[DMAAP] Don't hardcode mariadb-galera password

Let's use common secret template to generate user credentials for
DMAAP data router DB DB and depend on mariadb-galera to generate
secure enough root password.

Issue-ID: OOM-2287
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I82d22a2db2dc9fba655f99f837be689f4a32a871
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
index 34662ae..b672311 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
@@ -7,9 +7,9 @@
 # * Licensed under the Apache License, Version 2.0 (the "License");
 # * you may not use this file except in compliance with the License.
 # * You may obtain a copy of the License at
-# * 
+# *
 #  *      http://www.apache.org/licenses/LICENSE-2.0
-# * 
+# *
 #  * Unless required by applicable law or agreed to in writing, software
 # * distributed under the License is distributed on an "AS IS" BASIS,
 # * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -40,9 +40,9 @@
 
 # Database access
 org.onap.dmaap.datarouter.db.driver   = org.mariadb.jdbc.Driver
-org.onap.dmaap.datarouter.db.url      = jdbc:mariadb://{{.Values.config.dmaapDrDb.mariadbServiceName}}:{{.Values.config.dmaapDrDb.mariadbServicePort}}/datarouter
-org.onap.dmaap.datarouter.db.login    = datarouter
-org.onap.dmaap.datarouter.db.password = datarouter
+org.onap.dmaap.datarouter.db.url      = jdbc:mariadb://{{.Values.config.dmaapDrDb.mariadbServiceName}}:{{.Values.config.dmaapDrDb.mariadbServicePort}}/{{.Values.mariadb.config.mysqlDatabase}}
+org.onap.dmaap.datarouter.db.login    = ${DB_USERNAME}
+org.onap.dmaap.datarouter.db.password = ${DB_PASSWORD}
 
 # PROV - DEFAULT ENABLED TLS PROTOCOLS
 org.onap.dmaap.datarouter.provserver.https.include.protocols = TLSv1.1|TLSv1.2
@@ -55,4 +55,3 @@
 org.onap.dmaap.datarouter.provserver.aaf.instance         = legacy
 org.onap.dmaap.datarouter.provserver.aaf.action.publish   = publish
 org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe
-
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
index d6257bb..104fcdc 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
@@ -120,6 +120,11 @@
               port: {{ .Values.config.dmaapDrProv.internalPort }}
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
+          env:
+          - name: DB_USERNAME
+            {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }}
+          - name: DB_PASSWORD
+            {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }}
           volumeMounts:
           {{- if .Values.global.aafEnabled }}
           - mountPath: {{ .Values.persistence.aafCredsPath }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml
new file mode 100644
index 0000000..dee311c
--- /dev/null
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
index 4dcd7c3..6165568 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
@@ -20,6 +20,17 @@
   loggingDirectory: /opt/app/datartr/logs
 
 #################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: dmaap-dr-db-user-secret
+    name: '{{ include "common.release" . }}-dmaap-dr-db-user-secret'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.dmaapDrDb.userCredentialsExternalSecret) . }}'
+    login: '{{ .Values.config.dmaapDrDb.userName }}'
+    password: '{{ .Values.config.dmaapDrDb.userPassword }}'
+
+#################################################################
 # Application configuration defaults.
 #################################################################
 # application image
@@ -88,6 +99,9 @@
     mariadbServiceName: dmaap-dr-db-svc
     mariadbServicePort: 3306
     mariadbContName: dmaap-dr-db
+    userName: datarouter
+#    userPassword: password
+#    userCredentialsExternalSecret: some secret
 
 # mariadb-galera configuration
 mariadb:
@@ -95,9 +109,7 @@
   nameOverride: dmaap-dr-db
   replicaCount: 2
   config:
-    mariadbRootPassword: datarouter
-    userName: datarouter
-    userPassword: datarouter
+    userCredentialsExternalSecret: '{{ include "common.release" . }}-dmaap-dr-db-user-secret'
     mysqlDatabase: datarouter
   service:
     name: dmaap-dr-db-svc
@@ -136,4 +148,4 @@
     requests:
       cpu: 1000m
       memory: 2Gi
-  unlimited: {}
\ No newline at end of file
+  unlimited: {}