From 4e32717abc799ba7fc0695c307904e7fc1e9da4b Mon Sep 17 00:00:00 2001 From: Sergiy Kulanov Date: Thu, 16 May 2024 19:41:44 +0300 Subject: [PATCH] chore: Generate OperatorHub bundle for v1.21.0 (#59) Signed-off-by: Sergiy Kulanov --- Makefile | 2 +- README.md | 2 +- bundle.Dockerfile | 2 +- ...client-secret-policy-sample_v1_secret.yaml | 6 + ...ycloak-operator.clusterserviceversion.yaml | 203 +++++++++- ...v1.edp.epam.com_clusterkeycloakrealms.yaml | 95 ++++- .../v1.edp.epam.com_clusterkeycloaks.yaml | 73 +++- .../v1.edp.epam.com_keycloakauthflows.yaml | 41 +- .../v1.edp.epam.com_keycloakclients.yaml | 356 ++++++++++++++++-- .../v1.edp.epam.com_keycloakclientscopes.yaml | 41 +- ....edp.epam.com_keycloakrealmcomponents.yaml | 60 +-- .../v1.edp.epam.com_keycloakrealmgroups.yaml | 41 +- ...am.com_keycloakrealmidentityproviders.yaml | 49 ++- ...edp.epam.com_keycloakrealmrolebatches.yaml | 41 +- .../v1.edp.epam.com_keycloakrealmroles.yaml | 62 ++- .../v1.edp.epam.com_keycloakrealms.yaml | 175 +++++---- .../v1.edp.epam.com_keycloakrealmusers.yaml | 57 +-- .../manifests/v1.edp.epam.com_keycloaks.yaml | 83 +++- bundle/metadata/annotations.yaml | 6 +- config/manager/kustomization.yaml | 2 +- ...ycloak-operator.clusterserviceversion.yaml | 5 +- 21 files changed, 1102 insertions(+), 300 deletions(-) create mode 100644 bundle/manifests/client-secret-policy-sample_v1_secret.yaml diff --git a/Makefile b/Makefile index a9d84459..9e5f820f 100644 --- a/Makefile +++ b/Makefile @@ -44,7 +44,7 @@ endif override GCFLAGS +=all=-trimpath=${CURRENT_DIR} # Image URL to use all building/pushing image targets -IMG ?= docker.io/epamedp/keycloak-operator:$(VERSION) +IMG?=docker.io/epamedp/keycloak-operator:$(VERSION) # BUNDLE_GEN_FLAGS are the flags passed to the operator-sdk generate bundle command BUNDLE_GEN_FLAGS ?= -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) diff --git a/README.md b/README.md index f9ef062b..a2f2aa12 100644 --- a/README.md +++ b/README.md @@ -33,8 +33,8 @@ To install the Keycloak Operator, follow the steps below: ```bash helm search repo epamedp/keycloak-operator -l NAME CHART VERSION APP VERSION DESCRIPTION + epamedp/keycloak-operator 1.21.0 1.21.0 A Helm chart for EDP Keycloak Operator epamedp/keycloak-operator 1.20.0 1.20.0 A Helm chart for EDP Keycloak Operator - epamedp/keycloak-operator 1.19.0 1.19.0 A Helm chart for EDP Keycloak Operator ``` _**NOTE:** It is highly recommended to use the latest stable version._ diff --git a/bundle.Dockerfile b/bundle.Dockerfile index ede5b0b7..0d6ed7d4 100644 --- a/bundle.Dockerfile +++ b/bundle.Dockerfile @@ -7,7 +7,7 @@ LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ LABEL operators.operatorframework.io.bundle.package.v1=edp-keycloak-operator LABEL operators.operatorframework.io.bundle.channels.v1=stable LABEL operators.operatorframework.io.bundle.channel.default.v1=stable -LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.34.1 +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.34.2 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3 diff --git a/bundle/manifests/client-secret-policy-sample_v1_secret.yaml b/bundle/manifests/client-secret-policy-sample_v1_secret.yaml new file mode 100644 index 00000000..aca35048 --- /dev/null +++ b/bundle/manifests/client-secret-policy-sample_v1_secret.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +data: + client-secret-key: cGFzc3dvcmQ= +kind: Secret +metadata: + name: client-secret-policy-sample diff --git a/bundle/manifests/edp-keycloak-operator.clusterserviceversion.yaml b/bundle/manifests/edp-keycloak-operator.clusterserviceversion.yaml index 3b2daf12..a63d1454 100644 --- a/bundle/manifests/edp-keycloak-operator.clusterserviceversion.yaml +++ b/bundle/manifests/edp-keycloak-operator.clusterserviceversion.yaml @@ -51,6 +51,142 @@ metadata: "topLevel": true } }, + { + "apiVersion": "v1.edp.epam.com/v1", + "kind": "KeycloakClient", + "metadata": { + "name": "keycloakclient-policy-sample" + }, + "spec": { + "authorization": { + "permissions": [ + { + "decisionStrategy": "AFFIRMATIVE", + "description": "Resource permission", + "logic": "POSITIVE", + "name": "resource-permission", + "policies": [ + "role-policy" + ], + "resources": [ + "resource1" + ], + "type": "resource" + }, + { + "decisionStrategy": "CONSENSUS", + "description": "Scope permission", + "logic": "POSITIVE", + "name": "scope-permission", + "policies": [ + "role-policy" + ], + "scopes": [ + "scope1" + ], + "type": "scope" + } + ], + "policies": [ + { + "decisionStrategy": "AFFIRMATIVE", + "description": "Role policy", + "logic": "POSITIVE", + "name": "role-policy", + "rolePolicy": { + "roles": [ + { + "name": "developer", + "required": true + } + ] + }, + "type": "role" + }, + { + "aggregatedPolicy": { + "policies": [ + "policy1", + "policy2" + ] + }, + "description": "Aggregate policy", + "name": "aggregate-policy", + "type": "aggregate" + }, + { + "clientPolicy": { + "clients": [ + "client1", + "client2" + ] + }, + "description": "Client policy", + "name": "client-policy", + "type": "client" + }, + { + "description": "Group policy", + "groupPolicy": { + "groups": [ + { + "extendChildren": true, + "name": "group1" + } + ] + }, + "name": "group-policy", + "type": "group" + }, + { + "description": "Role policy", + "name": "role-policy", + "rolePolicy": { + "roles": [ + { + "name": "developer", + "required": true + } + ] + }, + "type": "role" + }, + { + "description": "Time policy", + "name": "time-policy", + "timePolicy": { + "notBefore": "2021-01-01T00:00:00Z", + "notOnOrAfter": "2021-12-31T23:59:59Z" + }, + "type": "time" + }, + { + "description": "User policy", + "name": "user-policy", + "type": "user", + "userPolicy": { + "users": [ + "user1", + "user2" + ] + } + } + ] + }, + "authorizationServicesEnabled": true, + "clientId": "policy-sample", + "directAccess": true, + "realmRef": { + "kind": "KeycloakRealm", + "name": "keycloakrealm-sample" + }, + "secret": "$client-secret-policy-sample:client-secret-key", + "serviceAccount": { + "enabled": true + }, + "webUrl": "http://example.com" + } + }, { "apiVersion": "v1.edp.epam.com/v1", "kind": "KeycloakClient", @@ -138,10 +274,7 @@ metadata: "jboss-logging" ] }, - "realmName": "d2-id-kc-realm-name", - "ssoAutoRedirectEnabled": false, - "ssoRealmEnabled": false, - "ssoRealmName": "openshift" + "realmName": "d2-id-kc-realm-name" } }, { @@ -371,13 +504,14 @@ metadata: ] capabilities: Deep Insights categories: Security - containerImage: docker.io/epamedp/keycloak-operator:1.20.0 - createdAt: "2024-03-13T09:59:01Z" + containerImage: docker.io/epamedp/keycloak-operator:1.21.0 + createdAt: "2024-05-16T16:38:08Z" description: An Operator for managing Keycloak - operators.operatorframework.io/builder: operator-sdk-v1.34.1 + operators.operatorframework.io/builder: operator-sdk-v1.34.2 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/epam/edp-keycloak-operator - name: edp-keycloak-operator.v1.20.0 + support: EPAM Delivery Platform + name: edp-keycloak-operator.v1.21.0 namespace: placeholder spec: apiservicedefinitions: {} @@ -400,59 +534,92 @@ spec: kind: KeycloakAuthFlow name: keycloakauthflows.v1.edp.epam.com version: v1 + - kind: KeycloakAuthFlow + name: keycloakauthflows.v1.edp.epam.com + version: v1alpha1 - description: KeycloakClient is the Schema for the keycloak clients API. displayName: Keycloak Client kind: KeycloakClient name: keycloakclients.v1.edp.epam.com version: v1 + - kind: KeycloakClient + name: keycloakclients.v1.edp.epam.com + version: v1alpha1 - description: KeycloakClientScope is the Schema for the keycloakclientscopes API. displayName: Keycloak Client Scope kind: KeycloakClientScope name: keycloakclientscopes.v1.edp.epam.com version: v1 + - kind: KeycloakClientScope + name: keycloakclientscopes.v1.edp.epam.com + version: v1alpha1 - description: KeycloakRealmComponent is the Schema for the keycloak component API. displayName: Keycloak Realm Component kind: KeycloakRealmComponent name: keycloakrealmcomponents.v1.edp.epam.com version: v1 + - kind: KeycloakRealmComponent + name: keycloakrealmcomponents.v1.edp.epam.com + version: v1alpha1 - description: KeycloakRealmGroup is the Schema for the keycloak group API. displayName: Keycloak Realm Group kind: KeycloakRealmGroup name: keycloakrealmgroups.v1.edp.epam.com version: v1 + - kind: KeycloakRealmGroup + name: keycloakrealmgroups.v1.edp.epam.com + version: v1alpha1 - description: KeycloakRealmIdentityProvider is the Schema for the keycloak realm identity provider API. displayName: Keycloak Realm Identity Provider kind: KeycloakRealmIdentityProvider name: keycloakrealmidentityproviders.v1.edp.epam.com version: v1 + - kind: KeycloakRealmIdentityProvider + name: keycloakrealmidentityproviders.v1.edp.epam.com + version: v1alpha1 - description: KeycloakRealmRoleBatch is the Schema for the keycloak roles API. displayName: Keycloak Realm Role Batch kind: KeycloakRealmRoleBatch name: keycloakrealmrolebatches.v1.edp.epam.com version: v1 + - kind: KeycloakRealmRoleBatch + name: keycloakrealmrolebatches.v1.edp.epam.com + version: v1alpha1 - description: KeycloakRealmRole is the Schema for the keycloak group API. displayName: Keycloak Realm Role kind: KeycloakRealmRole name: keycloakrealmroles.v1.edp.epam.com version: v1 + - kind: KeycloakRealmRole + name: keycloakrealmroles.v1.edp.epam.com + version: v1alpha1 - description: KeycloakRealm is the Schema for the keycloak realms API. displayName: Keycloak Realm kind: KeycloakRealm name: keycloakrealms.v1.edp.epam.com version: v1 + - kind: KeycloakRealm + name: keycloakrealms.v1.edp.epam.com + version: v1alpha1 - description: KeycloakRealmUser is the Schema for the keycloak user API. displayName: Keycloak Realm User kind: KeycloakRealmUser name: keycloakrealmusers.v1.edp.epam.com version: v1 + - kind: KeycloakRealmUser + name: keycloakrealmusers.v1.edp.epam.com + version: v1alpha1 - description: Keycloak is the Schema for the keycloaks API. displayName: Keycloak kind: Keycloak name: keycloaks.v1.edp.epam.com version: v1 + - kind: Keycloak + name: keycloaks.v1.edp.epam.com + version: v1alpha1 description: | Keycloak Operator is an operator that is responsible for establishing a connection to provided Keycloak Server, reconciling Keycloak entities (realms, @@ -518,6 +685,14 @@ spec: spec: clusterPermissions: - rules: + - apiGroups: + - v1 + resources: + - configmap + verbs: + - get + - list + - watch - apiGroups: - v1.edp.epam.com resources: @@ -602,7 +777,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/epamedp/keycloak-operator:1.20.0 + image: docker.io/epamedp/keycloak-operator:1.21.0 livenessProbe: httpGet: path: /healthz @@ -674,6 +849,14 @@ spec: - patch - update - watch + - apiGroups: + - v1 + resources: + - configmap + verbs: + - get + - list + - watch - apiGroups: - v1.edp.epam.com resources: @@ -993,4 +1176,4 @@ spec: provider: name: EPAM Delivery Platform url: https://epam.github.io/edp-install/ - version: 1.20.0 + version: 1.21.0 diff --git a/bundle/manifests/v1.edp.epam.com_clusterkeycloakrealms.yaml b/bundle/manifests/v1.edp.epam.com_clusterkeycloakrealms.yaml index 46c3d9c5..13f133e4 100644 --- a/bundle/manifests/v1.edp.epam.com_clusterkeycloakrealms.yaml +++ b/bundle/manifests/v1.edp.epam.com_clusterkeycloakrealms.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.15.0 creationTimestamp: null name: clusterkeycloakrealms.v1.edp.epam.com spec: @@ -26,14 +26,19 @@ spec: API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -52,9 +57,9 @@ spec: that owns the realm. type: string frontendUrl: - description: FrontendURL Set the frontend URL for the realm. Use in - combination with the default hostname provider to override the base - URL for frontend requests for a specific realm. + description: |- + FrontendURL Set the frontend URL for the realm. + Use in combination with the default hostname provider to override the base URL for frontend requests for a specific realm. type: string localization: description: Localization is the configuration for localization in @@ -143,6 +148,76 @@ spec: nullable: true type: string type: object + tokenSettings: + description: TokenSettings is the configuration for tokens in the + realm. + nullable: true + properties: + accessCodeLifespan: + default: 60 + description: |- + AccessCodeLifespan specifies max time(in seconds)a client has to finish the access token protocol. + This should normally be 1 minute. + type: integer + accessToken: + default: 900 + description: AccessTokenLifespanForImplicitFlow specifies max + time(in seconds) before an access token is expired for implicit + flow. + type: integer + accessTokenLifespan: + default: 300 + description: |- + AccessTokenLifespan specifies max time(in seconds) before an access token is expired. + This value is recommended to be short relative to the SSO timeout. + type: integer + actionTokenGeneratedByAdminLifespan: + default: 43200 + description: |- + ActionTokenGeneratedByAdminLifespan specifies max time(in seconds) before an action permit sent to a user by administrator is expired. + This value is recommended to be long to allow administrators to send e-mails for users that are currently offline. + The default timeout can be overridden immediately before issuing the token. + type: integer + actionTokenGeneratedByUserLifespan: + default: 300 + description: |- + AccessCodeLifespanUserAction specifies max time(in seconds) before an action permit sent by a user (such as a forgot password e-mail) is expired. + This value is recommended to be short because it's expected that the user would react to self-created action quickly. + type: integer + defaultSignatureAlgorithm: + default: RS256 + description: DefaultSignatureAlgorithm specifies the default algorithm + used to sign tokens for the realm + enum: + - ES256 + - ES384 + - ES512 + - EdDSA + - HS256 + - HS384 + - HS512 + - PS256 + - PS384 + - PS512 + - RS256 + - RS384 + - RS512 + example: RS256 + type: string + refreshTokenMaxReuse: + default: 0 + description: |- + RefreshTokenMaxReuse specifies maximum number of times a refresh token can be reused. + When a different token is used, revocation is immediate. + type: integer + revokeRefreshToken: + default: false + description: |- + RevokeRefreshToken if enabled a refresh token can only be used up to 'refreshTokenMaxReuse' and + is revoked when a different token is used. + Otherwise, refresh tokens are not revoked when used and can be used multiple times. + type: boolean + type: object required: - clusterKeycloakRef - realmName diff --git a/bundle/manifests/v1.edp.epam.com_clusterkeycloaks.yaml b/bundle/manifests/v1.edp.epam.com_clusterkeycloaks.yaml index a2ebf403..fb1f53eb 100644 --- a/bundle/manifests/v1.edp.epam.com_clusterkeycloaks.yaml +++ b/bundle/manifests/v1.edp.epam.com_clusterkeycloaks.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.15.0 creationTimestamp: null name: clusterkeycloaks.v1.edp.epam.com spec: @@ -25,14 +25,19 @@ spec: description: ClusterKeycloak is the Schema for the clusterkeycloaks API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -41,13 +46,59 @@ spec: properties: adminType: default: user - description: AdminType can be user or serviceAccount, if serviceAccount - was specified, then client_credentials grant type should be used - for getting admin realm token. + description: |- + AdminType can be user or serviceAccount, if serviceAccount was specified, + then client_credentials grant type should be used for getting admin realm token. enum: - serviceAccount - user type: string + caCert: + description: |- + CACert defines the root certificate authority + that api clients use when verifying server certificates. + Resources should be in the namespace defined in operator OPERATOR_NAMESPACE env. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret. + properties: + key: + description: The key of the secret to select from. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: |- + InsecureSkipVerify controls whether api client verifies the server's + certificate chain and host name. If InsecureSkipVerify is true, api client + accepts any certificate presented by the server and any host name in that + certificate. + type: boolean secret: description: Secret is a secret name which contains admin credentials. type: string @@ -59,6 +110,8 @@ spec: - url type: object status: + default: + connected: false description: ClusterKeycloakStatus defines the observed state of ClusterKeycloak. properties: connected: diff --git a/bundle/manifests/v1.edp.epam.com_keycloakauthflows.yaml b/bundle/manifests/v1.edp.epam.com_keycloakauthflows.yaml index 1d70ef37..2425b580 100644 --- a/bundle/manifests/v1.edp.epam.com_keycloakauthflows.yaml +++ b/bundle/manifests/v1.edp.epam.com_keycloakauthflows.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.15.0 creationTimestamp: null name: keycloakauthflows.v1.edp.epam.com spec: @@ -26,14 +26,19 @@ spec: flow API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -101,8 +106,9 @@ spec: auth flows. type: string realm: - description: 'Deprecated: use RealmRef instead. Realm is name of KeycloakRealm - custom resource.' + description: |- + Deprecated: use RealmRef instead. + Realm is name of KeycloakRealm custom resource. type: string realmRef: description: RealmRef is reference to Realm custom resource. @@ -146,14 +152,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object diff --git a/bundle/manifests/v1.edp.epam.com_keycloakclients.yaml b/bundle/manifests/v1.edp.epam.com_keycloakclients.yaml index 4548990a..2d1f003b 100644 --- a/bundle/manifests/v1.edp.epam.com_keycloakclients.yaml +++ b/bundle/manifests/v1.edp.epam.com_keycloakclients.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.15.0 creationTimestamp: null name: keycloakclients.v1.edp.epam.com spec: @@ -25,14 +25,19 @@ spec: description: KeycloakClient is the Schema for the keycloak clients API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -51,6 +56,289 @@ spec: description: Attributes is a map of client attributes. nullable: true type: object + authorization: + description: Authorization is a client authorization configuration. + nullable: true + properties: + permissions: + items: + properties: + decisionStrategy: + default: UNANIMOUS + description: DecisionStrategy is a permission decision strategy. + enum: + - UNANIMOUS + - AFFIRMATIVE + - CONSENSUS + type: string + description: + description: Description is a permission description. + type: string + logic: + default: POSITIVE + description: Logic is a permission logic. + enum: + - POSITIVE + - NEGATIVE + type: string + name: + description: Name is a permission name. + type: string + policies: + description: |- + Policies is a list of policies names. + Specifies all the policies that must be applied to the scopes defined by this policy or permission. + example: + - policy1 + - policy2 + items: + type: string + nullable: true + type: array + resources: + description: |- + Resources is a list of resources names. + Specifies that this permission must be applied to all resource instances of a given type. + example: + - resource1 + - resource2 + items: + type: string + nullable: true + type: array + scopes: + description: |- + Scopes is a list of authorization scopes names. + Specifies that this permission must be applied to one or more scopes. + example: + - scope1 + - scope2 + items: + type: string + nullable: true + type: array + type: + description: Type is a permission type. + enum: + - resource + - scope + type: string + required: + - name + - type + type: object + type: array + policies: + items: + description: Policy represents a client authorization policy. + properties: + aggregatedPolicy: + description: AggregatedPolicy is an aggregated policy settings. + properties: + policies: + description: |- + Policies is a list of aggregated policies names. + Specifies all the policies that must be applied to the scopes defined by this policy or permission. + example: + policies: + - policy1 + - policy2 + items: + type: string + type: array + required: + - policies + type: object + clientPolicy: + description: ClientPolicy is a client policy settings. + properties: + clients: + description: Clients is a list of client names. Specifies + which client(s) are allowed by this policy. + example: + - clients1 + - clients2 + items: + type: string + type: array + required: + - clients + type: object + decisionStrategy: + default: UNANIMOUS + description: DecisionStrategy is a policy decision strategy. + enum: + - UNANIMOUS + - AFFIRMATIVE + - CONSENSUS + type: string + description: + description: Description is a policy description. + type: string + groupPolicy: + description: GroupPolicy is a group policy settings. + properties: + groups: + description: Groups is a list of group names. Specifies + which group(s) are allowed by this policy. + example: '{"groups":[{"name":"group1","extendChildren":true},{"name":"group2"}]}' + items: + description: GroupDefinition represents a group in + a GroupPolicyData. + properties: + extendChildren: + description: ExtendChildren is a flag that specifies + whether to extend children. + type: boolean + name: + description: Name is a group name. + example: group1 + type: string + required: + - name + type: object + type: array + groupsClaim: + description: |- + GroupsClaim is a group claim. + If defined, the policy will fetch user's groups from the given claim + within an access token or ID token representing the identity asking permissions. + If not defined, user's groups are obtained from your realm configuration. + type: string + type: object + logic: + default: POSITIVE + description: Logic is a policy logic. + enum: + - POSITIVE + - NEGATIVE + type: string + name: + description: Name is a policy name. + type: string + rolePolicy: + description: RolePolicy is a role policy settings. + properties: + roles: + description: Roles is a list of role. + example: + roles: + - name: role1 + required: true + - name: role2 + items: + description: RoleDefinition represents a role in a + RolePolicyData. + properties: + name: + description: Name is a role name. + example: role1 + type: string + required: + description: Required is a flag that specifies + whether the role is required. + type: boolean + required: + - name + type: object + type: array + required: + - roles + type: object + timePolicy: + description: ScopePolicy is a scope policy settings. + properties: + dayMonth: + description: |- + Day defines the month which the policy MUST be granted. + You can also provide a range by filling the dayMonthEnd field. + In this case, permission is granted only if current month is between or equal to the two values you provided. + example: "1" + type: string + dayMonthEnd: + example: "2" + type: string + hour: + description: |- + Hour defines the hour when the policy MUST be granted. + You can also provide a range by filling the hourEnd. + In this case, permission is granted only if current hour is between or equal to the two values you provided. + example: "1" + type: string + hourEnd: + example: "2" + type: string + minute: + description: |- + Minute defines the minute when the policy MUST be granted. + You can also provide a range by filling the minuteEnd field. + In this case, permission is granted only if current minute is between or equal to the two values you provided. + example: "1" + type: string + minuteEnd: + example: "2" + type: string + month: + description: |- + Month defines the month which the policy MUST be granted. + You can also provide a range by filling the monthEnd. + In this case, permission is granted only if current month is between or equal to the two values you provided. + example: "1" + type: string + monthEnd: + example: "2" + type: string + notBefore: + description: |- + NotBefore defines the time before which the policy MUST NOT be granted. + Only granted if current date/time is after or equal to this value. + example: "2024-03-03 00:00:00" + type: string + notOnOrAfter: + description: |- + NotOnOrAfter defines the time after which the policy MUST NOT be granted. + Only granted if current date/time is before or equal to this value. + example: "2024-04-04 00:00:00" + type: string + required: + - notBefore + - notOnOrAfter + type: object + type: + description: Type is a policy type. + enum: + - aggregate + - client + - group + - role + - time + - user + type: string + userPolicy: + description: UserPolicy is a user policy settings. + properties: + users: + description: Users is a list of usernames. Specifies + which user(s) are allowed by this policy. + example: + - users1 + - users2 + items: + type: string + type: array + required: + - users + type: object + required: + - name + - type + type: object + type: array + scopes: + items: + type: string + type: array + type: object authorizationServicesEnabled: description: ServiceAccountsEnabled enable/disable fine-grained authorization support for a client. @@ -173,12 +461,11 @@ spec: - addOnly type: string redirectUris: - description: RedirectUris is a list of valid URI pattern a browser - can redirect to after a successful login. Simple wildcards are allowed - such as 'https://example.com/*'. Relative path can be specified - too, such as /my/relative/path/*. Relative paths are relative to - the client root URL. If not specified, spec.webUrl + "/*" will be - used. + description: |- + RedirectUris is a list of valid URI pattern a browser can redirect to after a successful login. + Simple wildcards are allowed such as 'https://example.com/*'. + Relative path can be specified too, such as /my/relative/path/*. Relative paths are relative to the client root URL. + If not specified, spec.webUrl + "/*" will be used. example: - https://example.com/* - /my/relative/path/* @@ -187,11 +474,11 @@ spec: nullable: true type: array secret: - description: 'Secret is kubernetes secret name where the client''s - secret will be stored. Secret should have the following format: - $secretName:secretKey. If not specified, a client secret will be - generated and stored in a secret with the name keycloak-client-{metadata.name}-secret. - If keycloak client is public, secret property will be ignored.' + description: |- + Secret is kubernetes secret name where the client's secret will be stored. + Secret should have the following format: $secretName:secretKey. + If not specified, a client secret will be generated and stored in a secret with the name keycloak-client-{metadata.name}-secret. + If keycloak client is public, secret property will be ignored. example: $keycloak-secret:client_secret type: string serviceAccount: @@ -243,15 +530,17 @@ spec: description: SurrogateAuthRequired is a flag to enable surrogate auth. type: boolean targetRealm: - description: 'Deprecated: use RealmRef instead. TargetRealm is a realm - name where client will be created. It has higher priority than RealmRef - for backward compatibility. If both TargetRealm and RealmRef are - specified, TargetRealm will be used for client creation.' + description: |- + Deprecated: use RealmRef instead. + TargetRealm is a realm name where client will be created. + It has higher priority than RealmRef for backward compatibility. + If both TargetRealm and RealmRef are specified, TargetRealm will be used for client creation. type: string webOrigins: - description: WebOrigins is a list of allowed CORS origins. To permit - all origins of Valid Redirect URIs, add '+'. This does not include - the '*' wildcard though. To permit all origins, explicitly add '*'. + description: |- + WebOrigins is a list of allowed CORS origins. + To permit all origins of Valid Redirect URIs, add '+'. This does not include the '*' wildcard though. + To permit all origins, explicitly add '*'. If not specified, the value from `WebUrl` is used example: - https://example.com/* @@ -288,14 +577,19 @@ spec: description: KeycloakClient is the Schema for the keycloakclients API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object diff --git a/bundle/manifests/v1.edp.epam.com_keycloakclientscopes.yaml b/bundle/manifests/v1.edp.epam.com_keycloakclientscopes.yaml index 2463e7b5..9fe0c227 100644 --- a/bundle/manifests/v1.edp.epam.com_keycloakclientscopes.yaml +++ b/bundle/manifests/v1.edp.epam.com_keycloakclientscopes.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.15.0 creationTimestamp: null name: keycloakclientscopes.v1.edp.epam.com spec: @@ -26,14 +26,19 @@ spec: API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -83,8 +88,9 @@ spec: nullable: true type: array realm: - description: 'Deprecated: use RealmRef instead. Realm is name of KeycloakRealm - custom resource.' + description: |- + Deprecated: use RealmRef instead. + Realm is name of KeycloakRealm custom resource. type: string realmRef: description: RealmRef is reference to Realm custom resource. @@ -125,14 +131,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object diff --git a/bundle/manifests/v1.edp.epam.com_keycloakrealmcomponents.yaml b/bundle/manifests/v1.edp.epam.com_keycloakrealmcomponents.yaml index 3c781a0c..8cdeebb3 100644 --- a/bundle/manifests/v1.edp.epam.com_keycloakrealmcomponents.yaml +++ b/bundle/manifests/v1.edp.epam.com_keycloakrealmcomponents.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.15.0 creationTimestamp: null name: keycloakrealmcomponents.v1.edp.epam.com spec: @@ -26,14 +26,19 @@ spec: API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -45,10 +50,10 @@ spec: items: type: string type: array - description: Config is a map of component configuration. Map key is - a name of configuration property, map value is an array value of - configuration properties. Any configuration property can be a reference - to k8s secret, in this case the property should be in format $secretName:secretKey. + description: |- + Config is a map of component configuration. + Map key is a name of configuration property, map value is an array value of configuration properties. + Any configuration property can be a reference to k8s secret, in this case the property should be in format $secretName:secretKey. example: bindCredential: '["$clientSecret:secretKey"]' bindDn: '["provider-client"]' @@ -58,8 +63,9 @@ spec: description: Name of keycloak component. type: string parentRef: - description: ParentRef specifies a parent resource. If not specified, - then parent is realm specified in realm field. + description: |- + ParentRef specifies a parent resource. + If not specified, then parent is realm specified in realm field. nullable: true properties: kind: @@ -71,9 +77,9 @@ spec: - KeycloakRealmComponent type: string name: - description: Name is a name of parent component custom resource. - For example, if Kind is KeycloakRealm, then Name is name of - KeycloakRealm custom resource. + description: |- + Name is a name of parent component custom resource. + For example, if Kind is KeycloakRealm, then Name is name of KeycloakRealm custom resource. type: string required: - name @@ -85,8 +91,9 @@ spec: description: ProviderType is a provider type of component. type: string realm: - description: 'Deprecated: use RealmRef instead. Realm is name of KeycloakRealm - custom resource.' + description: |- + Deprecated: use RealmRef instead. + Realm is name of KeycloakRealm custom resource. type: string realmRef: description: RealmRef is reference to Realm custom resource. @@ -126,14 +133,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object diff --git a/bundle/manifests/v1.edp.epam.com_keycloakrealmgroups.yaml b/bundle/manifests/v1.edp.epam.com_keycloakrealmgroups.yaml index c3d33537..01966b8f 100644 --- a/bundle/manifests/v1.edp.epam.com_keycloakrealmgroups.yaml +++ b/bundle/manifests/v1.edp.epam.com_keycloakrealmgroups.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.15.0 creationTimestamp: null name: keycloakrealmgroups.v1.edp.epam.com spec: @@ -25,14 +25,19 @@ spec: description: KeycloakRealmGroup is the Schema for the keycloak group API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -79,8 +84,9 @@ spec: description: Path is a group path. type: string realm: - description: 'Deprecated: use RealmRef instead. Realm is name of KeycloakRealm - custom resource.' + description: |- + Deprecated: use RealmRef instead. + Realm is name of KeycloakRealm custom resource. type: string realmRef: description: RealmRef is reference to Realm custom resource. @@ -133,14 +139,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object diff --git a/bundle/manifests/v1.edp.epam.com_keycloakrealmidentityproviders.yaml b/bundle/manifests/v1.edp.epam.com_keycloakrealmidentityproviders.yaml index 08bcc9b4..a6494826 100644 --- a/bundle/manifests/v1.edp.epam.com_keycloakrealmidentityproviders.yaml +++ b/bundle/manifests/v1.edp.epam.com_keycloakrealmidentityproviders.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.15.0 creationTimestamp: null name: keycloakrealmidentityproviders.v1.edp.epam.com spec: @@ -26,14 +26,19 @@ spec: realm identity provider API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,10 +59,10 @@ spec: config: additionalProperties: type: string - description: Config is a map of identity provider configuration. Map - key is a name of configuration property, map value is a value of - configuration property. Any value can be a reference to k8s secret, - in this case value should be in format $secretName:secretKey. + description: |- + Config is a map of identity provider configuration. + Map key is a name of configuration property, map value is a value of configuration property. + Any value can be a reference to k8s secret, in this case value should be in format $secretName:secretKey. example: clientId: provider-client clientSecret: $clientSecret:secretKey @@ -101,8 +106,9 @@ spec: description: ProviderID is a provider ID of identity provider. type: string realm: - description: 'Deprecated: use RealmRef instead. Realm is name of KeycloakRealm - custom resource.' + description: |- + Deprecated: use RealmRef instead. + Realm is name of KeycloakRealm custom resource. type: string realmRef: description: RealmRef is reference to Realm custom resource. @@ -150,14 +156,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object diff --git a/bundle/manifests/v1.edp.epam.com_keycloakrealmrolebatches.yaml b/bundle/manifests/v1.edp.epam.com_keycloakrealmrolebatches.yaml index 53459dc9..9be7c334 100644 --- a/bundle/manifests/v1.edp.epam.com_keycloakrealmrolebatches.yaml +++ b/bundle/manifests/v1.edp.epam.com_keycloakrealmrolebatches.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.15.0 creationTimestamp: null name: keycloakrealmrolebatches.v1.edp.epam.com spec: @@ -25,14 +25,19 @@ spec: description: KeycloakRealmRoleBatch is the Schema for the keycloak roles API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -40,8 +45,9 @@ spec: description: KeycloakRealmRoleBatchSpec defines the desired state of KeycloakRealmRoleBatch. properties: realm: - description: 'Deprecated: use RealmRef instead. Realm is name of KeycloakRealm - custom resource.' + description: |- + Deprecated: use RealmRef instead. + Realm is name of KeycloakRealm custom resource. type: string realmRef: description: RealmRef is reference to Realm custom resource. @@ -121,14 +127,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object diff --git a/bundle/manifests/v1.edp.epam.com_keycloakrealmroles.yaml b/bundle/manifests/v1.edp.epam.com_keycloakrealmroles.yaml index 1ffb6a3b..82728169 100644 --- a/bundle/manifests/v1.edp.epam.com_keycloakrealmroles.yaml +++ b/bundle/manifests/v1.edp.epam.com_keycloakrealmroles.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.15.0 creationTimestamp: null name: keycloakrealmroles.v1.edp.epam.com spec: @@ -25,14 +25,19 @@ spec: description: KeycloakRealmRole is the Schema for the keycloak group API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -63,6 +68,27 @@ spec: type: object nullable: true type: array + compositesClientRoles: + additionalProperties: + items: + properties: + name: + description: Name is a name of composite role. + type: string + required: + - name + type: object + type: array + description: CompositesClientRoles is a map of composites client roles + assigned to role. + example: + client1: + - name: role1 + - name: role2 + client2: + name: role3 + nullable: true + type: object description: description: Description is a role description. type: string @@ -73,8 +99,9 @@ spec: description: Name of keycloak role. type: string realm: - description: 'Deprecated: use RealmRef instead. Realm is name of KeycloakRealm - custom resource.' + description: |- + Deprecated: use RealmRef instead. + Realm is name of KeycloakRealm custom resource. type: string realmRef: description: RealmRef is reference to Realm custom resource. @@ -115,14 +142,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object diff --git a/bundle/manifests/v1.edp.epam.com_keycloakrealms.yaml b/bundle/manifests/v1.edp.epam.com_keycloakrealms.yaml index 8c4b9d3e..3a9b0348 100644 --- a/bundle/manifests/v1.edp.epam.com_keycloakrealms.yaml +++ b/bundle/manifests/v1.edp.epam.com_keycloakrealms.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.15.0 creationTimestamp: null name: keycloakrealms.v1.edp.epam.com spec: @@ -29,14 +29,19 @@ spec: description: KeycloakRealm is the Schema for the keycloak realms API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -55,10 +60,6 @@ spec: apply to HTTP responses from the realm's browser clients. nullable: true type: object - disableCentralIDPMappers: - description: DisableCentralIDPMappers indicates whether to disable - the default identity provider (IDP) mappers. - type: boolean frontendUrl: description: FrontendURL Set the frontend URL for the realm. Use in combination with the default hostname provider to override the base @@ -69,8 +70,9 @@ spec: nullable: true type: string keycloakOwner: - description: 'Deprecated: use KeycloakRef instead. KeycloakOwner specifies - the name of the Keycloak instance that owns the realm.' + description: |- + Deprecated: use KeycloakRef instead. + KeycloakOwner specifies the name of the Keycloak instance that owns the realm. nullable: true type: string keycloakRef: @@ -137,41 +139,6 @@ spec: realmName: description: RealmName specifies the name of the realm. type: string - ssoAutoRedirectEnabled: - description: SsoAutoRedirectEnabled indicates whether to enable automatic - redirection to the SSO realm. - nullable: true - type: boolean - ssoRealmEnabled: - description: SsoRealmEnabled indicates whether to enable the SSO realm. - nullable: true - type: boolean - ssoRealmMappers: - description: SSORealmMappers is a list of SSO realm mappers to create - in the realm. - items: - properties: - config: - additionalProperties: - type: string - description: Config is a map of configuration options for the - SSO realm mapper. - nullable: true - type: object - identityProviderMapper: - description: IdentityProviderMapper specifies the identity provider - mapper to use. - type: string - name: - description: Name specifies the name of the SSO realm mapper. - type: string - type: object - nullable: true - type: array - ssoRealmName: - description: SsoRealmName specifies the name of the SSO realm used - by the realm. - type: string themes: description: Themes is a map of themes to apply to the realm. nullable: true @@ -202,6 +169,76 @@ spec: nullable: true type: string type: object + tokenSettings: + description: TokenSettings is the configuration for tokens in the + realm. + nullable: true + properties: + accessCodeLifespan: + default: 60 + description: |- + AccessCodeLifespan specifies max time(in seconds)a client has to finish the access token protocol. + This should normally be 1 minute. + type: integer + accessToken: + default: 900 + description: AccessTokenLifespanForImplicitFlow specifies max + time(in seconds) before an access token is expired for implicit + flow. + type: integer + accessTokenLifespan: + default: 300 + description: |- + AccessTokenLifespan specifies max time(in seconds) before an access token is expired. + This value is recommended to be short relative to the SSO timeout. + type: integer + actionTokenGeneratedByAdminLifespan: + default: 43200 + description: |- + ActionTokenGeneratedByAdminLifespan specifies max time(in seconds) before an action permit sent to a user by administrator is expired. + This value is recommended to be long to allow administrators to send e-mails for users that are currently offline. + The default timeout can be overridden immediately before issuing the token. + type: integer + actionTokenGeneratedByUserLifespan: + default: 300 + description: |- + AccessCodeLifespanUserAction specifies max time(in seconds) before an action permit sent by a user (such as a forgot password e-mail) is expired. + This value is recommended to be short because it's expected that the user would react to self-created action quickly. + type: integer + defaultSignatureAlgorithm: + default: RS256 + description: DefaultSignatureAlgorithm specifies the default algorithm + used to sign tokens for the realm + enum: + - ES256 + - ES384 + - ES512 + - EdDSA + - HS256 + - HS384 + - HS512 + - PS256 + - PS384 + - PS512 + - RS256 + - RS384 + - RS512 + example: RS256 + type: string + refreshTokenMaxReuse: + default: 0 + description: |- + RefreshTokenMaxReuse specifies maximum number of times a refresh token can be reused. + When a different token is used, revocation is immediate. + type: integer + revokeRefreshToken: + default: false + description: |- + RevokeRefreshToken if enabled a refresh token can only be used up to 'refreshTokenMaxReuse' and + is revoked when a different token is used. + Otherwise, refresh tokens are not revoked when used and can be used multiple times. + type: boolean + type: object users: description: Users is a list of users to create in the realm. items: @@ -246,14 +283,19 @@ spec: description: KeycloakRealm is the Schema for the keycloakrealms API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -268,8 +310,6 @@ spec: type: string nullable: true type: object - disableCentralIDPMappers: - type: boolean frontendUrl: description: FrontendURL Set the frontend URL for the realm. Use in combination with the default hostname provider to override the base @@ -326,29 +366,6 @@ spec: type: object realmName: type: string - ssoAutoRedirectEnabled: - nullable: true - type: boolean - ssoRealmEnabled: - nullable: true - type: boolean - ssoRealmMappers: - items: - properties: - config: - additionalProperties: - type: string - nullable: true - type: object - identityProviderMapper: - type: string - name: - type: string - type: object - nullable: true - type: array - ssoRealmName: - type: string themes: nullable: true properties: diff --git a/bundle/manifests/v1.edp.epam.com_keycloakrealmusers.yaml b/bundle/manifests/v1.edp.epam.com_keycloakrealmusers.yaml index 9a36d3a1..5b788e5b 100644 --- a/bundle/manifests/v1.edp.epam.com_keycloakrealmusers.yaml +++ b/bundle/manifests/v1.edp.epam.com_keycloakrealmusers.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.15.0 creationTimestamp: null name: keycloakrealmusers.v1.edp.epam.com spec: @@ -25,14 +25,19 @@ spec: description: KeycloakRealmUser is the Schema for the keycloak user API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -64,8 +69,11 @@ spec: nullable: true type: array keepResource: - description: KeepResource is a flag if resource should be kept after - deletion. If set to true, user will not be deleted from keycloak. + default: true + description: |- + KeepResource, when set to false, results in the deletion of the KeycloakRealmUser Custom Resource (CR) + from the cluster after the corresponding user is created in Keycloak. The user will continue to exist in Keycloak. + When set to true, the CR will not be deleted after processing. type: boolean lastName: description: LastName is a user last name. @@ -91,8 +99,9 @@ spec: - name type: object realm: - description: 'Deprecated: use RealmRef instead. Realm is name of KeycloakRealm - custom resource.' + description: |- + Deprecated: use RealmRef instead. + Realm is name of KeycloakRealm custom resource. type: string realmRef: description: RealmRef is reference to Realm custom resource. @@ -108,11 +117,10 @@ spec: type: string type: object reconciliationStrategy: - description: 'ReconciliationStrategy is a strategy for reconciliation. - Possible values: full, create-only. Default value: full. If set - to create-only, user will be created only if it does not exist. - If user exists, it will not be updated. If set to full, user will - be created if it does not exist, or updated if it exists.' + description: |- + ReconciliationStrategy is a strategy for reconciliation. Possible values: full, create-only. + Default value: full. If set to create-only, user will be created only if it does not exist. If user exists, it will not be updated. + If set to full, user will be created if it does not exist, or updated if it exists. type: string requiredUserActions: description: 'RequiredUserActions is required action when user log @@ -153,14 +161,19 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object diff --git a/bundle/manifests/v1.edp.epam.com_keycloaks.yaml b/bundle/manifests/v1.edp.epam.com_keycloaks.yaml index 3bddd96b..c1ced8bf 100644 --- a/bundle/manifests/v1.edp.epam.com_keycloaks.yaml +++ b/bundle/manifests/v1.edp.epam.com_keycloaks.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.15.0 creationTimestamp: null name: keycloaks.v1.edp.epam.com spec: @@ -25,14 +25,19 @@ spec: description: Keycloak is the Schema for the keycloaks API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -47,6 +52,51 @@ spec: - serviceAccount - user type: string + caCert: + description: |- + CACert defines the root certificate authority + that api client use when verifying server certificates. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret. + properties: + key: + description: The key of the secret to select from. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: |- + InsecureSkipVerify controls whether api client verifies the server's + certificate chain and host name. If InsecureSkipVerify is true, api client + accepts any certificate presented by the server and any host name in that + certificate. + type: boolean secret: description: Secret is a secret name which contains admin credentials. type: string @@ -58,6 +108,8 @@ spec: - url type: object status: + default: + connected: false description: KeycloakStatus defines the observed state of Keycloak. properties: connected: @@ -78,14 +130,19 @@ spec: description: Keycloak is the Schema for the keycloaks API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object diff --git a/bundle/metadata/annotations.yaml b/bundle/metadata/annotations.yaml index 3f7785e9..bc693fa9 100644 --- a/bundle/metadata/annotations.yaml +++ b/bundle/metadata/annotations.yaml @@ -5,10 +5,14 @@ annotations: operators.operatorframework.io.bundle.metadata.v1: metadata/ operators.operatorframework.io.bundle.package.v1: edp-keycloak-operator operators.operatorframework.io.bundle.channels.v1: stable - operators.operatorframework.io.metrics.builder: operator-sdk-v1.34.1 + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.metrics.builder: operator-sdk-v1.34.2 operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 + # Annotations for OpenShift. + com.redhat.openshift.versions: "v4.7-v4.13" + # Annotations for testing. operators.operatorframework.io.test.mediatype.v1: scorecard+v1 operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 0ab3eba3..ec1751ad 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -13,4 +13,4 @@ kind: Kustomization images: - name: controller newName: docker.io/epamedp/keycloak-operator - newTag: 1.20.0 + newTag: 1.21.0 diff --git a/config/manifests/bases/edp-keycloak-operator.clusterserviceversion.yaml b/config/manifests/bases/edp-keycloak-operator.clusterserviceversion.yaml index 2c1ff938..0c547be4 100644 --- a/config/manifests/bases/edp-keycloak-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/edp-keycloak-operator.clusterserviceversion.yaml @@ -5,9 +5,10 @@ metadata: alm-examples: '[]' capabilities: Deep Insights categories: Security - containerImage: docker.io/epamedp/keycloak-operator:1.20.0 + containerImage: docker.io/epamedp/keycloak-operator:1.21.0 description: An Operator for managing Keycloak repository: https://github.com/epam/edp-keycloak-operator + support: EPAM Delivery Platform name: edp-keycloak-operator.v0.0.0 namespace: placeholder spec: @@ -180,4 +181,4 @@ spec: provider: name: EPAM Delivery Platform url: https://epam.github.io/edp-install/ - version: 1.19.0 + version: 1.21.0