From ef346d4b579ba8dff2767a01fa94a07fbb0f9a13 Mon Sep 17 00:00:00 2001 From: Jaime Conde Date: Tue, 16 Jul 2024 10:00:59 +0200 Subject: [PATCH] fix(nubus): Drop guardian provisioning --- ...es-opendesk-keycloak-bootstrap.yaml.gotmpl | 292 ------------------ 1 file changed, 292 deletions(-) diff --git a/helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl b/helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl index 6fee28f6..5d604ebc 100644 --- a/helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl +++ b/helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl @@ -302,298 +302,6 @@ config: - "address" - "email" - "profile" - - name: "guardian-management-api" - clientId: "guardian-management-api" - rootUrl: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" - baseUrl: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" - protocol: "openid-connect" - publicClient: false - clientAuthenticatorType: "client-secret" - secret: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }} - redirectUris: - - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/guardian/*" - fullScopeAllowed: true - standardFlowEnabled: true - implicitFlowEnabled: false - directAccessGrantsEnabled: false - serviceAccountsEnabled: true - protocolMappers: - - name: "Client Host" - protocol: "openid-connect" - protocolMapper: "oidc-usersessionmodel-note-mapper" - consentRequired: false - config: - user.session.note: "clientHost" - userinfo.token.claim: true - id.token.claim: true - access.token.claim: true - claim.name: "clientHost" - jsonType.label: "String" - - name: "Client ID" - protocol: "openid-connect" - protocolMapper: "oidc-usersessionmodel-note-mapper" - consentRequired: false - config: - user.session.note: "client_id" - userinfo.token.claim: true - id.token.claim: true - access.token.claim: true - claim.name: "client_id" - jsonType.label: "String" - - name: "guardian-audience" - protocol: "openid-connect" - protocolMapper: "oidc-audience-mapper" - consentRequired: false - config: - included.client.audience: "guardian" - userinfo.token.claim: false - id.token.claim: false - access.token.claim: true - - name: "audiencemap" - protocol: "openid-connect" - protocolMapper: "oidc-audience-mapper" - consentRequired: false - config: - included.client.audience: "guardian-cli" - userinfo.token.claim: true - id.token.claim: true - access.token.claim: true - - name: "dn" - protocol: "openid-connect" - protocolMapper: "oidc-usermodel-attribute-mapper" - consentRequired: false - config: - userinfo.token.claim: false - user.attribute: "LDAP_ENTRY_DN" - id.token.claim: false - access.token.claim: true - claim.name: "dn" - jsonType.label: "String" - - name: "username" - protocol: "openid-connect" - protocolMapper: "oidc-usermodel-property-mapper" - consentRequired: false - config: - userinfo.token.claim: true - user.attribute: "username" - id.token.claim: true - access.token.claim: true - claim.name: "preferred_username" - jsonType.label: "String" - - name: "uid" - protocol: "openid-connect" - protocolMapper: "oidc-usermodel-attribute-mapper" - consentRequired: false - config: - userinfo.token.claim: true - user.attribute: "uid" - id.token.claim: true - access.token.claim: true - claim.name: "uid" - jsonType.label: "String" - - name: "email" - protocol: "openid-connect" - protocolMapper: "oidc-usermodel-property-mapper" - consentRequired: false - config: - userinfo.token.claim: true - user.attribute: "email" - id.token.claim: true - access.token.claim: true - claim.name: "email" - jsonType.label: "String" - - name: "Client IP Address" - protocol: "openid-connect" - protocolMapper: "oidc-usersessionmodel-note-mapper" - consentRequired: false - config: - user.session.note: "clientAddress" - userinfo.token.claim: true - id.token.claim: true - access.token.claim: true - claim.name: "clientAddress" - jsonType.label: "String" - - name: "guardian-scripts" - clientId: "guardian-scripts" - description: "" - rootUrl: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" - adminUrl: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" - baseUrl: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" - surrogateAuthRequired: false - enabled: true - alwaysDisplayInConsole: false - clientAuthenticatorType: "client-secret" - redirectUris: - - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/guardian/*" - - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" - - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/guardian/*" - webOrigins: - - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" - bearerOnly: false - consentRequired: false - standardFlowEnabled: true - implicitFlowEnabled: false - directAccessGrantsEnabled: true - serviceAccountsEnabled: false - publicClient: true - frontchannelLogout: false - protocol: "openid-connect" - fullScopeAllowed: true - protocolMappers: - - name: "email" - protocol: "openid-connect" - protocolMapper: "oidc-usermodel-property-mapper" - consentRequired: false - config: - userinfo.token.claim: true - user.attribute: "email" - id.token.claim: true - access.token.claim: true - claim.name: "email" - jsonType.label: "String" - - name: "guardian-audience" - protocol: "openid-connect" - protocolMapper: "oidc-audience-mapper" - consentRequired: false - config: - included.client.audience: "guardian" - id.token.claim: false - access.token.claim: true - userinfo.token.claim: false - - name: "username" - protocol: "openid-connect" - protocolMapper: "oidc-usermodel-property-mapper" - consentRequired: false - config: - userinfo.token.claim: true - user.attribute: "username" - id.token.claim: true - access.token.claim: true - claim.name: "preferred_username" - jsonType.label: "String" - - name: "uid" - protocol: "openid-connect" - protocolMapper: "oidc-usermodel-attribute-mapper" - consentRequired: false - config: - userinfo.token.claim: true - user.attribute: "uid" - id.token.claim: true - access.token.claim: true - claim.name: "uid" - jsonType.label: "String" - - name: "audiencemap" - protocol: "openid-connect" - protocolMapper: "oidc-audience-mapper" - consentRequired: false - config: - included.client.audience: "guardian-scripts" - id.token.claim: true - access.token.claim: true - userinfo.token.claim: true - - name: "dn" - protocol: "openid-connect" - protocolMapper: "oidc-usermodel-attribute-mapper" - consentRequired: false - config: - aggregate.attrs: false - multivalued: false - userinfo.token.claim: false - user.attribute: "LDAP_ENTRY_DN" - id.token.claim: false - access.token.claim: true - claim.name: "dn" - jsonType.label: "String" - defaultClientScopes: - - "opendesk" - - "web-origins" - - "acr" - - "roles" - - "profile" - - "email" - optionalClientScopes: - - "address" - - "phone" - - "offline_access" - - "microprofile-jwt" - - name: "guardian-ui" - clientId: "guardian-ui" - rootUrl: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" - baseUrl: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" - clientAuthenticatorType: "client-secret" - redirectUris: - - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/guardian/*" - standardFlowEnabled: true - publicClient: true - implicitFlowEnabled: false - directAccessGrantsEnabled: false - serviceAccountsEnabled: false - protocol: "openid-connect" - fullScopeAllowed: true - protocolMappers: - - name: "uid" - protocol: "openid-connect" - protocolMapper: "oidc-usermodel-attribute-mapper" - consentRequired: false - config: - userinfo.token.claim: true - user.attribute: "uid" - id.token.claim: true - access.token.claim: true - claim.name: "uid" - jsonType.label: "String" - - name: "username" - protocol: "openid-connect" - protocolMapper: "oidc-usermodel-property-mapper" - consentRequired: false - config: - userinfo.token.claim: true - user.attribute: "username" - id.token.claim: true - access.token.claim: true - claim.name: "preferred_username" - jsonType.label: "String" - - name: "dn" - protocol: "openid-connect" - protocolMapper: "oidc-usermodel-attribute-mapper" - consentRequired: false - config: - userinfo.token.claim: "false" - user.attribute: "LDAP_ENTRY_DN" - id.token.claim: false - access.token.claim: true - claim.name: "dn" - jsonType.label: "String" - - name: "audiencemap" - protocol: "openid-connect" - protocolMapper: "oidc-audience-mapper" - consentRequired: false - config: - included.client.audience: "guardian" - id.token.claim: true - access.token.claim: true - userinfo.token.claim: true - - name: "email" - protocol: "openid-connect" - protocolMapper: "oidc-usermodel-property-mapper" - consentRequired: false - config: - userinfo.token.claim: true - user.attribute: "email" - id.token.claim: true - access.token.claim: true - claim.name: "email" - jsonType.label: "String" - - name: "guardian-audience" - protocol: "openid-connect" - protocolMapper: "oidc-audience-mapper" - consentRequired: false - config: - included.client.audience: "guardian" - id.token.claim: false - access.token.claim: true - userinfo.token.claim: false - containerSecurityContext: allowPrivilegeEscalation: false