feat: Migrate sso resources from edp-install to gerrit-operator(#59)

deploy-templates/README.md

@@ -45,6 +45,7 @@ A Helm chart for KubeRocketCI Gerrit Operator
 | gerrit.resources.requests.cpu | string | `"100m"` |  |
 | gerrit.resources.requests.memory | string | `"512Mi"` |  |
 | gerrit.sso.enabled | bool | `true` |  |
+| gerrit.sso.keycloakUrl | string | `"https://keycloak.example.com/auth"` | Keycloak URL. |
 | gerrit.sso.kind | string | `"KeycloakRealm"` |  |
 | gerrit.sso.name | string | `"main"` |  |
 | gerrit.storage.size | string | `"1Gi"` | Size for Gerrit data volume |

deploy-templates/templates/_helpers.tpl

@@ -104,3 +104,18 @@ Set gerrit.javaOptions
 {{ printf "%s" .Values.gerrit.javaOptions }}
 {{- end -}}
 {{- end -}}
+
+{{/*
+Create the name of the secretstore to use
+*/}}
+{{- define "gerrit.secretStoreName" -}}
+  {{- if .Values.externalSecrets.enabled }}
+    {{- if eq .Values.externalSecrets.type "aws" }}
+      {{- printf "%s-%s" "aws" .Values.externalSecrets.secretProvider.aws.service | lower }}
+    {{- end }}
+    {{- if eq .Values.externalSecrets.type "generic" }}
+      {{- $secretStoreName := required "Secret store name is not defined" .Values.externalSecrets.secretProvider.generic.secretStore.name | lower }}
+      {{- printf "%s" $secretStoreName }}
+    {{- end }}
+  {{- end }}
+{{- end }}

deploy-templates/templates/gerrit/keycloak-client.yaml → deploy-templates/templates/gerrit/keycloak/keycloak-client.yaml

@@ -7,17 +7,12 @@ spec:
   attributes:
     post.logout.redirect.uris: +
   clientAuthenticatorType: client-secret
-  clientId: gerrit
+  clientId: gerrit-{{ .Release.Namespace }}
   enabled: true
   fullScopeAllowed: true
   realmRef:
     kind: {{ .Values.gerrit.sso.kind }}
     name: {{ .Values.gerrit.sso.name }}
-  realmRoles:
-    - composite: administrator
-      name: gerrit-administrators
-    - composite: developer
-      name: gerrit-users
   standardFlowEnabled: true
   webOrigins:
     - >-

deploy-templates/templates/gerrit/quickLink/keycloak.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.gerrit.sso.enabled -}}
+apiVersion: v2.edp.epam.com/v1
+kind: QuickLink
+metadata:
+  name: main-keycloak
+spec:
+  icon: >-
+    PHN2ZyBpZD0iR3VpZGVzIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2aWV3Qm94PSIwIDAgMTI4IDEyOCI+PGRlZnM+PHN0eWxlPi5jbHMtMXtmaWxsOm5vbmU7fS5jbHMtMntjbGlwLXBhdGg6dXJsKCNjbGlwLXBhdGgpO30uY2xzLTN7ZmlsbDojNGQ0ZDRkO30uY2xzLTR7ZmlsbDojZTFlMWUxO30uY2xzLTV7ZmlsbDojYzhjOGM4O30uY2xzLTZ7ZmlsbDojYzJjMmMyO30uY2xzLTd7ZmlsbDojYzdjN2M3O30uY2xzLTh7ZmlsbDojY2VjZWNlO30uY2xzLTl7ZmlsbDojZDNkM2QzO30uY2xzLTEwe2ZpbGw6I2M2YzZjNjt9LmNscy0xMXtmaWxsOiNkNWQ1ZDU7fS5jbHMtMTJ7ZmlsbDojZDBkMGQwO30uY2xzLTEze2ZpbGw6I2JmYmZiZjt9LmNscy0xNHtmaWxsOiNkOWQ5ZDk7fS5jbHMtMTV7ZmlsbDojZDRkNGQ0O30uY2xzLTE2e2ZpbGw6I2Q4ZDhkODt9LmNscy0xN3tmaWxsOiNlMmUyZTI7fS5jbHMtMTh7ZmlsbDojZTRlNGU0O30uY2xzLTE5e2ZpbGw6I2RlZGVkZTt9LmNscy0yMHtmaWxsOiNjNWM1YzU7fS5jbHMtMjF7ZmlsbDojZDFkMWQxO30uY2xzLTIye2ZpbGw6I2RkZDt9LmNscy0yM3tmaWxsOiNlM2UzZTM7fS5jbHMtMjR7ZmlsbDojMDBiOGUzO30uY2xzLTI1e2ZpbGw6IzMzYzZlOTt9LmNscy0yNntmaWxsOiMwMDhhYWE7fTwvc3R5bGU+PGNsaXBQYXRoIGlkPSJjbGlwLXBhdGgiPjxyZWN0IGNsYXNzPSJjbHMtMSIgeD0iMC4wMiIgeT0iLTAuMDIiIHdpZHRoPSIxMjcuOTgiIGhlaWdodD0iMTI3Ljk4Ii8+PC9jbGlwUGF0aD48L2RlZnM+PHRpdGxlPmtleWNsb2FrX2RlbGl2ZXJhYmxlczwvdGl0bGU+PGcgY2xhc3M9ImNscy0yIj48cGF0aCBjbGFzcz0iY2xzLTMiIGQ9Ik0xMDkuNjIsMzhhMSwxLDAsMCwxLS44My0wLjQ3bC0xNC40NC0yNUExLDEsMCwwLDAsOTMuNTEsMTJIMzQuNTlhMSwxLDAsMCwwLS44My40N2wtMTUsMjZhMCwwLDAsMCwwLDAsMEw0LjMxLDYzLjVhMSwxLDAsMCwwLDAsMWwxNC40NSwyNSwxNSwyNmExLDEsMCwwLDAsLjgzLjQ3SDkzLjUxYTEsMSwwLDAsMCwuODQtMC40N2wxNC40NS0yNWExLDEsMCwwLDEsLjgzLTAuNDdoMThhMS4wOCwxLjA4LDAsMCwwLDEuMDgtMS4wOFYzOS4wNkExLjA4LDEuMDgsMCwwLDAsMTI3LjYxLDM4aC0xOFoiLz48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik0xMjcuNjEsMzhIMTkuNmExLDEsMCwwLDAtLjgzLjQ3czAsMCwwLDBsLTAuNTMuOTJMMTEuNjIsNTAuODUsNC4zMSw2My41YTEsMSwwLDAsMCwwLDFMNS45LDY3LjIxLDE4Ljc2LDg5LjQ5YTEsMSwwLDAsMCwuODQuNDhoMTA4YTEuMDcsMS4wNywwLDAsMCwxLjA2LTEuMDdWMzkuMDZBMS4wOCwxLjA4LDAsMCwwLDEyNy42MSwzOFoiLz48cGF0aCBjbGFzcz0iY2xzLTQiIGQ9Ik0yMiw2MS4zNUw1LjksNjcuMjEsNC4zMSw2NC40NmExLDEsMCwwLDEsMC0xbDcuMzEtMTIuNjZaIi8+PHBvbHlnb24gY2xhc3M9ImNscy01IiBwb2ludHM9IjExOC4wNiA2Ni4wMyAxMjguNjkgNjQuNTEgMTI4LjY5IDc2Ljg1IDExOC4wNiA2Ni4wMyIvPjxwYXRoIGNsYXNzPSJjbHMtNiIgZD0iTTExOC4wNSw2NmwxMC42NCwxMC44MlY4OC45QTEuMDcsMS4wNywwLDAsMSwxMjcuNjMsOTBIMTE1LjI1WiIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtNyIgcG9pbnRzPSIxMTguMDYgNjYuMDMgMTE1LjI1IDg5Ljk3IDEwMC4zNyA4OS45NyA5NS44NiA3OS4xMSAxMTguMDYgNjYuMDMiLz48cG9seWdvbiBjbGFzcz0iY2xzLTgiIHBvaW50cz0iMTE4LjA2IDY2LjAzIDEyOC42OSA1My4wOCAxMjguNjkgNjQuNTEgMTE4LjA2IDY2LjAzIi8+PHBhdGggY2xhc3M9ImNscy05IiBkPSJNMTI4LjY5LDM5LjA2djE0TDExOC4wNSw2NmwtOC0yOGgxNy41OEExLjA4LDEuMDgsMCwwLDEsMTI4LjY5LDM5LjA2WiIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMTAiIHBvaW50cz0iMTAwLjM3IDg5Ljk3IDkyLjUyIDg5Ljk3IDkwLjQ4IDg3LjA1IDk1Ljg2IDc5LjExIDEwMC4zNyA4OS45NyIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMTEiIHBvaW50cz0iMTE4LjA2IDY2LjAzIDg4LjYxIDUzLjU4IDEwNC4xIDM3Ljk4IDExMC4wMyAzNy45OCAxMTguMDYgNjYuMDMiLz48cGF0aCBjbGFzcz0iY2xzLTEyIiBkPSJNODguNjEsNTMuNThsNy4yNSwyNS41MkwxMTguMDUsNjZaIi8+PHBvbHlnb24gY2xhc3M9ImNscy0xMyIgcG9pbnRzPSI5Mi41MiA4OS45NyA5MC4zOSA4OS45NyA5MC40OCA4Ny4wNSA5Mi41MiA4OS45NyIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMTQiIHBvaW50cz0iMTA0LjEgMzcuOTggODguNjEgNTMuNTggODUuODIgMzkuNjMgOTEuOCAzNy45OCAxMDQuMSAzNy45OCIvPjxwYXRoIGNsYXNzPSJjbHMtMTUiIGQ9Ik04OC42MSw1My41OEw1Mi44OCw2MS44Miw5MC40OCw4Ny4wNVoiLz48cGF0aCBjbGFzcz0iY2xzLTEyIiBkPSJNODguNjEsNTMuNThsMS44NywzMy40Nyw1LjM3LTcuOTVaIi8+PHBhdGggY2xhc3M9ImNscy0xNCIgZD0iTTg1LjgyLDM5LjYzTDUyLjg4LDYxLjgybDM1Ljc0LTguMjRaIi8+PHBvbHlnb24gY2xhc3M9ImNscy0xNiIgcG9pbnRzPSI1Mi44OCA2MS44MiAzNy4zOCA4OS45NyAyOC41NiA4OS45NyAyMi4wNCA2MS4zNSA1Mi44OCA2MS44MiIvPjxwYXRoIGNsYXNzPSJjbHMtMTciIGQ9Ik0zNywzOEwyMiw2MS4zNWwtMy44MS0yMiwwLjUzLS45MnMwLDAsMCwwQTEsMSwwLDAsMSwxOS42LDM4SDM3WiIvPjxwYXRoIGNsYXNzPSJjbHMtMTYiIGQ9Ik0yOC41Niw5MGgtOWExLDEsMCwwLDEtLjg0LTAuNDhMNS45LDY3LjIxLDIyLDYxLjM1WiIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMTgiIHBvaW50cz0iMjIuMDQgNjEuMzUgMTEuNjIgNTAuODQgMTguMjMgMzkuMzkgMjIuMDQgNjEuMzUiLz48cG9seWdvbiBjbGFzcz0iY2xzLTE5IiBwb2ludHM9IjY5LjIgMzcuOTggNTguODkgMzcuOTggNDMuMTEgMzcuOTggNTIuODggNjEuODIgODUuODIgMzkuNjMgNzUuODkgMzcuOTggNjkuMiAzNy45OCIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMTkiIHBvaW50cz0iMzkuMDMgMzcuOTggMzcgMzcuOTggMjIuMDQgNjEuMzUgNTIuODggNjEuODIgNDMuMTEgMzcuOTggMzkuMDMgMzcuOTgiLz48cG9seWdvbiBjbGFzcz0iY2xzLTIwIiBwb2ludHM9IjgzLjMxIDg5Ljk3IDg5LjA2IDg5Ljk3IDkwLjM5IDg5Ljk3IDkwLjQ4IDg3LjA1IDgzLjMxIDg5Ljk3Ii8+PHBvbHlnb24gY2xhc3M9ImNscy0xMiIgcG9pbnRzPSI5MC40OCA4Ny4wNSA1Mi44OCA2MS44MiA1OS42NSA4OS45NyA2OS4yIDg5Ljk3IDgzLjMxIDg5Ljk3IDkwLjQ4IDg3LjA1Ii8+PHBvbHlnb24gY2xhc3M9ImNscy0yMSIgcG9pbnRzPSIzNy4zOCA4OS45NyAzOS4wMyA4OS45NyA1OC44OSA4OS45NyA1OS42NSA4OS45NyA1Mi44OCA2MS44MiAzNy4zOCA4OS45NyIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMjIiIHBvaW50cz0iODUuOTIgMzcuOTggODUuODIgMzkuNjMgOTEuOCAzNy45OCA4OS4wNiAzNy45OCA4NS45MiAzNy45OCIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMjMiIHBvaW50cz0iNzUuODkgMzcuOTggODUuODIgMzkuNjMgODQuOSAzNy45OCA3NS44OSAzNy45OCIvPjxwb2x5Z29uIGNsYXNzPSJjbHMtMTciIHBvaW50cz0iODQuOSAzNy45OCA4NS44MiAzOS42MyA4NS45MiAzNy45OCA4NC45IDM3Ljk4Ii8+PHBhdGggY2xhc3M9ImNscy0yNCIgZD0iTTU4LjgsMzguNDNMNDQuMjcsNjMuNTlhMC44NSwwLjg1LDAsMCwwLS4xLjQxSDM0TDU0LDI5LjQ2YTAuNzgsMC43OCwwLDAsMSwuMy4yOWwwLDAsNC41Miw3Ljg1QTAuODcsMC44NywwLDAsMSw1OC44LDM4LjQzWiIvPjxwYXRoIGNsYXNzPSJjbHMtMjUiIGQ9Ik01OC43OCw5MC40NWwtNC41MSw3LjgyYTAuODgsMC44OCwwLDAsMS0uMzEuMjlMMzQsNjRINDQuMTZhMC43NywwLjc3LDAsMCwwLC4xLjM5LDAuMDksMC4wOSwwLDAsMCwwLDBsMTQuNSwyNS4xNEEwLjg1LDAuODUsMCwwLDEsNTguNzgsOTAuNDVaIi8+PHBhdGggY2xhc3M9ImNscy0yNiIgZD0iTTU0LDI5LjQ2TDM0LDY0aDBsLTUsOC42NkwyNC4yNSw2NC40YTAuNzcsMC43NywwLDAsMS0uMS0wLjM5LDAuODUsMC44NSwwLDAsMSwuMS0wLjQxbDQuODMtOC4zOEw0My43OCwyOS43OWEwLjg1LDAuODUsMCwwLDEsLjc0LTAuNDRoOUEwLjg5LDAuODksMCwwLDEsNTQsMjkuNDZaIi8+PHBhdGggY2xhc3M9ImNscy0yNCIgZD0iTTU0LDk4LjU1YTAuODksMC44OSwwLDAsMS0uNDMuMTFoLTlhMC44NSwwLjg1LDAsMCwxLS43NC0wLjQ0TDMwLjM1LDc1LDI5LDcyLjY3LDM0LDY0WiIvPjxwYXRoIGNsYXNzPSJjbHMtMjYiIGQ9Ik05NC4wNSw2NEw3NC4xLDk4LjU1YTAuOTMsMC45MywwLDAsMS0uMy0wLjI5bDAsMEw2OS4yNyw5MC40YTAuODcsMC44NywwLDAsMSwwLS44TDgzLjc5LDY0LjQ0QTAuODQsMC44NCwwLDAsMCw4My45MSw2NEg5NC4wNVoiLz48cGF0aCBjbGFzcz0iY2xzLTI0IiBkPSJNMTAzLjkyLDY0YTAuODQsMC44NCwwLDAsMS0uMTIuNDRMODQuMjcsOTguMjZhMC44NiwwLjg2LDAsMCwxLS43My40aC05YTAuOTMsMC45MywwLDAsMS0uNDQtMC4xMUw5NC4wNSw2NGw1LTguNjUsNC43NSw4LjIzQTAuODQsMC44NCwwLDAsMSwxMDMuOTIsNjRaIi8+PHBhdGggY2xhc3M9ImNscy0yNCIgZD0iTTk0LjA1LDY0SDgzLjkxYTAuODQsMC44NCwwLDAsMC0uMTItMC40M0w2OS4yOSwzOC40NGEwLjg1LDAuODUsMCwwLDEsMC0uODdsNC41Mi03LjgyYTAuOTMsMC45MywwLDAsMSwuMy0wLjI5WiIvPjxwYXRoIGNsYXNzPSJjbHMtMjUiIGQ9Ik05OS4wNSw1NS4zNGgwbC01LDguNjVMNzQuMSwyOS40NmEwLjkzLDAuOTMsMCwwLDEsLjQ0LTAuMTFoOWEwLjg2LDAuODYsMCwwLDEsLjczLjRaIi8+PC9nPjwvc3ZnPg==
+  type: default
+  url: "{{ .Values.gerrit.sso.keycloakUrl }}"
+  visible: true
+{{ end }}

deploy-templates/values.yaml

@@ -126,3 +126,5 @@ gerrit:
     kind: KeycloakRealm
     # Name of kind: Realm/KeycloakRealm CR.
     name: main
+    # -- Keycloak URL.
+    keycloakUrl: https://keycloak.example.com/auth