[AAI] 15.0.4 release

- [resources,traversal,graphadmin,schema-service] use v30 api version - [resources,traversal,graphadmin] make basic-auth configurable - [resources,traversal] remove Keycloak-auth related files - [resources,traversal] remove logToFile option since container filesystems are read-only [0] - [graphadmin] use init container for schema-creation [0] and sooner or later any tmp volume will fill up Issue-ID: AAI-4124 Change-Id: Ib9b70dedd07acfb8ae24506ab044de0940c0c815 Signed-off-by: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>
author: Fiete Ostkamp <Fiete.Ostkamp@telekom.de> 2025-02-05 14:34:30 +0100
committer: Fiete Ostkamp <Fiete.Ostkamp@telekom.de> 2025-02-28 11:43:21 +0100
commit: ec6ebbd6049f0e9af38869c6a6af089fc04a8a29 (patch)
tree: 658e1b77f46ab6c9a7e07e5ca5cfaeb361dc9b49 /kubernetes/aai/components/aai-traversal
parent: 3efc75775a486e5116d73dd1180c461870edb51b (diff)
8 files changed, 54 insertions, 48 deletions
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties
index c844b3d194..0c10b9462f 100644
--- a/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties
+++ b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties
@@ -34,8 +34,8 @@ aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
 
 {{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }}
 aai.tools.enableBasicAuth=true
-aai.tools.username={{ .Values.global.config.basic.auth.username }}
-aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
+aai.tools.username={{ (index .Values.global.config.basic.auth.users 0).username }}
+aai.tools.password={{ (index .Values.global.config.basic.auth.users 0).password }}
 {{ end }}
 
 aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application-keycloak.properties b/kubernetes/aai/components/aai-traversal/resources/config/application-keycloak.properties
deleted file mode 100644
index dd1956b63f..0000000000
--- a/kubernetes/aai/components/aai-traversal/resources/config/application-keycloak.properties
+++ /dev/null
@@ -1,13 +0,0 @@
-spring.autoconfigure.exclude=\
-  org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,\
-  org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
-
-multi.tenancy.enabled={{ .Values.config.keycloak.multiTenancy.enabled }}
-keycloak.auth-server-url=http://{{ .Values.config.keycloak.host }}:{{ .Values.config.keycloak.port }}/auth
-keycloak.realm={{ .Values.config.keycloak.realm }}
-keycloak.resource={{ .Values.config.keycloak.resource }}
-keycloak.public-client=false
-keycloak.principal-attribute=preferred_username
-
-keycloak.ssl-required=external
-keycloak.bearer-only=true
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application.properties b/kubernetes/aai/components/aai-traversal/resources/config/application.properties
index f0b6f7e767..f6fad88c19 100644
--- a/kubernetes/aai/components/aai-traversal/resources/config/application.properties
+++ b/kubernetes/aai/components/aai-traversal/resources/config/application.properties
@@ -28,7 +28,7 @@ spring.jersey.type=filter
 spring.main.allow-bean-definition-overriding=true
 server.servlet.context-path=${schema.uri.base.path}
 
-spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration
 spring.profiles.active={{ .Values.global.config.profiles.active }}
 spring.jersey.application-path=/
 
@@ -52,7 +52,6 @@ server.tomcat.max-idle-time=60000
 # If you get an application startup failure that the port is already taken
 # If thats not it, please check if the key-store file path makes sense
 server.local.startpath=aai-traversal/src/main/resources/
-server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
 
 server.port=8446
 
@@ -126,3 +125,9 @@ scrape.uri.metrics=false
 # but doesn't show up in micrometer metrics
 aai.actuator.echo.enabled={{ .Values.actuator.echo.enabled }}
 aai.graph.properties.path=${server.local.startpath}/etc/appprops/janusgraph-realtime.properties
+
+aai.basic-auth.enabled={{ .Values.global.config.basic.auth.enabled }}
+{{- range $index, $user := .Values.global.config.basic.auth.users }}
+aai.basic-auth.users[{{ $index }}].username={{ $user.username }}
+aai.basic-auth.users[{{ $index }}].password={{ $user.password }}
+{{- end }}
diff --git a/kubernetes/aai/components/aai-traversal/templates/_helpers.tpl b/kubernetes/aai/components/aai-traversal/templates/_helpers.tpl
new file mode 100644
index 0000000000..003be58409
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/templates/_helpers.tpl
@@ -0,0 +1,21 @@
+{{- define "aai.waitForSchemaCreation" -}}
+- name: wait-for-schema-creation
+  image: "{{ include "repositoryGenerator.image.curl" . }}"
+  imagePullPolicy: IfNotPresent
+  command: ["/bin/sh", "-c"]
+  args:
+    - |
+      URL="{{ required "URL is required" (.Values.schemaInitCheckURL | default "http://aai-graphadmin:8449/isSchemaInitialized") }}"
+      AUTH="{{ printf "%s:%s" (index .Values.global.config.basic.auth.users 0).username (index .Values.global.config.basic.auth.users 0).password }}"
+      while true; do
+        RESPONSE=$(curl -u $AUTH -s $URL)
+        if [ "$RESPONSE" = "true" ]; then
+          echo "Request successful. Schema is initialized."
+          exit 0
+        else
+          echo "Request unsuccessful. Schema is not yet initialized. Retrying in 3 seconds..."
+          sleep 3
+        fi
+      done
+  {{ include "common.containerSecurityContext" . | indent 2 | trim }}
+{{- end -}}
diff --git a/kubernetes/aai/components/aai-traversal/templates/configmap.yaml b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml
index d3ccd84f24..5db7fb117c 100644
--- a/kubernetes/aai/components/aai-traversal/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml
@@ -24,5 +24,3 @@ data:
 {{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }}
 {{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }}
 {{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/application-keycloak.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }}
diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
index 96d3a7b32a..36e1cbea78 100644
--- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
@@ -48,7 +48,7 @@ spec:
       {{- if .Values.global.jobs.migration.enabled }}
       {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_migration) | nindent 8 }}
       {{- else if .Values.global.jobs.createSchema.enabled  }}
-      {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_createSchema) | nindent 8 }}
+      {{ include "aai.waitForSchemaCreation" . | nindent 6 }}
       {{- else }}
       {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_cassandra) | nindent 8 }}
       {{- end }}
@@ -109,15 +109,9 @@ spec:
         - mountPath: /opt/app/aai-traversal/resources/logback.xml
           name: {{ include "common.fullname" . }}-config
           subPath: logback.xml
-        - mountPath: /opt/app/aai-traversal/resources/etc/auth/realm.properties
-          name: {{ include "common.fullname" . }}-config
-          subPath: realm.properties
         - mountPath: /opt/app/aai-traversal/resources/application.properties
           name: {{ include "common.fullname" . }}-config
           subPath: application.properties
-        - mountPath: /opt/app/aai-traversal/resources/application-keycloak.properties
-          name: {{ include "common.fullname" . }}-config
-          subPath: application-keycloak.properties
         - mountPath: /tmp
           name: tmp
         ports:
diff --git a/kubernetes/aai/components/aai-traversal/templates/job.yaml b/kubernetes/aai/components/aai-traversal/templates/job.yaml
index 546b508166..2e51fd0a81 100644
--- a/kubernetes/aai/components/aai-traversal/templates/job.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/job.yaml
@@ -38,7 +38,7 @@ spec:
     spec:
       {{ include "common.podSecurityContext" . | indent 6 | trim }}
       initContainers:
-      {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_service) | nindent 6 }}
+      {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_traversal) | nindent 6 }}
       - name: {{ include "common.name" . }}-wait-for-aai-haproxy
         image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml
index 3bd5b8caa5..81f8e668c1 100644
--- a/kubernetes/aai/components/aai-traversal/values.yaml
+++ b/kubernetes/aai/components/aai-traversal/values.yaml
@@ -56,8 +56,23 @@ global: # global defaults
     basic:
       auth:
         enabled: true
-        username: AAI
-        passwd: AAI
+        users:
+          - username: aai@aai.onap.org
+            password: demo123456!
+          - username: AAI
+            password: AAI
+          - username: DCAE
+            password: DCAE
+          - username: MSO
+            password: MSO
+          - username: POLICY
+            password: POLICY
+          - username: ASDC
+            password: ASDC
+          - username: ModelLoader
+            password: ModelLoader
+          - username: AaiUI
+            password: AaiUI
 
     # Active spring profiles for the resources microservice
     profiles:
@@ -86,11 +101,11 @@ global: # global defaults
       version:
         # Current version of the REST API
         api:
-          default: v29
+          default: v30
         # Specifies which version the depth parameter is configurable
         depth: v11
         # List of all the supported versions of the API
-        list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29
+        list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29,v30
         # Specifies from which version related link should appear
         related:
           link: v11
@@ -111,7 +126,7 @@ global: # global defaults
     someConfig: random
 
 # application image
-image: onap/aai-traversal:1.15.4
+image: onap/aai-traversal:1.15.5
 pullPolicy: Always
 restartPolicy: Always
 flavor: small
@@ -155,20 +170,6 @@ aai_enpoints:
 
 # application configuration
 config:
-
-  # configure keycloak according to your environment.
-  # don't forget to add keycloak in active profiles above (global.config.profiles)
-  keycloak:
-    host: keycloak.your.domain
-    port: 8180
-    # Specifies a set of users, credentials, roles, and groups
-    realm: aai-traversal
-    # Used by any client application for enabling fine-grained authorization for their protected resources
-    resource: aai-traversal-app
-    # If set to true, additional criteria will be added into traversal query to returns all the vertices that match
-    # the data-owner property with the given role to the user in keycloak
-    multiTenancy:
-      enabled: true
   janusgraph:
     caching:
       # enable when running read-heavy workloads
@@ -443,9 +444,9 @@ readinessCheck:
     services:
       - '{{ .Values.global.cassandra.serviceName }}'
       - aai-schema-service
-  wait_for_service:
+  wait_for_traversal:
     services:
-      - aai
+      - aai-traversal
 
 jobAnnotations:
   "helm.sh/hook": pre-upgrade,pre-rollback,post-install
author	Fiete Ostkamp <Fiete.Ostkamp@telekom.de>	2025-02-05 14:34:30 +0100
committer	Fiete Ostkamp <Fiete.Ostkamp@telekom.de>	2025-02-28 11:43:21 +0100
commit	ec6ebbd6049f0e9af38869c6a6af089fc04a8a29 (patch)
tree	658e1b77f46ab6c9a7e07e5ca5cfaeb361dc9b49 /kubernetes/aai/components/aai-traversal
parent	3efc75775a486e5116d73dd1180c461870edb51b (diff)