From d8df1b0fdbe3a8bb07f96d47c28206a938dce4ac Mon Sep 17 00:00:00 2001
From: mayrf <70516376+mayrf@users.noreply.github.com>
Date: Wed, 13 Nov 2024 17:32:42 +0100
Subject: [PATCH] Publish module edp-keycloak-operator
Signed-off-by: mayrf <70516376+mayrf@users.noreply.github.com>
---
edp-keycloak-operator/README.md | 1240 ++++++++
.../crds/edp-keycloak-operator.yaml | 2577 +++++++++++++++++
edp-keycloak-operator/kcl.mod | 7 +
edp-keycloak-operator/kcl.mod.lock | 5 +
.../v1/v1_edp_epam_com_v1_keycloak.k | 143 +
.../v1_edp_epam_com_v1_keycloak_auth_flow.k | 180 ++
.../v1/v1_edp_epam_com_v1_keycloak_client.k | 610 ++++
...v1_edp_epam_com_v1_keycloak_client_scope.k | 146 +
.../v1/v1_edp_epam_com_v1_keycloak_realm.k | 294 ++
...edp_epam_com_v1_keycloak_realm_component.k | 134 +
.../v1_edp_epam_com_v1_keycloak_realm_group.k | 142 +
..._com_v1_keycloak_realm_identity_provider.k | 168 ++
.../v1_edp_epam_com_v1_keycloak_realm_role.k | 152 +
...dp_epam_com_v1_keycloak_realm_role_batch.k | 144 +
.../v1_edp_epam_com_v1_keycloak_realm_user.k | 170 ++
...1_edp_epam_com_v1alpha1_cluster_keycloak.k | 145 +
...epam_com_v1alpha1_cluster_keycloak_realm.k | 274 ++
17 files changed, 6531 insertions(+)
create mode 100644 edp-keycloak-operator/README.md
create mode 100644 edp-keycloak-operator/crds/edp-keycloak-operator.yaml
create mode 100644 edp-keycloak-operator/kcl.mod
create mode 100644 edp-keycloak-operator/kcl.mod.lock
create mode 100644 edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak.k
create mode 100644 edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_auth_flow.k
create mode 100644 edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_client.k
create mode 100644 edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_client_scope.k
create mode 100644 edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm.k
create mode 100644 edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm_component.k
create mode 100644 edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm_group.k
create mode 100644 edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm_identity_provider.k
create mode 100644 edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm_role.k
create mode 100644 edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm_role_batch.k
create mode 100644 edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm_user.k
create mode 100644 edp-keycloak-operator/v1alpha1/v1_edp_epam_com_v1alpha1_cluster_keycloak.k
create mode 100644 edp-keycloak-operator/v1alpha1/v1_edp_epam_com_v1alpha1_cluster_keycloak_realm.k
diff --git a/edp-keycloak-operator/README.md b/edp-keycloak-operator/README.md
new file mode 100644
index 00000000..45a5f358
--- /dev/null
+++ b/edp-keycloak-operator/README.md
@@ -0,0 +1,1240 @@
+# edp-keycloak-operator
+
+## Index
+
+- v1
+ - [Keycloak](#keycloak)
+ - [KeycloakAuthFlow](#keycloakauthflow)
+ - [KeycloakClient](#keycloakclient)
+ - [KeycloakClientScope](#keycloakclientscope)
+ - [KeycloakRealm](#keycloakrealm)
+ - [KeycloakRealmComponent](#keycloakrealmcomponent)
+ - [KeycloakRealmGroup](#keycloakrealmgroup)
+ - [KeycloakRealmIdentityProvider](#keycloakrealmidentityprovider)
+ - [KeycloakRealmRole](#keycloakrealmrole)
+ - [KeycloakRealmRoleBatch](#keycloakrealmrolebatch)
+ - [KeycloakRealmUser](#keycloakrealmuser)
+ - [V1EdpEpamComV1KeycloakAuthFlowSpec](#v1edpepamcomv1keycloakauthflowspec)
+ - [V1EdpEpamComV1KeycloakAuthFlowSpecAuthenticationExecutionsItems0](#v1edpepamcomv1keycloakauthflowspecauthenticationexecutionsitems0)
+ - [V1EdpEpamComV1KeycloakAuthFlowSpecAuthenticationExecutionsItems0AuthenticatorConfig](#v1edpepamcomv1keycloakauthflowspecauthenticationexecutionsitems0authenticatorconfig)
+ - [V1EdpEpamComV1KeycloakAuthFlowSpecRealmRef](#v1edpepamcomv1keycloakauthflowspecrealmref)
+ - [V1EdpEpamComV1KeycloakAuthFlowStatus](#v1edpepamcomv1keycloakauthflowstatus)
+ - [V1EdpEpamComV1KeycloakClientScopeSpec](#v1edpepamcomv1keycloakclientscopespec)
+ - [V1EdpEpamComV1KeycloakClientScopeSpecProtocolMappersItems0](#v1edpepamcomv1keycloakclientscopespecprotocolmappersitems0)
+ - [V1EdpEpamComV1KeycloakClientScopeSpecRealmRef](#v1edpepamcomv1keycloakclientscopespecrealmref)
+ - [V1EdpEpamComV1KeycloakClientScopeStatus](#v1edpepamcomv1keycloakclientscopestatus)
+ - [V1EdpEpamComV1KeycloakClientSpec](#v1edpepamcomv1keycloakclientspec)
+ - [V1EdpEpamComV1KeycloakClientSpecAuthorization](#v1edpepamcomv1keycloakclientspecauthorization)
+ - [V1EdpEpamComV1KeycloakClientSpecAuthorizationPermissionsItems0](#v1edpepamcomv1keycloakclientspecauthorizationpermissionsitems0)
+ - [V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0](#v1edpepamcomv1keycloakclientspecauthorizationpoliciesitems0)
+ - [V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0AggregatedPolicy](#v1edpepamcomv1keycloakclientspecauthorizationpoliciesitems0aggregatedpolicy)
+ - [V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0ClientPolicy](#v1edpepamcomv1keycloakclientspecauthorizationpoliciesitems0clientpolicy)
+ - [V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0GroupPolicy](#v1edpepamcomv1keycloakclientspecauthorizationpoliciesitems0grouppolicy)
+ - [V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0GroupPolicyGroupsItems0](#v1edpepamcomv1keycloakclientspecauthorizationpoliciesitems0grouppolicygroupsitems0)
+ - [V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0RolePolicy](#v1edpepamcomv1keycloakclientspecauthorizationpoliciesitems0rolepolicy)
+ - [V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0RolePolicyRolesItems0](#v1edpepamcomv1keycloakclientspecauthorizationpoliciesitems0rolepolicyrolesitems0)
+ - [V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0TimePolicy](#v1edpepamcomv1keycloakclientspecauthorizationpoliciesitems0timepolicy)
+ - [V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0UserPolicy](#v1edpepamcomv1keycloakclientspecauthorizationpoliciesitems0userpolicy)
+ - [V1EdpEpamComV1KeycloakClientSpecProtocolMappersItems0](#v1edpepamcomv1keycloakclientspecprotocolmappersitems0)
+ - [V1EdpEpamComV1KeycloakClientSpecRealmRef](#v1edpepamcomv1keycloakclientspecrealmref)
+ - [V1EdpEpamComV1KeycloakClientSpecRealmRolesItems0](#v1edpepamcomv1keycloakclientspecrealmrolesitems0)
+ - [V1EdpEpamComV1KeycloakClientSpecServiceAccount](#v1edpepamcomv1keycloakclientspecserviceaccount)
+ - [V1EdpEpamComV1KeycloakClientSpecServiceAccountClientRolesItems0](#v1edpepamcomv1keycloakclientspecserviceaccountclientrolesitems0)
+ - [V1EdpEpamComV1KeycloakClientStatus](#v1edpepamcomv1keycloakclientstatus)
+ - [V1EdpEpamComV1KeycloakRealmComponentSpec](#v1edpepamcomv1keycloakrealmcomponentspec)
+ - [V1EdpEpamComV1KeycloakRealmComponentSpecParentRef](#v1edpepamcomv1keycloakrealmcomponentspecparentref)
+ - [V1EdpEpamComV1KeycloakRealmComponentSpecRealmRef](#v1edpepamcomv1keycloakrealmcomponentspecrealmref)
+ - [V1EdpEpamComV1KeycloakRealmComponentStatus](#v1edpepamcomv1keycloakrealmcomponentstatus)
+ - [V1EdpEpamComV1KeycloakRealmGroupSpec](#v1edpepamcomv1keycloakrealmgroupspec)
+ - [V1EdpEpamComV1KeycloakRealmGroupSpecClientRolesItems0](#v1edpepamcomv1keycloakrealmgroupspecclientrolesitems0)
+ - [V1EdpEpamComV1KeycloakRealmGroupSpecRealmRef](#v1edpepamcomv1keycloakrealmgroupspecrealmref)
+ - [V1EdpEpamComV1KeycloakRealmGroupStatus](#v1edpepamcomv1keycloakrealmgroupstatus)
+ - [V1EdpEpamComV1KeycloakRealmIdentityProviderSpec](#v1edpepamcomv1keycloakrealmidentityproviderspec)
+ - [V1EdpEpamComV1KeycloakRealmIdentityProviderSpecMappersItems0](#v1edpepamcomv1keycloakrealmidentityproviderspecmappersitems0)
+ - [V1EdpEpamComV1KeycloakRealmIdentityProviderSpecRealmRef](#v1edpepamcomv1keycloakrealmidentityproviderspecrealmref)
+ - [V1EdpEpamComV1KeycloakRealmIdentityProviderStatus](#v1edpepamcomv1keycloakrealmidentityproviderstatus)
+ - [V1EdpEpamComV1KeycloakRealmRoleBatchSpec](#v1edpepamcomv1keycloakrealmrolebatchspec)
+ - [V1EdpEpamComV1KeycloakRealmRoleBatchSpecRealmRef](#v1edpepamcomv1keycloakrealmrolebatchspecrealmref)
+ - [V1EdpEpamComV1KeycloakRealmRoleBatchSpecRolesItems0](#v1edpepamcomv1keycloakrealmrolebatchspecrolesitems0)
+ - [V1EdpEpamComV1KeycloakRealmRoleBatchSpecRolesItems0CompositesItems0](#v1edpepamcomv1keycloakrealmrolebatchspecrolesitems0compositesitems0)
+ - [V1EdpEpamComV1KeycloakRealmRoleBatchStatus](#v1edpepamcomv1keycloakrealmrolebatchstatus)
+ - [V1EdpEpamComV1KeycloakRealmRoleSpec](#v1edpepamcomv1keycloakrealmrolespec)
+ - [V1EdpEpamComV1KeycloakRealmRoleSpecCompositesClientRolesItems0](#v1edpepamcomv1keycloakrealmrolespeccompositesclientrolesitems0)
+ - [V1EdpEpamComV1KeycloakRealmRoleSpecCompositesItems0](#v1edpepamcomv1keycloakrealmrolespeccompositesitems0)
+ - [V1EdpEpamComV1KeycloakRealmRoleSpecRealmRef](#v1edpepamcomv1keycloakrealmrolespecrealmref)
+ - [V1EdpEpamComV1KeycloakRealmRoleStatus](#v1edpepamcomv1keycloakrealmrolestatus)
+ - [V1EdpEpamComV1KeycloakRealmSpec](#v1edpepamcomv1keycloakrealmspec)
+ - [V1EdpEpamComV1KeycloakRealmSpecKeycloakRef](#v1edpepamcomv1keycloakrealmspeckeycloakref)
+ - [V1EdpEpamComV1KeycloakRealmSpecPasswordPolicyItems0](#v1edpepamcomv1keycloakrealmspecpasswordpolicyitems0)
+ - [V1EdpEpamComV1KeycloakRealmSpecRealmEventConfig](#v1edpepamcomv1keycloakrealmspecrealmeventconfig)
+ - [V1EdpEpamComV1KeycloakRealmSpecThemes](#v1edpepamcomv1keycloakrealmspecthemes)
+ - [V1EdpEpamComV1KeycloakRealmSpecTokenSettings](#v1edpepamcomv1keycloakrealmspectokensettings)
+ - [V1EdpEpamComV1KeycloakRealmSpecUsersItems0](#v1edpepamcomv1keycloakrealmspecusersitems0)
+ - [V1EdpEpamComV1KeycloakRealmStatus](#v1edpepamcomv1keycloakrealmstatus)
+ - [V1EdpEpamComV1KeycloakRealmUserSpec](#v1edpepamcomv1keycloakrealmuserspec)
+ - [V1EdpEpamComV1KeycloakRealmUserSpecPasswordSecret](#v1edpepamcomv1keycloakrealmuserspecpasswordsecret)
+ - [V1EdpEpamComV1KeycloakRealmUserSpecRealmRef](#v1edpepamcomv1keycloakrealmuserspecrealmref)
+ - [V1EdpEpamComV1KeycloakRealmUserStatus](#v1edpepamcomv1keycloakrealmuserstatus)
+ - [V1EdpEpamComV1KeycloakSpec](#v1edpepamcomv1keycloakspec)
+ - [V1EdpEpamComV1KeycloakSpecCaCert](#v1edpepamcomv1keycloakspeccacert)
+ - [V1EdpEpamComV1KeycloakSpecCaCertConfigMapKeyRef](#v1edpepamcomv1keycloakspeccacertconfigmapkeyref)
+ - [V1EdpEpamComV1KeycloakSpecCaCertSecretKeyRef](#v1edpepamcomv1keycloakspeccacertsecretkeyref)
+ - [V1EdpEpamComV1KeycloakStatus](#v1edpepamcomv1keycloakstatus)
+- v1alpha1
+ - [ClusterKeycloak](#clusterkeycloak)
+ - [ClusterKeycloakRealm](#clusterkeycloakrealm)
+ - [V1EdpEpamComV1alpha1ClusterKeycloakRealmSpec](#v1edpepamcomv1alpha1clusterkeycloakrealmspec)
+ - [V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecAuthenticationFlows](#v1edpepamcomv1alpha1clusterkeycloakrealmspecauthenticationflows)
+ - [V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecLocalization](#v1edpepamcomv1alpha1clusterkeycloakrealmspeclocalization)
+ - [V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecPasswordPolicyItems0](#v1edpepamcomv1alpha1clusterkeycloakrealmspecpasswordpolicyitems0)
+ - [V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecRealmEventConfig](#v1edpepamcomv1alpha1clusterkeycloakrealmspecrealmeventconfig)
+ - [V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecThemes](#v1edpepamcomv1alpha1clusterkeycloakrealmspecthemes)
+ - [V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecTokenSettings](#v1edpepamcomv1alpha1clusterkeycloakrealmspectokensettings)
+ - [V1EdpEpamComV1alpha1ClusterKeycloakRealmStatus](#v1edpepamcomv1alpha1clusterkeycloakrealmstatus)
+ - [V1EdpEpamComV1alpha1ClusterKeycloakSpec](#v1edpepamcomv1alpha1clusterkeycloakspec)
+ - [V1EdpEpamComV1alpha1ClusterKeycloakSpecCaCert](#v1edpepamcomv1alpha1clusterkeycloakspeccacert)
+ - [V1EdpEpamComV1alpha1ClusterKeycloakSpecCaCertConfigMapKeyRef](#v1edpepamcomv1alpha1clusterkeycloakspeccacertconfigmapkeyref)
+ - [V1EdpEpamComV1alpha1ClusterKeycloakSpecCaCertSecretKeyRef](#v1edpepamcomv1alpha1clusterkeycloakspeccacertsecretkeyref)
+ - [V1EdpEpamComV1alpha1ClusterKeycloakStatus](#v1edpepamcomv1alpha1clusterkeycloakstatus)
+
+## Schemas
+
+### Keycloak
+
+Keycloak is the Schema for the keycloaks API.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"v1.edp.epam.com/v1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"v1.edp.epam.com/v1"|
+|**kind** `required` `readOnly`|"Keycloak"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"Keycloak"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec**|[V1EdpEpamComV1KeycloakSpec](#v1edpepamcomv1keycloakspec)|spec||
+|**status**|[V1EdpEpamComV1KeycloakStatus](#v1edpepamcomv1keycloakstatus)|status||
+### KeycloakAuthFlow
+
+KeycloakAuthFlow is the Schema for the keycloak authentication flow API.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"v1.edp.epam.com/v1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"v1.edp.epam.com/v1"|
+|**kind** `required` `readOnly`|"KeycloakAuthFlow"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"KeycloakAuthFlow"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec**|[V1EdpEpamComV1KeycloakAuthFlowSpec](#v1edpepamcomv1keycloakauthflowspec)|spec||
+|**status**|[V1EdpEpamComV1KeycloakAuthFlowStatus](#v1edpepamcomv1keycloakauthflowstatus)|status||
+### KeycloakClient
+
+KeycloakClient is the Schema for the keycloak clients API.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"v1.edp.epam.com/v1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"v1.edp.epam.com/v1"|
+|**kind** `required` `readOnly`|"KeycloakClient"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"KeycloakClient"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec**|[V1EdpEpamComV1KeycloakClientSpec](#v1edpepamcomv1keycloakclientspec)|spec||
+|**status**|[V1EdpEpamComV1KeycloakClientStatus](#v1edpepamcomv1keycloakclientstatus)|status||
+### KeycloakClientScope
+
+KeycloakClientScope is the Schema for the keycloakclientscopes API.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"v1.edp.epam.com/v1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"v1.edp.epam.com/v1"|
+|**kind** `required` `readOnly`|"KeycloakClientScope"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"KeycloakClientScope"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec**|[V1EdpEpamComV1KeycloakClientScopeSpec](#v1edpepamcomv1keycloakclientscopespec)|spec||
+|**status**|[V1EdpEpamComV1KeycloakClientScopeStatus](#v1edpepamcomv1keycloakclientscopestatus)|status||
+### KeycloakRealm
+
+KeycloakRealm is the Schema for the keycloak realms API.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"v1.edp.epam.com/v1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"v1.edp.epam.com/v1"|
+|**kind** `required` `readOnly`|"KeycloakRealm"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"KeycloakRealm"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec**|[V1EdpEpamComV1KeycloakRealmSpec](#v1edpepamcomv1keycloakrealmspec)|spec||
+|**status**|[V1EdpEpamComV1KeycloakRealmStatus](#v1edpepamcomv1keycloakrealmstatus)|status||
+### KeycloakRealmComponent
+
+KeycloakRealmComponent is the Schema for the keycloak component API.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"v1.edp.epam.com/v1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"v1.edp.epam.com/v1"|
+|**kind** `required` `readOnly`|"KeycloakRealmComponent"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"KeycloakRealmComponent"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec**|[V1EdpEpamComV1KeycloakRealmComponentSpec](#v1edpepamcomv1keycloakrealmcomponentspec)|spec||
+|**status**|[V1EdpEpamComV1KeycloakRealmComponentStatus](#v1edpepamcomv1keycloakrealmcomponentstatus)|status||
+### KeycloakRealmGroup
+
+KeycloakRealmGroup is the Schema for the keycloak group API.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"v1.edp.epam.com/v1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"v1.edp.epam.com/v1"|
+|**kind** `required` `readOnly`|"KeycloakRealmGroup"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"KeycloakRealmGroup"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec**|[V1EdpEpamComV1KeycloakRealmGroupSpec](#v1edpepamcomv1keycloakrealmgroupspec)|spec||
+|**status**|[V1EdpEpamComV1KeycloakRealmGroupStatus](#v1edpepamcomv1keycloakrealmgroupstatus)|status||
+### KeycloakRealmIdentityProvider
+
+KeycloakRealmIdentityProvider is the Schema for the keycloak realm identity provider API.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"v1.edp.epam.com/v1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"v1.edp.epam.com/v1"|
+|**kind** `required` `readOnly`|"KeycloakRealmIdentityProvider"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"KeycloakRealmIdentityProvider"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec**|[V1EdpEpamComV1KeycloakRealmIdentityProviderSpec](#v1edpepamcomv1keycloakrealmidentityproviderspec)|spec||
+|**status**|[V1EdpEpamComV1KeycloakRealmIdentityProviderStatus](#v1edpepamcomv1keycloakrealmidentityproviderstatus)|status||
+### KeycloakRealmRole
+
+KeycloakRealmRole is the Schema for the keycloak group API.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"v1.edp.epam.com/v1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"v1.edp.epam.com/v1"|
+|**kind** `required` `readOnly`|"KeycloakRealmRole"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"KeycloakRealmRole"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec**|[V1EdpEpamComV1KeycloakRealmRoleSpec](#v1edpepamcomv1keycloakrealmrolespec)|spec||
+|**status**|[V1EdpEpamComV1KeycloakRealmRoleStatus](#v1edpepamcomv1keycloakrealmrolestatus)|status||
+### KeycloakRealmRoleBatch
+
+KeycloakRealmRoleBatch is the Schema for the keycloak roles API.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"v1.edp.epam.com/v1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"v1.edp.epam.com/v1"|
+|**kind** `required` `readOnly`|"KeycloakRealmRoleBatch"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"KeycloakRealmRoleBatch"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec**|[V1EdpEpamComV1KeycloakRealmRoleBatchSpec](#v1edpepamcomv1keycloakrealmrolebatchspec)|spec||
+|**status**|[V1EdpEpamComV1KeycloakRealmRoleBatchStatus](#v1edpepamcomv1keycloakrealmrolebatchstatus)|status||
+### KeycloakRealmUser
+
+KeycloakRealmUser is the Schema for the keycloak user API.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"v1.edp.epam.com/v1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"v1.edp.epam.com/v1"|
+|**kind** `required` `readOnly`|"KeycloakRealmUser"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"KeycloakRealmUser"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec**|[V1EdpEpamComV1KeycloakRealmUserSpec](#v1edpepamcomv1keycloakrealmuserspec)|spec||
+|**status**|[V1EdpEpamComV1KeycloakRealmUserStatus](#v1edpepamcomv1keycloakrealmuserstatus)|status||
+### V1EdpEpamComV1KeycloakAuthFlowSpec
+
+KeycloakAuthFlowSpec defines the desired state of KeycloakAuthFlow.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**alias** `required`|str|Alias is display name for authentication flow.||
+|**authenticationExecutions**|[[V1EdpEpamComV1KeycloakAuthFlowSpecAuthenticationExecutionsItems0](#v1edpepamcomv1keycloakauthflowspecauthenticationexecutionsitems0)]|AuthenticationExecutions is list of authentication executions for this auth flow.||
+|**builtIn** `required`|bool|BuiltIn is true if this is built-in auth flow.||
+|**childRequirement**|str|ChildRequirement is requirement for child execution. Available options: REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL.||
+|**childType**|str|ChildType is type for auth flow if it has a parent, available options: basic-flow, form-flow||
+|**description**|str|Description is description for authentication flow.||
+|**parentName**|str|ParentName is name of parent auth flow.||
+|**providerId** `required`|str|ProviderID for root auth flow and provider for child auth flows.||
+|**realm**|str|Deprecated: use RealmRef instead.
Realm is name of KeycloakRealm custom resource.||
+|**realmRef**|[V1EdpEpamComV1KeycloakAuthFlowSpecRealmRef](#v1edpepamcomv1keycloakauthflowspecrealmref)|realm ref||
+|**topLevel** `required`|bool|TopLevel is true if this is root auth flow.||
+### V1EdpEpamComV1KeycloakAuthFlowSpecAuthenticationExecutionsItems0
+
+AuthenticationExecution defines keycloak authentication execution.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**alias**|str|Alias is display name for this execution.||
+|**authenticator**|str|Authenticator is name of authenticator.||
+|**authenticatorConfig**|[V1EdpEpamComV1KeycloakAuthFlowSpecAuthenticationExecutionsItems0AuthenticatorConfig](#v1edpepamcomv1keycloakauthflowspecauthenticationexecutionsitems0authenticatorconfig)|authenticator config||
+|**authenticatorFlow**|bool|AuthenticatorFlow is true if this is auth flow.||
+|**priority**|int|Priority is priority for this execution. Lower values have higher priority.||
+|**requirement**|str|Requirement is requirement for this execution. Available options: REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL.||
+### V1EdpEpamComV1KeycloakAuthFlowSpecAuthenticationExecutionsItems0AuthenticatorConfig
+
+AuthenticatorConfig is configuration for authenticator.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**alias**|str|Alias is display name for authenticator config.||
+|**config**|{str:str}|Config is configuration for authenticator.||
+### V1EdpEpamComV1KeycloakAuthFlowSpecRealmRef
+
+RealmRef is reference to Realm custom resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**kind**|"KeycloakRealm" | "ClusterKeycloakRealm"|Kind specifies the kind of the Keycloak resource.||
+|**name**|str|Name specifies the name of the Keycloak resource.||
+### V1EdpEpamComV1KeycloakAuthFlowStatus
+
+KeycloakAuthFlowStatus defines the observed state of KeycloakAuthFlow.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**failureCount**|int|failure count||
+|**value**|str|value||
+### V1EdpEpamComV1KeycloakClientScopeSpec
+
+KeycloakClientScopeSpec defines the desired state of KeycloakClientScope.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**attributes**|{str:str}|Attributes is a map of client scope attributes.||
+|**default**|bool|Default is a flag to set client scope as default.||
+|**description**|str|Description is a description of client scope.||
+|**name** `required`|str|Name of keycloak client scope.||
+|**protocol** `required`|str|||
+|**protocolMappers**|[[V1EdpEpamComV1KeycloakClientScopeSpecProtocolMappersItems0](#v1edpepamcomv1keycloakclientscopespecprotocolmappersitems0)]|ProtocolMappers is a list of protocol mappers assigned to client scope.||
+|**realm**|str|Deprecated: use RealmRef instead.
Realm is name of KeycloakRealm custom resource.||
+|**realmRef**|[V1EdpEpamComV1KeycloakClientScopeSpecRealmRef](#v1edpepamcomv1keycloakclientscopespecrealmref)|realm ref||
+### V1EdpEpamComV1KeycloakClientScopeSpecProtocolMappersItems0
+
+v1 edp epam com v1 keycloak client scope spec protocol mappers items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**config**|{str:str}|Config is a map of protocol mapper configuration.||
+|**name**|str|Name is a protocol mapper name.||
+|**protocol**|str|||
+|**protocolMapper**|str|ProtocolMapper is a protocol mapper name.||
+### V1EdpEpamComV1KeycloakClientScopeSpecRealmRef
+
+RealmRef is reference to Realm custom resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**kind**|"KeycloakRealm" | "ClusterKeycloakRealm"|Kind specifies the kind of the Keycloak resource.||
+|**name**|str|Name specifies the name of the Keycloak resource.||
+### V1EdpEpamComV1KeycloakClientScopeStatus
+
+KeycloakClientScopeStatus defines the observed state of KeycloakClientScope.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**failureCount**|int|failure count||
+|**id**|str|id||
+|**value**|str|value||
+### V1EdpEpamComV1KeycloakClientSpec
+
+KeycloakClientSpec defines the desired state of KeycloakClient.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**advancedProtocolMappers**|bool|AdvancedProtocolMappers is a flag to enable advanced protocol mappers.||
+|**attributes**|{str:str}|Attributes is a map of client attributes.|{"post.logout.redirect.uris": "+"}|
+|**authorization**|[V1EdpEpamComV1KeycloakClientSpecAuthorization](#v1edpepamcomv1keycloakclientspecauthorization)|authorization||
+|**authorizationServicesEnabled**|bool|ServiceAccountsEnabled enable/disable fine-grained authorization support for a client.||
+|**bearerOnly**|bool|BearerOnly is a flag to enable bearer-only.||
+|**clientAuthenticatorType**|str|ClientAuthenticatorType is a client authenticator type.|"client-secret"|
+|**clientId** `required`|str|ClientId is a unique keycloak client ID referenced in URI and tokens.||
+|**clientRoles**|[str]|ClientRoles is a list of client roles names assigned to client.||
+|**consentRequired**|bool|ConsentRequired is a flag to enable consent.||
+|**defaultClientScopes**|[str]|DefaultClientScopes is a list of default client scopes assigned to client.||
+|**description**|str|Description is a client description.||
+|**directAccess**|bool|DirectAccess is a flag to set client as direct access.||
+|**enabled**|bool|Enabled is a flag to enable client.|True|
+|**frontChannelLogout**|bool|FrontChannelLogout is a flag to enable front channel logout.||
+|**fullScopeAllowed**|bool|FullScopeAllowed is a flag to enable full scope.|True|
+|**implicitFlowEnabled**|bool|ImplicitFlowEnabled is a flag to enable support for OpenID Connect redirect based authentication without authorization code.||
+|**name**|str|Name is a client name.||
+|**optionalClientScopes**|[str]|OptionalClientScopes is a list of optional client scopes assigned to client.||
+|**protocol**|str|||
+|**protocolMappers**|[[V1EdpEpamComV1KeycloakClientSpecProtocolMappersItems0](#v1edpepamcomv1keycloakclientspecprotocolmappersitems0)]|ProtocolMappers is a list of protocol mappers assigned to client.||
+|**public**|bool|Public is a flag to set client as public.||
+|**realmRef**|[V1EdpEpamComV1KeycloakClientSpecRealmRef](#v1edpepamcomv1keycloakclientspecrealmref)|realm ref||
+|**realmRoles**|[[V1EdpEpamComV1KeycloakClientSpecRealmRolesItems0](#v1edpepamcomv1keycloakclientspecrealmrolesitems0)]|RealmRoles is a list of realm roles assigned to client.||
+|**reconciliationStrategy**|"full" | "addOnly"|ReconciliationStrategy is a strategy to reconcile client.||
+|**redirectUris**|[str]|RedirectUris is a list of valid URI pattern a browser can redirect to after a successful login.
Simple wildcards are allowed such as 'https://example.com/*'.
Relative path can be specified too, such as /my/relative/path/*. Relative paths are relative to the client root URL.
If not specified, spec.webUrl + "/*" will be used.||
+|**secret**|str|Secret is kubernetes secret name where the client's secret will be stored.
Secret should have the following format: $secretName:secretKey.
If not specified, a client secret will be generated and stored in a secret with the name keycloak-client-{metadata.name}-secret.
If keycloak client is public, secret property will be ignored.||
+|**serviceAccount**|[V1EdpEpamComV1KeycloakClientSpecServiceAccount](#v1edpepamcomv1keycloakclientspecserviceaccount)|service account||
+|**standardFlowEnabled**|bool|StandardFlowEnabled is a flag to enable standard flow.|True|
+|**surrogateAuthRequired**|bool|SurrogateAuthRequired is a flag to enable surrogate auth.||
+|**targetRealm**|str|Deprecated: use RealmRef instead.
TargetRealm is a realm name where client will be created.
It has higher priority than RealmRef for backward compatibility.
If both TargetRealm and RealmRef are specified, TargetRealm will be used for client creation.||
+|**webOrigins**|[str]|WebOrigins is a list of allowed CORS origins.
To permit all origins of Valid Redirect URIs, add '+'. This does not include the '*' wildcard though.
To permit all origins, explicitly add '*'.
If not specified, the value from `WebUrl` is used||
+|**webUrl**|str|WebUrl is a client web url.||
+### V1EdpEpamComV1KeycloakClientSpecAuthorization
+
+Authorization is a client authorization configuration.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**permissions**|[[V1EdpEpamComV1KeycloakClientSpecAuthorizationPermissionsItems0](#v1edpepamcomv1keycloakclientspecauthorizationpermissionsitems0)]|permissions||
+|**policies**|[[V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0](#v1edpepamcomv1keycloakclientspecauthorizationpoliciesitems0)]|policies||
+|**scopes**|[str]|scopes||
+### V1EdpEpamComV1KeycloakClientSpecAuthorizationPermissionsItems0
+
+v1 edp epam com v1 keycloak client spec authorization permissions items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**decisionStrategy**|"UNANIMOUS" | "AFFIRMATIVE" | "CONSENSUS"|DecisionStrategy is a permission decision strategy.|"UNANIMOUS"|
+|**description**|str|Description is a permission description.||
+|**logic**|"POSITIVE" | "NEGATIVE"|Logic is a permission logic.|"POSITIVE"|
+|**name** `required`|str|Name is a permission name.||
+|**policies**|[str]|Policies is a list of policies names.
Specifies all the policies that must be applied to the scopes defined by this policy or permission.||
+|**resources**|[str]|Resources is a list of resources names.
Specifies that this permission must be applied to all resource instances of a given type.||
+|**scopes**|[str]|Scopes is a list of authorization scopes names.
Specifies that this permission must be applied to one or more scopes.||
+|**type** `required`|"resource" | "scope"|||
+### V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0
+
+Policy represents a client authorization policy.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**aggregatedPolicy**|[V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0AggregatedPolicy](#v1edpepamcomv1keycloakclientspecauthorizationpoliciesitems0aggregatedpolicy)|aggregated policy||
+|**clientPolicy**|[V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0ClientPolicy](#v1edpepamcomv1keycloakclientspecauthorizationpoliciesitems0clientpolicy)|client policy||
+|**decisionStrategy**|"UNANIMOUS" | "AFFIRMATIVE" | "CONSENSUS"|DecisionStrategy is a policy decision strategy.|"UNANIMOUS"|
+|**description**|str|Description is a policy description.||
+|**groupPolicy**|[V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0GroupPolicy](#v1edpepamcomv1keycloakclientspecauthorizationpoliciesitems0grouppolicy)|group policy||
+|**logic**|"POSITIVE" | "NEGATIVE"|Logic is a policy logic.|"POSITIVE"|
+|**name** `required`|str|Name is a policy name.||
+|**rolePolicy**|[V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0RolePolicy](#v1edpepamcomv1keycloakclientspecauthorizationpoliciesitems0rolepolicy)|role policy||
+|**timePolicy**|[V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0TimePolicy](#v1edpepamcomv1keycloakclientspecauthorizationpoliciesitems0timepolicy)|time policy||
+|**type** `required`|"aggregate" | "client" | "group" | "role" | "time" | "user"|||
+|**userPolicy**|[V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0UserPolicy](#v1edpepamcomv1keycloakclientspecauthorizationpoliciesitems0userpolicy)|user policy||
+### V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0AggregatedPolicy
+
+AggregatedPolicy is an aggregated policy settings.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**policies** `required`|[str]|Policies is a list of aggregated policies names.
Specifies all the policies that must be applied to the scopes defined by this policy or permission.||
+### V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0ClientPolicy
+
+ClientPolicy is a client policy settings.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**clients** `required`|[str]|Clients is a list of client names. Specifies which client(s) are allowed by this policy.||
+### V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0GroupPolicy
+
+GroupPolicy is a group policy settings.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**groups**|[[V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0GroupPolicyGroupsItems0](#v1edpepamcomv1keycloakclientspecauthorizationpoliciesitems0grouppolicygroupsitems0)]|Groups is a list of group names. Specifies which group(s) are allowed by this policy.||
+|**groupsClaim**|str|GroupsClaim is a group claim.
If defined, the policy will fetch user's groups from the given claim
within an access token or ID token representing the identity asking permissions.
If not defined, user's groups are obtained from your realm configuration.||
+### V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0GroupPolicyGroupsItems0
+
+GroupDefinition represents a group in a GroupPolicyData.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**extendChildren**|bool|ExtendChildren is a flag that specifies whether to extend children.||
+|**name** `required`|str|Name is a group name.||
+### V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0RolePolicy
+
+RolePolicy is a role policy settings.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**roles** `required`|[[V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0RolePolicyRolesItems0](#v1edpepamcomv1keycloakclientspecauthorizationpoliciesitems0rolepolicyrolesitems0)]|Roles is a list of role.||
+### V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0RolePolicyRolesItems0
+
+RoleDefinition represents a role in a RolePolicyData.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name is a role name.||
+|**required**|bool|Required is a flag that specifies whether the role is required.||
+### V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0TimePolicy
+
+ScopePolicy is a scope policy settings.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**dayMonth**|str|Day defines the month which the policy MUST be granted.
You can also provide a range by filling the dayMonthEnd field.
In this case, permission is granted only if current month is between or equal to the two values you provided.||
+|**dayMonthEnd**|str|day month end||
+|**hour**|str|Hour defines the hour when the policy MUST be granted.
You can also provide a range by filling the hourEnd.
In this case, permission is granted only if current hour is between or equal to the two values you provided.||
+|**hourEnd**|str|hour end||
+|**minute**|str|Minute defines the minute when the policy MUST be granted.
You can also provide a range by filling the minuteEnd field.
In this case, permission is granted only if current minute is between or equal to the two values you provided.||
+|**minuteEnd**|str|minute end||
+|**month**|str|Month defines the month which the policy MUST be granted.
You can also provide a range by filling the monthEnd.
In this case, permission is granted only if current month is between or equal to the two values you provided.||
+|**monthEnd**|str|month end||
+|**notBefore** `required`|str|NotBefore defines the time before which the policy MUST NOT be granted.
Only granted if current date/time is after or equal to this value.||
+|**notOnOrAfter** `required`|str|NotOnOrAfter defines the time after which the policy MUST NOT be granted.
Only granted if current date/time is before or equal to this value.||
+### V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0UserPolicy
+
+UserPolicy is a user policy settings.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**users** `required`|[str]|Users is a list of usernames. Specifies which user(s) are allowed by this policy.||
+### V1EdpEpamComV1KeycloakClientSpecProtocolMappersItems0
+
+v1 edp epam com v1 keycloak client spec protocol mappers items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**config**|{str:str}|Config is a map of protocol mapper configuration.||
+|**name**|str|Name is a protocol mapper name.||
+|**protocol**|str|||
+|**protocolMapper**|str|ProtocolMapper is a protocol mapper name.||
+### V1EdpEpamComV1KeycloakClientSpecRealmRef
+
+RealmRef is reference to Realm custom resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**kind**|"KeycloakRealm" | "ClusterKeycloakRealm"|Kind specifies the kind of the Keycloak resource.||
+|**name**|str|Name specifies the name of the Keycloak resource.||
+### V1EdpEpamComV1KeycloakClientSpecRealmRolesItems0
+
+v1 edp epam com v1 keycloak client spec realm roles items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**composite** `required`|str|Composite is a realm composite role name.||
+|**name**|str|Name is a realm role name.||
+### V1EdpEpamComV1KeycloakClientSpecServiceAccount
+
+ServiceAccount is a service account configuration.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**attributes**|{str:str}|Attributes is a map of service account attributes.||
+|**clientRoles**|[[V1EdpEpamComV1KeycloakClientSpecServiceAccountClientRolesItems0](#v1edpepamcomv1keycloakclientspecserviceaccountclientrolesitems0)]|ClientRoles is a list of client roles assigned to service account.||
+|**enabled**|bool|Enabled is a flag to enable service account.||
+|**realmRoles**|[str]|RealmRoles is a list of realm roles assigned to service account.||
+### V1EdpEpamComV1KeycloakClientSpecServiceAccountClientRolesItems0
+
+v1 edp epam com v1 keycloak client spec service account client roles items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**clientId** `required`|str|ClientID is a client ID.||
+|**roles**|[str]|Roles is a list of client roles names assigned to service account.||
+### V1EdpEpamComV1KeycloakClientStatus
+
+KeycloakClientStatus defines the observed state of KeycloakClient.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**clientId**|str|client Id||
+|**failureCount**|int|failure count||
+|**value**|str|value||
+### V1EdpEpamComV1KeycloakRealmComponentSpec
+
+KeycloakComponentSpec defines the desired state of KeycloakRealmComponent.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**config**|{str:[str]}|Config is a map of component configuration.
Map key is a name of configuration property, map value is an array value of configuration properties.
Any configuration property can be a reference to k8s secret, in this case the property should be in format $secretName:secretKey.||
+|**name** `required`|str|Name of keycloak component.||
+|**parentRef**|[V1EdpEpamComV1KeycloakRealmComponentSpecParentRef](#v1edpepamcomv1keycloakrealmcomponentspecparentref)|parent ref||
+|**providerId** `required`|str|ProviderID is a provider ID of component.||
+|**providerType** `required`|str|ProviderType is a provider type of component.||
+|**realm**|str|Deprecated: use RealmRef instead.
Realm is name of KeycloakRealm custom resource.||
+|**realmRef**|[V1EdpEpamComV1KeycloakRealmComponentSpecRealmRef](#v1edpepamcomv1keycloakrealmcomponentspecrealmref)|realm ref||
+### V1EdpEpamComV1KeycloakRealmComponentSpecParentRef
+
+ParentRef specifies a parent resource. If not specified, then parent is realm specified in realm field.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**kind**|"KeycloakRealm" | "KeycloakRealmComponent"|Kind is a kind of parent component. By default, it is KeycloakRealm.|"KeycloakRealm"|
+|**name** `required`|str|Name is a name of parent component custom resource.
For example, if Kind is KeycloakRealm, then Name is name of KeycloakRealm custom resource.||
+### V1EdpEpamComV1KeycloakRealmComponentSpecRealmRef
+
+RealmRef is reference to Realm custom resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**kind**|"KeycloakRealm" | "ClusterKeycloakRealm"|Kind specifies the kind of the Keycloak resource.||
+|**name**|str|Name specifies the name of the Keycloak resource.||
+### V1EdpEpamComV1KeycloakRealmComponentStatus
+
+KeycloakComponentStatus defines the observed state of KeycloakRealmComponent.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**failureCount**|int|failure count||
+|**value**|str|value||
+### V1EdpEpamComV1KeycloakRealmGroupSpec
+
+KeycloakRealmGroupSpec defines the desired state of KeycloakRealmGroup.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**access**|{str:bool}|Access is a map of group access.||
+|**attributes**|{str:[str]}|Attributes is a map of group attributes.||
+|**clientRoles**|[[V1EdpEpamComV1KeycloakRealmGroupSpecClientRolesItems0](#v1edpepamcomv1keycloakrealmgroupspecclientrolesitems0)]|ClientRoles is a list of client roles assigned to group.||
+|**name** `required`|str|Name of keycloak group.||
+|**path**|str|Path is a group path.||
+|**realm**|str|Deprecated: use RealmRef instead.
Realm is name of KeycloakRealm custom resource.||
+|**realmRef**|[V1EdpEpamComV1KeycloakRealmGroupSpecRealmRef](#v1edpepamcomv1keycloakrealmgroupspecrealmref)|realm ref||
+|**realmRoles**|[str]|RealmRoles is a list of realm roles assigned to group.||
+|**subGroups**|[str]|SubGroups is a list of subgroups assigned to group.||
+### V1EdpEpamComV1KeycloakRealmGroupSpecClientRolesItems0
+
+v1 edp epam com v1 keycloak realm group spec client roles items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**clientId** `required`|str|ClientID is a client ID.||
+|**roles**|[str]|Roles is a list of client roles names assigned to service account.||
+### V1EdpEpamComV1KeycloakRealmGroupSpecRealmRef
+
+RealmRef is reference to Realm custom resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**kind**|"KeycloakRealm" | "ClusterKeycloakRealm"|Kind specifies the kind of the Keycloak resource.||
+|**name**|str|Name specifies the name of the Keycloak resource.||
+### V1EdpEpamComV1KeycloakRealmGroupStatus
+
+KeycloakRealmGroupStatus defines the observed state of KeycloakRealmGroup.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**failureCount**|int|failure count||
+|**id**|str|ID is a group ID.||
+|**value**|str|value||
+### V1EdpEpamComV1KeycloakRealmIdentityProviderSpec
+
+KeycloakRealmIdentityProviderSpec defines the desired state of KeycloakRealmIdentityProvider.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**addReadTokenRoleOnCreate**|bool|AddReadTokenRoleOnCreate is a flag to add read token role on create.||
+|**alias** `required`|str|Alias is a alias of identity provider.||
+|**authenticateByDefault**|bool|AuthenticateByDefault is a flag to authenticate by default.||
+|**config** `required`|{str:str}|Config is a map of identity provider configuration.
Map key is a name of configuration property, map value is a value of configuration property.
Any value can be a reference to k8s secret, in this case value should be in format $secretName:secretKey.||
+|**displayName**|str|DisplayName is a display name of identity provider.||
+|**enabled** `required`|bool|Enabled is a flag to enable/disable identity provider.||
+|**firstBrokerLoginFlowAlias**|str|FirstBrokerLoginFlowAlias is a first broker login flow alias.||
+|**linkOnly**|bool|LinkOnly is a flag to link only.||
+|**mappers**|[[V1EdpEpamComV1KeycloakRealmIdentityProviderSpecMappersItems0](#v1edpepamcomv1keycloakrealmidentityproviderspecmappersitems0)]|Mappers is a list of identity provider mappers.||
+|**providerId** `required`|str|ProviderID is a provider ID of identity provider.||
+|**realm**|str|Deprecated: use RealmRef instead.
Realm is name of KeycloakRealm custom resource.||
+|**realmRef**|[V1EdpEpamComV1KeycloakRealmIdentityProviderSpecRealmRef](#v1edpepamcomv1keycloakrealmidentityproviderspecrealmref)|realm ref||
+|**storeToken**|bool|StoreToken is a flag to store token.||
+|**trustEmail**|bool|TrustEmail is a flag to trust email.||
+### V1EdpEpamComV1KeycloakRealmIdentityProviderSpecMappersItems0
+
+v1 edp epam com v1 keycloak realm identity provider spec mappers items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**config**|{str:str}|Config is a map of identity provider mapper configuration.||
+|**identityProviderAlias**|str|IdentityProviderAlias is a identity provider alias.||
+|**identityProviderMapper**|str|IdentityProviderMapper is a identity provider mapper.||
+|**name**|str|Name is a name of identity provider mapper.||
+### V1EdpEpamComV1KeycloakRealmIdentityProviderSpecRealmRef
+
+RealmRef is reference to Realm custom resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**kind**|"KeycloakRealm" | "ClusterKeycloakRealm"|Kind specifies the kind of the Keycloak resource.||
+|**name**|str|Name specifies the name of the Keycloak resource.||
+### V1EdpEpamComV1KeycloakRealmIdentityProviderStatus
+
+KeycloakRealmIdentityProviderStatus defines the observed state of KeycloakRealmIdentityProvider.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**failureCount**|int|failure count||
+|**value**|str|value||
+### V1EdpEpamComV1KeycloakRealmRoleBatchSpec
+
+KeycloakRealmRoleBatchSpec defines the desired state of KeycloakRealmRoleBatch.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**realm**|str|Deprecated: use RealmRef instead.
Realm is name of KeycloakRealm custom resource.||
+|**realmRef**|[V1EdpEpamComV1KeycloakRealmRoleBatchSpecRealmRef](#v1edpepamcomv1keycloakrealmrolebatchspecrealmref)|realm ref||
+|**roles** `required`|[[V1EdpEpamComV1KeycloakRealmRoleBatchSpecRolesItems0](#v1edpepamcomv1keycloakrealmrolebatchspecrolesitems0)]|Roles is a list of roles to be created.||
+### V1EdpEpamComV1KeycloakRealmRoleBatchSpecRealmRef
+
+RealmRef is reference to Realm custom resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**kind**|"KeycloakRealm" | "ClusterKeycloakRealm"|Kind specifies the kind of the Keycloak resource.||
+|**name**|str|Name specifies the name of the Keycloak resource.||
+### V1EdpEpamComV1KeycloakRealmRoleBatchSpecRolesItems0
+
+v1 edp epam com v1 keycloak realm role batch spec roles items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**attributes**|{str:[str]}|Attributes is a map of role attributes.||
+|**composite**|bool|Composite is a flag if role is composite.||
+|**composites**|[[V1EdpEpamComV1KeycloakRealmRoleBatchSpecRolesItems0CompositesItems0](#v1edpepamcomv1keycloakrealmrolebatchspecrolesitems0compositesitems0)]|Composites is a list of composites roles assigned to role.||
+|**description**|str|Description is a role description.||
+|**isDefault**|bool|IsDefault is a flag if role is default.||
+|**name** `required`|str|Name of keycloak role.||
+### V1EdpEpamComV1KeycloakRealmRoleBatchSpecRolesItems0CompositesItems0
+
+v1 edp epam com v1 keycloak realm role batch spec roles items0 composites items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name is a name of composite role.||
+### V1EdpEpamComV1KeycloakRealmRoleBatchStatus
+
+KeycloakRealmRoleBatchStatus defines the observed state of KeycloakRealmRoleBatch.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**failureCount**|int|failure count||
+|**value**|str|value||
+### V1EdpEpamComV1KeycloakRealmRoleSpec
+
+KeycloakRealmRoleSpec defines the desired state of KeycloakRealmRole.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**attributes**|{str:[str]}|Attributes is a map of role attributes.||
+|**composite**|bool|Composite is a flag if role is composite.||
+|**composites**|[[V1EdpEpamComV1KeycloakRealmRoleSpecCompositesItems0](#v1edpepamcomv1keycloakrealmrolespeccompositesitems0)]|Composites is a list of composites roles assigned to role.||
+|**compositesClientRoles**|{str:[[V1EdpEpamComV1KeycloakRealmRoleSpecCompositesClientRolesItems0](#v1edpepamcomv1keycloakrealmrolespeccompositesclientrolesitems0)]}|CompositesClientRoles is a map of composites client roles assigned to role.||
+|**description**|str|Description is a role description.||
+|**isDefault**|bool|IsDefault is a flag if role is default.||
+|**name** `required`|str|Name of keycloak role.||
+|**realm**|str|Deprecated: use RealmRef instead.
Realm is name of KeycloakRealm custom resource.||
+|**realmRef**|[V1EdpEpamComV1KeycloakRealmRoleSpecRealmRef](#v1edpepamcomv1keycloakrealmrolespecrealmref)|realm ref||
+### V1EdpEpamComV1KeycloakRealmRoleSpecCompositesClientRolesItems0
+
+v1 edp epam com v1 keycloak realm role spec composites client roles items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name is a name of composite role.||
+### V1EdpEpamComV1KeycloakRealmRoleSpecCompositesItems0
+
+v1 edp epam com v1 keycloak realm role spec composites items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**name** `required`|str|Name is a name of composite role.||
+### V1EdpEpamComV1KeycloakRealmRoleSpecRealmRef
+
+RealmRef is reference to Realm custom resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**kind**|"KeycloakRealm" | "ClusterKeycloakRealm"|Kind specifies the kind of the Keycloak resource.||
+|**name**|str|Name specifies the name of the Keycloak resource.||
+### V1EdpEpamComV1KeycloakRealmRoleStatus
+
+KeycloakRealmRoleStatus defines the observed state of KeycloakRealmRole.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**failureCount**|int|failure count||
+|**id**|str|ID is a role ID.||
+|**value**|str|value||
+### V1EdpEpamComV1KeycloakRealmSpec
+
+KeycloakRealmSpec defines the desired state of KeycloakRealm.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**browserFlow**|str|BrowserFlow specifies the authentication flow to use for the realm's browser clients.||
+|**browserSecurityHeaders**|{str:str}|BrowserSecurityHeaders is a map of security headers to apply to HTTP responses from the realm's browser clients.||
+|**displayHtmlName**|str|DisplayHTMLName name to render in the UI||
+|**displayName**|str|DisplayName is the display name of the realm.||
+|**frontendUrl**|str|FrontendURL Set the frontend URL for the realm. Use in combination with the default hostname provider to override the base URL for frontend requests for a specific realm.||
+|**id**|str|ID is the ID of the realm.||
+|**keycloakOwner**|str|Deprecated: use KeycloakRef instead.
KeycloakOwner specifies the name of the Keycloak instance that owns the realm.||
+|**keycloakRef**|[V1EdpEpamComV1KeycloakRealmSpecKeycloakRef](#v1edpepamcomv1keycloakrealmspeckeycloakref)|keycloak ref||
+|**passwordPolicy**|[[V1EdpEpamComV1KeycloakRealmSpecPasswordPolicyItems0](#v1edpepamcomv1keycloakrealmspecpasswordpolicyitems0)]|PasswordPolicies is a list of password policies to apply to the realm.||
+|**realmEventConfig**|[V1EdpEpamComV1KeycloakRealmSpecRealmEventConfig](#v1edpepamcomv1keycloakrealmspecrealmeventconfig)|realm event config||
+|**realmName** `required`|str|RealmName specifies the name of the realm.||
+|**themes**|[V1EdpEpamComV1KeycloakRealmSpecThemes](#v1edpepamcomv1keycloakrealmspecthemes)|themes||
+|**tokenSettings**|[V1EdpEpamComV1KeycloakRealmSpecTokenSettings](#v1edpepamcomv1keycloakrealmspectokensettings)|token settings||
+|**users**|[[V1EdpEpamComV1KeycloakRealmSpecUsersItems0](#v1edpepamcomv1keycloakrealmspecusersitems0)]|Users is a list of users to create in the realm.||
+### V1EdpEpamComV1KeycloakRealmSpecKeycloakRef
+
+KeycloakRef is reference to Keycloak custom resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**kind**|"Keycloak" | "ClusterKeycloak"|Kind specifies the kind of the Keycloak resource.||
+|**name**|str|Name specifies the name of the Keycloak resource.||
+### V1EdpEpamComV1KeycloakRealmSpecPasswordPolicyItems0
+
+v1 edp epam com v1 keycloak realm spec password policy items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**type** `required`|str|||
+|**value** `required`|str|Value of password policy.||
+### V1EdpEpamComV1KeycloakRealmSpecRealmEventConfig
+
+RealmEventConfig is the configuration for events in the realm.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**adminEventsDetailsEnabled**|bool|AdminEventsDetailsEnabled indicates whether to enable detailed admin events.||
+|**adminEventsEnabled**|bool|AdminEventsEnabled indicates whether to enable admin events.||
+|**enabledEventTypes**|[str]|EnabledEventTypes is a list of event types to enable.||
+|**eventsEnabled**|bool|EventsEnabled indicates whether to enable events.||
+|**eventsExpiration**|int|EventsExpiration is the number of seconds after which events expire.||
+|**eventsListeners**|[str]|EventsListeners is a list of event listeners to enable.||
+### V1EdpEpamComV1KeycloakRealmSpecThemes
+
+Themes is a map of themes to apply to the realm.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**accountTheme**|str|AccountTheme specifies the account theme to use for the realm.||
+|**adminConsoleTheme**|str|AdminConsoleTheme specifies the admin console theme to use for the realm.||
+|**emailTheme**|str|EmailTheme specifies the email theme to use for the realm.||
+|**internationalizationEnabled**|bool|InternationalizationEnabled indicates whether to enable internationalization.||
+|**loginTheme**|str|LoginTheme specifies the login theme to use for the realm.||
+### V1EdpEpamComV1KeycloakRealmSpecTokenSettings
+
+TokenSettings is the configuration for tokens in the realm.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**accessCodeLifespan**|int|AccessCodeLifespan specifies max time(in seconds)a client has to finish the access token protocol.
This should normally be 1 minute.|60|
+|**accessToken**|int|AccessTokenLifespanForImplicitFlow specifies max time(in seconds) before an access token is expired for implicit flow.|900|
+|**accessTokenLifespan**|int|AccessTokenLifespan specifies max time(in seconds) before an access token is expired.
This value is recommended to be short relative to the SSO timeout.|300|
+|**actionTokenGeneratedByAdminLifespan**|int|ActionTokenGeneratedByAdminLifespan specifies max time(in seconds) before an action permit sent to a user by administrator is expired.
This value is recommended to be long to allow administrators to send e-mails for users that are currently offline.
The default timeout can be overridden immediately before issuing the token.|43200|
+|**actionTokenGeneratedByUserLifespan**|int|AccessCodeLifespanUserAction specifies max time(in seconds) before an action permit sent by a user (such as a forgot password e-mail) is expired.
This value is recommended to be short because it's expected that the user would react to self-created action quickly.|300|
+|**defaultSignatureAlgorithm**|"ES256" | "ES384" | "ES512" | "EdDSA" | "HS256" | "HS384" | "HS512" | "PS256" | "PS384" | "PS512" | "RS256" | "RS384" | "RS512"|DefaultSignatureAlgorithm specifies the default algorithm used to sign tokens for the realm|"RS256"|
+|**refreshTokenMaxReuse**|int|RefreshTokenMaxReuse specifies maximum number of times a refresh token can be reused.
When a different token is used, revocation is immediate.|0|
+|**revokeRefreshToken**|bool|RevokeRefreshToken if enabled a refresh token can only be used up to 'refreshTokenMaxReuse' and
is revoked when a different token is used.
Otherwise, refresh tokens are not revoked when used and can be used multiple times.|False|
+### V1EdpEpamComV1KeycloakRealmSpecUsersItems0
+
+v1 edp epam com v1 keycloak realm spec users items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**realmRoles**|[str]|RealmRoles is a list of roles attached to keycloak user.||
+|**username** `required`|str|Username of keycloak user.||
+### V1EdpEpamComV1KeycloakRealmStatus
+
+KeycloakRealmStatus defines the observed state of KeycloakRealm.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**available**|bool|available||
+|**failureCount**|int|failure count||
+|**value**|str|value||
+### V1EdpEpamComV1KeycloakRealmUserSpec
+
+KeycloakRealmUserSpec defines the desired state of KeycloakRealmUser.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**attributes**|{str:str}|Attributes is a map of user attributes.||
+|**email**|str|Email is a user email.||
+|**emailVerified**|bool|EmailVerified is a user email verified flag.||
+|**enabled**|bool|Enabled is a user enabled flag.||
+|**firstName**|str|FirstName is a user first name.||
+|**groups**|[str]|Groups is a list of groups assigned to user.||
+|**keepResource**|bool|KeepResource, when set to false, results in the deletion of the KeycloakRealmUser Custom Resource (CR)
from the cluster after the corresponding user is created in Keycloak. The user will continue to exist in Keycloak.
When set to true, the CR will not be deleted after processing.|True|
+|**lastName**|str|LastName is a user last name.||
+|**password**|str|Password is a user password. Allows to keep user password within Custom Resource. For security concerns, it is recommended to use PasswordSecret instead.||
+|**passwordSecret**|[V1EdpEpamComV1KeycloakRealmUserSpecPasswordSecret](#v1edpepamcomv1keycloakrealmuserspecpasswordsecret)|password secret||
+|**realm**|str|Deprecated: use RealmRef instead.
Realm is name of KeycloakRealm custom resource.||
+|**realmRef**|[V1EdpEpamComV1KeycloakRealmUserSpecRealmRef](#v1edpepamcomv1keycloakrealmuserspecrealmref)|realm ref||
+|**reconciliationStrategy**|str|ReconciliationStrategy is a strategy for reconciliation. Possible values: full, create-only.
Default value: full. If set to create-only, user will be created only if it does not exist. If user exists, it will not be updated.
If set to full, user will be created if it does not exist, or updated if it exists.||
+|**requiredUserActions**|[str]|RequiredUserActions is required action when user log in, example: CONFIGURE_TOTP, UPDATE_PASSWORD, UPDATE_PROFILE, VERIFY_EMAIL.||
+|**roles**|[str]|Roles is a list of roles assigned to user.||
+|**username** `required`|str|Username is a username in keycloak.||
+### V1EdpEpamComV1KeycloakRealmUserSpecPasswordSecret
+
+PasswordSecret defines Kubernetes secret Name and Key, which holds User secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|Key is the key in the secret.||
+|**name** `required`|str|Name is the name of the secret.||
+### V1EdpEpamComV1KeycloakRealmUserSpecRealmRef
+
+RealmRef is reference to Realm custom resource.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**kind**|"KeycloakRealm" | "ClusterKeycloakRealm"|Kind specifies the kind of the Keycloak resource.||
+|**name**|str|Name specifies the name of the Keycloak resource.||
+### V1EdpEpamComV1KeycloakRealmUserStatus
+
+KeycloakRealmUserStatus defines the observed state of KeycloakRealmUser.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**failureCount**|int|failure count||
+|**value**|str|value||
+### V1EdpEpamComV1KeycloakSpec
+
+KeycloakSpec defines the desired state of Keycloak.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**adminType**|"serviceAccount" | "user"|AdminType can be user or serviceAccount, if serviceAccount was specified, then client_credentials grant type should be used for getting admin realm token.||
+|**caCert**|[V1EdpEpamComV1KeycloakSpecCaCert](#v1edpepamcomv1keycloakspeccacert)|ca cert||
+|**insecureSkipVerify**|bool|InsecureSkipVerify controls whether api client verifies the server's
certificate chain and host name. If InsecureSkipVerify is true, api client
accepts any certificate presented by the server and any host name in that
certificate.||
+|**secret** `required`|str|Secret is a secret name which contains admin credentials.||
+|**url** `required`|str|URL of keycloak service.||
+### V1EdpEpamComV1KeycloakSpecCaCert
+
+CACert defines the root certificate authority that api client use when verifying server certificates.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configMapKeyRef**|[V1EdpEpamComV1KeycloakSpecCaCertConfigMapKeyRef](#v1edpepamcomv1keycloakspeccacertconfigmapkeyref)|config map key ref||
+|**secretKeyRef**|[V1EdpEpamComV1KeycloakSpecCaCertSecretKeyRef](#v1edpepamcomv1keycloakspeccacertsecretkeyref)|secret key ref||
+### V1EdpEpamComV1KeycloakSpecCaCertConfigMapKeyRef
+
+Selects a key of a ConfigMap.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|The key to select.||
+|**name**|str|Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?||
+### V1EdpEpamComV1KeycloakSpecCaCertSecretKeyRef
+
+Selects a key of a secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|The key of the secret to select from.||
+|**name**|str|Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?||
+### V1EdpEpamComV1KeycloakStatus
+
+KeycloakStatus defines the observed state of Keycloak.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**connected** `required`|bool|Connected shows if keycloak service is up and running.||
+### ClusterKeycloak
+
+ClusterKeycloak is the Schema for the clusterkeycloaks API.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"v1.edp.epam.com/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"v1.edp.epam.com/v1alpha1"|
+|**kind** `required` `readOnly`|"ClusterKeycloak"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"ClusterKeycloak"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec**|[V1EdpEpamComV1alpha1ClusterKeycloakSpec](#v1edpepamcomv1alpha1clusterkeycloakspec)|spec||
+|**status**|[V1EdpEpamComV1alpha1ClusterKeycloakStatus](#v1edpepamcomv1alpha1clusterkeycloakstatus)|status||
+### ClusterKeycloakRealm
+
+ClusterKeycloakRealm is the Schema for the clusterkeycloakrealms API.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**apiVersion** `required` `readOnly`|"v1.edp.epam.com/v1alpha1"|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources|"v1.edp.epam.com/v1alpha1"|
+|**kind** `required` `readOnly`|"ClusterKeycloakRealm"|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds|"ClusterKeycloakRealm"|
+|**metadata**|[ObjectMeta](#objectmeta)|metadata||
+|**spec**|[V1EdpEpamComV1alpha1ClusterKeycloakRealmSpec](#v1edpepamcomv1alpha1clusterkeycloakrealmspec)|spec||
+|**status**|[V1EdpEpamComV1alpha1ClusterKeycloakRealmStatus](#v1edpepamcomv1alpha1clusterkeycloakrealmstatus)|status||
+### V1EdpEpamComV1alpha1ClusterKeycloakRealmSpec
+
+ClusterKeycloakRealmSpec defines the desired state of ClusterKeycloakRealm.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**authenticationFlows**|[V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecAuthenticationFlows](#v1edpepamcomv1alpha1clusterkeycloakrealmspecauthenticationflows)|authentication flows||
+|**browserSecurityHeaders**|{str:str}|BrowserSecurityHeaders is a map of security headers to apply to HTTP responses from the realm's browser clients.||
+|**clusterKeycloakRef** `required`|str|ClusterKeycloakRef is a name of the ClusterKeycloak instance that owns the realm.||
+|**displayHtmlName**|str|DisplayHTMLName name to render in the UI.||
+|**displayName**|str|DisplayName is the display name of the realm.||
+|**frontendUrl**|str|FrontendURL Set the frontend URL for the realm.
Use in combination with the default hostname provider to override the base URL for frontend requests for a specific realm.||
+|**localization**|[V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecLocalization](#v1edpepamcomv1alpha1clusterkeycloakrealmspeclocalization)|localization||
+|**passwordPolicy**|[[V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecPasswordPolicyItems0](#v1edpepamcomv1alpha1clusterkeycloakrealmspecpasswordpolicyitems0)]|PasswordPolicies is a list of password policies to apply to the realm.||
+|**realmEventConfig**|[V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecRealmEventConfig](#v1edpepamcomv1alpha1clusterkeycloakrealmspecrealmeventconfig)|realm event config||
+|**realmName** `required`|str|RealmName specifies the name of the realm.||
+|**themes**|[V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecThemes](#v1edpepamcomv1alpha1clusterkeycloakrealmspecthemes)|themes||
+|**tokenSettings**|[V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecTokenSettings](#v1edpepamcomv1alpha1clusterkeycloakrealmspectokensettings)|token settings||
+### V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecAuthenticationFlows
+
+AuthenticationFlow is the configuration for authentication flows in the realm.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**browserFlow**|str|BrowserFlow specifies the authentication flow to use for the realm's browser clients.||
+### V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecLocalization
+
+Localization is the configuration for localization in the realm.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**internationalizationEnabled**|bool|InternationalizationEnabled indicates whether to enable internationalization.||
+### V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecPasswordPolicyItems0
+
+v1 edp epam com v1alpha1 cluster keycloak realm spec password policy items0
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**type** `required`|str|||
+|**value** `required`|str|Value of password policy.||
+### V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecRealmEventConfig
+
+RealmEventConfig is the configuration for events in the realm.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**adminEventsDetailsEnabled**|bool|AdminEventsDetailsEnabled indicates whether to enable detailed admin events.||
+|**adminEventsEnabled**|bool|AdminEventsEnabled indicates whether to enable admin events.||
+|**enabledEventTypes**|[str]|EnabledEventTypes is a list of event types to enable.||
+|**eventsEnabled**|bool|EventsEnabled indicates whether to enable events.||
+|**eventsExpiration**|int|EventsExpiration is the number of seconds after which events expire.||
+|**eventsListeners**|[str]|EventsListeners is a list of event listeners to enable.||
+### V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecThemes
+
+Themes is a map of themes to apply to the realm.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**accountTheme**|str|AccountTheme specifies the account theme to use for the realm.||
+|**adminConsoleTheme**|str|AdminConsoleTheme specifies the admin console theme to use for the realm.||
+|**emailTheme**|str|EmailTheme specifies the email theme to use for the realm.||
+|**loginTheme**|str|LoginTheme specifies the login theme to use for the realm.||
+### V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecTokenSettings
+
+TokenSettings is the configuration for tokens in the realm.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**accessCodeLifespan**|int|AccessCodeLifespan specifies max time(in seconds)a client has to finish the access token protocol.
This should normally be 1 minute.|60|
+|**accessToken**|int|AccessTokenLifespanForImplicitFlow specifies max time(in seconds) before an access token is expired for implicit flow.|900|
+|**accessTokenLifespan**|int|AccessTokenLifespan specifies max time(in seconds) before an access token is expired.
This value is recommended to be short relative to the SSO timeout.|300|
+|**actionTokenGeneratedByAdminLifespan**|int|ActionTokenGeneratedByAdminLifespan specifies max time(in seconds) before an action permit sent to a user by administrator is expired.
This value is recommended to be long to allow administrators to send e-mails for users that are currently offline.
The default timeout can be overridden immediately before issuing the token.|43200|
+|**actionTokenGeneratedByUserLifespan**|int|AccessCodeLifespanUserAction specifies max time(in seconds) before an action permit sent by a user (such as a forgot password e-mail) is expired.
This value is recommended to be short because it's expected that the user would react to self-created action quickly.|300|
+|**defaultSignatureAlgorithm**|"ES256" | "ES384" | "ES512" | "EdDSA" | "HS256" | "HS384" | "HS512" | "PS256" | "PS384" | "PS512" | "RS256" | "RS384" | "RS512"|DefaultSignatureAlgorithm specifies the default algorithm used to sign tokens for the realm|"RS256"|
+|**refreshTokenMaxReuse**|int|RefreshTokenMaxReuse specifies maximum number of times a refresh token can be reused.
When a different token is used, revocation is immediate.|0|
+|**revokeRefreshToken**|bool|RevokeRefreshToken if enabled a refresh token can only be used up to 'refreshTokenMaxReuse' and
is revoked when a different token is used.
Otherwise, refresh tokens are not revoked when used and can be used multiple times.|False|
+### V1EdpEpamComV1alpha1ClusterKeycloakRealmStatus
+
+ClusterKeycloakRealmStatus defines the observed state of ClusterKeycloakRealm.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**available**|bool|available||
+|**failureCount**|int|failure count||
+|**value**|str|value||
+### V1EdpEpamComV1alpha1ClusterKeycloakSpec
+
+ClusterKeycloakSpec defines the desired state of ClusterKeycloak.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**adminType**|"serviceAccount" | "user"|AdminType can be user or serviceAccount, if serviceAccount was specified,
then client_credentials grant type should be used for getting admin realm token.|"user"|
+|**caCert**|[V1EdpEpamComV1alpha1ClusterKeycloakSpecCaCert](#v1edpepamcomv1alpha1clusterkeycloakspeccacert)|ca cert||
+|**insecureSkipVerify**|bool|InsecureSkipVerify controls whether api client verifies the server's
certificate chain and host name. If InsecureSkipVerify is true, api client
accepts any certificate presented by the server and any host name in that
certificate.||
+|**secret** `required`|str|Secret is a secret name which contains admin credentials.||
+|**url** `required`|str|URL of keycloak service.||
+### V1EdpEpamComV1alpha1ClusterKeycloakSpecCaCert
+
+CACert defines the root certificate authority that api clients use when verifying server certificates. Resources should be in the namespace defined in operator OPERATOR_NAMESPACE env.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**configMapKeyRef**|[V1EdpEpamComV1alpha1ClusterKeycloakSpecCaCertConfigMapKeyRef](#v1edpepamcomv1alpha1clusterkeycloakspeccacertconfigmapkeyref)|config map key ref||
+|**secretKeyRef**|[V1EdpEpamComV1alpha1ClusterKeycloakSpecCaCertSecretKeyRef](#v1edpepamcomv1alpha1clusterkeycloakspeccacertsecretkeyref)|secret key ref||
+### V1EdpEpamComV1alpha1ClusterKeycloakSpecCaCertConfigMapKeyRef
+
+Selects a key of a ConfigMap.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|The key to select.||
+|**name**|str|Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?||
+### V1EdpEpamComV1alpha1ClusterKeycloakSpecCaCertSecretKeyRef
+
+Selects a key of a secret.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**key** `required`|str|The key of the secret to select from.||
+|**name**|str|Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?||
+### V1EdpEpamComV1alpha1ClusterKeycloakStatus
+
+ClusterKeycloakStatus defines the observed state of ClusterKeycloak.
+
+#### Attributes
+
+| name | type | description | default value |
+| --- | --- | --- | --- |
+|**connected** `required`|bool|Connected shows if keycloak service is up and running.||
+
diff --git a/edp-keycloak-operator/crds/edp-keycloak-operator.yaml b/edp-keycloak-operator/crds/edp-keycloak-operator.yaml
new file mode 100644
index 00000000..d9abb817
--- /dev/null
+++ b/edp-keycloak-operator/crds/edp-keycloak-operator.yaml
@@ -0,0 +1,2577 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: keycloaks.v1.edp.epam.com
+spec:
+ group: v1.edp.epam.com
+ names:
+ kind: Keycloak
+ listKind: KeycloakList
+ plural: keycloaks
+ singular: keycloak
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Is connected to keycloak
+ jsonPath: .status.connected
+ name: Connected
+ type: boolean
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: Keycloak is the Schema for the keycloaks API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KeycloakSpec defines the desired state of Keycloak.
+ properties:
+ adminType:
+ description: AdminType can be user or serviceAccount, if serviceAccount
+ was specified, then client_credentials grant type should be used
+ for getting admin realm token.
+ enum:
+ - serviceAccount
+ - user
+ type: string
+ caCert:
+ description: |-
+ CACert defines the root certificate authority
+ that api client use when verifying server certificates.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret.
+ properties:
+ key:
+ description: The key of the secret to select from.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ insecureSkipVerify:
+ description: |-
+ InsecureSkipVerify controls whether api client verifies the server's
+ certificate chain and host name. If InsecureSkipVerify is true, api client
+ accepts any certificate presented by the server and any host name in that
+ certificate.
+ type: boolean
+ secret:
+ description: Secret is a secret name which contains admin credentials.
+ type: string
+ url:
+ description: URL of keycloak service.
+ type: string
+ required:
+ - secret
+ - url
+ type: object
+ status:
+ default:
+ connected: false
+ description: KeycloakStatus defines the observed state of Keycloak.
+ properties:
+ connected:
+ description: Connected shows if keycloak service is up and running.
+ type: boolean
+ required:
+ - connected
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: keycloakauthflows.v1.edp.epam.com
+spec:
+ group: v1.edp.epam.com
+ names:
+ kind: KeycloakAuthFlow
+ listKind: KeycloakAuthFlowList
+ plural: keycloakauthflows
+ singular: keycloakauthflow
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Reconcilation status
+ jsonPath: .status.value
+ name: Status
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: KeycloakAuthFlow is the Schema for the keycloak authentication
+ flow API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KeycloakAuthFlowSpec defines the desired state of KeycloakAuthFlow.
+ properties:
+ alias:
+ description: Alias is display name for authentication flow.
+ type: string
+ authenticationExecutions:
+ description: AuthenticationExecutions is list of authentication executions
+ for this auth flow.
+ items:
+ description: AuthenticationExecution defines keycloak authentication
+ execution.
+ properties:
+ alias:
+ description: Alias is display name for this execution.
+ type: string
+ authenticator:
+ description: Authenticator is name of authenticator.
+ type: string
+ authenticatorConfig:
+ description: AuthenticatorConfig is configuration for authenticator.
+ nullable: true
+ properties:
+ alias:
+ description: Alias is display name for authenticator config.
+ type: string
+ config:
+ additionalProperties:
+ type: string
+ description: Config is configuration for authenticator.
+ type: object
+ type: object
+ authenticatorFlow:
+ description: AuthenticatorFlow is true if this is auth flow.
+ type: boolean
+ priority:
+ description: Priority is priority for this execution. Lower
+ values have higher priority.
+ type: integer
+ requirement:
+ description: 'Requirement is requirement for this execution.
+ Available options: REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL.'
+ type: string
+ type: object
+ nullable: true
+ type: array
+ builtIn:
+ description: BuiltIn is true if this is built-in auth flow.
+ type: boolean
+ childRequirement:
+ description: 'ChildRequirement is requirement for child execution.
+ Available options: REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL.'
+ type: string
+ childType:
+ description: 'ChildType is type for auth flow if it has a parent,
+ available options: basic-flow, form-flow'
+ type: string
+ description:
+ description: Description is description for authentication flow.
+ type: string
+ parentName:
+ description: ParentName is name of parent auth flow.
+ type: string
+ providerId:
+ description: ProviderID for root auth flow and provider for child
+ auth flows.
+ type: string
+ realm:
+ description: |-
+ Deprecated: use RealmRef instead.
+ Realm is name of KeycloakRealm custom resource.
+ type: string
+ realmRef:
+ description: RealmRef is reference to Realm custom resource.
+ properties:
+ kind:
+ description: Kind specifies the kind of the Keycloak resource.
+ enum:
+ - KeycloakRealm
+ - ClusterKeycloakRealm
+ type: string
+ name:
+ description: Name specifies the name of the Keycloak resource.
+ type: string
+ type: object
+ topLevel:
+ description: TopLevel is true if this is root auth flow.
+ type: boolean
+ required:
+ - alias
+ - builtIn
+ - providerId
+ - topLevel
+ type: object
+ status:
+ description: KeycloakAuthFlowStatus defines the observed state of KeycloakAuthFlow.
+ properties:
+ failureCount:
+ format: int64
+ type: integer
+ value:
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: keycloakclients.v1.edp.epam.com
+spec:
+ group: v1.edp.epam.com
+ names:
+ kind: KeycloakClient
+ listKind: KeycloakClientList
+ plural: keycloakclients
+ singular: keycloakclient
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Reconcilation status
+ jsonPath: .status.value
+ name: Status
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: KeycloakClient is the Schema for the keycloak clients API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KeycloakClientSpec defines the desired state of KeycloakClient.
+ properties:
+ advancedProtocolMappers:
+ description: AdvancedProtocolMappers is a flag to enable advanced
+ protocol mappers.
+ type: boolean
+ attributes:
+ additionalProperties:
+ type: string
+ default:
+ post.logout.redirect.uris: +
+ description: Attributes is a map of client attributes.
+ nullable: true
+ type: object
+ authorization:
+ description: Authorization is a client authorization configuration.
+ nullable: true
+ properties:
+ permissions:
+ items:
+ properties:
+ decisionStrategy:
+ default: UNANIMOUS
+ description: DecisionStrategy is a permission decision strategy.
+ enum:
+ - UNANIMOUS
+ - AFFIRMATIVE
+ - CONSENSUS
+ type: string
+ description:
+ description: Description is a permission description.
+ type: string
+ logic:
+ default: POSITIVE
+ description: Logic is a permission logic.
+ enum:
+ - POSITIVE
+ - NEGATIVE
+ type: string
+ name:
+ description: Name is a permission name.
+ type: string
+ policies:
+ description: |-
+ Policies is a list of policies names.
+ Specifies all the policies that must be applied to the scopes defined by this policy or permission.
+ example:
+ - policy1
+ - policy2
+ items:
+ type: string
+ nullable: true
+ type: array
+ resources:
+ description: |-
+ Resources is a list of resources names.
+ Specifies that this permission must be applied to all resource instances of a given type.
+ example:
+ - resource1
+ - resource2
+ items:
+ type: string
+ nullable: true
+ type: array
+ scopes:
+ description: |-
+ Scopes is a list of authorization scopes names.
+ Specifies that this permission must be applied to one or more scopes.
+ example:
+ - scope1
+ - scope2
+ items:
+ type: string
+ nullable: true
+ type: array
+ type:
+ description: Type is a permission type.
+ enum:
+ - resource
+ - scope
+ type: string
+ required:
+ - name
+ - type
+ type: object
+ type: array
+ policies:
+ items:
+ description: Policy represents a client authorization policy.
+ properties:
+ aggregatedPolicy:
+ description: AggregatedPolicy is an aggregated policy settings.
+ properties:
+ policies:
+ description: |-
+ Policies is a list of aggregated policies names.
+ Specifies all the policies that must be applied to the scopes defined by this policy or permission.
+ example:
+ policies:
+ - policy1
+ - policy2
+ items:
+ type: string
+ type: array
+ required:
+ - policies
+ type: object
+ clientPolicy:
+ description: ClientPolicy is a client policy settings.
+ properties:
+ clients:
+ description: Clients is a list of client names. Specifies
+ which client(s) are allowed by this policy.
+ example:
+ - clients1
+ - clients2
+ items:
+ type: string
+ type: array
+ required:
+ - clients
+ type: object
+ decisionStrategy:
+ default: UNANIMOUS
+ description: DecisionStrategy is a policy decision strategy.
+ enum:
+ - UNANIMOUS
+ - AFFIRMATIVE
+ - CONSENSUS
+ type: string
+ description:
+ description: Description is a policy description.
+ type: string
+ groupPolicy:
+ description: GroupPolicy is a group policy settings.
+ properties:
+ groups:
+ description: Groups is a list of group names. Specifies
+ which group(s) are allowed by this policy.
+ example: '{"groups":[{"name":"group1","extendChildren":true},{"name":"group2"}]}'
+ items:
+ description: GroupDefinition represents a group in
+ a GroupPolicyData.
+ properties:
+ extendChildren:
+ description: ExtendChildren is a flag that specifies
+ whether to extend children.
+ type: boolean
+ name:
+ description: Name is a group name.
+ example: group1
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ groupsClaim:
+ description: |-
+ GroupsClaim is a group claim.
+ If defined, the policy will fetch user's groups from the given claim
+ within an access token or ID token representing the identity asking permissions.
+ If not defined, user's groups are obtained from your realm configuration.
+ type: string
+ type: object
+ logic:
+ default: POSITIVE
+ description: Logic is a policy logic.
+ enum:
+ - POSITIVE
+ - NEGATIVE
+ type: string
+ name:
+ description: Name is a policy name.
+ type: string
+ rolePolicy:
+ description: RolePolicy is a role policy settings.
+ properties:
+ roles:
+ description: Roles is a list of role.
+ example:
+ roles:
+ - name: role1
+ required: true
+ - name: role2
+ items:
+ description: RoleDefinition represents a role in a
+ RolePolicyData.
+ properties:
+ name:
+ description: Name is a role name.
+ example: role1
+ type: string
+ required:
+ description: Required is a flag that specifies
+ whether the role is required.
+ type: boolean
+ required:
+ - name
+ type: object
+ type: array
+ required:
+ - roles
+ type: object
+ timePolicy:
+ description: ScopePolicy is a scope policy settings.
+ properties:
+ dayMonth:
+ description: |-
+ Day defines the month which the policy MUST be granted.
+ You can also provide a range by filling the dayMonthEnd field.
+ In this case, permission is granted only if current month is between or equal to the two values you provided.
+ example: "1"
+ type: string
+ dayMonthEnd:
+ example: "2"
+ type: string
+ hour:
+ description: |-
+ Hour defines the hour when the policy MUST be granted.
+ You can also provide a range by filling the hourEnd.
+ In this case, permission is granted only if current hour is between or equal to the two values you provided.
+ example: "1"
+ type: string
+ hourEnd:
+ example: "2"
+ type: string
+ minute:
+ description: |-
+ Minute defines the minute when the policy MUST be granted.
+ You can also provide a range by filling the minuteEnd field.
+ In this case, permission is granted only if current minute is between or equal to the two values you provided.
+ example: "1"
+ type: string
+ minuteEnd:
+ example: "2"
+ type: string
+ month:
+ description: |-
+ Month defines the month which the policy MUST be granted.
+ You can also provide a range by filling the monthEnd.
+ In this case, permission is granted only if current month is between or equal to the two values you provided.
+ example: "1"
+ type: string
+ monthEnd:
+ example: "2"
+ type: string
+ notBefore:
+ description: |-
+ NotBefore defines the time before which the policy MUST NOT be granted.
+ Only granted if current date/time is after or equal to this value.
+ example: "2024-03-03 00:00:00"
+ type: string
+ notOnOrAfter:
+ description: |-
+ NotOnOrAfter defines the time after which the policy MUST NOT be granted.
+ Only granted if current date/time is before or equal to this value.
+ example: "2024-04-04 00:00:00"
+ type: string
+ required:
+ - notBefore
+ - notOnOrAfter
+ type: object
+ type:
+ description: Type is a policy type.
+ enum:
+ - aggregate
+ - client
+ - group
+ - role
+ - time
+ - user
+ type: string
+ userPolicy:
+ description: UserPolicy is a user policy settings.
+ properties:
+ users:
+ description: Users is a list of usernames. Specifies
+ which user(s) are allowed by this policy.
+ example:
+ - users1
+ - users2
+ items:
+ type: string
+ type: array
+ required:
+ - users
+ type: object
+ required:
+ - name
+ - type
+ type: object
+ type: array
+ scopes:
+ items:
+ type: string
+ type: array
+ type: object
+ authorizationServicesEnabled:
+ description: ServiceAccountsEnabled enable/disable fine-grained authorization
+ support for a client.
+ type: boolean
+ bearerOnly:
+ description: BearerOnly is a flag to enable bearer-only.
+ type: boolean
+ clientAuthenticatorType:
+ default: client-secret
+ description: ClientAuthenticatorType is a client authenticator type.
+ type: string
+ clientId:
+ description: ClientId is a unique keycloak client ID referenced in
+ URI and tokens.
+ type: string
+ clientRoles:
+ description: ClientRoles is a list of client roles names assigned
+ to client.
+ items:
+ type: string
+ nullable: true
+ type: array
+ consentRequired:
+ description: ConsentRequired is a flag to enable consent.
+ type: boolean
+ defaultClientScopes:
+ description: DefaultClientScopes is a list of default client scopes
+ assigned to client.
+ items:
+ type: string
+ nullable: true
+ type: array
+ description:
+ description: Description is a client description.
+ type: string
+ directAccess:
+ description: DirectAccess is a flag to set client as direct access.
+ type: boolean
+ enabled:
+ default: true
+ description: Enabled is a flag to enable client.
+ type: boolean
+ frontChannelLogout:
+ description: FrontChannelLogout is a flag to enable front channel
+ logout.
+ type: boolean
+ fullScopeAllowed:
+ default: true
+ description: FullScopeAllowed is a flag to enable full scope.
+ type: boolean
+ implicitFlowEnabled:
+ description: ImplicitFlowEnabled is a flag to enable support for OpenID
+ Connect redirect based authentication without authorization code.
+ type: boolean
+ name:
+ description: Name is a client name.
+ type: string
+ optionalClientScopes:
+ description: OptionalClientScopes is a list of optional client scopes
+ assigned to client.
+ items:
+ type: string
+ nullable: true
+ type: array
+ protocol:
+ description: Protocol is a client protocol.
+ nullable: true
+ type: string
+ protocolMappers:
+ description: ProtocolMappers is a list of protocol mappers assigned
+ to client.
+ items:
+ properties:
+ config:
+ additionalProperties:
+ type: string
+ description: Config is a map of protocol mapper configuration.
+ nullable: true
+ type: object
+ name:
+ description: Name is a protocol mapper name.
+ type: string
+ protocol:
+ description: Protocol is a protocol name.
+ type: string
+ protocolMapper:
+ description: ProtocolMapper is a protocol mapper name.
+ type: string
+ type: object
+ nullable: true
+ type: array
+ public:
+ description: Public is a flag to set client as public.
+ type: boolean
+ realmRef:
+ description: RealmRef is reference to Realm custom resource.
+ properties:
+ kind:
+ description: Kind specifies the kind of the Keycloak resource.
+ enum:
+ - KeycloakRealm
+ - ClusterKeycloakRealm
+ type: string
+ name:
+ description: Name specifies the name of the Keycloak resource.
+ type: string
+ type: object
+ realmRoles:
+ description: RealmRoles is a list of realm roles assigned to client.
+ items:
+ properties:
+ composite:
+ description: Composite is a realm composite role name.
+ type: string
+ name:
+ description: Name is a realm role name.
+ type: string
+ required:
+ - composite
+ type: object
+ nullable: true
+ type: array
+ reconciliationStrategy:
+ description: ReconciliationStrategy is a strategy to reconcile client.
+ enum:
+ - full
+ - addOnly
+ type: string
+ redirectUris:
+ description: |-
+ RedirectUris is a list of valid URI pattern a browser can redirect to after a successful login.
+ Simple wildcards are allowed such as 'https://example.com/*'.
+ Relative path can be specified too, such as /my/relative/path/*. Relative paths are relative to the client root URL.
+ If not specified, spec.webUrl + "/*" will be used.
+ example:
+ - https://example.com/*
+ - /my/relative/path/*
+ items:
+ type: string
+ nullable: true
+ type: array
+ secret:
+ description: |-
+ Secret is kubernetes secret name where the client's secret will be stored.
+ Secret should have the following format: $secretName:secretKey.
+ If not specified, a client secret will be generated and stored in a secret with the name keycloak-client-{metadata.name}-secret.
+ If keycloak client is public, secret property will be ignored.
+ example: $keycloak-secret:client_secret
+ type: string
+ serviceAccount:
+ description: ServiceAccount is a service account configuration.
+ nullable: true
+ properties:
+ attributes:
+ additionalProperties:
+ type: string
+ description: Attributes is a map of service account attributes.
+ nullable: true
+ type: object
+ clientRoles:
+ description: ClientRoles is a list of client roles assigned to
+ service account.
+ items:
+ properties:
+ clientId:
+ description: ClientID is a client ID.
+ type: string
+ roles:
+ description: Roles is a list of client roles names assigned
+ to service account.
+ items:
+ type: string
+ nullable: true
+ type: array
+ required:
+ - clientId
+ type: object
+ nullable: true
+ type: array
+ enabled:
+ description: Enabled is a flag to enable service account.
+ type: boolean
+ realmRoles:
+ description: RealmRoles is a list of realm roles assigned to service
+ account.
+ items:
+ type: string
+ nullable: true
+ type: array
+ type: object
+ standardFlowEnabled:
+ default: true
+ description: StandardFlowEnabled is a flag to enable standard flow.
+ type: boolean
+ surrogateAuthRequired:
+ description: SurrogateAuthRequired is a flag to enable surrogate auth.
+ type: boolean
+ targetRealm:
+ description: |-
+ Deprecated: use RealmRef instead.
+ TargetRealm is a realm name where client will be created.
+ It has higher priority than RealmRef for backward compatibility.
+ If both TargetRealm and RealmRef are specified, TargetRealm will be used for client creation.
+ type: string
+ webOrigins:
+ description: |-
+ WebOrigins is a list of allowed CORS origins.
+ To permit all origins of Valid Redirect URIs, add '+'. This does not include the '*' wildcard though.
+ To permit all origins, explicitly add '*'.
+ If not specified, the value from `WebUrl` is used
+ example:
+ - https://example.com/*
+ items:
+ type: string
+ nullable: true
+ type: array
+ webUrl:
+ description: WebUrl is a client web url.
+ type: string
+ required:
+ - clientId
+ type: object
+ status:
+ description: KeycloakClientStatus defines the observed state of KeycloakClient.
+ properties:
+ clientId:
+ type: string
+ failureCount:
+ format: int64
+ type: integer
+ value:
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: keycloakclientscopes.v1.edp.epam.com
+spec:
+ group: v1.edp.epam.com
+ names:
+ kind: KeycloakClientScope
+ listKind: KeycloakClientScopeList
+ plural: keycloakclientscopes
+ singular: keycloakclientscope
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Reconcilation status
+ jsonPath: .status.value
+ name: Status
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: KeycloakClientScope is the Schema for the keycloakclientscopes
+ API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KeycloakClientScopeSpec defines the desired state of KeycloakClientScope.
+ properties:
+ attributes:
+ additionalProperties:
+ type: string
+ description: Attributes is a map of client scope attributes.
+ nullable: true
+ type: object
+ default:
+ description: Default is a flag to set client scope as default.
+ type: boolean
+ description:
+ description: Description is a description of client scope.
+ type: string
+ name:
+ description: Name of keycloak client scope.
+ type: string
+ protocol:
+ description: Protocol is SSO protocol configuration which is being
+ supplied by this client scope.
+ type: string
+ protocolMappers:
+ description: ProtocolMappers is a list of protocol mappers assigned
+ to client scope.
+ items:
+ properties:
+ config:
+ additionalProperties:
+ type: string
+ description: Config is a map of protocol mapper configuration.
+ nullable: true
+ type: object
+ name:
+ description: Name is a protocol mapper name.
+ type: string
+ protocol:
+ description: Protocol is a protocol name.
+ type: string
+ protocolMapper:
+ description: ProtocolMapper is a protocol mapper name.
+ type: string
+ type: object
+ nullable: true
+ type: array
+ realm:
+ description: |-
+ Deprecated: use RealmRef instead.
+ Realm is name of KeycloakRealm custom resource.
+ type: string
+ realmRef:
+ description: RealmRef is reference to Realm custom resource.
+ properties:
+ kind:
+ description: Kind specifies the kind of the Keycloak resource.
+ enum:
+ - KeycloakRealm
+ - ClusterKeycloakRealm
+ type: string
+ name:
+ description: Name specifies the name of the Keycloak resource.
+ type: string
+ type: object
+ required:
+ - name
+ - protocol
+ type: object
+ status:
+ description: KeycloakClientScopeStatus defines the observed state of KeycloakClientScope.
+ properties:
+ failureCount:
+ format: int64
+ type: integer
+ id:
+ type: string
+ value:
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: keycloakrealms.v1.edp.epam.com
+spec:
+ group: v1.edp.epam.com
+ names:
+ kind: KeycloakRealm
+ listKind: KeycloakRealmList
+ plural: keycloakrealms
+ singular: keycloakrealm
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Is the resource available
+ jsonPath: .status.available
+ name: Available
+ type: boolean
+ - description: Reconcilation status
+ jsonPath: .status.value
+ name: Status
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: KeycloakRealm is the Schema for the keycloak realms API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KeycloakRealmSpec defines the desired state of KeycloakRealm.
+ properties:
+ browserFlow:
+ description: BrowserFlow specifies the authentication flow to use
+ for the realm's browser clients.
+ nullable: true
+ type: string
+ browserSecurityHeaders:
+ additionalProperties:
+ type: string
+ description: BrowserSecurityHeaders is a map of security headers to
+ apply to HTTP responses from the realm's browser clients.
+ nullable: true
+ type: object
+ displayHtmlName:
+ description: DisplayHTMLName name to render in the UI
+ type: string
+ displayName:
+ description: DisplayName is the display name of the realm.
+ type: string
+ frontendUrl:
+ description: FrontendURL Set the frontend URL for the realm. Use in
+ combination with the default hostname provider to override the base
+ URL for frontend requests for a specific realm.
+ type: string
+ id:
+ description: ID is the ID of the realm.
+ nullable: true
+ type: string
+ keycloakOwner:
+ description: |-
+ Deprecated: use KeycloakRef instead.
+ KeycloakOwner specifies the name of the Keycloak instance that owns the realm.
+ nullable: true
+ type: string
+ keycloakRef:
+ description: KeycloakRef is reference to Keycloak custom resource.
+ properties:
+ kind:
+ description: Kind specifies the kind of the Keycloak resource.
+ enum:
+ - Keycloak
+ - ClusterKeycloak
+ type: string
+ name:
+ description: Name specifies the name of the Keycloak resource.
+ type: string
+ type: object
+ passwordPolicy:
+ description: PasswordPolicies is a list of password policies to apply
+ to the realm.
+ items:
+ properties:
+ type:
+ description: Type of password policy.
+ type: string
+ value:
+ description: Value of password policy.
+ type: string
+ required:
+ - type
+ - value
+ type: object
+ nullable: true
+ type: array
+ realmEventConfig:
+ description: RealmEventConfig is the configuration for events in the
+ realm.
+ nullable: true
+ properties:
+ adminEventsDetailsEnabled:
+ description: AdminEventsDetailsEnabled indicates whether to enable
+ detailed admin events.
+ type: boolean
+ adminEventsEnabled:
+ description: AdminEventsEnabled indicates whether to enable admin
+ events.
+ type: boolean
+ enabledEventTypes:
+ description: EnabledEventTypes is a list of event types to enable.
+ items:
+ type: string
+ type: array
+ eventsEnabled:
+ description: EventsEnabled indicates whether to enable events.
+ type: boolean
+ eventsExpiration:
+ description: EventsExpiration is the number of seconds after which
+ events expire.
+ type: integer
+ eventsListeners:
+ description: EventsListeners is a list of event listeners to enable.
+ items:
+ type: string
+ type: array
+ type: object
+ realmName:
+ description: RealmName specifies the name of the realm.
+ type: string
+ themes:
+ description: Themes is a map of themes to apply to the realm.
+ nullable: true
+ properties:
+ accountTheme:
+ description: AccountTheme specifies the account theme to use for
+ the realm.
+ nullable: true
+ type: string
+ adminConsoleTheme:
+ description: AdminConsoleTheme specifies the admin console theme
+ to use for the realm.
+ nullable: true
+ type: string
+ emailTheme:
+ description: EmailTheme specifies the email theme to use for the
+ realm.
+ nullable: true
+ type: string
+ internationalizationEnabled:
+ description: InternationalizationEnabled indicates whether to
+ enable internationalization.
+ nullable: true
+ type: boolean
+ loginTheme:
+ description: LoginTheme specifies the login theme to use for the
+ realm.
+ nullable: true
+ type: string
+ type: object
+ tokenSettings:
+ description: TokenSettings is the configuration for tokens in the
+ realm.
+ nullable: true
+ properties:
+ accessCodeLifespan:
+ default: 60
+ description: |-
+ AccessCodeLifespan specifies max time(in seconds)a client has to finish the access token protocol.
+ This should normally be 1 minute.
+ type: integer
+ accessToken:
+ default: 900
+ description: AccessTokenLifespanForImplicitFlow specifies max
+ time(in seconds) before an access token is expired for implicit
+ flow.
+ type: integer
+ accessTokenLifespan:
+ default: 300
+ description: |-
+ AccessTokenLifespan specifies max time(in seconds) before an access token is expired.
+ This value is recommended to be short relative to the SSO timeout.
+ type: integer
+ actionTokenGeneratedByAdminLifespan:
+ default: 43200
+ description: |-
+ ActionTokenGeneratedByAdminLifespan specifies max time(in seconds) before an action permit sent to a user by administrator is expired.
+ This value is recommended to be long to allow administrators to send e-mails for users that are currently offline.
+ The default timeout can be overridden immediately before issuing the token.
+ type: integer
+ actionTokenGeneratedByUserLifespan:
+ default: 300
+ description: |-
+ AccessCodeLifespanUserAction specifies max time(in seconds) before an action permit sent by a user (such as a forgot password e-mail) is expired.
+ This value is recommended to be short because it's expected that the user would react to self-created action quickly.
+ type: integer
+ defaultSignatureAlgorithm:
+ default: RS256
+ description: DefaultSignatureAlgorithm specifies the default algorithm
+ used to sign tokens for the realm
+ enum:
+ - ES256
+ - ES384
+ - ES512
+ - EdDSA
+ - HS256
+ - HS384
+ - HS512
+ - PS256
+ - PS384
+ - PS512
+ - RS256
+ - RS384
+ - RS512
+ example: RS256
+ type: string
+ refreshTokenMaxReuse:
+ default: 0
+ description: |-
+ RefreshTokenMaxReuse specifies maximum number of times a refresh token can be reused.
+ When a different token is used, revocation is immediate.
+ type: integer
+ revokeRefreshToken:
+ default: false
+ description: |-
+ RevokeRefreshToken if enabled a refresh token can only be used up to 'refreshTokenMaxReuse' and
+ is revoked when a different token is used.
+ Otherwise, refresh tokens are not revoked when used and can be used multiple times.
+ type: boolean
+ type: object
+ users:
+ description: Users is a list of users to create in the realm.
+ items:
+ properties:
+ realmRoles:
+ description: RealmRoles is a list of roles attached to keycloak
+ user.
+ items:
+ type: string
+ type: array
+ username:
+ description: Username of keycloak user.
+ type: string
+ required:
+ - username
+ type: object
+ nullable: true
+ type: array
+ required:
+ - realmName
+ type: object
+ status:
+ description: KeycloakRealmStatus defines the observed state of KeycloakRealm.
+ properties:
+ available:
+ type: boolean
+ failureCount:
+ format: int64
+ type: integer
+ value:
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: keycloakrealmcomponents.v1.edp.epam.com
+spec:
+ group: v1.edp.epam.com
+ names:
+ kind: KeycloakRealmComponent
+ listKind: KeycloakRealmComponentList
+ plural: keycloakrealmcomponents
+ singular: keycloakrealmcomponent
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Reconcilation status
+ jsonPath: .status.value
+ name: Status
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: KeycloakRealmComponent is the Schema for the keycloak component
+ API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KeycloakComponentSpec defines the desired state of KeycloakRealmComponent.
+ properties:
+ config:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: |-
+ Config is a map of component configuration.
+ Map key is a name of configuration property, map value is an array value of configuration properties.
+ Any configuration property can be a reference to k8s secret, in this case the property should be in format $secretName:secretKey.
+ example:
+ bindCredential: '["$clientSecret:secretKey"]'
+ bindDn: '["provider-client"]'
+ nullable: true
+ type: object
+ name:
+ description: Name of keycloak component.
+ type: string
+ parentRef:
+ description: |-
+ ParentRef specifies a parent resource.
+ If not specified, then parent is realm specified in realm field.
+ nullable: true
+ properties:
+ kind:
+ default: KeycloakRealm
+ description: Kind is a kind of parent component. By default, it
+ is KeycloakRealm.
+ enum:
+ - KeycloakRealm
+ - KeycloakRealmComponent
+ type: string
+ name:
+ description: |-
+ Name is a name of parent component custom resource.
+ For example, if Kind is KeycloakRealm, then Name is name of KeycloakRealm custom resource.
+ type: string
+ required:
+ - name
+ type: object
+ providerId:
+ description: ProviderID is a provider ID of component.
+ type: string
+ providerType:
+ description: ProviderType is a provider type of component.
+ type: string
+ realm:
+ description: |-
+ Deprecated: use RealmRef instead.
+ Realm is name of KeycloakRealm custom resource.
+ type: string
+ realmRef:
+ description: RealmRef is reference to Realm custom resource.
+ properties:
+ kind:
+ description: Kind specifies the kind of the Keycloak resource.
+ enum:
+ - KeycloakRealm
+ - ClusterKeycloakRealm
+ type: string
+ name:
+ description: Name specifies the name of the Keycloak resource.
+ type: string
+ type: object
+ required:
+ - name
+ - providerId
+ - providerType
+ type: object
+ status:
+ description: KeycloakComponentStatus defines the observed state of KeycloakRealmComponent.
+ properties:
+ failureCount:
+ format: int64
+ type: integer
+ value:
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: keycloakrealmgroups.v1.edp.epam.com
+spec:
+ group: v1.edp.epam.com
+ names:
+ kind: KeycloakRealmGroup
+ listKind: KeycloakRealmGroupList
+ plural: keycloakrealmgroups
+ singular: keycloakrealmgroup
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Reconcilation status
+ jsonPath: .status.value
+ name: Status
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: KeycloakRealmGroup is the Schema for the keycloak group API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KeycloakRealmGroupSpec defines the desired state of KeycloakRealmGroup.
+ properties:
+ access:
+ additionalProperties:
+ type: boolean
+ description: Access is a map of group access.
+ nullable: true
+ type: object
+ attributes:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Attributes is a map of group attributes.
+ nullable: true
+ type: object
+ clientRoles:
+ description: ClientRoles is a list of client roles assigned to group.
+ items:
+ properties:
+ clientId:
+ description: ClientID is a client ID.
+ type: string
+ roles:
+ description: Roles is a list of client roles names assigned
+ to service account.
+ items:
+ type: string
+ nullable: true
+ type: array
+ required:
+ - clientId
+ type: object
+ nullable: true
+ type: array
+ name:
+ description: Name of keycloak group.
+ type: string
+ path:
+ description: Path is a group path.
+ type: string
+ realm:
+ description: |-
+ Deprecated: use RealmRef instead.
+ Realm is name of KeycloakRealm custom resource.
+ type: string
+ realmRef:
+ description: RealmRef is reference to Realm custom resource.
+ properties:
+ kind:
+ description: Kind specifies the kind of the Keycloak resource.
+ enum:
+ - KeycloakRealm
+ - ClusterKeycloakRealm
+ type: string
+ name:
+ description: Name specifies the name of the Keycloak resource.
+ type: string
+ type: object
+ realmRoles:
+ description: RealmRoles is a list of realm roles assigned to group.
+ items:
+ type: string
+ nullable: true
+ type: array
+ subGroups:
+ description: SubGroups is a list of subgroups assigned to group.
+ items:
+ type: string
+ nullable: true
+ type: array
+ required:
+ - name
+ type: object
+ status:
+ description: KeycloakRealmGroupStatus defines the observed state of KeycloakRealmGroup.
+ properties:
+ failureCount:
+ format: int64
+ type: integer
+ id:
+ description: ID is a group ID.
+ type: string
+ value:
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: keycloakrealmidentityproviders.v1.edp.epam.com
+spec:
+ group: v1.edp.epam.com
+ names:
+ kind: KeycloakRealmIdentityProvider
+ listKind: KeycloakRealmIdentityProviderList
+ plural: keycloakrealmidentityproviders
+ singular: keycloakrealmidentityprovider
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Reconcilation status
+ jsonPath: .status.value
+ name: Status
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: KeycloakRealmIdentityProvider is the Schema for the keycloak
+ realm identity provider API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KeycloakRealmIdentityProviderSpec defines the desired state
+ of KeycloakRealmIdentityProvider.
+ properties:
+ addReadTokenRoleOnCreate:
+ description: AddReadTokenRoleOnCreate is a flag to add read token
+ role on create.
+ type: boolean
+ alias:
+ description: Alias is a alias of identity provider.
+ type: string
+ authenticateByDefault:
+ description: AuthenticateByDefault is a flag to authenticate by default.
+ type: boolean
+ config:
+ additionalProperties:
+ type: string
+ description: |-
+ Config is a map of identity provider configuration.
+ Map key is a name of configuration property, map value is a value of configuration property.
+ Any value can be a reference to k8s secret, in this case value should be in format $secretName:secretKey.
+ example:
+ clientId: provider-client
+ clientSecret: $clientSecret:secretKey
+ type: object
+ displayName:
+ description: DisplayName is a display name of identity provider.
+ type: string
+ enabled:
+ description: Enabled is a flag to enable/disable identity provider.
+ type: boolean
+ firstBrokerLoginFlowAlias:
+ description: FirstBrokerLoginFlowAlias is a first broker login flow
+ alias.
+ type: string
+ linkOnly:
+ description: LinkOnly is a flag to link only.
+ type: boolean
+ mappers:
+ description: Mappers is a list of identity provider mappers.
+ items:
+ properties:
+ config:
+ additionalProperties:
+ type: string
+ description: Config is a map of identity provider mapper configuration.
+ nullable: true
+ type: object
+ identityProviderAlias:
+ description: IdentityProviderAlias is a identity provider alias.
+ type: string
+ identityProviderMapper:
+ description: IdentityProviderMapper is a identity provider mapper.
+ type: string
+ name:
+ description: Name is a name of identity provider mapper.
+ type: string
+ type: object
+ nullable: true
+ type: array
+ providerId:
+ description: ProviderID is a provider ID of identity provider.
+ type: string
+ realm:
+ description: |-
+ Deprecated: use RealmRef instead.
+ Realm is name of KeycloakRealm custom resource.
+ type: string
+ realmRef:
+ description: RealmRef is reference to Realm custom resource.
+ properties:
+ kind:
+ description: Kind specifies the kind of the Keycloak resource.
+ enum:
+ - KeycloakRealm
+ - ClusterKeycloakRealm
+ type: string
+ name:
+ description: Name specifies the name of the Keycloak resource.
+ type: string
+ type: object
+ storeToken:
+ description: StoreToken is a flag to store token.
+ type: boolean
+ trustEmail:
+ description: TrustEmail is a flag to trust email.
+ type: boolean
+ required:
+ - alias
+ - config
+ - enabled
+ - providerId
+ type: object
+ status:
+ description: KeycloakRealmIdentityProviderStatus defines the observed
+ state of KeycloakRealmIdentityProvider.
+ properties:
+ failureCount:
+ format: int64
+ type: integer
+ value:
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: keycloakrealmroles.v1.edp.epam.com
+spec:
+ group: v1.edp.epam.com
+ names:
+ kind: KeycloakRealmRole
+ listKind: KeycloakRealmRoleList
+ plural: keycloakrealmroles
+ singular: keycloakrealmrole
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Reconcilation status
+ jsonPath: .status.value
+ name: Status
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: KeycloakRealmRole is the Schema for the keycloak group API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KeycloakRealmRoleSpec defines the desired state of KeycloakRealmRole.
+ properties:
+ attributes:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Attributes is a map of role attributes.
+ nullable: true
+ type: object
+ composite:
+ description: Composite is a flag if role is composite.
+ type: boolean
+ composites:
+ description: Composites is a list of composites roles assigned to
+ role.
+ items:
+ properties:
+ name:
+ description: Name is a name of composite role.
+ type: string
+ required:
+ - name
+ type: object
+ nullable: true
+ type: array
+ compositesClientRoles:
+ additionalProperties:
+ items:
+ properties:
+ name:
+ description: Name is a name of composite role.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ description: CompositesClientRoles is a map of composites client roles
+ assigned to role.
+ example:
+ client1:
+ - name: role1
+ - name: role2
+ client2:
+ name: role3
+ nullable: true
+ type: object
+ description:
+ description: Description is a role description.
+ type: string
+ isDefault:
+ description: IsDefault is a flag if role is default.
+ type: boolean
+ name:
+ description: Name of keycloak role.
+ type: string
+ realm:
+ description: |-
+ Deprecated: use RealmRef instead.
+ Realm is name of KeycloakRealm custom resource.
+ type: string
+ realmRef:
+ description: RealmRef is reference to Realm custom resource.
+ properties:
+ kind:
+ description: Kind specifies the kind of the Keycloak resource.
+ enum:
+ - KeycloakRealm
+ - ClusterKeycloakRealm
+ type: string
+ name:
+ description: Name specifies the name of the Keycloak resource.
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ status:
+ description: KeycloakRealmRoleStatus defines the observed state of KeycloakRealmRole.
+ properties:
+ failureCount:
+ format: int64
+ type: integer
+ id:
+ description: ID is a role ID.
+ type: string
+ value:
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: keycloakrealmrolebatches.v1.edp.epam.com
+spec:
+ group: v1.edp.epam.com
+ names:
+ kind: KeycloakRealmRoleBatch
+ listKind: KeycloakRealmRoleBatchList
+ plural: keycloakrealmrolebatches
+ singular: keycloakrealmrolebatch
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Reconcilation status
+ jsonPath: .status.value
+ name: Status
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: KeycloakRealmRoleBatch is the Schema for the keycloak roles API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KeycloakRealmRoleBatchSpec defines the desired state of KeycloakRealmRoleBatch.
+ properties:
+ realm:
+ description: |-
+ Deprecated: use RealmRef instead.
+ Realm is name of KeycloakRealm custom resource.
+ type: string
+ realmRef:
+ description: RealmRef is reference to Realm custom resource.
+ properties:
+ kind:
+ description: Kind specifies the kind of the Keycloak resource.
+ enum:
+ - KeycloakRealm
+ - ClusterKeycloakRealm
+ type: string
+ name:
+ description: Name specifies the name of the Keycloak resource.
+ type: string
+ type: object
+ roles:
+ description: Roles is a list of roles to be created.
+ items:
+ properties:
+ attributes:
+ additionalProperties:
+ items:
+ type: string
+ type: array
+ description: Attributes is a map of role attributes.
+ nullable: true
+ type: object
+ composite:
+ description: Composite is a flag if role is composite.
+ type: boolean
+ composites:
+ description: Composites is a list of composites roles assigned
+ to role.
+ items:
+ properties:
+ name:
+ description: Name is a name of composite role.
+ type: string
+ required:
+ - name
+ type: object
+ nullable: true
+ type: array
+ description:
+ description: Description is a role description.
+ type: string
+ isDefault:
+ description: IsDefault is a flag if role is default.
+ type: boolean
+ name:
+ description: Name of keycloak role.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ required:
+ - roles
+ type: object
+ status:
+ description: KeycloakRealmRoleBatchStatus defines the observed state of
+ KeycloakRealmRoleBatch.
+ properties:
+ failureCount:
+ format: int64
+ type: integer
+ value:
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: keycloakrealmusers.v1.edp.epam.com
+spec:
+ group: v1.edp.epam.com
+ names:
+ kind: KeycloakRealmUser
+ listKind: KeycloakRealmUserList
+ plural: keycloakrealmusers
+ singular: keycloakrealmuser
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Reconcilation status
+ jsonPath: .status.value
+ name: Status
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: KeycloakRealmUser is the Schema for the keycloak user API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KeycloakRealmUserSpec defines the desired state of KeycloakRealmUser.
+ properties:
+ attributes:
+ additionalProperties:
+ type: string
+ description: Attributes is a map of user attributes.
+ nullable: true
+ type: object
+ email:
+ description: Email is a user email.
+ type: string
+ emailVerified:
+ description: EmailVerified is a user email verified flag.
+ type: boolean
+ enabled:
+ description: Enabled is a user enabled flag.
+ type: boolean
+ firstName:
+ description: FirstName is a user first name.
+ type: string
+ groups:
+ description: Groups is a list of groups assigned to user.
+ items:
+ type: string
+ nullable: true
+ type: array
+ keepResource:
+ default: true
+ description: |-
+ KeepResource, when set to false, results in the deletion of the KeycloakRealmUser Custom Resource (CR)
+ from the cluster after the corresponding user is created in Keycloak. The user will continue to exist in Keycloak.
+ When set to true, the CR will not be deleted after processing.
+ type: boolean
+ lastName:
+ description: LastName is a user last name.
+ type: string
+ password:
+ description: Password is a user password. Allows to keep user password
+ within Custom Resource. For security concerns, it is recommended
+ to use PasswordSecret instead.
+ type: string
+ passwordSecret:
+ description: PasswordSecret defines Kubernetes secret Name and Key,
+ which holds User secret.
+ nullable: true
+ properties:
+ key:
+ description: Key is the key in the secret.
+ type: string
+ name:
+ description: Name is the name of the secret.
+ type: string
+ required:
+ - key
+ - name
+ type: object
+ realm:
+ description: |-
+ Deprecated: use RealmRef instead.
+ Realm is name of KeycloakRealm custom resource.
+ type: string
+ realmRef:
+ description: RealmRef is reference to Realm custom resource.
+ properties:
+ kind:
+ description: Kind specifies the kind of the Keycloak resource.
+ enum:
+ - KeycloakRealm
+ - ClusterKeycloakRealm
+ type: string
+ name:
+ description: Name specifies the name of the Keycloak resource.
+ type: string
+ type: object
+ reconciliationStrategy:
+ description: |-
+ ReconciliationStrategy is a strategy for reconciliation. Possible values: full, create-only.
+ Default value: full. If set to create-only, user will be created only if it does not exist. If user exists, it will not be updated.
+ If set to full, user will be created if it does not exist, or updated if it exists.
+ type: string
+ requiredUserActions:
+ description: 'RequiredUserActions is required action when user log
+ in, example: CONFIGURE_TOTP, UPDATE_PASSWORD, UPDATE_PROFILE, VERIFY_EMAIL.'
+ items:
+ type: string
+ nullable: true
+ type: array
+ roles:
+ description: Roles is a list of roles assigned to user.
+ items:
+ type: string
+ nullable: true
+ type: array
+ username:
+ description: Username is a username in keycloak.
+ type: string
+ required:
+ - username
+ type: object
+ status:
+ description: KeycloakRealmUserStatus defines the observed state of KeycloakRealmUser.
+ properties:
+ failureCount:
+ format: int64
+ type: integer
+ value:
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: clusterkeycloaks.v1.edp.epam.com
+spec:
+ group: v1.edp.epam.com
+ names:
+ kind: ClusterKeycloak
+ listKind: ClusterKeycloakList
+ plural: clusterkeycloaks
+ singular: clusterkeycloak
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - description: Is connected to keycloak
+ jsonPath: .status.connected
+ name: Connected
+ type: boolean
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ClusterKeycloak is the Schema for the clusterkeycloaks API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterKeycloakSpec defines the desired state of ClusterKeycloak.
+ properties:
+ adminType:
+ default: user
+ description: |-
+ AdminType can be user or serviceAccount, if serviceAccount was specified,
+ then client_credentials grant type should be used for getting admin realm token.
+ enum:
+ - serviceAccount
+ - user
+ type: string
+ caCert:
+ description: |-
+ CACert defines the root certificate authority
+ that api clients use when verifying server certificates.
+ Resources should be in the namespace defined in operator OPERATOR_NAMESPACE env.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret.
+ properties:
+ key:
+ description: The key of the secret to select from.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ insecureSkipVerify:
+ description: |-
+ InsecureSkipVerify controls whether api client verifies the server's
+ certificate chain and host name. If InsecureSkipVerify is true, api client
+ accepts any certificate presented by the server and any host name in that
+ certificate.
+ type: boolean
+ secret:
+ description: Secret is a secret name which contains admin credentials.
+ type: string
+ url:
+ description: URL of keycloak service.
+ type: string
+ required:
+ - secret
+ - url
+ type: object
+ status:
+ default:
+ connected: false
+ description: ClusterKeycloakStatus defines the observed state of ClusterKeycloak.
+ properties:
+ connected:
+ description: Connected shows if keycloak service is up and running.
+ type: boolean
+ required:
+ - connected
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ creationTimestamp: null
+ name: clusterkeycloakrealms.v1.edp.epam.com
+spec:
+ group: v1.edp.epam.com
+ names:
+ kind: ClusterKeycloakRealm
+ listKind: ClusterKeycloakRealmList
+ plural: clusterkeycloakrealms
+ singular: clusterkeycloakrealm
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - description: Keycloak realm is available
+ jsonPath: .status.available
+ name: Available
+ type: boolean
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ClusterKeycloakRealm is the Schema for the clusterkeycloakrealms
+ API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterKeycloakRealmSpec defines the desired state of ClusterKeycloakRealm.
+ properties:
+ authenticationFlows:
+ description: AuthenticationFlow is the configuration for authentication
+ flows in the realm.
+ nullable: true
+ properties:
+ browserFlow:
+ description: BrowserFlow specifies the authentication flow to
+ use for the realm's browser clients.
+ example: browser
+ type: string
+ type: object
+ browserSecurityHeaders:
+ additionalProperties:
+ type: string
+ description: BrowserSecurityHeaders is a map of security headers to
+ apply to HTTP responses from the realm's browser clients.
+ nullable: true
+ type: object
+ clusterKeycloakRef:
+ description: ClusterKeycloakRef is a name of the ClusterKeycloak instance
+ that owns the realm.
+ type: string
+ displayHtmlName:
+ description: DisplayHTMLName name to render in the UI.
+ type: string
+ displayName:
+ description: DisplayName is the display name of the realm.
+ type: string
+ frontendUrl:
+ description: |-
+ FrontendURL Set the frontend URL for the realm.
+ Use in combination with the default hostname provider to override the base URL for frontend requests for a specific realm.
+ type: string
+ localization:
+ description: Localization is the configuration for localization in
+ the realm.
+ nullable: true
+ properties:
+ internationalizationEnabled:
+ description: InternationalizationEnabled indicates whether to
+ enable internationalization.
+ nullable: true
+ type: boolean
+ type: object
+ passwordPolicy:
+ description: PasswordPolicies is a list of password policies to apply
+ to the realm.
+ items:
+ properties:
+ type:
+ description: Type of password policy.
+ type: string
+ value:
+ description: Value of password policy.
+ type: string
+ required:
+ - type
+ - value
+ type: object
+ nullable: true
+ type: array
+ realmEventConfig:
+ description: RealmEventConfig is the configuration for events in the
+ realm.
+ nullable: true
+ properties:
+ adminEventsDetailsEnabled:
+ description: AdminEventsDetailsEnabled indicates whether to enable
+ detailed admin events.
+ type: boolean
+ adminEventsEnabled:
+ description: AdminEventsEnabled indicates whether to enable admin
+ events.
+ type: boolean
+ enabledEventTypes:
+ description: EnabledEventTypes is a list of event types to enable.
+ items:
+ type: string
+ type: array
+ eventsEnabled:
+ description: EventsEnabled indicates whether to enable events.
+ type: boolean
+ eventsExpiration:
+ description: EventsExpiration is the number of seconds after which
+ events expire.
+ type: integer
+ eventsListeners:
+ description: EventsListeners is a list of event listeners to enable.
+ items:
+ type: string
+ type: array
+ type: object
+ realmName:
+ description: RealmName specifies the name of the realm.
+ type: string
+ themes:
+ description: Themes is a map of themes to apply to the realm.
+ nullable: true
+ properties:
+ accountTheme:
+ description: AccountTheme specifies the account theme to use for
+ the realm.
+ nullable: true
+ type: string
+ adminConsoleTheme:
+ description: AdminConsoleTheme specifies the admin console theme
+ to use for the realm.
+ nullable: true
+ type: string
+ emailTheme:
+ description: EmailTheme specifies the email theme to use for the
+ realm.
+ nullable: true
+ type: string
+ loginTheme:
+ description: LoginTheme specifies the login theme to use for the
+ realm.
+ nullable: true
+ type: string
+ type: object
+ tokenSettings:
+ description: TokenSettings is the configuration for tokens in the
+ realm.
+ nullable: true
+ properties:
+ accessCodeLifespan:
+ default: 60
+ description: |-
+ AccessCodeLifespan specifies max time(in seconds)a client has to finish the access token protocol.
+ This should normally be 1 minute.
+ type: integer
+ accessToken:
+ default: 900
+ description: AccessTokenLifespanForImplicitFlow specifies max
+ time(in seconds) before an access token is expired for implicit
+ flow.
+ type: integer
+ accessTokenLifespan:
+ default: 300
+ description: |-
+ AccessTokenLifespan specifies max time(in seconds) before an access token is expired.
+ This value is recommended to be short relative to the SSO timeout.
+ type: integer
+ actionTokenGeneratedByAdminLifespan:
+ default: 43200
+ description: |-
+ ActionTokenGeneratedByAdminLifespan specifies max time(in seconds) before an action permit sent to a user by administrator is expired.
+ This value is recommended to be long to allow administrators to send e-mails for users that are currently offline.
+ The default timeout can be overridden immediately before issuing the token.
+ type: integer
+ actionTokenGeneratedByUserLifespan:
+ default: 300
+ description: |-
+ AccessCodeLifespanUserAction specifies max time(in seconds) before an action permit sent by a user (such as a forgot password e-mail) is expired.
+ This value is recommended to be short because it's expected that the user would react to self-created action quickly.
+ type: integer
+ defaultSignatureAlgorithm:
+ default: RS256
+ description: DefaultSignatureAlgorithm specifies the default algorithm
+ used to sign tokens for the realm
+ enum:
+ - ES256
+ - ES384
+ - ES512
+ - EdDSA
+ - HS256
+ - HS384
+ - HS512
+ - PS256
+ - PS384
+ - PS512
+ - RS256
+ - RS384
+ - RS512
+ example: RS256
+ type: string
+ refreshTokenMaxReuse:
+ default: 0
+ description: |-
+ RefreshTokenMaxReuse specifies maximum number of times a refresh token can be reused.
+ When a different token is used, revocation is immediate.
+ type: integer
+ revokeRefreshToken:
+ default: false
+ description: |-
+ RevokeRefreshToken if enabled a refresh token can only be used up to 'refreshTokenMaxReuse' and
+ is revoked when a different token is used.
+ Otherwise, refresh tokens are not revoked when used and can be used multiple times.
+ type: boolean
+ type: object
+ required:
+ - clusterKeycloakRef
+ - realmName
+ type: object
+ status:
+ description: ClusterKeycloakRealmStatus defines the observed state of
+ ClusterKeycloakRealm.
+ properties:
+ available:
+ type: boolean
+ failureCount:
+ format: int64
+ type: integer
+ value:
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions:
+ - v1alpha1
+
+---
diff --git a/edp-keycloak-operator/kcl.mod b/edp-keycloak-operator/kcl.mod
new file mode 100644
index 00000000..969e4067
--- /dev/null
+++ b/edp-keycloak-operator/kcl.mod
@@ -0,0 +1,7 @@
+[package]
+name = "edp-keycloak-operator"
+edition = "v0.10.0"
+version = "v1.23.0"
+
+[dependencies]
+k8s = "1.31.2"
diff --git a/edp-keycloak-operator/kcl.mod.lock b/edp-keycloak-operator/kcl.mod.lock
new file mode 100644
index 00000000..7b4406f2
--- /dev/null
+++ b/edp-keycloak-operator/kcl.mod.lock
@@ -0,0 +1,5 @@
+[dependencies]
+ [dependencies.k8s]
+ name = "k8s"
+ full_name = "k8s_1.31.2"
+ version = "1.31.2"
diff --git a/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak.k b/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak.k
new file mode 100644
index 00000000..f1f219b3
--- /dev/null
+++ b/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak.k
@@ -0,0 +1,143 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema Keycloak:
+ r"""
+ Keycloak is the Schema for the keycloaks API.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "v1.edp.epam.com/v1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "Keycloak", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : V1EdpEpamComV1KeycloakSpec, default is Undefined, optional
+ spec
+ status : V1EdpEpamComV1KeycloakStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "v1.edp.epam.com/v1" = "v1.edp.epam.com/v1"
+
+ kind: "Keycloak" = "Keycloak"
+
+ metadata?: v1.ObjectMeta
+
+ spec?: V1EdpEpamComV1KeycloakSpec
+
+ status?: V1EdpEpamComV1KeycloakStatus
+
+
+schema V1EdpEpamComV1KeycloakSpec:
+ r"""
+ KeycloakSpec defines the desired state of Keycloak.
+
+ Attributes
+ ----------
+ adminType : str, default is Undefined, optional
+ AdminType can be user or serviceAccount, if serviceAccount was specified, then client_credentials grant type should be used for getting admin realm token.
+ caCert : V1EdpEpamComV1KeycloakSpecCaCert, default is Undefined, optional
+ ca cert
+ insecureSkipVerify : bool, default is Undefined, optional
+ InsecureSkipVerify controls whether api client verifies the server's
+ certificate chain and host name. If InsecureSkipVerify is true, api client
+ accepts any certificate presented by the server and any host name in that
+ certificate.
+ secret : str, default is Undefined, required
+ Secret is a secret name which contains admin credentials.
+ url : str, default is Undefined, required
+ URL of keycloak service.
+ """
+
+
+ adminType?: "serviceAccount" | "user"
+
+ caCert?: V1EdpEpamComV1KeycloakSpecCaCert
+
+ insecureSkipVerify?: bool
+
+ secret: str
+
+ url: str
+
+
+schema V1EdpEpamComV1KeycloakSpecCaCert:
+ r"""
+ CACert defines the root certificate authority
+ that api client use when verifying server certificates.
+
+ Attributes
+ ----------
+ configMapKeyRef : V1EdpEpamComV1KeycloakSpecCaCertConfigMapKeyRef, default is Undefined, optional
+ config map key ref
+ secretKeyRef : V1EdpEpamComV1KeycloakSpecCaCertSecretKeyRef, default is Undefined, optional
+ secret key ref
+ """
+
+
+ configMapKeyRef?: V1EdpEpamComV1KeycloakSpecCaCertConfigMapKeyRef
+
+ secretKeyRef?: V1EdpEpamComV1KeycloakSpecCaCertSecretKeyRef
+
+
+schema V1EdpEpamComV1KeycloakSpecCaCertConfigMapKeyRef:
+ r"""
+ Selects a key of a ConfigMap.
+
+ Attributes
+ ----------
+ key : str, default is Undefined, required
+ The key to select.
+ name : str, default is Undefined, optional
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ """
+
+
+ key: str
+
+ name?: str
+
+
+schema V1EdpEpamComV1KeycloakSpecCaCertSecretKeyRef:
+ r"""
+ Selects a key of a secret.
+
+ Attributes
+ ----------
+ key : str, default is Undefined, required
+ The key of the secret to select from.
+ name : str, default is Undefined, optional
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ """
+
+
+ key: str
+
+ name?: str
+
+
+schema V1EdpEpamComV1KeycloakStatus:
+ r"""
+ KeycloakStatus defines the observed state of Keycloak.
+
+ Attributes
+ ----------
+ connected : bool, default is Undefined, required
+ Connected shows if keycloak service is up and running.
+ """
+
+
+ connected: bool
+
+
diff --git a/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_auth_flow.k b/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_auth_flow.k
new file mode 100644
index 00000000..054c1ffc
--- /dev/null
+++ b/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_auth_flow.k
@@ -0,0 +1,180 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema KeycloakAuthFlow:
+ r"""
+ KeycloakAuthFlow is the Schema for the keycloak authentication flow API.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "v1.edp.epam.com/v1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "KeycloakAuthFlow", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : V1EdpEpamComV1KeycloakAuthFlowSpec, default is Undefined, optional
+ spec
+ status : V1EdpEpamComV1KeycloakAuthFlowStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "v1.edp.epam.com/v1" = "v1.edp.epam.com/v1"
+
+ kind: "KeycloakAuthFlow" = "KeycloakAuthFlow"
+
+ metadata?: v1.ObjectMeta
+
+ spec?: V1EdpEpamComV1KeycloakAuthFlowSpec
+
+ status?: V1EdpEpamComV1KeycloakAuthFlowStatus
+
+
+schema V1EdpEpamComV1KeycloakAuthFlowSpec:
+ r"""
+ KeycloakAuthFlowSpec defines the desired state of KeycloakAuthFlow.
+
+ Attributes
+ ----------
+ alias : str, default is Undefined, required
+ Alias is display name for authentication flow.
+ authenticationExecutions : [V1EdpEpamComV1KeycloakAuthFlowSpecAuthenticationExecutionsItems0], default is Undefined, optional
+ AuthenticationExecutions is list of authentication executions for this auth flow.
+ builtIn : bool, default is Undefined, required
+ BuiltIn is true if this is built-in auth flow.
+ childRequirement : str, default is Undefined, optional
+ ChildRequirement is requirement for child execution. Available options: REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL.
+ childType : str, default is Undefined, optional
+ ChildType is type for auth flow if it has a parent, available options: basic-flow, form-flow
+ description : str, default is Undefined, optional
+ Description is description for authentication flow.
+ parentName : str, default is Undefined, optional
+ ParentName is name of parent auth flow.
+ providerId : str, default is Undefined, required
+ ProviderID for root auth flow and provider for child auth flows.
+ realm : str, default is Undefined, optional
+ Deprecated: use RealmRef instead.
+ Realm is name of KeycloakRealm custom resource.
+ realmRef : V1EdpEpamComV1KeycloakAuthFlowSpecRealmRef, default is Undefined, optional
+ realm ref
+ topLevel : bool, default is Undefined, required
+ TopLevel is true if this is root auth flow.
+ """
+
+
+ alias: str
+
+ authenticationExecutions?: [V1EdpEpamComV1KeycloakAuthFlowSpecAuthenticationExecutionsItems0]
+
+ builtIn: bool
+
+ childRequirement?: str
+
+ childType?: str
+
+ description?: str
+
+ parentName?: str
+
+ providerId: str
+
+ realm?: str
+
+ realmRef?: V1EdpEpamComV1KeycloakAuthFlowSpecRealmRef
+
+ topLevel: bool
+
+
+schema V1EdpEpamComV1KeycloakAuthFlowSpecAuthenticationExecutionsItems0:
+ r"""
+ AuthenticationExecution defines keycloak authentication execution.
+
+ Attributes
+ ----------
+ alias : str, default is Undefined, optional
+ Alias is display name for this execution.
+ authenticator : str, default is Undefined, optional
+ Authenticator is name of authenticator.
+ authenticatorConfig : V1EdpEpamComV1KeycloakAuthFlowSpecAuthenticationExecutionsItems0AuthenticatorConfig, default is Undefined, optional
+ authenticator config
+ authenticatorFlow : bool, default is Undefined, optional
+ AuthenticatorFlow is true if this is auth flow.
+ priority : int, default is Undefined, optional
+ Priority is priority for this execution. Lower values have higher priority.
+ requirement : str, default is Undefined, optional
+ Requirement is requirement for this execution. Available options: REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL.
+ """
+
+
+ alias?: str
+
+ authenticator?: str
+
+ authenticatorConfig?: V1EdpEpamComV1KeycloakAuthFlowSpecAuthenticationExecutionsItems0AuthenticatorConfig
+
+ authenticatorFlow?: bool
+
+ priority?: int
+
+ requirement?: str
+
+
+schema V1EdpEpamComV1KeycloakAuthFlowSpecAuthenticationExecutionsItems0AuthenticatorConfig:
+ r"""
+ AuthenticatorConfig is configuration for authenticator.
+
+ Attributes
+ ----------
+ alias : str, default is Undefined, optional
+ Alias is display name for authenticator config.
+ config : {str:str}, default is Undefined, optional
+ Config is configuration for authenticator.
+ """
+
+
+ alias?: str
+
+ config?: {str:str}
+
+
+schema V1EdpEpamComV1KeycloakAuthFlowSpecRealmRef:
+ r"""
+ RealmRef is reference to Realm custom resource.
+
+ Attributes
+ ----------
+ kind : str, default is Undefined, optional
+ Kind specifies the kind of the Keycloak resource.
+ name : str, default is Undefined, optional
+ Name specifies the name of the Keycloak resource.
+ """
+
+
+ kind?: "KeycloakRealm" | "ClusterKeycloakRealm"
+
+ name?: str
+
+
+schema V1EdpEpamComV1KeycloakAuthFlowStatus:
+ r"""
+ KeycloakAuthFlowStatus defines the observed state of KeycloakAuthFlow.
+
+ Attributes
+ ----------
+ failureCount : int, default is Undefined, optional
+ failure count
+ value : str, default is Undefined, optional
+ value
+ """
+
+
+ failureCount?: int
+
+ value?: str
+
+
diff --git a/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_client.k b/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_client.k
new file mode 100644
index 00000000..6044706f
--- /dev/null
+++ b/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_client.k
@@ -0,0 +1,610 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema KeycloakClient:
+ r"""
+ KeycloakClient is the Schema for the keycloak clients API.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "v1.edp.epam.com/v1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "KeycloakClient", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : V1EdpEpamComV1KeycloakClientSpec, default is Undefined, optional
+ spec
+ status : V1EdpEpamComV1KeycloakClientStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "v1.edp.epam.com/v1" = "v1.edp.epam.com/v1"
+
+ kind: "KeycloakClient" = "KeycloakClient"
+
+ metadata?: v1.ObjectMeta
+
+ spec?: V1EdpEpamComV1KeycloakClientSpec
+
+ status?: V1EdpEpamComV1KeycloakClientStatus
+
+
+schema V1EdpEpamComV1KeycloakClientSpec:
+ r"""
+ KeycloakClientSpec defines the desired state of KeycloakClient.
+
+ Attributes
+ ----------
+ advancedProtocolMappers : bool, default is Undefined, optional
+ AdvancedProtocolMappers is a flag to enable advanced protocol mappers.
+ attributes : {str:str}, default is {"post.logout.redirect.uris": "+"}, optional
+ Attributes is a map of client attributes.
+ authorization : V1EdpEpamComV1KeycloakClientSpecAuthorization, default is Undefined, optional
+ authorization
+ authorizationServicesEnabled : bool, default is Undefined, optional
+ ServiceAccountsEnabled enable/disable fine-grained authorization support for a client.
+ bearerOnly : bool, default is Undefined, optional
+ BearerOnly is a flag to enable bearer-only.
+ clientAuthenticatorType : str, default is "client-secret", optional
+ ClientAuthenticatorType is a client authenticator type.
+ clientId : str, default is Undefined, required
+ ClientId is a unique keycloak client ID referenced in URI and tokens.
+ clientRoles : [str], default is Undefined, optional
+ ClientRoles is a list of client roles names assigned to client.
+ consentRequired : bool, default is Undefined, optional
+ ConsentRequired is a flag to enable consent.
+ defaultClientScopes : [str], default is Undefined, optional
+ DefaultClientScopes is a list of default client scopes assigned to client.
+ description : str, default is Undefined, optional
+ Description is a client description.
+ directAccess : bool, default is Undefined, optional
+ DirectAccess is a flag to set client as direct access.
+ enabled : bool, default is True, optional
+ Enabled is a flag to enable client.
+ frontChannelLogout : bool, default is Undefined, optional
+ FrontChannelLogout is a flag to enable front channel logout.
+ fullScopeAllowed : bool, default is True, optional
+ FullScopeAllowed is a flag to enable full scope.
+ implicitFlowEnabled : bool, default is Undefined, optional
+ ImplicitFlowEnabled is a flag to enable support for OpenID Connect redirect based authentication without authorization code.
+ name : str, default is Undefined, optional
+ Name is a client name.
+ optionalClientScopes : [str], default is Undefined, optional
+ OptionalClientScopes is a list of optional client scopes assigned to client.
+ $protocol : str, default is Undefined, optional
+ Protocol is a client protocol.
+ protocolMappers : [V1EdpEpamComV1KeycloakClientSpecProtocolMappersItems0], default is Undefined, optional
+ ProtocolMappers is a list of protocol mappers assigned to client.
+ public : bool, default is Undefined, optional
+ Public is a flag to set client as public.
+ realmRef : V1EdpEpamComV1KeycloakClientSpecRealmRef, default is Undefined, optional
+ realm ref
+ realmRoles : [V1EdpEpamComV1KeycloakClientSpecRealmRolesItems0], default is Undefined, optional
+ RealmRoles is a list of realm roles assigned to client.
+ reconciliationStrategy : str, default is Undefined, optional
+ ReconciliationStrategy is a strategy to reconcile client.
+ redirectUris : [str], default is Undefined, optional
+ RedirectUris is a list of valid URI pattern a browser can redirect to after a successful login.
+ Simple wildcards are allowed such as 'https://example.com/*'.
+ Relative path can be specified too, such as /my/relative/path/*. Relative paths are relative to the client root URL.
+ If not specified, spec.webUrl + "/*" will be used.
+ secret : str, default is Undefined, optional
+ Secret is kubernetes secret name where the client's secret will be stored.
+ Secret should have the following format: $secretName:secretKey.
+ If not specified, a client secret will be generated and stored in a secret with the name keycloak-client-{metadata.name}-secret.
+ If keycloak client is public, secret property will be ignored.
+ serviceAccount : V1EdpEpamComV1KeycloakClientSpecServiceAccount, default is Undefined, optional
+ service account
+ standardFlowEnabled : bool, default is True, optional
+ StandardFlowEnabled is a flag to enable standard flow.
+ surrogateAuthRequired : bool, default is Undefined, optional
+ SurrogateAuthRequired is a flag to enable surrogate auth.
+ targetRealm : str, default is Undefined, optional
+ Deprecated: use RealmRef instead.
+ TargetRealm is a realm name where client will be created.
+ It has higher priority than RealmRef for backward compatibility.
+ If both TargetRealm and RealmRef are specified, TargetRealm will be used for client creation.
+ webOrigins : [str], default is Undefined, optional
+ WebOrigins is a list of allowed CORS origins.
+ To permit all origins of Valid Redirect URIs, add '+'. This does not include the '*' wildcard though.
+ To permit all origins, explicitly add '*'.
+ If not specified, the value from `WebUrl` is used
+ webUrl : str, default is Undefined, optional
+ WebUrl is a client web url.
+ """
+
+
+ advancedProtocolMappers?: bool
+
+ attributes?: {str:str} = {"post.logout.redirect.uris": "+"}
+
+ authorization?: V1EdpEpamComV1KeycloakClientSpecAuthorization
+
+ authorizationServicesEnabled?: bool
+
+ bearerOnly?: bool
+
+ clientAuthenticatorType?: str = "client-secret"
+
+ clientId: str
+
+ clientRoles?: [str]
+
+ consentRequired?: bool
+
+ defaultClientScopes?: [str]
+
+ description?: str
+
+ directAccess?: bool
+
+ enabled?: bool = True
+
+ frontChannelLogout?: bool
+
+ fullScopeAllowed?: bool = True
+
+ implicitFlowEnabled?: bool
+
+ name?: str
+
+ optionalClientScopes?: [str]
+
+ $protocol?: str
+
+ protocolMappers?: [V1EdpEpamComV1KeycloakClientSpecProtocolMappersItems0]
+
+ public?: bool
+
+ realmRef?: V1EdpEpamComV1KeycloakClientSpecRealmRef
+
+ realmRoles?: [V1EdpEpamComV1KeycloakClientSpecRealmRolesItems0]
+
+ reconciliationStrategy?: "full" | "addOnly"
+
+ redirectUris?: [str]
+
+ secret?: str
+
+ serviceAccount?: V1EdpEpamComV1KeycloakClientSpecServiceAccount
+
+ standardFlowEnabled?: bool = True
+
+ surrogateAuthRequired?: bool
+
+ targetRealm?: str
+
+ webOrigins?: [str]
+
+ webUrl?: str
+
+
+schema V1EdpEpamComV1KeycloakClientSpecAuthorization:
+ r"""
+ Authorization is a client authorization configuration.
+
+ Attributes
+ ----------
+ permissions : [V1EdpEpamComV1KeycloakClientSpecAuthorizationPermissionsItems0], default is Undefined, optional
+ permissions
+ policies : [V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0], default is Undefined, optional
+ policies
+ scopes : [str], default is Undefined, optional
+ scopes
+ """
+
+
+ permissions?: [V1EdpEpamComV1KeycloakClientSpecAuthorizationPermissionsItems0]
+
+ policies?: [V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0]
+
+ scopes?: [str]
+
+
+schema V1EdpEpamComV1KeycloakClientSpecAuthorizationPermissionsItems0:
+ r"""
+ v1 edp epam com v1 keycloak client spec authorization permissions items0
+
+ Attributes
+ ----------
+ decisionStrategy : str, default is "UNANIMOUS", optional
+ DecisionStrategy is a permission decision strategy.
+ description : str, default is Undefined, optional
+ Description is a permission description.
+ logic : str, default is "POSITIVE", optional
+ Logic is a permission logic.
+ name : str, default is Undefined, required
+ Name is a permission name.
+ policies : [str], default is Undefined, optional
+ Policies is a list of policies names.
+ Specifies all the policies that must be applied to the scopes defined by this policy or permission.
+ resources : [str], default is Undefined, optional
+ Resources is a list of resources names.
+ Specifies that this permission must be applied to all resource instances of a given type.
+ scopes : [str], default is Undefined, optional
+ Scopes is a list of authorization scopes names.
+ Specifies that this permission must be applied to one or more scopes.
+ $type : str, default is Undefined, required
+ Type is a permission type.
+ """
+
+
+ decisionStrategy?: "UNANIMOUS" | "AFFIRMATIVE" | "CONSENSUS" = "UNANIMOUS"
+
+ description?: str
+
+ logic?: "POSITIVE" | "NEGATIVE" = "POSITIVE"
+
+ name: str
+
+ policies?: [str]
+
+ resources?: [str]
+
+ scopes?: [str]
+
+ $type: "resource" | "scope"
+
+
+schema V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0:
+ r"""
+ Policy represents a client authorization policy.
+
+ Attributes
+ ----------
+ aggregatedPolicy : V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0AggregatedPolicy, default is Undefined, optional
+ aggregated policy
+ clientPolicy : V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0ClientPolicy, default is Undefined, optional
+ client policy
+ decisionStrategy : str, default is "UNANIMOUS", optional
+ DecisionStrategy is a policy decision strategy.
+ description : str, default is Undefined, optional
+ Description is a policy description.
+ groupPolicy : V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0GroupPolicy, default is Undefined, optional
+ group policy
+ logic : str, default is "POSITIVE", optional
+ Logic is a policy logic.
+ name : str, default is Undefined, required
+ Name is a policy name.
+ rolePolicy : V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0RolePolicy, default is Undefined, optional
+ role policy
+ timePolicy : V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0TimePolicy, default is Undefined, optional
+ time policy
+ $type : str, default is Undefined, required
+ Type is a policy type.
+ userPolicy : V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0UserPolicy, default is Undefined, optional
+ user policy
+ """
+
+
+ aggregatedPolicy?: V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0AggregatedPolicy
+
+ clientPolicy?: V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0ClientPolicy
+
+ decisionStrategy?: "UNANIMOUS" | "AFFIRMATIVE" | "CONSENSUS" = "UNANIMOUS"
+
+ description?: str
+
+ groupPolicy?: V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0GroupPolicy
+
+ logic?: "POSITIVE" | "NEGATIVE" = "POSITIVE"
+
+ name: str
+
+ rolePolicy?: V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0RolePolicy
+
+ timePolicy?: V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0TimePolicy
+
+ $type: "aggregate" | "client" | "group" | "role" | "time" | "user"
+
+ userPolicy?: V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0UserPolicy
+
+
+schema V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0AggregatedPolicy:
+ r"""
+ AggregatedPolicy is an aggregated policy settings.
+
+ Attributes
+ ----------
+ policies : [str], default is Undefined, required
+ Policies is a list of aggregated policies names.
+ Specifies all the policies that must be applied to the scopes defined by this policy or permission.
+ """
+
+
+ policies: [str]
+
+
+schema V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0ClientPolicy:
+ r"""
+ ClientPolicy is a client policy settings.
+
+ Attributes
+ ----------
+ clients : [str], default is Undefined, required
+ Clients is a list of client names. Specifies which client(s) are allowed by this policy.
+ """
+
+
+ clients: [str]
+
+
+schema V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0GroupPolicy:
+ r"""
+ GroupPolicy is a group policy settings.
+
+ Attributes
+ ----------
+ groups : [V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0GroupPolicyGroupsItems0], default is Undefined, optional
+ Groups is a list of group names. Specifies which group(s) are allowed by this policy.
+ groupsClaim : str, default is Undefined, optional
+ GroupsClaim is a group claim.
+ If defined, the policy will fetch user's groups from the given claim
+ within an access token or ID token representing the identity asking permissions.
+ If not defined, user's groups are obtained from your realm configuration.
+ """
+
+
+ groups?: [V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0GroupPolicyGroupsItems0]
+
+ groupsClaim?: str
+
+
+schema V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0GroupPolicyGroupsItems0:
+ r"""
+ GroupDefinition represents a group in a GroupPolicyData.
+
+ Attributes
+ ----------
+ extendChildren : bool, default is Undefined, optional
+ ExtendChildren is a flag that specifies whether to extend children.
+ name : str, default is Undefined, required
+ Name is a group name.
+ """
+
+
+ extendChildren?: bool
+
+ name: str
+
+
+schema V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0RolePolicy:
+ r"""
+ RolePolicy is a role policy settings.
+
+ Attributes
+ ----------
+ roles : [V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0RolePolicyRolesItems0], default is Undefined, required
+ Roles is a list of role.
+ """
+
+
+ roles: [V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0RolePolicyRolesItems0]
+
+
+schema V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0RolePolicyRolesItems0:
+ r"""
+ RoleDefinition represents a role in a RolePolicyData.
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name is a role name.
+ required : bool, default is Undefined, optional
+ Required is a flag that specifies whether the role is required.
+ """
+
+
+ name: str
+
+ required?: bool
+
+
+schema V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0TimePolicy:
+ r"""
+ ScopePolicy is a scope policy settings.
+
+ Attributes
+ ----------
+ dayMonth : str, default is Undefined, optional
+ Day defines the month which the policy MUST be granted.
+ You can also provide a range by filling the dayMonthEnd field.
+ In this case, permission is granted only if current month is between or equal to the two values you provided.
+ dayMonthEnd : str, default is Undefined, optional
+ day month end
+ hour : str, default is Undefined, optional
+ Hour defines the hour when the policy MUST be granted.
+ You can also provide a range by filling the hourEnd.
+ In this case, permission is granted only if current hour is between or equal to the two values you provided.
+ hourEnd : str, default is Undefined, optional
+ hour end
+ minute : str, default is Undefined, optional
+ Minute defines the minute when the policy MUST be granted.
+ You can also provide a range by filling the minuteEnd field.
+ In this case, permission is granted only if current minute is between or equal to the two values you provided.
+ minuteEnd : str, default is Undefined, optional
+ minute end
+ month : str, default is Undefined, optional
+ Month defines the month which the policy MUST be granted.
+ You can also provide a range by filling the monthEnd.
+ In this case, permission is granted only if current month is between or equal to the two values you provided.
+ monthEnd : str, default is Undefined, optional
+ month end
+ notBefore : str, default is Undefined, required
+ NotBefore defines the time before which the policy MUST NOT be granted.
+ Only granted if current date/time is after or equal to this value.
+ notOnOrAfter : str, default is Undefined, required
+ NotOnOrAfter defines the time after which the policy MUST NOT be granted.
+ Only granted if current date/time is before or equal to this value.
+ """
+
+
+ dayMonth?: str
+
+ dayMonthEnd?: str
+
+ hour?: str
+
+ hourEnd?: str
+
+ minute?: str
+
+ minuteEnd?: str
+
+ month?: str
+
+ monthEnd?: str
+
+ notBefore: str
+
+ notOnOrAfter: str
+
+
+schema V1EdpEpamComV1KeycloakClientSpecAuthorizationPoliciesItems0UserPolicy:
+ r"""
+ UserPolicy is a user policy settings.
+
+ Attributes
+ ----------
+ users : [str], default is Undefined, required
+ Users is a list of usernames. Specifies which user(s) are allowed by this policy.
+ """
+
+
+ users: [str]
+
+
+schema V1EdpEpamComV1KeycloakClientSpecProtocolMappersItems0:
+ r"""
+ v1 edp epam com v1 keycloak client spec protocol mappers items0
+
+ Attributes
+ ----------
+ config : {str:str}, default is Undefined, optional
+ Config is a map of protocol mapper configuration.
+ name : str, default is Undefined, optional
+ Name is a protocol mapper name.
+ $protocol : str, default is Undefined, optional
+ Protocol is a protocol name.
+ protocolMapper : str, default is Undefined, optional
+ ProtocolMapper is a protocol mapper name.
+ """
+
+
+ config?: {str:str}
+
+ name?: str
+
+ $protocol?: str
+
+ protocolMapper?: str
+
+
+schema V1EdpEpamComV1KeycloakClientSpecRealmRef:
+ r"""
+ RealmRef is reference to Realm custom resource.
+
+ Attributes
+ ----------
+ kind : str, default is Undefined, optional
+ Kind specifies the kind of the Keycloak resource.
+ name : str, default is Undefined, optional
+ Name specifies the name of the Keycloak resource.
+ """
+
+
+ kind?: "KeycloakRealm" | "ClusterKeycloakRealm"
+
+ name?: str
+
+
+schema V1EdpEpamComV1KeycloakClientSpecRealmRolesItems0:
+ r"""
+ v1 edp epam com v1 keycloak client spec realm roles items0
+
+ Attributes
+ ----------
+ composite : str, default is Undefined, required
+ Composite is a realm composite role name.
+ name : str, default is Undefined, optional
+ Name is a realm role name.
+ """
+
+
+ composite: str
+
+ name?: str
+
+
+schema V1EdpEpamComV1KeycloakClientSpecServiceAccount:
+ r"""
+ ServiceAccount is a service account configuration.
+
+ Attributes
+ ----------
+ attributes : {str:str}, default is Undefined, optional
+ Attributes is a map of service account attributes.
+ clientRoles : [V1EdpEpamComV1KeycloakClientSpecServiceAccountClientRolesItems0], default is Undefined, optional
+ ClientRoles is a list of client roles assigned to service account.
+ enabled : bool, default is Undefined, optional
+ Enabled is a flag to enable service account.
+ realmRoles : [str], default is Undefined, optional
+ RealmRoles is a list of realm roles assigned to service account.
+ """
+
+
+ attributes?: {str:str}
+
+ clientRoles?: [V1EdpEpamComV1KeycloakClientSpecServiceAccountClientRolesItems0]
+
+ enabled?: bool
+
+ realmRoles?: [str]
+
+
+schema V1EdpEpamComV1KeycloakClientSpecServiceAccountClientRolesItems0:
+ r"""
+ v1 edp epam com v1 keycloak client spec service account client roles items0
+
+ Attributes
+ ----------
+ clientId : str, default is Undefined, required
+ ClientID is a client ID.
+ roles : [str], default is Undefined, optional
+ Roles is a list of client roles names assigned to service account.
+ """
+
+
+ clientId: str
+
+ roles?: [str]
+
+
+schema V1EdpEpamComV1KeycloakClientStatus:
+ r"""
+ KeycloakClientStatus defines the observed state of KeycloakClient.
+
+ Attributes
+ ----------
+ clientId : str, default is Undefined, optional
+ client Id
+ failureCount : int, default is Undefined, optional
+ failure count
+ value : str, default is Undefined, optional
+ value
+ """
+
+
+ clientId?: str
+
+ failureCount?: int
+
+ value?: str
+
+
diff --git a/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_client_scope.k b/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_client_scope.k
new file mode 100644
index 00000000..46ebea6f
--- /dev/null
+++ b/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_client_scope.k
@@ -0,0 +1,146 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema KeycloakClientScope:
+ r"""
+ KeycloakClientScope is the Schema for the keycloakclientscopes API.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "v1.edp.epam.com/v1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "KeycloakClientScope", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : V1EdpEpamComV1KeycloakClientScopeSpec, default is Undefined, optional
+ spec
+ status : V1EdpEpamComV1KeycloakClientScopeStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "v1.edp.epam.com/v1" = "v1.edp.epam.com/v1"
+
+ kind: "KeycloakClientScope" = "KeycloakClientScope"
+
+ metadata?: v1.ObjectMeta
+
+ spec?: V1EdpEpamComV1KeycloakClientScopeSpec
+
+ status?: V1EdpEpamComV1KeycloakClientScopeStatus
+
+
+schema V1EdpEpamComV1KeycloakClientScopeSpec:
+ r"""
+ KeycloakClientScopeSpec defines the desired state of KeycloakClientScope.
+
+ Attributes
+ ----------
+ attributes : {str:str}, default is Undefined, optional
+ Attributes is a map of client scope attributes.
+ default : bool, default is Undefined, optional
+ Default is a flag to set client scope as default.
+ description : str, default is Undefined, optional
+ Description is a description of client scope.
+ name : str, default is Undefined, required
+ Name of keycloak client scope.
+ $protocol : str, default is Undefined, required
+ Protocol is SSO protocol configuration which is being supplied by this client scope.
+ protocolMappers : [V1EdpEpamComV1KeycloakClientScopeSpecProtocolMappersItems0], default is Undefined, optional
+ ProtocolMappers is a list of protocol mappers assigned to client scope.
+ realm : str, default is Undefined, optional
+ Deprecated: use RealmRef instead.
+ Realm is name of KeycloakRealm custom resource.
+ realmRef : V1EdpEpamComV1KeycloakClientScopeSpecRealmRef, default is Undefined, optional
+ realm ref
+ """
+
+
+ attributes?: {str:str}
+
+ default?: bool
+
+ description?: str
+
+ name: str
+
+ $protocol: str
+
+ protocolMappers?: [V1EdpEpamComV1KeycloakClientScopeSpecProtocolMappersItems0]
+
+ realm?: str
+
+ realmRef?: V1EdpEpamComV1KeycloakClientScopeSpecRealmRef
+
+
+schema V1EdpEpamComV1KeycloakClientScopeSpecProtocolMappersItems0:
+ r"""
+ v1 edp epam com v1 keycloak client scope spec protocol mappers items0
+
+ Attributes
+ ----------
+ config : {str:str}, default is Undefined, optional
+ Config is a map of protocol mapper configuration.
+ name : str, default is Undefined, optional
+ Name is a protocol mapper name.
+ $protocol : str, default is Undefined, optional
+ Protocol is a protocol name.
+ protocolMapper : str, default is Undefined, optional
+ ProtocolMapper is a protocol mapper name.
+ """
+
+
+ config?: {str:str}
+
+ name?: str
+
+ $protocol?: str
+
+ protocolMapper?: str
+
+
+schema V1EdpEpamComV1KeycloakClientScopeSpecRealmRef:
+ r"""
+ RealmRef is reference to Realm custom resource.
+
+ Attributes
+ ----------
+ kind : str, default is Undefined, optional
+ Kind specifies the kind of the Keycloak resource.
+ name : str, default is Undefined, optional
+ Name specifies the name of the Keycloak resource.
+ """
+
+
+ kind?: "KeycloakRealm" | "ClusterKeycloakRealm"
+
+ name?: str
+
+
+schema V1EdpEpamComV1KeycloakClientScopeStatus:
+ r"""
+ KeycloakClientScopeStatus defines the observed state of KeycloakClientScope.
+
+ Attributes
+ ----------
+ failureCount : int, default is Undefined, optional
+ failure count
+ id : str, default is Undefined, optional
+ id
+ value : str, default is Undefined, optional
+ value
+ """
+
+
+ failureCount?: int
+
+ id?: str
+
+ value?: str
+
+
diff --git a/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm.k b/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm.k
new file mode 100644
index 00000000..089163ab
--- /dev/null
+++ b/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm.k
@@ -0,0 +1,294 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema KeycloakRealm:
+ r"""
+ KeycloakRealm is the Schema for the keycloak realms API.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "v1.edp.epam.com/v1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "KeycloakRealm", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : V1EdpEpamComV1KeycloakRealmSpec, default is Undefined, optional
+ spec
+ status : V1EdpEpamComV1KeycloakRealmStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "v1.edp.epam.com/v1" = "v1.edp.epam.com/v1"
+
+ kind: "KeycloakRealm" = "KeycloakRealm"
+
+ metadata?: v1.ObjectMeta
+
+ spec?: V1EdpEpamComV1KeycloakRealmSpec
+
+ status?: V1EdpEpamComV1KeycloakRealmStatus
+
+
+schema V1EdpEpamComV1KeycloakRealmSpec:
+ r"""
+ KeycloakRealmSpec defines the desired state of KeycloakRealm.
+
+ Attributes
+ ----------
+ browserFlow : str, default is Undefined, optional
+ BrowserFlow specifies the authentication flow to use for the realm's browser clients.
+ browserSecurityHeaders : {str:str}, default is Undefined, optional
+ BrowserSecurityHeaders is a map of security headers to apply to HTTP responses from the realm's browser clients.
+ displayHtmlName : str, default is Undefined, optional
+ DisplayHTMLName name to render in the UI
+ displayName : str, default is Undefined, optional
+ DisplayName is the display name of the realm.
+ frontendUrl : str, default is Undefined, optional
+ FrontendURL Set the frontend URL for the realm. Use in combination with the default hostname provider to override the base URL for frontend requests for a specific realm.
+ id : str, default is Undefined, optional
+ ID is the ID of the realm.
+ keycloakOwner : str, default is Undefined, optional
+ Deprecated: use KeycloakRef instead.
+ KeycloakOwner specifies the name of the Keycloak instance that owns the realm.
+ keycloakRef : V1EdpEpamComV1KeycloakRealmSpecKeycloakRef, default is Undefined, optional
+ keycloak ref
+ passwordPolicy : [V1EdpEpamComV1KeycloakRealmSpecPasswordPolicyItems0], default is Undefined, optional
+ PasswordPolicies is a list of password policies to apply to the realm.
+ realmEventConfig : V1EdpEpamComV1KeycloakRealmSpecRealmEventConfig, default is Undefined, optional
+ realm event config
+ realmName : str, default is Undefined, required
+ RealmName specifies the name of the realm.
+ themes : V1EdpEpamComV1KeycloakRealmSpecThemes, default is Undefined, optional
+ themes
+ tokenSettings : V1EdpEpamComV1KeycloakRealmSpecTokenSettings, default is Undefined, optional
+ token settings
+ users : [V1EdpEpamComV1KeycloakRealmSpecUsersItems0], default is Undefined, optional
+ Users is a list of users to create in the realm.
+ """
+
+
+ browserFlow?: str
+
+ browserSecurityHeaders?: {str:str}
+
+ displayHtmlName?: str
+
+ displayName?: str
+
+ frontendUrl?: str
+
+ id?: str
+
+ keycloakOwner?: str
+
+ keycloakRef?: V1EdpEpamComV1KeycloakRealmSpecKeycloakRef
+
+ passwordPolicy?: [V1EdpEpamComV1KeycloakRealmSpecPasswordPolicyItems0]
+
+ realmEventConfig?: V1EdpEpamComV1KeycloakRealmSpecRealmEventConfig
+
+ realmName: str
+
+ themes?: V1EdpEpamComV1KeycloakRealmSpecThemes
+
+ tokenSettings?: V1EdpEpamComV1KeycloakRealmSpecTokenSettings
+
+ users?: [V1EdpEpamComV1KeycloakRealmSpecUsersItems0]
+
+
+schema V1EdpEpamComV1KeycloakRealmSpecKeycloakRef:
+ r"""
+ KeycloakRef is reference to Keycloak custom resource.
+
+ Attributes
+ ----------
+ kind : str, default is Undefined, optional
+ Kind specifies the kind of the Keycloak resource.
+ name : str, default is Undefined, optional
+ Name specifies the name of the Keycloak resource.
+ """
+
+
+ kind?: "Keycloak" | "ClusterKeycloak"
+
+ name?: str
+
+
+schema V1EdpEpamComV1KeycloakRealmSpecPasswordPolicyItems0:
+ r"""
+ v1 edp epam com v1 keycloak realm spec password policy items0
+
+ Attributes
+ ----------
+ $type : str, default is Undefined, required
+ Type of password policy.
+ value : str, default is Undefined, required
+ Value of password policy.
+ """
+
+
+ $type: str
+
+ value: str
+
+
+schema V1EdpEpamComV1KeycloakRealmSpecRealmEventConfig:
+ r"""
+ RealmEventConfig is the configuration for events in the realm.
+
+ Attributes
+ ----------
+ adminEventsDetailsEnabled : bool, default is Undefined, optional
+ AdminEventsDetailsEnabled indicates whether to enable detailed admin events.
+ adminEventsEnabled : bool, default is Undefined, optional
+ AdminEventsEnabled indicates whether to enable admin events.
+ enabledEventTypes : [str], default is Undefined, optional
+ EnabledEventTypes is a list of event types to enable.
+ eventsEnabled : bool, default is Undefined, optional
+ EventsEnabled indicates whether to enable events.
+ eventsExpiration : int, default is Undefined, optional
+ EventsExpiration is the number of seconds after which events expire.
+ eventsListeners : [str], default is Undefined, optional
+ EventsListeners is a list of event listeners to enable.
+ """
+
+
+ adminEventsDetailsEnabled?: bool
+
+ adminEventsEnabled?: bool
+
+ enabledEventTypes?: [str]
+
+ eventsEnabled?: bool
+
+ eventsExpiration?: int
+
+ eventsListeners?: [str]
+
+
+schema V1EdpEpamComV1KeycloakRealmSpecThemes:
+ r"""
+ Themes is a map of themes to apply to the realm.
+
+ Attributes
+ ----------
+ accountTheme : str, default is Undefined, optional
+ AccountTheme specifies the account theme to use for the realm.
+ adminConsoleTheme : str, default is Undefined, optional
+ AdminConsoleTheme specifies the admin console theme to use for the realm.
+ emailTheme : str, default is Undefined, optional
+ EmailTheme specifies the email theme to use for the realm.
+ internationalizationEnabled : bool, default is Undefined, optional
+ InternationalizationEnabled indicates whether to enable internationalization.
+ loginTheme : str, default is Undefined, optional
+ LoginTheme specifies the login theme to use for the realm.
+ """
+
+
+ accountTheme?: str
+
+ adminConsoleTheme?: str
+
+ emailTheme?: str
+
+ internationalizationEnabled?: bool
+
+ loginTheme?: str
+
+
+schema V1EdpEpamComV1KeycloakRealmSpecTokenSettings:
+ r"""
+ TokenSettings is the configuration for tokens in the realm.
+
+ Attributes
+ ----------
+ accessCodeLifespan : int, default is 60, optional
+ AccessCodeLifespan specifies max time(in seconds)a client has to finish the access token protocol.
+ This should normally be 1 minute.
+ accessToken : int, default is 900, optional
+ AccessTokenLifespanForImplicitFlow specifies max time(in seconds) before an access token is expired for implicit flow.
+ accessTokenLifespan : int, default is 300, optional
+ AccessTokenLifespan specifies max time(in seconds) before an access token is expired.
+ This value is recommended to be short relative to the SSO timeout.
+ actionTokenGeneratedByAdminLifespan : int, default is 43200, optional
+ ActionTokenGeneratedByAdminLifespan specifies max time(in seconds) before an action permit sent to a user by administrator is expired.
+ This value is recommended to be long to allow administrators to send e-mails for users that are currently offline.
+ The default timeout can be overridden immediately before issuing the token.
+ actionTokenGeneratedByUserLifespan : int, default is 300, optional
+ AccessCodeLifespanUserAction specifies max time(in seconds) before an action permit sent by a user (such as a forgot password e-mail) is expired.
+ This value is recommended to be short because it's expected that the user would react to self-created action quickly.
+ defaultSignatureAlgorithm : str, default is "RS256", optional
+ DefaultSignatureAlgorithm specifies the default algorithm used to sign tokens for the realm
+ refreshTokenMaxReuse : int, default is Undefined, optional
+ RefreshTokenMaxReuse specifies maximum number of times a refresh token can be reused.
+ When a different token is used, revocation is immediate.
+ revokeRefreshToken : bool, default is Undefined, optional
+ RevokeRefreshToken if enabled a refresh token can only be used up to 'refreshTokenMaxReuse' and
+ is revoked when a different token is used.
+ Otherwise, refresh tokens are not revoked when used and can be used multiple times.
+ """
+
+
+ accessCodeLifespan?: int = 60
+
+ accessToken?: int = 900
+
+ accessTokenLifespan?: int = 300
+
+ actionTokenGeneratedByAdminLifespan?: int = 43200
+
+ actionTokenGeneratedByUserLifespan?: int = 300
+
+ defaultSignatureAlgorithm?: "ES256" | "ES384" | "ES512" | "EdDSA" | "HS256" | "HS384" | "HS512" | "PS256" | "PS384" | "PS512" | "RS256" | "RS384" | "RS512" = "RS256"
+
+ refreshTokenMaxReuse?: int = 0
+
+ revokeRefreshToken?: bool = False
+
+
+schema V1EdpEpamComV1KeycloakRealmSpecUsersItems0:
+ r"""
+ v1 edp epam com v1 keycloak realm spec users items0
+
+ Attributes
+ ----------
+ realmRoles : [str], default is Undefined, optional
+ RealmRoles is a list of roles attached to keycloak user.
+ username : str, default is Undefined, required
+ Username of keycloak user.
+ """
+
+
+ realmRoles?: [str]
+
+ username: str
+
+
+schema V1EdpEpamComV1KeycloakRealmStatus:
+ r"""
+ KeycloakRealmStatus defines the observed state of KeycloakRealm.
+
+ Attributes
+ ----------
+ available : bool, default is Undefined, optional
+ available
+ failureCount : int, default is Undefined, optional
+ failure count
+ value : str, default is Undefined, optional
+ value
+ """
+
+
+ available?: bool
+
+ failureCount?: int
+
+ value?: str
+
+
diff --git a/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm_component.k b/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm_component.k
new file mode 100644
index 00000000..7611e991
--- /dev/null
+++ b/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm_component.k
@@ -0,0 +1,134 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema KeycloakRealmComponent:
+ r"""
+ KeycloakRealmComponent is the Schema for the keycloak component API.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "v1.edp.epam.com/v1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "KeycloakRealmComponent", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : V1EdpEpamComV1KeycloakRealmComponentSpec, default is Undefined, optional
+ spec
+ status : V1EdpEpamComV1KeycloakRealmComponentStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "v1.edp.epam.com/v1" = "v1.edp.epam.com/v1"
+
+ kind: "KeycloakRealmComponent" = "KeycloakRealmComponent"
+
+ metadata?: v1.ObjectMeta
+
+ spec?: V1EdpEpamComV1KeycloakRealmComponentSpec
+
+ status?: V1EdpEpamComV1KeycloakRealmComponentStatus
+
+
+schema V1EdpEpamComV1KeycloakRealmComponentSpec:
+ r"""
+ KeycloakComponentSpec defines the desired state of KeycloakRealmComponent.
+
+ Attributes
+ ----------
+ config : {str:[str]}, default is Undefined, optional
+ Config is a map of component configuration.
+ Map key is a name of configuration property, map value is an array value of configuration properties.
+ Any configuration property can be a reference to k8s secret, in this case the property should be in format $secretName:secretKey.
+ name : str, default is Undefined, required
+ Name of keycloak component.
+ parentRef : V1EdpEpamComV1KeycloakRealmComponentSpecParentRef, default is Undefined, optional
+ parent ref
+ providerId : str, default is Undefined, required
+ ProviderID is a provider ID of component.
+ providerType : str, default is Undefined, required
+ ProviderType is a provider type of component.
+ realm : str, default is Undefined, optional
+ Deprecated: use RealmRef instead.
+ Realm is name of KeycloakRealm custom resource.
+ realmRef : V1EdpEpamComV1KeycloakRealmComponentSpecRealmRef, default is Undefined, optional
+ realm ref
+ """
+
+
+ config?: {str:[str]}
+
+ name: str
+
+ parentRef?: V1EdpEpamComV1KeycloakRealmComponentSpecParentRef
+
+ providerId: str
+
+ providerType: str
+
+ realm?: str
+
+ realmRef?: V1EdpEpamComV1KeycloakRealmComponentSpecRealmRef
+
+
+schema V1EdpEpamComV1KeycloakRealmComponentSpecParentRef:
+ r"""
+ ParentRef specifies a parent resource.
+ If not specified, then parent is realm specified in realm field.
+
+ Attributes
+ ----------
+ kind : str, default is "KeycloakRealm", optional
+ Kind is a kind of parent component. By default, it is KeycloakRealm.
+ name : str, default is Undefined, required
+ Name is a name of parent component custom resource.
+ For example, if Kind is KeycloakRealm, then Name is name of KeycloakRealm custom resource.
+ """
+
+
+ kind?: "KeycloakRealm" | "KeycloakRealmComponent" = "KeycloakRealm"
+
+ name: str
+
+
+schema V1EdpEpamComV1KeycloakRealmComponentSpecRealmRef:
+ r"""
+ RealmRef is reference to Realm custom resource.
+
+ Attributes
+ ----------
+ kind : str, default is Undefined, optional
+ Kind specifies the kind of the Keycloak resource.
+ name : str, default is Undefined, optional
+ Name specifies the name of the Keycloak resource.
+ """
+
+
+ kind?: "KeycloakRealm" | "ClusterKeycloakRealm"
+
+ name?: str
+
+
+schema V1EdpEpamComV1KeycloakRealmComponentStatus:
+ r"""
+ KeycloakComponentStatus defines the observed state of KeycloakRealmComponent.
+
+ Attributes
+ ----------
+ failureCount : int, default is Undefined, optional
+ failure count
+ value : str, default is Undefined, optional
+ value
+ """
+
+
+ failureCount?: int
+
+ value?: str
+
+
diff --git a/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm_group.k b/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm_group.k
new file mode 100644
index 00000000..a271cacb
--- /dev/null
+++ b/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm_group.k
@@ -0,0 +1,142 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema KeycloakRealmGroup:
+ r"""
+ KeycloakRealmGroup is the Schema for the keycloak group API.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "v1.edp.epam.com/v1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "KeycloakRealmGroup", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : V1EdpEpamComV1KeycloakRealmGroupSpec, default is Undefined, optional
+ spec
+ status : V1EdpEpamComV1KeycloakRealmGroupStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "v1.edp.epam.com/v1" = "v1.edp.epam.com/v1"
+
+ kind: "KeycloakRealmGroup" = "KeycloakRealmGroup"
+
+ metadata?: v1.ObjectMeta
+
+ spec?: V1EdpEpamComV1KeycloakRealmGroupSpec
+
+ status?: V1EdpEpamComV1KeycloakRealmGroupStatus
+
+
+schema V1EdpEpamComV1KeycloakRealmGroupSpec:
+ r"""
+ KeycloakRealmGroupSpec defines the desired state of KeycloakRealmGroup.
+
+ Attributes
+ ----------
+ access : {str:bool}, default is Undefined, optional
+ Access is a map of group access.
+ attributes : {str:[str]}, default is Undefined, optional
+ Attributes is a map of group attributes.
+ clientRoles : [V1EdpEpamComV1KeycloakRealmGroupSpecClientRolesItems0], default is Undefined, optional
+ ClientRoles is a list of client roles assigned to group.
+ name : str, default is Undefined, required
+ Name of keycloak group.
+ path : str, default is Undefined, optional
+ Path is a group path.
+ realm : str, default is Undefined, optional
+ Deprecated: use RealmRef instead.
+ Realm is name of KeycloakRealm custom resource.
+ realmRef : V1EdpEpamComV1KeycloakRealmGroupSpecRealmRef, default is Undefined, optional
+ realm ref
+ realmRoles : [str], default is Undefined, optional
+ RealmRoles is a list of realm roles assigned to group.
+ subGroups : [str], default is Undefined, optional
+ SubGroups is a list of subgroups assigned to group.
+ """
+
+
+ access?: {str:bool}
+
+ attributes?: {str:[str]}
+
+ clientRoles?: [V1EdpEpamComV1KeycloakRealmGroupSpecClientRolesItems0]
+
+ name: str
+
+ path?: str
+
+ realm?: str
+
+ realmRef?: V1EdpEpamComV1KeycloakRealmGroupSpecRealmRef
+
+ realmRoles?: [str]
+
+ subGroups?: [str]
+
+
+schema V1EdpEpamComV1KeycloakRealmGroupSpecClientRolesItems0:
+ r"""
+ v1 edp epam com v1 keycloak realm group spec client roles items0
+
+ Attributes
+ ----------
+ clientId : str, default is Undefined, required
+ ClientID is a client ID.
+ roles : [str], default is Undefined, optional
+ Roles is a list of client roles names assigned to service account.
+ """
+
+
+ clientId: str
+
+ roles?: [str]
+
+
+schema V1EdpEpamComV1KeycloakRealmGroupSpecRealmRef:
+ r"""
+ RealmRef is reference to Realm custom resource.
+
+ Attributes
+ ----------
+ kind : str, default is Undefined, optional
+ Kind specifies the kind of the Keycloak resource.
+ name : str, default is Undefined, optional
+ Name specifies the name of the Keycloak resource.
+ """
+
+
+ kind?: "KeycloakRealm" | "ClusterKeycloakRealm"
+
+ name?: str
+
+
+schema V1EdpEpamComV1KeycloakRealmGroupStatus:
+ r"""
+ KeycloakRealmGroupStatus defines the observed state of KeycloakRealmGroup.
+
+ Attributes
+ ----------
+ failureCount : int, default is Undefined, optional
+ failure count
+ id : str, default is Undefined, optional
+ ID is a group ID.
+ value : str, default is Undefined, optional
+ value
+ """
+
+
+ failureCount?: int
+
+ id?: str
+
+ value?: str
+
+
diff --git a/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm_identity_provider.k b/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm_identity_provider.k
new file mode 100644
index 00000000..e59361d8
--- /dev/null
+++ b/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm_identity_provider.k
@@ -0,0 +1,168 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema KeycloakRealmIdentityProvider:
+ r"""
+ KeycloakRealmIdentityProvider is the Schema for the keycloak realm identity provider API.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "v1.edp.epam.com/v1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "KeycloakRealmIdentityProvider", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : V1EdpEpamComV1KeycloakRealmIdentityProviderSpec, default is Undefined, optional
+ spec
+ status : V1EdpEpamComV1KeycloakRealmIdentityProviderStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "v1.edp.epam.com/v1" = "v1.edp.epam.com/v1"
+
+ kind: "KeycloakRealmIdentityProvider" = "KeycloakRealmIdentityProvider"
+
+ metadata?: v1.ObjectMeta
+
+ spec?: V1EdpEpamComV1KeycloakRealmIdentityProviderSpec
+
+ status?: V1EdpEpamComV1KeycloakRealmIdentityProviderStatus
+
+
+schema V1EdpEpamComV1KeycloakRealmIdentityProviderSpec:
+ r"""
+ KeycloakRealmIdentityProviderSpec defines the desired state of KeycloakRealmIdentityProvider.
+
+ Attributes
+ ----------
+ addReadTokenRoleOnCreate : bool, default is Undefined, optional
+ AddReadTokenRoleOnCreate is a flag to add read token role on create.
+ alias : str, default is Undefined, required
+ Alias is a alias of identity provider.
+ authenticateByDefault : bool, default is Undefined, optional
+ AuthenticateByDefault is a flag to authenticate by default.
+ config : {str:str}, default is Undefined, required
+ Config is a map of identity provider configuration.
+ Map key is a name of configuration property, map value is a value of configuration property.
+ Any value can be a reference to k8s secret, in this case value should be in format $secretName:secretKey.
+ displayName : str, default is Undefined, optional
+ DisplayName is a display name of identity provider.
+ enabled : bool, default is Undefined, required
+ Enabled is a flag to enable/disable identity provider.
+ firstBrokerLoginFlowAlias : str, default is Undefined, optional
+ FirstBrokerLoginFlowAlias is a first broker login flow alias.
+ linkOnly : bool, default is Undefined, optional
+ LinkOnly is a flag to link only.
+ mappers : [V1EdpEpamComV1KeycloakRealmIdentityProviderSpecMappersItems0], default is Undefined, optional
+ Mappers is a list of identity provider mappers.
+ providerId : str, default is Undefined, required
+ ProviderID is a provider ID of identity provider.
+ realm : str, default is Undefined, optional
+ Deprecated: use RealmRef instead.
+ Realm is name of KeycloakRealm custom resource.
+ realmRef : V1EdpEpamComV1KeycloakRealmIdentityProviderSpecRealmRef, default is Undefined, optional
+ realm ref
+ storeToken : bool, default is Undefined, optional
+ StoreToken is a flag to store token.
+ trustEmail : bool, default is Undefined, optional
+ TrustEmail is a flag to trust email.
+ """
+
+
+ addReadTokenRoleOnCreate?: bool
+
+ alias: str
+
+ authenticateByDefault?: bool
+
+ config: {str:str}
+
+ displayName?: str
+
+ enabled: bool
+
+ firstBrokerLoginFlowAlias?: str
+
+ linkOnly?: bool
+
+ mappers?: [V1EdpEpamComV1KeycloakRealmIdentityProviderSpecMappersItems0]
+
+ providerId: str
+
+ realm?: str
+
+ realmRef?: V1EdpEpamComV1KeycloakRealmIdentityProviderSpecRealmRef
+
+ storeToken?: bool
+
+ trustEmail?: bool
+
+
+schema V1EdpEpamComV1KeycloakRealmIdentityProviderSpecMappersItems0:
+ r"""
+ v1 edp epam com v1 keycloak realm identity provider spec mappers items0
+
+ Attributes
+ ----------
+ config : {str:str}, default is Undefined, optional
+ Config is a map of identity provider mapper configuration.
+ identityProviderAlias : str, default is Undefined, optional
+ IdentityProviderAlias is a identity provider alias.
+ identityProviderMapper : str, default is Undefined, optional
+ IdentityProviderMapper is a identity provider mapper.
+ name : str, default is Undefined, optional
+ Name is a name of identity provider mapper.
+ """
+
+
+ config?: {str:str}
+
+ identityProviderAlias?: str
+
+ identityProviderMapper?: str
+
+ name?: str
+
+
+schema V1EdpEpamComV1KeycloakRealmIdentityProviderSpecRealmRef:
+ r"""
+ RealmRef is reference to Realm custom resource.
+
+ Attributes
+ ----------
+ kind : str, default is Undefined, optional
+ Kind specifies the kind of the Keycloak resource.
+ name : str, default is Undefined, optional
+ Name specifies the name of the Keycloak resource.
+ """
+
+
+ kind?: "KeycloakRealm" | "ClusterKeycloakRealm"
+
+ name?: str
+
+
+schema V1EdpEpamComV1KeycloakRealmIdentityProviderStatus:
+ r"""
+ KeycloakRealmIdentityProviderStatus defines the observed state of KeycloakRealmIdentityProvider.
+
+ Attributes
+ ----------
+ failureCount : int, default is Undefined, optional
+ failure count
+ value : str, default is Undefined, optional
+ value
+ """
+
+
+ failureCount?: int
+
+ value?: str
+
+
diff --git a/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm_role.k b/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm_role.k
new file mode 100644
index 00000000..823ac288
--- /dev/null
+++ b/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm_role.k
@@ -0,0 +1,152 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema KeycloakRealmRole:
+ r"""
+ KeycloakRealmRole is the Schema for the keycloak group API.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "v1.edp.epam.com/v1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "KeycloakRealmRole", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : V1EdpEpamComV1KeycloakRealmRoleSpec, default is Undefined, optional
+ spec
+ status : V1EdpEpamComV1KeycloakRealmRoleStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "v1.edp.epam.com/v1" = "v1.edp.epam.com/v1"
+
+ kind: "KeycloakRealmRole" = "KeycloakRealmRole"
+
+ metadata?: v1.ObjectMeta
+
+ spec?: V1EdpEpamComV1KeycloakRealmRoleSpec
+
+ status?: V1EdpEpamComV1KeycloakRealmRoleStatus
+
+
+schema V1EdpEpamComV1KeycloakRealmRoleSpec:
+ r"""
+ KeycloakRealmRoleSpec defines the desired state of KeycloakRealmRole.
+
+ Attributes
+ ----------
+ attributes : {str:[str]}, default is Undefined, optional
+ Attributes is a map of role attributes.
+ composite : bool, default is Undefined, optional
+ Composite is a flag if role is composite.
+ composites : [V1EdpEpamComV1KeycloakRealmRoleSpecCompositesItems0], default is Undefined, optional
+ Composites is a list of composites roles assigned to role.
+ compositesClientRoles : {str:[V1EdpEpamComV1KeycloakRealmRoleSpecCompositesClientRolesItems0]}, default is Undefined, optional
+ CompositesClientRoles is a map of composites client roles assigned to role.
+ description : str, default is Undefined, optional
+ Description is a role description.
+ isDefault : bool, default is Undefined, optional
+ IsDefault is a flag if role is default.
+ name : str, default is Undefined, required
+ Name of keycloak role.
+ realm : str, default is Undefined, optional
+ Deprecated: use RealmRef instead.
+ Realm is name of KeycloakRealm custom resource.
+ realmRef : V1EdpEpamComV1KeycloakRealmRoleSpecRealmRef, default is Undefined, optional
+ realm ref
+ """
+
+
+ attributes?: {str:[str]}
+
+ composite?: bool
+
+ composites?: [V1EdpEpamComV1KeycloakRealmRoleSpecCompositesItems0]
+
+ compositesClientRoles?: {str:[V1EdpEpamComV1KeycloakRealmRoleSpecCompositesClientRolesItems0]}
+
+ description?: str
+
+ isDefault?: bool
+
+ name: str
+
+ realm?: str
+
+ realmRef?: V1EdpEpamComV1KeycloakRealmRoleSpecRealmRef
+
+
+schema V1EdpEpamComV1KeycloakRealmRoleSpecCompositesClientRolesItems0:
+ r"""
+ v1 edp epam com v1 keycloak realm role spec composites client roles items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name is a name of composite role.
+ """
+
+
+ name: str
+
+
+schema V1EdpEpamComV1KeycloakRealmRoleSpecCompositesItems0:
+ r"""
+ v1 edp epam com v1 keycloak realm role spec composites items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name is a name of composite role.
+ """
+
+
+ name: str
+
+
+schema V1EdpEpamComV1KeycloakRealmRoleSpecRealmRef:
+ r"""
+ RealmRef is reference to Realm custom resource.
+
+ Attributes
+ ----------
+ kind : str, default is Undefined, optional
+ Kind specifies the kind of the Keycloak resource.
+ name : str, default is Undefined, optional
+ Name specifies the name of the Keycloak resource.
+ """
+
+
+ kind?: "KeycloakRealm" | "ClusterKeycloakRealm"
+
+ name?: str
+
+
+schema V1EdpEpamComV1KeycloakRealmRoleStatus:
+ r"""
+ KeycloakRealmRoleStatus defines the observed state of KeycloakRealmRole.
+
+ Attributes
+ ----------
+ failureCount : int, default is Undefined, optional
+ failure count
+ id : str, default is Undefined, optional
+ ID is a role ID.
+ value : str, default is Undefined, optional
+ value
+ """
+
+
+ failureCount?: int
+
+ id?: str
+
+ value?: str
+
+
diff --git a/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm_role_batch.k b/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm_role_batch.k
new file mode 100644
index 00000000..87e7be90
--- /dev/null
+++ b/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm_role_batch.k
@@ -0,0 +1,144 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema KeycloakRealmRoleBatch:
+ r"""
+ KeycloakRealmRoleBatch is the Schema for the keycloak roles API.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "v1.edp.epam.com/v1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "KeycloakRealmRoleBatch", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : V1EdpEpamComV1KeycloakRealmRoleBatchSpec, default is Undefined, optional
+ spec
+ status : V1EdpEpamComV1KeycloakRealmRoleBatchStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "v1.edp.epam.com/v1" = "v1.edp.epam.com/v1"
+
+ kind: "KeycloakRealmRoleBatch" = "KeycloakRealmRoleBatch"
+
+ metadata?: v1.ObjectMeta
+
+ spec?: V1EdpEpamComV1KeycloakRealmRoleBatchSpec
+
+ status?: V1EdpEpamComV1KeycloakRealmRoleBatchStatus
+
+
+schema V1EdpEpamComV1KeycloakRealmRoleBatchSpec:
+ r"""
+ KeycloakRealmRoleBatchSpec defines the desired state of KeycloakRealmRoleBatch.
+
+ Attributes
+ ----------
+ realm : str, default is Undefined, optional
+ Deprecated: use RealmRef instead.
+ Realm is name of KeycloakRealm custom resource.
+ realmRef : V1EdpEpamComV1KeycloakRealmRoleBatchSpecRealmRef, default is Undefined, optional
+ realm ref
+ roles : [V1EdpEpamComV1KeycloakRealmRoleBatchSpecRolesItems0], default is Undefined, required
+ Roles is a list of roles to be created.
+ """
+
+
+ realm?: str
+
+ realmRef?: V1EdpEpamComV1KeycloakRealmRoleBatchSpecRealmRef
+
+ roles: [V1EdpEpamComV1KeycloakRealmRoleBatchSpecRolesItems0]
+
+
+schema V1EdpEpamComV1KeycloakRealmRoleBatchSpecRealmRef:
+ r"""
+ RealmRef is reference to Realm custom resource.
+
+ Attributes
+ ----------
+ kind : str, default is Undefined, optional
+ Kind specifies the kind of the Keycloak resource.
+ name : str, default is Undefined, optional
+ Name specifies the name of the Keycloak resource.
+ """
+
+
+ kind?: "KeycloakRealm" | "ClusterKeycloakRealm"
+
+ name?: str
+
+
+schema V1EdpEpamComV1KeycloakRealmRoleBatchSpecRolesItems0:
+ r"""
+ v1 edp epam com v1 keycloak realm role batch spec roles items0
+
+ Attributes
+ ----------
+ attributes : {str:[str]}, default is Undefined, optional
+ Attributes is a map of role attributes.
+ composite : bool, default is Undefined, optional
+ Composite is a flag if role is composite.
+ composites : [V1EdpEpamComV1KeycloakRealmRoleBatchSpecRolesItems0CompositesItems0], default is Undefined, optional
+ Composites is a list of composites roles assigned to role.
+ description : str, default is Undefined, optional
+ Description is a role description.
+ isDefault : bool, default is Undefined, optional
+ IsDefault is a flag if role is default.
+ name : str, default is Undefined, required
+ Name of keycloak role.
+ """
+
+
+ attributes?: {str:[str]}
+
+ composite?: bool
+
+ composites?: [V1EdpEpamComV1KeycloakRealmRoleBatchSpecRolesItems0CompositesItems0]
+
+ description?: str
+
+ isDefault?: bool
+
+ name: str
+
+
+schema V1EdpEpamComV1KeycloakRealmRoleBatchSpecRolesItems0CompositesItems0:
+ r"""
+ v1 edp epam com v1 keycloak realm role batch spec roles items0 composites items0
+
+ Attributes
+ ----------
+ name : str, default is Undefined, required
+ Name is a name of composite role.
+ """
+
+
+ name: str
+
+
+schema V1EdpEpamComV1KeycloakRealmRoleBatchStatus:
+ r"""
+ KeycloakRealmRoleBatchStatus defines the observed state of KeycloakRealmRoleBatch.
+
+ Attributes
+ ----------
+ failureCount : int, default is Undefined, optional
+ failure count
+ value : str, default is Undefined, optional
+ value
+ """
+
+
+ failureCount?: int
+
+ value?: str
+
+
diff --git a/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm_user.k b/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm_user.k
new file mode 100644
index 00000000..eb267f20
--- /dev/null
+++ b/edp-keycloak-operator/v1/v1_edp_epam_com_v1_keycloak_realm_user.k
@@ -0,0 +1,170 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema KeycloakRealmUser:
+ r"""
+ KeycloakRealmUser is the Schema for the keycloak user API.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "v1.edp.epam.com/v1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "KeycloakRealmUser", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : V1EdpEpamComV1KeycloakRealmUserSpec, default is Undefined, optional
+ spec
+ status : V1EdpEpamComV1KeycloakRealmUserStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "v1.edp.epam.com/v1" = "v1.edp.epam.com/v1"
+
+ kind: "KeycloakRealmUser" = "KeycloakRealmUser"
+
+ metadata?: v1.ObjectMeta
+
+ spec?: V1EdpEpamComV1KeycloakRealmUserSpec
+
+ status?: V1EdpEpamComV1KeycloakRealmUserStatus
+
+
+schema V1EdpEpamComV1KeycloakRealmUserSpec:
+ r"""
+ KeycloakRealmUserSpec defines the desired state of KeycloakRealmUser.
+
+ Attributes
+ ----------
+ attributes : {str:str}, default is Undefined, optional
+ Attributes is a map of user attributes.
+ email : str, default is Undefined, optional
+ Email is a user email.
+ emailVerified : bool, default is Undefined, optional
+ EmailVerified is a user email verified flag.
+ enabled : bool, default is Undefined, optional
+ Enabled is a user enabled flag.
+ firstName : str, default is Undefined, optional
+ FirstName is a user first name.
+ groups : [str], default is Undefined, optional
+ Groups is a list of groups assigned to user.
+ keepResource : bool, default is True, optional
+ KeepResource, when set to false, results in the deletion of the KeycloakRealmUser Custom Resource (CR)
+ from the cluster after the corresponding user is created in Keycloak. The user will continue to exist in Keycloak.
+ When set to true, the CR will not be deleted after processing.
+ lastName : str, default is Undefined, optional
+ LastName is a user last name.
+ password : str, default is Undefined, optional
+ Password is a user password. Allows to keep user password within Custom Resource. For security concerns, it is recommended to use PasswordSecret instead.
+ passwordSecret : V1EdpEpamComV1KeycloakRealmUserSpecPasswordSecret, default is Undefined, optional
+ password secret
+ realm : str, default is Undefined, optional
+ Deprecated: use RealmRef instead.
+ Realm is name of KeycloakRealm custom resource.
+ realmRef : V1EdpEpamComV1KeycloakRealmUserSpecRealmRef, default is Undefined, optional
+ realm ref
+ reconciliationStrategy : str, default is Undefined, optional
+ ReconciliationStrategy is a strategy for reconciliation. Possible values: full, create-only.
+ Default value: full. If set to create-only, user will be created only if it does not exist. If user exists, it will not be updated.
+ If set to full, user will be created if it does not exist, or updated if it exists.
+ requiredUserActions : [str], default is Undefined, optional
+ RequiredUserActions is required action when user log in, example: CONFIGURE_TOTP, UPDATE_PASSWORD, UPDATE_PROFILE, VERIFY_EMAIL.
+ roles : [str], default is Undefined, optional
+ Roles is a list of roles assigned to user.
+ username : str, default is Undefined, required
+ Username is a username in keycloak.
+ """
+
+
+ attributes?: {str:str}
+
+ email?: str
+
+ emailVerified?: bool
+
+ enabled?: bool
+
+ firstName?: str
+
+ groups?: [str]
+
+ keepResource?: bool = True
+
+ lastName?: str
+
+ password?: str
+
+ passwordSecret?: V1EdpEpamComV1KeycloakRealmUserSpecPasswordSecret
+
+ realm?: str
+
+ realmRef?: V1EdpEpamComV1KeycloakRealmUserSpecRealmRef
+
+ reconciliationStrategy?: str
+
+ requiredUserActions?: [str]
+
+ roles?: [str]
+
+ username: str
+
+
+schema V1EdpEpamComV1KeycloakRealmUserSpecPasswordSecret:
+ r"""
+ PasswordSecret defines Kubernetes secret Name and Key, which holds User secret.
+
+ Attributes
+ ----------
+ key : str, default is Undefined, required
+ Key is the key in the secret.
+ name : str, default is Undefined, required
+ Name is the name of the secret.
+ """
+
+
+ key: str
+
+ name: str
+
+
+schema V1EdpEpamComV1KeycloakRealmUserSpecRealmRef:
+ r"""
+ RealmRef is reference to Realm custom resource.
+
+ Attributes
+ ----------
+ kind : str, default is Undefined, optional
+ Kind specifies the kind of the Keycloak resource.
+ name : str, default is Undefined, optional
+ Name specifies the name of the Keycloak resource.
+ """
+
+
+ kind?: "KeycloakRealm" | "ClusterKeycloakRealm"
+
+ name?: str
+
+
+schema V1EdpEpamComV1KeycloakRealmUserStatus:
+ r"""
+ KeycloakRealmUserStatus defines the observed state of KeycloakRealmUser.
+
+ Attributes
+ ----------
+ failureCount : int, default is Undefined, optional
+ failure count
+ value : str, default is Undefined, optional
+ value
+ """
+
+
+ failureCount?: int
+
+ value?: str
+
+
diff --git a/edp-keycloak-operator/v1alpha1/v1_edp_epam_com_v1alpha1_cluster_keycloak.k b/edp-keycloak-operator/v1alpha1/v1_edp_epam_com_v1alpha1_cluster_keycloak.k
new file mode 100644
index 00000000..c72aec7b
--- /dev/null
+++ b/edp-keycloak-operator/v1alpha1/v1_edp_epam_com_v1alpha1_cluster_keycloak.k
@@ -0,0 +1,145 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema ClusterKeycloak:
+ r"""
+ ClusterKeycloak is the Schema for the clusterkeycloaks API.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "v1.edp.epam.com/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "ClusterKeycloak", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : V1EdpEpamComV1alpha1ClusterKeycloakSpec, default is Undefined, optional
+ spec
+ status : V1EdpEpamComV1alpha1ClusterKeycloakStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "v1.edp.epam.com/v1alpha1" = "v1.edp.epam.com/v1alpha1"
+
+ kind: "ClusterKeycloak" = "ClusterKeycloak"
+
+ metadata?: v1.ObjectMeta
+
+ spec?: V1EdpEpamComV1alpha1ClusterKeycloakSpec
+
+ status?: V1EdpEpamComV1alpha1ClusterKeycloakStatus
+
+
+schema V1EdpEpamComV1alpha1ClusterKeycloakSpec:
+ r"""
+ ClusterKeycloakSpec defines the desired state of ClusterKeycloak.
+
+ Attributes
+ ----------
+ adminType : str, default is "user", optional
+ AdminType can be user or serviceAccount, if serviceAccount was specified,
+ then client_credentials grant type should be used for getting admin realm token.
+ caCert : V1EdpEpamComV1alpha1ClusterKeycloakSpecCaCert, default is Undefined, optional
+ ca cert
+ insecureSkipVerify : bool, default is Undefined, optional
+ InsecureSkipVerify controls whether api client verifies the server's
+ certificate chain and host name. If InsecureSkipVerify is true, api client
+ accepts any certificate presented by the server and any host name in that
+ certificate.
+ secret : str, default is Undefined, required
+ Secret is a secret name which contains admin credentials.
+ url : str, default is Undefined, required
+ URL of keycloak service.
+ """
+
+
+ adminType?: "serviceAccount" | "user" = "user"
+
+ caCert?: V1EdpEpamComV1alpha1ClusterKeycloakSpecCaCert
+
+ insecureSkipVerify?: bool
+
+ secret: str
+
+ url: str
+
+
+schema V1EdpEpamComV1alpha1ClusterKeycloakSpecCaCert:
+ r"""
+ CACert defines the root certificate authority
+ that api clients use when verifying server certificates.
+ Resources should be in the namespace defined in operator OPERATOR_NAMESPACE env.
+
+ Attributes
+ ----------
+ configMapKeyRef : V1EdpEpamComV1alpha1ClusterKeycloakSpecCaCertConfigMapKeyRef, default is Undefined, optional
+ config map key ref
+ secretKeyRef : V1EdpEpamComV1alpha1ClusterKeycloakSpecCaCertSecretKeyRef, default is Undefined, optional
+ secret key ref
+ """
+
+
+ configMapKeyRef?: V1EdpEpamComV1alpha1ClusterKeycloakSpecCaCertConfigMapKeyRef
+
+ secretKeyRef?: V1EdpEpamComV1alpha1ClusterKeycloakSpecCaCertSecretKeyRef
+
+
+schema V1EdpEpamComV1alpha1ClusterKeycloakSpecCaCertConfigMapKeyRef:
+ r"""
+ Selects a key of a ConfigMap.
+
+ Attributes
+ ----------
+ key : str, default is Undefined, required
+ The key to select.
+ name : str, default is Undefined, optional
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ """
+
+
+ key: str
+
+ name?: str
+
+
+schema V1EdpEpamComV1alpha1ClusterKeycloakSpecCaCertSecretKeyRef:
+ r"""
+ Selects a key of a secret.
+
+ Attributes
+ ----------
+ key : str, default is Undefined, required
+ The key of the secret to select from.
+ name : str, default is Undefined, optional
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ """
+
+
+ key: str
+
+ name?: str
+
+
+schema V1EdpEpamComV1alpha1ClusterKeycloakStatus:
+ r"""
+ ClusterKeycloakStatus defines the observed state of ClusterKeycloak.
+
+ Attributes
+ ----------
+ connected : bool, default is Undefined, required
+ Connected shows if keycloak service is up and running.
+ """
+
+
+ connected: bool
+
+
diff --git a/edp-keycloak-operator/v1alpha1/v1_edp_epam_com_v1alpha1_cluster_keycloak_realm.k b/edp-keycloak-operator/v1alpha1/v1_edp_epam_com_v1alpha1_cluster_keycloak_realm.k
new file mode 100644
index 00000000..3cb6e2ee
--- /dev/null
+++ b/edp-keycloak-operator/v1alpha1/v1_edp_epam_com_v1alpha1_cluster_keycloak_realm.k
@@ -0,0 +1,274 @@
+"""
+This file was generated by the KCL auto-gen tool. DO NOT EDIT.
+Editing this file might prove futile when you re-run the KCL auto-gen generate command.
+"""
+import k8s.apimachinery.pkg.apis.meta.v1
+
+
+schema ClusterKeycloakRealm:
+ r"""
+ ClusterKeycloakRealm is the Schema for the clusterkeycloakrealms API.
+
+ Attributes
+ ----------
+ apiVersion : str, default is "v1.edp.epam.com/v1alpha1", required
+ APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ kind : str, default is "ClusterKeycloakRealm", required
+ Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ metadata : v1.ObjectMeta, default is Undefined, optional
+ metadata
+ spec : V1EdpEpamComV1alpha1ClusterKeycloakRealmSpec, default is Undefined, optional
+ spec
+ status : V1EdpEpamComV1alpha1ClusterKeycloakRealmStatus, default is Undefined, optional
+ status
+ """
+
+
+ apiVersion: "v1.edp.epam.com/v1alpha1" = "v1.edp.epam.com/v1alpha1"
+
+ kind: "ClusterKeycloakRealm" = "ClusterKeycloakRealm"
+
+ metadata?: v1.ObjectMeta
+
+ spec?: V1EdpEpamComV1alpha1ClusterKeycloakRealmSpec
+
+ status?: V1EdpEpamComV1alpha1ClusterKeycloakRealmStatus
+
+
+schema V1EdpEpamComV1alpha1ClusterKeycloakRealmSpec:
+ r"""
+ ClusterKeycloakRealmSpec defines the desired state of ClusterKeycloakRealm.
+
+ Attributes
+ ----------
+ authenticationFlows : V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecAuthenticationFlows, default is Undefined, optional
+ authentication flows
+ browserSecurityHeaders : {str:str}, default is Undefined, optional
+ BrowserSecurityHeaders is a map of security headers to apply to HTTP responses from the realm's browser clients.
+ clusterKeycloakRef : str, default is Undefined, required
+ ClusterKeycloakRef is a name of the ClusterKeycloak instance that owns the realm.
+ displayHtmlName : str, default is Undefined, optional
+ DisplayHTMLName name to render in the UI.
+ displayName : str, default is Undefined, optional
+ DisplayName is the display name of the realm.
+ frontendUrl : str, default is Undefined, optional
+ FrontendURL Set the frontend URL for the realm.
+ Use in combination with the default hostname provider to override the base URL for frontend requests for a specific realm.
+ localization : V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecLocalization, default is Undefined, optional
+ localization
+ passwordPolicy : [V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecPasswordPolicyItems0], default is Undefined, optional
+ PasswordPolicies is a list of password policies to apply to the realm.
+ realmEventConfig : V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecRealmEventConfig, default is Undefined, optional
+ realm event config
+ realmName : str, default is Undefined, required
+ RealmName specifies the name of the realm.
+ themes : V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecThemes, default is Undefined, optional
+ themes
+ tokenSettings : V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecTokenSettings, default is Undefined, optional
+ token settings
+ """
+
+
+ authenticationFlows?: V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecAuthenticationFlows
+
+ browserSecurityHeaders?: {str:str}
+
+ clusterKeycloakRef: str
+
+ displayHtmlName?: str
+
+ displayName?: str
+
+ frontendUrl?: str
+
+ localization?: V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecLocalization
+
+ passwordPolicy?: [V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecPasswordPolicyItems0]
+
+ realmEventConfig?: V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecRealmEventConfig
+
+ realmName: str
+
+ themes?: V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecThemes
+
+ tokenSettings?: V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecTokenSettings
+
+
+schema V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecAuthenticationFlows:
+ r"""
+ AuthenticationFlow is the configuration for authentication flows in the realm.
+
+ Attributes
+ ----------
+ browserFlow : str, default is Undefined, optional
+ BrowserFlow specifies the authentication flow to use for the realm's browser clients.
+ """
+
+
+ browserFlow?: str
+
+
+schema V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecLocalization:
+ r"""
+ Localization is the configuration for localization in the realm.
+
+ Attributes
+ ----------
+ internationalizationEnabled : bool, default is Undefined, optional
+ InternationalizationEnabled indicates whether to enable internationalization.
+ """
+
+
+ internationalizationEnabled?: bool
+
+
+schema V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecPasswordPolicyItems0:
+ r"""
+ v1 edp epam com v1alpha1 cluster keycloak realm spec password policy items0
+
+ Attributes
+ ----------
+ $type : str, default is Undefined, required
+ Type of password policy.
+ value : str, default is Undefined, required
+ Value of password policy.
+ """
+
+
+ $type: str
+
+ value: str
+
+
+schema V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecRealmEventConfig:
+ r"""
+ RealmEventConfig is the configuration for events in the realm.
+
+ Attributes
+ ----------
+ adminEventsDetailsEnabled : bool, default is Undefined, optional
+ AdminEventsDetailsEnabled indicates whether to enable detailed admin events.
+ adminEventsEnabled : bool, default is Undefined, optional
+ AdminEventsEnabled indicates whether to enable admin events.
+ enabledEventTypes : [str], default is Undefined, optional
+ EnabledEventTypes is a list of event types to enable.
+ eventsEnabled : bool, default is Undefined, optional
+ EventsEnabled indicates whether to enable events.
+ eventsExpiration : int, default is Undefined, optional
+ EventsExpiration is the number of seconds after which events expire.
+ eventsListeners : [str], default is Undefined, optional
+ EventsListeners is a list of event listeners to enable.
+ """
+
+
+ adminEventsDetailsEnabled?: bool
+
+ adminEventsEnabled?: bool
+
+ enabledEventTypes?: [str]
+
+ eventsEnabled?: bool
+
+ eventsExpiration?: int
+
+ eventsListeners?: [str]
+
+
+schema V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecThemes:
+ r"""
+ Themes is a map of themes to apply to the realm.
+
+ Attributes
+ ----------
+ accountTheme : str, default is Undefined, optional
+ AccountTheme specifies the account theme to use for the realm.
+ adminConsoleTheme : str, default is Undefined, optional
+ AdminConsoleTheme specifies the admin console theme to use for the realm.
+ emailTheme : str, default is Undefined, optional
+ EmailTheme specifies the email theme to use for the realm.
+ loginTheme : str, default is Undefined, optional
+ LoginTheme specifies the login theme to use for the realm.
+ """
+
+
+ accountTheme?: str
+
+ adminConsoleTheme?: str
+
+ emailTheme?: str
+
+ loginTheme?: str
+
+
+schema V1EdpEpamComV1alpha1ClusterKeycloakRealmSpecTokenSettings:
+ r"""
+ TokenSettings is the configuration for tokens in the realm.
+
+ Attributes
+ ----------
+ accessCodeLifespan : int, default is 60, optional
+ AccessCodeLifespan specifies max time(in seconds)a client has to finish the access token protocol.
+ This should normally be 1 minute.
+ accessToken : int, default is 900, optional
+ AccessTokenLifespanForImplicitFlow specifies max time(in seconds) before an access token is expired for implicit flow.
+ accessTokenLifespan : int, default is 300, optional
+ AccessTokenLifespan specifies max time(in seconds) before an access token is expired.
+ This value is recommended to be short relative to the SSO timeout.
+ actionTokenGeneratedByAdminLifespan : int, default is 43200, optional
+ ActionTokenGeneratedByAdminLifespan specifies max time(in seconds) before an action permit sent to a user by administrator is expired.
+ This value is recommended to be long to allow administrators to send e-mails for users that are currently offline.
+ The default timeout can be overridden immediately before issuing the token.
+ actionTokenGeneratedByUserLifespan : int, default is 300, optional
+ AccessCodeLifespanUserAction specifies max time(in seconds) before an action permit sent by a user (such as a forgot password e-mail) is expired.
+ This value is recommended to be short because it's expected that the user would react to self-created action quickly.
+ defaultSignatureAlgorithm : str, default is "RS256", optional
+ DefaultSignatureAlgorithm specifies the default algorithm used to sign tokens for the realm
+ refreshTokenMaxReuse : int, default is Undefined, optional
+ RefreshTokenMaxReuse specifies maximum number of times a refresh token can be reused.
+ When a different token is used, revocation is immediate.
+ revokeRefreshToken : bool, default is Undefined, optional
+ RevokeRefreshToken if enabled a refresh token can only be used up to 'refreshTokenMaxReuse' and
+ is revoked when a different token is used.
+ Otherwise, refresh tokens are not revoked when used and can be used multiple times.
+ """
+
+
+ accessCodeLifespan?: int = 60
+
+ accessToken?: int = 900
+
+ accessTokenLifespan?: int = 300
+
+ actionTokenGeneratedByAdminLifespan?: int = 43200
+
+ actionTokenGeneratedByUserLifespan?: int = 300
+
+ defaultSignatureAlgorithm?: "ES256" | "ES384" | "ES512" | "EdDSA" | "HS256" | "HS384" | "HS512" | "PS256" | "PS384" | "PS512" | "RS256" | "RS384" | "RS512" = "RS256"
+
+ refreshTokenMaxReuse?: int = 0
+
+ revokeRefreshToken?: bool = False
+
+
+schema V1EdpEpamComV1alpha1ClusterKeycloakRealmStatus:
+ r"""
+ ClusterKeycloakRealmStatus defines the observed state of ClusterKeycloakRealm.
+
+ Attributes
+ ----------
+ available : bool, default is Undefined, optional
+ available
+ failureCount : int, default is Undefined, optional
+ failure count
+ value : str, default is Undefined, optional
+ value
+ """
+
+
+ available?: bool
+
+ failureCount?: int
+
+ value?: str
+
+