Merge "[COMMON] Allow to include filePaths as a reference to variable"
diff --git a/kubernetes/aai b/kubernetes/aai
index 40aacd4..ed29232 160000
--- a/kubernetes/aai
+++ b/kubernetes/aai
@@ -1 +1 @@
-Subproject commit 40aacd4952fc1d8a37f4ad44c89bef093762b81c
+Subproject commit ed292323735ea0b366960474d15fcfa23b209d0e
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
index 6aad591..512f380 100755
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
@@ -139,8 +139,6 @@
         if $ENABLE_AAF
         then
              cp ${APPC_HOME}/data/properties/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml
-        else
-             cp ${APPC_HOME}/data/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml
         fi
 
 fi
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index a4200c3..c2261d1 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -109,7 +109,7 @@
 
 # application image
 repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.2
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.3
 default_k8s_location: central
 
 # DCAE component images to be deployed via Cloudify Manager
@@ -118,7 +118,7 @@
   holmes_rules: onap/holmes/rule-management:1.2.7
   holmes_engine: onap/holmes/engine-management:1.2.6
   tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.2.2
-  tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.0
+  tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.1
   ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.4
   snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
   prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.2
diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
index 592def2..a56552e 100644
--- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
@@ -72,7 +72,7 @@
 
 # application image
 repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.0
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.1
 
 # Resource Limit flavor -By Default using small
 flavor: small
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml
index 4d87c06..45dc30e 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml
@@ -70,6 +70,7 @@
   "log.retention.hours": "168"
   "zookeeper.connection.timeout.ms": "6000"
   "default.replication.factor": "3"
+  "zookeeper.set.acl": "true"
 
 jmx:
   port: 5555
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml
index 30f4abd..e489823 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml
@@ -171,8 +171,6 @@
           value: "{{ .Values.zkConfig.clientPort }}"
         - name: KAFKA_OPTS
           value: "{{ .Values.zkConfig.kafkaOpts }}"
-        - name: EXTRA_ARGS
-          value: "{{ .Values.zkConfig.extraArgs }}"
         - name: ZOOKEEPER_SERVER_ID
           valueFrom:
             fieldRef:
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml
index 4abb6e3..4f861f8 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml
@@ -31,7 +31,7 @@
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/dmaap/zookeeper:6.0.2
+image: onap/dmaap/zookeeper:6.0.3
 pullPolicy: Always
 ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
 busyBoxImage: busybox:1.30
@@ -75,8 +75,7 @@
   autoPurgeSnapRetainCount: 3
   autoPurgePurgeInterval: 24
   heapOptions: -Xmx2G -Xms2G
-  kafkaOpts: -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
-  extraArgs: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf
+  kafkaOpts: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl
   clientPort: 2181
 
 jmx:
diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml
index ecc5689..f9f20a3 100644
--- a/kubernetes/dmaap/values.yaml
+++ b/kubernetes/dmaap/values.yaml
@@ -42,7 +42,7 @@
 
   #AAF global config overrides
   aafEnabled: true
-  aafAgentImage: onap/aaf/aaf_agent:2.1.15
+  aafAgentImage: onap/aaf/aaf_agent:2.1.20
   aafAppNs: org.osaaf.aaf
   aafLocatorContainer: oom
 
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml
index f623496..c2d6f8c 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml
@@ -58,7 +58,7 @@
         - name: DB_SCHEMA
           value: {{ .Values.config.db.mysqlDatabase }}
         - name: DB_PASSWORD
-          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
         terminationMessagePolicy: File
         volumeMounts:
         - name: {{ include "common.fullname" . }}-config
@@ -79,7 +79,7 @@
         - name: DB_SCHEMA
           value: {{ .Values.config.db.mysqlDatabase }}
         - name: DB_PASSWORD
-          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
         - name: JAVA_TRUSTSTORE
           value: /share/etc/certs/{{ .Values.global.truststoreFile }}
         - name: SSL_KEYSTORE
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml
index dee311c..bd7eb8e 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml
@@ -12,4 +12,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml
index b0afb6e..b41b840 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml
@@ -58,7 +58,7 @@
         - name: DB_SCHEMA
           value: {{ .Values.config.db.mysqlDatabase }}
         - name: DB_PASSWORD
-          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
         terminationMessagePolicy: File
         volumeMounts:
         - name: {{ include "common.fullname" . }}-config
@@ -99,11 +99,11 @@
         - name: DB_PORT
           value: {{ .Values.config.db.port | quote}}
         - name: DB_USERNAME
-          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
         - name: DB_SCHEMA
           value: {{ .Values.config.db.mysqlDatabase }}
         - name: DB_PASSWORD
-          {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
         - name: JAVA_TRUSTSTORE
           value: /share/etc/certs/{{ .Values.global.truststoreFile }}
         - name: SSL_KEYSTORE
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml
index dee311c..bd7eb8e 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml
@@ -12,4 +12,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/oof/charts/oof-cmso/templates/secret.yaml b/kubernetes/oof/charts/oof-cmso/templates/secret.yaml
index 3c61bf3..3dbdd31 100644
--- a/kubernetes/oof/charts/oof-cmso/templates/secret.yaml
+++ b/kubernetes/oof/charts/oof-cmso/templates/secret.yaml
@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
 ---
 apiVersion: v1
 kind: Secret
diff --git a/kubernetes/policy/charts/pdp/templates/secrets.yaml b/kubernetes/policy/charts/pdp/templates/secrets.yaml
new file mode 100644
index 0000000..bd7eb8e
--- /dev/null
+++ b/kubernetes/policy/charts/pdp/templates/secrets.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/charts/pdp/templates/statefulset.yaml b/kubernetes/policy/charts/pdp/templates/statefulset.yaml
index 127c400..16d5fb5 100644
--- a/kubernetes/policy/charts/pdp/templates/statefulset.yaml
+++ b/kubernetes/policy/charts/pdp/templates/statefulset.yaml
@@ -58,6 +58,11 @@
         name: {{ include "common.name" . }}
         image: "{{ include "common.repository" . }}/{{ .Values.image }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        env:
+        - name: JDBC_USER
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+        - name: JDBC_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
         resources:
 {{ include "common.resources" . | indent 12 }}
         ports:
diff --git a/kubernetes/policy/charts/pdp/values.yaml b/kubernetes/policy/charts/pdp/values.yaml
index 8b3b9d4..7b9c561 100644
--- a/kubernetes/policy/charts/pdp/values.yaml
+++ b/kubernetes/policy/charts/pdp/values.yaml
@@ -24,6 +24,17 @@
   loggingImage: beats/filebeat:5.5.0
 
 #################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: db-secret
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+    login: '{{ .Values.db.user }}'
+    password: '{{ .Values.db.password }}'
+    passwordPolicy: required
+
+#################################################################
 # Application configuration defaults.
 #################################################################
 # application image
@@ -35,6 +46,11 @@
 debugEnabled: false
 
 # application configuration
+
+db:
+  user: policy_user
+  password: policy_user
+
 config:
   papPort: 9091
 
diff --git a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh
index 052b6f2..0e47310 100644
--- a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh
+++ b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh
@@ -78,8 +78,17 @@
 		# wait for DB up
 		# now that DB is up, invoke database upgrade
 		# (which does nothing if the db is already up-to-date)
-		dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=))
-		dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=))
+		if [[ -v JDBC_USER ]]; then
+			dbuser=${JDBC_USER};
+		else
+			dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=))
+		fi
+
+		if [[ -v JDBC_PASSWORD ]]; then
+			dbpw=${JDBC_PASSWORD}
+		else
+			dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=))
+		fi
 		db_upgrade_remote.sh $dbuser $dbpw {{.Values.global.mariadb.service.name}}
 	fi
 
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties
index 29feeb6..f2c2cd7 100644
--- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties
+++ b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties
@@ -49,5 +49,5 @@
 #
 javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
 javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/operationshistory
-javax.persistence.jdbc.user={{ .Values.global.mariadb.config.userName }}
-javax.persistence.jdbc.password={{ .Values.global.mariadb.config.userPassword | b64enc }}
+javax.persistence.jdbc.user=${SQL_USER}
+javax.persistence.jdbc.password=${SQL_PASSWORD}
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml
index 57e7c78..5b02c17 100644
--- a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml
+++ b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml
@@ -37,6 +37,11 @@
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
           args: ["/opt/app/policy/pdpx/etc/mounted/config.json"]
+          env:
+          - name: SQL_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+          - name: SQL_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
           # disable liveness probe when breakpoints set in debugger
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml
new file mode 100644
index 0000000..bd7eb8e
--- /dev/null
+++ b/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml
index 5c062a0..dc7266e 100644
--- a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml
@@ -23,6 +23,17 @@
   persistence: {}
 
 #################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: db-secret
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+    login: '{{ .Values.db.user }}'
+    password: '{{ .Values.db.password }}'
+    passwordPolicy: required
+
+#################################################################
 # Application configuration defaults.
 #################################################################
 # application image
@@ -35,6 +46,10 @@
 
 # application configuration
 
+db:
+  user: policy_user
+  password: policy_user
+
 # default number of instances
 replicaCount: 1
 
diff --git a/kubernetes/robot b/kubernetes/robot
index a8e1918..60271b7 160000
--- a/kubernetes/robot
+++ b/kubernetes/robot
@@ -1 +1 @@
-Subproject commit a8e1918a02156ecec86409948d400669c2e67bb7
+Subproject commit 60271b7510ea9d57ed56cd9958d1c07f5ceaf3c5