Merge pull request #187 from maykinmedia/feature/stable-release-openzaak

🔖 Stable release Open-Zaak
maykinmedia · Feb 20, 2025 · e60fb54 · e60fb54
2 parents 5b69711 + 2fa79d2
commit e60fb54
Show file tree

Hide file tree

Showing 8 changed files with 104 additions and 83 deletions.
diff --git a/charts/openzaak/CHANGELOG.md b/charts/openzaak/CHANGELOG.md
@@ -1,5 +1,13 @@
 # Changelog
 
+## 1.8.0 (2025-02-17)
+
+Stable release with support of [django-setup-configuration](https://github.com/maykinmedia/django-setup-configuration). 
+
+- Fixed the configuration-secrets.yaml template to render only if no existing secret is present in the cluster (needed for example if using sealed secrets).
+- Removed support for the following environment variables: `SITES_CONFIG_ENABLE`, `OPENZAAK_DOMAIN`, `OPENZAAK_ORGANIZATION`, `NOTIF_OPENZAAK_CONFIG_ENABLE`, `NOTIF_OPENZAAK_CLIENT_ID`, `OPENZAAK_NOTIF_CONFIG_ENABLE`, `NOTIF_API_ROOT`, `OPENZAAK_NOTIF_CLIENT_ID`, `OPENZAAK_SELECTIELIJST_CONFIG_ENAB`, `SELECTIELIJST_API_ROOT`, `SELECTIELIJST_API_OAS`, `SELECTIELIJST_ALLOWED_YEARS`, `SELECTIELIJST_DEFAULT_YEAR`. The settings that used to be configured with these variables can now be configured via django setup configuration.
+- Removed variable `DEMO_CONFIG_ENABLE` because it is not supported by the application.
+
 ## 1.8.0-beta.0 (2025-01-28)
 
 - [#172] Add Horizontal Pod Autoscaler for nginx. Fix the deployment to look for the `.Values.worker.autoscaling.enabled` value instead of the `.Values.autoscaling.enabled` when setting the replicas of the worker.

diff --git a/charts/openzaak/Chart.yaml b/charts/openzaak/Chart.yaml
@@ -3,8 +3,8 @@ name: openzaak
 description: Productiewaardige API's voor Zaakgericht Werken
 
 type: application
-version: 1.8.0-beta.0
-appVersion: latest
+version: 1.8.0
+appVersion: 1.18.0
 
 dependencies:
   - name: redis

diff --git a/charts/openzaak/README.md b/charts/openzaak/README.md
@@ -1,6 +1,6 @@
 # openzaak
 
-![Version: 1.8.0-beta.0](https://img.shields.io/badge/Version-1.8.0--beta.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square)
+![Version: 1.8.0](https://img.shields.io/badge/Version-1.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.18.0](https://img.shields.io/badge/AppVersion-1.18.0-informational?style=flat-square)
 
 Productiewaardige API's voor Zaakgericht Werken
 
@@ -44,28 +44,12 @@ Productiewaardige API's voor Zaakgericht Werken
 | configuration.job.enabled | bool | `false` | Run the setup configuration command as a job |
 | configuration.job.resources | object | `{}` |  |
 | configuration.job.restartPolicy | string | `"OnFailure"` |  |
-| configuration.notificaties.ApiRoot | string | `""` |  |
-| configuration.notificaties.enabled | bool | `false` |  |
-| configuration.notificaties.openzaakNotifcationClientId | string | `""` |  |
-| configuration.notificaties.openzaakNotificationSecret | string | `""` |  |
-| configuration.notificaties.registerKanalen | bool | `false` |  |
-| configuration.notificatiesAuthorization.enabled | bool | `false` |  |
-| configuration.notificatiesAuthorization.notifcationOpenzaakSecret | string | `""` |  |
-| configuration.notificatiesAuthorization.notificationOpenzaakClientId | string | `""` |  |
 | configuration.overwrite | bool | `true` |  |
 | configuration.secrets | object | `{}` |  |
-| configuration.selectieLijst.AllowedYears[0] | int | `2017` |  |
-| configuration.selectieLijst.AllowedYears[1] | int | `2020` |  |
-| configuration.selectieLijst.ApiOas | string | `"https://selectielijst.openzaak.nl/api/v1/schema/openapi.yaml"` |  |
-| configuration.selectieLijst.ApiRoot | string | `"https://selectielijst.openzaak.nl/api/v1/"` |  |
-| configuration.selectieLijst.DefaultYear | int | `2020` |  |
-| configuration.selectieLijst.enabled | bool | `false` |  |
-| configuration.sites.enabled | bool | `false` |  |
-| configuration.sites.openzaakDomain | string | `""` |  |
-| configuration.sites.organization | string | `""` |  |
 | configuration.superuser.email | string | `""` |  |
 | configuration.superuser.password | string | `""` |  |
 | configuration.superuser.username | string | `""` |  |
+| existingConfigurationSecrets | string | `nil` |  |
 | existingSecret | string | `nil` |  |
 | extraDeploy | list | `[]` |  |
 | extraEnvVars | list | `[]` |  |
@@ -89,13 +73,6 @@ Productiewaardige API's voor Zaakgericht Werken
 | flower.resources | object | `{}` |  |
 | fullnameOverride | string | `""` |  |
 | global.configuration.enabled | bool | `false` |  |
-| global.configuration.notificatiesApi | string | `"http://opennotificaties.example.nl/api/v1/"` |  |
-| global.configuration.notificatiesOpenzaakClientId | string | `"notif-client-id"` |  |
-| global.configuration.notificatiesOpenzaakSecret | string | `"notif-secret"` |  |
-| global.configuration.openzaakAutorisatiesApi | string | `"https://openzaak.example.nl/autorisaties/api/v1/"` |  |
-| global.configuration.openzaakNotificatiesClientId | string | `"oz-client-id"` |  |
-| global.configuration.openzaakNotificatiesSecret | string | `"oz-secret"` |  |
-| global.configuration.organization | string | `"Gemeente Example"` |  |
 | global.configuration.overwrite | bool | `true` |  |
 | global.configuration.secrets | object | `{}` |  |
 | global.settings.databaseHost | string | `""` | Global databasehost, overrides setting.database.host |

diff --git a/charts/openzaak/templates/configmap.yaml b/charts/openzaak/templates/configmap.yaml
@@ -81,30 +81,6 @@ data:
   {{ if .Values.settings.disable2fa }}
   DISABLE_2FA: "True"
   {{- end }}
-  {{ if and .Values.global.configuration.enabled .Values.configuration.enabled -}}
-  DEMO_CONFIG_ENABLE: "False"
-  SITES_CONFIG_ENABLE: {{ if .Values.configuration.sites.enabled }}"True"{{ else }}"False"{{ end }}
-  {{- if .Values.configuration.sites.enabled }}
-  OPENZAAK_DOMAIN: {{ .Values.configuration.sites.openzaakDomain | toString | quote }}
-  OPENZAAK_ORGANIZATION: {{ .Values.global.configuration.organization | default .Values.configuration.sites.organization | toString | quote }}
-  {{- end }}
-  NOTIF_OPENZAAK_CONFIG_ENABLE: {{ if .Values.configuration.notificatiesAuthorization.enabled }}"True"{{ else }}"False"{{ end }}
-  {{- if .Values.configuration.notificatiesAuthorization.enabled }}
-  NOTIF_OPENZAAK_CLIENT_ID: {{ .Values.global.configuration.notificatiesOpenzaakClientId | default .Values.configuration.notificatiesAuthorization.notificationOpenzaakClientId | toString | quote }}
-  {{- end }}
-  OPENZAAK_NOTIF_CONFIG_ENABLE: {{ if .Values.configuration.notificaties.enabled }}"True"{{ else }}"False"{{ end }}
-  {{- if .Values.configuration.notificaties.enabled }}
-  NOTIF_API_ROOT: {{ .Values.global.configuration.notificatiesApi | default .Values.configuration.notificaties.ApiRoot | toString | quote }}
-  OPENZAAK_NOTIF_CLIENT_ID: {{ .Values.global.configuration.openzaakNotificatiesClientId | default .Values.configuration.notificaties.openzaakNotifcationClientId | toString | quote }}
-  {{- end }}
-  OPENZAAK_SELECTIELIJST_CONFIG_ENABLE: {{ if .Values.configuration.selectieLijst.enabled }}"True"{{ else }}"False"{{ end }}
-  {{- if .Values.configuration.selectieLijst.enabled }}
-  SELECTIELIJST_API_ROOT: {{ .Values.configuration.selectieLijst.ApiRoot | toString | quote }}
-  SELECTIELIJST_API_OAS: {{ .Values.configuration.selectieLijst.ApiOas | toString | quote }}
-  SELECTIELIJST_ALLOWED_YEARS: {{ .Values.configuration.selectieLijst.AllowedYears | toString | quote }}
-  SELECTIELIJST_DEFAULT_YEAR: {{ .Values.configuration.selectieLijst.DefaultYear | toString | quote }}
-  {{- end }}
-  {{- end }}
   {{ if .Values.configuration.superuser.username }}
   OPENZAAK_SUPERUSER_USERNAME: {{ .Values.configuration.superuser.username | toString | quote }}
   OPENZAAK_SUPERUSER_EMAIL: {{ .Values.configuration.superuser.email | toString | quote }}

diff --git a/charts/openzaak/templates/configuration-data.yaml b/charts/openzaak/templates/configuration-data.yaml
@@ -1,7 +1,6 @@
 {{ if and .Values.global.configuration.enabled .Values.configuration.enabled -}}
 apiVersion: v1
 kind: ConfigMap
-metadata:
 metadata:
   name: {{ include "openzaak.fullname" . }}-configuration
   labels:

diff --git a/charts/openzaak/templates/configuration-secrets.yaml b/charts/openzaak/templates/configuration-secrets.yaml
@@ -1,8 +1,8 @@
-{{- if and .Values.global.configuration.enabled .Values.configuration.enabled}}
+{{- if and (not .Values.existingConfigurationSecrets) .Values.global.configuration.enabled .Values.configuration.enabled}}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "openzaak.fullname" . }}-config-secrets
+  name: {{ .Values.configurationSecretsName | default (printf "%s-config-secrets" (include "openzaak.fullname" .)) }}
   labels:
     {{- include "openzaak.labels" . | nindent 4 }}
 stringData:

diff --git a/charts/openzaak/templates/job-config.yaml b/charts/openzaak/templates/job-config.yaml
@@ -38,7 +38,7 @@ spec:
             - secretRef:
                 name: {{ .Values.existingSecret | default (include "openzaak.fullname" .) }}
             - secretRef:
-                name: {{ include "openzaak.fullname" . }}-config-secrets                
+                name: {{ if .Values.existingConfigurationSecrets }}{{ .Values.existingConfigurationSecrets }}{{ else }}{{ .Values.configurationSecretsName | default (printf "%s-config-secrets" (include "openzaak.fullname" .)) }}{{ end }}                
             - configMapRef:
                 name: {{ include "openzaak.fullname" . }}
           env:

diff --git a/charts/openzaak/values.yaml b/charts/openzaak/values.yaml
@@ -2,13 +2,6 @@ global:
   configuration:
     enabled: false
     overwrite: true
-    organization: Gemeente Example
-    openzaakAutorisatiesApi: https://openzaak.example.nl/autorisaties/api/v1/
-    notificatiesApi: http://opennotificaties.example.nl/api/v1/
-    notificatiesOpenzaakClientId: notif-client-id
-    notificatiesOpenzaakSecret: notif-secret
-    openzaakNotificatiesClientId: oz-client-id
-    openzaakNotificatiesSecret: oz-secret
     secrets: {}
 
   settings:
@@ -18,27 +11,6 @@ global:
 configuration:
   enabled: false
   overwrite: true
-  sites:
-    enabled: false
-    openzaakDomain: ""
-    organization: ""
-  notificatiesAuthorization:
-    enabled: false
-    notificationOpenzaakClientId: ""
-    notifcationOpenzaakSecret: ""
-  notificaties:
-    enabled: false
-    ApiRoot: ""
-    openzaakNotifcationClientId: ""
-    openzaakNotificationSecret: ""
-    # Run the manage.py register_kanalen command, runs in cron job only
-    registerKanalen: false
-  selectieLijst:
-    enabled: false
-    ApiRoot: https://selectielijst.openzaak.nl/api/v1/
-    ApiOas: https://selectielijst.openzaak.nl/api/v1/schema/openapi.yaml
-    AllowedYears: [2017, 2020]
-    DefaultYear: 2020
   superuser:
     username: ""
     password: ""
@@ -60,6 +32,94 @@ configuration:
       #   memory: 128Mi
   secrets: {}
   data: ""
+  # e.g. 
+  # data: |-
+  #   sites_config_enable: true
+  #   sites_config:
+  #     items:
+  #     - domain: openzaak.example.nl
+  #       name: Open-Zaak Test
+  #   zgw_consumers_config_enable: true
+  #   zgw_consumers:
+  #     services:
+  #     - identifier: notifications-api
+  #       label: Notificaties API
+  #       api_root: https://opennotificaties.example.nl/api/v1/
+  #       api_connection_check_path: notificaties
+  #       api_type: nrc
+  #       auth_type: api_key
+  #       header_key: Authorization
+  #       header_value: Token ${opennotificaties_openzaak_secret}
+  #     - identifier: selectielijst-api
+  #       label: Selectielijst API
+  #       api_root: https://selectielijst.openzaak.nl/api/v1/
+  #       api_type: orc
+  #       auth_type: no_auth
+  #   notifications_config_enable: true
+  #   notifications_config:
+  #     notifications_api_service_identifier: notifications-api
+  #     notification_delivery_max_retries: 1
+  #     notification_delivery_retry_backoff: 2
+  #     notification_delivery_retry_backoff_max: 3
+  #   openzaak_selectielijst_config_enable: true
+  #   openzaak_selectielijst_config:
+  #     selectielijst_api_service_identifier: selectielijst-api
+  #     allowed_years:
+  #       - 2020
+  #       - 2017
+  #     default_year: 2020
+
+  #   # These are all the applications that need to talk to Open Zaak. 
+  #   # Their secrets are configured in the `vng_api_common_credentials` values below! 
+  #   vng_api_common_applicaties_config_enable: true
+  #   vng_api_common_applicaties:
+  #     items:
+  #     - uuid: 78591bab-9a00-4887-849c-53b21a67782f
+  #       client_ids:
+  #       - open-formulieren
+  #       label: Open Formulieren
+  #       heeft_alle_autorisaties: true
+  #   vng_api_common_credentials_config_enable: true
+  #   vng_api_common_credentials:
+  #     items:
+  #     - identifier: open-formulieren
+  #       secret: ${openzaak_openforms_secret}
+  #   oidc_db_config_enable: True
+  #   oidc_db_config_admin_auth:
+  #     items:
+  #     - identifier: admin-oidc
+  #       enabled: True
+  #       oidc_rp_client_id: openzaak.example.nl 
+  #       oidc_rp_client_secret: ${keycloak_client_secret}
+  #       oidc_rp_scopes_list:
+  #       - openid
+  #       - email
+  #       - profile
+  #       - roles
+  #       oidc_rp_sign_algo: RS256
+  #       endpoint_config:
+  #         oidc_op_discovery_endpoint: https://keycloak.example.nl/realms/example/
+  #       username_claim:
+  #       - sub
+  #       groups_claim:
+  #       - roles
+  #       claim_mapping:
+  #         first_name:
+  #         - given_name
+  #         last_name:
+  #         - family_name
+  #         email:
+  #         - email
+  #       sync_groups: true
+  #       sync_groups_glob_pattern: "*"
+  #       default_groups: []
+  #       make_users_staff: true
+  #       superuser_group_names:
+  #       - Superuser
+  #       oidc_use_nonce: true
+  #       oidc_nonce_size: 32
+  #       oidc_state_size: 32
+  #       userinfo_claims_source: id_token
 
 tags:
   redis: true
@@ -191,6 +251,7 @@ persistence:
 
 # Existing Secret must be defined for AzureVaultSecret to work
 existingSecret: null
+existingConfigurationSecrets: null
 
 # This will create an AzureVaultSecret object in k8s, only Multi Key Value Secret are supported by this chart
 # ref: https://akv2k8s.io/tutorials/sync/4-multi-key-value-secret/ https://learn.microsoft.com/en-us/azure/key-vault/secrets/multiline-secrets