Breee
commented
3 months ago Greetings, I guess we just need to Set the references correctly in config/ as with other resources.
I can take care of that next week as I am on vacation until sunday
Closed a-finocchiaro closed 2 months ago
Breee
commented
3 months ago Greetings, I guess we just need to Set the references correctly in config/ as with other resources.
I can take care of that next week as I am on vacation until sunday
a-finocchiaro
commented
3 months ago @Breee awesome, thank you very much!
Breee
commented
2 months ago I'm back, sorry for the long waiting time. I'm in the process of preparing moving to a new flat.
Is it correct that a resource_server_id is the ID of an keycloak_openid_client ?
at least that is what they are doing in the example:
resource "keycloak_realm" "realm" {
realm = "my-realm"
enabled = true
}
resource "keycloak_openid_client" "openid_client" {
client_id = "openid_client"
name = "openid_client"
realm_id = keycloak_realm.realm.id
access_type = "CONFIDENTIAL"
service_accounts_enabled = true
}
resource "keycloak_openid_client_permissions" "my_permission" {
realm_id = keycloak_realm.realm.id
client_id = keycloak_openid_client.openid_client.id
}
data "keycloak_openid_client" "realm_management" {
realm_id = "my-realm"
client_id = "realm-management"
}
resource "keycloak_openid_client_client_policy" "token_exchange" {
resource_server_id = data.keycloak_openid_client.realm_management.id
realm_id = keycloak_realm.realm.id
name = "my-policy"
logic = "POSITIVE"
decision_strategy = "UNANIMOUS"
clients = [
keycloak_openid_client.openid_client.id
]
}xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.4.0-rcbuilt by this pipeline
let me know if that works for you, then i'll merge it and release
a-finocchiaro
commented
2 months ago @Breee Just tested those changes on v1.4.0-rc locally and they worked great! Thank you for adding this, it will be super useful for me when I go to roll this all out at work.
Breee
commented
2 months ago I'll make a New Release tomorrow
On Mon, Sep 2, 2024, 22:46 Aaron Finocchiaro @.***> wrote:
@Breee https://github.com/Breee Just tested those changes on v1.4.0-rc locally and they worked great! Thank you for adding this, it will be super useful for me when I go to roll this all out at work.
— Reply to this email directly, view it on GitHub https://github.com/crossplane-contrib/provider-keycloak/issues/151#issuecomment-2325287572, or unsubscribe https://github.com/notifications/unsubscribe-auth/AC3JPMMEMJDP63D4BZFHY4TZUTFBBAVCNFSM6AAAAABMPKO45SVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMRVGI4DONJXGI . You are receiving this because you were mentioned.Message ID: @.***>
On the resources like
ClientRolePolicyresource there is a required field ofresourceServerId, which must be the UUID of the client that this policy is associated to. However, there is no way to lookup the resource ID via a reference since that field only allows a string, so it forces the user to add the UUID of the resource into the Kubernetes manifest.What I think might work would be like
resourceServerIdRefand have it reference another Kubernetes resource, similar to howproviderConfigRefworks where it takes the name of another Kubernetes resource and is able to look the object up. I'm thinking in most cases with this, it would be looking up the UUID of aClientresource, but I could be wrong.Here is an example: