Package :



Table of Contents


A Group can be use to define access levels for a set of users.

Field Type Label Description
displayName string A human-readable name for the group to display to users.
description string Description for the group.
userSelector User CRs which match this selector will be considered part of this Group and have access to the Portals and APIDocs selected in this Group.
oidcGroup GroupSpec.OidcGroup Users are associated to this group using an OIDC Identity Provider. Utilizing this functionality requires that any Portals accessible to this Group are configured with OIDC Auth.
accessLevel AccessLevel The Group’s access level. Users in this Group will be granted access to these Portals and APIDocs.


config for mapping authenticated OIDC users to a group

Field Type Label Description
groupName string When Users authenticate their identity to a Portal using an OIDC token, the Group(s) to which that user belongs will be retrieved from a claim specified in the portal configuration (.spec.oidcAuth.groupClaimName).
The claim should consist of a string array of group names, provided in JSON format. Each group name corresponds to the groupName provided here.
Each groupName must be unique across Groups which share access to a Portal. If a group name is shared by more than one Group which has access to a Portal, the Group will be rejected.


The current status of the Group. It contains a list of all the users currently selected in the group, as well as all the APIDocs currently selected in the group.

Field Type Label Description
observedGeneration int64 The observed generation of the Group. When this matches the Group’s metadata.generation, it indicates the status is up-to-date.
state The current state of the user.
reason string A human-readable string explaining the error, if any.
users [] repeated The User objects that are currently considered to be a part of this Group. Does not include Users connected via OIDC.
hasAccessTo AccessLevelStatus Represents set of resources that members of the group have access to.