Merge "[HOLMES] Updated the Docker Version to the Latest"
diff --git a/kubernetes/policy/components/policy-gui/resources/config/default.conf b/kubernetes/policy/components/policy-gui/resources/config/default.conf
deleted file mode 100644
index 98417cd..0000000
--- a/kubernetes/policy/components/policy-gui/resources/config/default.conf
+++ /dev/null
@@ -1,32 +0,0 @@
-server {
-
-  listen 2443 default ssl;
-  ssl_protocols TLSv1.2;
-  {{ if .Values.global.aafEnabled }}
-  ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}};
-  ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}};
-  {{ else }}
-  ssl_certificate /etc/ssl/clamp.pem;
-  ssl_certificate_key /etc/ssl/clamp.key;
-  {{ end }}
-
-  ssl_verify_client optional_no_ca;
-  absolute_redirect off;
-
-  location / {
-    root /usr/share/nginx/html;
-    index index.html index.htm;
-    try_files $uri $uri/ =404;
-  }
-
-  location /clamp/restservices/clds/ {
-    proxy_pass https://policy-clamp-be:8443/restservices/clds/;
-    proxy_set_header X-SSL-Cert $ssl_client_escaped_cert;
-  }
-
-  location = /50x.html {
-    root /var/lib/nginx/html;
-  }
-  error_page  500 502 503 504  /50x.html;
-  error_log /var/log/nginx/error.log warn;
-}
diff --git a/kubernetes/policy/components/policy-gui/templates/deployment.yaml b/kubernetes/policy/components/policy-gui/templates/deployment.yaml
index b67fa27..a155715 100644
--- a/kubernetes/policy/components/policy-gui/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-gui/templates/deployment.yaml
@@ -1,6 +1,6 @@
 {{/*
 #  ============LICENSE_START=======================================================
-#   Copyright (C) 2021 Nordix Foundation.
+#   Copyright (C) 2021-2022 Nordix Foundation.
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -62,6 +62,20 @@
         - name: {{ include "common.name" . }}
           image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+          command: ["sh","-c"]
+          args: ["source {{ .Values.certInitializer.credsPath }}/.ci;/opt/app/policy/gui/bin/policy-gui.sh"]
+          env:
+{{- else }}
+          command: ["/opt/app/policy/gui/bin/policy-gui.sh"]
+          env:
+          - name: KEYSTORE_PASSWD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+          - name: TRUSTSTORE_PASSWD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
+          - name: CLAMP_URL
+            value: https://policy-clamp-be:8443
           ports:
           - containerPort: {{ .Values.service.internalPort }}
           # disable liveness probe when breakpoints set in debugger
@@ -81,9 +95,6 @@
           volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
           - name: logs
             mountPath: {{ .Values.log.path }}
-          - mountPath: /etc/nginx/conf.d/default.conf
-            name: {{ include "common.fullname" . }}-config
-            subPath: default.conf
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -99,9 +110,6 @@
         - name: {{ include "common.fullname" . }}-config
           configMap:
             name: {{ include "common.fullname" . }}
-            items:
-            - key: default.conf
-              path: default.conf
         - name:  logs
           emptyDir: {}
         {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml
index 6ee7715..aa2b9d3 100644
--- a/kubernetes/policy/components/policy-gui/values.yaml
+++ b/kubernetes/policy/components/policy-gui/values.yaml
@@ -1,5 +1,5 @@
 #  ============LICENSE_START=======================================================
-#   Copyright (C) 2021 Nordix Foundation.
+#   Copyright (C) 2021-2022 Nordix Foundation.
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -26,36 +26,46 @@
   aafEnabled: true
 
 #################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: keystore-password
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+    password: '{{ .Values.certStores.keyStorePassword }}'
+    passwordPolicy: required
+  - uid: truststore-password
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+    password: '{{ .Values.certStores.trustStorePassword }}'
+    passwordPolicy: required
+
+certStores:
+  keyStorePassword: Pol1cy_0nap
+  trustStorePassword: Pol1cy_0nap
+
+#################################################################
 # AAF part
 #################################################################
 certInitializer:
-  permission_user: 1000
-  permission_group: 999
-  addconfig: true
-  keystoreFile: "org.onap.clamp.p12"
-  truststoreFile: "org.onap.clamp.trust.jks"
-  keyFile: "org.onap.clamp.keyfile"
-  truststoreFileONAP: "truststoreONAPall.jks"
-  clamp_key: "clamp.key"
-  clamp_pem: "clamp.pem"
-  clamp_ca_certs_pem: "clamp-ca-certs.pem"
   nameOverride: policy-gui-cert-initializer
   aafDeployFqi: deployer@people.osaaf.org
   aafDeployPass: demo123456!
-  # aafDeployCredsExternalSecret: some secret
-  fqdn: clamp
-  fqi: clamp@clamp.onap.org
-  public_fqdn: clamp.onap.org
-  cadi_longitude: "0.0"
+  fqdn: policy
+  fqi: policy@policy.onap.org
+  public_fqdn: policy.onap.org
   cadi_latitude: "0.0"
-  app_ns: org.osaaf.aaf
+  cadi_longitude: "0.0"
   credsPath: /opt/app/osaaf/local
+  app_ns: org.osaaf.aaf
+  uid: 100
+  gid: 101
   aaf_add_config: >
-    cd {{ .Values.credsPath }};
-    openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
-    openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
-    openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
-    chmod a+rx *;
+    echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+    echo "export TRUSTSTORE='{{ .Values.credsPath }}/org.onap.policy.trust.jks'" >> {{ .Values.credsPath }}/.ci;
+    echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+    echo "export TRUSTSTORE_PASSWD='${cadi_truststore_password}'" >> {{ .Values.credsPath }}/.ci;
+    chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
 
 subChartsOnly:
   enabled: true
@@ -63,7 +73,7 @@
 flavor: small
 
 # application image
-image: onap/policy-gui:2.2.0
+image: onap/policy-gui:2.2.2
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -71,7 +81,7 @@
 
 # log configuration
 log:
-  path: /var/log/nginx/
+  path: /var/log/onap/policy/gui
 
 #################################################################
 # Application configuration defaults.