From 7f60ab3b7a155c8f95bfcf139fa896cbc41ca767 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thorsten=20Ro=C3=9Fner?= <thorsten.rossner.extern@zendis.de>
Date: Fri, 13 Dec 2024 14:31:17 +0100
Subject: [PATCH] fix(migrations): Update to support Nubus 1.5.1

---
 docs/migrations.md                            | 34 +++++++++++++------
 .../environments/default/charts.yaml.gotmpl   |  2 +-
 .../environments/default/images.yaml.gotmpl   |  2 +-
 helmfile/shared/migrations.yaml.gotmpl        |  2 +-
 4 files changed, 27 insertions(+), 13 deletions(-)

diff --git a/docs/migrations.md b/docs/migrations.md
index d2743e0e..61b4d3ff 100644
--- a/docs/migrations.md
+++ b/docs/migrations.md
@@ -10,7 +10,7 @@ SPDX-License-Identifier: Apache-2.0
 * [openDesk supported upgrade path](#opendesk-supported-upgrade-path)
 * [Releases upgrade details](#releases-upgrade-details)
   * [From v1.0.0](#from-v100)
-    * [Pre-upgrade: Manual checks/steps](#pre-upgrade-manual-checkssteps)
+    * [Pre-upgrade: Manual checks/steps from v1.0.0](#pre-upgrade-manual-checkssteps-from-v100)
       * [Helmfile Cleanup: Consistent use of `*.yaml.gotmpl`](#helmfile-cleanup-consistent-use-of-yamlgotmpl)
       * [Helmfile Cleanup: Prefixing certain app directories with `opendesk-`](#helmfile-cleanup-prefixing-certain-app-directories-with-opendesk-)
       * [Helmfile Cleanup: Helmfile Cleanup: Splitting external vs. openDesk services](#helmfile-cleanup-helmfile-cleanup-splitting-external-vs-opendesk-services)
@@ -19,6 +19,7 @@ SPDX-License-Identifier: Apache-2.0
       * [openDesk defaults (new): Enforce login](#opendesk-defaults-new-enforce-login)
       * [openDesk defaults (changed): Jitsi room history enabled](#opendesk-defaults-changed-jitsi-room-history-enabled)
       * [External requirements: Redis 7.4](#external-requirements-redis-74)
+    * [Automated migrations from v1.0.0](#automated-migrations-from-v100)
   * [From v0.9.0](#from-v090)
     * [Pre-upgrade: Manual steps](#pre-upgrade-manual-steps)
       * [Configuration Cleanup: Removal of unnecessary OX-Profiles in Nubus](#configuration-cleanup-removal-of-unnecessary-ox-profiles-in-nubus)
@@ -27,7 +28,7 @@ SPDX-License-Identifier: Apache-2.0
       * [Changed openDesk defaults: File-share configurability](#changed-opendesk-defaults-file-share-configurability)
       * [Changed openDesk defaults: Updated default subdomains in `global.hosts`](#changed-opendesk-defaults-updated-default-subdomains-in-globalhosts)
       * [Changed openDesk defaults: Dedicated group for access to the UDM REST API](#changed-opendesk-defaults-dedicated-group-for-access-to-the-udm-rest-api)
-    * [Automated migrations](#automated-migrations)
+    * [Automated migrations from v0.9.0](#automated-migrations-from-v090)
     * [Post-upgrade: Manual steps](#post-upgrade-manual-steps)
       * [Configuration Improvement: Separate user permission for using Video Conference component](#configuration-improvement-separate-user-permission-for-using-video-conference-component)
       * [Optional Cleanup](#optional-cleanup)
@@ -61,17 +62,18 @@ Explanation of the table's columns:
 - *Automatic migration*: Summary of, or link to openDesk's automatic migration details.
 - *Manual activities*: Reference to required manual steps to upgrade your openDesk installation to the *Mandatory release*.
 
-| Coming from   | Mandatory (minimum) release | Automatic migration                                                                                                                                           | Manual activities             |
-| ------------- | --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------- |
-| v0.9.0        | v1.x.x                      | [run_2.py](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-migrations/-/blob/main/odmigs-python/odmigs_runs/run_2.py) | See [From v0.9.0](#from-v090) |
-| v0.8.1        | v0.9.0                      | Initializes migration system                                                                                                                                  | See [From v0.8.1](#from-v081) |
-| not supported | v0.8.1                      | First release that supporting updates                                                                                                                         |                               |
+| Coming from   | Mandatory (minimum) release | Manual steps required                                                             | Details                       |
+| ------------- | --------------------------- | --------------------------------------------------------------------------------- | ----------------------------- |
+| v1.0.0        | v1.1.0                      | [Before upgrade](#pre-upgrade-manual-checkssteps-from-v100)                       | See [From v1.0.0](#from-v100) |
+| v0.9.0        | v1.0.0                      | [Before](#pre-upgrade-manual-steps) & [After upgrade](#post-upgrade-manual-steps) | See [From v0.9.0](#from-v090) |
+| v0.8.1        | v0.9.0                      | Initializes migration system                                                      | See [From v0.8.1](#from-v081) |
+| not supported | v0.8.1                      | First release that supporting updates                                             |                               |
 
 # Releases upgrade details
 
 ## From v1.0.0
 
-### Pre-upgrade: Manual checks/steps
+### Pre-upgrade: Manual checks/steps from v1.0.0
 
 #### Helmfile Cleanup: Consistent use of `*.yaml.gotmpl`
 
@@ -228,6 +230,17 @@ The update from openDesk 1.0.0 contains Redis 7.4.1, like the other openDesk bun
 
 Please ensure for the Redis you are using that it is updated to at least 7.4 to support the requirement of OX App Suite.
 
+### Automated migrations from v1.0.0
+
+With openDesk v1.1.0 the IAM stack supports HA LDAP primary as well as scalable LDAP secondary pods.
+
+openDesk's automated migrations takes care of this upgrade requirement described here for
+[Nubus 1.5.1](https://docs.software-univention.de/nubus-kubernetes-release-notes/1.5.1/en/changelog.html#migrate-existing-ldap-server-to-mirror-mode-readiness),
+creating the config map with the mentioned label.
+
+> **Note**<br>
+> Details can be found in [run_3.py](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-migrations/-/blob/main/odmigs-python/odmigs_runs/run_3.py).
+
 ## From v0.9.0
 
 ### Pre-upgrade: Manual steps
@@ -401,13 +414,14 @@ The IAMs admin account `Administrator` is a member of this group by default, but
 
 If you need other accounts to use the API, please assign them to the aforementioned group.
 
-### Automated migrations
+### Automated migrations from v0.9.0
 
 The `migrations-pre` and `migrations-post` jobs in the openDesk deployment address the automated migration tasks.
 
 The permissions required to execute the migrations can be found in the migration's Helm chart [`role.yaml'](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-migrations/-/blob/v1.3.5/charts/opendesk-migrations/templates/role.yaml?ref_type=tags#L29)
 
-The actual actions are described as code comments in the related run module [`run_2.py](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-migrations/-/blob/main/odmigs-python/odmigs_runs/run_2.py).
+> **Note**<br>
+> Details can be found in [run_2.py](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-migrations/-/blob/main/odmigs-python/odmigs_runs/run_3.py).
 
 ### Post-upgrade: Manual steps
 
diff --git a/helmfile/environments/default/charts.yaml.gotmpl b/helmfile/environments/default/charts.yaml.gotmpl
index ee55df63..31a60232 100644
--- a/helmfile/environments/default/charts.yaml.gotmpl
+++ b/helmfile/environments/default/charts.yaml.gotmpl
@@ -229,7 +229,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-migrations"
     name: "opendesk-migrations"
-    version: "1.3.6"
+    version: "1.4.0"
     verify: true
   minio:
     # providerCategory: "Community"
diff --git a/helmfile/environments/default/images.yaml.gotmpl b/helmfile/environments/default/images.yaml.gotmpl
index 04ee285c..0f7a8448 100644
--- a/helmfile/environments/default/images.yaml.gotmpl
+++ b/helmfile/environments/default/images.yaml.gotmpl
@@ -211,7 +211,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
-    tag: "1.3.18@sha256:d7f13322cc9cc7ab157f926280070850b0dfc6169c93a306ec4c3cf7c21eff69"
+    tag: "1.4.0@sha256:0c74011e4c1216857b73695741196908afcacc2f531fd1c894b8f574ac98f9a2"
   milter:
     # providerCategory: "Community"
     # providerResponsible: "openDesk"
diff --git a/helmfile/shared/migrations.yaml.gotmpl b/helmfile/shared/migrations.yaml.gotmpl
index b5414bcf..25290ef4 100644
--- a/helmfile/shared/migrations.yaml.gotmpl
+++ b/helmfile/shared/migrations.yaml.gotmpl
@@ -19,7 +19,7 @@ cleanup:
   deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
 
 migrations:
-  runId: 2
+  runId: 3
   namespace: {{ .Values.migrations.namespace | default .Release.Namespace | quote }}
   loglevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"INFO"{{ end }}
   failOnUnexpectedState: true