Table of Contents
A Group can be use to define access levels for a set of users.
|displayName||string||A human-readable name for the group to display to users.|
|description||string||Description for the group.|
|userSelector||common.portal.gloo.solo.io.Selector||User CRs which match this selector will be considered part of this Group and have access to the Portals and APIDocs selected in this Group.|
|oidcGroup||GroupSpec.OidcGroup||Users are associated to this group using an OIDC Identity Provider. Utilizing This functionality requires that any Portals accessible to this Group are configured with OIDC Auth.|
|accessLevel||AccessLevel||The Group’s access level. Users in this Group will be granted access to these Portals and APIDocs.|
config for mapping authenticated OIDC users to a group
|groupName||string||When Users authenticate their identity to a Portal using an OIDC token, the Group(s) to which that user belongs will be retrieved from a claim specified in the portal configuration (
The claim should consist of a string array of group names, provided in JSON format. Each group name corresponds to the groupName provided here.
Each groupName must be unique across Groups which share access to a Portal. If a group name is shared by more than one Group which has access to a Portal, the Group will be rejected.
The current status of the Group. It contains a list of all the users currently selected in the group, as well as all the APIDocs currently selected in the group.
|observedGeneration||int64||The observed generation of the Group. When this matches the Group’s metadata.generation, it indicates the status is up-to-date.|
|state||common.portal.gloo.solo.io.State||The current state of the user.|
|reason||string||A human-readable string explaining the error, if any.|
|users||common.portal.gloo.solo.io.ObjectRef||repeated||The User objects that are currently considered to be a part of this Group. Does not include Users connected via OIDC.|
|hasAccessTo||AccessLevelStatus||Represents set of resources that members of the group have access to.|