158 lines
6 KiB
YAML
158 lines
6 KiB
YAML
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.4.1
|
|
creationTimestamp: null
|
|
name: keycloakclients.keycloak.bitmask.me
|
|
spec:
|
|
group: keycloak.bitmask.me
|
|
names:
|
|
kind: KeycloakClient
|
|
listKind: KeycloakClientList
|
|
plural: keycloakclients
|
|
singular: keycloakclient
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: KeycloakClient is the Schema for the keycloakclients API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: KeycloakClientSpec defines the desired state of KeycloakClient
|
|
properties:
|
|
adminUrl:
|
|
description: URL to the admin interface of the client
|
|
type: string
|
|
baseUrl:
|
|
description: Default URL to use when the auth server needs to redirect
|
|
or link back to the client
|
|
type: string
|
|
bearerOnly:
|
|
description: The access type of this client is bearer-only.
|
|
type: boolean
|
|
clientAuthenticatorType:
|
|
description: How should Clients authenticate to the server? either
|
|
'client-secret' or 'client-jwt'.
|
|
type: string
|
|
clientId:
|
|
description: ClientID is the alphanumeric identifier of the client
|
|
in a realm.
|
|
type: string
|
|
consentRequired:
|
|
description: If enabled, users have to consent to client access.
|
|
type: boolean
|
|
defaultClientScopes:
|
|
description: Which client scopes chould be granted by default, even
|
|
without specifying them.
|
|
items:
|
|
type: string
|
|
type: array
|
|
description:
|
|
description: Human Readable description
|
|
type: string
|
|
directAccessGrantsEnabled:
|
|
description: Are direct access grants enabled for this client or not
|
|
(OpenID connect).
|
|
type: boolean
|
|
enabled:
|
|
description: If the client is enabled and active
|
|
type: boolean
|
|
implicitFlowEnabled:
|
|
description: Enable implicit flow for this client or not (OpenID connect).
|
|
type: boolean
|
|
name:
|
|
description: Displayed Name of the Client
|
|
type: string
|
|
optionalClientScopes:
|
|
description: Which additional scopes can be specified by the client
|
|
items:
|
|
type: string
|
|
type: array
|
|
protocol:
|
|
description: Protocol, either 'openid-connect' or 'saml'
|
|
type: string
|
|
publicClient:
|
|
description: Is the access type for this client public or not.
|
|
type: boolean
|
|
realmName:
|
|
description: Name of the Realm the client should be created in
|
|
type: string
|
|
redirectUris:
|
|
description: URL to the admin interface of the client
|
|
items:
|
|
type: string
|
|
type: array
|
|
registrationAccessToken:
|
|
description: Used for authentication when registering new clients
|
|
type: string
|
|
rootUrl:
|
|
description: Root URL appended to relative URLs for this client
|
|
type: string
|
|
secret:
|
|
description: A client Secret is not always required
|
|
properties:
|
|
key:
|
|
default: password
|
|
description: Key of the attribute, that holds the value in the
|
|
Secret.
|
|
type: string
|
|
name:
|
|
description: Name of the Secret containing the client Secret.
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
serviceAccountsEnabled:
|
|
description: Are service accounts enabled for this client or not (OpenID
|
|
connect).
|
|
type: boolean
|
|
standardFlowEnabled:
|
|
description: Enable standard flow for this client or not (OpenID connect).
|
|
type: boolean
|
|
surrogateAuthRequired:
|
|
description: Whether or not surrogate auth is required.
|
|
type: boolean
|
|
webOrigins:
|
|
description: List of allowed CORS origins
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- clientId
|
|
- realmName
|
|
type: object
|
|
status:
|
|
description: KeycloakClientStatus defines the observed state of KeycloakClient
|
|
properties:
|
|
available:
|
|
type: boolean
|
|
required:
|
|
- available
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|