This adds a resource for configuring OIDC for authentication.
The OIDC spec
attributes
are sufficiently different from Active Directory or LDAP methods that it
is a different implementation but still following similar patterns to
other resources in this cookbook.
This biggest challenge I see for users is the handling of the OIDC app
registration "client secret" value. Users should however already have
some method of handling sensitive values, such as chef-vault, Hashicorp
vault or some other method that is expected to be compatible with their
chef usage to provide a dynamic configuration value of chef-client
runtime secrets.
For this reason I have noted in the example code that it is not
recommended to hard code secret values in resource usage.
Pull Request Checklist
Is this in reference to an existing issue?
Yes, #81
General
[X] Update Changelog following the conventions laid out here
[X] Update README with any necessary configuration snippets
[X] Cookstyle (rubocop) passes
[ ] Foodcritic passes
[X] Rspec (unit tests) passes
[X] Inspec (integration tests) passes
New Features
[X] Added a Testing Artifact as either an automated test or a manual artifact on the PR.
[X] Added documentation for it to the README.md
Purpose
Allow configuraiton of OIDC authentication provider with a custom chef resource
This adds a resource for configuring OIDC for authentication.
The OIDC spec attributes are sufficiently different from Active Directory or LDAP methods that it is a different implementation but still following similar patterns to other resources in this cookbook.
This biggest challenge I see for users is the handling of the OIDC app registration "client secret" value. Users should however already have some method of handling sensitive values, such as chef-vault, Hashicorp vault or some other method that is expected to be compatible with their chef usage to provide a dynamic configuration value of chef-client runtime secrets.
For this reason I have noted in the example code that it is not recommended to hard code secret values in resource usage.
Pull Request Checklist
Is this in reference to an existing issue?
Yes, #81
General
[X] Update Changelog following the conventions laid out here
[X] Update README with any necessary configuration snippets
[X] Cookstyle (rubocop) passes
[ ] Foodcritic passes
[X] Rspec (unit tests) passes
[X] Inspec (integration tests) passes
New Features
[X] Added a Testing Artifact as either an automated test or a manual artifact on the PR.
[X] Added documentation for it to the
README.mdPurpose
Allow configuraiton of OIDC authentication provider with a custom chef resource
Known Compatibility Issues
None