diff --git a/api/v1/mdb/mongodb_types.go b/api/v1/mdb/mongodb_types.go index aef83f5c6..e14b8e746 100644 --- a/api/v1/mdb/mongodb_types.go +++ b/api/v1/mdb/mongodb_types.go @@ -1061,8 +1061,7 @@ type Ldap struct { } type OIDCProviderConfig struct { - // Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when - // creating users and roles for authorization. It is case-sensitive and can only contain the following characters: + // Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters: // - alphanumeric characters (combination of a to z and 0 to 9) // - hyphens (-) // - underscores (_) @@ -1070,11 +1069,10 @@ type OIDCProviderConfig struct { // +kubebuilder:validation:Required ConfigurationName string `json:"configurationName"` - // Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider + // Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider // Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint. // For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations. // For other MongoDB versions, the issuerURI itself must be unique. - // +kubebuilder:validation:Required IssuerURI string `json:"issuerURI"` @@ -1095,13 +1093,12 @@ type OIDCProviderConfig struct { UserClaim string `json:"userClaim"` // The identifier of the claim that includes the principal's IdP user group membership information. - // Accept the default value unless your IdP uses a different claim, or you need a custom claim. // Required when selected GroupMembership as the authorization type, ignored otherwise // +kubebuilder:validation:Optional GroupsClaim *string `json:"groupsClaim"` - // Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation. - // For programmatic, application access to Ops Manager deployments use Workload Identity Federation. + // Configure single-sign-on for human user access to deployments with Workforce Identity Federation. + // For programmatic, application access to deployments use Workload Identity Federation. // Only one Workforce Identity Federation IdP can be configured per MongoDB resource // +kubebuilder:validation:Required AuthorizationMethod OIDCAuthorizationMethod `json:"authorizationMethod"` diff --git a/config/crd/bases/mongodb.com_mongodb.yaml b/config/crd/bases/mongodb.com_mongodb.yaml index 01101d360..6dd8e1b3b 100644 --- a/config/crd/bases/mongodb.com_mongodb.yaml +++ b/config/crd/bases/mongodb.com_mongodb.yaml @@ -1535,8 +1535,8 @@ spec: type: string authorizationMethod: description: |- - Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation. - For programmatic, application access to Ops Manager deployments use Workload Identity Federation. + Configure single-sign-on for human user access to deployments with Workforce Identity Federation. + For programmatic, application access to deployments use Workload Identity Federation. Only one Workforce Identity Federation IdP can be configured per MongoDB resource enum: - WorkforceIdentityFederation @@ -1558,8 +1558,7 @@ spec: type: string configurationName: description: |- - Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when - creating users and roles for authorization. It is case-sensitive and can only contain the following characters: + Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters: - alphanumeric characters (combination of a to z and 0 to 9) - hyphens (-) - underscores (_) @@ -1568,12 +1567,11 @@ spec: groupsClaim: description: |- The identifier of the claim that includes the principal's IdP user group membership information. - Accept the default value unless your IdP uses a different claim, or you need a custom claim. Required when selected GroupMembership as the authorization type, ignored otherwise type: string issuerURI: description: |- - Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider + Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint. For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations. For other MongoDB versions, the issuerURI itself must be unique. diff --git a/config/crd/bases/mongodb.com_mongodbmulticluster.yaml b/config/crd/bases/mongodb.com_mongodbmulticluster.yaml index 1be90e11c..0304dcd32 100644 --- a/config/crd/bases/mongodb.com_mongodbmulticluster.yaml +++ b/config/crd/bases/mongodb.com_mongodbmulticluster.yaml @@ -795,8 +795,8 @@ spec: type: string authorizationMethod: description: |- - Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation. - For programmatic, application access to Ops Manager deployments use Workload Identity Federation. + Configure single-sign-on for human user access to deployments with Workforce Identity Federation. + For programmatic, application access to deployments use Workload Identity Federation. Only one Workforce Identity Federation IdP can be configured per MongoDB resource enum: - WorkforceIdentityFederation @@ -818,8 +818,7 @@ spec: type: string configurationName: description: |- - Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when - creating users and roles for authorization. It is case-sensitive and can only contain the following characters: + Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters: - alphanumeric characters (combination of a to z and 0 to 9) - hyphens (-) - underscores (_) @@ -828,12 +827,11 @@ spec: groupsClaim: description: |- The identifier of the claim that includes the principal's IdP user group membership information. - Accept the default value unless your IdP uses a different claim, or you need a custom claim. Required when selected GroupMembership as the authorization type, ignored otherwise type: string issuerURI: description: |- - Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider + Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint. For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations. For other MongoDB versions, the issuerURI itself must be unique. diff --git a/config/crd/bases/mongodb.com_opsmanagers.yaml b/config/crd/bases/mongodb.com_opsmanagers.yaml index 42d1597d8..b5031857c 100644 --- a/config/crd/bases/mongodb.com_opsmanagers.yaml +++ b/config/crd/bases/mongodb.com_opsmanagers.yaml @@ -857,8 +857,8 @@ spec: type: string authorizationMethod: description: |- - Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation. - For programmatic, application access to Ops Manager deployments use Workload Identity Federation. + Configure single-sign-on for human user access to deployments with Workforce Identity Federation. + For programmatic, application access to deployments use Workload Identity Federation. Only one Workforce Identity Federation IdP can be configured per MongoDB resource enum: - WorkforceIdentityFederation @@ -880,8 +880,7 @@ spec: type: string configurationName: description: |- - Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when - creating users and roles for authorization. It is case-sensitive and can only contain the following characters: + Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters: - alphanumeric characters (combination of a to z and 0 to 9) - hyphens (-) - underscores (_) @@ -890,13 +889,14 @@ spec: groupsClaim: description: |- The identifier of the claim that includes the principal's IdP user group membership information. - Accept the default value unless your IdP uses a different claim, or you need a custom claim. Required when selected GroupMembership as the authorization type, ignored otherwise type: string issuerURI: description: |- - Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider + Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint. + For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations. + For other MongoDB versions, the issuerURI itself must be unique. type: string requestedScopes: description: |- diff --git a/helm_chart/crds/mongodb.com_mongodb.yaml b/helm_chart/crds/mongodb.com_mongodb.yaml index 01101d360..6dd8e1b3b 100644 --- a/helm_chart/crds/mongodb.com_mongodb.yaml +++ b/helm_chart/crds/mongodb.com_mongodb.yaml @@ -1535,8 +1535,8 @@ spec: type: string authorizationMethod: description: |- - Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation. - For programmatic, application access to Ops Manager deployments use Workload Identity Federation. + Configure single-sign-on for human user access to deployments with Workforce Identity Federation. + For programmatic, application access to deployments use Workload Identity Federation. Only one Workforce Identity Federation IdP can be configured per MongoDB resource enum: - WorkforceIdentityFederation @@ -1558,8 +1558,7 @@ spec: type: string configurationName: description: |- - Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when - creating users and roles for authorization. It is case-sensitive and can only contain the following characters: + Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters: - alphanumeric characters (combination of a to z and 0 to 9) - hyphens (-) - underscores (_) @@ -1568,12 +1567,11 @@ spec: groupsClaim: description: |- The identifier of the claim that includes the principal's IdP user group membership information. - Accept the default value unless your IdP uses a different claim, or you need a custom claim. Required when selected GroupMembership as the authorization type, ignored otherwise type: string issuerURI: description: |- - Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider + Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint. For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations. For other MongoDB versions, the issuerURI itself must be unique. diff --git a/helm_chart/crds/mongodb.com_mongodbmulticluster.yaml b/helm_chart/crds/mongodb.com_mongodbmulticluster.yaml index 1be90e11c..0304dcd32 100644 --- a/helm_chart/crds/mongodb.com_mongodbmulticluster.yaml +++ b/helm_chart/crds/mongodb.com_mongodbmulticluster.yaml @@ -795,8 +795,8 @@ spec: type: string authorizationMethod: description: |- - Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation. - For programmatic, application access to Ops Manager deployments use Workload Identity Federation. + Configure single-sign-on for human user access to deployments with Workforce Identity Federation. + For programmatic, application access to deployments use Workload Identity Federation. Only one Workforce Identity Federation IdP can be configured per MongoDB resource enum: - WorkforceIdentityFederation @@ -818,8 +818,7 @@ spec: type: string configurationName: description: |- - Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when - creating users and roles for authorization. It is case-sensitive and can only contain the following characters: + Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters: - alphanumeric characters (combination of a to z and 0 to 9) - hyphens (-) - underscores (_) @@ -828,12 +827,11 @@ spec: groupsClaim: description: |- The identifier of the claim that includes the principal's IdP user group membership information. - Accept the default value unless your IdP uses a different claim, or you need a custom claim. Required when selected GroupMembership as the authorization type, ignored otherwise type: string issuerURI: description: |- - Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider + Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint. For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations. For other MongoDB versions, the issuerURI itself must be unique. diff --git a/helm_chart/crds/mongodb.com_opsmanagers.yaml b/helm_chart/crds/mongodb.com_opsmanagers.yaml index 42d1597d8..b5031857c 100644 --- a/helm_chart/crds/mongodb.com_opsmanagers.yaml +++ b/helm_chart/crds/mongodb.com_opsmanagers.yaml @@ -857,8 +857,8 @@ spec: type: string authorizationMethod: description: |- - Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation. - For programmatic, application access to Ops Manager deployments use Workload Identity Federation. + Configure single-sign-on for human user access to deployments with Workforce Identity Federation. + For programmatic, application access to deployments use Workload Identity Federation. Only one Workforce Identity Federation IdP can be configured per MongoDB resource enum: - WorkforceIdentityFederation @@ -880,8 +880,7 @@ spec: type: string configurationName: description: |- - Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when - creating users and roles for authorization. It is case-sensitive and can only contain the following characters: + Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters: - alphanumeric characters (combination of a to z and 0 to 9) - hyphens (-) - underscores (_) @@ -890,13 +889,14 @@ spec: groupsClaim: description: |- The identifier of the claim that includes the principal's IdP user group membership information. - Accept the default value unless your IdP uses a different claim, or you need a custom claim. Required when selected GroupMembership as the authorization type, ignored otherwise type: string issuerURI: description: |- - Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider + Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint. + For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations. + For other MongoDB versions, the issuerURI itself must be unique. type: string requestedScopes: description: |- diff --git a/public/crds.yaml b/public/crds.yaml index 5ab7e45ae..ea6746bd7 100644 --- a/public/crds.yaml +++ b/public/crds.yaml @@ -1535,8 +1535,8 @@ spec: type: string authorizationMethod: description: |- - Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation. - For programmatic, application access to Ops Manager deployments use Workload Identity Federation. + Configure single-sign-on for human user access to deployments with Workforce Identity Federation. + For programmatic, application access to deployments use Workload Identity Federation. Only one Workforce Identity Federation IdP can be configured per MongoDB resource enum: - WorkforceIdentityFederation @@ -1558,8 +1558,7 @@ spec: type: string configurationName: description: |- - Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when - creating users and roles for authorization. It is case-sensitive and can only contain the following characters: + Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters: - alphanumeric characters (combination of a to z and 0 to 9) - hyphens (-) - underscores (_) @@ -1568,12 +1567,11 @@ spec: groupsClaim: description: |- The identifier of the claim that includes the principal's IdP user group membership information. - Accept the default value unless your IdP uses a different claim, or you need a custom claim. Required when selected GroupMembership as the authorization type, ignored otherwise type: string issuerURI: description: |- - Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider + Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint. For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations. For other MongoDB versions, the issuerURI itself must be unique. @@ -4172,8 +4170,8 @@ spec: type: string authorizationMethod: description: |- - Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation. - For programmatic, application access to Ops Manager deployments use Workload Identity Federation. + Configure single-sign-on for human user access to deployments with Workforce Identity Federation. + For programmatic, application access to deployments use Workload Identity Federation. Only one Workforce Identity Federation IdP can be configured per MongoDB resource enum: - WorkforceIdentityFederation @@ -4195,8 +4193,7 @@ spec: type: string configurationName: description: |- - Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when - creating users and roles for authorization. It is case-sensitive and can only contain the following characters: + Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters: - alphanumeric characters (combination of a to z and 0 to 9) - hyphens (-) - underscores (_) @@ -4205,12 +4202,11 @@ spec: groupsClaim: description: |- The identifier of the claim that includes the principal's IdP user group membership information. - Accept the default value unless your IdP uses a different claim, or you need a custom claim. Required when selected GroupMembership as the authorization type, ignored otherwise type: string issuerURI: description: |- - Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider + Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint. For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations. For other MongoDB versions, the issuerURI itself must be unique. @@ -5820,8 +5816,8 @@ spec: type: string authorizationMethod: description: |- - Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation. - For programmatic, application access to Ops Manager deployments use Workload Identity Federation. + Configure single-sign-on for human user access to deployments with Workforce Identity Federation. + For programmatic, application access to deployments use Workload Identity Federation. Only one Workforce Identity Federation IdP can be configured per MongoDB resource enum: - WorkforceIdentityFederation @@ -5843,8 +5839,7 @@ spec: type: string configurationName: description: |- - Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when - creating users and roles for authorization. It is case-sensitive and can only contain the following characters: + Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters: - alphanumeric characters (combination of a to z and 0 to 9) - hyphens (-) - underscores (_) @@ -5853,13 +5848,14 @@ spec: groupsClaim: description: |- The identifier of the claim that includes the principal's IdP user group membership information. - Accept the default value unless your IdP uses a different claim, or you need a custom claim. Required when selected GroupMembership as the authorization type, ignored otherwise type: string issuerURI: description: |- - Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider + Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint. + For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations. + For other MongoDB versions, the issuerURI itself must be unique. type: string requestedScopes: description: |-