5 files changed, 73 insertions, 18 deletions
diff --git a/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml
index dee73abd41..ea61f502f2 100755
--- a/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml
@@ -37,12 +37,14 @@ server:
 mso:
   site-name: localSite
   logPath: ./logs/vfc
+  config:
+    cadi: {{ include "cadi.keys" . | nindent 8}}
   msb-ip: msb-iag.{{ include "common.namespace" . }}
   msb-port: 80
   adapters:
     requestDb:
       endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083
-      auth: Basic YnBlbDpwYXNzd29yZDEk
+      auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
 #Actuator
 management:
   security:
diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-vfc-adapter/templates/configmap.yaml
index d873beb62c..b57205223e 100755
--- a/kubernetes/so/charts/so-vfc-adapter/templates/configmap.yaml
+++ b/kubernetes/so/charts/so-vfc-adapter/templates/configmap.yaml
@@ -15,6 +15,7 @@ apiVersion: v1
 data:
   LOG_PATH: {{ index .Values.logPath }}
   APP: {{ index .Values.app }}
+  ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
 kind: ConfigMap
 metadata:
   name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml
index 931a89516b..2addd7b184 100755
--- a/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml
@@ -34,7 +34,7 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
-      initContainers:
+      initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
       - command:
         - /root/job_complete.py
         args:
@@ -66,30 +66,34 @@ spec:
               name: {{ include "common.release" . }}-so-db-secrets
               key: mariadb.readwrite.port
         - name: DB_USERNAME
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.readwrite.rolename
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
         - name: DB_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.readwrite.password
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
         - name: DB_ADMIN_USERNAME
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+        - name: DB_ADMIN_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+         {{- if eq .Values.global.security.aaf.enabled true }}
+        - name: TRUSTSTORE
+          value: /app/org.onap.so.trust.jks
+        - name: TRUSTSTORE_PASSWORD
           valueFrom:
             secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.admin.rolename
-        - name: DB_ADMIN_PASSWORD
+              name: {{ .Release.Name}}-so-client-certs-secret
+              key: trustStorePassword
+        - name: KEYSTORE
+          value: /app/org.onap.so.jks
+        - name: KEYSTORE_PASSWORD
           valueFrom:
             secretKeyRef:
-              name: {{ include "common.release" . }}-so-db-secrets
-              key: mariadb.admin.password
+              name: {{ .Release.Name}}-so-client-certs-secret
+              key: keyStorePassword
+        {{- end }}
         envFrom:
         - configMapRef:
             name: {{ include "common.fullname" . }}-configmap
         imagePullPolicy:  {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        volumeMounts:
+        volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
         - name: logs
           mountPath: /app/logs
         - name: config
@@ -109,7 +113,7 @@ spec:
         - containerPort: {{ index .Values.containerPort }}
           name: {{ .Values.service.portName }}
           protocol: TCP
-      volumes:
+      volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
       - name: logs
         emptyDir: {}
       - name: config
diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/secret.yaml b/kubernetes/so/charts/so-vfc-adapter/templates/secret.yaml
new file mode 100644
index 0000000000..bd7eb8ea40
--- /dev/null
+++ b/kubernetes/so/charts/so-vfc-adapter/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-vfc-adapter/values.yaml b/kubernetes/so/charts/so-vfc-adapter/values.yaml
index b15a67ffe8..aa4923a9bd 100755
--- a/kubernetes/so/charts/so-vfc-adapter/values.yaml
+++ b/kubernetes/so/charts/so-vfc-adapter/values.yaml
@@ -24,12 +24,45 @@ global:
     mountPath: /dockerdata-nfs
 
 #################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: db-user-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+    login: '{{ .Values.db.userName }}'
+    password: '{{ .Values.db.userPassword }}'
+    passwordPolicy: required
+  - uid: db-admin-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+    login: '{{ .Values.db.adminName }}'
+    password: '{{ .Values.db.adminPassword }}'
+    passwordPolicy: required
+  - uid: "so-onap-certs"
+    externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+    type: generic
+    filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+#  - 'my file 1'
+#  - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
 # Application configuration defaults.
 #################################################################
 repository: nexus3.onap.org:10001
-image: onap/so/vfc-adapter:1.5.3
+image: onap/so/vfc-adapter:1.6.0
 pullPolicy: Always
 
+db:
+  userName: so_user
+  userPassword: so_User123
+  # userCredsExternalSecret: some secret
+  adminName: so_admin
+  adminPassword: so_Admin123
+  # adminCredsExternalSecret: some secret
+
 replicaCount: 1
 minReadySeconds: 10
 containerPort: 8084