Add OpenIDP Connect Form to Cluster Settings OAuth Page #1328
Conversation
openshift-ci-robot
added
the
do-not-merge/work-in-progress
openshift-ci-robot
added
the
size/L
|
@bmignano The text specified for the Client Secret states:
But the field is shown as required. Should this field not be marked required? |
|
@jcaianirh It's looking great! I think we can make that Client Secret field optional. I think we also probably want to include the default text for the claims fields (shown in the design doc). |
|
It looks like client secret is required in the API.
@jcaianirh where is that text from? |
|
@spadgett The text came from @bmignano. I think she got the text here: https://docs.openshift.com/container-platform/3.7/install_config/configuring_authentication.html |
|
OK, this has all changed in 4.0. It's no longer optional and must be provided in a secret. https://github.com/openshift/api/blob/master/config/v1/types_oauth.go#L496-L500 |
|
Claims is an array in the API. Are we going to provide a way to add additional claims? If not, we should at least adjust the heading and text. There needs to be some additional help text on many of these fields. It's not obvious to me how to enter extra scopes and extra authorize parameters since these aren't simple strings. If we need to trim things back to the essentials, we can do that since feature freeze is rapidly approaching. We can always add to this form. cc @enj |
|
Related API changes pending: openshift/api#265 |
|
@spadgett added api changes for openid connect except for More Options. Do we want to move forward with that part of the form for openid? Added single array for claims. Removed the outdated client secret help text. Successfully created openid connect providers. @bmignano Added default values for claims text fields. Updated the description screenshot above. @spadgett looks like urls and the two booleans are going away in favor of an issuer based on todays new api changes. |
spadgett
left a comment
spadgett
left a comment
There was a problem hiding this comment.
Thanks @jcaianirh. The API changes are in place, so we should update this PR.
I realize this is WIP, but I don't see where you're handling the CA file. We'll need that.
We might punt on extra scopes and extra authorize parameters on the initial PR if they're not common. @enj could say better
frontend/public/components/cluster-settings/openid-idp-form.tsx
Outdated
Show resolved
Hide resolved
frontend/public/components/cluster-settings/openid-idp-form.tsx
Outdated
Show resolved
Hide resolved
frontend/public/components/cluster-settings/openid-idp-form.tsx
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
We should eventually create a common component for mapping method so we don't repeat it 9 times, but I'd leave it for now
frontend/public/components/cluster-settings/openid-idp-form.tsx
Outdated
Show resolved
Hide resolved
|
@spadgett updated code to address comments. need to add ca. |
frontend/public/components/cluster-settings/openid-idp-form.tsx
Outdated
Show resolved
Hide resolved
frontend/public/components/cluster-settings/openid-idp-form.tsx
Outdated
Show resolved
Hide resolved
frontend/public/components/cluster-settings/openid-idp-form.tsx
Outdated
Show resolved
Hide resolved
frontend/public/components/cluster-settings/openid-idp-form.tsx
Outdated
Show resolved
Hide resolved
frontend/public/components/cluster-settings/openid-idp-form.tsx
Outdated
Show resolved
Hide resolved
frontend/public/components/cluster-settings/openid-idp-form.tsx
Outdated
Show resolved
Hide resolved
|
@spadgett Added optional ca and replied to review comments except claims. What do you think of making them mandatory and removing the help text? |
It doesn't look like you need to supply all of them though. We'll need confirmation from the auth team. Each of these is an array in the API. @enj We need help understanding this :) |
|
@enj I pushed a commit that allows you to set more than one claim value and extra scopes. We probably need better help text on these fields, but it's a start. @jcaianirh PTAL
|
* Allow users to set more than one claim value and extra scopes * Add generic `ListInput` component * Clean up promises
|
/lgtm @jcaianirh I squashed the commits as well. Feel free to hold cancel if this looks good |
openshift-ci-robot
added
do-not-merge/hold
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jcaianirh, spadgett The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
jcaianirh
changed the title
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
|
/hold cancel |
openshift-ci-robot
removed
the
do-not-merge/hold
|
/retest Please review the full test history for this PR and help us cut down flakes. |
2 similar comments
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
spadgett
changed the title
|
/retest |
|
It looks like the storage tests might be fixed now. /retest |
|
/retest |
2 similar comments
|
/retest |
|
/retest |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest |
1 similar comment
|
/retest |
6 participants
https://jira.coreos.com/browse/CONSOLE-1285
Create form for OpenIDP Connect, and add route to the form via the Oath Cluster Settings Page. The form follows the design located here:
https://github.com/openshift/openshift-origin-design/blob/b1bb5ed27f9da2067f91fc24d3888c1e3efa0912/web-console/futures/oauth/oauth.md