diff options
Diffstat (limited to 'kubernetes/aai')
6 files changed, 47 insertions, 6 deletions
diff --git a/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties b/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties index 4f480cb5d7..774e8bd5ca 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties @@ -3,10 +3,10 @@ spring.autoconfigure.exclude=\ org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,\ org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration -multi.tenancy.enabled=true +multi.tenancy.enabled={{ .Values.config.keycloak.multiTenancy.enabled }} keycloak.auth-server-url=http://{{ .Values.config.keycloak.host }}:{{ .Values.config.keycloak.port }}/auth -keycloak.realm=aai-resources -keycloak.resource=aai-resources-app +keycloak.realm={{ .Values.config.keycloak.realm }} +keycloak.resource={{ .Values.config.keycloak.resource }} keycloak.public-client=true keycloak.principal-attribute=preferred_username diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index b84139161e..f30b067b2e 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -49,7 +49,7 @@ global: # global defaults # Active spring profiles for the resources microservice profiles: - active: production,dmaap,aaf-auth + active: production,dmaap,aaf-auth #,keycloak # Notification event specific properties notification: @@ -164,9 +164,19 @@ replicaCount: 1 # Configuration for the resources deployment config: + # configure keycloak according to your environment. + # don't forget to add keycloak in active profiles above (global.config.profiles) keycloak: - host: localhost + host: keycloak.your.domain port: 8180 + # Specifies a set of users, credentials, roles, and groups + realm: aai-resources + # Used by any client application for enabling fine-grained authorization for their protected resources + resource: aai-resources-app + # If set to true, additional criteria will be added that match the data-owner property with the given role + # to the user in keycloak + multiTenancy: + enabled: true # Specifies crud related operation timeouts and overrides crud: diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application-keycloak.properties b/kubernetes/aai/components/aai-traversal/resources/config/application-keycloak.properties new file mode 100644 index 0000000000..dd1956b63f --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/resources/config/application-keycloak.properties @@ -0,0 +1,13 @@ +spring.autoconfigure.exclude=\ + org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,\ + org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration + +multi.tenancy.enabled={{ .Values.config.keycloak.multiTenancy.enabled }} +keycloak.auth-server-url=http://{{ .Values.config.keycloak.host }}:{{ .Values.config.keycloak.port }}/auth +keycloak.realm={{ .Values.config.keycloak.realm }} +keycloak.resource={{ .Values.config.keycloak.resource }} +keycloak.public-client=false +keycloak.principal-attribute=preferred_username + +keycloak.ssl-required=external +keycloak.bearer-only=true diff --git a/kubernetes/aai/components/aai-traversal/templates/configmap.yaml b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml index c0bcb3b491..8f1bd2ddc8 100644 --- a/kubernetes/aai/components/aai-traversal/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml @@ -32,6 +32,7 @@ data: {{ tpl (.Files.Glob "resources/config/janusgraph-cached.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application-keycloak.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }} --- apiVersion: v1 diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml index 7e54f1d432..dc1c010261 100644 --- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml @@ -188,6 +188,9 @@ spec: - mountPath: /opt/app/aai-traversal/resources/application.properties name: {{ include "common.fullname" . }}-config subPath: application.properties + - mountPath: /opt/app/aai-traversal/resources/application-keycloak.properties + name: {{ include "common.fullname" . }}-config + subPath: application-keycloak.properties ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index 38011a0c98..ad4279a543 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -59,7 +59,7 @@ global: # global defaults # Active spring profiles for the resources microservice profiles: - active: production,dmaap,aaf-auth + active: production,dmaap,aaf-auth #,keycloak # Notification event specific properties notification: @@ -168,6 +168,20 @@ aai_enpoints: # application configuration config: + # configure keycloak according to your environment. + # don't forget to add keycloak in active profiles above (global.config.profiles) + keycloak: + host: keycloak.your.domain + port: 8180 + # Specifies a set of users, credentials, roles, and groups + realm: aai-traversal + # Used by any client application for enabling fine-grained authorization for their protected resources + resource: aai-traversal-app + # If set to true, additional criteria will be added into traversal query to returns all the vertices that match + # the data-owner property with the given role to the user in keycloak + multiTenancy: + enabled: true + # Specifies timeout information such as application specific and limits timeout: # If set to true application will timeout for queries taking longer than limit |