open-cluster-management-io
diff --git a/‎operator/v1/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml
+25 b/‎operator/v1/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml
+25
diff --git a/‎operator/v1/types_clustermanager.go
+18 b/‎operator/v1/types_clustermanager.go
+18
diff --git a/‎operator/v1/zz_generated.deepcopy.go
+28 b/‎operator/v1/zz_generated.deepcopy.go
+28
diff --git a/‎operator/v1/zz_generated.swagger_doc_generated.go
+13-3 b/‎operator/v1/zz_generated.swagger_doc_generated.go
+13-3
@@ -216,6 +216,31 @@ spec:
                 description: RegistrationConfiguration contains the configuration
                   of registration
                 properties:
+                  autoApprovalIdentities:
+                    description: |-
+                      AutoApprovalIdentities represent the list of approved identities which is used to whitelist certain identities to join with the hub cluster
+                      An ApprovedIdentities contains details of the driver type (csr, awsirsa) and a list of identities to whitelist.
+                    items:
+                      properties:
+                        driver:
+                          description: Type of authentication used for specific set
+                            of identities to whitelist. Possible values are csr and
+                            awsirsa.
+                          enum:
+                          - csr
+                          - awsirsa
+                          type: string
+                        identities:
+                          description: Identities represent a list of users in which
+                            we will allow to join with hub cluster
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    type: array
+                    x-kubernetes-list-map-keys:
+                    - driver
+                    x-kubernetes-list-type: map
                   autoApproveUsers:
                     description: |-
                       AutoApproveUser represents a list of users that can auto approve CSR and accept client. If the credential of the
 
@@ -115,6 +115,13 @@ type RegistrationHubConfiguration struct {
 	// +listType=map
 	// +listMapKey=authType
 	RegistrationDrivers []RegistrationDriverHub `json:"registrationDrivers,omitempty"`
+
+	// AutoApprovalIdentities represent the list of approved identities which is used to whitelist certain identities to join with the hub cluster
+	// An ApprovedIdentities contains details of the driver type (csr, awsirsa) and a list of identities to whitelist.
+	// +optional
+	// +listType=map
+	// +listMapKey=driver
+	AutoApprovalIdentities []ApprovedIdentities `json:"autoApprovalIdentities,omitempty"`
 }
 
 type RegistrationDriverHub struct {
@@ -132,6 +139,17 @@ type RegistrationDriverHub struct {
 	HubClusterArn string `json:"hubClusterArn,omitempty"`
 }
 
+type ApprovedIdentities struct {
+	// Type of authentication used for specific set of identities to whitelist. Possible values are csr and awsirsa.
+	// +required
+	// +kubebuilder:validation:Enum=csr;awsirsa
+	Driver string `json:"driver,omitempty"`
+
+	// Identities represent a list of users in which we will allow to join with hub cluster
+	// +optional
+	Identities []string `json:"identities,omitempty"`
+}
+
 type WorkConfiguration struct {
 	// FeatureGates represents the list of feature gates for work
 	// If it is set empty, default feature gates will be used.