Added extra-scopes to kubeconfig once generated

mintel / dex-k8s-authenticator

A Kubernetes Dex Client Authenticator

MIT License

374 stars 146 forks source link

Added extra-scopes to kubeconfig once generated #82

Closed nickmintel closed 5 years ago

nickmintel commented 5 years ago

Code calls

scopes = append(scopes, "openid", "profile", "email", "offline_access", "groups")

Should add this to the generated kubeconfig as well:

- name: ...
  user:
    auth-provider:
      config:
        client-id: ...
        client-secret: ...
        extra-scopes: openid,profile,email,offline_access,groups

nickmintel commented 5 years ago

Also, probably make these scopes configurable via the config rather than hardcoding them into the template.

nickmintel commented 5 years ago

Not sure this is possible since kubectl ignores extra-scopes anyway...hmm.

https://github.com/kubernetes/kubernetes/blob/8b98e802eddb9f478ff7d991a2f72f60c165388a/staging/src/k8s.io/client-go/plugin/pkg/client/auth/oidc/oidc.go#L126-L129