Spsh 1195

.github/workflows/create-release.yml

@@ -34,14 +34,14 @@ jobs:
     uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-nest-test-sonarcloud.yaml@5
     with:
       node_version: '18'
-      timeout_minutes: 15
+      timeout_minutes: 20
     permissions:
       contents: read
     secrets: inherit
 
   release_image:
     name: "Publish image and scan with trivy"
-    needs: 
+    needs:
      - codeql_analyze
      - nest_lint
      - tests_and_sonarcloud
@@ -57,7 +57,7 @@ jobs:
       container_registry: "ghcr.io"
       fail_on_vulnerabilites: false
       report_location: "Dockerfile"
-  
+
   # Helm Chart
   scan_helm:
     uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-helm-kics.yaml@5
@@ -70,8 +70,8 @@ jobs:
     secrets: inherit
     with:
       chart_name: "dbildungs-iam-server"
-      helm_chart_version_generation: specified 
-      image_tag_generation: specified 
+      helm_chart_version_generation: specified
+      image_tag_generation: specified
       helm_chart_version: "${{ github.ref_name }}"
       image_tag: "${{ github.ref_name }}"
-      helm_repo_list: "bitnami,https://charts.bitnami.com/bitnami"
+      helm_repo_list: "bitnami,https://charts.bitnami.com/bitnami"

.gitignore

@@ -144,3 +144,4 @@ dist
 .vscode/settings.json
 
 mariadb/
+test/secrets.test.json

charts/dbildungs-iam-server/config/secrets.json

@@ -5,4 +5,4 @@
     "REDIS": {
         "PASSWORD": "password"
     }
-}
+}

charts/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl

@@ -86,21 +86,6 @@
               secretKeyRef:
                   name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
                   key: pi-user-realm
-          - name: SYSTEM_RENAME_WAITING_TIME_IN_SECONDS
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: system-rename-waiting-time-in-seconds
-          - name: SYSTEM_STEP_UP_TIMEOUT_IN_SECONDS
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: system-step-up-timeout-in-seconds
-          - name: SYSTEM_STEP_UP_TIMEOUT_ENABLED
-            valueFrom:
-              secretKeyRef:
-                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: system-step-up-timeout-enabled
           - name: REDIS_PASSWORD
             valueFrom:
               secretKeyRef:

charts/dbildungs-iam-server/templates/backend-servicemonitor.yaml

@@ -1,8 +1,8 @@
-{{if .Values.backend.serviceMonitor.enabled }}
+{{ if .Values.backend.serviceMonitor.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
-  name: {{ template "common.names.name" . }}-backend
+  name: {{ template "common.names.name" . }}
   namespace: {{ template "common.names.namespace" . }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
@@ -13,9 +13,11 @@ spec:
       - {{ include "common.names.namespace" . | quote }}
   selector:
     matchLabels:
-      app.kubernetes.io/name: {{ template "common.names.name" . }}-backend
+      app.kubernetes.io/name: {{ template "common.names.name" . }}
       app.kubernetes.io/component: server-backend
   endpoints:
     - port: {{ (index .Values.backend.serviceMonitor.endpoints 0).port }}
+      path: {{ .Values.backend.serviceMonitor.path }}
+      interval: {{ .Values.backend.serviceMonitor.interval }}
 {{ end }}
 

charts/dbildungs-iam-server/templates/configmap.yaml

@@ -21,3 +21,6 @@ data:
   LDAP_OEFFENTLICHE_SCHULEN_DOMAIN: "{{ .Values.ldap.oeffentlicheSchulenDomain }}"
   LDAP_ERSATZSCHULEN_DOMAIN: "{{ .Values.ldap.ersatzschulenDomain }}"
   STATUS_REDIRECT_URL: "{{ .Values.status.url }}"
+  SYSTEM_RENAME_WAITING_TIME_IN_SECONDS: "{{ .Values.backend.env.renameWaitingTimeInSeconds }}"
+  SYSTEM_STEP_UP_TIMEOUT_ENABLED: "{{ .Values.backend.env.stepUpTimeoutEnabled }}"
+  SYSTEM_STEP_UP_TIMEOUT_IN_SECONDS: "{{ .Values.backend.env.stepUpTimeoutInSeconds }}"

charts/dbildungs-iam-server/templates/secret.yaml

@@ -22,9 +22,6 @@ data:
   pi-admin-password: {{ .Values.auth.pi_admin_password }}
   pi-user-resolver: {{ .Values.auth.pi_user_resolver }}
   pi-user-realm: {{ .Values.auth.pi_user_realm }}
-  system-rename-waiting-time-in-seconds: {{ .Values.auth.system_rename_waiting_time_in_seconds }}
-  system-step-up-timeout-in-seconds: {{ .Values.auth.system_step_up_timeout_in_seconds }}
-  system-step-up-enabled: {{ .Values.auth.system_step_up_enabled }}
   secrets-json: {{ .Values.auth.secrets_json }}
   redis-password: {{ .Values.auth.redis_password }}
 {{- end }}

charts/dbildungs-iam-server/values.yaml

@@ -50,9 +50,6 @@ auth:
   pi_admin_password: ''
   pi_user_resolver: ''
   pi_user_realm: ''
-  system_rename_waiting_time_in_seconds: ''
-  system_step_up_timeout_in_seconds: ''
-  system_step_up_timeout_enabled: ''
   redis_password: ''
 
 backend:
@@ -114,6 +111,8 @@ backend:
       http: 80
   serviceMonitor:
     enabled: true
+    path: "/metrics"
+    interval: 30s
     endpoints:
       - port: 'web'
   extraEnvVars: []
@@ -127,6 +126,10 @@ backend:
       subPath: secrets-json
       name: secret-volume
   extraVolumeMounts: []
+  env:
+    renameWaitingTimeInSeconds: 3
+    stepUpTimeoutInSeconds: 900
+    stepUpTimeoutEnabled: 'false'
 
 redis:
   enabled: true