Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for setting authenticationFlowBindingOverrides with a computed Id Ref in client.openidclient #120

Closed
fujin opened this issue Jun 25, 2024 · 2 comments
Closed

Support for setting authenticationFlowBindingOverrides with a computed Id Ref in client.openidclient #120

fujin opened this issue Jun 25, 2024 · 2 comments
Labels
feature

Comments

@fujin
Copy link

fujin commented Jun 25, 2024
edited
Loading

Currently the openidclient spec has a authenticationFlowBindingOverrides []Object field, which has child fields browserId and directGrantID.

λ kubectl explain clients.spec.forProvider.authenticationFlowBindingOverrides
GROUP:      openidclient.keycloak.crossplane.io
KIND:       Client
VERSION:    v1alpha1

FIELD: authenticationFlowBindingOverrides <[]Object>


DESCRIPTION:
    Override realm authentication flow bindings

FIELDS:
  browserId     <string>
    Browser flow id, (flow needs to exist)

  directGrantId <string>
    Direct grant flow id (flow needs to exist)

As we are creating a Flow and (OpenID) Client via crossplane, we would like to set in the OpenID client the authenticationFlowBindingOverrides for browserID, to the Flow we have created.

In pure cdktf we had been access/reference the ID of the Flow resource, while in Crossplane this requires usage of Composition: XRD,XR. I'll attach mine here (momentarily) so you can see them.

What I'd like: authenticationFlowBindingOverrides to be allow "Id ref" type semantics, imagined:

apiVersion: authenticationflow.keycloak.crossplane.io/v1alpha1
kind: Flow
metadata:
  name: browser
spec:
  forProvider:
    alias: browser
    realmIdRef:
      name: internal

in Client:

authenticationFlowBindingOverrides:
- browserIdFlowRef: { name: browser }

Prior art: adorsys/keycloak-config-cli#178
@Breee Breee added the feature label Jun 27, 2024
@Breee
Copy link
Collaborator

Breee commented Jun 27, 2024

Agree, we need to add something similar to this, to the Client

https://github.com/crossplane-contrib/provider-keycloak/blob/main/config/authentication/config.go#L44

		r.References["browser_flow"] = config.Reference{
			Type:              "github.com/crossplane-contrib/provider-keycloak/apis/authenticationflow/v1alpha1.Flow",
			Extractor:         common.PathAuthenticationFlowAliasExtractor,
			RefFieldName:      "BrowserFlowRef",
			SelectorFieldName: "BrowserFlowSelector",
		}

i'll do that as soon as i have time

@Breee
Copy link
Collaborator

Breee commented Jun 27, 2024
edited
Loading

can you test out that RC ?

xpkg.upbound.io/crossplane-contrib/provider-keycloak:v0.24.0-rc.1.1.g8291ace

diff https://github.com/crossplane-contrib/provider-keycloak/pull/122/files#diff-9a6e7df1991a726cf3808fb3549d88fcf690a6f0eff8d1f4f96f05b82a2b636b

@Breee Breee closed this as completed Jul 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fujin @Breee