CIV-0000 flexi db changing passwords for datastore and definitionstore (

#5431) * changing passwords for datastore and definitionstore * further changes * change ccd chart version * removing duplicate password entries to fix flexi db * adding role assignment pod in flexidb chart * Update values.enableFlexiDb.preview.template.yaml * adding missing role assignment setup * further judge role assignments * Update values.elasticsearch.preview.template.yaml
hmcts · Jan 21, 2025 · 229db80 · 229db80
1 parent 82c2107
commit 229db80
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 6 deletions.
diff --git a/bin/add-org-roles-to-users.sh b/bin/add-org-roles-to-users.sh
@@ -13,3 +13,30 @@ echo "Setting up Users with role assignments..."
 ./bin/utils/organisational-role-assignment.sh "hearing_center_admin_reg1@justice.gov.uk" "${CITIZEN_PASSWORD}" "PUBLIC" "hearing-manager" '{"jurisdiction":"CIVIL","primaryLocation":"20262"}' "ADMIN"
 ./bin/utils/organisational-role-assignment.sh "hearing_center_admin_reg1@justice.gov.uk" "${CITIZEN_PASSWORD}" "PUBLIC" "hearing-centre-team-leader" '{"jurisdiction":"CIVIL","primaryLocation":"20262","workTypes":"hearing_work,access_requests,routine_work"}' "ADMIN"
 ./bin/utils/organisational-role-assignment.sh "hearing_center_admin_reg1@justice.gov.uk" "${CITIZEN_PASSWORD}" "PUBLIC" "hearing-centre-admin" '{"jurisdiction":"CIVIL","primaryLocation":"20262","workTypes":"hearing_work,routine_work,multi_Track_hearing_work,intermediate_Track_hearing_work"}' "ADMIN"
+
+./bin/utils/organisational-role-assignment.sh "ctsc_admin@justice.gov.uk" "${CITIZEN_PASSWORD}" "PUBLIC" "hmcts-ctsc" '{"jurisdiction":"CIVIL","primaryLocation":"366774"}' "CTSC"
+./bin/utils/organisational-role-assignment.sh "ctsc_admin@justice.gov.uk" "${CITIZEN_PASSWORD}" "PUBLIC" "hearing-viewer" '{"jurisdiction":"CIVIL","primaryLocation":"366774"}' "CTSC"
+./bin/utils/organisational-role-assignment.sh "ctsc_admin@justice.gov.uk" "${CITIZEN_PASSWORD}" "PUBLIC" "ctsc" '{"jurisdiction":"CIVIL","primaryLocation":"366774","workTypes":"routine_work"}' "CTSC"
+
+./bin/utils/organisational-role-assignment.sh "hearing_center_admin_reg2@justice.gov.uk" "${CITIZEN_PASSWORD}" "PUBLIC" "hmcts-admin" '{"jurisdiction":"CIVIL","primaryLocation":"20262"}' "ADMIN"
+./bin/utils/organisational-role-assignment.sh "hearing_center_admin_reg2@justice.gov.uk" "${CITIZEN_PASSWORD}" "PUBLIC" "hearing-manager" '{"jurisdiction":"CIVIL","primaryLocation":"20262"}' "ADMIN"
+./bin/utils/organisational-role-assignment.sh "hearing_center_admin_reg2@justice.gov.uk" "${CITIZEN_PASSWORD}" "PUBLIC" "task-supervisor" '{"jurisdiction":"CIVIL","primaryLocation":"20262","workTypes":"routine_work,hearing_work,access_requests"}' "ADMIN"
+./bin/utils/organisational-role-assignment.sh "hearing_center_admin_reg2@justice.gov.uk" "${CITIZEN_PASSWORD}" "PUBLIC" "hearing-centre-team-leader" '{"jurisdiction":"CIVIL","primaryLocation":"20262","workTypes":"hearing_work,access_requests"}' "ADMIN"
+./bin/utils/organisational-role-assignment.sh "hearing_center_admin_reg2@justice.gov.uk" "${CITIZEN_PASSWORD}" "PUBLIC" "hearing-centre-admin" '{"jurisdiction":"CIVIL","primaryLocation":"20262","workTypes":"hearing_work"}' "ADMIN"
+./bin/utils/organisational-role-assignment.sh "hearing_center_admin_reg2@justice.gov.uk" "${CITIZEN_PASSWORD}" "PUBLIC" "hearing-viewer" '{"jurisdiction":"CIVIL","primaryLocation":"20262"}' "ADMIN"
+
+./bin/utils/organisational-role-assignment.sh "ga_ctsc_team_leader_national@justice.gov.uk" "${CITIZEN_PASSWORD}" "PUBLIC" "ctsc" '{"jurisdiction":"CIVIL","primaryLocation":"283922","workTypes":"routine_work"}' "CTSC"
+./bin/utils/organisational-role-assignment.sh "ga_ctsc_team_leader_national@justice.gov.uk" "${CITIZEN_PASSWORD}" "PUBLIC" "hmcts-ctsc" '{"jurisdiction":"CIVIL","primaryLocation":"283922"}' "CTSC"
+./bin/utils/organisational-role-assignment.sh "ga_ctsc_team_leader_national@justice.gov.uk" "${CITIZEN_PASSWORD}" "PUBLIC" "hearing-viewer" '{"jurisdiction":"CIVIL","primaryLocation":"283922"}' "CTSC"
+./bin/utils/organisational-role-assignment.sh "ga_ctsc_team_leader_national@justice.gov.uk" "${CITIZEN_PASSWORD}" "PUBLIC" "task-supervisor" '{"jurisdiction":"CIVIL","primaryLocation":"283922","workTypes":"routine_work,hearing_work,access_requests"}' "CTSC"
+./bin/utils/organisational-role-assignment.sh "ga_ctsc_team_leader_national@justice.gov.uk" "${CITIZEN_PASSWORD}" "PUBLIC" "case-allocator" '{"jurisdiction":"CIVIL","primaryLocation":"283922"}' "CTSC"
+./bin/utils/organisational-role-assignment.sh "ga_ctsc_team_leader_national@justice.gov.uk" "${CITIZEN_PASSWORD}" "PUBLIC" "ctsc-team-leader" '{"jurisdiction":"CIVIL","primaryLocation":"283922","workTypes":"routine_work,access_requests"}' "CTSC"
+
+./bin/utils/organisational-role-assignment.sh "4924221EMP-@ejudiciary.net" "${JUDGE_PASSWORD}" "PUBLIC" "hmcts-judiciary" '{"jurisdiction":"CIVIL","primaryLocation":"455174"}' "JUDICIAL"
+./bin/utils/organisational-role-assignment.sh "4924221EMP-@ejudiciary.net" "${JUDGE_PASSWORD}" "PUBLIC" "hearing-viewer" '{"jurisdiction":"CIVIL","primaryLocation":"455174"}' "JUDICIAL"
+./bin/utils/organisational-role-assignment.sh "4924221EMP-@ejudiciary.net" "${JUDGE_PASSWORD}" "PUBLIC" "judge" '{"jurisdiction":"CIVIL","primaryLocation":"455174","workTypes":"hearing_work,decision_making_work,applications"}' "JUDICIAL"
+
+./bin/utils/organisational-role-assignment.sh "DJ.Angel.Morgan@ejudiciary.net" "${JUDGE_PASSWORD}" "PUBLIC" "hmcts-judiciary" '{"jurisdiction":"CIVIL","primaryLocation":"177463"}' "JUDICIAL"
+./bin/utils/organisational-role-assignment.sh "DJ.Angel.Morgan@ejudiciary.net" "${JUDGE_PASSWORD}" "PUBLIC" "hearing-viewer" '{"jurisdiction":"CIVIL","primaryLocation":"177463"}' "JUDICIAL"
+./bin/utils/organisational-role-assignment.sh "DJ.Angel.Morgan@ejudiciary.net" "${JUDGE_PASSWORD}" "PUBLIC" "judge" '{"jurisdiction":"CIVIL","primaryLocation":"177463","workTypes":"hearing_work,decision_making_work,applications"}' "JUDICIAL"
+./bin/utils/organisational-role-assignment.sh "DJ.Angel.Morgan@ejudiciary.net" "${JUDGE_PASSWORD}" "PUBLIC" "circuit-judge" '{"jurisdiction":"CIVIL","primaryLocation":"177463","workTypes":"hearing_work,decision_making_work,applications"}' "JUDICIAL"
diff --git a/charts/civil-citizen-ui/values.elasticsearch.preview.template.yaml b/charts/civil-citizen-ui/values.elasticsearch.preview.template.yaml
@@ -13,6 +13,7 @@ ccd:
         ELASTIC_SEARCH_HOSTS: ${SERVICE_NAME}-es-master:9200
         ELASTIC_SEARCH_DATA_NODES_HOSTS: http://${SERVICE_NAME}-es-master:9200
         DATA_STORE_DB_PASSWORD: ${POSTGRES_PASSWORD}
+        ROLE_ASSIGNMENT_URL: http://${SERVICE_NAME}-am-role-assignment-service
       secrets:
         DATA_STORE_DB_PASSWORD:
           secretRef: "{{ .Values.global.postgresSecret }}"

diff --git a/charts/civil-citizen-ui/values.enableFlexiDb.preview.template.yaml b/charts/civil-citizen-ui/values.enableFlexiDb.preview.template.yaml
@@ -107,6 +107,7 @@ civil-service:
       CMC_DB_CONNECTION_OPTIONS: "?stringtype=unspecified&reWriteBatchedInserts=true&sslmode=require"
       CMC_DB_USERNAME: hmcts
       CMC_DB_NAME: "pr-${CHANGE_ID}-cmc"
+      ROLE_ASSIGNMENT_URL: http://${SERVICE_NAME}-am-role-assignment-service
     postgresql:
       enabled: false
 
@@ -155,7 +156,7 @@ ccd:
     postgresql:
       enabled: false
     ras:
-      enabled: false
+      enabled: true
     userProfileImporter:
       enabled: false
     userProfile:
@@ -192,6 +193,7 @@ ccd:
       keyVaults: []
   ccd-data-store-api:
     java:
+      disableKeyVaults: true
       releaseNameOverride: ${SERVICE_NAME}-ccd-data-store-api
       imagePullPolicy: Always
       devcpuRequests: 1000m
@@ -212,21 +214,45 @@ ccd:
         IDAM_OAUTH2_DATA_STORE_CLIENT_SECRET: ${IDAM_OAUTH2_DATA_STORE_CLIENT_SECRET}
         IDAM_DATA_STORE_SYSTEM_USER_USERNAME: ${IDAM_DATA_STORE_SYSTEM_USER_USERNAME}
         IDAM_DATA_STORE_SYSTEM_USER_PASSWORD: ${IDAM_DATA_STORE_SYSTEM_USER_PASSWORD}
-        ROLE_ASSIGNMENT_URL: http://am-role-assignment-service-aat.service.core-compute-aat.internal
+        ROLE_ASSIGNMENT_URL: http://${SERVICE_NAME}-am-role-assignment-service
         ELASTIC_SEARCH_ENABLED: true
         ELASTIC_SEARCH_HOSTS: ${SERVICE_NAME}-es-master:9200
         ELASTIC_SEARCH_DATA_NODES_HOSTS: http://${SERVICE_NAME}-es-master:9200
       secrets:
         DATA_STORE_DB_PASSWORD:
-          secretRef: "{{ .Values.global.postgresSecret }}"
+          secretRef: postgres
           key: PASSWORD
           disabled: false
       keyVaults: []
       ingressHost: ccd-data-store-api-${SERVICE_NAME}.preview.platform.hmcts.net
+
+  am-role-assignment-service:
+    java:
+      releaseNameOverride: ${SERVICE_NAME}-am-role-assignment-service
+      imagePullPolicy: Always
+      image: hmctspublic.azurecr.io/am/role-assignment-service:latest
+      ingressHost: am-role-assignment-${SERVICE_FQDN}
+      environment:
+        RELEASE_REVISION: "{{ .Release.Revision }}"
+        ROLE_ASSIGNMENT_DB_OPTIONS: "?stringtype=unspecified"
+        ROLE_ASSIGNMENT_DB_NAME: "{{ .Values.global.databaseNamePrefix }}role-assignment"
+        ROLE_ASSIGNMENT_DB_HOST: "{{ .Values.global.postgresHostname }}"
+        ROLE_ASSIGNMENT_DB_USERNAME: '{{ tpl .Values.global.postgresUsername $}}'
+      secrets:
+        ROLE_ASSIGNMENT_DB_PASSWORD:
+          secretRef: postgres
+          key: PASSWORD
+          disabled: false
+      keyVaults:
+        am:
+          secrets:
+            - name: role-assignment-service-LD-SDK-KEY
+              alias: LD_SDK_KEY
 
 
   ccd-definition-store-api:
     java:
+      disableKeyVaults: true
       imagePullPolicy: Always
       releaseNameOverride: ${SERVICE_NAME}-ccd-definition-store-api
       environment:
@@ -243,7 +269,7 @@ ccd:
         DEFINITION_STORE_DB_USERNAME: '{{ tpl .Values.global.postgresUsername $}}'
       secrets:
         DEFINITION_STORE_DB_PASSWORD:
-          secretRef: "{{ .Values.global.postgresSecret }}"
+          secretRef: postgres
           key: PASSWORD
           disabled: false
       keyVaults: []

diff --git a/charts/civil-citizen-ui/values.preview.template.yaml b/charts/civil-citizen-ui/values.preview.template.yaml
@@ -157,7 +157,6 @@ ccd:
         CASE_DOCUMENT_AM_API_ATTACH_DOCUMENT_ENABLED: false
         DATA_STORE_DB_HOST: ${SERVICE_NAME}-postgresql
         DATA_STORE_DB_OPTIONS: "?stringtype=unspecified"
-        DATA_STORE_DB_PASSWORD: ${POSTGRES_PASSWORD}
         DATA_STORE_IDAM_KEY: ${CCD_DATA_STORE_S2S_SECRET}
         DATA_STORE_S2S_AUTHORISED_SERVICES: ccd_data,ccd_gw,ccd_ps,bulk_scan_orchestrator,ccpay_bubble,ctsc_work_allocation,em_ccd_orchestrator,xui_webapp,civil_service,ccd_case_document_am_api,aac_manage_case_assignment,wa_task_management_api,wa_task_monitor,wa_case_event_handler,wa_workflow_api,civil_general_applications
         IDAM_API_BASE_URL: https://idam-api.aat.platform.hmcts.net
@@ -197,7 +196,6 @@ ccd:
         ELASTIC_SEARCH_HOST: ${SERVICE_NAME}-es-master
         ELASTIC_SEARCH_CASE_INDEX_MAPPING_FIELDS_LIMIT: 12000
         DEFINITION_STORE_DB_OPTIONS: "?stringtype=unspecified"
-        DEFINITION_STORE_DB_PASSWORD: ${POSTGRES_PASSWORD}
       secrets:
         DEFINITION_STORE_DB_PASSWORD:
           secretRef: "{{ .Values.global.postgresSecret }}"