feat: expose requiredGroups in sso config

bundle/uds-bundle.yaml

@@ -85,6 +85,9 @@ packages:
             - name: GITLAB_ADMIN_GROUPS
               description: "Array of group names that grant admin role gitlab when saml protocol is active."
               path: "sso.adminGroups"
+            - name: GITLAB_REQUIRED_GROUPS
+              description: "Array of group names that are required for GitLab acess."
+              path: "sso.requiredGroups"
           values:
             # TODO: (@WSTARR) The below two overrides will no longer be needed after the next release
             - path: redis.namespace

bundle/uds-config.yaml

@@ -16,6 +16,7 @@ variables:
   gitlab:
     DISABLE_REGISTRY_REDIRECT: "true"
     GITLAB_PAGES_ENABLED: true
+    GITLAB_REQUIRED_GROUPS: [] # ["/GitLab"]
     GITLAB_ADMIN_GROUPS: ["/GitLab Admin", "/UDS Core/Admin"]
     GITLAB_SSO_PROTOCOL: saml
     # # Overrides for scaled down cluster for local dev and CI

chart/templates/uds-package.yaml

@@ -68,6 +68,7 @@ spec:
             "name":"saml",
             "label":"SSO",
             "groups_attribute": "Groups",
+            "required_groups": {{ .Values.sso.requiredGroups | toJson }},
             "admin_groups": {{ .Values.sso.adminGroups | toJson }},
             "args":{
                 "assertion_consumer_service_url": "https://gitlab.{{ .Values.domain }}/users/auth/saml/callback",

chart/values.yaml

@@ -3,6 +3,8 @@ sso:
   enabled: true
   protocol: saml
   secretName: gitlab-sso
+  # Note: the following settings only apply when using `saml`
+  requiredGroups: []
   adminGroups: ["/GitLab Admin", "/UDS Core/Admin"]
 storage:
   # Set to false to use external storage