Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Scopes to Keycloak Client Authorizations #41

Closed
dougkirkley opened this issue Apr 8, 2024 · 1 comment · Fixed by #42
Closed

Add Scopes to Keycloak Client Authorizations #41

dougkirkley opened this issue Apr 8, 2024 · 1 comment · Fixed by #42

Comments

@dougkirkley
Copy link
Contributor

Is your feature request related to a problem? Please describe.
When using the new Authorization field for KeycloakClient (Thanks for adding that feature), if the permission is scoped based, then the scope needs to exist in the Authorization Scopes for the Client.

Describe the solution you'd like
Add a Scopes field to the KeycloakClient Authorization spec

Describe alternatives you've considered
Manually adding the authorization scope e.g "token-exchange" allows the KeycloakClient to reconcile properly

Additional context
I am working on a branch for this now, but I'm currently stuck at the mock pieces because make mocks is hitting a nil pointer. If you could possibly point into the right direction of which piece I could have missed, I would love to get this PR in for your team.
@zmotso
Copy link
Contributor

zmotso commented Apr 8, 2024

@dougkirkley You can open a draft pull request. I will check why the mocks aren't working.

@dougkirkley dougkirkley mentioned this issue Apr 8, 2024
Merged
10 tasks
dougkirkley pushed a commit to dougkirkley/edp-keycloak-operator that referenced this issue Apr 11, 2024
feat: Add Scopes to KeycloakClient Authorization spec (epam#41)
55a59ec
@SergK SergK closed this as completed in #42 Apr 11, 2024
SergK pushed a commit that referenced this issue Apr 11, 2024
@SergK
feat: Add Scopes to KeycloakClient Authorization spec (#41)
3303722
erikdvlp added a commit to PilotDataPlatform/edp-keycloak-operator that referenced this issue Jun 11, 2024
@erikdvlp @zmotso
@SergK @MykolaMarusenko @Oleksandr123234 @regiontog @alexandear @dependabot @Bengreen
PILOT-5301 Update to upstream 1.21.0 (#5)
8b2f1c3 
* feat: Enable secret support in KeycloakRealmIdentityProvider resource (epam#20)

Change-Id: Ib61e3cc1ff6e27566d5e6d8f5e7e71e784014fea

* fix: KeycloakRealmIdentityProvider config secret reference is replaced by the plain secret (epam#20)

Change-Id: I85f0715b699a7a9d2f0cd388dbe57b33dabe2007

* test: Add e2e for KeycloakRealmIdentityProvider using secret (epam#20)

Signed-off-by: Sergiy Kulanov <[email protected]>
Change-Id: I63ce8386cfdd00d4065fd34238ac54931c142087

* feat: Add annotation for preserving resources deletion (epam#18)

Added 'edp.epam.com/preserve-resources-on-deletion: true' annotation processing to prevent the operator from deleting resources from keycloak.

Change-Id: I0301c611b7e2de8388363297720650340c891c15

* feat: Enable secret reference support in KeycloakClient resource (epam#21)

Change-Id: I35ff2b0d20e624c5bb6d38deacfd68609efec56e

* chore: Update GH actions and release pipeline (epam#23)

Signed-off-by: Sergiy Kulanov <[email protected]>
Change-Id: Ib000433f61da9df3b297006e90a9d2a3bee873b1

* test: Create client without specifying client secret (epam#21)

We expect that the secret will be created by operator in
default format:
   keycloak-client-keycloakclient-nosecret-secret:clientSecret

Signed-off-by: Sergiy Kulanov <[email protected]>
Change-Id: I20481c36b83e741bf319490196a95a91879f5b14

* chore: Generate bundle for OperatorHub v1.19.0 (epam#23)

Signed-off-by: Sergiy Kulanov <[email protected]>
Change-Id: Ife12693d3131c297f5453434b25cfa06c848da70

* chore: Update current development version (epam#23)

Change-Id: I6529b81ec407248391c2d243678307f3619f1263

* chore: Add printcolumn status for all custom resources (epam#23)

Signed-off-by: Sergiy Kulanov <[email protected]>
Change-Id: Ia0ea7fe9c5333e57f4f9f19289778b143a45fafc

* fix: The default realm role is no longer works (epam#22)

Starting from keycloak 13.0, to make the realm role default, we need to add it to a composite role named default-roles-<realmName>.
More details: https://www.keycloak.org/docs/22.0.5/release_notes/#default-roles-processing-improvement

Change-Id: I0811be86ab1f5cf30e6cbf0e3692b46da604fbf9

* feat: Add missing fields to KeycloakClient (epam#24)

Change-Id: I0cf5aefeea100f0c504b0b9258ea8b947cb74b52

* chore: Update current development version (epam#27)

Change-Id: I4cf4bd6c1a239faacb60e529b18822c9626b81f2

* chore: Generate OperatorHub bundle for the version 1.20.0 (epam#27)

Signed-off-by: Sergiy Kulanov <[email protected]>
Change-Id: I797aa4cf27a47807a49bed6b3dc74d2288446b18

* docs: Update README md file (#132)

Change-Id: If140772f1f3cb3e12c8fc610ece8605646b72976

* feat: Allow secret references in KeycloakRealmComponent (epam#30)

Allow the config property of KeycloakRealmComponent to have references to secret values on the $secretName:secretValue format

* test: Add integration tests for KeycloakRealm (epam#31)

Change-Id: I900237a73cf475f175f6a1ef32fb8766d87e60c0

* feat: Enable review for pull requests (epam#32)

Jira: EPMDEDP-13281

Related: epam#32
Change-Id: Idcd30bae279aba2c395e064d891fbc6144f9495e

* chore: Implement cache in github workflow (epam#34)

Related epam#34

Change-Id: Ifeac480eb6e7f6db3476395b17c0e0c6cd39250e

* chore: Remove explicit caching in workflows (epam#34)

* chore: Add ClusterRoleBinding for operatorHub(epam#37)

Jira: EPMDEDP-13399

Related: epam#37
Change-Id: Iafe2de09c59e440c4bbfcdd21dd0ceaf524985b5

* chore: Update operator bundle (epam#37)

Change-Id: I1e2e458fcb0050785c87cdecdaf436451e549112

* chore: Bump google.golang.org/protobuf from 1.28.1 to 1.33.0 (epam#39)

Change-Id: I8df06386377ca229569a2443819da0da69d2c995

* feat: Allow creating Authorization Policies for a Client (epam#28)

Change-Id: I7ca281ac73fbc1a6977ce0a87f0ef1f91b065a59

* feat: Allow creating Authorization Permissions for a Client (epam#28)

Change-Id: I7df5a4f0fa7bb83313bf90cdd9790d73904935ec

* fix: Remove from code coverage mock files (epam#28)

Change-Id: Iba7aef8aa798eb814087ebeffac83b8803ce5323

* feat: Add custom certificate support (epam#36)

Added two options to work with certificates
for Keycloak/ClusterKeycloak CR:
- caCert property with a certificate
- insecureSkipVerify property to not check certificates

Change-Id: I275666e98a3705b16e2727c622a79fc4a520d852

* feat: Add ability to configure Realm token Settings (epam#38)

Change-Id: I09dbc7267b7e713da4d48f67a8d3032a7f8af1f9

* feat: Add Scopes to KeycloakClient Authorization spec (epam#41)

* feat: Full reconciliation of KeycloakRealmUser  (epam#45)

- Added possibility to update user by updating KeycloakRealmUser
- KeepResource set to true by default.
  It makes no sense to remove KeycloakRealmUser CR after processing.

Change-Id: Ieb4f1c864282384199a7eede18b4262045b97413

* test: Add integration tests for KeycloakAuthFlow (epam#31)

Change-Id: Ia4fb937d5bc88e9a44865bd32ddb1759fee0a1cd

* test: Add integration tests for KeycloakRealmUser (epam#31)

Change-Id: Ia63c79d437d83fe0acd285282acbbb14752a12cd

* feat: Remove SSORealm functionality from KeycloakRealm (epam#47)

Change-Id: Ic442cd8fa3572e60139a814d063b875ff4a9ff64

* feat: Add support for composite client role (epam#44)

- Added the possibility of assigning client roles to the composite role.
- Added complete reconciliation of composite roles.
  Now, if a role is removed from the composite in CR,
  the related role will be removed from the keycloak role.

Change-Id: Ida8cb35a601173013335f4cc1e82062e924b1807

* chore: Migrate from gerrit to github pipelines (epam#49)

* chore(deps): Bump golang.org/x/net from 0.17.0 to 0.23.0

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0.
- [Commits](golang/net@v0.17.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

* test: Add integration tests for KeycloakClientScope (epam#31)

* chore: Add CODEOWNERS (epam#49)

Fix build pipeline

Signed-off-by: Sergiy Kulanov <[email protected]>

* feat: Add imagePullSecrets to enable private repository

* chore: Bump to Go 1.22 (epam#57)

* chore: Update current development version (epam#59)

* chore: Generate OperatorHub bundle for v1.21.0 (epam#59)

Signed-off-by: Sergiy Kulanov <[email protected]>

* Formatting

* Replace .github directory

* Fix unit tests

* Delete CODEOWNERS

---------

Signed-off-by: Sergiy Kulanov <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Zorian Motso <[email protected]>
Co-authored-by: Sergiy Kulanov <[email protected]>
Co-authored-by: Mykola Marusenko <[email protected]>
Co-authored-by: Oleksandr_Stepanov <[email protected]>
Co-authored-by: Erlend Tobiassen <[email protected]>
Co-authored-by: oleksandr_taruraiev <[email protected]>
Co-authored-by: Mykola Serdiuk <[email protected]>
Co-authored-by: Oleksandr Redko <[email protected]>
Co-authored-by: Douglass Kirkley <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ben Greene <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Add Scopes to KeycloakClient Authorization spec (#41) dougkirkley/edp-keycloak-operator
2 participants
@zmotso @dougkirkley