[AAI] Remove AAF/TLS config from charts
Remove aaf and tls config from aai charts
Signed-off-by: efiacor <fiachra.corcoran@est.tech>
Change-Id: Ibb26e7ae00eb6b5a65ec2263b8f57ad6fb345892
Issue-ID: OOM-3111
diff --git a/kubernetes/aai/components/aai-resources/Chart.yaml b/kubernetes/aai/components/aai-resources/Chart.yaml
index fc8ad97..362e0e4 100644
--- a/kubernetes/aai/components/aai-resources/Chart.yaml
+++ b/kubernetes/aai/components/aai-resources/Chart.yaml
@@ -1,6 +1,6 @@
# Copyright © 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021-2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -23,12 +23,6 @@
dependencies:
- name: common
version: ~12.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/bath_config.csv b/kubernetes/aai/components/aai-resources/resources/config/aaf/bath_config.csv
deleted file mode 100644
index ec60ef7..0000000
--- a/kubernetes/aai/components/aai-resources/resources/config/aaf/bath_config.csv
+++ /dev/null
@@ -1,27 +0,0 @@
-# AAI -> aai@aai.onap.org
-Basic QUFJOkFBSQ==,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
-
-# ModelLoader -> aai@aai.onap.org
-Basic TW9kZWxMb2FkZXI6TW9kZWxMb2FkZXI=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
-
-# AaiUI -> aai@aai.onap.org,
-Basic QWFpVUk6QWFpVUk=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
-
-# MSO -> so@so.onap.org
-Basic TVNPOk1TTw==,Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1NiE=,2050-03-03
-
-# SDNC -> sdnc@sdnc.onap.org
-Basic U0ROQzpTRE5D,Basic c2RuY0BzZG5jLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03
-
-# DCAE -> dcae@dcae.onap.org
-Basic RENBRTpEQ0FF,Basic ZGNhZUBkY2FlLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03
-
-# POLICY -> policy@policy.onap.org
-Basic UE9MSUNZOlBPTElDWQ==,Basic cG9saWN5QHBvbGljeS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
-
-# ASDC -> sdc@sdc.onap.org
-Basic QVNEQzpBU0RD,Basic c2RjQHNkYy5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
-
-# OOF -> oof@oof.onap.org
-Basic T09GOk9PRg==,Basic b29mQG9vZi5vbmFwLm9yZzpkZW1vMTIzNDQ2IQ==,2050-03-03
-
diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/cadi.properties b/kubernetes/aai/components/aai-resources/resources/config/aaf/cadi.properties
deleted file mode 100644
index ec5fd55..0000000
--- a/kubernetes/aai/components/aai-resources/resources/config/aaf/cadi.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-
-cadi_loglevel=INFO
-cadi_prop_files=/opt/app/aai-resources/resources/aaf/org.osaaf.location.props:/opt/app/aai-resources/resources/aaf/org.onap.aai.props
-
-# OAuth2
-aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
-aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
-
diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.props b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.props
deleted file mode 100644
index f4bb9ee..0000000
--- a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.props
+++ /dev/null
@@ -1,15 +0,0 @@
-############################################################
-# Properties Generated by AT&T Certificate Manager
-# @copyright 2016, AT&T
-# Modifications Copyright © 2020 Orange
-############################################################
-cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
-cadi_keyfile={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.keyfile
-cadi_keystore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-cadi_keystore_password=${KEYSTORE_PASSWORD}
-
-cadi_alias=aai@aai.onap.org
-cadi_truststore={{ .Values.certInitializer.credsPath }}/truststoreONAPall.jks
-cadi_truststore_password=${TRUSTSTORE_ALL_PASSWORD}
-cadi_loglevel=INFO
-cadi_bath_convert=/opt/app/aai-resources/resources/aaf/bath_config.csv
diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.osaaf.location.props b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.osaaf.location.props
deleted file mode 100644
index 8ae66aa..0000000
--- a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.osaaf.location.props
+++ /dev/null
@@ -1,24 +0,0 @@
-##
-## org.osaaf.location.props
-##
-## Localized Machine Information
-##
-# Almeda California ?
-cadi_latitude=37.78187
-cadi_longitude=-122.26147
-
-# Locate URL (which AAF Env)
-aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
-
-
-# AAF URL
-aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
-
-# AAF Environment Designation
-aaf_env=DEV
-
-# OAuth2 Endpoints
-aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
-aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
-
-
diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/permissions.properties b/kubernetes/aai/components/aai-resources/resources/config/aaf/permissions.properties
deleted file mode 100644
index 4234121..0000000
--- a/kubernetes/aai/components/aai-resources/resources/config/aaf/permissions.properties
+++ /dev/null
@@ -1,2 +0,0 @@
-permission.type=org.onap.aai.resources
-permission.instance=*
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties
index a569b53..adabae3 100644
--- a/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties
+++ b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties
@@ -5,6 +5,7 @@
# ================================================================================
# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -38,15 +39,9 @@
# this could come from siteconfig.pl?
aai.config.nodename=AutomaticallyOverwritten
-{{ if ( include "common.needTLS" .) }}
-aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
-aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
-aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
-{{ else }}
aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
-{{ end }}
{{ if .Values.global.config.basic.auth.enabled }}
aai.tools.enableBasicAuth=true
@@ -54,13 +49,6 @@
aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
{{ end }}
-{{ if ( include "common.needTLS" .) }}
-aai.truststore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-aai.truststore.passwd.x=${TRUSTSTORE_PASSWORD}
-aai.keystore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-aai.keystore.passwd.x=${KEYSTORE_PASSWORD}
-{{ end }}
-
aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
aai.notificationEvent.default.status=UNPROCESSED
aai.notificationEvent.default.eventType={{ .Values.global.config.notification.eventType }}
diff --git a/kubernetes/aai/components/aai-resources/resources/config/application.properties b/kubernetes/aai/components/aai-resources/resources/config/application.properties
index b5b64be..40b89ea 100644
--- a/kubernetes/aai/components/aai-resources/resources/config/application.properties
+++ b/kubernetes/aai/components/aai-resources/resources/config/application.properties
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -29,7 +30,7 @@
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration
-spring.profiles.active={{ .Values.global.config.profiles.active }}{{ .Values.global.aafEnabled | ternary ",aaf-auth" "" }}
+spring.profiles.active={{ .Values.global.config.profiles.active }}
spring.jersey.application-path=${schema.uri.base.path}
#The max number of active threads in this pool
server.tomcat.max-threads=200
@@ -44,23 +45,13 @@
server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
server.port=8447
-{{ if ( include "common.needTLS" .) }}
-server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
-server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-server.ssl.key-store-password=${KEYSTORE_PASSWORD}
-server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
-server.ssl.client-auth=want
-server.ssl.key-store-type=JKS
-{{ else }}
security.require-ssl=false
server.ssl.enabled=false
-{{ end }}
# JMS bind address host port
jms.bind.address=tcp://localhost:61647
-dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }}
-dmaap.ribbon.transportType={{ include "common.scheme" . }}
+dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:3904
+dmaap.ribbon.transportType=http
# Schema related attributes for the oxm and edges
# Any additional schema related attributes should start with prefix schema
@@ -96,14 +87,7 @@
schema.service.nodes.endpoint=nodes?version=
schema.service.edges.endpoint=edgerules?version=
schema.service.versions.endpoint=versions
-schema.service.client={{ (eq "true" ( include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
-
-{{ if ( include "common.needTLS" .) }}
-schema.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD}
-schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
-{{ end }}
+schema.service.client=no-auth
#to expose the Prometheus scraping endpoint
management.port=8448
diff --git a/kubernetes/aai/components/aai-resources/templates/configmap.yaml b/kubernetes/aai/components/aai-resources/templates/configmap.yaml
index 9997356..eccc4ba 100644
--- a/kubernetes/aai/components/aai-resources/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/configmap.yaml
@@ -34,19 +34,3 @@
{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/application-keycloak.properties").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-aaf-props
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/aaf/org.osaaf.location.props").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/aaf/permissions.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.props").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/aaf/cadi.properties").AsConfig . | indent 2 }}
diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
index f4e56c2..11008ae 100644
--- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
@@ -3,6 +3,7 @@
# Modifications Copyright (c) 2018 AT&T
# Modifications Copyright (c) 2020 Nokia
# Modifications Copyright (c) 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -79,7 +80,7 @@
spec:
hostname: aai-resources
terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
- name: {{ include "common.name" . }}-readiness
command:
- /app/ready.py
@@ -119,8 +120,6 @@
args:
- -c
- |
- echo "*** retrieve Truststore and Keystore password"
- export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
echo "*** actual launch of AAI Resources"
/bin/bash /opt/app/aai-resources/docker-entrypoint.sh
env:
@@ -128,17 +127,13 @@
value: {{ .Values.global.config.userId | quote }}
- name: LOCAL_GROUP_ID
value: {{ .Values.global.config.groupId | quote }}
- - name: POST_JAVA_OPTS
- value: '-Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststorePassword }}'
- - name: TRUSTORE_ALL_PASSWORD
- value: {{ .Values.certInitializer.truststorePassword }}
- name: INTERNAL_PORT_1
value: {{ .Values.service.internalPort | quote }}
- name: INTERNAL_PORT_2
value: {{ .Values.service.internalPort2 | quote }}
- name: INTERNAL_PORT_3
value: {{ .Values.service.internalPort3 | quote }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -162,21 +157,6 @@
- mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
name: {{ include "common.fullname" . }}-config
subPath: realm.properties
- - mountPath: /opt/app/aai-resources/resources/aaf/bath_config.csv
- name: {{ include "common.fullname" . }}-aaf-certs
- subPath: bath_config.csv
- - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.props
- name: {{ include "common.fullname" . }}-aaf-properties
- subPath: org.onap.aai.props
- - mountPath: /opt/app/aai-resources/resources/aaf/org.osaaf.location.props
- name: {{ include "common.fullname" . }}-aaf-properties
- subPath: org.osaaf.location.props
- - mountPath: /opt/app/aai-resources/resources/aaf/permissions.properties
- name: {{ include "common.fullname" . }}-aaf-properties
- subPath: permissions.properties
- - mountPath: /opt/app/aai-resources/resources/cadi.properties
- name: {{ include "common.fullname" . }}-aaf-properties
- subPath: cadi.properties
- mountPath: /opt/app/aai-resources/resources/application.properties
name: {{ include "common.fullname" . }}-config
subPath: application.properties
@@ -206,7 +186,7 @@
httpGet:
path: /aai/util/echo?action=checkDB
port: {{ .Values.service.internalPort }}
- scheme: HTTP{{ (eq "true" (include "common.needTLS" .)) | ternary "S" "" }}
+ scheme: HTTP
httpHeaders:
- name: X-FromAppId
value: LivenessCheck
@@ -221,7 +201,7 @@
httpGet:
path: /aai/util/echo?action=checkDB
port: {{ .Values.service.internalPort }}
- scheme: HTTP{{ (eq "true" (include "common.needTLS" .)) | ternary "S" "" }}
+ scheme: HTTP
httpHeaders:
- name: X-FromAppId
value: ReadinessCheck
@@ -241,7 +221,7 @@
# side car containers
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: localtime
hostPath:
path: /etc/localtime
@@ -251,12 +231,6 @@
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
- - name: {{ include "common.fullname" . }}-aaf-properties
- configMap:
- name: {{ include "common.fullname" . }}-aaf-props
- - name: {{ include "common.fullname" . }}-aaf-certs
- secret:
- secretName: {{ include "common.fullname" . }}-aaf-keys
restartPolicy: {{ .Values.restartPolicy }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/components/aai-resources/templates/secret.yaml b/kubernetes/aai/components/aai-resources/templates/secret.yaml
deleted file mode 100644
index a0d8629..0000000
--- a/kubernetes/aai/components/aai-resources/templates/secret.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-{{/*
-# Copyright © 2021 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-aaf-keys
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
----
-{{ include "common.secretFast" . }}
diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
index de7bf2d..eb06c8f 100644
--- a/kubernetes/aai/components/aai-resources/values.yaml
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -1,6 +1,7 @@
# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
# Copyright (c) 2020 Nokia, Orange
# Modifications Copyright (c) 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -51,8 +52,7 @@
# Active spring profiles for the resources microservice
profiles:
- # aaf-auth profile will be automatically set if aaf enabled is set to true
- active: production,dmaap #,aaf-auth
+ active: production,dmaap
# Notification event specific properties
notification:
@@ -63,7 +63,7 @@
schema:
# Specifies if the connection should be one way ssl, two way ssl or no auth
service:
- client: one-way-ssl
+ client: no-auth
# Specifies which translator to use if it has schema-service, then it will make a rest request to schema service
translator:
list: schema-service
@@ -123,38 +123,6 @@
url: network
- name: aai-externalSystem
url: external-system
-#################################################################
-# Certificate configuration
-#################################################################
-certInitializer:
- nameOverride: aai-resources-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: aai-resources
- fqi: aai-resources@aai-resources.onap.org
- public_fqdn: aai-resources.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- fqi_namespace: org.onap.aai-resources
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 {{ .Values.credsPath }}
# application image
image: onap/aai-resources:1.11.0