Spsh 1393 (#837)

* Moved Secrets out of config * OX-Config now via ENV * Removed OX-Config from static file * Moved OX-Config to be read from values * Kept the one OX-Config that needs to be secret * Pulled secrets from 1Password into env * Pulled public config into configmap from values * Indentation fixed * Indentation fixed * Made dependent OX-Configs optional * Made dependent OX-Configs optional * Made dependent OX-Configs optional * Made dependent OX-Configs optional * Made dependent OX-Configs optional * Merge errors * Fixed failing tests * Made configuration no longer optional * Linting fix * Parameter no longer optional * Merge error * Add missing values
dBildungsplattform · Dec 18, 2024 · a31236d · a31236d
1 parent 17de936
commit a31236d
Show file tree

Hide file tree

Showing 10 changed files with 31 additions and 32 deletions.
diff --git a/charts/dbildungs-iam-server/config/config.json b/charts/dbildungs-iam-server/config/config.json
@@ -30,11 +30,6 @@
     "PASSWORD": "",
     "USE_TLS": false
   },
-  "LDAP": {
-    "URL": "ldap://spsh-xxx.svc.cluster.local",
-    "BIND_DN": "cn=admin,dc=schule-sh,dc=de",
-    "ADMIN_PASSWORD": "password"
-  },
   "DATA": {
     "ROOT_ORGANISATION_ID": "d39cb7cf-2f9b-45f1-849f-973661f2f057"
   },
@@ -51,22 +46,10 @@
     "BACKEND_FOR_FRONTEND_MODULE_LOG_LEVEL": "debug"
   },
   "ITSLEARNING": {
-    "ENABLED": false,
-    "ENDPOINT": "https://itslearning.example.com",
-    "USERNAME": "username",
-    "PASSWORD": "password",
     "ROOT": "sh",
     "ROOT_OEFFENTLICH": "oeffentlich",
     "ROOT_ERSATZ": "ersatz"
   },
-  "OX": {
-    "ENABLED": false,
-    "ENDPOINT": "https://ox_ip:ox_port/webservices/OXUserService",
-    "CONTEXT_ID": "1337",
-    "CONTEXT_NAME": "contextname",
-    "USERNAME": "username",
-    "PASSWORD": "password"
-  },
   "PRIVACYIDEA": {
     "ENDPOINT": "http://localhost:5000",
     "USERNAME": "admin",

diff --git a/charts/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl b/charts/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl
@@ -91,4 +91,9 @@
     secretKeyRef:
         name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
         key: redis-password
+- name: OX_PASSWORD
+  valueFrom:
+    secretKeyRef:
+        name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+        key: ox-password
 {{- end}}
diff --git a/charts/dbildungs-iam-server/templates/configmap.yaml b/charts/dbildungs-iam-server/templates/configmap.yaml
@@ -22,6 +22,11 @@ data:
   LDAP_OEFFENTLICHE_SCHULEN_DOMAIN: "{{ .Values.ldap.oeffentlicheSchulenDomain }}"
   LDAP_ERSATZSCHULEN_DOMAIN: "{{ .Values.ldap.ersatzschulenDomain }}"
   STATUS_REDIRECT_URL: "{{ .Values.status.url }}"
+  OX_ENABLED: "{{ .Values.ox.enabled }}"
+  OX_USERNAME: "{{ .Values.ox.username }}"
+  OX_ENDPOINT: "{{ .Values.ox.endpoint }}"
+  OX_CONTEXT_ID: "{{ .Values.ox.contextId }}"
+  OX_CONTEXT_NAME: "{{ .Values.ox.contextName }}"
   SYSTEM_RENAME_WAITING_TIME_IN_SECONDS: "{{ .Values.backend.env.renameWaitingTimeInSeconds }}"
   SYSTEM_STEP_UP_TIMEOUT_ENABLED: "{{ .Values.backend.env.stepUpTimeoutEnabled }}"
   SYSTEM_STEP_UP_TIMEOUT_IN_SECONDS: "{{ .Values.backend.env.stepUpTimeoutInSeconds }}"

diff --git a/charts/dbildungs-iam-server/templates/secret.yaml b/charts/dbildungs-iam-server/templates/secret.yaml
@@ -32,4 +32,5 @@ data:
   vidis-keycloak-role: {{ .Values.auth.vidis_keycloak_role }}
   import-passphrase-secret: {{ .Values.auth.import_passphrase_secret }}
   import-passphrase-salt: {{ .Values.auth.import_passphrase_salt }}
+  ox-password: {{ .Values.auth.ox_password }}
 {{- end }}
diff --git a/charts/dbildungs-iam-server/values.yaml b/charts/dbildungs-iam-server/values.yaml
@@ -66,6 +66,14 @@ auth:
   vidis_keycloak_role: ''
   import_passphrase_secret: ''
   import_passphrase_salt: ''
+  ox_password: ''
+
+ox:
+  enabled: false
+  username: 'oxadmin'
+  endpoint: 'https://webmail.example.com'
+  contextId: '10'
+  contextName: '10'
 
 backend:
   replicaCount: 1

diff --git a/src/modules/ox/domain/ox-event-handler.spec.ts b/src/modules/ox/domain/ox-event-handler.spec.ts
@@ -1,5 +1,5 @@
 import { faker } from '@faker-js/faker';
-import { DeepMocked, createMock } from '@golevelup/ts-jest';
+import { createMock, DeepMocked } from '@golevelup/ts-jest';
 import { Test, TestingModule } from '@nestjs/testing';
 import { ConfigTestModule, LoggingTestModule } from '../../../../test/utils/index.js';
 import { ClassLogger } from '../../../core/logging/class-logger.js';
@@ -284,9 +284,7 @@ describe('OxEventHandler', () => {
                 expect(oxServiceMock.send).toHaveBeenCalledWith(expect.any(CreateUserAction));
                 expect(oxServiceMock.send).toHaveBeenCalledWith(expect.any(ListGroupsAction));
 
-                expect(loggerMock.error).toHaveBeenCalledWith(
-                    `Could Not Retrieve Groups For Context, contextId:undefined`,
-                );
+                expect(loggerMock.error).toHaveBeenCalledWith(`Could Not Retrieve Groups For Context, contextId:10`);
                 expect(eventServiceMock.publish).toHaveBeenCalledTimes(0);
             });
         });
@@ -768,8 +766,8 @@ describe('OxEventHandler', () => {
             email = faker.internet.email();
             oxUserId = faker.string.numeric();
             oxUserName = faker.internet.userName();
-            contextId: faker.string.numeric();
-            contextName: faker.string.alpha();
+            contextId = '10';
+            contextName = 'testContext';
             event = new EmailAddressChangedEvent(
                 personId,
                 faker.string.uuid(),

diff --git a/src/modules/ox/domain/ox-event-handler.ts b/src/modules/ox/domain/ox-event-handler.ts
@@ -73,7 +73,6 @@ export class OxEventHandler {
         configService: ConfigService<ServerConfig>,
     ) {
         const oxConfig: OxConfig = configService.getOrThrow<OxConfig>('OX');
-
         this.ENABLED = oxConfig.ENABLED;
         this.authUser = oxConfig.USERNAME;
         this.authPassword = oxConfig.PASSWORD;

diff --git a/src/modules/ox/domain/ox.service.ts b/src/modules/ox/domain/ox.service.ts
@@ -2,7 +2,7 @@ import { HttpService } from '@nestjs/axios';
 import { Injectable } from '@nestjs/common';
 import { ConfigService } from '@nestjs/config';
 import { AxiosResponse } from 'axios';
-import { Hash, createHash } from 'crypto';
+import { createHash, Hash } from 'crypto';
 import { XMLBuilder, XMLParser } from 'fast-xml-parser';
 import { lastValueFrom } from 'rxjs';
 
@@ -25,7 +25,7 @@ export type OxErrorType = {
 };
 
 function isOxErrorType(err: unknown): err is OxErrorType {
-    if (
+    return !!(
         err &&
         typeof err === 'object' &&
         'response' in err &&
@@ -34,11 +34,7 @@ function isOxErrorType(err: unknown): err is OxErrorType {
         'data' in err.response &&
         typeof err.response.data === 'string' &&
         err.response.data
-    ) {
-        return true;
-    }
-
-    return false;
+    );
 }
 
 @Injectable()

diff --git a/src/shared/config/config.env.ts b/src/shared/config/config.env.ts
@@ -81,6 +81,8 @@ export default (): Config => ({
         ENDPOINT: process.env['OX_ENDPOINT'],
         USERNAME: process.env['OX_USERNAME'],
         PASSWORD: process.env['OX_PASSWORD'],
+        CONTEXT_ID: process.env['OX_CONTEXT_ID'],
+        CONTEXT_NAME: process.env['OX_CONTEXT_NAME'],
     },
     SYSTEM: {
         RENAME_WAITING_TIME_IN_SECONDS: process.env['SYSTEM_RENAME_WAITING_TIME_IN_SECONDS']

diff --git a/test/config.test.json b/test/config.test.json
@@ -76,7 +76,9 @@
         "ENABLED": false,
         "ENDPOINT": "https://ox_ip:ox_port/webservices/",
         "USERNAME": "username",
-        "PASSWORD": "password"
+        "PASSWORD": "password",
+        "CONTEXT_ID": "10",
+        "CONTEXT_NAME": "testContext"
     },
     "IMPORT": {
         "CSV_FILE_MAX_SIZE_IN_MB": 1,