From 375d0eaa1368368df3c2b9512d9ac8ee6056c63d Mon Sep 17 00:00:00 2001 From: Sylvain Desbureaux Date: Mon, 8 Mar 2021 16:52:20 +0000 Subject: [AAI][SPARKY] Automatically retrieve certs Instead of using hardcoded certificates, use certInitializer in order to retrieve them automatically. Issue-ID: OOM-2683 Change-Id: I1bd3fe575c1d3450905bdc5876b442fdb43660a9 Signed-off-by: Sylvain Desbureaux --- .../config/portal/BOOT-INF/classes/portal.properties | 2 +- .../aai-sparky-be/resources/config/portal/cadi.properties | 14 +++++++++----- 2 files changed, 10 insertions(+), 6 deletions(-) (limited to 'kubernetes/aai/components/aai-sparky-be/resources/config/portal') diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties index 2592e5ca7c..7a0fb8250b 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties @@ -46,4 +46,4 @@ ext_req_connection_timeout=15000 ext_req_read_timeout=20000 #Add AAF namespace if the app is centralized -auth_namespace={{.Values.config.aafNamespace}} +auth_namespace={{ .Values.certInitializer.fqi_namespace }} diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties index 1f154b6101..baefd9806b 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties @@ -6,14 +6,18 @@ aaf_url=<%=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 # AAF Environment Designation #if you are running aaf service from a docker image you have to use aaf service IP and port number -aaf_id={{.Values.config.aafUsername}} +aaf_id={{ .Values.certInitializer.fqi }} #Encrypt the password using AAF Jar -aaf_password={{.Values.config.aafPassword}} +aaf_password={{ .Values.certInitializer.aafDeployPass }} # Sample CADI Properties, from CADI 1.4.2 #hostname=org.onap.aai.orr csp_domain=PROD # Add Absolute path to Keyfile -cadi_keyfile={{.Values.config.cadiKeyFile}} +cadi_keyfile={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.keyfile +cadi_keystore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +cadi_keystore_password=${KEYSTORE_PASSWORD} + +cadi_alias={{ .Values.certInitializer.fqi }} # This is required to accept Certificate Authentication from Certman certificates. # can be TEST, IST or PROD @@ -23,9 +27,9 @@ aaf_env=DEV cadi_loglevel=DEBUG # Add Absolute path to truststore2018.jks -cadi_truststore={{.Values.config.cadiTrustStore}} +cadi_truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks # Note: This is the ONLY password that doesn't have to be encrypted. All Java's TrustStores are this passcode by default, because they are public certs -cadi_truststore_password={{.Values.config.cadiTrustStorePassword}} +cadi_truststore_password=${TRUSTSTORE_PASSWORD} # how to turn on SSL Logging #javax.net.debug=ssl -- cgit 1.2.3-korg