From 58ffafdb5c2c66c5390ead9b2bfdbe868c01188e Mon Sep 17 00:00:00 2001 From: "milan.horvath" Date: Thu, 8 Feb 2024 11:03:35 +0100 Subject: [PATCH] feat: add new keycloak client operator configuration --- templates/config-keycloak.yaml | 24 ----------- templates/operator-keycloak-client.yaml | 29 +++++++++++++ tests/oidc-client.yaml | 4 ++ values.yaml | 54 ++++++++++++++++++++----- 4 files changed, 78 insertions(+), 33 deletions(-) delete mode 100644 templates/config-keycloak.yaml create mode 100644 templates/operator-keycloak-client.yaml create mode 100644 tests/oidc-client.yaml diff --git a/templates/config-keycloak.yaml b/templates/config-keycloak.yaml deleted file mode 100644 index 5f22541..0000000 --- a/templates/config-keycloak.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ if .Values.operator.keycloak.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "app-angular.fullname" . }}-kc-config" - annotations: - tkit.kc.cli/target-realm: {{ .Values.global.operator.keycloak.realm | default .Values.operator.keycloak.realm }} - labels: - app: {{ include "app-angular.fullname" . }} -{{ include "app-angular.labels.common" $ | indent 4 }} -data: -{{ if .Values.operator.keycloak.client }} - client: |- -{{ $.Values.operator.keycloak.client | indent 4 }} -{{- end }} -{{ if .Values.operator.keycloak.roles }} - roles: |- -{{ $.Values.operator.keycloak.roles | indent 4 }} -{{- end }} -{{ if .Values.operator.keycloak.realms }} - realms: |- -{{ $.Values.operator.keycloak.realms | indent 4 }} -{{- end }} -{{- end }} diff --git a/templates/operator-keycloak-client.yaml b/templates/operator-keycloak-client.yaml new file mode 100644 index 0000000..91a1233 --- /dev/null +++ b/templates/operator-keycloak-client.yaml @@ -0,0 +1,29 @@ +{{ if .Values.operator.keycloak.client.enabled }} +apiVersion: onecx.tkit.org/v1 +kind: KeycloakClient +metadata: + name: {{ include "app-angular.fullname" . }} + labels: + app: {{ include "app-angular.fullname" . }} +{{ include "app-angular.labels.common" $ | indent 4 }} +spec: + realm: {{ .Values.operator.keycloak.client.spec.realm }} + type: {{ .Values.operator.keycloak.client.spec.type }} + kcConfig: + clientId: {{ .Values.operator.keycloak.client.spec.kcConfig.clientId | default (include "app-angular.fullname" .) }} + description: {{ .Values.operator.keycloak.client.spec.kcConfig.description }} + enabled: {{ .Values.operator.keycloak.client.spec.kcConfig.enabled }} + clientAuthenticatorType: {{ .Values.operator.keycloak.client.spec.kcConfig.clientAuthenticatorType }} + redirectUris: {{ if .Values.operator.keycloak.client.spec.kcConfig.redirectUris }}{{ .Values.operator.keycloak.client.spec.kcConfig.redirectUris | toYaml | nindent 4 }}{{- end }} + webOrigins: {{ if .Values.operator.keycloak.client.spec.kcConfig.webOrigins }}{{ .Values.operator.keycloak.client.spec.kcConfig.webOrigins | toYaml | nindent 4 }}{{- end }} + bearerOnly: {{ .Values.operator.keycloak.client.spec.kcConfig.bearerOnly }} + standardFlowEnabled: {{ .Values.operator.keycloak.client.spec.kcConfig.standardFlowEnabled }} + implicitFlowEnabled: {{ .Values.operator.keycloak.client.spec.kcConfig.implicitFlowEnabled }} + directAccessGrantsEnabled: {{ .Values.operator.keycloak.client.spec.kcConfig.directAccessGrantsEnabled }} + serviceAccountsEnabled: {{ .Values.operator.keycloak.client.spec.kcConfig.serviceAccountsEnabled }} + publicClient: {{ .Values.operator.keycloak.client.spec.kcConfig.publicClient }} + protocol: {{ .Values.operator.keycloak.client.spec.kcConfig.protocol }} + defaultClientScopes: {{ if .Values.operator.keycloak.client.spec.kcConfig.defaultClientScopes }}{{ .Values.operator.keycloak.client.spec.kcConfig.defaultClientScopes | toYaml | nindent 4 }}{{- end }} + optionalClientScopes: {{ if .Values.operator.keycloak.client.spec.kcConfig.optionalClientScopes }}{{ .Values.operator.keycloak.client.spec.kcConfig.optionalClientScopes | toYaml | nindent 4 }}{{- end }} + attributes: {{ if .Values.operator.keycloak.client.spec.kcConfig.attributes }}{{ .Values.operator.keycloak.client.spec.kcConfig.attributes | toYaml | nindent 6 }}{{- end }} +{{- end }} diff --git a/tests/oidc-client.yaml b/tests/oidc-client.yaml new file mode 100644 index 0000000..cf08c6f --- /dev/null +++ b/tests/oidc-client.yaml @@ -0,0 +1,4 @@ +operator: + keycloak: + client: + enabled: true \ No newline at end of file diff --git a/values.yaml b/values.yaml index 467f31d..e067c10 100644 --- a/values.yaml +++ b/values.yaml @@ -181,13 +181,49 @@ operator: # Keycloak operator keycloak: - # enabled or disable config for operator - enabled: false - # keycloak realm - realm: master - # JSON file in string + # Keycloak client operator client: - # JSON file in string - roles: - # JSON file in string - realms: + # enabled or disable config for operator + enabled: false + # definition + spec: + # keycloak realm where the client has to be created + realm: + # type of client. Current possibilities [ ui | machine ] + type: ui + # Configuration for the keycloak client + kcConfig: + # default deployment name (release_name-name) + clientId: + # description for the client + description: + # flag to enable/disable client in keycloak + enabled: + # client authenticator type (client-secret) + clientAuthenticatorType: + # Redirect uris (used for the ui client). List of Strings + redirectUris: [] + # Web origins (user for the ui client). List of Strings + webOrigins: [] + # Bearer only flag + bearerOnly: + # Standard flow enabled flag + standardFlowEnabled: + # Implicit flow enabled flag + implicitFlowEnabled: + # Direct access grants enable flag + directAccessGrantsEnabled: + # Service accounts enabled flag + serviceAccountsEnabled: + # Public client flag + publicClient: + # Protocol (openid-connect) + protocol: + # List of string scopes to be added as default + defaultClientScopes: [] + # List of string scopes to be added as optional + optionalClientScopes: [] + # Map of custom attributes + attributes: + #key1: value1 + #key2: value2