diff --git a/apis/cluster/client/v1alpha1/zz_generated.deepcopy.go b/apis/cluster/client/v1alpha1/zz_generated.deepcopy.go index ec651677..ab01ce8f 100644 --- a/apis/cluster/client/v1alpha1/zz_generated.deepcopy.go +++ b/apis/cluster/client/v1alpha1/zz_generated.deepcopy.go @@ -515,6 +515,36 @@ func (in *RoleMapperInitParameters) DeepCopyInto(out *RoleMapperInitParameters) *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.SAMLClientID != nil { + in, out := &in.SAMLClientID, &out.SAMLClientID + *out = new(string) + **out = **in + } + if in.SAMLClientIDRef != nil { + in, out := &in.SAMLClientIDRef, &out.SAMLClientIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.SAMLClientIDSelector != nil { + in, out := &in.SAMLClientIDSelector, &out.SAMLClientIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.SAMLClientScopeID != nil { + in, out := &in.SAMLClientScopeID, &out.SAMLClientScopeID + *out = new(string) + **out = **in + } + if in.SAMLClientScopeIDRef != nil { + in, out := &in.SAMLClientScopeIDRef, &out.SAMLClientScopeIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.SAMLClientScopeIDSelector != nil { + in, out := &in.SAMLClientScopeIDSelector, &out.SAMLClientScopeIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleMapperInitParameters. @@ -587,6 +617,16 @@ func (in *RoleMapperObservation) DeepCopyInto(out *RoleMapperObservation) { *out = new(string) **out = **in } + if in.SAMLClientID != nil { + in, out := &in.SAMLClientID, &out.SAMLClientID + *out = new(string) + **out = **in + } + if in.SAMLClientScopeID != nil { + in, out := &in.SAMLClientScopeID, &out.SAMLClientScopeID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleMapperObservation. @@ -662,6 +702,36 @@ func (in *RoleMapperParameters) DeepCopyInto(out *RoleMapperParameters) { *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.SAMLClientID != nil { + in, out := &in.SAMLClientID, &out.SAMLClientID + *out = new(string) + **out = **in + } + if in.SAMLClientIDRef != nil { + in, out := &in.SAMLClientIDRef, &out.SAMLClientIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.SAMLClientIDSelector != nil { + in, out := &in.SAMLClientIDSelector, &out.SAMLClientIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.SAMLClientScopeID != nil { + in, out := &in.SAMLClientScopeID, &out.SAMLClientScopeID + *out = new(string) + **out = **in + } + if in.SAMLClientScopeIDRef != nil { + in, out := &in.SAMLClientScopeIDRef, &out.SAMLClientScopeIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.SAMLClientScopeIDSelector != nil { + in, out := &in.SAMLClientScopeIDSelector, &out.SAMLClientScopeIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleMapperParameters. diff --git a/apis/cluster/client/v1alpha1/zz_generated.resolvers.go b/apis/cluster/client/v1alpha1/zz_generated.resolvers.go index f76ce3d1..a3d252b2 100644 --- a/apis/cluster/client/v1alpha1/zz_generated.resolvers.go +++ b/apis/cluster/client/v1alpha1/zz_generated.resolvers.go @@ -32,7 +32,7 @@ func (mg *ProtocolMapper) ResolveReferences( // ResolveReferences of this Protoc rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ClientID), - Extract: reference.ExternalName(), + Extract: common.UUIDExtractor(), Namespace: mg.GetNamespace(), Reference: mg.Spec.ForProvider.ClientIDRef, Selector: mg.Spec.ForProvider.ClientIDSelector, @@ -92,7 +92,7 @@ func (mg *ProtocolMapper) ResolveReferences( // ResolveReferences of this Protoc rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.SAMLClientID), - Extract: reference.ExternalName(), + Extract: common.UUIDExtractor(), Namespace: mg.GetNamespace(), Reference: mg.Spec.ForProvider.SAMLClientIDRef, Selector: mg.Spec.ForProvider.SAMLClientIDSelector, @@ -132,7 +132,7 @@ func (mg *ProtocolMapper) ResolveReferences( // ResolveReferences of this Protoc rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ClientID), - Extract: reference.ExternalName(), + Extract: common.UUIDExtractor(), Namespace: mg.GetNamespace(), Reference: mg.Spec.InitProvider.ClientIDRef, Selector: mg.Spec.InitProvider.ClientIDSelector, @@ -192,7 +192,7 @@ func (mg *ProtocolMapper) ResolveReferences( // ResolveReferences of this Protoc rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.SAMLClientID), - Extract: reference.ExternalName(), + Extract: common.UUIDExtractor(), Namespace: mg.GetNamespace(), Reference: mg.Spec.InitProvider.SAMLClientIDRef, Selector: mg.Spec.InitProvider.SAMLClientIDSelector, @@ -316,6 +316,46 @@ func (mg *RoleMapper) ResolveReferences(ctx context.Context, c client.Reader) er } mg.Spec.ForProvider.RoleID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.RoleIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("samlclient.keycloak.crossplane.io", "v1alpha1", "Client", "ClientList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.SAMLClientID), + Extract: common.UUIDExtractor(), + Namespace: mg.GetNamespace(), + Reference: mg.Spec.ForProvider.SAMLClientIDRef, + Selector: mg.Spec.ForProvider.SAMLClientIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.SAMLClientID") + } + mg.Spec.ForProvider.SAMLClientID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.SAMLClientIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("samlclient.keycloak.crossplane.io", "v1alpha1", "ClientScope", "ClientScopeList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.SAMLClientScopeID), + Extract: reference.ExternalName(), + Namespace: mg.GetNamespace(), + Reference: mg.Spec.ForProvider.SAMLClientScopeIDRef, + Selector: mg.Spec.ForProvider.SAMLClientScopeIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.SAMLClientScopeID") + } + mg.Spec.ForProvider.SAMLClientScopeID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.SAMLClientScopeIDRef = rsp.ResolvedReference { m, l, err = apisresolver.GetManagedResource("openidclient.keycloak.crossplane.io", "v1alpha1", "Client", "ClientList") if err != nil { @@ -396,6 +436,46 @@ func (mg *RoleMapper) ResolveReferences(ctx context.Context, c client.Reader) er } mg.Spec.InitProvider.RoleID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.InitProvider.RoleIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("samlclient.keycloak.crossplane.io", "v1alpha1", "Client", "ClientList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.SAMLClientID), + Extract: common.UUIDExtractor(), + Namespace: mg.GetNamespace(), + Reference: mg.Spec.InitProvider.SAMLClientIDRef, + Selector: mg.Spec.InitProvider.SAMLClientIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.SAMLClientID") + } + mg.Spec.InitProvider.SAMLClientID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.SAMLClientIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("samlclient.keycloak.crossplane.io", "v1alpha1", "ClientScope", "ClientScopeList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.SAMLClientScopeID), + Extract: reference.ExternalName(), + Namespace: mg.GetNamespace(), + Reference: mg.Spec.InitProvider.SAMLClientScopeIDRef, + Selector: mg.Spec.InitProvider.SAMLClientScopeIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.SAMLClientScopeID") + } + mg.Spec.InitProvider.SAMLClientScopeID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.SAMLClientScopeIDRef = rsp.ResolvedReference return nil } diff --git a/apis/cluster/client/v1alpha1/zz_protocolmapper_types.go b/apis/cluster/client/v1alpha1/zz_protocolmapper_types.go index ccb81330..8df89efe 100755 --- a/apis/cluster/client/v1alpha1/zz_protocolmapper_types.go +++ b/apis/cluster/client/v1alpha1/zz_protocolmapper_types.go @@ -18,6 +18,7 @@ type ProtocolMapperInitParameters struct { // The ID of the client this protocol mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. // The mapper's associated client. Cannot be used at the same time as client_scope_id. // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/cluster/openidclient/v1alpha1.Client + // +crossplane:generate:reference:extractor=github.com/crossplane-contrib/provider-keycloak/config/common.UUIDExtractor() ClientID *string `json:"clientId,omitempty" tf:"client_id,omitempty"` // Reference to a Client in openidclient to populate clientId. @@ -73,6 +74,7 @@ type ProtocolMapperInitParameters struct { // The ID of the client this protocol mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. // The mapper's associated client. Cannot be used at the same time as client_scope_id. // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/cluster/samlclient/v1alpha1.Client + // +crossplane:generate:reference:extractor=github.com/crossplane-contrib/provider-keycloak/config/common.UUIDExtractor() SAMLClientID *string `json:"samlClientId,omitempty" tf:"saml_client_id,omitempty"` // Reference to a Client in samlclient to populate samlClientId. @@ -143,6 +145,7 @@ type ProtocolMapperParameters struct { // The ID of the client this protocol mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. // The mapper's associated client. Cannot be used at the same time as client_scope_id. // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/cluster/openidclient/v1alpha1.Client + // +crossplane:generate:reference:extractor=github.com/crossplane-contrib/provider-keycloak/config/common.UUIDExtractor() // +kubebuilder:validation:Optional ClientID *string `json:"clientId,omitempty" tf:"client_id,omitempty"` @@ -205,6 +208,7 @@ type ProtocolMapperParameters struct { // The ID of the client this protocol mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. // The mapper's associated client. Cannot be used at the same time as client_scope_id. // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/cluster/samlclient/v1alpha1.Client + // +crossplane:generate:reference:extractor=github.com/crossplane-contrib/provider-keycloak/config/common.UUIDExtractor() // +kubebuilder:validation:Optional SAMLClientID *string `json:"samlClientId,omitempty" tf:"saml_client_id,omitempty"` diff --git a/apis/cluster/client/v1alpha1/zz_rolemapper_terraformed.go b/apis/cluster/client/v1alpha1/zz_rolemapper_terraformed.go index a7a5fb36..b67c2928 100755 --- a/apis/cluster/client/v1alpha1/zz_rolemapper_terraformed.go +++ b/apis/cluster/client/v1alpha1/zz_rolemapper_terraformed.go @@ -118,6 +118,8 @@ func (tr *RoleMapper) LateInitialize(attrs []byte) (bool, error) { return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") } opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + opts = append(opts, resource.WithNameFilter("ClientID")) + opts = append(opts, resource.WithNameFilter("ClientScopeID")) li := resource.NewGenericLateInitializer(opts...) return li.LateInitialize(&tr.Spec.ForProvider, params) diff --git a/apis/cluster/client/v1alpha1/zz_rolemapper_types.go b/apis/cluster/client/v1alpha1/zz_rolemapper_types.go index 223956d1..b30323a9 100755 --- a/apis/cluster/client/v1alpha1/zz_rolemapper_types.go +++ b/apis/cluster/client/v1alpha1/zz_rolemapper_types.go @@ -67,6 +67,33 @@ type RoleMapperInitParameters struct { // Selector for a Role in role to populate roleId. // +kubebuilder:validation:Optional RoleIDSelector *v1.Selector `json:"roleIdSelector,omitempty" tf:"-"` + + // The ID of the client this role mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. + // The destination client of the role. Cannot be used at the same time as client_scope_id. + // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/cluster/samlclient/v1alpha1.Client + // +crossplane:generate:reference:extractor=github.com/crossplane-contrib/provider-keycloak/config/common.UUIDExtractor() + SAMLClientID *string `json:"samlClientId,omitempty" tf:"saml_client_id,omitempty"` + + // Reference to a Client in samlclient to populate samlClientId. + // +kubebuilder:validation:Optional + SAMLClientIDRef *v1.Reference `json:"samlClientIdRef,omitempty" tf:"-"` + + // Selector for a Client in samlclient to populate samlClientId. + // +kubebuilder:validation:Optional + SAMLClientIDSelector *v1.Selector `json:"samlClientIdSelector,omitempty" tf:"-"` + + // The ID of the client scope this role mapper should be added to. Conflicts with client_id. This argument is required if client_id is not set. + // The destination client scope of the role. Cannot be used at the same time as client_id. + // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/cluster/samlclient/v1alpha1.ClientScope + SAMLClientScopeID *string `json:"samlClientScopeId,omitempty" tf:"saml_client_scope_id,omitempty"` + + // Reference to a ClientScope in samlclient to populate samlClientScopeId. + // +kubebuilder:validation:Optional + SAMLClientScopeIDRef *v1.Reference `json:"samlClientScopeIdRef,omitempty" tf:"-"` + + // Selector for a ClientScope in samlclient to populate samlClientScopeId. + // +kubebuilder:validation:Optional + SAMLClientScopeIDSelector *v1.Selector `json:"samlClientScopeIdSelector,omitempty" tf:"-"` } type RoleMapperObservation struct { @@ -88,6 +115,14 @@ type RoleMapperObservation struct { // The ID of the role to be added to this role mapper. // Id of the role to assign RoleID *string `json:"roleId,omitempty" tf:"role_id,omitempty"` + + // The ID of the client this role mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. + // The destination client of the role. Cannot be used at the same time as client_scope_id. + SAMLClientID *string `json:"samlClientId,omitempty" tf:"saml_client_id,omitempty"` + + // The ID of the client scope this role mapper should be added to. Conflicts with client_id. This argument is required if client_id is not set. + // The destination client scope of the role. Cannot be used at the same time as client_id. + SAMLClientScopeID *string `json:"samlClientScopeId,omitempty" tf:"saml_client_scope_id,omitempty"` } type RoleMapperParameters struct { @@ -148,6 +183,35 @@ type RoleMapperParameters struct { // Selector for a Role in role to populate roleId. // +kubebuilder:validation:Optional RoleIDSelector *v1.Selector `json:"roleIdSelector,omitempty" tf:"-"` + + // The ID of the client this role mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. + // The destination client of the role. Cannot be used at the same time as client_scope_id. + // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/cluster/samlclient/v1alpha1.Client + // +crossplane:generate:reference:extractor=github.com/crossplane-contrib/provider-keycloak/config/common.UUIDExtractor() + // +kubebuilder:validation:Optional + SAMLClientID *string `json:"samlClientId,omitempty" tf:"saml_client_id,omitempty"` + + // Reference to a Client in samlclient to populate samlClientId. + // +kubebuilder:validation:Optional + SAMLClientIDRef *v1.Reference `json:"samlClientIdRef,omitempty" tf:"-"` + + // Selector for a Client in samlclient to populate samlClientId. + // +kubebuilder:validation:Optional + SAMLClientIDSelector *v1.Selector `json:"samlClientIdSelector,omitempty" tf:"-"` + + // The ID of the client scope this role mapper should be added to. Conflicts with client_id. This argument is required if client_id is not set. + // The destination client scope of the role. Cannot be used at the same time as client_id. + // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/cluster/samlclient/v1alpha1.ClientScope + // +kubebuilder:validation:Optional + SAMLClientScopeID *string `json:"samlClientScopeId,omitempty" tf:"saml_client_scope_id,omitempty"` + + // Reference to a ClientScope in samlclient to populate samlClientScopeId. + // +kubebuilder:validation:Optional + SAMLClientScopeIDRef *v1.Reference `json:"samlClientScopeIdRef,omitempty" tf:"-"` + + // Selector for a ClientScope in samlclient to populate samlClientScopeId. + // +kubebuilder:validation:Optional + SAMLClientScopeIDSelector *v1.Selector `json:"samlClientScopeIdSelector,omitempty" tf:"-"` } // RoleMapperSpec defines the desired state of RoleMapper diff --git a/apis/cluster/openidclient/v1alpha1/zz_client_types.go b/apis/cluster/openidclient/v1alpha1/zz_client_types.go index f46350b3..ca1027f4 100755 --- a/apis/cluster/openidclient/v1alpha1/zz_client_types.go +++ b/apis/cluster/openidclient/v1alpha1/zz_client_types.go @@ -166,18 +166,8 @@ type ClientInitParameters struct { ClientAuthenticatorType *string `json:"clientAuthenticatorType,omitempty" tf:"client_authenticator_type,omitempty"` // The Client ID for this client, referenced in the URI during authentication and in issued tokens. - // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/cluster/openidclient/v1alpha1.Client - // +crossplane:generate:reference:extractor=github.com/crossplane-contrib/provider-keycloak/config/common.UUIDExtractor() ClientID *string `json:"clientId,omitempty" tf:"client_id,omitempty"` - // Reference to a Client in openidclient to populate clientId. - // +kubebuilder:validation:Optional - ClientIDRef *v1.Reference `json:"clientIdRef,omitempty" tf:"-"` - - // Selector for a Client in openidclient to populate clientId. - // +kubebuilder:validation:Optional - ClientIDSelector *v1.Selector `json:"clientIdSelector,omitempty" tf:"-"` - // Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. ClientOfflineSessionIdleTimeout *string `json:"clientOfflineSessionIdleTimeout,omitempty" tf:"client_offline_session_idle_timeout,omitempty"` @@ -536,19 +526,9 @@ type ClientParameters struct { ClientAuthenticatorType *string `json:"clientAuthenticatorType,omitempty" tf:"client_authenticator_type,omitempty"` // The Client ID for this client, referenced in the URI during authentication and in issued tokens. - // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/cluster/openidclient/v1alpha1.Client - // +crossplane:generate:reference:extractor=github.com/crossplane-contrib/provider-keycloak/config/common.UUIDExtractor() // +kubebuilder:validation:Optional ClientID *string `json:"clientId,omitempty" tf:"client_id,omitempty"` - // Reference to a Client in openidclient to populate clientId. - // +kubebuilder:validation:Optional - ClientIDRef *v1.Reference `json:"clientIdRef,omitempty" tf:"-"` - - // Selector for a Client in openidclient to populate clientId. - // +kubebuilder:validation:Optional - ClientIDSelector *v1.Selector `json:"clientIdSelector,omitempty" tf:"-"` - // Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. // +kubebuilder:validation:Optional ClientOfflineSessionIdleTimeout *string `json:"clientOfflineSessionIdleTimeout,omitempty" tf:"client_offline_session_idle_timeout,omitempty"` @@ -762,6 +742,7 @@ type Client struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.accessType) || (has(self.initProvider) && has(self.initProvider.accessType))",message="spec.forProvider.accessType is a required parameter" + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.clientId) || (has(self.initProvider) && has(self.initProvider.clientId))",message="spec.forProvider.clientId is a required parameter" Spec ClientSpec `json:"spec"` Status ClientStatus `json:"status,omitempty"` } diff --git a/apis/cluster/openidclient/v1alpha1/zz_generated.deepcopy.go b/apis/cluster/openidclient/v1alpha1/zz_generated.deepcopy.go index fafeafa8..d170f767 100644 --- a/apis/cluster/openidclient/v1alpha1/zz_generated.deepcopy.go +++ b/apis/cluster/openidclient/v1alpha1/zz_generated.deepcopy.go @@ -2068,16 +2068,6 @@ func (in *ClientInitParameters) DeepCopyInto(out *ClientInitParameters) { *out = new(string) **out = **in } - if in.ClientIDRef != nil { - in, out := &in.ClientIDRef, &out.ClientIDRef - *out = new(v1.Reference) - (*in).DeepCopyInto(*out) - } - if in.ClientIDSelector != nil { - in, out := &in.ClientIDSelector, &out.ClientIDSelector - *out = new(v1.Selector) - (*in).DeepCopyInto(*out) - } if in.ClientOfflineSessionIdleTimeout != nil { in, out := &in.ClientOfflineSessionIdleTimeout, &out.ClientOfflineSessionIdleTimeout *out = new(string) @@ -3010,16 +3000,6 @@ func (in *ClientParameters) DeepCopyInto(out *ClientParameters) { *out = new(string) **out = **in } - if in.ClientIDRef != nil { - in, out := &in.ClientIDRef, &out.ClientIDRef - *out = new(v1.Reference) - (*in).DeepCopyInto(*out) - } - if in.ClientIDSelector != nil { - in, out := &in.ClientIDSelector, &out.ClientIDSelector - *out = new(v1.Selector) - (*in).DeepCopyInto(*out) - } if in.ClientOfflineSessionIdleTimeout != nil { in, out := &in.ClientOfflineSessionIdleTimeout, &out.ClientOfflineSessionIdleTimeout *out = new(string) diff --git a/apis/cluster/openidclient/v1alpha1/zz_generated.resolvers.go b/apis/cluster/openidclient/v1alpha1/zz_generated.resolvers.go index 5befaad3..35a927b0 100644 --- a/apis/cluster/openidclient/v1alpha1/zz_generated.resolvers.go +++ b/apis/cluster/openidclient/v1alpha1/zz_generated.resolvers.go @@ -70,31 +70,11 @@ func (mg *Client) ResolveReferences( // ResolveReferences of this Client. mg.Spec.ForProvider.AuthenticationFlowBindingOverrides[i3].DirectGrantIDRef = rsp.ResolvedReference } - { - m, l, err = apisresolver.GetManagedResource("openidclient.keycloak.crossplane.io", "v1alpha1", "Client", "ClientList") - if err != nil { - return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") - } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ClientID), - Extract: common.UUIDExtractor(), - Namespace: mg.GetNamespace(), - Reference: mg.Spec.ForProvider.ClientIDRef, - Selector: mg.Spec.ForProvider.ClientIDSelector, - To: reference.To{List: l, Managed: m}, - }) - } - if err != nil { - return errors.Wrap(err, "mg.Spec.ForProvider.ClientID") - } - mg.Spec.ForProvider.ClientID = reference.ToPtrValue(rsp.ResolvedValue) - mg.Spec.ForProvider.ClientIDRef = rsp.ResolvedReference { m, l, err = apisresolver.GetManagedResource("realm.keycloak.crossplane.io", "v1alpha1", "Realm", "RealmList") if err != nil { return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.RealmID), Extract: reference.ExternalName(), @@ -154,31 +134,11 @@ func (mg *Client) ResolveReferences( // ResolveReferences of this Client. mg.Spec.InitProvider.AuthenticationFlowBindingOverrides[i3].DirectGrantIDRef = rsp.ResolvedReference } - { - m, l, err = apisresolver.GetManagedResource("openidclient.keycloak.crossplane.io", "v1alpha1", "Client", "ClientList") - if err != nil { - return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") - } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ClientID), - Extract: common.UUIDExtractor(), - Namespace: mg.GetNamespace(), - Reference: mg.Spec.InitProvider.ClientIDRef, - Selector: mg.Spec.InitProvider.ClientIDSelector, - To: reference.To{List: l, Managed: m}, - }) - } - if err != nil { - return errors.Wrap(err, "mg.Spec.InitProvider.ClientID") - } - mg.Spec.InitProvider.ClientID = reference.ToPtrValue(rsp.ResolvedValue) - mg.Spec.InitProvider.ClientIDRef = rsp.ResolvedReference { m, l, err = apisresolver.GetManagedResource("realm.keycloak.crossplane.io", "v1alpha1", "Realm", "RealmList") if err != nil { return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") } - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.RealmID), Extract: reference.ExternalName(), diff --git a/apis/cluster/role/v1alpha1/zz_generated.deepcopy.go b/apis/cluster/role/v1alpha1/zz_generated.deepcopy.go index 0b5bd798..dbad12db 100644 --- a/apis/cluster/role/v1alpha1/zz_generated.deepcopy.go +++ b/apis/cluster/role/v1alpha1/zz_generated.deepcopy.go @@ -127,6 +127,21 @@ func (in *RoleInitParameters) DeepCopyInto(out *RoleInitParameters) { *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.SAMLClientID != nil { + in, out := &in.SAMLClientID, &out.SAMLClientID + *out = new(string) + **out = **in + } + if in.SAMLClientIDRef != nil { + in, out := &in.SAMLClientIDRef, &out.SAMLClientIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.SAMLClientIDSelector != nil { + in, out := &in.SAMLClientIDSelector, &out.SAMLClientIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleInitParameters. @@ -231,6 +246,11 @@ func (in *RoleObservation) DeepCopyInto(out *RoleObservation) { *out = new(string) **out = **in } + if in.SAMLClientID != nil { + in, out := &in.SAMLClientID, &out.SAMLClientID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleObservation. @@ -330,6 +350,21 @@ func (in *RoleParameters) DeepCopyInto(out *RoleParameters) { *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.SAMLClientID != nil { + in, out := &in.SAMLClientID, &out.SAMLClientID + *out = new(string) + **out = **in + } + if in.SAMLClientIDRef != nil { + in, out := &in.SAMLClientIDRef, &out.SAMLClientIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.SAMLClientIDSelector != nil { + in, out := &in.SAMLClientIDSelector, &out.SAMLClientIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleParameters. diff --git a/apis/cluster/role/v1alpha1/zz_generated.resolvers.go b/apis/cluster/role/v1alpha1/zz_generated.resolvers.go index a25ddc78..3b3b0cec 100644 --- a/apis/cluster/role/v1alpha1/zz_generated.resolvers.go +++ b/apis/cluster/role/v1alpha1/zz_generated.resolvers.go @@ -85,6 +85,26 @@ func (mg *Role) ResolveReferences( // ResolveReferences of this Role. } mg.Spec.ForProvider.RealmID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.RealmIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("samlclient.keycloak.crossplane.io", "v1alpha1", "Client", "ClientList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.SAMLClientID), + Extract: common.UUIDExtractor(), + Namespace: mg.GetNamespace(), + Reference: mg.Spec.ForProvider.SAMLClientIDRef, + Selector: mg.Spec.ForProvider.SAMLClientIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.SAMLClientID") + } + mg.Spec.ForProvider.SAMLClientID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.SAMLClientIDRef = rsp.ResolvedReference { m, l, err = apisresolver.GetManagedResource("openidclient.keycloak.crossplane.io", "v1alpha1", "Client", "ClientList") if err != nil { @@ -145,6 +165,26 @@ func (mg *Role) ResolveReferences( // ResolveReferences of this Role. } mg.Spec.InitProvider.RealmID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.InitProvider.RealmIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("samlclient.keycloak.crossplane.io", "v1alpha1", "Client", "ClientList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.SAMLClientID), + Extract: common.UUIDExtractor(), + Namespace: mg.GetNamespace(), + Reference: mg.Spec.InitProvider.SAMLClientIDRef, + Selector: mg.Spec.InitProvider.SAMLClientIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.SAMLClientID") + } + mg.Spec.InitProvider.SAMLClientID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.SAMLClientIDRef = rsp.ResolvedReference return nil } diff --git a/apis/cluster/role/v1alpha1/zz_role_terraformed.go b/apis/cluster/role/v1alpha1/zz_role_terraformed.go index 42e46fae..4040ac04 100755 --- a/apis/cluster/role/v1alpha1/zz_role_terraformed.go +++ b/apis/cluster/role/v1alpha1/zz_role_terraformed.go @@ -118,6 +118,7 @@ func (tr *Role) LateInitialize(attrs []byte) (bool, error) { return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") } opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + opts = append(opts, resource.WithNameFilter("ClientID")) li := resource.NewGenericLateInitializer(opts...) return li.LateInitialize(&tr.Spec.ForProvider, params) diff --git a/apis/cluster/role/v1alpha1/zz_role_types.go b/apis/cluster/role/v1alpha1/zz_role_types.go index 0047c3e0..7ae3af42 100755 --- a/apis/cluster/role/v1alpha1/zz_role_types.go +++ b/apis/cluster/role/v1alpha1/zz_role_types.go @@ -66,6 +66,19 @@ type RoleInitParameters struct { // Selector for a Realm in realm to populate realmId. // +kubebuilder:validation:Optional RealmIDSelector *v1.Selector `json:"realmIdSelector,omitempty" tf:"-"` + + // When specified, this role will be created as a client role attached to the client with the provided ID + // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/cluster/samlclient/v1alpha1.Client + // +crossplane:generate:reference:extractor=github.com/crossplane-contrib/provider-keycloak/config/common.UUIDExtractor() + SAMLClientID *string `json:"samlClientId,omitempty" tf:"saml_client_id,omitempty"` + + // Reference to a Client in samlclient to populate samlClientId. + // +kubebuilder:validation:Optional + SAMLClientIDRef *v1.Reference `json:"samlClientIdRef,omitempty" tf:"-"` + + // Selector for a Client in samlclient to populate samlClientId. + // +kubebuilder:validation:Optional + SAMLClientIDSelector *v1.Selector `json:"samlClientIdSelector,omitempty" tf:"-"` } type RoleObservation struct { @@ -94,6 +107,9 @@ type RoleObservation struct { // The realm this role exists within. RealmID *string `json:"realmId,omitempty" tf:"realm_id,omitempty"` + + // When specified, this role will be created as a client role attached to the client with the provided ID + SAMLClientID *string `json:"samlClientId,omitempty" tf:"saml_client_id,omitempty"` } type RoleParameters struct { @@ -156,6 +172,20 @@ type RoleParameters struct { // Selector for a Realm in realm to populate realmId. // +kubebuilder:validation:Optional RealmIDSelector *v1.Selector `json:"realmIdSelector,omitempty" tf:"-"` + + // When specified, this role will be created as a client role attached to the client with the provided ID + // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/cluster/samlclient/v1alpha1.Client + // +crossplane:generate:reference:extractor=github.com/crossplane-contrib/provider-keycloak/config/common.UUIDExtractor() + // +kubebuilder:validation:Optional + SAMLClientID *string `json:"samlClientId,omitempty" tf:"saml_client_id,omitempty"` + + // Reference to a Client in samlclient to populate samlClientId. + // +kubebuilder:validation:Optional + SAMLClientIDRef *v1.Reference `json:"samlClientIdRef,omitempty" tf:"-"` + + // Selector for a Client in samlclient to populate samlClientId. + // +kubebuilder:validation:Optional + SAMLClientIDSelector *v1.Selector `json:"samlClientIdSelector,omitempty" tf:"-"` } // RoleSpec defines the desired state of Role diff --git a/apis/cluster/samlclient/v1alpha1/zz_client_types.go b/apis/cluster/samlclient/v1alpha1/zz_client_types.go index 629ee3e1..e46d3b8e 100755 --- a/apis/cluster/samlclient/v1alpha1/zz_client_types.go +++ b/apis/cluster/samlclient/v1alpha1/zz_client_types.go @@ -63,18 +63,8 @@ type ClientInitParameters struct { CanonicalizationMethod *string `json:"canonicalizationMethod,omitempty" tf:"canonicalization_method,omitempty"` // The unique ID of this client, referenced in the URI during authentication and in issued tokens. - // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/cluster/openidclient/v1alpha1.Client - // +crossplane:generate:reference:extractor=github.com/crossplane-contrib/provider-keycloak/config/common.UUIDExtractor() ClientID *string `json:"clientId,omitempty" tf:"client_id,omitempty"` - // Reference to a Client in openidclient to populate clientId. - // +kubebuilder:validation:Optional - ClientIDRef *v1.Reference `json:"clientIdRef,omitempty" tf:"-"` - - // Selector for a Client in openidclient to populate clientId. - // +kubebuilder:validation:Optional - ClientIDSelector *v1.Selector `json:"clientIdSelector,omitempty" tf:"-"` - // When true, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via signing_certificate and signing_private_key. Defaults to true. ClientSignatureRequired *bool `json:"clientSignatureRequired,omitempty" tf:"client_signature_required,omitempty"` @@ -322,19 +312,9 @@ type ClientParameters struct { CanonicalizationMethod *string `json:"canonicalizationMethod,omitempty" tf:"canonicalization_method,omitempty"` // The unique ID of this client, referenced in the URI during authentication and in issued tokens. - // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/cluster/openidclient/v1alpha1.Client - // +crossplane:generate:reference:extractor=github.com/crossplane-contrib/provider-keycloak/config/common.UUIDExtractor() // +kubebuilder:validation:Optional ClientID *string `json:"clientId,omitempty" tf:"client_id,omitempty"` - // Reference to a Client in openidclient to populate clientId. - // +kubebuilder:validation:Optional - ClientIDRef *v1.Reference `json:"clientIdRef,omitempty" tf:"-"` - - // Selector for a Client in openidclient to populate clientId. - // +kubebuilder:validation:Optional - ClientIDSelector *v1.Selector `json:"clientIdSelector,omitempty" tf:"-"` - // When true, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via signing_certificate and signing_private_key. Defaults to true. // +kubebuilder:validation:Optional ClientSignatureRequired *bool `json:"clientSignatureRequired,omitempty" tf:"client_signature_required,omitempty"` @@ -503,8 +483,9 @@ type ClientStatus struct { type Client struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec ClientSpec `json:"spec"` - Status ClientStatus `json:"status,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.clientId) || (has(self.initProvider) && has(self.initProvider.clientId))",message="spec.forProvider.clientId is a required parameter" + Spec ClientSpec `json:"spec"` + Status ClientStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true diff --git a/apis/cluster/samlclient/v1alpha1/zz_generated.deepcopy.go b/apis/cluster/samlclient/v1alpha1/zz_generated.deepcopy.go index 0f4a82d1..5443bc1a 100644 --- a/apis/cluster/samlclient/v1alpha1/zz_generated.deepcopy.go +++ b/apis/cluster/samlclient/v1alpha1/zz_generated.deepcopy.go @@ -402,16 +402,6 @@ func (in *ClientInitParameters) DeepCopyInto(out *ClientInitParameters) { *out = new(string) **out = **in } - if in.ClientIDRef != nil { - in, out := &in.ClientIDRef, &out.ClientIDRef - *out = new(v1.Reference) - (*in).DeepCopyInto(*out) - } - if in.ClientIDSelector != nil { - in, out := &in.ClientIDSelector, &out.ClientIDSelector - *out = new(v1.Selector) - (*in).DeepCopyInto(*out) - } if in.ClientSignatureRequired != nil { in, out := &in.ClientSignatureRequired, &out.ClientSignatureRequired *out = new(bool) @@ -897,16 +887,6 @@ func (in *ClientParameters) DeepCopyInto(out *ClientParameters) { *out = new(string) **out = **in } - if in.ClientIDRef != nil { - in, out := &in.ClientIDRef, &out.ClientIDRef - *out = new(v1.Reference) - (*in).DeepCopyInto(*out) - } - if in.ClientIDSelector != nil { - in, out := &in.ClientIDSelector, &out.ClientIDSelector - *out = new(v1.Selector) - (*in).DeepCopyInto(*out) - } if in.ClientSignatureRequired != nil { in, out := &in.ClientSignatureRequired, &out.ClientSignatureRequired *out = new(bool) diff --git a/apis/cluster/samlclient/v1alpha1/zz_generated.resolvers.go b/apis/cluster/samlclient/v1alpha1/zz_generated.resolvers.go index 9955b60c..91e1469d 100644 --- a/apis/cluster/samlclient/v1alpha1/zz_generated.resolvers.go +++ b/apis/cluster/samlclient/v1alpha1/zz_generated.resolvers.go @@ -24,26 +24,6 @@ func (mg *Client) ResolveReferences( // ResolveReferences of this Client. var rsp reference.ResolutionResponse var err error - { - m, l, err = apisresolver.GetManagedResource("openidclient.keycloak.crossplane.io", "v1alpha1", "Client", "ClientList") - if err != nil { - return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") - } - - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ClientID), - Extract: common.UUIDExtractor(), - Namespace: mg.GetNamespace(), - Reference: mg.Spec.ForProvider.ClientIDRef, - Selector: mg.Spec.ForProvider.ClientIDSelector, - To: reference.To{List: l, Managed: m}, - }) - } - if err != nil { - return errors.Wrap(err, "mg.Spec.ForProvider.ClientID") - } - mg.Spec.ForProvider.ClientID = reference.ToPtrValue(rsp.ResolvedValue) - mg.Spec.ForProvider.ClientIDRef = rsp.ResolvedReference { m, l, err = apisresolver.GetManagedResource("realm.keycloak.crossplane.io", "v1alpha1", "Realm", "RealmList") if err != nil { @@ -64,26 +44,6 @@ func (mg *Client) ResolveReferences( // ResolveReferences of this Client. } mg.Spec.ForProvider.RealmID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.RealmIDRef = rsp.ResolvedReference - { - m, l, err = apisresolver.GetManagedResource("openidclient.keycloak.crossplane.io", "v1alpha1", "Client", "ClientList") - if err != nil { - return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") - } - - rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ClientID), - Extract: common.UUIDExtractor(), - Namespace: mg.GetNamespace(), - Reference: mg.Spec.InitProvider.ClientIDRef, - Selector: mg.Spec.InitProvider.ClientIDSelector, - To: reference.To{List: l, Managed: m}, - }) - } - if err != nil { - return errors.Wrap(err, "mg.Spec.InitProvider.ClientID") - } - mg.Spec.InitProvider.ClientID = reference.ToPtrValue(rsp.ResolvedValue) - mg.Spec.InitProvider.ClientIDRef = rsp.ResolvedReference { m, l, err = apisresolver.GetManagedResource("realm.keycloak.crossplane.io", "v1alpha1", "Realm", "RealmList") if err != nil { diff --git a/apis/namespaced/client/v1alpha1/zz_generated.deepcopy.go b/apis/namespaced/client/v1alpha1/zz_generated.deepcopy.go index 0e9951ce..06f6343e 100644 --- a/apis/namespaced/client/v1alpha1/zz_generated.deepcopy.go +++ b/apis/namespaced/client/v1alpha1/zz_generated.deepcopy.go @@ -515,6 +515,36 @@ func (in *RoleMapperInitParameters) DeepCopyInto(out *RoleMapperInitParameters) *out = new(v1.NamespacedSelector) (*in).DeepCopyInto(*out) } + if in.SAMLClientID != nil { + in, out := &in.SAMLClientID, &out.SAMLClientID + *out = new(string) + **out = **in + } + if in.SAMLClientIDRef != nil { + in, out := &in.SAMLClientIDRef, &out.SAMLClientIDRef + *out = new(v1.NamespacedReference) + (*in).DeepCopyInto(*out) + } + if in.SAMLClientIDSelector != nil { + in, out := &in.SAMLClientIDSelector, &out.SAMLClientIDSelector + *out = new(v1.NamespacedSelector) + (*in).DeepCopyInto(*out) + } + if in.SAMLClientScopeID != nil { + in, out := &in.SAMLClientScopeID, &out.SAMLClientScopeID + *out = new(string) + **out = **in + } + if in.SAMLClientScopeIDRef != nil { + in, out := &in.SAMLClientScopeIDRef, &out.SAMLClientScopeIDRef + *out = new(v1.NamespacedReference) + (*in).DeepCopyInto(*out) + } + if in.SAMLClientScopeIDSelector != nil { + in, out := &in.SAMLClientScopeIDSelector, &out.SAMLClientScopeIDSelector + *out = new(v1.NamespacedSelector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleMapperInitParameters. @@ -587,6 +617,16 @@ func (in *RoleMapperObservation) DeepCopyInto(out *RoleMapperObservation) { *out = new(string) **out = **in } + if in.SAMLClientID != nil { + in, out := &in.SAMLClientID, &out.SAMLClientID + *out = new(string) + **out = **in + } + if in.SAMLClientScopeID != nil { + in, out := &in.SAMLClientScopeID, &out.SAMLClientScopeID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleMapperObservation. @@ -662,6 +702,36 @@ func (in *RoleMapperParameters) DeepCopyInto(out *RoleMapperParameters) { *out = new(v1.NamespacedSelector) (*in).DeepCopyInto(*out) } + if in.SAMLClientID != nil { + in, out := &in.SAMLClientID, &out.SAMLClientID + *out = new(string) + **out = **in + } + if in.SAMLClientIDRef != nil { + in, out := &in.SAMLClientIDRef, &out.SAMLClientIDRef + *out = new(v1.NamespacedReference) + (*in).DeepCopyInto(*out) + } + if in.SAMLClientIDSelector != nil { + in, out := &in.SAMLClientIDSelector, &out.SAMLClientIDSelector + *out = new(v1.NamespacedSelector) + (*in).DeepCopyInto(*out) + } + if in.SAMLClientScopeID != nil { + in, out := &in.SAMLClientScopeID, &out.SAMLClientScopeID + *out = new(string) + **out = **in + } + if in.SAMLClientScopeIDRef != nil { + in, out := &in.SAMLClientScopeIDRef, &out.SAMLClientScopeIDRef + *out = new(v1.NamespacedReference) + (*in).DeepCopyInto(*out) + } + if in.SAMLClientScopeIDSelector != nil { + in, out := &in.SAMLClientScopeIDSelector, &out.SAMLClientScopeIDSelector + *out = new(v1.NamespacedSelector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleMapperParameters. diff --git a/apis/namespaced/client/v1alpha1/zz_generated.resolvers.go b/apis/namespaced/client/v1alpha1/zz_generated.resolvers.go index bd177541..b0925c2e 100644 --- a/apis/namespaced/client/v1alpha1/zz_generated.resolvers.go +++ b/apis/namespaced/client/v1alpha1/zz_generated.resolvers.go @@ -32,7 +32,7 @@ func (mg *ProtocolMapper) ResolveReferences( // ResolveReferences of this Protoc rsp, err = r.Resolve(ctx, reference.NamespacedResolutionRequest{ CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ClientID), - Extract: reference.ExternalName(), + Extract: common.UUIDExtractor(), Namespace: mg.GetNamespace(), Reference: mg.Spec.ForProvider.ClientIDRef, Selector: mg.Spec.ForProvider.ClientIDSelector, @@ -92,7 +92,7 @@ func (mg *ProtocolMapper) ResolveReferences( // ResolveReferences of this Protoc rsp, err = r.Resolve(ctx, reference.NamespacedResolutionRequest{ CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.SAMLClientID), - Extract: reference.ExternalName(), + Extract: common.UUIDExtractor(), Namespace: mg.GetNamespace(), Reference: mg.Spec.ForProvider.SAMLClientIDRef, Selector: mg.Spec.ForProvider.SAMLClientIDSelector, @@ -132,7 +132,7 @@ func (mg *ProtocolMapper) ResolveReferences( // ResolveReferences of this Protoc rsp, err = r.Resolve(ctx, reference.NamespacedResolutionRequest{ CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ClientID), - Extract: reference.ExternalName(), + Extract: common.UUIDExtractor(), Namespace: mg.GetNamespace(), Reference: mg.Spec.InitProvider.ClientIDRef, Selector: mg.Spec.InitProvider.ClientIDSelector, @@ -192,7 +192,7 @@ func (mg *ProtocolMapper) ResolveReferences( // ResolveReferences of this Protoc rsp, err = r.Resolve(ctx, reference.NamespacedResolutionRequest{ CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.SAMLClientID), - Extract: reference.ExternalName(), + Extract: common.UUIDExtractor(), Namespace: mg.GetNamespace(), Reference: mg.Spec.InitProvider.SAMLClientIDRef, Selector: mg.Spec.InitProvider.SAMLClientIDSelector, @@ -316,6 +316,46 @@ func (mg *RoleMapper) ResolveReferences(ctx context.Context, c client.Reader) er } mg.Spec.ForProvider.RoleID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.RoleIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("samlclient.keycloak.m.crossplane.io", "v1alpha1", "Client", "ClientList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.NamespacedResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.SAMLClientID), + Extract: common.UUIDExtractor(), + Namespace: mg.GetNamespace(), + Reference: mg.Spec.ForProvider.SAMLClientIDRef, + Selector: mg.Spec.ForProvider.SAMLClientIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.SAMLClientID") + } + mg.Spec.ForProvider.SAMLClientID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.SAMLClientIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("samlclient.keycloak.m.crossplane.io", "v1alpha1", "ClientScope", "ClientScopeList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.NamespacedResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.SAMLClientScopeID), + Extract: reference.ExternalName(), + Namespace: mg.GetNamespace(), + Reference: mg.Spec.ForProvider.SAMLClientScopeIDRef, + Selector: mg.Spec.ForProvider.SAMLClientScopeIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.SAMLClientScopeID") + } + mg.Spec.ForProvider.SAMLClientScopeID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.SAMLClientScopeIDRef = rsp.ResolvedReference { m, l, err = apisresolver.GetManagedResource("openidclient.keycloak.m.crossplane.io", "v1alpha1", "Client", "ClientList") if err != nil { @@ -396,6 +436,46 @@ func (mg *RoleMapper) ResolveReferences(ctx context.Context, c client.Reader) er } mg.Spec.InitProvider.RoleID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.InitProvider.RoleIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("samlclient.keycloak.m.crossplane.io", "v1alpha1", "Client", "ClientList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.NamespacedResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.SAMLClientID), + Extract: common.UUIDExtractor(), + Namespace: mg.GetNamespace(), + Reference: mg.Spec.InitProvider.SAMLClientIDRef, + Selector: mg.Spec.InitProvider.SAMLClientIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.SAMLClientID") + } + mg.Spec.InitProvider.SAMLClientID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.SAMLClientIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("samlclient.keycloak.m.crossplane.io", "v1alpha1", "ClientScope", "ClientScopeList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.NamespacedResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.SAMLClientScopeID), + Extract: reference.ExternalName(), + Namespace: mg.GetNamespace(), + Reference: mg.Spec.InitProvider.SAMLClientScopeIDRef, + Selector: mg.Spec.InitProvider.SAMLClientScopeIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.SAMLClientScopeID") + } + mg.Spec.InitProvider.SAMLClientScopeID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.SAMLClientScopeIDRef = rsp.ResolvedReference return nil } diff --git a/apis/namespaced/client/v1alpha1/zz_protocolmapper_types.go b/apis/namespaced/client/v1alpha1/zz_protocolmapper_types.go index 44f0e5d5..ea48c3eb 100755 --- a/apis/namespaced/client/v1alpha1/zz_protocolmapper_types.go +++ b/apis/namespaced/client/v1alpha1/zz_protocolmapper_types.go @@ -19,6 +19,7 @@ type ProtocolMapperInitParameters struct { // The ID of the client this protocol mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. // The mapper's associated client. Cannot be used at the same time as client_scope_id. // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/namespaced/openidclient/v1alpha1.Client + // +crossplane:generate:reference:extractor=github.com/crossplane-contrib/provider-keycloak/config/common.UUIDExtractor() ClientID *string `json:"clientId,omitempty" tf:"client_id,omitempty"` // Reference to a Client in openidclient to populate clientId. @@ -74,6 +75,7 @@ type ProtocolMapperInitParameters struct { // The ID of the client this protocol mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. // The mapper's associated client. Cannot be used at the same time as client_scope_id. // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/namespaced/samlclient/v1alpha1.Client + // +crossplane:generate:reference:extractor=github.com/crossplane-contrib/provider-keycloak/config/common.UUIDExtractor() SAMLClientID *string `json:"samlClientId,omitempty" tf:"saml_client_id,omitempty"` // Reference to a Client in samlclient to populate samlClientId. @@ -144,6 +146,7 @@ type ProtocolMapperParameters struct { // The ID of the client this protocol mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. // The mapper's associated client. Cannot be used at the same time as client_scope_id. // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/namespaced/openidclient/v1alpha1.Client + // +crossplane:generate:reference:extractor=github.com/crossplane-contrib/provider-keycloak/config/common.UUIDExtractor() // +kubebuilder:validation:Optional ClientID *string `json:"clientId,omitempty" tf:"client_id,omitempty"` @@ -206,6 +209,7 @@ type ProtocolMapperParameters struct { // The ID of the client this protocol mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. // The mapper's associated client. Cannot be used at the same time as client_scope_id. // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/namespaced/samlclient/v1alpha1.Client + // +crossplane:generate:reference:extractor=github.com/crossplane-contrib/provider-keycloak/config/common.UUIDExtractor() // +kubebuilder:validation:Optional SAMLClientID *string `json:"samlClientId,omitempty" tf:"saml_client_id,omitempty"` diff --git a/apis/namespaced/client/v1alpha1/zz_rolemapper_terraformed.go b/apis/namespaced/client/v1alpha1/zz_rolemapper_terraformed.go index a7a5fb36..b67c2928 100755 --- a/apis/namespaced/client/v1alpha1/zz_rolemapper_terraformed.go +++ b/apis/namespaced/client/v1alpha1/zz_rolemapper_terraformed.go @@ -118,6 +118,8 @@ func (tr *RoleMapper) LateInitialize(attrs []byte) (bool, error) { return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") } opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + opts = append(opts, resource.WithNameFilter("ClientID")) + opts = append(opts, resource.WithNameFilter("ClientScopeID")) li := resource.NewGenericLateInitializer(opts...) return li.LateInitialize(&tr.Spec.ForProvider, params) diff --git a/apis/namespaced/client/v1alpha1/zz_rolemapper_types.go b/apis/namespaced/client/v1alpha1/zz_rolemapper_types.go index a3c26a24..650605d4 100755 --- a/apis/namespaced/client/v1alpha1/zz_rolemapper_types.go +++ b/apis/namespaced/client/v1alpha1/zz_rolemapper_types.go @@ -68,6 +68,33 @@ type RoleMapperInitParameters struct { // Selector for a Role in role to populate roleId. // +kubebuilder:validation:Optional RoleIDSelector *v1.NamespacedSelector `json:"roleIdSelector,omitempty" tf:"-"` + + // The ID of the client this role mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. + // The destination client of the role. Cannot be used at the same time as client_scope_id. + // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/namespaced/samlclient/v1alpha1.Client + // +crossplane:generate:reference:extractor=github.com/crossplane-contrib/provider-keycloak/config/common.UUIDExtractor() + SAMLClientID *string `json:"samlClientId,omitempty" tf:"saml_client_id,omitempty"` + + // Reference to a Client in samlclient to populate samlClientId. + // +kubebuilder:validation:Optional + SAMLClientIDRef *v1.NamespacedReference `json:"samlClientIdRef,omitempty" tf:"-"` + + // Selector for a Client in samlclient to populate samlClientId. + // +kubebuilder:validation:Optional + SAMLClientIDSelector *v1.NamespacedSelector `json:"samlClientIdSelector,omitempty" tf:"-"` + + // The ID of the client scope this role mapper should be added to. Conflicts with client_id. This argument is required if client_id is not set. + // The destination client scope of the role. Cannot be used at the same time as client_id. + // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/namespaced/samlclient/v1alpha1.ClientScope + SAMLClientScopeID *string `json:"samlClientScopeId,omitempty" tf:"saml_client_scope_id,omitempty"` + + // Reference to a ClientScope in samlclient to populate samlClientScopeId. + // +kubebuilder:validation:Optional + SAMLClientScopeIDRef *v1.NamespacedReference `json:"samlClientScopeIdRef,omitempty" tf:"-"` + + // Selector for a ClientScope in samlclient to populate samlClientScopeId. + // +kubebuilder:validation:Optional + SAMLClientScopeIDSelector *v1.NamespacedSelector `json:"samlClientScopeIdSelector,omitempty" tf:"-"` } type RoleMapperObservation struct { @@ -89,6 +116,14 @@ type RoleMapperObservation struct { // The ID of the role to be added to this role mapper. // Id of the role to assign RoleID *string `json:"roleId,omitempty" tf:"role_id,omitempty"` + + // The ID of the client this role mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. + // The destination client of the role. Cannot be used at the same time as client_scope_id. + SAMLClientID *string `json:"samlClientId,omitempty" tf:"saml_client_id,omitempty"` + + // The ID of the client scope this role mapper should be added to. Conflicts with client_id. This argument is required if client_id is not set. + // The destination client scope of the role. Cannot be used at the same time as client_id. + SAMLClientScopeID *string `json:"samlClientScopeId,omitempty" tf:"saml_client_scope_id,omitempty"` } type RoleMapperParameters struct { @@ -149,6 +184,35 @@ type RoleMapperParameters struct { // Selector for a Role in role to populate roleId. // +kubebuilder:validation:Optional RoleIDSelector *v1.NamespacedSelector `json:"roleIdSelector,omitempty" tf:"-"` + + // The ID of the client this role mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. + // The destination client of the role. Cannot be used at the same time as client_scope_id. + // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/namespaced/samlclient/v1alpha1.Client + // +crossplane:generate:reference:extractor=github.com/crossplane-contrib/provider-keycloak/config/common.UUIDExtractor() + // +kubebuilder:validation:Optional + SAMLClientID *string `json:"samlClientId,omitempty" tf:"saml_client_id,omitempty"` + + // Reference to a Client in samlclient to populate samlClientId. + // +kubebuilder:validation:Optional + SAMLClientIDRef *v1.NamespacedReference `json:"samlClientIdRef,omitempty" tf:"-"` + + // Selector for a Client in samlclient to populate samlClientId. + // +kubebuilder:validation:Optional + SAMLClientIDSelector *v1.NamespacedSelector `json:"samlClientIdSelector,omitempty" tf:"-"` + + // The ID of the client scope this role mapper should be added to. Conflicts with client_id. This argument is required if client_id is not set. + // The destination client scope of the role. Cannot be used at the same time as client_id. + // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/namespaced/samlclient/v1alpha1.ClientScope + // +kubebuilder:validation:Optional + SAMLClientScopeID *string `json:"samlClientScopeId,omitempty" tf:"saml_client_scope_id,omitempty"` + + // Reference to a ClientScope in samlclient to populate samlClientScopeId. + // +kubebuilder:validation:Optional + SAMLClientScopeIDRef *v1.NamespacedReference `json:"samlClientScopeIdRef,omitempty" tf:"-"` + + // Selector for a ClientScope in samlclient to populate samlClientScopeId. + // +kubebuilder:validation:Optional + SAMLClientScopeIDSelector *v1.NamespacedSelector `json:"samlClientScopeIdSelector,omitempty" tf:"-"` } // RoleMapperSpec defines the desired state of RoleMapper diff --git a/apis/namespaced/role/v1alpha1/zz_generated.deepcopy.go b/apis/namespaced/role/v1alpha1/zz_generated.deepcopy.go index 78145c08..c772215c 100644 --- a/apis/namespaced/role/v1alpha1/zz_generated.deepcopy.go +++ b/apis/namespaced/role/v1alpha1/zz_generated.deepcopy.go @@ -127,6 +127,21 @@ func (in *RoleInitParameters) DeepCopyInto(out *RoleInitParameters) { *out = new(v1.NamespacedSelector) (*in).DeepCopyInto(*out) } + if in.SAMLClientID != nil { + in, out := &in.SAMLClientID, &out.SAMLClientID + *out = new(string) + **out = **in + } + if in.SAMLClientIDRef != nil { + in, out := &in.SAMLClientIDRef, &out.SAMLClientIDRef + *out = new(v1.NamespacedReference) + (*in).DeepCopyInto(*out) + } + if in.SAMLClientIDSelector != nil { + in, out := &in.SAMLClientIDSelector, &out.SAMLClientIDSelector + *out = new(v1.NamespacedSelector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleInitParameters. @@ -231,6 +246,11 @@ func (in *RoleObservation) DeepCopyInto(out *RoleObservation) { *out = new(string) **out = **in } + if in.SAMLClientID != nil { + in, out := &in.SAMLClientID, &out.SAMLClientID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleObservation. @@ -330,6 +350,21 @@ func (in *RoleParameters) DeepCopyInto(out *RoleParameters) { *out = new(v1.NamespacedSelector) (*in).DeepCopyInto(*out) } + if in.SAMLClientID != nil { + in, out := &in.SAMLClientID, &out.SAMLClientID + *out = new(string) + **out = **in + } + if in.SAMLClientIDRef != nil { + in, out := &in.SAMLClientIDRef, &out.SAMLClientIDRef + *out = new(v1.NamespacedReference) + (*in).DeepCopyInto(*out) + } + if in.SAMLClientIDSelector != nil { + in, out := &in.SAMLClientIDSelector, &out.SAMLClientIDSelector + *out = new(v1.NamespacedSelector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleParameters. diff --git a/apis/namespaced/role/v1alpha1/zz_generated.resolvers.go b/apis/namespaced/role/v1alpha1/zz_generated.resolvers.go index 35d39fb3..5d3d27ef 100644 --- a/apis/namespaced/role/v1alpha1/zz_generated.resolvers.go +++ b/apis/namespaced/role/v1alpha1/zz_generated.resolvers.go @@ -85,6 +85,26 @@ func (mg *Role) ResolveReferences( // ResolveReferences of this Role. } mg.Spec.ForProvider.RealmID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.RealmIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("samlclient.keycloak.m.crossplane.io", "v1alpha1", "Client", "ClientList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.NamespacedResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.SAMLClientID), + Extract: common.UUIDExtractor(), + Namespace: mg.GetNamespace(), + Reference: mg.Spec.ForProvider.SAMLClientIDRef, + Selector: mg.Spec.ForProvider.SAMLClientIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.SAMLClientID") + } + mg.Spec.ForProvider.SAMLClientID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.SAMLClientIDRef = rsp.ResolvedReference { m, l, err = apisresolver.GetManagedResource("openidclient.keycloak.m.crossplane.io", "v1alpha1", "Client", "ClientList") if err != nil { @@ -145,6 +165,26 @@ func (mg *Role) ResolveReferences( // ResolveReferences of this Role. } mg.Spec.InitProvider.RealmID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.InitProvider.RealmIDRef = rsp.ResolvedReference + { + m, l, err = apisresolver.GetManagedResource("samlclient.keycloak.m.crossplane.io", "v1alpha1", "Client", "ClientList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + + rsp, err = r.Resolve(ctx, reference.NamespacedResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.SAMLClientID), + Extract: common.UUIDExtractor(), + Namespace: mg.GetNamespace(), + Reference: mg.Spec.InitProvider.SAMLClientIDRef, + Selector: mg.Spec.InitProvider.SAMLClientIDSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.SAMLClientID") + } + mg.Spec.InitProvider.SAMLClientID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.SAMLClientIDRef = rsp.ResolvedReference return nil } diff --git a/apis/namespaced/role/v1alpha1/zz_role_terraformed.go b/apis/namespaced/role/v1alpha1/zz_role_terraformed.go index 42e46fae..4040ac04 100755 --- a/apis/namespaced/role/v1alpha1/zz_role_terraformed.go +++ b/apis/namespaced/role/v1alpha1/zz_role_terraformed.go @@ -118,6 +118,7 @@ func (tr *Role) LateInitialize(attrs []byte) (bool, error) { return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") } opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + opts = append(opts, resource.WithNameFilter("ClientID")) li := resource.NewGenericLateInitializer(opts...) return li.LateInitialize(&tr.Spec.ForProvider, params) diff --git a/apis/namespaced/role/v1alpha1/zz_role_types.go b/apis/namespaced/role/v1alpha1/zz_role_types.go index 41b89ee5..f4c9f9ba 100755 --- a/apis/namespaced/role/v1alpha1/zz_role_types.go +++ b/apis/namespaced/role/v1alpha1/zz_role_types.go @@ -67,6 +67,19 @@ type RoleInitParameters struct { // Selector for a Realm in realm to populate realmId. // +kubebuilder:validation:Optional RealmIDSelector *v1.NamespacedSelector `json:"realmIdSelector,omitempty" tf:"-"` + + // When specified, this role will be created as a client role attached to the client with the provided ID + // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/namespaced/samlclient/v1alpha1.Client + // +crossplane:generate:reference:extractor=github.com/crossplane-contrib/provider-keycloak/config/common.UUIDExtractor() + SAMLClientID *string `json:"samlClientId,omitempty" tf:"saml_client_id,omitempty"` + + // Reference to a Client in samlclient to populate samlClientId. + // +kubebuilder:validation:Optional + SAMLClientIDRef *v1.NamespacedReference `json:"samlClientIdRef,omitempty" tf:"-"` + + // Selector for a Client in samlclient to populate samlClientId. + // +kubebuilder:validation:Optional + SAMLClientIDSelector *v1.NamespacedSelector `json:"samlClientIdSelector,omitempty" tf:"-"` } type RoleObservation struct { @@ -95,6 +108,9 @@ type RoleObservation struct { // The realm this role exists within. RealmID *string `json:"realmId,omitempty" tf:"realm_id,omitempty"` + + // When specified, this role will be created as a client role attached to the client with the provided ID + SAMLClientID *string `json:"samlClientId,omitempty" tf:"saml_client_id,omitempty"` } type RoleParameters struct { @@ -157,6 +173,20 @@ type RoleParameters struct { // Selector for a Realm in realm to populate realmId. // +kubebuilder:validation:Optional RealmIDSelector *v1.NamespacedSelector `json:"realmIdSelector,omitempty" tf:"-"` + + // When specified, this role will be created as a client role attached to the client with the provided ID + // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/namespaced/samlclient/v1alpha1.Client + // +crossplane:generate:reference:extractor=github.com/crossplane-contrib/provider-keycloak/config/common.UUIDExtractor() + // +kubebuilder:validation:Optional + SAMLClientID *string `json:"samlClientId,omitempty" tf:"saml_client_id,omitempty"` + + // Reference to a Client in samlclient to populate samlClientId. + // +kubebuilder:validation:Optional + SAMLClientIDRef *v1.NamespacedReference `json:"samlClientIdRef,omitempty" tf:"-"` + + // Selector for a Client in samlclient to populate samlClientId. + // +kubebuilder:validation:Optional + SAMLClientIDSelector *v1.NamespacedSelector `json:"samlClientIdSelector,omitempty" tf:"-"` } // RoleSpec defines the desired state of Role diff --git a/apis/namespaced/samlclient/v1alpha1/zz_client_types.go b/apis/namespaced/samlclient/v1alpha1/zz_client_types.go index 7def6bbd..7880cc8c 100755 --- a/apis/namespaced/samlclient/v1alpha1/zz_client_types.go +++ b/apis/namespaced/samlclient/v1alpha1/zz_client_types.go @@ -64,18 +64,8 @@ type ClientInitParameters struct { CanonicalizationMethod *string `json:"canonicalizationMethod,omitempty" tf:"canonicalization_method,omitempty"` // The unique ID of this client, referenced in the URI during authentication and in issued tokens. - // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/namespaced/openidclient/v1alpha1.Client - // +crossplane:generate:reference:extractor=github.com/crossplane-contrib/provider-keycloak/config/common.UUIDExtractor() ClientID *string `json:"clientId,omitempty" tf:"client_id,omitempty"` - // Reference to a Client in openidclient to populate clientId. - // +kubebuilder:validation:Optional - ClientIDRef *v1.NamespacedReference `json:"clientIdRef,omitempty" tf:"-"` - - // Selector for a Client in openidclient to populate clientId. - // +kubebuilder:validation:Optional - ClientIDSelector *v1.NamespacedSelector `json:"clientIdSelector,omitempty" tf:"-"` - // When true, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via signing_certificate and signing_private_key. Defaults to true. ClientSignatureRequired *bool `json:"clientSignatureRequired,omitempty" tf:"client_signature_required,omitempty"` @@ -323,19 +313,9 @@ type ClientParameters struct { CanonicalizationMethod *string `json:"canonicalizationMethod,omitempty" tf:"canonicalization_method,omitempty"` // The unique ID of this client, referenced in the URI during authentication and in issued tokens. - // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/namespaced/openidclient/v1alpha1.Client - // +crossplane:generate:reference:extractor=github.com/crossplane-contrib/provider-keycloak/config/common.UUIDExtractor() // +kubebuilder:validation:Optional ClientID *string `json:"clientId,omitempty" tf:"client_id,omitempty"` - // Reference to a Client in openidclient to populate clientId. - // +kubebuilder:validation:Optional - ClientIDRef *v1.NamespacedReference `json:"clientIdRef,omitempty" tf:"-"` - - // Selector for a Client in openidclient to populate clientId. - // +kubebuilder:validation:Optional - ClientIDSelector *v1.NamespacedSelector `json:"clientIdSelector,omitempty" tf:"-"` - // When true, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via signing_certificate and signing_private_key. Defaults to true. // +kubebuilder:validation:Optional ClientSignatureRequired *bool `json:"clientSignatureRequired,omitempty" tf:"client_signature_required,omitempty"` @@ -504,8 +484,9 @@ type ClientStatus struct { type Client struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec ClientSpec `json:"spec"` - Status ClientStatus `json:"status,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.clientId) || (has(self.initProvider) && has(self.initProvider.clientId))",message="spec.forProvider.clientId is a required parameter" + Spec ClientSpec `json:"spec"` + Status ClientStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true diff --git a/apis/namespaced/samlclient/v1alpha1/zz_generated.deepcopy.go b/apis/namespaced/samlclient/v1alpha1/zz_generated.deepcopy.go index 5047ac67..b96457ad 100644 --- a/apis/namespaced/samlclient/v1alpha1/zz_generated.deepcopy.go +++ b/apis/namespaced/samlclient/v1alpha1/zz_generated.deepcopy.go @@ -402,16 +402,6 @@ func (in *ClientInitParameters) DeepCopyInto(out *ClientInitParameters) { *out = new(string) **out = **in } - if in.ClientIDRef != nil { - in, out := &in.ClientIDRef, &out.ClientIDRef - *out = new(v1.NamespacedReference) - (*in).DeepCopyInto(*out) - } - if in.ClientIDSelector != nil { - in, out := &in.ClientIDSelector, &out.ClientIDSelector - *out = new(v1.NamespacedSelector) - (*in).DeepCopyInto(*out) - } if in.ClientSignatureRequired != nil { in, out := &in.ClientSignatureRequired, &out.ClientSignatureRequired *out = new(bool) @@ -897,16 +887,6 @@ func (in *ClientParameters) DeepCopyInto(out *ClientParameters) { *out = new(string) **out = **in } - if in.ClientIDRef != nil { - in, out := &in.ClientIDRef, &out.ClientIDRef - *out = new(v1.NamespacedReference) - (*in).DeepCopyInto(*out) - } - if in.ClientIDSelector != nil { - in, out := &in.ClientIDSelector, &out.ClientIDSelector - *out = new(v1.NamespacedSelector) - (*in).DeepCopyInto(*out) - } if in.ClientSignatureRequired != nil { in, out := &in.ClientSignatureRequired, &out.ClientSignatureRequired *out = new(bool) diff --git a/apis/namespaced/samlclient/v1alpha1/zz_generated.resolvers.go b/apis/namespaced/samlclient/v1alpha1/zz_generated.resolvers.go index f2cb653a..656b8916 100644 --- a/apis/namespaced/samlclient/v1alpha1/zz_generated.resolvers.go +++ b/apis/namespaced/samlclient/v1alpha1/zz_generated.resolvers.go @@ -24,26 +24,6 @@ func (mg *Client) ResolveReferences( // ResolveReferences of this Client. var rsp reference.NamespacedResolutionResponse var err error - { - m, l, err = apisresolver.GetManagedResource("openidclient.keycloak.m.crossplane.io", "v1alpha1", "Client", "ClientList") - if err != nil { - return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") - } - - rsp, err = r.Resolve(ctx, reference.NamespacedResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ClientID), - Extract: common.UUIDExtractor(), - Namespace: mg.GetNamespace(), - Reference: mg.Spec.ForProvider.ClientIDRef, - Selector: mg.Spec.ForProvider.ClientIDSelector, - To: reference.To{List: l, Managed: m}, - }) - } - if err != nil { - return errors.Wrap(err, "mg.Spec.ForProvider.ClientID") - } - mg.Spec.ForProvider.ClientID = reference.ToPtrValue(rsp.ResolvedValue) - mg.Spec.ForProvider.ClientIDRef = rsp.ResolvedReference { m, l, err = apisresolver.GetManagedResource("realm.keycloak.m.crossplane.io", "v1alpha1", "Realm", "RealmList") if err != nil { @@ -64,26 +44,6 @@ func (mg *Client) ResolveReferences( // ResolveReferences of this Client. } mg.Spec.ForProvider.RealmID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.RealmIDRef = rsp.ResolvedReference - { - m, l, err = apisresolver.GetManagedResource("openidclient.keycloak.m.crossplane.io", "v1alpha1", "Client", "ClientList") - if err != nil { - return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") - } - - rsp, err = r.Resolve(ctx, reference.NamespacedResolutionRequest{ - CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ClientID), - Extract: common.UUIDExtractor(), - Namespace: mg.GetNamespace(), - Reference: mg.Spec.InitProvider.ClientIDRef, - Selector: mg.Spec.InitProvider.ClientIDSelector, - To: reference.To{List: l, Managed: m}, - }) - } - if err != nil { - return errors.Wrap(err, "mg.Spec.InitProvider.ClientID") - } - mg.Spec.InitProvider.ClientID = reference.ToPtrValue(rsp.ResolvedValue) - mg.Spec.InitProvider.ClientIDRef = rsp.ResolvedReference { m, l, err = apisresolver.GetManagedResource("realm.keycloak.m.crossplane.io", "v1alpha1", "Realm", "RealmList") if err != nil { diff --git a/config/ldap/config.go b/config/ldap/config.go index cc4331da..0fe36eab 100644 --- a/config/ldap/config.go +++ b/config/ldap/config.go @@ -6,6 +6,7 @@ import ( "github.com/crossplane/upjet/v2/pkg/config" "github.com/keycloak/terraform-provider-keycloak/keycloak" + "github.com/crossplane-contrib/provider-keycloak/config/common" "github.com/crossplane-contrib/provider-keycloak/config/lookup" ) @@ -34,6 +35,10 @@ func Configure(p *config.Provider) { r.References["ldap_user_federation_id"] = config.Reference{ TerraformName: "keycloak_ldap_user_federation", } + r.References["client_id"] = config.Reference{ + TerraformName: "keycloak_openid_client", + Extractor: common.PathUUIDExtractor, + } }) p.AddResourceConfigurator("keycloak_ldap_group_mapper", func(r *config.Resource) { diff --git a/config/mapper/config.go b/config/mapper/config.go index e6a37d8b..08a3601c 100644 --- a/config/mapper/config.go +++ b/config/mapper/config.go @@ -7,6 +7,7 @@ import ( "github.com/crossplane/upjet/v2/pkg/config" "github.com/keycloak/terraform-provider-keycloak/keycloak" + "github.com/crossplane-contrib/provider-keycloak/config/common" "github.com/crossplane-contrib/provider-keycloak/config/lookup" "github.com/crossplane-contrib/provider-keycloak/config/multitypes" ) @@ -21,12 +22,14 @@ func Configure(p *config.Provider) { Name: "saml_client_id", Reference: config.Reference{ TerraformName: "keycloak_saml_client", + Extractor: common.PathUUIDExtractor, }, }, multitypes.Instance{ Name: "client_id", Reference: config.Reference{ TerraformName: "keycloak_openid_client", + Extractor: common.PathUUIDExtractor, }, }) @@ -51,9 +54,38 @@ func Configure(p *config.Provider) { r.References["role_id"] = config.Reference{ TerraformName: "keycloak_role", } - r.References["client_scope_id"] = config.Reference{ - TerraformName: "keycloak_openid_client_scope", - } + + multitypes.ApplyToWithOptions(r, "client_id", + &multitypes.Options{KeepOriginalField: true}, // Explicit: maintain backward compatibility + multitypes.Instance{ + Name: "saml_client_id", + Reference: config.Reference{ + TerraformName: "keycloak_saml_client", + Extractor: common.PathUUIDExtractor, + }, + }, + multitypes.Instance{ + Name: "client_id", + Reference: config.Reference{ + TerraformName: "keycloak_openid_client", + Extractor: common.PathUUIDExtractor, + }, + }) + + multitypes.ApplyToWithOptions(r, "client_scope_id", + &multitypes.Options{KeepOriginalField: true}, // Explicit: maintain backward compatibility + multitypes.Instance{ + Name: "saml_client_scope_id", + Reference: config.Reference{ + TerraformName: "keycloak_saml_client_scope", + }, + }, + multitypes.Instance{ + Name: "client_scope_id", + Reference: config.Reference{ + TerraformName: "keycloak_openid_client_scope", + }, + }) }) } diff --git a/config/openidclient/config.go b/config/openidclient/config.go index 4cf955ec..c6f00294 100644 --- a/config/openidclient/config.go +++ b/config/openidclient/config.go @@ -35,11 +35,19 @@ func Configure(p *config.Provider) { p.AddResourceConfigurator("keycloak_openid_client_default_scopes", func(r *config.Resource) { // We need to override the default group that upjet generated for r.ShortGroup = Group + r.References["client_id"] = config.Reference{ + TerraformName: "keycloak_openid_client", + Extractor: common.PathUUIDExtractor, + } }) p.AddResourceConfigurator("keycloak_openid_client_optional_scopes", func(r *config.Resource) { // We need to override the default group that upjet generated for r.ShortGroup = Group + r.References["client_id"] = config.Reference{ + TerraformName: "keycloak_openid_client", + Extractor: common.PathUUIDExtractor, + } }) p.AddResourceConfigurator("keycloak_openid_client_scope", func(r *config.Resource) { @@ -75,11 +83,25 @@ func Configure(p *config.Provider) { p.AddResourceConfigurator("keycloak_openid_client_service_account_realm_role", func(r *config.Resource) { r.ShortGroup = Group + r.References["service_account_user_id"] = config.Reference{ + TerraformName: "keycloak_openid_client", + Extractor: common.PathServiceAccountRoleIDExtractor, + RefFieldName: "ServiceAccountUserClientIDRef", + SelectorFieldName: "ServiceAccountUserClientIDSelector", + } + r.LateInitializer = config.LateInitializer{ + IgnoredFields: []string{"service_account_user_id"}, + } }) p.AddResourceConfigurator("keycloak_openid_client_client_policy", func(r *config.Resource) { r.ShortGroup = Group + r.References["resource_server_id"] = config.Reference{ + TerraformName: "keycloak_openid_client", + Extractor: common.PathUUIDExtractor, + } + multitypes.ApplyToAsListWithOptions(r, "clients", &multitypes.Options{KeepOriginalField: true}, // Explicit: maintain backward compatibility multitypes.Instance{ @@ -111,6 +133,11 @@ func Configure(p *config.Provider) { p.AddResourceConfigurator("keycloak_openid_client_group_policy", func(r *config.Resource) { r.ShortGroup = Group + r.References["resource_server_id"] = config.Reference{ + TerraformName: "keycloak_openid_client", + Extractor: common.PathUUIDExtractor, + } + r.References["groups.id"] = config.Reference{ TerraformName: "keycloak_group", Extractor: common.PathUUIDExtractor, @@ -131,6 +158,11 @@ func Configure(p *config.Provider) { p.AddResourceConfigurator("keycloak_openid_client_role_policy", func(r *config.Resource) { r.ShortGroup = Group + r.References["resource_server_id"] = config.Reference{ + TerraformName: "keycloak_openid_client", + Extractor: common.PathUUIDExtractor, + } + r.References["role.id"] = config.Reference{ TerraformName: "keycloak_role", Extractor: common.PathUUIDExtractor, @@ -150,6 +182,11 @@ func Configure(p *config.Provider) { p.AddResourceConfigurator("keycloak_openid_client_user_policy", func(r *config.Resource) { r.ShortGroup = Group + r.References["resource_server_id"] = config.Reference{ + TerraformName: "keycloak_openid_client", + Extractor: common.PathUUIDExtractor, + } + r.References["users"] = config.Reference{ TerraformName: "keycloak_user", Extractor: common.PathUUIDExtractor, @@ -168,14 +205,66 @@ func Configure(p *config.Provider) { p.AddResourceConfigurator("keycloak_openid_client_permissions", func(r *config.Resource) { r.ShortGroup = Group + r.References["client_id"] = config.Reference{ + TerraformName: "keycloak_openid_client", + Extractor: common.PathUUIDExtractor, + } }) p.AddResourceConfigurator("keycloak_openid_client_authorization_resource", func(r *config.Resource) { r.ShortGroup = Group + r.References["resource_server_id"] = config.Reference{ + TerraformName: "keycloak_openid_client", + Extractor: common.PathUUIDExtractor, + } }) p.AddResourceConfigurator("keycloak_openid_client_authorization_permission", func(r *config.Resource) { r.ShortGroup = Group + r.References["resource_server_id"] = config.Reference{ + TerraformName: "keycloak_openid_client", + Extractor: common.PathUUIDExtractor, + } + }) + + p.AddResourceConfigurator("keycloak_openid_client_authorization_scope", func(r *config.Resource) { + r.ShortGroup = Group + r.References["resource_server_id"] = config.Reference{ + TerraformName: "keycloak_openid_client", + Extractor: common.PathUUIDExtractor, + } + }) + + p.AddResourceConfigurator("keycloak_openid_client_aggregate_policy", func(r *config.Resource) { + r.ShortGroup = Group + r.References["resource_server_id"] = config.Reference{ + TerraformName: "keycloak_openid_client", + Extractor: common.PathUUIDExtractor, + } + }) + + p.AddResourceConfigurator("keycloak_openid_client_js_policy", func(r *config.Resource) { + r.ShortGroup = Group + r.References["resource_server_id"] = config.Reference{ + TerraformName: "keycloak_openid_client", + Extractor: common.PathUUIDExtractor, + } + }) + + p.AddResourceConfigurator("keycloak_openid_client_time_policy", func(r *config.Resource) { + r.ShortGroup = Group + r.References["resource_server_id"] = config.Reference{ + TerraformName: "keycloak_openid_client", + Extractor: common.PathUUIDExtractor, + } + }) + + p.AddResourceConfigurator("keycloak_openid_client_authorization_client_scope_policy", func(r *config.Resource) { + r.ShortGroup = Group + r.References["resource_server_id"] = config.Reference{ + TerraformName: "keycloak_openid_client", + Extractor: common.PathUUIDExtractor, + } }) } diff --git a/config/openidgroup/config.go b/config/openidgroup/config.go index 8b7e17d0..ab34506a 100644 --- a/config/openidgroup/config.go +++ b/config/openidgroup/config.go @@ -6,6 +6,7 @@ import ( "github.com/crossplane/upjet/v2/pkg/config" "github.com/keycloak/terraform-provider-keycloak/keycloak" + "github.com/crossplane-contrib/provider-keycloak/config/common" "github.com/crossplane-contrib/provider-keycloak/config/lookup" ) @@ -15,6 +16,10 @@ func Configure(p *config.Provider) { // We need to override the default group that upjet generated for r.ShortGroup = "openidgroup" + r.References["client_id"] = config.Reference{ + TerraformName: "keycloak_openid_client", + Extractor: common.PathUUIDExtractor, + } r.References["client_scope_id"] = config.Reference{ TerraformName: "keycloak_openid_client_scope", } diff --git a/config/provider.go b/config/provider.go index fc263a12..0c76500e 100644 --- a/config/provider.go +++ b/config/provider.go @@ -191,27 +191,11 @@ func KnownReferencers() ujconfig.ResourceOption { //nolint:gocyclo r.References["organization_id"] = ujconfig.Reference{ TerraformName: "keycloak_organization", } - case "client_id": - r.References["client_id"] = ujconfig.Reference{ - TerraformName: "keycloak_openid_client", - Extractor: common.PathUUIDExtractor, - } case "client_scope_id": r.References["client_scope_id"] = ujconfig.Reference{ TerraformName: "keycloak_openid_client_scope", Extractor: common.PathUUIDExtractor, } - case "service_account_user_id": - r.References["service_account_user_id"] = ujconfig.Reference{ - TerraformName: "keycloak_openid_client", - Extractor: common.PathServiceAccountRoleIDExtractor, - RefFieldName: "ServiceAccountUserClientIDRef", - SelectorFieldName: "ServiceAccountUserClientIDSelector", - } - r.LateInitializer = ujconfig.LateInitializer{ - IgnoredFields: []string{"service_account_user_id"}, - } - case "role_ids": r.References["role_ids"] = ujconfig.Reference{ TerraformName: "keycloak_role", @@ -223,12 +207,6 @@ func KnownReferencers() ujconfig.ResourceOption { //nolint:gocyclo TerraformName: "keycloak_role", Extractor: common.PathUUIDExtractor, } - - case "resource_server_id": - r.References["resource_server_id"] = ujconfig.Reference{ - TerraformName: "keycloak_openid_client", - Extractor: common.PathUUIDExtractor, - } } } diff --git a/config/role/config.go b/config/role/config.go index de00adbc..a446a2ac 100644 --- a/config/role/config.go +++ b/config/role/config.go @@ -9,6 +9,7 @@ import ( "github.com/crossplane-contrib/provider-keycloak/config/common" "github.com/crossplane-contrib/provider-keycloak/config/lookup" + "github.com/crossplane-contrib/provider-keycloak/config/multitypes" ) // Configure configures individual resources by adding custom ResourceConfigurators. @@ -21,6 +22,23 @@ func Configure(p *config.Provider) { TerraformName: "keycloak_role", Extractor: common.PathUUIDExtractor, } + + multitypes.ApplyToWithOptions(r, "client_id", + &multitypes.Options{KeepOriginalField: true}, // Explicit: maintain backward compatibility + multitypes.Instance{ + Name: "saml_client_id", + Reference: config.Reference{ + TerraformName: "keycloak_saml_client", + Extractor: common.PathUUIDExtractor, + }, + }, + multitypes.Instance{ + Name: "client_id", + Reference: config.Reference{ + TerraformName: "keycloak_openid_client", + Extractor: common.PathUUIDExtractor, + }, + }) }) } diff --git a/examples-generated/cluster/client/v1alpha1/protocolmapper.yaml b/examples-generated/cluster/client/v1alpha1/protocolmapper.yaml index ca2ae211..aa5774d2 100644 --- a/examples-generated/cluster/client/v1alpha1/protocolmapper.yaml +++ b/examples-generated/cluster/client/v1alpha1/protocolmapper.yaml @@ -50,9 +50,7 @@ metadata: name: saml-client spec: forProvider: - clientIdSelector: - matchLabels: - testing.upbound.io/example-name: example + clientId: test-client realmIdSelector: matchLabels: testing.upbound.io/example-name: realm diff --git a/examples-generated/cluster/client/v1alpha1/rolemapper.yaml b/examples-generated/cluster/client/v1alpha1/rolemapper.yaml index a3dd8489..53fcf044 100644 --- a/examples-generated/cluster/client/v1alpha1/rolemapper.yaml +++ b/examples-generated/cluster/client/v1alpha1/rolemapper.yaml @@ -31,9 +31,7 @@ metadata: spec: forProvider: accessType: BEARER-ONLY - clientIdSelector: - matchLabels: - testing.upbound.io/example-name: example + clientId: client enabled: true name: client realmIdSelector: diff --git a/examples-generated/cluster/group/v1alpha1/roles.yaml b/examples-generated/cluster/group/v1alpha1/roles.yaml index 7a25369b..9fc9b304 100644 --- a/examples-generated/cluster/group/v1alpha1/roles.yaml +++ b/examples-generated/cluster/group/v1alpha1/roles.yaml @@ -48,9 +48,7 @@ metadata: spec: forProvider: accessType: BEARER-ONLY - clientIdSelector: - matchLabels: - testing.upbound.io/example-name: example + clientId: client enabled: true name: client realmIdSelector: diff --git a/examples-generated/cluster/openidclient/v1alpha1/client.yaml b/examples-generated/cluster/openidclient/v1alpha1/client.yaml index c46cc5bf..24a4433f 100644 --- a/examples-generated/cluster/openidclient/v1alpha1/client.yaml +++ b/examples-generated/cluster/openidclient/v1alpha1/client.yaml @@ -9,9 +9,7 @@ metadata: spec: forProvider: accessType: CONFIDENTIAL - clientIdSelector: - matchLabels: - testing.upbound.io/example-name: example + clientId: test-client enabled: true extraConfig: key1: value1 diff --git a/examples-generated/cluster/openidclient/v1alpha1/clientauthorizationpermission.yaml b/examples-generated/cluster/openidclient/v1alpha1/clientauthorizationpermission.yaml index 912d17d2..b2939f90 100644 --- a/examples-generated/cluster/openidclient/v1alpha1/clientauthorizationpermission.yaml +++ b/examples-generated/cluster/openidclient/v1alpha1/clientauthorizationpermission.yaml @@ -35,9 +35,7 @@ spec: accessType: CONFIDENTIAL authorization: - policyEnforcementMode: ENFORCING - clientIdSelector: - matchLabels: - testing.upbound.io/example-name: example + clientId: client_id realmIdSelector: matchLabels: testing.upbound.io/example-name: realm diff --git a/examples-generated/cluster/openidclient/v1alpha1/clientauthorizationresource.yaml b/examples-generated/cluster/openidclient/v1alpha1/clientauthorizationresource.yaml index dcd16ecb..8b96eeab 100644 --- a/examples-generated/cluster/openidclient/v1alpha1/clientauthorizationresource.yaml +++ b/examples-generated/cluster/openidclient/v1alpha1/clientauthorizationresource.yaml @@ -42,9 +42,7 @@ spec: accessType: CONFIDENTIAL authorization: - policyEnforcementMode: ENFORCING - clientIdSelector: - matchLabels: - testing.upbound.io/example-name: example + clientId: client_id realmIdSelector: matchLabels: testing.upbound.io/example-name: realm diff --git a/examples-generated/cluster/openidclient/v1alpha1/clientclientpolicy.yaml b/examples-generated/cluster/openidclient/v1alpha1/clientclientpolicy.yaml index 07a8d69c..76fc355c 100644 --- a/examples-generated/cluster/openidclient/v1alpha1/clientclientpolicy.yaml +++ b/examples-generated/cluster/openidclient/v1alpha1/clientclientpolicy.yaml @@ -33,9 +33,7 @@ metadata: spec: forProvider: accessType: CONFIDENTIAL - clientIdSelector: - matchLabels: - testing.upbound.io/example-name: example + clientId: openid_client name: openid_client realmIdSelector: matchLabels: diff --git a/examples-generated/cluster/openidclient/v1alpha1/clientdefaultscopes.yaml b/examples-generated/cluster/openidclient/v1alpha1/clientdefaultscopes.yaml index fab1957f..af74767e 100644 --- a/examples-generated/cluster/openidclient/v1alpha1/clientdefaultscopes.yaml +++ b/examples-generated/cluster/openidclient/v1alpha1/clientdefaultscopes.yaml @@ -34,9 +34,7 @@ metadata: spec: forProvider: accessType: CONFIDENTIAL - clientIdSelector: - matchLabels: - testing.upbound.io/example-name: example + clientId: test-client realmIdSelector: matchLabels: testing.upbound.io/example-name: realm diff --git a/examples-generated/cluster/openidclient/v1alpha1/clientoptionalscopes.yaml b/examples-generated/cluster/openidclient/v1alpha1/clientoptionalscopes.yaml index 473a44af..9cf1ac18 100644 --- a/examples-generated/cluster/openidclient/v1alpha1/clientoptionalscopes.yaml +++ b/examples-generated/cluster/openidclient/v1alpha1/clientoptionalscopes.yaml @@ -34,9 +34,7 @@ metadata: spec: forProvider: accessType: CONFIDENTIAL - clientIdSelector: - matchLabels: - testing.upbound.io/example-name: example + clientId: test-client realmIdSelector: matchLabels: testing.upbound.io/example-name: realm diff --git a/examples-generated/cluster/openidclient/v1alpha1/clientpermissions.yaml b/examples-generated/cluster/openidclient/v1alpha1/clientpermissions.yaml index 982cdac0..87308024 100644 --- a/examples-generated/cluster/openidclient/v1alpha1/clientpermissions.yaml +++ b/examples-generated/cluster/openidclient/v1alpha1/clientpermissions.yaml @@ -33,9 +33,7 @@ metadata: spec: forProvider: accessType: CONFIDENTIAL - clientIdSelector: - matchLabels: - testing.upbound.io/example-name: example + clientId: my_openid_client clientSecretSecretRef: key: example-key name: example-secret diff --git a/examples-generated/cluster/openidgroup/v1alpha1/groupmembershipprotocolmapper.yaml b/examples-generated/cluster/openidgroup/v1alpha1/groupmembershipprotocolmapper.yaml index 93f15288..3f853639 100644 --- a/examples-generated/cluster/openidgroup/v1alpha1/groupmembershipprotocolmapper.yaml +++ b/examples-generated/cluster/openidgroup/v1alpha1/groupmembershipprotocolmapper.yaml @@ -30,9 +30,7 @@ metadata: spec: forProvider: accessType: CONFIDENTIAL - clientIdSelector: - matchLabels: - testing.upbound.io/example-name: example + clientId: client enabled: true name: client realmIdSelector: diff --git a/examples-generated/cluster/samlclient/v1alpha1/client.yaml b/examples-generated/cluster/samlclient/v1alpha1/client.yaml index e9e82408..41083f2b 100644 --- a/examples-generated/cluster/samlclient/v1alpha1/client.yaml +++ b/examples-generated/cluster/samlclient/v1alpha1/client.yaml @@ -8,9 +8,7 @@ metadata: name: saml-client spec: forProvider: - clientIdSelector: - matchLabels: - testing.upbound.io/example-name: example + clientId: saml-client includeAuthnStatement: true name: saml-client realmIdSelector: diff --git a/examples-generated/cluster/samlclient/v1alpha1/clientdefaultscopes.yaml b/examples-generated/cluster/samlclient/v1alpha1/clientdefaultscopes.yaml index 1701e4dd..a0e94609 100644 --- a/examples-generated/cluster/samlclient/v1alpha1/clientdefaultscopes.yaml +++ b/examples-generated/cluster/samlclient/v1alpha1/clientdefaultscopes.yaml @@ -45,9 +45,7 @@ metadata: name: saml-client spec: forProvider: - clientIdSelector: - matchLabels: - testing.upbound.io/example-name: example + clientId: saml-client includeAuthnStatement: true name: saml-client realmIdSelector: diff --git a/examples-generated/cluster/user/v1alpha1/roles.yaml b/examples-generated/cluster/user/v1alpha1/roles.yaml index fd245d9b..85a19168 100644 --- a/examples-generated/cluster/user/v1alpha1/roles.yaml +++ b/examples-generated/cluster/user/v1alpha1/roles.yaml @@ -31,9 +31,7 @@ metadata: spec: forProvider: accessType: BEARER-ONLY - clientIdSelector: - matchLabels: - testing.upbound.io/example-name: example + clientId: client enabled: true name: client realmIdSelector: diff --git a/examples-generated/namespaced/client/v1alpha1/protocolmapper.yaml b/examples-generated/namespaced/client/v1alpha1/protocolmapper.yaml index 5b1a8199..97c66c96 100644 --- a/examples-generated/namespaced/client/v1alpha1/protocolmapper.yaml +++ b/examples-generated/namespaced/client/v1alpha1/protocolmapper.yaml @@ -53,9 +53,7 @@ metadata: namespace: upbound-system spec: forProvider: - clientIdSelector: - matchLabels: - testing.upbound.io/example-name: example + clientId: test-client realmIdSelector: matchLabels: testing.upbound.io/example-name: realm diff --git a/examples-generated/namespaced/samlclient/v1alpha1/client.yaml b/examples-generated/namespaced/samlclient/v1alpha1/client.yaml index fd6da05e..3a30bca9 100644 --- a/examples-generated/namespaced/samlclient/v1alpha1/client.yaml +++ b/examples-generated/namespaced/samlclient/v1alpha1/client.yaml @@ -9,9 +9,7 @@ metadata: namespace: upbound-system spec: forProvider: - clientIdSelector: - matchLabels: - testing.upbound.io/example-name: example + clientId: saml-client includeAuthnStatement: true name: saml-client realmIdSelector: diff --git a/examples-generated/namespaced/samlclient/v1alpha1/clientdefaultscopes.yaml b/examples-generated/namespaced/samlclient/v1alpha1/clientdefaultscopes.yaml index 8809f561..8a293a76 100644 --- a/examples-generated/namespaced/samlclient/v1alpha1/clientdefaultscopes.yaml +++ b/examples-generated/namespaced/samlclient/v1alpha1/clientdefaultscopes.yaml @@ -48,9 +48,7 @@ metadata: namespace: upbound-system spec: forProvider: - clientIdSelector: - matchLabels: - testing.upbound.io/example-name: example + clientId: saml-client includeAuthnStatement: true name: saml-client realmIdSelector: diff --git a/package/crds/client.keycloak.crossplane.io_rolemappers.yaml b/package/crds/client.keycloak.crossplane.io_rolemappers.yaml index aa11c8f3..ff7fd6af 100644 --- a/package/crds/client.keycloak.crossplane.io_rolemappers.yaml +++ b/package/crds/client.keycloak.crossplane.io_rolemappers.yaml @@ -392,6 +392,166 @@ spec: type: string type: object type: object + samlClientId: + description: |- + The ID of the client this role mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. + The destination client of the role. Cannot be used at the same time as client_scope_id. + type: string + samlClientIdRef: + description: Reference to a Client in samlclient to populate samlClientId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + samlClientIdSelector: + description: Selector for a Client in samlclient to populate samlClientId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + samlClientScopeId: + description: |- + The ID of the client scope this role mapper should be added to. Conflicts with client_id. This argument is required if client_id is not set. + The destination client scope of the role. Cannot be used at the same time as client_id. + type: string + samlClientScopeIdRef: + description: Reference to a ClientScope in samlclient to populate + samlClientScopeId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + samlClientScopeIdSelector: + description: Selector for a ClientScope in samlclient to populate + samlClientScopeId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object initProvider: description: |- @@ -726,6 +886,166 @@ spec: type: string type: object type: object + samlClientId: + description: |- + The ID of the client this role mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. + The destination client of the role. Cannot be used at the same time as client_scope_id. + type: string + samlClientIdRef: + description: Reference to a Client in samlclient to populate samlClientId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + samlClientIdSelector: + description: Selector for a Client in samlclient to populate samlClientId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + samlClientScopeId: + description: |- + The ID of the client scope this role mapper should be added to. Conflicts with client_id. This argument is required if client_id is not set. + The destination client scope of the role. Cannot be used at the same time as client_id. + type: string + samlClientScopeIdRef: + description: Reference to a ClientScope in samlclient to populate + samlClientScopeId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + samlClientScopeIdSelector: + description: Selector for a ClientScope in samlclient to populate + samlClientScopeId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object managementPolicies: default: @@ -840,6 +1160,16 @@ spec: The ID of the role to be added to this role mapper. Id of the role to assign type: string + samlClientId: + description: |- + The ID of the client this role mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. + The destination client of the role. Cannot be used at the same time as client_scope_id. + type: string + samlClientScopeId: + description: |- + The ID of the client scope this role mapper should be added to. Conflicts with client_id. This argument is required if client_id is not set. + The destination client scope of the role. Cannot be used at the same time as client_id. + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/client.keycloak.m.crossplane.io_rolemappers.yaml b/package/crds/client.keycloak.m.crossplane.io_rolemappers.yaml index e488988d..09341342 100644 --- a/package/crds/client.keycloak.m.crossplane.io_rolemappers.yaml +++ b/package/crds/client.keycloak.m.crossplane.io_rolemappers.yaml @@ -402,6 +402,178 @@ spec: type: string type: object type: object + samlClientId: + description: |- + The ID of the client this role mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. + The destination client of the role. Cannot be used at the same time as client_scope_id. + type: string + samlClientIdRef: + description: Reference to a Client in samlclient to populate samlClientId. + properties: + name: + description: Name of the referenced object. + type: string + namespace: + description: Namespace of the referenced object + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + samlClientIdSelector: + description: Selector for a Client in samlclient to populate samlClientId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + namespace: + description: Namespace for the selector + type: string + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + samlClientScopeId: + description: |- + The ID of the client scope this role mapper should be added to. Conflicts with client_id. This argument is required if client_id is not set. + The destination client scope of the role. Cannot be used at the same time as client_id. + type: string + samlClientScopeIdRef: + description: Reference to a ClientScope in samlclient to populate + samlClientScopeId. + properties: + name: + description: Name of the referenced object. + type: string + namespace: + description: Namespace of the referenced object + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + samlClientScopeIdSelector: + description: Selector for a ClientScope in samlclient to populate + samlClientScopeId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + namespace: + description: Namespace for the selector + type: string + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object initProvider: description: |- @@ -760,6 +932,178 @@ spec: type: string type: object type: object + samlClientId: + description: |- + The ID of the client this role mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. + The destination client of the role. Cannot be used at the same time as client_scope_id. + type: string + samlClientIdRef: + description: Reference to a Client in samlclient to populate samlClientId. + properties: + name: + description: Name of the referenced object. + type: string + namespace: + description: Namespace of the referenced object + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + samlClientIdSelector: + description: Selector for a Client in samlclient to populate samlClientId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + namespace: + description: Namespace for the selector + type: string + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + samlClientScopeId: + description: |- + The ID of the client scope this role mapper should be added to. Conflicts with client_id. This argument is required if client_id is not set. + The destination client scope of the role. Cannot be used at the same time as client_id. + type: string + samlClientScopeIdRef: + description: Reference to a ClientScope in samlclient to populate + samlClientScopeId. + properties: + name: + description: Name of the referenced object. + type: string + namespace: + description: Namespace of the referenced object + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + samlClientScopeIdSelector: + description: Selector for a ClientScope in samlclient to populate + samlClientScopeId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + namespace: + description: Namespace for the selector + type: string + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object managementPolicies: default: @@ -846,6 +1190,16 @@ spec: The ID of the role to be added to this role mapper. Id of the role to assign type: string + samlClientId: + description: |- + The ID of the client this role mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. + The destination client of the role. Cannot be used at the same time as client_scope_id. + type: string + samlClientScopeId: + description: |- + The ID of the client scope this role mapper should be added to. Conflicts with client_id. This argument is required if client_id is not set. + The destination client scope of the role. Cannot be used at the same time as client_id. + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/openidclient.keycloak.crossplane.io_clients.yaml b/package/crds/openidclient.keycloak.crossplane.io_clients.yaml index 7dacf0eb..30c31631 100644 --- a/package/crds/openidclient.keycloak.crossplane.io_clients.yaml +++ b/package/crds/openidclient.keycloak.crossplane.io_clients.yaml @@ -313,82 +313,6 @@ spec: description: The Client ID for this client, referenced in the URI during authentication and in issued tokens. type: string - clientIdRef: - description: Reference to a Client in openidclient to populate - clientId. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - clientIdSelector: - description: Selector for a Client in openidclient to populate - clientId. - properties: - matchControllerRef: - description: |- - MatchControllerRef ensures an object with the same controller reference - as the selecting object is selected. - type: boolean - matchLabels: - additionalProperties: - type: string - description: MatchLabels ensures an object with matching labels - is selected. - type: object - policy: - description: Policies for selection. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - type: object clientOfflineSessionIdleTimeout: description: Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is @@ -947,82 +871,6 @@ spec: description: The Client ID for this client, referenced in the URI during authentication and in issued tokens. type: string - clientIdRef: - description: Reference to a Client in openidclient to populate - clientId. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - clientIdSelector: - description: Selector for a Client in openidclient to populate - clientId. - properties: - matchControllerRef: - description: |- - MatchControllerRef ensures an object with the same controller reference - as the selecting object is selected. - type: boolean - matchLabels: - additionalProperties: - type: string - description: MatchLabels ensures an object with matching labels - is selected. - type: object - policy: - description: Policies for selection. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - type: object clientOfflineSessionIdleTimeout: description: Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is @@ -1418,6 +1266,10 @@ spec: rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies || ''Update'' in self.managementPolicies) || has(self.forProvider.accessType) || (has(self.initProvider) && has(self.initProvider.accessType))' + - message: spec.forProvider.clientId is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.clientId) + || (has(self.initProvider) && has(self.initProvider.clientId))' status: description: ClientStatus defines the observed state of Client. properties: diff --git a/package/crds/role.keycloak.crossplane.io_roles.yaml b/package/crds/role.keycloak.crossplane.io_roles.yaml index 95d07c5d..c02f0cd3 100644 --- a/package/crds/role.keycloak.crossplane.io_roles.yaml +++ b/package/crds/role.keycloak.crossplane.io_roles.yaml @@ -336,6 +336,84 @@ spec: type: string type: object type: object + samlClientId: + description: When specified, this role will be created as a client + role attached to the client with the provided ID + type: string + samlClientIdRef: + description: Reference to a Client in samlclient to populate samlClientId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + samlClientIdSelector: + description: Selector for a Client in samlclient to populate samlClientId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object initProvider: description: |- @@ -614,6 +692,84 @@ spec: type: string type: object type: object + samlClientId: + description: When specified, this role will be created as a client + role attached to the client with the provided ID + type: string + samlClientIdRef: + description: Reference to a Client in samlclient to populate samlClientId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + samlClientIdSelector: + description: Selector for a Client in samlclient to populate samlClientId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object managementPolicies: default: @@ -750,6 +906,10 @@ spec: realmId: description: The realm this role exists within. type: string + samlClientId: + description: When specified, this role will be created as a client + role attached to the client with the provided ID + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/role.keycloak.m.crossplane.io_roles.yaml b/package/crds/role.keycloak.m.crossplane.io_roles.yaml index 3a196ff2..34f98a74 100644 --- a/package/crds/role.keycloak.m.crossplane.io_roles.yaml +++ b/package/crds/role.keycloak.m.crossplane.io_roles.yaml @@ -340,6 +340,90 @@ spec: type: string type: object type: object + samlClientId: + description: When specified, this role will be created as a client + role attached to the client with the provided ID + type: string + samlClientIdRef: + description: Reference to a Client in samlclient to populate samlClientId. + properties: + name: + description: Name of the referenced object. + type: string + namespace: + description: Namespace of the referenced object + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + samlClientIdSelector: + description: Selector for a Client in samlclient to populate samlClientId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + namespace: + description: Namespace for the selector + type: string + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object initProvider: description: |- @@ -636,6 +720,90 @@ spec: type: string type: object type: object + samlClientId: + description: When specified, this role will be created as a client + role attached to the client with the provided ID + type: string + samlClientIdRef: + description: Reference to a Client in samlclient to populate samlClientId. + properties: + name: + description: Name of the referenced object. + type: string + namespace: + description: Namespace of the referenced object + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + samlClientIdSelector: + description: Selector for a Client in samlclient to populate samlClientId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + namespace: + description: Namespace for the selector + type: string + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object managementPolicies: default: @@ -744,6 +912,10 @@ spec: realmId: description: The realm this role exists within. type: string + samlClientId: + description: When specified, this role will be created as a client + role attached to the client with the provided ID + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/samlclient.keycloak.crossplane.io_clients.yaml b/package/crds/samlclient.keycloak.crossplane.io_clients.yaml index c3ae5fd0..f9bf7fac 100644 --- a/package/crds/samlclient.keycloak.crossplane.io_clients.yaml +++ b/package/crds/samlclient.keycloak.crossplane.io_clients.yaml @@ -109,82 +109,6 @@ spec: description: The unique ID of this client, referenced in the URI during authentication and in issued tokens. type: string - clientIdRef: - description: Reference to a Client in openidclient to populate - clientId. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - clientIdSelector: - description: Selector for a Client in openidclient to populate - clientId. - properties: - matchControllerRef: - description: |- - MatchControllerRef ensures an object with the same controller reference - as the selecting object is selected. - type: boolean - matchLabels: - additionalProperties: - type: string - description: MatchLabels ensures an object with matching labels - is selected. - type: object - policy: - description: Policies for selection. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - type: object clientSignatureRequired: description: When true, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key @@ -482,82 +406,6 @@ spec: description: The unique ID of this client, referenced in the URI during authentication and in issued tokens. type: string - clientIdRef: - description: Reference to a Client in openidclient to populate - clientId. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - clientIdSelector: - description: Selector for a Client in openidclient to populate - clientId. - properties: - matchControllerRef: - description: |- - MatchControllerRef ensures an object with the same controller reference - as the selecting object is selected. - type: boolean - matchLabels: - additionalProperties: - type: string - description: MatchLabels ensures an object with matching labels - is selected. - type: object - policy: - description: Policies for selection. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - type: object clientSignatureRequired: description: When true, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key @@ -891,6 +739,11 @@ spec: required: - forProvider type: object + x-kubernetes-validations: + - message: spec.forProvider.clientId is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.clientId) + || (has(self.initProvider) && has(self.initProvider.clientId))' status: description: ClientStatus defines the observed state of Client. properties: diff --git a/package/crds/samlclient.keycloak.m.crossplane.io_clients.yaml b/package/crds/samlclient.keycloak.m.crossplane.io_clients.yaml index e4abb2d9..a593ed75 100644 --- a/package/crds/samlclient.keycloak.m.crossplane.io_clients.yaml +++ b/package/crds/samlclient.keycloak.m.crossplane.io_clients.yaml @@ -95,88 +95,6 @@ spec: description: The unique ID of this client, referenced in the URI during authentication and in issued tokens. type: string - clientIdRef: - description: Reference to a Client in openidclient to populate - clientId. - properties: - name: - description: Name of the referenced object. - type: string - namespace: - description: Namespace of the referenced object - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - clientIdSelector: - description: Selector for a Client in openidclient to populate - clientId. - properties: - matchControllerRef: - description: |- - MatchControllerRef ensures an object with the same controller reference - as the selecting object is selected. - type: boolean - matchLabels: - additionalProperties: - type: string - description: MatchLabels ensures an object with matching labels - is selected. - type: object - namespace: - description: Namespace for the selector - type: string - policy: - description: Policies for selection. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - type: object clientSignatureRequired: description: When true, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key @@ -465,88 +383,6 @@ spec: description: The unique ID of this client, referenced in the URI during authentication and in issued tokens. type: string - clientIdRef: - description: Reference to a Client in openidclient to populate - clientId. - properties: - name: - description: Name of the referenced object. - type: string - namespace: - description: Namespace of the referenced object - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - clientIdSelector: - description: Selector for a Client in openidclient to populate - clientId. - properties: - matchControllerRef: - description: |- - MatchControllerRef ensures an object with the same controller reference - as the selecting object is selected. - type: boolean - matchLabels: - additionalProperties: - type: string - description: MatchLabels ensures an object with matching labels - is selected. - type: object - namespace: - description: Namespace for the selector - type: string - policy: - description: Policies for selection. - properties: - resolution: - default: Required - description: |- - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: |- - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - type: object clientSignatureRequired: description: When true, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key @@ -843,6 +679,11 @@ spec: required: - forProvider type: object + x-kubernetes-validations: + - message: spec.forProvider.clientId is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.clientId) + || (has(self.initProvider) && has(self.initProvider.clientId))' status: description: ClientStatus defines the observed state of Client. properties: