diff options
Diffstat (limited to 'kubernetes/policy')
30 files changed, 365 insertions, 565 deletions
diff --git a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf index 1598a8ff3f..90248b8836 100644 --- a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf +++ b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf @@ -63,5 +63,5 @@ BRMS_UEB_API_KEY= BRMS_UEB_API_SECRET= #Dependency.json file version -BRMS_DEPENDENCY_VERSION=1.6.0 -BRMS_MODELS_DEPENDENCY_VERSION=2.2.2 +BRMS_DEPENDENCY_VERSION=1.6.3 +BRMS_MODELS_DEPENDENCY_VERSION=2.2.5 diff --git a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml index 95446b24bb..8d9863784f 100644 --- a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml +++ b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml @@ -36,7 +36,7 @@ spec: - sh args: - -c - - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done" + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done" env: - name: JDBC_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} @@ -55,10 +55,14 @@ spec: - name: REPOSITORY_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }} volumeMounts: - - mountPath: /config-input + - mountPath: /config-input/pe + name: pe-input + - mountPath: /config-input/pe-brmsgw + name: pe-brmsgw-input + - mountPath: /config/pe name: pe - - mountPath: /config - name: pe-processed + - mountPath: /config/pe-brmsgw + name: pe-brmsgw image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config @@ -101,7 +105,6 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }} - name: REPOSITORY_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }} - volumeMounts: ports: - containerPort: {{ .Values.service.externalPort }} {{- if eq .Values.liveness.enabled true }} @@ -127,7 +130,7 @@ spec: name: pe-brmsgw subPath: brmsgw.conf - mountPath: /tmp/policy-install/config/base.conf - name: pe-processed + name: pe subPath: base.conf - mountPath: /tmp/policy-install/do-start.sh name: pe-scripts @@ -146,7 +149,7 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: pe + - name: pe-input configMap: name: {{ include "common.release" . }}-pe-configmap defaultMode: 0755 @@ -154,11 +157,14 @@ spec: configMap: name: {{ include "common.release" . }}-pe-scripts-configmap defaultMode: 0777 - - name: pe-brmsgw + - name: pe-brmsgw-input configMap: name: {{ include "common.fullname" . }}-pe-configmap defaultMode: 0755 - - name: pe-processed + - name: pe + emptyDir: + medium: Memory + - name: pe-brmsgw emptyDir: medium: Memory imagePullSecrets: diff --git a/kubernetes/policy/charts/brmsgw/values.yaml b/kubernetes/policy/charts/brmsgw/values.yaml index ee47b4a4c3..b906e46468 100644 --- a/kubernetes/policy/charts/brmsgw/values.yaml +++ b/kubernetes/policy/charts/brmsgw/values.yaml @@ -56,7 +56,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.6.2 +image: onap/policy-pe:1.6.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/charts/drools/values.yaml index 05f7c1b0a8..3552b2e2f6 100644 --- a/kubernetes/policy/charts/drools/values.yaml +++ b/kubernetes/policy/charts/drools/values.yaml @@ -40,7 +40,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pdpd-cl:1.6.1 +image: onap/policy-pdpd-cl:1.6.3 pullPolicy: Always # flag to enable debugging - application support required @@ -82,7 +82,7 @@ ingress: # Default installation values to be overridden server: - jvmOpts: -server -Xms1024m -Xmx2048m + jvmOpts: -server -XshowSettings:vm aaf: enabled: "false" diff --git a/kubernetes/policy/charts/pap/resources/config/config.json b/kubernetes/policy/charts/pap/resources/config/config.json index 544ecdfc32..5c02ce0f12 100644 --- a/kubernetes/policy/charts/pap/resources/config/config.json +++ b/kubernetes/policy/charts/pap/resources/config/config.json @@ -20,8 +20,8 @@ "restServerParameters":{ "host":"0.0.0.0", "port":6969, - "userName":"healthcheck", - "password":"zb!XztG34", + "userName":"${RESTSERVER_USER}", + "password":"${RESTSERVER_PASSWORD}", "https": true, "aaf": false }, @@ -69,8 +69,8 @@ "clientName": "api", "hostname": "policy-api", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34", + "userName": "${API_USER}", + "password": "${API_PASSWORD}", "useHttps": true, "basePath": "policy/api/v1/healthcheck" }, @@ -78,8 +78,8 @@ "clientName": "distribution", "hostname": "policy-distribution", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34", + "userName": "${DISTRIBUTION_USER}", + "password": "${DISTRIBUTION_PASSWORD}", "useHttps": true, "basePath": "healthcheck" }] diff --git a/kubernetes/policy/charts/pap/templates/deployment.yaml b/kubernetes/policy/charts/pap/templates/deployment.yaml index 85ca9c1486..39ac8a81ec 100644 --- a/kubernetes/policy/charts/pap/templates/deployment.yaml +++ b/kubernetes/policy/charts/pap/templates/deployment.yaml @@ -42,6 +42,18 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: SQL_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} + - name: API_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "login") | indent 10 }} + - name: API_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "password") | indent 10 }} + - name: DISTRIBUTION_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }} + - name: DISTRIBUTION_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }} volumeMounts: - mountPath: /config-input name: papconfig diff --git a/kubernetes/policy/charts/pap/values.yaml b/kubernetes/policy/charts/pap/values.yaml index ad7cf96306..630b2055fa 100644 --- a/kubernetes/policy/charts/pap/values.yaml +++ b/kubernetes/policy/charts/pap/values.yaml @@ -34,13 +34,31 @@ secrets: login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required + - uid: restserver-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' + passwordPolicy: required + - uid: api-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.api.credsExternalSecret) . }}' + login: '{{ .Values.healthCheckRestClient.api.user }}' + password: '{{ .Values.healthCheckRestClient.api.password }}' + passwordPolicy: required + - uid: distribution-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}' + login: '{{ .Values.healthCheckRestClient.distribution.user }}' + password: '{{ .Values.healthCheckRestClient.distribution.password }}' + passwordPolicy: required ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pap:2.2.1 +image: onap/policy-pap:2.2.2 pullPolicy: Always # flag to enable debugging - application support required @@ -51,6 +69,16 @@ debugEnabled: false db: user: policy_user password: policy_user +restServer: + user: healthcheck + password: zb!XztG34 +healthCheckRestClient: + api: + user: healthcheck + password: zb!XztG34 + distribution: + user: healthcheck + password: zb!XztG34 # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf index 52480e59ff..bb12880ca7 100644 --- a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf +++ b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf @@ -39,10 +39,10 @@ REST_PDP_REGISTER_RETRIES=-1 REST_PDP_MAXCONTENT=999999999 # PDP related properties -PDP_HTTP_USER_ID=testpdp -PDP_HTTP_PASSWORD=alpha123 -PDP_PAP_PDP_HTTP_USER_ID=testpap -PDP_PAP_PDP_HTTP_PASSWORD=alpha123 +PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID} +PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD} +PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID} +PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD} node_type=pdp_xacml resource_name=pdp_1 diff --git a/kubernetes/policy/charts/pdp/templates/statefulset.yaml b/kubernetes/policy/charts/pdp/templates/statefulset.yaml index e55f9d0987..b70b04b023 100644 --- a/kubernetes/policy/charts/pdp/templates/statefulset.yaml +++ b/kubernetes/policy/charts/pdp/templates/statefulset.yaml @@ -40,17 +40,29 @@ spec: - sh args: - -c - - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done" + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done" env: - name: JDBC_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: JDBC_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: PDP_HTTP_USER_ID + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }} + - name: PDP_HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }} + - name: PDP_PAP_PDP_HTTP_USER_ID + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }} + - name: PDP_PAP_PDP_HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }} volumeMounts: - - mountPath: /config-input + - mountPath: /config-input/pe + name: pe-input + - mountPath: /config-input/pe-pdp + name: pe-pdp-input + - mountPath: /config/pe name: pe - - mountPath: /config - name: pe-processed + - mountPath: /config/pe-pdp + name: pe-pdp image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config @@ -102,10 +114,10 @@ spec: name: localtime readOnly: true - mountPath: /tmp/policy-install/config/base.conf - name: pe-processed + name: pe subPath: base.conf - mountPath: /tmp/policy-install/config/pdp-tweaks.sh - name: pe-pdp + name: pe-pdp-input subPath: pdp-tweaks.sh - mountPath: /tmp/policy-install/config/pdplp.conf name: pe-pdp @@ -150,7 +162,7 @@ spec: - name: policy-logback configMap: name: {{ include "common.fullname" . }}-log-configmap - - name: pe + - name: pe-input configMap: name: {{ include "common.release" . }}-pe-configmap defaultMode: 0755 @@ -158,11 +170,14 @@ spec: configMap: name: {{ include "common.release" . }}-pe-scripts-configmap defaultMode: 0777 - - name: pe-pdp + - name: pe-pdp-input configMap: name: {{ include "common.fullname" . }}-pe-configmap defaultMode: 0755 - - name: pe-processed + - name: pe + emptyDir: + medium: Memory + - name: pe-pdp emptyDir: medium: Memory imagePullSecrets: diff --git a/kubernetes/policy/charts/pdp/values.yaml b/kubernetes/policy/charts/pdp/values.yaml index 7b5f6f8ac9..fa6c141c1c 100644 --- a/kubernetes/policy/charts/pdp/values.yaml +++ b/kubernetes/policy/charts/pdp/values.yaml @@ -33,13 +33,25 @@ secrets: login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required + - uid: pdp-http-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}' + login: '{{ .Values.pdp.pdphttpuserid }}' + password: '{{ .Values.pdp.pdphttppassword }}' + passwordPolicy: required + - uid: pap-http-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}' + login: '{{ .Values.pap.pdppappdphttpuserid }}' + password: '{{ .Values.pap.pdppappdphttppassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.6.2 +image: onap/policy-pe:1.6.3 pullPolicy: Always # flag to enable debugging - application support required @@ -50,6 +62,12 @@ debugEnabled: false db: user: policy_user password: policy_user +pdp: + pdphttpuserid: testpdp + pdphttppassword: alpha123 +pap: + pdppappdphttpuserid: testpap + pdppappdphttppassword: alpha123 config: papPort: 9091 diff --git a/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json index 3b6813d3e3..767d1452cc 100644 --- a/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json +++ b/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json @@ -3,8 +3,8 @@ "restServerParameters": { "host": "0.0.0.0", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34", + "userName": "${RESTSERVER_USER}", + "password": "${RESTSERVER_PASSWORD}", "https": true }, "pdpStatusParameters":{ diff --git a/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json b/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json index 57542c3510..5df0a26596 100644 --- a/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json +++ b/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json @@ -18,7 +18,7 @@ { "javaProperties" : [ ["javax.net.ssl.trustStore", "/opt/app/policy/apex-pdp/etc/ssl/policy-truststore"], - ["javax.net.ssl.trustStorePassword", "UG9sMWN5XzBuYXA="] + ["javax.net.ssl.trustStorePassword", "${TRUSTSTORE_PASSWORD_BASE64}"] ], "engineServiceParameters": { "name": "MyApexEngine", diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/secrets.yaml b/kubernetes/policy/charts/policy-apex-pdp/templates/secrets.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/policy/charts/policy-apex-pdp/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml index 4d35509d9a..35f8aacb40 100644 --- a/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml @@ -38,6 +38,27 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: + initContainers: + - command: + - sh + args: + - -c + - "export TRUSTSTORE_PASSWORD_BASE64=`echo -n ${TRUSTSTORE_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: TRUSTSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 10 }} + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: apexconfig-input + - mountPath: /config + name: apexconfig + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -87,9 +108,12 @@ spec: path: /etc/localtime - name: policy-logs emptyDir: {} - - name: apexconfig + - name: apexconfig-input configMap: name: {{ include "common.fullname" . }}-configmap defaultMode: 0755 + - name: apexconfig + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/policy-apex-pdp/values.yaml b/kubernetes/policy/charts/policy-apex-pdp/values.yaml index 1fdc215ff7..8730c9ef29 100644 --- a/kubernetes/policy/charts/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/charts/policy-apex-pdp/values.yaml @@ -25,6 +25,21 @@ global: persistence: {} ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: restserver-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' + - uid: truststore-pass + type: password + externalSecret: '{{ tpl (default "" .Values.truststore.passwordExternalSecret) . }}' + password: '{{ .Values.truststore.password }}' + policy: required + +################################################################# # Application configuration defaults. ################################################################# # application image @@ -37,6 +52,12 @@ debugEnabled: false # application configuration +restServer: + user: healthcheck + password: zb!XztG34 +truststore: + password: Pol1cy_0nap + # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/charts/policy-api/resources/config/config.json b/kubernetes/policy/charts/policy-api/resources/config/config.json index 2e46ccae96..fba7e6ce12 100644 --- a/kubernetes/policy/charts/policy-api/resources/config/config.json +++ b/kubernetes/policy/charts/policy-api/resources/config/config.json @@ -20,8 +20,8 @@ "restServerParameters":{ "host":"0.0.0.0", "port":6969, - "userName":"healthcheck", - "password":"zb!XztG34", + "userName":"${RESTSERVER_USER}", + "password":"${RESTSERVER_PASSWORD}", "https": true, "aaf": false }, diff --git a/kubernetes/policy/charts/policy-api/templates/deployment.yaml b/kubernetes/policy/charts/policy-api/templates/deployment.yaml index 777cc4954d..e1f699eccf 100644 --- a/kubernetes/policy/charts/policy-api/templates/deployment.yaml +++ b/kubernetes/policy/charts/policy-api/templates/deployment.yaml @@ -39,9 +39,13 @@ spec: - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - name: SQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }} - name: SQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }} + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 12 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 12 }} volumeMounts: - mountPath: /config-input name: apiconfig diff --git a/kubernetes/policy/charts/policy-api/values.yaml b/kubernetes/policy/charts/policy-api/values.yaml index 2e31f6b2ef..906e86ad38 100644 --- a/kubernetes/policy/charts/policy-api/values.yaml +++ b/kubernetes/policy/charts/policy-api/values.yaml @@ -28,19 +28,25 @@ global: # Secrets metaconfig ################################################################# secrets: - - uid: db-secret + - uid: db-creds type: basicAuth externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required + - uid: restserver-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' + passwordPolicy: required ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-api:2.2.2 +image: onap/policy-api:2.2.3 pullPolicy: Always # flag to enable debugging - application support required @@ -50,6 +56,9 @@ debugEnabled: false db: user: policy_user password: policy_user +restServer: + user: healthcheck + password: zb!XztG34 # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh index 0e473105a2..ee427af678 100644 --- a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh +++ b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh @@ -1,4 +1,7 @@ +#!/bin/bash + # Copyright © 2017 Amdocs, Bell Canada, AT&T +# Modifications Copyright © 2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,7 +15,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -#!/bin/bash # Script to configure and start the Policy components that are to run in the designated container, # It is intended to be used as the entrypoint in the Dockerfile, so the last statement of the @@ -65,7 +67,7 @@ else fi if [[ -f config/policy-truststore ]]; then - cp -f config/policy-truststore $[POLICY_HOME]/etc/ssl + cp -f config/policy-truststore $POLICY_HOME/etc/ssl fi if [[ -f config/$container-tweaks.sh ]] ; then @@ -95,13 +97,4 @@ else fi policy.sh start - -# on pap, wait for pap, pdp, brmsgw, nexus and drools up, -# then push the initial default policies -if [[ $container == pap ]]; then - # wait addional 1 minute for all processes to get fully initialized and synched up - sleep 60 - bash -xv config/push-policies.sh -fi - sleep 1000d diff --git a/kubernetes/policy/charts/policy-distribution/resources/config/config.json b/kubernetes/policy/charts/policy-distribution/resources/config/config.json index 906263343a..4c42ed2353 100644 --- a/kubernetes/policy/charts/policy-distribution/resources/config/config.json +++ b/kubernetes/policy/charts/policy-distribution/resources/config/config.json @@ -21,8 +21,8 @@ "restServerParameters":{ "host":"0.0.0.0", "port":6969, - "userName":"healthcheck", - "password":"zb!XztG34", + "userName":"${RESTSERVER_USER}", + "password":"${RESTSERVER_PASSWORD}", "https":true }, "receptionHandlerParameters":{ @@ -61,8 +61,8 @@ "messageBusAddress": [ "message-router" ], - "user": "policy", - "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U", + "user": "${SDCBE_USER}", + "password": "${SDCBE_PASSWORD}", "pollingInterval":20, "pollingTimeout":30, "consumerId": "policy-id", @@ -107,14 +107,14 @@ "apiParameters": { "hostName": "policy-api", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34" + "userName": "${API_USER}", + "password": "${API_PASSWORD}" }, "papParameters": { "hostName": "policy-pap", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34" + "userName": "${PAP_USER}", + "password": "${PAP_PASSWORD}" }, "isHttps": true, "deployPolicies": true diff --git a/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml b/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml index 65961d8f8b..b3b017acd3 100644 --- a/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml +++ b/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml @@ -16,6 +16,37 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }} + - name: API_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "apiparameters-creds" "key" "login") | indent 10 }} + - name: API_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "apiparameters-creds" "key" "password") | indent 10 }} + - name: PAP_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "papparameters-creds" "key" "login") | indent 10 }} + - name: PAP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "papparameters-creds" "key" "password") | indent 10 }} + - name: SDCBE_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdcbe-creds" "key" "login") | indent 10 }} + - name: SDCBE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdcbe-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: distributionconfig-input + - mountPath: /config + name: distributionconfig + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -58,9 +89,12 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: distributionconfig + - name: distributionconfig-input configMap: name: {{ include "common.fullname" . }}-configmap defaultMode: 0755 + - name: distributionconfig + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/policy-distribution/templates/secrets.yaml b/kubernetes/policy/charts/policy-distribution/templates/secrets.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/policy/charts/policy-distribution/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/charts/policy-distribution/values.yaml b/kubernetes/policy/charts/policy-distribution/values.yaml index 835bfc4656..c8d24e5563 100644 --- a/kubernetes/policy/charts/policy-distribution/values.yaml +++ b/kubernetes/policy/charts/policy-distribution/values.yaml @@ -18,10 +18,40 @@ # ============LICENSE_END========================================================= ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: restserver-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' + passwordPolicy: required + - uid: apiparameters-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.apiParameters.credsExternalSecret) . }}' + login: '{{ .Values.apiParameters.user }}' + password: '{{ .Values.apiParameters.password }}' + passwordPolicy: required + - uid: papparameters-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.papParameters.credsExternalSecret) . }}' + login: '{{ .Values.papParameters.user }}' + password: '{{ .Values.papParameters.password }}' + passwordPolicy: required + - uid: sdcbe-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.sdcBe.credsExternalSecret) . }}' + login: '{{ .Values.sdcBe.user }}' + password: '{{ .Values.sdcBe.password }}' + passwordPolicy: required + +################################################################# # Global configuration defaults. ################################################################# global: persistence: {} + envsubstImage: dibi/envsubst ################################################################# # Application configuration defaults. @@ -36,6 +66,19 @@ debugEnabled: false # application configuration +restServer: + user: healthcheck + password: zb!XztG34 +apiParameters: + user: healthcheck + password: zb!XztG34 +papParameters: + user: healthcheck + password: zb!XztG34 +sdcBe: + user: policy + password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json index a52cc0f6d4..3b72d8ed90 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json +++ b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json @@ -21,16 +21,16 @@ "restServerParameters": { "host": "0.0.0.0", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34", + "userName": "${RESTSERVER_USER}", + "password": "${RESTSERVER_PASSWORD}", "https": true, "aaf": false }, "policyApiParameters": { "host": "policy-api", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34", + "userName": "${API_USER}", + "password": "${API_PASSWORD}", "https": true, "aaf": false }, diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties index f2c2cd7765..c7e4ad197e 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties +++ b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties @@ -50,4 +50,4 @@ xacml.pip.engines=count-recent-operations,get-operation-outcome javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/operationshistory javax.persistence.jdbc.user=${SQL_USER} -javax.persistence.jdbc.password=${SQL_PASSWORD} +javax.persistence.jdbc.password=${SQL_PASSWORD_BASE64} diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml index 5b02c177b5..bd126b810b 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml @@ -31,17 +31,38 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + - command: + - sh + args: + - -c + - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }} + - name: API_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "login") | indent 10 }} + - name: API_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "password") | indent 10 }} + - name: SQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: SQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: pdpxconfig + - mountPath: /config + name: pdpxconfig-processed + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"] args: ["/opt/app/policy/pdpx/etc/mounted/config.json"] - env: - - name: SQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} - - name: SQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -63,7 +84,9 @@ spec: name: localtime readOnly: true - mountPath: /opt/app/policy/pdpx/etc/mounted - name: pdpxconfig + name: pdpxconfig-processed + emptyDir: + medium: Memory resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -82,5 +105,8 @@ spec: configMap: name: {{ include "common.fullname" . }}-configmap defaultMode: 0755 + - name: pdpxconfig-processed + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml index a2c0aa0e63..63f50fd7fa 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml @@ -21,6 +21,7 @@ ################################################################# global: persistence: {} + envsubstImage: dibi/envsubst ################################################################# # Secrets metaconfig @@ -32,6 +33,18 @@ secrets: login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required + - uid: restserver-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' + passwordPolicy: required + - uid: api-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.apiServer.credsExternalSecret) . }}' + login: '{{ .Values.apiServer.user }}' + password: '{{ .Values.apiServer.password }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -49,6 +62,12 @@ debugEnabled: false db: user: policy_user password: policy_user +restServer: + user: healthcheck + password: zb!XztG34 +apiServer: + user: healthcheck + password: zb!XztG34 # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/resources/config/pe/push-policies.sh b/kubernetes/policy/resources/config/pe/push-policies.sh deleted file mode 100644 index ec8c914c17..0000000000 --- a/kubernetes/policy/resources/config/pe/push-policies.sh +++ /dev/null @@ -1,485 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# Modifications Copyright © 2018-2019 AT&T. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#! /bin/bash - -# forked from https://gerrit.onap.org/r/gitweb?p=policy/docker.git;a=blob;f=config/pe/push-policies.sh;h=555ab357e6b4f54237bf07ef5e6777d782564bc0;hb=refs/heads/amsterdam and adapted for OOM - -#########################################Upload BRMS Param Template########################################## - -echo "Upload BRMS Param Template" - -sleep 2 - -wget -O cl-amsterdam-template.drl https://git.onap.org/policy/drools-applications/plain/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl - -sleep 2 - -curl -k -v --silent -X POST --header 'Content-Type: multipart/form-data' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -F "file=@cl-amsterdam-template.drl" -F "importParametersJson={\"serviceName\":\"ClosedLoopControlName\",\"serviceType\":\"BRMSPARAM\"}" 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/policyEngineImport' - -echo "PRELOAD_POLICIES is $PRELOAD_POLICIES" - -if [ "$PRELOAD_POLICIES" == "false" ]; then - exit 0 -fi - -#########################################Create BRMS Param policies########################################## - -echo "Create BRMSParam Operational Policies" - -sleep 2 - -echo "Create BRMSParamvFirewall Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamvFirewall", - "policyDescription": "BRMS Param vFirewall policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller" : "amsterdam" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", - "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a%0D%0A++trigger_policy%3A+unique-policy-id-1-modifyConfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-modifyConfig%0D%0A++++name%3A+modify+packet+gen+config%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+TBD+-+Cannot+be+known+until+instantiation+is+done%0D%0A++++++resourceID%3A+Eace933104d443b496b8.nodes.heat.vpg%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Create BRMSParamvDNS Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamvDNS", - "policyDescription": "BRMS Param vDNS policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller" : "amsterdam" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3", - "controlLoopYaml": "controlLoop%3A%0A++version%3A+2.0.0%0A++controlLoopName%3A+ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3%0A++trigger_policy%3A+unique-policy-id-1-scale-up%0A++timeout%3A+1200%0A++abatement%3A+false%0Apolicies%3A%0A++-+id%3A+unique-policy-id-1-scale-up%0A++++name%3A+Create+a+new+VF+Module%0A++++description%3A%0A++++actor%3A+SO%0A++++recipe%3A+VF+Module+Create%0A++++target%3A%0A++++++type%3A+VNF%0A++++payload%3A%0A++++++requestParameters%3A+%27%7B%22usePreload%22%3Atrue%2C%22userParams%22%3A%5B%5D%7D%27%0A++++++configurationParameters%3A+%27%5B%7B%22ip-addr%22%3A%22%24.vf-module-topology.vf-module-parameters.param%5B9%5D%22%2C%22oam-ip-addr%22%3A%22%24.vf-module-topology.vf-module-parameters.param%5B16%5D%22%2C%22enabled%22%3A%22%24.vf-module-topology.vf-module-parameters.param%5B23%5D%22%7D%5D%27%0A++++retry%3A+0%0A++++timeout%3A+1200%0A++++success%3A+final_success%0A++++failure%3A+final_failure%0A++++failure_timeout%3A+final_failure_timeout%0A++++failure_retries%3A+final_failure_retries%0A++++failure_exception%3A+final_failure_exception%0A++++failure_guard%3A+final_failure_guard" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Create BRMSParamVOLTE Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamVOLTE", - "policyDescription": "BRMS Param VOLTE policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller" : "amsterdam" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b", - "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b%0D%0A++trigger_policy%3A+unique-policy-id-1-restart%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-restart%0D%0A++++name%3A+Restart+the+VM%0D%0A++++description%3A%0D%0A++++actor%3A+VFC%0D%0A++++recipe%3A+Restart%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Create BRMSParamvCPE Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamvCPE", - "policyDescription": "BRMS Param vCPE policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller" : "amsterdam" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e", - "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e%0D%0A++trigger_policy%3A+unique-policy-id-1-restart%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+true%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-restart%0D%0A++++name%3A+Restart+the+VM%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+Restart%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Create BRMSParamvPCI Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamvPCI", - "policyDescription": "BRMS Param vPCI policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller" : "casablanca" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459", - "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+3.0.0%0D%0A++controlLoopName%3A+ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459%0D%0A++trigger_policy%3A+unique-policy-id-123-modifyconfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-123-modifyconfig%0D%0A++++name%3A+modify+PCI+config%0D%0A++++description%3A%0D%0A++++actor%3A+SDNR%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+These+fields+are+not+used%0D%0A++++++resourceID%3A+Eace933104d443b496b8.nodes.heat.vpg%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Create BRMSParamCCVPN Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamCCVPN", - "policyDescription": "BRMS Param CCVPN policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller" : "amsterdam" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-CCVPN-2179b738-fd36-4843-a71a-a8c24c70c66b", - "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-CCVPN-2179b738-fd36-4843-a71a-a8c24c70c66b%0D%0A++trigger_policy%3A+unique-policy-id-16-Reroute%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-16-Reroute%0D%0A++++name%3A+Connectivity Reroute%0D%0A++++description%3A%0D%0A++++actor%3A+SDNC%0D%0A++++recipe%3A+Reroute%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -#########################################Create Micro Service Config policies########################################## - -echo "Create MicroService Config Policies" - -sleep 2 - -echo "Create MicroServicevFirewall Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevFirewall\", \"description\": \"MicroService vFirewall Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vFirewallBroadcastPackets\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 300, \"direction\": \"LESS_OR_EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ONSET\" }, { \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 700, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" } ] }] } } }", - "policyConfigType": "MicroService", - "policyName": "com.MicroServicevFirewall", - "onapName": "DCAE" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - - -sleep 2 - -echo "Create MicroServicevDNS Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevDNS\", \"description\": \"MicroService vDNS Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vLoadBalancer\", \"controlLoopSchemaType\": \"VM\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 300, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" }] }] } } }", - "policyConfigType": "MicroService", - "policyName": "com.MicroServicevDNS", - "onapName": "DCAE" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - - -sleep 2 - -echo "Create MicroServicevCPE Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevCPE\", \"description\": \"MicroService vCPE Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"Measurement_vGMUX\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value\", \"thresholdValue\": 0, \"direction\": \"EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ABATED\" }, { \"closedLoopControlName\": \"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value\", \"thresholdValue\": 0, \"direction\": \"GREATER\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" }] }] } } }", - "policyConfigType": "MicroService", - "policyName": "com.MicroServicevCPE", - "onapName": "DCAE" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -#########################################Create SDNC Naming Policies########################################## - -echo "Create Generic SDNC Naming Policy for VNF" - -sleep 2 - -echo "Create SDNC vFW Naming Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "configBody": "{ \"service\": \"SDNC-GenerateName\", \"version\": \"CSIT\", \"content\": { \"policy-instance-name\": \"ONAP_VNF_NAMING_TIMESTAMP\", \"naming-models\": [ { \"naming-properties\": [ { \"property-name\": \"AIC_CLOUD_REGION\" }, { \"property-name\": \"CONSTANT\", \"property-value\": \"ONAP-NF\" }, { \"property-name\": \"TIMESTAMP\" }, { \"property-value\": \"_\", \"property-name\": \"DELIMITER\" } ], \"naming-type\": \"VNF\", \"naming-recipe\": \"AIC_CLOUD_REGION|DELIMITER|CONSTANT|DELIMITER|TIMESTAMP\" }, { \"naming-properties\": [ { \"property-name\": \"VNF_NAME\" }, { \"property-name\": \"SEQUENCE\", \"increment-sequence\": { \"max\": \"zzz\", \"scope\": \"ENTIRETY\", \"start-value\": \"001\", \"length\": \"3\", \"increment\": \"1\", \"sequence-type\": \"alpha-numeric\" } }, { \"property-name\": \"NFC_NAMING_CODE\" }, { \"property-value\": \"_\", \"property-name\": \"DELIMITER\" } ], \"naming-type\": \"VNFC\", \"naming-recipe\": \"VNF_NAME|DELIMITER|NFC_NAMING_CODE|DELIMITER|SEQUENCE\" }, { \"naming-properties\": [ { \"property-name\": \"VNF_NAME\" }, { \"property-value\": \"_\", \"property-name\": \"DELIMITER\" }, { \"property-name\": \"VF_MODULE_LABEL\" }, { \"property-name\": \"VF_MODULE_TYPE\" }, { \"property-name\": \"SEQUENCE\", \"increment-sequence\": { \"max\": \"zzz\", \"scope\": \"PRECEEDING\", \"start-value\": \"01\", \"length\": \"3\", \"increment\": \"1\", \"sequence-type\": \"alpha-numeric\" } } ], \"naming-type\": \"VF-MODULE\", \"naming-recipe\": \"VNF_NAME|DELIMITER|VF_MODULE_LABEL|DELIMITER|VF_MODULE_TYPE|DELIMITER|SEQUENCE\" } ] } }", - "policyName": "SDNC_Policy.ONAP_VNF_NAMING_TIMESTAMP", - "policyConfigType": "MicroService", - "onapName": "SDNC", - "riskLevel": "4", - "riskType": "test", - "guard": "false", - "priority": "4", - "description": "ONAP_VNF_NAMING_TIMESTAMP" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -#########################################Creating OOF PCI Policies########################################## -sleep 2 - -echo "Create MicroServicevPCI Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation_pci\", \"uuid\": \"test_pci\", \"policyName\": \"MicroServicevPCI\", \"description\": \"MicroService vPCI Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vFirewallBroadcastPackets\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.executePolicy\", \"thresholdValue\": 1, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ONSET\" } ] }] } } }", - "policyConfigType": "MicroService", - "policyName": "com.MicroServicevPCI", - "onapName": "DCAE" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Create PCI MS Config Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyName": "com.PCIMS_CONFIG_POLICY", - "configBody": "{ \"PCI_NEIGHBOR_CHANGE_CLUSTER_TIMEOUT_IN_SECS\":60, \"PCI_MODCONFIG_POLICY_NAME\":\"ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459\", \"PCI_OPTMIZATION_ALGO_CATEGORY_IN_OOF\":\"OOF-PCI-OPTIMIZATION\", \"PCI_SDNR_TARGET_NAME\":\"SDNR\" }", - "policyType": "Config", - "attributes" : { "matching" : { "key1" : "value1" } }, - "policyConfigType": "Base", - "onapName": "DCAE", - "configName": "PCIMS_CONFIG_POLICY", - "configBodyType": "JSON" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Create OOF Config Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyName": "com.OOF_PCI_CONFIG_POLICY", - "configBody": "{ \"ALGO_CATEGORY\":\"OOF-PCI-OPTIMIZATION\", \"PCI_OPTMIZATION_ALGO_NAME\":\"OOF-PCI-OPTIMIZATION-LEVEL1\", \"PCI_OPTIMIZATION_NW_CONSTRAINT\":\"MAX5PCICHANGESONLY\", \"PCI_OPTIMIZATION_PRIORITY\": 2, \"PCI_OPTIMIZATION_TIME_CONSTRAINT\":\"ONLYATNIGHT\" }", - "attributes" : { "matching" : { "key1" : "value1" } }, - "policyType": "Config", - "policyConfigType": "Base", - "onapName": "DCAE", - "configName": "OOF_PCI_CONFIG_POLICY", - "configBodyType": "JSON" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -#########################################Creating Decision Guard policies######################################### - -sleep 2 - -echo "Creating Decision Guard policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyClass": "Decision", - "policyName": "com.AllPermitGuard", - "policyDescription": "Testing all Permit YAML Guard Policy", - "onapName": "PDPD", - "ruleProvider": "GUARD_YAML", - "attributes": { - "MATCHING": { - "actor": ".*", - "recipe": ".*", - "targets": ".*", - "clname": ".*", - "limit": "10", - "timeWindow": "1", - "timeUnits": "minute", - "guardActiveStart": "00:00:01-05:00", - "guardActiveEnd": "23:59:59-05:00" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Creating Decision vDNS Guard - Frequency Limiter policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyClass": "Decision", - "policyName": "com.vDNS_Frequency", - "policyDescription": "Limit vDNS Scale Up over time period", - "onapName": "PDPD", - "ruleProvider": "GUARD_YAML", - "attributes": { - "MATCHING": { - "actor": "SO", - "recipe": "scaleOut", - "targets": ".*", - "clname": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3", - "limit": "1", - "timeWindow": "10", - "timeUnits": "minute", - "guardActiveStart": "00:00:01-05:00", - "guardActiveEnd": "23:59:59-05:00" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Creating Decision vDNS Guard - Min/Max policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyClass": "Decision", - "policyName": "com.vDNS_MinMax", - "policyDescription": "Ensure number of instances within a range", - "onapName": "SampleDemo", - "ruleProvider": "GUARD_MIN_MAX", - "attributes": { - "MATCHING": { - "actor": "SO", - "recipe": "scaleOut", - "targets": ".*", - "clname": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3", - "min": "1", - "max": "5", - "guardActiveStart": "00:00:01-05:00", - "guardActiveEnd": "23:59:59-05:00" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -#########################################Push Decision policy######################################### - -sleep 2 - -echo "Push Decision policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.AllPermitGuard", - "policyType": "DECISION" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 2 - -echo "Push Decision policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.vDNS_Frequency", - "policyType": "DECISION" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 2 - -echo "Push Decision policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.vDNS_MinMax", - "policyType": "DECISION" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -#########################################Pushing BRMS Param policies########################################## - -echo "Pushing BRMSParam Operational policies" - -sleep 2 - -echo "pushPolicy : PUT : com.BRMSParamvFirewall" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamvFirewall", - "policyType": "BRMS_Param" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 2 - -echo "pushPolicy : PUT : com.BRMSParamvDNS" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamvDNS", - "policyType": "BRMS_Param" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 2 - -echo "pushPolicy : PUT : com.BRMSParamVOLTE" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamVOLTE", - "policyType": "BRMS_Param" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 2 - -echo "pushPolicy : PUT : com.BRMSParamvCPE" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamvCPE", - "policyType": "BRMS_Param" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 2 - -echo "pushPolicy : PUT : com.BRMSParamvPCI" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamvPCI", - "policyType": "BRMS_Param" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 2 - -echo "pushPolicy : PUT : com.BRMSParamCCVPN" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamCCVPN", - "policyType": "BRMS_Param" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -#########################################Pushing MicroService Config policies########################################## - -echo "Pushing MicroService Config policies" - -sleep 2 - -echo "pushPolicy : PUT : com.MicroServicevFirewall" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.MicroServicevFirewall", - "policyType": "MicroService" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 10 - -echo "pushPolicy : PUT : com.MicroServicevDNS" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.MicroServicevDNS", - "policyType": "MicroService" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 10 - -echo "pushPolicy : PUT : com.MicroServicevCPE" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.MicroServicevCPE", - "policyType": "MicroService" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -#########################################Pushing SDNC Naming Policies########################################## -echo "Pushing SDNC Naming Policies" - -sleep 2 - -echo "pushPolicy : PUT : SDNC_Policy.ONAP_VNF_NAMING_TIMESTAMP" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "SDNC_Policy.ONAP_VNF_NAMING_TIMESTAMP", - "policyType": "MicroService" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -#########################################Pushing OOF PCI Policies########################################## -sleep 10 - -echo "pushPolicy : PUT : com.MicroServicevPCI" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.MicroServicevPCI", - "policyType": "MicroService" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 10 - -echo "pushPolicy : PUT : com.PCIMS_CONFIG_POLICY" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.PCIMS_CONFIG_POLICY", - "policyType": "Base" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 10 - -echo "pushPolicy : PUT : com.OOF_PCI_CONFIG_POLICY" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.OOF_PCI_CONFIG_POLICY", - "policyType": "Base" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' diff --git a/kubernetes/policy/templates/deployment.yaml b/kubernetes/policy/templates/deployment.yaml index 7f96888ec8..fec565fb59 100644 --- a/kubernetes/policy/templates/deployment.yaml +++ b/kubernetes/policy/templates/deployment.yaml @@ -96,9 +96,6 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /tmp/policy-install/config/push-policies.sh - name: pe-pap - subPath: push-policies.sh - mountPath: /tmp/policy-install/config/pap-tweaks.sh name: pe-pap subPath: pap-tweaks.sh diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 3a2b1f1f96..f283d9042f 100644 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -67,7 +67,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.6.2 +image: onap/policy-pe:1.6.3 mariadb_image: library/mariadb:10 pullPolicy: Always @@ -137,6 +137,12 @@ service: ingress: enabled: false + service: + - baseaddr: "policy.api" + name: "pap" + port: 8443 + config: + ssl: "redirect" mariadb-galera: # mariadb-galera.config and global.mariadb.config must be equals |