From 1dd754b91cd26bac030cb5145e5f047e64b37aa5 Mon Sep 17 00:00:00 2001
From: Jaime Conde <conde-segovia@univention.de>
Date: Mon, 15 Jul 2024 14:28:59 +0200
Subject: [PATCH] fix(nubus): Use Keycloak credentials

---
 helmfile/apps/nubus/values-nubus.yaml.gotmpl | 29 ++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/helmfile/apps/nubus/values-nubus.yaml.gotmpl b/helmfile/apps/nubus/values-nubus.yaml.gotmpl
index 90246e4f..b5a8be28 100644
--- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl
@@ -41,6 +41,11 @@ minio:
 
 # Nubus services which use customer supplied services
 keycloak:
+  auth:
+    username: "kcadmin"
+    credentialSecret:
+      name: "ums-opendesk-keycloak-credentials"
+      key: "admin_password"
   postgresql:
     connection:
       host: {{ .Values.databases.keycloak.host | quote }}
@@ -53,6 +58,17 @@ keycloak:
         key: "keycloakDatabasePassword"
 
 nubusGuardian:
+  provisioning:
+    config:
+      keycloak:
+        credentialSecret:
+          name: "ums-opendesk-keycloak-credentials"
+          key: "admin_password"
+      managementApi:
+        credentialSecret:
+          name: "ums-opendesk-guardian-client-secret"
+          key: "managementApiClientSecret"
+
   postgresql:
     connection:
       host: {{ .Values.databases.umsGuardianManagementApi.host | quote }}
@@ -76,6 +92,13 @@ nubusNotificationsApi:
 
 
 nubusKeycloakExtensions:
+  keycloak:
+    auth:
+      username: "kcadmin"
+      credentialSecret:
+        name: "ums-opendesk-keycloak-credentials"
+        key: "admin_password"
+
   postgresql:
     connection:
       host: {{ .Values.databases.keycloakExtension.host | quote }}
@@ -176,6 +199,12 @@ nubusKeycloakBootstrap:
 
 # Credential secrets for accessing customer supplied services
 extraSecrets:
+  - name: "ums-opendesk-guardian-client-secret"
+    stringData:
+      managementApiClientSecret: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }}
+  - name: "ums-opendesk-keycloak-credentials"
+    stringData:
+      admin_password: {{ .Values.secrets.keycloak.adminPassword | quote }}
   - name: "ums-keycloak-postgresql-opendesk-credentials"
     stringData:
       keycloakDatabasePassword: {{ .Values.databases.keycloak.password | default .Values.secrets.postgresql.keycloakUser | quote }}