Merge "[AAI] Create Authorization Policies for AAI"

author: Andreas Geissler <andreas-geissler@telekom.de> 2023-05-30 06:50:08 +0000
committer: Gerrit Code Review <gerrit@onap.org> 2023-05-30 06:50:08 +0000
commit: e0cd330109c072570de1edf987fa2263f75914c9 (patch)
tree: 90c12e60fdb4126f5e7a57da3bb6508ad4feea99 /kubernetes/aai/components/aai-schema-service/values.yaml
parent: fadd545c3bab51ec1a22749176d30d7cd232278a (diff)
parent: 0e7c7fe013116e78e9b2bb2725621e528155b26a (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml
index 19ee9d491c..88f17861c7 100644
--- a/kubernetes/aai/components/aai-schema-service/values.yaml
+++ b/kubernetes/aai/components/aai-schema-service/values.yaml
@@ -98,6 +98,13 @@ service:
 ingress:
   enabled: false
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: aai-graphadmin-read
+      - serviceAccount: aai-resources-read
+      - serviceAccount: aai-traversal-read
+
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
   # resources, such as Minikube. If you do want to specify resources, uncomment the following
author	Andreas Geissler <andreas-geissler@telekom.de>	2023-05-30 06:50:08 +0000
committer	Gerrit Code Review <gerrit@onap.org>	2023-05-30 06:50:08 +0000
commit	e0cd330109c072570de1edf987fa2263f75914c9 (patch)
tree	90c12e60fdb4126f5e7a57da3bb6508ad4feea99 /kubernetes/aai/components/aai-schema-service/values.yaml
parent	fadd545c3bab51ec1a22749176d30d7cd232278a (diff)
parent	0e7c7fe013116e78e9b2bb2725621e528155b26a (diff)