From 3982ccc157c1bc3dc0551b91d226a1df0e5c83af Mon Sep 17 00:00:00 2001 From: Dhiraj Bokde Date: Tue, 19 Nov 2024 08:16:52 -0800 Subject: [PATCH] fix: documented k8s SAR authz groups property as deprecated Signed-off-by: Dhiraj Bokde --- api/v1beta3/auth_config_types.go | 1 + install/crd/authorino.kuadrant.io_authconfigs.yaml | 14 ++++++++------ install/manifests.yaml | 14 ++++++++------ 3 files changed, 17 insertions(+), 12 deletions(-) diff --git a/api/v1beta3/auth_config_types.go b/api/v1beta3/auth_config_types.go index 22f7839e..9883a023 100644 --- a/api/v1beta3/auth_config_types.go +++ b/api/v1beta3/auth_config_types.go @@ -612,6 +612,7 @@ type KubernetesSubjectAccessReviewAuthorizationSpec struct { User *ValueOrSelector `json:"user,omitempty"` // Groups the user must be a member of or, if `user` is omitted, the groups to check for authorization in the Kubernetes RBAC. + // Deprecated: Use authorizationGroups instead. Groups []string `json:"groups,omitempty"` // Groups to check for existing permission in the Kubernetes RBAC alternatively to a specific user. This is typically obtained from a list of groups the user is a member of. Must be a static list of group names or dynamically resolve to one from the Authorization JSON. diff --git a/install/crd/authorino.kuadrant.io_authconfigs.yaml b/install/crd/authorino.kuadrant.io_authconfigs.yaml index 107aae22..f9cce495 100644 --- a/install/crd/authorino.kuadrant.io_authconfigs.yaml +++ b/install/crd/authorino.kuadrant.io_authconfigs.yaml @@ -2779,9 +2779,11 @@ spec: description: Authorization by Kubernetes SubjectAccessReview properties: authorizationGroups: - description: AuthorizationGroups is a value or selector - to use as groups to check for authorization in the Kubernetes - RBAC. + description: Groups to check for existing permission in + the Kubernetes RBAC alternatively to a specific user. + This is typically obtained from a list of groups the user + is a member of. Must be a static list of group names or + dynamically resolve to one from the Authorization JSON. properties: expression: type: string @@ -2796,9 +2798,9 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object groups: - description: Groups the user must be a member of or, if - `user` is omitted, the groups to check for authorization - in the Kubernetes RBAC. + description: |- + Groups the user must be a member of or, if `user` is omitted, the groups to check for authorization in the Kubernetes RBAC. + Deprecated: Use authorizationGroups instead. items: type: string type: array diff --git a/install/manifests.yaml b/install/manifests.yaml index 88d004da..de5dac6e 100644 --- a/install/manifests.yaml +++ b/install/manifests.yaml @@ -3087,9 +3087,11 @@ spec: description: Authorization by Kubernetes SubjectAccessReview properties: authorizationGroups: - description: AuthorizationGroups is a value or selector - to use as groups to check for authorization in the Kubernetes - RBAC. + description: Groups to check for existing permission in + the Kubernetes RBAC alternatively to a specific user. + This is typically obtained from a list of groups the user + is a member of. Must be a static list of group names or + dynamically resolve to one from the Authorization JSON. properties: expression: type: string @@ -3104,9 +3106,9 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object groups: - description: Groups the user must be a member of or, if - `user` is omitted, the groups to check for authorization - in the Kubernetes RBAC. + description: |- + Groups the user must be a member of or, if `user` is omitted, the groups to check for authorization in the Kubernetes RBAC. + Deprecated: Use authorizationGroups instead. items: type: string type: array