6 files changed, 41 insertions, 10 deletions

diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
index 28fcee1551..93d2b67cc9 100644
--- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
+++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
@@ -182,6 +182,13 @@ if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then
 			echo
 		done
 
+		file_env 'PORTAL_DB_TABLES'
+		for i in $(echo $PORTAL_DB_TABLES | sed "s/,/ /g")
+			do
+			    echo "Granting portal user ALL PRIVILEGES for table $i"
+					echo "GRANT ALL ON \`$i\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
+			done
+
 		if ! kill -s TERM "$pid" || ! wait "$pid"; then
 			echo >&2 'MySQL init process failed.'
 			exit 1
@@ -193,4 +200,4 @@ if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then
 	fi
 fi
 
-exec "$@"
\ No newline at end of file
+exec "$@"
diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql
index 7502e9322a..1e2806759f 100644
--- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql
+++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql
@@ -23,7 +23,7 @@ while the OOM K8s version has these service split up.
 */
 -- app_url is the FE, app_rest_endpoint is the BE
 --portal-sdk => TODO: doesn't open a node port yet
-update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
+update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8443/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
 --dmaap-bc => the dmaap-bc doesn't open a node port..
 update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl';
 --sdc-be => 8443:30204
@@ -74,6 +74,9 @@ update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS
 -- aai sparky
 update fn_app set app_username='aaiui', app_password='4LK69amiIFtuzcl6Gsv97Tt7MLhzo03aoOx7dTvdjKQ=', ueb_key='ueb_key_7' where app_id = 7;
 
+-- Disabled Policy APP
+UPDATE fn_app fa SET fa.enabled = 'N' WHERE app_name = 'Policy';
+
 
 /*
 Replace spaces with underscores for role names to match AAF role names
diff --git a/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml b/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml
index ec6cc50634..196a2d1ad4 100644
--- a/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml
@@ -69,6 +69,18 @@ spec:
                 secretKeyRef:
                   name: {{ template "common.fullname" . }}
                   key: db-root-password
+            - name: MYSQL_USER
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "common.fullname" . }}
+                  key: backend-db-user
+            - name: MYSQL_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "common.fullname" . }}
+                  key: backend-db-password
+            - name: PORTAL_DB_TABLES
+              value: {{ .Values.config.backend_portal_tables }}
           volumeMounts:
           - mountPath: /var/lib/mysql
             name: mariadb-data
diff --git a/kubernetes/portal/components/portal-mariadb/templates/job.yaml b/kubernetes/portal/components/portal-mariadb/templates/job.yaml
index 812dc66a23..b05b9208cc 100644
--- a/kubernetes/portal/components/portal-mariadb/templates/job.yaml
+++ b/kubernetes/portal/components/portal-mariadb/templates/job.yaml
@@ -33,10 +33,10 @@ spec:
       restartPolicy: Never
       initContainers:
       - name: {{ include "common.name" . }}-init-readiness
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
-        - /root/ready.py
+        - /app/ready.py
         args:
         - --container-name
         - {{ include "common.name" . }}
@@ -48,7 +48,7 @@ spec:
               fieldPath: metadata.namespace
       containers:
       - name: {{ include "common.name" . }}-job
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.mariadbInitImage }}"
+        image: "{{ include "common.repository" . }}/{{ .Values.mariadbInitImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         env:
         - name: DB_HOST
@@ -61,7 +61,7 @@ spec:
         - name: SQL_SRC_DIR
           value: {{ .Values.config.sqlSourceDirectory }}
       - name: {{ include "common.name" . }}-oom-update-job
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.mariadbInitImage }}"
+        image: "{{ include "common.repository" . }}/{{ .Values.mariadbInitImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         env:
         - name: DB_HOST
@@ -72,7 +72,9 @@ spec:
           value: "{{ .Values.service.internalPort }}"
         - name: DB_PASS
           valueFrom:
-            secretKeyRef: {name: {{ include "common.fullname" . }}, key: db-root-password}
+            secretKeyRef:
+              name: {{ include "common.fullname" . }}
+              key: db-root-password
         command:
         - /bin/sh
         - -x
diff --git a/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml b/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml
index ad1db77298..4415c5ebd0 100644
--- a/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml
+++ b/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml
@@ -26,3 +26,6 @@ metadata:
 type: Opaque
 data:
   db-root-password: {{ .Values.config.mariadbRootPassword | b64enc | quote }}
+stringData:
+  backend-db-user: {{ .Values.config.backendDbUser }}
+  backend-db-password: {{ .Values.config.backendDbPassword }}
diff --git a/kubernetes/portal/components/portal-mariadb/values.yaml b/kubernetes/portal/components/portal-mariadb/values.yaml
index 40b1775ae9..fc1eca881d 100644
--- a/kubernetes/portal/components/portal-mariadb/values.yaml
+++ b/kubernetes/portal/components/portal-mariadb/values.yaml
@@ -19,8 +19,7 @@
 global: # global defaults
   nodePortPrefix: 302
   persistence: {}
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.0
+  readinessImage: onap/oom/readiness:3.0.1
   busyBoxImage: busybox:1.30
   busyBoxRepository: docker.io
 
@@ -30,12 +29,17 @@ image: onap/portal-db:3.2.3
 pullPolicy: Always
 
 
-mariadbInitImage: "mariadb-client-init:3.0.0"
+mariadbInitImage: "oomk8s/mariadb-client-init:3.0.0"
 
 # application configuration
 config:
   mariadbUser: root
   mariadbRootPassword: Aa123456
+  backendDbUser: portal
+  backendDbPassword: portal
+  #backend_portal_tables is a comma delimited string listing back-end tables
+  #that backendDbUser needs access to, such as to portal and ecomp_sdk tables
+  backend_portal_tables: portal,ecomp_sdk
   #The directory where sql files are found in the projects gerrit repo.
   sqlSourceDirectory: portal/deliveries
   # sdc frontend assignment for port 9443