From 27fd7d8750ceeb798052eb8af36264c79b6536fb Mon Sep 17 00:00:00 2001 From: osk11461 Date: Fri, 18 Jun 2021 00:51:17 +0200 Subject: [AAI] Service Mesh compatibility This patch makes AAI to work on service mesh by removing https calls from everywhere. It allows also to use AAI on an environment without need of TLS. Issue-ID: OOM-2670 Signed-off-by: Ondrej Frindrich Change-Id: I19adabc7b33c1ada243ec16f77dbf8fde19b1386 --- .../resources/config/application.properties | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) (limited to 'kubernetes/aai/components/aai-graphadmin/resources/config/application.properties') diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties index 8cefebc825..367e9038cd 100644 --- a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties @@ -33,7 +33,7 @@ server.servlet.context-path=/ spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration -spring.profiles.active={{ .Values.config.profiles.active }} +spring.profiles.active={{ .Values.config.profiles.active }}{{ (eq "true" (include "common.needTLS" .)) | ternary ",one-way-ssl" "" }} spring.jersey.application-path=${schema.uri.base.path} #The max number of active threads in this pool server.tomcat.max-threads=200 @@ -48,6 +48,7 @@ server.local.startpath=aai-graphadmin/src/main/resources/ server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties server.port=8449 +{{ if ( include "common.needTLS" .) }} server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) @@ -55,11 +56,15 @@ server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.conf server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) server.ssl.client-auth=want server.ssl.key-store-type=JKS +{{ else }} +security.require-ssl=false +server.ssl.enabled=false +{{ end }} # JMS bind address host port jms.bind.address=tcp://localhost:61649 -dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:3905 -dmaap.ribbon.transportType=https +dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }} +dmaap.ribbon.transportType={{ include "common.scheme" . }} # Schema related attributes for the oxm and edges # Any additional schema related attributes should start with prefix schema @@ -91,23 +96,28 @@ schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.lab schema.version.api.default={{ .Values.global.config.schema.version.api.default }} schema.translator.list={{ .Values.global.config.schema.translator.list }} -schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/ +schema.service.base.url={{ include "common.scheme" . }}://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/ schema.service.nodes.endpoint=nodes?version= schema.service.edges.endpoint=edgerules?version= schema.service.versions.endpoint=versions -schema.service.client={{ .Values.global.config.schema.service.client }} +schema.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }} +{{ if ( include "common.needTLS" .) }} schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +{{ end }} aperture.rdbmsname=aai_relational -aperture.service.client={{ .Values.global.config.schema.service.client }} +aperture.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }} + aperture.service.base.url=http://localhost:8457/aai/aperture +{{ if ( include "common.needTLS" .) }} aperture.service.ssl.key-store=${server.local.startpath}etc/auth/{{ .Values.global.config.keystore.filename }} aperture.service.ssl.trust-store=${server.local.startpath}etc/auth/{{ .Values.global.config.truststore.filename }} aperture.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) aperture.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +{{ end }} aperture.service.timeout-in-milliseconds=300000 -- cgit 1.2.3-korg