shell safe ones" export KEYSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) export KEYSTORE_JKS_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) export TRUSTSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) cd {{ .Values.credsPath }} keytool -storepasswd -new "${KEYSTORE_PLAIN_PASSWORD}" \ -storepass "${cadi_keystore_password_p12}" \ -keystore {{ .Values.fqi_namespace }}.p12 keytool -storepasswd -new "${TRUSTSTORE_PLAIN_PASSWORD}" \ -storepass "${cadi_truststore_password}" \ -keystore {{ .Values.fqi_namespace }}.trust.jks keytool -storepasswd -new "${KEYSTORE_JKS_PLAIN_PASSWORD}" \ -storepass "${cadi_keystore_password_jks}" \ -keystore {{ .Values.fqi_namespace }}.jks echo "*** set key password as same password as keystore password" keytool -keypasswd -new "${KEYSTORE_JKS_PLAIN_PASSWORD}" \ -keystore {{ .Values.fqi_namespace }}.jks \ -keypass "${cadi_keystore_password_jks}" \ -storepass "${KEYSTORE_JKS_PLAIN_PASSWORD}" -alias {{ .Values.fqi }} echo "*** writing passwords into prop file" echo "KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}" > {{ .Values.credsPath }}/mycreds.prop echo "KEYSTORE_JKS_PLAIN_PASSWORD=${KEYSTORE_JKS_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop echo "TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop echo "*** change ownership of certificates to targeted user" chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }} # application image image: onap/aai-graphadmin:1.11.1 pullPolicy: Always restartPolicy: Always flavor: small flavorOverride: small # default number of instances replicaCount: 1 # the minimum number of seconds that a newly created Pod should be ready minReadySeconds: 30 updateStrategy: type: RollingUpdate # The number of pods that can be unavailable during the update process maxUnavailable: 0 # The number of pods that can be created above the desired amount of pods during an update maxSurge: 1 # Configuration for the graphadmin deployment config: # Specify the profiles for the graphadmin microservice profiles: # one way ssl profile will be set unless tlsEnabled is set to false or serviceMesh is enabled and # serviceMesh.tls is set to tru active: dmaap #,one-way-ssl" # Specifies the timeout limit for the REST API requests timeout: enabled: true limit: 180000 # Default maximum records to fix for the data grooming and dupeTool maxFix: dataGrooming: 150 dupeTool: 25 # Default number of sleep minutes for dataGrooming and dupeTool sleepMinutes: dataGrooming: 7 dupeTool: 7 # Cron specific attributes to be triggered for the graphadmin spring cron tasks cron: # Specifies that the data grooming tool which runs duplicates should be enabled dataGrooming: enabled: true # Specifies that the data snapshot which takes a graphson snapshot should be enabled dataSnapshot: enabled: true params: JUST_TAKE_SNAPSHOT # Data cleanup which zips snapshots older than x days and deletes older than y days dataCleanup: dataGrooming: enabled: true # Zips up the dataGrooming files older than 5 days ageZip: 5 # Deletes the dataGrooming files older than 30 days ageDelete: 30 dataSnapshot: enabled: true # Zips up the dataSnapshot graphson files older than 5 days ageZip: 5 # Deletes the dataSnapshot graphson files older than 30 days ageDelete: 30 # Concurrency lock control flag aai: lock: uri: enabled: false nodeSelector: {} affinity: {} # probe configuration parameters liveness: initialDelaySeconds: 60 periodSeconds: 60 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: false readiness: initialDelaySeconds: 60 periodSeconds: 10 service: type: ClusterIP # REST API port for the graphadmin microservice portName: http internalPort: 8449 portName2: tcp-5005 internalPort2: 5005 terminationGracePeriodSeconds: 120 ingress: enabled: false persistence: enabled: true ## A manually managed Persistent Volume and Claim ## Requires persistence.enabled: true ## If defined, PVC must be created manually before volume will be bound # existingClaim: volumeReclaimPolicy: Retain ## database data Persistent Volume Storage Class ## If defined, storageClassName: <storageClass> ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## # storageClass: "-" accessMode: ReadWriteMany size: 2Gi mountPath: /dockerdata-nfs mountSubPath: aai/aai-graphadmin mountSubPath1: aai/migration # To make logback capping values configurable logback: logToFileEnabled: true maxHistory: 7 totalSizeCap: 6GB queueSize: 1000 accessLogback: logToFileEnabled: true maxHistory: 7 totalSizeCap: 6GB resources: small: limits: cpu: 2 memory: 4Gi requests: cpu: 0.5 memory: 1536Mi large: limits: cpu: 4 memory: 8Gi requests: cpu: 1 memory: 2Gi unlimited: {} # Not fully used for now securityContext: user_id: *user_id group_id: *group_id #Pods Service Account serviceAccount: nameOverride: aai-graphadmin roles: - read #Log configuration log: path: /var/log/onap logConfigMapNamePrefix: '{{ include "common.fullname" . }}'


context:
space:
mode: