Add new properties to CRDs
This commit is contained in:
parent
28381df56e
commit
fc6f1632da
9 changed files with 538 additions and 28 deletions
|
@ -20,22 +20,98 @@ import (
|
|||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN!
|
||||
// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.
|
||||
|
||||
// KeycloakClientSpec defines the desired state of KeycloakClient
|
||||
type KeycloakClientSpec struct {
|
||||
// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
|
||||
// Important: Run "make" to regenerate code after modifying this file
|
||||
// +kubebuilder:validation:Required
|
||||
// Name of the Realm the client should be created in
|
||||
RealmName string `json:"realmName"`
|
||||
|
||||
// Foo is an example field of KeycloakClient. Edit KeycloakClient_types.go to remove/update
|
||||
Foo string `json:"foo,omitempty"`
|
||||
// +kubebuilder:validation:Required
|
||||
// ClientID is the alphanumeric identifier of the client in a realm.
|
||||
ClientID string `json:"clientId"`
|
||||
|
||||
// If the client is enabled and active
|
||||
Enabled *bool `json:"enabled,omitempty"`
|
||||
|
||||
// Displayed Name of the Client
|
||||
Name *string `json:"name,omitempty"`
|
||||
|
||||
// Human Readable description
|
||||
Description *string `json:"description,omitempty"`
|
||||
|
||||
// Protocol, either 'openid-connect' or 'saml'
|
||||
Protocol *string `json:"protocol,omitempty"`
|
||||
|
||||
// How should Clients authenticate to the server? either 'client-secret' or 'client-jwt'.
|
||||
ClientAuthenticatorType *string `json:"clientAuthenticatorType,omitempty"`
|
||||
|
||||
// Are direct access grants enabled for this client or not (OpenID connect).
|
||||
DirectAccessGrantsEnabled *bool `json:"directAccessGrantsEnabled,omitempty"`
|
||||
|
||||
// Is the access type for this client public or not.
|
||||
PublicClient *bool `json:"publicClient,omitempty"`
|
||||
|
||||
// Enable implicit flow for this client or not (OpenID connect).
|
||||
ImplicitFlowEnabled *bool `json:"implicitFlowEnabled,omitempty"`
|
||||
|
||||
// Enable standard flow for this client or not (OpenID connect).
|
||||
StandardFlowEnabled *bool `json:"standardFlowEnabled,omitempty"`
|
||||
|
||||
// Are service accounts enabled for this client or not (OpenID connect).
|
||||
ServiceAccountsEnabled *bool `json:"serviceAccountsEnabled,omitempty"`
|
||||
|
||||
// Used for authentication when registering new clients
|
||||
RegistrationAccessToken *string `json:"registrationAccessToken,omitempty"`
|
||||
|
||||
// Whether or not surrogate auth is required.
|
||||
SurrogateAuthRequired *bool `json:"surrogateAuthRequired,omitempty"`
|
||||
|
||||
// The access type of this client is bearer-only.
|
||||
BearerOnly *bool `json:"bearerOnly,omitempty"`
|
||||
|
||||
// If enabled, users have to consent to client access.
|
||||
ConsentRequired *bool `json:"consentRequired,omitempty"`
|
||||
|
||||
// Which client scopes chould be granted by default, even without
|
||||
// specifying them.
|
||||
DefaultClientScopes *[]string `json:"defaultClientScopes,omitempty"`
|
||||
|
||||
// Which additional scopes can be specified by the client
|
||||
OptionalClientScopes *[]string `json:"optionalClientScopes,omitempty"`
|
||||
|
||||
// Default URL to use when the auth server needs to redirect or link back to the client
|
||||
BaseURL *string `json:"baseUrl,omitempty"`
|
||||
|
||||
// Root URL appended to relative URLs for this client
|
||||
RootURL *string `json:"rootUrl,omitempty"`
|
||||
|
||||
// URL to the admin interface of the client
|
||||
AdminURL *string `json:"adminUrl,omitempty"`
|
||||
|
||||
// URL to the admin interface of the client
|
||||
RedirectURIs *[]string `json:"redirectUris,omitempty"`
|
||||
|
||||
// List of allowed CORS origins
|
||||
WebOrigins *[]string `json:"webOrigins,omitempty"`
|
||||
|
||||
// +kubebuilder:validation:Optional
|
||||
// A client Secret is not always required
|
||||
Secret *KeycloakClientSecret `json:"secret,omitempty"`
|
||||
}
|
||||
|
||||
// KeycloakClientSecret contains the Secret storing the Client Secret
|
||||
type KeycloakClientSecret struct {
|
||||
// +kubebuilder:validation:Required
|
||||
// Name of the Secret containing the client Secret.
|
||||
Name string `json:"name"`
|
||||
// +kubebuilder:default:=password
|
||||
// Key of the attribute, that holds the value in the Secret.
|
||||
Key string `json:"key,omitempty"`
|
||||
}
|
||||
|
||||
// KeycloakClientStatus defines the observed state of KeycloakClient
|
||||
type KeycloakClientStatus struct {
|
||||
// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
|
||||
// Important: Run "make" to regenerate code after modifying this file
|
||||
Available bool `json:"available"`
|
||||
}
|
||||
|
||||
// +kubebuilder:object:root=true
|
||||
|
|
|
@ -22,11 +22,14 @@ import (
|
|||
|
||||
// KeycloakRealmSpec defines the desired state of KeycloakRealm
|
||||
type KeycloakRealmSpec struct {
|
||||
// +kubebuilder:validation:Required
|
||||
// RealmName is the name and public identifier of the Realm
|
||||
RealmName string `json:"realmName"`
|
||||
|
||||
// Secret containing SMTP configuration
|
||||
SMTPSecretName string `json:"smtpSecretName,omitempty"`
|
||||
// If the realm is enabled and active
|
||||
Enabled *bool `json:"enabled,omitempty"`
|
||||
|
||||
SMTP *KeycloakRealmSMTP `json:"smtp,omitempty"`
|
||||
|
||||
// name shown to the user
|
||||
DisplayName *string `json:"displayName,omitempty"`
|
||||
|
@ -54,10 +57,69 @@ type KeycloakRealmSpec struct {
|
|||
RememberMe *bool `json:"rememberMe,omitempty"`
|
||||
}
|
||||
|
||||
// KeycloakRealmSMTP contains information about the SMTP server used to send
|
||||
// transactional mail (for registration and password reset).
|
||||
type KeycloakRealmSMTP struct {
|
||||
// auth: "true"
|
||||
// from: noreply@bitmask.me
|
||||
// fromDisplayName: Bitmask Accounts
|
||||
// host: email-smtp.eu-west-1.amazonaws.com
|
||||
// password: '**********'
|
||||
// port: "587"
|
||||
// ssl: "false"
|
||||
// starttls: "true"
|
||||
// user: XXXXXXXXXXXXXXXXXXXX
|
||||
|
||||
// +kubebuilder:default:=true
|
||||
// If authentication should be used
|
||||
Auth bool `json:"auth,omitempty"`
|
||||
|
||||
// From which address the emails will be sent, takes precedence
|
||||
// over the attribute defined in the secret.
|
||||
From string `json:"from,omitempty"`
|
||||
|
||||
// From which NAME the email should originate.
|
||||
FromDisplayName string `json:"fromDisplayName,omitempty"`
|
||||
|
||||
Secret *KeycloakRealmSMTPSecret `json:"secret,omitempty"`
|
||||
}
|
||||
|
||||
// KeycloakRealmSMTPSecret contains Credentials for connecting to a SMTP
|
||||
// Server.
|
||||
type KeycloakRealmSMTPSecret struct {
|
||||
|
||||
// +kubebuilder:validation:Required
|
||||
// Secret containing SMTP configuration
|
||||
Name string `json:"name"`
|
||||
|
||||
// +kubebuilder:default:=host
|
||||
// Key of the host attribute
|
||||
HostKey string `json:"hostKey,omitempty"`
|
||||
|
||||
// +kubebuilder:default:=port
|
||||
// Key of the port attribute
|
||||
PortKey string `json:"portKey,omitempty"`
|
||||
|
||||
// +kubebuilder:default:=ssl
|
||||
// Key of the ssl attribute
|
||||
SSLKey string `json:"sslKey,omitempty"`
|
||||
|
||||
// +kubebuilder:default:=starttls
|
||||
// Key of the starttls attribute
|
||||
StartTLSKey string `json:"startTLSKey,omitempty"`
|
||||
|
||||
// +kubebuilder:default:=username
|
||||
// Key of the username attribute
|
||||
UsernameKey string `json:"usernameKey,omitempty"`
|
||||
|
||||
// +kubebuilder:default:=from
|
||||
// Key of the from attribute, contains the mail address that email will be sent from.
|
||||
FromKey string `json:"fromKey,omitempty"`
|
||||
}
|
||||
|
||||
// KeycloakRealmStatus defines the observed state of KeycloakRealm
|
||||
type KeycloakRealmStatus struct {
|
||||
Available bool `json:"available"`
|
||||
ID string `json:"id"`
|
||||
Available bool `json:"available"`
|
||||
}
|
||||
|
||||
// +kubebuilder:object:root=true
|
||||
|
|
|
@ -29,7 +29,7 @@ func (in *KeycloakClient) DeepCopyInto(out *KeycloakClient) {
|
|||
*out = *in
|
||||
out.TypeMeta = in.TypeMeta
|
||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
||||
out.Spec = in.Spec
|
||||
in.Spec.DeepCopyInto(&out.Spec)
|
||||
out.Status = in.Status
|
||||
}
|
||||
|
||||
|
@ -83,9 +83,150 @@ func (in *KeycloakClientList) DeepCopyObject() runtime.Object {
|
|||
return nil
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *KeycloakClientSecret) DeepCopyInto(out *KeycloakClientSecret) {
|
||||
*out = *in
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeycloakClientSecret.
|
||||
func (in *KeycloakClientSecret) DeepCopy() *KeycloakClientSecret {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(KeycloakClientSecret)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *KeycloakClientSpec) DeepCopyInto(out *KeycloakClientSpec) {
|
||||
*out = *in
|
||||
if in.Enabled != nil {
|
||||
in, out := &in.Enabled, &out.Enabled
|
||||
*out = new(bool)
|
||||
**out = **in
|
||||
}
|
||||
if in.Name != nil {
|
||||
in, out := &in.Name, &out.Name
|
||||
*out = new(string)
|
||||
**out = **in
|
||||
}
|
||||
if in.Description != nil {
|
||||
in, out := &in.Description, &out.Description
|
||||
*out = new(string)
|
||||
**out = **in
|
||||
}
|
||||
if in.Protocol != nil {
|
||||
in, out := &in.Protocol, &out.Protocol
|
||||
*out = new(string)
|
||||
**out = **in
|
||||
}
|
||||
if in.ClientAuthenticatorType != nil {
|
||||
in, out := &in.ClientAuthenticatorType, &out.ClientAuthenticatorType
|
||||
*out = new(string)
|
||||
**out = **in
|
||||
}
|
||||
if in.DirectAccessGrantsEnabled != nil {
|
||||
in, out := &in.DirectAccessGrantsEnabled, &out.DirectAccessGrantsEnabled
|
||||
*out = new(bool)
|
||||
**out = **in
|
||||
}
|
||||
if in.PublicClient != nil {
|
||||
in, out := &in.PublicClient, &out.PublicClient
|
||||
*out = new(bool)
|
||||
**out = **in
|
||||
}
|
||||
if in.ImplicitFlowEnabled != nil {
|
||||
in, out := &in.ImplicitFlowEnabled, &out.ImplicitFlowEnabled
|
||||
*out = new(bool)
|
||||
**out = **in
|
||||
}
|
||||
if in.StandardFlowEnabled != nil {
|
||||
in, out := &in.StandardFlowEnabled, &out.StandardFlowEnabled
|
||||
*out = new(bool)
|
||||
**out = **in
|
||||
}
|
||||
if in.ServiceAccountsEnabled != nil {
|
||||
in, out := &in.ServiceAccountsEnabled, &out.ServiceAccountsEnabled
|
||||
*out = new(bool)
|
||||
**out = **in
|
||||
}
|
||||
if in.RegistrationAccessToken != nil {
|
||||
in, out := &in.RegistrationAccessToken, &out.RegistrationAccessToken
|
||||
*out = new(string)
|
||||
**out = **in
|
||||
}
|
||||
if in.SurrogateAuthRequired != nil {
|
||||
in, out := &in.SurrogateAuthRequired, &out.SurrogateAuthRequired
|
||||
*out = new(bool)
|
||||
**out = **in
|
||||
}
|
||||
if in.BearerOnly != nil {
|
||||
in, out := &in.BearerOnly, &out.BearerOnly
|
||||
*out = new(bool)
|
||||
**out = **in
|
||||
}
|
||||
if in.ConsentRequired != nil {
|
||||
in, out := &in.ConsentRequired, &out.ConsentRequired
|
||||
*out = new(bool)
|
||||
**out = **in
|
||||
}
|
||||
if in.DefaultClientScopes != nil {
|
||||
in, out := &in.DefaultClientScopes, &out.DefaultClientScopes
|
||||
*out = new([]string)
|
||||
if **in != nil {
|
||||
in, out := *in, *out
|
||||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
}
|
||||
if in.OptionalClientScopes != nil {
|
||||
in, out := &in.OptionalClientScopes, &out.OptionalClientScopes
|
||||
*out = new([]string)
|
||||
if **in != nil {
|
||||
in, out := *in, *out
|
||||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
}
|
||||
if in.BaseURL != nil {
|
||||
in, out := &in.BaseURL, &out.BaseURL
|
||||
*out = new(string)
|
||||
**out = **in
|
||||
}
|
||||
if in.RootURL != nil {
|
||||
in, out := &in.RootURL, &out.RootURL
|
||||
*out = new(string)
|
||||
**out = **in
|
||||
}
|
||||
if in.AdminURL != nil {
|
||||
in, out := &in.AdminURL, &out.AdminURL
|
||||
*out = new(string)
|
||||
**out = **in
|
||||
}
|
||||
if in.RedirectURIs != nil {
|
||||
in, out := &in.RedirectURIs, &out.RedirectURIs
|
||||
*out = new([]string)
|
||||
if **in != nil {
|
||||
in, out := *in, *out
|
||||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
}
|
||||
if in.WebOrigins != nil {
|
||||
in, out := &in.WebOrigins, &out.WebOrigins
|
||||
*out = new([]string)
|
||||
if **in != nil {
|
||||
in, out := *in, *out
|
||||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
}
|
||||
if in.Secret != nil {
|
||||
in, out := &in.Secret, &out.Secret
|
||||
*out = new(KeycloakClientSecret)
|
||||
**out = **in
|
||||
}
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeycloakClientSpec.
|
||||
|
@ -172,9 +313,54 @@ func (in *KeycloakRealmList) DeepCopyObject() runtime.Object {
|
|||
return nil
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *KeycloakRealmSMTP) DeepCopyInto(out *KeycloakRealmSMTP) {
|
||||
*out = *in
|
||||
if in.Secret != nil {
|
||||
in, out := &in.Secret, &out.Secret
|
||||
*out = new(KeycloakRealmSMTPSecret)
|
||||
**out = **in
|
||||
}
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeycloakRealmSMTP.
|
||||
func (in *KeycloakRealmSMTP) DeepCopy() *KeycloakRealmSMTP {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(KeycloakRealmSMTP)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *KeycloakRealmSMTPSecret) DeepCopyInto(out *KeycloakRealmSMTPSecret) {
|
||||
*out = *in
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeycloakRealmSMTPSecret.
|
||||
func (in *KeycloakRealmSMTPSecret) DeepCopy() *KeycloakRealmSMTPSecret {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(KeycloakRealmSMTPSecret)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *KeycloakRealmSpec) DeepCopyInto(out *KeycloakRealmSpec) {
|
||||
*out = *in
|
||||
if in.Enabled != nil {
|
||||
in, out := &in.Enabled, &out.Enabled
|
||||
*out = new(bool)
|
||||
**out = **in
|
||||
}
|
||||
if in.SMTP != nil {
|
||||
in, out := &in.SMTP, &out.SMTP
|
||||
*out = new(KeycloakRealmSMTP)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
if in.DisplayName != nil {
|
||||
in, out := &in.DisplayName, &out.DisplayName
|
||||
*out = new(string)
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue