Merge branch 'main' into issue_681

bcgov · Sep 18, 2023 · 674c823 · 674c823
2 parents 1bd478e + 94d8857
commit 674c823
Show file tree

Hide file tree

Showing 12 changed files with 29 additions and 346 deletions.
diff --git a/.github/workflows/on_push_tag.yaml b/.github/workflows/on_push_tag.yaml
diff --git a/charts/traction/README.md b/charts/traction/README.md
@@ -291,13 +291,16 @@ kubectl delete secret,pvc --selector "app.kubernetes.io/instance"=my-release
 | `ui.ux.coverImageCopyright`                        |                                                                                                                     | `Photo by Kristoffer Fredriksson on StockSnap` |
 | `ui.ariesDetails.ledgerDescription`                | Ledger description                                                                                                  | `bcovrin-test`                                 |
 | `ui.oidc.showInnkeeperAdminLogin`                  | Show Innkeeper Admin Login                                                                                          | `true`                                         |
+| `ui.oidc.showWritableComponents`                   | Show writable components                                                                                            | `true`                                         |
 | `ui.oidc.active`                                   | Enable OIDC authentication                                                                                          | `true`                                         |
 | `ui.oidc.authority`                                | OIDC authority                                                                                                      | `""`                                           |
 | `ui.oidc.client`                                   | OIDC client                                                                                                         | `innkeeper-frontend`                           |
 | `ui.oidc.label`                                    | OIDC label                                                                                                          | `IDIR`                                         |
 | `ui.oidc.jwksUri`                                  | OIDC jwksUri                                                                                                        | `""`                                           |
 | `ui.oidc.realm`                                    | OIDC realm                                                                                                          | `Traction`                                     |
 | `ui.oidc.roleName`                                 | OIDC role name                                                                                                      | `innkeeper`                                    |
+| `ui.oidc.session.timeoutSeconds`                   | OIDC session timeout set in seconds                                                                                 | `600`                                          |
+| `ui.oidc.session.countdownSeconds`                 | OIDC session countdown set in seconds                                                                               | `30`                                           |
 | `ui.smtp.server`                                   | SMTP server                                                                                                         | `""`                                           |
 | `ui.smtp.port`                                     | SMTP port                                                                                                           | `25`                                           |
 | `ui.smtp.senderAddress`                            | SMTP sender address                                                                                                 | `""`                                           |

diff --git a/charts/traction/templates/_helpers.tpl b/charts/traction/templates/_helpers.tpl
@@ -98,6 +98,13 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 {{ template "global.fullname" . }}-acapy
 {{- end -}}
 
+{{/*
+Create a default fully qualified acapy configmap name.
+*/}}
+{{- define "acapy.configmap.name" -}}
+{{ template "acapy.fullname" . }}-config
+{{- end -}}
+
 {{/*
 Create a default fully qualified acapy name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).

diff --git a/charts/traction/templates/acapy/configmap.yaml b/charts/traction/templates/acapy/configmap.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "acapy.fullname" . }}-config
+  name: {{ include "acapy.configmap.name" . }}
   labels:
     {{- include "acapy.labels" . | nindent 4 }}
 data:

diff --git a/charts/traction/templates/acapy/deployment.yaml b/charts/traction/templates/acapy/deployment.yaml
@@ -5,6 +5,11 @@ metadata:
   name: {{ include "acapy.fullname" . }}
   labels:
     {{- include "acapy.labels" . | nindent 4 }}
+  annotations:
+    checksum/config: {{ include (print $.Template.BasePath "/acapy/configmap.yaml") . | sha256sum }}
+    checksum/wallet-secret: {{ include (print $.Template.BasePath "/acapy/wallet_secret.yaml") . | sha256sum }}
+    checksum/api-secret: {{ include (print $.Template.BasePath "/acapy/api_secret.yaml") . | sha256sum }}
+    checksum/innkeeper-secret: {{ include (print $.Template.BasePath "/acapy/plugin_innkeeper_secret.yaml") . | sha256sum }}
 spec:
   {{- if not .Values.acapy.autoscaling.enabled }}
   replicas: {{ .Values.acapy.replicaCount }}
@@ -147,7 +152,7 @@ spec:
       volumes:
         - name: config
           configMap:
-            name: {{ include "acapy.fullname" . }}-config
+            name: {{ include "acapy.configmap.name" . }}
       {{- with .Values.acapy.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

diff --git a/charts/traction/templates/proxy/deployment.yaml b/charts/traction/templates/proxy/deployment.yaml
@@ -4,6 +4,8 @@ metadata:
   name: {{ include "tenant_proxy.fullname" . }}
   labels:
     {{- include "tenant_proxy.labels" . | nindent 4 }}
+  annotations:
+    checksum/api-secret: {{ include (print $.Template.BasePath "/acapy/api_secret.yaml") . | sha256sum }}
 spec:
   {{- if not .Values.tenant_proxy.autoscaling.enabled }}
   replicas: {{ .Values.tenant_proxy.replicaCount }}

diff --git a/charts/traction/templates/ui/deployment.yaml b/charts/traction/templates/ui/deployment.yaml
@@ -5,6 +5,9 @@ metadata:
   name: {{ include "tenant-ui.fullname" . }}
   labels:
     {{- include "tenant-ui.labels" . | nindent 4 }}
+  annotations:
+    checksum/config: {{ include (print $.Template.BasePath "/ui/configmap.yaml") . | sha256sum }}
+    checksum/innkeeper-secret: {{ include (print $.Template.BasePath "/acapy/plugin_innkeeper_secret.yaml") . | sha256sum }}
 spec:
   {{- if not .Values.ui.autoscaling.enabled }}
   replicas: {{ .Values.ui.replicaCount }}

diff --git a/charts/traction/values.yaml b/charts/traction/values.yaml
@@ -592,6 +592,8 @@ ui:
   oidc:
     ## @param ui.oidc.showInnkeeperAdminLogin Show Innkeeper Admin Login
     showInnkeeperAdminLogin: true
+    ## @param ui.oidc.showWritableComponents Show writable components
+    showWritableComponents: true
     ## @param ui.oidc.active Enable OIDC authentication
     active: true
     ## @param ui.oidc.authority OIDC authority
@@ -606,6 +608,11 @@ ui:
     realm: "Traction"
     ## @param ui.oidc.roleName OIDC role name
     roleName: "innkeeper"
+    ## @param ui.oidc.session.timeoutSeconds OIDC session timeout seconds
+    ## @param ui.oidc.session.countdownSeconds OIDC session countdown seconds
+    session:
+      timeoutSeconds: 600
+      countdownSeconds: 30
 
   ## SMTP Configuration
   smtp:

diff --git a/deploy/traction/values-development.yaml b/deploy/traction/values-development.yaml
@@ -49,11 +49,6 @@ ui:
     pullPolicy: Always
   oidc:
     active: true
-    showInnkeeperAdminLogin: true
-    showWritableComponents: true
-    session:
-      timeoutSeconds: 600
-      countdownSeconds: 30
     authority: https://dev.loginproxy.gov.bc.ca/auth/realms/digitaltrust-nrm
     jwksUri: https://dev.loginproxy.gov.bc.ca/auth/realms/digitaltrust-nrm/protocol/openid-connect/certs
   ariesDetails:

diff --git a/deploy/traction/values-pr.yaml b/deploy/traction/values-pr.yaml
@@ -56,11 +56,6 @@ ui:
     pullPolicy: Always
   oidc:
     active: true
-    showInnkeeperAdminLogin: true
-    showWritableComponents: true
-    session:
-      timeoutSeconds: 600
-      countdownSeconds: 30
     authority: https://dev.loginproxy.gov.bc.ca/auth/realms/digitaltrust-nrm
     jwksUri: https://dev.loginproxy.gov.bc.ca/auth/realms/digitaltrust-nrm/protocol/openid-connect/certs
   ariesDetails:

diff --git a/deploy/traction/values-production.yaml b/deploy/traction/values-production.yaml