[POLICY] Move policy dist to use strimzi templates

Move policy dist to use strimzi templates

Signed-off-by: efiacor <fiachra.corcoran@est.tech>
Change-Id: I4a03812a7545ce7a4fcd5443a2c0af89933b1a63
Issue-ID: DMAAP-1857
diff --git a/kubernetes/common/common/templates/_strimzikafka.tpl b/kubernetes/common/common/templates/_strimzikafka.tpl
index 3fd46c7..f8f562e 100644
--- a/kubernetes/common/common/templates/_strimzikafka.tpl
+++ b/kubernetes/common/common/templates/_strimzikafka.tpl
@@ -55,7 +55,6 @@
 kind: KafkaUser
 metadata:
   name: {{ include "common.name" . }}-ku
-  namespace: {{ include "common.namespace" $global }}
   labels:
     strimzi.io/cluster: {{ include "common.release" . }}-strimzi
 spec:
diff --git a/kubernetes/policy/components/policy-distribution/resources/config/config.json b/kubernetes/policy/components/policy-distribution/resources/config/config.json
index 94fc37b..0db30b2 100755
--- a/kubernetes/policy/components/policy-distribution/resources/config/config.json
+++ b/kubernetes/policy/components/policy-distribution/resources/config/config.json
@@ -3,6 +3,7 @@
 #   Copyright (C) 2018 Ericsson. All rights reserved.
 #   Modifications Copyright (C) 2020 AT&T Intellectual Property.
 #   Modifications Copyright (C) 2021 Bell Canada. All rights reserved.
+#   Modifications Copyright (C) 2023 Nordix Foundation
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -57,15 +58,17 @@
             "parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
             "parameters":{
                 "environmentName": "AUTO",
-                "isUseHttpsWithSDC": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }},
+                "isUseHttpsWithSdc": false,
                 "keyStorePath": "null",
                 "keyStorePassword": "null",
                 "activeserverTlsAuth": false,
-                "sdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}",
+                "sdcAddress": "sdc-be.{{ include "common.namespace" . }}:8080",
                 "user": "${SDCBE_USER}",
                 "password": "${SDCBE_PASSWORD}",
-                "consumerGroup": "{{ .Values.config.kafka.sdcTopic.consumerGroup }}",
-                "consumerId": "{{ .Values.config.kafka.sdcTopic.clientId }}",
+                {{ with (first .Values.kafkaUser.acls) }}
+                "consumerId": "{{ .name }}-id",
+                "consumerGroup": "{{ .name }}",
+                {{ end }}
                 "pollingInterval":20,
                 "pollingTimeout":30,
                 "artifactTypes": [
diff --git a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml
index 9c71ac1..082593d 100755
--- a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml
@@ -76,24 +76,22 @@
           image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           env:
-          - name: SECURITY_PROTOCOL
-            value: {{ .Values.config.kafka.securityProtocol }}
-          - name: SASL_MECHANISM
-            value: {{ .Values.config.kafka.saslMechanism }}
           - name: SASL_JAAS_CONFIG
-            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-dist-kafka-user" "key" "sasl.jaas.config") | indent 12 }}
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "common.name" . }}-ku
+                key: sasl.jaas.config
 {{- if .Values.global.aafEnabled }}
           command: ["sh","-c"]
           args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
                   /opt/app/policy/distribution/bin/policy-dist.sh /opt/app/policy/distribution/etc/mounted/config.json"]
 {{- else }}
-          command: ["/opt/app/policy/distribution/bin/policy-dist.sh"]
-          args: ["/opt/app/policy/distribution/etc/mounted/config.json"]
-          env:
           - name: KEYSTORE_PASSWD
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
           - name: TRUSTSTORE_PASSWD
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+          command: ["/opt/app/policy/distribution/bin/policy-dist.sh"]
+          args: ["/opt/app/policy/distribution/etc/mounted/config.json"]
 {{- end }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
diff --git a/kubernetes/policy/components/policy-distribution/templates/kafkauser.yaml b/kubernetes/policy/components/policy-distribution/templates/kafkauser.yaml
new file mode 100644
index 0000000..6fc37c3
--- /dev/null
+++ b/kubernetes/policy/components/policy-distribution/templates/kafkauser.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
diff --git a/kubernetes/policy/components/policy-distribution/templates/policy-dist-kafka-user.yaml b/kubernetes/policy/components/policy-distribution/templates/policy-dist-kafka-user.yaml
deleted file mode 100644
index eb721b0..0000000
--- a/kubernetes/policy/components/policy-distribution/templates/policy-dist-kafka-user.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaUser
-metadata:
-  name: {{ include "common.release" . }}-{{ .Values.global.policyDistKafkaUser }}
-  labels:
-    strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
-  authentication:
-    type: {{ .Values.config.kafka.saslMechanism | lower }}
-  authorization:
-    type: {{ .Values.config.kafka.authType }}
-    acls:
-    - resource:
-        type: group
-        name: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
-      operation: Read
-    - resource:
-        type: topic
-        patternType: prefix
-        name: {{ .Values.config.kafka.sdcTopic.pattern }}
-      operation: All
diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml
index 5cdda2f..f341c97 100755
--- a/kubernetes/policy/components/policy-distribution/values.yaml
+++ b/kubernetes/policy/components/policy-distribution/values.yaml
@@ -1,6 +1,7 @@
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2018 Ericsson. All rights reserved.
 #   Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
+#   Modifications Copyright (C) 2023 Nordix Foundation
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -55,13 +56,7 @@
     externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
     password: '{{ .Values.certStores.trustStorePassword }}'
     passwordPolicy: required
-  - uid: policy-dist-kafka-user
-    externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
-    type: genericKV
-    envs:
-      - name: sasl.jaas.config
-        value: '{{ .Values.config.someConfig }}'
-        policy: generate
+
 #################################################################
 # Global configuration defaults.
 #################################################################
@@ -79,18 +74,16 @@
 # flag to enable debugging - application support required
 debugEnabled: false
 
-# application configuration
-config:
-  someConfig: blah
-  kafka:
-    bootstrapServer: strimzi-kafka-bootstrap:9092
-    securityProtocol: SASL_PLAINTEXT
-    saslMechanism: SCRAM-SHA-512
-    authType: simple
-    sdcTopic:
-      pattern: SDC-DIST
-      consumerGroup: policy-group
-      clientId: policy-distribution
+#Strimzi Kafka User def
+kafkaUser:
+  acls:
+    - name: policy-distribution
+      type: group
+      operations: [Read]
+    - name: SDC-DISTR
+      type: topic
+      patternType: prefix
+      operations: [Read, Write]
 
 restServer:
   user: healthcheck
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 1ee31c2..7270515 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -1,6 +1,6 @@
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018-2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2021-2022 Nordix Foundation.
+# Modifications Copyright (C) 2021-2023 Nordix Foundation.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -38,7 +38,6 @@
       name: postgres
   kafkaBootstrap: strimzi-kafka-bootstrap
   policyKafkaUser: policy-kafka-user
-  policyDistKafkaUser: policy-dist-kafka-user
 
 #################################################################
 # Secrets metaconfig
@@ -128,8 +127,6 @@
 policy-distribution:
   enabled: true
   db: *dbSecretsHook
-  config:
-    jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyDistKafkaUser }}'
 policy-clamp-ac-k8s-ppnt:
   enabled: true
   config: