github crossplane-contrib/provider-keycloak v2.23.0

3 hours ago

Release Notes — v2.23.0

Full Changelog: v2.22.1...v2.23.0


🆕 New Features

RealmLocalization CRD

A new RealmLocalization managed resource is now available under the realm.keycloak.crossplane.io/v1alpha1 API group. It lets you declaratively manage per-locale message text overrides for a Keycloak realm — without touching the Admin UI.

Requirements: Internationalization must be enabled on the target Realm resource, and the locale must be listed as a supported locale.

Example — German locale overrides:

apiVersion: realm.keycloak.crossplane.io/v1alpha1
kind: RealmLocalization
metadata:
  name: realm-de-texts
spec:
  deletionPolicy: Delete
  forProvider:
    realmIdRef:
      name: my-realm
      policy:
        resolve: Always
    locale: "de"
    texts:
      Hello: "Hallo"
      loginTitle: "Willkommen"
      loginAccountTitle: "Konto"
  providerConfigRef:
    name: keycloak-provider-config

Stable cross-resource references for ClientAuthorizationPermission

ClientAuthorizationPermission now supports policiesRefs, resourcesRefs, and scopesRefs — allowing you to reference other managed resources by name instead of passing raw UUIDs in policies, resources, and scopes.

Example — permission wired to a resource by reference:

apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: ClientAuthorizationPermission
metadata:
  name: my-resource-permission
spec:
  deletionPolicy: Delete
  forProvider:
    name: my-resource-permission
    description: Grants access to /api/data
    type: resource
    decisionStrategy: UNANIMOUS
    realmIdRef:
      name: my-realm
      policy:
        resolve: Always
    resourceServerIdRef:
      name: my-confidential-client
      policy:
        resolve: Always
    resourcesRefs:
      - name: my-authz-resource
    policiesRefs:
      - name: my-allow-policy
  providerConfigRef:
    name: keycloak-provider-config

🐛 Bug Fixes

  • ExecutionConfig reference fix: executionId is now resolved from the .status.atProvider.id UUID of the referenced Execution resource, preventing stale write-back drift on authentication flow configurations.
  • RealmLocalization metadata corrections: Fixed realm_id description and example labels in generated CRD types.

📖 Documentation

  • Added explicit guidance for adopting existing Keycloak resources into Crossplane management without triggering a replace.
  • Added built-in client and role adoption examples (e.g. account, realm-management).
  • Improved AI-agent friendliness: updated llms.txt, llms-full.txt, SKILL.md, and agents.md; PR previews now use rossjrw/pr-preview-action.

⚙️ Maintenance

  • Renovate now tracks Makefile-managed tool versions (golangci-lint, controller-gen, etc.) via a custom manager.
  • Dependency pin update via Renovate.

🙏 New Contributors

  • @Ripolin made their first contribution with the RealmLocalization CRD — thank you!

Upgrade Notes

No breaking changes. RealmLocalization is a purely additive new CRD. The policiesRefs/resourcesRefs/scopesRefs fields on ClientAuthorizationPermission are optional additions alongside the existing raw-ID lists.

Don't miss a new provider-keycloak release

NewReleases is sending notifications on new releases.