141 lines
4.7 KiB
Go
141 lines
4.7 KiB
Go
/*
|
|
Copyright 2021.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package v1alpha1
|
|
|
|
import (
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
)
|
|
|
|
// KeycloakClientSpec defines the desired state of KeycloakClient
|
|
type KeycloakClientSpec struct {
|
|
// +kubebuilder:validation:Required
|
|
// Name of the Realm the client should be created in
|
|
RealmName string `json:"realmName"`
|
|
|
|
// +kubebuilder:validation:Required
|
|
// ClientID is the alphanumeric identifier of the client in a realm.
|
|
ClientID string `json:"clientId"`
|
|
|
|
// If the client is enabled and active
|
|
Enabled *bool `json:"enabled,omitempty"`
|
|
|
|
// Displayed Name of the Client
|
|
Name *string `json:"name,omitempty"`
|
|
|
|
// Human Readable description
|
|
Description *string `json:"description,omitempty"`
|
|
|
|
// Protocol, either 'openid-connect' or 'saml'
|
|
Protocol *string `json:"protocol,omitempty"`
|
|
|
|
// How should Clients authenticate to the server? either 'client-secret' or 'client-jwt'.
|
|
ClientAuthenticatorType *string `json:"clientAuthenticatorType,omitempty"`
|
|
|
|
// Are direct access grants enabled for this client or not (OpenID connect).
|
|
DirectAccessGrantsEnabled *bool `json:"directAccessGrantsEnabled,omitempty"`
|
|
|
|
// Is the access type for this client public or not.
|
|
PublicClient *bool `json:"publicClient,omitempty"`
|
|
|
|
// Enable implicit flow for this client or not (OpenID connect).
|
|
ImplicitFlowEnabled *bool `json:"implicitFlowEnabled,omitempty"`
|
|
|
|
// Enable standard flow for this client or not (OpenID connect).
|
|
StandardFlowEnabled *bool `json:"standardFlowEnabled,omitempty"`
|
|
|
|
// Are service accounts enabled for this client or not (OpenID connect).
|
|
ServiceAccountsEnabled *bool `json:"serviceAccountsEnabled,omitempty"`
|
|
|
|
// Used for authentication when registering new clients
|
|
RegistrationAccessToken *string `json:"registrationAccessToken,omitempty"`
|
|
|
|
// Whether or not surrogate auth is required.
|
|
SurrogateAuthRequired *bool `json:"surrogateAuthRequired,omitempty"`
|
|
|
|
// The access type of this client is bearer-only.
|
|
BearerOnly *bool `json:"bearerOnly,omitempty"`
|
|
|
|
// If enabled, users have to consent to client access.
|
|
ConsentRequired *bool `json:"consentRequired,omitempty"`
|
|
|
|
// Which client scopes chould be granted by default, even without
|
|
// specifying them.
|
|
DefaultClientScopes *[]string `json:"defaultClientScopes,omitempty"`
|
|
|
|
// Which additional scopes can be specified by the client
|
|
OptionalClientScopes *[]string `json:"optionalClientScopes,omitempty"`
|
|
|
|
// Default URL to use when the auth server needs to redirect or link back to the client
|
|
BaseURL *string `json:"baseUrl,omitempty"`
|
|
|
|
// Root URL appended to relative URLs for this client
|
|
RootURL *string `json:"rootUrl,omitempty"`
|
|
|
|
// URL to the admin interface of the client
|
|
AdminURL *string `json:"adminUrl,omitempty"`
|
|
|
|
// URL to the admin interface of the client
|
|
RedirectURIs *[]string `json:"redirectUris,omitempty"`
|
|
|
|
// List of allowed CORS origins
|
|
WebOrigins *[]string `json:"webOrigins,omitempty"`
|
|
|
|
// +kubebuilder:validation:Optional
|
|
// A client Secret is not always required
|
|
Secret *KeycloakClientSecret `json:"secret,omitempty"`
|
|
}
|
|
|
|
// KeycloakClientSecret contains the Secret storing the Client Secret
|
|
type KeycloakClientSecret struct {
|
|
// +kubebuilder:validation:Required
|
|
// Name of the Secret containing the client Secret.
|
|
Name string `json:"name"`
|
|
// +kubebuilder:default:=password
|
|
// Key of the attribute, that holds the value in the Secret.
|
|
Key string `json:"key,omitempty"`
|
|
}
|
|
|
|
// KeycloakClientStatus defines the observed state of KeycloakClient
|
|
type KeycloakClientStatus struct {
|
|
Available bool `json:"available"`
|
|
}
|
|
|
|
// +kubebuilder:object:root=true
|
|
// +kubebuilder:subresource:status
|
|
|
|
// KeycloakClient is the Schema for the keycloakclients API
|
|
type KeycloakClient struct {
|
|
metav1.TypeMeta `json:",inline"`
|
|
metav1.ObjectMeta `json:"metadata,omitempty"`
|
|
|
|
Spec KeycloakClientSpec `json:"spec,omitempty"`
|
|
Status KeycloakClientStatus `json:"status,omitempty"`
|
|
}
|
|
|
|
// +kubebuilder:object:root=true
|
|
|
|
// KeycloakClientList contains a list of KeycloakClient
|
|
type KeycloakClientList struct {
|
|
metav1.TypeMeta `json:",inline"`
|
|
metav1.ListMeta `json:"metadata,omitempty"`
|
|
Items []KeycloakClient `json:"items"`
|
|
}
|
|
|
|
func init() {
|
|
SchemeBuilder.Register(&KeycloakClient{}, &KeycloakClientList{})
|
|
}
|