From ef766403ef1436c9462c2c00da83a8b29fca3b53 Mon Sep 17 00:00:00 2001 From: Sylvain Desbureaux Date: Thu, 11 Feb 2021 18:12:46 +0100 Subject: [AAF] Give `identities.dat` to working deployments Today, `identities.dat` is put on cassandra deployment. But this file is actually needed by "working" deployments (at least certman and service) and not by cassandra. This patch removes it from cassandra deployments and add it to the other ones form "authz" family. Issue-ID: OOM-2678 Signed-off-by: Sylvain Desbureaux Change-Id: I2a4b68f73797cd6c369060481e169525829a4217 --- .../resources/cass-init-data/identities.dat | 82 ---------------------- .../components/aaf-cass/templates/configmap.yaml | 13 ---- .../components/aaf-cass/templates/deployment.yaml | 23 +----- .../aaf-templates/templates/_deployment.tpl | 7 ++ .../aaf-templates/templates/_initContainers.tpl | 10 ++- kubernetes/aaf/resources/data/identities.dat | 82 ++++++++++++++++++++++ kubernetes/aaf/templates/configmap.yaml | 15 +++- 7 files changed, 114 insertions(+), 118 deletions(-) delete mode 100644 kubernetes/aaf/components/aaf-cass/resources/cass-init-data/identities.dat create mode 100644 kubernetes/aaf/resources/data/identities.dat (limited to 'kubernetes/aaf') diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-data/identities.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-data/identities.dat deleted file mode 100644 index 7e976621df..0000000000 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-data/identities.dat +++ /dev/null @@ -1,82 +0,0 @@ -{{/* -# -# Sample Identities.dat -# This file is for use with the "Default Organization". It is a simple mechanism to have a basic ILM structure to use with -# out-of-the-box tire-kicking, or even for Small companies -# -# For Larger Companies, you will want to create a new class implementing the "Organization" interface, making calls to your ILM, or utilizing -# batch feeds, as is appropriate for your company. -# -# Example Field Layout. note, in this example, Application IDs and People IDs are mixed. You may want to split -# out AppIDs, choose your own status indicators, or whatever you use. -# 0 - unique ID -# 1 - full name -# 2 - first name -# 3 - last name -# 4 - phone -# 5 - official email -# 6 - employment status e=employee, c=contractor, a=application, n=no longer with company -# 7 - responsible to (i.e Supervisor for People, or AppOwner, if it's an App ID) -# -*/}} - -iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@people.osaaf.com|e| -mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@people.osaaf.com|e|iowna -bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.developer@people.osaaf.com|e|mmanager -mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@people.osaaf.com|e|mmanager -ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@people.osaaf.com|c|mmanager -iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@people.osaaf.com|n|mmanager - -# Portal Identities -portal|ONAP Portal Application|PORTAL|ONAP Application|314-123-1234|portal@people.osaaf.com|a|aaf_admin -shi|ONAP SHI Portal Identity|shi|Portal Application|314-123-1234|shi@people.osaaf.com|a|aaf_admin -demo|PORTAL DEMO|demo|PORTAL|DEMO|314-123-1234|demo@people.osaaf.com|e|aaf_admin -jh0003|PORTAL ADMIN|jh|PORTAL ADMIN|314-123-1234|jh0003@people.osaaf.com|e|aaf_admin -cs0008|PORTAL DESIGNER|cs|PORTAL DESIGNER|314-123-1234|cs0008@people.osaaf.com|e|aaf_admin -jm0007|PORTAL TESTER|jm|PORTAL TESTER|314-123-1234|jm0007@people.osaaf.com|e|aaf_admin -op0001|PORTAL OPS|op|PORTAL OPS|314-123-1234|op0001@people.osaaf.com|e|aaf_admin -gv0001|GV PORTAL|gv|PORTAL|314-123-1234|gv0001@people.osaaf.com|e|aaf_admin -pm0001|PM PORTAL|pm|PORTAL|314-123-1234|pm0001@people.osaaf.com|e|aaf_admin -gs0001|GS PORTAL|gs|PORTAL|314-123-1234|gs0001@people.osaaf.com|e|aaf_admin -ps0001|PS PORTAL|ps|PORTAL|314-123-1234|ps0001@people.osaaf.com|e|aaf_admin - -# AAF Defined Users -aaf_admin|AAF Administrator|Mr AAF|AAF Admin|314-123-1234|aaf_admin@people.osaaf.com|e|mmanager -deployer|Deployer|Deployer|Depoyer|314-123-1234|deployer@people.osaaf.com|e|aaf_admin - -# Requested Users -portal_admin|Portal Admin|Portal|Admin|314-123-1234|portal_admin@people.osaaf.com|e|mmanager - -# ONAP App IDs -aaf|AAF Application|AAF|Application|314-123-1234|no_reply@people.osaaf.com|a|aaf_admin -aaf-sms|AAF SMS Application|AAF SMS|Application|314-123-1234|no_reply@people.osaaf.com|a|aaf_admin -clamp|ONAP CLAMP Application|CLAMP|Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager -aai|ONAP AAI Application|AAI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager -appc|ONAP APPC Application|APPC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager -dcae|ONAP DCAE Application|CLAMP|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager -oof|ONAP OOF Application|OOF|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager -so|ONAP SO Application|SO|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager -sdc|ONAP SDC Application|SDC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager -sdnc|ONAP SDNC Application|SDNC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager -sdnc-cds|ONAP SDNC CDS Application|SDNC-CDS|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager -vfc|ONAP VFC Application|VNC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager -policy|ONAP Policy Application|POLICY|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager -pomba|ONAP Pomba Application|POMBA|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager -holmes|ONAP Holmes Application|HOLMES|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager -nbi|ONAP NBI Application|NBI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager -music|ONAP MUSIC Application|MUSIC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager -# VID Identities -vid|ONAP VID Application|VID|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager -vid1|ONAP VID Application 1|VID 1|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager -vid2|ONAP VID Application 2|VID 2|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager -# DMAAP Identities -dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager -dmaap-bc-topic-mgr|ONAP DMaap BC Topic Manager|DMaap BC Topic Manager|DMaap BC|314-123-1234|no_reply@people.osaaf.com|a|mmanager -dmaap-bc-mm-prov|ONAP DMaap BC Provisioning Manager|DMaap BC Provision Manager|DMaap BC|314-123-1234|no_reply@people.osaaf.com|a|mmanager -dmaap-dr|ONAP DMaap DR|Prov|DMaap DR|314-123-1234|no_reply@people.osaaf.com|a|mmanager -dmaap-dr-prov|ONAP DMaap DR Prov|Prov|DMaap MR|314-123-1234|no_reply@people.osaaf.com|a|mmanager -dmaap-dr-node|ONAP DMaap DR Node|Node|DMaap MR|314-123-1234|no_reply@people.osaaf.com|a|mmanager -dmaap-mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager -#deprecate these in El Alto -dmaapmr|ONAP DMaap MR Application|DMaap MR|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager -#dmaap.mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager diff --git a/kubernetes/aaf/components/aaf-cass/templates/configmap.yaml b/kubernetes/aaf/components/aaf-cass/templates/configmap.yaml index ebf09e75c5..a10bb8a7a1 100644 --- a/kubernetes/aaf/components/aaf-cass/templates/configmap.yaml +++ b/kubernetes/aaf/components/aaf-cass/templates/configmap.yaml @@ -30,16 +30,3 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/cass-init-dats/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-cass-init-data - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/cass-init-data/*").AsConfig . | indent 2 }} diff --git a/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml b/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml index e62d387a0a..4e18b3b746 100644 --- a/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml @@ -31,17 +31,9 @@ spec: args: - -c - | - echo "*** input data ***" - ls -l /config-input-data/* - echo "*** input dats ***" - ls -l /config-input-dats/* - cp -L /config-input-data/* /config-data/ + echo "*** Move files from configmap to emptyDir" cp -L /config-input-dats/* /config-dats/ - echo "*** output data ***" - ls -l /config-data/* - echo "*** output dats ***" - ls -l /config-dats/* - chown -R 1000:1000 /config-data + echo "*** set righ user to the different folders" chown -R 1000:1000 /config-dats chown -R 1000:1000 /var/lib/cassandra chown -R 1000:1000 /status @@ -50,14 +42,10 @@ spec: volumeMounts: - mountPath: /var/lib/cassandra name: aaf-cass-vol - - mountPath: /config-input-data - name: config-cass-init-data - mountPath: /config-input-dats name: config-cass-init-dats - mountPath: /config-dats name: config-cass-dats - - mountPath: /config-data - name: config-cass-data - mountPath: /status name: aaf-status resources: @@ -103,8 +91,6 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /opt/app/aaf/cass_init/data - name: config-cass-data - mountPath: /opt/app/aaf/cass_init/dats name: config-cass-dats - mountPath: /opt/app/aaf/status @@ -144,12 +130,7 @@ spec: - name: config-cass-init-dats configMap: name: {{ include "common.fullname" . }}-cass-init-dats - - name: config-cass-init-data - configMap: - name: {{ include "common.fullname" . }}-cass-init-data - name: config-cass-dats emptyDir: {} - - name: config-cass-data - emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl index afa5004a48..50da519a89 100644 --- a/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl +++ b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl @@ -40,6 +40,8 @@ spec: - mountPath: /opt/app/osaaf/etc/org.osaaf.aaf.log4j.props name: aaf-log subPath: org.osaaf.aaf.log4j.props + - mountPath: /opt/app/osaaf/data/ + name: config-identity {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: @@ -68,6 +70,11 @@ spec: - name: aaf-log configMap: name: {{ include "common.release" . }}-aaf-log + - name: config-init-identity + configMap: + name: {{ include "common.release" . }}-aaf-identity + - name: config-identity + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" {{- end -}} diff --git a/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl b/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl index 7cdf4d072e..755315296d 100644 --- a/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl +++ b/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl @@ -15,12 +15,16 @@ */} {{- define "aaf.permissionFixer" -}} -- name: fix-permission +- name: onboard-identity-and-fix-permission command: - /bin/sh args: - -c - | + echo "*** Move files from configmap to emptyDir" + cp -L /config-input-identity/* /config-identity/ + echo "*** set righ user to the different folders" + chown -R 1000:1000 /config-identity chown -R 1000:1000 /opt/app/aaf chown -R 1000:1000 /opt/app/osaaf image: {{ include "repositoryGenerator.image.busybox" . }} @@ -28,6 +32,10 @@ volumeMounts: - mountPath: /opt/app/osaaf name: aaf-config-vol + - mountPath: /config-input-identity + name: config-init-identity + - mountPath: /config-identity + name: config-identity resources: limits: cpu: 100m diff --git a/kubernetes/aaf/resources/data/identities.dat b/kubernetes/aaf/resources/data/identities.dat new file mode 100644 index 0000000000..7e976621df --- /dev/null +++ b/kubernetes/aaf/resources/data/identities.dat @@ -0,0 +1,82 @@ +{{/* +# +# Sample Identities.dat +# This file is for use with the "Default Organization". It is a simple mechanism to have a basic ILM structure to use with +# out-of-the-box tire-kicking, or even for Small companies +# +# For Larger Companies, you will want to create a new class implementing the "Organization" interface, making calls to your ILM, or utilizing +# batch feeds, as is appropriate for your company. +# +# Example Field Layout. note, in this example, Application IDs and People IDs are mixed. You may want to split +# out AppIDs, choose your own status indicators, or whatever you use. +# 0 - unique ID +# 1 - full name +# 2 - first name +# 3 - last name +# 4 - phone +# 5 - official email +# 6 - employment status e=employee, c=contractor, a=application, n=no longer with company +# 7 - responsible to (i.e Supervisor for People, or AppOwner, if it's an App ID) +# +*/}} + +iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@people.osaaf.com|e| +mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@people.osaaf.com|e|iowna +bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.developer@people.osaaf.com|e|mmanager +mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@people.osaaf.com|e|mmanager +ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@people.osaaf.com|c|mmanager +iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@people.osaaf.com|n|mmanager + +# Portal Identities +portal|ONAP Portal Application|PORTAL|ONAP Application|314-123-1234|portal@people.osaaf.com|a|aaf_admin +shi|ONAP SHI Portal Identity|shi|Portal Application|314-123-1234|shi@people.osaaf.com|a|aaf_admin +demo|PORTAL DEMO|demo|PORTAL|DEMO|314-123-1234|demo@people.osaaf.com|e|aaf_admin +jh0003|PORTAL ADMIN|jh|PORTAL ADMIN|314-123-1234|jh0003@people.osaaf.com|e|aaf_admin +cs0008|PORTAL DESIGNER|cs|PORTAL DESIGNER|314-123-1234|cs0008@people.osaaf.com|e|aaf_admin +jm0007|PORTAL TESTER|jm|PORTAL TESTER|314-123-1234|jm0007@people.osaaf.com|e|aaf_admin +op0001|PORTAL OPS|op|PORTAL OPS|314-123-1234|op0001@people.osaaf.com|e|aaf_admin +gv0001|GV PORTAL|gv|PORTAL|314-123-1234|gv0001@people.osaaf.com|e|aaf_admin +pm0001|PM PORTAL|pm|PORTAL|314-123-1234|pm0001@people.osaaf.com|e|aaf_admin +gs0001|GS PORTAL|gs|PORTAL|314-123-1234|gs0001@people.osaaf.com|e|aaf_admin +ps0001|PS PORTAL|ps|PORTAL|314-123-1234|ps0001@people.osaaf.com|e|aaf_admin + +# AAF Defined Users +aaf_admin|AAF Administrator|Mr AAF|AAF Admin|314-123-1234|aaf_admin@people.osaaf.com|e|mmanager +deployer|Deployer|Deployer|Depoyer|314-123-1234|deployer@people.osaaf.com|e|aaf_admin + +# Requested Users +portal_admin|Portal Admin|Portal|Admin|314-123-1234|portal_admin@people.osaaf.com|e|mmanager + +# ONAP App IDs +aaf|AAF Application|AAF|Application|314-123-1234|no_reply@people.osaaf.com|a|aaf_admin +aaf-sms|AAF SMS Application|AAF SMS|Application|314-123-1234|no_reply@people.osaaf.com|a|aaf_admin +clamp|ONAP CLAMP Application|CLAMP|Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +aai|ONAP AAI Application|AAI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +appc|ONAP APPC Application|APPC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +dcae|ONAP DCAE Application|CLAMP|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +oof|ONAP OOF Application|OOF|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +so|ONAP SO Application|SO|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +sdc|ONAP SDC Application|SDC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +sdnc|ONAP SDNC Application|SDNC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +sdnc-cds|ONAP SDNC CDS Application|SDNC-CDS|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +vfc|ONAP VFC Application|VNC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +policy|ONAP Policy Application|POLICY|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +pomba|ONAP Pomba Application|POMBA|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +holmes|ONAP Holmes Application|HOLMES|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +nbi|ONAP NBI Application|NBI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +music|ONAP MUSIC Application|MUSIC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +# VID Identities +vid|ONAP VID Application|VID|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +vid1|ONAP VID Application 1|VID 1|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +vid2|ONAP VID Application 2|VID 2|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +# DMAAP Identities +dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +dmaap-bc-topic-mgr|ONAP DMaap BC Topic Manager|DMaap BC Topic Manager|DMaap BC|314-123-1234|no_reply@people.osaaf.com|a|mmanager +dmaap-bc-mm-prov|ONAP DMaap BC Provisioning Manager|DMaap BC Provision Manager|DMaap BC|314-123-1234|no_reply@people.osaaf.com|a|mmanager +dmaap-dr|ONAP DMaap DR|Prov|DMaap DR|314-123-1234|no_reply@people.osaaf.com|a|mmanager +dmaap-dr-prov|ONAP DMaap DR Prov|Prov|DMaap MR|314-123-1234|no_reply@people.osaaf.com|a|mmanager +dmaap-dr-node|ONAP DMaap DR Node|Node|DMaap MR|314-123-1234|no_reply@people.osaaf.com|a|mmanager +dmaap-mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +#deprecate these in El Alto +dmaapmr|ONAP DMaap MR Application|DMaap MR|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +#dmaap.mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager diff --git a/kubernetes/aaf/templates/configmap.yaml b/kubernetes/aaf/templates/configmap.yaml index 36628ea57a..969046551b 100644 --- a/kubernetes/aaf/templates/configmap.yaml +++ b/kubernetes/aaf/templates/configmap.yaml @@ -23,4 +23,17 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/log/*").AsConfig . | indent 2 }} \ No newline at end of file +{{ tpl (.Files.Glob "resources/log/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-identity + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/data/*").AsConfig . | indent 2 }} \ No newline at end of file -- cgit 1.2.3-korg