Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

salt,ui: Prefix OIDC claims with oidc: #3054

Merged
merged 1 commit into from
Jan 21, 2021
Merged

salt,ui: Prefix OIDC claims with oidc: #3054

merged 1 commit into from
Jan 21, 2021

Conversation

alexandre-allard
Copy link
Contributor

Component: salt, ui

Context:

Summary:

Acceptance criteria:

Closes: #3051

@alexandre-allard alexandre-allard requested a review from a team as a code owner January 19, 2021 17:36
@bert-e
Copy link
Contributor

bert-e commented Jan 19, 2021

Hello alexandre-allard-scality,

My role is to assist you with the merge of this
pull request. Please type @bert-e help to get information
on this process, or consult the user documentation.

Status report is not available.

@bert-e
Copy link
Contributor

bert-e commented Jan 19, 2021

Waiting for approval

The following approvals are needed before I can proceed with the merge:

  • the author

  • one peer

Peer approvals must include at least 1 approval from the following list:

NicolasT
NicolasT reviewed Jan 19, 2021
View reviewed changes
ui/src/services/salt/api.js
@@ -13,7 +13,7 @@ export function initialize(apiUrl) {
export function authenticate(user) {
var payload = {
eauth: 'kubernetes_rbac',
username: user.profile.email,
username: `oidc:${user.profile.email}`,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this be done on the Salt eauth side instead?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No because Salt eauth module can also authenticate other types of users (especially thinking about the storage-operator ServiceAccount). The UI knows that this user is coming from OIDC, so it seems reasonable to handle it like this.

@alexandre-allard alexandre-allard force-pushed the improvement/3051-prefix-oidc-claims branch from 2617414 to 2f851c6 Compare January 19, 2021 17:47
@bert-e
Copy link
Contributor

bert-e commented Jan 19, 2021

Branches have diverged

This pull request's source branch improvement/3051-prefix-oidc-claims has diverged from
development/2.8 by more than 50 commits.

To avoid any integration risks, please re-synchronize them using one of the
following solutions:

  • Merge origin/development/2.8 into improvement/3051-prefix-oidc-claims
  • Rebase improvement/3051-prefix-oidc-claims onto origin/development/2.8

Note: If you choose to rebase, you may have to ask me to rebuild
integration branches using the reset command.

@gdemonet
Copy link
Contributor

This warrants a changelog entry, and a documentation update for how to create (Cluster)RoleBindings.

@alexandre-allard alexandre-allard force-pushed the improvement/3051-prefix-oidc-claims branch from 2f851c6 to 5968792 Compare January 20, 2021 15:07
@bert-e
Copy link
Contributor

bert-e commented Jan 20, 2021

Waiting for approval

The following approvals are needed before I can proceed with the merge:

  • the author

  • one peer

Peer approvals must include at least 1 approval from the following list:

@alexandre-allard
salt,ui: Prefix OIDC claims with oidc:
b014b24 
This is needed to avoid name collision between
different authentication plugins.

Refs: #3051
@alexandre-allard alexandre-allard force-pushed the improvement/3051-prefix-oidc-claims branch from 5968792 to b014b24 Compare January 20, 2021 17:07
@alexandre-allard
Copy link
Contributor Author

/approve

@bert-e
Copy link
Contributor

bert-e commented Jan 21, 2021

Waiting for approval

The following approvals are needed before I can proceed with the merge:

  • the author

  • one peer

Peer approvals must include at least 1 approval from the following list:

The following options are set: approve

@bert-e
Copy link
Contributor

bert-e commented Jan 21, 2021

In the queue

The changeset has received all authorizations and has been added to the
relevant queue(s). The queue(s) will be merged in the target development
branch(es) as soon as builds have passed.

The changeset will be merged in:

  • ✔️ development/2.8

The following branches will NOT be impacted:

  • development/1.0
  • development/1.1
  • development/1.2
  • development/1.3
  • development/2.0
  • development/2.1
  • development/2.2
  • development/2.3
  • development/2.4
  • development/2.5
  • development/2.6
  • development/2.7

There is no action required on your side. You will be notified here once
the changeset has been merged. In the unlikely event that the changeset
fails permanently on the queue, a member of the admin team will
contact you to help resolve the matter.

IMPORTANT

Please do not attempt to modify this pull request.

  • Any commit you add on the source branch will trigger a new cycle after the
    current queue is merged.
  • Any commit you add on one of the integration branches will be lost.

If you need this pull request to be removed from the queue, please contact a
member of the admin team now.

The following options are set: approve

@bert-e
Copy link
Contributor

bert-e commented Jan 21, 2021

I have successfully merged the changeset of this pull request
into targetted development branches:

  • ✔️ development/2.8

The following branches have NOT changed:

  • development/1.0
  • development/1.1
  • development/1.2
  • development/1.3
  • development/2.0
  • development/2.1
  • development/2.2
  • development/2.3
  • development/2.4
  • development/2.5
  • development/2.6
  • development/2.7

Please check the status of the associated issue None.

Goodbye alexandre-allard-scality.

@bert-e bert-e merged commit 73b2df0 into development/2.8 Jan 21, 2021
@bert-e bert-e deleted the improvement/3051-prefix-oidc-claims branch January 21, 2021 11:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@NicolasT NicolasT NicolasT left review comments

@gdemonet gdemonet gdemonet approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Prepend OIDC claims with prefix
4 participants
@alexandre-allard @bert-e @gdemonet @NicolasT