images/keycloak-operator
7
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add new properties to CRDs

Browse source
This commit is contained in:
paul 2021-01-11 04:21:29 +01:00
commit fc6f1632da
9 changed files with 538 additions and 28 deletions

107
config/crd/bases/keycloak.bitmask.me_keycloakclients.yaml
View file

@ -36,13 +36,114 @@ spec:
spec:
description: KeycloakClientSpec defines the desired state of KeycloakClient
properties:
foo:
description: Foo is an example field of KeycloakClient. Edit KeycloakClient_types.go
to remove/update
adminUrl:
description: URL to the admin interface of the client
type: string
baseUrl:
description: Default URL to use when the auth server needs to redirect
or link back to the client
type: string
bearerOnly:
description: The access type of this client is bearer-only.
type: boolean
clientAuthenticatorType:
description: How should Clients authenticate to the server? either
'client-secret' or 'client-jwt'.
type: string
clientId:
description: ClientID is the alphanumeric identifier of the client
in a realm.
type: string
consentRequired:
description: If enabled, users have to consent to client access.
type: boolean
defaultClientScopes:
description: Which client scopes chould be granted by default, even
without specifying them.
items:
type: string
type: array
description:
description: Human Readable description
type: string
directAccessGrantsEnabled:
description: Are direct access grants enabled for this client or not
(OpenID connect).
type: boolean
enabled:
description: If the client is enabled and active
type: boolean
implicitFlowEnabled:
description: Enable implicit flow for this client or not (OpenID connect).
type: boolean
name:
description: Displayed Name of the Client
type: string
optionalClientScopes:
description: Which additional scopes can be specified by the client
items:
type: string
type: array
protocol:
description: Protocol, either 'openid-connect' or 'saml'
type: string
publicClient:
description: Is the access type for this client public or not.
type: boolean
realmName:
description: Name of the Realm the client should be created in
type: string
redirectUris:
description: URL to the admin interface of the client
items:
type: string
type: array
registrationAccessToken:
description: Used for authentication when registering new clients
type: string
rootUrl:
description: Root URL appended to relative URLs for this client
type: string
secret:
description: A client Secret is not always required
properties:
key:
default: password
description: Key of the attribute, that holds the value in the
Secret.
type: string
name:
description: Name of the Secret containing the client Secret.
type: string
required:
- name
type: object
serviceAccountsEnabled:
description: Are service accounts enabled for this client or not (OpenID
connect).
type: boolean
standardFlowEnabled:
description: Enable standard flow for this client or not (OpenID connect).
type: boolean
surrogateAuthRequired:
description: Whether or not surrogate auth is required.
type: boolean
webOrigins:
description: List of allowed CORS origins
items:
type: string
type: array
required:
- clientId
- realmName
type: object
status:
description: KeycloakClientStatus defines the observed state of KeycloakClient
properties:
available:
type: boolean
required:
- available
type: object
type: object
served: true

61
config/crd/bases/keycloak.bitmask.me_keycloakrealms.yaml
View file

@ -49,6 +49,9 @@ spec:
description: if the user should be able to change their username after
account creation
type: boolean
enabled:
description: If the realm is enabled and active
type: boolean
loginTheme:
description: the name of the Theme used for the login pages
type: string
@ -74,9 +77,58 @@ spec:
resetPasswordAllowed:
description: if the user is allowed to use the reset password flow
type: boolean
smtpSecretName:
description: Secret containing SMTP configuration
type: string
smtp:
description: KeycloakRealmSMTP contains information about the SMTP
server used to send transactional mail (for registration and password
reset).
properties:
auth:
default: true
description: If authentication should be used
type: boolean
from:
description: From which address the emails will be sent, takes
precedence over the attribute defined in the secret.
type: string
fromDisplayName:
description: From which NAME the email should originate.
type: string
secret:
description: KeycloakRealmSMTPSecret contains Credentials for
connecting to a SMTP Server.
properties:
fromKey:
default: from
description: Key of the from attribute, contains the mail
address that email will be sent from.
type: string
hostKey:
default: host
description: Key of the host attribute
type: string
name:
description: Secret containing SMTP configuration
type: string
portKey:
default: port
description: Key of the port attribute
type: string
sslKey:
default: ssl
description: Key of the ssl attribute
type: string
startTLSKey:
default: starttls
description: Key of the starttls attribute
type: string
usernameKey:
default: username
description: Key of the username attribute
type: string
required:
- name
type: object
type: object
verifyEmail:
description: if emails should be verified before the user can log
into their account
@ -89,11 +141,8 @@ spec:
properties:
available:
type: boolean
id:
type: string
required:
- available
- id
type: object
type: object
served: true

26
config/rbac/role.yaml
View file

@ -6,6 +6,32 @@ metadata:
creationTimestamp: null
name: manager-role
rules:
- apiGroups:
- keycloak.bitmask.me
resources:
- keycloakclients
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- keycloak.bitmask.me
resources:
- keycloakclients/finalizers
verbs:
- update
- apiGroups:
- keycloak.bitmask.me
resources:
- keycloakclients/status
verbs:
- get
- patch
- update
- apiGroups:
- keycloak.bitmask.me
resources: