feat(seeding-job)!: enable realm import with dynamic config #141

evegufy · 2024-06-27T08:05:09Z

Description

BEGIN_COMMIT_OVERRIDE
feat(seeding-job)!: enable seeding job for realm import and upgrade with dynamic configuration of redirect urls, client secrets, etc. for centralidp and sharedidp - previously only used for upgrading the CX-Central realm configuration for centralidp

remove realm import with Dkeycloak.migration.action=import
enable dynamic configuration of redirects, client secrets and bpn
enable user import in separate file
sharedidp
- add user and mail config to overall import file
- enable initial user configuration for operator
- master-realm: add default client scope acr to the default clients admin-cli, account and security-admin-console avoid unhandled exception sig#578 - Keycloak Seeding | Unhandled exception portal-backend#1039
bpdm: enable new client and service accounts
remove excludedUserAttributes, not needed anymore
move config out of values into job for easier install configuration
remove hook from seeding job
await keycloak service before starting seeding job
create unique job names at helm upgrade to avoid running into "field is immutable" error
increase resource settings
set automountServiceAccountToken to false
set readOnlyRootFilesystem
set ephemeral-storage
remove documentation for post-install configuration
enable option for TLS connection

feat(bpdm): consolidate description of new service accounts in centralidp
feat: improve secret handling and remove obsolete secrets
feat: move to standalone architecture for database dependency
feat: set default replica count to 1
chore: update chart testing
END_COMMIT_OVERRIDE

Why

#86

Checklist

I have followed the contributing guidelines
I have performed a self-review of my changes
I have successfully tested my changes
I have added comments in the default values.yaml file with helm-docs syntax ('# -- ') if relevant for installation
I have commented my changes, particularly in hard-to-understand areas

charts/centralidp/templates/job-seeding.yaml

charts/sharedidp/templates/job-seeding.yaml

+    spec:
+      restartPolicy: Never
+      containers:
+      - name: {{ include "sharedidp.fullname" . }}-realm-seeding


sonarcloud · 2024-07-01T16:02:02Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

- remove realm import with Dkeycloak.migration.action=import - start enabling of CX-Central realm import with seeding job (up to now the seeding job was only used when upgrading the realm config) - start enabling of client secret seeding

to avoid running into "field is immutable" error

improve secrets remove excludedUserAttributes, not needed anymore increase resource settings update docs

for CX-Operator

eclipse-tractusx/portal-backend#1039

for easier configurability

for tls at keycloak service

sonarcloud · 2024-10-07T07:47:53Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

github-advanced-security bot found potential problems Jun 27, 2024

View reviewed changes

charts/centralidp/templates/job-seeding.yaml Fixed Show fixed Hide fixed

github-advanced-security bot found potential problems Jun 27, 2024

View reviewed changes

evegufy force-pushed the feat/86-seed-variables-secrets branch from fb4c010 to d17cc17 Compare September 17, 2024 14:00

evegufy added 26 commits October 1, 2024 17:16

chore: improve secret handling and remove obsolete secrets

0ebaae1

chore: remove hook from seeding job

31669e4

feat: await keycloak service before starting seeding job

eed905a

chore: create unique job names at helm upgrade

615fbc1

to avoid running into "field is immutable" error

chore: move to standalone arch for db dependency

f72802d

chore: rename seeding job

ab0b2f5

chore: set default replica count to 1

e981720

feat(realm-seeing): enable config of redirects, client secrets and bpn

6684169

improve secrets remove excludedUserAttributes, not needed anymore increase resource settings update docs

chore: fix seeding of bpn for service account user

d4bfe59

chore: rename to realm seeding

8c1c4c0

chore: WIP change chart testing

982ba2b

chore: update chart testing for upgrade

82b07fb

chore(centralidp): update chart testing

e073597

chore: set automountServiceAccountToken to false

2a51052

chore: set readOnlyRootFilesystem

bf84e02

feat(sharedicp): add user and mail config to overall import file

0264afe

for CX-Operator

chore(sharedidp): align with improvement from centralidp

1256eeb

chore: set ephemeral-storage

53e268e

chore(sharedidp): enable upgrade

f4d5378

chore: improve config

a6068ca

chore: remove obsolete config

8b8fa30

chore: improve docs

2b3d285

chore: clean formatting

9e01457

chore: fix duplicated clientId for semantics

e7b59a4

fix: avoid unhandled exception

e26dfcb

eclipse-tractusx/portal-backend#1039

evegufy added 14 commits October 2, 2024 21:46

chore: move config out of values into job

b237a76

for easier configurability

chore: move into job

606557b

chore: move into job

0e258fb

chore: fix format

1c28d4e

chore: fix format

1d12065

chore: move into job

d8a77e7

docs: improve comments

35c4b2f

chore: fix comment

cc78dcf

chore: update testing

4b7fd24

chore: improve image config

b333dba

chore: consolidate description of new bpdm svcs

f14eb30

feat: enable new bpdm client and svcs

bd51499

docs: remove post-install config and update readme

e8bab23

chore: enable env specific config

00265a7

evegufy changed the title ~~feat: change realm import to enable dynamic config~~ feat(seeding-job)!: enable realm import with dynamic configuration Oct 2, 2024

evegufy marked this pull request as ready for review October 2, 2024 23:33

evegufy requested a review from ntruchsess October 2, 2024 23:34

evegufy added this to the Release 24.12 milestone Oct 2, 2024

evegufy requested a review from Phil91 October 2, 2024 23:34

evegufy added 4 commits October 3, 2024 11:30

chore: improve docs

8745430

chore: improve tls setup

fb39525

for tls at keycloak service

docs: update readme file

c642e15

chore: change format

93df019

evegufy changed the title ~~feat(seeding-job)!: enable realm import with dynamic configuration~~ feat(seeding-job)!: enable realm import with dynamic config Oct 7, 2024

ntruchsess approved these changes Oct 7, 2024

View reviewed changes

evegufy merged commit 5ed14ce into main Oct 7, 2024
8 checks passed

evegufy deleted the feat/86-seed-variables-secrets branch October 7, 2024 16:02

github-actions bot mentioned this pull request Oct 11, 2024

chore(changelog/v4.0.0-alpha.1): release 4.0.0-alpha.1 #201

Merged

github-actions bot mentioned this pull request Oct 21, 2024

chore(changelog/v4.0.0-alpha.2): release 4.0.0-alpha.2 #211

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(seeding-job)!: enable realm import with dynamic config #141

feat(seeding-job)!: enable realm import with dynamic config #141

evegufy commented Jun 27, 2024 •

edited

Loading

sonarcloud bot commented Jul 1, 2024

sonarcloud bot commented Oct 7, 2024

feat(seeding-job)!: enable realm import with dynamic config #141

feat(seeding-job)!: enable realm import with dynamic config #141

Conversation

evegufy commented Jun 27, 2024 • edited Loading

Description

Why

Checklist

sonarcloud bot commented Jul 1, 2024

Quality Gate passed

sonarcloud bot commented Oct 7, 2024

Quality Gate passed

evegufy commented Jun 27, 2024 •

edited

Loading