fix(nubus): multi-group & internal keycloak

2025-12-07 16:01:37 +01:00 · 2025-05-29 17:46:46 +02:00
parent 1e1914c045
commit b35977b1fa
2 changed files with 7 additions and 3 deletions
--- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl
@@ -1518,6 +1518,9 @@ nubusStackDataUms:
    oxContextHidden: true
    twofaSelfserviceTileCategory: self-service-profile
    twofaAdminTileCategory: od.applications
+    portalTwoFaAllowedGroups:
+      - 2fa-admins
+      - 2fa-admins-opendesk
    portalTwoFaLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain }}
    ldapSearchUsers:
      {{- range $username, $password := .Values.secrets.nubus.ldapSearch }}
--- a/helmfile/apps/nubus/values-twofa-helpdesk.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-twofa-helpdesk.yaml.gotmpl
@@ -13,9 +13,10 @@ twofaHelpdeskBackend:
    auth:
        username: kcadmin
    config:
-        keycloak_url: {{ printf "https://%s.%s" .Values.global.hosts.keycloak .Values.global.domain }}
+        # keycloak_url: {{ printf "https://%s.%s" .Values.global.hosts.keycloak .Values.global.domain }}
+        keycloak_url: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080"
        oidc_host: {{ printf "%s.%s" .Values.global.hosts.keycloak .Values.global.domain }}
        oidc_realm: {{ .Values.platform.realm | quote }}
-        twofa_admin_groups: ["/twofa_admins"]
+        twofa_admin_groups: ["/2fa-admins", "/2fa-admins-opendesk"]
 tls:
-    secretName: {{ .Values.ingress.tls.secretName | quote }}
+    secretName: {{ .Values.ingress.tls.secretName | quote }}