8.11.1 Release (#318)

* Include missing change from master (#310)

* Deliver 8.11 Release (#290)

* enable FIPS

* https://github.ibm.com/dba/icp4a-odm/issues/576

* https://github.ibm.com/dba/icp4a-odm/issues/567

* https://github.ibm.com/dba/icp4a-odm/issues/580

* https://github.ibm.com/dba/icp4a-odm/issues/575

* https://github.ibm.com/dba/icp4a-odm/issues/575

* https://github.ibm.com/dba/icp4a-odm/issues/575

* https://github.ibm.com/dba/icp4a-odm/issues/575

* https://github.ibm.com/dba/icp4a-odm/issues/576

* enable FIPS by default on Docker image

* move FIPS enable on amd64 base image only

* Update or add context-param in web.xml runtime

* Allow to specify a docker builder image. (#275)

* Allow to specify a docker builder image.

* Remove volume section

* Use dockerbuilder env variable

* Improve build by adding the capability to override the settings.xml for the maven part

* Try to fix bamboo build

* Update setting.xml

* remove decision-center-client-api.zip build

* Add authentication customization in web.xml using ENABLE_TLS_AUTH env var

* update IAM tests

* https://github.ibm.com/dba/icp4a-odm/issues/549

* update IAM tests

* removing teamserver from md doc

* referencing teamserver not needed anymore

* removing teamserver from md doc

* https://github.ibm.com/dba/icp4a-odm/issues/511

* Move to github action (#279)

* pb with rm swidtag on OKD

* Move to new release.

* Renamed workflow

* no message

* First try

* Get docker-compose

* Env variables are not in a list, it's a YAML dict

* Try sudo

* Try the full chain

* Don't know what the (failing) egrep is about

* Try to download ODM dist from right place

* Debug

* Try to get right value from secret

* Try sth else

* 8.10.5.1 seems to be unavailable

* Debug

* Removed debug

* Update the VM

* Try to get meaningful error messages

* Try another way to build

Co-authored-by: mathias-mouly <mathias.mouly@fr.ibm.com>
Co-authored-by: Pierre-Yves Lochou <pylochou@fr.ibm.com>

* Rename settings file

* Refresh liberty + Upgrade to Postgresql13

* Move to the latest postgresql version.

No that the 42.2.19 version include fixes in sasl protocol.

* restore teamserver-dbdump war copy

* https://github.ibm.com/dba/icp4a-odm/issues/612

* Change VTT to pull images

* Change VTT To pull images

* Refresh liberty version to 21.0.0.9

* Update build.sh

* take into account server config in demo mode with contextroot DBACLD-11443

* Implement support of context root in case of db sample.

* Update description in Dockerhub (#280)

* keycloak material

* Fix issue tracker link

* Fix download of the postgresql driver

* Fix download of the postgresql driver.

* Typo to retrieve the jar files.

* move to client_credentials grant_type

* Add -Xshareclasses:none jvm option in keytool commands (#281)

* adapt server update in demo mode for Zen

* put RuleDesigner files under assets

* forgor RD provider template

* typo

* missing context root replace

* replace URL internal service token URL endpoint by external URL

* typo

* Move the actions build to 8.10.5.1 Release (#285)

* to trigger action

* Update to 8.10.5.1 release

* disable ALL_AUTHENTICATED_USER for rtsUser

* Prepare next release. License update.

* Add doc for metering annotation (#284)

* Add new md file to document metering annotations

* Add example

* Update README-license-annotations.md

I added a few mentions to "custom ODM containers"

* Fix example to use res

* Fix image name

* Update after review

Co-authored-by: avi44522 <antviaud@gmail.com>

* Fix productVersion value (#286)

* Update ODM version

* move UMS server

* https://jsw.ibm.com/browse/DBACLD-16340

* update eclipse version

* Update to raw version

* Add env var USERS_PASSWORD to configure the password used for the default users in standalone image

* Fix sed

* remove teamserver URL

* change the ODM doc link

* update free image welcome page

* new www.ibm.com & doc cert

* Try to fix KPI Issue

* Fix build

* Fix prod build

* Fix last kpi

* Update doc links for 8.11.0.0

* Update build-and-test.yml

Co-authored-by: mathias-mouly <mathias.mouly@fr.ibm.com>
Co-authored-by: Julie Garrone <julie.garrone@fr.ibm.com>
Co-authored-by: Julie Garrone <47252804+julie-garrone@users.noreply.github.com>
Co-authored-by: Pierre-Yves Lochou <pylochou@fr.ibm.com>
Co-authored-by: avi44522 <antviaud@gmail.com>
Co-authored-by: julie-garrone <julie.garrone@fr.ibm.om>

* Bump httpclient from 4.5.2 to 4.5.13 in /standalone/samples/loan-server (#270)

Bumps httpclient from 4.5.2 to 4.5.13.

---
updated-dependencies:
- dependency-name: org.apache.httpcomponents:httpclient
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* https://jsw.ibm.com/browse/DBACLD-31678

make server definition editable

* https://jsw.ibm.com/browse/DBACLD-31678

update server password

* Update README-license-annotations.md (#292)

Added a line to indicate that the annotations are also valid for ODM 8.10.5.1

* Update README.md (#291)

Replaced link to old Developer Center by one to the BA community - Decision Management topic.

* Simplify merge

Co-authored-by: mathias-mouly <mathias.mouly@fr.ibm.com>
Co-authored-by: Julie Garrone <julie.garrone@fr.ibm.com>
Co-authored-by: Julie Garrone <47252804+julie-garrone@users.noreply.github.com>
Co-authored-by: Pierre-Yves Lochou <pylochou@fr.ibm.com>
Co-authored-by: avi44522 <antviaud@gmail.com>
Co-authored-by: julie-garrone <julie.garrone@fr.ibm.om>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Remove hack to workaround issue  https://www.ibm.com/support/pages/apar/IJ39517 Workaround

* https://jsw.ibm.com/browse/DBACLD-54232

* lib directory not necessary any more

* https://jsw.ibm.com/browse/DBACLD-53629

* missing decisionmodel URL config

* https://jsw.ibm.com/browse/DBACLD-53629

* https://jsw.ibm.com/browse/DBACLD-53629

* keep only decision services in samples

* https://jsw.ibm.com/browse/DBACLD-55813

* https://jsw.ibm.com/browse/DBACLD-58998

* Add possibility to pass db-config credentials as volume mount

* Add possibility to pass tls passwords as volume mount

* Add possibility to pass Openid credentials as volume mount

* Add possibility to pass dba env context as volume mount

* Add possibility to pass db ssl trustore password as volume mount

* Fix indentation

* Fix indentation

* Fix tls configuration

* Add possibility to pass Postgres credentials as volume mount

* Try to fix usage of postgres credentials file

* DBACLD-9972 : DecisionRunner diagnostic failed sometimes

* https://jsw.ibm.com/browse/DBACLD-59255

* https://jsw.ibm.com/browse/DBACLD-59255

* Fix usage of postgres credentials files

* https://jsw.ibm.com/browse/DBACLD-59255

* https://jsw.ibm.com/browse/DBACLD-59255

* Improve rundb.sh to depend on POSTGRESQL_USER_FILE env var

* Fix tls secret config path

* DBACLD-56118 - Add checkdb script (#314)

Add checkdb.sh script to replace command line in init container

* DBACLD-56118 - Fix Permission denied error for checkdb.sh in postgres official image

* missing -J-Xshareclasses:none option with keytool

* Fix DBACLD-62930 Fix CVE-2022-31197 Postgres 42.3.3->  42.4.1 or above. on Postgresql driver

* Sync up Dockerhub description with the committed version

* DBACLD-55794 Add Getting Started link in the landing page.

* Update README.md

* https://jsw.ibm.com/browse/DBACLD-65956

* bad place for the new logoutTokenParam parameter in the template

* use an always present property as last place

* https://jsw.ibm.com/browse/DBACLD-65621

* https://jsw.ibm.com/browse/DBACLD-65621

* Update README.md

* Update README.md

* always provide a downloadable truststore.jks

* Add classloader on rest-api - case TS010968326

* move /res/api endpoint filter

* Change doc version

* Update License : DBACLD-70802

* Update full-description.md

* Update full-description.md

* Update .env

* Update README.md

* update badge

* fix badges

* improve badge

* Use Acvtion instead of Travis

* Fix secret name

* ODM 8.11.1 Release

Co-authored-by: mathias-mouly <mathias.mouly@fr.ibm.com>
Co-authored-by: Julie Garrone <julie.garrone@fr.ibm.com>
Co-authored-by: Julie Garrone <47252804+julie-garrone@users.noreply.github.com>
Co-authored-by: Pierre-Yves Lochou <pylochou@fr.ibm.com>
Co-authored-by: avi44522 <antviaud@gmail.com>
Co-authored-by: julie-garrone <julie.garrone@fr.ibm.om>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: fredibm <35365560+fredibm@users.noreply.github.com>
Co-authored-by: cmosbach <c.mosbach@fr.ibm.com>
Co-authored-by: Pierre-Yves Lochou <31895642+PYLochou@users.noreply.github.com>

.env

@@ -1,5 +1,5 @@
 # ODM product version
-ODMVERSION=8.11.0.1
+ODMVERSION=8.11.1.0
 
 # ODM database schema version
 ODMDBVERSION=8.11.next

README-license-annotations.md

@@ -7,10 +7,13 @@ The IBM License Service needs to be installed on the Kubernetes cluster where th
 The IBM License Service processes pod annotations to track licenses. Therefore product teams must use specific metering annotations in the `spec.template.metadata.annotations` section of their Kubernetes pod template for custom ODM containers, similarly to what is provided for the predefined ODM containers
 
 Based on your deployment type, use the following annotations:
-- [IBM ODM on Kubernetes (Production)](#ibm-odm-on-kubernetes-production)
-- [IBM ODM on Kubernetes (Non-Production)](#ibm-odm-on-kubernetes-non-production)
+- [Add IBM License Metering annotations to custom ODM containers](#add-ibm-license-metering-annotations-to-custom-odm-containers)
+  - [Guidance](#guidance)
+  - [IBM ODM on Kubernetes (Production)](#ibm-odm-on-kubernetes-production)
+  - [IBM ODM on Kubernetes (Non-Production)](#ibm-odm-on-kubernetes-non-production)
+  - [Example](#example)
 
-The annotations below are defined for ODM version 8.11.0, but you can also use them for ODM v8.10.5.1 by replacing **productVersion** value with "8.10.5.1".
+The annotations below are defined for ODM version 8.11.1, but you can also use them for ODM v8.10.5.1 by replacing **productVersion** value with "8.10.5.1".
 
 ## Guidance
 
@@ -28,7 +31,7 @@ The annotations below are defined for ODM version 8.11.0, but you can also use t
         annotations:
           productName: "IBM Operational Decision Manager"
           productID: "b1a07d4dc0364452aa6206bb6584061d"
-          productVersion: "8.11.0"
+          productVersion: "8.11.1"
           productMetric: "PROCESSOR_VALUE_UNIT"
           productChargedContainers: <containername>
   ```
@@ -42,7 +45,7 @@ The annotations below are defined for ODM version 8.11.0, but you can also use t
         annotations:
           productName: "IBM Operational Decision Manager - Non Prod"
           productID: "e32af5770e06427faae142993c691048"
-          productVersion: "8.11.0"
+          productVersion: "8.11.1"
           productMetric: "PROCESSOR_VALUE_UNIT"
           productChargedContainers: <containername>
   ```
@@ -58,7 +61,7 @@ spec:
       annotations:
         productName: "IBM Operational Decision Manager - Non Prod"
         productID: "e32af5770e06427faae142993c691048"
-        productVersion: "8.11.0"
+        productVersion: "8.11.1"
         productMetric: "PROCESSOR_VALUE_UNIT"
         productChargedContainers: <containername>
 ```
@@ -81,14 +84,14 @@ spec:
       annotations:
         productName: "IBM Operational Decision Manager"
         productID: "b1a07d4dc0364452aa6206bb6584061d"
-        productVersion: "8.11.0"
+        productVersion: "8.11.1"
         productMetric: "PROCESSOR_VALUE_UNIT"
         productChargedContainers: my-odm-decisionserverruntime
     spec:
       ...
 
       containers:
       - name: my-odm-decisionserverruntime
-        image: my-repo/my-odm-decisionserverruntime:8.11.0-amd64
+        image: my-repo/my-odm-decisionserverruntime:8.11.1-amd64
         ...
 ```

README.md

@@ -1,11 +1,9 @@
 # IBM-ODM-Docker
-IBM Operational Decision Manager on Docker.
+IBM Operational Decision Manager on Docker
 
+[![Build and test](https://github.com/DecisionsDev/odm-ondocker/actions/workflows/build-and-test.yml/badge.svg?branch=vnext-release)](https://github.com/DecisionsDev/odm-ondocker/actions/workflows/build-and-test.yml) ![GitHub last commit](https://img.shields.io/github/last-commit/lgrateau/odm-ondocker)
 
-[![Build Status](https://travis-ci.org/ODMDev/odm-ondocker.svg?branch=master)](https://travis-ci.org/ODMDev/odm-ondocker)
-[![GitHub release](https://img.shields.io/github/release/ODMDev/odm-ondocker.svg)](https://github.com/ODMDev/odm-ondocker/releases)
-[![GitHub last commit (branch)](https://img.shields.io/github/last-commit/ODMDev/odm-ondocker/dev.svg)](https://github.com/ODMDev/odm-ondocker)
-[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
+[![GitHub release](https://img.shields.io/github/release/DecisionsDev/odm-ondocker.svg)](https://github.com/DecisionsDev/odm-ondocker/releases) [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 <p align="center">
   <a href="https://join.slack.com/t/odmdev/shared_invite/enQtMjU0NzIwMjM1MTg0LTQyYTMzNGQ4NzJkMDYxMDU5MDRmYTM4MjcxN2RiMzNmZWZmY2UzYzRhMjk0N2FmZjU2YzJlMTRmN2FhZDY4NmQ">
         Follow us on slack
@@ -20,7 +18,7 @@ IBM Operational Decision Manager on Docker.
 This repository centralizes the material to deploy IBM Operational Decision Manager in Docker.
 It includes Docker files and Docker compose descriptors. Docker files are used to build images of ODM runtimes. And docker-compose descriptor can be used to group this build, push to your repository and run your topology from Development to production.
 
-[IBM ODM](https://www.ibm.com/docs/en/odm/8.11.0) is a decisioning platform to automate your business policies. Business rules are used at the heart of the platform to implement decision logic on a business vocabulary and run it as web decision services.
+[IBM ODM](https://www.ibm.com/docs/en/odm/8.11.1) is a decisioning platform to automate your business policies. Business rules are used at the heart of the platform to implement decision logic on a business vocabulary and run it as web decision services.
 
 
 ![Flow](docs/images/Architecture.png "Architecture")
@@ -40,7 +38,7 @@ This documentations applies to Operational Decision Management Standard V8.11.x
 
 # Issues and contributions
 
-For issues relating specifically to the Dockerfiles and scripts, please use the [GitHub issue tracker](https://github.com/ODMDev/odm-ondocker/issues). For more general issue relating to IBM Operational Decision Manager you can [get help](https://developer.ibm.com/odm/home/connect/) through the ODMDev community or, if you have production licenses for Operational Decision Manager, via the usual support channels. We welcome contributions following [our guidelines](https://github.com/ODMDev/odm-ondocker/blob/master/CONTRIBUTING.md).
+For issues relating specifically to the Dockerfiles and scripts, please use the [GitHub issue tracker](https://github.com/ODMDev/odm-ondocker/issues). For more general issue relating to IBM Operational Decision Manager you can [get help](https://community.ibm.com/community/user/automation/communities/community-home?CommunityKey=c0005a22-520b-4181-bfad-feffd8bdc022) through the ODM community or, if you have production licenses for Operational Decision Manager, via the usual support channels. We welcome contributions following [our guidelines](https://github.com/ODMDev/odm-ondocker/blob/master/CONTRIBUTING.md).
 
 # License tracking with IBM License Service
 

common/config/authOidc/authFilters.xml

@@ -9,15 +9,6 @@
            And no request url for HTDS should be listed in the browserAuthFilter filter since 
            this filter is implemented with the notContain match type.
 
-       Configuration for the RES Console:
-          The request URL /res/api should be handled by the browserAuthFilter filter
-          (that is the filter associated with the inbound propagation set to supported),
-          otherwise the REST tool in the RES Console does not work (test interface in REST 
-          API tab).
-          => /res/api should not be listed in the apiAuthFilter filter.
-          And /res/api should not be listed in the browserAuthFilter filter since 
-          this filter is implemented with the notContain match type.
-
        Configuration for the decisioncenter-api:
           /decisioncenter-api/v1/" is the path for the Decision Center API, the "v1" is required
           so that Swagger remains handled by "browserAuthFilter"
@@ -27,6 +18,7 @@
         <!-- RES console -->
         <requestUrl id="res1" matchType="notContain" urlPattern="/res/auth"/>
         <requestUrl id="res2" matchType="notContain" urlPattern="/res/repositoryService"/>
+	<requestUrl id="res3" matchType="notContain" urlPattern="/res/api"/>
         <!-- Enterprise console -->
         <requestUrl id="ec1" matchType="notContain" urlPattern="/teamserver/rts-sync"/>
         <requestUrl id="ec2" matchType="notContain" urlPattern="/teamserver/remoting"/>
@@ -50,6 +42,6 @@
 	<!-- This line is to support OIDC and BA by detecting the header -->
 	<requestHeader id="allowBasicAuth" matchType="contains" name="Authorization" value="Bearer" />
         <requestUrl id="apiurl" matchType="contains" urlPattern=
-                "/res/auth|/res/repositoryService|/teamserver/rts-sync|/teamserver/remoting|/teamserver/servlet/SessionServlet|/decisioncenter/rts-sync|/decisioncenter/remoting|/decisioncenter/servlet/SessionServlet|/decisioncenter-api/v1|/DecisionRunner/api|/DecisionRunner/apiauth|/DecisionRunner/serverinfo|/testing/sspService|/testing/serverinfo"/>
+                "/res/api|/res/auth|/res/repositoryService|/teamserver/rts-sync|/teamserver/remoting|/teamserver/servlet/SessionServlet|/decisioncenter/rts-sync|/decisioncenter/remoting|/decisioncenter/servlet/SessionServlet|/decisioncenter-api/v1|/DecisionRunner/api|/DecisionRunner/apiauth|/DecisionRunner/serverinfo|/testing/sspService|/testing/serverinfo"/>
     </authFilter>
 </server>

common/config/authOidc/openIdParametersTemplate.properties

@@ -8,4 +8,5 @@ OPENID_CLIENT_ID=__OPENID_CLIENT_ID__
 OPENID_CLIENT_SECRET=__OPENID_CLIENT_SECRET__
 OPENID_TOKEN_FORMAT=__OPENID_TOKEN_FORMAT__
 OPENID_LOGOUT_URL=__OPENID_SERVER_URL__/oidc/endpoint/__OPENID_PROVIDER__/logout
+OPENID_LOGOUT_TOKEN_PARAM=__OPENID_LOGOUT_TOKEN_PARAM__
 OPENID_ALLOWED_DOMAINS=__OPENID_ALLOWED_DOMAINS__

common/script/configureTlsSecurity.sh

@@ -10,8 +10,10 @@ then
 	cp /shared/tls/keystore/jks/server.jks /config/security/keystore.jks
         DEFAULT_KEYSTORE_PASSWORD=changeit
 
-	if [ -n "$ROOTCA_KEYSTORE_PASSWORD" ]
-        then
+	if [ -n "$ROOTCA_KEYSTORE_PASSWORD" ] || [ -f /config/secrets/dba-env-context/sslKeystorePassword ]
+	then
+		# Set env var if secrets are passed using mounted volumes
+		[ -f /config/secrets/dba-env-context/sslKeystorePassword ] && export ROOTCA_KEYSTORE_PASSWORD=$(cat /config/secrets/dba-env-context/sslKeystorePassword)
 		echo "change default keystore password with provided Root CA keystore password"
 		DEFAULT_KEYSTORE_PASSWORD=$ROOTCA_KEYSTORE_PASSWORD
 	fi
@@ -23,11 +25,13 @@ then
 	cp /shared/tls/truststore/jks/trusts.jks /config/security/truststore.jks
 	DEFAULT_TRUSTSTORE_PASSWORD=changeit
 
-        if [ -n "$ROOTCA_TRUSTSTORE_PASSWORD" ]
-        then
-                echo "change default truststore password with provided Root CA truststore password"
-                DEFAULT_TRUSTSTORE_PASSWORD=$ROOTCA_TRUSTSTORE_PASSWORD
-        fi
+	if [ -n "$ROOTCA_TRUSTSTORE_PASSWORD" ] || [ -f /config/secrets/dba-env-context/sslTruststorePassword ]
+	then
+		# Set env var if secrets are passed using mounted volumes
+		[ -f /config/secrets/dba-env-context/sslTruststorePassword ] && export ROOTCA_TRUSTSTORE_PASSWORD=$(cat /config/secrets/dba-env-context/sslTruststorePassword)
+		echo "change default truststore password with provided Root CA truststore password"
+		DEFAULT_TRUSTSTORE_PASSWORD=$ROOTCA_TRUSTSTORE_PASSWORD
+	fi
 else
         echo "no file /shared/tls/truststore/jks/trusts.jks"
 fi
@@ -47,16 +51,20 @@ then
 fi
 
 echo "Configure the TLS keystore password"
-if [ -n "$KEYSTORE_PASSWORD" ]
+if [ -n "$KEYSTORE_PASSWORD" ] || [ -f /config/security/volume/keystore_password ]
 then
+	# Set env var if secrets are passed using mounted volumes
+	[ -f /config/security/volume/keystore_password ] && KEYSTORE_PASSWORD=$(cat /config/security/volume/keystore_password)
 	sed -i 's|__KEYSTORE_PASSWORD__|'$KEYSTORE_PASSWORD'|g' /config/tlsSecurity.xml
         DEFAULT_KEYSTORE_PASSWORD=$KEYSTORE_PASSWORD
 else
 	sed -i 's|__KEYSTORE_PASSWORD__|'$DEFAULT_KEYSTORE_PASSWORD'|g' /config/tlsSecurity.xml
 fi
 echo "Configure the TLS truststore password"
-if [ -n "$TRUSTSTORE_PASSWORD" ]
+if [ -n "$TRUSTSTORE_PASSWORD" ] || [ -f /config/security/volume/truststore_password ]
 then
+	# Set env var if secrets are passed using mounted volumes
+	[ -f /config/security/volume/truststore_password ] && TRUSTSTORE_PASSWORD=$(cat /config/security/volume/truststore_password)
 	sed -i 's|__TRUSTSTORE_PASSWORD__|'$TRUSTSTORE_PASSWORD'|g' /config/tlsSecurity.xml
         DEFAULT_TRUSTSTORE_PASSWORD=$TRUSTSTORE_PASSWORD
 else
@@ -68,33 +76,35 @@ then
         echo "generating /config/security/keystore.jks and truststore.jks using provided /config/security/volume/tls.key and tls.crt"
         openssl pkcs12 -export -inkey /config/security/volume/tls.key -in /config/security/volume/tls.crt -name "certificate" -out /config/security/mycert.p12 -passout pass:$DEFAULT_KEYSTORE_PASSWORD
         rm /config/security/keystore.jks
-        keytool -importkeystore -srckeystore /config/security/mycert.p12 -srcstorepass $DEFAULT_KEYSTORE_PASSWORD -srcstoretype PKCS12 -destkeystore /config/security/keystore.jks -deststoretype JKS -deststorepass $DEFAULT_KEYSTORE_PASSWORD
+        keytool -J"-Xshareclasses:none" -importkeystore -srckeystore /config/security/mycert.p12 -srcstorepass $DEFAULT_KEYSTORE_PASSWORD -srcstoretype PKCS12 -destkeystore /config/security/keystore.jks -deststoretype JKS -deststorepass $DEFAULT_KEYSTORE_PASSWORD
         rm /config/security/truststore.jks
-        keytool -import -v -trustcacerts -alias ODM -file /config/security/volume/tls.crt -keystore /config/security/truststore.jks -storepass $DEFAULT_TRUSTSTORE_PASSWORD -storetype jks -noprompt
+        keytool -J"-Xshareclasses:none" -import -v -trustcacerts -alias ODM -file /config/security/volume/tls.crt -keystore /config/security/truststore.jks -storepass $DEFAULT_TRUSTSTORE_PASSWORD -storetype jks -noprompt
 fi
 # End - Configuration for the TLS security
 
 if [ -f "/config/ldap/ldap.jks" ]
 then
-        if [ -n "$LDAP_TRUSTSTORE_PASSWORD" ]
-        then
-                echo "import /config/ldap/ldap.jks in trustore using provided LDAP truststore password"
-        else
-                echo "import /config/ldap/ldap.jks in trustore using default LDAP truststore password"
-                LDAP_TRUSTSTORE_PASSWORD=changeit
-        fi
-
-        i=0
-        mapfile -t trust_list < <(keytool -J"-Xshareclasses:none" -list -v -keystore /config/ldap/ldap.jks -storepass $LDAP_TRUSTSTORE_PASSWORD | grep "Alias name" | awk 'NF>1{print $NF}')
-        for trust_file in "${trust_list[@]}"
-        do
-        keytool -J"-Xshareclasses:none" -changealias -alias ${trust_file} -destalias "LDAP_ALIAS_FOR_ODM_"$i -keystore /config/ldap/ldap.jks -storepass $LDAP_TRUSTSTORE_PASSWORD
-        ((i=i+1))
-        done
-        keytool -J"-Xshareclasses:none" -importkeystore -srckeystore /config/ldap/ldap.jks -destkeystore /config/security/truststore.jks -srcstorepass $LDAP_TRUSTSTORE_PASSWORD -deststorepass $DEFAULT_TRUSTSTORE_PASSWORD
+	if [ -n "$LDAP_TRUSTSTORE_PASSWORD" ] || [ -f /config/secrets/dba-env-context/ldapSslTruststorePassword ]
+	then
+		# Set env var if secrets are passed using mounted volumes
+		[ -f /config/secrets/dba-env-context/ldapSslTruststorePassword ] && export LDAP_TRUSTSTORE_PASSWORD=$(cat /config/secrets/dba-env-context/ldapSslTruststorePassword)
+		echo "import /config/ldap/ldap.jks in trustore using provided LDAP truststore password"
+	else
+		echo "import /config/ldap/ldap.jks in trustore using default LDAP truststore password"
+		LDAP_TRUSTSTORE_PASSWORD=changeit
+	fi
+
+	i=0
+	mapfile -t trust_list < <(keytool -J"-Xshareclasses:none" -list -v -keystore /config/ldap/ldap.jks -storepass $LDAP_TRUSTSTORE_PASSWORD | grep "Alias name" | awk 'NF>1{print $NF}')
+	for trust_file in "${trust_list[@]}"
+	do
+	keytool -J"-Xshareclasses:none" -changealias -alias ${trust_file} -destalias "LDAP_ALIAS_FOR_ODM_"$i -keystore /config/ldap/ldap.jks -storepass $LDAP_TRUSTSTORE_PASSWORD
+	((i=i+1))
+	done
+	keytool -J"-Xshareclasses:none" -importkeystore -srckeystore /config/ldap/ldap.jks -destkeystore /config/security/truststore.jks -srcstorepass $LDAP_TRUSTSTORE_PASSWORD -deststorepass $DEFAULT_TRUSTSTORE_PASSWORD
 
 else
-        echo "no /config/ldap/ldap.jks file"
+  echo "no /config/ldap/ldap.jks file"
 fi
 
 # This part allow to import a list of PEM certificate in the JVM

common/script/initVariables.sh

@@ -21,6 +21,12 @@ then
   export ODM_CONTEXT_ROOT=""
 fi
 
+if [ ! "$DECISION_MODEL_DISABLED" ]
+then
+  echo  "DECISION_MODEL_DISABLED unset : set to true"
+  export DECISION_MODEL_DISABLED=true
+fi
+
 if [ -s "$SCRIPT/init/container.env" ]
 then
     set -o allexport

common/script/installPostgres.sh

@@ -3,5 +3,5 @@
 # Install the driver for PostgreSQL
 echo "Install the driver for postgreSQL"
 cd /tmp
-curl -O -k -s https://jdbc.postgresql.org/download/postgresql-42.3.3.jar
+curl -O -k -s https://jdbc.postgresql.org/download/postgresql-42.4.1.jar
 mv postgres* /config/resources