diff --git a/pom.xml b/pom.xml
index 3a6e51bae07ab5245d187d25f2abf0dbaecea877..f2ab9d3049519f6a30c5911e54b1053bc205bdad 100644
--- a/pom.xml
+++ b/pom.xml
@@ -11,7 +11,7 @@
</parent>
<groupId>de.ozgcloud</groupId>
<artifactId>administration</artifactId>
- <version>0.3.0-SNAPSHOT</version>
+ <version>0.4.0-SNAPSHOT</version>
<name>Administration</name>
<description>Administration Backend Project</description>
@@ -19,7 +19,7 @@
<imageName>docker.ozg-sh.de/administration</imageName>
<imageTag>build-latest</imageTag>
<publishImage>false</publishImage>
- <build.number>SET_BY_JENKINS</build.number>
+ <build.number>SET_BY_JENKINS</build.number>
<spring-cloud-config-server.version>4.1.0</spring-cloud-config-server.version>
<testcontainers-keycloak.version>3.2.0</testcontainers-keycloak.version>
<keycloak-admin-client.version>23.0.6</keycloak-admin-client.version>
diff --git a/src/main/helm/templates/_helpers.tpl b/src/main/helm/templates/_helpers.tpl
index d59b652ef42c838efa9acc93c794dc93d864c8c9..95cbd1ab2dc40644d5831806da452e5992c99085 100644
--- a/src/main/helm/templates/_helpers.tpl
+++ b/src/main/helm/templates/_helpers.tpl
@@ -42,4 +42,31 @@ app.kubernetes.io/namespace: {{ include "app.namespace" . }}
{{- define "app.ozgcloudEnvironment" -}}
{{- required "Environment muss angegeben sein" (.Values.ozgcloud).environment -}}
+{{- end -}}
+
+{{- define "app.ssoRealm" -}}
+{{ printf "%s-%s-%s" (include "app.ozgcloudBundesland" .) ( include "app.ozgcloudBezeichner" . ) ( include "app.ozgcloudEnvironment" . ) | trunc 63 | trimSuffix "-" }}
+{{- end -}}
+
+{{- define "app.ozgcloudBundesland" -}}
+{{- required "Bundesland muss angegeben sein" (.Values.ozgcloud).bundesland }}
+{{- end -}}
+
+{{- define "app.ozgcloudBezeichner" -}}
+{{- required "ozgcloud.bezeichner muss angegeben sein" (.Values.ozgcloud).bezeichner -}}
+{{- if lt 27 (len (.Values.ozgcloud).bezeichner) -}}
+{{ fail (printf "ozgcloud.bezeichner %s ist zu lang (max. 27 Zeichen)" (.Values.ozgcloud).bezeichner) }}
+{{- end -}}
+{{- end -}}
+
+{{- define "app.ssoClientName" -}}
+{{- if (.Values.sso.keycloak_client).client_name -}}
+{{ printf "%s" (.Values.sso.keycloak_client).client_name }}
+{{- else -}}
+{{ printf "admin" }}
+{{- end -}}
+{{- end -}}
+
+{{- define "app.ssoServerUrl" -}}
+{{- required "sso.serverUrl muss angegeben sein" (.Values.sso).serverUrl -}}
{{- end -}}
\ No newline at end of file
diff --git a/src/main/helm/templates/deployment.yaml b/src/main/helm/templates/deployment.yaml
index c5c0cf7411b990d848ab845e1f6a7bff0122472c..dfbadbc7c4591bb2d064d5b580be401e598c524e 100644
--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -61,6 +61,12 @@ spec:
value: "/bindings"
- name: spring_profiles_active
value: {{ include "app.envSpringProfiles" . }}
+ - name: ozgcloud_oauth2_realm
+ value: {{ include "app.ssoRealm" . }}
+ - name: ozgcloud_oauth2_resource
+ value: {{ include "app.ssoClientName" . }}
+ - name: ozgcloud_oauth2_auth-server-url
+ value: {{ include "app.ssoServerUrl" . }}
{{- if not (.Values.database).useExternal }}
- name: spring_data_mongodb_uri
valueFrom:
@@ -71,7 +77,7 @@ spec:
- name: spring_data_mongodb_database
value: {{ .Values.database.databaseName | default "administration-database" }}
{{- end }}
-
+
envFrom:
{{- if (.Values.database).useExternal }}
- secretRef:
diff --git a/src/main/helm/templates/keycloak_client_crd.yaml b/src/main/helm/templates/keycloak_client_crd.yaml
index 12c71b9e5c138ca1fc0d83f38074b52d49310a8a..2aac793289643ccddb7d26d885731fd0a901a93a 100644
--- a/src/main/helm/templates/keycloak_client_crd.yaml
+++ b/src/main/helm/templates/keycloak_client_crd.yaml
@@ -1,5 +1,5 @@
{{- if not (.Values.sso).disableOzgOperator -}}
-{{ range $client := (.Values.sso).keycloak_clients }}
+{{ $client := (.Values.sso).keycloak_client }}
---
apiVersion: operator.ozgcloud.de/v1
kind: OzgCloudKeycloakClient
@@ -9,7 +9,7 @@ metadata:
spec:
keep_after_delete: {{ $.Values.sso.keep_after_delete | default false }}
client_name: {{ $client.client_name }}
- client_base_url: https://{{ include "app.baseDomain" $ }}
+ client_base_url: https://{{ include "app.baseDomain" $ }}
client_web_origins:
- https://{{ include "app.baseDomain" $ }}
@@ -32,5 +32,4 @@ spec:
{{ toYaml . | indent 4 }}
{{- end }}
{{- end }}
-{{ end }}
{{- end -}}
\ No newline at end of file
diff --git a/src/main/helm/templates/network_policy.yaml b/src/main/helm/templates/network_policy.yaml
index 0b04539f5f49f11190eeeddf9de4c0fb867e7fd9..efe20f5232454748e707d50e2fb5539dc5736cfb 100644
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -27,7 +27,7 @@ spec:
protocol: TCP
# public keycloak ip
- to:
- - ipBlock:
+ - ipBlock:
cidr: {{ required "networkPolicy.ssoPublicIp must be set" (.Values.networkPolicy).ssoPublicIp }}
- to:
- namespaceSelector:
diff --git a/src/main/resources/application-dev.yaml b/src/main/resources/application-dev.yaml
index 174b55dcb8dee4e35f6b11275f4d563dc4371669..c3514d2f7c0a361129dde64e8f53fb137c55a67f 100644
--- a/src/main/resources/application-dev.yaml
+++ b/src/main/resources/application-dev.yaml
@@ -1,6 +1,2 @@
ozgcloud:
- production: false
- oauth2:
- auth-server-url: https://sso.dev.by.ozg-cloud.de
- realm: by-kiel-dev
- resource: admin
\ No newline at end of file
+ production: false
\ No newline at end of file
diff --git a/src/test/helm/deployment_database_test.yaml b/src/test/helm/deployment_database_test.yaml
index bde6a7f20fcca8b5db8234965c1c38cad365f268..8c747b650b4925c6026325d50f46de3ee42e6c73 100644
--- a/src/test/helm/deployment_database_test.yaml
+++ b/src/test/helm/deployment_database_test.yaml
@@ -28,6 +28,12 @@ release:
namespace: sh-helm-test
templates:
- templates/deployment.yaml
+set:
+ ozgcloud:
+ bundesland: sh
+ bezeichner: helm
+ sso:
+ serverUrl: https://sso.company.local
tests:
- it: should have a volume for the mongodb certificate
asserts:
@@ -73,4 +79,4 @@ tests:
path: spec.template.spec.containers[0].envFrom
content:
secretRef:
- name: administration-database-spring
\ No newline at end of file
+ name: administration-database-spring
diff --git a/src/test/helm/deployment_defaults_sso_test.yaml b/src/test/helm/deployment_defaults_sso_test.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..3af4ab3385e69bae001433ba9cf8b0df3795ce9b
--- /dev/null
+++ b/src/test/helm/deployment_defaults_sso_test.yaml
@@ -0,0 +1,87 @@
+#
+# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+suite: test deployment
+release:
+ name: administration
+ namespace: sh-helm-test
+templates:
+ - templates/deployment.yaml
+set:
+ baseUrl: test.company.local
+ ozgcloud:
+ environment: test
+ bundesland: sh
+ bezeichner: helm
+ sso:
+ serverUrl: https://sso.company.local
+tests:
+ - it: check default values
+ asserts:
+ - isKind:
+ of: Deployment
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: ozgcloud_oauth2_realm
+ value: sh-helm-test
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: ozgcloud_oauth2_resource
+ value: admin
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: ozgcloud_oauth2_auth-server-url
+ value: https://sso.company.local
+
+ - it: check realm with long namespace
+ set:
+ ozgcloud:
+ bezeichner: eins-zwei-drei
+ environment: dev
+ bundesland: sh
+ asserts:
+ - isKind:
+ of: Deployment
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: ozgcloud_oauth2_realm
+ value: sh-eins-zwei-drei-dev
+
+ - it: check different client name
+ set:
+ sso:
+ keycloak_client:
+ client_name: different-client
+ asserts:
+ - isKind:
+ of: Deployment
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: ozgcloud_oauth2_resource
+ value: different-client
diff --git a/src/test/helm/deployment_image_pull_secret_test.yaml b/src/test/helm/deployment_image_pull_secret_test.yaml
index 7aea9cb83872375b74ff8f737eb6d2165d940093..44f285aa845dddef22c11220bef7714efdc1f9ae 100644
--- a/src/test/helm/deployment_image_pull_secret_test.yaml
+++ b/src/test/helm/deployment_image_pull_secret_test.yaml
@@ -27,6 +27,12 @@ templates:
release:
name: administration
namespace: helm-test
+set:
+ ozgcloud:
+ bundesland: sh
+ bezeichner: helm
+ sso:
+ serverUrl: https://sso.company.local
tests:
- it: should use default image pull secret
asserts:
@@ -41,4 +47,4 @@ tests:
- contains:
path: spec.template.spec.imagePullSecrets
content:
- name: custom-image-pull-secret
\ No newline at end of file
+ name: custom-image-pull-secret
diff --git a/src/test/helm/deployment_resources_test.yaml b/src/test/helm/deployment_resources_test.yaml
index 29322c2183f84bf7515fff981bb1f4bc849c63f3..d37443f22191266721ac95118b716692cebfeeb0 100644
--- a/src/test/helm/deployment_resources_test.yaml
+++ b/src/test/helm/deployment_resources_test.yaml
@@ -27,6 +27,12 @@ templates:
release:
name: administration
namespace: helm-test
+set:
+ ozgcloud:
+ bundesland: sh
+ bezeichner: helm
+ sso:
+ serverUrl: https://sso.company.local
tests:
- it: should have customizable resources
set:
@@ -34,4 +40,4 @@ tests:
asserts:
- equal:
path: spec.template.spec.containers[0].resources
- value: { "test": 1 }
\ No newline at end of file
+ value: { "test": 1 }
diff --git a/src/test/helm/deployment_spring_profile_test.yaml b/src/test/helm/deployment_spring_profile_test.yaml
index 35c8ad1d614d343022a87aff7bdabaf623082b10..f99d9b9893a31a013693ccf7b6402603f8bc390f 100644
--- a/src/test/helm/deployment_spring_profile_test.yaml
+++ b/src/test/helm/deployment_spring_profile_test.yaml
@@ -28,6 +28,12 @@ release:
namespace: sh-helm-test
templates:
- templates/deployment.yaml
+set:
+ ozgcloud:
+ bundesland: sh
+ bezeichner: helm
+ sso:
+ serverUrl: https://sso.company.local
tests:
- it: should override the spring profiles
set:
@@ -48,4 +54,4 @@ tests:
path: spec.template.spec.containers[0].env
content:
name: spring_profiles_active
- value: oc, dev
\ No newline at end of file
+ value: oc, dev
diff --git a/src/test/helm/deployment_test.yaml b/src/test/helm/deployment_test.yaml
index 7168d78dd2471583010650f08e3900c8d7aea49a..6bd31db1bcadaa990cef70e13f04845e42e6f9e7 100644
--- a/src/test/helm/deployment_test.yaml
+++ b/src/test/helm/deployment_test.yaml
@@ -28,7 +28,12 @@ release:
templates:
- templates/deployment.yaml
set:
- ozgcloud.environment: "default"
+ ozgcloud:
+ environment: "default"
+ bundesland: sh
+ bezeichner: helm
+ sso:
+ serverUrl: https://sso.company.local
tests:
- it: should have metadata values
asserts:
diff --git a/src/test/helm/deployment_volume_test.yaml b/src/test/helm/deployment_volume_test.yaml
index 0625a237b77e1d234ed73d6669f686ad0990b97e..6546763a8b9a03d0ce9fc964a503fe6fbb847092 100644
--- a/src/test/helm/deployment_volume_test.yaml
+++ b/src/test/helm/deployment_volume_test.yaml
@@ -28,8 +28,13 @@ release:
templates:
- templates/deployment.yaml
set:
- Release.Name: "administration"
- ozgcloud.environment: "default"
+ Release.Name: "administration"
+ ozgcloud:
+ environment: "default"
+ bundesland: sh
+ bezeichner: helm
+ sso:
+ serverUrl: https://sso.company.local
tests:
- it: should have volumeMounts on it's container
asserts:
@@ -73,4 +78,4 @@ tests:
value: "ozg-mongodb-tls-cert"
- equal:
path: spec.template.spec.volumes[1].secret.optional
- value: true
\ No newline at end of file
+ value: true
diff --git a/src/test/helm/keycloak_client_crd_test.yaml b/src/test/helm/keycloak_client_crd_test.yaml
index 47e90d4d0dd42abd6bd85d67ad1b223d2eed5abe..bb199c30c8003e7b5bf3b1b8329633a687a85277 100644
--- a/src/test/helm/keycloak_client_crd_test.yaml
+++ b/src/test/helm/keycloak_client_crd_test.yaml
@@ -37,8 +37,8 @@ tests:
- it: should contain header data
set:
sso:
- keycloak_clients:
- - client_name: admin
+ keycloak_client:
+ client_name: admin
asserts:
- isAPIVersion:
of: operator.ozgcloud.de/v1
@@ -47,8 +47,8 @@ tests:
- it: should have metadata
set:
sso:
- keycloak_clients:
- - client_name: admin
+ keycloak_client:
+ client_name: admin
asserts:
- equal:
path: metadata.name
@@ -59,8 +59,8 @@ tests:
- it: should set keep after delete default to false
set:
sso:
- keycloak_clients:
- - client_name: admin
+ keycloak_client:
+ client_name: admin
asserts:
- equal:
path: spec.keep_after_delete
@@ -69,8 +69,8 @@ tests:
set:
sso:
keep_after_delete: true
- keycloak_clients:
- - client_name: admin
+ keycloak_client:
+ client_name: admin
asserts:
- equal:
path: spec.keep_after_delete
@@ -78,8 +78,8 @@ tests:
- it: has client name value
set:
sso:
- keycloak_clients:
- - client_name: admin
+ keycloak_client:
+ client_name: admin
asserts:
- equal:
path: spec.client_name
@@ -87,8 +87,8 @@ tests:
- it: should set client base url
set:
sso:
- keycloak_clients:
- - client_name: admin
+ keycloak_client:
+ client_name: admin
asserts:
- equal:
path: spec.client_base_url
@@ -96,8 +96,8 @@ tests:
- it: should set client redirect uris
set:
sso:
- keycloak_clients:
- - client_name: admin
+ keycloak_client:
+ client_name: admin
asserts:
- equal:
path: spec.client_web_origins
@@ -106,8 +106,8 @@ tests:
- it: should set client web origins
set:
sso:
- keycloak_clients:
- - client_name: admin
+ keycloak_client:
+ client_name: admin
asserts:
- equal:
path: spec.client_redirect_uris
@@ -117,11 +117,11 @@ tests:
- it: should use additional client web origins
set:
sso:
- keycloak_clients:
- - client_name: admin
- additional_client_web_origins:
- - https://some.origin.de
- - https://some.other.origin.de
+ keycloak_client:
+ client_name: admin
+ additional_client_web_origins:
+ - https://some.origin.de
+ - https://some.other.origin.de
asserts:
- equal:
path: spec.client_web_origins
@@ -132,10 +132,10 @@ tests:
- it: should use additional redirect uris for client web origins
set:
sso:
- keycloak_clients:
- - client_name: admin
- additional_redirect_uris:
- - https://additional.url.de
+ keycloak_client:
+ client_name: admin
+ additional_redirect_uris:
+ - https://additional.url.de
asserts:
- equal:
path: spec.client_redirect_uris
@@ -146,8 +146,8 @@ tests:
- it: should not create client cr if ozg operator is disabled
set:
sso:
- keycloak_clients:
- - client_name: admin
+ keycloak_client:
+ client_name: admin
disableOzgOperator: true
asserts:
- hasDocuments: