From 41cd3b84e68ce0e62b4fce38d4fe0c3a55546d33 Mon Sep 17 00:00:00 2001 From: Gottox Date: Tue, 5 Nov 2024 22:56:23 +0000 Subject: [PATCH] automatic pipeline release at withlazers/rustcloak-operator v0.1.0 Source: https://github.com/withlazers/rustcloak-operator/commit/daa54ac639d2caf75d1f1e7c0481ab193b634876 --- charts/rustcloak-operator/.helmignore | 23 + charts/rustcloak-operator/Chart.yaml | 13 + ...akapiobjects.rustcloak.k8s.eboland.de.yaml | 179 ++ ...icationflows.rustcloak.k8s.eboland.de.yaml | 133 + ...catorconfigs.rustcloak.k8s.eboland.de.yaml | 95 + ...cloakclients.rustcloak.k8s.eboland.de.yaml | 883 +++++++ ...clientscopes.rustcloak.k8s.eboland.de.yaml | 133 + ...akcomponents.rustcloak.k8s.eboland.de.yaml | 109 + ...ycloakgroups.rustcloak.k8s.eboland.de.yaml | 124 + ...vidermappers.rustcloak.k8s.eboland.de.yaml | 101 + ...ityproviders.rustcloak.k8s.eboland.de.yaml | 137 + ...oakinstances.rustcloak.k8s.eboland.de.yaml | 109 + ...rganizations.rustcloak.k8s.eboland.de.yaml | 466 ++++ ...tocolmappers.rustcloak.k8s.eboland.de.yaml | 112 + ...ycloakrealms.rustcloak.k8s.eboland.de.yaml | 2314 +++++++++++++++++ ...ionproviders.rustcloak.k8s.eboland.de.yaml | 108 + ...oakresources.rustcloak.k8s.eboland.de.yaml | 274 ++ ...eycloakroles.rustcloak.k8s.eboland.de.yaml | 140 + ...ycloakscopes.rustcloak.k8s.eboland.de.yaml | 251 ++ ...eycloakusers.rustcloak.k8s.eboland.de.yaml | 371 +++ charts/rustcloak-operator/templates/NOTES.txt | 1 + .../rustcloak-operator/templates/_helpers.tpl | 62 + .../templates/clusterrole.yaml | 84 + .../templates/clusterrolebinding.yaml | 20 + .../templates/deployment.yaml | 72 + .../templates/serviceaccount.yaml | 13 + .../rustcloak-operator/values-minikube.yaml | 7 + charts/rustcloak-operator/values.yaml | 58 + 28 files changed, 6392 insertions(+) create mode 100644 charts/rustcloak-operator/.helmignore create mode 100644 charts/rustcloak-operator/Chart.yaml create mode 100644 charts/rustcloak-operator/crds/keycloakapiobjects.rustcloak.k8s.eboland.de.yaml create mode 100644 charts/rustcloak-operator/crds/keycloakauthenticationflows.rustcloak.k8s.eboland.de.yaml create mode 100644 charts/rustcloak-operator/crds/keycloakauthenticatorconfigs.rustcloak.k8s.eboland.de.yaml create mode 100644 charts/rustcloak-operator/crds/keycloakclients.rustcloak.k8s.eboland.de.yaml create mode 100644 charts/rustcloak-operator/crds/keycloakclientscopes.rustcloak.k8s.eboland.de.yaml create mode 100644 charts/rustcloak-operator/crds/keycloakcomponents.rustcloak.k8s.eboland.de.yaml create mode 100644 charts/rustcloak-operator/crds/keycloakgroups.rustcloak.k8s.eboland.de.yaml create mode 100644 charts/rustcloak-operator/crds/keycloakidentityprovidermappers.rustcloak.k8s.eboland.de.yaml create mode 100644 charts/rustcloak-operator/crds/keycloakidentityproviders.rustcloak.k8s.eboland.de.yaml create mode 100644 charts/rustcloak-operator/crds/keycloakinstances.rustcloak.k8s.eboland.de.yaml create mode 100644 charts/rustcloak-operator/crds/keycloakorganizations.rustcloak.k8s.eboland.de.yaml create mode 100644 charts/rustcloak-operator/crds/keycloakprotocolmappers.rustcloak.k8s.eboland.de.yaml create mode 100644 charts/rustcloak-operator/crds/keycloakrealms.rustcloak.k8s.eboland.de.yaml create mode 100644 charts/rustcloak-operator/crds/keycloakrequiredactionproviders.rustcloak.k8s.eboland.de.yaml create mode 100644 charts/rustcloak-operator/crds/keycloakresources.rustcloak.k8s.eboland.de.yaml create mode 100644 charts/rustcloak-operator/crds/keycloakroles.rustcloak.k8s.eboland.de.yaml create mode 100644 charts/rustcloak-operator/crds/keycloakscopes.rustcloak.k8s.eboland.de.yaml create mode 100644 charts/rustcloak-operator/crds/keycloakusers.rustcloak.k8s.eboland.de.yaml create mode 100644 charts/rustcloak-operator/templates/NOTES.txt create mode 100644 charts/rustcloak-operator/templates/_helpers.tpl create mode 100644 charts/rustcloak-operator/templates/clusterrole.yaml create mode 100644 charts/rustcloak-operator/templates/clusterrolebinding.yaml create mode 100644 charts/rustcloak-operator/templates/deployment.yaml create mode 100644 charts/rustcloak-operator/templates/serviceaccount.yaml create mode 100644 charts/rustcloak-operator/values-minikube.yaml create mode 100644 charts/rustcloak-operator/values.yaml diff --git a/charts/rustcloak-operator/.helmignore b/charts/rustcloak-operator/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/rustcloak-operator/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rustcloak-operator/Chart.yaml b/charts/rustcloak-operator/Chart.yaml new file mode 100644 index 0000000..aa94577 --- /dev/null +++ b/charts/rustcloak-operator/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v2 +name: rustcloak-operator +description: | + The helm-chart for the rustcloak-operator +type: application +icon: https://github.com/withlazers/rustcloak-operator/raw/refs/heads/main/icon.svg +home: https://github.com/withlazers/rustcloak-operator +maintainers: + - name: Enno Boland + email: mail@eboland.de + url: https://github.com/Gottox +version: 0.1.0 +appVersion: "0.1.0" diff --git a/charts/rustcloak-operator/crds/keycloakapiobjects.rustcloak.k8s.eboland.de.yaml b/charts/rustcloak-operator/crds/keycloakapiobjects.rustcloak.k8s.eboland.de.yaml new file mode 100644 index 0000000..c3b6e93 --- /dev/null +++ b/charts/rustcloak-operator/crds/keycloakapiobjects.rustcloak.k8s.eboland.de.yaml @@ -0,0 +1,179 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: keycloakapiobjects.rustcloak.k8s.eboland.de +spec: + group: rustcloak.k8s.eboland.de + names: + categories: [] + kind: KeycloakApiObject + plural: keycloakapiobjects + shortNames: + - kcapi + singular: keycloakapiobject + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: '' + jsonPath: .spec.endpoint.instanceRef + name: Instance + type: string + - description: '' + jsonPath: .status.ready + name: Ready + type: boolean + - description: '' + jsonPath: .status.status + name: Status + type: string + - description: '' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Auto-generated derived type for KeycloakApiObjectSpec via `CustomResource` + properties: + spec: + description: defines an API request to the Keycloak Admin API. + properties: + endpoint: + properties: + instanceRef: + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + path: + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + required: + - instanceRef + - path + type: object + immutablePayload: + additionalProperties: true + type: object + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + options: + description: Options for the request to the Keycloak Admin API. + nullable: true + type: object + payload: + additionalProperties: true + type: object + vars: + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + - name + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + - name + type: object + type: object + required: + - name + type: object + type: array + required: + - endpoint + - immutablePayload + - payload + type: object + status: + nullable: true + properties: + code: + format: uint32 + minimum: 0.0 + type: integer + message: + type: string + ready: + type: boolean + resourcePath: + nullable: true + type: string + status: + type: string + required: + - code + - ready + type: object + required: + - spec + title: KeycloakApiObject + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rustcloak-operator/crds/keycloakauthenticationflows.rustcloak.k8s.eboland.de.yaml b/charts/rustcloak-operator/crds/keycloakauthenticationflows.rustcloak.k8s.eboland.de.yaml new file mode 100644 index 0000000..1cc4a35 --- /dev/null +++ b/charts/rustcloak-operator/crds/keycloakauthenticationflows.rustcloak.k8s.eboland.de.yaml @@ -0,0 +1,133 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: keycloakauthenticationflows.rustcloak.k8s.eboland.de +spec: + group: rustcloak.k8s.eboland.de + names: + categories: [] + kind: KeycloakAuthenticationFlow + plural: keycloakauthenticationflows + shortNames: + - kcaf + singular: keycloakauthenticationflow + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: '' + jsonPath: .status.ready + name: Ready + type: boolean + - description: '' + jsonPath: .status.status + name: Status + type: string + - description: '' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Auto-generated derived type for KeycloakAuthenticationFlowSpec via `CustomResource` + properties: + spec: + description: the KeycloakAuthenticationFlow resource + properties: + definition: + properties: + alias: + nullable: true + type: string + authenticationExecutions: + items: + properties: + authenticator: + nullable: true + type: string + authenticatorConfig: + nullable: true + type: string + authenticatorFlow: + nullable: true + type: boolean + autheticatorFlow: + nullable: true + type: boolean + flowAlias: + nullable: true + type: string + priority: + format: int32 + nullable: true + type: integer + requirement: + nullable: true + type: string + userSetupAllowed: + nullable: true + type: boolean + type: object + nullable: true + type: array + builtIn: + nullable: true + type: boolean + description: + nullable: true + type: string + id: + nullable: true + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + providerId: + nullable: true + type: string + topLevel: + nullable: true + type: boolean + type: object + x-kubernetes-validations: + - message: Value is immutable + rule: has(self.id) == has(oldSelf.id) + options: + description: Options for the request to the Keycloak Admin API. + nullable: true + type: object + realmRef: + description: the name of the kubernetes object that created the realm. + type: string + required: + - definition + - realmRef + type: object + status: + nullable: true + properties: + code: + format: uint32 + minimum: 0.0 + type: integer + message: + type: string + ready: + type: boolean + resourcePath: + nullable: true + type: string + status: + type: string + required: + - code + - ready + type: object + required: + - spec + title: KeycloakAuthenticationFlow + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rustcloak-operator/crds/keycloakauthenticatorconfigs.rustcloak.k8s.eboland.de.yaml b/charts/rustcloak-operator/crds/keycloakauthenticatorconfigs.rustcloak.k8s.eboland.de.yaml new file mode 100644 index 0000000..d1ccef8 --- /dev/null +++ b/charts/rustcloak-operator/crds/keycloakauthenticatorconfigs.rustcloak.k8s.eboland.de.yaml @@ -0,0 +1,95 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: keycloakauthenticatorconfigs.rustcloak.k8s.eboland.de +spec: + group: rustcloak.k8s.eboland.de + names: + categories: [] + kind: KeycloakAuthenticatorConfig + plural: keycloakauthenticatorconfigs + shortNames: + - kcac + singular: keycloakauthenticatorconfig + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: '' + jsonPath: .status.ready + name: Ready + type: boolean + - description: '' + jsonPath: .status.status + name: Status + type: string + - description: '' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Auto-generated derived type for KeycloakAuthenticatorConfigSpec via `CustomResource` + properties: + spec: + description: the KeycloakAuthenticatorConfig resource + properties: + definition: + properties: + alias: + nullable: true + type: string + config: + additionalProperties: + type: string + nullable: true + type: object + id: + nullable: true + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + type: object + x-kubernetes-validations: + - message: Value is immutable + rule: has(self.id) == has(oldSelf.id) + options: + description: Options for the request to the Keycloak Admin API. + nullable: true + type: object + realmRef: + description: the name of the kubernetes object that created the realm. + type: string + required: + - definition + - realmRef + type: object + status: + nullable: true + properties: + code: + format: uint32 + minimum: 0.0 + type: integer + message: + type: string + ready: + type: boolean + resourcePath: + nullable: true + type: string + status: + type: string + required: + - code + - ready + type: object + required: + - spec + title: KeycloakAuthenticatorConfig + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rustcloak-operator/crds/keycloakclients.rustcloak.k8s.eboland.de.yaml b/charts/rustcloak-operator/crds/keycloakclients.rustcloak.k8s.eboland.de.yaml new file mode 100644 index 0000000..67c4362 --- /dev/null +++ b/charts/rustcloak-operator/crds/keycloakclients.rustcloak.k8s.eboland.de.yaml @@ -0,0 +1,883 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: keycloakclients.rustcloak.k8s.eboland.de +spec: + group: rustcloak.k8s.eboland.de + names: + categories: [] + kind: KeycloakClient + plural: keycloakclients + shortNames: + - kcc + singular: keycloakclient + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: '' + jsonPath: .status.ready + name: Ready + type: boolean + - description: '' + jsonPath: .status.status + name: Status + type: string + - description: '' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Auto-generated derived type for KeycloakClientSpec via `CustomResource` + properties: + spec: + description: the KeycloakClient resource + properties: + clientSecret: + nullable: true + properties: + clientIdKey: + nullable: true + type: string + clientSecretKey: + nullable: true + type: string + secretName: + nullable: true + type: string + type: object + definition: + properties: + access: + additionalProperties: + type: boolean + nullable: true + type: object + adminUrl: + nullable: true + type: string + alwaysDisplayInConsole: + nullable: true + type: boolean + attributes: + additionalProperties: + type: string + nullable: true + type: object + authenticationFlowBindingOverrides: + additionalProperties: + type: string + nullable: true + type: object + authorizationServicesEnabled: + nullable: true + type: boolean + authorizationSettings: + nullable: true + properties: + allowRemoteResourceManagement: + nullable: true + type: boolean + clientId: + nullable: true + type: string + decisionStrategy: + enum: + - AFFIRMATIVE + - UNANIMOUS + - CONSENSUS + nullable: true + type: string + id: + nullable: true + type: string + name: + nullable: true + type: string + policies: + items: + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + decisionStrategy: + enum: + - AFFIRMATIVE + - UNANIMOUS + - CONSENSUS + nullable: true + type: string + description: + nullable: true + type: string + id: + nullable: true + type: string + logic: + enum: + - POSITIVE + - NEGATIVE + nullable: true + type: string + name: + nullable: true + type: string + owner: + nullable: true + type: string + policies: + items: + type: string + nullable: true + type: array + resources: + items: + type: string + nullable: true + type: array + resourcesData: + items: + properties: + _id: + nullable: true + type: string + attributes: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + displayName: + nullable: true + type: string + icon_uri: + nullable: true + type: string + name: + nullable: true + type: string + owner: + nullable: true + properties: + id: + nullable: true + type: string + name: + nullable: true + type: string + type: object + ownerManagedAccess: + nullable: true + type: boolean + scopes: + items: + properties: + displayName: + nullable: true + type: string + iconUri: + nullable: true + type: string + id: + nullable: true + type: string + name: + nullable: true + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + nullable: true + type: array + scopesUma: + items: + properties: + displayName: + nullable: true + type: string + iconUri: + nullable: true + type: string + id: + nullable: true + type: string + name: + nullable: true + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + nullable: true + type: array + type: + nullable: true + type: string + uri: + nullable: true + type: string + uris: + items: + type: string + nullable: true + type: array + type: object + nullable: true + type: array + scopes: + items: + type: string + nullable: true + type: array + scopesData: + items: + properties: + displayName: + nullable: true + type: string + iconUri: + nullable: true + type: string + id: + nullable: true + type: string + name: + nullable: true + type: string + resources: + items: + properties: + _id: + nullable: true + type: string + attributes: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + displayName: + nullable: true + type: string + icon_uri: + nullable: true + type: string + name: + nullable: true + type: string + owner: + nullable: true + properties: + id: + nullable: true + type: string + name: + nullable: true + type: string + type: object + ownerManagedAccess: + nullable: true + type: boolean + type: + nullable: true + type: string + uri: + nullable: true + type: string + uris: + items: + type: string + nullable: true + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + nullable: true + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + nullable: true + type: array + type: + nullable: true + type: string + type: object + nullable: true + type: array + policyEnforcementMode: + enum: + - ENFORCING + - PERMISSIVE + - DISABLED + nullable: true + type: string + resources: + items: + properties: + _id: + nullable: true + type: string + attributes: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + displayName: + nullable: true + type: string + icon_uri: + nullable: true + type: string + name: + nullable: true + type: string + owner: + nullable: true + properties: + id: + nullable: true + type: string + name: + nullable: true + type: string + type: object + ownerManagedAccess: + nullable: true + type: boolean + scopes: + items: + properties: + displayName: + nullable: true + type: string + iconUri: + nullable: true + type: string + id: + nullable: true + type: string + name: + nullable: true + type: string + policies: + items: + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + decisionStrategy: + enum: + - AFFIRMATIVE + - UNANIMOUS + - CONSENSUS + nullable: true + type: string + description: + nullable: true + type: string + id: + nullable: true + type: string + logic: + enum: + - POSITIVE + - NEGATIVE + nullable: true + type: string + name: + nullable: true + type: string + owner: + nullable: true + type: string + policies: + items: + type: string + nullable: true + type: array + resources: + items: + type: string + nullable: true + type: array + scopes: + items: + type: string + nullable: true + type: array + type: + nullable: true + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + nullable: true + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + nullable: true + type: array + scopesUma: + items: + properties: + displayName: + nullable: true + type: string + iconUri: + nullable: true + type: string + id: + nullable: true + type: string + name: + nullable: true + type: string + policies: + items: + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + decisionStrategy: + enum: + - AFFIRMATIVE + - UNANIMOUS + - CONSENSUS + nullable: true + type: string + description: + nullable: true + type: string + id: + nullable: true + type: string + logic: + enum: + - POSITIVE + - NEGATIVE + nullable: true + type: string + name: + nullable: true + type: string + owner: + nullable: true + type: string + policies: + items: + type: string + nullable: true + type: array + resources: + items: + type: string + nullable: true + type: array + scopes: + items: + type: string + nullable: true + type: array + type: + nullable: true + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + nullable: true + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + nullable: true + type: array + type: + nullable: true + type: string + uri: + nullable: true + type: string + uris: + items: + type: string + nullable: true + type: array + type: object + nullable: true + type: array + scopes: + items: + properties: + displayName: + nullable: true + type: string + iconUri: + nullable: true + type: string + id: + nullable: true + type: string + name: + nullable: true + type: string + policies: + items: + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + decisionStrategy: + enum: + - AFFIRMATIVE + - UNANIMOUS + - CONSENSUS + nullable: true + type: string + description: + nullable: true + type: string + id: + nullable: true + type: string + logic: + enum: + - POSITIVE + - NEGATIVE + nullable: true + type: string + name: + nullable: true + type: string + owner: + nullable: true + type: string + policies: + items: + type: string + nullable: true + type: array + resources: + items: + type: string + nullable: true + type: array + resourcesData: + items: + properties: + _id: + nullable: true + type: string + attributes: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + displayName: + nullable: true + type: string + icon_uri: + nullable: true + type: string + name: + nullable: true + type: string + owner: + nullable: true + properties: + id: + nullable: true + type: string + name: + nullable: true + type: string + type: object + ownerManagedAccess: + nullable: true + type: boolean + type: + nullable: true + type: string + uri: + nullable: true + type: string + uris: + items: + type: string + nullable: true + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + nullable: true + type: array + scopes: + items: + type: string + nullable: true + type: array + type: + nullable: true + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + nullable: true + type: array + resources: + items: + properties: + _id: + nullable: true + type: string + attributes: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + displayName: + nullable: true + type: string + icon_uri: + nullable: true + type: string + name: + nullable: true + type: string + owner: + nullable: true + properties: + id: + nullable: true + type: string + name: + nullable: true + type: string + type: object + ownerManagedAccess: + nullable: true + type: boolean + type: + nullable: true + type: string + uri: + nullable: true + type: string + uris: + items: + type: string + nullable: true + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + nullable: true + type: array + type: object + nullable: true + type: array + type: object + baseUrl: + nullable: true + type: string + bearerOnly: + nullable: true + type: boolean + clientAuthenticatorType: + nullable: true + type: string + clientId: + nullable: true + type: string + clientTemplate: + nullable: true + type: string + consentRequired: + nullable: true + type: boolean + defaultClientScopes: + items: + type: string + nullable: true + type: array + defaultRoles: + items: + type: string + nullable: true + type: array + description: + nullable: true + type: string + directAccessGrantsEnabled: + nullable: true + type: boolean + directGrantsOnly: + nullable: true + type: boolean + enabled: + nullable: true + type: boolean + frontchannelLogout: + nullable: true + type: boolean + fullScopeAllowed: + nullable: true + type: boolean + id: + nullable: true + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + implicitFlowEnabled: + nullable: true + type: boolean + name: + nullable: true + type: string + nodeReRegistrationTimeout: + format: int32 + nullable: true + type: integer + notBefore: + format: int32 + nullable: true + type: integer + optionalClientScopes: + items: + type: string + nullable: true + type: array + origin: + nullable: true + type: string + protocol: + nullable: true + type: string + protocolMappers: + items: + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + consentRequired: + nullable: true + type: boolean + consentText: + nullable: true + type: string + id: + nullable: true + type: string + name: + nullable: true + type: string + protocol: + nullable: true + type: string + protocolMapper: + nullable: true + type: string + type: object + nullable: true + type: array + publicClient: + nullable: true + type: boolean + redirectUris: + items: + type: string + nullable: true + type: array + registeredNodes: + additionalProperties: + format: int32 + type: integer + nullable: true + type: object + registrationAccessToken: + nullable: true + type: string + rootUrl: + nullable: true + type: string + secret: + nullable: true + type: string + serviceAccountsEnabled: + nullable: true + type: boolean + standardFlowEnabled: + nullable: true + type: boolean + surrogateAuthRequired: + nullable: true + type: boolean + type: + nullable: true + type: string + useTemplateConfig: + nullable: true + type: boolean + useTemplateMappers: + nullable: true + type: boolean + useTemplateScope: + nullable: true + type: boolean + webOrigins: + items: + type: string + nullable: true + type: array + type: object + x-kubernetes-validations: + - message: Value is immutable + rule: has(self.id) == has(oldSelf.id) + options: + description: Options for the request to the Keycloak Admin API. + nullable: true + type: object + realmRef: + description: the name of the kubernetes object that created the realm. + type: string + required: + - definition + - realmRef + type: object + status: + nullable: true + properties: + code: + format: uint32 + minimum: 0.0 + type: integer + message: + type: string + ready: + type: boolean + resourcePath: + nullable: true + type: string + status: + type: string + required: + - code + - ready + type: object + required: + - spec + title: KeycloakClient + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rustcloak-operator/crds/keycloakclientscopes.rustcloak.k8s.eboland.de.yaml b/charts/rustcloak-operator/crds/keycloakclientscopes.rustcloak.k8s.eboland.de.yaml new file mode 100644 index 0000000..9c29a55 --- /dev/null +++ b/charts/rustcloak-operator/crds/keycloakclientscopes.rustcloak.k8s.eboland.de.yaml @@ -0,0 +1,133 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: keycloakclientscopes.rustcloak.k8s.eboland.de +spec: + group: rustcloak.k8s.eboland.de + names: + categories: [] + kind: KeycloakClientScope + plural: keycloakclientscopes + shortNames: + - kcss + singular: keycloakclientscope + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: '' + jsonPath: .status.ready + name: Ready + type: boolean + - description: '' + jsonPath: .status.status + name: Status + type: string + - description: '' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Auto-generated derived type for KeycloakClientScopeSpec via `CustomResource` + properties: + spec: + description: the KeycloakClientScope resource + properties: + definition: + properties: + attributes: + additionalProperties: + type: string + nullable: true + type: object + description: + nullable: true + type: string + id: + nullable: true + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + name: + nullable: true + type: string + protocol: + nullable: true + type: string + protocolMappers: + items: + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + consentRequired: + nullable: true + type: boolean + consentText: + nullable: true + type: string + id: + nullable: true + type: string + name: + nullable: true + type: string + protocol: + nullable: true + type: string + protocolMapper: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + x-kubernetes-validations: + - message: Value is immutable + rule: has(self.id) == has(oldSelf.id) + isTemplate: + nullable: true + type: boolean + options: + description: Options for the request to the Keycloak Admin API. + nullable: true + type: object + realmRef: + description: the name of the kubernetes object that created the realm. + type: string + required: + - definition + - realmRef + type: object + status: + nullable: true + properties: + code: + format: uint32 + minimum: 0.0 + type: integer + message: + type: string + ready: + type: boolean + resourcePath: + nullable: true + type: string + status: + type: string + required: + - code + - ready + type: object + required: + - spec + title: KeycloakClientScope + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rustcloak-operator/crds/keycloakcomponents.rustcloak.k8s.eboland.de.yaml b/charts/rustcloak-operator/crds/keycloakcomponents.rustcloak.k8s.eboland.de.yaml new file mode 100644 index 0000000..f7c3214 --- /dev/null +++ b/charts/rustcloak-operator/crds/keycloakcomponents.rustcloak.k8s.eboland.de.yaml @@ -0,0 +1,109 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: keycloakcomponents.rustcloak.k8s.eboland.de +spec: + group: rustcloak.k8s.eboland.de + names: + categories: [] + kind: KeycloakComponent + plural: keycloakcomponents + shortNames: + - kcco + singular: keycloakcomponent + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: '' + jsonPath: .status.ready + name: Ready + type: boolean + - description: '' + jsonPath: .status.status + name: Status + type: string + - description: '' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Auto-generated derived type for KeycloakComponentSpec via `CustomResource` + properties: + spec: + description: the KeycloakComponent resource + properties: + definition: + properties: + config: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + id: + nullable: true + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + name: + nullable: true + type: string + parentId: + nullable: true + type: string + providerId: + nullable: true + type: string + providerType: + nullable: true + type: string + subType: + nullable: true + type: string + type: object + x-kubernetes-validations: + - message: Value is immutable + rule: has(self.id) == has(oldSelf.id) + options: + description: Options for the request to the Keycloak Admin API. + nullable: true + type: object + realmRef: + description: the name of the kubernetes object that created the realm. + type: string + required: + - definition + - realmRef + type: object + status: + nullable: true + properties: + code: + format: uint32 + minimum: 0.0 + type: integer + message: + type: string + ready: + type: boolean + resourcePath: + nullable: true + type: string + status: + type: string + required: + - code + - ready + type: object + required: + - spec + title: KeycloakComponent + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rustcloak-operator/crds/keycloakgroups.rustcloak.k8s.eboland.de.yaml b/charts/rustcloak-operator/crds/keycloakgroups.rustcloak.k8s.eboland.de.yaml new file mode 100644 index 0000000..d055b97 --- /dev/null +++ b/charts/rustcloak-operator/crds/keycloakgroups.rustcloak.k8s.eboland.de.yaml @@ -0,0 +1,124 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: keycloakgroups.rustcloak.k8s.eboland.de +spec: + group: rustcloak.k8s.eboland.de + names: + categories: [] + kind: KeycloakGroup + plural: keycloakgroups + shortNames: + - kcg + singular: keycloakgroup + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: '' + jsonPath: .status.ready + name: Ready + type: boolean + - description: '' + jsonPath: .status.status + name: Status + type: string + - description: '' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Auto-generated derived type for KeycloakGroupSpec via `CustomResource` + properties: + spec: + description: the KeycloakGroup resource + properties: + definition: + properties: + access: + additionalProperties: + type: boolean + nullable: true + type: object + attributes: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + clientRoles: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + id: + nullable: true + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + name: + nullable: true + type: string + parentId: + nullable: true + type: string + path: + nullable: true + type: string + realmRoles: + items: + type: string + nullable: true + type: array + subGroupCount: + format: int64 + nullable: true + type: integer + type: object + x-kubernetes-validations: + - message: Value is immutable + rule: has(self.id) == has(oldSelf.id) + options: + description: Options for the request to the Keycloak Admin API. + nullable: true + type: object + realmRef: + description: the name of the kubernetes object that created the realm. + type: string + required: + - definition + - realmRef + type: object + status: + nullable: true + properties: + code: + format: uint32 + minimum: 0.0 + type: integer + message: + type: string + ready: + type: boolean + resourcePath: + nullable: true + type: string + status: + type: string + required: + - code + - ready + type: object + required: + - spec + title: KeycloakGroup + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rustcloak-operator/crds/keycloakidentityprovidermappers.rustcloak.k8s.eboland.de.yaml b/charts/rustcloak-operator/crds/keycloakidentityprovidermappers.rustcloak.k8s.eboland.de.yaml new file mode 100644 index 0000000..3b83804 --- /dev/null +++ b/charts/rustcloak-operator/crds/keycloakidentityprovidermappers.rustcloak.k8s.eboland.de.yaml @@ -0,0 +1,101 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: keycloakidentityprovidermappers.rustcloak.k8s.eboland.de +spec: + group: rustcloak.k8s.eboland.de + names: + categories: [] + kind: KeycloakIdentityProviderMapper + plural: keycloakidentityprovidermappers + shortNames: + - kcipm + singular: keycloakidentityprovidermapper + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: '' + jsonPath: .status.ready + name: Ready + type: boolean + - description: '' + jsonPath: .status.status + name: Status + type: string + - description: '' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Auto-generated derived type for KeycloakIdentityProviderMapperSpec via `CustomResource` + properties: + spec: + description: the KeycloakIdentityProviderMapper resource + properties: + definition: + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + id: + nullable: true + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + identityProviderAlias: + nullable: true + type: string + identityProviderMapper: + nullable: true + type: string + name: + nullable: true + type: string + type: object + x-kubernetes-validations: + - message: Value is immutable + rule: has(self.id) == has(oldSelf.id) + identityProviderRef: + description: the name of the kubernetes object that created the identity provider. + type: string + options: + description: Options for the request to the Keycloak Admin API. + nullable: true + type: object + required: + - definition + - identityProviderRef + type: object + status: + nullable: true + properties: + code: + format: uint32 + minimum: 0.0 + type: integer + message: + type: string + ready: + type: boolean + resourcePath: + nullable: true + type: string + status: + type: string + required: + - code + - ready + type: object + required: + - spec + title: KeycloakIdentityProviderMapper + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rustcloak-operator/crds/keycloakidentityproviders.rustcloak.k8s.eboland.de.yaml b/charts/rustcloak-operator/crds/keycloakidentityproviders.rustcloak.k8s.eboland.de.yaml new file mode 100644 index 0000000..f838bc5 --- /dev/null +++ b/charts/rustcloak-operator/crds/keycloakidentityproviders.rustcloak.k8s.eboland.de.yaml @@ -0,0 +1,137 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: keycloakidentityproviders.rustcloak.k8s.eboland.de +spec: + group: rustcloak.k8s.eboland.de + names: + categories: [] + kind: KeycloakIdentityProvider + plural: keycloakidentityproviders + shortNames: + - kcip + singular: keycloakidentityprovider + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: '' + jsonPath: .status.ready + name: Ready + type: boolean + - description: '' + jsonPath: .status.status + name: Status + type: string + - description: '' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Auto-generated derived type for KeycloakIdentityProviderSpec via `CustomResource` + properties: + spec: + description: the KeycloakIdentityProvider resource + properties: + definition: + properties: + addReadTokenRoleOnCreate: + nullable: true + type: boolean + alias: + nullable: true + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + authenticateByDefault: + nullable: true + type: boolean + config: + additionalProperties: + type: string + nullable: true + type: object + displayName: + nullable: true + type: string + enabled: + nullable: true + type: boolean + firstBrokerLoginFlowAlias: + nullable: true + type: string + hideOnLogin: + nullable: true + type: boolean + internalId: + nullable: true + type: string + linkOnly: + nullable: true + type: boolean + organizationId: + nullable: true + type: string + postBrokerLoginFlowAlias: + nullable: true + type: string + providerId: + nullable: true + type: string + storeToken: + nullable: true + type: boolean + trustEmail: + nullable: true + type: boolean + updateProfileFirstLogin: + nullable: true + type: boolean + updateProfileFirstLoginMode: + nullable: true + type: string + type: object + x-kubernetes-validations: + - message: Value is immutable + rule: has(self.alias) == has(oldSelf.alias) + options: + description: Options for the request to the Keycloak Admin API. + nullable: true + type: object + realmRef: + description: the name of the kubernetes object that created the realm. + type: string + required: + - definition + - realmRef + type: object + status: + nullable: true + properties: + code: + format: uint32 + minimum: 0.0 + type: integer + message: + type: string + ready: + type: boolean + resourcePath: + nullable: true + type: string + status: + type: string + required: + - code + - ready + type: object + required: + - spec + title: KeycloakIdentityProvider + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rustcloak-operator/crds/keycloakinstances.rustcloak.k8s.eboland.de.yaml b/charts/rustcloak-operator/crds/keycloakinstances.rustcloak.k8s.eboland.de.yaml new file mode 100644 index 0000000..969a477 --- /dev/null +++ b/charts/rustcloak-operator/crds/keycloakinstances.rustcloak.k8s.eboland.de.yaml @@ -0,0 +1,109 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: keycloakinstances.rustcloak.k8s.eboland.de +spec: + group: rustcloak.k8s.eboland.de + names: + categories: [] + kind: KeycloakInstance + plural: keycloakinstances + shortNames: + - kci + singular: keycloakinstance + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: '' + jsonPath: .spec.baseUrl + name: Base URL + type: string + - description: '' + jsonPath: .status.ready + name: Ready + type: boolean + - description: '' + jsonPath: .status.status + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: Auto-generated derived type for KeycloakInstanceSpec via `CustomResource` + properties: + spec: + properties: + baseUrl: + type: string + client: + nullable: true + properties: + id: + type: string + secret: + nullable: true + type: string + required: + - id + type: object + credentials: + properties: + passwordKey: + nullable: true + type: string + secretName: + type: string + userKey: + nullable: true + type: string + required: + - secretName + type: object + realm: + nullable: true + type: string + token: + nullable: true + properties: + expiresKey: + nullable: true + type: string + secretName: + nullable: true + type: string + tokenKey: + nullable: true + type: string + type: object + required: + - baseUrl + - credentials + type: object + status: + nullable: true + properties: + code: + format: uint32 + minimum: 0.0 + type: integer + message: + type: string + ready: + type: boolean + resourcePath: + nullable: true + type: string + status: + type: string + required: + - code + - ready + type: object + required: + - spec + title: KeycloakInstance + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rustcloak-operator/crds/keycloakorganizations.rustcloak.k8s.eboland.de.yaml b/charts/rustcloak-operator/crds/keycloakorganizations.rustcloak.k8s.eboland.de.yaml new file mode 100644 index 0000000..29f0875 --- /dev/null +++ b/charts/rustcloak-operator/crds/keycloakorganizations.rustcloak.k8s.eboland.de.yaml @@ -0,0 +1,466 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: keycloakorganizations.rustcloak.k8s.eboland.de +spec: + group: rustcloak.k8s.eboland.de + names: + categories: [] + kind: KeycloakOrganization + plural: keycloakorganizations + shortNames: + - kcorg + singular: keycloakorganization + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: '' + jsonPath: .status.ready + name: Ready + type: boolean + - description: '' + jsonPath: .status.status + name: Status + type: string + - description: '' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Auto-generated derived type for KeycloakOrganizationSpec via `CustomResource` + properties: + spec: + description: the KeycloakOrganization resource + properties: + definition: + properties: + alias: + nullable: true + type: string + attributes: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + description: + nullable: true + type: string + domains: + items: + properties: + name: + nullable: true + type: string + verified: + nullable: true + type: boolean + type: object + nullable: true + type: array + enabled: + nullable: true + type: boolean + id: + nullable: true + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + identityProviders: + items: + properties: + addReadTokenRoleOnCreate: + nullable: true + type: boolean + alias: + nullable: true + type: string + authenticateByDefault: + nullable: true + type: boolean + config: + additionalProperties: + type: string + nullable: true + type: object + displayName: + nullable: true + type: string + enabled: + nullable: true + type: boolean + firstBrokerLoginFlowAlias: + nullable: true + type: string + hideOnLogin: + nullable: true + type: boolean + internalId: + nullable: true + type: string + linkOnly: + nullable: true + type: boolean + organizationId: + nullable: true + type: string + postBrokerLoginFlowAlias: + nullable: true + type: string + providerId: + nullable: true + type: string + storeToken: + nullable: true + type: boolean + trustEmail: + nullable: true + type: boolean + updateProfileFirstLogin: + nullable: true + type: boolean + updateProfileFirstLoginMode: + nullable: true + type: string + type: object + nullable: true + type: array + members: + items: + properties: + access: + additionalProperties: + type: boolean + nullable: true + type: object + applicationRoles: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + attributes: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + clientConsents: + items: + properties: + clientId: + nullable: true + type: string + createdDate: + format: int64 + nullable: true + type: integer + grantedClientScopes: + items: + type: string + nullable: true + type: array + grantedRealmRoles: + items: + type: string + nullable: true + type: array + lastUpdatedDate: + format: int64 + nullable: true + type: integer + type: object + nullable: true + type: array + clientRoles: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + createdTimestamp: + format: int64 + nullable: true + type: integer + credentials: + items: + properties: + algorithm: + nullable: true + type: string + config: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + counter: + format: int32 + nullable: true + type: integer + createdDate: + format: int64 + nullable: true + type: integer + credentialData: + nullable: true + type: string + device: + nullable: true + type: string + digits: + format: int32 + nullable: true + type: integer + hashIterations: + format: int32 + nullable: true + type: integer + hashedSaltedValue: + nullable: true + type: string + id: + nullable: true + type: string + period: + format: int32 + nullable: true + type: integer + priority: + format: int32 + nullable: true + type: integer + salt: + nullable: true + type: string + secretData: + nullable: true + type: string + temporary: + nullable: true + type: boolean + type: + nullable: true + type: string + userLabel: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + disableableCredentialTypes: + items: + type: string + nullable: true + type: array + email: + nullable: true + type: string + emailVerified: + nullable: true + type: boolean + enabled: + nullable: true + type: boolean + federatedIdentities: + items: + properties: + identityProvider: + nullable: true + type: string + userId: + nullable: true + type: string + userName: + nullable: true + type: string + type: object + nullable: true + type: array + federationLink: + nullable: true + type: string + firstName: + nullable: true + type: string + groups: + items: + type: string + nullable: true + type: array + id: + nullable: true + type: string + lastName: + nullable: true + type: string + membershipType: + enum: + - UNMANAGED + - MANAGED + nullable: true + type: string + notBefore: + format: int32 + nullable: true + type: integer + origin: + nullable: true + type: string + realmRoles: + items: + type: string + nullable: true + type: array + requiredActions: + items: + type: string + nullable: true + type: array + self: + nullable: true + type: string + serviceAccountClientId: + nullable: true + type: string + socialLinks: + items: + properties: + socialProvider: + nullable: true + type: string + socialUserId: + nullable: true + type: string + socialUsername: + nullable: true + type: string + type: object + nullable: true + type: array + totp: + nullable: true + type: boolean + userProfileMetadata: + nullable: true + properties: + attributes: + items: + properties: + annotations: + additionalProperties: true + nullable: true + type: object + displayName: + nullable: true + type: string + group: + nullable: true + type: string + multivalued: + nullable: true + type: boolean + name: + nullable: true + type: string + readOnly: + nullable: true + type: boolean + required: + nullable: true + type: boolean + validators: + additionalProperties: + additionalProperties: true + type: object + nullable: true + type: object + type: object + nullable: true + type: array + groups: + items: + properties: + annotations: + additionalProperties: true + nullable: true + type: object + displayDescription: + nullable: true + type: string + displayHeader: + nullable: true + type: string + name: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + username: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + redirectUrl: + nullable: true + type: string + type: object + x-kubernetes-validations: + - message: Value is immutable + rule: has(self.id) == has(oldSelf.id) + options: + description: Options for the request to the Keycloak Admin API. + nullable: true + type: object + realmRef: + description: the name of the kubernetes object that created the realm. + type: string + required: + - definition + - realmRef + type: object + status: + nullable: true + properties: + code: + format: uint32 + minimum: 0.0 + type: integer + message: + type: string + ready: + type: boolean + resourcePath: + nullable: true + type: string + status: + type: string + required: + - code + - ready + type: object + required: + - spec + title: KeycloakOrganization + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rustcloak-operator/crds/keycloakprotocolmappers.rustcloak.k8s.eboland.de.yaml b/charts/rustcloak-operator/crds/keycloakprotocolmappers.rustcloak.k8s.eboland.de.yaml new file mode 100644 index 0000000..8354549 --- /dev/null +++ b/charts/rustcloak-operator/crds/keycloakprotocolmappers.rustcloak.k8s.eboland.de.yaml @@ -0,0 +1,112 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: keycloakprotocolmappers.rustcloak.k8s.eboland.de +spec: + group: rustcloak.k8s.eboland.de + names: + categories: [] + kind: KeycloakProtocolMapper + plural: keycloakprotocolmappers + shortNames: + - kcpm + singular: keycloakprotocolmapper + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: '' + jsonPath: .status.ready + name: Ready + type: boolean + - description: '' + jsonPath: .status.status + name: Status + type: string + - description: '' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Auto-generated derived type for KeycloakProtocolMapperSpec via `CustomResource` + properties: + spec: + anyOf: + - required: + - clientRef + - required: + - clientScopeRef + description: the KeycloakProtocolMapper resource + properties: + clientRef: + type: string + clientScopeRef: + type: string + definition: + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + consentRequired: + nullable: true + type: boolean + consentText: + nullable: true + type: string + id: + nullable: true + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + name: + nullable: true + type: string + protocol: + nullable: true + type: string + protocolMapper: + nullable: true + type: string + type: object + x-kubernetes-validations: + - message: Value is immutable + rule: has(self.id) == has(oldSelf.id) + options: + description: Options for the request to the Keycloak Admin API. + nullable: true + type: object + required: + - definition + type: object + status: + nullable: true + properties: + code: + format: uint32 + minimum: 0.0 + type: integer + message: + type: string + ready: + type: boolean + resourcePath: + nullable: true + type: string + status: + type: string + required: + - code + - ready + type: object + required: + - spec + title: KeycloakProtocolMapper + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rustcloak-operator/crds/keycloakrealms.rustcloak.k8s.eboland.de.yaml b/charts/rustcloak-operator/crds/keycloakrealms.rustcloak.k8s.eboland.de.yaml new file mode 100644 index 0000000..92ac30a --- /dev/null +++ b/charts/rustcloak-operator/crds/keycloakrealms.rustcloak.k8s.eboland.de.yaml @@ -0,0 +1,2314 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: keycloakrealms.rustcloak.k8s.eboland.de +spec: + group: rustcloak.k8s.eboland.de + names: + categories: [] + kind: KeycloakRealm + plural: keycloakrealms + shortNames: + - kcrm + singular: keycloakrealm + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: '' + jsonPath: .status.ready + name: Ready + type: boolean + - description: '' + jsonPath: .status.status + name: Status + type: string + - description: '' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Auto-generated derived type for KeycloakRealmSpec via `CustomResource` + properties: + spec: + description: the KeycloakRealm resource + properties: + definition: + properties: + accessCodeLifespan: + format: int32 + nullable: true + type: integer + accessCodeLifespanLogin: + format: int32 + nullable: true + type: integer + accessCodeLifespanUserAction: + format: int32 + nullable: true + type: integer + accessTokenLifespan: + format: int32 + nullable: true + type: integer + accessTokenLifespanForImplicitFlow: + format: int32 + nullable: true + type: integer + accountTheme: + nullable: true + type: string + actionTokenGeneratedByAdminLifespan: + format: int32 + nullable: true + type: integer + actionTokenGeneratedByUserLifespan: + format: int32 + nullable: true + type: integer + adminEventsDetailsEnabled: + nullable: true + type: boolean + adminEventsEnabled: + nullable: true + type: boolean + adminTheme: + nullable: true + type: string + applicationScopeMappings: + additionalProperties: + items: + properties: + client: + nullable: true + type: string + clientScope: + nullable: true + type: string + clientTemplate: + nullable: true + type: string + roles: + items: + type: string + nullable: true + type: array + self: + nullable: true + type: string + type: object + type: array + nullable: true + type: object + attributes: + additionalProperties: + type: string + nullable: true + type: object + authenticationFlows: + items: + properties: + alias: + nullable: true + type: string + authenticationExecutions: + items: + properties: + authenticator: + nullable: true + type: string + authenticatorConfig: + nullable: true + type: string + authenticatorFlow: + nullable: true + type: boolean + autheticatorFlow: + nullable: true + type: boolean + flowAlias: + nullable: true + type: string + priority: + format: int32 + nullable: true + type: integer + requirement: + nullable: true + type: string + userSetupAllowed: + nullable: true + type: boolean + type: object + nullable: true + type: array + builtIn: + nullable: true + type: boolean + description: + nullable: true + type: string + id: + nullable: true + type: string + providerId: + nullable: true + type: string + topLevel: + nullable: true + type: boolean + type: object + nullable: true + type: array + authenticatorConfig: + items: + properties: + alias: + nullable: true + type: string + config: + additionalProperties: + type: string + nullable: true + type: object + id: + nullable: true + type: string + type: object + nullable: true + type: array + browserFlow: + nullable: true + type: string + browserSecurityHeaders: + additionalProperties: + type: string + nullable: true + type: object + bruteForceProtected: + nullable: true + type: boolean + certificate: + nullable: true + type: string + clientAuthenticationFlow: + nullable: true + type: string + clientOfflineSessionIdleTimeout: + format: int32 + nullable: true + type: integer + clientOfflineSessionMaxLifespan: + format: int32 + nullable: true + type: integer + clientPolicies: + nullable: true + properties: + globalPolicies: + items: + properties: + conditions: + items: + properties: + condition: + nullable: true + type: string + configuration: + additionalProperties: true + nullable: true + type: object + type: object + nullable: true + type: array + description: + nullable: true + type: string + enabled: + nullable: true + type: boolean + name: + nullable: true + type: string + profiles: + items: + type: string + nullable: true + type: array + type: object + nullable: true + type: array + policies: + items: + properties: + conditions: + items: + properties: + condition: + nullable: true + type: string + configuration: + additionalProperties: true + nullable: true + type: object + type: object + nullable: true + type: array + description: + nullable: true + type: string + enabled: + nullable: true + type: boolean + name: + nullable: true + type: string + profiles: + items: + type: string + nullable: true + type: array + type: object + nullable: true + type: array + type: object + clientProfiles: + nullable: true + properties: + globalProfiles: + items: + properties: + description: + nullable: true + type: string + executors: + items: + properties: + configuration: + additionalProperties: true + nullable: true + type: object + executor: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + type: object + nullable: true + type: array + profiles: + items: + properties: + description: + nullable: true + type: string + executors: + items: + properties: + configuration: + additionalProperties: true + nullable: true + type: object + executor: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + clientScopeMappings: + additionalProperties: + items: + properties: + client: + nullable: true + type: string + clientScope: + nullable: true + type: string + clientTemplate: + nullable: true + type: string + roles: + items: + type: string + nullable: true + type: array + self: + nullable: true + type: string + type: object + type: array + nullable: true + type: object + clientScopes: + items: + properties: + attributes: + additionalProperties: + type: string + nullable: true + type: object + description: + nullable: true + type: string + id: + nullable: true + type: string + name: + nullable: true + type: string + protocol: + nullable: true + type: string + protocolMappers: + items: + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + consentRequired: + nullable: true + type: boolean + consentText: + nullable: true + type: string + id: + nullable: true + type: string + name: + nullable: true + type: string + protocol: + nullable: true + type: string + protocolMapper: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + clientSessionIdleTimeout: + format: int32 + nullable: true + type: integer + clientSessionMaxLifespan: + format: int32 + nullable: true + type: integer + clientTemplates: + items: + properties: + attributes: + additionalProperties: + type: string + nullable: true + type: object + bearerOnly: + nullable: true + type: boolean + consentRequired: + nullable: true + type: boolean + description: + nullable: true + type: string + directAccessGrantsEnabled: + nullable: true + type: boolean + frontchannelLogout: + nullable: true + type: boolean + fullScopeAllowed: + nullable: true + type: boolean + id: + nullable: true + type: string + implicitFlowEnabled: + nullable: true + type: boolean + name: + nullable: true + type: string + protocol: + nullable: true + type: string + protocolMappers: + items: + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + consentRequired: + nullable: true + type: boolean + consentText: + nullable: true + type: string + id: + nullable: true + type: string + name: + nullable: true + type: string + protocol: + nullable: true + type: string + protocolMapper: + nullable: true + type: string + type: object + nullable: true + type: array + publicClient: + nullable: true + type: boolean + serviceAccountsEnabled: + nullable: true + type: boolean + standardFlowEnabled: + nullable: true + type: boolean + type: object + nullable: true + type: array + codeSecret: + nullable: true + type: string + defaultDefaultClientScopes: + items: + type: string + nullable: true + type: array + defaultGroups: + items: + type: string + nullable: true + type: array + defaultLocale: + nullable: true + type: string + defaultOptionalClientScopes: + items: + type: string + nullable: true + type: array + defaultRole: + nullable: true + properties: + attributes: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + clientRole: + nullable: true + type: boolean + composite: + nullable: true + type: boolean + composites: + nullable: true + properties: + application: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + client: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + realm: + items: + type: string + nullable: true + type: array + type: object + containerId: + nullable: true + type: string + description: + nullable: true + type: string + id: + nullable: true + type: string + name: + nullable: true + type: string + scopeParamRequired: + nullable: true + type: boolean + type: object + defaultRoles: + items: + type: string + nullable: true + type: array + defaultSignatureAlgorithm: + nullable: true + type: string + directGrantFlow: + nullable: true + type: string + displayName: + nullable: true + type: string + displayNameHtml: + nullable: true + type: string + dockerAuthenticationFlow: + nullable: true + type: string + duplicateEmailsAllowed: + nullable: true + type: boolean + editUsernameAllowed: + nullable: true + type: boolean + emailTheme: + nullable: true + type: string + enabled: + nullable: true + type: boolean + enabledEventTypes: + items: + type: string + nullable: true + type: array + eventsEnabled: + nullable: true + type: boolean + eventsExpiration: + format: int64 + nullable: true + type: integer + eventsListeners: + items: + type: string + nullable: true + type: array + failureFactor: + format: int32 + nullable: true + type: integer + federatedUsers: + items: + properties: + access: + additionalProperties: + type: boolean + nullable: true + type: object + applicationRoles: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + attributes: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + clientConsents: + items: + properties: + clientId: + nullable: true + type: string + createdDate: + format: int64 + nullable: true + type: integer + grantedClientScopes: + items: + type: string + nullable: true + type: array + grantedRealmRoles: + items: + type: string + nullable: true + type: array + lastUpdatedDate: + format: int64 + nullable: true + type: integer + type: object + nullable: true + type: array + clientRoles: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + createdTimestamp: + format: int64 + nullable: true + type: integer + credentials: + items: + properties: + algorithm: + nullable: true + type: string + config: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + counter: + format: int32 + nullable: true + type: integer + createdDate: + format: int64 + nullable: true + type: integer + credentialData: + nullable: true + type: string + device: + nullable: true + type: string + digits: + format: int32 + nullable: true + type: integer + hashIterations: + format: int32 + nullable: true + type: integer + hashedSaltedValue: + nullable: true + type: string + id: + nullable: true + type: string + period: + format: int32 + nullable: true + type: integer + priority: + format: int32 + nullable: true + type: integer + salt: + nullable: true + type: string + secretData: + nullable: true + type: string + temporary: + nullable: true + type: boolean + type: + nullable: true + type: string + userLabel: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + disableableCredentialTypes: + items: + type: string + nullable: true + type: array + email: + nullable: true + type: string + emailVerified: + nullable: true + type: boolean + enabled: + nullable: true + type: boolean + federatedIdentities: + items: + properties: + identityProvider: + nullable: true + type: string + userId: + nullable: true + type: string + userName: + nullable: true + type: string + type: object + nullable: true + type: array + federationLink: + nullable: true + type: string + firstName: + nullable: true + type: string + groups: + items: + type: string + nullable: true + type: array + id: + nullable: true + type: string + lastName: + nullable: true + type: string + notBefore: + format: int32 + nullable: true + type: integer + origin: + nullable: true + type: string + realmRoles: + items: + type: string + nullable: true + type: array + requiredActions: + items: + type: string + nullable: true + type: array + self: + nullable: true + type: string + serviceAccountClientId: + nullable: true + type: string + socialLinks: + items: + properties: + socialProvider: + nullable: true + type: string + socialUserId: + nullable: true + type: string + socialUsername: + nullable: true + type: string + type: object + nullable: true + type: array + totp: + nullable: true + type: boolean + userProfileMetadata: + nullable: true + properties: + attributes: + items: + properties: + annotations: + additionalProperties: true + nullable: true + type: object + displayName: + nullable: true + type: string + group: + nullable: true + type: string + multivalued: + nullable: true + type: boolean + name: + nullable: true + type: string + readOnly: + nullable: true + type: boolean + required: + nullable: true + type: boolean + validators: + additionalProperties: + additionalProperties: true + type: object + nullable: true + type: object + type: object + nullable: true + type: array + groups: + items: + properties: + annotations: + additionalProperties: true + nullable: true + type: object + displayDescription: + nullable: true + type: string + displayHeader: + nullable: true + type: string + name: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + username: + nullable: true + type: string + type: object + nullable: true + type: array + firstBrokerLoginFlow: + nullable: true + type: string + id: + nullable: true + type: string + identityProviderMappers: + items: + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + id: + nullable: true + type: string + identityProviderAlias: + nullable: true + type: string + identityProviderMapper: + nullable: true + type: string + name: + nullable: true + type: string + type: object + nullable: true + type: array + identityProviders: + items: + properties: + addReadTokenRoleOnCreate: + nullable: true + type: boolean + alias: + nullable: true + type: string + authenticateByDefault: + nullable: true + type: boolean + config: + additionalProperties: + type: string + nullable: true + type: object + displayName: + nullable: true + type: string + enabled: + nullable: true + type: boolean + firstBrokerLoginFlowAlias: + nullable: true + type: string + hideOnLogin: + nullable: true + type: boolean + internalId: + nullable: true + type: string + linkOnly: + nullable: true + type: boolean + organizationId: + nullable: true + type: string + postBrokerLoginFlowAlias: + nullable: true + type: string + providerId: + nullable: true + type: string + storeToken: + nullable: true + type: boolean + trustEmail: + nullable: true + type: boolean + updateProfileFirstLogin: + nullable: true + type: boolean + updateProfileFirstLoginMode: + nullable: true + type: string + type: object + nullable: true + type: array + internationalizationEnabled: + nullable: true + type: boolean + keycloakVersion: + nullable: true + type: string + localizationTexts: + additionalProperties: + additionalProperties: + type: string + type: object + nullable: true + type: object + loginTheme: + nullable: true + type: string + loginWithEmailAllowed: + nullable: true + type: boolean + maxDeltaTimeSeconds: + format: int32 + nullable: true + type: integer + maxFailureWaitSeconds: + format: int32 + nullable: true + type: integer + maxTemporaryLockouts: + format: int32 + nullable: true + type: integer + minimumQuickLoginWaitSeconds: + format: int32 + nullable: true + type: integer + notBefore: + format: int32 + nullable: true + type: integer + oAuth2DeviceCodeLifespan: + format: int32 + nullable: true + type: integer + oAuth2DevicePollingInterval: + format: int32 + nullable: true + type: integer + oauth2DeviceCodeLifespan: + format: int32 + nullable: true + type: integer + oauth2DevicePollingInterval: + format: int32 + nullable: true + type: integer + offlineSessionIdleTimeout: + format: int32 + nullable: true + type: integer + offlineSessionMaxLifespan: + format: int32 + nullable: true + type: integer + offlineSessionMaxLifespanEnabled: + nullable: true + type: boolean + organizations: + items: + properties: + alias: + nullable: true + type: string + attributes: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + description: + nullable: true + type: string + domains: + items: + properties: + name: + nullable: true + type: string + verified: + nullable: true + type: boolean + type: object + nullable: true + type: array + enabled: + nullable: true + type: boolean + id: + nullable: true + type: string + identityProviders: + items: + properties: + addReadTokenRoleOnCreate: + nullable: true + type: boolean + alias: + nullable: true + type: string + authenticateByDefault: + nullable: true + type: boolean + config: + additionalProperties: + type: string + nullable: true + type: object + displayName: + nullable: true + type: string + enabled: + nullable: true + type: boolean + firstBrokerLoginFlowAlias: + nullable: true + type: string + hideOnLogin: + nullable: true + type: boolean + internalId: + nullable: true + type: string + linkOnly: + nullable: true + type: boolean + organizationId: + nullable: true + type: string + postBrokerLoginFlowAlias: + nullable: true + type: string + providerId: + nullable: true + type: string + storeToken: + nullable: true + type: boolean + trustEmail: + nullable: true + type: boolean + updateProfileFirstLogin: + nullable: true + type: boolean + updateProfileFirstLoginMode: + nullable: true + type: string + type: object + nullable: true + type: array + members: + items: + properties: + access: + additionalProperties: + type: boolean + nullable: true + type: object + applicationRoles: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + attributes: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + clientConsents: + items: + properties: + clientId: + nullable: true + type: string + createdDate: + format: int64 + nullable: true + type: integer + grantedClientScopes: + items: + type: string + nullable: true + type: array + grantedRealmRoles: + items: + type: string + nullable: true + type: array + lastUpdatedDate: + format: int64 + nullable: true + type: integer + type: object + nullable: true + type: array + clientRoles: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + createdTimestamp: + format: int64 + nullable: true + type: integer + credentials: + items: + properties: + algorithm: + nullable: true + type: string + config: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + counter: + format: int32 + nullable: true + type: integer + createdDate: + format: int64 + nullable: true + type: integer + credentialData: + nullable: true + type: string + device: + nullable: true + type: string + digits: + format: int32 + nullable: true + type: integer + hashIterations: + format: int32 + nullable: true + type: integer + hashedSaltedValue: + nullable: true + type: string + id: + nullable: true + type: string + period: + format: int32 + nullable: true + type: integer + priority: + format: int32 + nullable: true + type: integer + salt: + nullable: true + type: string + secretData: + nullable: true + type: string + temporary: + nullable: true + type: boolean + type: + nullable: true + type: string + userLabel: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + disableableCredentialTypes: + items: + type: string + nullable: true + type: array + email: + nullable: true + type: string + emailVerified: + nullable: true + type: boolean + enabled: + nullable: true + type: boolean + federatedIdentities: + items: + properties: + identityProvider: + nullable: true + type: string + userId: + nullable: true + type: string + userName: + nullable: true + type: string + type: object + nullable: true + type: array + federationLink: + nullable: true + type: string + firstName: + nullable: true + type: string + groups: + items: + type: string + nullable: true + type: array + id: + nullable: true + type: string + lastName: + nullable: true + type: string + membershipType: + enum: + - UNMANAGED + - MANAGED + nullable: true + type: string + notBefore: + format: int32 + nullable: true + type: integer + origin: + nullable: true + type: string + realmRoles: + items: + type: string + nullable: true + type: array + requiredActions: + items: + type: string + nullable: true + type: array + self: + nullable: true + type: string + serviceAccountClientId: + nullable: true + type: string + socialLinks: + items: + properties: + socialProvider: + nullable: true + type: string + socialUserId: + nullable: true + type: string + socialUsername: + nullable: true + type: string + type: object + nullable: true + type: array + totp: + nullable: true + type: boolean + userProfileMetadata: + nullable: true + properties: + attributes: + items: + properties: + annotations: + additionalProperties: true + nullable: true + type: object + displayName: + nullable: true + type: string + group: + nullable: true + type: string + multivalued: + nullable: true + type: boolean + name: + nullable: true + type: string + readOnly: + nullable: true + type: boolean + required: + nullable: true + type: boolean + validators: + additionalProperties: + additionalProperties: true + type: object + nullable: true + type: object + type: object + nullable: true + type: array + groups: + items: + properties: + annotations: + additionalProperties: true + nullable: true + type: object + displayDescription: + nullable: true + type: string + displayHeader: + nullable: true + type: string + name: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + username: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + redirectUrl: + nullable: true + type: string + type: object + nullable: true + type: array + organizationsEnabled: + nullable: true + type: boolean + otpPolicyAlgorithm: + nullable: true + type: string + otpPolicyCodeReusable: + nullable: true + type: boolean + otpPolicyDigits: + format: int32 + nullable: true + type: integer + otpPolicyInitialCounter: + format: int32 + nullable: true + type: integer + otpPolicyLookAheadWindow: + format: int32 + nullable: true + type: integer + otpPolicyPeriod: + format: int32 + nullable: true + type: integer + otpPolicyType: + nullable: true + type: string + otpSupportedApplications: + items: + type: string + nullable: true + type: array + passwordCredentialGrantAllowed: + nullable: true + type: boolean + passwordPolicy: + nullable: true + type: string + permanentLockout: + nullable: true + type: boolean + privateKey: + nullable: true + type: string + protocolMappers: + items: + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + consentRequired: + nullable: true + type: boolean + consentText: + nullable: true + type: string + id: + nullable: true + type: string + name: + nullable: true + type: string + protocol: + nullable: true + type: string + protocolMapper: + nullable: true + type: string + type: object + nullable: true + type: array + publicKey: + nullable: true + type: string + quickLoginCheckMilliSeconds: + format: int64 + nullable: true + type: integer + realm: + nullable: true + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + realmCacheEnabled: + nullable: true + type: boolean + refreshTokenMaxReuse: + format: int32 + nullable: true + type: integer + registrationAllowed: + nullable: true + type: boolean + registrationEmailAsUsername: + nullable: true + type: boolean + registrationFlow: + nullable: true + type: string + rememberMe: + nullable: true + type: boolean + requiredActions: + items: + properties: + alias: + nullable: true + type: string + config: + additionalProperties: + type: string + nullable: true + type: object + defaultAction: + nullable: true + type: boolean + enabled: + nullable: true + type: boolean + name: + nullable: true + type: string + priority: + format: int32 + nullable: true + type: integer + providerId: + nullable: true + type: string + type: object + nullable: true + type: array + requiredCredentials: + items: + type: string + nullable: true + type: array + resetCredentialsFlow: + nullable: true + type: string + resetPasswordAllowed: + nullable: true + type: boolean + revokeRefreshToken: + nullable: true + type: boolean + roles: + nullable: true + properties: + application: + additionalProperties: + items: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + clientRole: + nullable: true + type: boolean + composite: + nullable: true + type: boolean + composites: + nullable: true + properties: + application: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + client: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + realm: + items: + type: string + nullable: true + type: array + type: object + containerId: + nullable: true + type: string + description: + nullable: true + type: string + id: + nullable: true + type: string + name: + nullable: true + type: string + scopeParamRequired: + nullable: true + type: boolean + type: object + type: array + nullable: true + type: object + client: + additionalProperties: + items: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + clientRole: + nullable: true + type: boolean + composite: + nullable: true + type: boolean + composites: + nullable: true + properties: + application: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + client: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + realm: + items: + type: string + nullable: true + type: array + type: object + containerId: + nullable: true + type: string + description: + nullable: true + type: string + id: + nullable: true + type: string + name: + nullable: true + type: string + scopeParamRequired: + nullable: true + type: boolean + type: object + type: array + nullable: true + type: object + realm: + items: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + clientRole: + nullable: true + type: boolean + composite: + nullable: true + type: boolean + composites: + nullable: true + properties: + application: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + client: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + realm: + items: + type: string + nullable: true + type: array + type: object + containerId: + nullable: true + type: string + description: + nullable: true + type: string + id: + nullable: true + type: string + name: + nullable: true + type: string + scopeParamRequired: + nullable: true + type: boolean + type: object + nullable: true + type: array + type: object + scopeMappings: + items: + properties: + client: + nullable: true + type: string + clientScope: + nullable: true + type: string + clientTemplate: + nullable: true + type: string + roles: + items: + type: string + nullable: true + type: array + self: + nullable: true + type: string + type: object + nullable: true + type: array + smtpServer: + additionalProperties: + type: string + nullable: true + type: object + social: + nullable: true + type: boolean + socialProviders: + additionalProperties: + type: string + nullable: true + type: object + sslRequired: + nullable: true + type: string + ssoSessionIdleTimeout: + format: int32 + nullable: true + type: integer + ssoSessionIdleTimeoutRememberMe: + format: int32 + nullable: true + type: integer + ssoSessionMaxLifespan: + format: int32 + nullable: true + type: integer + ssoSessionMaxLifespanRememberMe: + format: int32 + nullable: true + type: integer + supportedLocales: + items: + type: string + nullable: true + type: array + updateProfileOnInitialSocialLogin: + nullable: true + type: boolean + userCacheEnabled: + nullable: true + type: boolean + userFederationMappers: + items: + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + federationMapperType: + nullable: true + type: string + federationProviderDisplayName: + nullable: true + type: string + id: + nullable: true + type: string + name: + nullable: true + type: string + type: object + nullable: true + type: array + userFederationProviders: + items: + properties: + changedSyncPeriod: + format: int32 + nullable: true + type: integer + config: + additionalProperties: + type: string + nullable: true + type: object + displayName: + nullable: true + type: string + fullSyncPeriod: + format: int32 + nullable: true + type: integer + id: + nullable: true + type: string + lastSync: + format: int32 + nullable: true + type: integer + priority: + format: int32 + nullable: true + type: integer + providerName: + nullable: true + type: string + type: object + nullable: true + type: array + userManagedAccessAllowed: + nullable: true + type: boolean + users: + items: + properties: + access: + additionalProperties: + type: boolean + nullable: true + type: object + applicationRoles: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + attributes: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + clientConsents: + items: + properties: + clientId: + nullable: true + type: string + createdDate: + format: int64 + nullable: true + type: integer + grantedClientScopes: + items: + type: string + nullable: true + type: array + grantedRealmRoles: + items: + type: string + nullable: true + type: array + lastUpdatedDate: + format: int64 + nullable: true + type: integer + type: object + nullable: true + type: array + clientRoles: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + createdTimestamp: + format: int64 + nullable: true + type: integer + credentials: + items: + properties: + algorithm: + nullable: true + type: string + config: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + counter: + format: int32 + nullable: true + type: integer + createdDate: + format: int64 + nullable: true + type: integer + credentialData: + nullable: true + type: string + device: + nullable: true + type: string + digits: + format: int32 + nullable: true + type: integer + hashIterations: + format: int32 + nullable: true + type: integer + hashedSaltedValue: + nullable: true + type: string + id: + nullable: true + type: string + period: + format: int32 + nullable: true + type: integer + priority: + format: int32 + nullable: true + type: integer + salt: + nullable: true + type: string + secretData: + nullable: true + type: string + temporary: + nullable: true + type: boolean + type: + nullable: true + type: string + userLabel: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + disableableCredentialTypes: + items: + type: string + nullable: true + type: array + email: + nullable: true + type: string + emailVerified: + nullable: true + type: boolean + enabled: + nullable: true + type: boolean + federatedIdentities: + items: + properties: + identityProvider: + nullable: true + type: string + userId: + nullable: true + type: string + userName: + nullable: true + type: string + type: object + nullable: true + type: array + federationLink: + nullable: true + type: string + firstName: + nullable: true + type: string + groups: + items: + type: string + nullable: true + type: array + id: + nullable: true + type: string + lastName: + nullable: true + type: string + notBefore: + format: int32 + nullable: true + type: integer + origin: + nullable: true + type: string + realmRoles: + items: + type: string + nullable: true + type: array + requiredActions: + items: + type: string + nullable: true + type: array + self: + nullable: true + type: string + serviceAccountClientId: + nullable: true + type: string + socialLinks: + items: + properties: + socialProvider: + nullable: true + type: string + socialUserId: + nullable: true + type: string + socialUsername: + nullable: true + type: string + type: object + nullable: true + type: array + totp: + nullable: true + type: boolean + userProfileMetadata: + nullable: true + properties: + attributes: + items: + properties: + annotations: + additionalProperties: true + nullable: true + type: object + displayName: + nullable: true + type: string + group: + nullable: true + type: string + multivalued: + nullable: true + type: boolean + name: + nullable: true + type: string + readOnly: + nullable: true + type: boolean + required: + nullable: true + type: boolean + validators: + additionalProperties: + additionalProperties: true + type: object + nullable: true + type: object + type: object + nullable: true + type: array + groups: + items: + properties: + annotations: + additionalProperties: true + nullable: true + type: object + displayDescription: + nullable: true + type: string + displayHeader: + nullable: true + type: string + name: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + username: + nullable: true + type: string + type: object + nullable: true + type: array + verifyEmail: + nullable: true + type: boolean + waitIncrementSeconds: + format: int32 + nullable: true + type: integer + webAuthnPolicyAcceptableAaguids: + items: + type: string + nullable: true + type: array + webAuthnPolicyAttestationConveyancePreference: + nullable: true + type: string + webAuthnPolicyAuthenticatorAttachment: + nullable: true + type: string + webAuthnPolicyAvoidSameAuthenticatorRegister: + nullable: true + type: boolean + webAuthnPolicyCreateTimeout: + format: int32 + nullable: true + type: integer + webAuthnPolicyExtraOrigins: + items: + type: string + nullable: true + type: array + webAuthnPolicyPasswordlessAcceptableAaguids: + items: + type: string + nullable: true + type: array + webAuthnPolicyPasswordlessAttestationConveyancePreference: + nullable: true + type: string + webAuthnPolicyPasswordlessAuthenticatorAttachment: + nullable: true + type: string + webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: + nullable: true + type: boolean + webAuthnPolicyPasswordlessCreateTimeout: + format: int32 + nullable: true + type: integer + webAuthnPolicyPasswordlessExtraOrigins: + items: + type: string + nullable: true + type: array + webAuthnPolicyPasswordlessRequireResidentKey: + nullable: true + type: string + webAuthnPolicyPasswordlessRpEntityName: + nullable: true + type: string + webAuthnPolicyPasswordlessRpId: + nullable: true + type: string + webAuthnPolicyPasswordlessSignatureAlgorithms: + items: + type: string + nullable: true + type: array + webAuthnPolicyPasswordlessUserVerificationRequirement: + nullable: true + type: string + webAuthnPolicyRequireResidentKey: + nullable: true + type: string + webAuthnPolicyRpEntityName: + nullable: true + type: string + webAuthnPolicyRpId: + nullable: true + type: string + webAuthnPolicySignatureAlgorithms: + items: + type: string + nullable: true + type: array + webAuthnPolicyUserVerificationRequirement: + nullable: true + type: string + type: object + x-kubernetes-validations: + - message: Value is immutable + rule: has(self.realm) == has(oldSelf.realm) + instanceRef: + description: The name of the instance to which this realm belongs + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + options: + description: Options for the request to the Keycloak Admin API. + nullable: true + type: object + required: + - definition + - instanceRef + type: object + status: + nullable: true + properties: + code: + format: uint32 + minimum: 0.0 + type: integer + message: + type: string + ready: + type: boolean + resourcePath: + nullable: true + type: string + status: + type: string + required: + - code + - ready + type: object + required: + - spec + title: KeycloakRealm + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rustcloak-operator/crds/keycloakrequiredactionproviders.rustcloak.k8s.eboland.de.yaml b/charts/rustcloak-operator/crds/keycloakrequiredactionproviders.rustcloak.k8s.eboland.de.yaml new file mode 100644 index 0000000..710607b --- /dev/null +++ b/charts/rustcloak-operator/crds/keycloakrequiredactionproviders.rustcloak.k8s.eboland.de.yaml @@ -0,0 +1,108 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: keycloakrequiredactionproviders.rustcloak.k8s.eboland.de +spec: + group: rustcloak.k8s.eboland.de + names: + categories: [] + kind: KeycloakRequiredActionProvider + plural: keycloakrequiredactionproviders + shortNames: + - kcrap + singular: keycloakrequiredactionprovider + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: '' + jsonPath: .status.ready + name: Ready + type: boolean + - description: '' + jsonPath: .status.status + name: Status + type: string + - description: '' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Auto-generated derived type for KeycloakRequiredActionProviderSpec via `CustomResource` + properties: + spec: + description: the KeycloakRequiredActionProvider resource + properties: + definition: + properties: + alias: + nullable: true + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + config: + additionalProperties: + type: string + nullable: true + type: object + defaultAction: + nullable: true + type: boolean + enabled: + nullable: true + type: boolean + name: + nullable: true + type: string + priority: + format: int32 + nullable: true + type: integer + providerId: + nullable: true + type: string + type: object + x-kubernetes-validations: + - message: Value is immutable + rule: has(self.alias) == has(oldSelf.alias) + options: + description: Options for the request to the Keycloak Admin API. + nullable: true + type: object + realmRef: + description: the name of the kubernetes object that created the realm. + type: string + required: + - definition + - realmRef + type: object + status: + nullable: true + properties: + code: + format: uint32 + minimum: 0.0 + type: integer + message: + type: string + ready: + type: boolean + resourcePath: + nullable: true + type: string + status: + type: string + required: + - code + - ready + type: object + required: + - spec + title: KeycloakRequiredActionProvider + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rustcloak-operator/crds/keycloakresources.rustcloak.k8s.eboland.de.yaml b/charts/rustcloak-operator/crds/keycloakresources.rustcloak.k8s.eboland.de.yaml new file mode 100644 index 0000000..9a77e1a --- /dev/null +++ b/charts/rustcloak-operator/crds/keycloakresources.rustcloak.k8s.eboland.de.yaml @@ -0,0 +1,274 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: keycloakresources.rustcloak.k8s.eboland.de +spec: + group: rustcloak.k8s.eboland.de + names: + categories: [] + kind: KeycloakResource + plural: keycloakresources + shortNames: + - kcrs + singular: keycloakresource + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: '' + jsonPath: .status.ready + name: Ready + type: boolean + - description: '' + jsonPath: .status.status + name: Status + type: string + - description: '' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Auto-generated derived type for KeycloakResourceSpec via `CustomResource` + properties: + spec: + description: the KeycloakResource resource + properties: + clientRef: + description: the name of the kubernetes object that created the client. + type: string + definition: + properties: + _id: + nullable: true + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + attributes: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + displayName: + nullable: true + type: string + icon_uri: + nullable: true + type: string + name: + nullable: true + type: string + owner: + nullable: true + properties: + id: + nullable: true + type: string + name: + nullable: true + type: string + type: object + ownerManagedAccess: + nullable: true + type: boolean + scopes: + items: + properties: + displayName: + nullable: true + type: string + iconUri: + nullable: true + type: string + id: + nullable: true + type: string + name: + nullable: true + type: string + policies: + items: + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + decisionStrategy: + enum: + - AFFIRMATIVE + - UNANIMOUS + - CONSENSUS + nullable: true + type: string + description: + nullable: true + type: string + id: + nullable: true + type: string + logic: + enum: + - POSITIVE + - NEGATIVE + nullable: true + type: string + name: + nullable: true + type: string + owner: + nullable: true + type: string + policies: + items: + type: string + nullable: true + type: array + resources: + items: + type: string + nullable: true + type: array + scopes: + items: + type: string + nullable: true + type: array + type: + nullable: true + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + nullable: true + type: array + type: object + nullable: true + type: array + scopesUma: + items: + properties: + displayName: + nullable: true + type: string + iconUri: + nullable: true + type: string + id: + nullable: true + type: string + name: + nullable: true + type: string + policies: + items: + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + decisionStrategy: + enum: + - AFFIRMATIVE + - UNANIMOUS + - CONSENSUS + nullable: true + type: string + description: + nullable: true + type: string + id: + nullable: true + type: string + logic: + enum: + - POSITIVE + - NEGATIVE + nullable: true + type: string + name: + nullable: true + type: string + owner: + nullable: true + type: string + policies: + items: + type: string + nullable: true + type: array + resources: + items: + type: string + nullable: true + type: array + scopes: + items: + type: string + nullable: true + type: array + type: + nullable: true + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + nullable: true + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + nullable: true + type: array + type: + nullable: true + type: string + uri: + nullable: true + type: string + uris: + items: + type: string + nullable: true + type: array + type: object + x-kubernetes-validations: + - message: Value is immutable + rule: has(self._id) == has(oldSelf._id) + options: + description: Options for the request to the Keycloak Admin API. + nullable: true + type: object + required: + - clientRef + - definition + type: object + status: + nullable: true + properties: + code: + format: uint32 + minimum: 0.0 + type: integer + message: + type: string + ready: + type: boolean + resourcePath: + nullable: true + type: string + status: + type: string + required: + - code + - ready + type: object + required: + - spec + title: KeycloakResource + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rustcloak-operator/crds/keycloakroles.rustcloak.k8s.eboland.de.yaml b/charts/rustcloak-operator/crds/keycloakroles.rustcloak.k8s.eboland.de.yaml new file mode 100644 index 0000000..3dfb2a4 --- /dev/null +++ b/charts/rustcloak-operator/crds/keycloakroles.rustcloak.k8s.eboland.de.yaml @@ -0,0 +1,140 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: keycloakroles.rustcloak.k8s.eboland.de +spec: + group: rustcloak.k8s.eboland.de + names: + categories: [] + kind: KeycloakRole + plural: keycloakroles + shortNames: + - kcr + singular: keycloakrole + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: '' + jsonPath: .status.ready + name: Ready + type: boolean + - description: '' + jsonPath: .status.status + name: Status + type: string + - description: '' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Auto-generated derived type for KeycloakRoleSpec via `CustomResource` + properties: + spec: + anyOf: + - required: + - realmRef + - required: + - clientRef + description: the KeycloakRole resource + properties: + clientRef: + type: string + definition: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + clientRole: + nullable: true + type: boolean + composite: + nullable: true + type: boolean + composites: + nullable: true + properties: + application: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + client: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + realm: + items: + type: string + nullable: true + type: array + type: object + containerId: + nullable: true + type: string + description: + nullable: true + type: string + id: + nullable: true + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + name: + nullable: true + type: string + scopeParamRequired: + nullable: true + type: boolean + type: object + x-kubernetes-validations: + - message: Value is immutable + rule: has(self.id) == has(oldSelf.id) + options: + description: Options for the request to the Keycloak Admin API. + nullable: true + type: object + realmRef: + type: string + required: + - definition + type: object + status: + nullable: true + properties: + code: + format: uint32 + minimum: 0.0 + type: integer + message: + type: string + ready: + type: boolean + resourcePath: + nullable: true + type: string + status: + type: string + required: + - code + - ready + type: object + required: + - spec + title: KeycloakRole + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rustcloak-operator/crds/keycloakscopes.rustcloak.k8s.eboland.de.yaml b/charts/rustcloak-operator/crds/keycloakscopes.rustcloak.k8s.eboland.de.yaml new file mode 100644 index 0000000..ffbe88a --- /dev/null +++ b/charts/rustcloak-operator/crds/keycloakscopes.rustcloak.k8s.eboland.de.yaml @@ -0,0 +1,251 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: keycloakscopes.rustcloak.k8s.eboland.de +spec: + group: rustcloak.k8s.eboland.de + names: + categories: [] + kind: KeycloakScope + plural: keycloakscopes + shortNames: + - kcs + singular: keycloakscope + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: '' + jsonPath: .status.ready + name: Ready + type: boolean + - description: '' + jsonPath: .status.status + name: Status + type: string + - description: '' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Auto-generated derived type for KeycloakScopeSpec via `CustomResource` + properties: + spec: + description: the KeycloakScope resource + properties: + clientRef: + description: the name of the kubernetes object that created the client. + type: string + definition: + properties: + displayName: + nullable: true + type: string + iconUri: + nullable: true + type: string + id: + nullable: true + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + name: + nullable: true + type: string + policies: + items: + properties: + config: + additionalProperties: + type: string + nullable: true + type: object + decisionStrategy: + enum: + - AFFIRMATIVE + - UNANIMOUS + - CONSENSUS + nullable: true + type: string + description: + nullable: true + type: string + id: + nullable: true + type: string + logic: + enum: + - POSITIVE + - NEGATIVE + nullable: true + type: string + name: + nullable: true + type: string + owner: + nullable: true + type: string + policies: + items: + type: string + nullable: true + type: array + resources: + items: + type: string + nullable: true + type: array + resourcesData: + items: + properties: + _id: + nullable: true + type: string + attributes: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + displayName: + nullable: true + type: string + icon_uri: + nullable: true + type: string + name: + nullable: true + type: string + owner: + nullable: true + properties: + id: + nullable: true + type: string + name: + nullable: true + type: string + type: object + ownerManagedAccess: + nullable: true + type: boolean + type: + nullable: true + type: string + uri: + nullable: true + type: string + uris: + items: + type: string + nullable: true + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + nullable: true + type: array + scopes: + items: + type: string + nullable: true + type: array + type: + nullable: true + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + nullable: true + type: array + resources: + items: + properties: + _id: + nullable: true + type: string + attributes: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + displayName: + nullable: true + type: string + icon_uri: + nullable: true + type: string + name: + nullable: true + type: string + owner: + nullable: true + properties: + id: + nullable: true + type: string + name: + nullable: true + type: string + type: object + ownerManagedAccess: + nullable: true + type: boolean + type: + nullable: true + type: string + uri: + nullable: true + type: string + uris: + items: + type: string + nullable: true + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + nullable: true + type: array + type: object + x-kubernetes-validations: + - message: Value is immutable + rule: has(self.id) == has(oldSelf.id) + options: + description: Options for the request to the Keycloak Admin API. + nullable: true + type: object + required: + - clientRef + - definition + type: object + status: + nullable: true + properties: + code: + format: uint32 + minimum: 0.0 + type: integer + message: + type: string + ready: + type: boolean + resourcePath: + nullable: true + type: string + status: + type: string + required: + - code + - ready + type: object + required: + - spec + title: KeycloakScope + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rustcloak-operator/crds/keycloakusers.rustcloak.k8s.eboland.de.yaml b/charts/rustcloak-operator/crds/keycloakusers.rustcloak.k8s.eboland.de.yaml new file mode 100644 index 0000000..acda9df --- /dev/null +++ b/charts/rustcloak-operator/crds/keycloakusers.rustcloak.k8s.eboland.de.yaml @@ -0,0 +1,371 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: keycloakusers.rustcloak.k8s.eboland.de +spec: + group: rustcloak.k8s.eboland.de + names: + categories: [] + kind: KeycloakUser + plural: keycloakusers + shortNames: + - kcu + singular: keycloakuser + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: '' + jsonPath: .status.ready + name: Ready + type: boolean + - description: '' + jsonPath: .status.status + name: Status + type: string + - description: '' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Auto-generated derived type for KeycloakUserSpec via `CustomResource` + properties: + spec: + description: the KeycloakUser resource + properties: + definition: + properties: + access: + additionalProperties: + type: boolean + nullable: true + type: object + applicationRoles: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + attributes: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + clientConsents: + items: + properties: + clientId: + nullable: true + type: string + createdDate: + format: int64 + nullable: true + type: integer + grantedClientScopes: + items: + type: string + nullable: true + type: array + grantedRealmRoles: + items: + type: string + nullable: true + type: array + lastUpdatedDate: + format: int64 + nullable: true + type: integer + type: object + nullable: true + type: array + clientRoles: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + createdTimestamp: + format: int64 + nullable: true + type: integer + credentials: + items: + properties: + algorithm: + nullable: true + type: string + config: + additionalProperties: + items: + type: string + type: array + nullable: true + type: object + counter: + format: int32 + nullable: true + type: integer + createdDate: + format: int64 + nullable: true + type: integer + credentialData: + nullable: true + type: string + device: + nullable: true + type: string + digits: + format: int32 + nullable: true + type: integer + hashIterations: + format: int32 + nullable: true + type: integer + hashedSaltedValue: + nullable: true + type: string + id: + nullable: true + type: string + period: + format: int32 + nullable: true + type: integer + priority: + format: int32 + nullable: true + type: integer + salt: + nullable: true + type: string + secretData: + nullable: true + type: string + temporary: + nullable: true + type: boolean + type: + nullable: true + type: string + userLabel: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + disableableCredentialTypes: + items: + type: string + nullable: true + type: array + email: + nullable: true + type: string + emailVerified: + nullable: true + type: boolean + enabled: + nullable: true + type: boolean + federatedIdentities: + items: + properties: + identityProvider: + nullable: true + type: string + userId: + nullable: true + type: string + userName: + nullable: true + type: string + type: object + nullable: true + type: array + federationLink: + nullable: true + type: string + firstName: + nullable: true + type: string + groups: + items: + type: string + nullable: true + type: array + id: + nullable: true + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + lastName: + nullable: true + type: string + notBefore: + format: int32 + nullable: true + type: integer + origin: + nullable: true + type: string + realmRoles: + items: + type: string + nullable: true + type: array + requiredActions: + items: + type: string + nullable: true + type: array + self: + nullable: true + type: string + serviceAccountClientId: + nullable: true + type: string + socialLinks: + items: + properties: + socialProvider: + nullable: true + type: string + socialUserId: + nullable: true + type: string + socialUsername: + nullable: true + type: string + type: object + nullable: true + type: array + totp: + nullable: true + type: boolean + userProfileMetadata: + nullable: true + properties: + attributes: + items: + properties: + annotations: + additionalProperties: true + nullable: true + type: object + displayName: + nullable: true + type: string + group: + nullable: true + type: string + multivalued: + nullable: true + type: boolean + name: + nullable: true + type: string + readOnly: + nullable: true + type: boolean + required: + nullable: true + type: boolean + validators: + additionalProperties: + additionalProperties: true + type: object + nullable: true + type: object + type: object + nullable: true + type: array + groups: + items: + properties: + annotations: + additionalProperties: true + nullable: true + type: object + displayDescription: + nullable: true + type: string + displayHeader: + nullable: true + type: string + name: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + username: + nullable: true + type: string + type: object + x-kubernetes-validations: + - message: Value is immutable + rule: has(self.id) == has(oldSelf.id) + options: + description: Options for the request to the Keycloak Admin API. + nullable: true + type: object + realmRef: + description: the name of the kubernetes object that created the realm. + type: string + userSecret: + nullable: true + properties: + passwordKey: + nullable: true + type: string + secretName: + nullable: true + type: string + usernameKey: + nullable: true + type: string + type: object + required: + - definition + - realmRef + type: object + status: + nullable: true + properties: + code: + format: uint32 + minimum: 0.0 + type: integer + message: + type: string + ready: + type: boolean + resourcePath: + nullable: true + type: string + status: + type: string + required: + - code + - ready + type: object + required: + - spec + title: KeycloakUser + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rustcloak-operator/templates/NOTES.txt b/charts/rustcloak-operator/templates/NOTES.txt new file mode 100644 index 0000000..1a1ac89 --- /dev/null +++ b/charts/rustcloak-operator/templates/NOTES.txt @@ -0,0 +1 @@ +Congratulations! You have successfully installed rustcloak! diff --git a/charts/rustcloak-operator/templates/_helpers.tpl b/charts/rustcloak-operator/templates/_helpers.tpl new file mode 100644 index 0000000..9f821db --- /dev/null +++ b/charts/rustcloak-operator/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "rustcloak-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "rustcloak-operator.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "rustcloak-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "rustcloak-operator.labels" -}} +helm.sh/chart: {{ include "rustcloak-operator.chart" . }} +{{ include "rustcloak-operator.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "rustcloak-operator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "rustcloak-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "rustcloak-operator.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "rustcloak-operator.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/rustcloak-operator/templates/clusterrole.yaml b/charts/rustcloak-operator/templates/clusterrole.yaml new file mode 100644 index 0000000..9ef0cb2 --- /dev/null +++ b/charts/rustcloak-operator/templates/clusterrole.yaml @@ -0,0 +1,84 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "rustcloak-operator.serviceAccountName" . }} + labels: + {{- include "rustcloak-operator.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +- apiGroups: + - rustcloak.k8s.eboland.de + resources: + - keycloakapiobjects/status + - keycloakauthenticationflows/status + - keycloakauthenticatorconfigs/status + - keycloakclients/status + - keycloakclientscopes/status + - keycloakcomponents/status + - keycloakgroups/status + - keycloakidentityprovidermappers/status + - keycloakidentityproviders/status + - keycloakinstances/status + - keycloakorganizations/status + - keycloakprotocolmappers/status + - keycloakrealms/status + - keycloakrequiredactionproviders/status + - keycloakresources/status + - keycloakroles/status + - keycloakscopes/status + - keycloakusers/status + verbs: + - patch + - get +- apiGroups: + - rustcloak.k8s.eboland.de + resources: + - keycloakapiobjects + - keycloakauthenticationflows + - keycloakauthenticatorconfigs + - keycloakclients + - keycloakclientscopes + - keycloakcomponents + - keycloakgroups + - keycloakidentityprovidermappers + - keycloakidentityproviders + - keycloakinstances + - keycloakorganizations + - keycloakprotocolmappers + - keycloakrealms + - keycloakrequiredactionproviders + - keycloakresources + - keycloakroles + - keycloakscopes + - keycloakusers + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - update + - patch + - delete +{{- end }} diff --git a/charts/rustcloak-operator/templates/clusterrolebinding.yaml b/charts/rustcloak-operator/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..6a1fa1e --- /dev/null +++ b/charts/rustcloak-operator/templates/clusterrolebinding.yaml @@ -0,0 +1,20 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "rustcloak-operator.serviceAccountName" . }} + labels: + {{- include "rustcloak-operator.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "rustcloak-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "rustcloak-operator.serviceAccountName" . }} + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/charts/rustcloak-operator/templates/deployment.yaml b/charts/rustcloak-operator/templates/deployment.yaml new file mode 100644 index 0000000..1a53283 --- /dev/null +++ b/charts/rustcloak-operator/templates/deployment.yaml @@ -0,0 +1,72 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "rustcloak-operator.fullname" . }} + labels: + {{- include "rustcloak-operator.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "rustcloak-operator.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "rustcloak-operator.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "rustcloak-operator.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - --metrics-addr + - 0.0.0.0:8080 + env: + - name: RUST_LOG + value: {{ .Values.application.logLevel }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/rustcloak-operator/templates/serviceaccount.yaml b/charts/rustcloak-operator/templates/serviceaccount.yaml new file mode 100644 index 0000000..6130581 --- /dev/null +++ b/charts/rustcloak-operator/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "rustcloak-operator.serviceAccountName" . }} + labels: + {{- include "rustcloak-operator.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/charts/rustcloak-operator/values-minikube.yaml b/charts/rustcloak-operator/values-minikube.yaml new file mode 100644 index 0000000..5922639 --- /dev/null +++ b/charts/rustcloak-operator/values-minikube.yaml @@ -0,0 +1,7 @@ +image: + repository: localhost/rustcloak + tag: latest + pullPolicy: IfNotPresent + +#application: +# logLevel: debug diff --git a/charts/rustcloak-operator/values.yaml b/charts/rustcloak-operator/values.yaml new file mode 100644 index 0000000..f334201 --- /dev/null +++ b/charts/rustcloak-operator/values.yaml @@ -0,0 +1,58 @@ +replicaCount: 1 + +application: + logLevel: "info" + +image: + repository: withlazers/rustcloak-operator + pullPolicy: IfNotPresent + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + create: true + automount: true + annotations: {} + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + +securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + +resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 50m + memory: 128Mi + +livenessProbe: + httpGet: + path: /healthz + port: http +readinessProbe: + httpGet: + path: /healthz + port: http + +service: + port: 8080 + +nodeSelector: {} + +tolerations: [] + +affinity: {}