search

crossplane-contrib / provider-keycloak

Apache License 2.0
14 stars 11 forks source link

Support for setting authenticationFlowBindingOverrides with a computed Id Ref in client.openidclient #120

Open fujin opened 1 week ago

fujin commented 1 week ago

Currently the openidclient spec has a authenticationFlowBindingOverrides []Object field, which has child fields browserId and directGrantID.

λ kubectl explain clients.spec.forProvider.authenticationFlowBindingOverrides
GROUP:      openidclient.keycloak.crossplane.io
KIND:       Client
VERSION:    v1alpha1

FIELD: authenticationFlowBindingOverrides <[]Object>

DESCRIPTION:
    Override realm authentication flow bindings

FIELDS:
  browserId     <string>
    Browser flow id, (flow needs to exist)

  directGrantId <string>
    Direct grant flow id (flow needs to exist)

As we are creating a Flow and (OpenID) Client via crossplane, we would like to set in the OpenID client the authenticationFlowBindingOverrides for browserID, to the Flow we have created.

In pure cdktf we had been access/reference the ID of the Flow resource, while in Crossplane this requires usage of Composition: XRD,XR. I'll attach mine here (momentarily) so you can see them.

What I'd like: authenticationFlowBindingOverrides to be allow "Id ref" type semantics, imagined:

apiVersion: authenticationflow.keycloak.crossplane.io/v1alpha1
kind: Flow
metadata:
  name: browser
spec:
  forProvider:
    alias: browser
    realmIdRef:
      name: internal

in Client:

authenticationFlowBindingOverrides:
- browserIdFlowRef: { name: browser }

Prior art: https://github.com/adorsys/keycloak-config-cli/pull/178

Breee commented 1 week ago

Agree, we need to add something similar to this, to the Client

https://github.com/crossplane-contrib/provider-keycloak/blob/main/config/authentication/config.go#L44

        r.References["browser_flow"] = config.Reference{
            Type:              "github.com/crossplane-contrib/provider-keycloak/apis/authenticationflow/v1alpha1.Flow",
            Extractor:         common.PathAuthenticationFlowAliasExtractor,
            RefFieldName:      "BrowserFlowRef",
            SelectorFieldName: "BrowserFlowSelector",
        }

i'll do that as soon as i have time

Breee commented 1 week ago

can you test out that RC ?

xpkg.upbound.io/crossplane-contrib/provider-keycloak:v0.24.0-rc.1.1.g8291ace

diff https://github.com/crossplane-contrib/provider-keycloak/pull/122/files#diff-9a6e7df1991a726cf3808fb3549d88fcf690a6f0eff8d1f4f96f05b82a2b636b