yaml files to create resources required by sample of aad ldap integra…

…tion

3-integration/aad-ldap/aad-ldap-secret.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aad-ldap-secret
+  namespace: open-liberty-demo
+type: Opaque
+stringData:
+  ldap.server.host: ${LDAP_SERVER_HOST}
+  ldap.server.port: "${LDAP_SERVER_PORT}"
+  ldap.server.baseDN: "${LDAP_SERVER_BASEDN}"
+  ldap.server.bindDN: "${LDAP_SERVER_BINDDN}"
+  ldap.server.bindPassword: ${LDAP_SERVER_BINDPASSWORD}
+  keystore.name: ${KEYSTORE_NAME}
+  keystore.pass: ${KEYSTORE_PASS}
+  admin.group.name: ${ADMIN_GROUP_NAME}

3-integration/aad-ldap/openlibertyapplication-hosts.yaml

@@ -0,0 +1,81 @@
+apiVersion: openliberty.io/v1beta1
+kind: OpenLibertyApplication
+metadata:
+  name: javaee-cafe-aad-ldap
+  namespace: open-liberty-demo
+spec:
+  replicas: 1
+  applicationImage: javaee-cafe-aad-ldap:1.0.0
+  expose: true
+  service:
+    port: 9443
+    certificateSecretRef: tls-crt-secret
+  route:
+    termination: reencrypt
+    certificateSecretRef: tls-crt-secret
+  env:
+  - name: KEY_ALIAS
+    value: 'defaultkeystore'
+  - name: LDAP_SERVER_HOST
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: ldap.server.host
+  - name: LDAP_SERVER_PORT
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: ldap.server.port
+  - name: LDAP_SERVER_BASEDN
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: ldap.server.baseDN
+  - name: LDAP_SERVER_BINDDN
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: ldap.server.bindDN
+  - name: LDAP_SERVER_BINDPASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: ldap.server.bindPassword
+  - name: KEYSTORE_NAME
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: keystore.name
+  - name: KEYSTORE_PASS
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: keystore.pass
+  - name: ADMIN_GROUP_NAME
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: admin.group.name
+  initContainers:
+  - name: add-hostname
+    image: busybox
+    command: ['sh', '-c', 'cp /etc/hosts /hostsconfig && echo "${LDAP_SERVER_IP_ADDRESS} ${LDAP_SERVER_HOST}" >> /hostsconfig/hosts']
+    volumeMounts:
+    - name: hostsconfig
+      mountPath: /hostsconfig
+  volumeMounts:
+  - name: config
+    mountPath: /config/${KEYSTORE_NAME}
+    readOnly: true
+    subPath: ${KEYSTORE_NAME}
+  - name: hostsconfig
+    mountPath: /etc/hosts
+    readOnly: true
+    subPath: hosts
+  volumes:
+  - name: config
+    configMap:
+      defaultMode: 0600
+      name: keystore-config
+  - name: hostsconfig
+    emptyDir: {}

3-integration/aad-ldap/openlibertyapplication.yaml

@@ -0,0 +1,68 @@
+apiVersion: openliberty.io/v1beta1
+kind: OpenLibertyApplication
+metadata:
+  name: javaee-cafe-aad-ldap
+  namespace: open-liberty-demo
+spec:
+  replicas: 1
+  applicationImage: javaee-cafe-aad-ldap:1.0.0
+  expose: true
+  service:
+    port: 9443
+    certificateSecretRef: tls-crt-secret
+  route:
+    termination: reencrypt
+    certificateSecretRef: tls-crt-secret
+  env:
+  - name: KEY_ALIAS
+    value: 'defaultkeystore'
+  - name: LDAP_SERVER_HOST
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: ldap.server.host
+  - name: LDAP_SERVER_PORT
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: ldap.server.port
+  - name: LDAP_SERVER_BASEDN
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: ldap.server.baseDN
+  - name: LDAP_SERVER_BINDDN
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: ldap.server.bindDN
+  - name: LDAP_SERVER_BINDPASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: ldap.server.bindPassword
+  - name: KEYSTORE_NAME
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: keystore.name
+  - name: KEYSTORE_PASS
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: keystore.pass
+  - name: ADMIN_GROUP_NAME
+    valueFrom:
+      secretKeyRef:
+        name: aad-ldap-secret
+        key: admin.group.name
+  volumeMounts:
+  - name: config
+    mountPath: /config/${KEYSTORE_NAME}
+    readOnly: true
+    subPath: ${KEYSTORE_NAME}
+  volumes:
+  - name: config
+    configMap:
+      defaultMode: 0600
+      name: keystore-config

3-integration/aad-ldap/src/main/liberty/config/server.xml

@@ -70,9 +70,9 @@
     </ldapRegistry>
 
     <!-- JWT builder -->
-    <jwtBuilder id="jwtAuthUserBuilder" 
-        keyStoreRef="defaultKeyStore" keyAlias="default" 
-        issuer="https://example.com" expiresInSeconds="600" />
+    <jwtBuilder id="jwtAuthUserBuilder" keyStoreRef="defaultKeyStore" 
+        keyAlias="${key.alias}" issuer="https://example.com" expiresInSeconds="600" />
+    <variable name="key.alias" defaultValue="default"/>
 
     <!-- JWT consumer -->
     <mpJwt id="jwtUserConsumer" 

3-integration/aad-ldap/tls-crt-secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: tls-crt-secret
+  namespace: open-liberty-demo
+type: kubernetes.io/tls
+data:
+  ca.crt: ${CA_CRT}
+  destCA.crt: ${DEST_CA_CRT}
+  tls.crt: ${TLS_CRT}
+  tls.key: ${TLS_KEY}