diff --git a/charts/kubezero-auth/Chart.yaml b/charts/kubezero-auth/Chart.yaml index a8eead49..3b83b93c 100644 --- a/charts/kubezero-auth/Chart.yaml +++ b/charts/kubezero-auth/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-auth description: KubeZero umbrella chart for all things Authentication and Identity management type: application -version: 0.1.0 +version: 0.1.1 appVersion: 18.0.0 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png diff --git a/charts/kubezero-auth/README.md b/charts/kubezero-auth/README.md index e006cfca..df6d2eb2 100644 --- a/charts/kubezero-auth/README.md +++ b/charts/kubezero-auth/README.md @@ -1,6 +1,6 @@ # kubezero-auth -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 18.0.0](https://img.shields.io/badge/AppVersion-18.0.0-informational?style=flat-square) +![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 18.0.0](https://img.shields.io/badge/AppVersion-18.0.0-informational?style=flat-square) KubeZero umbrella chart for all things Authentication and Identity management @@ -22,7 +22,12 @@ Kubernetes: `>= 1.20.0` # Keycloak +## Operator + +https://github.com/keycloak/keycloak/tree/main/operator + ## Resources + - Codecentric Helm chart: `https://github.com/codecentric/helm-charts/tree/master/charts/keycloak` - custom image: `https://www.keycloak.org/server/containers` diff --git a/charts/kubezero-auth/README.md.gotmpl b/charts/kubezero-auth/README.md.gotmpl index bad20066..5d55cd63 100644 --- a/charts/kubezero-auth/README.md.gotmpl +++ b/charts/kubezero-auth/README.md.gotmpl @@ -15,7 +15,12 @@ # Keycloak +## Operator + +https://github.com/keycloak/keycloak/tree/main/operator + ## Resources + - Codecentric Helm chart: `https://github.com/codecentric/helm-charts/tree/master/charts/keycloak` - custom image: `https://www.keycloak.org/server/containers` diff --git a/charts/kubezero-auth/crds/keycloak-realmimports.yaml b/charts/kubezero-auth/crds/keycloak-realmimports.yaml new file mode 100644 index 00000000..ed871d6d --- /dev/null +++ b/charts/kubezero-auth/crds/keycloak-realmimports.yaml @@ -0,0 +1,2234 @@ +# Generated by Fabric8 CRDGenerator, manual edits might get overwritten! +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: keycloakrealmimports.k8s.keycloak.org +spec: + group: k8s.keycloak.org + names: + kind: KeycloakRealmImport + plural: keycloakrealmimports + singular: keycloakrealmimport + scope: Namespaced + versions: + - name: v2alpha1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + keycloakCRName: + description: "The name of the Keycloak CR to reference, in the same\ + \ namespace." + type: string + realm: + description: The RealmRepresentation to import into Keycloak. + properties: + webAuthnPolicyAvoidSameAuthenticatorRegister: + type: boolean + federatedUsers: + items: + properties: + id: + type: string + clientConsents: + items: + properties: + grantedClientScopes: + items: + type: string + type: array + grantedRealmRoles: + items: + type: string + type: array + lastUpdatedDate: + type: integer + createdDate: + type: integer + clientId: + type: string + type: object + type: array + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + requiredActions: + items: + type: string + type: array + enabled: + type: boolean + realmRoles: + items: + type: string + type: array + createdTimestamp: + type: integer + emailVerified: + type: boolean + disableableCredentialTypes: + items: + type: string + type: array + socialLinks: + items: + properties: + socialUserId: + type: string + socialProvider: + type: string + socialUsername: + type: string + type: object + type: array + username: + type: string + federationLink: + type: string + access: + additionalProperties: + type: boolean + type: object + totp: + type: boolean + serviceAccountClientId: + type: string + attributes: + additionalProperties: + items: + type: string + type: array + type: object + federatedIdentities: + items: + properties: + userId: + type: string + identityProvider: + type: string + userName: + type: string + type: object + type: array + firstName: + type: string + self: + type: string + notBefore: + type: integer + groups: + items: + type: string + type: array + credentials: + items: + properties: + id: + type: string + period: + type: integer + counter: + type: integer + value: + type: string + hashIterations: + type: integer + algorithm: + type: string + hashedSaltedValue: + type: string + type: + type: string + priority: + type: integer + device: + type: string + temporary: + type: boolean + userLabel: + type: string + createdDate: + type: integer + secretData: + type: string + config: + additionalProperties: + items: + type: string + type: array + type: object + credentialData: + type: string + salt: + type: string + digits: + type: integer + type: object + type: array + applicationRoles: + additionalProperties: + items: + type: string + type: array + type: object + lastName: + type: string + email: + type: string + origin: + type: string + type: object + type: array + adminEventsEnabled: + type: boolean + registrationEmailAsUsername: + type: boolean + keycloakVersion: + type: string + oauth2DeviceCodeLifespan: + type: integer + sslRequired: + type: string + realm: + type: string + defaultGroups: + items: + type: string + type: array + enabled: + type: boolean + webAuthnPolicySignatureAlgorithms: + items: + type: string + type: array + ssoSessionMaxLifespanRememberMe: + type: integer + webAuthnPolicyRpId: + type: string + webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: + type: boolean + users: + items: + properties: + id: + type: string + clientConsents: + items: + properties: + grantedClientScopes: + items: + type: string + type: array + grantedRealmRoles: + items: + type: string + type: array + lastUpdatedDate: + type: integer + createdDate: + type: integer + clientId: + type: string + type: object + type: array + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + requiredActions: + items: + type: string + type: array + enabled: + type: boolean + realmRoles: + items: + type: string + type: array + createdTimestamp: + type: integer + emailVerified: + type: boolean + disableableCredentialTypes: + items: + type: string + type: array + socialLinks: + items: + properties: + socialUserId: + type: string + socialProvider: + type: string + socialUsername: + type: string + type: object + type: array + username: + type: string + federationLink: + type: string + access: + additionalProperties: + type: boolean + type: object + totp: + type: boolean + serviceAccountClientId: + type: string + attributes: + additionalProperties: + items: + type: string + type: array + type: object + federatedIdentities: + items: + properties: + userId: + type: string + identityProvider: + type: string + userName: + type: string + type: object + type: array + firstName: + type: string + self: + type: string + notBefore: + type: integer + groups: + items: + type: string + type: array + credentials: + items: + properties: + id: + type: string + period: + type: integer + counter: + type: integer + value: + type: string + hashIterations: + type: integer + algorithm: + type: string + hashedSaltedValue: + type: string + type: + type: string + priority: + type: integer + device: + type: string + temporary: + type: boolean + userLabel: + type: string + createdDate: + type: integer + secretData: + type: string + config: + additionalProperties: + items: + type: string + type: array + type: object + credentialData: + type: string + salt: + type: string + digits: + type: integer + type: object + type: array + applicationRoles: + additionalProperties: + items: + type: string + type: array + type: object + lastName: + type: string + email: + type: string + origin: + type: string + type: object + type: array + clientTemplates: + items: + properties: + protocol: + type: string + id: + type: string + fullScopeAllowed: + type: boolean + frontchannelLogout: + type: boolean + serviceAccountsEnabled: + type: boolean + standardFlowEnabled: + type: boolean + description: + type: string + publicClient: + type: boolean + consentRequired: + type: boolean + bearerOnly: + type: boolean + protocolMappers: + items: + properties: + protocol: + type: string + id: + type: string + name: + type: string + protocolMapper: + type: string + consentText: + type: string + consentRequired: + type: boolean + config: + additionalProperties: + type: string + type: object + type: object + type: array + name: + type: string + directAccessGrantsEnabled: + type: boolean + implicitFlowEnabled: + type: boolean + attributes: + additionalProperties: + type: string + type: object + type: object + type: array + webAuthnPolicyPasswordlessUserVerificationRequirement: + type: string + registrationFlow: + type: string + publicKey: + type: string + webAuthnPolicyPasswordlessCreateTimeout: + type: integer + authenticationFlows: + items: + properties: + id: + type: string + providerId: + type: string + authenticationExecutions: + items: + properties: + userSetupAllowed: + type: boolean + flowAlias: + type: string + autheticatorFlow: + type: boolean + authenticatorConfig: + type: string + authenticator: + type: string + priority: + type: integer + requirement: + type: string + authenticatorFlow: + type: boolean + type: object + type: array + topLevel: + type: boolean + alias: + type: string + builtIn: + type: boolean + description: + type: string + type: object + type: array + applicationScopeMappings: + additionalProperties: + items: + properties: + clientTemplate: + type: string + self: + type: string + clientScope: + type: string + client: + type: string + roles: + items: + type: string + type: array + type: object + type: array + type: object + offlineSessionMaxLifespan: + type: integer + codeSecret: + type: string + offlineSessionIdleTimeout: + type: integer + quickLoginCheckMilliSeconds: + type: integer + privateKey: + type: string + webAuthnPolicyRpEntityName: + type: string + emailTheme: + type: string + accessCodeLifespanLogin: + type: integer + passwordPolicy: + type: string + ssoSessionIdleTimeoutRememberMe: + type: integer + resetPasswordAllowed: + type: boolean + failureFactor: + type: integer + otpPolicyAlgorithm: + type: string + requiredActions: + items: + properties: + providerId: + type: string + alias: + type: string + defaultAction: + type: boolean + priority: + type: integer + name: + type: string + enabled: + type: boolean + config: + additionalProperties: + type: string + type: object + type: object + type: array + actionTokenGeneratedByUserLifespan: + type: integer + clientAuthenticationFlow: + type: string + webAuthnPolicyAuthenticatorAttachment: + type: string + actionTokenGeneratedByAdminLifespan: + type: integer + id: + type: string + clientPolicies: + type: object + x-kubernetes-preserve-unknown-fields: true + webAuthnPolicyUserVerificationRequirement: + type: string + loginTheme: + type: string + requiredCredentials: + items: + type: string + type: array + webAuthnPolicyPasswordlessAttestationConveyancePreference: + type: string + directGrantFlow: + type: string + identityProviderMappers: + items: + properties: + id: + type: string + name: + type: string + identityProviderMapper: + type: string + identityProviderAlias: + type: string + config: + additionalProperties: + type: string + type: object + type: object + type: array + dockerAuthenticationFlow: + type: string + browserFlow: + type: string + bruteForceProtected: + type: boolean + displayNameHtml: + type: string + ssoSessionIdleTimeout: + type: integer + browserSecurityHeaders: + additionalProperties: + type: string + type: object + eventsListeners: + items: + type: string + type: array + accessTokenLifespan: + type: integer + applications: + items: + properties: + name: + type: string + claims: + properties: + picture: + type: boolean + gender: + type: boolean + phone: + type: boolean + website: + type: boolean + email: + type: boolean + profile: + type: boolean + address: + type: boolean + name: + type: boolean + username: + type: boolean + locale: + type: boolean + type: object + id: + type: string + frontchannelLogout: + type: boolean + useTemplateConfig: + type: boolean + registrationAccessToken: + type: string + baseUrl: + type: string + serviceAccountsEnabled: + type: boolean + registeredNodes: + additionalProperties: + type: integer + type: object + useTemplateMappers: + type: boolean + description: + type: string + publicClient: + type: boolean + useTemplateScope: + type: boolean + authorizationSettings: + properties: + id: + type: string + resources: + items: + properties: + _id: + type: string + uris: + items: + type: string + type: array + attributes: + additionalProperties: + items: + type: string + type: array + type: object + displayName: + type: string + scopes: + items: + properties: + id: + type: string + displayName: + type: string + name: + type: string + iconUri: + type: string + type: object + type: array + owner: + properties: + id: + type: string + name: + type: string + type: object + name: + type: string + type: + type: string + icon_uri: + type: string + ownerManagedAccess: + type: boolean + type: object + type: array + decisionStrategy: + enum: + - AFFIRMATIVE + - CONSENSUS + - UNANIMOUS + type: string + name: + type: string + policyEnforcementMode: + enum: + - PERMISSIVE + - ENFORCING + - DISABLED + type: string + scopes: + items: + properties: + id: + type: string + displayName: + type: string + name: + type: string + iconUri: + type: string + type: object + type: array + policies: + items: + properties: + config: + additionalProperties: + type: string + type: object + id: + type: string + owner: + type: string + resources: + items: + type: string + type: array + policies: + items: + type: string + type: array + decisionStrategy: + enum: + - AFFIRMATIVE + - CONSENSUS + - UNANIMOUS + type: string + logic: + enum: + - POSITIVE + - NEGATIVE + type: string + resourcesData: + items: + properties: + _id: + type: string + uris: + items: + type: string + type: array + attributes: + additionalProperties: + items: + type: string + type: array + type: object + displayName: + type: string + scopes: + items: + properties: + id: + type: string + displayName: + type: string + name: + type: string + iconUri: + type: string + type: object + type: array + owner: + properties: + id: + type: string + name: + type: string + type: object + name: + type: string + type: + type: string + icon_uri: + type: string + ownerManagedAccess: + type: boolean + type: object + type: array + name: + type: string + type: + type: string + scopesData: + items: + properties: + id: + type: string + displayName: + type: string + name: + type: string + iconUri: + type: string + type: object + type: array + description: + type: string + scopes: + items: + type: string + type: array + type: object + type: array + clientId: + type: string + allowRemoteResourceManagement: + type: boolean + type: object + clientId: + type: string + enabled: + type: boolean + clientAuthenticatorType: + type: string + surrogateAuthRequired: + type: boolean + webOrigins: + items: + type: string + type: array + authorizationServicesEnabled: + type: boolean + secret: + type: string + protocol: + type: string + fullScopeAllowed: + type: boolean + nodeReRegistrationTimeout: + type: integer + clientTemplate: + type: string + access: + additionalProperties: + type: boolean + type: object + alwaysDisplayInConsole: + type: boolean + rootUrl: + type: string + oauth2DeviceAuthorizationGrantEnabled: + type: boolean + standardFlowEnabled: + type: boolean + optionalClientScopes: + items: + type: string + type: array + consentRequired: + type: boolean + authenticationFlowBindingOverrides: + additionalProperties: + type: string + type: object + bearerOnly: + type: boolean + defaultClientScopes: + items: + type: string + type: array + adminUrl: + type: string + protocolMappers: + items: + properties: + protocol: + type: string + id: + type: string + name: + type: string + protocolMapper: + type: string + consentText: + type: string + consentRequired: + type: boolean + config: + additionalProperties: + type: string + type: object + type: object + type: array + notBefore: + type: integer + directGrantsOnly: + type: boolean + defaultRoles: + items: + type: string + type: array + directAccessGrantsEnabled: + type: boolean + implicitFlowEnabled: + type: boolean + origin: + type: string + attributes: + additionalProperties: + type: string + type: object + redirectUris: + items: + type: string + type: array + type: object + type: array + clientProfiles: + type: object + x-kubernetes-preserve-unknown-fields: true + userFederationMappers: + items: + properties: + id: + type: string + federationProviderDisplayName: + type: string + federationMapperType: + type: string + name: + type: string + config: + additionalProperties: + type: string + type: object + type: object + type: array + enabledEventTypes: + items: + type: string + type: array + otpPolicyLookAheadWindow: + type: integer + displayName: + type: string + eventsEnabled: + type: boolean + clientSessionMaxLifespan: + type: integer + roles: + properties: + application: + additionalProperties: + items: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + clientRole: + type: boolean + name: + type: string + description: + type: string + scopeParamRequired: + type: boolean + composites: + properties: + realm: + items: + type: string + type: array + application: + additionalProperties: + items: + type: string + type: array + type: object + client: + additionalProperties: + items: + type: string + type: array + type: object + type: object + containerId: + type: string + composite: + type: boolean + type: object + type: array + type: object + client: + additionalProperties: + items: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + clientRole: + type: boolean + name: + type: string + description: + type: string + scopeParamRequired: + type: boolean + composites: + properties: + realm: + items: + type: string + type: array + application: + additionalProperties: + items: + type: string + type: array + type: object + client: + additionalProperties: + items: + type: string + type: array + type: object + type: object + containerId: + type: string + composite: + type: boolean + type: object + type: array + type: object + realm: + items: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + clientRole: + type: boolean + name: + type: string + description: + type: string + scopeParamRequired: + type: boolean + composites: + properties: + realm: + items: + type: string + type: array + application: + additionalProperties: + items: + type: string + type: array + type: object + client: + additionalProperties: + items: + type: string + type: array + type: object + type: object + containerId: + type: string + composite: + type: boolean + type: object + type: array + type: object + groups: + items: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + access: + additionalProperties: + type: boolean + type: object + realmRoles: + items: + type: string + type: array + path: + type: string + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + name: + type: string + subGroups: + items: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + access: + additionalProperties: + type: boolean + type: object + realmRoles: + items: + type: string + type: array + path: + type: string + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + name: + type: string + type: object + type: array + type: object + type: array + webAuthnPolicyCreateTimeout: + type: integer + webAuthnPolicyAttestationConveyancePreference: + type: string + clientOfflineSessionIdleTimeout: + type: integer + notBefore: + type: integer + webAuthnPolicyPasswordlessRpEntityName: + type: string + verifyEmail: + type: boolean + clientScopeMappings: + additionalProperties: + items: + properties: + clientTemplate: + type: string + self: + type: string + clientScope: + type: string + client: + type: string + roles: + items: + type: string + type: array + type: object + type: array + type: object + identityProviders: + items: + properties: + storeToken: + type: boolean + trustEmail: + type: boolean + updateProfileFirstLoginMode: + type: string + authenticateByDefault: + type: boolean + displayName: + type: string + providerId: + type: string + linkOnly: + type: boolean + postBrokerLoginFlowAlias: + type: string + alias: + type: string + enabled: + type: boolean + firstBrokerLoginFlowAlias: + type: string + internalId: + type: string + addReadTokenRoleOnCreate: + type: boolean + config: + additionalProperties: + type: string + type: object + type: object + type: array + resetCredentialsFlow: + type: string + duplicateEmailsAllowed: + type: boolean + maxDeltaTimeSeconds: + type: integer + offlineSessionMaxLifespanEnabled: + type: boolean + realmCacheEnabled: + type: boolean + attributes: + additionalProperties: + type: string + type: object + adminTheme: + type: string + loginWithEmailAllowed: + type: boolean + otpSupportedApplications: + items: + type: string + type: array + clientOfflineSessionMaxLifespan: + type: integer + userFederationProviders: + items: + properties: + id: + type: string + providerName: + type: string + displayName: + type: string + priority: + type: integer + fullSyncPeriod: + type: integer + lastSync: + type: integer + changedSyncPeriod: + type: integer + config: + additionalProperties: + type: string + type: object + type: object + type: array + internationalizationEnabled: + type: boolean + permanentLockout: + type: boolean + userManagedAccessAllowed: + type: boolean + smtpServer: + additionalProperties: + type: string + type: object + otpPolicyDigits: + type: integer + webAuthnPolicyPasswordlessSignatureAlgorithms: + items: + type: string + type: array + socialProviders: + additionalProperties: + type: string + type: object + otpPolicyInitialCounter: + type: integer + defaultSignatureAlgorithm: + type: string + refreshTokenMaxReuse: + type: integer + revokeRefreshToken: + type: boolean + accountTheme: + type: string + webAuthnPolicyPasswordlessAcceptableAaguids: + items: + type: string + type: array + webAuthnPolicyPasswordlessAuthenticatorAttachment: + type: string + supportedLocales: + items: + type: string + type: array + defaultDefaultClientScopes: + items: + type: string + type: array + authenticatorConfig: + items: + properties: + id: + type: string + alias: + type: string + config: + additionalProperties: + type: string + type: object + type: object + type: array + webAuthnPolicyPasswordlessRpId: + type: string + scopeMappings: + items: + properties: + clientTemplate: + type: string + self: + type: string + clientScope: + type: string + client: + type: string + roles: + items: + type: string + type: array + type: object + type: array + clientScopes: + items: + properties: + protocol: + type: string + id: + type: string + protocolMappers: + items: + properties: + protocol: + type: string + id: + type: string + name: + type: string + protocolMapper: + type: string + consentText: + type: string + consentRequired: + type: boolean + config: + additionalProperties: + type: string + type: object + type: object + type: array + name: + type: string + description: + type: string + attributes: + additionalProperties: + type: string + type: object + type: object + type: array + oauth2DevicePollingInterval: + type: integer + eventsExpiration: + type: integer + certificate: + type: string + defaultRole: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + clientRole: + type: boolean + name: + type: string + description: + type: string + scopeParamRequired: + type: boolean + composites: + properties: + realm: + items: + type: string + type: array + application: + additionalProperties: + items: + type: string + type: array + type: object + client: + additionalProperties: + items: + type: string + type: array + type: object + type: object + containerId: + type: string + composite: + type: boolean + type: object + defaultOptionalClientScopes: + items: + type: string + type: array + editUsernameAllowed: + type: boolean + defaultLocale: + type: string + webAuthnPolicyRequireResidentKey: + type: string + oauthClients: + items: + properties: + name: + type: string + claims: + properties: + picture: + type: boolean + gender: + type: boolean + phone: + type: boolean + website: + type: boolean + email: + type: boolean + profile: + type: boolean + address: + type: boolean + name: + type: boolean + username: + type: boolean + locale: + type: boolean + type: object + id: + type: string + frontchannelLogout: + type: boolean + useTemplateConfig: + type: boolean + registrationAccessToken: + type: string + baseUrl: + type: string + serviceAccountsEnabled: + type: boolean + registeredNodes: + additionalProperties: + type: integer + type: object + useTemplateMappers: + type: boolean + description: + type: string + publicClient: + type: boolean + useTemplateScope: + type: boolean + authorizationSettings: + properties: + id: + type: string + resources: + items: + properties: + _id: + type: string + uris: + items: + type: string + type: array + attributes: + additionalProperties: + items: + type: string + type: array + type: object + displayName: + type: string + scopes: + items: + properties: + id: + type: string + displayName: + type: string + name: + type: string + iconUri: + type: string + type: object + type: array + owner: + properties: + id: + type: string + name: + type: string + type: object + name: + type: string + type: + type: string + icon_uri: + type: string + ownerManagedAccess: + type: boolean + type: object + type: array + decisionStrategy: + enum: + - AFFIRMATIVE + - CONSENSUS + - UNANIMOUS + type: string + name: + type: string + policyEnforcementMode: + enum: + - PERMISSIVE + - ENFORCING + - DISABLED + type: string + scopes: + items: + properties: + id: + type: string + displayName: + type: string + name: + type: string + iconUri: + type: string + type: object + type: array + policies: + items: + properties: + config: + additionalProperties: + type: string + type: object + id: + type: string + owner: + type: string + resources: + items: + type: string + type: array + policies: + items: + type: string + type: array + decisionStrategy: + enum: + - AFFIRMATIVE + - CONSENSUS + - UNANIMOUS + type: string + logic: + enum: + - POSITIVE + - NEGATIVE + type: string + resourcesData: + items: + properties: + _id: + type: string + uris: + items: + type: string + type: array + attributes: + additionalProperties: + items: + type: string + type: array + type: object + displayName: + type: string + scopes: + items: + properties: + id: + type: string + displayName: + type: string + name: + type: string + iconUri: + type: string + type: object + type: array + owner: + properties: + id: + type: string + name: + type: string + type: object + name: + type: string + type: + type: string + icon_uri: + type: string + ownerManagedAccess: + type: boolean + type: object + type: array + name: + type: string + type: + type: string + scopesData: + items: + properties: + id: + type: string + displayName: + type: string + name: + type: string + iconUri: + type: string + type: object + type: array + description: + type: string + scopes: + items: + type: string + type: array + type: object + type: array + clientId: + type: string + allowRemoteResourceManagement: + type: boolean + type: object + clientId: + type: string + enabled: + type: boolean + clientAuthenticatorType: + type: string + surrogateAuthRequired: + type: boolean + webOrigins: + items: + type: string + type: array + authorizationServicesEnabled: + type: boolean + secret: + type: string + protocol: + type: string + fullScopeAllowed: + type: boolean + nodeReRegistrationTimeout: + type: integer + clientTemplate: + type: string + access: + additionalProperties: + type: boolean + type: object + alwaysDisplayInConsole: + type: boolean + rootUrl: + type: string + oauth2DeviceAuthorizationGrantEnabled: + type: boolean + standardFlowEnabled: + type: boolean + optionalClientScopes: + items: + type: string + type: array + consentRequired: + type: boolean + authenticationFlowBindingOverrides: + additionalProperties: + type: string + type: object + bearerOnly: + type: boolean + defaultClientScopes: + items: + type: string + type: array + adminUrl: + type: string + protocolMappers: + items: + properties: + protocol: + type: string + id: + type: string + name: + type: string + protocolMapper: + type: string + consentText: + type: string + consentRequired: + type: boolean + config: + additionalProperties: + type: string + type: object + type: object + type: array + notBefore: + type: integer + directGrantsOnly: + type: boolean + defaultRoles: + items: + type: string + type: array + directAccessGrantsEnabled: + type: boolean + implicitFlowEnabled: + type: boolean + origin: + type: string + attributes: + additionalProperties: + type: string + type: object + redirectUris: + items: + type: string + type: array + type: object + type: array + adminEventsDetailsEnabled: + type: boolean + ssoSessionMaxLifespan: + type: integer + accessCodeLifespanUserAction: + type: integer + registrationAllowed: + type: boolean + social: + type: boolean + accessTokenLifespanForImplicitFlow: + type: integer + rememberMe: + type: boolean + maxFailureWaitSeconds: + type: integer + defaultRoles: + items: + type: string + type: array + otpPolicyType: + type: string + otpPolicyPeriod: + type: integer + accessCodeLifespan: + type: integer + minimumQuickLoginWaitSeconds: + type: integer + webAuthnPolicyAcceptableAaguids: + items: + type: string + type: array + updateProfileOnInitialSocialLogin: + type: boolean + clientSessionIdleTimeout: + type: integer + webAuthnPolicyPasswordlessRequireResidentKey: + type: string + waitIncrementSeconds: + type: integer + protocolMappers: + items: + properties: + protocol: + type: string + id: + type: string + name: + type: string + protocolMapper: + type: string + consentText: + type: string + consentRequired: + type: boolean + config: + additionalProperties: + type: string + type: object + type: object + type: array + clients: + items: + properties: + id: + type: string + frontchannelLogout: + type: boolean + useTemplateConfig: + type: boolean + registrationAccessToken: + type: string + baseUrl: + type: string + serviceAccountsEnabled: + type: boolean + registeredNodes: + additionalProperties: + type: integer + type: object + useTemplateMappers: + type: boolean + description: + type: string + publicClient: + type: boolean + useTemplateScope: + type: boolean + authorizationSettings: + properties: + id: + type: string + resources: + items: + properties: + _id: + type: string + uris: + items: + type: string + type: array + attributes: + additionalProperties: + items: + type: string + type: array + type: object + displayName: + type: string + scopes: + items: + properties: + id: + type: string + displayName: + type: string + name: + type: string + iconUri: + type: string + type: object + type: array + owner: + properties: + id: + type: string + name: + type: string + type: object + name: + type: string + type: + type: string + icon_uri: + type: string + ownerManagedAccess: + type: boolean + type: object + type: array + decisionStrategy: + enum: + - AFFIRMATIVE + - CONSENSUS + - UNANIMOUS + type: string + name: + type: string + policyEnforcementMode: + enum: + - PERMISSIVE + - ENFORCING + - DISABLED + type: string + scopes: + items: + properties: + id: + type: string + displayName: + type: string + name: + type: string + iconUri: + type: string + type: object + type: array + policies: + items: + properties: + config: + additionalProperties: + type: string + type: object + id: + type: string + owner: + type: string + resources: + items: + type: string + type: array + policies: + items: + type: string + type: array + decisionStrategy: + enum: + - AFFIRMATIVE + - CONSENSUS + - UNANIMOUS + type: string + logic: + enum: + - POSITIVE + - NEGATIVE + type: string + resourcesData: + items: + properties: + _id: + type: string + uris: + items: + type: string + type: array + attributes: + additionalProperties: + items: + type: string + type: array + type: object + displayName: + type: string + scopes: + items: + properties: + id: + type: string + displayName: + type: string + name: + type: string + iconUri: + type: string + type: object + type: array + owner: + properties: + id: + type: string + name: + type: string + type: object + name: + type: string + type: + type: string + icon_uri: + type: string + ownerManagedAccess: + type: boolean + type: object + type: array + name: + type: string + type: + type: string + scopesData: + items: + properties: + id: + type: string + displayName: + type: string + name: + type: string + iconUri: + type: string + type: object + type: array + description: + type: string + scopes: + items: + type: string + type: array + type: object + type: array + clientId: + type: string + allowRemoteResourceManagement: + type: boolean + type: object + clientId: + type: string + enabled: + type: boolean + clientAuthenticatorType: + type: string + name: + type: string + surrogateAuthRequired: + type: boolean + webOrigins: + items: + type: string + type: array + authorizationServicesEnabled: + type: boolean + secret: + type: string + protocol: + type: string + fullScopeAllowed: + type: boolean + nodeReRegistrationTimeout: + type: integer + clientTemplate: + type: string + access: + additionalProperties: + type: boolean + type: object + alwaysDisplayInConsole: + type: boolean + rootUrl: + type: string + oauth2DeviceAuthorizationGrantEnabled: + type: boolean + standardFlowEnabled: + type: boolean + optionalClientScopes: + items: + type: string + type: array + consentRequired: + type: boolean + authenticationFlowBindingOverrides: + additionalProperties: + type: string + type: object + bearerOnly: + type: boolean + defaultClientScopes: + items: + type: string + type: array + adminUrl: + type: string + protocolMappers: + items: + properties: + protocol: + type: string + id: + type: string + name: + type: string + protocolMapper: + type: string + consentText: + type: string + consentRequired: + type: boolean + config: + additionalProperties: + type: string + type: object + type: object + type: array + notBefore: + type: integer + directGrantsOnly: + type: boolean + defaultRoles: + items: + type: string + type: array + directAccessGrantsEnabled: + type: boolean + implicitFlowEnabled: + type: boolean + origin: + type: string + attributes: + additionalProperties: + type: string + type: object + redirectUris: + items: + type: string + type: array + type: object + type: array + components: + additionalProperties: + items: + properties: + id: + type: string + providerId: + type: string + subType: + type: string + subComponents: + additionalProperties: + items: + properties: + id: + type: string + providerId: + type: string + subType: + type: string + name: + type: string + config: + additionalProperties: + items: + type: string + type: array + type: object + type: object + type: array + type: object + name: + type: string + config: + additionalProperties: + items: + type: string + type: array + type: object + type: object + type: array + type: object + passwordCredentialGrantAllowed: + type: boolean + userCacheEnabled: + type: boolean + type: object + required: + - keycloakCRName + - realm + type: object + status: + properties: + conditions: + items: + properties: + status: + type: boolean + type: + type: string + message: + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/kubezero-auth/update.sh b/charts/kubezero-auth/update.sh index 2dddaf71..1ea3dbad 100755 --- a/charts/kubezero-auth/update.sh +++ b/charts/kubezero-auth/update.sh @@ -7,8 +7,7 @@ helm dep update VERSION=$(yq eval '.appVersion' Chart.yaml) wget -q -O crds/keycloak.yaml https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/${VERSION}/kubernetes/keycloaks.k8s.keycloak.org-v1.yml -# No realm imports needed so far -# wget -q -O crds/keycloak-realmimport.yaml https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/${VERSION}/kubernetes/keycloakrealmimports.k8s.keycloak.org-v1.yml + wget -q -O crds/keycloak-realmimports.yaml https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/${VERSION}/kubernetes/keycloakrealmimports.k8s.keycloak.org-v1.yml wget -q -O templates/keycloak-operator/all.yaml https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/${VERSION}/kubernetes/kubernetes.yml