Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduced IdentityClaims embedded type to UserSignup.Spec #373

Merged
merged 13 commits into from
Sep 9, 2023
Merged

Introduced IdentityClaims embedded type to UserSignup.Spec #373

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
0d9ef5e
added given name, family name and company
sbryzak Aug 15, 2023
6ba894a
Merge remote-tracking branch 'origin/master' into tokenclaims-type
sbryzak Aug 21, 2023
e89c2c1
regenerated
sbryzak Aug 21, 2023
cff8134
Merge branch 'master' into tokenclaims-type
mfrancisc Aug 23, 2023
ed29c3b
updated
sbryzak Sep 7, 2023
9c61b3e
Merge remote-tracking branch 'fork/tokenclaims-type' into tokenclaims…
sbryzak Sep 7, 2023
eb15fc0
added optional flag
sbryzak Sep 7, 2023
1bf05e3
added optional flags
sbryzak Sep 7, 2023
31eab04
improvement
sbryzak Sep 7, 2023
682336d
make email required
sbryzak Sep 7, 2023
5810511
added username
sbryzak Sep 7, 2023
46f951c
make usernames required
sbryzak Sep 7, 2023
f7d8a3c
moved sub to propagated claims
sbryzak Sep 8, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions api/v1alpha1/masteruserrecord_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,11 @@ type MasterUserRecordSpec struct {
// temporarily marked as optional until the migration took place (CRT-1321)
// +optional
TierName string `json:"tierName,omitempty"`

// PropagatedClaims contains a selection of claim values from the SSO Identity Provider which are intended to
// be "propagated" down the resource dependency chain
// +optional
PropagatedClaims PropagatedClaims `json:"propagatedClaims,omitempty"`
}

type UserAccountEmbedded struct {
Expand Down
5 changes: 5 additions & 0 deletions api/v1alpha1/useraccount_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,11 @@ type UserAccountSpec struct {
// a new IdP provider client, and contains the user's "original-sub" claim
// +optional
OriginalSub string `json:"originalSub,omitempty"`

// PropagatedClaims contains a selection of claim values from the SSO Identity Provider which are intended to
// be "propagated" down the resource dependency chain
// +optional
PropagatedClaims PropagatedClaims `json:"propagatedClaims,omitempty"`
}

// UserAccountStatus defines the observed state of UserAccount
Expand Down
48 changes: 48 additions & 0 deletions api/v1alpha1/usersignup_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,54 @@ type UserSignupSpec struct {
// a new IdP provider client, and contains the user's "original-sub" claim
// +optional
OriginalSub string `json:"originalSub,omitempty"`

// IdentityClaims contains as-is claim values extracted from the user's access token
sbryzak marked this conversation as resolved.
Show resolved Hide resolved
// +optional
IdentityClaims IdentityClaimsEmbedded `json:"identityClaims,omitempty"`
}

// IdentityClaimsEmbedded is used to define a set of SSO claim values that we are interested in storing
// +k8s:openapi-gen=true
type IdentityClaimsEmbedded struct {
sbryzak marked this conversation as resolved.
Show resolved Hide resolved

// PropagatedClaims
sbryzak marked this conversation as resolved.
Show resolved Hide resolved
PropagatedClaims `json:",inline"`

// PreferredUsername contains the user's username
PreferredUsername string `json:"preferredUsername"`

// Email contains the user's email address
Email string `json:"email"`
Comment on lines +215 to +216
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

btw, we do propagate the email as well - I see that in MUR as well as in UserAccount as an annotation - this should be moved to PropagatedClaims


// GivenName contains the value of the 'given_name' claim
// +optional
GivenName string `json:"givenName,omitempty"`

// FamilyName contains the value of the 'family_name' claim
// +optional
FamilyName string `json:"familyName,omitempty"`

// Company contains the value of the 'company' claim
// +optional
Company string `json:"company,omitempty"`
}

type PropagatedClaims struct {
// Sub contains the value of the 'sub' claim
Sub string `json:"sub"`

// UserID contains the value of the 'user_id' claim
sbryzak marked this conversation as resolved.
Show resolved Hide resolved
// +optional
UserID string `json:"userID,omitempty"`

// AccountID contains the value of the 'account_id' claim
sbryzak marked this conversation as resolved.
Show resolved Hide resolved
// +optional
AccountID string `json:"accountID,omitempty"`

// OriginalSub is an optional property temporarily introduced for the purpose of migrating the users to
// a new IdP provider client, and contains the user's "original-sub" claim
// +optional
OriginalSub string `json:"originalSub,omitempty"`
}

// UserSignupStatus defines the observed state of UserSignup
Expand Down
34 changes: 34 additions & 0 deletions api/v1alpha1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

112 changes: 109 additions & 3 deletions api/v1alpha1/zz_generated.openapi.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading