From fb6d52d4f33fb71893792ef1e277f0281192a59d Mon Sep 17 00:00:00 2001 From: Andrew Block Date: Thu, 26 Feb 2026 03:58:16 -0600 Subject: [PATCH] IBM Security Verify generation Signed-off-by: Andrew Block --- api/v1alpha1/zz_generated.deepcopy.go | 45 +++++++++ .../bases/redhatcop.redhat.io_groupsyncs.yaml | 93 +++++++++---------- ...p-sync-operator.clusterserviceversion.yaml | 53 ++++++++++- 3 files changed, 142 insertions(+), 49 deletions(-) diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 2a9bff97..c975a37f 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -273,6 +273,46 @@ func (in *GroupSyncStatus) DeepCopy() *GroupSyncStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IbmSecurityVerifyProvider) DeepCopyInto(out *IbmSecurityVerifyProvider) { + *out = *in + if in.CredentialsSecret != nil { + in, out := &in.CredentialsSecret, &out.CredentialsSecret + *out = new(ObjectRef) + **out = **in + } + if in.Groups != nil { + in, out := &in.Groups, &out.Groups + *out = make([]IsvGroupSpec, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IbmSecurityVerifyProvider. +func (in *IbmSecurityVerifyProvider) DeepCopy() *IbmSecurityVerifyProvider { + if in == nil { + return nil + } + out := new(IbmSecurityVerifyProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IsvGroupSpec) DeepCopyInto(out *IsvGroupSpec) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IsvGroupSpec. +func (in *IsvGroupSpec) DeepCopy() *IsvGroupSpec { + if in == nil { + return nil + } + out := new(IsvGroupSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KeycloakProvider) DeepCopyInto(out *KeycloakProvider) { *out = *in @@ -476,6 +516,11 @@ func (in *ProviderType) DeepCopyInto(out *ProviderType) { *out = new(OktaProvider) (*in).DeepCopyInto(*out) } + if in.IbmSecurityVerify != nil { + in, out := &in.IbmSecurityVerify, &out.IbmSecurityVerify + *out = new(IbmSecurityVerifyProvider) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderType. diff --git a/config/crd/bases/redhatcop.redhat.io_groupsyncs.yaml b/config/crd/bases/redhatcop.redhat.io_groupsyncs.yaml index 6ad9936c..96e7998e 100644 --- a/config/crd/bases/redhatcop.redhat.io_groupsyncs.yaml +++ b/config/crd/bases/redhatcop.redhat.io_groupsyncs.yaml @@ -337,6 +337,51 @@ spec: required: - credentialsSecret type: object + ibmsecurityverify: + description: IbmSecurityVerify represents the IBM Security Verify provider + properties: + credentialsSecret: + description: CredentialsSecret is a reference to a secret containing authentication details for the IBM Security Verify server + properties: + key: + description: Key represents the specific key to reference from the resource + type: string + kind: + default: Secret + description: Kind is a string value representing the resource type + enum: + - ConfigMap + - Secret + type: string + name: + description: Name represents the name of the resource + type: string + namespace: + description: Namespace represents the namespace containing the resource + type: string + required: + - name + - namespace + type: object + groups: + description: Groups is the list of ISV groups to synchronize + items: + properties: + id: + description: The ID of the group as defined in IBM Security Verify. This value can be found by using the API. + type: string + name: + description: The display name of the group as defined in IBM Security Verify + type: string + type: object + type: array + tenantUrl: + description: TenantURL is the location of the IBM Security Verify tenant + type: string + required: + - credentialsSecret + - tenantUrl + type: object keycloak: description: Keycloak represents the Keycloak provider properties: @@ -440,54 +485,6 @@ spec: - realm - url type: object - ibmsecurityverify: - description: The IBM Security Verify (ISV) provider - properties: - credentialsSecret: - description: CredentialsSecret is a reference to a secret containing authentication details for the ISV server - properties: - key: - description: Key represents the specific key to reference from the resource - type: string - kind: - default: Secret - description: Kind is a string value representing the resource type - enum: - - ConfigMap - - Secret - type: string - name: - description: Name represents the name of the resource - type: string - namespace: - description: Namespace represents the namespace containing the resource - type: string - required: - - name - - namespace - type: object - groups: - description: The ISV groups to synchronize - type: array - items: - type: object - properties: - name: - description: Name of the ISV group - type: string - id: - description: ID of the ISV group - type: string - required: - - id - tenantUrl: - description: URL for the ISV server of the tenant - type: string - required: - - credentialsSecret - - tenantUrl - - groups - type: object ldap: description: Ldap represents the LDAP provider properties: diff --git a/config/manifests/bases/group-sync-operator.clusterserviceversion.yaml b/config/manifests/bases/group-sync-operator.clusterserviceversion.yaml index 6447dcf1..a15175d7 100644 --- a/config/manifests/bases/group-sync-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/group-sync-operator.clusterserviceversion.yaml @@ -398,6 +398,57 @@ spec: path: providers[0].gitlab.url x-descriptors: - urn:alm:descriptor:com.tectonic.ui:text + - description: IbmSecurityVerify represents the IBM Security Verify provider + displayName: IBM Security Verify + path: providers[0].ibmsecurityverify + - description: CredentialsSecret is a reference to a secret containing authentication + details for the IBM Security Verify server + displayName: Secret Containing the Credentials + path: providers[0].ibmsecurityverify.credentialsSecret + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: Key represents the specific key to reference from the resource + displayName: Key + path: providers[0].ibmsecurityverify.credentialsSecret.key + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Kind is a string value representing the resource type + displayName: Kind + path: providers[0].ibmsecurityverify.credentialsSecret.kind + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:ConfigMap + - urn:alm:descriptor:com.tectonic.ui:select:Secret + - description: Name represents the name of the resource + displayName: Name + path: providers[0].ibmsecurityverify.credentialsSecret.name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Namespace represents the namespace containing the resource + displayName: Namespace + path: providers[0].ibmsecurityverify.credentialsSecret.namespace + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Groups is the list of ISV groups to synchronize + displayName: Groups to Synchronize + path: providers[0].ibmsecurityverify.groups + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: The ID of the group as defined in IBM Security Verify. This value + can be found by using the API. + displayName: Id + path: providers[0].ibmsecurityverify.groups[0].id + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: The display name of the group as defined in IBM Security Verify + displayName: Name + path: providers[0].ibmsecurityverify.groups[0].name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: TenantURL is the location of the IBM Security Verify tenant + displayName: Tenant URL + path: providers[0].ibmsecurityverify.tenantUrl + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text - description: Keycloak represents the Keycloak provider displayName: Keycloak Provider path: providers[0].keycloak @@ -1163,7 +1214,7 @@ spec: ```shell oc create secret generic okta-api-token --from-literal=okta-api-token= -n group-sync-operator ``` - + ### IBM Security Verify Groups defined in [IBM Security Verify](https://help.okta.com/en/prod/Content/Topics/users-groups-profiles/usgp-main.htm) (ISV) can be synchronized into OpenShift. Currently only the `userName` field from ISV will be synchronized. The developer docs for the ISV API can be found [here](https://docs.verify.ibm.com/verify/page/api-documentation).