{{ if (lookup "v1.edp.epam.com/v1" "KeycloakRealmIdentityProvider" .Release.Namespace "openshift-master") }} {{ else }} apiVersion: v1.edp.epam.com/v1 kind: KeycloakRealmIdentityProvider metadata: name: openshift-master annotations: helm.sh/resource-policy: keep spec: realm: master alias: openshift authenticateByDefault: false enabled: true firstBrokerLoginFlowAlias: "{{ .Values.master.authFlows.fixFbl.name }}" providerId: keycloak-oidc displayName: "openshift-sso" config: clientId: "openshift" clientSecret: {{ b64dec (lookup "v1" "Secret" .Release.Namespace "keycloak-client-openshift-secret").data.clientSecret }} hideOnLoginPage: "false" syncMode: "FORCE" userInfoUrl: "{{ .Values.keycloak.url }}/realms/openshift/protocol/openid-connect/userinfo" tokenUrl: "{{ .Values.keycloak.url }}/realms/openshift/protocol/openid-connect/token" authorizationUrl: "{{ .Values.keycloak.url }}/realms/openshift/protocol/openid-connect/auth" logoutUrl: "{{ .Values.keycloak.url }}/realms/openshift/protocol/openid-connect/logout" clientAuthMethod: "client_secret_post" mappers: - config: external.role: cp-cluster-mgmt-admin role: admin syncMode: FORCE identityProviderAlias: openshift identityProviderMapper: keycloak-oidc-role-to-role-idp-mapper name: cp-cluster-mgmt-admin {{ end }}