diff options
author | Ramesh Parthasarathy <ramesh.parthasarathy@att.com> | 2020-02-05 17:02:28 +0000 |
---|---|---|
committer | Ramesh Parthasarathy <ramesh.parthasarathy@att.com> | 2020-02-07 00:36:28 +0000 |
commit | 95dc1c9693b60b828fe5d6884933c2054d815e6a (patch) | |
tree | 4119b0bf5b6ddbda785193f1e4d44aee7bd0e877 /kubernetes/so/charts/so-sdnc-adapter | |
parent | 00fd764cb5bdfd020e05a2391639857f6181f0cb (diff) |
These OOM changes are related AAF Integration
Here we have the ability to optionally disable AAF integration.
A global variable global.security.aaf.enabled=true
will turn on AAF security. with global.security.aaf.enabled=false
it will use spring.security to ensure backward compatibilty. updated
based on review comments
Issue-ID: SO-2452
Signed-off-by: Ramesh Parthasarathy(rp6768)<ramesh.parthasarathy@att.com>
Change-Id: Ia83622ad681cfd122ee906ccd1654b10b5e31fe4
Diffstat (limited to 'kubernetes/so/charts/so-sdnc-adapter')
3 files changed, 24 insertions, 14 deletions
diff --git a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml index 5062a1f8f0..a20d2178ba 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml @@ -19,12 +19,14 @@ mso: max-pool-size: 50 queue-capacity: 500 logPath: ./logs/sdnc + config: + cadi: {{ include "cadi.keys" . | nindent 14}} catalog: db: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: Basic YnBlbDpwYXNzd29yZDEk + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} site-name: onapheat org: onap: @@ -100,7 +102,7 @@ org: changedelete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf delete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf rollback: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf - bpelauth: 4C18603C5AE7E3A42A6CED95CDF9C0BA9B2109B3725747662E5D34E5FDF63DA9ADEBB08185098F14699195FDE9475100 + bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.bpelauth )}} bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService generic-resource: network-topology-operation: @@ -139,7 +141,7 @@ org: myurl: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/rest/SDNCNotify rest: bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage - sdncauth: ED07A7EE5F099FA53369C3DF2240AD68A00154676EEDBC6F8C16BAA83B1912941B8941ABD48683D2C1072DA7040659692DE936A59BBF42A038CF71DE67B4A375190071EC76EA657801B033C135 + sdncauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.sdncauth )}} sdncconnecttime: 5000 sdncurl10: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/GENERIC-RESOURCE-API:' sdncurl11: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNFTOPOLOGYAIC-API:' @@ -159,7 +161,7 @@ org: '': query: GET|60000|sdncurl12| network: - encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7 + encryptionKey: {{ index .Values.org.onap.so.adapters.sdnc.network.encryptionKey }} spring: security: usercredentials: diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml index d873beb62c..b57205223e 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml @@ -15,6 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml index ab489160fc..5c7f3ab0ca 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml @@ -70,6 +70,22 @@ spec: secretKeyRef: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.admin.password + {{- if eq .Values.global.security.aaf.enabled true }} + - name: TRUSTSTORE + value: /app/org.onap.so.trust.jks + - name: TRUSTSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: trustStorePassword + - name: KEYSTORE + value: /app/org.onap.so.jks + - name: KEYSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: keyStorePassword + {{- end }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap @@ -80,16 +96,7 @@ spec: - name: config mountPath: /app/config readOnly: true - livenessProbe: - httpGet: - path: {{- index .Values.livenessProbe.path|indent 2}} - port: {{ index .Values.containerPort }} - scheme: {{- index .Values.livenessProbe.scheme| indent 2}} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} +{{ include "helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} |