feat: add ability to change default scopes (#236)

Release-As: v17.5.1-uds.2

charts/config/templates/uds-package.yaml

@@ -13,7 +13,12 @@ spec:
       clientId: uds-swf-gitlab
       redirectUris:
         - "https://gitlab.{{ .Values.domain }}/users/auth/openid_connect/callback"
-
+      defaultClientScopes:
+      {{- if .Values.sso.defaultClientScopes }}
+        {{- range .Values.sso.defaultClientScopes }}
+          - "{{ . }}"
+        {{- end }}
+      {{- end }}
       secretName: {{ .Values.sso.secretName }}
       secretTemplate:
         # GitLab expects a providers JSON file that is documented more here: https://gitlab-org.gitlab.io/technical-writing-group/gitlab-docs-hugo/administration/auth/oidc/
@@ -55,11 +60,16 @@ spec:
 
       protocol: saml
       defaultClientScopes:
+      {{- if .Values.sso.defaultClientScopes }}
+        {{- range .Values.sso.defaultClientScopes }}
+          - "{{ . }}"
+        {{- end }}
+      {{- else }}
         - "mapper-saml-email-email"
         - "mapper-saml-firstname-first_name"
         - "mapper-saml-lastname-last_name"
         - "mapper-saml-grouplist-groups"
-
+      {{- end }}
       attributes:
         saml.client.signature: "false"
 

charts/config/values.yaml

@@ -17,6 +17,8 @@ sso:
   # Note: the following settings only apply when using `saml`
   requiredGroups: []
   adminGroups: ["/GitLab Admin", "/UDS Core/Admin"]
+  # This will replace the current list of default scopes.
+  defaultClientScopes: []
 storage:
   internal: true  # Set to false to use external storage
   selector:

tasks.yaml

@@ -62,8 +62,6 @@ tasks:
     actions:
       # TODO Delete dependencies.yaml after next releaser
       - task: upgrade:create-latest-tag-bundle
-        with:
-          dep_commands: ./uds run dependencies:create
       - task: setup:k3d-test-cluster
       - task: deploy:test-bundle
       - task: compliance:validate