From a9a41d84026f059aae70f9042c0b99af5b72e619 Mon Sep 17 00:00:00 2001 From: Sylvain Desbureaux Date: Tue, 16 Feb 2021 11:08:25 +0100 Subject: [AAI][SPARKY] Automatically retrieve certs Instead of using hardcoded certificates, use certInitializer in order to retrieve them automatically. Issue-ID: OOM-2683 Signed-off-by: Sylvain Desbureaux Change-Id: I63ce5d1bb2e9c287729425f2fd7146e7b69c33f7 --- .../aai/components/aai-sparky-be/requirements.yaml | 3 + .../config/application-oxm-default.properties | 18 -- .../config/application-oxm-override.properties | 18 -- .../config/application-oxm-schema-prod.properties | 30 ---- .../config/application-resources.properties | 22 --- .../resources/config/application-ssl.properties | 22 --- .../resources/config/application-sync.properties | 6 - .../resources/config/application.properties | 37 ---- .../application/application-oxm-default.properties | 18 ++ .../application-oxm-override.properties | 18 ++ .../application-oxm-schema-prod.properties | 30 ++++ .../application/application-resources.properties | 25 +++ .../config/application/application-ssl.properties | 22 +++ .../config/application/application-sync.properties | 6 + .../config/application/application.properties | 37 ++++ .../resources/config/application/logback.xml | 187 +++++++++++++++++++++ .../resources/config/application/roles.config | 22 +++ .../resources/config/application/users.config | 20 +++ .../resources/config/auth/client-cert-onap.p12 | Bin 4117 -> 0 bytes .../resources/config/auth/org.onap.aai.p12 | Bin 4347 -> 0 bytes .../portal/BOOT-INF/classes/portal.properties | 2 +- .../resources/config/portal/cadi.properties | 14 +- .../aai-sparky-be/resources/config/roles.config | 22 --- .../aai-sparky-be/resources/config/users.config | 20 --- .../aai-sparky-be/templates/configmap.yaml | 21 +-- .../aai-sparky-be/templates/deployment.yaml | 118 ++++++------- .../aai/components/aai-sparky-be/values.yaml | 45 ++++- 27 files changed, 497 insertions(+), 286 deletions(-) delete mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties delete mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties delete mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties delete mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties delete mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties delete mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties delete mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application.properties create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-default.properties create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-override.properties create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application/application-sync.properties create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application/roles.config create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config delete mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12 delete mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12 delete mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/roles.config delete mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/users.config diff --git a/kubernetes/aai/components/aai-sparky-be/requirements.yaml b/kubernetes/aai/components/aai-sparky-be/requirements.yaml index 42641a2e5c..498f1b837d 100644 --- a/kubernetes/aai/components/aai-sparky-be/requirements.yaml +++ b/kubernetes/aai/components/aai-sparky-be/requirements.yaml @@ -21,6 +21,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: certInitializer + version: ~7.x-0 + repository: '@local' - name: repositoryGenerator version: ~7.x-0 repository: '@local' \ No newline at end of file diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties deleted file mode 100644 index 084f6e46bc..0000000000 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -oxm.apiVersion=v14 -oxm.apiVersionList=v8,v9,v10,v11,v12,v13,v14 \ No newline at end of file diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties deleted file mode 100644 index 4465fb3e11..0000000000 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -oxm.apiVersionOverride=v14 -oxm.apiVersionList=v8,v9,v10,v11,v12,v13,v14 \ No newline at end of file diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties deleted file mode 100644 index 094c815744..0000000000 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties +++ /dev/null @@ -1,30 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -oxm.schemaNodeDir=/opt/app/sparky/onap/oxm -#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config -oxm.schemaServiceTranslatorList=config -# The end point for onap is https://:/onap/schema-service/v1/ -oxm.schemaServiceBaseUrl=https:///aai/schema-service/v1/ -oxm.schemaServiceKeystore=file:${CONFIG_HOME}/auth/aai-client-cert.p12 -oxm.schemaServiceTruststore=file:${CONFIG_HOME}/auth/tomcat_keystore -oxm.schemaServiceKeystorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o -oxm.schemaServiceTruststorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o - - - -# Schema Service need this variable for the time being -spring.applicationName=sparky diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties deleted file mode 100644 index 59c0349b06..0000000000 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties +++ /dev/null @@ -1,22 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -resources.hostname=aai -resources.port=8443 -resources.authType=SSL_BASIC -resources.basicAuthUserName=aai@aai.onap.org -resources.basicAuthPassword=1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek -resources.trust-store=tomcat_keystore diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties deleted file mode 100644 index 26565bb1a0..0000000000 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties +++ /dev/null @@ -1,22 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -server.port=8000 -server.ssl.key-store=file:${CONFIG_HOME}/auth/org.onap.aai.p12 -server.ssl.key-store-password=OBF:1cqc1l4h1qhu1j751p3j1kmy1ncw1o6g1hf418571g7i1d9r1dan1ga8185f1hfy1o461ncu1kjo1p671j7x1qjg1l8t1cne -server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 -server.ssl.trust-store=file:${CONFIG_HOME}/auth/truststoreONAPall.jks -server.ssl.trust-store-password=OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties deleted file mode 100644 index 4fb10a21f7..0000000000 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties +++ /dev/null @@ -1,6 +0,0 @@ -aggregationSyncEnabled=true -historicalEntitySyncEnabled=true -autoSuggestSyncEnabled=true -vnfAliasSyncEnabled=true -geoSyncEnabled=true -viewInspectSyncEnabled=true \ No newline at end of file diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties deleted file mode 100644 index 1ae00d95c4..0000000000 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties +++ /dev/null @@ -1,37 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# -# disable the default thyme leaf icon on web-pages -# -*/}} -spring.mvc.favicon.enabled=false - -# -# to switch to http, remove ssl and put http -# and in the values.yaml change the internalPort to 9517 -# - -spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,portal,aai-proxy - -portal.cadiFileLocation={{.Values.config.cadiFileLocation}} -portal.cadiFileLocation={{.Values.config.cadiFileLocation}} -searchservice.hostname={{.Values.global.searchData.serviceName}} -searchservice.port=9509 -searchservice.client-cert=client-cert-onap.p12 -searchservice.client-cert-password=1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 -searchservice.truststore=tomcat_keystore - -schema.ingest.file=${CONFIG_HOME}/schemaIngest.properties diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-default.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-default.properties new file mode 100644 index 0000000000..084f6e46bc --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-default.properties @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +oxm.apiVersion=v14 +oxm.apiVersionList=v8,v9,v10,v11,v12,v13,v14 \ No newline at end of file diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-override.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-override.properties new file mode 100644 index 0000000000..4465fb3e11 --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-override.properties @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +oxm.apiVersionOverride=v14 +oxm.apiVersionList=v8,v9,v10,v11,v12,v13,v14 \ No newline at end of file diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties new file mode 100644 index 0000000000..b6c5f68368 --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties @@ -0,0 +1,30 @@ +{{/* +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +oxm.schemaNodeDir=/opt/app/sparky/onap/oxm +#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config +oxm.schemaServiceTranslatorList=config +# The end point for onap is https://:/onap/schema-service/v1/ +oxm.schemaServiceBaseUrl=https:///aai/schema-service/v1/ +oxm.schemaServiceKeystore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +oxm.schemaServiceTruststore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +oxm.schemaServiceKeystorePassword=${KEYSTORE_PASSWORD} +oxm.schemaServiceTruststorePassword=${KEYSTORE_PASSWORD} + + + +# Schema Service need this variable for the time being +spring.applicationName=sparky diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties new file mode 100644 index 0000000000..2143bf8902 --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties @@ -0,0 +1,25 @@ +{{/* +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +resources.hostname=aai +resources.port=8443 +resources.authType=SSL_BASIC +resources.basicAuthUserName=aai@aai.onap.org +resources.basicAuthPassword=1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek +resources.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +resources.trust-store-password=${TRUSTSTORE_PASSWORD} +resources.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +resources.client-cert-password=${KEYSTORE_PASSWORD} \ No newline at end of file diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties new file mode 100644 index 0000000000..073e9d318a --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties @@ -0,0 +1,22 @@ +{{/* +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +server.port=8000 +server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +server.ssl.key-store-password=${KEYSTORE_PASSWORD} +server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 +server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +server.ssl.trust-store-password=${KEYSTORE_PASSWORD} diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-sync.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-sync.properties new file mode 100644 index 0000000000..4fb10a21f7 --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-sync.properties @@ -0,0 +1,6 @@ +aggregationSyncEnabled=true +historicalEntitySyncEnabled=true +autoSuggestSyncEnabled=true +vnfAliasSyncEnabled=true +geoSyncEnabled=true +viewInspectSyncEnabled=true \ No newline at end of file diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties new file mode 100644 index 0000000000..a9e5908ec7 --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties @@ -0,0 +1,37 @@ +{{/* +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# disable the default thyme leaf icon on web-pages +# +*/}} +spring.mvc.favicon.enabled=false + +# +# to switch to http, remove ssl and put http +# and in the values.yaml change the internalPort to 9517 +# + +spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,portal,aai-proxy + +portal.cadiFileLocation={{.Values.config.cadiFileLocation}} +searchservice.hostname={{.Values.global.searchData.serviceName}} +searchservice.port=9509 +searchservice.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +searchservice.client-cert-password=${KEYSTORE_PASSWORD} +searchservice.truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +searchservice.truststore-password=${TRUSTSTORE_PASSWORD} + +schema.ingest.file=${CONFIG_HOME}/schemaIngest.properties diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml b/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml new file mode 100644 index 0000000000..cd5338f5b3 --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml @@ -0,0 +1,187 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + ${errorLogPattern} + + + + + + + + + + + ${logDirectory}/${generalLogName}.log + + ${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + ${errorLogPattern} + + + + + + INFO + + 256 + + + + + + + + ${logDirectory}/${auditLogName}.log + + ${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + ${auditMetricPattern} + + + + 256 + + + + + ${logDirectory}/${metricsLogName}.log + + ${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + + ${auditMetricPattern} + + + + + + 256 + + + + + ${logDirectory}/${debugLogName}.log + + ${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + ${errorLogPattern} + + + + + 256 + + false + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/roles.config b/kubernetes/aai/components/aai-sparky-be/resources/config/application/roles.config new file mode 100644 index 0000000000..df41395058 --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/roles.config @@ -0,0 +1,22 @@ +{{/* +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +[ + { + "id":1, + "name":"View" + } +] diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config b/kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config new file mode 100644 index 0000000000..ce69e88918 --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config @@ -0,0 +1,20 @@ +[{ + "orgId": null, + "managerId": null, + "firstName": "Demo", + "middleInitial": null, + "lastName": "User", + "phone": null, + "email": "demo@email.com", + "hrid": null, + "orgUserId": "demo", + "orgCode": null, + "orgManagerUserId": null, + "jobTitle": null, + "loginId": "demo", + "active": false, + "roles": [{ + "id": 1, + "name": "View" + }] +}] \ No newline at end of file diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12 b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12 deleted file mode 100644 index aa4ae74272..0000000000 Binary files a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12 and /dev/null differ diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12 b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12 deleted file mode 100644 index b2449c6a54..0000000000 Binary files a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12 and /dev/null differ diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties index 2592e5ca7c..7a0fb8250b 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties @@ -46,4 +46,4 @@ ext_req_connection_timeout=15000 ext_req_read_timeout=20000 #Add AAF namespace if the app is centralized -auth_namespace={{.Values.config.aafNamespace}} +auth_namespace={{ .Values.certInitializer.fqi_namespace }} diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties index 1f154b6101..baefd9806b 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties @@ -6,14 +6,18 @@ aaf_url=<%=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 # AAF Environment Designation #if you are running aaf service from a docker image you have to use aaf service IP and port number -aaf_id={{.Values.config.aafUsername}} +aaf_id={{ .Values.certInitializer.fqi }} #Encrypt the password using AAF Jar -aaf_password={{.Values.config.aafPassword}} +aaf_password={{ .Values.certInitializer.aafDeployPass }} # Sample CADI Properties, from CADI 1.4.2 #hostname=org.onap.aai.orr csp_domain=PROD # Add Absolute path to Keyfile -cadi_keyfile={{.Values.config.cadiKeyFile}} +cadi_keyfile={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.keyfile +cadi_keystore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +cadi_keystore_password=${KEYSTORE_PASSWORD} + +cadi_alias={{ .Values.certInitializer.fqi }} # This is required to accept Certificate Authentication from Certman certificates. # can be TEST, IST or PROD @@ -23,9 +27,9 @@ aaf_env=DEV cadi_loglevel=DEBUG # Add Absolute path to truststore2018.jks -cadi_truststore={{.Values.config.cadiTrustStore}} +cadi_truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks # Note: This is the ONLY password that doesn't have to be encrypted. All Java's TrustStores are this passcode by default, because they are public certs -cadi_truststore_password={{.Values.config.cadiTrustStorePassword}} +cadi_truststore_password=${TRUSTSTORE_PASSWORD} # how to turn on SSL Logging #javax.net.debug=ssl diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/roles.config b/kubernetes/aai/components/aai-sparky-be/resources/config/roles.config deleted file mode 100644 index df41395058..0000000000 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/roles.config +++ /dev/null @@ -1,22 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -[ - { - "id":1, - "name":"View" - } -] diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/users.config b/kubernetes/aai/components/aai-sparky-be/resources/config/users.config deleted file mode 100644 index ce69e88918..0000000000 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/users.config +++ /dev/null @@ -1,20 +0,0 @@ -[{ - "orgId": null, - "managerId": null, - "firstName": "Demo", - "middleInitial": null, - "lastName": "User", - "phone": null, - "email": "demo@email.com", - "hrid": null, - "orgUserId": "demo", - "orgCode": null, - "orgManagerUserId": null, - "jobTitle": null, - "loginId": "demo", - "active": false, - "roles": [{ - "id": 1, - "name": "View" - }] -}] \ No newline at end of file diff --git a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml index 162e96b0dc..fee07d8acf 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml @@ -14,25 +14,6 @@ # limitations under the License. */}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-prop - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/application-resources.properties").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/application-ssl.properties").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/application-oxm-default.properties").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/application-oxm-override.properties").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/application-oxm-schema-prod.properties").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/roles.config").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/users.config").AsConfig . | indent 2 }} --- apiVersion: v1 kind: ConfigMap @@ -45,7 +26,7 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application/*").AsConfig . | indent 2 }} --- apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml index 6e74526ddc..51d577ba91 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml @@ -38,7 +38,29 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + - command: + - sh + args: + - -c + - | + echo "*** retrieve Truststore and Keystore password" + export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \ + | xargs -0) + echo "*** write them in portal part" + cd /config-input + for PFILE in `ls -1 .` + do + envsubst <${PFILE} >/config/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + - mountPath: /config-input + name: portal-config-input + - mountPath: /config + name: portal-config + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config - command: - /app/ready.py args: @@ -57,68 +79,56 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - volumeMounts: + command: + - sh + args: + - -c + - | + echo "*** retrieve Truststore and Keystore password" + export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \ + | xargs -0) + echo "*** actual launch of AAI Sparky BE" + /opt/app/sparky/bin/start.sh + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /opt/app/sparky/config/auth/client-cert-onap.p12 - name: {{ include "common.fullname" . }}-auth-config - subPath: client-cert-onap.p12 - - mountPath: /opt/app/sparky/config/auth/csp-cookie-filter.properties - name: {{ include "common.fullname" . }}-auth-config + name: auth-config subPath: csp-cookie-filter.properties - - - mountPath: /opt/app/sparky/config/auth/org.onap.aai.p12 - name: {{ include "common.fullname" . }}-auth-config - subPath: org.onap.aai.p12 - - - mountPath: /opt/app/sparky/config/auth/truststoreONAPall.jks - name: aai-common-aai-auth-mount - subPath: truststoreONAPall.jks - - mountPath: /opt/app/sparky/config/portal/ - name: {{ include "common.fullname" . }}-portal-config - + name: portal-config - mountPath: /opt/app/sparky/config/portal/BOOT-INF/classes/ - name: {{ include "common.fullname" . }}-portal-config-props - + name: portal-config-props - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs - + name: logs - mountPath: /opt/app/sparky/config/application.properties - name: {{ include "common.fullname" . }}-properties + name: config subPath: application.properties - - mountPath: /opt/app/sparky/config/application-resources.properties - name: {{ include "common.fullname" . }}-properties + name: config subPath: application-resources.properties - - mountPath: /opt/app/sparky/config/application-ssl.properties - name: {{ include "common.fullname" . }}-properties + name: config subPath: application-ssl.properties - - mountPath: /opt/app/sparky/config/application-oxm-default.properties - name: {{ include "common.fullname" . }}-properties + name: config subPath: application-oxm-default.properties - - mountPath: /opt/app/sparky/config/application-oxm-override.properties - name: {{ include "common.fullname" . }}-properties + name: config subPath: application-oxm-override.properties - - mountPath: /opt/app/sparky/config/application-oxm-schema-prod.properties - name: {{ include "common.fullname" . }}-properties + name: config subPath: application-oxm-schema-prod.properties - - mountPath: /opt/app/sparky/config/roles.config - name: {{ include "common.fullname" . }}-properties + name: config subPath: roles.config - - mountPath: /opt/app/sparky/config/users.config - name: {{ include "common.fullname" . }}-properties + name: config subPath: users.config - + - mountPath: /opt/app/sparky/config/logging/logback.xml + name: config + subPath: logback.xml ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -155,45 +165,35 @@ spec: subPath: filebeat.yml name: filebeat-conf - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs + name: logs - mountPath: /usr/share/filebeat/data name: aai-sparky-filebeat resources: {{ include "common.resources" . }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: path: /etc/localtime - - - name: {{ include "common.fullname" . }}-properties - configMap: - name: {{ include "common.fullname" . }}-prop - - - name: {{ include "common.fullname" . }}-config + - name: config configMap: name: {{ include "common.fullname" . }} - - - name: {{ include "common.fullname" . }}-portal-config + - name: portal-config + emptyDir: + medium: Memory + - name: portal-config-input configMap: name: {{ include "common.fullname" . }}-portal - - - name: {{ include "common.fullname" . }}-portal-config-props + - name: portal-config-props configMap: name: {{ include "common.fullname" . }}-portal-props - - - name: {{ include "common.fullname" . }}-auth-config + - name: auth-config secret: secretName: {{ include "common.fullname" . }} - - - name: aai-common-aai-auth-mount - secret: - secretName: aai-common-aai-auth - - name: filebeat-conf configMap: name: aai-filebeat - - name: {{ include "common.fullname" . }}-logs + - name: logs emptyDir: {} - name: aai-sparky-filebeat emptyDir: {} diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml index ed21030dc8..147feb13c8 100644 --- a/kubernetes/aai/components/aai-sparky-be/values.yaml +++ b/kubernetes/aai/components/aai-sparky-be/values.yaml @@ -27,6 +27,45 @@ global: # global defaults searchData: serviceName: aai-search-data + +################################################################# +# Certificate configuration +################################################################# +certInitializer: + nameOverride: aai-sparky-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: "aai" + app_ns: "org.osaaf.aaf" + fqi_namespace: "org.onap.aai" + fqi: "aai@aai.onap.org" + public_fqdn: "aaf.osaaf.org" + cadi_longitude: "0.0" + cadi_latitude: "0.0" + credsPath: /opt/app/osaaf/local + aaf_add_config: | + echo "*** changing passwords into shell safe ones" + export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export TRUSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + cd {{ .Values.credsPath }} + keytool -storepasswd -new "${KEYSTORE_PASSWD}" \ + -storepass "${cadi_keystore_password_jks}" \ + -keystore {{ .Values.fqi_namespace }}.jks + keytool -storepasswd -new "${TRUSTORE_PASSWD}" \ + -storepass "${cadi_truststore_password}" \ + -keystore {{ .Values.fqi_namespace }}.trust.jks + echo "*** set key password as same password as keystore password" + keytool -keypasswd -new "${KEYSTORE_PASSWD}" \ + -keystore {{ .Values.fqi_namespace }}.jks \ + -keypass "${cadi_keystore_password_jks}" \ + -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }} + echo "*** save the generated passwords" + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop + echo "TRUSTSTORE_PASSWORD=${TRUSTORE_PASSWD}" >> mycreds.prop + echo "*** change ownership of certificates to targeted user" + chown -R 1000 {{ .Values.credsPath }} + # application image image: onap/sparky-be:2.0.2 pullPolicy: Always @@ -44,13 +83,7 @@ config: portalPassword: OBF:1t2v1vfv1unz1vgz1t3b portalCookieName: UserId portalAppRoles: ui_view - aafUsername: aai@aai.onap.org - aafNamespace: org.onap.aai - aafPassword: enc:xxYw1FqXU5UpianbPeH5Rezg0YfjzuwQrSiLcCmJGfz - cadiKeyFile: /opt/app/sparky/config/portal/keyFile - cadiTrustStore: /opt/app/sparky/config/auth/truststoreONAPall.jks cadiFileLocation: /opt/app/sparky/config/portal/cadi.properties - cadiTrustStorePassword: changeit cookieDecryptorClass: org.onap.aai.sparky.security.BaseCookieDecryptor # ONAP Cookie Processing - During initial development, the following flag, if true, will -- cgit 1.2.3-korg