Details
-
Bug
-
Resolution: Done
-
Blocker
-
None
-
None
-
None
-
False
-
None
-
False
-
Hypershift Sprint 23
-
0
-
0
-
0
Description
Groups claim has been introduced in OCP 4.10 for OpenID and allows group syncing for OpenID providers.
This claim is not currently synchronized in HyperShift when building the OAuth Config in https://github.com/openshift/hypershift/blob/main/control-plane-operator/controllers/hostedcontrolplane/oauth/idp_convert.go#L353
This is impacting IBM testing as they use this feature
HC snip
spec:
autoscaling: {}
clusterID: fe49d8bf-9bc5-4091-8111-c3b4e58bdd77
configuration:
oauth:
identityProviders:
- mappingMethod: claim
name: openid
openID:
ca:
name: ""
claims:
email:
- email
groups:
- groupIds
name:
- email
preferredUsername:
- preferred_username
clientID: 396617906303-5004hl05t6gnk1bioggbdhhcj0kifv00.apps.googleusercontent.com
clientSecret:
name: idp-client-secret-21l96s0a0gu796ef9t69ebhjfdlndo1s-f9q2t1e8
issuer: https://accounts.google.com
type: OpenID
OAuth ConfigMap generated
name: openid
provider:
apiVersion: osin.config.openshift.io/v1
ca: ""
claims:
email:
- email
groups: null
id:
- sub
name:
- email
preferredUsername:
- preferred_username
clientID: 396617906303-5004hl05t6gnk1bioggbdhhcj0kifv00.apps.googleusercontent.com