Skip to content

Commit

Permalink
Merge pull request #232 from Kuadrant/update-authorino-manifests
Browse files Browse the repository at this point in the history
Update Authorino manifests
  • Loading branch information
guicassolato authored Nov 21, 2024
2 parents 6c893d2 + 0e6e324 commit e6ef884
Show file tree
Hide file tree
Showing 4 changed files with 76 additions and 10 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ metadata:
capabilities: Basic Install
categories: Integration & Delivery
containerImage: quay.io/kuadrant/authorino-operator:latest
createdAt: "2024-11-19T15:52:57Z"
createdAt: "2024-11-21T13:37:42Z"
operators.operatorframework.io/builder: operator-sdk-v1.32.0
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
repository: https://github.com/Kuadrant/authorino-operator
Expand Down
28 changes: 25 additions & 3 deletions bundle/manifests/authorino.kuadrant.io_authconfigs.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3105,10 +3105,32 @@ spec:
kubernetesSubjectAccessReview:
description: Authorization by Kubernetes SubjectAccessReview
properties:
authorizationGroups:
description: Groups to check for existing permission in
the Kubernetes RBAC alternatively to a specific user.
This is typically obtained from a list of groups the user
is a member of. Must be a static list of group names or
dynamically resolve to one from the Authorization JSON.
properties:
expression:
description: |-
A Common Expression Language (CEL) expression that evaluates to a value.
String expressions are supported (https://pkg.go.dev/github.com/google/cel-go/ext#Strings).
type: string
selector:
description: |-
Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!").
Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.
The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip.
type: string
value:
description: Static value
x-kubernetes-preserve-unknown-fields: true
type: object
groups:
description: Groups the user must be a member of or, if
`user` is omitted, the groups to check for authorization
in the Kubernetes RBAC.
description: |-
Groups the user must be a member of or, if `user` is omitted, the groups to check for authorization in the Kubernetes RBAC.
Deprecated: Use authorizationGroups instead.
items:
type: string
type: array
Expand Down
28 changes: 25 additions & 3 deletions charts/authorino-operator/templates/manifests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3104,10 +3104,32 @@ spec:
kubernetesSubjectAccessReview:
description: Authorization by Kubernetes SubjectAccessReview
properties:
authorizationGroups:
description: Groups to check for existing permission in
the Kubernetes RBAC alternatively to a specific user.
This is typically obtained from a list of groups the user
is a member of. Must be a static list of group names or
dynamically resolve to one from the Authorization JSON.
properties:
expression:
description: |-
A Common Expression Language (CEL) expression that evaluates to a value.
String expressions are supported (https://pkg.go.dev/github.com/google/cel-go/ext#Strings).
type: string
selector:
description: |-
Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!").
Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.
The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip.
type: string
value:
description: Static value
x-kubernetes-preserve-unknown-fields: true
type: object
groups:
description: Groups the user must be a member of or, if
`user` is omitted, the groups to check for authorization
in the Kubernetes RBAC.
description: |-
Groups the user must be a member of or, if `user` is omitted, the groups to check for authorization in the Kubernetes RBAC.
Deprecated: Use authorizationGroups instead.
items:
type: string
type: array
Expand Down
28 changes: 25 additions & 3 deletions config/deploy/manifests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3111,10 +3111,32 @@ spec:
kubernetesSubjectAccessReview:
description: Authorization by Kubernetes SubjectAccessReview
properties:
authorizationGroups:
description: Groups to check for existing permission in
the Kubernetes RBAC alternatively to a specific user.
This is typically obtained from a list of groups the user
is a member of. Must be a static list of group names or
dynamically resolve to one from the Authorization JSON.
properties:
expression:
description: |-
A Common Expression Language (CEL) expression that evaluates to a value.
String expressions are supported (https://pkg.go.dev/github.com/google/cel-go/ext#Strings).
type: string
selector:
description: |-
Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!").
Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.
The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip.
type: string
value:
description: Static value
x-kubernetes-preserve-unknown-fields: true
type: object
groups:
description: Groups the user must be a member of or, if
`user` is omitted, the groups to check for authorization
in the Kubernetes RBAC.
description: |-
Groups the user must be a member of or, if `user` is omitted, the groups to check for authorization in the Kubernetes RBAC.
Deprecated: Use authorizationGroups instead.
items:
type: string
type: array
Expand Down

0 comments on commit e6ef884

Please sign in to comment.