Hugo Renard · Hugo Renard · Hugo Renard · Timothee Gosselin · Timothee Gosselin · Timothee Gosselin
--- a/.ci/publish.sh
+++ b/.ci/publish.sh
+#!/bin/bash
+
+DESTINATION="-t ${CONTAINER_REPOSITORY}:${CI_COMMIT_REF_SLUG}"
+
+if [ -n "$CI_COMMIT_TAG" ]; then
+    DESTINATION="$DESTINATION -t ${CONTAINER_REPOSITORY}"
+fi
+
+docker build $DESTINATION .
+docker push -a $CONTAINER_REPOSITORY
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+variables:
+  CONTAINER_REPOSITORY: libresh/controller
+
+publish:
+  image: docker:latest
+  stage: build
+  services:
+    - docker:dind
+  before_script:
+    - mkdir ~/.docker
+    - cp $DOCKER_SECRET_CONFIG ~/.docker/config.json
+  script: .ci/publish.sh
+  only:
+    - tags
+    - master
--- a/Dockerfile
+++ b/Dockerfile
 # Build the manager binary
-FROM golang:1.17 as builder
+FROM golang:1.18 as builder

 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -13,6 +13,7 @@ RUN go mod download
 COPY main.go main.go
 COPY apis/ apis/
 COPY controllers/ controllers/
+COPY internal/ internal/

 # Build
 RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o manager main.go

--- a/Makefile
+++ b/Makefile
@@ -114,7 +114,7 @@ build: generate fmt vet ## Build manager binary.

 .PHONY: run
 run: manifests generate fmt vet ## Run a controller from your host.
-	go run ./main.go
+	go run ./main.go --config=./dev/libreconfig.yaml

 .PHONY: docker-build
 docker-build: test ## Build docker image with the manager.

--- a/PROJECT
+++ b/PROJECT
 domain: libre.sh
 layout:
 - go.kubebuilder.io/v3
+multigroup: true
 plugins:
  manifests.sdk.operatorframework.io/v2: {}
  scorecard.sdk.operatorframework.io/v2: {}
@@ -13,16 +14,25 @@ resources:
  controller: true
  domain: libre.sh
  group: apps
-  kind: Nextcloud
+  kind: Realm
  path: libre.sh/controller/apis/apps/v1alpha1
  version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: libre.sh
+  group: core
+  kind: Bucket
+  path: libre.sh/controller/apis/core/v1alpha1
+  version: v1alpha1
 - api:
    crdVersion: v1
    namespaced: true
  controller: true
  domain: libre.sh
  group: apps
-  kind: RocketChat
+  kind: OIDCClient
  path: libre.sh/controller/apis/apps/v1alpha1
  version: v1alpha1
 - api:
@@ -31,15 +41,33 @@ resources:
  controller: true
  domain: libre.sh
  group: apps
-  kind: Realm
+  kind: SAMLClient
  path: libre.sh/controller/apis/apps/v1alpha1
  version: v1alpha1
 - api:
    crdVersion: v1
    namespaced: true
+  controller: true
  domain: libre.sh
-  group: apps
+  group: core
+  kind: Redis
+  path: libre.sh/controller/apis/core/v1alpha1
+  version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: libre.sh
+  group: config
  kind: LibreConfig
-  path: libre.sh/controller/apis/apps/v1alpha1
+  path: libre.sh/controller/apis/config/v1alpha1
+  version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: libre.sh
+  group: core
+  kind: Mail
+  path: libre.sh/controller/apis/core/v1alpha1
  version: v1alpha1
 version: "3"
--- a/apis/apps/v1alpha1/libreconfig_types.go
+++ b/apis/apps/v1alpha1/libreconfig_types.go
-package v1alpha1
-
-import (
-	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-// LibreConfigSpec defines the desired state of LibreConfig
-type LibreConfigSpec struct {
-	// Keycloak provider
-	// +optinal
-	Keycloak *Provider `json:"keycloak,omitempty"`
-	// Data ObjectStore provider
-	// +optinal
-	DataObjectStore *Provider `json:"dataObjectStore,omitempty"`
-	// Backup ObjectStore provider
-	// +optional
-	BackupObjectStore *Provider `json:"backupObjectStore,omitempty"`
-	// Email provider
-	// +optinal
-	Email *Provider `json:"email,omitempty"`
-}
-
-type Provider struct {
-	// Keycloak host url
-	// +required
-	Host string `json:"hostname,omitempty"`
-	// Secret reference with information for to connect to the api. Keys must be - username, password
-	// +required
-	Credentials *corev1.LocalObjectReference `json:"credentials,omitempty"`
-}
-
-// LibreConfigStatus defines the observed state of LibreConfig
-type LibreConfigStatus struct {
-}
-
-//+kubebuilder:object:root=true
-//+kubebuilder:subresource:status
-
-// LibreConfig is the Schema for the libreconfigs API
-type LibreConfig struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	Spec   LibreConfigSpec   `json:"spec,omitempty"`
-	Status LibreConfigStatus `json:"status,omitempty"`
-}
-
-//+kubebuilder:object:root=true
-
-// LibreConfigList contains a list of LibreConfig
-type LibreConfigList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata,omitempty"`
-	Items           []LibreConfig `json:"items"`
-}
-
-func init() {
-	SchemeBuilder.Register(&LibreConfig{}, &LibreConfigList{})
-}
--- a/apis/apps/v1alpha1/realm_types.go
+++ b/apis/apps/v1alpha1/realm_types.go
 package v1alpha1

 import (
+	"fmt"
+
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

+const RealmSecretSuffix = "realm.libre.sh"
+
 // RealmSpec defines the desired state of Realm
 type RealmSpec struct {
-	// Realm Name, default to metada.name
-	Name string `json:"name,omitempty"`
+	//+optional
+	Suspend bool `json:"suspend,omitempty"`
 	// Is Realm enabled
 	// +optional
-	Enabled bool `json:"enabled,omitempty"`
+	Enabled *bool `json:"enabled,omitempty"`
 	// Realm display name.
 	// +optional
 	DisplayName string `json:"displayName"`
@@ -67,7 +71,6 @@ type RealmSpec struct {
 	// Duplicate emails
 	// +optional
 	DuplicateEmailsAllowed *bool `json:"duplicateEmailsAllowed,omitempty"`
-
 	// Default to 1 Day
 	// +optional
 	SSOSessionIdleTimeoutRememberMe string `json:"ssoSessionIdleTimeoutRememberMe,omitempty"`
@@ -78,99 +81,23 @@ type RealmSpec struct {
 	// Authorized domains for Content Security Policy
 	// +optional
 	ContentSecurityPolicy []string `json:"contentSecurityPolicy,omitempty"`
+	// Is BruteForce protection enabled
+	// Default to true
+	// +optional
+	BruteForceProtected *bool `json:"bruteForceProtected,omitempty"`
 }

-/*
-r.RegistrationEmailAsUsername = gocloak.BoolP(false)
-
-	r.InternationalizationEnabled = gocloak.BoolP(true)
-
-	r.SupportedLocales = &[]string{"fr", "en"}
-
-	r.RegistrationAllowed = gocloak.BoolP(false)
-
-	r.LoginWithEmailAllowed = gocloak.BoolP(true)
-
-	r.VerifyEmail = gocloak.BoolP(true)
-
-	r.RememberMe = gocloak.BoolP(true)
-
-	r.ResetPasswordAllowed = gocloak.BoolP(true)
-
-	r.EditUsernameAllowed = gocloak.BoolP(false)
-
-	r.DuplicateEmailsAllowed = gocloak.BoolP(false)
-
-	r.DisplayName = gocloak.StringP(strings.Replace(conf.Domain, ".", "-", -1))
-
-	r.DisplayNameHTML = gocloak.StringP(strings.Replace(conf.Domain, ".", "-", -1))
-
-	r.AdminTheme = gocloak.StringP("liiibre")
-
-	r.EmailTheme = gocloak.StringP("liiibrelite")
-
-	r.LoginTheme = gocloak.StringP("liiibrelite")
-
-	r.AccountTheme = gocloak.StringP("liiibre")
-
-	r.RememberMe = gocloak.BoolP(true)
-
-	r.BruteForceProtected = gocloak.BoolP(true)
-
-	// 1 Day
-	r.SsoSessionIdleTimeoutRememberMe = gocloak.IntP(86400)
-	// 7 Days
-	r.SsoSessionMaxLifespanRememberMe = gocloak.IntP(604800)
-
-	browserSecurityHeaders := map[string]string{
-		"xContentTypeOptions": "nosniff",
-		"xRobotsTag":          "none",
-		"xFrameOptions":       "SAMEORIGIN",
-		// TODO
-		"contentSecurityPolicy":   fmt.Sprintf("frame-src 'self' %s; frame-ancestors 'self' %s; object-src 'none';", conf.Nextcloud.GetURL(), conf.Nextcloud.GetURL()),
-		"xXSSProtection":          "1; mode=block",
-		"strictTransportSecurity": "max-age=31536000; includeSubDomains",
-	}
-
-	r.BrowserSecurityHeaders = &browserSecurityHeaders
-
-	secret := &corev1.Secret{}
-	err := k8sCLI.Get(context.TODO(), client.ObjectKey{
-		Namespace: conf.Keycloak.Realm,
-		Name:      fmt.Sprintf("%s-smtp", conf.Keycloak.Realm)},
-		secret)
-	if err != nil {
-		// TODO manage error, if secret does not exist skip ?
-		return err
-	}
-
-	smtp := map[string]string{
-		"auth":     strconv.FormatBool(true),
-		"user":     string(secret.Data["username"]),
-		"from":     string(secret.Data["username"]),
-		"password": string(secret.Data["password"]),
-		"host":     string(secret.Data["host"]),
-		"Host":     string(secret.Data["host"]),
-		"port":     string(secret.Data["port"]),
-		"Port":     string(secret.Data["port"]),
-		"starttls": strconv.FormatBool(true),
-	}
-
-	r.SMTPServer = &smtp
-
-	r.PasswordPolicy = gocloak.StringP("length(12) and notUsername(undefined) and passwordHistory(3)")
-
-	return nil
-*/
-
 // RealmStatus defines the observed state of Realm
 type RealmStatus struct {
-	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
-	// Important: Run "make" to regenerate code after modifying this file
+	//+optional
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
 }

 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description=""
+// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description=""
+// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].message",description=""

 // Realm is the Schema for the realms API
 type Realm struct {
@@ -193,3 +120,19 @@ type RealmList struct {
 func init() {
 	SchemeBuilder.Register(&Realm{}, &RealmList{})
 }
+
+func (o *Realm) GetConditions() []metav1.Condition {
+	return o.Status.Conditions
+}
+
+func (o *Realm) SetConditions(conditions []metav1.Condition) {
+	o.Status.Conditions = conditions
+}
+
+func (o *Realm) GetUserSecretName() string {
+	return fmt.Sprintf("%s.user.%s", o.Name, RealmSecretSuffix)
+}
+
+func (o *Realm) GetCertSecretName() string {
+	return fmt.Sprintf("%s.cert.%s", o.Name, RealmSecretSuffix)
+}
--- a/apis/apps/v1alpha1/realm_types_helpers.go
+++ b/apis/apps/v1alpha1/realm_types_helpers.go
+package v1alpha1
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/Nerzal/gocloak/v11"
+)
+
+func (r *Realm) SetDefaults() {
+	if r.Spec.Enabled == nil {
+		r.Spec.Enabled = gocloak.BoolP(true)
+	}
+
+	if r.Spec.RegistrationEmailAsUsername == nil {
+		r.Spec.RegistrationEmailAsUsername = gocloak.BoolP(false)
+	}
+
+	if r.Spec.InternationalizationEnabled == nil {
+		r.Spec.InternationalizationEnabled = gocloak.BoolP(true)
+	}
+
+	if len(r.Spec.SupportedLocales) == 0 {
+		r.Spec.SupportedLocales = []string{"en", "fr"}
+	}
+
+	if r.Spec.RegistrationAllowed == nil {
+		r.Spec.RegistrationAllowed = gocloak.BoolP(false)
+	}
+
+	if r.Spec.LoginWithEmailAllowed == nil {
+		r.Spec.LoginWithEmailAllowed = gocloak.BoolP(true)
+	}
+
+	if r.Spec.VerifyEmail == nil {
+		r.Spec.VerifyEmail = gocloak.BoolP(true)
+	}
+
+	if r.Spec.RememberMe == nil {
+		r.Spec.RememberMe = gocloak.BoolP(true)
+	}
+
+	if r.Spec.ResetPasswordAllowed == nil {
+		r.Spec.ResetPasswordAllowed = gocloak.BoolP(true)
+	}
+
+	if r.Spec.EditUsernameAllowed == nil {
+		r.Spec.EditUsernameAllowed = gocloak.BoolP(false)
+	}
+
+	if r.Spec.DuplicateEmailsAllowed == nil {
+		r.Spec.DuplicateEmailsAllowed = gocloak.BoolP(false)
+	}
+
+	if r.Spec.DisplayName == "" {
+		r.Spec.DisplayName = r.Namespace
+	}
+
+	if r.Spec.DisplayNameHTML == "" {
+		r.Spec.DisplayNameHTML = r.Namespace
+	}
+
+	if r.Spec.RememberMe == nil {
+		r.Spec.RememberMe = gocloak.BoolP(true)
+	}
+
+	// 1 Day
+	if r.Spec.SSOSessionIdleTimeoutRememberMe == "" {
+		r.Spec.SSOSessionIdleTimeoutRememberMe = "86400"
+	}
+	// 7 Days
+	if r.Spec.SSOSessionMaxLifespanRememberMe == "" {
+		r.Spec.SSOSessionMaxLifespanRememberMe = "604800"
+	}
+
+	// 7 Days
+	if r.Spec.BruteForceProtected == nil {
+		r.Spec.BruteForceProtected = gocloak.BoolP(true)
+	}
+}
+
+func (r *Realm) MutateRealmRepresentation(realmRepresentation *gocloak.RealmRepresentation) {
+	realmRepresentation.Realm = &r.Namespace
+	realmRepresentation.Enabled = r.Spec.Enabled
+	realmRepresentation.DisplayName = &r.Spec.DisplayName
+	realmRepresentation.DisplayNameHTML = &r.Spec.DisplayNameHTML
+	realmRepresentation.LoginTheme = &r.Spec.LoginTheme
+	realmRepresentation.AccountTheme = &r.Spec.AccountTheme
+	realmRepresentation.AdminTheme = &r.Spec.AccountTheme
+	realmRepresentation.EmailTheme = &r.Spec.EmailTheme
+	realmRepresentation.InternationalizationEnabled = r.Spec.InternationalizationEnabled
+	realmRepresentation.SupportedLocales = &r.Spec.SupportedLocales
+	realmRepresentation.DefaultLocale = &r.Spec.DefaultLocale
+	realmRepresentation.RegistrationAllowed = r.Spec.RegistrationAllowed
+	realmRepresentation.RegistrationEmailAsUsername = r.Spec.RegistrationEmailAsUsername
+	realmRepresentation.EditUsernameAllowed = r.Spec.EditUsernameAllowed
+	realmRepresentation.ResetPasswordAllowed = r.Spec.ResetPasswordAllowed
+	realmRepresentation.RememberMe = r.Spec.RememberMe
+	realmRepresentation.VerifyEmail = r.Spec.VerifyEmail
+	realmRepresentation.LoginWithEmailAllowed = r.Spec.LoginWithEmailAllowed
+	realmRepresentation.DuplicateEmailsAllowed = r.Spec.DuplicateEmailsAllowed
+	realmRepresentation.BruteForceProtected = r.Spec.BruteForceProtected
+
+	if len(r.Spec.ContentSecurityPolicy) > 0 {
+		browserSecurityHeaders := *realmRepresentation.BrowserSecurityHeaders
+		browserSecurityHeaders["contentSecurityPolicy"] = fmt.Sprintf("frame-src 'self' %[1]s; frame-ancestors 'self' %[1]s; object-src 'none';", strings.Trim(fmt.Sprint(r.Spec.ContentSecurityPolicy), "[]"))
+
+		realmRepresentation.BrowserSecurityHeaders = &browserSecurityHeaders
+	}
+
+	// TODO
+	// SsoSessionIdleTimeoutRememberMe: ,
+	//	SSOSessionMaxLifespanRememberMe
+
+	// TODO Metrics
+
+}
--- a/apis/apps/v1alpha1/zz_generated.deepcopy.go
+++ b/apis/apps/v1alpha1/zz_generated.deepcopy.go
@@ -6,243 +6,17 @@
 package v1alpha1

 import (
-	"k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )

-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *LibreConfig) DeepCopyInto(out *LibreConfig) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
-	in.Spec.DeepCopyInto(&out.Spec)
-	out.Status = in.Status
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LibreConfig.
-func (in *LibreConfig) DeepCopy() *LibreConfig {
-	if in == nil {
-		return nil
-	}
-	out := new(LibreConfig)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *LibreConfig) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *LibreConfigList) DeepCopyInto(out *LibreConfigList) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ListMeta.DeepCopyInto(&out.ListMeta)
-	if in.Items != nil {
-		in, out := &in.Items, &out.Items
-		*out = make([]LibreConfig, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LibreConfigList.
-func (in *LibreConfigList) DeepCopy() *LibreConfigList {
-	if in == nil {
-		return nil
-	}
-	out := new(LibreConfigList)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *LibreConfigList) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *LibreConfigSpec) DeepCopyInto(out *LibreConfigSpec) {
-	*out = *in
-	if in.Keycloak != nil {
-		in, out := &in.Keycloak, &out.Keycloak
-		*out = new(Provider)
-		(*in).DeepCopyInto(*out)
-	}
-	if in.DataObjectStore != nil {
-		in, out := &in.DataObjectStore, &out.DataObjectStore
-		*out = new(Provider)
-		(*in).DeepCopyInto(*out)
-	}
-	if in.BackupObjectStore != nil {
-		in, out := &in.BackupObjectStore, &out.BackupObjectStore
-		*out = new(Provider)
-		(*in).DeepCopyInto(*out)
-	}
-	if in.Email != nil {
-		in, out := &in.Email, &out.Email
-		*out = new(Provider)
-		(*in).DeepCopyInto(*out)
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LibreConfigSpec.
-func (in *LibreConfigSpec) DeepCopy() *LibreConfigSpec {
-	if in == nil {
-		return nil
-	}
-	out := new(LibreConfigSpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *LibreConfigStatus) DeepCopyInto(out *LibreConfigStatus) {
-	*out = *in
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LibreConfigStatus.
-func (in *LibreConfigStatus) DeepCopy() *LibreConfigStatus {
-	if in == nil {
-		return nil
-	}
-	out := new(LibreConfigStatus)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *Nextcloud) DeepCopyInto(out *Nextcloud) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
-	out.Spec = in.Spec
-	in.Status.DeepCopyInto(&out.Status)
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Nextcloud.
-func (in *Nextcloud) DeepCopy() *Nextcloud {
-	if in == nil {
-		return nil
-	}
-	out := new(Nextcloud)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *Nextcloud) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *NextcloudList) DeepCopyInto(out *NextcloudList) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ListMeta.DeepCopyInto(&out.ListMeta)
-	if in.Items != nil {
-		in, out := &in.Items, &out.Items
-		*out = make([]Nextcloud, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NextcloudList.
-func (in *NextcloudList) DeepCopy() *NextcloudList {
-	if in == nil {
-		return nil
-	}
-	out := new(NextcloudList)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *NextcloudList) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *NextcloudSpec) DeepCopyInto(out *NextcloudSpec) {
-	*out = *in
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NextcloudSpec.
-func (in *NextcloudSpec) DeepCopy() *NextcloudSpec {
-	if in == nil {
-		return nil
-	}
-	out := new(NextcloudSpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *NextcloudStatus) DeepCopyInto(out *NextcloudStatus) {
-	*out = *in
-	if in.Conditions != nil {
-		in, out := &in.Conditions, &out.Conditions
-		*out = make([]metav1.Condition, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NextcloudStatus.
-func (in *NextcloudStatus) DeepCopy() *NextcloudStatus {
-	if in == nil {
-		return nil
-	}
-	out := new(NextcloudStatus)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *Provider) DeepCopyInto(out *Provider) {
-	*out = *in
-	if in.Credentials != nil {
-		in, out := &in.Credentials, &out.Credentials
-		*out = new(v1.LocalObjectReference)
-		**out = **in
-	}
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Provider.
-func (in *Provider) DeepCopy() *Provider {
-	if in == nil {
-		return nil
-	}
-	out := new(Provider)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Realm) DeepCopyInto(out *Realm) {
 	*out = *in
 	out.TypeMeta = in.TypeMeta
 	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
 	in.Spec.DeepCopyInto(&out.Spec)
-	out.Status = in.Status
+	in.Status.DeepCopyInto(&out.Status)
 }

 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Realm.
@@ -298,6 +72,11 @@ func (in *RealmList) DeepCopyObject() runtime.Object {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *RealmSpec) DeepCopyInto(out *RealmSpec) {
 	*out = *in
+	if in.Enabled != nil {
+		in, out := &in.Enabled, &out.Enabled
+		*out = new(bool)
+		**out = **in
+	}
 	if in.InternationalizationEnabled != nil {
 		in, out := &in.InternationalizationEnabled, &out.InternationalizationEnabled
 		*out = new(bool)
@@ -353,6 +132,11 @@ func (in *RealmSpec) DeepCopyInto(out *RealmSpec) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.BruteForceProtected != nil {
+		in, out := &in.BruteForceProtected, &out.BruteForceProtected
+		*out = new(bool)
+		**out = **in
+	}
 }

 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RealmSpec.
@@ -368,103 +152,21 @@ func (in *RealmSpec) DeepCopy() *RealmSpec {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *RealmStatus) DeepCopyInto(out *RealmStatus) {
 	*out = *in
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RealmStatus.
-func (in *RealmStatus) DeepCopy() *RealmStatus {
-	if in == nil {
-		return nil
-	}
-	out := new(RealmStatus)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *RocketChat) DeepCopyInto(out *RocketChat) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
-	out.Spec = in.Spec
-	out.Status = in.Status
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RocketChat.
-func (in *RocketChat) DeepCopy() *RocketChat {
-	if in == nil {
-		return nil
-	}
-	out := new(RocketChat)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *RocketChat) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *RocketChatList) DeepCopyInto(out *RocketChatList) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ListMeta.DeepCopyInto(&out.ListMeta)
-	if in.Items != nil {
-		in, out := &in.Items, &out.Items
-		*out = make([]RocketChat, len(*in))
+	if in.Conditions != nil {
+		in, out := &in.Conditions, &out.Conditions
+		*out = make([]v1.Condition, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
 }

-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RocketChatList.
-func (in *RocketChatList) DeepCopy() *RocketChatList {
-	if in == nil {
-		return nil
-	}
-	out := new(RocketChatList)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *RocketChatList) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *RocketChatSpec) DeepCopyInto(out *RocketChatSpec) {
-	*out = *in
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RocketChatSpec.
-func (in *RocketChatSpec) DeepCopy() *RocketChatSpec {
-	if in == nil {
-		return nil
-	}
-	out := new(RocketChatSpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *RocketChatStatus) DeepCopyInto(out *RocketChatStatus) {
-	*out = *in
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RocketChatStatus.
-func (in *RocketChatStatus) DeepCopy() *RocketChatStatus {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RealmStatus.
+func (in *RealmStatus) DeepCopy() *RealmStatus {
 	if in == nil {
 		return nil
 	}
-	out := new(RocketChatStatus)
+	out := new(RealmStatus)
 	in.DeepCopyInto(out)
 	return out
 }
--- a/apis/config/v1alpha1/groupversion_info.go
+++ b/apis/config/v1alpha1/groupversion_info.go
+// Package v1alpha1 contains API Schema definitions for the config v1alpha1 API group
+// +kubebuilder:object:generate=true
+// +groupName=config.libre.sh
+package v1alpha1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+var (
+	// GroupVersion is group version used to register these objects
+	GroupVersion = schema.GroupVersion{Group: "config.libre.sh", Version: "v1alpha1"}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+
+	// AddToScheme adds the types in this group-version to the given scheme.
+	AddToScheme = SchemeBuilder.AddToScheme
+)
--- a/apis/config/v1alpha1/libreconfig_types.go
+++ b/apis/config/v1alpha1/libreconfig_types.go
+package v1alpha1
+
+import (
+	networkingv1 "k8s.io/api/networking/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	cfg "sigs.k8s.io/controller-runtime/pkg/config/v1alpha1"
+)
+
+//+kubebuilder:object:root=true
+
+// LibreConfig is the Schema for the libreconfigs API
+type LibreConfig struct {
+	metav1.TypeMeta `json:",inline"`
+
+	// ControllerManagerConfigurationSpec returns the contfigurations for controllers
+	cfg.ControllerManagerConfigurationSpec `json:",inline"`
+
+	//+required
+	KeycloakProviders []Provider `json:"keycloakProviders"`
+	//+required
+	MinIOProviders []MinIOProvider `json:"minioProviders"`
+	//+required
+	ViMbAdminProviders []Provider `json:"vimbadminProviders"`
+}
+
+type Provider struct {
+	//+required
+	Name string `json:"name"`
+	//+required
+	Endpoint string `json:"endpoint"`
+	//+optional
+	Insecure bool `json:"insecure,omitempty"`
+	//+required
+	Username string `json:"username"`
+	//+required
+	Password string `json:"password"`
+}
+
+type MinIOProvider struct {
+	//+required
+	Provider `json:",inline"`
+	//+optional
+	BucketDNS *MinIOBucketDNS `json:"bucketDNS,omitempty"`
+}
+
+type MinIOBucketDNS struct {
+	//+requierd
+	Namespace string `json:"namespace"`
+	//+requierd
+	ServiceBackend networkingv1.IngressServiceBackend `json:"serviceBackend"`
+	//+optional
+	Annotations map[string]string `json:"annotations,omitempty"`
+}
+
+func (config *LibreConfig) GetMinIOProvider(name string) *MinIOProvider {
+	for _, p := range config.MinIOProviders {
+		if p.Name == name {
+			return &p
+		}
+	}
+	return nil
+}
+
+func (config *LibreConfig) GetKeycloakProvider(name string) *Provider {
+	for _, p := range config.KeycloakProviders {
+		if p.Name == name {
+			return &p
+		}
+	}
+	return nil
+}
+
+func (config *LibreConfig) GetViMbAdminProvider(name string) *Provider {
+	for _, p := range config.ViMbAdminProviders {
+		if p.Name == name {
+			return &p
+		}
+	}
+	return nil
+}
+
+func init() {
+	SchemeBuilder.Register(&LibreConfig{})
+}
--- a/apis/config/v1alpha1/zz_generated.deepcopy.go
+++ b/apis/config/v1alpha1/zz_generated.deepcopy.go
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by controller-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LibreConfig) DeepCopyInto(out *LibreConfig) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ControllerManagerConfigurationSpec.DeepCopyInto(&out.ControllerManagerConfigurationSpec)
+	if in.KeycloakProviders != nil {
+		in, out := &in.KeycloakProviders, &out.KeycloakProviders
+		*out = make([]Provider, len(*in))
+		copy(*out, *in)
+	}
+	if in.MinIOProviders != nil {
+		in, out := &in.MinIOProviders, &out.MinIOProviders
+		*out = make([]MinIOProvider, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.ViMbAdminProviders != nil {
+		in, out := &in.ViMbAdminProviders, &out.ViMbAdminProviders
+		*out = make([]Provider, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LibreConfig.
+func (in *LibreConfig) DeepCopy() *LibreConfig {
+	if in == nil {
+		return nil
+	}
+	out := new(LibreConfig)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *LibreConfig) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *MinIOBucketDNS) DeepCopyInto(out *MinIOBucketDNS) {
+	*out = *in
+	out.ServiceBackend = in.ServiceBackend
+	if in.Annotations != nil {
+		in, out := &in.Annotations, &out.Annotations
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MinIOBucketDNS.
+func (in *MinIOBucketDNS) DeepCopy() *MinIOBucketDNS {
+	if in == nil {
+		return nil
+	}
+	out := new(MinIOBucketDNS)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *MinIOProvider) DeepCopyInto(out *MinIOProvider) {
+	*out = *in
+	out.Provider = in.Provider
+	if in.BucketDNS != nil {
+		in, out := &in.BucketDNS, &out.BucketDNS
+		*out = new(MinIOBucketDNS)
+		(*in).DeepCopyInto(*out)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MinIOProvider.
+func (in *MinIOProvider) DeepCopy() *MinIOProvider {
+	if in == nil {
+		return nil
+	}
+	out := new(MinIOProvider)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Provider) DeepCopyInto(out *Provider) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Provider.
+func (in *Provider) DeepCopy() *Provider {
+	if in == nil {
+		return nil
+	}
+	out := new(Provider)
+	in.DeepCopyInto(out)
+	return out
+}
--- a/apis/core/v1alpha1/bucket_types.go
+++ b/apis/core/v1alpha1/bucket_types.go
+package v1alpha1
+
+import (
+	"fmt"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type BucketPolicyPreset string
+
+const (
+	BucketCDNPreset     BucketPolicyPreset = "cdn"
+	BucketPublicPreset  BucketPolicyPreset = "public"
+	BucketPrivatePreset BucketPolicyPreset = "private"
+)
+
+const BucketSecretSuffix = "bucket.libre.sh"
+
+// BucketSpec defines the desired state of Bucket
+type BucketSpec struct {
+	//+optional
+	Suspend bool `json:"suspend,omitempty"`
+	//+required
+	Provider string `json:"provider"`
+	//+required
+	BucketName string `json:"bucketName"`
+	//+optional
+	Purge bool `json:"purge,omitempty"`
+	//+optional
+	Policy BucketPolicy `json:"policy,omitempty"`
+}
+
+type BucketPolicy struct {
+	//+optional
+	Preset BucketPolicyPreset `json:"preset,omitempty"`
+	//+optional
+	Custom string `json:"custom,omitempty"`
+}
+
+// BucketStatus defines the observed state of Bucket
+type BucketStatus struct {
+	//+optional
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description=""
+// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description=""
+// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].message",description=""
+
+// Bucket is the Schema for the buckets API
+type Bucket struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   BucketSpec   `json:"spec,omitempty"`
+	Status BucketStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// BucketList contains a list of Bucket
+type BucketList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []Bucket `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&Bucket{}, &BucketList{})
+}
+
+func (o *Bucket) GetConditions() []metav1.Condition {
+	return o.Status.Conditions
+}
+
+func (o *Bucket) SetConditions(conditions []metav1.Condition) {
+	o.Status.Conditions = conditions
+}
+
+func (bucket *Bucket) GetBucketSecretName() string {
+	return fmt.Sprintf("%s.%s", bucket.Name, BucketSecretSuffix)
+}
+
+func (o *Bucket) SecretName() string {
+	return fmt.Sprintf("%s.bucket.libre.sh", o.Name)
+}
--- a/apis/core/v1alpha1/groupversion_info.go
+++ b/apis/core/v1alpha1/groupversion_info.go
+// Package v1alpha1 contains API Schema definitions for the core v1alpha1 API group
+// +kubebuilder:object:generate=true
+// +groupName=core.libre.sh
+package v1alpha1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+var (
+	// GroupVersion is group version used to register these objects
+	GroupVersion = schema.GroupVersion{Group: "core.libre.sh", Version: "v1alpha1"}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+
+	// AddToScheme adds the types in this group-version to the given scheme.
+	AddToScheme = SchemeBuilder.AddToScheme
+)
--- a/apis/apps/v1alpha1/rocketchat_types.go
+++ b/apis/apps/v1alpha1/rocketchat_types.go
 package v1alpha1

 import (
+	"fmt"
+
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

-// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
-// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+const MailSecretSuffix = "mail.libre.sh"

-// RocketChatSpec defines the desired state of RocketChat
-type RocketChatSpec struct {
-	Domain string `json:"domain,omitempty"`
+// MailSpec defines the desired state of Mail
+type MailSpec struct {
 	//+optional
-	EnableOAuth bool `json:"enableOAuth,omitempty"`
+	Suspend bool `json:"suspend,omitempty"`
+	//+required
+	Address string `json:"address"`
 }

-// RocketChatStatus defines the observed state of RocketChat
-type RocketChatStatus struct {
+// MailStatus defines the observewd state of Mail
+type MailStatus struct {
 	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
 	// Important: Run "make" to regenerate code after modifying this file
 }
@@ -23,24 +25,28 @@ type RocketChatStatus struct {
 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status

-// RocketChat is the Schema for the rocketchats API
-type RocketChat struct {
+// Mail is the Schema for the mails API
+type Mail struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

-	Spec   RocketChatSpec   `json:"spec,omitempty"`
-	Status RocketChatStatus `json:"status,omitempty"`
+	Spec   MailSpec   `json:"spec,omitempty"`
+	Status MailStatus `json:"status,omitempty"`
 }

 //+kubebuilder:object:root=true

-// RocketChatList contains a list of RocketChat
-type RocketChatList struct {
+// MailList contains a list of Mail
+type MailList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`
-	Items           []RocketChat `json:"items"`
+	Items           []Mail `json:"items"`
 }

 func init() {
-	SchemeBuilder.Register(&RocketChat{}, &RocketChatList{})
+	SchemeBuilder.Register(&Mail{}, &MailList{})
+}
+
+func (mail *Mail) GetSecretName() string {
+	return fmt.Sprintf("%s.%s", mail.Name, MailSecretSuffix)
 }
--- a/apis/core/v1alpha1/oidcclient_types.go
+++ b/apis/core/v1alpha1/oidcclient_types.go
+package v1alpha1
+
+import (
+	"github.com/Nerzal/gocloak/v11"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// OIDCClientSpec defines the desired state of OIDCClient
+type OIDCClientSpec struct {
+	Suspend                 bool     `json:"suspend,omitempty"`
+	ClientID                string   `json:"clientID,omitempty"`
+	Enabled                 *bool    `json:"enabled,omitempty"`
+	AccessType              string   `json:"accessType,omitempty"`
+	BaseURL                 string   `json:"baseURL,omitempty"`
+	RedirectURIs            []string `json:"redirectURIs,omitempty"`
+	Public                  *bool    `json:"public,omitempty"`
+	Realm                   string   `json:"realm,omitempty"`
+	ClientAuthenticatorType string   `json:"clientAuthenticatorType,omitempty"`
+}
+
+// OIDCClientStatus defines the observed state of OIDCClient
+type OIDCClientStatus struct {
+	//+optional
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description=""
+// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description=""
+// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].message",description=""
+
+// OIDCClient is the Schema for the oidcclients API
+type OIDCClient struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   OIDCClientSpec   `json:"spec,omitempty"`
+	Status OIDCClientStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// OIDCClientList contains a list of OIDCClient
+type OIDCClientList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []OIDCClient `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&OIDCClient{}, &OIDCClientList{})
+}
+
+func (o *OIDCClient) GetConditions() []metav1.Condition {
+	return o.Status.Conditions
+}
+
+func (o *OIDCClient) SetConditions(conditions []metav1.Condition) {
+	o.Status.Conditions = conditions
+}
+
+func (o *OIDCClient) SetDefaults() {
+	if o.Spec.Enabled == nil {
+		o.Spec.Enabled = gocloak.BoolP(true)
+	}
+	if len(o.Spec.ClientID) == 0 {
+		o.Spec.ClientID = o.Name
+	}
+	if o.Spec.Public == nil {
+		o.Spec.Public = gocloak.BoolP(false)
+	}
+	if len(o.Spec.Realm) == 0 {
+		o.Spec.Realm = o.Namespace
+	}
+	if len(o.Spec.ClientAuthenticatorType) == 0 {
+		o.Spec.ClientAuthenticatorType = "client-secret"
+	}
+
+}
--- a/apis/apps/v1alpha1/nextcloud_types.go
+++ b/apis/apps/v1alpha1/nextcloud_types.go
 package v1alpha1

 import (
+	"fmt"
+
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

-// NextcloudSpec defines the desired state of Nextcloud
-type NextcloudSpec struct {
-	//+required
-	Domain string `json:"domain,omitempty"`
+// RedisSpec defines the desired state of Redis
+type RedisSpec struct {
+	//+optional
+	Suspend bool `json:"suspend,omitempty"`
 }

-// NextcloudStatus defines the observed state of Nextcloud
-type NextcloudStatus struct {
+// RedisStatus defines the observed state of Redis
+type RedisStatus struct {
 	//+optional
 	Conditions []metav1.Condition `json:"conditions,omitempty"`
 }

 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
+//+kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description=""
 //+kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description=""
+//+kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].message",description=""

-// Nextcloud is the Schema for the nextclouds API
-type Nextcloud struct {
+// Redis is the Schema for the redis API
+type Redis struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

-	Spec   NextcloudSpec   `json:"spec,omitempty"`
-	Status NextcloudStatus `json:"status,omitempty"`
+	Spec   RedisSpec   `json:"spec,omitempty"`
+	Status RedisStatus `json:"status,omitempty"`
 }

 //+kubebuilder:object:root=true

-// NextcloudList contains a list of Nextcloud
-type NextcloudList struct {
+// RedisList contains a list of Redis
+type RedisList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`
-	Items           []Nextcloud `json:"items"`
+	Items           []Redis `json:"items"`
 }

 func init() {
-	SchemeBuilder.Register(&Nextcloud{}, &NextcloudList{})
+	SchemeBuilder.Register(&Redis{}, &RedisList{})
 }

-func (o *Nextcloud) GetConditions() []metav1.Condition {
+func (o *Redis) GetConditions() []metav1.Condition {
 	return o.Status.Conditions
 }

-func (o *Nextcloud) SetConditions(conditions []metav1.Condition) {
+func (o *Redis) SetConditions(conditions []metav1.Condition) {
 	o.Status.Conditions = conditions
 }
+
+func (o *Redis) SecretName() string {
+	return fmt.Sprintf("%s.redis.libre.sh", o.Name)
+}
--- a/apis/core/v1alpha1/samlclient_types.go
+++ b/apis/core/v1alpha1/samlclient_types.go
+package v1alpha1
+
+import (
+	"fmt"
+
+	"github.com/Nerzal/gocloak/v11"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// SAMLClientSpec defines the desired state of SAMLClient
+type SAMLClientSpec struct {
+	Suspend                        bool             `json:"suspend,omitempty"`
+	ClientID                       string           `json:"clientID,omitempty"`
+	Enabled                        *bool            `json:"enabled,omitempty"`
+	RedirectURIs                   []string         `json:"redirectURIs,omitempty"`
+	Realm                          string           `json:"realm,omitempty"`
+	AssertionSignature             bool             `json:"assertionSignature,omitempty"`
+	SigningCertificateSecretName   string           `json:"signingCertificateSecretName,omitempty"`
+	SingleLogoutServiceURLRedirect string           `json:"singleLogoutServiceURLRedirect,omitempty"`
+	SignatureAlgorithm             string           `json:"signatureAlgorithm,omitempty"`
+	ClientSignature                bool             `json:"clientSignature,omitempty"`
+	AuthnStatement                 bool             `json:"authnstatement,omitempty"`
+	AssertionConsumerURLPost       string           `json:"assertionConsumerURLPost,omitempty"`
+	SingleLogoutServiceURLPost     string           `json:"singleLogoutServiceURLPost,omitempty"`
+	NameIDFormat                   string           `json:"nameIDFormat,omitempty"`
+	ServerSignature                bool             `json:"serverSignature,omitempty"`
+	ServerSignatureKeyInfoExt      bool             `json:"serverSignatureKeyInfoExt,omitempty"`
+	FullScopeAllowed               bool             `json:"fullScopeAllowed,omitempty"`
+	ProtocolMappers                []ProtocolMapper `json:"protocolMappers,omitempty"`
+}
+
+type ProtocolMapper struct {
+	Config          map[string]string `json:"config,omitempty"`
+	Name            string            `json:"name,omitempty"`
+	Protocol        string            `json:"protocol,omitempty"`
+	ProtocolMapper  string            `json:"protocolMapper,omitempty"`
+	ConsentRequired bool              `json:"consentRequired,omitempty"`
+}
+
+// SAMLClientStatus defines the observed state of SAMLClient
+type SAMLClientStatus struct {
+	//+optional
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description=""
+// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description=""
+// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].message",description=""
+
+// SAMLClient is the Schema for the samlclients API
+type SAMLClient struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   SAMLClientSpec   `json:"spec,omitempty"`
+	Status SAMLClientStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// SAMLClientList contains a list of SAMLClient
+type SAMLClientList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []SAMLClient `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&SAMLClient{}, &SAMLClientList{})
+}
+
+func (o *SAMLClient) GetConditions() []metav1.Condition {
+	return o.Status.Conditions
+}
+
+func (o *SAMLClient) SetConditions(conditions []metav1.Condition) {
+	o.Status.Conditions = conditions
+}
+
+func (o *SAMLClient) SetDefaults() {
+	if o.Spec.Enabled == nil {
+		o.Spec.Enabled = gocloak.BoolP(true)
+	}
+	if len(o.Spec.ClientID) == 0 {
+		o.Spec.ClientID = o.Name
+	}
+}
+
+func (o *SAMLClient) SecretName() string {
+	return fmt.Sprintf("%s.saml.libre.sh", o.Name)
+}
--- a/apis/core/v1alpha1/status_types.go
+++ b/apis/core/v1alpha1/status_types.go
+package v1alpha1
+
+const (
+	BucketNotReadyCondition    = "BucketNotReady"
+	PostgrestNotReadyCondition = "PostgresNotReady"
+	SAMLNotReadyCondition      = "SAMLNotReady"
+	RedisNotReadyCondition     = "RedisNotReady"
+)
--- a/apis/core/v1alpha1/zz_generated.deepcopy.go
+++ b/apis/core/v1alpha1/zz_generated.deepcopy.go
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Code generated by controller-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	"k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Bucket) DeepCopyInto(out *Bucket) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	out.Spec = in.Spec
+	in.Status.DeepCopyInto(&out.Status)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Bucket.
+func (in *Bucket) DeepCopy() *Bucket {
+	if in == nil {
+		return nil
+	}
+	out := new(Bucket)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *Bucket) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *BucketList) DeepCopyInto(out *BucketList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]Bucket, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BucketList.
+func (in *BucketList) DeepCopy() *BucketList {
+	if in == nil {
+		return nil
+	}
+	out := new(BucketList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *BucketList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *BucketPolicy) DeepCopyInto(out *BucketPolicy) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BucketPolicy.
+func (in *BucketPolicy) DeepCopy() *BucketPolicy {
+	if in == nil {
+		return nil
+	}
+	out := new(BucketPolicy)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *BucketSpec) DeepCopyInto(out *BucketSpec) {
+	*out = *in
+	out.Policy = in.Policy
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BucketSpec.
+func (in *BucketSpec) DeepCopy() *BucketSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(BucketSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *BucketStatus) DeepCopyInto(out *BucketStatus) {
+	*out = *in
+	if in.Conditions != nil {
+		in, out := &in.Conditions, &out.Conditions
+		*out = make([]v1.Condition, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BucketStatus.
+func (in *BucketStatus) DeepCopy() *BucketStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(BucketStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Mail) DeepCopyInto(out *Mail) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	out.Spec = in.Spec
+	out.Status = in.Status
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Mail.
+func (in *Mail) DeepCopy() *Mail {
+	if in == nil {
+		return nil
+	}
+	out := new(Mail)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *Mail) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *MailList) DeepCopyInto(out *MailList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]Mail, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MailList.
+func (in *MailList) DeepCopy() *MailList {
+	if in == nil {
+		return nil
+	}
+	out := new(MailList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *MailList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *MailSpec) DeepCopyInto(out *MailSpec) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MailSpec.
+func (in *MailSpec) DeepCopy() *MailSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(MailSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *MailStatus) DeepCopyInto(out *MailStatus) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MailStatus.
+func (in *MailStatus) DeepCopy() *MailStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(MailStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OIDCClient) DeepCopyInto(out *OIDCClient) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	in.Status.DeepCopyInto(&out.Status)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClient.
+func (in *OIDCClient) DeepCopy() *OIDCClient {
+	if in == nil {
+		return nil
+	}
+	out := new(OIDCClient)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *OIDCClient) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OIDCClientList) DeepCopyInto(out *OIDCClientList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]OIDCClient, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientList.
+func (in *OIDCClientList) DeepCopy() *OIDCClientList {
+	if in == nil {
+		return nil
+	}
+	out := new(OIDCClientList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *OIDCClientList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OIDCClientSpec) DeepCopyInto(out *OIDCClientSpec) {
+	*out = *in
+	if in.Enabled != nil {
+		in, out := &in.Enabled, &out.Enabled
+		*out = new(bool)
+		**out = **in
+	}
+	if in.RedirectURIs != nil {
+		in, out := &in.RedirectURIs, &out.RedirectURIs
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.Public != nil {
+		in, out := &in.Public, &out.Public
+		*out = new(bool)
+		**out = **in
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSpec.
+func (in *OIDCClientSpec) DeepCopy() *OIDCClientSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(OIDCClientSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OIDCClientStatus) DeepCopyInto(out *OIDCClientStatus) {
+	*out = *in
+	if in.Conditions != nil {
+		in, out := &in.Conditions, &out.Conditions
+		*out = make([]v1.Condition, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientStatus.
+func (in *OIDCClientStatus) DeepCopy() *OIDCClientStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(OIDCClientStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ProtocolMapper) DeepCopyInto(out *ProtocolMapper) {
+	*out = *in
+	if in.Config != nil {
+		in, out := &in.Config, &out.Config
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProtocolMapper.
+func (in *ProtocolMapper) DeepCopy() *ProtocolMapper {
+	if in == nil {
+		return nil
+	}
+	out := new(ProtocolMapper)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Redis) DeepCopyInto(out *Redis) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	out.Spec = in.Spec
+	in.Status.DeepCopyInto(&out.Status)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Redis.
+func (in *Redis) DeepCopy() *Redis {
+	if in == nil {
+		return nil
+	}
+	out := new(Redis)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *Redis) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RedisList) DeepCopyInto(out *RedisList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]Redis, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RedisList.
+func (in *RedisList) DeepCopy() *RedisList {
+	if in == nil {
+		return nil
+	}
+	out := new(RedisList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *RedisList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RedisSpec) DeepCopyInto(out *RedisSpec) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RedisSpec.
+func (in *RedisSpec) DeepCopy() *RedisSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(RedisSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RedisStatus) DeepCopyInto(out *RedisStatus) {
+	*out = *in
+	if in.Conditions != nil {
+		in, out := &in.Conditions, &out.Conditions
+		*out = make([]v1.Condition, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RedisStatus.
+func (in *RedisStatus) DeepCopy() *RedisStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(RedisStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SAMLClient) DeepCopyInto(out *SAMLClient) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	in.Status.DeepCopyInto(&out.Status)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SAMLClient.
+func (in *SAMLClient) DeepCopy() *SAMLClient {
+	if in == nil {
+		return nil
+	}
+	out := new(SAMLClient)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *SAMLClient) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SAMLClientList) DeepCopyInto(out *SAMLClientList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]SAMLClient, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SAMLClientList.
+func (in *SAMLClientList) DeepCopy() *SAMLClientList {
+	if in == nil {
+		return nil
+	}
+	out := new(SAMLClientList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *SAMLClientList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SAMLClientSpec) DeepCopyInto(out *SAMLClientSpec) {
+	*out = *in
+	if in.Enabled != nil {
+		in, out := &in.Enabled, &out.Enabled
+		*out = new(bool)
+		**out = **in
+	}
+	if in.RedirectURIs != nil {
+		in, out := &in.RedirectURIs, &out.RedirectURIs
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.ProtocolMappers != nil {
+		in, out := &in.ProtocolMappers, &out.ProtocolMappers
+		*out = make([]ProtocolMapper, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SAMLClientSpec.
+func (in *SAMLClientSpec) DeepCopy() *SAMLClientSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(SAMLClientSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SAMLClientStatus) DeepCopyInto(out *SAMLClientStatus) {
+	*out = *in
+	if in.Conditions != nil {
+		in, out := &in.Conditions, &out.Conditions
+		*out = make([]v1.Condition, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SAMLClientStatus.
+func (in *SAMLClientStatus) DeepCopy() *SAMLClientStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(SAMLClientStatus)
+	in.DeepCopyInto(out)
+	return out
+}