These OOM changes are related AAF Integration

Here we have the ability to optionally disable AAF integration.
A global variable global.security.aaf.enabled=true
will turn on AAF security. with global.security.aaf.enabled=false
it will use spring.security to ensure backward compatibilty. updated
based on review comments

Issue-ID: SO-2452
Signed-off-by: Ramesh Parthasarathy(rp6768)<ramesh.parthasarathy@att.com>
Change-Id: Ia83622ad681cfd122ee906ccd1654b10b5e31fe4

3 files changed, 33 insertions, 23 deletions

diff --git a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml
index 5930b5d5be..a714ba9328 100755
--- a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml
+++ b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 aai:
-  auth: 221187EFA3AD4E33600DE0488F287099934CE65C3D0697BCECC00BB58E784E07CD74A24581DC31DBC086FF63DF116378776E9BE3D1325885
+  auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
   dme2:
     timeout: '30000'
   endpoint: https://aai.{{ include "common.namespace" . }}:8443
@@ -21,7 +21,7 @@ aai:
 cds:
   endpoint: cds-blueprints-processor-grpc
   port: 9111
-  auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+  auth: {{ .Values.cds.auth }}
   timeout: 600
 camunda:
   bpm:
@@ -51,10 +51,12 @@ mso:
   rainyDay:
     retryDurationMultiplier: 2
     maxRetries: 5
-  msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+  msoKey: {{ .Values.mso.key }}
   correlation:
     timeout: 60
   logPath: logs
+  config:
+    cadi: {{ include "cadi.keys" . | nindent 8}}
   async:
     core-pool-size: 50
     max-pool-size: 50
@@ -64,10 +66,10 @@ mso:
       endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/CompleteMsoProcess
     requestDb:
       endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
-      auth: Basic YnBlbDpwYXNzd29yZDEk
+      auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.adapters.requestDb.auth )}}
     db:
-      auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
-      password: wLg4sjrAFUS8rfVfdvTXeQ==
+      auth: {{ .Values.mso.adapters.db.auth }}
+      password: {{ .Values.mso.adapters.db.password }}
       endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/services/RequestsDbAdapter
       spring:
         endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
@@ -79,7 +81,7 @@ mso:
       db:
         endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/services/RequestsDbAdapter
     po:
-      auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
+      auth: {{ .Values.mso.adapters.po.auth }}
     sdnc:
       endpoint: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/SDNCAdapter
       rest:
@@ -112,7 +114,7 @@ mso:
       spring:
         endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
   db:
-    auth: Basic YnBlbDpwYXNzd29yZDEk
+    auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
   default:
     adapter:
       namespace: http://org.onap.mso
@@ -129,7 +131,7 @@ mso:
       endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/
   rollback: 'true'
   sdnc:
-    password: 1D78CFC35382B6938A989066A7A7EAEF4FE933D2919BABA99EB4763737F39876C333EE5F
+    password: {{ .Values.mso.sdnc.password }}
   service:
     agnostic:
       sniro:
@@ -137,12 +139,12 @@ mso:
         host: http://sniro-emulator:80
   site-name: CamundaEngine
   sniro:
-    auth: test:testpwd
+    auth: {{ .Values.mso.sniro.auth }}
     callback: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/adapters/rest/SDNCNotify
-    endpoint: http://replaceme:28090/optimizationInstance/V1/create
+    endpoint: {{ .Values.mso.sniro.endpoint }}
     timeout: PT30M
   oof:
-    auth: test:testpwd
+    auth: {{ .Values.mso.oof.auth }}
     callbackEndpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
     endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698/api/oof/v1/placement
     timeout: PT30M
@@ -361,7 +363,7 @@ so:
   vnfm:
     adapter:
       url: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1/
-      auth: Basic dm5mbTpwYXNzd29yZDEk
+      auth: {{ .Values.so.vnfm.adapter.auth }}
 org:
   onap:
     so:
diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml b/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml
index d873beb62c..b57205223e 100755
--- a/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml
+++ b/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml
@@ -15,6 +15,7 @@ apiVersion: v1
 data:
   LOG_PATH: {{ index .Values.logPath }}
   APP: {{ index .Values.app }}
+  ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
 kind: ConfigMap
 metadata:
   name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml b/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml
index 931a89516b..91e9be6376 100755
--- a/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml
@@ -85,6 +85,22 @@ spec:
             secretKeyRef:
               name: {{ include "common.release" . }}-so-db-secrets
               key: mariadb.admin.password
+         {{- if eq .Values.global.security.aaf.enabled true }}
+        - name: TRUSTSTORE
+          value: /app/org.onap.so.trust.jks
+        - name: TRUSTSTORE_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Release.Name}}-so-client-certs-secret
+              key: trustStorePassword
+        - name: KEYSTORE
+          value: /app/org.onap.so.jks
+        - name: KEYSTORE_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Release.Name}}-so-client-certs-secret
+              key: keyStorePassword
+        {{- end }}
         envFrom:
         - configMapRef:
             name: {{ include "common.fullname" . }}-configmap
@@ -95,16 +111,7 @@ spec:
         - name: config
           mountPath: /app/config
           readOnly: true
-        livenessProbe:
-          httpGet:
-            path: {{- index .Values.livenessProbe.path|indent 2}}
-            port: {{ index .Values.containerPort }}
-            scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
-          initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
-          periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
-          timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
-          successThreshold: {{ index .Values.livenessProbe.successThreshold}}
-          failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{ include "helpers.livenessProbe" .| indent 8 }}
         ports:
         - containerPort: {{ index .Values.containerPort }}
           name: {{ .Values.service.portName }}