Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add oidc claims support #130

Merged
merged 2 commits into from
Dec 24, 2024
Merged

Add oidc claims support #130

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4e49a7b
Add oidc claims support
kadaan Dec 23, 2024
34df1f3
Merge branch 'main' into oidc_claims_support
BojanZelic Dec 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion api/v1alpha1/cloudflareaccessgroup_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,8 +77,11 @@ type CloudFlareAccessGroupRule struct {
// Matches Google Group
GoogleGroups []GoogleGroup `json:"googleGroups,omitempty"`

// // Okta Groups
// Okta Groups
OktaGroup []OktaGroup `json:"oktaGroup,omitempty"`

// OIDC Claims
OIDCClaims []OIDCClaim `json:"oidcClaims,omitempty"`
}

// CloudflareAccessGroupStatus defines the observed state of CloudflareAccessGroup.
Expand Down Expand Up @@ -200,6 +203,10 @@ func (c CloudFlareAccessGroupRuleGroups) TransformCloudflareRuleFields(managedCF
for _, oktaGroup := range field.OktaGroup {
*managedCFFields[i] = append(*managedCFFields[i], cfapi.NewAccessGroupOktaGroup(oktaGroup.Name, oktaGroup.IdentityProviderID))
}

for _, oidcClaim := range field.OIDCClaims {
*managedCFFields[i] = append(*managedCFFields[i], cfapi.NewAccessGroupOIDCClaim(oidcClaim.Name, oidcClaim.Value, oidcClaim.IdentityProviderID))
}
}
}
}
Expand Down
31 changes: 31 additions & 0 deletions api/v1alpha1/cloudflareaccessgroup_types_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package v1alpha1_test

import (
"github.com/bojanzelic/cloudflare-zero-trust-operator/internal/cfapi"
"testing"

"github.com/bojanzelic/cloudflare-zero-trust-operator/api/v1alpha1"
Expand Down Expand Up @@ -128,6 +129,36 @@ var _ = Describe("Creating a CloudflareAccessGroup", Label("CloudflareAccessGrou
}
})

It("can export oidcClaims to the cloudflare object", func() {
accessRule.Spec.Include = []v1alpha1.CloudFlareAccessGroupRule{{
OIDCClaims: []v1alpha1.OIDCClaim{
{
Name: "myOidcClaimName1",
Value: "myOidcClaimValue1",
IdentityProviderID: "00000000-0000-0000-0000-00000000000000",
},
{
Name: "myOidcClaimName2",
Value: "myOidcClaimValue2",
IdentityProviderID: "11111111-1111-1111-1111-111111111111",
},
}},
}
for i, group := range accessRule.Spec.Include[0].OIDCClaims {
Expect(accessRule.ToCloudflare().Include[i]).To(Equal(cfapi.AccessGroupOIDCClaim{
OIDC: struct {
Name string "json:\"claim_name\""
Value string "json:\"claim_value\""
IdentityProviderID string "json:\"identity_provider_id\""
}{
Name: group.Name,
Value: group.Value,
IdentityProviderID: group.IdentityProviderID,
},
}))
}
})

It("can export ipRanges to the cloudflare object", func() {
ips := []string{"1.1.1.1/32", "8.8.8.8/32"}
accessRule.Spec.Include = []v1alpha1.CloudFlareAccessGroupRule{{
Expand Down
9 changes: 9 additions & 0 deletions api/v1alpha1/reference_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,15 @@ type OktaGroup struct {
IdentityProviderID string `json:"identityProviderId"`
}

type OIDCClaim struct {
// Name of the OIDC claim
Name string `json:"name"`
// Value of the OIDC claim
Value string `json:"value"`
// Identity Provider Id
IdentityProviderID string `json:"identityProviderId"`
}

type AccessGroupReference struct {
// `namespace` is the namespace of the AccessGroup.
// Required
Expand Down
20 changes: 20 additions & 0 deletions api/v1alpha1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

63 changes: 60 additions & 3 deletions config/crd/bases/cloudflare.zelic.io_cloudflareaccessapplications.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -165,8 +165,27 @@ spec:
items:
type: string
type: array
oidcClaims:
description: OIDC Claims
items:
properties:
identityProviderId:
description: Identity Provider Id
type: string
name:
description: Name of the OIDC claim
type: string
value:
description: Value of the OIDC claim
type: string
required:
- identityProviderId
- name
- value
type: object
type: array
oktaGroup:
description: // Okta Groups
description: Okta Groups
items:
properties:
identityProviderId:
Expand Down Expand Up @@ -293,8 +312,27 @@ spec:
items:
type: string
type: array
oidcClaims:
description: OIDC Claims
items:
properties:
identityProviderId:
description: Identity Provider Id
type: string
name:
description: Name of the OIDC claim
type: string
value:
description: Value of the OIDC claim
type: string
required:
- identityProviderId
- name
- value
type: object
type: array
oktaGroup:
description: // Okta Groups
description: Okta Groups
items:
properties:
identityProviderId:
Expand Down Expand Up @@ -424,8 +462,27 @@ spec:
items:
type: string
type: array
oidcClaims:
description: OIDC Claims
items:
properties:
identityProviderId:
description: Identity Provider Id
type: string
name:
description: Name of the OIDC claim
type: string
value:
description: Value of the OIDC claim
type: string
required:
- identityProviderId
- name
- value
type: object
type: array
oktaGroup:
description: // Okta Groups
description: Okta Groups
items:
properties:
identityProviderId:
Expand Down
63 changes: 60 additions & 3 deletions config/crd/bases/cloudflare.zelic.io_cloudflareaccessgroups.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,8 +118,27 @@ spec:
items:
type: string
type: array
oidcClaims:
description: OIDC Claims
items:
properties:
identityProviderId:
description: Identity Provider Id
type: string
name:
description: Name of the OIDC claim
type: string
value:
description: Value of the OIDC claim
type: string
required:
- identityProviderId
- name
- value
type: object
type: array
oktaGroup:
description: // Okta Groups
description: Okta Groups
items:
properties:
identityProviderId:
Expand Down Expand Up @@ -246,8 +265,27 @@ spec:
items:
type: string
type: array
oidcClaims:
description: OIDC Claims
items:
properties:
identityProviderId:
description: Identity Provider Id
type: string
name:
description: Name of the OIDC claim
type: string
value:
description: Value of the OIDC claim
type: string
required:
- identityProviderId
- name
- value
type: object
type: array
oktaGroup:
description: // Okta Groups
description: Okta Groups
items:
properties:
identityProviderId:
Expand Down Expand Up @@ -377,8 +415,27 @@ spec:
items:
type: string
type: array
oidcClaims:
description: OIDC Claims
items:
properties:
identityProviderId:
description: Identity Provider Id
type: string
name:
description: Name of the OIDC claim
type: string
value:
description: Value of the OIDC claim
type: string
required:
- identityProviderId
- name
- value
type: object
type: array
oktaGroup:
description: // Okta Groups
description: Okta Groups
items:
properties:
identityProviderId:
Expand Down
63 changes: 60 additions & 3 deletions helm/cloudflare-zero-trust-operator/templates/cloudflareaccessapplication-crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,8 +167,27 @@ spec:
items:
type: string
type: array
oidcClaims:
description: OIDC Claims
items:
properties:
identityProviderId:
description: Identity Provider Id
type: string
name:
description: Name of the OIDC claim
type: string
value:
description: Value of the OIDC claim
type: string
required:
- identityProviderId
- name
- value
type: object
type: array
oktaGroup:
description: // Okta Groups
description: Okta Groups
items:
properties:
identityProviderId:
Expand Down Expand Up @@ -295,8 +314,27 @@ spec:
items:
type: string
type: array
oidcClaims:
description: OIDC Claims
items:
properties:
identityProviderId:
description: Identity Provider Id
type: string
name:
description: Name of the OIDC claim
type: string
value:
description: Value of the OIDC claim
type: string
required:
- identityProviderId
- name
- value
type: object
type: array
oktaGroup:
description: // Okta Groups
description: Okta Groups
items:
properties:
identityProviderId:
Expand Down Expand Up @@ -426,8 +464,27 @@ spec:
items:
type: string
type: array
oidcClaims:
description: OIDC Claims
items:
properties:
identityProviderId:
description: Identity Provider Id
type: string
name:
description: Name of the OIDC claim
type: string
value:
description: Value of the OIDC claim
type: string
required:
- identityProviderId
- name
- value
type: object
type: array
oktaGroup:
description: // Okta Groups
description: Okta Groups
items:
properties:
identityProviderId:
Expand Down
Loading
Loading