fix: update values and secret logic map

defenseunicorns · Dec 12, 2024 · 21e2d2d · 21e2d2d
1 parent 0803835
commit 21e2d2d
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 11 deletions.
diff --git a/src/keycloak/chart/templates/secret-kc-realm.yaml b/src/keycloak/chart/templates/secret-kc-realm.yaml
@@ -5,7 +5,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ include "keycloak.fullname" . }}-realm-env
-  namespace: {{ .Release.Namespace }}  
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "keycloak.labels" . | nindent 4 }}
 type: Opaque
@@ -16,4 +16,13 @@ data:
   {{- else }}
   REALM_{{ $key }}: {{ $value | b64enc }}
   {{- end }}
-  {{- end }}
+  {{- end }}
+
+  ENABLE_SOCIAL_LOGIN: {{ .Values.realmInitEnv.SOCIAL_AUTH_ENABLED | toString | b64enc }}
+  ENABLE_X509_LOGIN: {{ .Values.realmInitEnv.X509_AUTH_ENABLED | toString | b64enc }}
+  ENABLE_USERNAME_PASSWORD_AUTH: {{ .Values.realmInitEnv.USERNAME_PASSWORD_AUTH_ENABLED | toString | b64enc }}
+  ENABLE_REGISTER_BUTTON: {{ or .Values.realmInitEnv.USERNAME_PASSWORD_AUTH_ENABLED .Values.realmInitEnv.X509_AUTH_ENABLED | toString | b64enc }}
+  ENABLE_DENY_USERNAME_PASSWORD: {{ ternary "DISABLED" "REQUIRED" (.Values.realmInitEnv.USERNAME_PASSWORD_AUTH_ENABLED) | b64enc }}
+  ENABLE_RESET_CREDENTIAL_FLOW: {{ ternary "REQUIRED" "DISABLED" (.Values.realmInitEnv.USERNAME_PASSWORD_AUTH_ENABLED) | b64enc }}
+  ENABLE_REGISTRATION_FORM: {{ ternary "REQUIRED" "DISABLED" (or .Values.realmInitEnv.USERNAME_PASSWORD_AUTH_ENABLED .Values.realmInitEnv.X509_AUTH_ENABLED) | b64enc }}
+  ENABLE_REALM_OTP: {{ .Values.realmInitEnv.USERNAME_PASSWORD_AUTH_ENABLED | toString | b64enc }}
diff --git a/src/keycloak/chart/values.yaml b/src/keycloak/chart/values.yaml
@@ -27,6 +27,9 @@ realm: uds
 # UDS Identity Config Realm Environment Variables. More info here: https://github.com/defenseunicorns/uds-identity-config/blob/main/docs/CUSTOMIZE.md#templated-realm-values
 realmInitEnv:
   GOOGLE_IDP_ENABLED: false
+  USERNAME_PASSWORD_AUTH_ENABLED: true
+  X509_AUTH_ENABLED: true
+  SOCIAL_AUTH_ENABLED: true
   # GOOGLE_IDP_ID: ""
   # GOOGLE_IDP_SIGNING_CERT: ""
   # GOOGLE_IDP_NAME_ID_FORMAT: ""
@@ -38,15 +41,7 @@ realmInitEnv:
   # OTP_ENABLED: true
   # TERMS_AND_CONDITIONS_ENABLED: true
   # X509_OCSP_FAIL_OPEN: true
-  # ENABLE_SOCIAL_LOGIN: false
-  # ENABLE_X509_LOGIN: false
-  # ENABLE_USERNAME_PASSWORD_AUTH: false
-  # ENABLE_REGISTER_BUTTON: false
-  # ENABLE_REGISTRATION_FIELDS: false
-  # deny_username_password: "DISABLED"
-  # reset_credential_flow: "REQUIRED"
-  # registration_form: "REQUIRED"
-  # otp_enabled: true
+  # DISABLE_REGISTRATION_FIELDS: false
 
 # Generates an initial password for first admin user - only use if install is headless
 # (i.e. cannot hit keycloak UI with `zarf connect keycloak`), password should be changed after initial login