From a9a41d84026f059aae70f9042c0b99af5b72e619 Mon Sep 17 00:00:00 2001
From: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Date: Tue, 16 Feb 2021 11:08:25 +0100
Subject: [AAI][SPARKY] Automatically retrieve certs

Instead of using hardcoded certificates, use certInitializer in order to
retrieve them automatically.

Issue-ID: OOM-2683
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I63ce5d1bb2e9c287729425f2fd7146e7b69c33f7
---
 .../aai/components/aai-sparky-be/values.yaml       | 45 +++++++++++++++++++---
 1 file changed, 39 insertions(+), 6 deletions(-)

(limited to 'kubernetes/aai/components/aai-sparky-be/values.yaml')

diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml
index ed21030dc8..147feb13c8 100644
--- a/kubernetes/aai/components/aai-sparky-be/values.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/values.yaml
@@ -27,6 +27,45 @@ global: # global defaults
   searchData:
     serviceName: aai-search-data
 
+
+#################################################################
+# Certificate configuration
+#################################################################
+certInitializer:
+  nameOverride: aai-sparky-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: "aai"
+  app_ns: "org.osaaf.aaf"
+  fqi_namespace: "org.onap.aai"
+  fqi: "aai@aai.onap.org"
+  public_fqdn: "aaf.osaaf.org"
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: |
+    echo "*** changing passwords into shell safe ones"
+    export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+    export TRUSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+    cd {{ .Values.credsPath }}
+    keytool -storepasswd -new "${KEYSTORE_PASSWD}" \
+      -storepass "${cadi_keystore_password_jks}" \
+      -keystore {{ .Values.fqi_namespace }}.jks
+    keytool -storepasswd -new "${TRUSTORE_PASSWD}" \
+      -storepass "${cadi_truststore_password}" \
+      -keystore {{ .Values.fqi_namespace }}.trust.jks
+    echo "*** set key password as same password as keystore password"
+    keytool -keypasswd -new "${KEYSTORE_PASSWD}" \
+      -keystore {{ .Values.fqi_namespace }}.jks \
+      -keypass "${cadi_keystore_password_jks}" \
+      -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }}
+    echo "*** save the generated passwords"
+    echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop
+    echo "TRUSTSTORE_PASSWORD=${TRUSTORE_PASSWD}" >> mycreds.prop
+    echo "*** change ownership of certificates to targeted user"
+    chown -R 1000 {{ .Values.credsPath }}
+
 # application image
 image: onap/sparky-be:2.0.2
 pullPolicy: Always
@@ -44,13 +83,7 @@ config:
   portalPassword: OBF:1t2v1vfv1unz1vgz1t3b
   portalCookieName: UserId
   portalAppRoles: ui_view
-  aafUsername: aai@aai.onap.org
-  aafNamespace: org.onap.aai
-  aafPassword: enc:xxYw1FqXU5UpianbPeH5Rezg0YfjzuwQrSiLcCmJGfz
-  cadiKeyFile: /opt/app/sparky/config/portal/keyFile
-  cadiTrustStore: /opt/app/sparky/config/auth/truststoreONAPall.jks
   cadiFileLocation: /opt/app/sparky/config/portal/cadi.properties
-  cadiTrustStorePassword: changeit
   cookieDecryptorClass: org.onap.aai.sparky.security.BaseCookieDecryptor
 
 # ONAP Cookie Processing - During initial development, the following flag, if true, will
-- 
cgit 1.2.3-korg