[AAI] Service Mesh compatibility

This patch makes AAI to work on service mesh by removing https calls
from everywhere.
It allows also to use AAI on an environment without need of TLS.

Issue-ID: OOM-2670
Signed-off-by: Ondrej Frindrich <ondrej1.frindrich@orange.com>
Change-Id: I19adabc7b33c1ada243ec16f77dbf8fde19b1386

5 files changed, 37 insertions, 16 deletions

diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties
index 843a90bbcd..b8a2b5fe03 100644
--- a/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties
+++ b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties
@@ -28,20 +28,28 @@ aai.config.checktime=1000
 # this could come from siteconfig.pl?
 aai.config.nodename=AutomaticallyOverwritten
 
+{{ if ( include "common.needTLS" .) }}
 aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
 aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
 aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
+{{else}}
+aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
+aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
+{{ end }}
 
-{{ if .Values.global.config.basic.auth.enabled }}
+{{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }}
 aai.tools.enableBasicAuth=true
 aai.tools.username={{ .Values.global.config.basic.auth.username }}
 aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
 {{ end }}
 
+{{ if ( include "common.needTLS" .) }}
 aai.truststore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
 aai.truststore.passwd.x=${TRUSTSTORE_PASSWORD}
 aai.keystore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
 aai.keystore.passwd.x=${KEYSTORE_PASSWORD}
+{{ end }}
 
 aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
 aai.notificationEvent.default.status=UNPROCESSED
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application.properties b/kubernetes/aai/components/aai-traversal/resources/config/application.properties
index a5e92c5a61..54bb1c4afd 100644
--- a/kubernetes/aai/components/aai-traversal/resources/config/application.properties
+++ b/kubernetes/aai/components/aai-traversal/resources/config/application.properties
@@ -29,7 +29,7 @@ server.servlet.context-path=/
 
 spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
 
-spring.profiles.active={{ .Values.global.config.profiles.active }}
+spring.profiles.active={{ .Values.global.config.profiles.active }}{{ (eq "true" (include "common.needTLS" .)) | ternary ",one-way-ssl" "" }}
 spring.jersey.application-path=${schema.uri.base.path}
 #The max number of active threads in this pool
 server.tomcat.max-threads=200
@@ -44,6 +44,7 @@ server.local.startpath=aai-traversal/src/main/resources/
 server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
 
 server.port=8446
+{{ if ( include "common.needTLS" .) }}
 server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
 server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
 server.ssl.key-store-password=${KEYSTORE_PASSWORD}
@@ -51,11 +52,15 @@ server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certIn
 server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
 server.ssl.client-auth=want
 server.ssl.key-store-type=JKS
+{{ else }}
+security.require-ssl=false
+server.ssl.enabled=false
+{{ end }}
 
 # JMS bind address host port
 jms.bind.address=tcp://localhost:61647
-dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:3905
-dmaap.ribbon.transportType=https
+dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }}
+dmaap.ribbon.transportType={{ include "common.scheme" . }}
 
 # Schema related attributes for the oxm and edges
 # Any additional schema related attributes should start with prefix schema
@@ -89,14 +94,16 @@ schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.lab
 schema.version.api.default={{ .Values.global.config.schema.version.api.default }}
 
 schema.translator.list={{ .Values.global.config.schema.translator.list }}
-schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
+schema.service.base.url={{ include "common.scheme" . }}://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
 schema.service.nodes.endpoint=nodes?version=
 schema.service.edges.endpoint=edgerules?version=
 schema.service.versions.endpoint=versions
 schema.service.custom.queries.endpoint=stored-queries
-schema.service.client={{ .Values.global.config.schema.service.client }}
+schema.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
 
+{{ if ( include "common.needTLS" .) }}
 schema.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
 schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
 schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD}
 schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
+{{ end }}
diff --git a/kubernetes/aai/components/aai-traversal/templates/job.yaml b/kubernetes/aai/components/aai-traversal/templates/job.yaml
index 2eac7fe722..42f0f47bb0 100644
--- a/kubernetes/aai/components/aai-traversal/templates/job.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/job.yaml
@@ -69,10 +69,16 @@ spec:
         - bash
         - "-c"
         - |
-          set -x
-          if [ ! -d /opt/aai/logroot/AAI-GQ/misc ]; then mkdir -p /opt/aai/logroot/AAI-GQ/misc; fi
-          until nc -w10 -z -v aai.{{.Release.Namespace}} 8443; do echo "Retrying to reach aai on port 8443"; done;
-          bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh
+           set -x
+           if [ ! -d /opt/aai/logroot/AAI-GQ/misc ]; then mkdir -p /opt/aai/logroot/AAI-GQ/misc; fi
+          {{- if (include "common.needTLS" .) }}
+           until nc -w10 -z -v aai.{{.Release.Namespace}} 8443; do echo "Retrying to reach aai on port 8443"; done;
+           bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh
+          {{- else }}
+           until nc -w10 -z -v aai.{{.Release.Namespace}} 80; do echo "Retrying to reach aai on port 80"; done;
+           bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh ;
+           {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
+          {{- end }}
         env:
         - name: LOCAL_USER_ID
           value: {{ .Values.global.config.userId | quote }}
diff --git a/kubernetes/aai/components/aai-traversal/templates/service.yaml b/kubernetes/aai/components/aai-traversal/templates/service.yaml
index fad857bb41..b54b6be644 100644
--- a/kubernetes/aai/components/aai-traversal/templates/service.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/service.yaml
@@ -30,16 +30,16 @@ spec:
   {{if eq .Values.service.type "NodePort" -}}
   - port: {{ .Values.service.internalPort }}
     nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
-    name: {{ .Values.service.portName }}
+    name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
   - port: {{ .Values.service.internalPort2 }}
     nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
     name: {{ .Values.service.portName2 }}
   {{- else -}}
   - port: {{ .Values.service.internalPort }}
-    name: {{ .Values.service.portName }}
+    name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
   - port: {{ .Values.service.internalPort2 }}
     name: {{ .Values.service.portName2 }}
-  {{- end}}
+  {{- end }}
   selector:
     app: {{ include "common.name" . }}
     release: {{ include "common.release" . }}
diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml
index ad4279a543..c1746be9ed 100644
--- a/kubernetes/aai/components/aai-traversal/values.yaml
+++ b/kubernetes/aai/components/aai-traversal/values.yaml
@@ -59,7 +59,7 @@ global: # global defaults
 
     # Active spring profiles for the resources microservice
     profiles:
-      active: production,dmaap,aaf-auth #,keycloak
+      active: production,dmaap #,aaf-auth ,keycloak
 
     # Notification event specific properties
     notification:
@@ -241,9 +241,9 @@ readiness:
 
 service:
   type: ClusterIP
-  portName: aai-traversal-8446
+  portName: http
   internalPort: 8446
-  portName2: aai-traversal-5005
+  portName2: tcp-5005
   internalPort2: 5005
 
 ingress: