diff --git a/.github/environments/values.dev.yaml b/.github/environments/values.dev.yaml index 61e00f30..c566a20f 100644 --- a/.github/environments/values.dev.yaml +++ b/.github/environments/values.dev.yaml @@ -5,11 +5,17 @@ config: FRONTEND_APIPATH: api/v1 FRONTEND_COMS_APIPATH: https://coms-dev.api.gov.bc.ca/api/v1 FRONTEND_EXCLUDE_METADATA: geodrive.common.encoding,geodrive.windows.attr,geodrive.windows.secdesc,s3b-last-modified - FRONTEND_NOTIFICATION_BANNER : This is the DEV environment of BCBox. Uploaded files may not persist and may be deleted from the COMS database as we continue development. Please do not upload personal or private information. Thank you for your understanding as we work to improve BCBox + FRONTEND_NOTIFICATION_BANNER: This is the DEV environment of BCBox. Uploaded files may not persist and may be deleted from the COMS database as we continue development. Please do not upload personal or private information. Thank you for your understanding as we work to improve BCBox FRONTEND_OIDC_AUTHORITY: https://dev.loginproxy.gov.bc.ca/auth/realms/standard FRONTEND_OIDC_CLIENTID: bc-box-4555 SERVER_APIPATH: /api/v1 SERVER_BODYLIMIT: 30mb + SERVER_CHES_APIPATH: https://ches-dev.api.gov.bc.ca/api/v1 + SERVER_CHES_TOKENURL: https://dev.loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token + SERVER_CHES_FROM: DoNotReply.BCBox@gov.bc.ca # SERVER_LOGFILE: ~ SERVER_LOGLEVEL: http + SERVER_OIDC_AUTHORITY: https://dev.loginproxy.gov.bc.ca/auth/realms/standard + SERVER_OIDC_IDENTITYKEY: idir_user_guid,bceid_user_guid,github_id + SERVER_OIDC_PUBLICKEY: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuy7zfh2ZgpDV5mH/aXyLDTddZK81rGakJcTy4KvCNOkDDxt1KAhW02lmbCo8YhHCOzjNZBp1+Vi6QiMRgBqAe2GTPZYEiV70aXfROGZe3Nvwcjbtki6HoyRte3SpqLJEIPL2F+hjJkw1UPGnjPTWZkEx9p74b9i3BjuE8RnjJ0Sza2MWw83zoQUZEJRGiopSL0yuVej6t2LO2btVdVf7QuZfPt9ehkcQYlPKpVvJA+pfeqPAdnNt7OjEIeYxinjurZr8Z04hz8UhkRefcWlSbFzFQYmL7O7iArjW0bsSvq8yNUd5r0KCOQkFduwZy26yTzTxj8OLFT91fEmbBBl4rQIDAQAB SERVER_PORT: "8080" diff --git a/.github/environments/values.prod.yaml b/.github/environments/values.prod.yaml index bb1eef75..d28a66ab 100644 --- a/.github/environments/values.prod.yaml +++ b/.github/environments/values.prod.yaml @@ -9,6 +9,12 @@ config: FRONTEND_OIDC_CLIENTID: bc-box-4555 SERVER_APIPATH: /api/v1 SERVER_BODYLIMIT: 30mb + SERVER_CHES_APIPATH: https://ches.api.gov.bc.ca/api/v1 + SERVER_CHES_TOKENURL: https://loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token + SERVER_CHES_FROM: DoNotReply.BCBox@gov.bc.ca # SERVER_LOGFILE: ~ SERVER_LOGLEVEL: http + SERVER_OIDC_AUTHORITY: https://loginproxy.gov.bc.ca/auth/realms/standard + SERVER_OIDC_IDENTITYKEY: idir_user_guid,bceid_user_guid + SERVER_OIDC_PUBLICKEY: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHiuPKOkpkq4GXN1ktr23rJtDl6Vdu/Y37ZAd3PnQ8/IDfAODvy1Y81aAUZicKe9egolv+OTRANN3yOg+TAbRhkeXLE5p/473EK0aQ0NazTCuWo6Am3oDQ7Yt8x0pw56/qcLtkTuXNyo5EnVV2Z2BzCnnaL31JOhyitolku0DNT6GDoRBmT4o2ItqEVHk5nM25cf1t2zbwI2790W6if1B2qVRkxxivS8tbH7nYC61Is3XCPockKptkH22cm2ZQJmtYd5sZKuXaGsvtyzHmn8/l0Kd1xnHmUu4JNuQ67YiNZGu3hOkrF0Js3BzAk1Qm4kvYRaxbJFCs/qokLZ4Z0W9wIDAQAB SERVER_PORT: "8080" diff --git a/.github/environments/values.test.yaml b/.github/environments/values.test.yaml index 149f3517..d5a36e43 100644 --- a/.github/environments/values.test.yaml +++ b/.github/environments/values.test.yaml @@ -10,6 +10,12 @@ config: FRONTEND_OIDC_CLIENTID: bc-box-4555 SERVER_APIPATH: /api/v1 SERVER_BODYLIMIT: 30mb + SERVER_CHES_APIPATH: https://ches-test.api.gov.bc.ca/api/v1 + SERVER_CHES_TOKENURL: https://test.loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token + SERVER_CHES_FROM: DoNotReply.BCBox@gov.bc.ca # SERVER_LOGFILE: ~ SERVER_LOGLEVEL: http + SERVER_OIDC_AUTHORITY: https://test.loginproxy.gov.bc.ca/auth/realms/standard + SERVER_OIDC_IDENTITYKEY: idir_user_guid,bceid_user_guid + SERVER_OIDC_PUBLICKEY: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFdv9GA83uHuy8Eu9yiZHGGF9j6J8t7FkbcpaN81GDjwbjsIJ0OJO9dKRAx6BAtTC4ubJTBJMPvQER5ikOhIeBi4o25fg61jpgsU6oRZHkCXc9gX6mrjMjbsPaf3/bjjYxP5jicBDJQeD1oRa24+tiGggoQ7k6gDEN+cRYqqNpzC/GQbkUPk8YsgroncEgu8ChMh/3ERsLV2zorchMANUq76max16mHrhtWIQxrb/STpSt4JuSlUzzBV/dcXjJe5gywZHe0jAutFhNqjHzHdgyaC4RAd3eYQo+Kl/JOgy2AZrnx+CiPmvOJKe9tAW4k4H087ng8aVE40v4HW/FEbnwIDAQAB SERVER_PORT: "8080" diff --git a/app/config/custom-environment-variables.json b/app/config/custom-environment-variables.json index 0ca20380..4107d746 100644 --- a/app/config/custom-environment-variables.json +++ b/app/config/custom-environment-variables.json @@ -17,8 +17,22 @@ "server": { "apiPath": "SERVER_APIPATH", "bodyLimit": "SERVER_BODYLIMIT", + "ches": { + "apiPath": "SERVER_CHES_APIPATH", + "clientId": "SERVER_CHES_CLIENTID", + "clientSecret": "SERVER_CHES_CLIENTSECRET", + "tokenUrl": "SERVER_CHES_TOKENURL", + "from": "SERVER_CHES_FROM" + }, "logFile": "SERVER_LOGFILE", "logLevel": "SERVER_LOGLEVEL", + "oidc": { + "authority": "SERVER_OIDC_AUTHORITY", + "clientId": "SERVER_OIDC_CLIENTID", + "clientSecret": "SERVER_OIDC_CLIENTSECRET", + "identityKey": "SERVER_OIDC_IDENTITYKEY", + "publicKey": "SERVER_OIDC_PUBLICKEY" + }, "port": "SERVER_PORT" } } diff --git a/charts/bcbox/Chart.yaml b/charts/bcbox/Chart.yaml index 824c75b4..4be78f56 100644 --- a/charts/bcbox/Chart.yaml +++ b/charts/bcbox/Chart.yaml @@ -3,7 +3,7 @@ name: bcbox # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.14 +version: 0.0.15 kubeVersion: ">= 1.13.0" description: A frontend UI for managing access control to S3 Objects # A chart can be either an 'application' or a 'library' chart. diff --git a/charts/bcbox/README.md b/charts/bcbox/README.md index f6f7af2c..a8cb33cb 100644 --- a/charts/bcbox/README.md +++ b/charts/bcbox/README.md @@ -1,6 +1,6 @@ # bcbox -![Version: 0.0.14](https://img.shields.io/badge/Version-0.0.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.0](https://img.shields.io/badge/AppVersion-0.7.0-informational?style=flat-square) +![Version: 0.0.15](https://img.shields.io/badge/Version-0.0.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.0](https://img.shields.io/badge/AppVersion-0.7.0-informational?style=flat-square) A frontend UI for managing access control to S3 Objects @@ -29,7 +29,7 @@ Kubernetes: `>= 1.13.0` | autoscaling.maxReplicas | int | `16` | | | autoscaling.minReplicas | int | `2` | | | autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| config.configMap | object | `{"FRONTEND_APIPATH":"api/v1","FRONTEND_COMS_APIPATH":null,"FRONTEND_OIDC_AUTHORITY":null,"FRONTEND_OIDC_CLIENTID":null,"SERVER_APIPATH":"/api/v1","SERVER_BODYLIMIT":"30mb","SERVER_LOGLEVEL":"http","SERVER_PORT":"8080"}` | These values will be wholesale added to the configmap as is; refer to the bcbox documentation for what each of these values mean and whether you need them defined. Ensure that all values are represented explicitly as strings, as non-string values will not translate over as expected into container environment variables. For configuration keys named `*_ENABLED`, either leave them commented/undefined, or set them to string value "true". | +| config.configMap | object | `{"FRONTEND_APIPATH":"api/v1","FRONTEND_COMS_APIPATH":null,"FRONTEND_OIDC_AUTHORITY":null,"FRONTEND_OIDC_CLIENTID":null,"SERVER_APIPATH":"/api/v1","SERVER_BODYLIMIT":"30mb","SERVER_CHES_APIPATH":null,"SERVER_CHES_FROM":null,"SERVER_CHES_TOKENURL":null,"SERVER_LOGLEVEL":"http","SERVER_OIDC_AUTHORITY":null,"SERVER_OIDC_IDENTITYKEY":null,"SERVER_OIDC_PUBLICKEY":null,"SERVER_PORT":"8080"}` | These values will be wholesale added to the configmap as is; refer to the bcbox documentation for what each of these values mean and whether you need them defined. Ensure that all values are represented explicitly as strings, as non-string values will not translate over as expected into container environment variables. For configuration keys named `*_ENABLED`, either leave them commented/undefined, or set them to string value "true". | | config.enabled | bool | `false` | Set to true if you want to let Helm manage and overwrite your configmaps. | | config.releaseScoped | bool | `false` | This should be set to true if and only if you require configmaps and secrets to be release scoped. In the event you want all instances in the same namespace to share a similar configuration, this should be set to false | | failurePolicy | string | `"Retry"` | DeploymentConfig pre-hook failure behavior | diff --git a/charts/bcbox/templates/deploymentconfig.yaml b/charts/bcbox/templates/deploymentconfig.yaml index 132dcb4d..2848be67 100644 --- a/charts/bcbox/templates/deploymentconfig.yaml +++ b/charts/bcbox/templates/deploymentconfig.yaml @@ -59,6 +59,26 @@ spec: env: - name: NODE_ENV value: production + - name: SERVER_CHES_CLIENTID + valueFrom: + secretKeyRef: + key: username + name: {{ include "bcbox.configname" . }}-ches-service-account + - name: SERVER_CHES_CLIENTSECRET + valueFrom: + secretKeyRef: + key: password + name: {{ include "bcbox.configname" . }}-ches-service-account + - name: SERVER_OIDC_CLIENTID + valueFrom: + secretKeyRef: + key: username + name: {{ include "bcbox.configname" . }}-keycloak + - name: SERVER_OIDC_CLIENTSECRET + valueFrom: + secretKeyRef: + key: password + name: {{ include "bcbox.configname" . }}-keycloak envFrom: - configMapRef: name: {{ include "bcbox.configname" . }}-config diff --git a/charts/bcbox/values.yaml b/charts/bcbox/values.yaml index c04bbb0d..fb27b920 100644 --- a/charts/bcbox/values.yaml +++ b/charts/bcbox/values.yaml @@ -27,11 +27,13 @@ failurePolicy: Retry podAnnotations: {} # -- Privilege and access control settings -podSecurityContext: {} +podSecurityContext: + {} # fsGroup: 2000 # -- Privilege and access control settings -securityContext: {} +securityContext: + {} # capabilities: # drop: # - ALL @@ -89,7 +91,8 @@ route: # -- Specifies whether a route should be created enabled: true # -- Annotations to add to the route - annotations: {} + annotations: + {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" host: chart-example.local @@ -140,7 +143,17 @@ config: FRONTEND_OIDC_CLIENTID: ~ SERVER_APIPATH: "/api/v1" SERVER_BODYLIMIT: "30mb" - # SERVER_STATICFILES: ~ + + SERVER_CHES_APIPATH: ~ + SERVER_CHES_TOKENURL: ~ + SERVER_CHES_FROM: ~ + # SERVER_LOGFILE: ~ SERVER_LOGLEVEL: "http" + + SERVER_OIDC_AUTHORITY: ~ + SERVER_OIDC_IDENTITYKEY: ~ + SERVER_OIDC_PUBLICKEY: ~ + SERVER_PORT: "8080" + # SERVER_STATICFILES: ~