From 2ffb1ba25a2a797fe781009adcc4766fbf44fe38 Mon Sep 17 00:00:00 2001
From: Sandeep Shah <sandeeplinux1068@gmail.com>
Date: Tue, 1 Sep 2020 21:13:16 -0500
Subject: [Portal] Remove hardcoded cassandra password

Make cassandra password generate automatically and distribute it to
components that use DB.

Remove also hardcoded encryption key.

Issue-ID: PORTAL-944
Signed-off-by: SandeepLinux <Sandeep.Shah@att.com>
Change-Id: I6e579a76efacc7a0921fea7c74a7a9e49347ebd8
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
---
 .../portal/components/portal-app/values.yaml       | 24 ++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'kubernetes/portal/components/portal-app/values.yaml')

diff --git a/kubernetes/portal/components/portal-app/values.yaml b/kubernetes/portal/components/portal-app/values.yaml
index 73306ba773..55a7ccca38 100644
--- a/kubernetes/portal/components/portal-app/values.yaml
+++ b/kubernetes/portal/components/portal-app/values.yaml
@@ -23,9 +23,27 @@ global:
   readinessImage: onap/oom/readiness:3.0.1
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
+  envsubstImage: dibi/envsubst
   #AAF service
   aafEnabled: true
 
+################################################################
+# Secrets metaconfig
+#################################################################
+
+secrets:
+  - uid: portal-cass
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.cassandra.config.cassandraExternalSecret) . }}'
+    login: '{{ .Values.cassandra.config.cassandraUsername }}'
+    password: '{{ .Values.cassandra.config.cassandraPassword }}'
+    passwordPolicy: required
+  - uid: cipher-enc-key
+    type: password
+    externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}'
+    password: '{{ .Values.config.cipherEncKey }}'
+    passwordPolicy: required
+
 #################################################################
 # Application configuration defaults.
 #################################################################
@@ -35,6 +53,11 @@ repository: nexus3.onap.org:10001
 image: onap/portal-app:3.2.3
 pullPolicy: Always
 
+# application configuration
+config:
+  # cipherEncKeyExternalSecret: some secret
+  cipherEncKey: AGLDdG4D04BKm2IxIWEr8o==!
+
 #AAF local config
 
 aafURL: https://aaf-service:8100/authz/
@@ -104,6 +127,7 @@ cassandra:
   service:
     name: portal-cassandra
   config:
+    # cassandraExternalSecret: some secret
     cassandraUsername: root
     cassandraPassword: Aa123456
 messageRouter:
-- 
cgit 1.2.3-korg