From 0ee67ca06fce6e59bf5e811ec5b7dc74bff4627e Mon Sep 17 00:00:00 2001 From: Jorge Romero Date: Tue, 12 May 2026 13:47:28 +0200 Subject: [PATCH 1/7] Add configuration guide for ODS API Service Helm Chart --- ods-api-service/chart/CONFIGURATION_GUIDE.md | 587 +++++++++++++++++++ 1 file changed, 587 insertions(+) create mode 100644 ods-api-service/chart/CONFIGURATION_GUIDE.md diff --git a/ods-api-service/chart/CONFIGURATION_GUIDE.md b/ods-api-service/chart/CONFIGURATION_GUIDE.md new file mode 100644 index 000000000..dedc6624f --- /dev/null +++ b/ods-api-service/chart/CONFIGURATION_GUIDE.md @@ -0,0 +1,587 @@ +# ODS API Service Helm Chart — Configuration Guide + +This guide explains the configuration model of the chart and how to add or modify a **service**, an **externalService**, or an **automation** integration, including their configuration and secrets. + +--- + +## Architecture Overview + +The chart organises runtime configuration into three **domains**. Each domain owns one ConfigMap (non-sensitive values) and one Secret (sensitive values). Both are bulk-injected into the pod via `envFrom`. + +| Domain | Values keys | ConfigMap | Secret | +|---|---|---|---| +| `application` | `config.*`, `postgresql.*` | `-application-config` | `-application-secrets` | +| `services` | `services.*`, `apis.*` | `-services-config` | `-services-secrets` | +| `externalServices` | `externalServices.*` | `-external-services-config` | `-external-services-secrets` | + +The `application.yaml` Spring Boot config file is generated by `templates/tpl/_application_yaml.tpl` at deploy time and mounted into the pod at `/home/default/config/application.yaml`. Sensitive values are **not** baked into that file — the template uses Spring's `${ENV_VAR:default}` placeholders that are resolved at startup from the environment provided by the ConfigMaps and Secrets. + +``` +values.yaml + │ + ├─► _application_yaml.tpl ──► ConfigMap "-config" + │ key: application.yaml (volume-mounted) + │ + ├─► _env_application.tpl ──► ConfigMap / Secret: application domain + ├─► _env_services.tpl ──► ConfigMap / Secret: services domain + └─► _env_external_services.tpl ──► ConfigMap / Secret: external-services domain +``` + +All six resources are loaded in `deployment.yaml` via `envFrom` in domain order: + +```yaml +envFrom: + - configMapRef: -application-config + - secretRef: -application-secrets + - configMapRef: -services-config + - secretRef: -services-secrets + - configMapRef: -external-services-config + - secretRef: -external-services-secrets +``` + +--- + +## Concept Definitions + +### Service (`services` domain) + +A **service** is an **internal component** that encapsulates a piece of business logic inside the API Service itself. It is not a Kubernetes Service object and has no separate deployment. Examples: + +- **Project service** — checks project existence, generates project keys, finds projects. +- **LDAP group resolution** — determines group patterns for project membership lookups. + +Services are configured under `services.*` and `apis.*` in `values.yaml`. Their env vars land in the `services` ConfigMap/Secret and their Spring Boot config section is under `apis:` and `services:` in `application.yaml`. + +The `apis.*` sub-key configures the **HTTP API endpoints** that the service exposes (workflow name, JWT parameters, etc.), while `services.*` configures lower-level service behaviour (e.g. LDAP patterns). + +### ExternalService (`externalServices` domain) + +An **externalService** is an **external system** that the API Service connects to as a client. The application does not own or run it. Examples: Bitbucket, Jira, Jenkins, OpenShift clusters, Webhook Proxy, Marketplace, Projects Info Service. + +External services are configured under `externalServices.*` in `values.yaml`. Their env vars land in the `external-services` ConfigMap/Secret and their Spring Boot config section is under `externalservices:` in `application.yaml`. + +### Automation (`externalServices` domain, `automation.platform` in `application.yaml`) + +**Automation** is a special sub-category of external service for systems that are used to **trigger automated processes or workflows** — currently Ansible Automation Platform (AAP) and UiPath. They live under `externalServices.aap` and `externalServices.uipath` in `values.yaml` and their env vars follow the same external-services domain rules, but they render into a dedicated `automation.platform:` section in `application.yaml` (separate from `externalservices:`). + +--- + +## Summary Table + +| Concept | Values key | `application.yaml` section | Domain | Typical examples | +|---|---|---|---|---| +| Service | `services.*`, `apis.*` | `apis:`, `services:` | `services` | project service, LDAP config, projectUsers API | +| ExternalService | `externalServices.*` | `externalservices:` | `externalServices` | Bitbucket, Jira, Jenkins, OpenShift, Marketplace | +| Automation | `externalServices.aap`, `externalServices.uipath` | `automation.platform:` | `externalServices` | AAP, UiPath | + +--- + +## Configuring Existing Services + +### LDAP group pattern + +```yaml +services: + project: + ldap: + group: + pattern: "cn={0},ou=groups,dc=example,dc=com" +``` + +Generates env var `SERVICE_PROJECT_LDAP_GROUP_PATTERN` in the services ConfigMap. + +### projectUsers API + +Exposes a JWT-secured endpoint for managing project users. Calls an AAP workflow internally. + +```yaml +apis: + projectUsers: + enabled: true + workflowName: "my-aap-workflow-name" + token: + secret: "a-random-secret-of-at-least-32-characters" # JWT signing key, min 32 chars + expirationHours: 24 +``` + +Validation: `workflowName` and `token.secret` (≥ 32 characters) are required when `enabled: true`. Helm will abort if missing. + +Generated env vars: +- ConfigMap: `API_PROJECT_USERS_WORKFLOW_NAME`, `API_PROJECT_USERS_TOKEN_EXPIRATION_HOURS` +- Secret: `API_PROJECT_USERS_TOKEN_SECRET` + +### projects API + +Exposes an endpoint for provisioning mini-EDP projects via an AAP workflow. + +```yaml +apis: + projects: + enabled: true + workflowName: "my-project-prvision-flow" + locations: "europe,berlin,toledo" +``` + +Generated env vars (ConfigMap): `API_PROJECTS_MINIEDP_PROVISION_WORKFLOW_NAME`, `API_PROJECTS_LOCATIONS` + +--- + +## Configuring Existing ExternalServices + +All external services follow one of two structural patterns: + +- **Flag-based** — a single integration enabled with `enabled: true` (AAP, UiPath, Projects Info Service). +- **Instance-based** — a named map of instances, each with its own credentials (OpenShift, Bitbucket, Jira, Marketplace) or a named list (Jenkins, Webhook Proxy). + +**Instance naming convention:** the instance key is uppercased with hyphens replaced by underscores to form env var prefixes. +Example: key `my-cluster` → env vars prefixed `OPENSHIFT_MY_CLUSTER_`. + +### Projects Info Service + +```yaml +externalServices: + projectsInfoService: + enabled: true + baseUrl: "https://projects-info.example.com" +``` + +Required when enabled: `baseUrl`. Generates env var `PROJECTS_INFO_SERVICE_BASE_URL` (ConfigMap). + +### OpenShift instances + +```yaml +externalServices: + openshift: + instances: + my-cluster: # key becomes MY_CLUSTER in env var names + apiUrl: "https://api.my-cluster.ocp.example.com:6443" + token: "sha256~..." # → Secret + namespace: "my-namespace" + connectionTimeout: 30000 + readTimeout: 30000 + trustAllCertificates: false +``` + +Required per instance: `apiUrl`, `token`, `namespace`. Helm validates all three. + +Generated env vars: +- ConfigMap: `OPENSHIFT_MY_CLUSTER_API_URL`, `_NAMESPACE`, `_CONNECTION_TIMEOUT`, `_READ_TIMEOUT`, `_TRUST_ALL` +- Secret: `OPENSHIFT_MY_CLUSTER_TOKEN` + +### Bitbucket instances + +```yaml +externalServices: + bitbucket: + instances: + my-bb: + baseUrl: "https://bitbucket.example.com" + bearerToken: "..." # use bearerToken OR username + password + # username: "svc-account" + # password: "..." + connectionTimeout: 30000 + readTimeout: 30000 + trustAllCertificates: false +``` + +Required per instance: `baseUrl` plus either `bearerToken` or `username`+`password`. Helm validates both. + +Generated env vars: +- ConfigMap: `BITBUCKET_MY_BB_BASE_REST_URL`, `_CONNECTION_TIMEOUT`, `_READ_TIMEOUT`, `_TRUST_ALL` +- Secret: `BITBUCKET_MY_BB_BEARER_TOKEN` or `_USERNAME` + `_PASSWORD` + +### Jira instances + +```yaml +externalServices: + jira: + defaultInstance: "my-jira" # must match a key under instances + instances: + my-jira: + baseUrl: "https://jira.example.com" + bearerToken: "..." # or username + password + connectionTimeout: 30000 + readTimeout: 30000 + trustAllCertificates: false +``` + +Required per instance: `baseUrl` plus either `bearerToken` or `username`+`password`. + +Generated env vars: +- ConfigMap: `JIRA_DEFAULT_INSTANCE`, `JIRA_MY_JIRA_BASE_URL`, `_CONNECTION_TIMEOUT`, `_READ_TIMEOUT`, `_TRUST_ALL` +- Secret: `JIRA_MY_JIRA_BEARER_TOKEN` or `_USERNAME` + `_PASSWORD` + +### Jenkins environments + +Jenkins uses a **list** where `name` is the identifier: + +```yaml +externalServices: + jenkins: + environments: + - name: environmment-one + apiToken: "..." # → Secret +``` + +Generated env var (Secret): `JENKINS_EU_DEV_API_TOKEN` + +### Webhook Proxy clusters + +```yaml +externalServices: + webhookProxy: + clusters: + my-cluster: + clusterBase: "apps.my-cluster.ocp.example.com" + connectionTimeout: 30000 + readTimeout: 30000 + trustAllCertificates: false + defaultJenkinsfilePath: "Jenkinsfile" +``` + +Generated env vars (all ConfigMap): `WEBHOOK_PROXY_MY_CLUSTER_CLUSTER_BASE`, `_CONNECTION_TIMEOUT`, `_READ_TIMEOUT`, `_TRUST_ALL`, `_JENKINSFILE_PATH` + +### Marketplace instances + +```yaml +externalServices: + marketplace: + defaultInstance: "my-mkt" # must match a key under instances + instances: + my-mkt: + projectComponentsBaseUrl: "https://catalog.example.com/v1" + provisionerActionsBaseUrl: "https://provisioner.example.com/v1" + trustAllCertificates: true + oboScope: the-obo-scope + username: marketplace-user + password: marketplace-password +``` + +Generated env vars (all ConfigMap): `MARKETPLACE_DEFAULT_INSTANCE`, `MARKETPLACE_MY_MKT_PROJECT_COMPONENT_BASE_URL`, `MARKETPLACE_MY_MKT_PROVISIONER_ACTIONS_BASE_URL`, +`MARKETPLACE_MY_MKT_....`, + +--- + +## Configuring Existing Automation Integrations + +Automation integrations live under `externalServices` but render into the `automation.platform:` section of `application.yaml`, not `externalservices:`. + +### Ansible Automation Platform (AAP) + +```yaml +externalServices: + aap: + enabled: true + baseUrl: "https://aap.example.com" + username: "svc-account" # → Secret + password: "secret" # → Secret + timeout: 30000 + ssl: + verifyCertificates: true + trustStorePath: "" # optional + trustStorePassword: "" # optional, → Secret + trustStoreType: "JKS" +``` + +Required when enabled: `baseUrl`, `username`, `password`. + +Generated env vars: +- ConfigMap: `ANSIBLE_BASE_URL`, `ANSIBLE_TIMEOUT`, `ANSIBLE_SSL_VERIFY`, optionally `ANSIBLE_SSL_TRUSTSTORE_PATH`, `ANSIBLE_SSL_TRUSTSTORE_TYPE` +- Secret: `ANSIBLE_USERNAME`, `ANSIBLE_PASSWORD`, optionally `ANSIBLE_SSL_TRUSTSTORE_PASSWORD` + +`application.yaml` section rendered: `automation.platform.ansible.*` + +### UiPath + +```yaml +externalServices: + uipath: + enabled: true + host: "cloud.uipath.com" + clientId: "..." # → Secret + clientSecret: "..." # → Secret + tenancyName: "MyTenant" + organizationUnitId: "12345" + loginEndpoint: "/identity_/connect/token" + queueItemsEndpoint: "/odata/QueueItems" + timeout: 30000 + ssl: + verifyCertificates: true + trustStorePath: "" + trustStorePassword: "" + trustStoreType: "JKS" +``` + +Required when enabled: `host`, `clientId`, `clientSecret`. + +Generated env vars: +- ConfigMap: `UIPATH_HOST`, `UIPATH_TENANCY_NAME`, `UIPATH_ORGANIZATION_UNIT_ID`, `UIPATH_TIMEOUT`, `UIPATH_SSL_VERIFY` +- Secret: `UIPATH_CLIENT_ID`, `UIPATH_CLIENT_SECRET` + +`application.yaml` section rendered: `automation.platform.uipath.*` + +--- + +## How to Add a New ExternalService + +Adding a new external service requires changes to **four files**. The example below uses a fictional service called **`myService`**. + +### Step 1 — `values.yaml.template` + +Add under `externalServices:`. Use `enabled: false` as the safe default. + +**Flag-based** (single integration): +```yaml +externalServices: + myService: + enabled: false + baseUrl: "" + apiKey: "" # sensitive — will go to Secret + timeout: 30000 + ssl: + verifyCertificates: true +``` + +**Instance-based** (multiple named instances): +```yaml +externalServices: + myService: + instances: {} + # Example: + # prod: + # baseUrl: "https://myservice.example.com" + # apiKey: "" + # timeout: 30000 + # trustAllCertificates: false +``` + +### Step 2 — `templates/tpl/_env_external_services.tpl` + +Add to the `chart.externalServicesConfigData` block (non-sensitive): + +``` +{{- if .Values.externalServices.myService.enabled }} +## My Service configuration +MY_SERVICE_BASE_URL: {{ .Values.externalServices.myService.baseUrl | quote }} +MY_SERVICE_TIMEOUT: {{ .Values.externalServices.myService.timeout | quote }} +MY_SERVICE_SSL_VERIFY: {{ .Values.externalServices.myService.ssl.verifyCertificates | quote }} +{{- end }} +``` + +Add to the `chart.externalServicesSecretData` block (sensitive, note `b64enc`): + +``` +{{- if .Values.externalServices.myService.enabled }} +## My Service secrets +MY_SERVICE_API_KEY: {{ .Values.externalServices.myService.apiKey | b64enc | quote }} +{{- end }} +``` + +For instance-based: + +``` +{{- if gt (len .Values.externalServices.myService.instances) 0 }} +## My Service configuration +{{- range $name, $instance := .Values.externalServices.myService.instances }} +MY_SERVICE_{{ $name | upper | replace "-" "_" }}_BASE_URL: {{ $instance.baseUrl | quote }} +MY_SERVICE_{{ $name | upper | replace "-" "_" }}_TIMEOUT: {{ $instance.timeout | quote }} +MY_SERVICE_{{ $name | upper | replace "-" "_" }}_TRUST_ALL: {{ default false $instance.trustAllCertificates | quote }} +{{- end }} +{{- end }} +``` + +Secret block for instances: + +``` +{{- if gt (len .Values.externalServices.myService.instances) 0 }} +{{- range $name, $instance := .Values.externalServices.myService.instances }} +MY_SERVICE_{{ $name | upper | replace "-" "_" }}_API_KEY: {{ $instance.apiKey | b64enc | quote }} +{{- end }} +{{- end }} +``` + +### Step 3 — `templates/tpl/_application_yaml.tpl` + +Add a new block under `externalservices:` using `${ENV_VAR}` references so secrets are never baked into the ConfigMap: + +```yaml +{{- if .Values.externalServices.myService.enabled }} + my-service: + base-url: ${MY_SERVICE_BASE_URL} + api-key: ${MY_SERVICE_API_KEY} + timeout: ${MY_SERVICE_TIMEOUT:30000} + ssl: + verify-certificates: ${MY_SERVICE_SSL_VERIFY:true} +{{- end }} +``` + +For instance-based: + +```yaml + my-service: +{{- if gt (len .Values.externalServices.myService.instances) 0 }} + instances: +{{- range $name, $instance := .Values.externalServices.myService.instances }} + {{ $name }}: + base-url: ${MY_SERVICE_{{ $name | upper | replace "-" "_" }}_BASE_URL} + api-key: ${MY_SERVICE_{{ $name | upper | replace "-" "_" }}_API_KEY} + timeout: ${MY_SERVICE_{{ $name | upper | replace "-" "_" }}_TIMEOUT:30000} + trust-all-certificates: ${MY_SERVICE_{{ $name | upper | replace "-" "_" }}_TRUST_ALL:false} +{{- end }} +{{- else }} + instances: {} +{{- end }} +``` + +### Step 4 — `templates/tpl/_validations.tpl` + +Add a validation template and register it in `chart.validate.all`: + +``` +{{- define "chart.validate.myService" -}} +{{- if .Values.externalServices.myService.enabled }} + {{- if not .Values.externalServices.myService.baseUrl }} + {{- fail "externalServices.myService.baseUrl is required when myService is enabled" }} + {{- end }} + {{- if not .Values.externalServices.myService.apiKey }} + {{- fail "externalServices.myService.apiKey is required when myService is enabled" }} + {{- end }} +{{- end }} +{{- end -}} +``` + +Register it: + +``` +{{- define "chart.validate.all" -}} +{{- include "chart.validate.aap" . }} +... +{{- include "chart.validate.myService" . }} {{/* add this line */}} +{{- end -}} +``` + +--- + +## How to Add a New Automation Integration + +Automation integrations are external services whose primary role is triggering automated processes. They follow the same domain rules as external services but write into `automation.platform:` in `application.yaml` instead of `externalservices:`. + +Steps 1, 2, and 4 are identical to adding an external service. The only difference is in **Step 3**. + +### Step 3 — `templates/tpl/_application_yaml.tpl` (automation) + +Add the block under `automation.platform:` instead of `externalservices:`: + +```yaml +{{- if .Values.externalServices.myAutomation.enabled }} + my-automation: + enabled: true + base-url: ${MY_AUTOMATION_BASE_URL} + username: ${MY_AUTOMATION_USERNAME} + password: ${MY_AUTOMATION_PASSWORD} + timeout: ${MY_AUTOMATION_TIMEOUT:30000} + ssl: + verify-certificates: ${MY_AUTOMATION_SSL_VERIFY:true} +{{- end }} +``` + +--- + +## How to Add a New Service (Internal) + +Adding a new internal service requires changes to **three files** (validation is optional but recommended as a fourth). + +The example below adds a new service called **`myService`** with an API endpoint. + +### Step 1 — `values.yaml.template` + +Add under `apis:` for the API endpoint configuration, and/or under `services:` for lower-level service behaviour: + +```yaml +apis: + myApi: + enabled: false + workflowName: "" + token: + secret: "" # sensitive, min 32 chars if used for JWT signing + expirationHours: 24 + +services: + myService: + somePattern: "default-value" +``` + +### Step 2 — `templates/tpl/_env_services.tpl` + +Add to `chart.servicesConfigData` (non-sensitive): + +``` +{{ if .Values.apis.myApi.enabled }} +API_MY_API_WORKFLOW_NAME: {{ .Values.apis.myApi.workflowName | quote }} +API_MY_API_TOKEN_EXPIRATION_HOURS: {{ .Values.apis.myApi.token.expirationHours | quote }} +{{ end }} +MY_SERVICE_SOME_PATTERN: {{ .Values.services.myService.somePattern | quote }} +``` + +Add to `chart.servicesSecretData` (sensitive): + +``` +{{ if .Values.apis.myApi.enabled }} +API_MY_API_TOKEN_SECRET: {{ .Values.apis.myApi.token.secret | b64enc | quote }} +{{ end }} +``` + +### Step 3 — `templates/tpl/_application_yaml.tpl` + +Add under `apis:`: + +```yaml + my-api: + enabled: {{ .Values.apis.myApi.enabled | default false }} + workflow-name: ${API_MY_API_WORKFLOW_NAME:} + token: + secret: ${API_MY_API_TOKEN_SECRET:} + expiration-hours: ${API_MY_API_TOKEN_EXPIRATION_HOURS:24} +``` + +Add under `services:` if needed: + +```yaml +services: + my-service: + some-pattern: "${MY_SERVICE_SOME_PATTERN}" +``` + +### Step 4 — `templates/tpl/_validations.tpl` (recommended) + +``` +{{- define "chart.validate.myApi" -}} +{{- if .Values.apis.myApi.enabled }} + {{- if not .Values.apis.myApi.workflowName }} + {{- fail "apis.myApi.workflowName is required when myApi is enabled" }} + {{- end }} + {{- if not .Values.apis.myApi.token.secret }} + {{- fail "apis.myApi.token.secret is required when myApi is enabled" }} + {{- end }} + {{- if lt (len .Values.apis.myApi.token.secret) 32 }} + {{- fail "apis.myApi.token.secret must be at least 32 characters (256 bits)" }} + {{- end }} +{{- end }} +{{- end -}} +``` + +Register in `chart.validate.all`. + +--- + +## Key Rules and Conventions + +| Rule | Detail | +|---|---| +| **Sensitive values always go to Secrets** | Apply `b64enc` in the Secret template block. Never put passwords, tokens, or secrets in a ConfigMap. | +| **`application.yaml` uses `${ENV_VAR}` placeholders** | The template writes Spring-style `${VAR:default}` references — never hardcoded secrets. Values are resolved by Spring Boot at pod startup from the injected environment. | +| **Instance key naming** | Instance keys are uppercased with hyphens replaced by underscores: `my-cluster` → `MY_CLUSTER_*`. This is done with `$name \| upper \| replace "-" "_"`. | +| **Helm-time vs Spring-time resolution** | Structural flags (`enabled`, static endpoint paths) are resolved by Helm at deploy time. Secrets and env-dependent values are resolved by Spring at startup. | +| **Validation aborts the deploy** | Helm halts if a required field is missing. Always add a `chart.validate.*` template for new integrations and register it in `chart.validate.all`. | +| **`values.yaml.template` uses `$VARIABLE` tokens** | These are substituted by the CI/CD pipeline (`envsubst` or equivalent) before `helm upgrade` is called. Do not use literal `$` for fixed non-CI values. | +| **Empty maps and lists are safe** | Templates guard with `gt (len ...) 0` before ranging, so an empty `{}` or `[]` produces no env vars and no config section. | From cda2a96ff18b5e19428a4cdd2c378856a17efd23 Mon Sep 17 00:00:00 2001 From: "zxBCN Valeriu_Tuguran,Constantin (IT EDP) EXTERNAL" Date: Tue, 12 May 2026 16:47:27 +0200 Subject: [PATCH 2/7] Add marketplace service config. --- ods-api-service/chart/CONFIGURATION_GUIDE.md | 1 - .../chart/templates/tpl/_application_yaml.tpl | 11 +++++----- .../templates/tpl/_env_external_services.tpl | 20 +++++++++++++++++++ .../chart/templates/tpl/_validations.tpl | 20 ++++++++++++++++++- ods-api-service/chart/values.schema.json | 4 ++-- ods-api-service/chart/values.yaml.template | 12 ++++++----- 6 files changed, 53 insertions(+), 15 deletions(-) diff --git a/ods-api-service/chart/CONFIGURATION_GUIDE.md b/ods-api-service/chart/CONFIGURATION_GUIDE.md index dedc6624f..fe265dc25 100644 --- a/ods-api-service/chart/CONFIGURATION_GUIDE.md +++ b/ods-api-service/chart/CONFIGURATION_GUIDE.md @@ -252,7 +252,6 @@ externalServices: projectComponentsBaseUrl: "https://catalog.example.com/v1" provisionerActionsBaseUrl: "https://provisioner.example.com/v1" trustAllCertificates: true - oboScope: the-obo-scope username: marketplace-user password: marketplace-password ``` diff --git a/ods-api-service/chart/templates/tpl/_application_yaml.tpl b/ods-api-service/chart/templates/tpl/_application_yaml.tpl index d1bbefacd..549474b74 100644 --- a/ods-api-service/chart/templates/tpl/_application_yaml.tpl +++ b/ods-api-service/chart/templates/tpl/_application_yaml.tpl @@ -178,22 +178,21 @@ externalservices: {{- else }} instances: {} {{- end }} - marketplace: {{- if gt (len .Values.externalServices.marketplace.instances) 0 }} default-instance: ${MARKETPLACE_DEFAULT_INSTANCE:{{ .Values.externalServices.marketplace.defaultInstance }}} instances: {{- range $name, $instance := .Values.externalServices.marketplace.instances }} {{ $name }}: - projectComponentsBaseUrl: ${MARKETPLACE_{{ $name | upper | replace "-" "_" }}_PROJECT_COMPONENT_BASE_URL:} - provisionerActionsBaseUrl: ${MARKETPLACE_{{ $name | upper | replace "-" "_" }}_PROVISIONER_ACTIONS_BASE_URL:} - oboScope: ${MARKETPLACE_{{ $name | upper | replace "-" "_" }}_OBO_SCOPE:} + project-components-base-url: ${MARKETPLACE_{{ $name | upper | replace "-" "_" }}_PROJECT_COMPONENTS_BASE_URL} + provisioner-actions-base-url: ${MARKETPLACE_{{ $name | upper | replace "-" "_" }}_PROVISIONER_ACTIONS_BASE_URL} + username: ${MARKETPLACE_{{ $name | upper | replace "-" "_" }}_USERNAME:} + password: ${MARKETPLACE_{{ $name | upper | replace "-" "_" }}_PASSWORD:} trust-all-certificates: ${MARKETPLACE_{{ $name | upper | replace "-" "_" }}_TRUST_ALL:false} {{- end }} {{- else }} instances: {} -{{- end }} - +{{- end }} services: project: ldap: diff --git a/ods-api-service/chart/templates/tpl/_env_external_services.tpl b/ods-api-service/chart/templates/tpl/_env_external_services.tpl index 38610c5cb..12e2f49ee 100644 --- a/ods-api-service/chart/templates/tpl/_env_external_services.tpl +++ b/ods-api-service/chart/templates/tpl/_env_external_services.tpl @@ -59,6 +59,15 @@ JIRA_{{ $name | upper | replace "-" "_" }}_READ_TIMEOUT: {{ $instance.readTimeou JIRA_{{ $name | upper | replace "-" "_" }}_TRUST_ALL: {{ default false $instance.trustAllCertificates | quote }} {{- end }} {{- end }} +## Marketplace configuration +{{- if gt (len .Values.externalServices.marketplace.instances) 0 }} +MARKETPLACE_DEFAULT_INSTANCE: {{ .Values.externalServices.marketplace.defaultInstance | quote }} +{{- range $name, $instance := .Values.externalServices.marketplace.instances }} +MARKETPLACE_{{ $name | upper | replace "-" "_" }}_PROJECT_COMPONENTS_BASE_URL: {{ $instance.projectComponentsBaseUrl | quote }} +MARKETPLACE_{{ $name | upper | replace "-" "_" }}_PROVISIONER_ACTIONS_BASE_URL: {{ $instance.provisionerActionsBaseUrl | quote }} +MARKETPLACE__{{ $name | upper | replace "-" "_" }}_TRUST_ALL: {{ default false $instance.trustAllCertificates | quote }} +{{- end }} +{{- end }} {{- if gt (len .Values.externalServices.webhookProxy.clusters) 0 }} ## Webhook proxy configuration {{- range $name, $cluster := .Values.externalServices.webhookProxy.clusters }} @@ -131,6 +140,17 @@ JIRA_{{ $name | upper | replace "-" "_" }}_PASSWORD: {{ $instance.password | b64 {{- end }} {{- end }} {{- end }} +{{- if gt (len .Values.externalServices.marketplace.instances) 0 }} +## Marketplace secrets +{{- range $name, $instance := .Values.externalServices.marketplace.instances }} +{{- if $instance.username }} +MARKETPLACE_{{ $name | upper | replace "-" "_" }}_USERNAME: {{ $instance.username | b64enc | quote }} +{{- end }} +{{- if $instance.password }} +MARKETPLACE_{{ $name | upper | replace "-" "_" }}_PASSWORD: {{ $instance.password | b64enc | quote }} +{{- end }} +{{- end }} +{{- end }} {{- if gt (len .Values.externalServices.jenkins.environments) 0 }} ## Jenkins secrets {{- range $index, $env := .Values.externalServices.jenkins.environments }} diff --git a/ods-api-service/chart/templates/tpl/_validations.tpl b/ods-api-service/chart/templates/tpl/_validations.tpl index 197accd4c..f4083a420 100644 --- a/ods-api-service/chart/templates/tpl/_validations.tpl +++ b/ods-api-service/chart/templates/tpl/_validations.tpl @@ -103,12 +103,29 @@ Validate Jira instances configuration {{- if not $instance.baseUrl }} {{- fail (printf "baseUrl is required for Jira instance '%s'" $name) }} {{- end }} - {{- if and (not $instance.bearerToken) (and (not $instance.username) (not $instance.password)) }} + {{- if and (not $instance.bearerToken) (or (not $instance.username) (not $instance.password)) }} {{- fail (printf "either bearerToken or username+password is required for Jira instance '%s'" $name) }} {{- end }} {{- end }} {{- end -}} +{{/* +Validate Marketplace instances configuration +*/}} +{{- define "chart.validate.marketplace" -}} +{{- range $name, $instance := .Values.externalServices.marketplace.instances }} + {{- if not $instance.projectComponentsBaseUrl }} + {{- fail (printf "projectComponentsBaseUrl is required for Marketplace instance '%s'" $name) }} + {{- end }} + {{- if not $instance.provisionerActionsBaseUrl }} + {{- fail (printf "provisionerActionsBaseUrl is required for Marketplace instance '%s'" $name) }} + {{- end }} + {{- if or (not $instance.username) (not $instance.password) }} + {{- fail (printf "username+password settings are required for Marketplace instance '%s'" $name) }} + {{- end }} +{{- end }} +{{- end -}} + {{/* Run all validations */}} @@ -120,4 +137,5 @@ Run all validations {{- include "chart.validate.openshift" . }} {{- include "chart.validate.bitbucket" . }} {{- include "chart.validate.jira" . }} +{{- include "chart.validate.marketplace" . }} {{- end -}} diff --git a/ods-api-service/chart/values.schema.json b/ods-api-service/chart/values.schema.json index 38f92ae39..01961ce54 100644 --- a/ods-api-service/chart/values.schema.json +++ b/ods-api-service/chart/values.schema.json @@ -391,7 +391,7 @@ "additionalProperties": true }, "externalServices": { - "description": "Third-party and platform integration domain. Use this block for external systems such as AAP, UiPath, OpenShift, Bitbucket, Jira, Jenkins, webhook proxy, and projects info service. Non-sensitive values are rendered into the external-services ConfigMap and credentials into the external-services Secret.", + "description": "Third-party and platform integration domain. Use this block for external systems such as AAP, UiPath, OpenShift, Bitbucket, Jira, Jenkins, Marketplace, webhook proxy, and projects info service. Non-sensitive values are rendered into the external-services ConfigMap and credentials into the external-services Secret.", "type": "object", "additionalProperties": true }, @@ -584,4 +584,4 @@ } } } -} \ No newline at end of file +} diff --git a/ods-api-service/chart/values.yaml.template b/ods-api-service/chart/values.yaml.template index e39c588a0..daa66239f 100644 --- a/ods-api-service/chart/values.yaml.template +++ b/ods-api-service/chart/values.yaml.template @@ -266,15 +266,17 @@ externalServices: # connectionTimeout: 30000 # readTimeout: 30000 # trustAllCertificates: false - # Marketplace configuration + # Marketplace Instances marketplace: - # Name of the default marketplace instance key (must match a key under instances) - defaultInstance: "" + defaultInstance: "$MARKETPLACE_DEFAULT_INSTANCE" instances: {} # Example: # dev: - # projectComponentsBaseUrl: "https://component-catalog.example.com/v1" - # provisionerActionsBaseUrl: "https://component-provisioner.example.com/v1" + # projectComponentsBaseUrl: "$MARKETPLACE_DEV_PROJECT_COMPONENTS_BASE_URL" + # provisionerActionsBaseUrl: "$MARKETPLACE_DEV_PROVISIONER_ACTIONS_BASE_URL" + # trustAllCertificates: false + # username: "" # Set in secrets.dev.enc.yaml + # password: "" # Set in secrets.dev.enc.yaml # API Configuration Secrets apis: projectUsers: From 70f148b261a231e760ea6a3c6ea5f5aa9d141b7e Mon Sep 17 00:00:00 2001 From: "zxBCN Valeriu_Tuguran,Constantin (IT EDP) EXTERNAL" Date: Tue, 12 May 2026 16:55:34 +0200 Subject: [PATCH 3/7] Add marketplace service config. --- ods-api-service/chart/templates/tpl/_env_external_services.tpl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ods-api-service/chart/templates/tpl/_env_external_services.tpl b/ods-api-service/chart/templates/tpl/_env_external_services.tpl index 12e2f49ee..de5727d23 100644 --- a/ods-api-service/chart/templates/tpl/_env_external_services.tpl +++ b/ods-api-service/chart/templates/tpl/_env_external_services.tpl @@ -59,13 +59,14 @@ JIRA_{{ $name | upper | replace "-" "_" }}_READ_TIMEOUT: {{ $instance.readTimeou JIRA_{{ $name | upper | replace "-" "_" }}_TRUST_ALL: {{ default false $instance.trustAllCertificates | quote }} {{- end }} {{- end }} +{{- if gt (len .Values.externalServices.marketplace.instances) 0 }} ## Marketplace configuration {{- if gt (len .Values.externalServices.marketplace.instances) 0 }} MARKETPLACE_DEFAULT_INSTANCE: {{ .Values.externalServices.marketplace.defaultInstance | quote }} {{- range $name, $instance := .Values.externalServices.marketplace.instances }} MARKETPLACE_{{ $name | upper | replace "-" "_" }}_PROJECT_COMPONENTS_BASE_URL: {{ $instance.projectComponentsBaseUrl | quote }} MARKETPLACE_{{ $name | upper | replace "-" "_" }}_PROVISIONER_ACTIONS_BASE_URL: {{ $instance.provisionerActionsBaseUrl | quote }} -MARKETPLACE__{{ $name | upper | replace "-" "_" }}_TRUST_ALL: {{ default false $instance.trustAllCertificates | quote }} +MARKETPLACE_{{ $name | upper | replace "-" "_" }}_TRUST_ALL: {{ default false $instance.trustAllCertificates | quote }} {{- end }} {{- end }} {{- if gt (len .Values.externalServices.webhookProxy.clusters) 0 }} From d2e7771f93e284429bc8fa421dab6c6c6335ae68 Mon Sep 17 00:00:00 2001 From: Jorge Romero Date: Tue, 12 May 2026 17:02:51 +0200 Subject: [PATCH 4/7] Changes to make work again the application.yaml render --- ods-api-service/Makefile | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/ods-api-service/Makefile b/ods-api-service/Makefile index 8b4569d46..dcbe7e97b 100644 --- a/ods-api-service/Makefile +++ b/ods-api-service/Makefile @@ -45,14 +45,14 @@ ods-api-service-render-helm-chart: ## Render the generated application.yaml from Helm templates to a local file. ods-api-service-render-application-yaml: - @cd ods-api-service/chart && \ + @cd chart && \ helm secrets template ods-api-service . \ - -f $(ODS_CONFIGURATION_FULL_PATH)/ods-core.values.yaml \ - -f $(ODS_CONFIGURATION_FULL_PATH)/ods-core.secrets.enc.yaml \ - -f $(ODS_CONFIGURATION_FULL_PATH)/ods-api-service.values.yaml \ - -f $(ODS_CONFIGURATION_FULL_PATH)/ods-api-service/secrets.enc.yaml \ - -f $(ODS_CONFIGURATION_FULL_PATH)/ods-api-service/$(env)/values.$(env).yaml \ - -f $(ODS_CONFIGURATION_FULL_PATH)/ods-api-service/$(env)/secrets.$(env).enc.yaml \ + -f $(ODS_CONFIGURATION_FULL_PATH)/ods-core.values.yaml \ + -f $(ODS_CONFIGURATION_FULL_PATH)/ods-core.secrets.enc.yaml \ + -f $(ODS_CONFIGURATION_FULL_PATH)/ods-api-service/values.yaml \ + -f $(ODS_CONFIGURATION_FULL_PATH)/ods-api-service/secrets.enc.yaml \ + -f $(ODS_CONFIGURATION_FULL_PATH)/ods-api-service/$(env)/values.$(env).yaml \ + -f $(ODS_CONFIGURATION_FULL_PATH)/ods-api-service/$(env)/secrets.$(env).enc.yaml \ --set projectId=$(ODS_NAMESPACE) \ --set appSelector=app=ods-api-service \ --set registry=$(DOCKER_REGISTRY) \ @@ -66,13 +66,13 @@ ods-api-service-render-application-yaml: --set global.imageNamespace=$(ODS_NAMESPACE) \ --set global.imageTag=$(ODS_IMAGE_TAG) \ --set ODS_OPENSHIFT_APP_DOMAIN=$(OPENSHIFT_APPS_BASEDOMAIN) \ - 2>/dev/null | \ - yq -r 'select(.kind == "ConfigMap") | select(.metadata.name == "ods-api-service-config") | .data["application.yaml"]' + 2>/dev/null | \ + yq -r 'select(.kind == "ConfigMap") | select(.metadata.name == "ods-api-service-config") | .data["application.yaml"]' ## Render the generated .env file from Helm templates to a local file. ods-api-service-renderdot-env: - @cd ods-api-service/chart && \ + @cd chart && \ helm secrets template ods-api-service . \ -f $(ODS_CONFIGURATION_FULL_PATH)/ods-core.values.yaml \ -f $(ODS_CONFIGURATION_FULL_PATH)/ods-core.secrets.enc.yaml \ From ebd8419aeb424dd22bc6a37b2cd62e29cb433f1b Mon Sep 17 00:00:00 2001 From: Jorge Romero Date: Wed, 13 May 2026 09:23:38 +0200 Subject: [PATCH 5/7] Fix merge error --- .../templates/tpl/_env_external_services.tpl | 46 +++++++++++-------- 1 file changed, 27 insertions(+), 19 deletions(-) diff --git a/ods-api-service/chart/templates/tpl/_env_external_services.tpl b/ods-api-service/chart/templates/tpl/_env_external_services.tpl index de5727d23..b3cf57d6a 100644 --- a/ods-api-service/chart/templates/tpl/_env_external_services.tpl +++ b/ods-api-service/chart/templates/tpl/_env_external_services.tpl @@ -1,6 +1,9 @@ {{/* External services domain: third-party and platform integrations */}} + +## Config maps {{- define "chart.externalServicesConfigData" }} {{- if .Values.externalServices.aap.enabled }} + ## Ansible Automation Platform configuration ANSIBLE_BASE_URL: {{ .Values.externalServices.aap.baseUrl | quote }} ANSIBLE_TIMEOUT: {{ .Values.externalServices.aap.timeout | quote }} @@ -13,6 +16,7 @@ ANSIBLE_SSL_TRUSTSTORE_TYPE: {{ .Values.externalServices.aap.ssl.trustStoreType {{- end }} {{- end }} {{- if .Values.externalServices.uipath.enabled }} + ## UiPath configuration UIPATH_HOST: {{ .Values.externalServices.uipath.host | quote }} UIPATH_TENANCY_NAME: {{ .Values.externalServices.uipath.tenancyName | quote }} @@ -30,8 +34,9 @@ UIPATH_SSL_TRUSTSTORE_TYPE: {{ .Values.externalServices.uipath.ssl.trustStoreTyp ## Projects Info Service configuration PROJECTS_INFO_SERVICE_BASE_URL: {{ .Values.externalServices.projectsInfoService.baseUrl | quote }} {{- end }} -{{- if gt (len .Values.externalServices.openshift.instances) 0 }} + ## OpenShift configuration +{{- if gt (len .Values.externalServices.openshift.instances) 0 }} {{- range $name, $instance := .Values.externalServices.openshift.instances }} OPENSHIFT_{{ $name | upper | replace "-" "_" }}_API_URL: {{ $instance.apiUrl | quote }} OPENSHIFT_{{ $name | upper | replace "-" "_" }}_NAMESPACE: {{ $instance.namespace | quote }} @@ -40,8 +45,9 @@ OPENSHIFT_{{ $name | upper | replace "-" "_" }}_READ_TIMEOUT: {{ $instance.readT OPENSHIFT_{{ $name | upper | replace "-" "_" }}_TRUST_ALL: {{ default false $instance.trustAllCertificates | quote }} {{- end }} {{- end }} -{{- if gt (len .Values.externalServices.bitbucket.instances) 0 }} + ## Bitbucket configuration +{{- if gt (len .Values.externalServices.bitbucket.instances) 0 }} {{- range $name, $instance := .Values.externalServices.bitbucket.instances }} BITBUCKET_{{ $name | upper | replace "-" "_" }}_BASE_REST_URL: {{ $instance.baseUrl | quote }} BITBUCKET_{{ $name | upper | replace "-" "_" }}_CONNECTION_TIMEOUT: {{ $instance.connectionTimeout | quote }} @@ -49,8 +55,9 @@ BITBUCKET_{{ $name | upper | replace "-" "_" }}_READ_TIMEOUT: {{ $instance.readT BITBUCKET_{{ $name | upper | replace "-" "_" }}_TRUST_ALL: {{ default false $instance.trustAllCertificates | quote }} {{- end }} {{- end }} -{{- if gt (len .Values.externalServices.jira.instances) 0 }} + ## Jira configuration +{{- if gt (len .Values.externalServices.jira.instances) 0 }} JIRA_DEFAULT_INSTANCE: {{ .Values.externalServices.jira.defaultInstance | quote }} {{- range $name, $instance := .Values.externalServices.jira.instances }} JIRA_{{ $name | upper | replace "-" "_" }}_BASE_URL: {{ $instance.baseUrl | quote }} @@ -59,18 +66,9 @@ JIRA_{{ $name | upper | replace "-" "_" }}_READ_TIMEOUT: {{ $instance.readTimeou JIRA_{{ $name | upper | replace "-" "_" }}_TRUST_ALL: {{ default false $instance.trustAllCertificates | quote }} {{- end }} {{- end }} -{{- if gt (len .Values.externalServices.marketplace.instances) 0 }} -## Marketplace configuration -{{- if gt (len .Values.externalServices.marketplace.instances) 0 }} -MARKETPLACE_DEFAULT_INSTANCE: {{ .Values.externalServices.marketplace.defaultInstance | quote }} -{{- range $name, $instance := .Values.externalServices.marketplace.instances }} -MARKETPLACE_{{ $name | upper | replace "-" "_" }}_PROJECT_COMPONENTS_BASE_URL: {{ $instance.projectComponentsBaseUrl | quote }} -MARKETPLACE_{{ $name | upper | replace "-" "_" }}_PROVISIONER_ACTIONS_BASE_URL: {{ $instance.provisionerActionsBaseUrl | quote }} -MARKETPLACE_{{ $name | upper | replace "-" "_" }}_TRUST_ALL: {{ default false $instance.trustAllCertificates | quote }} -{{- end }} -{{- end }} -{{- if gt (len .Values.externalServices.webhookProxy.clusters) 0 }} + ## Webhook proxy configuration +{{- if gt (len .Values.externalServices.webhookProxy.clusters) 0 }} {{- range $name, $cluster := .Values.externalServices.webhookProxy.clusters }} WEBHOOK_PROXY_{{ $name | upper | replace "-" "_" }}_CLUSTER_BASE: {{ $cluster.clusterBase | quote }} WEBHOOK_PROXY_{{ $name | upper | replace "-" "_" }}_CONNECTION_TIMEOUT: {{ $cluster.connectionTimeout | quote }} @@ -81,6 +79,7 @@ WEBHOOK_PROXY_{{ $name | upper | replace "-" "_" }}_JENKINSFILE_PATH: {{ $cluste {{- end }} ## Mkt configuration +{{- if gt (len .Values.externalServices.marketplace.instances) 0 }} MARKETPLACE_DEFAULT_INSTANCE: {{ .Values.externalServices.marketplace.defaultInstance | quote }} {{- range $name, $instance := .Values.externalServices.marketplace.instances }} MARKETPLACE_{{ $name | upper | replace "-" "_" }}_PROJECT_COMPONENT_BASE_URL: {{ $instance.projectComponentsBaseUrl | quote }} @@ -89,10 +88,13 @@ MARKETPLACE_{{ $name | upper | replace "-" "_" }}_OBO_SCOPE: {{ $instance.oboSco MARKETPLACE_{{ $name | upper | replace "-" "_" }}_TRUST_ALL: {{ $instance.trustAllCertificates | quote }} {{- end }} {{- end }} +{{- end }} + +#### Secrets {{- define "chart.externalServicesSecretData" }} -{{- if .Values.externalServices.aap.enabled }} ## Ansible Automation Platform secrets +{{- if .Values.externalServices.aap.enabled }} ANSIBLE_USERNAME: {{ .Values.externalServices.aap.username | b64enc | quote }} ANSIBLE_PASSWORD: {{ .Values.externalServices.aap.password | b64enc | quote }} {{- if .Values.externalServices.aap.ssl.trustStorePassword }} @@ -100,6 +102,7 @@ ANSIBLE_SSL_TRUSTSTORE_PASSWORD: {{ .Values.externalServices.aap.ssl.trustStoreP {{- end }} {{- end }} {{- if .Values.externalServices.uipath.enabled }} + ## UiPath secrets UIPATH_CLIENT_ID: {{ .Values.externalServices.uipath.clientId | b64enc | quote }} UIPATH_CLIENT_SECRET: {{ .Values.externalServices.uipath.clientSecret | b64enc | quote }} @@ -108,13 +111,15 @@ UIPATH_SSL_TRUSTSTORE_PASSWORD: {{ .Values.externalServices.uipath.ssl.trustStor {{- end }} {{- end }} {{- if gt (len .Values.externalServices.openshift.instances) 0 }} + ## OpenShift secrets {{- range $name, $instance := .Values.externalServices.openshift.instances }} OPENSHIFT_{{ $name | upper | replace "-" "_" }}_TOKEN: {{ $instance.token | b64enc | quote }} {{- end }} {{- end }} -{{- if gt (len .Values.externalServices.bitbucket.instances) 0 }} + ## Bitbucket secrets +{{- if gt (len .Values.externalServices.bitbucket.instances) 0 }} {{- range $name, $instance := .Values.externalServices.bitbucket.instances }} {{- if $instance.bearerToken }} BITBUCKET_{{ $name | upper | replace "-" "_" }}_BEARER_TOKEN: {{ $instance.bearerToken | b64enc | quote }} @@ -127,8 +132,9 @@ BITBUCKET_{{ $name | upper | replace "-" "_" }}_PASSWORD: {{ $instance.password {{- end }} {{- end }} {{- end }} -{{- if gt (len .Values.externalServices.jira.instances) 0 }} + ## Jira secrets +{{- if gt (len .Values.externalServices.jira.instances) 0 }} {{- range $name, $instance := .Values.externalServices.jira.instances }} {{- if $instance.bearerToken }} JIRA_{{ $name | upper | replace "-" "_" }}_BEARER_TOKEN: {{ $instance.bearerToken | b64enc | quote }} @@ -141,8 +147,9 @@ JIRA_{{ $name | upper | replace "-" "_" }}_PASSWORD: {{ $instance.password | b64 {{- end }} {{- end }} {{- end }} -{{- if gt (len .Values.externalServices.marketplace.instances) 0 }} + ## Marketplace secrets +{{- if gt (len .Values.externalServices.marketplace.instances) 0 }} {{- range $name, $instance := .Values.externalServices.marketplace.instances }} {{- if $instance.username }} MARKETPLACE_{{ $name | upper | replace "-" "_" }}_USERNAME: {{ $instance.username | b64enc | quote }} @@ -152,8 +159,9 @@ MARKETPLACE_{{ $name | upper | replace "-" "_" }}_PASSWORD: {{ $instance.passwor {{- end }} {{- end }} {{- end }} -{{- if gt (len .Values.externalServices.jenkins.environments) 0 }} + ## Jenkins secrets +{{- if gt (len .Values.externalServices.jenkins.environments) 0 }} {{- range $index, $env := .Values.externalServices.jenkins.environments }} JENKINS_{{ $env.name | upper | replace "-" "_" }}_API_TOKEN: {{ $env.apiToken | b64enc | quote }} {{- end }} From 343488e987202ab8609a3a08f23ad4f3c8c96ef4 Mon Sep 17 00:00:00 2001 From: Jorge Romero Date: Wed, 13 May 2026 09:26:59 +0200 Subject: [PATCH 6/7] remove not needed parameter --- ods-api-service/chart/templates/tpl/_env_external_services.tpl | 1 - 1 file changed, 1 deletion(-) diff --git a/ods-api-service/chart/templates/tpl/_env_external_services.tpl b/ods-api-service/chart/templates/tpl/_env_external_services.tpl index b3cf57d6a..93b23bdcd 100644 --- a/ods-api-service/chart/templates/tpl/_env_external_services.tpl +++ b/ods-api-service/chart/templates/tpl/_env_external_services.tpl @@ -84,7 +84,6 @@ MARKETPLACE_DEFAULT_INSTANCE: {{ .Values.externalServices.marketplace.defaultIns {{- range $name, $instance := .Values.externalServices.marketplace.instances }} MARKETPLACE_{{ $name | upper | replace "-" "_" }}_PROJECT_COMPONENT_BASE_URL: {{ $instance.projectComponentsBaseUrl | quote }} MARKETPLACE_{{ $name | upper | replace "-" "_" }}_PROVISIONER_ACTIONS_BASE_URL: {{ $instance.provisionerActionsBaseUrl | quote }} -MARKETPLACE_{{ $name | upper | replace "-" "_" }}_OBO_SCOPE: {{ $instance.oboScope | quote }} MARKETPLACE_{{ $name | upper | replace "-" "_" }}_TRUST_ALL: {{ $instance.trustAllCertificates | quote }} {{- end }} {{- end }} From 9219d5b88a4cba4bf28c5fd999bc33ca5bf90c60 Mon Sep 17 00:00:00 2001 From: Jorge Romero Date: Wed, 13 May 2026 09:36:49 +0200 Subject: [PATCH 7/7] Add changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 70aa9da14..76608e0fc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,7 +8,7 @@ - Jenkins master and agent maintenance. Add Rhel9 variant and make it default ([#1361](https://github.com/opendevstack/ods-core/pull/1361)) - Update tailor to 1.4.0 ([#1373](https://github.com/opendevstack/ods-core/pull/1373)) - Update Jenkins java version to jdk 21 ([#1374](https://github.com/opendevstack/ods-core/pull/1374)) -- Add new configuration for the ODS API Service ([1375](https://github.com/opendevstack/ods-core/pull/1375)) ([1377](https://github.com/opendevstack/ods-core/pull/1377)) +- Add new configuration for the ODS API Service ([1375](https://github.com/opendevstack/ods-core/pull/1375)) ([1377](https://github.com/opendevstack/ods-core/pull/1377))([1378](https://github.com/opendevstack/ods-core/pull/1378)) ### Fixed