Merge pull request #9101 from reasonerjt/oidc-groups-config

Add groups claim to OIDC configuration
This commit is contained in:
stonezdj(Daojun Zhang) 2019-09-17 10:38:43 +08:00 committed by GitHub
commit 0aa51a568d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 7 additions and 0 deletions

View File

@ -143,6 +143,7 @@ var (
{Name: common.OIDCEndpoint, Scope: UserScope, Group: OIDCGroup, ItemType: &StringType{}}, {Name: common.OIDCEndpoint, Scope: UserScope, Group: OIDCGroup, ItemType: &StringType{}},
{Name: common.OIDCCLientID, Scope: UserScope, Group: OIDCGroup, ItemType: &StringType{}}, {Name: common.OIDCCLientID, Scope: UserScope, Group: OIDCGroup, ItemType: &StringType{}},
{Name: common.OIDCClientSecret, Scope: UserScope, Group: OIDCGroup, ItemType: &PasswordType{}}, {Name: common.OIDCClientSecret, Scope: UserScope, Group: OIDCGroup, ItemType: &PasswordType{}},
{Name: common.OIDCGroupsClaim, Scope: UserScope, Group: OIDCGroup, ItemType: &StringType{}},
{Name: common.OIDCScope, Scope: UserScope, Group: OIDCGroup, ItemType: &StringType{}}, {Name: common.OIDCScope, Scope: UserScope, Group: OIDCGroup, ItemType: &StringType{}},
{Name: common.OIDCVerifyCert, Scope: UserScope, Group: OIDCGroup, DefaultValue: "true", ItemType: &BoolType{}}, {Name: common.OIDCVerifyCert, Scope: UserScope, Group: OIDCGroup, DefaultValue: "true", ItemType: &BoolType{}},

View File

@ -109,6 +109,7 @@ const (
OIDCCLientID = "oidc_client_id" OIDCCLientID = "oidc_client_id"
OIDCClientSecret = "oidc_client_secret" OIDCClientSecret = "oidc_client_secret"
OIDCVerifyCert = "oidc_verify_cert" OIDCVerifyCert = "oidc_verify_cert"
OIDCGroupsClaim = "oidc_groups_claim"
OIDCScope = "oidc_scope" OIDCScope = "oidc_scope"
DefaultClairEndpoint = "http://clair:6060" DefaultClairEndpoint = "http://clair:6060"

View File

@ -82,6 +82,7 @@ type OIDCSetting struct {
VerifyCert bool `json:"verify_cert"` VerifyCert bool `json:"verify_cert"`
ClientID string `json:"client_id"` ClientID string `json:"client_id"`
ClientSecret string `json:"client_secret"` ClientSecret string `json:"client_secret"`
GroupsClaim string `json:"groups_claim"`
RedirectURL string `json:"redirect_url"` RedirectURL string `json:"redirect_url"`
Scope []string `json:"scope"` Scope []string `json:"scope"`
} }

View File

@ -512,6 +512,7 @@ func OIDCSetting() (*models.OIDCSetting, error) {
VerifyCert: cfgMgr.Get(common.OIDCVerifyCert).GetBool(), VerifyCert: cfgMgr.Get(common.OIDCVerifyCert).GetBool(),
ClientID: cfgMgr.Get(common.OIDCCLientID).GetString(), ClientID: cfgMgr.Get(common.OIDCCLientID).GetString(),
ClientSecret: cfgMgr.Get(common.OIDCClientSecret).GetString(), ClientSecret: cfgMgr.Get(common.OIDCClientSecret).GetString(),
GroupsClaim: cfgMgr.Get(common.OIDCGroupsClaim).GetString(),
RedirectURL: extEndpoint + common.OIDCCallbackPath, RedirectURL: extEndpoint + common.OIDCCallbackPath,
Scope: scope, Scope: scope,
}, nil }, nil

View File

@ -253,6 +253,7 @@ func TestOIDCSetting(t *testing.T) {
common.OIDCEndpoint: "https://oidc.test", common.OIDCEndpoint: "https://oidc.test",
common.OIDCVerifyCert: "true", common.OIDCVerifyCert: "true",
common.OIDCScope: "openid, profile", common.OIDCScope: "openid, profile",
common.OIDCGroupsClaim: "my_group",
common.OIDCCLientID: "client", common.OIDCCLientID: "client",
common.OIDCClientSecret: "secret", common.OIDCClientSecret: "secret",
common.ExtEndpoint: "https://harbor.test", common.ExtEndpoint: "https://harbor.test",
@ -263,6 +264,7 @@ func TestOIDCSetting(t *testing.T) {
assert.Equal(t, "test", v.Name) assert.Equal(t, "test", v.Name)
assert.Equal(t, "https://oidc.test", v.Endpoint) assert.Equal(t, "https://oidc.test", v.Endpoint)
assert.True(t, v.VerifyCert) assert.True(t, v.VerifyCert)
assert.Equal(t, "my_group", v.GroupsClaim)
assert.Equal(t, "client", v.ClientID) assert.Equal(t, "client", v.ClientID)
assert.Equal(t, "secret", v.ClientSecret) assert.Equal(t, "secret", v.ClientSecret)
assert.Equal(t, "https://harbor.test/c/oidc/callback", v.RedirectURL) assert.Equal(t, "https://harbor.test/c/oidc/callback", v.RedirectURL)

View File

@ -112,6 +112,7 @@ func TestConfigCtxModifier(t *testing.T) {
common.OIDCEndpoint: "https://accounts.google.com", common.OIDCEndpoint: "https://accounts.google.com",
common.OIDCVerifyCert: "true", common.OIDCVerifyCert: "true",
common.OIDCScope: "openid, profile, offline_access", common.OIDCScope: "openid, profile, offline_access",
common.OIDCGroupsClaim: "groups",
common.OIDCCLientID: "client", common.OIDCCLientID: "client",
common.OIDCClientSecret: "secret", common.OIDCClientSecret: "secret",
common.ExtEndpoint: "https://harbor.test", common.ExtEndpoint: "https://harbor.test",