-
Notifications
You must be signed in to change notification settings - Fork 49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Gitlab OAuth Group Policy #99
Comments
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
Stale issues rot after 30d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle rotten |
Rotten issues close after 30d of inactivity. Reopen the issue by commenting /close |
@openshift-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
As a user I would like to be able to limit login from Gitlab to a subset of users, namely users who are part of my gitlab.com group.
The following would be how I expect this feature to be exposed:
The Current behaviour is as follows:
Completion of the latest documentation leaves the cluster open to sign ins from any user of gitlab.com.
This leaves an issue in that there is no way to control who can sign into a gitlab application from inside gitlab, thus the client must restrict auth.
The current documented solution is to make a mapping method for an identity provider, presumably setting this to lookup as per https://access.redhat.com/solutions/5487011 , which would lead to something like https://access.redhat.com/solutions/5389931 . Mind you the documentation makes no mention of the permissive authentication, while on the google and github providers it is mentioned as a warning.
I found this PR #87 which adds a groupmapper, and found this issue https://issues.redhat.com/browse/RFE-106 which seems to be related.
Would it be possible to give Gitlab users a way to lock their sign ins to groups that isn't manual?
corresponding support request: https://access.redhat.com/support/cases/#/case/03146331
The text was updated successfully, but these errors were encountered: