group.proto
Package : portal.gloo.solo.io
group.proto
Table of Contents
GroupSpec
A Group can be use to define access levels for a set of users.
| Field | Type | Label | Description |
|---|---|---|---|
| displayName | string | A human-readable name for the group to display to users. | |
| description | string | Description for the group. | |
| userSelector | common.portal.gloo.solo.io.Selector | User CRs which match this selector will be considered part of this Group and have access to the Portals and APIDocs selected in this Group. | |
| oidcGroup | GroupSpec.OidcGroup | Users are associated to this group using an OIDC Identity Provider. Utilizing this functionality requires that any Portals accessible to this Group are configured with OIDC Auth. | |
| accessLevel | AccessLevel | The Group’s access level. Users in this Group will be granted access to these Portals and APIDocs. |
GroupSpec.OidcGroup
config for mapping authenticated OIDC users to a group
| Field | Type | Label | Description |
|---|---|---|---|
| groupName | string | When Users authenticate their identity to a Portal using an OIDC token, the Group(s) to which that user belongs will be retrieved from a claim specified in the portal configuration ( The claim should consist of a string array of group names, provided in JSON format. Each group name corresponds to the groupName provided here. Each groupName must be unique across Groups which share access to a Portal. If a group name is shared by more than one Group which has access to a Portal, the Group will be rejected. |
GroupStatus
The current status of the Group. It contains a list of all the users currently selected in the group, as well as all the APIDocs currently selected in the group.
| Field | Type | Label | Description |
|---|---|---|---|
| observedGeneration | int64 | The observed generation of the Group. When this matches the Group’s metadata.generation, it indicates the status is up-to-date. | |
| state | common.portal.gloo.solo.io.State | The current state of the user. | |
| reason | string | A human-readable string explaining the error, if any. | |
| users | []common.portal.gloo.solo.io.ObjectRef | repeated | The User objects that are currently considered to be a part of this Group. Does not include Users connected via OIDC. |
| hasAccessTo | AccessLevelStatus | Represents set of resources that members of the group have access to. |