MySQL 8.x with SSL Developer Testing

These are some notes to test mysql 8.x using the docker-compose set up from the CSITs:

https://git.onap.org/policy/docker/tree/csit/docker-compose-all.yml

Replace mariadb components in docker-compose-all.yml with:

mariadb replacement

   mariadb:
      image: mysql/mysql-server
      command: ['--lower-case-table-names=1', '--wait_timeout=28800', '--default-authentication-plugin=mysql_native_password', '--require_secure_transport=ON']
      container_name: mariadb
      hostname: mariadb
      env_file: config/db/db.conf
      volumes:
         - ./config/db:/docker-entrypoint-initdb.d:ro
      expose:
       - 3306

db-migrator only need changes in the environment variables to use the ssl flag in the script for mysql cli tool it the config/db/db.conf file.

DB Migrator component: config/db/db.conf

...
MYSQL_CMD=mysql --ssl

API configuration changes like this in config/api/apiParameters.yaml

API component configuration: config/api/apiParameters.yaml

  datasource:
    url: jdbc:mariadb://mariadb:3306/policyadmin?useSSL=true&disableSslHostnameVerification=true&trustServerCertificate=true
    driverClassName: org.mariadb.jdbc.Driver
    username: XXXXXX
    password: XXXXX
    hikari:
      maximumPoolSize: 20
  jpa:    
    properties:
      hibernate:
        dialect: org.hibernate.dialect.MySQL8Dialect
    hibernate:
      ddl-auto: none
      naming:
        physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
        implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy

Similaly PAP configuration changes in config/pap/papParameters.yaml to:

PAP component configuration: papParameters.yaml

  datasource:
    url: jdbc:mariadb://mariadb:3306/policyadmin?useSSL=true&disableSslHostnameVerification=true&trustServerCertificate=true
    driverClassName: org.mariadb.jdbc.Driver
    username: XXXX
    password: XXXX
    hikari:
      maximumPoolSize: 20
  jpa:
    properties:
      hibernate:
        dialect: org.hibernate.dialect.MySQL8Dialect
    hibernate:
      ddl-auto: none
      naming:
        physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
        implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy

XACML-PDP should mount a guard config/xacml/xacml.properties with these properties:

XACML-PDP component Guard configuration: config/xacml/xacml.properties

#
# Properties that the embedded PDP engine uses to configure and load
#
# Standard API Factories
#
xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory
xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory
#
# AT&T PDP Implementation Factories
#
xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory
xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory
xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory
#
# ONAP PDP Implementation Factories
#
xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapPolicyFinderFactory

#
# Use a root combining algorithm
#
xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides

#
# PIP Engine Definitions
#
count-recent-operations.classname=org.onap.policy.pdp.xacml.application.common.operationshistory.CountRecentOperationsPip
count-recent-operations.issuer=urn:org:onap:xacml:guard:count-recent-operations
count-recent-operations.name=CountRecentOperations
count-recent-operations.description=Returns operation counts based on time window
count-recent-operations.persistenceunit=OperationsHistoryPU

get-operation-outcome.classname=org.onap.policy.pdp.xacml.application.common.operationshistory.GetOperationOutcomePip
get-operation-outcome.issuer=urn:org:onap:xacml:guard:get-operation-outcome
get-operation-outcome.name=GetOperationOutcome
get-operation-outcome.description=Returns operation outcome
get-operation-outcome.persistenceunit=OperationsHistoryPU

#
# Make pips available to finder
#
xacml.pip.engines=count-recent-operations,get-operation-outcome

#
# JPA Properties
#
eclipselink.target-database=MySQL
javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
javax.persistence.jdbc.url=jdbc:mariadb://mariadb:3306/operationshistory?useSSL=true&disableSslHostnameVerification=true&trustServerCertificate=true
javax.persistence.jdbc.user=XXXXX
javax.persistence.jdbc.password=XXXX

For the guard xacml.properties to to be mounted have this set in the docker-compose.yaml

docker compose: xacml volume

      volumes:
       - ./config/xacml-pdp:/opt/app/policy/pdpx/etc/mounted
       - ./wait_for_port.sh:/opt/app/policy/pdpx/bin/wait_for_port.sh:ro

For drools-applications component have the config/drools-applications/env/base.conf containing these environment variables:

Drool Use Cases: config/drools-applications/env/base.conf Environment Variables

JDBC_URL=jdbc:mariadb://mariadb:3306/
JDBC_OPTS=?useSSL=true&disableSslHostnameVerification=true&trustServerCertificate=true
MYSQL_CMD=mysql --ssl