Enable secret support in KeycloakRealmIdentityProvider resource #20
Assignees
Labels
enhancement
New feature or request
Comments
epmd-edp
pushed a commit
that referenced
this issue
Nov 6, 2023
…#20) Change-Id: Ib61e3cc1ff6e27566d5e6d8f5e7e71e784014fea
epmd-edp
pushed a commit
that referenced
this issue
Nov 7, 2023
…d by the plain secret (#20) Change-Id: I85f0715b699a7a9d2f0cd388dbe57b33dabe2007
epmd-edp
pushed a commit
that referenced
this issue
Nov 7, 2023
Signed-off-by: Sergiy Kulanov <sergiy_kulanov@epam.com> Change-Id: I63ce8386cfdd00d4065fd34238ac54931c142087
|
Added secret reference in format: apiVersion: v1.edp.epam.com/v1
kind: KeycloakRealmIdentityProvider
metadata:
name: keycloakrealmidentityprovider-sample
spec:
realmRef:
kind: KeycloakRealm
name: realm
alias: instagram
firstBrokerLoginFlowAlias: "first broker login"
providerId: "instagram"
config:
clientId: "foo"
clientSecret: "$secretName:secretKey" |
erikdvlp
added a commit
to PilotDataPlatform/edp-keycloak-operator
that referenced
this issue
Jun 11, 2024
* feat: Enable secret support in KeycloakRealmIdentityProvider resource (epam#20) Change-Id: Ib61e3cc1ff6e27566d5e6d8f5e7e71e784014fea * fix: KeycloakRealmIdentityProvider config secret reference is replaced by the plain secret (epam#20) Change-Id: I85f0715b699a7a9d2f0cd388dbe57b33dabe2007 * test: Add e2e for KeycloakRealmIdentityProvider using secret (epam#20) Signed-off-by: Sergiy Kulanov <sergiy_kulanov@epam.com> Change-Id: I63ce8386cfdd00d4065fd34238ac54931c142087 * feat: Add annotation for preserving resources deletion (epam#18) Added 'edp.epam.com/preserve-resources-on-deletion: true' annotation processing to prevent the operator from deleting resources from keycloak. Change-Id: I0301c611b7e2de8388363297720650340c891c15 * feat: Enable secret reference support in KeycloakClient resource (epam#21) Change-Id: I35ff2b0d20e624c5bb6d38deacfd68609efec56e * chore: Update GH actions and release pipeline (epam#23) Signed-off-by: Sergiy Kulanov <sergiy_kulanov@epam.com> Change-Id: Ib000433f61da9df3b297006e90a9d2a3bee873b1 * test: Create client without specifying client secret (epam#21) We expect that the secret will be created by operator in default format: keycloak-client-keycloakclient-nosecret-secret:clientSecret Signed-off-by: Sergiy Kulanov <sergiy_kulanov@epam.com> Change-Id: I20481c36b83e741bf319490196a95a91879f5b14 * chore: Generate bundle for OperatorHub v1.19.0 (epam#23) Signed-off-by: Sergiy Kulanov <sergiy_kulanov@epam.com> Change-Id: Ife12693d3131c297f5453434b25cfa06c848da70 * chore: Update current development version (epam#23) Change-Id: I6529b81ec407248391c2d243678307f3619f1263 * chore: Add printcolumn status for all custom resources (epam#23) Signed-off-by: Sergiy Kulanov <sergiy_kulanov@epam.com> Change-Id: Ia0ea7fe9c5333e57f4f9f19289778b143a45fafc * fix: The default realm role is no longer works (epam#22) Starting from keycloak 13.0, to make the realm role default, we need to add it to a composite role named default-roles-<realmName>. More details: https://www.keycloak.org/docs/22.0.5/release_notes/#default-roles-processing-improvement Change-Id: I0811be86ab1f5cf30e6cbf0e3692b46da604fbf9 * feat: Add missing fields to KeycloakClient (epam#24) Change-Id: I0cf5aefeea100f0c504b0b9258ea8b947cb74b52 * chore: Update current development version (epam#27) Change-Id: I4cf4bd6c1a239faacb60e529b18822c9626b81f2 * chore: Generate OperatorHub bundle for the version 1.20.0 (epam#27) Signed-off-by: Sergiy Kulanov <sergiy_kulanov@epam.com> Change-Id: I797aa4cf27a47807a49bed6b3dc74d2288446b18 * docs: Update README md file (#132) Change-Id: If140772f1f3cb3e12c8fc610ece8605646b72976 * feat: Allow secret references in KeycloakRealmComponent (epam#30) Allow the config property of KeycloakRealmComponent to have references to secret values on the $secretName:secretValue format * test: Add integration tests for KeycloakRealm (epam#31) Change-Id: I900237a73cf475f175f6a1ef32fb8766d87e60c0 * feat: Enable review for pull requests (epam#32) Jira: EPMDEDP-13281 Related: epam#32 Change-Id: Idcd30bae279aba2c395e064d891fbc6144f9495e * chore: Implement cache in github workflow (epam#34) Related epam#34 Change-Id: Ifeac480eb6e7f6db3476395b17c0e0c6cd39250e * chore: Remove explicit caching in workflows (epam#34) * chore: Add ClusterRoleBinding for operatorHub(epam#37) Jira: EPMDEDP-13399 Related: epam#37 Change-Id: Iafe2de09c59e440c4bbfcdd21dd0ceaf524985b5 * chore: Update operator bundle (epam#37) Change-Id: I1e2e458fcb0050785c87cdecdaf436451e549112 * chore: Bump google.golang.org/protobuf from 1.28.1 to 1.33.0 (epam#39) Change-Id: I8df06386377ca229569a2443819da0da69d2c995 * feat: Allow creating Authorization Policies for a Client (epam#28) Change-Id: I7ca281ac73fbc1a6977ce0a87f0ef1f91b065a59 * feat: Allow creating Authorization Permissions for a Client (epam#28) Change-Id: I7df5a4f0fa7bb83313bf90cdd9790d73904935ec * fix: Remove from code coverage mock files (epam#28) Change-Id: Iba7aef8aa798eb814087ebeffac83b8803ce5323 * feat: Add custom certificate support (epam#36) Added two options to work with certificates for Keycloak/ClusterKeycloak CR: - caCert property with a certificate - insecureSkipVerify property to not check certificates Change-Id: I275666e98a3705b16e2727c622a79fc4a520d852 * feat: Add ability to configure Realm token Settings (epam#38) Change-Id: I09dbc7267b7e713da4d48f67a8d3032a7f8af1f9 * feat: Add Scopes to KeycloakClient Authorization spec (epam#41) * feat: Full reconciliation of KeycloakRealmUser (epam#45) - Added possibility to update user by updating KeycloakRealmUser - KeepResource set to true by default. It makes no sense to remove KeycloakRealmUser CR after processing. Change-Id: Ieb4f1c864282384199a7eede18b4262045b97413 * test: Add integration tests for KeycloakAuthFlow (epam#31) Change-Id: Ia4fb937d5bc88e9a44865bd32ddb1759fee0a1cd * test: Add integration tests for KeycloakRealmUser (epam#31) Change-Id: Ia63c79d437d83fe0acd285282acbbb14752a12cd * feat: Remove SSORealm functionality from KeycloakRealm (epam#47) Change-Id: Ic442cd8fa3572e60139a814d063b875ff4a9ff64 * feat: Add support for composite client role (epam#44) - Added the possibility of assigning client roles to the composite role. - Added complete reconciliation of composite roles. Now, if a role is removed from the composite in CR, the related role will be removed from the keycloak role. Change-Id: Ida8cb35a601173013335f4cc1e82062e924b1807 * chore: Migrate from gerrit to github pipelines (epam#49) * chore(deps): Bump golang.org/x/net from 0.17.0 to 0.23.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0. - [Commits](golang/net@v0.17.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * test: Add integration tests for KeycloakClientScope (epam#31) * chore: Add CODEOWNERS (epam#49) Fix build pipeline Signed-off-by: Sergiy Kulanov <sergiy_kulanov@epam.com> * feat: Add imagePullSecrets to enable private repository * chore: Bump to Go 1.22 (epam#57) * chore: Update current development version (epam#59) * chore: Generate OperatorHub bundle for v1.21.0 (epam#59) Signed-off-by: Sergiy Kulanov <sergiy_kulanov@epam.com> * Formatting * Replace .github directory * Fix unit tests * Delete CODEOWNERS --------- Signed-off-by: Sergiy Kulanov <sergiy_kulanov@epam.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Zorian Motso <zorian_motso@epam.com> Co-authored-by: Sergiy Kulanov <sergiy_kulanov@epam.com> Co-authored-by: Mykola Marusenko <mykola_marusenko@epam.com> Co-authored-by: Oleksandr_Stepanov <Oleksandr_Stepanov@epam.com> Co-authored-by: Erlend Tobiassen <erlend.tobiassen@gmail.com> Co-authored-by: oleksandr_taruraiev <oleksandr_taruraiev@epam.com> Co-authored-by: Mykola Serdiuk <mykola_serdiuk@epam.com> Co-authored-by: Oleksandr Redko <Oleksandr_Redko@epam.com> Co-authored-by: Douglass Kirkley <dkirkley@eitccorp.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ben Greene <BenJGreene@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, we set clientSecret as plain text.
We need to have the possibility to set clientSecret from the Kubernetes secret.
The text was updated successfully, but these errors were encountered: