OCPBUGS-36809: Add missing auth config fields

The `uid` and `extra` fields were added to Kubernetes in 1.29. These fields should be included in OpenShift as well.
openshift · Jul 10, 2024 · a288b0d · a288b0d
1 parent 0689f00
commit a288b0d
Show file tree

Hide file tree

Showing 5 changed files with 217 additions and 1 deletion.
diff --git a/config/v1/types_authentication.go b/config/v1/types_authentication.go
@@ -268,6 +268,14 @@ type TokenClaimMappings struct {
 	// groups for the cluster identity.
 	// The referenced claim must use array of strings values.
 	Groups PrefixedClaimMapping `json:"groups,omitempty"`
+
+	// UID reqresents an option for the uid attribute.
+	// +optional
+	UID ClaimOrExpression `json:"uid"`
+
+	// Extra represents an option for the extra attribute
+	// +optional
+	Extra []ExtraMapping `json:"extra"`
 }
 
 type TokenClaimMapping struct {
@@ -481,3 +489,26 @@ type TokenRequiredClaim struct {
 	// +required
 	RequiredValue string `json:"requiredValue"`
 }
+
+type ClaimOrExpression struct {
+	// Claim is the JWT claim to use.
+	// Mutually exclusive with expression.
+	// +optional
+	Claim string `json:"claim"`
+
+	// Expression respresents a CEL expression.
+	// Mutually exclusive with claim.
+	// +optional
+	Expression string `json:"expression"`
+}
+
+type ExtraMapping struct {
+	// Key is a string to use as the extra attribute key
+	// key must be lowercase and unique
+	// +required
+	Key string `json:"key"`
+
+	// ValueExpression is a CEL expression to extract extra attribute value
+	// +required
+	ValueExpression string `json:"valueExpression"`
+}
diff --git a/config/v1/zz_generated.deepcopy.go b/config/v1/zz_generated.deepcopy.go
diff --git a/config/v1/zz_generated.swagger_doc_generated.go b/config/v1/zz_generated.swagger_doc_generated.go
diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go
diff --git a/openapi/openapi.json b/openapi/openapi.json
@@ -4940,6 +4940,21 @@
         }
       }
     },
+    "com.github.openshift.api.config.v1.ClaimOrExpression": {
+      "type": "object",
+      "properties": {
+        "claim": {
+          "description": "Claim is the JWT claim to use. Mutually exclusive with expression.",
+          "type": "string",
+          "default": ""
+        },
+        "expression": {
+          "description": "Expression respresents a CEL expression. Mutually exclusive with claim.",
+          "type": "string",
+          "default": ""
+        }
+      }
+    },
     "com.github.openshift.api.config.v1.ClientConnectionOverrides": {
       "type": "object",
       "required": [
@@ -6159,6 +6174,25 @@
         }
       }
     },
+    "com.github.openshift.api.config.v1.ExtraMapping": {
+      "type": "object",
+      "required": [
+        "key",
+        "valueExpression"
+      ],
+      "properties": {
+        "key": {
+          "description": "Key is a string to use as the extra attribute key key must be lowercase and unique",
+          "type": "string",
+          "default": ""
+        },
+        "valueExpression": {
+          "description": "ValueExpression is a CEL expression to extract extra attribute value",
+          "type": "string",
+          "default": ""
+        }
+      }
+    },
     "com.github.openshift.api.config.v1.FeatureGate": {
       "description": "Feature holds cluster-wide information about feature gates.  The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).",
       "type": "object",
@@ -10290,11 +10324,24 @@
     "com.github.openshift.api.config.v1.TokenClaimMappings": {
       "type": "object",
       "properties": {
+        "extra": {
+          "description": "Extra represents an option for the extra attribute",
+          "type": "array",
+          "items": {
+            "default": {},
+            "$ref": "#/definitions/com.github.openshift.api.config.v1.ExtraMapping"
+          }
+        },
         "groups": {
           "description": "Groups is a name of the claim that should be used to construct groups for the cluster identity. The referenced claim must use array of strings values.",
           "default": {},
           "$ref": "#/definitions/com.github.openshift.api.config.v1.PrefixedClaimMapping"
         },
+        "uid": {
+          "description": "UID reqresents an option for the uid attribute.",
+          "default": {},
+          "$ref": "#/definitions/com.github.openshift.api.config.v1.ClaimOrExpression"
+        },
         "username": {
           "description": "Username is a name of the claim that should be used to construct usernames for the cluster identity.\n\nDefault value: \"sub\"",
           "default": {},