From d6b989d947334a7da8acc36ae064d753db360f2c Mon Sep 17 00:00:00 2001 From: Sandeep Shah Date: Fri, 25 Sep 2020 15:53:18 -0500 Subject: [PORTAL] Non-root user for back-end database Creation of a non-root user for portal backend mariaDB database. Update portal apps, such as front-end app and sdk app, to use the non-root user to access back-end mariaDB database Issue-ID: OOM-2576 Signed-off-by: SandeepLinux Change-Id: Ie13c7d190c08a4075058b97b352f4b71bbb0aa47 Signed-off-by: Sylvain Desbureaux --- .../deliveries/properties/ONAPPORTALSDK/system.properties | 6 +++--- .../portal/components/portal-sdk/templates/deployment.yaml | 4 ++++ kubernetes/portal/components/portal-sdk/values.yaml | 10 ++++++++++ 3 files changed, 17 insertions(+), 3 deletions(-) (limited to 'kubernetes/portal/components/portal-sdk') diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties index 2a2ec59d5c..1faed41b85 100755 --- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties +++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties @@ -40,8 +40,8 @@ decryption_key = AGLDdG4D04BKm2IxIWEr8o== db.driver = org.mariadb.jdbc.Driver db.connectionURL = jdbc:mariadb://portal-db:3306/ecomp_sdk -db.userName = root -db.password = Aa123456 +db.userName =${PORTAL_DB_USER} +db.password =${PORTAL_DB_PASSWORD} db.min_pool_size = 5 db.max_pool_size = 10 hb.dialect = org.hibernate.dialect.MySQLDialect @@ -90,4 +90,4 @@ remote_centralized_system_access = {{.Values.global.aafEnabled}} ext_central_access_user_name = aaf_admin@people.osaaf.org ext_central_access_password = demo123456! ext_central_access_url = {{.Values.aafURL}} -ext_central_access_user_domain = @people.osaaf.org \ No newline at end of file +ext_central_access_user_domain = @people.osaaf.org diff --git a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml index f79098fade..fabefde9d3 100644 --- a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml @@ -61,6 +61,10 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }} - name: CIPHER_ENC_KEY {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }} + - name: PORTAL_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }} + - name: PORTAL_DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }} volumeMounts: - mountPath: /config-input name: properties-onapportalsdk-scrubbed diff --git a/kubernetes/portal/components/portal-sdk/values.yaml b/kubernetes/portal/components/portal-sdk/values.yaml index c0f1b58c9a..4056b2aa7a 100644 --- a/kubernetes/portal/components/portal-sdk/values.yaml +++ b/kubernetes/portal/components/portal-sdk/values.yaml @@ -39,6 +39,12 @@ secrets: login: '{{ .Values.cassandra.config.cassandraUsername }}' password: '{{ .Values.cassandra.config.cassandraPassword }}' passwordPolicy: required + - uid: portal-backend-db + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}' + login: '{{ .Values.mariadb.config.backendUserName }}' + password: '{{ .Values.mariadb.config.backendPassword }}' + passwordPolicy: required - uid: cipher-enc-key type: password externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}' @@ -115,6 +121,10 @@ service: mariadb: service: name: portal-db + config: + # backendDbExternalSecret: some secret + backendUserName: portal + backendPassword: portal widget: service: name: portal-widget -- cgit 1.2.3-korg