[To Main] DESENG-503: Updating deployment configurations (#2435)

* Updating deployment configurations to add new configs
bcgov · Apr 3, 2024 · f3da667 · f3da667
1 parent 6c5808c
commit f3da667
Show file tree

Hide file tree

Showing 6 changed files with 221 additions and 37 deletions.
diff --git a/CHANGELOG.MD b/CHANGELOG.MD
@@ -1,3 +1,8 @@
+## April 02, 2024
+
+- **Task**: DEV clean up [DESENG-503](https://apps.itsm.gov.bc.ca/jira/browse/DESENG-503)
+  - Updated deployment configurations to add new configs.
+
 ## March 28, 2024
 
 - **Bug Fix**: Feedback fixes [DESENG-524](https://apps.itsm.gov.bc.ca/jira/browse/DESENG-524)

diff --git a/openshift/analytics-api.dc.yml b/openshift/analytics-api.dc.yml
@@ -64,11 +64,19 @@ objects:
                 name: ${DB_APP_NAME}
           - name: DATABASE_HOST
             value: ${DB_APP_NAME}
+          - name: DATABASE_PORT
+            value: ${DB_APP_PORT}
           - name: S3_SECRET_ACCESS_KEY
             valueFrom:
               secretKeyRef:
                 key: secret-access-key
                 name: s3
+          - name: CORS_ORIGINS
+            value: ${CORS_ORIGINS}
+          - name: KEYCLOAK_BASE_URL
+            value: ${KEYCLOAK_BASE_URL}
+          - name: KEYCLOAK_REALMNAME
+            value: ${KEYCLOAK_REALMNAME}
           envFrom:
           - configMapRef:
               name: jwt-oidc
@@ -178,6 +186,22 @@ parameters:
     description: "The postgresql application name"
     required: true
     value: met-patroni
+  - name: DB_APP_PORT
+    description: "The postgresql application port"
+    required: true
+    value: '5432'
+  - name: CORS_ORIGINS
+    description: "Allowable origins for Cross-Origin Resource Sharing"
+    required: true
+    value: 'http://localhost:3000'
+  - name: KEYCLOAK_BASE_URL
+    description: "Keycloak base url"
+    required: true
+    value: ''
+  - name: KEYCLOAK_REALMNAME
+    description: "Realm name for the project"
+    required: true
+    value: 'standard'
   - name: IMAGE_TAG
     description: "The image tag to deploy"
     required: true

diff --git a/openshift/api.dc.yml b/openshift/api.dc.yml
@@ -64,11 +64,19 @@ objects:
                 name: ${DB_APP_NAME}
           - name: DATABASE_HOST
             value: ${DB_APP_NAME}
+          - name: DATABASE_PORT
+            value: ${DB_APP_PORT}
           - name: S3_SECRET_ACCESS_KEY
             valueFrom:
               secretKeyRef:
                 key: secret-access-key
                 name: s3
+          - name: CORS_ORIGINS
+            value: ${CORS_ORIGINS}
+          - name: KEYCLOAK_BASE_URL
+            value: ${KEYCLOAK_BASE_URL}
+          - name: DEFAULT_TENANT_SHORT_NAME
+            value: ${DEFAULT_TENANT_SHORT_NAME}
           envFrom:
           - configMapRef:
               name: ${APP}
@@ -202,15 +210,22 @@ objects:
     name: ${APP}
   data:
     ACCESS_REQUEST_EMAIL_ADDRESS: ${ACCESS_REQUEST_EMAIL_ADDRESS}
+    ACCESS_REQUEST_EMAIL_TEMPLATE_ID: ${ACCESS_REQUEST_EMAIL_TEMPLATE_ID}
+    CORS_MAX_AGE: ${CORS_MAX_AGE}
+    CSS_API_ENVIRONMENT: ${CSS_API_ENVIRONMENT}
+    CSS_API_INTEGRATION_ID: ${CSS_API_INTEGRATION_ID}
+    CSS_API_URL: ${CSS_API_URL}
+    EMAIL_ENVIRONMENT: ${EMAIL_ENVIRONMENT}
     NOTIFICATIONS_EMAIL_ENDPOINT: ${NOTIFICATIONS_EMAIL_ENDPOINT}    
     SITE_URL: ${SITE_URL}
     VERIFICATION_EMAIL_TEMPLATE_ID: ${VERIFICATION_EMAIL_TEMPLATE_ID}
     SUBSCRIBE_EMAIL_TEMPLATE_ID: ${SUBSCRIBE_EMAIL_TEMPLATE_ID}
+    SUBMISSION_RESPONSE_EMAIL_TEMPLATE_ID: ${SUBMISSION_RESPONSE_EMAIL_TEMPLATE_ID}
     REJECTED_EMAIL_TEMPLATE_ID: ${REJECTED_EMAIL_TEMPLATE_ID}
     CLOSED_ENGAGEMENT_REJECTED_EMAIL_TEMPLATE_ID: ${CLOSED_ENGAGEMENT_REJECTED_EMAIL_TEMPLATE_ID}    
-    ACCESS_REQUEST_EMAIL_TEMPLATE_ID: ${ACCESS_REQUEST_EMAIL_TEMPLATE_ID}
     KEYCLOAK_REALMNAME: ${KEYCLOAK_REALMNAME}
     KEYCLOAK_BASE_URL: ${KEYCLOAK_BASE_URL}
+    KEYCLOAK_ADMIN_TOKEN_URL: ${KEYCLOAK_ADMIN_TOKEN_URL}
 - kind: Secret
   apiVersion: v1
   type: Opaque
@@ -232,6 +247,40 @@ objects:
       app-group: met-app
   stringData:
     secret-access-key: ${S3_ACCESS_KEY}
+- kind: Secret
+  apiVersion: v1
+  type: Opaque
+  metadata:
+    name: met-cdogs-secret
+    labels:
+      app: met-cdogs-secret
+      app-group: met-app
+  stringData:
+    CDOGS_BASE_URL: ${CDOGS_BASE_URL}
+    CDOGS_SERVICE_CLIENT: ${CDOGS_SERVICE_CLIENT}
+    CDOGS_SERVICE_CLIENT_SECRET: ${CDOGS_SERVICE_CLIENT_SECRET}
+    CDOGS_TOKEN_URL: ${CDOGS_TOKEN_URL}
+- kind: Secret
+  apiVersion: v1
+  type: Opaque
+  metadata:
+    name: email-secret-key
+    labels:
+      app: email-secret-key
+      app-group: met-app
+  stringData:
+    EMAIL_SECRET_KEY: ${EMAIL_SECRET_KEY}
+- kind: Secret
+  apiVersion: v1
+  type: Opaque
+  metadata:
+    name: keycloak-admin-credentials
+    labels:
+      app: keycloak-admin-credentials
+      app-group: met-app
+  stringData:
+    KEYCLOAK_ADMIN_CLIENT_ID: ${KEYCLOAK_ADMIN_CLIENT_ID}
+    KEYCLOAK_ADMIN_CLIENT_SECRET: ${KEYCLOAK_ADMIN_CLIENT_SECRET}
 parameters:
   - name: APP
     description: "The application name"
@@ -269,6 +318,10 @@ parameters:
     description: "The subscribe email verification template id"
     required: true
     value: '9cd4942b-8ac9-49ae-a869-c800c57a7472'
+  - name: SUBMISSION_RESPONSE_EMAIL_TEMPLATE_ID
+    description: "The response to submission email template id"
+    required: true
+    value: '07f0f037-5ccb-44c5-89c6-9fe86078323e'
   - name: REJECTED_EMAIL_TEMPLATE_ID
     description: "The rejected comment email template id"
     required: true
@@ -281,6 +334,25 @@ parameters:
     description: "The access request email template id"
     required: true
     value: '41afa792-4c75-425a-9ad9-c558561d6669'
+  - name: CORS_MAX_AGE
+    description: "Set CORS pre-flight cache duration"
+    required: true
+    value: '7200'
+  - name: CSS_API_ENVIRONMENT
+    description: "CSS API environment"
+    required: true
+    value: dev
+  - name: CSS_API_INTEGRATION_ID
+    description: "CSS API integration number"
+    required: true
+    value: '0000'
+  - name: CSS_API_URL
+    description: "CSS API URL"
+    required: true
+    value: ''
+  - name: EMAIL_ENVIRONMENT
+    description: "Environment from which email is sent"
+    value: 'You are using a DEV environment'
   - name: S3_BUCKET
     description: "The s3 object store bucket"
     required: true
@@ -297,6 +369,18 @@ parameters:
     description: "The postgresql application name"
     required: true
     value: met-patroni
+  - name: DB_APP_PORT
+    description: "The postgresql application port"
+    required: true
+    value: '5432'
+  - name: CORS_ORIGINS
+    description: "Allowable origins for Cross-Origin Resource Sharing"
+    required: true
+    value: 'http://localhost:3000'
+  - name: DEFAULT_TENANT_SHORT_NAME
+    description: "Short name for default tenant"
+    required: true
+    value: 'DEFAULT'
   - name: IMAGE_TAG
     description: "The image tag to deploy"
     required: true
@@ -311,8 +395,40 @@ parameters:
   - name: KEYCLOAK_BASE_URL
     description: "Keycloak base url"
     required: true
-    value: 'https://met-oidc-dev.apps.gold.devops.gov.bc.ca'
+    value: ''
   - name: KEYCLOAK_REALMNAME
     description: "Realm name for the project"
     required: true
-    value: 'met'
+    value: 'standard'
+  - name: KEYCLOAK_ADMIN_TOKEN_URL
+    description: "Keycloak url to get admin token"
+    required: true
+    value: ''
+  - name: CDOGS_BASE_URL
+    description: "Base url to access CDOGS"
+    required: true
+    value: ''
+  - name: CDOGS_SERVICE_CLIENT
+    description: "Client for CDOGS Service"
+    required: true
+    value: 'CDOGS_SERVICE_CLIENT'
+  - name: CDOGS_SERVICE_CLIENT_SECRET
+    description: "Secret for CDOGS Service"
+    required: true
+    value: 'CDOGS_SERVICE_CLIENT_SECRET'
+  - name: CDOGS_TOKEN_URL
+    description: "Token url for CDOGS"
+    required: true
+    value: ''
+  - name: EMAIL_SECRET_KEY
+    description: "Secret key for email"
+    required: true
+    value: 'notASecureKey'
+  - name: KEYCLOAK_ADMIN_CLIENT_ID
+    description: "Admin Client ID for Keycloak authentication"
+    required: true
+    value: 'CLIENT_ID'
+  - name: KEYCLOAK_ADMIN_CLIENT_SECRET
+    description: "Admin Client Secret for Keycloak authentication"
+    required: true
+    value: 'CLIENT_SECRET'
diff --git a/openshift/cron.dc.yml b/openshift/cron.dc.yml
@@ -73,13 +73,13 @@ objects:
             - name: DATABASE_USERNAME
               valueFrom:
                 secretKeyRef:
-                  key: analytics-username
+                  key: met-username
                   name: met-database-users
             - name: DATABASE_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: met-database-users
-                  key: analytics-password
+                  key: met-password
             - name: DATABASE_NAME
               valueFrom:
                 secretKeyRef:
@@ -89,25 +89,6 @@ objects:
               value: ${DATABASE_HOST}
             - name: DATABASE_PORT
               value: ${DATABASE_PORT}
-            - name: MET_DATABASE_USERNAME
-              valueFrom:
-                secretKeyRef:
-                  key: met-username
-                  name: met-database-users
-            - name: MET_DATABASE_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  key: met-password
-                  name: met-database-users
-            - name: MET_DB_NAME
-              valueFrom:
-                secretKeyRef:
-                  key: app-db-name
-                  name: ${DATABASE_HOST}
-            - name: MET_DATABASE_HOST
-              value: ${DATABASE_HOST}
-            - name: MET_DATABASE_PORT
-              value: ${DATABASE_PORT}
           envFrom:
             - configMapRef:
                 name: ${NAME}
@@ -172,9 +153,15 @@ objects:
       app-group: met-app
     name: ${NAME}
   data:
-    ENGAGEMENT_CLOSEOUT_EMAIL_TEMPLATE_ID: ${ENGAGEMENT_CLOSEOUT_EMAIL_TEMPLATE_ID}
+    CLOSEOUT_EMAIL_TEMPLATE_ID: ${CLOSEOUT_EMAIL_TEMPLATE_ID}
+    CLOSING_SOON_EMAIL_TEMPLATE_ID: ${CLOSING_SOON_EMAIL_TEMPLATE_ID}
+    EMAIL_ENVIRONMENT: ${EMAIL_ENVIRONMENT}
+    EMAIL_FROM_ADDRESS: ${EMAIL_FROM_ADDRESS}
+    KEYCLOAK_BASE_URL: ${KEYCLOAK_BASE_URL}
+    KEYCLOAK_REALMNAME: ${KEYCLOAK_REALMNAME}
     NOTIFICATIONS_EMAIL_ENDPOINT: ${NOTIFICATIONS_EMAIL_ENDPOINT}
-    PUBLISH_ENGAGEMENT_EMAIL_TEMPLATE_ID: ${PUBLISH_ENGAGEMENT_EMAIL_TEMPLATE_ID}
+    OFFSET_DAYS: ${OFFSET_DAYS}
+    PUBLISH_EMAIL_TEMPLATE_ID: ${PUBLISH_EMAIL_TEMPLATE_ID}
     SITE_URL: ${SITE_URL}
 - kind: Secret
   apiVersion: v1
@@ -187,6 +174,16 @@ objects:
   stringData:
     MET_ADMIN_CLIENT_ID: ${MET_ADMIN_CLIENT_ID}
     MET_ADMIN_CLIENT_SECRET: ${MET_ADMIN_CLIENT_SECRET}
+- kind: Secret
+  apiVersion: v1
+  type: Opaque
+  metadata:
+    name: email-secret-key
+    labels:
+      app: email-secret-key
+      app-group: met-app
+  stringData:
+    EMAIL_SECRET_KEY: ${EMAIL_SECRET_KEY}
 parameters:
 - name: NAME
   description: "The name assigned to all of the OpenShift resources associated to the server instance."
@@ -201,11 +198,11 @@ parameters:
   required: true
   value: dev
 - name: DATABASE_HOST
-  description: "The analytics postgresql application name."
+  description: "The met postgresql application name."
   required: true
   value: met-patroni
 - name: DATABASE_PORT
-  description: "The analytics postgresql application port."
+  description: "The met postgresql application port."
   required: true
   value: '5432'
 - name: CPU_REQUEST
@@ -242,10 +239,29 @@ parameters:
   description: "The email notification endpoint"
   required: true
   value: 'https://met-notify-api-dev.apps.gold.devops.gov.bc.ca/api/v1/notifications/email'
-- name: ENGAGEMENT_CLOSEOUT_EMAIL_TEMPLATE_ID
+- name: OFFSET_DAYS
+  description: "Days in which the engagement closing soon email is sent"
+  required: true
+  value: '2'
+- name: CLOSEOUT_EMAIL_TEMPLATE_ID
   description: "The engagement closeout email template id"
   value: 'b7ea041b-fc30-4ad3-acb2-82119dd4f95d'
-- name: PUBLISH_ENGAGEMENT_EMAIL_TEMPLATE_ID
+- name: CLOSING_SOON_EMAIL_TEMPLATE_ID
+  description: "The engagement closing soon email template id to send email n days before closing"
+  value: '30344886-ea33-4ca2-83e1-e5ebe9c3457d'
+- name: EMAIL_ENVIRONMENT
+  description: "Environment from which email is sent"
+  value: 'You are using a DEV environment'
+- name: EMAIL_FROM_ADDRESS
+  description: "Email from address"
+  value: '[email protected]'
+- name: KEYCLOAK_BASE_URL
+  description: "Keycloak base url"
+  value: ''
+- name: KEYCLOAK_REALMNAME
+  description: "Realm name for the project"
+  value: 'standard'
+- name: PUBLISH_EMAIL_TEMPLATE_ID
   description: "The publish engagement email template id"
   value: '7bf2ffcd-d69e-4c3f-9aa0-e8e89b491e92'
 - name: MET_ADMIN_CLIENT_ID
@@ -255,3 +271,7 @@ parameters:
 - name: MET_ADMIN_CLIENT_SECRET
   description: "The MET admin service account secret"
   required: true
+- name: EMAIL_SECRET_KEY
+  description: "Secret key for email"
+  required: true
+  value: 'notASecureKey'
diff --git a/openshift/notify-api.dc.yml b/openshift/notify-api.dc.yml
@@ -40,6 +40,8 @@ objects:
         - env:
           - name: FLASK_ENV
             value: production
+          - name: JWT_OIDC_AUDIENCE
+            value: account
           envFrom:
           - configMapRef:
               name: ${APP}
@@ -152,6 +154,7 @@ objects:
   stringData:
     GC_NOTIFY_API_KEY: "${GC_NOTIFY_API_KEY}"
     GC_NOTIFY_API_BASE_URL: "${GC_NOTIFY_API_BASE_URL}"
+    GC_NOTIFY_EMAIL_TEMPLATE_ID: "${GC_NOTIFY_EMAIL_TEMPLATE_ID}"
     CHES_SSO_TOKEN_URL: "${CHES_SSO_TOKEN_URL}"
     CHES_SSO_CLIENT_ID: "${CHES_SSO_CLIENT_ID}"
     CHES_SSO_CLIENT_SECRET: "${CHES_SSO_CLIENT_SECRET}"
@@ -182,7 +185,10 @@ parameters:
     value: 
   - name: GC_NOTIFY_API_BASE_URL
     description: "GC Notify API URL"
-    value: https://api.notification.canada.ca/v2    
+    value: https://api.notification.canada.ca/v2
+  - name: GC_NOTIFY_EMAIL_TEMPLATE_ID
+    description: "GC Notify email template id"
+    value: 'c4cc1633-321a-4400-8a22-272acecd836a'
   - name: CHES_SSO_TOKEN_URL
     description: "CHES Token Url"
     value: https://dev.oidc.gov.bc.ca/auth/realms/jbd6rnxw/protocol/openid-connect/token