{{- $root := .Values }} {{- $release := .Release }} {{- range $realm := .Values.keycloak.realms }} --- apiVersion: v1.edp.epam.com/v1 kind: KeycloakRealm metadata: annotations: "helm.sh/resource-policy": keep labels: created-by: {{ $root.appLabel }} name: {{ $realm.name }} spec: keycloakOwner: {{ $realm.keycloakOwner }} realmName: {{ template "keycloak.realmName" (dict "root" $ "realm" $realm "release" $release) }} {{- if or (eq $realm.name "citizen-portal") (eq $realm.name "officer-portal") }} frontendUrl: {{ template "keycloak.frontendUrl" $ }} {{- end }} ssoRealmEnabled: {{ $realm.ssoRealm.enabled }} {{- if $realm.ssoRealm.enabled }} ssoAutoRedirectEnabled: {{ $realm.ssoRealm.autoRedirectEnabled }} ssoRealmName: {{ tpl $realm.ssoRealm.name $ }} {{- if eq $realm.name "officer-portal" }} realmEventConfig: {{ $realm.realmEventConfig | toYaml | nindent 4 }} {{- end }} {{- end }} {{- if $realm.users }} users: {{ $realm.users | toYaml | nindent 4 }} {{- end }} {{- if $realm.loginTheme }} themes: loginTheme: {{ $realm.loginTheme }} {{- end }} {{- if $realm.loginTheme }} browserSecurityHeaders: {{- if eq $realm.name "citizen-portal" }} contentSecurityPolicy: "frame-src 'self' https://{{ (urlParse $root.keycloak.citizenAuthFlow.widget.url).host }}; frame-ancestors 'self'; object-src 'none';" {{- else }} contentSecurityPolicy: "frame-src 'self' https://{{ (urlParse $root.signWidget.url).host }}; frame-ancestors 'self'; object-src 'none';" {{- end }} {{- end }} {{- if eq $realm.name "officer-portal" }} browserFlow: {{ $root.keycloak.realms.officerPortal.browserFlow }} {{- else }} {{- if $realm.browserFlow }} browserFlow: {{ $realm.browserFlow }} {{- end }} {{- end }} {{- end }}