aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/platform/components/keycloak-init/components
diff options
context:
space:
mode:
authorAndreas Geissler <andreas-geissler@telekom.de>2023-03-20 13:07:32 +0100
committerAndreas Geissler <andreas-geissler@telekom.de>2023-03-24 17:46:52 +0100
commitdce54c8e4d6936f5a2189a55f7e6409747a0ecbe (patch)
treed48adbf93b99060b0bb4c5ae685df38b0d14f3c7 /kubernetes/platform/components/keycloak-init/components
parent0879dfcaad420fcc7a6adc77b2b9c72b9522e3cb (diff)
[PLATFORM] Add Oauth2-Proxy client to ONAP Realm
Add the oauth2-proxy client to the ONAP keycloak REALM Issue-ID: OOM-2489 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: I3c38df8ad79a7cdaa87f4b55b1bb38afb18d2c0e
Diffstat (limited to 'kubernetes/platform/components/keycloak-init/components')
-rw-r--r--kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/Chart.yaml4
-rw-r--r--kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/resources/realm/onap-realm.json312
-rw-r--r--kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/values.yaml4
3 files changed, 4 insertions, 316 deletions
diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/Chart.yaml b/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/Chart.yaml
index c248ba050f..3f48ef7e21 100644
--- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/Chart.yaml
+++ b/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/Chart.yaml
@@ -20,8 +20,8 @@ apiVersion: v2
name: keycloak-config-cli
description: Import JSON-formatted configuration files into Keycloak - Configuration as Code for Keycloak.
home: https://github.com/adorsys/keycloak-config-cli
-version: 5.3.1
-appVersion: 5.3.1-19.0.1
+version: 5.6.1
+appVersion: 5.6.1
maintainers:
- name: jkroepke
email: joe@adorsys.de
diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/resources/realm/onap-realm.json b/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/resources/realm/onap-realm.json
deleted file mode 100644
index 8b79e99795..0000000000
--- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/resources/realm/onap-realm.json
+++ /dev/null
@@ -1,312 +0,0 @@
-{
- "id": "ONAP",
- "realm": "ONAP",
- "enabled": true,
- "roles": {
- "realm": [
- {
- "name": "onap_admin",
- "description": "User role for administration tasks in the portal.",
- "composite": false,
- "clientRole": false,
- "containerId": "onap",
- "attributes": {}
- },
- {
- "name": "user",
- "composite": false,
- "clientRole": false,
- "containerId": "onap",
- "attributes": {}
- },
- {
- "name": "admin",
- "composite": false,
- "clientRole": false,
- "containerId": "onap",
- "attributes": {}
- },
- {
- "name": "onap_designer",
- "description": "User role for designer tasks in the portal.",
- "composite": false,
- "clientRole": false,
- "containerId": "onap",
- "attributes": {}
- },
- {
- "name": "offline_access",
- "description": "${role_offline-access}",
- "composite": false,
- "clientRole": false,
- "containerId": "onap",
- "attributes": {}
- },
- {
- "name": "onap_operator",
- "description": "User role for operator tasks in the portal.",
- "composite": false,
- "clientRole": false,
- "containerId": "onap",
- "attributes": {}
- },
- {
- "name": "uma_authorization",
- "description": "${role_uma_authorization}",
- "composite": false,
- "clientRole": false,
- "containerId": "onap",
- "attributes": {}
- },
- {
- "name": "default-roles-onap",
- "description": "${role_default-roles}",
- "composite": true,
- "composites": {
- "realm": [
- "offline_access",
- "uma_authorization"
- ],
- "client": {
- "account": [
- "view-profile",
- "manage-account"
- ]
- }
- },
- "clientRole": false,
- "containerId": "onap",
- "attributes": {}
- }
- ]
- },
- "clients": [
- {
- "clientId": "portal-app",
- "surrogateAuthRequired": false,
- "enabled": true,
- "alwaysDisplayInConsole": false,
- "clientAuthenticatorType": "client-secret",
- "redirectUris": [
- "{{ .Values.portalUrl }}/*",
- "http://localhost/*"
- ],
- "webOrigins": [
- "*"
- ],
- "notBefore": 0,
- "bearerOnly": false,
- "consentRequired": false,
- "standardFlowEnabled": true,
- "implicitFlowEnabled": false,
- "directAccessGrantsEnabled": true,
- "serviceAccountsEnabled": false,
- "publicClient": true,
- "frontchannelLogout": false,
- "protocol": "openid-connect",
- "attributes": {
- "oidc.ciba.grant.enabled": "false",
- "backchannel.logout.session.required": "true",
- "post.logout.redirect.uris": "{{ .Values.portalUrl }}/*",
- "oauth2.device.authorization.grant.enabled": "false",
- "display.on.consent.screen": "false",
- "backchannel.logout.revoke.offline.tokens": "false"
- },
- "authenticationFlowBindingOverrides": {},
- "fullScopeAllowed": true,
- "nodeReRegistrationTimeout": -1,
- "protocolMappers": [
- {
- "name": "User-Roles",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-realm-role-mapper",
- "consentRequired": false,
- "config": {
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "roles",
- "multivalued": "true",
- "userinfo.token.claim": "true"
- }
- },
- {
- "name": "SDC-User",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "userinfo.token.claim": "true",
- "user.attribute": "sdc_user",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "sdc_user",
- "jsonType.label": "String"
- }
- }
- ],
- "defaultClientScopes": [
- "web-origins",
- "acr",
- "profile",
- "roles",
- "email"
- ],
- "optionalClientScopes": [
- "address",
- "phone",
- "offline_access",
- "microprofile-jwt"
- ]
- }, {
- "clientId" : "portal-bff",
- "surrogateAuthRequired" : false,
- "enabled" : true,
- "alwaysDisplayInConsole" : false,
- "clientAuthenticatorType" : "client-secret",
- "secret" : "pKOuVH1bwRZoNzp5P5t4GV8CqcCJYVtr",
- "redirectUris" : [ ],
- "webOrigins" : [ ],
- "notBefore" : 0,
- "bearerOnly" : false,
- "consentRequired" : false,
- "standardFlowEnabled" : false,
- "implicitFlowEnabled" : false,
- "directAccessGrantsEnabled" : false,
- "serviceAccountsEnabled" : true,
- "publicClient" : false,
- "frontchannelLogout" : false,
- "protocol" : "openid-connect",
- "attributes" : {
- "saml.force.post.binding" : "false",
- "saml.multivalued.roles" : "false",
- "frontchannel.logout.session.required" : "false",
- "oauth2.device.authorization.grant.enabled" : "false",
- "backchannel.logout.revoke.offline.tokens" : "false",
- "saml.server.signature.keyinfo.ext" : "false",
- "use.refresh.tokens" : "true",
- "oidc.ciba.grant.enabled" : "false",
- "backchannel.logout.session.required" : "true",
- "client_credentials.use_refresh_token" : "false",
- "require.pushed.authorization.requests" : "false",
- "saml.client.signature" : "false",
- "saml.allow.ecp.flow" : "false",
- "id.token.as.detached.signature" : "false",
- "saml.assertion.signature" : "false",
- "client.secret.creation.time" : "1665048112",
- "saml.encrypt" : "false",
- "saml.server.signature" : "false",
- "exclude.session.state.from.auth.response" : "false",
- "saml.artifact.binding" : "false",
- "saml_force_name_id_format" : "false",
- "acr.loa.map" : "{}",
- "tls.client.certificate.bound.access.tokens" : "false",
- "saml.authnstatement" : "false",
- "display.on.consent.screen" : "false",
- "token.response.type.bearer.lower-case" : "false",
- "saml.onetimeuse.condition" : "false"
- },
- "authenticationFlowBindingOverrides" : { },
- "fullScopeAllowed" : true,
- "nodeReRegistrationTimeout" : -1,
- "protocolMappers" : [ {
- "name" : "Client Host",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usersessionmodel-note-mapper",
- "consentRequired" : false,
- "config" : {
- "user.session.note" : "clientHost",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "clientHost",
- "jsonType.label" : "String"
- }
- }, {
- "name" : "Client IP Address",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usersessionmodel-note-mapper",
- "consentRequired" : false,
- "config" : {
- "user.session.note" : "clientAddress",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "clientAddress",
- "jsonType.label" : "String"
- }
- } ],
- "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
- "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
- }],
- "users": [
- {
- "createdTimestamp" : 1664965113698,
- "username" : "onap-admin",
- "enabled" : true,
- "totp" : false,
- "emailVerified" : false,
- "attributes" : {
- "sdc_user" : [ "cs0008" ]
- },
- "credentials" : [ {
- "type" : "password",
- "createdDate" : 1664965134586,
- "secretData" : "{\"value\":\"nD4K4x8HEgk6xlWIAgzZOE+EOjdbovJfEa7N3WXwIMCWCfdXpn7Riys7hZhI1NbKcc9QPI9j8LQB/JSuZVcXKA==\",\"salt\":\"T8X9A9tT2cyLvEjHFo+zuQ==\",\"additionalParameters\":{}}",
- "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
- } ],
- "disableableCredentialTypes" : [ ],
- "requiredActions" : [ ],
- "realmRoles" : [ "default-roles-onap", "onap_admin" ],
- "notBefore" : 0,
- "groups" : [ ]
- }, {
- "createdTimestamp" : 1665048354760,
- "username" : "onap-designer",
- "enabled" : true,
- "totp" : false,
- "emailVerified" : false,
- "attributes" : {
- "sec_user" : [ "cs0008" ]
- },
- "credentials" : [ ],
- "disableableCredentialTypes" : [ ],
- "requiredActions" : [ ],
- "realmRoles" : [ "default-roles-onap", "onap_designer" ],
- "notBefore" : 0,
- "groups" : [ ]
- }, {
- "createdTimestamp" : 1665048547054,
- "username" : "onap-operator",
- "enabled" : true,
- "totp" : false,
- "emailVerified" : false,
- "attributes" : {
- "sdc_user" : [ "cs0008" ]
- },
- "credentials" : [ ],
- "disableableCredentialTypes" : [ ],
- "requiredActions" : [ ],
- "realmRoles" : [ "default-roles-onap", "onap_operator" ],
- "notBefore" : 0,
- "groups" : [ ]
- }, {
- "createdTimestamp" : 1665048112458,
- "username" : "service-account-portal-bff",
- "enabled" : true,
- "totp" : false,
- "emailVerified" : false,
- "serviceAccountClientId" : "portal-bff",
- "credentials" : [ ],
- "disableableCredentialTypes" : [ ],
- "requiredActions" : [ ],
- "realmRoles" : [ "default-roles-onap" ],
- "clientRoles" : {
- "realm-management" : [ "manage-realm", "manage-users" ]
- },
- "notBefore" : 0,
- "groups" : [ ]
- }
- ],
- "attributes": {
- "frontendUrl": "{{ .Values.portalUrl }}/auth/",
- "acr.loa.map": "{\"ABC\":\"5\"}"
- }
-}
diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/values.yaml b/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/values.yaml
index e54a4c7bcf..fb2a8955ff 100644
--- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/values.yaml
+++ b/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/values.yaml
@@ -21,12 +21,12 @@ global:
fullnameOverride: ""
nameOverride: ""
-#keycloakUrl: "https://keycloak-ui.simpledemo.onap.org/auth/"
+keycloakUrl: "https://keycloak-ui.simpledemo.onap.org/auth/"
portalUrl: "https://portal-ng-ui.simpledemo.onap.org"
image:
repository: adorsys/keycloak-config-cli
- tag: "{{ .Chart.AppVersion }}"
+ tag: "{{ .Chart.AppVersion }}-19.0.3"
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.