diff --git a/.github/workflows/publish-image.yml b/.github/workflows/publish-image.yml
index 420562b..80b12bf 100644
--- a/.github/workflows/publish-image.yml
+++ b/.github/workflows/publish-image.yml
@@ -86,10 +86,3 @@ jobs:
with:
bump_version_scheme: patch
tag_prefix: v
-
- - name: Check Output Parameters
- if: github.ref == 'refs/heads/main'
- run: |
- echo "Got tag name ${{ steps.release.outputs.tag_name }}"
- echo "Got release version ${{ steps.release.outputs.version }}"
- echo "Upload release artifacts to ${{ steps.release.outputs.upload_url }}"
\ No newline at end of file
diff --git a/.tool-versions b/.tool-versions
index 497c659..5fd41e9 100644
--- a/.tool-versions
+++ b/.tool-versions
@@ -2,4 +2,4 @@ nodejs 16.14.0
yarn 1.22.4
python 3.11.0
postgres 14.1
-helm 3.2.4
+helm 3.10.2
diff --git a/app/.env.example b/app/.env.example
index 24a1cf3..86b6c55 100644
--- a/app/.env.example
+++ b/app/.env.example
@@ -1,4 +1,4 @@
-SSO_URL=https://dev.oidc.gov.bc.ca/auth/realms/onestopauth
+SSO_URL=https://dev.loginproxy.gov.bc.ca/auth/realms/standard
SSO_CLIENT_ID=sso-requests
SSO_CLIENT_SECRET=sso-requests-secret
SSO_REDIRECT_URI=http://localhost:3000
@@ -6,13 +6,13 @@ SSO_LOGOUT_REDIRECT_URI=http://localhost:3000
SSO_AUTHORIZATION_RESPONSE_TYPE=code
SSO_AUTHORIZATION_SCOPE=openid
SSO_TOKEN_GRANT_TYPE=authorization_code
-DEV_KC_URL=https://dev.oidc.gov.bc.ca
+DEV_KC_URL=https://dev.loginproxy.gov.bc.ca
DEV_KC_CLIENT_ID=script-cli
DEV_KC_CLIENT_SECRET=
-TEST_KC_URL=https://dev.oidc.gov.bc.ca
+TEST_KC_URL=https://dev.loginproxy.gov.bc.ca
TEST_KC_CLIENT_ID=script-cli
TEST_KC_CLIENT_SECRET=
-PROD_KC_URL=https://dev.oidc.gov.bc.ca
+PROD_KC_URL=https://dev.loginproxy.gov.bc.ca
PROD_KC_CLIENT_ID=script-cli
PROD_KC_CLIENT_SECRET=
JWT_SECRET=verysecuresecret
diff --git a/app/next.config.js b/app/next.config.js
index 3ada74c..d3eed09 100644
--- a/app/next.config.js
+++ b/app/next.config.js
@@ -24,21 +24,22 @@ module.exports = {
pg_database: process.env.PGDATABASE || 'realm_profile',
pg_ssl: process.env.PGSSL === 'true',
- dev_kc_url: process.env.DEV_KC_URL || 'https://dev.oidc.gov.bc.ca',
+ dev_kc_url: process.env.DEV_KC_URL || 'https://dev.loginproxy.gov.bc.ca',
dev_kc_client_id: process.env.DEV_KC_CLIENT_ID || 'script-cli',
dev_kc_client_secret: process.env.DEV_KC_CLIENT_SECRET,
- test_kc_url: process.env.TEST_KC_URL || 'https://dev.oidc.gov.bc.ca',
+ test_kc_url: process.env.TEST_KC_URL || 'https://dev.loginproxy.gov.bc.ca',
test_kc_client_id: process.env.TEST_KC_CLIENT_ID || 'script-cli',
test_kc_client_secret: process.env.TEST_KC_CLIENT_SECRET,
- prod_kc_url: process.env.PROD_KC_URL || 'https://dev.oidc.gov.bc.ca',
+ prod_kc_url: process.env.PROD_KC_URL || 'https://dev.loginproxy.gov.bc.ca',
prod_kc_client_id: process.env.PROD_KC_CLIENT_ID || 'script-cli',
prod_kc_client_secret: process.env.PROD_KC_CLIENT_SECRET,
ches_api_endpoint: process.env.CHES_API_ENDPOINT || 'https://ches.api.gov.bc.ca/api/v1/email',
ches_token_endpoint:
- process.env.CHES_TOKEN_ENDPOINT || 'https://dev.oidc.gov.bc.ca/auth/realms/xxxxxxx/protocol/openid-connect/token',
+ process.env.CHES_TOKEN_ENDPOINT ||
+ 'https://dev.loginproxy.gov.bc.ca/auth/realms/xxxxxxx/protocol/openid-connect/token',
ches_username: process.env.CHES_USERNAME,
ches_password: process.env.CHES_PASSWORD,
diff --git a/app/page-partials/my-dashboard/DuplicateIDIR.tsx b/app/page-partials/my-dashboard/DuplicateIDIR.tsx
index 496b94c..98f2f25 100644
--- a/app/page-partials/my-dashboard/DuplicateIDIR.tsx
+++ b/app/page-partials/my-dashboard/DuplicateIDIR.tsx
@@ -91,7 +91,7 @@ const TableContent = ({
{info.affected.map((realm: string) => (
{realm}
diff --git a/app/page-partials/my-dashboard/RealmIDIR.tsx b/app/page-partials/my-dashboard/RealmIDIR.tsx
index 8a31a86..a1da35c 100644
--- a/app/page-partials/my-dashboard/RealmIDIR.tsx
+++ b/app/page-partials/my-dashboard/RealmIDIR.tsx
@@ -168,7 +168,7 @@ function RealmIDIR({ realm }: Props) {
{result.affected.map((realmName) => (
{`Realm Link: ${realmName}`}
diff --git a/app/page-partials/my-dashboard/RealmURIs.tsx b/app/page-partials/my-dashboard/RealmURIs.tsx
index 7b3a41f..d0dac94 100644
--- a/app/page-partials/my-dashboard/RealmURIs.tsx
+++ b/app/page-partials/my-dashboard/RealmURIs.tsx
@@ -19,23 +19,23 @@ function RealmURIs({ realm }: Props) {
<>
Development
{`https://dev.oidc.gov.bc.ca/auth/admin/${realm.realm}/console`}
+ >{`https://dev.loginproxy.gov.bc.ca/auth/admin/${realm.realm}/console`}
Test
{`https://test.oidc.gov.bc.ca/auth/admin/${realm.realm}/console`}
+ >{`https://test.loginproxy.gov.bc.ca/auth/admin/${realm.realm}/console`}
Production
{`https://oidc.gov.bc.ca/auth/admin/${realm.realm}/console`}
+ >{`https://loginproxy.gov.bc.ca/auth/admin/${realm.realm}/console`}
);
}
diff --git a/app/utils/ches.ts b/app/utils/ches.ts
index 3a5b3bf..7a990bb 100644
--- a/app/utils/ches.ts
+++ b/app/utils/ches.ts
@@ -1,6 +1,7 @@
import axios from 'axios';
import url from 'url';
import getConfig from 'next/config';
+import https from 'https';
const { serverRuntimeConfig = {} } = getConfig() || {};
const { ches_api_endpoint, ches_token_endpoint, ches_username, ches_password } = serverRuntimeConfig;
@@ -19,10 +20,18 @@ interface EmailOptions {
tag?: string;
}
+const httpsAgent = new https.Agent({
+ rejectUnauthorized: false,
+});
+
const fetchChesToken = async () => {
const params = new url.URLSearchParams({ grant_type: 'client_credentials' });
try {
const { data } = await axios.post(ches_token_endpoint, params.toString(), {
+ headers: {
+ 'Accept-Encoding': 'application/json',
+ },
+ httpsAgent,
auth: {
username: ches_username,
password: ches_password,
diff --git a/helm/webapp/Chart.yaml b/helm/webapp/Chart.yaml
index ed72709..4f09c8f 100644
--- a/helm/webapp/Chart.yaml
+++ b/helm/webapp/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v1
name: realm-registry
-version: 0.1.0
+version: 0.2.0
appVersion: 0.1.0
description: Nextjs application to manage SSO keycloak custom realm profiles
dependencies:
diff --git a/helm/webapp/templates/deployment.yaml b/helm/webapp/templates/deployment.yaml
index 19f5005..50251dd 100644
--- a/helm/webapp/templates/deployment.yaml
+++ b/helm/webapp/templates/deployment.yaml
@@ -23,7 +23,7 @@ spec:
vault.hashicorp.com/agent-inject-token: 'true'
vault.hashicorp.com/agent-init-first: 'true'
vault.hashicorp.com/agent-pre-populate: 'true'
- vault.hashicorp.com/auth-path: auth/k8s-silver
+ vault.hashicorp.com/auth-path: auth/k8s-gold
vault.hashicorp.com/namespace: platform-services
vault.hashicorp.com/role: {{ .Values.vault.vaultSecretEngine }}
vault.hashicorp.com/agent-inject-secret-postgres: {{ .Values.vault.vaultSecretEngine }}/{{ .Values.vault.postgresSecret }}
@@ -49,6 +49,10 @@ spec:
export TEST_KC_CLIENT_ID="{{ .Data.data.TEST_KC_CLIENT_ID}}"
export TEST_KC_CLIENT_SECRET="{{ .Data.data.TEST_KC_CLIENT_SECRET}}"
export TEST_KC_URL="{{ .Data.data.TEST_KC_URL}}"
+ export CHES_API_ENDPOINT="{{ .Data.data.CHES_API_ENDPOINT }}"
+ export CHES_PASSWORD="{{ .Data.data.CHES_PASSWORD }}"
+ export CHES_TOKEN_ENDPOINT="{{ .Data.data.CHES_TOKEN_ENDPOINT }}"
+ export CHES_USERNAME="{{ .Data.data.CHES_USERNAME }}"
{{- end }}`}}
spec:
initContainers:
diff --git a/helm/webapp/values-c6af30-dev.yaml b/helm/webapp/values-c6af30-dev.yaml
new file mode 100644
index 0000000..9bb69da
--- /dev/null
+++ b/helm/webapp/values-c6af30-dev.yaml
@@ -0,0 +1,33 @@
+image:
+ tag: dev
+
+route:
+ host: realm-registry-sandbox.apps.gold.devops.gov.bc.ca
+
+sso:
+ url: https://dev.loginproxy.gov.bc.ca/auth/realms/standard
+ redirectUri: http://realm-registry-sandbox.apps.gold.devops.gov.bc.ca/oidc/keycloak
+ logoutRedirectUri: http://realm-registry-sandbox.apps.gold.devops.gov.bc.ca
+
+env:
+ APP_ENV: 'development'
+ SECURE_HEADERS: 'true'
+ IDIR_JWKS_URI: https://dev.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/certs
+ IDIR_ISSUER: https://dev.loginproxy.gov.bc.ca/auth/realms/standard
+ IDIR_AUDIENCE: css-app-in-gold-4128
+ CHES_API_ENDPOINT: https://ches.api.gov.bc.ca/api/v1/email
+
+vault:
+ vaultSecretEngine: c6af30-nonprod
+ postgresSecret: sandbox-realm-registry-patroni-appusers
+ realmRegistrySecret: sandbox-realm-registry
+ serviceAccountName: c6af30-vault
+
+patroni:
+ image:
+ repository: registry.opensource.zalan.do/acid/spilo-14
+ pullPolicy: Always
+ tag: 2.1-p5
+
+ walG:
+ enabled: false
diff --git a/helm/webapp/values-c6af30-prod.yaml b/helm/webapp/values-c6af30-prod.yaml
new file mode 100644
index 0000000..abeb7b9
--- /dev/null
+++ b/helm/webapp/values-c6af30-prod.yaml
@@ -0,0 +1,37 @@
+image:
+ tag: main
+
+route:
+ host: realm-registry.apps.gold.devops.gov.bc.ca
+
+sso:
+ url: https://loginproxy.gov.bc.ca/auth/realms/standard
+ redirectUri: http://realm-registry.apps.gold.devops.gov.bc.ca/oidc/keycloak
+ logoutRedirectUri: http://realm-registry.apps.gold.devops.gov.bc.ca
+
+env:
+ APP_ENV: 'production'
+ SECURE_HEADERS: 'true'
+ IDIR_JWKS_URI: https://loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/certs
+ IDIR_ISSUER: https://loginproxy.gov.bc.ca/auth/realms/standard
+ IDIR_AUDIENCE: css-app-in-gold-4128
+ CHES_API_ENDPOINT: https://ches.api.gov.bc.ca/api/v1/email
+
+vault:
+ vaultSecretEngine: c6af30-prod
+ postgresSecret: prod-realm-registry-patroni-appusers
+ realmRegistrySecret: prod-realm-registry
+ serviceAccountName: c6af30-vault
+
+patroni:
+ image:
+ repository: registry.opensource.zalan.do/acid/spilo-14
+ pullPolicy: Always
+ tag: 2.1-p5
+
+ walG:
+ enabled: true
+ scheduleCronJob: 00 01 * * *
+ retainBackups: 7
+ pvc:
+ size: 1Gi
diff --git a/helm/webapp/values.yaml b/helm/webapp/values.yaml
index 21dfe47..3d704d4 100644
--- a/helm/webapp/values.yaml
+++ b/helm/webapp/values.yaml
@@ -77,7 +77,7 @@ patroni:
resources: {}
persistentVolume:
- size: 10Gi
+ size: 1Gi
podDisruptionBudget:
enabled: true