Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions api/v1/keycloakclient_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,15 @@ type KeycloakClientSpec struct {
// +optional
WebUrl string `json:"webUrl,omitempty"`

// AdminUrl is client admin url.
// If empty - WebUrl will be used.
// +optional
AdminUrl string `json:"adminUrl,omitempty"`

// HomeUrl is a client home url.
// +optional
HomeUrl string `json:"homeUrl,omitempty"`

// Protocol is a client protocol.
// +nullable
// +optional
Expand Down
5 changes: 5 additions & 0 deletions config/crd/bases/v1.edp.epam.com_keycloakclients.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,9 @@ spec:
spec:
description: KeycloakClientSpec defines the desired state of KeycloakClient.
properties:
adminUrl:
description: AdminUrl
type: string
advancedProtocolMappers:
description: AdvancedProtocolMappers is a flag to enable advanced
protocol mappers.
Expand Down Expand Up @@ -436,6 +439,8 @@ spec:
default: true
description: FullScopeAllowed is a flag to enable full scope.
type: boolean
homeUrl:
type: string
implicitFlowEnabled:
description: ImplicitFlowEnabled is a flag to enable support for OpenID
Connect redirect based authentication without authorization code.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,11 @@ var _ = Describe("KeycloakClient controller", Ordered, func() {
Name: KeycloakRealmCR,
Kind: keycloakApi.KeycloakRealmKind,
},
Secret: secretref.GenerateSecretRef(clientSecret.Name, "secretKey"),
Public: true,
WebUrl: "https://test-keycloak-client-with-secret-ref",
Secret: secretref.GenerateSecretRef(clientSecret.Name, "secretKey"),
Public: true,
WebUrl: "https://test-keycloak-client-with-secret-ref",
AdminUrl: "https://test-keycloak-client-admin",
HomeUrl: "/home/",
Attributes: map[string]string{
"post.logout.redirect.uris": "+",
},
Expand Down
2 changes: 2 additions & 0 deletions deploy-templates/_crd_examples/keycloakclient.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ spec:
public: false
secret: $client-secret-name:client-secret-key
webUrl: https://argocd.example.com
adminUrl: https://admin.example.com
homeUrl: /home/
defaultClientScopes:
- groups
redirectUris:
Expand Down
5 changes: 5 additions & 0 deletions deploy-templates/crds/v1.edp.epam.com_keycloakclients.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,9 @@ spec:
spec:
description: KeycloakClientSpec defines the desired state of KeycloakClient.
properties:
adminUrl:
description: AdminUrl
type: string
advancedProtocolMappers:
description: AdvancedProtocolMappers is a flag to enable advanced
protocol mappers.
Expand Down Expand Up @@ -436,6 +439,8 @@ spec:
default: true
description: FullScopeAllowed is a flag to enable full scope.
type: boolean
homeUrl:
type: string
implicitFlowEnabled:
description: ImplicitFlowEnabled is a flag to enable support for OpenID
Connect redirect based authentication without authorization code.
Expand Down
14 changes: 14 additions & 0 deletions docs/api.md
Original file line number Diff line number Diff line change
Expand Up @@ -1524,6 +1524,13 @@ KeycloakClientSpec defines the desired state of KeycloakClient.
ClientId is a unique keycloak client ID referenced in URI and tokens.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>adminUrl</b></td>
<td>string</td>
<td>
AdminUrl<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>advancedProtocolMappers</b></td>
<td>boolean</td>
Expand Down Expand Up @@ -1630,6 +1637,13 @@ KeycloakClientSpec defines the desired state of KeycloakClient.
<i>Default</i>: true<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>homeUrl</b></td>
<td>string</td>
<td>
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b>implicitFlowEnabled</b></td>
<td>boolean</td>
Expand Down
10 changes: 8 additions & 2 deletions pkg/client/keycloak/adapter/gocloak_adapter.go
Original file line number Diff line number Diff line change
Expand Up @@ -504,10 +504,8 @@ func getGclCln(client *dto.Client) gocloak.Client {
protocolMappers := getProtocolMappers(client.AdvancedProtocolMappers)

cl := gocloak.Client{
AdminURL: &client.WebUrl,
Attributes: &client.Attributes,
AuthorizationServicesEnabled: &client.AuthorizationServicesEnabled,
BaseURL: &client.BaseUrl,
BearerOnly: &client.BearerOnly,
ClientAuthenticatorType: &client.ClientAuthenticatorType,
ClientID: &client.ClientId,
Expand All @@ -528,13 +526,21 @@ func getGclCln(client *dto.Client) gocloak.Client {
},
RegistrationAccessToken: &client.RegistrationAccessToken,
RootURL: &client.WebUrl,
AdminURL: &client.AdminUrl,
BaseURL: &client.HomeUrl,
Secret: &client.ClientSecret,
ServiceAccountsEnabled: &client.ServiceAccountEnabled,
StandardFlowEnabled: &client.StandardFlowEnabled,
SurrogateAuthRequired: &client.SurrogateAuthRequired,
WebOrigins: &client.WebOrigins,
}

// Set the admin URL to the web URL for backwards compatibility.
// Before adding the admin URL field, the admin URL was the same as the web URL.
if client.AdminUrl == "" {
cl.AdminURL = &client.WebUrl
}

if len(client.RedirectUris) > 0 {
cl.RedirectURIs = &client.RedirectUris
}
Expand Down
4 changes: 4 additions & 0 deletions pkg/client/keycloak/dto/keycloak_dto.go
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,8 @@ type Client struct {
PublicClient bool
DirectAccess bool
WebUrl string
AdminUrl string
HomeUrl string
Protocol string
Attributes map[string]string
AdvancedProtocolMappers bool
Expand Down Expand Up @@ -122,6 +124,8 @@ func ConvertSpecToClient(spec *keycloakApi.KeycloakClientSpec, clientSecret, rea
PublicClient: spec.Public,
DirectAccess: spec.DirectAccess,
WebUrl: spec.WebUrl,
AdminUrl: spec.AdminUrl,
HomeUrl: spec.HomeUrl,
Protocol: getValueOrDefault(spec.Protocol),
Attributes: spec.Attributes,
AdvancedProtocolMappers: spec.AdvancedProtocolMappers,
Expand Down
Loading