[PORTAL ] Non-root user DB access from WMS

Update portal-widget HELM charts to use non-
root user access to the portal mariadb
backend

Issue-ID: OOM-2601
Signed-off-by: SandeepLinux <ss048t@att.com>
Change-Id: I434ce85f1d0922d87fca35f692064a9b5e757954
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>

2 files changed, 54 insertions, 0 deletions

diff --git a/kubernetes/portal/components/portal-widget/templates/deployment.yaml b/kubernetes/portal/components/portal-widget/templates/deployment.yaml
index 4640a43f73..44d7fc467e 100644
--- a/kubernetes/portal/components/portal-widget/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-widget/templates/deployment.yaml
@@ -49,6 +49,40 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+      - name: {{ include "common.name" . }}-portal-widget-config
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+        - sh
+        args:
+        - "-c"
+        - |
+          cd /config-input && \
+          for PFILE in `ls -1 *.*`
+          do
+            envsubst <${PFILE} >/config/${PFILE}
+            chmod 0755 /config/${PFILE}
+          done
+        env:
+          - name: PORTAL_DB_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }}
+          - name: PORTAL_DB_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }}
+          - name: WIDGET_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-widget" "key" "login") | indent 12 }}
+          - name: WIDGET_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-widget" "key" "password") | indent 12 }}
+          - name: ACC_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-account" "key" "login") | indent 12 }}
+          - name: ACC_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-account" "key" "password") | indent 12 }}
+          - name: JASYPT_ENC_KEY
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "jasypt-enc-key" "key" "password") | indent 12 }}
+        volumeMounts:
+        - mountPath: /config-input
+          name: properties-onapwidgetms-scrubbed
+        - mountPath: /config
+          name: properties-onapwidgetms
       containers:
       - name: {{ include "common.name" . }}
         image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -94,6 +128,9 @@ spec:
           hostPath:
             path: /etc/localtime
         - name: properties-onapwidgetms
+          emptyDir:
+            medium: Memory
+        - name: properties-onapwidgetms-scrubbed
           configMap:
             name: {{ include "common.fullname" . }}-onapwidgetms
             defaultMode: 0755
diff --git a/kubernetes/portal/components/portal-widget/templates/secret.yaml b/kubernetes/portal/components/portal-widget/templates/secret.yaml
new file mode 100644
index 0000000000..9a3f011e80
--- /dev/null
+++ b/kubernetes/portal/components/portal-widget/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}