From 9c247f1d468c079501c0dd9db25c483bb0ff8342 Mon Sep 17 00:00:00 2001
From: "milan.horvath" <milan.horvath@capgemini.com>
Date: Wed, 7 Feb 2024 23:07:03 +0100
Subject: [PATCH] feat: add keycloak client operator to template

---
 templates/operator-keycloak-client.yaml | 32 +++++++++++++++
 values.yaml                             | 54 +++++++++++++++++++++++++
 2 files changed, 86 insertions(+)
 create mode 100644 templates/operator-keycloak-client.yaml

diff --git a/templates/operator-keycloak-client.yaml b/templates/operator-keycloak-client.yaml
new file mode 100644
index 0000000..1b29e04
--- /dev/null
+++ b/templates/operator-keycloak-client.yaml
@@ -0,0 +1,32 @@
+{{ if .Values.operator.keycloak_client.enabled }}
+apiVersion: onecx.tkit.org/v1
+kind: KeycloakClient
+metadata:
+  name: {{ include "app.fullname" . }}
+  labels:
+    app: {{ include "app.fullname" . }}
+{{ include "app.labels.common" $ | indent 4 }}    
+spec:
+  realm: {{ .Values.operator.keycloak_client.spec.realm }} 
+  type: {{ .Values.operator.keycloak_client.spec.type }} 
+  passwordSecrets: {{ .Values.operator.keycloak_client.spec.passwordSecrets }} 
+  passwordKey: {{ .Values.operator.keycloak_client.spec.passwordKey }} 
+  kcConfig:
+    clientId: {{ .Values.operator.keycloak_client.spec.kcConfig.clientId | default (include "app.fullname" .) }}
+    description: {{ .Values.operator.keycloak_client.spec.kcConfig.description }}
+    enabled: {{ .Values.operator.keycloak_client.spec.kcConfig.enabled }}
+    clientAuthenticatorType: {{ .Values.operator.keycloak_client.spec.kcConfig.clientAuthenticatorType }}
+    password: {{ .Values.operator.keycloak_client.spec.kcConfig.password }}
+    redirectUris: {{ if .Values.operator.keycloak_client.spec.kcConfig.redirectUris }}{{ .Values.operator.keycloak_client.spec.kcConfig.redirectUris | toYaml | nindent 4 }}{{- end }}  
+    webOrigins: {{ if .Values.operator.keycloak_client.spec.kcConfig.webOrigins }}{{ .Values.operator.keycloak_client.spec.kcConfig.webOrigins | toYaml | nindent 4 }}{{- end }}  
+    bearerOnly: {{ .Values.operator.keycloak_client.spec.kcConfig.bearerOnly }}
+    standardFlowEnabled: {{ .Values.operator.keycloak_client.spec.kcConfig.standardFlowEnabled }}
+    implicitFlowEnabled: {{ .Values.operator.keycloak_client.spec.kcConfig.implicitFlowEnabled }}
+    directAccessGrantsEnabled: {{ .Values.operator.keycloak_client.spec.kcConfig.directAccessGrantsEnabled }}
+    serviceAccountsEnabled: {{ .Values.operator.keycloak_client.spec.kcConfig.serviceAccountsEnabled }}
+    publicClient: {{ .Values.operator.keycloak_client.spec.kcConfig.publicClient }}
+    protocol: {{ .Values.operator.keycloak_client.spec.kcConfig.protocol }}
+    defaultClientScopes: {{ if .Values.operator.keycloak_client.spec.kcConfig.defaultClientScopes }}{{ .Values.operator.keycloak_client.spec.kcConfig.defaultClientScopes | toYaml | nindent 4 }}{{- end }}  
+    optionalClientScopes: {{ if .Values.operator.keycloak_client.spec.kcConfig.optionalClientScopes }}{{ .Values.operator.keycloak_client.spec.kcConfig.optionalClientScopes | toYaml | nindent 4 }}{{- end }}  
+    attributes: {{ if .Values.operator.keycloak_client.spec.kcConfig.attributes }}{{ .Values.operator.keycloak_client.spec.kcConfig.attributes | toYaml | nindent 6 }}{{- end }}  
+{{- end }}
diff --git a/values.yaml b/values.yaml
index e260178..1879f44 100644
--- a/values.yaml
+++ b/values.yaml
@@ -237,3 +237,57 @@ operator:
       appId:
       # default deployment name (release_name-name)
       appName:
+
+  # Keycloak client operator
+  keycloak_client:
+    # enabled or disable config for operator
+    enabled: false
+    # definition
+    spec:
+      # keycloak realm where the client has to be created
+      realm:
+      # type of client. Current possibilities [ ui | machine ]
+      type:
+      # Name of Secret where the password is stored (alternative is to set kcConfig.password)
+      passwordSecrets:
+      # Key used in secret where password is stored
+      passwordKey:
+      # Configuration for the keycloak client
+      kcConfig:
+        # default deployment name (release_name-name)
+        clientId:
+        # description for the client
+        description:
+        # flag to enable/disable client in keycloak
+        enabled:
+        # client authenticator type (client-secret)
+        clientAuthenticatorType:
+        # Password to be set for the client (for ui client it can be empty)
+        password:
+        # Redirect uris (used for the ui client). List of Strings
+        redirectUris: []
+        # Web origins (user for the ui client). List of Strings
+        webOrigins: []
+        # Bearer only flag
+        bearerOnly:
+        # Standard flow enabled flag
+        standardFlowEnabled:
+        # Implicit flow enabled flag
+        implicitFlowEnabled:
+        # Direct access grants enable flag
+        directAccessGrantsEnabled:
+        # Service accounts enabled flag
+        serviceAccountsEnabled:
+        # Public client flag
+        publicClient:
+        # Protocol (openid-connect)
+        protocol:
+        # List of string scopes to be added as default
+        defaultClientScopes: []
+        # List of string scopes to be added as optional
+        optionalClientScopes: []
+        # Map of custom attributes
+        attributes:
+          #key1: value1
+          #key2: value2
+