fix attemt

2026-05-14 20:40:44 +02:00
parent 67b1d95509
commit bd478478f1
2 changed files with 52 additions and 8 deletions
--- a/infra/values/base/gitea-values.yaml
+++ b/infra/values/base/gitea-values.yaml
@@ -41,7 +41,6 @@ gitea:
    oauth2:
      ENABLED: true
      ENABLE_AUTO_REGISTRATION: true
-      ACCOUNT_LINKING: auto
      USERNAME: email

    session:
--- a/infra/values/base/keycloak-values.yaml
+++ b/infra/values/base/keycloak-values.yaml
@@ -55,12 +55,12 @@ postgresql:
      size: 8Gi

 keycloakConfigCli:
-  extraEnvVars:
-  - name: IMPORT_MANAGED_PROTOCOL_MAPPER
-    value: "no-delete"
  enabled: true
  image:
    repository: bitnamilegacy/keycloak-config-cli
+  extraEnvVars:
+  - name: IMPORT_MANAGED_PROTOCOL_MAPPER
+    value: "no-delete"
  configuration:
    forte-realm.json: |
      {
@@ -75,7 +75,7 @@ keycloakConfigCli:
        "clients": [
          {
            "clientId": "gitea",
-            "name": "Forte Git",
+            "name": "Gitea",
            "enabled": true,
            "protocol": "openid-connect",
            "clientAuthenticatorType": "client-secret",
@@ -90,7 +90,22 @@ keycloakConfigCli:
              "k8s.secret.name": "gitea-oidc-credentials",
              "k8s.secret.client-id-key": "key",
              "k8s.secret.client-secret-key": "secret"
-            }
+            },
+            "protocolMappers": [
+              {
+                "name": "email_verified",
+                "protocol": "openid-connect",
+                "protocolMapper": "oidc-hardcoded-claim-mapper",
+                "config": {
+                  "claim.name": "email_verified",
+                  "claim.value": "true",
+                  "jsonType.label": "boolean",
+                  "id.token.claim": "true",
+                  "access.token.claim": "true",
+                  "userinfo.token.claim": "true"
+                }
+              }
+            ]
          },
          {
            "clientId": "grafana",
@@ -109,7 +124,23 @@ keycloakConfigCli:
              "k8s.secret.name": "grafana-oidc-credentials",
              "k8s.secret.client-id-key": "client-id",
              "k8s.secret.client-secret-key": "client-secret"
-            }
+            },
+            "protocolMappers": [
+              {
+                "name": "client-roles",
+                "protocol": "openid-connect",
+                "protocolMapper": "oidc-usermodel-client-role-mapper",
+                "config": {
+                  "claim.name": "resource_access.grafana.roles",
+                  "jsonType.label": "String",
+                  "multivalued": "true",
+                  "usermodel.clientRoleMapping.clientId": "grafana",
+                  "id.token.claim": "true",
+                  "access.token.claim": "true",
+                  "userinfo.token.claim": "true"
+                }
+              }
+            ]
          },
          {
            "clientId": "argocd",
@@ -128,7 +159,21 @@ keycloakConfigCli:
              "k8s.secret.name": "argocd-oidc-credentials",
              "k8s.secret.client-id-key": "client-id",
              "k8s.secret.client-secret-key": "client-secret"
-            }
+            },
+            "protocolMappers": [
+              {
+                "name": "groups",
+                "protocol": "openid-connect",
+                "protocolMapper": "oidc-group-membership-mapper",
+                "config": {
+                  "claim.name": "groups",
+                  "full.path": "false",
+                  "id.token.claim": "true",
+                  "access.token.claim": "true",
+                  "userinfo.token.claim": "true"
+                }
+              }
+            ]
          }
        ],
        "groups": [