From bf7cbb52c9d742ac5c76e28ca53ce3c2aae0cefe Mon Sep 17 00:00:00 2001 From: bhumi46 Date: Thu, 19 Feb 2026 22:25:00 +0530 Subject: [PATCH 1/8] [MOSIP-39951] Updated keycloak init scripts with keycloakExternalHost, keycloakInternalHost, and frontendUrl configurations. Fixed YAML indentation and removed non-existent sa_client_roles. Added helpful comments for client secrets management. Signed-off-by: bhumi46 --- deploy/import-init-values.yaml | 273 ++++++++++++++++++++------------ deploy/import-init.sh | 7 +- deploy/upgrade-init-values.yaml | 68 +++++++- deploy/upgrade-init.sh | 26 ++- 4 files changed, 256 insertions(+), 118 deletions(-) diff --git a/deploy/import-init-values.yaml b/deploy/import-init-values.yaml index bc58c7bf..7d505b01 100644 --- a/deploy/import-init-values.yaml +++ b/deploy/import-init-values.yaml @@ -1,105 +1,106 @@ keycloak: - realms: |- + realms: del_realms: - - preregistration - mosip: # realm + realms_to_delete: + - preregistration + mosip: roles: - - Default - - ABIS_PARTNER - - SDK_PARTNER - - AUTH - - AUTH_PARTNER - - BIOMETRIC_READ - - CENTRAL_ADMIN - - CENTRAL_APPROVER - - CREATE_SHARE - - CREDENTIAL_ISSUANCE - - CREDENTIAL_PARTNER - - CREDENTIAL_REQUEST - - DATA_READ - - DEVICE_PROVIDER - - DOCUMENT_READ - - FTM_PROVIDER - - GLOBAL_ADMIN - - ID_AUTHENTICATION - - ID_REPOSITORY - - INDIVIDUAL - - KEY_MAKER - - MASTERDATA_ADMIN - - METADATA_READ - - MISP - - MISP_PARTNER - - offline_access - - ONLINE_VERIFICATION_PARTNER - - PARTNER - - PARTNER_ADMIN - - PARTNERMANAGER - - PMS_ADMIN - - PMS_USER - - POLICYMANAGER - - PREREG - - PRE_REGISTRATION - - PRE_REGISTRATION_ADMIN - - PRINT_PARTNER - - PUBLISH_ACTIVATE_ID_ALL_INDIVIDUAL - - PUBLISH_ANONYMOUS_PROFILE_GENERAL - - PUBLISH_APIKEY_APPROVED_GENERAL - - PUBLISH_APIKEY_UPDATED_GENERAL - - PUBLISH_AUTHENTICATION_TRANSACTION_STATUS_GENERAL - - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL - - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ALL_INDIVIDUAL - - PUBLISH_CA_CERTIFICATE_UPLOADED_GENERAL - - PUBLISH_CREDENTIAL_ISSUED_ALL_INDIVIDUAL - - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL - - PUBLISH_DEACTIVATE_ID_ALL_INDIVIDUAL - - PUBLISH_IDA_FRAUD_ANALYTICS_GENERAL - - PUBLISH_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL - - PUBLISH_MASTERDATA_TITLES_GENERAL - - PUBLISH_MISP_LICENSE_GENERATED_GENERAL - - PUBLISH_MISP_LICENSE_UPDATED_GENERAL - - PUBLISH_MOSIP_HOTLIST_GENERAL - - PUBLISH_PARTNER_UPDATED_GENERAL - - PUBLISH_POLICY_UPDATED_GENERAL - - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL - - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL - - PUBLISH_REMOVE_ID_ALL_INDIVIDUAL - - PUBLISH_VID_CRED_STATUS_UPDATE_GENERAL - - REGISTRATION_ADMIN - - REGISTRATION_OFFICER - - REGISTRATION_OPERATOR - - REGISTRATION_PROCESSOR - - REGISTRATION_SUPERVISOR - - RESIDENT - - SUBSCRIBE_ACTIVATE_ID_INDIVIDUAL - - SUBSCRIBE_APIKEY_APPROVED_GENERAL - - SUBSCRIBE_APIKEY_UPDATED_GENERAL - - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL - - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_INDIVIDUAL - - SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL - - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL - - SUBSCRIBE_CREDENTIAL_STATUS_UPDATE_GENERAL - - SUBSCRIBE_DEACTIVATE_ID_INDIVIDUAL - - SUBSCRIBE_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL - - SUBSCRIBE_MASTERDATA_TITLES_GENERAL - - SUBSCRIBE_MISP_LICENSE_GENERATED_GENERAL - - SUBSCRIBE_MISP_LICENSE_UPDATED_GENERAL - - SUBSCRIBE_MOSIP_HOTLIST_GENERAL - - SUBSCRIBE_PARTNER_UPDATED_GENERAL - - SUBSCRIBE_POLICY_UPDATED_GENERAL - - SUBSCRIBE_REMOVE_ID_INDIVIDUAL - - SUBSCRIBE_VID_CRED_STATUS_UPDATE_GENERAL - - uma_authorization - - ZONAL_ADMIN - - ZONAL_APPROVER - - HOTLIST_ADMIN - - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL - - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL - - SUBSCRIBE_IDENTITY_CREATED_GENERAL - - SUBSCRIBE_IDENTITY_UPDATED_GENERAL - - PUBLISH_OIDC_CLIENT_CREATED_GENERAL - - PUBLISH_OIDC_CLIENT_UPDATED_GENERAL - - SUBSCRIBE_OIDC_CLIENT_CREATED_GENERAL - - SUBSCRIBE_OIDC_CLIENT_UPDATED_GENERAL + - Default + - ABIS_PARTNER + - SDK_PARTNER + - AUTH + - AUTH_PARTNER + - BIOMETRIC_READ + - CENTRAL_ADMIN + - CENTRAL_APPROVER + - CREATE_SHARE + - CREDENTIAL_ISSUANCE + - CREDENTIAL_PARTNER + - CREDENTIAL_REQUEST + - DATA_READ + - DEVICE_PROVIDER + - DOCUMENT_READ + - FTM_PROVIDER + - GLOBAL_ADMIN + - ID_AUTHENTICATION + - ID_REPOSITORY + - INDIVIDUAL + - KEY_MAKER + - MASTERDATA_ADMIN + - METADATA_READ + - MISP + - MISP_PARTNER + - offline_access + - ONLINE_VERIFICATION_PARTNER + - PARTNER + - PARTNER_ADMIN + - PARTNERMANAGER + - PMS_ADMIN + - PMS_USER + - POLICYMANAGER + - PREREG + - PRE_REGISTRATION + - PRE_REGISTRATION_ADMIN + - PRINT_PARTNER + - PUBLISH_ACTIVATE_ID_ALL_INDIVIDUAL + - PUBLISH_ANONYMOUS_PROFILE_GENERAL + - PUBLISH_APIKEY_APPROVED_GENERAL + - PUBLISH_APIKEY_UPDATED_GENERAL + - PUBLISH_AUTHENTICATION_TRANSACTION_STATUS_GENERAL + - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL + - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ALL_INDIVIDUAL + - PUBLISH_CA_CERTIFICATE_UPLOADED_GENERAL + - PUBLISH_CREDENTIAL_ISSUED_ALL_INDIVIDUAL + - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL + - PUBLISH_DEACTIVATE_ID_ALL_INDIVIDUAL + - PUBLISH_IDA_FRAUD_ANALYTICS_GENERAL + - PUBLISH_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL + - PUBLISH_MASTERDATA_TITLES_GENERAL + - PUBLISH_MISP_LICENSE_GENERATED_GENERAL + - PUBLISH_MISP_LICENSE_UPDATED_GENERAL + - PUBLISH_MOSIP_HOTLIST_GENERAL + - PUBLISH_PARTNER_UPDATED_GENERAL + - PUBLISH_POLICY_UPDATED_GENERAL + - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL + - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL + - PUBLISH_REMOVE_ID_ALL_INDIVIDUAL + - PUBLISH_VID_CRED_STATUS_UPDATE_GENERAL + - REGISTRATION_ADMIN + - REGISTRATION_OFFICER + - REGISTRATION_OPERATOR + - REGISTRATION_PROCESSOR + - REGISTRATION_SUPERVISOR + - RESIDENT + - SUBSCRIBE_ACTIVATE_ID_INDIVIDUAL + - SUBSCRIBE_APIKEY_APPROVED_GENERAL + - SUBSCRIBE_APIKEY_UPDATED_GENERAL + - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL + - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_INDIVIDUAL + - SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL + - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL + - SUBSCRIBE_CREDENTIAL_STATUS_UPDATE_GENERAL + - SUBSCRIBE_DEACTIVATE_ID_INDIVIDUAL + - SUBSCRIBE_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL + - SUBSCRIBE_MASTERDATA_TITLES_GENERAL + - SUBSCRIBE_MISP_LICENSE_GENERATED_GENERAL + - SUBSCRIBE_MISP_LICENSE_UPDATED_GENERAL + - SUBSCRIBE_MOSIP_HOTLIST_GENERAL + - SUBSCRIBE_PARTNER_UPDATED_GENERAL + - SUBSCRIBE_POLICY_UPDATED_GENERAL + - SUBSCRIBE_REMOVE_ID_INDIVIDUAL + - SUBSCRIBE_VID_CRED_STATUS_UPDATE_GENERAL + - uma_authorization + - ZONAL_ADMIN + - ZONAL_APPROVER + - HOTLIST_ADMIN + - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL + - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL + - SUBSCRIBE_IDENTITY_CREATED_GENERAL + - SUBSCRIBE_IDENTITY_UPDATED_GENERAL + - PUBLISH_OIDC_CLIENT_CREATED_GENERAL + - PUBLISH_OIDC_CLIENT_UPDATED_GENERAL + - SUBSCRIBE_OIDC_CLIENT_CREATED_GENERAL + - SUBSCRIBE_OIDC_CLIENT_UPDATED_GENERAL client_scopes: - name: add_oidc_client description: Scope required to create OIDC client @@ -359,6 +360,7 @@ keycloak: assign_client_scopes: - send_binding_otp - wallet_binding + - name: mosip-resident-client mappers: [] saroles: @@ -500,10 +502,71 @@ keycloak: - PMS_USER - uma_authorization - offline_access - sa_client_roles: - - realm-management: ## realm-management client id - - view-users # realm-management client roles - - view-clients - - view-realms - - manage-users + sa_client_roles: + - realm-management: ## realm-management client id + - view-users # realm-management client roles + - view-clients + - view-realm + - manage-users + users: [] +## These will be passed as environments variables to keycloak-init docker. Note the expected naming convention is +## _. If empty secret is passed, it shall be randomly generated +## IMPORTANT: When running import or upgrade: +## - To preserve existing secrets: Update 'secret' field with the current secret value from your Keycloak +## - To generate new random secrets: Leave 'secret' field as empty string ("") +clientSecrets: + - name: mosip_abis_client_secret + secret: "" + - name: mosip_admin_client_secret + secret: "" + - name: mosip_admin_services_client_secret + secret: "" + - name: mosip_auth_client_secret + secret: "" + - name: mosip_crereq_client_secret + secret: "" + - name: mosip_creser_client_secret + secret: "" + - name: mosip_datsha_client_secret + secret: "" + - name: mosip_ida_client_secret + secret: "" + - name: mosip_misp_client_secret + secret: "" + - name: mosip_pms_client_secret + secret: "" + - name: mosip_policymanager_client_secret + secret: "" + - name: mosip_reg_client_secret + secret: "" + - name: mosip_regproc_client_secret + secret: "" + - name: mosip_resident_client_secret + secret: "" + - name: mosip_prereg_client_secret + secret: "" + - name: mosip_creser_idpass_client_secret + secret: "" + - name: mosip_syncdata_client_secret + secret: "" + - name: mosip_deployment_client_secret + secret: "" + - name: mpartner_default_auth_secret + secret: "" + - name: mosip_idrepo_client_secret + secret: "" + - name: mpartner_default_print_secret + secret: "" + - name: mosip_hotlist_client_secret + secret: "" + - name: mpartner_default_mobile_secret + secret: "" + - name: mosip_digitalcard_client_secret + secret: "" + - name: mpartner_default_digitalcard_secret + secret: "" + - name: mosip_testrig_client_secret + secret: "" + - name: mpartner_default_template_secret + secret: "" \ No newline at end of file diff --git a/deploy/import-init.sh b/deploy/import-init.sh index 9d5191bf..dea1f98b 100755 --- a/deploy/import-init.sh +++ b/deploy/import-init.sh @@ -10,6 +10,7 @@ fi function import_init() { NS=keycloak CHART_VERSION=0.0.1-develop + KEYCLOAK_SERVICE_NAME=keycloak helm repo add mosip https://mosip.github.io/mosip-helm helm repo update @@ -17,7 +18,11 @@ function import_init() { IAM_HOST=$(kubectl get cm global -o jsonpath={.data.mosip-iam-external-host}) echo Initializing keycloak - helm -n $NS install keycloak-import mosip/keycloak-init --set frontend=https://$IAM_HOST/auth -f import-init-values.yaml --version $CHART_VERSION + helm -n $NS install keycloak-import mosip/keycloak-init \ + --set keycloakExternalHost="$IAM_HOST" \ + --set keycloakInternalHost="$KEYCLOAK_SERVICE_NAME.$NS" \ + --set keycloak.realms.mosip.realm_config.attributes.frontendUrl="https://$IAM_HOST/auth" \ + -f import-init-values.yaml --version $CHART_VERSION return 0 } diff --git a/deploy/upgrade-init-values.yaml b/deploy/upgrade-init-values.yaml index 4060693e..3534b061 100644 --- a/deploy/upgrade-init-values.yaml +++ b/deploy/upgrade-init-values.yaml @@ -1,5 +1,5 @@ keycloak: - realms: |- + realms: del_realms: - preregistration mosip: # realm @@ -340,11 +340,65 @@ keycloak: - PMS_USER - uma_authorization - offline_access - sa_client_roles: - - realm-management: ## realm-management client id - - view-users # realm-management client roles - - view-clients - - view-realms - - manage-users users: [] +## These will be passed as environments variables to keycloak-init docker. Note the expected naming convention is +## _. If empty secret is passed, it shall be randomly generated +## IMPORTANT: When running import or upgrade: +## - To preserve existing secrets: Update 'secret' field with the current secret value from your Keycloak +## - To generate new random secrets: Leave 'secret' field as empty string ("") +clientSecrets: + - name: mosip_abis_client_secret + secret: "" + - name: mosip_admin_client_secret + secret: "" + - name: mosip_admin_services_client_secret + secret: "" + - name: mosip_auth_client_secret + secret: "" + - name: mosip_crereq_client_secret + secret: "" + - name: mosip_creser_client_secret + secret: "" + - name: mosip_datsha_client_secret + secret: "" + - name: mosip_ida_client_secret + secret: "" + - name: mosip_misp_client_secret + secret: "" + - name: mosip_pms_client_secret + secret: "" + - name: mosip_policymanager_client_secret + secret: "" + - name: mosip_reg_client_secret + secret: "" + - name: mosip_regproc_client_secret + secret: "" + - name: mosip_resident_client_secret + secret: "" + - name: mosip_prereg_client_secret + secret: "" + - name: mosip_creser_idpass_client_secret + secret: "" + - name: mosip_syncdata_client_secret + secret: "" + - name: mosip_deployment_client_secret + secret: "" + - name: mpartner_default_auth_secret + secret: "" + - name: mosip_idrepo_client_secret + secret: "" + - name: mpartner_default_print_secret + secret: "" + - name: mosip_hotlist_client_secret + secret: "" + - name: mpartner_default_mobile_secret + secret: "" + - name: mosip_digitalcard_client_secret + secret: "" + - name: mpartner_default_digitalcard_secret + secret: "" + - name: mosip_testrig_client_secret + secret: "" + - name: mpartner_default_template_secret + secret: "" \ No newline at end of file diff --git a/deploy/upgrade-init.sh b/deploy/upgrade-init.sh index 8769ea14..71365202 100755 --- a/deploy/upgrade-init.sh +++ b/deploy/upgrade-init.sh @@ -10,16 +10,32 @@ fi function upgrade_init() { NS=keycloak CHART_VERSION=0.0.1-develop + KEYCLOAK_SERVICE_NAME=keycloak helm repo add mosip https://mosip.github.io/mosip-helm helm repo update IAM_HOST=$(kubectl get cm global -o jsonpath={.data.mosip-iam-external-host}) - echo Initializing keycloak - helm -n $NS install keycloak-init mosip/keycloak-init --set frontend=https://$IAM_HOST/auth -f upgrade-init-values.yaml --version $CHART_VERSION - echo Initializing keycloak - helm -n $NS install keycloak-init mosip/keycloak-init --set frontend=https://$IAM_HOST/auth -f import-init-values.yaml --version $CHART_VERSION + echo Initializing keycloak with upgrade values + helm -n $NS upgrade --install keycloak-init-upgrade mosip/keycloak-init \ + --set keycloakExternalHost="$IAM_HOST" \ + --set keycloakInternalHost="$KEYCLOAK_SERVICE_NAME.$NS" \ + --set keycloak.realms.mosip.realm_config.attributes.frontendUrl="https://$IAM_HOST/auth" \ + -f upgrade-init-values.yaml --version $CHART_VERSION --wait + + echo Waiting for upgrade job to complete... + kubectl wait --for=condition=complete --timeout=600s -n $NS job -l app.kubernetes.io/instance=keycloak-init-upgrade || true + + echo Cleaning up upgrade release + helm -n $NS uninstall keycloak-init-upgrade + + echo Initializing keycloak with import values + helm -n $NS upgrade --install keycloak-init-import mosip/keycloak-init \ + --set keycloakExternalHost="$IAM_HOST" \ + --set keycloakInternalHost="$KEYCLOAK_SERVICE_NAME.$NS" \ + --set keycloak.realms.mosip.realm_config.attributes.frontendUrl="https://$IAM_HOST/auth" \ + -f import-init-values.yaml --version $CHART_VERSION --wait return 0 } @@ -29,4 +45,4 @@ set -o errexit ## set -e : exit the script if any statement returns a non-true set -o nounset ## set -u : exit the script if you try to use an uninitialised variable set -o errtrace # trace ERR through 'time command' and other functions set -o pipefail # trace ERR through pipes -import_init # calling function +upgrade_init # calling function From f956ee3872bac51660c90e29476579ac112a1ba1 Mon Sep 17 00:00:00 2001 From: bhumi46 Date: Thu, 5 Mar 2026 17:41:47 +0530 Subject: [PATCH 2/8] [MOSIP-39951] Updated keycloak init scripts with keycloakExternalHost Signed-off-by: bhumi46 --- deploy/import-init-values.yaml | 9 +++++---- deploy/upgrade-init.sh | 5 ++++- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/deploy/import-init-values.yaml b/deploy/import-init-values.yaml index 7d505b01..41958c31 100644 --- a/deploy/import-init-values.yaml +++ b/deploy/import-init-values.yaml @@ -1,8 +1,7 @@ keycloak: realms: del_realms: - realms_to_delete: - - preregistration + - preregistration mosip: roles: - Default @@ -534,6 +533,10 @@ clientSecrets: secret: "" - name: mosip_misp_client_secret secret: "" + - name: mosip_partner_client_secret + secret: "" + - name: mosip_partnermanager_client_secret + secret: "" - name: mosip_pms_client_secret secret: "" - name: mosip_policymanager_client_secret @@ -567,6 +570,4 @@ clientSecrets: - name: mpartner_default_digitalcard_secret secret: "" - name: mosip_testrig_client_secret - secret: "" - - name: mpartner_default_template_secret secret: "" \ No newline at end of file diff --git a/deploy/upgrade-init.sh b/deploy/upgrade-init.sh index 71365202..191fe6cd 100755 --- a/deploy/upgrade-init.sh +++ b/deploy/upgrade-init.sh @@ -25,7 +25,10 @@ function upgrade_init() { -f upgrade-init-values.yaml --version $CHART_VERSION --wait echo Waiting for upgrade job to complete... - kubectl wait --for=condition=complete --timeout=600s -n $NS job -l app.kubernetes.io/instance=keycloak-init-upgrade || true + if ! kubectl wait --for=condition=complete --timeout=600s -n $NS job -l app.kubernetes.io/instance=keycloak-init-upgrade; then + echo "$(tput setaf 1)ERROR: Keycloak upgrade job failed to complete. Aborting import process.$(tput sgr0)" + exit 1 + fi echo Cleaning up upgrade release helm -n $NS uninstall keycloak-init-upgrade From 5bca376790e6fdf96ec864e80e094b82466a5265 Mon Sep 17 00:00:00 2001 From: bhumi46 Date: Thu, 5 Mar 2026 17:52:52 +0530 Subject: [PATCH 3/8] [MOSIP-39951] Updated keycloak init scripts with keycloakExternalHost Signed-off-by: bhumi46 --- deploy/import-init.sh | 2 +- deploy/upgrade-init.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/import-init.sh b/deploy/import-init.sh index dea1f98b..fb327ba7 100755 --- a/deploy/import-init.sh +++ b/deploy/import-init.sh @@ -15,7 +15,7 @@ function import_init() { helm repo add mosip https://mosip.github.io/mosip-helm helm repo update - IAM_HOST=$(kubectl get cm global -o jsonpath={.data.mosip-iam-external-host}) + IAM_HOST=$(kubectl get cm global -o jsonpath='{.data.mosip-iam-external-host}') echo Initializing keycloak helm -n $NS install keycloak-import mosip/keycloak-init \ diff --git a/deploy/upgrade-init.sh b/deploy/upgrade-init.sh index 191fe6cd..3b1eaccd 100755 --- a/deploy/upgrade-init.sh +++ b/deploy/upgrade-init.sh @@ -15,7 +15,7 @@ function upgrade_init() { helm repo add mosip https://mosip.github.io/mosip-helm helm repo update - IAM_HOST=$(kubectl get cm global -o jsonpath={.data.mosip-iam-external-host}) + IAM_HOST=$(kubectl get cm global -o jsonpath='{.data.mosip-iam-external-host}') echo Initializing keycloak with upgrade values helm -n $NS upgrade --install keycloak-init-upgrade mosip/keycloak-init \ From 744e8449ec8b678fc5689cec15fc6851b4731696 Mon Sep 17 00:00:00 2001 From: bhumi46 Date: Wed, 11 Mar 2026 14:50:44 +0530 Subject: [PATCH 4/8] [MOSIP-39951] Updated keycloak init scripts with keycloakExternalHost Signed-off-by: bhumi46 --- deploy/import-init-values.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deploy/import-init-values.yaml b/deploy/import-init-values.yaml index 41958c31..fe22a7cc 100644 --- a/deploy/import-init-values.yaml +++ b/deploy/import-init-values.yaml @@ -1,7 +1,8 @@ keycloak: realms: del_realms: - - preregistration + realms_to_delete: + - preregistration mosip: roles: - Default From a2ff33b81769bd89c603ce3c26aa7e06c165f272 Mon Sep 17 00:00:00 2001 From: bhumi46 Date: Wed, 11 Mar 2026 15:05:57 +0530 Subject: [PATCH 5/8] [MOSIP-39951] Updated keycloak import and upgrade values.yaml Signed-off-by: bhumi46 --- deploy/import-init-values.yaml | 967 ++++++++++++++++---------------- deploy/upgrade-init-values.yaml | 678 +++++++++++----------- 2 files changed, 820 insertions(+), 825 deletions(-) diff --git a/deploy/import-init-values.yaml b/deploy/import-init-values.yaml index fe22a7cc..04895d34 100644 --- a/deploy/import-init-values.yaml +++ b/deploy/import-init-values.yaml @@ -1,515 +1,512 @@ -keycloak: - realms: - del_realms: - realms_to_delete: - - preregistration - mosip: - roles: - - Default - - ABIS_PARTNER - - SDK_PARTNER - - AUTH - - AUTH_PARTNER - - BIOMETRIC_READ - - CENTRAL_ADMIN - - CENTRAL_APPROVER - - CREATE_SHARE - - CREDENTIAL_ISSUANCE - - CREDENTIAL_PARTNER - - CREDENTIAL_REQUEST - - DATA_READ - - DEVICE_PROVIDER - - DOCUMENT_READ - - FTM_PROVIDER - - GLOBAL_ADMIN - - ID_AUTHENTICATION - - ID_REPOSITORY - - INDIVIDUAL - - KEY_MAKER - - MASTERDATA_ADMIN - - METADATA_READ - - MISP - - MISP_PARTNER - - offline_access - - ONLINE_VERIFICATION_PARTNER - - PARTNER - - PARTNER_ADMIN - - PARTNERMANAGER - - PMS_ADMIN - - PMS_USER - - POLICYMANAGER - - PREREG - - PRE_REGISTRATION - - PRE_REGISTRATION_ADMIN - - PRINT_PARTNER - - PUBLISH_ACTIVATE_ID_ALL_INDIVIDUAL - - PUBLISH_ANONYMOUS_PROFILE_GENERAL - - PUBLISH_APIKEY_APPROVED_GENERAL - - PUBLISH_APIKEY_UPDATED_GENERAL - - PUBLISH_AUTHENTICATION_TRANSACTION_STATUS_GENERAL - - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL - - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ALL_INDIVIDUAL - - PUBLISH_CA_CERTIFICATE_UPLOADED_GENERAL - - PUBLISH_CREDENTIAL_ISSUED_ALL_INDIVIDUAL - - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL - - PUBLISH_DEACTIVATE_ID_ALL_INDIVIDUAL - - PUBLISH_IDA_FRAUD_ANALYTICS_GENERAL - - PUBLISH_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL - - PUBLISH_MASTERDATA_TITLES_GENERAL - - PUBLISH_MISP_LICENSE_GENERATED_GENERAL - - PUBLISH_MISP_LICENSE_UPDATED_GENERAL - - PUBLISH_MOSIP_HOTLIST_GENERAL - - PUBLISH_PARTNER_UPDATED_GENERAL - - PUBLISH_POLICY_UPDATED_GENERAL - - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL - - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL - - PUBLISH_REMOVE_ID_ALL_INDIVIDUAL - - PUBLISH_VID_CRED_STATUS_UPDATE_GENERAL - - REGISTRATION_ADMIN - - REGISTRATION_OFFICER - - REGISTRATION_OPERATOR - - REGISTRATION_PROCESSOR - - REGISTRATION_SUPERVISOR - - RESIDENT - - SUBSCRIBE_ACTIVATE_ID_INDIVIDUAL - - SUBSCRIBE_APIKEY_APPROVED_GENERAL - - SUBSCRIBE_APIKEY_UPDATED_GENERAL - - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL - - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_INDIVIDUAL - - SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL - - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL - - SUBSCRIBE_CREDENTIAL_STATUS_UPDATE_GENERAL - - SUBSCRIBE_DEACTIVATE_ID_INDIVIDUAL - - SUBSCRIBE_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL - - SUBSCRIBE_MASTERDATA_TITLES_GENERAL - - SUBSCRIBE_MISP_LICENSE_GENERATED_GENERAL - - SUBSCRIBE_MISP_LICENSE_UPDATED_GENERAL - - SUBSCRIBE_MOSIP_HOTLIST_GENERAL - - SUBSCRIBE_PARTNER_UPDATED_GENERAL - - SUBSCRIBE_POLICY_UPDATED_GENERAL - - SUBSCRIBE_REMOVE_ID_INDIVIDUAL - - SUBSCRIBE_VID_CRED_STATUS_UPDATE_GENERAL - - uma_authorization - - ZONAL_ADMIN - - ZONAL_APPROVER - - HOTLIST_ADMIN - - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL - - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL - - SUBSCRIBE_IDENTITY_CREATED_GENERAL - - SUBSCRIBE_IDENTITY_UPDATED_GENERAL - - PUBLISH_OIDC_CLIENT_CREATED_GENERAL - - PUBLISH_OIDC_CLIENT_UPDATED_GENERAL - - SUBSCRIBE_OIDC_CLIENT_CREATED_GENERAL - - SUBSCRIBE_OIDC_CLIENT_UPDATED_GENERAL - client_scopes: - - name: add_oidc_client - description: Scope required to create OIDC client - protocol: openid-connect - Include In Token Scope : on - attributes: { - display.on.consent.screen: "false", - include.in.token.scope: "true" - } - - name: update_oidc_client - description: '' - protocol: openid-connect - Include In Token Scope : on - attributes: { - display.on.consent.screen: "false", - include.in.token.scope: "true" - } - - name: get_certificate - description: Scope required to create OIDC client - protocol: openid-connect - Include In Token Scope : on - attributes: { - display.on.consent.screen: "false", - include.in.token.scope: "true" - } - - name: upload_certificate - description: '' - protocol: openid-connect - Include In Token Scope : on - attributes: { - display.on.consent.screen: "false", - include.in.token.scope: "true" - } - - name: individual_id - description: Scope required to create resident client - protocol: openid-connect - Include In Token Scope : on - attributes: { - display.on.consent.screen: "true", - include.in.token.scope: "true" - } - - name: ida_token - description: '' - protocol: openid-connect - Include In Token Scope : on - attributes: { - display.on.consent.screen: "true", - include.in.token.scope: "true" - } - - name: send_binding_otp - description: Scope required to create mpartner-default-mobile client - protocol: openid-connect - Include In Token Scope : on - attributes: { - display.on.consent.screen: "false", - include.in.token.scope: "true" - } - - name: wallet_binding - description: Scope required to create mpartner-default-mobile client - protocol: openid-connect - Include In Token Scope : on - attributes: { - display.on.consent.screen: "false", - include.in.token.scope: "true" - } +del_realms: + - preregistration +mosip: + roles: + - Default + - ABIS_PARTNER + - SDK_PARTNER + - AUTH + - AUTH_PARTNER + - BIOMETRIC_READ + - CENTRAL_ADMIN + - CENTRAL_APPROVER + - CREATE_SHARE + - CREDENTIAL_ISSUANCE + - CREDENTIAL_PARTNER + - CREDENTIAL_REQUEST + - DATA_READ + - DEVICE_PROVIDER + - DOCUMENT_READ + - FTM_PROVIDER + - GLOBAL_ADMIN + - ID_AUTHENTICATION + - ID_REPOSITORY + - INDIVIDUAL + - KEY_MAKER + - MASTERDATA_ADMIN + - METADATA_READ + - MISP + - MISP_PARTNER + - offline_access + - ONLINE_VERIFICATION_PARTNER + - PARTNER + - PARTNER_ADMIN + - PARTNERMANAGER + - PMS_ADMIN + - PMS_USER + - POLICYMANAGER + - PREREG + - PRE_REGISTRATION + - PRE_REGISTRATION_ADMIN + - PRINT_PARTNER + - PUBLISH_ACTIVATE_ID_ALL_INDIVIDUAL + - PUBLISH_ANONYMOUS_PROFILE_GENERAL + - PUBLISH_APIKEY_APPROVED_GENERAL + - PUBLISH_APIKEY_UPDATED_GENERAL + - PUBLISH_AUTHENTICATION_TRANSACTION_STATUS_GENERAL + - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL + - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ALL_INDIVIDUAL + - PUBLISH_CA_CERTIFICATE_UPLOADED_GENERAL + - PUBLISH_CREDENTIAL_ISSUED_ALL_INDIVIDUAL + - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL + - PUBLISH_DEACTIVATE_ID_ALL_INDIVIDUAL + - PUBLISH_IDA_FRAUD_ANALYTICS_GENERAL + - PUBLISH_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL + - PUBLISH_MASTERDATA_TITLES_GENERAL + - PUBLISH_MISP_LICENSE_GENERATED_GENERAL + - PUBLISH_MISP_LICENSE_UPDATED_GENERAL + - PUBLISH_MOSIP_HOTLIST_GENERAL + - PUBLISH_PARTNER_UPDATED_GENERAL + - PUBLISH_POLICY_UPDATED_GENERAL + - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL + - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL + - PUBLISH_REMOVE_ID_ALL_INDIVIDUAL + - PUBLISH_VID_CRED_STATUS_UPDATE_GENERAL + - REGISTRATION_ADMIN + - REGISTRATION_OFFICER + - REGISTRATION_OPERATOR + - REGISTRATION_PROCESSOR + - REGISTRATION_SUPERVISOR + - RESIDENT + - SUBSCRIBE_ACTIVATE_ID_INDIVIDUAL + - SUBSCRIBE_APIKEY_APPROVED_GENERAL + - SUBSCRIBE_APIKEY_UPDATED_GENERAL + - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL + - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_INDIVIDUAL + - SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL + - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL + - SUBSCRIBE_CREDENTIAL_STATUS_UPDATE_GENERAL + - SUBSCRIBE_DEACTIVATE_ID_INDIVIDUAL + - SUBSCRIBE_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL + - SUBSCRIBE_MASTERDATA_TITLES_GENERAL + - SUBSCRIBE_MISP_LICENSE_GENERATED_GENERAL + - SUBSCRIBE_MISP_LICENSE_UPDATED_GENERAL + - SUBSCRIBE_MOSIP_HOTLIST_GENERAL + - SUBSCRIBE_PARTNER_UPDATED_GENERAL + - SUBSCRIBE_POLICY_UPDATED_GENERAL + - SUBSCRIBE_REMOVE_ID_INDIVIDUAL + - SUBSCRIBE_VID_CRED_STATUS_UPDATE_GENERAL + - uma_authorization + - ZONAL_ADMIN + - ZONAL_APPROVER + - HOTLIST_ADMIN + - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL + - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL + - SUBSCRIBE_IDENTITY_CREATED_GENERAL + - SUBSCRIBE_IDENTITY_UPDATED_GENERAL + - PUBLISH_OIDC_CLIENT_CREATED_GENERAL + - PUBLISH_OIDC_CLIENT_UPDATED_GENERAL + - SUBSCRIBE_OIDC_CLIENT_CREATED_GENERAL + - SUBSCRIBE_OIDC_CLIENT_UPDATED_GENERAL + client_scopes: + - name: add_oidc_client + description: Scope required to create OIDC client + protocol: openid-connect + Include In Token Scope : on + attributes: { + display.on.consent.screen: "false", + include.in.token.scope: "true" + } + - name: update_oidc_client + description: '' + protocol: openid-connect + Include In Token Scope : on + attributes: { + display.on.consent.screen: "false", + include.in.token.scope: "true" + } + - name: get_certificate + description: Scope required to create OIDC client + protocol: openid-connect + Include In Token Scope : on + attributes: { + display.on.consent.screen: "false", + include.in.token.scope: "true" + } + - name: upload_certificate + description: '' + protocol: openid-connect + Include In Token Scope : on + attributes: { + display.on.consent.screen: "false", + include.in.token.scope: "true" + } + - name: individual_id + description: Scope required to create resident client + protocol: openid-connect + Include In Token Scope : on + attributes: { + display.on.consent.screen: "true", + include.in.token.scope: "true" + } + - name: ida_token + description: '' + protocol: openid-connect + Include In Token Scope : on + attributes: { + display.on.consent.screen: "true", + include.in.token.scope: "true" + } + - name: send_binding_otp + description: Scope required to create mpartner-default-mobile client + protocol: openid-connect + Include In Token Scope : on + attributes: { + display.on.consent.screen: "false", + include.in.token.scope: "true" + } + - name: wallet_binding + description: Scope required to create mpartner-default-mobile client + protocol: openid-connect + Include In Token Scope : on + attributes: { + display.on.consent.screen: "false", + include.in.token.scope: "true" + } - clients: - - name: mosip-abis-client - mappers: [] - saroles: [] + clients: + - name: mosip-abis-client + mappers: [] + saroles: [] - - name: mosip-admin-client - mappers: [] - saroles: - - MASTERDATA_ADMIN - - GLOBAL_ADMIN - - PUBLISH_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL - - offline_access - - PUBLISH_MOSIP_HOTLIST_GENERAL - - uma_authorization - - PUBLISH_MASTERDATA_TITLES_GENERAL + - name: mosip-admin-client + mappers: [] + saroles: + - MASTERDATA_ADMIN + - GLOBAL_ADMIN + - PUBLISH_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL + - offline_access + - PUBLISH_MOSIP_HOTLIST_GENERAL + - uma_authorization + - PUBLISH_MASTERDATA_TITLES_GENERAL - - name: mosip-admin-services-client - mappers: [] - saroles: [] + - name: mosip-admin-services-client + mappers: [] + saroles: [] - - name: mosip-auth-client - mappers: [] - saroles: - - AUTH + - name: mosip-auth-client + mappers: [] + saroles: + - AUTH - - name: mosip-crereq-client - mappers: [] - saroles: - - CREDENTIAL_ISSUANCE - - CREDENTIAL_REQUEST - - SUBSCRIBE_CREDENTIAL_STATUS_UPDATE_GENERAL - - offline_access - - uma_authorization + - name: mosip-crereq-client + mappers: [] + saroles: + - CREDENTIAL_ISSUANCE + - CREDENTIAL_REQUEST + - SUBSCRIBE_CREDENTIAL_STATUS_UPDATE_GENERAL + - offline_access + - uma_authorization - - name: mosip-creser-client - mappers: [] - saroles: - - CREDENTIAL_ISSUANCE - - REGISTRATION_PROCESSOR - - POLICYMANAGER - - CREATE_SHARE - - offline_access - - PUBLISH_CREDENTIAL_ISSUED_ALL_INDIVIDUAL - - uma_authorization - - name: mosip-creser-idpass-client - mappers: [] - saroles: - - REGISTRATION_PROCESSOR - - DATA_READ - - DOCUMENT_READ - - BIOMETRIC_READ - - METADATA_READ - - CREATE_SHARE - - CREDENTIAL_REQUEST + - name: mosip-creser-client + mappers: [] + saroles: + - CREDENTIAL_ISSUANCE + - REGISTRATION_PROCESSOR + - POLICYMANAGER + - CREATE_SHARE + - offline_access + - PUBLISH_CREDENTIAL_ISSUED_ALL_INDIVIDUAL + - uma_authorization + - name: mosip-creser-idpass-client + mappers: [] + saroles: + - REGISTRATION_PROCESSOR + - DATA_READ + - DOCUMENT_READ + - BIOMETRIC_READ + - METADATA_READ + - CREATE_SHARE + - CREDENTIAL_REQUEST - - name: mosip-datsha-client - mappers: [] - saroles: - - CREATE_SHARE - - REGISTRATION_PROCESSOR - - POLICYMANAGER + - name: mosip-datsha-client + mappers: [] + saroles: + - CREATE_SHARE + - REGISTRATION_PROCESSOR + - POLICYMANAGER - - name: mosip-ida-client - mappers: [] - saroles: - - CREDENTIAL_REQUEST - - GLOBAL_ADMIN - - ID_AUTHENTICATION - - PARTNERMANAGER # Added only for cert upload using postman during install. Not required otherwise. - - SUBSCRIBE_OIDC_CLIENT_CREATED_GENERAL - - SUBSCRIBE_OIDC_CLIENT_UPDATED_GENERAL - - name: mosip-misp-client - mappers: [] - saroles: [] + - name: mosip-ida-client + mappers: [] + saroles: + - CREDENTIAL_REQUEST + - GLOBAL_ADMIN + - ID_AUTHENTICATION + - PARTNERMANAGER # Added only for cert upload using postman during install. Not required otherwise. + - SUBSCRIBE_OIDC_CLIENT_CREATED_GENERAL + - SUBSCRIBE_OIDC_CLIENT_UPDATED_GENERAL + - name: mosip-misp-client + mappers: [] + saroles: [] - - name: mosip-partner-client - mappers: - - mapper_name: phoneNumber - mapper_user_attribute: phoneNumber - token_claim_name: phoneNumber - - mapper_name: organizationName - mapper_user_attribute: organizationName - token_claim_name: organizationName - - mapper_name: partnerType - mapper_user_attribute: partnerType - token_claim_name: partnerType - - mapper_name: addressTest - mapper_user_attribute: address - token_claim_name: addressTest - saroles: - - REGISTRATION_PROCESSOR - - CREATE_SHARE - - PMS_USER - - PMS_ADMIN - - PARTNER_ADMIN - - SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL - - PUBLISH_MISP_LICENSE_UPDATED_GENERAL - - PUBLISH_PARTNER_UPDATED_GENERAL - - PUBLISH_MISP_LICENSE_GENERATED_GENERAL - - PUBLISH_APIKEY_APPROVED_GENERAL - - PUBLISH_APIKEY_UPDATED_GENERAL - - PUBLISH_CA_CERTIFICATE_UPLOADED_GENERAL - - PUBLISH_POLICY_UPDATED_GENERAL + - name: mosip-partner-client + mappers: + - mapper_name: phoneNumber + mapper_user_attribute: phoneNumber + token_claim_name: phoneNumber + - mapper_name: organizationName + mapper_user_attribute: organizationName + token_claim_name: organizationName + - mapper_name: partnerType + mapper_user_attribute: partnerType + token_claim_name: partnerType + - mapper_name: addressTest + mapper_user_attribute: address + token_claim_name: addressTest + saroles: + - REGISTRATION_PROCESSOR + - CREATE_SHARE + - PMS_USER + - PMS_ADMIN + - PARTNER_ADMIN + - SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL + - PUBLISH_MISP_LICENSE_UPDATED_GENERAL + - PUBLISH_PARTNER_UPDATED_GENERAL + - PUBLISH_MISP_LICENSE_GENERATED_GENERAL + - PUBLISH_APIKEY_APPROVED_GENERAL + - PUBLISH_APIKEY_UPDATED_GENERAL + - PUBLISH_CA_CERTIFICATE_UPLOADED_GENERAL + - PUBLISH_POLICY_UPDATED_GENERAL - - name: mosip-partnermanager-client - mappers: [] - saroles: - - PARTNERMANAGER - - KEY_MAKER + - name: mosip-partnermanager-client + mappers: [] + saroles: + - PARTNERMANAGER + - KEY_MAKER - - name: mosip-pms-client - mappers: - - mapper_name: phoneNumber - mapper_user_attribute: phoneNumber - token_claim_name: phoneNumber - - mapper_name: organizationName - mapper_user_attribute: organizationName - token_claim_name: organizationName - - mapper_name: partnerType - mapper_user_attribute: partnerType - token_claim_name: partnerType - - mapper_name: addressTest - mapper_user_attribute: address - token_claim_name: addressTest - saroles: - - PARTNER_ADMIN - - SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL - - PUBLISH_OIDC_CLIENT_CREATED_GENERAL - - PUBLISH_OIDC_CLIENT_UPDATED_GENERAL - - PUBLISH_APIKEY_APPROVED_GENERAL - - PUBLISH_APIKEY_UPDATED_GENERAL - - PUBLISH_CA_CERTIFICATE_UPLOADED_GENERAL - - PUBLISH_MISP_LICENSE_GENERATED_GENERAL - - PUBLISH_MISP_LICENSE_UPDATED_GENERAL - - PUBLISH_PARTNER_UPDATED_GENERAL - - PUBLISH_POLICY_UPDATED_GENERAL - - ZONAL_ADMIN - - CREATE_SHARE - - DEVICE_PROVIDER - - PARTNER - - PMS_ADMIN - - PMS_USER - - REGISTRATION_PROCESSOR - assign_client_scopes: - - update_oidc_client - - add_oidc_client - - get_certificate - - upload_certificate - - name: mosip-policymanager-client - mappers: [] - saroles: [] + - name: mosip-pms-client + mappers: + - mapper_name: phoneNumber + mapper_user_attribute: phoneNumber + token_claim_name: phoneNumber + - mapper_name: organizationName + mapper_user_attribute: organizationName + token_claim_name: organizationName + - mapper_name: partnerType + mapper_user_attribute: partnerType + token_claim_name: partnerType + - mapper_name: addressTest + mapper_user_attribute: address + token_claim_name: addressTest + saroles: + - PARTNER_ADMIN + - SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL + - PUBLISH_OIDC_CLIENT_CREATED_GENERAL + - PUBLISH_OIDC_CLIENT_UPDATED_GENERAL + - PUBLISH_APIKEY_APPROVED_GENERAL + - PUBLISH_APIKEY_UPDATED_GENERAL + - PUBLISH_CA_CERTIFICATE_UPLOADED_GENERAL + - PUBLISH_MISP_LICENSE_GENERATED_GENERAL + - PUBLISH_MISP_LICENSE_UPDATED_GENERAL + - PUBLISH_PARTNER_UPDATED_GENERAL + - PUBLISH_POLICY_UPDATED_GENERAL + - ZONAL_ADMIN + - CREATE_SHARE + - DEVICE_PROVIDER + - PARTNER + - PMS_ADMIN + - PMS_USER + - REGISTRATION_PROCESSOR + assign_client_scopes: + - update_oidc_client + - add_oidc_client + - get_certificate + - upload_certificate + - name: mosip-policymanager-client + mappers: [] + saroles: [] - - name: mosip-reg-client - mappers: [] - saroles: - - GLOBAL_ADMIN - - REGISTRATION_ADMIN - - REGISTRATION_OFFICER - - REGISTRATION_OPERATOR - - REGISTRATION_SUPERVISOR + - name: mosip-reg-client + mappers: [] + saroles: + - GLOBAL_ADMIN + - REGISTRATION_ADMIN + - REGISTRATION_OFFICER + - REGISTRATION_OPERATOR + - REGISTRATION_SUPERVISOR - - name: mosip-regproc-client - mappers: [] - saroles: - - REGISTRATION_PROCESSOR - - DATA_READ - - DOCUMENT_READ - - BIOMETRIC_READ - - METADATA_READ - - CREATE_SHARE - - CREDENTIAL_REQUEST - - PARTNER - - PARTNER_ADMIN - - PMS_USER - - POLICYMANAGER - - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL - - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL - - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL - - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL + - name: mosip-regproc-client + mappers: [] + saroles: + - REGISTRATION_PROCESSOR + - DATA_READ + - DOCUMENT_READ + - BIOMETRIC_READ + - METADATA_READ + - CREATE_SHARE + - CREDENTIAL_REQUEST + - PARTNER + - PARTNER_ADMIN + - PMS_USER + - POLICYMANAGER + - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL + - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL + - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL + - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL - - name: mpartner-default-mobile - mappers: [] - saroles: - - CREDENTIAL_PARTNER - - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL - - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL - - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL - - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL - - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL - - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL - assign_client_scopes: - - send_binding_otp - - wallet_binding + - name: mpartner-default-mobile + mappers: [] + saroles: + - CREDENTIAL_PARTNER + - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL + - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL + - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL + - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL + - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL + - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL + assign_client_scopes: + - send_binding_otp + - wallet_binding - - name: mosip-resident-client - mappers: [] - saroles: - - RESIDENT - - PARTNER_ADMIN - - CREDENTIAL_REQUEST - - offline_access - - uma_authorization - assign_client_scopes: - - individual_id - - ida_token + - name: mosip-resident-client + mappers: [] + saroles: + - RESIDENT + - PARTNER_ADMIN + - CREDENTIAL_REQUEST + - offline_access + - uma_authorization + assign_client_scopes: + - individual_id + - ida_token - - name: mosip-prereg-client - mappers: [] - saroles: - - PREREG - - REGISTRATION_PROCESSOR - - PRE_REGISTRATION_ADMIN + - name: mosip-prereg-client + mappers: [] + saroles: + - PREREG + - REGISTRATION_PROCESSOR + - PRE_REGISTRATION_ADMIN - - name: mosip-creser-idpass-client - mappers: [] - saroles: - - REGISTRATION_PROCESSOR - - DATA_READ - - DOCUMENT_READ - - BIOMETRIC_READ - - METADATA_READ - - CREATE_SHARE - - CREDENTIAL_REQUEST + - name: mosip-creser-idpass-client + mappers: [] + saroles: + - REGISTRATION_PROCESSOR + - DATA_READ + - DOCUMENT_READ + - BIOMETRIC_READ + - METADATA_READ + - CREATE_SHARE + - CREDENTIAL_REQUEST - - name: mosip-syncdata-client - mappers: [] - saroles: - - REGISTRATION_ADMIN - - GLOBAL_ADMIN - - SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL - - REGISTRATION_SUPERVISOR - - REGISTRATION_OFFICER + - name: mosip-syncdata-client + mappers: [] + saroles: + - REGISTRATION_ADMIN + - GLOBAL_ADMIN + - SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL + - REGISTRATION_SUPERVISOR + - REGISTRATION_OFFICER - - name: mpartner-default-auth - mappers: - - mapper_name: langCode - mapper_user_attribute: langCode - token_claim_name: langCode - saroles: - - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_INDIVIDUAL - - SUBSCRIBE_POLICY_UPDATED_GENERAL - - SUBSCRIBE_MISP_LICENSE_GENERATED_GENERAL - - CREDENTIAL_REQUEST - - SUBSCRIBE_MOSIP_HOTLIST_GENERAL - - PUBLISH_ANONYMOUS_PROFILE_GENERAL - - SUBSCRIBE_ACTIVATE_ID_INDIVIDUAL - - SUBSCRIBE_REMOVE_ID_INDIVIDUAL - - SUBSCRIBE_MASTERDATA_TITLES_GENERAL - - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL - - SUBSCRIBE_MISP_LICENSE_UPDATED_GENERAL - - ID_AUTHENTICATION - - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL - - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL - - SUBSCRIBE_PARTNER_UPDATED_GENERAL - - offline_access - - SUBSCRIBE_APIKEY_APPROVED_GENERAL - - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL - - SUBSCRIBE_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL - - uma_authorization - - SUBSCRIBE_APIKEY_UPDATED_GENERAL - - SUBSCRIBE_DEACTIVATE_ID_INDIVIDUAL - - SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL - - PUBLISH_AUTHENTICATION_TRANSACTION_STATUS_GENERAL - - PUBLISH_IDA_FRAUD_ANALYTICS_GENERAL - - SUBSCRIBE_OIDC_CLIENT_CREATED_GENERAL - - SUBSCRIBE_OIDC_CLIENT_UPDATED_GENERAL + - name: mpartner-default-auth + mappers: + - mapper_name: langCode + mapper_user_attribute: langCode + token_claim_name: langCode + saroles: + - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_INDIVIDUAL + - SUBSCRIBE_POLICY_UPDATED_GENERAL + - SUBSCRIBE_MISP_LICENSE_GENERATED_GENERAL + - CREDENTIAL_REQUEST + - SUBSCRIBE_MOSIP_HOTLIST_GENERAL + - PUBLISH_ANONYMOUS_PROFILE_GENERAL + - SUBSCRIBE_ACTIVATE_ID_INDIVIDUAL + - SUBSCRIBE_REMOVE_ID_INDIVIDUAL + - SUBSCRIBE_MASTERDATA_TITLES_GENERAL + - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL + - SUBSCRIBE_MISP_LICENSE_UPDATED_GENERAL + - ID_AUTHENTICATION + - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL + - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL + - SUBSCRIBE_PARTNER_UPDATED_GENERAL + - offline_access + - SUBSCRIBE_APIKEY_APPROVED_GENERAL + - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL + - SUBSCRIBE_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL + - uma_authorization + - SUBSCRIBE_APIKEY_UPDATED_GENERAL + - SUBSCRIBE_DEACTIVATE_ID_INDIVIDUAL + - SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL + - PUBLISH_AUTHENTICATION_TRANSACTION_STATUS_GENERAL + - PUBLISH_IDA_FRAUD_ANALYTICS_GENERAL + - SUBSCRIBE_OIDC_CLIENT_CREATED_GENERAL + - SUBSCRIBE_OIDC_CLIENT_UPDATED_GENERAL - - name: mosip-idrepo-client - mappers: [] - saroles: - - PUBLISH_DEACTIVATE_ID_ALL_INDIVIDUAL - - SUBSCRIBE_VID_CRED_STATUS_UPDATE_GENERAL - - ID_REPOSITORY - - PUBLISH_ACTIVATE_ID_ALL_INDIVIDUAL - - offline_access - - PUBLISH_REMOVE_ID_ALL_INDIVIDUAL - - PUBLISH_AUTHENTICATION_TRANSACTION_STATUS_GENERAL - - uma_authorization - - PUBLISH_VID_CRED_STATUS_UPDATE_GENERAL - - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ALL_INDIVIDUAL + - name: mosip-idrepo-client + mappers: [] + saroles: + - PUBLISH_DEACTIVATE_ID_ALL_INDIVIDUAL + - SUBSCRIBE_VID_CRED_STATUS_UPDATE_GENERAL + - ID_REPOSITORY + - PUBLISH_ACTIVATE_ID_ALL_INDIVIDUAL + - offline_access + - PUBLISH_REMOVE_ID_ALL_INDIVIDUAL + - PUBLISH_AUTHENTICATION_TRANSACTION_STATUS_GENERAL + - uma_authorization + - PUBLISH_VID_CRED_STATUS_UPDATE_GENERAL + - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ALL_INDIVIDUAL - - name: mpartner-default-print - mappers: [] - saroles: - - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL - - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL - - CREATE_SHARE - - PRINT_PARTNER + - name: mpartner-default-print + mappers: [] + saroles: + - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL + - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL + - CREATE_SHARE + - PRINT_PARTNER - - name: mpartner-default-digitalcard - mappers: [] - saroles: - - SUBSCRIBE_IDENTITY_CREATED_GENERAL - - SUBSCRIBE_IDENTITY_UPDATED_GENERAL - - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL - - CREATE_SHARE - - PRINT_PARTNER - - CREDENTIAL_REQUEST - - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL + - name: mpartner-default-digitalcard + mappers: [] + saroles: + - SUBSCRIBE_IDENTITY_CREATED_GENERAL + - SUBSCRIBE_IDENTITY_UPDATED_GENERAL + - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL + - CREATE_SHARE + - PRINT_PARTNER + - CREDENTIAL_REQUEST + - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL - - name: mosip-digitalcard-client - saroles: - - CREATE_SHARE - - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL - - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL - - SUBSCRIBE_IDENTITY_CREATED_GENERAL - - SUBSCRIBE_IDENTITY_UPDATED_GENERAL + - name: mosip-digitalcard-client + saroles: + - CREATE_SHARE + - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL + - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL + - SUBSCRIBE_IDENTITY_CREATED_GENERAL + - SUBSCRIBE_IDENTITY_UPDATED_GENERAL - - name: mosip-hotlist-client - saroles: - - HOTLIST_ADMIN - - uma_authorization - - offline_access - - PUBLISH_MOSIP_HOTLIST_GENERAL + - name: mosip-hotlist-client + saroles: + - HOTLIST_ADMIN + - uma_authorization + - offline_access + - PUBLISH_MOSIP_HOTLIST_GENERAL - # Used only for initial deployment purposes. Maybe deleted from installation later. - - name: mosip-deployment-client - saroles: - - ID_AUTHENTICATION - - GLOBAL_ADMIN # TODO: do we need this? - - PARTNER_ADMIN - - uma_authorization - - offline_access + # Used only for initial deployment purposes. Maybe deleted from installation later. + - name: mosip-deployment-client + saroles: + - ID_AUTHENTICATION + - GLOBAL_ADMIN # TODO: do we need this? + - PARTNER_ADMIN + - uma_authorization + - offline_access - - name: mosip-testrig-client - saroles: - - ID_AUTHENTICATION - - GLOBAL_ADMIN # TODO: do we need this? - - PARTNER_ADMIN - - REGISTRATION_PROCESSOR - - CREATE_SHARE - - PMS_ADMIN - - PMS_USER - - uma_authorization - - offline_access - sa_client_roles: - - realm-management: ## realm-management client id - - view-users # realm-management client roles - - view-clients - - view-realm - - manage-users + - name: mosip-testrig-client + saroles: + - ID_AUTHENTICATION + - GLOBAL_ADMIN # TODO: do we need this? + - PARTNER_ADMIN + - REGISTRATION_PROCESSOR + - CREATE_SHARE + - PMS_ADMIN + - PMS_USER + - uma_authorization + - offline_access + sa_client_roles: + - realm-management: ## realm-management client id + - view-users # realm-management client roles + - view-clients + - view-realm + - manage-users - users: [] + users: [] ## These will be passed as environments variables to keycloak-init docker. Note the expected naming convention is ## _. If empty secret is passed, it shall be randomly generated ## IMPORTANT: When running import or upgrade: diff --git a/deploy/upgrade-init-values.yaml b/deploy/upgrade-init-values.yaml index 3534b061..d99f09ad 100644 --- a/deploy/upgrade-init-values.yaml +++ b/deploy/upgrade-init-values.yaml @@ -1,347 +1,345 @@ -keycloak: - realms: - del_realms: - - preregistration - mosip: # realm - roles: - - Default - - ABIS_PARTNER - - SDK_PARTNER - - AUTH - - AUTH_PARTNER - - BIOMETRIC_READ - - CENTRAL_ADMIN - - CENTRAL_APPROVER - - CREATE_SHARE - - CREDENTIAL_ISSUANCE - - CREDENTIAL_PARTNER - - CREDENTIAL_REQUEST - - DATA_READ - - DEVICE_PROVIDER - - DOCUMENT_READ - - FTM_PROVIDER - - GLOBAL_ADMIN - - ID_AUTHENTICATION - - ID_REPOSITORY - - INDIVIDUAL - - KEY_MAKER - - MASTERDATA_ADMIN - - METADATA_READ - - MISP - - MISP_PARTNER - - offline_access - - ONLINE_VERIFICATION_PARTNER - - PARTNER - - PARTNER_ADMIN - - PARTNERMANAGER - - PMS_ADMIN - - PMS_USER - - POLICYMANAGER - - PREREG - - PRE_REGISTRATION - - PRE_REGISTRATION_ADMIN - - PRINT_PARTNER - - PUBLISH_ACTIVATE_ID_ALL_INDIVIDUAL - - PUBLISH_ANONYMOUS_PROFILE_GENERAL - - PUBLISH_APIKEY_APPROVED_GENERAL - - PUBLISH_APIKEY_UPDATED_GENERAL - - PUBLISH_AUTHENTICATION_TRANSACTION_STATUS_GENERAL - - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL - - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ALL_INDIVIDUAL - - PUBLISH_CA_CERTIFICATE_UPLOADED_GENERAL - - PUBLISH_CREDENTIAL_ISSUED_ALL_INDIVIDUAL - - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL - - PUBLISH_DEACTIVATE_ID_ALL_INDIVIDUAL - - PUBLISH_IDA_FRAUD_ANALYTICS_GENERAL - - PUBLISH_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL - - PUBLISH_MASTERDATA_TITLES_GENERAL - - PUBLISH_MISP_LICENSE_GENERATED_GENERAL - - PUBLISH_MISP_LICENSE_UPDATED_GENERAL - - PUBLISH_MOSIP_HOTLIST_GENERAL - - PUBLISH_PARTNER_UPDATED_GENERAL - - PUBLISH_POLICY_UPDATED_GENERAL - - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL - - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL - - PUBLISH_REMOVE_ID_ALL_INDIVIDUAL - - PUBLISH_VID_CRED_STATUS_UPDATE_GENERAL - - REGISTRATION_ADMIN - - REGISTRATION_OFFICER - - REGISTRATION_OPERATOR - - REGISTRATION_PROCESSOR - - REGISTRATION_SUPERVISOR - - RESIDENT - - SUBSCRIBE_ACTIVATE_ID_INDIVIDUAL - - SUBSCRIBE_APIKEY_APPROVED_GENERAL - - SUBSCRIBE_APIKEY_UPDATED_GENERAL - - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL - - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_INDIVIDUAL - - SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL - - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL - - SUBSCRIBE_CREDENTIAL_STATUS_UPDATE_GENERAL - - SUBSCRIBE_DEACTIVATE_ID_INDIVIDUAL - - SUBSCRIBE_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL - - SUBSCRIBE_MASTERDATA_TITLES_GENERAL - - SUBSCRIBE_MISP_LICENSE_GENERATED_GENERAL - - SUBSCRIBE_MISP_LICENSE_UPDATED_GENERAL - - SUBSCRIBE_MOSIP_HOTLIST_GENERAL - - SUBSCRIBE_PARTNER_UPDATED_GENERAL - - SUBSCRIBE_POLICY_UPDATED_GENERAL - - SUBSCRIBE_REMOVE_ID_INDIVIDUAL - - SUBSCRIBE_VID_CRED_STATUS_UPDATE_GENERAL - - uma_authorization - - ZONAL_ADMIN - - ZONAL_APPROVER - - HOTLIST_ADMIN - - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL - - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL - clients: - - name: mosip-abis-client - mappers: [] - saroles: [] - - name: mosip-admin-client - mappers: [] - saroles: - - MASTERDATA_ADMIN - - GLOBAL_ADMIN - - PUBLISH_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL - - offline_access - - PUBLISH_MOSIP_HOTLIST_GENERAL - - uma_authorization - - PUBLISH_MASTERDATA_TITLES_GENERAL - - name: mosip-admin-services-client - mappers: [] - saroles: [] - - name: mosip-auth-client - mappers: [] - saroles: - - AUTH - - name: mosip-crereq-client - mappers: [] - saroles: - - CREDENTIAL_ISSUANCE - - CREDENTIAL_REQUEST - - SUBSCRIBE_CREDENTIAL_STATUS_UPDATE_GENERAL - - offline_access - - uma_authorization +del_realms: + - preregistration +mosip: # realm + roles: + - Default + - ABIS_PARTNER + - SDK_PARTNER + - AUTH + - AUTH_PARTNER + - BIOMETRIC_READ + - CENTRAL_ADMIN + - CENTRAL_APPROVER + - CREATE_SHARE + - CREDENTIAL_ISSUANCE + - CREDENTIAL_PARTNER + - CREDENTIAL_REQUEST + - DATA_READ + - DEVICE_PROVIDER + - DOCUMENT_READ + - FTM_PROVIDER + - GLOBAL_ADMIN + - ID_AUTHENTICATION + - ID_REPOSITORY + - INDIVIDUAL + - KEY_MAKER + - MASTERDATA_ADMIN + - METADATA_READ + - MISP + - MISP_PARTNER + - offline_access + - ONLINE_VERIFICATION_PARTNER + - PARTNER + - PARTNER_ADMIN + - PARTNERMANAGER + - PMS_ADMIN + - PMS_USER + - POLICYMANAGER + - PREREG + - PRE_REGISTRATION + - PRE_REGISTRATION_ADMIN + - PRINT_PARTNER + - PUBLISH_ACTIVATE_ID_ALL_INDIVIDUAL + - PUBLISH_ANONYMOUS_PROFILE_GENERAL + - PUBLISH_APIKEY_APPROVED_GENERAL + - PUBLISH_APIKEY_UPDATED_GENERAL + - PUBLISH_AUTHENTICATION_TRANSACTION_STATUS_GENERAL + - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL + - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ALL_INDIVIDUAL + - PUBLISH_CA_CERTIFICATE_UPLOADED_GENERAL + - PUBLISH_CREDENTIAL_ISSUED_ALL_INDIVIDUAL + - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL + - PUBLISH_DEACTIVATE_ID_ALL_INDIVIDUAL + - PUBLISH_IDA_FRAUD_ANALYTICS_GENERAL + - PUBLISH_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL + - PUBLISH_MASTERDATA_TITLES_GENERAL + - PUBLISH_MISP_LICENSE_GENERATED_GENERAL + - PUBLISH_MISP_LICENSE_UPDATED_GENERAL + - PUBLISH_MOSIP_HOTLIST_GENERAL + - PUBLISH_PARTNER_UPDATED_GENERAL + - PUBLISH_POLICY_UPDATED_GENERAL + - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL + - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL + - PUBLISH_REMOVE_ID_ALL_INDIVIDUAL + - PUBLISH_VID_CRED_STATUS_UPDATE_GENERAL + - REGISTRATION_ADMIN + - REGISTRATION_OFFICER + - REGISTRATION_OPERATOR + - REGISTRATION_PROCESSOR + - REGISTRATION_SUPERVISOR + - RESIDENT + - SUBSCRIBE_ACTIVATE_ID_INDIVIDUAL + - SUBSCRIBE_APIKEY_APPROVED_GENERAL + - SUBSCRIBE_APIKEY_UPDATED_GENERAL + - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL + - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_INDIVIDUAL + - SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL + - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL + - SUBSCRIBE_CREDENTIAL_STATUS_UPDATE_GENERAL + - SUBSCRIBE_DEACTIVATE_ID_INDIVIDUAL + - SUBSCRIBE_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL + - SUBSCRIBE_MASTERDATA_TITLES_GENERAL + - SUBSCRIBE_MISP_LICENSE_GENERATED_GENERAL + - SUBSCRIBE_MISP_LICENSE_UPDATED_GENERAL + - SUBSCRIBE_MOSIP_HOTLIST_GENERAL + - SUBSCRIBE_PARTNER_UPDATED_GENERAL + - SUBSCRIBE_POLICY_UPDATED_GENERAL + - SUBSCRIBE_REMOVE_ID_INDIVIDUAL + - SUBSCRIBE_VID_CRED_STATUS_UPDATE_GENERAL + - uma_authorization + - ZONAL_ADMIN + - ZONAL_APPROVER + - HOTLIST_ADMIN + - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL + - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL + clients: + - name: mosip-abis-client + mappers: [] + saroles: [] + - name: mosip-admin-client + mappers: [] + saroles: + - MASTERDATA_ADMIN + - GLOBAL_ADMIN + - PUBLISH_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL + - offline_access + - PUBLISH_MOSIP_HOTLIST_GENERAL + - uma_authorization + - PUBLISH_MASTERDATA_TITLES_GENERAL + - name: mosip-admin-services-client + mappers: [] + saroles: [] + - name: mosip-auth-client + mappers: [] + saroles: + - AUTH + - name: mosip-crereq-client + mappers: [] + saroles: + - CREDENTIAL_ISSUANCE + - CREDENTIAL_REQUEST + - SUBSCRIBE_CREDENTIAL_STATUS_UPDATE_GENERAL + - offline_access + - uma_authorization - - name: mosip-creser-client - mappers: [] - saroles: - - CREDENTIAL_ISSUANCE - - REGISTRATION_PROCESSOR - - POLICYMANAGER - - CREATE_SHARE - - offline_access - - PUBLISH_CREDENTIAL_ISSUED_ALL_INDIVIDUAL - - uma_authorization - - name: mosip-creser-idpass-client - mappers: [] - saroles: - - REGISTRATION_PROCESSOR - - DATA_READ - - DOCUMENT_READ - - BIOMETRIC_READ - - METADATA_READ - - CREATE_SHARE - - CREDENTIAL_REQUEST - - name: mosip-datsha-client - mappers: [] - saroles: - - CREATE_SHARE - - REGISTRATION_PROCESSOR - - POLICYMANAGER + - name: mosip-creser-client + mappers: [] + saroles: + - CREDENTIAL_ISSUANCE + - REGISTRATION_PROCESSOR + - POLICYMANAGER + - CREATE_SHARE + - offline_access + - PUBLISH_CREDENTIAL_ISSUED_ALL_INDIVIDUAL + - uma_authorization + - name: mosip-creser-idpass-client + mappers: [] + saroles: + - REGISTRATION_PROCESSOR + - DATA_READ + - DOCUMENT_READ + - BIOMETRIC_READ + - METADATA_READ + - CREATE_SHARE + - CREDENTIAL_REQUEST + - name: mosip-datsha-client + mappers: [] + saroles: + - CREATE_SHARE + - REGISTRATION_PROCESSOR + - POLICYMANAGER - - name: mosip-ida-client - mappers: [] - saroles: - - CREDENTIAL_REQUEST - - GLOBAL_ADMIN - - ID_AUTHENTICATION - - PARTNERMANAGER # Added only for cert upload using postman during install. Not required otherwise. - - name: mosip-misp-client - mappers: [] - saroles: [] - - name: mosip-partner-client - mappers: - - mapper_name: phoneNumber - mapper_user_attribute: phoneNumber - token_claim_name: phoneNumber - - mapper_name: organizationName - mapper_user_attribute: organizationName - token_claim_name: organizationName - - mapper_name: partnerType - mapper_user_attribute: partnerType - token_claim_name: partnerType - - mapper_name: addressTest - mapper_user_attribute: address - token_claim_name: addressTest - saroles: - - REGISTRATION_PROCESSOR - - CREATE_SHARE - - PMS_USER - - PMS_ADMIN - - PARTNER_ADMIN - - SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL - - PUBLISH_MISP_LICENSE_UPDATED_GENERAL - - PUBLISH_PARTNER_UPDATED_GENERAL - - PUBLISH_MISP_LICENSE_GENERATED_GENERAL - - PUBLISH_APIKEY_APPROVED_GENERAL - - PUBLISH_APIKEY_UPDATED_GENERAL - - PUBLISH_CA_CERTIFICATE_UPLOADED_GENERAL - - PUBLISH_POLICY_UPDATED_GENERAL - - name: mosip-partnermanager-client - mappers: [] - saroles: - - PARTNERMANAGER - - KEY_MAKER - - name: mosip-pms-client - mappers: [] - saroles: - - PARTNER_ADMIN - - name: mosip-policymanager-client - mappers: [] - saroles: [] - - name: mosip-reg-client - mappers: [] - saroles: - - GLOBAL_ADMIN - - REGISTRATION_ADMIN - - REGISTRATION_OFFICER - - REGISTRATION_OPERATOR - - REGISTRATION_SUPERVISOR - - name: mosip-regproc-client - mappers: [] - saroles: - - REGISTRATION_PROCESSOR - - DATA_READ - - DOCUMENT_READ - - BIOMETRIC_READ - - METADATA_READ - - CREATE_SHARE - - CREDENTIAL_REQUEST - - name: mpartner-default-mobile - mappers: [] - saroles: - - CREDENTIAL_PARTNER - - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL - - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL - - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL - - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL - - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL - - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL - - name: mosip-resident-client - mappers: [] - saroles: - - RESIDENT - - PARTNER_ADMIN - - CREDENTIAL_REQUEST - - offline_access - - uma_authorization - - name: mosip-prereg-client - mappers: [] - del_saroles: - - INDIVIDUAL - saroles: - - PREREG - - REGISTRATION_PROCESSOR - - PRE_REGISTRATION_ADMIN - - name: mosip-creser-idpass-client - mappers: [] - saroles: - - REGISTRATION_PROCESSOR - - DATA_READ - - DOCUMENT_READ - - BIOMETRIC_READ - - METADATA_READ - - CREATE_SHARE - - CREDENTIAL_REQUEST - - name: mosip-syncdata-client - mappers: [] - saroles: - - REGISTRATION_ADMIN - - GLOBAL_ADMIN - - SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL - - REGISTRATION_SUPERVISOR - - REGISTRATION_OFFICER - - name: mpartner-default-auth - mappers: - - mapper_name: langCode - mapper_user_attribute: langCode - token_claim_name: langCode - saroles: - - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_INDIVIDUAL - - SUBSCRIBE_POLICY_UPDATED_GENERAL - - SUBSCRIBE_MISP_LICENSE_GENERATED_GENERAL - - CREDENTIAL_REQUEST - - SUBSCRIBE_MOSIP_HOTLIST_GENERAL - - PUBLISH_ANONYMOUS_PROFILE_GENERAL - - SUBSCRIBE_ACTIVATE_ID_INDIVIDUAL - - SUBSCRIBE_REMOVE_ID_INDIVIDUAL - - SUBSCRIBE_MASTERDATA_TITLES_GENERAL - - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL - - SUBSCRIBE_MISP_LICENSE_UPDATED_GENERAL - - ID_AUTHENTICATION - - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL - - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL - - SUBSCRIBE_PARTNER_UPDATED_GENERAL - - offline_access - - SUBSCRIBE_APIKEY_APPROVED_GENERAL - - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL - - SUBSCRIBE_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL - - uma_authorization - - SUBSCRIBE_APIKEY_UPDATED_GENERAL - - SUBSCRIBE_DEACTIVATE_ID_INDIVIDUAL - - SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL - - PUBLISH_AUTHENTICATION_TRANSACTION_STATUS_GENERAL - - PUBLISH_IDA_FRAUD_ANALYTICS_GENERAL - - name: mosip-idrepo-client - mappers: [] - saroles: - - PUBLISH_DEACTIVATE_ID_ALL_INDIVIDUAL - - SUBSCRIBE_VID_CRED_STATUS_UPDATE_GENERAL - - ID_REPOSITORY - - PUBLISH_ACTIVATE_ID_ALL_INDIVIDUAL - - offline_access - - PUBLISH_REMOVE_ID_ALL_INDIVIDUAL - - PUBLISH_AUTHENTICATION_TRANSACTION_STATUS_GENERAL - - uma_authorization - - PUBLISH_VID_CRED_STATUS_UPDATE_GENERAL - - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ALL_INDIVIDUAL - - name: mpartner-default-print - mappers: [] - saroles: - - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL - - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL - - CREATE_SHARE - - PRINT_PARTNER - - name: mosip-hotlist-client - saroles: - - HOTLIST_ADMIN - - uma_authorization - - offline_access - - PUBLISH_MOSIP_HOTLIST_GENERAL - # Used only for initial deployment purposes. Maybe deleted from installation later. - - name: mosip-deployment-client - saroles: - - ID_AUTHENTICATION - - GLOBAL_ADMIN # TODO: do we need this? - - PARTNER_ADMIN - - uma_authorization - - offline_access + - name: mosip-ida-client + mappers: [] + saroles: + - CREDENTIAL_REQUEST + - GLOBAL_ADMIN + - ID_AUTHENTICATION + - PARTNERMANAGER # Added only for cert upload using postman during install. Not required otherwise. + - name: mosip-misp-client + mappers: [] + saroles: [] + - name: mosip-partner-client + mappers: + - mapper_name: phoneNumber + mapper_user_attribute: phoneNumber + token_claim_name: phoneNumber + - mapper_name: organizationName + mapper_user_attribute: organizationName + token_claim_name: organizationName + - mapper_name: partnerType + mapper_user_attribute: partnerType + token_claim_name: partnerType + - mapper_name: addressTest + mapper_user_attribute: address + token_claim_name: addressTest + saroles: + - REGISTRATION_PROCESSOR + - CREATE_SHARE + - PMS_USER + - PMS_ADMIN + - PARTNER_ADMIN + - SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL + - PUBLISH_MISP_LICENSE_UPDATED_GENERAL + - PUBLISH_PARTNER_UPDATED_GENERAL + - PUBLISH_MISP_LICENSE_GENERATED_GENERAL + - PUBLISH_APIKEY_APPROVED_GENERAL + - PUBLISH_APIKEY_UPDATED_GENERAL + - PUBLISH_CA_CERTIFICATE_UPLOADED_GENERAL + - PUBLISH_POLICY_UPDATED_GENERAL + - name: mosip-partnermanager-client + mappers: [] + saroles: + - PARTNERMANAGER + - KEY_MAKER + - name: mosip-pms-client + mappers: [] + saroles: + - PARTNER_ADMIN + - name: mosip-policymanager-client + mappers: [] + saroles: [] + - name: mosip-reg-client + mappers: [] + saroles: + - GLOBAL_ADMIN + - REGISTRATION_ADMIN + - REGISTRATION_OFFICER + - REGISTRATION_OPERATOR + - REGISTRATION_SUPERVISOR + - name: mosip-regproc-client + mappers: [] + saroles: + - REGISTRATION_PROCESSOR + - DATA_READ + - DOCUMENT_READ + - BIOMETRIC_READ + - METADATA_READ + - CREATE_SHARE + - CREDENTIAL_REQUEST + - name: mpartner-default-mobile + mappers: [] + saroles: + - CREDENTIAL_PARTNER + - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL + - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL + - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL + - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL + - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL + - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL + - name: mosip-resident-client + mappers: [] + saroles: + - RESIDENT + - PARTNER_ADMIN + - CREDENTIAL_REQUEST + - offline_access + - uma_authorization + - name: mosip-prereg-client + mappers: [] + del_saroles: + - INDIVIDUAL + saroles: + - PREREG + - REGISTRATION_PROCESSOR + - PRE_REGISTRATION_ADMIN + - name: mosip-creser-idpass-client + mappers: [] + saroles: + - REGISTRATION_PROCESSOR + - DATA_READ + - DOCUMENT_READ + - BIOMETRIC_READ + - METADATA_READ + - CREATE_SHARE + - CREDENTIAL_REQUEST + - name: mosip-syncdata-client + mappers: [] + saroles: + - REGISTRATION_ADMIN + - GLOBAL_ADMIN + - SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL + - REGISTRATION_SUPERVISOR + - REGISTRATION_OFFICER + - name: mpartner-default-auth + mappers: + - mapper_name: langCode + mapper_user_attribute: langCode + token_claim_name: langCode + saroles: + - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_INDIVIDUAL + - SUBSCRIBE_POLICY_UPDATED_GENERAL + - SUBSCRIBE_MISP_LICENSE_GENERATED_GENERAL + - CREDENTIAL_REQUEST + - SUBSCRIBE_MOSIP_HOTLIST_GENERAL + - PUBLISH_ANONYMOUS_PROFILE_GENERAL + - SUBSCRIBE_ACTIVATE_ID_INDIVIDUAL + - SUBSCRIBE_REMOVE_ID_INDIVIDUAL + - SUBSCRIBE_MASTERDATA_TITLES_GENERAL + - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL + - SUBSCRIBE_MISP_LICENSE_UPDATED_GENERAL + - ID_AUTHENTICATION + - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL + - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL + - SUBSCRIBE_PARTNER_UPDATED_GENERAL + - offline_access + - SUBSCRIBE_APIKEY_APPROVED_GENERAL + - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL + - SUBSCRIBE_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL + - uma_authorization + - SUBSCRIBE_APIKEY_UPDATED_GENERAL + - SUBSCRIBE_DEACTIVATE_ID_INDIVIDUAL + - SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL + - PUBLISH_AUTHENTICATION_TRANSACTION_STATUS_GENERAL + - PUBLISH_IDA_FRAUD_ANALYTICS_GENERAL + - name: mosip-idrepo-client + mappers: [] + saroles: + - PUBLISH_DEACTIVATE_ID_ALL_INDIVIDUAL + - SUBSCRIBE_VID_CRED_STATUS_UPDATE_GENERAL + - ID_REPOSITORY + - PUBLISH_ACTIVATE_ID_ALL_INDIVIDUAL + - offline_access + - PUBLISH_REMOVE_ID_ALL_INDIVIDUAL + - PUBLISH_AUTHENTICATION_TRANSACTION_STATUS_GENERAL + - uma_authorization + - PUBLISH_VID_CRED_STATUS_UPDATE_GENERAL + - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ALL_INDIVIDUAL + - name: mpartner-default-print + mappers: [] + saroles: + - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL + - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL + - CREATE_SHARE + - PRINT_PARTNER + - name: mosip-hotlist-client + saroles: + - HOTLIST_ADMIN + - uma_authorization + - offline_access + - PUBLISH_MOSIP_HOTLIST_GENERAL + # Used only for initial deployment purposes. Maybe deleted from installation later. + - name: mosip-deployment-client + saroles: + - ID_AUTHENTICATION + - GLOBAL_ADMIN # TODO: do we need this? + - PARTNER_ADMIN + - uma_authorization + - offline_access - - name: mosip-testrig-client - saroles: - - ID_AUTHENTICATION - - GLOBAL_ADMIN # TODO: do we need this? - - PARTNER_ADMIN - - REGISTRATION_PROCESSOR - - CREATE_SHARE - - PMS_ADMIN - - PMS_USER - - uma_authorization - - offline_access + - name: mosip-testrig-client + saroles: + - ID_AUTHENTICATION + - GLOBAL_ADMIN # TODO: do we need this? + - PARTNER_ADMIN + - REGISTRATION_PROCESSOR + - CREATE_SHARE + - PMS_ADMIN + - PMS_USER + - uma_authorization + - offline_access - users: [] + users: [] ## These will be passed as environments variables to keycloak-init docker. Note the expected naming convention is ## _. If empty secret is passed, it shall be randomly generated ## IMPORTANT: When running import or upgrade: From 7f7584705176dd393bf3ce6c9c5636d4f888a9f8 Mon Sep 17 00:00:00 2001 From: bhumi46 Date: Wed, 11 Mar 2026 15:14:02 +0530 Subject: [PATCH 6/8] [MOSIP-39951] Updated keycloak import and upgrade values.yaml Signed-off-by: bhumi46 --- keycloak-init/keycloak_init.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/keycloak-init/keycloak_init.py b/keycloak-init/keycloak_init.py index 9303d4ff..beeefda9 100755 --- a/keycloak-init/keycloak_init.py +++ b/keycloak-init/keycloak_init.py @@ -725,7 +725,7 @@ def main(): secret_env_name = '%s_secret' % client['name'] secret_env_name = secret_env_name.replace('-', '_') # Compatible with environment variables secret = os.environ.get(secret_env_name) - if secret is None: # Env variable not found + if not secret or not secret.strip(): # Env variable not found or empty print('\n\tSecret environment variable %s not found, generating' % secret_env_name) secret = secrets.token_urlsafe(16) From 07acd9e2401b6707a5e54800772f500fd661961d Mon Sep 17 00:00:00 2001 From: bhumi46 Date: Wed, 11 Mar 2026 15:33:51 +0530 Subject: [PATCH 7/8] [MOSIP-39951] Updated keycloak import and upgrade values.yaml Signed-off-by: bhumi46 --- deploy/import-init-values.yaml | 10 ---------- deploy/upgrade-init-values.yaml | 10 ---------- keycloak-artemis/Dockerfile | 4 ++-- 3 files changed, 2 insertions(+), 22 deletions(-) diff --git a/deploy/import-init-values.yaml b/deploy/import-init-values.yaml index 04895d34..8a0c6417 100644 --- a/deploy/import-init-values.yaml +++ b/deploy/import-init-values.yaml @@ -377,16 +377,6 @@ mosip: - REGISTRATION_PROCESSOR - PRE_REGISTRATION_ADMIN - - name: mosip-creser-idpass-client - mappers: [] - saroles: - - REGISTRATION_PROCESSOR - - DATA_READ - - DOCUMENT_READ - - BIOMETRIC_READ - - METADATA_READ - - CREATE_SHARE - - CREDENTIAL_REQUEST - name: mosip-syncdata-client mappers: [] diff --git a/deploy/upgrade-init-values.yaml b/deploy/upgrade-init-values.yaml index d99f09ad..837e25a9 100644 --- a/deploy/upgrade-init-values.yaml +++ b/deploy/upgrade-init-values.yaml @@ -243,16 +243,6 @@ mosip: # realm - PREREG - REGISTRATION_PROCESSOR - PRE_REGISTRATION_ADMIN - - name: mosip-creser-idpass-client - mappers: [] - saroles: - - REGISTRATION_PROCESSOR - - DATA_READ - - DOCUMENT_READ - - BIOMETRIC_READ - - METADATA_READ - - CREATE_SHARE - - CREDENTIAL_REQUEST - name: mosip-syncdata-client mappers: [] saroles: diff --git a/keycloak-artemis/Dockerfile b/keycloak-artemis/Dockerfile index d9511a17..e2fdf33a 100644 --- a/keycloak-artemis/Dockerfile +++ b/keycloak-artemis/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.io/bitnami/keycloak:16.1.1 +FROM docker.io/mosipid/keycloak:16.1.1 USER root @@ -34,4 +34,4 @@ RUN . /usr/sbin/install_packages acl ca-certificates curl gzip libaio1 libc6 pro USER 1001 ENTRYPOINT [ "/opt/bitnami/scripts/keycloak/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/keycloak/run.sh" ] +CMD [ "/opt/bitnami/scripts/keycloak/run.sh" ] \ No newline at end of file From 7285cf02350d0f4d6a53fe9e5c813ac3657ce82b Mon Sep 17 00:00:00 2001 From: bhumi46 Date: Wed, 11 Mar 2026 15:48:02 +0530 Subject: [PATCH 8/8] [MOSIP-39951] Updated keycloak import and upgrade values.yaml Signed-off-by: bhumi46 --- deploy/upgrade-init-values.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/deploy/upgrade-init-values.yaml b/deploy/upgrade-init-values.yaml index 837e25a9..f721c2fe 100644 --- a/deploy/upgrade-init-values.yaml +++ b/deploy/upgrade-init-values.yaml @@ -354,6 +354,10 @@ clientSecrets: secret: "" - name: mosip_misp_client_secret secret: "" + - name: mosip_partner_client_secret + secret: "" + - name: mosip_partnermanager_client_secret + secret: "" - name: mosip_pms_client_secret secret: "" - name: mosip_policymanager_client_secret @@ -387,6 +391,4 @@ clientSecrets: - name: mpartner_default_digitalcard_secret secret: "" - name: mosip_testrig_client_secret - secret: "" - - name: mpartner_default_template_secret secret: "" \ No newline at end of file