diff options
| author |   Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-02-23 18:07:34 +0100 |
|---|---|---|
| committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-11-12 20:18:54 +0000 |
| commit | c57b58ddca8fa19fad93b3aea70e556ad6f045d8 (patch) | |
| tree | bf43684a4c647fe941d1b492edb182b162d31cbf /kubernetes/aai/components/aai-graphadmin/resources/config/application.properties | |
| parent | af3d4158481aa457d21b894865536e8d5bda1826 (diff) | |
[AAI][SCHEMA] Remove Hardcoded certificates
Use Certinitializer in order to retrieve needed certificates.
It'll also do the retrieval for graphadmin as both microservices are
working together.
Issue-ID: OOM-2691
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Iad790cc14361cf15d5a6bf4fcad6fd9f4048a1a7
Diffstat (limited to 'kubernetes/aai/components/aai-graphadmin/resources/config/application.properties')
| -rw-r--r-- | kubernetes/aai/components/aai-graphadmin/resources/config/application.properties | 27 |
1 files changed, 14 insertions, 13 deletions
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties index 367e9038cd..27606021ef 100644 --- a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties @@ -4,6 +4,7 @@ # org.onap.aai # ================================================================================ # Copyright � 2018 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2021 Orange # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -44,16 +45,16 @@ server.tomcat.max-idle-time=60000 # If you get an application startup failure that the port is already taken # If thats not it, please check if the key-store file path makes sense -server.local.startpath=aai-graphadmin/src/main/resources/ +server.local.startpath=/opt/app/aai-graphadmin/resources/ server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties server.port=8449 {{ if ( include "common.needTLS" .) }} server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 -server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} -server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) -server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} -server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.jks +server.ssl.key-store-password=password(${KEYSTORE_JKS_PASSWORD}) +server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +server.ssl.trust-store-password=password(${TRUSTSTORE_PASSWORD}) server.ssl.client-auth=want server.ssl.key-store-type=JKS {{ else }} @@ -103,10 +104,10 @@ schema.service.versions.endpoint=versions schema.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }} {{ if ( include "common.needTLS" .) }} -schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} -schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} -schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) -schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +schema.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.jks +schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +schema.service.ssl.key-store-password=password(${KEYSTORE_JKS_PASSWORD}) +schema.service.ssl.trust-store-password=password(${TRUSTSTORE_PASSWORD}) {{ end }} aperture.rdbmsname=aai_relational @@ -115,9 +116,9 @@ aperture.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .V aperture.service.base.url=http://localhost:8457/aai/aperture {{ if ( include "common.needTLS" .) }} -aperture.service.ssl.key-store=${server.local.startpath}etc/auth/{{ .Values.global.config.keystore.filename }} -aperture.service.ssl.trust-store=${server.local.startpath}etc/auth/{{ .Values.global.config.truststore.filename }} -aperture.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) -aperture.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +aperture.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.jks +aperture.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +aperture.service.ssl.key-store-password=password(${KEYSTORE_JKS_PASSWORD}) +aperture.service.ssl.trust-store-password=password(${TRUSTSTORE_PASSWORD}) {{ end }} aperture.service.timeout-in-milliseconds=300000 |