From ef1af2c42c553ea2a592cd74562a3ee6cda10e4a Mon Sep 17 00:00:00 2001
From: Jonathan Langlois <37274633+jlangy@users.noreply.github.com>
Date: Fri, 28 Jun 2024 11:45:52 -0700
Subject: [PATCH] Revert "chore: microsoft graph (#357)"
This reverts commit 8b522cbce34f518dc3f67165a9f3c54246290fcb.
---
docker/kc-cron-job/.env.example | 29 +--
docker/kc-cron-job/package.json | 2 -
.../kc-cron-job/remove-inactive-idir-users.js | 198 +++++++++---------
docker/kc-cron-job/yarn.lock | 82 --------
helm/kc-cron-job/README.md | 5 +
.../templates/cron-remove-inactive-users.yaml | 44 +---
helm/kc-cron-job/values-c6af30-tools.yaml | 72 -------
7 files changed, 130 insertions(+), 302 deletions(-)
delete mode 100644 helm/kc-cron-job/values-c6af30-tools.yaml
diff --git a/docker/kc-cron-job/.env.example b/docker/kc-cron-job/.env.example
index de760d5a..917e6d96 100644
--- a/docker/kc-cron-job/.env.example
+++ b/docker/kc-cron-job/.env.example
@@ -1,11 +1,16 @@
-DEV_KEYCLOAK_PASSWORD=
-DEV_KEYCLOAK_USERNAME=
+BCEID_SERVICE_BASIC_AUTH=
+BCEID_REQUESTER_IDIR_GUID=
+BCEID_SERVICE_ID_DEV=
+BCEID_SERVICE_ID_TEST=
+BCEID_SERVICE_ID_PROD=
+DEV_KEYCLOAK_CLIENT_ID=
+DEV_KEYCLOAK_CLIENT_SECRET=
DEV_KEYCLOAK_URL=https://dev.loginproxy.gov.bc.ca
-TEST_KEYCLOAK_PASSWORD=
-TEST_KEYCLOAK_USERNAME=
+TEST_KEYCLOAK_CLIENT_ID=
+TEST_KEYCLOAK_CLIENT_SECRET=
TEST_KEYCLOAK_URL=https://test.loginproxy.gov.bc.ca
-PROD_KEYCLOAK_PASSWORD=
-PROD_KEYCLOAK_USERNAME=
+PROD_KEYCLOAK_CLIENT_ID=
+PROD_KEYCLOAK_CLIENT_SECRET=
PROD_KEYCLOAK_URL=https://loginproxy.gov.bc.ca
PGHOST=
PGPORT=
@@ -18,15 +23,3 @@ RC_WEBHOOK=
VC_USERS_RETENTION_DAYS=
INACTIVE_IDIR_USERS_RETENTION_DAYS=
NAMESPACE=
-
-MS_GRAPH_API_AUTHORITY_DEV=
-MS_GRAPH_API_CLIENT_ID_DEV=
-MS_GRAPH_API_CLIENT_SECRET_DEV=
-
-MS_GRAPH_API_AUTHORITY_TEST=
-MS_GRAPH_API_CLIENT_ID_TEST=
-MS_GRAPH_API_CLIENT_SECRET_TEST=
-
-MS_GRAPH_API_AUTHORITY_PROD=
-MS_GRAPH_API_CLIENT_ID_PROD=
-MS_GRAPH_API_CLIENT_SECRET_PROD=
diff --git a/docker/kc-cron-job/package.json b/docker/kc-cron-job/package.json
index a16cded2..315b94ce 100644
--- a/docker/kc-cron-job/package.json
+++ b/docker/kc-cron-job/package.json
@@ -9,12 +9,10 @@
"test": "jest"
},
"dependencies": {
- "@azure/msal-node": "^2.9.2",
"archiver": "^5.3.0",
"async": "^3.2.4",
"axios": "^1.4.0",
"easy-soap-request": "^5.3.0",
- "jsonwebtoken": "^9.0.2",
"jws": "^4.0.0",
"keycloak-admin": "^1.14.22",
"lodash": "^4.17.21",
diff --git a/docker/kc-cron-job/remove-inactive-idir-users.js b/docker/kc-cron-job/remove-inactive-idir-users.js
index 29a1a827..3b8c0ac2 100644
--- a/docker/kc-cron-job/remove-inactive-idir-users.js
+++ b/docker/kc-cron-job/remove-inactive-idir-users.js
@@ -1,112 +1,126 @@
const _ = require('lodash');
+const { promisify } = require('util');
+const { parseString } = require('xml2js');
const async = require('async');
const axios = require('axios');
const { getAdminClient, log, getPgClient, sendRcNotification, handleError, deleteLegacyData } = require('./helpers');
-const jwt = require('jsonwebtoken');
-const { ConfidentialClientApplication } = require('@azure/msal-node');
-
-const MS_GRAPH_URL = 'https://graph.microsoft.com';
-const MS_GRAPH_IDIR_GUID_ATTRIBUTE = 'onPremisesExtensionAttributes/extensionAttribute12';
require('dotenv').config();
-let devMsalInstance;
-let testMsalInstance;
-let prodMsalInstance;
+const parseStringSync = promisify(parseString);
-let msTokenCache = {
- dev: {
- token: '',
- decoded: null
- },
- test: {
- token: '',
- decoded: null
+function getWebServiceInfo({ env = 'dev' }) {
+ const requestHeaders = {
+ 'Content-Type': 'text/xml;charset=UTF-8',
+ authorization: `Basic ${process.env.BCEID_SERVICE_BASIC_AUTH}`
+ };
+
+ const requesterIdirGuid = process.env.BCEID_REQUESTER_IDIR_GUID || '';
+
+ let serviceUrl = '';
+ let serviceId = '';
+ if (env === 'dev') {
+ serviceUrl = 'https://gws2.development.bceid.ca';
+ serviceId = process.env.BCEID_SERVICE_ID_DEV || '';
+ } else if (env === 'test') {
+ serviceUrl = 'https://gws2.test.bceid.ca';
+ serviceId = process.env.BCEID_SERVICE_ID_TEST || '';
+ } else if (env === 'prod') {
+ serviceUrl = 'https://gws2.bceid.ca';
+ serviceId = process.env.BCEID_SERVICE_ID_PROD || '';
+ }
+
+ return { requestHeaders, requesterIdirGuid, serviceUrl, serviceId };
+}
+
+const generateXML = (
+ {
+ property = 'userId',
+ matchKey = '',
+ matchType = 'Exact',
+ serviceId = '',
+ requesterIdirGuid = '',
+ page = 1,
+ limit = 1
},
- prod: {
- token: '',
- decoded: null
+ requestType = 'searchInternalAccount'
+) => {
+ if (requestType === 'getAccountDetail') {
+ return `
+
+
+
+
+
+ ${serviceId}
+ Internal
+ ${requesterIdirGuid}
+ ${matchKey}
+ Internal
+
+
+
+ `;
+ } else {
+ return `
+
+
+
+
+
+ ${serviceId}
+ Internal
+ ${requesterIdirGuid}
+ Internal
+
+ ${String(limit || 100)}
+ ${String(page || 1)}
+
+
+ Ascending
+ UserId
+
+
+
+ ${matchKey}
+ ${matchType}
+
+
+
+
+
+`;
}
};
-async function getAzureAccessToken(env) {
+async function checkUserExistsAtIDIM({ property = 'userGuid', matchKey = '', env = 'prod' }) {
+ const { requestHeaders, requesterIdirGuid, serviceUrl, serviceId } = getWebServiceInfo({ env });
+ const xml = generateXML({ property, matchKey, serviceId, requesterIdirGuid }, 'getAccountDetail');
+
try {
- const currentTime = Math.floor(Date.now() / 1000);
- if (msTokenCache[env].decoded && msTokenCache[env].decoded?.exp > currentTime) {
- return msTokenCache[env].token;
- }
- const request = {
- scopes: [`${MS_GRAPH_URL}/.default`]
- };
+ const response = await axios.post(`${serviceUrl}/webservices/client/V10/BCeIDService.asmx?WSDL`, xml, {
+ headers: requestHeaders,
+ timeout: 10000
+ });
- let msalInstance;
- switch (env) {
- case 'dev':
- msalInstance =
- devMsalInstance ||
- new ConfidentialClientApplication({
- auth: {
- authority: process.env.MS_GRAPH_API_AUTHORITY_DEV || '',
- clientId: process.env.MS_GRAPH_API_CLIENT_ID_DEV || '',
- clientSecret: process.env.MS_GRAPH_API_CLIENT_SECRET_DEV || ''
- }
- });
- break;
- case 'test':
- msalInstance =
- testMsalInstance ||
- new ConfidentialClientApplication({
- auth: {
- authority: process.env.MS_GRAPH_API_AUTHORITY_TEST || '',
- clientId: process.env.MS_GRAPH_API_CLIENT_ID_TEST || '',
- clientSecret: process.env.MS_GRAPH_API_CLIENT_SECRET_TEST || ''
- }
- });
- break;
- case 'prod':
- msalInstance =
- prodMsalInstance ||
- new ConfidentialClientApplication({
- auth: {
- authority: process.env.MS_GRAPH_API_AUTHORITY_PROD || '',
- clientId: process.env.MS_GRAPH_API_CLIENT_ID_PROD || '',
- clientSecret: process.env.MS_GRAPH_API_CLIENT_SECRET_PROD || ''
- }
- });
- break;
- }
- const response = await msalInstance.acquireTokenByClientCredential(request);
- msTokenCache[env].token = response.accessToken;
- msTokenCache[env].decoded = jwt.decode(response.accessToken);
- return response.accessToken;
- } catch (error) {
- console.error(error);
- throw new Error('Error acquiring access token');
- }
-}
+ const { data: body } = response;
-async function checkUserExistsAtIDIM({ property = MS_GRAPH_IDIR_GUID_ATTRIBUTE, matchKey = '', env }) {
- try {
- const accessToken = await getAzureAccessToken(env);
- const options = {
- headers: {
- Authorization: `Bearer ${accessToken}`,
- ConsistencyLevel: 'eventual'
- }
- };
+ const result = await parseStringSync(body);
+ const data = _.get(result, 'soap:Envelope.soap:Body.0.getAccountDetailResponse.0.getAccountDetailResult.0');
+ if (!data) throw Error('no data');
- const url = `${MS_GRAPH_URL}/v1.0/users?$filter=${property} eq '${matchKey}'&$count=true`;
- const result = await axios.get(url, options);
- if (result && result.data?.value?.length === 0) {
- return 'notexists';
- }
- if (result && result.data?.value?.length > 0) {
+ const status = _.get(data, 'code.0');
+ const failureCode = _.get(data, 'failureCode.0');
+ const failMessage = _.get(data, 'message.0');
+ if (status === 'Success' && failureCode === 'Void') {
return 'exists';
+ } else if (status === 'Failed' && failureCode === 'NoResults') {
+ return 'notexists';
+ } else {
+ log(`${env}: [${status}][${failureCode}] ${property}: ${matchKey}: ${String(failMessage)})`);
}
- console.error(`unexpected response from ms graph: ${result}`);
return 'error';
} catch (error) {
- console.log(error?.response?.data || error);
throw new Error(error);
}
}
@@ -181,11 +195,7 @@ async function removeStaleUsersByEnv(env = 'dev', pgClient, runnerName, startFro
if (displayName && displayName.startsWith('hold -')) continue;
log(`[${runnerName}] processing user ${username}`);
if (username.includes('@idir')) {
- const userExistsAtWb = await checkUserExistsAtIDIM({
- property: MS_GRAPH_IDIR_GUID_ATTRIBUTE,
- matchKey: idirUserGuid,
- env
- });
+ const userExistsAtWb = await checkUserExistsAtIDIM({ property: 'userGuid', matchKey: idirUserGuid, env });
if (userExistsAtWb === 'notexists') {
const { realmRoles, clientRoles } = await getUserRolesMappings(adminClient, id);
await removeUserFromKc(adminClient, id);
diff --git a/docker/kc-cron-job/yarn.lock b/docker/kc-cron-job/yarn.lock
index d50446de..a38e5a0e 100644
--- a/docker/kc-cron-job/yarn.lock
+++ b/docker/kc-cron-job/yarn.lock
@@ -15,20 +15,6 @@
"@jridgewell/gen-mapping" "^0.3.0"
"@jridgewell/trace-mapping" "^0.3.9"
-"@azure/msal-common@14.12.0":
- version "14.12.0"
- resolved "https://registry.yarnpkg.com/@azure/msal-common/-/msal-common-14.12.0.tgz#844abe269b071f8fa8949dadc2a7b65bbb147588"
- integrity sha512-IDDXmzfdwmDkv4SSmMEyAniJf6fDu3FJ7ncOjlxkDuT85uSnLEhZi3fGZpoR7T4XZpOMx9teM9GXBgrfJgyeBw==
-
-"@azure/msal-node@^2.9.2":
- version "2.9.2"
- resolved "https://registry.yarnpkg.com/@azure/msal-node/-/msal-node-2.9.2.tgz#e6d3c1661012c1bd0ef68e328f73a2fdede52931"
- integrity sha512-8tvi6Cos3m+0KmRbPjgkySXi+UQU/QiuVRFnrxIwt5xZlEEFa69O04RTaNESGgImyBBlYbo2mfE8/U8Bbdk1WQ==
- dependencies:
- "@azure/msal-common" "14.12.0"
- jsonwebtoken "^9.0.0"
- uuid "^8.3.0"
-
"@babel/code-frame@^7.0.0", "@babel/code-frame@^7.12.13", "@babel/code-frame@^7.22.13":
version "7.22.13"
resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.22.13.tgz#e3c1c099402598483b7a8c46a721d1038803755e"
@@ -2830,31 +2816,6 @@ json5@^2.2.3:
resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.3.tgz#78cd6f1a19bdc12b73db5ad0c61efd66c1e29283"
integrity sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==
-jsonwebtoken@^9.0.0, jsonwebtoken@^9.0.2:
- version "9.0.2"
- resolved "https://registry.yarnpkg.com/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz#65ff91f4abef1784697d40952bb1998c504caaf3"
- integrity sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==
- dependencies:
- jws "^3.2.2"
- lodash.includes "^4.3.0"
- lodash.isboolean "^3.0.3"
- lodash.isinteger "^4.0.4"
- lodash.isnumber "^3.0.3"
- lodash.isplainobject "^4.0.6"
- lodash.isstring "^4.0.1"
- lodash.once "^4.0.0"
- ms "^2.1.1"
- semver "^7.5.4"
-
-jwa@^1.4.1:
- version "1.4.1"
- resolved "https://registry.yarnpkg.com/jwa/-/jwa-1.4.1.tgz#743c32985cb9e98655530d53641b66c8645b039a"
- integrity sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==
- dependencies:
- buffer-equal-constant-time "1.0.1"
- ecdsa-sig-formatter "1.0.11"
- safe-buffer "^5.0.1"
-
jwa@^2.0.0:
version "2.0.0"
resolved "https://registry.yarnpkg.com/jwa/-/jwa-2.0.0.tgz#a7e9c3f29dae94027ebcaf49975c9345593410fc"
@@ -2864,14 +2825,6 @@ jwa@^2.0.0:
ecdsa-sig-formatter "1.0.11"
safe-buffer "^5.0.1"
-jws@^3.2.2:
- version "3.2.2"
- resolved "https://registry.yarnpkg.com/jws/-/jws-3.2.2.tgz#001099f3639468c9414000e99995fa52fb478304"
- integrity sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==
- dependencies:
- jwa "^1.4.1"
- safe-buffer "^5.0.1"
-
jws@^4.0.0:
version "4.0.0"
resolved "https://registry.yarnpkg.com/jws/-/jws-4.0.0.tgz#2d4e8cf6a318ffaa12615e9dec7e86e6c97310f4"
@@ -2967,46 +2920,16 @@ lodash.flatten@^4.4.0:
resolved "https://registry.yarnpkg.com/lodash.flatten/-/lodash.flatten-4.4.0.tgz#f31c22225a9632d2bbf8e4addbef240aa765a61f"
integrity sha1-8xwiIlqWMtK7+OSt2+8kCqdlph8=
-lodash.includes@^4.3.0:
- version "4.3.0"
- resolved "https://registry.yarnpkg.com/lodash.includes/-/lodash.includes-4.3.0.tgz#60bb98a87cb923c68ca1e51325483314849f553f"
- integrity sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==
-
-lodash.isboolean@^3.0.3:
- version "3.0.3"
- resolved "https://registry.yarnpkg.com/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz#6c2e171db2a257cd96802fd43b01b20d5f5870f6"
- integrity sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==
-
-lodash.isinteger@^4.0.4:
- version "4.0.4"
- resolved "https://registry.yarnpkg.com/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz#619c0af3d03f8b04c31f5882840b77b11cd68343"
- integrity sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==
-
-lodash.isnumber@^3.0.3:
- version "3.0.3"
- resolved "https://registry.yarnpkg.com/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz#3ce76810c5928d03352301ac287317f11c0b1ffc"
- integrity sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==
-
lodash.isplainobject@^4.0.6:
version "4.0.6"
resolved "https://registry.yarnpkg.com/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz#7c526a52d89b45c45cc690b88163be0497f550cb"
integrity sha1-fFJqUtibRcRcxpC4gWO+BJf1UMs=
-lodash.isstring@^4.0.1:
- version "4.0.1"
- resolved "https://registry.yarnpkg.com/lodash.isstring/-/lodash.isstring-4.0.1.tgz#d527dfb5456eca7cc9bb95d5daeaf88ba54a5451"
- integrity sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==
-
lodash.merge@^4.6.2:
version "4.6.2"
resolved "https://registry.yarnpkg.com/lodash.merge/-/lodash.merge-4.6.2.tgz#558aa53b43b661e1925a0afdfa36a9a1085fe57a"
integrity sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==
-lodash.once@^4.0.0:
- version "4.1.1"
- resolved "https://registry.yarnpkg.com/lodash.once/-/lodash.once-4.1.1.tgz#0dd3971213c7c56df880977d504c88fb471a97ac"
- integrity sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==
-
lodash.union@^4.6.0:
version "4.6.0"
resolved "https://registry.yarnpkg.com/lodash.union/-/lodash.union-4.6.0.tgz#48bb5088409f16f1821666641c44dd1aaae3cd88"
@@ -4038,11 +3961,6 @@ util-deprecate@^1.0.1, util-deprecate@~1.0.1:
resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf"
integrity sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8=
-uuid@^8.3.0:
- version "8.3.2"
- resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.3.2.tgz#80d5b5ced271bb9af6c445f21a1a04c606cefbe2"
- integrity sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==
-
v8-to-istanbul@^9.0.1:
version "9.1.3"
resolved "https://registry.yarnpkg.com/v8-to-istanbul/-/v8-to-istanbul-9.1.3.tgz#ea456604101cd18005ac2cae3cdd1aa058a6306b"
diff --git a/helm/kc-cron-job/README.md b/helm/kc-cron-job/README.md
index b2e852c5..6bc79e31 100644
--- a/helm/kc-cron-job/README.md
+++ b/helm/kc-cron-job/README.md
@@ -14,6 +14,11 @@ The deployment steps for a new namespace follow:
```sh
# update rest of the values
+export BCEID_SERVICE_BASIC_AUTH=
+export BCEID_REQUESTER_IDIR_GUID=
+export BCEID_SERVICE_ID_DEV=
+export BCEID_SERVICE_ID_TEST=
+export BCEID_SERVICE_ID_PROD=
export DEV_KEYCLOAK_CLIENT_ID=
export DEV_KEYCLOAK_CLIENT_SECRET=
export DEV_KEYCLOAK_URL=https://dev.loginproxy.gov.bc.ca
diff --git a/helm/kc-cron-job/templates/cron-remove-inactive-users.yaml b/helm/kc-cron-job/templates/cron-remove-inactive-users.yaml
index 7a04c8b8..d58d10b3 100644
--- a/helm/kc-cron-job/templates/cron-remove-inactive-users.yaml
+++ b/helm/kc-cron-job/templates/cron-remove-inactive-users.yaml
@@ -128,55 +128,31 @@ spec:
secretKeyRef:
name: kc-cron-job-secret
key: prod-kc-password
-
- - name: MS_GRAPH_API_AUTHORITY_DEV
+ - name: BCEID_SERVICE_BASIC_AUTH
valueFrom:
secretKeyRef:
name: kc-cron-job-secret
- key: ms-graph-api-authority-dev
- - name: MS_GRAPH_API_CLIENT_ID_DEV
+ key: bceid-service-basic-auth
+ - name: BCEID_REQUESTER_IDIR_GUID
valueFrom:
secretKeyRef:
name: kc-cron-job-secret
- key: ms-graph-api-client-id-dev
- - name: MS_GRAPH_API_CLIENT_SECRET_DEV
+ key: bceid-requester-idir-guid
+ - name: BCEID_SERVICE_ID_DEV
valueFrom:
secretKeyRef:
name: kc-cron-job-secret
- key: ms-graph-api-client-secret-dev
-
- - name: MS_GRAPH_API_AUTHORITY_TEST
+ key: bceid-service-id-dev
+ - name: BCEID_SERVICE_ID_TEST
valueFrom:
secretKeyRef:
name: kc-cron-job-secret
- key: ms-graph-api-authority-test
- - name: MS_GRAPH_API_CLIENT_ID_TEST
+ key: bceid-service-id-test
+ - name: BCEID_SERVICE_ID_PROD
valueFrom:
secretKeyRef:
name: kc-cron-job-secret
- key: ms-graph-api-client-id-test
- - name: MS_GRAPH_API_CLIENT_SECRET_TEST
- valueFrom:
- secretKeyRef:
- name: kc-cron-job-secret
- key: ms-graph-api-client-secret-test
-
- - name: MS_GRAPH_API_AUTHORITY_PROD
- valueFrom:
- secretKeyRef:
- name: kc-cron-job-secret
- key: ms-graph-api-authority-prod
- - name: MS_GRAPH_API_CLIENT_ID_PROD
- valueFrom:
- secretKeyRef:
- name: kc-cron-job-secret
- key: ms-graph-api-client-id-prod
- - name: MS_GRAPH_API_CLIENT_SECRET_PROD
- valueFrom:
- secretKeyRef:
- name: kc-cron-job-secret
- key: ms-graph-api-client-secret-prod
-
+ key: bceid-service-id-prod
- name: CSS_API_URL
valueFrom:
secretKeyRef:
diff --git a/helm/kc-cron-job/values-c6af30-tools.yaml b/helm/kc-cron-job/values-c6af30-tools.yaml
deleted file mode 100644
index 858c65de..00000000
--- a/helm/kc-cron-job/values-c6af30-tools.yaml
+++ /dev/null
@@ -1,72 +0,0 @@
-image:
- repository: ghcr.io/bcgov/kc-cron-job
- tag: dev
- pullPolicy: Always
-
-imagePullSecrets:
- - name: gh-registry-config
-
-nameOverride: kc-cron-job
-fullnameOverride: kc-cron-job
-
-enableEventLogsJob: true
-
-enableActiveSessionsJob: false
-
-enableRemoveInactiveUsersJob: false
-
-enableRemoveVcUsersJob: false
-
-namespace:
- eventLogs:
- - 'c6af30-dev'
- activeSessions: 'c6af30-tools'
- rmInactiveUsers: 'c6af30-tools'
- rmVcUsers: 'c6af30-tools'
-
-pvc:
- name: sso-keycloak-logs
-
-networkPolicy:
- environment: tools
- licensePlate: c6af30
-
-pgHost: kc-cron-patroni.c6af30-tools.svc.cluster.local
-
-resources:
- limits:
- cpu: 0.5
- memory: 512M
- requests:
- cpu: 0.25
- memory: 256M
-
-patroni:
- nameOverride: kc-cron-patroni
- fullnameOverride: kc-cron-patroni
- replicaCount: 2
- resources:
- requests:
- cpu: 100m
- memory: 400Mi
- limits:
- cpu: 200m
- memory: 600Mi
- ## Only uncoment on a first install
- # credentials:
- # existingSecret: false
- # admin:
- # username: admin
- # password:
- # standby:
- # username: standby
- # password:
- # superuser:
- # username: postgres
- # password:
-
- additionalCredentials:
- - username: rhsso
- password:
-
-rocketChatWebhook: