From fdbcf73964e113fd9e18d544831f08c53279585d Mon Sep 17 00:00:00 2001 From: Sergiy Kulanov Date: Thu, 6 Feb 2025 19:51:59 +0200 Subject: [PATCH] operator edp-keycloak-operator (1.24.0) (#5904) Signed-off-by: Sergiy Kulanov --- ...secret-authorization-sample_v1_secret.yaml | 6 + ...client-secret-policy-sample_v1_secret.yaml | 6 + ...-operator-manager-config_v1_configmap.yaml | 18 + ...ycloak-operator.clusterserviceversion.yaml | 1249 +++++++++++++++++ ...v1.edp.epam.com_clusterkeycloakrealms.yaml | 543 +++++++ .../v1.edp.epam.com_clusterkeycloaks.yaml | 133 ++ .../v1.edp.epam.com_keycloakauthflows.yaml | 158 +++ .../v1.edp.epam.com_keycloakclients.yaml | 672 +++++++++ .../v1.edp.epam.com_keycloakclientscopes.yaml | 133 ++ ....edp.epam.com_keycloakrealmcomponents.yaml | 135 ++ .../v1.edp.epam.com_keycloakrealmgroups.yaml | 141 ++ ...am.com_keycloakrealmidentityproviders.yaml | 158 +++ ...edp.epam.com_keycloakrealmrolebatches.yaml | 129 ++ .../v1.edp.epam.com_keycloakrealmroles.yaml | 144 ++ .../v1.edp.epam.com_keycloakrealms.yaml | 571 ++++++++ .../v1.edp.epam.com_keycloakrealmusers.yaml | 163 +++ .../manifests/v1.edp.epam.com_keycloaks.yaml | 131 ++ .../1.24.0/metadata/annotations.yaml | 18 + .../1.24.0/tests/scorecard/config.yaml | 70 + 19 files changed, 4578 insertions(+) create mode 100644 operators/edp-keycloak-operator/1.24.0/manifests/client-secret-authorization-sample_v1_secret.yaml create mode 100644 operators/edp-keycloak-operator/1.24.0/manifests/client-secret-policy-sample_v1_secret.yaml create mode 100644 operators/edp-keycloak-operator/1.24.0/manifests/edp-keycloak-operator-manager-config_v1_configmap.yaml create mode 100644 operators/edp-keycloak-operator/1.24.0/manifests/edp-keycloak-operator.clusterserviceversion.yaml create mode 100644 operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_clusterkeycloakrealms.yaml create mode 100644 operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_clusterkeycloaks.yaml create mode 100644 operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakauthflows.yaml create mode 100644 operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakclients.yaml create mode 100644 operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakclientscopes.yaml create mode 100644 operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealmcomponents.yaml create mode 100644 operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealmgroups.yaml create mode 100644 operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealmidentityproviders.yaml create mode 100644 operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealmrolebatches.yaml create mode 100644 operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealmroles.yaml create mode 100644 operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealms.yaml create mode 100644 operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealmusers.yaml create mode 100644 operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloaks.yaml create mode 100644 operators/edp-keycloak-operator/1.24.0/metadata/annotations.yaml create mode 100644 operators/edp-keycloak-operator/1.24.0/tests/scorecard/config.yaml diff --git a/operators/edp-keycloak-operator/1.24.0/manifests/client-secret-authorization-sample_v1_secret.yaml b/operators/edp-keycloak-operator/1.24.0/manifests/client-secret-authorization-sample_v1_secret.yaml new file mode 100644 index 00000000000..96a51f35c53 --- /dev/null +++ b/operators/edp-keycloak-operator/1.24.0/manifests/client-secret-authorization-sample_v1_secret.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +data: + client-secret-key: cGFzc3dvcmQ= +kind: Secret +metadata: + name: client-secret-authorization-sample diff --git a/operators/edp-keycloak-operator/1.24.0/manifests/client-secret-policy-sample_v1_secret.yaml b/operators/edp-keycloak-operator/1.24.0/manifests/client-secret-policy-sample_v1_secret.yaml new file mode 100644 index 00000000000..aca35048481 --- /dev/null +++ b/operators/edp-keycloak-operator/1.24.0/manifests/client-secret-policy-sample_v1_secret.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +data: + client-secret-key: cGFzc3dvcmQ= +kind: Secret +metadata: + name: client-secret-policy-sample diff --git a/operators/edp-keycloak-operator/1.24.0/manifests/edp-keycloak-operator-manager-config_v1_configmap.yaml b/operators/edp-keycloak-operator/1.24.0/manifests/edp-keycloak-operator-manager-config_v1_configmap.yaml new file mode 100644 index 00000000000..be8934c1999 --- /dev/null +++ b/operators/edp-keycloak-operator/1.24.0/manifests/edp-keycloak-operator-manager-config_v1_configmap.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +data: + controller_manager_config.yaml: "apiVersion: controller-runtime.sigs.k8s.io/v1alpha1\nkind: + ControllerManagerConfig\nhealth:\n healthProbeBindAddress: :8081\nmetrics:\n + \ bindAddress: 127.0.0.1:8080\nwebhook:\n port: 9443\nleaderElection:\n leaderElect: + true\n resourceName: edp-keycloak-operator-lock\n# leaderElectionReleaseOnCancel + defines if the leader should step down volume \n# when the Manager ends. This + requires the binary to immediately end when the\n# Manager is stopped, otherwise, + this setting is unsafe. Setting this significantly\n# speeds up voluntary leader + transitions as the new leader don't have to wait\n# LeaseDuration time first.\n# + \ In the default scaffold provided, the program ends immediately after \n# the + manager stops, so would be fine to enable this option. However, \n# if you are + doing or is intended to do any operation such as perform cleanups \n# after + the manager stops then its usage might be unsafe.\n# leaderElectionReleaseOnCancel: + true\n" +kind: ConfigMap +metadata: + name: edp-keycloak-operator-manager-config diff --git a/operators/edp-keycloak-operator/1.24.0/manifests/edp-keycloak-operator.clusterserviceversion.yaml b/operators/edp-keycloak-operator/1.24.0/manifests/edp-keycloak-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..d2d09209b15 --- /dev/null +++ b/operators/edp-keycloak-operator/1.24.0/manifests/edp-keycloak-operator.clusterserviceversion.yaml @@ -0,0 +1,1249 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "v1.edp.epam.com/v1", + "kind": "Keycloak", + "metadata": { + "name": "keycloak-sample" + }, + "spec": { + "secret": "my-keycloak-secret", + "url": "https://example.com" + } + }, + { + "apiVersion": "v1.edp.epam.com/v1", + "kind": "KeycloakAuthFlow", + "metadata": { + "name": "keycloakauthflow-sample" + }, + "spec": { + "alias": "MyBrowser", + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "priority": 0, + "requirement": "ALTERNATIVE" + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorConfig": { + "alias": "my-alias", + "config": { + "defaultProvider": "my-alias" + } + }, + "priority": 1, + "requirement": "REQUIRED" + } + ], + "builtIn": false, + "description": "browser with idp", + "providerId": "basic-flow", + "realmRef": { + "kind": "KeycloakRealm", + "name": "keycloakrealm-sample" + }, + "topLevel": true + } + }, + { + "apiVersion": "v1.edp.epam.com/v1", + "kind": "KeycloakClient", + "metadata": { + "name": "keycloakclient-authorization-sample" + }, + "spec": { + "adminFineGrainedPermissionsEnabled": true, + "authorization": { + "permissions": [ + { + "decisionStrategy": "AFFIRMATIVE", + "description": "Resource permission", + "logic": "POSITIVE", + "name": "resource-permission", + "policies": [ + "role-policy" + ], + "resources": [ + "resource1" + ], + "type": "resource" + }, + { + "decisionStrategy": "CONSENSUS", + "description": "Scope permission", + "logic": "POSITIVE", + "name": "scope-permission", + "policies": [ + "role-policy" + ], + "scopes": [ + "scope1" + ], + "type": "scope" + } + ], + "policies": [ + { + "decisionStrategy": "AFFIRMATIVE", + "description": "Role policy", + "logic": "POSITIVE", + "name": "role-policy", + "rolePolicy": { + "roles": [ + { + "name": "developer", + "required": true + } + ] + }, + "type": "role" + }, + { + "aggregatedPolicy": { + "policies": [ + "policy1", + "policy2" + ] + }, + "description": "Aggregate policy", + "name": "aggregate-policy", + "type": "aggregate" + }, + { + "clientPolicy": { + "clients": [ + "client1", + "client2" + ] + }, + "description": "Client policy", + "name": "client-policy", + "type": "client" + }, + { + "description": "Group policy", + "groupPolicy": { + "groups": [ + { + "extendChildren": true, + "name": "group1" + } + ] + }, + "name": "group-policy", + "type": "group" + }, + { + "description": "Role policy", + "name": "role-policy", + "rolePolicy": { + "roles": [ + { + "name": "developer", + "required": true + } + ] + }, + "type": "role" + }, + { + "description": "Time policy", + "name": "time-policy", + "timePolicy": { + "notBefore": "2021-01-01T00:00:00Z", + "notOnOrAfter": "2021-12-31T23:59:59Z" + }, + "type": "time" + }, + { + "description": "User policy", + "name": "user-policy", + "type": "user", + "userPolicy": { + "users": [ + "user1", + "user2" + ] + } + } + ], + "resources": [ + { + "displayName": "Resource 1", + "iconUri": "https://example.com/icon.png", + "name": "resource1", + "scopes": [ + "scope1" + ], + "type": "test" + } + ], + "scopes": [ + "scope1" + ] + }, + "authorizationServicesEnabled": true, + "clientId": "authorization-sample", + "directAccess": true, + "permission": { + "scopePermissions": [ + { + "name": "token-exchange", + "policies": [ + "policy1" + ] + } + ] + }, + "realmRef": { + "kind": "KeycloakRealm", + "name": "keycloakrealm-sample" + }, + "secret": "$client-secret-authorization-sample:client-secret-key", + "serviceAccount": { + "enabled": true + }, + "webUrl": "https://example.com" + } + }, + { + "apiVersion": "v1.edp.epam.com/v1", + "kind": "KeycloakClient", + "metadata": { + "name": "keycloakclient-sample" + }, + "spec": { + "advancedProtocolMappers": true, + "authenticationFlowBindingOverrides": { + "browser": "browser", + "directGrant": "direct grant" + }, + "clientId": "agocd", + "defaultClientScopes": [ + "argocd_groups" + ], + "directAccess": true, + "public": false, + "realmRef": { + "kind": "KeycloakRealm", + "name": "keycloakrealm-sample" + }, + "secret": "$client-secret-name:client-secret-key", + "webUrl": "https://argocd.example.com" + } + }, + { + "apiVersion": "v1.edp.epam.com/v1", + "kind": "KeycloakClientScope", + "metadata": { + "name": "keycloakclientscope-sample" + }, + "spec": { + "description": "Group Membership", + "name": "groups", + "protocol": "openid-connect", + "protocolMappers": [ + { + "config": { + "access.token.claim": "true", + "claim.name": "groups", + "full.path": "false", + "id.token.claim": "true", + "userinfo.token.claim": "true" + }, + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-group-membership-mapper" + } + ], + "realmRef": { + "kind": "KeycloakRealm", + "name": "keycloakrealm-sample" + } + } + }, + { + "apiVersion": "v1.edp.epam.com/v1", + "kind": "KeycloakRealm", + "metadata": { + "name": "keycloakrealm-sample" + }, + "spec": { + "id": "d1-id-kc-realm-name", + "keycloakRef": { + "kind": "Keycloak", + "name": "keycloak-sample" + }, + "passwordPolicy": [ + { + "type": "forceExpiredPasswordChange", + "value": "365" + }, + { + "type": "length", + "value": "8" + } + ], + "realmEventConfig": { + "adminEventsDetailsEnabled": false, + "adminEventsEnabled": true, + "enabledEventTypes": [ + "UPDATE_CONSENT_ERROR", + "CLIENT_LOGIN" + ], + "eventsEnabled": true, + "eventsExpiration": 15000, + "eventsListeners": [ + "jboss-logging" + ] + }, + "realmName": "d2-id-kc-realm-name", + "userProfileConfig": { + "attributes": [ + { + "annotations": { + "inputType": "text" + }, + "displayName": "Test Attribute", + "group": "test-group", + "multivalued": true, + "name": "test-attribute", + "permissions": { + "edit": [ + "admin" + ], + "view": [ + "admin", + "user" + ] + }, + "required": { + "roles": [ + "admin" + ], + "scopes": [ + "profile" + ] + }, + "selector": { + "scopes": [ + "profile" + ] + }, + "validations": { + "email": { + "max-local-length": { + "intVal": 64 + } + }, + "local-date": {}, + "multivalued": { + "max": { + "stringVal": "10" + }, + "min": { + "stringVal": "1" + } + }, + "options": { + "options": { + "sliceVal": [ + "option1", + "option2" + ] + } + } + } + } + ], + "groups": [ + { + "annotations": { + "groupAnnotation": "groupAnnotation" + }, + "displayDescription": "Test Group", + "displayHeader": "Test Group", + "name": "test-group" + } + ], + "unmanagedAttributePolicy": "ENABLED" + } + } + }, + { + "apiVersion": "v1.edp.epam.com/v1", + "kind": "KeycloakRealmComponent", + "metadata": { + "name": "keycloakrealmcomponent-sample" + }, + "spec": { + "config": { + "allowPasswordAuthentication": [ + "true" + ], + "cachePolicy": [ + "EVICT_WEEKLY" + ], + "debug": [ + "true" + ], + "editMode": [ + "READ_ONLY" + ], + "enabled": [ + "true" + ], + "evictionDay": [ + "3" + ], + "evictionHour": [ + "5" + ], + "evictionMinute": [ + "7" + ], + "kerberosRealm": [ + "test-realm" + ], + "keyTab": [ + "test-key-tab" + ], + "priority": [ + "0" + ], + "serverPrincipal": [ + "srv-principal-test" + ], + "updateProfileFirstLogin": [ + "true" + ] + }, + "name": "cr-kerb-test", + "providerId": "kerberos", + "providerType": "org.keycloak.storage.UserStorageProvider", + "realmRef": { + "kind": "KeycloakRealm", + "name": "keycloakrealm-sample" + } + } + }, + { + "apiVersion": "v1.edp.epam.com/v1", + "kind": "KeycloakRealmGroup", + "metadata": { + "name": "keycloakrealmgroup-sample" + }, + "spec": { + "name": "ArgoCDAdmins", + "realmRef": { + "kind": "KeycloakRealm", + "name": "keycloakrealm-sample" + } + } + }, + { + "apiVersion": "v1.edp.epam.com/v1", + "kind": "KeycloakRealmIdentityProvider", + "metadata": { + "name": "keycloakrealmidentityprovider-sample" + }, + "spec": { + "alias": "instagram", + "authenticateByDefault": false, + "config": { + "clientId": "foo", + "clientSecret": "$secretName:secretKey", + "hideOnLoginPage": "true", + "syncMode": "IMPORT", + "useJwksUrl": "true" + }, + "enabled": true, + "firstBrokerLoginFlowAlias": "first broker login", + "mappers": [ + { + "config": { + "role": "role-tr", + "syncMode": "INHERIT" + }, + "identityProviderAlias": "instagram", + "identityProviderMapper": "oidc-hardcoded-role-idp-mapper", + "name": "test3212" + }, + { + "config": { + "attribute": "foo", + "attribute.value": "bar", + "syncMode": "IMPORT" + }, + "identityProviderAlias": "instagram", + "identityProviderMapper": "hardcoded-attribute-idp-mapper", + "name": "test-33221" + } + ], + "providerId": "instagram", + "realmRef": { + "kind": "KeycloakRealm", + "name": "keycloakrealm-sample" + } + } + }, + { + "apiVersion": "v1.edp.epam.com/v1", + "kind": "KeycloakRealmRole", + "metadata": { + "name": "keycloakrealmrole-sample" + }, + "spec": { + "composite": true, + "description": "default developer role", + "name": "developer", + "realmRef": { + "kind": "KeycloakRealm", + "name": "keycloakrealm-sample" + } + } + }, + { + "apiVersion": "v1.edp.epam.com/v1", + "kind": "KeycloakRealmRoleBatch", + "metadata": { + "name": "keycloakrealmrolebatch-sample" + }, + "spec": { + "realmRef": { + "kind": "KeycloakRealm", + "name": "keycloakrealm-sample" + }, + "roles": [ + { + "composite": true, + "description": "default developer role", + "isDefault": false, + "name": "developer" + }, + { + "composite": true, + "description": "default administrator role", + "isDefault": false, + "name": "administrator" + } + ] + } + }, + { + "apiVersion": "v1.edp.epam.com/v1", + "kind": "KeycloakRealmUser", + "metadata": { + "name": "keycloakrealmuser-sample" + }, + "spec": { + "attributes": { + "baz": "jazz", + "foo": "bar" + }, + "email": "john.snow13@example.com", + "emailVerified": true, + "enabled": true, + "firstName": "John", + "keepResource": true, + "lastName": "Snow", + "password": "12345678", + "realmRef": { + "kind": "KeycloakRealm", + "name": "keycloakrealm-sample" + }, + "requiredUserActions": [ + "UPDATE_PASSWORD" + ], + "username": "john.snow13" + } + }, + { + "apiVersion": "v1.edp.epam.com/v1alpha1", + "kind": "ClusterKeycloak", + "metadata": { + "labels": { + "app.kubernetes.io/created-by": "edp-keycloak-operator", + "app.kubernetes.io/instance": "clusterkeycloak-sample", + "app.kubernetes.io/managed-by": "kustomize", + "app.kubernetes.io/name": "clusterkeycloak", + "app.kubernetes.io/part-of": "edp-keycloak-operator" + }, + "name": "clusterkeycloak-sample" + }, + "spec": { + "secret": "keycloak-access", + "url": "https://keycloak.example.com" + } + }, + { + "apiVersion": "v1.edp.epam.com/v1alpha1", + "kind": "ClusterKeycloakRealm", + "metadata": { + "labels": { + "app.kubernetes.io/created-by": "edp-keycloak-operator", + "app.kubernetes.io/instance": "clusterkeycloakrealm-sample", + "app.kubernetes.io/managed-by": "kustomize", + "app.kubernetes.io/name": "clusterkeycloakrealm", + "app.kubernetes.io/part-of": "edp-keycloak-operator" + }, + "name": "clusterkeycloakrealm-sample" + }, + "spec": { + "authenticationFlows": { + "browserFlow": "browserFlow-sample" + }, + "clusterKeycloakRef": "clusterkeycloak-sample", + "realmName": "realm-sample" + } + } + ] + capabilities: Deep Insights + categories: Security + containerImage: docker.io/epamedp/keycloak-operator:1.24.0 + createdAt: "2025-02-06T16:52:46Z" + description: An Operator for managing Keycloak + operators.operatorframework.io/builder: operator-sdk-v1.39.1 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v4 + repository: https://github.com/epam/edp-keycloak-operator + support: KubeRocketCI + name: edp-keycloak-operator.v1.24.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: ClusterKeycloakRealm is the Schema for the clusterkeycloakrealms + API. + displayName: Cluster Keycloak Realm + kind: ClusterKeycloakRealm + name: clusterkeycloakrealms.v1.edp.epam.com + version: v1alpha1 + - description: ClusterKeycloak is the Schema for the clusterkeycloaks API. + displayName: Cluster Keycloak + kind: ClusterKeycloak + name: clusterkeycloaks.v1.edp.epam.com + version: v1alpha1 + - description: KeycloakAuthFlow is the Schema for the keycloak authentication + flow API. + displayName: Keycloak Auth Flow + kind: KeycloakAuthFlow + name: keycloakauthflows.v1.edp.epam.com + version: v1 + - description: KeycloakClient is the Schema for the keycloak clients API. + displayName: Keycloak Client + kind: KeycloakClient + name: keycloakclients.v1.edp.epam.com + version: v1 + - description: KeycloakClientScope is the Schema for the keycloakclientscopes + API. + displayName: Keycloak Client Scope + kind: KeycloakClientScope + name: keycloakclientscopes.v1.edp.epam.com + version: v1 + - description: KeycloakRealmComponent is the Schema for the keycloak component + API. + displayName: Keycloak Realm Component + kind: KeycloakRealmComponent + name: keycloakrealmcomponents.v1.edp.epam.com + version: v1 + - description: KeycloakRealmGroup is the Schema for the keycloak group API. + displayName: Keycloak Realm Group + kind: KeycloakRealmGroup + name: keycloakrealmgroups.v1.edp.epam.com + version: v1 + - description: KeycloakRealmIdentityProvider is the Schema for the keycloak realm + identity provider API. + displayName: Keycloak Realm Identity Provider + kind: KeycloakRealmIdentityProvider + name: keycloakrealmidentityproviders.v1.edp.epam.com + version: v1 + - description: KeycloakRealmRoleBatch is the Schema for the keycloak roles API. + displayName: Keycloak Realm Role Batch + kind: KeycloakRealmRoleBatch + name: keycloakrealmrolebatches.v1.edp.epam.com + version: v1 + - description: KeycloakRealmRole is the Schema for the keycloak group API. + displayName: Keycloak Realm Role + kind: KeycloakRealmRole + name: keycloakrealmroles.v1.edp.epam.com + version: v1 + - description: KeycloakRealm is the Schema for the keycloak realms API. + displayName: Keycloak Realm + kind: KeycloakRealm + name: keycloakrealms.v1.edp.epam.com + version: v1 + - description: KeycloakRealmUser is the Schema for the keycloak user API. + displayName: Keycloak Realm User + kind: KeycloakRealmUser + name: keycloakrealmusers.v1.edp.epam.com + version: v1 + - description: Keycloak is the Schema for the keycloaks API. + displayName: Keycloak + kind: Keycloak + name: keycloaks.v1.edp.epam.com + version: v1 + description: | + Keycloak Operator is an operator that is responsible for establishing + a connection to provided Keycloak Server, reconciling Keycloak entities (realms, + roles, groups, users, etc) according to the created CRs. + + ## Quick Start + + 1. Create a User in the Keycloak `Master` realm, and assign a `create-realm` role. + + 2. Insert newly created user credentials into Kubernetes secret: + + ```yaml + apiVersion: v1 + kind: Secret + metadata: + name: keycloak-access + type: Opaque + data: + username: dXNlcg== # base64-encoded value of "user" + password: cGFzcw== # base64-encoded value of "pass" + ``` + + 3. Create Custom Resource `kind: Keycloak` with Keycloak instance URL and secret created on the previous step: + + ```yaml + apiVersion: v1.edp.epam.com/v1 + kind: Keycloak + metadata: + name: keycloak-sample + spec: + secret: keycloak-access # Secret name + url: https://keycloak.example.com # Keycloak URL + ``` + + Wait for the `.status` field with `status.connected: true` + + 4. Create Keycloak realm and group using Custom Resources: + + ```yaml + apiVersion: v1.edp.epam.com/v1 + kind: KeycloakRealm + metadata: + name: keycloakrealm-sample + spec: + realmName: realm-sample + keycloakOwner: keycloak-sample # the name of `kind: Keycloak` + ``` + + ```yaml + apiVersion: v1.edp.epam.com/v1 + kind: KeycloakRealmGroup + metadata: + name: argocd-admins + spec: + name: ArgoCDAdmins + realm: keycloakrealm-sample # the name of `kind: KeycloakRealm` + ``` + displayName: EDP Keycloak Operator + icon: + - base64data: AAABAAMAEBAAAAEAIABoBAAANgAAACAgAAABACAAKBEAAJ4EAAAwMAAAAQAgAGgmAADGFQAAKAAAABAAAAAgAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiYo3X2mJp89ZaNOP+qqgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3lptp95eS/feWh/z4ln3v+ZZxr/uVaVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JqMJveWiP73lHtI+JZyevmXapf5l2CxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD5l33h+pd0e/mXaf36l17g+pdSmwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JZxn/qXa6P6ll7V+pZXZvqVS3b+jTgJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPuWaUT6lmG1+5VTj/qWTHz8l0Bb+5U1k/qUJTf9lSCP/5QVeP6XCRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/kSQH+5U1j/yTLGj8lSLI/5YWZP2WDuD/lgWSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP+VJjX9lSLH/JMWaP6VDuT+lQJy/pcAmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD9lB+L/5YWZv6VDuT8kwJo/pgA7v6fAJj/tgAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/pUWcv2VDuH+lAJ1/pgA7PycAGj+pQDv/asAwP6uABMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP6TCRr9lQWW/pgAm/6eAJ79pADs/KkAaP2yAO/9uADZ/7sAIgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/mQAK/aoAyP2xAOv8twBo/L4A8PzEAOT3zAAjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP6tABn8twDh/L4A6vzEAGj7ygDx/NAAzf//AAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/70AK/zEAOz8ygDp+tIAu/vXAP783ABZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD5yAAv+9AA3PvWAP763QD+++MAqQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7iAAn82wBt+uIAvPjmAJsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAACAAAABAAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPeXp0D3l6Rg7ZWeHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9pilOfaYof72l5z+95eX1/aWkZP4l4pP7pmIDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/f38E9pec8feXl/73l5L+95eN/viXiP74loP6+JZ+xvmXd4L2lG8+/5lmBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3l5ey95eS/vaXjf32lof2+JeD/viXfv74l3n++Zdz/vmXb/75lmny+JZkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiXkG/3l43+95aI/veZgyP3lH1D+ZZ5hvmXdMr4lm78+Zdp/vmXZP77ll+YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+ZaLLPeXiP74l4P+9pd/XvmVd1z4lnFu+JdtKv6bYxL4lmVT+ZZgl/mXW5cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+ZeD5viXfv74lnih/JlyVfmXbv75l2r++pZk5PqWX6H5lldd9ZNOGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3lX2l+Jd5/vqXc+P/mWYU+Zdq/PmXZP76l1/++pda/vqXVf76l1D4/38AAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPeWd2L5l3T/+Zdv/viZbCj6l2TO+pdf/vmWW4b7l1aC+5ZRxvqWS/v+l0IbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9pRzH/iXb/75l2r++pZma/mWXYv6l1r++ZVWkQAAAADffz8I/48/EP6NOAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+ZZp2vmXZf76lmCu+5RYSPqXVf77l1DU/5kzBf+ZPxT6lUGk/Zc6oPGTNRP/kSQO/5cpVvqUJjz2lCAf/38ABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6mGY5+ZZhjfqXW57ni0UL+5ZQ7fqWS/7+mEcZ+5dAov+ZMxT8lTe4+5Ux4fqRKDj7kydA/JUi5v2WHv78lRj8/pYT4vyVDm0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/pNDE/+ZMwr7lTqT+5U3wv+MMxT8lSu6/JUn+fyVIm//lBUY/ZYYvv6WFP7+lg/+/pUJ9f+ZAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP+RNg78ljLb/ZUtv/6TKBP9lSK6/ZYe/v2VF6v/lg8R/ZUPh/2WCf3+lgT+/5UATQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/5kiD/+TKDL9lSj3/JUiv/KMGRT9lRi8/pYU/v6VDtj/lgUs/5YDTv6WAO/+lwCZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD7lStN/5YmSf6VIWr9lh7+/JUYvf+MDBT/lQ69/pYJ/v2VBPT/lwBb/5cAJf6cALj/AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPmRJDH8lSLr/pEbHP2VGKn+lhT+/ZUOvP+MABT9lQS//pYA/v2YAP7/mwCS/5YAEf+fAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/pMaE/2WHv79lhjD/o0OEv6WDtn+lgr+/ZUEuv6TABP/lwDA/psA/v6eAP79oQDC/qYAFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/ZYZ9P6WFP79lA6L/5UFLv6VBfX+lgD+/5cAuf+ZABT9nQDC/qEA/v6lAP79pwDh/6oAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+lRTX/pYP//+WCv3/lANP/5QAYv6YAP7+mwD+/Z4At/+ZABT9pADD/qgA/v2rAP78rgDz/7MATgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP+WDmn9lgr4/pYF/v2WAO//mQAj/5sAnP6eAP7+oQD+/aUAtv+lABT9qgDF/a4A/v2xAP78tQD8/LcAbgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP+RAA78lgBV/5gAof6aALz+mwAS/6EAzP6kAP7+qAD+/akAtP+yABT9sQDF/bQA/v23AP78uwD+/b0AiQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/6oAA/6iAAv+pAAf/acA6v2rAP79rgD+/bIAs/+yABT9uADH/boA/vy+AP78wQD++8MAl///AAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/qgA//a4A+f2xAP79tAD+/LYAsfK2ABX8vQDI/MEA/vzEAP78xwD+/csAiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/sgBk/LQA/v23AP/9ugD+/L0AsP7CABX8xADJ/McA/vzKAP77zQD++9AAUwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD9tgCK/boA//y+AP78wQD+/MUArf7CABX8ywDK+80A/vvQAP761ADo/9oADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP//AAH9vgCn/MEA/vzEAP78xwD+/csArP7OABX60AD1+9QA/vvXAP762gB+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP+qAAb8wwC3/McA/vzKAP77zQD++9AA5fvUAP771wD/+9oA/vrdAOb//wADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP+/AAj8yQCy/M0A/vvQAP770wD++9cA/vvaAP773QD++uAA/vrlADsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP//AAL6zwB8+9MA+PvXAP772gD++90A/vrgAP764wD++uUAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/1gAm+9oApvrdAPr64AD++uMA/vrmAP755wCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/ucAFvniAGH75gCT+OcApffoAEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAAAADAAAABgAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP6pqQn2mKo595efIO6ZmQ//f38CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP6WrRb2mKbT95ij1PSWnqn2lpp6+JWYTfeSkiGqVVUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOeLogv2mKGs9pif/vaXnP72lpj895iW8fiXkuX1l43C9paKePOWhSz/AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///wH3l52A9pec/PeXmf73l5X+95eS/veXj/73l4v++JeI/viXhfz3l4HY95d8kfiVd0v3lHEk8ZNrE/+qVQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD1l5pU95iZ7veXlv73l5L+95eP/veXi/74l4j++JeE/viXgf74l37++Jd6/viWd/z5lnPf+ZZvsvuXbYX7lmlE/39VBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4k5om9peV3feXkv73l47+9paK+veWh+P4l4T++JeB/viXfv74l3r++Jd3/vmXc/75l3D++Zds/viWaf75l2Xn/5dhKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/qqoD+JeSwPeXj/73l4v+95eI/feSeyH6lX019pV9fviWesH6l3fd+JZ07/mXcPz5l23/+Zdp/vmXZv75l2P++5VfUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JePfveXi/74l4j++JeE/veXgWr/kW0H9pB3HtqRbQf4lXYp+ZZyVfmXbYL5l2mx+Zdm3fmXYv36l1/++pZacwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+paMM/eXiP74l4T++JeB/viYfrr/f2YK+ZZ2vviXc9H5lW+F+pRqN/9VAAP/lGoM/pBjF/qVWzX7l1yF+pdYcQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////AfiWheb4l4H++Jd+/viWe+T+kG4X+phynPmXcP75l23++Zdq/vmWZuj4lmKe+ZZdVfiWWyfzllEW/5kzBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiWgZz4l37++Jd6/viXd+/7mHVD+JdwVPmXbf75l2n++Zdm/vqXY/76l1/++pdc/vmXWOn6llW6+5ZRhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiZfUv4l3r++Jd3/vmWdPr4l3Bx/5FbDvmWafn5l2b++Zdi/vqXX/76l1z++pdY/vqXVf76l1L++5ZP+v9/KgYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPWXcRv5lnfr+Zd0//mXcf76l2yd/otcC/mXZ7z5l2P++pdf/vmWXbT7mFmc+5ZV0PqWUuT7lk/1+pZL/v+WRycAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO+PbxD4l3PA+Zdw//mXbf75lmrJ/pdnG/qXYm/6l1/++pdc/vmWWMD/fwAC/49PEPqVTzr8mExo+ZRHlf+XRi8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP9/fwT5l3CR+Jdt/vmXav75l2b0+ZdhL/+WWyf5l1z4+pdY/vqXVeX2lFIfAAAAAP+qAAPwljwR/6oqBv9/PwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD5l2xl+JZp9fmXZv75l2P++pZfa/+ZWRT6llfS+pdV/vuXUvD7l09K/1UAA/6LRQv6lkNm+pZBv/uVPIr4lTcp/38AAv8AAAH+li4W/pQpH/+UHxjwlh4R/o0cCf9/AAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD5lGor+ZZmyfmWY/76l2D++pdcs/6NVAn6llSm+pdS/vuXT/r6lUp35X8zCvqVQXT/mT8U+pU8avyWOu/7lTbN/JcyVv+ZAAX/lyxF/ZUorP2WJcD8lCGt/ZUdmf2UGob+lRZy/5USXv+UDiQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD//wAB8pFhFf+TYC35ll1V+JVZcgAAAAD6llBp+pZO7fqWS/76lUil/5E2DvqWQKr8lj5//osuC/+VNE37lTPy/JUw8v2WK5f+iScN/pEkHP2VIrP9lh/+/ZYc/vyVGP79lhX7/ZYR9v6WDtb/kQwqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP6RPBX4lkEn/38qBvyWO2L7lTr0+pQ2cf6LLgv8lS5t+5Us7vyVKfz9lSWp/5MhJuV/GQr9lRqO/pYY7/6WFv7+lhL+/pYP/v2VC/v8lAh1/wAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP+UNRj8ljfF+5Yz9vyULn3yjCYU/JUqbf2WJfL9liP9/JQfyv6VGFL/jw8Q/JQUYv2VEtr+lg/+/pYL/v6WCP7+lgSm/5EADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD7ljJH+5Uw6PuVLPf8lCl8/5kZCvuSIlL8lh/z/ZYc/vyVGPD/lhR8/5kACv+RDiP9lQm//ZUH/v6WBP7+lQHa/5YAIgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP8AAAH/fyoG/JYrevyVKfr9lSX1+pMgbf+ZGQr8lBtx/ZUY7/6WFf79lRL8/pUOnf6XABv+mAAZ/pUDpP6WAfT+lgD8/5QASAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP+RJA7/lStG64knDf2WJZz8liP9/ZUf9fyVGXn/jBkU/pQUcf2VEfT+lg/+/pYL/v6VB8b/lgNC/okADf+WAHD9mADj/pkAlwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP6NKhL9lCmt/5YkMf6QIRf9lR7C/ZYc/vyVGPb/lBV4/5kACv+WDFX9lQr0/pYH/v2VBP79lQHp/5YAZP9/AAL/mwBA/p0Ax/9VAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP6JJw38lSS1/JQiyv6NHBL/lxhK/JUY5v6WFv79lRH0/pUMaP+ZAAr8lQZ0/5UE8P6WAv7+lgD+/ZgA/v+aAJH/pQAU/58AIP+UABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP+fHwj9liGh/ZYf//2VGqL+mw4S/JQTc/2VEvz+lg/+/ZUL9P6WBnX/jAAU/JQAdf6VAPX+mAD+/poA//2dAPr+ngCs/6AAKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP+qAAP9lhyN/ZYc/vyVGPf8lRVt/58ACP+WDpD+lgv//pYH/v6WBPT+lQB0/5kACv+WAFr9mgD2/pwA/v6eAP79oAD9/aEA4/+jAEYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8lRt5/JUY/P6WFv79lhLg/5QNN/+WABH9lQfD/pYF/P6WAv79lgDz/5kAZP+ZAAr+ngB3/Z4A8v6gAP7+ogD+/qUA/v2mAPL8qABh/58ACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8lBZn/ZUV9f6WEv7+lg/+/ZULxv6RABz/lQNG/pUB5P6WAP7+mAD+/poA8vycAHL/mQAU/58AeP6iAPb+pAD+/qcA/v2pAP79qwDr/64Agv6wAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+lRJS/ZUS7v6WD//+lgv+/ZUI/v+UBLn+iQAN/pYAX/6YAP7+mgD+/pwA/v2eAPT8oABx/5kACvylAF79pwD3/qkA/v2rAP79rQD+/K8A+vywALr+sQAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+kQkc/ZUOwf2VC/r+lgj+/pYF/v2WAvj+lQB0/5kABf6bAI/9nAD6/p4A/v6gAP7/ogDx/KIAYf+ZAAr+qQB7/asA8/2tAP79rwD+/bEA/vyzAP39tgCz/7oAJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JIMKPyUCHj/lgSt/ZYB4P6WAP79lwDh+5kARv6bABL9nQC3/aAA/f6iAP7+pAD+/acA8f+pAG7/pQAU/KwAfP2vAPf9sQD+/bMA/v21AP78twD+/LkAw/++ADsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+iwAL/5QAGP+UAEP+mQCf/ZsA0/6cAB/5nAAx/6MA3v6kAP7+pgD+/qkA/v2rAPP8rQBt5ZkACvyxAGP9tAD3/bUA/v23AP79uQD+/LwA/v2+AOL7vQBGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/58ACP+XACAAAAAA/qQAUv+mAPD+qQD+/asA/v2tAP79sADv/LIAXf7GAAn8tAB//bgA8/25AP78uwD+/L4A/vy/AP77wQDc/8cAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP+oAG39qwDz/a0A/v2vAP79sQD+/LQA7/y2AGr/vwAU/bkAgPy7APn8vgD+/MAA/vzCAP78xAD+/MYA3vvIAEsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP+fAAj9rgCR/K8A+/2xAP79swD+/bUA/vy4APL8uABp5bIACvy+AGf8wAD5/MIA/vzEAP78xgD+/MgA/vzLAOP/ywA7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/qgAY/LEAu/yzAP79tQD+/bcA//25AP79vADt/L0AWf7GAAn9wgCC/MQA9PzGAP78yAD+/MoA/vvMAP78zgC0/tIAFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/7UAJv21AMj9twD+/bkA//y7AP78vQD+/MAA7fzDAGb+wgAV/cYAg/vHAPr8ygD++8wA/vvOAP770AD5+tIAeQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP+zACX8uQDY/bsA//y+AP78wAD+/MIA/vzEAPD8xwBl/sYACfrLAGz7zQD6+84A/vvQAP770gD++tUA9fnXAC0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/vABR/L4A5fy/AP78wgD+/MQA/vzGAP77xwDs/MwAVf7iAAn9zwCV+tAA/fvSAP771QD++9cA/vzZALP/zAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/vwAE/L8AYPzCAO/8xAD+/MYA/vzIAP78ygD+/M0A6/zQAHP70gCl+tMA+/vUAP771wD++9kA/vvbAOz62gA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/38AAvvAAE38xgDx/MgA/vzKAP78zAD++84A/vvQAPn60wD6+9UA/vvXAP/72QD++9sA/vveAPv43gB8/38AAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP+qAAP8ygBq/MoA6vzMAP77zgD/+9AA/vvSAP771AD++9cA/vvZAP772wD++90A/vrfAP764gCw/uIAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/1AAG+ckAW/zOANT70AD++9IA//vVAP771wD++9kA/vvbAP773QD++98A/vrhAP764wDY9+cAIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/wAAAf/MAB770wCp+9UA+vvXAP772QD++9sA/vvdAP773wD++uEA/vrjAP765gD2+ecALAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/1AAG/NYAXvvaAND62wDy+90A/frfAP764QD++uMA/vrlAP765wD++ugAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/YABT53ABg++AAn/nfANX65AD3+uUA/vrnAP766gD6+usAMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/98ACPLaABX45QAo++cATfnnAGL45wBN5+cACwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - v1 + resources: + - configmap + verbs: + - get + - list + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - clusterkeycloakrealms + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - clusterkeycloakrealms/finalizers + verbs: + - update + - apiGroups: + - v1.edp.epam.com + resources: + - clusterkeycloakrealms/status + verbs: + - get + - patch + - update + - apiGroups: + - v1.edp.epam.com + resources: + - clusterkeycloaks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - clusterkeycloaks/finalizers + verbs: + - update + - apiGroups: + - v1.edp.epam.com + resources: + - clusterkeycloaks/status + verbs: + - get + - patch + - update + serviceAccountName: edp-keycloak-operator-controller-manager + deployments: + - label: + control-plane: controller-manager + name: edp-keycloak-operator-controller-manager + spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + strategy: {} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + command: + - /manager + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: OPERATOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: docker.io/epamedp/keycloak-operator:1.24.0 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + securityContext: + runAsNonRoot: true + serviceAccountName: edp-keycloak-operator-controller-manager + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1 + resources: + - configmap + verbs: + - get + - list + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakauthflows + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakauthflows/finalizers + verbs: + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakauthflows/status + verbs: + - get + - patch + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakclients + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakclients/finalizers + verbs: + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakclients/status + verbs: + - get + - patch + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakclientscopes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakclientscopes/finalizers + verbs: + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakclientscopes/status + verbs: + - get + - patch + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmcomponents + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmcomponents/finalizers + verbs: + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmcomponents/status + verbs: + - get + - patch + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmgroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmgroups/finalizers + verbs: + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmgroups/status + verbs: + - get + - patch + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmidentityproviders + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmidentityproviders/finalizers + verbs: + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmidentityproviders/status + verbs: + - get + - patch + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmrolebatches + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmrolebatches/finalizers + verbs: + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmrolebatches/status + verbs: + - get + - patch + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmroles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmroles/finalizers + verbs: + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmroles/status + verbs: + - get + - patch + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealms + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealms/finalizers + verbs: + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealms/status + verbs: + - get + - patch + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmusers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmusers/finalizers + verbs: + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloakrealmusers/status + verbs: + - get + - patch + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloaks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - v1.edp.epam.com + resources: + - keycloaks/finalizers + verbs: + - update + - apiGroups: + - v1.edp.epam.com + resources: + - keycloaks/status + verbs: + - get + - patch + - update + serviceAccountName: edp-keycloak-operator-controller-manager + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - authentication + - authorization + - edp + - idp + - keycloak + - kuberocketci + - oauth + - oidc + - operator + - saml + - sso + links: + - name: Edp Keycloak Operator + url: https://github.com/epam/edp-keycloak-operator + maintainers: + - email: SupportEPMD-EDP@epam.com + name: epmd-edp + maturity: stable + minKubeVersion: 1.20.0 + provider: + name: KubeRocketCI + url: https://docs.kuberocketci.io/ + version: 1.24.0 diff --git a/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_clusterkeycloakrealms.yaml b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_clusterkeycloakrealms.yaml new file mode 100644 index 00000000000..9ccafa38760 --- /dev/null +++ b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_clusterkeycloakrealms.yaml @@ -0,0 +1,543 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: clusterkeycloakrealms.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: ClusterKeycloakRealm + listKind: ClusterKeycloakRealmList + plural: clusterkeycloakrealms + singular: clusterkeycloakrealm + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Keycloak realm is available + jsonPath: .status.available + name: Available + type: boolean + - description: Keycloak realm name + jsonPath: .spec.realmName + name: Realm + type: boolean + - description: ClusterKeycloak instance name + jsonPath: .spec.clusterKeycloakRef + name: Cluster-Keycloak + type: boolean + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterKeycloakRealm is the Schema for the clusterkeycloakrealms + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ClusterKeycloakRealmSpec defines the desired state of ClusterKeycloakRealm. + properties: + authenticationFlows: + description: AuthenticationFlow is the configuration for authentication + flows in the realm. + nullable: true + properties: + browserFlow: + description: BrowserFlow specifies the authentication flow to + use for the realm's browser clients. + example: browser + type: string + type: object + browserSecurityHeaders: + additionalProperties: + type: string + description: BrowserSecurityHeaders is a map of security headers to + apply to HTTP responses from the realm's browser clients. + nullable: true + type: object + clusterKeycloakRef: + description: ClusterKeycloakRef is a name of the ClusterKeycloak instance + that owns the realm. + type: string + displayHtmlName: + description: DisplayHTMLName name to render in the UI. + type: string + displayName: + description: DisplayName is the display name of the realm. + type: string + frontendUrl: + description: |- + FrontendURL Set the frontend URL for the realm. + Use in combination with the default hostname provider to override the base URL for frontend requests for a specific realm. + type: string + localization: + description: Localization is the configuration for localization in + the realm. + nullable: true + properties: + internationalizationEnabled: + description: InternationalizationEnabled indicates whether to + enable internationalization. + nullable: true + type: boolean + type: object + passwordPolicy: + description: PasswordPolicies is a list of password policies to apply + to the realm. + items: + properties: + type: + description: Type of password policy. + type: string + value: + description: Value of password policy. + type: string + required: + - type + - value + type: object + nullable: true + type: array + realmEventConfig: + description: RealmEventConfig is the configuration for events in the + realm. + nullable: true + properties: + adminEventsDetailsEnabled: + description: AdminEventsDetailsEnabled indicates whether to enable + detailed admin events. + type: boolean + adminEventsEnabled: + description: AdminEventsEnabled indicates whether to enable admin + events. + type: boolean + enabledEventTypes: + description: EnabledEventTypes is a list of event types to enable. + items: + type: string + type: array + eventsEnabled: + description: EventsEnabled indicates whether to enable events. + type: boolean + eventsExpiration: + description: EventsExpiration is the number of seconds after which + events expire. + type: integer + eventsListeners: + description: EventsListeners is a list of event listeners to enable. + items: + type: string + type: array + type: object + realmName: + description: RealmName specifies the name of the realm. + type: string + smtp: + description: Smtp is the configuration for email in the realm. + nullable: true + properties: + connection: + description: Connection specifies the email connection configuration. + properties: + authentication: + description: Authentication specifies the email authentication + configuration. + properties: + password: + description: Password specifies login password. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret. + properties: + key: + description: The key of the secret to select from. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + username: + description: Username specifies login username. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret. + properties: + key: + description: The key of the secret to select from. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + value: + description: Directly specifies a value. + type: string + type: object + required: + - password + - username + type: object + enableSSL: + description: EnableSSL specifies if SSL is enabled. + type: boolean + enableStartTLS: + description: EnableStartTLS specifies if StartTLS is enabled. + type: boolean + host: + description: Host specifies the email server host. + type: string + port: + default: 25 + description: Port specifies the email server port. + type: integer + required: + - host + type: object + template: + description: Template specifies the email template configuration. + properties: + envelopeFrom: + description: EnvelopeFrom is an email address used for bounces + . + type: string + from: + description: From specifies the sender email address. + type: string + fromDisplayName: + description: FromDisplayName specifies the sender display + for sender email address. + type: string + replyTo: + description: ReplyTo specifies the reply-to email address. + type: string + replyToDisplayName: + description: ReplyToDisplayName specifies display name for + reply-to email address. + type: string + required: + - from + type: object + required: + - connection + - template + type: object + themes: + description: Themes is a map of themes to apply to the realm. + nullable: true + properties: + accountTheme: + description: AccountTheme specifies the account theme to use for + the realm. + nullable: true + type: string + adminConsoleTheme: + description: AdminConsoleTheme specifies the admin console theme + to use for the realm. + nullable: true + type: string + emailTheme: + description: EmailTheme specifies the email theme to use for the + realm. + nullable: true + type: string + loginTheme: + description: LoginTheme specifies the login theme to use for the + realm. + nullable: true + type: string + type: object + tokenSettings: + description: TokenSettings is the configuration for tokens in the + realm. + nullable: true + properties: + accessCodeLifespan: + default: 60 + description: |- + AccessCodeLifespan specifies max time(in seconds)a client has to finish the access token protocol. + This should normally be 1 minute. + type: integer + accessToken: + default: 900 + description: AccessTokenLifespanForImplicitFlow specifies max + time(in seconds) before an access token is expired for implicit + flow. + type: integer + accessTokenLifespan: + default: 300 + description: |- + AccessTokenLifespan specifies max time(in seconds) before an access token is expired. + This value is recommended to be short relative to the SSO timeout. + type: integer + actionTokenGeneratedByAdminLifespan: + default: 43200 + description: |- + ActionTokenGeneratedByAdminLifespan specifies max time(in seconds) before an action permit sent to a user by administrator is expired. + This value is recommended to be long to allow administrators to send e-mails for users that are currently offline. + The default timeout can be overridden immediately before issuing the token. + type: integer + actionTokenGeneratedByUserLifespan: + default: 300 + description: |- + AccessCodeLifespanUserAction specifies max time(in seconds) before an action permit sent by a user (such as a forgot password e-mail) is expired. + This value is recommended to be short because it's expected that the user would react to self-created action quickly. + type: integer + defaultSignatureAlgorithm: + default: RS256 + description: DefaultSignatureAlgorithm specifies the default algorithm + used to sign tokens for the realm + enum: + - ES256 + - ES384 + - ES512 + - EdDSA + - HS256 + - HS384 + - HS512 + - PS256 + - PS384 + - PS512 + - RS256 + - RS384 + - RS512 + example: RS256 + type: string + refreshTokenMaxReuse: + default: 0 + description: |- + RefreshTokenMaxReuse specifies maximum number of times a refresh token can be reused. + When a different token is used, revocation is immediate. + type: integer + revokeRefreshToken: + default: false + description: |- + RevokeRefreshToken if enabled a refresh token can only be used up to 'refreshTokenMaxReuse' and + is revoked when a different token is used. + Otherwise, refresh tokens are not revoked when used and can be used multiple times. + type: boolean + type: object + userProfileConfig: + description: UserProfileConfig is the configuration for user profiles + in the realm. + nullable: true + properties: + attributes: + description: Attributes specifies the list of user profile attributes. + items: + properties: + annotations: + additionalProperties: + type: string + description: Annotations specifies the annotations for the + attribute. + type: object + displayName: + description: Display name for the attribute. + type: string + group: + description: Group to which the attribute belongs. + type: string + multivalued: + description: |- + Multivalued specifies if this attribute supports multiple values. + This setting is an indicator and does not enable any validation + type: boolean + name: + description: Name of the user attribute, used to uniquely + identify an attribute. + type: string + permissions: + description: Permissions specifies the permissions for the + attribute. + properties: + edit: + description: Edit specifies who can edit the attribute. + items: + type: string + type: array + view: + description: View specifies who can view the attribute. + items: + type: string + type: array + type: object + required: + description: Required indicates that the attribute must + be set by users and administrators. + properties: + roles: + description: Roles specifies the roles for whom the + attribute is required. + items: + type: string + type: array + scopes: + description: Scopes specifies the scopes when the attribute + is required. + items: + type: string + type: array + type: object + selector: + description: Selector specifies the scopes for which the + attribute is available. + properties: + scopes: + description: Scopes specifies the scopes for which the + attribute is available. + items: + type: string + type: array + type: object + validations: + additionalProperties: + additionalProperties: + properties: + intVal: + type: integer + mapVal: + additionalProperties: + type: string + nullable: true + type: object + sliceVal: + items: + type: string + nullable: true + type: array + stringVal: + type: string + type: object + type: object + description: Validations specifies the validations for the + attribute. + type: object + required: + - name + type: object + type: array + groups: + description: Groups specifies the list of user profile groups. + items: + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations specifies the annotations for the group. + nullable + type: object + displayDescription: + description: DisplayDescription specifies a user-friendly + name for the group that should be used when rendering + a group of attributes in user-facing forms. + type: string + displayHeader: + description: DisplayHeader specifies a text that should + be used as a header when rendering user-facing forms. + type: string + name: + description: Name is unique name of the group. + type: string + required: + - name + type: object + type: array + unmanagedAttributePolicy: + description: |- + UnmanagedAttributePolicy are user attributes not explicitly defined in the user profile configuration. + Empty value means that unmanaged attributes are disabled. + Possible values: + ENABLED - unmanaged attributes are allowed. + ADMIN_VIEW - unmanaged attributes are read-only and only available through the administration console and API. + ADMIN_EDIT - unmanaged attributes can be managed only through the administration console and API. + type: string + type: object + required: + - clusterKeycloakRef + - realmName + type: object + status: + description: ClusterKeycloakRealmStatus defines the observed state of + ClusterKeycloakRealm. + properties: + available: + type: boolean + failureCount: + format: int64 + type: integer + value: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_clusterkeycloaks.yaml b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_clusterkeycloaks.yaml new file mode 100644 index 00000000000..fb1f53eb2a8 --- /dev/null +++ b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_clusterkeycloaks.yaml @@ -0,0 +1,133 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: clusterkeycloaks.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: ClusterKeycloak + listKind: ClusterKeycloakList + plural: clusterkeycloaks + singular: clusterkeycloak + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Is connected to keycloak + jsonPath: .status.connected + name: Connected + type: boolean + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterKeycloak is the Schema for the clusterkeycloaks API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ClusterKeycloakSpec defines the desired state of ClusterKeycloak. + properties: + adminType: + default: user + description: |- + AdminType can be user or serviceAccount, if serviceAccount was specified, + then client_credentials grant type should be used for getting admin realm token. + enum: + - serviceAccount + - user + type: string + caCert: + description: |- + CACert defines the root certificate authority + that api clients use when verifying server certificates. + Resources should be in the namespace defined in operator OPERATOR_NAMESPACE env. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret. + properties: + key: + description: The key of the secret to select from. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: |- + InsecureSkipVerify controls whether api client verifies the server's + certificate chain and host name. If InsecureSkipVerify is true, api client + accepts any certificate presented by the server and any host name in that + certificate. + type: boolean + secret: + description: Secret is a secret name which contains admin credentials. + type: string + url: + description: URL of keycloak service. + type: string + required: + - secret + - url + type: object + status: + default: + connected: false + description: ClusterKeycloakStatus defines the observed state of ClusterKeycloak. + properties: + connected: + description: Connected shows if keycloak service is up and running. + type: boolean + required: + - connected + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakauthflows.yaml b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakauthflows.yaml new file mode 100644 index 00000000000..b88f19daa64 --- /dev/null +++ b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakauthflows.yaml @@ -0,0 +1,158 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: keycloakauthflows.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: KeycloakAuthFlow + listKind: KeycloakAuthFlowList + plural: keycloakauthflows + singular: keycloakauthflow + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Reconcilation status + jsonPath: .status.value + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: KeycloakAuthFlow is the Schema for the keycloak authentication + flow API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: KeycloakAuthFlowSpec defines the desired state of KeycloakAuthFlow. + properties: + alias: + description: Alias is display name for authentication flow. + type: string + authenticationExecutions: + description: AuthenticationExecutions is list of authentication executions + for this auth flow. + items: + description: AuthenticationExecution defines keycloak authentication + execution. + properties: + alias: + description: Alias is display name for this execution. + type: string + authenticator: + description: Authenticator is name of authenticator. + type: string + authenticatorConfig: + description: AuthenticatorConfig is configuration for authenticator. + nullable: true + properties: + alias: + description: Alias is display name for authenticator config. + type: string + config: + additionalProperties: + type: string + description: Config is configuration for authenticator. + type: object + type: object + authenticatorFlow: + description: AuthenticatorFlow is true if this is auth flow. + type: boolean + priority: + description: Priority is priority for this execution. Lower + values have higher priority. + type: integer + requirement: + description: 'Requirement is requirement for this execution. + Available options: REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL.' + type: string + type: object + nullable: true + type: array + builtIn: + description: BuiltIn is true if this is built-in auth flow. + type: boolean + childRequirement: + description: 'ChildRequirement is requirement for child execution. + Available options: REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL.' + type: string + childType: + description: 'ChildType is type for auth flow if it has a parent, + available options: basic-flow, form-flow' + type: string + description: + description: Description is description for authentication flow. + type: string + parentName: + description: ParentName is name of parent auth flow. + type: string + providerId: + description: ProviderID for root auth flow and provider for child + auth flows. + type: string + realm: + description: |- + Deprecated: use RealmRef instead. + Realm is name of KeycloakRealm custom resource. + type: string + realmRef: + description: RealmRef is reference to Realm custom resource. + properties: + kind: + description: Kind specifies the kind of the Keycloak resource. + enum: + - KeycloakRealm + - ClusterKeycloakRealm + type: string + name: + description: Name specifies the name of the Keycloak resource. + type: string + type: object + topLevel: + description: TopLevel is true if this is root auth flow. + type: boolean + required: + - alias + - builtIn + - providerId + - topLevel + type: object + status: + description: KeycloakAuthFlowStatus defines the observed state of KeycloakAuthFlow. + properties: + failureCount: + format: int64 + type: integer + value: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakclients.yaml b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakclients.yaml new file mode 100644 index 00000000000..87e59328c47 --- /dev/null +++ b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakclients.yaml @@ -0,0 +1,672 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: keycloakclients.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: KeycloakClient + listKind: KeycloakClientList + plural: keycloakclients + singular: keycloakclient + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Reconcilation status + jsonPath: .status.value + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: KeycloakClient is the Schema for the keycloak clients API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: KeycloakClientSpec defines the desired state of KeycloakClient. + properties: + adminFineGrainedPermissionsEnabled: + description: AdminFineGrainedPermissionsEnabled enable/disable fine-grained + admin permissions for a client. + type: boolean + adminUrl: + description: |- + AdminUrl is client admin url. + If empty - WebUrl will be used. + type: string + advancedProtocolMappers: + description: AdvancedProtocolMappers is a flag to enable advanced + protocol mappers. + type: boolean + attributes: + additionalProperties: + type: string + default: + post.logout.redirect.uris: + + description: Attributes is a map of client attributes. + nullable: true + type: object + authenticationFlowBindingOverrides: + description: AuthenticationFlowBindingOverrides client auth flow overrides + properties: + browser: + type: string + directGrant: + type: string + type: object + authorization: + description: Authorization is a client authorization configuration. + nullable: true + properties: + permissions: + items: + properties: + decisionStrategy: + default: UNANIMOUS + description: DecisionStrategy is a permission decision strategy. + enum: + - UNANIMOUS + - AFFIRMATIVE + - CONSENSUS + type: string + description: + description: Description is a permission description. + type: string + logic: + default: POSITIVE + description: Logic is a permission logic. + enum: + - POSITIVE + - NEGATIVE + type: string + name: + description: Name is a permission name. + type: string + policies: + description: |- + Policies is a list of policies names. + Specifies all the policies that must be applied to the scopes defined by this policy or permission. + example: + - policy1 + - policy2 + items: + type: string + nullable: true + type: array + resources: + description: |- + Resources is a list of resources names. + Specifies that this permission must be applied to all resource instances of a given type. + example: + - resource1 + - resource2 + items: + type: string + nullable: true + type: array + scopes: + description: |- + Scopes is a list of authorization scopes names. + Specifies that this permission must be applied to one or more scopes. + example: + - scope1 + - scope2 + items: + type: string + nullable: true + type: array + type: + description: Type is a permission type. + enum: + - resource + - scope + type: string + required: + - name + - type + type: object + type: array + policies: + items: + description: Policy represents a client authorization policy. + properties: + aggregatedPolicy: + description: AggregatedPolicy is an aggregated policy settings. + properties: + policies: + description: |- + Policies is a list of aggregated policies names. + Specifies all the policies that must be applied to the scopes defined by this policy or permission. + example: + policies: + - policy1 + - policy2 + items: + type: string + type: array + required: + - policies + type: object + clientPolicy: + description: ClientPolicy is a client policy settings. + properties: + clients: + description: Clients is a list of client names. Specifies + which client(s) are allowed by this policy. + example: + - clients1 + - clients2 + items: + type: string + type: array + required: + - clients + type: object + decisionStrategy: + default: UNANIMOUS + description: DecisionStrategy is a policy decision strategy. + enum: + - UNANIMOUS + - AFFIRMATIVE + - CONSENSUS + type: string + description: + description: Description is a policy description. + type: string + groupPolicy: + description: GroupPolicy is a group policy settings. + properties: + groups: + description: Groups is a list of group names. Specifies + which group(s) are allowed by this policy. + example: '{"groups":[{"name":"group1","extendChildren":true},{"name":"group2"}]}' + items: + description: GroupDefinition represents a group in + a GroupPolicyData. + properties: + extendChildren: + description: ExtendChildren is a flag that specifies + whether to extend children. + type: boolean + name: + description: Name is a group name. + example: group1 + type: string + required: + - name + type: object + type: array + groupsClaim: + description: |- + GroupsClaim is a group claim. + If defined, the policy will fetch user's groups from the given claim + within an access token or ID token representing the identity asking permissions. + If not defined, user's groups are obtained from your realm configuration. + type: string + type: object + logic: + default: POSITIVE + description: Logic is a policy logic. + enum: + - POSITIVE + - NEGATIVE + type: string + name: + description: Name is a policy name. + type: string + rolePolicy: + description: RolePolicy is a role policy settings. + properties: + roles: + description: Roles is a list of role. + example: + roles: + - name: role1 + required: true + - name: role2 + items: + description: RoleDefinition represents a role in a + RolePolicyData. + properties: + name: + description: Name is a role name. + example: role1 + type: string + required: + description: Required is a flag that specifies + whether the role is required. + type: boolean + required: + - name + type: object + type: array + required: + - roles + type: object + timePolicy: + description: ScopePolicy is a scope policy settings. + properties: + dayMonth: + description: |- + Day defines the month which the policy MUST be granted. + You can also provide a range by filling the dayMonthEnd field. + In this case, permission is granted only if current month is between or equal to the two values you provided. + example: "1" + type: string + dayMonthEnd: + example: "2" + type: string + hour: + description: |- + Hour defines the hour when the policy MUST be granted. + You can also provide a range by filling the hourEnd. + In this case, permission is granted only if current hour is between or equal to the two values you provided. + example: "1" + type: string + hourEnd: + example: "2" + type: string + minute: + description: |- + Minute defines the minute when the policy MUST be granted. + You can also provide a range by filling the minuteEnd field. + In this case, permission is granted only if current minute is between or equal to the two values you provided. + example: "1" + type: string + minuteEnd: + example: "2" + type: string + month: + description: |- + Month defines the month which the policy MUST be granted. + You can also provide a range by filling the monthEnd. + In this case, permission is granted only if current month is between or equal to the two values you provided. + example: "1" + type: string + monthEnd: + example: "2" + type: string + notBefore: + description: |- + NotBefore defines the time before which the policy MUST NOT be granted. + Only granted if current date/time is after or equal to this value. + example: "2024-03-03 00:00:00" + type: string + notOnOrAfter: + description: |- + NotOnOrAfter defines the time after which the policy MUST NOT be granted. + Only granted if current date/time is before or equal to this value. + example: "2024-04-04 00:00:00" + type: string + required: + - notBefore + - notOnOrAfter + type: object + type: + description: Type is a policy type. + enum: + - aggregate + - client + - group + - role + - time + - user + type: string + userPolicy: + description: UserPolicy is a user policy settings. + properties: + users: + description: Users is a list of usernames. Specifies + which user(s) are allowed by this policy. + example: + - users1 + - users2 + items: + type: string + type: array + required: + - users + type: object + required: + - name + - type + type: object + type: array + resources: + items: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + description: Attributes is a map of resource attributes. + nullable: true + type: object + displayName: + description: DisplayName for Identity Providers. + type: string + iconUri: + description: IconURI pointing to an icon. + type: string + name: + description: Name is unique resource name. + type: string + ownerManagedAccess: + description: OwnerManagedAccess if enabled, the access to + this resource can be managed by the resource owner. + type: boolean + scopes: + description: |- + Scopes requested or assigned in advance to the client to determine whether the policy is applied to this client. + Condition is evaluated during OpenID Connect authorization request and/or token request. + items: + type: string + nullable: true + type: array + type: + description: Type of this resource. It can be used to group + different resource instances with the same type. + type: string + uris: + description: URIs which are protected by resource. + items: + type: string + nullable: true + type: array + required: + - displayName + - name + type: object + type: array + scopes: + items: + type: string + type: array + type: object + authorizationServicesEnabled: + description: AuthorizationServicesEnabled enable/disable fine-grained + authorization support for a client. + type: boolean + bearerOnly: + description: BearerOnly is a flag to enable bearer-only. + type: boolean + clientAuthenticatorType: + default: client-secret + description: ClientAuthenticatorType is a client authenticator type. + type: string + clientId: + description: ClientId is a unique keycloak client ID referenced in + URI and tokens. + type: string + clientRoles: + description: ClientRoles is a list of client roles names assigned + to client. + items: + type: string + nullable: true + type: array + consentRequired: + description: ConsentRequired is a flag to enable consent. + type: boolean + defaultClientScopes: + description: DefaultClientScopes is a list of default client scopes + assigned to client. + items: + type: string + nullable: true + type: array + description: + description: Description is a client description. + type: string + directAccess: + description: DirectAccess is a flag to set client as direct access. + type: boolean + enabled: + default: true + description: Enabled is a flag to enable client. + type: boolean + frontChannelLogout: + description: FrontChannelLogout is a flag to enable front channel + logout. + type: boolean + fullScopeAllowed: + default: true + description: FullScopeAllowed is a flag to enable full scope. + type: boolean + homeUrl: + description: HomeUrl is a client home url. + type: string + implicitFlowEnabled: + description: ImplicitFlowEnabled is a flag to enable support for OpenID + Connect redirect based authentication without authorization code. + type: boolean + name: + description: Name is a client name. + type: string + optionalClientScopes: + description: OptionalClientScopes is a list of optional client scopes + assigned to client. + items: + type: string + nullable: true + type: array + permission: + description: Permission is a client permissions configuration + nullable: true + properties: + scopePermissions: + description: ScopePermissions mapping of scope and the policies + attached + items: + properties: + name: + type: string + policies: + items: + type: string + type: array + required: + - name + type: object + type: array + type: object + protocol: + description: Protocol is a client protocol. + nullable: true + type: string + protocolMappers: + description: ProtocolMappers is a list of protocol mappers assigned + to client. + items: + properties: + config: + additionalProperties: + type: string + description: Config is a map of protocol mapper configuration. + nullable: true + type: object + name: + description: Name is a protocol mapper name. + type: string + protocol: + description: Protocol is a protocol name. + type: string + protocolMapper: + description: ProtocolMapper is a protocol mapper name. + type: string + type: object + nullable: true + type: array + public: + description: Public is a flag to set client as public. + type: boolean + realmRef: + description: RealmRef is reference to Realm custom resource. + properties: + kind: + description: Kind specifies the kind of the Keycloak resource. + enum: + - KeycloakRealm + - ClusterKeycloakRealm + type: string + name: + description: Name specifies the name of the Keycloak resource. + type: string + type: object + realmRoles: + description: RealmRoles is a list of realm roles assigned to client. + items: + properties: + composite: + description: Composite is a realm composite role name. + type: string + name: + description: Name is a realm role name. + type: string + required: + - composite + type: object + nullable: true + type: array + reconciliationStrategy: + description: ReconciliationStrategy is a strategy to reconcile client. + enum: + - full + - addOnly + type: string + redirectUris: + description: |- + RedirectUris is a list of valid URI pattern a browser can redirect to after a successful login. + Simple wildcards are allowed such as 'https://example.com/*'. + Relative path can be specified too, such as /my/relative/path/*. Relative paths are relative to the client root URL. + If not specified, spec.webUrl + "/*" will be used. + example: + - https://example.com/* + - /my/relative/path/* + items: + type: string + nullable: true + type: array + secret: + description: |- + Secret is kubernetes secret name where the client's secret will be stored. + Secret should have the following format: $secretName:secretKey. + If not specified, a client secret will be generated and stored in a secret with the name keycloak-client-{metadata.name}-secret. + If keycloak client is public, secret property will be ignored. + example: $keycloak-secret:client_secret + type: string + serviceAccount: + description: ServiceAccount is a service account configuration. + nullable: true + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a map of service account attributes. + nullable: true + type: object + clientRoles: + description: ClientRoles is a list of client roles assigned to + service account. + items: + properties: + clientId: + description: ClientID is a client ID. + type: string + roles: + description: Roles is a list of client roles names assigned + to service account. + items: + type: string + nullable: true + type: array + required: + - clientId + type: object + nullable: true + type: array + enabled: + description: Enabled is a flag to enable service account. + type: boolean + realmRoles: + description: RealmRoles is a list of realm roles assigned to service + account. + items: + type: string + nullable: true + type: array + type: object + standardFlowEnabled: + default: true + description: StandardFlowEnabled is a flag to enable standard flow. + type: boolean + surrogateAuthRequired: + description: SurrogateAuthRequired is a flag to enable surrogate auth. + type: boolean + targetRealm: + description: |- + Deprecated: use RealmRef instead. + TargetRealm is a realm name where client will be created. + It has higher priority than RealmRef for backward compatibility. + If both TargetRealm and RealmRef are specified, TargetRealm will be used for client creation. + type: string + webOrigins: + description: |- + WebOrigins is a list of allowed CORS origins. + To permit all origins of Valid Redirect URIs, add '+'. This does not include the '*' wildcard though. + To permit all origins, explicitly add '*'. + If not specified, the value from `WebUrl` is used + example: + - https://example.com/* + items: + type: string + nullable: true + type: array + webUrl: + description: WebUrl is a client web url. + type: string + required: + - clientId + type: object + status: + description: KeycloakClientStatus defines the observed state of KeycloakClient. + properties: + clientId: + type: string + failureCount: + format: int64 + type: integer + value: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakclientscopes.yaml b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakclientscopes.yaml new file mode 100644 index 00000000000..f950edb190c --- /dev/null +++ b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakclientscopes.yaml @@ -0,0 +1,133 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: keycloakclientscopes.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: KeycloakClientScope + listKind: KeycloakClientScopeList + plural: keycloakclientscopes + singular: keycloakclientscope + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Reconcilation status + jsonPath: .status.value + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: KeycloakClientScope is the Schema for the keycloakclientscopes + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: KeycloakClientScopeSpec defines the desired state of KeycloakClientScope. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a map of client scope attributes. + nullable: true + type: object + default: + description: Default is a flag to set client scope as default. + type: boolean + description: + description: Description is a description of client scope. + type: string + name: + description: Name of keycloak client scope. + type: string + protocol: + description: Protocol is SSO protocol configuration which is being + supplied by this client scope. + type: string + protocolMappers: + description: ProtocolMappers is a list of protocol mappers assigned + to client scope. + items: + properties: + config: + additionalProperties: + type: string + description: Config is a map of protocol mapper configuration. + nullable: true + type: object + name: + description: Name is a protocol mapper name. + type: string + protocol: + description: Protocol is a protocol name. + type: string + protocolMapper: + description: ProtocolMapper is a protocol mapper name. + type: string + type: object + nullable: true + type: array + realm: + description: |- + Deprecated: use RealmRef instead. + Realm is name of KeycloakRealm custom resource. + type: string + realmRef: + description: RealmRef is reference to Realm custom resource. + properties: + kind: + description: Kind specifies the kind of the Keycloak resource. + enum: + - KeycloakRealm + - ClusterKeycloakRealm + type: string + name: + description: Name specifies the name of the Keycloak resource. + type: string + type: object + required: + - name + - protocol + type: object + status: + description: KeycloakClientScopeStatus defines the observed state of KeycloakClientScope. + properties: + failureCount: + format: int64 + type: integer + id: + type: string + value: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealmcomponents.yaml b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealmcomponents.yaml new file mode 100644 index 00000000000..35b103ff1da --- /dev/null +++ b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealmcomponents.yaml @@ -0,0 +1,135 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: keycloakrealmcomponents.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: KeycloakRealmComponent + listKind: KeycloakRealmComponentList + plural: keycloakrealmcomponents + singular: keycloakrealmcomponent + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Reconcilation status + jsonPath: .status.value + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: KeycloakRealmComponent is the Schema for the keycloak component + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: KeycloakComponentSpec defines the desired state of KeycloakRealmComponent. + properties: + config: + additionalProperties: + items: + type: string + type: array + description: |- + Config is a map of component configuration. + Map key is a name of configuration property, map value is an array value of configuration properties. + Any configuration property can be a reference to k8s secret, in this case the property should be in format $secretName:secretKey. + example: + bindCredential: '["$clientSecret:secretKey"]' + bindDn: '["provider-client"]' + nullable: true + type: object + name: + description: Name of keycloak component. + type: string + parentRef: + description: |- + ParentRef specifies a parent resource. + If not specified, then parent is realm specified in realm field. + nullable: true + properties: + kind: + default: KeycloakRealm + description: Kind is a kind of parent component. By default, it + is KeycloakRealm. + enum: + - KeycloakRealm + - KeycloakRealmComponent + type: string + name: + description: |- + Name is a name of parent component custom resource. + For example, if Kind is KeycloakRealm, then Name is name of KeycloakRealm custom resource. + type: string + required: + - name + type: object + providerId: + description: ProviderID is a provider ID of component. + type: string + providerType: + description: ProviderType is a provider type of component. + type: string + realm: + description: |- + Deprecated: use RealmRef instead. + Realm is name of KeycloakRealm custom resource. + type: string + realmRef: + description: RealmRef is reference to Realm custom resource. + properties: + kind: + description: Kind specifies the kind of the Keycloak resource. + enum: + - KeycloakRealm + - ClusterKeycloakRealm + type: string + name: + description: Name specifies the name of the Keycloak resource. + type: string + type: object + required: + - name + - providerId + - providerType + type: object + status: + description: KeycloakComponentStatus defines the observed state of KeycloakRealmComponent. + properties: + failureCount: + format: int64 + type: integer + value: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealmgroups.yaml b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealmgroups.yaml new file mode 100644 index 00000000000..9fada1d9032 --- /dev/null +++ b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealmgroups.yaml @@ -0,0 +1,141 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: keycloakrealmgroups.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: KeycloakRealmGroup + listKind: KeycloakRealmGroupList + plural: keycloakrealmgroups + singular: keycloakrealmgroup + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Reconcilation status + jsonPath: .status.value + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: KeycloakRealmGroup is the Schema for the keycloak group API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: KeycloakRealmGroupSpec defines the desired state of KeycloakRealmGroup. + properties: + access: + additionalProperties: + type: boolean + description: Access is a map of group access. + nullable: true + type: object + attributes: + additionalProperties: + items: + type: string + type: array + description: Attributes is a map of group attributes. + nullable: true + type: object + clientRoles: + description: ClientRoles is a list of client roles assigned to group. + items: + properties: + clientId: + description: ClientID is a client ID. + type: string + roles: + description: Roles is a list of client roles names assigned + to service account. + items: + type: string + nullable: true + type: array + required: + - clientId + type: object + nullable: true + type: array + name: + description: Name of keycloak group. + type: string + path: + description: Path is a group path. + type: string + realm: + description: |- + Deprecated: use RealmRef instead. + Realm is name of KeycloakRealm custom resource. + type: string + realmRef: + description: RealmRef is reference to Realm custom resource. + properties: + kind: + description: Kind specifies the kind of the Keycloak resource. + enum: + - KeycloakRealm + - ClusterKeycloakRealm + type: string + name: + description: Name specifies the name of the Keycloak resource. + type: string + type: object + realmRoles: + description: RealmRoles is a list of realm roles assigned to group. + items: + type: string + nullable: true + type: array + subGroups: + description: SubGroups is a list of subgroups assigned to group. + items: + type: string + nullable: true + type: array + required: + - name + type: object + status: + description: KeycloakRealmGroupStatus defines the observed state of KeycloakRealmGroup. + properties: + failureCount: + format: int64 + type: integer + id: + description: ID is a group ID. + type: string + value: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealmidentityproviders.yaml b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealmidentityproviders.yaml new file mode 100644 index 00000000000..94d6178006f --- /dev/null +++ b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealmidentityproviders.yaml @@ -0,0 +1,158 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: keycloakrealmidentityproviders.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: KeycloakRealmIdentityProvider + listKind: KeycloakRealmIdentityProviderList + plural: keycloakrealmidentityproviders + singular: keycloakrealmidentityprovider + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Reconcilation status + jsonPath: .status.value + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: KeycloakRealmIdentityProvider is the Schema for the keycloak + realm identity provider API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: KeycloakRealmIdentityProviderSpec defines the desired state + of KeycloakRealmIdentityProvider. + properties: + addReadTokenRoleOnCreate: + description: AddReadTokenRoleOnCreate is a flag to add read token + role on create. + type: boolean + alias: + description: Alias is a alias of identity provider. + type: string + authenticateByDefault: + description: AuthenticateByDefault is a flag to authenticate by default. + type: boolean + config: + additionalProperties: + type: string + description: |- + Config is a map of identity provider configuration. + Map key is a name of configuration property, map value is a value of configuration property. + Any value can be a reference to k8s secret, in this case value should be in format $secretName:secretKey. + example: + clientId: provider-client + clientSecret: $clientSecret:secretKey + type: object + displayName: + description: DisplayName is a display name of identity provider. + type: string + enabled: + description: Enabled is a flag to enable/disable identity provider. + type: boolean + firstBrokerLoginFlowAlias: + description: FirstBrokerLoginFlowAlias is a first broker login flow + alias. + type: string + linkOnly: + description: LinkOnly is a flag to link only. + type: boolean + mappers: + description: Mappers is a list of identity provider mappers. + items: + properties: + config: + additionalProperties: + type: string + description: Config is a map of identity provider mapper configuration. + nullable: true + type: object + identityProviderAlias: + description: IdentityProviderAlias is a identity provider alias. + type: string + identityProviderMapper: + description: IdentityProviderMapper is a identity provider mapper. + type: string + name: + description: Name is a name of identity provider mapper. + type: string + type: object + nullable: true + type: array + providerId: + description: ProviderID is a provider ID of identity provider. + type: string + realm: + description: |- + Deprecated: use RealmRef instead. + Realm is name of KeycloakRealm custom resource. + type: string + realmRef: + description: RealmRef is reference to Realm custom resource. + properties: + kind: + description: Kind specifies the kind of the Keycloak resource. + enum: + - KeycloakRealm + - ClusterKeycloakRealm + type: string + name: + description: Name specifies the name of the Keycloak resource. + type: string + type: object + storeToken: + description: StoreToken is a flag to store token. + type: boolean + trustEmail: + description: TrustEmail is a flag to trust email. + type: boolean + required: + - alias + - config + - enabled + - providerId + type: object + status: + description: KeycloakRealmIdentityProviderStatus defines the observed + state of KeycloakRealmIdentityProvider. + properties: + failureCount: + format: int64 + type: integer + value: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealmrolebatches.yaml b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealmrolebatches.yaml new file mode 100644 index 00000000000..909402b501b --- /dev/null +++ b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealmrolebatches.yaml @@ -0,0 +1,129 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: keycloakrealmrolebatches.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: KeycloakRealmRoleBatch + listKind: KeycloakRealmRoleBatchList + plural: keycloakrealmrolebatches + singular: keycloakrealmrolebatch + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Reconcilation status + jsonPath: .status.value + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: KeycloakRealmRoleBatch is the Schema for the keycloak roles API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: KeycloakRealmRoleBatchSpec defines the desired state of KeycloakRealmRoleBatch. + properties: + realm: + description: |- + Deprecated: use RealmRef instead. + Realm is name of KeycloakRealm custom resource. + type: string + realmRef: + description: RealmRef is reference to Realm custom resource. + properties: + kind: + description: Kind specifies the kind of the Keycloak resource. + enum: + - KeycloakRealm + - ClusterKeycloakRealm + type: string + name: + description: Name specifies the name of the Keycloak resource. + type: string + type: object + roles: + description: Roles is a list of roles to be created. + items: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + description: Attributes is a map of role attributes. + nullable: true + type: object + composite: + description: Composite is a flag if role is composite. + type: boolean + composites: + description: Composites is a list of composites roles assigned + to role. + items: + properties: + name: + description: Name is a name of composite role. + type: string + required: + - name + type: object + nullable: true + type: array + description: + description: Description is a role description. + type: string + isDefault: + description: IsDefault is a flag if role is default. + type: boolean + name: + description: Name of keycloak role. + type: string + required: + - name + type: object + type: array + required: + - roles + type: object + status: + description: KeycloakRealmRoleBatchStatus defines the observed state of + KeycloakRealmRoleBatch. + properties: + failureCount: + format: int64 + type: integer + value: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealmroles.yaml b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealmroles.yaml new file mode 100644 index 00000000000..2005af0dbfe --- /dev/null +++ b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealmroles.yaml @@ -0,0 +1,144 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: keycloakrealmroles.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: KeycloakRealmRole + listKind: KeycloakRealmRoleList + plural: keycloakrealmroles + singular: keycloakrealmrole + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Reconcilation status + jsonPath: .status.value + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: KeycloakRealmRole is the Schema for the keycloak group API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: KeycloakRealmRoleSpec defines the desired state of KeycloakRealmRole. + properties: + attributes: + additionalProperties: + items: + type: string + type: array + description: Attributes is a map of role attributes. + nullable: true + type: object + composite: + description: Composite is a flag if role is composite. + type: boolean + composites: + description: Composites is a list of composites roles assigned to + role. + items: + properties: + name: + description: Name is a name of composite role. + type: string + required: + - name + type: object + nullable: true + type: array + compositesClientRoles: + additionalProperties: + items: + properties: + name: + description: Name is a name of composite role. + type: string + required: + - name + type: object + type: array + description: CompositesClientRoles is a map of composites client roles + assigned to role. + example: + client1: + - name: role1 + - name: role2 + client2: + name: role3 + nullable: true + type: object + description: + description: Description is a role description. + type: string + isDefault: + description: IsDefault is a flag if role is default. + type: boolean + name: + description: Name of keycloak role. + type: string + realm: + description: |- + Deprecated: use RealmRef instead. + Realm is name of KeycloakRealm custom resource. + type: string + realmRef: + description: RealmRef is reference to Realm custom resource. + properties: + kind: + description: Kind specifies the kind of the Keycloak resource. + enum: + - KeycloakRealm + - ClusterKeycloakRealm + type: string + name: + description: Name specifies the name of the Keycloak resource. + type: string + type: object + required: + - name + type: object + status: + description: KeycloakRealmRoleStatus defines the observed state of KeycloakRealmRole. + properties: + failureCount: + format: int64 + type: integer + id: + description: ID is a role ID. + type: string + value: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealms.yaml b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealms.yaml new file mode 100644 index 00000000000..39b7672fd8b --- /dev/null +++ b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealms.yaml @@ -0,0 +1,571 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: keycloakrealms.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: KeycloakRealm + listKind: KeycloakRealmList + plural: keycloakrealms + singular: keycloakrealm + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Is the resource available + jsonPath: .status.available + name: Available + type: boolean + - description: Reconcilation status + jsonPath: .status.value + name: Status + type: string + - description: Keycloak realm name + jsonPath: .spec.realmName + name: Realm + type: boolean + - description: Keycloak instance name + jsonPath: .spec.keycloakRef + name: Keycloak + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: KeycloakRealm is the Schema for the keycloak realms API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: KeycloakRealmSpec defines the desired state of KeycloakRealm. + properties: + browserFlow: + description: BrowserFlow specifies the authentication flow to use + for the realm's browser clients. + nullable: true + type: string + browserSecurityHeaders: + additionalProperties: + type: string + description: BrowserSecurityHeaders is a map of security headers to + apply to HTTP responses from the realm's browser clients. + nullable: true + type: object + displayHtmlName: + description: DisplayHTMLName name to render in the UI + type: string + displayName: + description: DisplayName is the display name of the realm. + type: string + frontendUrl: + description: FrontendURL Set the frontend URL for the realm. Use in + combination with the default hostname provider to override the base + URL for frontend requests for a specific realm. + type: string + id: + description: ID is the ID of the realm. + nullable: true + type: string + keycloakOwner: + description: |- + Deprecated: use KeycloakRef instead. + KeycloakOwner specifies the name of the Keycloak instance that owns the realm. + nullable: true + type: string + keycloakRef: + description: KeycloakRef is reference to Keycloak custom resource. + properties: + kind: + description: Kind specifies the kind of the Keycloak resource. + enum: + - Keycloak + - ClusterKeycloak + type: string + name: + description: Name specifies the name of the Keycloak resource. + type: string + type: object + passwordPolicy: + description: PasswordPolicies is a list of password policies to apply + to the realm. + items: + properties: + type: + description: Type of password policy. + type: string + value: + description: Value of password policy. + type: string + required: + - type + - value + type: object + nullable: true + type: array + realmEventConfig: + description: RealmEventConfig is the configuration for events in the + realm. + nullable: true + properties: + adminEventsDetailsEnabled: + description: AdminEventsDetailsEnabled indicates whether to enable + detailed admin events. + type: boolean + adminEventsEnabled: + description: AdminEventsEnabled indicates whether to enable admin + events. + type: boolean + enabledEventTypes: + description: EnabledEventTypes is a list of event types to enable. + items: + type: string + type: array + eventsEnabled: + description: EventsEnabled indicates whether to enable events. + type: boolean + eventsExpiration: + description: EventsExpiration is the number of seconds after which + events expire. + type: integer + eventsListeners: + description: EventsListeners is a list of event listeners to enable. + items: + type: string + type: array + type: object + realmName: + description: RealmName specifies the name of the realm. + type: string + smtp: + description: Smtp is the configuration for email in the realm. + nullable: true + properties: + connection: + description: Connection specifies the email connection configuration. + properties: + authentication: + description: Authentication specifies the email authentication + configuration. + properties: + password: + description: Password specifies login password. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret. + properties: + key: + description: The key of the secret to select from. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + username: + description: Username specifies login username. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret. + properties: + key: + description: The key of the secret to select from. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + value: + description: Directly specifies a value. + type: string + type: object + required: + - password + - username + type: object + enableSSL: + description: EnableSSL specifies if SSL is enabled. + type: boolean + enableStartTLS: + description: EnableStartTLS specifies if StartTLS is enabled. + type: boolean + host: + description: Host specifies the email server host. + type: string + port: + default: 25 + description: Port specifies the email server port. + type: integer + required: + - host + type: object + template: + description: Template specifies the email template configuration. + properties: + envelopeFrom: + description: EnvelopeFrom is an email address used for bounces + . + type: string + from: + description: From specifies the sender email address. + type: string + fromDisplayName: + description: FromDisplayName specifies the sender display + for sender email address. + type: string + replyTo: + description: ReplyTo specifies the reply-to email address. + type: string + replyToDisplayName: + description: ReplyToDisplayName specifies display name for + reply-to email address. + type: string + required: + - from + type: object + required: + - connection + - template + type: object + themes: + description: Themes is a map of themes to apply to the realm. + nullable: true + properties: + accountTheme: + description: AccountTheme specifies the account theme to use for + the realm. + nullable: true + type: string + adminConsoleTheme: + description: AdminConsoleTheme specifies the admin console theme + to use for the realm. + nullable: true + type: string + emailTheme: + description: EmailTheme specifies the email theme to use for the + realm. + nullable: true + type: string + internationalizationEnabled: + description: InternationalizationEnabled indicates whether to + enable internationalization. + nullable: true + type: boolean + loginTheme: + description: LoginTheme specifies the login theme to use for the + realm. + nullable: true + type: string + type: object + tokenSettings: + description: TokenSettings is the configuration for tokens in the + realm. + nullable: true + properties: + accessCodeLifespan: + default: 60 + description: |- + AccessCodeLifespan specifies max time(in seconds)a client has to finish the access token protocol. + This should normally be 1 minute. + type: integer + accessToken: + default: 900 + description: AccessTokenLifespanForImplicitFlow specifies max + time(in seconds) before an access token is expired for implicit + flow. + type: integer + accessTokenLifespan: + default: 300 + description: |- + AccessTokenLifespan specifies max time(in seconds) before an access token is expired. + This value is recommended to be short relative to the SSO timeout. + type: integer + actionTokenGeneratedByAdminLifespan: + default: 43200 + description: |- + ActionTokenGeneratedByAdminLifespan specifies max time(in seconds) before an action permit sent to a user by administrator is expired. + This value is recommended to be long to allow administrators to send e-mails for users that are currently offline. + The default timeout can be overridden immediately before issuing the token. + type: integer + actionTokenGeneratedByUserLifespan: + default: 300 + description: |- + AccessCodeLifespanUserAction specifies max time(in seconds) before an action permit sent by a user (such as a forgot password e-mail) is expired. + This value is recommended to be short because it's expected that the user would react to self-created action quickly. + type: integer + defaultSignatureAlgorithm: + default: RS256 + description: DefaultSignatureAlgorithm specifies the default algorithm + used to sign tokens for the realm + enum: + - ES256 + - ES384 + - ES512 + - EdDSA + - HS256 + - HS384 + - HS512 + - PS256 + - PS384 + - PS512 + - RS256 + - RS384 + - RS512 + example: RS256 + type: string + refreshTokenMaxReuse: + default: 0 + description: |- + RefreshTokenMaxReuse specifies maximum number of times a refresh token can be reused. + When a different token is used, revocation is immediate. + type: integer + revokeRefreshToken: + default: false + description: |- + RevokeRefreshToken if enabled a refresh token can only be used up to 'refreshTokenMaxReuse' and + is revoked when a different token is used. + Otherwise, refresh tokens are not revoked when used and can be used multiple times. + type: boolean + type: object + userProfileConfig: + description: |- + UserProfileConfig is the configuration for user profiles in the realm. + Attributes and groups will be added to the current realm configuration. + Deletion of attributes and groups is not supported. + nullable: true + properties: + attributes: + description: Attributes specifies the list of user profile attributes. + items: + properties: + annotations: + additionalProperties: + type: string + description: Annotations specifies the annotations for the + attribute. + type: object + displayName: + description: Display name for the attribute. + type: string + group: + description: Group to which the attribute belongs. + type: string + multivalued: + description: |- + Multivalued specifies if this attribute supports multiple values. + This setting is an indicator and does not enable any validation + type: boolean + name: + description: Name of the user attribute, used to uniquely + identify an attribute. + type: string + permissions: + description: Permissions specifies the permissions for the + attribute. + properties: + edit: + description: Edit specifies who can edit the attribute. + items: + type: string + type: array + view: + description: View specifies who can view the attribute. + items: + type: string + type: array + type: object + required: + description: Required indicates that the attribute must + be set by users and administrators. + properties: + roles: + description: Roles specifies the roles for whom the + attribute is required. + items: + type: string + type: array + scopes: + description: Scopes specifies the scopes when the attribute + is required. + items: + type: string + type: array + type: object + selector: + description: Selector specifies the scopes for which the + attribute is available. + properties: + scopes: + description: Scopes specifies the scopes for which the + attribute is available. + items: + type: string + type: array + type: object + validations: + additionalProperties: + additionalProperties: + properties: + intVal: + type: integer + mapVal: + additionalProperties: + type: string + nullable: true + type: object + sliceVal: + items: + type: string + nullable: true + type: array + stringVal: + type: string + type: object + type: object + description: Validations specifies the validations for the + attribute. + type: object + required: + - name + type: object + type: array + groups: + description: Groups specifies the list of user profile groups. + items: + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations specifies the annotations for the group. + nullable + type: object + displayDescription: + description: DisplayDescription specifies a user-friendly + name for the group that should be used when rendering + a group of attributes in user-facing forms. + type: string + displayHeader: + description: DisplayHeader specifies a text that should + be used as a header when rendering user-facing forms. + type: string + name: + description: Name is unique name of the group. + type: string + required: + - name + type: object + type: array + unmanagedAttributePolicy: + description: |- + UnmanagedAttributePolicy are user attributes not explicitly defined in the user profile configuration. + Empty value means that unmanaged attributes are disabled. + Possible values: + ENABLED - unmanaged attributes are allowed. + ADMIN_VIEW - unmanaged attributes are read-only and only available through the administration console and API. + ADMIN_EDIT - unmanaged attributes can be managed only through the administration console and API. + type: string + type: object + users: + description: Users is a list of users to create in the realm. + items: + properties: + realmRoles: + description: RealmRoles is a list of roles attached to keycloak + user. + items: + type: string + type: array + username: + description: Username of keycloak user. + type: string + required: + - username + type: object + nullable: true + type: array + required: + - realmName + type: object + status: + description: KeycloakRealmStatus defines the observed state of KeycloakRealm. + properties: + available: + type: boolean + failureCount: + format: int64 + type: integer + value: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealmusers.yaml b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealmusers.yaml new file mode 100644 index 00000000000..56887121835 --- /dev/null +++ b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloakrealmusers.yaml @@ -0,0 +1,163 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: keycloakrealmusers.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: KeycloakRealmUser + listKind: KeycloakRealmUserList + plural: keycloakrealmusers + singular: keycloakrealmuser + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Reconcilation status + jsonPath: .status.value + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: KeycloakRealmUser is the Schema for the keycloak user API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: KeycloakRealmUserSpec defines the desired state of KeycloakRealmUser. + properties: + attributes: + additionalProperties: + type: string + description: Attributes is a map of user attributes. + nullable: true + type: object + email: + description: Email is a user email. + type: string + emailVerified: + description: EmailVerified is a user email verified flag. + type: boolean + enabled: + description: Enabled is a user enabled flag. + type: boolean + firstName: + description: FirstName is a user first name. + type: string + groups: + description: Groups is a list of groups assigned to user. + items: + type: string + nullable: true + type: array + keepResource: + default: true + description: |- + KeepResource, when set to false, results in the deletion of the KeycloakRealmUser Custom Resource (CR) + from the cluster after the corresponding user is created in Keycloak. The user will continue to exist in Keycloak. + When set to true, the CR will not be deleted after processing. + type: boolean + lastName: + description: LastName is a user last name. + type: string + password: + description: Password is a user password. Allows to keep user password + within Custom Resource. For security concerns, it is recommended + to use PasswordSecret instead. + type: string + passwordSecret: + description: PasswordSecret defines Kubernetes secret Name and Key, + which holds User secret. + nullable: true + properties: + key: + description: Key is the key in the secret. + type: string + name: + description: Name is the name of the secret. + type: string + required: + - key + - name + type: object + realm: + description: |- + Deprecated: use RealmRef instead. + Realm is name of KeycloakRealm custom resource. + type: string + realmRef: + description: RealmRef is reference to Realm custom resource. + properties: + kind: + description: Kind specifies the kind of the Keycloak resource. + enum: + - KeycloakRealm + - ClusterKeycloakRealm + type: string + name: + description: Name specifies the name of the Keycloak resource. + type: string + type: object + reconciliationStrategy: + description: |- + ReconciliationStrategy is a strategy for reconciliation. Possible values: full, create-only. + Default value: full. If set to create-only, user will be created only if it does not exist. If user exists, it will not be updated. + If set to full, user will be created if it does not exist, or updated if it exists. + type: string + requiredUserActions: + description: 'RequiredUserActions is required action when user log + in, example: CONFIGURE_TOTP, UPDATE_PASSWORD, UPDATE_PROFILE, VERIFY_EMAIL.' + items: + type: string + nullable: true + type: array + roles: + description: Roles is a list of roles assigned to user. + items: + type: string + nullable: true + type: array + username: + description: Username is a username in keycloak. + type: string + required: + - username + type: object + status: + description: KeycloakRealmUserStatus defines the observed state of KeycloakRealmUser. + properties: + failureCount: + format: int64 + type: integer + value: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloaks.yaml b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloaks.yaml new file mode 100644 index 00000000000..2f946e78be4 --- /dev/null +++ b/operators/edp-keycloak-operator/1.24.0/manifests/v1.edp.epam.com_keycloaks.yaml @@ -0,0 +1,131 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: keycloaks.v1.edp.epam.com +spec: + group: v1.edp.epam.com + names: + kind: Keycloak + listKind: KeycloakList + plural: keycloaks + singular: keycloak + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Is connected to keycloak + jsonPath: .status.connected + name: Connected + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: Keycloak is the Schema for the keycloaks API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: KeycloakSpec defines the desired state of Keycloak. + properties: + adminType: + description: AdminType can be user or serviceAccount, if serviceAccount + was specified, then client_credentials grant type should be used + for getting admin realm token. + enum: + - serviceAccount + - user + type: string + caCert: + description: |- + CACert defines the root certificate authority + that api client use when verifying server certificates. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret. + properties: + key: + description: The key of the secret to select from. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: |- + InsecureSkipVerify controls whether api client verifies the server's + certificate chain and host name. If InsecureSkipVerify is true, api client + accepts any certificate presented by the server and any host name in that + certificate. + type: boolean + secret: + description: Secret is a secret name which contains admin credentials. + type: string + url: + description: URL of keycloak service. + type: string + required: + - secret + - url + type: object + status: + default: + connected: false + description: KeycloakStatus defines the observed state of Keycloak. + properties: + connected: + description: Connected shows if keycloak service is up and running. + type: boolean + required: + - connected + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/edp-keycloak-operator/1.24.0/metadata/annotations.yaml b/operators/edp-keycloak-operator/1.24.0/metadata/annotations.yaml new file mode 100644 index 00000000000..e481d2f5149 --- /dev/null +++ b/operators/edp-keycloak-operator/1.24.0/metadata/annotations.yaml @@ -0,0 +1,18 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: edp-keycloak-operator + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.metrics.builder: operator-sdk-v1.39.1 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v4 + + # Annotations for OpenShift. + com.redhat.openshift.versions: "v4.7-v4.17" + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/operators/edp-keycloak-operator/1.24.0/tests/scorecard/config.yaml b/operators/edp-keycloak-operator/1.24.0/tests/scorecard/config.yaml new file mode 100644 index 00000000000..6643020929c --- /dev/null +++ b/operators/edp-keycloak-operator/1.24.0/tests/scorecard/config.yaml @@ -0,0 +1,70 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.22.2 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.22.2 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.22.2 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.22.2 + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.22.2 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.22.2 + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {}