From 8326ce769071fa1708873dbef1f4b824fb749770 Mon Sep 17 00:00:00 2001 From: Breee Date: Sat, 1 Jun 2024 18:09:15 +0200 Subject: [PATCH] feat(issue-97): add keycloak_user_roles resource Signed-off-by: Breee --- .../v1alpha1/zz_generated.conversion_hubs.go | 3 + apis/user/v1alpha1/zz_generated.deepcopy.go | 262 +++++++ apis/user/v1alpha1/zz_generated.managed.go | 60 ++ .../user/v1alpha1/zz_generated.managedlist.go | 9 + apis/user/v1alpha1/zz_generated.resolvers.go | 74 ++ apis/user/v1alpha1/zz_roles_terraformed.go | 129 ++++ apis/user/v1alpha1/zz_roles_types.go | 166 +++++ config/external_name.go | 1 + config/user/config.go | 8 + examples-generated/user/v1alpha1/roles.yaml | 116 +++ .../controller/user/roles/zz_controller.go | 87 +++ internal/controller/zz_setup.go | 2 + .../user.keycloak.crossplane.io_roles.yaml | 680 ++++++++++++++++++ 13 files changed, 1597 insertions(+) create mode 100755 apis/user/v1alpha1/zz_roles_terraformed.go create mode 100755 apis/user/v1alpha1/zz_roles_types.go create mode 100644 examples-generated/user/v1alpha1/roles.yaml create mode 100755 internal/controller/user/roles/zz_controller.go create mode 100644 package/crds/user.keycloak.crossplane.io_roles.yaml diff --git a/apis/user/v1alpha1/zz_generated.conversion_hubs.go b/apis/user/v1alpha1/zz_generated.conversion_hubs.go index 0761493..a909eec 100755 --- a/apis/user/v1alpha1/zz_generated.conversion_hubs.go +++ b/apis/user/v1alpha1/zz_generated.conversion_hubs.go @@ -12,5 +12,8 @@ func (tr *Groups) Hub() {} // Hub marks this type as a conversion hub. func (tr *Permissions) Hub() {} +// Hub marks this type as a conversion hub. +func (tr *Roles) Hub() {} + // Hub marks this type as a conversion hub. func (tr *User) Hub() {} diff --git a/apis/user/v1alpha1/zz_generated.deepcopy.go b/apis/user/v1alpha1/zz_generated.deepcopy.go index 4571418..3a5d18d 100644 --- a/apis/user/v1alpha1/zz_generated.deepcopy.go +++ b/apis/user/v1alpha1/zz_generated.deepcopy.go @@ -1198,6 +1198,268 @@ func (in *PermissionsStatus) DeepCopy() *PermissionsStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Roles) DeepCopyInto(out *Roles) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Roles. +func (in *Roles) DeepCopy() *Roles { + if in == nil { + return nil + } + out := new(Roles) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Roles) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RolesInitParameters) DeepCopyInto(out *RolesInitParameters) { + *out = *in + if in.Exhaustive != nil { + in, out := &in.Exhaustive, &out.Exhaustive + *out = new(bool) + **out = **in + } + if in.RealmID != nil { + in, out := &in.RealmID, &out.RealmID + *out = new(string) + **out = **in + } + if in.RealmIDRef != nil { + in, out := &in.RealmIDRef, &out.RealmIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.RealmIDSelector != nil { + in, out := &in.RealmIDSelector, &out.RealmIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.RoleIds != nil { + in, out := &in.RoleIds, &out.RoleIds + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.UserID != nil { + in, out := &in.UserID, &out.UserID + *out = new(string) + **out = **in + } + if in.UserIDRef != nil { + in, out := &in.UserIDRef, &out.UserIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.UserIDSelector != nil { + in, out := &in.UserIDSelector, &out.UserIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RolesInitParameters. +func (in *RolesInitParameters) DeepCopy() *RolesInitParameters { + if in == nil { + return nil + } + out := new(RolesInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RolesList) DeepCopyInto(out *RolesList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Roles, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RolesList. +func (in *RolesList) DeepCopy() *RolesList { + if in == nil { + return nil + } + out := new(RolesList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *RolesList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RolesObservation) DeepCopyInto(out *RolesObservation) { + *out = *in + if in.Exhaustive != nil { + in, out := &in.Exhaustive, &out.Exhaustive + *out = new(bool) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.RealmID != nil { + in, out := &in.RealmID, &out.RealmID + *out = new(string) + **out = **in + } + if in.RoleIds != nil { + in, out := &in.RoleIds, &out.RoleIds + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.UserID != nil { + in, out := &in.UserID, &out.UserID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RolesObservation. +func (in *RolesObservation) DeepCopy() *RolesObservation { + if in == nil { + return nil + } + out := new(RolesObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RolesParameters) DeepCopyInto(out *RolesParameters) { + *out = *in + if in.Exhaustive != nil { + in, out := &in.Exhaustive, &out.Exhaustive + *out = new(bool) + **out = **in + } + if in.RealmID != nil { + in, out := &in.RealmID, &out.RealmID + *out = new(string) + **out = **in + } + if in.RealmIDRef != nil { + in, out := &in.RealmIDRef, &out.RealmIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.RealmIDSelector != nil { + in, out := &in.RealmIDSelector, &out.RealmIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.RoleIds != nil { + in, out := &in.RoleIds, &out.RoleIds + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } + if in.UserID != nil { + in, out := &in.UserID, &out.UserID + *out = new(string) + **out = **in + } + if in.UserIDRef != nil { + in, out := &in.UserIDRef, &out.UserIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.UserIDSelector != nil { + in, out := &in.UserIDSelector, &out.UserIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RolesParameters. +func (in *RolesParameters) DeepCopy() *RolesParameters { + if in == nil { + return nil + } + out := new(RolesParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RolesSpec) DeepCopyInto(out *RolesSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RolesSpec. +func (in *RolesSpec) DeepCopy() *RolesSpec { + if in == nil { + return nil + } + out := new(RolesSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RolesStatus) DeepCopyInto(out *RolesStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RolesStatus. +func (in *RolesStatus) DeepCopy() *RolesStatus { + if in == nil { + return nil + } + out := new(RolesStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *User) DeepCopyInto(out *User) { *out = *in diff --git a/apis/user/v1alpha1/zz_generated.managed.go b/apis/user/v1alpha1/zz_generated.managed.go index 8f9b346..ab7ac38 100644 --- a/apis/user/v1alpha1/zz_generated.managed.go +++ b/apis/user/v1alpha1/zz_generated.managed.go @@ -127,6 +127,66 @@ func (mg *Permissions) SetWriteConnectionSecretToReference(r *xpv1.SecretReferen mg.Spec.WriteConnectionSecretToReference = r } +// GetCondition of this Roles. +func (mg *Roles) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this Roles. +func (mg *Roles) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this Roles. +func (mg *Roles) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this Roles. +func (mg *Roles) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this Roles. +func (mg *Roles) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this Roles. +func (mg *Roles) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this Roles. +func (mg *Roles) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this Roles. +func (mg *Roles) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this Roles. +func (mg *Roles) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this Roles. +func (mg *Roles) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this Roles. +func (mg *Roles) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this Roles. +func (mg *Roles) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} + // GetCondition of this User. func (mg *User) GetCondition(ct xpv1.ConditionType) xpv1.Condition { return mg.Status.GetCondition(ct) diff --git a/apis/user/v1alpha1/zz_generated.managedlist.go b/apis/user/v1alpha1/zz_generated.managedlist.go index 8915b1e..fd76736 100644 --- a/apis/user/v1alpha1/zz_generated.managedlist.go +++ b/apis/user/v1alpha1/zz_generated.managedlist.go @@ -25,6 +25,15 @@ func (l *PermissionsList) GetItems() []resource.Managed { return items } +// GetItems of this RolesList. +func (l *RolesList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} + // GetItems of this UserList. func (l *UserList) GetItems() []resource.Managed { items := make([]resource.Managed, len(l.Items)) diff --git a/apis/user/v1alpha1/zz_generated.resolvers.go b/apis/user/v1alpha1/zz_generated.resolvers.go index b00d674..dcffd78 100644 --- a/apis/user/v1alpha1/zz_generated.resolvers.go +++ b/apis/user/v1alpha1/zz_generated.resolvers.go @@ -163,6 +163,80 @@ func (mg *Permissions) ResolveReferences(ctx context.Context, c client.Reader) e return nil } +// ResolveReferences of this Roles. +func (mg *Roles) ResolveReferences(ctx context.Context, c client.Reader) error { + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.RealmID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.RealmIDRef, + Selector: mg.Spec.ForProvider.RealmIDSelector, + To: reference.To{ + List: &v1alpha11.RealmList{}, + Managed: &v1alpha11.Realm{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.RealmID") + } + mg.Spec.ForProvider.RealmID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.RealmIDRef = rsp.ResolvedReference + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.UserID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.UserIDRef, + Selector: mg.Spec.ForProvider.UserIDSelector, + To: reference.To{ + List: &UserList{}, + Managed: &User{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.UserID") + } + mg.Spec.ForProvider.UserID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.UserIDRef = rsp.ResolvedReference + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.RealmID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.RealmIDRef, + Selector: mg.Spec.InitProvider.RealmIDSelector, + To: reference.To{ + List: &v1alpha11.RealmList{}, + Managed: &v1alpha11.Realm{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.RealmID") + } + mg.Spec.InitProvider.RealmID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.RealmIDRef = rsp.ResolvedReference + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.UserID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.UserIDRef, + Selector: mg.Spec.InitProvider.UserIDSelector, + To: reference.To{ + List: &UserList{}, + Managed: &User{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.UserID") + } + mg.Spec.InitProvider.UserID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.UserIDRef = rsp.ResolvedReference + + return nil +} + // ResolveReferences of this User. func (mg *User) ResolveReferences(ctx context.Context, c client.Reader) error { r := reference.NewAPIResolver(c, mg) diff --git a/apis/user/v1alpha1/zz_roles_terraformed.go b/apis/user/v1alpha1/zz_roles_terraformed.go new file mode 100755 index 0000000..8870bb2 --- /dev/null +++ b/apis/user/v1alpha1/zz_roles_terraformed.go @@ -0,0 +1,129 @@ +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package v1alpha1 + +import ( + "dario.cat/mergo" + "github.com/pkg/errors" + + "github.com/crossplane/upjet/pkg/resource" + "github.com/crossplane/upjet/pkg/resource/json" +) + +// GetTerraformResourceType returns Terraform resource type for this Roles +func (mg *Roles) GetTerraformResourceType() string { + return "keycloak_user_roles" +} + +// GetConnectionDetailsMapping for this Roles +func (tr *Roles) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this Roles +func (tr *Roles) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this Roles +func (tr *Roles) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this Roles +func (tr *Roles) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this Roles +func (tr *Roles) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this Roles +func (tr *Roles) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this Roles +func (tr *Roles) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this Roles +func (tr *Roles) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this Roles using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *Roles) LateInitialize(attrs []byte) (bool, error) { + params := &RolesParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *Roles) GetTerraformSchemaVersion() int { + return 0 +} diff --git a/apis/user/v1alpha1/zz_roles_types.go b/apis/user/v1alpha1/zz_roles_types.go new file mode 100755 index 0000000..c1c08d3 --- /dev/null +++ b/apis/user/v1alpha1/zz_roles_types.go @@ -0,0 +1,166 @@ +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type RolesInitParameters struct { + + // Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the user will be removed. Defaults to true. + Exhaustive *bool `json:"exhaustive,omitempty" tf:"exhaustive,omitempty"` + + // The realm this user exists in. + // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/realm/v1alpha1.Realm + RealmID *string `json:"realmId,omitempty" tf:"realm_id,omitempty"` + + // Reference to a Realm in realm to populate realmId. + // +kubebuilder:validation:Optional + RealmIDRef *v1.Reference `json:"realmIdRef,omitempty" tf:"-"` + + // Selector for a Realm in realm to populate realmId. + // +kubebuilder:validation:Optional + RealmIDSelector *v1.Selector `json:"realmIdSelector,omitempty" tf:"-"` + + // A list of role IDs to map to the user + // +listType=set + RoleIds []*string `json:"roleIds,omitempty" tf:"role_ids,omitempty"` + + // The ID of the user this resource should manage roles for. + // +crossplane:generate:reference:type=User + UserID *string `json:"userId,omitempty" tf:"user_id,omitempty"` + + // Reference to a User to populate userId. + // +kubebuilder:validation:Optional + UserIDRef *v1.Reference `json:"userIdRef,omitempty" tf:"-"` + + // Selector for a User to populate userId. + // +kubebuilder:validation:Optional + UserIDSelector *v1.Selector `json:"userIdSelector,omitempty" tf:"-"` +} + +type RolesObservation struct { + + // Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the user will be removed. Defaults to true. + Exhaustive *bool `json:"exhaustive,omitempty" tf:"exhaustive,omitempty"` + + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The realm this user exists in. + RealmID *string `json:"realmId,omitempty" tf:"realm_id,omitempty"` + + // A list of role IDs to map to the user + // +listType=set + RoleIds []*string `json:"roleIds,omitempty" tf:"role_ids,omitempty"` + + // The ID of the user this resource should manage roles for. + UserID *string `json:"userId,omitempty" tf:"user_id,omitempty"` +} + +type RolesParameters struct { + + // Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the user will be removed. Defaults to true. + // +kubebuilder:validation:Optional + Exhaustive *bool `json:"exhaustive,omitempty" tf:"exhaustive,omitempty"` + + // The realm this user exists in. + // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/realm/v1alpha1.Realm + // +kubebuilder:validation:Optional + RealmID *string `json:"realmId,omitempty" tf:"realm_id,omitempty"` + + // Reference to a Realm in realm to populate realmId. + // +kubebuilder:validation:Optional + RealmIDRef *v1.Reference `json:"realmIdRef,omitempty" tf:"-"` + + // Selector for a Realm in realm to populate realmId. + // +kubebuilder:validation:Optional + RealmIDSelector *v1.Selector `json:"realmIdSelector,omitempty" tf:"-"` + + // A list of role IDs to map to the user + // +kubebuilder:validation:Optional + // +listType=set + RoleIds []*string `json:"roleIds,omitempty" tf:"role_ids,omitempty"` + + // The ID of the user this resource should manage roles for. + // +crossplane:generate:reference:type=User + // +kubebuilder:validation:Optional + UserID *string `json:"userId,omitempty" tf:"user_id,omitempty"` + + // Reference to a User to populate userId. + // +kubebuilder:validation:Optional + UserIDRef *v1.Reference `json:"userIdRef,omitempty" tf:"-"` + + // Selector for a User to populate userId. + // +kubebuilder:validation:Optional + UserIDSelector *v1.Selector `json:"userIdSelector,omitempty" tf:"-"` +} + +// RolesSpec defines the desired state of Roles +type RolesSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider RolesParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider RolesInitParameters `json:"initProvider,omitempty"` +} + +// RolesStatus defines the observed state of Roles. +type RolesStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider RolesObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:storageversion + +// Roles is the Schema for the Roless API. +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,keycloak} +type Roles struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.roleIds) || (has(self.initProvider) && has(self.initProvider.roleIds))",message="spec.forProvider.roleIds is a required parameter" + Spec RolesSpec `json:"spec"` + Status RolesStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// RolesList contains a list of Roless +type RolesList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Roles `json:"items"` +} + +// Repository type metadata. +var ( + Roles_Kind = "Roles" + Roles_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: Roles_Kind}.String() + Roles_KindAPIVersion = Roles_Kind + "." + CRDGroupVersion.String() + Roles_GroupVersionKind = CRDGroupVersion.WithKind(Roles_Kind) +) + +func init() { + SchemeBuilder.Register(&Roles{}, &RolesList{}) +} diff --git a/config/external_name.go b/config/external_name.go index 57a01e2..f7477f6 100644 --- a/config/external_name.go +++ b/config/external_name.go @@ -31,6 +31,7 @@ var ExternalNameConfigs = map[string]config.ExternalName{ "keycloak_required_action": config.IdentifierFromProvider, "keycloak_role": config.IdentifierFromProvider, "keycloak_user_groups": config.IdentifierFromProvider, + "keycloak_user_roles": config.IdentifierFromProvider, "keycloak_users_permissions": config.IdentifierFromProvider, "keycloak_user": config.IdentifierFromProvider, "keycloak_oidc_identity_provider": config.IdentifierFromProvider, diff --git a/config/user/config.go b/config/user/config.go index 959f37d..2eb7003 100644 --- a/config/user/config.go +++ b/config/user/config.go @@ -20,6 +20,14 @@ func Configure(p *config.Provider) { } }) + p.AddResourceConfigurator("keycloak_user_roles", func(r *config.Resource) { + r.ShortGroup = "user" + + r.References["user_id"] = config.Reference{ + Type: "User", + } + }) + p.AddResourceConfigurator("keycloak_users_permissions", func(r *config.Resource) { r.ShortGroup = "user" }) diff --git a/examples-generated/user/v1alpha1/roles.yaml b/examples-generated/user/v1alpha1/roles.yaml new file mode 100644 index 0000000..6dfdabd --- /dev/null +++ b/examples-generated/user/v1alpha1/roles.yaml @@ -0,0 +1,116 @@ +apiVersion: user.keycloak.crossplane.io/v1alpha1 +kind: Roles +metadata: + annotations: + meta.upbound.io/example-id: user/v1alpha1/roles + labels: + testing.upbound.io/example-name: user_roles + name: user-roles +spec: + forProvider: + realmIdSelector: + matchLabels: + testing.upbound.io/example-name: realm + roleIds: + - ${keycloak_role.realm_role.id} + - ${keycloak_role.client_role.id} + userIdSelector: + matchLabels: + testing.upbound.io/example-name: user + +--- + +apiVersion: openidclient.keycloak.crossplane.io/v1alpha1 +kind: Client +metadata: + annotations: + meta.upbound.io/example-id: user/v1alpha1/roles + labels: + testing.upbound.io/example-name: client + name: client +spec: + forProvider: + accessType: BEARER-ONLY + clientIdSelector: + matchLabels: + testing.upbound.io/example-name: example + enabled: true + name: client + realmIdSelector: + matchLabels: + testing.upbound.io/example-name: realm + +--- + +apiVersion: realm.keycloak.crossplane.io/v1alpha1 +kind: Realm +metadata: + annotations: + meta.upbound.io/example-id: user/v1alpha1/roles + labels: + testing.upbound.io/example-name: realm + name: realm +spec: + forProvider: + enabled: true + realm: my-realm + +--- + +apiVersion: role.keycloak.crossplane.io/v1alpha1 +kind: Role +metadata: + annotations: + meta.upbound.io/example-id: user/v1alpha1/roles + labels: + testing.upbound.io/example-name: client_role + name: client-role +spec: + forProvider: + clientIdSelector: + matchLabels: + testing.upbound.io/example-name: client + description: My Client Role + name: my-client-role + realmIdSelector: + matchLabels: + testing.upbound.io/example-name: realm + +--- + +apiVersion: role.keycloak.crossplane.io/v1alpha1 +kind: Role +metadata: + annotations: + meta.upbound.io/example-id: user/v1alpha1/roles + labels: + testing.upbound.io/example-name: realm_role + name: realm-role +spec: + forProvider: + description: My Realm Role + name: my-realm-role + realmIdSelector: + matchLabels: + testing.upbound.io/example-name: realm + +--- + +apiVersion: user.keycloak.crossplane.io/v1alpha1 +kind: User +metadata: + annotations: + meta.upbound.io/example-id: user/v1alpha1/roles + labels: + testing.upbound.io/example-name: user + name: user +spec: + forProvider: + email: bob@domain.com + enabled: true + firstName: Bob + lastName: Bobson + realmIdSelector: + matchLabels: + testing.upbound.io/example-name: realm + username: bob diff --git a/internal/controller/user/roles/zz_controller.go b/internal/controller/user/roles/zz_controller.go new file mode 100755 index 0000000..013183e --- /dev/null +++ b/internal/controller/user/roles/zz_controller.go @@ -0,0 +1,87 @@ +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package roles + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + "github.com/crossplane/crossplane-runtime/pkg/statemetrics" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/terraform" + "github.com/pkg/errors" + ctrl "sigs.k8s.io/controller-runtime" + + v1alpha1 "github.com/crossplane-contrib/provider-keycloak/apis/user/v1alpha1" + features "github.com/crossplane-contrib/provider-keycloak/internal/features" +) + +// Setup adds a controller that reconciles Roles managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1alpha1.Roles_GroupVersionKind.String()) + var initializers managed.InitializerChain + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1alpha1.Roles_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1alpha1.Roles_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["keycloak_user_roles"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithConnectorEventHandler(eventHandler), + tjcontroller.WithCallbackProvider(ac), + )), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + if o.Features.Enabled(features.EnableBetaManagementPolicies) { + opts = append(opts, managed.WithManagementPolicies()) + } + if o.MetricOptions != nil { + opts = append(opts, managed.WithMetricRecorder(o.MetricOptions.MRMetrics)) + } + + // register webhooks for the kind v1alpha1.Roles + // if they're enabled. + if o.StartWebhooks { + if err := ctrl.NewWebhookManagedBy(mgr). + For(&v1alpha1.Roles{}). + Complete(); err != nil { + return errors.Wrap(err, "cannot register webhook for the kind v1alpha1.Roles") + } + } + + if o.MetricOptions != nil && o.MetricOptions.MRStateMetrics != nil { + stateMetricsRecorder := statemetrics.NewMRStateRecorder( + mgr.GetClient(), o.Logger, o.MetricOptions.MRStateMetrics, &v1alpha1.RolesList{}, o.MetricOptions.PollStateMetricInterval, + ) + if err := mgr.Add(stateMetricsRecorder); err != nil { + return errors.Wrap(err, "cannot register MR state metrics recorder for kind v1alpha1.RolesList") + } + } + + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1alpha1.Roles_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1alpha1.Roles{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/zz_setup.go b/internal/controller/zz_setup.go index 1e38770..6216f1e 100755 --- a/internal/controller/zz_setup.go +++ b/internal/controller/zz_setup.go @@ -52,6 +52,7 @@ import ( clientscopesamlclient "github.com/crossplane-contrib/provider-keycloak/internal/controller/samlclient/clientscope" groups "github.com/crossplane-contrib/provider-keycloak/internal/controller/user/groups" permissionsuser "github.com/crossplane-contrib/provider-keycloak/internal/controller/user/permissions" + rolesuser "github.com/crossplane-contrib/provider-keycloak/internal/controller/user/roles" user "github.com/crossplane-contrib/provider-keycloak/internal/controller/user/user" ) @@ -102,6 +103,7 @@ func Setup(mgr ctrl.Manager, o controller.Options) error { clientscopesamlclient.Setup, groups.Setup, permissionsuser.Setup, + rolesuser.Setup, user.Setup, } { if err := setup(mgr, o); err != nil { diff --git a/package/crds/user.keycloak.crossplane.io_roles.yaml b/package/crds/user.keycloak.crossplane.io_roles.yaml new file mode 100644 index 0000000..5bcba8f --- /dev/null +++ b/package/crds/user.keycloak.crossplane.io_roles.yaml @@ -0,0 +1,680 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: roles.user.keycloak.crossplane.io +spec: + group: user.keycloak.crossplane.io + names: + categories: + - crossplane + - managed + - keycloak + kind: Roles + listKind: RolesList + plural: roles + singular: roles + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Roles is the Schema for the Roless API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RolesSpec defines the desired state of Roles + properties: + deletionPolicy: + default: Delete + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + exhaustive: + description: Indicates if the list of roles is exhaustive. In + this case, roles that are manually added to the user will be + removed. Defaults to true. + type: boolean + realmId: + description: The realm this user exists in. + type: string + realmIdRef: + description: Reference to a Realm in realm to populate realmId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + realmIdSelector: + description: Selector for a Realm in realm to populate realmId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + roleIds: + description: A list of role IDs to map to the user + items: + type: string + type: array + x-kubernetes-list-type: set + userId: + description: The ID of the user this resource should manage roles + for. + type: string + userIdRef: + description: Reference to a User to populate userId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + userIdSelector: + description: Selector for a User to populate userId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + initProvider: + description: |- + THIS IS A BETA FIELD. It will be honored + unless the Management Policies feature flag is disabled. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. + properties: + exhaustive: + description: Indicates if the list of roles is exhaustive. In + this case, roles that are manually added to the user will be + removed. Defaults to true. + type: boolean + realmId: + description: The realm this user exists in. + type: string + realmIdRef: + description: Reference to a Realm in realm to populate realmId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + realmIdSelector: + description: Selector for a Realm in realm to populate realmId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + roleIds: + description: A list of role IDs to map to the user + items: + type: string + type: array + x-kubernetes-list-type: set + userId: + description: The ID of the user this resource should manage roles + for. + type: string + userIdRef: + description: Reference to a User to populate userId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + userIdSelector: + description: Selector for a User to populate userId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + type: object + managementPolicies: + default: + - '*' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md + items: + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. + type: object + type: + description: |- + Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.roleIds is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.roleIds) + || (has(self.initProvider) && has(self.initProvider.roleIds))' + status: + description: RolesStatus defines the observed state of Roles. + properties: + atProvider: + properties: + exhaustive: + description: Indicates if the list of roles is exhaustive. In + this case, roles that are manually added to the user will be + removed. Defaults to true. + type: boolean + id: + type: string + realmId: + description: The realm this user exists in. + type: string + roleIds: + description: A list of role IDs to map to the user + items: + type: string + type: array + x-kubernetes-list-type: set + userId: + description: The ID of the user this resource should manage roles + for. + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the latest metadata.generation + which resulted in either a ready state, or stalled due to error + it can not recover from without human intervention. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {}