Merge branch 'feature/support-auto-onboard' into padoa

clook · Jul 16, 2020 · f931cd8 · f931cd8
2 parents e2b63e0 + 92b83c8
commit f931cd8
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 1 deletion.
diff --git a/docs/resources/harbor_configuration.md b/docs/resources/harbor_configuration.md
@@ -40,4 +40,9 @@ The following arguments are supported:
 
 * **oidc_scope** - (Optional) The scope sent to OIDC server during authentication. It has to contain “openid”. (Required - if auth_mode set to **oidc_auth**)
 
-* **oidc_verify_cert** - (Optional) Set to **"false"** if your OIDC server is using a self-signed certificate. (Required - if auth_mode set to **oidc_auth**)
+* **oidc_verify_cert** - (Optional) Set to **"false"** if your OIDC server is using a self-signed certificate. (Required - if auth_mode set to **oidc_auth**)
+
+* **oidc_auto_onboard** - (Optional) Enable automatic onboarding (no need to choose a login name at very first login).
+
+* **oidc_user_claim** - (Optional) The name of the claim in the token whose value is the username when automatic onboarding is enabled.
+
diff --git a/harbor/resource_config_auth.go b/harbor/resource_config_auth.go
@@ -47,6 +47,16 @@ func resourceConfigAuth() *schema.Resource {
 				Type:     schema.TypeBool,
 				Optional: true,
 			},
+			"oidc_auto_onboard": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  false,
+			},
+			"oidc_user_claim": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  "",
+			},
 		},
 		Create: resourceConfigAuthUpdate,
 		Read:   resourceConfigAuthRead,
@@ -93,6 +103,14 @@ func resourceConfigAuthRead(d *schema.ResourceData, m interface{}) error {
 		return err
 	}
 
+	if err := d.Set("oidc_auto_onboard", resp.Payload.OidcAutoOnboard.Value); err != nil {
+		return err
+	}
+
+	if err := d.Set("oidc_user_claim", resp.Payload.OidcUserClaim.Value); err != nil {
+		return err
+	}
+
 	return nil
 }
 
@@ -125,6 +143,8 @@ func newAPIClient(d *schema.ResourceData, m interface{}) (*client.Harbor, models
 		OidcGroupsClaim:  d.Get("oidc_groups_claim").(string),
 		OidcScope:        d.Get("oidc_scope").(string),
 		OidcVerifyCert:   d.Get("oidc_verify_cert").(bool),
+		OidcAutoOnboard:  d.Get("oidc_auto_onboard").(bool),
+		OidcUserClaim:    d.Get("oidc_user_claim").(string),
 	}
 
 	return apiClient, body

diff --git a/scripts/swagger-specs/v2-swagger-original.json b/scripts/swagger-specs/v2-swagger-original.json
@@ -5375,6 +5375,10 @@
     "ConfigurationsResponse": {
       "type": "object",
       "properties": {
+        "oidc_auto_onboard": {
+          "description": "Automatically onboard users bypassing username creation at first login.",
+          "$ref": "#/definitions/BoolConfigItem"
+        },
         "oidc_verify_cert": {
           "description": "Whether verify your OIDC server certificate, disable it if your OIDC server is hosted via self-hosted certificate.",
           "$ref": "#/definitions/BoolConfigItem"
@@ -5399,6 +5403,10 @@
           "description": "The scope sent to OIDC server during authentication, should be separated by comma. It has to contain \u201copenid\u201d, and \u201coffline_access\u201d. If you are using google, please remove \u201coffline_access\u201d from this field.",
           "$ref": "#/definitions/StringConfigItem"
         },
+        "oidc_user_claim": {
+          "description": "The claim to use for username if automatic onboarding is enabled.",
+          "$ref": "#/definitions/StringConfigItem"
+        },
         "ldap_search_dn": {
           "type": "string",
           "description": "The DN of the user to do the search."
@@ -7569,6 +7577,10 @@
     "Configurations": {
       "type": "object",
       "properties": {
+        "oidc_auto_onboard": {
+          "type": "boolean",
+          "description": "Automatically onboard users bypassing username creation at first login."
+        },
         "oidc_verify_cert": {
           "type": "boolean",
           "description": "Whether verify your OIDC server certificate, disable it if your OIDC server is hosted via self-hosted certificate."
@@ -7700,6 +7712,10 @@
           "description": "The client Scope Claim of the OIDC.",
           "type": "string"
         },
+        "oidc_user_claim": {
+          "type": "string",
+          "description": "The claim to use for username if automatic onboarding is enabled."
+        },
         "ldap_scope": {
           "type": "integer",
           "description": "0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE"