fix(helmfile): Remove default.user and default.admin for new deployments.

2025-12-06 07:21:36 +01:00 · 2024-12-05 11:48:48 +01:00
parent 2a94f2dd4b
commit 54f9e4c3f8
5 changed files with 92 additions and 30 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -42,7 +42,8 @@ stages:
  - "060-components"
  - "090-migrations-post"
  - "lint"
-  - "tests"
+  - "post-prepare"
+  - "post-execute"
  - "env-stop"
  - ".post"

@@ -146,6 +147,12 @@ variables:
    options:
      - "yes"
      - "no"
+  CREATE_DEFAULT_ACCOUNTS:
+    description: "Creates `default` and `default-admin` in the instance using the password defined as CI variable `DEFAULT_ACCOUNTS_PASSWORD`."
+    value: "no"
+    options:
+      - "yes"
+      - "no"
  RUN_TESTS:
    description: "Triggers execution of E2E-tests."
    value: "no"
@@ -434,20 +441,62 @@ element-deploy:
  variables:
    COMPONENT: "element"

-.ums-default-password: &ums-default-password
-  - |
-    DEFAULT_ADMINISTRATOR_PASSWORD=$(
+fetch-administrator-credentials:
+  extends: ".deploy-common"
+  environment:
+    name: "${NAMESPACE}"
+  stage: "post-prepare"
+  rules:
+    - if: >
+          $CI_PIPELINE_SOURCE =~ "web|schedules|trigger|api"
+          && $NAMESPACE =~ /.+/
+          && ($CREATE_DEFAULT_ACCOUNTS == "yes" || $RUN_TESTS == "yes")
+      when: "on_success"
+  script:
+    - |
+      echo "DEFAULT_ADMINISTRATOR_PASSWORD=$(
       kubectl \
         -n ${NAMESPACE} \
         get secret ums-nubus-credentials \
         -o jsonpath='{.data.administrator_password}' | base64 -d \
-    )
+      )" >> .env
+  artifacts:
+    reports:
+      dotenv: .env

-run-tests:
-  extends: ".deploy-common"
+import-default-accounts:
+  stage: "post-execute"
+  extends: ".environments"
+  dependencies:
+    - fetch-administrator-credentials
+  environment:
+    name: "${NAMESPACE}"
+  rules:
+    - if: >
+          $CI_PIPELINE_SOURCE =~ "web|schedules|trigger|api" && $NAMESPACE =~ /.+/ && $CREATE_DEFAULT_ACCOUNTS == "yes"
+      when: "on_success"
+  image: "registry.opencode.de/bmi/opendesk/components/platform-development/images/user-import:3.0.0"
+  script:
+    - echo "Starting default account import for ${DOMAIN}"
+    - cd /app
+    - |
+      ./user_import_udm_rest_api.py \
+        --import_domain ${DOMAIN} \
+        --udm_api_password ${DEFAULT_ADMINISTRATOR_PASSWORD} \
+        --set_default_password ${DEFAULT_ACCOUNTS_PASSWORD} \
+        --import_filename ./template.ods \
+        --admin_enable_fileshare True \
+        --admin_enable_knowledgemanagement True \
+        --admin_enable_projectmanagement True \
+        --create_admin_accounts True
+
+run-tests:
+  stage: "post-execute"
+  extends: ".deploy-common"
+  dependencies:
+    - fetch-administrator-credentials
  environment:
    name: "${NAMESPACE}"
-  stage: "tests"
  rules:
    - if: >
          $CI_PIPELINE_SOURCE =~ "web|schedules|trigger|api" && $NAMESPACE =~ /.+/ && $RUN_TESTS == "yes"
@@ -458,7 +507,6 @@ run-tests:
          - "de"
          - "en"
  script:
-    - *ums-default-password
    - |
      curl --request POST \
      --header "Content-Type: application/json" \
@@ -550,8 +598,8 @@ avscan-start:
        job: "avscan-prepare"
    strategy: "depend"

-# Declare .environments which is in environments repository. In case it is not available
-# 'cache' is used because job must contain at least one key, so cache is just a dummy key.
+# Declare .environments which is in `opendesk-env` repository. In case it is not available
+# 'cache' is used because job as a dummy key, as the job is not allowed to be empty.
 .environments:
  cache: {}

--- a/README.md
+++ b/README.md
@@ -27,17 +27,17 @@ openDesk is a Kubernetes based, open-source and cloud-native digital workplace s

 openDesk currently features the following functional main components:

-| Function             | Functional Component        | Component<br/>Version                                                                 | Upstream Documentation                                                                                                               |
-| -------------------- | --------------------------- | ------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ |
-| Chat & collaboration | Element ft. Nordeck widgets | [1.11.67](https://github.com/element-hq/element-desktop/releases/tag/v1.11.67)        | [For the most recent release](https://element.io/user-guide)                                                                         |
-| Diagram editor       | CryptPad ft. diagrams.net   | [5.6.0](https://github.com/cryptpad/cryptpad/releases/tag/5.6.0)                      | [For the most recent release](https://docs.cryptpad.org/en/)                                                                         |
-| File management      | Nextcloud                   | [29.0.8](https://nextcloud.com/de/changelog/#29-0-8)                                  | [Nextcloud 29](https://docs.nextcloud.com/)                                                                                         |
-| Groupware            | OX App Suite                | [8.30](https://documentation.open-xchange.com/appsuite/releases/8.30/)                | Online documentation available from within the installed application; [Additional resources](https://documentation.open-xchange.com/) |
-| Knowledge management | XWiki                       | [16.4.4](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.4.4/)        | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation)                                                    |
-| Portal & IAM         | Nubus                       | [1.0](https://www.univention.de/produkte/nubus/)                                      | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html)                                            |
-| Project management   | OpenProject                 | [15.0.2](https://www.openproject.org/docs/release-notes/15-0-2/)                      | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                          |
-| Videoconferencing    | Jitsi                       | [2.0.9823](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9823) | [For the most recent  release](https://jitsi.github.io/handbook/docs/category/user-guide/)                                           |
-| Weboffice            | Collabora                   | [24.04.9.2](https://www.collaboraoffice.com/code-24-04-release-notes/)                | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/)       |
+| Function             | Functional Component        | Component<br/>Version                                                                                | Upstream Documentation                                                                                                                |
+| -------------------- | --------------------------- | ---------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- |
+| Chat & collaboration | Element ft. Nordeck widgets | [1.11.67](https://github.com/element-hq/element-desktop/releases/tag/v1.11.67)                       | [For the most recent release](https://element.io/user-guide)                                                                          |
+| Diagram editor       | CryptPad ft. diagrams.net   | [5.6.0](https://github.com/cryptpad/cryptpad/releases/tag/5.6.0)                                     | [For the most recent release](https://docs.cryptpad.org/en/)                                                                          |
+| File management      | Nextcloud                   | [29.0.8](https://nextcloud.com/de/changelog/#29-0-8)                                                 | [Nextcloud 29](https://docs.nextcloud.com/)                                                                                           |
+| Groupware            | OX App Suite                | [8.30](https://documentation.open-xchange.com/appsuite/releases/8.30/)                               | Online documentation available from within the installed application; [Additional resources](https://documentation.open-xchange.com/) |
+| Knowledge management | XWiki                       | [16.4.4](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.4.4/)                       | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation)                                                     |
+| Portal & IAM         | Nubus                       | [1.4.0](https://docs.software-univention.de/nubus-kubernetes-release-notes/latest/en/changelog.html) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html)                                             |
+| Project management   | OpenProject                 | [15.0.2](https://www.openproject.org/docs/release-notes/15-0-2/)                                     | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                           |
+| Videoconferencing    | Jitsi                       | [2.0.9823](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9823)                | [For the most recent  release](https://jitsi.github.io/handbook/docs/category/user-guide/)                                            |
+| Weboffice            | Collabora                   | [24.04.9.2](https://www.collaboraoffice.com/code-24-04-release-notes/)                               | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/)        |

 While not all components are perfectly shaped for the execution inside containers, one of the project's objectives is to
 align the applications with best practices regarding container design and operations.
--- a/docs/getting-started.md
+++ b/docs/getting-started.md
@@ -419,16 +419,32 @@ If you change the subdomain of `nubus`, you must replace `portal` with the speci
 openDesk deploys with the standard user account `Administrator`, which password you get retrieved as follows:

 ```shell
-# Replace with your namespace
-NAMESPACE=your-namespace
+# Set your namespace
+NAMESPACE=<your_namespace>

 # Get password for IAM "Administrator" account
 kubectl -n ${NAMESPACE} get secret ums-nubus-credentials -o jsonpath='{.data.administrator_password}' | base64 -d
 ```

-In openDesk Community Edition, you get two more default accounts:
- `default.admin`: `kubectl -n ${NAMESPACE} get secret ums-nubus-credentials -o jsonpath='{.data.admin_password}' | base64 -d`
- `default.user`: `kubectl -n ${NAMESPACE} get secret ums-nubus-credentials -o jsonpath='{.data.user_password}' | base64 -d`
+Using the aforementioned account, you can either create new accounts manually or make use of the
+[openDesk User Importer](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/user-import/)
+script or container.
+
+For example you get a `default` and `default-admin` account by running the following snippet, after settings the
+appropriate values in the first three lines.
+
+```shell
+ADMINISTRATOR_PASSWORD=<your_administrator_password_see_above>
+DOMAIN=<your_domain>
+DEFAULT_USERS_PASSWORD=<password_for_the_created_default_accounts>
+docker run --rm registry.opencode.de/bmi/opendesk/components/platform-development/images/user-import:3.0.0 \
+  ./user_import_udm_rest_api.py \
+    --import_domain ${DOMAIN} \
+    --udm_api_password ${ADMINISTRATOR_PASSWORD} \
+    --set_default_password ${DEFAULT_USERS_PASSWORD} \
+    --import_filename template.ods \
+    --create_admin_accounts True
+```

 ## Using from external repository

--- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl
@@ -433,8 +433,6 @@ nubusStackDataUms:
    initialPasswordDefaultAdmin: {{ .Values.secrets.nubus.defaultAccounts.adminPassword | quote }}
    initialPasswordDefaultUser: {{ .Values.secrets.nubus.defaultAccounts.userPassword | quote }}
    initialPasswordAdministrator: {{ .Values.secrets.nubus.systemAccounts.administratorPassword | quote }}
-    # creates the default.user and default.admin
-    loadDevData: true
    portalEnforceLogin: {{ .Values.functional.portal.enforceLogin }}
    portalHeaderLogo: {{ toYaml .Values.theme.imagery.logoHeaderSvgB64 | quote }}
    portalTiles: {{ toYaml .Values.theme.imagery.portalTiles | nindent 6 }}
--- a/helmfile/environments/default/images.yaml
+++ b/helmfile/environments/default/images.yaml
@@ -411,7 +411,7 @@ images:
    # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
-    tag: "1.8.2-trossner-nubus1-3@sha256:3942e4980d2c28452dfa0382f62e513ab1645ef54e6df6cce5bf0e6c6842768f"
+    tag: "1.8.2-trossner-nubus1-3@sha256:d8d7d851233e1360968417844c73b1b3822b4e8876194fd4dc3088112c66530a"
  nubusOpenPolicyAgent:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"