[PORTAL] Non-root user for back-end database

Creation of a non-root user for portal backend
mariaDB database. Update portal apps, such as
front-end app and sdk app, to use the non-root
user to access back-end mariaDB database

Issue-ID: OOM-2576
Signed-off-by: SandeepLinux <Sandeep.Shah@att.com>
Change-Id: Ie13c7d190c08a4075058b97b352f4b71bbb0aa47
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>

3 files changed, 17 insertions, 3 deletions

diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
index 2a2ec59d5c..1faed41b85 100755
--- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
+++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
@@ -40,8 +40,8 @@ decryption_key				  = AGLDdG4D04BKm2IxIWEr8o==
 
 db.driver = org.mariadb.jdbc.Driver
 db.connectionURL = jdbc:mariadb://portal-db:3306/ecomp_sdk
-db.userName = root
-db.password = Aa123456
+db.userName =${PORTAL_DB_USER}
+db.password =${PORTAL_DB_PASSWORD}
 db.min_pool_size = 5
 db.max_pool_size = 10
 hb.dialect = org.hibernate.dialect.MySQLDialect
@@ -90,4 +90,4 @@ remote_centralized_system_access = {{.Values.global.aafEnabled}}
 ext_central_access_user_name = aaf_admin@people.osaaf.org
 ext_central_access_password = demo123456!
 ext_central_access_url = {{.Values.aafURL}}
-ext_central_access_user_domain = @people.osaaf.org
\ No newline at end of file
+ext_central_access_user_domain = @people.osaaf.org
diff --git a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml
index f79098fade..fabefde9d3 100644
--- a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml
@@ -61,6 +61,10 @@ spec:
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }}
           - name: CIPHER_ENC_KEY
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }}
+          - name: PORTAL_DB_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }}
+          - name: PORTAL_DB_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }}
         volumeMounts:
         - mountPath: /config-input
           name: properties-onapportalsdk-scrubbed
diff --git a/kubernetes/portal/components/portal-sdk/values.yaml b/kubernetes/portal/components/portal-sdk/values.yaml
index c0f1b58c9a..4056b2aa7a 100644
--- a/kubernetes/portal/components/portal-sdk/values.yaml
+++ b/kubernetes/portal/components/portal-sdk/values.yaml
@@ -39,6 +39,12 @@ secrets:
     login: '{{ .Values.cassandra.config.cassandraUsername }}'
     password: '{{ .Values.cassandra.config.cassandraPassword }}'
     passwordPolicy: required
+  - uid: portal-backend-db
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
+    login: '{{ .Values.mariadb.config.backendUserName }}'
+    password: '{{ .Values.mariadb.config.backendPassword }}'
+    passwordPolicy: required
   - uid: cipher-enc-key
     type: password
     externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}'
@@ -115,6 +121,10 @@ service:
 mariadb:
   service:
     name: portal-db
+  config:
+    # backendDbExternalSecret: some secret
+    backendUserName: portal
+    backendPassword: portal
 widget:
   service:
     name: portal-widget