[AAI] Service Mesh compatibility
This patch makes AAI to work on service mesh by removing https calls
from everywhere.
It allows also to use AAI on an environment without need of TLS.
Issue-ID: OOM-2670
Signed-off-by: Ondrej Frindrich <ondrej1.frindrich@orange.com>
Change-Id: I19adabc7b33c1ada243ec16f77dbf8fde19b1386
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties
index e62ba07..512e906 100644
--- a/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties
@@ -24,20 +24,28 @@
# this could come from siteconfig.pl?
aai.config.nodename=AutomaticallyOverwritten
+{{ if ( include "common.needTLS" .) }}
aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
+{{ else }}
+aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
+aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
+{{ end }}
-{{ if .Values.global.config.basic.auth.enabled }}
+{{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }}
aai.tools.enableBasicAuth=true
aai.tools.username={{ .Values.global.config.basic.auth.username }}
aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
{{ end }}
+{{ if ( include "common.needTLS" .) }}
aai.truststore.filename={{ .Values.global.config.truststore.filename }}
aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }}
aai.keystore.filename={{ .Values.global.config.keystore.filename }}
aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }}
+{{ end }}
aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
aai.notificationEvent.default.status=UNPROCESSED
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
index 8cefebc..367e903 100644
--- a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
@@ -33,7 +33,7 @@
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
-spring.profiles.active={{ .Values.config.profiles.active }}
+spring.profiles.active={{ .Values.config.profiles.active }}{{ (eq "true" (include "common.needTLS" .)) | ternary ",one-way-ssl" "" }}
spring.jersey.application-path=${schema.uri.base.path}
#The max number of active threads in this pool
server.tomcat.max-threads=200
@@ -48,6 +48,7 @@
server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
server.port=8449
+{{ if ( include "common.needTLS" .) }}
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
@@ -55,11 +56,15 @@
server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
server.ssl.client-auth=want
server.ssl.key-store-type=JKS
+{{ else }}
+security.require-ssl=false
+server.ssl.enabled=false
+{{ end }}
# JMS bind address host port
jms.bind.address=tcp://localhost:61649
-dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:3905
-dmaap.ribbon.transportType=https
+dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }}
+dmaap.ribbon.transportType={{ include "common.scheme" . }}
# Schema related attributes for the oxm and edges
# Any additional schema related attributes should start with prefix schema
@@ -91,23 +96,28 @@
schema.version.api.default={{ .Values.global.config.schema.version.api.default }}
schema.translator.list={{ .Values.global.config.schema.translator.list }}
-schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
+schema.service.base.url={{ include "common.scheme" . }}://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
schema.service.nodes.endpoint=nodes?version=
schema.service.edges.endpoint=edgerules?version=
schema.service.versions.endpoint=versions
-schema.service.client={{ .Values.global.config.schema.service.client }}
+schema.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
+{{ if ( include "common.needTLS" .) }}
schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }}
schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+{{ end }}
aperture.rdbmsname=aai_relational
-aperture.service.client={{ .Values.global.config.schema.service.client }}
+aperture.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
+
aperture.service.base.url=http://localhost:8457/aai/aperture
+{{ if ( include "common.needTLS" .) }}
aperture.service.ssl.key-store=${server.local.startpath}etc/auth/{{ .Values.global.config.keystore.filename }}
aperture.service.ssl.trust-store=${server.local.startpath}etc/auth/{{ .Values.global.config.truststore.filename }}
aperture.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
aperture.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+{{ end }}
aperture.service.timeout-in-milliseconds=300000