summaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
authorDominik Mizyn <d.mizyn@samsung.com>2020-04-16 11:21:23 +0200
committerSylvain Desbureaux <sylvain.desbureaux@orange.com>2020-04-20 07:14:43 +0000
commit165a22d947d37ba41372c5fc6dbca2821487f9e7 (patch)
tree1fa25e3475c6e18fc54aa4376622720a2d15f547 /kubernetes
parent768eac673132b08e48da7beba7062af0e7771c4c (diff)
[POLICY] Use common secret template in pdp
Use common secret template in pdp module instead of hardcoding them For now creds are hardcoded but this will be remove in further commits. Issue-ID: OOM-2342 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com> Change-Id: I091e5390c1ef7d98f0c4fb1cb5f6ca2d099e387f
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf8
-rw-r--r--kubernetes/policy/charts/pdp/templates/statefulset.yaml16
-rw-r--r--kubernetes/policy/charts/pdp/values.yaml18
3 files changed, 38 insertions, 4 deletions
diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf
index 52480e59ff..bb12880ca7 100644
--- a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf
+++ b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf
@@ -39,10 +39,10 @@ REST_PDP_REGISTER_RETRIES=-1
REST_PDP_MAXCONTENT=999999999
# PDP related properties
-PDP_HTTP_USER_ID=testpdp
-PDP_HTTP_PASSWORD=alpha123
-PDP_PAP_PDP_HTTP_USER_ID=testpap
-PDP_PAP_PDP_HTTP_PASSWORD=alpha123
+PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID}
+PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD}
+PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID}
+PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD}
node_type=pdp_xacml
resource_name=pdp_1
diff --git a/kubernetes/policy/charts/pdp/templates/statefulset.yaml b/kubernetes/policy/charts/pdp/templates/statefulset.yaml
index e55f9d0987..8e0c40370d 100644
--- a/kubernetes/policy/charts/pdp/templates/statefulset.yaml
+++ b/kubernetes/policy/charts/pdp/templates/statefulset.yaml
@@ -46,6 +46,14 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: JDBC_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input
name: pe
@@ -81,6 +89,14 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: JDBC_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
resources:
{{ include "common.resources" . | indent 12 }}
ports:
diff --git a/kubernetes/policy/charts/pdp/values.yaml b/kubernetes/policy/charts/pdp/values.yaml
index 7b5f6f8ac9..0b2f92bc80 100644
--- a/kubernetes/policy/charts/pdp/values.yaml
+++ b/kubernetes/policy/charts/pdp/values.yaml
@@ -33,6 +33,18 @@ secrets:
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
+ - uid: pdp-http-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}'
+ login: '{{ .Values.pdp.pdphttpuserid }}'
+ password: '{{ .Values.pdp.pdphttppassword }}'
+ passwordPolicy: required
+ - uid: pap-http-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}'
+ login: '{{ .Values.pap.pdppappdphttpuserid }}'
+ password: '{{ .Values.pap.pdppappdphttppassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
@@ -50,6 +62,12 @@ debugEnabled: false
db:
user: policy_user
password: policy_user
+pdp:
+ pdphttpuserid: testpdp
+ pdphttppassword: alpha123
+pap:
+ pdppappdphttpuserid: testpap
+ pdppappdphttppassword: alpha123
config:
papPort: 9091