fix(helmfile): Remove default.user and default.admin for new deployments.

.gitlab-ci.yml

@@ -42,7 +42,8 @@ stages:
   - "060-components"
   - "090-migrations-post"
   - "lint"
-  - "tests"
+  - "post-prepare"
+  - "post-execute"
   - "env-stop"
   - ".post"
 
@@ -146,6 +147,12 @@ variables:
     options:
       - "yes"
       - "no"
+  CREATE_DEFAULT_ACCOUNTS:
+    description: "Creates `default` and `default-admin` in the instance using the password defined as CI variable `DEFAULT_ACCOUNTS_PASSWORD`."
+    value: "no"
+    options:
+      - "yes"
+      - "no"
   RUN_TESTS:
     description: "Triggers execution of E2E-tests."
     value: "no"
@@ -434,20 +441,62 @@ element-deploy:
   variables:
     COMPONENT: "element"
 
-.ums-default-password: &ums-default-password
+fetch-administrator-credentials:
-  - |
+  extends: ".deploy-common"
-    DEFAULT_ADMINISTRATOR_PASSWORD=$(
+  environment:
+    name: "${NAMESPACE}"
+  stage: "post-prepare"
+  rules:
+    - if: >
+          $CI_PIPELINE_SOURCE =~ "web|schedules|trigger|api"
+          && $NAMESPACE =~ /.+/
+          && ($CREATE_DEFAULT_ACCOUNTS == "yes" || $RUN_TESTS == "yes")
+      when: "on_success"
+  script:
+    - |
+      echo "DEFAULT_ADMINISTRATOR_PASSWORD=$(
        kubectl \
          -n ${NAMESPACE} \
          get secret ums-nubus-credentials \
          -o jsonpath='{.data.administrator_password}' | base64 -d \
-    )
+      )" >> .env
+  artifacts:
+    reports:
+      dotenv: .env
 
-run-tests:
+import-default-accounts:
-  extends: ".deploy-common"
+  stage: "post-execute"
+  extends: ".environments"
+  dependencies:
+    - fetch-administrator-credentials
+  environment:
+    name: "${NAMESPACE}"
+  rules:
+    - if: >
+          $CI_PIPELINE_SOURCE =~ "web|schedules|trigger|api" && $NAMESPACE =~ /.+/ && $CREATE_DEFAULT_ACCOUNTS == "yes"
+      when: "on_success"
+  image: "registry.opencode.de/bmi/opendesk/components/platform-development/images/user-import:3.0.0"
+  script:
+    - echo "Starting default account import for ${DOMAIN}"
+    - cd /app
+    - |
+      ./user_import_udm_rest_api.py \
+        --import_domain ${DOMAIN} \
+        --udm_api_password ${DEFAULT_ADMINISTRATOR_PASSWORD} \
+        --set_default_password ${DEFAULT_ACCOUNTS_PASSWORD} \
+        --import_filename ./template.ods \
+        --admin_enable_fileshare True \
+        --admin_enable_knowledgemanagement True \
+        --admin_enable_projectmanagement True \
+        --create_admin_accounts True
+
+run-tests:
+  stage: "post-execute"
+  extends: ".deploy-common"
+  dependencies:
+    - fetch-administrator-credentials
   environment:
     name: "${NAMESPACE}"
-  stage: "tests"
   rules:
     - if: >
           $CI_PIPELINE_SOURCE =~ "web|schedules|trigger|api" && $NAMESPACE =~ /.+/ && $RUN_TESTS == "yes"
@@ -458,7 +507,6 @@ run-tests:
           - "de"
           - "en"
   script:
-    - *ums-default-password
     - |
       curl --request POST \
       --header "Content-Type: application/json" \
@@ -550,8 +598,8 @@ avscan-start:
         job: "avscan-prepare"
     strategy: "depend"
 
-# Declare .environments which is in environments repository. In case it is not available
+# Declare .environments which is in `opendesk-env` repository. In case it is not available
-# 'cache' is used because job must contain at least one key, so cache is just a dummy key.
+# 'cache' is used because job as a dummy key, as the job is not allowed to be empty.
 .environments:
   cache: {}
 

README.md

@@ -27,17 +27,17 @@ openDesk is a Kubernetes based, open-source and cloud-native digital workplace s
 
 openDesk currently features the following functional main components:
 
-| Function             | Functional Component        | Component<br/>Version                                                                 | Upstream Documentation                                                                                                               |
+| Function             | Functional Component        | Component<br/>Version                                                                                | Upstream Documentation                                                                                                                |
-| -------------------- | --------------------------- | ------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ |
+| -------------------- | --------------------------- | ---------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- |
-| Chat & collaboration | Element ft. Nordeck widgets | [1.11.67](https://github.com/element-hq/element-desktop/releases/tag/v1.11.67)        | [For the most recent release](https://element.io/user-guide)                                                                         |
+| Chat & collaboration | Element ft. Nordeck widgets | [1.11.67](https://github.com/element-hq/element-desktop/releases/tag/v1.11.67)                       | [For the most recent release](https://element.io/user-guide)                                                                          |
-| Diagram editor       | CryptPad ft. diagrams.net   | [5.6.0](https://github.com/cryptpad/cryptpad/releases/tag/5.6.0)                      | [For the most recent release](https://docs.cryptpad.org/en/)                                                                         |
+| Diagram editor       | CryptPad ft. diagrams.net   | [5.6.0](https://github.com/cryptpad/cryptpad/releases/tag/5.6.0)                                     | [For the most recent release](https://docs.cryptpad.org/en/)                                                                          |
-| File management      | Nextcloud                   | [29.0.8](https://nextcloud.com/de/changelog/#29-0-8)                                  | [Nextcloud 29](https://docs.nextcloud.com/)                                                                                         |
+| File management      | Nextcloud                   | [29.0.8](https://nextcloud.com/de/changelog/#29-0-8)                                                 | [Nextcloud 29](https://docs.nextcloud.com/)                                                                                           |
-| Groupware            | OX App Suite                | [8.30](https://documentation.open-xchange.com/appsuite/releases/8.30/)                | Online documentation available from within the installed application; [Additional resources](https://documentation.open-xchange.com/) |
+| Groupware            | OX App Suite                | [8.30](https://documentation.open-xchange.com/appsuite/releases/8.30/)                               | Online documentation available from within the installed application; [Additional resources](https://documentation.open-xchange.com/) |
-| Knowledge management | XWiki                       | [16.4.4](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.4.4/)        | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation)                                                    |
+| Knowledge management | XWiki                       | [16.4.4](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.4.4/)                       | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation)                                                     |
-| Portal & IAM         | Nubus                       | [1.0](https://www.univention.de/produkte/nubus/)                                      | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html)                                            |
+| Portal & IAM         | Nubus                       | [1.4.0](https://docs.software-univention.de/nubus-kubernetes-release-notes/latest/en/changelog.html) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html)                                             |
-| Project management   | OpenProject                 | [15.0.2](https://www.openproject.org/docs/release-notes/15-0-2/)                      | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                          |
+| Project management   | OpenProject                 | [15.0.2](https://www.openproject.org/docs/release-notes/15-0-2/)                                     | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                           |
-| Videoconferencing    | Jitsi                       | [2.0.9823](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9823) | [For the most recent  release](https://jitsi.github.io/handbook/docs/category/user-guide/)                                           |
+| Videoconferencing    | Jitsi                       | [2.0.9823](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9823)                | [For the most recent  release](https://jitsi.github.io/handbook/docs/category/user-guide/)                                            |
-| Weboffice            | Collabora                   | [24.04.9.2](https://www.collaboraoffice.com/code-24-04-release-notes/)                | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/)       |
+| Weboffice            | Collabora                   | [24.04.9.2](https://www.collaboraoffice.com/code-24-04-release-notes/)                               | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/)        |
 
 While not all components are perfectly shaped for the execution inside containers, one of the project's objectives is to
 align the applications with best practices regarding container design and operations.

docs/getting-started.md

@@ -419,16 +419,32 @@ If you change the subdomain of `nubus`, you must replace `portal` with the speci
 openDesk deploys with the standard user account `Administrator`, which password you get retrieved as follows:
 
 ```shell
-# Replace with your namespace
+# Set your namespace
-NAMESPACE=your-namespace
+NAMESPACE=<your_namespace>
 
 # Get password for IAM "Administrator" account
 kubectl -n ${NAMESPACE} get secret ums-nubus-credentials -o jsonpath='{.data.administrator_password}' | base64 -d
 ```
 
-In openDesk Community Edition, you get two more default accounts:
+Using the aforementioned account, you can either create new accounts manually or make use of the
-- `default.admin`: `kubectl -n ${NAMESPACE} get secret ums-nubus-credentials -o jsonpath='{.data.admin_password}' | base64 -d`
+[openDesk User Importer](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/user-import/)
-- `default.user`: `kubectl -n ${NAMESPACE} get secret ums-nubus-credentials -o jsonpath='{.data.user_password}' | base64 -d`
+script or container.
+
+For example you get a `default` and `default-admin` account by running the following snippet, after settings the
+appropriate values in the first three lines.
+
+```shell
+ADMINISTRATOR_PASSWORD=<your_administrator_password_see_above>
+DOMAIN=<your_domain>
+DEFAULT_USERS_PASSWORD=<password_for_the_created_default_accounts>
+docker run --rm registry.opencode.de/bmi/opendesk/components/platform-development/images/user-import:3.0.0 \
+  ./user_import_udm_rest_api.py \
+    --import_domain ${DOMAIN} \
+    --udm_api_password ${ADMINISTRATOR_PASSWORD} \
+    --set_default_password ${DEFAULT_USERS_PASSWORD} \
+    --import_filename template.ods \
+    --create_admin_accounts True
+```
 
 ## Using from external repository
 

helmfile/apps/nubus/values-nubus.yaml.gotmpl

@@ -433,8 +433,6 @@ nubusStackDataUms:
     initialPasswordDefaultAdmin: {{ .Values.secrets.nubus.defaultAccounts.adminPassword | quote }}
     initialPasswordDefaultUser: {{ .Values.secrets.nubus.defaultAccounts.userPassword | quote }}
     initialPasswordAdministrator: {{ .Values.secrets.nubus.systemAccounts.administratorPassword | quote }}
-    # creates the default.user and default.admin
-    loadDevData: true
     portalEnforceLogin: {{ .Values.functional.portal.enforceLogin }}
     portalHeaderLogo: {{ toYaml .Values.theme.imagery.logoHeaderSvgB64 | quote }}
     portalTiles: {{ toYaml .Values.theme.imagery.portalTiles | nindent 6 }}

helmfile/environments/default/images.yaml

@@ -411,7 +411,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
-    tag: "1.8.2-trossner-nubus1-3@sha256:3942e4980d2c28452dfa0382f62e513ab1645ef54e6df6cce5bf0e6c6842768f"
+    tag: "1.8.2-trossner-nubus1-3@sha256:d8d7d851233e1360968417844c73b1b3822b4e8876194fd4dc3088112c66530a"
   nubusOpenPolicyAgent:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"