summaryrefslogtreecommitdiffstats
path: root/kubernetes/aaf
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/aaf')
-rw-r--r--kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat3
-rw-r--r--kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat3
-rw-r--r--kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat3
-rw-r--r--kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat9
-rw-r--r--kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat11
-rw-r--r--kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat14
-rw-r--r--kubernetes/aaf/components/aaf-cass/templates/configmap.yaml13
-rw-r--r--kubernetes/aaf/components/aaf-cass/templates/deployment.yaml23
-rw-r--r--kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl7
-rw-r--r--kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl10
-rw-r--r--kubernetes/aaf/resources/data/identities.dat (renamed from kubernetes/aaf/components/aaf-cass/resources/cass-init-data/identities.dat)3
-rw-r--r--kubernetes/aaf/templates/configmap.yaml15
12 files changed, 77 insertions, 37 deletions
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
index 6fc63e47d7..3a61e77f40 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
@@ -7,6 +7,7 @@ aai@aai.onap.org|aai|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|60|{'
aai@aai.onap.org|aai.onap|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12'}
aai@aai.onap.org|mithrilcsp.sbc.com|local|/tmp/onap||mailto:|org.onap.aai|jg1555|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'pkcs12', 'script'}
appc@appc.onap.org|appc|local|/opt/app/osaaf/local||mailto:|org.onap.appc|root|60|{'appc.api.simpledemo.onap.org', 'appc.onap', 'appc.simpledemo.onap.org'}|mmanager@osaaf.org|{'pkcs12'}
+appc-cdt@appc-cdt.onap.org|appc-cdt|local|/opt/app/osaaf/local||mailto:|org.onap.appc-cdt|root|30|{'appc-cdt', 'appc-cdt.api.simpledemo.onap.org', 'appc-cdt.onap'}|mmanager@osaaf.org|{'file', 'pkcs12', 'script'}
clamp@clamp.onap.org|clamp|local|/opt/app/osaaf/local||mailto:|org.onap.clamp|root|30|{'clamp', 'clamp-onap', 'clamp.api.simpledemo.onap.org', 'clamp.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
clamp@clamp.onap.org|mithrilcsp.sbc.com|local|/tmp/onap||mailto:|org.onap.clamp|jg1555|30|{'clamp.api.simpledemo.onap.org', 'clamp.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'}
dcae@dcae.onap.org|dcae|local|/opt/app/osaaf/local||mailto:|org.onap.dcae|root|60|{'bbs-event-processor', 'bbs-event-processor.onap', 'bbs-event-processor.onap.svc.cluster.local', 'config-binding-service', 'config-binding-service.onap', 'config-binding-service.onap.svc.cluster.local', 'dashboard', 'dashboard.onap', 'dashboard.onap.svc.cluster.local', 'dcae-cloudify-manager', 'dcae-cloudify-manager.onap', 'dcae-cloudify-manager.onap.svc.cluster.local', 'dcae-datafile-collector', 'dcae-datafile-collector.onap', 'dcae-datafile-collector.onap.svc.cluster.local', 'dcae-hv-ves-collector', 'dcae-hv-ves-collector.onap', 'dcae-hv-ves-collector.onap.svc.cluster.local', 'dcae-pm-mapper', 'dcae-pm-mapper.onap', 'dcae-pm-mapper.onap.svc.cluster.local', 'dcae-pmsh', 'dcae-pmsh.onap', 'dcae-pmsh.onap.svc.cluster.local', 'dcae-prh', 'dcae-prh.onap', 'dcae-prh.onap.svc.cluster.local', 'dcae-tca-analytics', 'dcae-tca-analytics.onap', 'dcae-tca-analytics.onap.svc.cluster.local', 'dcae-ves-collector', 'dcae-ves-collector.onap', 'dcae-ves-collector.onap.svc.cluster.local', 'deployment-handler', 'deployment-handler.onap', 'deployment-handler.onap.svc.cluster.local', 'holmes-engine-mgmt', 'holmes-engine-mgmt.onap', 'holmes-engine-mgmt.onap.svc.cluster.local', 'holmes-rule-mgmt', 'holmes-rules-mgmt.onap', 'holmes-rules-mgmt.onap.svc.cluster.local', 'inventory', 'inventory.onap', 'inventory.onap.svc.cluster.local', 'policy-handler', 'policy-handler.onap', 'policy-handler.onap.svc.cluster.local'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
@@ -29,6 +30,8 @@ dmaap.mr@mr.dmaap.onap.org|dmaap.mr|local|/opt/app/osaaf/local||mailto:|org.onap
dmaap.mr@mr.dmaap.onap.org|dmaapmr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router mr.api.simpledemo.onap.org message-router.onap dmaapmr dmaap.mr dmaap-mr dmaap.mr.onap dmaap-mr.onap dmaap-mr dmaapmr.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
dmaap.mr@mr.dmaap.onap.org|dmaap-mr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router mr.api.simpledemo.onap.org message-router.onap dmaapmr dmaap.mr dmaap-mr dmaap.mr.onap dmaap-mr.onap dmaap-mr dmaapmr.onap'}|@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
holmes@holmes.onap.org|holmes|local|/opt/app/osaaf/local||mailto:|org.onap.holmes|root|30|{'holmes.api.simpledemo.onap.org', 'holmes.onap'}|aaf_admin@osaaf.org|{'pkcs12'}
+msb-eag@msb-eag.onap.org|msb-eag|local|/opt/app/osaaf/local||mailto:|org.onap.msb-eag|root|30|{'msb-eag', 'msb-eag.api.simpledemo.onap.org', 'msb-eag.onap'}|mmanager@osaaf.org|{'file', 'pkcs12'}
+msb-iag@msb-iag.onap.org|msb-iag|local|/opt/app/osaaf/local||mailto:|org.onap.msb-iag|root|30|{'msb-iag', 'msb-iag.api.simpledemo.onap.org', 'msb-iag.onap'}|mmanager@osaaf.org|{'file', 'pkcs12'}
music@music.onap.org|music|aaf|/opt/app/aaf/local||mailto:|org.onap.music|root|30|{'music.api.simpledemo.onap.org', 'music.onap'}|mmanager@osaaf.org|{'pkcs12', 'script'}
music@music.onap.org|music.onap|local|/opt/app/osaaf/local||mailto:|org.onap.music|root|30|{'music-api', 'music-api.onap', 'music-onap', 'music.api.simpledemo.onap.org', 'music.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
nbi@nbi.onap.org|nbi|local|/opt/app/osaaf/local||mailto:|org.onap.nbi|root|30|{'nbi', 'nbi.api.simpledemo.onap.org', 'nbi.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'}
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat
index ff5caacf47..591f732551 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat
@@ -5,6 +5,7 @@ aaf-sms@aaf-sms.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d0
clamp@clamp.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.clamp|53344||
aai@aai.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aai|53344||
appc@appc.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.appc|53344||
+appc-cdt@appc-cdt.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.appc-cdt|53344||
dcae@dcae.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dcae|53344||
oof@oof.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.oof|53344||
so@so.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.so|53344||
@@ -16,6 +17,8 @@ policy@policy.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04d
pomba@pomba.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.pomba|53344||
holmes@holmes.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.holmes|53344||
nbi@nbi.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.nbi|53344||
+msb-eag@msb-eag.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.msb-eag|53344||
+msb-iag@msb-iag.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.msb-iag|53344||
music@music.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.music|53344||
vid@vid.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.vid|53344||
vid1@vid1.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.vid1|53344||
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat
index 9b8149dc6a..223fe03afa 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat
@@ -1,6 +1,7 @@
org.onap.aaf-sms||org.onap||3
org.onap.aai||org.onap||3
org.onap.appc||org.onap||3
+org.onap.appc-cdt||org.onap||3
org.onap.cds||org.onap||3
org.onap.clampdemo|Onap clamp demo NS|org.onap|2|2
org.onap.clamp||org.onap||3
@@ -52,6 +53,8 @@ org.onap.dmaap.mr.topic-002||org.onap.dmaap.mr||3
org.onap.dmaap||org.onap||3
org.onap.holmes||org.onap||3
org.onap.music||org.onap||3
+org.onap.msb-eag||org.onap||3
+org.onap.msb-iag||org.onap||3
org.onap.nbi||org.onap||3
org.onap|ONAP|org|2|2
org.onap.oof||org.onap||3
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat
index 23b1d1d690..10edaa596a 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat
@@ -22,6 +22,9 @@ org.onap.appc|apidoc|/apidoc/.*|ALL||"{'org.onap.appc|apidoc'}"
org.onap.appc|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
org.onap.appc|odl|odl-api|*|Appc ODL API Access|"{'org.onap.appc.odl', 'org.onap.appc|admin'}"
org.onap.appc|restconf|/restconf/.*|ALL||"{'org.onap.appc|restconf'}"
+org.onap.appc-cdt|access|*|*|AAF Namespace Write Access|"{'org.onap.appc-cdt|admin', 'org.onap.appc-cdt|service'}"
+org.onap.appc-cdt|access|*|read|AAF Namespace Read Access|"{'org.onap.appc-cdt|owner'}"
+org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
org.onap.cds|access|*|*|AAF Namespace Write Access|"{'org.onap.cds|admin'}"
org.onap.cds|access|*|read|AAF Namespace Read Access|"{'org.onap.cds|owner'}"
org.onap.clamp|access|*|*|AAF Namespace Write Access|"{'org.onap.clamp|admin', 'org.onap.clamp|service'}"
@@ -289,6 +292,12 @@ org.onap.dmaap.mr|topic|*|view||"{'org.onap.dmaap-bc|service', 'org.onap.dmaap.m
org.onap.dmaap.mr|viewtest|*|view||"{'org.onap.dmaap.mr|viewtest'}"
org.onap.holmes|access|*|*|AAF Namespace Write Access|"{'org.onap.holmes|admin'}"
org.onap.holmes|access|*|read|AAF Namespace Read Access|"{'org.onap.holmes|owner'}"
+org.onap.msb-eag|access|*|*|AAF Namespace Write Access|"{'org.onap.msb-eag|admin', 'org.onap.msb-eag|service'}"
+org.onap.msb-eag|access|*|read|AAF Namespace Read Access|"{'org.onap.msb-eag|owner'}"
+org.onap.msb-eag|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
+org.onap.msb-iag|access|*|*|AAF Namespace Write Access|"{'org.onap.msb-iag|admin', 'org.onap.msb-iag|service'}"
+org.onap.msb-iag|access|*|read|AAF Namespace Read Access|"{'org.onap.msb-iag|owner'}"
+org.onap.msb-iag|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
org.onap.music|access|*|*|AAF Namespace Write Access|"{'org.onap.music|admin'}"
org.onap.music|access|*|read|AAF Namespace Read Access|"{'org.onap.music|owner'}"
org.onap.music|certman|local|request,ignoreIPs,showpass||"{'org.onap.music|admin', 'org.osaaf.aaf|deploy'}"
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat
index 240373e5c9..bdacfaa6c3 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat
@@ -18,6 +18,9 @@ org.onap.appc|odl|Onap APPC ODL Admins|"{'org.onap.appc.odl|odl-api|*'}"
org.onap.appc|owner|AAF Namespace Owners|"{'org.onap.appc|access|*|read'}"
org.onap.appc|restconf||"{'org.onap.appc|restconf|/restconf/.*|ALL'}"
org.onap.appc|service||"{'org.onap.appc|access|*|*'}"
+org.onap.appc-cdt|admin|AAF Namespace Administrators|"{'org.onap.appc-cdt|access|*|*'}"
+org.onap.appc-cdt|owner|AAF Namespace Owners|"{'org.onap.appc-cdt|access|*|read'}"
+org.onap.appc-cdt|service||"{'org.onap.appc-cdt|access|*|*'}"
org.onap.cds|admin|AAF Namespace Administrators|"{'org.onap.cds|access|*|*'}"
org.onap.cds|owner|AAF Namespace Owners|"{'org.onap.cds|access|*|read'}"
org.onap.clamp|admin|AAF Namespace Administrators|"{'org.onap.clamp|access|*|*', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass'}"
@@ -215,6 +218,12 @@ org.onap.dmaap|owner|AAF Namespace Owners|"{'org.onap.dmaap|access|*|read'}"
org.onap.holmes|admin|AAF Namespace Administrators|"{'org.onap.holmes|access|*|*'}"
org.onap.holmes|owner|AAF Namespace Owners|"{'org.onap.holmes|access|*|read'}"
org.onap.holmes|service||
+org.onap.msb-eag|admin|AAF Namespace Administrators|"{'org.onap.msb-eag|access|*|*'}"
+org.onap.msb-eag|owner|AAF Namespace Owners|"{'org.onap.msb-eag|access|*|read'}"
+org.onap.msb-eag|service||"{'org.onap.msb-eag|access|*|*'}"
+org.onap.msb-iag|admin|AAF Namespace Administrators|"{'org.onap.msb-iag|access|*|*'}"
+org.onap.msb-iag|owner|AAF Namespace Owners|"{'org.onap.msb-iag|access|*|read'}"
+org.onap.msb-iag|service||"{'org.onap.msb-iag|access|*|*'}"
org.onap.music|admin|AAF Namespace Administrators|"{'org.onap.music|access|*|*', 'org.onap.music|certman|local|request,ignoreIPs,showpass'}"
org.onap.music|owner|AAF Namespace Owners|"{'org.onap.music|access|*|read'}"
org.onap.music|service||
@@ -302,7 +311,7 @@ org.openecomp.dmaapBC|admin|AAF Admins|"{'org.openecomp.dmaapBC.access|*|*', 'or
org.openecomp.dmaapBC|owner|AAF Owners|"{'org.openecomp.dmaapBC.access|*|read'}"
org.openecomp|owner|OpenEcomp Owners|"{'org.openecomp.access|*|read'}"
org.osaaf.aaf|admin|AAF Admins|"{'org.osaaf.aaf.access|*|*', 'org.osaaf.aaf|cache|all|clear', 'org.osaaf.aaf|cache|role|clear', 'org.osaaf.aaf|password|*|create,reset'}"
-org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}"
+org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}"
org.osaaf.aaf|owner|AAF Owners|"{'org.osaaf.aaf.access|*|read,approve'}"
org.osaaf.aaf|service||"{'org.osaaf.aaf|cache|*|clear'}"
org.osaaf|admin|OSAAF Admins|"{'org.osaaf.access|*|*'}"
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat
index 63190b8a5a..a9dc752494 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat
@@ -5,6 +5,8 @@ mmanager@people.osaaf.org|org.onap.aai.owner|2020-11-26 12:31:54.000+0000|org.on
mmanager@people.osaaf.org|org.onap.admin|2020-11-26 12:31:54.000+0000|org.onap|admin
mmanager@people.osaaf.org|org.onap.appc.admin|2020-11-26 12:31:54.000+0000|org.onap.appc|admin
mmanager@people.osaaf.org|org.onap.appc.owner|2020-11-26 12:31:54.000+0000|org.onap.appc|owner
+mmanager@people.osaaf.org|org.onap.appc-cdt.admin|2020-11-26 12:31:54.000+0000|org.onap.appc-cdt|admin
+mmanager@people.osaaf.org|org.onap.appc-cdt.owner|2020-11-26 12:31:54.000+0000|org.onap.appc-cdt|owner
mmanager@people.osaaf.org|org.onap.cds.admin|2020-11-26 12:31:54.000+0000|org.onap.cds|admin
mmanager@people.osaaf.org|org.onap.cds.owner|2020-11-26 12:31:54.000+0000|org.onap.cds|owner
mmanager@people.osaaf.org|org.onap.clamp.admin|2020-11-26 12:31:54.000+0000|org.onap.clamp|admin
@@ -49,6 +51,10 @@ mmanager@people.osaaf.org|org.onap.dmaap-mr.sunil.owner|2020-11-26 12:31:54.000+
mmanager@people.osaaf.org|org.onap.dmaap-mr.test.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap-mr.test|owner
mmanager@people.osaaf.org|org.onap.dmaap.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap|owner
mmanager@people.osaaf.org|org.onap.holmes.owner|2020-11-26 12:31:54.000+0000|org.onap.holmes|owner
+mmanager@people.osaaf.org|org.onap.msb-eag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|admin
+mmanager@people.osaaf.org|org.onap.msb-eag.owner|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|owner
+mmanager@people.osaaf.org|org.onap.msb-iag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|admin
+mmanager@people.osaaf.org|org.onap.msb-iag.owner|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|owner
mmanager@people.osaaf.org|org.onap.music.admin|2020-11-26 12:31:54.000+0000|org.onap.music|admin
mmanager@people.osaaf.org|org.onap.music.owner|2020-11-26 12:31:54.000+0000|org.onap.music|owner
mmanager@people.osaaf.org|org.onap.nbi.owner|2020-11-26 12:31:54.000+0000|org.onap.nbi|owner
@@ -109,6 +115,8 @@ portal@portal.onap.org|org.onap.dmaap.mr.topic-000.owner|2020-11-26 12:31:54.000
portal@portal.onap.org|org.onap.dmaap.mr.topic-001.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-001|owner
portal@portal.onap.org|org.onap.dmaap.mr.topic-002.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-002|owner
portal@portal.onap.org|org.onap.holmes.admin|2020-11-26 12:31:54.000+0000|org.onap.holmes|admin
+portal@portal.onap.org|org.onap.msb-eag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|admin
+portal@portal.onap.org|org.onap.msb-iag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|admin
portal@portal.onap.org|org.onap.music.admin|2020-11-26 12:31:54.000+0000|org.onap.music|admin
portal@portal.onap.org|org.onap.music.owner|2020-11-26 12:31:54.000+0000|org.onap.music|owner
portal@portal.onap.org|org.onap.nbi.admin|2020-11-26 12:31:54.000+0000|org.onap.nbi|admin
@@ -182,6 +190,7 @@ aaf_admin@people.osaaf.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.o
aaf_admin@people.osaaf.org|org.onap.appc.admin|2020-11-26 12:31:54.000+0000|org.onap.appc|admin
aaf_admin@people.osaaf.org|org.onap.appc.apidoc|2020-11-26 12:31:54.000+0000|org.onap.appc|apidoc
aaf_admin@people.osaaf.org|org.onap.appc.restconf|2020-11-26 12:31:54.000+0000|org.onap.appc|restconf
+aaf_admin@people.osaaf.org|org.onap.appc-cdt.admin|2020-11-26 12:31:54.000+0000|org.onap.appc-cdt|admin
aaf_admin@people.osaaf.org|org.onap.cds.admin|2020-11-26 12:31:54.000+0000|org.onap.cds|admin
aaf_admin@people.osaaf.org|org.onap.clamp.admin|2020-11-26 12:31:54.000+0000|org.onap.clamp|admin
aaf_admin@people.osaaf.org|org.onap.dcae.admin|2020-11-26 12:31:54.000+0000|org.onap.dcae|admin
@@ -208,6 +217,8 @@ aaf_admin@people.osaaf.org|org.onap.dmaap.mr.topic-000.owner|2020-11-26 12:31:54
aaf_admin@people.osaaf.org|org.onap.dmaap.mr.topic-001.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-001|owner
aaf_admin@people.osaaf.org|org.onap.dmaap.mr.topic-002.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-002|owner
aaf_admin@people.osaaf.org|org.onap.holmes.admin|2020-11-26 12:31:54.000+0000|org.onap.holmes|admin
+aaf_admin@people.osaaf.org|org.onap.msb-eag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|admin
+aaf_admin@people.osaaf.org|org.onap.msb-iag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|admin
aaf_admin@people.osaaf.org|org.onap.music.admin|2020-11-26 12:31:54.000+0000|org.onap.music|admin
aaf_admin@people.osaaf.org|org.onap.music.owner|2020-11-26 12:31:54.000+0000|org.onap.music|owner
aaf_admin@people.osaaf.org|org.onap.nbi.admin|2020-11-26 12:31:54.000+0000|org.onap.nbi|admin
@@ -259,6 +270,7 @@ appc@appc.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|
appc@appc.onap.org|org.onap.appc.admin|2020-11-26 12:31:54.000+0000|org.onap.appc|admin
appc@appc.onap.org|org.onap.appc.odl|2020-11-26 12:31:54.000+0000|org.onap.appc|odl
appc@appc.onap.org|org.onap.appc.service|2020-11-26 12:31:54.000+0000|org.onap.appc|service
+appc-cdt@appc-cdt.onap.org|org.onap.appc-cdt.service|2020-11-26 12:31:54.000+0000|org.onap.appc-cdt|service
dcae@dcae.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all
dcae@dcae.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced
dcae@dcae.onap.org|org.onap.dcae.pmPublisher|2020-11-26 12:31:54.000+0000|org.onap.dcae|pmPublisher
@@ -303,6 +315,8 @@ policy@policy.onap.org|org.onap.policy.seeCerts|2020-11-26 12:31:54.000+0000|org
pomba@pomba.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all
pomba@pomba.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced
holmes@holmes.onap.org|org.onap.holmes.service|2020-11-26 12:31:54.000+0000|org.onap.holmes|service
+msb-eag@msb-eag.onap.org|org.onap.msb-eag.service|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|service
+msb-iag@msb-iag.onap.org|org.onap.msb-iag.service|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|service
nbi@nbi.onap.org|org.onap.nbi.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.nbi|seeCerts
nbi@nbi.onap.org|org.onap.nbi.service|2020-11-26 12:31:54.000+0000|org.onap.nbi|service
music@music.onap.org|org.onap.music.service|2020-11-26 12:31:54.000+0000|org.onap.music|service
diff --git a/kubernetes/aaf/components/aaf-cass/templates/configmap.yaml b/kubernetes/aaf/components/aaf-cass/templates/configmap.yaml
index ebf09e75c5..a10bb8a7a1 100644
--- a/kubernetes/aaf/components/aaf-cass/templates/configmap.yaml
+++ b/kubernetes/aaf/components/aaf-cass/templates/configmap.yaml
@@ -30,16 +30,3 @@ metadata:
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/cass-init-dats/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-cass-init-data
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/cass-init-data/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml b/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml
index e62d387a0a..4e18b3b746 100644
--- a/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml
+++ b/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml
@@ -31,17 +31,9 @@ spec:
args:
- -c
- |
- echo "*** input data ***"
- ls -l /config-input-data/*
- echo "*** input dats ***"
- ls -l /config-input-dats/*
- cp -L /config-input-data/* /config-data/
+ echo "*** Move files from configmap to emptyDir"
cp -L /config-input-dats/* /config-dats/
- echo "*** output data ***"
- ls -l /config-data/*
- echo "*** output dats ***"
- ls -l /config-dats/*
- chown -R 1000:1000 /config-data
+ echo "*** set righ user to the different folders"
chown -R 1000:1000 /config-dats
chown -R 1000:1000 /var/lib/cassandra
chown -R 1000:1000 /status
@@ -50,14 +42,10 @@ spec:
volumeMounts:
- mountPath: /var/lib/cassandra
name: aaf-cass-vol
- - mountPath: /config-input-data
- name: config-cass-init-data
- mountPath: /config-input-dats
name: config-cass-init-dats
- mountPath: /config-dats
name: config-cass-dats
- - mountPath: /config-data
- name: config-cass-data
- mountPath: /status
name: aaf-status
resources:
@@ -103,8 +91,6 @@ spec:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /opt/app/aaf/cass_init/data
- name: config-cass-data
- mountPath: /opt/app/aaf/cass_init/dats
name: config-cass-dats
- mountPath: /opt/app/aaf/status
@@ -144,12 +130,7 @@ spec:
- name: config-cass-init-dats
configMap:
name: {{ include "common.fullname" . }}-cass-init-dats
- - name: config-cass-init-data
- configMap:
- name: {{ include "common.fullname" . }}-cass-init-data
- name: config-cass-dats
emptyDir: {}
- - name: config-cass-data
- emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl
index afa5004a48..50da519a89 100644
--- a/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl
+++ b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl
@@ -40,6 +40,8 @@ spec:
- mountPath: /opt/app/osaaf/etc/org.osaaf.aaf.log4j.props
name: aaf-log
subPath: org.osaaf.aaf.log4j.props
+ - mountPath: /opt/app/osaaf/data/
+ name: config-identity
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
@@ -68,6 +70,11 @@ spec:
- name: aaf-log
configMap:
name: {{ include "common.release" . }}-aaf-log
+ - name: config-init-identity
+ configMap:
+ name: {{ include "common.release" . }}-aaf-identity
+ - name: config-identity
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
{{- end -}}
diff --git a/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl b/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl
index 7cdf4d072e..755315296d 100644
--- a/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl
+++ b/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl
@@ -15,12 +15,16 @@
*/}
{{- define "aaf.permissionFixer" -}}
-- name: fix-permission
+- name: onboard-identity-and-fix-permission
command:
- /bin/sh
args:
- -c
- |
+ echo "*** Move files from configmap to emptyDir"
+ cp -L /config-input-identity/* /config-identity/
+ echo "*** set righ user to the different folders"
+ chown -R 1000:1000 /config-identity
chown -R 1000:1000 /opt/app/aaf
chown -R 1000:1000 /opt/app/osaaf
image: {{ include "repositoryGenerator.image.busybox" . }}
@@ -28,6 +32,10 @@
volumeMounts:
- mountPath: /opt/app/osaaf
name: aaf-config-vol
+ - mountPath: /config-input-identity
+ name: config-init-identity
+ - mountPath: /config-identity
+ name: config-identity
resources:
limits:
cpu: 100m
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-data/identities.dat b/kubernetes/aaf/resources/data/identities.dat
index 7e976621df..2ddc273aa3 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-data/identities.dat
+++ b/kubernetes/aaf/resources/data/identities.dat
@@ -53,6 +53,7 @@ aaf-sms|AAF SMS Application|AAF SMS|Application|314-123-1234|no_reply@people.osa
clamp|ONAP CLAMP Application|CLAMP|Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
aai|ONAP AAI Application|AAI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
appc|ONAP APPC Application|APPC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+appc-cdt|ONAP APPC CDT Application|APPC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
dcae|ONAP DCAE Application|CLAMP|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
oof|ONAP OOF Application|OOF|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
so|ONAP SO Application|SO|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
@@ -64,6 +65,8 @@ policy|ONAP Policy Application|POLICY|ONAP Application|314-123-1234|no_reply@peo
pomba|ONAP Pomba Application|POMBA|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
holmes|ONAP Holmes Application|HOLMES|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
nbi|ONAP NBI Application|NBI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+msb-eag|ONAP MSB EAG Application|MSB EAG|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+msb-iag|ONAP MSB IAG Application|MSB IAG|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
music|ONAP MUSIC Application|MUSIC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
# VID Identities
vid|ONAP VID Application|VID|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
diff --git a/kubernetes/aaf/templates/configmap.yaml b/kubernetes/aaf/templates/configmap.yaml
index 36628ea57a..969046551b 100644
--- a/kubernetes/aaf/templates/configmap.yaml
+++ b/kubernetes/aaf/templates/configmap.yaml
@@ -23,4 +23,17 @@ metadata:
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/log/*").AsConfig . | indent 2 }} \ No newline at end of file
+{{ tpl (.Files.Glob "resources/log/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-identity
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/data/*").AsConfig . | indent 2 }} \ No newline at end of file