diff --git a/charts/atlas-operator-crds/Chart.yaml b/charts/atlas-operator-crds/Chart.yaml index eec15fa..f45b76e 100644 --- a/charts/atlas-operator-crds/Chart.yaml +++ b/charts/atlas-operator-crds/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: mongodb-atlas-operator-crds description: MongoDB Atlas Operator CRDs - Helm chart for installing and upgrading Custom Resource Definitions (CRDs) for the Atlas Operator. type: application -version: 2.5.0 -appVersion: 2.5.0 +version: 2.6.0 +appVersion: 2.6.0 kubeVersion: ">=1.15.0-0" keywords: - mongodb diff --git a/charts/atlas-operator-crds/templates/atlas.mongodb.com_atlascustomroles.yaml b/charts/atlas-operator-crds/templates/atlas.mongodb.com_atlascustomroles.yaml index 2280cd8..0a1074d 100644 --- a/charts/atlas-operator-crds/templates/atlas.mongodb.com_atlascustomroles.yaml +++ b/charts/atlas-operator-crds/templates/atlas.mongodb.com_atlascustomroles.yaml @@ -26,15 +26,16 @@ spec: - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string - - jsonPath: .spec.name + - jsonPath: .spec.role.name name: Name type: string - - jsonPath: .status.project.id + - jsonPath: .spec.projectIDRef.id name: Project ID type: string name: v1 schema: openAPIV3Schema: + description: AtlasCustomRole is the Schema for the AtlasCustomRole API properties: apiVersion: description: |- @@ -54,43 +55,9 @@ spec: metadata: type: object spec: - description: AtlasCustomRoleSpec + description: AtlasCustomRoleSpec defines the desired state of CustomRole + in Atlas properties: - actions: - description: List of the individual privilege actions that the role - grants. - items: - properties: - name: - description: Human-readable label that identifies the privilege - action. - type: string - resources: - description: List of resources on which you grant the action. - items: - properties: - cluster: - description: Flag that indicates whether to grant the - action on the cluster resource. If true, MongoDB Cloud - ignores Database and Collection parameters. - type: boolean - collection: - description: Human-readable label that identifies the - collection on which you grant the action to one MongoDB - user. - type: string - database: - description: Human-readable label that identifies the - database on which you grant the action to one MongoDB - user. - type: string - type: object - type: array - required: - - name - - resources - type: object - type: array connectionSecret: description: Name of the secret containing Atlas API private and public keys @@ -103,39 +70,103 @@ spec: required: - name type: object - inheritedRoles: - description: List of the built-in roles that this custom role inherits. - items: - properties: - database: - description: Human-readable label that identifies the database - on which someone grants the action to one MongoDB user. - type: string - name: - description: Human-readable label that identifies the role inherited. - type: string - required: - - database - - name - type: object - type: array - name: - description: Name of the custom role - type: string - projectIDRef: - description: ID of the Atlas Project this role is attached to + externalProjectRef: + description: Optional ID of the Atlas Project this role is attached + to. Mutually exclusive with "projectRef" field properties: id: description: ID is the Atlas project ID - pattern: ^([a-f0-9]{24})$ type: string required: - id type: object + projectRef: + description: Optional reference to an AtlasProject custom resource. + Mutually exclusive with "externalProjectRef" field + properties: + name: + description: Name is the name of the Kubernetes Resource + type: string + namespace: + description: Namespace is the namespace of the Kubernetes Resource + type: string + required: + - name + type: object + role: + properties: + actions: + description: List of the individual privilege actions that the + role grants. + items: + properties: + name: + description: Human-readable label that identifies the privilege + action. + type: string + resources: + description: List of resources on which you grant the action. + items: + properties: + cluster: + description: Flag that indicates whether to grant + the action on the cluster resource. If true, MongoDB + Cloud ignores Database and Collection parameters. + type: boolean + collection: + description: Human-readable label that identifies + the collection on which you grant the action to + one MongoDB user. + type: string + database: + description: Human-readable label that identifies + the database on which you grant the action to one + MongoDB user. + type: string + type: object + type: array + required: + - name + - resources + type: object + type: array + inheritedRoles: + description: List of the built-in roles that this custom role + inherits. + items: + properties: + database: + description: Human-readable label that identifies the database + on which someone grants the action to one MongoDB user. + type: string + name: + description: Human-readable label that identifies the role + inherited. + type: string + required: + - database + - name + type: object + type: array + name: + description: Human-readable label that identifies the role. This + name must be unique for this custom role in this project. + type: string + required: + - name + type: object required: - - name - - projectIDRef + - role type: object + x-kubernetes-validations: + - message: must define only one project reference through externalProjectRef + or projectRef + rule: (has(self.externalProjectRef) && !has(self.projectRef)) || (!has(self.externalProjectRef) + && has(self.projectRef)) + - message: must define a local connection secret when referencing an external + project + rule: (has(self.externalProjectRef) && has(self.connectionSecret)) || + !has(self.externalProjectRef) status: description: |- AtlasCustomRoleStatus is a status for the AtlasCustomRole Custom resource. @@ -177,15 +208,6 @@ spec: The Atlas Operator updates this field to the 'metadata.generation' as soon as it starts reconciliation of the resource. format: int64 type: integer - project: - properties: - id: - type: string - ready: - type: boolean - type: object - roleStatus: - type: string required: - conditions type: object diff --git a/charts/atlas-operator-crds/templates/atlas.mongodb.com_atlasdatabaseusers.yaml b/charts/atlas-operator-crds/templates/atlas.mongodb.com_atlasdatabaseusers.yaml index 7a73c9c..4d9cec1 100644 --- a/charts/atlas-operator-crds/templates/atlas.mongodb.com_atlasdatabaseusers.yaml +++ b/charts/atlas-operator-crds/templates/atlas.mongodb.com_atlasdatabaseusers.yaml @@ -71,8 +71,8 @@ spec: - ROLE type: string connectionSecret: - description: LocalObjectReference is a reference to an object in the - same namespace as the referent + description: Name of the secret containing Atlas API private and public + keys properties: name: description: |- @@ -84,8 +84,11 @@ spec: type: object databaseName: default: admin - description: DatabaseName is a Database against which Atlas authenticates - the user. Default value is 'admin'. + description: |- + DatabaseName is a Database against which Atlas authenticates the user. + If the user authenticates with AWS IAM, x.509, LDAP, or OIDC Workload this value should be '$external'. + If the user authenticates with SCRAM-SHA or OIDC Workforce, this value should be 'admin'. + Default value is 'admin'. type: string deleteAfterDate: description: |- @@ -123,13 +126,13 @@ spec: oidcAuthType: default: NONE description: |- - Human-readable label that indicates whether the new database Username - with OIDC federated authentication. - To create a federated authentication user, specify the value - of IDP_GROUP for this field + Human-readable label that indicates whether the new database Username with OIDC federated authentication. + To create a federated authentication group (Workforce), specify the value of IDP_GROUP in this field. + To create a federated authentication user (Workload), specify the value of USER in this field. enum: - NONE - IDP_GROUP + - USER type: string passwordSecretRef: description: PasswordSecret is a reference to the Secret keeping the @@ -212,7 +215,7 @@ spec: Username is a username for authenticating to MongoDB Human-readable label that represents the user that authenticates to MongoDB. The format of this label depends on the method of authentication: In case of AWS IAM: the value should be AWS ARN for the IAM User/Role; - In case of OIDC: the value should be the Identity Provider ID; + In case of OIDC Workload or Workforce: the value should be the Atlas OIDC IdP ID, followed by a '/', followed by the IdP group name; In case of Plain text auth: the value can be anything maxLength: 1024 type: string diff --git a/charts/atlas-operator-crds/templates/atlas.mongodb.com_atlasdeployments.yaml b/charts/atlas-operator-crds/templates/atlas.mongodb.com_atlasdeployments.yaml index 6d66f01..e6ee580 100644 --- a/charts/atlas-operator-crds/templates/atlas.mongodb.com_atlasdeployments.yaml +++ b/charts/atlas-operator-crds/templates/atlas.mongodb.com_atlasdeployments.yaml @@ -72,8 +72,8 @@ spec: - name type: object connectionSecret: - description: LocalObjectReference is a reference to an object in the - same namespace as the referent + description: Name of the secret containing Atlas API private and public + keys properties: name: description: |- diff --git a/charts/atlas-operator-crds/templates/atlas.mongodb.com_atlasfederatedauths.yaml b/charts/atlas-operator-crds/templates/atlas.mongodb.com_atlasfederatedauths.yaml index f4ee62a..0d51e4f 100644 --- a/charts/atlas-operator-crds/templates/atlas.mongodb.com_atlasfederatedauths.yaml +++ b/charts/atlas-operator-crds/templates/atlas.mongodb.com_atlasfederatedauths.yaml @@ -64,6 +64,13 @@ spec: required: - name type: object + dataAccessIdentityProviders: + description: |- + The collection of unique ids representing the identity providers that can be used for data access in this organization. + Currently connected data access identity providers missing from the this field will be disconnected. + items: + type: string + type: array domainAllowList: description: Approved domains that restrict users who can join the organization based on their email address. diff --git a/charts/atlas-operator-crds/templates/atlas.mongodb.com_atlasprivateendpoints.yaml b/charts/atlas-operator-crds/templates/atlas.mongodb.com_atlasprivateendpoints.yaml index d915d9a..18b2c2c 100644 --- a/charts/atlas-operator-crds/templates/atlas.mongodb.com_atlasprivateendpoints.yaml +++ b/charts/atlas-operator-crds/templates/atlas.mongodb.com_atlasprivateendpoints.yaml @@ -18,7 +18,7 @@ spec: listKind: AtlasPrivateEndpointList plural: atlasprivateendpoints shortNames: - - pe + - ape singular: atlasprivateendpoint scope: Namespaced versions: @@ -77,6 +77,9 @@ spec: - id type: object type: array + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map azureConfiguration: description: AzureConfiguration is the specific Azure settings for the private endpoint @@ -97,9 +100,12 @@ spec: - ipAddress type: object type: array + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map connectionSecret: - description: LocalObjectReference is a reference to an object in the - same namespace as the referent + description: Name of the secret containing Atlas API private and public + keys properties: name: description: |- @@ -160,6 +166,9 @@ spec: - projectId type: object type: array + x-kubernetes-list-map-keys: + - groupName + x-kubernetes-list-type: map projectRef: description: Project is a reference to AtlasProject resource the user belongs to diff --git a/charts/atlas-operator/Chart.yaml b/charts/atlas-operator/Chart.yaml index 10c18d4..787973b 100644 --- a/charts/atlas-operator/Chart.yaml +++ b/charts/atlas-operator/Chart.yaml @@ -3,8 +3,8 @@ name: mongodb-atlas-operator description: |- MongoDB Atlas Operator - a Helm chart for installing and upgrading Atlas Operator: the official Kubernetes operator allowing to manage MongoDB Atlas resources from Kubernetes type: application -version: 2.5.0 -appVersion: 2.5.0 +version: 2.6.0 +appVersion: 2.6.0 kubeVersion: ">=1.15.0-0" keywords: - mongodb @@ -19,6 +19,6 @@ maintainers: email: support@mongodb.com dependencies: - name: mongodb-atlas-operator-crds - version: "2.5.0" + version: "2.6.0" repository: "https://mongodb.github.io/helm-charts" condition: mongodb-atlas-operator-crds.enabled