dbildungs-iam-server

automation/dbildungs-iam-server/Chart.lock

@@ -3,4 +3,4 @@ dependencies:
   repository: https://charts.bitnami.com/bitnami
   version: 20.3.0
 digest: sha256:a42635c8459b26a7c01fd2cfeeba7cbb250bef345be41c70b8bfcd0025379057
-generated: "2024-11-29T18:33:40.547592401Z"
+generated: "2024-11-30T10:40:14.786917079Z"

automation/dbildungs-iam-server/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: DBP-1066
+appVersion: SPSH-1501
 dependencies:
 - condition: redis.enabled
   name: redis
@@ -8,4 +8,4 @@ dependencies:
 description: dBildungs-IAM-server
 name: dbildungs-iam-server
 type: application
-version: 0.0.0-dbp-1066-20241129-1833
+version: 0.0.0-spsh-1501-20241130-1040

automation/dbildungs-iam-server/config/config.json

@@ -51,7 +51,7 @@
     "BACKEND_FOR_FRONTEND_MODULE_LOG_LEVEL": "debug"
   },
   "ITSLEARNING": {
-    "ENABLED": false,
+    "ENABLED": "false",
     "ENDPOINT": "https://itslearning.example.com",
     "USERNAME": "username",
     "PASSWORD": "password",
@@ -60,7 +60,7 @@
     "ROOT_ERSATZ": "ersatz"
   },
   "OX": {
-    "ENABLED": false,
+    "ENABLED": "false",
     "ENDPOINT": "https://ox_ip:ox_port/webservices/OXUserService",
     "CONTEXT_ID": "1337",
     "CONTEXT_NAME": "contextname",

automation/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl

@@ -36,6 +36,16 @@
               secretKeyRef:
                   name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
                   key: frontend-sessionSecret
+          - name: ITSLEARNING_ENABLED
+            valueFrom:
+              secretKeyRef:
+                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+                  key: itslearning-enabled
+          - name: ITSLEARNING_ENDPOINT
+            valueFrom:
+              secretKeyRef:
+                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+                  key: itslearning-endpoint
           - name: ITSLEARNING_USERNAME
             valueFrom:
               secretKeyRef:
@@ -46,16 +56,16 @@
               secretKeyRef:
                   name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
                   key: itslearning-password
-          - name: LDAP_BIND_DN
+          - name: LDAP_ADMIN_PASSWORD
             valueFrom:
               secretKeyRef:
                   name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: ldap-bind-dn
-          - name: LDAP_ADMIN_PASSWORD
+                  key: ldap-admin-password
+          - name: PI_BASE_URL
             valueFrom:
               secretKeyRef:
                   name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
-                  key: ldap-admin-password
+                  key: pi-base-url
           - name: PI_ADMIN_USER
             valueFrom:
               secretKeyRef:
@@ -66,6 +76,31 @@
               secretKeyRef:
                   name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
                   key: pi-admin-password
+          - name: PI_USER_RESOLVER
+            valueFrom:
+              secretKeyRef:
+                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+                  key: pi-user-resolver
+          - name: PI_REALM
+            valueFrom:
+              secretKeyRef:
+                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+                  key: pi-user-realm
+          - name: SYSTEM_RENAME_WAITING_TIME_IN_SECONDS
+            valueFrom:
+              secretKeyRef:
+                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+                  key: system-rename-waiting-time-in-seconds
+          - name: SYSTEM_STEP_UP_TIMEOUT_IN_SECONDS
+            valueFrom:
+              secretKeyRef:
+                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+                  key: system-step-up-timeout-in-seconds
+          - name: SYSTEM_STEP_UP_TIMEOUT_ENABLED
+            valueFrom:
+              secretKeyRef:
+                  name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
+                  key: system-step-up-timeout-enabled
           - name: REDIS_PASSWORD
             valueFrom:
               secretKeyRef:

automation/dbildungs-iam-server/templates/backend-deployment.yaml

@@ -22,12 +22,11 @@ spec:
     spec:
       automountServiceAccountToken: false
       initContainers:
-        {{- if .Values.backend.dbmigration.enabled }}
         - name: "{{ template "common.names.name" . }}-db-migration-apply"
           image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.backend.image.pullPolicy | default "Always" }}
           securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
-          command: {{ .Values.backend.dbmigration.command | toJson }}
+          command: [ "node", "dist/src/console/main.js", "db", "migration-apply" ]
           env:
             {{- include "dbildungs-iam-server-backend-envs" . | indent  12 }}
               {{- if .Values.backend.extraEnvVars }}
@@ -39,13 +38,11 @@ spec:
           volumeMounts:
             {{- toYaml .Values.backend.volumeMounts | nindent 12 }}
           resources: {{- toYaml .Values.backend.resources | nindent 12 }}
-        {{ end }}
-        {{- if .Values.backend.keycloakdatamigration.enabled }}
         - name: "{{ template "common.names.name" . }}-keycloak-data-migration"
           image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.backend.image.pullPolicy | default "Always" }}
           securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
-          command: {{ .Values.backend.keycloakdatamigration.command | toJson }}
+          command: [ "node", "dist/src/console/main.js", "keycloak", "update-clients", "dev" ]
           env:
             {{- include "dbildungs-iam-server-backend-envs" . | indent  12 }}
               {{- if .Values.backend.extraEnvVars }}
@@ -57,21 +54,20 @@ spec:
           volumeMounts:
             {{- toYaml .Values.backend.volumeMounts | nindent 12 }}
           resources: {{- toYaml .Values.backend.resources | nindent 12 }}
-        {{ end }}
         {{- if .Values.backend.dbseeding.enabled }}
         - name: db-seeding
           image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{.Values.imagePullPolicy | default "Always"}}
           securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
-          command: {{ .Values.backend.dbseeding.command | toJson }}
+          command: [ "node", "dist/src/console/main.js", "db", "seed", "dev" ]
           envFrom:
             - configMapRef:
                 name: {{ template "common.names.name" . }}
           env: {{- include "dbildungs-iam-server-backend-envs" . | indent  12}}
           volumeMounts:
             {{- toYaml .Values.backend.volumeMounts | nindent 12 }}
           resources: {{- toYaml .Values.backend.resources | nindent 12 }}
-        {{ end }}
+        {{end}}
       containers:
         - name: "{{ template "common.names.name" . }}-backend"
           image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}"

automation/dbildungs-iam-server/templates/configmap.yaml

@@ -20,16 +20,4 @@ data:
   LDAP_BIND_DN: "{{ .Values.ldap.bindDN }}"
   LDAP_OEFFENTLICHE_SCHULEN_DOMAIN: "{{ .Values.ldap.oeffentlicheSchulenDomain }}"
   LDAP_ERSATZSCHULEN_DOMAIN: "{{ .Values.ldap.ersatzschulenDomain }}"
-  ITSLEARNING_ENABLED: "{{ .Values.itslearning.enabled }}"
-  ITSLEARNING_ENDPOINT: "{{ .Values.itslearning.endpoint }}"
-  ITSLEARNING_ROOT: '{{ .Values.itslearning.root }}'
-  ITSLEARNING_ROOT_OEFFENTLICH: '{{ .Values.itslearning.rootOeffentlich }}'
-  ITSLEARNING_ROOT_ERSATZ: '{{ .Values.itslearning.rootErsatz }}'
-  PI_BASE_URL:  "{{ .Values.privacyidea.url }}"
-  PI_RENAME_WAITING_TIME:  "{{ .Values.privacyidea.renameWaitingTime }}"
-  PI_REALM: "{{ .Values.privacyidea.realm }}"
-  PI_USER_RESOLVER: "{{ .Values.privacyidea.userResolver }}"
   STATUS_REDIRECT_URL: "{{ .Values.status.url }}"
-  SYSTEM_RENAME_WAITING_TIME_IN_SECONDS: '{{ .Values.system.rename_waiting_time_in_seconds }}'
-  SYSTEM_STEP_UP_TIMEOUT_IN_SECONDS: '{{ .Values.system.step_up_timeout_in_seconds }}'
-  SYSTEM_STEP_UP_TIMEOUT_ENABLED: '{{ .Values.system.step_up_timeout_enabled }}'

automation/dbildungs-iam-server/templates/secret.yaml

@@ -12,12 +12,19 @@ data:
   db-username: {{ .Values.database.username }}
   keycloak-adminSecret: {{ .Values.auth.keycloak_adminSecret }}
   keycloak-clientSecret: {{ .Values.auth.keycloak_clientSecret }}
-  ldap-bind-dn: {{ .Values.auth.ldap_bind_dn }}
   ldap-admin-password: {{ .Values.auth.ldap_admin_password }}
+  itslearning-enabled: {{ .Values.auth.itslearning_enabled }}
+  itslearning-endpoint: {{ .Values.auth.itslearning_endpoint }}
   itslearning-username: {{ .Values.auth.itslearning_username }}
   itslearning-password: {{ .Values.auth.itslearning_password }}
+  pi-base-url: {{ .Values.auth.pi_base_url }}
   pi-admin-user: {{ .Values.auth.pi_admin_user }}
   pi-admin-password: {{ .Values.auth.pi_admin_password }}
+  pi-user-resolver: {{ .Values.auth.pi_user_resolver }}
+  pi-user-realm: {{ .Values.auth.pi_user_realm }}
+  system-rename-waiting-time-in-seconds: {{ .Values.auth.system_rename_waiting_time_in_seconds }}
+  system-step-up-timeout-in-seconds: {{ .Values.auth.system_step_up_timeout_in_seconds }}
+  system-step-up-enabled: {{ .Values.auth.system_step_up_enabled }}
   secrets-json: {{ .Values.auth.secrets_json }}
   redis-password: {{ .Values.auth.redis_password }}
 {{- end }}

automation/dbildungs-iam-server/values.yaml

@@ -32,38 +32,27 @@ ldap:
   oeffentlicheSchulenDomain: schule-sh.de
   ersatzschulenDomain: ersatzschule-sh.de
 
-itslearning:
-  enabled: false
-  endpoint: https://enterprise.itslintegrations.com/WCFServiceLibrary/ImsEnterpriseServicesPort.svc
-  root: sh
-  rootOeffentlich: oeffentlich
-  rootErsatz: ersatz
-
-privacyidea:
-  url: https://privacyidea.dev.spsh.dbildungsplattform.de
-  renameWaitingTime: 5
-  realm: ucs_users
-  userResolver: ucs_users
-
-system:
-  rename_waiting_time_in_seconds: 2
-  step_up_timeout_in_seconds: 900
-  step_up_timeout_enabled: false
-
 auth:
   # existingSecret: Refers to a secret already present in the cluster, which is required.
   existingSecret: ''
   secretName: dbildungs-iam-server
   keycloak_adminSecret: ''
   keycloak_clientSecret: ''
-  ldap_bind_dn: ''
   ldap_admin_password: ''
   secrets_json: ''
   frontend_sessionSecret: ''
+  itslearning_enabled: ''
+  itslearning_endpoint: ''
   itslearning_username: ''
   itslearning_password: ''
+  pi_base_url: ''
   pi_admin_user: ''
   pi_admin_password: ''
+  pi_user_resolver: ''
+  pi_user_realm: ''
+  system_rename_waiting_time_in_seconds: ''
+  system_step_up_timeout_in_seconds: ''
+  system_step_up_timeout_enabled: ''
   redis_password: ''
 
 backend:
@@ -106,13 +95,7 @@ backend:
       path: '/health'
   dbseeding:
     enabled: true
-    command: [ "node", "dist/src/console/main.js", "db", "seed", "dev" ]
-  dbmigration:
-    enabled: true
-    command: [ "node", "dist/src/console/main.js", "db", "migration-apply" ]
-  keycloakdatamigration: 
-    enabled: true
-    command: [ "node", "dist/src/console/main.js", "keycloak", "update-clients", "dev" ]
+    command: ['node', 'dist/src/console/main.js', 'db', 'seed', 'dev', '']
   ingress:
     enabled: true
     ingressClassName: nginx