search

DoD-Platform-One / bigbang

BigBang the product
https://repo1.dso.mil/big-bang/bigbang
Apache License 2.0
163 stars 66 forks source link

Configure users based on Keycloak group membership #19

Closed p1-repo-sync-bot[bot] closed 8 months ago

p1-repo-sync-bot[bot] commented 9 months ago

Feature Request

Why

We wanted to configure Gitlab users based on the Keycloak group. Based on Gitlab doc (https://docs.gitlab.com/ee/administration/auth/oidc.html?tab=Linux+package+%28Omnibus%29#administrator-groups), we have to configure Gitlab to identify what to look for in the Keycloak response. This is currently set as the secret (https://repo1.dso.mil/big-bang/bigbang/-/blob/2.1.0/chart/templates/gitlab/secret-sso.yaml?ref_type=tags#L33) in Bigbang, but it does not have the capability as of now. Request to provide the option to add additional config to the secret. Example below:

name: "openid_connect",
label: "Provider name",
args: {
  name: "openid_connect",
  scope: ["openid","profile","email"],
  response_type: "code",
  issuer: "<your_oidc_url>",
  discovery: true,
  client_auth_method: "query",
  uid_field: "<uid_field>",
  client_options: {
    identifier: "<your_oidc_client_id>",
    secret: "<your_oidc_client_secret>",
    redirect_uri: "<your_gitlab_url>/users/auth/openid_connect/callback",
    gitlab: {
      groups_attribute: "groups",
      admin_groups: ["Admin"]
    }
  }
}

}

Provide any steps possible used to reproduce the error (ideally in an isolated fashion).

BigBang Version

What version of BigBang were you running? BB 2.1.0

This can be retrieved multiple ways:

# via helm
helm ls -n bigbang

# via the deployed umbrella git tag
kubectl get gitrepository -n bigbang

## Proposed Solution

Request to provide the option to add additional config to the secret

    gitlab: {
      groups_attribute: "groups",
      admin_groups: ["Admin"]
    }


If your proposed solution _changes_ the existing behavior of a feature, please outline why your approach is recommended/better.
p1-repo-sync-bot[bot] commented 8 months ago

Issue 'Configure users based on Keycloak group membership' closed from GitLab side

p1-repo-sync-bot[bot] commented 8 months ago

ortiz.jacob commented:

duplicate of https://repo1.dso.mil/big-bang/product/packages/gitlab/-/issues/225, tracking in gitlab repo.