From 786bc20e1c43f6f710426ff825cc7deab2439b3b Mon Sep 17 00:00:00 2001 From: Dmitry Skokov Date: Fri, 16 Apr 2021 15:54:28 +0300 Subject: [PATCH] bump rules --- config/capi-v2/values.yaml.gotmpl | 5 + config/controlcenter/authConfig.json.gotmpl | 2 +- config/dashboard/authConfig.json.gotmpl | 2 +- ...ealms.json.gotmpl => external.json.gotmpl} | 14 +- config/keycloak-realms/internal.json.gotmpl | 1863 +++++++++++++++++ config/keycloak-realms/values.yaml.gotmpl | 7 +- config/keycloak/values.yaml.gotmpl | 5 +- config/payouter/entrypoint.sh | 21 + config/payouter/loggers.xml | 4 + config/payouter/values.yaml.gotmpl | 131 ++ config/postgres/values.yaml.gotmpl | 1 + .../proxy-mocketbank-mpi/values.yaml.gotmpl | 7 + config/proxy-mocketbank/values.yaml.gotmpl | 4 +- config/vault-cm/values.yaml | 20 + helmfile.yaml | 3 + 15 files changed, 2074 insertions(+), 15 deletions(-) rename config/keycloak-realms/{realms.json.gotmpl => external.json.gotmpl} (99%) create mode 100644 config/keycloak-realms/internal.json.gotmpl create mode 100644 config/payouter/entrypoint.sh create mode 100644 config/payouter/loggers.xml create mode 100644 config/payouter/values.yaml.gotmpl diff --git a/config/capi-v2/values.yaml.gotmpl b/config/capi-v2/values.yaml.gotmpl index add9691..d3cf326 100644 --- a/config/capi-v2/values.yaml.gotmpl +++ b/config/capi-v2/values.yaml.gotmpl @@ -124,3 +124,8 @@ ciliumPolicies: type: TCP name: hellgate namespace: {{ .Release.Namespace }} + - filters: + - port: 8022 + type: TCP + name: payouter + namespace: {{ .Release.Namespace }} diff --git a/config/controlcenter/authConfig.json.gotmpl b/config/controlcenter/authConfig.json.gotmpl index 0efddca..328b1e2 100644 --- a/config/controlcenter/authConfig.json.gotmpl +++ b/config/controlcenter/authConfig.json.gotmpl @@ -1,5 +1,5 @@ { - "realm": "internal", + "realm": "external", "auth-server-url": "https://auth.{{ .Values.services.ingress.rootDomain | default "rbk.dev" }}:31337/auth/", "ssl-required": "external", "resource": "control-center", diff --git a/config/dashboard/authConfig.json.gotmpl b/config/dashboard/authConfig.json.gotmpl index 7aa74bd..ea2c51a 100644 --- a/config/dashboard/authConfig.json.gotmpl +++ b/config/dashboard/authConfig.json.gotmpl @@ -1,5 +1,5 @@ { - "realm": "internal", + "realm": "external", "auth-server-url": "https://auth.{{ .Values.services.ingress.rootDomain | default "rbk.dev" }}:31337/auth/", "ssl-required": "external", "resource": "koffing", diff --git a/config/keycloak-realms/realms.json.gotmpl b/config/keycloak-realms/external.json.gotmpl similarity index 99% rename from config/keycloak-realms/realms.json.gotmpl rename to config/keycloak-realms/external.json.gotmpl index e548164..c260f4d 100644 --- a/config/keycloak-realms/realms.json.gotmpl +++ b/config/keycloak-realms/external.json.gotmpl @@ -1529,10 +1529,10 @@ "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [ - "{{ .Values.services.keycloak.externalUrl }}/*" + "https://dashboard.{{ .Values.services.ingress.rootDomain | default "rbk.dev" }}:31337/*" ], "webOrigins": [ - "{{ .Values.services.keycloak.externalUrl }}" + "https://dashboard.{{ .Values.services.ingress.rootDomain | default "rbk.dev" }}:31337" ], "notBefore": 0, "bearerOnly": false, @@ -2225,10 +2225,10 @@ "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [ - "{{ .Values.services.keycloak.externalUrl }}/*" + "https://auth.{{ .Values.services.ingress.rootDomain | default "rbk.dev" }}:31337/*" ], "webOrigins": [ - "{{ .Values.services.keycloak.externalUrl }}" + "https://auth.{{ .Values.services.ingress.rootDomain | default "rbk.dev" }}:31337" ], "notBefore": 0, "bearerOnly": false, @@ -3133,10 +3133,10 @@ "ssl": "false", "user": "no-reply@rbkmoney.com" }, - "loginTheme": "rbkmoney-hood", - "accountTheme": "rbkmoney", + "loginTheme": "keycloak", + "accountTheme": "keycloak", "adminTheme": "keycloak", - "emailTheme": "rbkmoney-hood", + "emailTheme": "keycloak", "eventsEnabled": true, "eventsExpiration": 51840000, "eventsListeners": [ diff --git a/config/keycloak-realms/internal.json.gotmpl b/config/keycloak-realms/internal.json.gotmpl new file mode 100644 index 0000000..56be18a --- /dev/null +++ b/config/keycloak-realms/internal.json.gotmpl @@ -0,0 +1,1863 @@ +{ + "id" : "internal", + "realm" : "internal", + "displayName" : "RBKmoney", + "notBefore" : 0, + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 300, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "offlineSessionIdleTimeout" : 2592000, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "enabled" : true, + "sslRequired" : "none", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "2e4bfe5d-c926-41e8-92ee-4d934b309ea3", + "name" : "offline_access", + "description" : "${role_offline-access}", + "scopeParamRequired" : true, + "composite" : false, + "clientRole" : false, + "containerId" : "internal" + }, { + "id" : "d6ab8cab-d25f-4444-ac99-3e9bde94de42", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : false, + "containerId" : "internal" + } ], + "client" : { + "private-api" : [ { + "id" : "28254bd7-3887-4062-bc43-92821374d81f", + "name" : "adjustment:update", + "description" : "Update adjustment", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "d6851128-9d34-4922-8db4-4f6f93a452be" + }, { + "id" : "fc2b14f5-7bc4-4b21-9e1f-17b7a3c5a364", + "name" : "dmt:pull", + "description" : "Pull domain", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "d6851128-9d34-4922-8db4-4f6f93a452be" + }, { + "id" : "0f37a2a5-eb33-4a26-abe2-27e5a49d4c89", + "name" : "payout:read", + "description" : "Read payout", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "d6851128-9d34-4922-8db4-4f6f93a452be" + }, { + "id" : "61928589-51c6-48d5-839f-2c41c969d107", + "name" : "payout:pay", + "description" : "Pay permission", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "d6851128-9d34-4922-8db4-4f6f93a452be" + }, { + "id" : "797f43db-9529-481d-8525-22371cfc3d72", + "name" : "adjustment:create", + "description" : "Create adjustment", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "d6851128-9d34-4922-8db4-4f6f93a452be" + }, { + "id" : "4a9cd296-1b75-4f4f-8d19-cb7993abf85e", + "name" : "claim:get", + "description" : "Get claim", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "d6851128-9d34-4922-8db4-4f6f93a452be" + }, { + "id" : "49a0c7c5-fdda-4345-a3aa-7d3a523f6f86", + "name" : "payout:confirm", + "description" : "Confirm payout", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "d6851128-9d34-4922-8db4-4f6f93a452be" + }, { + "id" : "39500541-b85d-44b9-bba6-5c74b78de306", + "name" : "dmt:checkout", + "description" : "Checkout domain", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "d6851128-9d34-4922-8db4-4f6f93a452be" + }, { + "id" : "ddc4e84e-b7db-49dc-8381-27a60ddef897", + "name" : "claim.comment:get", + "description" : "Get comments of claim", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "d6851128-9d34-4922-8db4-4f6f93a452be" + }, { + "id" : "43d83084-08db-4cb4-9595-cebb0fe75d42", + "name" : "party:get", + "description" : "Get party", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "d6851128-9d34-4922-8db4-4f6f93a452be" + }, { + "id" : "d541be6e-f58a-476b-8eb0-4c5173116030", + "name" : "claim.action:get", + "description" : "Get history action of claim", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "d6851128-9d34-4922-8db4-4f6f93a452be" + }, { + "id" : "445761fe-6598-4198-9427-ae062b60df2c", + "name" : "claim:update", + "description" : "Update claim", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "d6851128-9d34-4922-8db4-4f6f93a452be" + }, { + "id" : "dc24d623-0c17-4e9d-b09f-b0efce7bd60a", + "name" : "dmt:commit", + "description" : "Commit domain", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "d6851128-9d34-4922-8db4-4f6f93a452be" + }, { + "id" : "e4aac0fd-762f-46f5-b171-f5c8f2f3f4a5", + "name" : "claim:accept", + "description" : "Accept claim", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "d6851128-9d34-4922-8db4-4f6f93a452be" + }, { + "id" : "dedf694d-15fd-4983-9ed4-936044ed7506", + "name" : "adjustment:get", + "description" : "Get adjustment", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "d6851128-9d34-4922-8db4-4f6f93a452be" + }, { + "id" : "88beaf23-9363-429b-a2a9-3da52add7681", + "name" : "merchant:create", + "description" : "Create merchant", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "d6851128-9d34-4922-8db4-4f6f93a452be" + }, { + "id" : "663bd720-7b25-4332-bd93-1a9855258905", + "name" : "payout:generate", + "description" : "Generate payout", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "d6851128-9d34-4922-8db4-4f6f93a452be" + }, { + "id" : "8b8242f0-d521-47fa-adb0-00289f40ae87", + "name" : "claim.comment:add", + "description" : "Add comment in claim", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "d6851128-9d34-4922-8db4-4f6f93a452be" + }, { + "id" : "5be7f57a-1d44-45e7-b970-2164834cfe8d", + "name" : "merchant:update", + "description" : "Update merchant", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "d6851128-9d34-4922-8db4-4f6f93a452be" + }, { + "id" : "328208ce-da82-45e6-8466-3f8d9c2b0a27", + "name" : "accounting_report:get", + "description" : "Get accounting report", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "d6851128-9d34-4922-8db4-4f6f93a452be" + }, { + "id" : "590302c8-74b7-40b0-8271-91e2e2d56372", + "name" : "internal_report:get", + "description" : "Get internal report", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "d6851128-9d34-4922-8db4-4f6f93a452be" + }, { + "id" : "030941ef-55ed-4630-8508-3e3b529f2f6d", + "name" : "payout:cancel", + "description" : "Cancel payout", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "d6851128-9d34-4922-8db4-4f6f93a452be" + } ], + "realm-management" : [ { + "id" : "2a4f2919-2be8-4f28-9309-20255cb377c2", + "name" : "view-users", + "description" : "${role_view-users}", + "scopeParamRequired" : false, + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-groups", "query-users" ] + } + }, + "clientRole" : true, + "containerId" : "2782b49c-088a-415f-ac3b-c54bfe505191" + }, { + "id" : "3be1d296-35a4-4aca-86b9-4a8b54ee5d5e", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "2782b49c-088a-415f-ac3b-c54bfe505191" + }, { + "id" : "8960d833-c8fd-4732-886e-8547d6905a4c", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "scopeParamRequired" : false, + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "view-users", "manage-clients", "create-client", "query-realms", "view-identity-providers", "view-realm", "view-clients", "manage-users", "manage-events", "view-authorization", "query-groups", "view-events", "manage-realm", "query-clients", "manage-authorization", "query-users", "manage-identity-providers", "impersonation" ] + } + }, + "clientRole" : true, + "containerId" : "2782b49c-088a-415f-ac3b-c54bfe505191" + }, { + "id" : "133ad76d-d04c-4a5f-8545-fa1f8a033819", + "name" : "create-client", + "description" : "${role_create-client}", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "2782b49c-088a-415f-ac3b-c54bfe505191" + }, { + "id" : "727094f6-a8bd-484d-a9bc-e1aed0f90e0a", + "name" : "query-realms", + "description" : "${role_query-realms}", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "2782b49c-088a-415f-ac3b-c54bfe505191" + }, { + "id" : "f83a3874-e7e1-4602-bfe6-82ec97e127ff", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "2782b49c-088a-415f-ac3b-c54bfe505191" + }, { + "id" : "755178f6-28a3-4a26-b2e8-142fe576939d", + "name" : "view-realm", + "description" : "${role_view-realm}", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "2782b49c-088a-415f-ac3b-c54bfe505191" + }, { + "id" : "4696f497-7fd3-4706-96b8-dbc9fb88d619", + "name" : "view-clients", + "description" : "${role_view-clients}", + "scopeParamRequired" : false, + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "2782b49c-088a-415f-ac3b-c54bfe505191" + }, { + "id" : "f0996549-a18d-4f6a-9288-b7200a0eb703", + "name" : "manage-users", + "description" : "${role_manage-users}", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "2782b49c-088a-415f-ac3b-c54bfe505191" + }, { + "id" : "6200a62b-042c-466a-8293-d779fba06aab", + "name" : "manage-events", + "description" : "${role_manage-events}", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "2782b49c-088a-415f-ac3b-c54bfe505191" + }, { + "id" : "0b2a00ac-d25c-4018-b97f-e27e3656a5df", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "2782b49c-088a-415f-ac3b-c54bfe505191" + }, { + "id" : "d7879c5d-112d-4a8f-8e15-aa1d0381f50f", + "name" : "query-groups", + "description" : "${role_query-groups}", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "2782b49c-088a-415f-ac3b-c54bfe505191" + }, { + "id" : "4830f683-323d-4ef0-9052-b7c913cd6aa7", + "name" : "view-events", + "description" : "${role_view-events}", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "2782b49c-088a-415f-ac3b-c54bfe505191" + }, { + "id" : "33878da7-af33-4e70-91b9-dd3ffe9b30e1", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "2782b49c-088a-415f-ac3b-c54bfe505191" + }, { + "id" : "d9ca64af-d6ec-48ac-bae0-b67be75ffdc7", + "name" : "query-clients", + "description" : "${role_query-clients}", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "2782b49c-088a-415f-ac3b-c54bfe505191" + }, { + "id" : "0b83e961-e730-43ca-bd43-895525188c4d", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "2782b49c-088a-415f-ac3b-c54bfe505191" + }, { + "id" : "f9920eeb-45fe-49f3-b56e-821398f7b040", + "name" : "query-users", + "description" : "${role_query-users}", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "2782b49c-088a-415f-ac3b-c54bfe505191" + }, { + "id" : "5c274a75-d424-40eb-b5c7-d1cd5dd0448d", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "2782b49c-088a-415f-ac3b-c54bfe505191" + }, { + "id" : "aa462e8e-64cf-4a60-8ac9-e52d0978b5c8", + "name" : "impersonation", + "description" : "${role_impersonation}", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "2782b49c-088a-415f-ac3b-c54bfe505191" + } ], + "security-admin-console" : [ ], + "control-center": [ { + "id" : "fc663552-aa85-4fa1-bd7b-48cebfc81e81", + "name" : "deposit:write", + "description" : "Deposit write permission", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "2782b49c-088a-415f-ac3b-c54bfe505191" + } ], + "weezing" : [ ], + "admin-cli" : [ ], + "broker" : [ { + "id" : "eabcf2f9-d5f5-4653-bd34-a79a1df9f12c", + "name" : "read-token", + "description" : "${role_read-token}", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "f0dfa8c5-9d90-40dc-af8d-55b2c74f5d82" + } ], + "account" : [ { + "id" : "1d4f2cc6-aa9e-439f-90fb-f1a82671a145", + "name" : "view-profile", + "description" : "${role_view-profile}", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "165fdc3a-1da5-4d8d-8ce0-c0372c9e65a8" + }, { + "id" : "01f58e29-bba4-4f93-96cd-5cd2de7f30f0", + "name" : "manage-account", + "description" : "${role_manage-account}", + "scopeParamRequired" : false, + "composite" : false, + "clientRole" : true, + "containerId" : "165fdc3a-1da5-4d8d-8ce0-c0372c9e65a8" + } ] + } + }, + "groups" : [ ], + "defaultRoles" : [ "offline_access", "uma_authorization" ], + "requiredCredentials" : [ "password" ], + "passwordPolicy" : "hashIterations(20000)", + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "users" : [ { + "id" : "33be8807-ffe6-435d-a967-8508690d4685", + "createdTimestamp" : 1499775150747, + "username" : "manager", + "enabled" : true, + "totp" : false, + "emailVerified" : true, + "firstName" : "Manager", + "lastName" : "Manager", + "email" : "manager@rbkmoney.com", + "credentials" : [ { + "type" : "password", + "hashedSaltedValue" : "GbGG/jDiqBahfmzylTazPLQz6XbBF4LhammctiJciB4SU/NQ9b9QJW8IvipmM7e/o1eWmfFWK6AQMP2nSvFrhA==", + "salt" : "kFuVk6clUD+V4WAkP6PzMQ==", + "hashIterations" : 20000, + "counter" : 0, + "algorithm" : "pbkdf2", + "digits" : 0, + "period" : 0, + "createdDate" : 1499780195547, + "config" : { } + } ], + "disableableCredentialTypes" : [ "password" ], + "requiredActions" : [ ], + "realmRoles" : [ "uma_authorization", "offline_access" ], + "clientRoles" : { + "private-api" : [ "adjustment:update", "dmt:pull", "payout:read", "payout:pay", "adjustment:create", "claim:get", "payout:confirm", "dmt:checkout", "claim.comment:get", "party:get", "claim.action:get", "claim:update", "dmt:commit", "claim:accept", "adjustment:get", "merchant:create", "claim.comment:add", "payout:generate", "merchant:update", "accounting_report:get", "internal_report:get", "payout:cancel" ], + "account" : [ "manage-account", "view-profile" ] + }, + "notBefore" : 0, + "groups" : [ ] + } ], + "scopeMappings" : [ { + "client" : "weezing", + "roles" : [ "offline_access", "uma_authorization" ] + } ], + "clientScopeMappings" : { + "realm-management" : [ { + "client" : "admin-cli", + "roles" : [ "realm-admin" ] + }, { + "client" : "security-admin-console", + "roles" : [ "realm-admin" ] + } ], + "private-api" : [ { + "client" : "weezing", + "roles" : [ "dmt:pull", "accounting_report:get", "internal_report:get", "party:get", "dmt:commit", "claim:accept", "claim:get", "payout:read", "claim.comment:get", "adjustment:update", "adjustment:create", "payout:cancel", "claim.comment:add", "claim.action:get", "merchant:update", "payout:confirm", "claim:update", "merchant:create", "payout:generate", "adjustment:get", "dmt:checkout" ] + } ], + "account": [ + { + "client": "control-center", + "roles": [ + "view-profile" + ] + } + ] + }, + "clients" : [ { + "id" : "165fdc3a-1da5-4d8d-8ce0-c0372c9e65a8", + "clientId" : "account", + "name" : "${client_account}", + "baseUrl" : "/realms/internal/account", + "surrogateAuthRequired" : false, + "enabled" : true, + "clientAuthenticatorType" : "client-secret", + "secret" : "7e3c0c8c-131b-4bd3-aabf-59da94009658", + "defaultRoles" : [ "view-profile", "manage-account" ], + "redirectUris" : [ "/realms/internal/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "attributes" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "ba4d5c9f-c5de-47bb-b80c-717aad2941c4", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : true, + "consentText" : "${fullName}", + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "d2b20858-8c1c-43a7-bfaf-571f5224d1fe", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + }, { + "id" : "50b35a67-0537-4446-9b23-86ac2198f2ef", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${email}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + }, { + "id" : "8ae0d614-6cb4-430b-ac02-0a26970a93ee", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${username}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "4f0f2646-fdbe-4f78-b1dc-ea2c755c1366", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${givenName}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "18ae9fae-d5d5-4928-8fa2-363e67454275", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${familyName}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + } ], + "useTemplateConfig" : false, + "useTemplateScope" : false, + "useTemplateMappers" : false + }, { + "id" : "18d18b60-580b-4981-8af8-7e43d0a35599", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "clientAuthenticatorType" : "client-secret", + "secret" : "62bf9d08-7a20-4841-a23d-6f8f5ceccaea", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "attributes" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "0a4d49f8-cc2c-4ef7-937f-1a2cb7639584", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${username}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "40971b24-3aab-45c4-8084-8d6408b6ad60", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${familyName}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "bb979cdb-8728-4010-97b9-fe689ac0f6f7", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + }, { + "id" : "c5ffe298-75e1-462a-97c4-85e0ef27ec20", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : true, + "consentText" : "${fullName}", + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "e1b61973-dc7f-4f08-8dcc-dae684f7aff5", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${givenName}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "81342299-6af1-42d4-b013-169ad3b9dc56", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${email}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + } ], + "useTemplateConfig" : false, + "useTemplateScope" : false, + "useTemplateMappers" : false + }, { + "id" : "f0dfa8c5-9d90-40dc-af8d-55b2c74f5d82", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "clientAuthenticatorType" : "client-secret", + "secret" : "50a567c8-9e99-4b66-97c1-acc0f1d540ef", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "attributes" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "e9944e70-2205-4156-8d06-c8a1f6441f1c", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${familyName}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "b362c564-61e9-4aa7-b3b4-e6e3d3f5a097", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : true, + "consentText" : "${fullName}", + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "079ab5ee-24a4-4c8b-9629-6d67763666f3", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${username}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "09603ac7-b22b-44cc-8720-4642322dee1f", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${email}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + }, { + "id" : "5e36277c-3c9e-4d0a-90fa-c685be70605e", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + }, { + "id" : "09ce85b2-3149-431d-9bba-dfa14eedc55f", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${givenName}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + } ], + "useTemplateConfig" : false, + "useTemplateScope" : false, + "useTemplateMappers" : false + }, { + "id" : "d6851128-9d34-4922-8db4-4f6f93a452be", + "clientId" : "private-api", + "surrogateAuthRequired" : false, + "enabled" : true, + "clientAuthenticatorType" : "client-secret", + "secret" : "3bfb82cb-8be6-4d51-b23b-68c20a652f2e", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "protocolMappers" : [ { + "id" : "df67d8bd-04ec-4b6b-82ff-626f066a4050", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${email}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + }, { + "id" : "8af89cbd-e772-425b-9211-fb9496565841", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${givenName}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "764c3bc4-a869-4d77-a791-82042a7a5e22", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${username}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "0b0c93f3-a1f7-4c74-87d4-3259c09a781a", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : true, + "consentText" : "${fullName}", + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "10baa390-c2c1-45fc-827b-b17b79e4a25a", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${familyName}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "0b660397-db60-4001-9632-8df3dcd05646", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ], + "useTemplateConfig" : false, + "useTemplateScope" : false, + "useTemplateMappers" : false + }, { + "id" : "2782b49c-088a-415f-ac3b-c54bfe505191", + "clientId" : "realm-management", + "name" : "${client_realm-management}", + "surrogateAuthRequired" : false, + "enabled" : true, + "clientAuthenticatorType" : "client-secret", + "secret" : "4922cfdd-5853-400a-84e2-37443ade07c3", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "attributes" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "c6dbeb8e-1a83-4891-b764-3292936dbf8f", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${givenName}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "8bbf674a-b48a-420d-a93d-d8013a48e52e", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : true, + "consentText" : "${fullName}", + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "55895fce-6302-415a-98a5-bfeeb8b2a9a9", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${username}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "5ac677d3-0a1a-4591-8aa0-1d79f5ab80e6", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${familyName}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "3ed002cf-1461-4eca-bc43-934c15aa4ee0", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${email}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + }, { + "id" : "b3262e30-4e61-407a-87d3-0d98650f8095", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ], + "useTemplateConfig" : false, + "useTemplateScope" : false, + "useTemplateMappers" : false + }, { + "id" : "e09a5dca-0461-4d4d-a110-00a70e9bf373", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "baseUrl" : "/admin/internal/console/index.html", + "surrogateAuthRequired" : false, + "enabled" : true, + "clientAuthenticatorType" : "client-secret", + "secret" : "3ac53d7e-5a45-46cf-9f91-b0838b8237f3", + "redirectUris" : [ "/admin/internal/console/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "attributes" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "83b29c82-9227-401f-80a9-e5300a64b287", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${email}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + }, { + "id" : "552606d7-b989-4179-ac57-e176fa6c2659", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${username}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "3a01deb9-b679-483a-bfa7-ef23218766ab", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${familyName}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "3c4fd20b-e6c6-44fd-a643-a0f7e2318dd4", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${givenName}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "d33d9aa7-0836-4ae4-9b0d-7ecb8db1caa3", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : true, + "consentText" : "${fullName}", + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "84b9dc98-7544-4f60-a72d-ff8ac004c510", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + }, { + "id" : "c71241fe-477e-49ae-a948-4979e36ecf96", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "consentText" : "${locale}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "useTemplateConfig" : false, + "useTemplateScope" : false, + "useTemplateMappers" : false + }, { + "id": "f0ade5a2-bbc8-4b91-bef5-c36f0727147a", + "clientId": "control-center", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [ + "https://iddqd.{{ .Values.services.ingress.rootDomain | default "rbk.dev" }}:31337/*" + ], + "webOrigins": [ + "https://iddqd.{{ .Values.services.ingress.rootDomain | default "rbk.dev" }}:31337" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "50db38b1-20c7-4e9b-8c53-7ffab28dc7a3", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + }, + { + "id": "81d11533-19a8-4364-bd83-41760c4c517d", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${username}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "daab8208-70df-448b-9e08-4d7744ddd05f", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${familyName}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "7289f798-d0cd-43e0-ae13-574cbc362e48", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${givenName}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "943f37ee-7e80-4878-9c65-1ecf74218765", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": true, + "consentText": "${fullName}", + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "ded782f1-ec08-4da4-b5f4-3088a4f87804", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": true, + "consentText": "${email}", + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [], + "optionalClientScopes": [ + "offline_access" + ] + }, { + "id" : "fe1838d0-c989-41c5-b10b-e96aca8ab3ef", + "clientId" : "weezing", + "surrogateAuthRequired" : false, + "enabled" : true, + "clientAuthenticatorType" : "client-secret", + "secret" : "7fed580b-e400-4b61-b031-f524ee69d283", + "redirectUris" : [ "https://idkfa.{{ .Values.services.ingress.rootDomain | default "rbk.dev" }}:31337/*" ], + "webOrigins" : [ "https://idkfa.{{ .Values.services.ingress.rootDomain | default "rbk.dev" }}:31337" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : -1, + "protocolMappers" : [ { + "id" : "0ccd4995-9e66-480b-b2ed-69fce6f9f73f", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${email}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + }, { + "id" : "d834b304-049a-4265-b230-e4b2f806f610", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + }, { + "id" : "ced07995-945b-40f0-820f-986ec17648cc", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${username}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "d76eab68-e085-4647-a7dd-b0684ce8475e", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${familyName}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "b16ee778-b708-47b3-9710-604c17010171", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : true, + "consentText" : "${fullName}", + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "6b5ca6c5-97a2-4783-abca-273621eb7133", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : true, + "consentText" : "${givenName}", + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + } ], + "useTemplateConfig" : false, + "useTemplateScope" : false, + "useTemplateMappers" : false + } ], + "clientTemplates" : [ ], + "browserSecurityHeaders" : { + "xContentTypeOptions" : "nosniff", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "xXSSProtection" : "1; mode=block", + "contentSecurityPolicy" : "frame-src 'self'" + }, + "smtpServer" : { }, + "eventsEnabled" : false, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "797f2771-a959-4434-841c-26b1d0820073", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "bf765c15-f2b1-4dbd-ba6b-d65bfbd05d0f", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "0baed118-f17e-4843-a34a-49cc005582d8", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "f96ce62b-6344-4b05-a764-3654501d964a", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "4d85895f-277d-4000-88a3-ccc4c2a52a57", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "saml-user-property-mapper", "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "oidc-address-mapper" ], + "consent-required-for-all-mappers" : [ "true" ] + } + }, { + "id" : "8e89e35e-5cc2-42a5-8467-ecac56fb040b", + "name" : "Allowed Client Templates", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { } + }, { + "id" : "f1af2c68-ad73-4c6b-8458-23fa5c6e196b", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper", "oidc-address-mapper" ], + "consent-required-for-all-mappers" : [ "true" ] + } + }, { + "id" : "0be27d2d-c15f-4cd5-b345-eee796b972fa", + "name" : "Allowed Client Templates", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "b0fed51b-1cce-4147-abf8-0b0cc49237bd", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEpAIBAAKCAQEA3NGRwzgfGDmh1Yxv1hnSQe1vmw99oTtZVlET40tyh+1cXuKgDgvBz7dXxjsCcl5bzFr86/kDemTzIz65klhp8iixePo9/aFbjjHFZPVevJrHUNDhAnTR33SHffgvWhVnK7Us2BNgoDDsevDgQxNI1Nh4nmIDT3bJoAQw7eFjiriDtV16pYW57WaN35Vh4+lCZ0qObTmEziw3nlNkffkd6rxFK4tuZi3QXZ1tSeJgucHLBVCZ/E7RCaMurTgHusd8I5SoqdiEuvwhMMWt4oeB5dmEiS6A07avu+HEidDbbDhUvg2vEZ00mBRRFcxsVbceWLkbUT9tvVIY3xB+coNptQIDAQABAoIBAQC/fCAZmM4mFLwI0eqdT/DraLlyTmGT8kJLPq2vWdqskqGaSo2fAIUF2iiMZtl9UePq9zACdQKWHXpWIuuLQ45EBxO3I9Gj4kvhp7lUDg8kIFgc9bVZivIAAy4Hh7OQO6Um2spTaaJN5376MW1X3R44LKuUNMxIGWtIjrnbXqsSO8f05ZqKTKrT/VhEylp0K3lzyhCN7RxO/jUaMv9gRgk/ly27RO6Cs/zLaYDy92bJ/JUQrdk+Cm49Yu5eXJi3ulO/kQEGvPrV8svp5j3vW+Migt00wsePj6nDfJaHPHXKKSgpeQYkIX/LdJdNlFcwROwXsQFZIkZ0XvvN6CbV5Na1AoGBAP5wZYOV7F75wKcqpRKyQfMDalHzaNmPxRK6ISdXGIKhYbzNvYuubOSm/l4o3R+Nk5hRXhi+jizG3X9oBW9drJ2HB1DiMEWZNp+yApQ7YE5Sqxo/agdx/lch389BKO7HnI874qOjUB4nthcFM/VaQxMUFJ91qGG+kbSCvdlix3JHAoGBAN4sXv3wm0hc5ZlvPth9xt71hAs7VWLsFXUiW+rNZqWqsh5MqnL0ydi6sAfet0pUImsYOWX5uKPmurHPP/EgA3rJMrsDNlh6wt8MOAbEW24NODEAI97rAoITGlB5s7CzxEMDKRrbvdnqYcqA58vJi+hdJaJyqpyztARkFsQ5VeYjAoGANfgHQELzsS2OlKax/uY6oN4vlhRoQAWDyrYaRCrwMv0iKxcExnUH+fQF7lkClifEj8FqkRsSMyM3ZkfdJ0MaUwuKHLjtfkXCVVs/usthYRud2WJsDgo65aZ0v5RVp1hFuAf+ybDhVJQdxoI/BCLSKWDQAwbE4X63jy9QL6UJIw8CgYANz6BQFObyRqQXN60mdBsqvQRqVlPmhFqJH4urOv2IiuXrsERgRQtPJ7vNoXCvdC93jNf0mON7fNpaN1H4QU82EM/QhFCai3cVuoK5GPe+DaBSm3mfX+iWAW3/VrFu6J3otIeXndVdeI5/sie2qV7DIRc30/z7JMiqBTbNF+tZFQKBgQDK4R5/lA6XAFdUH1YFcrZunBewoDKnacMpXFwHVTkLiRebhGGg490EVqX/+pwrxsqm49rSVu/VdXSem/4hQox+3yA5ZsqzVSNpXSQAjhVcLXRjO5WN3oodoks1WwpV9TDBIxnWmW22BEHHp26wheiyBIxQrVVDfrYFixg/YXykAg==" ], + "keySize" : [ "2048" ], + "certificate" : [ "MIICnzCCAYcCBgFYbXr/rzANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhpbnRlcm5hbDAeFw0xNjExMTYxNDEwMjdaFw0yNjExMTYxNDEyMDdaMBMxETAPBgNVBAMMCGludGVybmFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NGRwzgfGDmh1Yxv1hnSQe1vmw99oTtZVlET40tyh+1cXuKgDgvBz7dXxjsCcl5bzFr86/kDemTzIz65klhp8iixePo9/aFbjjHFZPVevJrHUNDhAnTR33SHffgvWhVnK7Us2BNgoDDsevDgQxNI1Nh4nmIDT3bJoAQw7eFjiriDtV16pYW57WaN35Vh4+lCZ0qObTmEziw3nlNkffkd6rxFK4tuZi3QXZ1tSeJgucHLBVCZ/E7RCaMurTgHusd8I5SoqdiEuvwhMMWt4oeB5dmEiS6A07avu+HEidDbbDhUvg2vEZ00mBRRFcxsVbceWLkbUT9tvVIY3xB+coNptQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBDNxTS0rdSSviORUbmw4um2bFGnQ/HN0MpoCb09nGRQPPNipt2GJPAjqBoQiGTbYnnAIAS/0O0NDa/j7+ZDQLCOK2ok5vRqBD1NEhNRYAZLgplFbyROqF37RICxRL7LWJVTov8vNfzlSI/Qdhio7Q/40hUlKZfEia7+4WsZ8EBhLJimfbYieeuPpIxWa16tB+NpIA9pW1AQfdUmZQDxB9++x9Aq/BtBPtNrTdz0DnW3e5G84Ec7ioRX7STCPN5mMomvCClUD+FsC1v6IGH7exqaGJwbhUYM/fqt4WaVr0/uA50qlMlSznFzfpnYlX19vb2L88PI1cg4koWd1Tp1Zhm" ], + "priority" : [ "100" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ ], + "authenticationFlows" : [ { + "id" : "ee5eef7a-d54b-4b65-9e93-143ad1d2c3a9", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "idp-email-verification", + "requirement" : "ALTERNATIVE", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "ALTERNATIVE", + "priority" : 30, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "9bdfef50-b606-4cc1-b1a6-809fb7eeae70", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-otp-form", + "requirement" : "OPTIONAL", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "39871201-75ea-4266-84d9-ffbdcd520a49", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-spnego", + "requirement" : "DISABLED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "identity-provider-redirector", + "requirement" : "ALTERNATIVE", + "priority" : 25, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "ALTERNATIVE", + "priority" : 30, + "flowAlias" : "forms", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "772a4472-6685-4eb5-a775-6536eb4a511f", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "client-jwt", + "requirement" : "ALTERNATIVE", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "596c3077-8e91-4f6f-8afe-5a18159138c1", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "direct-grant-validate-password", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "requirement" : "OPTIONAL", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "b4d525af-e26c-4a3f-865b-b3ec389c680c", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "38f3b0a2-13ec-4d8a-99ac-a5dbd9d81479", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "requirement" : "ALTERNATIVE", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "ALTERNATIVE", + "priority" : 30, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "875bfe08-c0d6-4c07-ab6d-1a10da22e233", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-otp-form", + "requirement" : "OPTIONAL", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "e0ef1cdc-dd30-4f75-830b-a164da6f9062", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "requirement" : "REQUIRED", + "priority" : 10, + "flowAlias" : "registration form", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "fe681b32-7271-4ed4-af07-f7286bb4f8a8", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-profile-action", + "requirement" : "REQUIRED", + "priority" : 40, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-password-action", + "requirement" : "REQUIRED", + "priority" : 50, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-recaptcha-action", + "requirement" : "DISABLED", + "priority" : 60, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "01930c64-62dc-43ad-b278-2f44d0c33239", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-credential-email", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-password", + "requirement" : "REQUIRED", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-otp", + "requirement" : "OPTIONAL", + "priority" : 40, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "c2337ac0-4599-4222-8ab0-8345423de1a1", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "68ea0364-0717-4a92-af14-20e03dbfd34d", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "6add7666-869f-4d94-b83e-271482d3d633", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "config" : { } + }, { + "alias" : "terms_and_conditions", + "name" : "Terms and Conditions", + "providerId" : "terms_and_conditions", + "enabled" : false, + "defaultAction" : false, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "attributes" : { + "_browser_header.xXSSProtection" : "1; mode=block", + "_browser_header.xFrameOptions" : "SAMEORIGIN", + "failureFactor" : "30", + "permanentLockout" : "false", + "quickLoginCheckMilliSeconds" : "1000", + "maxDeltaTimeSeconds" : "43200", + "displayName" : "RBKmoney", + "_browser_header.xRobotsTag" : "none", + "actionTokenGeneratedByUserLifespan" : "300", + "_browser_header.xContentTypeOptions" : "nosniff", + "actionTokenGeneratedByAdminLifespan" : "43200", + "bruteForceProtected" : "false", + "maxFailureWaitSeconds" : "900", + "_browser_header.contentSecurityPolicy" : "frame-src 'self'", + "minimumQuickLoginWaitSeconds" : "60", + "waitIncrementSeconds" : "60" + }, + "keycloakVersion" : "3.4.0.Final" +} diff --git a/config/keycloak-realms/values.yaml.gotmpl b/config/keycloak-realms/values.yaml.gotmpl index 77a82ab..b074475 100644 --- a/config/keycloak-realms/values.yaml.gotmpl +++ b/config/keycloak-realms/values.yaml.gotmpl @@ -1,6 +1,7 @@ # -*- mode: yaml -*- configMap: data: - realms.json: | - {{- tpl (readFile "realms.json.gotmpl") . | nindent 6 }} - + internal.json: | + {{- tpl (readFile "internal.json.gotmpl") . | nindent 6 }} + external.json: | + {{- tpl (readFile "external.json.gotmpl") . | nindent 6 }} diff --git a/config/keycloak/values.yaml.gotmpl b/config/keycloak/values.yaml.gotmpl index c55a452..b8d0b13 100644 --- a/config/keycloak/values.yaml.gotmpl +++ b/config/keycloak/values.yaml.gotmpl @@ -4,6 +4,9 @@ postgresql: podLabels: selector.cilium.rbkmoney/release: {{ .Release.Name }} +image: + tag: 12.0.4 + extraEnv: | - name: PROXY_ADDRESS_FORWARDING value: "true" @@ -32,7 +35,7 @@ extraEnv: | -Djboss.modules.system.pkgs=$JBOSS_MODULES_SYSTEM_PKGS -Djava.awt.headless=true - name: KEYCLOAK_IMPORT - value: /realm/realms.json + value: /realm/internal.json,/realm/external.json extraVolumes: | - name: keycloak-realms-volume diff --git a/config/payouter/entrypoint.sh b/config/payouter/entrypoint.sh new file mode 100644 index 0000000..05cf954 --- /dev/null +++ b/config/payouter/entrypoint.sh @@ -0,0 +1,21 @@ +#!/bin/sh +set -ue + +java \ + "-XX:OnOutOfMemoryError=kill %p" -XX:+HeapDumpOnOutOfMemoryError \ +-jar /opt/payouter/payouter.jar \ +--logging.file=/var/log/payouter/payouter.json \ +--logging.config=/opt/payouter/logback.xml \ +--management.security.enabled=false \ +-Dwoody.node_id=346 \ +--service.dominant.url=http://dominant:8022/v1/domain/repository_client \ +--service.shumway.url=http://shumway:8022/shumpune \ +--kafka.bootstrap-servers=kafka:9092 \ +--kafka.topics.invoice.enabled=false \ +--kafka.topics.party-management.enabled=false \ +--kafka.topics.party-management.concurrency=5 \ +--kafka.client-id=payouter \ +--kafka.consumer.group-id=payouter-invoicing \ +--kafka.consumer.concurrency=5 \ +--kafka.consumer.auto-offset-reset=latest \ +--spring.config.additional-location=/vault/secrets/application.properties diff --git a/config/payouter/loggers.xml b/config/payouter/loggers.xml new file mode 100644 index 0000000..6bbae6f --- /dev/null +++ b/config/payouter/loggers.xml @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/config/payouter/values.yaml.gotmpl b/config/payouter/values.yaml.gotmpl new file mode 100644 index 0000000..367eb49 --- /dev/null +++ b/config/payouter/values.yaml.gotmpl @@ -0,0 +1,131 @@ +# -*- mode: yaml -*- + +replicaCount: 1 + +image: + repository: docker.io/rbkmoney/payouter + tag: a0e37ad47ee5563008d2af47c58a9f117e941db0 + pullPolicy: IfNotPresent + +runopts: + command: ["/opt/payouter/entrypoint.sh"] + +env: + - name: LOGBACK_SERVICE_NAME + value: "payouter" + +configMap: + data: + entrypoint.sh: | + {{- readFile "entrypoint.sh" | nindent 6 }} + loggers.xml: | + {{- readFile "loggers.xml" | nindent 6 }} + logback.xml: | + {{- readFile "../logs/logback.xml" | nindent 6 }} + +volumes: + - name: config-volume + configMap: + name: {{ .Release.Name }} + defaultMode: 0755 + +volumeMounts: + - name: config-volume + mountPath: /opt/payouter/entrypoint.sh + subPath: entrypoint.sh + readOnly: true + - name: config-volume + mountPath: /opt/payouter/logback.xml + subPath: logback.xml + readOnly: true + - name: config-volume + mountPath: /opt/payouter/loggers.xml + subPath: loggers.xml + readOnly: true + +service: + ports: + - name: api + port: 8022 + - name: management + port: 8023 + +livenessProbe: null + # httpGet: + # path: /actuator/health + # port: management + +readinessProbe: null + # httpGet: + # path: /actuator/health + # port: management + +podAnnotations: + vault.hashicorp.com/role: "db-app" + vault.hashicorp.com/agent-inject: "true" + vault.hashicorp.com/agent-inject-secret-application.properties: "database/creds/db-app-payouter" + vault.hashicorp.com/agent-inject-template-application.properties: | + {{`{{- with secret "database/creds/db-app-payouter" -}} + spring.datasource.url=jdbc:postgresql://postgres-postgresql:5432/payouter?sslmode=disable + spring.datasource.username={{ .Data.username }} + spring.datasource.password={{ .Data.password }} + spring.flyway.url=jdbc:postgresql://postgres-postgresql:5432/payouter?sslmode=disable + spring.flyway.user={{ .Data.username }} + spring.flyway.password={{ .Data.password }} + spring.datasource.hikari.data-source-properties.prepareThreshold=0 + spring.datasource.hikari.leak-detection-threshold=5300 + flyway.url=jdbc:postgresql://postgres-postgresql:5432/payouter?sslmode=disable + flyway.user={{ .Data.username }} + flyway.password={{ .Data.password }} + flyway.schemas=sht + {{- end }}`}} + +metrics: + serviceMonitor: + enabled: true + namespace: {{ .Release.Namespace }} + additionalLabels: + release: prometheus + endpoints: + - port: "management" + path: /actuator/prometheus + scheme: http + +ciliumPolicies: + - filters: + - port: 5432 + type: TCP + name: postgres + namespace: {{ .Release.Namespace }} + - filters: + - port: 9092 + type: TCP + name: kafka + namespace: {{ .Release.Namespace }} + - filters: + - port: 8022 + type: TCP + name: shumway + namespace: {{ .Release.Namespace }} + - filters: + - port: 8022 + type: TCP + name: dominant + namespace: {{ .Release.Namespace }} + - filters: + - port: 8200 + type: TCP + name: vault + namespace: {{ .Release.Namespace }} + - filters: + - port: 8022 + type: TCP + name: hellgate + namespace: {{ .Release.Namespace }} +{{- /* + - filters: + - port: 8022 + type: TCP + name: fault-detector + namespace: {{ .Release.Namespace }} +*/ -}} diff --git a/config/postgres/values.yaml.gotmpl b/config/postgres/values.yaml.gotmpl index 39005a4..2ca2c4e 100644 --- a/config/postgres/values.yaml.gotmpl +++ b/config/postgres/values.yaml.gotmpl @@ -8,6 +8,7 @@ initdbScripts: CREATE DATABASE keycloak; CREATE DATABASE shumway; CREATE DATABASE hooker; + CREATE DATABASE payouter; #TODO: If bump version, change master to primary master: diff --git a/config/proxy-mocketbank-mpi/values.yaml.gotmpl b/config/proxy-mocketbank-mpi/values.yaml.gotmpl index ba3dd7f..5aa9e35 100644 --- a/config/proxy-mocketbank-mpi/values.yaml.gotmpl +++ b/config/proxy-mocketbank-mpi/values.yaml.gotmpl @@ -47,3 +47,10 @@ readinessProbe: httpGet: path: /actuator/health port: api + +ciliumPolicies: + - filters: + - port: 8022 + type: TCP + name: cds + namespace: {{ .Release.Namespace }} diff --git a/config/proxy-mocketbank/values.yaml.gotmpl b/config/proxy-mocketbank/values.yaml.gotmpl index cc7af46..27b0c1d 100644 --- a/config/proxy-mocketbank/values.yaml.gotmpl +++ b/config/proxy-mocketbank/values.yaml.gotmpl @@ -4,7 +4,7 @@ replicaCount: 1 image: repository: docker.io/rbkmoney/proxy-mocketbank - tag: 91953e1e9874a851816474b47ad0f123c7c936d1 + tag: 42361269e9a3b49c9e9dbfad0c04674e9d3787fb pullPolicy: IfNotPresent configMap: @@ -65,4 +65,4 @@ ciliumPolicies: - port: 8022 type: TCP name: cds - namespace: {{ .Release.Namespace }} \ No newline at end of file + namespace: {{ .Release.Namespace }} diff --git a/config/vault-cm/values.yaml b/config/vault-cm/values.yaml index 3cb3d0a..146515c 100644 --- a/config/vault-cm/values.yaml +++ b/config/vault-cm/values.yaml @@ -35,6 +35,23 @@ configMap: GRANT ALL ON ALL SEQUENCES IN SCHEMA hook TO \"{{name}}\";" \ default_ttl="1h" \ max_ttl="240h" + + vault write database/config/payouter \ + plugin_name=postgresql-database-plugin \ + allowed_roles="*" \ + connection_url="postgresql://{{username}}:{{password}}@postgres-postgresql:5432/payouter?sslmode=disable" \ + username="postgres" \ + password="H@ckM3" + vault write database/roles/db-app-payouter \ + db_name=payouter \ + creation_statements="CREATE SCHEMA IF NOT EXISTS sht; + CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; + GRANT CREATE ON DATABASE payouter TO \"{{name}}\"; + GRANT ALL ON SCHEMA sht TO \"{{name}}\"; + GRANT ALL ON ALL TABLES IN SCHEMA sht TO \"{{name}}\"; + GRANT ALL ON ALL SEQUENCES IN SCHEMA sht TO \"{{name}}\";" \ + default_ttl="1h" \ + max_ttl="240h" vault auth enable kubernetes vault write auth/kubernetes/config \ @@ -56,3 +73,6 @@ configMap: path "database/creds/db-app-hooker" { capabilities = ["read"] } + path "database/creds/db-app-payouter" { + capabilities = ["read"] + } diff --git a/helmfile.yaml b/helmfile.yaml index 33f796f..356b41a 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -203,3 +203,6 @@ releases: tier: front needs: - {{ .Namespace | default "default" }}/keycloak +- name: payouter + <<: *generic_stateless_json +