From 0e6e32438dfeec18ccfc61a0e515377a1fd8f982 Mon Sep 17 00:00:00 2001 From: Guilherme Cassolato Date: Thu, 21 Nov 2024 14:38:07 +0100 Subject: [PATCH] Update Authorino manifests Signed-off-by: Guilherme Cassolato --- ...horino-operator.clusterserviceversion.yaml | 2 +- .../authorino.kuadrant.io_authconfigs.yaml | 28 +++++++++++++++++-- .../templates/manifests.yaml | 28 +++++++++++++++++-- config/deploy/manifests.yaml | 28 +++++++++++++++++-- 4 files changed, 76 insertions(+), 10 deletions(-) diff --git a/bundle/manifests/authorino-operator.clusterserviceversion.yaml b/bundle/manifests/authorino-operator.clusterserviceversion.yaml index 8f70337..c35b6fb 100644 --- a/bundle/manifests/authorino-operator.clusterserviceversion.yaml +++ b/bundle/manifests/authorino-operator.clusterserviceversion.yaml @@ -83,7 +83,7 @@ metadata: capabilities: Basic Install categories: Integration & Delivery containerImage: quay.io/kuadrant/authorino-operator:latest - createdAt: "2024-11-19T15:52:57Z" + createdAt: "2024-11-21T13:37:42Z" operators.operatorframework.io/builder: operator-sdk-v1.32.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/Kuadrant/authorino-operator diff --git a/bundle/manifests/authorino.kuadrant.io_authconfigs.yaml b/bundle/manifests/authorino.kuadrant.io_authconfigs.yaml index ea01a64..9f58e3d 100644 --- a/bundle/manifests/authorino.kuadrant.io_authconfigs.yaml +++ b/bundle/manifests/authorino.kuadrant.io_authconfigs.yaml @@ -3105,10 +3105,32 @@ spec: kubernetesSubjectAccessReview: description: Authorization by Kubernetes SubjectAccessReview properties: + authorizationGroups: + description: Groups to check for existing permission in + the Kubernetes RBAC alternatively to a specific user. + This is typically obtained from a list of groups the user + is a member of. Must be a static list of group names or + dynamically resolve to one from the Authorization JSON. + properties: + expression: + description: |- + A Common Expression Language (CEL) expression that evaluates to a value. + String expressions are supported (https://pkg.go.dev/github.com/google/cel-go/ext#Strings). + type: string + selector: + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + type: string + value: + description: Static value + x-kubernetes-preserve-unknown-fields: true + type: object groups: - description: Groups the user must be a member of or, if - `user` is omitted, the groups to check for authorization - in the Kubernetes RBAC. + description: |- + Groups the user must be a member of or, if `user` is omitted, the groups to check for authorization in the Kubernetes RBAC. + Deprecated: Use authorizationGroups instead. items: type: string type: array diff --git a/charts/authorino-operator/templates/manifests.yaml b/charts/authorino-operator/templates/manifests.yaml index bd244cf..a786330 100644 --- a/charts/authorino-operator/templates/manifests.yaml +++ b/charts/authorino-operator/templates/manifests.yaml @@ -3104,10 +3104,32 @@ spec: kubernetesSubjectAccessReview: description: Authorization by Kubernetes SubjectAccessReview properties: + authorizationGroups: + description: Groups to check for existing permission in + the Kubernetes RBAC alternatively to a specific user. + This is typically obtained from a list of groups the user + is a member of. Must be a static list of group names or + dynamically resolve to one from the Authorization JSON. + properties: + expression: + description: |- + A Common Expression Language (CEL) expression that evaluates to a value. + String expressions are supported (https://pkg.go.dev/github.com/google/cel-go/ext#Strings). + type: string + selector: + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + type: string + value: + description: Static value + x-kubernetes-preserve-unknown-fields: true + type: object groups: - description: Groups the user must be a member of or, if - `user` is omitted, the groups to check for authorization - in the Kubernetes RBAC. + description: |- + Groups the user must be a member of or, if `user` is omitted, the groups to check for authorization in the Kubernetes RBAC. + Deprecated: Use authorizationGroups instead. items: type: string type: array diff --git a/config/deploy/manifests.yaml b/config/deploy/manifests.yaml index 028c6af..5c672ed 100644 --- a/config/deploy/manifests.yaml +++ b/config/deploy/manifests.yaml @@ -3111,10 +3111,32 @@ spec: kubernetesSubjectAccessReview: description: Authorization by Kubernetes SubjectAccessReview properties: + authorizationGroups: + description: Groups to check for existing permission in + the Kubernetes RBAC alternatively to a specific user. + This is typically obtained from a list of groups the user + is a member of. Must be a static list of group names or + dynamically resolve to one from the Authorization JSON. + properties: + expression: + description: |- + A Common Expression Language (CEL) expression that evaluates to a value. + String expressions are supported (https://pkg.go.dev/github.com/google/cel-go/ext#Strings). + type: string + selector: + description: |- + Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + type: string + value: + description: Static value + x-kubernetes-preserve-unknown-fields: true + type: object groups: - description: Groups the user must be a member of or, if - `user` is omitted, the groups to check for authorization - in the Kubernetes RBAC. + description: |- + Groups the user must be a member of or, if `user` is omitted, the groups to check for authorization in the Kubernetes RBAC. + Deprecated: Use authorizationGroups instead. items: type: string type: array