diff options
author | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-10-02 15:48:42 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2020-10-02 15:48:42 +0000 |
commit | cc77031bc750e16f0dd425a415e676b862518c79 (patch) | |
tree | ec1c502c1bffbae89b94343cfa2baabafc97a8ee /kubernetes/portal/components/portal-sdk | |
parent | 4c9bb49d34b8dbadadc4c99ca39e213241fed4cd (diff) | |
parent | d6b989d947334a7da8acc36ae064d753db360f2c (diff) |
Merge "[PORTAL] Non-root user for back-end database"
Diffstat (limited to 'kubernetes/portal/components/portal-sdk')
3 files changed, 17 insertions, 3 deletions
diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties index 2a2ec59d5c..1faed41b85 100755 --- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties +++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties @@ -40,8 +40,8 @@ decryption_key = AGLDdG4D04BKm2IxIWEr8o== db.driver = org.mariadb.jdbc.Driver db.connectionURL = jdbc:mariadb://portal-db:3306/ecomp_sdk -db.userName = root -db.password = Aa123456 +db.userName =${PORTAL_DB_USER} +db.password =${PORTAL_DB_PASSWORD} db.min_pool_size = 5 db.max_pool_size = 10 hb.dialect = org.hibernate.dialect.MySQLDialect @@ -90,4 +90,4 @@ remote_centralized_system_access = {{.Values.global.aafEnabled}} ext_central_access_user_name = aaf_admin@people.osaaf.org ext_central_access_password = demo123456! ext_central_access_url = {{.Values.aafURL}} -ext_central_access_user_domain = @people.osaaf.org
\ No newline at end of file +ext_central_access_user_domain = @people.osaaf.org diff --git a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml index f79098fade..fabefde9d3 100644 --- a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml @@ -61,6 +61,10 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }} - name: CIPHER_ENC_KEY {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }} + - name: PORTAL_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }} + - name: PORTAL_DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }} volumeMounts: - mountPath: /config-input name: properties-onapportalsdk-scrubbed diff --git a/kubernetes/portal/components/portal-sdk/values.yaml b/kubernetes/portal/components/portal-sdk/values.yaml index c0f1b58c9a..4056b2aa7a 100644 --- a/kubernetes/portal/components/portal-sdk/values.yaml +++ b/kubernetes/portal/components/portal-sdk/values.yaml @@ -39,6 +39,12 @@ secrets: login: '{{ .Values.cassandra.config.cassandraUsername }}' password: '{{ .Values.cassandra.config.cassandraPassword }}' passwordPolicy: required + - uid: portal-backend-db + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}' + login: '{{ .Values.mariadb.config.backendUserName }}' + password: '{{ .Values.mariadb.config.backendPassword }}' + passwordPolicy: required - uid: cipher-enc-key type: password externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}' @@ -115,6 +121,10 @@ service: mariadb: service: name: portal-db + config: + # backendDbExternalSecret: some secret + backendUserName: portal + backendPassword: portal widget: service: name: portal-widget |