feat: add keycloak sso realm values (#352)

## Description Add values for configuring google sso. Three values: * Enable SSO * SSO Client ID * SSO Client Secret Default values create the Google IDP, however it is disabled and if enabled would require client id and client secret to be added to work properly. Values put into secret and then create environment variable from those which are referenced in the uds-identity-config realm.json. A PR will be created in uds-identity-config as well for that side of this process. ## Related Issue [ uds-identity-config PR](defenseunicorns/uds-identity-config#58) ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request) followed
defenseunicorns · Apr 19, 2024 · 74436ea · 74436ea
1 parent 597353e
commit 74436ea
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 0 deletions.
diff --git a/src/keycloak/chart/templates/secret-kc-realm.yaml b/src/keycloak/chart/templates/secret-kc-realm.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "keycloak.fullname" . }}-realm-env
+  namespace: {{ .Release.Namespace }}  
+  labels:
+    {{- include "keycloak.labels" . | nindent 4 }}
+type: Opaque
+data:
+  {{- range $key, $value := .Values.realmInitEnv }}
+  {{- if eq (typeOf $value) "bool" }}
+  REALM_{{ $key }}: {{ toString $value | b64enc }}
+  {{- else }}
+  REALM_{{ $key }}: {{ $value | b64enc }}
+  {{- end }}
+  {{- end }}
diff --git a/src/keycloak/chart/templates/statefulset.yaml b/src/keycloak/chart/templates/statefulset.yaml
@@ -72,6 +72,9 @@ spec:
             # This will only import the realm if it does not exist
             - "--import-realm"
             - "--features=preview"
+          envFrom:
+            - secretRef:
+                name: {{ include "keycloak.fullname" . }}-realm-env            
           env:
             # Common configuration
             - name: UDS_DOMAIN

diff --git a/src/keycloak/chart/values.yaml b/src/keycloak/chart/values.yaml
@@ -15,6 +15,13 @@ domain: "###ZARF_VAR_DOMAIN###"
 # The primary Keycloak realm
 realm: uds
 
+# UDS Identity Config Environment Variables. More info here: https://github.com/defenseunicorns/uds-identity-config/blob/main/docs/CUSTOMIZE.md#override-default-realm
+realmInitEnv:
+  GOOGLE_IDP_ENABLED: false
+  # Other UDS Identity Config fields that will be used in the realm.json initalization of keycloak
+  # GOOGLE_IDP_CLIENTID: ""
+  # GOOGLE_IDP_CLIENT_SECRET: ""
+
 # Generates an initial password for first admin user - only use if install is headless
 # (i.e. cannot hit keycloak UI with `zarf connect keycloak`), password should be changed after initial login
 insecureAdminPasswordGeneration: