aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/portal
diff options
context:
space:
mode:
authorChrisC <christophe.closset@intl.att.com>2020-05-04 12:43:34 +0200
committerChrisC <christophe.closset@intl.att.com>2020-05-04 12:43:34 +0200
commit53929946b4f676604396f64e3f2fb793cdbc450e (patch)
tree2f4512260cb09c4a07c47cbc18f8280e73968ae6 /kubernetes/portal
parentf69c491ed06b017fe439ff8ff48ac896e93d0f52 (diff)
Portal AAF REST API perm fixes for Roles
Fixed AAF REST API creds : reuse of X509 identity the use of javax.net.ssl variables overrides basic auth identity the fake password must be slightly updated in order to pass current decryption method in portal code Issue-ID: PORTAL-875 Change-Id: I0497df70f0ff9a30e4ccd634aff67467f5ae04df Signed-off-by: ChrisC <christophe.closset@intl.att.com>
Diffstat (limited to 'kubernetes/portal')
-rwxr-xr-xkubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties17
-rw-r--r--kubernetes/portal/charts/portal-app/templates/deployment.yaml2
-rw-r--r--kubernetes/portal/charts/portal-app/values.yaml2
-rwxr-xr-xkubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties17
-rw-r--r--kubernetes/portal/charts/portal-sdk/templates/deployment.yaml2
-rw-r--r--kubernetes/portal/charts/portal-sdk/values.yaml2
6 files changed, 20 insertions, 22 deletions
diff --git a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
index 63348f02d6..aeef85e54c 100755
--- a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
+++ b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
@@ -115,13 +115,12 @@ external_system_notification_url= https://jira.onap.org/browse/
#cookie domain
cookie_domain = onap.org
-{{- if .Values.global.aafEnabled }}
-# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now)
-ext_central_access_user_name = aaf_admin@people.osaaf.org
-ext_central_access_password = thiswillbereplacedatruntime
-ext_central_access_url = {{ .Values.aafURL }}/authz/
-ext_central_access_user_domain = @people.osaaf.org
-
# External Central Auth system access
-remote_centralized_system_access = true
-{{- end }}
+remote_centralized_system_access = {{.Values.global.aafEnabled}}
+
+# External Access System Basic Auth Credentials & Rest endpoint
+# The credentials are placeholders as these are replaced by AAF X509 identity at runtime
+ext_central_access_user_name = portal@portal.onap.org
+ext_central_access_password = thisfakepasswordwillbereplacedbythex509cert
+ext_central_access_url = {{.Values.aafURL}}
+ext_central_access_user_domain = @people.osaaf.org \ No newline at end of file
diff --git a/kubernetes/portal/charts/portal-app/templates/deployment.yaml b/kubernetes/portal/charts/portal-app/templates/deployment.yaml
index 14bbd3c7f6..af00b5ff89 100644
--- a/kubernetes/portal/charts/portal-app/templates/deployment.yaml
+++ b/kubernetes/portal/charts/portal-app/templates/deployment.yaml
@@ -60,7 +60,7 @@ spec:
-Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
/start-apache-tomcat.sh -i \"\" -n \"\" -b {{ .Values.global.env.tomcatDir }}"]
env:
- - name: _CATALINA_OPTS
+ - name: CATALINA_OPTS
value: >
-Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}"
-Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}"
diff --git a/kubernetes/portal/charts/portal-app/values.yaml b/kubernetes/portal/charts/portal-app/values.yaml
index 24388277f4..a33bff1d29 100644
--- a/kubernetes/portal/charts/portal-app/values.yaml
+++ b/kubernetes/portal/charts/portal-app/values.yaml
@@ -37,7 +37,7 @@ pullPolicy: Always
#AAF local config
-aafURL: https://aaf-service:8100/
+aafURL: https://aaf-service:8100/authz/
aafConfig:
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
diff --git a/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties b/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
index 063ba3d122..45ea9b70ca 100755
--- a/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
+++ b/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
@@ -82,13 +82,12 @@ authenticate_user_server=http://{{.Values.global.portalHostName}}:8383/openid-co
#cookie domain
cookie_domain = onap.org
-{{- if .Values.global.aafEnabled }}
-# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now)
-ext_central_access_user_name = aaf_admin@people.osaaf.org
-ext_central_access_password = thiswillbereplacedatruntime
-ext_central_access_url = {{ .Values.aafURL }}/authz/
-ext_central_access_user_domain = @people.osaaf.org
-
# External Central Auth system access
-remote_centralized_system_access = true
-{{- end }} \ No newline at end of file
+remote_centralized_system_access = {{.Values.global.aafEnabled}}
+
+# External Access System Basic Auth Credentials & Rest endpoint
+# The credentials are placeholders as these are replaced by AAF X509 identity at runtime
+ext_central_access_user_name = portal@portal.onap.org
+ext_central_access_password = thisfakepasswordwillbereplacedbythex509cert
+ext_central_access_url = {{.Values.aafURL}}
+ext_central_access_user_domain = @people.osaaf.org \ No newline at end of file
diff --git a/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml b/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml
index 2de9a1bd24..b78ef34fa1 100644
--- a/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml
+++ b/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml
@@ -60,7 +60,7 @@ spec:
-Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
/start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
env:
- - name: _CATALINA_OPTS
+ - name: CATALINA_OPTS
value: >
-Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}"
-Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}"
diff --git a/kubernetes/portal/charts/portal-sdk/values.yaml b/kubernetes/portal/charts/portal-sdk/values.yaml
index 45af55fe1d..96ae9099b0 100644
--- a/kubernetes/portal/charts/portal-sdk/values.yaml
+++ b/kubernetes/portal/charts/portal-sdk/values.yaml
@@ -37,7 +37,7 @@ image: onap/portal-sdk:3.2.0
pullPolicy: Always
#AAF local config
-aafURL: https://aaf-service:8100/
+aafURL: https://aaf-service:8100/authz/
aafConfig:
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!