diff --git a/install/crd/patches/oneof_in_authconfigs.yaml b/install/crd/patches/oneof_in_authconfigs.yaml index 0e758374..f805659c 100644 --- a/install/crd/patches/oneof_in_authconfigs.yaml +++ b/install/crd/patches/oneof_in_authconfigs.yaml @@ -1,5 +1,6 @@ -# Enables oneOf validation for the identity/metadata/authorization modes +# Enables oneOf validation for the identity/authentication, metadata, authorization, and response fields. +# v1beta1 - op: add path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/identity/items/oneOf value: @@ -162,3 +163,175 @@ selector: {} value: {} required: [operator, selector] + +# v1beta2 +- op: add + path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/authentication/additionalProperties/oneOf + value: + - properties: + credentials: {} + oauth2Introspection: {} + required: [oauth2Introspection] + - properties: + credentials: {} + jwt: {} + required: [jwt] + - properties: + credentials: {} + apiKey: {} + required: [apiKey] + - properties: + credentials: {} + x509: {} + required: [x509] + - properties: + credentials: {} + kubernetesTokenReview: {} + required: [kubernetesTokenReview] + - properties: + credentials: {} + anonymous: {} + required: [anonymous] + - properties: + credentials: {} + plain: {} + required: [plain] + +- op: add + path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/metadata/additionalProperties/oneOf + value: + - properties: + userInfo: {} + required: [userInfo] + - properties: + uma: {} + required: [uma] + - properties: + http: {} + required: [http] + +- op: add + path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/authorization/additionalProperties/oneOf + value: + - properties: + opa: {} + required: [opa] + - properties: + patternMatching: {} + required: [patternMatching] + - properties: + kubernetesSubjectAccessReview: {} + required: [kubernetesSubjectAccessReview] + - properties: + spicedb: {} + required: [spicedb] + +- op: add + path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/response/properties/success/properties/headers/additionalProperties/oneOf + value: + - properties: + wristband: {} + required: [wristband] + - properties: + json: {} + required: [json] + - properties: + plain: {} + required: [plain] + +- op: add + path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/response/properties/success/properties/dynamicMetadata/additionalProperties/oneOf + value: + - properties: + wristband: {} + required: [wristband] + - properties: + json: {} + required: [json] + - properties: + plain: {} + required: [plain] + +- op: add + path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/authorization/additionalProperties/properties/patternMatching/properties/patterns/items/oneOf + value: + - properties: + patternRef: {} + required: [patternRef] + - properties: + operator: {} + selector: {} + value: {} + required: [operator, selector] + +- op: add + path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/when/items/oneOf + value: + - properties: + patternRef: {} + required: [patternRef] + - properties: + operator: {} + selector: {} + value: {} + required: [operator, selector] + +- op: add + path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/authentication/additionalProperties/properties/when/items/oneOf + value: + - properties: + patternRef: {} + required: [patternRef] + - properties: + operator: {} + selector: {} + value: {} + required: [operator, selector] + +- op: add + path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/metadata/additionalProperties/properties/when/items/oneOf + value: + - properties: + patternRef: {} + required: [patternRef] + - properties: + operator: {} + selector: {} + value: {} + required: [operator, selector] + +- op: add + path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/authorization/additionalProperties/properties/when/items/oneOf + value: + - properties: + patternRef: {} + required: [patternRef] + - properties: + operator: {} + selector: {} + value: {} + required: [operator, selector] + +- op: add + path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/response/properties/success/properties/headers/additionalProperties/properties/when/items/oneOf + value: + - properties: + patternRef: {} + required: [patternRef] + - properties: + operator: {} + selector: {} + value: {} + required: [operator, selector] + +- op: add + path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/response/properties/success/properties/dynamicMetadata/additionalProperties/properties/when/items/oneOf + value: + - properties: + patternRef: {} + required: [patternRef] + - properties: + operator: {} + selector: {} + value: {} + required: [operator, selector] diff --git a/install/manifests.yaml b/install/manifests.yaml index 280882b7..44d7d525 100644 --- a/install/manifests.yaml +++ b/install/manifests.yaml @@ -2529,6 +2529,42 @@ spec: properties: authentication: additionalProperties: + oneOf: + - properties: + credentials: {} + oauth2Introspection: {} + required: + - oauth2Introspection + - properties: + credentials: {} + jwt: {} + required: + - jwt + - properties: + apiKey: {} + credentials: {} + required: + - apiKey + - properties: + credentials: {} + x509: {} + required: + - x509 + - properties: + credentials: {} + kubernetesTokenReview: {} + required: + - kubernetesTokenReview + - properties: + anonymous: {} + credentials: {} + required: + - anonymous + - properties: + credentials: {} + plain: {} + required: + - plain properties: anonymous: description: Anonymous access. @@ -2807,6 +2843,18 @@ spec: If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. items: + oneOf: + - properties: + patternRef: {} + required: + - patternRef + - properties: + operator: {} + selector: {} + value: {} + required: + - operator + - selector properties: operator: description: 'The binary operator to be applied to the @@ -2907,6 +2955,23 @@ spec: type: object authorization: additionalProperties: + oneOf: + - properties: + opa: {} + required: + - opa + - properties: + patternMatching: {} + required: + - patternMatching + - properties: + kubernetesSubjectAccessReview: {} + required: + - kubernetesSubjectAccessReview + - properties: + spicedb: {} + required: + - spicedb properties: cache: description: Caching options for the resolved object returned @@ -3330,6 +3395,18 @@ spec: properties: patterns: items: + oneOf: + - properties: + patternRef: {} + required: + - patternRef + - properties: + operator: {} + selector: {} + value: {} + required: + - operator + - selector properties: operator: description: 'The binary operator to be applied to @@ -3502,6 +3579,18 @@ spec: If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. items: + oneOf: + - properties: + patternRef: {} + required: + - patternRef + - properties: + operator: {} + selector: {} + value: {} + required: + - operator + - selector properties: operator: description: 'The binary operator to be applied to the @@ -3847,6 +3936,19 @@ spec: type: array metadata: additionalProperties: + oneOf: + - properties: + userInfo: {} + required: + - userInfo + - properties: + uma: {} + required: + - uma + - properties: + http: {} + required: + - http properties: cache: description: Caching options for the resolved object returned @@ -4140,6 +4242,18 @@ spec: If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. items: + oneOf: + - properties: + patternRef: {} + required: + - patternRef + - properties: + operator: {} + selector: {} + value: {} + required: + - operator + - selector properties: operator: description: 'The binary operator to be applied to the @@ -4223,6 +4337,19 @@ spec: dynamicMetadata: additionalProperties: description: Settings of the success custom response item. + oneOf: + - properties: + wristband: {} + required: + - wristband + - properties: + json: {} + required: + - json + - properties: + plain: {} + required: + - plain properties: cache: description: Caching options for the resolved object @@ -4322,6 +4449,18 @@ spec: for the config to be enforced; otherwise, the config will be skipped. items: + oneOf: + - properties: + patternRef: {} + required: + - patternRef + - properties: + operator: {} + selector: {} + value: {} + required: + - operator + - selector properties: operator: description: 'The binary operator to be applied @@ -4433,6 +4572,19 @@ spec: type: object headers: additionalProperties: + oneOf: + - properties: + wristband: {} + required: + - wristband + - properties: + json: {} + required: + - json + - properties: + plain: {} + required: + - plain properties: cache: description: Caching options for the resolved object @@ -4536,6 +4688,18 @@ spec: for the config to be enforced; otherwise, the config will be skipped. items: + oneOf: + - properties: + patternRef: {} + required: + - patternRef + - properties: + operator: {} + selector: {} + value: {} + required: + - operator + - selector properties: operator: description: 'The binary operator to be applied @@ -4791,6 +4955,18 @@ spec: otherwise, Authorino skips the AuthConfig and returns to the auth request with status OK. items: + oneOf: + - properties: + patternRef: {} + required: + - patternRef + - properties: + operator: {} + selector: {} + value: {} + required: + - operator + - selector properties: operator: description: 'The binary operator to be applied to the content