Open fatsolko opened 3 months ago
I think the main problem is not being able to get groups from Google account. I don't know which scope should work and how to add that scope to the Harbor.
You should set the Group Claim Name
Group Claim Name: The name of a custom group claim that you have configured in your OIDC provider, that includes the groups to add to Harbor.
You should set the
Group Claim Name
Group Claim Name: The name of a custom group claim that you have configured in your OIDC provider, that includes the groups to add to Harbor.
yes, but google does not provide group scope info
for example: there is log when I set Group Claim Name groups
2024-07-10T07:10:23Z [WARNING] [/pkg/oidc/helper.go:394]: Unable to get groups from claims, claims: map[email:some@py.com email_verified:true family_name:some given_name:some hd:py.com name:some picture:https://lh3.googleusercontent.com/a/ACg8ocKi_Ub65nJIOAbVEu3AUSNWpEC7pHeI=s96-c sub:11286363274952], groups claims key: groups
This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.
I think you have three problems:
devops@????
.https://www.googleapis.com/auth/cloud-identity.groups.readonly
This is a real, old issue, is there any expectation to fix it?
I create
OIDC
authentication withGoogle
and add user in Google to groupdevops
After adding group member to project I expected user to have access to project docker. but it doesn't work, I only see the public project UPD: log when I set Group Claim Name groups2024-07-10T07:10:23Z [WARNING] [/pkg/oidc/helper.go:394]: Unable to get groups from claims, claims: map[email:some@py.com email_verified:true family_name:some given_name:some hd:py.com name:some picture:https://lh3.googleusercontent.com/a/ACg8ocKi_Ub65nJIOAbVEu3AUSNWpEC7pHeI=s96-c sub:11286363274952], groups claims key: groups
What am I doing wrong?