@continuoussecuritytooling/keycloak-reporter 0.2.0 → 0.4.0

package/.ct.yaml

@@ -0,0 +1,6 @@
+chart-dirs:
+  - charts/keycloak-reporter/
+debug: true
+target-branch: main
+check-version-increment: true
+validate-maintainers: false

package/.github/CONTRIBUTING.md

@@ -0,0 +1,48 @@
+### Submitting Pull Requests
+
+We'd love for you to contribute to our source code and to make this package even better than it is
+today! Here are the guidelines we'd like you to follow:
+
+ - [Issues and Bugs](#issue)
+ - [Feature Requests](#feature)
+ - [Coding Rules](#rules)
+ - [Commit Message Guidelines](#commit)
+
+## <a name="issue"></a> Found an Issue?
+
+If you find a bug in the source code or a mistake in the documentation, you can help us by
+submitting an issue to our [GitHub Repository][github]. Even better you can submit a Pull Request
+with a fix. But first search if the issue is already described!
+
+If not create a new issue:
+
+* Tell about your environment:
+  * java version
+  * used platform and version
+* Describe your issue
+  * describe your steps leading to the issue
+  * attach error logs or screenshots
+  * if possible provide test case or screenshots
+
+## <a name="feature"></a> Want a Feature?
+
+You can request a new feature by submitting an issue to our [GitHub Repository][github].
+
+Please follow these basic steps to simplify pull request reviews - if you don't you'll probably just be asked to anyway.**
+
+* Please rebase your branch against the current develop, use the **develop** for pull requests
+* Please ensure that the test suite passes **and** that code is lint free before submitting a PR by running:
+ * ```./mvnw test```
+* If you've added new functionality, **please** include tests which validate its behaviour
+* Make reference to possible [issues](https://github.com/ContinuousSecurityTooling/keycloak-reporter/issues) on PR comment
+
+## <a name="rules"></a> Coding Rules
+
+To ensure consistency throughout the source code, keep these rules in mind as you are working:
+
+* All features or bug fixes **must be tested** by one or more [specs][unit-testing].
+* All public API methods **must be documented** with jsdoc.
+
+## <a name="commit"></a> Git Commit Guidelines
+
+We're using [Angular Commit Guidelines](https://github.com/angular/angular.js/blob/master/CONTRIBUTING.md#-git-commit-guidelines)

package/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,34 @@
+---
+name: Bug report
+about: Create a report to help us improve
+
+---
+> ℹ Please fill out this template when filing an issue.
+> All lines beginning with an ℹ symbol instruct you with what info we expect. You can delete those lines once you've filled in the info.
+>
+> Per our [*CONTRIBUTING guidelines](https://github.com/ContinuousSecurityTooling/keycloak-auditor/CONTRIBUTING.md), we use GitHub for
+> bugs and feature requests, not general support. Other issues should be opened on Stack Overflow with the tag `angular`.
+>
+> Please remove this line and everything above it before submitting.
+
+* [ ] I've read, understood, and done my best to follow the [*CONTRIBUTING guidelines](https://github.com/ContinuousSecurityTooling/keycloak-auditor/CONTRIBUTING.md).
+
+## What did you do?
+
+ℹ Please replace this with what you did.  
+
+## What did you expect to happen?
+
+ℹ Please replace this with what you expected to happen.  
+
+## What happened instead?
+
+ℹ Please replace this with of what happened instead.  
+
+## Your Environment
+
+**Java version:**
+
+## Demo Project
+
+ℹ Please link to or upload a project we can download that reproduces the issue.

package/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,25 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+
+---
+
+## Prerequisites
+
+Please answer the following questions for yourself before submitting an issue.
+
+* [ ] I've read, understood, and done my best to follow the [*CONTRIBUTING guidelines](https://github.com/ContinuousSecurityTooling/keycloak-auditor/CONTRIBUTING.md).
+
+## Changes
+
+**Is your feature request related to a problem? Please describe.**
+<!-- A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] -->
+
+**Describe the solution you'd like**
+<!-- A clear and concise description of what you want to happen. -->
+
+**Describe alternatives you've considered**
+<!-- A clear and concise description of any alternative solutions or features you've considered. -->
+
+**Additional context**
+<!-- Add any other context or screenshots about the feature request here. -->

package/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,35 @@
+## :memo: Description
+
+<!-- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change. -->
+
+### :dart: Relevant issues
+<!-- Please add relevant opened issues -->
+
+### :gem: Type of change
+
+<!-- Please delete options that are not relevant. -->
+
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] This change requires a documentation update
+
+### :scroll: Example code
+```js
+
+``` 
+
+## :vertical_traffic_light: How Has This Been Tested?
+
+Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration
+
+- [ ] Test A
+- [ ] Test B
+
+## :checkered_flag: Checklist:
+
+- [ ] My code follows the style guidelines of this project
+- [ ] I have performed a self-review of my own code
+- [ ] **I have added tests that prove my fix is effective or that my feature works**
+- [ ] **New and existing unit tests pass locally with my changes**
+- [ ] I have commented my code, particularly in hard-to-understand areas

package/.github/workflows/pipeline.yml

@@ -1,6 +1,9 @@
 name: Build
-"on":
-  - push
+
+on:
+  merge_group:
+  push:
+
 jobs:
   build:
     name: "Build and Test on Node ${{ matrix.node_version }} and ${{ matrix.os }}"
@@ -16,7 +19,7 @@ jobs:
           - macOS-latest
           - windows-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: "Use Node.js ${{ matrix.node_version }}"
         uses: actions/setup-node@v3
         with:
@@ -27,6 +30,49 @@ jobs:
           npm run build
           npm run test
 
+  chart:
+    name: "Build and Test Helm Chart"
+    runs-on: ubuntu-latest
+
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.11.2
+
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.9'
+          check-latest: true
+
+      - name: Helm Chart Testing
+        uses: helm/chart-testing-action@v2.4.0
+
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
+          if [[ -n "$changed" ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Run chart-testing (lint)
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct lint --target-branch ${{ github.event.repository.default_branch }} --check-version-increment false
+
+      - name: Create kind cluster
+        if: steps.list-changed.outputs.changed == 'true'
+        uses: helm/kind-action@v1.8.0
+
+      - name: Run chart-testing (install)
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct install --target-branch ${{ github.event.repository.default_branch }} --helm-extra-set-args "--set 'keycloak.config.url=http://localhost:8080' --set 'keycloak.config.url=http://localhost:8080' --set 'keycloak.config.clientId=clientId' --set 'keycloak.config.clientSecret=clientSecret' --set 'keycloak.config.webhookType=test' --set 'keycloak.config.webhookUrl=http://localhost:8888'"
+
       - uses: actions/upload-artifact@v3
         with:
           name: dist-folder
@@ -37,6 +83,7 @@ jobs:
     runs-on: "${{ matrix.os }}"
     needs:
       - build
+      - chart
     strategy:
       matrix:
         node_version:
@@ -47,7 +94,7 @@ jobs:
         os:
           - ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: "Use Node.js ${{ matrix.node_version }}"
         uses: actions/setup-node@v3
         with:
@@ -75,7 +122,7 @@ jobs:
     needs:
       - end2end
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: actions/setup-node@v3
       # TODO: Support Node 16+
         with:

package/.github/workflows/release.yml

@@ -0,0 +1,37 @@
+name: Release Chart
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  release:
+    # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
+    # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v3
+
+      - name: Run chart-testing (lint)
+        run: ct lint --target-branch
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.5.0
+        with:
+            charts_dir: charts/
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

package/CHANGELOG.md

@@ -0,0 +1,22 @@
+# 0.2.0 (2023-06-02)
+
+
+### Bug Fixes
+
+* **deps:** update dependency @json2csv/node to v7 ([42934da](https://github.com/ContinuousSecurityTooling/[object Object]/commit/42934da57a546b1a0db324183b3db51c27ff1cc2))
+* **deps:** update dependency @json2csv/node to v7.0.1 ([b0aeb36](https://github.com/ContinuousSecurityTooling/[object Object]/commit/b0aeb366b07a38d8b648b4a0c763bab578db653a))
+* Stick to NodeJS 16 ([595d799](https://github.com/ContinuousSecurityTooling/[object Object]/commit/595d799510e81de885430d7cc62549dd8a272aee))
+
+
+### Features
+
+* **Config:** Provide config file functionality ([f9097f9](https://github.com/ContinuousSecurityTooling/[object Object]/commit/f9097f966c2dfc5240111e9294742ad3821c36ad))
+* **Config:** Use config file in helm chart ([21e0512](https://github.com/ContinuousSecurityTooling/[object Object]/commit/21e051243df1a3000d2b57f6ee0feab5f6314910))
+* **Helm:** Initial chart version ([401c740](https://github.com/ContinuousSecurityTooling/[object Object]/commit/401c7401b1b34b479bb5a370c9d1077a36f653b0)), closes [#1](https://github.com/ContinuousSecurityTooling/[object Object]/issues/1)
+* **Report:** Adding id to report ([8dbc3d4](https://github.com/ContinuousSecurityTooling/[object Object]/commit/8dbc3d4deacba0a5e1729da93b8d933557ebd45b))
+* **Testing:** Adding end2end testing via keycloak local ([036202f](https://github.com/ContinuousSecurityTooling/[object Object]/commit/036202f47324e8b3e40764fdc3a43a270a2687cf))
+* **Users:** Adding user and client listing functionality ([4c13fa0](https://github.com/ContinuousSecurityTooling/[object Object]/commit/4c13fa0642d75b8e229091aca052a83fa8c7eb32))
+* **Webhooks:** Adding Support for Teams and Slack ([66da168](https://github.com/ContinuousSecurityTooling/[object Object]/commit/66da168d2cd234ebc6dd961cfe62a3c8191c0ccc)), closes [#2](https://github.com/ContinuousSecurityTooling/[object Object]/issues/2)
+
+
+

package/Dockerfile

@@ -2,7 +2,7 @@ FROM node:16
 
 ENV CONFIG_FILE=/app/config.json
 
-COPY dist/ docker_entrypoint.sh /app
+COPY dist/ docker_entrypoint.sh package.json /app
 
 WORKDIR /app
 

package/README.md

@@ -24,14 +24,31 @@ kc-reporter listClients <Keycloak_Root_URL> <Client_ID> <Client_Secret> --format
 
 The output looks for CSV, like that:
 ```
-"client","description","realm","enabled","public","allowedOrigins"
-"account",,"bunge",true,true,"[]"
-"account-console",,"bunge",true,true,"[]"
-"admin-cli",,"bunge",true,true,"[]"
-"broker",,"bunge",true,false,"[]"
-"portal",,"bunge",true,false,"[]"
-"realm-management",,"bunge",true,false,"[]"
-"security-admin-console",,"bunge",true,true,"[""+""]"
+"client","id","description","realm","enabled","public","allowedOrigins"
+"account","d192964b-189e-499b-ada4-b82b37b9cc50",,"master",true,false,"[]"
+"account-console","f8ca4598-0335-445c-992e-fed749ff464a",,"master",true,true,"[]"
+"admin-cli","615cbe43-0747-4273-8bc4-b7897a27ce39",,"master",true,true,"[]"
+"broker","3e3a17c4-37d4-4a66-bb59-0ddd1b0fa4f6",,"master",true,false,"[]"
+"keycloak-reporter","363bd6ed-e0fc-48f6-b896-27d9b16be42a","","master",true,false,"["""",""+""]"
+"master-realm","5d822cd2-2583-4d45-ae33-c85ebd6099fa",,"master",true,false,"[]"
+"nodejs-test-realm","6b6c26e7-175a-45df-a919-de51ca4f4523",,"master",true,false,"[]"
+"security-admin-console","239fca1d-e027-4d3b-9814-3b517272cb80",,"master",true,true,"[""+""]"
+"tokenRealmTest-realm","10f8398f-44a5-4f4b-9efb-6a0c4b79af66",,"master",true,false,"[]"
+"account","bdf23b22-5abb-4823-aa76-9d21216d7143",,"nodejs-test",true,false,"[]"
+"account-console","7eb727fb-18d2-482b-8e34-8982a4efffc3",,"nodejs-test",true,true,"[]"
+"admin-cli","99aeb26e-222d-4195-a5e8-f2f94db12b83",,"nodejs-test",true,true,"[]"
+"broker","6f3a7144-872e-415b-ab9a-d5a66a3f2951",,"nodejs-test",true,false,"[]"
+"confidential-client","d0650a93-8fe2-4524-8020-4531b6276230",,"nodejs-test",true,false,"[""http://localhost/confidential-client""]"
+"public-client","c2bd2473-f46c-4c51-af36-b40bef9bb644",,"nodejs-test",true,true,"[]"
+"realm-management","49fd4151-3d49-4d10-968b-841123831399",,"nodejs-test",true,false,"[]"
+"security-admin-console","ed86e5ed-ced1-435c-b62b-632fe545359c",,"nodejs-test",true,true,"[""+""]"
+"account","0a57c891-1d38-4782-badf-a68140a8cf76",,"tokenRealmTest",true,true,"[]"
+"account-console","977ac593-4fc7-4a69-94f4-d5e88cd563e9",,"tokenRealmTest",true,true,"[]"
+"admin-cli","50ada8d5-bd5e-4182-b6c5-dd4ec5c280b6",,"tokenRealmTest",true,true,"[]"
+"broker","91ea3c53-9583-40f6-b3ef-e7bfa28a8385",,"tokenRealmTest",true,false,"[]"
+"customer-portal","491ff0ea-51e1-41df-8ee2-2865537da924",,"tokenRealmTest",true,false,"[]"
+"realm-management","8dec327b-c120-436d-a27a-bed9494962cd",,"tokenRealmTest",true,false,"[]"
+"security-admin-console","a136d00b-119b-4fda-a203-2b946add9b4b",,"tokenRealmTest",true,true,"[""+""]"
 ```
 
 Valid commands are:
@@ -40,11 +57,19 @@ Valid commands are:
 
 ## Advanced
 
+
+### Helm
+~
+
+helm repo add cloud-tooling https://cloudtooling.github.io/helm-charts/
+
+cloud-tooling/keycloak-reporter
+
 ### Config file
 
 You can also provider a config file via env var `CONFIG_FILE` and then just provide the commands, e.g.:
 ```
-CONFIG_FILE=e2e/fixtures/config.json kc-reporter listClients
+CONFIG_FILE==$(pwd)/e2e/fixtures/config.json kc-reporter listClients
 ```
 
 ### Post to Slack or Teams

package/charts/keycloak-reporter/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

package/charts/keycloak-reporter/Chart.yaml

@@ -0,0 +1,28 @@
+apiVersion: v2
+name: keycloak-reporter
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.4.1
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.2.0"
+maintainers:
+  # Martin Reinhardt
+  - name: hypery2k
+    email: martin@m13t.de

package/charts/keycloak-reporter/README.md

@@ -0,0 +1,51 @@
+# keycloak-reporter
+
+![Version: 0.4.1](https://img.shields.io/badge/Version-0.4.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.0](https://img.shields.io/badge/AppVersion-0.2.0-informational?style=flat-square)
+
+A Helm chart for Kubernetes
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| hypery2k | <martin@m13t.de> |  |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| cronjobs[0].name | string | `"clients"` |  |
+| cronjobs[0].schedule | string | `"0 0 1 */3 *"` |  |
+| cronjobs[0].script | string | `"/app/index.js listClients"` |  |
+| cronjobs[1].name | string | `"users"` |  |
+| cronjobs[1].schedule | string | `"0 0 1 */3 *"` |  |
+| cronjobs[1].script | string | `"/app/index.js listUsers"` |  |
+| env | object | `{}` |  |
+| fullnameOverride | string | `""` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.repository | string | `"continuoussecuritytooling/keycloak-reporting-cli"` |  |
+| image.tag | string | `"latest"` |  |
+| imagePullSecrets | list | `[]` |  |
+| keycloak.config.clientId | string | `""` |  |
+| keycloak.config.clientSecret | string | `""` |  |
+| keycloak.config.output | string | `"webhook"` |  |
+| keycloak.config.url | string | `""` |  |
+| keycloak.config.webhookMessage | string | `""` |  |
+| keycloak.config.webhookType | string | `""` |  |
+| keycloak.config.webhookUrl | string | `""` |  |
+| keycloak.volumes.reports | string | `""` |  |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| podAnnotations | object | `{}` |  |
+| podSecurityContext | object | `{}` |  |
+| replicaCount | int | `1` |  |
+| resources | object | `{}` |  |
+| securityContext | object | `{}` |  |
+| serviceAccount.annotations | object | `{}` |  |
+| serviceAccount.create | bool | `true` |  |
+| serviceAccount.name | string | `""` |  |
+| tolerations | list | `[]` |  |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

package/charts/keycloak-reporter/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "keycloak-reporter.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "keycloak-reporter.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "keycloak-reporter.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "keycloak-reporter.labels" -}}
+helm.sh/chart: {{ include "keycloak-reporter.chart" . }}
+{{ include "keycloak-reporter.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "keycloak-reporter.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "keycloak-reporter.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "keycloak-reporter.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "keycloak-reporter.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

package/charts/keycloak-reporter/templates/cronjob.yaml

@@ -0,0 +1,66 @@
+{{- $fullName := include "keycloak-reporter.fullname" . -}}
+{{- range .Values.cronjobs }}
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: {{ printf "%s-job-%s" $fullName .name }}
+spec:
+  schedule: "{{ .schedule }}"
+  jobTemplate:
+    spec:
+      template:
+        {{- with $.Values.podAnnotations }}
+        annotations:
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+        spec:
+          {{- with $.Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 8 }}
+          {{- end }}
+          containers:
+            - name: {{ .name }}
+              image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag | default $.Chart.AppVersion }}"
+              imagePullPolicy: {{ $.Values.image.pullPolicy }}
+              command:
+                - /bin/sh
+                - -c
+                - {{ .script }}
+              env:
+                - name: CONFIG_FILE
+                  value: "/app/config.json"
+              {{- with $.Values.env }}
+              {{- tpl (toYaml .) $  | nindent 12 }}
+              {{- end }}
+              volumeMounts:
+                - name: config-file
+                  mountPath: "/app/config.json"
+                  readOnly: true
+                {{- if ($.Values.keycloak.config.volumes).reports }}
+                - name: reports-dir
+                  mountPath: "/app/reports"
+                {{- end }}
+          restartPolicy: OnFailure
+          {{- if $.Values.resources }}
+          resources:
+            {{ toYaml $.Values.resources }}
+          {{- end }}
+          {{- if $.Values.nodeSelector }}
+          nodeSelector:
+            {{ toYaml $.Values.nodeSelector | indent 12 }}
+          {{- end }}
+          {{- if $.Values.tolerations }}
+          tolerations:
+            {{ toYaml $.Values.tolerations | indent 12 }}
+          {{- end }}
+          volumes:
+          - name: config-file
+            secret:
+              secretName: {{ $fullName }}
+          {{- if ($.Values.keycloak.config.volumes).reports }}
+          - name: reports-dir
+            persistentVolumeClaim:
+              claimName: {{ $fullName }}-reports
+          {{- end }}
+---
+{{- end -}}

package/charts/keycloak-reporter/templates/pvc.yaml

@@ -0,0 +1,15 @@
+{{- $fullName := include "keycloak-reporter.fullname" . -}}
+{{- if (.Values.keycloak.config.volumes).reports }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ $fullName }}-reports
+  annotations: {{ .Values.keycloak.config.volumes.reports.annotations }}
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: {{ .Values.keycloak.config.volumes.reports.storageClassName }}
+  resources:
+    requests:
+      storage: {{ .Values.keycloak.config.volumes.reports.volumeSize }}
+{{- end }}

package/charts/keycloak-reporter/templates/secret.yaml

@@ -0,0 +1,14 @@
+{{- $fullName := include "keycloak-reporter.fullname" . -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $fullName }}
+stringData:
+  {{- range $k, $v := .Values.keycloak.config }}
+  {{- if $v}}
+  {{ $k }}: {{ $v }}
+  {{- end }}
+  {{- end }}
+  {{- if (.Values.keycloak.config.volumes).reports }}
+  reports: /app/reports
+  {{- end }}

package/charts/keycloak-reporter/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "keycloak-reporter.serviceAccountName" . }}
+  labels:
+    {{- include "keycloak-reporter.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}