Merge pull request #640 from bcgov/ttl-helm-chart

add helm chart entry for managing the ttl index
bcgov · Sep 25, 2024 · fff1163 · fff1163
2 parents eb4f86f + af57d9b
commit fff1163
Show file tree

Hide file tree

Showing 8 changed files with 83 additions and 57 deletions.
diff --git a/charts/vc-authn-oidc/README.md b/charts/vc-authn-oidc/README.md
diff --git a/charts/vc-authn-oidc/templates/configmap.yaml b/charts/vc-authn-oidc/templates/configmap.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "global.fullname" . }}-session-timeout
+  labels: {{- include "vc-authn-oidc.labels" . | nindent 4 }}
+data:
+  sessiontimeout.json: |
+    {{ .Values.controller.sessionTimeout.config | toJson }}
diff --git a/charts/vc-authn-oidc/templates/deployment.yaml b/charts/vc-authn-oidc/templates/deployment.yaml
@@ -64,9 +64,13 @@ spec:
                   name: {{ include "vc-authn-oidc.apiSecretName" . }}
                   key: controllerApiKey
             - name: CONTROLLER_CAMERA_REDIRECT_URL
-              value: {{ .Values.controllerCameraRedirectUrl }}
+              value: {{ .Values.controller.cameraRedirectUrl }}
             - name: CONTROLLER_PRESENTATION_EXPIRE_TIME
-              value: {{ .Values.controllerPresentationExpireTime | quote }}
+              value: {{ .Values.controller.presentationExpireTime | quote }}
+            - name: CONTROLLER_SESSION_TIMEOUT_CONFIG_FILE
+              value: /home/aries/sessiontimeout.json
+            - name: CONTROLLER_PRESENTATION_CLEANUP_TIME
+              value: {{ .Values.controller.sessionTimeout.duration | quote }}
             - name: ACAPY_AGENT_URL
               value: {{ include "acapy.agent.url" . }}
             - name: ACAPY_ADMIN_URL
@@ -121,6 +125,9 @@ spec:
           volumeMounts:
             - name: jwt-token
               mountPath: /opt/token
+            - name: auth-session-ttl
+              mountPath: /home/aries/sessiontimeout.json
+              subPath: sessiontimeout.json
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

diff --git a/charts/vc-authn-oidc/values.yaml b/charts/vc-authn-oidc/values.yaml
@@ -36,10 +36,19 @@ useOobLocalDIDService: false
 useUrlDeepLink: false
 ## @param walletDeepLinkPrefix URI scheme and host to use in deep links ((e.g. `{WALLET_DEEP_LINK_PREFIX}?c_i={connection invitation payload`))
 walletDeepLinkPrefix: bcwallet://aries_proof-request
-## @param controllerCameraRedirectUrl The redirect url can be a web link or the name of a template
-controllerCameraRedirectUrl: wallet_howto
-## @param controllerPresentationExpireTime The number of time in seconds a proof request will be valid for
-controllerPresentationExpireTime: 300
+## @param controller.cameraRedirectUrl The redirect url can be a web link or the name of a template
+## @param controller.presentationExpireTime The number of time in seconds a proof request will be valid for
+## @param controller.sessionTimeout.duration The number of seconds an auth_sessions in the states defined in controllerSessionTimeoutConfig is kept for
+## @param controller.sessionTimeout.config The json list of auth session states that are safe for deletion
+controller:
+  cameraRedirectUrl: wallet_howto
+  presentationExpireTime: 300
+  sessionTimeout:
+    duration: 86400
+    config:
+      - expired
+      - failed
+      - abandoned
 ## @param useHTTPS Prepend Agent and Admin URLs with `https`
 useHTTPS: true
 ## @param logLevel Accepts one of the following values: CRITICAL, ERROR, WARNING, INFO, DEBUG

diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml
@@ -44,7 +44,7 @@ services:
       - 5678:5678
     volumes:
       - ../oidc-controller:/app:rw
-      - ./oidc-controller/sessiontimeout.json:/tmp/sessiontimeout.json
+      - ./oidc-controller/config/sessiontimeout.json:/home/aries/sessiontimeout.json
     networks:
       - vc_auth
 

diff --git a/docker/manage b/docker/manage
@@ -177,7 +177,7 @@ configureEnvironment() {
   export CONTROLLER_PRESENTATION_CLEANUP_TIME=86400
 
   # The path to the auth_session timeouts config file
-  export CONTROLLER_SESSION_TIMEOUT_CONFIG_FILE="/tmp/sessiontimeout.json"
+  export CONTROLLER_SESSION_TIMEOUT_CONFIG_FILE="/home/aries/sessiontimeout.json"
 
   #controller app settings
   export INVITATION_LABEL=${INVITATION_LABEL:-"VC-AuthN"}

diff --git a/docker/oidc-controller/sessiontimeout.json → ...idc-controller/config/sessiontimeout.json b/docker/oidc-controller/sessiontimeout.json → ...idc-controller/config/sessiontimeout.json
diff --git a/docs/README.md b/docs/README.md
@@ -345,7 +345,7 @@ The following additional metadata must be present at the OP's `/.well-known/open
 
 ## Auth Session Cleanup
 
-For each authentication attempt, an auth session is created. Over Time, these can accumulate, increasing the database size. To address this issue, a configuration file specified by the environment variable CONTROLLER_SESSION_TIMEOUT_CONFIG_FILE is used to automatically clean up auth sessions based on their current state. This file contains a JSON array of different auth session states as strings.
+For each authentication attempt, an auth session is created. Over Time, these can accumulate, increasing the database size. To address this issue, a configuration file specified by the environment variable `CONTROLLER_SESSION_TIMEOUT_CONFIG_FILE` is used to automatically clean up auth sessions based on their current state. This file contains a JSON array of different auth session states as strings.
 
 An example configuration file would contain the following text
 ```json