diff options
10 files changed, 100 insertions, 19 deletions
diff --git a/.ci/check-bashisms.sh b/.ci/check-bashisms.sh new file mode 100755 index 0000000000..0dae2255b7 --- /dev/null +++ b/.ci/check-bashisms.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +# Copyright © 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +if ! which checkbashisms >/dev/null && ! sudo yum install devscripts-minimal && ! sudo apt-get install devscripts +then + printf "checkbashisms command not found - please install it \n\ + (e.g. sudo apt-get install devscripts | yum install devscripts-minimal )\n" >&2 + exit 2 +fi +find . -not -path '*/.*' -name '*.sh' -exec checkbashisms {} + || exit 3 +find . -not -path '*/.*' -name '*.failover' -exec checkbashisms -f \{\} + || exit 4 +! find . -not -path '*/.*' -name '*.sh' -exec grep 'local .*=' {} + || exit 5 +! find . -not -path '*/.*' -name '*.failover' -exec grep 'local .*=' {} + || exit 6 +exit 0 diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 6bfce7af6c..980093a7a5 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -6,7 +6,7 @@ repos: - id: trailing-whitespace #exclude: '^ordmodels/' - repo: https://github.com/jorisroovers/gitlint - rev: v0.15.1 + rev: v0.17.0 hooks: - id: gitlint stages: [commit-msg] diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml index 11602054e8..e156db27db 100644 --- a/kubernetes/common/mongo/templates/statefulset.yaml +++ b/kubernetes/common/mongo/templates/statefulset.yaml @@ -39,6 +39,23 @@ spec: {{ include "common.podSecurityContext" . | indent 6 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" + initContainers: + # we shouldn't need this but for unknown reason, it's fsGroup is not + # applied + - name: fix-permission + command: + - /bin/sh + args: + - -c + - | + chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /data + image: {{ include "repositoryGenerator.image.busybox" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + runAsUser: 0 + volumeMounts: + - name: {{ include "common.fullname" . }}-data + mountPath: /data containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} @@ -72,7 +89,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - name: {{ include "common.fullname" . }}-data - mountPath: /var/lib/mongo + mountPath: /data/db resources: {{ include "common.resources" . | nindent 12 }} {{ include "common.containerSecurityContext" . | indent 10 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl index aac0f4b3a9..5ba7d2977a 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -229,10 +229,12 @@ policies: {{- $policy := default dict .Values.policies -}} {{- $policyRls := default $commonRelease $policy.policyRelease -}} {{- $drFeedConfig := default "" .Values.drFeedConfig -}} - +{{- $dcaeName := print (include "common.fullname" .) }} +{{- $dcaeLabel := (dict "dcaeMicroserviceName" $dcaeName) -}} +{{- $dot := . -}} apiVersion: apps/v1 kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +metadata: {{- include "common.resourceMetadata" (dict "dot" $dot "labels" $dcaeLabel) | nindent 2 }} spec: replicas: 1 selector: {{- include "common.selectors" . | nindent 4 }} diff --git a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml index 2b3ab328b5..4a51c7f9d8 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml @@ -59,6 +59,8 @@ spec: value: {{ include "common.namespace" . }} - name: HELM_RELEASE value: {{ include "common.release" . }} + - name: DEPLOY_LABEL + value: {{ .Values.deployLabel }} volumes: - name: {{ include "common.fullname" . }}-expected-components configMap: diff --git a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml index 58ae706e0a..3b47e7f70e 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml @@ -31,6 +31,11 @@ service: - port: 8080 name: http +# Label on DCAE microservice deployments +# (Used by healthcheck code to find deployments +# created after initial DCAE installation) +deployLabel: dcaeMicroserviceName + # probe configuration parameters liveness: initialDelaySeconds: 10 @@ -43,7 +48,7 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 # application image -image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.3.0 +image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.4.0 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml index 1e60d24d7a..54dcda831e 100644 --- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml @@ -38,6 +38,11 @@ secrets: login: '{{ .Values.aafCreds.identity }}' password: '{{ .Values.aafCreds.password }}' passwordPolicy: required + - uid: &cpsCredsUID cpscreds + type: basicAuth + login: '{{ .Values.cpsCreds.identity }}' + password: '{{ .Values.cpsCreds.password }}' + passwordPolicy: required - uid: &pgUserCredsSecretUid pg-user-creds name: &pgUserCredsSecretName '{{ include "common.release" . }}-sonhms-pg-user-creds' type: basicAuth @@ -70,7 +75,7 @@ certDirectory: /opt/app/sonhms/etc/certs # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: true +tlsServer: false # Policy configuraiton properties # if present, policy-sync side car will be deployed @@ -92,7 +97,7 @@ readiness: periodSeconds: 15 timeoutSeconds: 1 path: /healthcheck - scheme: HTTPS + scheme: HTTP port: 8080 # Service Configuration @@ -108,6 +113,9 @@ service: aafCreds: identity: dcae@dcae.onap.org password: demo123456! +cpsCreds: + identity: cps + password: cpsr0cks! credentials: - name: AAF_IDENTITY @@ -116,6 +124,12 @@ credentials: - name: AAF_PASSWORD uid: *aafCredsUID key: password +- name: CPS_IDENTITY + uid: *cpsCredsUID + key: login +- name: CPS_PASSWORD + uid: *cpsCredsUID + key: password - name: PG_USERNAME uid: *pgUserCredsSecretUid key: login @@ -130,6 +144,8 @@ applicationConfig: postgres.port: 5432 postgres.username: ${PG_USERNAME} postgres.password: ${PG_PASSWORD} + cps.username: ${CPS_IDENTITY} + cps.password: ${CPS_PASSWORD} sonhandler.pollingInterval: 20 sonhandler.pollingTimeout: 60 cbsPollingInterval: 60 @@ -145,6 +161,12 @@ applicationConfig: sonhandler.bufferTime: 60 sonhandler.cg: sonhms-cg sonhandler.cid: sonhms-cid + sonhandler.clientType: cps + cps.service.url: http://cps-tbdmt:8080 + cps.get.celldata: execute/cps-ran-schemaset/get-cell-data + cps.get.nbr.list.url: execute/cps-ran-schemaset/get-nbr-list + cps.get.pci.url: execute/ran-network-schemaset/get-pci + cps.get.pnf.url: execute/ran-network-schemaset/get-pnf sonhandler.configDb.service: http://configdb:8080 sonhandler.oof.service: https://oof-osdf:8698 sonhandler.oof.endpoint: /api/oof/v1/pci diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml index 8134e0df9d..67312d73a0 100644 --- a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml @@ -42,7 +42,7 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 # application image -image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.3.0 +image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.4.0 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml index bbc72a5b08..73661ac843 100644 --- a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml @@ -42,7 +42,7 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 # application image -image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.2.0 +image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.4.0 # Resource Limit flavor -By Default using small flavor: small @@ -57,17 +57,17 @@ commands = [testenv:checkbashisms] deps = -whitelist_externals = sh - find - checkbashisms +whitelist_externals = + {toxinidir}/.ci/check-bashisms.sh commands = - sh -c 'which checkbashisms>/dev/null || sudo yum install devscripts-minimal || sudo apt-get install devscripts \ - || (echo "checkbashisms command not found - please install it (e.g. sudo apt-get install devscripts | \ - yum install devscripts-minimal )" >&2 && exit 1)' - find . -not -path '*/\.*' -name *.sh -exec checkbashisms \{\} + - find . -not -path '*/\.*' -name *.failover -exec checkbashisms -f \{\} + - sh -c "! find . -not -path '*/\.*' -name *.sh -exec grep 'local .*=' \{\} + || exit 2" - sh -c "! find . -not -path '*/\.*' -name *.failover -exec grep 'local .*=' \{\} + || exit 2" + {toxinidir}/.ci/check-bashisms.sh + +[testenv:shellcheck] +basepython = python3 +deps = shellcheck-py +whitelist_externals = find +commands = + find . -not -path '*/\.*' -name *.sh -exec shellcheck \{\} + [testenv:autopep8] deps = @@ -112,3 +112,9 @@ commands = # As a result, the line above is always skipped in jenkins CI since there cannot be a .git/COMMIT_EDITMSG file. # A dedicated gitlint profile for CI is proposed above. Also to behave fine locally, this profile must have access # to the HOME variable so that Gitlint can retrieve Git user settings. + +[testenv:pre-commit-autoupdate] +basepython = python3 +deps = pre-commit +commands = + pre-commit autoupdate |