Merge "[DMAAP][MR] Allow kafka to run with < 3 replicas"
diff --git a/.ci/check-bashisms.sh b/.ci/check-bashisms.sh
new file mode 100755
index 0000000..0dae225
--- /dev/null
+++ b/.ci/check-bashisms.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# Copyright © 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+if ! which checkbashisms >/dev/null && ! sudo yum install devscripts-minimal && ! sudo apt-get install devscripts
+then
+    printf "checkbashisms command not found - please install it \n\
+            (e.g. sudo apt-get install devscripts | yum install devscripts-minimal )\n" >&2
+    exit 2
+fi
+find . -not -path '*/.*' -name '*.sh' -exec checkbashisms {} + || exit 3
+find . -not -path '*/.*' -name '*.failover' -exec checkbashisms -f \{\} + || exit 4
+! find . -not -path '*/.*' -name '*.sh' -exec grep 'local .*=' {} + || exit 5
+! find . -not -path '*/.*' -name '*.failover' -exec grep 'local .*=' {} + || exit 6
+exit 0
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 6bfce7a..980093a 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -6,7 +6,7 @@
       - id: trailing-whitespace
         #exclude: '^ordmodels/'
   - repo: https://github.com/jorisroovers/gitlint
-    rev: v0.15.1
+    rev: v0.17.0
     hooks:
       - id: gitlint
         stages: [commit-msg]
diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
index 32bba45..b1e85c0 100644
--- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml
+++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
@@ -84,12 +84,19 @@
   env:
     - name: APP_FQI
       value: "{{ $initRoot.fqi }}"
+  {{- if $initRoot.aaf_namespace }}
     - name: aaf_locate_url
-      value: "https://aaf-locate.{{ $dot.Release.Namespace}}:8095"
-    - name: aaf_locator_container
-      value: "oom"
+      value: "https://aaf-locate.{{ $initRoot.aaf_namespace }}:8095"
+    - name: aaf_locator_container_ns
+      value: "{{ $initRoot.aaf_namespace }}"
+  {{- else }}
+    - name: aaf_locate_url
+      value: "https://aaf-locate.{{ $dot.Release.Namespace }}:8095"
     - name: aaf_locator_container_ns
       value: "{{ $dot.Release.Namespace }}"
+  {{- end }}
+    - name: aaf_locator_container
+      value: "oom"
     - name: aaf_locator_fqdn
       value: "{{ $initRoot.fqdn }}"
     - name: aaf_locator_app_ns
@@ -183,7 +190,7 @@
 {{- define "common.certInitializer._volumes" -}}
 {{-   $dot := default . .dot -}}
 {{-   $initRoot := default $dot.Values.certInitializer .initRoot -}}
-{{- $subchartDot := mergeOverwrite (deepCopy (omit $dot "Values")) (dict "Chart" (set (fromJson (toJson $dot.Chart)) "Name" $initRoot.nameOverride) "Values" (mergeOverwrite (deepCopy $initRoot) (dict "global" $dot.Values.global))) }}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot))}}
 - name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
   emptyDir:
     medium: Memory
diff --git a/kubernetes/common/common/templates/_utils.tpl b/kubernetes/common/common/templates/_utils.tpl
index ece786f..52826c2 100644
--- a/kubernetes/common/common/templates/_utils.tpl
+++ b/kubernetes/common/common/templates/_utils.tpl
@@ -36,6 +36,5 @@
 {{- define "common.subChartDot" }}
 {{- $initRoot := .initRoot }}
 {{- $dot := .dot }}
-{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}}
-{{ mergeOverwrite (deepCopy (omit $dot "Values")) (dict "Chart" (set (fromJson (toJson $dot.Chart)) "Name" $initRoot.nameOverride) "Values" (mergeOverwrite (deepCopy $initRoot) (dict "global" $dot.Values.global))) | toJson }}
+{{ mergeOverwrite (deepCopy (omit $dot "Values" "Chart")) (dict "Chart" (set (set (fromJson (toJson $dot.Chart)) "Name" $initRoot.nameOverride) "Version" $dot.Chart.Version) "Values" (mergeOverwrite (deepCopy $initRoot) (dict "global" $dot.Values.global))) | toJson }}
 {{- end -}}
diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml
index bc9273f..769c9b7 100644
--- a/kubernetes/common/mariadb-galera/values.yaml
+++ b/kubernetes/common/mariadb-galera/values.yaml
@@ -50,7 +50,7 @@
   clusterDomain: cluster.local
   metrics: {}
 
-image: bitnami/mariadb-galera:10.5.8
+image: bitnami/mariadb-galera:10.6.5
 ## Specify a imagePullPolicy
 ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
 ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml
index 1160205..e156db2 100644
--- a/kubernetes/common/mongo/templates/statefulset.yaml
+++ b/kubernetes/common/mongo/templates/statefulset.yaml
@@ -39,6 +39,23 @@
 {{ include "common.podSecurityContext" . | indent 6 }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
+      initContainers:
+        # we shouldn't need this but for unknown reason, it's fsGroup is not
+        # applied
+        - name: fix-permission
+          command:
+            - /bin/sh
+          args:
+            - -c
+            - |
+              chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /data
+          image: {{ include "repositoryGenerator.image.busybox" . }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          securityContext:
+            runAsUser: 0
+          volumeMounts:
+            - name: {{ include "common.fullname" . }}-data
+              mountPath: /data
       containers:
         - name: {{ include "common.name" . }}
           image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
@@ -72,7 +89,7 @@
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-data
-            mountPath: /var/lib/mongo
+            mountPath: /data/db
           resources: {{ include "common.resources" . | nindent 12 }}
 {{ include "common.containerSecurityContext" . | indent 10 }}
         {{- if .Values.nodeSelector }}
diff --git a/kubernetes/common/mongo/values.yaml b/kubernetes/common/mongo/values.yaml
index ee1d8c7..caab718 100644
--- a/kubernetes/common/mongo/values.yaml
+++ b/kubernetes/common/mongo/values.yaml
@@ -24,7 +24,7 @@
 # Application configuration defaults.
 #################################################################
 
-image: library/mongo:4.0.8
+image: library/mongo:4.4.10
 pullPolicy: Always
 
 # application configuration
diff --git a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
index 71201a1..90c278e 100644
--- a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
+++ b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
@@ -83,10 +83,14 @@
   {{- end }}
   env:
   - name: NAMESPACE
+  {{- if $subchartDot.Values.namespace }}
+    value: {{ $subchartDot.Values.namespace }}
+  {{- else }}
     valueFrom:
       fieldRef:
         apiVersion: v1
         fieldPath: metadata.namespace
+  {{- end }}
   resources:
     limits:
       cpu: {{ $subchartDot.Values.limits.cpu }}
diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml
index e2fe1ff..e36ad49 100644
--- a/kubernetes/common/repositoryGenerator/values.yaml
+++ b/kubernetes/common/repositoryGenerator/values.yaml
@@ -24,15 +24,15 @@
 
   # common global images
   busyboxImage: busybox:1.32
-  curlImage: curlimages/curl:7.69.1
+  curlImage: curlimages/curl:7.80.0
   envsubstImage: dibi/envsubst:1
   # there's only latest image for htpasswd
   htpasswdImage: xmartlabs/htpasswd:latest
   jettyImage: jetty:9-jdk11-slim
-  jreImage: onap/integration-java11:7.1.0
+  jreImage: onap/integration-java11:10.0.0
   kubectlImage: bitnami/kubectl:1.19
   loggingImage: beats/filebeat:5.5.0
-  mariadbImage: bitnami/mariadb:10.5.8
+  mariadbImage: bitnami/mariadb:10.6.5
   nginxImage: bitnami/nginx:1.18-debian-10
   postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1
   readinessImage: onap/oom/readiness:3.0.1
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
index aac0f4b..5ba7d29 100644
--- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
@@ -229,10 +229,12 @@
 {{- $policy := default dict .Values.policies -}}
 {{- $policyRls := default $commonRelease $policy.policyRelease -}}
 {{- $drFeedConfig := default "" .Values.drFeedConfig -}}
-
+{{- $dcaeName := print (include "common.fullname" .) }}
+{{- $dcaeLabel := (dict "dcaeMicroserviceName" $dcaeName) -}}
+{{- $dot := . -}}
 apiVersion: apps/v1
 kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+metadata: {{- include "common.resourceMetadata" (dict "dot" $dot "labels" $dcaeLabel) | nindent 2 }}
 spec:
   replicas: 1
   selector: {{- include "common.selectors" . | nindent 4 }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml
index 2b3ab32..4a51c7f 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml
@@ -59,6 +59,8 @@
               value: {{ include "common.namespace" . }}
             - name: HELM_RELEASE
               value: {{ include "common.release" . }}
+            - name: DEPLOY_LABEL
+              value: {{ .Values.deployLabel }}
       volumes:
         - name: {{ include "common.fullname" . }}-expected-components
           configMap:
diff --git a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml
index 58ae706..3b47e7f 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml
@@ -31,6 +31,11 @@
     - port: 8080
       name: http
 
+# Label on DCAE microservice deployments
+# (Used by healthcheck code to find deployments
+# created after initial DCAE installation)
+deployLabel: dcaeMicroserviceName
+
 # probe configuration parameters
 liveness:
   initialDelaySeconds: 10
@@ -43,7 +48,7 @@
   initialDelaySeconds: 10
   periodSeconds: 10
 # application image
-image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.3.0
+image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.4.0
 
 # Resource Limit flavor -By Default using small
 flavor: small
diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
index 1e60d24..54dcda8 100644
--- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
@@ -38,6 +38,11 @@
     login: '{{ .Values.aafCreds.identity }}'
     password: '{{ .Values.aafCreds.password }}'
     passwordPolicy: required
+  - uid: &cpsCredsUID cpscreds
+    type: basicAuth
+    login: '{{ .Values.cpsCreds.identity }}'
+    password: '{{ .Values.cpsCreds.password }}'
+    passwordPolicy: required
   - uid: &pgUserCredsSecretUid pg-user-creds
     name: &pgUserCredsSecretName '{{ include "common.release" . }}-sonhms-pg-user-creds'
     type: basicAuth
@@ -70,7 +75,7 @@
 # TLS role -- set to true if microservice acts as server
 # If true, an init container will retrieve a server cert
 # and key from AAF and mount them in certDirectory.
-tlsServer: true
+tlsServer: false
 
 # Policy configuraiton properties
 # if present, policy-sync side car will be deployed
@@ -92,7 +97,7 @@
   periodSeconds: 15
   timeoutSeconds: 1
   path: /healthcheck
-  scheme: HTTPS
+  scheme: HTTP
   port: 8080
 
 # Service Configuration
@@ -108,6 +113,9 @@
 aafCreds:
   identity: dcae@dcae.onap.org
   password: demo123456!
+cpsCreds:
+  identity: cps
+  password: cpsr0cks!
 
 credentials:
 - name: AAF_IDENTITY
@@ -116,6 +124,12 @@
 - name: AAF_PASSWORD
   uid: *aafCredsUID
   key: password
+- name: CPS_IDENTITY
+  uid: *cpsCredsUID
+  key: login
+- name: CPS_PASSWORD
+  uid: *cpsCredsUID
+  key: password
 - name: PG_USERNAME
   uid:  *pgUserCredsSecretUid
   key: login
@@ -130,6 +144,8 @@
   postgres.port: 5432
   postgres.username: ${PG_USERNAME}
   postgres.password: ${PG_PASSWORD}
+  cps.username: ${CPS_IDENTITY}
+  cps.password: ${CPS_PASSWORD}
   sonhandler.pollingInterval: 20
   sonhandler.pollingTimeout: 60
   cbsPollingInterval: 60
@@ -145,6 +161,12 @@
   sonhandler.bufferTime: 60
   sonhandler.cg: sonhms-cg
   sonhandler.cid: sonhms-cid
+  sonhandler.clientType: cps
+  cps.service.url: http://cps-tbdmt:8080
+  cps.get.celldata: execute/cps-ran-schemaset/get-cell-data
+  cps.get.nbr.list.url: execute/cps-ran-schemaset/get-nbr-list
+  cps.get.pci.url: execute/ran-network-schemaset/get-pci
+  cps.get.pnf.url: execute/ran-network-schemaset/get-pnf
   sonhandler.configDb.service: http://configdb:8080
   sonhandler.oof.service: https://oof-osdf:8698
   sonhandler.oof.endpoint: /api/oof/v1/pci
diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml
index 8134e0d..67312d7 100644
--- a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml
@@ -42,7 +42,7 @@
   initialDelaySeconds: 10
   periodSeconds: 10
 # application image
-image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.3.0
+image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.4.0
 
 # Resource Limit flavor -By Default using small
 flavor: small
diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml
index bbc72a5..73661ac 100644
--- a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml
@@ -42,7 +42,7 @@
   initialDelaySeconds: 10
   periodSeconds: 10
 # application image
-image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.2.0
+image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.4.0
 
 # Resource Limit flavor -By Default using small
 flavor: small
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql
index 8199845..e5eecb1 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql
@@ -22,12 +22,10 @@
 
 \encoding UTF8;
 
-/******************DELETE OLD TABLE AND CREATE NEW***************************/
+/******************CREATE NEW TABLE***************************/
 \c ${DB_NAME};
 
-DROP TABLE IF EXISTS ALARM_INFO;
-
-CREATE TABLE ALARM_INFO (
+CREATE TABLE IF NOT EXISTS ALARM_INFO (
   EVENTID VARCHAR(150) NOT NULL,
   EVENTNAME VARCHAR(150) NOT NULL,
   ALARMISCLEARED SMALLINT NOT NULL,
@@ -36,7 +34,8 @@
   LASTEPOCHMICROSEC BIGINT NOT NULL,
   SOURCEID VARCHAR(150)  NOT NULL,
   SOURCENAME VARCHAR(150)  NOT NULL,
-  PRIMARY KEY (EVENTID)
+  SEQUENCE SMALLINT NOT NULL,
+  PRIMARY KEY (EVENTID, SEQUENCE, SOURCENAME)
 );
 
 CREATE TABLE IF NOT EXISTS ENGINE_ENTITY (
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 133e59f..1b6099a 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -81,7 +81,7 @@
   busyboxImage: busybox:1.32
 
   # curl image
-  curlImage: curlimages/curl:7.69.1
+  curlImage: curlimages/curl:7.80.0
 
   # env substitution image
   envsubstImage: dibi/envsubst:1
@@ -97,7 +97,7 @@
   loggingImage: beats/filebeat:5.5.0
 
   # mariadb client image
-  mariadbImage: bitnami/mariadb:10.5.8
+  mariadbImage: bitnami/mariadb:10.6.5
 
   # nginx server image
   nginxImage: bitnami/nginx:1.18-debian-10
@@ -112,7 +112,7 @@
   pullPolicy: Always
 
   # default java image
-  jreImage: onap/integration-java11:7.2.0
+  jreImage: onap/integration-java11:10.0.0
 
   # default clusterName
   # {{ template "common.fullname" . }}.{{ template "common.namespace" . }}.svc.{{ .Values.global.clusterName }}
diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml
index 26ed0a7..43ec1d7 100755
--- a/kubernetes/policy/components/policy-api/values.yaml
+++ b/kubernetes/policy/components/policy-api/values.yaml
@@ -93,7 +93,7 @@
     internalPort: 3306
 
 restServer:
-  user: healthcheck
+  user: policyadmin
   password: none
 
 # default number of instances
diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties
index aa9870a..cd6c6fa 100644
--- a/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties
+++ b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties
@@ -53,10 +53,10 @@
 #
 # Configuration Settings for Policy Engine Components
 clamp.config.policy.api.url=https://policy-api.{{ include "common.namespace" . }}:6969
-clamp.config.policy.api.userName=healthcheck
+clamp.config.policy.api.userName=policyadmin
 clamp.config.policy.api.password=zb!XztG34
 clamp.config.policy.pap.url=https://policy-pap.{{ include "common.namespace" . }}:6969
-clamp.config.policy.pap.userName=healthcheck
+clamp.config.policy.pap.userName=policyadmin
 clamp.config.policy.pap.password=zb!XztG34
 
 #DCAE Inventory Url Properties
diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml
index 791b785..a831da8 100644
--- a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml
@@ -89,10 +89,10 @@
 # application configuration
 restServer:
   api:
-    user: healthcheck
+    user: policyadmin
     password: none
   pap:
-    user: healthcheck
+    user: policyadmin
     password: none
 
 nodeSelector: {}
diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml
index 2d80fbb..ef676bb 100755
--- a/kubernetes/policy/components/policy-distribution/values.yaml
+++ b/kubernetes/policy/components/policy-distribution/values.yaml
@@ -79,10 +79,10 @@
   user: healthcheck
   password: zb!XztG34
 apiParameters:
-  user: healthcheck
+  user: policyadmin
   password: zb!XztG34
 papParameters:
-  user: healthcheck
+  user: policyadmin
   password: zb!XztG34
 sdcBe:
   user: policy
diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml
index fa0fda8..4d7c0f2 100755
--- a/kubernetes/policy/components/policy-drools-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml
@@ -124,7 +124,7 @@
   password: policy_user
 
 pap:
-  user: healthcheck
+  user: policyadmin
   password: zb!XztG34
 
 pdp:
diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml
index d713552..e7db99e 100755
--- a/kubernetes/policy/components/policy-pap/values.yaml
+++ b/kubernetes/policy/components/policy-pap/values.yaml
@@ -108,12 +108,12 @@
     internalPort: 3306
 
 restServer:
-  user: healthcheck
+  user: policyadmin
   password: none
 
 healthCheckRestClient:
   api:
-    user: healthcheck
+    user: policyadmin
     password: none
   distribution:
     user: healthcheck
diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
index 7c2d1b1..2007ab2 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
@@ -103,7 +103,7 @@
   password: zb!XztG34
 
 apiServer:
-  user: healthcheck
+  user: policyadmin
   password: zb!XztG34
 
 # default number of instances
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 5204aa7..851c895 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -183,9 +183,9 @@
     nameOverride: *policy-mariadb
 
 restServer:
-  policyPapUserName: healthcheck
+  policyPapUserName: policyadmin
   policyPapUserPassword: zb!XztG34
-  policyApiUserName: healthcheck
+  policyApiUserName: policyadmin
   policyApiUserPassword: zb!XztG34
 
 # Resource Limit flavor -By Default using small
diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
index fe496bc..ddaf099 100644
--- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
+++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
@@ -50,13 +50,6 @@
     unset "$fileVar"
 }
 
-# check to see if this file is being run or sourced from another script
-_is_sourced() {
-    # https://unix.stackexchange.com/a/215279
-    [ "${#FUNCNAME[@]}" -ge 2 ] \
-        && [ "${FUNCNAME[0]}" = '_is_sourced' ] \
-        && [ "${FUNCNAME[1]}" = 'source' ]
-}
 
 # usage: docker_process_init_files [file [file [...]]]
 #    ie: docker_process_init_files /always-initdb.d/*
@@ -378,6 +371,7 @@
 }
 
 # If we are sourced from elsewhere, don't perform any further actions
-if ! _is_sourced; then
+# https://stackoverflow.com/questions/2683279/how-to-detect-if-a-script-is-being-sourced/2942183#2942183
+if [ "$(basename $0)" = "docker-entrypoint.sh" ]; then
     _main "$@"
 fi
diff --git a/tox.ini b/tox.ini
index dee4f3a..6388e88 100644
--- a/tox.ini
+++ b/tox.ini
@@ -57,17 +57,17 @@
 
 [testenv:checkbashisms]
 deps =
-whitelist_externals = sh
-                      find
-                      checkbashisms
+whitelist_externals =
+    {toxinidir}/.ci/check-bashisms.sh
 commands =
-    sh -c 'which checkbashisms>/dev/null  || sudo yum install devscripts-minimal || sudo apt-get install devscripts \
-        || (echo "checkbashisms command not found - please install it (e.g. sudo apt-get install devscripts | \
-        yum install devscripts-minimal )" >&2 && exit 1)'
-    find . -not -path '*/\.*' -name *.sh -exec checkbashisms \{\} +
-    find . -not -path '*/\.*' -name *.failover -exec checkbashisms -f \{\} +
-    sh -c "! find . -not -path '*/\.*' -name *.sh -exec grep 'local .*=' \{\} + || exit 2"
-    sh -c "! find . -not -path '*/\.*' -name *.failover -exec grep 'local .*=' \{\} + || exit 2"
+    {toxinidir}/.ci/check-bashisms.sh
+
+[testenv:shellcheck]
+basepython = python3
+deps = shellcheck-py
+whitelist_externals = find
+commands =
+    find . -not -path '*/\.*' -name *.sh -exec shellcheck \{\} +
 
 [testenv:autopep8]
 deps =
@@ -112,3 +112,9 @@
     # As a result, the line above is always skipped in jenkins CI since there cannot be a .git/COMMIT_EDITMSG file.
     # A dedicated gitlint profile for CI is proposed above. Also to behave fine locally, this profile must have access
     # to the HOME variable so that Gitlint can retrieve Git user settings.
+
+[testenv:pre-commit-autoupdate]
+basepython = python3
+deps = pre-commit
+commands =
+    pre-commit autoupdate