Merge pull request #201 from bcgov/email-env

TimCsaky · web-flow · commit c401e46e267a · 2024-05-21T12:16:19.000-07:00
Configure Environments for backend and Changes
diff --git a/.github/environments/values.dev.yaml b/.github/environments/values.dev.yaml
@@ -5,11 +5,17 @@ config:
     FRONTEND_APIPATH: api/v1
     FRONTEND_COMS_APIPATH: https://coms-dev.api.gov.bc.ca/api/v1
     FRONTEND_EXCLUDE_METADATA: geodrive.common.encoding,geodrive.windows.attr,geodrive.windows.secdesc,s3b-last-modified
-    FRONTEND_NOTIFICATION_BANNER : This is the DEV environment of BCBox. Uploaded files may not persist and may be deleted from the COMS database as we continue development. Please do not upload personal or private information. Thank you for your understanding as we work to improve BCBox
+    FRONTEND_NOTIFICATION_BANNER: This is the DEV environment of BCBox. Uploaded files may not persist and may be deleted from the COMS database as we continue development. Please do not upload personal or private information. Thank you for your understanding as we work to improve BCBox
     FRONTEND_OIDC_AUTHORITY: https://dev.loginproxy.gov.bc.ca/auth/realms/standard
     FRONTEND_OIDC_CLIENTID: bc-box-4555
     SERVER_APIPATH: /api/v1
     SERVER_BODYLIMIT: 30mb
+    SERVER_CHES_APIPATH: https://ches-dev.api.gov.bc.ca/api/v1
+    SERVER_CHES_TOKENURL: https://dev.loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token
+    SERVER_CHES_FROM: DoNotReply.BCBox@gov.bc.ca
     # SERVER_LOGFILE: ~
     SERVER_LOGLEVEL: http
+    SERVER_OIDC_AUTHORITY: https://dev.loginproxy.gov.bc.ca/auth/realms/standard
+    SERVER_OIDC_IDENTITYKEY: idir_user_guid,bceid_user_guid,github_id
+    SERVER_OIDC_PUBLICKEY: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuy7zfh2ZgpDV5mH/aXyLDTddZK81rGakJcTy4KvCNOkDDxt1KAhW02lmbCo8YhHCOzjNZBp1+Vi6QiMRgBqAe2GTPZYEiV70aXfROGZe3Nvwcjbtki6HoyRte3SpqLJEIPL2F+hjJkw1UPGnjPTWZkEx9p74b9i3BjuE8RnjJ0Sza2MWw83zoQUZEJRGiopSL0yuVej6t2LO2btVdVf7QuZfPt9ehkcQYlPKpVvJA+pfeqPAdnNt7OjEIeYxinjurZr8Z04hz8UhkRefcWlSbFzFQYmL7O7iArjW0bsSvq8yNUd5r0KCOQkFduwZy26yTzTxj8OLFT91fEmbBBl4rQIDAQAB
     SERVER_PORT: "8080"
diff --git a/.github/environments/values.prod.yaml b/.github/environments/values.prod.yaml
@@ -9,6 +9,12 @@ config:
     FRONTEND_OIDC_CLIENTID: bc-box-4555
     SERVER_APIPATH: /api/v1
     SERVER_BODYLIMIT: 30mb
+    SERVER_CHES_APIPATH: https://ches.api.gov.bc.ca/api/v1
+    SERVER_CHES_TOKENURL: https://loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token
+    SERVER_CHES_FROM: DoNotReply.BCBox@gov.bc.ca
     # SERVER_LOGFILE: ~
     SERVER_LOGLEVEL: http
+    SERVER_OIDC_AUTHORITY: https://loginproxy.gov.bc.ca/auth/realms/standard
+    SERVER_OIDC_IDENTITYKEY: idir_user_guid,bceid_user_guid
+    SERVER_OIDC_PUBLICKEY: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHiuPKOkpkq4GXN1ktr23rJtDl6Vdu/Y37ZAd3PnQ8/IDfAODvy1Y81aAUZicKe9egolv+OTRANN3yOg+TAbRhkeXLE5p/473EK0aQ0NazTCuWo6Am3oDQ7Yt8x0pw56/qcLtkTuXNyo5EnVV2Z2BzCnnaL31JOhyitolku0DNT6GDoRBmT4o2ItqEVHk5nM25cf1t2zbwI2790W6if1B2qVRkxxivS8tbH7nYC61Is3XCPockKptkH22cm2ZQJmtYd5sZKuXaGsvtyzHmn8/l0Kd1xnHmUu4JNuQ67YiNZGu3hOkrF0Js3BzAk1Qm4kvYRaxbJFCs/qokLZ4Z0W9wIDAQAB
     SERVER_PORT: "8080"
diff --git a/.github/environments/values.test.yaml b/.github/environments/values.test.yaml
@@ -10,6 +10,12 @@ config:
     FRONTEND_OIDC_CLIENTID: bc-box-4555
     SERVER_APIPATH: /api/v1
     SERVER_BODYLIMIT: 30mb
+    SERVER_CHES_APIPATH: https://ches-test.api.gov.bc.ca/api/v1
+    SERVER_CHES_TOKENURL: https://test.loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token
+    SERVER_CHES_FROM: DoNotReply.BCBox@gov.bc.ca
     # SERVER_LOGFILE: ~
     SERVER_LOGLEVEL: http
+    SERVER_OIDC_AUTHORITY: https://test.loginproxy.gov.bc.ca/auth/realms/standard
+    SERVER_OIDC_IDENTITYKEY: idir_user_guid,bceid_user_guid
+    SERVER_OIDC_PUBLICKEY: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFdv9GA83uHuy8Eu9yiZHGGF9j6J8t7FkbcpaN81GDjwbjsIJ0OJO9dKRAx6BAtTC4ubJTBJMPvQER5ikOhIeBi4o25fg61jpgsU6oRZHkCXc9gX6mrjMjbsPaf3/bjjYxP5jicBDJQeD1oRa24+tiGggoQ7k6gDEN+cRYqqNpzC/GQbkUPk8YsgroncEgu8ChMh/3ERsLV2zorchMANUq76max16mHrhtWIQxrb/STpSt4JuSlUzzBV/dcXjJe5gywZHe0jAutFhNqjHzHdgyaC4RAd3eYQo+Kl/JOgy2AZrnx+CiPmvOJKe9tAW4k4H087ng8aVE40v4HW/FEbnwIDAQAB
     SERVER_PORT: "8080"
diff --git a/app/config/custom-environment-variables.json b/app/config/custom-environment-variables.json
@@ -17,8 +17,22 @@
   "server": {
     "apiPath": "SERVER_APIPATH",
     "bodyLimit": "SERVER_BODYLIMIT",
+    "ches": {
+      "apiPath": "SERVER_CHES_APIPATH",
+      "clientId": "SERVER_CHES_CLIENTID",
+      "clientSecret": "SERVER_CHES_CLIENTSECRET",
+      "tokenUrl": "SERVER_CHES_TOKENURL",
+      "from": "SERVER_CHES_FROM"
+    },
     "logFile": "SERVER_LOGFILE",
     "logLevel": "SERVER_LOGLEVEL",
+    "oidc": {
+      "authority": "SERVER_OIDC_AUTHORITY",
+      "clientId": "SERVER_OIDC_CLIENTID",
+      "clientSecret": "SERVER_OIDC_CLIENTSECRET",
+      "identityKey": "SERVER_OIDC_IDENTITYKEY",
+      "publicKey": "SERVER_OIDC_PUBLICKEY"
+    },
     "port": "SERVER_PORT"
   }
 }
diff --git a/charts/bcbox/Chart.yaml b/charts/bcbox/Chart.yaml
@@ -3,7 +3,7 @@ name: bcbox
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.14
+version: 0.0.15
 kubeVersion: ">= 1.13.0"
 description: A frontend UI for managing access control to S3 Objects
 # A chart can be either an 'application' or a 'library' chart.
diff --git a/charts/bcbox/README.md b/charts/bcbox/README.md
@@ -1,6 +1,6 @@
 # bcbox
 
-![Version: 0.0.14](https://img.shields.io/badge/Version-0.0.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.0](https://img.shields.io/badge/AppVersion-0.7.0-informational?style=flat-square)
+![Version: 0.0.15](https://img.shields.io/badge/Version-0.0.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.0](https://img.shields.io/badge/AppVersion-0.7.0-informational?style=flat-square)
 
 A frontend UI for managing access control to S3 Objects
 
@@ -29,7 +29,7 @@ Kubernetes: `>= 1.13.0`
 | autoscaling.maxReplicas | int | `16` |  |
 | autoscaling.minReplicas | int | `2` |  |
 | autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
-| config.configMap | object | `{"FRONTEND_APIPATH":"api/v1","FRONTEND_COMS_APIPATH":null,"FRONTEND_OIDC_AUTHORITY":null,"FRONTEND_OIDC_CLIENTID":null,"SERVER_APIPATH":"/api/v1","SERVER_BODYLIMIT":"30mb","SERVER_LOGLEVEL":"http","SERVER_PORT":"8080"}` | These values will be wholesale added to the configmap as is; refer to the bcbox documentation for what each of these values mean and whether you need them defined. Ensure that all values are represented explicitly as strings, as non-string values will not translate over as expected into container environment variables. For configuration keys named `*_ENABLED`, either leave them commented/undefined, or set them to string value "true". |
+| config.configMap | object | `{"FRONTEND_APIPATH":"api/v1","FRONTEND_COMS_APIPATH":null,"FRONTEND_OIDC_AUTHORITY":null,"FRONTEND_OIDC_CLIENTID":null,"SERVER_APIPATH":"/api/v1","SERVER_BODYLIMIT":"30mb","SERVER_CHES_APIPATH":null,"SERVER_CHES_FROM":null,"SERVER_CHES_TOKENURL":null,"SERVER_LOGLEVEL":"http","SERVER_OIDC_AUTHORITY":null,"SERVER_OIDC_IDENTITYKEY":null,"SERVER_OIDC_PUBLICKEY":null,"SERVER_PORT":"8080"}` | These values will be wholesale added to the configmap as is; refer to the bcbox documentation for what each of these values mean and whether you need them defined. Ensure that all values are represented explicitly as strings, as non-string values will not translate over as expected into container environment variables. For configuration keys named `*_ENABLED`, either leave them commented/undefined, or set them to string value "true". |
 | config.enabled | bool | `false` | Set to true if you want to let Helm manage and overwrite your configmaps. |
 | config.releaseScoped | bool | `false` | This should be set to true if and only if you require configmaps and secrets to be release scoped. In the event you want all instances in the same namespace to share a similar configuration, this should be set to false |
 | failurePolicy | string | `"Retry"` | DeploymentConfig pre-hook failure behavior |
diff --git a/charts/bcbox/templates/deploymentconfig.yaml b/charts/bcbox/templates/deploymentconfig.yaml
@@ -59,6 +59,26 @@ spec:
           env:
             - name: NODE_ENV
               value: production
+            - name: SERVER_CHES_CLIENTID
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: {{ include "bcbox.configname" . }}-ches-service-account
+            - name: SERVER_CHES_CLIENTSECRET
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: {{ include "bcbox.configname" . }}-ches-service-account
+            - name: SERVER_OIDC_CLIENTID
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: {{ include "bcbox.configname" . }}-keycloak
+            - name: SERVER_OIDC_CLIENTSECRET
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: {{ include "bcbox.configname" . }}-keycloak
           envFrom:
             - configMapRef:
                 name: {{ include "bcbox.configname" . }}-config
diff --git a/charts/bcbox/values.yaml b/charts/bcbox/values.yaml
@@ -27,11 +27,13 @@ failurePolicy: Retry
 podAnnotations: {}
 
 # -- Privilege and access control settings
-podSecurityContext: {}
+podSecurityContext:
+  {}
   # fsGroup: 2000
 
 # -- Privilege and access control settings
-securityContext: {}
+securityContext:
+  {}
   # capabilities:
   #   drop:
   #   - ALL
@@ -89,7 +91,8 @@ route:
   # -- Specifies whether a route should be created
   enabled: true
   # -- Annotations to add to the route
-  annotations: {}
+  annotations:
+    {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"
   host: chart-example.local
@@ -140,7 +143,17 @@ config:
     FRONTEND_OIDC_CLIENTID: ~
     SERVER_APIPATH: "/api/v1"
     SERVER_BODYLIMIT: "30mb"
-    # SERVER_STATICFILES: ~
+
+    SERVER_CHES_APIPATH: ~
+    SERVER_CHES_TOKENURL: ~
+    SERVER_CHES_FROM: ~
+
     # SERVER_LOGFILE: ~
     SERVER_LOGLEVEL: "http"
+
+    SERVER_OIDC_AUTHORITY: ~
+    SERVER_OIDC_IDENTITYKEY: ~
+    SERVER_OIDC_PUBLICKEY: ~
+
     SERVER_PORT: "8080"
+    # SERVER_STATICFILES: ~
