From d425867ae1c52a9b31a06f1dea8810c1c7a0af65 Mon Sep 17 00:00:00 2001
From: jhh <jorge.hernandez-herrero@att.com>
Date: Sun, 9 Aug 2020 12:08:08 -0500
Subject: [POLICY] certInit support + refactoring

Several changes are including in this patch:
- certInitializer support (POLICY-2615, REQ-361)
- renamed policy objects to start with "policy-"
  prefix (POLICY-1000)
- add resources section to components that did not
  have or had it incorrectly set up rendering null
  (POLICY-2502)
- Removal of legacy policy-engine components (POLICY-2743)
- Miscellaneous refactoring of charts (POLICY-2745)
- update pdp legacy reference to policy-xacml-pdp from
  pdp (legacy)

Issue-ID: POLICY-2615
Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
Change-Id: I8b6984a663bbb14d331a366ec02b6dd38755cde7
Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
---
 kubernetes/policy/charts/policy-common/Chart.yaml  |  19 ----
 .../policy/charts/policy-common/requirements.yaml  |  22 -----
 .../resources/config/log/filebeat/filebeat.yml     |  55 ------------
 .../policy-common/resources/config/pe/base.conf    |  44 ---------
 .../resources/config/scripts/do-start.sh           | 100 ---------------------
 .../charts/policy-common/templates/NOTES.txt       |  33 -------
 .../charts/policy-common/templates/configmap.yaml  |  38 --------
 kubernetes/policy/charts/policy-common/values.yaml |  81 -----------------
 8 files changed, 392 deletions(-)
 delete mode 100644 kubernetes/policy/charts/policy-common/Chart.yaml
 delete mode 100644 kubernetes/policy/charts/policy-common/requirements.yaml
 delete mode 100644 kubernetes/policy/charts/policy-common/resources/config/log/filebeat/filebeat.yml
 delete mode 100644 kubernetes/policy/charts/policy-common/resources/config/pe/base.conf
 delete mode 100644 kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh
 delete mode 100644 kubernetes/policy/charts/policy-common/templates/NOTES.txt
 delete mode 100644 kubernetes/policy/charts/policy-common/templates/configmap.yaml
 delete mode 100644 kubernetes/policy/charts/policy-common/values.yaml

(limited to 'kubernetes/policy/charts/policy-common')

diff --git a/kubernetes/policy/charts/policy-common/Chart.yaml b/kubernetes/policy/charts/policy-common/Chart.yaml
deleted file mode 100644
index 0af8e01b51..0000000000
--- a/kubernetes/policy/charts/policy-common/Chart.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Policy Common
-name: policy-common
-version: 6.0.0
diff --git a/kubernetes/policy/charts/policy-common/requirements.yaml b/kubernetes/policy/charts/policy-common/requirements.yaml
deleted file mode 100644
index d3c442d32e..0000000000
--- a/kubernetes/policy/charts/policy-common/requirements.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
-  - name: common
-    version: ~6.x-0
-    # local reference to common chart, as it is
-    # a part of this chart's package and will not
-    # be published independently to a repo (at this point)
-    repository: '@local'
diff --git a/kubernetes/policy/charts/policy-common/resources/config/log/filebeat/filebeat.yml b/kubernetes/policy/charts/policy-common/resources/config/log/filebeat/filebeat.yml
deleted file mode 100644
index 258b654f6f..0000000000
--- a/kubernetes/policy/charts/policy-common/resources/config/log/filebeat/filebeat.yml
+++ /dev/null
@@ -1,55 +0,0 @@
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
-  #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
-  paths:
-    - /var/log/onap/*/*/*/*.log
-    - /var/log/onap/*/*/*.log
-    - /var/log/onap/*/*.log
-  #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
-  ignore_older: 48h
-  # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
-  clean_inactive: 96h
-
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
-  #List of logstash server ip addresses with port number.
-  #But, in our case, this will be the loadbalancer IP address.
-  #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
-  hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"]
-  #If enable will do load balancing among availabe Logstash, automatically.
-  loadbalance: true
-
-  #The list of root certificates for server verifications.
-  #If certificate_authorities is empty or not set, the trusted
-  #certificate authorities of the host system are used.
-  #ssl.certificate_authorities: $ssl.certificate_authorities
-
-  #The path to the certificate for SSL client authentication. If the certificate is not specified,
-  #client authentication is not available.
-  #ssl.certificate: $ssl.certificate
-
-  #The client certificate key used for client authentication.
-  #ssl.key: $ssl.key
-
-  #The passphrase used to decrypt an encrypted key stored in the configured key file
-  #ssl.key_passphrase: $ssl.key_passphrase
diff --git a/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf b/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf
deleted file mode 100644
index 810b090069..0000000000
--- a/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf
+++ /dev/null
@@ -1,44 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-JAVA_HOME=/usr/local/openjdk-11
-POLICY_HOME=/opt/app/policy
-POLICY_LOGS=/var/log/onap
-KEYSTORE_PASSWD=Pol1cy_0nap
-TRUSTSTORE_PASSWD=Pol1cy_0nap
-
-JDBC_DRIVER=org.mariadb.jdbc.Driver
-JDBC_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/onap_sdk?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30
-JDBC_LOG_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/log?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30
-
-JDBC_USER=${JDBC_USER}
-JDBC_PASSWORD=${JDBC_PASSWORD}
-
-site_name=site_1
-fp_monitor_interval=30
-failed_counter_threshold=3
-test_trans_interval=20
-write_fpc_interval=5
-max_fpc_update_interval=60
-test_via_jmx=false
-jmx_fqdn=
-
-AAF_NAMESPACE=org.onap.policy
-AAF_HOST=aaf-locate.{{.Release.Namespace}}
-
-ENVIRONMENT=TEST
-
-#Micro Service Model Properties
-policy_msOnapName=
-policy_msPolicyName=
diff --git a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh
deleted file mode 100644
index ee427af678..0000000000
--- a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh
+++ /dev/null
@@ -1,100 +0,0 @@
-#!/bin/bash
-
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-# Script to configure and start the Policy components that are to run in the designated container,
-# It is intended to be used as the entrypoint in the Dockerfile, so the last statement of the
-# script just goes into a long sleep so that the script does not exit (which would cause the
-# container to be torn down).
-
-container=$1
-
-case $container in
-pap)
-	comps="base pap paplp console mysql elk"
-	;;
-pdp)
-	comps="base pdp pdplp"
-	;;
-brmsgw)
-	comps="base brmsgw"
-	;;
-*)
-	echo "Usage: do-start.sh pap|pdp|brmsgw" >&2
-	exit 1
-esac
-
-
-# skip installation if build.info file is present (restarting an existing container)
-if [[ -f /opt/app/policy/etc/build.info ]]; then
-	echo "Found existing installation, will not reinstall"
-	. /opt/app/policy/etc/profile.d/env.sh
-
-else
-	if [[ -d config ]]; then
-		cp config/*.conf .
-	fi
-
-	for comp in $comps; do
-		echo "Installing component: $comp"
-		./docker-install.sh --install $comp
-	done
-	for comp in $comps; do
-		echo "Configuring component: $comp"
-		./docker-install.sh --configure $comp
-	done
-
-	. /opt/app/policy/etc/profile.d/env.sh
-
-	# install keystore
-        # override the policy keystore and truststore if present
-	if [[ -f config/policy-keystore ]]; then
-		cp config/policy-keystore $POLICY_HOME/etc/ssl
-	fi
-
-	if [[ -f config/policy-truststore ]]; then
-		cp -f config/policy-truststore $POLICY_HOME/etc/ssl
-	fi
-
-	if [[ -f config/$container-tweaks.sh ]] ; then
-		# file may not be executable; running it as an
-		# argument to bash avoids needing execute perms.
-		bash config/$container-tweaks.sh
-	fi
-
-	if [[ $container == pap ]]; then
-		# wait for DB up
-		# now that DB is up, invoke database upgrade
-		# (which does nothing if the db is already up-to-date)
-		if [[ -v JDBC_USER ]]; then
-			dbuser=${JDBC_USER};
-		else
-			dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=))
-		fi
-
-		if [[ -v JDBC_PASSWORD ]]; then
-			dbpw=${JDBC_PASSWORD}
-		else
-			dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=))
-		fi
-		db_upgrade_remote.sh $dbuser $dbpw {{.Values.global.mariadb.service.name}}
-	fi
-
-fi
-
-policy.sh start
-sleep 1000d
diff --git a/kubernetes/policy/charts/policy-common/templates/NOTES.txt b/kubernetes/policy/charts/policy-common/templates/NOTES.txt
deleted file mode 100644
index fa0aa7d258..0000000000
--- a/kubernetes/policy/charts/policy-common/templates/NOTES.txt
+++ /dev/null
@@ -1,33 +0,0 @@
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/policy/charts/policy-common/templates/configmap.yaml b/kubernetes/policy/charts/policy-common/templates/configmap.yaml
deleted file mode 100644
index 4aed50976c..0000000000
--- a/kubernetes/policy/charts/policy-common/templates/configmap.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.release" . }}-pe-configmap
-  namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.release" . }}-pe-scripts-configmap
-  namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/scripts/do-start.sh").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "common.release" . }}-filebeat-configmap
-  namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }}
diff --git a/kubernetes/policy/charts/policy-common/values.yaml b/kubernetes/policy/charts/policy-common/values.yaml
deleted file mode 100644
index 57eacc56f0..0000000000
--- a/kubernetes/policy/charts/policy-common/values.yaml
+++ /dev/null
@@ -1,81 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
-  nodePortPrefix: 302
-  readinessRepository: oomk8s
-  readinessImage: readiness-check:2.0.2
-  loggingRepository: docker.elastic.co
-  loggingImage: beats/filebeat:5.5.0
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
-  logstashServiceName: log-ls
-  logstashPort: 5044
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
-  initialDelaySeconds: 10
-  periodSeconds: 10
-  # necessary to disable liveness probe when setting breakpoints
-  # in debugger so K8s doesn't restart unresponsive container
-  enabled: true
-
-readiness:
-  initialDelaySeconds: 10
-  periodSeconds: 10
-
-service:
-  type: NodePort
-  name: <onap-app>
-  externalPort: <8080>
-  #Example internal target port if required
-  #internalPort: <80>
-  nodePort: <replace with unused node port suffix eg. 23>
-
-ingress:
-  enabled: false
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  #
-  # Example:
-  # Configure resource requests and limits
-  # ref: http://kubernetes.io/docs/user-guide/compute-resources/
-  # Minimum memory for development is 2 CPU cores and 4GB memory
-  # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-#  limits:
-#    cpu: 2
-#    memory: 4Gi
-#  requests:
-#    cpu: 2
-#    memory: 4Gi
-- 
cgit 1.2.3-korg