Merge pull request #77 from eformat/main

🐞 #67 - add sso to minio 🐞
opendatahub-io-contrib · Jul 4, 2023 · 699ce55 · 699ce55
2 parents f371691 + b1ac070
commit 699ce55
Show file tree

Hide file tree

Showing 9 changed files with 1,780 additions and 1,210 deletions.
diff --git a/gitops/argocd/cluster-dev/rainforest-ci-cd/minio.yaml b/gitops/argocd/cluster-dev/rainforest-ci-cd/minio.yaml
@@ -13,6 +13,8 @@ spec:
     path: gitops/minio/overlays/cluster-dev
     repoURL: https://github.com/opendatahub-io-contrib/data-mesh-pattern
     targetRevision: main
+    plugin:
+      name: argocd-vault-plugin-kustomize
   syncPolicy:
     automated:
       prune: true

diff --git a/gitops/iam/chart/iam/cluster-dev/daintree-dev/values.yaml b/gitops/iam/chart/iam/cluster-dev/daintree-dev/values.yaml
@@ -12,3 +12,6 @@ users:
       userId: "5e6ba846-f869-481b-912b-3c9c78d0db94"
     clientRole: adminRole
     clusterRole: edit
+    attributes:
+      policy:
+      - consoleAdmin
diff --git a/gitops/iam/chart/iam/templates/keycloak.yaml b/gitops/iam/chart/iam/templates/keycloak.yaml
@@ -28,6 +28,10 @@ spec:
 {{- include "dsRole" . | nindent 6 }}
 {{- else }}
 {{- include "viewRole" . | nindent 6 }}
+{{- end }}
+{{- if .attributes }}
+    attributes:
+      {{- toYaml .attributes | nindent 6 }}
 {{- end }}
   realmSelector:
     matchLabels:

diff --git a/gitops/keycloak/overlays/cluster-dev/daintree-dev/KeycloakClient.yaml b/gitops/keycloak/overlays/cluster-dev/daintree-dev/KeycloakClient.yaml
@@ -356,3 +356,43 @@ spec:
     - name: DataSteward
       composite: false
       clientRole: true
+---
+apiVersion: keycloak.org/v1alpha1
+kind: KeycloakClient
+metadata:
+  name: minio-daintree-dev
+  labels:
+    client: minio-daintree-dev
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+spec:
+  realmSelector:
+    matchLabels:
+      realm: daintree-dev
+  client:
+    name: minio
+    clientId: minio
+    bearerOnly: false
+    protocol: openid-connect
+    standardFlowEnabled: true
+    serviceAccountsEnabled: true
+    directAccessGrantsEnabled: true
+    surrogateAuthRequired: false
+    enabled: true
+    clientAuthenticatorType: "client-secret"
+    secret: <path:kv/data/student/rainforest-ci-cd/daintree-dev/keycloak#MINIO_CLIENTSECRET>
+    consentRequired: false
+    implicitFlowEnabled: true
+    authorizationServicesEnabled: false
+    publicClient: false
+    redirectUris:
+      - "*"
+    webOrigins:
+      - "*"
+    frontchannelLogout: false
+    fullScopeAllowed: true
+    nodeReRegistrationTimeout: -1
+    defaultClientScopes:
+      - "profile"
+      - "email"
+      - "minio-authorization"