diff options
7 files changed, 24 insertions, 14 deletions
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat index df2e128407..d29617a4d9 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat @@ -49,6 +49,7 @@ org.onap.clamp|clds.template|dev|*||"{'org.onap.clamp|service'}" org.onap.clamp|clds.template|dev|read|Onap Clamp Dev Read Access|"{'org.onap.clamp.clds.designer.dev', 'org.onap.clamp|clds.admin.dev'}" org.onap.clamp|clds.template|dev|update|Onap Clamp Dev Update Access|"{'org.onap.clamp.clds.designer.dev', 'org.onap.clamp|clds.admin.dev'}" org.onap.clamp|clds.tosca|dev|*||"{'org.onap.clamp|service'}" +org.onap.clamp|clds.policies|dev|*||"{'org.onap.clamp|service'}" org.onap.clampdemo|access|*|*|ClampDemo Write Access|{'org.onap.clampdemo.admin'} org.onap.clampdemo|access|*|read|ClampDemo Read Access|{'org.onap.clampdemo.owner'} org.onap.clamptest|access|*|*|Onap Write Access|{'org.onap.clamptest.admin'} diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat index ea15da4053..d73a09d4cd 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat @@ -40,7 +40,7 @@ org.onap.clampdemo|admin|Onap Clamp Test Admins|"{'org.onap.clampdemo.access|*| org.onap.clampdemo|owner|onap clamp Test Owners|"{'org.onap.clampdemo.access|*|read'}" org.onap.clamp|owner|AAF Namespace Owners| org.onap.clamp|seeCerts||"{'org.onap.clamp|certman|local|request,ignoreIPs,showpass'}" -org.onap.clamp|service||"{'org.onap.clamp|access|*|*', 'org.onap.clamp|clds.cl.manage|dev|*', 'org.onap.clamp|clds.cl|dev|*', 'org.onap.clamp|clds.filter.vf|dev|*', 'org.onap.clamp|clds.template|dev|*', 'org.onap.clamp|clds.tosca|dev|*'}" +org.onap.clamp|service||"{'org.onap.clamp|access|*|*', 'org.onap.clamp|clds.cl.manage|dev|*', 'org.onap.clamp|clds.cl|dev|*', 'org.onap.clamp|clds.filter.vf|dev|*', 'org.onap.clamp|clds.template|dev|*', 'org.onap.clamp|clds.tosca|dev|*', 'org.onap.clamp|clds.policies|dev|*'}" org.onap.clamptest|admin|Onap Clamp Test Admins|"{'org.onap.clamptest.access|*|*'}" org.onap.clamptest|owner|onap clamp Test Owners|"{'org.onap.clamptest.access|*|read'}" org.onap.cli|admin|AAF Namespace Administrators|"{'org.onap.cli|access|*|*'}" diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties index 17185cc4bb..a6334668b1 100644 --- a/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties +++ b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties @@ -48,22 +48,22 @@ spring.datasource.url=jdbc:mariadb:sequential://{{ .Values.db.service.name }}:{{ spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,default-dictionary-elements #The log folder that will be used in logback.xml file -clamp.config.files.sdcController=file:/opt/policy/clamp/sdc-controllers-config.json +clamp.config.files.sdcController=file:/opt/policy/clamp/sdc-controllers-config-pass.json # # Configuration Settings for Policy Engine Components -clamp.config.policy.api.url=https4://policy-api.{{ include "common.namespace" . }}:6969 +clamp.config.policy.api.url=https://policy-api.{{ include "common.namespace" . }}:6969 clamp.config.policy.api.userName=healthcheck clamp.config.policy.api.password=zb!XztG34 -clamp.config.policy.pap.url=https4://policy-pap.{{ include "common.namespace" . }}:6969 +clamp.config.policy.pap.url=https://policy-pap.{{ include "common.namespace" . }}:6969 clamp.config.policy.pap.userName=healthcheck clamp.config.policy.pap.password=zb!XztG34 #DCAE Inventory Url Properties -clamp.config.dcae.inventory.url=https4://inventory.{{ include "common.namespace" . }}:8080 -clamp.config.dcae.dispatcher.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443 +clamp.config.dcae.inventory.url=https://inventory.{{ include "common.namespace" . }}:8080 +clamp.config.dcae.dispatcher.url=https://deployment-handler.{{ include "common.namespace" . }}:8443 #DCAE Deployment Url Properties -clamp.config.dcae.deployment.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443 +clamp.config.dcae.deployment.url=https://deployment-handler.{{ include "common.namespace" . }}:8443 clamp.config.dcae.deployment.userName=none clamp.config.dcae.deployment.password=none diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json b/kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json index 3adda95c11..6021b21d21 100644 --- a/kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json +++ b/kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json @@ -6,7 +6,7 @@ "consumerId": "clamp", "environmentName": "AUTO", "sdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443", - "password": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981", + "password": "${SDC_CLIENT_PASSWORD_ENC}", "pollingInterval":30, "pollingTimeout":30, "activateServerTLSAuth":"false", diff --git a/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml index 1120f9b2b6..c243e30540 100644 --- a/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml @@ -67,6 +67,8 @@ spec: - | {{- if .Values.global.aafEnabled }} export $(grep '^cadi_' {{ .Values.certInitializer.credsPath }}/org.onap.clamp.cred.props | xargs -0) + export SDC_CLIENT_PASSWORD_ENC=`java -jar {{ .Values.certInitializer.credsPath }}/aaf-cadi-aaf-2.1.20-full.jar cadi digest ${SDC_CLIENT_PASSWORD} {{ .Values.certInitializer.credsPath }}/org.onap.clamp.keyfile`; + envsubst < "/opt/policy/clamp/sdc-controllers-config.json" > "/opt/policy/clamp/sdc-controllers-config-pass.json" {{- end }} java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./policy-clamp-backend.jar ports: @@ -99,6 +101,8 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }} - name: MYSQL_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }} + - name: SDC_CLIENT_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "password") | indent 12 }} {{- if ne "unlimited" (include "common.flavor" .) }} - name: JAVA_RAM_CONFIGURATION value: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=75 diff --git a/kubernetes/policy/components/policy-clamp-be/values.yaml b/kubernetes/policy/components/policy-clamp-be/values.yaml index ef0ea7ae4e..71d2517be1 100644 --- a/kubernetes/policy/components/policy-clamp-be/values.yaml +++ b/kubernetes/policy/components/policy-clamp-be/values.yaml @@ -44,10 +44,7 @@ certInitializer: app_ns: org.osaaf.aaf credsPath: /opt/app/osaaf/local aaf_add_config: > - echo "$cadi_truststore_password" > {{ .Values.credsPath }}/cadi_truststore_password.pwd; - echo "$cadi_key_password" > {{ .Values.credsPath }}/cadi_key_password.pwd; - echo "$cadi_keystore_password" > {{ .Values.credsPath }}/cadi_keystore_password.pwd; - echo "$cadi_keystore_password_p12" > {{ .Values.credsPath }}/cadi_keystore_password_p12.pwd; + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; cd {{ .Values.credsPath }}; chmod a+rx *; @@ -58,11 +55,16 @@ secrets: login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required + - uid: sdc-creds + type: password + externalSecret: '{{ tpl (default "" .Values.sdc.sdcClientExternalSecret) . }}' + password: '{{ .Values.sdc.clientPassword }}' + passwordPolicy: required flavor: small # application image -image: onap/policy-clamp-backend:6.0.2 +image: onap/policy-clamp-backend:6.1.1 pullPolicy: Always # flag to enable debugging - application support required @@ -78,6 +80,9 @@ log: #####dummy values for db user and password to pass lint!!!####### +sdc: + clientPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + db: user: policy_user password: policy_user diff --git a/kubernetes/policy/components/policy-clamp-fe/values.yaml b/kubernetes/policy/components/policy-clamp-fe/values.yaml index c824965955..9712a38e10 100644 --- a/kubernetes/policy/components/policy-clamp-fe/values.yaml +++ b/kubernetes/policy/components/policy-clamp-fe/values.yaml @@ -60,7 +60,7 @@ subChartsOnly: flavor: small # application image -image: onap/policy-clamp-frontend:6.0.2 +image: onap/policy-clamp-frontend:6.1.1 pullPolicy: Always # flag to enable debugging - application support required |