Add openzaak url base

charts/openbeheer/CHANGELOG.md

@@ -1,5 +1,12 @@
 # Changelog
 
+## 0.1.2 (2025-11-07)
+
+* Added support for `OPEN_ZAAK_ADMIN_BASE_URL` url.
+* Improved example for django-setup-configuration yaml.
+* Improved Readme section about using django-setup-configuration.
+* Fixed ``SESSION_COOKIE_AGE`` definition in the configmap.
+
 ## 0.1.1 (2025-11-06)
 
 * Fixed the setup configuration command.

charts/openbeheer/Chart.yaml

@@ -3,7 +3,7 @@ name: openbeheer
 description: A Helm chart to deploy Open Beheer
 type: application
 
-version: 0.1.1
+version: 0.1.2
 appVersion: 0.1.0
 
 dependencies:

charts/openbeheer/README.md

@@ -2,7 +2,7 @@
 
 A Helm chart to deploy Open Beheer
 
-![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square)
+![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square)
 
 ## Introduction
 
@@ -57,5 +57,19 @@ configuration:
     enabled: true
 ```
 
-The yaml data needed to configure the application should be provided in the value `configuration.data`. To see
-how to configure, see the documentation.
+The yaml data needed to configure the application should be provided in the value `configuration.data`.
+In the `values.yaml` file you can find an example of what the configuration should look like.
+
+The configuration can include sensitive data. To avoid having sensitive values in the `values.yaml` file, it is possible to reference
+environment variables. This can be done with the following syntax:
+
+```yaml
+configuration:
+  data:
+    someSensitiveVariable:
+      from_value:
+        env: SOME_SENSITIVE_VARIABLE
+```
+
+These environment variables should be provided in a secret, whose name must then be referenced
+with the value `existingConfigurationSecret` so that it is added to the environment of the Job pod.

charts/openbeheer/README.md.gotmpl

@@ -52,5 +52,19 @@ configuration:
     enabled: true
 ```
 
-The yaml data needed to configure the application should be provided in the value `configuration.data`. To see
-how to configure, see the documentation.
+The yaml data needed to configure the application should be provided in the value `configuration.data`.
+In the `values.yaml` file you can find an example of what the configuration should look like.
+
+The configuration can include sensitive data. To avoid having sensitive values in the `values.yaml` file, it is possible to reference 
+environment variables. This can be done with the following syntax:
+
+```yaml
+configuration:
+  data:
+    someSensitiveVariable:
+      from_value:
+        env: SOME_SENSITIVE_VARIABLE
+```
+
+These environment variables should be provided in a secret, whose name must then be referenced 
+with the value `existingConfigurationSecret` so that it is added to the environment of the Job pod.

charts/openbeheer/templates/configmap.yaml

@@ -20,7 +20,8 @@ data:
   CSRF_COOKIE_SECURE: "true"
   SESSION_COOKIE_SAMESITE: "Strict"
   SESSION_COOKIE_SECURE: "true"
-  SESSION_COOKIE_AGE:  {{ printf "https://%s" .Values.settings.apiDomain }}
+  OPEN_ZAAK_ADMIN_BASE_URL: {{ .Values.settings.openzaakBaseUrl | toString | quote }}
+  SESSION_COOKIE_AGE:  {{ .Values.settings.sessionCookieAge | toString | quote }}
   # IMPORTANT: This value must equal sessionCookieAge to prevent timeout mismatches
   OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS: {{ .Values.settings.sessionCookieAge | toString | quote }}
   {{- if .Values.tags.redis }}

charts/openbeheer/values.yaml

@@ -11,10 +11,6 @@ global:
 configuration:
   enabled: false
   overwrite: true
-  superuser:
-    username: ""
-    password: ""
-    email: ""
   job:
     # -- Run the setup configuration command as a job
     enabled: false
@@ -68,6 +64,36 @@ configuration:
   #           make_users_staff: true
   #           superuser_group_names:
   #             - Superuser
+  #   zgw_consumers_config_enable: true
+  #   zgw_consumers:
+  #     services:
+  #     - identifier: objecttypen-service
+  #       label: Objecttypen API
+  #       api_root: https://objecttypen.example.nl/api/v2/
+  #       api_type: orc
+  #       auth_type: api_key
+  #       header_key: Authorization
+  #       header_value: 
+  #         value_from:
+  #           env: OBJECTTYPEN_OPENBEHEER_API_HEADER_VALUE
+  #     - identifier: catalogi-service
+  #       label: Open Zaak - Catalogi API
+  #       api_root: https://openzaak.example.nl/catalogi/api/v1/
+  #       api_type: ztc
+  #       auth_type: zgw
+  #       client_id: openbeheer.example.nl
+  #       secret: 
+  #         value_from:
+  #           env: OPENZAAK_APPLICATION_SECRET
+  #     - identifier: selectielijst-service
+  #       label: Open Zaak (public) - Selectielijst API
+  #       api_root: https://selectielijst.openzaak.nl/api/v1/
+  #       api_type: orc
+  #       auth_type: no_auth
+  #   api_configuration_enabled: true
+  #   api_configuration:
+  #     selectielijst_service_identifier: selectielijst-service
+  #     objecttypen_service_identifier: objecttypen-service
 
 tags:
   redis: true
@@ -255,6 +281,8 @@ settings:
   # -- The domain where the app is deployed. For example: openbeheer.gemeente.nl
   apiDomain: ""
   apiPath: /api/v1
+  # -- The url to configure links that reference openzaak, e.g. https://openzaak.example.nl/admin
+  openzaakBaseUrl: ""
   # -- Session cookie age in seconds (15 minutes = 900 seconds)
   # IMPORTANT: This value must equal oidcRenewIdTokenExpirySeconds to prevent timeout mismatches
   # If values differ, users may experience unexpected logouts when one expires before the other