From 7fb3dbed4c2450f600d4fdecabd09da51c03ef12 Mon Sep 17 00:00:00 2001 From: Dan Timoney Date: Thu, 19 Nov 2020 16:42:57 -0500 Subject: Remove hard-coded credentials from application.properties Remove hard-coded credentials from application.properties and use env variables instead. Note: we still have hard-coded credentials in dblib.properties and svclogic.properties that should be changed, but this will require coordinated changes in sli/core to be able to interpret env variables within properties files. Change-Id: I5a31fae6f81233682bee20a5cb531b7f0a21a3a7 Issue-ID: SDNC-1411 Signed-off-by: Dan Timoney --- ms/generic-resource-api/pom.xml | 19 ++++++++++------ .../src/main/dc/docker-compose.yaml | 25 +++++++++++----------- .../src/main/resources/application.properties | 10 ++++----- .../src/main/resources/dblib.properties | 8 +++---- .../resources/generic-resource-api-dg.properties | 18 ++++++++-------- .../src/main/resources/startGra.sh | 4 ++-- .../src/main/resources/svclogic.properties | 8 +++---- 7 files changed, 49 insertions(+), 43 deletions(-) (limited to 'ms/generic-resource-api') diff --git a/ms/generic-resource-api/pom.xml b/ms/generic-resource-api/pom.xml index cc6471d..d73024d 100644 --- a/ms/generic-resource-api/pom.xml +++ b/ms/generic-resource-api/pom.xml @@ -34,6 +34,10 @@ ${project.artifactId}-${project.version}.jar deploy true + gradb + itsASecret + gra + test123 true @@ -500,10 +504,10 @@ gradb - itsASecret - sdnc - abc123 - sdnctl + ${gratest.mysql.root.password} + ${gratest.mysql.user} + ${gratest.mysql.password} + ${gratest.mysql.database} custom @@ -523,9 +527,10 @@ gra-container - sdnc - abc123 - sdnctl + ${gratest.mysql.user} + ${gratest.mysql.password} + ${gratest.mysql.database} + TRACE /opt/onap/sdnc/config diff --git a/ms/generic-resource-api/src/main/dc/docker-compose.yaml b/ms/generic-resource-api/src/main/dc/docker-compose.yaml index 438b4bb..8063d08 100755 --- a/ms/generic-resource-api/src/main/dc/docker-compose.yaml +++ b/ms/generic-resource-api/src/main/dc/docker-compose.yaml @@ -7,11 +7,11 @@ services: ports: - "13306:3306" environment: - - MYSQL_ROOT_PASSWORD=openECOMP1.0 + - MYSQL_ROOT_PASSWORD=itsASecret - MYSQL_ROOT_HOST=% - - MYSQL_USER=sdnc - - MYSQL_PASSWORD=abc123 - - MYSQL_DATABASE=sdnctl + - MYSQL_USER=gra + - MYSQL_PASSWORD=test123 + - MYSQL_DATABASE=gradb logging: driver: "json-file" options: @@ -31,10 +31,11 @@ services: - db:dbhost environment: - MYSQL_DB_HOST=dbhost - - MYSQL_ROOT_PASSWORD=openECOMP1.0 - - MYSQL_DB_USER=sdnc - - MYSQL_DB_PASSWD=abc123 - - MYSQL_DB_DATABASE=sdnctl + - MYSQL_ROOT_PASSWORD=itsASecret + - MYSQL_USER=gra + - MYSQL_PASSWORD=test123 + - MYSQL_DATABASE=gradb + - LOG_LEVEL=TRACE - TRUSTSTORE_PASSWORD=changeit - CACERT_PASSWORD=changeit - SDNC_CERT_DIR=/opt/onap/sdnc/config @@ -68,11 +69,11 @@ services: - db:sdnctldb01 - db:sdnctldb02 environment: - - MYSQL_ROOT_PASSWORD=openECOMP1.0 + - MYSQL_ROOT_PASSWORD=itsASecret - SDNC_CONFIG_DIR=/opt/onap/ccsdk/data/properties - - MYSQL_USER=sdnc - - MYSQL_PASSWORD=abc23 - - MYSQL_DATABASE=sdnctl + - MYSQL_USER=gra + - MYSQL_PASSWORD=test123 + - MYSQL_DATABASE=gradb logging: driver: "json-file" options: diff --git a/ms/generic-resource-api/src/main/resources/application.properties b/ms/generic-resource-api/src/main/resources/application.properties index e097b92..ac6ae39 100644 --- a/ms/generic-resource-api/src/main/resources/application.properties +++ b/ms/generic-resource-api/src/main/resources/application.properties @@ -4,13 +4,13 @@ server.servlet.context-path=/restconf server.port=8080 spring.jackson.date-format=org.onap.sdnc.apps.ms.gra.swagger.RFC3339DateFormat spring.jackson.serialization.WRITE_DATES_AS_TIMESTAMPS=false -logging.level.com.att=TRACE -logging.level.org.onap=TRACE -spring.datasource.url=jdbc:mariadb://${MYSQL_DB_HOST}:3306/sdnctl +logging.level.com.att=${LOG_LEVEL} +logging.level.org.onap=${LOG_LEVEL} +spring.datasource.url=jdbc:mariadb://${MYSQL_DB_HOST}:3306/${MYSQL_DATABASE} spring.datasource.hikari.data-source-properties.useUnicode=true spring.datasource.hikari.data-source-properties.characterEncoding=UTF-8 -spring.datasource.username=sdnc -spring.datasource.password=abc123 +spring.datasource.username=${MYSQL_USER} +spring.datasource.password=${MYSQL_PASSWORD} spring.datasource.driver-class-name=org.mariadb.jdbc.Driver spring.datasource.platform=mysql spring.datasource.testWhileIdle=true diff --git a/ms/generic-resource-api/src/main/resources/dblib.properties b/ms/generic-resource-api/src/main/resources/dblib.properties index 3a1e6e0..d5e5286 100644 --- a/ms/generic-resource-api/src/main/resources/dblib.properties +++ b/ms/generic-resource-api/src/main/resources/dblib.properties @@ -23,11 +23,11 @@ org.onap.ccsdk.sli.dbtype=jdbc org.onap.ccsdk.sli.jdbc.hosts=dbhost -org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://dbhost:3306/sdnctl +org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://dbhost:3306/gradb org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver -org.onap.ccsdk.sli.jdbc.database=sdnctl -org.onap.ccsdk.sli.jdbc.user=sdnc -org.onap.ccsdk.sli.jdbc.password=abc123 +org.onap.ccsdk.sli.jdbc.database=gradb +org.onap.ccsdk.sli.jdbc.user=gra +org.onap.ccsdk.sli.jdbc.password=test123 org.onap.ccsdk.sli.jdbc.connection.name=dbhost org.onap.ccsdk.sli.jdbc.connection.timeout=50 org.onap.ccsdk.sli.jdbc.request.timeout=100 diff --git a/ms/generic-resource-api/src/main/resources/generic-resource-api-dg.properties b/ms/generic-resource-api/src/main/resources/generic-resource-api-dg.properties index 94552ba..49ec9fc 100644 --- a/ms/generic-resource-api/src/main/resources/generic-resource-api-dg.properties +++ b/ms/generic-resource-api/src/main/resources/generic-resource-api-dg.properties @@ -51,27 +51,27 @@ cloud-region.cloud-owner=CloudOwner restapi.cr-allottedresource=/restconf/config/GENERIC-RESOURCE-API:contrail-route-allotted-resources/contrail-route-allotted-resource/{allotted-resource-id}/ restapi.sz-allottedresource=/restconf/config/GENERIC-RESOURCE-API:security-zone-allotted-resources/security-zone-allotted-resource/{allotted-resource-id}/ restapi.brg-allottedresource=/restconf/config/GENERIC-RESOURCE-API:brg-allotted-resources/brg-allotted-resource/{allotted-resource-id}/ -restapi.vpp-honeycomb=/restconf/config/ietf-interfaces:interfaces/interface/{tunnel-name} +restapi.vpp-honeycomb=/restconf/config/ietf-interfaces:interfaces/interface/{tunnel-name}/ restapi.tx-allottedresource=/restconf/config/GENERIC-RESOURCE-API:tunnelxconn-allotted-resources/tunnelxconn-allotted-resource/{allotted-resource-id}/ restapi.vnf-provided-allottedresource=/restconf/config/GENERIC-RESOURCE-API:services/service/{service-instance-id}/service-data/vnfs/vnf/{vnf-id}/vnf-data/vnf-provided-allotted-resources/ restapi.network-provided-allottedresource=/restconf/config/GENERIC-RESOURCE-API:services/service/{service-instance-id}/service-data/vnfs/vnf/{vnf-id}/vnf-data/vnf-provided-allotted-resources/ restapi.pm-configuration=/restconf/config/GENERIC-RESOURCE-API:port-mirror-configurations/port-mirror-configuration/{configuration-id}/ -restapi.network=/restconf/config/GENERIC-RESOURCE-API:services/service/{service-instance-id}/service-data/networks -restapi.vnf=/restconf/config/GENERIC-RESOURCE-API:services/service/{service-instance-id}/service-data/vnfs -restapi.vnf-api.service-information=/restconf/config/VNF-API:vnfs/vnf-list/{vnf-id}/service-data +restapi.network=/restconf/config/GENERIC-RESOURCE-API:services/service/{service-instance-id}/service-data/networks/ +restapi.vnf=/restconf/config/GENERIC-RESOURCE-API:services/service/{service-instance-id}/service-data/vnfs/ +restapi.vnf-api.service-information=/restconf/config/VNF-API:vnfs/vnf-list/{vnf-id}/service-data/ restapi.parent-provided-resource=/restconf/config/GENERIC-RESOURCE-API:services/service/{service-instance-id}/service-data/provided-allotted-resources/provided-allotted-resource/{allotted-resource-id}/ restapi.network-provided-resource=/restconf/config/GENERIC-RESOURCE-API:services/service/{service-instance-id}/service-data/networks/network/{network-id}/network-data/network-provided-allotted-resources/ -restapi.services=/restconf/config/GENERIC-RESOURCE-API:services/service/{service-instance-id} -restapi.service.vnf.vfmodule-resource=/restconf/config/GENERIC-RESOURCE-API:services/service/{service-instance-id}/service-data/vnfs/vnf/{vnf-id}/vnf-data/vf-modules/vf-module/{vf-module-id} +restapi.services=/restconf/config/GENERIC-RESOURCE-API:services/service/{service-instance-id}/ +restapi.service.vnf.vfmodule-resource=/restconf/config/GENERIC-RESOURCE-API:services/service/{service-instance-id}/service-data/vnfs/vnf/{vnf-id}/vnf-data/vf-modules/vf-module/{vf-module-id}/ restapi.connection-attachment-allottedresource=/restconf/config/GENERIC-RESOURCE-API:connection-attachment-allotted-resources/connection-attachment-allotted-resource/{allotted-resource-id}/ restapi.naming.gen-name.service=/web/service/v1/genNetworkElementName restapi.ss-pnf-assignments=/restconf/config/GENERIC-RESOURCE-API:services/service/{service-instance-id}/service-data/pnfs/pnf/{pnf-id}/ restapi.ss-vnf-assignments=/restconf/config/GENERIC-RESOURCE-API:services/service/{service-instance-id}/service-data/vnfs/vnf/{vnf-id}/ restapi.ss-vfmodule-assignments=/restconf/config/GENERIC-RESOURCE-API:services/service/{service-instance-id}/service-data/vnfs/vnf/{vnf-id}/vnf-data/vf-modules/vf-module/{vf-module-id}/ restapi.ss-mS-vlan-tag-assign=/vlantagapi/v1/{action} -restapi.ss-mS-mac-address-assign=/api/macaddress/v1/service/assign -restapi.ss-mS-mac-address-unassign=/api/macaddress/v1/service/unassign +restapi.ss-mS-mac-address-assign=/api/macaddress/v1/service/assign/ +restapi.ss-mS-mac-address-unassign=/api/macaddress/v1/service/unassign/ restapi.preload-network=/restconf/config/GENERIC-RESOURCE-API:preload-information/preload-list/{network-name}/network/preload-data/preload-network-topology-information/ restapi.preloadinformation=/restconf/config/GENERIC-RESOURCE-API:preload-information/preload-list/ restapi.vf-module=/restconf/config/GENERIC-RESOURCE-API:services/service/{service-instance-id}/service-data/vnfs/vnf/{vnf-id}/vnf-data/vf-modules/vf-module/{vf-module-id}/ -restapi.vnf-assign=/restconf/config/GENERIC-RESOURCE-API:services/service/{service-instance-id}/service-data/vnfs/vnf/{vnf-id} +restapi.vnf-assign=/restconf/config/GENERIC-RESOURCE-API:services/service/{service-instance-id}/service-data/vnfs/vnf/{vnf-id}/ diff --git a/ms/generic-resource-api/src/main/resources/startGra.sh b/ms/generic-resource-api/src/main/resources/startGra.sh index b29eb7f..cdf1566 100644 --- a/ms/generic-resource-api/src/main/resources/startGra.sh +++ b/ms/generic-resource-api/src/main/resources/startGra.sh @@ -56,13 +56,13 @@ echo -e "\nDatabase ready" # Initialize schema if [ -f ${SDNC_CONFIG_DIR}/schema-mysql.sql ] then - mysql -h ${MYSQL_DB_HOST} -u ${MYSQL_DB_USER} -p${MYSQL_DB_PASSWD} ${MYSQL_DB_DATABASE} < ${SDNC_CONFIG_DIR}/schema-mysql.sql + mysql -h ${MYSQL_DB_HOST} -u ${MYSQL_USER} -p${MYSQL_PASSWD} ${MYSQL_DATABASE} < ${SDNC_CONFIG_DIR}/schema-mysql.sql fi # Load data if [ -f ${SDNC_CONFIG_DIR}/data-mysql.sql ] then - mysql -h ${MYSQL_DB_HOST} -u ${MYSQL_DB_USER} -p${MYSQL_DB_PASSWD} ${MYSQL_DB_DATABASE} < ${SDNC_CONFIG_DIR}/data-mysql.sql + mysql -h ${MYSQL_HOST} -u ${MYSQL_USER} -p${MYSQL_PASSWORD} ${MYSQL_DATABASE} < ${SDNC_CONFIG_DIR}/data-mysql.sql fi if [ ! -f ${SDNC_CERT_DIR}/${TRUSTSTORE} ]; then diff --git a/ms/generic-resource-api/src/main/resources/svclogic.properties b/ms/generic-resource-api/src/main/resources/svclogic.properties index 63271e5..55e5b1f 100644 --- a/ms/generic-resource-api/src/main/resources/svclogic.properties +++ b/ms/generic-resource-api/src/main/resources/svclogic.properties @@ -20,10 +20,10 @@ ### org.onap.ccsdk.sli.dbtype = jdbc -org.onap.ccsdk.sli.jdbc.url=jdbc:mariadb://dbhost:3306/sdnctl +org.onap.ccsdk.sli.jdbc.url=jdbc:mariadb://dbhost:3306/gradb org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver -org.onap.ccsdk.sli.jdbc.database = sdnctl -org.onap.ccsdk.sli.jdbc.user = sdnc -org.onap.ccsdk.sli.jdbc.password = abc123 +org.onap.ccsdk.sli.jdbc.database = gradb +org.onap.ccsdk.sli.jdbc.user = gra +org.onap.ccsdk.sli.jdbc.password = test123 sliapi.serviceLogicDirectory=/opt/onap/sdnc/svclogic/graphs -- cgit 1.2.3-korg