fix: enable and set up provisioning

.gitlab-ci.yml

@@ -539,7 +539,7 @@ avscan-start:
 
 # Overwrite shared settings
 .common-semantic-release:
-  image: "registry.souvap-univention.de/souvap/tooling/images/semantic-release-patched:latest"
+  image: "registry.opencode.de/bmi/opendesk/components/platform-development/images/semantic-release-patched:1.0.0"
   tags: []
 
 conventional-commits-linter:

.kyverno/policies/template-image-registries.yaml

@@ -24,10 +24,10 @@ spec:
         pattern:
           spec:
             =(ephemeralContainers):
-              - image: "external-registry.souvap-univention.de/*"
+              - image: "my_private_registry.domain.tld/*"
             =(initContainers):
-              - image: "external-registry.souvap-univention.de/*"
+              - image: "my_private_registry.domain.tld/*"
             containers:
-              - image: "external-registry.souvap-univention.de/*"
+              - image: "my_private_registry.domain.tld/*"
   validationFailureAction: "audit"
 ...

README.md

@@ -1,4 +1,5 @@
 <!--
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 SPDX-FileCopyrightText: 2024 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 SPDX-License-Identifier: Apache-2.0
 -->
@@ -22,8 +23,8 @@ SPDX-License-Identifier: Apache-2.0
 
 # Overview
 
-openDesk is a Kubernetes based, open-source and cloud-native digital workplace suite provided by the "Projektgruppe für
+openDesk is a Kubernetes based, open-source and cloud-native digital workplace suite provided by the
-Aufbau ZenDiS" of Germany's Federal Ministry of the Interior.
+*Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH*.
 
 openDesk currently features the following functional main components:
 
@@ -31,7 +32,7 @@ openDesk currently features the following functional main components:
 | -------------------- | --------------------------- | -------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- |
 | Chat & collaboration | Element ft. Nordeck widgets | [1.11.59](https://github.com/element-hq/element-desktop/releases/tag/v1.11.59)                                 | [For the most recent release](https://element.io/user-guide)                                                                                 |
 | Diagram editor       | Cryptpad ft. diagrams.net   | [5.6.0](https://github.com/cryptpad/cryptpad/releases/tag/5.6.0)                                               | [For the most recent release](https://docs.cryptpad.org/en/)                                                                                 |
-| File management      | Nextcloud                   | [28.0.4](https://nextcloud.com/de/changelog/#28-0-4)                                                           | [Nextcloud 28](https://docs.nextcloud.com/)                                                                                                  |
+| File management      | Nextcloud                   | [28.0.5](https://nextcloud.com/de/changelog/#28-0-5)                                                           | [Nextcloud 28](https://docs.nextcloud.com/)                                                                                                  |
 | Groupware            | OX App Suite                | [8.23](https://documentation.open-xchange.com/appsuite/releases/8.23/)                                         | Online documentation available from within the installed application; [Additional resources](https://www.open-xchange.com/resources/oxpedia) |
 | Knowledge management | XWiki                       | [15.10.8](https://www.xwiki.org/xwiki/bin/view/Blog/XWiki15108Released)                                        | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation)                                                            |
 | Portal & IAM         | Nubus                       | Product Preview[^1]                                                                                            | [Univention's documentation website](https://docs.software-univention.de/n/en/index.html)                                                    |
@@ -116,7 +117,7 @@ This project uses the following license: Apache-2.0
 
 # Copyright
 
-Copyright (C) 2024 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+Copyright (C) 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 
 # Footnotes
 

docs/getting-started.md

@@ -178,13 +178,13 @@ prefer the use of a private image registry anyway you can configure such for
 
 ```yaml
 global:
-  imageRegistry: "external-registry.souvap-univention.de/sovereign-workplace"
+  imageRegistry: "my_private_registry.domain.tld"
 ```
 
 alternatively you can use an environment variable:
 
 ```shell
-export PRIVATE_IMAGE_REGISTRY_URL=external-registry.souvap-univention.de/sovereign-workplace
+export PRIVATE_IMAGE_REGISTRY_URL=my_private_registry.domain.tld
 ```
 
 If authentication is required, you can reference imagePullSecrets as following:

helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl

@@ -440,7 +440,7 @@ portal-server:
     {{ .Values.resources.umsPortalServer | toYaml | nindent 4 }}
 
 provisioning:
-  enabled: false
+  enabled: true
   api:
     image:
       registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningEventsAndConsumerApi.registry | quote }}
@@ -451,6 +451,10 @@ provisioning:
         {{- range .Values.global.imagePullSecrets }}
         - name: {{ . | quote }}
         {{- end }}
+    config:
+      rootPath: "/univention/provisioning-api"
+    resources:
+      {{ .Values.resources.umsProvisioningEventsAndConsumerApi | toYaml | nindent 4 }}
     credentialSecretName: "ums-provisioning-api-credentials"
   dispatcher:
     image:
@@ -462,6 +466,10 @@ provisioning:
         {{- range .Values.global.imagePullSecrets }}
         - name: {{ . | quote }}
         {{- end }}
+    resources:
+      {{ .Values.resources.umsProvisioningDispatcher | toYaml | nindent 4 }}
+    config:
+      UDM_HOST: "ums-udm-rest-api"
     credentialSecretName: "ums-provisioning-dispatcher-credentials"
   prefill:
     image:
@@ -473,7 +481,26 @@ provisioning:
         {{- range .Values.global.imagePullSecrets }}
         - name: {{ . | quote }}
         {{- end }}
+    resources:
+      {{ .Values.resources.umsProvisioningPrefill | toYaml | nindent 4 }}
+    config:
+      UDM_HOST: "ums-udm-rest-api"
     credentialSecretName: "ums-provisioning-prefill-credentials"
+  register_consumers:
+    image:
+      registry: {{ .Values.global.imageRegistry | default .Values.images.umsWaitForDependency.registry | quote }}
+      repository: {{ .Values.images.umsWaitForDependency.repository }}
+      pullPolicy: {{ .Values.global.imagePullPolicy }}
+      tag: {{ .Values.images.umsWaitForDependency.tag }}
+      pullSecrets:
+        {{- range .Values.global.imagePullSecrets }}
+        - name: {{ . | quote }}
+        {{- end }}
+    resources:
+      {{ .Values.resources.umsProvisioningRegisterConsumer | toYaml | nindent 4 }}
+    credentialSecretName: "ums-provisioning-register-consumers-credentials"
+    jsonSecretName: "ums-provisioning-register-consumers-json-secrets"
+    provisioningApiBaseUrl: "http://ums-provisioning-api/internal/admin/v1/subscriptions"
   nats:
     config:
       authorization:
@@ -499,6 +526,17 @@ provisioning:
             permissions:
               publish: ">"
               subscribe: ">"
+          - user: "$NATS_UDMLISTENER_USER"
+            password: "$NATS_UDMLISTENER_PASSWORD"
+            permissions:
+              publish: ">"
+              subscribe: ">"
+          - user: "$NATS_ADMIN_USER"
+            password: "$NATS_ADMIN_PASSWORD"
+            permissions:
+              publish: ">"
+              subscribe: ">"
+
     extraEnvVars:
       - name: NATS_USER
         value: "admin"
@@ -537,6 +575,17 @@ provisioning:
           secretKeyRef:
             name: ums-provisioning-prefill-credentials
             key: NATS_PASSWORD
+      - name: NATS_UDMLISTENER_USER
+        valueFrom:
+          secretKeyRef:
+            name: ums-provisioning-udm-listener-credentials
+            key: NATS_USER
+      - name: NATS_UDMLISTENER_PASSWORD
+        valueFrom:
+          secretKeyRef:
+            name: ums-provisioning-udm-listener-credentials
+            key: NATS_PASSWORD
+
   nats:
     nats:
       image:
@@ -564,7 +613,7 @@ provisioning:
       enabled: false
 
 udm-listener:
-  enabled: false
+  enabled: true
   image:
     registry: {{ .Values.global.imageRegistry | default .Values.images.umsProvisioningUdmListener.registry | quote }}
     repository: {{ .Values.images.umsProvisioningUdmListener.repository | quote }}
@@ -581,9 +630,17 @@ udm-listener:
     ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
     ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
     ldapPort: "389"
-    notifierServer: "ums-ldap-notifier"
+    notifierServer: {{ .Values.ldap.notifierHost | quote }}
     tlsMode: "off"
     natsHost: "ums-provisioning-nats"
+    natsUser: "udmlistener"
+    natsPassword: {{ .Values.secrets.univentionManagementStack.provisioning.udmListenerNatsPassword }}
+    eventsUsernameUdm: "udmproducer"
+    eventsPasswordUdm: {{ .Values.secrets.univentionManagementStack.provisioning.udmProducerPassword }}
+    internalApiHost: "ums-provisioning-api"
+
+  resources:
+    {{ .Values.resources.umsProvisioningUdmListener | toYaml | nindent 4 }}
 
 stack-data-ums:
   enabled: true
@@ -698,27 +755,19 @@ selfservice-listener:
   podAnnotations:
     intents.otterize.com/service-name: "ums-selfservice-listener"
   image:
+    registry: {{ .Values.global.imageRegistry | default .Values.images.umsSelfserviceInvitation.registry | quote }}
+    repository: {{ .Values.images.umsSelfserviceInvitation.repository | quote }}
+    tag: {{ .Values.images.umsSelfserviceInvitation.tag | quote }}
     pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
     pullSecrets:
       {{- range .Values.global.imagePullSecrets }}
       - name: {{ . | quote }}
       {{- end }}
 
-    selfserviceListener:
+  config:
-      registry: {{ .Values.global.imageRegistry | default .Values.images.umsSelfserviceListener.registry | quote }}
+    provisioningApiBaseUrl: "http://ums-provisioning-api"
-      repository: {{ .Values.images.umsSelfserviceListener.repository | quote }}
+    umcServerUrl: "http://ums-umc-server"
-      tag: {{ .Values.images.umsSelfserviceListener.tag | quote }}
+  credentialSecretName: "ums-selfservice-listener-credentials"
-
-    selfserviceInvitation:
-      registry: {{ .Values.global.imageRegistry | default .Values.images.umsSelfserviceInvitation.registry | quote }}
-      repository: {{ .Values.images.umsSelfserviceInvitation.repository | quote }}
-      tag: {{ .Values.images.umsSelfserviceInvitation.tag | quote }}
-
-    waitForDependency:
-      registry: {{ .Values.global.imageRegistry | default .Values.images.umsWaitForDependency.registry | quote }}
-      repository: {{ .Values.images.umsWaitForDependency.repository | quote }}
-      pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
-      tag: {{ .Values.images.umsWaitForDependency.tag | quote }}
 
   persistence:
     storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }}
@@ -727,24 +776,8 @@ selfservice-listener:
   resources:
     {{ .Values.resources.umsSelfserviceListener | toYaml | nindent 4 }}
 
-  resourcesDependencyWaiter:
-    {{ .Values.resources.umsSelfserviceListenerDependencies | toYaml | nindent 4 }}
-
   replicaCount: {{ .Values.replicas.umsSelfserviceListener }}
 
-  selfserviceListener:
-    ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
-    ldapHost: {{ .Values.ldap.host | quote }}
-    ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
-    ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
-    machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
-    notifierServer: {{ .Values.ldap.notifierHost | quote }}
-    umcAdminPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.adminPassword | quote }}
-    debugLevel: {{ if .Values.debug.enabled }}"4"{{ else }}"1"{{ end }}
-    tlsMode: "off"
-    umcServerUrl: "http://ums-umc-server"
-    umcAdminUser: "default.admin"
-
   securityContext:
     allowPrivilegeEscalation: false
     capabilities:
@@ -1550,20 +1583,47 @@ extraSecrets:
   - name: ums-provisioning-api-credentials
     stringData:
       NATS_USER: "api"
-      NATS_PASSWORD: "password"
+      NATS_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.apiNatsPassword }}
+      ADMIN_NATS_USER: "admin"
+      ADMIN_NATS_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.apiAdminNatsPassword }}
+      ADMIN_USERNAME: "admin"
+      ADMIN_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.apiAdminPassword }}
+      PREFILL_USERNAME: "prefill"
+      PREFILL_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.prefillPassword }}
+      EVENTS_USERNAME_UDM: "udmproducer"
+      EVENTS_PASSWORD_UDM: {{ .Values.secrets.univentionManagementStack.provisioning.udmProducerPassword }}
   - name: ums-provisioning-dispatcher-credentials
     stringData:
-      UDM_USERNAME: "cn=admin"
-      UDM_PASSWORD: "password"
       NATS_USER: "dispatcher"
-      NATS_PASSWORD: "password"
+      NATS_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.dispatcherNatsPassword }}
   - name: ums-provisioning-prefill-credentials
     stringData:
       NATS_USER: "prefill"
-      NATS_PASSWORD: "password"
+      NATS_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.prefillNatsPassword }}
+      UDM_USERNAME: "cn=admin"
+      UDM_PASSWORD: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
+      PREFILL_USERNAME: "prefill"
+      PREFILL_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.prefillPassword }}
+  - name: ums-provisioning-udm-listener-credentials
+    stringData:
+      NATS_USER: "udmlistener"
+      NATS_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.udmListenerNatsPassword }}
   - name: ums-provisioning-nats-credentials
     stringData:
       admin_password: "nimda"
+  - name: ums-provisioning-register-consumers-credentials
+    stringData:
+      ADMIN_USERNAME: "admin"
+      ADMIN_PASSWORD: {{ .Values.secrets.univentionManagementStack.provisioning.apiAdminPassword }}
+  - name: ums-provisioning-register-consumers-json-secrets
+    stringData:
+      selfservice-listener.json: |
+        {
+          "name": "selfservice-listener",
+          "realms_topics": [["udm", "users/user"]],
+          "request_prefill": true,
+          "password": {{ .Values.secrets.univentionManagementStack.selfserviceListener.provisioningApiPassword | quote }}
+        }
   - name: ums-udm-rest-api-credentials
     stringData:
       ldap.secret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
@@ -1578,4 +1638,10 @@ extraSecrets:
     stringData:
       KEYCLOAK_ADMIN_PASSWORD: {{ .Values.secrets.keycloak.adminPassword | quote }}
       GUARDIAN_MANAGEMENT_API_CLIENT_SECRET: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }}
+  - name: "ums-selfservice-listener-credentials"
+    stringData:
+      UMC_ADMIN_USER: "default.admin"
+      UMC_ADMIN_PASSWORD: {{ .Values.secrets.univentionManagementStack.defaultAccounts.adminPassword | quote }}
+      PROVISIONING_API_USERNAME: "selfservice-listener"
+      PROVISIONING_API_PASSWORD: {{ .Values.secrets.univentionManagementStack.selfserviceListener.provisioningApiPassword | quote }}
 ...

helmfile/environments/default/charts.yaml

@@ -375,12 +375,16 @@ charts:
     # upstreamRepository: 'souvap/tooling/charts/univention/ums'
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ['0', '0', '1']
+    # TODO: return back mirror registry and repository before merging
     # registry: "registry.opencode.de"
     # repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
     registry: "registry.souvap-univention.de"
     repository: "souvap/tooling/charts/univention"
     name: "ums"
-    version: "0.12.0"
+    # TODO: Needs an update once the previous MR is merged
+    # See: https://git.knut.univention.de/univention/customers/dataport/upx/ums-stack/-/merge_requests/32
+    # version: "0.12.1"
+    version: "0.12.1-pre-acaceres-update-dependencies"
     verify: true
   umsKeycloakBootstrap:
     # providerCategory: 'Supplier'

helmfile/environments/default/images.yaml

@@ -220,7 +220,7 @@ images:
     # upstreamRepository: 'bmi/opendesk/components/platform-development/images/opendesk-nextcloud-apache2'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-apache2"
-    tag: "1.1.19@sha256:ebe4e1187a474739794115ec97ba3759cf61fcc2967fc799ff1ec4e7ba0a4243"
+    tag: "1.1.21@sha256:ec63d564eb11d7ed213a5ef8719f2b3380e552f1ffb1251470b84c0c8937b7b8"
   nextcloudExporter:
     # providerCategory: 'Platform'
     # providerResponsible: 'openDesk'
@@ -236,7 +236,7 @@ images:
     # upstreamRepository: 'bmi/opendesk/components/platform-development/images/opendesk-nextcloud-management'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-management"
-    tag: "1.3.10@sha256:ed038316eb84e42716c7c31d7275cddc1125781cbb7583e716a978b9407ba738"
+    tag: "1.3.12@sha256:54bb5a90ebe49b33b053e8a7df2fa8d8cb992b17f68a04d08357961c3aded0b0"
   nextcloudPHP:
     # providerCategory: 'Platform'
     # providerResponsible: 'openDesk'
@@ -244,7 +244,7 @@ images:
     # upstreamRepository: 'bmi/opendesk/components/platform-development/images/opendesk-nextcloud-php'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-php"
-    tag: "1.8.9@sha256:9da3810989c60a3913f9ab366442925d39011a41c9f761ea05650de5935a4514"
+    tag: "1.8.11@sha256:85b3bbf027c9e6a2ccf411b8e2b3752f6a58a3a14f00fb92ecefd9e7ca0c6954"
   opendeskKeycloakBootstrap:
     # providerCategory: 'Platform'
     # providerResponsible: 'openDesk'
@@ -536,7 +536,7 @@ images:
     # upstreamMirrorStartFrom: ['22', '0', '3']
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-keycloak"
-    tag: "23.0.7-ucs1@sha256:94b34cf3d9266435cf03549b58f874219ecbe9c38c18a070fea403d0cdd2bfc4"
+    tag: "24.0.3-ucs1@sha256:cc66a1730abdd5abe88ac5cf045b6558f289bf1ae8d077ee884a42d785742f8b"
   umsKeycloakBootstrap:
     # providerCategory: 'Supplier'
     # providerResponsible: 'Univention'
@@ -670,7 +670,7 @@ images:
     # upstreamMirrorStartFrom: ['0', '14', '0']
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-dispatcher"
-    tag: "0.21.3@sha256:29c5f216ab0f8d12c1e77969de6e82046c0d47e1111838fb0a2dcd9950c0175d"
+    tag: "0.25.0@sha256:c6c9d1e4a46222105ded32c8e87cb2e9b19945592a9ada4e6c13e6942d721694"
   umsProvisioningEventsAndConsumerApi:
     # providerCategory: 'Supplier'
     # providerResponsible: 'Univention'
@@ -680,7 +680,7 @@ images:
     # upstreamMirrorStartFrom: ['0', '14', '0']
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api"
-    tag: "0.21.3@sha256:4cb498a64dd40c0963ca1ca382213ad5b8a4de5eb57650946d78ac44b359f43f"
+    tag: "0.25.0@sha256:f0382154126421e4078beede3ce2579f61859da64c497cb5c93acc693bf71647"
   umsProvisioningPrefill:
     # providerCategory: 'Supplier'
     # providerResponsible: 'Univention'
@@ -690,7 +690,7 @@ images:
     # upstreamMirrorStartFrom: ['0', '14', '0']
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill"
-    tag: "0.21.3@sha256:944ff8558d12c59f3490cba68680281c3fa5468fd6fd011fd002befcb9956973"
+    tag: "0.25.0@sha256:a5beae74c2575fa20d305ae635bc0c2bba64a9b1173819f8ddd4cca3fb59f6a4"
   umsProvisioningUdmListener:
     # providerCategory: 'Supplier'
     # providerResponsible: 'Univention'
@@ -700,7 +700,7 @@ images:
     # upstreamMirrorStartFrom: ['0', '14', '0']
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener"
-    tag: "0.21.3@sha256:e1cd42558e44bb72ed5c7798cef711db94df7d10d6895c993ca6412df1d25f02"
+    tag: "0.25.0@sha256:b67e31d11461d02bc211117408ded3c0428d224b056f26734add7c024d5f710a"
   umsSelfserviceInvitation:
     # providerCategory: 'Supplier'
     # providerResponsible: 'Univention'
@@ -708,19 +708,15 @@ images:
     # upstreamRepository: 'souvap/tooling/images/univention/selfservice-invitation'
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ['0', '3', '2']
-    registry: "registry.opencode.de"
+    # TODO: return back mirror registry and repository before merging
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-invitation"
+#    registry: "registry.opencode.de"
-    tag: "0.4.0@sha256:bd252758576e1733076c78756f04225ebed73d9c48de22440975ef11dd087caf"
+#    repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-invitation"
-  umsSelfserviceListener:
+    registry: "registry.souvap-univention.de"
-    # providerCategory: 'Supplier'
+    repository: "souvap/tooling/images/univention/selfservice-invitation"
-    # providerResponsible: 'Univention'
+    # TODO: Needs an update once the previous MR is merged
-    # upstreamRegistry: 'registry.souvap-univention.de'
+    # See: https://git.knut.univention.de/univention/customers/dataport/upx/selfservice-listener/-/merge_requests/16
-    # upstreamRepository: 'souvap/tooling/images/univention/selfservice-listener'
+    # version: "0.5.0"
-    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
+    tag: "0.5.0-pre-acaceres-migrate-self-service-listener-to-provisioning-service@sha256:68b342badcaa0def19e6396bb23ffabf3e140ee2a3a39d37e7a5dc4cbba8362b"
-    # upstreamMirrorStartFrom: ['0', '3', '2']
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-listener"
-    tag: "0.4.0@sha256:0bc0235fd64a19a183f112da73109b54712c2d70fe7fa77c6405beefb7167588"
   umsStackGateway:
     # providerCategory: 'Community'
     # providerResponsible: 'Univention'

helmfile/environments/default/resources.yaml

@@ -466,6 +466,13 @@ resources:
     requests:
       cpu: 0.1
       memory: "256Mi"
+  umsProvisioningRegisterConsumer:
+    limits:
+      cpu: 0.5
+      memory: "256Mi"
+    requests:
+      cpu: 0.25
+      memory: "128Mi"
   umsProvisioningNats:
     limits:
       cpu: 99
@@ -480,13 +487,6 @@ resources:
     requests:
       cpu: 0.1
       memory: "256Mi"
-  umsSelfserviceListenerDependencies:
-    limits:
-      cpu: 99
-      memory: "1Gi"
-    requests:
-      cpu: 0.1
-      memory: "256Mi"
   umsStackDataUms:
     limits:
       cpu: 99

helmfile/environments/default/secrets.gotmpl

@@ -34,14 +34,13 @@ secrets:
       apiNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "nats" | sha1sum | quote }}
       apiAdminNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "apiAdmin" "nats" | sha1sum | quote }}
       apiAdminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "admin_api" | sha1sum | quote }}
-      dispatcherPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "dispatcher" "dispatcher_service" | sha1sum | quote }}
       prefillPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "prefill" "prefill_service" | sha1sum | quote }}
       prefillNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "prefill" "nats" | sha1sum | quote }}
       udmProducerPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "udmproducer" "events_api" | sha1sum | quote }}
       dispatcherNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "dispatcher" "nats" | sha1sum | quote }}
-      dispatcherUdmPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "udm" | sha1sum | quote }}
       udmListenerNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "udmlistener" "nats" | sha1sum | quote }}
-      udmPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "udm" | sha1sum | quote }}
+    selfserviceListener:
+      provisioningApiPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "selfservice-listener" "selfservice-listener" | sha1sum | quote }}
   nats:
     natsAdminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "admin" "nats" | sha1sum | quote }}
 

helmfile/environments/test/values.yaml.gotmpl

@@ -4,7 +4,7 @@ SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 global:
-  imageRegistry: "external-registry.souvap-univention.de/sovereign-workplace"
+  imageRegistry: "my_private_registry.domain.tld"
   imagePullSecrets:
     - "kyverno-test"
   imagePullPolicy: "kyverno"