5 files changed, 87 insertions, 93 deletions

diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml
index 13507f9e37..c979d7de4a 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml
@@ -36,3 +36,6 @@ dependencies:
   - name: serviceAccount
     version: ~12.x-0
     repository: '@local'
+  - name: readinessCheck
+    version: ~12.x-0
+    repository: '@local'
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
index ee73ed583d..30df5df082 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
@@ -26,18 +26,6 @@ spring:
     user:
       name: ${RESTSERVER_USER}
       password: ${RESTSERVER_PASSWORD}
-  kafka:
-    consumer:
-      group-id: {{ .Values.config.kafka.consumer.groupId }}
-{{- if .Values.config.useStrimziKafka }}
-    bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-    security.protocol: SASL_PLAINTEXT
-    properties.sasl:
-      mechanism: SCRAM-SHA-512
-      jaas.config: ${JAASLOGIN}
-{{ else }}
-{{ toYaml .Values.config.eventConsumption | nindent 2 }}
-{{- end }}
 
 security:
   enable-csrf: false
@@ -52,50 +40,48 @@ participant:
     clampAutomationCompositionTopics:
       topicSources:
         -
-          topic: POLICY-ACRUNTIME-PARTICIPANT
+          useHttps: false
+          fetchTimeout: 15000
+          topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+          {{ if .Values.global.useStrimziKafka }}
+          topicCommInfrastructure: kafka
           servers:
-            - ${topicServer:message-router}
+            - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+          additionalProps:
+            group.id: {{ (first .Values.kafkaUser.acls).name }}
+            allow.auto.create.topics: false
+            security.protocol: SASL_PLAINTEXT
+            sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+            sasl.jaas.config: ${SASL_JAAS_CONFIG}
+          {{ else }}
           topicCommInfrastructure: dmaap
-          fetchTimeout: 15000
-          useHttps: "false"
+          servers:
+            - ${topicServer:message-router}
+          {{ end }}
       topicSinks:
         -
-          topic: POLICY-ACRUNTIME-PARTICIPANT
+          useHttps: false
+          fetchTimeout: 15000
+          topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+          {{ if .Values.global.useStrimziKafka }}
+          topicCommInfrastructure: kafka
           servers:
-            - ${topicServer:message-router}
+            - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+          additionalProps:
+            client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
+            security.protocol: SASL_PLAINTEXT
+            sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+            sasl.jaas.config: ${SASL_JAAS_CONFIG}
+          {{ else }}
           topicCommInfrastructure: dmaap
-          useHttps: "false"
+          servers:
+            - ${topicServer:message-router}
+          {{ end }}
     participantSupportedElementTypes:
       -
         typeName: org.onap.policy.clamp.acm.K8SMicroserviceAutomationCompositionElement
         typeVersion: 1.0.0
 
-# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
-#    clampAutomationCompositionTopics:
-#      topicSources:
-#        -
-#          topic: policy-acruntime-participant
-#          servers:
-#            - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-#          topicCommInfrastructure: kafka
-#          fetchTimeout: 15000
-#          useHttps: true
-#          additionalProps:
-#            security.protocol: SASL_PLAINTEXT
-#            sasl.mechanism: SCRAM-SHA-512
-#            sasl.jaas.config: ${JAASLOGIN}
-#      topicSinks:
-#        -
-#          topic: policy-acruntime-participant
-#          servers:
-#            - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-#          topicCommInfrastructure: kafka
-#          useHttps: true
-#          additionalProps:
-#            security.protocol: SASL_PLAINTEXT
-#            sasl.mechanism: SCRAM-SHA-512
-#            sasl.jaas.config: ${JAASLOGIN}
-
 management:
   endpoints:
     web:
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml
index f511723b9c..0baf6c73b3 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml
@@ -1,6 +1,6 @@
 {{/*
 #  ============LICENSE_START=======================================================
-#   Copyright (C) 2021-2022 Nordix Foundation.
+#   Copyright (C) 2021-2023 Nordix Foundation.
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -28,21 +28,8 @@ spec:
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
       initContainers:
-{{- if .Values.config.useStrimziKafka }}
-      - command:
-          - /app/ready.py
-        args:
-          - --container-name
-          - message-router
-        env:
-          - name: NAMESPACE
-            valueFrom:
-              fieldRef:
-                apiVersion: v1
-                fieldPath: metadata.namespace
-        image: {{ include "repositoryGenerator.image.readiness" . }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-readiness
+{{- if not .Values.global.useStrimziKafka }}
+{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
 {{- end }}
       - command:
         - sh
@@ -54,9 +41,12 @@ spec:
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
         - name: RESTSERVER_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.config.useStrimziKafka }}
-        - name: JAASLOGIN
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
+{{- if .Values.global.useStrimziKafka }}
+        - name: SASL_JAAS_CONFIG
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "common.name" . }}-ku
+              key: sasl.jaas.config
 {{- end }}
         volumeMounts:
         - mountPath: /config-input
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/kafkauser.yaml
new file mode 100644
index 0000000000..92184b8e85
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/kafkauser.yaml
@@ -0,0 +1,18 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkauser" . }}
+{{ end }}
\ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
index c76c934441..8682d147b4 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
@@ -1,5 +1,5 @@
 #  ============LICENSE_START=======================================================
-#  Copyright (C) 2021-2022 Nordix Foundation.
+#  Copyright (C) 2021-2023 Nordix Foundation.
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -22,7 +22,12 @@
 global:
   nodePortPrefixExt: 304
   persistence: {}
-  aafEnabled: true
+  aafEnabled: false
+  #Strimzi Kafka properties
+  useStrimziKafka: set-via-parent-chart-global-value
+  kafkaTopics:
+    acRuntimeTopic:
+      name: &acRuntimeTopic policy.clamp-runtime-acm
 
 #################################################################
 # Secrets metaconfig
@@ -44,13 +49,6 @@ secrets:
     externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
     password: '{{ .Values.certStores.trustStorePassword }}'
     passwordPolicy: required
-  - uid: policy-kafka-user
-    externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
-    type: genericKV
-    envs:
-      - name: sasl.jaas.config
-        value: '{{ .Values.config.someConfig }}'
-        policy: generate
 
 certStores:
   keyStorePassword: Pol1cy_0nap
@@ -82,6 +80,8 @@ certInitializer:
 image: onap/policy-clamp-ac-k8s-ppnt:6.4.1
 pullPolicy: Always
 
+componentName: &componentName policy-clamp-ac-k8s-ppnt
+
 # flag to enable debugging - application support required
 debugEnabled: false
 
@@ -112,7 +112,7 @@ readiness:
 
 service:
   type: ClusterIP
-  name: policy-clamp-ac-k8s-ppnt
+  name: *componentName
   useNodePortExt: true
   ports:
   - name: http-api
@@ -142,7 +142,7 @@ resources:
 
 #Pods Service Account
 serviceAccount:
-  nameOverride: policy-clamp-ac-k8s-ppnt
+  nameOverride: *componentName
   roles:
     - create
 # Update the config here for permitting repositories and protocols
@@ -161,26 +161,23 @@ repoList:
       - https
 
 config:
-# Event consumption (kafka) properties
-  useStrimziKafka: true
-  kafkaBootstrap: strimzi-kafka-bootstrap
-  kafka:
-    consumer:
-      groupId: policy-group
-  app:
-    listener:
-      acRuntimeTopic: policy-acruntime-participant
-# If targeting a custom kafka cluster, ie useStrimziKakfa: false
-# uncomment below config and target your kafka bootstrap servers,
-# along with any other security config.
-#
-# eventConsumption:
-#   spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
-#   spring.kafka.security.protocol: PLAINTEXT
-#   spring.kafka.consumer.group-id: policy-group
-#
 # Any new property can be added in the env by setting in overrides in the format mentioned below
 # All the added properties must be in "key: value" format instead of yaml.
 # additional:
 #   spring.config.max-size: 200
 #   spring.config.min-size: 10
+
+# Strimzi Kafka config
+kafkaUser:
+  authenticationType: scram-sha-512
+  acls:
+    - name: *componentName
+      type: group
+      operations: [Read]
+    - name: *acRuntimeTopic
+      type: topic
+      operations: [Read, Write]
+
+readinessCheck:
+  wait_for:
+    - message-router