-
Notifications
You must be signed in to change notification settings - Fork 3.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add CreatorUsername label when user is signed in via SSO. Fixes… #7109
Conversation
…rgoproj#7099 Signed-off-by: Nityananda Gohain <nityanandagohain@gmail.com> Signed-off-by: nityanandagohain <nityanandagohain@gmail.com>
46dd512
to
3c93b35
Compare
@alexec a gentle reminder for the workflow approval, thanks :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If this PR is ready for review, you should mark it as ready on Github :)
server/auth/types/claims.go
Outdated
@@ -14,6 +14,7 @@ type Claims struct { | |||
Email string `json:"email,omitempty"` | |||
EmailVerified bool `json:"email_verified,omitempty"` | |||
ServiceAccountName string `json:"service_account_name,omitempty"` | |||
Username string `json:"preferred_username,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why preferred_username
instead of username
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since preferred_username
is a standard claim that's why used it.
ref https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
do you think we should give an option to change/override it just like we do for groups i.e customGroupClaimName
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe change field name to match the JSON?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes we can do that or add to the docs that perferred_username
claim will be used for username ?
What would you suggest ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It think qualification is good
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sorry, but I am not able to comprehend what you are suggesting.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @alexec please help me on how should I proceed here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think field names should match JSON name, i.e. this should be
PreferredUsername string `json:"preferred_username,omitempty"`
workflow/common/common.go
Outdated
LabelKeyCreatorEmail = workflow.WorkflowFullName + "/creator-email" | ||
LabelKeyCreator = workflow.WorkflowFullName + "/creator" | ||
LabelKeyCreatorEmail = workflow.WorkflowFullName + "/creator-email" | ||
LabelKeyCreatorUsername = workflow.WorkflowFullName + "/creator-username" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we be honest(?) here? The value is not username
is is in fact the user preferred username
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, makes sense. I will make the changes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
made the changes, but will require a workflow approval again.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changes requested
Signed-off-by: nityanandagohain <nityanandagohain@gmail.com>
Hi, I'm using argo workflows version v3.2.9 and trying to use the creator username label {{workflow.labels.workflows.argoproj.io/creator-preferred-username}} but its not working although this feature should be implemented in the version i'm using, also in the user info i don't see the preferred username I only see email |
If the response from your IDP provider contains @MarahAbu can you check if you have added the correct scope in Argo config, if required by your IDP ? |
closes #7099
Signed-off-by: Nityananda Gohain nityanandagohain@gmail.com
Don't bother creating a PR until you've done this:
make pre-commit -B
to fix codegen, lint, and commit message problems.Create your PR as a draft.
does not need to pass.
Tips: