diff options
Diffstat (limited to 'kubernetes/aai/components/aai-resources/values.yaml')
-rw-r--r-- | kubernetes/aai/components/aai-resources/values.yaml | 30 |
1 files changed, 25 insertions, 5 deletions
diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index b1d8a0ad7b..f30b067b2e 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -49,7 +49,7 @@ global: # global defaults # Active spring profiles for the resources microservice profiles: - active: production,dmaap,aaf-auth + active: production,dmaap,aaf-auth #,keycloak # Notification event specific properties notification: @@ -137,9 +137,19 @@ certInitializer: credsPath: /opt/app/osaaf/local fqi_namespace: org.onap.aai-resources aaf_add_config: | - echo "*** writing passwords into prop file" - echo "KEYSTORE_PASSWORD=${cadi_keystore_password_p12}" > {{ .Values.credsPath }}/mycreds.prop - echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> {{ .Values.credsPath }}/mycreds.prop + echo "*** changing them into shell safe ones" + export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + cd {{ .Values.credsPath }} + keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ + -storepass "${cadi_keystore_password_p12}" \ + -keystore {{ .Values.fqi_namespace }}.p12 + keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \ + -storepass "${cadi_truststore_password}" \ + -keystore {{ .Values.fqi_namespace }}.trust.jks + echo "*** save the generated passwords" + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop + echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop echo "*** change ownership of certificates to targeted user" chown -R 1000 {{ .Values.credsPath }} @@ -154,9 +164,19 @@ replicaCount: 1 # Configuration for the resources deployment config: + # configure keycloak according to your environment. + # don't forget to add keycloak in active profiles above (global.config.profiles) keycloak: - host: localhost + host: keycloak.your.domain port: 8180 + # Specifies a set of users, credentials, roles, and groups + realm: aai-resources + # Used by any client application for enabling fine-grained authorization for their protected resources + resource: aai-resources-app + # If set to true, additional criteria will be added that match the data-owner property with the given role + # to the user in keycloak + multiTenancy: + enabled: true # Specifies crud related operation timeouts and overrides crud: |