Skip to content

Commit

Permalink
Remove oidc_enabled
Browse files Browse the repository at this point in the history
  • Loading branch information
@okozachenko1203
okozachenko1203 committed Jun 27, 2023
1 parent c113708 commit a04f956
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 47 deletions.
42 changes: 18 additions & 24 deletions docs/user/labels.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -149,11 +149,12 @@ deployment process.

## OIDC

* `oidc_enabled`
* `oidc_issuer_url`

Enable OpenID Connect for the kube-api login.
The URL of the OpenID issuer, only HTTPS scheme will be accepted. If set, it
will be used to verify the OIDC JSON Web Token (JWT).

Default value: `false`
Default value: ``

* `oidc_client_id`

Expand All @@ -162,27 +163,6 @@ deployment process.

Default value: ``

* `oidc_groups_claim`

If provided, the name of a custom OpenID Connect claim for specifying user
groups. The claim value is expected to be a string or array of strings.

Default value: ``

* `oidc_groups_prefix`

If provided, all groups will be prefixed with this value to prevent conflicts
with other authentication strategies.

Default value: ``

* `oidc_issuer_url`

The URL of the OpenID issuer, only HTTPS scheme will be accepted. If set, it
will be used to verify the OIDC JSON Web Token (JWT).

Default value: ``

* `oidc_username_claim`

The OpenID claim to use as the user name.
Expand All @@ -197,6 +177,20 @@ deployment process.

Default value: `-`

* `oidc_groups_claim`

If provided, the name of a custom OpenID Connect claim for specifying user
groups. The claim value is expected to be a string or array of strings.

Default value: ``

* `oidc_groups_prefix`

If provided, all groups will be prefixed with this value to prevent conflicts
with other authentication strategies.

Default value: ``

## OpenStack

* `fixed_subnet_cidr`
Expand Down
39 changes: 16 additions & 23 deletions magnum_cluster_api/resources.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -757,22 +757,18 @@ def get_object(self) -> objects.ClusterClass:
"openAPIV3Schema": {
"type": "object",
"required": [
"enabled",
"oidcClientId",
"oidcIssuerUrl",
"oidcClientId",
"oidcUsernameClaim",
"oidcUsernamePrefix",
"oidcGroupsClaim",
"oidcGroupsPrefix",
],
"properties": {
"enabled": {
"type": "boolean",
},
"oidcClientId": {
"oidcIssuerUrl": {
"type": "string",
},
"oidcIssuerUrl": {
"oidcClientId": {
"type": "string",
},
"oidcUsernameClaim": {
Expand Down Expand Up @@ -1042,7 +1038,7 @@ def get_object(self) -> objects.ClusterClass:
},
{
"name": "apiServerOIDC",
"enabledIf": "{{ if .apiServerOIDC.enabled }}true{{end}}",
"enabledIf": "{{ if .apiServerOIDC.oidcIssuerUrl }}true{{end}}",
"definitions": [
{
"selector": {
Expand All @@ -1055,33 +1051,33 @@ def get_object(self) -> objects.ClusterClass:
"jsonPatches": [
{
"op": "add",
"path": "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs/oidc-client-id", # noqa: E501
"value": "{{ .apiServerOIDC.oidcClientId }}",
"path": "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs/oidc-issuer-url", # noqa: E501
"value": "{{ .apiServerOIDC.oidcIssuerUrl }}",
},
{
"op": "add",
"path": "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs/oidc-groups-claim", # noqa: E501
"value": "{{ .apiServerOIDC.oidcGroupsClaim }}",
"path": "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs/oidc-client-id", # noqa: E501
"value": "{{ .apiServerOIDC.oidcClientId }}",
},
{
"op": "add",
"path": "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs/oidc-groups-prefix", # noqa: E501
"value": "{{ .apiServerOIDC.oidcGroupsPrefix }}",
"path": "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs/oidc-username-claim", # noqa: E501
"value": "{{ .apiServerOIDC.oidcUsernameClaim }}",
},
{
"op": "add",
"path": "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs/oidc-issuer-url", # noqa: E501
"value": "{{ .apiServerOIDC.oidcIssuerUrl }}",
"path": "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs/oidc-username-prefix", # noqa: E501
"value": "{{ .apiServerOIDC.oidcUsernamePrefix }}",
},
{
"op": "add",
"path": "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs/oidc-username-claim", # noqa: E501
"value": "{{ .apiServerOIDC.oidcUsernameClaim }}",
"path": "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs/oidc-groups-claim", # noqa: E501
"value": "{{ .apiServerOIDC.oidcGroupsClaim }}",
},
{
"op": "add",
"path": "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs/oidc-username-prefix", # noqa: E501
"value": "{{ .apiServerOIDC.oidcUsernamePrefix }}",
"path": "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs/oidc-groups-prefix", # noqa: E501
"value": "{{ .apiServerOIDC.oidcGroupsPrefix }}",
},
],
}
Expand Down Expand Up @@ -1615,9 +1611,6 @@ def get_object(self) -> objects.Cluster:
{
"name": "apiServerOIDC",
"value": {
"enabled": utils.get_cluster_label_as_bool(
self.cluster, "oidc_enabled", False
),
"oidcClientId": utils.get_cluster_label(
self.cluster, "oidc_client_id", ""
),
Expand Down

0 comments on commit a04f956

Please sign in to comment.