Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorizing GitLab users based on group membership #514

Open
cbjartli opened this issue Dec 17, 2022 · 7 comments
Open

Authorizing GitLab users based on group membership #514

cbjartli opened this issue Dec 17, 2022 · 7 comments
Labels
enhancement

Comments

@cbjartli
Copy link

The Github provider makes it possible to authorize users based on their group membership through the teamWhitelist, in addition to explicit whitelisting or allowAllUsers. As an organization that uses GitLab, we are looking for the same feature for GitLab, currently only supported as a general OIDC provider.

As far as I can see, that is not possible at this point? Is that correct? If not, we would be interested in providing a GitLab provider which also makes it possible to use the teamWhitelist, as long as that contribution would be welcomed.
@cbjartli
Copy link
Author

cbjartli commented Dec 18, 2022
edited
Loading

I have actually implemented the above at https://github.com/cbjartli/vouch-proxy/tree/add-gitlab-provider. If this could be made acceptable as a contribution to the project, I'd be happy to submit a pull request.

@bnfinet
Copy link
Member

bnfinet commented Dec 19, 2022

@cbjartli that's fantastic to hear. Definitely an area of VP that can use some love. PR is certainly welcome.

FYI - I won't be in a position to look at this closely until the new year.

@cbjartli
Copy link
Author

@bnfinet Great, I took the liberty of opening a PR at #515.

@cbjartli cbjartli mentioned this issue Dec 21, 2022
Closed
@bnfinet
Copy link
Member

bnfinet commented Mar 3, 2023

@cbjartli @ritmanda I'm guessing PR #523 is related to PR #515, is that right?

is #523 still work in progress?

thanks again for contributing to VP

@ritmanda
Copy link

ritmanda commented Mar 6, 2023
edited
Loading

PR 523 is to extend team whitelist functionality for OIDC providers. An additional field 'Teamwhitelistclaim' is added in the vouch config. This will contain the claim key that will be used for teem whitelisting. Claim values for this key are checked against the values provided in the 'teamwhitelist'.
We have finished working on PR 523.

@bnfinet
Copy link
Member

bnfinet commented Mar 7, 2023

@ritmanda I'm going to close both #523 and #515 for now. Perhaps we'll re-open one of those. But before you write any more code or I review any more code I'd hope you'd be willing to propose a design and implementation here in this ticket. I hope that's okay.

could you please familiarize yourself with...

  • README regarding submitting a PR
  • comments in cfg.go regarding adding new configuration items
  • config/config.yml_example
  • .defaults.yml

Generally, I'm more interested in a PR that is specific to gitlab and does not require additional configuration items to be added.

Thanks again for the contribution to VP.

@bnfinet
Copy link
Member

bnfinet commented Mar 30, 2023
edited
Loading

@ritmanda my apologies, I was under the mistaken impression that you worked with @cbjartli

Sorry for the misunderstanding

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add GitLab provider cbjartli/vouch-proxy
3 participants
@bnfinet @cbjartli @ritmanda