feat: add new keycloak client operator configuration

onecx · Feb 8, 2024 · 58ffafd · 58ffafd
1 parent 67bcb57
commit 58ffafd
Show file tree

Hide file tree

Showing 4 changed files with 78 additions and 33 deletions.
diff --git a/templates/config-keycloak.yaml b/templates/config-keycloak.yaml
diff --git a/templates/operator-keycloak-client.yaml b/templates/operator-keycloak-client.yaml
@@ -0,0 +1,29 @@
+{{ if .Values.operator.keycloak.client.enabled }}
+apiVersion: onecx.tkit.org/v1
+kind: KeycloakClient
+metadata:
+  name: {{ include "app-angular.fullname" . }}
+  labels:
+    app: {{ include "app-angular.fullname" . }}
+{{ include "app-angular.labels.common" $ | indent 4 }}    
+spec:
+  realm: {{ .Values.operator.keycloak.client.spec.realm }} 
+  type: {{ .Values.operator.keycloak.client.spec.type }} 
+  kcConfig:
+    clientId: {{ .Values.operator.keycloak.client.spec.kcConfig.clientId | default (include "app-angular.fullname" .) }}
+    description: {{ .Values.operator.keycloak.client.spec.kcConfig.description }}
+    enabled: {{ .Values.operator.keycloak.client.spec.kcConfig.enabled }}
+    clientAuthenticatorType: {{ .Values.operator.keycloak.client.spec.kcConfig.clientAuthenticatorType }}
+    redirectUris: {{ if .Values.operator.keycloak.client.spec.kcConfig.redirectUris }}{{ .Values.operator.keycloak.client.spec.kcConfig.redirectUris | toYaml | nindent 4 }}{{- end }}  
+    webOrigins: {{ if .Values.operator.keycloak.client.spec.kcConfig.webOrigins }}{{ .Values.operator.keycloak.client.spec.kcConfig.webOrigins | toYaml | nindent 4 }}{{- end }}  
+    bearerOnly: {{ .Values.operator.keycloak.client.spec.kcConfig.bearerOnly }}
+    standardFlowEnabled: {{ .Values.operator.keycloak.client.spec.kcConfig.standardFlowEnabled }}
+    implicitFlowEnabled: {{ .Values.operator.keycloak.client.spec.kcConfig.implicitFlowEnabled }}
+    directAccessGrantsEnabled: {{ .Values.operator.keycloak.client.spec.kcConfig.directAccessGrantsEnabled }}
+    serviceAccountsEnabled: {{ .Values.operator.keycloak.client.spec.kcConfig.serviceAccountsEnabled }}
+    publicClient: {{ .Values.operator.keycloak.client.spec.kcConfig.publicClient }}
+    protocol: {{ .Values.operator.keycloak.client.spec.kcConfig.protocol }}
+    defaultClientScopes: {{ if .Values.operator.keycloak.client.spec.kcConfig.defaultClientScopes }}{{ .Values.operator.keycloak.client.spec.kcConfig.defaultClientScopes | toYaml | nindent 4 }}{{- end }}  
+    optionalClientScopes: {{ if .Values.operator.keycloak.client.spec.kcConfig.optionalClientScopes }}{{ .Values.operator.keycloak.client.spec.kcConfig.optionalClientScopes | toYaml | nindent 4 }}{{- end }}  
+    attributes: {{ if .Values.operator.keycloak.client.spec.kcConfig.attributes }}{{ .Values.operator.keycloak.client.spec.kcConfig.attributes | toYaml | nindent 6 }}{{- end }}  
+{{- end }}
diff --git a/tests/oidc-client.yaml b/tests/oidc-client.yaml
@@ -0,0 +1,4 @@
+operator:
+  keycloak:
+    client:
+      enabled: true
diff --git a/values.yaml b/values.yaml
@@ -181,13 +181,49 @@ operator:
 
   # Keycloak operator
   keycloak:
-    # enabled or disable config for operator
-    enabled: false
-    # keycloak realm
-    realm: master
-    # JSON file in string
+    # Keycloak client operator
     client:
-    # JSON file in string
-    roles:
-    # JSON file in string
-    realms:
+      # enabled or disable config for operator
+      enabled: false
+      # definition
+      spec:
+        # keycloak realm where the client has to be created
+        realm:
+        # type of client. Current possibilities [ ui | machine ]
+        type: ui
+        # Configuration for the keycloak client
+        kcConfig:
+          # default deployment name (release_name-name)
+          clientId:
+          # description for the client
+          description:
+          # flag to enable/disable client in keycloak
+          enabled:
+          # client authenticator type (client-secret)
+          clientAuthenticatorType:
+          # Redirect uris (used for the ui client). List of Strings
+          redirectUris: []
+          # Web origins (user for the ui client). List of Strings
+          webOrigins: []
+          # Bearer only flag
+          bearerOnly:
+          # Standard flow enabled flag
+          standardFlowEnabled:
+          # Implicit flow enabled flag
+          implicitFlowEnabled:
+          # Direct access grants enable flag
+          directAccessGrantsEnabled:
+          # Service accounts enabled flag
+          serviceAccountsEnabled:
+          # Public client flag
+          publicClient:
+          # Protocol (openid-connect)
+          protocol:
+          # List of string scopes to be added as default
+          defaultClientScopes: []
+          # List of string scopes to be added as optional
+          optionalClientScopes: []
+          # Map of custom attributes
+          attributes:
+            #key1: value1
+            #key2: value2