helm chart updates to support CHES service

.github/environments/values.dev.yaml

@@ -10,6 +10,8 @@ config:
     SERVER_APIPATH: /api/v1
     SERVER_BODYLIMIT: 30mb
     SERVER_CHEFS_APIPATH: https://submit.digital.gov.bc.ca/app/api/v1
+    SERVER_CHES_APIPATH: https://ches-dev.api.gov.bc.ca/api/v1
+    SERVER_CHES_TOKENURL: https://dev.loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token
     SERVER_DB_PORT: "5432"
     # SERVER_LOGFILE: ~
     SERVER_LOGLEVEL: http

.github/environments/values.prod.yaml

@@ -10,6 +10,8 @@ config:
     SERVER_APIPATH: /api/v1
     SERVER_BODYLIMIT: 30mb
     SERVER_CHEFS_APIPATH: https://submit.digital.gov.bc.ca/app/api/v1
+    SERVER_CHES_APIPATH: https://ches.api.gov.bc.ca/api/v1
+    SERVER_CHES_TOKENURL: https://loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token
     SERVER_DB_PORT: "5432"
     # SERVER_LOGFILE: ~
     SERVER_LOGLEVEL: http

.github/environments/values.test.yaml

@@ -10,6 +10,8 @@ config:
     SERVER_APIPATH: /api/v1
     SERVER_BODYLIMIT: 30mb
     SERVER_CHEFS_APIPATH: https://submit.digital.gov.bc.ca/app/api/v1
+    SERVER_CHES_APIPATH: https://ches-test.api.gov.bc.ca/api/v1
+    SERVER_CHES_TOKENURL: https://test.loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token
     SERVER_DB_PORT: "5432"
     # SERVER_LOGFILE: ~
     SERVER_LOGLEVEL: http

charts/pcns/Chart.yaml

@@ -3,7 +3,7 @@ name: nr-permitconnect-navigator-service
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.3
+version: 0.0.4
 kubeVersion: ">= 1.13.0"
 description: PermitConnect Navigator Service
 # A chart can be either an 'application' or a 'library' chart.

charts/pcns/README.md

@@ -1,6 +1,6 @@
 # nr-permitconnect-navigator-service
 
-![Version: 0.0.3](https://img.shields.io/badge/Version-0.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square)
+![Version: 0.0.4](https://img.shields.io/badge/Version-0.0.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square)
 
 PermitConnect Navigator Service
 
@@ -33,7 +33,9 @@ Kubernetes: `>= 1.13.0`
 | autoscaling.maxReplicas | int | `16` |  |
 | autoscaling.minReplicas | int | `2` |  |
 | autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
-| config.configMap | object | `{"FRONTEND_APIPATH":"api/v1","FRONTEND_COMS_APIPATH":null,"FRONTEND_COMS_BUCKETID":null,"FRONTEND_OIDC_AUTHORITY":null,"FRONTEND_OIDC_CLIENTID":null,"SERVER_APIPATH":"/api/v1","SERVER_BODYLIMIT":"30mb","SERVER_CHEFS_APIPATH":null,"SERVER_DB_HOST":null,"SERVER_DB_POOL_MAX":"10","SERVER_DB_POOL_MIN":"2","SERVER_DB_PORT":"5432","SERVER_LOGLEVEL":"http","SERVER_OIDC_AUTHORITY":null,"SERVER_OIDC_IDENTITYKEY":null,"SERVER_OIDC_PUBLICKEY":null,"SERVER_PORT":"8080"}` | These values will be wholesale added to the configmap as is; refer to the pcns documentation for what each of these values mean and whether you need them defined. Ensure that all values are represented explicitly as strings, as non-string values will not translate over as expected into container environment variables. For configuration keys named `*_ENABLED`, either leave them commented/undefined, or set them to string value "true". |
+| chesSecretOverride.password | string | `nil` |  |
+| chesSecretOverride.username | string | `nil` |  |
+| config.configMap | object | `{"FRONTEND_APIPATH":"api/v1","FRONTEND_COMS_APIPATH":null,"FRONTEND_COMS_BUCKETID":null,"FRONTEND_OIDC_AUTHORITY":null,"FRONTEND_OIDC_CLIENTID":null,"SERVER_APIPATH":"/api/v1","SERVER_BODYLIMIT":"30mb","SERVER_CHEFS_APIPATH":null,"SERVER_CHES_APIPATH":null,"SERVER_CHES_TOKENURL":null,"SERVER_DB_HOST":null,"SERVER_DB_POOL_MAX":"10","SERVER_DB_POOL_MIN":"2","SERVER_DB_PORT":"5432","SERVER_LOGLEVEL":"http","SERVER_OIDC_AUTHORITY":null,"SERVER_OIDC_IDENTITYKEY":null,"SERVER_OIDC_PUBLICKEY":null,"SERVER_PORT":"8080"}` | These values will be wholesale added to the configmap as is; refer to the pcns documentation for what each of these values mean and whether you need them defined. Ensure that all values are represented explicitly as strings, as non-string values will not translate over as expected into container environment variables. For configuration keys named `*_ENABLED`, either leave them commented/undefined, or set them to string value "true". |
 | config.enabled | bool | `false` | Set to true if you want to let Helm manage and overwrite your configmaps. |
 | config.releaseScoped | bool | `false` | This should be set to true if and only if you require configmaps and secrets to be release scoped. In the event you want all instances in the same namespace to share a similar configuration, this should be set to false |
 | dbSecretOverride.password | string | `nil` |  |

charts/pcns/templates/deploymentconfig.yaml

@@ -128,6 +128,16 @@ spec:
                 secretKeyRef:
                   key: password
                   name: {{ include "pcns.configname" . }}-form2
+            - name: SERVER_CHES_CLIENTID
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: ches-service-account
+            - name: SERVER_CHES_CLIENTSECRET
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: ches-service-account
             - name: SERVER_DB_HOST
               value: {{ $dbHostName }}
             - name: SERVER_DB_USERNAME

charts/pcns/templates/secret.yaml

@@ -4,6 +4,8 @@
 {{- $f1Username := (randAlphaNum 32) }}
 {{- $f2Password := (randAlphaNum 32) }}
 {{- $f2Username := (randAlphaNum 32) }}
+{{- $chesPassword := (randAlphaNum 32) }}
+{{- $chesUsername := (randAlphaNum 32) }}
 {{- $oPassword := (randAlphaNum 32) }}
 {{- $oUsername := (randAlphaNum 32) }}
 
@@ -15,6 +17,8 @@
 {{- $f2Secret := (lookup "v1" "Secret" .Release.Namespace $f2SecretName ) }}
 {{- $oSecretName := printf "%s-%s" (include "pcns.configname" .) "oidc" }}
 {{- $oSecret := (lookup "v1" "Secret" .Release.Namespace $oSecretName ) }}
+{{- $chesSecretName := printf "%s-%s" "ches-service-account" }}
+{{- $chesSecret := (lookup "v1" "Secret" .Release.Namespace $chesSecretName ) }}
 
 {{- if and (not $dbSecret) (not .Values.patroni.enabled) }}
 ---
@@ -66,6 +70,22 @@ data:
   password: {{ .Values.form2SecretOverride.password | default $f2Password | b64enc | quote }}
   username: {{ .Values.form2SecretOverride.username | default $f2Username | b64enc | quote }}
 {{- end }}
+{{- if not $chesSecret }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  {{- if not .Values.config.releaseScoped }}
+  annotations:
+    "helm.sh/resource-policy": keep
+  {{- end }}
+  name: {{ $chesSecretName }}
+  labels: {{ include "pcns.labels" . | nindent 4 }}
+type: kubernetes.io/basic-auth
+data:
+  password: {{ .Values.chesSecretOverride.password | default $chesPassword | b64enc | quote }}
+  username: {{ .Values.chesSecretOverride.username | default $chesUsername | b64enc | quote }}
+{{- end }}
 {{- if not $oSecret }}
 ---
 apiVersion: v1

charts/pcns/values.yaml

@@ -142,6 +142,9 @@ config:
 
     SERVER_CHEFS_APIPATH: ~
 
+    SERVER_CHES_APIPATH: ~
+    SERVER_CHES_TOKENURL: ~
+
     SERVER_DB_HOST: ~
     SERVER_DB_PORT: "5432"
     SERVER_DB_POOL_MIN: "2"
@@ -165,6 +168,9 @@ form1SecretOverride:
 form2SecretOverride:
   username: ~
   password: ~
+chesSecretOverride:
+  username: ~
+  password: ~
 oidcSecretOverride:
   username: ~
   password: ~