Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prepend OIDC claims with prefix #3051

Closed
alexandre-allard opened this issue Jan 18, 2021 · 0 comments · Fixed by #3054
Closed

Prepend OIDC claims with prefix #3051

alexandre-allard opened this issue Jan 18, 2021 · 0 comments · Fixed by #3054
Assignees
@alexandre-allard
Labels
complexity:easy Something that requires less than a day to fix kind:debt Technical debt

Comments

@alexandre-allard
Copy link
Contributor

Component: salt, apiserver, ui

Why this is needed:
To prevent naming clashes with other authentication plugins.

What should be done:
We must preprend OIDC claims (username and groups) with a prefix (e.g. oidc:).

Implementation proposal (strongly recommended):
Add --oidc-username-prefix=oidc: and --oidc-groups-prefix=oidc: options to apiserver.
Update dex-administrator ClusterRoleBinding with the prefix.
Adapt UI to use the prefix to authenticate with Salt API.

Test plan:
@alexandre-allard alexandre-allard added the kind:debt Technical debt label Jan 18, 2021
@alexandre-allard alexandre-allard self-assigned this Jan 18, 2021
@alexandre-allard alexandre-allard added the complexity:easy Something that requires less than a day to fix label Jan 18, 2021
alexandre-allard added a commit that referenced this issue Jan 18, 2021
@alexandre-allard
salt,ui: Prefix OIDC claims with oidc:
bee91f1 
This is needed to avoid name collision between
different authentication plugins.

Refs: #3051
alexandre-allard added a commit that referenced this issue Jan 18, 2021
@alexandre-allard
salt,ui: Prefix OIDC claims with oidc:
c08f96d 
This is needed to avoid name collision between
different authentication plugins.

Refs: #3051
alexandre-allard added a commit that referenced this issue Jan 19, 2021
@alexandre-allard
salt,ui: Prefix OIDC claims with oidc:
2617414 
This is needed to avoid name collision between
different authentication plugins.

Refs: #3051
@alexandre-allard alexandre-allard mentioned this issue Jan 19, 2021
Merged
alexandre-allard added a commit that referenced this issue Jan 19, 2021
@alexandre-allard
salt,ui: Prefix OIDC claims with oidc:
2f851c6 
This is needed to avoid name collision between
different authentication plugins.

Refs: #3051
alexandre-allard added a commit that referenced this issue Jan 20, 2021
@alexandre-allard
salt,ui: Prefix OIDC claims with oidc:
5968792 
This is needed to avoid name collision between
different authentication plugins.

Refs: #3051
alexandre-allard added a commit that referenced this issue Jan 20, 2021
@alexandre-allard
salt,ui: Prefix OIDC claims with oidc:
b014b24 
This is needed to avoid name collision between
different authentication plugins.

Refs: #3051
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alexandre-allard alexandre-allard

Labels
complexity:easy Something that requires less than a day to fix kind:debt Technical debt
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

salt,ui: Prefix OIDC claims with oidc: scality/metalk8s
1 participant
@alexandre-allard