open-feature
diff --git a/‎api/core/v1beta1/featureflagsource_types.go‎
Lines changed: 39 additions & 0 deletions b/‎api/core/v1beta1/featureflagsource_types.go‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎api/core/v1beta1/featureflagsource_types_test.go‎
Lines changed: 40 additions & 0 deletions b/‎api/core/v1beta1/featureflagsource_types_test.go‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎api/core/v1beta1/zz_generated.deepcopy.go‎
Lines changed: 19 additions & 0 deletions b/‎api/core/v1beta1/zz_generated.deepcopy.go‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎chart/open-feature-operator/README.md‎
Lines changed: 3 additions & 3 deletions b/‎chart/open-feature-operator/README.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎chart/open-feature-operator/values.yaml‎
Lines changed: 3 additions & 3 deletions b/‎chart/open-feature-operator/values.yaml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎config/crd/bases/core.openfeature.dev_featureflagsources.yaml‎
Lines changed: 24 additions & 0 deletions b/‎config/crd/bases/core.openfeature.dev_featureflagsources.yaml‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎docs/crds.md‎
Lines changed: 31 additions & 0 deletions b/‎docs/crds.md‎
Lines changed: 31 additions & 0 deletions
diff --git a/‎internal/common/flagdinjector/flagdinjector.go‎
Lines changed: 53 additions & 0 deletions b/‎internal/common/flagdinjector/flagdinjector.go‎
Lines changed: 53 additions & 0 deletions
@@ -93,6 +93,23 @@ type FeatureFlagSourceSpec struct {
 	// Resources defines flagd sidecar resources. Default to operator sidecar-cpu-* and sidecar-ram-* flags.
 	// +optional
 	Resources corev1.ResourceRequirements `json:"resources"`
+
+	// ContextValues are static key-value pairs added to the flagd evaluation context
+	// +optional
+	ContextValues map[string]string `json:"contextValues,omitempty"`
+
+	// HeaderToContextMappings map HTTP header names to evaluation context keys
+	// +optional
+	HeaderToContextMappings map[string]string `json:"headerToContextMappings,omitempty"`
+
+	// CORS defines the allowed CORS origins for the flagd OFREP endpoint
+	// +optional
+	CORS []string `json:"cors,omitempty"`
+
+	// OFREPPort defines the port for the OFREP service, defaults to 8016
+	// +optional
+	// +kubebuilder:default:=8016
+	OFREPPort int32 `json:"ofrepPort"`
 }
 
 type Source struct {
@@ -224,6 +241,28 @@ func (fc *FeatureFlagSourceSpec) Merge(new *FeatureFlagSourceSpec) {
 			fc.Resources.Limits[k] = v
 		}
 	}
+	if len(new.ContextValues) != 0 {
+		if fc.ContextValues == nil {
+			fc.ContextValues = map[string]string{}
+		}
+		for k, v := range new.ContextValues {
+			fc.ContextValues[k] = v
+		}
+	}
+	if len(new.HeaderToContextMappings) != 0 {
+		if fc.HeaderToContextMappings == nil {
+			fc.HeaderToContextMappings = map[string]string{}
+		}
+		for k, v := range new.HeaderToContextMappings {
+			fc.HeaderToContextMappings[k] = v
+		}
+	}
+	if len(new.CORS) != 0 {
+		fc.CORS = new.CORS
+	}
+	if new.OFREPPort != 0 {
+		fc.OFREPPort = new.OFREPPort
+	}
 }
 
 func (fc *FeatureFlagSourceSpec) decorateEnvVarName(original string) string {
 
@@ -50,6 +50,14 @@ func Test_FLagSourceConfiguration_Merge(t *testing.T) {
 					v1.ResourceCPU: resource.MustParse("100m"),
 				},
 			},
+			ContextValues: map[string]string{
+				"env": "staging",
+			},
+			HeaderToContextMappings: map[string]string{
+				"X-Tenant": "tenant",
+			},
+			CORS:      []string{"http://localhost:3000"},
+			OFREPPort: 8016,
 		},
 	}
 
@@ -95,6 +103,14 @@ func Test_FLagSourceConfiguration_Merge(t *testing.T) {
 					v1.ResourceCPU: resource.MustParse("100m"),
 				},
 			},
+			ContextValues: map[string]string{
+				"env": "staging",
+			},
+			HeaderToContextMappings: map[string]string{
+				"X-Tenant": "tenant",
+			},
+			CORS:      []string{"http://localhost:3000"},
+			OFREPPort: 8016,
 		},
 	}, ff_old)
 
@@ -133,6 +149,16 @@ func Test_FLagSourceConfiguration_Merge(t *testing.T) {
 					v1.ResourceCPU: resource.MustParse("200m"),
 				},
 			},
+			ContextValues: map[string]string{
+				"env":    "production",
+				"region": "us-east-1",
+			},
+			HeaderToContextMappings: map[string]string{
+				"X-Tenant": "tenant-override",
+				"X-Region": "region",
+			},
+			CORS:      []string{"https://app.example.com", "https://admin.example.com"},
+			OFREPPort: 9090,
 		},
 	}
 
@@ -184,6 +210,20 @@ func Test_FLagSourceConfiguration_Merge(t *testing.T) {
 		Name:  "env4",
 		Value: "val4",
 	})
+
+	// context values are merged additively, with new overriding old
+	require.Equal(t, "production", ff_old.Spec.ContextValues["env"])
+	require.Equal(t, "us-east-1", ff_old.Spec.ContextValues["region"])
+
+	// header mappings are merged additively, with new overriding old
+	require.Equal(t, "tenant-override", ff_old.Spec.HeaderToContextMappings["X-Tenant"])
+	require.Equal(t, "region", ff_old.Spec.HeaderToContextMappings["X-Region"])
+
+	// CORS is replaced entirely
+	require.Equal(t, []string{"https://app.example.com", "https://admin.example.com"}, ff_old.Spec.CORS)
+
+	// OFREPPort is overridden
+	require.Equal(t, int32(9090), ff_old.Spec.OFREPPort)
 }
 
 func Test_FLagSourceConfiguration_ToEnvVars(t *testing.T) {
 
@@ -123,7 +123,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `sidecarConfiguration.managementPort`            | Sets the value of the `XXX_MANAGEMENT_PORT` environment variable for the injected sidecar.                                                                                                                                                                  | `8014`                       |
 | `sidecarConfiguration.socketPath`                | Sets the value of the `XXX_SOCKET_PATH` environment variable for the injected sidecar.                                                                                                                                                                      | `""`                         |
 | `sidecarConfiguration.image.repository`          | Sets the image for the injected sidecar.                                                                                                                                                                                                                    | `ghcr.io/open-feature/flagd` |
-| `sidecarConfiguration.image.tag`                 | Sets the version tag for the injected sidecar.                                                                                                                                                                                                              | `v0.12.4`                    |
+| `sidecarConfiguration.image.tag`                 | Sets the version tag for the injected sidecar.                                                                                                                                                                                                              | `v0.15.2`                    |
 | `sidecarConfiguration.providerArgs`              | Used to append arguments to the sidecar startup command. This value is a comma separated string of key values separated by '=', e.g. `key=value,key2=value2` results in the appending of `--sync-provider-args key=value --sync-provider-args key2=value2`. | `""`                         |
 | `sidecarConfiguration.envVarPrefix`              | Sets the prefix for all environment variables set in the injected sidecar.                                                                                                                                                                                  | `FLAGD`                      |
 | `sidecarConfiguration.defaultSyncProvider`       | Sets the value of the `XXX_SYNC_PROVIDER` environment variable for the injected sidecar container. There are 4 valid sync providers: `kubernetes`, `grpc`, `file` and `http`.                                                                               | `kubernetes`                 |
@@ -159,7 +159,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `flagdProxyConfiguration.port`             | Sets the port to expose the sync API on.                                        | `8015`                             |
 | `flagdProxyConfiguration.managementPort`   | Sets the port to expose the management API on.                                  | `8016`                             |
 | `flagdProxyConfiguration.image.repository` | Sets the image for the flagd-proxy deployment.                                  | `ghcr.io/open-feature/flagd-proxy` |
-| `flagdProxyConfiguration.image.tag`        | Sets the tag for the flagd-proxy deployment.                                    | `v0.7.4`                           |
+| `flagdProxyConfiguration.image.tag`        | Sets the tag for the flagd-proxy deployment.                                    | `v0.9.4`                           |
 | `flagdProxyConfiguration.debugLogging`     | Controls the addition of the `--debug` flag to the container startup arguments. | `false`                            |
 
 ### Flagd configuration
@@ -171,7 +171,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `flagdConfiguration.syncPort`         | Sets the port to expose the sync API on.                                        | `8015`                       |
 | `flagdConfiguration.managementPort`   | Sets the port to expose the management API on.                                  | `8014`                       |
 | `flagdConfiguration.image.repository` | Sets the image for the flagd deployment.                                        | `ghcr.io/open-feature/flagd` |
-| `flagdConfiguration.image.tag`        | Sets the tag for the flagd deployment.                                          | `v0.12.4`                    |
+| `flagdConfiguration.image.tag`        | Sets the tag for the flagd deployment.                                          | `v0.15.2`                    |
 | `flagdConfiguration.debugLogging`     | Controls the addition of the `--debug` flag to the container startup arguments. | `false`                      |
 
 ### Operator resource configuration
 
@@ -37,7 +37,7 @@ sidecarConfiguration:
     ## @param sidecarConfiguration.image.repository Sets the image for the injected sidecar.
     repository: "ghcr.io/open-feature/flagd"
     ## @param sidecarConfiguration.image.tag Sets the version tag for the injected sidecar.
-    tag: v0.12.4
+    tag: v0.15.2
   ## @param sidecarConfiguration.providerArgs Used to append arguments to the sidecar startup command. This value is a comma separated string of key values separated by '=', e.g. `key=value,key2=value2` results in the appending of `--sync-provider-args key=value --sync-provider-args key2=value2`.
   providerArgs: ""
   ## @param sidecarConfiguration.envVarPrefix Sets the prefix for all environment variables set in the injected sidecar.
@@ -100,7 +100,7 @@ flagdProxyConfiguration:
     ## @param flagdProxyConfiguration.image.repository Sets the image for the flagd-proxy deployment.
     repository: "ghcr.io/open-feature/flagd-proxy"
     ## @param flagdProxyConfiguration.image.tag Sets the tag for the flagd-proxy deployment.
-    tag: v0.7.4
+    tag: v0.9.4
   ## @param flagdProxyConfiguration.debugLogging Controls the addition of the `--debug` flag to the container startup arguments.
   debugLogging: false
 
@@ -118,7 +118,7 @@ flagdConfiguration:
     ## @param flagdConfiguration.image.repository Sets the image for the flagd deployment.
     repository: "ghcr.io/open-feature/flagd"
     ## @param flagdConfiguration.image.tag Sets the tag for the flagd deployment.
-    tag: v0.12.4
+    tag: v0.15.2
   ## @param flagdConfiguration.debugLogging Controls the addition of the `--debug` flag to the container startup arguments.
   debugLogging: false
 
 
@@ -41,6 +41,18 @@ spec:
           spec:
             description: FeatureFlagSourceSpec defines the desired state of FeatureFlagSource
             properties:
+              contextValues:
+                additionalProperties:
+                  type: string
+                description: ContextValues are static key-value pairs added to the
+                  flagd evaluation context
+                type: object
+              cors:
+                description: CORS defines the allowed CORS origins for the flagd OFREP
+                  endpoint
+                items:
+                  type: string
+                type: array
               debugLogging:
                 description: DebugLogging defines whether to enable --debug flag of
                   flagd sidecar. Default false (disabled).
@@ -177,6 +189,12 @@ spec:
                 default: json
                 description: Evaluator sets an evaluator, defaults to 'json'
                 type: string
+              headerToContextMappings:
+                additionalProperties:
+                  type: string
+                description: HeaderToContextMappings map HTTP header names to evaluation
+                  context keys
+                type: object
               logFormat:
                 default: json
                 description: LogFormat allows for the sidecar log format to be overridden,
@@ -188,6 +206,12 @@ spec:
                   defaults to 8014
                 format: int32
                 type: integer
+              ofrepPort:
+                default: 8016
+                description: OFREPPort defines the port for the OFREP service, defaults
+                  to 8016
+                format: int32
+                type: integer
               otelCollectorUri:
                 description: OtelCollectorUri defines whether to enable --otel-collector-uri
                   flag of flagd sidecar. Default false (disabled).
 
@@ -276,6 +276,20 @@ FeatureFlagSourceSpec defines the desired state of FeatureFlagSource
           SyncProviders define the syncProviders and associated configuration to be applied to the sidecar<br/>
         </td>
         <td>true</td>
+      </tr><tr>
+        <td><b>contextValues</b></td>
+        <td>map[string]string</td>
+        <td>
+          ContextValues are static key-value pairs added to the flagd evaluation context<br/>
+        </td>
+        <td>false</td>
+      </tr><tr>
+        <td><b>cors</b></td>
+        <td>[]string</td>
+        <td>
+          CORS defines the allowed CORS origins for the flagd OFREP endpoint<br/>
+        </td>
+        <td>false</td>
       </tr><tr>
         <td><b>debugLogging</b></td>
         <td>boolean</td>
@@ -316,6 +330,13 @@ are added at the lowest index, all values will have the EnvVarPrefix applied, de
             <i>Default</i>: json<br/>
         </td>
         <td>false</td>
+      </tr><tr>
+        <td><b>headerToContextMappings</b></td>
+        <td>map[string]string</td>
+        <td>
+          HeaderToContextMappings map HTTP header names to evaluation context keys<br/>
+        </td>
+        <td>false</td>
       </tr><tr>
         <td><b>logFormat</b></td>
         <td>string</td>
@@ -335,6 +356,16 @@ are added at the lowest index, all values will have the EnvVarPrefix applied, de
             <i>Default</i>: 8014<br/>
         </td>
         <td>false</td>
+      </tr><tr>
+        <td><b>ofrepPort</b></td>
+        <td>integer</td>
+        <td>
+          OFREPPort defines the port for the OFREP service, defaults to 8016<br/>
+          <br/>
+            <i>Format</i>: int32<br/>
+            <i>Default</i>: 8016<br/>
+        </td>
+        <td>false</td>
       </tr><tr>
         <td><b>otelCollectorUri</b></td>
         <td>string</td>
 
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"sort"
 	"time"
 
 	"github.com/go-logr/logr"
@@ -109,6 +110,58 @@ func (fi *FlagdContainerInjector) InjectFlagd(
 		)
 	}
 
+	// set --context-value flags for static context values
+	if len(flagSourceConfig.ContextValues) > 0 {
+		// sort keys for deterministic arg order
+		keys := make([]string, 0, len(flagSourceConfig.ContextValues))
+		for k := range flagSourceConfig.ContextValues {
+			keys = append(keys, k)
+		}
+		sort.Strings(keys)
+		for _, k := range keys {
+			flagdContainer.Args = append(
+				flagdContainer.Args,
+				"--context-value",
+				fmt.Sprintf("%s=%s", k, flagSourceConfig.ContextValues[k]),
+			)
+		}
+	}
+
+	// set --context-from-header flags for header-to-context mappings
+	if len(flagSourceConfig.HeaderToContextMappings) > 0 {
+		// sort keys for deterministic arg order
+		keys := make([]string, 0, len(flagSourceConfig.HeaderToContextMappings))
+		for k := range flagSourceConfig.HeaderToContextMappings {
+			keys = append(keys, k)
+		}
+		sort.Strings(keys)
+		for _, k := range keys {
+			flagdContainer.Args = append(
+				flagdContainer.Args,
+				"--context-from-header",
+				fmt.Sprintf("%s=%s", k, flagSourceConfig.HeaderToContextMappings[k]),
+			)
+		}
+	}
+
+	// set --cors-origin flags for CORS allowed origins
+	for _, origin := range flagSourceConfig.CORS {
+		flagdContainer.Args = append(
+			flagdContainer.Args,
+			"--cors-origin",
+			origin,
+		)
+	}
+
+	// set --ofrep-port flag if non-default
+	if flagSourceConfig.OFREPPort != 0 {
+		flagdContainer.Args = append(
+			flagdContainer.Args,
+			"--ofrep-port",
+			fmt.Sprintf("%d", flagSourceConfig.OFREPPort),
+		)
+	}
+
 	if len(flagSourceConfig.Resources.Requests) != 0 {
 		flagdContainer.Resources.Requests = flagSourceConfig.Resources.Requests
 	}