From 627ea96a43601eaa765d4f711197afec8a8ef5d3 Mon Sep 17 00:00:00 2001
From: Johannes Lohmer <lohmer@univention.de>
Date: Fri, 9 Aug 2024 22:56:29 +0200
Subject: [PATCH] fix(nubus): Update nubus provisioning and consumer
 configuration

---
 helmfile/apps/nubus/values-nubus.yaml.gotmpl  | 25 +++++++++++++------
 .../values-opendesk-customization.yaml.gotmpl | 12 +++++----
 .../nubus/values-opendesk-images.yaml.gotmpl  |  7 ++++++
 helmfile/environments/default/replicas.yaml   |  4 +--
 helmfile/environments/default/resources.yaml  |  4 +--
 helmfile/environments/default/secrets.gotmpl  |  1 -
 6 files changed, 35 insertions(+), 18 deletions(-)

diff --git a/helmfile/apps/nubus/values-nubus.yaml.gotmpl b/helmfile/apps/nubus/values-nubus.yaml.gotmpl
index ed8a48c6..6e0260db 100644
--- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl
@@ -275,14 +275,21 @@ nubusPortalFrontend:
       secretName: {{ .Values.ingress.tls.secretName | quote }}
 
 nubusPortalListener:
+  enabled: false
+
+nubusPortalConsumer:
   enabled: true
-  portalListener:
+  portalConsumer:
+    logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"INFO"{{ end }}
     objectStorageEndpoint: {{ .Values.objectstores.nubus.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
     objectStorageBucket: {{ .Values.objectstores.nubus.bucket | quote }}
     objectStorageCredentialSecret:
-      name: "ums-portal-listener-minio-opendesk-credentials"
+      name: "ums-portal-consumer-minio-opendesk-credentials"
       accessKeyKey: "access-key-id"
       secretKeyKey: "secret-key-id"
+  provisioningApi:
+    auth:
+      username: "portal-consumer"
 
 nubusPortalConsumer:
   enabled: false
@@ -323,15 +330,17 @@ nubusUdmRestApi:
       secretName: {{ .Values.ingress.tls.secretName | quote }}
 
 nubusProvisioning:
-  enabled: false
-nubusUdmListener:
-  enabled: false
-nubusSelfServiceListener:
   enabled: true
 
-nubusSelfServiceConsumer:
+nubusUdmListener:
+  enabled: true
+
+nubusSelfServiceListener:
   enabled: false
 
+nubusSelfServiceConsumer:
+  enabled: true
+
 # Nubus services
 nubusStackDataUms:
   stackDataContext:
@@ -513,7 +522,7 @@ extraSecrets:
     stringData:
       access-key-id: {{ .Values.objectstores.nubus.username | quote }}
       secret-key-id: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
-  - name: "ums-portal-listener-minio-opendesk-credentials"
+  - name: "ums-portal-consumer-minio-opendesk-credentials"
     stringData:
       access-key-id: {{ .Values.objectstores.nubus.username | quote }}
       secret-key-id: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
diff --git a/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl b/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl
index a6871218..f5a5aae5 100644
--- a/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl
@@ -87,15 +87,17 @@ nubusKeycloakExtensions:
     resources:
       {{ .Values.resources.umsKeycloakExtensionProxy | toYaml | nindent 6 }}
 
-nubusPortalListener:
+nubusPortalConsumer:
   podAnnotations:
-    intents.otterize.com/service-name: "ums-portal-listener"
-  replicaCount: {{ .Values.replicas.umsPortalListener }}
+    intents.otterize.com/service-name: "ums-portal-consumer"
+  replicaCount: {{ .Values.replicas.umsPortalConsumer }}
   resources:
-    {{ .Values.resources.umsPortalListener | toYaml | nindent 4 }}
+    {{ .Values.resources.umsPortalConsumer | toYaml | nindent 4 }}
+  resourcesWaitForDependency:
+    {{ .Values.resources.umsPortalConsumerDependencies | toYaml | nindent 4 }}
   persistence:
     storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
-    size: {{ .Values.persistence.size.nubus.portalListener | quote }}
+    size: {{ .Values.persistence.size.nubus.portalConsumer | quote }}
 
 nubusPortalConsumer:
   podAnnotations:
diff --git a/helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl b/helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl
index 0acbe297..87f5b270 100644
--- a/helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl
@@ -51,6 +51,13 @@ nubusLdapServer:
       repository: {{ .Values.images.nubusWaitForDependency.repository }}
       tag: {{ .Values.images.nubusWaitForDependency.tag }}
 
+nubusPortalConsumer:
+  portalConsumer:
+    image:
+      registry: {{ .Values.images.nubusPortalConsumer.registry }}
+      repository: {{ .Values.images.nubusPortalConsumer.repository }}
+      tag: {{ .Values.images.nubusPortalConsumer.tag }}
+
 nubusNotificationsApi:
   image:
     registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusNotificationsApi.registry | quote }}
diff --git a/helmfile/environments/default/replicas.yaml b/helmfile/environments/default/replicas.yaml
index 5f5eb441..2e0be853 100644
--- a/helmfile/environments/default/replicas.yaml
+++ b/helmfile/environments/default/replicas.yaml
@@ -93,9 +93,9 @@ replicas:
   umsNotificationsApi: 1
   # -- scalable: true
   umsPortalFrontend: 1
-  # -- scalable: tbd
+  # -- scalable: false
   umsPortalListener: 1
-  # -- scalable: tbd
+  # -- scalable: False
   umsPortalConsumer: 1
   # -- scalable: true
   umsPortalServer: 1
diff --git a/helmfile/environments/default/resources.yaml b/helmfile/environments/default/resources.yaml
index 9e0e20db..b7878506 100644
--- a/helmfile/environments/default/resources.yaml
+++ b/helmfile/environments/default/resources.yaml
@@ -471,14 +471,14 @@ resources:
     requests:
       cpu: 0.1
       memory: "256Mi"
-  umsPortalListener:
+  umsPortalConsumer:
     limits:
       cpu: 99
       memory: "1Gi"
     requests:
       cpu: 0.1
       memory: "256Mi"
-  umsPortalListenerDependencies:
+  umsPortalConsumerDependencies:
     limits:
       cpu: 99
       memory: "1Gi"
diff --git a/helmfile/environments/default/secrets.gotmpl b/helmfile/environments/default/secrets.gotmpl
index f1ab4bae..f662f5d2 100644
--- a/helmfile/environments/default/secrets.gotmpl
+++ b/helmfile/environments/default/secrets.gotmpl
@@ -36,7 +36,6 @@ secrets:
       sysIdpUserPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "sysIdpUser" | sha1sum | quote }}
     storeDavUsers:
       portalServer: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-server" "store-dav" | sha1sum | quote }}
-      portalListener: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-listener" "store-dav" | sha1sum | quote }}
       portalConsumer: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-consumer" "store-dav" | sha1sum | quote }}
     provisioning:
       apiNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "nats" | sha1sum | quote }}