From 89ac91c29fd9602a379def5e58bb9a888ed50f53 Mon Sep 17 00:00:00 2001
From: Lucas Capellino <137265091+ds-lcapellino@users.noreply.github.com>
Date: Wed, 16 Oct 2024 08:50:41 +0200
Subject: [PATCH] build: add configuration for stable environment (#200)

* Add configuration for stable environment

* chore: fix values files

* chore: add argo cd template files

* chore: fix tag for int env

---------

Co-authored-by: Evelyn Gurschler <evelyn.gurschler@bmw.de>

https://github.com/eclipse-tractusx/portal/issues/408
---
 .../centralidp/appsetup-int.yaml              |   2 +-
 .../centralidp/appsetup-stable.yaml           |  38 ++++++
 .../sharedidp/appsetup-int.yaml               |   2 +-
 .../sharedidp/appsetup-stable.yaml            |  38 ++++++
 .../helm-values/centralidp/values-stable.yaml | 112 ++++++++++++++++++
 .../helm-values/sharedidp/values-stable.yaml  |  63 ++++++++++
 6 files changed, 253 insertions(+), 2 deletions(-)
 create mode 100644 environments/argocd-app-templates/centralidp/appsetup-stable.yaml
 create mode 100644 environments/argocd-app-templates/sharedidp/appsetup-stable.yaml
 create mode 100644 environments/helm-values/centralidp/values-stable.yaml
 create mode 100644 environments/helm-values/sharedidp/values-stable.yaml

diff --git a/environments/argocd-app-templates/centralidp/appsetup-int.yaml b/environments/argocd-app-templates/centralidp/appsetup-int.yaml
index c918946f..64c95f70 100644
--- a/environments/argocd-app-templates/centralidp/appsetup-int.yaml
+++ b/environments/argocd-app-templates/centralidp/appsetup-int.yaml
@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/centralidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: deploy/349-to-association-env
+    targetRevision: v4.0.0-alpha.1
     plugin:
       env:
         - name: AVP_SECRET
diff --git a/environments/argocd-app-templates/centralidp/appsetup-stable.yaml b/environments/argocd-app-templates/centralidp/appsetup-stable.yaml
new file mode 100644
index 00000000..f5fa2281
--- /dev/null
+++ b/environments/argocd-app-templates/centralidp/appsetup-stable.yaml
@@ -0,0 +1,38 @@
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: centralidp
+spec:
+  destination:
+    namespace: product-portal
+    server: 'https://kubernetes.default.svc'
+  source:
+    path: charts/centralidp
+    repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
+    targetRevision: v4.0.0-alpha.1
+    plugin:
+      env:
+        - name: AVP_SECRET
+          value: vault-secret
+        - name: helm_args
+          value: '-f values.yaml -f ../../environments/helm-values/centralidp/values-stable.yaml'
+  project: project-portal
diff --git a/environments/argocd-app-templates/sharedidp/appsetup-int.yaml b/environments/argocd-app-templates/sharedidp/appsetup-int.yaml
index 59beeb63..c433969c 100644
--- a/environments/argocd-app-templates/sharedidp/appsetup-int.yaml
+++ b/environments/argocd-app-templates/sharedidp/appsetup-int.yaml
@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/sharedidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: deploy/349-to-association-env
+    targetRevision: v4.0.0-alpha.1
     plugin:
       env:
         - name: AVP_SECRET
diff --git a/environments/argocd-app-templates/sharedidp/appsetup-stable.yaml b/environments/argocd-app-templates/sharedidp/appsetup-stable.yaml
new file mode 100644
index 00000000..1104e6c6
--- /dev/null
+++ b/environments/argocd-app-templates/sharedidp/appsetup-stable.yaml
@@ -0,0 +1,38 @@
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: sharedidp
+spec:
+  destination:
+    namespace: product-portal
+    server: 'https://kubernetes.default.svc'
+  source:
+    path: charts/sharedidp
+    repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
+    targetRevision: v4.0.0-alpha.1
+    plugin:
+      env:
+        - name: AVP_SECRET
+          value: vault-secret
+        - name: helm_args
+          value: '-f values.yaml -f ../../environments/helm-values/sharedidp/values-stable.yaml'
+  project: project-portal
diff --git a/environments/helm-values/centralidp/values-stable.yaml b/environments/helm-values/centralidp/values-stable.yaml
new file mode 100644
index 00000000..88c3987d
--- /dev/null
+++ b/environments/helm-values/centralidp/values-stable.yaml
@@ -0,0 +1,112 @@
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+keycloak:
+  production: true
+  proxy: edge
+  auth:
+    adminPassword: "<path:portal/data/stable/iam/centralidp-keycloak#admin-password>"
+  ingress:
+    enabled: true
+    ingressClassName: nginx
+    hostname: centralidp.stable.catena-x.net
+    annotations:
+      cert-manager.io/cluster-issuer: letsencrypt-prod
+      nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
+      nginx.ingress.kubernetes.io/cors-allow-methods: PUT, GET, POST, OPTIONS
+      nginx.ingress.kubernetes.io/cors-allow-origin: https://centralidp.stable.catena-x.net
+      nginx.ingress.kubernetes.io/enable-cors: "true"
+      nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
+      nginx.ingress.kubernetes.io/proxy-buffering: "on"
+      nginx.ingress.kubernetes.io/proxy-buffers-number: "20"
+      nginx.ingress.kubernetes.io/use-regex: "true"
+    tls: true
+  postgresql:
+    auth:
+      password: "<path:portal/data/stable/iam/centralidp-keycloak#postgres-custom-user>"
+      postgresPassword: "<path:portal/data/stable/iam/centralidp-keycloak#postgres-admin-user>"
+
+realmSeeding:
+  clients:
+    registration:
+      redirects:
+        - https://portal.stable.catena-x.net/*
+        - http://localhost:3000/*
+    portal:
+      rootUrl: https://portal.stable.catena-x.net/home
+      redirects:
+        - https://portal.stable.catena-x.net/*
+        - http://localhost:3000/*
+    semantics:
+      redirects:
+        - https://portal.stable.catena-x.net/*
+    miw:
+      clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#custodian-client>"
+      redirects:
+        - https://managed-identity-wallets.stable.catena-x.net/*
+    bpdm:
+      clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#bpdm-client>"
+      redirects:
+        - https://partners-pool.stable.catena-x.net/*
+    bpdmGate:
+      clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#bpdmGate-client>"
+      redirects:
+        - https://partners-gate.stable.catena-x.net/*
+    bpdmOrchestrator:
+      clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#bpdmOrchestrator-client>"
+  serviceAccounts:
+    clientSecrets:
+      - clientId: "sa-cl1-reg-2"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#reg-central-sa>"
+      - clientId: "sa-cl2-01"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#portal-clearinghouse-1-sa>"
+      - clientId: "sa-cl2-02"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#portal-clearinghouse-2-sa>"
+      - clientId: "sa-cl2-03"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#offerprovider-sa>"
+      - clientId: "sa-cl2-04"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#portal-issuer-sa>"
+      - clientId: "sa-cl2-05"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#dim-portal-sa>"
+      - clientId: "sa-cl3-cx-1"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#semantic-hub>"
+      - clientId: "sa-cl5-custodian-2"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#custodian-sa>"
+      - clientId: "sa-cl7-cx-1"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#bpdm-sa-1>"
+      - clientId: "sa-cl7-cx-5"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#bpdm-sa-2>"
+      - clientId: "sa-cl7-cx-7"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#bpdm-sa-3>"
+      - clientId: "sa-cl8-cx-1"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#portal-sdfactory-sa>"
+      - clientId: "sa-cl21-01"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#edc-discovery-sa>"
+      - clientId: "sa-cl22-01"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#bpn-discovery-sa>"
+      - clientId: "sa-cl24-01"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#issuer-sa>"
+      - clientId: "sa-cl25-cx-1"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#bpdm-orchestrator-1>"
+      - clientId: "sa-cl25-cx-2"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#bpdm-orchestrator-1>"
+      - clientId: "sa-cl25-cx-3"
+        clientSecret: "<path:portal/data/stable/iam/centralidp-client-secrets#bpdm-orchestrator-1>"
+  bpn: "BPNL00000003CRHK"
+  sharedidp: "https://sharedidp.stable.catena-x.net"
diff --git a/environments/helm-values/sharedidp/values-stable.yaml b/environments/helm-values/sharedidp/values-stable.yaml
new file mode 100644
index 00000000..6aa9ed15
--- /dev/null
+++ b/environments/helm-values/sharedidp/values-stable.yaml
@@ -0,0 +1,63 @@
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+keycloak:
+  production: true
+  proxy: edge
+  auth:
+    adminPassword: "<path:portal/data/stable/iam/sharedidp-keycloak#admin-password>"
+  ingress:
+    enabled: true
+    ingressClassName: nginx
+    hostname: sharedidp.stable.catena-x.net
+    annotations:
+      cert-manager.io/cluster-issuer: letsencrypt-prod
+      nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
+      nginx.ingress.kubernetes.io/cors-allow-methods: PUT, GET, POST, OPTIONS
+      nginx.ingress.kubernetes.io/cors-allow-origin: https://sharedidp.stable.catena-x.net
+      nginx.ingress.kubernetes.io/enable-cors: "true"
+      nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
+      nginx.ingress.kubernetes.io/proxy-buffering: "on"
+      nginx.ingress.kubernetes.io/proxy-buffers-number: "20"
+      nginx.ingress.kubernetes.io/use-regex: "true"
+    tls: true
+  postgresql:
+    auth:
+      password: "<path:portal/data/stable/iam/sharedidp-keycloak#postgres-custom-user>"
+      postgresPassword: "<path:portal/data/stable/iam/sharedidp-keycloak#postgres-admin-user>"
+
+realmSeeding:
+  realms:
+    cxOperator:
+      centralidp: "https://centralidp.stable.catena-x.net"
+      initialUser:
+        password: "<path:portal/data/stable/iam/sharedidp-keycloak#initial-operator-user>"
+      mailing:
+        host: "<path:portal/data/mailing#host>"
+        port: "<path:portal/data/mailing#port>"
+        username: "<path:portal/data/mailing#user>"
+        password: "<path:portal/data/mailing#password"
+        from: "<path:portal/data/mailing#senderMail>"
+        replyTo: "<path:portal/data/mailing#senderMail>"
+    master:
+      serviceAccounts:
+        provisioning:
+          clientSecret: "<path:portal/data/stable/iam/sharedidp-client-secrets#reg-shared-sa>"
+        saCxOperator:
+          clientSecret: "<path:portal/data/stable/iam/sharedidp-client-secrets#sa-operator>"