From fa8dccaa0eeb74f8178c5ad1c865779cd821adc6 Mon Sep 17 00:00:00 2001
From: Brandon Williams <brandon.williams@amazee.io>
Date: Mon, 9 Sep 2024 14:52:45 -0500
Subject: [PATCH] feat: add support for setting keycloak redirect URIs for
 lagoon UI

---
 charts/lagoon-core/Chart.yaml                         | 8 +++-----
 charts/lagoon-core/templates/keycloak.deployment.yaml | 8 ++++++++
 charts/lagoon-core/values.yaml                        | 2 ++
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml
index 83d88a6ba..6b021086a 100644
--- a/charts/lagoon-core/Chart.yaml
+++ b/charts/lagoon-core/Chart.yaml
@@ -21,7 +21,7 @@ type: application
 # time you make changes to the chart and its templates, including the app
 # version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.47.0
+version: 1.48.0
 
 # This is the version number of the application being deployed. This version
 # number should be incremented each time you make changes to the application.
@@ -40,7 +40,5 @@ dependencies:
 # Valid supported kinds are added, changed, deprecated, removed, fixed and security
 annotations:
   artifacthub.io/changes: |
-    - kind: changed
-      description: add support for injecting hostkeys in core ssh service
-    - kind: changed
-      description: update Lagoon appVersion to v2.20.1
+    - kind: added
+      description: add support for setting keycloak redirect URIs for lagoon UI
diff --git a/charts/lagoon-core/templates/keycloak.deployment.yaml b/charts/lagoon-core/templates/keycloak.deployment.yaml
index 5392589e7..bc00ecaaa 100644
--- a/charts/lagoon-core/templates/keycloak.deployment.yaml
+++ b/charts/lagoon-core/templates/keycloak.deployment.yaml
@@ -53,6 +53,14 @@ spec:
         - name: KEYCLOAK_ADMIN_EMAIL
           value: {{ . | quote }}
         {{- end }}
+        - name: KEYCLOAK_LAGOON_UI_CLIENT_REDIRECT_URIS
+        {{- if .Values.keycloakLagoonUIClientRedirectUris }}
+        value: {{ .Values.keycloakLagoonUIClientRedirectUris | quote }}
+        {{- else if .Values.lagoonUIURL }}
+        value: {{ .Values.lagoonUIURL | quote }}/*
+        {{- else }}
+        value: https://{{ index .Values.ui.ingress.hosts 0 "host" }}/*
+        {{- end }}
         - name: LAGOON_DB_HOST
           value: {{ include "lagoon-core.apiDB.fullname" . }}
         - name: LAGOON_DB_VENDOR
diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml
index 4b4a38eac..811c5b17a 100644
--- a/charts/lagoon-core/values.yaml
+++ b/charts/lagoon-core/values.yaml
@@ -67,6 +67,8 @@ k8upS3Endpoint: ""
 keycloakAdminUser: admin
 # this is required if email sending is to be enabled in keycloak
 # keycloakAdminEmail: admin@example.com
+# Override list of valid UI Redirect URIs
+# keycloakLagoonUIClientRedirectUris: https://ui.example.com/*,https://dev-ui.example.com/*
 
 buildDeployImage:
   edge: