LCORE-1019: docs for rh-identity auth

[major]

Explain how to use the rh-identity auth capability and how it works.

Description

Type of change

• Refactor
• New feature
• Bug fix
• CVE fix
• Optimization
• Documentation Update
• Configuration Update
• Bump-up service version
• Bump-up dependent library
• Bump-up library or tool used for development (does not change the final image)
• CI configuration change
• Konflux configuration change
• Unit tests improvement
• Integration tests improvement
• End to end tests improvement

Tools used to create PR

• Assisted-by: Claude

Related Tickets & Documents

• Related Issue #
• Closes #

Checklist before requesting a review

• I have performed a self-review of my code.
• PR has passed all pre-merge test jobs.
• If it is a core feature, I have added thorough tests.

Testing

Just docs!

Summary by CodeRabbit

• Documentation
  • Added comprehensive documentation for Red Hat Identity authentication, including configuration details, identity types, header format specifications, expected behavior, system requirements, and error response information.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[openshift-ci]

Hi @major. Thanks for your PR.

I'm waiting for a github.com member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

Walkthrough

The PR adds documentation for Red Hat Identity (rh-identity) authentication to docs/auth.md, covering configuration, identity types (User and System), header format, behavior, requirements, and error responses. No code changes are included.

Changes

Cohort / File(s)	Summary
Authentication Documentation docs/auth.md	Added Red Hat Identity (rh-identity) authentication module documentation with configuration details, identity types, header format, behavior specifications, requirements, and error responses

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• LCORE-261: updated OpenAPI #817: Adds RHIdentityConfiguration and rh_identity_config to AuthenticationConfiguration, providing the code-level implementation that this documentation describes
• LCORE-597: Document auth/authz #603: Modifies docs/auth.md with foundational authentication documentation structure that this PR expands with the new rh-identity section

Suggested reviewers

• tisnik

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The title clearly and specifically summarizes the main change: adding documentation for the rh-identity authentication mechanism.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

docs/auth.md (1)

161-247: Documentation is well-structured and consistent with existing auth modules. The new rh-identity section follows the established pattern, includes clear configuration examples, shows both identity types with decoded header examples, and provides error responses. The explanation of entitlements validation (lines 176–178) is particularly clear.

A minor suggestion for additional clarity: lines 184–185 and line 233 describe username extraction for System identities slightly differently. Consider making the Behavior section (line 233) more explicit: instead of "username (or account_number for System)", you could say "username is derived from account_number for System identities" to avoid any ambiguity about field mapping.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0550f02 and 3bea3ff.

📒 Files selected for processing (1)

• docs/auth.md (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: build-pr
• GitHub Check: E2E: library mode / ci
• GitHub Check: E2E: server mode / azure
• GitHub Check: E2E: library mode / azure
• GitHub Check: E2E: server mode / ci

[tisnik]

LGTM

[tisnik]

/ok-to-test

[tisnik]

/ok-to-test

[major]

@tisnik Thanks! It seems like those E2E test failures might be related to something else, right?