Merge branch 'full-chart'

Your Name · Your Name · commit 1cdd630df582 · 2025-06-02T16:05:02.000Z
diff --git a/charts/opencloud-full/Chart.yaml b/charts/opencloud-full/Chart.yaml
@@ -9,7 +9,7 @@ maintainers:
     email: info@opencloud.eu
     url: https://opencloud.eu
 type: application
-version: 2.0.9
+version: 2.0.10
 # renovate: datasource=docker depName=opencloudeu/opencloud-rolling
 appVersion: 2.3.0
 kubeVersion: ""
diff --git a/charts/opencloud-full/deployments/helm/helmfile.yaml b/charts/opencloud-full/deployments/helm/helmfile.yaml
@@ -65,6 +65,8 @@ releases:
               issuerURI: https://keycloak.opencloud.test/realms/openCloud
               userIDClaim: sub
               userIDClaimAttributeMapping: username
+              roleAssignment:
+                claim: roles
             ldap:
               writeable: true
               uri: ldaps://openldap.openldap.svc.cluster.local:636
diff --git a/charts/opencloud-full/deployments/timoni/configmap.yaml b/charts/opencloud-full/deployments/timoni/configmap.yaml
@@ -40,14 +40,12 @@ data:
   OC_HTTP_API_INSECURE: "true"
 
   ###############################################################################
-  # Keycloak Configuration
+  # Internal Keycloak (for testing only)
   ###############################################################################
-  KEYCLOAK_DOMAIN: "keycloak.opencloud.test"
   KEYCLOAK_ENABLED: "true"
 
-
   ###############################################################################
-  # Minio Configuration
+  # Internal Minio (for testing only)
   ###############################################################################
   MINIO_DOMAIN: "minio.opencloud.test"
   MINIO_ENABLED: "true"
@@ -71,13 +69,15 @@ data:
   ###############################################################################
   # OIDC Configuration
   ###############################################################################
+  KEYCLOAK_DOMAIN: "keycloak.opencloud.test"
   OIDC_ISSUER_URI: "https://keycloak.opencloud.test/realms/openCloud"
   EXTERNAL_USER_MANAGEMENT_ENABLED: "true"
   EXTERNAL_USER_MANAGEMENT_ADMIN_UUID: "0ab77e6d-23b4-4ba3-9843-a3b3efdcfc53"
   AUTOPROVISION_ACCOUNTS_ENABLED: "true"
   AUTOPROVISION_ACCOUNTS_CLAIM_USER_NAME: "sub"
   OIDC_USER_ID_CLAIM: "sub"
   OIDC_USER_ID_CLAIM_ATTRIBUTE_MAPPING: "username"
+  OIDC_ROLE_ASSIGNMENT_CLAIM: "roles"
 
   ###############################################################################
   # Collabora Configuration
diff --git a/charts/opencloud-full/deployments/timoni/opencloud.cue b/charts/opencloud-full/deployments/timoni/opencloud.cue
@@ -19,7 +19,6 @@ bundle: {
                 sync: {
                     timeout: 10
                     createNamespace: true
-                    interval: 1
                 }
                 helmValues: {
                     logging: {
@@ -97,6 +96,9 @@ bundle: {
                                 issuerURI: string @timoni(runtime:string:OIDC_ISSUER_URI)
                                 userIDClaim: string @timoni(runtime:string:OIDC_USER_ID_CLAIM)
                                 userIDClaimAttributeMapping: string @timoni(runtime:string:OIDC_USER_ID_CLAIM_ATTRIBUTE_MAPPING)
+                                roleAssignment: {
+                                    claim: string @timoni(runtime:string:OIDC_ROLE_ASSIGNMENT_CLAIM)
+                                }
                             }
                             ldap: {
                                 writeable: bool @timoni(runtime:bool:LDAP_WRITEABLE)
diff --git a/charts/opencloud-full/deployments/timoni/runtime.cue b/charts/opencloud-full/deployments/timoni/runtime.cue
@@ -71,6 +71,7 @@ runtime: {
                 "AUTOPROVISION_ACCOUNTS_CLAIM_USER_NAME": "obj.data.AUTOPROVISION_ACCOUNTS_CLAIM_USER_NAME"
                 "OIDC_USER_ID_CLAIM": "obj.data.OIDC_USER_ID_CLAIM"
                 "OIDC_USER_ID_CLAIM_ATTRIBUTE_MAPPING": "obj.data.OIDC_USER_ID_CLAIM_ATTRIBUTE_MAPPING"
+                "OIDC_ROLE_ASSIGNMENT_CLAIM": "obj.data.OIDC_ROLE_ASSIGNMENT_CLAIM"
                 "LDAP_WRITEABLE": "obj.data.LDAP_WRITEABLE"
                 "LDAP_INSECURE": "obj.data.LDAP_INSECURE"
                 "LDAP_BIND_DN": "obj.data.LDAP_BIND_DN"
@@ -157,6 +158,7 @@ runtime: {
         AUTOPROVISION_ACCOUNTS_CLAIM_USER_NAME: "sub"
         OIDC_USER_ID_CLAIM: "sub"
         OIDC_USER_ID_CLAIM_ATTRIBUTE_MAPPING: "username"
+        OIDC_ROLE_ASSIGNMENT_CLAIM: "roles"
         LDAP_WRITEABLE: true
         LDAP_INSECURE: true
         LDAP_BIND_DN: "cn=admin,dc=opencloud,dc=eu"
