group.proto
Package : portal.gloo.solo.io
group.proto
Table of Contents
GroupSpec
A Group can be use to define access levels for a set of users.
| Field | Type | Label | Description |
|---|---|---|---|
| displayName | string | A human-readable name for the group to display to users. | |
| description | string | Description for the group. | |
| userSelector | common.portal.gloo.solo.io.Selector | User CRs which match this selector will be considered part of this Group and have access to the resources selected by this Group. | |
| oidcGroup | GroupSpec.OidcGroup | Users belonging to any of the specified OIDC groups will have access to the resources selected by this Group. Users are associated with this group using an OIDC Identity Provider. Utilizing this functionality requires that any Portals accessible to this Group are configured with OIDC Auth. |
|
| accessLevel | AccessLevel | The Group’s access level. Users in this Group will be granted access to these resources. |
GroupSpec.OidcGroup
Config for mapping authenticated OIDC users to a group.
When a User authenticates their identity to a Portal using an OIDC token, we retrieve the groups to which the user belongs from a claim specified in the portal configuration ([portal].spec.oidcAuth.groupClaimKey).
The claim should consist of a string array of group names, provided in JSON format.
For each group name listed in the claim, we find all the Group custom resources that select that group name. A group name is considered to be selected if it is equal to at least one of the groupNames specified by the OidcGroup.
The Group(s) to which the user belongs will be the union of all those matching Groups.
| Field | Type | Label | Description |
|---|---|---|---|
| groupName | string | OIDC group name associated with this Group. Deprecated: Use groupNames (which supports multiple group names) instead. | |
| groupNames | []string | repeated | List of OIDC group names associated with this Group. |
GroupStatus
The current status of the Group. It contains a list of all the users currently selected by the group, as well as all the resources currently selected by the group.
| Field | Type | Label | Description |
|---|---|---|---|
| observedGeneration | int64 | The observed generation of the Group. When this matches the Group’s metadata.generation, it indicates the status is up-to-date. | |
| state | common.portal.gloo.solo.io.State | The current state of the user. | |
| reason | string | A human-readable string explaining the error, if any. | |
| users | []common.portal.gloo.solo.io.ObjectRef | repeated | The User objects that are currently considered to be a part of this Group. Does not include Users connected via OIDC. |
| hasAccessTo | AccessLevelStatus | Represents set of resources that members of the group have access to. |