sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 07:21:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(univention-management-stack): Update guardian to version 2

Browse Source 
fix(univention-management-stack): Otterize version for umc-server
This commit is contained in:
jconde
2024-01-15 13:03:45 +01:00
parent a49daa6fa2
commit a99f3389dc
3 changed files with 71 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
helmfile/apps/univention-management-stack/values-opendesk-keycloak-bootstrap.yaml.gotmpl
View File

@@ -300,8 +300,8 @@ config:
- "address"
- "email"
- "profile"
- name: "guardian-cli"
clientId: "guardian-cli"
- name: "guardian-management-api"
clientId: "guardian-management-api"
rootUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
baseUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
protocol: "openid-connect"
@@ -406,21 +406,32 @@ config:
access.token.claim: true
claim.name: "clientAddress"
jsonType.label: "String"
- name: "guardian"
clientId: "guardian"
- name: "guardian-scripts"
clientId: "guardian-scripts"
description: ""
rootUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
adminUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
baseUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
surrogateAuthRequired: false
enabled: true
alwaysDisplayInConsole: false
clientAuthenticatorType: "client-secret"
redirectUris:
- "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/guardian/*"
- "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
- "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/guardian/*"
fullScopeAllowed: true
protocol: "openid-connect"
webOrigins:
- "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
bearerOnly: false
consentRequired: false
standardFlowEnabled: true
implicitFlowEnabled: false
directAccessGrantsEnabled: true
serviceAccountsEnabled: false
publicClient: true
frontchannelLogout: false
standardFlowEnabled: true
attributes:
use.refresh.tokens: "true"
backchannel.logout.session.required: "true"
protocol: "openid-connect"
fullScopeAllowed: true
protocolMappers:
- name: "email"
protocol: "openid-connect"
@@ -433,28 +444,15 @@ config:
access.token.claim: true
claim.name: "email"
jsonType.label: "String"
- name: "dn"
- name: "guardian-audience"
protocol: "openid-connect"
protocolMapper: "oidc-usermodel-attribute-mapper"
protocolMapper: "oidc-audience-mapper"
consentRequired: false
config:
userinfo.token.claim: false
user.attribute: "LDAP_ENTRY_DN"
included.client.audience: "guardian"
id.token.claim: false
access.token.claim: true
claim.name: "dn"
jsonType.label: "String"
- name: "uid"
protocol: "openid-connect"
protocolMapper: "oidc-usermodel-attribute-mapper"
consentRequired: false
config:
userinfo.token.claim: true
user.attribute: "uid"
id.token.claim: true
access.token.claim: true
claim.name: "udi"
jsonType.label: "String"
userinfo.token.claim: false
- name: "username"
protocol: "openid-connect"
protocolMapper: "oidc-usermodel-property-mapper"
@@ -466,15 +464,51 @@ config:
access.token.claim: true
claim.name: "preferred_username"
jsonType.label: "String"
- name: "uid"
protocol: "openid-connect"
protocolMapper: "oidc-usermodel-attribute-mapper"
consentRequired: false
config:
userinfo.token.claim: true
user.attribute: "uid"
id.token.claim: true
access.token.claim: true
claim.name: "uid"
jsonType.label: "String"
- name: "audiencemap"
protocol: "openid-connect"
protocolMapper: "oidc-audience-mapper"
consentRequired: false
config:
included.client.audience: "guardian"
included.client.audience: "guardian-scripts"
id.token.claim: true
access.token.claim: true
userinfo.token.claim: true
- name: "dn"
protocol: "openid-connect"
protocolMapper: "oidc-usermodel-attribute-mapper"
consentRequired: false
config:
aggregate.attrs: false
multivalued: false
userinfo.token.claim: false
user.attribute: "LDAP_ENTRY_DN"
id.token.claim: false
access.token.claim: true
claim.name: "dn"
jsonType.label: "String"
defaultClientScopes:
- "opendesk"
- "web-origins"
- "acr"
- "roles"
- "profile"
- "email"
optionalClientScopes:
- "address"
- "phone"
- "offline_access"
- "microprofile-jwt"
- name: "guardian-ui"
clientId: "guardian-ui"
rootUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"

10
helmfile/environments/default/charts.yaml
View File

@@ -342,7 +342,7 @@ charts:
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/charts/opendesk-otterize"
name: "opendesk-otterize"
version: "1.6.0"
version: "1.7.0"
verify: true
# @supplier: "openDesk"
@@ -440,7 +440,7 @@ charts:
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
name: "guardian-authorization-api"
version: "0.0.1"
version: "0.1.0"
verify: true
# @supplier: "Univention"
# @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$'
@@ -454,7 +454,7 @@ charts:
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
name: "guardian-management-api"
version: "0.0.1"
version: "0.1.0"
verify: true
# @supplier: "Univention"
# @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$'
@@ -468,7 +468,7 @@ charts:
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
name: "guardian-management-ui"
version: "0.0.1"
version: "0.1.0"
verify: true
# @supplier: "Univention"
# @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$'
@@ -566,7 +566,7 @@ charts:
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
name: "open-policy-agent"
version: "0.0.1"
version: "0.1.0"
verify: true
# @supplier: "Univention"
# @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$'

8
helmfile/environments/default/images.yaml
View File

@@ -541,7 +541,7 @@ images:
# dependencyType=supplier
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-authorization-api-authorization-api"
tag: "1.0.0@sha256:dee5d42131037bde99ab9d827e751bb6a16496f9c2c0380c48f1e2919d905814"
tag: "2.0.0@sha256:5f194f9385aea5a279e25a57352f7b88a6cc4fa90b3bf04c2c97b9ff2bad70a5"
# @supplier: "Univention"
# @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$'
# @mirrorFrom: ['1', '0', '0']
@@ -552,7 +552,7 @@ images:
# dependencyType=supplier
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-management-api-management-api"
tag: "1.0.0@sha256:16e8004a12a6a9fba47e89e1289c8a433e5f56bbd0ee26620b0ddade0bd33313"
tag: "2.0.0@sha256:61a1ab84efebe2a87d358e8624f8b39073a6071683e7cd77b740a97d464753a2"
# @supplier: "Univention"
# @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$'
# @mirrorFrom: ['1', '0', '0']
@@ -563,7 +563,7 @@ images:
# dependencyType=supplier
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-management-ui-management-ui"
tag: "1.0.0@sha256:e1e4e1e7fa0c7ffff09e63474b5b054cb492fbb743cad0b2ee5910bb1de6967b"
tag: "2.0.0@sha256:57e2503a4772f0ff656e792a98fadef4d41c248218e6c368f76ce82a892478cf"
# @supplier: "Univention"
# @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$'
# @mirrorFrom: ['1', '0', '0']
@@ -651,7 +651,7 @@ images:
# dependencyType=supplier
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-authorization-api-opa"
tag: "1.0.0@sha256:a5caa128eef2de1a12514727ceff0f54f647b7b1814a304728da2e1bc9e7b621"
tag: "2.0.0@sha256:56a92a08da5addb951a2b2df09974889295ddde8526e93ad40dd973de1052ad4"
# @supplier: "Univention"
# @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$'
# @mirrorFrom: ['1', '0', '0']