diff options
| author |   Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-03-24 06:26:46 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <gerrit@onap.org> | 2021-03-24 06:26:46 +0000 |
| commit | 48e2ca740dcc1fe91b93b54343f5d19f7d7e559a (patch) | |
| tree | 958911d2a3dfdf1ab1fb2a97bd963b422f723c1b | |
| parent | e9a9b44c3c2cb29e5d1dec1335e45968b01e578a (diff) | |
| parent | f4c617541779b756f85e641ae9d9e3a1c617e55e (diff) | |
Merge "[VID] Obfuscate truststore password at the entrypoint"
| -rw-r--r-- | kubernetes/vid/templates/deployment.yaml | 2 | ||||
| -rw-r--r-- | kubernetes/vid/values.yaml | 4 |
2 files changed, 4 insertions, 2 deletions
diff --git a/kubernetes/vid/templates/deployment.yaml b/kubernetes/vid/templates/deployment.yaml index 8872863e42..d1b4bcdbf2 100644 --- a/kubernetes/vid/templates/deployment.yaml +++ b/kubernetes/vid/templates/deployment.yaml @@ -63,6 +63,8 @@ spec: - -c - | export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export VID_TRUSTSTORE_PLAIN_PASSWORD=${VID_TRUSTSTORE_PASSWORD} + export VID_TRUSTSTORE_PASSWORD=`java -cp /usr/local/tomcat/webapps/vid/WEB-INF/lib/jetty-util-9.4.20.v20190813.jar org.eclipse.jetty.util.security.Password ${VID_TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` /tmp/vid/localize.sh {{- end }} ports: diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml index 6b323a4a17..91132e276c 100644 --- a/kubernetes/vid/values.yaml +++ b/kubernetes/vid/values.yaml @@ -64,7 +64,7 @@ certInitializer: else echo "*** changing them into shell safe ones" export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - export TRUSTORE_PASSWD=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + export TRUSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) cd {{ .Values.credsPath }} keytool -storepasswd -new "${KEYSTORE_PASSWD}" \ -storepass "${cadi_keystore_password_jks}" \ @@ -79,7 +79,7 @@ certInitializer: -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }} echo "*** save the generated passwords" echo "VID_KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop - echo "VID_TRUSTSTORE_PASSWORD=OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp" >> mycreds.prop + echo "VID_TRUSTSTORE_PASSWORD=${TRUSTORE_PASSWD}" >> mycreds.prop echo "*** change ownership of certificates to targeted user" chown -R 1000 . fi |