[OIDC] Fix CRD field descriptions (#183)

MaciejKaras · web-flow · commit 34a3bfcce305 · 2025-06-09T12:41:33.000+02:00
# Summary Updates CRD fields descriptions related to OIDC. ## Proof of Work Only documentation change. ## Checklist - [ ] Have you linked a jira ticket and/or is the ticket in the title? - [ ] Have you checked whether your jira ticket required DOCSP changes? - [ ] Have you checked for release_note changes? ## Reminder (Please remove this when merging) - Please try to Approve or Reject Changes the PR, keep PRs in review as short as possible - Our Short Guide for PRs: [Link](https://docs.google.com/document/d/1T93KUtdvONq43vfTfUt8l92uo4e4SEEvFbIEKOxGr44/edit?tab=t.0) - Remember the following Communication Standards - use comment prefixes for clarity: * **blocking**: Must be addressed before approval. * **follow-up**: Can be addressed in a later PR or ticket. * **q**: Clarifying question. * **nit**: Non-blocking suggestions. * **note**: Side-note, non-actionable. Example: Praise * --> no prefix is considered a question
diff --git a/api/v1/mdb/mongodb_types.go b/api/v1/mdb/mongodb_types.go
@@ -1061,20 +1061,18 @@ type Ldap struct {
 }
 
 type OIDCProviderConfig struct {
-	// Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when
-	// creating users and roles for authorization. It is case-sensitive and can only contain the following characters:
+	// Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters:
 	//  - alphanumeric characters (combination of a to z and 0 to 9)
 	//  - hyphens (-)
 	//  - underscores (_)
 	// +kubebuilder:validation:Pattern="^[a-zA-Z0-9-_]+$"
 	// +kubebuilder:validation:Required
 	ConfigurationName string `json:"configurationName"`
 
-	// Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider
+	// Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider
 	// Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
 	// For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
 	// For other MongoDB versions, the issuerURI itself must be unique.
-
 	// +kubebuilder:validation:Required
 	IssuerURI string `json:"issuerURI"`
 
@@ -1095,13 +1093,12 @@ type OIDCProviderConfig struct {
 	UserClaim string `json:"userClaim"`
 
 	// The identifier of the claim that includes the principal's IdP user group membership information.
-	// Accept the default value unless your IdP uses a different claim, or you need a custom claim.
 	// Required when selected GroupMembership as the authorization type, ignored otherwise
 	// +kubebuilder:validation:Optional
 	GroupsClaim *string `json:"groupsClaim"`
 
-	// Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation.
-	// For programmatic, application access to Ops Manager deployments use Workload Identity Federation.
+	// Configure single-sign-on for human user access to deployments with Workforce Identity Federation.
+	// For programmatic, application access to deployments use Workload Identity Federation.
 	// Only one Workforce Identity Federation IdP can be configured per MongoDB resource
 	// +kubebuilder:validation:Required
 	AuthorizationMethod OIDCAuthorizationMethod `json:"authorizationMethod"`
diff --git a/config/crd/bases/mongodb.com_mongodb.yaml b/config/crd/bases/mongodb.com_mongodb.yaml
@@ -1535,8 +1535,8 @@ spec:
                               type: string
                             authorizationMethod:
                               description: |-
-                                Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation.
-                                For programmatic, application access to Ops Manager deployments use Workload Identity Federation.
+                                Configure single-sign-on for human user access to deployments with Workforce Identity Federation.
+                                For programmatic, application access to deployments use Workload Identity Federation.
                                 Only one Workforce Identity Federation IdP can be configured per MongoDB resource
                               enum:
                               - WorkforceIdentityFederation
@@ -1558,8 +1558,7 @@ spec:
                               type: string
                             configurationName:
                               description: |-
-                                Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when
-                                creating users and roles for authorization. It is case-sensitive and can only contain the following characters:
+                                Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters:
                                  - alphanumeric characters (combination of a to z and 0 to 9)
                                  - hyphens (-)
                                  - underscores (_)
@@ -1568,12 +1567,11 @@ spec:
                             groupsClaim:
                               description: |-
                                 The identifier of the claim that includes the principal's IdP user group membership information.
-                                Accept the default value unless your IdP uses a different claim, or you need a custom claim.
                                 Required when selected GroupMembership as the authorization type, ignored otherwise
                               type: string
                             issuerURI:
                               description: |-
-                                Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider
+                                Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider
                                 Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
                                 For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
                                 For other MongoDB versions, the issuerURI itself must be unique.
diff --git a/config/crd/bases/mongodb.com_mongodbmulticluster.yaml b/config/crd/bases/mongodb.com_mongodbmulticluster.yaml
@@ -795,8 +795,8 @@ spec:
                               type: string
                             authorizationMethod:
                               description: |-
-                                Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation.
-                                For programmatic, application access to Ops Manager deployments use Workload Identity Federation.
+                                Configure single-sign-on for human user access to deployments with Workforce Identity Federation.
+                                For programmatic, application access to deployments use Workload Identity Federation.
                                 Only one Workforce Identity Federation IdP can be configured per MongoDB resource
                               enum:
                               - WorkforceIdentityFederation
@@ -818,8 +818,7 @@ spec:
                               type: string
                             configurationName:
                               description: |-
-                                Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when
-                                creating users and roles for authorization. It is case-sensitive and can only contain the following characters:
+                                Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters:
                                  - alphanumeric characters (combination of a to z and 0 to 9)
                                  - hyphens (-)
                                  - underscores (_)
@@ -828,12 +827,11 @@ spec:
                             groupsClaim:
                               description: |-
                                 The identifier of the claim that includes the principal's IdP user group membership information.
-                                Accept the default value unless your IdP uses a different claim, or you need a custom claim.
                                 Required when selected GroupMembership as the authorization type, ignored otherwise
                               type: string
                             issuerURI:
                               description: |-
-                                Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider
+                                Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider
                                 Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
                                 For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
                                 For other MongoDB versions, the issuerURI itself must be unique.
diff --git a/config/crd/bases/mongodb.com_opsmanagers.yaml b/config/crd/bases/mongodb.com_opsmanagers.yaml
@@ -857,8 +857,8 @@ spec:
                                   type: string
                                 authorizationMethod:
                                   description: |-
-                                    Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation.
-                                    For programmatic, application access to Ops Manager deployments use Workload Identity Federation.
+                                    Configure single-sign-on for human user access to deployments with Workforce Identity Federation.
+                                    For programmatic, application access to deployments use Workload Identity Federation.
                                     Only one Workforce Identity Federation IdP can be configured per MongoDB resource
                                   enum:
                                   - WorkforceIdentityFederation
@@ -880,8 +880,7 @@ spec:
                                   type: string
                                 configurationName:
                                   description: |-
-                                    Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when
-                                    creating users and roles for authorization. It is case-sensitive and can only contain the following characters:
+                                    Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters:
                                      - alphanumeric characters (combination of a to z and 0 to 9)
                                      - hyphens (-)
                                      - underscores (_)
@@ -890,13 +889,14 @@ spec:
                                 groupsClaim:
                                   description: |-
                                     The identifier of the claim that includes the principal's IdP user group membership information.
-                                    Accept the default value unless your IdP uses a different claim, or you need a custom claim.
                                     Required when selected GroupMembership as the authorization type, ignored otherwise
                                   type: string
                                 issuerURI:
                                   description: |-
-                                    Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider
+                                    Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider
                                     Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
+                                    For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
+                                    For other MongoDB versions, the issuerURI itself must be unique.
                                   type: string
                                 requestedScopes:
                                   description: |-
diff --git a/helm_chart/crds/mongodb.com_mongodb.yaml b/helm_chart/crds/mongodb.com_mongodb.yaml
@@ -1535,8 +1535,8 @@ spec:
                               type: string
                             authorizationMethod:
                               description: |-
-                                Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation.
-                                For programmatic, application access to Ops Manager deployments use Workload Identity Federation.
+                                Configure single-sign-on for human user access to deployments with Workforce Identity Federation.
+                                For programmatic, application access to deployments use Workload Identity Federation.
                                 Only one Workforce Identity Federation IdP can be configured per MongoDB resource
                               enum:
                               - WorkforceIdentityFederation
@@ -1558,8 +1558,7 @@ spec:
                               type: string
                             configurationName:
                               description: |-
-                                Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when
-                                creating users and roles for authorization. It is case-sensitive and can only contain the following characters:
+                                Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters:
                                  - alphanumeric characters (combination of a to z and 0 to 9)
                                  - hyphens (-)
                                  - underscores (_)
@@ -1568,12 +1567,11 @@ spec:
                             groupsClaim:
                               description: |-
                                 The identifier of the claim that includes the principal's IdP user group membership information.
-                                Accept the default value unless your IdP uses a different claim, or you need a custom claim.
                                 Required when selected GroupMembership as the authorization type, ignored otherwise
                               type: string
                             issuerURI:
                               description: |-
-                                Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider
+                                Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider
                                 Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
                                 For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
                                 For other MongoDB versions, the issuerURI itself must be unique.
diff --git a/helm_chart/crds/mongodb.com_mongodbmulticluster.yaml b/helm_chart/crds/mongodb.com_mongodbmulticluster.yaml
@@ -795,8 +795,8 @@ spec:
                               type: string
                             authorizationMethod:
                               description: |-
-                                Configure single-sign-on for human user access to Ops Manager deployments with Workforce Identity Federation.
-                                For programmatic, application access to Ops Manager deployments use Workload Identity Federation.
+                                Configure single-sign-on for human user access to deployments with Workforce Identity Federation.
+                                For programmatic, application access to deployments use Workload Identity Federation.
                                 Only one Workforce Identity Federation IdP can be configured per MongoDB resource
                               enum:
                               - WorkforceIdentityFederation
@@ -818,8 +818,7 @@ spec:
                               type: string
                             configurationName:
                               description: |-
-                                Unique label that identifies this configuration. This label is visible to your Ops Manager users and is used when
-                                creating users and roles for authorization. It is case-sensitive and can only contain the following characters:
+                                Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters:
                                  - alphanumeric characters (combination of a to z and 0 to 9)
                                  - hyphens (-)
                                  - underscores (_)
@@ -828,12 +827,11 @@ spec:
                             groupsClaim:
                               description: |-
                                 The identifier of the claim that includes the principal's IdP user group membership information.
-                                Accept the default value unless your IdP uses a different claim, or you need a custom claim.
                                 Required when selected GroupMembership as the authorization type, ignored otherwise
                               type: string
                             issuerURI:
                               description: |-
-                                Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider
+                                Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider
                                 Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
                                 For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
                                 For other MongoDB versions, the issuerURI itself must be unique.
diff --git a/helm_chart/crds/mongodb.com_opsmanagers.yaml b/helm_chart/crds/mongodb.com_opsmanagers.yaml
diff --git a/public/crds.yaml b/public/crds.yaml
