Support automatic onboarding

Add support for automatic onboarding (feature must be supported by
Harbor instance)
See goharbor/harbor#9311 for feature
implementation.

Breaks Harbor v1 compatibility.

docs/resources/harbor_configuration.md

@@ -40,4 +40,9 @@ The following arguments are supported:
 
 * **oidc_scope** - (Optional) The scope sent to OIDC server during authentication. It has to contain “openid”. (Required - if auth_mode set to **oidc_auth**)
 
-* **oidc_verify_cert** - (Optional) Set to **"false"** if your OIDC server is using a self-signed certificate. (Required - if auth_mode set to **oidc_auth**)
+* **oidc_verify_cert** - (Optional) Set to **"false"** if your OIDC server is using a self-signed certificate. (Required - if auth_mode set to **oidc_auth**)
+
+* **oidc_auto_onboard** - (Optional) Enable automatic onboarding (no need to choose a login name at very first login).
+
+* **oidc_user_claim** - (Optional) The name of the claim in the token whose value is the username when automatic onboarding is enabled.
+

harbor/resource_config_auth.go

@@ -47,6 +47,16 @@ func resourceConfigAuth() *schema.Resource {
 				Type:     schema.TypeBool,
 				Optional: true,
 			},
+			"oidc_auto_onboard": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  false,
+			},
+			"oidc_user_claim": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  "",
+			},
 		},
 		Create: resourceConfigAuthUpdate,
 		Read:   resourceConfigAuthRead,
@@ -93,6 +103,14 @@ func resourceConfigAuthRead(d *schema.ResourceData, m interface{}) error {
 		return err
 	}
 
+	if err := d.Set("oidc_auto_onboard", resp.Payload.OidcAutoOnboard.Value); err != nil {
+		return err
+	}
+
+	if err := d.Set("oidc_user_claim", resp.Payload.OidcUserClaim.Value); err != nil {
+		return err
+	}
+
 	return nil
 }
 
@@ -125,6 +143,8 @@ func newAPIClient(d *schema.ResourceData, m interface{}) (*client.Harbor, models
 		OidcGroupsClaim:  d.Get("oidc_groups_claim").(string),
 		OidcScope:        d.Get("oidc_scope").(string),
 		OidcVerifyCert:   d.Get("oidc_verify_cert").(bool),
+		OidcAutoOnboard:  d.Get("oidc_auto_onboard").(bool),
+		OidcUserClaim:    d.Get("oidc_user_claim").(string),
 	}
 
 	return apiClient, body

scripts/build-00-generate-client.sh

@@ -30,7 +30,6 @@ mkdir -p "${projectBase}/gen"
 
 swagger-merger \
     -o "${GENERATED_MERGED_SWAGGER}" \
-    -i "${projectBase}/scripts/swagger-specs/v1-swagger-extra-fields.json" \
     -i "${projectBase}/scripts/swagger-specs/v2-swagger-original.json"
 
 mkdir -p "${GENERATED_SOURCES_TARGET}"

scripts/swagger-specs/v2-swagger-original.json

@@ -5375,6 +5375,10 @@
     "ConfigurationsResponse": {
       "type": "object",
       "properties": {
+        "oidc_auto_onboard": {
+          "description": "Automatically onboard users bypassing username creation at first login.",
+          "$ref": "#/definitions/BoolConfigItem"
+        },
         "oidc_verify_cert": {
           "description": "Whether verify your OIDC server certificate, disable it if your OIDC server is hosted via self-hosted certificate.",
           "$ref": "#/definitions/BoolConfigItem"
@@ -5399,6 +5403,10 @@
           "description": "The scope sent to OIDC server during authentication, should be separated by comma. It has to contain \u201copenid\u201d, and \u201coffline_access\u201d. If you are using google, please remove \u201coffline_access\u201d from this field.",
           "$ref": "#/definitions/StringConfigItem"
         },
+        "oidc_user_claim": {
+          "description": "The claim to use for username if automatic onboarding is enabled.",
+          "$ref": "#/definitions/StringConfigItem"
+        },
         "ldap_search_dn": {
           "type": "string",
           "description": "The DN of the user to do the search."
@@ -5470,6 +5478,10 @@
           "description": "The client id of the OIDC.",
           "$ref": "#/definitions/StringConfigItem"
         },
+        "oidc_groups_claim": {
+          "description": "The client Scope Claim of the OIDC.",
+          "$ref": "#/definitions/StringConfigItem"
+        },
         "ldap_group_base_dn": {
           "description": "The base DN to search LDAP group.",
           "$ref": "#/definitions/StringConfigItem"
@@ -7561,6 +7573,10 @@
     "Configurations": {
       "type": "object",
       "properties": {
+        "oidc_auto_onboard": {
+          "type": "boolean",
+          "description": "Automatically onboard users bypassing username creation at first login."
+        },
         "oidc_verify_cert": {
           "type": "boolean",
           "description": "Whether verify your OIDC server certificate, disable it if your OIDC server is hosted via self-hosted certificate."
@@ -7676,6 +7692,10 @@
           "type": "string",
           "description": "The username for authenticate against SMTP server."
         },
+        "email_password": {
+          "type": "string",
+          "description": "The password for authenticate against SMTP server."
+        },
         "oidc_endpoint": {
           "type": "string",
           "description": "The URL of an OIDC-complaint server, must start with 'https://'."
@@ -7684,6 +7704,14 @@
           "type": "string",
           "description": "The client secret of the OIDC."
         },
+        "oidc_groups_claim": {
+          "description": "The client Scope Claim of the OIDC.",
+          "type": "string"
+        },
+        "oidc_user_claim": {
+          "type": "string",
+          "description": "The claim to use for username if automatic onboarding is enabled."
+        },
         "ldap_scope": {
           "type": "integer",
           "description": "0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE"
@@ -8050,4 +8078,4 @@
   "consumes": [
     "application/json"
   ]
-}
+}