From d6b989d947334a7da8acc36ae064d753db360f2c Mon Sep 17 00:00:00 2001 From: Sandeep Shah Date: Fri, 25 Sep 2020 15:53:18 -0500 Subject: [PORTAL] Non-root user for back-end database Creation of a non-root user for portal backend mariaDB database. Update portal apps, such as front-end app and sdk app, to use the non-root user to access back-end mariaDB database Issue-ID: OOM-2576 Signed-off-by: SandeepLinux Change-Id: Ie13c7d190c08a4075058b97b352f4b71bbb0aa47 Signed-off-by: Sylvain Desbureaux --- .../config/deliveries/properties/ONAPPORTAL/system.properties | 6 +++--- .../portal/components/portal-app/templates/deployment.yaml | 4 ++++ kubernetes/portal/components/portal-app/values.yaml | 10 ++++++++++ 3 files changed, 17 insertions(+), 3 deletions(-) (limited to 'kubernetes/portal/components/portal-app') diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties index b5b4e48b97..c8a292f60b 100755 --- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties +++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties @@ -16,8 +16,8 @@ #mysql db.driver = org.mariadb.jdbc.Driver db.connectionURL = jdbc:mariadb:failover://portal-db:3306/portal -db.userName =root -db.password =Aa123456 +db.userName =${PORTAL_DB_USER} +db.password =${PORTAL_DB_PASSWORD} db.hib.dialect = org.hibernate.dialect.MySQLDialect db.min_pool_size = 5 db.max_pool_size = 10 @@ -122,4 +122,4 @@ remote_centralized_system_access = {{.Values.global.aafEnabled}} ext_central_access_user_name = aaf_admin@people.osaaf.org ext_central_access_password = demo123456! ext_central_access_url = {{.Values.aafURL}} -ext_central_access_user_domain = @people.osaaf.org \ No newline at end of file +ext_central_access_user_domain = @people.osaaf.org diff --git a/kubernetes/portal/components/portal-app/templates/deployment.yaml b/kubernetes/portal/components/portal-app/templates/deployment.yaml index 0be1fdc91f..d61f876528 100644 --- a/kubernetes/portal/components/portal-app/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-app/templates/deployment.yaml @@ -61,6 +61,10 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }} - name: CIPHER_ENC_KEY {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }} + - name: PORTAL_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }} + - name: PORTAL_DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }} volumeMounts: - mountPath: /config-input name: properties-onapportal-scrubbed diff --git a/kubernetes/portal/components/portal-app/values.yaml b/kubernetes/portal/components/portal-app/values.yaml index 55a7ccca38..bd1ed585ad 100644 --- a/kubernetes/portal/components/portal-app/values.yaml +++ b/kubernetes/portal/components/portal-app/values.yaml @@ -43,6 +43,12 @@ secrets: externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}' password: '{{ .Values.config.cipherEncKey }}' passwordPolicy: required + - uid: portal-backend-db + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}' + login: '{{ .Values.mariadb.config.backendUserName }}' + password: '{{ .Values.mariadb.config.backendPassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -120,6 +126,10 @@ service: mariadb: service: name: portal-db + config: + # backendDbExternalSecret: some secret + backendUserName: portal + backendPassword: portal widget: service: name: portal-widget -- cgit 1.2.3-korg