DeepCypher/dc-kc
1
0
Fork 0
mirror of https://gitlab.com/deepcypher/dc-kc.git synced 2026-01-27 11:12:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Added owncloak configuration

Browse Source
This commit is contained in:
GeorgeRaven
2025-08-24 21:53:35 +01:00
parent cdab585b83
commit fa31f0e3d5
10 changed files with 195 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
charts/keycloak-late/templates/clients/builtin-realm-management.yaml
View File

@@ -17,3 +17,23 @@ spec:
- Observe
providerConfigRef:
name: default
---
# THIS IS A BUILT IN KEYCLOAK CLIENT
# THIS IS ONLY HERE TO TRACK / OBSERVE IT
# THIS SHOULD NOT BE USED TO MODIFY THE CLIENT
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: own-deepcypher-realm-management
spec:
deletionPolicy: Orphan
forProvider:
realmIdRef:
name: deepcypher
name: realm-management
clientId: realm-management
description: "Built-in realm management client"
managementPolicies:
- Observe
providerConfigRef:
name: owncloak

14
charts/keycloak-late/templates/groups/george.yaml
View File

@@ -9,3 +9,17 @@ spec:
name: george
attributes:
nextcloud-legacy-id: archer
---
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Group
metadata:
name: own-george
spec:
deletionPolicy: Delete
forProvider:
realmId: deepcypher
name: george
attributes:
nextcloud-legacy-id: archer
providerConfigRef:
name: owncloak

29
charts/keycloak-late/templates/protocol-mappers/client-roles-in-all-tokens.yaml
View File

@@ -26,3 +26,32 @@ spec:
jsonType.label: "String"
providerConfigRef:
name: default
---
# this adds client roles to all tokens under the claim:
# resource_access.<client_id>.roles
apiVersion: client.keycloak.crossplane.io/v1alpha1
kind: ProtocolMapper
metadata:
name: own-client-roles-in-all-tokens
spec:
forProvider:
realmIdRef:
name: deepcypher
clientScopeIdRef:
name: roles-in-all-tokens
name: client-roles-in-all-tokens
protocol: openid-connect
# to find the config keys see:
# https://github.com/keycloak/keycloak/blob/d089e23aef560f9d9ceb96490d68a64aa910b79b/services/src/main/java/org/keycloak/protocol/oidc/mappers/UserClientRoleMappingMapper.java#L39
protocolMapper: oidc-usermodel-client-role-mapper
config:
id.token.claim: "true"
access.token.claim: "true"
userinfo.token.claim: "true"
lightweight.claim: "true"
introspection.token.claim: "true"
multivalued: "true"
claim.name: "resource_access.${client_id}.roles"
jsonType.label: "String"
providerConfigRef:
name: owncloak

23
charts/keycloak-late/templates/protocol-mappers/groups.yaml
View File

@@ -20,3 +20,26 @@ spec:
userinfo.token.claim: "true"
providerConfigRef:
name: default
---
apiVersion: client.keycloak.crossplane.io/v1alpha1
kind: ProtocolMapper
metadata:
name: own-groups
spec:
forProvider:
realmIdRef:
name: deepcypher
clientScopeIdRef:
name: groups
name: groups
protocol: openid-connect
# https://github.com/keycloak/keycloak/blob/cc558b4090eb6707e269d9a581945a6424d0adbc/services/src/main/java/org/keycloak/protocol/oidc/mappers/GroupMembershipMapper.java#L59C47-L59C75
protocolMapper: oidc-group-membership-mapper
config:
# https://github.com/keycloak/keycloak/blob/0aa14c19e11752898935c36ea7df55a0aa72a5aa/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAttributeMapperHelper.java#L52-L79
claim.name: "groups"
id.token.claim: "true"
access.token.claim: "true"
userinfo.token.claim: "true"
providerConfigRef:
name: owncloak

34
charts/keycloak-late/templates/protocol-mappers/nextcloud-legacy-id.yaml
View File

@@ -1,4 +1,3 @@
# see: https://marketplace.upbound.io/providers/crossplane-contrib/provider-keycloak/v1.8.0/resources/client.keycloak.crossplane.io/ProtocolMapper/v1alpha1
# role mapper example
apiVersion: client.keycloak.crossplane.io/v1alpha1
@@ -31,3 +30,36 @@ spec:
jsonType.label: "String"
providerConfigRef:
name: default
---
# see: https://marketplace.upbound.io/providers/crossplane-contrib/provider-keycloak/v1.8.0/resources/client.keycloak.crossplane.io/ProtocolMapper/v1alpha1
# role mapper example
apiVersion: client.keycloak.crossplane.io/v1alpha1
kind: ProtocolMapper
metadata:
name: own-nextcloud-legacy-id
spec:
forProvider:
realmIdRef:
name: deepcypher
#clientId: grafana
clientScopeIdRef:
name: nextcloud-legacy-id
name: nextcloud-legacy-id
protocol: openid-connect
# name comes from https://github.com/keycloak/keycloak/blob/cc558b4090eb6707e269d9a581945a6424d0adbc/services/src/main/java/org/keycloak/protocol/oidc/mappers/UserAttributeMapper.java#L69
protocolMapper: oidc-usermodel-attribute-mapper
config:
# for available options:
# which links to the OIDCAttributeMapperHelper at https://github.com/keycloak/keycloak/blob/cc558b4090eb6707e269d9a581945a6424d0adbc/services/src/main/java/org/keycloak/protocol/oidc/mappers/UserRealmRoleMappingMapper.java#L61
# which then references: https://github.com/keycloak/keycloak/blob/cc558b4090eb6707e269d9a581945a6424d0adbc/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAttributeMapperHelper.java#L57
id.token.claim: "true"
access.token.claim: "true"
userinfo.token.claim: "true"
user.attribute: "nextcloud-legacy-id"
#multivalued: "true"
claim.name: "nextcloud-legacy-id"
jsonType.label: "String"
providerConfigRef:
name: owncloak

12
charts/keycloak-late/templates/roles/admin.yaml
View File

@@ -9,3 +9,15 @@ spec:
description: Administrator for all deepcypher applications.
providerConfigRef:
name: default
---
apiVersion: role.keycloak.crossplane.io/v1alpha1
kind: Role
metadata:
name: own-admin
spec:
forProvider:
realmId: deepcypher
name: admin
description: Administrator for all deepcypher applications.
providerConfigRef:
name: owncloak

23
charts/keycloak-late/templates/roles/builtin-realm-admin.yaml
View File

@@ -1,4 +1,3 @@
# THIS IS A BUILT IN KEYCLOAK ROLE
# THIS IS ONLY HERE TO TRACK / OBSERVE IT
# THIS SHOULD NOT BE USED TO MODIFY THE ROLE
@@ -20,3 +19,25 @@ spec:
- Observe
providerConfigRef:
name: default
---
# THIS IS A BUILT IN KEYCLOAK ROLE
# THIS IS ONLY HERE TO TRACK / OBSERVE IT
# THIS SHOULD NOT BE USED TO MODIFY THE ROLE
apiVersion: role.keycloak.crossplane.io/v1alpha1
kind: Role
metadata:
annotations:
# Here we reference the role by "<realm>/<role_name>"
#crossplane.io/external-name: deepcypher/realm-management/realm-admin
name: own-deepcypher-realm-management-realm-admin
spec:
deletionPolicy: Orphan
forProvider:
realmId: deepcypher
name: realm-admin
clientIdRef:
name: deepcypher-realm-management
managementPolicies:
- Observe
providerConfigRef:
name: owncloak

14
charts/keycloak-late/templates/scopes/groups.yaml
View File

@@ -9,3 +9,17 @@ spec:
name: deepcypher
name: groups
description: "Group membership list scope"
---
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: ClientScope
metadata:
name: own-groups
spec:
deletionPolicy: Delete
forProvider:
realmIdRef:
name: deepcypher
name: groups
description: "Group membership list scope"
providerConfigRef:
name: owncloak

14
charts/keycloak-late/templates/scopes/nextcloud-legacy-id.yaml
View File

@@ -9,3 +9,17 @@ spec:
name: deepcypher
name: nextcloud-legacy-id
description: "Legacy scope to allow old clients to present legacy user ID to nextcloud"
---
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: ClientScope
metadata:
name: own-nextcloud-legacy-id
spec:
deletionPolicy: Delete
forProvider:
realmIdRef:
name: deepcypher
name: nextcloud-legacy-id
description: "Legacy scope to allow old clients to present legacy user ID to nextcloud"
providerConfigRef:
name: owncloak

14
charts/keycloak-late/templates/scopes/scope-roles-in-all-tokens.yaml
View File

@@ -9,3 +9,17 @@ spec:
name: deepcypher
name: roles-in-all-tokens
description: "Role membership list scope in all tokens"
---
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: ClientScope
metadata:
name: own-roles-in-all-tokens
spec:
deletionPolicy: Delete
forProvider:
realmIdRef:
name: deepcypher
name: roles-in-all-tokens
description: "Role membership list scope in all tokens"
providerConfigRef:
name: owncloak