diff --git a/api/v1/mdb/mongodb_types.go b/api/v1/mdb/mongodb_types.go
index aef83f5c6..e14b8e746 100644
--- a/api/v1/mdb/mongodb_types.go
+++ b/api/v1/mdb/mongodb_types.go
@@ -1061,8 +1061,7 @@ type Ldap struct {
}
type OIDCProviderConfig struct {
- // Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when
- // creating users and roles for authorization. It is case-sensitive and can only contain the following characters:
+ // Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters:
// - alphanumeric characters (combination of a to z and 0 to 9)
// - hyphens (-)
// - underscores (_)
@@ -1070,11 +1069,10 @@ type OIDCProviderConfig struct {
// +kubebuilder:validation:Required
ConfigurationName string `json:"configurationName"`
- // Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider
+ // Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider
// Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
// For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
// For other MongoDB versions, the issuerURI itself must be unique.
-
// +kubebuilder:validation:Required
IssuerURI string `json:"issuerURI"`
@@ -1095,13 +1093,12 @@ type OIDCProviderConfig struct {
UserClaim string `json:"userClaim"`
// The identifier of the claim that includes the principal's IdP user group membership information.
- // Accept the default value unless your IdP uses a different claim, or you need a custom claim.
// Required when selected GroupMembership as the authorization type, ignored otherwise
// +kubebuilder:validation:Optional
GroupsClaim *string `json:"groupsClaim"`
- // Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation.
- // For programmatic, application access to Ops Manager deployments use Workload Identity Federation.
+ // Configure single-sign-on for human user access to deployments with Workforce Identity Federation.
+ // For programmatic, application access to deployments use Workload Identity Federation.
// Only one Workforce Identity Federation IdP can be configured per MongoDB resource
// +kubebuilder:validation:Required
AuthorizationMethod OIDCAuthorizationMethod `json:"authorizationMethod"`
diff --git a/config/crd/bases/mongodb.com_mongodb.yaml b/config/crd/bases/mongodb.com_mongodb.yaml
index 01101d360..6dd8e1b3b 100644
--- a/config/crd/bases/mongodb.com_mongodb.yaml
+++ b/config/crd/bases/mongodb.com_mongodb.yaml
@@ -1535,8 +1535,8 @@ spec:
type: string
authorizationMethod:
description: |-
- Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation.
- For programmatic, application access to Ops Manager deployments use Workload Identity Federation.
+ Configure single-sign-on for human user access to deployments with Workforce Identity Federation.
+ For programmatic, application access to deployments use Workload Identity Federation.
Only one Workforce Identity Federation IdP can be configured per MongoDB resource
enum:
- WorkforceIdentityFederation
@@ -1558,8 +1558,7 @@ spec:
type: string
configurationName:
description: |-
- Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when
- creating users and roles for authorization. It is case-sensitive and can only contain the following characters:
+ Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters:
- alphanumeric characters (combination of a to z and 0 to 9)
- hyphens (-)
- underscores (_)
@@ -1568,12 +1567,11 @@ spec:
groupsClaim:
description: |-
The identifier of the claim that includes the principal's IdP user group membership information.
- Accept the default value unless your IdP uses a different claim, or you need a custom claim.
Required when selected GroupMembership as the authorization type, ignored otherwise
type: string
issuerURI:
description: |-
- Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider
+ Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider
Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
For other MongoDB versions, the issuerURI itself must be unique.
diff --git a/config/crd/bases/mongodb.com_mongodbmulticluster.yaml b/config/crd/bases/mongodb.com_mongodbmulticluster.yaml
index 1be90e11c..0304dcd32 100644
--- a/config/crd/bases/mongodb.com_mongodbmulticluster.yaml
+++ b/config/crd/bases/mongodb.com_mongodbmulticluster.yaml
@@ -795,8 +795,8 @@ spec:
type: string
authorizationMethod:
description: |-
- Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation.
- For programmatic, application access to Ops Manager deployments use Workload Identity Federation.
+ Configure single-sign-on for human user access to deployments with Workforce Identity Federation.
+ For programmatic, application access to deployments use Workload Identity Federation.
Only one Workforce Identity Federation IdP can be configured per MongoDB resource
enum:
- WorkforceIdentityFederation
@@ -818,8 +818,7 @@ spec:
type: string
configurationName:
description: |-
- Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when
- creating users and roles for authorization. It is case-sensitive and can only contain the following characters:
+ Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters:
- alphanumeric characters (combination of a to z and 0 to 9)
- hyphens (-)
- underscores (_)
@@ -828,12 +827,11 @@ spec:
groupsClaim:
description: |-
The identifier of the claim that includes the principal's IdP user group membership information.
- Accept the default value unless your IdP uses a different claim, or you need a custom claim.
Required when selected GroupMembership as the authorization type, ignored otherwise
type: string
issuerURI:
description: |-
- Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider
+ Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider
Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
For other MongoDB versions, the issuerURI itself must be unique.
diff --git a/config/crd/bases/mongodb.com_opsmanagers.yaml b/config/crd/bases/mongodb.com_opsmanagers.yaml
index 42d1597d8..b5031857c 100644
--- a/config/crd/bases/mongodb.com_opsmanagers.yaml
+++ b/config/crd/bases/mongodb.com_opsmanagers.yaml
@@ -857,8 +857,8 @@ spec:
type: string
authorizationMethod:
description: |-
- Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation.
- For programmatic, application access to Ops Manager deployments use Workload Identity Federation.
+ Configure single-sign-on for human user access to deployments with Workforce Identity Federation.
+ For programmatic, application access to deployments use Workload Identity Federation.
Only one Workforce Identity Federation IdP can be configured per MongoDB resource
enum:
- WorkforceIdentityFederation
@@ -880,8 +880,7 @@ spec:
type: string
configurationName:
description: |-
- Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when
- creating users and roles for authorization. It is case-sensitive and can only contain the following characters:
+ Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters:
- alphanumeric characters (combination of a to z and 0 to 9)
- hyphens (-)
- underscores (_)
@@ -890,13 +889,14 @@ spec:
groupsClaim:
description: |-
The identifier of the claim that includes the principal's IdP user group membership information.
- Accept the default value unless your IdP uses a different claim, or you need a custom claim.
Required when selected GroupMembership as the authorization type, ignored otherwise
type: string
issuerURI:
description: |-
- Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider
+ Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider
Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
+ For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
+ For other MongoDB versions, the issuerURI itself must be unique.
type: string
requestedScopes:
description: |-
diff --git a/helm_chart/crds/mongodb.com_mongodb.yaml b/helm_chart/crds/mongodb.com_mongodb.yaml
index 01101d360..6dd8e1b3b 100644
--- a/helm_chart/crds/mongodb.com_mongodb.yaml
+++ b/helm_chart/crds/mongodb.com_mongodb.yaml
@@ -1535,8 +1535,8 @@ spec:
type: string
authorizationMethod:
description: |-
- Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation.
- For programmatic, application access to Ops Manager deployments use Workload Identity Federation.
+ Configure single-sign-on for human user access to deployments with Workforce Identity Federation.
+ For programmatic, application access to deployments use Workload Identity Federation.
Only one Workforce Identity Federation IdP can be configured per MongoDB resource
enum:
- WorkforceIdentityFederation
@@ -1558,8 +1558,7 @@ spec:
type: string
configurationName:
description: |-
- Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when
- creating users and roles for authorization. It is case-sensitive and can only contain the following characters:
+ Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters:
- alphanumeric characters (combination of a to z and 0 to 9)
- hyphens (-)
- underscores (_)
@@ -1568,12 +1567,11 @@ spec:
groupsClaim:
description: |-
The identifier of the claim that includes the principal's IdP user group membership information.
- Accept the default value unless your IdP uses a different claim, or you need a custom claim.
Required when selected GroupMembership as the authorization type, ignored otherwise
type: string
issuerURI:
description: |-
- Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider
+ Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider
Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
For other MongoDB versions, the issuerURI itself must be unique.
diff --git a/helm_chart/crds/mongodb.com_mongodbmulticluster.yaml b/helm_chart/crds/mongodb.com_mongodbmulticluster.yaml
index 1be90e11c..0304dcd32 100644
--- a/helm_chart/crds/mongodb.com_mongodbmulticluster.yaml
+++ b/helm_chart/crds/mongodb.com_mongodbmulticluster.yaml
@@ -795,8 +795,8 @@ spec:
type: string
authorizationMethod:
description: |-
- Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation.
- For programmatic, application access to Ops Manager deployments use Workload Identity Federation.
+ Configure single-sign-on for human user access to deployments with Workforce Identity Federation.
+ For programmatic, application access to deployments use Workload Identity Federation.
Only one Workforce Identity Federation IdP can be configured per MongoDB resource
enum:
- WorkforceIdentityFederation
@@ -818,8 +818,7 @@ spec:
type: string
configurationName:
description: |-
- Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when
- creating users and roles for authorization. It is case-sensitive and can only contain the following characters:
+ Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters:
- alphanumeric characters (combination of a to z and 0 to 9)
- hyphens (-)
- underscores (_)
@@ -828,12 +827,11 @@ spec:
groupsClaim:
description: |-
The identifier of the claim that includes the principal's IdP user group membership information.
- Accept the default value unless your IdP uses a different claim, or you need a custom claim.
Required when selected GroupMembership as the authorization type, ignored otherwise
type: string
issuerURI:
description: |-
- Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider
+ Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider
Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
For other MongoDB versions, the issuerURI itself must be unique.
diff --git a/helm_chart/crds/mongodb.com_opsmanagers.yaml b/helm_chart/crds/mongodb.com_opsmanagers.yaml
index 42d1597d8..b5031857c 100644
--- a/helm_chart/crds/mongodb.com_opsmanagers.yaml
+++ b/helm_chart/crds/mongodb.com_opsmanagers.yaml
@@ -857,8 +857,8 @@ spec:
type: string
authorizationMethod:
description: |-
- Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation.
- For programmatic, application access to Ops Manager deployments use Workload Identity Federation.
+ Configure single-sign-on for human user access to deployments with Workforce Identity Federation.
+ For programmatic, application access to deployments use Workload Identity Federation.
Only one Workforce Identity Federation IdP can be configured per MongoDB resource
enum:
- WorkforceIdentityFederation
@@ -880,8 +880,7 @@ spec:
type: string
configurationName:
description: |-
- Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when
- creating users and roles for authorization. It is case-sensitive and can only contain the following characters:
+ Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters:
- alphanumeric characters (combination of a to z and 0 to 9)
- hyphens (-)
- underscores (_)
@@ -890,13 +889,14 @@ spec:
groupsClaim:
description: |-
The identifier of the claim that includes the principal's IdP user group membership information.
- Accept the default value unless your IdP uses a different claim, or you need a custom claim.
Required when selected GroupMembership as the authorization type, ignored otherwise
type: string
issuerURI:
description: |-
- Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider
+ Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider
Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
+ For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
+ For other MongoDB versions, the issuerURI itself must be unique.
type: string
requestedScopes:
description: |-
diff --git a/public/crds.yaml b/public/crds.yaml
index 5ab7e45ae..ea6746bd7 100644
--- a/public/crds.yaml
+++ b/public/crds.yaml
@@ -1535,8 +1535,8 @@ spec:
type: string
authorizationMethod:
description: |-
- Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation.
- For programmatic, application access to Ops Manager deployments use Workload Identity Federation.
+ Configure single-sign-on for human user access to deployments with Workforce Identity Federation.
+ For programmatic, application access to deployments use Workload Identity Federation.
Only one Workforce Identity Federation IdP can be configured per MongoDB resource
enum:
- WorkforceIdentityFederation
@@ -1558,8 +1558,7 @@ spec:
type: string
configurationName:
description: |-
- Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when
- creating users and roles for authorization. It is case-sensitive and can only contain the following characters:
+ Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters:
- alphanumeric characters (combination of a to z and 0 to 9)
- hyphens (-)
- underscores (_)
@@ -1568,12 +1567,11 @@ spec:
groupsClaim:
description: |-
The identifier of the claim that includes the principal's IdP user group membership information.
- Accept the default value unless your IdP uses a different claim, or you need a custom claim.
Required when selected GroupMembership as the authorization type, ignored otherwise
type: string
issuerURI:
description: |-
- Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider
+ Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider
Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
For other MongoDB versions, the issuerURI itself must be unique.
@@ -4172,8 +4170,8 @@ spec:
type: string
authorizationMethod:
description: |-
- Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation.
- For programmatic, application access to Ops Manager deployments use Workload Identity Federation.
+ Configure single-sign-on for human user access to deployments with Workforce Identity Federation.
+ For programmatic, application access to deployments use Workload Identity Federation.
Only one Workforce Identity Federation IdP can be configured per MongoDB resource
enum:
- WorkforceIdentityFederation
@@ -4195,8 +4193,7 @@ spec:
type: string
configurationName:
description: |-
- Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when
- creating users and roles for authorization. It is case-sensitive and can only contain the following characters:
+ Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters:
- alphanumeric characters (combination of a to z and 0 to 9)
- hyphens (-)
- underscores (_)
@@ -4205,12 +4202,11 @@ spec:
groupsClaim:
description: |-
The identifier of the claim that includes the principal's IdP user group membership information.
- Accept the default value unless your IdP uses a different claim, or you need a custom claim.
Required when selected GroupMembership as the authorization type, ignored otherwise
type: string
issuerURI:
description: |-
- Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider
+ Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider
Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
For other MongoDB versions, the issuerURI itself must be unique.
@@ -5820,8 +5816,8 @@ spec:
type: string
authorizationMethod:
description: |-
- Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation.
- For programmatic, application access to Ops Manager deployments use Workload Identity Federation.
+ Configure single-sign-on for human user access to deployments with Workforce Identity Federation.
+ For programmatic, application access to deployments use Workload Identity Federation.
Only one Workforce Identity Federation IdP can be configured per MongoDB resource
enum:
- WorkforceIdentityFederation
@@ -5843,8 +5839,7 @@ spec:
type: string
configurationName:
description: |-
- Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when
- creating users and roles for authorization. It is case-sensitive and can only contain the following characters:
+ Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters:
- alphanumeric characters (combination of a to z and 0 to 9)
- hyphens (-)
- underscores (_)
@@ -5853,13 +5848,14 @@ spec:
groupsClaim:
description: |-
The identifier of the claim that includes the principal's IdP user group membership information.
- Accept the default value unless your IdP uses a different claim, or you need a custom claim.
Required when selected GroupMembership as the authorization type, ignored otherwise
type: string
issuerURI:
description: |-
- Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider
+ Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider
Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
+ For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
+ For other MongoDB versions, the issuerURI itself must be unique.
type: string
requestedScopes:
description: |-