Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(oidc): email claim configuration #324

Merged
merged 3 commits into from
Jul 6, 2022
Merged

feat(oidc): email claim configuration #324

merged 3 commits into from
Jul 6, 2022

Conversation

karatkep
Copy link
Contributor

@karatkep karatkep commented Jul 5, 2022
edited
Loading

What does this PR do?

This is a continuation of improvements to deploy Che on Azure AKS in a way that after we taught Che to leverage access_token instead of id_token to access AKS, we need to able to configure email's claim's name (hardcoded to email and cannot be changed in current version) in Che-server.

This PR adds support of CHE_OIDC_EMAIL__CLAIM to configure email's claim's name:

spec:
  components:
    cheServer:
      extraProperties:
        CHE_OIDC_EMAIL__CLAIM: unique_name

Screenshot/screencast of this PR

What issues does this PR fix or reference?

eclipse-che/che#21515

How to test this PR?

I have just tested this change on Azure AKS integrated with Azure AD.
Che-server image: docker.io/karatkep/che-server:21515-email-claim-configuration
CheCluster patch:

spec:
  networking:
    auth:
      identityProviderURL: https://sts.windows.net/{TENANT_ID}/v2.0/
      identityToken: access_token
      oAuthClientName: {CLIENT_ID}
      oAuthSecret: {CLIENT_SECRET}
      oAuthScope: openid email profile 6dae42f8-4368-4678-94ff-3960e28e3630/.default
  components:
    cheServer:
      extraProperties:
        CHE_OIDC_AUTH__SERVER__URL: https://sts.windows.net/{TENANT_ID}/v2.0/
        CHE_OIDC_EMAIL__CLAIM: unique_name

chectl command to deploy:

chectl server:deploy --platform=k8s --installer=operator \
--cheimage=docker.io/karatkep/che-server:21515-email-claim-configuration \
--skip-oidc-provider-check \
--skip-cert-manager \
--che-operator-cr-patch-yaml=che.yml

PR Checklist

As the author of this Pull Request I made sure that:

Reviewers

Reviewers, please comment how you tested the PR when approving it.

@karatkep karatkep mentioned this pull request Jul 5, 2022
Closed
sparkoo
sparkoo approved these changes Jul 6, 2022
View reviewed changes
Copy link
Member

@sparkoo sparkoo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm. I haven't tested it.

@tolusha tolusha merged commit 1d87137 into eclipse-che:main Jul 6, 2022
@che-bot che-bot added this to the 7.51 milestone Jul 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sparkoo sparkoo sparkoo approved these changes

@tolusha tolusha tolusha approved these changes

@ibuziuk ibuziuk Awaiting requested review from ibuziuk ibuziuk is a code owner

@nickboldt nickboldt Awaiting requested review from nickboldt

@themr0c themr0c Awaiting requested review from themr0c

@MichalMaler MichalMaler Awaiting requested review from MichalMaler

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
7.51
Development

Successfully merging this pull request may close these issues.
4 participants
@karatkep @sparkoo @tolusha @che-bot