[DCAEGEN2] Create Authorization Policies for DCAE Add initial authorized serviceaccounts for each sub component service Issue-ID: OOM-3132 Change-Id: I984d5aef78836e066d800bf739619f556f9adbfe Signed-off-by: AndrewLamb <andrew.a.lamb@est.tech>

commit: bd6ff6b619dc497cd08946541d2fda7f89684357 [log] [tgz]
author: AndrewLamb <andrew.a.lamb@est.tech> Thu May 04 15:56:49 2023 +0100
committer: Andreas Geissler <andreas-geissler@telekom.de> Fri May 26 06:51:30 2023 +0000
tree: c4741a0a33ef962f869a53c2b5f99e046574ce37
parent: 7258874e2d9a2d21bf017b1dd6276bb0399151be [diff] [blame]
diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
index 037c586..8eb55b4 100644
--- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml

@@ -94,6 +94,13 @@
       port: 8080
       port_protocol: http
 
+serviceMesh:
+  authorizationPolicy:
+    authorizedPrincipals:
+      - serviceAccount: message-router-read
+    authorizedPrincipalsPostgres:
+      - serviceAccount: dcae-son-handler-read
+
 # Credentials
 cpsCreds:
   identity: cps
commit	bd6ff6b619dc497cd08946541d2fda7f89684357	[log] [tgz]
author	AndrewLamb <andrew.a.lamb@est.tech>	Thu May 04 15:56:49 2023 +0100
committer	Andreas Geissler <andreas-geissler@telekom.de>	Fri May 26 06:51:30 2023 +0000
tree	c4741a0a33ef962f869a53c2b5f99e046574ce37
parent	7258874e2d9a2d21bf017b1dd6276bb0399151be [diff] [blame]