From e8faf193eb31e5ce1f9c1bfbbd2d7b6a4dcac2ee Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Thu, 3 Apr 2025 18:36:00 +0200 Subject: [PATCH] Upd: Keycloak-operator to v1.25.0 Signed-off-by: Andrei Kvapil --- .../charts/keycloak-operator/Chart.yaml | 10 +- .../charts/keycloak-operator/README.md | 4 +- .../charts/keycloak-operator/README.md.gotmpl | 2 +- .../_crd_examples/keycloakclient.yaml | 21 +- .../_crd_examples/keycloakrealm.yaml | 62 ++++ ...v1.edp.epam.com_clusterkeycloakrealms.yaml | 284 +++++++++++++++++ .../crds/v1.edp.epam.com_keycloakclients.yaml | 91 +++++- .../crds/v1.edp.epam.com_keycloakrealms.yaml | 286 ++++++++++++++++++ 8 files changed, 745 insertions(+), 15 deletions(-) diff --git a/packages/system/keycloak-operator/charts/keycloak-operator/Chart.yaml b/packages/system/keycloak-operator/charts/keycloak-operator/Chart.yaml index 986d7354..f9d53963 100644 --- a/packages/system/keycloak-operator/charts/keycloak-operator/Chart.yaml +++ b/packages/system/keycloak-operator/charts/keycloak-operator/Chart.yaml @@ -272,18 +272,18 @@ annotations: secret: secret-name-in-operator-ns url: https://keycloak.example.com artifacthub.io/images: | - - name: keycloak-operator:1.23.0 - image: epamedp/keycloak-operator:1.23.0 + - name: keycloak-operator:1.25.0 + image: epamedp/keycloak-operator:1.25.0 artifacthub.io/license: Apache-2.0 artifacthub.io/links: | - name: KubeRocketCI Documentation - url: https://docs.kuberocketci.io + url: https://docs.kuberocketci.io/ - name: EPAM SolutionHub url: https://solutionshub.epam.com/solution/kuberocketci artifacthub.io/operator: "true" artifacthub.io/operatorCapabilities: Deep Insights apiVersion: v2 -appVersion: 1.23.0 +appVersion: 1.25.0 description: A Helm chart for KubeRocketCI Keycloak Operator home: https://docs.kuberocketci.io/ icon: https://docs.kuberocketci.io/img/logo.svg @@ -308,4 +308,4 @@ name: keycloak-operator sources: - https://github.com/epam/edp-keycloak-operator type: application -version: 1.23.0 +version: 1.25.0 diff --git a/packages/system/keycloak-operator/charts/keycloak-operator/README.md b/packages/system/keycloak-operator/charts/keycloak-operator/README.md index 5c5bcd0d..abd23443 100644 --- a/packages/system/keycloak-operator/charts/keycloak-operator/README.md +++ b/packages/system/keycloak-operator/charts/keycloak-operator/README.md @@ -1,6 +1,6 @@ # keycloak-operator -![Version: 1.23.0](https://img.shields.io/badge/Version-1.23.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.23.0](https://img.shields.io/badge/AppVersion-1.23.0-informational?style=flat-square) +![Version: 1.25.0](https://img.shields.io/badge/Version-1.25.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.25.0](https://img.shields.io/badge/AppVersion-1.25.0-informational?style=flat-square) A Helm chart for KubeRocketCI Keycloak Operator @@ -32,7 +32,7 @@ To install the Keycloak Operator, follow the steps below: ```bash helm search repo epamedp/keycloak-operator -l NAME CHART VERSION APP VERSION DESCRIPTION - epamedp/keycloak-operator 1.22.0 1.22.0 A Helm chart for KRCI Keycloak Operator + epamedp/keycloak-operator 1.24.0 1.24.0 A Helm chart for KRCI Keycloak Operator ``` _**NOTE:** It is highly recommended to use the latest stable version._ diff --git a/packages/system/keycloak-operator/charts/keycloak-operator/README.md.gotmpl b/packages/system/keycloak-operator/charts/keycloak-operator/README.md.gotmpl index 6bb74253..9dffecab 100644 --- a/packages/system/keycloak-operator/charts/keycloak-operator/README.md.gotmpl +++ b/packages/system/keycloak-operator/charts/keycloak-operator/README.md.gotmpl @@ -33,7 +33,7 @@ To install the Keycloak Operator, follow the steps below: ```bash helm search repo epamedp/keycloak-operator -l NAME CHART VERSION APP VERSION DESCRIPTION - epamedp/keycloak-operator 1.22.0 1.22.0 A Helm chart for KRCI Keycloak Operator + epamedp/keycloak-operator 1.24.0 1.24.0 A Helm chart for KRCI Keycloak Operator ``` _**NOTE:** It is highly recommended to use the latest stable version._ diff --git a/packages/system/keycloak-operator/charts/keycloak-operator/_crd_examples/keycloakclient.yaml b/packages/system/keycloak-operator/charts/keycloak-operator/_crd_examples/keycloakclient.yaml index a3e96c97..fdd9d018 100644 --- a/packages/system/keycloak-operator/charts/keycloak-operator/_crd_examples/keycloakclient.yaml +++ b/packages/system/keycloak-operator/charts/keycloak-operator/_crd_examples/keycloakclient.yaml @@ -12,6 +12,8 @@ spec: public: false secret: $client-secret-name:client-secret-key webUrl: https://argocd.example.com + adminUrl: https://admin.example.com + homeUrl: /home/ defaultClientScopes: - groups redirectUris: @@ -23,19 +25,28 @@ spec: apiVersion: v1.edp.epam.com/v1 kind: KeycloakClient metadata: - name: keycloakclient-policy-sample + name: keycloakclient-authorization-sample spec: realmRef: name: keycloakrealm-sample kind: KeycloakRealm - clientId: policy-sample - secret: $client-secret-policy-sample:client-secret-key - webUrl: http://example.com + clientId: authorization-sample + secret: $client-secret-authorization-sample:client-secret-key + webUrl: https://example.com directAccess: true authorizationServicesEnabled: true serviceAccount: enabled: true authorization: + scopes: + - scope1 + resources: + - name: resource1 + displayName: Resource 1 + type: test + iconUri: https://example.com/icon.png + scopes: + - scope1 policies: - name: role-policy type: role @@ -112,6 +123,6 @@ spec: apiVersion: v1 kind: Secret metadata: - name: client-secret-policy-sample + name: client-secret-authorization-sample data: client-secret-key: cGFzc3dvcmQ= diff --git a/packages/system/keycloak-operator/charts/keycloak-operator/_crd_examples/keycloakrealm.yaml b/packages/system/keycloak-operator/charts/keycloak-operator/_crd_examples/keycloakrealm.yaml index bc390acb..4f6c080a 100644 --- a/packages/system/keycloak-operator/charts/keycloak-operator/_crd_examples/keycloakrealm.yaml +++ b/packages/system/keycloak-operator/charts/keycloak-operator/_crd_examples/keycloakrealm.yaml @@ -32,3 +32,65 @@ spec: refreshTokenMaxReuse: 300 revokeRefreshToken: true defaultSignatureAlgorithm: RS256 + userProfileConfig: + unmanagedAttributePolicy: "ENABLED" + attributes: + - name: "test-attribute" + displayName: "Test Attribute" + required: + roles: + - "admin" + scopes: + - "profile" + multivalued: true + group: "test-group" + permissions: + edit: + - "admin" + view: + - "admin" + - "user" + selector: + scopes: + - "profile" + annotations: + inputType: "text" + validations: + email: + max-local-length: + intVal: 64 + local-date: {} + options: + options: + sliceVal: + - "option1" + - "option2" + multivalued: + min: + stringVal: "1" + max: + stringVal: "10" + groups: + - name: "test-group" + displayDescription: "Test Group" + displayHeader: "Test Group" + annotations: + groupAnnotation: "groupAnnotation" + smtp: + template: + from: "frm@mailcom" + fromDisplayName: "from display name" + replyTo: "to@mail.com" + replyToDisplayName: "reply to display name" + envelopeFrom: "envelopeFrom@mail.com" + connection: + host: "host" + enableSSL: true + enableStartTLS: true + authentication: + password: + secretKeyRef: + name: "secret-with-email-authentication" + key: "password" + username: + value: "username" diff --git a/packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_clusterkeycloakrealms.yaml b/packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_clusterkeycloakrealms.yaml index e42c0842..f2d8e337 100644 --- a/packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_clusterkeycloakrealms.yaml +++ b/packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_clusterkeycloakrealms.yaml @@ -19,6 +19,14 @@ spec: jsonPath: .status.available name: Available type: boolean + - description: Keycloak realm name + jsonPath: .spec.realmName + name: Realm + type: boolean + - description: ClusterKeycloak instance name + jsonPath: .spec.clusterKeycloakRef + name: Cluster-Keycloak + type: boolean name: v1alpha1 schema: openAPIV3Schema: @@ -119,6 +127,11 @@ spec: description: AdminEventsEnabled indicates whether to enable admin events. type: boolean + adminEventsExpiration: + description: |- + AdminEventsExpiration sets the expiration for events in seconds. + Expired events are periodically deleted from the database. + type: integer enabledEventTypes: description: EnabledEventTypes is a list of event types to enable. items: @@ -140,6 +153,140 @@ spec: realmName: description: RealmName specifies the name of the realm. type: string + smtp: + description: Smtp is the configuration for email in the realm. + nullable: true + properties: + connection: + description: Connection specifies the email connection configuration. + properties: + authentication: + description: Authentication specifies the email authentication + configuration. + properties: + password: + description: Password specifies login password. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret. + properties: + key: + description: The key of the secret to select from. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + username: + description: Username specifies login username. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret. + properties: + key: + description: The key of the secret to select from. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + value: + description: Directly specifies a value. + type: string + type: object + required: + - password + - username + type: object + enableSSL: + description: EnableSSL specifies if SSL is enabled. + type: boolean + enableStartTLS: + description: EnableStartTLS specifies if StartTLS is enabled. + type: boolean + host: + description: Host specifies the email server host. + type: string + port: + default: 25 + description: Port specifies the email server port. + type: integer + required: + - host + type: object + template: + description: Template specifies the email template configuration. + properties: + envelopeFrom: + description: EnvelopeFrom is an email address used for bounces + . + type: string + from: + description: From specifies the sender email address. + type: string + fromDisplayName: + description: FromDisplayName specifies the sender display + for sender email address. + type: string + replyTo: + description: ReplyTo specifies the reply-to email address. + type: string + replyToDisplayName: + description: ReplyToDisplayName specifies display name for + reply-to email address. + type: string + required: + - from + type: object + required: + - connection + - template + type: object themes: description: Themes is a map of themes to apply to the realm. nullable: true @@ -235,6 +382,143 @@ spec: Otherwise, refresh tokens are not revoked when used and can be used multiple times. type: boolean type: object + userProfileConfig: + description: UserProfileConfig is the configuration for user profiles + in the realm. + nullable: true + properties: + attributes: + description: Attributes specifies the list of user profile attributes. + items: + properties: + annotations: + additionalProperties: + type: string + description: Annotations specifies the annotations for the + attribute. + type: object + displayName: + description: Display name for the attribute. + type: string + group: + description: Group to which the attribute belongs. + type: string + multivalued: + description: |- + Multivalued specifies if this attribute supports multiple values. + This setting is an indicator and does not enable any validation + type: boolean + name: + description: Name of the user attribute, used to uniquely + identify an attribute. + type: string + permissions: + description: Permissions specifies the permissions for the + attribute. + properties: + edit: + description: Edit specifies who can edit the attribute. + items: + type: string + type: array + view: + description: View specifies who can view the attribute. + items: + type: string + type: array + type: object + required: + description: Required indicates that the attribute must + be set by users and administrators. + properties: + roles: + description: Roles specifies the roles for whom the + attribute is required. + items: + type: string + type: array + scopes: + description: Scopes specifies the scopes when the attribute + is required. + items: + type: string + type: array + type: object + selector: + description: Selector specifies the scopes for which the + attribute is available. + properties: + scopes: + description: Scopes specifies the scopes for which the + attribute is available. + items: + type: string + type: array + type: object + validations: + additionalProperties: + additionalProperties: + properties: + intVal: + type: integer + mapVal: + additionalProperties: + type: string + nullable: true + type: object + sliceVal: + items: + type: string + nullable: true + type: array + stringVal: + type: string + type: object + type: object + description: Validations specifies the validations for the + attribute. + type: object + required: + - name + type: object + type: array + groups: + description: Groups specifies the list of user profile groups. + items: + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations specifies the annotations for the group. + nullable + type: object + displayDescription: + description: DisplayDescription specifies a user-friendly + name for the group that should be used when rendering + a group of attributes in user-facing forms. + type: string + displayHeader: + description: DisplayHeader specifies a text that should + be used as a header when rendering user-facing forms. + type: string + name: + description: Name is unique name of the group. + type: string + required: + - name + type: object + type: array + unmanagedAttributePolicy: + description: |- + UnmanagedAttributePolicy are user attributes not explicitly defined in the user profile configuration. + Empty value means that unmanaged attributes are disabled. + Possible values: + ENABLED - unmanaged attributes are allowed. + ADMIN_VIEW - unmanaged attributes are read-only and only available through the administration console and API. + ADMIN_EDIT - unmanaged attributes can be managed only through the administration console and API. + type: string + type: object required: - clusterKeycloakRef - realmName diff --git a/packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_keycloakclients.yaml b/packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_keycloakclients.yaml index 1923d806..c79d8376 100644 --- a/packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_keycloakclients.yaml +++ b/packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_keycloakclients.yaml @@ -44,6 +44,15 @@ spec: spec: description: KeycloakClientSpec defines the desired state of KeycloakClient. properties: + adminFineGrainedPermissionsEnabled: + description: AdminFineGrainedPermissionsEnabled enable/disable fine-grained + admin permissions for a client. + type: boolean + adminUrl: + description: |- + AdminUrl is client admin url. + If empty - WebUrl will be used. + type: string advancedProtocolMappers: description: AdvancedProtocolMappers is a flag to enable advanced protocol mappers. @@ -56,6 +65,14 @@ spec: description: Attributes is a map of client attributes. nullable: true type: object + authenticationFlowBindingOverrides: + description: AuthenticationFlowBindingOverrides client auth flow overrides + properties: + browser: + type: string + directGrant: + type: string + type: object authorization: description: Authorization is a client authorization configuration. nullable: true @@ -334,14 +351,61 @@ spec: - type type: object type: array + resources: + items: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + description: Attributes is a map of resource attributes. + nullable: true + type: object + displayName: + description: DisplayName for Identity Providers. + type: string + iconUri: + description: IconURI pointing to an icon. + type: string + name: + description: Name is unique resource name. + type: string + ownerManagedAccess: + description: OwnerManagedAccess if enabled, the access to + this resource can be managed by the resource owner. + type: boolean + scopes: + description: |- + Scopes requested or assigned in advance to the client to determine whether the policy is applied to this client. + Condition is evaluated during OpenID Connect authorization request and/or token request. + items: + type: string + nullable: true + type: array + type: + description: Type of this resource. It can be used to group + different resource instances with the same type. + type: string + uris: + description: URIs which are protected by resource. + items: + type: string + nullable: true + type: array + required: + - displayName + - name + type: object + type: array scopes: items: type: string type: array type: object authorizationServicesEnabled: - description: ServiceAccountsEnabled enable/disable fine-grained authorization - support for a client. + description: AuthorizationServicesEnabled enable/disable fine-grained + authorization support for a client. type: boolean bearerOnly: description: BearerOnly is a flag to enable bearer-only. @@ -389,6 +453,9 @@ spec: default: true description: FullScopeAllowed is a flag to enable full scope. type: boolean + homeUrl: + description: HomeUrl is a client home url. + type: string implicitFlowEnabled: description: ImplicitFlowEnabled is a flag to enable support for OpenID Connect redirect based authentication without authorization code. @@ -403,6 +470,26 @@ spec: type: string nullable: true type: array + permission: + description: Permission is a client permissions configuration + nullable: true + properties: + scopePermissions: + description: ScopePermissions mapping of scope and the policies + attached + items: + properties: + name: + type: string + policies: + items: + type: string + type: array + required: + - name + type: object + type: array + type: object protocol: description: Protocol is a client protocol. nullable: true diff --git a/packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_keycloakrealms.yaml b/packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_keycloakrealms.yaml index a86b5093..69523264 100644 --- a/packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_keycloakrealms.yaml +++ b/packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_keycloakrealms.yaml @@ -23,6 +23,14 @@ spec: jsonPath: .status.value name: Status type: string + - description: Keycloak realm name + jsonPath: .spec.realmName + name: Realm + type: boolean + - description: Keycloak instance name + jsonPath: .spec.keycloakRef + name: Keycloak + type: boolean name: v1 schema: openAPIV3Schema: @@ -124,6 +132,11 @@ spec: description: AdminEventsEnabled indicates whether to enable admin events. type: boolean + adminEventsExpiration: + description: |- + AdminEventsExpiration sets the expiration for events in seconds. + Expired events are periodically deleted from the database. + type: integer enabledEventTypes: description: EnabledEventTypes is a list of event types to enable. items: @@ -145,6 +158,140 @@ spec: realmName: description: RealmName specifies the name of the realm. type: string + smtp: + description: Smtp is the configuration for email in the realm. + nullable: true + properties: + connection: + description: Connection specifies the email connection configuration. + properties: + authentication: + description: Authentication specifies the email authentication + configuration. + properties: + password: + description: Password specifies login password. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret. + properties: + key: + description: The key of the secret to select from. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + username: + description: Username specifies login username. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret. + properties: + key: + description: The key of the secret to select from. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + value: + description: Directly specifies a value. + type: string + type: object + required: + - password + - username + type: object + enableSSL: + description: EnableSSL specifies if SSL is enabled. + type: boolean + enableStartTLS: + description: EnableStartTLS specifies if StartTLS is enabled. + type: boolean + host: + description: Host specifies the email server host. + type: string + port: + default: 25 + description: Port specifies the email server port. + type: integer + required: + - host + type: object + template: + description: Template specifies the email template configuration. + properties: + envelopeFrom: + description: EnvelopeFrom is an email address used for bounces + . + type: string + from: + description: From specifies the sender email address. + type: string + fromDisplayName: + description: FromDisplayName specifies the sender display + for sender email address. + type: string + replyTo: + description: ReplyTo specifies the reply-to email address. + type: string + replyToDisplayName: + description: ReplyToDisplayName specifies display name for + reply-to email address. + type: string + required: + - from + type: object + required: + - connection + - template + type: object themes: description: Themes is a map of themes to apply to the realm. nullable: true @@ -245,6 +392,145 @@ spec: Otherwise, refresh tokens are not revoked when used and can be used multiple times. type: boolean type: object + userProfileConfig: + description: |- + UserProfileConfig is the configuration for user profiles in the realm. + Attributes and groups will be added to the current realm configuration. + Deletion of attributes and groups is not supported. + nullable: true + properties: + attributes: + description: Attributes specifies the list of user profile attributes. + items: + properties: + annotations: + additionalProperties: + type: string + description: Annotations specifies the annotations for the + attribute. + type: object + displayName: + description: Display name for the attribute. + type: string + group: + description: Group to which the attribute belongs. + type: string + multivalued: + description: |- + Multivalued specifies if this attribute supports multiple values. + This setting is an indicator and does not enable any validation + type: boolean + name: + description: Name of the user attribute, used to uniquely + identify an attribute. + type: string + permissions: + description: Permissions specifies the permissions for the + attribute. + properties: + edit: + description: Edit specifies who can edit the attribute. + items: + type: string + type: array + view: + description: View specifies who can view the attribute. + items: + type: string + type: array + type: object + required: + description: Required indicates that the attribute must + be set by users and administrators. + properties: + roles: + description: Roles specifies the roles for whom the + attribute is required. + items: + type: string + type: array + scopes: + description: Scopes specifies the scopes when the attribute + is required. + items: + type: string + type: array + type: object + selector: + description: Selector specifies the scopes for which the + attribute is available. + properties: + scopes: + description: Scopes specifies the scopes for which the + attribute is available. + items: + type: string + type: array + type: object + validations: + additionalProperties: + additionalProperties: + properties: + intVal: + type: integer + mapVal: + additionalProperties: + type: string + nullable: true + type: object + sliceVal: + items: + type: string + nullable: true + type: array + stringVal: + type: string + type: object + type: object + description: Validations specifies the validations for the + attribute. + type: object + required: + - name + type: object + type: array + groups: + description: Groups specifies the list of user profile groups. + items: + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations specifies the annotations for the group. + nullable + type: object + displayDescription: + description: DisplayDescription specifies a user-friendly + name for the group that should be used when rendering + a group of attributes in user-facing forms. + type: string + displayHeader: + description: DisplayHeader specifies a text that should + be used as a header when rendering user-facing forms. + type: string + name: + description: Name is unique name of the group. + type: string + required: + - name + type: object + type: array + unmanagedAttributePolicy: + description: |- + UnmanagedAttributePolicy are user attributes not explicitly defined in the user profile configuration. + Empty value means that unmanaged attributes are disabled. + Possible values: + ENABLED - unmanaged attributes are allowed. + ADMIN_VIEW - unmanaged attributes are read-only and only available through the administration console and API. + ADMIN_EDIT - unmanaged attributes can be managed only through the administration console and API. + type: string + type: object users: description: Users is a list of users to create in the realm. items: