Update clustermanager API spec for auto approval identities

Signed-off-by: “Jeffrey <[email protected]>

operator/v1/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml

@@ -216,6 +216,34 @@ spec:
                 description: RegistrationConfiguration contains the configuration
                   of registration
                 properties:
+                  autoApprovalIdentities:
+                    description: |-
+                      AutoApprovalIdentities represent the list of approved identities which is used to whitelist certain identities to join with the hub cluster
+                      An ApprovedIdentities contains details of the driver type (csr, awsirsa) and a list of identities to whitelist.
+                    items:
+                      properties:
+                        driver:
+                          description: Type of authentication used for specific set
+                            of identities to whitelist. Possible values are csr and
+                            awsirsa.
+                          enum:
+                          - csr
+                          - awsirsa
+                          type: string
+                        identities:
+                          description: |-
+                            Identities represent a list of users in which we will allow to join with hub cluster
+                            Example - arn:eks:us-west-2:12345678910:cluster/hub-cluster1
+                            Example - arn:eks:*:*:cluster/*
+                          items:
+                            pattern: ^arn:aws:eks:([a-zA-Z0-9-]+|\*):(\d{12}|\*):cluster/([a-zA-Z0-9-]+|\*)$
+                            type: string
+                          type: array
+                      type: object
+                    type: array
+                    x-kubernetes-list-map-keys:
+                    - driver
+                    x-kubernetes-list-type: map
                   autoApproveUsers:
                     description: |-
                       AutoApproveUser represents a list of users that can auto approve CSR and accept client. If the credential of the

operator/v1/types_clustermanager.go

@@ -115,6 +115,13 @@ type RegistrationHubConfiguration struct {
 	// +listType=map
 	// +listMapKey=authType
 	RegistrationDrivers []RegistrationDriverHub `json:"registrationDrivers,omitempty"`
+
+	// AutoApprovalIdentities represent the list of approved identities which is used to whitelist certain identities to join with the hub cluster
+	// An ApprovedIdentities contains details of the driver type (csr, awsirsa) and a list of identities to whitelist.
+	// +optional
+	// +listType=map
+	// +listMapKey=driver
+	AutoApprovalIdentities []ApprovedIdentities `json:"autoApprovalIdentities,omitempty"`
 }
 
 type RegistrationDriverHub struct {
@@ -132,6 +139,20 @@ type RegistrationDriverHub struct {
 	HubClusterArn string `json:"hubClusterArn,omitempty"`
 }
 
+type ApprovedIdentities struct {
+	// Type of authentication used for specific set of identities to whitelist. Possible values are csr and awsirsa.
+	// +required
+	// +kubebuilder:validation:Enum=csr;awsirsa
+	Driver string `json:"driver,omitempty"`
+
+	// Identities represent a list of users in which we will allow to join with hub cluster
+	// Example - arn:eks:us-west-2:12345678910:cluster/hub-cluster1
+	// Example - arn:eks:*:*:cluster/*
+	// +optional
+	// +kubebuilder:validation:items:Pattern=`^arn:aws:eks:([a-zA-Z0-9-]+|\*):(\d{12}|\*):cluster/([a-zA-Z0-9-]+|\*)$`
+	Identities []string `json:"identities,omitempty"`
+}
+
 type WorkConfiguration struct {
 	// FeatureGates represents the list of feature gates for work
 	// If it is set empty, default feature gates will be used.