diff --git a/stable/ckan/Chart.yaml b/stable/ckan/Chart.yaml index 18bec6f0..e6547a00 100644 --- a/stable/ckan/Chart.yaml +++ b/stable/ckan/Chart.yaml @@ -1,7 +1,7 @@ name: ckan apiVersion: v2 type: application -version: 0.0.33 +version: 0.0.34 appVersion: 2.9.5 description: CKAN Helm Chart for Kubernetes. keywords: diff --git a/stable/ckan/values.yaml b/stable/ckan/values.yaml index a1515b60..4fc195ea 100644 --- a/stable/ckan/values.yaml +++ b/stable/ckan/values.yaml @@ -66,7 +66,7 @@ ckan: resource_proxy_timeouts: 5 storagePath: "/var/lib/ckan/default" activityStreamsEmailNotifications: "true" - activityStreamsEmailNotifications_jobs: "false" + activityStreamsEmailNotifications_jobs: false debug: "false" maintenanceMode: "false" backup: diff --git a/stable/fdi-dotstatsuite-keycloak/Chart.yaml b/stable/fdi-dotstatsuite-keycloak/Chart.yaml new file mode 100644 index 00000000..3137dca8 --- /dev/null +++ b/stable/fdi-dotstatsuite-keycloak/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +appVersion: 16.1.0 +description: fdi-dotstatsuite-keycloak +home: https://statcan.gc.ca +maintainers: +- email: Jianlong.qian@statcan.gc.ca + name: Jianlong.qian +name: fdi-dotstatsuite-keycloak +sources: +- https://gitlab.com/sis-cc/.stat-suite/dotstatsuite-kube-rp/ +type: application +version: 1.0.0 diff --git a/stable/fdi-dotstatsuite-keycloak/config/realm.json b/stable/fdi-dotstatsuite-keycloak/config/realm.json new file mode 100644 index 00000000..32ba6fb9 --- /dev/null +++ b/stable/fdi-dotstatsuite-keycloak/config/realm.json @@ -0,0 +1,1724 @@ +{ + "id" : "statcan-ccei", + "realm" : "statcan-ccei", + "notBefore" : 0, + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 300, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "enabled" : true, + "sslRequired" : "none", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "730a6fa8-0f6a-47f7-ae37-406be7c80040", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "demo", + "attributes" : { } + }, { + "id" : "4be78069-52c6-405d-a432-b4e5a2b7879a", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "demo", + "attributes" : { } + } ], + "client" : { + "realm-management" : [ { + "id" : "d917ebeb-5260-4539-ae28-ec3460ba0a00", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "b828a023-743b-4c02-804b-699b93f45669", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "4372be79-7081-434d-bad1-11e53079a1a0", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "21c05113-2167-416f-834a-e86866df9ddc", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "43f1f2fc-43d2-4739-89b6-c613b8680474", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "41641907-82b5-40b8-874b-9e88c02b5575", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "db3b5ed7-0c09-47e7-a9e8-0867f1f45b2f", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "694337b1-820d-431f-8233-b20064691367", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-groups", "query-users" ] + } + }, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "c4de5757-a74b-483c-90d6-676c2c803ef8", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "3ad9004b-ffe8-48de-ae13-06a34e08a19e", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "4e3abf2f-52b1-4458-a423-ffe8e3db81e8", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "926a2f60-37d2-4867-a95e-f8e9d4cee16e", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "c778c383-3bce-45b2-a97c-0eed0775191f", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "edc17ea2-7518-48fc-a9fa-f5765cae08d8", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "6850c0cb-ba8d-435b-813e-ef8e1cb2d905", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "caad46f5-bb68-4e10-900e-aac78e2416f3", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "impersonation", "manage-identity-providers", "view-realm", "manage-realm", "manage-authorization", "view-events", "manage-clients", "view-users", "manage-events", "view-identity-providers", "query-clients", "query-groups", "manage-users", "query-users", "view-authorization", "query-realms", "create-client", "view-clients" ] + } + }, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "e22eeae1-7a71-48b3-a5a7-ba82a8e8f2a1", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "f1edbbef-a629-4ab8-bc5c-fe79d101df71", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "a776e71c-38c0-4217-96d8-beeb411a6864", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + } ], + "stat-suite" : [ ], + "security-admin-console" : [ ], + "admin-cli" : [ ], + "account-console" : [ ], + "broker" : [ { + "id" : "8b0c6d36-6259-4d4e-926e-770b7965e905", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "477e51e0-bfe2-43f2-bb3c-65871f00c9a9", + "attributes" : { } + } ], + "account" : [ { + "id" : "800e807c-fe74-42d1-aa7c-532ebafa1dfc", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "f6efbc6a-a606-4260-ad22-553634954813", + "attributes" : { } + }, { + "id" : "cef16bb5-1681-4203-891a-225456961421", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "f6efbc6a-a606-4260-ad22-553634954813", + "attributes" : { } + }, { + "id" : "1f7a05f1-b204-47cb-9644-ede7574a2a61", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "f6efbc6a-a606-4260-ad22-553634954813", + "attributes" : { } + }, { + "id" : "ab0b5e8a-63f0-456d-b6c7-1df1668d6b41", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "f6efbc6a-a606-4260-ad22-553634954813", + "attributes" : { } + }, { + "id" : "f5f46dbb-f7b5-4c76-8cc3-94dc32608261", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "f6efbc6a-a606-4260-ad22-553634954813", + "attributes" : { } + }, { + "id" : "95bbf4df-9e23-4c78-8e46-18bc44ee3ba8", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "f6efbc6a-a606-4260-ad22-553634954813", + "attributes" : { } + } ] + } + }, + "groups" : [ { + "id" : "355e476c-079d-4ef7-97ee-0e40f977843a", + "name" : "admins", + "path" : "/admins", + "attributes" : { }, + "realmRoles" : [ ], + "clientRoles" : { }, + "subGroups" : [ ] + } ], + "defaultRoles" : [ "uma_authorization", "offline_access" ], + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ], + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "users" : [ { + "id" : "c2dc90cd-e525-4c4d-a834-0ac3d3ad346d", + "createdTimestamp" : 1568987587616, + "username" : "test-admin", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "firstName" : "Test", + "lastName" : "Admin", + "email" : "admin@dotstat-suite.com", + "credentials" : [ { + "id" : "d0ce0193-2673-4eee-a9a3-fdf7b492d397", + "type" : "password", + "createdDate" : 1568987597001, + "secretData" : "{\"value\":\"EM2T0gb84/dxdPgobNBG9GtYP2VC49KRgFb+CJwa2wGa7mFly5swZaD73YGMSeybKSWojqILX1MV+8hYW8rI8Q==\",\"salt\":\"uVj1DI50CR6lpbEkfN55MQ==\"}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "uma_authorization", "offline_access" ], + "clientRoles" : { + "account" : [ "view-profile", "manage-account" ] + }, + "notBefore" : 0, + "groups" : [ "/admins" ] + } ], + "scopeMappings" : [ { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account" ] + } ] + }, + "clients" : [ { + "id" : "f6efbc6a-a606-4260-ad22-553634954813", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/demo/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "e925d1c0-3f7d-4323-8f3c-179e334ed877", + "defaultRoles" : [ "view-profile", "manage-account" ], + "redirectUris" : [ "/realms/demo/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "ea02131b-092d-452b-9360-c5e1749d09a7", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/demo/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "b6440098-44b0-4db2-8914-0ad5cafc33e1", + "redirectUris" : [ "/realms/demo/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "150f660a-c130-40db-adc0-fdd47183b973", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "bfc4a97f-d66f-47a4-82aa-4ba11fc9c819", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "62d8c86c-005c-4a5a-a669-8ecaf4ad58ca", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "477e51e0-bfe2-43f2-bb3c-65871f00c9a9", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "af29b39d-4586-4c8b-85b6-3bdf38395b85", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "clientId" : "realm-management", + "name" : "${client_realm-management}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "116b3e2c-fb08-4258-b130-65553c327eca", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "f9a68146-a40d-4e9b-8c80-8b84e80e2eef", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/demo/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "bc40fea6-695d-4c65-9897-b651441f6b00", + "redirectUris" : [ "/admin/demo/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "9dd9f62c-e822-4d8a-8e78-229f05187830", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "5f583792-1207-4ced-990d-5838733bc04e", + "clientId" : "stat-suite", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ "*" ], + "webOrigins" : [ "*" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : true, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "saml.assertion.signature" : "false", + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "saml.encrypt" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "exclude.session.state.from.auth.response" : "false", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "pkce.code.challenge.method" : "", + "saml.onetimeuse.condition" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "protocolMappers" : [ { + "id" : "6d4e8871-3691-494d-ade6-f168dc8178c3", + "name" : "hardcoded-audience", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-mapper", + "consentRequired" : false, + "config" : { + "included.client.audience" : "stat-suite", + "id.token.claim" : "false", + "access.token.claim" : "true", + "userinfo.token.claim" : "false" + } + } ], + "defaultClientScopes" : [ "role_list", "profile", "groups", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "40c58f08-f31a-4f2f-a60d-0cc7b21f2dc9", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${addressScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "07dbe9cc-26ce-427d-8155-be4323688b0f", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "776da0e7-4560-40a6-ad2c-d845d2d9620c", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "55343b2e-37d2-4983-991d-a6a6bd9d80c7", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { } + } ] + }, { + "id" : "7b5186b8-b526-4b3d-b90f-ccf6f8ef6f82", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "7f8c2e01-8920-4235-a807-d25c02c51a69", + "name" : "groups", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "a7811413-ded2-4f74-84f2-ded7e0b86b78", + "name" : "Groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-group-membership-mapper", + "consentRequired" : false, + "config" : { + "full.path" : "false", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "userinfo.token.claim" : "true" + } + } ] + }, { + "id" : "bf552e5f-0ab2-4106-96c2-3df81dd17278", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "2e6af5fb-f219-4295-86f5-dc463c1166aa", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + }, { + "id" : "15e3451b-56ea-4c72-bebc-d6a4458f3719", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "multivalued" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "cfc41abd-0d31-430e-8d12-c10980b82ccf", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${phoneScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "4967d0ff-862c-4482-a356-9682ffd54bed", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "2c0972f0-e338-4ff3-ab7a-746b3c82a523", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "d8a7db02-2303-4ae1-aa55-0ece05e1439d", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${profileScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "d942cf0e-2999-463e-b785-40fb34c78915", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "2fe28da0-34b3-4e21-a231-0234fd91000c", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + }, { + "id" : "18d7af31-45da-405e-8672-1dd12c8bb7bb", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "3b7c66b6-53bf-4811-9a24-49ce50384aa6", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + }, { + "id" : "52014ca2-bcd5-4749-bf4c-8f51b584302b", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + }, { + "id" : "21ed114e-1f75-406e-815e-dcd1261f7ae4", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + }, { + "id" : "796c1e7c-6846-4fa4-846e-e9500b60ffef", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "da9e2b35-8924-46ff-b4e2-d12f8624ce85", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + }, { + "id" : "89eaac72-84d2-4398-a906-f9ba5b04802a", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "60b80604-1155-482b-bf37-df5f0d68f81e", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + }, { + "id" : "644ecede-bc4a-4533-a7bd-8ae6fb9e5b8e", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "36a7e957-c7aa-4b59-8fe0-815afad5fcaf", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "String" + } + }, { + "id" : "557ae544-b359-40c0-8f4b-29a3656df715", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "6f857936-6441-41d8-ab66-efecdc39b71b", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "da598377-4b87-45ba-b46a-41d64ceeb41f", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${emailScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "c7deebc2-04e9-4d47-b919-74889e132e0c", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "8dac8fc6-308f-4de1-a7ca-6bde9405493a", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "e6cdbbf2-8565-42fd-97af-80a61064b409", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "4bb39e71-e83c-4530-b6ce-b97f302ed09e", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "efdb59a9-2006-4dd8-8e39-cfecf45aa57a", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${rolesScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "41405f2d-4a54-4e29-8b40-80af89c0ce21", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + }, { + "id" : "194cf325-68ce-46e1-94fd-398d21f12b2f", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "714248d7-33c0-452d-9884-f1765323a07c", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + } ] + } ], + "defaultDefaultClientScopes" : [ "web-origins", "profile", "email", "role_list", "roles" ], + "defaultOptionalClientScopes" : [ "address", "offline_access", "microprofile-jwt", "phone" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self' http://localhost:* ; object-src 'none';", + "xXSSProtection" : "1; mode=block", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "eventsEnabled" : false, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "034a0fb6-c8f1-422e-9bfa-19dd720e5660", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "69ff0243-275c-492b-b1f4-de7a9c0a4d74", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "saml-role-list-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper" ] + } + }, { + "id" : "ad654b62-41f2-4893-b6c6-24d3b5ff79e5", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "c004ae0c-c95d-4881-8a9a-c0659073ad22", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "31810fc8-854e-4fef-b40c-563117dcce09", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "e0e818b1-723d-4717-ba1b-afc3a83a1a21", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper" ] + } + }, { + "id" : "25b75e5c-d18c-4ebb-abb2-3fd3f1d86f25", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "4bfd9180-1910-47fd-8a19-6a2e25461918", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "5038fc1e-ff3e-4338-9c91-76545c968ea1", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "1a0950be-5756-4baa-be6c-96ec371d4bc0" ], + "secret" : [ "ACokC9evoBBk6lRB_5a95w" ], + "priority" : [ "100" ] + } + }, { + "id" : "b633176a-7200-4f13-a1f8-511e6e7ea226", + "name" : "hmac-generated", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "981d23ef-cff9-473b-93fd-588ea529e067" ], + "secret" : [ "Vr3Za2uPq1ueOlu3trj1qkjoQOOaAoJ9G5vERXRFWFeLp6AKMVVLD-znGd3GTy1GgUrfjOAtYXUI8olHFc-kdA" ], + "priority" : [ "100" ], + "algorithm" : [ "HS256" ] + } + }, { + "id" : "ebbcdfbe-12e6-4c60-bed1-8f8a15b7c585", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEpAIBAAKCAQEAtZgrud1gs0sCDBW7bieBOfwODTv1csVbkjKXd0MGl6tNdQ8QRwtjYmOQttOCcAVqCjUTAc1Qs7T/FQFA8gg78Kl+uM+8wCDna15vRdct0g8AskXrY/1F63DQZfTnJ83lscNy1lMj8LuD1Q0Xv9RCGUc8WVuVS5Z/9LDJ7ir1M4/j5D9fSOzE/fqynQtfFmCDPao0O8rIeZDVgN/wPvryvVFueIOUHDnUQ1wcNDTU5elhQQxkL5TDnbGXS3FDflYzjS8gIfqR0ZmBn7t5VvufonAu6iopKI0ETwj59VMBmfYyYb+uTvIVHOLAGhhJ9oaKwUsgNDvMgZJyBRS/AeekXwIDAQABAoIBAFho/Kjh6emAlD+T+Qu5OgYj/CdfULGO+nUkInAS9suyv+RE8DTWi41kUhlgwnmNeUH88wMGlcrYTPRKBvePILebnbGWmhukKWcxs9T53ToOydUBi4fD0F2/MAbjhALyEGlKccd89NuIP7fjRvPDAGdUMkKC/x2s6SEVTUqiKXzvNkvbD6vVnTP5Fduuu4p8AYDnd9sgbkQp3ckVpAebTpfsxE2i7uICU0mSq9SdsY2N38WIojjD3WEe6sU2AGtanwnMi63yuRtnHOR9YOHw5lUw+YV4n/3ezKPEh+k5LcmQRzFm0oCG4H1DO7428AQOMWJv1ITmYYwdAWkleQ3DeqECgYEA9fw3ndBveRay2yJDmqD+KAClxgZg8LXv9jFgeXh1LNa6BIR1Yvav3UZtrwYCHQJLkW0OanGL0SVSINx6dEpMoSvUvSvGMjMGQDeuMCOtwxjQNLacKdhfUSw1UtIyoNq2VM7UBH0jHnPt4cD7OL+V27SBNcqqWFVDrErWAPPpJm8CgYEAvPzXBJQaeRYHuo6yj1vE9ovjAd1xiLazp8HqPtGh1DhzUrsKM0HZ/rkqr7ctD35mHIDwgaFLc4Z/5M0agASu9hlGYW7vrWuoUHgrJ10PKkI9LjaFqlegNmSZvj8QHVRGKGLJ3rLNpcaa2tq3fX1FWa9Qu1mJ0/vLVpRLtNuo2RECgYEAgvxFWWHumho+L3Y1bZeg/wgpPiOTZ1paZ0yvxL8iFjhZYaJvJ72YtEmWioa2hV/9gXkDHidMfphS/XCqPFZ8K669X+Z5aa3F/FgqBzRYiPUjmY5L5fRz/TN/SZTopMMSKGLif2lrVAIDgB1VKUjLseySiWRcBSGSIaLQBj3bvz0CgYBqO1oGOdYzsF2B0YqvqO8rg3CEcNzL859DMm6hByeHan/wxjCypVaLp7xF75qFthBh/1yyEV+fPcCQdXZq9bb/oS99v2U8v2JqcVIYm2fV4kwPuRgjq4Pkb2I4naxKQD/7naRJ6YpNoDkVwpIYGR2tjy27UlZ2cXhYX526uSrNcQKBgQDsM1DXhHNTY046Y14WDPmhz+55WmzpMJUorJSo4Be/eKZpryeaIIF8rEmk0AXTb84o4yyW4fJWVt7vpsqldS4jK1N/BQYkyu6zTSQGiDuYfbecIRJbEtrHdJ0848uptDPz8qcXy2KVG3veZ+lT+Ie3FNiJlf/U6aQNbvHFeIlDQg==" ], + "certificate" : [ "MIICmTCCAYECBgFtTvFrqzANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAVzaXNjYzAeFw0xOTA5MjAxMzUwMDdaFw0yOTA5MjAxMzUxNDdaMBAxDjAMBgNVBAMMBXNpc2NjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZgrud1gs0sCDBW7bieBOfwODTv1csVbkjKXd0MGl6tNdQ8QRwtjYmOQttOCcAVqCjUTAc1Qs7T/FQFA8gg78Kl+uM+8wCDna15vRdct0g8AskXrY/1F63DQZfTnJ83lscNy1lMj8LuD1Q0Xv9RCGUc8WVuVS5Z/9LDJ7ir1M4/j5D9fSOzE/fqynQtfFmCDPao0O8rIeZDVgN/wPvryvVFueIOUHDnUQ1wcNDTU5elhQQxkL5TDnbGXS3FDflYzjS8gIfqR0ZmBn7t5VvufonAu6iopKI0ETwj59VMBmfYyYb+uTvIVHOLAGhhJ9oaKwUsgNDvMgZJyBRS/AeekXwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQADyMe/ONG/yNrLNWEOOYPDZpXOMnlPVjhJhdMq5qghiXBsx/EiustkyXXfq/BrlLtJowK8VhDMFSmcNtP3VKklB/IsRM3vOXur2z3bMTHW2Y4jOlx+RXCDfGXKb6F5LazpR4S9oLfMvwXqUyskuQ2JL7olAe/g5v0F8OBiv8IsYnfj2LlDX6B+FXT1LruMGxbRqQGQesJD0IogcIBHf6+0CjJkzKxFulmqLVEBJHhqFhPZtf4wRdWJY0Di5nws+/yeu9FJi9LNyYlPz6scss/9JRBPDh0E3AW5VE6RSPu/anFe5J/2tgFGel2DsFKhnGqWPw/2X25uShfmgdw544dQ" ], + "priority" : [ "100" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ ], + "authenticationFlows" : [ { + "id" : "7ead61c9-9739-4452-a8a2-dac4b290bcf9", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "REQUIRED", + "priority" : 20, + "flowAlias" : "Handle Existing Account - Alternatives - 0", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "6a454183-f418-4c09-81ad-4dc45889c0ed", + "alias" : "Handle Existing Account - Alternatives - 0", + "description" : "Subflow of Handle Existing Account with alternative executions", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "ALTERNATIVE", + "priority" : 20, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "96e2f402-7824-42b0-9090-4fe4f8db32c8", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "CONDITIONAL", + "priority" : 20, + "flowAlias" : "Verify Existing Account by Re-authentication - auth-otp-form - Conditional", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "263245eb-42aa-486f-b1f7-1dd93aca377f", + "alias" : "Verify Existing Account by Re-authentication - auth-otp-form - Conditional", + "description" : "Flow to determine if the auth-otp-form authenticator should be used or not.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-otp-form", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "4e5ceed4-4e38-4040-86ae-937e256611fc", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-spnego", + "requirement" : "DISABLED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "identity-provider-redirector", + "requirement" : "ALTERNATIVE", + "priority" : 25, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "ALTERNATIVE", + "priority" : 30, + "flowAlias" : "forms", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "4e01e0fd-4f44-432b-88c8-dffe0a15529a", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "client-jwt", + "requirement" : "ALTERNATIVE", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "client-secret-jwt", + "requirement" : "ALTERNATIVE", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "client-x509", + "requirement" : "ALTERNATIVE", + "priority" : 40, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "84c8cc65-f967-481c-9b1a-b407148a5c68", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "direct-grant-validate-password", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "CONDITIONAL", + "priority" : 30, + "flowAlias" : "direct grant - direct-grant-validate-otp - Conditional", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "493f900f-74f0-48a1-81cc-21b1f7324bf4", + "alias" : "direct grant - direct-grant-validate-otp - Conditional", + "description" : "Flow to determine if the direct-grant-validate-otp authenticator should be used or not.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "32f3ae88-3809-48ba-8c6e-251c18021ad4", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "6d25e5ee-1897-43b0-96a6-7df9fe04f20d", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "REQUIRED", + "priority" : 20, + "flowAlias" : "first broker login - Alternatives - 0", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "f29b4aac-b029-454d-b830-7044d96d4e3f", + "alias" : "first broker login - Alternatives - 0", + "description" : "Subflow of first broker login with alternative executions", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "ALTERNATIVE", + "priority" : 20, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "f1a8ff22-aa29-4cfb-8a26-32062ff6774b", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "CONDITIONAL", + "priority" : 20, + "flowAlias" : "forms - auth-otp-form - Conditional", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "0fe0e268-73d1-43a0-bcae-a1082b07852c", + "alias" : "forms - auth-otp-form - Conditional", + "description" : "Flow to determine if the auth-otp-form authenticator should be used or not.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-otp-form", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "53241d23-22f9-4565-b299-2ad889750ed9", + "alias" : "http challenge", + "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "no-cookie-redirect", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "basic-auth", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "basic-auth-otp", + "requirement" : "DISABLED", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-spnego", + "requirement" : "DISABLED", + "priority" : 40, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "ff206ce7-4dcd-471f-b3f0-eb466b691293", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "requirement" : "REQUIRED", + "priority" : 10, + "flowAlias" : "registration form", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "fc2220ae-4f3a-4df8-8ea3-cb6e891edefd", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-profile-action", + "requirement" : "REQUIRED", + "priority" : 40, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-password-action", + "requirement" : "REQUIRED", + "priority" : 50, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-recaptcha-action", + "requirement" : "DISABLED", + "priority" : 60, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "194f34c0-1e4e-477c-937f-9eec763a5c00", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-credential-email", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-password", + "requirement" : "REQUIRED", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "CONDITIONAL", + "priority" : 40, + "flowAlias" : "reset credentials - reset-otp - Conditional", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "1a97111a-5cc0-45e0-9937-c6dfbac1ee4f", + "alias" : "reset credentials - reset-otp - Conditional", + "description" : "Flow to determine if the reset-otp authenticator should be used or not.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-otp", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "85cc250e-f572-4c0e-9a7c-7df313e38397", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "fbd2f3a4-e2f8-4457-8d8d-52835dfacfc7", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "8f1882f5-e3d4-4639-be20-ed64b27c81c3", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "terms_and_conditions", + "name" : "Terms and Conditions", + "providerId" : "terms_and_conditions", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "attributes" : { + "clientOfflineSessionMaxLifespan" : "0", + "clientSessionIdleTimeout" : "0", + "clientSessionMaxLifespan" : "0", + "clientOfflineSessionIdleTimeout" : "0" + }, + "keycloakVersion" : "11.0.2", + "userManagedAccessAllowed" : false + } \ No newline at end of file diff --git a/stable/fdi-dotstatsuite-keycloak/templates/NOTES.txt b/stable/fdi-dotstatsuite-keycloak/templates/NOTES.txt new file mode 100644 index 00000000..e69de29b diff --git a/stable/fdi-dotstatsuite-keycloak/templates/_helpers.tpl b/stable/fdi-dotstatsuite-keycloak/templates/_helpers.tpl new file mode 100644 index 00000000..f5576b28 --- /dev/null +++ b/stable/fdi-dotstatsuite-keycloak/templates/_helpers.tpl @@ -0,0 +1,76 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "fdi-dotstatsuite-keycloak.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "fdi-dotstatsuite-keycloak.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "fdi-dotstatsuite-keycloak.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "fdi-dotstatsuite-keycloak.labels" -}} +helm.sh/chart: {{ include "fdi-dotstatsuite-keycloak.chart" . }} +{{ include "fdi-dotstatsuite-keycloak.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "fdi-dotstatsuite-keycloak.selectorLabels" -}} +app.kubernetes.io/name: {{ include "fdi-dotstatsuite-keycloak.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + + +{{/* +Create the name of the service account to use +*/}} +{{- define "fdi-dotstatsuite-keycloak.keycloak.serviceAccountName" -}} +{{- if .Values.keycloak.serviceAccount.create }} +{{- default (include "fdi-dotstatsuite-keycloak.fullname" .) .Values.keycloak.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.keycloak.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "fdi-dotstatsuite-keycloak.proxy.serviceAccountName" -}} +{{- if .Values.proxy.serviceAccount.create }} +{{- default (include "fdi-dotstatsuite-keycloak.fullname" .) .Values.proxy.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.proxy.serviceAccount.name }} +{{- end }} +{{- end }} + diff --git a/stable/fdi-dotstatsuite-keycloak/templates/cm/keycloak.yaml b/stable/fdi-dotstatsuite-keycloak/templates/cm/keycloak.yaml new file mode 100644 index 00000000..5143c595 --- /dev/null +++ b/stable/fdi-dotstatsuite-keycloak/templates/cm/keycloak.yaml @@ -0,0 +1,1731 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ include "fdi-dotstatsuite-keycloak.fullname" . }}-realm-json +data: + realm.json: | + { + "id" : "demo", + "realm" : "demo", + "notBefore" : 0, + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 300, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "enabled" : true, + "sslRequired" : "none", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "730a6fa8-0f6a-47f7-ae37-406be7c80040", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "demo", + "attributes" : { } + }, { + "id" : "4be78069-52c6-405d-a432-b4e5a2b7879a", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "demo", + "attributes" : { } + } ], + "client" : { + "realm-management" : [ { + "id" : "d917ebeb-5260-4539-ae28-ec3460ba0a00", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "b828a023-743b-4c02-804b-699b93f45669", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "4372be79-7081-434d-bad1-11e53079a1a0", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "21c05113-2167-416f-834a-e86866df9ddc", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "43f1f2fc-43d2-4739-89b6-c613b8680474", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "41641907-82b5-40b8-874b-9e88c02b5575", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "db3b5ed7-0c09-47e7-a9e8-0867f1f45b2f", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "694337b1-820d-431f-8233-b20064691367", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-groups", "query-users" ] + } + }, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "c4de5757-a74b-483c-90d6-676c2c803ef8", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "3ad9004b-ffe8-48de-ae13-06a34e08a19e", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "4e3abf2f-52b1-4458-a423-ffe8e3db81e8", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "926a2f60-37d2-4867-a95e-f8e9d4cee16e", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "c778c383-3bce-45b2-a97c-0eed0775191f", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "edc17ea2-7518-48fc-a9fa-f5765cae08d8", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "6850c0cb-ba8d-435b-813e-ef8e1cb2d905", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "caad46f5-bb68-4e10-900e-aac78e2416f3", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "impersonation", "manage-identity-providers", "view-realm", "manage-realm", "manage-authorization", "view-events", "manage-clients", "view-users", "manage-events", "view-identity-providers", "query-clients", "query-groups", "manage-users", "query-users", "view-authorization", "query-realms", "create-client", "view-clients" ] + } + }, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "e22eeae1-7a71-48b3-a5a7-ba82a8e8f2a1", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "f1edbbef-a629-4ab8-bc5c-fe79d101df71", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + }, { + "id" : "a776e71c-38c0-4217-96d8-beeb411a6864", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "attributes" : { } + } ], + "stat-suite" : [ ], + "security-admin-console" : [ ], + "admin-cli" : [ ], + "account-console" : [ ], + "broker" : [ { + "id" : "8b0c6d36-6259-4d4e-926e-770b7965e905", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "477e51e0-bfe2-43f2-bb3c-65871f00c9a9", + "attributes" : { } + } ], + "account" : [ { + "id" : "800e807c-fe74-42d1-aa7c-532ebafa1dfc", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "f6efbc6a-a606-4260-ad22-553634954813", + "attributes" : { } + }, { + "id" : "cef16bb5-1681-4203-891a-225456961421", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "f6efbc6a-a606-4260-ad22-553634954813", + "attributes" : { } + }, { + "id" : "1f7a05f1-b204-47cb-9644-ede7574a2a61", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "f6efbc6a-a606-4260-ad22-553634954813", + "attributes" : { } + }, { + "id" : "ab0b5e8a-63f0-456d-b6c7-1df1668d6b41", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "f6efbc6a-a606-4260-ad22-553634954813", + "attributes" : { } + }, { + "id" : "f5f46dbb-f7b5-4c76-8cc3-94dc32608261", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "f6efbc6a-a606-4260-ad22-553634954813", + "attributes" : { } + }, { + "id" : "95bbf4df-9e23-4c78-8e46-18bc44ee3ba8", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "f6efbc6a-a606-4260-ad22-553634954813", + "attributes" : { } + } ] + } + }, + "groups" : [ { + "id" : "355e476c-079d-4ef7-97ee-0e40f977843a", + "name" : "admins", + "path" : "/admins", + "attributes" : { }, + "realmRoles" : [ ], + "clientRoles" : { }, + "subGroups" : [ ] + } ], + "defaultRoles" : [ "uma_authorization", "offline_access" ], + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ], + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "users" : [ { + "id" : "c2dc90cd-e525-4c4d-a834-0ac3d3ad346d", + "createdTimestamp" : 1568987587616, + "username" : "test-admin", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "firstName" : "Test", + "lastName" : "Admin", + "email" : "admin@dotstat-suite.com", + "credentials" : [ { + "id" : "d0ce0193-2673-4eee-a9a3-fdf7b492d397", + "type" : "password", + "createdDate" : 1568987597001, + "secretData" : "{\"value\":\"EM2T0gb84/dxdPgobNBG9GtYP2VC49KRgFb+CJwa2wGa7mFly5swZaD73YGMSeybKSWojqILX1MV+8hYW8rI8Q==\",\"salt\":\"uVj1DI50CR6lpbEkfN55MQ==\"}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "uma_authorization", "offline_access" ], + "clientRoles" : { + "account" : [ "view-profile", "manage-account" ] + }, + "notBefore" : 0, + "groups" : [ "/admins" ] + } ], + "scopeMappings" : [ { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account" ] + } ] + }, + "clients" : [ { + "id" : "f6efbc6a-a606-4260-ad22-553634954813", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/demo/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "e925d1c0-3f7d-4323-8f3c-179e334ed877", + "defaultRoles" : [ "view-profile", "manage-account" ], + "redirectUris" : [ "/realms/demo/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "ea02131b-092d-452b-9360-c5e1749d09a7", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/demo/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "b6440098-44b0-4db2-8914-0ad5cafc33e1", + "redirectUris" : [ "/realms/demo/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "150f660a-c130-40db-adc0-fdd47183b973", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "bfc4a97f-d66f-47a4-82aa-4ba11fc9c819", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "62d8c86c-005c-4a5a-a669-8ecaf4ad58ca", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "477e51e0-bfe2-43f2-bb3c-65871f00c9a9", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "af29b39d-4586-4c8b-85b6-3bdf38395b85", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "58dc8509-ffed-4190-ac51-9a00aa2490e1", + "clientId" : "realm-management", + "name" : "${client_realm-management}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "116b3e2c-fb08-4258-b130-65553c327eca", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "f9a68146-a40d-4e9b-8c80-8b84e80e2eef", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/demo/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "bc40fea6-695d-4c65-9897-b651441f6b00", + "redirectUris" : [ "/admin/demo/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "9dd9f62c-e822-4d8a-8e78-229f05187830", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "5f583792-1207-4ced-990d-5838733bc04e", + "clientId" : "stat-suite", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ "*" ], + "webOrigins" : [ "*" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : true, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "saml.assertion.signature" : "false", + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "saml.encrypt" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "exclude.session.state.from.auth.response" : "false", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "pkce.code.challenge.method" : "", + "saml.onetimeuse.condition" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "protocolMappers" : [ { + "id" : "6d4e8871-3691-494d-ade6-f168dc8178c3", + "name" : "hardcoded-audience", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-mapper", + "consentRequired" : false, + "config" : { + "included.client.audience" : "stat-suite", + "id.token.claim" : "false", + "access.token.claim" : "true", + "userinfo.token.claim" : "false" + } + } ], + "defaultClientScopes" : [ "role_list", "profile", "groups", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "40c58f08-f31a-4f2f-a60d-0cc7b21f2dc9", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${addressScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "07dbe9cc-26ce-427d-8155-be4323688b0f", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "776da0e7-4560-40a6-ad2c-d845d2d9620c", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "55343b2e-37d2-4983-991d-a6a6bd9d80c7", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { } + } ] + }, { + "id" : "7b5186b8-b526-4b3d-b90f-ccf6f8ef6f82", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "7f8c2e01-8920-4235-a807-d25c02c51a69", + "name" : "groups", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "a7811413-ded2-4f74-84f2-ded7e0b86b78", + "name" : "Groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-group-membership-mapper", + "consentRequired" : false, + "config" : { + "full.path" : "false", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "userinfo.token.claim" : "true" + } + } ] + }, { + "id" : "bf552e5f-0ab2-4106-96c2-3df81dd17278", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "2e6af5fb-f219-4295-86f5-dc463c1166aa", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + }, { + "id" : "15e3451b-56ea-4c72-bebc-d6a4458f3719", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "multivalued" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "cfc41abd-0d31-430e-8d12-c10980b82ccf", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${phoneScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "4967d0ff-862c-4482-a356-9682ffd54bed", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "2c0972f0-e338-4ff3-ab7a-746b3c82a523", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "d8a7db02-2303-4ae1-aa55-0ece05e1439d", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${profileScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "d942cf0e-2999-463e-b785-40fb34c78915", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "2fe28da0-34b3-4e21-a231-0234fd91000c", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + }, { + "id" : "18d7af31-45da-405e-8672-1dd12c8bb7bb", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "3b7c66b6-53bf-4811-9a24-49ce50384aa6", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + }, { + "id" : "52014ca2-bcd5-4749-bf4c-8f51b584302b", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + }, { + "id" : "21ed114e-1f75-406e-815e-dcd1261f7ae4", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + }, { + "id" : "796c1e7c-6846-4fa4-846e-e9500b60ffef", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "da9e2b35-8924-46ff-b4e2-d12f8624ce85", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + }, { + "id" : "89eaac72-84d2-4398-a906-f9ba5b04802a", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "60b80604-1155-482b-bf37-df5f0d68f81e", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + }, { + "id" : "644ecede-bc4a-4533-a7bd-8ae6fb9e5b8e", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "36a7e957-c7aa-4b59-8fe0-815afad5fcaf", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "String" + } + }, { + "id" : "557ae544-b359-40c0-8f4b-29a3656df715", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "6f857936-6441-41d8-ab66-efecdc39b71b", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "da598377-4b87-45ba-b46a-41d64ceeb41f", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${emailScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "c7deebc2-04e9-4d47-b919-74889e132e0c", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "8dac8fc6-308f-4de1-a7ca-6bde9405493a", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "e6cdbbf2-8565-42fd-97af-80a61064b409", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "4bb39e71-e83c-4530-b6ce-b97f302ed09e", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "efdb59a9-2006-4dd8-8e39-cfecf45aa57a", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${rolesScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "41405f2d-4a54-4e29-8b40-80af89c0ce21", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + }, { + "id" : "194cf325-68ce-46e1-94fd-398d21f12b2f", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "714248d7-33c0-452d-9884-f1765323a07c", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + } ] + } ], + "defaultDefaultClientScopes" : [ "web-origins", "profile", "email", "role_list", "roles" ], + "defaultOptionalClientScopes" : [ "address", "offline_access", "microprofile-jwt", "phone" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self' http://localhost:* ; object-src 'none';", + "xXSSProtection" : "1; mode=block", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "eventsEnabled" : false, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "034a0fb6-c8f1-422e-9bfa-19dd720e5660", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "69ff0243-275c-492b-b1f4-de7a9c0a4d74", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "saml-role-list-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper" ] + } + }, { + "id" : "ad654b62-41f2-4893-b6c6-24d3b5ff79e5", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "c004ae0c-c95d-4881-8a9a-c0659073ad22", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "31810fc8-854e-4fef-b40c-563117dcce09", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "e0e818b1-723d-4717-ba1b-afc3a83a1a21", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper" ] + } + }, { + "id" : "25b75e5c-d18c-4ebb-abb2-3fd3f1d86f25", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "4bfd9180-1910-47fd-8a19-6a2e25461918", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "5038fc1e-ff3e-4338-9c91-76545c968ea1", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "1a0950be-5756-4baa-be6c-96ec371d4bc0" ], + "secret" : [ "ACokC9evoBBk6lRB_5a95w" ], + "priority" : [ "100" ] + } + }, { + "id" : "b633176a-7200-4f13-a1f8-511e6e7ea226", + "name" : "hmac-generated", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "981d23ef-cff9-473b-93fd-588ea529e067" ], + "secret" : [ "Vr3Za2uPq1ueOlu3trj1qkjoQOOaAoJ9G5vERXRFWFeLp6AKMVVLD-znGd3GTy1GgUrfjOAtYXUI8olHFc-kdA" ], + "priority" : [ "100" ], + "algorithm" : [ "HS256" ] + } + }, { + "id" : "ebbcdfbe-12e6-4c60-bed1-8f8a15b7c585", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEpAIBAAKCAQEAtZgrud1gs0sCDBW7bieBOfwODTv1csVbkjKXd0MGl6tNdQ8QRwtjYmOQttOCcAVqCjUTAc1Qs7T/FQFA8gg78Kl+uM+8wCDna15vRdct0g8AskXrY/1F63DQZfTnJ83lscNy1lMj8LuD1Q0Xv9RCGUc8WVuVS5Z/9LDJ7ir1M4/j5D9fSOzE/fqynQtfFmCDPao0O8rIeZDVgN/wPvryvVFueIOUHDnUQ1wcNDTU5elhQQxkL5TDnbGXS3FDflYzjS8gIfqR0ZmBn7t5VvufonAu6iopKI0ETwj59VMBmfYyYb+uTvIVHOLAGhhJ9oaKwUsgNDvMgZJyBRS/AeekXwIDAQABAoIBAFho/Kjh6emAlD+T+Qu5OgYj/CdfULGO+nUkInAS9suyv+RE8DTWi41kUhlgwnmNeUH88wMGlcrYTPRKBvePILebnbGWmhukKWcxs9T53ToOydUBi4fD0F2/MAbjhALyEGlKccd89NuIP7fjRvPDAGdUMkKC/x2s6SEVTUqiKXzvNkvbD6vVnTP5Fduuu4p8AYDnd9sgbkQp3ckVpAebTpfsxE2i7uICU0mSq9SdsY2N38WIojjD3WEe6sU2AGtanwnMi63yuRtnHOR9YOHw5lUw+YV4n/3ezKPEh+k5LcmQRzFm0oCG4H1DO7428AQOMWJv1ITmYYwdAWkleQ3DeqECgYEA9fw3ndBveRay2yJDmqD+KAClxgZg8LXv9jFgeXh1LNa6BIR1Yvav3UZtrwYCHQJLkW0OanGL0SVSINx6dEpMoSvUvSvGMjMGQDeuMCOtwxjQNLacKdhfUSw1UtIyoNq2VM7UBH0jHnPt4cD7OL+V27SBNcqqWFVDrErWAPPpJm8CgYEAvPzXBJQaeRYHuo6yj1vE9ovjAd1xiLazp8HqPtGh1DhzUrsKM0HZ/rkqr7ctD35mHIDwgaFLc4Z/5M0agASu9hlGYW7vrWuoUHgrJ10PKkI9LjaFqlegNmSZvj8QHVRGKGLJ3rLNpcaa2tq3fX1FWa9Qu1mJ0/vLVpRLtNuo2RECgYEAgvxFWWHumho+L3Y1bZeg/wgpPiOTZ1paZ0yvxL8iFjhZYaJvJ72YtEmWioa2hV/9gXkDHidMfphS/XCqPFZ8K669X+Z5aa3F/FgqBzRYiPUjmY5L5fRz/TN/SZTopMMSKGLif2lrVAIDgB1VKUjLseySiWRcBSGSIaLQBj3bvz0CgYBqO1oGOdYzsF2B0YqvqO8rg3CEcNzL859DMm6hByeHan/wxjCypVaLp7xF75qFthBh/1yyEV+fPcCQdXZq9bb/oS99v2U8v2JqcVIYm2fV4kwPuRgjq4Pkb2I4naxKQD/7naRJ6YpNoDkVwpIYGR2tjy27UlZ2cXhYX526uSrNcQKBgQDsM1DXhHNTY046Y14WDPmhz+55WmzpMJUorJSo4Be/eKZpryeaIIF8rEmk0AXTb84o4yyW4fJWVt7vpsqldS4jK1N/BQYkyu6zTSQGiDuYfbecIRJbEtrHdJ0848uptDPz8qcXy2KVG3veZ+lT+Ie3FNiJlf/U6aQNbvHFeIlDQg==" ], + "certificate" : [ "MIICmTCCAYECBgFtTvFrqzANBgkqhkiG9w0BAQsFADAQMQ4wDAYDVQQDDAVzaXNjYzAeFw0xOTA5MjAxMzUwMDdaFw0yOTA5MjAxMzUxNDdaMBAxDjAMBgNVBAMMBXNpc2NjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZgrud1gs0sCDBW7bieBOfwODTv1csVbkjKXd0MGl6tNdQ8QRwtjYmOQttOCcAVqCjUTAc1Qs7T/FQFA8gg78Kl+uM+8wCDna15vRdct0g8AskXrY/1F63DQZfTnJ83lscNy1lMj8LuD1Q0Xv9RCGUc8WVuVS5Z/9LDJ7ir1M4/j5D9fSOzE/fqynQtfFmCDPao0O8rIeZDVgN/wPvryvVFueIOUHDnUQ1wcNDTU5elhQQxkL5TDnbGXS3FDflYzjS8gIfqR0ZmBn7t5VvufonAu6iopKI0ETwj59VMBmfYyYb+uTvIVHOLAGhhJ9oaKwUsgNDvMgZJyBRS/AeekXwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQADyMe/ONG/yNrLNWEOOYPDZpXOMnlPVjhJhdMq5qghiXBsx/EiustkyXXfq/BrlLtJowK8VhDMFSmcNtP3VKklB/IsRM3vOXur2z3bMTHW2Y4jOlx+RXCDfGXKb6F5LazpR4S9oLfMvwXqUyskuQ2JL7olAe/g5v0F8OBiv8IsYnfj2LlDX6B+FXT1LruMGxbRqQGQesJD0IogcIBHf6+0CjJkzKxFulmqLVEBJHhqFhPZtf4wRdWJY0Di5nws+/yeu9FJi9LNyYlPz6scss/9JRBPDh0E3AW5VE6RSPu/anFe5J/2tgFGel2DsFKhnGqWPw/2X25uShfmgdw544dQ" ], + "priority" : [ "100" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ ], + "authenticationFlows" : [ { + "id" : "7ead61c9-9739-4452-a8a2-dac4b290bcf9", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "REQUIRED", + "priority" : 20, + "flowAlias" : "Handle Existing Account - Alternatives - 0", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "6a454183-f418-4c09-81ad-4dc45889c0ed", + "alias" : "Handle Existing Account - Alternatives - 0", + "description" : "Subflow of Handle Existing Account with alternative executions", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "ALTERNATIVE", + "priority" : 20, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "96e2f402-7824-42b0-9090-4fe4f8db32c8", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "CONDITIONAL", + "priority" : 20, + "flowAlias" : "Verify Existing Account by Re-authentication - auth-otp-form - Conditional", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "263245eb-42aa-486f-b1f7-1dd93aca377f", + "alias" : "Verify Existing Account by Re-authentication - auth-otp-form - Conditional", + "description" : "Flow to determine if the auth-otp-form authenticator should be used or not.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-otp-form", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "4e5ceed4-4e38-4040-86ae-937e256611fc", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-spnego", + "requirement" : "DISABLED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "identity-provider-redirector", + "requirement" : "ALTERNATIVE", + "priority" : 25, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "ALTERNATIVE", + "priority" : 30, + "flowAlias" : "forms", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "4e01e0fd-4f44-432b-88c8-dffe0a15529a", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "client-jwt", + "requirement" : "ALTERNATIVE", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "client-secret-jwt", + "requirement" : "ALTERNATIVE", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "client-x509", + "requirement" : "ALTERNATIVE", + "priority" : 40, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "84c8cc65-f967-481c-9b1a-b407148a5c68", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "direct-grant-validate-password", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "CONDITIONAL", + "priority" : 30, + "flowAlias" : "direct grant - direct-grant-validate-otp - Conditional", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "493f900f-74f0-48a1-81cc-21b1f7324bf4", + "alias" : "direct grant - direct-grant-validate-otp - Conditional", + "description" : "Flow to determine if the direct-grant-validate-otp authenticator should be used or not.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "32f3ae88-3809-48ba-8c6e-251c18021ad4", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "6d25e5ee-1897-43b0-96a6-7df9fe04f20d", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "REQUIRED", + "priority" : 20, + "flowAlias" : "first broker login - Alternatives - 0", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "f29b4aac-b029-454d-b830-7044d96d4e3f", + "alias" : "first broker login - Alternatives - 0", + "description" : "Subflow of first broker login with alternative executions", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "ALTERNATIVE", + "priority" : 20, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "f1a8ff22-aa29-4cfb-8a26-32062ff6774b", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "CONDITIONAL", + "priority" : 20, + "flowAlias" : "forms - auth-otp-form - Conditional", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "0fe0e268-73d1-43a0-bcae-a1082b07852c", + "alias" : "forms - auth-otp-form - Conditional", + "description" : "Flow to determine if the auth-otp-form authenticator should be used or not.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-otp-form", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "53241d23-22f9-4565-b299-2ad889750ed9", + "alias" : "http challenge", + "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "no-cookie-redirect", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "basic-auth", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "basic-auth-otp", + "requirement" : "DISABLED", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-spnego", + "requirement" : "DISABLED", + "priority" : 40, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "ff206ce7-4dcd-471f-b3f0-eb466b691293", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "requirement" : "REQUIRED", + "priority" : 10, + "flowAlias" : "registration form", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "fc2220ae-4f3a-4df8-8ea3-cb6e891edefd", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-profile-action", + "requirement" : "REQUIRED", + "priority" : 40, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-password-action", + "requirement" : "REQUIRED", + "priority" : 50, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-recaptcha-action", + "requirement" : "DISABLED", + "priority" : 60, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "194f34c0-1e4e-477c-937f-9eec763a5c00", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-credential-email", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-password", + "requirement" : "REQUIRED", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "CONDITIONAL", + "priority" : 40, + "flowAlias" : "reset credentials - reset-otp - Conditional", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "1a97111a-5cc0-45e0-9937-c6dfbac1ee4f", + "alias" : "reset credentials - reset-otp - Conditional", + "description" : "Flow to determine if the reset-otp authenticator should be used or not.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-otp", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "85cc250e-f572-4c0e-9a7c-7df313e38397", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "fbd2f3a4-e2f8-4457-8d8d-52835dfacfc7", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "8f1882f5-e3d4-4639-be20-ed64b27c81c3", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "terms_and_conditions", + "name" : "Terms and Conditions", + "providerId" : "terms_and_conditions", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "attributes" : { + "clientOfflineSessionMaxLifespan" : "0", + "clientSessionIdleTimeout" : "0", + "clientSessionMaxLifespan" : "0", + "clientOfflineSessionIdleTimeout" : "0" + }, + "keycloakVersion" : "11.0.2", + "userManagedAccessAllowed" : false + } + diff --git a/stable/fdi-dotstatsuite-keycloak/templates/deploy/keycloak.yaml b/stable/fdi-dotstatsuite-keycloak/templates/deploy/keycloak.yaml new file mode 100644 index 00000000..3890756f --- /dev/null +++ b/stable/fdi-dotstatsuite-keycloak/templates/deploy/keycloak.yaml @@ -0,0 +1,138 @@ +{{- if .Values.keycloak.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "fdi-dotstatsuite-keycloak.fullname" . }} + labels: + {{- include "fdi-dotstatsuite-keycloak.labels" . | nindent 4 }} +spec: +{{- if not .Values.keycloak.autoscaling.enabled }} + replicas: {{ .Values.keycloak.replicaCount }} +{{- end }} + selector: + matchLabels: + {{- include "fdi-dotstatsuite-keycloak.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.keycloak.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "fdi-dotstatsuite-keycloak.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.keycloak.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "fdi-dotstatsuite-keycloak.keycloak.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.keycloak.podSecurityContext | nindent 8 }} + containers: + - name: {{ include "fdi-dotstatsuite-keycloak.fullname" . }} + securityContext: + {{- toYaml .Values.keycloak.securityContext | nindent 12 }} + image: "{{ .Values.keycloak.image.repository }}:{{ .Values.keycloak.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.keycloak.image.pullPolicy }} + # command: + # - "sh" + # - "-c" + # - | + # # 900 is the uid and gid of ckan user/group + # cd /opt/jboss/keycloak/bin/ && \ + # ./kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user \$KEYCLOAK_USER --password \$KEYCLOAK_PASSWORD && \ + # ./kcadm.sh update realms/master -s sslRequired=NONE + volumeMounts: + {{- if .Values.keycloak.export.enabled }} + - mountPath: "/opt/jboss/export/" + name: "keycloak-export" + {{- end }} + - name: {{ include "fdi-dotstatsuite-keycloak.fullname" . }}-import-realm + mountPath: /opt/jboss/import/ + command: + - /bin/bash + - -c + - /opt/keycloak/bin/kc.sh start --spi-connections-jpa-legacy-initialize-empty=false --transaction-xa-enabled=false --log-level=ALL + env: + {{- range .Values.keycloak.ingress.hosts }} + - name: KC_HOSTNAME + value: "{{ .host }}" + {{- end }} + - name: KC_PROXY_ADDRESS_FORWARDING + value: "true" + - name: KEYCLOAK_LOGLEVEL + value: DEBUG + - name: KC_PROXY + value: "edge" + - name: KC_HOSTNAME_STRICT + value: "false" + - name: KC_HTTP_RELATIVE_PATH + value: "/" + - name: KC_HOSTNAME_STRICT_HTTPS + value: "true" + - name: KC_DB + value: {{ .Values.managed.postgresdb.db_vendor }} + - name: KC_DB_URL + {{- if eq .Values.managed.postgresdb.db_vendor "mssql" }} + value: "jdbc:sqlserver://{{ .Values.managed.postgresdb.db_url }};database={{ .Values.managed.postgresdb.db_name }};encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;" + {{- end }} + - name: KC_DB_DATABASE + value: {{ .Values.managed.postgresdb.db_name }} + - name: KC_DB_SCHEMA + value: {{ .Values.managed.postgresdb.schema }} + - name: KC_DB_USERNAME + value: {{ .Values.managed.postgresdb.db_username }} + - name: KC_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "fdi-dotstatsuite-keycloak.fullname" . }}-passwords + key: db_password + - name: KEYCLOAK_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "fdi-dotstatsuite-keycloak.fullname" . }}-passwords + key: keycloak_password + - name: KEYCLOAK_ADMIN + value: {{ .Values.keycloak.keycloak_user }} + - name: DB_ADDR + value: {{ .Values.managed.postgresdb.db_url }} + - name: DB_DATABASE + value: {{ .Values.managed.postgresdb.db_name }} + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "fdi-dotstatsuite-keycloak.fullname" . }}-passwords + key: db_password + - name: DB_SCHEMA + value: {{ .Values.managed.postgresdb.schema }} + - name: DB_USER + value: {{ .Values.managed.postgresdb.db_username }} + - name: DB_VENDOR + value: {{ .Values.managed.postgresdb.db_vendor }} + - name: JDBC_PARAMS + value: trustServerCertificate=false;encrypt=false + - name: KEYCLOAK_IMPORT + value: /opt/jboss/import/realm.json + - name: KEYCLOAK_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "fdi-dotstatsuite-keycloak.fullname" . }}-passwords + key: keycloak_password + - name: KEYCLOAK_USER + value: {{ .Values.keycloak.keycloak_user }} + ports: + - name: http + containerPort: 8080 + protocol: TCP + volumes: + {{- if .Values.keycloak.export.enabled }} + - name: "keycloak-export" + azureFile: + secretName: {{ .Values.fullnameOverride }}-keycloak-export-secret + shareName: {{ .Values.keycloak.export.shareName }} + {{- end }} + - name: {{ include "fdi-dotstatsuite-keycloak.fullname" . }}-import-realm + configMap: + name: {{ include "fdi-dotstatsuite-keycloak.fullname" . }}-realm-json + +{{- end -}} diff --git a/stable/fdi-dotstatsuite-keycloak/templates/dr/destrule.yaml b/stable/fdi-dotstatsuite-keycloak/templates/dr/destrule.yaml new file mode 100644 index 00000000..e6882e20 --- /dev/null +++ b/stable/fdi-dotstatsuite-keycloak/templates/dr/destrule.yaml @@ -0,0 +1,16 @@ +{{- if .Values.destinationRule.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: {{ template "fdi-dotstatsuite-keycloak.fullname" . }} + labels: + app: {{ template "fdi-dotstatsuite-keycloak.name" . }} + chart: {{ template "fdi-dotstatsuite-keycloak.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + host: "*.{{ .Release.Namespace }}.svc.{{ default "cluster.local" .Values.clusterDomain }}" + trafficPolicy: + tls: + mode: "{{ default "DISABLE" .Values.destinationRule.mode }}" +{{- end }} diff --git a/stable/fdi-dotstatsuite-keycloak/templates/hpa/keycloak.yaml b/stable/fdi-dotstatsuite-keycloak/templates/hpa/keycloak.yaml new file mode 100644 index 00000000..967e01fa --- /dev/null +++ b/stable/fdi-dotstatsuite-keycloak/templates/hpa/keycloak.yaml @@ -0,0 +1,30 @@ +{{- if .Values.keycloak.enabled -}} +{{- if .Values.keycloak.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "fdi-dotstatsuite-keycloak.fullname" . }} + labels: + {{- include "fdi-dotstatsuite-keycloak.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "fdi-dotstatsuite-keycloak.fullname" . }} + minReplicas: {{ .Values.keycloak.autoscaling.minReplicas }} + maxReplicas: {{ .Values.keycloak.autoscaling.maxReplicas }} + metrics: + {{- if .Values.keycloak.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.keycloak.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.keycloak.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.keycloak.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} +{{- end }} diff --git a/stable/fdi-dotstatsuite-keycloak/templates/ing/keycloak.yaml b/stable/fdi-dotstatsuite-keycloak/templates/ing/keycloak.yaml new file mode 100644 index 00000000..2afef207 --- /dev/null +++ b/stable/fdi-dotstatsuite-keycloak/templates/ing/keycloak.yaml @@ -0,0 +1,46 @@ +{{- if .Values.keycloak.enabled -}} +{{- if .Values.keycloak.ingress.enabled -}} +{{- $fullName := include "fdi-dotstatsuite-keycloak.fullname" . -}} +{{- $svcPort := .Values.keycloak.service.port -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else -}} +apiVersion: extensions/v1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "fdi-dotstatsuite-keycloak.labels" . | nindent 4 }} + {{- with .Values.keycloak.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.keycloak.ingress.tls }} + tls: + {{- range .Values.keycloak.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.keycloak.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + pathType: ImplementationSpecific + backend: + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/stable/fdi-dotstatsuite-keycloak/templates/sa/keycloak.yaml b/stable/fdi-dotstatsuite-keycloak/templates/sa/keycloak.yaml new file mode 100644 index 00000000..686dde8e --- /dev/null +++ b/stable/fdi-dotstatsuite-keycloak/templates/sa/keycloak.yaml @@ -0,0 +1,14 @@ +{{- if .Values.keycloak.enabled -}} +{{- if .Values.keycloak.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "fdi-dotstatsuite-keycloak.keycloak.serviceAccountName" . }} + labels: + {{- include "fdi-dotstatsuite-keycloak.labels" . | nindent 4 }} + {{- with .Values.keycloak.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/stable/fdi-dotstatsuite-keycloak/templates/secret/keycloak-export-secret.yaml b/stable/fdi-dotstatsuite-keycloak/templates/secret/keycloak-export-secret.yaml new file mode 100644 index 00000000..ff89f643 --- /dev/null +++ b/stable/fdi-dotstatsuite-keycloak/templates/secret/keycloak-export-secret.yaml @@ -0,0 +1,10 @@ +{{- if .Values.keycloak.export.enabled}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.fullnameOverride }}-keycloak-export-secret +type: Opaque +data: + azurestorageaccountname: {{ .Values.keycloak.export.azurestorageaccountname | b64enc }} + azurestorageaccountkey: {{ .Values.keycloak.export.azurestorageaccountkey | b64enc }} +{{- end }} diff --git a/stable/fdi-dotstatsuite-keycloak/templates/secret/keycloak-pwds.yaml b/stable/fdi-dotstatsuite-keycloak/templates/secret/keycloak-pwds.yaml new file mode 100644 index 00000000..7bf8baf9 --- /dev/null +++ b/stable/fdi-dotstatsuite-keycloak/templates/secret/keycloak-pwds.yaml @@ -0,0 +1,8 @@ +kind: Secret +apiVersion: v1 +metadata: + name: {{ include "fdi-dotstatsuite-keycloak.fullname" . }}-passwords +data: + db_password: {{ .Values.managed.postgresdb.db_password | b64enc }} + keycloak_password: {{ .Values.keycloak.keycloak_password | b64enc }} +type: Opaque \ No newline at end of file diff --git a/stable/fdi-dotstatsuite-keycloak/templates/svc/keycloak.yaml b/stable/fdi-dotstatsuite-keycloak/templates/svc/keycloak.yaml new file mode 100644 index 00000000..661932a9 --- /dev/null +++ b/stable/fdi-dotstatsuite-keycloak/templates/svc/keycloak.yaml @@ -0,0 +1,18 @@ +{{- if .Values.keycloak.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "fdi-dotstatsuite-keycloak.fullname" . }} + labels: + {{- include "fdi-dotstatsuite-keycloak.labels" . | nindent 4 }} +spec: + type: {{ .Values.keycloak.service.type }} + ports: + - port: {{ .Values.keycloak.service.port }} + targetPort: http + protocol: TCP + name: http-keycloak + selector: + {{- include "fdi-dotstatsuite-keycloak.selectorLabels" . | nindent 4 }} + +{{- end }} \ No newline at end of file diff --git a/stable/fdi-dotstatsuite-keycloak/values.yaml b/stable/fdi-dotstatsuite-keycloak/values.yaml new file mode 100644 index 00000000..d78b3e63 --- /dev/null +++ b/stable/fdi-dotstatsuite-keycloak/values.yaml @@ -0,0 +1,118 @@ +# Default values for sdmxfrontend. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Globals +nameOverride: "fdi-dotstatsuite-keycloak" +fullnameOverride: "fdi-dotstatsuite-keycloak" +managed: + postgresdb: + db_url: "fdickandev.postgres.database.azure.com:5432" + db_password: "keycloak" + db_username: "keycloak" + db_name: "keycloak" + db_vendor: "postgres" + schema: "postgres" + +# Config +# https://gitlab.k8s.cloud.statcan.ca/analytics-platform/discovery/dotstatsuite-docker-compose +keycloak: + enabled: true + replicaCount: 1 + keycloak_user: "keycloak" + keycloak_password: "keycloak" + export: + enabled: true + shareName: "keycloak-keycloak/dev/export" + azurestorageaccountname: "tt" + azurestorageaccountkey: "tt" + ingress: + enabled: true + annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.class: istio + hosts: + - host: sdmx-keycloak.dev.cloud.statcan.ca + paths: + - '/*' + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + image: + #repository: siscc/dotstatsuite-proxy + repository: artifactory.cloud.statcan.ca/docker/siscc/dotstatsuite-keycloak + pullPolicy: Always + # Overrides the image tag whose default is the chart version. + tag: "yay" + + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + + podAnnotations: { + traffic.sidecar.istio.io/excludeOutboundPorts: '5432' + } + + podSecurityContext: {} + # fsGroup: 2000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + service: + type: ClusterIP + port: 8080 + + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + ## + imagePullSecrets: + - name: artifactory-prod + + resources: + limits: + cpu: 100m + memory: 4g + requests: + cpu: 100m + memory: 2g + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + + nodeSelector: {} + + tolerations: [] + + affinity: {} + +destinationRule: + enabled: false + mode: DISABLE diff --git a/stable/fdi-dotstatsuite-sfs-solr/Chart.yaml b/stable/fdi-dotstatsuite-sfs-solr/Chart.yaml index 164eb44b..b9ac430d 100644 --- a/stable/fdi-dotstatsuite-sfs-solr/Chart.yaml +++ b/stable/fdi-dotstatsuite-sfs-solr/Chart.yaml @@ -1,32 +1,13 @@ apiVersion: v2 -name: fdi-dotstatsuite-sfs-solr -description: fdi-dotstatsuite helm chart for the Data Explorer and Data Viewer - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.0.1 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. appVersion: v14.0.0 - +description: fdi-dotstatsuite helm chart for the Data Explorer and Data Viewer home: https://statcan.gc.ca +maintainers: +- email: Jianlong.qian@statcan.gc.ca + name: Jianlong Qian +name: fdi-dotstatsuite-sfs-solr sources: - https://gitlab.k8s.cloud.statcan.ca/analytics-platform/fdi-idf/metadata - https://gitlab.com/sis-cc/.stat-suite/dotstatsuite-kube-rp/ -maintainers: -- name: Jianlong Qian - email: Jianlong.qian@statcan.gc.ca -engine: gotpl +type: application +version: 1.0.1 diff --git a/stable/fdi-dotstatsuite-sfs-solr/templates/deploy/solr.yaml b/stable/fdi-dotstatsuite-sfs-solr/templates/deploy/solr.yaml index 29f7a53f..f29375ad 100644 --- a/stable/fdi-dotstatsuite-sfs-solr/templates/deploy/solr.yaml +++ b/stable/fdi-dotstatsuite-sfs-solr/templates/deploy/solr.yaml @@ -50,7 +50,7 @@ spec: - name: OOM value: "exit" - name: SOLR_JAVA_MEM - value: "-Xms4g -Xmx6g" + value: "-Xms4g -Xmx6g -Dsolr.max.booleanClauses=50000" volumeMounts: - mountPath: /var/solr name: {{ include "dotstatsuite.fullname" . }}-solr-pv-storage diff --git a/stable/fdi-dotstatsuite-sfs-solr/values.yaml b/stable/fdi-dotstatsuite-sfs-solr/values.yaml index 71be319c..2490b343 100644 --- a/stable/fdi-dotstatsuite-sfs-solr/values.yaml +++ b/stable/fdi-dotstatsuite-sfs-solr/values.yaml @@ -6,7 +6,6 @@ nameOverride: "fdi-dotstatsuite-sfs-solr" fullnameOverride: "fdi-dotstatsuite-sfs-solr" - # sfs # https://gitlab.k8s.cloud.statcan.ca/analytics-platform/discovery/dotstatsuite-docker-compose sfs: @@ -245,7 +244,6 @@ mongo: podAnnotations: { sidecar.istio.io/inject: 'false' } - podSecurityContext: {} # fsGroup: 2000 @@ -309,8 +307,6 @@ mongo: tolerations: [] affinity: {} - - # Destination Rule # https://gitlab.k8s.cloud.statcan.ca/analytics-platform/discovery/dotstatsuite-docker-compose destinationRule: diff --git a/stable/fdi-dotstatsuite-sfs-solr/values_for_octopus.yaml b/stable/fdi-dotstatsuite-sfs-solr/values_for_octopus.yaml new file mode 100644 index 00000000..56d83acd --- /dev/null +++ b/stable/fdi-dotstatsuite-sfs-solr/values_for_octopus.yaml @@ -0,0 +1,309 @@ +# Default values for sdmxfrontend. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Globals +nameOverride: #{NAME} +fullnameOverride: #{FULLLNAME} + + +# sfs +# https://gitlab.k8s.cloud.statcan.ca/analytics-platform/discovery/dotstatsuite-docker-compose +sfs: + enabled: true + replicaCount: #{REPLICACOUNT} + + ingress: + enabled: true + annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.class: istio + hosts: + - host: #{SFS_HOST} + paths: + - '/*' + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + image: + # repository: siscc/dotstatsuite-data-explorer + repository: #{SFS_RESPOSITORY} + pullPolicy: Always + # Overrides the image tag whose default is the chart version. + tag: #{SFS_TAG} + config: + host: #{CONFIG_HOST} + api_key_secret: #{API_KEY} + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + + # podAnnotations: { + # sidecar.istio.io/inject: 'false' + # } + podAnnotations: { + traffic.sidecar.istio.io/excludeOutboundPorts: '27017' + } + + podSecurityContext: {} + # fsGroup: 2000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + service: + type: ClusterIP + port: 80 + + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + ## + imagePullSecrets: + - name: #{IMAGE_PULL_SECRET} + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + + nodeSelector: {} + + tolerations: [] + + affinity: {} + +# solr +# https://gitlab.k8s.cloud.statcan.ca/analytics-platform/discovery/dotstatsuite-docker-compose +solr: + enabled: true + replicaCount: 1 + + ingress: + enabled: false + annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.class: istio + hosts: + - host: "" + paths: + - '/*' + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + image: + repository: #{SOLR_RESPOSITORY} + pullPolicy: Always + # Overrides the image tag whose default is the chart version. + tag: #{SOLR_TAG} + + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + + podAnnotations: {} + # podAnnotations: {} + + podSecurityContext: {} + # fsGroup: 2000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + service: + type: ClusterIP + port: 8983 + persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + + ## CKAN data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + annotations: {} + accessMode: ReadWriteOnce + size: #{SOLR_STORAGE_SZIE} + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + ## + imagePullSecrets: + - name: #{IMAGE_PULL_SECRET} + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + + nodeSelector: {} + + tolerations: [] + + affinity: {} + +# mongo +# https://gitlab.k8s.cloud.statcan.ca/analytics-platform/discovery/dotstatsuite-docker-compose +mongo: + enabled: true + replicaCount: 1 + + ingress: + enabled: false + annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.class: istio + hosts: + - host: "" + paths: + - '/*' + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + image: + repository: repository: #{MONGO_RESPOSITORY} + pullPolicy: Always + # Overrides the image tag whose default is the chart version. + tag: repository: #{MONGO_TAG} + + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + + podAnnotations: { + sidecar.istio.io/inject: 'false' + } + + podSecurityContext: {} + # fsGroup: 2000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + service: + type: ClusterIP + port: 27017 + persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + + ## CKAN data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + annotations: {} + accessMode: ReadWriteOnce + size: #{MONGO_STORAGE_SZIE} + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + ## + imagePullSecrets: + - name: #{IMAGE_PULL_SECRET} + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + + nodeSelector: {} + + tolerations: [] + + affinity: {} + diff --git a/stable/fdi-dotstatsuite/Chart.yaml b/stable/fdi-dotstatsuite/Chart.yaml index 07245992..7771a4a9 100644 --- a/stable/fdi-dotstatsuite/Chart.yaml +++ b/stable/fdi-dotstatsuite/Chart.yaml @@ -1,44 +1,17 @@ apiVersion: v2 -name: fdi-dotstatsuite +appVersion: 16.2.0 +dependencies: +- condition: mssql-linux.enabled + name: mssql-linux + repository: https://charts.helm.sh/stable + version: 0.11.4 description: fdi-dotstatsuite kube core services - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.21 - - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 7.2.0 -# .StatSuite Release version -# https://gitlab.com/groups/sis-cc/.stat-suite/-/milestones/47#tab-issues - home: https://statcan.gc.ca +maintainers: +- email: jianlong.qian@statcan.gc.ca + name: Jianlong.qian +name: fdi-dotstatsuite sources: - https://gitlab.com/sis-cc/.stat-suite/dotstatsuite-kube-core-rp/-/tree/master/staging -maintainers: -- name: sylus - email: william.hearn@canada.ca -- name: Zachary Seguin - email: zachary.seguin@canada.ca -- name: Jianlong.qian - email: jianlong.qian@statcan.gc.ca -engine: gotpl - -dependencies: -- name: mssql-linux - version: 0.11.4 - repository: https://charts.helm.sh/stable - condition: mssql-linux.enabled +type: application +version: 0.3.3 diff --git a/stable/fdi-dotstatsuite/templates/cm/authz.yaml b/stable/fdi-dotstatsuite/templates/cm/authz.yaml index 5b68e83a..165b2f2b 100644 --- a/stable/fdi-dotstatsuite/templates/cm/authz.yaml +++ b/stable/fdi-dotstatsuite/templates/cm/authz.yaml @@ -8,8 +8,8 @@ data: auth__allowAnonymous: 'true' auth__authority: "{{ .Values.managed.azuread.authority }}" auth__authorizationUrl: "{{ .Values.managed.azuread.authorizationUrl }}" - auth__claimsMapping__email: upn - auth__claimsMapping__groups: roles + auth__claimsMapping__email: {{ default "upn" .Values.managed.azuread.claimsMapping__email | quote }} + auth__claimsMapping__groups: {{ default "roles" .Values.managed.azuread.claimsMapping__groups | quote }} auth__clientId: "{{ .Values.managed.azuread.clientId }}" auth__enabled: 'true' auth__requireHttps: 'false' diff --git a/stable/fdi-dotstatsuite/templates/deploy/nsidesign.yaml b/stable/fdi-dotstatsuite/templates/deploy/nsidesign.yaml index c96826e4..a3cfaf0d 100644 --- a/stable/fdi-dotstatsuite/templates/deploy/nsidesign.yaml +++ b/stable/fdi-dotstatsuite/templates/deploy/nsidesign.yaml @@ -82,17 +82,17 @@ spec: - name: SQL_PASSWORD value: $(DESIGN_STRUCTURE_PASSWORD) - name: SENDER_ID - value: "Stable - DotStat v8" + value: {{ default "Stable - DotStat v8" .Values.nsiDesign.sender_id | quote }} - name: MA_SQL_USER value: $(SA_USER) - name: MA_SQL_PASSWORD value: $(SA_PASSWORD) - name: MA_ALWAYS_RESET - value: "N" + value: {{ default "N" .Values.nsiDesign.reset | quote }} - name: INSERT_NEW_ITEM_SCHEME_VALUES - value: "true" + value: {{ default "true" .Values.nsiDesign.allow_insert_new_value | quote }} - name: enableReleaseManagement - value: "true" + value: {{ default "true" .Values.nsiDesign.enableReleaseManagement | quote }} - name: "mappingStore__Id__Default" value: "{{ .Values.nsiDesign.dataspace }}" - name: disseminationDbConnection__dbType diff --git a/stable/fdi-dotstatsuite/templates/deploy/nsireset.yaml b/stable/fdi-dotstatsuite/templates/deploy/nsireset.yaml index 870770aa..0d227458 100644 --- a/stable/fdi-dotstatsuite/templates/deploy/nsireset.yaml +++ b/stable/fdi-dotstatsuite/templates/deploy/nsireset.yaml @@ -83,17 +83,17 @@ spec: - name: SQL_PASSWORD value: $(RESET_STRUCTURE_PASSWORD) - name: SENDER_ID - value: "Stable - DotStat v8" + value: {{ default "Stable - DotStat v8" .Values.nsiReset.enableReleaseManagement | quote }} - name: MA_SQL_USER value: $(SA_USER) - name: MA_SQL_PASSWORD value: $(SA_PASSWORD) - name: MA_ALWAYS_RESET - value: "Y" + value: {{ default "N" .Values.nsiReset.reset | quote }} - name: INSERT_NEW_ITEM_SCHEME_VALUES - value: "true" + value: {{ default "true" .Values.nsiReset.allow_insert_new_value | quote }} - name: enableReleaseManagement - value: "true" + value: {{ default "true" .Values.nsiReset.enableReleaseManagement | quote }} - name: "mappingStore__Id__Default" value: "{{ .Values.nsiReset.dataspace }}" - name: disseminationDbConnection__dbType diff --git a/stable/fdi-dotstatsuite/templates/deploy/nsistable.yaml b/stable/fdi-dotstatsuite/templates/deploy/nsistable.yaml index 309f0096..9795d50a 100644 --- a/stable/fdi-dotstatsuite/templates/deploy/nsistable.yaml +++ b/stable/fdi-dotstatsuite/templates/deploy/nsistable.yaml @@ -82,17 +82,17 @@ spec: - name: SQL_PASSWORD value: $(STABLE_STRUCTURE_PASSWORD) - name: SENDER_ID - value: "Stable - DotStat v8" + value: {{ default "Stable - DotStat v8" .Values.nsiStable.sender_id | quote }} - name: MA_SQL_USER value: $(SA_USER) - name: MA_SQL_PASSWORD value: $(SA_PASSWORD) - name: MA_ALWAYS_RESET - value: "N" + value: {{ default "N" .Values.nsiStable.reset | quote }} - name: INSERT_NEW_ITEM_SCHEME_VALUES - value: "false" + value: {{ default "false" .Values.nsiStable.allow_insert_new_value | quote }} - name: enableReleaseManagement - value: "true" + value: {{ default "true" .Values.nsiStable.enableReleaseManagement | quote }} - name: "mappingStore__Id__Default" value: "{{ .Values.nsiStable.dataspace }}" - name: disseminationDbConnection__dbType diff --git a/stable/fdi-dotstatsuite/templates/deploy/nsistaging.yaml b/stable/fdi-dotstatsuite/templates/deploy/nsistaging.yaml index 3cedd443..21a85d76 100644 --- a/stable/fdi-dotstatsuite/templates/deploy/nsistaging.yaml +++ b/stable/fdi-dotstatsuite/templates/deploy/nsistaging.yaml @@ -82,17 +82,17 @@ spec: - name: SQL_PASSWORD value: $(STAGING_STRUCTURE_PASSWORD) - name: SENDER_ID - value: "Stable - DotStat v8" + value: {{ default "Stable - DotStat v8" .Values.nsiStaging.sender_id | quote }} - name: MA_SQL_USER value: $(SA_USER) - name: MA_SQL_PASSWORD value: $(SA_PASSWORD) - name: MA_ALWAYS_RESET - value: "N" + value: {{ default "N" .Values.nsiStaging.reset | quote }} - name: INSERT_NEW_ITEM_SCHEME_VALUES - value: "false" + value: {{ default "false" .Values.nsiStaging.allow_insert_new_value | quote }} - name: enableReleaseManagement - value: "true" + value: {{ default "true" .Values.nsiStaging.enableReleaseManagement | quote }} - name: "mappingStore__Id__Default" value: "{{ .Values.nsiStaging.dataspace }}" - name: disseminationDbConnection__dbType diff --git a/stable/fdi-dotstatsuite/templates/deploy/transfer.yaml b/stable/fdi-dotstatsuite/templates/deploy/transfer.yaml index 52419eb6..85875233 100644 --- a/stable/fdi-dotstatsuite/templates/deploy/transfer.yaml +++ b/stable/fdi-dotstatsuite/templates/deploy/transfer.yaml @@ -40,6 +40,10 @@ spec: - mountPath: "/app/logs" name: "sdmx-logs" {{- end}} + {{- if .Values.transfer.data_loading_on_server.enabled }} + - mountPath: "/app/data" + name: "sdmx-loading-path" + {{- end}} {{- if .Values.transfer.log4net_config.enabled }} - mountPath: /app/config/log4net.config name: transfer-log4net @@ -115,15 +119,15 @@ spec: key: password {{- end }} - name: "MaxTransferErrorAmount" - value: "0" + value: {{ default "10" .Values.transfer.MaxTransferErrorAmount | quote }} - name: "MaxTextAttributeLength" - value: "150" + value: {{ default "150" .Values.transfer.MaxTextAttributeLength | quote }} - name: "MinPercentageDiskSpace" - value: "10" + value: {{ default "10" .Values.transfer.MinPercentageDiskSpace | quote }} - name: "DefaultLanguageCode" - value: "en" + value: {{ default "en" .Values.transfer.DefaultLanguageCode | quote }} - name: "ShowAdvanceDbHealthInfo" - value: "false" + value: {{ default "false" .Values.transfer.ShowAdvanceDbHealthInfo | quote }} - name: "SmtpHost" value: "{{ .Values.managed.smtp.host }}" - name: "SmtpPort" @@ -146,9 +150,11 @@ spec: - name: "SpacesInternal__0__DotStatSuiteCoreDataDbConnectionString" value: "Server={{ template "dotstatsuite.databaseHost" . }};Database=$(STABLE_DATA_DB);User=$(STABLE_DATA_USER);Password=$(STABLE_DATA_PASSWORD);" - name: "SpacesInternal__0__DataImportTimeOutInMinutes" - value: "{{ .Values.transfer.dataImportTimeOutInMinutes }}" + value: "{{ default 1440 .Values.transfer.dataImportTimeOutInMinutes }}" - name: "SpacesInternal__0__DatabaseCommandTimeoutInSec" - value: "{{ .Values.transfer.databaseCommandTimeoutInSec }}" + value: "{{ default 18000 .Values.transfer.databaseCommandTimeoutInSec }}" + - name: "SpacesInternal__0__NotifyImportBatchSize" + value: "{{ default 1000000 .Values.transfer.NotifyImportBatchSize }}" - name: "SpacesInternal__0__AutoLog2DB" value: "{{ .Values.transfer.autoLog2DB }}" - name: "SpacesInternal__0__AutoLog2DBLogLevel" @@ -162,9 +168,11 @@ spec: - name: "SpacesInternal__1__DotStatSuiteCoreDataDbConnectionString" value: "Server={{ template "dotstatsuite.databaseHost" . }};Database=$(RESET_DATA_DB);User=$(RESET_DATA_USER);Password=$(RESET_DATA_PASSWORD);" - name: "SpacesInternal__1__DataImportTimeOutInMinutes" - value: "{{ .Values.transfer.dataImportTimeOutInMinutes }}" + value: "{{ default 1440 .Values.transfer.dataImportTimeOutInMinutes }}" - name: "SpacesInternal__1__DatabaseCommandTimeoutInSec" - value: "{{ .Values.transfer.databaseCommandTimeoutInSec }}" + value: "{{ default 18000 .Values.transfer.databaseCommandTimeoutInSec }}" + - name: "SpacesInternal__1__NotifyImportBatchSize" + value: "{{ default 1000000 .Values.transfer.NotifyImportBatchSize }}" - name: "SpacesInternal__1__AutoLog2DB" value: "{{ .Values.transfer.autoLog2DB }}" - name: "SpacesInternal__1__AutoLog2DBLogLevel" @@ -178,9 +186,11 @@ spec: - name: "SpacesInternal__2__DotStatSuiteCoreDataDbConnectionString" value: "Server={{ template "dotstatsuite.databaseHost" . }};Database=$(DESIGN_DATA_DB);User=$(DESIGN_DATA_USER);Password=$(DESIGN_DATA_PASSWORD);" - name: "SpacesInternal__2__DataImportTimeOutInMinutes" - value: "{{ .Values.transfer.dataImportTimeOutInMinutes }}" + value: "{{ default 1440 .Values.transfer.dataImportTimeOutInMinutes }}" - name: "SpacesInternal__2__DatabaseCommandTimeoutInSec" - value: "{{ .Values.transfer.databaseCommandTimeoutInSec }}" + value: "{{ default 18000 .Values.transfer.databaseCommandTimeoutInSec }}" + - name: "SpacesInternal__2__NotifyImportBatchSize" + value: "{{ default 1000000 .Values.transfer.NotifyImportBatchSize }}" - name: "SpacesInternal__2__AutoLog2DB" value: "{{ .Values.transfer.autoLog2DB }}" - name: "SpacesInternal__2__AutoLog2DBLogLevel" @@ -194,9 +204,11 @@ spec: - name: "SpacesInternal__3__DotStatSuiteCoreDataDbConnectionString" value: "Server={{ template "dotstatsuite.databaseHost" . }};Database=$(STAGING_DATA_DB);User=$(STAGING_DATA_USER);Password=$(STAGING_DATA_PASSWORD);" - name: "SpacesInternal__3__DataImportTimeOutInMinutes" - value: "{{ .Values.transfer.dataImportTimeOutInMinutes }}" + value: "{{ default 1440 .Values.transfer.dataImportTimeOutInMinutes }}" - name: "SpacesInternal__3__DatabaseCommandTimeoutInSec" - value: "{{ .Values.transfer.databaseCommandTimeoutInSec }}" + value: "{{ default 18000 .Values.transfer.databaseCommandTimeoutInSec }}" + - name: "SpacesInternal__3__NotifyImportBatchSize" + value: "{{ default 1000000 .Values.transfer.NotifyImportBatchSize }}" - name: "SpacesInternal__3__AutoLog2DB" value: "{{ .Values.transfer.autoLog2DB }}" - name: "SpacesInternal__3__AutoLog2DBLogLevel" @@ -219,6 +231,12 @@ spec: shareName: {{ .Values.transfer.sdmx_logs.logShareName }} name: "sdmx-logs" {{- end }} + {{- if .Values.transfer.data_loading_on_server.enabled }} + - azureFile: + secretName: {{ .Values.fullnameOverride }}-sdmx-data-loading-secret + shareName: {{ .Values.transfer.data_loading_on_server.path }} + name: "sdmx-loading-path" + {{- end }} {{- if .Values.transfer.log4net_config.enabled }} - name: transfer-log4net configMap: diff --git a/stable/fdi-dotstatsuite/templates/secret/sdmx-log-secret.yaml b/stable/fdi-dotstatsuite/templates/secret/sdmx-log-secret.yaml index f1eb0e7f..d5f5d2ef 100644 --- a/stable/fdi-dotstatsuite/templates/secret/sdmx-log-secret.yaml +++ b/stable/fdi-dotstatsuite/templates/secret/sdmx-log-secret.yaml @@ -1,4 +1,4 @@ -{{- if or .Values.nsiStaging.sdmx_logs.enabled .Values.nsiReset.sdmx_logs.enabled}} +{{- if or .Values.nsiStaging.sdmx_logs.enabled .Values.nsiReset.sdmx_logs.enabled .Values.nsiDesign.sdmx_logs.enabled .Values.nsiStable.sdmx_logs.enabled .Values.transfer.sdmx_logs.enabled}} apiVersion: v1 kind: Secret metadata: diff --git a/stable/fdi-dotstatsuite/templates/secret/sdmx-sdmx-data-loading-secret.yaml b/stable/fdi-dotstatsuite/templates/secret/sdmx-sdmx-data-loading-secret.yaml new file mode 100644 index 00000000..a8ced94b --- /dev/null +++ b/stable/fdi-dotstatsuite/templates/secret/sdmx-sdmx-data-loading-secret.yaml @@ -0,0 +1,10 @@ +{{- if .Values.transfer.data_loading_on_server.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.fullnameOverride }}-sdmx-data-loading-secret +type: Opaque +data: + azurestorageaccountname: {{ .Values.managed.sdmx_data.azurestorageaccountname | b64enc }} + azurestorageaccountkey: {{ .Values.managed.sdmx_data.azurestorageaccountkey | b64enc }} +{{- end }} diff --git a/stable/fdi-dotstatsuite/values.yaml b/stable/fdi-dotstatsuite/values.yaml index 4c54c566..6ada0991 100644 --- a/stable/fdi-dotstatsuite/values.yaml +++ b/stable/fdi-dotstatsuite/values.yaml @@ -12,14 +12,16 @@ managed: authority: "" authorizationUrl: "" clientId: "" + claimsMapping__email: "" + claimsMapping__groups: "" database: server: "" - sapassword: "" - password: "" - sa_user: "" + sapassword: "test" + password: "test" + sa_user: "sdmxadm" smtp: username: "" - password: "" + password: "test" host: "" port: "587" enableSsl: "true" @@ -27,6 +29,9 @@ managed: sdmx_log: azurestorageaccountname: "" azurestorageaccountkey: "" + sdmx_data: + azurestorageaccountname: "" + azurestorageaccountkey: "" no_dba_scripts: "--withoutDbaScripts" image: &image repository: &repository siscc/sdmxri-nsi-maapi @@ -45,7 +50,7 @@ autoscaling: &autoscaling minReplicas: 1 maxReplicas: 10 targetCPUUtilizationPercentage: 80 - appversion: "autoscaling/v2" #prod uses autoscaling/v2beta1 + appversion: "autoscaling/v2" # Authz # https://gitlab.com/sis-cc/.stat-suite/dotstatsuite-kube-core-rp/-/blob/master/staging/authz.yaml @@ -575,8 +580,8 @@ transfer: init_database: false - dataImportTimeOutInMinutes: 30 - databaseCommandTimeoutInSec: 1800 + dataImportTimeOutInMinutes: 4800 + databaseCommandTimeoutInSec: 14400 autoLog2DB: "true" autoLog2DBLogLevel: "Notice" @@ -586,7 +591,9 @@ transfer: name: "transfer-log4net" log4net_sqlquerylogger_level: "OFF" log4net_root_level: INFO - + data_loading_on_server: + enabled: false + path: sdmx_logs: enabled: false logShareName: "sdmx-logs" diff --git a/stable/fdi-fmr-chart b/stable/fdi-fmr-chart new file mode 160000 index 00000000..396d7f53 --- /dev/null +++ b/stable/fdi-fmr-chart @@ -0,0 +1 @@ +Subproject commit 396d7f5398b26cd59355f998cc53449d9973b1a0 diff --git a/stable/fdi-hfed-scrapping-loading-portal/.helmignore b/stable/fdi-hfed-scrapping-loading-portal/.helmignore new file mode 100644 index 00000000..5d9272cd --- /dev/null +++ b/stable/fdi-hfed-scrapping-loading-portal/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ + diff --git a/stable/fdi-hfed-scrapping-loading-portal/Chart.yaml b/stable/fdi-hfed-scrapping-loading-portal/Chart.yaml new file mode 100644 index 00000000..b5c982d6 --- /dev/null +++ b/stable/fdi-hfed-scrapping-loading-portal/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +appVersion: 0.0.1 +description: The scheduled web scrapping tool +home: https://statcan.gc.ca +icon: https://www.python.org/static/img/python-logo +keywords: +- flask +- python +maintainers: +- email: Jianlong.qian@statcan.gc.ca + name: Jianlong Qian +name: fdi-hfed-scrapping-loading-portal +sources: +- https://gitlab.k8s.cloud.statcan.ca/analytics-platform/fdi-idf/metadata/metadata-tools/heft/hfed-scrapping-loading-tools-portal.git +version: 1.0.0 diff --git a/stable/fdi-hfed-scrapping-loading-portal/requirements.yaml b/stable/fdi-hfed-scrapping-loading-portal/requirements.yaml new file mode 100644 index 00000000..1de5d1ca --- /dev/null +++ b/stable/fdi-hfed-scrapping-loading-portal/requirements.yaml @@ -0,0 +1 @@ +dependencies: \ No newline at end of file diff --git a/stable/fdi-hfed-scrapping-loading-portal/templates/NOTES.txt b/stable/fdi-hfed-scrapping-loading-portal/templates/NOTES.txt new file mode 100644 index 00000000..e69de29b diff --git a/stable/fdi-hfed-scrapping-loading-portal/templates/_helpers.tpl b/stable/fdi-hfed-scrapping-loading-portal/templates/_helpers.tpl new file mode 100644 index 00000000..a88dcf0d --- /dev/null +++ b/stable/fdi-hfed-scrapping-loading-portal/templates/_helpers.tpl @@ -0,0 +1,53 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "hfed.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "hfed.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "hfed.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{/* +Common labels +*/}} +{{- define "hfed.labels" -}} +helm.sh/chart: {{ include "hfed.chart" . }} +{{ include "hfed.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "hfed.selectorLabels" -}} +app.kubernetes.io/name: {{ include "hfed.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} \ No newline at end of file diff --git a/stable/fdi-hfed-scrapping-loading-portal/templates/deploy/hfed.yaml b/stable/fdi-hfed-scrapping-loading-portal/templates/deploy/hfed.yaml new file mode 100644 index 00000000..921ea5ae --- /dev/null +++ b/stable/fdi-hfed-scrapping-loading-portal/templates/deploy/hfed.yaml @@ -0,0 +1,84 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "hfed.fullname" . }} + labels: + {{- include "hfed.labels" . | nindent 4 }} +spec: +{{- if not .Values.hfed.autoscaling.enabled }} + replicas: {{ .Values.hfed.replicaCount }} +{{- end }} + selector: + matchLabels: + {{- include "hfed.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.hfed.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "hfed.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.hfed.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.hfed.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }}-hfed + securityContext: + {{- toYaml .Values.hfed.securityContext | nindent 12 }} + image: "{{ .Values.hfed.image.repository }}:{{ .Values.hfed.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.hfed.image.pullPolicy }} + env: + - name: CLIENT_ID + value: {{ .Values.hfed.client_id }} + - name: CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ include "hfed.fullname" .}}-client-secret + key: password + - name: APPLICATION_ID + valueFrom: + secretKeyRef: + name: {{ include "hfed.fullname" . }}-application-id + key: application_id + - name: AUTHORITY_URL + value: {{ .Values.hfed.authority_url }} + - name: API_SCOPE + value: {{ .Values.hfed.api_scope }} + - name: FILE_PATH_ROOT + value: {{ .Values.hfed.file_path_root }} + - name: LOCAL_FILE_PATH_ROOT + value: {{ .Values.hfed.local_file_path_root }} + - name: DATASPACE + value: {{ .Values.hfed.dataspace }} + - name: SDMX_TRANSFER_URL + value: {{ .Values.hfed.sdmx_transfer_url }} + - name: SMTP_SERVER + value: {{ .Values.hfed.smtp.server | quote }} + - name: SMTP_USER + value: {{ .Values.hfed.smtp.user }} + - name: SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "hfed.fullname" . }}-smtp-password + key: password + - name: SMTP_MAIL_FROM + value: {{ .Values.hfed.smtp.mailFrom }} + - name: SMTP_MAIL_TO + value: {{ .Values.hfed.smtp.mailTo }} + - name: SMTP_TLS + value: {{ .Values.hfed.smtp.tls }} + - name: SMTP_STARTTLS + value: {{ .Values.hfed.smtp.starttls | quote }} + volumeMounts: + - mountPath: "/hfed" + name: "hfed-fileshare-volume" + volumes: + - azureFile: + secretName: {{ include "hfed.fullname" . }}-filesystem-secret + shareName: {{ .Values.hfed.fdi_azure_filesystems_hfed_name }} + name: hfed-fileshare-volume diff --git a/stable/fdi-hfed-scrapping-loading-portal/templates/secret/hfed_application_id.yaml b/stable/fdi-hfed-scrapping-loading-portal/templates/secret/hfed_application_id.yaml new file mode 100644 index 00000000..5fccec7c --- /dev/null +++ b/stable/fdi-hfed-scrapping-loading-portal/templates/secret/hfed_application_id.yaml @@ -0,0 +1,13 @@ + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "hfed.fullname" . }}-application-id + labels: + app.kubernetes.io/name: {{ include "hfed.fullname" . }} + helm.sh/chart: {{ include "hfed.fullname" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +type: Opaque +data: + application_id: {{ .Values.hfed.application_id | b64enc | quote }} \ No newline at end of file diff --git a/stable/fdi-hfed-scrapping-loading-portal/templates/secret/hfed_azure_filesystem-secret.yaml b/stable/fdi-hfed-scrapping-loading-portal/templates/secret/hfed_azure_filesystem-secret.yaml new file mode 100644 index 00000000..a320a87e --- /dev/null +++ b/stable/fdi-hfed-scrapping-loading-portal/templates/secret/hfed_azure_filesystem-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "hfed.fullname" . }}-filesystem-secret +type: Opaque +data: + azurestorageaccountname: {{ .Values.hfed.fdi_azure_account_name_prod | b64enc }} + azurestorageaccountkey: {{ .Values.hfed.fdi_azure_account_key_prod | b64enc }} diff --git a/stable/fdi-hfed-scrapping-loading-portal/templates/secret/hfed_client_secret.yaml b/stable/fdi-hfed-scrapping-loading-portal/templates/secret/hfed_client_secret.yaml new file mode 100644 index 00000000..10ae4ea0 --- /dev/null +++ b/stable/fdi-hfed-scrapping-loading-portal/templates/secret/hfed_client_secret.yaml @@ -0,0 +1,13 @@ + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "hfed.fullname" . }}-client-secret + labels: + app.kubernetes.io/name: {{ include "hfed.fullname" . }} + helm.sh/chart: {{ include "hfed.fullname" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +type: Opaque +data: + password: {{ .Values.hfed.client_secret | b64enc | quote }} \ No newline at end of file diff --git a/stable/fdi-hfed-scrapping-loading-portal/templates/secret/hfed_smtp_password.yaml b/stable/fdi-hfed-scrapping-loading-portal/templates/secret/hfed_smtp_password.yaml new file mode 100644 index 00000000..4c991ca7 --- /dev/null +++ b/stable/fdi-hfed-scrapping-loading-portal/templates/secret/hfed_smtp_password.yaml @@ -0,0 +1,13 @@ + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "hfed.fullname" . }}-smtp-password + labels: + app.kubernetes.io/name: {{ include "hfed.fullname" . }} + helm.sh/chart: {{ include "hfed.fullname" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +type: Opaque +data: + password: {{ .Values.hfed.smtp.password | b64enc | quote }} \ No newline at end of file diff --git a/stable/fdi-hfed-scrapping-loading-portal/values.yaml b/stable/fdi-hfed-scrapping-loading-portal/values.yaml new file mode 100644 index 00000000..14f38f9f --- /dev/null +++ b/stable/fdi-hfed-scrapping-loading-portal/values.yaml @@ -0,0 +1,64 @@ +# Default values for hfed-scrapping-loading. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +## Optionally specify an array of imagePullSecrets. +## Secrets must be manually created in the namespace. +## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod +## +nameOverride: "hfed-scrapping-loading-portal" +fullnameOverride: "hfed-scrapping-loading-portal" + +hfed: + application_id: "" + replicaCount: 1 + image: + repository: artifactory.cloud.statcan.ca/docker/analytics-platform/hfed-scrapping-loading-tools-portal + tag: v1.0.0 + pullPolicy: Always + imagePullSecrets: + - name: artifactory-prod + fdi_azure_account_name_prod: stnmmfdidcm01sa + fdi_azure_account_key_prod: '' + fdi_azure_filesystems_hfed_name: hfed-hfed + client_id: '' + client_secret: '' + authority_url: https://login.microsoftonline.com/258f1f99-ee3d-42c7-bfc5-7af1b2343e02 + api_scope: '' + file_path_root: '/hfed/data' + local_file_path_root: '/app/hfed/data' + sdmx_transfer_url: https://fdi-transfer-dev.dev.cloud.statcan.ca/2/import/sdmxFile + dataspace: 'dev:design-dev' + smtp: + server: 'email-smtp.ca-central-1.amazonaws.com:587' + user: '' + password: '' + mailFrom: "" + mailTo: 'jianlong.qian@statcan.gc.ca' + tls: "enabled" + starttls: "true" + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + + nodeSelector: {} + + tolerations: [] + + affinity: {} diff --git a/stable/fdi-virtual-service/.helmignore b/stable/fdi-virtual-service/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/stable/fdi-virtual-service/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/stable/fdi-virtual-service/Chart.yaml b/stable/fdi-virtual-service/Chart.yaml new file mode 100644 index 00000000..807e497a --- /dev/null +++ b/stable/fdi-virtual-service/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v2 +appVersion: v14.0.0 +description: fdi-dotstatsuite helm chart for the Data Explorer and Data Viewer +home: https://statcan.gc.ca +maintainers: +- email: Jianlong.qian@statcan.gc.ca + name: Jianlong Qian +name: fdi-virtual-service +sources: +- https://gitlab.k8s.cloud.statcan.ca/analytics-platform/fdi-idf/metadata +- https://gitlab.com/sis-cc/.stat-suite/dotstatsuite-kube-rp/ +type: application +version: 1.0.0 diff --git a/stable/fdi-virtual-service/templates/NOTES.txt b/stable/fdi-virtual-service/templates/NOTES.txt new file mode 100644 index 00000000..e69de29b diff --git a/stable/fdi-virtual-service/templates/_helpers.tpl b/stable/fdi-virtual-service/templates/_helpers.tpl new file mode 100644 index 00000000..c55dbde1 --- /dev/null +++ b/stable/fdi-virtual-service/templates/_helpers.tpl @@ -0,0 +1,54 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "virtualservice.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "virtualservice.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "virtualservice.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "virtualservice.labels" -}} +helm.sh/chart: {{ include "virtualservice.chart" . }} +{{ include "virtualservice.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "virtualservice.selectorLabels" -}} +app.kubernetes.io/name: {{ include "virtualservice.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + + diff --git a/stable/fdi-virtual-service/templates/vs/service_entry.yaml b/stable/fdi-virtual-service/templates/vs/service_entry.yaml new file mode 100644 index 00000000..6a8984f5 --- /dev/null +++ b/stable/fdi-virtual-service/templates/vs/service_entry.yaml @@ -0,0 +1,18 @@ + +{{- if .Values.vs.external }} +apiVersion: networking.istio.io/v1alpha3 +kind: ServiceEntry +metadata: + name: {{ include "virtualservice.fullname" . }}-external-svc +spec: + hosts: +{{- range .Values.vs.external.hosts }} + - {{ .host | quote }} + location: MESH_EXTERNAL + ports: + - number: {{ .port }} + name: {{ .name }} + protocol: HTTPS +{{- end }} + resolution: DNS +{{- end }} \ No newline at end of file diff --git a/stable/fdi-virtual-service/templates/vs/tenants.yaml b/stable/fdi-virtual-service/templates/vs/tenants.yaml new file mode 100644 index 00000000..c3bf4098 --- /dev/null +++ b/stable/fdi-virtual-service/templates/vs/tenants.yaml @@ -0,0 +1,40 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ include "virtualservice.fullname" . }}-virtual-service +spec: + gateways: + - ingress-general-system/general-istio-ingress-gateway-https + hosts: + {{- range .Values.vs.hosts }} + - {{ . | quote }} + {{- end }} + http: +{{- range $key, $value := .Values.vs.paths }} + {{- if or $value.prefix $value.rewrite }} + - match: + {{- if $value.prefix }} + - uri: + prefix: {{ $value.prefix | quote }} + {{- end }} + {{- if $value.rewrite }} + rewrite: + uri: {{ $value.rewrite | quote }} + {{- end }} + {{- end }} + route: + - destination: + host: {{ $value.destination | quote }} + port: +{{- if $value.port }} + number: {{ $value.port }} +{{- else }} + number: 80 +{{- end }} +{{- range $header_key, $header_value := $value.headers }} + headers: + request: + set: + {{ $header_key }}: {{ $header_value | quote }} +{{- end }} +{{- end }} diff --git a/stable/fdi-virtual-service/values.yaml b/stable/fdi-virtual-service/values.yaml new file mode 100644 index 00000000..51c85413 --- /dev/null +++ b/stable/fdi-virtual-service/values.yaml @@ -0,0 +1,12 @@ +# Default values for virtual service. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Globals +nameOverride: "fdi-dotstatsuite-tenants-vss" +fullnameOverride: "fdi-dotstatsuite-tenants-vss" +#virutal service +vs: + hosts: + - "" + paths: diff --git a/stable/fdi-virtual-service/values_of_octopus.yaml b/stable/fdi-virtual-service/values_of_octopus.yaml new file mode 100644 index 00000000..f07fea1e --- /dev/null +++ b/stable/fdi-virtual-service/values_of_octopus.yaml @@ -0,0 +1,16 @@ +# Default values for sdmxfrontend. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Globals +nameOverride: #{NAME} +fullnameOverride: #{FULLLNAME} + +#virutal service +vs: + name: #{SERVICE_NAME} + tenant: #{TENANT} + host: #{HOST} + destination: #{DESTINATION} + +