[AAI] Remove unused AAF proxies
Some AAI components have the ability of using AAF proxies for
authentication. As AAF is deprecated and these proxies seems not to be
used by anybody, let's remove them.
Issue-ID: OOM-2663
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ie78740eb452f1b28f031a97fe272f86acce1f8be
diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12
deleted file mode 100644
index dbf4fca..0000000
--- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore
deleted file mode 100644
index 9eec841..0000000
--- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties
deleted file mode 100644
index f512fb7..0000000
--- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties
+++ /dev/null
@@ -1,2 +0,0 @@
-credential.cache.timeout.ms=180000
-transactionid.header.name=X-TransactionId
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml
deleted file mode 100644
index 0637cfb..0000000
--- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml
+++ /dev/null
@@ -1,45 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/AAF-FPS" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="info">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.fproxy" level="info" />
-
-</configuration>
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt
deleted file mode 100644
index 79cf29e..0000000
--- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt
+++ /dev/null
@@ -1 +0,0 @@
-Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12
deleted file mode 100644
index dbf4fca..0000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore
deleted file mode 100644
index 99129c1..0000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json
deleted file mode 100644
index acc9409..0000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json
+++ /dev/null
@@ -1,93 +0,0 @@
-[
- {
- "uri": "\/not\/allowed\/at\/all$",
- "permissions": [
- "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt"
- ]
- },
- {
- "uri": "\/one\/auth\/required$",
- "permissions": [
- "test.auth.access.aSimpleSingleAuth"
- ]
- },
- {
- "uri": "\/multi\/auth\/required$",
- "permissions": [
- "test.auth.access.aMultipleAuth1",
- "test.auth.access.aMultipleAuth2",
- "test.auth.access.aMultipleAuth3"
- ]
- },
- {
- "uri": "\/one\/[^\/]+\/required$",
- "permissions": [
- "test.auth.access.aSimpleSingleAuth"
- ]
- },
- {
- "uri": "\/services\/getAAFRequest$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/admin\/getAAFRequest$",
- "permissions": [
- "test.auth.access|admin|GET,PUT,POST"
- ]
- },
- {
- "uri": "\/service\/aai\/webapp\/index.html$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/services\/aai\/webapp\/index.html$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/$",
- "permissions": [
- "\\|services\\|GET",
- "test\\.auth\\.access\\|services\\|GET,PUT"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$",
- "permissions": [
- "test\\.auth\\.access\\|rest\\|read"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
- "permissions": [
- "test.auth.access|clouds|read",
- "test.auth.access|tenants|read"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$",
- "permissions": [
- "test.auth.access|clouds|read",
- "test.auth.access|tenants|read",
- "test.auth.access|vservers|read"
- ]
- },
- {
- "uri": "\/backend$",
- "permissions": [
- "test\\.auth\\.access\\|services\\|GET,PUT",
- "\\|services\\|GET"
- ]
- },
- {
- "uri": "\/services\/babel-service\/.*",
- "permissions": [
- "org\\.access\\|\\*\\|\\*"
- ]
- }
-]
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties
deleted file mode 100644
index 188c55b..0000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties
+++ /dev/null
@@ -1,27 +0,0 @@
-{{/*
-# This is a normal Java Properties File
-# Comments are with Pound Signs at beginning of lines,
-# and multi-line expression of properties can be obtained by backslash at end of line
-
-#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
-#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name
-#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
-#to your hosts file on your machine.
-#hostname=test.aic.cip.att.com
-*/}}
-
-cadi_loglevel=DEBUG
-cadi_keyfile=/opt/app/rproxy/config/security/keyfile
-
-cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
-cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-
-# Configure AAF
-aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}}
-aaf_env=DEV
-
-aaf_id=demo@people.osaaf.org
-aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
-
-# This is a colon separated list of client cert issuers
-cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties
deleted file mode 100644
index 1b58d42..0000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties
+++ /dev/null
@@ -1,4 +0,0 @@
-forward-proxy.protocol = https
-forward-proxy.host = localhost
-forward-proxy.port = 10680
-forward-proxy.cacheurl = /credential-cache
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml
deleted file mode 100644
index 2cd95d4..0000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml
+++ /dev/null
@@ -1,45 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/reverse-proxy" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="info">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.rproxy" level="info" />
-
-</configuration>
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties
deleted file mode 100644
index 7055bf5..0000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties
+++ /dev/null
@@ -1,3 +0,0 @@
-primary-service.protocol = https
-primary-service.host = localhost
-primary-service.port = 9516
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt
deleted file mode 100644
index 79cf29e..0000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt
+++ /dev/null
@@ -1 +0,0 @@
-Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties
deleted file mode 100644
index 8d46e1f..0000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties
+++ /dev/null
@@ -1 +0,0 @@
-transactionid.header.name=X-TransactionId
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile b/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile
deleted file mode 100644
index 6cd12fc..0000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile
+++ /dev/null
@@ -1,27 +0,0 @@
-bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM
-1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29
-xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK
-BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm
-6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99
-QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm
-zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6
-x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf
-8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz
-FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz
-UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r
-banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv
-6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG
-yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB
-xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB
-lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq
-ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE
-fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v
-1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5
-liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc
-0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u
-PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm
-8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv
-dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ
--85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn
-c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J
-uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/templates/configmap.yaml b/kubernetes/aai/components/aai-babel/templates/configmap.yaml
index cdd2a4f..baee38c 100644
--- a/kubernetes/aai/components/aai-babel/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-babel/templates/configmap.yaml
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,46 +28,3 @@
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-
-{{ if .Values.global.installSidecarSecurity }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }}
-{{ end }}
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
index e75815e..9fe386a 100644
--- a/kubernetes/aai/components/aai-babel/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
@@ -1,7 +1,7 @@
{{/*
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
-# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2020,2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -37,19 +37,6 @@
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- {{ if .Values.global.installSidecarSecurity }}
- hostAliases:
- - ip: {{ .Values.global.aaf.serverIp }}
- hostnames:
- - {{ .Values.global.aaf.serverHostname }}
-
- initContainers:
- - name: {{ .Values.global.tproxyConfig.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- securityContext:
- privileged: true
- {{ end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -127,79 +114,6 @@
- mountPath: /usr/share/filebeat/data
name: aai-filebeat
- {{ if .Values.global.installSidecarSecurity }}
- - name: {{ .Values.global.rproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/rproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.config.keyStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.rproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/forward-proxy.properties
- subPath: forward-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/primary-service.properties
- subPath: primary-service.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/reverse-proxy.properties
- subPath: reverse-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/cadi.properties
- subPath: cadi.properties
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- mountPath: /opt/app/rproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
- subPath: uri-authorization.json
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
- subPath: aaf_truststore.jks
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- mountPath: /opt/app/rproxy/config/security/keyfile
- subPath: keyfile
-
- ports:
- - containerPort: {{ .Values.global.rproxy.port }}
-
- - name: {{ .Values.global.fproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/fproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.config.keyStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.fproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-fproxy-config
- mountPath: /opt/app/fproxy/config/fproxy.properties
- subPath: fproxy.properties
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- mountPath: /opt/app/fproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- ports:
- - containerPort: {{ .Values.global.fproxy.port }}
- {{ end }}
-
volumes:
- name: localtime
hostPath:
@@ -226,32 +140,6 @@
emptyDir: {}
- name: aai-filebeat
emptyDir: {}
- {{ if .Values.global.installSidecarSecurity }}
- - name: {{ include "common.fullname" . }}-rproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-config
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-security-config
- - name: {{ include "common.fullname" . }}-fproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-config
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-fproxy-auth-config
- {{ end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/components/aai-babel/templates/secrets.yaml b/kubernetes/aai/components/aai-babel/templates/secrets.yaml
index 630ce83..b81ffa0 100644
--- a/kubernetes/aai/components/aai-babel/templates/secrets.yaml
+++ b/kubernetes/aai/components/aai-babel/templates/secrets.yaml
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -43,48 +44,3 @@
data:
KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }}
KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }}
-
-{{ if .Values.global.installSidecarSecurity }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-auth-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-auth-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-security-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
-{{ end }}
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/templates/service.yaml b/kubernetes/aai/components/aai-babel/templates/service.yaml
index fb72955..db54ce1 100644
--- a/kubernetes/aai/components/aai-babel/templates/service.yaml
+++ b/kubernetes/aai/components/aai-babel/templates/service.yaml
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -28,27 +29,16 @@
spec:
type: {{ .Values.service.type }}
ports:
- {{ if .Values.global.installSidecarSecurity }}
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.global.rproxy.port }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.global.rproxy.port }}
- name: {{ .Values.service.portName }}
- {{- end}}
- {{ else }}
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- {{ end }}
+ {{- if eq .Values.service.type "NodePort" }}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else }}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end }}
+
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml
index f0a5ec2..db1a2eb 100644
--- a/kubernetes/aai/components/aai-babel/values.yaml
+++ b/kubernetes/aai/components/aai-babel/values.yaml
@@ -1,6 +1,6 @@
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
-# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2020, 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -17,8 +17,7 @@
#################################################################
# Global configuration defaults.
#################################################################
-global:
- installSidecarSecurity: false
+global: {}
#################################################################
# Application configuration defaults.
diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12
deleted file mode 100644
index d9fe86e..0000000
--- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore
deleted file mode 100644
index f6ebc75..0000000
--- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore
deleted file mode 100644
index 9eec841..0000000
--- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties
deleted file mode 100644
index f512fb7..0000000
--- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties
+++ /dev/null
@@ -1,2 +0,0 @@
-credential.cache.timeout.ms=180000
-transactionid.header.name=X-TransactionId
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml
deleted file mode 100644
index 9a08348..0000000
--- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml
+++ /dev/null
@@ -1,45 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/AAF-FPS" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="info">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.fproxy" level="info" />
-
-</configuration>
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt
deleted file mode 100644
index 79cf29e..0000000
--- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt
+++ /dev/null
@@ -1 +0,0 @@
-Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12
deleted file mode 100644
index 071d407..0000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12
deleted file mode 100644
index 023e2ea..0000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore
deleted file mode 100644
index 6ad5f51..0000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json
deleted file mode 100644
index e23c03d..0000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json
+++ /dev/null
@@ -1,99 +0,0 @@
-[
- {
- "uri": "\/not\/allowed\/at\/all$",
- "permissions": [
- "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt"
- ]
- },
- {
- "uri": "\/one\/auth\/required$",
- "permissions": [
- "test.auth.access.aSimpleSingleAuth"
- ]
- },
- {
- "uri": "\/multi\/auth\/required$",
- "permissions": [
- "test.auth.access.aMultipleAuth1",
- "test.auth.access.aMultipleAuth2",
- "test.auth.access.aMultipleAuth3"
- ]
- },
- {
- "uri": "\/one\/[^\/]+\/required$",
- "permissions": [
- "test.auth.access.aSimpleSingleAuth"
- ]
- },
- {
- "uri": "\/services\/getAAFRequest$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/admin\/getAAFRequest$",
- "permissions": [
- "test.auth.access|admin|GET,PUT,POST"
- ]
- },
- {
- "uri": "\/service\/aai\/webapp\/index.html$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/services\/aai\/webapp\/index.html$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/$",
- "permissions": [
- "\\|services\\|GET",
- "test\\.auth\\.access\\|services\\|GET,PUT"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$",
- "permissions": [
- "test\\.auth\\.access\\|rest\\|read"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
- "permissions": [
- "test.auth.access|clouds|read",
- "test.auth.access|tenants|read"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$",
- "permissions": [
- "test.auth.access|clouds|read",
- "test.auth.access|tenants|read",
- "test.auth.access|vservers|read"
- ]
- },
- {
- "uri": "\/backend$",
- "permissions": [
- "test\\.auth\\.access\\|services\\|GET,PUT",
- "\\|services\\|GET"
- ]
- },
- {
- "uri": "\/aai\/.*",
- "permissions": [
- "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
- ]
- },
- {
- "uri": "\/aai\/util\/echo",
- "permissions": [
- "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
- ]
- }
-]
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties
deleted file mode 100644
index fb3d1cc..0000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties
+++ /dev/null
@@ -1,41 +0,0 @@
-{{/*
-# This is a normal Java Properties File
-# Comments are with Pound Signs at beginning of lines,
-# and multi-line expression of properties can be obtained by backslash at end of line
-
-#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
-#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name
-#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
-#to your hosts file on your machine.
-#hostname=test.aic.cip.att.com
-*/}}
-
-cadi_loglevel=DEBUG
-
-# OAuth2
-aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
-aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
-
-cadi_latitude=37.78187
-cadi_longitude=-122.26147
-
-# Locate URL (which AAF Env)
-aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
-
-# AAF URL
-aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
-
-cadi_keyfile=/opt/app/rproxy/config/security/keyfile
-cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12
-cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV
-cadi_alias=aai@aai.onap.org
-cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
-cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-
-aaf_env=DEV
-
-aaf_id=demo@people.osaaf.org
-aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
-
-# This is a colon separated list of client cert issuers
-cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties
deleted file mode 100644
index 1b58d42..0000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties
+++ /dev/null
@@ -1,4 +0,0 @@
-forward-proxy.protocol = https
-forward-proxy.host = localhost
-forward-proxy.port = 10680
-forward-proxy.cacheurl = /credential-cache
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml
deleted file mode 100644
index 799fd86..0000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml
+++ /dev/null
@@ -1,45 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/reverse-proxy" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="info">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.rproxy" level="info" />
-
-</configuration>
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties
deleted file mode 100644
index 2c89d28..0000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties
+++ /dev/null
@@ -1,3 +0,0 @@
-primary-service.protocol = https
-primary-service.host = localhost
-primary-service.port = 8447
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt
deleted file mode 100644
index 79cf29e..0000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt
+++ /dev/null
@@ -1 +0,0 @@
-Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties
deleted file mode 100644
index 8d46e1f..0000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties
+++ /dev/null
@@ -1 +0,0 @@
-transactionid.header.name=X-TransactionId
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile b/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile
deleted file mode 100644
index 3416d4a..0000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile
+++ /dev/null
@@ -1,27 +0,0 @@
-2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf
-jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm
-4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe
-moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf
-GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT
-74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh
-iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb
-p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt
-3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW
-hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7
-RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX
-xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk
-8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q
-ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i
-5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe
-GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE
-_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k
-zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf
-S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU
-LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw
-hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W
-nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP
-bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN
-JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk
-Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y
-J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP
-mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/templates/configmap.yaml b/kubernetes/aai/components/aai-resources/templates/configmap.yaml
index 2927031..f173916 100644
--- a/kubernetes/aai/components/aai-resources/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/configmap.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -49,113 +50,3 @@
{{ tpl (.Files.Glob "resources/config/aaf/permissions.properties").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.props").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/aaf/cadi.properties").AsConfig . | indent 2 }}
-
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-aaf-keys
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
-
-{{ if .Values.global.installSidecarSecurity }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-aai-policy-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/auth/aai_policy.json").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-auth-config
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-auth-config
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-security-config
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
-{{ end }}
diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
index a67d7bf..309c2d1 100644
--- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
@@ -72,13 +72,6 @@
{{- end }}
spec:
hostname: aai-resources
- {{- if .Values.global.initContainers.enabled }}
- {{- if .Values.global.installSidecarSecurity }}
- hostAliases:
- - ip: {{ .Values.global.aaf.serverIp }}
- hostnames:
- - {{ .Values.global.aaf.serverHostname }}
- {{- end }}
initContainers:
- command:
{{- if .Values.global.jobs.migration.enabled }}
@@ -86,23 +79,24 @@
args:
- --job-name
- {{ include "common.release" . }}-aai-graphadmin-migration
- {{- else if .Values.global.jobs.createSchema.enabled }}
+ {{- else }}
+ {{- if .Values.global.jobs.createSchema.enabled }}
- /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-aai-graphadmin-create-db-schema
- {{- else }}
+ {{- else }}
- /app/ready.py
args:
- --container-name
- {{- if .Values.global.cassandra.localCluster }}
+ {{- if .Values.global.cassandra.localCluster }}
- aai-cassandra
- {{- else }}
+ {{- else }}
- cassandra
- {{- end }}
+ {{- end }}
- --container-name
- aai-schema-service
- {{- end }}
+ {{- end }}
env:
- name: NAMESPACE
valueFrom:
@@ -112,14 +106,7 @@
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- {{- if .Values.global.installSidecarSecurity }}
- - name: {{ .Values.global.tproxyConfig.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- securityContext:
- privileged: true
{{- end }}
- {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -153,11 +140,6 @@
- mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
name: {{ include "common.fullname" . }}-config
subPath: realm.properties
- {{- if .Values.global.installSidecarSecurity }}
- - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json
- name: {{ include "common.fullname" . }}-aai-policy
- subPath: aai_policy.json
- {{- end }}
- mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile
name: {{ include "common.fullname" . }}-aaf-certs
subPath: org.onap.aai.keyfile
@@ -231,84 +213,6 @@
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-filebeat
resources: {{ include "common.resources" . | nindent 12 }}
- {{- if .Values.global.installSidecarSecurity }}
- - name: {{ .Values.global.rproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/rproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.sidecar.keyStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.rproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/forward-proxy.properties
- subPath: forward-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/primary-service.properties
- subPath: primary-service.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/reverse-proxy.properties
- subPath: reverse-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/cadi.properties
- subPath: cadi.properties
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- mountPath: /opt/app/rproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
- subPath: uri-authorization.json
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
- subPath: aaf_truststore.jks
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- mountPath: /opt/app/rproxy/config/security/keyfile
- subPath: keyfile
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
- subPath: org.onap.aai.p12
- ports:
- - containerPort: {{ .Values.global.rproxy.port }}
- - name: {{ .Values.global.fproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/fproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.sidecar.keyStorePassword }}
- - name: TRUST_STORE_PASSWORD
- value: {{ .Values.sidecar.trustStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.fproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-fproxy-config
- mountPath: /opt/app/fproxy/config/fproxy.properties
- subPath: fproxy.properties
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- mountPath: /opt/app/fproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
- subPath: fproxy_truststore
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- ports:
- - containerPort: {{ .Values.global.fproxy.port }}
- {{- end }}
volumes:
- name: aai-common-aai-auth-mount
secret:
@@ -340,35 +244,6 @@
- key: {{ . }}
path: {{ . }}
{{- end }}
- {{- if .Values.global.installSidecarSecurity }}
- - name: {{ include "common.fullname" . }}-aai-policy
- configMap:
- name: {{ include "common.fullname" . }}-aai-policy-configmap
- - name: {{ include "common.fullname" . }}-rproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-config
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-security-config
- - name: {{ include "common.fullname" . }}-fproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-config
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-fproxy-auth-config
- {{- end }}
restartPolicy: {{ .Values.restartPolicy }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/components/aai-resources/templates/secret.yaml b/kubernetes/aai/components/aai-resources/templates/secret.yaml
new file mode 100644
index 0000000..d241490
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/templates/secret.yaml
@@ -0,0 +1,31 @@
+{{/*
+# Copyright © 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-aaf-keys
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/templates/service.yaml b/kubernetes/aai/components/aai-resources/templates/service.yaml
index 66dfd49..460e0d5 100644
--- a/kubernetes/aai/components/aai-resources/templates/service.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/service.yaml
@@ -27,7 +27,7 @@
spec:
type: {{ .Values.service.type }}
ports:
- {{if eq .Values.service.type "NodePort" -}}
+ {{ if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
@@ -39,7 +39,7 @@
name: {{ .Values.service.portName }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
- {{- end}}
+ {{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
index 620b4d7..5210a24 100644
--- a/kubernetes/aai/components/aai-resources/values.yaml
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -24,9 +24,6 @@
#Override it to aai-cassandra if localCluster is enabled.
serviceName: cassandra
- rproxy:
- name: reverse-proxy
-
initContainers:
enabled: true
diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties
deleted file mode 100644
index f512fb7..0000000
--- a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties
+++ /dev/null
@@ -1,2 +0,0 @@
-credential.cache.timeout.ms=180000
-transactionid.header.name=X-TransactionId
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml
deleted file mode 100644
index edac199..0000000
--- a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/AAF-FPS" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="debug">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.fproxy" level="trace" additivity="false">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </logger>
-
-</configuration>
diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt
deleted file mode 100644
index 79cf29e..0000000
--- a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt
+++ /dev/null
@@ -1 +0,0 @@
-Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json
deleted file mode 100644
index 595d484..0000000
--- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json
+++ /dev/null
@@ -1,11 +0,0 @@
-[
- {
- "uri": "\/services\/search-data-service\/.*",
- "method": "GET|PUT|POST|DELETE",
- "permissions": [
- "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
- ]
- }
-
-
-]
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties
deleted file mode 100644
index fb3d1cc..0000000
--- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties
+++ /dev/null
@@ -1,41 +0,0 @@
-{{/*
-# This is a normal Java Properties File
-# Comments are with Pound Signs at beginning of lines,
-# and multi-line expression of properties can be obtained by backslash at end of line
-
-#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
-#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name
-#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
-#to your hosts file on your machine.
-#hostname=test.aic.cip.att.com
-*/}}
-
-cadi_loglevel=DEBUG
-
-# OAuth2
-aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
-aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
-
-cadi_latitude=37.78187
-cadi_longitude=-122.26147
-
-# Locate URL (which AAF Env)
-aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
-
-# AAF URL
-aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
-
-cadi_keyfile=/opt/app/rproxy/config/security/keyfile
-cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12
-cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV
-cadi_alias=aai@aai.onap.org
-cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
-cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-
-aaf_env=DEV
-
-aaf_id=demo@people.osaaf.org
-aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
-
-# This is a colon separated list of client cert issuers
-cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties
deleted file mode 100644
index 55a9b48..0000000
--- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties
+++ /dev/null
@@ -1,4 +0,0 @@
-forward-proxy.protocol = https
-forward-proxy.host = localhost
-forward-proxy.port = 10680
-forward-proxy.cacheurl = /credential-cache
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml
deleted file mode 100644
index 289fe75..0000000
--- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/reverse-proxy" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="debug">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.rproxy" level="trace" additivity="false">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </logger>
-
-</configuration>
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties
deleted file mode 100644
index 5fddcb2..0000000
--- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties
+++ /dev/null
@@ -1,3 +0,0 @@
-primary-service.protocol = https
-primary-service.host = localhost
-primary-service.port = 9509
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt
deleted file mode 100644
index 79cf29e..0000000
--- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt
+++ /dev/null
@@ -1 +0,0 @@
-Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties
deleted file mode 100644
index 8d46e1f..0000000
--- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties
+++ /dev/null
@@ -1 +0,0 @@
-transactionid.header.name=X-TransactionId
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-search-data/templates/configmap.yaml b/kubernetes/aai/components/aai-search-data/templates/configmap.yaml
index 28cf730..0d76239 100644
--- a/kubernetes/aai/components/aai-search-data/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-search-data/templates/configmap.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -39,47 +40,3 @@
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }}
-
-{{ if .Values.global.installSidecarSecurity }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }}
-{{ end }}
-
diff --git a/kubernetes/aai/components/aai-search-data/templates/deployment.yaml b/kubernetes/aai/components/aai-search-data/templates/deployment.yaml
index eb4aefe..eaa9087 100644
--- a/kubernetes/aai/components/aai-search-data/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-search-data/templates/deployment.yaml
@@ -1,7 +1,7 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2020,2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -38,14 +38,6 @@
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- {{ if .Values.global.installSidecarSecurity }}
- initContainers:
- - name: {{ .Values.global.tproxyConfig.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- securityContext:
- privileged: true
- {{ end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -126,85 +118,6 @@
name: {{ include "common.fullname" . }}-service-logs
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-service-filebeat
-
- {{ if .Values.global.installSidecarSecurity }}
- - name: {{ .Values.global.rproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/rproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.config.keyStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.rproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/forward-proxy.properties
- subPath: forward-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/primary-service.properties
- subPath: primary-service.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/reverse-proxy.properties
- subPath: reverse-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/cadi.properties
- subPath: cadi.properties
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- mountPath: /opt/app/rproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-rproxy-auth-certs
- mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-rproxy-auth-certs
- mountPath: /opt/app/rproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
- subPath: uri-authorization.json
- - name: {{ include "common.fullname" . }}-rproxy-auth-certs
- mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
- subPath: org.onap.aai.p12
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- mountPath: /opt/app/rproxy/config/security/keyfile
- subPath: keyfile
-
- ports:
- - containerPort: {{ .Values.global.rproxy.port }}
-
- - name: {{ .Values.global.fproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/fproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.config.keyStorePassword }}
- - name: TRUST_STORE_PASSWORD
- value: {{ .Values.config.trustStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.fproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-fproxy-config
- mountPath: /opt/app/fproxy/config/fproxy.properties
- subPath: fproxy.properties
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- mountPath: /opt/app/fproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-fproxy-auth-certs
- mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
- subPath: fproxy_truststore
- - name: {{ include "common.fullname" . }}-fproxy-auth-certs
- mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-fproxy-auth-certs
- mountPath: /opt/app/fproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- ports:
- - containerPort: {{ .Values.global.fproxy.port }}
- {{ end }}
-
volumes:
- name: localtime
hostPath:
@@ -228,35 +141,6 @@
- name: {{ include "common.fullname" . }}-service-log-conf
configMap:
name: {{ include "common.fullname" . }}-service-log
- {{ if .Values.global.installSidecarSecurity }}
- - name: {{ include "common.fullname" . }}-rproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-config
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-auth-certs
- secret:
- secretName: aai-rproxy-auth-certs
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- secret:
- secretName: aai-rproxy-security-config
- - name: {{ include "common.fullname" . }}-fproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-config
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- - name: {{ include "common.fullname" . }}-fproxy-auth-certs
- secret:
- secretName: aai-fproxy-auth-certs
- {{ end }}
restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/components/aai-search-data/templates/secret.yaml b/kubernetes/aai/components/aai-search-data/templates/secret.yaml
index eacae25..3135df6 100644
--- a/kubernetes/aai/components/aai-search-data/templates/secret.yaml
+++ b/kubernetes/aai/components/aai-search-data/templates/secret.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -40,16 +41,3 @@
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/auth/search_policy.json").AsSecrets . | indent 2 }}
-
-{{ if .Values.global.installSidecarSecurity }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-auth-config
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
-{{ end }}
-
diff --git a/kubernetes/aai/components/aai-search-data/templates/service.yaml b/kubernetes/aai/components/aai-search-data/templates/service.yaml
index 940222c..e031410 100644
--- a/kubernetes/aai/components/aai-search-data/templates/service.yaml
+++ b/kubernetes/aai/components/aai-search-data/templates/service.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,28 +28,14 @@
spec:
type: {{ .Values.service.type }}
ports:
-{{ if .Values.global.installSidecarSecurity }}
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- targetPort: {{ .Values.global.rproxy.port }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.global.rproxy.port }}
- name: {{ .Values.service.portName }}
- {{- end}}
- {{ else }}
-
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
-{{ end }}
+ {{- if eq .Values.service.type "NodePort" }}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else }}
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
diff --git a/kubernetes/aai/components/aai-search-data/values.yaml b/kubernetes/aai/components/aai-search-data/values.yaml
index ae61dd7..4bd535a 100644
--- a/kubernetes/aai/components/aai-search-data/values.yaml
+++ b/kubernetes/aai/components/aai-search-data/values.yaml
@@ -55,7 +55,7 @@
service:
type: ClusterIP
portName: aai-search-data
- internalPort: 9509
+ internalPort: "9509"
ingress:
enabled: false