diff --git a/.github/environments/values.dev.yaml b/.github/environments/values.dev.yaml index f73b4534..faa53aa9 100644 --- a/.github/environments/values.dev.yaml +++ b/.github/environments/values.dev.yaml @@ -27,7 +27,6 @@ config: SERVER_PORT: "8080" SERVER_SSO_APIPATH: https://api.loginproxy.gov.bc.ca/api/v1 SERVER_SSO_TOKENURL: https://loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/token - SERVER_SSO_CLIENTID: service-account-team-1850-5484 SERVER_SSO_INTEGRATION: "5138" patroni: diff --git a/.github/environments/values.prod.yaml b/.github/environments/values.prod.yaml index e5418d25..85a5a09d 100644 --- a/.github/environments/values.prod.yaml +++ b/.github/environments/values.prod.yaml @@ -27,7 +27,6 @@ config: SERVER_PORT: "8080" SERVER_SSO_APIPATH: https://api.loginproxy.gov.bc.ca/api/v1 SERVER_SSO_TOKENURL: https://loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/token - SERVER_SSO_CLIENTID: service-account-team-1850-5484 SERVER_SSO_INTEGRATION: "5138" patroni: diff --git a/.github/environments/values.test.yaml b/.github/environments/values.test.yaml index 59df8e55..3d83fffa 100644 --- a/.github/environments/values.test.yaml +++ b/.github/environments/values.test.yaml @@ -27,7 +27,6 @@ config: SERVER_PORT: "8080" SERVER_SSO_APIPATH: https://api.loginproxy.gov.bc.ca/api/v1 SERVER_SSO_TOKENURL: https://loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/token - SERVER_SSO_CLIENTID: service-account-team-1850-5484 SERVER_SSO_INTEGRATION: "5138" patroni: diff --git a/charts/pcns/Chart.yaml b/charts/pcns/Chart.yaml index 203a3f1c..6f6aebb0 100644 --- a/charts/pcns/Chart.yaml +++ b/charts/pcns/Chart.yaml @@ -3,7 +3,7 @@ name: nr-permitconnect-navigator-service # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.10 +version: 0.0.11 kubeVersion: ">= 1.13.0" description: PermitConnect Navigator Service # A chart can be either an 'application' or a 'library' chart. diff --git a/charts/pcns/README.md b/charts/pcns/README.md index 47e93ea5..1ed62f7b 100644 --- a/charts/pcns/README.md +++ b/charts/pcns/README.md @@ -1,6 +1,6 @@ # nr-permitconnect-navigator-service -![Version: 0.0.10](https://img.shields.io/badge/Version-0.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.3.0](https://img.shields.io/badge/AppVersion-0.3.0-informational?style=flat-square) +![Version: 0.0.11](https://img.shields.io/badge/Version-0.0.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.3.0](https://img.shields.io/badge/AppVersion-0.3.0-informational?style=flat-square) PermitConnect Navigator Service @@ -35,7 +35,7 @@ Kubernetes: `>= 1.13.0` | autoscaling.targetCPUUtilizationPercentage | int | `80` | | | chesSecretOverride.password | string | `nil` | | | chesSecretOverride.username | string | `nil` | | -| config.configMap | object | `{"FRONTEND_APIPATH":"api/v1","FRONTEND_CHES_ROADMAP_BCC":null,"FRONTEND_CHES_SUBMISSION_CC":null,"FRONTEND_COMS_APIPATH":null,"FRONTEND_COMS_BUCKETID":null,"FRONTEND_GEOCODER_APIPATH":null,"FRONTEND_OIDC_AUTHORITY":null,"FRONTEND_OIDC_CLIENTID":null,"FRONTEND_OPENSTREETMAP_APIPATH":null,"FRONTEND_ORGBOOK_APIPATH":null,"SERVER_APIPATH":"/api/v1","SERVER_BODYLIMIT":"30mb","SERVER_CHEFS_APIPATH":null,"SERVER_CHES_APIPATH":null,"SERVER_CHES_TOKENURL":null,"SERVER_DB_HOST":null,"SERVER_DB_POOL_MAX":"10","SERVER_DB_POOL_MIN":"2","SERVER_DB_PORT":"5432","SERVER_ENV":null,"SERVER_LOGLEVEL":"http","SERVER_OIDC_AUTHORITY":null,"SERVER_OIDC_IDENTITYKEY":null,"SERVER_OIDC_PUBLICKEY":null,"SERVER_PORT":"8080"}` | These values will be wholesale added to the configmap as is; refer to the pcns documentation for what each of these values mean and whether you need them defined. Ensure that all values are represented explicitly as strings, as non-string values will not translate over as expected into container environment variables. For configuration keys named `*_ENABLED`, either leave them commented/undefined, or set them to string value "true". | +| config.configMap | object | `{"FRONTEND_APIPATH":"api/v1","FRONTEND_CHES_ROADMAP_BCC":null,"FRONTEND_CHES_SUBMISSION_CC":null,"FRONTEND_COMS_APIPATH":null,"FRONTEND_COMS_BUCKETID":null,"FRONTEND_GEOCODER_APIPATH":null,"FRONTEND_OIDC_AUTHORITY":null,"FRONTEND_OIDC_CLIENTID":null,"FRONTEND_OPENSTREETMAP_APIPATH":null,"FRONTEND_ORGBOOK_APIPATH":null,"SERVER_APIPATH":"/api/v1","SERVER_BODYLIMIT":"30mb","SERVER_CHEFS_APIPATH":null,"SERVER_CHES_APIPATH":null,"SERVER_CHES_TOKENURL":null,"SERVER_DB_HOST":null,"SERVER_DB_POOL_MAX":"10","SERVER_DB_POOL_MIN":"2","SERVER_DB_PORT":"5432","SERVER_ENV":null,"SERVER_LOGLEVEL":"http","SERVER_OIDC_AUTHORITY":null,"SERVER_OIDC_IDENTITYKEY":null,"SERVER_OIDC_PUBLICKEY":null,"SERVER_PORT":"8080","SERVER_SSO_APIPATH":null,"SERVER_SSO_INTEGRATION":null,"SERVER_SSO_TOKENURL":null}` | These values will be wholesale added to the configmap as is; refer to the pcns documentation for what each of these values mean and whether you need them defined. Ensure that all values are represented explicitly as strings, as non-string values will not translate over as expected into container environment variables. For configuration keys named `*_ENABLED`, either leave them commented/undefined, or set them to string value "true". | | config.enabled | bool | `false` | Set to true if you want to let Helm manage and overwrite your configmaps. | | config.releaseScoped | bool | `false` | This should be set to true if and only if you require configmaps and secrets to be release scoped. In the event you want all instances in the same namespace to share a similar configuration, this should be set to false | | dbSecretOverride.password | string | `nil` | | @@ -75,6 +75,8 @@ Kubernetes: `>= 1.13.0` | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | | serviceAccount.enabled | bool | `false` | Specifies whether a service account should be created | | serviceAccount.name | string | `nil` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| ssoSecretOverride.password | string | `nil` | | +| ssoSecretOverride.username | string | `nil` | | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3) diff --git a/charts/pcns/templates/deploymentconfig.yaml b/charts/pcns/templates/deploymentconfig.yaml index 403e8617..7a8b9ba7 100644 --- a/charts/pcns/templates/deploymentconfig.yaml +++ b/charts/pcns/templates/deploymentconfig.yaml @@ -160,6 +160,11 @@ spec: secretKeyRef: key: password name: {{ include "pcns.configname" . }}-oidc + - name: SERVER_SSO_CLIENTID + valueFrom: + secretKeyRef: + key: username + name: {{ include "pcns.configname" . }}-sso - name: SERVER_SSO_CLIENTSECRET valueFrom: secretKeyRef: diff --git a/charts/pcns/templates/secret.yaml b/charts/pcns/templates/secret.yaml index f4e14a96..b94bebd3 100644 --- a/charts/pcns/templates/secret.yaml +++ b/charts/pcns/templates/secret.yaml @@ -105,6 +105,8 @@ type: kubernetes.io/basic-auth data: password: {{ .Values.oidcSecretOverride.password | default $oPassword | b64enc | quote }} username: {{ .Values.oidcSecretOverride.username | default $oUsername | b64enc | quote }} +{{- end }} +{{- if not $ssoSecret }} --- apiVersion: v1 kind: Secret diff --git a/charts/pcns/values.yaml b/charts/pcns/values.yaml index fc69036d..e9c4024b 100644 --- a/charts/pcns/values.yaml +++ b/charts/pcns/values.yaml @@ -168,7 +168,6 @@ config: SERVER_SSO_APIPATH: ~ SERVER_SSO_TOKENURL: ~ - SERVER_SSO_CLIENTID: ~ SERVER_SSO_INTEGRATION: ~ # Modify the following variables if you need to acquire secret values from a custom-named resource