7 files changed, 115 insertions, 5 deletions

diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties
new file mode 100644
index 0000000000..f4b4f93756
--- /dev/null
+++ b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties
@@ -0,0 +1,53 @@
+#
+# Properties that the embedded PDP engine uses to configure and load
+#
+# Standard API Factories
+#
+xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
+xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
+xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
+xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory
+xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory
+#
+# AT&T PDP Implementation Factories
+#
+xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory
+xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory
+xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory
+#
+# ONAP PDP Implementation Factories
+#
+xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapPolicyFinderFactory
+
+#
+# Use a root combining algorithm
+#
+xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides
+
+#
+# PIP Engine Definitions
+#
+count-recent-operations.classname=org.onap.policy.pdp.xacml.application.common.operationshistory.CountRecentOperationsPip
+count-recent-operations.issuer=urn:org:onap:xacml:guard:count-recent-operations
+count-recent-operations.name=CountRecentOperations
+count-recent-operations.description=Returns operation counts based on time window
+count-recent-operations.persistenceunit=OperationsHistoryPU
+
+get-operation-outcome.classname=org.onap.policy.pdp.xacml.application.common.operationshistory.GetOperationOutcomePip
+get-operation-outcome.issuer=urn:org:onap:xacml:guard:get-operation-outcome
+get-operation-outcome.name=GetOperationOutcome
+get-operation-outcome.description=Returns operation outcome
+get-operation-outcome.persistenceunit=OperationsHistoryPU
+
+#
+# Make pips available to finder
+#
+xacml.pip.engines=count-recent-operations,get-operation-outcome
+
+#
+# JPA Properties
+#
+javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
+javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.nameOverride }}:3306/operationshistory
+javax.persistence.jdbc.user=policy_user
+javax.persistence.jdbc.password=cG9saWN5X3VzZXI=
\ No newline at end of file
diff --git a/kubernetes/robot/ete-k8s.sh b/kubernetes/robot/ete-k8s.sh
index 897628cda0..5d42f048cd 100755
--- a/kubernetes/robot/ete-k8s.sh
+++ b/kubernetes/robot/ete-k8s.sh
@@ -17,7 +17,6 @@
 #
 # Run the testsuite for the passed tag. Valid tags are listed in usage help
 # Please clean up logs when you are done...
-# Note: Do not run multiple concurrent ete-k8s.sh as the --display is not parameterized and tests will collide
 #
 if [ "$1" == "" ] || [ "$2" == "" ]; then
    echo "Usage: ete-k8s.sh [namespace] [tag]"
diff --git a/kubernetes/robot/eteHelm-k8s.sh b/kubernetes/robot/eteHelm-k8s.sh
index 6fcf984c3f..c58d8a8775 100755
--- a/kubernetes/robot/eteHelm-k8s.sh
+++ b/kubernetes/robot/eteHelm-k8s.sh
@@ -15,12 +15,11 @@
 #!/bin/bash
 
 #
-# Run the health-check testsuites for the tags discovered by helm list 
+# Run the health-check testsuites for the tags discovered by helm list
 # Please clean up logs when you are done...
-# Note: Do not run multiple concurrent eteHelm-k8s.sh as the --display is not parameterized and tests will collide
 #
 if [ "$1" == "" ] ;  then
-   echo "Usage: eteHelm-k8s.sh namespace"
+   echo "Usage: eteHelm-k8s.sh [namespace]"
    echo " list projects via helm list and runs health-check with those tags except dev and dev-consul"
    exit
 fi
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
index c284f2dfd0..c1babf3063 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
@@ -70,7 +70,45 @@ spec:
             value: {{ .Values.config.javaOptions }}
           - name: BACKEND
             value: {{ .Values.config.backendServerURL }}
+          - name: IS_HTTPS
+            value: "{{ .Values.config.isHttpsEnabled}}"
+            {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }}
+          - name: KEYSTORE_PASS
+            {{- if .Values.global.security.keysFromCa }}
+            valueFrom:
+              secretKeyRef:
+                name: mft-sdc
+                key: keystore-password.txt
+            {{ else }}
+            value: {{ .Values.global.security.keyStorePass}}
+            {{- end }}
+          - name: TRUSTSTORE_PASS
+            {{- if .Values.global.security.keysFromCa }}
+            valueFrom:
+              secretKeyRef:
+                name: mft-catruststore
+                key: keystore-password.txt
+            {{ else }}
+            value: {{ .Values.global.security.trustStorePass}}
+            {{- end }}
+          - name: TRUSTSTORE_PATH
+            value: "{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}"
+          - name: KEYSTORE_PATH
+            value: "{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}"
+          - name: TRUSTSTORE_TYPE
+            value: {{ .Values.security.truststore.type }}
+          - name: KEYSTORE_TYPE
+            value: {{ .Values.security.keystore.type }}
+            {{ end }}
           volumeMounts:
+          {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }}
+          - name: {{ include "common.fullname" . }}-jetty-https-truststore
+            mountPath: /var/lib/jetty/{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}
+            subPath: {{ .Values.security.truststoreFilename }}
+          - name: {{ include "common.fullname" . }}-jetty-https-keystore
+            mountPath: /var/lib/jetty/etc/{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}
+            subPath: {{ .Values.security.keystoreFilename }}
+          {{ end }}
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
             readOnly: true
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml
index 2990de3f1a..87ca3607d7 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml
@@ -40,10 +40,16 @@ spec:
     - port: {{ .Values.service.internalPort }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
       name: {{ .Values.service.portName | default "http" }}
+    - port: {{ .Values.service.internalPort2 }}
+      nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort2 }}
+      name: {{ .Values.service.portName2 | default "https" }}
     {{- else -}}
     - port: {{ .Values.service.externalPort }}
       targetPort: {{ .Values.service.internalPort }}
       name: {{ .Values.service.portName | default "http" }}
+    - port: {{ .Values.service.externalPort2 }}
+      targetPort: {{ .Values.service.internalPort2 }}
+      name: {{ .Values.service.portName2 | default "https" }}
     {{- end}}
   selector:
     app: {{ include "common.name" . }}
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
index d0ff53718e..a217de5e4b 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
@@ -17,6 +17,7 @@
 #################################################################
 global:
   nodePortPrefix: 302
+  nodePortPrefixExt: 304
   readinessRepository: oomk8s
   readinessImage: readiness-check:2.0.2
   loggingRepository: docker.elastic.co
@@ -36,6 +37,16 @@ debugEnabled: false
 config:
   javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=7000,server=y,suspend=n -Xmx256m -Xms256m"
   backendServerURL: "http://sdc-wfd-be:8080"
+  isHttpsEnabled: false
+
+# https relevant settings. Change in case you have other trust files then default ones.
+security:
+  isDefaultStore: true
+  truststoreType: "JKS"
+  keystoreType: "JKS"
+  truststoreFilename: "truststore"
+  keystoreFilename: "keystore"
+  storePath: "etc"
 
 # default number of instances
 replicaCount: 1
@@ -62,6 +73,10 @@ service:
   externalPort: 8080
   portName: sdc-wfd-fe
   nodePort: "56"
+  portName2: sdc-wfd-fe2
+  internalPort2: 8443
+  externalPort2: 8443
+  nodePort2: "31"
 
 ingress:
   enabled: false
diff --git a/kubernetes/uui/charts/uui-server/templates/service.yaml b/kubernetes/uui/charts/uui-server/templates/service.yaml
index 2abe7fd9f8..346c0370f9 100644
--- a/kubernetes/uui/charts/uui-server/templates/service.yaml
+++ b/kubernetes/uui/charts/uui-server/templates/service.yaml
@@ -27,7 +27,7 @@ metadata:
       {
           "serviceName": "usecaseui-server",
           "version": "v1",
-          "url": "/api/usecaseui/server/v1",
+          "url": "/api/usecaseui-server/v1",
           "protocol": "REST",
           "port": "{{.Values.service.internalPort}}",
           "visualRange":"1"