Skip to content

Commit

Permalink
fix: documented k8s SAR authz groups property as deprecated
Browse files Browse the repository at this point in the history 
Signed-off-by: Dhiraj Bokde <[email protected]>
  • Loading branch information
@dhirajsb
dhirajsb committed Nov 19, 2024
1 parent 8a90020 commit 3982ccc
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 12 deletions.
1 change: 1 addition & 0 deletions api/v1beta3/auth_config_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -612,6 +612,7 @@ type KubernetesSubjectAccessReviewAuthorizationSpec struct {
User *ValueOrSelector `json:"user,omitempty"`

// Groups the user must be a member of or, if `user` is omitted, the groups to check for authorization in the Kubernetes RBAC.
// Deprecated: Use authorizationGroups instead.
Groups []string `json:"groups,omitempty"`

// Groups to check for existing permission in the Kubernetes RBAC alternatively to a specific user. This is typically obtained from a list of groups the user is a member of. Must be a static list of group names or dynamically resolve to one from the Authorization JSON.
Expand Down
14 changes: 8 additions & 6 deletions install/crd/authorino.kuadrant.io_authconfigs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2779,9 +2779,11 @@ spec:
description: Authorization by Kubernetes SubjectAccessReview
properties:
authorizationGroups:
description: AuthorizationGroups is a value or selector
to use as groups to check for authorization in the Kubernetes
RBAC.
description: Groups to check for existing permission in
the Kubernetes RBAC alternatively to a specific user.
This is typically obtained from a list of groups the user
is a member of. Must be a static list of group names or
dynamically resolve to one from the Authorization JSON.
properties:
expression:
type: string
Expand All @@ -2796,9 +2798,9 @@ spec:
x-kubernetes-preserve-unknown-fields: true
type: object
groups:
description: Groups the user must be a member of or, if
`user` is omitted, the groups to check for authorization
in the Kubernetes RBAC.
description: |-
Groups the user must be a member of or, if `user` is omitted, the groups to check for authorization in the Kubernetes RBAC.
Deprecated: Use authorizationGroups instead.
items:
type: string
type: array
Expand Down
14 changes: 8 additions & 6 deletions install/manifests.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3087,9 +3087,11 @@ spec:
description: Authorization by Kubernetes SubjectAccessReview
properties:
authorizationGroups:
description: AuthorizationGroups is a value or selector
to use as groups to check for authorization in the Kubernetes
RBAC.
description: Groups to check for existing permission in
the Kubernetes RBAC alternatively to a specific user.
This is typically obtained from a list of groups the user
is a member of. Must be a static list of group names or
dynamically resolve to one from the Authorization JSON.
properties:
expression:
type: string
Expand All @@ -3104,9 +3106,9 @@ spec:
x-kubernetes-preserve-unknown-fields: true
type: object
groups:
description: Groups the user must be a member of or, if
`user` is omitted, the groups to check for authorization
in the Kubernetes RBAC.
description: |-
Groups the user must be a member of or, if `user` is omitted, the groups to check for authorization in the Kubernetes RBAC.
Deprecated: Use authorizationGroups instead.
items:
type: string
type: array
Expand Down

0 comments on commit 3982ccc

Please sign in to comment.