Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Corrects OIDC group parsing in case userinfo_endpoint is not OIDC compliant #19772

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Corrects OIDC group parsing in case userinfo_endpoint is not OIDC compliant #19772

wants to merge 1 commit into from

Conversation

vbob
Copy link

@vbob vbob commented Dec 27, 2023
edited by Vad1mo

Comprehensive Summary of your change

Issue being fixed

Fixes #19756

Please indicate you've done the following:

  • Well Written Title and Summary of the PR
  • Label the PR as needed. "release-note/ignore-for-release, release-note/new-feature, release-note/update, release-note/enhancement, release-note/community, release-note/breaking-change, release-note/docs, release-note/infra, release-note/deprecation"
  • Accepted the DCO. Commits without the DCO will delay acceptance.
  • Made sure tests are passing and test coverage is added if needed.
  • Considered the docs impact and opened a new docs issue or PR with docs changes if needed in website repository.

@vbob vbob requested a review from a team as a code owner December 27, 2023 18:37
@vbob
Corrects OIDC group parsing in case userinfo_endpoint is not OIDC com…
7b60ac9 
…pliant

Signed-off-by: Vitor <vitor.barth@gmail.com>
reasonerjt
reasonerjt reviewed Dec 28, 2023
View reviewed changes
src/pkg/oidc/helper.go
@@ -403,6 +403,10 @@ func groupsFromClaims(gp claimsProvider, k string) ([]string, bool) {
}
res = append(res, s)
}
// if remote.Groups is not a []string, but local.Groups is, this will create a fallback
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO, given remote/local are not declared in this func, this chunk should also be moved out...

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO, given remote/local are not declared in this func, this chunk should also be moved out...

It makes sense, but IMO a comment in this location is necessary to explain this conditional.

What are your thoughts on changing the wording to something like

in case all elements of the groupClaim are invalid, this creates a fallback to the next groupClaim?

@Vad1mo Vad1mo added the release-note/enhancement Label to mark PR to be added under release notes as enhancement label Jan 9, 2024
@github-actions GitHub Actions
Copy link

This PR is being marked stale due to a period of inactivty. If this PR is still relevant, please comment or remove the stale label. Otherwise, this PR will close in 30 days.

@github-actions github-actions bot added the Stale label Mar 10, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 9, 2024

This PR was closed because it has been stalled for 30 days with no activity. If this PR is still relevant, please re-open a new PR against main.

@github-actions github-actions bot closed this Apr 9, 2024
@Vad1mo Vad1mo removed the Stale label Apr 9, 2024
@Vad1mo Vad1mo reopened this Apr 9, 2024
@Vad1mo
Copy link
Member

Vad1mo commented Apr 9, 2024

@vbob @reasonerjt any progress on this PR?

@codecov Codecov
Copy link

codecov bot commented Apr 9, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 46.10%. Comparing base (e397e86) to head (7b60ac9).
Report is 101 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@             Coverage Diff             @@
##             main   #19772       +/-   ##
===========================================
- Coverage   67.54%   46.10%   -21.45%     
===========================================
  Files         991      246      -745     
  Lines      109167    13565    -95602     
  Branches     2719     2781       +62     
===========================================
- Hits        73742     6254    -67488     
+ Misses      31461     6993    -24468     
+ Partials     3964      318     -3646
Flag Coverage Δ
unittests 46.10% <ø> (-21.45%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 1237 files with indirect coverage changes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@reasonerjt reasonerjt reasonerjt left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

@Vad1mo Vad1mo

@stonezdj stonezdj

@OrlinVasilev OrlinVasilev

@AllForNothing AllForNothing

@chlins chlins

Labels
release-note/enhancement Label to mark PR to be added under release notes as enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Improve Group Claim compatibility with custom OIDC providers
7 participants
@vbob @Vad1mo @reasonerjt @stonezdj @OrlinVasilev @AllForNothing @chlins