commit e1b8ac66737bb1a9abecc57ca1733bfa630dc151
author Sylvain Desbureaux <sylvain.desbureaux@orange.com> Tue Feb 16 10:29:00 2021 +0100
committer Sylvain Desbureaux <sylvain.desbureaux@orange.com> Thu Feb 18 07:15:36 2021 +0000
tree 519a11b39a7f06527b20ed01741b719f72cb524f
parent d316c397dacae3994fcd260cda14ce872f664581

[APPC][CDT] Automatically retrieve certificates

Instead of using hardcoded certificates in container, use
certInitializer in order to retrieve them.

Issue-ID: OOM-2682
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I93b7a1a0bddf2540e222ec4406d0cfd12f6f5e5e

kubernetes/appc/components/appc-cdt/values.yaml

diff --git a/kubernetes/appc/components/appc-cdt/values.yaml b/kubernetes/appc/components/appc-cdt/values.yaml
index b3dab71..3b1ff47 100644
--- a/kubernetes/appc/components/appc-cdt/values.yaml
+++ b/kubernetes/appc/components/appc-cdt/values.yaml
@@ -18,6 +18,48 @@
 global:
   nodePortPrefix: 302
 
+
+#################################################################
+# AAF part
+#################################################################
+
+# dependency / sub-chart configuration
+certInitializer:
+  nameOverride: appc-cdt-cert-initializer
+  truststoreMountpath: /opt/onap/appc/data/stores
+  fqdn: "appc-cdt"
+  app_ns: "org.osaaf.aaf"
+  fqi: "appc-cdt@appc-cdt.onap.org"
+  fqi_namespace: org.onap.appc-cdt
+  public_fqdn: "appc-cdt.onap.org"
+  aafDeployFqi: "deployer@people.osaaf.org"
+  aafDeployPass: demo123456!
+  cadi_latitude: "38.0"
+  cadi_longitude: "-72.0"
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: |
+    echo "*** retrieving password for keystore"
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass \
+      {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0)
+    if [ -z "$cadi_keystore_password_p12" ]
+    then
+      echo "  /!\ certificates retrieval failed"
+      exit 1
+    else
+      cd {{ .Values.credsPath }};
+      mkdir -p certs;
+      echo "*** transform AAF certs into pem files"
+      mkdir -p {{ .Values.credsPath }}/certs
+      openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
+        -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \
+        -passin pass:$cadi_keystore_password_p12 \
+        -passout pass:$cadi_keystore_password_p12
+      echo "*** copy key file"
+      cp {{ .Values.fqi_namespace }}.key certs/key.pem;
+      echo "*** change ownership of certificates to targeted user"
+      chown -R 1000 {{ .Values.credsPath }}
+    fi
+
 #################################################################
 # Application configuration defaults.
 #################################################################