fix(zendesk-service): Add missing Zendesk config values

[GunnlaugurG]

What

services-auth-delegation-api, services-auth-public-api and services-auth-personal-representative-api where missing zendesk config values

Why

Specify why you need to achieve this

Screenshots / Gifs

Attach Screenshots / Gifs to help reviewers understand the scope of the pull request

Checklist:

• I have performed a self-review of my own code
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• Formatting passes locally with my changes
• I have rebased against main before asking for a review

Summary by CodeRabbit

• New Features

  • Enhanced integration with Zendesk by adding environment variables for handling contact forms and webhooks across multiple services.

• Configuration Updates

  • Updated ingress configurations to improve request handling.
  • Standardized health check paths for better service monitoring.
  • Adjusted resource limits and requests for improved performance.

These changes collectively enhance the functionality and reliability of the services interacting with Zendesk.

[coderabbitai]

Walkthrough

The pull request introduces modifications across several files to integrate Zendesk functionalities into various services. Key changes include the addition of a new environment variable, ZENDESK_CONTACT_FORM_SUBDOMAIN, and three new secrets (ZENDESK_CONTACT_FORM_EMAIL, ZENDESK_CONTACT_FORM_TOKEN, and ZENDESK_WEBHOOK_SECRET_GENERAL_MANDATE). These updates are reflected in the serviceSetup functions of the delegation-api, personal-representative, and public-api services, as well as in the configuration files for different environments (dev, staging, prod). The modifications enhance the services' configurations for handling contact forms and webhooks.

Changes

File Path	Change Summary
apps/services/auth/delegation-api/infra/delegation-api.ts	Added environment variable and secrets for Zendesk integration.
apps/services/auth/personal-representative/infra/personal-representative.ts	Added environment variable and secrets for Zendesk integration.
apps/services/auth/public-api/infra/auth-public-api.ts	Added environment variable and secrets for Zendesk integration.
charts/identity-server/values.dev.yaml	Added environment variables for Zendesk integration; updated ingress configurations and health checks.
charts/identity-server/values.prod.yaml	Added environment variables for Zendesk integration; updated health check configurations.
charts/identity-server/values.staging.yaml	Added environment variables for Zendesk integration; updated ingress configurations.

Possibly related PRs

• feat(auth-api): Zendesk credentials #16162: This PR adds new environment variables and secrets related to Zendesk integration, which directly connects to the changes made in the main PR regarding the addition of Zendesk-related environment variables and secrets.
• feat(zendesk): Refactor Zendesk to use config module #16322: This PR refactors Zendesk integration to use a configuration module, which aligns with the main PR's focus on enhancing Zendesk functionalities through environment variable configurations.
• feat(auth-admin): Delegation-admin webhook auditlog #16335: This PR implements audit logs for operations initiated via Zendesk, indicating a direct relationship with the main PR's enhancements to Zendesk integration.
• fix: Add namespace grants for services that need it, but don't have it #16697: This PR adds namespace grants for services, including those related to user notifications, which may interact with the Zendesk functionalities introduced in the main PR.

Suggested labels

automerge, high priority

Suggested reviewers

• robertaandersen
• fjandakornid

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (2)

apps/services/auth/personal-representative/infra/personal-representative.ts (1)

57-60: Consider standardizing secret paths for better organization.

The Zendesk secrets are stored in different K8s paths:

• Contact form credentials (email and token) are in /k8s/api/
• Webhook secret is in /k8s/services-auth/

Consider moving all Zendesk-related secrets under a consistent path for better maintainability.

#!/bin/bash
# Description: Check secret path patterns across services for consistency
rg -A 3 "ZENDESK.*: '/k8s/" --type typescript

apps/services/auth/public-api/infra/auth-public-api.ts (1)

79-82: Consider consolidating Zendesk secrets under a common path.

The secrets configuration is correct, but the Zendesk secrets are split between two different paths:

• /k8s/api/ for contact form credentials
• /k8s/services-auth/ for webhook secret

Consider consolidating all Zendesk-related secrets under a common path (e.g., /k8s/services-auth/zendesk/) for better organization and maintenance.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 7bbf5b8 and 1b50379.

📒 Files selected for processing (6)

• apps/services/auth/delegation-api/infra/delegation-api.ts (1 hunks)
• apps/services/auth/personal-representative/infra/personal-representative.ts (1 hunks)
• apps/services/auth/public-api/infra/auth-public-api.ts (1 hunks)
• charts/identity-server/values.dev.yaml (6 hunks)
• charts/identity-server/values.prod.yaml (6 hunks)
• charts/identity-server/values.staging.yaml (6 hunks)

🧰 Additional context used

📓 Path-based instructions (3)

apps/services/auth/delegation-api/infra/delegation-api.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

apps/services/auth/personal-representative/infra/personal-representative.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

apps/services/auth/public-api/infra/auth-public-api.ts (2)

Pattern apps/services/**/*: "Confirm that the code adheres to the following:

• NestJS architecture, including modules, services, and controllers.
• Dependency injection patterns and service encapsulation.
• Integration and unit testing coverage and practices."

---

Pattern apps/**/*: "Confirm that the code adheres to the following:

• NextJS best practices, including file structure, API routes, and static generation methods.
• Efficient state management and server-side rendering techniques.
• Optimal use of TypeScript for component and utility type safety."

🔇 Additional comments (15)

apps/services/auth/personal-representative/infra/personal-representative.ts (1)

50-54: Verify the Zendesk subdomain configuration across environments.

While the configuration is structurally correct, using the same subdomain 'digitaliceland' across all environments (dev, staging, prod) might lead to cross-environment data mixing. Consider if separate subdomains should be used for dev and staging environments.

✅ Verification successful

Using the same Zendesk subdomain across environments is the standard configuration

Based on the codebase analysis, using 'digitaliceland' as the Zendesk subdomain across all environments (dev, staging, prod) is the established pattern across multiple services:

• auth-admin-api
• auth-public-api
• delegation-api
• personal-representative
• identity-server configurations

Only the apps/api service uses a different subdomain ('stjanilofts') for dev environment. This appears to be an exception rather than the rule.

The current configuration in the personal-representative service follows the organization's standard practice and is correct.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check if other services use different Zendesk subdomains for different environments
rg -A 3 "ZENDESK_CONTACT_FORM_SUBDOMAIN" --type typescript

Length of output: 93

---

Script:

#!/bin/bash
# Search for Zendesk subdomain configuration across all files
rg -A 3 "ZENDESK.*SUBDOMAIN"

# Also search with ripgrep for any Zendesk related configuration
rg -A 3 "digitaliceland"

# Use fd to find all infrastructure or configuration files
fd -e ts -e js "infra|config"

Length of output: 60872

apps/services/auth/delegation-api/infra/delegation-api.ts (2)

63-67: Consider environment-specific Zendesk subdomains

Using the same hardcoded subdomain value 'digitaliceland' across all environments (dev, staging, prod) might limit testing capabilities and flexibility. Consider:

1. Using different subdomains for non-production environments
2. Externalizing this configuration to make it more maintainable

#!/bin/bash
# Verify if other services use different Zendesk subdomains
rg -g "*.ts" "ZENDESK_CONTACT_FORM_SUBDOMAIN" -A 5

---

70-73: Review secret management strategy

The Zendesk secrets are stored in different Kubernetes paths:

• /k8s/api/ for contact form credentials
• /k8s/services-auth/ for webhook secret

Consider standardizing the secret paths for better maintainability and security. All service-specific secrets should ideally be under the same path.

apps/services/auth/public-api/infra/auth-public-api.ts (1)

72-76: Verify the Zendesk subdomain value.

The configuration looks good and follows the established patterns. However, please confirm that 'digitaliceland' is the correct subdomain for all environments (dev, staging, and prod).

✅ Verification successful

Zendesk subdomain configuration is consistent across all services

The verification shows that the 'digitaliceland' subdomain is consistently used across all auth-related services:

• auth/public-api
• auth/personal-representative
• auth/delegation-api
• auth/admin-api

All services use identical configuration for dev, staging, and prod environments, indicating this is the correct subdomain for the organization's Zendesk instance.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check if the same Zendesk subdomain is used consistently across other services
# Expected: All services should use the same subdomain if they interact with the same Zendesk instance

echo "Checking Zendesk subdomain configuration across services..."
rg -A 3 "ZENDESK_CONTACT_FORM_SUBDOMAIN" apps/services/

Length of output: 1721

charts/identity-server/values.prod.yaml (3)

333-333: LGTM: Zendesk configuration for delegation-api looks good!

The Zendesk configuration for the delegation API service is properly set up with the required environment variable and secrets.

Also applies to: 390-392

---

615-615: LGTM: Zendesk configuration for personal-representative looks good!

The Zendesk configuration for the personal representative service is properly set up with the required environment variable and secrets.

Also applies to: 667-669

---

770-770: LGTM: Zendesk configuration for public-api looks good!

The Zendesk configuration for the public API service is properly set up with the required environment variable and secrets.

Also applies to: 830-832

charts/identity-server/values.dev.yaml (5)

336-336: LGTM: Zendesk configuration for delegation-api is properly configured

The Zendesk configuration for the delegation API service includes all required environment variables and secrets, properly sourced from AWS Parameter Store.

Also applies to: 393-395

---

618-618: LGTM: Zendesk configuration for personal-representative service is properly configured

The Zendesk configuration for the personal representative service includes all required environment variables and secrets, properly sourced from AWS Parameter Store.

Also applies to: 670-672

---

773-773: LGTM: Zendesk configuration for public-api is properly configured

The Zendesk configuration for the public API service includes all required environment variables and secrets, properly sourced from AWS Parameter Store.

Also applies to: 833-835

---

336-336: Verify configuration across environments

The Zendesk configuration has been added to the dev environment. Please ensure that corresponding changes are also made in the staging and production environment files with appropriate values.

#!/bin/bash
# Description: Check for Zendesk configuration in other environment files

echo "Checking for Zendesk configuration in staging and prod environments:"
rg "ZENDESK_CONTACT_FORM" charts/identity-server/values.staging.yaml charts/identity-server/values.prod.yaml

Also applies to: 618-618, 773-773

---

Line range hint 824-828: Verify memory limits for public-api service

The public-api service has lower memory limits (384Mi) compared to similar services (512Mi). While this might be intentional based on service requirements, please verify that these limits are sufficient for the additional Zendesk integration.

charts/identity-server/values.staging.yaml (3)

336-336: LGTM: Zendesk configuration for delegation-api is properly configured.

The Zendesk configuration for the delegation API service follows the established pattern and references the correct secret paths.

Also applies to: 393-395

---

618-618: LGTM: Zendesk configuration for personal-representative service is properly configured.

The Zendesk configuration for the personal representative service follows the established pattern and references the correct secret paths.

Also applies to: 670-672

---

773-773: LGTM: Zendesk configuration for public-api is properly configured.

The Zendesk configuration for the public API service follows the established pattern and references the correct secret paths.

Also applies to: 833-835

[svanaeinars]

LGTM

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 36.54%. Comparing base (b68eea7) to head (5929fc9).
Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #16783   +/-   ##
=======================================
  Coverage   36.54%   36.54%           
=======================================
  Files        6890     6890           
  Lines      143839   143839           
  Branches    41005    41005           
=======================================
  Hits        52571    52571           
  Misses      91268    91268           

Flag	Coverage Δ
air-discount-scheme-backend	54.04% <ø> (ø)
air-discount-scheme-web	0.00% <ø> (ø)
api	3.35% <ø> (ø)
api-catalogue-services	77.85% <ø> (ø)
api-domains-air-discount-scheme	36.99% <ø> (ø)
api-domains-assets	26.71% <ø> (ø)
api-domains-auth-admin	48.48% <ø> (ø)
api-domains-communications	39.59% <ø> (ø)
api-domains-criminal-record	47.44% <ø> (ø)
api-domains-driving-license	44.46% <ø> (ø)
api-domains-education	30.52% <ø> (ø)
api-domains-health-insurance	34.28% <ø> (ø)
api-domains-mortgage-certificate	34.65% <ø> (ø)
api-domains-payment-schedule	41.22% <ø> (ø)
application-api-files	56.25% <ø> (ø)
application-core	70.75% <ø> (-0.32%)	⬇️
application-system-api	41.11% <ø> (ø)
application-template-api-modules	27.61% <ø> (-0.03%)	⬇️
application-templates-accident-notification	28.98% <ø> (ø)
application-templates-car-recycling	3.12% <ø> (ø)
application-templates-criminal-record	25.87% <ø> (ø)
application-templates-driving-license	18.26% <ø> (ø)
application-templates-estate	12.17% <ø> (ø)
application-templates-example-payment	24.80% <ø> (ø)
application-templates-financial-aid	15.48% <ø> (ø)
application-templates-general-petition	23.07% <ø> (ø)
application-templates-inheritance-report	6.52% <ø> (ø)
application-templates-marriage-conditions	15.04% <ø> (ø)
application-templates-mortgage-certificate	43.22% <ø> (ø)
application-templates-parental-leave	29.83% <ø> (ø)
application-types	6.60% <ø> (ø)
application-ui-components	1.27% <ø> (ø)
application-ui-shell	20.80% <ø> (ø)
auth-admin-web	2.43% <ø> (ø)
auth-nest-tools	30.20% <ø> (ø)
auth-react	21.92% <ø> (ø)
auth-shared	75.00% <ø> (ø)
clients-charge-fjs-v2	24.11% <ø> (ø)
clients-driving-license	40.16% <ø> (ø)
clients-driving-license-book	43.41% <ø> (ø)
clients-financial-statements-inao	48.94% <ø> (ø)
clients-license-client	1.26% <ø> (ø)
clients-middlewares	73.14% <ø> (-0.34%)	⬇️
clients-regulations	42.23% <ø> (ø)
clients-rsk-company-registry	29.76% <ø> (ø)
clients-rsk-personal-tax-return	38.00% <ø> (ø)
clients-smartsolutions	12.77% <ø> (ø)
clients-syslumenn	49.17% <ø> (ø)
clients-zendesk	50.24% <ø> (ø)
cms	0.42% <ø> (ø)
cms-translations	38.89% <ø> (ø)
content-search-index-manager	95.65% <ø> (ø)
content-search-toolkit	8.14% <ø> (ø)
contentful-apps	4.69% <ø> (ø)
dokobit-signing	62.50% <ø> (ø)
download-service	44.24% <ø> (ø)
email-service	60.33% <ø> (ø)
feature-flags	90.40% <ø> (ø)
file-storage	45.75% <ø> (ø)
financial-aid-backend	51.25% <ø> (ø)
icelandic-names-registry-backend	54.34% <ø> (ø)
infra-nest-server	48.37% <ø> (ø)
infra-tracing	43.24% <ø> (ø)
island-ui-core	28.94% <ø> (ø)
judicial-system-api	19.62% <ø> (ø)
judicial-system-audit-trail	68.61% <ø> (ø)
judicial-system-backend	55.18% <ø> (ø)
judicial-system-formatters	79.97% <ø> (ø)
judicial-system-message	66.79% <ø> (ø)
judicial-system-message-handler	47.71% <ø> (ø)
judicial-system-scheduler	70.45% <ø> (ø)
judicial-system-types	43.99% <ø> (ø)
judicial-system-web	27.55% <ø> (ø)
license-api	42.62% <ø> (+0.05%)	⬆️
localization	10.15% <ø> (ø)
logging	48.43% <ø> (ø)
message-queue	68.58% <ø> (+0.78%)	⬆️
nest-audit	68.20% <ø> (ø)
nest-aws	54.03% <ø> (ø)
nest-config	77.81% <ø> (ø)
nest-core	43.54% <ø> (ø)
nest-feature-flags	50.90% <ø> (ø)
nest-problem	45.82% <ø> (ø)
nest-sequelize	94.44% <ø> (ø)
nest-swagger	51.71% <ø> (ø)
nova-sms	61.80% <ø> (ø)
portals-admin-regulations-admin	1.85% <ø> (ø)
portals-core	15.95% <ø> (ø)
reference-backend	49.74% <ø> (ø)
regulations	16.78% <ø> (ø)
residence-history	85.00% <ø> (ø)
services-auth-admin-api	52.46% <ø> (ø)
services-auth-delegation-api	58.26% <ø> (ø)
services-auth-ids-api	52.04% <ø> (-0.03%)	⬇️
services-auth-personal-representative	45.59% <ø> (+0.03%)	⬆️
services-auth-personal-representative-public	41.71% <ø> (-0.05%)	⬇️
services-auth-public-api	49.56% <ø> (ø)
services-documents	60.81% <ø> (ø)
services-endorsements-api	53.33% <ø> (ø)
services-sessions	65.33% <ø> (ø)
services-university-gateway	49.29% <ø> (+0.08%)	⬆️
services-user-notification	46.84% <ø> (+0.03%)	⬆️
services-user-profile	61.76% <ø> (+0.02%)	⬆️
shared-components	26.95% <ø> (ø)
shared-form-fields	31.35% <ø> (ø)
shared-mocking	60.89% <ø> (ø)
shared-pii	92.85% <ø> (ø)
shared-problem	87.50% <ø> (ø)
shared-utils	27.69% <ø> (ø)
skilavottord-ws	24.14% <ø> (ø)
testing-e2e	66.66% <ø> (ø)
web	1.80% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

see 2 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b68eea7...5929fc9. Read the comment docs.