fix: default keycloak realm envs (#455)

chance-coleman · web-flow · commit 3a2b48fefb11 · 2024-06-06T09:55:14.000-06:00
## Description Updating default values for keycloak realm settings, identity-config realm.json files now use default values in the realm.json so there is no need for default values to live in uds-core. So removed those default values and instead added a comment block of values that could be used to override the default values. ## Related Issue [Relates to this uds-identity-config PR](defenseunicorns/uds-identity-config#95) ## Type of change - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request) followed
diff --git a/src/keycloak/chart/values.yaml b/src/keycloak/chart/values.yaml
@@ -15,12 +15,20 @@ domain: "###ZARF_VAR_DOMAIN###"
 # The primary Keycloak realm
 realm: uds
 
-# UDS Identity Config Environment Variables. More info here: https://github.com/defenseunicorns/uds-identity-config/blob/main/docs/CUSTOMIZE.md#templated-realm-values
+# UDS Identity Config Realm Environment Variables. More info here: https://github.com/defenseunicorns/uds-identity-config/blob/main/docs/CUSTOMIZE.md#templated-realm-values
 realmInitEnv:
   GOOGLE_IDP_ENABLED: false
-  # Other UDS Identity Config fields that will be used in the realm.json initalization of keycloak
-  # GOOGLE_IDP_CLIENTID: ""
-  # GOOGLE_IDP_CLIENT_SECRET: ""
+#   GOOGLE_IDP_ID: ""
+#   GOOGLE_IDP_SIGNING_CERT: ""
+#   GOOGLE_IDP_NALE_ID_FORMAT: ""
+#   GOOGLE_IDP_CORE_ENTITY_ID: ""
+#   GOOGLE_IDP_ADMIN_GROUP: ""
+#   GOOGLE_IDP_AUDITOR_GROUP: ""
+#   PASSWORD_POLICY: "hashAlgorithm(pbkdf2-sha256) and forceExpiredPasswordChange(90) and specialChars(2) and lowerCase(0) and upperCase(0) and passwordHistory(5) and length(12) and notUsername(undefined) and digits(0)"
+#   EMAIL_VERIFICATION_ENABLED: true
+#   OTP_ENABLED: true
+#   TERMS_AND_CONDITIONS_ENABLED: true
+#   REALM_X509_OCSP_FAIL_OPEN: true
 
 # Generates an initial password for first admin user - only use if install is headless
 # (i.e. cannot hit keycloak UI with `zarf connect keycloak`), password should be changed after initial login
