From 38d8f5f82c952db34e139488dd7619f620ecc742 Mon Sep 17 00:00:00 2001
From: Dan Timoney <dtimoney@att.com>
Date: Mon, 22 Feb 2021 11:20:18 -0500
Subject: Remove embedded passwords

Updated properties files to use env variables instead of
embedded default passwords.

Change-Id: I7b5a796bbb5d386dda8cba47cbb977ec47838a11
Issue-ID: SDNC-1482
Signed-off-by: Dan Timoney <dtimoney@att.com>

Former-commit-id: d0a86a8593f3832f11198e91c2343db6fad5a1a9
---
 .../src/main/properties/aaiclient.properties       |  6 +--
 .../src/main/properties/ansible-adapter.properties |  4 +-
 .../src/main/properties/data-migrator.properties   | 12 ++---
 installation/src/main/properties/dblib.properties  |  8 +--
 .../properties/generic-resource-api-dg.properties  | 24 ++++-----
 installation/src/main/properties/lcm-dg.properties |  4 +-
 .../src/main/properties/mdsal-resource.properties  |  4 +-
 .../main/properties/optical-service-dg.properties  |  8 +--
 .../src/main/properties/sql-resource.properties    |  2 +-
 .../src/main/properties/svclogic.properties        |  8 +--
 .../main/properties/svclogic.properties.sdnctldb01 |  8 +--
 installation/src/main/yaml/docker-compose.yml      | 61 ++++++++++++++++++----
 12 files changed, 95 insertions(+), 54 deletions(-)

(limited to 'installation/src')

diff --git a/installation/src/main/properties/aaiclient.properties b/installation/src/main/properties/aaiclient.properties
index 65683836..395510d7 100755
--- a/installation/src/main/properties/aaiclient.properties
+++ b/installation/src/main/properties/aaiclient.properties
@@ -27,11 +27,11 @@
 # Certificate keystore and truststore
 #
 org.onap.ccsdk.sli.adaptors.aai.ssl.trust=/opt/onap/sdnc/data/stores/truststoreONAPall.jks
-org.onap.ccsdk.sli.adaptors.aai.ssl.trust.psswd=changeit
+org.onap.ccsdk.sli.adaptors.aai.ssl.trust.psswd=${AAI_TRUSTSTORE_PASSWORD}
 org.onap.ccsdk.sli.adaptors.aai.host.certificate.ignore=true
 
-org.onap.ccsdk.sli.adaptors.aai.client.name=sdnc@sdnc.onap.org
-org.onap.ccsdk.sli.adaptors.aai.client.psswd=demo123456!
+org.onap.ccsdk.sli.adaptors.aai.client.name=${AAI_CLIENT_NAME}
+org.onap.ccsdk.sli.adaptors.aai.client.psswd=${AAI_CLIENT_PASSWORD}
 
 org.onap.ccsdk.sli.adaptors.aai.application=openECOMP
 #
diff --git a/installation/src/main/properties/ansible-adapter.properties b/installation/src/main/properties/ansible-adapter.properties
index 761758bb..3cc0f28b 100644
--- a/installation/src/main/properties/ansible-adapter.properties
+++ b/installation/src/main/properties/ansible-adapter.properties
@@ -30,7 +30,7 @@
 # Define the name and path of any user-provided configuration (bootstrap) file that can be loaded
 # to supply configuration options
 org.onap.appc.bootstrap.file=appc.properties
-org.onap.appc.bootstrap.path=${user.home},/opt/opendaylight/current/properties
+org.onap.appc.bootstrap.path=${HOME},/opt/opendaylight/current/properties
 
 appc.application.name=APPC
 
@@ -44,5 +44,5 @@ org.onap.appc.provider.adaptor.name=org.onap.appc.appc_ansible_adapter
 
 # Default truststore path and password
 org.onap.appc.adapter.ansible.trustStore=/opt/opendaylight/tls-client/mykeystore.js
-org.onap.appc.adapter.ansible.trustStore.trustPasswd=changeit
+org.onap.appc.adapter.ansible.trustStore.trustPasswd=${ANSIBLE_TRUSTSTORE_PASSWORD}
 org.onap.appc.adapter.ansible.clientType=TRUST_ALL
diff --git a/installation/src/main/properties/data-migrator.properties b/installation/src/main/properties/data-migrator.properties
index 9bec60dd..74d389e5 100644
--- a/installation/src/main/properties/data-migrator.properties
+++ b/installation/src/main/properties/data-migrator.properties
@@ -17,10 +17,10 @@
 # limitations under the License.
 # ============LICENSE_END=========================================================
 ###
-org.onap.sdnc.datamigrator.source.host=http://10.53.234.213:30202
-org.onap.sdnc.datamigrator.source.user=admin
-org.onap.sdnc.datamigrator.source.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-org.onap.sdnc.datamigrator.target.host=http://10.53.234.215:30202
-org.onap.sdnc.datamigrator.target.user=admin
-org.onap.sdnc.datamigrator.target.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+org.onap.sdnc.datamigrator.source.host=https://sdnc.onap:30267
+org.onap.sdnc.datamigrator.source.user=${ODL_USER}
+org.onap.sdnc.datamigrator.source.password=${ODL_PASSWORD}
+org.onap.sdnc.datamigrator.target.host=https://sdnc.onap:30267
+org.onap.sdnc.datamigrator.target.user=${ODL_USER}
+org.onap.sdnc.datamigrator.target.password=${ODL_PASSWORD}
 org.onap.sdnc.datamigrator.data.path=/tmp
\ No newline at end of file
diff --git a/installation/src/main/properties/dblib.properties b/installation/src/main/properties/dblib.properties
index 9506ac8d..f54e099e 100644
--- a/installation/src/main/properties/dblib.properties
+++ b/installation/src/main/properties/dblib.properties
@@ -23,11 +23,11 @@
 org.onap.ccsdk.sli.dbtype=jdbc
 
 org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://dbhost:3306/sdnctl
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://dbhost:3306/${MYSQL_DATABASE}
 org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password=gamma
+org.onap.ccsdk.sli.jdbc.database=${MYSQL_DATABASE}
+org.onap.ccsdk.sli.jdbc.user=${MYSQL_USER}
+org.onap.ccsdk.sli.jdbc.password=${MYSQL_PASSWORD}
 org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
 org.onap.ccsdk.sli.jdbc.connection.timeout=50
 org.onap.ccsdk.sli.jdbc.request.timeout=100
diff --git a/installation/src/main/properties/generic-resource-api-dg.properties b/installation/src/main/properties/generic-resource-api-dg.properties
index d4127133..d633f926 100644
--- a/installation/src/main/properties/generic-resource-api-dg.properties
+++ b/installation/src/main/properties/generic-resource-api-dg.properties
@@ -1,23 +1,23 @@
 restapi.templateDir=/opt/onap/sdnc/restapi/templates
 controller.url=http://localhost:8181
-controller.user=admin
-controller.pwd=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+controller.user=${ODL_USER}
+controller.pwd=${ODL_HOST}
 honeycomb.url=http://{honeycomb-instance-ip}:8183
-honeycomb.user=admin
-honeycomb.pwd=admin
+honeycomb.user=${HONEYCOMB_USER}
+honeycomb.pwd=${HONEYCOMB_PASSWORD}
 restapi.trustStoreFileName=/opt/onap/sdnc/data/stores/truststore.openecomp.client.jks
-restapi.trustStorePassword=adminadmin
+restapi.trustStorePassword=${TRUSTSTORE_PASSWORD}
 restapi.keyStoreFileName=/opt/onap/sdnc/data/stores/sdnc.p12
-restapi.keyStorePassword=adminadmin
+restapi.keyStorePassword=${KEYSTORE_PASSWORD}
 restapi.connection-oof-url=http://oof-osdf:8698/api/oof/v1/route
 naming.gen-name.url=http://neng-serv:8080
-naming.gen-name.user=ccsdkapps
-naming.gen-name.pwd=ccsdkapps
-so.user=sdncaBpmn
-so.pwd=password1$
+naming.gen-name.user=${NENG_NAME}
+naming.gen-name.pwd=${NENG_PASSWORD}
+so.user=${SO_USER}
+so.pwd=${SO_PASSWORD}
 cds.url=http://cds-blueprints-processor-http:8080
-cds.user=ccsdkapps
-cds.pwd=ccsdkapps
+cds.user=${CDS_USER}
+cds.pwd=${CDS_PASSWORD}
 
 # Templates
 restapi.sz.templatefile=security-zone-allotted-resource.json
diff --git a/installation/src/main/properties/lcm-dg.properties b/installation/src/main/properties/lcm-dg.properties
index a4cfc4aa..5a3a9e12 100644
--- a/installation/src/main/properties/lcm-dg.properties
+++ b/installation/src/main/properties/lcm-dg.properties
@@ -1,7 +1,7 @@
 #ANSIBLE
 ansible.agenturl=http://ansiblehost:8000/Dispatch
-ansible.user=sdnc
-ansible.password=sdnc
+ansible.user=${ANSIBLE_USER}
+ansible.password=${ANSIBLE_PASSWORD}
 ansible.lcm.localparameters=
 ansible.nodelist=
 ansible.timeout=60
diff --git a/installation/src/main/properties/mdsal-resource.properties b/installation/src/main/properties/mdsal-resource.properties
index 47c8ebf7..f4dfab1a 100644
--- a/installation/src/main/properties/mdsal-resource.properties
+++ b/installation/src/main/properties/mdsal-resource.properties
@@ -19,8 +19,8 @@
 # ============LICENSE_END=========================================================
 ###
 
-org.onap.ccsdk.sli.adaptors.resource.mdsal.sdnc-user=admin
-org.onap.ccsdk.sli.adaptors.resource.mdsal.sdnc-passwd=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+org.onap.ccsdk.sli.adaptors.resource.mdsal.sdnc-user=${ODL_USER}
+org.onap.ccsdk.sli.adaptors.resource.mdsal.sdnc-passwd=${ODL_PASSWORD}
 org.onap.ccsdk.sli.adaptors.resource.mdsal.sdnc-host=localhost
 org.onap.ccsdk.sli.adaptors.resource.mdsal.sdnc-protocol=http
 org.onap.ccsdk.sli.adaptors.resource.mdsal.sdnc-port=8181
diff --git a/installation/src/main/properties/optical-service-dg.properties b/installation/src/main/properties/optical-service-dg.properties
index 37779f56..9d9778a3 100644
--- a/installation/src/main/properties/optical-service-dg.properties
+++ b/installation/src/main/properties/optical-service-dg.properties
@@ -1,7 +1,7 @@
 restapi.templateDir=/opt/onap/sdnc/restapi/templates
 controller.url=http://sdnc.onap:8282
-controller.user=admin
-controller.pwd=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+controller.user=${ODL_USER}
+controller.pwd=${ODL_PASSWORD}
 odlUrlBase=http://sdnc-oam.onap:8282/restconf/operations
 sdncEndpoint=SLI-API:execute-graph
 
@@ -15,8 +15,8 @@ restapi.template.so.response.filename=async-response-so.json
 #URLS
 
 sdnc.async.url=/asyncNotification
-so.username=sdncaBpmn
-so.password=password1$
+so.username=${SO_USER}
+so.password=${SO_PASSWORD}
 tapi.cep.details.url=/cxf/tapi/v2/connectivities/service-interface-points?topology-id-or-name=otn&sip-id-or-name=
 tapi.delete.service.url=/cxf/tapi/v2/connectivities/tapi-services?topology-id-or-name=otn&service-id-or-name=
 tapi.get.services.url=/cxf/tapi/v2/connectivities/tapi-services?topology-id-or-name=otn&service-id-or-name=
diff --git a/installation/src/main/properties/sql-resource.properties b/installation/src/main/properties/sql-resource.properties
index ac32f773..0e3714eb 100644
--- a/installation/src/main/properties/sql-resource.properties
+++ b/installation/src/main/properties/sql-resource.properties
@@ -19,5 +19,5 @@
 # ============LICENSE_END=========================================================
 ###
 
-org.openecomp.sdnc.resource.sql.cryptkey=QtfJMKggVk
+org.onap.sdnc.resource.sql.cryptkey=${SQL_CRYPTKEY:-duMmyCrYptkEy}
 
diff --git a/installation/src/main/properties/svclogic.properties b/installation/src/main/properties/svclogic.properties
index 54d667cf..41ad460e 100644
--- a/installation/src/main/properties/svclogic.properties
+++ b/installation/src/main/properties/svclogic.properties
@@ -21,9 +21,9 @@
 
 org.onap.ccsdk.sli.dbtype = dblib
 #Note : the next 4 fields are only used if org.onap.ccsdk.sli.dbtype = jdbc
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://dbhost:3306/sdnctl
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password=gamma
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://dbhost:3306/${MYSQL_DATABASE}
+org.onap.ccsdk.sli.jdbc.database=${MYSQL_DATABASE}
+org.onap.ccsdk.sli.jdbc.user=${MYSQL_USER}
+org.onap.ccsdk.sli.jdbc.password=${MYSQL_PASSWORD}
 
 org.xml.sax.driver=org.apache.xerces.parsers.SAXParser
diff --git a/installation/src/main/properties/svclogic.properties.sdnctldb01 b/installation/src/main/properties/svclogic.properties.sdnctldb01
index 54d667cf..41ad460e 100755
--- a/installation/src/main/properties/svclogic.properties.sdnctldb01
+++ b/installation/src/main/properties/svclogic.properties.sdnctldb01
@@ -21,9 +21,9 @@
 
 org.onap.ccsdk.sli.dbtype = dblib
 #Note : the next 4 fields are only used if org.onap.ccsdk.sli.dbtype = jdbc
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://dbhost:3306/sdnctl
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password=gamma
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://dbhost:3306/${MYSQL_DATABASE}
+org.onap.ccsdk.sli.jdbc.database=${MYSQL_DATABASE}
+org.onap.ccsdk.sli.jdbc.user=${MYSQL_USER}
+org.onap.ccsdk.sli.jdbc.password=${MYSQL_PASSWORD}
 
 org.xml.sax.driver=org.apache.xerces.parsers.SAXParser
diff --git a/installation/src/main/yaml/docker-compose.yml b/installation/src/main/yaml/docker-compose.yml
index 7adc6202..01c972c4 100644
--- a/installation/src/main/yaml/docker-compose.yml
+++ b/installation/src/main/yaml/docker-compose.yml
@@ -8,17 +8,21 @@ networks:
 
 
 services:
+
   db:
-    image: mysql/mysql-server:5.6
+    image: mariadb:10.5
     container_name: sdnc_db_container
     ports:
-      - "3306"
+      - "23306:3306"
     environment:
-      - MYSQL_ROOT_PASSWORD=openECOMP1.0
+      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
       - MYSQL_ROOT_HOST=%
-    logging:
+      - MYSQL_USER=${MYSQL_USER}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      - MYSQL_DATABASE=${MYSQL_DATABASE}
+    logging:       
       driver:   "json-file"
-      options:
+      options:  
         max-size: "30m"
         max-file: "5"
 
@@ -35,7 +39,11 @@ services:
       - db:sdnctldb01
       - db:sdnctldb02
     environment:
-      - MYSQL_ROOT_PASSWORD=openECOMP1.0
+      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
+      - MYSQL_USER=${MYSQL_USER}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      - MYSQL_DATABASE=${MYSQL_DATABASE}
+      - ANSIBLE_TRUSTSTORE_PASSWORD=${ANSIBLE_TRUSTSTORE_PASSWORD}
     logging:
       driver:   "json-file"
       options:
@@ -57,13 +65,28 @@ services:
       - db:sdnctldb02
       - ansible:ansiblehost
     environment:
-      - MYSQL_ROOT_PASSWORD=openECOMP1.0
+      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
       - SDNC_CONFIG_DIR=/opt/onap/sdnc/data/properties
       - SDNC_BIN=/opt/onap/sdnc/bin
       - ODL_CERT_DIR=/tmp
-      - ODL_ADMIN_USERNAME=admin
-      - ODL_ADMIN_PASSWORD=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+      - ODL_ADMIN_USERNAME=${ODL_USER}
+      - ODL_ADMIN_PASSWORD=${ODL_PASSWORD}
+      - ODL_USER=${ODL_USER}
+      - ODL_PASSWORD=${ODL_PASSWORD}
       - SDNC_DB_INIT=true  
+      - HONEYCOMB_USER=${HONEYCOMB_USER}
+      - HONEYCOMB_PASSWORD=${HONEYCOMB_PASSWORD}
+      - TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}
+      - KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}
+      - SO_USER=${SO_USER}
+      - SO_PASSWORD=${SO_PASSWORD}
+      - NENG_USER=${NENG_USER}
+      - NENG_PASSWORD=${NENG_PASSWORD}
+      - CDS_USER=${CDS_USER}
+      - CDS_PASSWORD=${CDS_PASSWORD}
+      - ANSIBLE_USER=${ANSIBLE_USER}
+      - ANSIBLE_PASSWORD=${ANSIBLE_PASSWORD}
+      - SQL_CRYPTKEY=${SQL_CRYPTKEY}
       - A1_TRUSTSTORE_PASSWORD=a1adapter
     # The default truststore for A1 adapter can be overridden by mounting a new
     # truststore (uncomment the lines below), whereas the corresponding password
@@ -97,7 +120,10 @@ services:
       - db:sdnctldb02
       - sdnc:sdnhost
     environment:
-      - MYSQL_ROOT_PASSWORD=openECOMP1.0
+      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
+      - MYSQL_USER=${MYSQL_USER}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      - MYSQL_DATABASE=${MYSQL_DATABASE}
       - SDNC_CONFIG_DIR=/opt/onap/ccsdk/data/properties
     logging:
       driver:   "json-file"
@@ -119,6 +145,13 @@ services:
     environment:
       - SDNC_CONFIG_DIR=/opt/onap/sdnc/data/properties
       - PROPERTY_DIR=/opt/onap/sdnc/data/properties
+      - MYSQL_USER=${MYSQL_USER}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      - MYSQL_DATABASE=${MYSQL_DATABASE}
+      - ODL_USER=${ODL_USER}
+      - ODL_PASSWORD=${ODL_PASSWORD}
+      - ASDC_USER=${ASDC_USER}
+      - ASDC_PASSWORD=${ASDC_PASSWORD}
     logging:
       driver:   "json-file"
       options:
@@ -139,6 +172,14 @@ services:
     environment:
       - SDNC_CONFIG_DIR=/opt/onap/sdnc/data/properties
       - PROPERTY_DIR=/opt/onap/sdnc/data/properties
+      - MYSQL_USER=${MYSQL_USER}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      - MYSQL_DATABASE=${MYSQL_DATABASE}
+      - ODL_USER=${ODL_USER}
+      - ODL_PASSWORD=${ODL_PASSWORD}
+      - DMAAP_USER=${DMAAP_USER}
+      - DMAAP_PASSWORD=${DMAAP_PASSWORD}
+      - DMAAP_AUTHKEY=${DMAAP_AUTHKEY}
     logging:
       driver:   "json-file"
       options:
-- 
cgit 1.2.3-korg