[OOF] Update containers to latest versions

- OSDF: 3.0.4
     - Fixed NST selection response
- HAS: 2.1.4
     - Fixed SDC interface
     - Fixed weak cryptography issues
- CMSO: 2.3.2
     - Fixed weak cryptography issues
Chart changes
     - Remove encrypted password from
       CMSO and move it to k8s secret

Issue-ID: OPTFRA-917
Signed-off-by: Krishna Moorthy <krishna.moorthy6@wipro.com>
Change-Id: I1cf272f66f76412d5042fdf3ed3bcf1d461ab254

9 files changed, 54 insertions, 13 deletions

diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties
index 4bf8f74666..04a5714a8e 100644
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties
@@ -52,8 +52,8 @@ cmso.minizinc.command.solver=OSICBC
 cmso.minizinc.command.timelimit=60000
 cmso.minizinc.command.mzn=scripts/minizinc/generic_attributes.mzn
 
-mechid.user=oof@oof.onap.org
-mechid.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw==
+mechid.user=${AAF_USER}
+mechid.pass=${AAF_PASSWORD}
 
 aaf.urls=https://aaf-locate:8095
 aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties
diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml
index c1d2602713..1f96183dd5 100644
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml
@@ -116,6 +116,10 @@ spec:
           value: {{ .Values.global.truststorePassword }}
         - name: AUTHENTICATION
           value: {{ .Values.global.authentication }}
+        - name: AAF_USER
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "login") | indent 10}}
+        - name: AAF_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "password") | indent 10}}
         command:
         - /bin/sh
         args:
diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml
index aa6ae1941c..d50995a615 100644
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml
@@ -24,12 +24,12 @@ subChartsOnly:
   enabled: true
 
 # application image
-image: onap/optf-cmso-optimizer:2.3.1
+image: onap/optf-cmso-optimizer:2.3.2
 pullPolicy: Always
 
 #init container image
 dbinit:
-  image: onap/optf-cmso-dbinit:2.3.1
+  image: onap/optf-cmso-dbinit:2.3.2
 
 # flag to enable debugging - application support required
 debugEnabled: false
@@ -45,6 +45,12 @@ secrets:
     login: '{{ .Values.config.db.user }}'
     password: '{{ .Values.config.db.password }}'
     passwordPolicy: required
+  - uid: cmso-aaf-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.aaf.userCredentialsExternalSecret) . }}'
+    login: '{{ .Values.config.aaf.user }}'
+    password: '{{ .Values.config.aaf.password }}'
+    passwordPolicy: required
 
 #################################################################
 # Application configuration defaults.
@@ -81,6 +87,10 @@ service:
 
 
 config:
+  aaf:
+    user: user
+    password: pass
+#    userCredentialsExternalSecret: some-secret
   db:
     port: 3306
 #    rootPassword: pass
diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties
index 6525a4ee9c..363aecbc03 100644
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties
@@ -94,11 +94,11 @@ so.polling.interval.ms=10000
 
 ## loopback settings
 so.url=http://127.0.0.1:5000/onap/so/infra/orchestrationRequests/v7
-so.user=oof@oof.onap.org
-so.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw==
+so.user=${AAF_USER}
+so.pass=${AAF_USER}
 
-mechid.user=oof@oof.onap.org
-mechid.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw==
+mechid.user=${AAF_USER}
+mechid.pass=${AAF_PASSWORD}
 
 cmso.dispatch.url=http://localhost:8089
 
diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml
index 27d52a24ba..d9f2bd0734 100644
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml
@@ -140,6 +140,10 @@ spec:
           value: {{ .Values.global.truststorePassword }}
         - name: AUTHENTICATION
           value: {{ .Values.global.authentication }}
+        - name: AAF_USER
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "login") | indent 10}}
+        - name: AAF_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "password") | indent 10}}
         command:
         - /bin/sh
         args:
diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml
index f0e62e458d..06dd478b0e 100644
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml
@@ -23,13 +23,13 @@ subChartsOnly:
   enabled: true
 
 # application image
-image: onap/optf-cmso-service:2.3.1
-robotimage: onap/optf-cmso-robot:2.3.1
+image: onap/optf-cmso-service:2.3.2
+robotimage: onap/optf-cmso-robot:2.3.2
 pullPolicy: Always
 
 #init container image
 dbinit:
-  image: onap/optf-cmso-dbinit:2.3.1
+  image: onap/optf-cmso-dbinit:2.3.2
 
 # flag to enable debugging - application support required
 debugEnabled: false
@@ -44,6 +44,12 @@ secrets:
     login: '{{ .Values.config.db.user }}'
     password: '{{ .Values.config.db.password }}'
     passwordPolicy: required
+  - uid: cmso-aaf-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.aaf.userCredentialsExternalSecret) . }}'
+    login: '{{ .Values.config.aaf.user }}'
+    password: '{{ .Values.config.aaf.password }}'
+    passwordPolicy: required
 
 #################################################################
 # Application configuration defaults.
@@ -80,6 +86,10 @@ service:
 
 
 config:
+  aaf:
+    user: user
+    password: pass
+#    userCredentialsExternalSecret: some-secret
   db:
     port: 3306
 #    rootPassword: pass
@@ -93,6 +103,7 @@ config:
   optimizer_host: oof-cmso-optimizer
   optimizer_port: 7997
 
+
 ingress:
   enabled: false
 
diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml
index d88e1b22c2..4f6976ed28 100644
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml
@@ -23,7 +23,7 @@ subChartsOnly:
   enabled: true
 
 # application image
-image: onap/optf-cmso-ticketmgt:2.3.1
+image: onap/optf-cmso-ticketmgt:2.3.2
 pullPolicy: Always
 
 
diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml
index 56d9c7c12a..b3adb5c69c 100644
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml
@@ -22,7 +22,7 @@ subChartsOnly:
   enabled: true
 
 # application image
-image: onap/optf-cmso-topology:2.3.1
+image: onap/optf-cmso-topology:2.3.2
 pullPolicy: Always
 
 
diff --git a/kubernetes/oof/components/oof-cmso/values.yaml b/kubernetes/oof/components/oof-cmso/values.yaml
index c574a86136..c46fd0a33a 100644
--- a/kubernetes/oof/components/oof-cmso/values.yaml
+++ b/kubernetes/oof/components/oof-cmso/values.yaml
@@ -36,6 +36,11 @@ secrets:
     login: '{{ .Values.config.db.optimizer.userName }}'
     password: '{{ .Values.config.db.optimizer.userPassword }}'
     passwordPolicy: generate
+  - uid: cmso-aaf-creds
+    name: &aafCreds '{{ include "common.release" . }}-cmso-aaf-creds'
+    type: basicAuth
+    login: '{{ .Values.config.aaf.user }}'
+    password: '{{ .Values.config.aaf.password }}'
 
 mariadb-galera:
   replicaCount: 1
@@ -75,6 +80,9 @@ mariadb-init:
 flavor: small
 
 config:
+  aaf:
+    user: oof@oof.onap.org
+    password: demo123456!
   log:
     logstashServiceName: log-ls
     logstashPort: 5044
@@ -115,6 +123,8 @@ oof-cmso-service:
       host: *dbName
       container: *dbName
       mysqlDatabase: cmso
+    aaf:
+      userCredentialsExternalSecret: *aafCreds
 
 oof-cmso-optimizer:
   enabled: true
@@ -128,6 +138,8 @@ oof-cmso-optimizer:
       host: *dbName
       container: *dbName
       mysqlDatabase: optimizer
+    aaf:
+      userCredentialsExternalSecret: *aafCreds
 
 oof-cmso-topology:
   enabled: true