🚀. Socket Launch Week Day 3:Socket Firewall Now Blocks Malicious VS Code and Open VSX Extensions.Learn more
Sign In

github.com/crossplane-contrib/provider-keycloak

Package Overview
Dependencies
Versions
88
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github.com/crossplane-contrib/provider-keycloak

Source
Go Modules
Version
v1.13.0
Version published
Created
Source

Provider keycloak

provider-keycloak is a Crossplane provider that is built using Upjet code generation tools and exposes XRM-conformant managed resources for the keycloak API.

Check out the examples in the examples directory for more information on how to use this provider.

Usage

Installation

To install the provider, use the following resource definition:

---
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-keycloak
  namespace: crossplane-system
spec:
  package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.5.0

This will install the provider in the crossplane-system namespace and install CRDs and controllers for the provider.

DeploymentRuntimeConfig

We also support DeploymentRuntimeConfig to enable additional features in the provider.

--- 
apiVersion: pkg.crossplane.io/v1beta1
kind: DeploymentRuntimeConfig
metadata:
  name: enable-ess
spec:
  deploymentTemplate:
    spec:
      selector: {}
      template:
        spec:
          containers:
            - name: package-runtime
              args:
                - --enable-external-secret-stores

which can be used in the provider resource as follows:

---
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: keycloak-provider
  namespace: crossplane-system
  annotations:
    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
  package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.5.0
+ runtimeConfigRef:
+   name: enable-ess

(Without the + signs of course)

Configuration

  • For each keycloak instance you need one or more ProviderConfig resources.
  • The ProviderConfig resource is used to store the keycloak API server URL, credentials, and other configuration details that are required to connect to the keycloak API server.
  • Here is an example of a ProviderConfig resource:
---
apiVersion: keycloak.crossplane.io/v1beta1
kind: ProviderConfig
metadata:
  name: keycloak-provider-config
spec:
  credentials:
    source: Secret
    secretRef:
      name: keycloak-credentials
      key: credentials
      namespace: crossplane-system
---
apiVersion: v1
kind: Secret
metadata:
  name: keycloak-credentials
  namespace: crossplane-system
  labels: 
    type: provider-credentials
type: Opaque
stringData:
  credentials: |
    {
      "client_id":"admin-cli",
      "username": "admin",
      "password": "admin",
      "url": "https://keycloak.example.com",
      "base_path": "/auth",
      "realm": "master"
    }

The secret keycloak-credentials contains the keycloak API server URL, credentials, and other configuration details that are required to connect to the keycloak API server. It supports the same fields as the terraform provider configuration

As an alternative to using the embedded JSON format shown above, you can also place settings in a plain Kubernetes secret like this:

apiVersion: v1
kind: Secret
metadata:
  name: keycloak-credentials
  namespace: crossplane-system
  labels:
    type: provider-credentials
type: Opaque
stringData:
  client_id: "admin-cli"
  username: "admin"
  password: "admin"
  url: "https://keycloak.example.com"
  base_path: "/auth"
  realm: "master"

Custom Resource Definitions

You can explore the available custom resources:

  • Upbound marketplace site
  • kubectl get crd | grep keycloak.crossplane.io to list all the CRDs provided by the provider
  • kubectl explain <CRD_NAME> for docs on the CLI
  • You can also see the CRDs in the package/crds directory

Functions and Compositions:

  • function-keycloak-builtin-objects - The function is used to import the builtin objects of a keycloak, e.g. clients and roles. Since v3.0 it also offers the possibility to adapt some default config. Everything you need to know is in the README of the repository.

Developing

Run code-generation pipeline:

go install golang.org/x/tools/cmd/goimports@latest
go run cmd/generator/main.go "$(pwd)"

Checkout sub-repositories:

make submodules

Execute code generation:

make generate

Run against a Kubernetes cluster:

make run

Build, push, and install:

make all

Build binary:

make build

Build from custom Terraform Provider

If you want to build this crossplane provider on top of a forked terraform-provider-keycloak follow these instructions:

  • Execute code generation:
TERRAFORM_PROVIDER_REPO=https://github.com/<owner>/terraform-provider-keycloak \
TERRAFORM_PROVIDER_VERSION=1.0.0 \
make generate

Hint: TERRAFORM_PROVIDER_VERSION must be a Release. Releases can be found here: https://github.com/<owner>/terraform-provider-keycloak/releases. Every ReleaseName should have the prefix "v" (i.e 'v1.0.0'). But if you specify the TERRAFORM_PROVIDER_VERSION you need to skip that prefix (i.e. '1.0.0')

  • Use forked repo as go dependency:
go mod edit -replace="github.com/keycloak/terraform-provider-keycloak@v0.0.0-20241206084240-f87470c95855=github.com/<owner>/terraform-provider-keycloak@v1.0.0"
go mod tidy

Hint: You can also specify the version as github.com/<owner>/terraform-provider-keycloak@v0.0.0-<timestamp>-<commitHash>

Build and publish to custom repo

Install up cli: https://docs.upbound.io/reference/cli/

Git tag with the version that should be published:

git tag v<VersionNumber>

Create a release branch with git:

git checkout -b release-v<VersionNumber>

Ensure that you ran make generate and make build

Hint: If you want to build a specific platform you can do this with:

PLATFORMS=linux_amd64 make build

Login

up login -t <TOKEN>

Publish

PLATFORMS=linux_amd64 \
XPKG_REG_ORGS=xpkg.upbound.io/<owner> \
XPKG_REG_ORGS_NO_PROMOTE=xpkg.upbound.io/<owner> \
make publish

Local Environment

Change dir to dev/ Folder

cd dev/

Execute setup script which creates a KIND Cluster and installs crossplane, keycloak and the official crossplane provider via ArgoCD (for more options run script with --help)

./setup_dev_environment.sh

Hint: If you are using rootless docker you can --skip-metal-lb and run sudo cloud-provider-kind (how to install see here and don´t forget to give root access to your user´s docker socket)

Use created file from KIND as kubeconfig ~/.kube/<clustername>

For debugging local source code you need to scale down the crossplane provider which is running in the cluster and then start your local crossplane provider instance

kubectl patch DeploymentRuntimeConfig enable-ess --type='merge' -p '{"spec":{"deploymentTemplate":{"spec":{"replicas":0}}}}'

Alternative Local Environment

This make target creates a KIND Cluster and installs crossplane and the crossplane provider from current sources

make local-deploy

Regression Tests

TODO: Add regression test docs

Report a Bug

For filing bugs, suggesting improvements, or requesting new features, please open an issue.

FAQs

Package last updated on 15 Mar 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Socket Firewall Now Blocks Malicious VS Code and Open VSX Extensions

Product

Socket Firewall Now Blocks Malicious VS Code and Open VSX Extensions

Socket Firewall blocks malicious VS Code and Open VSX extensions before install, protecting developers from compromised editor marketplaces.

By John Tuckner  -  Jun 17, 2026