SPSH-1137

charts/dbildungs-iam-server/config/config.json

@@ -1,81 +1,89 @@
 {
-  "HOST": {
-    "PORT": 8080
-  },
-  "FRONTEND": {
-    "PORT": 8080,
-    "SECURE_COOKIE": true,
-    "SESSION_SECRET": "SessionSecretForDevelopment",
-    "SESSION_TTL_MS": 3600000,
-    "BACKEND_ADDRESS": "http://dbildungs-iam-server-backend:80",
-    "DEFAULT_AUTH_REDIRECT": "/",
-    "TRUST_PROXY": 1,
-    "ERROR_PAGE_REDIRECT": "/login-error"
-  },
-  "DB": {
-    "USE_SSL": true
-  },
-  "KEYCLOAK": {
-    "ADMIN_REALM_NAME": "SPSH",
-    "REALM_NAME": "SPSH",
-    "ADMIN_CLIENT_ID": "spsh-admin",
-    "CLIENT_ID": "spsh",
-    "TEST_CLIENT_ID": "spsh-test",
-    "SERVICE_CLIENT_ID": "spsh-service"
-  },
-  "REDIS": {
-    "HOST": "dbildungs-iam-server-redis-cluster",
-    "PORT": 6379,
-    "USERNAME": "default",
-    "PASSWORD": "",
-    "USE_TLS": false,
-    "CLUSTERED": true
-  },
-  "LDAP": {
-    "URL": "ldap://spsh-xxx.svc.cluster.local",
-    "BIND_DN": "cn=admin,dc=schule-sh,dc=de",
-    "ADMIN_PASSWORD": "password"
-  },
-  "DATA": {
-    "ROOT_ORGANISATION_ID": "d39cb7cf-2f9b-45f1-849f-973661f2f057"
-  },
-  "LOGGING": {
-    "DEFAULT_LOG_LEVEL": "info",
-    "PERSON_MODULE_LOG_LEVEL": "debug",
-    "PERSON_API_MODULE_LOG_LEVEL": "debug",
-    "ORGANISATION_MODULE_LOG_LEVEL": "debug",
-    "ORGANISATION_API_MODULE_LOG_LEVEL": "debug",
-    "ROLLE_MODULE_LOG_LEVEL": "debug",
-    "ROLLE_API_MODULE_LOG_LEVEL": "debug",
-    "KEYCLOAK_ADMINISTRATION_MODULE_LOG_LEVEL": "debug",
-    "HEALTH_MODULE_LOG_LEVEL": "debug",
-    "BACKEND_FOR_FRONTEND_MODULE_LOG_LEVEL": "debug"
-  },
-  "ITSLEARNING": {
-    "ENABLED": "false",
-    "ENDPOINT": "https://itslearning.example.com",
-    "USERNAME": "username",
-    "PASSWORD": "password",
-    "ROOT": "sh",
-    "ROOT_OEFFENTLICH": "oeffentlich",
-    "ROOT_ERSATZ": "ersatz"
-  },
-  "OX": {
-    "ENABLED": "false",
-    "ENDPOINT": "https://ox_ip:ox_port/webservices/OXUserService",
-    "CONTEXT_ID": "1337",
-    "CONTEXT_NAME": "contextname",
-    "USERNAME": "username",
-    "PASSWORD": "password"
-  },
-  "PRIVACYIDEA": {
-    "ENDPOINT": "http://localhost:5000",
-    "USERNAME": "admin",
-    "PASSWORD": "admin",
-    "USER_RESOLVER": "mariadb_resolver",
-    "REALM": "defrealm"
-  },
-  "IMPORT": {
-    "IMPORT_FILE_MAXGROESSE_IN_MB": 10
-  }
+    "HOST": {
+        "PORT": 8080
+    },
+    "FRONTEND": {
+        "PORT": 8080,
+        "SECURE_COOKIE": true,
+        "SESSION_SECRET": "SessionSecretForDevelopment",
+        "SESSION_TTL_MS": 3600000,
+        "BACKEND_ADDRESS": "http://dbildungs-iam-server-backend:80",
+        "DEFAULT_AUTH_REDIRECT": "/",
+        "TRUST_PROXY": 1,
+        "ERROR_PAGE_REDIRECT": "/login-error"
+    },
+    "DB": {
+        "USE_SSL": true
+    },
+    "KEYCLOAK": {
+        "ADMIN_REALM_NAME": "SPSH",
+        "REALM_NAME": "SPSH",
+        "ADMIN_CLIENT_ID": "spsh-admin",
+        "CLIENT_ID": "spsh",
+        "TEST_CLIENT_ID": "spsh-test",
+        "SERVICE_CLIENT_ID": "spsh-service"
+    },
+    "REDIS": {
+        "HOST": "dbildungs-iam-server-redis-cluster",
+        "PORT": 6379,
+        "USERNAME": "default",
+        "PASSWORD": "",
+        "USE_TLS": false,
+        "CLUSTERED": true
+    },
+    "LDAP": {
+        "URL": "ldap://spsh-xxx.svc.cluster.local",
+        "BIND_DN": "cn=admin,dc=schule-sh,dc=de",
+        "ADMIN_PASSWORD": "password"
+    },
+    "DATA": {
+        "ROOT_ORGANISATION_ID": "d39cb7cf-2f9b-45f1-849f-973661f2f057"
+    },
+    "LOGGING": {
+        "DEFAULT_LOG_LEVEL": "info",
+        "PERSON_MODULE_LOG_LEVEL": "debug",
+        "PERSON_API_MODULE_LOG_LEVEL": "debug",
+        "ORGANISATION_MODULE_LOG_LEVEL": "debug",
+        "ORGANISATION_API_MODULE_LOG_LEVEL": "debug",
+        "ROLLE_MODULE_LOG_LEVEL": "debug",
+        "ROLLE_API_MODULE_LOG_LEVEL": "debug",
+        "KEYCLOAK_ADMINISTRATION_MODULE_LOG_LEVEL": "debug",
+        "HEALTH_MODULE_LOG_LEVEL": "debug",
+        "BACKEND_FOR_FRONTEND_MODULE_LOG_LEVEL": "debug"
+    },
+    "ITSLEARNING": {
+        "ENABLED": "false",
+        "ENDPOINT": "https://itslearning.example.com",
+        "USERNAME": "username",
+        "PASSWORD": "password",
+        "ROOT": "sh",
+        "ROOT_OEFFENTLICH": "oeffentlich",
+        "ROOT_ERSATZ": "ersatz"
+    },
+    "OX": {
+        "ENABLED": "false",
+        "ENDPOINT": "https://ox_ip:ox_port/webservices/OXUserService",
+        "CONTEXT_ID": "1337",
+        "CONTEXT_NAME": "contextname",
+        "USERNAME": "username",
+        "PASSWORD": "password"
+    },
+    "PRIVACYIDEA": {
+        "ENDPOINT": "http://localhost:5000",
+        "USERNAME": "admin",
+        "PASSWORD": "admin",
+        "USER_RESOLVER": "mariadb_resolver",
+        "REALM": "defrealm"
+    },
+    "VIDIS": {
+        "BASE_URL": "https://service-stage.vidis.schule",
+        "USERNAME": "",
+        "PASSWORD": "",
+        "REGION_NAME": "test-region",
+        "KEYCLOAK_GROUP": "VIDIS-service",
+        "KEYCLOAK_ROLE": "VIDIS-user"
+    },
+    "IMPORT": {
+        "IMPORT_FILE_MAXGROESSE_IN_MB": 10
+    }
 }

charts/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl

@@ -96,4 +96,34 @@
               secretKeyRef:
                   name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
                   key: redis-password
+          - name: VIDIS_BASE_URL
+            valueFrom:
+              secretKeyRef:
+                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+                  key: vidis-base-url
+          - name: VIDIS_USERNAME
+            valueFrom:
+              secretKeyRef:
+                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+                  key: vidis-username
+          - name: VIDIS_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+                  key: vidis-password
+          - name: VIDIS_REGION_NAME
+            valueFrom:
+              secretKeyRef:
+                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+                  key: vidis-region-name
+          - name: VIDIS_KEYCLOAK_GROUP
+            valueFrom:
+              secretKeyRef:
+                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+                  key: vidis-keycloak-group
+          - name: VIDIS_KEYCLOAK_ROLE
+            valueFrom:
+              secretKeyRef:
+                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+                  key: vidis-keycloak-role
 {{- end}}

charts/dbildungs-iam-server/templates/secret.yaml

@@ -25,4 +25,10 @@ data:
   pi-rename-waiting-time: {{ .Values.auth.pi_rename_waiting_time }}
   secrets-json: {{ .Values.auth.secrets_json }}
   redis-password: {{ .Values.auth.redis_password }}
+  vidis-base-url: {{ .Values.auth.vidis_base_url }}
+  vidis-username: {{ .Values.auth.vidis_username }}
+  vidis-password: {{ .Values.auth.vidis_password }}
+  vidis-region-name: {{ .Values.auth.vidis_region_name }}
+  vidis-keycloak-group: {{ .Values.auth.vidis_keycloak_group }}
+  vidis-keycloak-role: {{ .Values.auth.vidis_keycloak_role }}
 {{- end }}

charts/dbildungs-iam-server/values.yaml

@@ -50,6 +50,12 @@ auth:
   pi_user_realm: ''
   pi_rename_waiting_time: ''
   redis_password: ''
+  vidis_base_url: ''
+  vidis_username: ''
+  vidis_password: ''
+  vidis_region_name: ''
+  vidis_keycloak_group: ''
+  vidis_keycloak_role: ''
 
 backend:
   replicaCount: 1
@@ -124,11 +130,10 @@ backend:
       name: secret-volume
   extraVolumeMounts: []
 
-
 # Reference: https://github.com/bitnami/charts/tree/main/bitnami/redis-cluster
 redis-cluster:
   enabled: true
-  persistence: 
+  persistence:
     enabled: false
     size: 4Gi
   image:
@@ -137,14 +142,14 @@ redis-cluster:
     tag: 7.4
   existingSecret: dbildungs-iam-server-redis
   cluster:
-      ## This is total number of nodes including the replicas. Meaning there will be 3 master and 3 replica
-      ## nodes (as replica count is set to 1 by default, there will be 1 replica per master node).
-      ## Hence, nodes = numberOfMasterNodes + numberOfMasterNodes * replicas
-      ## The number of master nodes should always be >= 3, otherwise cluster creation will fail
-      nodes: 6
-      # for staging and prod this could get increased
-      ## @param cluster.replicas Number of replicas for every master in the cluster
-      replicas: 1
+    ## This is total number of nodes including the replicas. Meaning there will be 3 master and 3 replica
+    ## nodes (as replica count is set to 1 by default, there will be 1 replica per master node).
+    ## Hence, nodes = numberOfMasterNodes + numberOfMasterNodes * replicas
+    ## The number of master nodes should always be >= 3, otherwise cluster creation will fail
+    nodes: 6
+    # for staging and prod this could get increased
+    ## @param cluster.replicas Number of replicas for every master in the cluster
+    replicas: 1
   networkPolicy:
     enabled: false
   pdb:
@@ -155,9 +160,9 @@ redis-cluster:
   tls:
     enabled: false
   podLabels:
-      app.kubernetes.io/component: server-redis
+    app.kubernetes.io/component: server-redis
   commonLabels:
-    app.kubernetes.io/name: dbildungs-iam-server 
+    app.kubernetes.io/name: dbildungs-iam-server
   resources:
     limits:
       cpu: 300m
@@ -174,5 +179,5 @@ redis-cluster:
       requests:
         cpu: 50m
         memory: 64Mi
-    serviceMonitor: 
-        enabled: true
+    serviceMonitor:
+      enabled: true

config/config.json

@@ -86,6 +86,14 @@
         "REALM": "defrealm",
         "RENAME_WAITING_TIME_IN_SECONDS": 5
     },
+    "VIDIS": {
+        "BASE_URL": "https://service-stage.vidis.schule",
+        "USERNAME": "username",
+        "PASSWORD": "password",
+        "REGION_NAME": "test-region",
+        "KEYCLOAK_GROUP": "VIDIS-service",
+        "KEYCLOAK_ROLE": "VIDIS-user"
+    },
     "IMPORT": {
         "IMPORT_FILE_MAXGROESSE_IN_MB": 10
     }