Merge branch 'bcgov:main' into i5okie/updates

helm-values/traction/values-production.yaml

@@ -73,8 +73,9 @@ ui:
     active: true
     showInnkeeperAdminLogin: true
     showWritableComponents: false
-    authority: https://loginproxy.gov.bc.ca/auth/realms/digitaltrust-nrm
-    jwksUri: https://loginproxy.gov.bc.ca/auth/realms/digitaltrust-nrm/protocol/openid-connect/certs
+    authority: https://loginproxy.gov.bc.ca/auth/realms/digitaltrust-citz
+    jwksUri: https://loginproxy.gov.bc.ca/auth/realms/digitaltrust-citz/protocol/openid-connect/certs
+    realm: "digitaltrust-citz"
     reservationForm: >-
       {
         "formDataSchema": {

helm-values/traction/values-sandbox.yaml

@@ -68,8 +68,9 @@ ui:
     active: false
     showInnkeeperAdminLogin: true
     showWritableComponents: true
-    authority: ""
-    jwksUri: ""
+    authority: https://dev.loginproxy.gov.bc.ca/auth/realms/digitaltrust-citz
+    jwksUri: https://dev.loginproxy.gov.bc.ca/auth/realms/digitaltrust-citz/protocol/openid-connect/certs
+    realm: "digitaltrust-citz"
     reservationForm: >-
       {
         "formDataSchema": {
@@ -115,10 +116,13 @@ ingress:
   annotations:
     route.openshift.io/termination: edge
 postgresql:
-  resources:
-    limits:
-      cpu: 400m
-      memory: 1600Mi
-    requests:
-      cpu: 200m
-      memory: 820Mi
+  primary:
+    persistence:
+      size: 5Gi
+    resources:
+      limits:
+        cpu: 2
+        memory: 4000Mi
+      requests:
+        cpu: 200m
+        memory: 820Mi

helm-values/traction/values-test.yaml

@@ -88,8 +88,9 @@ ui:
   oidc:
     active: true
     showInnkeeperAdminLogin: true
-    authority: https://test.loginproxy.gov.bc.ca/auth/realms/digitaltrust-nrm
-    jwksUri: https://test.loginproxy.gov.bc.ca/auth/realms/digitaltrust-nrm/protocol/openid-connect/certs
+    authority: https://test.loginproxy.gov.bc.ca/auth/realms/digitaltrust-citz
+    jwksUri: https://test.loginproxy.gov.bc.ca/auth/realms/digitaltrust-citz/protocol/openid-connect/certs
+    realm: "digitaltrust-citz"
     reservationForm: >-
       {
         "formDataSchema": {

openshift/settings.idim-preprod.sh

@@ -0,0 +1,11 @@
+# Description: IDIM-PreProd (test only environment) Issuer Profile - Using ephemeral queue
+export SKIP_PIPELINE_PROCESSING=1
+
+# Switched away from persistent queue implementation until it is more stable
+# export include_templates="issuer-agent-pq-deploy issuer-wallet-deploy delivery-service-inbound-deploy delivery-service-outbound-deploy"
+
+export include_templates="issuer-agent-deploy issuer-wallet-deploy"
+export ignore_templates=""
+
+# IDIM-PreProd is a test environment.
+export DEPLOYMENT_ENV_NAME="test"

openshift/templates/backup/backup-deploy.param

@@ -20,6 +20,7 @@ IDIM_WALLET_DB_HOST=wallet-idim
 IDIM_SIT_WALLET_DB_HOST=wallet-idim-sit
 IDIM_QA_WALLET_DB_HOST=wallet-idim-qa
 LCRB_WALLET_DB_HOST=wallet-lcrb
+IDIM_PREPROD_WALLET_DB_HOST=wallet-idim-preprod
 DB_USER_KEY_NAME=database-user
 DB_PASSWORD_KEY_NAME=database-password
 BACKUP_STRATEGY=rolling

openshift/templates/backup/backup-deploy.yaml

@@ -239,6 +239,16 @@ objects:
                     secretKeyRef:
                       name: ${PREFIX}${LCRB_WALLET_DB_HOST}
                       key: ${DB_PASSWORD_KEY_NAME}
+                - name: WALLET_IDIM_PREPROD_USER
+                  valueFrom:
+                    secretKeyRef:
+                      name: ${PREFIX}${IDIM_PREPROD_WALLET_DB_HOST}
+                      key: ${DB_USER_KEY_NAME}
+                - name: WALLET_IDIM_PREPROD_PASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      name: ${PREFIX}${IDIM_PREPROD_WALLET_DB_HOST}
+                      key: ${DB_PASSWORD_KEY_NAME}
                 - name: WEBHOOK_URL
                   valueFrom:
                     secretKeyRef:
@@ -371,6 +381,13 @@ parameters:
       particular, this is used to wire up the credentials associated to the database.
     required: true
     value: wallet-lcrb
+  - name: IDIM_PREPROD_WALLET_DB_HOST
+    displayName: Wallet Database Hostname
+    description:
+      The name associated to the wallet database deployment resources.  In
+      particular, this is used to wire up the credentials associated to the database.
+    required: true
+    value: wallet-idim-preprod
   - name: DB_USER_KEY_NAME
     displayName: Database User Key Name
     description:

openshift/templates/backup/config/dev/backup.conf

@@ -46,11 +46,11 @@
 # 0 1 * * * default ./backup.sh -s
 # 0 4 * * * default ./backup.sh -s -v all
 # ============================================================
-postgres=vc-authn-database/vc_authn
+# postgres=vc-authn-database/vc_authn
 postgres=wallet-lsbc/agent_lsbc_wallet
 postgres=wallet-buybc/agent_buybc_wallet
-postgres=vc-authn-wallet/vc_authn_agent_rev_wallet
-postgres=vc-authn-wallet/vc_authn_agent_wallet
+# postgres=vc-authn-wallet/vc_authn_agent_rev_wallet
+# postgres=vc-authn-wallet/vc_authn_agent_wallet
 postgres=wallet-idim/agent_idim_wallet
 postgres=wallet-idim-sit/agent_idim_sit_wallet
 postgres=wallet-lcrb/agent_lcrb_wallet

openshift/templates/backup/config/prod/backup.conf

@@ -25,7 +25,7 @@
 # Cron Scheduling:
 # -----------------------------------------------------------
 # List your backup and verification schedule(s) here as well.
-# The schedule(s) must be listed as cron tabs that 
+# The schedule(s) must be listed as cron tabs that
 # execute the script in 'scheduled' mode:
 #   - ./backup.sh -s
 #
@@ -46,11 +46,11 @@
 # 0 1 * * * default ./backup.sh -s
 # 0 4 * * * default ./backup.sh -s -v all
 # ============================================================
-postgres=vc-authn-database/vc_authn
+# postgres=vc-authn-database/vc_authn
 postgres=wallet-lsbc/agent_lsbc_wallet
 postgres=wallet-buybc/agent_buybc_wallet
-postgres=vc-authn-wallet/vc_authn_agent_rev_wallet
-postgres=vc-authn-wallet/vc_authn_agent_wallet
+# postgres=vc-authn-wallet/vc_authn_agent_rev_wallet
+# postgres=vc-authn-wallet/vc_authn_agent_wallet
 postgres=wallet-idim/agent_idim_wallet
 postgres=wallet-lcrb/agent_lcrb_wallet
 

openshift/templates/backup/config/test/backup.conf

@@ -25,7 +25,7 @@
 # Cron Scheduling:
 # -----------------------------------------------------------
 # List your backup and verification schedule(s) here as well.
-# The schedule(s) must be listed as cron tabs that 
+# The schedule(s) must be listed as cron tabs that
 # execute the script in 'scheduled' mode:
 #   - ./backup.sh -s
 #
@@ -46,13 +46,14 @@
 # 0 1 * * * default ./backup.sh -s
 # 0 4 * * * default ./backup.sh -s -v all
 # ============================================================
-postgres=vc-authn-database/vc_authn
+# postgres=vc-authn-database/vc_authn
 postgres=wallet-lsbc/agent_lsbc_wallet
 postgres=wallet-buybc/agent_buybc_wallet
-postgres=vc-authn-wallet/vc_authn_agent_rev_wallet
-postgres=vc-authn-wallet/vc_authn_agent_wallet
+# postgres=vc-authn-wallet/vc_authn_agent_rev_wallet
+# postgres=vc-authn-wallet/vc_authn_agent_wallet
 postgres=wallet-idim-qa/agent_idim_qa_wallet
 postgres=wallet-lcrb/agent_lcrb_wallet
+postgres=wallet-idim-preprod/agent_idim_preprod_wallet
 
 # Schedule backup for 1am PST; system TZ is PST
 0 1 * * * default ./backup.sh -s

openshift/templates/issuer-agent/issuer-agent-deploy.a2a.param

@@ -15,6 +15,7 @@ ROUTE_TIMEOUT=120s
 IMAGE_NAMESPACE=a99fd4-tools
 NAMESPACE_NAME=a99fd4
 SOURCE_IMAGE_NAME=issuer-kit-agent
+TAG_PREFIX=a2a-
 TAG_NAME=dev
 APP_CONFIG_MAP_NAME=agent-config
 APP_CONFIG_MOUNT_PATH=/home/indy/
@@ -50,6 +51,8 @@ TAILS_FILES_DIR=/home/indy/.indy_client/tails
 TAILS_FILES_VOLUME_CLASS=netapp-file-standard
 TAILS_FILES_VOLUME_SIZE=1Gi
 ACAPY_TAILS_SERVER_BASE_URL=https://tails-dev.vonx.io
+MIN_REPLICAS=1
+MAX_REPLICAS=2
 CPU_REQUEST=10m
 CPU_LIMIT=300m
 MEMORY_REQUEST=10Mi

openshift/templates/issuer-agent/issuer-agent-deploy.a2a.test.param

@@ -15,6 +15,7 @@ ADMIN_APPLICATION_DOMAIN=a2a-agent-admin-test.apps.silver.devops.gov.bc.ca
 # IMAGE_NAMESPACE=a99fd4-tools
 # NAMESPACE_NAME=a99fd4
 # SOURCE_IMAGE_NAME=issuer-kit-agent
+TAG_PREFIX=
 TAG_NAME=test
 # APP_CONFIG_MAP_NAME=agent-config
 # APP_CONFIG_MOUNT_PATH=/home/indy/
@@ -50,8 +51,9 @@ AGENT_BASE_URL=https://a2a-agent-test.apps.silver.devops.gov.bc.ca
 # TAILS_FILES_VOLUME_CLASS=netapp-file-standard
 # TAILS_FILES_VOLUME_SIZE=1Gi
 ACAPY_TAILS_SERVER_BASE_URL=https://tails-test.vonx.io
+# MIN_REPLICAS=1
+# MAX_REPLICAS=2
 # CPU_REQUEST=10m
 # CPU_LIMIT=300m
 # MEMORY_REQUEST=10Mi
-# MEMORY_LIMIT=512Mi
-# 
+# MEMORY_LIMIT=512Mi

openshift/templates/issuer-agent/issuer-agent-deploy.bcreg.param

@@ -44,6 +44,8 @@ TAILS_FILES_DIR=/home/indy/.indy_client/tails
 TAILS_FILES_VOLUME_CLASS=netapp-file-standard
 TAILS_FILES_VOLUME_SIZE=1Gi
 ACAPY_TAILS_SERVER_BASE_URL=https://tails-dev.vonx.io
+MIN_REPLICAS=1
+MAX_REPLICAS=2
 CPU_REQUEST=10m
 CPU_LIMIT=300m
 MEMORY_REQUEST=10Mi

openshift/templates/issuer-agent/issuer-agent-deploy.bcreg.prod.param

@@ -44,8 +44,9 @@ ACAPY_GENESIS_TRANSACTIONS_LIST=ledgers-bcreg.yaml
 # TAILS_FILES_VOLUME_CLASS=netapp-file-standard
 # TAILS_FILES_VOLUME_SIZE=1Gi
 ACAPY_TAILS_SERVER_BASE_URL=https://tails.vonx.io
+# MIN_REPLICAS=1
+# MAX_REPLICAS=2
 # CPU_REQUEST=10m
 # CPU_LIMIT=300m
 # MEMORY_REQUEST=10Mi
-# MEMORY_LIMIT=512Mi
-# 
+# MEMORY_LIMIT=512Mi

openshift/templates/issuer-agent/issuer-agent-deploy.bcreg.test.param

@@ -44,8 +44,9 @@ AGENT_BASE_URL=https://bcreg-os-agent-test.apps.silver.devops.gov.bc.ca
 # TAILS_FILES_VOLUME_CLASS=netapp-file-standard
 # TAILS_FILES_VOLUME_SIZE=1Gi
 ACAPY_TAILS_SERVER_BASE_URL=https://tails-test.vonx.io
+# MIN_REPLICAS=1
+# MAX_REPLICAS=2
 # CPU_REQUEST=10m
 # CPU_LIMIT=300m
 # MEMORY_REQUEST=10Mi
-# MEMORY_LIMIT=512Mi
-# 
+# MEMORY_LIMIT=512Mi

openshift/templates/issuer-agent/issuer-agent-deploy.bcvcpilot.param

@@ -64,6 +64,8 @@ TAILS_FILES_DIR=/home/indy/.indy_client/tails
 TAILS_FILES_VOLUME_CLASS=netapp-file-standard
 TAILS_FILES_VOLUME_SIZE=1Gi
 ACAPY_TAILS_SERVER_BASE_URL=https://tails-dev.vonx.io
+MIN_REPLICAS=1
+MAX_REPLICAS=2
 CPU_REQUEST=100m
 CPU_LIMIT=250m
 MEMORY_REQUEST=128Mi

openshift/templates/issuer-agent/issuer-agent-deploy.bcvcpilot.prod.param

@@ -64,6 +64,8 @@ ACAPY_WALLET_TYPE=askar
 # TAILS_FILES_VOLUME_CLASS=netapp-file-standard
 # TAILS_FILES_VOLUME_SIZE=1Gi
 ACAPY_TAILS_SERVER_BASE_URL=https://tails-test.vonx.io
+MIN_REPLICAS=2
+MAX_REPLICAS=3
 # CPU_REQUEST=100m
 # CPU_LIMIT=250m
 # MEMORY_REQUEST=128Mi

openshift/templates/issuer-agent/issuer-agent-deploy.bcvcpilot.test.param

@@ -64,6 +64,8 @@ ACAPY_WALLET_TYPE=askar
 # TAILS_FILES_VOLUME_CLASS=netapp-file-standard
 # TAILS_FILES_VOLUME_SIZE=1Gi
 ACAPY_TAILS_SERVER_BASE_URL=https://tails-test.vonx.io
+# MIN_REPLICAS=1
+# MAX_REPLICAS=2
 # CPU_REQUEST=100m
 # CPU_LIMIT=250m
 # MEMORY_REQUEST=128Mi

openshift/templates/issuer-agent/issuer-agent-deploy.idim-preprod.param

@@ -0,0 +1,71 @@
+#=========================================================
+# OpenShift template parameters for:
+# Component: .
+# Template File: ../openshift/templates/issuer-agent/issuer-agent-deploy.yaml
+#=========================================================
+NAME=agent
+APP_NAME=issuer
+APP_GROUP=idim-preprod
+SUFFIX=-idim-preprod
+ROLE=agent
+API_ROLE=api
+APPLICATION_DOMAIN=idim-preprod-agent-test.apps.silver.devops.gov.bc.ca
+ADMIN_APPLICATION_DOMAIN=idim-preprod-agent-admin-test.apps.silver.devops.gov.bc.ca
+ROUTE_TIMEOUT=240s
+IMAGE_NAMESPACE=e79518-tools
+NAMESPACE_NAME=e79518
+SOURCE_IMAGE_NAME=issuer-kit-agent
+TAG_PREFIX=idim-preprod-
+TAG_NAME=test
+APP_CONFIG_MAP_NAME=agent-config
+APP_CONFIG_MOUNT_PATH=/home/aries/
+ACAPY_LABEL=IDIM (PreProd)
+ACAPY_READ_ONLY_LEDGER=false
+AGENT_BASE_URL=https://idim-preprod-agent-test.apps.silver.devops.gov.bc.ca
+ACAPY_IMAGE_URL=https://id.gov.bc.ca/static/Gov-2.0/images/favicon.ico
+WEBHOOK_URL=to-be-defined
+AGENT_ADMIN_PORT=8024
+# ADMIN_API_KEY=[a-zA-Z0-9]{16}
+API_HOST=api
+AGENT_HTTP_PORT=8021
+ACAPY_GENESIS_TRANSACTIONS_LIST=ledgers-candy.yaml
+ACAPY_LOG_LEVEL=WARNING
+ACAPY_INVITE_PUBLIC=true
+ACAPY_PUBLIC_INVITES=true
+ACAPY_REQUESTS_THROUGH_PUBLIC_DID=false
+ACAPY_AUTO_ACCEPT_INVITES=false
+ACAPY_AUTO_ACCEPT_REQUESTS=false
+ACAPY_AUTO_PING_CONNECTION=true
+ACAPY_MONITOR_PING=false
+ACAPY_AUTO_RESPOND_MESSAGES=false
+ACAPY_AUTO_RESPOND_CREDENTIAL_OFFER=false
+ACAPY_AUTO_RESPOND_CREDENTIAL_REQUEST=false
+ACAPY_AUTO_VERIFY_PRESENTATION=true
+ACAPY_AUTO_PROVISION=true
+ACAPY_NOTIFY_REVOCATION=false
+ACAPY_ENDORSER_ROLE=author
+ACAPY_ENDORSER_ALIAS=Endorser
+ACAPY_AUTO_REQUEST_ENDORSEMENT=true
+ACAPY_AUTO_WRITE_TRANSACTIONS=true
+ACAPY_CREATE_REVOCATION_TRANSACTIONS=true
+ACAPY_WALLET_TYPE=askar
+ACAPY_WALLET_STORAGE_TYPE=postgres_storage
+WALLET_HOST=wallet
+WALLET_HOST_PORT=5432
+WALLET_STORAGE_CONFIG={\"url\":\"${POSTGRESQL_WALLET_HOST}:${POSTGRESQL_WALLET_PORT}\",\"max_connections\":5}
+WALLET_STORAGE_CREDS={\"account\":\"${POSTGRESQL_WALLET_USER}\",\"password\":\"${POSTGRESQL_WALLET_PASSWORD}\",\"admin_account\":\"postgres\",\"admin_password\":\"${POSTGRESQL_WALLET_ADMIN_PASSWORD}\"}
+WALLET_CREDENTIAL_STORE_NAME=agent-wallet-credentials
+# WALLET_KEY=[a-zA-Z0-9]{10}
+# WALLET_SEED=[a-zA-Z0-9]{32}
+# WALLET_DID=[a-zA-Z0-9]{16}
+WALLET_SUFFIX=-idim-preprod
+TAILS_FILES_DIR=/home/aries/.indy_client/tails
+TAILS_FILES_VOLUME_CLASS=netapp-file-standard
+TAILS_FILES_VOLUME_SIZE=1Gi
+ACAPY_TAILS_SERVER_BASE_URL=https://tails-test.vonx.io
+MIN_REPLICAS=3
+MAX_REPLICAS=4
+CPU_REQUEST=100m
+CPU_LIMIT=1000m
+MEMORY_REQUEST=128Mi
+MEMORY_LIMIT=512Mi

openshift/templates/issuer-agent/issuer-agent-deploy.idim-qa.param

@@ -63,6 +63,8 @@ TAILS_FILES_DIR=/home/aries/.indy_client/tails
 TAILS_FILES_VOLUME_CLASS=netapp-file-standard
 TAILS_FILES_VOLUME_SIZE=1Gi
 ACAPY_TAILS_SERVER_BASE_URL=https://tails-test.vonx.io
+MIN_REPLICAS=2
+MAX_REPLICAS=3
 CPU_REQUEST=100m
 CPU_LIMIT=250m
 MEMORY_REQUEST=128Mi

openshift/templates/issuer-agent/issuer-agent-deploy.idim-sit.param

@@ -63,6 +63,8 @@ TAILS_FILES_DIR=/home/aries/.indy_client/tails
 TAILS_FILES_VOLUME_CLASS=netapp-file-standard
 TAILS_FILES_VOLUME_SIZE=1Gi
 ACAPY_TAILS_SERVER_BASE_URL=https://tails-dev.vonx.io
+MIN_REPLICAS=2
+MAX_REPLICAS=3
 CPU_REQUEST=100m
 CPU_LIMIT=250m
 MEMORY_REQUEST=128Mi

openshift/templates/issuer-agent/issuer-agent-deploy.idim.dev.param

@@ -63,6 +63,8 @@ ACAPY_GENESIS_TRANSACTIONS_LIST=ledgers-candy.yaml
 # TAILS_FILES_VOLUME_CLASS=netapp-file-standard
 # TAILS_FILES_VOLUME_SIZE=1Gi
 ACAPY_TAILS_SERVER_BASE_URL=https://tails-dev.vonx.io
+MIN_REPLICAS=2
+MAX_REPLICAS=3
 # CPU_REQUEST=100m
 # CPU_LIMIT=250m
 # MEMORY_REQUEST=128Mi

openshift/templates/issuer-agent/issuer-agent-deploy.idim.param

@@ -63,6 +63,8 @@ TAILS_FILES_DIR=/home/aries/.indy_client/tails
 TAILS_FILES_VOLUME_CLASS=netapp-file-standard
 TAILS_FILES_VOLUME_SIZE=1Gi
 ACAPY_TAILS_SERVER_BASE_URL=https://tails-dev.vonx.io
+MIN_REPLICAS=2
+MAX_REPLICAS=3
 CPU_REQUEST=100m
 CPU_LIMIT=250m
 MEMORY_REQUEST=128Mi

openshift/templates/issuer-agent/issuer-agent-deploy.idim.prod.param

@@ -63,6 +63,8 @@ ACAPY_GENESIS_TRANSACTIONS_LIST=ledgers-candy.yaml
 # TAILS_FILES_VOLUME_CLASS=netapp-file-standard
 # TAILS_FILES_VOLUME_SIZE=1Gi
 ACAPY_TAILS_SERVER_BASE_URL=https://tails.vonx.io
+MIN_REPLICAS=3
+MAX_REPLICAS=4
 # CPU_REQUEST=100m
 # CPU_LIMIT=250m
 # MEMORY_REQUEST=128Mi