From becdad26559ccc6fa67785c29d34b1bfef9ea845 Mon Sep 17 00:00:00 2001 From: Breee Date: Thu, 27 Jun 2024 17:59:07 +0200 Subject: [PATCH] feat(issue-120): flow references --- apis/openidclient/v1alpha1/zz_client_types.go | 36 +++ .../v1alpha1/zz_generated.deepcopy.go | 40 +++ .../v1alpha1/zz_generated.resolvers.go | 155 ++++++--- config/openidclient/config.go | 8 + ...client.keycloak.crossplane.io_clients.yaml | 304 ++++++++++++++++++ 5 files changed, 502 insertions(+), 41 deletions(-) diff --git a/apis/openidclient/v1alpha1/zz_client_types.go b/apis/openidclient/v1alpha1/zz_client_types.go index 3bd0953..e25c192 100755 --- a/apis/openidclient/v1alpha1/zz_client_types.go +++ b/apis/openidclient/v1alpha1/zz_client_types.go @@ -16,10 +16,28 @@ import ( type AuthenticationFlowBindingOverridesInitParameters struct { // Browser flow id, (flow needs to exist) + // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/authenticationflow/v1alpha1.Flow BrowserID *string `json:"browserId,omitempty" tf:"browser_id,omitempty"` + // Reference to a Flow in authenticationflow to populate browserId. + // +kubebuilder:validation:Optional + BrowserIDRef *v1.Reference `json:"browserIdRef,omitempty" tf:"-"` + + // Selector for a Flow in authenticationflow to populate browserId. + // +kubebuilder:validation:Optional + BrowserIDSelector *v1.Selector `json:"browserIdSelector,omitempty" tf:"-"` + // Direct grant flow id (flow needs to exist) + // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/authenticationflow/v1alpha1.Flow DirectGrantID *string `json:"directGrantId,omitempty" tf:"direct_grant_id,omitempty"` + + // Reference to a Flow in authenticationflow to populate directGrantId. + // +kubebuilder:validation:Optional + DirectGrantIDRef *v1.Reference `json:"directGrantIdRef,omitempty" tf:"-"` + + // Selector for a Flow in authenticationflow to populate directGrantId. + // +kubebuilder:validation:Optional + DirectGrantIDSelector *v1.Selector `json:"directGrantIdSelector,omitempty" tf:"-"` } type AuthenticationFlowBindingOverridesObservation struct { @@ -34,12 +52,30 @@ type AuthenticationFlowBindingOverridesObservation struct { type AuthenticationFlowBindingOverridesParameters struct { // Browser flow id, (flow needs to exist) + // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/authenticationflow/v1alpha1.Flow // +kubebuilder:validation:Optional BrowserID *string `json:"browserId,omitempty" tf:"browser_id,omitempty"` + // Reference to a Flow in authenticationflow to populate browserId. + // +kubebuilder:validation:Optional + BrowserIDRef *v1.Reference `json:"browserIdRef,omitempty" tf:"-"` + + // Selector for a Flow in authenticationflow to populate browserId. + // +kubebuilder:validation:Optional + BrowserIDSelector *v1.Selector `json:"browserIdSelector,omitempty" tf:"-"` + // Direct grant flow id (flow needs to exist) + // +crossplane:generate:reference:type=github.com/crossplane-contrib/provider-keycloak/apis/authenticationflow/v1alpha1.Flow // +kubebuilder:validation:Optional DirectGrantID *string `json:"directGrantId,omitempty" tf:"direct_grant_id,omitempty"` + + // Reference to a Flow in authenticationflow to populate directGrantId. + // +kubebuilder:validation:Optional + DirectGrantIDRef *v1.Reference `json:"directGrantIdRef,omitempty" tf:"-"` + + // Selector for a Flow in authenticationflow to populate directGrantId. + // +kubebuilder:validation:Optional + DirectGrantIDSelector *v1.Selector `json:"directGrantIdSelector,omitempty" tf:"-"` } type AuthorizationInitParameters struct { diff --git a/apis/openidclient/v1alpha1/zz_generated.deepcopy.go b/apis/openidclient/v1alpha1/zz_generated.deepcopy.go index cbbb514..3866304 100644 --- a/apis/openidclient/v1alpha1/zz_generated.deepcopy.go +++ b/apis/openidclient/v1alpha1/zz_generated.deepcopy.go @@ -21,11 +21,31 @@ func (in *AuthenticationFlowBindingOverridesInitParameters) DeepCopyInto(out *Au *out = new(string) **out = **in } + if in.BrowserIDRef != nil { + in, out := &in.BrowserIDRef, &out.BrowserIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.BrowserIDSelector != nil { + in, out := &in.BrowserIDSelector, &out.BrowserIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.DirectGrantID != nil { in, out := &in.DirectGrantID, &out.DirectGrantID *out = new(string) **out = **in } + if in.DirectGrantIDRef != nil { + in, out := &in.DirectGrantIDRef, &out.DirectGrantIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.DirectGrantIDSelector != nil { + in, out := &in.DirectGrantIDSelector, &out.DirectGrantIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationFlowBindingOverridesInitParameters. @@ -71,11 +91,31 @@ func (in *AuthenticationFlowBindingOverridesParameters) DeepCopyInto(out *Authen *out = new(string) **out = **in } + if in.BrowserIDRef != nil { + in, out := &in.BrowserIDRef, &out.BrowserIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.BrowserIDSelector != nil { + in, out := &in.BrowserIDSelector, &out.BrowserIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.DirectGrantID != nil { in, out := &in.DirectGrantID, &out.DirectGrantID *out = new(string) **out = **in } + if in.DirectGrantIDRef != nil { + in, out := &in.DirectGrantIDRef, &out.DirectGrantIDRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.DirectGrantIDSelector != nil { + in, out := &in.DirectGrantIDSelector, &out.DirectGrantIDSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationFlowBindingOverridesParameters. diff --git a/apis/openidclient/v1alpha1/zz_generated.resolvers.go b/apis/openidclient/v1alpha1/zz_generated.resolvers.go index 613817e..068f015 100644 --- a/apis/openidclient/v1alpha1/zz_generated.resolvers.go +++ b/apis/openidclient/v1alpha1/zz_generated.resolvers.go @@ -7,7 +7,8 @@ package v1alpha1 import ( "context" - v1alpha1 "github.com/crossplane-contrib/provider-keycloak/apis/realm/v1alpha1" + v1alpha1 "github.com/crossplane-contrib/provider-keycloak/apis/authenticationflow/v1alpha1" + v1alpha11 "github.com/crossplane-contrib/provider-keycloak/apis/realm/v1alpha1" common "github.com/crossplane-contrib/provider-keycloak/config/common" reference "github.com/crossplane/crossplane-runtime/pkg/reference" errors "github.com/pkg/errors" @@ -21,6 +22,42 @@ func (mg *Client) ResolveReferences(ctx context.Context, c client.Reader) error var rsp reference.ResolutionResponse var err error + for i3 := 0; i3 < len(mg.Spec.ForProvider.AuthenticationFlowBindingOverrides); i3++ { + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.AuthenticationFlowBindingOverrides[i3].BrowserID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.AuthenticationFlowBindingOverrides[i3].BrowserIDRef, + Selector: mg.Spec.ForProvider.AuthenticationFlowBindingOverrides[i3].BrowserIDSelector, + To: reference.To{ + List: &v1alpha1.FlowList{}, + Managed: &v1alpha1.Flow{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.AuthenticationFlowBindingOverrides[i3].BrowserID") + } + mg.Spec.ForProvider.AuthenticationFlowBindingOverrides[i3].BrowserID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.AuthenticationFlowBindingOverrides[i3].BrowserIDRef = rsp.ResolvedReference + + } + for i3 := 0; i3 < len(mg.Spec.ForProvider.AuthenticationFlowBindingOverrides); i3++ { + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.AuthenticationFlowBindingOverrides[i3].DirectGrantID), + Extract: reference.ExternalName(), + Reference: mg.Spec.ForProvider.AuthenticationFlowBindingOverrides[i3].DirectGrantIDRef, + Selector: mg.Spec.ForProvider.AuthenticationFlowBindingOverrides[i3].DirectGrantIDSelector, + To: reference.To{ + List: &v1alpha1.FlowList{}, + Managed: &v1alpha1.Flow{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.AuthenticationFlowBindingOverrides[i3].DirectGrantID") + } + mg.Spec.ForProvider.AuthenticationFlowBindingOverrides[i3].DirectGrantID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.AuthenticationFlowBindingOverrides[i3].DirectGrantIDRef = rsp.ResolvedReference + + } rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ClientID), Extract: common.UUIDExtractor(), @@ -43,8 +80,8 @@ func (mg *Client) ResolveReferences(ctx context.Context, c client.Reader) error Reference: mg.Spec.ForProvider.RealmIDRef, Selector: mg.Spec.ForProvider.RealmIDSelector, To: reference.To{ - List: &v1alpha1.RealmList{}, - Managed: &v1alpha1.Realm{}, + List: &v1alpha11.RealmList{}, + Managed: &v1alpha11.Realm{}, }, }) if err != nil { @@ -53,6 +90,42 @@ func (mg *Client) ResolveReferences(ctx context.Context, c client.Reader) error mg.Spec.ForProvider.RealmID = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.RealmIDRef = rsp.ResolvedReference + for i3 := 0; i3 < len(mg.Spec.InitProvider.AuthenticationFlowBindingOverrides); i3++ { + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.AuthenticationFlowBindingOverrides[i3].BrowserID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.AuthenticationFlowBindingOverrides[i3].BrowserIDRef, + Selector: mg.Spec.InitProvider.AuthenticationFlowBindingOverrides[i3].BrowserIDSelector, + To: reference.To{ + List: &v1alpha1.FlowList{}, + Managed: &v1alpha1.Flow{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.AuthenticationFlowBindingOverrides[i3].BrowserID") + } + mg.Spec.InitProvider.AuthenticationFlowBindingOverrides[i3].BrowserID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.AuthenticationFlowBindingOverrides[i3].BrowserIDRef = rsp.ResolvedReference + + } + for i3 := 0; i3 < len(mg.Spec.InitProvider.AuthenticationFlowBindingOverrides); i3++ { + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.AuthenticationFlowBindingOverrides[i3].DirectGrantID), + Extract: reference.ExternalName(), + Reference: mg.Spec.InitProvider.AuthenticationFlowBindingOverrides[i3].DirectGrantIDRef, + Selector: mg.Spec.InitProvider.AuthenticationFlowBindingOverrides[i3].DirectGrantIDSelector, + To: reference.To{ + List: &v1alpha1.FlowList{}, + Managed: &v1alpha1.Flow{}, + }, + }) + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.AuthenticationFlowBindingOverrides[i3].DirectGrantID") + } + mg.Spec.InitProvider.AuthenticationFlowBindingOverrides[i3].DirectGrantID = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.AuthenticationFlowBindingOverrides[i3].DirectGrantIDRef = rsp.ResolvedReference + + } rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ClientID), Extract: common.UUIDExtractor(), @@ -75,8 +148,8 @@ func (mg *Client) ResolveReferences(ctx context.Context, c client.Reader) error Reference: mg.Spec.InitProvider.RealmIDRef, Selector: mg.Spec.InitProvider.RealmIDSelector, To: reference.To{ - List: &v1alpha1.RealmList{}, - Managed: &v1alpha1.Realm{}, + List: &v1alpha11.RealmList{}, + Managed: &v1alpha11.Realm{}, }, }) if err != nil { @@ -101,8 +174,8 @@ func (mg *ClientClientPolicy) ResolveReferences(ctx context.Context, c client.Re Reference: mg.Spec.ForProvider.RealmIDRef, Selector: mg.Spec.ForProvider.RealmIDSelector, To: reference.To{ - List: &v1alpha1.RealmList{}, - Managed: &v1alpha1.Realm{}, + List: &v1alpha11.RealmList{}, + Managed: &v1alpha11.Realm{}, }, }) if err != nil { @@ -117,8 +190,8 @@ func (mg *ClientClientPolicy) ResolveReferences(ctx context.Context, c client.Re Reference: mg.Spec.InitProvider.RealmIDRef, Selector: mg.Spec.InitProvider.RealmIDSelector, To: reference.To{ - List: &v1alpha1.RealmList{}, - Managed: &v1alpha1.Realm{}, + List: &v1alpha11.RealmList{}, + Managed: &v1alpha11.Realm{}, }, }) if err != nil { @@ -159,8 +232,8 @@ func (mg *ClientDefaultScopes) ResolveReferences(ctx context.Context, c client.R Reference: mg.Spec.ForProvider.RealmIDRef, Selector: mg.Spec.ForProvider.RealmIDSelector, To: reference.To{ - List: &v1alpha1.RealmList{}, - Managed: &v1alpha1.Realm{}, + List: &v1alpha11.RealmList{}, + Managed: &v1alpha11.Realm{}, }, }) if err != nil { @@ -191,8 +264,8 @@ func (mg *ClientDefaultScopes) ResolveReferences(ctx context.Context, c client.R Reference: mg.Spec.InitProvider.RealmIDRef, Selector: mg.Spec.InitProvider.RealmIDSelector, To: reference.To{ - List: &v1alpha1.RealmList{}, - Managed: &v1alpha1.Realm{}, + List: &v1alpha11.RealmList{}, + Managed: &v1alpha11.Realm{}, }, }) if err != nil { @@ -217,8 +290,8 @@ func (mg *ClientGroupPolicy) ResolveReferences(ctx context.Context, c client.Rea Reference: mg.Spec.ForProvider.RealmIDRef, Selector: mg.Spec.ForProvider.RealmIDSelector, To: reference.To{ - List: &v1alpha1.RealmList{}, - Managed: &v1alpha1.Realm{}, + List: &v1alpha11.RealmList{}, + Managed: &v1alpha11.Realm{}, }, }) if err != nil { @@ -233,8 +306,8 @@ func (mg *ClientGroupPolicy) ResolveReferences(ctx context.Context, c client.Rea Reference: mg.Spec.InitProvider.RealmIDRef, Selector: mg.Spec.InitProvider.RealmIDSelector, To: reference.To{ - List: &v1alpha1.RealmList{}, - Managed: &v1alpha1.Realm{}, + List: &v1alpha11.RealmList{}, + Managed: &v1alpha11.Realm{}, }, }) if err != nil { @@ -275,8 +348,8 @@ func (mg *ClientPermissions) ResolveReferences(ctx context.Context, c client.Rea Reference: mg.Spec.ForProvider.RealmIDRef, Selector: mg.Spec.ForProvider.RealmIDSelector, To: reference.To{ - List: &v1alpha1.RealmList{}, - Managed: &v1alpha1.Realm{}, + List: &v1alpha11.RealmList{}, + Managed: &v1alpha11.Realm{}, }, }) if err != nil { @@ -307,8 +380,8 @@ func (mg *ClientPermissions) ResolveReferences(ctx context.Context, c client.Rea Reference: mg.Spec.InitProvider.RealmIDRef, Selector: mg.Spec.InitProvider.RealmIDSelector, To: reference.To{ - List: &v1alpha1.RealmList{}, - Managed: &v1alpha1.Realm{}, + List: &v1alpha11.RealmList{}, + Managed: &v1alpha11.Realm{}, }, }) if err != nil { @@ -333,8 +406,8 @@ func (mg *ClientRolePolicy) ResolveReferences(ctx context.Context, c client.Read Reference: mg.Spec.ForProvider.RealmIDRef, Selector: mg.Spec.ForProvider.RealmIDSelector, To: reference.To{ - List: &v1alpha1.RealmList{}, - Managed: &v1alpha1.Realm{}, + List: &v1alpha11.RealmList{}, + Managed: &v1alpha11.Realm{}, }, }) if err != nil { @@ -349,8 +422,8 @@ func (mg *ClientRolePolicy) ResolveReferences(ctx context.Context, c client.Read Reference: mg.Spec.InitProvider.RealmIDRef, Selector: mg.Spec.InitProvider.RealmIDSelector, To: reference.To{ - List: &v1alpha1.RealmList{}, - Managed: &v1alpha1.Realm{}, + List: &v1alpha11.RealmList{}, + Managed: &v1alpha11.Realm{}, }, }) if err != nil { @@ -375,8 +448,8 @@ func (mg *ClientScope) ResolveReferences(ctx context.Context, c client.Reader) e Reference: mg.Spec.ForProvider.RealmIDRef, Selector: mg.Spec.ForProvider.RealmIDSelector, To: reference.To{ - List: &v1alpha1.RealmList{}, - Managed: &v1alpha1.Realm{}, + List: &v1alpha11.RealmList{}, + Managed: &v1alpha11.Realm{}, }, }) if err != nil { @@ -391,8 +464,8 @@ func (mg *ClientScope) ResolveReferences(ctx context.Context, c client.Reader) e Reference: mg.Spec.InitProvider.RealmIDRef, Selector: mg.Spec.InitProvider.RealmIDSelector, To: reference.To{ - List: &v1alpha1.RealmList{}, - Managed: &v1alpha1.Realm{}, + List: &v1alpha11.RealmList{}, + Managed: &v1alpha11.Realm{}, }, }) if err != nil { @@ -417,8 +490,8 @@ func (mg *ClientServiceAccountRealmRole) ResolveReferences(ctx context.Context, Reference: mg.Spec.ForProvider.RealmIDRef, Selector: mg.Spec.ForProvider.RealmIDSelector, To: reference.To{ - List: &v1alpha1.RealmList{}, - Managed: &v1alpha1.Realm{}, + List: &v1alpha11.RealmList{}, + Managed: &v1alpha11.Realm{}, }, }) if err != nil { @@ -449,8 +522,8 @@ func (mg *ClientServiceAccountRealmRole) ResolveReferences(ctx context.Context, Reference: mg.Spec.InitProvider.RealmIDRef, Selector: mg.Spec.InitProvider.RealmIDSelector, To: reference.To{ - List: &v1alpha1.RealmList{}, - Managed: &v1alpha1.Realm{}, + List: &v1alpha11.RealmList{}, + Managed: &v1alpha11.Realm{}, }, }) if err != nil { @@ -507,8 +580,8 @@ func (mg *ClientServiceAccountRole) ResolveReferences(ctx context.Context, c cli Reference: mg.Spec.ForProvider.RealmIDRef, Selector: mg.Spec.ForProvider.RealmIDSelector, To: reference.To{ - List: &v1alpha1.RealmList{}, - Managed: &v1alpha1.Realm{}, + List: &v1alpha11.RealmList{}, + Managed: &v1alpha11.Realm{}, }, }) if err != nil { @@ -555,8 +628,8 @@ func (mg *ClientServiceAccountRole) ResolveReferences(ctx context.Context, c cli Reference: mg.Spec.InitProvider.RealmIDRef, Selector: mg.Spec.InitProvider.RealmIDSelector, To: reference.To{ - List: &v1alpha1.RealmList{}, - Managed: &v1alpha1.Realm{}, + List: &v1alpha11.RealmList{}, + Managed: &v1alpha11.Realm{}, }, }) if err != nil { @@ -597,8 +670,8 @@ func (mg *ClientUserPolicy) ResolveReferences(ctx context.Context, c client.Read Reference: mg.Spec.ForProvider.RealmIDRef, Selector: mg.Spec.ForProvider.RealmIDSelector, To: reference.To{ - List: &v1alpha1.RealmList{}, - Managed: &v1alpha1.Realm{}, + List: &v1alpha11.RealmList{}, + Managed: &v1alpha11.Realm{}, }, }) if err != nil { @@ -613,8 +686,8 @@ func (mg *ClientUserPolicy) ResolveReferences(ctx context.Context, c client.Read Reference: mg.Spec.InitProvider.RealmIDRef, Selector: mg.Spec.InitProvider.RealmIDSelector, To: reference.To{ - List: &v1alpha1.RealmList{}, - Managed: &v1alpha1.Realm{}, + List: &v1alpha11.RealmList{}, + Managed: &v1alpha11.Realm{}, }, }) if err != nil { diff --git a/config/openidclient/config.go b/config/openidclient/config.go index 21448db..9427868 100644 --- a/config/openidclient/config.go +++ b/config/openidclient/config.go @@ -14,6 +14,14 @@ func Configure(p *config.Provider) { p.AddResourceConfigurator("keycloak_openid_client", func(r *config.Resource) { // We need to override the default group that upjet generated for r.ShortGroup = Group + + r.References["authentication_flow_binding_overrides.browser_id"] = config.Reference{ + Type: "github.com/crossplane-contrib/provider-keycloak/apis/authenticationflow/v1alpha1.Flow", + } + r.References["authentication_flow_binding_overrides.direct_grant_id"] = config.Reference{ + Type: "github.com/crossplane-contrib/provider-keycloak/apis/authenticationflow/v1alpha1.Flow", + } + }) p.AddResourceConfigurator("keycloak_openid_client_default_scopes", func(r *config.Resource) { diff --git a/package/crds/openidclient.keycloak.crossplane.io_clients.yaml b/package/crds/openidclient.keycloak.crossplane.io_clients.yaml index 6bc596d..c3e0556 100644 --- a/package/crds/openidclient.keycloak.crossplane.io_clients.yaml +++ b/package/crds/openidclient.keycloak.crossplane.io_clients.yaml @@ -90,9 +90,161 @@ spec: browserId: description: Browser flow id, (flow needs to exist) type: string + browserIdRef: + description: Reference to a Flow in authenticationflow to + populate browserId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + browserIdSelector: + description: Selector for a Flow in authenticationflow to + populate browserId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object directGrantId: description: Direct grant flow id (flow needs to exist) type: string + directGrantIdRef: + description: Reference to a Flow in authenticationflow to + populate directGrantId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + directGrantIdSelector: + description: Selector for a Flow in authenticationflow to + populate directGrantId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object type: array authorization: @@ -521,9 +673,161 @@ spec: browserId: description: Browser flow id, (flow needs to exist) type: string + browserIdRef: + description: Reference to a Flow in authenticationflow to + populate browserId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + browserIdSelector: + description: Selector for a Flow in authenticationflow to + populate browserId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object directGrantId: description: Direct grant flow id (flow needs to exist) type: string + directGrantIdRef: + description: Reference to a Flow in authenticationflow to + populate directGrantId. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + directGrantIdSelector: + description: Selector for a Flow in authenticationflow to + populate directGrantId. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object type: array authorization: