From 170a136ec6e98517e8bffa72d76b3c08ea8295dd Mon Sep 17 00:00:00 2001 From: Breee Date: Fri, 9 Feb 2024 12:49:26 +0100 Subject: [PATCH] feat(ressources): keycloak_openid_client_service_account_realm_role and keycloak_openid_client_service_account_role Signed-off-by: Breee --- .../zz_clientserviceaccountrealmrole_types.go | 126 +++++ .../zz_clientserviceaccountrole_types.go | 143 +++++ .../v1alpha1/zz_generated.deepcopy.go | 408 +++++++++++++++ .../v1alpha1/zz_generated.managed.go | 120 +++++ .../v1alpha1/zz_generated.managedlist.go | 18 + .../v1alpha1/zz_generated.resolvers.go | 68 +++ .../v1alpha1/zz_generated_terraformed.go | 228 ++++++++ config/external_name.go | 30 +- config/openidclient/config.go | 8 + .../clientserviceaccountrealmrole.yaml | 65 +++ .../clientserviceaccountrole.yaml | 89 ++++ .../zz_controller.go | 62 +++ .../clientserviceaccountrole/zz_controller.go | 62 +++ internal/controller/zz_setup.go | 4 + ...ane.io_clientserviceaccountrealmroles.yaml | 409 +++++++++++++++ ...ossplane.io_clientserviceaccountroles.yaml | 490 ++++++++++++++++++ 16 files changed, 2316 insertions(+), 14 deletions(-) create mode 100755 apis/openidclient/v1alpha1/zz_clientserviceaccountrealmrole_types.go create mode 100755 apis/openidclient/v1alpha1/zz_clientserviceaccountrole_types.go create mode 100644 examples-generated/openidclient/clientserviceaccountrealmrole.yaml create mode 100644 examples-generated/openidclient/clientserviceaccountrole.yaml create mode 100755 internal/controller/openidclient/clientserviceaccountrealmrole/zz_controller.go create mode 100755 internal/controller/openidclient/clientserviceaccountrole/zz_controller.go create mode 100644 package/crds/openidclient.keycloak.crossplane.io_clientserviceaccountrealmroles.yaml create mode 100644 package/crds/openidclient.keycloak.crossplane.io_clientserviceaccountroles.yaml diff --git a/apis/openidclient/v1alpha1/zz_clientserviceaccountrealmrole_types.go b/apis/openidclient/v1alpha1/zz_clientserviceaccountrealmrole_types.go new file mode 100755 index 00000000..f58825ed --- /dev/null +++ b/apis/openidclient/v1alpha1/zz_clientserviceaccountrealmrole_types.go @@ -0,0 +1,126 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type ClientServiceAccountRealmRoleInitParameters struct { + + // The name of the role that is assigned. + Role *string `json:"role,omitempty" tf:"role,omitempty"` + + // The id of the service account that is assigned the role (the service account of the client that "consumes" the role). + ServiceAccountUserID *string `json:"serviceAccountUserId,omitempty" tf:"service_account_user_id,omitempty"` +} + +type ClientServiceAccountRealmRoleObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The realm that the client and role belong to. + RealmID *string `json:"realmId,omitempty" tf:"realm_id,omitempty"` + + // The name of the role that is assigned. + Role *string `json:"role,omitempty" tf:"role,omitempty"` + + // The id of the service account that is assigned the role (the service account of the client that "consumes" the role). + ServiceAccountUserID *string `json:"serviceAccountUserId,omitempty" tf:"service_account_user_id,omitempty"` +} + +type ClientServiceAccountRealmRoleParameters struct { + + // The realm that the client and role belong to. + // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/realm/v1alpha1.Realm + // +kubebuilder:validation:Optional + RealmID *string `json:"realmId,omitempty" tf:"realm_id,omitempty"` + + // Reference to a Realm in realm to populate realmId. + // +kubebuilder:validation:Optional + RealmIDRef *v1.Reference `json:"realmIdRef,omitempty" tf:"-"` + + // Selector for a Realm in realm to populate realmId. + // +kubebuilder:validation:Optional + RealmIDSelector *v1.Selector `json:"realmIdSelector,omitempty" tf:"-"` + + // The name of the role that is assigned. + // +kubebuilder:validation:Optional + Role *string `json:"role,omitempty" tf:"role,omitempty"` + + // The id of the service account that is assigned the role (the service account of the client that "consumes" the role). + // +kubebuilder:validation:Optional + ServiceAccountUserID *string `json:"serviceAccountUserId,omitempty" tf:"service_account_user_id,omitempty"` +} + +// ClientServiceAccountRealmRoleSpec defines the desired state of ClientServiceAccountRealmRole +type ClientServiceAccountRealmRoleSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider ClientServiceAccountRealmRoleParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider ClientServiceAccountRealmRoleInitParameters `json:"initProvider,omitempty"` +} + +// ClientServiceAccountRealmRoleStatus defines the observed state of ClientServiceAccountRealmRole. +type ClientServiceAccountRealmRoleStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider ClientServiceAccountRealmRoleObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true + +// ClientServiceAccountRealmRole is the Schema for the ClientServiceAccountRealmRoles API. +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,keycloak} +type ClientServiceAccountRealmRole struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.role) || (has(self.initProvider) && has(self.initProvider.role))",message="spec.forProvider.role is a required parameter" + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.serviceAccountUserId) || (has(self.initProvider) && has(self.initProvider.serviceAccountUserId))",message="spec.forProvider.serviceAccountUserId is a required parameter" + Spec ClientServiceAccountRealmRoleSpec `json:"spec"` + Status ClientServiceAccountRealmRoleStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// ClientServiceAccountRealmRoleList contains a list of ClientServiceAccountRealmRoles +type ClientServiceAccountRealmRoleList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []ClientServiceAccountRealmRole `json:"items"` +} + +// Repository type metadata. +var ( + ClientServiceAccountRealmRole_Kind = "ClientServiceAccountRealmRole" + ClientServiceAccountRealmRole_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: ClientServiceAccountRealmRole_Kind}.String() + ClientServiceAccountRealmRole_KindAPIVersion = ClientServiceAccountRealmRole_Kind + "." + CRDGroupVersion.String() + ClientServiceAccountRealmRole_GroupVersionKind = CRDGroupVersion.WithKind(ClientServiceAccountRealmRole_Kind) +) + +func init() { + SchemeBuilder.Register(&ClientServiceAccountRealmRole{}, &ClientServiceAccountRealmRoleList{}) +} diff --git a/apis/openidclient/v1alpha1/zz_clientserviceaccountrole_types.go b/apis/openidclient/v1alpha1/zz_clientserviceaccountrole_types.go new file mode 100755 index 00000000..fd6a637b --- /dev/null +++ b/apis/openidclient/v1alpha1/zz_clientserviceaccountrole_types.go @@ -0,0 +1,143 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + + v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +) + +type ClientServiceAccountRoleInitParameters struct { + + // The name of the role that is assigned. + Role *string `json:"role,omitempty" tf:"role,omitempty"` + + // The id of the service account that is assigned the role (the service account of the client that "consumes" the role). + ServiceAccountUserID *string `json:"serviceAccountUserId,omitempty" tf:"service_account_user_id,omitempty"` +} + +type ClientServiceAccountRoleObservation struct { + + // The id of the client that provides the role. + ClientID *string `json:"clientId,omitempty" tf:"client_id,omitempty"` + + ID *string `json:"id,omitempty" tf:"id,omitempty"` + + // The realm the clients and roles belong to. + RealmID *string `json:"realmId,omitempty" tf:"realm_id,omitempty"` + + // The name of the role that is assigned. + Role *string `json:"role,omitempty" tf:"role,omitempty"` + + // The id of the service account that is assigned the role (the service account of the client that "consumes" the role). + ServiceAccountUserID *string `json:"serviceAccountUserId,omitempty" tf:"service_account_user_id,omitempty"` +} + +type ClientServiceAccountRoleParameters struct { + + // The id of the client that provides the role. + // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/openidclient/v1alpha1.Client + // +kubebuilder:validation:Optional + ClientID *string `json:"clientId,omitempty" tf:"client_id,omitempty"` + + // Reference to a Client in openidclient to populate clientId. + // +kubebuilder:validation:Optional + ClientIDRef *v1.Reference `json:"clientIdRef,omitempty" tf:"-"` + + // Selector for a Client in openidclient to populate clientId. + // +kubebuilder:validation:Optional + ClientIDSelector *v1.Selector `json:"clientIdSelector,omitempty" tf:"-"` + + // The realm the clients and roles belong to. + // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/realm/v1alpha1.Realm + // +kubebuilder:validation:Optional + RealmID *string `json:"realmId,omitempty" tf:"realm_id,omitempty"` + + // Reference to a Realm in realm to populate realmId. + // +kubebuilder:validation:Optional + RealmIDRef *v1.Reference `json:"realmIdRef,omitempty" tf:"-"` + + // Selector for a Realm in realm to populate realmId. + // +kubebuilder:validation:Optional + RealmIDSelector *v1.Selector `json:"realmIdSelector,omitempty" tf:"-"` + + // The name of the role that is assigned. + // +kubebuilder:validation:Optional + Role *string `json:"role,omitempty" tf:"role,omitempty"` + + // The id of the service account that is assigned the role (the service account of the client that "consumes" the role). + // +kubebuilder:validation:Optional + ServiceAccountUserID *string `json:"serviceAccountUserId,omitempty" tf:"service_account_user_id,omitempty"` +} + +// ClientServiceAccountRoleSpec defines the desired state of ClientServiceAccountRole +type ClientServiceAccountRoleSpec struct { + v1.ResourceSpec `json:",inline"` + ForProvider ClientServiceAccountRoleParameters `json:"forProvider"` + // THIS IS A BETA FIELD. It will be honored + // unless the Management Policies feature flag is disabled. + // InitProvider holds the same fields as ForProvider, with the exception + // of Identifier and other resource reference fields. The fields that are + // in InitProvider are merged into ForProvider when the resource is created. + // The same fields are also added to the terraform ignore_changes hook, to + // avoid updating them after creation. This is useful for fields that are + // required on creation, but we do not desire to update them after creation, + // for example because of an external controller is managing them, like an + // autoscaler. + InitProvider ClientServiceAccountRoleInitParameters `json:"initProvider,omitempty"` +} + +// ClientServiceAccountRoleStatus defines the observed state of ClientServiceAccountRole. +type ClientServiceAccountRoleStatus struct { + v1.ResourceStatus `json:",inline"` + AtProvider ClientServiceAccountRoleObservation `json:"atProvider,omitempty"` +} + +// +kubebuilder:object:root=true + +// ClientServiceAccountRole is the Schema for the ClientServiceAccountRoles API. +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,keycloak} +type ClientServiceAccountRole struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.role) || (has(self.initProvider) && has(self.initProvider.role))",message="spec.forProvider.role is a required parameter" + // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.serviceAccountUserId) || (has(self.initProvider) && has(self.initProvider.serviceAccountUserId))",message="spec.forProvider.serviceAccountUserId is a required parameter" + Spec ClientServiceAccountRoleSpec `json:"spec"` + Status ClientServiceAccountRoleStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// ClientServiceAccountRoleList contains a list of ClientServiceAccountRoles +type ClientServiceAccountRoleList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []ClientServiceAccountRole `json:"items"` +} + +// Repository type metadata. +var ( + ClientServiceAccountRole_Kind = "ClientServiceAccountRole" + ClientServiceAccountRole_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: ClientServiceAccountRole_Kind}.String() + ClientServiceAccountRole_KindAPIVersion = ClientServiceAccountRole_Kind + "." + CRDGroupVersion.String() + ClientServiceAccountRole_GroupVersionKind = CRDGroupVersion.WithKind(ClientServiceAccountRole_Kind) +) + +func init() { + SchemeBuilder.Register(&ClientServiceAccountRole{}, &ClientServiceAccountRoleList{}) +} diff --git a/apis/openidclient/v1alpha1/zz_generated.deepcopy.go b/apis/openidclient/v1alpha1/zz_generated.deepcopy.go index d6c9a6be..27bf2224 100644 --- a/apis/openidclient/v1alpha1/zz_generated.deepcopy.go +++ b/apis/openidclient/v1alpha1/zz_generated.deepcopy.go @@ -1527,6 +1527,414 @@ func (in *ClientScopeStatus) DeepCopy() *ClientScopeStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientServiceAccountRealmRole) DeepCopyInto(out *ClientServiceAccountRealmRole) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientServiceAccountRealmRole. +func (in *ClientServiceAccountRealmRole) DeepCopy() *ClientServiceAccountRealmRole { + if in == nil { + return nil + } + out := new(ClientServiceAccountRealmRole) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClientServiceAccountRealmRole) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientServiceAccountRealmRoleInitParameters) DeepCopyInto(out *ClientServiceAccountRealmRoleInitParameters) { + *out = *in + if in.Role != nil { + in, out := &in.Role, &out.Role + *out = new(string) + **out = **in + } + if in.ServiceAccountUserID != nil { + in, out := &in.ServiceAccountUserID, &out.ServiceAccountUserID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientServiceAccountRealmRoleInitParameters. +func (in *ClientServiceAccountRealmRoleInitParameters) DeepCopy() *ClientServiceAccountRealmRoleInitParameters { + if in == nil { + return nil + } + out := new(ClientServiceAccountRealmRoleInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientServiceAccountRealmRoleList) DeepCopyInto(out *ClientServiceAccountRealmRoleList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ClientServiceAccountRealmRole, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientServiceAccountRealmRoleList. +func (in *ClientServiceAccountRealmRoleList) DeepCopy() *ClientServiceAccountRealmRoleList { + if in == nil { + return nil + } + out := new(ClientServiceAccountRealmRoleList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClientServiceAccountRealmRoleList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientServiceAccountRealmRoleObservation) DeepCopyInto(out *ClientServiceAccountRealmRoleObservation) { + *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.RealmID != nil { + in, out := &in.RealmID, &out.RealmID + *out = new(string) + **out = **in + } + if in.Role != nil { + in, out := &in.Role, &out.Role + *out = new(string) + **out = **in + } + if in.ServiceAccountUserID != nil { + in, out := &in.ServiceAccountUserID, &out.ServiceAccountUserID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientServiceAccountRealmRoleObservation. +func (in *ClientServiceAccountRealmRoleObservation) DeepCopy() *ClientServiceAccountRealmRoleObservation { + if in == nil { + return nil + } + out := new(ClientServiceAccountRealmRoleObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientServiceAccountRealmRoleParameters) DeepCopyInto(out *ClientServiceAccountRealmRoleParameters) { + *out = *in + if in.RealmID != nil { + in, out := &in.RealmID, &out.RealmID + *out = new(string) + **out = **in + } + if in.RealmIDRef != nil { + in, out := &in.RealmIDRef, &out.RealmIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.RealmIDSelector != nil { + in, out := &in.RealmIDSelector, &out.RealmIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Role != nil { + in, out := &in.Role, &out.Role + *out = new(string) + **out = **in + } + if in.ServiceAccountUserID != nil { + in, out := &in.ServiceAccountUserID, &out.ServiceAccountUserID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientServiceAccountRealmRoleParameters. +func (in *ClientServiceAccountRealmRoleParameters) DeepCopy() *ClientServiceAccountRealmRoleParameters { + if in == nil { + return nil + } + out := new(ClientServiceAccountRealmRoleParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientServiceAccountRealmRoleSpec) DeepCopyInto(out *ClientServiceAccountRealmRoleSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientServiceAccountRealmRoleSpec. +func (in *ClientServiceAccountRealmRoleSpec) DeepCopy() *ClientServiceAccountRealmRoleSpec { + if in == nil { + return nil + } + out := new(ClientServiceAccountRealmRoleSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientServiceAccountRealmRoleStatus) DeepCopyInto(out *ClientServiceAccountRealmRoleStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientServiceAccountRealmRoleStatus. +func (in *ClientServiceAccountRealmRoleStatus) DeepCopy() *ClientServiceAccountRealmRoleStatus { + if in == nil { + return nil + } + out := new(ClientServiceAccountRealmRoleStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientServiceAccountRole) DeepCopyInto(out *ClientServiceAccountRole) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientServiceAccountRole. +func (in *ClientServiceAccountRole) DeepCopy() *ClientServiceAccountRole { + if in == nil { + return nil + } + out := new(ClientServiceAccountRole) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClientServiceAccountRole) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientServiceAccountRoleInitParameters) DeepCopyInto(out *ClientServiceAccountRoleInitParameters) { + *out = *in + if in.Role != nil { + in, out := &in.Role, &out.Role + *out = new(string) + **out = **in + } + if in.ServiceAccountUserID != nil { + in, out := &in.ServiceAccountUserID, &out.ServiceAccountUserID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientServiceAccountRoleInitParameters. +func (in *ClientServiceAccountRoleInitParameters) DeepCopy() *ClientServiceAccountRoleInitParameters { + if in == nil { + return nil + } + out := new(ClientServiceAccountRoleInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientServiceAccountRoleList) DeepCopyInto(out *ClientServiceAccountRoleList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ClientServiceAccountRole, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientServiceAccountRoleList. +func (in *ClientServiceAccountRoleList) DeepCopy() *ClientServiceAccountRoleList { + if in == nil { + return nil + } + out := new(ClientServiceAccountRoleList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClientServiceAccountRoleList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientServiceAccountRoleObservation) DeepCopyInto(out *ClientServiceAccountRoleObservation) { + *out = *in + if in.ClientID != nil { + in, out := &in.ClientID, &out.ClientID + *out = new(string) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.RealmID != nil { + in, out := &in.RealmID, &out.RealmID + *out = new(string) + **out = **in + } + if in.Role != nil { + in, out := &in.Role, &out.Role + *out = new(string) + **out = **in + } + if in.ServiceAccountUserID != nil { + in, out := &in.ServiceAccountUserID, &out.ServiceAccountUserID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientServiceAccountRoleObservation. +func (in *ClientServiceAccountRoleObservation) DeepCopy() *ClientServiceAccountRoleObservation { + if in == nil { + return nil + } + out := new(ClientServiceAccountRoleObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientServiceAccountRoleParameters) DeepCopyInto(out *ClientServiceAccountRoleParameters) { + *out = *in + if in.ClientID != nil { + in, out := &in.ClientID, &out.ClientID + *out = new(string) + **out = **in + } + if in.ClientIDRef != nil { + in, out := &in.ClientIDRef, &out.ClientIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ClientIDSelector != nil { + in, out := &in.ClientIDSelector, &out.ClientIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.RealmID != nil { + in, out := &in.RealmID, &out.RealmID + *out = new(string) + **out = **in + } + if in.RealmIDRef != nil { + in, out := &in.RealmIDRef, &out.RealmIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.RealmIDSelector != nil { + in, out := &in.RealmIDSelector, &out.RealmIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } + if in.Role != nil { + in, out := &in.Role, &out.Role + *out = new(string) + **out = **in + } + if in.ServiceAccountUserID != nil { + in, out := &in.ServiceAccountUserID, &out.ServiceAccountUserID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientServiceAccountRoleParameters. +func (in *ClientServiceAccountRoleParameters) DeepCopy() *ClientServiceAccountRoleParameters { + if in == nil { + return nil + } + out := new(ClientServiceAccountRoleParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientServiceAccountRoleSpec) DeepCopyInto(out *ClientServiceAccountRoleSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + in.ForProvider.DeepCopyInto(&out.ForProvider) + in.InitProvider.DeepCopyInto(&out.InitProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientServiceAccountRoleSpec. +func (in *ClientServiceAccountRoleSpec) DeepCopy() *ClientServiceAccountRoleSpec { + if in == nil { + return nil + } + out := new(ClientServiceAccountRoleSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientServiceAccountRoleStatus) DeepCopyInto(out *ClientServiceAccountRoleStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) + in.AtProvider.DeepCopyInto(&out.AtProvider) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientServiceAccountRoleStatus. +func (in *ClientServiceAccountRoleStatus) DeepCopy() *ClientServiceAccountRoleStatus { + if in == nil { + return nil + } + out := new(ClientServiceAccountRoleStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClientSpec) DeepCopyInto(out *ClientSpec) { *out = *in diff --git a/apis/openidclient/v1alpha1/zz_generated.managed.go b/apis/openidclient/v1alpha1/zz_generated.managed.go index 94569bb8..3466654f 100644 --- a/apis/openidclient/v1alpha1/zz_generated.managed.go +++ b/apis/openidclient/v1alpha1/zz_generated.managed.go @@ -186,3 +186,123 @@ func (mg *ClientScope) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDe func (mg *ClientScope) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { mg.Spec.WriteConnectionSecretToReference = r } + +// GetCondition of this ClientServiceAccountRealmRole. +func (mg *ClientServiceAccountRealmRole) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this ClientServiceAccountRealmRole. +func (mg *ClientServiceAccountRealmRole) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this ClientServiceAccountRealmRole. +func (mg *ClientServiceAccountRealmRole) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this ClientServiceAccountRealmRole. +func (mg *ClientServiceAccountRealmRole) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this ClientServiceAccountRealmRole. +func (mg *ClientServiceAccountRealmRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this ClientServiceAccountRealmRole. +func (mg *ClientServiceAccountRealmRole) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this ClientServiceAccountRealmRole. +func (mg *ClientServiceAccountRealmRole) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this ClientServiceAccountRealmRole. +func (mg *ClientServiceAccountRealmRole) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this ClientServiceAccountRealmRole. +func (mg *ClientServiceAccountRealmRole) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this ClientServiceAccountRealmRole. +func (mg *ClientServiceAccountRealmRole) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this ClientServiceAccountRealmRole. +func (mg *ClientServiceAccountRealmRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this ClientServiceAccountRealmRole. +func (mg *ClientServiceAccountRealmRole) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} + +// GetCondition of this ClientServiceAccountRole. +func (mg *ClientServiceAccountRole) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this ClientServiceAccountRole. +func (mg *ClientServiceAccountRole) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this ClientServiceAccountRole. +func (mg *ClientServiceAccountRole) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this ClientServiceAccountRole. +func (mg *ClientServiceAccountRole) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this ClientServiceAccountRole. +func (mg *ClientServiceAccountRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this ClientServiceAccountRole. +func (mg *ClientServiceAccountRole) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this ClientServiceAccountRole. +func (mg *ClientServiceAccountRole) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this ClientServiceAccountRole. +func (mg *ClientServiceAccountRole) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this ClientServiceAccountRole. +func (mg *ClientServiceAccountRole) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this ClientServiceAccountRole. +func (mg *ClientServiceAccountRole) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this ClientServiceAccountRole. +func (mg *ClientServiceAccountRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this ClientServiceAccountRole. +func (mg *ClientServiceAccountRole) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} diff --git a/apis/openidclient/v1alpha1/zz_generated.managedlist.go b/apis/openidclient/v1alpha1/zz_generated.managedlist.go index a96d30a5..4da9be1a 100644 --- a/apis/openidclient/v1alpha1/zz_generated.managedlist.go +++ b/apis/openidclient/v1alpha1/zz_generated.managedlist.go @@ -33,3 +33,21 @@ func (l *ClientScopeList) GetItems() []resource.Managed { } return items } + +// GetItems of this ClientServiceAccountRealmRoleList. +func (l *ClientServiceAccountRealmRoleList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} + +// GetItems of this ClientServiceAccountRoleList. +func (l *ClientServiceAccountRoleList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} diff --git a/apis/openidclient/v1alpha1/zz_generated.resolvers.go b/apis/openidclient/v1alpha1/zz_generated.resolvers.go index 75e70854..11bfc8bd 100644 --- a/apis/openidclient/v1alpha1/zz_generated.resolvers.go +++ b/apis/openidclient/v1alpha1/zz_generated.resolvers.go @@ -122,3 +122,71 @@ func (mg *ClientScope) ResolveReferences(ctx context.Context, c client.Reader) e return nil } + +// ResolveReferences of this ClientServiceAccountRealmRole. +func (mg *ClientServiceAccountRealmRole) ResolveReferences(ctx context.Context, c client.Reader) error { + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.RealmID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.RealmIDRef, + Selector: mg.Spec.ForProvider.RealmIDSelector, + To: reference.To{ + List: &v1alpha1.RealmList{}, + Managed: &v1alpha1.Realm{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.RealmID") + } + mg.Spec.ForProvider.RealmID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.RealmIDRef = rsp.ResolvedReference + + return nil +} + +// ResolveReferences of this ClientServiceAccountRole. +func (mg *ClientServiceAccountRole) ResolveReferences(ctx context.Context, c client.Reader) error { + r := reference.NewAPIResolver(c, mg) + + var rsp reference.ResolutionResponse + var err error + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ClientID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.ClientIDRef, + Selector: mg.Spec.ForProvider.ClientIDSelector, + To: reference.To{ + List: &ClientList{}, + Managed: &Client{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.ClientID") + } + mg.Spec.ForProvider.ClientID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.ClientIDRef = rsp.ResolvedReference + + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.RealmID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.RealmIDRef, + Selector: mg.Spec.ForProvider.RealmIDSelector, + To: reference.To{ + List: &v1alpha1.RealmList{}, + Managed: &v1alpha1.Realm{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.RealmID") + } + mg.Spec.ForProvider.RealmID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.RealmIDRef = rsp.ResolvedReference + + return nil +} diff --git a/apis/openidclient/v1alpha1/zz_generated_terraformed.go b/apis/openidclient/v1alpha1/zz_generated_terraformed.go index 8412744e..6cab5cd8 100755 --- a/apis/openidclient/v1alpha1/zz_generated_terraformed.go +++ b/apis/openidclient/v1alpha1/zz_generated_terraformed.go @@ -359,3 +359,231 @@ func (tr *ClientScope) LateInitialize(attrs []byte) (bool, error) { func (tr *ClientScope) GetTerraformSchemaVersion() int { return 0 } + +// GetTerraformResourceType returns Terraform resource type for this ClientServiceAccountRealmRole +func (mg *ClientServiceAccountRealmRole) GetTerraformResourceType() string { + return "keycloak_openid_client_service_account_realm_role" +} + +// GetConnectionDetailsMapping for this ClientServiceAccountRealmRole +func (tr *ClientServiceAccountRealmRole) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this ClientServiceAccountRealmRole +func (tr *ClientServiceAccountRealmRole) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this ClientServiceAccountRealmRole +func (tr *ClientServiceAccountRealmRole) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this ClientServiceAccountRealmRole +func (tr *ClientServiceAccountRealmRole) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this ClientServiceAccountRealmRole +func (tr *ClientServiceAccountRealmRole) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this ClientServiceAccountRealmRole +func (tr *ClientServiceAccountRealmRole) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this ClientServiceAccountRealmRole +func (tr *ClientServiceAccountRealmRole) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this ClientServiceAccountRealmRole +func (tr *ClientServiceAccountRealmRole) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this ClientServiceAccountRealmRole using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *ClientServiceAccountRealmRole) LateInitialize(attrs []byte) (bool, error) { + params := &ClientServiceAccountRealmRoleParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *ClientServiceAccountRealmRole) GetTerraformSchemaVersion() int { + return 0 +} + +// GetTerraformResourceType returns Terraform resource type for this ClientServiceAccountRole +func (mg *ClientServiceAccountRole) GetTerraformResourceType() string { + return "keycloak_openid_client_service_account_role" +} + +// GetConnectionDetailsMapping for this ClientServiceAccountRole +func (tr *ClientServiceAccountRole) GetConnectionDetailsMapping() map[string]string { + return nil +} + +// GetObservation of this ClientServiceAccountRole +func (tr *ClientServiceAccountRole) GetObservation() (map[string]any, error) { + o, err := json.TFParser.Marshal(tr.Status.AtProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(o, &base) +} + +// SetObservation for this ClientServiceAccountRole +func (tr *ClientServiceAccountRole) SetObservation(obs map[string]any) error { + p, err := json.TFParser.Marshal(obs) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) +} + +// GetID returns ID of underlying Terraform resource of this ClientServiceAccountRole +func (tr *ClientServiceAccountRole) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + +// GetParameters of this ClientServiceAccountRole +func (tr *ClientServiceAccountRole) GetParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.ForProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// SetParameters for this ClientServiceAccountRole +func (tr *ClientServiceAccountRole) SetParameters(params map[string]any) error { + p, err := json.TFParser.Marshal(params) + if err != nil { + return err + } + return json.TFParser.Unmarshal(p, &tr.Spec.ForProvider) +} + +// GetInitParameters of this ClientServiceAccountRole +func (tr *ClientServiceAccountRole) GetInitParameters() (map[string]any, error) { + p, err := json.TFParser.Marshal(tr.Spec.InitProvider) + if err != nil { + return nil, err + } + base := map[string]any{} + return base, json.TFParser.Unmarshal(p, &base) +} + +// GetInitParameters of this ClientServiceAccountRole +func (tr *ClientServiceAccountRole) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error) { + params, err := tr.GetParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get parameters for resource '%q'", tr.GetName()) + } + if !shouldMergeInitProvider { + return params, nil + } + + initParams, err := tr.GetInitParameters() + if err != nil { + return nil, errors.Wrapf(err, "cannot get init parameters for resource '%q'", tr.GetName()) + } + + // Note(lsviben): mergo.WithSliceDeepCopy is needed to merge the + // slices from the initProvider to forProvider. As it also sets + // overwrite to true, we need to set it back to false, we don't + // want to overwrite the forProvider fields with the initProvider + // fields. + err = mergo.Merge(¶ms, initParams, mergo.WithSliceDeepCopy, func(c *mergo.Config) { + c.Overwrite = false + }) + if err != nil { + return nil, errors.Wrapf(err, "cannot merge spec.initProvider and spec.forProvider parameters for resource '%q'", tr.GetName()) + } + + return params, nil +} + +// LateInitialize this ClientServiceAccountRole using its observed tfState. +// returns True if there are any spec changes for the resource. +func (tr *ClientServiceAccountRole) LateInitialize(attrs []byte) (bool, error) { + params := &ClientServiceAccountRoleParameters{} + if err := json.TFParser.Unmarshal(attrs, params); err != nil { + return false, errors.Wrap(err, "failed to unmarshal Terraform state parameters for late-initialization") + } + opts := []resource.GenericLateInitializerOption{resource.WithZeroValueJSONOmitEmptyFilter(resource.CNameWildcard)} + + li := resource.NewGenericLateInitializer(opts...) + return li.LateInitialize(&tr.Spec.ForProvider, params) +} + +// GetTerraformSchemaVersion returns the associated Terraform schema version +func (tr *ClientServiceAccountRole) GetTerraformSchemaVersion() int { + return 0 +} diff --git a/config/external_name.go b/config/external_name.go index e849e472..a642844e 100644 --- a/config/external_name.go +++ b/config/external_name.go @@ -10,20 +10,22 @@ import "github.com/crossplane/upjet/pkg/config" // provider. var ExternalNameConfigs = map[string]config.ExternalName{ // Import requires using a randomly generated ID from provider: nl-2e21sda - "keycloak_generic_protocol_mapper": config.IdentifierFromProvider, - "keycloak_generic_role_mapper": config.IdentifierFromProvider, - "keycloak_group_memberships": config.IdentifierFromProvider, - "keycloak_group_roles": config.IdentifierFromProvider, - "keycloak_group": config.IdentifierFromProvider, - "keycloak_openid_client_default_scopes": config.IdentifierFromProvider, - "keycloak_openid_client_scope": config.IdentifierFromProvider, - "keycloak_openid_client": config.IdentifierFromProvider, - "keycloak_openid_group_membership_protocol_mapper": config.IdentifierFromProvider, - "keycloak_realm": config.IdentifierFromProvider, - "keycloak_required_action": config.IdentifierFromProvider, - "keycloak_role": config.IdentifierFromProvider, - "keycloak_user_groups": config.IdentifierFromProvider, - "keycloak_user": config.IdentifierFromProvider, + "keycloak_generic_protocol_mapper": config.IdentifierFromProvider, + "keycloak_generic_role_mapper": config.IdentifierFromProvider, + "keycloak_group_memberships": config.IdentifierFromProvider, + "keycloak_group_roles": config.IdentifierFromProvider, + "keycloak_group": config.IdentifierFromProvider, + "keycloak_openid_client_default_scopes": config.IdentifierFromProvider, + "keycloak_openid_client_scope": config.IdentifierFromProvider, + "keycloak_openid_client": config.IdentifierFromProvider, + "keycloak_openid_group_membership_protocol_mapper": config.IdentifierFromProvider, + "keycloak_openid_client_service_account_realm_role": config.IdentifierFromProvider, + "keycloak_openid_client_service_account_role": config.IdentifierFromProvider, + "keycloak_realm": config.IdentifierFromProvider, + "keycloak_required_action": config.IdentifierFromProvider, + "keycloak_role": config.IdentifierFromProvider, + "keycloak_user_groups": config.IdentifierFromProvider, + "keycloak_user": config.IdentifierFromProvider, } // ExternalNameConfigurations applies all external name configs listed in the diff --git a/config/openidclient/config.go b/config/openidclient/config.go index 72b52e86..594c8521 100644 --- a/config/openidclient/config.go +++ b/config/openidclient/config.go @@ -18,4 +18,12 @@ func Configure(p *config.Provider) { // We need to override the default group that upjet generated for r.ShortGroup = "openidclient" }) + + p.AddResourceConfigurator("keycloak_openid_client_service_account_role", func(r *config.Resource) { + r.ShortGroup = "openidclient" + }) + + p.AddResourceConfigurator("keycloak_openid_client_service_account_realm_role", func(r *config.Resource) { + r.ShortGroup = "openidclient" + }) } diff --git a/examples-generated/openidclient/clientserviceaccountrealmrole.yaml b/examples-generated/openidclient/clientserviceaccountrealmrole.yaml new file mode 100644 index 00000000..507a61b8 --- /dev/null +++ b/examples-generated/openidclient/clientserviceaccountrealmrole.yaml @@ -0,0 +1,65 @@ +apiVersion: openidclient.keycloak.crossplane.io/v1alpha1 +kind: ClientServiceAccountRealmRole +metadata: + annotations: + meta.upbound.io/example-id: openidclient/v1alpha1/clientserviceaccountrealmrole + labels: + testing.upbound.io/example-name: client_service_account_role + name: client-service-account-role +spec: + forProvider: + realmIdSelector: + matchLabels: + testing.upbound.io/example-name: realm + role: my-realm-role + serviceAccountUserId: ${keycloak_openid_client.client.service_account_user_id} + +--- + +apiVersion: openidclient.keycloak.crossplane.io/v1alpha1 +kind: Client +metadata: + annotations: + meta.upbound.io/example-id: openidclient/v1alpha1/clientserviceaccountrealmrole + labels: + testing.upbound.io/example-name: client + name: client +spec: + forProvider: + name: client + realmIdSelector: + matchLabels: + testing.upbound.io/example-name: realm + serviceAccountsEnabled: true + +--- + +apiVersion: realm.keycloak.crossplane.io/v1alpha1 +kind: Realm +metadata: + annotations: + meta.upbound.io/example-id: openidclient/v1alpha1/clientserviceaccountrealmrole + labels: + testing.upbound.io/example-name: realm + name: realm +spec: + forProvider: + enabled: true + realm: my-realm + +--- + +apiVersion: role.keycloak.crossplane.io/v1alpha1 +kind: Role +metadata: + annotations: + meta.upbound.io/example-id: openidclient/v1alpha1/clientserviceaccountrealmrole + labels: + testing.upbound.io/example-name: realm_role + name: realm-role +spec: + forProvider: + name: my-realm-role + realmIdSelector: + matchLabels: + testing.upbound.io/example-name: realm diff --git a/examples-generated/openidclient/clientserviceaccountrole.yaml b/examples-generated/openidclient/clientserviceaccountrole.yaml new file mode 100644 index 00000000..2068dfee --- /dev/null +++ b/examples-generated/openidclient/clientserviceaccountrole.yaml @@ -0,0 +1,89 @@ +apiVersion: openidclient.keycloak.crossplane.io/v1alpha1 +kind: ClientServiceAccountRole +metadata: + annotations: + meta.upbound.io/example-id: openidclient/v1alpha1/clientserviceaccountrole + labels: + testing.upbound.io/example-name: client2_service_account_role + name: client2-service-account-role +spec: + forProvider: + clientIdSelector: + matchLabels: + testing.upbound.io/example-name: client1 + realmIdSelector: + matchLabels: + testing.upbound.io/example-name: realm + role: my-realm-role + serviceAccountUserId: ${keycloak_openid_client.client2.service_account_user_id} + +--- + +apiVersion: openidclient.keycloak.crossplane.io/v1alpha1 +kind: Client +metadata: + annotations: + meta.upbound.io/example-id: openidclient/v1alpha1/clientserviceaccountrole + labels: + testing.upbound.io/example-name: client1 + name: client1 +spec: + forProvider: + name: client1 + realmIdSelector: + matchLabels: + testing.upbound.io/example-name: realm + +--- + +apiVersion: openidclient.keycloak.crossplane.io/v1alpha1 +kind: Client +metadata: + annotations: + meta.upbound.io/example-id: openidclient/v1alpha1/clientserviceaccountrole + labels: + testing.upbound.io/example-name: client2 + name: client2 +spec: + forProvider: + name: client2 + realmIdSelector: + matchLabels: + testing.upbound.io/example-name: realm + serviceAccountsEnabled: true + +--- + +apiVersion: realm.keycloak.crossplane.io/v1alpha1 +kind: Realm +metadata: + annotations: + meta.upbound.io/example-id: openidclient/v1alpha1/clientserviceaccountrole + labels: + testing.upbound.io/example-name: realm + name: realm +spec: + forProvider: + enabled: true + realm: my-realm + +--- + +apiVersion: role.keycloak.crossplane.io/v1alpha1 +kind: Role +metadata: + annotations: + meta.upbound.io/example-id: openidclient/v1alpha1/clientserviceaccountrole + labels: + testing.upbound.io/example-name: client1_role + name: client1-role +spec: + forProvider: + clientIdSelector: + matchLabels: + testing.upbound.io/example-name: client1 + description: A role that client1 provides + name: my-client1-role + realmIdSelector: + matchLabels: + testing.upbound.io/example-name: realm diff --git a/internal/controller/openidclient/clientserviceaccountrealmrole/zz_controller.go b/internal/controller/openidclient/clientserviceaccountrealmrole/zz_controller.go new file mode 100755 index 00000000..6412449a --- /dev/null +++ b/internal/controller/openidclient/clientserviceaccountrealmrole/zz_controller.go @@ -0,0 +1,62 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package clientserviceaccountrealmrole + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/terraform" + ctrl "sigs.k8s.io/controller-runtime" + + v1alpha1 "github.com/crossplane-contrib/provider-keycloak/apis/openidclient/v1alpha1" +) + +// Setup adds a controller that reconciles ClientServiceAccountRealmRole managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1alpha1.ClientServiceAccountRealmRole_GroupVersionKind.String()) + var initializers managed.InitializerChain + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1alpha1.ClientServiceAccountRealmRole_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1alpha1.ClientServiceAccountRealmRole_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["keycloak_openid_client_service_account_realm_role"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithConnectorEventHandler(eventHandler), + tjcontroller.WithCallbackProvider(ac), + )), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1alpha1.ClientServiceAccountRealmRole_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1alpha1.ClientServiceAccountRealmRole{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/openidclient/clientserviceaccountrole/zz_controller.go b/internal/controller/openidclient/clientserviceaccountrole/zz_controller.go new file mode 100755 index 00000000..5624d485 --- /dev/null +++ b/internal/controller/openidclient/clientserviceaccountrole/zz_controller.go @@ -0,0 +1,62 @@ +// SPDX-FileCopyrightText: 2023 The Crossplane Authors +// +// SPDX-License-Identifier: Apache-2.0 + +/* +Copyright 2022 Upbound Inc. +*/ + +// Code generated by upjet. DO NOT EDIT. + +package clientserviceaccountrole + +import ( + "time" + + "github.com/crossplane/crossplane-runtime/pkg/connection" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/ratelimiter" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + xpresource "github.com/crossplane/crossplane-runtime/pkg/resource" + tjcontroller "github.com/crossplane/upjet/pkg/controller" + "github.com/crossplane/upjet/pkg/controller/handler" + "github.com/crossplane/upjet/pkg/terraform" + ctrl "sigs.k8s.io/controller-runtime" + + v1alpha1 "github.com/crossplane-contrib/provider-keycloak/apis/openidclient/v1alpha1" +) + +// Setup adds a controller that reconciles ClientServiceAccountRole managed resources. +func Setup(mgr ctrl.Manager, o tjcontroller.Options) error { + name := managed.ControllerName(v1alpha1.ClientServiceAccountRole_GroupVersionKind.String()) + var initializers managed.InitializerChain + cps := []managed.ConnectionPublisher{managed.NewAPISecretPublisher(mgr.GetClient(), mgr.GetScheme())} + if o.SecretStoreConfigGVK != nil { + cps = append(cps, connection.NewDetailsManager(mgr.GetClient(), *o.SecretStoreConfigGVK, connection.WithTLSConfig(o.ESSOptions.TLSConfig))) + } + eventHandler := handler.NewEventHandler(handler.WithLogger(o.Logger.WithValues("gvk", v1alpha1.ClientServiceAccountRole_GroupVersionKind))) + ac := tjcontroller.NewAPICallbacks(mgr, xpresource.ManagedKind(v1alpha1.ClientServiceAccountRole_GroupVersionKind), tjcontroller.WithEventHandler(eventHandler)) + opts := []managed.ReconcilerOption{ + managed.WithExternalConnecter(tjcontroller.NewConnector(mgr.GetClient(), o.WorkspaceStore, o.SetupFn, o.Provider.Resources["keycloak_openid_client_service_account_role"], tjcontroller.WithLogger(o.Logger), tjcontroller.WithConnectorEventHandler(eventHandler), + tjcontroller.WithCallbackProvider(ac), + )), + managed.WithLogger(o.Logger.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))), + managed.WithFinalizer(terraform.NewWorkspaceFinalizer(o.WorkspaceStore, xpresource.NewAPIFinalizer(mgr.GetClient(), managed.FinalizerName))), + managed.WithTimeout(3 * time.Minute), + managed.WithInitializers(initializers), + managed.WithConnectionPublishers(cps...), + managed.WithPollInterval(o.PollInterval), + } + if o.PollJitter != 0 { + opts = append(opts, managed.WithPollJitterHook(o.PollJitter)) + } + r := managed.NewReconciler(mgr, xpresource.ManagedKind(v1alpha1.ClientServiceAccountRole_GroupVersionKind), opts...) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + WithOptions(o.ForControllerRuntime()). + WithEventFilter(xpresource.DesiredStateChanged()). + Watches(&v1alpha1.ClientServiceAccountRole{}, eventHandler). + Complete(ratelimiter.NewReconciler(name, r, o.GlobalRateLimiter)) +} diff --git a/internal/controller/zz_setup.go b/internal/controller/zz_setup.go index eb838884..239e0fdb 100755 --- a/internal/controller/zz_setup.go +++ b/internal/controller/zz_setup.go @@ -17,6 +17,8 @@ import ( client "github.com/crossplane-contrib/provider-keycloak/internal/controller/openidclient/client" clientdefaultscopes "github.com/crossplane-contrib/provider-keycloak/internal/controller/openidclient/clientdefaultscopes" clientscope "github.com/crossplane-contrib/provider-keycloak/internal/controller/openidclient/clientscope" + clientserviceaccountrealmrole "github.com/crossplane-contrib/provider-keycloak/internal/controller/openidclient/clientserviceaccountrealmrole" + clientserviceaccountrole "github.com/crossplane-contrib/provider-keycloak/internal/controller/openidclient/clientserviceaccountrole" groupmembershipprotocolmapper "github.com/crossplane-contrib/provider-keycloak/internal/controller/openidgroup/groupmembershipprotocolmapper" providerconfig "github.com/crossplane-contrib/provider-keycloak/internal/controller/providerconfig" realm "github.com/crossplane-contrib/provider-keycloak/internal/controller/realm/realm" @@ -38,6 +40,8 @@ func Setup(mgr ctrl.Manager, o controller.Options) error { client.Setup, clientdefaultscopes.Setup, clientscope.Setup, + clientserviceaccountrealmrole.Setup, + clientserviceaccountrole.Setup, groupmembershipprotocolmapper.Setup, providerconfig.Setup, realm.Setup, diff --git a/package/crds/openidclient.keycloak.crossplane.io_clientserviceaccountrealmroles.yaml b/package/crds/openidclient.keycloak.crossplane.io_clientserviceaccountrealmroles.yaml new file mode 100644 index 00000000..704c3c7a --- /dev/null +++ b/package/crds/openidclient.keycloak.crossplane.io_clientserviceaccountrealmroles.yaml @@ -0,0 +1,409 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: clientserviceaccountrealmroles.openidclient.keycloak.crossplane.io +spec: + group: openidclient.keycloak.crossplane.io + names: + categories: + - crossplane + - managed + - keycloak + kind: ClientServiceAccountRealmRole + listKind: ClientServiceAccountRealmRoleList + plural: clientserviceaccountrealmroles + singular: clientserviceaccountrealmrole + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClientServiceAccountRealmRole is the Schema for the ClientServiceAccountRealmRoles + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClientServiceAccountRealmRoleSpec defines the desired state + of ClientServiceAccountRealmRole + properties: + deletionPolicy: + default: Delete + description: 'DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicies field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + realmId: + description: The realm that the client and role belong to. + type: string + realmIdRef: + description: Reference to a Realm in realm to populate realmId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + realmIdSelector: + description: Selector for a Realm in realm to populate realmId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + role: + description: The name of the role that is assigned. + type: string + serviceAccountUserId: + description: The id of the service account that is assigned the + role (the service account of the client that "consumes" the + role). + type: string + type: object + initProvider: + description: THIS IS A BETA FIELD. It will be honored unless the Management + Policies feature flag is disabled. InitProvider holds the same fields + as ForProvider, with the exception of Identifier and other resource + reference fields. The fields that are in InitProvider are merged + into ForProvider when the resource is created. The same fields are + also added to the terraform ignore_changes hook, to avoid updating + them after creation. This is useful for fields that are required + on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, + like an autoscaler. + properties: + role: + description: The name of the role that is assigned. + type: string + serviceAccountUserId: + description: The id of the service account that is assigned the + role (the service account of the client that "consumes" the + role). + type: string + type: object + managementPolicies: + default: + - '*' + description: 'THIS IS A BETA FIELD. It is on by default but can be + opted out through a Crossplane feature flag. ManagementPolicies + specify the array of actions Crossplane is allowed to take on the + managed and external resources. This field is planned to replace + the DeletionPolicy field in a future release. Currently, both could + be set independently and non-default values would be honored if + the feature flag is enabled. If both are custom, the DeletionPolicy + field will be ignored. See the design doc for more information: + https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + items: + description: A ManagementAction represents an action that the Crossplane + controllers can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.role is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.role) + || (has(self.initProvider) && has(self.initProvider.role))' + - message: spec.forProvider.serviceAccountUserId is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.serviceAccountUserId) + || (has(self.initProvider) && has(self.initProvider.serviceAccountUserId))' + status: + description: ClientServiceAccountRealmRoleStatus defines the observed + state of ClientServiceAccountRealmRole. + properties: + atProvider: + properties: + id: + type: string + realmId: + description: The realm that the client and role belong to. + type: string + role: + description: The name of the role that is assigned. + type: string + serviceAccountUserId: + description: The id of the service account that is assigned the + role (the service account of the client that "consumes" the + role). + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/package/crds/openidclient.keycloak.crossplane.io_clientserviceaccountroles.yaml b/package/crds/openidclient.keycloak.crossplane.io_clientserviceaccountroles.yaml new file mode 100644 index 00000000..653b2bf0 --- /dev/null +++ b/package/crds/openidclient.keycloak.crossplane.io_clientserviceaccountroles.yaml @@ -0,0 +1,490 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: clientserviceaccountroles.openidclient.keycloak.crossplane.io +spec: + group: openidclient.keycloak.crossplane.io + names: + categories: + - crossplane + - managed + - keycloak + kind: ClientServiceAccountRole + listKind: ClientServiceAccountRoleList + plural: clientserviceaccountroles + singular: clientserviceaccountrole + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClientServiceAccountRole is the Schema for the ClientServiceAccountRoles + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClientServiceAccountRoleSpec defines the desired state of + ClientServiceAccountRole + properties: + deletionPolicy: + default: Delete + description: 'DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicies field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + clientId: + description: The id of the client that provides the role. + type: string + clientIdRef: + description: Reference to a Client in openidclient to populate + clientId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + clientIdSelector: + description: Selector for a Client in openidclient to populate + clientId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + realmId: + description: The realm the clients and roles belong to. + type: string + realmIdRef: + description: Reference to a Realm in realm to populate realmId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + realmIdSelector: + description: Selector for a Realm in realm to populate realmId. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + role: + description: The name of the role that is assigned. + type: string + serviceAccountUserId: + description: The id of the service account that is assigned the + role (the service account of the client that "consumes" the + role). + type: string + type: object + initProvider: + description: THIS IS A BETA FIELD. It will be honored unless the Management + Policies feature flag is disabled. InitProvider holds the same fields + as ForProvider, with the exception of Identifier and other resource + reference fields. The fields that are in InitProvider are merged + into ForProvider when the resource is created. The same fields are + also added to the terraform ignore_changes hook, to avoid updating + them after creation. This is useful for fields that are required + on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, + like an autoscaler. + properties: + role: + description: The name of the role that is assigned. + type: string + serviceAccountUserId: + description: The id of the service account that is assigned the + role (the service account of the client that "consumes" the + role). + type: string + type: object + managementPolicies: + default: + - '*' + description: 'THIS IS A BETA FIELD. It is on by default but can be + opted out through a Crossplane feature flag. ManagementPolicies + specify the array of actions Crossplane is allowed to take on the + managed and external resources. This field is planned to replace + the DeletionPolicy field in a future release. Currently, both could + be set independently and non-default values would be honored if + the feature flag is enabled. If both are custom, the DeletionPolicy + field will be ignored. See the design doc for more information: + https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + items: + description: A ManagementAction represents an action that the Crossplane + controllers can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: spec.forProvider.role is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.role) + || (has(self.initProvider) && has(self.initProvider.role))' + - message: spec.forProvider.serviceAccountUserId is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.serviceAccountUserId) + || (has(self.initProvider) && has(self.initProvider.serviceAccountUserId))' + status: + description: ClientServiceAccountRoleStatus defines the observed state + of ClientServiceAccountRole. + properties: + atProvider: + properties: + clientId: + description: The id of the client that provides the role. + type: string + id: + type: string + realmId: + description: The realm the clients and roles belong to. + type: string + role: + description: The name of the role that is assigned. + type: string + serviceAccountUserId: + description: The id of the service account that is assigned the + role (the service account of the client that "consumes" the + role). + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {}