diff --git a/crossplane_provider_keycloak/cluster/authenticationflow/v1alpha1/authenticationflow_keycloak_crossplane_io_v1alpha1_execution.k b/crossplane_provider_keycloak/cluster/authenticationflow/v1alpha1/authenticationflow_keycloak_crossplane_io_v1alpha1_execution.k index c2d0351e..2d43206c 100644 --- a/crossplane_provider_keycloak/cluster/authenticationflow/v1alpha1/authenticationflow_keycloak_crossplane_io_v1alpha1_execution.k +++ b/crossplane_provider_keycloak/cluster/authenticationflow/v1alpha1/authenticationflow_keycloak_crossplane_io_v1alpha1_execution.k @@ -98,6 +98,12 @@ schema AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecForProvider: parent flow alias ref parentFlowAliasSelector : AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecForProviderParentFlowAliasSelector, default is Undefined, optional parent flow alias selector + parentSubflowAlias : str, default is Undefined, optional + parent subflow alias + parentSubflowAliasRef : AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecForProviderParentSubflowAliasRef, default is Undefined, optional + parent subflow alias ref + parentSubflowAliasSelector : AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecForProviderParentSubflowAliasSelector, default is Undefined, optional + parent subflow alias selector priority : float, default is Undefined, optional The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). realmId : str, default is Undefined, optional @@ -119,6 +125,12 @@ schema AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecForProvider: parentFlowAliasSelector?: AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecForProviderParentFlowAliasSelector + parentSubflowAlias?: str + + parentSubflowAliasRef?: AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecForProviderParentSubflowAliasRef + + parentSubflowAliasSelector?: AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecForProviderParentSubflowAliasSelector + priority?: float realmId?: str @@ -219,6 +231,95 @@ schema AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecForProviderPar resolve?: "Always" | "IfNotPresent" +schema AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecForProviderParentSubflowAliasRef: + r""" + Reference to a Subflow in authenticationflow to populate parentSubflowAlias. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + policy : AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecForProviderParentSubflowAliasRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + policy?: AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecForProviderParentSubflowAliasRefPolicy + + +schema AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecForProviderParentSubflowAliasRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecForProviderParentSubflowAliasSelector: + r""" + Selector for a Subflow in authenticationflow to populate parentSubflowAlias. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + policy : AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecForProviderParentSubflowAliasSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + policy?: AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecForProviderParentSubflowAliasSelectorPolicy + + +schema AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecForProviderParentSubflowAliasSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + schema AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecForProviderRealmIDRef: r""" Reference to a Realm in realm to populate realmId. @@ -331,6 +432,12 @@ schema AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecInitProvider: parent flow alias ref parentFlowAliasSelector : AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecInitProviderParentFlowAliasSelector, default is Undefined, optional parent flow alias selector + parentSubflowAlias : str, default is Undefined, optional + parent subflow alias + parentSubflowAliasRef : AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecInitProviderParentSubflowAliasRef, default is Undefined, optional + parent subflow alias ref + parentSubflowAliasSelector : AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecInitProviderParentSubflowAliasSelector, default is Undefined, optional + parent subflow alias selector priority : float, default is Undefined, optional The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). realmId : str, default is Undefined, optional @@ -352,6 +459,12 @@ schema AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecInitProvider: parentFlowAliasSelector?: AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecInitProviderParentFlowAliasSelector + parentSubflowAlias?: str + + parentSubflowAliasRef?: AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecInitProviderParentSubflowAliasRef + + parentSubflowAliasSelector?: AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecInitProviderParentSubflowAliasSelector + priority?: float realmId?: str @@ -452,6 +565,95 @@ schema AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecInitProviderPa resolve?: "Always" | "IfNotPresent" +schema AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecInitProviderParentSubflowAliasRef: + r""" + Reference to a Subflow in authenticationflow to populate parentSubflowAlias. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + policy : AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecInitProviderParentSubflowAliasRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + policy?: AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecInitProviderParentSubflowAliasRefPolicy + + +schema AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecInitProviderParentSubflowAliasRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecInitProviderParentSubflowAliasSelector: + r""" + Selector for a Subflow in authenticationflow to populate parentSubflowAlias. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + policy : AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecInitProviderParentSubflowAliasSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + policy?: AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecInitProviderParentSubflowAliasSelectorPolicy + + +schema AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecInitProviderParentSubflowAliasSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + schema AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionSpecInitProviderRealmIDRef: r""" Reference to a Realm in realm to populate realmId. @@ -642,6 +844,8 @@ schema AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionStatusAtProvider: id parentFlowAlias : str, default is Undefined, optional The alias of the flow this execution is attached to. + parentSubflowAlias : str, default is Undefined, optional + parent subflow alias priority : float, default is Undefined, optional The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). realmId : str, default is Undefined, optional @@ -657,6 +861,8 @@ schema AuthenticationflowKeycloakCrossplaneIoV1alpha1ExecutionStatusAtProvider: parentFlowAlias?: str + parentSubflowAlias?: str + priority?: float realmId?: str diff --git a/crossplane_provider_keycloak/cluster/client/v1alpha1/client_keycloak_crossplane_io_v1alpha1_protocol_mapper.k b/crossplane_provider_keycloak/cluster/client/v1alpha1/client_keycloak_crossplane_io_v1alpha1_protocol_mapper.k index 7c0a7bbc..87151f2d 100644 --- a/crossplane_provider_keycloak/cluster/client/v1alpha1/client_keycloak_crossplane_io_v1alpha1_protocol_mapper.k +++ b/crossplane_provider_keycloak/cluster/client/v1alpha1/client_keycloak_crossplane_io_v1alpha1_protocol_mapper.k @@ -122,6 +122,20 @@ schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProvider: realm Id ref realmIdSelector : ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderRealmIDSelector, default is Undefined, optional realm Id selector + samlClientId : str, default is Undefined, optional + The ID of the client this protocol mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. + The mapper's associated client. Cannot be used at the same time as client_scope_id. + samlClientIdRef : ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientIDRef, default is Undefined, optional + saml client Id ref + samlClientIdSelector : ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientIDSelector, default is Undefined, optional + saml client Id selector + samlClientScopeId : str, default is Undefined, optional + The ID of the client scope this protocol mapper should be added to. Conflicts with client_id. This argument is required if client_id is not set. + The mapper's associated client scope. Cannot be used at the same time as client_id. + samlClientScopeIdRef : ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientScopeIDRef, default is Undefined, optional + saml client scope Id ref + samlClientScopeIdSelector : ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientScopeIDSelector, default is Undefined, optional + saml client scope Id selector """ @@ -151,6 +165,18 @@ schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProvider: realmIdSelector?: ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderRealmIDSelector + samlClientId?: str + + samlClientIdRef?: ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientIDRef + + samlClientIdSelector?: ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientIDSelector + + samlClientScopeId?: str + + samlClientScopeIdRef?: ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientScopeIDRef + + samlClientScopeIdSelector?: ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientScopeIDSelector + schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderClientIDRef: r""" @@ -419,6 +445,184 @@ schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderRealmIDSel resolve?: "Always" | "IfNotPresent" +schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientIDRef: + r""" + Reference to a Client in samlclient to populate samlClientId. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + policy : ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientIDRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + policy?: ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientIDRefPolicy + + +schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientIDRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientIDSelector: + r""" + Selector for a Client in samlclient to populate samlClientId. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + policy : ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientIDSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + policy?: ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientIDSelectorPolicy + + +schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientIDSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientScopeIDRef: + r""" + Reference to a ClientScope in samlclient to populate samlClientScopeId. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + policy : ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientScopeIDRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + policy?: ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientScopeIDRefPolicy + + +schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientScopeIDRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientScopeIDSelector: + r""" + Selector for a ClientScope in samlclient to populate samlClientScopeId. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + policy : ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientScopeIDSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + policy?: ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientScopeIDSelectorPolicy + + +schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientScopeIDSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProvider: r""" THIS IS A BETA FIELD. It will be honored @@ -466,6 +670,20 @@ schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProvider: realm Id ref realmIdSelector : ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderRealmIDSelector, default is Undefined, optional realm Id selector + samlClientId : str, default is Undefined, optional + The ID of the client this protocol mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. + The mapper's associated client. Cannot be used at the same time as client_scope_id. + samlClientIdRef : ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientIDRef, default is Undefined, optional + saml client Id ref + samlClientIdSelector : ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientIDSelector, default is Undefined, optional + saml client Id selector + samlClientScopeId : str, default is Undefined, optional + The ID of the client scope this protocol mapper should be added to. Conflicts with client_id. This argument is required if client_id is not set. + The mapper's associated client scope. Cannot be used at the same time as client_id. + samlClientScopeIdRef : ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientScopeIDRef, default is Undefined, optional + saml client scope Id ref + samlClientScopeIdSelector : ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientScopeIDSelector, default is Undefined, optional + saml client scope Id selector """ @@ -495,6 +713,18 @@ schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProvider: realmIdSelector?: ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderRealmIDSelector + samlClientId?: str + + samlClientIdRef?: ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientIDRef + + samlClientIdSelector?: ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientIDSelector + + samlClientScopeId?: str + + samlClientScopeIdRef?: ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientScopeIDRef + + samlClientScopeIdSelector?: ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientScopeIDSelector + schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderClientIDRef: r""" @@ -763,6 +993,184 @@ schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderRealmIDSe resolve?: "Always" | "IfNotPresent" +schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientIDRef: + r""" + Reference to a Client in samlclient to populate samlClientId. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + policy : ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientIDRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + policy?: ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientIDRefPolicy + + +schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientIDRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientIDSelector: + r""" + Selector for a Client in samlclient to populate samlClientId. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + policy : ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientIDSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + policy?: ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientIDSelectorPolicy + + +schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientIDSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientScopeIDRef: + r""" + Reference to a ClientScope in samlclient to populate samlClientScopeId. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + policy : ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientScopeIDRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + policy?: ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientScopeIDRefPolicy + + +schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientScopeIDRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientScopeIDSelector: + r""" + Selector for a ClientScope in samlclient to populate samlClientScopeId. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + policy : ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientScopeIDSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + policy?: ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientScopeIDSelectorPolicy + + +schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientScopeIDSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperSpecProviderConfigRef: r""" ProviderConfigReference specifies how the provider that will be used to @@ -880,6 +1288,12 @@ schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperStatusAtProvider: realmId : str, default is Undefined, optional The realm this protocol mapper exists within. The realm id where the associated client or client scope exists. + samlClientId : str, default is Undefined, optional + The ID of the client this protocol mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. + The mapper's associated client. Cannot be used at the same time as client_scope_id. + samlClientScopeId : str, default is Undefined, optional + The ID of the client scope this protocol mapper should be added to. Conflicts with client_id. This argument is required if client_id is not set. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ @@ -899,6 +1313,10 @@ schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperStatusAtProvider: realmId?: str + samlClientId?: str + + samlClientScopeId?: str + schema ClientKeycloakCrossplaneIoV1alpha1ProtocolMapperStatusConditionsItems0: r""" diff --git a/crossplane_provider_keycloak/cluster/client/v1alpha1/client_keycloak_crossplane_io_v1alpha1_role_mapper.k b/crossplane_provider_keycloak/cluster/client/v1alpha1/client_keycloak_crossplane_io_v1alpha1_role_mapper.k index 99074e9c..3447904a 100644 --- a/crossplane_provider_keycloak/cluster/client/v1alpha1/client_keycloak_crossplane_io_v1alpha1_role_mapper.k +++ b/crossplane_provider_keycloak/cluster/client/v1alpha1/client_keycloak_crossplane_io_v1alpha1_role_mapper.k @@ -118,6 +118,20 @@ schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProvider: role Id ref roleIdSelector : ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderRoleIDSelector, default is Undefined, optional role Id selector + samlClientId : str, default is Undefined, optional + The ID of the client this role mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. + The destination client of the role. Cannot be used at the same time as client_scope_id. + samlClientIdRef : ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientIDRef, default is Undefined, optional + saml client Id ref + samlClientIdSelector : ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientIDSelector, default is Undefined, optional + saml client Id selector + samlClientScopeId : str, default is Undefined, optional + The ID of the client scope this role mapper should be added to. Conflicts with client_id. This argument is required if client_id is not set. + The destination client scope of the role. Cannot be used at the same time as client_id. + samlClientScopeIdRef : ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientScopeIDRef, default is Undefined, optional + saml client scope Id ref + samlClientScopeIdSelector : ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientScopeIDSelector, default is Undefined, optional + saml client scope Id selector """ @@ -145,6 +159,18 @@ schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProvider: roleIdSelector?: ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderRoleIDSelector + samlClientId?: str + + samlClientIdRef?: ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientIDRef + + samlClientIdSelector?: ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientIDSelector + + samlClientScopeId?: str + + samlClientScopeIdRef?: ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientScopeIDRef + + samlClientScopeIdSelector?: ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientScopeIDSelector + schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderClientIDRef: r""" @@ -502,6 +528,184 @@ schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderRoleIDSelector resolve?: "Always" | "IfNotPresent" +schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientIDRef: + r""" + Reference to a Client in samlclient to populate samlClientId. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + policy : ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientIDRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + policy?: ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientIDRefPolicy + + +schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientIDRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientIDSelector: + r""" + Selector for a Client in samlclient to populate samlClientId. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + policy : ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientIDSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + policy?: ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientIDSelectorPolicy + + +schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientIDSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientScopeIDRef: + r""" + Reference to a ClientScope in samlclient to populate samlClientScopeId. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + policy : ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientScopeIDRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + policy?: ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientScopeIDRefPolicy + + +schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientScopeIDRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientScopeIDSelector: + r""" + Selector for a ClientScope in samlclient to populate samlClientScopeId. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + policy : ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientScopeIDSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + policy?: ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientScopeIDSelectorPolicy + + +schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientScopeIDSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProvider: r""" THIS IS A BETA FIELD. It will be honored @@ -545,6 +749,20 @@ schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProvider: role Id ref roleIdSelector : ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderRoleIDSelector, default is Undefined, optional role Id selector + samlClientId : str, default is Undefined, optional + The ID of the client this role mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. + The destination client of the role. Cannot be used at the same time as client_scope_id. + samlClientIdRef : ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientIDRef, default is Undefined, optional + saml client Id ref + samlClientIdSelector : ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientIDSelector, default is Undefined, optional + saml client Id selector + samlClientScopeId : str, default is Undefined, optional + The ID of the client scope this role mapper should be added to. Conflicts with client_id. This argument is required if client_id is not set. + The destination client scope of the role. Cannot be used at the same time as client_id. + samlClientScopeIdRef : ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientScopeIDRef, default is Undefined, optional + saml client scope Id ref + samlClientScopeIdSelector : ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientScopeIDSelector, default is Undefined, optional + saml client scope Id selector """ @@ -572,6 +790,18 @@ schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProvider: roleIdSelector?: ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderRoleIDSelector + samlClientId?: str + + samlClientIdRef?: ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientIDRef + + samlClientIdSelector?: ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientIDSelector + + samlClientScopeId?: str + + samlClientScopeIdRef?: ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientScopeIDRef + + samlClientScopeIdSelector?: ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientScopeIDSelector + schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderClientIDRef: r""" @@ -929,6 +1159,184 @@ schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderRoleIDSelecto resolve?: "Always" | "IfNotPresent" +schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientIDRef: + r""" + Reference to a Client in samlclient to populate samlClientId. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + policy : ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientIDRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + policy?: ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientIDRefPolicy + + +schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientIDRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientIDSelector: + r""" + Selector for a Client in samlclient to populate samlClientId. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + policy : ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientIDSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + policy?: ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientIDSelectorPolicy + + +schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientIDSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientScopeIDRef: + r""" + Reference to a ClientScope in samlclient to populate samlClientScopeId. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + policy : ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientScopeIDRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + policy?: ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientScopeIDRefPolicy + + +schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientScopeIDRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientScopeIDSelector: + r""" + Selector for a ClientScope in samlclient to populate samlClientScopeId. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + policy : ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientScopeIDSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + policy?: ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientScopeIDSelectorPolicy + + +schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientScopeIDSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperSpecProviderConfigRef: r""" ProviderConfigReference specifies how the provider that will be used to @@ -1038,6 +1446,12 @@ schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperStatusAtProvider: roleId : str, default is Undefined, optional The ID of the role to be added to this role mapper. Id of the role to assign + samlClientId : str, default is Undefined, optional + The ID of the client this role mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. + The destination client of the role. Cannot be used at the same time as client_scope_id. + samlClientScopeId : str, default is Undefined, optional + The ID of the client scope this role mapper should be added to. Conflicts with client_id. This argument is required if client_id is not set. + The destination client scope of the role. Cannot be used at the same time as client_id. """ @@ -1051,6 +1465,10 @@ schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperStatusAtProvider: roleId?: str + samlClientId?: str + + samlClientScopeId?: str + schema ClientKeycloakCrossplaneIoV1alpha1RoleMapperStatusConditionsItems0: r""" diff --git a/crossplane_provider_keycloak/cluster/defaults/v1alpha1/defaults_keycloak_crossplane_io_v1alpha1_roles.k b/crossplane_provider_keycloak/cluster/defaults/v1alpha1/defaults_keycloak_crossplane_io_v1alpha1_roles.k index 04d8d697..4628917c 100644 --- a/crossplane_provider_keycloak/cluster/defaults/v1alpha1/defaults_keycloak_crossplane_io_v1alpha1_roles.k +++ b/crossplane_provider_keycloak/cluster/defaults/v1alpha1/defaults_keycloak_crossplane_io_v1alpha1_roles.k @@ -91,7 +91,7 @@ schema DefaultsKeycloakCrossplaneIoV1alpha1RolesSpecForProvider: Attributes ---------- defaultRoles : [str], default is Undefined, optional - Realm level roles assigned to new users by default. + Roles assigned to new users by default. Realm level roles (name) assigned to new users. defaultRolesRefs : [DefaultsKeycloakCrossplaneIoV1alpha1RolesSpecForProviderDefaultRolesRefsItems0], default is Undefined, optional References to Role in role to populate defaultRoles. @@ -313,7 +313,7 @@ schema DefaultsKeycloakCrossplaneIoV1alpha1RolesSpecInitProvider: Attributes ---------- defaultRoles : [str], default is Undefined, optional - Realm level roles assigned to new users by default. + Roles assigned to new users by default. Realm level roles (name) assigned to new users. defaultRolesRefs : [DefaultsKeycloakCrossplaneIoV1alpha1RolesSpecInitProviderDefaultRolesRefsItems0], default is Undefined, optional References to Role in role to populate defaultRoles. @@ -615,7 +615,7 @@ schema DefaultsKeycloakCrossplaneIoV1alpha1RolesStatusAtProvider: Attributes ---------- defaultRoles : [str], default is Undefined, optional - Realm level roles assigned to new users by default. + Roles assigned to new users by default. Realm level roles (name) assigned to new users. id : str, default is Undefined, optional id diff --git a/crossplane_provider_keycloak/cluster/group/v1alpha1/group_keycloak_crossplane_io_v1alpha1_group.k b/crossplane_provider_keycloak/cluster/group/v1alpha1/group_keycloak_crossplane_io_v1alpha1_group.k index 5c07d4ca..59722aa8 100644 --- a/crossplane_provider_keycloak/cluster/group/v1alpha1/group_keycloak_crossplane_io_v1alpha1_group.k +++ b/crossplane_provider_keycloak/cluster/group/v1alpha1/group_keycloak_crossplane_io_v1alpha1_group.k @@ -92,6 +92,8 @@ schema GroupKeycloakCrossplaneIoV1alpha1GroupSpecForProvider: ---------- attributes : {str:str}, default is Undefined, optional A map representing attributes for the group. In order to add multivalued attributes, use ## to separate the values. Max length for each value is 255 chars + description : str, default is Undefined, optional + description name : str, default is Undefined, optional The name of the group. parentId : str, default is Undefined, optional @@ -111,6 +113,8 @@ schema GroupKeycloakCrossplaneIoV1alpha1GroupSpecForProvider: attributes?: {str:str} + description?: str + name?: str parentId?: str @@ -321,6 +325,8 @@ schema GroupKeycloakCrossplaneIoV1alpha1GroupSpecInitProvider: ---------- attributes : {str:str}, default is Undefined, optional A map representing attributes for the group. In order to add multivalued attributes, use ## to separate the values. Max length for each value is 255 chars + description : str, default is Undefined, optional + description name : str, default is Undefined, optional The name of the group. parentId : str, default is Undefined, optional @@ -340,6 +346,8 @@ schema GroupKeycloakCrossplaneIoV1alpha1GroupSpecInitProvider: attributes?: {str:str} + description?: str + name?: str parentId?: str @@ -630,6 +638,8 @@ schema GroupKeycloakCrossplaneIoV1alpha1GroupStatusAtProvider: ---------- attributes : {str:str}, default is Undefined, optional A map representing attributes for the group. In order to add multivalued attributes, use ## to separate the values. Max length for each value is 255 chars + description : str, default is Undefined, optional + description id : str, default is Undefined, optional id name : str, default is Undefined, optional @@ -645,6 +655,8 @@ schema GroupKeycloakCrossplaneIoV1alpha1GroupStatusAtProvider: attributes?: {str:str} + description?: str + id?: str name?: str diff --git a/crossplane_provider_keycloak/cluster/identityprovider/v1alpha1/identityprovider_keycloak_crossplane_io_v1alpha1_provider_token_exchange_scope_permission.k b/crossplane_provider_keycloak/cluster/identityprovider/v1alpha1/identityprovider_keycloak_crossplane_io_v1alpha1_provider_token_exchange_scope_permission.k new file mode 100644 index 00000000..9227db75 --- /dev/null +++ b/crossplane_provider_keycloak/cluster/identityprovider/v1alpha1/identityprovider_keycloak_crossplane_io_v1alpha1_provider_token_exchange_scope_permission.k @@ -0,0 +1,913 @@ +""" +This file was generated by the KCL auto-gen tool. DO NOT EDIT. +Editing this file might prove futile when you re-run the KCL auto-gen generate command. +""" +import k8s.apimachinery.pkg.apis.meta.v1 + + +schema ProviderTokenExchangeScopePermission: + r""" + ProviderTokenExchangeScopePermission is the Schema for the ProviderTokenExchangeScopePermissions API. + + Attributes + ---------- + apiVersion : str, default is "identityprovider.keycloak.crossplane.io/v1alpha1", required + APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + kind : str, default is "ProviderTokenExchangeScopePermission", required + Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + metadata : v1.ObjectMeta, default is Undefined, optional + metadata + spec : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpec, default is Undefined, required + spec + status : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionStatus, default is Undefined, optional + status + """ + + + apiVersion: "identityprovider.keycloak.crossplane.io/v1alpha1" = "identityprovider.keycloak.crossplane.io/v1alpha1" + + kind: "ProviderTokenExchangeScopePermission" = "ProviderTokenExchangeScopePermission" + + metadata?: v1.ObjectMeta + + spec: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpec + + status?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionStatus + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpec: + r""" + ProviderTokenExchangeScopePermissionSpec defines the desired state of ProviderTokenExchangeScopePermission + + Attributes + ---------- + deletionPolicy : str, default is "Delete", optional + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + forProvider : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProvider, default is Undefined, required + for provider + initProvider : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProvider, default is Undefined, optional + init provider + managementPolicies : [str], default is ["*"], optional + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md + providerConfigRef : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecProviderConfigRef, default is Undefined, optional + provider config ref + writeConnectionSecretToRef : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecWriteConnectionSecretToRef, default is Undefined, optional + write connection secret to ref + """ + + + deletionPolicy?: "Orphan" | "Delete" = "Delete" + + forProvider: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProvider + + initProvider?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProvider + + managementPolicies?: [str] = ["*"] + + providerConfigRef?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecProviderConfigRef + + writeConnectionSecretToRef?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecWriteConnectionSecretToRef + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProvider: + r""" + identityprovider keycloak crossplane io v1alpha1 provider token exchange scope permission spec for provider + + Attributes + ---------- + clients : [str], default is Undefined, optional + A list of IDs of the clients for which a policy will be created and set on scope based token exchange permission. + Ids of the clients for which a policy will be created and set on scope based token exchange permission + clientsRefs : [IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderClientsRefsItems0], default is Undefined, optional + References to Client in openidclient to populate clients. + clientsSelector : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderClientsSelector, default is Undefined, optional + clients selector + policyType : str, default is Undefined, optional + Defaults to "client" This is also the only value policy type supported by this provider. + Type of policy that is created. At the moment only 'client' type is supported + providerAlias : str, default is Undefined, optional + Alias of the identity provider. + providerAliasRef : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderProviderAliasRef, default is Undefined, optional + provider alias ref + providerAliasSelector : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderProviderAliasSelector, default is Undefined, optional + provider alias selector + realmId : str, default is Undefined, optional + The realm that the identity provider exists in. + realmIdRef : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderRealmIDRef, default is Undefined, optional + realm Id ref + realmIdSelector : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderRealmIDSelector, default is Undefined, optional + realm Id selector + """ + + + clients?: [str] + + clientsRefs?: [IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderClientsRefsItems0] + + clientsSelector?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderClientsSelector + + policyType?: str + + providerAlias?: str + + providerAliasRef?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderProviderAliasRef + + providerAliasSelector?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderProviderAliasSelector + + realmId?: str + + realmIdRef?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderRealmIDRef + + realmIdSelector?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderRealmIDSelector + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderClientsRefsItems0: + r""" + A Reference to a named object. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + policy : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderClientsRefsItems0Policy, default is Undefined, optional + policy + """ + + + name: str + + policy?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderClientsRefsItems0Policy + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderClientsRefsItems0Policy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderClientsSelector: + r""" + Selector for a list of Client in openidclient to populate clients. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + policy : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderClientsSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + policy?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderClientsSelectorPolicy + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderClientsSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderProviderAliasRef: + r""" + Reference to a IdentityProvider in oidc to populate providerAlias. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + policy : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderProviderAliasRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + policy?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderProviderAliasRefPolicy + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderProviderAliasRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderProviderAliasSelector: + r""" + Selector for a IdentityProvider in oidc to populate providerAlias. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + policy : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderProviderAliasSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + policy?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderProviderAliasSelectorPolicy + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderProviderAliasSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderRealmIDRef: + r""" + Reference to a Realm in realm to populate realmId. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + policy : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderRealmIDRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + policy?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderRealmIDRefPolicy + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderRealmIDRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderRealmIDSelector: + r""" + Selector for a Realm in realm to populate realmId. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + policy : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderRealmIDSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + policy?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderRealmIDSelectorPolicy + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderRealmIDSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProvider: + r""" + THIS IS A BETA FIELD. It will be honored + unless the Management Policies feature flag is disabled. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. + + Attributes + ---------- + clients : [str], default is Undefined, optional + A list of IDs of the clients for which a policy will be created and set on scope based token exchange permission. + Ids of the clients for which a policy will be created and set on scope based token exchange permission + clientsRefs : [IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderClientsRefsItems0], default is Undefined, optional + References to Client in openidclient to populate clients. + clientsSelector : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderClientsSelector, default is Undefined, optional + clients selector + policyType : str, default is Undefined, optional + Defaults to "client" This is also the only value policy type supported by this provider. + Type of policy that is created. At the moment only 'client' type is supported + providerAlias : str, default is Undefined, optional + Alias of the identity provider. + providerAliasRef : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderProviderAliasRef, default is Undefined, optional + provider alias ref + providerAliasSelector : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderProviderAliasSelector, default is Undefined, optional + provider alias selector + realmId : str, default is Undefined, optional + The realm that the identity provider exists in. + realmIdRef : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderRealmIDRef, default is Undefined, optional + realm Id ref + realmIdSelector : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderRealmIDSelector, default is Undefined, optional + realm Id selector + """ + + + clients?: [str] + + clientsRefs?: [IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderClientsRefsItems0] + + clientsSelector?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderClientsSelector + + policyType?: str + + providerAlias?: str + + providerAliasRef?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderProviderAliasRef + + providerAliasSelector?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderProviderAliasSelector + + realmId?: str + + realmIdRef?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderRealmIDRef + + realmIdSelector?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderRealmIDSelector + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderClientsRefsItems0: + r""" + A Reference to a named object. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + policy : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderClientsRefsItems0Policy, default is Undefined, optional + policy + """ + + + name: str + + policy?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderClientsRefsItems0Policy + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderClientsRefsItems0Policy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderClientsSelector: + r""" + Selector for a list of Client in openidclient to populate clients. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + policy : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderClientsSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + policy?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderClientsSelectorPolicy + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderClientsSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderProviderAliasRef: + r""" + Reference to a IdentityProvider in oidc to populate providerAlias. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + policy : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderProviderAliasRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + policy?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderProviderAliasRefPolicy + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderProviderAliasRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderProviderAliasSelector: + r""" + Selector for a IdentityProvider in oidc to populate providerAlias. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + policy : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderProviderAliasSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + policy?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderProviderAliasSelectorPolicy + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderProviderAliasSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderRealmIDRef: + r""" + Reference to a Realm in realm to populate realmId. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + policy : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderRealmIDRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + policy?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderRealmIDRefPolicy + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderRealmIDRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderRealmIDSelector: + r""" + Selector for a Realm in realm to populate realmId. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + policy : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderRealmIDSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + policy?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderRealmIDSelectorPolicy + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderRealmIDSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecProviderConfigRef: + r""" + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + policy : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecProviderConfigRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + policy?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecProviderConfigRefPolicy + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecProviderConfigRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecWriteConnectionSecretToRef: + r""" + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the secret. + namespace : str, default is Undefined, required + Namespace of the secret. + """ + + + name: str + + namespace: str + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionStatus: + r""" + ProviderTokenExchangeScopePermissionStatus defines the observed state of ProviderTokenExchangeScopePermission. + + Attributes + ---------- + atProvider : IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionStatusAtProvider, default is Undefined, optional + at provider + conditions : [IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionStatusConditionsItems0], default is Undefined, optional + Conditions of the resource. + observedGeneration : int, default is Undefined, optional + ObservedGeneration is the latest metadata.generation + which resulted in either a ready state, or stalled due to error + it can not recover from without human intervention. + """ + + + atProvider?: IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionStatusAtProvider + + conditions?: [IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionStatusConditionsItems0] + + observedGeneration?: int + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionStatusAtProvider: + r""" + identityprovider keycloak crossplane io v1alpha1 provider token exchange scope permission status at provider + + Attributes + ---------- + authorizationIdpResourceId : str, default is Undefined, optional + (Computed) Resource ID representing the identity provider, this automatically created by keycloak. + Resource id representing the identity provider, this automatically created by keycloak + authorizationResourceServerId : str, default is Undefined, optional + (Computed) Resource server ID representing the realm management client on which this permission is managed. + Resource server id representing the realm management client on which this permission is managed + authorizationTokenExchangeScopePermissionId : str, default is Undefined, optional + (Computed) Permission ID representing the Permission with scope 'Token Exchange' and the resource 'authorization_idp_resource_id', this automatically created by keycloak, the policy ID will be set on this permission. + Permission id representing the Permission with scope 'Token Exchange' and the resource 'authorization_idp_resource_id', this automatically created by keycloak, the policy id will be set on this permission + clients : [str], default is Undefined, optional + A list of IDs of the clients for which a policy will be created and set on scope based token exchange permission. + Ids of the clients for which a policy will be created and set on scope based token exchange permission + id : str, default is Undefined, optional + id + policyId : str, default is Undefined, optional + (Computed) Policy ID that will be set on the scope based token exchange permission automatically created by enabling permissions on the reference identity provider. + Policy id that will be set on the scope based token exchange permission automatically created by enabling permissions on the reference identity provider + policyType : str, default is Undefined, optional + Defaults to "client" This is also the only value policy type supported by this provider. + Type of policy that is created. At the moment only 'client' type is supported + providerAlias : str, default is Undefined, optional + Alias of the identity provider. + realmId : str, default is Undefined, optional + The realm that the identity provider exists in. + """ + + + authorizationIdpResourceId?: str + + authorizationResourceServerId?: str + + authorizationTokenExchangeScopePermissionId?: str + + clients?: [str] + + id?: str + + policyId?: str + + policyType?: str + + providerAlias?: str + + realmId?: str + + +schema IdentityproviderKeycloakCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionStatusConditionsItems0: + r""" + A Condition that may apply to a resource. + + Attributes + ---------- + lastTransitionTime : str, default is Undefined, required + LastTransitionTime is the last time this condition transitioned from one + status to another. + message : str, default is Undefined, optional + A Message containing details about this condition's last transition from + one status to another, if any. + observedGeneration : int, default is Undefined, optional + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + reason : str, default is Undefined, required + A Reason for this condition's last transition from one status to another. + status : str, default is Undefined, required + Status of this condition; is it currently True, False, or Unknown? + $type : str, default is Undefined, required + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + """ + + + lastTransitionTime: str + + message?: str + + observedGeneration?: int + + reason: str + + status: str + + $type: str + + diff --git a/crossplane_provider_keycloak/cluster/ldap/v1alpha1/ldap_keycloak_crossplane_io_v1alpha1_user_federation.k b/crossplane_provider_keycloak/cluster/ldap/v1alpha1/ldap_keycloak_crossplane_io_v1alpha1_user_federation.k index fcdeb29a..5d16b495 100644 --- a/crossplane_provider_keycloak/cluster/ldap/v1alpha1/ldap_keycloak_crossplane_io_v1alpha1_user_federation.k +++ b/crossplane_provider_keycloak/cluster/ldap/v1alpha1/ldap_keycloak_crossplane_io_v1alpha1_user_federation.k @@ -104,6 +104,9 @@ schema LdapKeycloakCrossplaneIoV1alpha1UserFederationSpecForProvider: changedSyncPeriod : float, default is Undefined, optional How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + connectionPooling : bool, default is Undefined, optional + When true, LDAP connection pooling is enabled. Defaults to false. + When true, Keycloak will use connection pooling when connecting to LDAP. connectionTimeout : str, default is Undefined, optional LDAP connection timeout in the format of a Go duration string. LDAP connection timeout (duration string) @@ -113,6 +116,9 @@ schema LdapKeycloakCrossplaneIoV1alpha1UserFederationSpecForProvider: customUserSearchFilter : str, default is Undefined, optional Additional LDAP filter for filtering searched users. Must begin with ( and end with ). Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. + debug : str, default is Undefined, optional + Can be one of true or false. Will enable/disable logging for Kerberos Authentication. Defaults to false: + true: enables debug logging for Krb5LoginModule. false: disables debug logging for Krb5LoginModule deleteDefaultMappers : bool, default is Undefined, optional When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to false. When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. @@ -131,6 +137,9 @@ schema LdapKeycloakCrossplaneIoV1alpha1UserFederationSpecForProvider: kerberos : [LdapKeycloakCrossplaneIoV1alpha1UserFederationSpecForProviderKerberosItems0], default is Undefined, optional A block containing the kerberos settings. Settings regarding kerberos authentication for this realm. + krbPrincipalAttribute : str, default is Undefined, optional + Name of the LDAP attribute, which refers to Kerberos principal. This is used to lookup appropriate LDAP user after successful Kerberos/SPNEGO authentication in Keycloak. When this is empty, the LDAP user will be looked based on LDAP username corresponding to the first part of his Kerberos principal. For instance, for principal 'john@KEYCLOAK.ORG', it will assume that LDAP username is 'john'. + Name of the LDAP attribute, which refers to Kerberos principal. This is used to lookup appropriate LDAP user after successful Kerberos/SPNEGO authentication in Keycloak. When this is empty, the LDAP user will be looked based on LDAP username corresponding to the first part of his Kerberos principal. For instance, for principal 'john@KEYCLOAK.ORG', it will assume that LDAP username is 'john'. name : str, default is Undefined, optional Display name of the provider when displayed in the console. Display name of the provider when displayed in the console. @@ -201,12 +210,16 @@ schema LdapKeycloakCrossplaneIoV1alpha1UserFederationSpecForProvider: changedSyncPeriod?: float + connectionPooling?: bool + connectionTimeout?: str connectionUrl?: str customUserSearchFilter?: str + debug?: str + deleteDefaultMappers?: bool editMode?: str @@ -219,6 +232,8 @@ schema LdapKeycloakCrossplaneIoV1alpha1UserFederationSpecForProvider: kerberos?: [LdapKeycloakCrossplaneIoV1alpha1UserFederationSpecForProviderKerberosItems0] + krbPrincipalAttribute?: str + name?: str pagination?: bool @@ -465,6 +480,9 @@ schema LdapKeycloakCrossplaneIoV1alpha1UserFederationSpecInitProvider: changedSyncPeriod : float, default is Undefined, optional How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + connectionPooling : bool, default is Undefined, optional + When true, LDAP connection pooling is enabled. Defaults to false. + When true, Keycloak will use connection pooling when connecting to LDAP. connectionTimeout : str, default is Undefined, optional LDAP connection timeout in the format of a Go duration string. LDAP connection timeout (duration string) @@ -474,6 +492,9 @@ schema LdapKeycloakCrossplaneIoV1alpha1UserFederationSpecInitProvider: customUserSearchFilter : str, default is Undefined, optional Additional LDAP filter for filtering searched users. Must begin with ( and end with ). Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. + debug : str, default is Undefined, optional + Can be one of true or false. Will enable/disable logging for Kerberos Authentication. Defaults to false: + true: enables debug logging for Krb5LoginModule. false: disables debug logging for Krb5LoginModule deleteDefaultMappers : bool, default is Undefined, optional When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to false. When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. @@ -492,6 +513,9 @@ schema LdapKeycloakCrossplaneIoV1alpha1UserFederationSpecInitProvider: kerberos : [LdapKeycloakCrossplaneIoV1alpha1UserFederationSpecInitProviderKerberosItems0], default is Undefined, optional A block containing the kerberos settings. Settings regarding kerberos authentication for this realm. + krbPrincipalAttribute : str, default is Undefined, optional + Name of the LDAP attribute, which refers to Kerberos principal. This is used to lookup appropriate LDAP user after successful Kerberos/SPNEGO authentication in Keycloak. When this is empty, the LDAP user will be looked based on LDAP username corresponding to the first part of his Kerberos principal. For instance, for principal 'john@KEYCLOAK.ORG', it will assume that LDAP username is 'john'. + Name of the LDAP attribute, which refers to Kerberos principal. This is used to lookup appropriate LDAP user after successful Kerberos/SPNEGO authentication in Keycloak. When this is empty, the LDAP user will be looked based on LDAP username corresponding to the first part of his Kerberos principal. For instance, for principal 'john@KEYCLOAK.ORG', it will assume that LDAP username is 'john'. name : str, default is Undefined, optional Display name of the provider when displayed in the console. Display name of the provider when displayed in the console. @@ -562,12 +586,16 @@ schema LdapKeycloakCrossplaneIoV1alpha1UserFederationSpecInitProvider: changedSyncPeriod?: float + connectionPooling?: bool + connectionTimeout?: str connectionUrl?: str customUserSearchFilter?: str + debug?: str + deleteDefaultMappers?: bool editMode?: str @@ -580,6 +608,8 @@ schema LdapKeycloakCrossplaneIoV1alpha1UserFederationSpecInitProvider: kerberos?: [LdapKeycloakCrossplaneIoV1alpha1UserFederationSpecInitProviderKerberosItems0] + krbPrincipalAttribute?: str + name?: str pagination?: bool @@ -904,6 +934,9 @@ schema LdapKeycloakCrossplaneIoV1alpha1UserFederationStatusAtProvider: changedSyncPeriod : float, default is Undefined, optional How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + connectionPooling : bool, default is Undefined, optional + When true, LDAP connection pooling is enabled. Defaults to false. + When true, Keycloak will use connection pooling when connecting to LDAP. connectionTimeout : str, default is Undefined, optional LDAP connection timeout in the format of a Go duration string. LDAP connection timeout (duration string) @@ -913,6 +946,9 @@ schema LdapKeycloakCrossplaneIoV1alpha1UserFederationStatusAtProvider: customUserSearchFilter : str, default is Undefined, optional Additional LDAP filter for filtering searched users. Must begin with ( and end with ). Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. + debug : str, default is Undefined, optional + Can be one of true or false. Will enable/disable logging for Kerberos Authentication. Defaults to false: + true: enables debug logging for Krb5LoginModule. false: disables debug logging for Krb5LoginModule deleteDefaultMappers : bool, default is Undefined, optional When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to false. When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. @@ -933,6 +969,9 @@ schema LdapKeycloakCrossplaneIoV1alpha1UserFederationStatusAtProvider: kerberos : [LdapKeycloakCrossplaneIoV1alpha1UserFederationStatusAtProviderKerberosItems0], default is Undefined, optional A block containing the kerberos settings. Settings regarding kerberos authentication for this realm. + krbPrincipalAttribute : str, default is Undefined, optional + Name of the LDAP attribute, which refers to Kerberos principal. This is used to lookup appropriate LDAP user after successful Kerberos/SPNEGO authentication in Keycloak. When this is empty, the LDAP user will be looked based on LDAP username corresponding to the first part of his Kerberos principal. For instance, for principal 'john@KEYCLOAK.ORG', it will assume that LDAP username is 'john'. + Name of the LDAP attribute, which refers to Kerberos principal. This is used to lookup appropriate LDAP user after successful Kerberos/SPNEGO authentication in Keycloak. When this is empty, the LDAP user will be looked based on LDAP username corresponding to the first part of his Kerberos principal. For instance, for principal 'john@KEYCLOAK.ORG', it will assume that LDAP username is 'john'. name : str, default is Undefined, optional Display name of the provider when displayed in the console. Display name of the provider when displayed in the console. @@ -997,12 +1036,16 @@ schema LdapKeycloakCrossplaneIoV1alpha1UserFederationStatusAtProvider: changedSyncPeriod?: float + connectionPooling?: bool + connectionTimeout?: str connectionUrl?: str customUserSearchFilter?: str + debug?: str + deleteDefaultMappers?: bool editMode?: str @@ -1017,6 +1060,8 @@ schema LdapKeycloakCrossplaneIoV1alpha1UserFederationStatusAtProvider: kerberos?: [LdapKeycloakCrossplaneIoV1alpha1UserFederationStatusAtProviderKerberosItems0] + krbPrincipalAttribute?: str + name?: str pagination?: bool diff --git a/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client.k b/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client.k index 63459f0f..f0481d9c 100644 --- a/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client.k +++ b/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client.k @@ -97,7 +97,7 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecForProvider: adminUrl : str, default is Undefined, optional URL to the admin interface of the client. allowRefreshTokenInStandardTokenExchange : str, default is Undefined, optional - allow refresh token in standard token exchange + Defines whether to allow refresh token in Standard Token Exchange. Possible values are NO (default) and SAME_SESSION. alwaysDisplayInConsole : bool, default is Undefined, optional Always list this client in the Account UI, even if the user does not have an active session. authenticationFlowBindingOverrides : [OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderAuthenticationFlowBindingOverridesItems0], default is Undefined, optional @@ -116,10 +116,6 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecForProvider: Defaults to client-secret. The authenticator type for clients with an access_type of CONFIDENTIAL or BEARER-ONLY. A default Keycloak installation will have the following available types: clientId : str, default is Undefined, optional The Client ID for this client, referenced in the URI during authentication and in issued tokens. - clientIdRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderClientIDRef, default is Undefined, optional - client Id ref - clientIdSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderClientIDSelector, default is Undefined, optional - client Id selector clientOfflineSessionIdleTimeout : str, default is Undefined, optional Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. clientOfflineSessionMaxLifespan : str, default is Undefined, optional @@ -184,6 +180,8 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecForProvider: realm Id ref realmIdSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderRealmIDSelector, default is Undefined, optional realm Id selector + requireDpopBoundTokens : bool, default is Undefined, optional + Enable support for Demonstrating Proof-of-Possession (DPoP) bound tokens. rootUrl : str, default is Undefined, optional When specified, this URL is prepended to any relative URLs found within valid_redirect_uris, web_origins, and admin_url. NOTE: Due to limitations in the Keycloak API, when the root_url attribute is used, the valid_redirect_uris, web_origins, and admin_url attributes will be required. serviceAccountsEnabled : bool, default is Undefined, optional @@ -191,7 +189,7 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecForProvider: standardFlowEnabled : bool, default is Undefined, optional When true, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to false. standardTokenExchangeEnabled : bool, default is Undefined, optional - When false, this client will not be able to initiate a login or obtain access tokens. Defaults to true. + Enables support for Standard Token Exchange useRefreshTokens : bool, default is Undefined, optional If this is true, a refresh_token will be created and added to the token response. If this is false then no refresh_token will be generated. Defaults to true. useRefreshTokensClientCredentials : bool, default is Undefined, optional @@ -233,10 +231,6 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecForProvider: clientId?: str - clientIdRef?: OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderClientIDRef - - clientIdSelector?: OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderClientIDSelector - clientOfflineSessionIdleTimeout?: str clientOfflineSessionMaxLifespan?: str @@ -299,6 +293,8 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecForProvider: realmIdSelector?: OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderRealmIDSelector + requireDpopBoundTokens?: bool + rootUrl?: str serviceAccountsEnabled?: bool @@ -556,95 +552,6 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderAuthorizatio policyEnforcementMode?: str -schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderClientIDRef: - r""" - Reference to a Client in openidclient to populate clientId. - - Attributes - ---------- - name : str, default is Undefined, required - Name of the referenced object. - policy : OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderClientIDRefPolicy, default is Undefined, optional - policy - """ - - - name: str - - policy?: OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderClientIDRefPolicy - - -schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderClientIDRefPolicy: - r""" - Policies for referencing. - - Attributes - ---------- - resolution : str, default is "Required", optional - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - resolve : str, default is Undefined, optional - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - """ - - - resolution?: "Required" | "Optional" = "Required" - - resolve?: "Always" | "IfNotPresent" - - -schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderClientIDSelector: - r""" - Selector for a Client in openidclient to populate clientId. - - Attributes - ---------- - matchControllerRef : bool, default is Undefined, optional - MatchControllerRef ensures an object with the same controller reference - as the selecting object is selected. - matchLabels : {str:str}, default is Undefined, optional - MatchLabels ensures an object with matching labels is selected. - policy : OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderClientIDSelectorPolicy, default is Undefined, optional - policy - """ - - - matchControllerRef?: bool - - matchLabels?: {str:str} - - policy?: OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderClientIDSelectorPolicy - - -schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderClientIDSelectorPolicy: - r""" - Policies for selection. - - Attributes - ---------- - resolution : str, default is "Required", optional - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - resolve : str, default is Undefined, optional - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - """ - - - resolution?: "Required" | "Optional" = "Required" - - resolve?: "Always" | "IfNotPresent" - - schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderClientSecretSecretRef: r""" The secret for clients with an access_type of CONFIDENTIAL or BEARER-ONLY. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. @@ -801,7 +708,7 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProvider: adminUrl : str, default is Undefined, optional URL to the admin interface of the client. allowRefreshTokenInStandardTokenExchange : str, default is Undefined, optional - allow refresh token in standard token exchange + Defines whether to allow refresh token in Standard Token Exchange. Possible values are NO (default) and SAME_SESSION. alwaysDisplayInConsole : bool, default is Undefined, optional Always list this client in the Account UI, even if the user does not have an active session. authenticationFlowBindingOverrides : [OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderAuthenticationFlowBindingOverridesItems0], default is Undefined, optional @@ -820,10 +727,6 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProvider: Defaults to client-secret. The authenticator type for clients with an access_type of CONFIDENTIAL or BEARER-ONLY. A default Keycloak installation will have the following available types: clientId : str, default is Undefined, optional The Client ID for this client, referenced in the URI during authentication and in issued tokens. - clientIdRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderClientIDRef, default is Undefined, optional - client Id ref - clientIdSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderClientIDSelector, default is Undefined, optional - client Id selector clientOfflineSessionIdleTimeout : str, default is Undefined, optional Time a client session is allowed to be idle before it expires. Tokens are invalidated when a client session is expired. If not set it uses the standard SSO Session Idle value. clientOfflineSessionMaxLifespan : str, default is Undefined, optional @@ -888,6 +791,8 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProvider: realm Id ref realmIdSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderRealmIDSelector, default is Undefined, optional realm Id selector + requireDpopBoundTokens : bool, default is Undefined, optional + Enable support for Demonstrating Proof-of-Possession (DPoP) bound tokens. rootUrl : str, default is Undefined, optional When specified, this URL is prepended to any relative URLs found within valid_redirect_uris, web_origins, and admin_url. NOTE: Due to limitations in the Keycloak API, when the root_url attribute is used, the valid_redirect_uris, web_origins, and admin_url attributes will be required. serviceAccountsEnabled : bool, default is Undefined, optional @@ -895,7 +800,7 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProvider: standardFlowEnabled : bool, default is Undefined, optional When true, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to false. standardTokenExchangeEnabled : bool, default is Undefined, optional - When false, this client will not be able to initiate a login or obtain access tokens. Defaults to true. + Enables support for Standard Token Exchange useRefreshTokens : bool, default is Undefined, optional If this is true, a refresh_token will be created and added to the token response. If this is false then no refresh_token will be generated. Defaults to true. useRefreshTokensClientCredentials : bool, default is Undefined, optional @@ -937,10 +842,6 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProvider: clientId?: str - clientIdRef?: OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderClientIDRef - - clientIdSelector?: OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderClientIDSelector - clientOfflineSessionIdleTimeout?: str clientOfflineSessionMaxLifespan?: str @@ -1003,6 +904,8 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProvider: realmIdSelector?: OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderRealmIDSelector + requireDpopBoundTokens?: bool + rootUrl?: str serviceAccountsEnabled?: bool @@ -1260,95 +1163,6 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderAuthorizati policyEnforcementMode?: str -schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderClientIDRef: - r""" - Reference to a Client in openidclient to populate clientId. - - Attributes - ---------- - name : str, default is Undefined, required - Name of the referenced object. - policy : OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderClientIDRefPolicy, default is Undefined, optional - policy - """ - - - name: str - - policy?: OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderClientIDRefPolicy - - -schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderClientIDRefPolicy: - r""" - Policies for referencing. - - Attributes - ---------- - resolution : str, default is "Required", optional - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - resolve : str, default is Undefined, optional - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - """ - - - resolution?: "Required" | "Optional" = "Required" - - resolve?: "Always" | "IfNotPresent" - - -schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderClientIDSelector: - r""" - Selector for a Client in openidclient to populate clientId. - - Attributes - ---------- - matchControllerRef : bool, default is Undefined, optional - MatchControllerRef ensures an object with the same controller reference - as the selecting object is selected. - matchLabels : {str:str}, default is Undefined, optional - MatchLabels ensures an object with matching labels is selected. - policy : OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderClientIDSelectorPolicy, default is Undefined, optional - policy - """ - - - matchControllerRef?: bool - - matchLabels?: {str:str} - - policy?: OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderClientIDSelectorPolicy - - -schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderClientIDSelectorPolicy: - r""" - Policies for selection. - - Attributes - ---------- - resolution : str, default is "Required", optional - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - resolve : str, default is Undefined, optional - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - """ - - - resolution?: "Required" | "Optional" = "Required" - - resolve?: "Always" | "IfNotPresent" - - schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderClientSecretSecretRef: r""" The secret for clients with an access_type of CONFIDENTIAL or BEARER-ONLY. This value is sensitive and should be treated with the same care as a password. If omitted, this will be generated by Keycloak. @@ -1585,7 +1399,7 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientStatusAtProvider: adminUrl : str, default is Undefined, optional URL to the admin interface of the client. allowRefreshTokenInStandardTokenExchange : str, default is Undefined, optional - allow refresh token in standard token exchange + Defines whether to allow refresh token in Standard Token Exchange. Possible values are NO (default) and SAME_SESSION. alwaysDisplayInConsole : bool, default is Undefined, optional Always list this client in the Account UI, even if the user does not have an active session. authenticationFlowBindingOverrides : [OpenidclientKeycloakCrossplaneIoV1alpha1ClientStatusAtProviderAuthenticationFlowBindingOverridesItems0], default is Undefined, optional @@ -1662,6 +1476,8 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientStatusAtProvider: The challenge method to use for Proof Key for Code Exchange. Can be either plain or S256 or set to empty value “. realmId : str, default is Undefined, optional The realm this client is attached to. + requireDpopBoundTokens : bool, default is Undefined, optional + Enable support for Demonstrating Proof-of-Possession (DPoP) bound tokens. resourceServerId : str, default is Undefined, optional (Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the .id attribute). rootUrl : str, default is Undefined, optional @@ -1673,7 +1489,7 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientStatusAtProvider: standardFlowEnabled : bool, default is Undefined, optional When true, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to false. standardTokenExchangeEnabled : bool, default is Undefined, optional - When false, this client will not be able to initiate a login or obtain access tokens. Defaults to true. + Enables support for Standard Token Exchange useRefreshTokens : bool, default is Undefined, optional If this is true, a refresh_token will be created and added to the token response. If this is false then no refresh_token will be generated. Defaults to true. useRefreshTokensClientCredentials : bool, default is Undefined, optional @@ -1771,6 +1587,8 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientStatusAtProvider: realmId?: str + requireDpopBoundTokens?: bool + resourceServerId?: str rootUrl?: str diff --git a/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client_authorization_resource.k b/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client_authorization_resource.k index 3f7edbaa..aa1a3da8 100644 --- a/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client_authorization_resource.k +++ b/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client_authorization_resource.k @@ -7,7 +7,7 @@ import k8s.apimachinery.pkg.apis.meta.v1 schema ClientAuthorizationResource: r""" - ClientAuthorizationResource is the Schema for the ClientAuthorizationResources API. + ClientAuthorizationResource is the Schema for the ClientAuthorizationResources API. Attributes ---------- @@ -91,33 +91,33 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientAuthorizationResourceSpecFo Attributes ---------- attributes : {str:str}, default is Undefined, optional - attributes + A map of attributes for the resource. Values can be comma-separated lists. displayName : str, default is Undefined, optional - display name + The display name of the resource. iconUri : str, default is Undefined, optional - icon Uri + An icon URI for the resource. name : str, default is Undefined, optional - name + The name of the resource. ownerManagedAccess : bool, default is Undefined, optional - owner managed access + When true, this resource supports user-managed access. Defaults to false. realmId : str, default is Undefined, optional - realm Id + The realm this resource exists in. realmIdRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientAuthorizationResourceSpecForProviderRealmIDRef, default is Undefined, optional realm Id ref realmIdSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientAuthorizationResourceSpecForProviderRealmIDSelector, default is Undefined, optional realm Id selector resourceServerId : str, default is Undefined, optional - resource server Id + The ID of the resource server. resourceServerIdRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientAuthorizationResourceSpecForProviderResourceServerIDRef, default is Undefined, optional resource server Id ref resourceServerIdSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientAuthorizationResourceSpecForProviderResourceServerIDSelector, default is Undefined, optional resource server Id selector scopes : [str], default is Undefined, optional - scopes + A set of scope names that this resource uses. $type : str, default is Undefined, optional - type + The type of this resource (e.g., urn:myapp:resources:default). uris : [str], default is Undefined, optional - uris + A set of URIs that this resource represents. """ @@ -344,33 +344,33 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientAuthorizationResourceSpecIn Attributes ---------- attributes : {str:str}, default is Undefined, optional - attributes + A map of attributes for the resource. Values can be comma-separated lists. displayName : str, default is Undefined, optional - display name + The display name of the resource. iconUri : str, default is Undefined, optional - icon Uri + An icon URI for the resource. name : str, default is Undefined, optional - name + The name of the resource. ownerManagedAccess : bool, default is Undefined, optional - owner managed access + When true, this resource supports user-managed access. Defaults to false. realmId : str, default is Undefined, optional - realm Id + The realm this resource exists in. realmIdRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientAuthorizationResourceSpecInitProviderRealmIDRef, default is Undefined, optional realm Id ref realmIdSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientAuthorizationResourceSpecInitProviderRealmIDSelector, default is Undefined, optional realm Id selector resourceServerId : str, default is Undefined, optional - resource server Id + The ID of the resource server. resourceServerIdRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientAuthorizationResourceSpecInitProviderResourceServerIDRef, default is Undefined, optional resource server Id ref resourceServerIdSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientAuthorizationResourceSpecInitProviderResourceServerIDSelector, default is Undefined, optional resource server Id selector scopes : [str], default is Undefined, optional - scopes + A set of scope names that this resource uses. $type : str, default is Undefined, optional - type + The type of this resource (e.g., urn:myapp:resources:default). uris : [str], default is Undefined, optional - uris + A set of URIs that this resource represents. """ @@ -677,27 +677,27 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientAuthorizationResourceStatus Attributes ---------- attributes : {str:str}, default is Undefined, optional - attributes + A map of attributes for the resource. Values can be comma-separated lists. displayName : str, default is Undefined, optional - display name + The display name of the resource. iconUri : str, default is Undefined, optional - icon Uri + An icon URI for the resource. id : str, default is Undefined, optional - id + Resource ID representing the authorization resource. name : str, default is Undefined, optional - name + The name of the resource. ownerManagedAccess : bool, default is Undefined, optional - owner managed access + When true, this resource supports user-managed access. Defaults to false. realmId : str, default is Undefined, optional - realm Id + The realm this resource exists in. resourceServerId : str, default is Undefined, optional - resource server Id + The ID of the resource server. scopes : [str], default is Undefined, optional - scopes + A set of scope names that this resource uses. $type : str, default is Undefined, optional - type + The type of this resource (e.g., urn:myapp:resources:default). uris : [str], default is Undefined, optional - uris + A set of URIs that this resource represents. """ diff --git a/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client_client_policy.k b/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client_client_policy.k index a5262645..24cce80b 100644 --- a/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client_client_policy.k +++ b/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client_client_policy.k @@ -91,31 +91,37 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecForProvider Attributes ---------- clients : [str], default is Undefined, optional - The clients allowed by this client policy. + A list of client IDs that this policy applies to. clientsRefs : [OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecForProviderClientsRefsItems0], default is Undefined, optional References to Client in openidclient to populate clients. clientsSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecForProviderClientsSelector, default is Undefined, optional clients selector decisionStrategy : str, default is Undefined, optional - (Computed) Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of AFFIRMATIVE, CONSENSUS, or UNANIMOUS. Applies to permissions. + The decision strategy, can be one of UNANIMOUS, AFFIRMATIVE, or CONSENSUS. description : str, default is Undefined, optional - The description of this client policy. + A description for the authorization policy. logic : str, default is Undefined, optional - (Computed) Dictates how the policy decision should be made. Can be either POSITIVE or NEGATIVE. Applies to policies. + The logic, can be one of POSITIVE or NEGATIVE. Defaults to POSITIVE. name : str, default is Undefined, optional - The name of this client policy. + The name of the policy. realmId : str, default is Undefined, optional - The realm this client policy exists within. + The realm this policy exists in. realmIdRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecForProviderRealmIDRef, default is Undefined, optional realm Id ref realmIdSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecForProviderRealmIDSelector, default is Undefined, optional realm Id selector resourceServerId : str, default is Undefined, optional - The ID of the resource server this client policy is attached to. + The ID of the resource server. resourceServerIdRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecForProviderResourceServerIDRef, default is Undefined, optional resource server Id ref resourceServerIdSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecForProviderResourceServerIDSelector, default is Undefined, optional resource server Id selector + samlClients : [str], default is Undefined, optional + A list of client IDs that this policy applies to. + samlClientsRefs : [OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecForProviderSamlClientsRefsItems0], default is Undefined, optional + References to Client in samlclient to populate samlClients. + samlClientsSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecForProviderSamlClientsSelector, default is Undefined, optional + saml clients selector """ @@ -145,6 +151,12 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecForProvider resourceServerIdSelector?: OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecForProviderResourceServerIDSelector + samlClients?: [str] + + samlClientsRefs?: [OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecForProviderSamlClientsRefsItems0] + + samlClientsSelector?: OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecForProviderSamlClientsSelector + schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecForProviderClientsRefsItems0: r""" @@ -413,6 +425,95 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecForProvider resolve?: "Always" | "IfNotPresent" +schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecForProviderSamlClientsRefsItems0: + r""" + A Reference to a named object. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + policy : OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecForProviderSamlClientsRefsItems0Policy, default is Undefined, optional + policy + """ + + + name: str + + policy?: OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecForProviderSamlClientsRefsItems0Policy + + +schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecForProviderSamlClientsRefsItems0Policy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecForProviderSamlClientsSelector: + r""" + Selector for a list of Client in samlclient to populate samlClients. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + policy : OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecForProviderSamlClientsSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + policy?: OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecForProviderSamlClientsSelectorPolicy + + +schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecForProviderSamlClientsSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecInitProvider: r""" THIS IS A BETA FIELD. It will be honored @@ -429,31 +530,37 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecInitProvide Attributes ---------- clients : [str], default is Undefined, optional - The clients allowed by this client policy. + A list of client IDs that this policy applies to. clientsRefs : [OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderClientsRefsItems0], default is Undefined, optional References to Client in openidclient to populate clients. clientsSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderClientsSelector, default is Undefined, optional clients selector decisionStrategy : str, default is Undefined, optional - (Computed) Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of AFFIRMATIVE, CONSENSUS, or UNANIMOUS. Applies to permissions. + The decision strategy, can be one of UNANIMOUS, AFFIRMATIVE, or CONSENSUS. description : str, default is Undefined, optional - The description of this client policy. + A description for the authorization policy. logic : str, default is Undefined, optional - (Computed) Dictates how the policy decision should be made. Can be either POSITIVE or NEGATIVE. Applies to policies. + The logic, can be one of POSITIVE or NEGATIVE. Defaults to POSITIVE. name : str, default is Undefined, optional - The name of this client policy. + The name of the policy. realmId : str, default is Undefined, optional - The realm this client policy exists within. + The realm this policy exists in. realmIdRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderRealmIDRef, default is Undefined, optional realm Id ref realmIdSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderRealmIDSelector, default is Undefined, optional realm Id selector resourceServerId : str, default is Undefined, optional - The ID of the resource server this client policy is attached to. + The ID of the resource server. resourceServerIdRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderResourceServerIDRef, default is Undefined, optional resource server Id ref resourceServerIdSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderResourceServerIDSelector, default is Undefined, optional resource server Id selector + samlClients : [str], default is Undefined, optional + A list of client IDs that this policy applies to. + samlClientsRefs : [OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderSamlClientsRefsItems0], default is Undefined, optional + References to Client in samlclient to populate samlClients. + samlClientsSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderSamlClientsSelector, default is Undefined, optional + saml clients selector """ @@ -483,6 +590,12 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecInitProvide resourceServerIdSelector?: OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderResourceServerIDSelector + samlClients?: [str] + + samlClientsRefs?: [OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderSamlClientsRefsItems0] + + samlClientsSelector?: OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderSamlClientsSelector + schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderClientsRefsItems0: r""" @@ -751,6 +864,95 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecInitProvide resolve?: "Always" | "IfNotPresent" +schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderSamlClientsRefsItems0: + r""" + A Reference to a named object. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + policy : OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderSamlClientsRefsItems0Policy, default is Undefined, optional + policy + """ + + + name: str + + policy?: OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderSamlClientsRefsItems0Policy + + +schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderSamlClientsRefsItems0Policy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderSamlClientsSelector: + r""" + Selector for a list of Client in samlclient to populate samlClients. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + policy : OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderSamlClientsSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + policy?: OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderSamlClientsSelectorPolicy + + +schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderSamlClientsSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicySpecProviderConfigRef: r""" ProviderConfigReference specifies how the provider that will be used to @@ -847,21 +1049,23 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicyStatusAtProvide Attributes ---------- clients : [str], default is Undefined, optional - The clients allowed by this client policy. + A list of client IDs that this policy applies to. decisionStrategy : str, default is Undefined, optional - (Computed) Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of AFFIRMATIVE, CONSENSUS, or UNANIMOUS. Applies to permissions. + The decision strategy, can be one of UNANIMOUS, AFFIRMATIVE, or CONSENSUS. description : str, default is Undefined, optional - The description of this client policy. + A description for the authorization policy. id : str, default is Undefined, optional - id + Policy ID representing the client policy. logic : str, default is Undefined, optional - (Computed) Dictates how the policy decision should be made. Can be either POSITIVE or NEGATIVE. Applies to policies. + The logic, can be one of POSITIVE or NEGATIVE. Defaults to POSITIVE. name : str, default is Undefined, optional - The name of this client policy. + The name of the policy. realmId : str, default is Undefined, optional - The realm this client policy exists within. + The realm this policy exists in. resourceServerId : str, default is Undefined, optional - The ID of the resource server this client policy is attached to. + The ID of the resource server. + samlClients : [str], default is Undefined, optional + A list of client IDs that this policy applies to. """ @@ -881,6 +1085,8 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicyStatusAtProvide resourceServerId?: str + samlClients?: [str] + schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientClientPolicyStatusConditionsItems0: r""" diff --git a/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client_group_policy.k b/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client_group_policy.k index b5251da6..9a2e35c5 100644 --- a/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client_group_policy.k +++ b/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client_group_policy.k @@ -7,7 +7,7 @@ import k8s.apimachinery.pkg.apis.meta.v1 schema ClientGroupPolicy: r""" - ClientGroupPolicy is the Schema for the ClientGroupPolicys API. + ClientGroupPolicy is the Schema for the ClientGroupPolicys API. Attributes ---------- @@ -91,25 +91,25 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientGroupPolicySpecForProvider: Attributes ---------- decisionStrategy : str, default is Undefined, optional - decision strategy + The decision strategy, can be one of UNANIMOUS, AFFIRMATIVE, or CONSENSUS. description : str, default is Undefined, optional - description + A description for the authorization policy. groups : [OpenidclientKeycloakCrossplaneIoV1alpha1ClientGroupPolicySpecForProviderGroupsItems0], default is Undefined, optional - groups + A list of groups group. At least one group must be defined. groupsClaim : str, default is Undefined, optional - groups claim + The name of the claim in the token that contains the group information. logic : str, default is Undefined, optional - logic + The logic, can be one of POSITIVE or NEGATIVE. Defaults to POSITIVE. name : str, default is Undefined, optional - name + The name of the policy. realmId : str, default is Undefined, optional - realm Id + The realm this policy exists in. realmIdRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientGroupPolicySpecForProviderRealmIDRef, default is Undefined, optional realm Id ref realmIdSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientGroupPolicySpecForProviderRealmIDSelector, default is Undefined, optional realm Id selector resourceServerId : str, default is Undefined, optional - resource server Id + The ID of the resource server. resourceServerIdRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientGroupPolicySpecForProviderResourceServerIDRef, default is Undefined, optional resource server Id ref resourceServerIdSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientGroupPolicySpecForProviderResourceServerIDSelector, default is Undefined, optional @@ -149,15 +149,15 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientGroupPolicySpecForProviderG Attributes ---------- extendChildren : bool, default is Undefined, optional - extend children + When true, the policy will also apply to all child groups of this group. id : str, default is Undefined, optional - id + The ID of the group. idRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientGroupPolicySpecForProviderGroupsItems0IDRef, default is Undefined, optional id ref idSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientGroupPolicySpecForProviderGroupsItems0IDSelector, default is Undefined, optional id selector path : str, default is Undefined, optional - path + The path of the group. """ @@ -455,25 +455,25 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientGroupPolicySpecInitProvider Attributes ---------- decisionStrategy : str, default is Undefined, optional - decision strategy + The decision strategy, can be one of UNANIMOUS, AFFIRMATIVE, or CONSENSUS. description : str, default is Undefined, optional - description + A description for the authorization policy. groups : [OpenidclientKeycloakCrossplaneIoV1alpha1ClientGroupPolicySpecInitProviderGroupsItems0], default is Undefined, optional - groups + A list of groups group. At least one group must be defined. groupsClaim : str, default is Undefined, optional - groups claim + The name of the claim in the token that contains the group information. logic : str, default is Undefined, optional - logic + The logic, can be one of POSITIVE or NEGATIVE. Defaults to POSITIVE. name : str, default is Undefined, optional - name + The name of the policy. realmId : str, default is Undefined, optional - realm Id + The realm this policy exists in. realmIdRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientGroupPolicySpecInitProviderRealmIDRef, default is Undefined, optional realm Id ref realmIdSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientGroupPolicySpecInitProviderRealmIDSelector, default is Undefined, optional realm Id selector resourceServerId : str, default is Undefined, optional - resource server Id + The ID of the resource server. resourceServerIdRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientGroupPolicySpecInitProviderResourceServerIDRef, default is Undefined, optional resource server Id ref resourceServerIdSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientGroupPolicySpecInitProviderResourceServerIDSelector, default is Undefined, optional @@ -513,15 +513,15 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientGroupPolicySpecInitProvider Attributes ---------- extendChildren : bool, default is Undefined, optional - extend children + When true, the policy will also apply to all child groups of this group. id : str, default is Undefined, optional - id + The ID of the group. idRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientGroupPolicySpecInitProviderGroupsItems0IDRef, default is Undefined, optional id ref idSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientGroupPolicySpecInitProviderGroupsItems0IDSelector, default is Undefined, optional id selector path : str, default is Undefined, optional - path + The path of the group. """ @@ -899,23 +899,23 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientGroupPolicyStatusAtProvider Attributes ---------- decisionStrategy : str, default is Undefined, optional - decision strategy + The decision strategy, can be one of UNANIMOUS, AFFIRMATIVE, or CONSENSUS. description : str, default is Undefined, optional - description + A description for the authorization policy. groups : [OpenidclientKeycloakCrossplaneIoV1alpha1ClientGroupPolicyStatusAtProviderGroupsItems0], default is Undefined, optional - groups + A list of groups group. At least one group must be defined. groupsClaim : str, default is Undefined, optional - groups claim + The name of the claim in the token that contains the group information. id : str, default is Undefined, optional - id + The ID of the group. logic : str, default is Undefined, optional - logic + The logic, can be one of POSITIVE or NEGATIVE. Defaults to POSITIVE. name : str, default is Undefined, optional - name + The name of the policy. realmId : str, default is Undefined, optional - realm Id + The realm this policy exists in. resourceServerId : str, default is Undefined, optional - resource server Id + The ID of the resource server. """ @@ -945,11 +945,11 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientGroupPolicyStatusAtProvider Attributes ---------- extendChildren : bool, default is Undefined, optional - extend children + When true, the policy will also apply to all child groups of this group. id : str, default is Undefined, optional - id + The ID of the group. path : str, default is Undefined, optional - path + The path of the group. """ diff --git a/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client_role_policy.k b/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client_role_policy.k index dfa54446..51b62f07 100644 --- a/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client_role_policy.k +++ b/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client_role_policy.k @@ -7,7 +7,7 @@ import k8s.apimachinery.pkg.apis.meta.v1 schema ClientRolePolicy: r""" - ClientRolePolicy is the Schema for the ClientRolePolicys API. + ClientRolePolicy is the Schema for the ClientRolePolicys API. Attributes ---------- @@ -91,31 +91,31 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientRolePolicySpecForProvider: Attributes ---------- decisionStrategy : str, default is Undefined, optional - decision strategy + The decision strategy, can be one of UNANIMOUS, AFFIRMATIVE, or CONSENSUS. description : str, default is Undefined, optional - description + A description for the authorization policy. fetchRoles : bool, default is Undefined, optional - fetch roles + When true, roles will be fetched from the user's claims. Available in Keycloak 25+. logic : str, default is Undefined, optional - logic + The logic, can be one of POSITIVE or NEGATIVE. Defaults to POSITIVE. name : str, default is Undefined, optional - name + The name of the policy. realmId : str, default is Undefined, optional - realm Id + The realm this policy exists in. realmIdRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientRolePolicySpecForProviderRealmIDRef, default is Undefined, optional realm Id ref realmIdSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientRolePolicySpecForProviderRealmIDSelector, default is Undefined, optional realm Id selector resourceServerId : str, default is Undefined, optional - resource server Id + The ID of the resource server. resourceServerIdRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientRolePolicySpecForProviderResourceServerIDRef, default is Undefined, optional resource server Id ref resourceServerIdSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientRolePolicySpecForProviderResourceServerIDSelector, default is Undefined, optional resource server Id selector role : [OpenidclientKeycloakCrossplaneIoV1alpha1ClientRolePolicySpecForProviderRoleItems0], default is Undefined, optional - role + A list of roles role. At least one role must be defined. $type : str, default is Undefined, optional - type + The type of policy. Must be role. """ @@ -331,13 +331,13 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientRolePolicySpecForProviderRo Attributes ---------- id : str, default is Undefined, optional - id + The ID of the role. idRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientRolePolicySpecForProviderRoleItems0IDRef, default is Undefined, optional id ref idSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientRolePolicySpecForProviderRoleItems0IDSelector, default is Undefined, optional id selector required : bool, default is Undefined, optional - required + When true, this role must be present for the policy to grant access. """ @@ -455,31 +455,31 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientRolePolicySpecInitProvider: Attributes ---------- decisionStrategy : str, default is Undefined, optional - decision strategy + The decision strategy, can be one of UNANIMOUS, AFFIRMATIVE, or CONSENSUS. description : str, default is Undefined, optional - description + A description for the authorization policy. fetchRoles : bool, default is Undefined, optional - fetch roles + When true, roles will be fetched from the user's claims. Available in Keycloak 25+. logic : str, default is Undefined, optional - logic + The logic, can be one of POSITIVE or NEGATIVE. Defaults to POSITIVE. name : str, default is Undefined, optional - name + The name of the policy. realmId : str, default is Undefined, optional - realm Id + The realm this policy exists in. realmIdRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientRolePolicySpecInitProviderRealmIDRef, default is Undefined, optional realm Id ref realmIdSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientRolePolicySpecInitProviderRealmIDSelector, default is Undefined, optional realm Id selector resourceServerId : str, default is Undefined, optional - resource server Id + The ID of the resource server. resourceServerIdRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientRolePolicySpecInitProviderResourceServerIDRef, default is Undefined, optional resource server Id ref resourceServerIdSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientRolePolicySpecInitProviderResourceServerIDSelector, default is Undefined, optional resource server Id selector role : [OpenidclientKeycloakCrossplaneIoV1alpha1ClientRolePolicySpecInitProviderRoleItems0], default is Undefined, optional - role + A list of roles role. At least one role must be defined. $type : str, default is Undefined, optional - type + The type of policy. Must be role. """ @@ -695,13 +695,13 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientRolePolicySpecInitProviderR Attributes ---------- id : str, default is Undefined, optional - id + The ID of the role. idRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientRolePolicySpecInitProviderRoleItems0IDRef, default is Undefined, optional id ref idSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientRolePolicySpecInitProviderRoleItems0IDSelector, default is Undefined, optional id selector required : bool, default is Undefined, optional - required + When true, this role must be present for the policy to grant access. """ @@ -899,25 +899,25 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientRolePolicyStatusAtProvider: Attributes ---------- decisionStrategy : str, default is Undefined, optional - decision strategy + The decision strategy, can be one of UNANIMOUS, AFFIRMATIVE, or CONSENSUS. description : str, default is Undefined, optional - description + A description for the authorization policy. fetchRoles : bool, default is Undefined, optional - fetch roles + When true, roles will be fetched from the user's claims. Available in Keycloak 25+. id : str, default is Undefined, optional - id + The ID of the role. logic : str, default is Undefined, optional - logic + The logic, can be one of POSITIVE or NEGATIVE. Defaults to POSITIVE. name : str, default is Undefined, optional - name + The name of the policy. realmId : str, default is Undefined, optional - realm Id + The realm this policy exists in. resourceServerId : str, default is Undefined, optional - resource server Id + The ID of the resource server. role : [OpenidclientKeycloakCrossplaneIoV1alpha1ClientRolePolicyStatusAtProviderRoleItems0], default is Undefined, optional - role + A list of roles role. At least one role must be defined. $type : str, default is Undefined, optional - type + The type of policy. Must be role. """ @@ -949,9 +949,9 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientRolePolicyStatusAtProviderR Attributes ---------- id : str, default is Undefined, optional - id + The ID of the role. required : bool, default is Undefined, optional - required + When true, this role must be present for the policy to grant access. """ diff --git a/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client_scope.k b/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client_scope.k index 35c78e60..63a7d73b 100644 --- a/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client_scope.k +++ b/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client_scope.k @@ -94,10 +94,15 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientScopeSpecForProvider: When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. description : str, default is Undefined, optional The description of this client scope in the GUI. + extraConfig : {str:str}, default is Undefined, optional + A map of key/value pairs to add extra configuration attributes to this client scope. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates. + extra_config = { + "myattribute" = "myvalue" + } guiOrder : float, default is Undefined, optional Specify order of the client scope in GUI (such as in Consent page) as integer. includeInTokenScope : bool, default is Undefined, optional - When true, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. + When true, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. When false, this scope will be omitted from the token and from the Token Introspection Endpoint response. Defaults to true. name : str, default is Undefined, optional The display name of this client scope in the GUI. realmId : str, default is Undefined, optional @@ -113,6 +118,8 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientScopeSpecForProvider: description?: str + extraConfig?: {str:str} + guiOrder?: float includeInTokenScope?: bool @@ -234,10 +241,15 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientScopeSpecInitProvider: When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. description : str, default is Undefined, optional The description of this client scope in the GUI. + extraConfig : {str:str}, default is Undefined, optional + A map of key/value pairs to add extra configuration attributes to this client scope. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates. + extra_config = { + "myattribute" = "myvalue" + } guiOrder : float, default is Undefined, optional Specify order of the client scope in GUI (such as in Consent page) as integer. includeInTokenScope : bool, default is Undefined, optional - When true, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. + When true, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. When false, this scope will be omitted from the token and from the Token Introspection Endpoint response. Defaults to true. name : str, default is Undefined, optional The display name of this client scope in the GUI. realmId : str, default is Undefined, optional @@ -253,6 +265,8 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientScopeSpecInitProvider: description?: str + extraConfig?: {str:str} + guiOrder?: float includeInTokenScope?: bool @@ -454,12 +468,17 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientScopeStatusAtProvider: When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. description : str, default is Undefined, optional The description of this client scope in the GUI. + extraConfig : {str:str}, default is Undefined, optional + A map of key/value pairs to add extra configuration attributes to this client scope. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates. + extra_config = { + "myattribute" = "myvalue" + } guiOrder : float, default is Undefined, optional Specify order of the client scope in GUI (such as in Consent page) as integer. id : str, default is Undefined, optional id includeInTokenScope : bool, default is Undefined, optional - When true, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. + When true, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. When false, this scope will be omitted from the token and from the Token Introspection Endpoint response. Defaults to true. name : str, default is Undefined, optional The display name of this client scope in the GUI. realmId : str, default is Undefined, optional @@ -471,6 +490,8 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientScopeStatusAtProvider: description?: str + extraConfig?: {str:str} + guiOrder?: float id?: str diff --git a/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client_user_policy.k b/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client_user_policy.k index 47da8eb8..15902829 100644 --- a/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client_user_policy.k +++ b/crossplane_provider_keycloak/cluster/openidclient/v1alpha1/openidclient_keycloak_crossplane_io_v1alpha1_client_user_policy.k @@ -7,7 +7,7 @@ import k8s.apimachinery.pkg.apis.meta.v1 schema ClientUserPolicy: r""" - ClientUserPolicy is the Schema for the ClientUserPolicys API. + ClientUserPolicy is the Schema for the ClientUserPolicys API. Attributes ---------- @@ -91,27 +91,27 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientUserPolicySpecForProvider: Attributes ---------- decisionStrategy : str, default is Undefined, optional - decision strategy + The decision strategy, can be one of UNANIMOUS, AFFIRMATIVE, or CONSENSUS. description : str, default is Undefined, optional - description + A description for the authorization policy. logic : str, default is Undefined, optional - logic + The logic, can be one of POSITIVE or NEGATIVE. Defaults to POSITIVE. name : str, default is Undefined, optional - name + The name of the policy. realmId : str, default is Undefined, optional - realm Id + The realm this policy exists in. realmIdRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientUserPolicySpecForProviderRealmIDRef, default is Undefined, optional realm Id ref realmIdSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientUserPolicySpecForProviderRealmIDSelector, default is Undefined, optional realm Id selector resourceServerId : str, default is Undefined, optional - resource server Id + The ID of the resource server. resourceServerIdRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientUserPolicySpecForProviderResourceServerIDRef, default is Undefined, optional resource server Id ref resourceServerIdSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientUserPolicySpecForProviderResourceServerIDSelector, default is Undefined, optional resource server Id selector users : [str], default is Undefined, optional - users + A list of user IDs that this policy applies to. usersRefs : [OpenidclientKeycloakCrossplaneIoV1alpha1ClientUserPolicySpecForProviderUsersRefsItems0], default is Undefined, optional References to User in user to populate users. usersSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientUserPolicySpecForProviderUsersSelector, default is Undefined, optional @@ -429,27 +429,27 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientUserPolicySpecInitProvider: Attributes ---------- decisionStrategy : str, default is Undefined, optional - decision strategy + The decision strategy, can be one of UNANIMOUS, AFFIRMATIVE, or CONSENSUS. description : str, default is Undefined, optional - description + A description for the authorization policy. logic : str, default is Undefined, optional - logic + The logic, can be one of POSITIVE or NEGATIVE. Defaults to POSITIVE. name : str, default is Undefined, optional - name + The name of the policy. realmId : str, default is Undefined, optional - realm Id + The realm this policy exists in. realmIdRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientUserPolicySpecInitProviderRealmIDRef, default is Undefined, optional realm Id ref realmIdSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientUserPolicySpecInitProviderRealmIDSelector, default is Undefined, optional realm Id selector resourceServerId : str, default is Undefined, optional - resource server Id + The ID of the resource server. resourceServerIdRef : OpenidclientKeycloakCrossplaneIoV1alpha1ClientUserPolicySpecInitProviderResourceServerIDRef, default is Undefined, optional resource server Id ref resourceServerIdSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientUserPolicySpecInitProviderResourceServerIDSelector, default is Undefined, optional resource server Id selector users : [str], default is Undefined, optional - users + A list of user IDs that this policy applies to. usersRefs : [OpenidclientKeycloakCrossplaneIoV1alpha1ClientUserPolicySpecInitProviderUsersRefsItems0], default is Undefined, optional References to User in user to populate users. usersSelector : OpenidclientKeycloakCrossplaneIoV1alpha1ClientUserPolicySpecInitProviderUsersSelector, default is Undefined, optional @@ -847,21 +847,21 @@ schema OpenidclientKeycloakCrossplaneIoV1alpha1ClientUserPolicyStatusAtProvider: Attributes ---------- decisionStrategy : str, default is Undefined, optional - decision strategy + The decision strategy, can be one of UNANIMOUS, AFFIRMATIVE, or CONSENSUS. description : str, default is Undefined, optional - description + A description for the authorization policy. id : str, default is Undefined, optional - id + Policy ID representing the user policy. logic : str, default is Undefined, optional - logic + The logic, can be one of POSITIVE or NEGATIVE. Defaults to POSITIVE. name : str, default is Undefined, optional - name + The name of the policy. realmId : str, default is Undefined, optional - realm Id + The realm this policy exists in. resourceServerId : str, default is Undefined, optional - resource server Id + The ID of the resource server. users : [str], default is Undefined, optional - users + A list of user IDs that this policy applies to. """ diff --git a/crossplane_provider_keycloak/cluster/organization/v1alpha1/organization_keycloak_crossplane_io_v1alpha1_organization.k b/crossplane_provider_keycloak/cluster/organization/v1alpha1/organization_keycloak_crossplane_io_v1alpha1_organization.k index 1b484675..8e68935a 100644 --- a/crossplane_provider_keycloak/cluster/organization/v1alpha1/organization_keycloak_crossplane_io_v1alpha1_organization.k +++ b/crossplane_provider_keycloak/cluster/organization/v1alpha1/organization_keycloak_crossplane_io_v1alpha1_organization.k @@ -98,7 +98,7 @@ schema OrganizationKeycloakCrossplaneIoV1alpha1OrganizationSpecForProvider: description : str, default is Undefined, optional The description of the organization. domain : [OrganizationKeycloakCrossplaneIoV1alpha1OrganizationSpecForProviderDomainItems0], default is Undefined, optional - A list of domains. At least one domain is required. + A list of domains. enabled : bool, default is Undefined, optional Enable/disable this organization. name : str, default is Undefined, optional @@ -268,7 +268,7 @@ schema OrganizationKeycloakCrossplaneIoV1alpha1OrganizationSpecInitProvider: description : str, default is Undefined, optional The description of the organization. domain : [OrganizationKeycloakCrossplaneIoV1alpha1OrganizationSpecInitProviderDomainItems0], default is Undefined, optional - A list of domains. At least one domain is required. + A list of domains. enabled : bool, default is Undefined, optional Enable/disable this organization. name : str, default is Undefined, optional @@ -518,7 +518,7 @@ schema OrganizationKeycloakCrossplaneIoV1alpha1OrganizationStatusAtProvider: description : str, default is Undefined, optional The description of the organization. domain : [OrganizationKeycloakCrossplaneIoV1alpha1OrganizationStatusAtProviderDomainItems0], default is Undefined, optional - A list of domains. At least one domain is required. + A list of domains. enabled : bool, default is Undefined, optional Enable/disable this organization. id : str, default is Undefined, optional diff --git a/crossplane_provider_keycloak/cluster/realm/v1alpha1/realm_keycloak_crossplane_io_v1alpha1_keystore_rsa.k b/crossplane_provider_keycloak/cluster/realm/v1alpha1/realm_keycloak_crossplane_io_v1alpha1_keystore_rsa.k index ad28f246..64fd012f 100644 --- a/crossplane_provider_keycloak/cluster/realm/v1alpha1/realm_keycloak_crossplane_io_v1alpha1_keystore_rsa.k +++ b/crossplane_provider_keycloak/cluster/realm/v1alpha1/realm_keycloak_crossplane_io_v1alpha1_keystore_rsa.k @@ -101,6 +101,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1KeystoreRsaSpecForProvider: enabled : bool, default is Undefined, optional When false, key is not accessible in this realm. Defaults to true. Set if the keys are enabled + extraConfig : {str:str}, default is Undefined, optional + Map of additional provider configuration options passed through to the Keycloak component config. For RSA keystores this can include keys like kid. name : str, default is Undefined, optional Display name of provider when linked in admin console. Display name of provider when linked in admin console. @@ -129,6 +131,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1KeystoreRsaSpecForProvider: enabled?: bool + extraConfig?: {str:str} + name?: str priority?: float @@ -305,6 +309,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1KeystoreRsaSpecInitProvider: enabled : bool, default is Undefined, optional When false, key is not accessible in this realm. Defaults to true. Set if the keys are enabled + extraConfig : {str:str}, default is Undefined, optional + Map of additional provider configuration options passed through to the Keycloak component config. For RSA keystores this can include keys like kid. name : str, default is Undefined, optional Display name of provider when linked in admin console. Display name of provider when linked in admin console. @@ -333,6 +339,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1KeystoreRsaSpecInitProvider: enabled?: bool + extraConfig?: {str:str} + name?: str priority?: float @@ -587,6 +595,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1KeystoreRsaStatusAtProvider: enabled : bool, default is Undefined, optional When false, key is not accessible in this realm. Defaults to true. Set if the keys are enabled + extraConfig : {str:str}, default is Undefined, optional + Map of additional provider configuration options passed through to the Keycloak component config. For RSA keystores this can include keys like kid. id : str, default is Undefined, optional id name : str, default is Undefined, optional @@ -609,6 +619,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1KeystoreRsaStatusAtProvider: enabled?: bool + extraConfig?: {str:str} + id?: str name?: str diff --git a/crossplane_provider_keycloak/cluster/realm/v1alpha1/realm_keycloak_crossplane_io_v1alpha1_realm.k b/crossplane_provider_keycloak/cluster/realm/v1alpha1/realm_keycloak_crossplane_io_v1alpha1_realm.k index 7c054022..ee22550c 100644 --- a/crossplane_provider_keycloak/cluster/realm/v1alpha1/realm_keycloak_crossplane_io_v1alpha1_realm.k +++ b/crossplane_provider_keycloak/cluster/realm/v1alpha1/realm_keycloak_crossplane_io_v1alpha1_realm.k @@ -106,6 +106,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecForProvider: The maximum time a user has to use an admin-generated permit before it expires. actionTokenGeneratedByUserLifespan : str, default is Undefined, optional The maximum time a user has to use a user-generated permit before it expires. + adminPermissionsEnabled : bool, default is Undefined, optional + Enables the use of fine grained permissions v2 adminTheme : str, default is Undefined, optional Used for the admin console. attributes : {str:str}, default is Undefined, optional @@ -207,6 +209,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecForProvider: The maximum amount of time before a session expires regardless of activity. ssoSessionMaxLifespanRememberMe : str, default is Undefined, optional Similar to sso_session_max_lifespan, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of sso_session_max_lifespan. + terraformDeletionProtection : bool, default is Undefined, optional + When set to true, the realm cannot be deleted. Defaults to false. userManagedAccess : bool, default is Undefined, optional When true, users are allowed to manage their own resources. Defaults to false. verifyEmail : bool, default is Undefined, optional @@ -234,6 +238,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecForProvider: actionTokenGeneratedByUserLifespan?: str + adminPermissionsEnabled?: bool + adminTheme?: str attributes?: {str:str} @@ -326,6 +332,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecForProvider: ssoSessionMaxLifespanRememberMe?: str + terraformDeletionProtection?: bool + userManagedAccess?: bool verifyEmail?: bool @@ -395,8 +403,10 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0: Attributes ---------- + allowUtf8 : bool, default is Undefined, optional + allow Utf8 auth : [RealmKeycloakCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0AuthItems0], default is Undefined, optional - Enables authentication to the SMTP server. This block supports the following arguments: + Enables authentication to the SMTP server. Cannot be set alongside token_auth. This block supports the following arguments: envelopeFrom : str, default is Undefined, optional The email address uses for bounces. from : str, default is Undefined, optional @@ -415,9 +425,13 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0: When true, enables SSL. Defaults to false. starttls : bool, default is Undefined, optional When true, enables StartTLS. Defaults to false. + tokenAuth : [RealmKeycloakCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0TokenAuthItems0], default is Undefined, optional + Enables authentication to the SMTP server through OAUTH2. Cannot be set alongside auth. This block supports the following arguments: """ + allowUtf8?: bool + auth?: [RealmKeycloakCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0AuthItems0] envelopeFrom?: str @@ -438,6 +452,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0: starttls?: bool + tokenAuth?: [RealmKeycloakCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0TokenAuthItems0] + schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0AuthItems0: r""" @@ -479,6 +495,58 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0Auth namespace: str +schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0TokenAuthItems0: + r""" + realm keycloak crossplane io v1alpha1 realm spec for provider SMTP server items0 token auth items0 + + Attributes + ---------- + clientId : str, default is Undefined, optional + The auth token client ID. + clientSecretSecretRef : RealmKeycloakCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0TokenAuthItems0ClientSecretSecretRef, default is Undefined, optional + client secret secret ref + scope : str, default is Undefined, optional + The auth token scope. + url : str, default is Undefined, optional + The auth token URL. + username : str, default is Undefined, optional + The SMTP server username. + """ + + + clientId?: str + + clientSecretSecretRef?: RealmKeycloakCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0TokenAuthItems0ClientSecretSecretRef + + scope?: str + + url?: str + + username?: str + + +schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0TokenAuthItems0ClientSecretSecretRef: + r""" + The auth token client secret. + + Attributes + ---------- + key : str, default is Undefined, required + The key to select. + name : str, default is Undefined, required + Name of the secret. + namespace : str, default is Undefined, required + Namespace of the secret. + """ + + + key: str + + name: str + + namespace: str + + schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecForProviderSecurityDefensesItems0: r""" realm keycloak crossplane io v1alpha1 realm spec for provider security defenses items0 @@ -509,6 +577,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecForProviderSecurityDefensesItem max failure wait seconds maxLoginFailures : float, default is Undefined, optional How many failures before wait is triggered. + maxTemporaryLockouts : float, default is Undefined, optional + How many temporary lockouts are permitted before a user is permanently locked out. permanent_lockout needs to be true. Defaults to 0 minimumQuickLoginWaitSeconds : float, default is Undefined, optional How long to wait after a quick login failure. permanentLockout : bool, default is Undefined, optional @@ -526,6 +596,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecForProviderSecurityDefensesItem maxLoginFailures?: float + maxTemporaryLockouts?: float + minimumQuickLoginWaitSeconds?: float permanentLockout?: bool @@ -726,6 +798,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecInitProvider: The maximum time a user has to use an admin-generated permit before it expires. actionTokenGeneratedByUserLifespan : str, default is Undefined, optional The maximum time a user has to use a user-generated permit before it expires. + adminPermissionsEnabled : bool, default is Undefined, optional + Enables the use of fine grained permissions v2 adminTheme : str, default is Undefined, optional Used for the admin console. attributes : {str:str}, default is Undefined, optional @@ -827,6 +901,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecInitProvider: The maximum amount of time before a session expires regardless of activity. ssoSessionMaxLifespanRememberMe : str, default is Undefined, optional Similar to sso_session_max_lifespan, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of sso_session_max_lifespan. + terraformDeletionProtection : bool, default is Undefined, optional + When set to true, the realm cannot be deleted. Defaults to false. userManagedAccess : bool, default is Undefined, optional When true, users are allowed to manage their own resources. Defaults to false. verifyEmail : bool, default is Undefined, optional @@ -854,6 +930,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecInitProvider: actionTokenGeneratedByUserLifespan?: str + adminPermissionsEnabled?: bool + adminTheme?: str attributes?: {str:str} @@ -946,6 +1024,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecInitProvider: ssoSessionMaxLifespanRememberMe?: str + terraformDeletionProtection?: bool + userManagedAccess?: bool verifyEmail?: bool @@ -1015,8 +1095,10 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0: Attributes ---------- + allowUtf8 : bool, default is Undefined, optional + allow Utf8 auth : [RealmKeycloakCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0AuthItems0], default is Undefined, optional - Enables authentication to the SMTP server. This block supports the following arguments: + Enables authentication to the SMTP server. Cannot be set alongside token_auth. This block supports the following arguments: envelopeFrom : str, default is Undefined, optional The email address uses for bounces. from : str, default is Undefined, optional @@ -1035,9 +1117,13 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0: When true, enables SSL. Defaults to false. starttls : bool, default is Undefined, optional When true, enables StartTLS. Defaults to false. + tokenAuth : [RealmKeycloakCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0TokenAuthItems0], default is Undefined, optional + Enables authentication to the SMTP server through OAUTH2. Cannot be set alongside auth. This block supports the following arguments: """ + allowUtf8?: bool + auth?: [RealmKeycloakCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0AuthItems0] envelopeFrom?: str @@ -1058,6 +1144,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0: starttls?: bool + tokenAuth?: [RealmKeycloakCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0TokenAuthItems0] + schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0AuthItems0: r""" @@ -1099,6 +1187,58 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0Aut namespace: str +schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0TokenAuthItems0: + r""" + realm keycloak crossplane io v1alpha1 realm spec init provider SMTP server items0 token auth items0 + + Attributes + ---------- + clientId : str, default is Undefined, optional + The auth token client ID. + clientSecretSecretRef : RealmKeycloakCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0TokenAuthItems0ClientSecretSecretRef, default is Undefined, required + client secret secret ref + scope : str, default is Undefined, optional + The auth token scope. + url : str, default is Undefined, optional + The auth token URL. + username : str, default is Undefined, optional + The SMTP server username. + """ + + + clientId?: str + + clientSecretSecretRef: RealmKeycloakCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0TokenAuthItems0ClientSecretSecretRef + + scope?: str + + url?: str + + username?: str + + +schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0TokenAuthItems0ClientSecretSecretRef: + r""" + The auth token client secret. + + Attributes + ---------- + key : str, default is Undefined, required + The key to select. + name : str, default is Undefined, required + Name of the secret. + namespace : str, default is Undefined, required + Namespace of the secret. + """ + + + key: str + + name: str + + namespace: str + + schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecInitProviderSecurityDefensesItems0: r""" realm keycloak crossplane io v1alpha1 realm spec init provider security defenses items0 @@ -1129,6 +1269,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecInitProviderSecurityDefensesIte max failure wait seconds maxLoginFailures : float, default is Undefined, optional How many failures before wait is triggered. + maxTemporaryLockouts : float, default is Undefined, optional + How many temporary lockouts are permitted before a user is permanently locked out. permanent_lockout needs to be true. Defaults to 0 minimumQuickLoginWaitSeconds : float, default is Undefined, optional How long to wait after a quick login failure. permanentLockout : bool, default is Undefined, optional @@ -1146,6 +1288,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmSpecInitProviderSecurityDefensesIte maxLoginFailures?: float + maxTemporaryLockouts?: float + minimumQuickLoginWaitSeconds?: float permanentLockout?: bool @@ -1426,6 +1570,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmStatusAtProvider: The maximum time a user has to use an admin-generated permit before it expires. actionTokenGeneratedByUserLifespan : str, default is Undefined, optional The maximum time a user has to use a user-generated permit before it expires. + adminPermissionsEnabled : bool, default is Undefined, optional + Enables the use of fine grained permissions v2 adminTheme : str, default is Undefined, optional Used for the admin console. attributes : {str:str}, default is Undefined, optional @@ -1529,6 +1675,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmStatusAtProvider: The maximum amount of time before a session expires regardless of activity. ssoSessionMaxLifespanRememberMe : str, default is Undefined, optional Similar to sso_session_max_lifespan, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of sso_session_max_lifespan. + terraformDeletionProtection : bool, default is Undefined, optional + When set to true, the realm cannot be deleted. Defaults to false. userManagedAccess : bool, default is Undefined, optional When true, users are allowed to manage their own resources. Defaults to false. verifyEmail : bool, default is Undefined, optional @@ -1556,6 +1704,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmStatusAtProvider: actionTokenGeneratedByUserLifespan?: str + adminPermissionsEnabled?: bool + adminTheme?: str attributes?: {str:str} @@ -1650,6 +1800,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmStatusAtProvider: ssoSessionMaxLifespanRememberMe?: str + terraformDeletionProtection?: bool + userManagedAccess?: bool verifyEmail?: bool @@ -1719,8 +1871,10 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmStatusAtProviderSMTPServerItems0: Attributes ---------- + allowUtf8 : bool, default is Undefined, optional + allow Utf8 auth : [RealmKeycloakCrossplaneIoV1alpha1RealmStatusAtProviderSMTPServerItems0AuthItems0], default is Undefined, optional - Enables authentication to the SMTP server. This block supports the following arguments: + Enables authentication to the SMTP server. Cannot be set alongside token_auth. This block supports the following arguments: envelopeFrom : str, default is Undefined, optional The email address uses for bounces. from : str, default is Undefined, optional @@ -1739,9 +1893,13 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmStatusAtProviderSMTPServerItems0: When true, enables SSL. Defaults to false. starttls : bool, default is Undefined, optional When true, enables StartTLS. Defaults to false. + tokenAuth : [RealmKeycloakCrossplaneIoV1alpha1RealmStatusAtProviderSMTPServerItems0TokenAuthItems0], default is Undefined, optional + Enables authentication to the SMTP server through OAUTH2. Cannot be set alongside auth. This block supports the following arguments: """ + allowUtf8?: bool + auth?: [RealmKeycloakCrossplaneIoV1alpha1RealmStatusAtProviderSMTPServerItems0AuthItems0] envelopeFrom?: str @@ -1762,6 +1920,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmStatusAtProviderSMTPServerItems0: starttls?: bool + tokenAuth?: [RealmKeycloakCrossplaneIoV1alpha1RealmStatusAtProviderSMTPServerItems0TokenAuthItems0] + schema RealmKeycloakCrossplaneIoV1alpha1RealmStatusAtProviderSMTPServerItems0AuthItems0: r""" @@ -1777,6 +1937,32 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmStatusAtProviderSMTPServerItems0Aut username?: str +schema RealmKeycloakCrossplaneIoV1alpha1RealmStatusAtProviderSMTPServerItems0TokenAuthItems0: + r""" + realm keycloak crossplane io v1alpha1 realm status at provider SMTP server items0 token auth items0 + + Attributes + ---------- + clientId : str, default is Undefined, optional + The auth token client ID. + scope : str, default is Undefined, optional + The auth token scope. + url : str, default is Undefined, optional + The auth token URL. + username : str, default is Undefined, optional + The SMTP server username. + """ + + + clientId?: str + + scope?: str + + url?: str + + username?: str + + schema RealmKeycloakCrossplaneIoV1alpha1RealmStatusAtProviderSecurityDefensesItems0: r""" realm keycloak crossplane io v1alpha1 realm status at provider security defenses items0 @@ -1807,6 +1993,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmStatusAtProviderSecurityDefensesIte max failure wait seconds maxLoginFailures : float, default is Undefined, optional How many failures before wait is triggered. + maxTemporaryLockouts : float, default is Undefined, optional + How many temporary lockouts are permitted before a user is permanently locked out. permanent_lockout needs to be true. Defaults to 0 minimumQuickLoginWaitSeconds : float, default is Undefined, optional How long to wait after a quick login failure. permanentLockout : bool, default is Undefined, optional @@ -1824,6 +2012,8 @@ schema RealmKeycloakCrossplaneIoV1alpha1RealmStatusAtProviderSecurityDefensesIte maxLoginFailures?: float + maxTemporaryLockouts?: float + minimumQuickLoginWaitSeconds?: float permanentLockout?: bool diff --git a/crossplane_provider_keycloak/cluster/realm/v1alpha1/realm_keycloak_crossplane_io_v1alpha1_required_action.k b/crossplane_provider_keycloak/cluster/realm/v1alpha1/realm_keycloak_crossplane_io_v1alpha1_required_action.k index 8d1f910a..bc2055c6 100644 --- a/crossplane_provider_keycloak/cluster/realm/v1alpha1/realm_keycloak_crossplane_io_v1alpha1_required_action.k +++ b/crossplane_provider_keycloak/cluster/realm/v1alpha1/realm_keycloak_crossplane_io_v1alpha1_required_action.k @@ -91,7 +91,7 @@ schema RealmKeycloakCrossplaneIoV1alpha1RequiredActionSpecForProvider: Attributes ---------- alias : str, default is Undefined, optional - The alias of the action to attach as a required action. + The alias of the action to attach as a required action. Case sensitive. config : {str:str}, default is Undefined, optional The configuration. Keys are specific to each configurable required action and not checked when applying. defaultAction : bool, default is Undefined, optional @@ -99,9 +99,9 @@ schema RealmKeycloakCrossplaneIoV1alpha1RequiredActionSpecForProvider: enabled : bool, default is Undefined, optional When false, the required action is not enabled for new users. Defaults to false. name : str, default is Undefined, optional - The name of the required action. + The name of the required action to use in the UI. priority : float, default is Undefined, optional - The priority of the required action. + An integer to specify the running order of required actions with lower numbers meaning higher precedence. realmId : str, default is Undefined, optional The realm the required action exists in. realmIdRef : RealmKeycloakCrossplaneIoV1alpha1RequiredActionSpecForProviderRealmIDRef, default is Undefined, optional @@ -235,7 +235,7 @@ schema RealmKeycloakCrossplaneIoV1alpha1RequiredActionSpecInitProvider: Attributes ---------- alias : str, default is Undefined, optional - The alias of the action to attach as a required action. + The alias of the action to attach as a required action. Case sensitive. config : {str:str}, default is Undefined, optional The configuration. Keys are specific to each configurable required action and not checked when applying. defaultAction : bool, default is Undefined, optional @@ -243,9 +243,9 @@ schema RealmKeycloakCrossplaneIoV1alpha1RequiredActionSpecInitProvider: enabled : bool, default is Undefined, optional When false, the required action is not enabled for new users. Defaults to false. name : str, default is Undefined, optional - The name of the required action. + The name of the required action to use in the UI. priority : float, default is Undefined, optional - The priority of the required action. + An integer to specify the running order of required actions with lower numbers meaning higher precedence. realmId : str, default is Undefined, optional The realm the required action exists in. realmIdRef : RealmKeycloakCrossplaneIoV1alpha1RequiredActionSpecInitProviderRealmIDRef, default is Undefined, optional @@ -459,7 +459,7 @@ schema RealmKeycloakCrossplaneIoV1alpha1RequiredActionStatusAtProvider: Attributes ---------- alias : str, default is Undefined, optional - The alias of the action to attach as a required action. + The alias of the action to attach as a required action. Case sensitive. config : {str:str}, default is Undefined, optional The configuration. Keys are specific to each configurable required action and not checked when applying. defaultAction : bool, default is Undefined, optional @@ -469,9 +469,9 @@ schema RealmKeycloakCrossplaneIoV1alpha1RequiredActionStatusAtProvider: id : str, default is Undefined, optional id name : str, default is Undefined, optional - The name of the required action. + The name of the required action to use in the UI. priority : float, default is Undefined, optional - The priority of the required action. + An integer to specify the running order of required actions with lower numbers meaning higher precedence. realmId : str, default is Undefined, optional The realm the required action exists in. """ diff --git a/crossplane_provider_keycloak/cluster/role/v1alpha1/role_keycloak_crossplane_io_v1alpha1_role.k b/crossplane_provider_keycloak/cluster/role/v1alpha1/role_keycloak_crossplane_io_v1alpha1_role.k index 8e15e7c9..288e951a 100644 --- a/crossplane_provider_keycloak/cluster/role/v1alpha1/role_keycloak_crossplane_io_v1alpha1_role.k +++ b/crossplane_provider_keycloak/cluster/role/v1alpha1/role_keycloak_crossplane_io_v1alpha1_role.k @@ -116,6 +116,12 @@ schema RoleKeycloakCrossplaneIoV1alpha1RoleSpecForProvider: realm Id ref realmIdSelector : RoleKeycloakCrossplaneIoV1alpha1RoleSpecForProviderRealmIDSelector, default is Undefined, optional realm Id selector + samlClientId : str, default is Undefined, optional + When specified, this role will be created as a client role attached to the client with the provided ID + samlClientIdRef : RoleKeycloakCrossplaneIoV1alpha1RoleSpecForProviderSamlClientIDRef, default is Undefined, optional + saml client Id ref + samlClientIdSelector : RoleKeycloakCrossplaneIoV1alpha1RoleSpecForProviderSamlClientIDSelector, default is Undefined, optional + saml client Id selector """ @@ -145,6 +151,12 @@ schema RoleKeycloakCrossplaneIoV1alpha1RoleSpecForProvider: realmIdSelector?: RoleKeycloakCrossplaneIoV1alpha1RoleSpecForProviderRealmIDSelector + samlClientId?: str + + samlClientIdRef?: RoleKeycloakCrossplaneIoV1alpha1RoleSpecForProviderSamlClientIDRef + + samlClientIdSelector?: RoleKeycloakCrossplaneIoV1alpha1RoleSpecForProviderSamlClientIDSelector + schema RoleKeycloakCrossplaneIoV1alpha1RoleSpecForProviderClientIDRef: r""" @@ -413,6 +425,95 @@ schema RoleKeycloakCrossplaneIoV1alpha1RoleSpecForProviderRealmIDSelectorPolicy: resolve?: "Always" | "IfNotPresent" +schema RoleKeycloakCrossplaneIoV1alpha1RoleSpecForProviderSamlClientIDRef: + r""" + Reference to a Client in samlclient to populate samlClientId. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + policy : RoleKeycloakCrossplaneIoV1alpha1RoleSpecForProviderSamlClientIDRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + policy?: RoleKeycloakCrossplaneIoV1alpha1RoleSpecForProviderSamlClientIDRefPolicy + + +schema RoleKeycloakCrossplaneIoV1alpha1RoleSpecForProviderSamlClientIDRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema RoleKeycloakCrossplaneIoV1alpha1RoleSpecForProviderSamlClientIDSelector: + r""" + Selector for a Client in samlclient to populate samlClientId. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + policy : RoleKeycloakCrossplaneIoV1alpha1RoleSpecForProviderSamlClientIDSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + policy?: RoleKeycloakCrossplaneIoV1alpha1RoleSpecForProviderSamlClientIDSelectorPolicy + + +schema RoleKeycloakCrossplaneIoV1alpha1RoleSpecForProviderSamlClientIDSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + schema RoleKeycloakCrossplaneIoV1alpha1RoleSpecInitProvider: r""" THIS IS A BETA FIELD. It will be honored @@ -454,6 +555,12 @@ schema RoleKeycloakCrossplaneIoV1alpha1RoleSpecInitProvider: realm Id ref realmIdSelector : RoleKeycloakCrossplaneIoV1alpha1RoleSpecInitProviderRealmIDSelector, default is Undefined, optional realm Id selector + samlClientId : str, default is Undefined, optional + When specified, this role will be created as a client role attached to the client with the provided ID + samlClientIdRef : RoleKeycloakCrossplaneIoV1alpha1RoleSpecInitProviderSamlClientIDRef, default is Undefined, optional + saml client Id ref + samlClientIdSelector : RoleKeycloakCrossplaneIoV1alpha1RoleSpecInitProviderSamlClientIDSelector, default is Undefined, optional + saml client Id selector """ @@ -483,6 +590,12 @@ schema RoleKeycloakCrossplaneIoV1alpha1RoleSpecInitProvider: realmIdSelector?: RoleKeycloakCrossplaneIoV1alpha1RoleSpecInitProviderRealmIDSelector + samlClientId?: str + + samlClientIdRef?: RoleKeycloakCrossplaneIoV1alpha1RoleSpecInitProviderSamlClientIDRef + + samlClientIdSelector?: RoleKeycloakCrossplaneIoV1alpha1RoleSpecInitProviderSamlClientIDSelector + schema RoleKeycloakCrossplaneIoV1alpha1RoleSpecInitProviderClientIDRef: r""" @@ -751,6 +864,95 @@ schema RoleKeycloakCrossplaneIoV1alpha1RoleSpecInitProviderRealmIDSelectorPolicy resolve?: "Always" | "IfNotPresent" +schema RoleKeycloakCrossplaneIoV1alpha1RoleSpecInitProviderSamlClientIDRef: + r""" + Reference to a Client in samlclient to populate samlClientId. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + policy : RoleKeycloakCrossplaneIoV1alpha1RoleSpecInitProviderSamlClientIDRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + policy?: RoleKeycloakCrossplaneIoV1alpha1RoleSpecInitProviderSamlClientIDRefPolicy + + +schema RoleKeycloakCrossplaneIoV1alpha1RoleSpecInitProviderSamlClientIDRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema RoleKeycloakCrossplaneIoV1alpha1RoleSpecInitProviderSamlClientIDSelector: + r""" + Selector for a Client in samlclient to populate samlClientId. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + policy : RoleKeycloakCrossplaneIoV1alpha1RoleSpecInitProviderSamlClientIDSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + policy?: RoleKeycloakCrossplaneIoV1alpha1RoleSpecInitProviderSamlClientIDSelectorPolicy + + +schema RoleKeycloakCrossplaneIoV1alpha1RoleSpecInitProviderSamlClientIDSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + schema RoleKeycloakCrossplaneIoV1alpha1RoleSpecProviderConfigRef: r""" ProviderConfigReference specifies how the provider that will be used to @@ -862,6 +1064,8 @@ schema RoleKeycloakCrossplaneIoV1alpha1RoleStatusAtProvider: The name of the role realmId : str, default is Undefined, optional The realm this role exists within. + samlClientId : str, default is Undefined, optional + When specified, this role will be created as a client role attached to the client with the provided ID """ @@ -881,6 +1085,8 @@ schema RoleKeycloakCrossplaneIoV1alpha1RoleStatusAtProvider: realmId?: str + samlClientId?: str + schema RoleKeycloakCrossplaneIoV1alpha1RoleStatusConditionsItems0: r""" diff --git a/crossplane_provider_keycloak/cluster/saml/v1alpha1/saml_keycloak_crossplane_io_v1alpha1_identity_provider.k b/crossplane_provider_keycloak/cluster/saml/v1alpha1/saml_keycloak_crossplane_io_v1alpha1_identity_provider.k index ca60f0b4..c482ffd2 100644 --- a/crossplane_provider_keycloak/cluster/saml/v1alpha1/saml_keycloak_crossplane_io_v1alpha1_identity_provider.k +++ b/crossplane_provider_keycloak/cluster/saml/v1alpha1/saml_keycloak_crossplane_io_v1alpha1_identity_provider.k @@ -211,6 +211,9 @@ schema SamlKeycloakCrossplaneIoV1alpha1IdentityProviderSpecForProvider: wantAssertionsSigned : bool, default is Undefined, optional Indicates whether this service provider expects a signed Assertion. Want Assertions Signed. + wantAuthnRequestsSigned : bool, default is Undefined, optional + Indicates whether this service provider expects authentication requests to be signed (defaults to true if signature_algorithm is set and this isn't). + Want Authn Requests Signed. xmlSignKeyInfoKeyNameTransformer : str, default is Undefined, optional The SAML signature key name. Can be one of NONE, KEY_ID, or CERT_SUBJECT. Sign Key Transformer. @@ -303,6 +306,8 @@ schema SamlKeycloakCrossplaneIoV1alpha1IdentityProviderSpecForProvider: wantAssertionsSigned?: bool + wantAuthnRequestsSigned?: bool + xmlSignKeyInfoKeyNameTransformer?: str @@ -620,6 +625,9 @@ schema SamlKeycloakCrossplaneIoV1alpha1IdentityProviderSpecInitProvider: wantAssertionsSigned : bool, default is Undefined, optional Indicates whether this service provider expects a signed Assertion. Want Assertions Signed. + wantAuthnRequestsSigned : bool, default is Undefined, optional + Indicates whether this service provider expects authentication requests to be signed (defaults to true if signature_algorithm is set and this isn't). + Want Authn Requests Signed. xmlSignKeyInfoKeyNameTransformer : str, default is Undefined, optional The SAML signature key name. Can be one of NONE, KEY_ID, or CERT_SUBJECT. Sign Key Transformer. @@ -712,6 +720,8 @@ schema SamlKeycloakCrossplaneIoV1alpha1IdentityProviderSpecInitProvider: wantAssertionsSigned?: bool + wantAuthnRequestsSigned?: bool + xmlSignKeyInfoKeyNameTransformer?: str @@ -1105,6 +1115,9 @@ schema SamlKeycloakCrossplaneIoV1alpha1IdentityProviderStatusAtProvider: wantAssertionsSigned : bool, default is Undefined, optional Indicates whether this service provider expects a signed Assertion. Want Assertions Signed. + wantAuthnRequestsSigned : bool, default is Undefined, optional + Indicates whether this service provider expects authentication requests to be signed (defaults to true if signature_algorithm is set and this isn't). + Want Authn Requests Signed. xmlSignKeyInfoKeyNameTransformer : str, default is Undefined, optional The SAML signature key name. Can be one of NONE, KEY_ID, or CERT_SUBJECT. Sign Key Transformer. @@ -1193,6 +1206,8 @@ schema SamlKeycloakCrossplaneIoV1alpha1IdentityProviderStatusAtProvider: wantAssertionsSigned?: bool + wantAuthnRequestsSigned?: bool + xmlSignKeyInfoKeyNameTransformer?: str diff --git a/crossplane_provider_keycloak/cluster/samlclient/v1alpha1/samlclient_keycloak_crossplane_io_v1alpha1_client.k b/crossplane_provider_keycloak/cluster/samlclient/v1alpha1/samlclient_keycloak_crossplane_io_v1alpha1_client.k index e55f0c28..e184766d 100644 --- a/crossplane_provider_keycloak/cluster/samlclient/v1alpha1/samlclient_keycloak_crossplane_io_v1alpha1_client.k +++ b/crossplane_provider_keycloak/cluster/samlclient/v1alpha1/samlclient_keycloak_crossplane_io_v1alpha1_client.k @@ -104,10 +104,6 @@ schema SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecForProvider: The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". clientId : str, default is Undefined, optional The unique ID of this client, referenced in the URI during authentication and in issued tokens. - clientIdRef : SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderClientIDRef, default is Undefined, optional - client Id ref - clientIdSelector : SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderClientIDSelector, default is Undefined, optional - client Id selector clientSignatureRequired : bool, default is Undefined, optional When true, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via signing_certificate and signing_private_key. Defaults to true. consentRequired : bool, default is Undefined, optional @@ -118,8 +114,16 @@ schema SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecForProvider: When false, this client will not be able to initiate a login or obtain access tokens. Defaults to true. encryptAssertions : bool, default is Undefined, optional When true, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to false. + encryptionAlgorithm : str, default is Undefined, optional + Algorithm used to encrypt SAML assertions. Allowed values: AES_256_GCM, AES_192_GCM, AES_128_GCM, AES_256_CBC, AES_192_CBC, or AES_128_CBC. encryptionCertificateSecretRef : SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderEncryptionCertificateSecretRef, default is Undefined, optional encryption certificate secret ref + encryptionDigestMethod : str, default is Undefined, optional + Digest method used with SAML encryption. Allowed values: SHA-512, SHA-256, or SHA-1. Only valid when encryption_key_algorithm is RSA-OAEP-11 or RSA-OAEP-MGF1P. Default is SHA-256. + encryptionKeyAlgorithm : str, default is Undefined, optional + Key transport algorithm used by the client to encrypt the secret key for SAML assertion encryption. Allowed values: RSA-OAEP-11, RSA-OAEP-MGF1P, or RSA1_5. Default is RSA-OAEP-11. + encryptionMaskGenerationFunction : str, default is Undefined, optional + Mask generation function used with SAML encryption. Allowed values: mgf1sha1, mgf1sha224, mgf1sha256, mgf1sha384, or mgf1sha512. Only valid when encryption_key_algorithm is RSA-OAEP-11. Default is mgf1sha256. extraConfig : {str:str}, default is Undefined, optional A map of key/value pairs to add extra configuration attributes to this client. Use this attribute at your own risk, as s may conflict with top-level configuration attributes in future provider updates. forceNameIdFormat : bool, default is Undefined, optional @@ -187,10 +191,6 @@ schema SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecForProvider: clientId?: str - clientIdRef?: SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderClientIDRef - - clientIdSelector?: SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderClientIDSelector - clientSignatureRequired?: bool consentRequired?: bool @@ -201,8 +201,16 @@ schema SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecForProvider: encryptAssertions?: bool + encryptionAlgorithm?: str + encryptionCertificateSecretRef?: SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderEncryptionCertificateSecretRef + encryptionDigestMethod?: str + + encryptionKeyAlgorithm?: str + + encryptionMaskGenerationFunction?: str + extraConfig?: {str:str} forceNameIdFormat?: bool @@ -272,95 +280,6 @@ schema SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderAuthentication directGrantId?: str -schema SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderClientIDRef: - r""" - Reference to a Client in openidclient to populate clientId. - - Attributes - ---------- - name : str, default is Undefined, required - Name of the referenced object. - policy : SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderClientIDRefPolicy, default is Undefined, optional - policy - """ - - - name: str - - policy?: SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderClientIDRefPolicy - - -schema SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderClientIDRefPolicy: - r""" - Policies for referencing. - - Attributes - ---------- - resolution : str, default is "Required", optional - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - resolve : str, default is Undefined, optional - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - """ - - - resolution?: "Required" | "Optional" = "Required" - - resolve?: "Always" | "IfNotPresent" - - -schema SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderClientIDSelector: - r""" - Selector for a Client in openidclient to populate clientId. - - Attributes - ---------- - matchControllerRef : bool, default is Undefined, optional - MatchControllerRef ensures an object with the same controller reference - as the selecting object is selected. - matchLabels : {str:str}, default is Undefined, optional - MatchLabels ensures an object with matching labels is selected. - policy : SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderClientIDSelectorPolicy, default is Undefined, optional - policy - """ - - - matchControllerRef?: bool - - matchLabels?: {str:str} - - policy?: SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderClientIDSelectorPolicy - - -schema SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderClientIDSelectorPolicy: - r""" - Policies for selection. - - Attributes - ---------- - resolution : str, default is "Required", optional - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - resolve : str, default is Undefined, optional - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - """ - - - resolution?: "Required" | "Optional" = "Required" - - resolve?: "Always" | "IfNotPresent" - - schema SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecForProviderEncryptionCertificateSecretRef: r""" If assertions for the client are encrypted, this certificate will be used for encryption. @@ -545,10 +464,6 @@ schema SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProvider: The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". clientId : str, default is Undefined, optional The unique ID of this client, referenced in the URI during authentication and in issued tokens. - clientIdRef : SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderClientIDRef, default is Undefined, optional - client Id ref - clientIdSelector : SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderClientIDSelector, default is Undefined, optional - client Id selector clientSignatureRequired : bool, default is Undefined, optional When true, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via signing_certificate and signing_private_key. Defaults to true. consentRequired : bool, default is Undefined, optional @@ -559,8 +474,16 @@ schema SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProvider: When false, this client will not be able to initiate a login or obtain access tokens. Defaults to true. encryptAssertions : bool, default is Undefined, optional When true, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to false. + encryptionAlgorithm : str, default is Undefined, optional + Algorithm used to encrypt SAML assertions. Allowed values: AES_256_GCM, AES_192_GCM, AES_128_GCM, AES_256_CBC, AES_192_CBC, or AES_128_CBC. encryptionCertificateSecretRef : SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderEncryptionCertificateSecretRef, default is Undefined, optional encryption certificate secret ref + encryptionDigestMethod : str, default is Undefined, optional + Digest method used with SAML encryption. Allowed values: SHA-512, SHA-256, or SHA-1. Only valid when encryption_key_algorithm is RSA-OAEP-11 or RSA-OAEP-MGF1P. Default is SHA-256. + encryptionKeyAlgorithm : str, default is Undefined, optional + Key transport algorithm used by the client to encrypt the secret key for SAML assertion encryption. Allowed values: RSA-OAEP-11, RSA-OAEP-MGF1P, or RSA1_5. Default is RSA-OAEP-11. + encryptionMaskGenerationFunction : str, default is Undefined, optional + Mask generation function used with SAML encryption. Allowed values: mgf1sha1, mgf1sha224, mgf1sha256, mgf1sha384, or mgf1sha512. Only valid when encryption_key_algorithm is RSA-OAEP-11. Default is mgf1sha256. extraConfig : {str:str}, default is Undefined, optional A map of key/value pairs to add extra configuration attributes to this client. Use this attribute at your own risk, as s may conflict with top-level configuration attributes in future provider updates. forceNameIdFormat : bool, default is Undefined, optional @@ -628,10 +551,6 @@ schema SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProvider: clientId?: str - clientIdRef?: SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderClientIDRef - - clientIdSelector?: SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderClientIDSelector - clientSignatureRequired?: bool consentRequired?: bool @@ -642,8 +561,16 @@ schema SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProvider: encryptAssertions?: bool + encryptionAlgorithm?: str + encryptionCertificateSecretRef?: SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderEncryptionCertificateSecretRef + encryptionDigestMethod?: str + + encryptionKeyAlgorithm?: str + + encryptionMaskGenerationFunction?: str + extraConfig?: {str:str} forceNameIdFormat?: bool @@ -713,95 +640,6 @@ schema SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderAuthenticatio directGrantId?: str -schema SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderClientIDRef: - r""" - Reference to a Client in openidclient to populate clientId. - - Attributes - ---------- - name : str, default is Undefined, required - Name of the referenced object. - policy : SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderClientIDRefPolicy, default is Undefined, optional - policy - """ - - - name: str - - policy?: SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderClientIDRefPolicy - - -schema SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderClientIDRefPolicy: - r""" - Policies for referencing. - - Attributes - ---------- - resolution : str, default is "Required", optional - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - resolve : str, default is Undefined, optional - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - """ - - - resolution?: "Required" | "Optional" = "Required" - - resolve?: "Always" | "IfNotPresent" - - -schema SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderClientIDSelector: - r""" - Selector for a Client in openidclient to populate clientId. - - Attributes - ---------- - matchControllerRef : bool, default is Undefined, optional - MatchControllerRef ensures an object with the same controller reference - as the selecting object is selected. - matchLabels : {str:str}, default is Undefined, optional - MatchLabels ensures an object with matching labels is selected. - policy : SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderClientIDSelectorPolicy, default is Undefined, optional - policy - """ - - - matchControllerRef?: bool - - matchLabels?: {str:str} - - policy?: SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderClientIDSelectorPolicy - - -schema SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderClientIDSelectorPolicy: - r""" - Policies for selection. - - Attributes - ---------- - resolution : str, default is "Required", optional - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - resolve : str, default is Undefined, optional - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - """ - - - resolution?: "Required" | "Optional" = "Required" - - resolve?: "Always" | "IfNotPresent" - - schema SamlclientKeycloakCrossplaneIoV1alpha1ClientSpecInitProviderEncryptionCertificateSecretRef: r""" If assertions for the client are encrypted, this certificate will be used for encryption. @@ -1076,8 +914,16 @@ schema SamlclientKeycloakCrossplaneIoV1alpha1ClientStatusAtProvider: When false, this client will not be able to initiate a login or obtain access tokens. Defaults to true. encryptAssertions : bool, default is Undefined, optional When true, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to false. + encryptionAlgorithm : str, default is Undefined, optional + Algorithm used to encrypt SAML assertions. Allowed values: AES_256_GCM, AES_192_GCM, AES_128_GCM, AES_256_CBC, AES_192_CBC, or AES_128_CBC. encryptionCertificateSha1 : str, default is Undefined, optional (Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty. + encryptionDigestMethod : str, default is Undefined, optional + Digest method used with SAML encryption. Allowed values: SHA-512, SHA-256, or SHA-1. Only valid when encryption_key_algorithm is RSA-OAEP-11 or RSA-OAEP-MGF1P. Default is SHA-256. + encryptionKeyAlgorithm : str, default is Undefined, optional + Key transport algorithm used by the client to encrypt the secret key for SAML assertion encryption. Allowed values: RSA-OAEP-11, RSA-OAEP-MGF1P, or RSA1_5. Default is RSA-OAEP-11. + encryptionMaskGenerationFunction : str, default is Undefined, optional + Mask generation function used with SAML encryption. Allowed values: mgf1sha1, mgf1sha224, mgf1sha256, mgf1sha384, or mgf1sha512. Only valid when encryption_key_algorithm is RSA-OAEP-11. Default is mgf1sha256. extraConfig : {str:str}, default is Undefined, optional A map of key/value pairs to add extra configuration attributes to this client. Use this attribute at your own risk, as s may conflict with top-level configuration attributes in future provider updates. forceNameIdFormat : bool, default is Undefined, optional @@ -1153,8 +999,16 @@ schema SamlclientKeycloakCrossplaneIoV1alpha1ClientStatusAtProvider: encryptAssertions?: bool + encryptionAlgorithm?: str + encryptionCertificateSha1?: str + encryptionDigestMethod?: str + + encryptionKeyAlgorithm?: str + + encryptionMaskGenerationFunction?: str + extraConfig?: {str:str} forceNameIdFormat?: bool diff --git a/crossplane_provider_keycloak/cluster/samlclient/v1alpha1/samlclient_keycloak_crossplane_io_v1alpha1_client_scope.k b/crossplane_provider_keycloak/cluster/samlclient/v1alpha1/samlclient_keycloak_crossplane_io_v1alpha1_client_scope.k index 773378bc..fa80770e 100644 --- a/crossplane_provider_keycloak/cluster/samlclient/v1alpha1/samlclient_keycloak_crossplane_io_v1alpha1_client_scope.k +++ b/crossplane_provider_keycloak/cluster/samlclient/v1alpha1/samlclient_keycloak_crossplane_io_v1alpha1_client_scope.k @@ -94,6 +94,11 @@ schema SamlclientKeycloakCrossplaneIoV1alpha1ClientScopeSpecForProvider: When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. description : str, default is Undefined, optional The description of this client scope in the GUI. + extraConfig : {str:str}, default is Undefined, optional + A map of key/value pairs to add extra configuration attributes to this client scope. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates. + extra_config = { + "myattribute" = "myvalue" + } guiOrder : float, default is Undefined, optional Specify order of the client scope in GUI (such as in Consent page) as integer. name : str, default is Undefined, optional @@ -111,6 +116,8 @@ schema SamlclientKeycloakCrossplaneIoV1alpha1ClientScopeSpecForProvider: description?: str + extraConfig?: {str:str} + guiOrder?: float name?: str @@ -230,6 +237,11 @@ schema SamlclientKeycloakCrossplaneIoV1alpha1ClientScopeSpecInitProvider: When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. description : str, default is Undefined, optional The description of this client scope in the GUI. + extraConfig : {str:str}, default is Undefined, optional + A map of key/value pairs to add extra configuration attributes to this client scope. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates. + extra_config = { + "myattribute" = "myvalue" + } guiOrder : float, default is Undefined, optional Specify order of the client scope in GUI (such as in Consent page) as integer. name : str, default is Undefined, optional @@ -247,6 +259,8 @@ schema SamlclientKeycloakCrossplaneIoV1alpha1ClientScopeSpecInitProvider: description?: str + extraConfig?: {str:str} + guiOrder?: float name?: str @@ -446,6 +460,11 @@ schema SamlclientKeycloakCrossplaneIoV1alpha1ClientScopeStatusAtProvider: When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. description : str, default is Undefined, optional The description of this client scope in the GUI. + extraConfig : {str:str}, default is Undefined, optional + A map of key/value pairs to add extra configuration attributes to this client scope. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates. + extra_config = { + "myattribute" = "myvalue" + } guiOrder : float, default is Undefined, optional Specify order of the client scope in GUI (such as in Consent page) as integer. id : str, default is Undefined, optional @@ -461,6 +480,8 @@ schema SamlclientKeycloakCrossplaneIoV1alpha1ClientScopeStatusAtProvider: description?: str + extraConfig?: {str:str} + guiOrder?: float id?: str diff --git a/crossplane_provider_keycloak/cluster/v1beta1/keycloak_crossplane_io_v1beta1_provider_config.k b/crossplane_provider_keycloak/cluster/v1beta1/keycloak_crossplane_io_v1beta1_provider_config.k index ee3e0ac1..291233dd 100644 --- a/crossplane_provider_keycloak/cluster/v1beta1/keycloak_crossplane_io_v1beta1_provider_config.k +++ b/crossplane_provider_keycloak/cluster/v1beta1/keycloak_crossplane_io_v1beta1_provider_config.k @@ -73,7 +73,7 @@ schema KeycloakCrossplaneIoV1beta1ProviderConfigSpecCredentials: secretRef?: KeycloakCrossplaneIoV1beta1ProviderConfigSpecCredentialsSecretRef - source: "None" | "Secret" | "InjectedIdentity" | "Environment" | "Filesystem" | "Kubernetes" + source: "None" | "Secret" | "Environment" | "Filesystem" schema KeycloakCrossplaneIoV1beta1ProviderConfigSpecCredentialsEnv: diff --git a/crossplane_provider_keycloak/kcl.mod b/crossplane_provider_keycloak/kcl.mod index eba3621c..34be134c 100644 --- a/crossplane_provider_keycloak/kcl.mod +++ b/crossplane_provider_keycloak/kcl.mod @@ -1,7 +1,7 @@ [package] name = "crossplane_provider_keycloak" edition = "v0.11.0" -version = "2.7.2" +version = "2.16.0" [dependencies] k8s = "1.32.4" diff --git a/crossplane_provider_keycloak/namespaced/authenticationflow/v1alpha1/authenticationflow_keycloakm_crossplane_io_v1alpha1_execution.k b/crossplane_provider_keycloak/namespaced/authenticationflow/v1alpha1/authenticationflow_keycloakm_crossplane_io_v1alpha1_execution.k index 7c0c712a..8f638be4 100644 --- a/crossplane_provider_keycloak/namespaced/authenticationflow/v1alpha1/authenticationflow_keycloakm_crossplane_io_v1alpha1_execution.k +++ b/crossplane_provider_keycloak/namespaced/authenticationflow/v1alpha1/authenticationflow_keycloakm_crossplane_io_v1alpha1_execution.k @@ -84,6 +84,12 @@ schema AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecForProvider: parent flow alias ref parentFlowAliasSelector : AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecForProviderParentFlowAliasSelector, default is Undefined, optional parent flow alias selector + parentSubflowAlias : str, default is Undefined, optional + parent subflow alias + parentSubflowAliasRef : AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecForProviderParentSubflowAliasRef, default is Undefined, optional + parent subflow alias ref + parentSubflowAliasSelector : AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecForProviderParentSubflowAliasSelector, default is Undefined, optional + parent subflow alias selector priority : float, default is Undefined, optional The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). realmId : str, default is Undefined, optional @@ -105,6 +111,12 @@ schema AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecForProvider: parentFlowAliasSelector?: AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecForProviderParentFlowAliasSelector + parentSubflowAlias?: str + + parentSubflowAliasRef?: AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecForProviderParentSubflowAliasRef + + parentSubflowAliasSelector?: AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecForProviderParentSubflowAliasSelector + priority?: float realmId?: str @@ -213,6 +225,103 @@ schema AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecForProviderPa resolve?: "Always" | "IfNotPresent" +schema AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecForProviderParentSubflowAliasRef: + r""" + Reference to a Subflow in authenticationflow to populate parentSubflowAlias. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + namespace : str, default is Undefined, optional + Namespace of the referenced object + policy : AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecForProviderParentSubflowAliasRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + namespace?: str + + policy?: AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecForProviderParentSubflowAliasRefPolicy + + +schema AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecForProviderParentSubflowAliasRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecForProviderParentSubflowAliasSelector: + r""" + Selector for a Subflow in authenticationflow to populate parentSubflowAlias. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + namespace : str, default is Undefined, optional + Namespace for the selector + policy : AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecForProviderParentSubflowAliasSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + namespace?: str + + policy?: AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecForProviderParentSubflowAliasSelectorPolicy + + +schema AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecForProviderParentSubflowAliasSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + schema AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecForProviderRealmIDRef: r""" Reference to a Realm in realm to populate realmId. @@ -333,6 +442,12 @@ schema AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecInitProvider: parent flow alias ref parentFlowAliasSelector : AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecInitProviderParentFlowAliasSelector, default is Undefined, optional parent flow alias selector + parentSubflowAlias : str, default is Undefined, optional + parent subflow alias + parentSubflowAliasRef : AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecInitProviderParentSubflowAliasRef, default is Undefined, optional + parent subflow alias ref + parentSubflowAliasSelector : AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecInitProviderParentSubflowAliasSelector, default is Undefined, optional + parent subflow alias selector priority : float, default is Undefined, optional The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). realmId : str, default is Undefined, optional @@ -354,6 +469,12 @@ schema AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecInitProvider: parentFlowAliasSelector?: AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecInitProviderParentFlowAliasSelector + parentSubflowAlias?: str + + parentSubflowAliasRef?: AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecInitProviderParentSubflowAliasRef + + parentSubflowAliasSelector?: AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecInitProviderParentSubflowAliasSelector + priority?: float realmId?: str @@ -462,6 +583,103 @@ schema AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecInitProviderP resolve?: "Always" | "IfNotPresent" +schema AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecInitProviderParentSubflowAliasRef: + r""" + Reference to a Subflow in authenticationflow to populate parentSubflowAlias. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + namespace : str, default is Undefined, optional + Namespace of the referenced object + policy : AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecInitProviderParentSubflowAliasRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + namespace?: str + + policy?: AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecInitProviderParentSubflowAliasRefPolicy + + +schema AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecInitProviderParentSubflowAliasRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecInitProviderParentSubflowAliasSelector: + r""" + Selector for a Subflow in authenticationflow to populate parentSubflowAlias. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + namespace : str, default is Undefined, optional + Namespace for the selector + policy : AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecInitProviderParentSubflowAliasSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + namespace?: str + + policy?: AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecInitProviderParentSubflowAliasSelectorPolicy + + +schema AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecInitProviderParentSubflowAliasSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + schema AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionSpecInitProviderRealmIDRef: r""" Reference to a Realm in realm to populate realmId. @@ -632,6 +850,8 @@ schema AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionStatusAtProvider: id parentFlowAlias : str, default is Undefined, optional The alias of the flow this execution is attached to. + parentSubflowAlias : str, default is Undefined, optional + parent subflow alias priority : float, default is Undefined, optional The authenticator priority. Lower values will be executed prior higher values (Only supported by Keycloak >= 25). realmId : str, default is Undefined, optional @@ -647,6 +867,8 @@ schema AuthenticationflowKeycloakmCrossplaneIoV1alpha1ExecutionStatusAtProvider: parentFlowAlias?: str + parentSubflowAlias?: str + priority?: float realmId?: str diff --git a/crossplane_provider_keycloak/namespaced/client/v1alpha1/client_keycloakm_crossplane_io_v1alpha1_protocol_mapper.k b/crossplane_provider_keycloak/namespaced/client/v1alpha1/client_keycloakm_crossplane_io_v1alpha1_protocol_mapper.k index 369ae9f2..6a835e24 100644 --- a/crossplane_provider_keycloak/namespaced/client/v1alpha1/client_keycloakm_crossplane_io_v1alpha1_protocol_mapper.k +++ b/crossplane_provider_keycloak/namespaced/client/v1alpha1/client_keycloakm_crossplane_io_v1alpha1_protocol_mapper.k @@ -108,6 +108,20 @@ schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProvider: realm Id ref realmIdSelector : ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderRealmIDSelector, default is Undefined, optional realm Id selector + samlClientId : str, default is Undefined, optional + The ID of the client this protocol mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. + The mapper's associated client. Cannot be used at the same time as client_scope_id. + samlClientIdRef : ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientIDRef, default is Undefined, optional + saml client Id ref + samlClientIdSelector : ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientIDSelector, default is Undefined, optional + saml client Id selector + samlClientScopeId : str, default is Undefined, optional + The ID of the client scope this protocol mapper should be added to. Conflicts with client_id. This argument is required if client_id is not set. + The mapper's associated client scope. Cannot be used at the same time as client_id. + samlClientScopeIdRef : ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientScopeIDRef, default is Undefined, optional + saml client scope Id ref + samlClientScopeIdSelector : ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientScopeIDSelector, default is Undefined, optional + saml client scope Id selector """ @@ -137,6 +151,18 @@ schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProvider: realmIdSelector?: ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderRealmIDSelector + samlClientId?: str + + samlClientIdRef?: ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientIDRef + + samlClientIdSelector?: ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientIDSelector + + samlClientScopeId?: str + + samlClientScopeIdRef?: ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientScopeIDRef + + samlClientScopeIdSelector?: ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientScopeIDSelector + schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderClientIDRef: r""" @@ -429,6 +455,200 @@ schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderRealmIDSe resolve?: "Always" | "IfNotPresent" +schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientIDRef: + r""" + Reference to a Client in samlclient to populate samlClientId. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + namespace : str, default is Undefined, optional + Namespace of the referenced object + policy : ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientIDRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + namespace?: str + + policy?: ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientIDRefPolicy + + +schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientIDRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientIDSelector: + r""" + Selector for a Client in samlclient to populate samlClientId. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + namespace : str, default is Undefined, optional + Namespace for the selector + policy : ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientIDSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + namespace?: str + + policy?: ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientIDSelectorPolicy + + +schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientIDSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientScopeIDRef: + r""" + Reference to a ClientScope in samlclient to populate samlClientScopeId. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + namespace : str, default is Undefined, optional + Namespace of the referenced object + policy : ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientScopeIDRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + namespace?: str + + policy?: ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientScopeIDRefPolicy + + +schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientScopeIDRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientScopeIDSelector: + r""" + Selector for a ClientScope in samlclient to populate samlClientScopeId. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + namespace : str, default is Undefined, optional + Namespace for the selector + policy : ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientScopeIDSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + namespace?: str + + policy?: ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientScopeIDSelectorPolicy + + +schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecForProviderSamlClientScopeIDSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProvider: r""" THIS IS A BETA FIELD. It will be honored @@ -476,6 +696,20 @@ schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProvider: realm Id ref realmIdSelector : ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderRealmIDSelector, default is Undefined, optional realm Id selector + samlClientId : str, default is Undefined, optional + The ID of the client this protocol mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. + The mapper's associated client. Cannot be used at the same time as client_scope_id. + samlClientIdRef : ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientIDRef, default is Undefined, optional + saml client Id ref + samlClientIdSelector : ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientIDSelector, default is Undefined, optional + saml client Id selector + samlClientScopeId : str, default is Undefined, optional + The ID of the client scope this protocol mapper should be added to. Conflicts with client_id. This argument is required if client_id is not set. + The mapper's associated client scope. Cannot be used at the same time as client_id. + samlClientScopeIdRef : ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientScopeIDRef, default is Undefined, optional + saml client scope Id ref + samlClientScopeIdSelector : ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientScopeIDSelector, default is Undefined, optional + saml client scope Id selector """ @@ -505,6 +739,18 @@ schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProvider: realmIdSelector?: ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderRealmIDSelector + samlClientId?: str + + samlClientIdRef?: ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientIDRef + + samlClientIdSelector?: ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientIDSelector + + samlClientScopeId?: str + + samlClientScopeIdRef?: ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientScopeIDRef + + samlClientScopeIdSelector?: ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientScopeIDSelector + schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderClientIDRef: r""" @@ -797,6 +1043,200 @@ schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderRealmIDS resolve?: "Always" | "IfNotPresent" +schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientIDRef: + r""" + Reference to a Client in samlclient to populate samlClientId. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + namespace : str, default is Undefined, optional + Namespace of the referenced object + policy : ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientIDRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + namespace?: str + + policy?: ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientIDRefPolicy + + +schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientIDRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientIDSelector: + r""" + Selector for a Client in samlclient to populate samlClientId. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + namespace : str, default is Undefined, optional + Namespace for the selector + policy : ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientIDSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + namespace?: str + + policy?: ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientIDSelectorPolicy + + +schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientIDSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientScopeIDRef: + r""" + Reference to a ClientScope in samlclient to populate samlClientScopeId. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + namespace : str, default is Undefined, optional + Namespace of the referenced object + policy : ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientScopeIDRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + namespace?: str + + policy?: ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientScopeIDRefPolicy + + +schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientScopeIDRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientScopeIDSelector: + r""" + Selector for a ClientScope in samlclient to populate samlClientScopeId. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + namespace : str, default is Undefined, optional + Namespace for the selector + policy : ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientScopeIDSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + namespace?: str + + policy?: ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientScopeIDSelectorPolicy + + +schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecInitProviderSamlClientScopeIDSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperSpecProviderConfigRef: r""" ProviderConfigReference specifies how the provider that will be used to @@ -886,6 +1326,12 @@ schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperStatusAtProvider: realmId : str, default is Undefined, optional The realm this protocol mapper exists within. The realm id where the associated client or client scope exists. + samlClientId : str, default is Undefined, optional + The ID of the client this protocol mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. + The mapper's associated client. Cannot be used at the same time as client_scope_id. + samlClientScopeId : str, default is Undefined, optional + The ID of the client scope this protocol mapper should be added to. Conflicts with client_id. This argument is required if client_id is not set. + The mapper's associated client scope. Cannot be used at the same time as client_id. """ @@ -905,6 +1351,10 @@ schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperStatusAtProvider: realmId?: str + samlClientId?: str + + samlClientScopeId?: str + schema ClientKeycloakmCrossplaneIoV1alpha1ProtocolMapperStatusConditionsItems0: r""" diff --git a/crossplane_provider_keycloak/namespaced/client/v1alpha1/client_keycloakm_crossplane_io_v1alpha1_role_mapper.k b/crossplane_provider_keycloak/namespaced/client/v1alpha1/client_keycloakm_crossplane_io_v1alpha1_role_mapper.k index 358c5741..00c95f10 100644 --- a/crossplane_provider_keycloak/namespaced/client/v1alpha1/client_keycloakm_crossplane_io_v1alpha1_role_mapper.k +++ b/crossplane_provider_keycloak/namespaced/client/v1alpha1/client_keycloakm_crossplane_io_v1alpha1_role_mapper.k @@ -104,6 +104,20 @@ schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProvider: role Id ref roleIdSelector : ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderRoleIDSelector, default is Undefined, optional role Id selector + samlClientId : str, default is Undefined, optional + The ID of the client this role mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. + The destination client of the role. Cannot be used at the same time as client_scope_id. + samlClientIdRef : ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientIDRef, default is Undefined, optional + saml client Id ref + samlClientIdSelector : ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientIDSelector, default is Undefined, optional + saml client Id selector + samlClientScopeId : str, default is Undefined, optional + The ID of the client scope this role mapper should be added to. Conflicts with client_id. This argument is required if client_id is not set. + The destination client scope of the role. Cannot be used at the same time as client_id. + samlClientScopeIdRef : ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientScopeIDRef, default is Undefined, optional + saml client scope Id ref + samlClientScopeIdSelector : ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientScopeIDSelector, default is Undefined, optional + saml client scope Id selector """ @@ -131,6 +145,18 @@ schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProvider: roleIdSelector?: ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderRoleIDSelector + samlClientId?: str + + samlClientIdRef?: ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientIDRef + + samlClientIdSelector?: ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientIDSelector + + samlClientScopeId?: str + + samlClientScopeIdRef?: ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientScopeIDRef + + samlClientScopeIdSelector?: ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientScopeIDSelector + schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderClientIDRef: r""" @@ -520,6 +546,200 @@ schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderRoleIDSelecto resolve?: "Always" | "IfNotPresent" +schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientIDRef: + r""" + Reference to a Client in samlclient to populate samlClientId. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + namespace : str, default is Undefined, optional + Namespace of the referenced object + policy : ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientIDRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + namespace?: str + + policy?: ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientIDRefPolicy + + +schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientIDRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientIDSelector: + r""" + Selector for a Client in samlclient to populate samlClientId. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + namespace : str, default is Undefined, optional + Namespace for the selector + policy : ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientIDSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + namespace?: str + + policy?: ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientIDSelectorPolicy + + +schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientIDSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientScopeIDRef: + r""" + Reference to a ClientScope in samlclient to populate samlClientScopeId. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + namespace : str, default is Undefined, optional + Namespace of the referenced object + policy : ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientScopeIDRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + namespace?: str + + policy?: ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientScopeIDRefPolicy + + +schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientScopeIDRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientScopeIDSelector: + r""" + Selector for a ClientScope in samlclient to populate samlClientScopeId. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + namespace : str, default is Undefined, optional + Namespace for the selector + policy : ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientScopeIDSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + namespace?: str + + policy?: ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientScopeIDSelectorPolicy + + +schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecForProviderSamlClientScopeIDSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProvider: r""" THIS IS A BETA FIELD. It will be honored @@ -563,6 +783,20 @@ schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProvider: role Id ref roleIdSelector : ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderRoleIDSelector, default is Undefined, optional role Id selector + samlClientId : str, default is Undefined, optional + The ID of the client this role mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. + The destination client of the role. Cannot be used at the same time as client_scope_id. + samlClientIdRef : ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientIDRef, default is Undefined, optional + saml client Id ref + samlClientIdSelector : ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientIDSelector, default is Undefined, optional + saml client Id selector + samlClientScopeId : str, default is Undefined, optional + The ID of the client scope this role mapper should be added to. Conflicts with client_id. This argument is required if client_id is not set. + The destination client scope of the role. Cannot be used at the same time as client_id. + samlClientScopeIdRef : ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientScopeIDRef, default is Undefined, optional + saml client scope Id ref + samlClientScopeIdSelector : ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientScopeIDSelector, default is Undefined, optional + saml client scope Id selector """ @@ -590,6 +824,18 @@ schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProvider: roleIdSelector?: ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderRoleIDSelector + samlClientId?: str + + samlClientIdRef?: ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientIDRef + + samlClientIdSelector?: ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientIDSelector + + samlClientScopeId?: str + + samlClientScopeIdRef?: ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientScopeIDRef + + samlClientScopeIdSelector?: ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientScopeIDSelector + schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderClientIDRef: r""" @@ -979,6 +1225,200 @@ schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderRoleIDSelect resolve?: "Always" | "IfNotPresent" +schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientIDRef: + r""" + Reference to a Client in samlclient to populate samlClientId. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + namespace : str, default is Undefined, optional + Namespace of the referenced object + policy : ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientIDRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + namespace?: str + + policy?: ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientIDRefPolicy + + +schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientIDRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientIDSelector: + r""" + Selector for a Client in samlclient to populate samlClientId. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + namespace : str, default is Undefined, optional + Namespace for the selector + policy : ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientIDSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + namespace?: str + + policy?: ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientIDSelectorPolicy + + +schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientIDSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientScopeIDRef: + r""" + Reference to a ClientScope in samlclient to populate samlClientScopeId. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + namespace : str, default is Undefined, optional + Namespace of the referenced object + policy : ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientScopeIDRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + namespace?: str + + policy?: ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientScopeIDRefPolicy + + +schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientScopeIDRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientScopeIDSelector: + r""" + Selector for a ClientScope in samlclient to populate samlClientScopeId. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + namespace : str, default is Undefined, optional + Namespace for the selector + policy : ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientScopeIDSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + namespace?: str + + policy?: ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientScopeIDSelectorPolicy + + +schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecInitProviderSamlClientScopeIDSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperSpecProviderConfigRef: r""" ProviderConfigReference specifies how the provider that will be used to @@ -1060,6 +1500,12 @@ schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperStatusAtProvider: roleId : str, default is Undefined, optional The ID of the role to be added to this role mapper. Id of the role to assign + samlClientId : str, default is Undefined, optional + The ID of the client this role mapper should be added to. Conflicts with client_scope_id. This argument is required if client_scope_id is not set. + The destination client of the role. Cannot be used at the same time as client_scope_id. + samlClientScopeId : str, default is Undefined, optional + The ID of the client scope this role mapper should be added to. Conflicts with client_id. This argument is required if client_id is not set. + The destination client scope of the role. Cannot be used at the same time as client_id. """ @@ -1073,6 +1519,10 @@ schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperStatusAtProvider: roleId?: str + samlClientId?: str + + samlClientScopeId?: str + schema ClientKeycloakmCrossplaneIoV1alpha1RoleMapperStatusConditionsItems0: r""" diff --git a/crossplane_provider_keycloak/namespaced/defaults/v1alpha1/defaults_keycloakm_crossplane_io_v1alpha1_roles.k b/crossplane_provider_keycloak/namespaced/defaults/v1alpha1/defaults_keycloakm_crossplane_io_v1alpha1_roles.k index 38b44983..273972ac 100644 --- a/crossplane_provider_keycloak/namespaced/defaults/v1alpha1/defaults_keycloakm_crossplane_io_v1alpha1_roles.k +++ b/crossplane_provider_keycloak/namespaced/defaults/v1alpha1/defaults_keycloakm_crossplane_io_v1alpha1_roles.k @@ -77,7 +77,7 @@ schema DefaultsKeycloakmCrossplaneIoV1alpha1RolesSpecForProvider: Attributes ---------- defaultRoles : [str], default is Undefined, optional - Realm level roles assigned to new users by default. + Roles assigned to new users by default. Realm level roles (name) assigned to new users. defaultRolesRefs : [DefaultsKeycloakmCrossplaneIoV1alpha1RolesSpecForProviderDefaultRolesRefsItems0], default is Undefined, optional References to Role in role to populate defaultRoles. @@ -315,7 +315,7 @@ schema DefaultsKeycloakmCrossplaneIoV1alpha1RolesSpecInitProvider: Attributes ---------- defaultRoles : [str], default is Undefined, optional - Realm level roles assigned to new users by default. + Roles assigned to new users by default. Realm level roles (name) assigned to new users. defaultRolesRefs : [DefaultsKeycloakmCrossplaneIoV1alpha1RolesSpecInitProviderDefaultRolesRefsItems0], default is Undefined, optional References to Role in role to populate defaultRoles. @@ -605,7 +605,7 @@ schema DefaultsKeycloakmCrossplaneIoV1alpha1RolesStatusAtProvider: Attributes ---------- defaultRoles : [str], default is Undefined, optional - Realm level roles assigned to new users by default. + Roles assigned to new users by default. Realm level roles (name) assigned to new users. id : str, default is Undefined, optional id diff --git a/crossplane_provider_keycloak/namespaced/group/v1alpha1/group_keycloakm_crossplane_io_v1alpha1_group.k b/crossplane_provider_keycloak/namespaced/group/v1alpha1/group_keycloakm_crossplane_io_v1alpha1_group.k index 67cb389c..4d55564a 100644 --- a/crossplane_provider_keycloak/namespaced/group/v1alpha1/group_keycloakm_crossplane_io_v1alpha1_group.k +++ b/crossplane_provider_keycloak/namespaced/group/v1alpha1/group_keycloakm_crossplane_io_v1alpha1_group.k @@ -78,6 +78,8 @@ schema GroupKeycloakmCrossplaneIoV1alpha1GroupSpecForProvider: ---------- attributes : {str:str}, default is Undefined, optional A map representing attributes for the group. In order to add multivalued attributes, use ## to separate the values. Max length for each value is 255 chars + description : str, default is Undefined, optional + description name : str, default is Undefined, optional The name of the group. parentId : str, default is Undefined, optional @@ -97,6 +99,8 @@ schema GroupKeycloakmCrossplaneIoV1alpha1GroupSpecForProvider: attributes?: {str:str} + description?: str + name?: str parentId?: str @@ -323,6 +327,8 @@ schema GroupKeycloakmCrossplaneIoV1alpha1GroupSpecInitProvider: ---------- attributes : {str:str}, default is Undefined, optional A map representing attributes for the group. In order to add multivalued attributes, use ## to separate the values. Max length for each value is 255 chars + description : str, default is Undefined, optional + description name : str, default is Undefined, optional The name of the group. parentId : str, default is Undefined, optional @@ -342,6 +348,8 @@ schema GroupKeycloakmCrossplaneIoV1alpha1GroupSpecInitProvider: attributes?: {str:str} + description?: str + name?: str parentId?: str @@ -620,6 +628,8 @@ schema GroupKeycloakmCrossplaneIoV1alpha1GroupStatusAtProvider: ---------- attributes : {str:str}, default is Undefined, optional A map representing attributes for the group. In order to add multivalued attributes, use ## to separate the values. Max length for each value is 255 chars + description : str, default is Undefined, optional + description id : str, default is Undefined, optional id name : str, default is Undefined, optional @@ -635,6 +645,8 @@ schema GroupKeycloakmCrossplaneIoV1alpha1GroupStatusAtProvider: attributes?: {str:str} + description?: str + id?: str name?: str diff --git a/crossplane_provider_keycloak/namespaced/identityprovider/v1alpha1/identityprovider_keycloakm_crossplane_io_v1alpha1_provider_token_exchange_scope_permission.k b/crossplane_provider_keycloak/namespaced/identityprovider/v1alpha1/identityprovider_keycloakm_crossplane_io_v1alpha1_provider_token_exchange_scope_permission.k new file mode 100644 index 00000000..164f6c6b --- /dev/null +++ b/crossplane_provider_keycloak/namespaced/identityprovider/v1alpha1/identityprovider_keycloakm_crossplane_io_v1alpha1_provider_token_exchange_scope_permission.k @@ -0,0 +1,919 @@ +""" +This file was generated by the KCL auto-gen tool. DO NOT EDIT. +Editing this file might prove futile when you re-run the KCL auto-gen generate command. +""" +import k8s.apimachinery.pkg.apis.meta.v1 + + +schema ProviderTokenExchangeScopePermission: + r""" + ProviderTokenExchangeScopePermission is the Schema for the ProviderTokenExchangeScopePermissions API. + + Attributes + ---------- + apiVersion : str, default is "identityprovider.keycloak.m.crossplane.io/v1alpha1", required + APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + kind : str, default is "ProviderTokenExchangeScopePermission", required + Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + metadata : v1.ObjectMeta, default is Undefined, optional + metadata + spec : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpec, default is Undefined, required + spec + status : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionStatus, default is Undefined, optional + status + """ + + + apiVersion: "identityprovider.keycloak.m.crossplane.io/v1alpha1" = "identityprovider.keycloak.m.crossplane.io/v1alpha1" + + kind: "ProviderTokenExchangeScopePermission" = "ProviderTokenExchangeScopePermission" + + metadata?: v1.ObjectMeta + + spec: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpec + + status?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionStatus + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpec: + r""" + ProviderTokenExchangeScopePermissionSpec defines the desired state of ProviderTokenExchangeScopePermission + + Attributes + ---------- + forProvider : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProvider, default is Undefined, required + for provider + initProvider : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProvider, default is Undefined, optional + init provider + managementPolicies : [str], default is ["*"], optional + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md + providerConfigRef : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecProviderConfigRef, default is Undefined, optional + provider config ref + writeConnectionSecretToRef : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecWriteConnectionSecretToRef, default is Undefined, optional + write connection secret to ref + """ + + + forProvider: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProvider + + initProvider?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProvider + + managementPolicies?: [str] = ["*"] + + providerConfigRef?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecProviderConfigRef + + writeConnectionSecretToRef?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecWriteConnectionSecretToRef + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProvider: + r""" + identityprovider keycloakm crossplane io v1alpha1 provider token exchange scope permission spec for provider + + Attributes + ---------- + clients : [str], default is Undefined, optional + A list of IDs of the clients for which a policy will be created and set on scope based token exchange permission. + Ids of the clients for which a policy will be created and set on scope based token exchange permission + clientsRefs : [IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderClientsRefsItems0], default is Undefined, optional + References to Client in openidclient to populate clients. + clientsSelector : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderClientsSelector, default is Undefined, optional + clients selector + policyType : str, default is Undefined, optional + Defaults to "client" This is also the only value policy type supported by this provider. + Type of policy that is created. At the moment only 'client' type is supported + providerAlias : str, default is Undefined, optional + Alias of the identity provider. + providerAliasRef : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderProviderAliasRef, default is Undefined, optional + provider alias ref + providerAliasSelector : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderProviderAliasSelector, default is Undefined, optional + provider alias selector + realmId : str, default is Undefined, optional + The realm that the identity provider exists in. + realmIdRef : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderRealmIDRef, default is Undefined, optional + realm Id ref + realmIdSelector : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderRealmIDSelector, default is Undefined, optional + realm Id selector + """ + + + clients?: [str] + + clientsRefs?: [IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderClientsRefsItems0] + + clientsSelector?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderClientsSelector + + policyType?: str + + providerAlias?: str + + providerAliasRef?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderProviderAliasRef + + providerAliasSelector?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderProviderAliasSelector + + realmId?: str + + realmIdRef?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderRealmIDRef + + realmIdSelector?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderRealmIDSelector + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderClientsRefsItems0: + r""" + A NamespacedReference to a named object. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + namespace : str, default is Undefined, optional + Namespace of the referenced object + policy : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderClientsRefsItems0Policy, default is Undefined, optional + policy + """ + + + name: str + + namespace?: str + + policy?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderClientsRefsItems0Policy + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderClientsRefsItems0Policy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderClientsSelector: + r""" + Selector for a list of Client in openidclient to populate clients. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + namespace : str, default is Undefined, optional + Namespace for the selector + policy : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderClientsSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + namespace?: str + + policy?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderClientsSelectorPolicy + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderClientsSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderProviderAliasRef: + r""" + Reference to a IdentityProvider in oidc to populate providerAlias. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + namespace : str, default is Undefined, optional + Namespace of the referenced object + policy : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderProviderAliasRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + namespace?: str + + policy?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderProviderAliasRefPolicy + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderProviderAliasRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderProviderAliasSelector: + r""" + Selector for a IdentityProvider in oidc to populate providerAlias. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + namespace : str, default is Undefined, optional + Namespace for the selector + policy : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderProviderAliasSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + namespace?: str + + policy?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderProviderAliasSelectorPolicy + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderProviderAliasSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderRealmIDRef: + r""" + Reference to a Realm in realm to populate realmId. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + namespace : str, default is Undefined, optional + Namespace of the referenced object + policy : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderRealmIDRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + namespace?: str + + policy?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderRealmIDRefPolicy + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderRealmIDRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderRealmIDSelector: + r""" + Selector for a Realm in realm to populate realmId. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + namespace : str, default is Undefined, optional + Namespace for the selector + policy : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderRealmIDSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + namespace?: str + + policy?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderRealmIDSelectorPolicy + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecForProviderRealmIDSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProvider: + r""" + THIS IS A BETA FIELD. It will be honored + unless the Management Policies feature flag is disabled. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. + + Attributes + ---------- + clients : [str], default is Undefined, optional + A list of IDs of the clients for which a policy will be created and set on scope based token exchange permission. + Ids of the clients for which a policy will be created and set on scope based token exchange permission + clientsRefs : [IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderClientsRefsItems0], default is Undefined, optional + References to Client in openidclient to populate clients. + clientsSelector : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderClientsSelector, default is Undefined, optional + clients selector + policyType : str, default is Undefined, optional + Defaults to "client" This is also the only value policy type supported by this provider. + Type of policy that is created. At the moment only 'client' type is supported + providerAlias : str, default is Undefined, optional + Alias of the identity provider. + providerAliasRef : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderProviderAliasRef, default is Undefined, optional + provider alias ref + providerAliasSelector : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderProviderAliasSelector, default is Undefined, optional + provider alias selector + realmId : str, default is Undefined, optional + The realm that the identity provider exists in. + realmIdRef : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderRealmIDRef, default is Undefined, optional + realm Id ref + realmIdSelector : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderRealmIDSelector, default is Undefined, optional + realm Id selector + """ + + + clients?: [str] + + clientsRefs?: [IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderClientsRefsItems0] + + clientsSelector?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderClientsSelector + + policyType?: str + + providerAlias?: str + + providerAliasRef?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderProviderAliasRef + + providerAliasSelector?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderProviderAliasSelector + + realmId?: str + + realmIdRef?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderRealmIDRef + + realmIdSelector?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderRealmIDSelector + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderClientsRefsItems0: + r""" + A NamespacedReference to a named object. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + namespace : str, default is Undefined, optional + Namespace of the referenced object + policy : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderClientsRefsItems0Policy, default is Undefined, optional + policy + """ + + + name: str + + namespace?: str + + policy?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderClientsRefsItems0Policy + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderClientsRefsItems0Policy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderClientsSelector: + r""" + Selector for a list of Client in openidclient to populate clients. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + namespace : str, default is Undefined, optional + Namespace for the selector + policy : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderClientsSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + namespace?: str + + policy?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderClientsSelectorPolicy + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderClientsSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderProviderAliasRef: + r""" + Reference to a IdentityProvider in oidc to populate providerAlias. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + namespace : str, default is Undefined, optional + Namespace of the referenced object + policy : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderProviderAliasRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + namespace?: str + + policy?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderProviderAliasRefPolicy + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderProviderAliasRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderProviderAliasSelector: + r""" + Selector for a IdentityProvider in oidc to populate providerAlias. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + namespace : str, default is Undefined, optional + Namespace for the selector + policy : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderProviderAliasSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + namespace?: str + + policy?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderProviderAliasSelectorPolicy + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderProviderAliasSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderRealmIDRef: + r""" + Reference to a Realm in realm to populate realmId. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + namespace : str, default is Undefined, optional + Namespace of the referenced object + policy : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderRealmIDRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + namespace?: str + + policy?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderRealmIDRefPolicy + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderRealmIDRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderRealmIDSelector: + r""" + Selector for a Realm in realm to populate realmId. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + namespace : str, default is Undefined, optional + Namespace for the selector + policy : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderRealmIDSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + namespace?: str + + policy?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderRealmIDSelectorPolicy + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecInitProviderRealmIDSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecProviderConfigRef: + r""" + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. + + Attributes + ---------- + kind : str, default is Undefined, required + Kind of the referenced object. + name : str, default is Undefined, required + Name of the referenced object. + """ + + + kind: str + + name: str + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionSpecWriteConnectionSecretToRef: + r""" + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the secret. + """ + + + name: str + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionStatus: + r""" + ProviderTokenExchangeScopePermissionStatus defines the observed state of ProviderTokenExchangeScopePermission. + + Attributes + ---------- + atProvider : IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionStatusAtProvider, default is Undefined, optional + at provider + conditions : [IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionStatusConditionsItems0], default is Undefined, optional + Conditions of the resource. + observedGeneration : int, default is Undefined, optional + ObservedGeneration is the latest metadata.generation + which resulted in either a ready state, or stalled due to error + it can not recover from without human intervention. + """ + + + atProvider?: IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionStatusAtProvider + + conditions?: [IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionStatusConditionsItems0] + + observedGeneration?: int + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionStatusAtProvider: + r""" + identityprovider keycloakm crossplane io v1alpha1 provider token exchange scope permission status at provider + + Attributes + ---------- + authorizationIdpResourceId : str, default is Undefined, optional + (Computed) Resource ID representing the identity provider, this automatically created by keycloak. + Resource id representing the identity provider, this automatically created by keycloak + authorizationResourceServerId : str, default is Undefined, optional + (Computed) Resource server ID representing the realm management client on which this permission is managed. + Resource server id representing the realm management client on which this permission is managed + authorizationTokenExchangeScopePermissionId : str, default is Undefined, optional + (Computed) Permission ID representing the Permission with scope 'Token Exchange' and the resource 'authorization_idp_resource_id', this automatically created by keycloak, the policy ID will be set on this permission. + Permission id representing the Permission with scope 'Token Exchange' and the resource 'authorization_idp_resource_id', this automatically created by keycloak, the policy id will be set on this permission + clients : [str], default is Undefined, optional + A list of IDs of the clients for which a policy will be created and set on scope based token exchange permission. + Ids of the clients for which a policy will be created and set on scope based token exchange permission + id : str, default is Undefined, optional + id + policyId : str, default is Undefined, optional + (Computed) Policy ID that will be set on the scope based token exchange permission automatically created by enabling permissions on the reference identity provider. + Policy id that will be set on the scope based token exchange permission automatically created by enabling permissions on the reference identity provider + policyType : str, default is Undefined, optional + Defaults to "client" This is also the only value policy type supported by this provider. + Type of policy that is created. At the moment only 'client' type is supported + providerAlias : str, default is Undefined, optional + Alias of the identity provider. + realmId : str, default is Undefined, optional + The realm that the identity provider exists in. + """ + + + authorizationIdpResourceId?: str + + authorizationResourceServerId?: str + + authorizationTokenExchangeScopePermissionId?: str + + clients?: [str] + + id?: str + + policyId?: str + + policyType?: str + + providerAlias?: str + + realmId?: str + + +schema IdentityproviderKeycloakmCrossplaneIoV1alpha1ProviderTokenExchangeScopePermissionStatusConditionsItems0: + r""" + A Condition that may apply to a resource. + + Attributes + ---------- + lastTransitionTime : str, default is Undefined, required + LastTransitionTime is the last time this condition transitioned from one + status to another. + message : str, default is Undefined, optional + A Message containing details about this condition's last transition from + one status to another, if any. + observedGeneration : int, default is Undefined, optional + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + reason : str, default is Undefined, required + A Reason for this condition's last transition from one status to another. + status : str, default is Undefined, required + Status of this condition; is it currently True, False, or Unknown? + $type : str, default is Undefined, required + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + """ + + + lastTransitionTime: str + + message?: str + + observedGeneration?: int + + reason: str + + status: str + + $type: str + + diff --git a/crossplane_provider_keycloak/namespaced/ldap/v1alpha1/ldap_keycloakm_crossplane_io_v1alpha1_user_federation.k b/crossplane_provider_keycloak/namespaced/ldap/v1alpha1/ldap_keycloakm_crossplane_io_v1alpha1_user_federation.k index e7b8e0fd..b022d35e 100644 --- a/crossplane_provider_keycloak/namespaced/ldap/v1alpha1/ldap_keycloakm_crossplane_io_v1alpha1_user_federation.k +++ b/crossplane_provider_keycloak/namespaced/ldap/v1alpha1/ldap_keycloakm_crossplane_io_v1alpha1_user_federation.k @@ -90,6 +90,9 @@ schema LdapKeycloakmCrossplaneIoV1alpha1UserFederationSpecForProvider: changedSyncPeriod : float, default is Undefined, optional How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + connectionPooling : bool, default is Undefined, optional + When true, LDAP connection pooling is enabled. Defaults to false. + When true, Keycloak will use connection pooling when connecting to LDAP. connectionTimeout : str, default is Undefined, optional LDAP connection timeout in the format of a Go duration string. LDAP connection timeout (duration string) @@ -99,6 +102,9 @@ schema LdapKeycloakmCrossplaneIoV1alpha1UserFederationSpecForProvider: customUserSearchFilter : str, default is Undefined, optional Additional LDAP filter for filtering searched users. Must begin with ( and end with ). Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. + debug : str, default is Undefined, optional + Can be one of true or false. Will enable/disable logging for Kerberos Authentication. Defaults to false: + true: enables debug logging for Krb5LoginModule. false: disables debug logging for Krb5LoginModule deleteDefaultMappers : bool, default is Undefined, optional When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to false. When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. @@ -117,6 +123,9 @@ schema LdapKeycloakmCrossplaneIoV1alpha1UserFederationSpecForProvider: kerberos : [LdapKeycloakmCrossplaneIoV1alpha1UserFederationSpecForProviderKerberosItems0], default is Undefined, optional A block containing the kerberos settings. Settings regarding kerberos authentication for this realm. + krbPrincipalAttribute : str, default is Undefined, optional + Name of the LDAP attribute, which refers to Kerberos principal. This is used to lookup appropriate LDAP user after successful Kerberos/SPNEGO authentication in Keycloak. When this is empty, the LDAP user will be looked based on LDAP username corresponding to the first part of his Kerberos principal. For instance, for principal 'john@KEYCLOAK.ORG', it will assume that LDAP username is 'john'. + Name of the LDAP attribute, which refers to Kerberos principal. This is used to lookup appropriate LDAP user after successful Kerberos/SPNEGO authentication in Keycloak. When this is empty, the LDAP user will be looked based on LDAP username corresponding to the first part of his Kerberos principal. For instance, for principal 'john@KEYCLOAK.ORG', it will assume that LDAP username is 'john'. name : str, default is Undefined, optional Display name of the provider when displayed in the console. Display name of the provider when displayed in the console. @@ -187,12 +196,16 @@ schema LdapKeycloakmCrossplaneIoV1alpha1UserFederationSpecForProvider: changedSyncPeriod?: float + connectionPooling?: bool + connectionTimeout?: str connectionUrl?: str customUserSearchFilter?: str + debug?: str + deleteDefaultMappers?: bool editMode?: str @@ -205,6 +218,8 @@ schema LdapKeycloakmCrossplaneIoV1alpha1UserFederationSpecForProvider: kerberos?: [LdapKeycloakmCrossplaneIoV1alpha1UserFederationSpecForProviderKerberosItems0] + krbPrincipalAttribute?: str + name?: str pagination?: bool @@ -455,6 +470,9 @@ schema LdapKeycloakmCrossplaneIoV1alpha1UserFederationSpecInitProvider: changedSyncPeriod : float, default is Undefined, optional How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + connectionPooling : bool, default is Undefined, optional + When true, LDAP connection pooling is enabled. Defaults to false. + When true, Keycloak will use connection pooling when connecting to LDAP. connectionTimeout : str, default is Undefined, optional LDAP connection timeout in the format of a Go duration string. LDAP connection timeout (duration string) @@ -464,6 +482,9 @@ schema LdapKeycloakmCrossplaneIoV1alpha1UserFederationSpecInitProvider: customUserSearchFilter : str, default is Undefined, optional Additional LDAP filter for filtering searched users. Must begin with ( and end with ). Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. + debug : str, default is Undefined, optional + Can be one of true or false. Will enable/disable logging for Kerberos Authentication. Defaults to false: + true: enables debug logging for Krb5LoginModule. false: disables debug logging for Krb5LoginModule deleteDefaultMappers : bool, default is Undefined, optional When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to false. When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. @@ -482,6 +503,9 @@ schema LdapKeycloakmCrossplaneIoV1alpha1UserFederationSpecInitProvider: kerberos : [LdapKeycloakmCrossplaneIoV1alpha1UserFederationSpecInitProviderKerberosItems0], default is Undefined, optional A block containing the kerberos settings. Settings regarding kerberos authentication for this realm. + krbPrincipalAttribute : str, default is Undefined, optional + Name of the LDAP attribute, which refers to Kerberos principal. This is used to lookup appropriate LDAP user after successful Kerberos/SPNEGO authentication in Keycloak. When this is empty, the LDAP user will be looked based on LDAP username corresponding to the first part of his Kerberos principal. For instance, for principal 'john@KEYCLOAK.ORG', it will assume that LDAP username is 'john'. + Name of the LDAP attribute, which refers to Kerberos principal. This is used to lookup appropriate LDAP user after successful Kerberos/SPNEGO authentication in Keycloak. When this is empty, the LDAP user will be looked based on LDAP username corresponding to the first part of his Kerberos principal. For instance, for principal 'john@KEYCLOAK.ORG', it will assume that LDAP username is 'john'. name : str, default is Undefined, optional Display name of the provider when displayed in the console. Display name of the provider when displayed in the console. @@ -552,12 +576,16 @@ schema LdapKeycloakmCrossplaneIoV1alpha1UserFederationSpecInitProvider: changedSyncPeriod?: float + connectionPooling?: bool + connectionTimeout?: str connectionUrl?: str customUserSearchFilter?: str + debug?: str + deleteDefaultMappers?: bool editMode?: str @@ -570,6 +598,8 @@ schema LdapKeycloakmCrossplaneIoV1alpha1UserFederationSpecInitProvider: kerberos?: [LdapKeycloakmCrossplaneIoV1alpha1UserFederationSpecInitProviderKerberosItems0] + krbPrincipalAttribute?: str + name?: str pagination?: bool @@ -870,6 +900,9 @@ schema LdapKeycloakmCrossplaneIoV1alpha1UserFederationStatusAtProvider: changedSyncPeriod : float, default is Undefined, optional How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync. + connectionPooling : bool, default is Undefined, optional + When true, LDAP connection pooling is enabled. Defaults to false. + When true, Keycloak will use connection pooling when connecting to LDAP. connectionTimeout : str, default is Undefined, optional LDAP connection timeout in the format of a Go duration string. LDAP connection timeout (duration string) @@ -879,6 +912,9 @@ schema LdapKeycloakmCrossplaneIoV1alpha1UserFederationStatusAtProvider: customUserSearchFilter : str, default is Undefined, optional Additional LDAP filter for filtering searched users. Must begin with ( and end with ). Additional LDAP filter for filtering searched users. Must begin with '(' and end with ')'. + debug : str, default is Undefined, optional + Can be one of true or false. Will enable/disable logging for Kerberos Authentication. Defaults to false: + true: enables debug logging for Krb5LoginModule. false: disables debug logging for Krb5LoginModule deleteDefaultMappers : bool, default is Undefined, optional When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. Defaults to false. When true, the provider will delete the default mappers which are normally created by Keycloak when creating an LDAP user federation provider. @@ -899,6 +935,9 @@ schema LdapKeycloakmCrossplaneIoV1alpha1UserFederationStatusAtProvider: kerberos : [LdapKeycloakmCrossplaneIoV1alpha1UserFederationStatusAtProviderKerberosItems0], default is Undefined, optional A block containing the kerberos settings. Settings regarding kerberos authentication for this realm. + krbPrincipalAttribute : str, default is Undefined, optional + Name of the LDAP attribute, which refers to Kerberos principal. This is used to lookup appropriate LDAP user after successful Kerberos/SPNEGO authentication in Keycloak. When this is empty, the LDAP user will be looked based on LDAP username corresponding to the first part of his Kerberos principal. For instance, for principal 'john@KEYCLOAK.ORG', it will assume that LDAP username is 'john'. + Name of the LDAP attribute, which refers to Kerberos principal. This is used to lookup appropriate LDAP user after successful Kerberos/SPNEGO authentication in Keycloak. When this is empty, the LDAP user will be looked based on LDAP username corresponding to the first part of his Kerberos principal. For instance, for principal 'john@KEYCLOAK.ORG', it will assume that LDAP username is 'john'. name : str, default is Undefined, optional Display name of the provider when displayed in the console. Display name of the provider when displayed in the console. @@ -963,12 +1002,16 @@ schema LdapKeycloakmCrossplaneIoV1alpha1UserFederationStatusAtProvider: changedSyncPeriod?: float + connectionPooling?: bool + connectionTimeout?: str connectionUrl?: str customUserSearchFilter?: str + debug?: str + deleteDefaultMappers?: bool editMode?: str @@ -983,6 +1026,8 @@ schema LdapKeycloakmCrossplaneIoV1alpha1UserFederationStatusAtProvider: kerberos?: [LdapKeycloakmCrossplaneIoV1alpha1UserFederationStatusAtProviderKerberosItems0] + krbPrincipalAttribute?: str + name?: str pagination?: bool diff --git a/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client.k b/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client.k index d6437cc5..2c428d7c 100644 --- a/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client.k +++ b/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client.k @@ -83,7 +83,7 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProvider: adminUrl : str, default is Undefined, optional URL to the admin interface of the client. allowRefreshTokenInStandardTokenExchange : str, default is Undefined, optional - allow refresh token in standard token exchange + Defines whether to allow refresh token in Standard Token Exchange. Possible values are NO (default) and SAME_SESSION. alwaysDisplayInConsole : bool, default is Undefined, optional Always list this client in the Account UI, even if the user does not have an active session. authenticationFlowBindingOverrides : [OpenidclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProviderAuthenticationFlowBindingOverridesItems0], default is Undefined, optional @@ -166,6 +166,8 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProvider: realm Id ref realmIdSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProviderRealmIDSelector, default is Undefined, optional realm Id selector + requireDpopBoundTokens : bool, default is Undefined, optional + Enable support for Demonstrating Proof-of-Possession (DPoP) bound tokens. rootUrl : str, default is Undefined, optional When specified, this URL is prepended to any relative URLs found within valid_redirect_uris, web_origins, and admin_url. NOTE: Due to limitations in the Keycloak API, when the root_url attribute is used, the valid_redirect_uris, web_origins, and admin_url attributes will be required. serviceAccountsEnabled : bool, default is Undefined, optional @@ -173,7 +175,7 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProvider: standardFlowEnabled : bool, default is Undefined, optional When true, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to false. standardTokenExchangeEnabled : bool, default is Undefined, optional - When false, this client will not be able to initiate a login or obtain access tokens. Defaults to true. + Enables support for Standard Token Exchange useRefreshTokens : bool, default is Undefined, optional If this is true, a refresh_token will be created and added to the token response. If this is false then no refresh_token will be generated. Defaults to true. useRefreshTokensClientCredentials : bool, default is Undefined, optional @@ -277,6 +279,8 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProvider: realmIdSelector?: OpenidclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProviderRealmIDSelector + requireDpopBoundTokens?: bool + rootUrl?: str serviceAccountsEnabled?: bool @@ -706,7 +710,7 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProvider: adminUrl : str, default is Undefined, optional URL to the admin interface of the client. allowRefreshTokenInStandardTokenExchange : str, default is Undefined, optional - allow refresh token in standard token exchange + Defines whether to allow refresh token in Standard Token Exchange. Possible values are NO (default) and SAME_SESSION. alwaysDisplayInConsole : bool, default is Undefined, optional Always list this client in the Account UI, even if the user does not have an active session. authenticationFlowBindingOverrides : [OpenidclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProviderAuthenticationFlowBindingOverridesItems0], default is Undefined, optional @@ -789,6 +793,8 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProvider: realm Id ref realmIdSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProviderRealmIDSelector, default is Undefined, optional realm Id selector + requireDpopBoundTokens : bool, default is Undefined, optional + Enable support for Demonstrating Proof-of-Possession (DPoP) bound tokens. rootUrl : str, default is Undefined, optional When specified, this URL is prepended to any relative URLs found within valid_redirect_uris, web_origins, and admin_url. NOTE: Due to limitations in the Keycloak API, when the root_url attribute is used, the valid_redirect_uris, web_origins, and admin_url attributes will be required. serviceAccountsEnabled : bool, default is Undefined, optional @@ -796,7 +802,7 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProvider: standardFlowEnabled : bool, default is Undefined, optional When true, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to false. standardTokenExchangeEnabled : bool, default is Undefined, optional - When false, this client will not be able to initiate a login or obtain access tokens. Defaults to true. + Enables support for Standard Token Exchange useRefreshTokens : bool, default is Undefined, optional If this is true, a refresh_token will be created and added to the token response. If this is false then no refresh_token will be generated. Defaults to true. useRefreshTokensClientCredentials : bool, default is Undefined, optional @@ -900,6 +906,8 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProvider: realmIdSelector?: OpenidclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProviderRealmIDSelector + requireDpopBoundTokens?: bool + rootUrl?: str serviceAccountsEnabled?: bool @@ -1381,7 +1389,7 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientStatusAtProvider: adminUrl : str, default is Undefined, optional URL to the admin interface of the client. allowRefreshTokenInStandardTokenExchange : str, default is Undefined, optional - allow refresh token in standard token exchange + Defines whether to allow refresh token in Standard Token Exchange. Possible values are NO (default) and SAME_SESSION. alwaysDisplayInConsole : bool, default is Undefined, optional Always list this client in the Account UI, even if the user does not have an active session. authenticationFlowBindingOverrides : [OpenidclientKeycloakmCrossplaneIoV1alpha1ClientStatusAtProviderAuthenticationFlowBindingOverridesItems0], default is Undefined, optional @@ -1458,6 +1466,8 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientStatusAtProvider: The challenge method to use for Proof Key for Code Exchange. Can be either plain or S256 or set to empty value “. realmId : str, default is Undefined, optional The realm this client is attached to. + requireDpopBoundTokens : bool, default is Undefined, optional + Enable support for Demonstrating Proof-of-Possession (DPoP) bound tokens. resourceServerId : str, default is Undefined, optional (Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the .id attribute). rootUrl : str, default is Undefined, optional @@ -1469,7 +1479,7 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientStatusAtProvider: standardFlowEnabled : bool, default is Undefined, optional When true, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to false. standardTokenExchangeEnabled : bool, default is Undefined, optional - When false, this client will not be able to initiate a login or obtain access tokens. Defaults to true. + Enables support for Standard Token Exchange useRefreshTokens : bool, default is Undefined, optional If this is true, a refresh_token will be created and added to the token response. If this is false then no refresh_token will be generated. Defaults to true. useRefreshTokensClientCredentials : bool, default is Undefined, optional @@ -1567,6 +1577,8 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientStatusAtProvider: realmId?: str + requireDpopBoundTokens?: bool + resourceServerId?: str rootUrl?: str diff --git a/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client_authorization_resource.k b/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client_authorization_resource.k index 2fb954d8..707aef58 100644 --- a/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client_authorization_resource.k +++ b/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client_authorization_resource.k @@ -7,7 +7,7 @@ import k8s.apimachinery.pkg.apis.meta.v1 schema ClientAuthorizationResource: r""" - ClientAuthorizationResource is the Schema for the ClientAuthorizationResources API. + ClientAuthorizationResource is the Schema for the ClientAuthorizationResources API. Attributes ---------- @@ -77,33 +77,33 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientAuthorizationResourceSpecF Attributes ---------- attributes : {str:str}, default is Undefined, optional - attributes + A map of attributes for the resource. Values can be comma-separated lists. displayName : str, default is Undefined, optional - display name + The display name of the resource. iconUri : str, default is Undefined, optional - icon Uri + An icon URI for the resource. name : str, default is Undefined, optional - name + The name of the resource. ownerManagedAccess : bool, default is Undefined, optional - owner managed access + When true, this resource supports user-managed access. Defaults to false. realmId : str, default is Undefined, optional - realm Id + The realm this resource exists in. realmIdRef : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientAuthorizationResourceSpecForProviderRealmIDRef, default is Undefined, optional realm Id ref realmIdSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientAuthorizationResourceSpecForProviderRealmIDSelector, default is Undefined, optional realm Id selector resourceServerId : str, default is Undefined, optional - resource server Id + The ID of the resource server. resourceServerIdRef : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientAuthorizationResourceSpecForProviderResourceServerIDRef, default is Undefined, optional resource server Id ref resourceServerIdSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientAuthorizationResourceSpecForProviderResourceServerIDSelector, default is Undefined, optional resource server Id selector scopes : [str], default is Undefined, optional - scopes + A set of scope names that this resource uses. $type : str, default is Undefined, optional - type + The type of this resource (e.g., urn:myapp:resources:default). uris : [str], default is Undefined, optional - uris + A set of URIs that this resource represents. """ @@ -346,33 +346,33 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientAuthorizationResourceSpecI Attributes ---------- attributes : {str:str}, default is Undefined, optional - attributes + A map of attributes for the resource. Values can be comma-separated lists. displayName : str, default is Undefined, optional - display name + The display name of the resource. iconUri : str, default is Undefined, optional - icon Uri + An icon URI for the resource. name : str, default is Undefined, optional - name + The name of the resource. ownerManagedAccess : bool, default is Undefined, optional - owner managed access + When true, this resource supports user-managed access. Defaults to false. realmId : str, default is Undefined, optional - realm Id + The realm this resource exists in. realmIdRef : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientAuthorizationResourceSpecInitProviderRealmIDRef, default is Undefined, optional realm Id ref realmIdSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientAuthorizationResourceSpecInitProviderRealmIDSelector, default is Undefined, optional realm Id selector resourceServerId : str, default is Undefined, optional - resource server Id + The ID of the resource server. resourceServerIdRef : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientAuthorizationResourceSpecInitProviderResourceServerIDRef, default is Undefined, optional resource server Id ref resourceServerIdSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientAuthorizationResourceSpecInitProviderResourceServerIDSelector, default is Undefined, optional resource server Id selector scopes : [str], default is Undefined, optional - scopes + A set of scope names that this resource uses. $type : str, default is Undefined, optional - type + The type of this resource (e.g., urn:myapp:resources:default). uris : [str], default is Undefined, optional - uris + A set of URIs that this resource represents. """ @@ -667,27 +667,27 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientAuthorizationResourceStatu Attributes ---------- attributes : {str:str}, default is Undefined, optional - attributes + A map of attributes for the resource. Values can be comma-separated lists. displayName : str, default is Undefined, optional - display name + The display name of the resource. iconUri : str, default is Undefined, optional - icon Uri + An icon URI for the resource. id : str, default is Undefined, optional - id + Resource ID representing the authorization resource. name : str, default is Undefined, optional - name + The name of the resource. ownerManagedAccess : bool, default is Undefined, optional - owner managed access + When true, this resource supports user-managed access. Defaults to false. realmId : str, default is Undefined, optional - realm Id + The realm this resource exists in. resourceServerId : str, default is Undefined, optional - resource server Id + The ID of the resource server. scopes : [str], default is Undefined, optional - scopes + A set of scope names that this resource uses. $type : str, default is Undefined, optional - type + The type of this resource (e.g., urn:myapp:resources:default). uris : [str], default is Undefined, optional - uris + A set of URIs that this resource represents. """ diff --git a/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client_client_policy.k b/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client_client_policy.k index ee356288..6a98b138 100644 --- a/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client_client_policy.k +++ b/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client_client_policy.k @@ -77,31 +77,37 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecForProvide Attributes ---------- clients : [str], default is Undefined, optional - The clients allowed by this client policy. + A list of client IDs that this policy applies to. clientsRefs : [OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecForProviderClientsRefsItems0], default is Undefined, optional References to Client in openidclient to populate clients. clientsSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecForProviderClientsSelector, default is Undefined, optional clients selector decisionStrategy : str, default is Undefined, optional - (Computed) Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of AFFIRMATIVE, CONSENSUS, or UNANIMOUS. Applies to permissions. + The decision strategy, can be one of UNANIMOUS, AFFIRMATIVE, or CONSENSUS. description : str, default is Undefined, optional - The description of this client policy. + A description for the authorization policy. logic : str, default is Undefined, optional - (Computed) Dictates how the policy decision should be made. Can be either POSITIVE or NEGATIVE. Applies to policies. + The logic, can be one of POSITIVE or NEGATIVE. Defaults to POSITIVE. name : str, default is Undefined, optional - The name of this client policy. + The name of the policy. realmId : str, default is Undefined, optional - The realm this client policy exists within. + The realm this policy exists in. realmIdRef : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecForProviderRealmIDRef, default is Undefined, optional realm Id ref realmIdSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecForProviderRealmIDSelector, default is Undefined, optional realm Id selector resourceServerId : str, default is Undefined, optional - The ID of the resource server this client policy is attached to. + The ID of the resource server. resourceServerIdRef : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecForProviderResourceServerIDRef, default is Undefined, optional resource server Id ref resourceServerIdSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecForProviderResourceServerIDSelector, default is Undefined, optional resource server Id selector + samlClients : [str], default is Undefined, optional + A list of client IDs that this policy applies to. + samlClientsRefs : [OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecForProviderSamlClientsRefsItems0], default is Undefined, optional + References to Client in samlclient to populate samlClients. + samlClientsSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecForProviderSamlClientsSelector, default is Undefined, optional + saml clients selector """ @@ -131,6 +137,12 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecForProvide resourceServerIdSelector?: OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecForProviderResourceServerIDSelector + samlClients?: [str] + + samlClientsRefs?: [OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecForProviderSamlClientsRefsItems0] + + samlClientsSelector?: OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecForProviderSamlClientsSelector + schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecForProviderClientsRefsItems0: r""" @@ -423,6 +435,103 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecForProvide resolve?: "Always" | "IfNotPresent" +schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecForProviderSamlClientsRefsItems0: + r""" + A NamespacedReference to a named object. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + namespace : str, default is Undefined, optional + Namespace of the referenced object + policy : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecForProviderSamlClientsRefsItems0Policy, default is Undefined, optional + policy + """ + + + name: str + + namespace?: str + + policy?: OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecForProviderSamlClientsRefsItems0Policy + + +schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecForProviderSamlClientsRefsItems0Policy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecForProviderSamlClientsSelector: + r""" + Selector for a list of Client in samlclient to populate samlClients. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + namespace : str, default is Undefined, optional + Namespace for the selector + policy : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecForProviderSamlClientsSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + namespace?: str + + policy?: OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecForProviderSamlClientsSelectorPolicy + + +schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecForProviderSamlClientsSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecInitProvider: r""" THIS IS A BETA FIELD. It will be honored @@ -439,31 +548,37 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecInitProvid Attributes ---------- clients : [str], default is Undefined, optional - The clients allowed by this client policy. + A list of client IDs that this policy applies to. clientsRefs : [OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderClientsRefsItems0], default is Undefined, optional References to Client in openidclient to populate clients. clientsSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderClientsSelector, default is Undefined, optional clients selector decisionStrategy : str, default is Undefined, optional - (Computed) Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of AFFIRMATIVE, CONSENSUS, or UNANIMOUS. Applies to permissions. + The decision strategy, can be one of UNANIMOUS, AFFIRMATIVE, or CONSENSUS. description : str, default is Undefined, optional - The description of this client policy. + A description for the authorization policy. logic : str, default is Undefined, optional - (Computed) Dictates how the policy decision should be made. Can be either POSITIVE or NEGATIVE. Applies to policies. + The logic, can be one of POSITIVE or NEGATIVE. Defaults to POSITIVE. name : str, default is Undefined, optional - The name of this client policy. + The name of the policy. realmId : str, default is Undefined, optional - The realm this client policy exists within. + The realm this policy exists in. realmIdRef : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderRealmIDRef, default is Undefined, optional realm Id ref realmIdSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderRealmIDSelector, default is Undefined, optional realm Id selector resourceServerId : str, default is Undefined, optional - The ID of the resource server this client policy is attached to. + The ID of the resource server. resourceServerIdRef : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderResourceServerIDRef, default is Undefined, optional resource server Id ref resourceServerIdSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderResourceServerIDSelector, default is Undefined, optional resource server Id selector + samlClients : [str], default is Undefined, optional + A list of client IDs that this policy applies to. + samlClientsRefs : [OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderSamlClientsRefsItems0], default is Undefined, optional + References to Client in samlclient to populate samlClients. + samlClientsSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderSamlClientsSelector, default is Undefined, optional + saml clients selector """ @@ -493,6 +608,12 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecInitProvid resourceServerIdSelector?: OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderResourceServerIDSelector + samlClients?: [str] + + samlClientsRefs?: [OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderSamlClientsRefsItems0] + + samlClientsSelector?: OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderSamlClientsSelector + schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderClientsRefsItems0: r""" @@ -785,6 +906,103 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecInitProvid resolve?: "Always" | "IfNotPresent" +schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderSamlClientsRefsItems0: + r""" + A NamespacedReference to a named object. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + namespace : str, default is Undefined, optional + Namespace of the referenced object + policy : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderSamlClientsRefsItems0Policy, default is Undefined, optional + policy + """ + + + name: str + + namespace?: str + + policy?: OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderSamlClientsRefsItems0Policy + + +schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderSamlClientsRefsItems0Policy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderSamlClientsSelector: + r""" + Selector for a list of Client in samlclient to populate samlClients. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + namespace : str, default is Undefined, optional + Namespace for the selector + policy : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderSamlClientsSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + namespace?: str + + policy?: OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderSamlClientsSelectorPolicy + + +schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecInitProviderSamlClientsSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicySpecProviderConfigRef: r""" ProviderConfigReference specifies how the provider that will be used to @@ -853,21 +1071,23 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicyStatusAtProvid Attributes ---------- clients : [str], default is Undefined, optional - The clients allowed by this client policy. + A list of client IDs that this policy applies to. decisionStrategy : str, default is Undefined, optional - (Computed) Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of AFFIRMATIVE, CONSENSUS, or UNANIMOUS. Applies to permissions. + The decision strategy, can be one of UNANIMOUS, AFFIRMATIVE, or CONSENSUS. description : str, default is Undefined, optional - The description of this client policy. + A description for the authorization policy. id : str, default is Undefined, optional - id + Policy ID representing the client policy. logic : str, default is Undefined, optional - (Computed) Dictates how the policy decision should be made. Can be either POSITIVE or NEGATIVE. Applies to policies. + The logic, can be one of POSITIVE or NEGATIVE. Defaults to POSITIVE. name : str, default is Undefined, optional - The name of this client policy. + The name of the policy. realmId : str, default is Undefined, optional - The realm this client policy exists within. + The realm this policy exists in. resourceServerId : str, default is Undefined, optional - The ID of the resource server this client policy is attached to. + The ID of the resource server. + samlClients : [str], default is Undefined, optional + A list of client IDs that this policy applies to. """ @@ -887,6 +1107,8 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicyStatusAtProvid resourceServerId?: str + samlClients?: [str] + schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientClientPolicyStatusConditionsItems0: r""" diff --git a/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client_group_policy.k b/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client_group_policy.k index 028be156..b2f91d65 100644 --- a/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client_group_policy.k +++ b/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client_group_policy.k @@ -7,7 +7,7 @@ import k8s.apimachinery.pkg.apis.meta.v1 schema ClientGroupPolicy: r""" - ClientGroupPolicy is the Schema for the ClientGroupPolicys API. + ClientGroupPolicy is the Schema for the ClientGroupPolicys API. Attributes ---------- @@ -77,25 +77,25 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientGroupPolicySpecForProvider Attributes ---------- decisionStrategy : str, default is Undefined, optional - decision strategy + The decision strategy, can be one of UNANIMOUS, AFFIRMATIVE, or CONSENSUS. description : str, default is Undefined, optional - description + A description for the authorization policy. groups : [OpenidclientKeycloakmCrossplaneIoV1alpha1ClientGroupPolicySpecForProviderGroupsItems0], default is Undefined, optional - groups + A list of groups group. At least one group must be defined. groupsClaim : str, default is Undefined, optional - groups claim + The name of the claim in the token that contains the group information. logic : str, default is Undefined, optional - logic + The logic, can be one of POSITIVE or NEGATIVE. Defaults to POSITIVE. name : str, default is Undefined, optional - name + The name of the policy. realmId : str, default is Undefined, optional - realm Id + The realm this policy exists in. realmIdRef : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientGroupPolicySpecForProviderRealmIDRef, default is Undefined, optional realm Id ref realmIdSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientGroupPolicySpecForProviderRealmIDSelector, default is Undefined, optional realm Id selector resourceServerId : str, default is Undefined, optional - resource server Id + The ID of the resource server. resourceServerIdRef : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientGroupPolicySpecForProviderResourceServerIDRef, default is Undefined, optional resource server Id ref resourceServerIdSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientGroupPolicySpecForProviderResourceServerIDSelector, default is Undefined, optional @@ -135,15 +135,15 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientGroupPolicySpecForProvider Attributes ---------- extendChildren : bool, default is Undefined, optional - extend children + When true, the policy will also apply to all child groups of this group. id : str, default is Undefined, optional - id + The ID of the group. idRef : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientGroupPolicySpecForProviderGroupsItems0IDRef, default is Undefined, optional id ref idSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientGroupPolicySpecForProviderGroupsItems0IDSelector, default is Undefined, optional id selector path : str, default is Undefined, optional - path + The path of the group. """ @@ -465,25 +465,25 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientGroupPolicySpecInitProvide Attributes ---------- decisionStrategy : str, default is Undefined, optional - decision strategy + The decision strategy, can be one of UNANIMOUS, AFFIRMATIVE, or CONSENSUS. description : str, default is Undefined, optional - description + A description for the authorization policy. groups : [OpenidclientKeycloakmCrossplaneIoV1alpha1ClientGroupPolicySpecInitProviderGroupsItems0], default is Undefined, optional - groups + A list of groups group. At least one group must be defined. groupsClaim : str, default is Undefined, optional - groups claim + The name of the claim in the token that contains the group information. logic : str, default is Undefined, optional - logic + The logic, can be one of POSITIVE or NEGATIVE. Defaults to POSITIVE. name : str, default is Undefined, optional - name + The name of the policy. realmId : str, default is Undefined, optional - realm Id + The realm this policy exists in. realmIdRef : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientGroupPolicySpecInitProviderRealmIDRef, default is Undefined, optional realm Id ref realmIdSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientGroupPolicySpecInitProviderRealmIDSelector, default is Undefined, optional realm Id selector resourceServerId : str, default is Undefined, optional - resource server Id + The ID of the resource server. resourceServerIdRef : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientGroupPolicySpecInitProviderResourceServerIDRef, default is Undefined, optional resource server Id ref resourceServerIdSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientGroupPolicySpecInitProviderResourceServerIDSelector, default is Undefined, optional @@ -523,15 +523,15 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientGroupPolicySpecInitProvide Attributes ---------- extendChildren : bool, default is Undefined, optional - extend children + When true, the policy will also apply to all child groups of this group. id : str, default is Undefined, optional - id + The ID of the group. idRef : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientGroupPolicySpecInitProviderGroupsItems0IDRef, default is Undefined, optional id ref idSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientGroupPolicySpecInitProviderGroupsItems0IDSelector, default is Undefined, optional id selector path : str, default is Undefined, optional - path + The path of the group. """ @@ -905,23 +905,23 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientGroupPolicyStatusAtProvide Attributes ---------- decisionStrategy : str, default is Undefined, optional - decision strategy + The decision strategy, can be one of UNANIMOUS, AFFIRMATIVE, or CONSENSUS. description : str, default is Undefined, optional - description + A description for the authorization policy. groups : [OpenidclientKeycloakmCrossplaneIoV1alpha1ClientGroupPolicyStatusAtProviderGroupsItems0], default is Undefined, optional - groups + A list of groups group. At least one group must be defined. groupsClaim : str, default is Undefined, optional - groups claim + The name of the claim in the token that contains the group information. id : str, default is Undefined, optional - id + The ID of the group. logic : str, default is Undefined, optional - logic + The logic, can be one of POSITIVE or NEGATIVE. Defaults to POSITIVE. name : str, default is Undefined, optional - name + The name of the policy. realmId : str, default is Undefined, optional - realm Id + The realm this policy exists in. resourceServerId : str, default is Undefined, optional - resource server Id + The ID of the resource server. """ @@ -951,11 +951,11 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientGroupPolicyStatusAtProvide Attributes ---------- extendChildren : bool, default is Undefined, optional - extend children + When true, the policy will also apply to all child groups of this group. id : str, default is Undefined, optional - id + The ID of the group. path : str, default is Undefined, optional - path + The path of the group. """ diff --git a/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client_role_policy.k b/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client_role_policy.k index bfd96696..618e1853 100644 --- a/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client_role_policy.k +++ b/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client_role_policy.k @@ -7,7 +7,7 @@ import k8s.apimachinery.pkg.apis.meta.v1 schema ClientRolePolicy: r""" - ClientRolePolicy is the Schema for the ClientRolePolicys API. + ClientRolePolicy is the Schema for the ClientRolePolicys API. Attributes ---------- @@ -77,31 +77,31 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientRolePolicySpecForProvider: Attributes ---------- decisionStrategy : str, default is Undefined, optional - decision strategy + The decision strategy, can be one of UNANIMOUS, AFFIRMATIVE, or CONSENSUS. description : str, default is Undefined, optional - description + A description for the authorization policy. fetchRoles : bool, default is Undefined, optional - fetch roles + When true, roles will be fetched from the user's claims. Available in Keycloak 25+. logic : str, default is Undefined, optional - logic + The logic, can be one of POSITIVE or NEGATIVE. Defaults to POSITIVE. name : str, default is Undefined, optional - name + The name of the policy. realmId : str, default is Undefined, optional - realm Id + The realm this policy exists in. realmIdRef : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientRolePolicySpecForProviderRealmIDRef, default is Undefined, optional realm Id ref realmIdSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientRolePolicySpecForProviderRealmIDSelector, default is Undefined, optional realm Id selector resourceServerId : str, default is Undefined, optional - resource server Id + The ID of the resource server. resourceServerIdRef : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientRolePolicySpecForProviderResourceServerIDRef, default is Undefined, optional resource server Id ref resourceServerIdSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientRolePolicySpecForProviderResourceServerIDSelector, default is Undefined, optional resource server Id selector role : [OpenidclientKeycloakmCrossplaneIoV1alpha1ClientRolePolicySpecForProviderRoleItems0], default is Undefined, optional - role + A list of roles role. At least one role must be defined. $type : str, default is Undefined, optional - type + The type of policy. Must be role. """ @@ -333,13 +333,13 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientRolePolicySpecForProviderR Attributes ---------- id : str, default is Undefined, optional - id + The ID of the role. idRef : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientRolePolicySpecForProviderRoleItems0IDRef, default is Undefined, optional id ref idSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientRolePolicySpecForProviderRoleItems0IDSelector, default is Undefined, optional id selector required : bool, default is Undefined, optional - required + When true, this role must be present for the policy to grant access. """ @@ -465,31 +465,31 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientRolePolicySpecInitProvider Attributes ---------- decisionStrategy : str, default is Undefined, optional - decision strategy + The decision strategy, can be one of UNANIMOUS, AFFIRMATIVE, or CONSENSUS. description : str, default is Undefined, optional - description + A description for the authorization policy. fetchRoles : bool, default is Undefined, optional - fetch roles + When true, roles will be fetched from the user's claims. Available in Keycloak 25+. logic : str, default is Undefined, optional - logic + The logic, can be one of POSITIVE or NEGATIVE. Defaults to POSITIVE. name : str, default is Undefined, optional - name + The name of the policy. realmId : str, default is Undefined, optional - realm Id + The realm this policy exists in. realmIdRef : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientRolePolicySpecInitProviderRealmIDRef, default is Undefined, optional realm Id ref realmIdSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientRolePolicySpecInitProviderRealmIDSelector, default is Undefined, optional realm Id selector resourceServerId : str, default is Undefined, optional - resource server Id + The ID of the resource server. resourceServerIdRef : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientRolePolicySpecInitProviderResourceServerIDRef, default is Undefined, optional resource server Id ref resourceServerIdSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientRolePolicySpecInitProviderResourceServerIDSelector, default is Undefined, optional resource server Id selector role : [OpenidclientKeycloakmCrossplaneIoV1alpha1ClientRolePolicySpecInitProviderRoleItems0], default is Undefined, optional - role + A list of roles role. At least one role must be defined. $type : str, default is Undefined, optional - type + The type of policy. Must be role. """ @@ -721,13 +721,13 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientRolePolicySpecInitProvider Attributes ---------- id : str, default is Undefined, optional - id + The ID of the role. idRef : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientRolePolicySpecInitProviderRoleItems0IDRef, default is Undefined, optional id ref idSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientRolePolicySpecInitProviderRoleItems0IDSelector, default is Undefined, optional id selector required : bool, default is Undefined, optional - required + When true, this role must be present for the policy to grant access. """ @@ -905,25 +905,25 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientRolePolicyStatusAtProvider Attributes ---------- decisionStrategy : str, default is Undefined, optional - decision strategy + The decision strategy, can be one of UNANIMOUS, AFFIRMATIVE, or CONSENSUS. description : str, default is Undefined, optional - description + A description for the authorization policy. fetchRoles : bool, default is Undefined, optional - fetch roles + When true, roles will be fetched from the user's claims. Available in Keycloak 25+. id : str, default is Undefined, optional - id + The ID of the role. logic : str, default is Undefined, optional - logic + The logic, can be one of POSITIVE or NEGATIVE. Defaults to POSITIVE. name : str, default is Undefined, optional - name + The name of the policy. realmId : str, default is Undefined, optional - realm Id + The realm this policy exists in. resourceServerId : str, default is Undefined, optional - resource server Id + The ID of the resource server. role : [OpenidclientKeycloakmCrossplaneIoV1alpha1ClientRolePolicyStatusAtProviderRoleItems0], default is Undefined, optional - role + A list of roles role. At least one role must be defined. $type : str, default is Undefined, optional - type + The type of policy. Must be role. """ @@ -955,9 +955,9 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientRolePolicyStatusAtProvider Attributes ---------- id : str, default is Undefined, optional - id + The ID of the role. required : bool, default is Undefined, optional - required + When true, this role must be present for the policy to grant access. """ diff --git a/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client_scope.k b/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client_scope.k index ebf08470..c9f35707 100644 --- a/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client_scope.k +++ b/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client_scope.k @@ -80,10 +80,15 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientScopeSpecForProvider: When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. description : str, default is Undefined, optional The description of this client scope in the GUI. + extraConfig : {str:str}, default is Undefined, optional + A map of key/value pairs to add extra configuration attributes to this client scope. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates. + extra_config = { + "myattribute" = "myvalue" + } guiOrder : float, default is Undefined, optional Specify order of the client scope in GUI (such as in Consent page) as integer. includeInTokenScope : bool, default is Undefined, optional - When true, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. + When true, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. When false, this scope will be omitted from the token and from the Token Introspection Endpoint response. Defaults to true. name : str, default is Undefined, optional The display name of this client scope in the GUI. realmId : str, default is Undefined, optional @@ -99,6 +104,8 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientScopeSpecForProvider: description?: str + extraConfig?: {str:str} + guiOrder?: float includeInTokenScope?: bool @@ -228,10 +235,15 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientScopeSpecInitProvider: When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. description : str, default is Undefined, optional The description of this client scope in the GUI. + extraConfig : {str:str}, default is Undefined, optional + A map of key/value pairs to add extra configuration attributes to this client scope. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates. + extra_config = { + "myattribute" = "myvalue" + } guiOrder : float, default is Undefined, optional Specify order of the client scope in GUI (such as in Consent page) as integer. includeInTokenScope : bool, default is Undefined, optional - When true, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. + When true, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. When false, this scope will be omitted from the token and from the Token Introspection Endpoint response. Defaults to true. name : str, default is Undefined, optional The display name of this client scope in the GUI. realmId : str, default is Undefined, optional @@ -247,6 +259,8 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientScopeSpecInitProvider: description?: str + extraConfig?: {str:str} + guiOrder?: float includeInTokenScope?: bool @@ -428,12 +442,17 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientScopeStatusAtProvider: When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. description : str, default is Undefined, optional The description of this client scope in the GUI. + extraConfig : {str:str}, default is Undefined, optional + A map of key/value pairs to add extra configuration attributes to this client scope. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates. + extra_config = { + "myattribute" = "myvalue" + } guiOrder : float, default is Undefined, optional Specify order of the client scope in GUI (such as in Consent page) as integer. id : str, default is Undefined, optional id includeInTokenScope : bool, default is Undefined, optional - When true, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. + When true, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response. When false, this scope will be omitted from the token and from the Token Introspection Endpoint response. Defaults to true. name : str, default is Undefined, optional The display name of this client scope in the GUI. realmId : str, default is Undefined, optional @@ -445,6 +464,8 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientScopeStatusAtProvider: description?: str + extraConfig?: {str:str} + guiOrder?: float id?: str diff --git a/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client_user_policy.k b/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client_user_policy.k index 3e8aaa2c..3b02e17c 100644 --- a/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client_user_policy.k +++ b/crossplane_provider_keycloak/namespaced/openidclient/v1alpha1/openidclient_keycloakm_crossplane_io_v1alpha1_client_user_policy.k @@ -7,7 +7,7 @@ import k8s.apimachinery.pkg.apis.meta.v1 schema ClientUserPolicy: r""" - ClientUserPolicy is the Schema for the ClientUserPolicys API. + ClientUserPolicy is the Schema for the ClientUserPolicys API. Attributes ---------- @@ -77,27 +77,27 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientUserPolicySpecForProvider: Attributes ---------- decisionStrategy : str, default is Undefined, optional - decision strategy + The decision strategy, can be one of UNANIMOUS, AFFIRMATIVE, or CONSENSUS. description : str, default is Undefined, optional - description + A description for the authorization policy. logic : str, default is Undefined, optional - logic + The logic, can be one of POSITIVE or NEGATIVE. Defaults to POSITIVE. name : str, default is Undefined, optional - name + The name of the policy. realmId : str, default is Undefined, optional - realm Id + The realm this policy exists in. realmIdRef : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientUserPolicySpecForProviderRealmIDRef, default is Undefined, optional realm Id ref realmIdSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientUserPolicySpecForProviderRealmIDSelector, default is Undefined, optional realm Id selector resourceServerId : str, default is Undefined, optional - resource server Id + The ID of the resource server. resourceServerIdRef : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientUserPolicySpecForProviderResourceServerIDRef, default is Undefined, optional resource server Id ref resourceServerIdSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientUserPolicySpecForProviderResourceServerIDSelector, default is Undefined, optional resource server Id selector users : [str], default is Undefined, optional - users + A list of user IDs that this policy applies to. usersRefs : [OpenidclientKeycloakmCrossplaneIoV1alpha1ClientUserPolicySpecForProviderUsersRefsItems0], default is Undefined, optional References to User in user to populate users. usersSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientUserPolicySpecForProviderUsersSelector, default is Undefined, optional @@ -439,27 +439,27 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientUserPolicySpecInitProvider Attributes ---------- decisionStrategy : str, default is Undefined, optional - decision strategy + The decision strategy, can be one of UNANIMOUS, AFFIRMATIVE, or CONSENSUS. description : str, default is Undefined, optional - description + A description for the authorization policy. logic : str, default is Undefined, optional - logic + The logic, can be one of POSITIVE or NEGATIVE. Defaults to POSITIVE. name : str, default is Undefined, optional - name + The name of the policy. realmId : str, default is Undefined, optional - realm Id + The realm this policy exists in. realmIdRef : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientUserPolicySpecInitProviderRealmIDRef, default is Undefined, optional realm Id ref realmIdSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientUserPolicySpecInitProviderRealmIDSelector, default is Undefined, optional realm Id selector resourceServerId : str, default is Undefined, optional - resource server Id + The ID of the resource server. resourceServerIdRef : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientUserPolicySpecInitProviderResourceServerIDRef, default is Undefined, optional resource server Id ref resourceServerIdSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientUserPolicySpecInitProviderResourceServerIDSelector, default is Undefined, optional resource server Id selector users : [str], default is Undefined, optional - users + A list of user IDs that this policy applies to. usersRefs : [OpenidclientKeycloakmCrossplaneIoV1alpha1ClientUserPolicySpecInitProviderUsersRefsItems0], default is Undefined, optional References to User in user to populate users. usersSelector : OpenidclientKeycloakmCrossplaneIoV1alpha1ClientUserPolicySpecInitProviderUsersSelector, default is Undefined, optional @@ -853,21 +853,21 @@ schema OpenidclientKeycloakmCrossplaneIoV1alpha1ClientUserPolicyStatusAtProvider Attributes ---------- decisionStrategy : str, default is Undefined, optional - decision strategy + The decision strategy, can be one of UNANIMOUS, AFFIRMATIVE, or CONSENSUS. description : str, default is Undefined, optional - description + A description for the authorization policy. id : str, default is Undefined, optional - id + Policy ID representing the user policy. logic : str, default is Undefined, optional - logic + The logic, can be one of POSITIVE or NEGATIVE. Defaults to POSITIVE. name : str, default is Undefined, optional - name + The name of the policy. realmId : str, default is Undefined, optional - realm Id + The realm this policy exists in. resourceServerId : str, default is Undefined, optional - resource server Id + The ID of the resource server. users : [str], default is Undefined, optional - users + A list of user IDs that this policy applies to. """ diff --git a/crossplane_provider_keycloak/namespaced/organization/v1alpha1/organization_keycloakm_crossplane_io_v1alpha1_organization.k b/crossplane_provider_keycloak/namespaced/organization/v1alpha1/organization_keycloakm_crossplane_io_v1alpha1_organization.k index 604f88c7..8e5d7f0c 100644 --- a/crossplane_provider_keycloak/namespaced/organization/v1alpha1/organization_keycloakm_crossplane_io_v1alpha1_organization.k +++ b/crossplane_provider_keycloak/namespaced/organization/v1alpha1/organization_keycloakm_crossplane_io_v1alpha1_organization.k @@ -84,7 +84,7 @@ schema OrganizationKeycloakmCrossplaneIoV1alpha1OrganizationSpecForProvider: description : str, default is Undefined, optional The description of the organization. domain : [OrganizationKeycloakmCrossplaneIoV1alpha1OrganizationSpecForProviderDomainItems0], default is Undefined, optional - A list of domains. At least one domain is required. + A list of domains. enabled : bool, default is Undefined, optional Enable/disable this organization. name : str, default is Undefined, optional @@ -262,7 +262,7 @@ schema OrganizationKeycloakmCrossplaneIoV1alpha1OrganizationSpecInitProvider: description : str, default is Undefined, optional The description of the organization. domain : [OrganizationKeycloakmCrossplaneIoV1alpha1OrganizationSpecInitProviderDomainItems0], default is Undefined, optional - A list of domains. At least one domain is required. + A list of domains. enabled : bool, default is Undefined, optional Enable/disable this organization. name : str, default is Undefined, optional @@ -492,7 +492,7 @@ schema OrganizationKeycloakmCrossplaneIoV1alpha1OrganizationStatusAtProvider: description : str, default is Undefined, optional The description of the organization. domain : [OrganizationKeycloakmCrossplaneIoV1alpha1OrganizationStatusAtProviderDomainItems0], default is Undefined, optional - A list of domains. At least one domain is required. + A list of domains. enabled : bool, default is Undefined, optional Enable/disable this organization. id : str, default is Undefined, optional diff --git a/crossplane_provider_keycloak/namespaced/realm/v1alpha1/realm_keycloakm_crossplane_io_v1alpha1_keystore_rsa.k b/crossplane_provider_keycloak/namespaced/realm/v1alpha1/realm_keycloakm_crossplane_io_v1alpha1_keystore_rsa.k index 31677f81..b579bcc9 100644 --- a/crossplane_provider_keycloak/namespaced/realm/v1alpha1/realm_keycloakm_crossplane_io_v1alpha1_keystore_rsa.k +++ b/crossplane_provider_keycloak/namespaced/realm/v1alpha1/realm_keycloakm_crossplane_io_v1alpha1_keystore_rsa.k @@ -87,6 +87,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1KeystoreRsaSpecForProvider: enabled : bool, default is Undefined, optional When false, key is not accessible in this realm. Defaults to true. Set if the keys are enabled + extraConfig : {str:str}, default is Undefined, optional + Map of additional provider configuration options passed through to the Keycloak component config. For RSA keystores this can include keys like kid. name : str, default is Undefined, optional Display name of provider when linked in admin console. Display name of provider when linked in admin console. @@ -115,6 +117,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1KeystoreRsaSpecForProvider: enabled?: bool + extraConfig?: {str:str} + name?: str priority?: float @@ -291,6 +295,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1KeystoreRsaSpecInitProvider: enabled : bool, default is Undefined, optional When false, key is not accessible in this realm. Defaults to true. Set if the keys are enabled + extraConfig : {str:str}, default is Undefined, optional + Map of additional provider configuration options passed through to the Keycloak component config. For RSA keystores this can include keys like kid. name : str, default is Undefined, optional Display name of provider when linked in admin console. Display name of provider when linked in admin console. @@ -319,6 +325,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1KeystoreRsaSpecInitProvider: enabled?: bool + extraConfig?: {str:str} + name?: str priority?: float @@ -545,6 +553,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1KeystoreRsaStatusAtProvider: enabled : bool, default is Undefined, optional When false, key is not accessible in this realm. Defaults to true. Set if the keys are enabled + extraConfig : {str:str}, default is Undefined, optional + Map of additional provider configuration options passed through to the Keycloak component config. For RSA keystores this can include keys like kid. id : str, default is Undefined, optional id name : str, default is Undefined, optional @@ -567,6 +577,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1KeystoreRsaStatusAtProvider: enabled?: bool + extraConfig?: {str:str} + id?: str name?: str diff --git a/crossplane_provider_keycloak/namespaced/realm/v1alpha1/realm_keycloakm_crossplane_io_v1alpha1_realm.k b/crossplane_provider_keycloak/namespaced/realm/v1alpha1/realm_keycloakm_crossplane_io_v1alpha1_realm.k index 06a1caaa..ee7ca0f5 100644 --- a/crossplane_provider_keycloak/namespaced/realm/v1alpha1/realm_keycloakm_crossplane_io_v1alpha1_realm.k +++ b/crossplane_provider_keycloak/namespaced/realm/v1alpha1/realm_keycloakm_crossplane_io_v1alpha1_realm.k @@ -92,6 +92,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecForProvider: The maximum time a user has to use an admin-generated permit before it expires. actionTokenGeneratedByUserLifespan : str, default is Undefined, optional The maximum time a user has to use a user-generated permit before it expires. + adminPermissionsEnabled : bool, default is Undefined, optional + Enables the use of fine grained permissions v2 adminTheme : str, default is Undefined, optional Used for the admin console. attributes : {str:str}, default is Undefined, optional @@ -193,6 +195,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecForProvider: The maximum amount of time before a session expires regardless of activity. ssoSessionMaxLifespanRememberMe : str, default is Undefined, optional Similar to sso_session_max_lifespan, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of sso_session_max_lifespan. + terraformDeletionProtection : bool, default is Undefined, optional + When set to true, the realm cannot be deleted. Defaults to false. userManagedAccess : bool, default is Undefined, optional When true, users are allowed to manage their own resources. Defaults to false. verifyEmail : bool, default is Undefined, optional @@ -220,6 +224,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecForProvider: actionTokenGeneratedByUserLifespan?: str + adminPermissionsEnabled?: bool + adminTheme?: str attributes?: {str:str} @@ -312,6 +318,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecForProvider: ssoSessionMaxLifespanRememberMe?: str + terraformDeletionProtection?: bool + userManagedAccess?: bool verifyEmail?: bool @@ -381,8 +389,10 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0: Attributes ---------- + allowUtf8 : bool, default is Undefined, optional + allow Utf8 auth : [RealmKeycloakmCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0AuthItems0], default is Undefined, optional - Enables authentication to the SMTP server. This block supports the following arguments: + Enables authentication to the SMTP server. Cannot be set alongside token_auth. This block supports the following arguments: envelopeFrom : str, default is Undefined, optional The email address uses for bounces. from : str, default is Undefined, optional @@ -401,9 +411,13 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0: When true, enables SSL. Defaults to false. starttls : bool, default is Undefined, optional When true, enables StartTLS. Defaults to false. + tokenAuth : [RealmKeycloakmCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0TokenAuthItems0], default is Undefined, optional + Enables authentication to the SMTP server through OAUTH2. Cannot be set alongside auth. This block supports the following arguments: """ + allowUtf8?: bool + auth?: [RealmKeycloakmCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0AuthItems0] envelopeFrom?: str @@ -424,6 +438,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0: starttls?: bool + tokenAuth?: [RealmKeycloakmCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0TokenAuthItems0] + schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0AuthItems0: r""" @@ -461,6 +477,54 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0Aut name: str +schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0TokenAuthItems0: + r""" + realm keycloakm crossplane io v1alpha1 realm spec for provider SMTP server items0 token auth items0 + + Attributes + ---------- + clientId : str, default is Undefined, optional + The auth token client ID. + clientSecretSecretRef : RealmKeycloakmCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0TokenAuthItems0ClientSecretSecretRef, default is Undefined, optional + client secret secret ref + scope : str, default is Undefined, optional + The auth token scope. + url : str, default is Undefined, optional + The auth token URL. + username : str, default is Undefined, optional + The SMTP server username. + """ + + + clientId?: str + + clientSecretSecretRef?: RealmKeycloakmCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0TokenAuthItems0ClientSecretSecretRef + + scope?: str + + url?: str + + username?: str + + +schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecForProviderSMTPServerItems0TokenAuthItems0ClientSecretSecretRef: + r""" + The auth token client secret. + + Attributes + ---------- + key : str, default is Undefined, required + key + name : str, default is Undefined, required + Name of the secret. + """ + + + key: str + + name: str + + schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecForProviderSecurityDefensesItems0: r""" realm keycloakm crossplane io v1alpha1 realm spec for provider security defenses items0 @@ -491,6 +555,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecForProviderSecurityDefensesIte max failure wait seconds maxLoginFailures : float, default is Undefined, optional How many failures before wait is triggered. + maxTemporaryLockouts : float, default is Undefined, optional + How many temporary lockouts are permitted before a user is permanently locked out. permanent_lockout needs to be true. Defaults to 0 minimumQuickLoginWaitSeconds : float, default is Undefined, optional How long to wait after a quick login failure. permanentLockout : bool, default is Undefined, optional @@ -508,6 +574,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecForProviderSecurityDefensesIte maxLoginFailures?: float + maxTemporaryLockouts?: float + minimumQuickLoginWaitSeconds?: float permanentLockout?: bool @@ -708,6 +776,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecInitProvider: The maximum time a user has to use an admin-generated permit before it expires. actionTokenGeneratedByUserLifespan : str, default is Undefined, optional The maximum time a user has to use a user-generated permit before it expires. + adminPermissionsEnabled : bool, default is Undefined, optional + Enables the use of fine grained permissions v2 adminTheme : str, default is Undefined, optional Used for the admin console. attributes : {str:str}, default is Undefined, optional @@ -809,6 +879,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecInitProvider: The maximum amount of time before a session expires regardless of activity. ssoSessionMaxLifespanRememberMe : str, default is Undefined, optional Similar to sso_session_max_lifespan, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of sso_session_max_lifespan. + terraformDeletionProtection : bool, default is Undefined, optional + When set to true, the realm cannot be deleted. Defaults to false. userManagedAccess : bool, default is Undefined, optional When true, users are allowed to manage their own resources. Defaults to false. verifyEmail : bool, default is Undefined, optional @@ -836,6 +908,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecInitProvider: actionTokenGeneratedByUserLifespan?: str + adminPermissionsEnabled?: bool + adminTheme?: str attributes?: {str:str} @@ -928,6 +1002,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecInitProvider: ssoSessionMaxLifespanRememberMe?: str + terraformDeletionProtection?: bool + userManagedAccess?: bool verifyEmail?: bool @@ -997,8 +1073,10 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0: Attributes ---------- + allowUtf8 : bool, default is Undefined, optional + allow Utf8 auth : [RealmKeycloakmCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0AuthItems0], default is Undefined, optional - Enables authentication to the SMTP server. This block supports the following arguments: + Enables authentication to the SMTP server. Cannot be set alongside token_auth. This block supports the following arguments: envelopeFrom : str, default is Undefined, optional The email address uses for bounces. from : str, default is Undefined, optional @@ -1017,9 +1095,13 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0: When true, enables SSL. Defaults to false. starttls : bool, default is Undefined, optional When true, enables StartTLS. Defaults to false. + tokenAuth : [RealmKeycloakmCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0TokenAuthItems0], default is Undefined, optional + Enables authentication to the SMTP server through OAUTH2. Cannot be set alongside auth. This block supports the following arguments: """ + allowUtf8?: bool + auth?: [RealmKeycloakmCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0AuthItems0] envelopeFrom?: str @@ -1040,6 +1122,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0: starttls?: bool + tokenAuth?: [RealmKeycloakmCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0TokenAuthItems0] + schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0AuthItems0: r""" @@ -1077,6 +1161,54 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0Au name: str +schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0TokenAuthItems0: + r""" + realm keycloakm crossplane io v1alpha1 realm spec init provider SMTP server items0 token auth items0 + + Attributes + ---------- + clientId : str, default is Undefined, optional + The auth token client ID. + clientSecretSecretRef : RealmKeycloakmCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0TokenAuthItems0ClientSecretSecretRef, default is Undefined, required + client secret secret ref + scope : str, default is Undefined, optional + The auth token scope. + url : str, default is Undefined, optional + The auth token URL. + username : str, default is Undefined, optional + The SMTP server username. + """ + + + clientId?: str + + clientSecretSecretRef: RealmKeycloakmCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0TokenAuthItems0ClientSecretSecretRef + + scope?: str + + url?: str + + username?: str + + +schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecInitProviderSMTPServerItems0TokenAuthItems0ClientSecretSecretRef: + r""" + The auth token client secret. + + Attributes + ---------- + key : str, default is Undefined, required + key + name : str, default is Undefined, required + Name of the secret. + """ + + + key: str + + name: str + + schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecInitProviderSecurityDefensesItems0: r""" realm keycloakm crossplane io v1alpha1 realm spec init provider security defenses items0 @@ -1107,6 +1239,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecInitProviderSecurityDefensesIt max failure wait seconds maxLoginFailures : float, default is Undefined, optional How many failures before wait is triggered. + maxTemporaryLockouts : float, default is Undefined, optional + How many temporary lockouts are permitted before a user is permanently locked out. permanent_lockout needs to be true. Defaults to 0 minimumQuickLoginWaitSeconds : float, default is Undefined, optional How long to wait after a quick login failure. permanentLockout : bool, default is Undefined, optional @@ -1124,6 +1258,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmSpecInitProviderSecurityDefensesIt maxLoginFailures?: float + maxTemporaryLockouts?: float + minimumQuickLoginWaitSeconds?: float permanentLockout?: bool @@ -1376,6 +1512,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmStatusAtProvider: The maximum time a user has to use an admin-generated permit before it expires. actionTokenGeneratedByUserLifespan : str, default is Undefined, optional The maximum time a user has to use a user-generated permit before it expires. + adminPermissionsEnabled : bool, default is Undefined, optional + Enables the use of fine grained permissions v2 adminTheme : str, default is Undefined, optional Used for the admin console. attributes : {str:str}, default is Undefined, optional @@ -1479,6 +1617,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmStatusAtProvider: The maximum amount of time before a session expires regardless of activity. ssoSessionMaxLifespanRememberMe : str, default is Undefined, optional Similar to sso_session_max_lifespan, but used when a user clicks "Remember Me". If not set, Keycloak will default to the value of sso_session_max_lifespan. + terraformDeletionProtection : bool, default is Undefined, optional + When set to true, the realm cannot be deleted. Defaults to false. userManagedAccess : bool, default is Undefined, optional When true, users are allowed to manage their own resources. Defaults to false. verifyEmail : bool, default is Undefined, optional @@ -1506,6 +1646,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmStatusAtProvider: actionTokenGeneratedByUserLifespan?: str + adminPermissionsEnabled?: bool + adminTheme?: str attributes?: {str:str} @@ -1600,6 +1742,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmStatusAtProvider: ssoSessionMaxLifespanRememberMe?: str + terraformDeletionProtection?: bool + userManagedAccess?: bool verifyEmail?: bool @@ -1669,8 +1813,10 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmStatusAtProviderSMTPServerItems0: Attributes ---------- + allowUtf8 : bool, default is Undefined, optional + allow Utf8 auth : [RealmKeycloakmCrossplaneIoV1alpha1RealmStatusAtProviderSMTPServerItems0AuthItems0], default is Undefined, optional - Enables authentication to the SMTP server. This block supports the following arguments: + Enables authentication to the SMTP server. Cannot be set alongside token_auth. This block supports the following arguments: envelopeFrom : str, default is Undefined, optional The email address uses for bounces. from : str, default is Undefined, optional @@ -1689,9 +1835,13 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmStatusAtProviderSMTPServerItems0: When true, enables SSL. Defaults to false. starttls : bool, default is Undefined, optional When true, enables StartTLS. Defaults to false. + tokenAuth : [RealmKeycloakmCrossplaneIoV1alpha1RealmStatusAtProviderSMTPServerItems0TokenAuthItems0], default is Undefined, optional + Enables authentication to the SMTP server through OAUTH2. Cannot be set alongside auth. This block supports the following arguments: """ + allowUtf8?: bool + auth?: [RealmKeycloakmCrossplaneIoV1alpha1RealmStatusAtProviderSMTPServerItems0AuthItems0] envelopeFrom?: str @@ -1712,6 +1862,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmStatusAtProviderSMTPServerItems0: starttls?: bool + tokenAuth?: [RealmKeycloakmCrossplaneIoV1alpha1RealmStatusAtProviderSMTPServerItems0TokenAuthItems0] + schema RealmKeycloakmCrossplaneIoV1alpha1RealmStatusAtProviderSMTPServerItems0AuthItems0: r""" @@ -1727,6 +1879,32 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmStatusAtProviderSMTPServerItems0Au username?: str +schema RealmKeycloakmCrossplaneIoV1alpha1RealmStatusAtProviderSMTPServerItems0TokenAuthItems0: + r""" + realm keycloakm crossplane io v1alpha1 realm status at provider SMTP server items0 token auth items0 + + Attributes + ---------- + clientId : str, default is Undefined, optional + The auth token client ID. + scope : str, default is Undefined, optional + The auth token scope. + url : str, default is Undefined, optional + The auth token URL. + username : str, default is Undefined, optional + The SMTP server username. + """ + + + clientId?: str + + scope?: str + + url?: str + + username?: str + + schema RealmKeycloakmCrossplaneIoV1alpha1RealmStatusAtProviderSecurityDefensesItems0: r""" realm keycloakm crossplane io v1alpha1 realm status at provider security defenses items0 @@ -1757,6 +1935,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmStatusAtProviderSecurityDefensesIt max failure wait seconds maxLoginFailures : float, default is Undefined, optional How many failures before wait is triggered. + maxTemporaryLockouts : float, default is Undefined, optional + How many temporary lockouts are permitted before a user is permanently locked out. permanent_lockout needs to be true. Defaults to 0 minimumQuickLoginWaitSeconds : float, default is Undefined, optional How long to wait after a quick login failure. permanentLockout : bool, default is Undefined, optional @@ -1774,6 +1954,8 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RealmStatusAtProviderSecurityDefensesIt maxLoginFailures?: float + maxTemporaryLockouts?: float + minimumQuickLoginWaitSeconds?: float permanentLockout?: bool diff --git a/crossplane_provider_keycloak/namespaced/realm/v1alpha1/realm_keycloakm_crossplane_io_v1alpha1_required_action.k b/crossplane_provider_keycloak/namespaced/realm/v1alpha1/realm_keycloakm_crossplane_io_v1alpha1_required_action.k index b4bf0341..652117ae 100644 --- a/crossplane_provider_keycloak/namespaced/realm/v1alpha1/realm_keycloakm_crossplane_io_v1alpha1_required_action.k +++ b/crossplane_provider_keycloak/namespaced/realm/v1alpha1/realm_keycloakm_crossplane_io_v1alpha1_required_action.k @@ -77,7 +77,7 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RequiredActionSpecForProvider: Attributes ---------- alias : str, default is Undefined, optional - The alias of the action to attach as a required action. + The alias of the action to attach as a required action. Case sensitive. config : {str:str}, default is Undefined, optional The configuration. Keys are specific to each configurable required action and not checked when applying. defaultAction : bool, default is Undefined, optional @@ -85,9 +85,9 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RequiredActionSpecForProvider: enabled : bool, default is Undefined, optional When false, the required action is not enabled for new users. Defaults to false. name : str, default is Undefined, optional - The name of the required action. + The name of the required action to use in the UI. priority : float, default is Undefined, optional - The priority of the required action. + An integer to specify the running order of required actions with lower numbers meaning higher precedence. realmId : str, default is Undefined, optional The realm the required action exists in. realmIdRef : RealmKeycloakmCrossplaneIoV1alpha1RequiredActionSpecForProviderRealmIDRef, default is Undefined, optional @@ -229,7 +229,7 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RequiredActionSpecInitProvider: Attributes ---------- alias : str, default is Undefined, optional - The alias of the action to attach as a required action. + The alias of the action to attach as a required action. Case sensitive. config : {str:str}, default is Undefined, optional The configuration. Keys are specific to each configurable required action and not checked when applying. defaultAction : bool, default is Undefined, optional @@ -237,9 +237,9 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RequiredActionSpecInitProvider: enabled : bool, default is Undefined, optional When false, the required action is not enabled for new users. Defaults to false. name : str, default is Undefined, optional - The name of the required action. + The name of the required action to use in the UI. priority : float, default is Undefined, optional - The priority of the required action. + An integer to specify the running order of required actions with lower numbers meaning higher precedence. realmId : str, default is Undefined, optional The realm the required action exists in. realmIdRef : RealmKeycloakmCrossplaneIoV1alpha1RequiredActionSpecInitProviderRealmIDRef, default is Undefined, optional @@ -433,7 +433,7 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RequiredActionStatusAtProvider: Attributes ---------- alias : str, default is Undefined, optional - The alias of the action to attach as a required action. + The alias of the action to attach as a required action. Case sensitive. config : {str:str}, default is Undefined, optional The configuration. Keys are specific to each configurable required action and not checked when applying. defaultAction : bool, default is Undefined, optional @@ -443,9 +443,9 @@ schema RealmKeycloakmCrossplaneIoV1alpha1RequiredActionStatusAtProvider: id : str, default is Undefined, optional id name : str, default is Undefined, optional - The name of the required action. + The name of the required action to use in the UI. priority : float, default is Undefined, optional - The priority of the required action. + An integer to specify the running order of required actions with lower numbers meaning higher precedence. realmId : str, default is Undefined, optional The realm the required action exists in. """ diff --git a/crossplane_provider_keycloak/namespaced/role/v1alpha1/role_keycloakm_crossplane_io_v1alpha1_role.k b/crossplane_provider_keycloak/namespaced/role/v1alpha1/role_keycloakm_crossplane_io_v1alpha1_role.k index c23bbda1..7695be63 100644 --- a/crossplane_provider_keycloak/namespaced/role/v1alpha1/role_keycloakm_crossplane_io_v1alpha1_role.k +++ b/crossplane_provider_keycloak/namespaced/role/v1alpha1/role_keycloakm_crossplane_io_v1alpha1_role.k @@ -102,6 +102,12 @@ schema RoleKeycloakmCrossplaneIoV1alpha1RoleSpecForProvider: realm Id ref realmIdSelector : RoleKeycloakmCrossplaneIoV1alpha1RoleSpecForProviderRealmIDSelector, default is Undefined, optional realm Id selector + samlClientId : str, default is Undefined, optional + When specified, this role will be created as a client role attached to the client with the provided ID + samlClientIdRef : RoleKeycloakmCrossplaneIoV1alpha1RoleSpecForProviderSamlClientIDRef, default is Undefined, optional + saml client Id ref + samlClientIdSelector : RoleKeycloakmCrossplaneIoV1alpha1RoleSpecForProviderSamlClientIDSelector, default is Undefined, optional + saml client Id selector """ @@ -131,6 +137,12 @@ schema RoleKeycloakmCrossplaneIoV1alpha1RoleSpecForProvider: realmIdSelector?: RoleKeycloakmCrossplaneIoV1alpha1RoleSpecForProviderRealmIDSelector + samlClientId?: str + + samlClientIdRef?: RoleKeycloakmCrossplaneIoV1alpha1RoleSpecForProviderSamlClientIDRef + + samlClientIdSelector?: RoleKeycloakmCrossplaneIoV1alpha1RoleSpecForProviderSamlClientIDSelector + schema RoleKeycloakmCrossplaneIoV1alpha1RoleSpecForProviderClientIDRef: r""" @@ -423,6 +435,103 @@ schema RoleKeycloakmCrossplaneIoV1alpha1RoleSpecForProviderRealmIDSelectorPolicy resolve?: "Always" | "IfNotPresent" +schema RoleKeycloakmCrossplaneIoV1alpha1RoleSpecForProviderSamlClientIDRef: + r""" + Reference to a Client in samlclient to populate samlClientId. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + namespace : str, default is Undefined, optional + Namespace of the referenced object + policy : RoleKeycloakmCrossplaneIoV1alpha1RoleSpecForProviderSamlClientIDRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + namespace?: str + + policy?: RoleKeycloakmCrossplaneIoV1alpha1RoleSpecForProviderSamlClientIDRefPolicy + + +schema RoleKeycloakmCrossplaneIoV1alpha1RoleSpecForProviderSamlClientIDRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema RoleKeycloakmCrossplaneIoV1alpha1RoleSpecForProviderSamlClientIDSelector: + r""" + Selector for a Client in samlclient to populate samlClientId. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + namespace : str, default is Undefined, optional + Namespace for the selector + policy : RoleKeycloakmCrossplaneIoV1alpha1RoleSpecForProviderSamlClientIDSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + namespace?: str + + policy?: RoleKeycloakmCrossplaneIoV1alpha1RoleSpecForProviderSamlClientIDSelectorPolicy + + +schema RoleKeycloakmCrossplaneIoV1alpha1RoleSpecForProviderSamlClientIDSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + schema RoleKeycloakmCrossplaneIoV1alpha1RoleSpecInitProvider: r""" THIS IS A BETA FIELD. It will be honored @@ -464,6 +573,12 @@ schema RoleKeycloakmCrossplaneIoV1alpha1RoleSpecInitProvider: realm Id ref realmIdSelector : RoleKeycloakmCrossplaneIoV1alpha1RoleSpecInitProviderRealmIDSelector, default is Undefined, optional realm Id selector + samlClientId : str, default is Undefined, optional + When specified, this role will be created as a client role attached to the client with the provided ID + samlClientIdRef : RoleKeycloakmCrossplaneIoV1alpha1RoleSpecInitProviderSamlClientIDRef, default is Undefined, optional + saml client Id ref + samlClientIdSelector : RoleKeycloakmCrossplaneIoV1alpha1RoleSpecInitProviderSamlClientIDSelector, default is Undefined, optional + saml client Id selector """ @@ -493,6 +608,12 @@ schema RoleKeycloakmCrossplaneIoV1alpha1RoleSpecInitProvider: realmIdSelector?: RoleKeycloakmCrossplaneIoV1alpha1RoleSpecInitProviderRealmIDSelector + samlClientId?: str + + samlClientIdRef?: RoleKeycloakmCrossplaneIoV1alpha1RoleSpecInitProviderSamlClientIDRef + + samlClientIdSelector?: RoleKeycloakmCrossplaneIoV1alpha1RoleSpecInitProviderSamlClientIDSelector + schema RoleKeycloakmCrossplaneIoV1alpha1RoleSpecInitProviderClientIDRef: r""" @@ -785,6 +906,103 @@ schema RoleKeycloakmCrossplaneIoV1alpha1RoleSpecInitProviderRealmIDSelectorPolic resolve?: "Always" | "IfNotPresent" +schema RoleKeycloakmCrossplaneIoV1alpha1RoleSpecInitProviderSamlClientIDRef: + r""" + Reference to a Client in samlclient to populate samlClientId. + + Attributes + ---------- + name : str, default is Undefined, required + Name of the referenced object. + namespace : str, default is Undefined, optional + Namespace of the referenced object + policy : RoleKeycloakmCrossplaneIoV1alpha1RoleSpecInitProviderSamlClientIDRefPolicy, default is Undefined, optional + policy + """ + + + name: str + + namespace?: str + + policy?: RoleKeycloakmCrossplaneIoV1alpha1RoleSpecInitProviderSamlClientIDRefPolicy + + +schema RoleKeycloakmCrossplaneIoV1alpha1RoleSpecInitProviderSamlClientIDRefPolicy: + r""" + Policies for referencing. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + +schema RoleKeycloakmCrossplaneIoV1alpha1RoleSpecInitProviderSamlClientIDSelector: + r""" + Selector for a Client in samlclient to populate samlClientId. + + Attributes + ---------- + matchControllerRef : bool, default is Undefined, optional + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + matchLabels : {str:str}, default is Undefined, optional + MatchLabels ensures an object with matching labels is selected. + namespace : str, default is Undefined, optional + Namespace for the selector + policy : RoleKeycloakmCrossplaneIoV1alpha1RoleSpecInitProviderSamlClientIDSelectorPolicy, default is Undefined, optional + policy + """ + + + matchControllerRef?: bool + + matchLabels?: {str:str} + + namespace?: str + + policy?: RoleKeycloakmCrossplaneIoV1alpha1RoleSpecInitProviderSamlClientIDSelectorPolicy + + +schema RoleKeycloakmCrossplaneIoV1alpha1RoleSpecInitProviderSamlClientIDSelectorPolicy: + r""" + Policies for selection. + + Attributes + ---------- + resolution : str, default is "Required", optional + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + resolve : str, default is Undefined, optional + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + """ + + + resolution?: "Required" | "Optional" = "Required" + + resolve?: "Always" | "IfNotPresent" + + schema RoleKeycloakmCrossplaneIoV1alpha1RoleSpecProviderConfigRef: r""" ProviderConfigReference specifies how the provider that will be used to @@ -868,6 +1086,8 @@ schema RoleKeycloakmCrossplaneIoV1alpha1RoleStatusAtProvider: The name of the role realmId : str, default is Undefined, optional The realm this role exists within. + samlClientId : str, default is Undefined, optional + When specified, this role will be created as a client role attached to the client with the provided ID """ @@ -887,6 +1107,8 @@ schema RoleKeycloakmCrossplaneIoV1alpha1RoleStatusAtProvider: realmId?: str + samlClientId?: str + schema RoleKeycloakmCrossplaneIoV1alpha1RoleStatusConditionsItems0: r""" diff --git a/crossplane_provider_keycloak/namespaced/saml/v1alpha1/saml_keycloakm_crossplane_io_v1alpha1_identity_provider.k b/crossplane_provider_keycloak/namespaced/saml/v1alpha1/saml_keycloakm_crossplane_io_v1alpha1_identity_provider.k index 83062feb..464c2d2c 100644 --- a/crossplane_provider_keycloak/namespaced/saml/v1alpha1/saml_keycloakm_crossplane_io_v1alpha1_identity_provider.k +++ b/crossplane_provider_keycloak/namespaced/saml/v1alpha1/saml_keycloakm_crossplane_io_v1alpha1_identity_provider.k @@ -197,6 +197,9 @@ schema SamlKeycloakmCrossplaneIoV1alpha1IdentityProviderSpecForProvider: wantAssertionsSigned : bool, default is Undefined, optional Indicates whether this service provider expects a signed Assertion. Want Assertions Signed. + wantAuthnRequestsSigned : bool, default is Undefined, optional + Indicates whether this service provider expects authentication requests to be signed (defaults to true if signature_algorithm is set and this isn't). + Want Authn Requests Signed. xmlSignKeyInfoKeyNameTransformer : str, default is Undefined, optional The SAML signature key name. Can be one of NONE, KEY_ID, or CERT_SUBJECT. Sign Key Transformer. @@ -289,6 +292,8 @@ schema SamlKeycloakmCrossplaneIoV1alpha1IdentityProviderSpecForProvider: wantAssertionsSigned?: bool + wantAuthnRequestsSigned?: bool + xmlSignKeyInfoKeyNameTransformer?: str @@ -622,6 +627,9 @@ schema SamlKeycloakmCrossplaneIoV1alpha1IdentityProviderSpecInitProvider: wantAssertionsSigned : bool, default is Undefined, optional Indicates whether this service provider expects a signed Assertion. Want Assertions Signed. + wantAuthnRequestsSigned : bool, default is Undefined, optional + Indicates whether this service provider expects authentication requests to be signed (defaults to true if signature_algorithm is set and this isn't). + Want Authn Requests Signed. xmlSignKeyInfoKeyNameTransformer : str, default is Undefined, optional The SAML signature key name. Can be one of NONE, KEY_ID, or CERT_SUBJECT. Sign Key Transformer. @@ -714,6 +722,8 @@ schema SamlKeycloakmCrossplaneIoV1alpha1IdentityProviderSpecInitProvider: wantAssertionsSigned?: bool + wantAuthnRequestsSigned?: bool + xmlSignKeyInfoKeyNameTransformer?: str @@ -1095,6 +1105,9 @@ schema SamlKeycloakmCrossplaneIoV1alpha1IdentityProviderStatusAtProvider: wantAssertionsSigned : bool, default is Undefined, optional Indicates whether this service provider expects a signed Assertion. Want Assertions Signed. + wantAuthnRequestsSigned : bool, default is Undefined, optional + Indicates whether this service provider expects authentication requests to be signed (defaults to true if signature_algorithm is set and this isn't). + Want Authn Requests Signed. xmlSignKeyInfoKeyNameTransformer : str, default is Undefined, optional The SAML signature key name. Can be one of NONE, KEY_ID, or CERT_SUBJECT. Sign Key Transformer. @@ -1183,6 +1196,8 @@ schema SamlKeycloakmCrossplaneIoV1alpha1IdentityProviderStatusAtProvider: wantAssertionsSigned?: bool + wantAuthnRequestsSigned?: bool + xmlSignKeyInfoKeyNameTransformer?: str diff --git a/crossplane_provider_keycloak/namespaced/samlclient/v1alpha1/samlclient_keycloakm_crossplane_io_v1alpha1_client.k b/crossplane_provider_keycloak/namespaced/samlclient/v1alpha1/samlclient_keycloakm_crossplane_io_v1alpha1_client.k index e8eebd19..31f3e838 100644 --- a/crossplane_provider_keycloak/namespaced/samlclient/v1alpha1/samlclient_keycloakm_crossplane_io_v1alpha1_client.k +++ b/crossplane_provider_keycloak/namespaced/samlclient/v1alpha1/samlclient_keycloakm_crossplane_io_v1alpha1_client.k @@ -90,10 +90,6 @@ schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProvider: The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". clientId : str, default is Undefined, optional The unique ID of this client, referenced in the URI during authentication and in issued tokens. - clientIdRef : SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProviderClientIDRef, default is Undefined, optional - client Id ref - clientIdSelector : SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProviderClientIDSelector, default is Undefined, optional - client Id selector clientSignatureRequired : bool, default is Undefined, optional When true, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via signing_certificate and signing_private_key. Defaults to true. consentRequired : bool, default is Undefined, optional @@ -104,8 +100,16 @@ schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProvider: When false, this client will not be able to initiate a login or obtain access tokens. Defaults to true. encryptAssertions : bool, default is Undefined, optional When true, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to false. + encryptionAlgorithm : str, default is Undefined, optional + Algorithm used to encrypt SAML assertions. Allowed values: AES_256_GCM, AES_192_GCM, AES_128_GCM, AES_256_CBC, AES_192_CBC, or AES_128_CBC. encryptionCertificateSecretRef : SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProviderEncryptionCertificateSecretRef, default is Undefined, optional encryption certificate secret ref + encryptionDigestMethod : str, default is Undefined, optional + Digest method used with SAML encryption. Allowed values: SHA-512, SHA-256, or SHA-1. Only valid when encryption_key_algorithm is RSA-OAEP-11 or RSA-OAEP-MGF1P. Default is SHA-256. + encryptionKeyAlgorithm : str, default is Undefined, optional + Key transport algorithm used by the client to encrypt the secret key for SAML assertion encryption. Allowed values: RSA-OAEP-11, RSA-OAEP-MGF1P, or RSA1_5. Default is RSA-OAEP-11. + encryptionMaskGenerationFunction : str, default is Undefined, optional + Mask generation function used with SAML encryption. Allowed values: mgf1sha1, mgf1sha224, mgf1sha256, mgf1sha384, or mgf1sha512. Only valid when encryption_key_algorithm is RSA-OAEP-11. Default is mgf1sha256. extraConfig : {str:str}, default is Undefined, optional A map of key/value pairs to add extra configuration attributes to this client. Use this attribute at your own risk, as s may conflict with top-level configuration attributes in future provider updates. forceNameIdFormat : bool, default is Undefined, optional @@ -173,10 +177,6 @@ schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProvider: clientId?: str - clientIdRef?: SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProviderClientIDRef - - clientIdSelector?: SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProviderClientIDSelector - clientSignatureRequired?: bool consentRequired?: bool @@ -187,8 +187,16 @@ schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProvider: encryptAssertions?: bool + encryptionAlgorithm?: str + encryptionCertificateSecretRef?: SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProviderEncryptionCertificateSecretRef + encryptionDigestMethod?: str + + encryptionKeyAlgorithm?: str + + encryptionMaskGenerationFunction?: str + extraConfig?: {str:str} forceNameIdFormat?: bool @@ -258,103 +266,6 @@ schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProviderAuthenticatio directGrantId?: str -schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProviderClientIDRef: - r""" - Reference to a Client in openidclient to populate clientId. - - Attributes - ---------- - name : str, default is Undefined, required - Name of the referenced object. - namespace : str, default is Undefined, optional - Namespace of the referenced object - policy : SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProviderClientIDRefPolicy, default is Undefined, optional - policy - """ - - - name: str - - namespace?: str - - policy?: SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProviderClientIDRefPolicy - - -schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProviderClientIDRefPolicy: - r""" - Policies for referencing. - - Attributes - ---------- - resolution : str, default is "Required", optional - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - resolve : str, default is Undefined, optional - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - """ - - - resolution?: "Required" | "Optional" = "Required" - - resolve?: "Always" | "IfNotPresent" - - -schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProviderClientIDSelector: - r""" - Selector for a Client in openidclient to populate clientId. - - Attributes - ---------- - matchControllerRef : bool, default is Undefined, optional - MatchControllerRef ensures an object with the same controller reference - as the selecting object is selected. - matchLabels : {str:str}, default is Undefined, optional - MatchLabels ensures an object with matching labels is selected. - namespace : str, default is Undefined, optional - Namespace for the selector - policy : SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProviderClientIDSelectorPolicy, default is Undefined, optional - policy - """ - - - matchControllerRef?: bool - - matchLabels?: {str:str} - - namespace?: str - - policy?: SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProviderClientIDSelectorPolicy - - -schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProviderClientIDSelectorPolicy: - r""" - Policies for selection. - - Attributes - ---------- - resolution : str, default is "Required", optional - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - resolve : str, default is Undefined, optional - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - """ - - - resolution?: "Required" | "Optional" = "Required" - - resolve?: "Always" | "IfNotPresent" - - schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecForProviderEncryptionCertificateSecretRef: r""" If assertions for the client are encrypted, this certificate will be used for encryption. @@ -535,10 +446,6 @@ schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProvider: The Canonicalization Method for XML signatures. Should be one of "EXCLUSIVE", "EXCLUSIVE_WITH_COMMENTS", "INCLUSIVE", or "INCLUSIVE_WITH_COMMENTS". Defaults to "EXCLUSIVE". clientId : str, default is Undefined, optional The unique ID of this client, referenced in the URI during authentication and in issued tokens. - clientIdRef : SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProviderClientIDRef, default is Undefined, optional - client Id ref - clientIdSelector : SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProviderClientIDSelector, default is Undefined, optional - client Id selector clientSignatureRequired : bool, default is Undefined, optional When true, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via signing_certificate and signing_private_key. Defaults to true. consentRequired : bool, default is Undefined, optional @@ -549,8 +456,16 @@ schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProvider: When false, this client will not be able to initiate a login or obtain access tokens. Defaults to true. encryptAssertions : bool, default is Undefined, optional When true, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to false. + encryptionAlgorithm : str, default is Undefined, optional + Algorithm used to encrypt SAML assertions. Allowed values: AES_256_GCM, AES_192_GCM, AES_128_GCM, AES_256_CBC, AES_192_CBC, or AES_128_CBC. encryptionCertificateSecretRef : SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProviderEncryptionCertificateSecretRef, default is Undefined, optional encryption certificate secret ref + encryptionDigestMethod : str, default is Undefined, optional + Digest method used with SAML encryption. Allowed values: SHA-512, SHA-256, or SHA-1. Only valid when encryption_key_algorithm is RSA-OAEP-11 or RSA-OAEP-MGF1P. Default is SHA-256. + encryptionKeyAlgorithm : str, default is Undefined, optional + Key transport algorithm used by the client to encrypt the secret key for SAML assertion encryption. Allowed values: RSA-OAEP-11, RSA-OAEP-MGF1P, or RSA1_5. Default is RSA-OAEP-11. + encryptionMaskGenerationFunction : str, default is Undefined, optional + Mask generation function used with SAML encryption. Allowed values: mgf1sha1, mgf1sha224, mgf1sha256, mgf1sha384, or mgf1sha512. Only valid when encryption_key_algorithm is RSA-OAEP-11. Default is mgf1sha256. extraConfig : {str:str}, default is Undefined, optional A map of key/value pairs to add extra configuration attributes to this client. Use this attribute at your own risk, as s may conflict with top-level configuration attributes in future provider updates. forceNameIdFormat : bool, default is Undefined, optional @@ -618,10 +533,6 @@ schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProvider: clientId?: str - clientIdRef?: SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProviderClientIDRef - - clientIdSelector?: SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProviderClientIDSelector - clientSignatureRequired?: bool consentRequired?: bool @@ -632,8 +543,16 @@ schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProvider: encryptAssertions?: bool + encryptionAlgorithm?: str + encryptionCertificateSecretRef?: SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProviderEncryptionCertificateSecretRef + encryptionDigestMethod?: str + + encryptionKeyAlgorithm?: str + + encryptionMaskGenerationFunction?: str + extraConfig?: {str:str} forceNameIdFormat?: bool @@ -703,103 +622,6 @@ schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProviderAuthenticati directGrantId?: str -schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProviderClientIDRef: - r""" - Reference to a Client in openidclient to populate clientId. - - Attributes - ---------- - name : str, default is Undefined, required - Name of the referenced object. - namespace : str, default is Undefined, optional - Namespace of the referenced object - policy : SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProviderClientIDRefPolicy, default is Undefined, optional - policy - """ - - - name: str - - namespace?: str - - policy?: SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProviderClientIDRefPolicy - - -schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProviderClientIDRefPolicy: - r""" - Policies for referencing. - - Attributes - ---------- - resolution : str, default is "Required", optional - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - resolve : str, default is Undefined, optional - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - """ - - - resolution?: "Required" | "Optional" = "Required" - - resolve?: "Always" | "IfNotPresent" - - -schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProviderClientIDSelector: - r""" - Selector for a Client in openidclient to populate clientId. - - Attributes - ---------- - matchControllerRef : bool, default is Undefined, optional - MatchControllerRef ensures an object with the same controller reference - as the selecting object is selected. - matchLabels : {str:str}, default is Undefined, optional - MatchLabels ensures an object with matching labels is selected. - namespace : str, default is Undefined, optional - Namespace for the selector - policy : SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProviderClientIDSelectorPolicy, default is Undefined, optional - policy - """ - - - matchControllerRef?: bool - - matchLabels?: {str:str} - - namespace?: str - - policy?: SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProviderClientIDSelectorPolicy - - -schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProviderClientIDSelectorPolicy: - r""" - Policies for selection. - - Attributes - ---------- - resolution : str, default is "Required", optional - Resolution specifies whether resolution of this reference is required. - The default is 'Required', which means the reconcile will fail if the - reference cannot be resolved. 'Optional' means this reference will be - a no-op if it cannot be resolved. - resolve : str, default is Undefined, optional - Resolve specifies when this reference should be resolved. The default - is 'IfNotPresent', which will attempt to resolve the reference only when - the corresponding field is not present. Use 'Always' to resolve the - reference on every reconcile. - """ - - - resolution?: "Required" | "Optional" = "Required" - - resolve?: "Always" | "IfNotPresent" - - schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientSpecInitProviderEncryptionCertificateSecretRef: r""" If assertions for the client are encrypted, this certificate will be used for encryption. @@ -1042,8 +864,16 @@ schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientStatusAtProvider: When false, this client will not be able to initiate a login or obtain access tokens. Defaults to true. encryptAssertions : bool, default is Undefined, optional When true, the SAML assertions will be encrypted by Keycloak using the client's public key. Defaults to false. + encryptionAlgorithm : str, default is Undefined, optional + Algorithm used to encrypt SAML assertions. Allowed values: AES_256_GCM, AES_192_GCM, AES_128_GCM, AES_256_CBC, AES_192_CBC, or AES_128_CBC. encryptionCertificateSha1 : str, default is Undefined, optional (Computed) The sha1sum fingerprint of the encryption certificate. If the encryption certificate is not in correct base64 format, this will be left empty. + encryptionDigestMethod : str, default is Undefined, optional + Digest method used with SAML encryption. Allowed values: SHA-512, SHA-256, or SHA-1. Only valid when encryption_key_algorithm is RSA-OAEP-11 or RSA-OAEP-MGF1P. Default is SHA-256. + encryptionKeyAlgorithm : str, default is Undefined, optional + Key transport algorithm used by the client to encrypt the secret key for SAML assertion encryption. Allowed values: RSA-OAEP-11, RSA-OAEP-MGF1P, or RSA1_5. Default is RSA-OAEP-11. + encryptionMaskGenerationFunction : str, default is Undefined, optional + Mask generation function used with SAML encryption. Allowed values: mgf1sha1, mgf1sha224, mgf1sha256, mgf1sha384, or mgf1sha512. Only valid when encryption_key_algorithm is RSA-OAEP-11. Default is mgf1sha256. extraConfig : {str:str}, default is Undefined, optional A map of key/value pairs to add extra configuration attributes to this client. Use this attribute at your own risk, as s may conflict with top-level configuration attributes in future provider updates. forceNameIdFormat : bool, default is Undefined, optional @@ -1119,8 +949,16 @@ schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientStatusAtProvider: encryptAssertions?: bool + encryptionAlgorithm?: str + encryptionCertificateSha1?: str + encryptionDigestMethod?: str + + encryptionKeyAlgorithm?: str + + encryptionMaskGenerationFunction?: str + extraConfig?: {str:str} forceNameIdFormat?: bool diff --git a/crossplane_provider_keycloak/namespaced/samlclient/v1alpha1/samlclient_keycloakm_crossplane_io_v1alpha1_client_scope.k b/crossplane_provider_keycloak/namespaced/samlclient/v1alpha1/samlclient_keycloakm_crossplane_io_v1alpha1_client_scope.k index 77feb21c..143b7161 100644 --- a/crossplane_provider_keycloak/namespaced/samlclient/v1alpha1/samlclient_keycloakm_crossplane_io_v1alpha1_client_scope.k +++ b/crossplane_provider_keycloak/namespaced/samlclient/v1alpha1/samlclient_keycloakm_crossplane_io_v1alpha1_client_scope.k @@ -80,6 +80,11 @@ schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientScopeSpecForProvider: When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. description : str, default is Undefined, optional The description of this client scope in the GUI. + extraConfig : {str:str}, default is Undefined, optional + A map of key/value pairs to add extra configuration attributes to this client scope. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates. + extra_config = { + "myattribute" = "myvalue" + } guiOrder : float, default is Undefined, optional Specify order of the client scope in GUI (such as in Consent page) as integer. name : str, default is Undefined, optional @@ -97,6 +102,8 @@ schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientScopeSpecForProvider: description?: str + extraConfig?: {str:str} + guiOrder?: float name?: str @@ -224,6 +231,11 @@ schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientScopeSpecInitProvider: When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. description : str, default is Undefined, optional The description of this client scope in the GUI. + extraConfig : {str:str}, default is Undefined, optional + A map of key/value pairs to add extra configuration attributes to this client scope. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates. + extra_config = { + "myattribute" = "myvalue" + } guiOrder : float, default is Undefined, optional Specify order of the client scope in GUI (such as in Consent page) as integer. name : str, default is Undefined, optional @@ -241,6 +253,8 @@ schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientScopeSpecInitProvider: description?: str + extraConfig?: {str:str} + guiOrder?: float name?: str @@ -420,6 +434,11 @@ schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientScopeStatusAtProvider: When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute. description : str, default is Undefined, optional The description of this client scope in the GUI. + extraConfig : {str:str}, default is Undefined, optional + A map of key/value pairs to add extra configuration attributes to this client scope. Use this attribute at your own risk, as it may conflict with top-level configuration attributes in future provider updates. + extra_config = { + "myattribute" = "myvalue" + } guiOrder : float, default is Undefined, optional Specify order of the client scope in GUI (such as in Consent page) as integer. id : str, default is Undefined, optional @@ -435,6 +454,8 @@ schema SamlclientKeycloakmCrossplaneIoV1alpha1ClientScopeStatusAtProvider: description?: str + extraConfig?: {str:str} + guiOrder?: float id?: str diff --git a/crossplane_provider_keycloak/namespaced/v1beta1/keycloakm_crossplane_io_v1beta1_cluster_provider_config.k b/crossplane_provider_keycloak/namespaced/v1beta1/keycloakm_crossplane_io_v1beta1_cluster_provider_config.k index aa79cded..9b5642bb 100644 --- a/crossplane_provider_keycloak/namespaced/v1beta1/keycloakm_crossplane_io_v1beta1_cluster_provider_config.k +++ b/crossplane_provider_keycloak/namespaced/v1beta1/keycloakm_crossplane_io_v1beta1_cluster_provider_config.k @@ -72,7 +72,7 @@ schema KeycloakmCrossplaneIoV1beta1ClusterProviderConfigSpecCredentials: secretRef?: KeycloakmCrossplaneIoV1beta1ClusterProviderConfigSpecCredentialsSecretRef - source: "None" | "Secret" | "InjectedIdentity" | "Environment" | "Filesystem" | "Kubernetes" + source: "None" | "Secret" | "Environment" | "Filesystem" schema KeycloakmCrossplaneIoV1beta1ClusterProviderConfigSpecCredentialsEnv: