About
The rustcloak operator is a Kubernetes operator that manages Keycloak instances through the Keycloak Admin API. The overall goal is to provide a cloud native management interface for Keycloak instances.
Goals
-
Manage Keycloak instances solely through kubernetes resources.1
-
Provide a migration path for people that have been let down by Keycloak's own efforts to provide an operator.
Non-Goals
-
Manage the deployment of Keycloak instances.
-
Support other IdM solutions than Keycloak.
Most of the management interface can be already provisioned through rustcloak's CRDs One notable exception are Subgroups. So currently Rustcloak can only handle a single layer of groups.
Installation
The prefered way to install the rustcloak operator is to use the provided helm chart. The helm chart is available through the withlazers helm repository.
helm repo add withlazers https://charts.withlazers.dev
helm install rustcloak withlazers/rustcloak
For more information on how to configure the helm chart, see the helm chart documentation on Github.
Quick Start
Pre-requisites
- A running Kubernetes cluster
kubectlinstalled and configured to use the clusterhelminstalled
Install Rustcloak
helm repo add withlazers https://charts.withlazers.dev
helm install rustcloak withlazers/rustcloak-operator
Install Keycloak
Prepare a keycloak-values.yaml file with the following content:1
command:
- "/opt/keycloak/bin/kc.sh"
- "start"
- "--http-port=8080"
- "--hostname-strict=false"
extraEnv: |
- name: JAVA_OPTS_APPEND
value: >-
-Djgroups.dns.query={{ include "keycloak.fullname" . }}-headless
extraEnvFrom: |
- secretRef:
name: keycloak-admin
Then install Keycloak:
helm repo add codecentric https://codecentric.github.io/helm-charts:
helm install keycloak codecentric/keycloakx -f keycloak-values.yaml
If you see an "CreateContainerConfigError" error, this is expected. Keycloak is waiting for its admin credentials.
Tell Rustcloak about Keycloak
With Keycloak running, you can now create a KeycloakInstance resource linking Rustcloak to Keycloak:
apiVersion: rustcloak.k8s.eboland.de/v1
kind: KeycloakInstance
metadata:
name: keycloak-instance
spec:
baseUrl: http://keycloak-keycloakx-http:80/auth
credentials:
# Rustcloak will take care of creating this secret with a random password.
create: true
passwordKey: KEYCLOAK_ADMIN_PASSWORD
secretName: keycloak-admin
usernameKey: KEYCLOAK_ADMIN
Now keycloak should start up and Rustcloak should be able to connect to it. You can extract the login credentials from the secret:
echo "$(kubectl get secrets keycloak-admin --template={{.data.KEYCLOAK_ADMIN_PASSWORD}} | base64 -d)"
The user name is rustcloak-admin
Verify Rustcloak is able to connect to Keycloak
# kubectl get kci keycloak-instance
NAME BASE URL READY STATUS
keycloak-instance http://keycloak-keycloakx-http:80/auth true Authenticated
If the READY column is true, Rustcloak is able to connect to Keycloak. To debug any issues, have a look at the status section of the KeycloakInstance resource or the logs of the Rustcloak pod.
Configuration
Congratulations! You are now able to configure Keycloak using Kubernetes resources. Here are a few examples what you can do now:
Create a Realm
With the KeycloakInstance resource in place, you can now create a KeycloakRealm resource:
apiVersion: rustcloak.k8s.eboland.de/v1
kind: KeycloakRealm
metadata:
name: example-keycloakrealm
spec:
instanceRef: keycloak-instance
definition:
realm: an-example-realm
Create a Client
With the KeycloakRealm resource in place, you can now create a KeycloakClient resource:
apiVersion: rustcloak.k8s.eboland.de/v1
kind: KeycloakClient
metadata:
name: example-keycloakclient
spec:
realmRef: example-keycloakrealm
definition:
clientId: example-client
name: An example client
clientSecret:
secretName: example-keycloakclient
Rustcloak will retrieve the client secret from Keycloak and store it in a secret named example-keycloakclient:
# kubectl get secret example-keycloakclient -o yaml
apiVersion: v1
data:
client_id: ZXhhbXBsZS1jbGllbnQ=
client_secret: enNWVmhCYjlqSWtvbjJHdTY5TXZ1R1IwYlFsVTMxbGE=
kind: Secret
metadata:
creationTimestamp: "2024-11-09T19:20:39Z"
name: example-keycloakclient
namespace: default
ownerReferences:
- apiVersion: rustcloak.k8s.eboland.de/v1
kind: KeycloakClient
name: example-keycloakclient
uid: d6529acf-5410-4090-ad01-767c68cbf426
resourceVersion: "1097"
uid: 16c9244e-e2fd-4dc2-8175-13f5f8dd54c3
type: Opaque
Create a User
With the KeycloakRealm resource in place, you can now create a KeycloakUser resource:
apiVersion: rustcloak.k8s.eboland.de/v1
kind: KeycloakUser
metadata:
name: example-keycloakuser
spec:
realmRef: example-keycloakrealm
definition:
username: awesome-user
email: mail@example.com
enabled: true
firstName: Awesome
lastName: User
userSecret:
secretName: example-keycloakuser
Rustcloak will create a user in Keycloak and set the password from the secret named example-keycloakuser. If it doesn't exist, it will create it with a random password:
# kubectl get secret example-keycloakuser -o yaml
apiVersion: v1
data:
password: ZXMmPGk6TGpyKX0vOG0hdi95W15MPz83WVxPP3MpKig=
username: YXdlc29tZS11c2Vy
kind: Secret
metadata:
creationTimestamp: "2024-11-09T19:21:14Z"
name: example-keycloakuser
namespace: default
ownerReferences:
- apiVersion: rustcloak.k8s.eboland.de/v1
kind: KeycloakUser
name: example-keycloakuser
uid: aeee2245-b790-48d0-b9f2-79af86cc1753
resourceVersion: "1135"
uid: e1d607fa-8dc6-4db9-bf6b-764d18fc0a57
type: Opaque
This example an adapted version from the codecentric helmchart documentation
Configuration
Rustcloak itself is configured using Helm Charts
Legacy Mode
Rustcloak supports a mode called "legacy mode" in which it can control the CRDs of the keycloak-realms-operator.
Please note that Rustcloak cannot run alongside the keycloak-realm-operator. It is a good idea to remove all objects managed by the old controller before starting Rustcloak and redeploying it for rustcloak to take over.
To enable legacy mode, enabled the legacy: true option in the rustcloak
helm chart.
Patches
In order to load arbitrary values from secrets and configmaps, you can use the patchFrom field of most Keycloak* resources.
Take this example: you have the following definition:
apiVersion: rustcloak.k8s.eboland.de/v1
kind: KeycloakRealm
metadata:
name: example-keycloakrealm
spec:
instanceRef: keycloak-instance
definition:
realm: an-example-realm
identityProviders:
- alias: example-identity-provider
providerId: example-provider
enabled: true
config:
secret: "secret"
Instead of storing the secret in the definition, you can store it in a secret and reference it like this:
apiVersion: rustcloak.k8s.eboland.de/v1
kind: KeycloakRealm
metadata:
name: example-keycloakrealm
spec:
instanceRef: keycloak-instance
definition:
realm: an-example-realm
identityProviders:
- alias: example-identity-provider
providerId: example-provider
enabled: true
config:
secret: "" # must have a dummy value, must be not null
patchFrom:
"identityProviders.0.config.secret":
secretKeyRef:
name: my-secret
key: IDENTITY_PROVIDER_SECRET
valueAs: auto # optional
By default the value is autodetected. You can change this behavior by explicitely setting the
valueAs field. The following values are supported:
auto: Autodetect the value type. This is the default.string: The secret value is interpreted as a stringnumber: The secret value is interpreted as a numberyaml: the value is interpreted as a YAML object (default for auto detected objects)json: the value is interpreted as a JSON object
Note:
For managing passwords of KeycloakUsers and client credentials of KeycloakClients there are dedicated resources available. Please refer to the documentation of the respective resources for more information.
Custom Resource Definitions
Rustcloak uses ships various custom resource definitions (CRDs) to manage keycloak instances.
KeycloakInstance
v1
This resource makes a Keycloak instance known to the operator
| Property | Type | Required |
|---|---|---|
| spec | object | ✅ |
| spec.baseUrl | string | ✅ |
| spec.client | object | |
| spec.client.id | string | ✅ |
| spec.client.secret | string | |
| spec.credentials | object | ✅ |
| spec.credentials.create | boolean | |
| spec.credentials.passwordKey | string | |
| spec.credentials.secretName | string | ✅ |
| spec.credentials.usernameKey | string | |
| spec.realm | string | |
| spec.token | object | |
| spec.token.expiresKey | string | |
| spec.token.secretName | string | |
| spec.token.tokenKey | string | |
| status | object | |
| status.conditions[] | object | |
| status.conditions[].lastTransitionTime | string | |
| status.conditions[].lastUpdateTime | string | |
| status.conditions[].message | string | |
| status.conditions[].reason | string | |
| status.conditions[].status | string | ✅ |
| status.conditions[].type | string | ✅ |
| status.message | string | |
| status.ready | boolean | ✅ |
| status.resourcePath | string | |
| status.status | string |
spec
Type: object
| Property | Type | Required |
|---|---|---|
| baseUrl | string | ✅ |
| client | object | |
| credentials | object | ✅ |
| realm | string | |
| token | object |
missing
spec.baseUrl
Type: string
missing
spec.client
Type: object
missing
spec.client.id
Type: string
missing
spec.client.secret
Type: string
missing
spec.credentials
Type: object
| Property | Type | Required |
|---|---|---|
| create | boolean | |
| passwordKey | string | |
| secretName | string | ✅ |
| usernameKey | string |
missing
spec.credentials.create
Type: boolean
missing
spec.credentials.passwordKey
Type: string
missing
spec.credentials.secretName
Type: string
missing
spec.credentials.usernameKey
Type: string
missing
spec.realm
Type: string
missing
spec.token
Type: object
| Property | Type | Required |
|---|---|---|
| expiresKey | string | |
| secretName | string | |
| tokenKey | string |
missing
spec.token.expiresKey
Type: string
missing
spec.token.secretName
Type: string
missing
spec.token.tokenKey
Type: string
missing
status
Type: object
| Property | Type | Required |
|---|---|---|
| conditions[] | object | |
| message | string | |
| ready | boolean | ✅ |
| resourcePath | string | |
| status | string |
missing
status.conditions[]
Type: object
| Property | Type | Required |
|---|---|---|
| lastTransitionTime | string | |
| lastUpdateTime | string | |
| message | string | |
| reason | string | |
| status | string | ✅ |
| type | string | ✅ |
missing
status.conditions[].lastTransitionTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].lastUpdateTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].message
Type: string
missing
status.conditions[].reason
Type: string
missing
status.conditions[].status
Type: string
missing
status.conditions[].type
Type: string
missing
status.message
Type: string
missing
status.ready
Type: boolean
missing
status.resourcePath
Type: string
missing
status.status
Type: string
missing
KeycloakApiObject
v1
Custom Resource for Keycloak API requests. The user should not use this resource directly.
spec
Type: object
| Property | Type | Required |
|---|---|---|
| endpoint | object | ✅ |
| immutablePayload | string | ✅ |
| options | object | |
| payload | string | ✅ |
| vars[] | object |
defines an API request to the Keycloak Admin API.
spec.endpoint
Type: object
| Property | Type | Required |
|---|---|---|
| instanceRef | string | ✅ |
| path | string | ✅ |
missing
spec.endpoint.instanceRef
Type: string
| Validation Rule | Error Message |
|---|---|
| self == oldSelf | Value is immutable |
missing
spec.endpoint.path
Type: string
| Validation Rule | Error Message |
|---|---|
| self == oldSelf | Value is immutable |
missing
spec.immutablePayload
Type: string
| Validation Rule | Error Message |
|---|---|
| self == oldSelf | Value is immutable |
missing
spec.options
Type: object
Options for the request to the Keycloak Admin API.
spec.payload
Type: string
missing
spec.vars[]
Type: object
EnvVar represents an environment variable present in a Container.
spec.vars[].name
Type: string
Name of the environment variable. Must be a C_IDENTIFIER.
spec.vars[].value
Type: string
Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
spec.vars[].valueFrom
Type: object
| Property | Type | Required |
|---|---|---|
| configMapKeyRef | object | |
| fieldRef | object | |
| resourceFieldRef | object | |
| secretKeyRef | object |
Source for the environment variable's value. Cannot be used if value is not empty.
spec.vars[].valueFrom.configMapKeyRef
Type: object
Selects a key of a ConfigMap.
spec.vars[].valueFrom.configMapKeyRef.key
Type: string
The key to select.
spec.vars[].valueFrom.configMapKeyRef.name
Type: string
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.vars[].valueFrom.configMapKeyRef.optional
Type: boolean
Specify whether the ConfigMap or its key must be defined
spec.vars[].valueFrom.fieldRef
Type: object
| Property | Type | Required |
|---|---|---|
| apiVersion | string | |
| fieldPath | string | ✅ |
Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels['<KEY>'], metadata.annotations['<KEY>'], spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
spec.vars[].valueFrom.fieldRef.apiVersion
Type: string
Version of the schema the FieldPath is written in terms of, defaults to "v1".
spec.vars[].valueFrom.fieldRef.fieldPath
Type: string
Path of the field to select in the specified API version.
spec.vars[].valueFrom.resourceFieldRef
Type: object
| Property | Type | Required |
|---|---|---|
| containerName | string | |
| divisor | string | |
| resource | string | ✅ |
Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
spec.vars[].valueFrom.resourceFieldRef.containerName
Type: string
Container name: required for volumes, optional for env vars
spec.vars[].valueFrom.resourceFieldRef.divisor
Type: string
Specifies the output format of the exposed resources, defaults to "1"
spec.vars[].valueFrom.resourceFieldRef.resource
Type: string
Required: resource to select
spec.vars[].valueFrom.secretKeyRef
Type: object
Selects a key of a secret in the pod's namespace
spec.vars[].valueFrom.secretKeyRef.key
Type: string
The key of the secret to select from. Must be a valid secret key.
spec.vars[].valueFrom.secretKeyRef.name
Type: string
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
spec.vars[].valueFrom.secretKeyRef.optional
Type: boolean
Specify whether the Secret or its key must be defined
status
Type: object
| Property | Type | Required |
|---|---|---|
| conditions[] | object | |
| message | string | |
| ready | boolean | ✅ |
| resourcePath | string | |
| status | string |
missing
status.conditions[]
Type: object
| Property | Type | Required |
|---|---|---|
| lastTransitionTime | string | |
| lastUpdateTime | string | |
| message | string | |
| reason | string | |
| status | string | ✅ |
| type | string | ✅ |
missing
status.conditions[].lastTransitionTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].lastUpdateTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].message
Type: string
missing
status.conditions[].reason
Type: string
missing
status.conditions[].status
Type: string
missing
status.conditions[].type
Type: string
missing
status.message
Type: string
missing
status.ready
Type: boolean
missing
status.resourcePath
Type: string
missing
status.status
Type: string
missing
KeycloakAuthenticationFlow
v1
resource to define an Authentication Flow within a KeycloakRealm
spec
Type: object
| Property | Type | Required |
|---|---|---|
| definition | object | ✅ |
| options | object | |
| patchFrom | object | |
| realmRef | string | ✅ |
the KeycloakAuthenticationFlow resource
spec.definition
Type: object
| Property | Type | Required |
|---|---|---|
| alias | string | |
| authenticationExecutions[] | object | |
| builtIn | boolean | |
| description | string | |
| id | string | |
| providerId | string | |
| topLevel | boolean |
| Validation Rule | Error Message |
|---|---|
| has(self.id) == has(oldSelf.id) | Value is immutable |
missing
spec.definition.alias
Type: string
missing
spec.definition.authenticationExecutions[]
Type: object
| Property | Type | Required |
|---|---|---|
| authenticator | string | |
| authenticatorConfig | string | |
| authenticatorFlow | boolean | |
| autheticatorFlow | boolean | |
| flowAlias | string | |
| priority | integer | |
| requirement | string | |
| userSetupAllowed | boolean |
missing
spec.definition.authenticationExecutions[].authenticator
Type: string
missing
spec.definition.authenticationExecutions[].authenticatorConfig
Type: string
missing
spec.definition.authenticationExecutions[].authenticatorFlow
Type: boolean
missing
spec.definition.authenticationExecutions[].autheticatorFlow
Type: boolean
missing
spec.definition.authenticationExecutions[].flowAlias
Type: string
missing
spec.definition.authenticationExecutions[].priority
Type: integer
missing
spec.definition.authenticationExecutions[].requirement
Type: string
missing
spec.definition.authenticationExecutions[].userSetupAllowed
Type: boolean
missing
spec.definition.builtIn
Type: boolean
missing
spec.definition.description
Type: string
missing
spec.definition.id
Type: string
| Validation Rule | Error Message |
|---|---|
| self == oldSelf | Value is immutable |
missing
spec.definition.providerId
Type: string
missing
spec.definition.topLevel
Type: boolean
missing
spec.options
Type: object
Options for the request to the Keycloak Admin API.
spec.patchFrom
Type: object
Defines additional values that can be loaded from secrets or configmaps. Field selectors are not supported. For more informations see the patches documentation.
spec.realmRef
Type: string
the name of the kubernetes object that created the realm.
status
Type: object
| Property | Type | Required |
|---|---|---|
| conditions[] | object | |
| message | string | |
| ready | boolean | ✅ |
| resourcePath | string | |
| status | string |
missing
status.conditions[]
Type: object
| Property | Type | Required |
|---|---|---|
| lastTransitionTime | string | |
| lastUpdateTime | string | |
| message | string | |
| reason | string | |
| status | string | ✅ |
| type | string | ✅ |
missing
status.conditions[].lastTransitionTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].lastUpdateTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].message
Type: string
missing
status.conditions[].reason
Type: string
missing
status.conditions[].status
Type: string
missing
status.conditions[].type
Type: string
missing
status.message
Type: string
missing
status.ready
Type: boolean
missing
status.resourcePath
Type: string
missing
status.status
Type: string
missing
KeycloakAuthenticatorConfig
v1
resource to define an Authenticator Config within a KeycloakRealm
| Property | Type | Required |
|---|---|---|
| spec | object | ✅ |
| spec.definition | object | ✅ |
| spec.definition.alias | string | |
| spec.definition.config | object | |
| spec.definition.id | string | |
| spec.options | object | |
| spec.patchFrom | object | |
| spec.realmRef | string | ✅ |
| status | object | |
| status.conditions[] | object | |
| status.conditions[].lastTransitionTime | string | |
| status.conditions[].lastUpdateTime | string | |
| status.conditions[].message | string | |
| status.conditions[].reason | string | |
| status.conditions[].status | string | ✅ |
| status.conditions[].type | string | ✅ |
| status.message | string | |
| status.ready | boolean | ✅ |
| status.resourcePath | string | |
| status.status | string |
spec
Type: object
| Property | Type | Required |
|---|---|---|
| definition | object | ✅ |
| options | object | |
| patchFrom | object | |
| realmRef | string | ✅ |
the KeycloakAuthenticatorConfig resource
spec.definition
Type: object
| Validation Rule | Error Message |
|---|---|
| has(self.id) == has(oldSelf.id) | Value is immutable |
missing
spec.definition.alias
Type: string
missing
spec.definition.config
Type: object
missing
spec.definition.id
Type: string
| Validation Rule | Error Message |
|---|---|
| self == oldSelf | Value is immutable |
missing
spec.options
Type: object
Options for the request to the Keycloak Admin API.
spec.patchFrom
Type: object
Defines additional values that can be loaded from secrets or configmaps. Field selectors are not supported. For more informations see the patches documentation.
spec.realmRef
Type: string
the name of the kubernetes object that created the realm.
status
Type: object
| Property | Type | Required |
|---|---|---|
| conditions[] | object | |
| message | string | |
| ready | boolean | ✅ |
| resourcePath | string | |
| status | string |
missing
status.conditions[]
Type: object
| Property | Type | Required |
|---|---|---|
| lastTransitionTime | string | |
| lastUpdateTime | string | |
| message | string | |
| reason | string | |
| status | string | ✅ |
| type | string | ✅ |
missing
status.conditions[].lastTransitionTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].lastUpdateTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].message
Type: string
missing
status.conditions[].reason
Type: string
missing
status.conditions[].status
Type: string
missing
status.conditions[].type
Type: string
missing
status.message
Type: string
missing
status.ready
Type: boolean
missing
status.resourcePath
Type: string
missing
status.status
Type: string
missing
KeycloakClient
v1
resource to define a Client within a KeycloakRealm
spec
Type: object
| Property | Type | Required |
|---|---|---|
| clientSecret | object | |
| definition | object | ✅ |
| options | object | |
| patchFrom | object | |
| realmRef | string | ✅ |
the KeycloakClient resource
spec.clientSecret
Type: object
| Property | Type | Required |
|---|---|---|
| clientIdKey | string | |
| clientSecretKey | string | |
| secretName | string | ✅ |
missing
spec.clientSecret.clientIdKey
Type: string
missing
spec.clientSecret.clientSecretKey
Type: string
missing
spec.clientSecret.secretName
Type: string
missing
spec.definition
Type: object
| Property | Type | Required |
|---|---|---|
| access | object | |
| adminUrl | string | |
| alwaysDisplayInConsole | boolean | |
| attributes | object | |
| authenticationFlowBindingOverrides | object | |
| authorizationServicesEnabled | boolean | |
| authorizationSettings | object | |
| baseUrl | string | |
| bearerOnly | boolean | |
| clientAuthenticatorType | string | |
| clientId | string | |
| clientTemplate | string | |
| consentRequired | boolean | |
| defaultClientScopes[] | string | |
| defaultRoles[] | string | |
| description | string | |
| directAccessGrantsEnabled | boolean | |
| directGrantsOnly | boolean | |
| enabled | boolean | |
| frontchannelLogout | boolean | |
| fullScopeAllowed | boolean | |
| id | string | |
| implicitFlowEnabled | boolean | |
| name | string | |
| nodeReRegistrationTimeout | integer | |
| notBefore | integer | |
| optionalClientScopes[] | string | |
| origin | string | |
| protocol | string | |
| protocolMappers[] | object | |
| publicClient | boolean | |
| redirectUris[] | string | |
| registeredNodes | object | |
| registrationAccessToken | string | |
| rootUrl | string | |
| secret | string | |
| serviceAccountsEnabled | boolean | |
| standardFlowEnabled | boolean | |
| surrogateAuthRequired | boolean | |
| type | string | |
| useTemplateConfig | boolean | |
| useTemplateMappers | boolean | |
| useTemplateScope | boolean | |
| webOrigins[] | string |
| Validation Rule | Error Message |
|---|---|
| has(self.id) == has(oldSelf.id) | Value is immutable |
missing
spec.definition.access
Type: object
missing
spec.definition.adminUrl
Type: string
missing
spec.definition.alwaysDisplayInConsole
Type: boolean
missing
spec.definition.attributes
Type: object
missing
spec.definition.authenticationFlowBindingOverrides
Type: object
missing
spec.definition.authorizationServicesEnabled
Type: boolean
missing
spec.definition.authorizationSettings
Type: object
| Property | Type | Required |
|---|---|---|
| allowRemoteResourceManagement | boolean | |
| clientId | string | |
| decisionStrategy | string | |
| id | string | |
| name | string | |
| policies[] | object | |
| policyEnforcementMode | string | |
| resources[] | object | |
| scopes[] | object |
missing
spec.definition.authorizationSettings.allowRemoteResourceManagement
Type: boolean
missing
spec.definition.authorizationSettings.clientId
Type: string
missing
spec.definition.authorizationSettings.decisionStrategy
Type: string
missing
spec.definition.authorizationSettings.id
Type: string
missing
spec.definition.authorizationSettings.name
Type: string
missing
spec.definition.authorizationSettings.policies[]
Type: object
| Property | Type | Required |
|---|---|---|
| config | object | |
| decisionStrategy | string | |
| description | string | |
| id | string | |
| logic | string | |
| name | string | |
| owner | string | |
| policies[] | string | |
| resources[] | string | |
| resourcesData[] | object | |
| scopes[] | string | |
| scopesData[] | object | |
| type | string |
missing
spec.definition.authorizationSettings.policies[].config
Type: object
missing
spec.definition.authorizationSettings.policies[].decisionStrategy
Type: string
missing
spec.definition.authorizationSettings.policies[].description
Type: string
missing
spec.definition.authorizationSettings.policies[].id
Type: string
missing
spec.definition.authorizationSettings.policies[].logic
Type: string
missing
spec.definition.authorizationSettings.policies[].name
Type: string
missing
spec.definition.authorizationSettings.policies[].owner
Type: string
missing
spec.definition.authorizationSettings.policies[].policies[]
Type: string
missing
spec.definition.authorizationSettings.policies[].resources[]
Type: string
missing
spec.definition.authorizationSettings.policies[].resourcesData[]
Type: object
| Property | Type | Required |
|---|---|---|
| _id | string | |
| attributes | object | |
| displayName | string | |
| icon_uri | string | |
| name | string | |
| owner | object | |
| ownerManagedAccess | boolean | |
| scopes[] | object | |
| scopesUma[] | object | |
| type | string | |
| uri | string | |
| uris[] | string |
missing
spec.definition.authorizationSettings.policies[].resourcesData[]._id
Type: string
missing
spec.definition.authorizationSettings.policies[].resourcesData[].attributes
Type: object
missing
spec.definition.authorizationSettings.policies[].resourcesData[].displayName
Type: string
missing
spec.definition.authorizationSettings.policies[].resourcesData[].icon_uri
Type: string
missing
spec.definition.authorizationSettings.policies[].resourcesData[].name
Type: string
missing
spec.definition.authorizationSettings.policies[].resourcesData[].owner
Type: object
missing
spec.definition.authorizationSettings.policies[].resourcesData[].owner.id
Type: string
missing
spec.definition.authorizationSettings.policies[].resourcesData[].owner.name
Type: string
missing
spec.definition.authorizationSettings.policies[].resourcesData[].ownerManagedAccess
Type: boolean
missing
spec.definition.authorizationSettings.policies[].resourcesData[].scopes[]
Type: object
| Property | Type | Required |
|---|---|---|
| displayName | string | |
| iconUri | string | |
| id | string | |
| name | string |
missing
spec.definition.authorizationSettings.policies[].resourcesData[].scopes[].displayName
Type: string
missing
spec.definition.authorizationSettings.policies[].resourcesData[].scopes[].iconUri
Type: string
missing
spec.definition.authorizationSettings.policies[].resourcesData[].scopes[].id
Type: string
missing
spec.definition.authorizationSettings.policies[].resourcesData[].scopes[].name
Type: string
missing
spec.definition.authorizationSettings.policies[].resourcesData[].scopesUma[]
Type: object
| Property | Type | Required |
|---|---|---|
| displayName | string | |
| iconUri | string | |
| id | string | |
| name | string |
missing
spec.definition.authorizationSettings.policies[].resourcesData[].scopesUma[].displayName
Type: string
missing
spec.definition.authorizationSettings.policies[].resourcesData[].scopesUma[].iconUri
Type: string
missing
spec.definition.authorizationSettings.policies[].resourcesData[].scopesUma[].id
Type: string
missing
spec.definition.authorizationSettings.policies[].resourcesData[].scopesUma[].name
Type: string
missing
spec.definition.authorizationSettings.policies[].resourcesData[].type
Type: string
missing
spec.definition.authorizationSettings.policies[].resourcesData[].uri
Type: string
missing
spec.definition.authorizationSettings.policies[].resourcesData[].uris[]
Type: string
missing
spec.definition.authorizationSettings.policies[].scopes[]
Type: string
missing
spec.definition.authorizationSettings.policies[].scopesData[]
Type: object
| Property | Type | Required |
|---|---|---|
| displayName | string | |
| iconUri | string | |
| id | string | |
| name | string | |
| resources[] | object |
missing
spec.definition.authorizationSettings.policies[].scopesData[].displayName
Type: string
missing
spec.definition.authorizationSettings.policies[].scopesData[].iconUri
Type: string
missing
spec.definition.authorizationSettings.policies[].scopesData[].id
Type: string
missing
spec.definition.authorizationSettings.policies[].scopesData[].name
Type: string
missing
spec.definition.authorizationSettings.policies[].scopesData[].resources[]
Type: object
| Property | Type | Required |
|---|---|---|
| _id | string | |
| attributes | object | |
| displayName | string | |
| icon_uri | string | |
| name | string | |
| owner | object | |
| ownerManagedAccess | boolean | |
| type | string | |
| uri | string | |
| uris[] | string |
missing
spec.definition.authorizationSettings.policies[].scopesData[].resources[]._id
Type: string
missing
spec.definition.authorizationSettings.policies[].scopesData[].resources[].attributes
Type: object
missing
spec.definition.authorizationSettings.policies[].scopesData[].resources[].displayName
Type: string
missing
spec.definition.authorizationSettings.policies[].scopesData[].resources[].icon_uri
Type: string
missing
spec.definition.authorizationSettings.policies[].scopesData[].resources[].name
Type: string
missing
spec.definition.authorizationSettings.policies[].scopesData[].resources[].owner
Type: object
missing
spec.definition.authorizationSettings.policies[].scopesData[].resources[].owner.id
Type: string
missing
spec.definition.authorizationSettings.policies[].scopesData[].resources[].owner.name
Type: string
missing
spec.definition.authorizationSettings.policies[].scopesData[].resources[].ownerManagedAccess
Type: boolean
missing
spec.definition.authorizationSettings.policies[].scopesData[].resources[].type
Type: string
missing
spec.definition.authorizationSettings.policies[].scopesData[].resources[].uri
Type: string
missing
spec.definition.authorizationSettings.policies[].scopesData[].resources[].uris[]
Type: string
missing
spec.definition.authorizationSettings.policies[].type
Type: string
missing
spec.definition.authorizationSettings.policyEnforcementMode
Type: string
missing
spec.definition.authorizationSettings.resources[]
Type: object
| Property | Type | Required |
|---|---|---|
| _id | string | |
| attributes | object | |
| displayName | string | |
| icon_uri | string | |
| name | string | |
| owner | object | |
| ownerManagedAccess | boolean | |
| scopes[] | object | |
| scopesUma[] | object | |
| type | string | |
| uri | string | |
| uris[] | string |
missing
spec.definition.authorizationSettings.resources[]._id
Type: string
missing
spec.definition.authorizationSettings.resources[].attributes
Type: object
missing
spec.definition.authorizationSettings.resources[].displayName
Type: string
missing
spec.definition.authorizationSettings.resources[].icon_uri
Type: string
missing
spec.definition.authorizationSettings.resources[].name
Type: string
missing
spec.definition.authorizationSettings.resources[].owner
Type: object
missing
spec.definition.authorizationSettings.resources[].owner.id
Type: string
missing
spec.definition.authorizationSettings.resources[].owner.name
Type: string
missing
spec.definition.authorizationSettings.resources[].ownerManagedAccess
Type: boolean
missing
spec.definition.authorizationSettings.resources[].scopes[]
Type: object
| Property | Type | Required |
|---|---|---|
| displayName | string | |
| iconUri | string | |
| id | string | |
| name | string | |
| policies[] | object |
missing
spec.definition.authorizationSettings.resources[].scopes[].displayName
Type: string
missing
spec.definition.authorizationSettings.resources[].scopes[].iconUri
Type: string
missing
spec.definition.authorizationSettings.resources[].scopes[].id
Type: string
missing
spec.definition.authorizationSettings.resources[].scopes[].name
Type: string
missing
spec.definition.authorizationSettings.resources[].scopes[].policies[]
Type: object
| Property | Type | Required |
|---|---|---|
| config | object | |
| decisionStrategy | string | |
| description | string | |
| id | string | |
| logic | string | |
| name | string | |
| owner | string | |
| policies[] | string | |
| resources[] | string | |
| scopes[] | string | |
| type | string |
missing
spec.definition.authorizationSettings.resources[].scopes[].policies[].config
Type: object
missing
spec.definition.authorizationSettings.resources[].scopes[].policies[].decisionStrategy
Type: string
missing
spec.definition.authorizationSettings.resources[].scopes[].policies[].description
Type: string
missing
spec.definition.authorizationSettings.resources[].scopes[].policies[].id
Type: string
missing
spec.definition.authorizationSettings.resources[].scopes[].policies[].logic
Type: string
missing
spec.definition.authorizationSettings.resources[].scopes[].policies[].name
Type: string
missing
spec.definition.authorizationSettings.resources[].scopes[].policies[].owner
Type: string
missing
spec.definition.authorizationSettings.resources[].scopes[].policies[].policies[]
Type: string
missing
spec.definition.authorizationSettings.resources[].scopes[].policies[].resources[]
Type: string
missing
spec.definition.authorizationSettings.resources[].scopes[].policies[].scopes[]
Type: string
missing
spec.definition.authorizationSettings.resources[].scopes[].policies[].type
Type: string
missing
spec.definition.authorizationSettings.resources[].scopesUma[]
Type: object
| Property | Type | Required |
|---|---|---|
| displayName | string | |
| iconUri | string | |
| id | string | |
| name | string | |
| policies[] | object |
missing
spec.definition.authorizationSettings.resources[].scopesUma[].displayName
Type: string
missing
spec.definition.authorizationSettings.resources[].scopesUma[].iconUri
Type: string
missing
spec.definition.authorizationSettings.resources[].scopesUma[].id
Type: string
missing
spec.definition.authorizationSettings.resources[].scopesUma[].name
Type: string
missing
spec.definition.authorizationSettings.resources[].scopesUma[].policies[]
Type: object
| Property | Type | Required |
|---|---|---|
| config | object | |
| decisionStrategy | string | |
| description | string | |
| id | string | |
| logic | string | |
| name | string | |
| owner | string | |
| policies[] | string | |
| resources[] | string | |
| scopes[] | string | |
| type | string |
missing
spec.definition.authorizationSettings.resources[].scopesUma[].policies[].config
Type: object
missing
spec.definition.authorizationSettings.resources[].scopesUma[].policies[].decisionStrategy
Type: string
missing
spec.definition.authorizationSettings.resources[].scopesUma[].policies[].description
Type: string
missing
spec.definition.authorizationSettings.resources[].scopesUma[].policies[].id
Type: string
missing
spec.definition.authorizationSettings.resources[].scopesUma[].policies[].logic
Type: string
missing
spec.definition.authorizationSettings.resources[].scopesUma[].policies[].name
Type: string
missing
spec.definition.authorizationSettings.resources[].scopesUma[].policies[].owner
Type: string
missing
spec.definition.authorizationSettings.resources[].scopesUma[].policies[].policies[]
Type: string
missing
spec.definition.authorizationSettings.resources[].scopesUma[].policies[].resources[]
Type: string
missing
spec.definition.authorizationSettings.resources[].scopesUma[].policies[].scopes[]
Type: string
missing
spec.definition.authorizationSettings.resources[].scopesUma[].policies[].type
Type: string
missing
spec.definition.authorizationSettings.resources[].type
Type: string
missing
spec.definition.authorizationSettings.resources[].uri
Type: string
missing
spec.definition.authorizationSettings.resources[].uris[]
Type: string
missing
spec.definition.authorizationSettings.scopes[]
Type: object
| Property | Type | Required |
|---|---|---|
| displayName | string | |
| iconUri | string | |
| id | string | |
| name | string | |
| policies[] | object | |
| resources[] | object |
missing
spec.definition.authorizationSettings.scopes[].displayName
Type: string
missing
spec.definition.authorizationSettings.scopes[].iconUri
Type: string
missing
spec.definition.authorizationSettings.scopes[].id
Type: string
missing
spec.definition.authorizationSettings.scopes[].name
Type: string
missing
spec.definition.authorizationSettings.scopes[].policies[]
Type: object
| Property | Type | Required |
|---|---|---|
| config | object | |
| decisionStrategy | string | |
| description | string | |
| id | string | |
| logic | string | |
| name | string | |
| owner | string | |
| policies[] | string | |
| resources[] | string | |
| resourcesData[] | object | |
| scopes[] | string | |
| type | string |
missing
spec.definition.authorizationSettings.scopes[].policies[].config
Type: object
missing
spec.definition.authorizationSettings.scopes[].policies[].decisionStrategy
Type: string
missing
spec.definition.authorizationSettings.scopes[].policies[].description
Type: string
missing
spec.definition.authorizationSettings.scopes[].policies[].id
Type: string
missing
spec.definition.authorizationSettings.scopes[].policies[].logic
Type: string
missing
spec.definition.authorizationSettings.scopes[].policies[].name
Type: string
missing
spec.definition.authorizationSettings.scopes[].policies[].owner
Type: string
missing
spec.definition.authorizationSettings.scopes[].policies[].policies[]
Type: string
missing
spec.definition.authorizationSettings.scopes[].policies[].resources[]
Type: string
missing
spec.definition.authorizationSettings.scopes[].policies[].resourcesData[]
Type: object
| Property | Type | Required |
|---|---|---|
| _id | string | |
| attributes | object | |
| displayName | string | |
| icon_uri | string | |
| name | string | |
| owner | object | |
| ownerManagedAccess | boolean | |
| type | string | |
| uri | string | |
| uris[] | string |
missing
spec.definition.authorizationSettings.scopes[].policies[].resourcesData[]._id
Type: string
missing
spec.definition.authorizationSettings.scopes[].policies[].resourcesData[].attributes
Type: object
missing
spec.definition.authorizationSettings.scopes[].policies[].resourcesData[].displayName
Type: string
missing
spec.definition.authorizationSettings.scopes[].policies[].resourcesData[].icon_uri
Type: string
missing
spec.definition.authorizationSettings.scopes[].policies[].resourcesData[].name
Type: string
missing
spec.definition.authorizationSettings.scopes[].policies[].resourcesData[].owner
Type: object
missing
spec.definition.authorizationSettings.scopes[].policies[].resourcesData[].owner.id
Type: string
missing
spec.definition.authorizationSettings.scopes[].policies[].resourcesData[].owner.name
Type: string
missing
spec.definition.authorizationSettings.scopes[].policies[].resourcesData[].ownerManagedAccess
Type: boolean
missing
spec.definition.authorizationSettings.scopes[].policies[].resourcesData[].type
Type: string
missing
spec.definition.authorizationSettings.scopes[].policies[].resourcesData[].uri
Type: string
missing
spec.definition.authorizationSettings.scopes[].policies[].resourcesData[].uris[]
Type: string
missing
spec.definition.authorizationSettings.scopes[].policies[].scopes[]
Type: string
missing
spec.definition.authorizationSettings.scopes[].policies[].type
Type: string
missing
spec.definition.authorizationSettings.scopes[].resources[]
Type: object
| Property | Type | Required |
|---|---|---|
| _id | string | |
| attributes | object | |
| displayName | string | |
| icon_uri | string | |
| name | string | |
| owner | object | |
| ownerManagedAccess | boolean | |
| type | string | |
| uri | string | |
| uris[] | string |
missing
spec.definition.authorizationSettings.scopes[].resources[]._id
Type: string
missing
spec.definition.authorizationSettings.scopes[].resources[].attributes
Type: object
missing
spec.definition.authorizationSettings.scopes[].resources[].displayName
Type: string
missing
spec.definition.authorizationSettings.scopes[].resources[].icon_uri
Type: string
missing
spec.definition.authorizationSettings.scopes[].resources[].name
Type: string
missing
spec.definition.authorizationSettings.scopes[].resources[].owner
Type: object
missing
spec.definition.authorizationSettings.scopes[].resources[].owner.id
Type: string
missing
spec.definition.authorizationSettings.scopes[].resources[].owner.name
Type: string
missing
spec.definition.authorizationSettings.scopes[].resources[].ownerManagedAccess
Type: boolean
missing
spec.definition.authorizationSettings.scopes[].resources[].type
Type: string
missing
spec.definition.authorizationSettings.scopes[].resources[].uri
Type: string
missing
spec.definition.authorizationSettings.scopes[].resources[].uris[]
Type: string
missing
spec.definition.baseUrl
Type: string
missing
spec.definition.bearerOnly
Type: boolean
missing
spec.definition.clientAuthenticatorType
Type: string
missing
spec.definition.clientId
Type: string
missing
spec.definition.clientTemplate
Type: string
missing
spec.definition.consentRequired
Type: boolean
missing
spec.definition.defaultClientScopes[]
Type: string
missing
spec.definition.defaultRoles[]
Type: string
missing
spec.definition.description
Type: string
missing
spec.definition.directAccessGrantsEnabled
Type: boolean
missing
spec.definition.directGrantsOnly
Type: boolean
missing
spec.definition.enabled
Type: boolean
missing
spec.definition.frontchannelLogout
Type: boolean
missing
spec.definition.fullScopeAllowed
Type: boolean
missing
spec.definition.id
Type: string
| Validation Rule | Error Message |
|---|---|
| self == oldSelf | Value is immutable |
missing
spec.definition.implicitFlowEnabled
Type: boolean
missing
spec.definition.name
Type: string
missing
spec.definition.nodeReRegistrationTimeout
Type: integer
missing
spec.definition.notBefore
Type: integer
missing
spec.definition.optionalClientScopes[]
Type: string
missing
spec.definition.origin
Type: string
missing
spec.definition.protocol
Type: string
missing
spec.definition.protocolMappers[]
Type: object
| Property | Type | Required |
|---|---|---|
| config | object | |
| consentRequired | boolean | |
| consentText | string | |
| id | string | |
| name | string | |
| protocol | string | |
| protocolMapper | string |
missing
spec.definition.protocolMappers[].config
Type: object
missing
spec.definition.protocolMappers[].consentRequired
Type: boolean
missing
spec.definition.protocolMappers[].consentText
Type: string
missing
spec.definition.protocolMappers[].id
Type: string
missing
spec.definition.protocolMappers[].name
Type: string
missing
spec.definition.protocolMappers[].protocol
Type: string
missing
spec.definition.protocolMappers[].protocolMapper
Type: string
missing
spec.definition.publicClient
Type: boolean
missing
spec.definition.redirectUris[]
Type: string
missing
spec.definition.registeredNodes
Type: object
missing
spec.definition.registrationAccessToken
Type: string
missing
spec.definition.rootUrl
Type: string
missing
spec.definition.secret
Type: string
missing
spec.definition.serviceAccountsEnabled
Type: boolean
missing
spec.definition.standardFlowEnabled
Type: boolean
missing
spec.definition.surrogateAuthRequired
Type: boolean
missing
spec.definition.type
Type: string
missing
spec.definition.useTemplateConfig
Type: boolean
missing
spec.definition.useTemplateMappers
Type: boolean
missing
spec.definition.useTemplateScope
Type: boolean
missing
spec.definition.webOrigins[]
Type: string
missing
spec.options
Type: object
Options for the request to the Keycloak Admin API.
spec.patchFrom
Type: object
Defines additional values that can be loaded from secrets or configmaps. Field selectors are not supported. For more informations see the patches documentation.
spec.realmRef
Type: string
the name of the kubernetes object that created the realm.
status
Type: object
| Property | Type | Required |
|---|---|---|
| conditions[] | object | |
| message | string | |
| ready | boolean | ✅ |
| resourcePath | string | |
| status | string |
missing
status.conditions[]
Type: object
| Property | Type | Required |
|---|---|---|
| lastTransitionTime | string | |
| lastUpdateTime | string | |
| message | string | |
| reason | string | |
| status | string | ✅ |
| type | string | ✅ |
missing
status.conditions[].lastTransitionTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].lastUpdateTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].message
Type: string
missing
status.conditions[].reason
Type: string
missing
status.conditions[].status
Type: string
missing
status.conditions[].type
Type: string
missing
status.message
Type: string
missing
status.ready
Type: boolean
missing
status.resourcePath
Type: string
missing
status.status
Type: string
missing
KeycloakClientScope
v1
resource to define a Scope within a KeycloakClient
spec
Type: object
| Property | Type | Required |
|---|---|---|
| definition | object | ✅ |
| isTemplate | boolean | |
| options | object | |
| patchFrom | object | |
| realmRef | string | ✅ |
the KeycloakClientScope resource
spec.definition
Type: object
| Property | Type | Required |
|---|---|---|
| attributes | object | |
| description | string | |
| id | string | |
| name | string | |
| protocol | string | |
| protocolMappers[] | object |
| Validation Rule | Error Message |
|---|---|
| has(self.id) == has(oldSelf.id) | Value is immutable |
missing
spec.definition.attributes
Type: object
missing
spec.definition.description
Type: string
missing
spec.definition.id
Type: string
| Validation Rule | Error Message |
|---|---|
| self == oldSelf | Value is immutable |
missing
spec.definition.name
Type: string
missing
spec.definition.protocol
Type: string
missing
spec.definition.protocolMappers[]
Type: object
| Property | Type | Required |
|---|---|---|
| config | object | |
| consentRequired | boolean | |
| consentText | string | |
| id | string | |
| name | string | |
| protocol | string | |
| protocolMapper | string |
missing
spec.definition.protocolMappers[].config
Type: object
missing
spec.definition.protocolMappers[].consentRequired
Type: boolean
missing
spec.definition.protocolMappers[].consentText
Type: string
missing
spec.definition.protocolMappers[].id
Type: string
missing
spec.definition.protocolMappers[].name
Type: string
missing
spec.definition.protocolMappers[].protocol
Type: string
missing
spec.definition.protocolMappers[].protocolMapper
Type: string
missing
spec.isTemplate
Type: boolean
missing
spec.options
Type: object
Options for the request to the Keycloak Admin API.
spec.patchFrom
Type: object
Defines additional values that can be loaded from secrets or configmaps. Field selectors are not supported. For more informations see the patches documentation.
spec.realmRef
Type: string
the name of the kubernetes object that created the realm.
status
Type: object
| Property | Type | Required |
|---|---|---|
| conditions[] | object | |
| message | string | |
| ready | boolean | ✅ |
| resourcePath | string | |
| status | string |
missing
status.conditions[]
Type: object
| Property | Type | Required |
|---|---|---|
| lastTransitionTime | string | |
| lastUpdateTime | string | |
| message | string | |
| reason | string | |
| status | string | ✅ |
| type | string | ✅ |
missing
status.conditions[].lastTransitionTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].lastUpdateTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].message
Type: string
missing
status.conditions[].reason
Type: string
missing
status.conditions[].status
Type: string
missing
status.conditions[].type
Type: string
missing
status.message
Type: string
missing
status.ready
Type: boolean
missing
status.resourcePath
Type: string
missing
status.status
Type: string
missing
KeycloakComponent
v1
resource to define a Component within a KeycloakRealm
| Property | Type | Required |
|---|---|---|
| spec | object | ✅ |
| spec.definition | object | ✅ |
| spec.definition.config | object | |
| spec.definition.id | string | |
| spec.definition.name | string | |
| spec.definition.parentId | string | |
| spec.definition.providerId | string | |
| spec.definition.providerType | string | |
| spec.definition.subType | string | |
| spec.options | object | |
| spec.patchFrom | object | |
| spec.realmRef | string | ✅ |
| status | object | |
| status.conditions[] | object | |
| status.conditions[].lastTransitionTime | string | |
| status.conditions[].lastUpdateTime | string | |
| status.conditions[].message | string | |
| status.conditions[].reason | string | |
| status.conditions[].status | string | ✅ |
| status.conditions[].type | string | ✅ |
| status.message | string | |
| status.ready | boolean | ✅ |
| status.resourcePath | string | |
| status.status | string |
spec
Type: object
| Property | Type | Required |
|---|---|---|
| definition | object | ✅ |
| options | object | |
| patchFrom | object | |
| realmRef | string | ✅ |
the KeycloakComponent resource
spec.definition
Type: object
| Property | Type | Required |
|---|---|---|
| config | object | |
| id | string | |
| name | string | |
| parentId | string | |
| providerId | string | |
| providerType | string | |
| subType | string |
| Validation Rule | Error Message |
|---|---|
| has(self.id) == has(oldSelf.id) | Value is immutable |
missing
spec.definition.config
Type: object
missing
spec.definition.id
Type: string
| Validation Rule | Error Message |
|---|---|
| self == oldSelf | Value is immutable |
missing
spec.definition.name
Type: string
missing
spec.definition.parentId
Type: string
missing
spec.definition.providerId
Type: string
missing
spec.definition.providerType
Type: string
missing
spec.definition.subType
Type: string
missing
spec.options
Type: object
Options for the request to the Keycloak Admin API.
spec.patchFrom
Type: object
Defines additional values that can be loaded from secrets or configmaps. Field selectors are not supported. For more informations see the patches documentation.
spec.realmRef
Type: string
the name of the kubernetes object that created the realm.
status
Type: object
| Property | Type | Required |
|---|---|---|
| conditions[] | object | |
| message | string | |
| ready | boolean | ✅ |
| resourcePath | string | |
| status | string |
missing
status.conditions[]
Type: object
| Property | Type | Required |
|---|---|---|
| lastTransitionTime | string | |
| lastUpdateTime | string | |
| message | string | |
| reason | string | |
| status | string | ✅ |
| type | string | ✅ |
missing
status.conditions[].lastTransitionTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].lastUpdateTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].message
Type: string
missing
status.conditions[].reason
Type: string
missing
status.conditions[].status
Type: string
missing
status.conditions[].type
Type: string
missing
status.message
Type: string
missing
status.ready
Type: boolean
missing
status.resourcePath
Type: string
missing
status.status
Type: string
missing
KeycloakGroup
v1
resource to define a Group within a KeycloakRealm
| Property | Type | Required |
|---|---|---|
| spec | object | ✅ |
| spec.definition | object | ✅ |
| spec.definition.access | object | |
| spec.definition.attributes | object | |
| spec.definition.clientRoles | object | |
| spec.definition.id | string | |
| spec.definition.name | string | |
| spec.definition.parentId | string | |
| spec.definition.path | string | |
| spec.definition.realmRoles[] | string | |
| spec.definition.subGroupCount | integer | |
| spec.options | object | |
| spec.patchFrom | object | |
| spec.realmRef | string | ✅ |
| status | object | |
| status.conditions[] | object | |
| status.conditions[].lastTransitionTime | string | |
| status.conditions[].lastUpdateTime | string | |
| status.conditions[].message | string | |
| status.conditions[].reason | string | |
| status.conditions[].status | string | ✅ |
| status.conditions[].type | string | ✅ |
| status.message | string | |
| status.ready | boolean | ✅ |
| status.resourcePath | string | |
| status.status | string |
spec
Type: object
| Property | Type | Required |
|---|---|---|
| definition | object | ✅ |
| options | object | |
| patchFrom | object | |
| realmRef | string | ✅ |
the KeycloakGroup resource
spec.definition
Type: object
| Property | Type | Required |
|---|---|---|
| access | object | |
| attributes | object | |
| clientRoles | object | |
| id | string | |
| name | string | |
| parentId | string | |
| path | string | |
| realmRoles[] | string | |
| subGroupCount | integer |
| Validation Rule | Error Message |
|---|---|
| has(self.id) == has(oldSelf.id) | Value is immutable |
missing
spec.definition.access
Type: object
missing
spec.definition.attributes
Type: object
missing
spec.definition.clientRoles
Type: object
missing
spec.definition.id
Type: string
| Validation Rule | Error Message |
|---|---|
| self == oldSelf | Value is immutable |
missing
spec.definition.name
Type: string
missing
spec.definition.parentId
Type: string
missing
spec.definition.path
Type: string
missing
spec.definition.realmRoles[]
Type: string
missing
spec.definition.subGroupCount
Type: integer
missing
spec.options
Type: object
Options for the request to the Keycloak Admin API.
spec.patchFrom
Type: object
Defines additional values that can be loaded from secrets or configmaps. Field selectors are not supported. For more informations see the patches documentation.
spec.realmRef
Type: string
the name of the kubernetes object that created the realm.
status
Type: object
| Property | Type | Required |
|---|---|---|
| conditions[] | object | |
| message | string | |
| ready | boolean | ✅ |
| resourcePath | string | |
| status | string |
missing
status.conditions[]
Type: object
| Property | Type | Required |
|---|---|---|
| lastTransitionTime | string | |
| lastUpdateTime | string | |
| message | string | |
| reason | string | |
| status | string | ✅ |
| type | string | ✅ |
missing
status.conditions[].lastTransitionTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].lastUpdateTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].message
Type: string
missing
status.conditions[].reason
Type: string
missing
status.conditions[].status
Type: string
missing
status.conditions[].type
Type: string
missing
status.message
Type: string
missing
status.ready
Type: boolean
missing
status.resourcePath
Type: string
missing
status.status
Type: string
missing
KeycloakIdentityProvider
v1
resource to define a identity provider in a KeyclaokRealm
spec
Type: object
| Property | Type | Required |
|---|---|---|
| definition | object | ✅ |
| options | object | |
| patchFrom | object | |
| realmRef | string | ✅ |
the KeycloakIdentityProvider resource
spec.definition
Type: object
| Property | Type | Required |
|---|---|---|
| addReadTokenRoleOnCreate | boolean | |
| alias | string | |
| authenticateByDefault | boolean | |
| config | object | |
| displayName | string | |
| enabled | boolean | |
| firstBrokerLoginFlowAlias | string | |
| hideOnLogin | boolean | |
| internalId | string | |
| linkOnly | boolean | |
| organizationId | string | |
| postBrokerLoginFlowAlias | string | |
| providerId | string | |
| storeToken | boolean | |
| trustEmail | boolean | |
| updateProfileFirstLogin | boolean | |
| updateProfileFirstLoginMode | string |
| Validation Rule | Error Message |
|---|---|
| has(self.alias) == has(oldSelf.alias) | Value is immutable |
missing
spec.definition.addReadTokenRoleOnCreate
Type: boolean
missing
spec.definition.alias
Type: string
| Validation Rule | Error Message |
|---|---|
| self == oldSelf | Value is immutable |
missing
spec.definition.authenticateByDefault
Type: boolean
missing
spec.definition.config
Type: object
missing
spec.definition.displayName
Type: string
missing
spec.definition.enabled
Type: boolean
missing
spec.definition.firstBrokerLoginFlowAlias
Type: string
missing
spec.definition.hideOnLogin
Type: boolean
missing
spec.definition.internalId
Type: string
missing
spec.definition.linkOnly
Type: boolean
missing
spec.definition.organizationId
Type: string
missing
spec.definition.postBrokerLoginFlowAlias
Type: string
missing
spec.definition.providerId
Type: string
missing
spec.definition.storeToken
Type: boolean
missing
spec.definition.trustEmail
Type: boolean
missing
spec.definition.updateProfileFirstLogin
Type: boolean
missing
spec.definition.updateProfileFirstLoginMode
Type: string
missing
spec.options
Type: object
Options for the request to the Keycloak Admin API.
spec.patchFrom
Type: object
Defines additional values that can be loaded from secrets or configmaps. Field selectors are not supported. For more informations see the patches documentation.
spec.realmRef
Type: string
the name of the kubernetes object that created the realm.
status
Type: object
| Property | Type | Required |
|---|---|---|
| conditions[] | object | |
| message | string | |
| ready | boolean | ✅ |
| resourcePath | string | |
| status | string |
missing
status.conditions[]
Type: object
| Property | Type | Required |
|---|---|---|
| lastTransitionTime | string | |
| lastUpdateTime | string | |
| message | string | |
| reason | string | |
| status | string | ✅ |
| type | string | ✅ |
missing
status.conditions[].lastTransitionTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].lastUpdateTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].message
Type: string
missing
status.conditions[].reason
Type: string
missing
status.conditions[].status
Type: string
missing
status.conditions[].type
Type: string
missing
status.message
Type: string
missing
status.ready
Type: boolean
missing
status.resourcePath
Type: string
missing
status.status
Type: string
missing
KeycloakIdentityProviderMapper
v1
resource to define a identity provider mapper within a KeyclaokIdentityProvider
| Property | Type | Required |
|---|---|---|
| spec | object | ✅ |
| spec.definition | object | ✅ |
| spec.definition.config | object | |
| spec.definition.id | string | |
| spec.definition.identityProviderAlias | string | |
| spec.definition.identityProviderMapper | string | |
| spec.definition.name | string | |
| spec.identityProviderRef | string | ✅ |
| spec.options | object | |
| spec.patchFrom | object | |
| status | object | |
| status.conditions[] | object | |
| status.conditions[].lastTransitionTime | string | |
| status.conditions[].lastUpdateTime | string | |
| status.conditions[].message | string | |
| status.conditions[].reason | string | |
| status.conditions[].status | string | ✅ |
| status.conditions[].type | string | ✅ |
| status.message | string | |
| status.ready | boolean | ✅ |
| status.resourcePath | string | |
| status.status | string |
spec
Type: object
| Property | Type | Required |
|---|---|---|
| definition | object | ✅ |
| identityProviderRef | string | ✅ |
| options | object | |
| patchFrom | object |
the KeycloakIdentityProviderMapper resource
spec.definition
Type: object
| Property | Type | Required |
|---|---|---|
| config | object | |
| id | string | |
| identityProviderAlias | string | |
| identityProviderMapper | string | |
| name | string |
| Validation Rule | Error Message |
|---|---|
| has(self.id) == has(oldSelf.id) | Value is immutable |
missing
spec.definition.config
Type: object
missing
spec.definition.id
Type: string
| Validation Rule | Error Message |
|---|---|
| self == oldSelf | Value is immutable |
missing
spec.definition.identityProviderAlias
Type: string
missing
spec.definition.identityProviderMapper
Type: string
missing
spec.definition.name
Type: string
missing
spec.identityProviderRef
Type: string
the name of the kubernetes object that created the identity provider.
spec.options
Type: object
Options for the request to the Keycloak Admin API.
spec.patchFrom
Type: object
Defines additional values that can be loaded from secrets or configmaps. Field selectors are not supported. For more informations see the patches documentation.
status
Type: object
| Property | Type | Required |
|---|---|---|
| conditions[] | object | |
| message | string | |
| ready | boolean | ✅ |
| resourcePath | string | |
| status | string |
missing
status.conditions[]
Type: object
| Property | Type | Required |
|---|---|---|
| lastTransitionTime | string | |
| lastUpdateTime | string | |
| message | string | |
| reason | string | |
| status | string | ✅ |
| type | string | ✅ |
missing
status.conditions[].lastTransitionTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].lastUpdateTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].message
Type: string
missing
status.conditions[].reason
Type: string
missing
status.conditions[].status
Type: string
missing
status.conditions[].type
Type: string
missing
status.message
Type: string
missing
status.ready
Type: boolean
missing
status.resourcePath
Type: string
missing
status.status
Type: string
missing
KeycloakOrganization
v1
resource to define an Organisation within a KeyclaokRealm
spec
Type: object
| Property | Type | Required |
|---|---|---|
| definition | object | ✅ |
| options | object | |
| patchFrom | object | |
| realmRef | string | ✅ |
the KeycloakOrganization resource
spec.definition
Type: object
| Property | Type | Required |
|---|---|---|
| alias | string | |
| attributes | object | |
| description | string | |
| domains[] | object | |
| enabled | boolean | |
| id | string | |
| identityProviders[] | object | |
| members[] | object | |
| name | string | |
| redirectUrl | string |
| Validation Rule | Error Message |
|---|---|
| has(self.id) == has(oldSelf.id) | Value is immutable |
missing
spec.definition.alias
Type: string
missing
spec.definition.attributes
Type: object
missing
spec.definition.description
Type: string
missing
spec.definition.domains[]
Type: object
missing
spec.definition.domains[].name
Type: string
missing
spec.definition.domains[].verified
Type: boolean
missing
spec.definition.enabled
Type: boolean
missing
spec.definition.id
Type: string
| Validation Rule | Error Message |
|---|---|
| self == oldSelf | Value is immutable |
missing
spec.definition.identityProviders[]
Type: object
| Property | Type | Required |
|---|---|---|
| addReadTokenRoleOnCreate | boolean | |
| alias | string | |
| authenticateByDefault | boolean | |
| config | object | |
| displayName | string | |
| enabled | boolean | |
| firstBrokerLoginFlowAlias | string | |
| hideOnLogin | boolean | |
| internalId | string | |
| linkOnly | boolean | |
| organizationId | string | |
| postBrokerLoginFlowAlias | string | |
| providerId | string | |
| storeToken | boolean | |
| trustEmail | boolean | |
| updateProfileFirstLogin | boolean | |
| updateProfileFirstLoginMode | string |
missing
spec.definition.identityProviders[].addReadTokenRoleOnCreate
Type: boolean
missing
spec.definition.identityProviders[].alias
Type: string
missing
spec.definition.identityProviders[].authenticateByDefault
Type: boolean
missing
spec.definition.identityProviders[].config
Type: object
missing
spec.definition.identityProviders[].displayName
Type: string
missing
spec.definition.identityProviders[].enabled
Type: boolean
missing
spec.definition.identityProviders[].firstBrokerLoginFlowAlias
Type: string
missing
spec.definition.identityProviders[].hideOnLogin
Type: boolean
missing
spec.definition.identityProviders[].internalId
Type: string
missing
spec.definition.identityProviders[].linkOnly
Type: boolean
missing
spec.definition.identityProviders[].organizationId
Type: string
missing
spec.definition.identityProviders[].postBrokerLoginFlowAlias
Type: string
missing
spec.definition.identityProviders[].providerId
Type: string
missing
spec.definition.identityProviders[].storeToken
Type: boolean
missing
spec.definition.identityProviders[].trustEmail
Type: boolean
missing
spec.definition.identityProviders[].updateProfileFirstLogin
Type: boolean
missing
spec.definition.identityProviders[].updateProfileFirstLoginMode
Type: string
missing
spec.definition.members[]
Type: object
| Property | Type | Required |
|---|---|---|
| access | object | |
| applicationRoles | object | |
| attributes | object | |
| clientConsents[] | object | |
| clientRoles | object | |
| createdTimestamp | integer | |
| credentials[] | object | |
| disableableCredentialTypes[] | string | |
| string | ||
| emailVerified | boolean | |
| enabled | boolean | |
| federatedIdentities[] | object | |
| federationLink | string | |
| firstName | string | |
| groups[] | string | |
| id | string | |
| lastName | string | |
| membershipType | string | |
| notBefore | integer | |
| origin | string | |
| realmRoles[] | string | |
| requiredActions[] | string | |
| self | string | |
| serviceAccountClientId | string | |
| socialLinks[] | object | |
| totp | boolean | |
| userProfileMetadata | object | |
| username | string |
missing
spec.definition.members[].access
Type: object
missing
spec.definition.members[].applicationRoles
Type: object
missing
spec.definition.members[].attributes
Type: object
missing
spec.definition.members[].clientConsents[]
Type: object
| Property | Type | Required |
|---|---|---|
| clientId | string | |
| createdDate | integer | |
| grantedClientScopes[] | string | |
| grantedRealmRoles[] | string | |
| lastUpdatedDate | integer |
missing
spec.definition.members[].clientConsents[].clientId
Type: string
missing
spec.definition.members[].clientConsents[].createdDate
Type: integer
missing
spec.definition.members[].clientConsents[].grantedClientScopes[]
Type: string
missing
spec.definition.members[].clientConsents[].grantedRealmRoles[]
Type: string
missing
spec.definition.members[].clientConsents[].lastUpdatedDate
Type: integer
missing
spec.definition.members[].clientRoles
Type: object
missing
spec.definition.members[].createdTimestamp
Type: integer
missing
spec.definition.members[].credentials[]
Type: object
| Property | Type | Required |
|---|---|---|
| algorithm | string | |
| config | object | |
| counter | integer | |
| createdDate | integer | |
| credentialData | string | |
| device | string | |
| digits | integer | |
| hashIterations | integer | |
| hashedSaltedValue | string | |
| id | string | |
| period | integer | |
| priority | integer | |
| salt | string | |
| secretData | string | |
| temporary | boolean | |
| type | string | |
| userLabel | string | |
| value | string |
missing
spec.definition.members[].credentials[].algorithm
Type: string
missing
spec.definition.members[].credentials[].config
Type: object
missing
spec.definition.members[].credentials[].counter
Type: integer
missing
spec.definition.members[].credentials[].createdDate
Type: integer
missing
spec.definition.members[].credentials[].credentialData
Type: string
missing
spec.definition.members[].credentials[].device
Type: string
missing
spec.definition.members[].credentials[].digits
Type: integer
missing
spec.definition.members[].credentials[].hashIterations
Type: integer
missing
spec.definition.members[].credentials[].hashedSaltedValue
Type: string
missing
spec.definition.members[].credentials[].id
Type: string
missing
spec.definition.members[].credentials[].period
Type: integer
missing
spec.definition.members[].credentials[].priority
Type: integer
missing
spec.definition.members[].credentials[].salt
Type: string
missing
spec.definition.members[].credentials[].secretData
Type: string
missing
spec.definition.members[].credentials[].temporary
Type: boolean
missing
spec.definition.members[].credentials[].type
Type: string
missing
spec.definition.members[].credentials[].userLabel
Type: string
missing
spec.definition.members[].credentials[].value
Type: string
missing
spec.definition.members[].disableableCredentialTypes[]
Type: string
missing
spec.definition.members[].email
Type: string
missing
spec.definition.members[].emailVerified
Type: boolean
missing
spec.definition.members[].enabled
Type: boolean
missing
spec.definition.members[].federatedIdentities[]
Type: object
| Property | Type | Required |
|---|---|---|
| identityProvider | string | |
| userId | string | |
| userName | string |
missing
spec.definition.members[].federatedIdentities[].identityProvider
Type: string
missing
spec.definition.members[].federatedIdentities[].userId
Type: string
missing
spec.definition.members[].federatedIdentities[].userName
Type: string
missing
spec.definition.members[].federationLink
Type: string
missing
spec.definition.members[].firstName
Type: string
missing
spec.definition.members[].groups[]
Type: string
missing
spec.definition.members[].id
Type: string
missing
spec.definition.members[].lastName
Type: string
missing
spec.definition.members[].membershipType
Type: string
missing
spec.definition.members[].notBefore
Type: integer
missing
spec.definition.members[].origin
Type: string
missing
spec.definition.members[].realmRoles[]
Type: string
missing
spec.definition.members[].requiredActions[]
Type: string
missing
spec.definition.members[].self
Type: string
missing
spec.definition.members[].serviceAccountClientId
Type: string
missing
spec.definition.members[].socialLinks[]
Type: object
| Property | Type | Required |
|---|---|---|
| socialProvider | string | |
| socialUserId | string | |
| socialUsername | string |
missing
spec.definition.members[].socialLinks[].socialProvider
Type: string
missing
spec.definition.members[].socialLinks[].socialUserId
Type: string
missing
spec.definition.members[].socialLinks[].socialUsername
Type: string
missing
spec.definition.members[].totp
Type: boolean
missing
spec.definition.members[].userProfileMetadata
Type: object
| Property | Type | Required |
|---|---|---|
| attributes[] | object | |
| groups[] | object |
missing
spec.definition.members[].userProfileMetadata.attributes[]
Type: object
| Property | Type | Required |
|---|---|---|
| annotations | object | |
| displayName | string | |
| group | string | |
| multivalued | boolean | |
| name | string | |
| readOnly | boolean | |
| required | boolean | |
| validators | object |
missing
spec.definition.members[].userProfileMetadata.attributes[].annotations
Type: object
missing
spec.definition.members[].userProfileMetadata.attributes[].displayName
Type: string
missing
spec.definition.members[].userProfileMetadata.attributes[].group
Type: string
missing
spec.definition.members[].userProfileMetadata.attributes[].multivalued
Type: boolean
missing
spec.definition.members[].userProfileMetadata.attributes[].name
Type: string
missing
spec.definition.members[].userProfileMetadata.attributes[].readOnly
Type: boolean
missing
spec.definition.members[].userProfileMetadata.attributes[].required
Type: boolean
missing
spec.definition.members[].userProfileMetadata.attributes[].validators
Type: object
missing
spec.definition.members[].userProfileMetadata.groups[]
Type: object
| Property | Type | Required |
|---|---|---|
| annotations | object | |
| displayDescription | string | |
| displayHeader | string | |
| name | string |
missing
spec.definition.members[].userProfileMetadata.groups[].annotations
Type: object
missing
spec.definition.members[].userProfileMetadata.groups[].displayDescription
Type: string
missing
spec.definition.members[].userProfileMetadata.groups[].displayHeader
Type: string
missing
spec.definition.members[].userProfileMetadata.groups[].name
Type: string
missing
spec.definition.members[].username
Type: string
missing
spec.definition.name
Type: string
missing
spec.definition.redirectUrl
Type: string
missing
spec.options
Type: object
Options for the request to the Keycloak Admin API.
spec.patchFrom
Type: object
Defines additional values that can be loaded from secrets or configmaps. Field selectors are not supported. For more informations see the patches documentation.
spec.realmRef
Type: string
the name of the kubernetes object that created the realm.
status
Type: object
| Property | Type | Required |
|---|---|---|
| conditions[] | object | |
| message | string | |
| ready | boolean | ✅ |
| resourcePath | string | |
| status | string |
missing
status.conditions[]
Type: object
| Property | Type | Required |
|---|---|---|
| lastTransitionTime | string | |
| lastUpdateTime | string | |
| message | string | |
| reason | string | |
| status | string | ✅ |
| type | string | ✅ |
missing
status.conditions[].lastTransitionTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].lastUpdateTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].message
Type: string
missing
status.conditions[].reason
Type: string
missing
status.conditions[].status
Type: string
missing
status.conditions[].type
Type: string
missing
status.message
Type: string
missing
status.ready
Type: boolean
missing
status.resourcePath
Type: string
missing
status.status
Type: string
missing
KeycloakProtocolMapper
v1
resource to define a Protocol Mapper within either a KeycloakClient or a KeycloakClientScope
| Property | Type | Required |
|---|---|---|
| spec | object | ✅ |
| spec.clientRef | string | |
| spec.clientScopeRef | string | |
| spec.definition | object | ✅ |
| spec.definition.config | object | |
| spec.definition.consentRequired | boolean | |
| spec.definition.consentText | string | |
| spec.definition.id | string | |
| spec.definition.name | string | |
| spec.definition.protocol | string | |
| spec.definition.protocolMapper | string | |
| spec.options | object | |
| spec.patchFrom | object | |
| status | object | |
| status.conditions[] | object | |
| status.conditions[].lastTransitionTime | string | |
| status.conditions[].lastUpdateTime | string | |
| status.conditions[].message | string | |
| status.conditions[].reason | string | |
| status.conditions[].status | string | ✅ |
| status.conditions[].type | string | ✅ |
| status.message | string | |
| status.ready | boolean | ✅ |
| status.resourcePath | string | |
| status.status | string |
spec
Type: object
| Property | Type | Required |
|---|---|---|
| clientRef | string | |
| clientScopeRef | string | |
| definition | object | ✅ |
| options | object | |
| patchFrom | object |
the KeycloakProtocolMapper resource
spec.clientRef
Type: string
missing
spec.clientScopeRef
Type: string
missing
spec.definition
Type: object
| Property | Type | Required |
|---|---|---|
| config | object | |
| consentRequired | boolean | |
| consentText | string | |
| id | string | |
| name | string | |
| protocol | string | |
| protocolMapper | string |
| Validation Rule | Error Message |
|---|---|
| has(self.id) == has(oldSelf.id) | Value is immutable |
missing
spec.definition.config
Type: object
missing
spec.definition.consentRequired
Type: boolean
missing
spec.definition.consentText
Type: string
missing
spec.definition.id
Type: string
| Validation Rule | Error Message |
|---|---|
| self == oldSelf | Value is immutable |
missing
spec.definition.name
Type: string
missing
spec.definition.protocol
Type: string
missing
spec.definition.protocolMapper
Type: string
missing
spec.options
Type: object
Options for the request to the Keycloak Admin API.
spec.patchFrom
Type: object
Defines additional values that can be loaded from secrets or configmaps. Field selectors are not supported. For more informations see the patches documentation.
status
Type: object
| Property | Type | Required |
|---|---|---|
| conditions[] | object | |
| message | string | |
| ready | boolean | ✅ |
| resourcePath | string | |
| status | string |
missing
status.conditions[]
Type: object
| Property | Type | Required |
|---|---|---|
| lastTransitionTime | string | |
| lastUpdateTime | string | |
| message | string | |
| reason | string | |
| status | string | ✅ |
| type | string | ✅ |
missing
status.conditions[].lastTransitionTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].lastUpdateTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].message
Type: string
missing
status.conditions[].reason
Type: string
missing
status.conditions[].status
Type: string
missing
status.conditions[].type
Type: string
missing
status.message
Type: string
missing
status.ready
Type: boolean
missing
status.resourcePath
Type: string
missing
status.status
Type: string
missing
KeycloakRealm
v1
resource to define an Realm within a KeyclaokInstance
spec
Type: object
| Property | Type | Required |
|---|---|---|
| definition | object | ✅ |
| instanceRef | string | ✅ |
| options | object | |
| patchFrom | object |
the KeycloakRealm resource
spec.definition
Type: object
| Validation Rule | Error Message |
|---|---|
| has(self.realm) == has(oldSelf.realm) | Value is immutable |
missing
spec.definition.accessCodeLifespan
Type: integer
missing
spec.definition.accessCodeLifespanLogin
Type: integer
missing
spec.definition.accessCodeLifespanUserAction
Type: integer
missing
spec.definition.accessTokenLifespan
Type: integer
missing
spec.definition.accessTokenLifespanForImplicitFlow
Type: integer
missing
spec.definition.accountTheme
Type: string
missing
spec.definition.actionTokenGeneratedByAdminLifespan
Type: integer
missing
spec.definition.actionTokenGeneratedByUserLifespan
Type: integer
missing
spec.definition.adminEventsDetailsEnabled
Type: boolean
missing
spec.definition.adminEventsEnabled
Type: boolean
missing
spec.definition.adminTheme
Type: string
missing
spec.definition.applicationScopeMappings
Type: object
missing
spec.definition.attributes
Type: object
missing
spec.definition.authenticationFlows[]
Type: object
| Property | Type | Required |
|---|---|---|
| alias | string | |
| authenticationExecutions[] | object | |
| builtIn | boolean | |
| description | string | |
| id | string | |
| providerId | string | |
| topLevel | boolean |
missing
spec.definition.authenticationFlows[].alias
Type: string
missing
spec.definition.authenticationFlows[].authenticationExecutions[]
Type: object
| Property | Type | Required |
|---|---|---|
| authenticator | string | |
| authenticatorConfig | string | |
| authenticatorFlow | boolean | |
| autheticatorFlow | boolean | |
| flowAlias | string | |
| priority | integer | |
| requirement | string | |
| userSetupAllowed | boolean |
missing
spec.definition.authenticationFlows[].authenticationExecutions[].authenticator
Type: string
missing
spec.definition.authenticationFlows[].authenticationExecutions[].authenticatorConfig
Type: string
missing
spec.definition.authenticationFlows[].authenticationExecutions[].authenticatorFlow
Type: boolean
missing
spec.definition.authenticationFlows[].authenticationExecutions[].autheticatorFlow
Type: boolean
missing
spec.definition.authenticationFlows[].authenticationExecutions[].flowAlias
Type: string
missing
spec.definition.authenticationFlows[].authenticationExecutions[].priority
Type: integer
missing
spec.definition.authenticationFlows[].authenticationExecutions[].requirement
Type: string
missing
spec.definition.authenticationFlows[].authenticationExecutions[].userSetupAllowed
Type: boolean
missing
spec.definition.authenticationFlows[].builtIn
Type: boolean
missing
spec.definition.authenticationFlows[].description
Type: string
missing
spec.definition.authenticationFlows[].id
Type: string
missing
spec.definition.authenticationFlows[].providerId
Type: string
missing
spec.definition.authenticationFlows[].topLevel
Type: boolean
missing
spec.definition.authenticatorConfig[]
Type: object
missing
spec.definition.authenticatorConfig[].alias
Type: string
missing
spec.definition.authenticatorConfig[].config
Type: object
missing
spec.definition.authenticatorConfig[].id
Type: string
missing
spec.definition.browserFlow
Type: string
missing
spec.definition.browserSecurityHeaders
Type: object
missing
spec.definition.bruteForceProtected
Type: boolean
missing
spec.definition.certificate
Type: string
missing
spec.definition.clientAuthenticationFlow
Type: string
missing
spec.definition.clientOfflineSessionIdleTimeout
Type: integer
missing
spec.definition.clientOfflineSessionMaxLifespan
Type: integer
missing
spec.definition.clientPolicies
Type: object
| Property | Type | Required |
|---|---|---|
| globalPolicies[] | object | |
| policies[] | object |
missing
spec.definition.clientPolicies.globalPolicies[]
Type: object
| Property | Type | Required |
|---|---|---|
| conditions[] | object | |
| description | string | |
| enabled | boolean | |
| name | string | |
| profiles[] | string |
missing
spec.definition.clientPolicies.globalPolicies[].conditions[]
Type: object
| Property | Type | Required |
|---|---|---|
| condition | string | |
| configuration | object |
missing
spec.definition.clientPolicies.globalPolicies[].conditions[].condition
Type: string
missing
spec.definition.clientPolicies.globalPolicies[].conditions[].configuration
Type: object
missing
spec.definition.clientPolicies.globalPolicies[].description
Type: string
missing
spec.definition.clientPolicies.globalPolicies[].enabled
Type: boolean
missing
spec.definition.clientPolicies.globalPolicies[].name
Type: string
missing
spec.definition.clientPolicies.globalPolicies[].profiles[]
Type: string
missing
spec.definition.clientPolicies.policies[]
Type: object
| Property | Type | Required |
|---|---|---|
| conditions[] | object | |
| description | string | |
| enabled | boolean | |
| name | string | |
| profiles[] | string |
missing
spec.definition.clientPolicies.policies[].conditions[]
Type: object
| Property | Type | Required |
|---|---|---|
| condition | string | |
| configuration | object |
missing
spec.definition.clientPolicies.policies[].conditions[].condition
Type: string
missing
spec.definition.clientPolicies.policies[].conditions[].configuration
Type: object
missing
spec.definition.clientPolicies.policies[].description
Type: string
missing
spec.definition.clientPolicies.policies[].enabled
Type: boolean
missing
spec.definition.clientPolicies.policies[].name
Type: string
missing
spec.definition.clientPolicies.policies[].profiles[]
Type: string
missing
spec.definition.clientProfiles
Type: object
| Property | Type | Required |
|---|---|---|
| globalProfiles[] | object | |
| profiles[] | object |
missing
spec.definition.clientProfiles.globalProfiles[]
Type: object
| Property | Type | Required |
|---|---|---|
| description | string | |
| executors[] | object | |
| name | string |
missing
spec.definition.clientProfiles.globalProfiles[].description
Type: string
missing
spec.definition.clientProfiles.globalProfiles[].executors[]
Type: object
| Property | Type | Required |
|---|---|---|
| configuration | object | |
| executor | string |
missing
spec.definition.clientProfiles.globalProfiles[].executors[].configuration
Type: object
missing
spec.definition.clientProfiles.globalProfiles[].executors[].executor
Type: string
missing
spec.definition.clientProfiles.globalProfiles[].name
Type: string
missing
spec.definition.clientProfiles.profiles[]
Type: object
| Property | Type | Required |
|---|---|---|
| description | string | |
| executors[] | object | |
| name | string |
missing
spec.definition.clientProfiles.profiles[].description
Type: string
missing
spec.definition.clientProfiles.profiles[].executors[]
Type: object
| Property | Type | Required |
|---|---|---|
| configuration | object | |
| executor | string |
missing
spec.definition.clientProfiles.profiles[].executors[].configuration
Type: object
missing
spec.definition.clientProfiles.profiles[].executors[].executor
Type: string
missing
spec.definition.clientProfiles.profiles[].name
Type: string
missing
spec.definition.clientScopeMappings
Type: object
missing
spec.definition.clientScopes[]
Type: object
| Property | Type | Required |
|---|---|---|
| attributes | object | |
| description | string | |
| id | string | |
| name | string | |
| protocol | string | |
| protocolMappers[] | object |
missing
spec.definition.clientScopes[].attributes
Type: object
missing
spec.definition.clientScopes[].description
Type: string
missing
spec.definition.clientScopes[].id
Type: string
missing
spec.definition.clientScopes[].name
Type: string
missing
spec.definition.clientScopes[].protocol
Type: string
missing
spec.definition.clientScopes[].protocolMappers[]
Type: object
| Property | Type | Required |
|---|---|---|
| config | object | |
| consentRequired | boolean | |
| consentText | string | |
| id | string | |
| name | string | |
| protocol | string | |
| protocolMapper | string |
missing
spec.definition.clientScopes[].protocolMappers[].config
Type: object
missing
spec.definition.clientScopes[].protocolMappers[].consentRequired
Type: boolean
missing
spec.definition.clientScopes[].protocolMappers[].consentText
Type: string
missing
spec.definition.clientScopes[].protocolMappers[].id
Type: string
missing
spec.definition.clientScopes[].protocolMappers[].name
Type: string
missing
spec.definition.clientScopes[].protocolMappers[].protocol
Type: string
missing
spec.definition.clientScopes[].protocolMappers[].protocolMapper
Type: string
missing
spec.definition.clientSessionIdleTimeout
Type: integer
missing
spec.definition.clientSessionMaxLifespan
Type: integer
missing
spec.definition.clientTemplates[]
Type: object
| Property | Type | Required |
|---|---|---|
| attributes | object | |
| bearerOnly | boolean | |
| consentRequired | boolean | |
| description | string | |
| directAccessGrantsEnabled | boolean | |
| frontchannelLogout | boolean | |
| fullScopeAllowed | boolean | |
| id | string | |
| implicitFlowEnabled | boolean | |
| name | string | |
| protocol | string | |
| protocolMappers[] | object | |
| publicClient | boolean | |
| serviceAccountsEnabled | boolean | |
| standardFlowEnabled | boolean |
missing
spec.definition.clientTemplates[].attributes
Type: object
missing
spec.definition.clientTemplates[].bearerOnly
Type: boolean
missing
spec.definition.clientTemplates[].consentRequired
Type: boolean
missing
spec.definition.clientTemplates[].description
Type: string
missing
spec.definition.clientTemplates[].directAccessGrantsEnabled
Type: boolean
missing
spec.definition.clientTemplates[].frontchannelLogout
Type: boolean
missing
spec.definition.clientTemplates[].fullScopeAllowed
Type: boolean
missing
spec.definition.clientTemplates[].id
Type: string
missing
spec.definition.clientTemplates[].implicitFlowEnabled
Type: boolean
missing
spec.definition.clientTemplates[].name
Type: string
missing
spec.definition.clientTemplates[].protocol
Type: string
missing
spec.definition.clientTemplates[].protocolMappers[]
Type: object
| Property | Type | Required |
|---|---|---|
| config | object | |
| consentRequired | boolean | |
| consentText | string | |
| id | string | |
| name | string | |
| protocol | string | |
| protocolMapper | string |
missing
spec.definition.clientTemplates[].protocolMappers[].config
Type: object
missing
spec.definition.clientTemplates[].protocolMappers[].consentRequired
Type: boolean
missing
spec.definition.clientTemplates[].protocolMappers[].consentText
Type: string
missing
spec.definition.clientTemplates[].protocolMappers[].id
Type: string
missing
spec.definition.clientTemplates[].protocolMappers[].name
Type: string
missing
spec.definition.clientTemplates[].protocolMappers[].protocol
Type: string
missing
spec.definition.clientTemplates[].protocolMappers[].protocolMapper
Type: string
missing
spec.definition.clientTemplates[].publicClient
Type: boolean
missing
spec.definition.clientTemplates[].serviceAccountsEnabled
Type: boolean
missing
spec.definition.clientTemplates[].standardFlowEnabled
Type: boolean
missing
spec.definition.codeSecret
Type: string
missing
spec.definition.defaultDefaultClientScopes[]
Type: string
missing
spec.definition.defaultGroups[]
Type: string
missing
spec.definition.defaultLocale
Type: string
missing
spec.definition.defaultOptionalClientScopes[]
Type: string
missing
spec.definition.defaultRole
Type: object
| Property | Type | Required |
|---|---|---|
| attributes | object | |
| clientRole | boolean | |
| composite | boolean | |
| composites | object | |
| containerId | string | |
| description | string | |
| id | string | |
| name | string | |
| scopeParamRequired | boolean |
missing
spec.definition.defaultRole.attributes
Type: object
missing
spec.definition.defaultRole.clientRole
Type: boolean
missing
spec.definition.defaultRole.composite
Type: boolean
missing
spec.definition.defaultRole.composites
Type: object
| Property | Type | Required |
|---|---|---|
| application | object | |
| client | object | |
| realm[] | string |
missing
spec.definition.defaultRole.composites.application
Type: object
missing
spec.definition.defaultRole.composites.client
Type: object
missing
spec.definition.defaultRole.composites.realm[]
Type: string
missing
spec.definition.defaultRole.containerId
Type: string
missing
spec.definition.defaultRole.description
Type: string
missing
spec.definition.defaultRole.id
Type: string
missing
spec.definition.defaultRole.name
Type: string
missing
spec.definition.defaultRole.scopeParamRequired
Type: boolean
missing
spec.definition.defaultRoles[]
Type: string
missing
spec.definition.defaultSignatureAlgorithm
Type: string
missing
spec.definition.directGrantFlow
Type: string
missing
spec.definition.displayName
Type: string
missing
spec.definition.displayNameHtml
Type: string
missing
spec.definition.dockerAuthenticationFlow
Type: string
missing
spec.definition.duplicateEmailsAllowed
Type: boolean
missing
spec.definition.editUsernameAllowed
Type: boolean
missing
spec.definition.emailTheme
Type: string
missing
spec.definition.enabled
Type: boolean
missing
spec.definition.enabledEventTypes[]
Type: string
missing
spec.definition.eventsEnabled
Type: boolean
missing
spec.definition.eventsExpiration
Type: integer
missing
spec.definition.eventsListeners[]
Type: string
missing
spec.definition.failureFactor
Type: integer
missing
spec.definition.federatedUsers[]
Type: object
| Property | Type | Required |
|---|---|---|
| access | object | |
| applicationRoles | object | |
| attributes | object | |
| clientConsents[] | object | |
| clientRoles | object | |
| createdTimestamp | integer | |
| credentials[] | object | |
| disableableCredentialTypes[] | string | |
| string | ||
| emailVerified | boolean | |
| enabled | boolean | |
| federatedIdentities[] | object | |
| federationLink | string | |
| firstName | string | |
| groups[] | string | |
| id | string | |
| lastName | string | |
| notBefore | integer | |
| origin | string | |
| realmRoles[] | string | |
| requiredActions[] | string | |
| self | string | |
| serviceAccountClientId | string | |
| socialLinks[] | object | |
| totp | boolean | |
| userProfileMetadata | object | |
| username | string |
missing
spec.definition.federatedUsers[].access
Type: object
missing
spec.definition.federatedUsers[].applicationRoles
Type: object
missing
spec.definition.federatedUsers[].attributes
Type: object
missing
spec.definition.federatedUsers[].clientConsents[]
Type: object
| Property | Type | Required |
|---|---|---|
| clientId | string | |
| createdDate | integer | |
| grantedClientScopes[] | string | |
| grantedRealmRoles[] | string | |
| lastUpdatedDate | integer |
missing
spec.definition.federatedUsers[].clientConsents[].clientId
Type: string
missing
spec.definition.federatedUsers[].clientConsents[].createdDate
Type: integer
missing
spec.definition.federatedUsers[].clientConsents[].grantedClientScopes[]
Type: string
missing
spec.definition.federatedUsers[].clientConsents[].grantedRealmRoles[]
Type: string
missing
spec.definition.federatedUsers[].clientConsents[].lastUpdatedDate
Type: integer
missing
spec.definition.federatedUsers[].clientRoles
Type: object
missing
spec.definition.federatedUsers[].createdTimestamp
Type: integer
missing
spec.definition.federatedUsers[].credentials[]
Type: object
| Property | Type | Required |
|---|---|---|
| algorithm | string | |
| config | object | |
| counter | integer | |
| createdDate | integer | |
| credentialData | string | |
| device | string | |
| digits | integer | |
| hashIterations | integer | |
| hashedSaltedValue | string | |
| id | string | |
| period | integer | |
| priority | integer | |
| salt | string | |
| secretData | string | |
| temporary | boolean | |
| type | string | |
| userLabel | string | |
| value | string |
missing
spec.definition.federatedUsers[].credentials[].algorithm
Type: string
missing
spec.definition.federatedUsers[].credentials[].config
Type: object
missing
spec.definition.federatedUsers[].credentials[].counter
Type: integer
missing
spec.definition.federatedUsers[].credentials[].createdDate
Type: integer
missing
spec.definition.federatedUsers[].credentials[].credentialData
Type: string
missing
spec.definition.federatedUsers[].credentials[].device
Type: string
missing
spec.definition.federatedUsers[].credentials[].digits
Type: integer
missing
spec.definition.federatedUsers[].credentials[].hashIterations
Type: integer
missing
spec.definition.federatedUsers[].credentials[].hashedSaltedValue
Type: string
missing
spec.definition.federatedUsers[].credentials[].id
Type: string
missing
spec.definition.federatedUsers[].credentials[].period
Type: integer
missing
spec.definition.federatedUsers[].credentials[].priority
Type: integer
missing
spec.definition.federatedUsers[].credentials[].salt
Type: string
missing
spec.definition.federatedUsers[].credentials[].secretData
Type: string
missing
spec.definition.federatedUsers[].credentials[].temporary
Type: boolean
missing
spec.definition.federatedUsers[].credentials[].type
Type: string
missing
spec.definition.federatedUsers[].credentials[].userLabel
Type: string
missing
spec.definition.federatedUsers[].credentials[].value
Type: string
missing
spec.definition.federatedUsers[].disableableCredentialTypes[]
Type: string
missing
spec.definition.federatedUsers[].email
Type: string
missing
spec.definition.federatedUsers[].emailVerified
Type: boolean
missing
spec.definition.federatedUsers[].enabled
Type: boolean
missing
spec.definition.federatedUsers[].federatedIdentities[]
Type: object
| Property | Type | Required |
|---|---|---|
| identityProvider | string | |
| userId | string | |
| userName | string |
missing
spec.definition.federatedUsers[].federatedIdentities[].identityProvider
Type: string
missing
spec.definition.federatedUsers[].federatedIdentities[].userId
Type: string
missing
spec.definition.federatedUsers[].federatedIdentities[].userName
Type: string
missing
spec.definition.federatedUsers[].federationLink
Type: string
missing
spec.definition.federatedUsers[].firstName
Type: string
missing
spec.definition.federatedUsers[].groups[]
Type: string
missing
spec.definition.federatedUsers[].id
Type: string
missing
spec.definition.federatedUsers[].lastName
Type: string
missing
spec.definition.federatedUsers[].notBefore
Type: integer
missing
spec.definition.federatedUsers[].origin
Type: string
missing
spec.definition.federatedUsers[].realmRoles[]
Type: string
missing
spec.definition.federatedUsers[].requiredActions[]
Type: string
missing
spec.definition.federatedUsers[].self
Type: string
missing
spec.definition.federatedUsers[].serviceAccountClientId
Type: string
missing
spec.definition.federatedUsers[].socialLinks[]
Type: object
| Property | Type | Required |
|---|---|---|
| socialProvider | string | |
| socialUserId | string | |
| socialUsername | string |
missing
spec.definition.federatedUsers[].socialLinks[].socialProvider
Type: string
missing
spec.definition.federatedUsers[].socialLinks[].socialUserId
Type: string
missing
spec.definition.federatedUsers[].socialLinks[].socialUsername
Type: string
missing
spec.definition.federatedUsers[].totp
Type: boolean
missing
spec.definition.federatedUsers[].userProfileMetadata
Type: object
| Property | Type | Required |
|---|---|---|
| attributes[] | object | |
| groups[] | object |
missing
spec.definition.federatedUsers[].userProfileMetadata.attributes[]
Type: object
| Property | Type | Required |
|---|---|---|
| annotations | object | |
| displayName | string | |
| group | string | |
| multivalued | boolean | |
| name | string | |
| readOnly | boolean | |
| required | boolean | |
| validators | object |
missing
spec.definition.federatedUsers[].userProfileMetadata.attributes[].annotations
Type: object
missing
spec.definition.federatedUsers[].userProfileMetadata.attributes[].displayName
Type: string
missing
spec.definition.federatedUsers[].userProfileMetadata.attributes[].group
Type: string
missing
spec.definition.federatedUsers[].userProfileMetadata.attributes[].multivalued
Type: boolean
missing
spec.definition.federatedUsers[].userProfileMetadata.attributes[].name
Type: string
missing
spec.definition.federatedUsers[].userProfileMetadata.attributes[].readOnly
Type: boolean
missing
spec.definition.federatedUsers[].userProfileMetadata.attributes[].required
Type: boolean
missing
spec.definition.federatedUsers[].userProfileMetadata.attributes[].validators
Type: object
missing
spec.definition.federatedUsers[].userProfileMetadata.groups[]
Type: object
| Property | Type | Required |
|---|---|---|
| annotations | object | |
| displayDescription | string | |
| displayHeader | string | |
| name | string |
missing
spec.definition.federatedUsers[].userProfileMetadata.groups[].annotations
Type: object
missing
spec.definition.federatedUsers[].userProfileMetadata.groups[].displayDescription
Type: string
missing
spec.definition.federatedUsers[].userProfileMetadata.groups[].displayHeader
Type: string
missing
spec.definition.federatedUsers[].userProfileMetadata.groups[].name
Type: string
missing
spec.definition.federatedUsers[].username
Type: string
missing
spec.definition.firstBrokerLoginFlow
Type: string
missing
spec.definition.id
Type: string
missing
spec.definition.identityProviderMappers[]
Type: object
| Property | Type | Required |
|---|---|---|
| config | object | |
| id | string | |
| identityProviderAlias | string | |
| identityProviderMapper | string | |
| name | string |
missing
spec.definition.identityProviderMappers[].config
Type: object
missing
spec.definition.identityProviderMappers[].id
Type: string
missing
spec.definition.identityProviderMappers[].identityProviderAlias
Type: string
missing
spec.definition.identityProviderMappers[].identityProviderMapper
Type: string
missing
spec.definition.identityProviderMappers[].name
Type: string
missing
spec.definition.identityProviders[]
Type: object
| Property | Type | Required |
|---|---|---|
| addReadTokenRoleOnCreate | boolean | |
| alias | string | |
| authenticateByDefault | boolean | |
| config | object | |
| displayName | string | |
| enabled | boolean | |
| firstBrokerLoginFlowAlias | string | |
| hideOnLogin | boolean | |
| internalId | string | |
| linkOnly | boolean | |
| organizationId | string | |
| postBrokerLoginFlowAlias | string | |
| providerId | string | |
| storeToken | boolean | |
| trustEmail | boolean | |
| updateProfileFirstLogin | boolean | |
| updateProfileFirstLoginMode | string |
missing
spec.definition.identityProviders[].addReadTokenRoleOnCreate
Type: boolean
missing
spec.definition.identityProviders[].alias
Type: string
missing
spec.definition.identityProviders[].authenticateByDefault
Type: boolean
missing
spec.definition.identityProviders[].config
Type: object
missing
spec.definition.identityProviders[].displayName
Type: string
missing
spec.definition.identityProviders[].enabled
Type: boolean
missing
spec.definition.identityProviders[].firstBrokerLoginFlowAlias
Type: string
missing
spec.definition.identityProviders[].hideOnLogin
Type: boolean
missing
spec.definition.identityProviders[].internalId
Type: string
missing
spec.definition.identityProviders[].linkOnly
Type: boolean
missing
spec.definition.identityProviders[].organizationId
Type: string
missing
spec.definition.identityProviders[].postBrokerLoginFlowAlias
Type: string
missing
spec.definition.identityProviders[].providerId
Type: string
missing
spec.definition.identityProviders[].storeToken
Type: boolean
missing
spec.definition.identityProviders[].trustEmail
Type: boolean
missing
spec.definition.identityProviders[].updateProfileFirstLogin
Type: boolean
missing
spec.definition.identityProviders[].updateProfileFirstLoginMode
Type: string
missing
spec.definition.internationalizationEnabled
Type: boolean
missing
spec.definition.keycloakVersion
Type: string
missing
spec.definition.localizationTexts
Type: object
missing
spec.definition.loginTheme
Type: string
missing
spec.definition.loginWithEmailAllowed
Type: boolean
missing
spec.definition.maxDeltaTimeSeconds
Type: integer
missing
spec.definition.maxFailureWaitSeconds
Type: integer
missing
spec.definition.maxTemporaryLockouts
Type: integer
missing
spec.definition.minimumQuickLoginWaitSeconds
Type: integer
missing
spec.definition.notBefore
Type: integer
missing
spec.definition.oAuth2DeviceCodeLifespan
Type: integer
missing
spec.definition.oAuth2DevicePollingInterval
Type: integer
missing
spec.definition.oauth2DeviceCodeLifespan
Type: integer
missing
spec.definition.oauth2DevicePollingInterval
Type: integer
missing
spec.definition.offlineSessionIdleTimeout
Type: integer
missing
spec.definition.offlineSessionMaxLifespan
Type: integer
missing
spec.definition.offlineSessionMaxLifespanEnabled
Type: boolean
missing
spec.definition.organizations[]
Type: object
| Property | Type | Required |
|---|---|---|
| alias | string | |
| attributes | object | |
| description | string | |
| domains[] | object | |
| enabled | boolean | |
| id | string | |
| identityProviders[] | object | |
| members[] | object | |
| name | string | |
| redirectUrl | string |
missing
spec.definition.organizations[].alias
Type: string
missing
spec.definition.organizations[].attributes
Type: object
missing
spec.definition.organizations[].description
Type: string
missing
spec.definition.organizations[].domains[]
Type: object
missing
spec.definition.organizations[].domains[].name
Type: string
missing
spec.definition.organizations[].domains[].verified
Type: boolean
missing
spec.definition.organizations[].enabled
Type: boolean
missing
spec.definition.organizations[].id
Type: string
missing
spec.definition.organizations[].identityProviders[]
Type: object
| Property | Type | Required |
|---|---|---|
| addReadTokenRoleOnCreate | boolean | |
| alias | string | |
| authenticateByDefault | boolean | |
| config | object | |
| displayName | string | |
| enabled | boolean | |
| firstBrokerLoginFlowAlias | string | |
| hideOnLogin | boolean | |
| internalId | string | |
| linkOnly | boolean | |
| organizationId | string | |
| postBrokerLoginFlowAlias | string | |
| providerId | string | |
| storeToken | boolean | |
| trustEmail | boolean | |
| updateProfileFirstLogin | boolean | |
| updateProfileFirstLoginMode | string |
missing
spec.definition.organizations[].identityProviders[].addReadTokenRoleOnCreate
Type: boolean
missing
spec.definition.organizations[].identityProviders[].alias
Type: string
missing
spec.definition.organizations[].identityProviders[].authenticateByDefault
Type: boolean
missing
spec.definition.organizations[].identityProviders[].config
Type: object
missing
spec.definition.organizations[].identityProviders[].displayName
Type: string
missing
spec.definition.organizations[].identityProviders[].enabled
Type: boolean
missing
spec.definition.organizations[].identityProviders[].firstBrokerLoginFlowAlias
Type: string
missing
spec.definition.organizations[].identityProviders[].hideOnLogin
Type: boolean
missing
spec.definition.organizations[].identityProviders[].internalId
Type: string
missing
spec.definition.organizations[].identityProviders[].linkOnly
Type: boolean
missing
spec.definition.organizations[].identityProviders[].organizationId
Type: string
missing
spec.definition.organizations[].identityProviders[].postBrokerLoginFlowAlias
Type: string
missing
spec.definition.organizations[].identityProviders[].providerId
Type: string
missing
spec.definition.organizations[].identityProviders[].storeToken
Type: boolean
missing
spec.definition.organizations[].identityProviders[].trustEmail
Type: boolean
missing
spec.definition.organizations[].identityProviders[].updateProfileFirstLogin
Type: boolean
missing
spec.definition.organizations[].identityProviders[].updateProfileFirstLoginMode
Type: string
missing
spec.definition.organizations[].members[]
Type: object
| Property | Type | Required |
|---|---|---|
| access | object | |
| applicationRoles | object | |
| attributes | object | |
| clientConsents[] | object | |
| clientRoles | object | |
| createdTimestamp | integer | |
| credentials[] | object | |
| disableableCredentialTypes[] | string | |
| string | ||
| emailVerified | boolean | |
| enabled | boolean | |
| federatedIdentities[] | object | |
| federationLink | string | |
| firstName | string | |
| groups[] | string | |
| id | string | |
| lastName | string | |
| membershipType | string | |
| notBefore | integer | |
| origin | string | |
| realmRoles[] | string | |
| requiredActions[] | string | |
| self | string | |
| serviceAccountClientId | string | |
| socialLinks[] | object | |
| totp | boolean | |
| userProfileMetadata | object | |
| username | string |
missing
spec.definition.organizations[].members[].access
Type: object
missing
spec.definition.organizations[].members[].applicationRoles
Type: object
missing
spec.definition.organizations[].members[].attributes
Type: object
missing
spec.definition.organizations[].members[].clientConsents[]
Type: object
| Property | Type | Required |
|---|---|---|
| clientId | string | |
| createdDate | integer | |
| grantedClientScopes[] | string | |
| grantedRealmRoles[] | string | |
| lastUpdatedDate | integer |
missing
spec.definition.organizations[].members[].clientConsents[].clientId
Type: string
missing
spec.definition.organizations[].members[].clientConsents[].createdDate
Type: integer
missing
spec.definition.organizations[].members[].clientConsents[].grantedClientScopes[]
Type: string
missing
spec.definition.organizations[].members[].clientConsents[].grantedRealmRoles[]
Type: string
missing
spec.definition.organizations[].members[].clientConsents[].lastUpdatedDate
Type: integer
missing
spec.definition.organizations[].members[].clientRoles
Type: object
missing
spec.definition.organizations[].members[].createdTimestamp
Type: integer
missing
spec.definition.organizations[].members[].credentials[]
Type: object
| Property | Type | Required |
|---|---|---|
| algorithm | string | |
| config | object | |
| counter | integer | |
| createdDate | integer | |
| credentialData | string | |
| device | string | |
| digits | integer | |
| hashIterations | integer | |
| hashedSaltedValue | string | |
| id | string | |
| period | integer | |
| priority | integer | |
| salt | string | |
| secretData | string | |
| temporary | boolean | |
| type | string | |
| userLabel | string | |
| value | string |
missing
spec.definition.organizations[].members[].credentials[].algorithm
Type: string
missing
spec.definition.organizations[].members[].credentials[].config
Type: object
missing
spec.definition.organizations[].members[].credentials[].counter
Type: integer
missing
spec.definition.organizations[].members[].credentials[].createdDate
Type: integer
missing
spec.definition.organizations[].members[].credentials[].credentialData
Type: string
missing
spec.definition.organizations[].members[].credentials[].device
Type: string
missing
spec.definition.organizations[].members[].credentials[].digits
Type: integer
missing
spec.definition.organizations[].members[].credentials[].hashIterations
Type: integer
missing
spec.definition.organizations[].members[].credentials[].hashedSaltedValue
Type: string
missing
spec.definition.organizations[].members[].credentials[].id
Type: string
missing
spec.definition.organizations[].members[].credentials[].period
Type: integer
missing
spec.definition.organizations[].members[].credentials[].priority
Type: integer
missing
spec.definition.organizations[].members[].credentials[].salt
Type: string
missing
spec.definition.organizations[].members[].credentials[].secretData
Type: string
missing
spec.definition.organizations[].members[].credentials[].temporary
Type: boolean
missing
spec.definition.organizations[].members[].credentials[].type
Type: string
missing
spec.definition.organizations[].members[].credentials[].userLabel
Type: string
missing
spec.definition.organizations[].members[].credentials[].value
Type: string
missing
spec.definition.organizations[].members[].disableableCredentialTypes[]
Type: string
missing
spec.definition.organizations[].members[].email
Type: string
missing
spec.definition.organizations[].members[].emailVerified
Type: boolean
missing
spec.definition.organizations[].members[].enabled
Type: boolean
missing
spec.definition.organizations[].members[].federatedIdentities[]
Type: object
| Property | Type | Required |
|---|---|---|
| identityProvider | string | |
| userId | string | |
| userName | string |
missing
spec.definition.organizations[].members[].federatedIdentities[].identityProvider
Type: string
missing
spec.definition.organizations[].members[].federatedIdentities[].userId
Type: string
missing
spec.definition.organizations[].members[].federatedIdentities[].userName
Type: string
missing
spec.definition.organizations[].members[].federationLink
Type: string
missing
spec.definition.organizations[].members[].firstName
Type: string
missing
spec.definition.organizations[].members[].groups[]
Type: string
missing
spec.definition.organizations[].members[].id
Type: string
missing
spec.definition.organizations[].members[].lastName
Type: string
missing
spec.definition.organizations[].members[].membershipType
Type: string
missing
spec.definition.organizations[].members[].notBefore
Type: integer
missing
spec.definition.organizations[].members[].origin
Type: string
missing
spec.definition.organizations[].members[].realmRoles[]
Type: string
missing
spec.definition.organizations[].members[].requiredActions[]
Type: string
missing
spec.definition.organizations[].members[].self
Type: string
missing
spec.definition.organizations[].members[].serviceAccountClientId
Type: string
missing
spec.definition.organizations[].members[].socialLinks[]
Type: object
| Property | Type | Required |
|---|---|---|
| socialProvider | string | |
| socialUserId | string | |
| socialUsername | string |
missing
spec.definition.organizations[].members[].socialLinks[].socialProvider
Type: string
missing
spec.definition.organizations[].members[].socialLinks[].socialUserId
Type: string
missing
spec.definition.organizations[].members[].socialLinks[].socialUsername
Type: string
missing
spec.definition.organizations[].members[].totp
Type: boolean
missing
spec.definition.organizations[].members[].userProfileMetadata
Type: object
| Property | Type | Required |
|---|---|---|
| attributes[] | object | |
| groups[] | object |
missing
spec.definition.organizations[].members[].userProfileMetadata.attributes[]
Type: object
| Property | Type | Required |
|---|---|---|
| annotations | object | |
| displayName | string | |
| group | string | |
| multivalued | boolean | |
| name | string | |
| readOnly | boolean | |
| required | boolean | |
| validators | object |
missing
spec.definition.organizations[].members[].userProfileMetadata.attributes[].annotations
Type: object
missing
spec.definition.organizations[].members[].userProfileMetadata.attributes[].displayName
Type: string
missing
spec.definition.organizations[].members[].userProfileMetadata.attributes[].group
Type: string
missing
spec.definition.organizations[].members[].userProfileMetadata.attributes[].multivalued
Type: boolean
missing
spec.definition.organizations[].members[].userProfileMetadata.attributes[].name
Type: string
missing
spec.definition.organizations[].members[].userProfileMetadata.attributes[].readOnly
Type: boolean
missing
spec.definition.organizations[].members[].userProfileMetadata.attributes[].required
Type: boolean
missing
spec.definition.organizations[].members[].userProfileMetadata.attributes[].validators
Type: object
missing
spec.definition.organizations[].members[].userProfileMetadata.groups[]
Type: object
| Property | Type | Required |
|---|---|---|
| annotations | object | |
| displayDescription | string | |
| displayHeader | string | |
| name | string |
missing
spec.definition.organizations[].members[].userProfileMetadata.groups[].annotations
Type: object
missing
spec.definition.organizations[].members[].userProfileMetadata.groups[].displayDescription
Type: string
missing
spec.definition.organizations[].members[].userProfileMetadata.groups[].displayHeader
Type: string
missing
spec.definition.organizations[].members[].userProfileMetadata.groups[].name
Type: string
missing
spec.definition.organizations[].members[].username
Type: string
missing
spec.definition.organizations[].name
Type: string
missing
spec.definition.organizations[].redirectUrl
Type: string
missing
spec.definition.organizationsEnabled
Type: boolean
missing
spec.definition.otpPolicyAlgorithm
Type: string
missing
spec.definition.otpPolicyCodeReusable
Type: boolean
missing
spec.definition.otpPolicyDigits
Type: integer
missing
spec.definition.otpPolicyInitialCounter
Type: integer
missing
spec.definition.otpPolicyLookAheadWindow
Type: integer
missing
spec.definition.otpPolicyPeriod
Type: integer
missing
spec.definition.otpPolicyType
Type: string
missing
spec.definition.otpSupportedApplications[]
Type: string
missing
spec.definition.passwordCredentialGrantAllowed
Type: boolean
missing
spec.definition.passwordPolicy
Type: string
missing
spec.definition.permanentLockout
Type: boolean
missing
spec.definition.privateKey
Type: string
missing
spec.definition.protocolMappers[]
Type: object
| Property | Type | Required |
|---|---|---|
| config | object | |
| consentRequired | boolean | |
| consentText | string | |
| id | string | |
| name | string | |
| protocol | string | |
| protocolMapper | string |
missing
spec.definition.protocolMappers[].config
Type: object
missing
spec.definition.protocolMappers[].consentRequired
Type: boolean
missing
spec.definition.protocolMappers[].consentText
Type: string
missing
spec.definition.protocolMappers[].id
Type: string
missing
spec.definition.protocolMappers[].name
Type: string
missing
spec.definition.protocolMappers[].protocol
Type: string
missing
spec.definition.protocolMappers[].protocolMapper
Type: string
missing
spec.definition.publicKey
Type: string
missing
spec.definition.quickLoginCheckMilliSeconds
Type: integer
missing
spec.definition.realm
Type: string
| Validation Rule | Error Message |
|---|---|
| self == oldSelf | Value is immutable |
missing
spec.definition.realmCacheEnabled
Type: boolean
missing
spec.definition.refreshTokenMaxReuse
Type: integer
missing
spec.definition.registrationAllowed
Type: boolean
missing
spec.definition.registrationEmailAsUsername
Type: boolean
missing
spec.definition.registrationFlow
Type: string
missing
spec.definition.rememberMe
Type: boolean
missing
spec.definition.requiredActions[]
Type: object
| Property | Type | Required |
|---|---|---|
| alias | string | |
| config | object | |
| defaultAction | boolean | |
| enabled | boolean | |
| name | string | |
| priority | integer | |
| providerId | string |
missing
spec.definition.requiredActions[].alias
Type: string
missing
spec.definition.requiredActions[].config
Type: object
missing
spec.definition.requiredActions[].defaultAction
Type: boolean
missing
spec.definition.requiredActions[].enabled
Type: boolean
missing
spec.definition.requiredActions[].name
Type: string
missing
spec.definition.requiredActions[].priority
Type: integer
missing
spec.definition.requiredActions[].providerId
Type: string
missing
spec.definition.requiredCredentials[]
Type: string
missing
spec.definition.resetCredentialsFlow
Type: string
missing
spec.definition.resetPasswordAllowed
Type: boolean
missing
spec.definition.revokeRefreshToken
Type: boolean
missing
spec.definition.roles
Type: object
| Property | Type | Required |
|---|---|---|
| application | object | |
| client | object | |
| realm[] | object |
missing
spec.definition.roles.application
Type: object
missing
spec.definition.roles.client
Type: object
missing
spec.definition.roles.realm[]
Type: object
| Property | Type | Required |
|---|---|---|
| attributes | object | |
| clientRole | boolean | |
| composite | boolean | |
| composites | object | |
| containerId | string | |
| description | string | |
| id | string | |
| name | string | |
| scopeParamRequired | boolean |
missing
spec.definition.roles.realm[].attributes
Type: object
missing
spec.definition.roles.realm[].clientRole
Type: boolean
missing
spec.definition.roles.realm[].composite
Type: boolean
missing
spec.definition.roles.realm[].composites
Type: object
| Property | Type | Required |
|---|---|---|
| application | object | |
| client | object | |
| realm[] | string |
missing
spec.definition.roles.realm[].composites.application
Type: object
missing
spec.definition.roles.realm[].composites.client
Type: object
missing
spec.definition.roles.realm[].composites.realm[]
Type: string
missing
spec.definition.roles.realm[].containerId
Type: string
missing
spec.definition.roles.realm[].description
Type: string
missing
spec.definition.roles.realm[].id
Type: string
missing
spec.definition.roles.realm[].name
Type: string
missing
spec.definition.roles.realm[].scopeParamRequired
Type: boolean
missing
spec.definition.scopeMappings[]
Type: object
| Property | Type | Required |
|---|---|---|
| client | string | |
| clientScope | string | |
| clientTemplate | string | |
| roles[] | string | |
| self | string |
missing
spec.definition.scopeMappings[].client
Type: string
missing
spec.definition.scopeMappings[].clientScope
Type: string
missing
spec.definition.scopeMappings[].clientTemplate
Type: string
missing
spec.definition.scopeMappings[].roles[]
Type: string
missing
spec.definition.scopeMappings[].self
Type: string
missing
spec.definition.smtpServer
Type: object
missing
spec.definition.social
Type: boolean
missing
spec.definition.socialProviders
Type: object
missing
spec.definition.sslRequired
Type: string
missing
spec.definition.ssoSessionIdleTimeout
Type: integer
missing
spec.definition.ssoSessionIdleTimeoutRememberMe
Type: integer
missing
spec.definition.ssoSessionMaxLifespan
Type: integer
missing
spec.definition.ssoSessionMaxLifespanRememberMe
Type: integer
missing
spec.definition.supportedLocales[]
Type: string
missing
spec.definition.updateProfileOnInitialSocialLogin
Type: boolean
missing
spec.definition.userCacheEnabled
Type: boolean
missing
spec.definition.userFederationMappers[]
Type: object
| Property | Type | Required |
|---|---|---|
| config | object | |
| federationMapperType | string | |
| federationProviderDisplayName | string | |
| id | string | |
| name | string |
missing
spec.definition.userFederationMappers[].config
Type: object
missing
spec.definition.userFederationMappers[].federationMapperType
Type: string
missing
spec.definition.userFederationMappers[].federationProviderDisplayName
Type: string
missing
spec.definition.userFederationMappers[].id
Type: string
missing
spec.definition.userFederationMappers[].name
Type: string
missing
spec.definition.userFederationProviders[]
Type: object
| Property | Type | Required |
|---|---|---|
| changedSyncPeriod | integer | |
| config | object | |
| displayName | string | |
| fullSyncPeriod | integer | |
| id | string | |
| lastSync | integer | |
| priority | integer | |
| providerName | string |
missing
spec.definition.userFederationProviders[].changedSyncPeriod
Type: integer
missing
spec.definition.userFederationProviders[].config
Type: object
missing
spec.definition.userFederationProviders[].displayName
Type: string
missing
spec.definition.userFederationProviders[].fullSyncPeriod
Type: integer
missing
spec.definition.userFederationProviders[].id
Type: string
missing
spec.definition.userFederationProviders[].lastSync
Type: integer
missing
spec.definition.userFederationProviders[].priority
Type: integer
missing
spec.definition.userFederationProviders[].providerName
Type: string
missing
spec.definition.userManagedAccessAllowed
Type: boolean
missing
spec.definition.users[]
Type: object
| Property | Type | Required |
|---|---|---|
| access | object | |
| applicationRoles | object | |
| attributes | object | |
| clientConsents[] | object | |
| clientRoles | object | |
| createdTimestamp | integer | |
| credentials[] | object | |
| disableableCredentialTypes[] | string | |
| string | ||
| emailVerified | boolean | |
| enabled | boolean | |
| federatedIdentities[] | object | |
| federationLink | string | |
| firstName | string | |
| groups[] | string | |
| id | string | |
| lastName | string | |
| notBefore | integer | |
| origin | string | |
| realmRoles[] | string | |
| requiredActions[] | string | |
| self | string | |
| serviceAccountClientId | string | |
| socialLinks[] | object | |
| totp | boolean | |
| userProfileMetadata | object | |
| username | string |
missing
spec.definition.users[].access
Type: object
missing
spec.definition.users[].applicationRoles
Type: object
missing
spec.definition.users[].attributes
Type: object
missing
spec.definition.users[].clientConsents[]
Type: object
| Property | Type | Required |
|---|---|---|
| clientId | string | |
| createdDate | integer | |
| grantedClientScopes[] | string | |
| grantedRealmRoles[] | string | |
| lastUpdatedDate | integer |
missing
spec.definition.users[].clientConsents[].clientId
Type: string
missing
spec.definition.users[].clientConsents[].createdDate
Type: integer
missing
spec.definition.users[].clientConsents[].grantedClientScopes[]
Type: string
missing
spec.definition.users[].clientConsents[].grantedRealmRoles[]
Type: string
missing
spec.definition.users[].clientConsents[].lastUpdatedDate
Type: integer
missing
spec.definition.users[].clientRoles
Type: object
missing
spec.definition.users[].createdTimestamp
Type: integer
missing
spec.definition.users[].credentials[]
Type: object
| Property | Type | Required |
|---|---|---|
| algorithm | string | |
| config | object | |
| counter | integer | |
| createdDate | integer | |
| credentialData | string | |
| device | string | |
| digits | integer | |
| hashIterations | integer | |
| hashedSaltedValue | string | |
| id | string | |
| period | integer | |
| priority | integer | |
| salt | string | |
| secretData | string | |
| temporary | boolean | |
| type | string | |
| userLabel | string | |
| value | string |
missing
spec.definition.users[].credentials[].algorithm
Type: string
missing
spec.definition.users[].credentials[].config
Type: object
missing
spec.definition.users[].credentials[].counter
Type: integer
missing
spec.definition.users[].credentials[].createdDate
Type: integer
missing
spec.definition.users[].credentials[].credentialData
Type: string
missing
spec.definition.users[].credentials[].device
Type: string
missing
spec.definition.users[].credentials[].digits
Type: integer
missing
spec.definition.users[].credentials[].hashIterations
Type: integer
missing
spec.definition.users[].credentials[].hashedSaltedValue
Type: string
missing
spec.definition.users[].credentials[].id
Type: string
missing
spec.definition.users[].credentials[].period
Type: integer
missing
spec.definition.users[].credentials[].priority
Type: integer
missing
spec.definition.users[].credentials[].salt
Type: string
missing
spec.definition.users[].credentials[].secretData
Type: string
missing
spec.definition.users[].credentials[].temporary
Type: boolean
missing
spec.definition.users[].credentials[].type
Type: string
missing
spec.definition.users[].credentials[].userLabel
Type: string
missing
spec.definition.users[].credentials[].value
Type: string
missing
spec.definition.users[].disableableCredentialTypes[]
Type: string
missing
spec.definition.users[].email
Type: string
missing
spec.definition.users[].emailVerified
Type: boolean
missing
spec.definition.users[].enabled
Type: boolean
missing
spec.definition.users[].federatedIdentities[]
Type: object
| Property | Type | Required |
|---|---|---|
| identityProvider | string | |
| userId | string | |
| userName | string |
missing
spec.definition.users[].federatedIdentities[].identityProvider
Type: string
missing
spec.definition.users[].federatedIdentities[].userId
Type: string
missing
spec.definition.users[].federatedIdentities[].userName
Type: string
missing
spec.definition.users[].federationLink
Type: string
missing
spec.definition.users[].firstName
Type: string
missing
spec.definition.users[].groups[]
Type: string
missing
spec.definition.users[].id
Type: string
missing
spec.definition.users[].lastName
Type: string
missing
spec.definition.users[].notBefore
Type: integer
missing
spec.definition.users[].origin
Type: string
missing
spec.definition.users[].realmRoles[]
Type: string
missing
spec.definition.users[].requiredActions[]
Type: string
missing
spec.definition.users[].self
Type: string
missing
spec.definition.users[].serviceAccountClientId
Type: string
missing
spec.definition.users[].socialLinks[]
Type: object
| Property | Type | Required |
|---|---|---|
| socialProvider | string | |
| socialUserId | string | |
| socialUsername | string |
missing
spec.definition.users[].socialLinks[].socialProvider
Type: string
missing
spec.definition.users[].socialLinks[].socialUserId
Type: string
missing
spec.definition.users[].socialLinks[].socialUsername
Type: string
missing
spec.definition.users[].totp
Type: boolean
missing
spec.definition.users[].userProfileMetadata
Type: object
| Property | Type | Required |
|---|---|---|
| attributes[] | object | |
| groups[] | object |
missing
spec.definition.users[].userProfileMetadata.attributes[]
Type: object
| Property | Type | Required |
|---|---|---|
| annotations | object | |
| displayName | string | |
| group | string | |
| multivalued | boolean | |
| name | string | |
| readOnly | boolean | |
| required | boolean | |
| validators | object |
missing
spec.definition.users[].userProfileMetadata.attributes[].annotations
Type: object
missing
spec.definition.users[].userProfileMetadata.attributes[].displayName
Type: string
missing
spec.definition.users[].userProfileMetadata.attributes[].group
Type: string
missing
spec.definition.users[].userProfileMetadata.attributes[].multivalued
Type: boolean
missing
spec.definition.users[].userProfileMetadata.attributes[].name
Type: string
missing
spec.definition.users[].userProfileMetadata.attributes[].readOnly
Type: boolean
missing
spec.definition.users[].userProfileMetadata.attributes[].required
Type: boolean
missing
spec.definition.users[].userProfileMetadata.attributes[].validators
Type: object
missing
spec.definition.users[].userProfileMetadata.groups[]
Type: object
| Property | Type | Required |
|---|---|---|
| annotations | object | |
| displayDescription | string | |
| displayHeader | string | |
| name | string |
missing
spec.definition.users[].userProfileMetadata.groups[].annotations
Type: object
missing
spec.definition.users[].userProfileMetadata.groups[].displayDescription
Type: string
missing
spec.definition.users[].userProfileMetadata.groups[].displayHeader
Type: string
missing
spec.definition.users[].userProfileMetadata.groups[].name
Type: string
missing
spec.definition.users[].username
Type: string
missing
spec.definition.verifyEmail
Type: boolean
missing
spec.definition.waitIncrementSeconds
Type: integer
missing
spec.definition.webAuthnPolicyAcceptableAaguids[]
Type: string
missing
spec.definition.webAuthnPolicyAttestationConveyancePreference
Type: string
missing
spec.definition.webAuthnPolicyAuthenticatorAttachment
Type: string
missing
spec.definition.webAuthnPolicyAvoidSameAuthenticatorRegister
Type: boolean
missing
spec.definition.webAuthnPolicyCreateTimeout
Type: integer
missing
spec.definition.webAuthnPolicyExtraOrigins[]
Type: string
missing
spec.definition.webAuthnPolicyPasswordlessAcceptableAaguids[]
Type: string
missing
spec.definition.webAuthnPolicyPasswordlessAttestationConveyancePreference
Type: string
missing
spec.definition.webAuthnPolicyPasswordlessAuthenticatorAttachment
Type: string
missing
spec.definition.webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister
Type: boolean
missing
spec.definition.webAuthnPolicyPasswordlessCreateTimeout
Type: integer
missing
spec.definition.webAuthnPolicyPasswordlessExtraOrigins[]
Type: string
missing
spec.definition.webAuthnPolicyPasswordlessRequireResidentKey
Type: string
missing
spec.definition.webAuthnPolicyPasswordlessRpEntityName
Type: string
missing
spec.definition.webAuthnPolicyPasswordlessRpId
Type: string
missing
spec.definition.webAuthnPolicyPasswordlessSignatureAlgorithms[]
Type: string
missing
spec.definition.webAuthnPolicyPasswordlessUserVerificationRequirement
Type: string
missing
spec.definition.webAuthnPolicyRequireResidentKey
Type: string
missing
spec.definition.webAuthnPolicyRpEntityName
Type: string
missing
spec.definition.webAuthnPolicyRpId
Type: string
missing
spec.definition.webAuthnPolicySignatureAlgorithms[]
Type: string
missing
spec.definition.webAuthnPolicyUserVerificationRequirement
Type: string
missing
spec.instanceRef
Type: string
| Validation Rule | Error Message |
|---|---|
| self == oldSelf | Value is immutable |
The name of the instance to which this realm belongs
spec.options
Type: object
Options for the request to the Keycloak Admin API.
spec.patchFrom
Type: object
Defines additional values that can be loaded from secrets or configmaps. Field selectors are not supported. For more informations see the patches documentation.
status
Type: object
| Property | Type | Required |
|---|---|---|
| conditions[] | object | |
| message | string | |
| ready | boolean | ✅ |
| resourcePath | string | |
| status | string |
missing
status.conditions[]
Type: object
| Property | Type | Required |
|---|---|---|
| lastTransitionTime | string | |
| lastUpdateTime | string | |
| message | string | |
| reason | string | |
| status | string | ✅ |
| type | string | ✅ |
missing
status.conditions[].lastTransitionTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].lastUpdateTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].message
Type: string
missing
status.conditions[].reason
Type: string
missing
status.conditions[].status
Type: string
missing
status.conditions[].type
Type: string
missing
status.message
Type: string
missing
status.ready
Type: boolean
missing
status.resourcePath
Type: string
missing
status.status
Type: string
missing
KeycloakRequiredActionProvider
v1
resource to define an Required Action Provider within a KeyclaokRealm
| Property | Type | Required |
|---|---|---|
| spec | object | ✅ |
| spec.definition | object | ✅ |
| spec.definition.alias | string | |
| spec.definition.config | object | |
| spec.definition.defaultAction | boolean | |
| spec.definition.enabled | boolean | |
| spec.definition.name | string | |
| spec.definition.priority | integer | |
| spec.definition.providerId | string | |
| spec.options | object | |
| spec.patchFrom | object | |
| spec.realmRef | string | ✅ |
| status | object | |
| status.conditions[] | object | |
| status.conditions[].lastTransitionTime | string | |
| status.conditions[].lastUpdateTime | string | |
| status.conditions[].message | string | |
| status.conditions[].reason | string | |
| status.conditions[].status | string | ✅ |
| status.conditions[].type | string | ✅ |
| status.message | string | |
| status.ready | boolean | ✅ |
| status.resourcePath | string | |
| status.status | string |
spec
Type: object
| Property | Type | Required |
|---|---|---|
| definition | object | ✅ |
| options | object | |
| patchFrom | object | |
| realmRef | string | ✅ |
the KeycloakRequiredActionProvider resource
spec.definition
Type: object
| Property | Type | Required |
|---|---|---|
| alias | string | |
| config | object | |
| defaultAction | boolean | |
| enabled | boolean | |
| name | string | |
| priority | integer | |
| providerId | string |
| Validation Rule | Error Message |
|---|---|
| has(self.alias) == has(oldSelf.alias) | Value is immutable |
missing
spec.definition.alias
Type: string
| Validation Rule | Error Message |
|---|---|
| self == oldSelf | Value is immutable |
missing
spec.definition.config
Type: object
missing
spec.definition.defaultAction
Type: boolean
missing
spec.definition.enabled
Type: boolean
missing
spec.definition.name
Type: string
missing
spec.definition.priority
Type: integer
missing
spec.definition.providerId
Type: string
missing
spec.options
Type: object
Options for the request to the Keycloak Admin API.
spec.patchFrom
Type: object
Defines additional values that can be loaded from secrets or configmaps. Field selectors are not supported. For more informations see the patches documentation.
spec.realmRef
Type: string
the name of the kubernetes object that created the realm.
status
Type: object
| Property | Type | Required |
|---|---|---|
| conditions[] | object | |
| message | string | |
| ready | boolean | ✅ |
| resourcePath | string | |
| status | string |
missing
status.conditions[]
Type: object
| Property | Type | Required |
|---|---|---|
| lastTransitionTime | string | |
| lastUpdateTime | string | |
| message | string | |
| reason | string | |
| status | string | ✅ |
| type | string | ✅ |
missing
status.conditions[].lastTransitionTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].lastUpdateTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].message
Type: string
missing
status.conditions[].reason
Type: string
missing
status.conditions[].status
Type: string
missing
status.conditions[].type
Type: string
missing
status.message
Type: string
missing
status.ready
Type: boolean
missing
status.resourcePath
Type: string
missing
status.status
Type: string
missing
KeycloakResource
v1
resource to define a Resource within a KeyclaokClient
spec
Type: object
| Property | Type | Required |
|---|---|---|
| clientRef | string | ✅ |
| definition | object | ✅ |
| options | object | |
| patchFrom | object |
the KeycloakResource resource
spec.clientRef
Type: string
the name of the kubernetes object that created the client.
spec.definition
Type: object
| Property | Type | Required |
|---|---|---|
| _id | string | |
| attributes | object | |
| displayName | string | |
| icon_uri | string | |
| name | string | |
| owner | object | |
| ownerManagedAccess | boolean | |
| scopes[] | object | |
| scopesUma[] | object | |
| type | string | |
| uri | string | |
| uris[] | string |
| Validation Rule | Error Message |
|---|---|
| has(self._id) == has(oldSelf._id) | Value is immutable |
missing
spec.definition._id
Type: string
| Validation Rule | Error Message |
|---|---|
| self == oldSelf | Value is immutable |
missing
spec.definition.attributes
Type: object
missing
spec.definition.displayName
Type: string
missing
spec.definition.icon_uri
Type: string
missing
spec.definition.name
Type: string
missing
spec.definition.owner
Type: object
missing
spec.definition.owner.id
Type: string
missing
spec.definition.owner.name
Type: string
missing
spec.definition.ownerManagedAccess
Type: boolean
missing
spec.definition.scopes[]
Type: object
| Property | Type | Required |
|---|---|---|
| displayName | string | |
| iconUri | string | |
| id | string | |
| name | string | |
| policies[] | object |
missing
spec.definition.scopes[].displayName
Type: string
missing
spec.definition.scopes[].iconUri
Type: string
missing
spec.definition.scopes[].id
Type: string
missing
spec.definition.scopes[].name
Type: string
missing
spec.definition.scopes[].policies[]
Type: object
| Property | Type | Required |
|---|---|---|
| config | object | |
| decisionStrategy | string | |
| description | string | |
| id | string | |
| logic | string | |
| name | string | |
| owner | string | |
| policies[] | string | |
| resources[] | string | |
| scopes[] | string | |
| type | string |
missing
spec.definition.scopes[].policies[].config
Type: object
missing
spec.definition.scopes[].policies[].decisionStrategy
Type: string
missing
spec.definition.scopes[].policies[].description
Type: string
missing
spec.definition.scopes[].policies[].id
Type: string
missing
spec.definition.scopes[].policies[].logic
Type: string
missing
spec.definition.scopes[].policies[].name
Type: string
missing
spec.definition.scopes[].policies[].owner
Type: string
missing
spec.definition.scopes[].policies[].policies[]
Type: string
missing
spec.definition.scopes[].policies[].resources[]
Type: string
missing
spec.definition.scopes[].policies[].scopes[]
Type: string
missing
spec.definition.scopes[].policies[].type
Type: string
missing
spec.definition.scopesUma[]
Type: object
| Property | Type | Required |
|---|---|---|
| displayName | string | |
| iconUri | string | |
| id | string | |
| name | string | |
| policies[] | object |
missing
spec.definition.scopesUma[].displayName
Type: string
missing
spec.definition.scopesUma[].iconUri
Type: string
missing
spec.definition.scopesUma[].id
Type: string
missing
spec.definition.scopesUma[].name
Type: string
missing
spec.definition.scopesUma[].policies[]
Type: object
| Property | Type | Required |
|---|---|---|
| config | object | |
| decisionStrategy | string | |
| description | string | |
| id | string | |
| logic | string | |
| name | string | |
| owner | string | |
| policies[] | string | |
| resources[] | string | |
| scopes[] | string | |
| type | string |
missing
spec.definition.scopesUma[].policies[].config
Type: object
missing
spec.definition.scopesUma[].policies[].decisionStrategy
Type: string
missing
spec.definition.scopesUma[].policies[].description
Type: string
missing
spec.definition.scopesUma[].policies[].id
Type: string
missing
spec.definition.scopesUma[].policies[].logic
Type: string
missing
spec.definition.scopesUma[].policies[].name
Type: string
missing
spec.definition.scopesUma[].policies[].owner
Type: string
missing
spec.definition.scopesUma[].policies[].policies[]
Type: string
missing
spec.definition.scopesUma[].policies[].resources[]
Type: string
missing
spec.definition.scopesUma[].policies[].scopes[]
Type: string
missing
spec.definition.scopesUma[].policies[].type
Type: string
missing
spec.definition.type
Type: string
missing
spec.definition.uri
Type: string
missing
spec.definition.uris[]
Type: string
missing
spec.options
Type: object
Options for the request to the Keycloak Admin API.
spec.patchFrom
Type: object
Defines additional values that can be loaded from secrets or configmaps. Field selectors are not supported. For more informations see the patches documentation.
status
Type: object
| Property | Type | Required |
|---|---|---|
| conditions[] | object | |
| message | string | |
| ready | boolean | ✅ |
| resourcePath | string | |
| status | string |
missing
status.conditions[]
Type: object
| Property | Type | Required |
|---|---|---|
| lastTransitionTime | string | |
| lastUpdateTime | string | |
| message | string | |
| reason | string | |
| status | string | ✅ |
| type | string | ✅ |
missing
status.conditions[].lastTransitionTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].lastUpdateTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].message
Type: string
missing
status.conditions[].reason
Type: string
missing
status.conditions[].status
Type: string
missing
status.conditions[].type
Type: string
missing
status.message
Type: string
missing
status.ready
Type: boolean
missing
status.resourcePath
Type: string
missing
status.status
Type: string
missing
KeycloakRole
v1
resource to define a Protocol Mapper within either a KeycloakRealm or a KeycloakClient
| Property | Type | Required |
|---|---|---|
| spec | object | ✅ |
| spec.clientRef | string | |
| spec.definition | object | ✅ |
| spec.definition.attributes | object | |
| spec.definition.clientRole | boolean | |
| spec.definition.composite | boolean | |
| spec.definition.composites | object | |
| spec.definition.composites.application | object | |
| spec.definition.composites.client | object | |
| spec.definition.composites.realm[] | string | |
| spec.definition.containerId | string | |
| spec.definition.description | string | |
| spec.definition.id | string | |
| spec.definition.name | string | |
| spec.definition.scopeParamRequired | boolean | |
| spec.options | object | |
| spec.patchFrom | object | |
| spec.realmRef | string | |
| status | object | |
| status.conditions[] | object | |
| status.conditions[].lastTransitionTime | string | |
| status.conditions[].lastUpdateTime | string | |
| status.conditions[].message | string | |
| status.conditions[].reason | string | |
| status.conditions[].status | string | ✅ |
| status.conditions[].type | string | ✅ |
| status.message | string | |
| status.ready | boolean | ✅ |
| status.resourcePath | string | |
| status.status | string |
spec
Type: object
| Property | Type | Required |
|---|---|---|
| clientRef | string | |
| definition | object | ✅ |
| options | object | |
| patchFrom | object | |
| realmRef | string |
the KeycloakRole resource
spec.clientRef
Type: string
missing
spec.definition
Type: object
| Property | Type | Required |
|---|---|---|
| attributes | object | |
| clientRole | boolean | |
| composite | boolean | |
| composites | object | |
| containerId | string | |
| description | string | |
| id | string | |
| name | string | |
| scopeParamRequired | boolean |
| Validation Rule | Error Message |
|---|---|
| has(self.id) == has(oldSelf.id) | Value is immutable |
missing
spec.definition.attributes
Type: object
missing
spec.definition.clientRole
Type: boolean
missing
spec.definition.composite
Type: boolean
missing
spec.definition.composites
Type: object
| Property | Type | Required |
|---|---|---|
| application | object | |
| client | object | |
| realm[] | string |
missing
spec.definition.composites.application
Type: object
missing
spec.definition.composites.client
Type: object
missing
spec.definition.composites.realm[]
Type: string
missing
spec.definition.containerId
Type: string
missing
spec.definition.description
Type: string
missing
spec.definition.id
Type: string
| Validation Rule | Error Message |
|---|---|
| self == oldSelf | Value is immutable |
missing
spec.definition.name
Type: string
missing
spec.definition.scopeParamRequired
Type: boolean
missing
spec.options
Type: object
Options for the request to the Keycloak Admin API.
spec.patchFrom
Type: object
Defines additional values that can be loaded from secrets or configmaps. Field selectors are not supported. For more informations see the patches documentation.
spec.realmRef
Type: string
missing
status
Type: object
| Property | Type | Required |
|---|---|---|
| conditions[] | object | |
| message | string | |
| ready | boolean | ✅ |
| resourcePath | string | |
| status | string |
missing
status.conditions[]
Type: object
| Property | Type | Required |
|---|---|---|
| lastTransitionTime | string | |
| lastUpdateTime | string | |
| message | string | |
| reason | string | |
| status | string | ✅ |
| type | string | ✅ |
missing
status.conditions[].lastTransitionTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].lastUpdateTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].message
Type: string
missing
status.conditions[].reason
Type: string
missing
status.conditions[].status
Type: string
missing
status.conditions[].type
Type: string
missing
status.message
Type: string
missing
status.ready
Type: boolean
missing
status.resourcePath
Type: string
missing
status.status
Type: string
missing
KeycloakScope
v1
resource to define a Scope within a KeyclaokClient
spec
Type: object
| Property | Type | Required |
|---|---|---|
| clientRef | string | ✅ |
| definition | object | ✅ |
| options | object | |
| patchFrom | object |
the KeycloakScope resource
spec.clientRef
Type: string
the name of the kubernetes object that created the client.
spec.definition
Type: object
| Property | Type | Required |
|---|---|---|
| displayName | string | |
| iconUri | string | |
| id | string | |
| name | string | |
| policies[] | object | |
| resources[] | object |
| Validation Rule | Error Message |
|---|---|
| has(self.id) == has(oldSelf.id) | Value is immutable |
missing
spec.definition.displayName
Type: string
missing
spec.definition.iconUri
Type: string
missing
spec.definition.id
Type: string
| Validation Rule | Error Message |
|---|---|
| self == oldSelf | Value is immutable |
missing
spec.definition.name
Type: string
missing
spec.definition.policies[]
Type: object
| Property | Type | Required |
|---|---|---|
| config | object | |
| decisionStrategy | string | |
| description | string | |
| id | string | |
| logic | string | |
| name | string | |
| owner | string | |
| policies[] | string | |
| resources[] | string | |
| resourcesData[] | object | |
| scopes[] | string | |
| type | string |
missing
spec.definition.policies[].config
Type: object
missing
spec.definition.policies[].decisionStrategy
Type: string
missing
spec.definition.policies[].description
Type: string
missing
spec.definition.policies[].id
Type: string
missing
spec.definition.policies[].logic
Type: string
missing
spec.definition.policies[].name
Type: string
missing
spec.definition.policies[].owner
Type: string
missing
spec.definition.policies[].policies[]
Type: string
missing
spec.definition.policies[].resources[]
Type: string
missing
spec.definition.policies[].resourcesData[]
Type: object
| Property | Type | Required |
|---|---|---|
| _id | string | |
| attributes | object | |
| displayName | string | |
| icon_uri | string | |
| name | string | |
| owner | object | |
| ownerManagedAccess | boolean | |
| type | string | |
| uri | string | |
| uris[] | string |
missing
spec.definition.policies[].resourcesData[]._id
Type: string
missing
spec.definition.policies[].resourcesData[].attributes
Type: object
missing
spec.definition.policies[].resourcesData[].displayName
Type: string
missing
spec.definition.policies[].resourcesData[].icon_uri
Type: string
missing
spec.definition.policies[].resourcesData[].name
Type: string
missing
spec.definition.policies[].resourcesData[].owner
Type: object
missing
spec.definition.policies[].resourcesData[].owner.id
Type: string
missing
spec.definition.policies[].resourcesData[].owner.name
Type: string
missing
spec.definition.policies[].resourcesData[].ownerManagedAccess
Type: boolean
missing
spec.definition.policies[].resourcesData[].type
Type: string
missing
spec.definition.policies[].resourcesData[].uri
Type: string
missing
spec.definition.policies[].resourcesData[].uris[]
Type: string
missing
spec.definition.policies[].scopes[]
Type: string
missing
spec.definition.policies[].type
Type: string
missing
spec.definition.resources[]
Type: object
| Property | Type | Required |
|---|---|---|
| _id | string | |
| attributes | object | |
| displayName | string | |
| icon_uri | string | |
| name | string | |
| owner | object | |
| ownerManagedAccess | boolean | |
| type | string | |
| uri | string | |
| uris[] | string |
missing
spec.definition.resources[]._id
Type: string
missing
spec.definition.resources[].attributes
Type: object
missing
spec.definition.resources[].displayName
Type: string
missing
spec.definition.resources[].icon_uri
Type: string
missing
spec.definition.resources[].name
Type: string
missing
spec.definition.resources[].owner
Type: object
missing
spec.definition.resources[].owner.id
Type: string
missing
spec.definition.resources[].owner.name
Type: string
missing
spec.definition.resources[].ownerManagedAccess
Type: boolean
missing
spec.definition.resources[].type
Type: string
missing
spec.definition.resources[].uri
Type: string
missing
spec.definition.resources[].uris[]
Type: string
missing
spec.options
Type: object
Options for the request to the Keycloak Admin API.
spec.patchFrom
Type: object
Defines additional values that can be loaded from secrets or configmaps. Field selectors are not supported. For more informations see the patches documentation.
status
Type: object
| Property | Type | Required |
|---|---|---|
| conditions[] | object | |
| message | string | |
| ready | boolean | ✅ |
| resourcePath | string | |
| status | string |
missing
status.conditions[]
Type: object
| Property | Type | Required |
|---|---|---|
| lastTransitionTime | string | |
| lastUpdateTime | string | |
| message | string | |
| reason | string | |
| status | string | ✅ |
| type | string | ✅ |
missing
status.conditions[].lastTransitionTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].lastUpdateTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].message
Type: string
missing
status.conditions[].reason
Type: string
missing
status.conditions[].status
Type: string
missing
status.conditions[].type
Type: string
missing
status.message
Type: string
missing
status.ready
Type: boolean
missing
status.resourcePath
Type: string
missing
status.status
Type: string
missing
KeycloakUser
v1
resource to define a User within a KeyclaokRealm
spec
Type: object
| Property | Type | Required |
|---|---|---|
| definition | object | ✅ |
| options | object | |
| patchFrom | object | |
| realmRef | string | ✅ |
| userSecret | object |
the KeycloakUser resource
spec.definition
Type: object
| Property | Type | Required |
|---|---|---|
| access | object | |
| applicationRoles | object | |
| attributes | object | |
| clientConsents[] | object | |
| clientRoles | object | |
| createdTimestamp | integer | |
| credentials[] | object | |
| disableableCredentialTypes[] | string | |
| string | ||
| emailVerified | boolean | |
| enabled | boolean | |
| federatedIdentities[] | object | |
| federationLink | string | |
| firstName | string | |
| groups[] | string | |
| id | string | |
| lastName | string | |
| notBefore | integer | |
| origin | string | |
| realmRoles[] | string | |
| requiredActions[] | string | |
| self | string | |
| serviceAccountClientId | string | |
| socialLinks[] | object | |
| totp | boolean | |
| userProfileMetadata | object | |
| username | string |
| Validation Rule | Error Message |
|---|---|
| has(self.id) == has(oldSelf.id) | Value is immutable |
missing
spec.definition.access
Type: object
missing
spec.definition.applicationRoles
Type: object
missing
spec.definition.attributes
Type: object
missing
spec.definition.clientConsents[]
Type: object
| Property | Type | Required |
|---|---|---|
| clientId | string | |
| createdDate | integer | |
| grantedClientScopes[] | string | |
| grantedRealmRoles[] | string | |
| lastUpdatedDate | integer |
missing
spec.definition.clientConsents[].clientId
Type: string
missing
spec.definition.clientConsents[].createdDate
Type: integer
missing
spec.definition.clientConsents[].grantedClientScopes[]
Type: string
missing
spec.definition.clientConsents[].grantedRealmRoles[]
Type: string
missing
spec.definition.clientConsents[].lastUpdatedDate
Type: integer
missing
spec.definition.clientRoles
Type: object
missing
spec.definition.createdTimestamp
Type: integer
missing
spec.definition.credentials[]
Type: object
| Property | Type | Required |
|---|---|---|
| algorithm | string | |
| config | object | |
| counter | integer | |
| createdDate | integer | |
| credentialData | string | |
| device | string | |
| digits | integer | |
| hashIterations | integer | |
| hashedSaltedValue | string | |
| id | string | |
| period | integer | |
| priority | integer | |
| salt | string | |
| secretData | string | |
| temporary | boolean | |
| type | string | |
| userLabel | string | |
| value | string |
missing
spec.definition.credentials[].algorithm
Type: string
missing
spec.definition.credentials[].config
Type: object
missing
spec.definition.credentials[].counter
Type: integer
missing
spec.definition.credentials[].createdDate
Type: integer
missing
spec.definition.credentials[].credentialData
Type: string
missing
spec.definition.credentials[].device
Type: string
missing
spec.definition.credentials[].digits
Type: integer
missing
spec.definition.credentials[].hashIterations
Type: integer
missing
spec.definition.credentials[].hashedSaltedValue
Type: string
missing
spec.definition.credentials[].id
Type: string
missing
spec.definition.credentials[].period
Type: integer
missing
spec.definition.credentials[].priority
Type: integer
missing
spec.definition.credentials[].salt
Type: string
missing
spec.definition.credentials[].secretData
Type: string
missing
spec.definition.credentials[].temporary
Type: boolean
missing
spec.definition.credentials[].type
Type: string
missing
spec.definition.credentials[].userLabel
Type: string
missing
spec.definition.credentials[].value
Type: string
missing
spec.definition.disableableCredentialTypes[]
Type: string
missing
spec.definition.email
Type: string
missing
spec.definition.emailVerified
Type: boolean
missing
spec.definition.enabled
Type: boolean
missing
spec.definition.federatedIdentities[]
Type: object
| Property | Type | Required |
|---|---|---|
| identityProvider | string | |
| userId | string | |
| userName | string |
missing
spec.definition.federatedIdentities[].identityProvider
Type: string
missing
spec.definition.federatedIdentities[].userId
Type: string
missing
spec.definition.federatedIdentities[].userName
Type: string
missing
spec.definition.federationLink
Type: string
missing
spec.definition.firstName
Type: string
missing
spec.definition.groups[]
Type: string
missing
spec.definition.id
Type: string
| Validation Rule | Error Message |
|---|---|
| self == oldSelf | Value is immutable |
missing
spec.definition.lastName
Type: string
missing
spec.definition.notBefore
Type: integer
missing
spec.definition.origin
Type: string
missing
spec.definition.realmRoles[]
Type: string
missing
spec.definition.requiredActions[]
Type: string
missing
spec.definition.self
Type: string
missing
spec.definition.serviceAccountClientId
Type: string
missing
spec.definition.socialLinks[]
Type: object
| Property | Type | Required |
|---|---|---|
| socialProvider | string | |
| socialUserId | string | |
| socialUsername | string |
missing
spec.definition.socialLinks[].socialProvider
Type: string
missing
spec.definition.socialLinks[].socialUserId
Type: string
missing
spec.definition.socialLinks[].socialUsername
Type: string
missing
spec.definition.totp
Type: boolean
missing
spec.definition.userProfileMetadata
Type: object
| Property | Type | Required |
|---|---|---|
| attributes[] | object | |
| groups[] | object |
missing
spec.definition.userProfileMetadata.attributes[]
Type: object
| Property | Type | Required |
|---|---|---|
| annotations | object | |
| displayName | string | |
| group | string | |
| multivalued | boolean | |
| name | string | |
| readOnly | boolean | |
| required | boolean | |
| validators | object |
missing
spec.definition.userProfileMetadata.attributes[].annotations
Type: object
missing
spec.definition.userProfileMetadata.attributes[].displayName
Type: string
missing
spec.definition.userProfileMetadata.attributes[].group
Type: string
missing
spec.definition.userProfileMetadata.attributes[].multivalued
Type: boolean
missing
spec.definition.userProfileMetadata.attributes[].name
Type: string
missing
spec.definition.userProfileMetadata.attributes[].readOnly
Type: boolean
missing
spec.definition.userProfileMetadata.attributes[].required
Type: boolean
missing
spec.definition.userProfileMetadata.attributes[].validators
Type: object
missing
spec.definition.userProfileMetadata.groups[]
Type: object
| Property | Type | Required |
|---|---|---|
| annotations | object | |
| displayDescription | string | |
| displayHeader | string | |
| name | string |
missing
spec.definition.userProfileMetadata.groups[].annotations
Type: object
missing
spec.definition.userProfileMetadata.groups[].displayDescription
Type: string
missing
spec.definition.userProfileMetadata.groups[].displayHeader
Type: string
missing
spec.definition.userProfileMetadata.groups[].name
Type: string
missing
spec.definition.username
Type: string
missing
spec.options
Type: object
Options for the request to the Keycloak Admin API.
spec.patchFrom
Type: object
Defines additional values that can be loaded from secrets or configmaps. Field selectors are not supported. For more informations see the patches documentation.
spec.realmRef
Type: string
the name of the kubernetes object that created the realm.
spec.userSecret
Type: object
| Property | Type | Required |
|---|---|---|
| passwordKey | string | |
| secretName | string | ✅ |
| usernameKey | string |
missing
spec.userSecret.passwordKey
Type: string
missing
spec.userSecret.secretName
Type: string
missing
spec.userSecret.usernameKey
Type: string
missing
status
Type: object
| Property | Type | Required |
|---|---|---|
| conditions[] | object | |
| message | string | |
| ready | boolean | ✅ |
| resourcePath | string | |
| status | string |
missing
status.conditions[]
Type: object
| Property | Type | Required |
|---|---|---|
| lastTransitionTime | string | |
| lastUpdateTime | string | |
| message | string | |
| reason | string | |
| status | string | ✅ |
| type | string | ✅ |
missing
status.conditions[].lastTransitionTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].lastUpdateTime
Type: string
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
status.conditions[].message
Type: string
missing
status.conditions[].reason
Type: string
missing
status.conditions[].status
Type: string
missing
status.conditions[].type
Type: string
missing
status.message
Type: string
missing
status.ready
Type: boolean
missing
status.resourcePath
Type: string
missing
status.status
Type: string
missing
Architecture
