From e5b6ffc663a2314fd545aa540cbdee6380adf00b Mon Sep 17 00:00:00 2001
From: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Date: Wed, 10 Feb 2021 12:11:53 +0100
Subject: [DMAAP][MR] Retrieve certs automatically

Instead of hardcoding certificates inside the container, use cert
initializer in order to retrieve them automatically at start.

Issue-ID: DMAAP-1547
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I7fcb8831539d8d9d5d25bcaae44a3c66672f7b1a
---
 .../resources/config/etc/ajsc-jetty.xml            | 138 +++++++++++++++++++++
 .../resources/config/etc/cadi.properties           |  19 +++
 .../resources/config/etc/runner-web.xml            | 108 ++++++++++++++++
 3 files changed, 265 insertions(+)
 create mode 100644 kubernetes/dmaap/components/message-router/resources/config/etc/ajsc-jetty.xml
 create mode 100644 kubernetes/dmaap/components/message-router/resources/config/etc/cadi.properties
 create mode 100644 kubernetes/dmaap/components/message-router/resources/config/etc/runner-web.xml

(limited to 'kubernetes/dmaap/components/message-router/resources/config/etc')

diff --git a/kubernetes/dmaap/components/message-router/resources/config/etc/ajsc-jetty.xml b/kubernetes/dmaap/components/message-router/resources/config/etc/ajsc-jetty.xml
new file mode 100644
index 0000000000..49196e441b
--- /dev/null
+++ b/kubernetes/dmaap/components/message-router/resources/config/etc/ajsc-jetty.xml
@@ -0,0 +1,138 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- {{/*
+    ============LICENSE_START=======================================================
+    org.onap.dmaap
+    ================================================================================
+    Copyright © 2017-2021 AT&T Intellectual Property. All rights reserved.
+    Copyright © 2021 Orange Intellectual Property. All rights reserved.
+    ================================================================================
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+          http://www.apache.org/licenses/LICENSE-2.0
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+    ============LICENSE_END=========================================================
+    ECOMP is a trademark and service mark of AT&T Intellectual Property.
+*/}}
+-->
+
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<Configure id="ajsc-server" class="org.eclipse.jetty.server.Server">
+  <!-- DO NOT REMOVE!!!! This is setting up the AJSC Context -->
+  <New id="ajscContext" class="org.eclipse.jetty.webapp.WebAppContext">
+    <Set name="contextPath"><SystemProperty name="AJSC_CONTEXT_PATH" /></Set>
+    <Set name="extractWAR">true</Set>
+    <Set name="tempDirectory"><SystemProperty name="AJSC_TEMP_DIR" /></Set>
+    <Set name="war"><SystemProperty name="AJSC_WAR_PATH" /></Set>
+    <Set name="descriptor"><SystemProperty name="AJSC_HOME" />/etc/runner-web.xml</Set>
+    <Set name="overrideDescriptor"><SystemProperty name="AJSC_HOME" />/etc/ajsc-override-web.xml</Set>
+    <Set name="throwUnavailableOnStartupException">true</Set>
+    <Set name="extraClasspath"><SystemProperty name="AJSC_HOME" />/extJars/json-20131018.jar</Set>
+    <Set name="servletHandler">
+      <New class="org.eclipse.jetty.servlet.ServletHandler">
+        <Set name="startWithUnavailable">false</Set>
+      </New>
+    </Set>
+  </New>
+
+  <Set name="handler">
+    <New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection">
+      <Set name="Handlers">
+        <Array type="org.eclipse.jetty.webapp.WebAppContext">
+          <Item>
+            <Ref refid="ajscContext" />
+          </Item>
+        </Array>
+      </Set>
+    </New>
+  </Set>
+
+  <Call name="addBean">
+    <Arg>
+      <New id="DeploymentManager" class="org.eclipse.jetty.deploy.DeploymentManager">
+        <Set name="contexts">
+          <Ref refid="Contexts" />
+        </Set>
+        <Call id="extAppHotDeployProvider" name="addAppProvider">
+          <Arg>
+            <New class="org.eclipse.jetty.deploy.providers.WebAppProvider">
+              <Set name="monitoredDirName"><SystemProperty name="AJSC_HOME" />/extApps</Set>
+              <Set name="scanInterval">10</Set>
+              <Set name="extractWars">true</Set>
+            </New>
+          </Arg>
+        </Call>
+      </New>
+    </Arg>
+  </Call>
+
+  <Call name="addConnector">
+    <Arg>
+      <New class="org.eclipse.jetty.server.ServerConnector">
+        <Arg name="server">
+          <Ref refid="ajsc-server" />
+        </Arg>
+        <Set name="port"><SystemProperty name="AJSC_HTTP_PORT" default="8080" /></Set>
+      </New>
+    </Arg>
+  </Call>
+
+
+  <!-- SSL Keystore configuration -->
+
+  <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
+    <Set name="KeyStorePath">{{.Values.certInitializer.appMountPath}}/local/{{.Values.certInitializer.fqi_namespace}}.jks</Set>
+    <Set name="KeyStorePassword">${KEYSTORE_PASSWORD}</Set>
+    <Set name="KeyManagerPassword">${KEYSTORE_PASSWORD}</Set>
+    <Set name="WantClientAuth">true</Set>
+  </New>
+  <Call id="sslConnector" name="addConnector">
+    <Arg>
+      <New class="org.eclipse.jetty.server.ServerConnector">
+        <Arg name="server">
+          <Ref refid="ajsc-server" />
+        </Arg>
+        <Arg name="factories">
+          <Array type="org.eclipse.jetty.server.ConnectionFactory">
+            <Item>
+              <New class="org.eclipse.jetty.server.SslConnectionFactory">
+                <Arg name="next">http/1.1</Arg>
+                <Arg name="sslContextFactory">
+                  <Ref refid="sslContextFactory" />
+                </Arg>
+              </New>
+            </Item>
+            <Item>
+              <New class="org.eclipse.jetty.server.HttpConnectionFactory">
+                <Arg name="config">
+                  <New class="org.eclipse.jetty.server.HttpConfiguration">
+                    <Call name="addCustomizer">
+                      <Arg>
+                        <New class="org.eclipse.jetty.server.SecureRequestCustomizer" />
+                      </Arg>
+                    </Call>
+                  </New>
+                </Arg>
+              </New>
+            </Item>
+          </Array>
+        </Arg>
+        <Set name="port"><SystemProperty name="AJSC_HTTPS_PORT" default="0" /></Set>
+        <Set name="idleTimeout">30000</Set>
+      </New>
+    </Arg>
+  </Call>
+
+
+  <Get name="ThreadPool">
+    <Set name="minThreads"><SystemProperty name="AJSC_JETTY_ThreadCount_MIN" /></Set>
+    <Set name="maxThreads"><SystemProperty name="AJSC_JETTY_ThreadCount_MAX" /></Set>
+    <Set name="idleTimeout"><SystemProperty name="AJSC_JETTY_IDLETIME_MAX" /></Set>
+    <Set name="detailedDump">false</Set>
+  </Get>
+
+</Configure>
diff --git a/kubernetes/dmaap/components/message-router/resources/config/etc/cadi.properties b/kubernetes/dmaap/components/message-router/resources/config/etc/cadi.properties
new file mode 100644
index 0000000000..596a316d77
--- /dev/null
+++ b/kubernetes/dmaap/components/message-router/resources/config/etc/cadi.properties
@@ -0,0 +1,19 @@
+aaf_locate_url=https://aaf-locate.onap:8095
+aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
+aaf_env=DEV
+aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
+
+cadi_truststore={{ .Values.certInitializer.appMountPath }}/local/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+cadi_truststore_password=${TRUSTSTORE_PASSWORD}
+
+cadi_keyfile={{ .Values.certInitializer.appMountPath }}/local/{{ .Values.certInitializer.fqi_namespace }}.keyfile
+
+cadi_alias={{ .Values.certInitializer.fqi }}
+cadi_keystore={{ .Values.certInitializer.appMountPath }}/local/{{ .Values.certInitializer.fqi_namespace }}.p12
+cadi_keystore_password=${KEYSTORE_PASSWORD_P12}
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
+
+cadi_loglevel=INFO
+cadi_protocols=TLSv1.1,TLSv1.2
+cadi_latitude=37.78187
+cadi_longitude=-122.26147
diff --git a/kubernetes/dmaap/components/message-router/resources/config/etc/runner-web.xml b/kubernetes/dmaap/components/message-router/resources/config/etc/runner-web.xml
new file mode 100644
index 0000000000..116c52499f
--- /dev/null
+++ b/kubernetes/dmaap/components/message-router/resources/config/etc/runner-web.xml
@@ -0,0 +1,108 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--{{/*
+    ============LICENSE_START=======================================================
+    org.onap.dmaap
+    ================================================================================
+    Copyright c 2017 AT&T Intellectual Property. All rights reserved.
+    Copyright c 2021 Orange Intellectual Property. All rights reserved.
+    ================================================================================
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+          http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+    ============LICENSE_END=========================================================
+
+    ECOMP is a trademark and service mark of AT&T Intellectual Property.*/}}
+-->
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" metadata-complete="false" version="3.0">
+
+  <context-param>
+    <param-name>contextConfigLocation</param-name>
+    <param-value>/WEB-INF/spring-servlet.xml,
+          classpath:applicationContext.xml
+</param-value>
+  </context-param>
+
+  <context-param>
+    <param-name>spring.profiles.default</param-name>
+    <param-value>nooauth</param-value>
+  </context-param>
+
+  <listener>
+    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+  </listener>
+
+  <servlet>
+    <servlet-name>ManagementServlet</servlet-name>
+    <servlet-class>ajsc.ManagementServlet</servlet-class>
+  </servlet>
+
+  <filter>
+    <filter-name>WriteableRequestFilter</filter-name>
+    <filter-class>com.att.ajsc.csi.writeablerequestfilter.WriteableRequestFilter</filter-class>
+  </filter>
+
+  <filter>
+    <filter-name>InterceptorFilter</filter-name>
+    <filter-class>ajsc.filters.InterceptorFilter</filter-class>
+    <init-param>
+      <param-name>preProcessor_interceptor_config_file</param-name>
+      <param-value>/etc/PreProcessorInterceptors.properties</param-value>
+    </init-param>
+    <init-param>
+      <param-name>postProcessor_interceptor_config_file</param-name>
+      <param-value>/etc/PostProcessorInterceptors.properties</param-value>
+    </init-param>
+
+  </filter>
+
+  <!-- Content length filter for Msgrtr -->
+  <filter>
+    <display-name>DMaaPAuthFilter</display-name>
+    <filter-name>DMaaPAuthFilter</filter-name>
+    <filter-class>org.onap.dmaap.util.DMaaPAuthFilter</filter-class>
+    <init-param>
+      <param-name>cadi_prop_files</param-name>
+      <param-value>{{.Values.certInitializer.appMountPath}}/local/cadi.properties</param-value>
+    </init-param>
+  </filter>
+
+  <!-- End Content length filter for Msgrtr -->
+  <servlet>
+    <servlet-name>RestletServlet</servlet-name>
+    <servlet-class>ajsc.restlet.RestletSpringServlet</servlet-class>
+    <init-param>
+      <param-name>org.restlet.component</param-name>
+      <param-value>restletComponent</param-value>
+    </init-param>
+  </servlet>
+
+  <servlet>
+    <servlet-name>CamelServlet</servlet-name>
+    <servlet-class>ajsc.servlet.AjscCamelServlet</servlet-class>
+  </servlet>
+
+
+  <filter>
+    <filter-name>springSecurityFilterChain</filter-name>
+    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+  </filter>
+
+  <servlet>
+    <servlet-name>spring</servlet-name>
+    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+    <load-on-startup>1</load-on-startup>
+  </servlet>
+
+  <servlet-mapping>
+    <servlet-name>spring</servlet-name>
+    <url-pattern>/</url-pattern>
+  </servlet-mapping>
+
+</web-app>
-- 
cgit 1.2.3-korg