fix(helmfile): Move OX-Connector to Open-Xchange component.

.gitlab-ci.yml

@@ -97,12 +97,6 @@ variables:
     options:
       - "yes"
       - "no"
-  DEPLOY_PROVISIONING:
-    description: "Enable Provisioning Components."
-    value: "no"
-    options:
-      - "yes"
-      - "no"
   DEPLOY_COLLABORA:
     description: "Enable Collabora deployment."
     value: "no"
@@ -299,18 +293,6 @@ services-deploy:
   variables:
     COMPONENT: "services"
 
-provisioning-deploy:
-  stage: "component-deploy-stage-2"
-  extends: ".deploy-common"
-  rules:
-    - if: >
-          $CI_PIPELINE_SOURCE =~ "web|schedules|trigger|api" &&
-          $NAMESPACE =~ /.+/ &&
-          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_UMS != "no" || $DEPLOY_PROVISIONING != "no")
-      when: "on_success"
-  variables:
-    COMPONENT: "provisioning"
-
 nubus-deploy:
   stage: "component-deploy-stage-1"
   extends: ".deploy-common"

.gitlab/lint/lint-kyverno.yml

@@ -21,7 +21,6 @@ lint-kyverno:
           - "open-xchange"
           - "openproject"
           - "openproject-bootstrap"
-          - "provisioning"
           - "services"
           - "xwiki"
   script:

docs/components.md

@@ -44,7 +44,6 @@ they need to be replaced in production deployments.
 | OpenProject                 | Project management             | Functional |
 | OX Appsuite                 | Groupware                      | Functional |
 | OX Dovecot                  | Mail backend (IMAP)            | Functional |
-| Provisioning (OX Connector) | Groupware provisioning         | Functional |
 | Postfix                     | MTA                            | Eval       |
 | PostgreSQL                  | Database                       | Eval       |
 | Redis                       | Cache Database                 | Eval       |

docs/getting-started.md

@@ -118,7 +118,6 @@ All available apps and their default value can be found in `helmfile/environment
 | Nubus                | `nubus.enabled`             | `true`  | Identity Management & Portal   |
 | OpenProject          | `openproject.enabled`       | `true`  | Project management             |
 | OX Appsuite          | `oxAppsuite.enabled`        | `true`  | Groupware                      |
-| Provisioning         | `oxConnector.enabled`       | `true`  | Backend provisioning           |
 | Postfix              | `postfix.enabled`           | `true`  | MTA                            |
 | PostgreSQL           | `postgresql.enabled`        | `true`  | Database                       |
 | Redis                | `redis.enabled`             | `true`  | Cache Database                 |

docs/security-context.md

@@ -183,7 +183,7 @@ This list gives you an overview of templated security settings and if they compl
 | **open-xchange**/open-xchange/public-sector-ui | :white_check_mark: | no | no | yes | yes | 1000 | 1000 | yes | yes |
 | **openproject**/openproject | :white_check_mark: | no | no | yes | yes | 1000 | 1000 | yes | yes |
 | **openproject-bootstrap**/opendesk-openproject-bootstrap | :white_check_mark: | no | no | yes | yes | 1000 | 1000 | yes | yes |
-| **provisioning**/ox-connector | :x: | no | no | no | no | 0 | 0 | yes | no ["CHOWN","DAC_OVERRIDE","FOWNER","FSETID","KILL","SETGID","SETUID","SETPCAP","NET_BIND_SERVICE","NET_RAW","SYS_CHROOT"] |
+| **open-xchange**/ox-connector | :x: | no | no | no | no | 0 | 0 | yes | no ["CHOWN","DAC_OVERRIDE","FOWNER","FSETID","KILL","SETGID","SETUID","SETPCAP","NET_BIND_SERVICE","NET_RAW","SYS_CHROOT"] |
 | **services**/clamav | :x: | no | no | yes | no | 0 | 0 | yes | no |
 | **services**/clamav-simple | :white_check_mark: | no | no | yes | yes | 100 | 101 | yes | yes |
 | **services**/clamav/clamd | :white_check_mark: | no | no | yes | yes | 100 | 101 | yes | yes |

helmfile/apps/open-xchange/helmfile-child.yaml.gotmpl

@@ -32,6 +32,13 @@ repositories:
     oci: true
     url: "{{ .Values.global.helmRegistry | default .Values.charts.openXchangeAppSuiteBootstrap.registry }}/{{ .Values.charts.openXchangeAppSuiteBootstrap.repository }}"
 
+  # OX Connector
+  - name: "ox-connector-repo"
+    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
+    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
+    oci: true
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.oxConnector.registry }}/{{ .Values.charts.oxConnector.repository }}"
+
 releases:
   - name: "dovecot"
     chart: "dovecot-repo/{{ .Values.charts.dovecot.name }}"
@@ -61,6 +68,16 @@ releases:
     installed: {{ .Values.oxAppsuite.enabled }}
     timeout: 900
 
+  - name: "ox-connector"
+    chart: "ox-connector-repo/{{ .Values.charts.oxConnector.name }}"
+    version: "{{ .Values.charts.oxConnector.version }}"
+    values:
+      - "values-oxconnector.yaml.gotmpl"
+      - {{ .Values.customization.release.oxConnector | default "additionalValues: false" }}
+    installed: {{ .Values.oxAppsuite.enabled }}
+    needs:
+      - "open-xchange"
+
 commonLabels:
   deploy-stage: "component-1"
   component: "open-xchange"

helmfile/apps/provisioning/helmfile-child.yaml.gotmpl

@@ -1,24 +0,0 @@
-# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
-# SPDX-License-Identifier: Apache-2.0
----
-repositories:
-  # OX Connector
-  - name: "ox-connector-repo"
-    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
-    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
-    oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.oxConnector.registry }}/{{ .Values.charts.oxConnector.repository }}"
-
-releases:
-  - name: "ox-connector"
-    chart: "ox-connector-repo/{{ .Values.charts.oxConnector.name }}"
-    version: "{{ .Values.charts.oxConnector.version }}"
-    values:
-      - "values-oxconnector.yaml.gotmpl"
-      - {{ .Values.customization.release.oxConnector | default "additionalValues: false" }}
-    installed: {{ .Values.oxConnector.enabled }}
-
-commonLabels:
-  deploy-stage: "component-2"
-  component: "provisioning"
-...

helmfile/apps/provisioning/helmfile.yaml.gotmpl

@@ -1,12 +0,0 @@
-# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
-# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
-# SPDX-License-Identifier: Apache-2.0
----
-bases:
-  - "../../bases/environments.yaml"
----
-helmfiles:
-  - path: "./helmfile-child.yaml.gotmpl"
-    values:
-      - {{ toYaml .Values | nindent 8 }}
-...

helmfile/apps/services/values-otterize.yaml.gotmpl

@@ -32,8 +32,6 @@ apps:
     enabled: {{ .Values.openproject.enabled }}
   oxAppsuite:
     enabled: {{ .Values.oxAppsuite.enabled }}
-  oxConnector:
-    enabled: {{ .Values.oxConnector.enabled }}
   postfix:
     enabled: {{ .Values.postfix.enabled }}
   postgresql:
@@ -48,7 +46,6 @@ apps:
 ingressController:
   {{ .Values.security.ingressController | toYaml | nindent 2 }}
 
-
 extraApps:
   clusterPostfix:
     enabled: {{ .Values.security.clusterPostfix.enabled }}

helmfile/environments/default/customization.yaml

@@ -35,12 +35,11 @@ customization:
     dovecot: ~
     openXchange: ~
     opendeskOpenXchangeBootstrap: ~
+    oxConnector: ~
     # openproject
     openproject: ~
     # openproject-bootstrap
     opendeskOpenprojectBootstrap: ~
-    # provisioning
-    oxConnector: ~
     # services
     opendeskOtterize: ~
     opendeskHome: ~

helmfile_generic.yaml.gotmpl

@@ -33,8 +33,6 @@ helmfiles:
     values: *values
   - path: "helmfile/apps/xwiki/helmfile-child.yaml.gotmpl"
     values: *values
-  - path: "helmfile/apps/provisioning/helmfile-child.yaml.gotmpl"
-    values: *values
   - path: "helmfile/apps/openproject-bootstrap/helmfile-child.yaml.gotmpl"
     values: *values
   - path: "helmfile/apps/migrations-post/helmfile-child.yaml.gotmpl"