aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/aai
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/aai')
-rw-r--r--kubernetes/aai/Chart.yaml2
-rw-r--r--kubernetes/aai/charts/aai-babel/Chart.yaml2
-rw-r--r--kubernetes/aai/charts/aai-babel/requirements.yaml2
-rw-r--r--kubernetes/aai/charts/aai-babel/resources/config/filter-types.properties1
-rw-r--r--kubernetes/aai/charts/aai-babel/resources/config/tosca-mappings.json53
-rw-r--r--kubernetes/aai/charts/aai-babel/templates/deployment.yaml8
-rw-r--r--kubernetes/aai/charts/aai-cassandra/Chart.yaml2
-rw-r--r--kubernetes/aai/charts/aai-cassandra/templates/statefulset.yaml1
-rw-r--r--kubernetes/aai/charts/aai-champ/Chart.yaml2
-rw-r--r--kubernetes/aai/charts/aai-champ/requirements.yaml2
-rw-r--r--kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/tomcat_keystorebin3659 -> 0 bytes
-rw-r--r--kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/uri-authorization.json16
-rw-r--r--kubernetes/aai/charts/aai-champ/resources/rproxy/config/cadi.properties20
-rw-r--r--kubernetes/aai/charts/aai-champ/resources/rproxy/config/security/keyfile27
-rw-r--r--kubernetes/aai/charts/aai-champ/templates/deployment.yaml36
-rw-r--r--kubernetes/aai/charts/aai-champ/templates/secrets.yaml18
-rw-r--r--kubernetes/aai/charts/aai-champ/values.yaml1
-rw-r--r--kubernetes/aai/charts/aai-data-router/Chart.yaml2
-rw-r--r--kubernetes/aai/charts/aai-elasticsearch/Chart.yaml2
-rw-r--r--kubernetes/aai/charts/aai-gizmo/Chart.yaml2
-rw-r--r--kubernetes/aai/charts/aai-gizmo/resources/config/auth/client-cert.p12 (renamed from kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/client-cert.p12)bin2556 -> 2556 bytes
-rw-r--r--kubernetes/aai/charts/aai-gizmo/resources/config/model/edge_properties_v15.json6
-rw-r--r--kubernetes/aai/charts/aai-gizmo/resources/config/schema-ingest.properties31
-rw-r--r--kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/client-cert.p12bin2556 -> 0 bytes
-rw-r--r--kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/tomcat_keystorebin3594 -> 0 bytes
-rw-r--r--kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json10
-rw-r--r--kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/cadi.properties22
-rw-r--r--kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/security/keyfile27
-rw-r--r--kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml35
-rw-r--r--kubernetes/aai/charts/aai-gizmo/templates/secrets.yaml18
-rw-r--r--kubernetes/aai/charts/aai-gizmo/values.yaml9
-rw-r--r--kubernetes/aai/charts/aai-graphadmin/Chart.yaml2
-rw-r--r--kubernetes/aai/charts/aai-modelloader/Chart.yaml2
-rw-r--r--kubernetes/aai/charts/aai-resources/Chart.yaml2
-rw-r--r--kubernetes/aai/charts/aai-resources/resources/config/aaf/truststoreONAPall.jksbin114865 -> 0 bytes
-rw-r--r--kubernetes/aai/charts/aai-resources/templates/configmap.yaml1
-rw-r--r--kubernetes/aai/charts/aai-resources/templates/deployment.yaml139
-rw-r--r--kubernetes/aai/charts/aai-search-data/Chart.yaml2
-rw-r--r--kubernetes/aai/charts/aai-sparky-be/Chart.yaml2
-rw-r--r--kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml21
-rw-r--r--kubernetes/aai/charts/aai-spike/Chart.yaml2
-rw-r--r--kubernetes/aai/charts/aai-spike/requirements.yaml2
-rw-r--r--kubernetes/aai/charts/aai-spike/resources/config/auth/client-cert.p12bin0 -> 3617 bytes
-rw-r--r--kubernetes/aai/charts/aai-spike/resources/config/model/edge_props/edge_properties_v15.json6
-rw-r--r--kubernetes/aai/charts/aai-spike/resources/config/schema-ingest.properties28
-rw-r--r--kubernetes/aai/charts/aai-spike/values.yaml2
-rw-r--r--kubernetes/aai/charts/aai-traversal/Chart.yaml2
-rw-r--r--kubernetes/aai/charts/aai-traversal/resources/config/aaf/truststoreONAPall.jksbin114865 -> 0 bytes
-rw-r--r--kubernetes/aai/charts/aai-traversal/templates/configmap.yaml1
-rw-r--r--kubernetes/aai/charts/aai-traversal/templates/deployment.yaml68
-rw-r--r--kubernetes/aai/requirements.yaml2
-rw-r--r--kubernetes/aai/resources/config/auth/truststoreONAPall.jks (renamed from kubernetes/aai/charts/aai-sparky-be/resources/config/auth/truststoreONAPall.jks)bin117990 -> 117990 bytes
-rw-r--r--kubernetes/aai/resources/config/fproxy/auth/client-cert.p12 (renamed from kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/client-cert.p12)bin3591 -> 3591 bytes
-rw-r--r--kubernetes/aai/resources/config/fproxy/auth/fproxy_truststorebin0 -> 4639 bytes
-rw-r--r--kubernetes/aai/resources/config/fproxy/auth/tomcat_keystore (renamed from kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/tomcat_keystore)bin2214 -> 2214 bytes
-rw-r--r--kubernetes/aai/resources/config/rproxy/auth/client-cert.p12 (renamed from kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/client-cert.p12)bin2556 -> 2556 bytes
-rw-r--r--kubernetes/aai/resources/config/rproxy/auth/org.onap.aai.p12bin0 -> 4158 bytes
-rw-r--r--kubernetes/aai/resources/config/rproxy/auth/tomcat_keystore (renamed from kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/tomcat_keystore)bin3594 -> 3594 bytes
-rw-r--r--kubernetes/aai/resources/config/rproxy/security/keyfile27
-rw-r--r--kubernetes/aai/templates/configmap.yaml30
-rw-r--r--kubernetes/aai/templates/secret.yaml22
61 files changed, 530 insertions, 190 deletions
diff --git a/kubernetes/aai/Chart.yaml b/kubernetes/aai/Chart.yaml
index 48cc33b148..c4ad263008 100644
--- a/kubernetes/aai/Chart.yaml
+++ b/kubernetes/aai/Chart.yaml
@@ -16,4 +16,4 @@
apiVersion: v1
description: ONAP Active and Available Inventory
name: aai
-version: 3.0.0
+version: 4.0.0
diff --git a/kubernetes/aai/charts/aai-babel/Chart.yaml b/kubernetes/aai/charts/aai-babel/Chart.yaml
index d0311c189b..fe1a4ce241 100644
--- a/kubernetes/aai/charts/aai-babel/Chart.yaml
+++ b/kubernetes/aai/charts/aai-babel/Chart.yaml
@@ -16,4 +16,4 @@
apiVersion: v1
description: Babel microservice
name: aai-babel
-version: 3.0.0
+version: 4.0.0
diff --git a/kubernetes/aai/charts/aai-babel/requirements.yaml b/kubernetes/aai/charts/aai-babel/requirements.yaml
index 6566196ceb..78e822edf8 100644
--- a/kubernetes/aai/charts/aai-babel/requirements.yaml
+++ b/kubernetes/aai/charts/aai-babel/requirements.yaml
@@ -15,7 +15,7 @@
dependencies:
- name: common
- version: ~3.0.0
+ version: ~4.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
diff --git a/kubernetes/aai/charts/aai-babel/resources/config/filter-types.properties b/kubernetes/aai/charts/aai-babel/resources/config/filter-types.properties
deleted file mode 100644
index fcf139f644..0000000000
--- a/kubernetes/aai/charts/aai-babel/resources/config/filter-types.properties
+++ /dev/null
@@ -1 +0,0 @@
-AAI.instance-group-types=org.openecomp.groups.NetworkCollection,org.openecomp.groups.VfcInstanceGroup
diff --git a/kubernetes/aai/charts/aai-babel/resources/config/tosca-mappings.json b/kubernetes/aai/charts/aai-babel/resources/config/tosca-mappings.json
new file mode 100644
index 0000000000..0d306ea923
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/config/tosca-mappings.json
@@ -0,0 +1,53 @@
+{
+ "instanceGroupTypes": [
+ "org.openecomp.groups.NetworkCollection",
+ "org.openecomp.groups.VfcInstanceGroup",
+ "org.openecomp.groups.ResourceInstanceGroup"
+ ],
+ "widgetMappings": [
+ {
+ "prefix": "org.openecomp.resource.vfc",
+ "type": "widget",
+ "widget": "VSERVER",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.resource.cp",
+ "type": "widget",
+ "widget": "LINT",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.cp",
+ "type": "widget",
+ "widget": "LINT",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.resource.vl",
+ "widget": "L3_NET",
+ "deleteFlag": false
+ },
+ {
+ "prefix": "org.openecomp.resource.vf",
+ "widget": "VF",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.groups.vfmodule",
+ "widget": "VFMODULE",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.groups.VfModule",
+ "widget": "VFMODULE",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.resource.vfc.nodes.heat.cinder",
+ "type": "widget",
+ "widget": "VOLUME",
+ "deleteFlag": true
+ }
+ ]
+}
diff --git a/kubernetes/aai/charts/aai-babel/templates/deployment.yaml b/kubernetes/aai/charts/aai-babel/templates/deployment.yaml
index 5ac0792a2a..4f0e9dd2c4 100644
--- a/kubernetes/aai/charts/aai-babel/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-babel/templates/deployment.yaml
@@ -84,9 +84,9 @@ spec:
- mountPath: /opt/app/babel/config/artifact-generator.properties
name: {{ include "common.fullname" . }}-config
subPath: artifact-generator.properties
- - mountPath: /opt/app/babel/config/filter-types.properties
+ - mountPath: /opt/app/babel/config/tosca-mappings.json
name: {{ include "common.fullname" . }}-config
- subPath: filter-types.properties
+ subPath: tosca-mappings.json
- mountPath: /opt/app/babel/config/babel-auth.properties
name: {{ include "common.fullname" . }}-config
subPath: babel-auth.properties
@@ -204,8 +204,8 @@ spec:
items:
- key: artifact-generator.properties
path: artifact-generator.properties
- - key: filter-types.properties
- path: filter-types.properties
+ - key: tosca-mappings.json
+ path: tosca-mappings.json
- key: babel-auth.properties
path: babel-auth.properties
- key: logback.xml
diff --git a/kubernetes/aai/charts/aai-cassandra/Chart.yaml b/kubernetes/aai/charts/aai-cassandra/Chart.yaml
index 1de4ecf177..3987a111c0 100644
--- a/kubernetes/aai/charts/aai-cassandra/Chart.yaml
+++ b/kubernetes/aai/charts/aai-cassandra/Chart.yaml
@@ -16,4 +16,4 @@
apiVersion: v1
description: ONAP AAI Cassandra
name: aai-cassandra
-version: 3.0.0
+version: 4.0.0
diff --git a/kubernetes/aai/charts/aai-cassandra/templates/statefulset.yaml b/kubernetes/aai/charts/aai-cassandra/templates/statefulset.yaml
index 4a8ae39270..a576eba60d 100644
--- a/kubernetes/aai/charts/aai-cassandra/templates/statefulset.yaml
+++ b/kubernetes/aai/charts/aai-cassandra/templates/statefulset.yaml
@@ -127,5 +127,6 @@ spec:
storage: {{ .Values.persistence.size | quote }}
selector:
matchLabels:
+ app: {{ include "common.name" . }}
release: "{{ .Release.Name }}"
{{- end }}
diff --git a/kubernetes/aai/charts/aai-champ/Chart.yaml b/kubernetes/aai/charts/aai-champ/Chart.yaml
index 5276f75fc7..a41a49ea07 100644
--- a/kubernetes/aai/charts/aai-champ/Chart.yaml
+++ b/kubernetes/aai/charts/aai-champ/Chart.yaml
@@ -16,4 +16,4 @@
apiVersion: v1
description: ONAP AAI Champ microservice
name: aai-champ
-version: 3.0.0
+version: 4.0.0
diff --git a/kubernetes/aai/charts/aai-champ/requirements.yaml b/kubernetes/aai/charts/aai-champ/requirements.yaml
index 6566196ceb..78e822edf8 100644
--- a/kubernetes/aai/charts/aai-champ/requirements.yaml
+++ b/kubernetes/aai/charts/aai-champ/requirements.yaml
@@ -15,7 +15,7 @@
dependencies:
- name: common
- version: ~3.0.0
+ version: ~4.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
diff --git a/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/tomcat_keystore
deleted file mode 100644
index f3ac0701a2..0000000000
--- a/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/tomcat_keystore
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/uri-authorization.json
index 2865e01cd6..ca34049ec2 100644
--- a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/uri-authorization.json
+++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/uri-authorization.json
@@ -82,18 +82,18 @@
"permissions": [
"test\\.auth\\.access\\|services\\|GET,PUT",
"\\|services\\|GET"
- ]
+ ]
},
{
"uri": "\/services\/inventory\/.*",
"permissions": [
- "org\\.access\\|\\*\\|\\*"
- ]
+ "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
+ ]
},
{
- "uri": "\/services\/champ-service\/.*",
- "permissions": [
- "org\\.access\\|\\*\\|\\*"
- ]
- }
+ "uri": "\/services\/champ-service\/.*",
+ "permissions": [
+ "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
+ ]
+ }
]
diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/cadi.properties b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/cadi.properties
index 33daa73b67..1878a4de70 100644
--- a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/cadi.properties
+++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/cadi.properties
@@ -9,13 +9,27 @@
#hostname=test.aic.cip.att.com
cadi_loglevel=DEBUG
-cadi_keyfile=/opt/app/rproxy/config/security/keyfile
+# OAuth2
+aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token
+aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect
+
+cadi_latitude=37.78187
+cadi_longitude=-122.26147
+
+# Locate URL (which AAF Env)
+aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
+
+# AAF URL
+aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0
+
+cadi_keyfile=/opt/app/rproxy/config/security/keyfile
+cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12
+cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV
+cadi_alias=aai@aai.onap.org
cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-# Configure AAF
-aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}}
aaf_env=DEV
aaf_id=demo@people.osaaf.org
diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/security/keyfile b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/security/keyfile
deleted file mode 100644
index 6cd12fcfb4..0000000000
--- a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/security/keyfile
+++ /dev/null
@@ -1,27 +0,0 @@
-bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM
-1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29
-xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK
-BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm
-6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99
-QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm
-zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6
-x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf
-8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz
-FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz
-UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r
-banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv
-6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG
-yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB
-xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB
-lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq
-ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE
-fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v
-1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5
-liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc
-0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u
-PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm
-8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv
-dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ
--85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn
-c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J
-uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/templates/deployment.yaml b/kubernetes/aai/charts/aai-champ/templates/deployment.yaml
index aa9157fe47..537763a6db 100644
--- a/kubernetes/aai/charts/aai-champ/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-champ/templates/deployment.yaml
@@ -31,12 +31,6 @@ spec:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
spec:
- {{ if .Values.global.installSidecarSecurity }}
- hostAliases:
- - ip: {{ .Values.global.aaf.serverIp }}
- hostnames:
- - {{ .Values.global.aaf.serverHostname }}
- {{ end }}
initContainers:
- command:
- /root/ready.py
@@ -163,18 +157,18 @@ spec:
- name: {{ include "common.fullname" . }}-rproxy-log-config
mountPath: /opt/app/rproxy/config/logback-spring.xml
subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ - name: {{ include "common.fullname" . }}-rproxy-auth-certs
mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ - name: {{ include "common.fullname" . }}-rproxy-auth-certs
mountPath: /opt/app/rproxy/config/auth/client-cert.p12
subPath: client-cert.p12
+ - name: {{ include "common.fullname" . }}-rproxy-auth-certs
+ mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
+ subPath: org.onap.aai.p12
- name: {{ include "common.fullname" . }}-rproxy-auth-config
mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
subPath: uri-authorization.json
- #- name: {{ include "common.fullname" . }}-rproxy-auth-config
- # mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
- # subPath: aaf_truststore.jks
- name: {{ include "common.fullname" . }}-rproxy-security-config
mountPath: /opt/app/rproxy/config/security/keyfile
subPath: keyfile
@@ -189,7 +183,9 @@ spec:
- name: CONFIG_HOME
value: "/opt/app/fproxy/config"
- name: KEY_STORE_PASSWORD
- value: {{ .Values.config.keyStorePassword }}
+ value: {{ .Values.config.keyStorePassword }}
+ - name: TRUST_STORE_PASSWORD
+ value: {{ .Values.config.trustStorePassword }}
- name: spring_profiles_active
value: {{ .Values.global.fproxy.activeSpringProfiles }}
volumeMounts:
@@ -199,10 +195,13 @@ spec:
- name: {{ include "common.fullname" . }}-fproxy-log-config
mountPath: /opt/app/fproxy/config/logback-spring.xml
subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ - name: {{ include "common.fullname" . }}-fproxy-auth-certs
mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ - name: {{ include "common.fullname" . }}-fproxy-auth-certs
+ mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
+ subPath: fproxy_truststore
+ - name: {{ include "common.fullname" . }}-fproxy-auth-certs
mountPath: /opt/app/fproxy/config/auth/client-cert.p12
subPath: client-cert.p12
ports:
@@ -251,18 +250,21 @@ spec:
- name: {{ include "common.fullname" . }}-rproxy-auth-config
secret:
secretName: {{ include "common.fullname" . }}-rproxy-auth-config
+ - name: {{ include "common.fullname" . }}-rproxy-auth-certs
+ secret:
+ secretName: aai-rproxy-auth-certs
- name: {{ include "common.fullname" . }}-rproxy-security-config
secret:
- secretName: {{ include "common.fullname" . }}-rproxy-security-config
+ secretName: aai-rproxy-security-config
- name: {{ include "common.fullname" . }}-fproxy-config
configMap:
name: {{ include "common.fullname" . }}-fproxy-config
- name: {{ include "common.fullname" . }}-fproxy-log-config
configMap:
name: {{ include "common.fullname" . }}-fproxy-log-config
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ - name: {{ include "common.fullname" . }}-fproxy-auth-certs
secret:
- secretName: {{ include "common.fullname" . }}-fproxy-auth-config
+ secretName: aai-fproxy-auth-certs
{{ end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/charts/aai-champ/templates/secrets.yaml b/kubernetes/aai/charts/aai-champ/templates/secrets.yaml
index a0a1519c26..b0a62f63f6 100644
--- a/kubernetes/aai/charts/aai-champ/templates/secrets.yaml
+++ b/kubernetes/aai/charts/aai-champ/templates/secrets.yaml
@@ -42,27 +42,9 @@ data:
apiVersion: v1
kind: Secret
metadata:
- name: {{ include "common.fullname" . }}-fproxy-auth-config
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
name: {{ include "common.fullname" . }}-rproxy-auth-config
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-security-config
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
{{ end }} \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/values.yaml b/kubernetes/aai/charts/aai-champ/values.yaml
index b865b0050e..b1ce34dd1d 100644
--- a/kubernetes/aai/charts/aai-champ/values.yaml
+++ b/kubernetes/aai/charts/aai-champ/values.yaml
@@ -33,6 +33,7 @@ flavor: small
config:
keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+ trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
# default number of instances
replicaCount: 1
diff --git a/kubernetes/aai/charts/aai-data-router/Chart.yaml b/kubernetes/aai/charts/aai-data-router/Chart.yaml
index da4de97ffd..47f9f312c7 100644
--- a/kubernetes/aai/charts/aai-data-router/Chart.yaml
+++ b/kubernetes/aai/charts/aai-data-router/Chart.yaml
@@ -15,4 +15,4 @@
apiVersion: v1
description: ONAP AAI Data-Router
name: aai-data-router
-version: 3.0.0
+version: 4.0.0
diff --git a/kubernetes/aai/charts/aai-elasticsearch/Chart.yaml b/kubernetes/aai/charts/aai-elasticsearch/Chart.yaml
index 9b832249c1..fbc7abd0d9 100644
--- a/kubernetes/aai/charts/aai-elasticsearch/Chart.yaml
+++ b/kubernetes/aai/charts/aai-elasticsearch/Chart.yaml
@@ -15,4 +15,4 @@
apiVersion: v1
description: ONAP AAI elasticsearch
name: aai-elasticsearch
-version: 3.0.0
+version: 4.0.0
diff --git a/kubernetes/aai/charts/aai-gizmo/Chart.yaml b/kubernetes/aai/charts/aai-gizmo/Chart.yaml
index 19ba3f63b6..98dba95bf1 100644
--- a/kubernetes/aai/charts/aai-gizmo/Chart.yaml
+++ b/kubernetes/aai/charts/aai-gizmo/Chart.yaml
@@ -16,4 +16,4 @@
apiVersion: v1
description: Gizmo service
name: aai-gizmo
-version: 3.0.0
+version: 4.0.0
diff --git a/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-gizmo/resources/config/auth/client-cert.p12
index dbf4fcacec..dbf4fcacec 100644
--- a/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/client-cert.p12
+++ b/kubernetes/aai/charts/aai-gizmo/resources/config/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/charts/aai-gizmo/resources/config/model/edge_properties_v15.json b/kubernetes/aai/charts/aai-gizmo/resources/config/model/edge_properties_v15.json
new file mode 100644
index 0000000000..8d00636d27
--- /dev/null
+++ b/kubernetes/aai/charts/aai-gizmo/resources/config/model/edge_properties_v15.json
@@ -0,0 +1,6 @@
+{
+ "contains-other-v": "java.lang.String",
+ "delete-other-v": "java.lang.String",
+ "SVC-INFRA": "java.lang.String",
+ "prevent-delete": "java.lang.String"
+} \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-gizmo/resources/config/schema-ingest.properties b/kubernetes/aai/charts/aai-gizmo/resources/config/schema-ingest.properties
index 39e08edf1b..647d4d963e 100644
--- a/kubernetes/aai/charts/aai-gizmo/resources/config/schema-ingest.properties
+++ b/kubernetes/aai/charts/aai-gizmo/resources/config/schema-ingest.properties
@@ -1,22 +1,45 @@
+###############################################################################
# Schema Version Related Attributes
+###############################################################################
schema.uri.base.path=/aai
# Lists all of the versions in the schema
-schema.version.list=v9,v10,v11,v12,v13,v14
+schema.version.list=v10,v11,v12,v13,v14,v15
# Specifies from which version should the depth parameter to default to zero
-schema.version.depth.start=v9
+schema.version.depth.start=v10
# Specifies from which version should the related link be displayed in response payload
schema.version.related.link.start=v10
# Specifies from which version should the client see only the uri excluding host info
# Before this version server base will also be included
schema.version.app.root.start=v11
# Specifies from which version should the namespace be changed
-schema.version.namespace.change.start=v12
+schema.version.namespace.change.start=v11
# Specifies from which version should the client start seeing the edge label in payload
schema.version.edge.label.start=v12
# Specifies the version that the application should default to
-schema.version.api.default=v14
+schema.version.api.default=v15
+###############################################################################
+# Schema Location Related Attributes
+###############################################################################
# Schema Location Related Attributes
schema.configuration.location=NA
schema.nodes.location=/opt/app/crud-api/bundleconfig/etc/onap/oxm
schema.edges.location=/opt/app/crud-api/bundleconfig/etc/onap/dbedgerules
+
+###############################################################################
+# Schema Service Related Attributes
+###############################################################################
+# Specifies whether to use the schema service or local schema files
+schema.translator.list=config
+
+schema.service.base.url=https://<host>:8452/aai/schema-service/v1/
+schema.service.nodes.endpoint=nodes?version=
+schema.service.edges.endpoint=edgerules?version=
+schema.service.versions.endpoint=versions
+
+#Default rest client is the two-way-ssl
+schema.service.client=two-way-ssl
+#Replace the below with the A&AI client key store
+schema.service.ssl.key-store=${CONFIG_HOME}/auth/client-cert.p12
+#Replace the below with the A&AI tomcat trust store
+schema.service.ssl.trust-store=${CONFIG_HOME}/auth/tomcat_keystore \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/client-cert.p12
deleted file mode 100644
index dbf4fcacec..0000000000
--- a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/client-cert.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/tomcat_keystore
deleted file mode 100644
index 99129c145f..0000000000
--- a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/tomcat_keystore
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json
index e468b3d7bd..54d5de2721 100644
--- a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json
+++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json
@@ -82,18 +82,18 @@
"permissions": [
"test\\.auth\\.access\\|services\\|GET,PUT",
"\\|services\\|GET"
- ]
+ ]
},
{
"uri": "\/services\/inventory\/.*",
"permissions": [
- "org\\.access\\|\\*\\|\\*"
- ]
+ "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
+ ]
},
{
"uri": "\/services\/gizmo\/.*",
"permissions": [
- "org\\.access\\|\\*\\|\\*"
- ]
+ "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
+ ]
}
]
diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/cadi.properties b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/cadi.properties
index a82e38caf6..51ac56a88d 100644
--- a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/cadi.properties
+++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/cadi.properties
@@ -9,17 +9,31 @@
#hostname=test.aic.cip.att.com
cadi_loglevel=DEBUG
-cadi_keyfile=/opt/app/rproxy/config/security/keyfile
+# OAuth2
+aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token
+aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect
+
+cadi_latitude=37.78187
+cadi_longitude=-122.26147
+
+# Locate URL (which AAF Env)
+aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
+
+# AAF URL
+aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0
+
+cadi_keyfile=/opt/app/rproxy/config/security/keyfile
+cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12
+cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV
+cadi_alias=aai@aai.onap.org
cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-# Configure AAF
-aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}}
aaf_env=DEV
aaf_id=demo@people.osaaf.org
aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
# This is a colon separated list of client cert issuers
-cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
+cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/security/keyfile b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/security/keyfile
deleted file mode 100644
index 6cd12fcfb4..0000000000
--- a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/security/keyfile
+++ /dev/null
@@ -1,27 +0,0 @@
-bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM
-1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29
-xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK
-BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm
-6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99
-QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm
-zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6
-x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf
-8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz
-FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz
-UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r
-banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv
-6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG
-yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB
-xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB
-lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq
-ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE
-fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v
-1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5
-liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc
-0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u
-PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm
-8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv
-dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ
--85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn
-c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J
-uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml b/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml
index 0a30388279..e01e7387a4 100644
--- a/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml
@@ -32,11 +32,6 @@ spec:
release: {{ .Release.Name }}
spec:
{{ if .Values.global.installSidecarSecurity }}
- hostAliases:
- - ip: {{ .Values.global.aaf.serverIp }}
- hostnames:
- - {{ .Values.global.aaf.serverHostname }}
-
initContainers:
- name: {{ .Values.global.tproxyConfig.name }}
image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
@@ -57,12 +52,14 @@ spec:
tcpSocket:
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
tcpSocket:
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: CONFIG_HOME
@@ -154,18 +151,18 @@ spec:
- name: {{ include "common.fullname" . }}-rproxy-log-config
mountPath: /opt/app/rproxy/config/logback-spring.xml
subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ - name: {{ include "common.fullname" . }}-rproxy-auth-certs
mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ - name: {{ include "common.fullname" . }}-rproxy-auth-certs
mountPath: /opt/app/rproxy/config/auth/client-cert.p12
subPath: client-cert.p12
+ - name: {{ include "common.fullname" . }}-rproxy-auth-certs
+ mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
+ subPath: org.onap.aai.p12
- name: {{ include "common.fullname" . }}-rproxy-auth-config
mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
subPath: uri-authorization.json
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
- subPath: aaf_truststore.jks
- name: {{ include "common.fullname" . }}-rproxy-security-config
mountPath: /opt/app/rproxy/config/security/keyfile
subPath: keyfile
@@ -181,6 +178,8 @@ spec:
value: "/opt/app/fproxy/config"
- name: KEY_STORE_PASSWORD
value: {{ .Values.config.keyStorePassword }}
+ - name: TRUST_STORE_PASSWORD
+ value: {{ .Values.config.trustStorePassword }}
- name: spring_profiles_active
value: {{ .Values.global.fproxy.activeSpringProfiles }}
volumeMounts:
@@ -190,10 +189,13 @@ spec:
- name: {{ include "common.fullname" . }}-fproxy-log-config
mountPath: /opt/app/fproxy/config/logback-spring.xml
subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ - name: {{ include "common.fullname" . }}-fproxy-auth-certs
mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ - name: {{ include "common.fullname" . }}-fproxy-auth-certs
+ mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
+ subPath: fproxy_truststore
+ - name: {{ include "common.fullname" . }}-fproxy-auth-certs
mountPath: /opt/app/fproxy/config/auth/client-cert.p12
subPath: client-cert.p12
ports:
@@ -245,18 +247,21 @@ spec:
- name: {{ include "common.fullname" . }}-rproxy-auth-config
secret:
secretName: {{ include "common.fullname" . }}-rproxy-auth-config
+ - name: {{ include "common.fullname" . }}-rproxy-auth-certs
+ secret:
+ secretName: aai-rproxy-auth-certs
- name: {{ include "common.fullname" . }}-rproxy-security-config
secret:
- secretName: {{ include "common.fullname" . }}-rproxy-security-config
+ secretName: aai-rproxy-security-config
- name: {{ include "common.fullname" . }}-fproxy-config
configMap:
name: {{ include "common.fullname" . }}-fproxy-config
- name: {{ include "common.fullname" . }}-fproxy-log-config
configMap:
name: {{ include "common.fullname" . }}-fproxy-log-config
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ - name: {{ include "common.fullname" . }}-fproxy-auth-certs
secret:
- secretName: {{ include "common.fullname" . }}-fproxy-auth-config
+ secretName: aai-fproxy-auth-certs
{{ end }}
imagePullSecrets:
diff --git a/kubernetes/aai/charts/aai-gizmo/templates/secrets.yaml b/kubernetes/aai/charts/aai-gizmo/templates/secrets.yaml
index 7db76055d1..96c3424476 100644
--- a/kubernetes/aai/charts/aai-gizmo/templates/secrets.yaml
+++ b/kubernetes/aai/charts/aai-gizmo/templates/secrets.yaml
@@ -46,27 +46,9 @@ data:
apiVersion: v1
kind: Secret
metadata:
- name: {{ include "common.fullname" . }}-fproxy-auth-config
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
name: {{ include "common.fullname" . }}-rproxy-auth-config
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-security-config
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
{{ end }}
diff --git a/kubernetes/aai/charts/aai-gizmo/values.yaml b/kubernetes/aai/charts/aai-gizmo/values.yaml
index 9d93663175..9fbe8529c9 100644
--- a/kubernetes/aai/charts/aai-gizmo/values.yaml
+++ b/kubernetes/aai/charts/aai-gizmo/values.yaml
@@ -23,12 +23,13 @@ global:
#################################################################
# application image
-image: onap/gizmo:1.3.0
+image: onap/gizmo:1.4-STAGING-latest
flavor: small
# application configuration
config:
keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+ trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
# default number of instances
replicaCount: 1
@@ -39,14 +40,16 @@ affinity: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 10
+ initialDelaySeconds: 60
+ timeoutSeconds: 10
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
- initialDelaySeconds: 10
+ initialDelaySeconds: 60
+ timeoutSeconds: 10
periodSeconds: 10
service:
diff --git a/kubernetes/aai/charts/aai-graphadmin/Chart.yaml b/kubernetes/aai/charts/aai-graphadmin/Chart.yaml
index a052da8046..7772ab0753 100644
--- a/kubernetes/aai/charts/aai-graphadmin/Chart.yaml
+++ b/kubernetes/aai/charts/aai-graphadmin/Chart.yaml
@@ -20,4 +20,4 @@
apiVersion: v1
description: ONAP AAI GraphAdmin
name: aai-graphadmin
-version: 3.0.0
+version: 4.0.0
diff --git a/kubernetes/aai/charts/aai-modelloader/Chart.yaml b/kubernetes/aai/charts/aai-modelloader/Chart.yaml
index e2b0027337..908e11b29b 100644
--- a/kubernetes/aai/charts/aai-modelloader/Chart.yaml
+++ b/kubernetes/aai/charts/aai-modelloader/Chart.yaml
@@ -15,4 +15,4 @@
apiVersion: v1
description: ONAP AAI modelloader
name: aai-modelloader
-version: 3.0.0
+version: 4.0.0
diff --git a/kubernetes/aai/charts/aai-resources/Chart.yaml b/kubernetes/aai/charts/aai-resources/Chart.yaml
index 2954c7f077..12464b5a49 100644
--- a/kubernetes/aai/charts/aai-resources/Chart.yaml
+++ b/kubernetes/aai/charts/aai-resources/Chart.yaml
@@ -16,4 +16,4 @@
apiVersion: v1
description: ONAP AAI resources
name: aai-resources
-version: 3.0.0
+version: 4.0.0
diff --git a/kubernetes/aai/charts/aai-resources/resources/config/aaf/truststoreONAPall.jks b/kubernetes/aai/charts/aai-resources/resources/config/aaf/truststoreONAPall.jks
deleted file mode 100644
index 2da1dcc4b4..0000000000
--- a/kubernetes/aai/charts/aai-resources/resources/config/aaf/truststoreONAPall.jks
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/charts/aai-resources/templates/configmap.yaml b/kubernetes/aai/charts/aai-resources/templates/configmap.yaml
index 4fd939dbd0..b5a7fc562f 100644
--- a/kubernetes/aai/charts/aai-resources/templates/configmap.yaml
+++ b/kubernetes/aai/charts/aai-resources/templates/configmap.yaml
@@ -134,7 +134,6 @@ type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/aaf/truststoreONAPall.jks").AsSecrets . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
{{ if .Values.global.installSidecarSecurity }}
diff --git a/kubernetes/aai/charts/aai-resources/templates/deployment.yaml b/kubernetes/aai/charts/aai-resources/templates/deployment.yaml
index 8d7b740276..cac8f4b89f 100644
--- a/kubernetes/aai/charts/aai-resources/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-resources/templates/deployment.yaml
@@ -71,6 +71,17 @@ spec:
"path": "/aai/v13/cloud-infrastructure"
},
{
+ "serviceName": "_aai-cloudInfrastructure",
+ "version": "v14",
+ "url": "/aai/v14/cloud-infrastructure",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v14/cloud-infrastructure"
+ },
+ {
"serviceName": "_aai-business",
"version": "v11",
"url": "/aai/v11/business",
@@ -104,6 +115,17 @@ spec:
"path": "/aai/v13/business"
},
{
+ "serviceName": "_aai-business",
+ "version": "v14",
+ "url": "/aai/v14/business",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v14/business"
+ },
+ {
"serviceName": "_aai-actions",
"version": "v11",
"url": "/aai/v11/actions",
@@ -137,6 +159,17 @@ spec:
"path": "/aai/v13/actions"
},
{
+ "serviceName": "_aai-actions",
+ "version": "v14",
+ "url": "/aai/v14/actions",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v14/actions"
+ },
+ {
"serviceName": "_aai-service-design-and-creation",
"version": "v11",
"url": "/aai/v11/service-design-and-creation",
@@ -170,6 +203,17 @@ spec:
"path": "/aai/v13/service-design-and-creation"
},
{
+ "serviceName": "_aai-service-design-and-creation",
+ "version": "v14",
+ "url": "/aai/v14/service-design-and-creation",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v14/service-design-and-creation"
+ },
+ {
"serviceName": "_aai-network",
"version": "v11",
"url": "/aai/v11/network",
@@ -203,6 +247,17 @@ spec:
"path": "/aai/v13/network"
},
{
+ "serviceName": "_aai-network",
+ "version": "v14",
+ "url": "/aai/v14/network",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v14/network"
+ },
+ {
"serviceName": "_aai-externalSystem",
"version": "v11",
"url": "/aai/v11/external-system",
@@ -212,7 +267,7 @@ spec:
"lb_policy":"ip_hash",
"visualRange": "1",
"path": "/aai/v11/external-system"
- },
+ },
{
"serviceName": "_aai-externalSystem",
"version": "v12",
@@ -223,7 +278,7 @@ spec:
"lb_policy":"ip_hash",
"visualRange": "1",
"path": "/aai/v12/external-system"
- },
+ },
{
"serviceName": "_aai-externalSystem",
"version": "v13",
@@ -236,6 +291,17 @@ spec:
"path": "/aai/v13/external-system"
},
{
+ "serviceName": "_aai-externalSystem",
+ "version": "v14",
+ "url": "/aai/v14/external-system",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v14/external-system"
+ },
+ {
"serviceName": "aai-cloudInfrastructure",
"version": "v11",
"url": "/aai/v11/cloud-infrastructure",
@@ -266,6 +332,16 @@ spec:
"visualRange": "1"
},
{
+ "serviceName": "aai-cloudInfrastructure",
+ "version": "v14",
+ "url": "/aai/v14/cloud-infrastructure",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
"serviceName": "aai-business",
"version": "v11",
"url": "/aai/v11/business",
@@ -296,6 +372,16 @@ spec:
"visualRange": "1"
},
{
+ "serviceName": "aai-business",
+ "version": "v14",
+ "url": "/aai/v14/business",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
"serviceName": "aai-actions",
"version": "v11",
"url": "/aai/v11/actions",
@@ -326,6 +412,16 @@ spec:
"visualRange": "1"
},
{
+ "serviceName": "aai-actions",
+ "version": "v14",
+ "url": "/aai/v14/actions",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
"serviceName": "aai-service-design-and-creation",
"version": "v11",
"url": "/aai/v11/service-design-and-creation",
@@ -356,6 +452,16 @@ spec:
"visualRange": "1"
},
{
+ "serviceName": "aai-service-design-and-creation",
+ "version": "v14",
+ "url": "/aai/v14/service-design-and-creation",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
"serviceName": "aai-network",
"version": "v11",
"url": "/aai/v11/network",
@@ -386,6 +492,16 @@ spec:
"visualRange": "1"
},
{
+ "serviceName": "aai-network",
+ "version": "v14",
+ "url": "/aai/v14/network",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
"serviceName": "aai-externalSystem",
"version": "v11",
"url": "/aai/v11/external-system",
@@ -394,7 +510,7 @@ spec:
"enable_ssl": true,
"lb_policy":"ip_hash",
"visualRange": "1"
- },
+ },
{
"serviceName": "aai-externalSystem",
"version": "v12",
@@ -404,7 +520,7 @@ spec:
"enable_ssl": true,
"lb_policy":"ip_hash",
"visualRange": "1"
- },
+ },
{
"serviceName": "aai-externalSystem",
"version": "v13",
@@ -414,6 +530,16 @@ spec:
"enable_ssl": true,
"lb_policy":"ip_hash",
"visualRange": "1"
+ },
+ {
+ "serviceName": "aai-externalSystem",
+ "version": "v14",
+ "url": "/aai/v14/external-system",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
}
]'
spec:
@@ -515,7 +641,7 @@ spec:
name: {{ include "common.fullname" . }}-aaf-certs
subPath: org.onap.aai.p12
- mountPath: /opt/app/aai-resources/resources/aaf/truststoreONAPall.jks
- name: {{ include "common.fullname" . }}-aaf-certs
+ name: aai-common-aai-auth-mount
subPath: truststoreONAPall.jks
- mountPath: /opt/app/aai-resources/resources/application.properties
name: {{ include "common.fullname" . }}-springapp-conf
@@ -647,6 +773,9 @@ spec:
{{ end }}
volumes:
+ - name: aai-common-aai-auth-mount
+ secret:
+ secretName: aai-common-aai-auth
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/aai/charts/aai-search-data/Chart.yaml b/kubernetes/aai/charts/aai-search-data/Chart.yaml
index f0f24db189..9cf35239a0 100644
--- a/kubernetes/aai/charts/aai-search-data/Chart.yaml
+++ b/kubernetes/aai/charts/aai-search-data/Chart.yaml
@@ -15,4 +15,4 @@
apiVersion: v1
description: ONAP AAI search-data
name: aai-search-data
-version: 3.0.0
+version: 4.0.0
diff --git a/kubernetes/aai/charts/aai-sparky-be/Chart.yaml b/kubernetes/aai/charts/aai-sparky-be/Chart.yaml
index 5ba96af086..e10a0b917e 100644
--- a/kubernetes/aai/charts/aai-sparky-be/Chart.yaml
+++ b/kubernetes/aai/charts/aai-sparky-be/Chart.yaml
@@ -15,4 +15,4 @@
apiVersion: v1
description: ONAP AAI sparky-be
name: aai-sparky-be
-version: 3.0.0
+version: 4.0.0
diff --git a/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml
index d622be662d..ac9cf77fbb 100644
--- a/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml
@@ -63,8 +63,21 @@ spec:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /opt/app/sparky/config/auth/
+ - mountPath: /opt/app/sparky/config/auth/client-cert-onap.p12
name: {{ include "common.fullname" . }}-auth-config
+ subPath: client-cert-onap.p12
+
+ - mountPath: /opt/app/sparky/config/auth/csp-cookie-filter.properties
+ name: {{ include "common.fullname" . }}-auth-config
+ subPath: csp-cookie-filter.properties
+
+ - mountPath: /opt/app/sparky/config/auth/org.onap.aai.p12
+ name: {{ include "common.fullname" . }}-auth-config
+ subPath: org.onap.aai.p12
+
+ - mountPath: /opt/app/sparky/config/auth/truststoreONAPall.jks
+ name: aai-common-aai-auth-mount
+ subPath: truststoreONAPall.jks
- mountPath: /opt/app/sparky/config/portal/
name: {{ include "common.fullname" . }}-portal-config
@@ -109,7 +122,6 @@ spec:
ports:
- containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
@@ -172,6 +184,11 @@ spec:
- name: {{ include "common.fullname" . }}-auth-config
secret:
secretName: {{ include "common.fullname" . }}
+
+ - name: aai-common-aai-auth-mount
+ secret:
+ secretName: aai-common-aai-auth
+
- name: filebeat-conf
configMap:
name: aai-filebeat
diff --git a/kubernetes/aai/charts/aai-spike/Chart.yaml b/kubernetes/aai/charts/aai-spike/Chart.yaml
index 4f43b242eb..587b84c537 100644
--- a/kubernetes/aai/charts/aai-spike/Chart.yaml
+++ b/kubernetes/aai/charts/aai-spike/Chart.yaml
@@ -15,4 +15,4 @@
apiVersion: v1
description: ONAP AAI Spike microservice
name: aai-spike
-version: 3.0.0 \ No newline at end of file
+version: 4.0.0 \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-spike/requirements.yaml b/kubernetes/aai/charts/aai-spike/requirements.yaml
index ebeaffff74..8915b751c5 100644
--- a/kubernetes/aai/charts/aai-spike/requirements.yaml
+++ b/kubernetes/aai/charts/aai-spike/requirements.yaml
@@ -14,7 +14,7 @@
dependencies:
- name: common
- version: ~3.0.0
+ version: ~4.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
diff --git a/kubernetes/aai/charts/aai-spike/resources/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-spike/resources/config/auth/client-cert.p12
new file mode 100644
index 0000000000..d9fe86e4ec
--- /dev/null
+++ b/kubernetes/aai/charts/aai-spike/resources/config/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/charts/aai-spike/resources/config/model/edge_props/edge_properties_v15.json b/kubernetes/aai/charts/aai-spike/resources/config/model/edge_props/edge_properties_v15.json
new file mode 100644
index 0000000000..8d00636d27
--- /dev/null
+++ b/kubernetes/aai/charts/aai-spike/resources/config/model/edge_props/edge_properties_v15.json
@@ -0,0 +1,6 @@
+{
+ "contains-other-v": "java.lang.String",
+ "delete-other-v": "java.lang.String",
+ "SVC-INFRA": "java.lang.String",
+ "prevent-delete": "java.lang.String"
+} \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-spike/resources/config/schema-ingest.properties b/kubernetes/aai/charts/aai-spike/resources/config/schema-ingest.properties
index 7cec524c95..15697615df 100644
--- a/kubernetes/aai/charts/aai-spike/resources/config/schema-ingest.properties
+++ b/kubernetes/aai/charts/aai-spike/resources/config/schema-ingest.properties
@@ -22,28 +22,44 @@
#######################################
# Schema Version Related Attributes
#######################################
-
schema.uri.base.path=/aai
# Lists all of the versions in the schema
-schema.version.list=v8,v9,v10,v11,v12,v13,v14
+schema.version.list=v10,v11,v12,v13,v14,v15
# Specifies from which version should the depth parameter to default to zero
-schema.version.depth.start=v9
+schema.version.depth.start=v10
# Specifies from which version should the related link be displayed in response payload
schema.version.related.link.start=v10
# Specifies from which version should the client see only the uri excluding host info
# Before this version server base will also be included
schema.version.app.root.start=v11
# Specifies from which version should the namespace be changed
-schema.version.namespace.change.start=v12
+schema.version.namespace.change.start=v11
# Specifies from which version should the client start seeing the edge label in payload
schema.version.edge.label.start=v12
# Specifies the version that the application should default to
-schema.version.api.default=v14
+schema.version.api.default=v15
#######################################
# Schema Location Related Attributes
#######################################
-
schema.configuration.location=NA
schema.nodes.location=/opt/app/spike/bundleconfig/etc/onap/oxm
schema.edges.location=/opt/app/spike/bundleconfig/etc/onap/dbedgerules
+
+###############################################################################
+# Schema Service Related Attributes
+###############################################################################
+# Specifies whether to use the schema service (schema-service) or local schema files (config)
+schema.translator.list=config
+
+schema.service.base.url=https://<host>:8452/aai/schema-service/v1/
+schema.service.nodes.endpoint=nodes?version=
+schema.service.edges.endpoint=edgerules?version=
+schema.service.versions.endpoint=versions
+
+#Default rest client is the two-way-ssl
+schema.service.client=two-way-ssl
+#Replace the below with the A&AI client key store
+schema.service.ssl.key-store=${CONFIG_HOME}/auth/client-cert.p12
+#Replace the below with the A&AI tomcat trust store
+schema.service.ssl.trust-store=${CONFIG_HOME}/auth/tomcat_keystore
diff --git a/kubernetes/aai/charts/aai-spike/values.yaml b/kubernetes/aai/charts/aai-spike/values.yaml
index 0a6850b1a8..40bfbea208 100644
--- a/kubernetes/aai/charts/aai-spike/values.yaml
+++ b/kubernetes/aai/charts/aai-spike/values.yaml
@@ -24,7 +24,7 @@ global:
#################################################################
# application image
-image: onap/spike:1.3.1
+image: onap/spike:1.4-STAGING-latest
flavor: small
# application configuration
config:
diff --git a/kubernetes/aai/charts/aai-traversal/Chart.yaml b/kubernetes/aai/charts/aai-traversal/Chart.yaml
index f7e6a12bed..0470d0ac7f 100644
--- a/kubernetes/aai/charts/aai-traversal/Chart.yaml
+++ b/kubernetes/aai/charts/aai-traversal/Chart.yaml
@@ -15,4 +15,4 @@
apiVersion: v1
description: ONAP AAI traversal
name: aai-traversal
-version: 3.0.0
+version: 4.0.0
diff --git a/kubernetes/aai/charts/aai-traversal/resources/config/aaf/truststoreONAPall.jks b/kubernetes/aai/charts/aai-traversal/resources/config/aaf/truststoreONAPall.jks
deleted file mode 100644
index 2da1dcc4b4..0000000000
--- a/kubernetes/aai/charts/aai-traversal/resources/config/aaf/truststoreONAPall.jks
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/charts/aai-traversal/templates/configmap.yaml b/kubernetes/aai/charts/aai-traversal/templates/configmap.yaml
index 79d6abd6c0..106031edbc 100644
--- a/kubernetes/aai/charts/aai-traversal/templates/configmap.yaml
+++ b/kubernetes/aai/charts/aai-traversal/templates/configmap.yaml
@@ -133,5 +133,4 @@ type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/aaf/truststoreONAPall.jks").AsSecrets . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
diff --git a/kubernetes/aai/charts/aai-traversal/templates/deployment.yaml b/kubernetes/aai/charts/aai-traversal/templates/deployment.yaml
index 834ab322cd..3785de0bba 100644
--- a/kubernetes/aai/charts/aai-traversal/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-traversal/templates/deployment.yaml
@@ -71,6 +71,17 @@ spec:
"path": "/aai/v13/search/generic-query"
},
{
+ "serviceName": "_aai-generic-query",
+ "version": "v14",
+ "url": "/aai/v14/search/generic-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v14/search/generic-query"
+ },
+ {
"serviceName": "_aai-nodes-query",
"version": "v11",
"url": "/aai/v11/search/nodes-query",
@@ -104,6 +115,17 @@ spec:
"path": "/aai/v13/search/nodes-query"
},
{
+ "serviceName": "_aai-nodes-query",
+ "version": "v14",
+ "url": "/aai/v14/search/nodes-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v14/search/nodes-query"
+ },
+ {
"serviceName": "_aai-query",
"version": "v11",
"url": "/aai/v11/query",
@@ -137,6 +159,17 @@ spec:
"path": "/aai/v13/query"
},
{
+ "serviceName": "_aai-query",
+ "version": "v14",
+ "url": "/aai/v14/query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v14/query"
+ },
+ {
"serviceName": "_aai-named-query",
"url": "/aai/search",
"protocol": "REST",
@@ -177,6 +210,16 @@ spec:
"visualRange": "1"
},
{
+ "serviceName": "aai-generic-query",
+ "version": "v14",
+ "url": "/aai/v14/search/generic-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
"serviceName": "aai-nodes-query",
"version": "v11",
"url": "/aai/v11/search/nodes-query",
@@ -207,6 +250,16 @@ spec:
"visualRange": "1"
},
{
+ "serviceName": "aai-nodes-query",
+ "version": "v14",
+ "url": "/aai/v14/search/nodes-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
"serviceName": "aai-query",
"version": "v11",
"url": "/aai/v11/query",
@@ -237,6 +290,16 @@ spec:
"visualRange": "1"
},
{
+ "serviceName": "aai-query",
+ "version": "v14",
+ "url": "/aai/v14/query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
"serviceName": "aai-named-query",
"url": "/aai/search",
"protocol": "REST",
@@ -329,7 +392,7 @@ spec:
name: {{ include "common.fullname" . }}-aaf-certs
subPath: org.onap.aai.p12
- mountPath: /opt/app/aai-traversal/resources/aaf/truststoreONAPall.jks
- name: {{ include "common.fullname" . }}-aaf-certs
+ name: aai-common-aai-auth-mount
subPath: truststoreONAPall.jks
- mountPath: /opt/app/aai-traversal/resources/application.properties
name: {{ include "common.fullname" . }}-springapp-conf
@@ -412,6 +475,9 @@ spec:
- name: {{ include "common.fullname" . }}-aaf-certs
secret:
secretName: {{ include "common.fullname" . }}-aaf-keys
+ - name: aai-common-aai-auth-mount
+ secret:
+ secretName: aai-common-aai-auth
- name: {{ include "common.fullname" . }}-springapp-conf
configMap:
name: {{ include "common.fullname" . }}-springapp-configmap
diff --git a/kubernetes/aai/requirements.yaml b/kubernetes/aai/requirements.yaml
index 8ac927b65e..01f6f1a9aa 100644
--- a/kubernetes/aai/requirements.yaml
+++ b/kubernetes/aai/requirements.yaml
@@ -14,7 +14,7 @@
dependencies:
- name: common
- version: ~3.0.0
+ version: ~4.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
diff --git a/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/truststoreONAPall.jks b/kubernetes/aai/resources/config/auth/truststoreONAPall.jks
index ff844b109d..ff844b109d 100644
--- a/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/truststoreONAPall.jks
+++ b/kubernetes/aai/resources/config/auth/truststoreONAPall.jks
Binary files differ
diff --git a/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/resources/config/fproxy/auth/client-cert.p12
index 7a4979a7a3..7a4979a7a3 100644
--- a/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/client-cert.p12
+++ b/kubernetes/aai/resources/config/fproxy/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/resources/config/fproxy/auth/fproxy_truststore b/kubernetes/aai/resources/config/fproxy/auth/fproxy_truststore
new file mode 100644
index 0000000000..f6ebc75ed8
--- /dev/null
+++ b/kubernetes/aai/resources/config/fproxy/auth/fproxy_truststore
Binary files differ
diff --git a/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/resources/config/fproxy/auth/tomcat_keystore
index 9eec841aa2..9eec841aa2 100644
--- a/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/tomcat_keystore
+++ b/kubernetes/aai/resources/config/fproxy/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/resources/config/rproxy/auth/client-cert.p12
index dbf4fcacec..dbf4fcacec 100644
--- a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/client-cert.p12
+++ b/kubernetes/aai/resources/config/rproxy/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/resources/config/rproxy/auth/org.onap.aai.p12 b/kubernetes/aai/resources/config/rproxy/auth/org.onap.aai.p12
new file mode 100644
index 0000000000..023e2eaac6
--- /dev/null
+++ b/kubernetes/aai/resources/config/rproxy/auth/org.onap.aai.p12
Binary files differ
diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/resources/config/rproxy/auth/tomcat_keystore
index 99129c145f..99129c145f 100644
--- a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/tomcat_keystore
+++ b/kubernetes/aai/resources/config/rproxy/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/aai/resources/config/rproxy/security/keyfile b/kubernetes/aai/resources/config/rproxy/security/keyfile
new file mode 100644
index 0000000000..3416d4a737
--- /dev/null
+++ b/kubernetes/aai/resources/config/rproxy/security/keyfile
@@ -0,0 +1,27 @@
+2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf
+jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm
+4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe
+moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf
+GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT
+74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh
+iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb
+p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt
+3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW
+hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7
+RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX
+xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk
+8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q
+ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i
+5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe
+GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE
+_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k
+zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf
+S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU
+LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw
+hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W
+nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP
+bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN
+JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk
+Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y
+J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP
+mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF \ No newline at end of file
diff --git a/kubernetes/aai/templates/configmap.yaml b/kubernetes/aai/templates/configmap.yaml
index a23ed5fdc7..651bf8dbba 100644
--- a/kubernetes/aai/templates/configmap.yaml
+++ b/kubernetes/aai/templates/configmap.yaml
@@ -72,4 +72,32 @@ type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/aai/*").AsSecrets . | indent 2 }}
-
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-fproxy-auth-certs
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/fproxy/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-rproxy-auth-certs
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/rproxy/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-rproxy-security-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/rproxy/security/*").AsSecrets . | indent 2 }}
+{{ end }} \ No newline at end of file
diff --git a/kubernetes/aai/templates/secret.yaml b/kubernetes/aai/templates/secret.yaml
new file mode 100644
index 0000000000..8d00a9d41c
--- /dev/null
+++ b/kubernetes/aai/templates/secret.yaml
@@ -0,0 +1,22 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-common-aai-auth
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }}