[COMMON] Add template for CertServiceClient

Create generic template to simplify CertServiceClient use

Issue-ID: OOM-2568
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I4fb9829b27b1dd13a9e7a098f807710cc5648438
diff --git a/kubernetes/common/cmpv2Certificate/Chart.yaml b/kubernetes/common/cmpv2Certificate/Chart.yaml
new file mode 100644
index 0000000..e50de72
--- /dev/null
+++ b/kubernetes/common/cmpv2Certificate/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2021 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Template used to add cmpv2 certificates to components
+name: cmpv2Certificate
+version: 7.0.0
diff --git a/kubernetes/common/cmpv2Certificate/requirements.yaml b/kubernetes/common/cmpv2Certificate/requirements.yaml
new file mode 100644
index 0000000..367d879
--- /dev/null
+++ b/kubernetes/common/cmpv2Certificate/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2021 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~7.x-0
+    repository: 'file://../common'
+  - name: repositoryGenerator
+    version: ~7.x-0
+    repository: 'file://../repositoryGenerator'
diff --git a/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl b/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl
new file mode 100644
index 0000000..57e6c69
--- /dev/null
+++ b/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl
@@ -0,0 +1,174 @@
+{{/*
+# Copyright © 2021 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/*
+In order to use certServiceClient it is needed do define certificates array in target component values.yaml. Each
+certificate will be requested from separate init container
+
+Minimum example of array in target component values.yaml:
+certificates:
+  - mountPath:  /var/custom-certs
+    commonName: common-name
+
+Full example (other fields are ignored):
+certificates:
+  - mountPath:  /var/custom-certs
+    caName: RA
+    outputType: JKS
+    commonName: common-name
+    dnsNames:
+      - dns-name-1
+      - dns-name-2
+    ipAddresses:
+      - 192.168.0.1
+      - 192.168.0.2
+    emailAddresses:
+      - email-1@onap.org
+      - email-2@onap.org
+    uris:
+      - http://uri-1.onap.org
+      - http://uri-2.onap.org
+    subject:
+      organization: Linux-Foundation
+      country: US
+      locality: San Francisco
+      province: California
+      organizationalUnit: ONAP
+
+There also need to be some includes used in a target component deployment (indent values may need to be adjusted):
+  1. In initContainers section:
+    {{ include "common.certServiceClient.initContainer" . | indent 6 }}
+  2. In volumeMounts section of container using certificates:
+    {{ include "common.certServiceClient.volumeMounts" . | indent 10 }}
+  3. In volumes section:
+    {{ include "common.certServiceClient.volumes" . | indent 8 }}
+
+*/}}
+
+{{- define "common.certServiceClient.initContainer" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.cmpv2Certificate .initRoot -}}
+{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
+{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
+{{- range $index, $certificate := $dot.Values.certificates -}}
+{{/*# General certifiacate attributes  #*/}}
+{{- $commonName     := $certificate.commonName     -}}
+{{/*# SAN's #*/}}
+{{- $dnsNames       := default (list)    $certificate.dnsNames       -}}
+{{- $ipAddresses    := default (list)    $certificate.ipAddresses    -}}
+{{- $uris           := default (list)    $certificate.uris           -}}
+{{- $emailAddresses := default (list)    $certificate.emailAddresses   -}}
+{{- $sansList := concat $dnsNames $ipAddresses $uris $emailAddresses   -}}
+{{- $sans := join "," $sansList }}
+{{/*# Subject #*/}}
+{{- $organization   := $subchartGlobal.certificate.default.subject.organization        -}}
+{{- $country        := $subchartGlobal.certificate.default.subject.country             -}}
+{{- $locality       := $subchartGlobal.certificate.default.subject.locality            -}}
+{{- $province       := $subchartGlobal.certificate.default.subject.province            -}}
+{{- $orgUnit        := $subchartGlobal.certificate.default.subject.organizationalUnit  -}}
+{{- if $certificate.subject -}}
+{{- $organization   := $certificate.subject.organization -}}
+{{- $country        := $certificate.subject.country -}}
+{{- $locality       := $certificate.subject.locality -}}
+{{- $province       := $certificate.subject.province -}}
+{{- $orgUnit        := $certificate.subject.organizationalUnit -}}
+{{- end -}}
+{{- $caName := default $subchartGlobal.platform.certServiceClient.envVariables.caName $certificate.caName -}}
+{{- $outputType := default $subchartGlobal.platform.certServiceClient.envVariables.outputType  $certificate.outputType  -}}
+{{- $requestUrl := $subchartGlobal.platform.certServiceClient.envVariables.requestURL -}}
+{{- $certPath := $subchartGlobal.platform.certServiceClient.envVariables.certPath -}}
+{{- $requestTimeout := $subchartGlobal.platform.certServiceClient.envVariables.requestTimeout -}}
+{{- $certificatesSecretMountPath := $subchartGlobal.platform.certServiceClient.secret.mountPath -}}
+{{- $keystorePath := $subchartGlobal.platform.certServiceClient.envVariables.keystorePath -}}
+{{- $keystorePassword := $subchartGlobal.platform.certServiceClient.envVariables.keystorePassword -}}
+{{- $truststorePath := $subchartGlobal.platform.certServiceClient.envVariables.truststorePath -}}
+{{- $truststorePassword := $subchartGlobal.platform.certServiceClient.envVariables.truststorePassword -}}
+- name: certs-init-{{ $index }}
+  image: {{ include "repositoryGenerator.image.certserviceclient" $dot }}
+  imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+  env:
+    - name: REQUEST_URL
+      value: {{ $requestUrl | quote }}
+    - name: REQUEST_TIMEOUT
+      value: {{ $requestTimeout | quote }}
+    - name: OUTPUT_PATH
+      value: {{ $certPath | quote }}
+    - name: OUTPUT_TYPE
+      value: {{ $outputType | quote }}
+    - name: CA_NAME
+      value: {{ $caName | quote }}
+    - name: COMMON_NAME
+      value: {{ $commonName | quote }}
+    - name: SANS
+      value: {{ $sans | quote }}
+    - name: ORGANIZATION
+      value: {{ $organization | quote }}
+    - name: ORGANIZATION_UNIT
+      value: {{ $orgUnit | quote }}
+    - name: LOCATION
+      value: {{ $locality | quote }}
+    - name: STATE
+      value: {{ $province | quote }}
+    - name: COUNTRY
+      value: {{ $country | quote }}
+    - name: KEYSTORE_PATH
+      value: {{ $keystorePath | quote }}
+    - name: KEYSTORE_PASSWORD
+      value: {{ $keystorePassword | quote }}
+    - name: TRUSTSTORE_PATH
+      value: {{ $truststorePath | quote }}
+    - name: TRUSTSTORE_PASSWORD
+      value: {{ $truststorePassword | quote }}
+  terminationMessagePath: /dev/termination-log
+  terminationMessagePolicy: File
+  volumeMounts:
+    - mountPath: {{ $certPath }}
+      name: cmpv2-certs-volume-{{ $index }}
+    - mountPath: {{ $certificatesSecretMountPath }}
+      name: certservice-tls-volume
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "common.certServiceClient.volumes" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.cmpv2Certificate .initRoot -}}
+{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
+{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
+{{- $certificatesSecretName := $subchartGlobal.platform.certServiceClient.secret.name -}}
+- name: certservice-tls-volume
+  secret:
+    secretName: {{ $certificatesSecretName }}
+{{ range $index, $certificate := $dot.Values.certificates -}}
+- name: cmpv2-certs-volume-{{ $index }}
+  emptyDir:
+    medium: Memory
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "common.certServiceClient.volumeMounts" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.cmpv2Certificate .initRoot -}}
+{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
+{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
+{{- range $index, $certificate := $dot.Values.certificates -}}
+{{- $mountPath := $certificate.mountPath -}}
+- mountPath: {{ $mountPath }}
+  name: cmpv2-certs-volume-{{ $index }}
+{{ end -}}
+{{- end -}}
+{{- end -}}
diff --git a/kubernetes/common/cmpv2Certificate/values.yaml b/kubernetes/common/cmpv2Certificate/values.yaml
new file mode 100644
index 0000000..b753143
--- /dev/null
+++ b/kubernetes/common/cmpv2Certificate/values.yaml
@@ -0,0 +1,48 @@
+# Copyright © 2021 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration default values that can be inherited by
+# all subcharts.
+#################################################################
+global:
+  # Enabling CMPv2
+  cmpv2Enabled: true
+  CMPv2CertManagerIntegration: false
+
+  certificate:
+    default:
+      subject:
+        organization: "Linux-Foundation"
+        country: "US"
+        locality: "San-Francisco"
+        province: "California"
+        organizationalUnit: "ONAP"
+
+  platform:
+    certServiceClient:
+      secret:
+        name: oom-cert-service-client-tls-secret
+        mountPath: /etc/onap/oom/certservice/certs/
+      envVariables:
+        certPath: "/var/custom-certs"
+        # Client configuration related
+        caName: "RA"
+        requestURL: "https://oom-cert-service:8443/v1/certificate/"
+        requestTimeout: "30000"
+        keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks"
+        outputType: "P12"
+        keystorePassword: "secret"
+        truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
+        truststorePassword: "secret"
diff --git a/kubernetes/common/repositoryGenerator/templates/_repository.tpl b/kubernetes/common/repositoryGenerator/templates/_repository.tpl
index ba22bfb..a6b434f 100644
--- a/kubernetes/common/repositoryGenerator/templates/_repository.tpl
+++ b/kubernetes/common/repositoryGenerator/templates/_repository.tpl
@@ -82,6 +82,10 @@
   {{- include "repositoryGenerator.image._helper" (merge (dict "image" "curlImage") .) }}
 {{- end -}}
 
+{{- define "repositoryGenerator.image.certserviceclient" -}}
+  {{- include "repositoryGenerator.image._helper" (merge (dict "image" "certServiceClientImage") .) }}
+{{- end -}}
+
 {{- define "repositoryGenerator.image.envsubst" -}}
   {{- include "repositoryGenerator.image._helper" (merge (dict "image" "envsubstImage") .) }}
 {{- end -}}
diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml
index def7381..7d6fabe 100644
--- a/kubernetes/common/repositoryGenerator/values.yaml
+++ b/kubernetes/common/repositoryGenerator/values.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2020 Orange
+# Copyright © 2021 Nokia
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -22,6 +23,7 @@
   # common global images
   busyboxImage: busybox:1.32
   curlImage: curlimages/curl:7.69.1
+  certServiceClientImage: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.2
   envsubstImage: dibi/envsubst:1
   # there's only latest image for htpasswd
   htpasswdImage: xmartlabs/htpasswd:latest
@@ -53,6 +55,7 @@
 imageRepoMapping:
   busyboxImage: dockerHubRepository
   curlImage: dockerHubRepository
+  certServiceClientImage: repository
   envsubstImage: dockerHubRepository
   htpasswdImage: dockerHubRepository
   jreImage: repository
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 5376940..0489450 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -1,6 +1,6 @@
 # Copyright © 2019 Amdocs, Bell Canada
 # Copyright (c) 2020 Nordix Foundation, Modifications
-# Modifications Copyright © 2020 Nokia
+# Modifications Copyright © 2020-2021 Nokia
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -207,6 +207,7 @@
         name: oom-cert-service-client-tls-secret
         mountPath: /etc/onap/oom/certservice/certs/
       envVariables:
+        certPath: "/var/custom-certs"
         # Certificate related
         cmpv2Organization: "Linux-Foundation"
         cmpv2OrganizationalUnit: "ONAP"
diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml
index 57c165c..f58ecb1 100644
--- a/kubernetes/sdnc/requirements.yaml
+++ b/kubernetes/sdnc/requirements.yaml
@@ -1,5 +1,6 @@
 # Copyright © 2017 Amdocs, Bell Canada,
 # Copyright © 2020 highstreet technologies GmbH
+# Copyright © 2021 Nokia
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -20,6 +21,9 @@
   - name: certInitializer
     version: ~7.x-0
     repository: '@local'
+  - name: cmpv2Certificate
+    version: ~7.x-0
+    repository: '@local'
   - name: logConfiguration
     version: ~7.x-0
     repository: '@local'
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index 63b56f8..b668fd8 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -1,6 +1,7 @@
 {{/*
 # Copyright © 2020 Samsung Electronics
 # Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2021 Nokia
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -98,50 +99,8 @@
         name: {{ include "common.name" . }}-readiness
         {{ end -}}
 {{ include "common.certInitializer.initContainer" . | indent 6 }}
-
-      {{ if .Values.global.cmpv2Enabled }}
-      - name: certs-init
-        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.platform.certServiceClient.image }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        env:
-          - name: REQUEST_URL
-            value: {{ .Values.global.platform.certServiceClient.envVariables.requestURL }}
-          - name: REQUEST_TIMEOUT
-            value: "30000"
-          - name: OUTPUT_PATH
-            value: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }}
-          - name: CA_NAME
-            value: {{ .Values.global.platform.certServiceClient.envVariables.caName }}
-          - name: COMMON_NAME
-            value: {{ .Values.global.platform.certServiceClient.envVariables.common_name }}
-          - name: ORGANIZATION
-            value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Organization }}
-          - name: ORGANIZATION_UNIT
-            value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }}
-          - name: LOCATION
-            value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Location }}
-          - name: STATE
-            value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2State }}
-          - name: COUNTRY
-            value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Country }}
-          - name: KEYSTORE_PATH
-            value: {{ .Values.global.platform.certServiceClient.envVariables.keystorePath }}
-          - name: KEYSTORE_PASSWORD
-            value: {{ .Values.global.platform.certServiceClient.envVariables.keystorePassword }}
-          - name: TRUSTSTORE_PATH
-            value: {{ .Values.global.platform.certServiceClient.envVariables.truststorePath }}
-          - name: TRUSTSTORE_PASSWORD
-            value: {{ .Values.global.platform.certServiceClient.envVariables.truststorePassword }}
-        terminationMessagePath: /dev/termination-log
-        terminationMessagePolicy: File
-        volumeMounts:
-          - mountPath: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }}
-            name: certs
-          - mountPath: {{ .Values.global.platform.certServiceClient.secret.mountPath }}
-            name: certservice-tls-volume
-      {{ end }}
-
-      - name: {{ include "common.name" . }}-init-files
+{{ include "common.certServiceClient.initContainer" . | indent 6 }}
+      - name: {{ include "common.name" . }}-chown
         image: {{ include "repositoryGenerator.image.busybox" . }}
         command:
         - sh
@@ -150,7 +109,7 @@
         - |
            mkdir {{ .Values.persistence.mdsalPath }}/daexim
            mkdir {{ .Values.persistence.mdsalPath }}/journal
-           mkdir {{ .Values.persistence.mdsalPath }}/snapshots 
+           mkdir {{ .Values.persistence.mdsalPath }}/snapshots
            chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }}
 {{- if .Values.global.aafEnabled }}
            chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}
@@ -236,6 +195,7 @@
 
           volumeMounts:
 {{ include "common.certInitializer.volumeMount" . | indent 10 }}
+{{ include "common.certServiceClient.volumeMounts" . | indent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
@@ -294,10 +254,6 @@
           - mountPath: {{ .Values.config.odl.etcDir }}/mountpoint-state-provider.properties
             name: properties
             subPath: mountpoint-state-provider.properties
-          {{ if .Values.global.cmpv2Enabled }}
-          - mountPath: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }}
-            name: certs
-          {{- end }}
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -348,19 +304,12 @@
         - name: properties
           emptyDir:
             medium: Memory
-        {{ if .Values.global.cmpv2Enabled }}
-        - name: certs
-          emptyDir:
-            medium: Memory
-        - name: certservice-tls-volume
-          secret:
-            secretName: {{ .Values.global.platform.certServiceClient.secret.name }}
-        {{- end }}
   {{ if not .Values.persistence.enabled }}
         - name: {{ include "common.fullname" . }}-data
           emptyDir: {}
   {{ else }}
 {{ include "common.certInitializer.volumes" . | nindent 8 }}
+{{ include "common.certServiceClient.volumes" . | nindent 8 }}
   volumeClaimTemplates:
   - metadata:
       name: {{ include "common.fullname" . }}-data
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index faf6594..4354fe4 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -1,5 +1,6 @@
 # Copyright © 2020 Samsung Electronics, highstreet technologies GmbH
 # Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2021 Nokia
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -29,33 +30,8 @@
     service: mariadb-galera
     internalPort: 3306
     nameOverride: mariadb-galera
-    service: mariadb-galera
-  # Enabling CMPv2
-  cmpv2Enabled: true
+  # Enabling CMPv2 with CertManager
   CMPv2CertManagerIntegration: false
-  platform:
-    certServiceClient:
-      image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.2
-      secret:
-        name: oom-cert-service-client-tls-secret
-        mountPath: /etc/onap/oom/certservice/certs/
-      envVariables:
-        # Certificate related
-        cert_path: /var/custom-certs
-        cmpv2Organization: "Linux-Foundation"
-        cmpv2OrganizationalUnit: "ONAP"
-        cmpv2Location: "San-Francisco"
-        cmpv2Country: "US"
-        # Client configuration related
-        caName: "RA"
-        common_name: "sdnc.simpledemo.onap.org"
-        requestURL: "https://oom-cert-service:8443/v1/certificate/"
-        requestTimeout: "30000"
-        keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks"
-        outputType: "P12"
-        keystorePassword: "secret"
-        truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
-        truststorePassword: "secret"
 
 #################################################################
 # Secrets metaconfig
@@ -141,7 +117,8 @@
 # Certificates
 #################################################################
 certificates:
-  - commonName: sdnc.simpledemo.onap.org
+  - mountPath:  /var/custom-certs
+    commonName: sdnc.simpledemo.onap.org
     dnsNames:
         - sdnc.simpledemo.onap.org
     p12Keystore: