rhdh-e2e-test-utils 1.0.0 → 1.1.0

package/dist/deployment/keycloak/deployment.js

@@ -0,0 +1,437 @@
+import KeycloakAdminClient from "@keycloak/keycloak-admin-client";
+import { KubernetesClientHelper } from "../../utils/kubernetes-client.js";
+import { $ } from "../../utils/bash.js";
+import { DEFAULT_KEYCLOAK_CONFIG, BITNAMI_CHART_REPO, BITNAMI_CHART_NAME, DEFAULT_CONFIG_PATHS, DEFAULT_RHDH_CLIENT, SERVICE_ACCOUNT_ROLES, DEFAULT_USERS, DEFAULT_GROUPS, } from "./constants.js";
+export class KeycloakHelper {
+    k8sClient = new KubernetesClientHelper();
+    deploymentConfig;
+    keycloakUrl = "";
+    realm = "";
+    clientId = "";
+    clientSecret = "";
+    _adminClient = null;
+    constructor(options = {}) {
+        this.deploymentConfig = this._buildDeploymentConfig(options);
+    }
+    /**
+     * Deploy Keycloak using Helm and configure it for RHDH.
+     */
+    async deploy() {
+        this._log("Starting Keycloak deployment...");
+        await this.k8sClient.createNamespaceIfNotExists(this.deploymentConfig.namespace);
+        await this._deployWithHelm();
+        await this._createRoute();
+        await this._waitForKeycloak();
+        await this._initializeAdminClient();
+    }
+    /**
+     * Check if Keycloak is already running
+     */
+    async isRunning() {
+        try {
+            this.keycloakUrl = await this.getRouteLocation();
+            const response = await fetch(`${this.keycloakUrl}/realms/master`);
+            return response.ok;
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * Configure Keycloak with realm, client, groups, and users for RHDH
+     */
+    async configureForRHDH(options) {
+        this._log("Configuring Keycloak for RHDH...");
+        await this._ensureAdminClient();
+        const realmName = options?.realm ?? DEFAULT_KEYCLOAK_CONFIG.realm;
+        // Create realm
+        await this.createRealm({ realm: realmName, enabled: true });
+        // Create client
+        const clientConfig = {
+            ...DEFAULT_RHDH_CLIENT,
+            ...options?.client,
+        };
+        await this.createClient(realmName, clientConfig);
+        // Store realm and client info for external access
+        this.realm = realmName;
+        this.clientId = clientConfig.clientId;
+        this.clientSecret = clientConfig.clientSecret;
+        // Assign service account roles
+        await this._assignServiceAccountRoles(realmName, clientConfig.clientId);
+        // Create groups
+        const groups = options?.groups ?? DEFAULT_GROUPS;
+        for (const group of groups) {
+            await this.createGroup(realmName, group);
+        }
+        // Create users
+        const users = options?.users ?? DEFAULT_USERS;
+        for (const user of users) {
+            await this.createUser(realmName, user);
+        }
+    }
+    /**
+     * Connect to an existing Keycloak instance
+     */
+    async connect(config) {
+        this.keycloakUrl = config.baseUrl;
+        this._adminClient = new KeycloakAdminClient({
+            baseUrl: config.baseUrl,
+            realmName: config.realm ?? "master",
+        });
+        if (config.username && config.password) {
+            await this._adminClient.auth({
+                username: config.username,
+                password: config.password,
+                grantType: "password",
+                clientId: config.clientId ?? "admin-cli",
+            });
+        }
+        else if (config.clientId && config.clientSecret) {
+            await this._adminClient.auth({
+                grantType: "client_credentials",
+                clientId: config.clientId,
+                clientSecret: config.clientSecret,
+            });
+        }
+    }
+    /**
+     * Create a new realm
+     */
+    async createRealm(config) {
+        await this._ensureAdminClient();
+        try {
+            await this._adminClient.realms.create({
+                realm: config.realm,
+                displayName: config.displayName ?? config.realm,
+                enabled: config.enabled ?? true,
+            });
+            this._log(`Created realm: ${config.realm}`);
+        }
+        catch (error) {
+            if (this._isConflictError(error)) {
+                this._log(`Realm ${config.realm} already exists`);
+            }
+            else {
+                throw error;
+            }
+        }
+    }
+    /**
+     * Create a new client in a realm
+     */
+    async createClient(realm, config) {
+        await this._ensureAdminClient();
+        try {
+            this._adminClient.setConfig({ realmName: realm });
+            await this._adminClient.clients.create({
+                clientId: config.clientId,
+                secret: config.clientSecret,
+                name: config.name ?? config.clientId,
+                description: config.description ?? "",
+                redirectUris: config.redirectUris ?? ["*"],
+                webOrigins: config.webOrigins ?? ["*"],
+                standardFlowEnabled: config.standardFlowEnabled ?? true,
+                implicitFlowEnabled: config.implicitFlowEnabled ?? true,
+                directAccessGrantsEnabled: config.directAccessGrantsEnabled ?? true,
+                serviceAccountsEnabled: config.serviceAccountsEnabled ?? true,
+                authorizationServicesEnabled: config.authorizationServicesEnabled ?? true,
+                publicClient: config.publicClient ?? false,
+                enabled: true,
+                protocol: "openid-connect",
+                fullScopeAllowed: true,
+                attributes: config.attributes,
+                defaultClientScopes: config.defaultClientScopes,
+                optionalClientScopes: config.optionalClientScopes,
+            });
+            this._log(`Created client: ${config.clientId}`);
+        }
+        catch (error) {
+            if (this._isConflictError(error)) {
+                this._log(`Client ${config.clientId} already exists`);
+            }
+            else {
+                throw error;
+            }
+        }
+    }
+    /**
+     * Create a group in a realm
+     */
+    async createGroup(realm, config) {
+        await this._ensureAdminClient();
+        try {
+            this._adminClient.setConfig({ realmName: realm });
+            await this._adminClient.groups.create({
+                name: config.name,
+            });
+            this._log(`Created group: ${config.name}`);
+        }
+        catch (error) {
+            if (this._isConflictError(error)) {
+                this._log(`Group ${config.name} already exists`);
+            }
+            else {
+                throw error;
+            }
+        }
+    }
+    /**
+     * Create a user in a realm with optional group membership
+     */
+    async createUser(realm, config) {
+        await this._ensureAdminClient();
+        try {
+            this._adminClient.setConfig({ realmName: realm });
+            // Create user
+            const createResponse = await this._adminClient.users.create({
+                username: config.username,
+                email: config.email,
+                firstName: config.firstName,
+                lastName: config.lastName,
+                enabled: config.enabled ?? true,
+                emailVerified: config.emailVerified ?? true,
+            });
+            this._log(`Created user: ${config.username}`);
+            const userId = createResponse.id;
+            // Set password if provided
+            if (config.password) {
+                await this._adminClient.users.resetPassword({
+                    id: userId,
+                    credential: {
+                        type: "password",
+                        value: config.password,
+                        temporary: config.temporary ?? false,
+                    },
+                });
+            }
+            // Add to groups if specified
+            if (config.groups?.length) {
+                for (const groupName of config.groups) {
+                    await this._addUserToGroup(realm, userId, groupName);
+                }
+            }
+        }
+        catch (error) {
+            if (this._isConflictError(error)) {
+                this._log(`User ${config.username} already exists`);
+            }
+            else {
+                throw error;
+            }
+        }
+    }
+    /**
+     * Get all users in a realm
+     */
+    async getUsers(realm) {
+        await this._ensureAdminClient();
+        this._adminClient.setConfig({ realmName: realm });
+        const users = await this._adminClient.users.find();
+        return users.map((u) => ({
+            username: u.username,
+            email: u.email,
+            firstName: u.firstName,
+            lastName: u.lastName,
+            enabled: u.enabled,
+            emailVerified: u.emailVerified,
+        }));
+    }
+    /**
+     * Get all groups in a realm
+     */
+    async getGroups(realm) {
+        await this._ensureAdminClient();
+        this._adminClient.setConfig({ realmName: realm });
+        const groups = await this._adminClient.groups.find();
+        return groups.map((g) => ({ name: g.name }));
+    }
+    /**
+     * Delete a user from a realm
+     */
+    async deleteUser(realm, username) {
+        await this._ensureAdminClient();
+        this._adminClient.setConfig({ realmName: realm });
+        const users = await this._adminClient.users.find({ username });
+        if (users.length > 0) {
+            await this._adminClient.users.del({ id: users[0].id });
+            this._log(`Deleted user: ${username}`);
+        }
+    }
+    /**
+     * Delete a group from a realm
+     */
+    async deleteGroup(realm, groupName) {
+        await this._ensureAdminClient();
+        this._adminClient.setConfig({ realmName: realm });
+        const groups = await this._adminClient.groups.find({ search: groupName });
+        const group = groups.find((g) => g.name === groupName);
+        if (group) {
+            await this._adminClient.groups.del({ id: group.id });
+            this._log(`Deleted group: ${groupName}`);
+        }
+    }
+    /**
+     * Delete a realm
+     */
+    async deleteRealm(realm) {
+        await this._ensureAdminClient();
+        try {
+            await this._adminClient.realms.del({ realm });
+            this._log(`Deleted realm: ${realm}`);
+        }
+        catch (error) {
+            this._log(`Failed to delete realm ${realm}: ${error}`);
+        }
+    }
+    /**
+     * Teardown Keycloak deployment
+     */
+    async teardown() {
+        await this.k8sClient.deleteNamespace(this.deploymentConfig.namespace);
+        this._log(`Keycloak deployment torn down`);
+    }
+    /**
+     * Wait for Keycloak to be ready
+     */
+    async waitUntilReady(timeout = 300) {
+        this._log(`Waiting for Keycloak to be ready...`);
+        await this.k8sClient.waitForStatefulSetReady(this.deploymentConfig.namespace, this.deploymentConfig.releaseName, timeout);
+    }
+    // Private methods
+    _buildDeploymentConfig(options) {
+        return {
+            namespace: options.namespace ?? DEFAULT_KEYCLOAK_CONFIG.namespace,
+            releaseName: options.releaseName ?? DEFAULT_KEYCLOAK_CONFIG.releaseName,
+            valuesFile: options.valuesFile ?? DEFAULT_CONFIG_PATHS.valuesFile,
+            adminUser: options.adminUser ?? DEFAULT_KEYCLOAK_CONFIG.adminUser,
+            adminPassword: options.adminPassword ?? DEFAULT_KEYCLOAK_CONFIG.adminPassword,
+        };
+    }
+    async _deployWithHelm() {
+        await $ `helm repo add bitnami ${BITNAMI_CHART_REPO} || true`;
+        await $ `helm repo update > /dev/null 2>&1`;
+        await $ `helm upgrade --install ${this.deploymentConfig.releaseName} ${BITNAMI_CHART_NAME} \
+      --namespace ${this.deploymentConfig.namespace} \
+      --values ${this.deploymentConfig.valuesFile} > /dev/null 2>&1`;
+        await this.waitUntilReady();
+    }
+    async _createRoute() {
+        // Use TLS edge termination with Allow policy to support both HTTP and HTTPS
+        const routeManifest = `
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: ${this.deploymentConfig.releaseName}
+  namespace: ${this.deploymentConfig.namespace}
+  labels:
+    app.kubernetes.io/name: keycloak
+    app.kubernetes.io/instance: ${this.deploymentConfig.releaseName}
+spec:
+  to:
+    kind: Service
+    name: ${this.deploymentConfig.releaseName}
+    weight: 100
+  port:
+    targetPort: http
+  tls:
+    termination: edge
+    insecureEdgeTerminationPolicy: Allow
+  wildcardPolicy: None
+`;
+        await $ `echo ${routeManifest} | kubectl apply -f -`;
+    }
+    async getRouteLocation() {
+        return await this.k8sClient.getRouteLocation(this.deploymentConfig.namespace, this.deploymentConfig.releaseName);
+    }
+    async _waitForKeycloak() {
+        this._log("Waiting for Keycloak API to be ready...");
+        const timeout = 300;
+        const startTime = Date.now();
+        while (true) {
+            if (await this.isRunning()) {
+                break;
+            }
+            if ((Date.now() - startTime) / 1000 >= timeout) {
+                throw new Error("Keycloak API not ready after 5 minutes");
+            }
+            await new Promise((resolve) => setTimeout(resolve, 5000));
+            this._log("  Waiting for Keycloak API to be ready...");
+        }
+    }
+    async _initializeAdminClient() {
+        this._adminClient = new KeycloakAdminClient({
+            baseUrl: this.keycloakUrl,
+            realmName: "master",
+        });
+        await this._adminClient.auth({
+            username: this.deploymentConfig.adminUser,
+            password: this.deploymentConfig.adminPassword,
+            grantType: "password",
+            clientId: "admin-cli",
+        });
+    }
+    async _ensureAdminClient() {
+        if (!this._adminClient) {
+            throw new Error("Admin client not initialized. Call deploy() or connect() first.");
+        }
+    }
+    async _assignServiceAccountRoles(realm, clientId) {
+        await this._ensureAdminClient();
+        this._adminClient.setConfig({ realmName: realm });
+        // Get service account user
+        const clients = await this._adminClient.clients.find({ clientId });
+        if (clients.length === 0) {
+            throw new Error(`Client ${clientId} not found`);
+        }
+        const client = clients[0];
+        const serviceAccountUser = await this._adminClient.clients.getServiceAccountUser({
+            id: client.id,
+        });
+        // Get realm-management client
+        const realmMgmtClients = await this._adminClient.clients.find({
+            clientId: "realm-management",
+        });
+        if (realmMgmtClients.length === 0) {
+            throw new Error("realm-management client not found");
+        }
+        const realmMgmtClient = realmMgmtClients[0];
+        // Get roles
+        const allRoles = await this._adminClient.clients.listRoles({
+            id: realmMgmtClient.id,
+        });
+        const rolesToAssign = allRoles.filter((r) => SERVICE_ACCOUNT_ROLES.includes(r.name));
+        if (rolesToAssign.length > 0) {
+            await this._adminClient.users.addClientRoleMappings({
+                id: serviceAccountUser.id,
+                clientUniqueId: realmMgmtClient.id,
+                roles: rolesToAssign.map((r) => ({
+                    id: r.id,
+                    name: r.name,
+                })),
+            });
+            this._log(`Assigned service account roles: ${rolesToAssign.map((r) => r.name).join(", ")}`);
+        }
+    }
+    async _addUserToGroup(realm, userId, groupName) {
+        this._adminClient.setConfig({ realmName: realm });
+        const groups = await this._adminClient.groups.find({ search: groupName });
+        const group = groups.find((g) => g.name === groupName);
+        if (group) {
+            await this._adminClient.users.addToGroup({
+                id: userId,
+                groupId: group.id,
+            });
+            this._log(`  Added user to group: ${groupName}`);
+        }
+        else {
+            this._log(`  Warning: Group ${groupName} not found`);
+        }
+    }
+    _isConflictError(error) {
+        const err = error;
+        return err.response?.status === 409 || err.status === 409;
+    }
+    _log(...args) {
+        console.log("[Keycloak]", ...args);
+    }
+}

package/dist/deployment/keycloak/index.d.ts

@@ -0,0 +1,2 @@
+export { KeycloakHelper } from "./deployment.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/deployment/keycloak/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/deployment/keycloak/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/deployment/keycloak/index.js

@@ -0,0 +1 @@
+export { KeycloakHelper } from "./deployment.js";

package/dist/deployment/keycloak/types.d.ts

@@ -0,0 +1,59 @@
+export type KeycloakDeploymentOptions = {
+    namespace?: string;
+    releaseName?: string;
+    valuesFile?: string;
+    adminUser?: string;
+    adminPassword?: string;
+};
+export type KeycloakDeploymentConfig = {
+    namespace: string;
+    releaseName: string;
+    valuesFile: string;
+    adminUser: string;
+    adminPassword: string;
+};
+export type KeycloakClientConfig = {
+    clientId: string;
+    clientSecret: string;
+    name?: string;
+    description?: string;
+    redirectUris?: string[];
+    webOrigins?: string[];
+    standardFlowEnabled?: boolean;
+    implicitFlowEnabled?: boolean;
+    directAccessGrantsEnabled?: boolean;
+    serviceAccountsEnabled?: boolean;
+    authorizationServicesEnabled?: boolean;
+    publicClient?: boolean;
+    attributes?: Record<string, string>;
+    defaultClientScopes?: string[];
+    optionalClientScopes?: string[];
+};
+export type KeycloakUserConfig = {
+    username: string;
+    email?: string;
+    firstName?: string;
+    lastName?: string;
+    enabled?: boolean;
+    emailVerified?: boolean;
+    password?: string;
+    temporary?: boolean;
+    groups?: string[];
+};
+export type KeycloakGroupConfig = {
+    name: string;
+};
+export type KeycloakRealmConfig = {
+    realm: string;
+    displayName?: string;
+    enabled?: boolean;
+};
+export type KeycloakConnectionConfig = {
+    baseUrl: string;
+    realm?: string;
+    clientId?: string;
+    clientSecret?: string;
+    username?: string;
+    password?: string;
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/deployment/keycloak/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/deployment/keycloak/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,yBAAyB,GAAG;IACtC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,yBAAyB,CAAC,EAAE,OAAO,CAAC;IACpC,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,4BAA4B,CAAC,EAAE,OAAO,CAAC;IACvC,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACpC,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;CACjC,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,IAAI,EAAE,MAAM,CAAC;CACd,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC"}

package/dist/deployment/keycloak/types.js

@@ -0,0 +1 @@
+export {};

package/dist/deployment/rhdh/config/auth/guest/app-config.yaml

@@ -0,0 +1,5 @@
+auth:
+  environment: development
+  providers:
+    guest:
+      dangerouslyAllowOutsideDevelopment: true

package/dist/deployment/rhdh/config/auth/keycloak/app-config.yaml

@@ -0,0 +1,19 @@
+auth:
+  environment: production
+  session:
+    secret: superSecretSecret
+  providers:
+    oidc:
+      production:
+        metadataUrl: "${KEYCLOAK_METADATA_URL}"
+        clientId: "${KEYCLOAK_CLIENT_ID}"
+        clientSecret: "${KEYCLOAK_CLIENT_SECRET}"
+        prompt: auto
+        callbackUrl: "${RHDH_BASE_URL}/api/auth/oidc/handler/frame"
+        signIn:
+          resolvers:
+            - resolver: emailLocalPartMatchingUserEntityName
+signInPage: oidc
+catalog:
+  rules:
+    - allow: [User, Group]

package/dist/deployment/rhdh/config/auth/keycloak/dynamic-plugins.yaml

@@ -0,0 +1,3 @@
+plugins:
+  - package: ./dynamic-plugins/dist/backstage-community-plugin-catalog-backend-module-keycloak-dynamic
+    disabled: false

package/dist/deployment/rhdh/config/auth/keycloak/secrets.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: rhdh-secrets
+type: Opaque
+stringData:
+  KEYCLOAK_BASE_URL: $KEYCLOAK_BASE_URL
+  KEYCLOAK_METADATA_URL: $KEYCLOAK_METADATA_URL
+  KEYCLOAK_CLIENT_ID: $KEYCLOAK_CLIENT_ID
+  KEYCLOAK_CLIENT_SECRET: $KEYCLOAK_CLIENT_SECRET
+  KEYCLOAK_REALM: $KEYCLOAK_REALM
+  KEYCLOAK_LOGIN_REALM: $KEYCLOAK_LOGIN_REALM

package/dist/deployment/rhdh/config/common/app-config-rhdh.yaml

@@ -0,0 +1,6 @@
+app:
+  baseUrl: "${RHDH_BASE_URL}"
+backend:
+  baseUrl: "${RHDH_BASE_URL}"
+  cors:
+    origin: "${RHDH_BASE_URL}"

package/dist/deployment/rhdh/config/common/dynamic-plugins.yaml

@@ -0,0 +1,3 @@
+includes:
+  - dynamic-plugins.default.yaml
+plugins: []

package/dist/deployment/rhdh/config/common/rhdh-secrets.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: rhdh-secrets
+type: Opaque
+stringData:
+  RHDH_BASE_URL: $RHDH_BASE_URL

package/dist/deployment/rhdh/config/helm/value_file.yaml

@@ -0,0 +1,7 @@
+upstream:
+  backstage:
+    extraAppConfig:
+      - configMapRef: app-config-rhdh
+        filename: app-config-rhdh.yaml
+    extraEnvVarsSecrets:
+      - rhdh-secrets

package/dist/deployment/rhdh/config/operator/subscription.yaml

@@ -0,0 +1,21 @@
+apiVersion: rhdh.redhat.com/v1alpha3
+kind: Backstage
+metadata:
+  name: developer-hub
+spec:
+  application:
+    appConfig:
+      configMaps:
+        - name: app-config-rhdh
+      mountPath: /opt/app-root/src
+    extraFiles:
+      mountPath: /opt/app-root/src
+    replicas: 1
+    route:
+      enabled: true
+    dynamicPluginsConfigMapName: dynamic-plugins
+    extraEnvs:
+      secrets:
+        - name: rhdh-secrets
+  database:
+    enableLocalDb: true

package/dist/deployment/rhdh/constants.d.ts

@@ -1,3 +1,4 @@
+import type { AuthProvider } from "./types.js";
 export declare const DEFAULT_CONFIG_PATHS: {
     appConfig: string;
     secrets: string;
@@ -9,5 +10,10 @@ export declare const DEFAULT_CONFIG_PATHS: {
         subscription: string;
     };
 };
+export declare const AUTH_CONFIG_PATHS: Record<AuthProvider, {
+    appConfig: string;
+    secrets: string;
+    dynamicPlugins: string;
+}>;
 export declare const CHART_URL = "oci://quay.io/rhdh/chart";
 //# sourceMappingURL=constants.d.ts.map

package/dist/deployment/rhdh/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../src/deployment/rhdh/constants.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,oBAAoB;;;;;;;;;;CAyBhC,CAAC;AAEF,eAAO,MAAM,SAAS,6BAA6B,CAAC"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../src/deployment/rhdh/constants.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAK/C,eAAO,MAAM,oBAAoB;;;;;;;;;;CAyBhC,CAAC;AAEF,eAAO,MAAM,iBAAiB,EAAE,MAAM,CACpC,YAAY,EACZ;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,cAAc,EAAE,MAAM,CAAA;CAAE,CAwB/D,CAAC;AAEF,eAAO,MAAM,SAAS,6BAA6B,CAAC"}

package/dist/deployment/rhdh/constants.js

@@ -2,14 +2,26 @@ import path from "path";
 // Navigate from dist/deployment/rhdh/ to package root
 const PACKAGE_ROOT = path.resolve(import.meta.dirname, "../../..");
 export const DEFAULT_CONFIG_PATHS = {
-    appConfig: path.join(PACKAGE_ROOT, "src/deployment/rhdh/config/app-config-rhdh.yaml"),
-    secrets: path.join(PACKAGE_ROOT, "src/deployment/rhdh/config/rhdh-secrets.yaml"),
-    dynamicPlugins: path.join(PACKAGE_ROOT, "src/deployment/rhdh/config/dynamic-plugins.yaml"),
+    appConfig: path.join(PACKAGE_ROOT, "dist/deployment/rhdh/config/common/app-config-rhdh.yaml"),
+    secrets: path.join(PACKAGE_ROOT, "dist/deployment/rhdh/config/common/rhdh-secrets.yaml"),
+    dynamicPlugins: path.join(PACKAGE_ROOT, "dist/deployment/rhdh/config/common/dynamic-plugins.yaml"),
     helm: {
-        valueFile: path.join(PACKAGE_ROOT, "src/deployment/rhdh/helm/value_file.yaml"),
+        valueFile: path.join(PACKAGE_ROOT, "dist/deployment/rhdh/config/helm/value_file.yaml"),
     },
     operator: {
-        subscription: path.join(PACKAGE_ROOT, "src/deployment/rhdh/operator/subscription.yaml"),
+        subscription: path.join(PACKAGE_ROOT, "dist/deployment/rhdh/config/operator/subscription.yaml"),
+    },
+};
+export const AUTH_CONFIG_PATHS = {
+    guest: {
+        appConfig: path.join(PACKAGE_ROOT, "dist/deployment/rhdh/config/auth/guest/app-config.yaml"),
+        secrets: "",
+        dynamicPlugins: "",
+    },
+    keycloak: {
+        appConfig: path.join(PACKAGE_ROOT, "dist/deployment/rhdh/config/auth/keycloak/app-config.yaml"),
+        secrets: path.join(PACKAGE_ROOT, "dist/deployment/rhdh/config/auth/keycloak/secrets.yaml"),
+        dynamicPlugins: path.join(PACKAGE_ROOT, "dist/deployment/rhdh/config/auth/keycloak/dynamic-plugins.yaml"),
     },
 };
 export const CHART_URL = "oci://quay.io/rhdh/chart";