dbildungs-iam-server

automation/dbildungs-iam-server/Chart.lock

@@ -3,4 +3,4 @@ dependencies:
   repository: https://charts.bitnami.com/bitnami
   version: 11.0.6
 digest: sha256:790bafa04fe9c1cc9f772dc12fada16eb847c282f738fd23df09f665af93ec74
-generated: "2024-11-20T13:48:52.238887665Z"
+generated: "2024-11-20T14:07:50.31141806Z"

automation/dbildungs-iam-server/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: DBP-1081
+appVersion: SPSH-1137
 dependencies:
 - condition: redis-cluster.enabled
   name: redis-cluster
@@ -8,4 +8,4 @@ dependencies:
 description: dBildungs-IAM-server
 name: dbildungs-iam-server
 type: application
-version: 0.0.0-dbp-1081-20241120-1348
+version: 0.0.0-spsh-1137-20241120-1407

automation/dbildungs-iam-server/config/config.json

@@ -1,81 +1,89 @@
 {
-  "HOST": {
-    "PORT": 8080
-  },
-  "FRONTEND": {
-    "PORT": 8080,
-    "SECURE_COOKIE": true,
-    "SESSION_SECRET": "SessionSecretForDevelopment",
-    "SESSION_TTL_MS": 3600000,
-    "BACKEND_ADDRESS": "http://dbildungs-iam-server-backend:80",
-    "DEFAULT_AUTH_REDIRECT": "/",
-    "TRUST_PROXY": 1,
-    "ERROR_PAGE_REDIRECT": "/login-error"
-  },
-  "DB": {
-    "USE_SSL": true
-  },
-  "KEYCLOAK": {
-    "ADMIN_REALM_NAME": "SPSH",
-    "REALM_NAME": "SPSH",
-    "ADMIN_CLIENT_ID": "spsh-admin",
-    "CLIENT_ID": "spsh",
-    "TEST_CLIENT_ID": "spsh-test",
-    "SERVICE_CLIENT_ID": "spsh-service"
-  },
-  "REDIS": {
-    "HOST": "dbildungs-iam-server-redis-cluster",
-    "PORT": 6379,
-    "USERNAME": "default",
-    "PASSWORD": "",
-    "USE_TLS": false,
-    "CLUSTERED": true
-  },
-  "LDAP": {
-    "URL": "ldap://spsh-xxx.svc.cluster.local",
-    "BIND_DN": "cn=admin,dc=schule-sh,dc=de",
-    "ADMIN_PASSWORD": "password"
-  },
-  "DATA": {
-    "ROOT_ORGANISATION_ID": "d39cb7cf-2f9b-45f1-849f-973661f2f057"
-  },
-  "LOGGING": {
-    "DEFAULT_LOG_LEVEL": "info",
-    "PERSON_MODULE_LOG_LEVEL": "debug",
-    "PERSON_API_MODULE_LOG_LEVEL": "debug",
-    "ORGANISATION_MODULE_LOG_LEVEL": "debug",
-    "ORGANISATION_API_MODULE_LOG_LEVEL": "debug",
-    "ROLLE_MODULE_LOG_LEVEL": "debug",
-    "ROLLE_API_MODULE_LOG_LEVEL": "debug",
-    "KEYCLOAK_ADMINISTRATION_MODULE_LOG_LEVEL": "debug",
-    "HEALTH_MODULE_LOG_LEVEL": "debug",
-    "BACKEND_FOR_FRONTEND_MODULE_LOG_LEVEL": "debug"
-  },
-  "ITSLEARNING": {
-    "ENABLED": "false",
-    "ENDPOINT": "https://itslearning.example.com",
-    "USERNAME": "username",
-    "PASSWORD": "password",
-    "ROOT": "sh",
-    "ROOT_OEFFENTLICH": "oeffentlich",
-    "ROOT_ERSATZ": "ersatz"
-  },
-  "OX": {
-    "ENABLED": "false",
-    "ENDPOINT": "https://ox_ip:ox_port/webservices/OXUserService",
-    "CONTEXT_ID": "1337",
-    "CONTEXT_NAME": "contextname",
-    "USERNAME": "username",
-    "PASSWORD": "password"
-  },
-  "PRIVACYIDEA": {
-    "ENDPOINT": "http://localhost:5000",
-    "USERNAME": "admin",
-    "PASSWORD": "admin",
-    "USER_RESOLVER": "mariadb_resolver",
-    "REALM": "defrealm"
-  },
-  "IMPORT": {
-    "IMPORT_FILE_MAXGROESSE_IN_MB": 10
-  }
+    "HOST": {
+        "PORT": 8080
+    },
+    "FRONTEND": {
+        "PORT": 8080,
+        "SECURE_COOKIE": true,
+        "SESSION_SECRET": "SessionSecretForDevelopment",
+        "SESSION_TTL_MS": 3600000,
+        "BACKEND_ADDRESS": "http://dbildungs-iam-server-backend:80",
+        "DEFAULT_AUTH_REDIRECT": "/",
+        "TRUST_PROXY": 1,
+        "ERROR_PAGE_REDIRECT": "/login-error"
+    },
+    "DB": {
+        "USE_SSL": true
+    },
+    "KEYCLOAK": {
+        "ADMIN_REALM_NAME": "SPSH",
+        "REALM_NAME": "SPSH",
+        "ADMIN_CLIENT_ID": "spsh-admin",
+        "CLIENT_ID": "spsh",
+        "TEST_CLIENT_ID": "spsh-test",
+        "SERVICE_CLIENT_ID": "spsh-service"
+    },
+    "REDIS": {
+        "HOST": "dbildungs-iam-server-redis-cluster",
+        "PORT": 6379,
+        "USERNAME": "default",
+        "PASSWORD": "",
+        "USE_TLS": false,
+        "CLUSTERED": true
+    },
+    "LDAP": {
+        "URL": "ldap://spsh-xxx.svc.cluster.local",
+        "BIND_DN": "cn=admin,dc=schule-sh,dc=de",
+        "ADMIN_PASSWORD": "password"
+    },
+    "DATA": {
+        "ROOT_ORGANISATION_ID": "d39cb7cf-2f9b-45f1-849f-973661f2f057"
+    },
+    "LOGGING": {
+        "DEFAULT_LOG_LEVEL": "info",
+        "PERSON_MODULE_LOG_LEVEL": "debug",
+        "PERSON_API_MODULE_LOG_LEVEL": "debug",
+        "ORGANISATION_MODULE_LOG_LEVEL": "debug",
+        "ORGANISATION_API_MODULE_LOG_LEVEL": "debug",
+        "ROLLE_MODULE_LOG_LEVEL": "debug",
+        "ROLLE_API_MODULE_LOG_LEVEL": "debug",
+        "KEYCLOAK_ADMINISTRATION_MODULE_LOG_LEVEL": "debug",
+        "HEALTH_MODULE_LOG_LEVEL": "debug",
+        "BACKEND_FOR_FRONTEND_MODULE_LOG_LEVEL": "debug"
+    },
+    "ITSLEARNING": {
+        "ENABLED": "false",
+        "ENDPOINT": "https://itslearning.example.com",
+        "USERNAME": "username",
+        "PASSWORD": "password",
+        "ROOT": "sh",
+        "ROOT_OEFFENTLICH": "oeffentlich",
+        "ROOT_ERSATZ": "ersatz"
+    },
+    "OX": {
+        "ENABLED": "false",
+        "ENDPOINT": "https://ox_ip:ox_port/webservices/OXUserService",
+        "CONTEXT_ID": "1337",
+        "CONTEXT_NAME": "contextname",
+        "USERNAME": "username",
+        "PASSWORD": "password"
+    },
+    "PRIVACYIDEA": {
+        "ENDPOINT": "http://localhost:5000",
+        "USERNAME": "admin",
+        "PASSWORD": "admin",
+        "USER_RESOLVER": "mariadb_resolver",
+        "REALM": "defrealm"
+    },
+    "VIDIS": {
+        "BASE_URL": "https://service-stage.vidis.schule",
+        "USERNAME": "",
+        "PASSWORD": "",
+        "REGION_NAME": "test-region",
+        "KEYCLOAK_GROUP": "VIDIS-service",
+        "KEYCLOAK_ROLE": "VIDIS-user"
+    },
+    "IMPORT": {
+        "IMPORT_FILE_MAXGROESSE_IN_MB": 10
+    }
 }

automation/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl

@@ -96,4 +96,34 @@
               secretKeyRef:
                   name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
                   key: redis-password
+          - name: VIDIS_BASE_URL
+            valueFrom:
+              secretKeyRef:
+                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+                  key: vidis-base-url
+          - name: VIDIS_USERNAME
+            valueFrom:
+              secretKeyRef:
+                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+                  key: vidis-username
+          - name: VIDIS_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+                  key: vidis-password
+          - name: VIDIS_REGION_NAME
+            valueFrom:
+              secretKeyRef:
+                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+                  key: vidis-region-name
+          - name: VIDIS_KEYCLOAK_GROUP
+            valueFrom:
+              secretKeyRef:
+                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+                  key: vidis-keycloak-group
+          - name: VIDIS_KEYCLOAK_ROLE
+            valueFrom:
+              secretKeyRef:
+                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+                  key: vidis-keycloak-role
 {{- end}}

automation/dbildungs-iam-server/templates/configmap.yaml

@@ -18,5 +18,3 @@ data:
   BACKEND_HOSTNAME: "{{ .Values.backendHostname }}"
   LDAP_URL: '{{ .Values.ldap.url | replace "spsh-xxx" .Release.Namespace }}'
   LDAP_BIND_DN: "{{ .Values.ldap.bindDN }}"
-  LDAP_OEFFENTLICHE_SCHULEN_DOMAIN: "{{ .Values.ldap.oeffentlicheSchulenDomain }}"
-  LDAP_ERSATZSCHULEN_DOMAIN: "{{ .Values.ldap.ersatzschulenDomain }}"

automation/dbildungs-iam-server/templates/secret.yaml

@@ -25,4 +25,10 @@ data:
   pi-rename-waiting-time: {{ .Values.auth.pi_rename_waiting_time }}
   secrets-json: {{ .Values.auth.secrets_json }}
   redis-password: {{ .Values.auth.redis_password }}
+  vidis-base-url: {{ .Values.auth.vidis_base_url }}
+  vidis-username: {{ .Values.auth.vidis_username }}
+  vidis-password: {{ .Values.auth.vidis_password }}
+  vidis-region-name: {{ .Values.auth.vidis_region_name }}
+  vidis-keycloak-group: {{ .Values.auth.vidis_keycloak_group }}
+  vidis-keycloak-role: {{ .Values.auth.vidis_keycloak_role }}
 {{- end }}

automation/dbildungs-iam-server/values.yaml

@@ -29,8 +29,6 @@ database:
 ldap:
   url: ldap://dbildungs-iam-ldap.spsh-xxx.svc.cluster.local
   bindDN: cn=admin,dc=schule-sh,dc=de
-  oeffentlicheSchulenDomain: schule-sh.de
-  ersatzschulenDomain: ersatzschule-sh.de
 
 auth:
   # existingSecret: Refers to a secret already present in the cluster, which is required.
@@ -52,6 +50,12 @@ auth:
   pi_user_realm: ''
   pi_rename_waiting_time: ''
   redis_password: ''
+  vidis_base_url: ''
+  vidis_username: ''
+  vidis_password: ''
+  vidis_region_name: ''
+  vidis_keycloak_group: ''
+  vidis_keycloak_role: ''
 
 backend:
   replicaCount: 1
@@ -70,8 +74,8 @@ backend:
       memory: 200Mi
   startupProbe:
     enabled: true
-    initialDelaySeconds: 10
-    periodSeconds: 10
+    initialDelaySeconds: 60
+    periodSeconds: 60
     failureThreshold: 5
     httpGet:
       scheme: 'HTTP'
@@ -126,11 +130,10 @@ backend:
       name: secret-volume
   extraVolumeMounts: []
 
-
 # Reference: https://github.com/bitnami/charts/tree/main/bitnami/redis-cluster
 redis-cluster:
   enabled: true
-  persistence: 
+  persistence:
     enabled: false
     size: 4Gi
   image:
@@ -139,14 +142,14 @@ redis-cluster:
     tag: 7.4
   existingSecret: dbildungs-iam-server-redis
   cluster:
-      ## This is total number of nodes including the replicas. Meaning there will be 3 master and 3 replica
-      ## nodes (as replica count is set to 1 by default, there will be 1 replica per master node).
-      ## Hence, nodes = numberOfMasterNodes + numberOfMasterNodes * replicas
-      ## The number of master nodes should always be >= 3, otherwise cluster creation will fail
-      nodes: 6
-      # for staging and prod this could get increased
-      ## @param cluster.replicas Number of replicas for every master in the cluster
-      replicas: 1
+    ## This is total number of nodes including the replicas. Meaning there will be 3 master and 3 replica
+    ## nodes (as replica count is set to 1 by default, there will be 1 replica per master node).
+    ## Hence, nodes = numberOfMasterNodes + numberOfMasterNodes * replicas
+    ## The number of master nodes should always be >= 3, otherwise cluster creation will fail
+    nodes: 6
+    # for staging and prod this could get increased
+    ## @param cluster.replicas Number of replicas for every master in the cluster
+    replicas: 1
   networkPolicy:
     enabled: false
   pdb:
@@ -157,9 +160,9 @@ redis-cluster:
   tls:
     enabled: false
   podLabels:
-      app.kubernetes.io/component: server-redis
+    app.kubernetes.io/component: server-redis
   commonLabels:
-    app.kubernetes.io/name: dbildungs-iam-server 
+    app.kubernetes.io/name: dbildungs-iam-server
   resources:
     limits:
       cpu: 300m
@@ -169,9 +172,9 @@ redis-cluster:
       memory: 128Mi
   metrics:
     enabled: true
-   
+
 autoscaling:
   enabled: false
   minReplicas: 1
   maxReplicas: 5
-  targetCPUUtilizationPercentage: 60
+  targetCPUUtilizationPercentage: 60