deploy-templates/templates/CitizenAuthFlow.yaml

{{- $authflow := (lookup "v1.edp.epam.com/v1" "KeycloakAuthFlow" .Release.Namespace "citizen-portal-dso-citizen-auth-flow") -}} {{- $authFlowSpec := .Values.keycloak.citizenAuthFlow }} apiVersion: v1.edp.epam.com/v1 kind: KeycloakAuthFlow metadata: name: {{ $authFlowSpec.name }} annotations: "helm.sh/resource-policy": keep labels: created-by: {{ .Values.appLabel }} spec: alias: dso-citizen-auth-flow authenticationExecutions: - authenticator: auth-cookie authenticatorFlow: false priority: 0 requirement: ALTERNATIVE - authenticator: ds-citizen-authenticator authenticatorConfig: alias: ds-citizen-authenticator-configuration config: citizenDefaultRoles: citizen;unregistered-individual; widgetUrl: '{{ $authFlowSpec.widget.url }}' dsoUrl: '{{ .Values.envVariables.digitalSignatureOpsUrl }}/api/esignature/owner' widgetHeight: '{{ $authFlowSpec.widget.height }}' edrCheck: '{{ $authFlowSpec.edrCheck }}' authType: '{{ $authFlowSpec.authType }}' entrepreneurDefaultRoles: citizen;unregistered-entrepreneur; {{- if $authflow }} {{- $ae := index $authflow.spec.authenticationExecutions 1 }} themeFile: {{ $ae.authenticatorConfig.config.themeFile }} title: {{ $ae.authenticatorConfig.config.title }} titleFull: {{ $ae.authenticatorConfig.config.titleFull }} {{- else }} themeFile: white-theme.js title: '' titleFull: '' {{- end }} esignHintUrl: https://diia.gov.ua/faq/1 legalDefaultRoles: citizen;unregistered-legal; startPageUrl: >- https://citizen-portal-{{ .Values.cdPipelineName }}-{{ .Values.cdPipelineStageName }}.{{ .Values.dnsWildcard }}/login {{- if .Values.trembita }} {{- if (index (index .Values.trembita.registries "edr-registry") "user-id") }} {{- $trembitaConfig := index (index .Values.trembita.registries "edr-registry") }} trembitaUserId: {{ index $trembitaConfig "user-id" | squote }} trembitaUrl: {{ $trembitaConfig.url | squote }} trembitaProtocolVersion: {{ index $trembitaConfig "protocol-version" | squote }} clientXRoadInstance: {{ index $trembitaConfig.client "x-road-instance" | squote }} clientMemberClass: {{ index $trembitaConfig.client "member-class" | squote }} clientMemberCode: {{ index $trembitaConfig.client "member-code" | squote }} clientSubsystemCode: {{ index $trembitaConfig.client "subsystem-code" | squote }} registryToken: '' registryXRoadInstance: {{ index $trembitaConfig.service "x-road-instance" | squote }} registryMemberClass: {{ index $trembitaConfig.service "member-class" | squote }} registryMemberCode: {{ index $trembitaConfig.service "member-code" | squote }} registrySubsystemCode: {{ index $trembitaConfig.service "subsystem-code" | squote }} {{- else }} {{- $trembitaConfig := index .Values.trembitaMock.registries "edr-registry" }} trembitaUserId: {{ index $trembitaConfig "user-id" | squote }} trembitaUrl: {{ tpl $trembitaConfig.url . | squote }} trembitaProtocolVersion: {{ index $trembitaConfig "protocol-version" | squote }} clientXRoadInstance: {{ index $trembitaConfig.client "x-road-instance" | squote }} clientMemberClass: {{ index $trembitaConfig.client "member-class" | squote }} clientMemberCode: {{ index $trembitaConfig.client "member-code" | squote }} clientSubsystemCode: {{ index $trembitaConfig.client "subsystem-code" | squote }} registryToken: 'token' registryXRoadInstance: {{ index $trembitaConfig.service "x-road-instance" | squote }} registryMemberClass: {{ index $trembitaConfig.service "member-class" | squote }} registryMemberCode: {{ index $trembitaConfig.service "member-code" | squote }} registrySubsystemCode: {{ index $trembitaConfig.service "subsystem-code" | squote }} {{- end }} {{- else }} {{- $trembitaConfig := index .Values.trembitaMock.registries "edr-registry" }} trembitaUserId: {{ index $trembitaConfig "user-id" | squote }} trembitaUrl: {{ tpl $trembitaConfig.url . | squote }} trembitaProtocolVersion: {{ index $trembitaConfig "protocol-version" | squote }} clientXRoadInstance: {{ index $trembitaConfig.client "x-road-instance" | squote }} clientMemberClass: {{ index $trembitaConfig.client "member-class" | squote }} clientMemberCode: {{ index $trembitaConfig.client "member-code" | squote }} clientSubsystemCode: {{ index $trembitaConfig.client "subsystem-code" | squote }} registryToken: 'token' registryXRoadInstance: {{ index $trembitaConfig.service "x-road-instance" | squote }} registryMemberClass: {{ index $trembitaConfig.service "member-class" | squote }} registryMemberCode: {{ index $trembitaConfig.service "member-code" | squote }} registrySubsystemCode: {{ index $trembitaConfig.service "subsystem-code" | squote }} {{- end }} authenticatorFlow: false priority: 1 requirement: ALTERNATIVE builtIn: false description: '' providerId: basic-flow realm: citizen-portal topLevel: true

deploy-templates/templates/CitizenAuthFlow.yaml (95 lines of code) (raw):