Remove External Auth, will be add back. Fields that were removed are …

…ExternalAuthConfigProfile ExternalAuthProfile TokenIssuerProfile ExternalAuthClientProfile ExternalAuthClaimProfile ExternalAuthClientComponentProfile TokenClaimMappingsProfile TokenClaimValidationRuleProfile ClaimProfile
Azure · Feb 27, 2025 · 047f6b9 · 047f6b9
1 parent 1e49660
commit 047f6b9
Show file tree

Hide file tree

Showing 13 changed files with 24 additions and 1,103 deletions.
diff --git a/api/redhatopenshift/HcpCluster.Management/hcpCluster-models.tsp b/api/redhatopenshift/HcpCluster.Management/hcpCluster-models.tsp
@@ -94,12 +94,6 @@ model HcpOpenShiftClusterProperties {
    */
   @visibility("read")
   issuerUrl: url;
-
-  /** Configuration to override the openshift-oauth-apiserver inside cluster
-   *  This changes user login into the cluster to external provider
-   */
-  @visibility("create", "read")
-  externalAuth?: ExternalAuthConfigProfile;
 }
 
 /** HCP patchable cluster properties */
@@ -361,119 +355,6 @@ scalar UserAssignedIdentityResourceId
  * =======================================
  */
 
-/*
- * =======================================
- *  ExternalAuth resources
- * =======================================
- */
-
-/** External authentication configuration profile */
-model ExternalAuthConfigProfile {
-  /** This can be set during cluster creation only to ensure there is no openshift-oauth-apiserver in cluster */
-  @visibility("create", "read")
-  enabled?: boolean = false;
-
-  /** This can only be set as a day-2 resource on a separate endpoint to provide a self-managed auth service */
-  @visibility("read")
-  @OpenAPI.extension("x-ms-identifiers", ["issuer", "clients", "claim"])
-  externalAuths: ExternalAuthProfile[];
-}
-
-/** External authentication profile */
-model ExternalAuthProfile {
-  /** Token Issuer profile */
-  issuer: TokenIssuerProfile;
-
-  /** External auth clients */
-  clients: ExternalAuthClientProfile[];
-
-  /** External auth claim */
-  claim: ExternalAuthClaimProfile;
-}
-
-/** Token issuer profile */
-model TokenIssuerProfile {
-  /** The URL of the token issuer */
-  url: url;
-
-  /** The audience of the token issuer */
-  audiences: string[];
-
-  /** The issuer of the token */
-  ca: string;
-}
-
-/** External auth client profile */
-model ExternalAuthClientProfile {
-  /** External auth client component */
-  component: ExternalAuthClientComponentProfile;
-
-  /** external auth client id */
-  id: string;
-
-  /** external auth client secret */
-  @secret
-  secret: string;
-
-  /** external auth client scopes */
-  extraScopes: string[];
-}
-
-/** External auth component profile */
-model ExternalAuthClientComponentProfile {
-  /** The name of the external auth client */
-  name: string;
-
-  /** The namespace of the external auth client */
-  authClientNamespace: string;
-}
-
-/** External auth claim profile */
-model ExternalAuthClaimProfile {
-  /** The claim mappings */
-  mappings: TokenClaimMappingsProfile;
-
-  /** The claim validation rules */
-  @OpenAPI.extension("x-ms-identifiers", ["claim", "requiredValue"])
-  validationRules: TokenClaimValidationRuleProfile[];
-}
-
-/** External auth claim mappings profile */
-model TokenClaimMappingsProfile {
-  /** The claim mappings username */
-  username: ClaimProfile;
-
-  /** The claim mappings groups */
-  groups: ClaimProfile;
-}
-
-/** External auth claim profile */
-model ClaimProfile {
-  /** Claim name of the external profile */
-  claim: string;
-
-  /** Prefix for the claim external profile */
-  prefix: string;
-
-  /** Prefix policy */
-  prefixPolicy: string;
-}
-
-/** External auth claim validation rule */
-model TokenClaimValidationRuleProfile {
-  /** Claim name for the validation profile */
-  claim: string;
-
-  /** Required value */
-  requiredValue: string;
-}
-
-/*
- * =======================================
- *  End ExternalAuth resources
- * =======================================
- */
-
 /*
  * =======================================
  *  NodePool resources

diff --git a/...rce-manager/Microsoft.RedHatOpenShift/hcpclusters/preview/2024-06-10-preview/openapi.json b/...rce-manager/Microsoft.RedHatOpenShift/hcpclusters/preview/2024-06-10-preview/openapi.json
@@ -976,29 +976,6 @@
       },
       "readOnly": true
     },
-    "ClaimProfile": {
-      "type": "object",
-      "description": "External auth claim profile",
-      "properties": {
-        "claim": {
-          "type": "string",
-          "description": "Claim name of the external profile"
-        },
-        "prefix": {
-          "type": "string",
-          "description": "Prefix for the claim external profile"
-        },
-        "prefixPolicy": {
-          "type": "string",
-          "description": "Prefix policy"
-        }
-      },
-      "required": [
-        "claim",
-        "prefix",
-        "prefixPolicy"
-      ]
-    },
     "ConsoleProfile": {
       "type": "object",
       "description": "Configuration of the cluster web console",
@@ -1065,139 +1042,6 @@
         ]
       }
     },
-    "ExternalAuthClaimProfile": {
-      "type": "object",
-      "description": "External auth claim profile",
-      "properties": {
-        "mappings": {
-          "$ref": "#/definitions/TokenClaimMappingsProfile",
-          "description": "The claim mappings"
-        },
-        "validationRules": {
-          "type": "array",
-          "description": "The claim validation rules",
-          "items": {
-            "$ref": "#/definitions/TokenClaimValidationRuleProfile"
-          },
-          "x-ms-identifiers": [
-            "claim",
-            "requiredValue"
-          ]
-        }
-      },
-      "required": [
-        "mappings",
-        "validationRules"
-      ]
-    },
-    "ExternalAuthClientComponentProfile": {
-      "type": "object",
-      "description": "External auth component profile",
-      "properties": {
-        "name": {
-          "type": "string",
-          "description": "The name of the external auth client"
-        },
-        "authClientNamespace": {
-          "type": "string",
-          "description": "The namespace of the external auth client"
-        }
-      },
-      "required": [
-        "name",
-        "authClientNamespace"
-      ]
-    },
-    "ExternalAuthClientProfile": {
-      "type": "object",
-      "description": "External auth client profile",
-      "properties": {
-        "component": {
-          "$ref": "#/definitions/ExternalAuthClientComponentProfile",
-          "description": "External auth client component"
-        },
-        "id": {
-          "type": "string",
-          "description": "external auth client id"
-        },
-        "secret": {
-          "type": "string",
-          "format": "password",
-          "description": "external auth client secret",
-          "x-ms-secret": true
-        },
-        "extraScopes": {
-          "type": "array",
-          "description": "external auth client scopes",
-          "items": {
-            "type": "string"
-          }
-        }
-      },
-      "required": [
-        "component",
-        "id",
-        "secret",
-        "extraScopes"
-      ]
-    },
-    "ExternalAuthConfigProfile": {
-      "type": "object",
-      "description": "External authentication configuration profile",
-      "properties": {
-        "enabled": {
-          "type": "boolean",
-          "description": "This can be set during cluster creation only to ensure there is no openshift-oauth-apiserver in cluster",
-          "default": false,
-          "x-ms-mutability": [
-            "read",
-            "create"
-          ]
-        },
-        "externalAuths": {
-          "type": "array",
-          "description": "This can only be set as a day-2 resource on a separate endpoint to provide a self-managed auth service",
-          "items": {
-            "$ref": "#/definitions/ExternalAuthProfile"
-          },
-          "readOnly": true,
-          "x-ms-identifiers": [
-            "issuer",
-            "clients",
-            "claim"
-          ]
-        }
-      },
-      "required": [
-        "externalAuths"
-      ]
-    },
-    "ExternalAuthProfile": {
-      "type": "object",
-      "description": "External authentication profile",
-      "properties": {
-        "issuer": {
-          "$ref": "#/definitions/TokenIssuerProfile",
-          "description": "Token Issuer profile"
-        },
-        "clients": {
-          "type": "array",
-          "description": "External auth clients",
-          "items": {
-            "$ref": "#/definitions/ExternalAuthClientProfile"
-          }
-        },
-        "claim": {
-          "$ref": "#/definitions/ExternalAuthClaimProfile",
-          "description": "External auth claim"
-        }
-      },
-      "required": [
-        "issuer",
-        "clients",
-        "claim"
-      ]
-    },
     "HcpOpenShiftClusterCredentials": {
       "type": "object",
       "description": "HCP cluster credentials",
@@ -1412,14 +1256,6 @@
           "format": "uri",
           "description": "URL for the OIDC provider to be used for authentication\nto authenticate against user Azure cloud account",
           "readOnly": true
-        },
-        "externalAuth": {
-          "$ref": "#/definitions/ExternalAuthConfigProfile",
-          "description": "Configuration to override the openshift-oauth-apiserver inside cluster\nThis changes user login into the cluster to external provider",
-          "x-ms-mutability": [
-            "read",
-            "create"
-          ]
         }
       },
       "required": [
@@ -2023,69 +1859,6 @@
         }
       }
     },
-    "TokenClaimMappingsProfile": {
-      "type": "object",
-      "description": "External auth claim mappings profile",
-      "properties": {
-        "username": {
-          "$ref": "#/definitions/ClaimProfile",
-          "description": "The claim mappings username"
-        },
-        "groups": {
-          "$ref": "#/definitions/ClaimProfile",
-          "description": "The claim mappings groups"
-        }
-      },
-      "required": [
-        "username",
-        "groups"
-      ]
-    },
-    "TokenClaimValidationRuleProfile": {
-      "type": "object",
-      "description": "External auth claim validation rule",
-      "properties": {
-        "claim": {
-          "type": "string",
-          "description": "Claim name for the validation profile"
-        },
-        "requiredValue": {
-          "type": "string",
-          "description": "Required value"
-        }
-      },
-      "required": [
-        "claim",
-        "requiredValue"
-      ]
-    },
-    "TokenIssuerProfile": {
-      "type": "object",
-      "description": "Token issuer profile",
-      "properties": {
-        "url": {
-          "type": "string",
-          "format": "uri",
-          "description": "The URL of the token issuer"
-        },
-        "audiences": {
-          "type": "array",
-          "description": "The audience of the token issuer",
-          "items": {
-            "type": "string"
-          }
-        },
-        "ca": {
-          "type": "string",
-          "description": "The issuer of the token"
-        }
-      },
-      "required": [
-        "url",
-        "audiences",
-        "ca"
-      ]
-    },
     "UserAssignedIdentitiesProfile": {
       "type": "object",
       "description": "Represents the information related to Azure User-Assigned managed identities needed\nto perform Operators authentication based on Azure User-Assigned Managed Identities",