diff --git a/docs/resources/harbor_configuration.md b/docs/resources/harbor_configuration.md index eab5792..e6aa639 100644 --- a/docs/resources/harbor_configuration.md +++ b/docs/resources/harbor_configuration.md @@ -40,4 +40,9 @@ The following arguments are supported: * **oidc_scope** - (Optional) The scope sent to OIDC server during authentication. It has to contain “openid”. (Required - if auth_mode set to **oidc_auth**) -* **oidc_verify_cert** - (Optional) Set to **"false"** if your OIDC server is using a self-signed certificate. (Required - if auth_mode set to **oidc_auth**) \ No newline at end of file +* **oidc_verify_cert** - (Optional) Set to **"false"** if your OIDC server is using a self-signed certificate. (Required - if auth_mode set to **oidc_auth**) + +* **oidc_auto_onboard** - (Optional) Enable automatic onboarding (no need to choose a login name at very first login). + +* **oidc_user_claim** - (Optional) The name of the claim in the token whose value is the username when automatic onboarding is enabled. + diff --git a/harbor/resource_config_auth.go b/harbor/resource_config_auth.go index e6dd35c..4a21f16 100644 --- a/harbor/resource_config_auth.go +++ b/harbor/resource_config_auth.go @@ -47,6 +47,16 @@ func resourceConfigAuth() *schema.Resource { Type: schema.TypeBool, Optional: true, }, + "oidc_auto_onboard": { + Type: schema.TypeBool, + Optional: true, + Default: false, + }, + "oidc_user_claim": { + Type: schema.TypeString, + Optional: true, + Default: "", + }, }, Create: resourceConfigAuthUpdate, Read: resourceConfigAuthRead, @@ -93,6 +103,14 @@ func resourceConfigAuthRead(d *schema.ResourceData, m interface{}) error { return err } + if err := d.Set("oidc_auto_onboard", resp.Payload.OidcAutoOnboard.Value); err != nil { + return err + } + + if err := d.Set("oidc_user_claim", resp.Payload.OidcUserClaim.Value); err != nil { + return err + } + return nil } @@ -125,6 +143,8 @@ func newAPIClient(d *schema.ResourceData, m interface{}) (*client.Harbor, models OidcGroupsClaim: d.Get("oidc_groups_claim").(string), OidcScope: d.Get("oidc_scope").(string), OidcVerifyCert: d.Get("oidc_verify_cert").(bool), + OidcAutoOnboard: d.Get("oidc_auto_onboard").(bool), + OidcUserClaim: d.Get("oidc_user_claim").(string), } return apiClient, body diff --git a/scripts/build-00-generate-client.sh b/scripts/build-00-generate-client.sh index ec20f05..facf890 100755 --- a/scripts/build-00-generate-client.sh +++ b/scripts/build-00-generate-client.sh @@ -30,7 +30,6 @@ mkdir -p "${projectBase}/gen" swagger-merger \ -o "${GENERATED_MERGED_SWAGGER}" \ - -i "${projectBase}/scripts/swagger-specs/v1-swagger-extra-fields.json" \ -i "${projectBase}/scripts/swagger-specs/v2-swagger-original.json" mkdir -p "${GENERATED_SOURCES_TARGET}" diff --git a/scripts/swagger-specs/v2-swagger-original.json b/scripts/swagger-specs/v2-swagger-original.json index c63a95f..d9cea84 100644 --- a/scripts/swagger-specs/v2-swagger-original.json +++ b/scripts/swagger-specs/v2-swagger-original.json @@ -5375,6 +5375,10 @@ "ConfigurationsResponse": { "type": "object", "properties": { + "oidc_auto_onboard": { + "description": "Automatically onboard users bypassing username creation at first login.", + "$ref": "#/definitions/BoolConfigItem" + }, "oidc_verify_cert": { "description": "Whether verify your OIDC server certificate, disable it if your OIDC server is hosted via self-hosted certificate.", "$ref": "#/definitions/BoolConfigItem" @@ -5399,6 +5403,10 @@ "description": "The scope sent to OIDC server during authentication, should be separated by comma. It has to contain \u201copenid\u201d, and \u201coffline_access\u201d. If you are using google, please remove \u201coffline_access\u201d from this field.", "$ref": "#/definitions/StringConfigItem" }, + "oidc_user_claim": { + "description": "The claim to use for username if automatic onboarding is enabled.", + "$ref": "#/definitions/StringConfigItem" + }, "ldap_search_dn": { "type": "string", "description": "The DN of the user to do the search." @@ -5470,6 +5478,10 @@ "description": "The client id of the OIDC.", "$ref": "#/definitions/StringConfigItem" }, + "oidc_groups_claim": { + "description": "The client Scope Claim of the OIDC.", + "$ref": "#/definitions/StringConfigItem" + }, "ldap_group_base_dn": { "description": "The base DN to search LDAP group.", "$ref": "#/definitions/StringConfigItem" @@ -7561,6 +7573,10 @@ "Configurations": { "type": "object", "properties": { + "oidc_auto_onboard": { + "type": "boolean", + "description": "Automatically onboard users bypassing username creation at first login." + }, "oidc_verify_cert": { "type": "boolean", "description": "Whether verify your OIDC server certificate, disable it if your OIDC server is hosted via self-hosted certificate." @@ -7676,6 +7692,10 @@ "type": "string", "description": "The username for authenticate against SMTP server." }, + "email_password": { + "type": "string", + "description": "The password for authenticate against SMTP server." + }, "oidc_endpoint": { "type": "string", "description": "The URL of an OIDC-complaint server, must start with 'https://'." @@ -7684,6 +7704,14 @@ "type": "string", "description": "The client secret of the OIDC." }, + "oidc_groups_claim": { + "description": "The client Scope Claim of the OIDC.", + "type": "string" + }, + "oidc_user_claim": { + "type": "string", + "description": "The claim to use for username if automatic onboarding is enabled." + }, "ldap_scope": { "type": "integer", "description": "0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE" @@ -8050,4 +8078,4 @@ "consumes": [ "application/json" ] -} \ No newline at end of file +}