feat(local-setup): iterating on local-setup (#19)

.gitignore

@@ -1,3 +1,4 @@
 .idea
 .vscode/settings.json
+.secret
 bin/

Taskfile.yaml

@@ -22,7 +22,7 @@ tasks:
   lint:
     deps: []
     cmds:
-      - "ct lint --target-branch main --validate-maintainers=false --charts={{.CHARTS}}"
+      - "ct lint --target-branch main --validate-maintainers=false --helm-dependency-extra-args='--skip-refresh' --charts={{.CHARTS}}"
   helmtest:
     cmds:
       - "for chart in $(echo {{.CHARTS}} | tr ',' ' '); do helm unittest $chart; done"

charts/account-operator/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: account-operator
 description: A Helm chart for Kubernetes
 type: application
-version: 0.5.7
+version: 0.5.8
 appVersion: "0.111.0"
 dependencies:
   - name: account-operator-crds

charts/account-operator/README.md

@@ -2,7 +2,7 @@
 
 A Helm chart for Kubernetes
 
-![Version: 0.5.7](https://img.shields.io/badge/Version-0.5.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.111.0](https://img.shields.io/badge/AppVersion-0.111.0-informational?style=flat-square)
+![Version: 0.5.8](https://img.shields.io/badge/Version-0.5.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.111.0](https://img.shields.io/badge/AppVersion-0.111.0-informational?style=flat-square)
 
 ## Additional Information
 

charts/example-content/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "0.126.0"
 description: Helm Chart for the openmfp Portal
 name: example-content
-version: 0.110.14
+version: 0.110.15
 dependencies:
   - name: common
     version: 0.1.8

charts/example-content/README.md

@@ -2,7 +2,7 @@
 
 Helm Chart for the openmfp Portal
 
-![Version: 0.110.14](https://img.shields.io/badge/Version-0.110.14-informational?style=flat-square) ![AppVersion: 0.126.0](https://img.shields.io/badge/AppVersion-0.126.0-informational?style=flat-square)
+![Version: 0.110.15](https://img.shields.io/badge/Version-0.110.15-informational?style=flat-square) ![AppVersion: 0.126.0](https://img.shields.io/badge/AppVersion-0.126.0-informational?style=flat-square)
 
 ## Additional Information
 

charts/extension-manager-operator/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: extension-manager-operator
 description: A Helm chart for extension-manager-operator
 type: application
-version: 0.22.43
+version: 0.22.44
 appVersion: "0.77.0"
 dependencies:
   - name: extension-manager-operator-crds

charts/extension-manager-operator/README.md

@@ -2,7 +2,7 @@
 
 A Helm chart for extension-manager-operator
 
-![Version: 0.22.43](https://img.shields.io/badge/Version-0.22.43-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.77.0](https://img.shields.io/badge/AppVersion-0.77.0-informational?style=flat-square)
+![Version: 0.22.44](https://img.shields.io/badge/Version-0.22.44-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.77.0](https://img.shields.io/badge/AppVersion-0.77.0-informational?style=flat-square)
 
 ## Additional Information
 

charts/keycloak/Chart.yaml

@@ -3,7 +3,7 @@ name: keycloak
 description: A Helm chart for Kubernetes
 
 type: application
-version: 0.59.27
+version: 0.59.28
 appVersion: "1.16.0"
 
 dependencies:

charts/keycloak/README.md

@@ -2,7 +2,7 @@
 
 A Helm chart for Kubernetes
 
-![Version: 0.59.27](https://img.shields.io/badge/Version-0.59.27-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square)
+![Version: 0.59.28](https://img.shields.io/badge/Version-0.59.28-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square)
 
 ## Additional Information
 
@@ -41,18 +41,56 @@ Example
 | crossplane.clients.openmfp.validRedirectUris[0] | string | `"http://localhost:8000/callback*"` | keycloak callback url |
 | crossplane.enabled | bool | `false` | toggle to enable/disable crossplane |
 | crossplane.identityProviders | object | `{"sap":{"authorizationUrl":"https://login.microsoftonline.com/42f7676c-f455-423c-82f6-dc2d99791af7/oauth2/v2.0/authorize","clientId":"82b4c72c-ff99-4df6-ba4f-fb634d1fc491","clientSecretRef":{"key":"client-secret","name":"sap-client-secret","namespace":"openmfp-system"},"clientSecretRemoteRef":"dxp-core-team/manual-secrets/sap-client-secret","issuer":"https://login.microsoftonline.com/42f7676c-f455-423c-82f6-dc2d99791af7/v2.0","tokenUrl":"https://login.microsoftonline.com/42f7676c-f455-423c-82f6-dc2d99791af7/oauth2/v2.0/token"}}` | crossplane identity providers config |
+| crossplane.identityProviders.sap | object | `{"authorizationUrl":"https://login.microsoftonline.com/42f7676c-f455-423c-82f6-dc2d99791af7/oauth2/v2.0/authorize","clientId":"82b4c72c-ff99-4df6-ba4f-fb634d1fc491","clientSecretRef":{"key":"client-secret","name":"sap-client-secret","namespace":"openmfp-system"},"clientSecretRemoteRef":"dxp-core-team/manual-secrets/sap-client-secret","issuer":"https://login.microsoftonline.com/42f7676c-f455-423c-82f6-dc2d99791af7/v2.0","tokenUrl":"https://login.microsoftonline.com/42f7676c-f455-423c-82f6-dc2d99791af7/oauth2/v2.0/token"}` | sap IDP |
+| crossplane.identityProviders.sap.authorizationUrl | string | `"https://login.microsoftonline.com/42f7676c-f455-423c-82f6-dc2d99791af7/oauth2/v2.0/authorize"` | authorization URL |
+| crossplane.identityProviders.sap.clientId | string | `"82b4c72c-ff99-4df6-ba4f-fb634d1fc491"` | client id |
+| crossplane.identityProviders.sap.clientSecretRef | object | `{"key":"client-secret","name":"sap-client-secret","namespace":"openmfp-system"}` | client secret |
+| crossplane.identityProviders.sap.clientSecretRef.key | string | `"client-secret"` | secret key |
+| crossplane.identityProviders.sap.clientSecretRef.name | string | `"sap-client-secret"` | secret name |
+| crossplane.identityProviders.sap.clientSecretRef.namespace | string | `"openmfp-system"` | secret namespace |
+| crossplane.identityProviders.sap.clientSecretRemoteRef | string | `"dxp-core-team/manual-secrets/sap-client-secret"` | user info URL |
+| crossplane.identityProviders.sap.issuer | string | `"https://login.microsoftonline.com/42f7676c-f455-423c-82f6-dc2d99791af7/v2.0"` | user info URL |
+| crossplane.identityProviders.sap.tokenUrl | string | `"https://login.microsoftonline.com/42f7676c-f455-423c-82f6-dc2d99791af7/oauth2/v2.0/token"` | token URL |
 | crossplane.providerConfig | object | `{"name":"keycloak-provider-config","namespace":"openmfp-system"}` | crossplane provider config |
+| crossplane.providerConfig.name | string | `"keycloak-provider-config"` | name of the client |
+| crossplane.providerConfig.namespace | string | `"openmfp-system"` | client namespace |
 | crossplane.realm | object | `{"displayName":"OpenMFP","name":"openmfp","registrationAllowed":false}` | crossplane realm config |
+| crossplane.realm.displayName | string | `"OpenMFP"` | realm display name |
+| crossplane.realm.name | string | `"openmfp"` | realm name |
+| crossplane.realm.registrationAllowed | bool | `false` | realm registration allowed |
 | debug | bool | `false` | debug mode |
 | domain | object | `{"name":"openmfp.org","pathPrefix":""}` | domain configuration |
+| domain.name | string | `"openmfp.org"` | domain name |
+| domain.pathPrefix | string | `""` | path prefix |
 | externalSecrets | object | `{"keycloakAdminRemoteRef":"dxp-core-team/manual-secrets/keycloak-admin","postgres-adminRemoteRef":"dxp-core-team/manual-secrets/postgres-admin-password"}` | external secrets configuration |
+| externalSecrets.keycloakAdminRemoteRef | string | `"dxp-core-team/manual-secrets/keycloak-admin"` | keycloak admin secret |
+| externalSecrets.postgres-adminRemoteRef | string | `"dxp-core-team/manual-secrets/postgres-admin-password"` | postgres admin secret |
 | istio.virtualservice.hosts | list | `["auth.openmfp.org"]` | istio virtual service hosts |
 | job | object | `{"annotations":{"argocd.argoproj.io/hook":"PostSync"},"serviceAccount":"keycloak-client-creation"}` | job configuration |
+| job.annotations | object | `{"argocd.argoproj.io/hook":"PostSync"}` | custom job annotations |
+| job.serviceAccount | string | `"keycloak-client-creation"` | job ServiceAccount name |
 | keycloak | object | `{"extraEnvVars":"- name: KEYCLOAK_USER\n  value: keycloak-admin\n- name: KEYCLOAK_PASSWORD\n  valueFrom:\n    secretKeyRef:\n      name: keycloak-admin\n      key: secret\n","postgresql":{"auth":{"existingSecret":"","secretKeys":{"adminPasswordKey":"password","userPasswordKey":"password"}}}}` | configuration passed to the child 'keyclaok' chart https://github.com/bitnami/charts/tree/main/bitnami/keycloak |
+| keycloak.extraEnvVars | string | `"- name: KEYCLOAK_USER\n  value: keycloak-admin\n- name: KEYCLOAK_PASSWORD\n  valueFrom:\n    secretKeyRef:\n      name: keycloak-admin\n      key: secret\n"` | keycloak environment variables (raw) |
+| keycloak.postgresql | object | `{"auth":{"existingSecret":"","secretKeys":{"adminPasswordKey":"password","userPasswordKey":"password"}}}` | configuration for the postgresql sub-chart |
+| keycloak.postgresql.auth | object | `{"existingSecret":"","secretKeys":{"adminPasswordKey":"password","userPasswordKey":"password"}}` | authorization configuration |
+| keycloak.postgresql.auth.existingSecret | string | `""` | existing secret name |
+| keycloak.postgresql.auth.secretKeys.adminPasswordKey | string | `"password"` | admin password key |
+| keycloak.postgresql.auth.secretKeys.userPasswordKey | string | `"password"` | user password key |
 | keycloakConfig.admin | object | `{"password":{"valueFrom":{"secretKeyRef":{"key":"secret","name":"keycloak-admin"}}},"username":{"value":"keycloak-admin"}}` | admin user configuration |
+| keycloakConfig.admin.password | object | `{"valueFrom":{"secretKeyRef":{"key":"secret","name":"keycloak-admin"}}}` | admin password |
+| keycloakConfig.admin.password.valueFrom.secretKeyRef.key | string | `"secret"` | key of the password in the secret |
+| keycloakConfig.admin.password.valueFrom.secretKeyRef.name | string | `"keycloak-admin"` | name of the secret containing the password |
+| keycloakConfig.admin.username.value | string | `"keycloak-admin"` | username |
 | keycloakConfig.client | object | `{"name":"openmfp","targetSecret":{"name":"portal-client-secret-openmfp","namespace":"openmfp-system"},"tokenLifespan":3600}` | client configuration |
+| keycloakConfig.client.name | string | `"openmfp"` | client name |
+| keycloakConfig.client.targetSecret | object | `{"name":"portal-client-secret-openmfp","namespace":"openmfp-system"}` | target secret options |
+| keycloakConfig.client.targetSecret.name | string | `"portal-client-secret-openmfp"` | secret name |
+| keycloakConfig.client.targetSecret.namespace | string | `"openmfp-system"` | secret namespace |
+| keycloakConfig.client.tokenLifespan | int | `3600` | token lifespan |
 | keycloakConfig.realm | object | `{"name":"master"}` | realm configuration |
+| keycloakConfig.realm.name | string | `"master"` | realm name |
 | keycloakConfig.redirectUrls | list | `[]` | redirect urls |
 | keycloakConfig.url | string | `"http://keycloak-http.openmfp-system.svc.cluster.local:8080"` | url of the keycloak server |
 | keycloakConfig.userRegistration.enabled | bool | `true` | toggle to enable/disable user registration |
 | service | object | `{"name":"keycloak"}` | service configuration |
+| service.name | string | `"keycloak"` | service name |

charts/keycloak/values.yaml

@@ -12,13 +12,18 @@ crossplane:
 
   # -- crossplane provider config
   providerConfig:
+    # -- name of the client
     name: keycloak-provider-config
+    # -- client namespace
     namespace: openmfp-system
 
   # -- crossplane realm config
   realm:
+    # -- realm name
     name: openmfp
+    # -- realm display name
     displayName: OpenMFP
+    # -- realm registration allowed
     registrationAllowed: false
 
   clients:
@@ -32,20 +37,31 @@ crossplane:
 
   # -- crossplane identity providers config
   identityProviders:
+    # -- sap IDP
     sap:
+      # -- authorization URL
       authorizationUrl: https://login.microsoftonline.com/42f7676c-f455-423c-82f6-dc2d99791af7/oauth2/v2.0/authorize
+      # -- token URL
       tokenUrl: https://login.microsoftonline.com/42f7676c-f455-423c-82f6-dc2d99791af7/oauth2/v2.0/token
+      # -- user info URL
       issuer: https://login.microsoftonline.com/42f7676c-f455-423c-82f6-dc2d99791af7/v2.0
+      # -- client id
       clientId: 82b4c72c-ff99-4df6-ba4f-fb634d1fc491
+      # -- client secret
       clientSecretRef:
+        # -- secret name
         name: sap-client-secret
+        # -- secret namespace
         namespace: openmfp-system
+        # -- secret key
         key: client-secret
+      # -- user info URL
       clientSecretRemoteRef: dxp-core-team/manual-secrets/sap-client-secret
 
 # -- configuration passed to the child 'keyclaok' chart
 # https://github.com/bitnami/charts/tree/main/bitnami/keycloak
 keycloak:
+  # -- keycloak environment variables (raw)
   extraEnvVars: |
     - name: KEYCLOAK_USER
       value: keycloak-admin
@@ -54,11 +70,16 @@ keycloak:
         secretKeyRef:
           name: keycloak-admin
           key: secret
+  # -- configuration for the postgresql sub-chart
   postgresql:
+    # -- authorization configuration
     auth:
+      # -- existing secret name
       existingSecret: ""
       secretKeys:
+        # -- user password key
         userPasswordKey: password
+        # -- admin password key
         adminPasswordKey: password
 
 keycloakConfig:
@@ -71,40 +92,57 @@ keycloakConfig:
   redirectUrls: []
   # -- realm configuration
   realm:
+    # -- realm name
     name: master
   # -- client configuration
   client:
+    # -- client name
     name: openmfp
+    # -- target secret options
     targetSecret:
+      # -- secret name
       name: portal-client-secret-openmfp
+      # -- secret namespace
       namespace: openmfp-system
+    # -- token lifespan
     tokenLifespan: 3600
   # -- admin user configuration
   admin:
     username:
+      # -- username
       value: keycloak-admin
+    # -- admin password
     password:
       valueFrom:
         secretKeyRef:
+          # -- name of the secret containing the password
           name: keycloak-admin
+          # -- key of the password in the secret
           key: secret
 
 # -- service configuration
 service:
+  # -- service name
   name: keycloak
 
 # -- domain configuration
 domain:
+  # -- domain name
   name: openmfp.org
+  # -- path prefix
   pathPrefix: ""
 
 # -- job configuration
 job:
+  # -- job ServiceAccount name
   serviceAccount: keycloak-client-creation
+  # -- custom job annotations
   annotations:
     argocd.argoproj.io/hook: PostSync
 
 # -- external secrets configuration
 externalSecrets:
+  # -- keycloak admin secret
   keycloakAdminRemoteRef: dxp-core-team/manual-secrets/keycloak-admin
+  # -- postgres admin secret
   postgres-adminRemoteRef: dxp-core-team/manual-secrets/postgres-admin-password

charts/openmfp/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: openmfp
 description: The OpenMFP chart for Kubernetes
 type: application
-version: 0.0.60
+version: 0.0.61
 appVersion: "0.0.0"
 
 dependencies:

charts/openmfp/README.md

@@ -2,7 +2,7 @@
 
 The OpenMFP chart for Kubernetes
 
-![Version: 0.0.60](https://img.shields.io/badge/Version-0.0.60-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.0](https://img.shields.io/badge/AppVersion-0.0.0-informational?style=flat-square)
+![Version: 0.0.61](https://img.shields.io/badge/Version-0.0.61-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.0](https://img.shields.io/badge/AppVersion-0.0.0-informational?style=flat-square)
 
 ## Additional Information
 

charts/portal/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "0.237.0"
 description: Helm Chart for the openmfp Portal
 name: portal
-version: 0.69.165
+version: 0.69.166
 dependencies:
   - name: common
     repository: oci://ghcr.io/openmfp/helm-charts

charts/portal/README.md

@@ -2,7 +2,7 @@
 
 Helm Chart for the openmfp Portal
 
-![Version: 0.69.165](https://img.shields.io/badge/Version-0.69.165-informational?style=flat-square) ![AppVersion: 0.237.0](https://img.shields.io/badge/AppVersion-0.237.0-informational?style=flat-square)
+![Version: 0.69.166](https://img.shields.io/badge/Version-0.69.166-informational?style=flat-square) ![AppVersion: 0.237.0](https://img.shields.io/badge/AppVersion-0.237.0-informational?style=flat-square)
 
 ## Additional Information
 
@@ -35,9 +35,20 @@ Example
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| developmentLandcsape | string | `"true"` | development landscape toggle |
+| environment | string | `"local"` | environment |
 | featureToggles | string | `"enableSessionAutoRefresh=true"` |  |
-| http.protocol | string | `"https"` |  |
+| frontendPort | int | `8000` | frontend port |
+| http.protocol | string | `"https"` | protocol |
 | image.name | string | `"ghcr.io/openmfp/portal"` |  |
 | image.pullPolicyOverride | string | `"IfNotPresent"` |  |
-| importContent | bool | `true` |  |
+| importContent | bool | `true` | import content toggle |
+| trust.openmfp.authDomain | string | `"https://auth.provider.external/realms/openmfp/protocol/openid-connect/auth"` | auth domain (if discoveryEndpoint is not specified) |
+| trust.openmfp.baseDomains | string | `"localhost"` | base domains |
+| trust.openmfp.discoveryEndpoint | string | `"https://auth.provider.external/realms/master/.well-known/openid-configuration"` | discovery endpoint (if specified, authDomain and tokenUrl are not required) |
+| trust.openmfp.loginAudience | string | `"openmfp"` | login audience |
+| trust.openmfp.oidcClientSecretName | string | `"openmfp-client"` | oidc client secret name |
+| trust.openmfp.secretKeyRef | string | `"attribute.client_secret"` | secret key reference |
+| trust.openmfp.tokenUrl | string | `"https://auth.provider.external/realms/openmfp/protocol/openid-connect/token"` | token url (if discoveryEndpoint is not specified) |
 | validWebcomponentUrls | string | `".?"` |  |
+| virtualService.hosts | list | `["*"]` | virtual service hosts |

charts/portal/tests/__snapshot__/deploy_test.yaml.snap

@@ -25,6 +25,17 @@ matches the snapshot:
               env:
                 - name: HTTP_PROTOCOL
                   value: https
+                - name: OIDC_CLIENT_ID_OPENMFP
+                  value: openmfp
+                - name: OIDC_CLIENT_SECRET_OPENMFP
+                  valueFrom:
+                    secretKeyRef:
+                      key: attribute.client_secret
+                      name: portal-client-secret-openmfp
+                - name: DISCOVERY_ENDPOINT_OPENMFP
+                  value: https://auth.provider.external/realms/master/.well-known/openid-configuration
+                - name: BASE_DOMAINS_OPENMFP
+                  value: localhost
                 - name: OIDC_CLIENT_ID_PORTAL
                   value: "12345"
                 - name: OIDC_CLIENT_SECRET_PORTAL
@@ -37,7 +48,9 @@ matches the snapshot:
                 - name: BASE_DOMAINS_PORTAL
                   value: portal.example.com,portal2.example.com
                 - name: IDP_NAMES
-                  value: portal
+                  value: openmfp,portal
+                - name: DEVELOPMENT_INSTANCE
+                  value: "true"
                 - name: FEATURE_TOGGLES
                   value: enableSessionAutoRefresh=true
                 - name: PORT
@@ -48,6 +61,10 @@ matches the snapshot:
                   value: 1.0.0
                 - name: IMAGE_NAME
                   value: ghcr.io/openmfp/portal
+                - name: FRONTEND_PORT
+                  value: "8000"
+                - name: ENVIRONMENT
+                  value: local
                 - name: VALID_WEBCOMPONENT_URLS
                   value: .?
               image: ghcr.io/openmfp/portal:1.0.0

charts/portal/tests/__snapshot__/istio-virtual_service_test.yaml.snap

@@ -8,10 +8,7 @@ virtual service match the snapshot:
       gateways:
         - NAMESPACE/gateway
       hosts:
-        - portal.example.com
-        - portal.portal.example.com
-        - portal2.example.com
-        - portal.portal2.example.com
+        - '*'
       http:
         - corsPolicy:
             allowHeaders: