From 1e99719c0224863cf26c5362243a4fa1b955c362 Mon Sep 17 00:00:00 2001
From: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Date: Sun, 28 Feb 2021 14:59:22 +0100
Subject: [AAI][BABEL] Remove Hardcoded certificates

Use Certinitializer in order to retrieve needed certificates.
Change ModelLoader also as it needs valid certificate to communicate
with Babel.

Issue-ID: OOM-2693
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I64b8ede24643f942dc99956030c202c50d41ad1e
---
 .../resources/config/auth/babel-client-cert.p12    | Bin 2817 -> 0 bytes
 .../resources/config/auth/tomcat_keystore          | Bin 2483 -> 0 bytes
 .../resources/config/log/logback.xml               |  31 +++++++++++----------
 .../resources/config/model-loader.properties       |  11 ++++----
 4 files changed, 23 insertions(+), 19 deletions(-)
 delete mode 100644 kubernetes/aai/components/aai-modelloader/resources/config/auth/babel-client-cert.p12
 delete mode 100644 kubernetes/aai/components/aai-modelloader/resources/config/auth/tomcat_keystore

(limited to 'kubernetes/aai/components/aai-modelloader/resources')

diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/auth/babel-client-cert.p12 b/kubernetes/aai/components/aai-modelloader/resources/config/auth/babel-client-cert.p12
deleted file mode 100644
index e64895e911..0000000000
Binary files a/kubernetes/aai/components/aai-modelloader/resources/config/auth/babel-client-cert.p12 and /dev/null differ
diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-modelloader/resources/config/auth/tomcat_keystore
deleted file mode 100644
index e1d24d9b4d..0000000000
Binary files a/kubernetes/aai/components/aai-modelloader/resources/config/auth/tomcat_keystore and /dev/null differ
diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml b/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml
index cd36e799d6..129af8f2ac 100644
--- a/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml
+++ b/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml
@@ -1,6 +1,7 @@
 {{/*
 <!--
 # Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -26,8 +27,7 @@
   <property name="auditLogName" value="audit" />
   <property name="debugLogName" value="debug" />
 
-  <property name="errorLogPattern"
-        value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|ModelLoader|%mdc{PartnerName}|%logger||%.-5level|%msg%n" />
+  <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|ModelLoader|%mdc{PartnerName}|%logger||%.-5level|%msg%n" />
   <property name="auditMetricPattern" value="%m%n" />
 
   <property name="logDirectory" value="${logDir}/${componentName}" />
@@ -35,9 +35,12 @@
   <!-- Example evaluator filter applied against console appender -->
   <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
     <encoder>
-      <pattern>${defaultPattern}</pattern>
+      <pattern>${errorLogPattern}</pattern>
     </encoder>
   </appender>
+  <appender name="AsyncSysOut" class="ch.qos.logback.classic.AsyncAppender">
+    <appender-ref ref="STDOUT" />
+  </appender>
 
   <!-- ============================================================================ -->
   <!-- EELF Appenders -->
@@ -46,8 +49,7 @@
   <!-- The EELFAppender is used to record events to the general application
        log -->
 
-  <appender name="EELF"
-        class="ch.qos.logback.core.rolling.RollingFileAppender">
+  <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender">
     <file>${logDirectory}/${generalLogName}.log</file>
     <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
       <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
@@ -66,8 +68,7 @@
     <appender-ref ref="EELF" />
   </appender>
 
-  <appender name="EELFAudit"
-        class="ch.qos.logback.core.rolling.RollingFileAppender">
+  <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
     <file>${logDirectory}/${auditLogName}.log</file>
     <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
       <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
@@ -82,8 +83,7 @@
     <appender-ref ref="EELFAudit" />
   </appender>
 
-  <appender name="EELFMetrics"
-        class="ch.qos.logback.core.rolling.RollingFileAppender">
+  <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
     <file>${logDirectory}/${metricsLogName}.log</file>
     <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
       <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
@@ -98,8 +98,7 @@
     <appender-ref ref="EELFMetrics" />
   </appender>
 
-  <appender name="EELFDebug"
-        class="ch.qos.logback.core.rolling.RollingFileAppender">
+  <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
     <file>${logDirectory}/${debugLogName}.log</file>
     <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
       <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
@@ -121,12 +120,15 @@
   <logger name="com.att.eelf" level="info" additivity="false">
     <appender-ref ref="asyncEELF" />
     <appender-ref ref="asyncEELFDebug" />
+    <appender-ref ref="AsyncSysOut" />
   </logger>
   <logger name="com.att.eelf.audit" level="info" additivity="false">
     <appender-ref ref="asyncEELFAudit" />
+    <appender-ref ref="AsyncSysOut" />
   </logger>
   <logger name="com.att.eelf.metrics" level="info" additivity="false">
     <appender-ref ref="asyncEELFMetrics" />
+    <appender-ref ref="AsyncSysOut" />
   </logger>
 
   <!-- Spring related loggers -->
@@ -162,8 +164,9 @@
   <logger name="ch.qos.logback.core" level="WARN" />
 
   <root>
-  <appender-ref ref="asyncEELF" />
-  <!-- <appender-ref ref="asyncEELFDebug" /> -->
-</root>
+    <appender-ref ref="asyncEELF" />
+    <appender-ref ref="AsyncSysOut" />
+    <!-- <appender-ref ref="asyncEELFDebug" /> -->
+  </root>
 
 </configuration>
diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties b/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties
index 41b855490a..09eb397860 100644
--- a/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties
+++ b/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties
@@ -1,5 +1,6 @@
 {{/*
 # Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -20,7 +21,7 @@ ml.distribution.ACTIVE_SERVER_TLS_AUTH=false
 ml.distribution.ASDC_ADDRESS=sdc-be.{{.Release.Namespace}}:8443
 ml.distribution.ASDC_USE_HTTPS=true
 ml.distribution.KEYSTORE_PASSWORD=
-ml.distribution.KEYSTORE_FILE=asdc-client.jks
+ml.distribution.KEYSTORE_FILE=
 ml.distribution.PASSWORD=OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp
 {{ else }}
 ml.distribution.ASDC_ADDRESS=sdc-be.{{.Release.Namespace}}:8080
@@ -54,8 +55,8 @@ ml.aai.AUTH_PASSWORD=OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw
 ml.babel.BASE_URL={{ include "common.scheme" . }}://aai-babel.{{.Release.Namespace}}:9516
 ml.babel.GENERATE_ARTIFACTS_URL=/services/babel-service/v1/app/generateArtifacts
 {{ if ( include "common.needTLS" .) }}
-ml.babel.KEYSTORE_FILE=babel-client-cert.p12
-ml.babel.KEYSTORE_PASSWORD=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-ml.babel.TRUSTSTORE_FILE=tomcat_keystore
-ml.babel.TRUSTSTORE_PASSWORD=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+ml.babel.KEYSTORE_FILE=aaf/local/{{ .Values.certInitializer.fqi_namespace }}.p12
+ml.babel.KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}
+ml.babel.TRUSTSTORE_FILE=aaf/local/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+ml.babel.TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}
 {{ end }}
-- 
cgit 1.2.3-korg