search

vmware-archive / gangway

An application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster.
Apache License 2.0
410 stars 113 forks source link

user in kubeconfig and commandline is still email address #125

Closed rendhalver closed 5 years ago

rendhalver commented 5 years ago

followup from #124

i reconfigured our test cluster so it does not set emailClaim in the configmap but the user is still my email address.

This is what the commandline output looks like:

kubectl config set-credentials user@domain.com  \
[snip]
kubectl config set-context APP-Dev --cluster=APP-Dev --user=user@domain.com

The resulting kubeconfig looks the same.

johnharris85 commented 5 years ago

There were some changes to address this (mainly #87 I think) but I think the problem is that if emailClaim is omitted from the config, we always fall back to setting it to email by default here so the new logic is never actually triggered. The test case misses this too because it exercises the logic but skips the creation of the defaults. I think the fix should just be to set the default e-mail value to "" in config.go. Happy to submit a PR if we think that's the right approach. WDYT @alexbrand @stevesloka ?