From 2ffb1ba25a2a797fe781009adcc4766fbf44fe38 Mon Sep 17 00:00:00 2001
From: Sandeep Shah <sandeeplinux1068@gmail.com>
Date: Tue, 1 Sep 2020 21:13:16 -0500
Subject: [Portal] Remove hardcoded cassandra password

Make cassandra password generate automatically and distribute it to
components that use DB.

Remove also hardcoded encryption key.

Issue-ID: PORTAL-944
Signed-off-by: SandeepLinux <Sandeep.Shah@att.com>
Change-Id: I6e579a76efacc7a0921fea7c74a7a9e49347ebd8
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
---
 .../portal-sdk/templates/deployment.yaml           | 23 ++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'kubernetes/portal/components/portal-sdk/templates/deployment.yaml')

diff --git a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml
index 104c2df34a..f79098fade 100644
--- a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml
@@ -49,6 +49,23 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+      - name: {{ include "common.name" . }}-portalsdk-config
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command: ["/bin/sh"]
+        args: [ "-c", "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"]
+        env:
+          - name: CASSA_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }}
+          - name: CASSA_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }}
+          - name: CIPHER_ENC_KEY
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }}
+        volumeMounts:
+        - mountPath: /config-input
+          name: properties-onapportalsdk-scrubbed
+        - mountPath: /config
+          name: properties-onapportalsdk
 {{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
       - name: {{ include "common.name" . }}
@@ -99,6 +116,9 @@ spec:
         - name: properties-onapportalsdk
           mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/portal.properties"
           subPath: portal.properties
+        - name: properties-onapportalsdk
+          mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties"
+          subPath: key.properties
         - name: properties-onapportalsdk
           mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/music.properties"
           subPath: music.properties
@@ -135,6 +155,9 @@ spec:
           hostPath:
             path: /etc/localtime
         - name: properties-onapportalsdk
+          emptyDir:
+            medium: Memory
+        - name: properties-onapportalsdk-scrubbed
           configMap:
             name: {{ include "common.fullname" . }}-onapportalsdk
             defaultMode: 0755
-- 
cgit 1.2.3-korg