Merge pull request #181 from maykinmedia/feature/stable-release-openn…

…otificaties 🔖 Stable release for Open notificaties
maykinmedia · Feb 10, 2025 · 271eb38 · 271eb38
2 parents 7ae07ca + d6b7434
commit 271eb38
Show file tree

Hide file tree

Showing 8 changed files with 148 additions and 71 deletions.
diff --git a/charts/opennotificaties/CHANGELOG.md b/charts/opennotificaties/CHANGELOG.md
@@ -1,12 +1,23 @@
 # Changelog
 
-## 1.8.0-beta.1 (2025-23-01)
+## 1.8.0 (2025-02-05)
+
+Stable release with support of [django-setup-configuration](https://github.com/maykinmedia/django-setup-configuration). 
+
+- Fixed the configuration-secrets.yaml template to render only if no existing secret is present in the cluster (needed for example if using sealed secrets).
+- Added the possibility to add/use a secret with a custom name for the django-setup-configuration job.
+- Removed these env vars from the secret, as they are no longer used: `NOTIF_OPENZAAK_SECRET`, `OPENZAAK_NOTIF_SECRET` as these settings are now managed with django-setup-configuration.
+- Removed these env vars from the config map, as they are no longer used: `DEMO_CONFIG_ENABLE`, `SITES_CONFIG_ENABLE`, `OPENNOTIFICATIES_DOMAIN`, `OPENNOTIFICATIES_ORGANIZATION`, `AUTHORIZATION_CONFIG_ENABLE`, `AUTORISATIES_API_ROOT`, `NOTIF_OPENZAAK_CLIENT_ID`, `OPENZAAK_NOTIF_CONFIG_ENABLE`, `OPENZAAK_NOTIF_CLIENT_ID` as these settings are now managed with django-setup-configuration.
+
+## 1.8.0-beta.1 (2025-01-23)
+
 - [#170] Add autoscaling behavior for ON
 
-## 1.8.0-beta.0 (2025-22-01)
+## 1.8.0-beta.0 (2025-01-22)
+
 - [#169] Add pdb for worker
 
-## 1.7.0-beta.0 (2025-10-01)
+## 1.7.0-beta.0 (2025-01-10)
 
 - [#148] Replace the worker liveness probe with the `celery inspect active` command. This should detect when a worker is down and should not interrupt long running tasks.
 - [#119] Update the syntax of the worker liveness probe. The worker probes now can be enabled/disabled with:

diff --git a/charts/opennotificaties/Chart.yaml b/charts/opennotificaties/Chart.yaml
@@ -3,8 +3,8 @@ name: opennotificaties
 description: API voor het routeren van notificaties
 
 type: application
-version: 1.8.0-beta.1
-appVersion: latest
+version: 1.8.0
+appVersion: 1.8.0
 
 dependencies:
   - name: redis

diff --git a/charts/opennotificaties/README.md b/charts/opennotificaties/README.md
@@ -1,6 +1,6 @@
 # opennotificaties
 
-![Version: 1.8.0-beta.1](https://img.shields.io/badge/Version-1.8.0--beta.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square)
+![Version: 1.8.0](https://img.shields.io/badge/Version-1.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.8.0](https://img.shields.io/badge/AppVersion-1.8.0-informational?style=flat-square)
 
 API voor het routeren van notificaties
 
@@ -46,21 +46,13 @@ API voor het routeren van notificaties
 | configuration.job.enabled | bool | `false` | Run the setup configuration command as a job |
 | configuration.job.resources | object | `{}` |  |
 | configuration.job.restartPolicy | string | `"OnFailure"` |  |
-| configuration.notificaties.enabled | bool | `false` |  |
-| configuration.notificaties.openzaakNotifcationClientId | string | `""` |  |
-| configuration.notificaties.openzaakNotificationSecret | string | `""` |  |
-| configuration.openzaakAuthorization.ApiRoot | string | `""` |  |
-| configuration.openzaakAuthorization.enabled | bool | `false` |  |
-| configuration.openzaakAuthorization.notifcationOpenzaakSecret | string | `""` |  |
-| configuration.openzaakAuthorization.notificationOpenzaakClientId | string | `""` |  |
 | configuration.overwrite | bool | `true` |  |
 | configuration.secrets | object | `{}` |  |
-| configuration.sites.enabled | bool | `false` |  |
-| configuration.sites.notificatiesDomain | string | `""` |  |
-| configuration.sites.organization | string | `""` |  |
 | configuration.superuser.email | string | `""` |  |
 | configuration.superuser.password | string | `""` |  |
 | configuration.superuser.username | string | `""` |  |
+| configurationSecretsName | string | `""` |  |
+| existingConfigurationSecrets | string | `nil` |  |
 | existingSecret | string | `nil` |  |
 | extraEnvVars | list | `[]` | Array with extra environment variables to add |
 | extraIngress | list | `[]` | Specify extra ingresses, for example if you have multiple ingress classes |
@@ -83,13 +75,6 @@ API voor het routeren van notificaties
 | flower.resources | object | `{}` |  |
 | fullnameOverride | string | `""` |  |
 | global.configuration.enabled | bool | `false` |  |
-| global.configuration.notificatiesApi | string | `"http://opennotificaties.example.nl/api/v1/"` |  |
-| global.configuration.notificatiesOpenzaakClientId | string | `"notif-client-id"` |  |
-| global.configuration.notificatiesOpenzaakSecret | string | `"notif-secret"` |  |
-| global.configuration.openzaakAutorisatiesApi | string | `"https://openzaak.example.nl/autorisaties/api/v1/"` |  |
-| global.configuration.openzaakNotificatiesClientId | string | `"oz-client-id"` |  |
-| global.configuration.openzaakNotificatiesSecret | string | `"oz-secret"` |  |
-| global.configuration.organization | string | `"Gemeente Example"` |  |
 | global.configuration.overwrite | bool | `true` |  |
 | global.configuration.secrets | object | `{}` |  |
 | global.settings.databaseHost | string | `""` | Global databasehost, overrides setting.database.host |
@@ -227,3 +212,4 @@ API voor het routeren van notificaties
 | worker.podLabels | object | `{}` |  |
 | worker.replicaCount | int | `2` |  |
 | worker.resources | object | `{}` |  |
+
diff --git a/charts/opennotificaties/templates/configmap.yaml b/charts/opennotificaties/templates/configmap.yaml
@@ -85,23 +85,6 @@ data:
   {{- if .Values.settings.uwsgi.harakiri }}
   UWSGI_HARAKIRI: {{ .Values.settings.uwsgi.harakiri | toString | quote }}
   {{- end }}
-  {{ if and .Values.global.configuration.enabled .Values.configuration.enabled -}}
-  DEMO_CONFIG_ENABLE: "False"
-  SITES_CONFIG_ENABLE: {{ if .Values.configuration.sites.enabled }}"True"{{ else }}"False"{{ end }}
-  {{- if .Values.configuration.sites.enabled }}
-  OPENNOTIFICATIES_DOMAIN: {{ .Values.global.configuration.notificatiesDomain | default .Values.configuration.sites.notificatiesDomain | toString | quote }}
-  OPENNOTIFICATIES_ORGANIZATION: {{ .Values.global.configuration.organization | default .Values.configuration.sites.organization | toString | quote }}
-  {{- end }}
-  AUTHORIZATION_CONFIG_ENABLE: {{ if .Values.configuration.openzaakAuthorization.enabled }}"True"{{ else }}"False"{{ end }}
-  {{ if .Values.configuration.openzaakAuthorization.enabled -}}
-  AUTORISATIES_API_ROOT: {{ .Values.global.configuration.openzaakAutorisatiesApi | default .Values.configuration.openzaakAuthorization.ApiRoot | toString | quote }}
-  NOTIF_OPENZAAK_CLIENT_ID: {{ .Values.global.configuration.notificatiesOpenzaakClientId | default .Values.configuration.openzaakAuthorization.notificationOpenzaakClientId | toString | quote }}
-  {{- end }}
-  OPENZAAK_NOTIF_CONFIG_ENABLE: {{ if .Values.configuration.notificaties.enabled }}"True"{{ else }}"False"{{ end }}
-  {{- if .Values.configuration.notificaties.enabled }}
-  OPENZAAK_NOTIF_CLIENT_ID: {{ .Values.global.configuration.openzaakNotificatiesClientId | default .Values.configuration.notificaties.openzaakNotifcationClientId | toString | quote }}
-  {{- end }}
-  {{- end }}
   {{ if .Values.configuration.superuser.username }}
   OPENNOTIFICATIES_SUPERUSER_USERNAME: {{ .Values.configuration.superuser.username | toString | quote }}
   OPENNOTIFICATIES_SUPERUSER_EMAIL: {{ .Values.configuration.superuser.email | toString | quote }}

diff --git a/charts/opennotificaties/templates/configuration-secrets.yaml b/charts/opennotificaties/templates/configuration-secrets.yaml
@@ -1,8 +1,8 @@
-{{- if and .Values.global.configuration.enabled .Values.configuration.enabled}}
+{{- if and (not .Values.existingConfigurationSecrets) .Values.global.configuration.enabled .Values.configuration.enabled}}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "opennotificaties.fullname" . }}-config-secrets
+  name: {{ .Values.configurationSecretsName | default (printf "%s-config-secrets" (include "opennotificaties.fullname" .)) }}
   labels:
     {{- include "opennotificaties.labels" . | nindent 4 }}
 stringData:

diff --git a/charts/opennotificaties/templates/job-config.yaml b/charts/opennotificaties/templates/job-config.yaml
@@ -38,7 +38,7 @@ spec:
             - secretRef:
                 name: {{ .Values.existingSecret | default (include "opennotificaties.fullname" .) }}
             - secretRef:
-                name: {{ include "opennotificaties.fullname" . }}-config-secrets                
+                name: {{ if .Values.existingConfigurationSecrets }}{{ .Values.existingConfigurationSecrets }}{{ else }}{{ .Values.configurationSecretsName | default (printf "%s-config-secrets" (include "opennotificaties.fullname" .)) }}{{ end }}               
             - configMapRef:
                 name: {{ include "opennotificaties.fullname" . }}
           env:

diff --git a/charts/opennotificaties/templates/secret.yaml b/charts/opennotificaties/templates/secret.yaml
@@ -35,14 +35,6 @@ stringData:
   {{- if .Values.settings.elasticapm.url }}
   ELASTIC_APM_SECRET_TOKEN: {{ .Values.settings.elasticapm.token | toString |  quote }}
   {{- end }}
-  {{ if and .Values.global.configuration.enabled .Values.configuration.enabled -}}
-  {{ if .Values.configuration.openzaakAuthorization.enabled -}}
-  NOTIF_OPENZAAK_SECRET: {{ .Values.global.configuration.notificatiesOpenzaakSecret | default .Values.configuration.openzaakAuthorization.notifcationOpenzaakSecret  | toString | quote }}
-  {{- end }}
-  {{ if .Values.configuration.notificaties.enabled -}}
-  OPENZAAK_NOTIF_SECRET: {{ .Values.global.configuration.openzaakNotificatiesSecret | default .Values.configuration.notificaties.openzaakNotificationSecret | toString | quote }}
-  {{- end }}
-  {{- end }}
   {{ if .Values.configuration.superuser.username }}
   DJANGO_SUPERUSER_PASSWORD: {{ .Values.configuration.superuser.password | toString | quote }}
   {{- end }}

diff --git a/charts/opennotificaties/values.yaml b/charts/opennotificaties/values.yaml
@@ -2,13 +2,6 @@ global:
   configuration:
     enabled: false
     overwrite: true
-    organization: Gemeente Example
-    openzaakAutorisatiesApi: https://openzaak.example.nl/autorisaties/api/v1/
-    notificatiesApi: http://opennotificaties.example.nl/api/v1/
-    notificatiesOpenzaakClientId: notif-client-id
-    notificatiesOpenzaakSecret: notif-secret
-    openzaakNotificatiesClientId: oz-client-id
-    openzaakNotificatiesSecret: oz-secret
     secrets: {}
 
   settings:
@@ -18,19 +11,6 @@ global:
 configuration:
   enabled: false
   overwrite: true
-  sites:
-    enabled: false
-    notificatiesDomain: ""
-    organization: ""
-  openzaakAuthorization:
-    enabled: false
-    ApiRoot: ""
-    notificationOpenzaakClientId: ""
-    notifcationOpenzaakSecret: ""
-  notificaties:
-    enabled: false
-    openzaakNotifcationClientId: ""
-    openzaakNotificationSecret: ""
   superuser:
     username: ""
     password: ""
@@ -52,6 +32,127 @@ configuration:
       #   memory: 128Mi
   secrets: {}
   data: ""
+  # e.g.
+  # data: |-
+  #   oidc_db_config_enable: True
+  #   oidc_db_config_admin_auth:
+  #     items:
+  #     - identifier: admin-oidc
+  #       enabled: True
+  #       oidc_rp_client_id: opennotificaties.example.nl
+  #       oidc_rp_client_secret: ${keycloak_client_secret}
+  #       oidc_rp_scopes_list:
+  #       - openid
+  #       - email
+  #       - profile
+  #       - roles
+  #       oidc_rp_sign_algo: RS256
+  #       endpoint_config:
+  #         oidc_op_discovery_endpoint: https://keycloak.example.nl/realms/example/
+  #       username_claim:
+  #       - sub
+  #       groups_claim:
+  #       - roles
+  #       claim_mapping:
+  #         first_name:
+  #         - given_name
+  #         last_name:
+  #         - family_name
+  #         email:
+  #         - email
+  #       sync_groups: true
+  #       sync_groups_glob_pattern: "*"
+  #       default_groups: []
+  #       make_users_staff: true
+  #       superuser_group_names:
+  #       - Superuser
+  #       oidc_use_nonce: true
+  #       oidc_nonce_size: 32
+  #       oidc_state_size: 32
+  #       userinfo_claims_source: id_token
+  #   zgw_consumers_config_enable: True
+  #   zgw_consumers:
+  #     services:
+  #       - identifier: autorisaties-api
+  #         label: Autorisaties API
+  #         api_root: https://openzaak.example.nl/autorisaties/api/v1/
+  #         api_type: ac
+  #         auth_type: zgw
+  #         client_id: open-notificaties
+  #         secret: ${opennotificaties_autorisatie_api_secret}
+  #         user_id: open-notificaties
+  #         user_representation: Open Notificaties
+  #   autorisaties_api_config_enable: True
+  #   autorisaties_api:
+  #     # Configure Open Notificaties to make use of Open Zaak's Autorisaties API
+  #     authorizations_api_service_identifier: autorisaties-api
+  #   vng_api_common_credentials_config_enable: True
+  #   vng_api_common_credentials:
+  #     items:
+  #     # Credentials for Open Zaak to be able to make requests to Open Notificaties
+  #     - identifier: open-zaak
+  #       secret: ${opennotificaties_openzaak_vng_api_common_secret}
+  #     # Credentials for Open Notificaties, required for autorisaties subscription
+  #     - identifier: open-notificaties
+  #       secret: ${opennotificaties_autorisaties_vng_api_common_secret}
+  #   notifications_kanalen_config_enable: true
+  #   notifications_kanalen_config:
+  #     items:
+  #       - naam: autorisaties
+  #         documentatie_link: https://openzaak.example.nl/ref/kanalen/#/autorisaties
+  #         filters: []
+  #       - naam: besluittypen
+  #         documentatie_link: https://openzaak.example.nl/ref/kanalen/#/besluittypen
+  #         filters:
+  #           - catalogus
+  #       - naam: informatieobjecttypen
+  #         documentatie_link: https://openzaak.example.nl/ref/kanalen/#/informatieobjecttypen
+  #         filters:
+  #           - catalogus
+  #       - naam: zaaktypen
+  #         documentatie_link: https://openzaak.example.nl/ref/kanalen/#/zaaktypen
+  #         filters:
+  #           - catalogus
+  #       - naam: zaken
+  #         documentatie_link: https://openzaak.example.nl/ref/kanalen/#/zaken
+  #         filters:
+  #           - bronorganisatie
+  #           - zaaktype
+  #           - vertrouwelijkheidaanduiding
+  #       - naam: documenten
+  #         documentatie_link: https://openzaak.example.nl/ref/kanalen/#/documenten
+  #         filters:
+  #           - bronorganisatie
+  #           - informatieobjecttype
+  #           - vertrouwelijkheidaanduiding
+  #       - naam: besluiten
+  #         documentatie_link: https://openzaak.example.nl/ref/kanalen/#/besluiten
+  #         filters:
+  #           - verantwoordelijke_organisatie
+  #           - besluittype
+  #   notifications_abonnementen_config_enable: true
+  #   notifications_abonnementen_config:
+  #     items:
+  #       - uuid: ff5a9438-6512-4c2d-b69e-6c512c466fb8
+  #         callback_url: https://openzaak.example.nl/api/v1/callback
+  #         auth: Token foo
+  #         kanalen:
+  #           - filters:
+  #               zaaktype: https://openzaak.example.nl/catalogi/api/v1/zaaktypen/d0b3a90d-7959-4699-8bdb-bf228aef5e21
+  #             naam: zaken
+  #           - filters:
+  #               vertrouwelijkheidaanduiding: beperkt_openbaar
+  #             naam: zaken
+  #       - uuid: 03baec5a-93ef-4ba6-bb73-c548c12009a2
+  #         callback_url: https://openzaak.example.nl/api/v1/other-callback
+  #         auth: Token bar
+  #         kanalen:
+  #           - naam: zaken
+  #   sites_config_enable: true
+  #   sites_config:
+  #     items:
+  #       - domain: opennotificaties.test.opengem.nl
+  #         name: Open Notificaties
 
 tags:
   redis: true
@@ -184,6 +285,10 @@ persistence:
 
 # Existing Secret must be defined for AzureVaultSecret to work
 existingSecret: null
+# Reference to an existing secret with the values needed for django-setup-configuration
+existingConfigurationSecrets: null
+# If no secret already exists with the values needed for django-setup-configuration, create it with the following name
+configurationSecretsName: ""
 
 # This will create an AzureVaultSecret object in k8s, only Multi Key Value Secret are supported by this chart
 # ref: https://akv2k8s.io/tutorials/sync/4-multi-key-value-secret/ https://learn.microsoft.com/en-us/azure/key-vault/secrets/multiline-secrets