From 27fd7d8750ceeb798052eb8af36264c79b6536fb Mon Sep 17 00:00:00 2001
From: osk11461 <ondrej1.frindrich@orange.com>
Date: Fri, 18 Jun 2021 00:51:17 +0200
Subject: [AAI] Service Mesh compatibility

This patch makes AAI to work on service mesh by removing https calls
from everywhere.
It allows also to use AAI on an environment without need of TLS.

Issue-ID: OOM-2670
Signed-off-by: Ondrej Frindrich <ondrej1.frindrich@orange.com>
Change-Id: I19adabc7b33c1ada243ec16f77dbf8fde19b1386
---
 .../components/aai-schema-service/config/aaiconfig.properties  | 10 +++++++++-
 .../aai-schema-service/config/application.properties           |  5 +++++
 .../aai/components/aai-schema-service/templates/service.yaml   |  7 +++----
 kubernetes/aai/components/aai-schema-service/values.yaml       |  4 ++--
 4 files changed, 19 insertions(+), 7 deletions(-)

(limited to 'kubernetes/aai/components/aai-schema-service')

diff --git a/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties b/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties
index b107cd4f3a..b0ed0e89a0 100644
--- a/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties
+++ b/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties
@@ -19,20 +19,28 @@
 # ============LICENSE_END=========================================================
 */}}
 
+{{ if ( include "common.needTLS" .) }}
 aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
 aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
 aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
+{{ else }}
+aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
+aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
+{{ end }}
 
-{{ if .Values.global.config.basic.auth.enabled }}
+{{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }}
 aai.tools.enableBasicAuth=true
 aai.tools.username={{ .Values.global.config.basic.auth.username }}
 aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
 {{ end }}
 
+{{ if ( include "common.needTLS" .) }}
 aai.truststore.filename={{ .Values.global.config.truststore.filename }}
 aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }}
 aai.keystore.filename={{ .Values.global.config.keystore.filename }}
 aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }}
+{{ end }}
 
 aai.default.api.version={{ .Values.global.config.schema.version.api.default }}
 
diff --git a/kubernetes/aai/components/aai-schema-service/config/application.properties b/kubernetes/aai/components/aai-schema-service/config/application.properties
index 499fa96cd5..ad700dce6e 100644
--- a/kubernetes/aai/components/aai-schema-service/config/application.properties
+++ b/kubernetes/aai/components/aai-schema-service/config/application.properties
@@ -37,6 +37,7 @@ server.local.startpath=aai-schema-service/src/main/resources/
 server.basic.auth.location=${server.local.startpath}/etc/auth/realm.properties
 
 server.port=8452
+{{ if ( include "common.needTLS" .) }}
 server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
 server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
 server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
@@ -44,6 +45,10 @@ server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.conf
 server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
 server.ssl.client-auth=want
 server.ssl.key-store-type=JKS
+{{ else }}
+security.require-ssl=false
+server.ssl.enabled=false
+{{ end }}
 
 schema.configuration.location=N/A
 schema.source.name={{ .Values.global.config.schema.source.name }}
diff --git a/kubernetes/aai/components/aai-schema-service/templates/service.yaml b/kubernetes/aai/components/aai-schema-service/templates/service.yaml
index 66dfd493dd..b54b6be644 100644
--- a/kubernetes/aai/components/aai-schema-service/templates/service.yaml
+++ b/kubernetes/aai/components/aai-schema-service/templates/service.yaml
@@ -30,17 +30,16 @@ spec:
   {{if eq .Values.service.type "NodePort" -}}
   - port: {{ .Values.service.internalPort }}
     nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
-    name: {{ .Values.service.portName }}
+    name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
   - port: {{ .Values.service.internalPort2 }}
     nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
     name: {{ .Values.service.portName2 }}
   {{- else -}}
   - port: {{ .Values.service.internalPort }}
-    name: {{ .Values.service.portName }}
+    name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
   - port: {{ .Values.service.internalPort2 }}
     name: {{ .Values.service.portName2 }}
-  {{- end}}
+  {{- end }}
   selector:
     app: {{ include "common.name" . }}
     release: {{ include "common.release" . }}
-  clusterIP: None
diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml
index 50bd6c38b8..13d257a5c1 100644
--- a/kubernetes/aai/components/aai-schema-service/values.yaml
+++ b/kubernetes/aai/components/aai-schema-service/values.yaml
@@ -99,9 +99,9 @@ readiness:
 
 service:
   type: ClusterIP
-  portName: aai-schema-service-8452
+  portName: http
   internalPort: 8452
-  portName2: aai-schema-service-5005
+  portName2: tcp-5005
   internalPort2: 5005
 
 ingress:
-- 
cgit 1.2.3-korg