feat: manual only deployment

helm/airflow/values.yaml

@@ -32,33 +32,10 @@ apiServer:
           "access_token_url": "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/airflow-realm/protocol/openid-connect/token",
           "authorize_url": "http://keycloak.49.13.143.254.nip.io/auth/realms/airflow-realm/protocol/openid-connect/auth",
           "jwks_uri": "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/airflow-realm/protocol/openid-connect/certs",
-          "userinfo_endpoint": "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/airflow-realm/protocol/openid-connect/userinfo",
           "client_kwargs": {
             "scope": "openid email profile",
-            "verify": False
+            "token_endpoint_auth_method": "client_secret_post"
           }
         }
       }
     ]
-
-    from airflow.www.security import AirflowSecurityManager
-    from flask_appbuilder.security.manager import AUTH_OAUTH
-    import jwt
-    import logging
-
-    class CustomSecurityManager(AirflowSecurityManager):
-        def oauth_user_info(self, provider, response=None):
-            if provider == "keycloak":
-                token = response.get("access_token")
-                data = jwt.decode(token, options={"verify_signature": False})
-                logging.debug("Keycloak user info: %s", data)
-                return {
-                    "username": data.get("preferred_username", ""),
-                    "first_name": data.get("given_name", ""),
-                    "last_name": data.get("family_name", ""),
-                    "email": data.get("email", ""),
-                    "role_keys": data.get("roles", []),
-                }
-            return {}
-
-    SECURITY_MANAGER_CLASS = CustomSecurityManager