diff options
author | Mike Elliott <mike.elliott@amdocs.com> | 2018-05-08 14:22:13 -0400 |
---|---|---|
committer | Mike Elliott <mike.elliott@amdocs.com> | 2018-05-08 16:27:16 -0400 |
commit | b35b5804c30e5592eef1e46afc6d06d27719a756 (patch) | |
tree | 649ec51e8c3a63e5271bea47030961cfec096467 | |
parent | dd56858b505f0a8d35168ed423f7533fbfc6597d (diff) |
Remove AAF truststore files from configmap
Moved security-related files from the configmap to an
init container, to dramatically reduce the overall size
of the ONAP deployment configmap.
Change-Id: I5e1c176f14d2e010c69e6c1e86c487583ed18f59
Issue-ID: OOM-1061
Signed-off-by: Mike Elliott <mike.elliott@amdocs.com>
-rw-r--r-- | kubernetes/aaf/resources/config/public/AAF_RootCA.cer | 31 | ||||
-rw-r--r-- | kubernetes/aaf/resources/config/public/README.txt | 1 | ||||
-rw-r--r-- | kubernetes/aaf/resources/config/public/aaf_2_0.xsd | 527 | ||||
-rw-r--r-- | kubernetes/aaf/resources/config/public/iframe_denied_test.html | 10 | ||||
-rw-r--r-- | kubernetes/aaf/resources/config/public/truststoreONAP.p12 | bin | 4180 -> 0 bytes | |||
-rw-r--r-- | kubernetes/aaf/resources/config/public/truststoreONAPall.jks | bin | 117990 -> 0 bytes | |||
-rw-r--r-- | kubernetes/aaf/templates/configmap.yaml | 8 | ||||
-rw-r--r-- | kubernetes/aaf/templates/job.yaml | 31 | ||||
-rw-r--r-- | kubernetes/aaf/templates/secrets.yaml | 17 | ||||
-rw-r--r-- | kubernetes/aaf/values.yaml | 5 |
10 files changed, 28 insertions, 602 deletions
diff --git a/kubernetes/aaf/resources/config/public/AAF_RootCA.cer b/kubernetes/aaf/resources/config/public/AAF_RootCA.cer deleted file mode 100644 index e9a50d7ea0..0000000000 --- a/kubernetes/aaf/resources/config/public/AAF_RootCA.cer +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV -BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx -NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK -DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC -ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 -XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn -H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM -pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 -NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg -2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY -wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd -ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM -P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 -aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY -PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G -A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ -UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN -BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz -L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 -7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx -c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf -jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 -RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h -PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF -CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ -Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A -cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR -ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX -dYY= ------END CERTIFICATE----- diff --git a/kubernetes/aaf/resources/config/public/README.txt b/kubernetes/aaf/resources/config/public/README.txt new file mode 100644 index 0000000000..48aaa96feb --- /dev/null +++ b/kubernetes/aaf/resources/config/public/README.txt @@ -0,0 +1 @@ +Public directory left empty on purpose. Content of https://gerrit.onap.org/r/gitweb?p=aaf/authz.git;a=tree;f=auth/sample/public;h=1b387b7858134f80446f006b6d570fa534da3153;hb=refs/heads/master is cloned and mounted into AAF container volume via init container. This is done to dramatically reduce the size of configuration that was being put into a configmap that was exceeding helm configmap limit of 1MB per deployment. diff --git a/kubernetes/aaf/resources/config/public/aaf_2_0.xsd b/kubernetes/aaf/resources/config/public/aaf_2_0.xsd deleted file mode 100644 index 59d4331b22..0000000000 --- a/kubernetes/aaf/resources/config/public/aaf_2_0.xsd +++ /dev/null @@ -1,527 +0,0 @@ -<!-- Used by AAF (ATT inc 2013) --> -<xs:schema - xmlns:xs="http://www.w3.org/2001/XMLSchema" - xmlns:aaf="urn:aaf:v2_0" - targetNamespace="urn:aaf:v2_0" - elementFormDefault="qualified"> - -<!-- - June 2, 2017, adding Roles, Perms, etc to NSRequest for Onboarding purposes. - - Note: jan 22, 2015. Deprecating the "force" element in the "Request" Structure. Do that - with Query Params. - - Eliminate in 3.0 - --> -<!-- - Errors - Note: This Error Structure has been made to conform to the AT&T TSS Policies - --> - <xs:element name="error"> - <xs:complexType> - <xs:sequence> - <!-- - Unique message identifier of the format ‘ABCnnnn’ where ‘ABC’ is - either ‘SVC’ for Service Exceptions or ‘POL’ for Policy Exception. - Exception numbers may be in the range of 0001 to 9999 where : - * 0001 to 0199 are reserved for common exception messages - * 0200 to 0999 are reserved for Parlay Web Services specification use - * 1000-9999 are available for exceptions - --> - <xs:element name="messageId" type="xs:string" minOccurs="1" maxOccurs="1"/> - - <!-- - Message text, with replacement - variables marked with %n, where n is - an index into the list of <variables> - elements, starting at 1 - --> - <xs:element name="text" type="xs:string" minOccurs="1" maxOccurs="1"/> - - <!-- - List of zero or more strings that - represent the contents of the variables - used by the message text. --> - <xs:element name="variables" type="xs:string" minOccurs="0" maxOccurs="unbounded" /> - </xs:sequence> - </xs:complexType> - </xs:element> - -<!-- - Requests - --> - <xs:complexType name="Request"> - <xs:sequence> - <xs:element name="start" type="xs:dateTime" minOccurs="1" maxOccurs="1" /> - <xs:element name="end" type="xs:dateTime" minOccurs="1" maxOccurs="1"/> - <!-- Deprecated. Use Query Command - <xs:element name="force" type="xs:string" minOccurs="1" maxOccurs="1" default="false"/> - --> - </xs:sequence> - </xs:complexType> - -<!-- - Keys - --> - <xs:element name="keys"> - <xs:complexType> - <xs:sequence> - <xs:element name="key" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:complexType> - </xs:element> - - -<!-- - Permissions ---> - <xs:complexType name = "pkey"> - <xs:sequence> - <xs:element name="type" type="xs:string"/> - <xs:element name="instance" type="xs:string"/> - <xs:element name="action" type="xs:string"/> - </xs:sequence> - </xs:complexType> - - <xs:element name="permKey"> - <xs:complexType > - <xs:complexContent> - <xs:extension base="aaf:pkey" /> - </xs:complexContent> - </xs:complexType> - </xs:element> - - <xs:element name="perm"> - <xs:complexType > - <xs:complexContent> - <xs:extension base="aaf:pkey"> - <xs:sequence> - <xs:element name="roles" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> - <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR --> - <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/> - <!-- This data not filled in unless Requested --> - <xs:element name="ns" type="xs:string" minOccurs="0" maxOccurs="1"/> - </xs:sequence> - </xs:extension> - </xs:complexContent> - </xs:complexType> - </xs:element> - - <xs:element name="perms"> - <xs:complexType> - <xs:sequence> - <xs:element ref="aaf:perm" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:complexType> - </xs:element> - - <xs:element name="permRequest"> - <xs:complexType> - <xs:complexContent> - <xs:extension base="aaf:Request"> - <xs:sequence> - <xs:element name="type" type="xs:string"/> - <xs:element name="instance" type="xs:string"/> - <xs:element name="action" type="xs:string"/> - <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR --> - <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/> - </xs:sequence> - </xs:extension> - </xs:complexContent> - </xs:complexType> - </xs:element> - - -<!-- - Roles ---> - <xs:complexType name="rkey"> - <xs:sequence> - <xs:element name="name" type="xs:string"/> - </xs:sequence> - </xs:complexType> - - <xs:element name="roleKey"> - <xs:complexType > - <xs:complexContent> - <xs:extension base="aaf:rkey" /> - </xs:complexContent> - </xs:complexType> - </xs:element> - - <xs:element name="role"> - <xs:complexType> - <xs:complexContent> - <xs:extension base="aaf:rkey"> - <xs:sequence> - <xs:element name="perms" type="aaf:pkey" minOccurs="0" maxOccurs="unbounded"/> - <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR --> - <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/> - <!-- This data not filled in unless Requested --> - <xs:element name="ns" type="xs:string" minOccurs="0" maxOccurs="1"/> - </xs:sequence> - </xs:extension> - </xs:complexContent> - </xs:complexType> - </xs:element> - - <xs:element name="roles"> - <xs:complexType> - <xs:sequence> - <xs:element ref="aaf:role" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:complexType> - </xs:element> - - <xs:element name="roleRequest"> - <xs:complexType> - <xs:complexContent> - <xs:extension base="aaf:Request"> - <xs:sequence> - <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/> - <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR --> - <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/> - </xs:sequence> - </xs:extension> - </xs:complexContent> - </xs:complexType> - </xs:element> - - <!-- Added userRole return types jg1555 9/16/2015 --> - <xs:element name="userRole"> - <xs:complexType> - <xs:sequence> - <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/> - <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/> - <xs:element name="expires" type="xs:date" minOccurs="1" maxOccurs="1" /> - </xs:sequence> - </xs:complexType> - </xs:element> - - <!-- Added userRoles return types jg1555 9/16/2015 --> - <xs:element name="userRoles"> - <xs:complexType> - <xs:sequence> - <xs:element ref="aaf:userRole" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:complexType> - </xs:element> - - <xs:element name="userRoleRequest"> - <xs:complexType> - <xs:complexContent> - <xs:extension base="aaf:Request"> - <xs:sequence> - <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/> - <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/> - </xs:sequence> - </xs:extension> - </xs:complexContent> - </xs:complexType> - </xs:element> - - <xs:element name="rolePermRequest"> - <xs:complexType> - <xs:complexContent> - <xs:extension base="aaf:Request"> - <xs:sequence> - <xs:element name="perm" type="aaf:pkey" minOccurs="1" maxOccurs="1"/> - <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/> - </xs:sequence> - </xs:extension> - </xs:complexContent> - </xs:complexType> - </xs:element> - - <xs:element name="nsRequest"> - <xs:complexType> - <xs:complexContent> - <xs:extension base="aaf:Request"> - <xs:sequence> - <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/> - <xs:element name="admin" type="xs:string" minOccurs="1" maxOccurs="unbounded"/> - <xs:element name="responsible" type="xs:string" minOccurs="1" maxOccurs="unbounded"/> - <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR --> - <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/> - <!-- Note: dec 11, 2015. Request-able NS Type JG --> - <xs:element name="type" type="xs:string" minOccurs="0" maxOccurs="1"/> - - <!-- "scope" is deprecated and unused as of AAF 2.0.11. It will be removed in future versions - <xs:element name="scope" type="xs:int" minOccurs="0" maxOccurs="1"/> - - - <xs:element ref="aaf:roleRequest" minOccurs="0" maxOccurs="unbounded"/> - <xs:element ref="aaf:permRequest" minOccurs="0" maxOccurs="unbounded"/> - <xs:element name="aaf_id" type="xs:string" minOccurs="0" maxOccurs="1"/> - <xs:element ref="aaf:userRoleRequest" minOccurs="0" maxOccurs="unbounded"/> - <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded"> - <xs:complexType> - <xs:sequence> - <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/> - <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/> - </xs:sequence> - </xs:complexType> - </xs:element> - - - --> - </xs:sequence> - </xs:extension> - </xs:complexContent> - </xs:complexType> - </xs:element> - - <xs:element name="nsAttribRequest"> - <xs:complexType> - <xs:complexContent> - <xs:extension base="aaf:Request"> - <xs:sequence> - <xs:element name="ns" type="xs:string" minOccurs="1" maxOccurs="1"/> - <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded"> - <xs:complexType> - <xs:sequence> - <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/> - <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/> - </xs:sequence> - </xs:complexType> - </xs:element> - </xs:sequence> - </xs:extension> - </xs:complexContent> - </xs:complexType> - </xs:element> - - <xs:element name = "nss"> - <xs:complexType> - <xs:sequence> - <xs:element name = "ns" minOccurs="0" maxOccurs="unbounded"> - <xs:complexType> - <xs:sequence> - <xs:element name = "name" type = "xs:string" minOccurs="1" maxOccurs="1"/> - <xs:element name = "responsible" type = "xs:string" minOccurs="0" maxOccurs="unbounded"/> - <xs:element name = "admin" type = "xs:string" minOccurs="0" maxOccurs="unbounded"/> - <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR --> - <xs:element name = "description" type = "xs:string" minOccurs="0" maxOccurs="1"/> - <!-- Note: Dec 16, 2015. Added description field. Verify backward compatibility. JG --> - <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded"> - <xs:complexType> - <xs:sequence> - <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/> - <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/> - </xs:sequence> - </xs:complexType> - </xs:element> - </xs:sequence> - </xs:complexType> - </xs:element> - </xs:sequence> - </xs:complexType> - </xs:element> - -<!-- - Users ---> - <xs:element name="users"> - <xs:complexType> - <xs:sequence> - <xs:element name="user" minOccurs="0" maxOccurs="unbounded"> - <xs:complexType> - <xs:sequence> - <xs:element name="id" type="xs:string" minOccurs="1" maxOccurs="1" /> - <!-- Changed type to dateTime, because of importance of Certs --> - <xs:element name="expires" type="xs:dateTime" minOccurs="1" maxOccurs="1" /> - <!-- need to differentiate User Cred Types, jg1555 5/20/2015 - This Return Object is shared by multiple functions: - Type is not returned for "UserRole", but only "Cred" - --> - <xs:element name="type" type="xs:int" minOccurs="0" maxOccurs="1" /> - </xs:sequence> - </xs:complexType> - </xs:element> - </xs:sequence> - </xs:complexType> - </xs:element> - -<!-- - Certs - Added jg1555 5/20/2015 to support identifying Certificate based Services - --> - <xs:element name="certs"> - <xs:complexType> - <xs:sequence> - <xs:element name="cert" minOccurs="0" maxOccurs="unbounded"> - <xs:complexType> - <xs:sequence> - <xs:element name="id" type="xs:string" minOccurs="1" maxOccurs="1" /> - <xs:element name="x500" type="xs:string" minOccurs="1" maxOccurs="1" /> - <xs:element name="expires" type="xs:dateTime" minOccurs="1" maxOccurs="1" /> - <xs:element name="fingerprint" type="xs:hexBinary" minOccurs="1" maxOccurs="1" /> - </xs:sequence> - </xs:complexType> - </xs:element> - </xs:sequence> - </xs:complexType> - </xs:element> - -<!-- - Credentials ---> - <xs:element name="credRequest"> - <xs:complexType> - <xs:complexContent> - <xs:extension base="aaf:Request"> - <xs:sequence> - <xs:element name="id" type="xs:string"/> - <xs:element name="type" type="xs:int" minOccurs="0" maxOccurs="1"/> - <xs:choice > - <xs:element name="password" type="xs:string" /> - <xs:element name="entry" type="xs:string" /> - </xs:choice> - </xs:sequence> - </xs:extension> - </xs:complexContent> - </xs:complexType> - </xs:element> - -<!-- - Multi Request - --> - - <xs:element name="multiRequest"> - <xs:complexType> - <xs:complexContent> - <xs:extension base="aaf:Request"> - <xs:sequence> - <xs:element ref="aaf:nsRequest" minOccurs="0" maxOccurs="1"/> - <xs:element ref="aaf:nsAttribRequest" minOccurs="0" maxOccurs="unbounded"/> - <xs:element ref="aaf:roleRequest" minOccurs="0" maxOccurs="unbounded"/> - <xs:element ref="aaf:permRequest" minOccurs="0" maxOccurs="unbounded"/> - <xs:element ref="aaf:credRequest" minOccurs="0" maxOccurs="unbounded"/> - <xs:element ref="aaf:userRoleRequest" minOccurs="0" maxOccurs="unbounded"/> - <xs:element ref="aaf:rolePermRequest" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:extension> - </xs:complexContent> - </xs:complexType> - </xs:element> - -<!-- - History - --> - <xs:element name="history"> - <xs:complexType> - <xs:sequence> - <xs:element name="item" minOccurs="0" maxOccurs="unbounded"> - <xs:complexType> - <xs:sequence> - <xs:element name="YYYYMM" type="xs:string" minOccurs="1" maxOccurs="1"/> - <xs:element name="timestamp" type="xs:dateTime" minOccurs="1" maxOccurs="1"/> - <xs:element name="subject" type="xs:string" minOccurs="1" maxOccurs="1"/> - <xs:element name="target" type = "xs:string" minOccurs="1" maxOccurs="1"/> - <xs:element name="action" type="xs:string" minOccurs="1" maxOccurs="1"/> - <xs:element name="memo" type="xs:string" minOccurs="1" maxOccurs="1"/> - <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/> - </xs:sequence> - </xs:complexType> - </xs:element> - </xs:sequence> - </xs:complexType> - </xs:element> - -<!-- - Approvals - --> - <xs:complexType name="approval"> - <xs:sequence> - <!-- Note, id is set by system --> - <xs:element name="id" type="xs:string" minOccurs="0" maxOccurs="1"/> - <xs:element name="ticket" type="xs:string"/> - <xs:element name="user" type="xs:string"/> - <xs:element name="approver" type="xs:string"/> - <xs:element name="type" type="xs:string"/> - <xs:element name="memo" type="xs:string"/> - <xs:element name="updated" type="xs:dateTime"/> - <xs:element name="status"> - <xs:simpleType> - <xs:restriction base="xs:string"> - <xs:enumeration value="approve"/> - <xs:enumeration value="reject"/> - <xs:enumeration value="pending"/> - </xs:restriction> - </xs:simpleType> - </xs:element> - <xs:element name="operation"> - <xs:simpleType> - <xs:restriction base="xs:string"> - <xs:enumeration value="C"/> - <xs:enumeration value="U"/> - <xs:enumeration value="D"/> - <xs:enumeration value="G"/> - <xs:enumeration value="UG"/> - </xs:restriction> - </xs:simpleType> - </xs:element> - </xs:sequence> - </xs:complexType> - <xs:element name="approvals"> - <xs:complexType> - <xs:sequence> - <xs:element name="approvals" type="aaf:approval" minOccurs="1" maxOccurs="unbounded"/> - </xs:sequence> - </xs:complexType> - </xs:element> - -<!-- - Delegates ---> - <xs:complexType name="delg"> - <xs:sequence> - <xs:element name="user" type="xs:string"/> - <xs:element name="delegate" type="xs:string"/> - <xs:element name="expires" type="xs:date"/> - </xs:sequence> - </xs:complexType> - - <xs:element name="delgRequest"> - <xs:complexType> - <xs:complexContent> - <xs:extension base="aaf:Request"> - <xs:sequence> - <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/> - <xs:element name="delegate" type="xs:string" minOccurs="1" maxOccurs="1"/> - </xs:sequence> - </xs:extension> - </xs:complexContent> - </xs:complexType> - </xs:element> - - <xs:element name="delgs"> - <xs:complexType> - <xs:sequence> - <xs:element name="delgs" type="aaf:delg" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:complexType> - </xs:element> - - <!-- jg 3/11/2015 New for 2.0.8 --> - <xs:element name="api"> - <xs:complexType> - <xs:sequence> - <xs:element name="route" minOccurs="0" maxOccurs="unbounded"> - <xs:complexType> - <xs:sequence> - <xs:element name="meth" type="xs:string" minOccurs="1" maxOccurs="1"/> - <xs:element name="path" type="xs:string" minOccurs="1" maxOccurs="1"/> - <xs:element name="param" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> - <xs:element name="desc" type="xs:string" minOccurs="1" maxOccurs="1"/> - <xs:element name="comments" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> - <xs:element name="contentType" type="xs:string" minOccurs="0" maxOccurs="unbounded"/> - <xs:element name="expected" type="xs:int" minOccurs="1" maxOccurs="1"/> - <xs:element name="explicitErr" type="xs:int" minOccurs="0" maxOccurs="unbounded"/> - </xs:sequence> - </xs:complexType> - </xs:element> - </xs:sequence> - </xs:complexType> - </xs:element> -</xs:schema>
\ No newline at end of file diff --git a/kubernetes/aaf/resources/config/public/iframe_denied_test.html b/kubernetes/aaf/resources/config/public/iframe_denied_test.html deleted file mode 100644 index 613e9c70c1..0000000000 --- a/kubernetes/aaf/resources/config/public/iframe_denied_test.html +++ /dev/null @@ -1,10 +0,0 @@ -<!DOCTYPE html> -<html> -<body> - -<iframe src="https://mithrilcsp.sbc.com:8095/gui/home"> - <p>Your browser does not support iframes.</p> -</iframe> - -</body> -</html> diff --git a/kubernetes/aaf/resources/config/public/truststoreONAP.p12 b/kubernetes/aaf/resources/config/public/truststoreONAP.p12 Binary files differdeleted file mode 100644 index d01e8569ab..0000000000 --- a/kubernetes/aaf/resources/config/public/truststoreONAP.p12 +++ /dev/null diff --git a/kubernetes/aaf/resources/config/public/truststoreONAPall.jks b/kubernetes/aaf/resources/config/public/truststoreONAPall.jks Binary files differdeleted file mode 100644 index ff844b109d..0000000000 --- a/kubernetes/aaf/resources/config/public/truststoreONAPall.jks +++ /dev/null diff --git a/kubernetes/aaf/templates/configmap.yaml b/kubernetes/aaf/templates/configmap.yaml index cfa57f7d99..9d21e057d6 100644 --- a/kubernetes/aaf/templates/configmap.yaml +++ b/kubernetes/aaf/templates/configmap.yaml @@ -23,14 +23,6 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: {{ .Release.Name }}-aaf-public - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/public/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: name: {{ .Release.Name }}-aaf-local namespace: {{ include "common.namespace" . }} data: diff --git a/kubernetes/aaf/templates/job.yaml b/kubernetes/aaf/templates/job.yaml index 7ce871e54a..85c09402a2 100644 --- a/kubernetes/aaf/templates/job.yaml +++ b/kubernetes/aaf/templates/job.yaml @@ -29,6 +29,21 @@ spec: app: aaf-init-job release: {{ .Release.Name }} spec: + initContainers: + - name: {{ include "common.name" . }}-inject-config + command: + - /bin/bash + - -c + - > + git clone -b {{ .Values.config.gerritBranch }} --single-branch {{ .Values.config.gerritProject }} /tmp/gerrit; + echo "Clone complete. Copying from /tmp/gerrit/ to /public"; + cp -rf /tmp/gerrit/auth/sample/public/* /public; + echo "Done."; + image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.global.ubuntuInitImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: aaf-public + mountPath: "/public" containers: - command: ["/bin/bash","-c","if [ ! -d /data/backup ]; then mkdir /data/data && cp -Ra /data1/data/..data/* /data/data/ && mkdir /data/etc && cp -Ra /data1/etc/..data/* data/etc/ && mkdir /data/backup && cp -Ra /data1/backup/..data/* /data/backup/ && cp -Ra /data1/public /data/ && cp -Ra /data1/local /data && mkdir -p /data/logs/oauth && mkdir -p /data/logs/hello && mkdir -p /data/logs/fs && mkdir -p /data/logs/gui && mkdir -p /data/logs/locate && mkdir -p /data/logs/cm && mkdir -p /data/logs/service; fi; exit 0"] image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" @@ -51,13 +66,13 @@ spec: name: aaf-public subPath: aaf_2_0.xsd - mountPath: /data1/public/truststoreONAP.p12 - name: aaf-public-secret + name: aaf-public subPath: truststoreONAP.p12 - mountPath: /data1/public/AAF_RootCA.cer - name: aaf-public-secret + name: aaf-public subPath: AAF_RootCA.cer - mountPath: /data1/public/truststoreONAPall.jks - name: aaf-public-secret + name: aaf-public subPath: truststoreONAPall.jks - mountPath: /data1/local/org.osaaf.location.props name: aaf-local @@ -85,6 +100,8 @@ spec: subPath: org.osaaf.aaf.cm.p12 - mountPath: /data1/backup name: aaf-backup + - mountPath: /share + name: aaf-public resources: {{ toYaml .Values.resources | indent 12 }} {{- if .Values.nodeSelector }} @@ -102,9 +119,6 @@ spec: - name: aaf-local-secret secret: secretName: {{ .Release.Name }}-aaf-local-secret - - name: aaf-public-secret - secret: - secretName: {{ .Release.Name }}-aaf-public-secret - name: aaf-etc configMap: name: {{ .Release.Name }}-aaf-etc @@ -114,9 +128,6 @@ spec: - name: aaf-backup configMap: name: {{ .Release.Name }}-aaf-backup - - name: aaf-public - configMap: - name: {{ .Release.Name }}-aaf-public - name: aaf-data configMap: name: {{ .Release.Name }}-aaf-data @@ -127,6 +138,8 @@ spec: {{- else }} emptyDir: {} {{- end }} + - name: aaf-public + emptyDir: {} restartPolicy: OnFailure imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/templates/secrets.yaml b/kubernetes/aaf/templates/secrets.yaml index d67601ca65..fe876e1c6c 100644 --- a/kubernetes/aaf/templates/secrets.yaml +++ b/kubernetes/aaf/templates/secrets.yaml @@ -28,20 +28,3 @@ data: {{ (.Files.Glob "resources/config/local/org.osaaf.aaf.keyfile").AsSecrets | indent 2 }} {{ (.Files.Glob "resources/config/local/org.osaaf.aaf.cm.p12").AsSecrets | indent 2 }} type: Opaque ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name}}-aaf-public-secret - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: -{{ (.Files.Glob "resources/config/public/truststoreONAP.p12").AsSecrets | indent 2 }} -{{ (.Files.Glob "resources/config/public/AAF_RootCA.cer").AsSecrets | indent 2 }} -{{ (.Files.Glob "resources/config/public/truststoreONAPall.jks").AsSecrets | indent 2 }} -type: Opaque - diff --git a/kubernetes/aaf/values.yaml b/kubernetes/aaf/values.yaml index 805d3d1e6e..1724be831c 100644 --- a/kubernetes/aaf/values.yaml +++ b/kubernetes/aaf/values.yaml @@ -20,6 +20,8 @@ global: repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== readinessRepository: oomk8s readinessImage: readiness-check:2.0.0 + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 persistence: enabled: true @@ -35,6 +37,9 @@ config: helloServiceName: aaf-hello oauthServiceName: aaf-oauth csServiceName: aaf-cass + # gerrit branch where the latest aaf/auth/sample/public code exists + gerritProject: http://gerrit.onap.org/r/aaf/authz.git + gerritBranch: master # default number of instances replicaCount: 1 |