From 15e74feab5999b16d935fb7a05921497553da1d1 Mon Sep 17 00:00:00 2001 From: Goncharenko Alexander Date: Tue, 13 Aug 2024 09:54:23 +0300 Subject: [PATCH] ci: unstable bk repo ci: fix ci: test test test fix test fix --- .github/workflows/release.yml | 25 +- charts/brokencrystals-unstable/.helmignore | 23 - charts/brokencrystals-unstable/Chart.yaml | 10 - .../templates/NOTES.txt | 1 - .../templates/_helpers.tpl | 62 - .../templates/config-keycloak-postgres.yaml | 9 - .../templates/config-keycloak.yaml | 2319 ----------------- .../templates/config-postgres.yaml | 30 - .../templates/deployment.yaml | 245 -- .../templates/ingress.yaml | 89 - .../templates/service.yaml | 35 - charts/brokencrystals-unstable/values.yaml | 17 - charts/brokencrystals/Chart.yaml | 2 +- .../templates/config-proxy.yaml | 60 - .../brokencrystals/templates/deployment.yaml | 36 +- charts/brokencrystals/templates/ingress.yaml | 10 +- .../tests/test-internal-connection.yaml | 1 + charts/brokencrystals/values.yaml | 4 +- 18 files changed, 46 insertions(+), 2932 deletions(-) delete mode 100644 charts/brokencrystals-unstable/.helmignore delete mode 100644 charts/brokencrystals-unstable/Chart.yaml delete mode 100644 charts/brokencrystals-unstable/templates/NOTES.txt delete mode 100644 charts/brokencrystals-unstable/templates/_helpers.tpl delete mode 100644 charts/brokencrystals-unstable/templates/config-keycloak-postgres.yaml delete mode 100644 charts/brokencrystals-unstable/templates/config-keycloak.yaml delete mode 100644 charts/brokencrystals-unstable/templates/config-postgres.yaml delete mode 100644 charts/brokencrystals-unstable/templates/deployment.yaml delete mode 100644 charts/brokencrystals-unstable/templates/ingress.yaml delete mode 100644 charts/brokencrystals-unstable/templates/service.yaml delete mode 100644 charts/brokencrystals-unstable/values.yaml delete mode 100644 charts/brokencrystals/templates/config-proxy.yaml rename charts/{brokencrystals-unstable => brokencrystals}/templates/tests/test-internal-connection.yaml (94%) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 247b85e..cbda192 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,7 +4,7 @@ on: push: branches: - main - - oleg/one-pod-sqli + - unstable jobs: packages: @@ -12,15 +12,26 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 - with: - fetch-depth: 0 - + - name: Setup Git run: | git config --global user.email "devops@brightsec.com" git config --global user.name "Bright Security" - - name: Release packages - uses: helm/chart-releaser-action@v1.5.0 + + - name: Change name to unstable + if: ${{ github.ref == 'refs/heads/unstable' }} + run: | + sed -i 's/brokencrystals/brokencrystals-unstable/g' ./charts/brokencrystals/Chart.yaml + sed -i 's/brkn/brkn-unstbl/g' ./charts/brokencrystals/Chart.yaml + + - name: Change values to development + if: ${{ github.ref == 'refs/heads/unstable' }} + run: | + sed -i 's/^ main:.*/ main: unstable/' ./charts/brokencrystals/values.yaml + sed -i 's/^ client:.*/ client: unstable/' ./charts/brokencrystals/values.yaml + + - name: Release packages main + uses: helm/chart-releaser-action@v1.6.0 env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - CR_SKIP_EXISTING: true + CR_SKIP_EXISTING: true \ No newline at end of file diff --git a/charts/brokencrystals-unstable/.helmignore b/charts/brokencrystals-unstable/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/brokencrystals-unstable/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/brokencrystals-unstable/Chart.yaml b/charts/brokencrystals-unstable/Chart.yaml deleted file mode 100644 index 1a7d96c..0000000 --- a/charts/brokencrystals-unstable/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -name: brokencrystals-unstable -description: | - Benchmark application that uses modern technologies and implements a set of - common security vulnerabilities -type: application -version: 0.0.79 -keywords: - - brokencrystals-unstable - - brkn-unstbl diff --git a/charts/brokencrystals-unstable/templates/NOTES.txt b/charts/brokencrystals-unstable/templates/NOTES.txt deleted file mode 100644 index f4aedaa..0000000 --- a/charts/brokencrystals-unstable/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ -https://{{ .Values.ingress.url }} diff --git a/charts/brokencrystals-unstable/templates/_helpers.tpl b/charts/brokencrystals-unstable/templates/_helpers.tpl deleted file mode 100644 index cd31aba..0000000 --- a/charts/brokencrystals-unstable/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "brokencrystals.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "brokencrystals.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 50 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 50 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 50 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "brokencrystals.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "brokencrystals.labels" -}} -helm.sh/chart: {{ include "brokencrystals.chart" . }} -{{ include "brokencrystals.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "brokencrystals.selectorLabels" -}} -app.kubernetes.io/name: {{ include "brokencrystals.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "brokencrystals.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "brokencrystals.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/brokencrystals-unstable/templates/config-keycloak-postgres.yaml b/charts/brokencrystals-unstable/templates/config-keycloak-postgres.yaml deleted file mode 100644 index 7fed4e3..0000000 --- a/charts/brokencrystals-unstable/templates/config-keycloak-postgres.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "brokencrystals.fullname" . }}-kc-db - namespace: {{ .Release.Namespace }} -data: - postgresql.conf.sample: | - listen_addresses = '*' - port = 5433 diff --git a/charts/brokencrystals-unstable/templates/config-keycloak.yaml b/charts/brokencrystals-unstable/templates/config-keycloak.yaml deleted file mode 100644 index de9ed70..0000000 --- a/charts/brokencrystals-unstable/templates/config-keycloak.yaml +++ /dev/null @@ -1,2319 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "brokencrystals.fullname" . }}-keycloak - namespace: {{ .Release.Namespace }} -data: - realm-export.json: | - { - "id": "brokencrystals", - "realm": "brokencrystals", - "displayName": "brokencrystals", - "notBefore": 0, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": false, - "editUsernameAllowed": false, - "bruteForceProtected": false, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 30, - "roles": { - "realm": [ - { - "id": "76df3b1f-025c-4d97-a11a-ca4316fc38ba", - "name": "default-roles-brokencrystals", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ], - "client": { - "account": [ - "view-profile", - "manage-account" - ] - } - }, - "clientRole": false, - "containerId": "brokencrystals", - "attributes": {} - }, - { - "id": "c5eb1313-6fe8-41a3-b55a-ace869d2f16f", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "brokencrystals", - "attributes": {} - }, - { - "id": "818cdd57-c0d7-4723-8d03-0ea6eedb0d1b", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "brokencrystals", - "attributes": {} - } - ], - "client": { - "realm-management": [ - { - "id": "86df622e-9e79-4bf0-87f9-2bf5153e90c8", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "dd35cf07-9f8a-4e4f-8725-d62b9ffc41c8", - "attributes": {} - }, - { - "id": "531fba86-bcb0-456e-8c79-3fc119b01d07", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "dd35cf07-9f8a-4e4f-8725-d62b9ffc41c8", - "attributes": {} - }, - { - "id": "22221ee7-1e8f-4f77-872e-3b3dfa2186e6", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "dd35cf07-9f8a-4e4f-8725-d62b9ffc41c8", - "attributes": {} - }, - { - "id": "38e457a9-da45-4732-8864-979fc980248e", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-users", - "view-authorization", - "create-client", - "manage-users", - "manage-authorization", - "query-realms", - "view-events", - "manage-clients", - "view-realm", - "manage-realm", - "impersonation", - "query-clients", - "query-groups", - "manage-events", - "view-clients", - "view-identity-providers", - "view-users", - "manage-identity-providers" - ] - } - }, - "clientRole": true, - "containerId": "dd35cf07-9f8a-4e4f-8725-d62b9ffc41c8", - "attributes": {} - }, - { - "id": "670a6047-a52d-4575-85df-073e40abe759", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "dd35cf07-9f8a-4e4f-8725-d62b9ffc41c8", - "attributes": {} - }, - { - "id": "ea418393-2398-4b66-ba07-8593f236df3a", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "dd35cf07-9f8a-4e4f-8725-d62b9ffc41c8", - "attributes": {} - }, - { - "id": "b0903622-2375-44b9-b316-01343340d03c", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "dd35cf07-9f8a-4e4f-8725-d62b9ffc41c8", - "attributes": {} - }, - { - "id": "cdd813f6-c9a3-4d97-b73d-beedf705a2f3", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "dd35cf07-9f8a-4e4f-8725-d62b9ffc41c8", - "attributes": {} - }, - { - "id": "8831c53e-7398-4834-9e19-1f85353abeb7", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "dd35cf07-9f8a-4e4f-8725-d62b9ffc41c8", - "attributes": {} - }, - { - "id": "6594ada9-4bf4-4adf-8b57-54b61b5d2846", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "dd35cf07-9f8a-4e4f-8725-d62b9ffc41c8", - "attributes": {} - }, - { - "id": "178b6507-0091-4d20-8a3d-e14031ae6513", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "dd35cf07-9f8a-4e4f-8725-d62b9ffc41c8", - "attributes": {} - }, - { - "id": "0f5981fa-e418-4d30-910f-259a177ee90b", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "dd35cf07-9f8a-4e4f-8725-d62b9ffc41c8", - "attributes": {} - }, - { - "id": "7e5cf1d5-d63f-42a3-b39d-a2e38e49854f", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "dd35cf07-9f8a-4e4f-8725-d62b9ffc41c8", - "attributes": {} - }, - { - "id": "22e578e0-7dcd-40dd-82a1-a52e1eac3d00", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "dd35cf07-9f8a-4e4f-8725-d62b9ffc41c8", - "attributes": {} - }, - { - "id": "66c360e2-e3d2-4270-9925-8f870e7a3db2", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "dd35cf07-9f8a-4e4f-8725-d62b9ffc41c8", - "attributes": {} - }, - { - "id": "f03352f9-8b01-4044-a71d-04eb11f58894", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "dd35cf07-9f8a-4e4f-8725-d62b9ffc41c8", - "attributes": {} - }, - { - "id": "6a8a2e5e-193b-4074-aa59-064ca167dea9", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "dd35cf07-9f8a-4e4f-8725-d62b9ffc41c8", - "attributes": {} - }, - { - "id": "56d43fda-017f-4bc7-84ca-0e7ac8b61242", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-users", - "query-groups" - ] - } - }, - "clientRole": true, - "containerId": "dd35cf07-9f8a-4e4f-8725-d62b9ffc41c8", - "attributes": {} - }, - { - "id": "1eb566df-6b92-4c4a-8783-7fcbbbdb3c80", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "dd35cf07-9f8a-4e4f-8725-d62b9ffc41c8", - "attributes": {} - } - ], - "security-admin-console": [], - "admin-cli": [], - "account-console": [], - "brokencrystals-client": [], - "broker": [ - { - "id": "68e437d4-907a-4827-b82c-e4b7d2b38af9", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "ad04675c-3437-4e6d-9499-26152105eb26", - "attributes": {} - } - ], - "account": [ - { - "id": "8c9b07a5-c334-4ba8-ab11-2a14bbe7c2e6", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "4d0b910b-8552-4f7d-a73b-b94082b75838", - "attributes": {} - }, - { - "id": "529f1ffe-8db3-4afe-9b45-26c3ae942030", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "4d0b910b-8552-4f7d-a73b-b94082b75838", - "attributes": {} - }, - { - "id": "ef4a1320-a0a5-4123-b204-8920ed457aed", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "4d0b910b-8552-4f7d-a73b-b94082b75838", - "attributes": {} - }, - { - "id": "65a7d9bc-3c6b-4f06-a2f7-646bd1a5aedc", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "4d0b910b-8552-4f7d-a73b-b94082b75838", - "attributes": {} - }, - { - "id": "adc604a4-9589-43ee-83ae-d7d74476447d", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "4d0b910b-8552-4f7d-a73b-b94082b75838", - "attributes": {} - }, - { - "id": "5388f153-1895-48fc-b56e-f7c187c7f97a", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "4d0b910b-8552-4f7d-a73b-b94082b75838", - "attributes": {} - }, - { - "id": "65f07e78-b846-4882-950d-4f4a61aa78df", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "4d0b910b-8552-4f7d-a73b-b94082b75838", - "attributes": {} - } - ] - } - }, - "groups": [], - "defaultRole": { - "id": "76df3b1f-025c-4d97-a11a-ca4316fc38ba", - "name": "default-roles-brokencrystals", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "brokencrystals" - }, - "requiredCredentials": [ - "password" - ], - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" - ], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [ - { - "name": "builtin-default-policy", - "builtin": true, - "enable": false - } - ] - }, - "users": [ - { - "id": "0fb3b845-ca4a-4a2c-ba5f-47bee5acc5a0", - "createdTimestamp": 1622062370461, - "username": "service-account-admin-cli", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "admin-cli", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-brokencrystals" - ], - "clientRoles": { - "realm-management": [ - "manage-users" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "8bb69acc-3ba2-4232-a79b-062d3d655540", - "createdTimestamp": 1622129809364, - "username": "service-account-brokencrystals-client", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "brokencrystals-client", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-brokencrystals" - ], - "notBefore": 0, - "groups": [] - } - ], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clientScopeMappings": { - "realm-management": [ - { - "client": "admin-cli", - "roles": [ - "manage-users" - ] - } - ], - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account" - ] - } - ] - }, - "clients": [ - { - "id": "4d0b910b-8552-4f7d-a73b-b94082b75838", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/brokencrystals/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/brokencrystals/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "50654c20-37a5-4438-acb0-a543ccb1c4ce", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/brokencrystals/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/brokencrystals/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "8abe66eb-d376-4816-9def-41196655b375", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "24d3efc3-05fe-48c0-869d-4bc2f0ce6425", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "3abff4a7-6649-4bae-a105-9bd1fb52a2cd", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "false", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "6f638b73-da30-453c-8ca5-fd949f073a63", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "9efb7e2d-078d-4fc2-ac78-e9793ad63ca4", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "511bc1f7-735c-4d0a-95bc-930e750b1264", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "c5877e1b-8460-480c-840b-52341e1c0f82", - "clientId": "brokencrystals-client", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "4bfb5df6-4647-46dd-bad1-c8b8ffd7caf4", - "redirectUris": [ - "http://localhost:3001/" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "53c5208e-ec9d-4e6b-b906-92df548c3ec1", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "338c5859-ea3b-4397-a4e5-757c3366ffdb", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "03ab0da9-9571-4743-a37b-f8d301a2c927", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "ad04675c-3437-4e6d-9499-26152105eb26", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "dd35cf07-9f8a-4e4f-8725-d62b9ffc41c8", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "06c10fbb-fd5e-44d6-bba4-c8da8174fe87", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/brokencrystals/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/admin/brokencrystals/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "9f25a0aa-fe81-4758-b637-70bd6bffaf8b", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - } - ], - "clientScopes": [ - { - "id": "14e57420-6fda-4e03-b1e5-96eca90563d7", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "1d919b52-3e66-48c1-a9d5-d4da45470cd6", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "c78714bd-b99e-4aea-ace1-a3d87f346a2e", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "2e03964d-1811-4c3b-8d5b-83339449e483", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - }, - { - "id": "91b73d38-c0d7-41ec-b53c-d14fe2aabaaf", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - } - ] - }, - { - "id": "a43edb37-351d-4786-81f8-dda3479fd3bc", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "6e0bf86c-0058-4c42-8bf7-27645f6961dd", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "564c040b-2522-428d-8cd5-5e52eaff91d0", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "3563c031-1b37-4ca3-abae-9a926d7b9f9d", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "id": "7f1928a5-a456-4c02-b192-89d4b0477230", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - } - ] - }, - { - "id": "eed2dc48-87e5-4f65-b647-617d0b5a5d3b", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "42347b23-5e3c-4605-ae4c-985962eeb338", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "585cd55f-5fa9-4355-b61c-c6e71dc36470", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" - } - }, - { - "id": "2d3d26a3-3d8e-4e1d-b60f-13695c301198", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "id": "aec91b61-fb25-4515-8577-73105914ce29", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "id": "0b30e13b-f104-49fd-a649-28b0cbf57968", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "cd07a698-c6d0-43a5-913b-bf1d0e25c95a", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "48eb8ae6-1c23-41bf-adaa-3809696f6db5", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "d25c09dc-bd01-45b6-ba54-5bf0f7bb9d26", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "54226555-760a-4ef0-b37f-68f252713eac", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "116e910f-db97-4777-9665-5d7b85ae476e", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "a67c1fd6-4641-4947-99b1-cd4766410d8c", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "800f8dd3-1252-4afe-b0de-cd4cf96fd3c3", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "ebe1947f-a6ec-4ad3-afe5-32c37de8dd0d", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "da1cc70b-770d-4c83-ae5a-1770b0694d52", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "7ac2067c-aef9-40f8-9618-89ccb48a47be", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "dec75f56-6622-4df4-9083-650229498753", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "442de62c-0591-4a07-b015-2d8dbe9dc84f", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "e28452fb-40fd-48df-bd2a-b573bc9b42a8", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - }, - { - "id": "703ef138-0598-45a8-8e1c-4e4bc24834c8", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "userinfo.token.claim": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "80bb590a-efc2-43e0-a7f5-ada98ef7ad24", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "f4405337-a651-4a13-abd2-fdb80493cc87", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "0406ed1f-c2ae-4f71-b78a-7531589006d5", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "1054d851-d995-4394-8ce1-ec5f03366447", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "f54de0ba-2860-4aab-be91-557d6f5a5ab9", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ] - } - ], - "defaultDefaultClientScopes": [ - "role_list", - "profile", - "email", - "roles", - "web-origins" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": {}, - "eventsEnabled": false, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "identityProviders": [], - "identityProviderMappers": [], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "d3ece381-27b4-4fe5-a97e-87ef6d16c5e4", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "aa2fd003-879c-4c27-b7e7-f739c375bc8d", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "2d3c62a4-c051-45af-a0dc-8003d049a2e9", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "9b77dafb-f806-46e4-a8d9-8795c355678e", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "d5607508-2a67-4d8c-a2cc-f4384f7b0b9a", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "56597476-17ea-4f31-a4b6-5be2997e41ca", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "c8853123-7de8-481e-a5fa-6182122a6518", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-user-property-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-usermodel-property-mapper", - "oidc-full-name-mapper", - "oidc-address-mapper", - "saml-user-attribute-mapper", - "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper" - ] - } - }, - { - "id": "630af4da-b8ad-4856-9d17-32af63882247", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-address-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-property-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-role-list-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-attribute-mapper", - "saml-user-property-mapper" - ] - } - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "32c91211-5f39-4836-ac86-a126e0d873d3", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "71296311-1161-4d24-9d38-04c877a2cc2f", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - }, - { - "id": "c85b22f1-6ad5-4099-a31f-19d552520dba", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - } - ] - }, - "internationalizationEnabled": false, - "supportedLocales": [], - "authenticationFlows": [ - { - "id": "eb050a2b-35a5-48b0-83d8-4bc6279c1957", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "414482bf-90fc-4451-a3f7-a98263637ec1", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "bc5b2eb0-53c8-41ed-a2d2-f9640ffb7c64", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "2bd52be8-c5db-4b5b-a1e7-3f4315528d58", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "dfe903ed-2408-43ec-b7da-0903df4adfda", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "367fd3c1-a063-461b-8a30-ca76ce24f316", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "4bb2bf1c-efc8-4571-a6ea-dc0e4583dd8e", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "54ccbfb2-60e8-4702-a091-1984461ce7fc", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "fc8c7da2-8a07-4cc7-86eb-c7da047ddaeb", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "c8c392fc-5cf9-4a28-abd0-3386f6e8ebdd", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "5c0fe8fb-2d75-40f3-882f-453acce28de3", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "1f5ddb12-65e1-49a9-a586-a0f2ec0fa0fd", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "449191ba-8b0e-4b45-92ea-15255d863d4d", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "a58598ee-b193-4e46-9182-7b00e67e576f", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "636461b5-d8bb-47b2-b718-c2fb6b798aa7", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "6db6576d-362d-4bd4-9183-a484c84a1025", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "7cce7345-c01e-48a2-baae-09b5912e0354", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "b9137231-4e05-48b5-b518-ee66878a7e56", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-profile-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "e4c3f4cc-b60f-4d57-bcc9-9fd887a9e24c", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "3843d12b-e031-4678-a21f-26e4fc5f3002", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "16d1d77e-0ffc-49ab-9ace-8f56d9e421b9", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "09833f54-81bb-491a-ba05-5b5a0b57280d", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "terms_and_conditions", - "name": "Terms and Conditions", - "providerId": "terms_and_conditions", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", - "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", - "clientOfflineSessionMaxLifespan": "0", - "oauth2DevicePollingInterval": "5", - "clientSessionIdleTimeout": "0", - "clientSessionMaxLifespan": "0", - "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" - }, - "keycloakVersion": "13.0.1", - "userManagedAccessAllowed": false - } diff --git a/charts/brokencrystals-unstable/templates/config-postgres.yaml b/charts/brokencrystals-unstable/templates/config-postgres.yaml deleted file mode 100644 index 9044c6f..0000000 --- a/charts/brokencrystals-unstable/templates/config-postgres.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "brokencrystals.fullname" . }}-postgres - namespace: {{ .Release.Namespace }} -data: - pg.sql: | - set names 'utf8'; - set session_replication_role = 'replica'; - create table "user" ("id" serial primary key, "created_at" timestamptz(0) not null, "updated_at" timestamptz(0) not null, "email" varchar(255) not null, "password" varchar(255) not null, "first_name" varchar(255) not null, "last_name" varchar(255) not null, "is_admin" bool not null, "photo" bytea null, "company" varchar(255) not null, "card_number" varchar(255) not null, "phone_number" varchar(255) not null, "is_basic" bool not null); - create table "testimonial" ("id" serial primary key, "created_at" timestamptz(0) not null, "updated_at" timestamptz(0) not null, "name" varchar(255) not null, "title" varchar(255) not null, "message" varchar(255) not null); - create table "product" ("id" serial primary key, "created_at" timestamptz(0) not null default now(), "category" varchar(255) not null, "photo_url" varchar(255) not null, "name" varchar(255) not null, "description" varchar(255) null, "views_count" int DEFAULT 0); - set session_replication_role = 'origin'; - --password is admin - INSERT INTO "user" (created_at, updated_at, email, password, first_name, last_name, is_admin, photo, company, card_number, phone_number, is_basic) VALUES (now(), now(), 'admin', '$2b$10$BBJjmVNNdyEgv7pV/zQR9u/ssIuwZsdDJbowW/Dgp28uws3GmO0Ky', 'admin', 'admin', true, null, 'Brightsec', '1234 5678 9012 3456', '+1 234 567 890', true); - INSERT INTO "user" (created_at, updated_at, email, password, first_name, last_name, is_admin, photo, company, card_number, phone_number, is_basic) VALUES (now(), now(), 'user', '$2b$10$edsq4aqzAHnrJu68t8GS2.v0Z7hJSstAo7wBBDmmbpjYGxMMTYpVi', 'user', 'user', false, null, 'Brightsec', '1234 5678 9012 3456', '+1 234 567 890', true); - --insert default products into the table - INSERT INTO "product" ("created_at", "category", "photo_url", "name", "description") VALUES (now(), 'Healing', '/api/file?path=config/products/crystals/amethyst.jpg&type=image/jpg', 'Amethyst', 'a violet variety of quartz'); - INSERT INTO "product" ("created_at", "category", "photo_url", "name", "description") VALUES (now(), 'Gemstones', '/api/file?path=config/products/crystals/ruby.jpg&type=image/jpg', 'Ruby', 'an intense heart crystal'); - INSERT INTO "product" ("created_at", "category", "photo_url", "name", "description") VALUES (now(), 'Healing', '/api/file?path=config/products/crystals/opal.jpg&type=image/jpg', 'Opal', 'the precious stone'); - INSERT INTO "product" ("created_at", "category", "photo_url", "name", "description") VALUES (now(), 'Jewellery', '/api/file?path=config/products/crystals/sapphire.jpg&type=image/jpg', 'Sapphire', ''); - INSERT INTO "product" ("created_at", "category", "photo_url", "name", "description") VALUES (now(), 'Healing', '/api/file?path=config/products/crystals/amber.jpg&type=image/jpg', 'Amber', 'fossilized tree resin'); - INSERT INTO "product" ("created_at", "category", "photo_url", "name", "description") VALUES (now(), 'Jewellery', '/api/file?path=config/products/crystals/emerald.jpg&type=image/jpg', 'Emerald', 'symbol of fertility and life'); - INSERT INTO "product" ("created_at", "category", "photo_url", "name", "description") VALUES (now(), 'Jewellery', '/api/file?path=config/products/crystals/shattuckite.jpg&type=image/jpg', 'Shattuckite', 'mistery'); - INSERT INTO "product" ("created_at", "category", "photo_url", "name", "description") VALUES (now(), 'Gemstones', '/api/file?path=config/products/crystals/bismuth.jpg&type=image/jpg', 'Bismuth', 'rainbow'); - INSERT INTO "product" ("created_at", "category", "photo_url", "name", "description") VALUES ('2005-01-10 12:00:00', 'Gemstones', '/api/file?path=config/products/crystals/labradorite.jpg&type=image/jpg', 'Labradorite', 'rainbow'); - INSERT INTO "product" ("created_at", "category", "photo_url", "name", "description") VALUES ('2023-12-10 12:00:00', 'Gemstones', '/api/file?path=config/products/crystals/axinite.jpg&type=image/jpg', 'Axinite', 'brown'); - INSERT INTO "product" ("created_at", "category", "photo_url", "name", "description") VALUES ('2020-11-18 12:00:00', 'Gemstones', '/api/file?path=config/products/crystals/pietersite.jpg&type=image/jpg', 'Pietersite', 'blue'); - - CREATE INDEX IF NOT EXISTS "IDX_users_email" ON "user" ("email"); diff --git a/charts/brokencrystals-unstable/templates/deployment.yaml b/charts/brokencrystals-unstable/templates/deployment.yaml deleted file mode 100644 index 5f9249a..0000000 --- a/charts/brokencrystals-unstable/templates/deployment.yaml +++ /dev/null @@ -1,245 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Release.Name }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: {{ .Release.Name }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app: {{ .Release.Name }} - spec: - hostAliases: - - ip: "127.0.0.1" - hostnames: - - "postgres" - - "keycloak-postgres" - - "keycloak" - - "nodejs" - - "proxy" - - "repeater" - - "mailcatcher" - - "brokencrystals" - containers: - - name: postgres - image: postgres - livenessProbe: - tcpSocket: - port: 5432 - initialDelaySeconds: 60 - periodSeconds: 30 - env: - - name: POSTGRES_DB - value: "bc" - - name: POSTGRES_USER - value: "bc" - - name: POSTGRES_PASSWORD - value: "bc" - resources: - requests: - cpu: 200m - memory: 100Mi - volumeMounts: - - name: {{ include "brokencrystals.fullname" . }}-postgres - mountPath: /docker-entrypoint-initdb.d/pg.sql - subPath: pg.sql - readOnly: true - - - name: keycloak-postgres - image: postgres:12.2-alpine - ports: - - containerPort: 5433 - livenessProbe: - tcpSocket: - port: 5433 - initialDelaySeconds: 60 - periodSeconds: 30 - env: - - name: POSTGRES_DB - value: "keycloak" - - name: POSTGRES_USER - value: "keycloak" - - name: POSTGRES_PASSWORD - value: "password" - resources: - requests: - cpu: 100m - memory: 50Mi - volumeMounts: - - name: {{ include "brokencrystals.fullname" . }}-kc-db - mountPath: /usr/local/share/postgresql/postgresql.conf.sample - subPath: postgresql.conf.sample - readOnly: true - - - name: keycloak - image: quay.io/keycloak/keycloak:16.1.1 - resources: - requests: - cpu: 200m - memory: 500Mi - livenessProbe: - httpGet: - path: / - port: 8080 - scheme: HTTP - initialDelaySeconds: 120 - periodSeconds: 30 - env: - - name: DB_VENDOR - value: "POSTGRES" - - name: DB_ADDR - value: "keycloak-postgres" - - name: DB_PORT - value: "5433" - - name: DB_DATABASE - value: "keycloak" - - name: DB_SCHEMA - value: "public" - - name: DB_PASSWORD - value: "password" - - name: KEYCLOAK_USER - value: "admin" - - name: KEYCLOAK_PASSWORD - value: "Pa55w0rd" - - name: KEYCLOAK_IMPORT - value: "/opt/jboss/keycloak/imports/realm-export.json -Dkeycloak.profile.feature.upload_scripts=enabled" - - name: PROXY_ADDRESS_FORWARDING - value: "true" - - name: KEYCLOAK_FRONTEND_URL - value: "https://auth{{ .Values.ingress.authlevel }}{{ .Values.ingress.url }}/auth/" - volumeMounts: - - name: {{ include "brokencrystals.fullname" . }}-keycloak - mountPath: /opt/jboss/keycloak/imports/realm-export.json - subPath: realm-export.json - readOnly: true - - - name: nodejs - image: brightsec/brokencrystals:{{ .Values.images.main }} - env: - - name: URL - value: "https://{{ .Values.ingress.url }}" - - name: DATABASE_HOST - value: "postgres" - - name: DATABASE_SCHEMA - value: "bc" - - name: DATABASE_USER - value: "bc" - - name: DATABASE_PASSWORD - value: "bc" - - name: DATABASE_PORT - value: "5432" - - name: DATABASE_DEBUG - value: "true" - - name: AWS_BUCKET - value: "https://neuralegion-open-bucket.s3.amazonaws.com" - - name: GOOGLE_MAPS_API - value: "AIzaSyD2wIxpYCuNI0Zjt8kChs2hLTS5abVQfRQ" - - name: JWT_PRIVATE_KEY_LOCATION - value: "config/keys/jwtRS256.key" - - name: JWT_PUBLIC_KEY_LOCATION - value: "config/keys/jwtRS256.key.pub.pem" - - name: JWT_SECRET_KEY - value: "1234" - - name: JWK_PRIVATE_KEY_LOCATION - value: "config/keys/jwk.key.pem" - - name: JWK_PUBLIC_KEY_LOCATION - value: "config/keys/jwk.pub.key.pem" - - name: JWK_PUBLIC_JSON - value: "config/keys/jwk.pub.json" - - name: JKU_URL - value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/jku.json" - - name: X5U_URL - value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/x509.crt" - {{ $configmap := (lookup "v1" "ConfigMap" .Release.Namespace .Values.clusterConfigMap) }} - {{- if $configmap}} - envFrom: - - configMapRef: - name: {{ $configmap.metadata.name }} - {{- end}} - resources: - requests: - cpu: 900m - memory: 1024Mi - limits: - memory: 15G - livenessProbe: - httpGet: - path: /api/config - port: 3000 - scheme: HTTP - initialDelaySeconds: 120 - periodSeconds: 30 - - - name: mailcatcher - image: sj26/mailcatcher - - {{- if and .Values.repeaterID .Values.token .Values.cluster }} - - name: repeater - image: brightsec/cli{{ if ne .Values.repeaterImageTag "" }}:{{ .Values.repeaterImageTag }}{{ else }}:latest{{ end }} - command: ["bright-cli", "repeater"] - args: - - "--token=$(TOKEN)" - - "--id=$(REPEATER_ID)" - - "--cluster=$(CLUSTER)" - - "--timeout=$(TIMEOUT)" - - "--log-level=verbose" - resources: - requests: - cpu: 200m - memory: 100Mi - env: - - name: REPEATER_ID - value: "{{ .Values.repeaterID }}" - - name: TOKEN - value: "{{ .Values.token }}" - - name: CLUSTER - value: "{{ .Values.cluster }}" - - name: TIMEOUT - value: "{{ .Values.timeout | default "30000" }}" - {{- end }} - - {{- if and .Values.snifferApiKey .Values.snifferProjectID .Values.snifferApiURL }} - - name: sniffer-agent - securityContext: - capabilities: - add: ["NET_RAW", "NET_ADMIN"] - image: ghcr.io/neuralegion/sniffer-agent:latest - args: - - "-a=$(API_URL)" - - "-t=$(API_KEY)" - - "-p=$(PROJECT_ID)" - - "-i=$(NETWORK_INTERFACE)" - resources: - requests: - cpu: 200m - memory: 100Mi - env: - - name: API_URL - value: "{{ .Values.snifferApiURL }}" - - name: API_KEY - value: "{{ .Values.snifferApiKey }}" - - name: PROJECT_ID - value: "{{ .Values.snifferProjectID }}" - - name: NETWORK_INTERFACE - value: "{{ .Values.snifferNetworkInterface | default "eth0" }}" - {{- end }} - restartPolicy: Always - - volumes: - - name: {{ include "brokencrystals.fullname" . }}-postgres - configMap: - name: {{ include "brokencrystals.fullname" . }}-postgres - - name: {{ include "brokencrystals.fullname" . }}-kc-db - configMap: - name: {{ include "brokencrystals.fullname" . }}-kc-db - - name: {{ include "brokencrystals.fullname" . }}-keycloak - configMap: - name: {{ include "brokencrystals.fullname" . }}-keycloak diff --git a/charts/brokencrystals-unstable/templates/ingress.yaml b/charts/brokencrystals-unstable/templates/ingress.yaml deleted file mode 100644 index 743762b..0000000 --- a/charts/brokencrystals-unstable/templates/ingress.yaml +++ /dev/null @@ -1,89 +0,0 @@ - ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "brokencrystals.fullname" . }} - namespace: {{ .Release.Namespace }} - annotations: - nginx.ingress.kubernetes.io/proxy-ssl-protocols: "TLSv1.1 TLSv1.2" - nginx.ingress.kubernetes.io/ssl-redirect: "false" - {{ if eq .Values.ingress.cert "" }} - cert-manager.io/cluster-issuer: letsencrypt-cf-prod - {{ end }} -spec: - ingressClassName: nginx - tls: - - hosts: - - {{ .Values.ingress.url }} - secretName: {{ if eq .Values.ingress.cert "" }}{{ include "brokencrystals.fullname" . }}-brokencrystals-secret{{ else }}{{ .Values.ingress.cert }}{{ end }} - rules: - - host: {{ .Values.ingress.url }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ .Release.Name }} - port: - number: 3000 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "brokencrystals.fullname" . }}-keycloak - namespace: {{ .Release.Namespace }} - annotations: - nginx.ingress.kubernetes.io/ssl-redirect: "false" - nginx.ingress.kubernetes.io/proxy-ssl-protocols: "TLSv1.1 TLSv1.2" - {{ if eq .Values.ingress.cert "" }} - cert-manager.io/cluster-issuer: letsencrypt-cf-prod - {{ end }} -spec: - ingressClassName: nginx - tls: - - hosts: - - auth{{ .Values.ingress.authlevel }}{{ .Values.ingress.url }} - secretName: {{ if eq .Values.ingress.cert "" }}{{ include "brokencrystals.fullname" . }}-brokencrystals-keycloak-secret{{ else }}{{ .Values.ingress.cert }}{{ end }} - rules: - - host: auth{{ .Values.ingress.authlevel }}{{ .Values.ingress.url }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ .Release.Name }}-keycloak - port: - number: 8080 - ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "brokencrystals.fullname" . }}-mailcatcher - namespace: {{ .Release.Namespace }} - annotations: - nginx.ingress.kubernetes.io/ssl-redirect: "false" - nginx.ingress.kubernetes.io/proxy-ssl-protocols: "TLSv1.1 TLSv1.2" - {{ if eq .Values.ingress.cert "" }} - cert-manager.io/cluster-issuer: letsencrypt-cf-prod - {{ end }} -spec: - ingressClassName: nginx - tls: - - hosts: - - mailcatcher-{{ .Values.ingress.url }} - secretName: {{ if eq .Values.ingress.cert "" }}{{ include "brokencrystals.fullname" . }}-mailcatcher-secret{{ else }}{{ .Values.ingress.cert }}{{ end }} - rules: - - host: mailcatcher-{{ .Values.ingress.url }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ .Release.Name }}-mailcatcher - port: - number: 1080 diff --git a/charts/brokencrystals-unstable/templates/service.yaml b/charts/brokencrystals-unstable/templates/service.yaml deleted file mode 100644 index c290661..0000000 --- a/charts/brokencrystals-unstable/templates/service.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }} -spec: - selector: - app: {{ .Release.Name }} - ports: - - protocol: TCP - port: 3000 - targetPort: 3000 ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-keycloak -spec: - selector: - app: {{ .Release.Name }} - ports: - - protocol: TCP - port: 8080 - targetPort: 8080 ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-mailcatcher -spec: - selector: - app: {{ .Release.Name }} - ports: - - protocol: TCP - port: 1080 - targetPort: 1080 diff --git a/charts/brokencrystals-unstable/values.yaml b/charts/brokencrystals-unstable/values.yaml deleted file mode 100644 index dda4d46..0000000 --- a/charts/brokencrystals-unstable/values.yaml +++ /dev/null @@ -1,17 +0,0 @@ -ingress: - url: k3s.brokencrystals.nexploit.app - cert: "" - authlevel: "." -images: - main: unstable - client: unstable -repeaterImageTag: "" -repeaterID: "" -token: "" -cluster: "" -timeout: "" -snifferApiURL: "" -snifferApiKey: "" -snifferProjectID: "" -snifferNetworkInterface: "" -clusterConfigMap: "brokencrystals-config" diff --git a/charts/brokencrystals/Chart.yaml b/charts/brokencrystals/Chart.yaml index 4620cd7..ef52317 100644 --- a/charts/brokencrystals/Chart.yaml +++ b/charts/brokencrystals/Chart.yaml @@ -4,7 +4,7 @@ description: | Benchmark application that uses modern technologies and implements a set of common security vulnerabilities type: application -version: 0.0.73 +version: 0.0.81 icon: https://raw.githubusercontent.com/NeuraLegion/brokencrystals/stable/public/public/assets/img/logo.png keywords: - brokencrystals diff --git a/charts/brokencrystals/templates/config-proxy.yaml b/charts/brokencrystals/templates/config-proxy.yaml deleted file mode 100644 index e7d488b..0000000 --- a/charts/brokencrystals/templates/config-proxy.yaml +++ /dev/null @@ -1,60 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "brokencrystals.fullname" . }}-nginx-proxy - namespace: {{ .Release.Namespace }} -data: - # /etc/nginx/conf.d/default.conf - default.conf: | - server { - listen [::]:80 ipv6only=on; - listen 80; - - root /var/www/html; - - # Load configuration files for the default server block. - include /etc/nginx/default.d/*.conf; - - index index.html; - - location / { - autoindex on; - try_files $uri $uri/ /index.html =404; - } - - location /api { - proxy_pass http://127.0.0.1:3000; - } - - location /swagger { - proxy_pass http://127.0.0.1:3000; - } - - location /graphiql { - proxy_pass http://127.0.0.1:3000; - } - - location /graphql { - proxy_pass http://127.0.0.1:3000; - } - - location /put.raw { - rewrite put.raw /api/file/raw?path=./gil.txt break; - proxy_pass http://127.0.0.1:3000; - } - - location ~* ^/(config\.js|config\.json|\.htaccess|\.env|\.nginx\.conf|\.robots\.txt)$ { - allow all; - log_not_found off; - access_log off; - expires 1d; - } - - error_page 404 /404.html; - location = /404.html { - } - - error_page 500 502 503 504 /50x.html; - location = /50x.html { - } - } diff --git a/charts/brokencrystals/templates/deployment.yaml b/charts/brokencrystals/templates/deployment.yaml index ba2b39e..a7f098d 100644 --- a/charts/brokencrystals/templates/deployment.yaml +++ b/charts/brokencrystals/templates/deployment.yaml @@ -27,7 +27,7 @@ spec: - "proxy" - "repeater" - "mailcatcher" - - "brokencrystals.local" + - "brokencrystals" containers: - name: postgres image: postgres @@ -51,7 +51,7 @@ spec: - name: {{ include "brokencrystals.fullname" . }}-postgres mountPath: /docker-entrypoint-initdb.d/pg.sql subPath: pg.sql - readOnly: true + readOnly: true - name: keycloak-postgres image: postgres:12.2-alpine @@ -72,7 +72,7 @@ spec: resources: requests: cpu: 100m - memory: 50Mi + memory: 50Mi volumeMounts: - name: {{ include "brokencrystals.fullname" . }}-kc-db mountPath: /usr/local/share/postgresql/postgresql.conf.sample @@ -152,7 +152,7 @@ spec: value: "config/keys/jwk.key.pem" - name: JWK_PUBLIC_KEY_LOCATION value: "config/keys/jwk.pub.key.pem" - - name: JWK_PUBLIC_JSON + - name: JWK_PUBLIC_JSON value: "config/keys/jwk.pub.json" - name: JKU_URL value: "https://raw.githubusercontent.com/NeuraLegion/brokencrystals/development/config/keys/jku.json" @@ -164,11 +164,6 @@ spec: - configMapRef: name: {{ $configmap.metadata.name }} {{- end}} - volumeMounts: - - name: {{ include "brokencrystals.fullname" . }}-nginx-proxy - mountPath: /etc/nginx/conf.d/default.conf - subPath: default.conf - readOnly: true resources: requests: cpu: 900m @@ -182,6 +177,13 @@ spec: scheme: HTTP initialDelaySeconds: 120 periodSeconds: 30 + startupProbe: + httpGet: + path: /api/config + port: 3000 + scheme: HTTP + failureThreshold: 120 + periodSeconds: 10 - name: mailcatcher image: sj26/mailcatcher @@ -193,8 +195,9 @@ spec: args: - "--token=$(TOKEN)" - "--id=$(REPEATER_ID)" - - "--cluster=$(CLUSTER)" - - "--timeout=$(TIMEOUT)" + - "--cluster=$(CLUSTER)" + - "--timeout=$(TIMEOUT)" + - "--log-level=verbose" resources: requests: cpu: 200m @@ -207,9 +210,9 @@ spec: - name: CLUSTER value: "{{ .Values.cluster }}" - name: TIMEOUT - value: "{{ .Values.timeout | default "30000" }}" + value: "{{ .Values.timeout | default "30000" }}" {{- end }} - + {{- if and .Values.snifferApiKey .Values.snifferProjectID .Values.snifferApiURL }} - name: sniffer-agent securityContext: @@ -219,8 +222,8 @@ spec: args: - "-a=$(API_URL)" - "-t=$(API_KEY)" - - "-p=$(PROJECT_ID)" - - "-i=$(NETWORK_INTERFACE)" + - "-p=$(PROJECT_ID)" + - "-i=$(NETWORK_INTERFACE)" resources: requests: cpu: 200m @@ -247,6 +250,3 @@ spec: - name: {{ include "brokencrystals.fullname" . }}-keycloak configMap: name: {{ include "brokencrystals.fullname" . }}-keycloak - - name: {{ include "brokencrystals.fullname" . }}-nginx-proxy - configMap: - name: {{ include "brokencrystals.fullname" . }}-nginx-proxy diff --git a/charts/brokencrystals/templates/ingress.yaml b/charts/brokencrystals/templates/ingress.yaml index 3c1b141..743762b 100644 --- a/charts/brokencrystals/templates/ingress.yaml +++ b/charts/brokencrystals/templates/ingress.yaml @@ -1,3 +1,4 @@ + --- apiVersion: networking.k8s.io/v1 kind: Ingress @@ -7,9 +8,9 @@ metadata: annotations: nginx.ingress.kubernetes.io/proxy-ssl-protocols: "TLSv1.1 TLSv1.2" nginx.ingress.kubernetes.io/ssl-redirect: "false" - {{- if eq .Values.ingress.cert "" }} + {{ if eq .Values.ingress.cert "" }} cert-manager.io/cluster-issuer: letsencrypt-cf-prod - {{- end }} + {{ end }} spec: ingressClassName: nginx tls: @@ -36,9 +37,9 @@ metadata: annotations: nginx.ingress.kubernetes.io/ssl-redirect: "false" nginx.ingress.kubernetes.io/proxy-ssl-protocols: "TLSv1.1 TLSv1.2" - {{- if eq .Values.ingress.cert "" }} + {{ if eq .Values.ingress.cert "" }} cert-manager.io/cluster-issuer: letsencrypt-cf-prod - {{- end }} + {{ end }} spec: ingressClassName: nginx tls: @@ -56,6 +57,7 @@ spec: name: {{ .Release.Name }}-keycloak port: number: 8080 + --- apiVersion: networking.k8s.io/v1 kind: Ingress diff --git a/charts/brokencrystals-unstable/templates/tests/test-internal-connection.yaml b/charts/brokencrystals/templates/tests/test-internal-connection.yaml similarity index 94% rename from charts/brokencrystals-unstable/templates/tests/test-internal-connection.yaml rename to charts/brokencrystals/templates/tests/test-internal-connection.yaml index 430ac38..6849dcb 100644 --- a/charts/brokencrystals-unstable/templates/tests/test-internal-connection.yaml +++ b/charts/brokencrystals/templates/tests/test-internal-connection.yaml @@ -5,6 +5,7 @@ metadata: namespace: "{{ .Release.Namespace }}" annotations: "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed spec: containers: - name: test diff --git a/charts/brokencrystals/values.yaml b/charts/brokencrystals/values.yaml index 5a17dbc..f695332 100644 --- a/charts/brokencrystals/values.yaml +++ b/charts/brokencrystals/values.yaml @@ -1,8 +1,8 @@ ingress: - url: + url: k3s.brokencrystals.nexploit.app cert: "" authlevel: "." -images: +images: main: stable client: stable repeaterImageTag: ""