fix(nubus): Update keycloak-bootstap and keycloak-extensions.

README.md

@@ -37,8 +37,8 @@ openDesk currently features the following functional main components:
 | Knowledge management | XWiki                       | [15.10.8](https://www.xwiki.org/xwiki/bin/view/Blog/XWiki15108Released)                                        | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation)                                                            |
 | Portal & IAM         | Nubus                       | Product Preview[^1]                                                                                            | [Univention's documentation website](https://docs.software-univention.de/n/en/index.html)                                                    |
 | Project management   | OpenProject                 | [14.0.1](https://www.openproject.org/docs/release-notes/14-0-1/)                                               | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                                  |
-| Videoconferencing    | Jitsi                       | [2.0.8922](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_8922)                          | [For the most recent  release](https://jitsi.github.io/handbook/docs/category/user-guide/)                                                   |
+| Videoconferencing    | Jitsi                       | [2.0.9457](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9457)                          | [For the most recent  release](https://jitsi.github.io/handbook/docs/category/user-guide/)                                                   |
-| Weboffice            | Collabora                   | [23.05.9.4.1](https://www.collaboraoffice.com/collabora-online-23-05-release-notes/)                           | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/)               |
+| Weboffice            | Collabora                   | [23.05.10.1.1](https://www.collaboraoffice.com/collabora-online-23-05-release-notes/)                           | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/)               |
 
 While not all components are perfectly shaped for the execution inside containers, one of the project's objectives is to
 align the applications with best practises regarding container design and operations.

helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl

@@ -1053,38 +1053,44 @@ keycloak-bootstrap:
     deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
     keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }}
 
-  config:
+  keycloak:
-    keycloak:
+    connection:
-      adminUser: "kcadmin"
+      baseUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080"
-      adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
+    auth:
+      username: "kcadmin"
+      password: {{ .Values.secrets.keycloak.adminPassword | quote }}
       realm: {{ .Values.platform.realm | quote }}
-      intraCluster:
+  ldap:
-        enabled: true
+    baseDn: {{ .Values.ldap.baseDn | quote }}
-        internalBaseUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080"
+    connection:
-      loginLinks:
+      host: {{ .Values.ldap.host | quote }}
-        - link_number: 1
+      port: "389"
-          language: "de"
+      protocol: "ldap"
-          description: "Passwort vergessen?"
+    auth:
-          href: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/#/selfservice/passwordforgotten"
+      bindDn: "uid=ldapsearch_keycloak,cn=users,dc=swp-ldap,dc=internal"
-        - link_number: 1
+      password: {{ .Values.secrets.univentionManagementStack.ldapSearch.keycloak | quote }}
-          language: "en"
+
-          description: "Forgot password?"
+  bootstrap:
-          href: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/#/selfservice/passwordforgotten"
+    ldapMappers:
-    ums:
+      - ldapAndUserModelAttributeName: "opendeskProjectmanagementAdmin"
-      ldap:
+      - ldapAndUserModelAttributeName: "oxContextIDNum"
-        internalHostname: {{ .Values.ldap.host | quote }}
+    loginLinks:
-        baseDN: {{ .Values.ldap.baseDn | quote }}
+      - link_number: 1
-        readUserDN: "uid=ldapsearch_keycloak,cn=users,dc=swp-ldap,dc=internal"
+        language: "de"
-        readUserPassword: {{ .Values.secrets.univentionManagementStack.ldapSearch.keycloak | quote }}
+        description: "Passwort vergessen?"
-        mappers:
+        href: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/#/selfservice/passwordforgotten"
-          - ldapAndUserModelAttributeName: "opendeskProjectmanagementAdmin"
+      - link_number: 1
-          - ldapAndUserModelAttributeName: "oxContextIDNum"
+        language: "en"
-      saml:
+        description: "Forgot password?"
-        serviceProviderHostname: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+        href: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/#/selfservice/passwordforgotten"
     twoFactorAuthentication:
       enabled: true
       group: "2fa-users"
 
+  config:
+    saml:
+      serviceProviderHostname: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+
   containerSecurityContext:
     enabled: true
     allowPrivilegeEscalation: false
@@ -1115,11 +1121,13 @@ keycloak-bootstrap:
 keycloak-extensions:
   enabled: true
   keycloak:
-    host: "ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080"
+    connection:
-    adminUsername: "kcadmin"
+      host: "ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}"
-    adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
+    auth:
-    adminRealm: "master"
+      username: "kcadmin"
-    realm: {{ .Values.platform.realm | quote }}
+      password: {{ .Values.secrets.keycloak.adminPassword | quote }}
+      masterRealm: "master"
+      realm: {{ .Values.platform.realm | quote }}
   postgresql:
     connection:
       host: {{ .Values.databases.keycloakExtension.host | quote }}
@@ -1128,6 +1136,13 @@ keycloak-extensions:
       database: {{ .Values.databases.keycloakExtension.name | quote }}
       username: {{ .Values.databases.keycloakExtension.username | quote }}
       password: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }}
+  smtp:
+    connection:
+      host: {{ .Values.smtp.host | quote }}
+      port: {{ .Values.smtp.port | quote }}
+    auth:
+      username: {{ .Values.smtp.username | quote }}
+      password: {{ .Values.smtp.password | quote }}
   handler:
     replicaCount: {{ .Values.replicas.umsKeycloakExtensionsHandler }}
     podAnnotations:
@@ -1145,10 +1160,6 @@ keycloak-extensions:
       ipProtectionEnable: true
       logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"WARN"{{ end }}
       newDeviceLoginSubject: "New device login on your {{ .Values.theme.texts.productName }} account"
-      smtpPassword: {{ .Values.smtp.password | quote }}
-      smtpHost: {{ .Values.smtp.host | quote }}
-      smtpPort: {{ .Values.smtp.port | quote }}
-      smtpUsername: {{ .Values.smtp.username | quote }}
       mailFrom: "noreply@{{ .Values.global.domain }}"
     securityContext:
       allowPrivilegeEscalation: false

helmfile/environments/default/charts.yaml

@@ -378,7 +378,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
     name: "ums"
-    version: "0.12.0"
+    version: "0.13.0"
     verify: true
   umsKeycloakBootstrap:
     # providerCategory: "Supplier"

helmfile/environments/default/images.yaml

@@ -542,13 +542,13 @@ images:
   umsKeycloakBootstrap:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
-    # upstreamRegistry: "https://registry.souvap-univention.de"
+    # upstreamRegistry: "https://artifacts.software-univention.de"
-    # upstreamRepository: "souvap/tooling/images/univention-keycloak-bootstrap"
+    # upstreamRepository: "nubus/images/keycloak-bootstrap"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
-    # upstreamMirrorStartFrom: ["1", "0", "5"]
+    # upstreamMirrorStartFrom: ["0", "1", "0"]
     registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/univention-keycloak-bootstrap"
+    repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-bootstrap"
-    tag: "1.0.8@sha256:fef48cb1b2552977e8a4253516249b59ef6c42189dd13cd6d98269b8988b362a"
+    tag: "0.1.0@sha256:351097e9e7b469f2fc149fe612ec6ad515d5e6b081d7e2785bd926a1d77209d2"
   umsKeycloakExtensionHandler:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -558,7 +558,7 @@ images:
     # upstreamMirrorStartFrom: ["0", "0", "3"]
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-handler"
-    tag: "0.3.1@sha256:98871e8d5acfe6bfa6ea7d140197ae41585cfb06c71514ffcf6e98df8315b9ee"
+    tag: "0.4.0@sha256:7c2728d6fce0fa6e6cc2a3c196294fcb4fcce0dd246b95ad96bd96325776a004"
   umsKeycloakExtensionProxy:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -568,7 +568,7 @@ images:
     # upstreamMirrorStartFrom: ["0", "0", "3"]
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-proxy"
-    tag: "0.3.1@sha256:e6c2130310798e286cea84bf5226709021c12663fb9e8ca30f29515151741fa5"
+    tag: "0.4.0@sha256:d7369d8b9cb177fc19b08452266bf7440b683fd0a15c01baeb5c131db20081bf"
   umsLdapNotifier:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"