Is sso_secret working?

[finkandreas]

Version
Pulp operator helm chart version 0.1.0
Image in use: quay.io/pulp/pulp-operator:v1.0.0-beta.4 (default)
Pulp image in use: quay.io/pulp/pulp-minimal:stable (default)

Describe the bug
Not sure where to start, there are many issues with sso_secret. Let's start with the obvious ones:

• It is nowhere documented what the required/accepted keys of sso_secret are. Looking at the code I could at least find this at https://github.com/pulp/pulp-operator/blob/main/controllers/repo_manager/sso.go#L37
• Setting the key sso_secret, and creating the secret in kubernetes, it will generate a settings.py, however the settings.py is not stable, and the pulp operator creates always a new deployment. It is not stable because of https://github.com/pulp/pulp-operator/blob/main/controllers/repo_manager/sso.go#L64, which is not a stable iteration (keys will be iterated by design in random order).
• Assuming that settings.py would be stable, how does this match with the documentation at https://pulpproject.org/pulpcore/docs/admin/guides/auth/keycloak/? There it seems that the variables SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL and SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL should be set, not any of the keycloak_* variables.
• I have not seen any code in the operator that would take care of all the other relevant settings needed to make SSO work, i.e. the settings for INSTALLED_APPS, AUTHENTICATION_BACKENDS, TEMPLATES, SOCIAL_AUTH_PIPELINE, also in https://github.com/pulp/pulp-operator/blob/main/config/samples/simple-sso.yaml there is no mention of them.

To Reproduce
Set sso_secret, and have a valid secret in kubernetes

Expected behavior
I would hope that the operator makes SSO work with keycloak and sets all the necessary variables (or the documentation is improved to clearly state that it is up to the user to do so)

Additional context
My goal is to install goal with keycloak as primary authentication source.