fix: harbor user auto-onboard (#99)

* feat: harbor auto onboard configurable via env * fix: harbor user autoonboard
linode · Feb 9, 2024 · 69f02d9 · 69f02d9
1 parent 2479a8c
commit 69f02d9
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 5 deletions.
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -13,16 +13,16 @@
   },
   "[typescript]": {
     "editor.codeActionsOnSave": {
-      "source.fixAll": true,
-      "source.organizeImports": true
+      "source.fixAll": "explicit",
+      "source.organizeImports": "explicit"
     },
     "editor.defaultFormatter": "dbaeumer.vscode-eslint"
   },
   "[yaml]": {
     "editor.defaultFormatter": "esbenp.prettier-vscode"
   },
   "editor.codeActionsOnSave": {
-    "source.fixAll": true
+    "source.fixAll": "explicit"
   },
   "editor.defaultFormatter": "dbaeumer.vscode-eslint",
   "editor.formatOnSave": true,

diff --git a/src/tasks/harbor/harbor.ts b/src/tasks/harbor/harbor.ts
@@ -24,8 +24,10 @@ import {
   HARBOR_BASE_URL,
   HARBOR_PASSWORD,
   HARBOR_USER,
+  OIDC_AUTO_ONBOARD,
   OIDC_CLIENT_SECRET,
   OIDC_ENDPOINT,
+  OIDC_USER_CLAIM,
   OIDC_VERIFY_CERT,
   TEAM_IDS,
   cleanEnv,
@@ -36,6 +38,8 @@ const env = cleanEnv({
   HARBOR_BASE_REPO_URL,
   HARBOR_PASSWORD,
   HARBOR_USER,
+  OIDC_USER_CLAIM,
+  OIDC_AUTO_ONBOARD,
   OIDC_CLIENT_SECRET,
   OIDC_ENDPOINT,
   OIDC_VERIFY_CERT,
@@ -93,8 +97,8 @@ const config: any = {
   oidc_name: 'otomi',
   oidc_scope: 'openid',
   oidc_verify_cert: env.OIDC_VERIFY_CERT,
-  oidc_user_claim: 'otomi',
-  oidc_auto_onboard: true,
+  oidc_user_claim: env.OIDC_USER_CLAIM,
+  oidc_auto_onboard: env.OIDC_AUTO_ONBOARD,
   project_creation_restriction: 'adminonly',
   robot_name_prefix: robotPrefix,
   self_registration: false,

diff --git a/src/validators.ts b/src/validators.ts
@@ -64,6 +64,8 @@ export const NODE_TLS_REJECT_UNAUTHORIZED = bool({ default: true })
 export const OIDC_CLIENT_SECRET = str({ desc: 'The OIDC client secret used by keycloak to access the IDP' })
 export const OIDC_ENDPOINT = str({ desc: 'The OIDC endpoint used by keycloak to access the IDP' })
 export const OIDC_VERIFY_CERT = bool({ desc: 'Wether to validate the OIDC endpoint cert', default: true })
+export const OIDC_USER_CLAIM = str({ desc: 'Claim name containing username values', default: 'email' })
+export const OIDC_AUTO_ONBOARD = bool({ desc: 'Wether users should be automatically onboarded', default: true })
 export const OTOMI_VALUES = json({ desc: 'The main values such as cluster.* otomi.* teamConfig.*', default: {} })
 export const OTOMI_SCHEMA_PATH = str({ desc: 'The path to the values-schema.yaml schema file' })
 export const OTOMI_ENV_DIR = str({ desc: 'The path to the otomi-values folder' })