diff --git a/config/v1/types_authentication.go b/config/v1/types_authentication.go index f6f0c12a3be..967a094d19e 100644 --- a/config/v1/types_authentication.go +++ b/config/v1/types_authentication.go @@ -268,6 +268,14 @@ type TokenClaimMappings struct { // groups for the cluster identity. // The referenced claim must use array of strings values. Groups PrefixedClaimMapping `json:"groups,omitempty"` + + // UID reqresents an option for the uid attribute. + // +optional + UID ClaimOrExpression `json:"uid"` + + // Extra represents an option for the extra attribute + // +optional + Extra []ExtraMapping `json:"extra"` } type TokenClaimMapping struct { @@ -481,3 +489,26 @@ type TokenRequiredClaim struct { // +required RequiredValue string `json:"requiredValue"` } + +type ClaimOrExpression struct { + // Claim is the JWT claim to use. + // Mutually exclusive with expression. + // +optional + Claim string `json:"claim"` + + // Expression respresents a CEL expression. + // Mutually exclusive with claim. + // +optional + Expression string `json:"expression"` +} + +type ExtraMapping struct { + // Key is a string to use as the extra attribute key + // key must be lowercase and unique + // +required + Key string `json:"key"` + + // ValueExpression is a CEL expression to extract extra attribute value + // +required + ValueExpression string `json:"valueExpression"` +} diff --git a/config/v1/zz_generated.deepcopy.go b/config/v1/zz_generated.deepcopy.go index 9a81bc559ce..f6aa99cfe22 100644 --- a/config/v1/zz_generated.deepcopy.go +++ b/config/v1/zz_generated.deepcopy.go @@ -893,6 +893,22 @@ func (in *CertInfo) DeepCopy() *CertInfo { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClaimOrExpression) DeepCopyInto(out *ClaimOrExpression) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClaimOrExpression. +func (in *ClaimOrExpression) DeepCopy() *ClaimOrExpression { + if in == nil { + return nil + } + out := new(ClaimOrExpression) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClientConnectionOverrides) DeepCopyInto(out *ClientConnectionOverrides) { *out = *in @@ -1995,6 +2011,22 @@ func (in *ExternalPlatformStatus) DeepCopy() *ExternalPlatformStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExtraMapping) DeepCopyInto(out *ExtraMapping) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraMapping. +func (in *ExtraMapping) DeepCopy() *ExtraMapping { + if in == nil { + return nil + } + out := new(ExtraMapping) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FeatureGate) DeepCopyInto(out *FeatureGate) { *out = *in @@ -5647,6 +5679,12 @@ func (in *TokenClaimMappings) DeepCopyInto(out *TokenClaimMappings) { *out = *in in.Username.DeepCopyInto(&out.Username) out.Groups = in.Groups + out.UID = in.UID + if in.Extra != nil { + in, out := &in.Extra, &out.Extra + *out = make([]ExtraMapping, len(*in)) + copy(*out, *in) + } return } diff --git a/config/v1/zz_generated.swagger_doc_generated.go b/config/v1/zz_generated.swagger_doc_generated.go index e5e9bdb897d..7d22153b33f 100644 --- a/config/v1/zz_generated.swagger_doc_generated.go +++ b/config/v1/zz_generated.swagger_doc_generated.go @@ -385,6 +385,15 @@ func (AuthenticationStatus) SwaggerDoc() map[string]string { return map_AuthenticationStatus } +var map_ClaimOrExpression = map[string]string{ + "claim": "Claim is the JWT claim to use. Mutually exclusive with expression.", + "expression": "Expression respresents a CEL expression. Mutually exclusive with claim.", +} + +func (ClaimOrExpression) SwaggerDoc() map[string]string { + return map_ClaimOrExpression +} + var map_DeprecatedWebhookTokenAuthenticator = map[string]string{ "": "deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field.", "kubeConfig": "kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.", @@ -394,6 +403,15 @@ func (DeprecatedWebhookTokenAuthenticator) SwaggerDoc() map[string]string { return map_DeprecatedWebhookTokenAuthenticator } +var map_ExtraMapping = map[string]string{ + "key": "Key is a string to use as the extra attribute key key must be lowercase and unique", + "valueExpression": "ValueExpression is a CEL expression to extract extra attribute value", +} + +func (ExtraMapping) SwaggerDoc() map[string]string { + return map_ExtraMapping +} + var map_OIDCClientConfig = map[string]string{ "componentName": "ComponentName is the name of the component that is supposed to consume this client configuration", "componentNamespace": "ComponentNamespace is the namespace of the component that is supposed to consume this client configuration", @@ -459,6 +477,8 @@ func (TokenClaimMapping) SwaggerDoc() map[string]string { var map_TokenClaimMappings = map[string]string{ "username": "Username is a name of the claim that should be used to construct usernames for the cluster identity.\n\nDefault value: \"sub\"", "groups": "Groups is a name of the claim that should be used to construct groups for the cluster identity. The referenced claim must use array of strings values.", + "uid": "UID reqresents an option for the uid attribute.", + "extra": "Extra represents an option for the extra attribute", } func (TokenClaimMappings) SwaggerDoc() map[string]string { diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index 9a3eb129e59..00a5c261b0a 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -180,6 +180,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1.BuildOverrides": schema_openshift_api_config_v1_BuildOverrides(ref), "github.com/openshift/api/config/v1.BuildSpec": schema_openshift_api_config_v1_BuildSpec(ref), "github.com/openshift/api/config/v1.CertInfo": schema_openshift_api_config_v1_CertInfo(ref), + "github.com/openshift/api/config/v1.ClaimOrExpression": schema_openshift_api_config_v1_ClaimOrExpression(ref), "github.com/openshift/api/config/v1.ClientConnectionOverrides": schema_openshift_api_config_v1_ClientConnectionOverrides(ref), "github.com/openshift/api/config/v1.CloudControllerManagerStatus": schema_openshift_api_config_v1_CloudControllerManagerStatus(ref), "github.com/openshift/api/config/v1.CloudLoadBalancerConfig": schema_openshift_api_config_v1_CloudLoadBalancerConfig(ref), @@ -228,6 +229,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1.ExternalIPPolicy": schema_openshift_api_config_v1_ExternalIPPolicy(ref), "github.com/openshift/api/config/v1.ExternalPlatformSpec": schema_openshift_api_config_v1_ExternalPlatformSpec(ref), "github.com/openshift/api/config/v1.ExternalPlatformStatus": schema_openshift_api_config_v1_ExternalPlatformStatus(ref), + "github.com/openshift/api/config/v1.ExtraMapping": schema_openshift_api_config_v1_ExtraMapping(ref), "github.com/openshift/api/config/v1.FeatureGate": schema_openshift_api_config_v1_FeatureGate(ref), "github.com/openshift/api/config/v1.FeatureGateAttributes": schema_openshift_api_config_v1_FeatureGateAttributes(ref), "github.com/openshift/api/config/v1.FeatureGateDetails": schema_openshift_api_config_v1_FeatureGateDetails(ref), @@ -9846,6 +9848,34 @@ func schema_openshift_api_config_v1_CertInfo(ref common.ReferenceCallback) commo } } +func schema_openshift_api_config_v1_ClaimOrExpression(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "claim": { + SchemaProps: spec.SchemaProps{ + Description: "Claim is the JWT claim to use. Mutually exclusive with expression.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "expression": { + SchemaProps: spec.SchemaProps{ + Description: "Expression respresents a CEL expression. Mutually exclusive with claim.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + func schema_openshift_api_config_v1_ClientConnectionOverrides(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -11950,6 +11980,35 @@ func schema_openshift_api_config_v1_ExternalPlatformStatus(ref common.ReferenceC } } +func schema_openshift_api_config_v1_ExtraMapping(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "key": { + SchemaProps: spec.SchemaProps{ + Description: "Key is a string to use as the extra attribute key key must be lowercase and unique", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "valueExpression": { + SchemaProps: spec.SchemaProps{ + Description: "ValueExpression is a CEL expression to extract extra attribute value", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"key", "valueExpression"}, + }, + }, + } +} + func schema_openshift_api_config_v1_FeatureGate(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -18972,11 +19031,32 @@ func schema_openshift_api_config_v1_TokenClaimMappings(ref common.ReferenceCallb Ref: ref("github.com/openshift/api/config/v1.PrefixedClaimMapping"), }, }, + "uid": { + SchemaProps: spec.SchemaProps{ + Description: "UID reqresents an option for the uid attribute.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1.ClaimOrExpression"), + }, + }, + "extra": { + SchemaProps: spec.SchemaProps{ + Description: "Extra represents an option for the extra attribute", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1.ExtraMapping"), + }, + }, + }, + }, + }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.PrefixedClaimMapping", "github.com/openshift/api/config/v1.UsernameClaimMapping"}, + "github.com/openshift/api/config/v1.ClaimOrExpression", "github.com/openshift/api/config/v1.ExtraMapping", "github.com/openshift/api/config/v1.PrefixedClaimMapping", "github.com/openshift/api/config/v1.UsernameClaimMapping"}, } } diff --git a/openapi/openapi.json b/openapi/openapi.json index 16133e4b907..825f32f1d04 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -4940,6 +4940,21 @@ } } }, + "com.github.openshift.api.config.v1.ClaimOrExpression": { + "type": "object", + "properties": { + "claim": { + "description": "Claim is the JWT claim to use. Mutually exclusive with expression.", + "type": "string", + "default": "" + }, + "expression": { + "description": "Expression respresents a CEL expression. Mutually exclusive with claim.", + "type": "string", + "default": "" + } + } + }, "com.github.openshift.api.config.v1.ClientConnectionOverrides": { "type": "object", "required": [ @@ -6159,6 +6174,25 @@ } } }, + "com.github.openshift.api.config.v1.ExtraMapping": { + "type": "object", + "required": [ + "key", + "valueExpression" + ], + "properties": { + "key": { + "description": "Key is a string to use as the extra attribute key key must be lowercase and unique", + "type": "string", + "default": "" + }, + "valueExpression": { + "description": "ValueExpression is a CEL expression to extract extra attribute value", + "type": "string", + "default": "" + } + } + }, "com.github.openshift.api.config.v1.FeatureGate": { "description": "Feature holds cluster-wide information about feature gates. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", @@ -10290,11 +10324,24 @@ "com.github.openshift.api.config.v1.TokenClaimMappings": { "type": "object", "properties": { + "extra": { + "description": "Extra represents an option for the extra attribute", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ExtraMapping" + } + }, "groups": { "description": "Groups is a name of the claim that should be used to construct groups for the cluster identity. The referenced claim must use array of strings values.", "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1.PrefixedClaimMapping" }, + "uid": { + "description": "UID reqresents an option for the uid attribute.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClaimOrExpression" + }, "username": { "description": "Username is a name of the claim that should be used to construct usernames for the cluster identity.\n\nDefault value: \"sub\"", "default": {},