Skip to content

Commit 337be8c

Browse files
tgrunnagleclaude
tgrunnagle
and
claude
committed
Run task crdref-gen and task operator-manifests
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent aeb1cb4 commit 337be8c

3 files changed

Lines changed: 555 additions & 51 deletions

File tree

deploy/charts/operator-crds/files/crds/toolhive.stacklok.dev_virtualmcpservers.yaml

Lines changed: 256 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1484,6 +1484,68 @@ spec:
14841484
This struct provides type-safe configuration for different authentication strategies
14851485
using HeaderInjection or TokenExchange fields based on the Type field.
14861486
properties:
1487+
awsSts:
1488+
description: |-
1489+
AwsSts contains configuration for AWS STS auth strategy.
1490+
Used when Type = "aws_sts".
1491+
properties:
1492+
fallbackRoleArn:
1493+
description: FallbackRoleArn is the IAM role ARN
1494+
to assume when no role mappings match.
1495+
type: string
1496+
region:
1497+
description: Region is the AWS region for the STS
1498+
endpoint and service.
1499+
type: string
1500+
roleClaim:
1501+
description: RoleClaim is the JWT claim to use for
1502+
role mapping evaluation.
1503+
type: string
1504+
roleMappings:
1505+
description: RoleMappings defines claim-based role
1506+
selection rules.
1507+
items:
1508+
description: |-
1509+
RoleMapping defines a rule for mapping JWT claims to IAM roles.
1510+
Mappings are evaluated in priority order (lower number = higher priority).
1511+
properties:
1512+
claim:
1513+
description: Claim is a simple claim value
1514+
to match against the RoleClaim field.
1515+
type: string
1516+
matcher:
1517+
description: Matcher is a CEL expression for
1518+
complex matching against JWT claims.
1519+
type: string
1520+
priority:
1521+
description: Priority determines evaluation
1522+
order (lower values = higher priority).
1523+
format: int32
1524+
type: integer
1525+
roleArn:
1526+
description: RoleArn is the IAM role ARN to
1527+
assume when this mapping matches.
1528+
type: string
1529+
required:
1530+
- roleArn
1531+
type: object
1532+
type: array
1533+
service:
1534+
description: Service is the AWS service name for
1535+
SigV4 signing.
1536+
type: string
1537+
sessionDuration:
1538+
description: SessionDuration is the duration in
1539+
seconds for the STS session.
1540+
format: int32
1541+
type: integer
1542+
sessionNameClaim:
1543+
description: SessionNameClaim is the JWT claim to
1544+
use for the role session name.
1545+
type: string
1546+
required:
1547+
- region
1548+
type: object
14871549
headerInjection:
14881550
description: |-
14891551
HeaderInjection contains configuration for header injection auth strategy.
@@ -1559,7 +1621,8 @@ spec:
15591621
type: object
15601622
type:
15611623
description: 'Type is the auth strategy: "unauthenticated",
1562-
"header_injection", "token_exchange", "upstream_inject"'
1624+
"header_injection", "token_exchange", "upstream_inject",
1625+
"aws_sts"'
15631626
type: string
15641627
upstreamInject:
15651628
description: |-
@@ -1583,6 +1646,68 @@ spec:
15831646
description: Default is the default auth strategy for backends
15841647
without explicit config.
15851648
properties:
1649+
awsSts:
1650+
description: |-
1651+
AwsSts contains configuration for AWS STS auth strategy.
1652+
Used when Type = "aws_sts".
1653+
properties:
1654+
fallbackRoleArn:
1655+
description: FallbackRoleArn is the IAM role ARN to
1656+
assume when no role mappings match.
1657+
type: string
1658+
region:
1659+
description: Region is the AWS region for the STS
1660+
endpoint and service.
1661+
type: string
1662+
roleClaim:
1663+
description: RoleClaim is the JWT claim to use for
1664+
role mapping evaluation.
1665+
type: string
1666+
roleMappings:
1667+
description: RoleMappings defines claim-based role
1668+
selection rules.
1669+
items:
1670+
description: |-
1671+
RoleMapping defines a rule for mapping JWT claims to IAM roles.
1672+
Mappings are evaluated in priority order (lower number = higher priority).
1673+
properties:
1674+
claim:
1675+
description: Claim is a simple claim value to
1676+
match against the RoleClaim field.
1677+
type: string
1678+
matcher:
1679+
description: Matcher is a CEL expression for
1680+
complex matching against JWT claims.
1681+
type: string
1682+
priority:
1683+
description: Priority determines evaluation
1684+
order (lower values = higher priority).
1685+
format: int32
1686+
type: integer
1687+
roleArn:
1688+
description: RoleArn is the IAM role ARN to
1689+
assume when this mapping matches.
1690+
type: string
1691+
required:
1692+
- roleArn
1693+
type: object
1694+
type: array
1695+
service:
1696+
description: Service is the AWS service name for SigV4
1697+
signing.
1698+
type: string
1699+
sessionDuration:
1700+
description: SessionDuration is the duration in seconds
1701+
for the STS session.
1702+
format: int32
1703+
type: integer
1704+
sessionNameClaim:
1705+
description: SessionNameClaim is the JWT claim to
1706+
use for the role session name.
1707+
type: string
1708+
required:
1709+
- region
1710+
type: object
15861711
headerInjection:
15871712
description: |-
15881713
HeaderInjection contains configuration for header injection auth strategy.
@@ -1658,7 +1783,8 @@ spec:
16581783
type: object
16591784
type:
16601785
description: 'Type is the auth strategy: "unauthenticated",
1661-
"header_injection", "token_exchange", "upstream_inject"'
1786+
"header_injection", "token_exchange", "upstream_inject",
1787+
"aws_sts"'
16621788
type: string
16631789
upstreamInject:
16641790
description: |-
@@ -3771,6 +3897,68 @@ spec:
37713897
This struct provides type-safe configuration for different authentication strategies
37723898
using HeaderInjection or TokenExchange fields based on the Type field.
37733899
properties:
3900+
awsSts:
3901+
description: |-
3902+
AwsSts contains configuration for AWS STS auth strategy.
3903+
Used when Type = "aws_sts".
3904+
properties:
3905+
fallbackRoleArn:
3906+
description: FallbackRoleArn is the IAM role ARN
3907+
to assume when no role mappings match.
3908+
type: string
3909+
region:
3910+
description: Region is the AWS region for the STS
3911+
endpoint and service.
3912+
type: string
3913+
roleClaim:
3914+
description: RoleClaim is the JWT claim to use for
3915+
role mapping evaluation.
3916+
type: string
3917+
roleMappings:
3918+
description: RoleMappings defines claim-based role
3919+
selection rules.
3920+
items:
3921+
description: |-
3922+
RoleMapping defines a rule for mapping JWT claims to IAM roles.
3923+
Mappings are evaluated in priority order (lower number = higher priority).
3924+
properties:
3925+
claim:
3926+
description: Claim is a simple claim value
3927+
to match against the RoleClaim field.
3928+
type: string
3929+
matcher:
3930+
description: Matcher is a CEL expression for
3931+
complex matching against JWT claims.
3932+
type: string
3933+
priority:
3934+
description: Priority determines evaluation
3935+
order (lower values = higher priority).
3936+
format: int32
3937+
type: integer
3938+
roleArn:
3939+
description: RoleArn is the IAM role ARN to
3940+
assume when this mapping matches.
3941+
type: string
3942+
required:
3943+
- roleArn
3944+
type: object
3945+
type: array
3946+
service:
3947+
description: Service is the AWS service name for
3948+
SigV4 signing.
3949+
type: string
3950+
sessionDuration:
3951+
description: SessionDuration is the duration in
3952+
seconds for the STS session.
3953+
format: int32
3954+
type: integer
3955+
sessionNameClaim:
3956+
description: SessionNameClaim is the JWT claim to
3957+
use for the role session name.
3958+
type: string
3959+
required:
3960+
- region
3961+
type: object
37743962
headerInjection:
37753963
description: |-
37763964
HeaderInjection contains configuration for header injection auth strategy.
@@ -3846,7 +4034,8 @@ spec:
38464034
type: object
38474035
type:
38484036
description: 'Type is the auth strategy: "unauthenticated",
3849-
"header_injection", "token_exchange", "upstream_inject"'
4037+
"header_injection", "token_exchange", "upstream_inject",
4038+
"aws_sts"'
38504039
type: string
38514040
upstreamInject:
38524041
description: |-
@@ -3870,6 +4059,68 @@ spec:
38704059
description: Default is the default auth strategy for backends
38714060
without explicit config.
38724061
properties:
4062+
awsSts:
4063+
description: |-
4064+
AwsSts contains configuration for AWS STS auth strategy.
4065+
Used when Type = "aws_sts".
4066+
properties:
4067+
fallbackRoleArn:
4068+
description: FallbackRoleArn is the IAM role ARN to
4069+
assume when no role mappings match.
4070+
type: string
4071+
region:
4072+
description: Region is the AWS region for the STS
4073+
endpoint and service.
4074+
type: string
4075+
roleClaim:
4076+
description: RoleClaim is the JWT claim to use for
4077+
role mapping evaluation.
4078+
type: string
4079+
roleMappings:
4080+
description: RoleMappings defines claim-based role
4081+
selection rules.
4082+
items:
4083+
description: |-
4084+
RoleMapping defines a rule for mapping JWT claims to IAM roles.
4085+
Mappings are evaluated in priority order (lower number = higher priority).
4086+
properties:
4087+
claim:
4088+
description: Claim is a simple claim value to
4089+
match against the RoleClaim field.
4090+
type: string
4091+
matcher:
4092+
description: Matcher is a CEL expression for
4093+
complex matching against JWT claims.
4094+
type: string
4095+
priority:
4096+
description: Priority determines evaluation
4097+
order (lower values = higher priority).
4098+
format: int32
4099+
type: integer
4100+
roleArn:
4101+
description: RoleArn is the IAM role ARN to
4102+
assume when this mapping matches.
4103+
type: string
4104+
required:
4105+
- roleArn
4106+
type: object
4107+
type: array
4108+
service:
4109+
description: Service is the AWS service name for SigV4
4110+
signing.
4111+
type: string
4112+
sessionDuration:
4113+
description: SessionDuration is the duration in seconds
4114+
for the STS session.
4115+
format: int32
4116+
type: integer
4117+
sessionNameClaim:
4118+
description: SessionNameClaim is the JWT claim to
4119+
use for the role session name.
4120+
type: string
4121+
required:
4122+
- region
4123+
type: object
38734124
headerInjection:
38744125
description: |-
38754126
HeaderInjection contains configuration for header injection auth strategy.
@@ -3945,7 +4196,8 @@ spec:
39454196
type: object
39464197
type:
39474198
description: 'Type is the auth strategy: "unauthenticated",
3948-
"header_injection", "token_exchange", "upstream_inject"'
4199+
"header_injection", "token_exchange", "upstream_inject",
4200+
"aws_sts"'
39494201
type: string
39504202
upstreamInject:
39514203
description: |-

0 commit comments

Comments
 (0)