Skip to content

Commit

Permalink
feat(provisioning): change to the new div provisioning api
Browse files Browse the repository at this point in the history 
Refs: #79
  • Loading branch information
@Phil91
Phil91 committed Sep 12, 2024
1 parent 8b526a5 commit 3df7399
Show file tree
Hide file tree
Showing 119 changed files with 4,362 additions and 4,108 deletions.
46 changes: 22 additions & 24 deletions charts/dim/templates/cronjob-processes.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,36 +67,34 @@ spec:
- name: "CONNECTIONSTRINGS__DIMDB"
value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.username }};Password=$(DIM_PASSWORD);Ssl Mode={{ .Values.dbConnection.sslMode }};"
{{- end }}
- name: "DIM__ADMINMAIL"
value: "{{ .Values.processesworker.dim.adminMail }}"
- name: "DIM__ROOTDIRECTORYID"
value: "{{ .Values.dim.rootDirectoryId }}"
- name: "DIM__CLIENTIDCISCENTRAL"
value: "{{ .Values.processesworker.dim.clientIdCisCentral }}"
- name: "DIM__CLIENTSECRETCISCENTRAL"
- name: "DIM__APPLICATIONNAME"
value: "{{ .Values.processesworker.dim.applicationName }}"
- name: "PROVISIONING__CLIENTID"
value: "{{ .Values.processesworker.provisioning.clientId }}"
- name: "PROVISIONING__CLIENTSECRET"
valueFrom:
secretKeyRef:
name: "{{ template "dim.secretName" . }}"
key: "client-secret-cis-central"
- name: "DIM__AUTHURL"
value: "{{ .Values.processesworker.dim.authUrl }}"
- name: "SUBACCOUNT__BASEURL"
value: "{{ .Values.processesworker.subaccount.baseUrl }}"
- name: "ENTITLEMENT__BASEURL"
value: "{{ .Values.processesworker.entitlement.baseUrl }}"
- name: "CF__CLIENTID"
value: "{{ .Values.processesworker.cf.clientId }}"
- name: "CF__CLIENTSECRET"
key: "client-secret-provisioning"
- name: "PROVISIONING__TOKENADDRESS"
value: "{{ .Values.processesworker.provisioning.tokenAddress }}"
- name: "PROVISIONING__BASEURL"
value: "{{ .Values.processesworker.provisioning.baseUrl }}"
- name: "PROVISIONING__GRANTTYPE"
value: "{{ .Values.processesworker.provisioning.grantType }}"
- name: "PROVISIONING__ENCRYPTIONCONFIGINDEX"
value: "{{ .Values.processesworker.provisioning.encryptionConfigIndex }}"
- name: "PROVISIONING__ENCRYPTIONCONFIGS__0__INDEX"
value: "{{ .Values.processesworker.provisioning.encryptionConfigs.index0.index }}"
- name: "PROVISIONING__ENCRYPTIONCONFIGS__0__ENCRYPTIONKEY"
valueFrom:
secretKeyRef:
name: "{{ template "dim.secretName" . }}"
key: "client-secret-cf"
- name: "CF__TOKENADDRESS"
value: "{{ .Values.processesworker.cf.tokenAddress }}"
- name: "CF__BASEURL"
value: "{{ .Values.processesworker.cf.baseUrl }}"
- name: "CF__GRANTTYPE"
value: "{{ .Values.processesworker.cf.grantType }}"
key: "provisioning-encryption-key0"
- name: "PROVISIONING__ENCRYPTIONCONFIGS__0__CIPHERMODE"
value: "{{ .Values.processesworker.provisioning.encryptionConfigs.index0.cipherMode }}"
- name: "PROVISIONING__ENCRYPTIONCONFIGS__0__PADDINGMODE"
value: "{{ .Values.processesworker.provisioning.encryptionConfigs.index0.paddingMode }}"
- name: "CALLBACK__USERNAME"
value: "empty"
- name: "CALLBACK__PASSWORD"
Expand Down
28 changes: 13 additions & 15 deletions charts/dim/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,10 +80,21 @@ spec:
value: "{{ .Values.dim.healthChecks.liveness.path}}"
- name: "SWAGGERENABLED"
value: "{{ .Values.dim.swaggerEnabled }}"
- name: "DIM__ROOTDIRECTORYID"
value: "{{ .Values.dim.rootDirectoryId }}"
- name: "DIM__OPERATORID"
value: "{{ .Values.dim.operatorId }}"
- name: "DIM__ENCRYPTIONCONFIGINDEX"
value: "{{ .Values.processesworker.provisioning.encryptionConfigIndex }}"
- name: "DIM__ENCRYPTIONCONFIGS__0__INDEX"
value: "{{ .Values.processesworker.provisioning.encryptionConfigs.index0.index }}"
- name: "DIM__ENCRYPTIONCONFIGS__0__ENCRYPTIONKEY"
valueFrom:
secretKeyRef:
name: "{{ template "dim.secretName" . }}"
key: "provisioning-encryption-key0"
- name: "DIM__ENCRYPTIONCONFIGS__0__CIPHERMODE"
value: "{{ .Values.processesworker.provisioning.encryptionConfigs.index0.cipherMode }}"
- name: "DIM__ENCRYPTIONCONFIGS__0__PADDINGMODE"
value: "{{ .Values.processesworker.provisioning.encryptionConfigs.index0.paddingMode }}"
- name: "JWTBEAREROPTIONS__METADATAADDRESS"
value: "{{ .Values.idp.address }}{{ .Values.idp.jwtBearerOptions.metadataPath }}"
- name: "JWTBEAREROPTIONS__REQUIREHTTPSMETADATA"
Expand All @@ -94,19 +105,6 @@ spec:
value: "{{ .Values.idp.address }}{{ .Values.idp.jwtBearerOptions.tokenValidationParameters.validIssuerPath }}"
- name: "JWTBEAREROPTIONS__REFRESHINTERVAL"
value: "{{ .Values.idp.jwtBearerOptions.refreshInterval }}"
- name: "CF__CLIENTID"
value: "{{ .Values.processesworker.cf.clientId }}"
- name: "CF__CLIENTSECRET"
valueFrom:
secretKeyRef:
name: "{{ template "dim.secretName" . }}"
key: "client-secret-cf"
- name: "CF__TOKENADDRESS"
value: "{{ .Values.processesworker.cf.tokenAddress }}"
- name: "CF__BASEURL"
value: "{{ .Values.processesworker.cf.baseUrl }}"
- name: "CF__GRANTTYPE"
value: "{{ .Values.processesworker.cf.grantType }}"
ports:
- name: http
containerPort: {{ .Values.portContainer }}
Expand Down
6 changes: 4 additions & 2 deletions charts/dim/templates/secret.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,15 +36,17 @@ data:
# use data map instead of stringData to prevent base64 encoding of already base64-encoded existing value from secret
# use index function for secret keys with hyphen otherwise '$secret.data.secretKey' works too
client-secret-cis-central: {{ coalesce ( .Values.processesworker.dim.clientSecretCisCentral | b64enc ) ( index $secret.data "client-secret-cis-central" ) | default ( randAlphaNum 32 ) | quote }}
client-secret-cf: {{ coalesce ( .Values.processesworker.cf.clientSecret | b64enc ) ( index $secret.data "client-secret-cf" ) | default ( randAlphaNum 32 ) | quote }}
client-secret-provisioning: {{ coalesce ( .Values.processesworker.provisioning.clientSecret | b64enc ) ( index $secret.data "client-secret-provisioning" ) | default ( randAlphaNum 32 ) | quote }}
client-secret-callback: {{ coalesce ( .Values.processesworker.callback.clientSecret | b64enc ) ( index $secret.data "client-secret-callback" ) | default ( randAlphaNum 32 ) | quote }}
provisioning-encryption-key0: {{ coalesce ( .Values.processesworker.provisioning.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "provisioning-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }}
technicalusercreation-encryption-key0: {{ coalesce ( .Values.processesworker.technicalUserCreation.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "technicalusercreation-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }}
{{ else -}}
stringData:
# if secret doesn't exist, use provided value from values file or generate a random one
client-secret-cis-central: {{ .Values.processesworker.dim.clientSecretCisCentral | default ( randAlphaNum 32 ) | quote }}
client-secret-cf: {{ .Values.processesworker.cf.clientSecret | default ( randAlphaNum 32 ) | quote }}
client-secret-provisioning: {{ .Values.processesworker.provisioning.clientSecret | default ( randAlphaNum 32 ) | quote }}
client-secret-callback: {{ .Values.processesworker.callback.clientSecret | default ( randAlphaNum 32 ) | quote }}
provisioning-encryption-key0: {{ .Values.processesworker.provisioning.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }}
technicalusercreation-encryption-key0: {{ .Values.processesworker.technicalUserCreation.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }}
{{ end }}
{{- end -}}
23 changes: 11 additions & 12 deletions charts/dim/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,6 @@ dim:
readyness:
path: "/ready"
swaggerEnabled: false
rootDirectoryId: "00000000-0000-0000-0000-000000000000"
operatorId: "00000000-0000-0000-0000-000000000000"

migrations:
Expand Down Expand Up @@ -80,23 +79,23 @@ processesworker:
cpu: 45m
memory: 300M
dim:
adminMail: "[email protected]"
clientIdCisCentral: ""
clientSecretCisCentral: ""
authUrl: ""
subaccount:
# -- Url to the subaccount service api
baseUrl: ""
entitlement:
# -- Url to the entitlement service api
baseUrl: ""
cf:
applicationName: ""
provisioning:
clientId: ""
clientSecret: ""
tokenAddress: ""
# -- Url to the cf service api
baseUrl: ""
grantType: "client_credentials"
encryptionConfigIndex: 0
encryptionConfigs:
index0:
index: 0
cipherMode: "CBC"
paddingMode: "PKCS7"
# -- EncryptionKey to encrypt the provisioning client-secret. Secret-key 'provisioning-encryption-key0'.
# Expected format is 256 bit (64 digits) hex.
encryptionKey: ""
callback:
scope: "openid"
grantType: "client_credentials"
Expand Down
17 changes: 5 additions & 12 deletions environments/helm-values/values-int.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,6 @@ ingress:

dim:
swaggerEnabled: true
rootDirectoryId: "d6cd4e2e-1053-4ba6-888e-1cd56509958a"
operatorId: "d6cd4e2e-1053-4ba6-888e-1cd56509958a"

migrations:
Expand All @@ -52,23 +51,17 @@ processesworker:
logging:
default: "Debug"
dim:
adminMail: "<path:portal/data/dim/int/dim#adminMail>"
clientIdCisCentral: "<path:portal/data/dim/int/dim#cisClientId>"
clientSecretCisCentral: "<path:portal/data/dim/int/dim#cisClientSecret>"
authUrl: "https://catena-x-int-div.authentication.eu10.hana.ondemand.com"
subaccount:
# -- Url to the subaccount service api
baseUrl: "https://accounts-service.cfapps.eu10.hana.ondemand.com"
entitlement:
# -- Url to the entitlement service api
baseUrl: "https://entitlements-service.cfapps.eu10.hana.ondemand.com"
cf:
applicationName: "catena-x-portal"
provisioning:
clientId: "<path:portal/data/dim/int/cf#clientId>"
clientSecret: "<path:portal/data/dim/int/cf#clientSecret>"
tokenAddress: "https://login.cf.eu10.hana.ondemand.com/oauth/token"
# -- Url to the cf service api
baseUrl: "https://api.cf.eu10.hana.ondemand.com"
grantType: "client_credentials"
encryptionConfigs:
index0:
encryptionKey: "<path:portal/data/dim/int/provisioning#provisioning-encryption-key0>"
callback:
scope: "openid"
grantType: "client_credentials"
Expand Down
14 changes: 14 additions & 0 deletions src/Dim.sln
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,10 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DimProcess.Library.Tests",
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Dim.Web.Tests", "..\tests\web\Dim.Web.Tests\Dim.Web.Tests.csproj", "{CE87E424-36CF-4597-9E08-2D687E67F259}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Dim.DbAccess.Tests", "..\tests\database\Dim.DbAccess.Tests\Dim.DbAccess.Tests.csproj", "{5A8971D7-D0FB-4886-8982-48DC312F6262}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Dim.Clients.Tests", "..\tests\clients\Dim.Clients.Tests\Dim.Clients.Tests.csproj", "{256D56CC-5A19-45D5-8E98-06419ADBC275}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Expand Down Expand Up @@ -112,6 +116,14 @@ Global
{CE87E424-36CF-4597-9E08-2D687E67F259}.Debug|Any CPU.Build.0 = Debug|Any CPU
{CE87E424-36CF-4597-9E08-2D687E67F259}.Release|Any CPU.ActiveCfg = Release|Any CPU
{CE87E424-36CF-4597-9E08-2D687E67F259}.Release|Any CPU.Build.0 = Release|Any CPU
{5A8971D7-D0FB-4886-8982-48DC312F6262}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{5A8971D7-D0FB-4886-8982-48DC312F6262}.Debug|Any CPU.Build.0 = Debug|Any CPU
{5A8971D7-D0FB-4886-8982-48DC312F6262}.Release|Any CPU.ActiveCfg = Release|Any CPU
{5A8971D7-D0FB-4886-8982-48DC312F6262}.Release|Any CPU.Build.0 = Release|Any CPU
{256D56CC-5A19-45D5-8E98-06419ADBC275}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{256D56CC-5A19-45D5-8E98-06419ADBC275}.Debug|Any CPU.Build.0 = Debug|Any CPU
{256D56CC-5A19-45D5-8E98-06419ADBC275}.Release|Any CPU.ActiveCfg = Release|Any CPU
{256D56CC-5A19-45D5-8E98-06419ADBC275}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(NestedProjects) = preSolution
{8356C7AF-6F88-4A62-B3E9-5656634A6FEA} = {B84A3CAB-AC86-4B2D-A490-79E1002350FF}
Expand All @@ -130,5 +142,7 @@ Global
{A44447B0-794D-451A-A571-E3B761174B48} = {CB1B7D43-9AFC-47EF-8915-A547F7F553AB}
{85D316A0-17BE-4983-AB06-5C72365ABD9B} = {CB1B7D43-9AFC-47EF-8915-A547F7F553AB}
{CE87E424-36CF-4597-9E08-2D687E67F259} = {CB1B7D43-9AFC-47EF-8915-A547F7F553AB}
{5A8971D7-D0FB-4886-8982-48DC312F6262} = {CB1B7D43-9AFC-47EF-8915-A547F7F553AB}
{256D56CC-5A19-45D5-8E98-06419ADBC275} = {CB1B7D43-9AFC-47EF-8915-A547F7F553AB}
EndGlobalSection
EndGlobal
50 changes: 0 additions & 50 deletions src/clients/Dim.Clients/Api/Cf/AddSpaceRoleToUserRequest.cs
View file

This file was deleted.

Loading

0 comments on commit 3df7399

Please sign in to comment.