Merge "[COMMON][MARIADB] Bump version to 10.6.5"
diff --git a/.ci/check-bashisms.sh b/.ci/check-bashisms.sh
new file mode 100755
index 0000000..0dae225
--- /dev/null
+++ b/.ci/check-bashisms.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# Copyright © 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+if ! which checkbashisms >/dev/null && ! sudo yum install devscripts-minimal && ! sudo apt-get install devscripts
+then
+    printf "checkbashisms command not found - please install it \n\
+            (e.g. sudo apt-get install devscripts | yum install devscripts-minimal )\n" >&2
+    exit 2
+fi
+find . -not -path '*/.*' -name '*.sh' -exec checkbashisms {} + || exit 3
+find . -not -path '*/.*' -name '*.failover' -exec checkbashisms -f \{\} + || exit 4
+! find . -not -path '*/.*' -name '*.sh' -exec grep 'local .*=' {} + || exit 5
+! find . -not -path '*/.*' -name '*.failover' -exec grep 'local .*=' {} + || exit 6
+exit 0
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 6bfce7a..980093a 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -6,7 +6,7 @@
       - id: trailing-whitespace
         #exclude: '^ordmodels/'
   - repo: https://github.com/jorisroovers/gitlint
-    rev: v0.15.1
+    rev: v0.17.0
     hooks:
       - id: gitlint
         stages: [commit-msg]
diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml
index 1160205..e156db2 100644
--- a/kubernetes/common/mongo/templates/statefulset.yaml
+++ b/kubernetes/common/mongo/templates/statefulset.yaml
@@ -39,6 +39,23 @@
 {{ include "common.podSecurityContext" . | indent 6 }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
+      initContainers:
+        # we shouldn't need this but for unknown reason, it's fsGroup is not
+        # applied
+        - name: fix-permission
+          command:
+            - /bin/sh
+          args:
+            - -c
+            - |
+              chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /data
+          image: {{ include "repositoryGenerator.image.busybox" . }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          securityContext:
+            runAsUser: 0
+          volumeMounts:
+            - name: {{ include "common.fullname" . }}-data
+              mountPath: /data
       containers:
         - name: {{ include "common.name" . }}
           image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
@@ -72,7 +89,7 @@
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-data
-            mountPath: /var/lib/mongo
+            mountPath: /data/db
           resources: {{ include "common.resources" . | nindent 12 }}
 {{ include "common.containerSecurityContext" . | indent 10 }}
         {{- if .Values.nodeSelector }}
diff --git a/kubernetes/common/mongo/values.yaml b/kubernetes/common/mongo/values.yaml
index ee1d8c7..caab718 100644
--- a/kubernetes/common/mongo/values.yaml
+++ b/kubernetes/common/mongo/values.yaml
@@ -24,7 +24,7 @@
 # Application configuration defaults.
 #################################################################
 
-image: library/mongo:4.0.8
+image: library/mongo:4.4.10
 pullPolicy: Always
 
 # application configuration
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
index aac0f4b..5ba7d29 100644
--- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
@@ -229,10 +229,12 @@
 {{- $policy := default dict .Values.policies -}}
 {{- $policyRls := default $commonRelease $policy.policyRelease -}}
 {{- $drFeedConfig := default "" .Values.drFeedConfig -}}
-
+{{- $dcaeName := print (include "common.fullname" .) }}
+{{- $dcaeLabel := (dict "dcaeMicroserviceName" $dcaeName) -}}
+{{- $dot := . -}}
 apiVersion: apps/v1
 kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+metadata: {{- include "common.resourceMetadata" (dict "dot" $dot "labels" $dcaeLabel) | nindent 2 }}
 spec:
   replicas: 1
   selector: {{- include "common.selectors" . | nindent 4 }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml
index 2b3ab32..4a51c7f 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml
@@ -59,6 +59,8 @@
               value: {{ include "common.namespace" . }}
             - name: HELM_RELEASE
               value: {{ include "common.release" . }}
+            - name: DEPLOY_LABEL
+              value: {{ .Values.deployLabel }}
       volumes:
         - name: {{ include "common.fullname" . }}-expected-components
           configMap:
diff --git a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml
index 58ae706..3b47e7f 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml
@@ -31,6 +31,11 @@
     - port: 8080
       name: http
 
+# Label on DCAE microservice deployments
+# (Used by healthcheck code to find deployments
+# created after initial DCAE installation)
+deployLabel: dcaeMicroserviceName
+
 # probe configuration parameters
 liveness:
   initialDelaySeconds: 10
@@ -43,7 +48,7 @@
   initialDelaySeconds: 10
   periodSeconds: 10
 # application image
-image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.3.0
+image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.4.0
 
 # Resource Limit flavor -By Default using small
 flavor: small
diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
index 1e60d24..54dcda8 100644
--- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
@@ -38,6 +38,11 @@
     login: '{{ .Values.aafCreds.identity }}'
     password: '{{ .Values.aafCreds.password }}'
     passwordPolicy: required
+  - uid: &cpsCredsUID cpscreds
+    type: basicAuth
+    login: '{{ .Values.cpsCreds.identity }}'
+    password: '{{ .Values.cpsCreds.password }}'
+    passwordPolicy: required
   - uid: &pgUserCredsSecretUid pg-user-creds
     name: &pgUserCredsSecretName '{{ include "common.release" . }}-sonhms-pg-user-creds'
     type: basicAuth
@@ -70,7 +75,7 @@
 # TLS role -- set to true if microservice acts as server
 # If true, an init container will retrieve a server cert
 # and key from AAF and mount them in certDirectory.
-tlsServer: true
+tlsServer: false
 
 # Policy configuraiton properties
 # if present, policy-sync side car will be deployed
@@ -92,7 +97,7 @@
   periodSeconds: 15
   timeoutSeconds: 1
   path: /healthcheck
-  scheme: HTTPS
+  scheme: HTTP
   port: 8080
 
 # Service Configuration
@@ -108,6 +113,9 @@
 aafCreds:
   identity: dcae@dcae.onap.org
   password: demo123456!
+cpsCreds:
+  identity: cps
+  password: cpsr0cks!
 
 credentials:
 - name: AAF_IDENTITY
@@ -116,6 +124,12 @@
 - name: AAF_PASSWORD
   uid: *aafCredsUID
   key: password
+- name: CPS_IDENTITY
+  uid: *cpsCredsUID
+  key: login
+- name: CPS_PASSWORD
+  uid: *cpsCredsUID
+  key: password
 - name: PG_USERNAME
   uid:  *pgUserCredsSecretUid
   key: login
@@ -130,6 +144,8 @@
   postgres.port: 5432
   postgres.username: ${PG_USERNAME}
   postgres.password: ${PG_PASSWORD}
+  cps.username: ${CPS_IDENTITY}
+  cps.password: ${CPS_PASSWORD}
   sonhandler.pollingInterval: 20
   sonhandler.pollingTimeout: 60
   cbsPollingInterval: 60
@@ -145,6 +161,12 @@
   sonhandler.bufferTime: 60
   sonhandler.cg: sonhms-cg
   sonhandler.cid: sonhms-cid
+  sonhandler.clientType: cps
+  cps.service.url: http://cps-tbdmt:8080
+  cps.get.celldata: execute/cps-ran-schemaset/get-cell-data
+  cps.get.nbr.list.url: execute/cps-ran-schemaset/get-nbr-list
+  cps.get.pci.url: execute/ran-network-schemaset/get-pci
+  cps.get.pnf.url: execute/ran-network-schemaset/get-pnf
   sonhandler.configDb.service: http://configdb:8080
   sonhandler.oof.service: https://oof-osdf:8698
   sonhandler.oof.endpoint: /api/oof/v1/pci
diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml
index 8134e0d..67312d7 100644
--- a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml
@@ -42,7 +42,7 @@
   initialDelaySeconds: 10
   periodSeconds: 10
 # application image
-image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.3.0
+image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.4.0
 
 # Resource Limit flavor -By Default using small
 flavor: small
diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml
index bbc72a5..73661ac 100644
--- a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml
@@ -42,7 +42,7 @@
   initialDelaySeconds: 10
   periodSeconds: 10
 # application image
-image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.2.0
+image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.4.0
 
 # Resource Limit flavor -By Default using small
 flavor: small
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql
index 8199845..e5eecb1 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql
@@ -22,12 +22,10 @@
 
 \encoding UTF8;
 
-/******************DELETE OLD TABLE AND CREATE NEW***************************/
+/******************CREATE NEW TABLE***************************/
 \c ${DB_NAME};
 
-DROP TABLE IF EXISTS ALARM_INFO;
-
-CREATE TABLE ALARM_INFO (
+CREATE TABLE IF NOT EXISTS ALARM_INFO (
   EVENTID VARCHAR(150) NOT NULL,
   EVENTNAME VARCHAR(150) NOT NULL,
   ALARMISCLEARED SMALLINT NOT NULL,
@@ -36,7 +34,8 @@
   LASTEPOCHMICROSEC BIGINT NOT NULL,
   SOURCEID VARCHAR(150)  NOT NULL,
   SOURCENAME VARCHAR(150)  NOT NULL,
-  PRIMARY KEY (EVENTID)
+  SEQUENCE SMALLINT NOT NULL,
+  PRIMARY KEY (EVENTID, SEQUENCE, SOURCENAME)
 );
 
 CREATE TABLE IF NOT EXISTS ENGINE_ENTITY (
diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
index fe496bc..ddaf099 100644
--- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
+++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
@@ -50,13 +50,6 @@
     unset "$fileVar"
 }
 
-# check to see if this file is being run or sourced from another script
-_is_sourced() {
-    # https://unix.stackexchange.com/a/215279
-    [ "${#FUNCNAME[@]}" -ge 2 ] \
-        && [ "${FUNCNAME[0]}" = '_is_sourced' ] \
-        && [ "${FUNCNAME[1]}" = 'source' ]
-}
 
 # usage: docker_process_init_files [file [file [...]]]
 #    ie: docker_process_init_files /always-initdb.d/*
@@ -378,6 +371,7 @@
 }
 
 # If we are sourced from elsewhere, don't perform any further actions
-if ! _is_sourced; then
+# https://stackoverflow.com/questions/2683279/how-to-detect-if-a-script-is-being-sourced/2942183#2942183
+if [ "$(basename $0)" = "docker-entrypoint.sh" ]; then
     _main "$@"
 fi
diff --git a/tox.ini b/tox.ini
index dee4f3a..6388e88 100644
--- a/tox.ini
+++ b/tox.ini
@@ -57,17 +57,17 @@
 
 [testenv:checkbashisms]
 deps =
-whitelist_externals = sh
-                      find
-                      checkbashisms
+whitelist_externals =
+    {toxinidir}/.ci/check-bashisms.sh
 commands =
-    sh -c 'which checkbashisms>/dev/null  || sudo yum install devscripts-minimal || sudo apt-get install devscripts \
-        || (echo "checkbashisms command not found - please install it (e.g. sudo apt-get install devscripts | \
-        yum install devscripts-minimal )" >&2 && exit 1)'
-    find . -not -path '*/\.*' -name *.sh -exec checkbashisms \{\} +
-    find . -not -path '*/\.*' -name *.failover -exec checkbashisms -f \{\} +
-    sh -c "! find . -not -path '*/\.*' -name *.sh -exec grep 'local .*=' \{\} + || exit 2"
-    sh -c "! find . -not -path '*/\.*' -name *.failover -exec grep 'local .*=' \{\} + || exit 2"
+    {toxinidir}/.ci/check-bashisms.sh
+
+[testenv:shellcheck]
+basepython = python3
+deps = shellcheck-py
+whitelist_externals = find
+commands =
+    find . -not -path '*/\.*' -name *.sh -exec shellcheck \{\} +
 
 [testenv:autopep8]
 deps =
@@ -112,3 +112,9 @@
     # As a result, the line above is always skipped in jenkins CI since there cannot be a .git/COMMIT_EDITMSG file.
     # A dedicated gitlint profile for CI is proposed above. Also to behave fine locally, this profile must have access
     # to the HOME variable so that Gitlint can retrieve Git user settings.
+
+[testenv:pre-commit-autoupdate]
+basepython = python3
+deps = pre-commit
+commands =
+    pre-commit autoupdate