diff options
author | ChrisC <christophe.closset@intl.att.com> | 2020-05-04 12:43:34 +0200 |
---|---|---|
committer | ChrisC <christophe.closset@intl.att.com> | 2020-05-04 12:43:34 +0200 |
commit | 53929946b4f676604396f64e3f2fb793cdbc450e (patch) | |
tree | 2f4512260cb09c4a07c47cbc18f8280e73968ae6 /kubernetes/portal/charts/portal-app | |
parent | f69c491ed06b017fe439ff8ff48ac896e93d0f52 (diff) |
Portal AAF REST API perm fixes for Roles
Fixed AAF REST API creds : reuse of X509 identity
the use of javax.net.ssl variables overrides basic auth identity
the fake password must be slightly updated in order to pass current decryption method in portal code
Issue-ID: PORTAL-875
Change-Id: I0497df70f0ff9a30e4ccd634aff67467f5ae04df
Signed-off-by: ChrisC <christophe.closset@intl.att.com>
Diffstat (limited to 'kubernetes/portal/charts/portal-app')
3 files changed, 10 insertions, 11 deletions
diff --git a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties index 63348f02d6..aeef85e54c 100755 --- a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties +++ b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties @@ -115,13 +115,12 @@ external_system_notification_url= https://jira.onap.org/browse/ #cookie domain cookie_domain = onap.org -{{- if .Values.global.aafEnabled }} -# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now) -ext_central_access_user_name = aaf_admin@people.osaaf.org -ext_central_access_password = thiswillbereplacedatruntime -ext_central_access_url = {{ .Values.aafURL }}/authz/ -ext_central_access_user_domain = @people.osaaf.org - # External Central Auth system access -remote_centralized_system_access = true -{{- end }} +remote_centralized_system_access = {{.Values.global.aafEnabled}} + +# External Access System Basic Auth Credentials & Rest endpoint +# The credentials are placeholders as these are replaced by AAF X509 identity at runtime +ext_central_access_user_name = portal@portal.onap.org +ext_central_access_password = thisfakepasswordwillbereplacedbythex509cert +ext_central_access_url = {{.Values.aafURL}} +ext_central_access_user_domain = @people.osaaf.org
\ No newline at end of file diff --git a/kubernetes/portal/charts/portal-app/templates/deployment.yaml b/kubernetes/portal/charts/portal-app/templates/deployment.yaml index 14bbd3c7f6..af00b5ff89 100644 --- a/kubernetes/portal/charts/portal-app/templates/deployment.yaml +++ b/kubernetes/portal/charts/portal-app/templates/deployment.yaml @@ -60,7 +60,7 @@ spec: -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\ /start-apache-tomcat.sh -i \"\" -n \"\" -b {{ .Values.global.env.tomcatDir }}"] env: - - name: _CATALINA_OPTS + - name: CATALINA_OPTS value: > -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}" -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}" diff --git a/kubernetes/portal/charts/portal-app/values.yaml b/kubernetes/portal/charts/portal-app/values.yaml index 24388277f4..a33bff1d29 100644 --- a/kubernetes/portal/charts/portal-app/values.yaml +++ b/kubernetes/portal/charts/portal-app/values.yaml @@ -37,7 +37,7 @@ pullPolicy: Always #AAF local config -aafURL: https://aaf-service:8100/ +aafURL: https://aaf-service:8100/authz/ aafConfig: aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! |