[SO] Use truststore all keystore

Truststore given by AAF is only giving ONAP root_ca.
In order to have access to other platforms, we must also have all the
other ones.
As ONAP root ÇA and all known CAs are present in truststore All, let's
use it.

Issue-ID: OOM-2688
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I551b8e4a316dcf4f2dee1bf6c45327496a488cdd

3 files changed, 7 insertions, 20 deletions

diff --git a/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl b/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl
index d16b4f7cf8..7e04706d4a 100644
--- a/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl
+++ b/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl
@@ -2,8 +2,8 @@
 {{-   $dot := default . .dot -}}
 {{-   $initRoot := default $dot.Values.soHelpers .initRoot -}}
 cadiLoglevel: {{ $initRoot.cadi.logLevel }}
-cadiKeyFile: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.keyFile }}
-cadiTrustStore: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.trustore }}
+cadiKeyFile: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.certInitializer.fqi_namespace }}.keyfile
+cadiTrustStore: {{ $initRoot.certInitializer.credsPath }}/truststoreONAPall.jks
 cadiTruststorePassword: ${TRUSTSTORE_PASSWORD}
 cadiLatitude: {{ $initRoot.cadi.latitude }}
 cadiLongitude: {{ $initRoot.cadi.longitude }}
diff --git a/kubernetes/so/components/soHelpers/templates/_certificates.tpl b/kubernetes/so/components/soHelpers/templates/_certificates.tpl
index f5b97d5c25..cda61b2cfa 100644
--- a/kubernetes/so/components/soHelpers/templates/_certificates.tpl
+++ b/kubernetes/so/components/soHelpers/templates/_certificates.tpl
@@ -25,10 +25,10 @@
 {{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
 {{-   if $dot.Values.global.aafEnabled }}
 - name: TRUSTSTORE
-  value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}
+  value: {{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks
 {{-     if $dot.Values.global.security.aaf.enabled }}
 - name: KEYSTORE
-  value: {{ $subchartDot.Values.certInitializer.credsPath }}/org.onap.so.p12
+  value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.certInitializer.fqi_namespace }}.p12
 {{-     end }}
 {{-   end }}
 {{- end -}}
diff --git a/kubernetes/so/components/soHelpers/values.yaml b/kubernetes/so/components/soHelpers/values.yaml
index 612f7c1dee..938a6f9d00 100755
--- a/kubernetes/so/components/soHelpers/values.yaml
+++ b/kubernetes/so/components/soHelpers/values.yaml
@@ -23,16 +23,6 @@ global:
       enabled: false
   app:
     msoKey: 07a7159d3bf51a0e53be7a8f89699be7
-  client:
-    certs:
-      truststore: /app/client/org.onap.so.trust.jks
-      keystore: /app/client/org.onap.so.jks
-      trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI
-      keyStorePassword: c280b25hcA==
-  certificates:
-    path: /etc/ssl/certs
-    share_path: /usr/local/share/ca-certificates/
-
 
 #################################################################
 # AAF part
@@ -48,19 +38,16 @@ certInitializer:
   cadi_latitude: '0.0'
   app_ns: org.osaaf.aaf
   credsPath: /opt/app/osaaf/local
-  trustStoreAllPass: changeit
+  qi_namespace: org.onap.so
   aaf_add_config: |
     echo "cadi_truststore_password=$cadi_truststore_password" > {{ .Values.credsPath }}/mycreds.prop
-    echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
+    echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" >> {{ .Values.credsPath }}/mycreds.prop
+    echo "TRUSTSTORE_PASSWORD={{ .Values.truststorePassword }}" >> {{ .Values.credsPath }}/mycreds.prop
 
 aafConfig:
   permission_user: 1000
   permission_group: 999
 
-aaf:
-  trustore: org.onap.so.trust.jks
-  keyFile: org.onap.so.keyfile
-
 #################################################################
 # Application configuration defaults.
 #################################################################