These OOM changes are related AAF Integration

Here we have the ability to optionally disable AAF integration.
A global variable global.security.aaf.enabled=true
will turn on AAF security. with global.security.aaf.enabled=false
it will use spring.security to ensure backward compatibilty. updated
based on review comments

Issue-ID: SO-2452
Signed-off-by: Ramesh Parthasarathy(rp6768)<ramesh.parthasarathy@att.com>
Change-Id: Ia83622ad681cfd122ee906ccd1654b10b5e31fe4

5 files changed, 57 insertions, 10 deletions

diff --git a/kubernetes/so/templates/_cadiValues.tpl b/kubernetes/so/templates/_cadiValues.tpl
new file mode 100644
index 0000000000..426facc4b1
--- /dev/null
+++ b/kubernetes/so/templates/_cadiValues.tpl
@@ -0,0 +1,19 @@
+{{- define "cadi.keys" -}}
+cadiLoglevel: DEBUG
+cadiKeyFile: /org.onap.so.keyfile
+cadiTrustStore: /app/org.onap.so.trust.jks
+cadiTruststorePassword: {{ .Values.global.app.cadi.cadiTruststorePassword }}
+cadiLatitude: {{ .Values.global.app.cadi.cadiLatitude }}
+cadiLongitude: {{ .Values.global.app.cadi.cadiLongitude }}
+aafEnv: {{ .Values.global.app.cadi.aafEnv }}
+aafApiVersion: 2.0
+aafRootNs: {{ .Values.global.app.cadi.aafRootNs }}
+aafId: {{ .Values.mso.config.cadi.aafId }}
+aafPassword: {{ .Values.mso.config.cadi.aafPassword }}
+aafLocateUrl: {{ .Values.global.app.cadi.aafLocateUrl }}
+aafUrl: {{ .Values.global.app.cadi.aafUrl }}
+apiEnforcement: {{ .Values.mso.config.cadi.apiEnforcement }}
+{{- if (.Values.global.app.cadi.noAuthn) }}
+noAuthn: {{ .Values.mso.config.cadi.noAuthn }}
+{{- end }}
+{{- end }}
diff --git a/kubernetes/so/templates/_livenessProbe.tpl b/kubernetes/so/templates/_livenessProbe.tpl
new file mode 100644
index 0000000000..4181beb1f8
--- /dev/null
+++ b/kubernetes/so/templates/_livenessProbe.tpl
@@ -0,0 +1,17 @@
+{{- define "helpers.livenessProbe" -}} 
+livenessProbe:
+  httpGet:
+    path: {{- index .Values.livenessProbe.path|indent 2}}
+    port: {{ index .Values.containerPort }}
+    scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
+    {{- if eq .Values.global.security.aaf.enabled true }}
+    httpHeaders:
+    - name: Authorization
+      value: {{ index .Values.global.aaf.auth.header }}
+    {{- end }}
+  initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
+  periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
+  timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
+  successThreshold: {{ index .Values.livenessProbe.successThreshold}}
+  failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{- end -}}
diff --git a/kubernetes/so/templates/_profileProperty.tpl b/kubernetes/so/templates/_profileProperty.tpl
new file mode 100644
index 0000000000..113bc343d0
--- /dev/null
+++ b/kubernetes/so/templates/_profileProperty.tpl
@@ -0,0 +1,3 @@
+{{- define "helpers.profileProperty" -}}
+  {{ if eq .condition true }}{{.value1}}{{else}}{{.value2}} {{ end }}
+{{- end -}}
diff --git a/kubernetes/so/templates/configmap.yaml b/kubernetes/so/templates/configmap.yaml
index d873beb62c..b57205223e 100755
--- a/kubernetes/so/templates/configmap.yaml
+++ b/kubernetes/so/templates/configmap.yaml
@@ -15,6 +15,7 @@ apiVersion: v1
 data:
   LOG_PATH: {{ index .Values.logPath }}
   APP: {{ index .Values.app }}
+  ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
 kind: ConfigMap
 metadata:
   name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/templates/deployment.yaml b/kubernetes/so/templates/deployment.yaml
index 931a89516b..91e9be6376 100755
--- a/kubernetes/so/templates/deployment.yaml
+++ b/kubernetes/so/templates/deployment.yaml
@@ -85,6 +85,22 @@ spec:
             secretKeyRef:
               name: {{ include "common.release" . }}-so-db-secrets
               key: mariadb.admin.password
+         {{- if eq .Values.global.security.aaf.enabled true }}
+        - name: TRUSTSTORE
+          value: /app/org.onap.so.trust.jks
+        - name: TRUSTSTORE_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Release.Name}}-so-client-certs-secret
+              key: trustStorePassword
+        - name: KEYSTORE
+          value: /app/org.onap.so.jks
+        - name: KEYSTORE_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Release.Name}}-so-client-certs-secret
+              key: keyStorePassword
+        {{- end }}
         envFrom:
         - configMapRef:
             name: {{ include "common.fullname" . }}-configmap
@@ -95,16 +111,7 @@ spec:
         - name: config
           mountPath: /app/config
           readOnly: true
-        livenessProbe:
-          httpGet:
-            path: {{- index .Values.livenessProbe.path|indent 2}}
-            port: {{ index .Values.containerPort }}
-            scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
-          initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
-          periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
-          timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
-          successThreshold: {{ index .Values.livenessProbe.successThreshold}}
-          failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{ include "helpers.livenessProbe" .| indent 8 }}
         ports:
         - containerPort: {{ index .Values.containerPort }}
           name: {{ .Values.service.portName }}