From 6f23b514d0332500cec88d3c75b75f4a1daff2b8 Mon Sep 17 00:00:00 2001 From: GeorgeRaven Date: Thu, 4 Sep 2025 22:47:46 +0100 Subject: [PATCH] Added keycloak complete overhaul --- .../templates/oidc/oidc-client.yaml | 2 ++ .../templates/oidc/oidc-scopes.yaml | 2 +- charts/auth/values.yaml | 2 +- charts/backstage/templates/oidc/oidc.yaml | 2 +- .../bytestash/templates/oidc/oidc-client.yaml | 2 ++ .../bytestash/templates/oidc/oidc-scopes.yaml | 2 +- .../templates/keycloak/keycloak.sealed.yaml | 16 --------- .../templates/keycloak/provider-config.yaml | 13 -------- charts/gitea/templates/oidc/oidc-client.yaml | 2 ++ charts/gitea/templates/oidc/oidc-scopes.yaml | 2 +- .../grafana/templates/oidc/oidc-client.yaml | 2 ++ .../grafana/templates/oidc/oidc-scopes.yaml | 2 +- charts/harbor/templates/oidc/oidc.yaml | 2 +- .../clients/builtin-realm-management.yaml | 20 ----------- .../keycloak-late/templates/groups/admin.yaml | 25 -------------- .../templates/groups/george.yaml | 12 ------- .../client-roles-in-all-tokens.yaml | 29 ---------------- .../protocol-mappers/flattened-mapper.yaml | 30 ----------------- .../templates/protocol-mappers/groups.yaml | 23 ------------- .../protocol-mappers/nextcloud-legacy-id.yaml | 33 ------------------- .../templates/realms/realm-deepcypher.yaml | 30 ----------------- .../templates/realms/smtp-pm.sealed.yaml | 4 +-- .../templates/realms/smtp.sealed.yaml | 17 ---------- .../keycloak-late/templates/roles/admin.yaml | 12 ------- .../templates/roles/builtin-realm-admin.yaml | 22 ------------- .../templates/scopes/groups.yaml | 12 ------- .../templates/scopes/nextcloud-legacy-id.yaml | 12 ------- .../scopes/scope-flattened-roles.yaml | 11 ------- .../scopes/scope-roles-in-all-tokens.yaml | 12 ------- .../templates/users/george.sealed.yaml | 6 ++-- .../templates/users/user-george.yaml | 6 ++-- charts/keycloak/values.yaml | 7 ++++ charts/kro-config/templates/oidc.yaml | 2 ++ .../nextcloud/templates/oidc/oidc-client.yaml | 2 ++ .../nextcloud/templates/oidc/oidc-scopes.yaml | 2 +- .../templates/oidc/oidc-client.yaml | 2 ++ .../templates/oidc/oidc-scopes.yaml | 2 +- charts/opencloud/templates/oidc.yaml | 2 +- charts/penpot/templates/oidc/oidc-client.yaml | 2 ++ charts/penpot/templates/oidc/oidc-scopes.yaml | 2 +- charts/wikijs/templates/oidc/oidc-client.yaml | 2 ++ charts/wikijs/templates/oidc/oidc-scopes.yaml | 2 +- 42 files changed, 45 insertions(+), 349 deletions(-) delete mode 100644 charts/crossplane-late/templates/keycloak/keycloak.sealed.yaml delete mode 100644 charts/keycloak-late/templates/protocol-mappers/flattened-mapper.yaml delete mode 100644 charts/keycloak-late/templates/realms/smtp.sealed.yaml delete mode 100644 charts/keycloak-late/templates/scopes/scope-flattened-roles.yaml diff --git a/charts/argo-workflows/templates/oidc/oidc-client.yaml b/charts/argo-workflows/templates/oidc/oidc-client.yaml index d478a8e3..15fe6eed 100644 --- a/charts/argo-workflows/templates/oidc/oidc-client.yaml +++ b/charts/argo-workflows/templates/oidc/oidc-client.yaml @@ -4,6 +4,8 @@ metadata: name: workflows spec: deletionPolicy: Delete + providerConfigRef: + name: owncloak forProvider: realmIdRef: name: {{ .Values.oidc.realm }} diff --git a/charts/argo-workflows/templates/oidc/oidc-scopes.yaml b/charts/argo-workflows/templates/oidc/oidc-scopes.yaml index d7a4d3dd..db5251aa 100644 --- a/charts/argo-workflows/templates/oidc/oidc-scopes.yaml +++ b/charts/argo-workflows/templates/oidc/oidc-scopes.yaml @@ -22,4 +22,4 @@ spec: # needed by workflows - flattened-roles providerConfigRef: - name: default + name: owncloak diff --git a/charts/auth/values.yaml b/charts/auth/values.yaml index f5887a0b..35b1b5fe 100644 --- a/charts/auth/values.yaml +++ b/charts/auth/values.yaml @@ -10,7 +10,7 @@ keycloak: existingSecret: postgres # containing `password` and `postgres-password` ingress: - enabled: true + enabled: false annotations: cert-manager.io/cluster-issuer: letsencrypt-dns traefik.ingress.kubernetes.io/router.middlewares: traefik-headers@kubernetescrd,auth-base-redirect@kubernetescrd diff --git a/charts/backstage/templates/oidc/oidc.yaml b/charts/backstage/templates/oidc/oidc.yaml index aabcec0e..92828f11 100644 --- a/charts/backstage/templates/oidc/oidc.yaml +++ b/charts/backstage/templates/oidc/oidc.yaml @@ -38,6 +38,6 @@ spec: realm: {{ .Values.oidc.realm }} baseUrl: {{ printf "https://auth.%s/realms/%s" .Values.environment.baseDomain .Values.oidc.realm }} crossplane: - providerConfig: keycloak # the name of the crossplane provider config + providerConfig: owncloak # the name of the crossplane provider config configmap: name: oidc-urls diff --git a/charts/bytestash/templates/oidc/oidc-client.yaml b/charts/bytestash/templates/oidc/oidc-client.yaml index db9d47c6..06a1b6d4 100644 --- a/charts/bytestash/templates/oidc/oidc-client.yaml +++ b/charts/bytestash/templates/oidc/oidc-client.yaml @@ -4,6 +4,8 @@ metadata: name: bytestash spec: deletionPolicy: Delete + providerConfigRef: + name: owncloak forProvider: realmIdRef: name: {{ .Values.oidc.realm }} diff --git a/charts/bytestash/templates/oidc/oidc-scopes.yaml b/charts/bytestash/templates/oidc/oidc-scopes.yaml index b4adf454..13ad5a73 100644 --- a/charts/bytestash/templates/oidc/oidc-scopes.yaml +++ b/charts/bytestash/templates/oidc/oidc-scopes.yaml @@ -21,4 +21,4 @@ spec: # needed by bytestash - flattened-roles providerConfigRef: - name: default + name: owncloak diff --git a/charts/crossplane-late/templates/keycloak/keycloak.sealed.yaml b/charts/crossplane-late/templates/keycloak/keycloak.sealed.yaml deleted file mode 100644 index aa0f92f9..00000000 --- a/charts/crossplane-late/templates/keycloak/keycloak.sealed.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: keycloak - namespace: crossplane -spec: - encryptedData: - credentials: AgBNpLMbmSmkC647reapFBuO7KAEUmtrIsYQDrZU27y2kVRbJwgiL/+HjB0PMVG455yxBcg+unDP2ScoOsvdQ8jE6jI+i+tiLQPNdAVkl7cgAtub8eY4v5ojVaYEdh/7bkVsTrSu5ObtyZpfFaPxElRb8LFHo/fhZOBpxidlyKaUIFg61J3SIBJCXffy0b7Ts2LaPdkQsInpTrAvMKTXaGqZa9BR5RACvDXO8QEz3rgEqH6qmvxYcQUngcFzF6jGEFkS2URcFb0WEtq/bh6VTjt6YIuar9p6hVSz0Y5HxN3NrFucLkPFZrNLCbg6X/DZYsqoAebtYPYPc14ubIjGCskGY66FV78SPDEe+Wi33km7lk6sGbQLlbSCPwIMAUGB9+PPq3LP37lL8gGv/orzS89mxM+fqZfQWuyom1gfrCZJciUbs8GYpXqcBvM06Se+y/NdLeS0T58yGofYnwIHmFuevnZ195KAWpJbWjazqMriTEAEdv6y3IMRrqlIYPoDOfL/OztNvUYIRQDg6PTUVMQ/KtLC2nActIZrSBO5ej9BX3O++1+177i20U/TbVj4atGrzHMR2sG9/1w2hMN0yk6IBeYkgR5c0++K8Ae0UjvkKWzgdSAhnP+nFZtj/AxIng3K9LBZQG1YWZAh00Ax1+CA47OuUTe/lQY9j4UhrH+tNSsBqhVELPu+u+NFlK4c5e/i20v7TCSawvrZWRSCtQT7oOOyfDKbZbE6lv7lk1RWtC9QjvPe7EW0dVuprTfI86Kp17UwCz8QXlc4IxiDXMQ+0zcZkJkYx4bwIgYHKRi0+ZduXZ9AoxU1KyxAl4b+jnRBQbVPEXsyDgrvlqZR2F8uJKiu0SAIA6C8DsUlcLkl3c+fDTqEhJOLJUuigBghzHoNQm4ujZ7YXJHEecO22OsqjXMjtvtZEdXsMiN287uuYp96Az7AOdL3lZRRYCVYG3UW0Y/rpdTIxv9UyTLYsuyjq+gYKQ6m - template: - metadata: - creationTimestamp: null - name: keycloak - namespace: crossplane - type: Opaque diff --git a/charts/crossplane-late/templates/keycloak/provider-config.yaml b/charts/crossplane-late/templates/keycloak/provider-config.yaml index 82b06e09..889d9ee9 100644 --- a/charts/crossplane-late/templates/keycloak/provider-config.yaml +++ b/charts/crossplane-late/templates/keycloak/provider-config.yaml @@ -1,16 +1,3 @@ -# this is here for backwards compatibility -apiVersion: keycloak.crossplane.io/v1beta1 -kind: ProviderConfig -metadata: - name: default -spec: - credentials: - source: Secret - secretRef: - name: keycloak - namespace: crossplane - key: credentials ---- apiVersion: keycloak.crossplane.io/v1beta1 kind: ProviderConfig metadata: diff --git a/charts/gitea/templates/oidc/oidc-client.yaml b/charts/gitea/templates/oidc/oidc-client.yaml index bead248c..c071ca12 100644 --- a/charts/gitea/templates/oidc/oidc-client.yaml +++ b/charts/gitea/templates/oidc/oidc-client.yaml @@ -4,6 +4,8 @@ metadata: name: gitea spec: deletionPolicy: Delete + providerConfigRef: + name: owncloak forProvider: realmIdRef: name: {{ .Values.oidc.realm }} diff --git a/charts/gitea/templates/oidc/oidc-scopes.yaml b/charts/gitea/templates/oidc/oidc-scopes.yaml index 0bbd3b44..79f67601 100644 --- a/charts/gitea/templates/oidc/oidc-scopes.yaml +++ b/charts/gitea/templates/oidc/oidc-scopes.yaml @@ -22,4 +22,4 @@ spec: # needed by gitea - flattened-roles providerConfigRef: - name: default + name: owncloak diff --git a/charts/grafana/templates/oidc/oidc-client.yaml b/charts/grafana/templates/oidc/oidc-client.yaml index 60afb406..7f512ebc 100644 --- a/charts/grafana/templates/oidc/oidc-client.yaml +++ b/charts/grafana/templates/oidc/oidc-client.yaml @@ -5,6 +5,8 @@ metadata: spec: # https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/keycloak/ deletionPolicy: Delete + providerConfigRef: + name: owncloak forProvider: realmIdRef: name: {{ .Values.oidc.realm }} diff --git a/charts/grafana/templates/oidc/oidc-scopes.yaml b/charts/grafana/templates/oidc/oidc-scopes.yaml index adcaceee..83b14072 100644 --- a/charts/grafana/templates/oidc/oidc-scopes.yaml +++ b/charts/grafana/templates/oidc/oidc-scopes.yaml @@ -21,4 +21,4 @@ spec: # needed by grafana - flattened-roles providerConfigRef: - name: default + name: owncloak diff --git a/charts/harbor/templates/oidc/oidc.yaml b/charts/harbor/templates/oidc/oidc.yaml index c5885161..0ffcee5b 100644 --- a/charts/harbor/templates/oidc/oidc.yaml +++ b/charts/harbor/templates/oidc/oidc.yaml @@ -38,6 +38,6 @@ spec: realm: {{ .Values.oidc.realm }} baseUrl: {{ printf "https://auth.%s/realms/%s" .Values.environment.baseDomain .Values.oidc.realm }} crossplane: - providerConfig: keycloak # the name of the crossplane provider config + providerConfig: owncloak # the name of the crossplane provider config configmap: name: oidc-urls diff --git a/charts/keycloak-late/templates/clients/builtin-realm-management.yaml b/charts/keycloak-late/templates/clients/builtin-realm-management.yaml index ec616cb0..af957c4d 100644 --- a/charts/keycloak-late/templates/clients/builtin-realm-management.yaml +++ b/charts/keycloak-late/templates/clients/builtin-realm-management.yaml @@ -3,26 +3,6 @@ # THIS SHOULD NOT BE USED TO MODIFY THE CLIENT apiVersion: openidclient.keycloak.crossplane.io/v1alpha1 kind: Client -metadata: - name: deepcypher-realm-management -spec: - deletionPolicy: Orphan - forProvider: - realmIdRef: - name: deepcypher - name: realm-management - clientId: realm-management - description: "Built-in realm management client" - managementPolicies: - - Observe - providerConfigRef: - name: default ---- -# THIS IS A BUILT IN KEYCLOAK CLIENT -# THIS IS ONLY HERE TO TRACK / OBSERVE IT -# THIS SHOULD NOT BE USED TO MODIFY THE CLIENT -apiVersion: openidclient.keycloak.crossplane.io/v1alpha1 -kind: Client metadata: name: own-deepcypher-realm-management spec: diff --git a/charts/keycloak-late/templates/groups/admin.yaml b/charts/keycloak-late/templates/groups/admin.yaml index eb5aaad2..0fbfd58c 100644 --- a/charts/keycloak-late/templates/groups/admin.yaml +++ b/charts/keycloak-late/templates/groups/admin.yaml @@ -1,30 +1,5 @@ apiVersion: group.keycloak.crossplane.io/v1alpha1 kind: Group -metadata: - name: admin -spec: - deletionPolicy: Delete - forProvider: - realmId: deepcypher - name: admin ---- -apiVersion: group.keycloak.crossplane.io/v1alpha1 -kind: Roles -metadata: - name: admin -spec: - forProvider: - realmId: deepcypher - groupIdRef: - name: admin - roleIdsRefs: - - name: admin - - name: deepcypher-realm-management-realm-admin - providerConfigRef: - name: default ---- -apiVersion: group.keycloak.crossplane.io/v1alpha1 -kind: Group metadata: name: own-admin spec: diff --git a/charts/keycloak-late/templates/groups/george.yaml b/charts/keycloak-late/templates/groups/george.yaml index e108836f..a9ab714c 100644 --- a/charts/keycloak-late/templates/groups/george.yaml +++ b/charts/keycloak-late/templates/groups/george.yaml @@ -1,17 +1,5 @@ apiVersion: group.keycloak.crossplane.io/v1alpha1 kind: Group -metadata: - name: george -spec: - deletionPolicy: Delete - forProvider: - realmId: deepcypher - name: george - attributes: - nextcloud-legacy-id: archer ---- -apiVersion: group.keycloak.crossplane.io/v1alpha1 -kind: Group metadata: name: own-george spec: diff --git a/charts/keycloak-late/templates/protocol-mappers/client-roles-in-all-tokens.yaml b/charts/keycloak-late/templates/protocol-mappers/client-roles-in-all-tokens.yaml index e664e60c..94632b37 100644 --- a/charts/keycloak-late/templates/protocol-mappers/client-roles-in-all-tokens.yaml +++ b/charts/keycloak-late/templates/protocol-mappers/client-roles-in-all-tokens.yaml @@ -2,35 +2,6 @@ # resource_access..roles apiVersion: client.keycloak.crossplane.io/v1alpha1 kind: ProtocolMapper -metadata: - name: client-roles-in-all-tokens -spec: - forProvider: - realmIdRef: - name: deepcypher - clientScopeIdRef: - name: roles-in-all-tokens - name: client-roles-in-all-tokens - protocol: openid-connect - # to find the config keys see: - # https://github.com/keycloak/keycloak/blob/d089e23aef560f9d9ceb96490d68a64aa910b79b/services/src/main/java/org/keycloak/protocol/oidc/mappers/UserClientRoleMappingMapper.java#L39 - protocolMapper: oidc-usermodel-client-role-mapper - config: - id.token.claim: "true" - access.token.claim: "true" - userinfo.token.claim: "true" - lightweight.claim: "true" - introspection.token.claim: "true" - multivalued: "true" - claim.name: "resource_access.${client_id}.roles" - jsonType.label: "String" - providerConfigRef: - name: default ---- -# this adds client roles to all tokens under the claim: -# resource_access..roles -apiVersion: client.keycloak.crossplane.io/v1alpha1 -kind: ProtocolMapper metadata: name: own-client-roles-in-all-tokens spec: diff --git a/charts/keycloak-late/templates/protocol-mappers/flattened-mapper.yaml b/charts/keycloak-late/templates/protocol-mappers/flattened-mapper.yaml deleted file mode 100644 index fb313fea..00000000 --- a/charts/keycloak-late/templates/protocol-mappers/flattened-mapper.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# see: https://marketplace.upbound.io/providers/crossplane-contrib/provider-keycloak/v1.8.0/resources/client.keycloak.crossplane.io/ProtocolMapper/v1alpha1 -# role mapper example -apiVersion: client.keycloak.crossplane.io/v1alpha1 -kind: ProtocolMapper -metadata: - name: flattened-mapper -spec: - forProvider: - realmIdRef: - name: deepcypher - #clientId: grafana - clientScopeIdRef: - name: flattened-roles - name: flattened-mapper - protocol: openid-connect - protocolMapper: oidc-usermodel-realm-role-mapper - config: - # for available options: - # see: https://github.com/crossplane-contrib/provider-keycloak/issues/90 - # and: https://github.com/keycloak/keycloak/blob/cc558b4090eb6707e269d9a581945a6424d0adbc/services/src/main/java/org/keycloak/protocol/oidc/mappers/UserRealmRoleMappingMapper.java#L40 - # which links to the OIDCAttributeMapperHelper at https://github.com/keycloak/keycloak/blob/cc558b4090eb6707e269d9a581945a6424d0adbc/services/src/main/java/org/keycloak/protocol/oidc/mappers/UserRealmRoleMappingMapper.java#L61 - # which then references: https://github.com/keycloak/keycloak/blob/cc558b4090eb6707e269d9a581945a6424d0adbc/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAttributeMapperHelper.java#L57 - id.token.claim: "true" - access.token.claim: "true" - userinfo.token.claim: "true" - multivalued: "true" - claim.name: "roles" - jsonType.label: "String" - providerConfigRef: - name: default diff --git a/charts/keycloak-late/templates/protocol-mappers/groups.yaml b/charts/keycloak-late/templates/protocol-mappers/groups.yaml index 33c42a62..0c2cf6d9 100644 --- a/charts/keycloak-late/templates/protocol-mappers/groups.yaml +++ b/charts/keycloak-late/templates/protocol-mappers/groups.yaml @@ -1,28 +1,5 @@ apiVersion: client.keycloak.crossplane.io/v1alpha1 kind: ProtocolMapper -metadata: - name: groups -spec: - forProvider: - realmIdRef: - name: deepcypher - clientScopeIdRef: - name: groups - name: groups - protocol: openid-connect - # https://github.com/keycloak/keycloak/blob/cc558b4090eb6707e269d9a581945a6424d0adbc/services/src/main/java/org/keycloak/protocol/oidc/mappers/GroupMembershipMapper.java#L59C47-L59C75 - protocolMapper: oidc-group-membership-mapper - config: - # https://github.com/keycloak/keycloak/blob/0aa14c19e11752898935c36ea7df55a0aa72a5aa/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAttributeMapperHelper.java#L52-L79 - claim.name: "groups" - id.token.claim: "true" - access.token.claim: "true" - userinfo.token.claim: "true" - providerConfigRef: - name: default ---- -apiVersion: client.keycloak.crossplane.io/v1alpha1 -kind: ProtocolMapper metadata: name: own-groups spec: diff --git a/charts/keycloak-late/templates/protocol-mappers/nextcloud-legacy-id.yaml b/charts/keycloak-late/templates/protocol-mappers/nextcloud-legacy-id.yaml index dd3d8e8c..ad1aeb06 100644 --- a/charts/keycloak-late/templates/protocol-mappers/nextcloud-legacy-id.yaml +++ b/charts/keycloak-late/templates/protocol-mappers/nextcloud-legacy-id.yaml @@ -2,39 +2,6 @@ # role mapper example apiVersion: client.keycloak.crossplane.io/v1alpha1 kind: ProtocolMapper -metadata: - name: nextcloud-legacy-id -spec: - forProvider: - realmIdRef: - name: deepcypher - #clientId: grafana - clientScopeIdRef: - name: nextcloud-legacy-id - name: nextcloud-legacy-id - protocol: openid-connect - # name comes from https://github.com/keycloak/keycloak/blob/cc558b4090eb6707e269d9a581945a6424d0adbc/services/src/main/java/org/keycloak/protocol/oidc/mappers/UserAttributeMapper.java#L69 - protocolMapper: oidc-usermodel-attribute-mapper - config: - # for available options: - # which links to the OIDCAttributeMapperHelper at https://github.com/keycloak/keycloak/blob/cc558b4090eb6707e269d9a581945a6424d0adbc/services/src/main/java/org/keycloak/protocol/oidc/mappers/UserRealmRoleMappingMapper.java#L61 - # which then references: https://github.com/keycloak/keycloak/blob/cc558b4090eb6707e269d9a581945a6424d0adbc/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAttributeMapperHelper.java#L57 - id.token.claim: "true" - access.token.claim: "true" - userinfo.token.claim: "true" - user.attribute: "nextcloud-legacy-id" - - #multivalued: "true" - claim.name: "nextcloud-legacy-id" - - jsonType.label: "String" - providerConfigRef: - name: default ---- -# see: https://marketplace.upbound.io/providers/crossplane-contrib/provider-keycloak/v1.8.0/resources/client.keycloak.crossplane.io/ProtocolMapper/v1alpha1 -# role mapper example -apiVersion: client.keycloak.crossplane.io/v1alpha1 -kind: ProtocolMapper metadata: name: own-nextcloud-legacy-id spec: diff --git a/charts/keycloak-late/templates/realms/realm-deepcypher.yaml b/charts/keycloak-late/templates/realms/realm-deepcypher.yaml index 0fc740f1..d67aba71 100644 --- a/charts/keycloak-late/templates/realms/realm-deepcypher.yaml +++ b/charts/keycloak-late/templates/realms/realm-deepcypher.yaml @@ -1,35 +1,5 @@ apiVersion: realm.keycloak.crossplane.io/v1alpha1 kind: Realm -metadata: - name: deepcypher -spec: - forProvider: - realm: deepcypher - registrationAllowed: false - # resetPasswordAllowed: true - rememberMe: true - verifyEmail: true - smtpServer: - - from: "noreply@smtp.deepcypher.me" - fromDisplayName: "DeepCypher ({{ .Values.environment.name }})" - host: "in-v3.mailjet.com" - port: "587" # chesterton fence its a string not an int - ssl: false - starttls: true - auth: - - username: "bf3439d38ac0407e26b6d150c0dc31b0" - passwordSecretRef: - name: smtp - namespace: auth - key: password - securityDefenses: - - bruteForceDetection: - - failureResetTimeSeconds: 500 - maxLoginFailures: 5 - waitIncrementSeconds: 500 ---- -apiVersion: realm.keycloak.crossplane.io/v1alpha1 -kind: Realm metadata: name: owncloak-deepcypher spec: diff --git a/charts/keycloak-late/templates/realms/smtp-pm.sealed.yaml b/charts/keycloak-late/templates/realms/smtp-pm.sealed.yaml index 3409d655..dd026951 100644 --- a/charts/keycloak-late/templates/realms/smtp-pm.sealed.yaml +++ b/charts/keycloak-late/templates/realms/smtp-pm.sealed.yaml @@ -7,8 +7,8 @@ metadata: namespace: keycloak spec: encryptedData: - password: AgBx3VygvC71VXPe0dMzsYhwx6VLDh9Thj6ygDu4u08xaGrxTc9qBsLkzWRWOPiIAN8fFDQhLXkow2/44DJ5MzwhDErkhRSqaUzM4dBpbSr5f5pZsZ25jNZ4ipLOr8WPMsbfHREh45HkdWyhDMF6wBYHk2+8m790eDjaBJZ2oqlxcYICUo8dKLfjbNfQJOCZsnoZeuqQoFJq5YoW7aQay7cYtu2/UToTuXuC2V0vINCLALwEO1GuQ7W6v+AHaan3iYiKkvAitxM8nBTSoffgbR7zh6PjzrMT/bCn0bNRoJ+Q26CVU5cuZV8ld4plyIff141uF3yGgGEHTM7k9AMVeTS5qnkWw14MkVzEoQwgYWBn0iTl9OLrY8At3l+AoNFbh799PAM3sxsZR+LxRfxGc/a9cp00q1B36sIJGE7tI+ULa+USmILnop9ugeC188HHyJKRCBUo8xDeT0EiGfda6Gs0VWI21EtIqdvLFWCJ5atnH51132i1/UfMXrWFIMxtS/BZ+7iZ1EhDLJlvlZulmlGf/llShzwzGvhw5mg1xAEgNVrttZS+3z67MJH0pgXyteDgZcE0bEhHPr6E1eXEwolMAiHrGEqjSV/8l3xWt3QuyH+j0/h1CR3pb2rIkq7Sv++NfawD2o2+o9sy1A6/854cabheBDDtAsvJTLYOL8qSj0pR/yHhm5OcDrfBFoQR3mOAiJkGq3qsPaHdDdmTFaqW - username: AgCZ7YFDK1kOq4GgqIht/TB6ZamJI9magp4xlfq92Ye6uy1aGOQLr9Ssd6UBJvywiI/KCtXkFX+QkeLBwBBWu++54bWeYOugkCoL70BLZw675s2BaDO+ulZs090T9ykwCT/0rBME97IeCod1D310cVZrolmc+irbTV+jKXc8oQJIUFMVfnyhMq1HB7wzBMQ6iBo+/kqw2lQkCr2q9w+T9awO/BKwdKO7OOoGkMWkrgxSvykzlWvGFuQfaVeCCpXF1WANnjMRQXI1MpBNjtt8hG4iX7ibCn4bsL7fONS+8MPnOcqi1wKAPHL5lRFIqixDnFKL+7l4HF79qPFROpUlGgsaGvm96eHA8sbX7ku3ZzG4NxsUBwUt47pHiZ9w6UhmaVtnvwZ51Qh7vkC11OZvYG2kcPB7AHGQ8jEtii2BB9SoNJqekrQ2Qm46noxw3XLrmGulycWdq01yzfxqaGwqjEBeFWwgvIH+Gx/wecdo3rU+HDVhYiYpvlVQkaRKcjZ9pOtJLa9OtVChRP6KjaEIHVAkW5qIYP25NmyxJ81strmQR4jNczcl4FWoqTt8Cb6NjgILaD15p9ubdz1UeCWoQB/mLuEMPqSBmoToK7KEDIByTKaFfH2c+5H7kOtGjyYRvwFdFtYOzfI3qHujeTc9BnlWGTpsehz78SaBkWDIbKRxd3kttAlI2Xd/LhWC3d7F2/cKc8+Jj/cM0Tkw3DTECKqxAkOKI9Y= + password: AgCG2FtyKoGj1PUV1mNWLGhNBwqpw87o+uLzW3LxJPIv5oM6QgZJpz1ZYrCIAw0UNSR9AGX5rJBfSwn9HOrj+M0MTJBImdIX5vOmFY89yiWBu08xAuXYFmQES294V2ool8zJaTcrIzBbrm1mfQBziQs9S4tP2DVDQsPYmeivV8KZe0dcydjuFEzrkgWZLnFTSaPXhRxQF+ovNRIqpQBfInqwl6F8qdzxeX0WJOu6VxeZUqlHjKsFQUlkzHYbks+PX/R7l5bO2DmJQiy9w4/4k6hfTgBPawrzrpQaRrbuSGULHC/mQyCdO9W6U4FsA+9BYSH5fS4roIFP+jLLsCKftuePnYgDkxAlxzkhipKLO/KEP5wYzjAlkNsb0TWjgVa1Cs8MRJ/PNdFxMOpDCeAxCTb33TDi977yBgt8MLFV03jvWoUD3hck9MZ8jON7/O+oVJc4Th7AIhc9cVr9GUR7G2KHtGbzwbdXDy/F8y6sEMceZB/z5y0JEtymFZXqpFzq3QszBJQSbp5875Qr5s9ud+mpmSS/kkEu7RyCz6T4G5v3FX1jJkPQypizZjyb/LHVUPRI8HOAPj3sdXWO7wEgAwHrpYJ+4grHVYoqqhg6xvt3Qp7y47CnP7JUeM+Am/kO7Uourrxv1hpYR8y/e4l5g3OpisNZ9hP0SwFByCRBbPsELObmeXetQodn4/h94xyXcoZiFbCLC+G04Q7TX4+bSLje + username: AgBHRp3e4lwksmd+b55LDQJ/yGnpym0is5c3GU3ncWj2vf58p8kumpmQm3ZX4rIE07LHKhRUGe1O5fEbAPQWVT+1qVy7WdxtqZlGl6kMoovK71TD7uqdehk5fHydXeH7hbx77xMnUsGzyXIBHFRNBmxpAJOC161QTmDhD+OqOy46IXRDbEf/7mMcLs8arP5FElYMgo+FJVSOJ8baCzmvvsVMg1RtlDPo1cOmAq0VCBR7r+fx+zT9YZstAt8MjmUY9eE31of5czZI8SG3UFuRtfnMhtkCz/JJyNXuW/Ap52Ijlt6USc56Y7+XPKKHCFwWyxgG7T97yBQ+KsPPEdK4MhrYo/SKUwrdm8NEBHPSMMjJOb0knWe8dONrpdrQt9sF87ckTyKVB/f/2oB3A0aO8ozIH4esPYjglgu7bgRDRq2/10LwqehmJ7tHK0p6dA+6LM0MVMidvu0Q0p6efacOs4ipIEEN1VjQCzHKv33F7lWBOEapT11eCHpAV9YSNYopz2ZSlLDhELNW8XNur5JgIHLRJ+9xaQiRebBoP6S6sF1zBk28dY9tkwA9BmPDCFf5JP+E9X+tB2xo0OmYOCZ5IFeQhmoJLgcPdAQfLRiFb/4FTZwYWblgCjMhyJoa1ZvgQPdP69PlwstitfWD6xrJKa83sf8einj+eU1jhx1mJDIak4ONNx6Zu/qn4bldTybfjtpohUSCu2FGUr6RnmLA4nAI2oFgOMk= template: metadata: creationTimestamp: null diff --git a/charts/keycloak-late/templates/realms/smtp.sealed.yaml b/charts/keycloak-late/templates/realms/smtp.sealed.yaml deleted file mode 100644 index 17d0d610..00000000 --- a/charts/keycloak-late/templates/realms/smtp.sealed.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: smtp - namespace: auth -spec: - encryptedData: - password: AgBgXdt/vURf8xL5JbgulQlQsDVYyzL9K8QIqwfFdWeDgGn1Uma0loMR1DF8CApB4JdQF4bzYumlnyblejdWPO9HhQr9H56BuEh4bX7hsIdcJ/b1bINip6xN8xHJ5kL77o0HyDpfe7ecu8u0ILCOhnA7MNdcQL6Y7qzRtRntVGhyRb3G/m20fpFD/Kg+DycgVq7ktOkIGgptMZLdb2R5DDNfN7KAkTCDvrRKkpcaZZcQ9hvNi5J+ww2HvqIGykqwdjDKtlr4+ZOTq0S6CFDfXah5VlYqP6Vl9ZCG7UM0N4DFwmivrR/WmdZ5eH2o4nqL3H825qjCgSpbYflEy2rkXK3vFVZ50u6lGCpvvBII2Ak0UZTM72aSM5A0xRDSUIwKz9MlSSFNHr32DsMlOERcQUMvj7FuIcixCV/tdOgdtzW3tBjPd/FVNezILv3lTXZY+nUVdqBg3WcGQ9yL5x4+SxqachT8y/pnPzjQB3qkLaodtSi5U1289emtH3+XPB85HsCfbZuQfzNo98BKPzlypbcRDmixfXXeA8Qm20fnGFB3PtEnSFpfkLwZZV4zwd/+MhRQHU6XeCLrgKs96TAvWurrPB9eWZJI3HcrudaqxaniqSOfpy6hH6QW4iQcI6IadyXX4STRbtZqNHmEuyeI3XwU7nrDWwjLn6WCrj2H6YuK11urtkW0PkHMt1PPhhEvuQmMhA2/ZLC6PO7dXMjI3DNJT2s+VWjURmdKCLiFExkG3A== - username: AgBS2pfIgCZIC23N5hMqR51L68ibj3hd4VuVYmCOSSh6aMchXsTyq8fbo4fIyJC4oVGtnPHn/92rrjTVYr4lDEFRVqeWR0uVde9PIPfMavGKIGSfgAZHzVc1Q9Thykb5D5eqE3CFcZM5UuwkpjbWaXg6E+DHW8WlSfN89U6jY7WGD9YnjzznsVTOZXCrlTM36wj/uAOs42MYRGgUrDT3fLaKLILP7ahWKyDQ7Qh0Pw3AEej8eQsIW7oIey9iMjNt9QxmerFt9Eb6nz3xTlgVDrsu+lVS4KKTZSBr9u0Q2zNv23203ckF5EeJNnks1MEEn4Tv6yNPGpjIZ0xqH/hpzzyi7OLpAzaLLtFvcRqr9aoCKxH1ft5RlUllL/iGPGfR8w3X2pgg75XoesTwGdSnzgHvDMceB+ZIZGF0k14UekdGObqyE2Sw3H/visTVsb7Z7nfE4yFY3YOO3es8Mko6+IkKdV0LW5BKyiFXdDHjQHVoWUXLGRw5OjZJvVvJs4DvK0WSd1tKDm55RPdrbuL+N6Zz9p6zHDNv0Qhq33lHcEcM3Tv+4/4KuhZdk+N+JEibepsS/7I2EqKgHBxTug+VPhCZx1AQu32ZyhdvvHLZ86fpIA9nlTAg4Hq+W363NnXAT/89mLM7CrJ6zsZuunvKkKJb3wYBbb9IIT8m3ru0FnlIcK39n2s+12UOw0ZPMoyIm2eYUd7Hl3VaG+eZjt6fz78QbnFtrs9ojuhk/0TTTQVQIw== - template: - metadata: - creationTimestamp: null - name: smtp - namespace: auth - type: kubernetes.io/basic-auth diff --git a/charts/keycloak-late/templates/roles/admin.yaml b/charts/keycloak-late/templates/roles/admin.yaml index 0069b8c6..73b3ef28 100644 --- a/charts/keycloak-late/templates/roles/admin.yaml +++ b/charts/keycloak-late/templates/roles/admin.yaml @@ -1,17 +1,5 @@ apiVersion: role.keycloak.crossplane.io/v1alpha1 kind: Role -metadata: - name: admin -spec: - forProvider: - realmId: deepcypher - name: admin - description: Administrator for all deepcypher applications. - providerConfigRef: - name: default ---- -apiVersion: role.keycloak.crossplane.io/v1alpha1 -kind: Role metadata: name: own-admin spec: diff --git a/charts/keycloak-late/templates/roles/builtin-realm-admin.yaml b/charts/keycloak-late/templates/roles/builtin-realm-admin.yaml index 6fb94a85..edf430c1 100644 --- a/charts/keycloak-late/templates/roles/builtin-realm-admin.yaml +++ b/charts/keycloak-late/templates/roles/builtin-realm-admin.yaml @@ -3,28 +3,6 @@ # THIS SHOULD NOT BE USED TO MODIFY THE ROLE apiVersion: role.keycloak.crossplane.io/v1alpha1 kind: Role -metadata: - annotations: - # Here we reference the role by "/" - #crossplane.io/external-name: deepcypher/realm-management/realm-admin - name: deepcypher-realm-management-realm-admin -spec: - deletionPolicy: Orphan - forProvider: - realmId: deepcypher - name: realm-admin - clientIdRef: - name: deepcypher-realm-management - managementPolicies: - - Observe - providerConfigRef: - name: default ---- -# THIS IS A BUILT IN KEYCLOAK ROLE -# THIS IS ONLY HERE TO TRACK / OBSERVE IT -# THIS SHOULD NOT BE USED TO MODIFY THE ROLE -apiVersion: role.keycloak.crossplane.io/v1alpha1 -kind: Role metadata: annotations: # Here we reference the role by "/" diff --git a/charts/keycloak-late/templates/scopes/groups.yaml b/charts/keycloak-late/templates/scopes/groups.yaml index c3a574fa..f48064d0 100644 --- a/charts/keycloak-late/templates/scopes/groups.yaml +++ b/charts/keycloak-late/templates/scopes/groups.yaml @@ -1,17 +1,5 @@ apiVersion: openidclient.keycloak.crossplane.io/v1alpha1 kind: ClientScope -metadata: - name: groups -spec: - deletionPolicy: Delete - forProvider: - realmIdRef: - name: deepcypher - name: groups - description: "Group membership list scope" ---- -apiVersion: openidclient.keycloak.crossplane.io/v1alpha1 -kind: ClientScope metadata: name: own-groups spec: diff --git a/charts/keycloak-late/templates/scopes/nextcloud-legacy-id.yaml b/charts/keycloak-late/templates/scopes/nextcloud-legacy-id.yaml index bc40c208..ddf7526a 100644 --- a/charts/keycloak-late/templates/scopes/nextcloud-legacy-id.yaml +++ b/charts/keycloak-late/templates/scopes/nextcloud-legacy-id.yaml @@ -1,17 +1,5 @@ apiVersion: openidclient.keycloak.crossplane.io/v1alpha1 kind: ClientScope -metadata: - name: nextcloud-legacy-id -spec: - deletionPolicy: Delete - forProvider: - realmIdRef: - name: deepcypher - name: nextcloud-legacy-id - description: "Legacy scope to allow old clients to present legacy user ID to nextcloud" ---- -apiVersion: openidclient.keycloak.crossplane.io/v1alpha1 -kind: ClientScope metadata: name: own-nextcloud-legacy-id spec: diff --git a/charts/keycloak-late/templates/scopes/scope-flattened-roles.yaml b/charts/keycloak-late/templates/scopes/scope-flattened-roles.yaml deleted file mode 100644 index 1c4881ea..00000000 --- a/charts/keycloak-late/templates/scopes/scope-flattened-roles.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: openidclient.keycloak.crossplane.io/v1alpha1 -kind: ClientScope -metadata: - name: flattened-roles -spec: - deletionPolicy: Delete - forProvider: - realmIdRef: - name: deepcypher - name: flattened-roles - description: "Scope that maps roles to a consolidated roles list" diff --git a/charts/keycloak-late/templates/scopes/scope-roles-in-all-tokens.yaml b/charts/keycloak-late/templates/scopes/scope-roles-in-all-tokens.yaml index f6eca8bf..4ec200aa 100644 --- a/charts/keycloak-late/templates/scopes/scope-roles-in-all-tokens.yaml +++ b/charts/keycloak-late/templates/scopes/scope-roles-in-all-tokens.yaml @@ -1,17 +1,5 @@ apiVersion: openidclient.keycloak.crossplane.io/v1alpha1 kind: ClientScope -metadata: - name: roles-in-all-tokens -spec: - deletionPolicy: Delete - forProvider: - realmIdRef: - name: deepcypher - name: roles-in-all-tokens - description: "Role membership list scope in all tokens" ---- -apiVersion: openidclient.keycloak.crossplane.io/v1alpha1 -kind: ClientScope metadata: name: own-roles-in-all-tokens spec: diff --git a/charts/keycloak-late/templates/users/george.sealed.yaml b/charts/keycloak-late/templates/users/george.sealed.yaml index 9e6f2249..4707a131 100644 --- a/charts/keycloak-late/templates/users/george.sealed.yaml +++ b/charts/keycloak-late/templates/users/george.sealed.yaml @@ -4,13 +4,13 @@ kind: SealedSecret metadata: creationTimestamp: null name: george - namespace: auth + namespace: keycloak spec: encryptedData: - password: AgAZu5IZQqFCyCeCobGQAODvOH67dpYiJm8OwFwD3Pwf84o64PpKxuyrRLEJgNZI85K7nqhH40QZWeY4CGKn7Ukehyd1icC1n5rw7oQYTc8J6y93R0vD1Hnhi6UheKOVWthrolaD49I0sIguPJW9oEpGSrIAR5DBILheLcBKiPUslLZ0vVzXWXnNv5xmcG8yHCYdlH/sBAJIk7w1Ij/J91AyJlZl4hD8CSzrzzr4V93a7IMMUXnioovfo8pwbxp2bU9YO8+0UP7g0VcZ+KgVCsVfTDqxRD4HYnvyvICfePEpUimOZYCQgv7ThH+iVbjvByjYFszpVvfhFvWug5EYzZx5rHdeqnPPDu6q6WC8NxlnK4/3xU1h+2Kv4OzbgLIr95TQH3iDod9bMD37ELxWN414h8+HV84mYAZU7jWLuq1Hpm5SVHA1UsRobEBmhkA3hRCgbY1bGh+uuJTUofBmpRw7t18IGvTwsP+53FJe/TdvAX1rY++BOjs9l2SD7VwAFv4f4CBERZMpLaz5y80iSZ8wIEMN4wl+pVQ/+NrVl8p5fQp07YON9Wv1XRCaAxwPWwVeSqOB99nxt9qquQC9M9SMaxReVO4DLluDmlzHdsAeZi+rTkQ8Ae4YgeqSD89fXq2rdmUjplLa5vhyw0Pxen+5vikE/h38AFRGaQuF0TlcZUFiWQtli0SHsDGXWIzyPIDhQOCdhCb1TNXhkSw1MDHewpzFnxZASTjifGl3oHUg2ZCgavPO//JSOzHsneyhe6hGWRjQTomMlGwLaxZDa6m3 + password: AgBJ0L0OPbdcIj9qp2QDMJHVEvlsDtZAXkZjHELAOllhgg2J9vEbvg1mjIr4dCSVeqOwW4pHws3rGc/rA1LrrjHp3VxpMFUFO06Xi1SamsbuVi/NVGJ5cr9iZdBB4yJ6XBb6GjJgRr2om/taL+bbU7lusa6S+WSMI4fGwB7d3Fu9Wgz1JVnjBY3W4YlbPopBabxELRbjVDrRakjb2Y1XJM2La95QkC5UgwzkkYLfZEveBOQJfdguHG+wrs+whEhi3NTYNXSS4qLL3QlaRmJjHdtGbLYDYCXxtBJ/ustenuP4uphANNH10tx2LaeeT4/BRoeeXioAGtYmePxe3dk1zDS8qBJnWujs2bCP/jXnXPSTTUfmUo9C3vqRUB0lZtC7zbudhp84Cr141v7GyKVYcjK8YBngQqWniTQUan2AA7sE3WyVO+rt7tEu0w70CgLNfW0GbJiHwtSYDciKK9b4TEN40Ct31hcbKrAZCLFWAg9VTIP9R54dWBE8+a1qpsCqueaEO32CTKyoQqE2WSXY+gbe4+TCcTR/+sTifdkVJazgrE7KwdL9BMCfgcO0xVUk8Dy8jeVGaYNfWQwyhKnXqH4v9xLrV+hN+tQl4JspIknoNNDudeKGoPTCqtONSSZV8UM7HnR/KYDbLLbo2IhT0Z6wB0D5YjI0YdILB+y8otU+jyHf0u6gp2Y+PkoPXcCIYivZ3AFNxbHdcvv6EsyolE8aNAsrhw3t1SBJf4WxWdKhuOhoPGF3EHQeGrpnJ/9QvdQr7wJd0tMdKodjs4HoKtjz template: metadata: creationTimestamp: null name: george - namespace: auth + namespace: keycloak type: Opaque diff --git a/charts/keycloak-late/templates/users/user-george.yaml b/charts/keycloak-late/templates/users/user-george.yaml index 8f34a8f5..d3b55321 100644 --- a/charts/keycloak-late/templates/users/user-george.yaml +++ b/charts/keycloak-late/templates/users/user-george.yaml @@ -13,13 +13,13 @@ spec: valueSecretRef: key: password name: george - namespace: auth + namespace: keycloak # better to set as group as it's easier to gitops # as there is no realm > unmanaged attributes option in CRD # attributes: # nextcloud-legacy-id: archer providerConfigRef: - name: default + name: owncloak --- apiVersion: user.keycloak.crossplane.io/v1alpha1 kind: Groups @@ -34,4 +34,4 @@ spec: userIdRef: name: george providerConfigRef: - name: default + name: owncloak diff --git a/charts/keycloak/values.yaml b/charts/keycloak/values.yaml index 3ba4fb7c..073545af 100644 --- a/charts/keycloak/values.yaml +++ b/charts/keycloak/values.yaml @@ -112,11 +112,18 @@ keycloak: cert-manager.io/cluster-issuer: letsencrypt-dns traefik.ingress.kubernetes.io/router.middlewares: traefik-headers@kubernetescrd # ,auth-base-redirect@kubernetescrd hosts: + - host: auth.deepcypher.me + paths: + - path: / + pathType: ImplementationSpecific - host: keycloak.deepcypher.me paths: - path: / pathType: ImplementationSpecific tls: + - secretName: auth.deepcypher.me-tls + hosts: + - auth.deepcypher.me - secretName: keycloak.deepcypher.me-tls hosts: - keycloak.deepcypher.me diff --git a/charts/kro-config/templates/oidc.yaml b/charts/kro-config/templates/oidc.yaml index 09fa7a75..5bf16a02 100644 --- a/charts/kro-config/templates/oidc.yaml +++ b/charts/kro-config/templates/oidc.yaml @@ -88,6 +88,8 @@ spec: validRedirectUris: ${schema.spec.client.validRedirectUris} validPostLogoutRedirectUris: ${schema.spec.client.validPostLogoutRedirectUris} webOrigins: ${schema.spec.client.webOrigins} + providerConfigRef: + name: ${schema.spec.crossplane.providerConfig} - id: scopes template: diff --git a/charts/nextcloud/templates/oidc/oidc-client.yaml b/charts/nextcloud/templates/oidc/oidc-client.yaml index e863b357..86d8388b 100644 --- a/charts/nextcloud/templates/oidc/oidc-client.yaml +++ b/charts/nextcloud/templates/oidc/oidc-client.yaml @@ -7,6 +7,8 @@ metadata: spec: # https://nextcloud.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/keycloak/ deletionPolicy: Delete + providerConfigRef: + name: owncloak forProvider: realmIdRef: name: {{ .Values.oidc.realm }} diff --git a/charts/nextcloud/templates/oidc/oidc-scopes.yaml b/charts/nextcloud/templates/oidc/oidc-scopes.yaml index 49db627a..1399b360 100644 --- a/charts/nextcloud/templates/oidc/oidc-scopes.yaml +++ b/charts/nextcloud/templates/oidc/oidc-scopes.yaml @@ -24,4 +24,4 @@ spec: # https://help.nextcloud.com/t/mapping-users-from-openid-to-existing-users/203542/5 - nextcloud-legacy-id providerConfigRef: - name: default + name: owncloak diff --git a/charts/open-webui/templates/oidc/oidc-client.yaml b/charts/open-webui/templates/oidc/oidc-client.yaml index 5fd82370..5fb2a8b6 100644 --- a/charts/open-webui/templates/oidc/oidc-client.yaml +++ b/charts/open-webui/templates/oidc/oidc-client.yaml @@ -5,6 +5,8 @@ metadata: spec: # https://chat.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/keycloak/ deletionPolicy: Delete + providerConfigRef: + name: owncloak forProvider: realmIdRef: name: {{ .Values.oidc.realm }} diff --git a/charts/open-webui/templates/oidc/oidc-scopes.yaml b/charts/open-webui/templates/oidc/oidc-scopes.yaml index ebb22640..910a545d 100644 --- a/charts/open-webui/templates/oidc/oidc-scopes.yaml +++ b/charts/open-webui/templates/oidc/oidc-scopes.yaml @@ -21,4 +21,4 @@ spec: # needed by chat - flattened-roles providerConfigRef: - name: default + name: owncloak diff --git a/charts/opencloud/templates/oidc.yaml b/charts/opencloud/templates/oidc.yaml index 512dd321..bc5b9e7d 100644 --- a/charts/opencloud/templates/oidc.yaml +++ b/charts/opencloud/templates/oidc.yaml @@ -41,6 +41,6 @@ spec: realm: {{ .Values.oidc.realm }} baseUrl: {{ printf "https://auth.%s/realms/%s" .Values.environment.baseDomain .Values.oidc.realm }} crossplane: - providerConfig: keycloak # the name of the crossplane provider config + providerConfig: owncloak # the name of the crossplane provider config configmap: name: oidc-urls diff --git a/charts/penpot/templates/oidc/oidc-client.yaml b/charts/penpot/templates/oidc/oidc-client.yaml index 28125425..d68a4678 100644 --- a/charts/penpot/templates/oidc/oidc-client.yaml +++ b/charts/penpot/templates/oidc/oidc-client.yaml @@ -5,6 +5,8 @@ metadata: spec: # https://penpot.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/keycloak/ deletionPolicy: Delete + providerConfigRef: + name: owncloak forProvider: realmIdRef: name: {{ .Values.oidc.realm }} diff --git a/charts/penpot/templates/oidc/oidc-scopes.yaml b/charts/penpot/templates/oidc/oidc-scopes.yaml index d8556188..b750989e 100644 --- a/charts/penpot/templates/oidc/oidc-scopes.yaml +++ b/charts/penpot/templates/oidc/oidc-scopes.yaml @@ -22,4 +22,4 @@ spec: - groups # OIDC scope to get groups from realm roles like admin etc - flattened-roles providerConfigRef: - name: default + name: owncloak diff --git a/charts/wikijs/templates/oidc/oidc-client.yaml b/charts/wikijs/templates/oidc/oidc-client.yaml index 57d7d26b..a7bc6129 100644 --- a/charts/wikijs/templates/oidc/oidc-client.yaml +++ b/charts/wikijs/templates/oidc/oidc-client.yaml @@ -4,6 +4,8 @@ metadata: name: wikijs spec: deletionPolicy: Delete + providerConfigRef: + name: owncloak forProvider: realmIdRef: name: {{ .Values.oidc.realm }} diff --git a/charts/wikijs/templates/oidc/oidc-scopes.yaml b/charts/wikijs/templates/oidc/oidc-scopes.yaml index 54521d5d..10328371 100644 --- a/charts/wikijs/templates/oidc/oidc-scopes.yaml +++ b/charts/wikijs/templates/oidc/oidc-scopes.yaml @@ -22,4 +22,4 @@ spec: # needed by wikijs - flattened-roles providerConfigRef: - name: default + name: owncloak