summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMike Elliott <mike.elliott@amdocs.com>2018-05-08 14:22:13 -0400
committerMike Elliott <mike.elliott@amdocs.com>2018-05-08 16:27:16 -0400
commitb35b5804c30e5592eef1e46afc6d06d27719a756 (patch)
tree649ec51e8c3a63e5271bea47030961cfec096467
parentdd56858b505f0a8d35168ed423f7533fbfc6597d (diff)
Remove AAF truststore files from configmap
Moved security-related files from the configmap to an init container, to dramatically reduce the overall size of the ONAP deployment configmap. Change-Id: I5e1c176f14d2e010c69e6c1e86c487583ed18f59 Issue-ID: OOM-1061 Signed-off-by: Mike Elliott <mike.elliott@amdocs.com>
-rw-r--r--kubernetes/aaf/resources/config/public/AAF_RootCA.cer31
-rw-r--r--kubernetes/aaf/resources/config/public/README.txt1
-rw-r--r--kubernetes/aaf/resources/config/public/aaf_2_0.xsd527
-rw-r--r--kubernetes/aaf/resources/config/public/iframe_denied_test.html10
-rw-r--r--kubernetes/aaf/resources/config/public/truststoreONAP.p12bin4180 -> 0 bytes
-rw-r--r--kubernetes/aaf/resources/config/public/truststoreONAPall.jksbin117990 -> 0 bytes
-rw-r--r--kubernetes/aaf/templates/configmap.yaml8
-rw-r--r--kubernetes/aaf/templates/job.yaml31
-rw-r--r--kubernetes/aaf/templates/secrets.yaml17
-rw-r--r--kubernetes/aaf/values.yaml5
10 files changed, 28 insertions, 602 deletions
diff --git a/kubernetes/aaf/resources/config/public/AAF_RootCA.cer b/kubernetes/aaf/resources/config/public/AAF_RootCA.cer
deleted file mode 100644
index e9a50d7ea0..0000000000
--- a/kubernetes/aaf/resources/config/public/AAF_RootCA.cer
+++ /dev/null
@@ -1,31 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
diff --git a/kubernetes/aaf/resources/config/public/README.txt b/kubernetes/aaf/resources/config/public/README.txt
new file mode 100644
index 0000000000..48aaa96feb
--- /dev/null
+++ b/kubernetes/aaf/resources/config/public/README.txt
@@ -0,0 +1 @@
+Public directory left empty on purpose. Content of https://gerrit.onap.org/r/gitweb?p=aaf/authz.git;a=tree;f=auth/sample/public;h=1b387b7858134f80446f006b6d570fa534da3153;hb=refs/heads/master is cloned and mounted into AAF container volume via init container. This is done to dramatically reduce the size of configuration that was being put into a configmap that was exceeding helm configmap limit of 1MB per deployment.
diff --git a/kubernetes/aaf/resources/config/public/aaf_2_0.xsd b/kubernetes/aaf/resources/config/public/aaf_2_0.xsd
deleted file mode 100644
index 59d4331b22..0000000000
--- a/kubernetes/aaf/resources/config/public/aaf_2_0.xsd
+++ /dev/null
@@ -1,527 +0,0 @@
-<!-- Used by AAF (ATT inc 2013) -->
-<xs:schema
- xmlns:xs="http://www.w3.org/2001/XMLSchema"
- xmlns:aaf="urn:aaf:v2_0"
- targetNamespace="urn:aaf:v2_0"
- elementFormDefault="qualified">
-
-<!--
- June 2, 2017, adding Roles, Perms, etc to NSRequest for Onboarding purposes.
-
- Note: jan 22, 2015. Deprecating the "force" element in the "Request" Structure. Do that
- with Query Params.
-
- Eliminate in 3.0
- -->
-<!--
- Errors
- Note: This Error Structure has been made to conform to the AT&T TSS Policies
- -->
- <xs:element name="error">
- <xs:complexType>
- <xs:sequence>
- <!--
- Unique message identifier of the format ‘ABCnnnn’ where ‘ABC’ is
- either ‘SVC’ for Service Exceptions or ‘POL’ for Policy Exception.
- Exception numbers may be in the range of 0001 to 9999 where :
- * 0001 to 0199 are reserved for common exception messages
- * 0200 to 0999 are reserved for Parlay Web Services specification use
- * 1000-9999 are available for exceptions
- -->
- <xs:element name="messageId" type="xs:string" minOccurs="1" maxOccurs="1"/>
-
- <!--
- Message text, with replacement
- variables marked with %n, where n is
- an index into the list of <variables>
- elements, starting at 1
- -->
- <xs:element name="text" type="xs:string" minOccurs="1" maxOccurs="1"/>
-
- <!--
- List of zero or more strings that
- represent the contents of the variables
- used by the message text. -->
- <xs:element name="variables" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-
-<!--
- Requests
- -->
- <xs:complexType name="Request">
- <xs:sequence>
- <xs:element name="start" type="xs:dateTime" minOccurs="1" maxOccurs="1" />
- <xs:element name="end" type="xs:dateTime" minOccurs="1" maxOccurs="1"/>
- <!-- Deprecated. Use Query Command
- <xs:element name="force" type="xs:string" minOccurs="1" maxOccurs="1" default="false"/>
- -->
- </xs:sequence>
- </xs:complexType>
-
-<!--
- Keys
- -->
- <xs:element name="keys">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="key" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-
-
-<!--
- Permissions
--->
- <xs:complexType name = "pkey">
- <xs:sequence>
- <xs:element name="type" type="xs:string"/>
- <xs:element name="instance" type="xs:string"/>
- <xs:element name="action" type="xs:string"/>
- </xs:sequence>
- </xs:complexType>
-
- <xs:element name="permKey">
- <xs:complexType >
- <xs:complexContent>
- <xs:extension base="aaf:pkey" />
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
-
- <xs:element name="perm">
- <xs:complexType >
- <xs:complexContent>
- <xs:extension base="aaf:pkey">
- <xs:sequence>
- <xs:element name="roles" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
- <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
- <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
- <!-- This data not filled in unless Requested -->
- <xs:element name="ns" type="xs:string" minOccurs="0" maxOccurs="1"/>
- </xs:sequence>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
-
- <xs:element name="perms">
- <xs:complexType>
- <xs:sequence>
- <xs:element ref="aaf:perm" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-
- <xs:element name="permRequest">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="aaf:Request">
- <xs:sequence>
- <xs:element name="type" type="xs:string"/>
- <xs:element name="instance" type="xs:string"/>
- <xs:element name="action" type="xs:string"/>
- <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
- <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
- </xs:sequence>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
-
-
-<!--
- Roles
--->
- <xs:complexType name="rkey">
- <xs:sequence>
- <xs:element name="name" type="xs:string"/>
- </xs:sequence>
- </xs:complexType>
-
- <xs:element name="roleKey">
- <xs:complexType >
- <xs:complexContent>
- <xs:extension base="aaf:rkey" />
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
-
- <xs:element name="role">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="aaf:rkey">
- <xs:sequence>
- <xs:element name="perms" type="aaf:pkey" minOccurs="0" maxOccurs="unbounded"/>
- <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
- <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
- <!-- This data not filled in unless Requested -->
- <xs:element name="ns" type="xs:string" minOccurs="0" maxOccurs="1"/>
- </xs:sequence>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
-
- <xs:element name="roles">
- <xs:complexType>
- <xs:sequence>
- <xs:element ref="aaf:role" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-
- <xs:element name="roleRequest">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="aaf:Request">
- <xs:sequence>
- <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/>
- <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
- <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
- </xs:sequence>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
-
- <!-- Added userRole return types jg1555 9/16/2015 -->
- <xs:element name="userRole">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
- <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/>
- <xs:element name="expires" type="xs:date" minOccurs="1" maxOccurs="1" />
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-
- <!-- Added userRoles return types jg1555 9/16/2015 -->
- <xs:element name="userRoles">
- <xs:complexType>
- <xs:sequence>
- <xs:element ref="aaf:userRole" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-
- <xs:element name="userRoleRequest">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="aaf:Request">
- <xs:sequence>
- <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
- <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/>
- </xs:sequence>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
-
- <xs:element name="rolePermRequest">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="aaf:Request">
- <xs:sequence>
- <xs:element name="perm" type="aaf:pkey" minOccurs="1" maxOccurs="1"/>
- <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/>
- </xs:sequence>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
-
- <xs:element name="nsRequest">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="aaf:Request">
- <xs:sequence>
- <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/>
- <xs:element name="admin" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
- <xs:element name="responsible" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
- <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
- <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
- <!-- Note: dec 11, 2015. Request-able NS Type JG -->
- <xs:element name="type" type="xs:string" minOccurs="0" maxOccurs="1"/>
-
- <!-- "scope" is deprecated and unused as of AAF 2.0.11. It will be removed in future versions
- <xs:element name="scope" type="xs:int" minOccurs="0" maxOccurs="1"/>
-
-
- <xs:element ref="aaf:roleRequest" minOccurs="0" maxOccurs="unbounded"/>
- <xs:element ref="aaf:permRequest" minOccurs="0" maxOccurs="unbounded"/>
- <xs:element name="aaf_id" type="xs:string" minOccurs="0" maxOccurs="1"/>
- <xs:element ref="aaf:userRoleRequest" minOccurs="0" maxOccurs="unbounded"/>
- <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:sequence>
- <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/>
- <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-
-
- -->
- </xs:sequence>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
-
- <xs:element name="nsAttribRequest">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="aaf:Request">
- <xs:sequence>
- <xs:element name="ns" type="xs:string" minOccurs="1" maxOccurs="1"/>
- <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:sequence>
- <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/>
- <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
-
- <xs:element name = "nss">
- <xs:complexType>
- <xs:sequence>
- <xs:element name = "ns" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:sequence>
- <xs:element name = "name" type = "xs:string" minOccurs="1" maxOccurs="1"/>
- <xs:element name = "responsible" type = "xs:string" minOccurs="0" maxOccurs="unbounded"/>
- <xs:element name = "admin" type = "xs:string" minOccurs="0" maxOccurs="unbounded"/>
- <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
- <xs:element name = "description" type = "xs:string" minOccurs="0" maxOccurs="1"/>
- <!-- Note: Dec 16, 2015. Added description field. Verify backward compatibility. JG -->
- <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:sequence>
- <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/>
- <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-
-<!--
- Users
--->
- <xs:element name="users">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="user" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="id" type="xs:string" minOccurs="1" maxOccurs="1" />
- <!-- Changed type to dateTime, because of importance of Certs -->
- <xs:element name="expires" type="xs:dateTime" minOccurs="1" maxOccurs="1" />
- <!-- need to differentiate User Cred Types, jg1555 5/20/2015
- This Return Object is shared by multiple functions:
- Type is not returned for "UserRole", but only "Cred"
- -->
- <xs:element name="type" type="xs:int" minOccurs="0" maxOccurs="1" />
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-
-<!--
- Certs
- Added jg1555 5/20/2015 to support identifying Certificate based Services
- -->
- <xs:element name="certs">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="cert" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="id" type="xs:string" minOccurs="1" maxOccurs="1" />
- <xs:element name="x500" type="xs:string" minOccurs="1" maxOccurs="1" />
- <xs:element name="expires" type="xs:dateTime" minOccurs="1" maxOccurs="1" />
- <xs:element name="fingerprint" type="xs:hexBinary" minOccurs="1" maxOccurs="1" />
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-
-<!--
- Credentials
--->
- <xs:element name="credRequest">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="aaf:Request">
- <xs:sequence>
- <xs:element name="id" type="xs:string"/>
- <xs:element name="type" type="xs:int" minOccurs="0" maxOccurs="1"/>
- <xs:choice >
- <xs:element name="password" type="xs:string" />
- <xs:element name="entry" type="xs:string" />
- </xs:choice>
- </xs:sequence>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
-
-<!--
- Multi Request
- -->
-
- <xs:element name="multiRequest">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="aaf:Request">
- <xs:sequence>
- <xs:element ref="aaf:nsRequest" minOccurs="0" maxOccurs="1"/>
- <xs:element ref="aaf:nsAttribRequest" minOccurs="0" maxOccurs="unbounded"/>
- <xs:element ref="aaf:roleRequest" minOccurs="0" maxOccurs="unbounded"/>
- <xs:element ref="aaf:permRequest" minOccurs="0" maxOccurs="unbounded"/>
- <xs:element ref="aaf:credRequest" minOccurs="0" maxOccurs="unbounded"/>
- <xs:element ref="aaf:userRoleRequest" minOccurs="0" maxOccurs="unbounded"/>
- <xs:element ref="aaf:rolePermRequest" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
-
-<!--
- History
- -->
- <xs:element name="history">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="item" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="YYYYMM" type="xs:string" minOccurs="1" maxOccurs="1"/>
- <xs:element name="timestamp" type="xs:dateTime" minOccurs="1" maxOccurs="1"/>
- <xs:element name="subject" type="xs:string" minOccurs="1" maxOccurs="1"/>
- <xs:element name="target" type = "xs:string" minOccurs="1" maxOccurs="1"/>
- <xs:element name="action" type="xs:string" minOccurs="1" maxOccurs="1"/>
- <xs:element name="memo" type="xs:string" minOccurs="1" maxOccurs="1"/>
- <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-
-<!--
- Approvals
- -->
- <xs:complexType name="approval">
- <xs:sequence>
- <!-- Note, id is set by system -->
- <xs:element name="id" type="xs:string" minOccurs="0" maxOccurs="1"/>
- <xs:element name="ticket" type="xs:string"/>
- <xs:element name="user" type="xs:string"/>
- <xs:element name="approver" type="xs:string"/>
- <xs:element name="type" type="xs:string"/>
- <xs:element name="memo" type="xs:string"/>
- <xs:element name="updated" type="xs:dateTime"/>
- <xs:element name="status">
- <xs:simpleType>
- <xs:restriction base="xs:string">
- <xs:enumeration value="approve"/>
- <xs:enumeration value="reject"/>
- <xs:enumeration value="pending"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:element>
- <xs:element name="operation">
- <xs:simpleType>
- <xs:restriction base="xs:string">
- <xs:enumeration value="C"/>
- <xs:enumeration value="U"/>
- <xs:enumeration value="D"/>
- <xs:enumeration value="G"/>
- <xs:enumeration value="UG"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- <xs:element name="approvals">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="approvals" type="aaf:approval" minOccurs="1" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-
-<!--
- Delegates
--->
- <xs:complexType name="delg">
- <xs:sequence>
- <xs:element name="user" type="xs:string"/>
- <xs:element name="delegate" type="xs:string"/>
- <xs:element name="expires" type="xs:date"/>
- </xs:sequence>
- </xs:complexType>
-
- <xs:element name="delgRequest">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="aaf:Request">
- <xs:sequence>
- <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
- <xs:element name="delegate" type="xs:string" minOccurs="1" maxOccurs="1"/>
- </xs:sequence>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
-
- <xs:element name="delgs">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="delgs" type="aaf:delg" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-
- <!-- jg 3/11/2015 New for 2.0.8 -->
- <xs:element name="api">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="route" minOccurs="0" maxOccurs="unbounded">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="meth" type="xs:string" minOccurs="1" maxOccurs="1"/>
- <xs:element name="path" type="xs:string" minOccurs="1" maxOccurs="1"/>
- <xs:element name="param" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
- <xs:element name="desc" type="xs:string" minOccurs="1" maxOccurs="1"/>
- <xs:element name="comments" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
- <xs:element name="contentType" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
- <xs:element name="expected" type="xs:int" minOccurs="1" maxOccurs="1"/>
- <xs:element name="explicitErr" type="xs:int" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-</xs:schema> \ No newline at end of file
diff --git a/kubernetes/aaf/resources/config/public/iframe_denied_test.html b/kubernetes/aaf/resources/config/public/iframe_denied_test.html
deleted file mode 100644
index 613e9c70c1..0000000000
--- a/kubernetes/aaf/resources/config/public/iframe_denied_test.html
+++ /dev/null
@@ -1,10 +0,0 @@
-<!DOCTYPE html>
-<html>
-<body>
-
-<iframe src="https://mithrilcsp.sbc.com:8095/gui/home">
- <p>Your browser does not support iframes.</p>
-</iframe>
-
-</body>
-</html>
diff --git a/kubernetes/aaf/resources/config/public/truststoreONAP.p12 b/kubernetes/aaf/resources/config/public/truststoreONAP.p12
deleted file mode 100644
index d01e8569ab..0000000000
--- a/kubernetes/aaf/resources/config/public/truststoreONAP.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aaf/resources/config/public/truststoreONAPall.jks b/kubernetes/aaf/resources/config/public/truststoreONAPall.jks
deleted file mode 100644
index ff844b109d..0000000000
--- a/kubernetes/aaf/resources/config/public/truststoreONAPall.jks
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aaf/templates/configmap.yaml b/kubernetes/aaf/templates/configmap.yaml
index cfa57f7d99..9d21e057d6 100644
--- a/kubernetes/aaf/templates/configmap.yaml
+++ b/kubernetes/aaf/templates/configmap.yaml
@@ -23,14 +23,6 @@ data:
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ .Release.Name }}-aaf-public
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/public/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
name: {{ .Release.Name }}-aaf-local
namespace: {{ include "common.namespace" . }}
data:
diff --git a/kubernetes/aaf/templates/job.yaml b/kubernetes/aaf/templates/job.yaml
index 7ce871e54a..85c09402a2 100644
--- a/kubernetes/aaf/templates/job.yaml
+++ b/kubernetes/aaf/templates/job.yaml
@@ -29,6 +29,21 @@ spec:
app: aaf-init-job
release: {{ .Release.Name }}
spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-inject-config
+ command:
+ - /bin/bash
+ - -c
+ - >
+ git clone -b {{ .Values.config.gerritBranch }} --single-branch {{ .Values.config.gerritProject }} /tmp/gerrit;
+ echo "Clone complete. Copying from /tmp/gerrit/ to /public";
+ cp -rf /tmp/gerrit/auth/sample/public/* /public;
+ echo "Done.";
+ image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.global.ubuntuInitImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: aaf-public
+ mountPath: "/public"
containers:
- command: ["/bin/bash","-c","if [ ! -d /data/backup ]; then mkdir /data/data && cp -Ra /data1/data/..data/* /data/data/ && mkdir /data/etc && cp -Ra /data1/etc/..data/* data/etc/ && mkdir /data/backup && cp -Ra /data1/backup/..data/* /data/backup/ && cp -Ra /data1/public /data/ && cp -Ra /data1/local /data && mkdir -p /data/logs/oauth && mkdir -p /data/logs/hello && mkdir -p /data/logs/fs && mkdir -p /data/logs/gui && mkdir -p /data/logs/locate && mkdir -p /data/logs/cm && mkdir -p /data/logs/service; fi; exit 0"]
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
@@ -51,13 +66,13 @@ spec:
name: aaf-public
subPath: aaf_2_0.xsd
- mountPath: /data1/public/truststoreONAP.p12
- name: aaf-public-secret
+ name: aaf-public
subPath: truststoreONAP.p12
- mountPath: /data1/public/AAF_RootCA.cer
- name: aaf-public-secret
+ name: aaf-public
subPath: AAF_RootCA.cer
- mountPath: /data1/public/truststoreONAPall.jks
- name: aaf-public-secret
+ name: aaf-public
subPath: truststoreONAPall.jks
- mountPath: /data1/local/org.osaaf.location.props
name: aaf-local
@@ -85,6 +100,8 @@ spec:
subPath: org.osaaf.aaf.cm.p12
- mountPath: /data1/backup
name: aaf-backup
+ - mountPath: /share
+ name: aaf-public
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -102,9 +119,6 @@ spec:
- name: aaf-local-secret
secret:
secretName: {{ .Release.Name }}-aaf-local-secret
- - name: aaf-public-secret
- secret:
- secretName: {{ .Release.Name }}-aaf-public-secret
- name: aaf-etc
configMap:
name: {{ .Release.Name }}-aaf-etc
@@ -114,9 +128,6 @@ spec:
- name: aaf-backup
configMap:
name: {{ .Release.Name }}-aaf-backup
- - name: aaf-public
- configMap:
- name: {{ .Release.Name }}-aaf-public
- name: aaf-data
configMap:
name: {{ .Release.Name }}-aaf-data
@@ -127,6 +138,8 @@ spec:
{{- else }}
emptyDir: {}
{{- end }}
+ - name: aaf-public
+ emptyDir: {}
restartPolicy: OnFailure
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aaf/templates/secrets.yaml b/kubernetes/aaf/templates/secrets.yaml
index d67601ca65..fe876e1c6c 100644
--- a/kubernetes/aaf/templates/secrets.yaml
+++ b/kubernetes/aaf/templates/secrets.yaml
@@ -28,20 +28,3 @@ data:
{{ (.Files.Glob "resources/config/local/org.osaaf.aaf.keyfile").AsSecrets | indent 2 }}
{{ (.Files.Glob "resources/config/local/org.osaaf.aaf.cm.p12").AsSecrets | indent 2 }}
type: Opaque
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ .Release.Name}}-aaf-public-secret
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-data:
-{{ (.Files.Glob "resources/config/public/truststoreONAP.p12").AsSecrets | indent 2 }}
-{{ (.Files.Glob "resources/config/public/AAF_RootCA.cer").AsSecrets | indent 2 }}
-{{ (.Files.Glob "resources/config/public/truststoreONAPall.jks").AsSecrets | indent 2 }}
-type: Opaque
-
diff --git a/kubernetes/aaf/values.yaml b/kubernetes/aaf/values.yaml
index 805d3d1e6e..1724be831c 100644
--- a/kubernetes/aaf/values.yaml
+++ b/kubernetes/aaf/values.yaml
@@ -20,6 +20,8 @@ global:
repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.0
+ ubuntuInitRepository: registry.hub.docker.com
+ ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
persistence:
enabled: true
@@ -35,6 +37,9 @@ config:
helloServiceName: aaf-hello
oauthServiceName: aaf-oauth
csServiceName: aaf-cass
+ # gerrit branch where the latest aaf/auth/sample/public code exists
+ gerritProject: http://gerrit.onap.org/r/aaf/authz.git
+ gerritBranch: master
# default number of instances
replicaCount: 1