[AAI][SCHEMA] Remove Hardcoded certificates

Use Certinitializer in order to retrieve needed certificates.
It'll also do the retrieval for graphadmin as both microservices are
working together.

Issue-ID: OOM-2691
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Iad790cc14361cf15d5a6bf4fcad6fd9f4048a1a7
diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml
index 121809e..7989bcc 100644
--- a/kubernetes/aai/components/aai-schema-service/values.yaml
+++ b/kubernetes/aai/components/aai-schema-service/values.yaml
@@ -58,20 +58,40 @@
         edge:
           label: v12
 
-    # Keystore configuration password and filename
-    keystore:
-      filename: aai_keystore
-      passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 # changeit
-
-    # Truststore configuration password and filename
-    truststore:
-      filename: aai_keystore
-      passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 # changeit
-
-    # Specifies a list of files to be included in auth volume
-    auth:
-      files:
-        - aai_keystore
+#################################################################
+# Certificate configuration
+#################################################################
+certInitializer:
+  nameOverride: aai-schema-service-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: aai-schema-service
+  fqi: aai-schema-service@aai-schema-service.onap.org
+  public_fqdn: aai-schema-service.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  fqi_namespace: org.onap.aai-schema-service
+  user_id: &user_id 1000
+  group_id: &group_id 1000
+  aaf_add_config: |
+    echo "*** changing them into shell safe ones"
+    export KEYSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+    export TRUSTSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+    cd {{ .Values.credsPath }}
+    keytool -storepasswd -new "${KEYSTORE_PLAIN_PASSWORD}" \
+      -storepass "${cadi_keystore_password_p12}" \
+      -keystore {{ .Values.fqi_namespace }}.p12
+    keytool -storepasswd -new "${TRUSTSTORE_PLAIN_PASSWORD}" \
+      -storepass "${cadi_truststore_password}" \
+      -keystore {{ .Values.fqi_namespace }}.trust.jks
+    echo "*** writing passwords into prop file"
+    echo "KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}" > {{ .Values.credsPath }}/mycreds.prop
+    echo "TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop
+    echo "*** change ownership of certificates to targeted user"
+    chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }}
 
 # application image
 image: onap/aai-schema-service:1.9.2
@@ -147,6 +167,11 @@
   roles:
     - read
 
+# Not fully used for now
+securityContext:
+  user_id: *user_id
+  group_id: *group_id
+
 #Log configuration
 log:
   path: /var/log/onap