diff --git a/api/v1alpha1/masteruserrecord_types.go b/api/v1alpha1/masteruserrecord_types.go index bdf24e1b..62c2d122 100644 --- a/api/v1alpha1/masteruserrecord_types.go +++ b/api/v1alpha1/masteruserrecord_types.go @@ -80,6 +80,10 @@ type MasterUserRecordSpec struct { // temporarily marked as optional until the migration took place (CRT-1321) // +optional TierName string `json:"tierName,omitempty"` + + // PropagatedClaims contains a selection of claim values from the SSO Identity Provider which are intended to + // be "propagated" down the resource dependency chain + PropagatedClaims PropagatedClaims `json:"propagatedClaims,omitempty"` } type UserAccountEmbedded struct { diff --git a/api/v1alpha1/useraccount_types.go b/api/v1alpha1/useraccount_types.go index 23ee9971..3b0e7d1c 100644 --- a/api/v1alpha1/useraccount_types.go +++ b/api/v1alpha1/useraccount_types.go @@ -44,6 +44,10 @@ type UserAccountSpec struct { // a new IdP provider client, and contains the user's "original-sub" claim // +optional OriginalSub string `json:"originalSub,omitempty"` + + // PropagatedClaims contains a selection of claim values from the SSO Identity Provider which are intended to + // be "propagated" down the resource dependency chain + PropagatedClaims PropagatedClaims `json:"propagatedClaims,omitempty"` } // UserAccountStatus defines the observed state of UserAccount diff --git a/api/v1alpha1/usersignup_types.go b/api/v1alpha1/usersignup_types.go index afaa5a90..6ea19791 100644 --- a/api/v1alpha1/usersignup_types.go +++ b/api/v1alpha1/usersignup_types.go @@ -197,20 +197,21 @@ type UserSignupSpec struct { OriginalSub string `json:"originalSub,omitempty"` // IdentityClaims contains as-is claim values extracted from the user's access token - IdentityClaims IdentityClaimsEmbedded `json:"identitytokenClaims,omitempty"` + IdentityClaims IdentityClaimsEmbedded `json:"identityClaims,omitempty"` } // IdentityClaimsEmbedded is used to define a set of SSO claim values that we are interested in storing // +k8s:openapi-gen=true type IdentityClaimsEmbedded struct { + + // PropagatedClaims + PropagatedClaims PropagatedClaims `json:",inline"` + // Sub contains the value of the 'sub' claim Sub string `json:"sub,omitempty"` - // UserID contains the value of the 'user_id' claim - UserID string `json:"userID,omitempty"` - - // AccountID contains the value of the 'account_id' claim - AccountID string `json:"accountID,omitempty"` + // Email contains the user's email address + Email string `json:"email,omitempty"` // GivenName contains the value of the 'given_name' claim // +optional @@ -223,6 +224,14 @@ type IdentityClaimsEmbedded struct { // Company contains the value of the 'company' claim // +optional Company string `json:"company,omitempty"` +} + +type PropagatedClaims struct { + // UserID contains the value of the 'user_id' claim + UserID string `json:"userID,omitempty"` + + // AccountID contains the value of the 'account_id' claim + AccountID string `json:"accountID,omitempty"` // OriginalSub is an optional property temporarily introduced for the purpose of migrating the users to // a new IdP provider client, and contains the user's "original-sub" claim diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 30aaecd6..d5de621d 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -554,6 +554,7 @@ func (in *HostStatus) DeepCopy() *HostStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IdentityClaimsEmbedded) DeepCopyInto(out *IdentityClaimsEmbedded) { *out = *in + out.PropagatedClaims = in.PropagatedClaims } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IdentityClaimsEmbedded. @@ -751,6 +752,7 @@ func (in *MasterUserRecordSpec) DeepCopyInto(out *MasterUserRecordSpec) { *out = make([]UserAccountEmbedded, len(*in)) copy(*out, *in) } + out.PropagatedClaims = in.PropagatedClaims } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MasterUserRecordSpec. @@ -1728,6 +1730,21 @@ func (in *Pod) DeepCopy() *Pod { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PropagatedClaims) DeepCopyInto(out *PropagatedClaims) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PropagatedClaims. +func (in *PropagatedClaims) DeepCopy() *PropagatedClaims { + if in == nil { + return nil + } + out := new(PropagatedClaims) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ProxyPlugin) DeepCopyInto(out *ProxyPlugin) { *out = *in @@ -3372,6 +3389,7 @@ func (in *UserAccountList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *UserAccountSpec) DeepCopyInto(out *UserAccountSpec) { *out = *in + out.PropagatedClaims = in.PropagatedClaims } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserAccountSpec. diff --git a/api/v1alpha1/zz_generated.openapi.go b/api/v1alpha1/zz_generated.openapi.go index 41ce813c..021bec53 100644 --- a/api/v1alpha1/zz_generated.openapi.go +++ b/api/v1alpha1/zz_generated.openapi.go @@ -852,23 +852,37 @@ func schema_codeready_toolchain_api_api_v1alpha1_IdentityClaimsEmbedded(ref comm Description: "IdentityClaimsEmbedded is used to define a set of SSO claim values that we are interested in storing", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "sub": { + "userID": { SchemaProps: spec.SchemaProps{ - Description: "Sub contains the value of the 'sub' claim", + Description: "UserID contains the value of the 'user_id' claim", Type: []string{"string"}, Format: "", }, }, - "userID": { + "accountID": { SchemaProps: spec.SchemaProps{ - Description: "UserID contains the value of the 'user_id' claim", + Description: "AccountID contains the value of the 'account_id' claim", Type: []string{"string"}, Format: "", }, }, - "accountID": { + "originalSub": { SchemaProps: spec.SchemaProps{ - Description: "AccountID contains the value of the 'account_id' claim", + Description: "OriginalSub is an optional property temporarily introduced for the purpose of migrating the users to a new IdP provider client, and contains the user's \"original-sub\" claim", + Type: []string{"string"}, + Format: "", + }, + }, + "sub": { + SchemaProps: spec.SchemaProps{ + Description: "Sub contains the value of the 'sub' claim", + Type: []string{"string"}, + Format: "", + }, + }, + "email": { + SchemaProps: spec.SchemaProps{ + Description: "Email contains the user's email address", Type: []string{"string"}, Format: "", }, @@ -894,13 +908,6 @@ func schema_codeready_toolchain_api_api_v1alpha1_IdentityClaimsEmbedded(ref comm Format: "", }, }, - "originalSub": { - SchemaProps: spec.SchemaProps{ - Description: "OriginalSub is an optional property temporarily introduced for the purpose of migrating the users to a new IdP provider client, and contains the user's \"original-sub\" claim", - Type: []string{"string"}, - Format: "", - }, - }, }, }, }, @@ -1166,12 +1173,19 @@ func schema_codeready_toolchain_api_api_v1alpha1_MasterUserRecordSpec(ref common Format: "", }, }, + "propagatedClaims": { + SchemaProps: spec.SchemaProps{ + Description: "PropagatedClaims contains a selection of claim values from the SSO Identity Provider which are intended to be \"propagated\" down the resource dependency chain", + Default: map[string]interface{}{}, + Ref: ref("github.com/codeready-toolchain/api/api/v1alpha1.PropagatedClaims"), + }, + }, }, Required: []string{"userID"}, }, }, Dependencies: []string{ - "github.com/codeready-toolchain/api/api/v1alpha1.UserAccountEmbedded"}, + "github.com/codeready-toolchain/api/api/v1alpha1.PropagatedClaims", "github.com/codeready-toolchain/api/api/v1alpha1.UserAccountEmbedded"}, } } @@ -4553,10 +4567,19 @@ func schema_codeready_toolchain_api_api_v1alpha1_UserAccountSpec(ref common.Refe Format: "", }, }, + "propagatedClaims": { + SchemaProps: spec.SchemaProps{ + Description: "PropagatedClaims contains a selection of claim values from the SSO Identity Provider which are intended to be \"propagated\" down the resource dependency chain", + Default: map[string]interface{}{}, + Ref: ref("github.com/codeready-toolchain/api/api/v1alpha1.PropagatedClaims"), + }, + }, }, Required: []string{"userID"}, }, }, + Dependencies: []string{ + "github.com/codeready-toolchain/api/api/v1alpha1.PropagatedClaims"}, } } @@ -4724,7 +4747,7 @@ func schema_codeready_toolchain_api_api_v1alpha1_UserSignupSpec(ref common.Refer Format: "", }, }, - "identitytokenClaims": { + "identityClaims": { SchemaProps: spec.SchemaProps{ Description: "IdentityClaims contains as-is claim values extracted from the user's access token", Default: map[string]interface{}{},