Merge "remove hardcoded MariaDB password"
diff --git a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml b/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml
index fa00ffe..5e473bc 100644
--- a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml
+++ b/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml
@@ -78,11 +78,17 @@
             name: {{ include "common.fullname" . }}-config
             subPath: sdc-controllers-config.json
           env:
-            - name: SPRING_APPLICATION_JSON
-              valueFrom:
-                configMapKeyRef:
-                  name: {{ template "common.fullname" . }}
-                  key: spring_application_json
+          - name: MYSQL_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+          - name: MYSQL_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+          - name: MYSQL_DATABASE
+            value: {{ tpl .Values.db.databaseName .}}
+          - name: SPRING_APPLICATION_JSON
+            valueFrom:
+              configMapKeyRef:
+                name: {{ template "common.fullname" . }}
+                key: spring_application_json
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
diff --git a/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml b/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml
new file mode 100644
index 0000000..57f88ce
--- /dev/null
+++ b/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml
@@ -0,0 +1,16 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/clamp/charts/clamp-backend/values.yaml b/kubernetes/clamp/charts/clamp-backend/values.yaml
index ca444aa..f354ad1 100644
--- a/kubernetes/clamp/charts/clamp-backend/values.yaml
+++ b/kubernetes/clamp/charts/clamp-backend/values.yaml
@@ -23,11 +23,19 @@
   readinessImage: readiness-check:2.0.0
   persistence: {}
 
+secrets:
+  - uid: db-secret
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+    login: '{{ .Values.db.user }}'
+    password: '{{ .Values.db.password }}'
+    passwordPolicy: required
+
 flavor: small
 
 # application image
 repository: nexus3.onap.org:10001
-image: onap/clamp-backend:5.0.4
+image: onap/clamp-backend:5.0.6
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -40,6 +48,9 @@
 #################################################################
 # Application configuration defaults.
 #################################################################
+
+db: {}
+
 config:
   log:
     logstashServiceName: log-ls
@@ -47,8 +58,10 @@
   mysqlPassword: strong_pitchou
   dataRootDir: /dockerdata-nfs
   springApplicationJson: >
-    {
-        "spring.datasource.cldsdb.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3",
+        {
+        "spring.datasource.username": "${MYSQL_USER}",
+        "spring.datasource.password": "${MYSQL_PASSWORD}",
+        "spring.datasource.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3",
         "spring.profiles.active": "clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements",
         "clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json",
         "clamp.config.dcae.inventory.url": "https4://inventory.{{ include "common.namespace" . }}:8080",
@@ -63,7 +76,7 @@
         "clamp.config.policy.pap.userName": "healthcheck",
         "clamp.config.policy.pap.password": "zb!XztG34",
         "clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095"
-    }
+        }
 
 # default number of instances
 replicaCount: 1
diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh
deleted file mode 100755
index 2e2ad2e..0000000
--- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/sh
-
-###
-# ============LICENSE_START=======================================================
-# ONAP CLAMP
-# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights
-#                             reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END============================================
-# ===================================================================
-#
-###
-
-mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < /docker-entrypoint-initdb.d/bulkload/create-db.sql
-## New model creation
-mysql -uroot -p$MYSQL_ROOT_PASSWORD -f cldsdb4 < /docker-entrypoint-initdb.d/bulkload/create-tables.sql
diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-db.sql b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-db.sql
deleted file mode 100644
index ea4d97c..0000000
--- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-db.sql
+++ /dev/null
@@ -1,11 +0,0 @@
-#
-# Create CLDS database objects (tables, etc.)
-#
-#
-CREATE DATABASE `cldsdb4`;
-USE `cldsdb4`;
-DROP USER 'clds';
-CREATE USER 'clds';
-GRANT ALL on cldsdb4.* to 'clds' identified by 'sidnnd83K' with GRANT OPTION;
-FLUSH PRIVILEGES;
-
diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql
similarity index 100%
rename from kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql
rename to kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql
diff --git a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml b/kubernetes/clamp/charts/mariadb/templates/configmap.yaml
index 705c38f..522c5f9 100644
--- a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml
+++ b/kubernetes/clamp/charts/mariadb/templates/configmap.yaml
@@ -17,19 +17,6 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: clamp-entrypoint-initdb-configmap
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
   name: clamp-entrypoint-bulkload-configmap
   namespace: {{ include "common.namespace" . }}
   labels:
@@ -38,7 +25,7 @@
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 data:
-{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }}
 ---
 apiVersion: v1
 kind: ConfigMap
diff --git a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml b/kubernetes/clamp/charts/mariadb/templates/deployment.yaml
index be46f89..7d22930 100644
--- a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml
+++ b/kubernetes/clamp/charts/mariadb/templates/deployment.yaml
@@ -52,19 +52,19 @@
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           env:
-            - name: MYSQL_ROOT_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "common.fullname" . }}
-                  key: db-root-password
+          - name: MYSQL_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+          - name: MYSQL_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+          - name: MYSQL_ROOT_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12 }}
+          - name: MYSQL_DATABASE
+            value: {{ tpl .Values.db.databaseName .}}
           volumeMounts:
-          - mountPath: /docker-entrypoint-initdb.d/bootstrap-database.sh
-            name: docker-entrypoint-initdb
-            subPath: bootstrap-database.sh
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
-          - mountPath: /docker-entrypoint-initdb.d/bulkload/
+          - mountPath: /docker-entrypoint-initdb.d/
             name: docker-entrypoint-bulkload
           - mountPath: /etc/mysql/conf.d/conf1/
             name:  clamp-mariadb-conf
@@ -88,9 +88,6 @@
       {{- else }}
           emptyDir: {}
       {{- end }}
-        - name: docker-entrypoint-initdb
-          configMap:
-            name: clamp-entrypoint-initdb-configmap
         - name: docker-entrypoint-bulkload
           configMap:
             name: clamp-entrypoint-bulkload-configmap
diff --git a/kubernetes/clamp/charts/mariadb/templates/secrets.yaml b/kubernetes/clamp/charts/mariadb/templates/secrets.yaml
index 8f3a217..57f88ce 100644
--- a/kubernetes/clamp/charts/mariadb/templates/secrets.yaml
+++ b/kubernetes/clamp/charts/mariadb/templates/secrets.yaml
@@ -13,16 +13,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-type: Opaque
-data:
-  db-root-password: {{ .Values.config.mysqlPassword | b64enc | quote }}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/clamp/charts/mariadb/values.yaml b/kubernetes/clamp/charts/mariadb/values.yaml
index 8bf6100..df651dd 100644
--- a/kubernetes/clamp/charts/mariadb/values.yaml
+++ b/kubernetes/clamp/charts/mariadb/values.yaml
@@ -20,18 +20,27 @@
   nodePortPrefix: 302
 
   persistence: {}
-
 # application image
 repository: nexus3.onap.org:10001
 image: mariadb:10.3.12
 pullPolicy: Always
 flavor: small
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: db-root-pass
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.db.rootCredsExternalSecret) . }}'
+    password: '{{ .Values.db.rootPass }}'
+  - uid: db-secret
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+    login: '{{ .Values.db.user }}'
+    password: '{{ .Values.db.password }}'
 
-#################################################################
-# Application configuration defaults.
-#################################################################
-config:
-  mysqlPassword: strong_pitchou
+# Application configuration
+db: {}
 
 # default number of instances
 replicaCount: 1
diff --git a/kubernetes/clamp/templates/secrets.yaml b/kubernetes/clamp/templates/secrets.yaml
new file mode 100644
index 0000000..57f88ce
--- /dev/null
+++ b/kubernetes/clamp/templates/secrets.yaml
@@ -0,0 +1,16 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml
index 0e6ad57..9446ca8 100644
--- a/kubernetes/clamp/values.yaml
+++ b/kubernetes/clamp/values.yaml
@@ -24,6 +24,33 @@
   loggingImage: beats/filebeat:5.5.0
   centralizedLoggingEnabled: false
 
+secrets:
+  - uid: db-root-pass
+    name: &dbRootPass '{{ include "common.release" . }}-clamp-db-root-pass'
+    type: password
+    password: '{{ .Values.db.rootPass }}'
+  - uid: db-secret
+    name: &dbUserPass '{{ include "common.release" . }}-clamp-db-user-pass'
+    type: basicAuth
+    login: '{{ .Values.db.user }}'
+    password: '{{ .Values.db.password }}'
+
+db:
+  user: clds
+#  password: sidnnd83K
+  databaseName: &dbName cldsdb4
+#    rootPass: emrys  user: testos
+
+clamp-backend:
+  db:
+    userCredsExternalSecret: *dbUserPass
+    databaseName: *dbName
+mariadb:
+  db:
+    rootCredsExternalSecret: *dbRootPass
+    userCredsExternalSecret: *dbUserPass
+    databaseName: *dbName
+
 subChartsOnly:
   enabled: true
 
@@ -31,7 +58,7 @@
 
 # application image
 repository: nexus3.onap.org:10001
-image: onap/clamp-frontend:5.0.3
+image: onap/clamp-frontend:5.0.6
 pullPolicy: Always
 
 # flag to enable debugging - application support required
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 5839add..9e593c2 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -147,7 +147,7 @@
 # to customize the ONAP deployment.
 #################################################################
 aaf:
-  enabled: true
+  enabled: false
 aai:
   enabled: false
 appc: