chore: Enable Keycloak client creation (#42)

epam · May 23, 2024 · d9cc62b · d9cc62b
1 parent 5eb9a02
commit d9cc62b
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 0 deletions.
diff --git a/deploy-templates/README.md b/deploy-templates/README.md
@@ -44,6 +44,9 @@ A Helm chart for EDP Gerrit Operator
 | gerrit.resources.limits.memory | string | `"2Gi"` |  |
 | gerrit.resources.requests.cpu | string | `"100m"` |  |
 | gerrit.resources.requests.memory | string | `"512Mi"` |  |
+| gerrit.sso.createKeycloakClient | bool | `true` |  |
+| gerrit.sso.kind | string | `"KeycloakRealm"` |  |
+| gerrit.sso.name | string | `"main"` |  |
 | gerrit.storage.size | string | `"1Gi"` | Size for Gerrit data volume |
 | gerrit.tolerations | list | `[]` |  |
 | gerrit.version | string | `"3.6.2-oauth"` | Define gerrit docker image tag |

diff --git a/deploy-templates/templates/gerrit/keycloak-client.yaml b/deploy-templates/templates/gerrit/keycloak-client.yaml
@@ -0,0 +1,28 @@
+{{- if and .Values.gerrit.deploy .Values.gerrit.sso.createKeycloakClient -}}
+apiVersion: v1.edp.epam.com/v1
+kind: KeycloakClient
+metadata:
+  name: gerrit
+spec:
+  attributes:
+    post.logout.redirect.uris: +
+  clientAuthenticatorType: client-secret
+  clientId: gerrit
+  enabled: true
+  fullScopeAllowed: true
+  public: true
+  realmRef:
+    kind: {{ .Values.gerrit.sso.kind }}
+    name: {{ .Values.gerrit.sso.name }}
+  realmRoles:
+    - composite: administrator
+      name: gerrit-administrators
+    - composite: developer
+      name: gerrit-users
+  standardFlowEnabled: true
+  webOrigins:
+    - >-
+      https://{{if .Values.gerrit.basePath}}{{ .Values.global.dnsWildCard }}{{else}}gerrit-{{ .Release.Namespace }}.{{ .Values.global.dnsWildCard }}{{end}}
+  webUrl: >-
+    https://{{if .Values.gerrit.basePath}}{{ .Values.global.dnsWildCard }}{{else}}gerrit-{{ .Release.Namespace }}.{{ .Values.global.dnsWildCard }}{{end}}
+{{end}}
diff --git a/deploy-templates/values.yaml b/deploy-templates/values.yaml
@@ -119,3 +119,10 @@ gerrit:
     #     secretKeyRef:
     #       name: gerrit-is-credentials
     #       key: clientSecret
+  sso:
+    # Create kind: KeycloakClient as a part of chart installation
+    createKeycloakClient: true
+    # Can be Realm or KeycloakRealm.
+    kind: KeycloakRealm
+    # Name of kind: Realm/KeycloakRealm CR.
+    name: main