From 27fd7d8750ceeb798052eb8af36264c79b6536fb Mon Sep 17 00:00:00 2001 From: osk11461 Date: Fri, 18 Jun 2021 00:51:17 +0200 Subject: [AAI] Service Mesh compatibility This patch makes AAI to work on service mesh by removing https calls from everywhere. It allows also to use AAI on an environment without need of TLS. Issue-ID: OOM-2670 Signed-off-by: Ondrej Frindrich Change-Id: I19adabc7b33c1ada243ec16f77dbf8fde19b1386 --- .../aai-traversal/resources/config/aaiconfig.properties | 10 +++++++++- .../resources/config/application.properties | 17 ++++++++++++----- 2 files changed, 21 insertions(+), 6 deletions(-) (limited to 'kubernetes/aai/components/aai-traversal/resources') diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties index 843a90bbcd..b8a2b5fe03 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties +++ b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties @@ -28,20 +28,28 @@ aai.config.checktime=1000 # this could come from siteconfig.pl? aai.config.nodename=AutomaticallyOverwritten +{{ if ( include "common.needTLS" .) }} aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/ aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/ aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/ +{{else}} +aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/ +aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/ +aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/ +{{ end }} -{{ if .Values.global.config.basic.auth.enabled }} +{{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }} aai.tools.enableBasicAuth=true aai.tools.username={{ .Values.global.config.basic.auth.username }} aai.tools.password={{ .Values.global.config.basic.auth.passwd }} {{ end }} +{{ if ( include "common.needTLS" .) }} aai.truststore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks aai.truststore.passwd.x=${TRUSTSTORE_PASSWORD} aai.keystore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 aai.keystore.passwd.x=${KEYSTORE_PASSWORD} +{{ end }} aai.notification.current.version={{ .Values.global.config.schema.version.api.default }} aai.notificationEvent.default.status=UNPROCESSED diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application.properties b/kubernetes/aai/components/aai-traversal/resources/config/application.properties index a5e92c5a61..54bb1c4afd 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/application.properties +++ b/kubernetes/aai/components/aai-traversal/resources/config/application.properties @@ -29,7 +29,7 @@ server.servlet.context-path=/ spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration -spring.profiles.active={{ .Values.global.config.profiles.active }} +spring.profiles.active={{ .Values.global.config.profiles.active }}{{ (eq "true" (include "common.needTLS" .)) | ternary ",one-way-ssl" "" }} spring.jersey.application-path=${schema.uri.base.path} #The max number of active threads in this pool server.tomcat.max-threads=200 @@ -44,6 +44,7 @@ server.local.startpath=aai-traversal/src/main/resources/ server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties server.port=8446 +{{ if ( include "common.needTLS" .) }} server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 server.ssl.key-store-password=${KEYSTORE_PASSWORD} @@ -51,11 +52,15 @@ server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certIn server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} server.ssl.client-auth=want server.ssl.key-store-type=JKS +{{ else }} +security.require-ssl=false +server.ssl.enabled=false +{{ end }} # JMS bind address host port jms.bind.address=tcp://localhost:61647 -dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:3905 -dmaap.ribbon.transportType=https +dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }} +dmaap.ribbon.transportType={{ include "common.scheme" . }} # Schema related attributes for the oxm and edges # Any additional schema related attributes should start with prefix schema @@ -89,14 +94,16 @@ schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.lab schema.version.api.default={{ .Values.global.config.schema.version.api.default }} schema.translator.list={{ .Values.global.config.schema.translator.list }} -schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/ +schema.service.base.url={{ include "common.scheme" . }}://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/ schema.service.nodes.endpoint=nodes?version= schema.service.edges.endpoint=edgerules?version= schema.service.versions.endpoint=versions schema.service.custom.queries.endpoint=stored-queries -schema.service.client={{ .Values.global.config.schema.service.client }} +schema.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }} +{{ if ( include "common.needTLS" .) }} schema.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD} schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} +{{ end }} -- cgit 1.2.3-korg