deploy-templates/values.yaml (1,089 lines of code) (raw):
global:
notifications:
email:
type: internal
registryGroup:
name: "openshift"
keycloak:
clients:
adminPortal:
name: admin-portal
clientId: admin-portal
public: true
targetRealm:
name: admin
clientRoles:
- form-administrator
webUrl: '{{ template "admin-tools.url" . }}'
directAccess: false
audRequired: false
protocolMappers:
- config:
jsonType.label: String
name: drfo
multivalued: 'false'
userinfo.token.claim: 'true'
aggregate.attrs: 'false'
id.token.claim: 'true'
user.attribute: drfo
claim.name: drfo
access.token.claim: 'true'
name: drfo
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
- config:
jsonType.label: String
name: fullName
multivalued: 'false'
userinfo.token.claim: 'true'
aggregate.attrs: 'false'
id.token.claim: 'true'
user.attribute: fullName
claim.name: fullName
access.token.claim: 'true'
name: fullName
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
- config:
jsonType.label: String
name: edrpou
multivalued: 'false'
userinfo.token.claim: 'true'
aggregate.attrs: 'false'
id.token.claim: 'true'
user.attribute: edrpou
claim.name: edrpou
access.token.claim: 'true'
name: edrpou
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
- config:
access.token.claim: 'true'
claim.name: roles
id.token.claim: 'true'
jsonType.label: String
multivalued: 'true'
userinfo.token.claim: 'true'
name: realmRoles
protocol: openid-connect
protocolMapper: oidc-usermodel-realm-role-mapper
bpmsRealmAdminCitizenPortal:
name: bpms-realm-admin-citizen-portal
clientId: realm-admin
public: false
secretName: keycloak-realm-admin-citizen-client-secret
targetRealm:
name: citizen-portal
serviceAccountClientRoles:
- clientId: realm-management
roles:
- manage-clients
- manage-events
- create-client
- manage-authorization
- manage-identity-providers
- manage-realm
- manage-users
- query-clients
- query-groups
- query-realms
- query-users
- view-authorization
- view-clients
- view-events
- view-identity-providers
- view-realm
- view-users
webUrl: "https://bpms-{{ .Values.cdPipelineName }}-{{ .Values.cdPipelineStageName }}.{{ .Values.dnsWildcard }}"
directAccess: false
audRequired: false
bpmsRealmAdminOfficerPortal:
name: bpms-realm-admin-officer-portal
clientId: realm-admin
public: false
secretName: keycloak-realm-admin-officer-client-secret
targetRealm:
name: officer-portal
serviceAccountClientRoles:
- clientId: realm-management
roles:
- manage-clients
- manage-events
- create-client
- manage-authorization
- manage-identity-providers
- manage-realm
- manage-users
- query-clients
- query-groups
- query-realms
- query-users
- view-authorization
- view-clients
- view-events
- view-identity-providers
- view-realm
- view-users
webUrl: "https://bpms-{{ .Values.cdPipelineName }}-{{ .Values.cdPipelineStageName }}.{{ .Values.dnsWildcard }}"
directAccess: false
audRequired: false
importUsersClientOfficerPortal:
name: import-users-job
clientId: import-users-job
public: false
protocol: openid-connect
secretName: keycloak-realm-officer-import-users-client-secret
targetRealm:
name: officer-portal
serviceAccountClientRoles:
- clientId: realm-management
roles:
- manage-realm
- view-clients
- view-users
directAccess: false
audRequired: false
userAttributesManagementClientOfficerPortal:
name: user-attributes-management
clientId: user-attributes-management
public: false
protocol: openid-connect
secretName: keycloak-realm-officer-user-attributes-management-client-secret
targetRealm:
name: officer-portal
serviceAccountClientRoles:
- clientId: realm-management
roles:
- manage-realm
- view-users
- manage-users
directAccess: false
audRequired: false
citizenPortal:
name: citizen-portal
clientId: citizen-portal
public: true
targetRealm:
name: citizen-portal
clientRoles:
- administrator
- citizen
webUrl: '{{ template "citizen-portal.url" . }}'
directAccess: false
audRequired: false
protocolMappers:
- config:
jsonType.label: String
name: drfo
multivalued: 'false'
userinfo.token.claim: 'true'
aggregate.attrs: 'false'
id.token.claim: 'true'
user.attribute: drfo
claim.name: drfo
access.token.claim: 'true'
name: drfo
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
- config:
jsonType.label: String
name: fullName
multivalued: 'false'
userinfo.token.claim: 'true'
aggregate.attrs: 'false'
id.token.claim: 'true'
user.attribute: fullName
claim.name: fullName
access.token.claim: 'true'
name: fullName
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
- config:
jsonType.label: String
name: edrpou
multivalued: 'false'
userinfo.token.claim: 'true'
aggregate.attrs: 'false'
id.token.claim: 'true'
user.attribute: edrpou
claim.name: edrpou
access.token.claim: 'true'
name: edrpou
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
- config:
access.token.claim: 'true'
claim.name: roles
id.token.claim: 'true'
jsonType.label: String
multivalued: 'true'
userinfo.token.claim: 'true'
name: realm roles
protocol: openid-connect
protocolMapper: oidc-usermodel-realm-role-mapper
- config:
jsonType.label: String
name: rnokpp
multivalued: 'false'
userinfo.token.claim: 'true'
aggregate.attrs: 'false'
id.token.claim: 'true'
user.attribute: rnokpp
claim.name: rnokpp
access.token.claim: 'true'
name: rnokpp
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
- config:
jsonType.label: String
name: subjectType
multivalued: 'false'
userinfo.token.claim: 'true'
aggregate.attrs: 'false'
id.token.claim: 'true'
user.attribute: subjectType
claim.name: subjectType
access.token.claim: 'true'
name: subjectType
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
- config:
jsonType.label: boolean
name: representative
multivalued: 'false'
userinfo.token.claim: 'false'
aggregate.attrs: 'false'
id.token.claim: 'true'
user.attribute: representative
claim.name: representative
access.token.claim: 'true'
name: representative
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
- config:
jsonType.label: String
multivalued: 'true'
userinfo.token.claim: 'true'
id.token.claim: 'true'
access.token.claim: 'true'
user.attributes.exclude: 'edrpou##drfo##fullName##subjectType##representative'
name: All User Attributes Mapper
protocol: openid-connect
protocolMapper: oidc-usermodel-custom-attributes-mapper
bpmsSystemUserOfficerPortal:
name: bpms-system-user-officer-portal
clientId: system-user
public: false
secretName: keycloak-system-user-officer-client-secret
targetRealm:
name: officer-portal
realmRoles:
- officer
webUrl: "https://bpms-{{ .Values.cdPipelineName }}-{{ .Values.cdPipelineStageName }}.{{ .Values.dnsWildcard }}"
directAccess: false
audRequired: false
protocolMappers:
- config:
jsonType.label: String
name: drfo
multivalued: 'false'
userinfo.token.claim: 'true'
aggregate.attrs: 'false'
id.token.claim: 'true'
user.attribute: drfo
claim.name: drfo
access.token.claim: 'true'
name: drfo
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
- config:
jsonType.label: String
name: fullName
multivalued: 'false'
userinfo.token.claim: 'true'
aggregate.attrs: 'false'
id.token.claim: 'true'
user.attribute: fullName
claim.name: fullName
access.token.claim: 'true'
name: fullName
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
serviceAccountAttributes:
drfo: '00000000'
fullName: Сервісний користувач system-user
camundaCockpitAdminPortal:
name: camunda-cockpit-admin
clientId: camunda-cockpit
public: false
secretName: keycloak-client-camunda-cockpit-admin-secret
targetRealm:
name: admin
webUrl: "https://business-proc-admin-{{ .Values.cdPipelineName }}-{{ .Values.cdPipelineStageName }}.{{ .Values.dnsWildcard }}"
directAccess: false
audRequired: false
serviceAccountClientRoles:
- clientId: realm-management
roles:
- query-groups
- query-users
- view-users
camundaCockpitOfficerPortal:
name: camunda-cockpit-officer-portal
clientId: camunda-cockpit
public: false
secretName: keycloak-client-camunda-cockpit-officer-portal-secret
targetRealm:
name: officer-portal
webUrl: "https://business-proc-admin-{{ .Values.cdPipelineName }}-{{ .Values.cdPipelineStageName }}.{{ .Values.dnsWildcard }}"
directAccess: false
audRequired: false
serviceAccountClientRoles:
- clientId: realm-management
roles:
- query-groups
- query-users
- view-users
jenkinsDeployer:
name: jenkins-deployer
clientId: jenkins-deployer
public: false
secretName: jenkins-keycloak-client
targetRealm:
name: admin
webUrl: "https://jenkins-{{ .Release.Namespace }}.{{ .Values.dnsWildcard }}"
directAccess: false
audRequired: false
realmRoles:
- camunda-admin
officerPortal:
name: officer-portal
clientId: officer-portal
public: true
targetRealm:
name: officer-portal
webUrl: '{{ template "officer-portal.url" . }}'
directAccess: false
audRequired: false
clientRoles:
- administrator
protocolMappers:
- config:
jsonType.label: String
name: drfo
multivalued: 'false'
userinfo.token.claim: 'true'
aggregate.attrs: 'false'
id.token.claim: 'true'
user.attribute: drfo
claim.name: drfo
access.token.claim: 'true'
name: drfo
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
- config:
jsonType.label: String
name: fullName
multivalued: 'false'
userinfo.token.claim: 'true'
aggregate.attrs: 'false'
id.token.claim: 'true'
user.attribute: fullName
claim.name: fullName
access.token.claim: 'true'
name: fullName
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
- config:
jsonType.label: String
name: edrpou
multivalued: 'false'
userinfo.token.claim: 'true'
aggregate.attrs: 'false'
id.token.claim: 'true'
user.attribute: edrpou
claim.name: edrpou
access.token.claim: 'true'
name: edrpou
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
- config:
access.token.claim: 'true'
claim.name: roles
id.token.claim: 'true'
jsonType.label: String
multivalued: 'true'
userinfo.token.claim: 'true'
name: realm roles
protocol: openid-connect
protocolMapper: oidc-usermodel-realm-role-mapper
- config:
jsonType.label: String
name: rnokpp
multivalued: 'false'
userinfo.token.claim: 'true'
aggregate.attrs: 'false'
id.token.claim: 'true'
user.attribute: rnokpp
claim.name: rnokpp
access.token.claim: 'true'
name: rnokpp
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
# DEPRECATED will be removed in future release
- config:
jsonType.label: String
name: KATOTTG
multivalued: 'true'
userinfo.token.claim: 'true'
aggregate.attrs: 'false'
id.token.claim: 'true'
user.attribute: KATOTTG
claim.name: KATOTTG
access.token.claim: 'true'
name: KATOTTG
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
- config:
jsonType.label: String
multivalued: 'true'
userinfo.token.claim: 'true'
id.token.claim: 'true'
access.token.claim: 'true'
user.attributes.exclude: 'edrpou##drfo##fullName'
name: All User Attributes Mapper
protocol: openid-connect
protocolMapper: oidc-usermodel-custom-attributes-mapper
redashAdminLogout:
name: redash-admin-logout
clientId: redash-admin-logout
public: true
targetRealm:
name: admin
webUrl: '{{ template "admin-tools.url" . }}/reports'
directAccess: false
audRequired: false
redashAdmin:
name: redash-admin
clientId: redash-admin
public: true
targetRealm:
name: admin
webUrl: '{{ template "admin-tools.url" . }}/reports'
directAccess: true
audRequired: true
attributes:
saml.assertion.signature: 'true'
saml.client.signature: 'false'
saml_force_name_id_format: 'true'
saml_name_id_format: username
protocol: saml
frontChannelLogout: false
protocolMappers:
- config:
aggregate.attrs: ""
attribute.name: "edrpou"
friendly.name: "edrpou"
user.attribute: "edrpou"
name: "edrpou"
protocol: "saml"
protocolMapper: "saml-user-attribute-mapper"
- config:
aggregate.attrs: ""
attribute.name: "drfo"
friendly.name: "drfo"
user.attribute: "drfo"
name: "drfo"
protocol: "saml"
protocolMapper: "saml-user-attribute-mapper"
- config:
aggregate.attrs: ""
attribute.name: "fullName"
friendly.name: "fullName"
user.attribute: "fullName"
name: "fullName"
protocol: "saml"
protocolMapper: "saml-user-attribute-mapper"
- config:
user.attributes.exclude: 'edrpou##drfo##fullName'
name: "custom-attributes"
protocol: "saml"
protocolMapper: "saml-user-custom-attributes-mapper"
redashViewerLogout:
name: redash-viewer-logout
clientId: redash-viewer-logout
public: true
targetRealm:
name: officer-portal
webUrl: '{{ template "officer-portal.url" . }}/reports'
directAccess: false
audRequired: false
redashViewer:
name: redash-viewer
clientId: redash-viewer
public: true
targetRealm:
name: officer-portal
webUrl: '{{ template "officer-portal.url" . }}/reports'
directAccess: true
audRequired: false
attributes:
saml.assertion.signature: 'true'
saml.client.signature: 'false'
saml_force_name_id_format: 'true'
saml_name_id_format: username
protocol: saml
frontChannelLogout: false
protocolMappers:
- config:
aggregate.attrs: ""
attribute.name: "edrpou"
friendly.name: "edrpou"
user.attribute: "edrpou"
name: "edrpou"
protocol: "saml"
protocolMapper: "saml-user-attribute-mapper"
- config:
aggregate.attrs: ""
attribute.name: "drfo"
friendly.name: "drfo"
user.attribute: "drfo"
name: "drfo"
protocol: "saml"
protocolMapper: "saml-user-attribute-mapper"
- config:
aggregate.attrs: ""
attribute.name: "fullName"
friendly.name: "fullName"
user.attribute: "fullName"
name: "fullName"
protocol: "saml"
protocolMapper: "saml-user-attribute-mapper"
# DEPRECATED will be removed in future release
- config:
aggregate.attrs: ""
attribute.name: "KATOTTG"
friendly.name: "KATOTTG"
user.attribute: "KATOTTG"
name: "KATOTTG"
protocol: "saml"
protocolMapper: "saml-user-attribute-mapper"
- config:
user.attributes.exclude: 'edrpou##drfo##fullName'
name: "custom-attributes"
protocol: "saml"
protocolMapper: "saml-user-custom-attributes-mapper"
trembitaInvoker:
name: trembita-invoker
clientId: trembita-invoker
public: false
secretName: keycloak-trembita-invoker-client-secret
targetRealm:
name: external-system
directAccess: false
audRequired: false
realmRoles:
- trembita-invoker
protocolMappers:
- config:
access.token.claim: 'true'
aggregate.attrs: 'false'
claim.name: drfo
id.token.claim: 'true'
jsonType.label: String
multivalued: 'false'
name: drfo
user.attribute: drfo
userinfo.token.claim: 'true'
name: drfo
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
- config:
access.token.claim: 'true'
aggregate.attrs: 'false'
claim.name: edrpou
id.token.claim: 'true'
jsonType.label: String
multivalued: 'false'
name: edrpou
user.attribute: edrpou
userinfo.token.claim: 'true'
name: edrpou
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
- config:
access.token.claim: 'true'
aggregate.attrs: 'false'
claim.name: fullName
id.token.claim: 'true'
jsonType.label: String
multivalued: 'false'
name: fullName
user.attribute: fullName
userinfo.token.claim: 'true'
name: fullName
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
serviceAccountAttributes:
drfo: '0'
edrpou: '0'
fullName: Сервісний користувач Трембіти
trembitaUser:
name: trembita-user
clientId: trembita-user
public: false
secretName: keycloak-trembita-user-client-secret
targetRealm:
name: external-system
directAccess: false
audRequired: false
protocolMappers:
- config:
access.token.claim: 'true'
claim.name: drfo
claim.value: '0'
id.token.claim: 'true'
jsonType.label: String
name: drfo
userinfo.token.claim: 'true'
name: drfo
protocol: openid-connect
protocolMapper: oidc-hardcoded-claim-mapper
- config:
access.token.claim: 'true'
claim.name: edrpou
claim.value: '0'
id.token.claim: 'true'
jsonType.label: String
name: edrpou
userinfo.token.claim: 'true'
name: edrpou
protocol: openid-connect
protocolMapper: oidc-hardcoded-claim-mapper
- config:
access.token.claim: 'true'
claim.name: fullName
claim.value: Сервісний користувач Трембіти
id.token.claim: 'true'
jsonType.label: String
name: fullName
userinfo.token.claim: 'true'
name: fullName
protocol: openid-connect
protocolMapper: oidc-hardcoded-claim-mapper
publicUser:
name: public-user
clientId: public-user
public: false
secretName: keycloak-public-user-client-secret
targetRealm:
name: external-system
directAccess: false
audRequired: false
protocolMappers:
- config:
access.token.claim: 'true'
claim.name: drfo
claim.value: '0'
id.token.claim: 'true'
jsonType.label: String
name: drfo
userinfo.token.claim: 'true'
name: drfo
protocol: openid-connect
protocolMapper: oidc-hardcoded-claim-mapper
- config:
access.token.claim: 'true'
claim.name: edrpou
claim.value: '0'
id.token.claim: 'true'
jsonType.label: String
name: edrpou
userinfo.token.claim: 'true'
name: edrpou
protocol: openid-connect
protocolMapper: oidc-hardcoded-claim-mapper
- config:
access.token.claim: 'true'
claim.name: fullName
claim.value: Користувач публічним API
id.token.claim: 'true'
jsonType.label: String
name: fullName
userinfo.token.claim: 'true'
name: fullName
protocol: openid-connect
protocolMapper: oidc-hardcoded-claim-mapper
clientScopes:
redashAdmin:
name: redash-admin-role-list
scopeName: role_list
description: "Redash role list"
default: true
realm: admin
protocol: saml
protocolMappers:
- name: "role list"
protocol: saml
protocolMapper: "saml-role-list-mapper"
config:
"attribute.name": "RedashGroups"
"attribute.nameformat": "Basic"
"single": "false"
redashViewer:
name: redash-viewer-role-list
scopeName: role_list
description: "Redash role list"
default: true
realm: officer-portal
protocol: saml
protocolMappers:
- name: "role list"
protocol: saml
protocolMapper: "saml-role-list-mapper"
config:
"attribute.name": "RedashGroups"
"attribute.nameformat": "Basic"
"single": "false"
realms:
adminPortal:
name: admin
keycloakOwner: main
ssoRealm:
enabled: true
autoRedirectEnabled: false
name: '{{- template "keycloak.registryGroup.name" . -}}'
citizenPortal:
name: citizen-portal
keycloakOwner: main
browserFlow: dso-citizen-auth-flow
loginTheme: dso-citizen-login-theme
ssoRealm:
enabled: false
externalSystem:
name: external-system
keycloakOwner: main
ssoRealm:
enabled: true
autoRedirectEnabled: false
name: '{{- template "keycloak.registryGroup.name" . -}}'
officerPortal:
name: officer-portal
keycloakOwner: main
browserFlow: dso-officer-auth-flow
loginTheme: dso-officer-login-theme
ssoRealm:
enabled: true
autoRedirectEnabled: false
name: '{{- template "keycloak.registryGroup.name" . -}}'
realmEventConfig:
eventsListeners:
- jboss-logging
- update-user-event-listener
authFlows:
citizenIdGovUaAuthFlow:
name: id-gov-ua
realm: citizen-portal
alias: id-gov-ua
builtIn: false
providerId: basic-flow
topLevel: true
authenticators:
reviewConfigAuthenticator:
name: idp-review-profile
requirement: REQUIRED
priority: 1
authenticatorConfig:
update.profile.on.first.login: "off"
citizenRolesAuthenticator:
name: id-gov-ua-authenticator
requirement: REQUIRED
priority: 2
authenticatorConfig:
citizenDefaultRoles: "citizen;unregistered-individual;"
entrepreneurDefaultRoles: "citizen;unregistered-entrepreneur;"
legalDefaultRoles: "citizen;unregistered-legal;"
officerIdGovUaAuthFlow:
name: id-gov-ua-officer
realm: officer-portal
alias: id-gov-ua-officer-auth-flow
builtIn: false
providerId: basic-flow
topLevel: true
authenticators:
officerReviewConfigAuthenticator:
name: idp-review-profile
requirement: REQUIRED
priority: 1
authenticatorConfig:
update.profile.on.first.login: "off"
officerRolesAuthenticator:
name: id-gov-ua-officer-authenticator
requirement: REQUIRED
priority: 2
authenticatorConfig:
startPageUrl: '{{ template "officer-portal.url" . }}/officer/login'
themeFile: white-theme.js
title: ''
titleFull: ''
selfRegistrationEnabled: '{{ .Values.keycloak.realms.officerPortal.selfRegistration }}'
selfRegistrationDefaultRoles: unregistered-officer
individualAccessEnabled: '{{ .Values.portals.officer.individualAccessEnabled }}'
idGovUaOfficerRedirectorFlow:
name: id-gov-ua-officer-redirector
realm: officer-portal
alias: id-gov-ua-officer-redirector
builtIn: false
providerId: basic-flow
topLevel: true
authenticators:
authcookie:
name: auth-cookie
requirement: ALTERNATIVE
priority: 0
officerRedirectorConfiguration:
name: identity-provider-redirector
requirement: REQUIRED
priority: 1
authenticatorConfig:
defaultProvider: "idgovua-officer"
officerAuthFlow:
name: officer-portal-dso-officer-auth-flow
realm: officer-portal
alias: dso-officer-auth-flow
builtIn: false
providerId: basic-flow
topLevel: true
authenticators:
dsOfficerAuthenticator:
name: ds-officer-authenticator
requirement: ALTERNATIVE
priority: 1
authenticatorConfig:
dsoUrl: '{{ .Values.envVariables.digitalSignatureOpsUrl }}/api/esignature/owner'
widgetUrl: '{{ .Values.signWidget.url }}'
widgetHeight: '720'
startPageUrl: '{{ template "officer-portal.url" . }}/officer/login'
themeFile: white-theme.js
title: ''
titleFull: ''
selfRegistrationEnabled: '{{ .Values.keycloak.realms.officerPortal.selfRegistration }}'
selfRegistrationDefaultRoles: unregistered-officer
individualAccessEnabled: '{{ .Values.portals.officer.individualAccessEnabled }}'
authcookie:
name: auth-cookie
requirement: ALTERNATIVE
priority: 0
citizenAuthFlow:
name: citizen-portal-dso-citizen-auth-flow
edrCheck: true
authType: widget
widget:
url: https://eu.iit.com.ua/sign-widget/v20200922/
height: '720'
realmGroups:
camundaAdmin:
name: camunda-admin
realm: admin
officer:
name: officer
realm: officer-portal
realmRoles:
auditor:
name: auditor
realm: officer-portal
composite: false
camundaAdmin:
name: camunda-admin
realm: admin
composite: false
user-management:
name: user-management
realm: admin
composite: false
officer:
name: officer
realm: officer-portal
composite: false
trembitaInvoker:
name: trembita-invoker
realm: external-system
composite: false
redashAdmin:
name: redash-admin
realm: admin
composite: false
realmRoleBatches:
citizenSystemRoles:
name: citizen-system-roles
realm: citizen-portal
role:
batch:
name: citizen-system-roles
list:
- citizen
- unregistered-individual
- unregistered-entrepreneur
- unregistered-legal
- individual
- entrepreneur
- legal
officerSystemRoles:
name: officer-system-roles
realm: officer-portal
role:
batch:
name: officer-system-roles
list:
- unregistered-officer
caIsolation: false
envVariables:
digitalSignatureOpsUrl: "http://digital-signature-ops:8080"
signWidget:
url: https://eu.iit.com.ua/sign-widget/v20200922/
dataComponents:
codebases:
kafkaApi:
name: "registry-kafka-api"
version: "0.0.1"
buildTool: "docker"
jenkinsAgent: "dataplatform-jenkins-agent"
jobProvisioner: "registry"
codebaseBranch: "master"
soapApi:
name: "registry-soap-api"
version: "0.0.1"
buildTool: "docker"
jenkinsAgent: "dataplatform-jenkins-agent"
jobProvisioner: "registry"
codebaseBranch: "master"
restApi:
name: "registry-rest-api"
version: "0.0.1"
buildTool: "docker"
jenkinsAgent: "dataplatform-jenkins-agent"
jobProvisioner: "registry"
codebaseBranch: "master"
model:
name: "registry-model"
version: "0.0.1"
buildTool: "docker"
jenkinsAgent: "dataplatform-jenkins-agent"
jobProvisioner: "registry"
codebaseBranch: "master"
ceph:
objectBucketClaims:
datafactoryCephBucket:
name: datafactory-ceph-bucket
bucketclass: registry-bucket-class
storageClassName: registry-bucket
excerptSignatureBucket:
name: excerpt-signature-bucket
bucketclass: registry-bucket-class
storageClassName: registry-bucket
fileCephBucket:
name: file-ceph-bucket
bucketclass: registry-bucket-class
storageClassName: registry-bucket
fileExcerptBucket:
name: file-excerpt-bucket
bucketclass: registry-bucket-class
storageClassName: registry-bucket
excerptTemplatesBucket:
name: excerpt-templates
bucketclass: registry-bucket-class
storageClassName: registry-bucket
ssl: false
lowcodeFileStorage:
name: lowcode-file-storage
bucketclass: registry-bucket-class
storageClassName: registry-bucket
responseCephBucket:
name: response-ceph-bucket
bucketclass: registry-bucket-class
storageClassName: registry-bucket
userImportCephBucket:
name: user-import
bucketclass: registry-bucket-class
storageClassName: registry-bucket
userImportArchiveCephBucket:
name: user-import-archive
bucketclass: registry-bucket-class
storageClassName: registry-bucket
appLabel: registry-configuration
portals:
citizen:
customDns:
enabled: false
officer:
customDns:
enabled: false
individualAccessEnabled: false
trembitaMock:
registries:
edr-registry:
name: trembita-edr-registry-mock
user-id: MOCK
protocol-version: "4.0"
url: '{{ template "trembita-edr-registry-mock-url" . }}/mockEDRService'
client:
x-road-instance: MOCK
member-class: MOCK
member-code: '123456'
subsystem-code: '123456'
service:
x-road-instance: MOCK
member-class: MOCK
member-code: '123456'
subsystem-code: '123456'
registryConfigs:
trembitaRegistriesConfigurationName: trembita-registries-configuration
diiaConfigurationName: diia-configuration
externalSystemsConfigurationName: external-systems-configuration
externalSystemsEndpointConfigurationName: external-systems-endpoint-configuration
notificationBlacklistConfigurationName: notification-blacklist-configuration
externalSecrets:
trembitaRegistriesSecrets:
name: trembita-registries-external-secrets
secretStoreRef:
name: central-vault-secret-store
refreshInterval: "10s"
target:
name: trembita-registries-secrets
externalSystemsExternalSecrets:
name: external-systems-external-secrets
secretStoreRef:
name: central-vault-secret-store
refreshInterval: "10s"
target:
name: external-systems-secrets
diiaExternalSecret:
name: diia-external-secret
secretStoreRef:
name: central-vault-secret-store
refreshInterval: "10s"
target:
name: diia-secret
kongRedis:
serviceName: redis-kong-rate-limiting
secretName: redis-auth
port: 26379
validation:
email:
blacklist:
domains:
- "mail.ru"
- "internet.ru"
- "list.ru"
- "bk.ru"
- "inbox.ru"
- "mail.ua"
- "mail.kz"
- "mail.md"
- "yandex.ru"
- "yandex.ua"
- "mail.yandex.ru"
- "mail.yandex.ua"
- "ya.ru"
- "ya.ua"
- "yandex.kz"
- "yandex.by"
- "yandex.com"