From 7f09e88ceb71c07cdaea3a957c977017fe1d3c8b Mon Sep 17 00:00:00 2001 From: Shane Bryzak Date: Tue, 15 Aug 2023 15:42:52 +1000 Subject: [PATCH 1/8] added tokenclaims type --- .../toolchain.dev.openshift.com_usersignups.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml b/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml index 2aae69b64..1dca30de1 100644 --- a/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml +++ b/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml @@ -104,6 +104,21 @@ spec: description: The cluster in which the user is provisioned in If not set then the target cluster will be picked automatically type: string + tokenClaims: + description: TokenClaims contains as-is claim values extracted from + the user's access token + properties: + accountID: + description: AccountID contains the value of the 'account_id' + claim + type: string + sub: + description: Sub contains the value of the 'sub' claim + type: string + userID: + description: UserID contains the value of the 'user_id' claim + type: string + type: object userid: description: The user's user ID, obtained from the identity provider from the 'sub' (subject) claim From c71aa9c19bd84e520d269e50e5f619a56c329adc Mon Sep 17 00:00:00 2001 From: Shane Bryzak Date: Wed, 16 Aug 2023 09:08:52 +1000 Subject: [PATCH 2/8] generated from api --- ...olchain.dev.openshift.com_usersignups.yaml | 41 ++++++++++++------- 1 file changed, 26 insertions(+), 15 deletions(-) diff --git a/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml b/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml index 1dca30de1..f1aa37b3a 100644 --- a/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml +++ b/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml @@ -88,6 +88,32 @@ spec: givenName: description: The user's first name, obtained from the identity provider. type: string + identitytokenClaims: + description: IdentityClaims contains as-is claim values extracted + from the user's access token + properties: + accountID: + description: AccountID contains the value of the 'account_id' + claim + type: string + company: + description: Company contains the value of the 'company' claim + type: string + familyName: + description: FamilyName contains the value of the 'family_name' + claim + type: string + givenName: + description: GivenName contains the value of the 'given_name' + claim + type: string + sub: + description: Sub contains the value of the 'sub' claim + type: string + userID: + description: UserID contains the value of the 'user_id' claim + type: string + type: object originalSub: description: OriginalSub is an optional property temporarily introduced for the purpose of migrating the users to a new IdP provider client, @@ -104,21 +130,6 @@ spec: description: The cluster in which the user is provisioned in If not set then the target cluster will be picked automatically type: string - tokenClaims: - description: TokenClaims contains as-is claim values extracted from - the user's access token - properties: - accountID: - description: AccountID contains the value of the 'account_id' - claim - type: string - sub: - description: Sub contains the value of the 'sub' claim - type: string - userID: - description: UserID contains the value of the 'user_id' claim - type: string - type: object userid: description: The user's user ID, obtained from the identity provider from the 'sub' (subject) claim From 97c735d8807d2f2ddc00a3fc650cc35408fcea7c Mon Sep 17 00:00:00 2001 From: Shane Bryzak Date: Tue, 22 Aug 2023 08:57:26 +1000 Subject: [PATCH 3/8] regenerated --- .../crd/bases/toolchain.dev.openshift.com_usersignups.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml b/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml index f1aa37b3a..f1b8a3495 100644 --- a/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml +++ b/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml @@ -107,6 +107,11 @@ spec: description: GivenName contains the value of the 'given_name' claim type: string + originalSub: + description: OriginalSub is an optional property temporarily introduced + for the purpose of migrating the users to a new IdP provider + client, and contains the user's "original-sub" claim + type: string sub: description: Sub contains the value of the 'sub' claim type: string From c2e85c11225b71f7a8fd0fe049ca2a8a1122ef01 Mon Sep 17 00:00:00 2001 From: Shane Bryzak Date: Wed, 6 Sep 2023 21:20:45 +1000 Subject: [PATCH 4/8] added PropagatedClaims to MasterUserRecord type --- ...in.dev.openshift.com_masteruserrecords.yaml | 18 ++++++++++++++++++ ...oolchain.dev.openshift.com_usersignups.yaml | 5 ++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/config/crd/bases/toolchain.dev.openshift.com_masteruserrecords.yaml b/config/crd/bases/toolchain.dev.openshift.com_masteruserrecords.yaml index bf13934f8..644d55dde 100644 --- a/config/crd/bases/toolchain.dev.openshift.com_masteruserrecords.yaml +++ b/config/crd/bases/toolchain.dev.openshift.com_masteruserrecords.yaml @@ -69,6 +69,24 @@ spec: for the purpose of migrating the users to a new IdP provider client, and contains the user's "original-sub" claim type: string + propagatedClaims: + description: PropagatedClaims contains a selection of claim values + from the SSO Identity Provider which are intended to be "propagated" + down the resource dependency chain + properties: + accountID: + description: AccountID contains the value of the 'account_id' + claim + type: string + originalSub: + description: OriginalSub is an optional property temporarily introduced + for the purpose of migrating the users to a new IdP provider + client, and contains the user's "original-sub" claim + type: string + userID: + description: UserID contains the value of the 'user_id' claim + type: string + type: object tierName: description: TierName is an optional property introduced to retain the name of the tier for which the Dev Sandbox user is provisioned, diff --git a/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml b/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml index f1b8a3495..fda5304d7 100644 --- a/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml +++ b/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml @@ -88,7 +88,7 @@ spec: givenName: description: The user's first name, obtained from the identity provider. type: string - identitytokenClaims: + identityClaims: description: IdentityClaims contains as-is claim values extracted from the user's access token properties: @@ -99,6 +99,9 @@ spec: company: description: Company contains the value of the 'company' claim type: string + email: + description: Email contains the user's email address + type: string familyName: description: FamilyName contains the value of the 'family_name' claim From b91b138aa75c410e8acc566e1116d39ef43ae988 Mon Sep 17 00:00:00 2001 From: Shane Bryzak Date: Thu, 7 Sep 2023 19:26:15 +1000 Subject: [PATCH 5/8] regenerated --- config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml b/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml index fda5304d7..b78adb384 100644 --- a/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml +++ b/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml @@ -121,6 +121,8 @@ spec: userID: description: UserID contains the value of the 'user_id' claim type: string + required: + - email type: object originalSub: description: OriginalSub is an optional property temporarily introduced From 3d8d64cfe12c9bce23bb482350c7822003d8b72c Mon Sep 17 00:00:00 2001 From: Shane Bryzak Date: Thu, 7 Sep 2023 21:10:35 +1000 Subject: [PATCH 6/8] regenerated --- config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml b/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml index b78adb384..064afdac0 100644 --- a/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml +++ b/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml @@ -115,6 +115,9 @@ spec: for the purpose of migrating the users to a new IdP provider client, and contains the user's "original-sub" claim type: string + preferredUsername: + description: PreferredUsername contains the user's username + type: string sub: description: Sub contains the value of the 'sub' claim type: string From 5bc48a475348c99e91037283e2f93ad616d5ae5d Mon Sep 17 00:00:00 2001 From: Shane Bryzak Date: Fri, 8 Sep 2023 05:18:45 +1000 Subject: [PATCH 7/8] regenerated --- config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml b/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml index 064afdac0..7697eab01 100644 --- a/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml +++ b/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml @@ -126,6 +126,7 @@ spec: type: string required: - email + - preferredUsername type: object originalSub: description: OriginalSub is an optional property temporarily introduced From b2811fcb874ef1dbfb876b369535e89bb6ea0c22 Mon Sep 17 00:00:00 2001 From: Shane Bryzak Date: Fri, 8 Sep 2023 15:08:50 +1000 Subject: [PATCH 8/8] regenerated --- .../bases/toolchain.dev.openshift.com_masteruserrecords.yaml | 5 +++++ .../crd/bases/toolchain.dev.openshift.com_usersignups.yaml | 1 + 2 files changed, 6 insertions(+) diff --git a/config/crd/bases/toolchain.dev.openshift.com_masteruserrecords.yaml b/config/crd/bases/toolchain.dev.openshift.com_masteruserrecords.yaml index 644d55dde..cc26bbf18 100644 --- a/config/crd/bases/toolchain.dev.openshift.com_masteruserrecords.yaml +++ b/config/crd/bases/toolchain.dev.openshift.com_masteruserrecords.yaml @@ -83,9 +83,14 @@ spec: for the purpose of migrating the users to a new IdP provider client, and contains the user's "original-sub" claim type: string + sub: + description: Sub contains the value of the 'sub' claim + type: string userID: description: UserID contains the value of the 'user_id' claim type: string + required: + - sub type: object tierName: description: TierName is an optional property introduced to retain diff --git a/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml b/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml index 7697eab01..22e7bdaae 100644 --- a/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml +++ b/config/crd/bases/toolchain.dev.openshift.com_usersignups.yaml @@ -127,6 +127,7 @@ spec: required: - email - preferredUsername + - sub type: object originalSub: description: OriginalSub is an optional property temporarily introduced