A KeycloakClientScope represents a client scope within a Keycloak realm.
apiVersion: keycloak.hostzero.com/v1beta1
kind: KeycloakClientScope
metadata:
name: my-scope
spec:
# One of realmRef or clusterRealmRef must be specified
# Option 1: Reference to a namespaced KeycloakRealm
realmRef:
name: my-realm
# Option 2: Reference to a ClusterKeycloakRealm
clusterRealmRef:
name: my-cluster-realm
# Required: Client scope definition
definition:
name: my-scope
protocol: openid-connect
# ... any other properties
status:
ready: true
status: "Ready"
message: "Client scope synchronized successfully"
resourcePath: "/admin/realms/my-realm/client-scopes/12345678-..."
instance:
instanceRef: my-keycloak
realm:
realmRef: my-realm
conditions:
- type: Ready
status: "True"
reason: Synchronized
apiVersion: keycloak.hostzero.com/v1beta1
kind: KeycloakClientScope
metadata:
name: profile-extended
spec:
realmRef:
name: my-realm
definition:
name: profile-extended
description: Extended profile information
protocol: openid-connect
apiVersion: keycloak.hostzero.com/v1beta1
kind: KeycloakClientScope
metadata:
name: department-scope
spec:
realmRef:
name: my-realm
definition:
name: department
description: Department information
protocol: openid-connect
protocolMappers:
- name: department
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
consentRequired: false
config:
claim.name: department
user.attribute: department
jsonType.label: String
id.token.claim: "true"
access.token.claim: "true"
userinfo.token.claim: "true"
Property Type Description
namestring Scope name (required) descriptionstring Description protocolstring Protocol (openid-connect, saml) protocolMappersarray Protocol mapper configurations attributesmap Additional attributes
Alias Full Name
kccskeycloakclientscopes
kubectl get kccs