From 065dc113287c9794b6d08049ef07d445fadf406a Mon Sep 17 00:00:00 2001
From: dbildungs-iam-server-gha <dbildungs-iam-server@dbildungsplattform.de>
Date: Wed, 20 Nov 2024 14:58:29 +0000
Subject: [PATCH] dbildungs-iam-server

---
 automation/dbildungs-iam-server/Chart.lock    |  2 +-
 automation/dbildungs-iam-server/Chart.yaml    |  4 +--
 .../templates/_dbildungs-iam-server-envs.tpl  | 33 ++++++++++++++++---
 .../templates/backend-deployment.yaml         | 12 +++----
 .../templates/configmap.yaml                  | 10 ------
 .../templates/secret.yaml                     |  7 +++-
 automation/dbildungs-iam-server/values.yaml   | 28 ++++------------
 7 files changed, 49 insertions(+), 47 deletions(-)

diff --git a/automation/dbildungs-iam-server/Chart.lock b/automation/dbildungs-iam-server/Chart.lock
index 7ba37359a..58a5ec7d0 100644
--- a/automation/dbildungs-iam-server/Chart.lock
+++ b/automation/dbildungs-iam-server/Chart.lock
@@ -3,4 +3,4 @@ dependencies:
   repository: https://charts.bitnami.com/bitnami
   version: 11.0.6
 digest: sha256:790bafa04fe9c1cc9f772dc12fada16eb847c282f738fd23df09f665af93ec74
-generated: "2024-11-20T14:30:32.230974721Z"
+generated: "2024-11-20T14:57:52.391578784Z"
diff --git a/automation/dbildungs-iam-server/Chart.yaml b/automation/dbildungs-iam-server/Chart.yaml
index 3c9a7f1ae..b19756914 100644
--- a/automation/dbildungs-iam-server/Chart.yaml
+++ b/automation/dbildungs-iam-server/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: DBP-1066
+appVersion: SPSH-1288
 dependencies:
 - condition: redis-cluster.enabled
   name: redis-cluster
@@ -8,4 +8,4 @@ dependencies:
 description: dBildungs-IAM-server
 name: dbildungs-iam-server
 type: application
-version: 0.0.0-dbp-1066-20241120-1430
+version: 0.0.0-spsh-1288-20241120-1457
diff --git a/automation/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl b/automation/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl
index 995dc13fd..e6b03a7fd 100644
--- a/automation/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl
+++ b/automation/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl
@@ -36,6 +36,16 @@
               secretKeyRef:
                   name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
                   key: frontend-sessionSecret
+          - name: ITSLEARNING_ENABLED
+            valueFrom:
+              secretKeyRef:
+                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+                  key: itslearning-enabled
+          - name: ITSLEARNING_ENDPOINT
+            valueFrom:
+              secretKeyRef:
+                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+                  key: itslearning-endpoint
           - name: ITSLEARNING_USERNAME
             valueFrom:
               secretKeyRef:
@@ -46,16 +56,16 @@
               secretKeyRef:
                   name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
                   key: itslearning-password
-          - name: LDAP_BIND_DN
+          - name: LDAP_ADMIN_PASSWORD
             valueFrom:
               secretKeyRef:
                   name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: ldap-bind-dn
-          - name: LDAP_ADMIN_PASSWORD
+                  key: ldap-admin-password
+          - name: PI_BASE_URL
             valueFrom:
               secretKeyRef:
                   name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: ldap-admin-password
+                  key: pi-base-url
           - name: PI_ADMIN_USER
             valueFrom:
               secretKeyRef:
@@ -66,6 +76,21 @@
               secretKeyRef:
                   name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
                   key: pi-admin-password
+          - name: PI_USER_RESOLVER
+            valueFrom:
+              secretKeyRef:
+                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+                  key: pi-user-resolver
+          - name: PI_REALM
+            valueFrom:
+              secretKeyRef:
+                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+                  key: pi-user-realm
+          - name: PI_RENAME_WAITING_TIME
+            valueFrom:
+              secretKeyRef:
+                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+                  key: pi-rename-waiting-time
           - name: REDIS_PASSWORD
             valueFrom:
               secretKeyRef:
diff --git a/automation/dbildungs-iam-server/templates/backend-deployment.yaml b/automation/dbildungs-iam-server/templates/backend-deployment.yaml
index 7d5405891..0c5b14b06 100644
--- a/automation/dbildungs-iam-server/templates/backend-deployment.yaml
+++ b/automation/dbildungs-iam-server/templates/backend-deployment.yaml
@@ -22,12 +22,11 @@ spec:
     spec:
       automountServiceAccountToken: false
       initContainers:
-        {{- if .Values.backend.dbmigration.enabled }}
         - name: "{{ template "common.names.name" . }}-db-migration-apply"
           image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.backend.image.pullPolicy | default "Always" }}
           securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
-          command: {{ .Values.backend.dbmigration.command }}
+          command: [ "node", "dist/src/console/main.js", "db", "migration-apply" ]
           env:
             {{- include "dbildungs-iam-server-backend-envs" . | indent  12 }}
               {{- if .Values.backend.extraEnvVars }}
@@ -39,13 +38,11 @@ spec:
           volumeMounts:
             {{- toYaml .Values.backend.volumeMounts | nindent 12 }}
           resources: {{- toYaml .Values.backend.resources | nindent 12 }}
-        {{ end }}
-        {{- if .Values.backend.keycloakdatamigration.enabled }}
         - name: "{{ template "common.names.name" . }}-keycloak-data-migration"
           image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.backend.image.pullPolicy | default "Always" }}
           securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
-          command: {{ .Values.backend.keycloakdatamigration.command }}
+          command: [ "node", "dist/src/console/main.js", "keycloak", "update-clients", "dev" ]
           env:
             {{- include "dbildungs-iam-server-backend-envs" . | indent  12 }}
               {{- if .Values.backend.extraEnvVars }}
@@ -57,13 +54,12 @@ spec:
           volumeMounts:
             {{- toYaml .Values.backend.volumeMounts | nindent 12 }}
           resources: {{- toYaml .Values.backend.resources | nindent 12 }}
-        {{ end }}
         {{- if .Values.backend.dbseeding.enabled }}
         - name: db-seeding
           image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{.Values.imagePullPolicy | default "Always"}}
           securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
-          command: {{ .Values.backend.dbseeding.command }}
+          command: [ "node", "dist/src/console/main.js", "db", "seed", "dev" ]
           envFrom:
             - configMapRef:
                 name: {{ template "common.names.name" . }}
@@ -71,7 +67,7 @@ spec:
           volumeMounts:
             {{- toYaml .Values.backend.volumeMounts | nindent 12 }}
           resources: {{- toYaml .Values.backend.resources | nindent 12 }}
-        {{ end }}
+        {{end}}
       containers:
         - name: "{{ template "common.names.name" . }}-backend"
           image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}"
diff --git a/automation/dbildungs-iam-server/templates/configmap.yaml b/automation/dbildungs-iam-server/templates/configmap.yaml
index 8a2abcfd3..6b8d8ac73 100644
--- a/automation/dbildungs-iam-server/templates/configmap.yaml
+++ b/automation/dbildungs-iam-server/templates/configmap.yaml
@@ -8,7 +8,6 @@ metadata:
 data:
   config-json: |-
     {{ .Files.Get "config/config.json" | nindent 4 }}
-  # why is this node env
   NODE_ENV: "prod"
   DEPLOY_STAGE: {{ .Values.environment | quote }}
   DB_NAME: {{ .Values.database.name | quote }}
@@ -19,12 +18,3 @@ data:
   BACKEND_HOSTNAME: "{{ .Values.backendHostname }}"
   LDAP_URL: '{{ .Values.ldap.url | replace "spsh-xxx" .Release.Namespace }}'
   LDAP_BIND_DN: "{{ .Values.ldap.bindDN }}"
-  LDAP_OEFFENTLICHE_SCHULEN_DOMAIN: "{{ .Values.ldap.oeffentlicheSchulenDomain }}"
-  LDAP_ERSATZSCHULEN_DOMAIN: "{{ .Values.ldap.ersatzschulenDomain }}"
-  ITSLEARNING_ENABLED: "{{ .Values.itslearning.enabled }}"
-  ITSLEARNING_ENDPOINT: "{{ .Values.itslearning.endpoint }}"
-  PI_BASE_URL:  "{{ .Values.privacyidea.url }}"
-  PI_RENAME_WAITING_TIME:  "{{ .Values.privacyidea.renameWaitingTime }}"
-  PI_REALM: "{{ .Values.privacyidea.realm }}"
-  PI_USER_RESOLVER: "{{ .Values.privacyidea.userResolver }}"
-  
diff --git a/automation/dbildungs-iam-server/templates/secret.yaml b/automation/dbildungs-iam-server/templates/secret.yaml
index 677d8f793..51e46f34b 100644
--- a/automation/dbildungs-iam-server/templates/secret.yaml
+++ b/automation/dbildungs-iam-server/templates/secret.yaml
@@ -12,12 +12,17 @@ data:
   db-username: {{ .Values.database.username }}
   keycloak-adminSecret: {{ .Values.auth.keycloak_adminSecret }}
   keycloak-clientSecret: {{ .Values.auth.keycloak_clientSecret }}
-  ldap-bind-dn: {{ .Values.auth.ldap_bind_dn }}
   ldap-admin-password: {{ .Values.auth.ldap_admin_password }}
+  itslearning-enabled: {{ .Values.auth.itslearning_enabled }}
+  itslearning-endpoint: {{ .Values.auth.itslearning_endpoint }}
   itslearning-username: {{ .Values.auth.itslearning_username }}
   itslearning-password: {{ .Values.auth.itslearning_password }}
+  pi-base-url: {{ .Values.auth.pi_base_url }}
   pi-admin-user: {{ .Values.auth.pi_admin_user }}
   pi-admin-password: {{ .Values.auth.pi_admin_password }}
+  pi-user-resolver: {{ .Values.auth.pi_user_resolver }}
+  pi-user-realm: {{ .Values.auth.pi_user_realm }}
+  pi-rename-waiting-time: {{ .Values.auth.pi_rename_waiting_time }}
   secrets-json: {{ .Values.auth.secrets_json }}
   redis-password: {{ .Values.auth.redis_password }}
 {{- end }}
diff --git a/automation/dbildungs-iam-server/values.yaml b/automation/dbildungs-iam-server/values.yaml
index 3b297197a..32331b899 100644
--- a/automation/dbildungs-iam-server/values.yaml
+++ b/automation/dbildungs-iam-server/values.yaml
@@ -29,19 +29,6 @@ database:
 ldap:
   url: ldap://dbildungs-iam-ldap.spsh-xxx.svc.cluster.local
   bindDN: cn=admin,dc=schule-sh,dc=de
-  oeffentlicheSchulenDomain: schule-sh.de
-  ersatzschulenDomain: ersatzschule-sh.de
-
-itslearning:
-  enabled: false
-  endpoint: https://enterprise.itslintegrations.com/WCFServiceLibrary/ImsEnterpriseServicesPort.svc
-
-privacyidea:
-  url: https://privacyidea.dev.spsh.dbildungsplattform.de
-  renameWaitingTime: 5
-  realm: ucs_users
-  userResolver: ucs_users
-
 
 auth:
   # existingSecret: Refers to a secret already present in the cluster, which is required.
@@ -49,14 +36,19 @@ auth:
   secretName: dbildungs-iam-server
   keycloak_adminSecret: ''
   keycloak_clientSecret: ''
-  ldap_bind_dn: ''
   ldap_admin_password: ''
   secrets_json: ''
   frontend_sessionSecret: ''
+  itslearning_enabled: ''
+  itslearning_endpoint: ''
   itslearning_username: ''
   itslearning_password: ''
+  pi_base_url: ''
   pi_admin_user: ''
   pi_admin_password: ''
+  pi_user_resolver: ''
+  pi_user_realm: ''
+  pi_rename_waiting_time: ''
   redis_password: ''
 
 backend:
@@ -99,13 +91,7 @@ backend:
       path: '/health'
   dbseeding:
     enabled: true
-    command: [ "node", "dist/src/console/main.js", "db", "seed", "dev" ]
-  dbmigration:
-    enabled: true
-    command: [ "node", "dist/src/console/main.js", "db", "migration-apply" ]
-  keycloakdatamigration: 
-    enabled: true
-    command: [ "node", "dist/src/console/main.js", "keycloak", "update-clients", "dev" ]
+    command: ['node', 'dist/src/console/main.js', 'db', 'seed', 'dev', '']
   ingress:
     enabled: true
     ingressClassName: nginx