search

globallogicuki / provider-harbor

Crossplane provider for Harbor based on terraform-provider-harbor
Apache License 2.0
2 stars 1 forks source link

Configuring ConfigAuth for OIDC does not work #3

Open tschlaepfer opened 3 months ago

tschlaepfer commented 3 months ago

Hi All, thanks for creating the provider.

When I was testing the provider I noticed that the ConfigAuth is not working if you apply it in the oidc_auth mode. I apply my the Kubernetes manifests with ArgoCD, which returns the health status as displayed in the screenshot below.

image

Comparing the "Desired" and "Live" manifest I noticed that for some reason in the live manifest the following three LDAP configurations where automatically added, causing the error. 

- ldapGroupMembership: memberof
- ldapGroupScope: subtree
- ldapScope: subtree

Here some screenshots of the desired and live manifests from ArgoCD. image image

lornest commented 3 months ago

Hey @tschlaepfer. Thanks for raising the issue. Let me take a look at this and get back to you.

tschlaepfer commented 3 months ago

@lornest Today I had a quick look at the Terraform provider for Harbor and I think I found the root cause of this issue. In the provider, default values are set for the three LDAP parameters in the config_auth resource. https://github.com/goharbor/terraform-provider-harbor/blob/main/provider/resource_config_auth.go

lornest commented 3 months ago

Thanks @tschlaepfer - will keep an eye on the issue on the TF provider and react accordingly!