Add issuerURI validation rules to description. (#166)

anandsyncs · web-flow · commit 4e0d75559d4e · 2025-05-28T16:08:26.000+02:00
# Summary
Added this explanation to issuerURI description to make sure that the
necessary validations are clear.
` For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and
audience must be unique across OIDC provider configurations.
For other MongoDB versions, the issuerURI itself must be unique.`
diff --git a/api/v1/mdb/mongodb_types.go b/api/v1/mdb/mongodb_types.go
@@ -1067,6 +1067,9 @@ type OIDCProviderConfig struct {
 
 	// Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider
 	// Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
+	// For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
+	// For other MongoDB versions, the issuerURI itself must be unique.
+
 	// +kubebuilder:validation:Required
 	IssuerURI string `json:"issuerURI"`
 
diff --git a/config/crd/bases/mongodb.com_mongodb.yaml b/config/crd/bases/mongodb.com_mongodb.yaml
@@ -1576,6 +1576,8 @@ spec:
                               description: |-
                                 Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider
                                 Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
+                                For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
+                                For other MongoDB versions, the issuerURI itself must be unique.
                               type: string
                             requestedScopes:
                               description: |-
diff --git a/config/crd/bases/mongodb.com_mongodbmulticluster.yaml b/config/crd/bases/mongodb.com_mongodbmulticluster.yaml
@@ -836,6 +836,8 @@ spec:
                               description: |-
                                 Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider
                                 Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
+                                For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
+                                For other MongoDB versions, the issuerURI itself must be unique.
                               type: string
                             requestedScopes:
                               description: |-
diff --git a/helm_chart/crds/mongodb.com_mongodb.yaml b/helm_chart/crds/mongodb.com_mongodb.yaml
@@ -1576,6 +1576,8 @@ spec:
                               description: |-
                                 Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider
                                 Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
+                                For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
+                                For other MongoDB versions, the issuerURI itself must be unique.
                               type: string
                             requestedScopes:
                               description: |-
diff --git a/helm_chart/crds/mongodb.com_mongodbmulticluster.yaml b/helm_chart/crds/mongodb.com_mongodbmulticluster.yaml
@@ -836,6 +836,8 @@ spec:
                               description: |-
                                 Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider
                                 Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
+                                For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
+                                For other MongoDB versions, the issuerURI itself must be unique.
                               type: string
                             requestedScopes:
                               description: |-
diff --git a/public/crds.yaml b/public/crds.yaml
@@ -1576,6 +1576,8 @@ spec:
                               description: |-
                                 Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider
                                 Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
+                                For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
+                                For other MongoDB versions, the issuerURI itself must be unique.
                               type: string
                             requestedScopes:
                               description: |-
@@ -4212,6 +4214,8 @@ spec:
                               description: |-
                                 Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Provider
                                 Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
+                                For MongoDB 7.0, 7.3, and 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
+                                For other MongoDB versions, the issuerURI itself must be unique.
                               type: string
                             requestedScopes:
                               description: |-
